2002 files changed, 89370 insertions, 53840 deletions

diff --git a/.gitignore b/.gitignore
index 065c499708..46a47febcb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -322,6 +322,7 @@ JAVADOC-GENERATED
 /system/doc/top/PR.template
 /system/doc/top/erlresolvelinks.js
 /system/doc/programming_examples/funs.xml
+/system/doc/system_principles/create_target.xml
 /system/doc/tutorial/c_port.xml
 /system/doc/tutorial/c_portdriver.xml
 /system/doc/tutorial/cnode.xml
diff --git a/INSTALL-WIN32.md b/INSTALL-WIN32.md
index 59b9086c39..1e5e1f45fa 100644
--- a/INSTALL-WIN32.md
+++ b/INSTALL-WIN32.md
@@ -6,29 +6,31 @@ Introduction
 
 This file describes how to build the Erlang emulator and the OTP
 libraries on Windows. The instructions apply to versions of Windows
-supporting the Cygwin emulated gnuish environment for Windows. We've
-built on the following platforms: Windows 2000 Professional, Windows
-2003 server, Windows XP Home/Professional, and Windows Vista. Any
-Windows95'ish platform will surely get you into trouble, what I'm not
-sure of, but it certainly will...
-
-The procedure described uses Cygwin as a build environment, you run
-the bash shell in Cygwin and uses gnu make/configure/autoconf etc to
-do the build. The emulator C-source code is, however, mostly compiled
-with Microsoft Visual C++™, producing a native Windows binary. This
-is the same procedure as we use to build the pre-built binaries. The
-fact that we use VC++ and not gcc is explained further in the FAQ
-section.
+supporting the Cygwin emulated gnuish environment for Windows or the
+Msys ditto. We've built on the following platforms: Windows 2003
+server, Windows XP Home/Professional, Windows Vista and Windows 7 (32
+and 64 bit). You can probably build on Windows 2000, but you will not
+be able to install the latest Microsoft SDK, so you have to go back to
+some earlier compiler. Any Windows95'ish platform will surely get you
+into trouble, what I'm not sure of, but it certainly will...
+
+The procedure described uses either Cygwin or Msys as a build
+environment, you run the bash shell in Cygwin/Msys and use gnu
+make/configure/autoconf etc to do the build. The emulator C-source
+code is, however, mostly compiled with Microsoft Visual C++™,
+producing a native Windows binary. This is the same procedure as we
+use to build the pre-built binaries. The fact that we use VC++ and not
+gcc is explained further in the FAQ section.
 
 I describe the build procedure to make it possible for open source
 customers to build the emulator, given that they have the needed
 tools. The binary Windows releases is still a preferred alternative if
 one does not have Microsoft's development tools and/or don't want to
-install Cygwin.
+install Cygwin or Msys.
 
-To use Cygwin, one needs basic experience from a Unix environment, if
+To use Cygwin/Msys, one needs basic experience from a Unix environment, if
 one does not know how to set environment variables, run programs etc
-in a Unix environment, one will be quite lost in the Cygwin
+in a Unix environment, one will be quite lost in the Cygwin os Msys
 ditto. I can unfortunately not teach all the world how to use
 Cygwin and bash, neither how to install Cygwin nor perform basic tasks
 on a computer. Please refer to other documentation on the net for
@@ -41,11 +43,11 @@ to make the Erlang/OTP distribution for Windows better. Please submit
 any suggestions and patches to the appropriate [mailing lists] [1] to let
 them find their way into the next version of Erlang. If making changes
 to the build system (like makefiles etc) please bear in mind that the
-same makefiles are used on Unix/VxWorks/OSEDelta, so that your changes
+same makefiles are used on Unix/VxWorks, so that your changes
 don't break other platforms. That of course goes for C-code too, system
 specific code resides in the `$ERL_TOP/erts/emulator/sys/win32` and
 `$ERL_TOP/erts/etc/win32` directories mostly. The
-`$ERL_TOP/erts/emulator/beam directory` is for common code.
+`$ERL_TOP/erts/emulator/beam` directory is for common code.
 
 Before the R9C release of Erlang/OTP, the Windows release was built
 partly on a Unix (Solaris) box and partly on a Windows box, using Perl
@@ -61,6 +63,21 @@ their problems, please try to solve the problems and submit
 solutions/workarounds. Remember, it's all about sharing, not about
 demanding...
 
+Starting with R15B, our build system runs both on Cygwin and Msys
+(MinGW's fork of an early cygwin version). Msys is a smaller package
+to install and may on some machines run slightly faster. If Cygwin
+gives you trouble, try Msys instead, and v.v. Beginning with R15B
+there is also a native 64bit version of Erlang for 64bit Windows 7
+(only). These instructions apply to both the 32bit VM and the 64bit
+ditto.
+
+Note that even if you build a 64bit VM, most of the directories and
+files involved are still named win32. You can view the name win32 as
+meaning any windows version not beeing 16bit. A few occurences of the
+name Win64 are however present in the system, for example the
+installation file for a 64 bit windows version of Erlang is by default
+named `otp_win64_<version>.exe`.
+
 Lets go then, I'll start with a little FAQ, based on in house questions
 and misunderstandings.
 
@@ -70,10 +87,13 @@ Frequently Asked Questions
 
 *   Q: So, now I can build Erlang using GCC on Windows?
 
-    A: No, unfortunately not. You'll need Microsoft's Visual C++ still, a
-    Bourne-shell script (cc.sh) wraps the Visual C++ compiler and runs it
-    from within the Cygwin environment. All other tools needed to build
-    Erlang are free-ware/open source, but not the C compiler.
+    A: No, unfortunately not. You'll need Microsoft's Visual C++
+    still, a Bourne-shell script (cc.sh) wraps the Visual C++ compiler
+    and runs it from within the Cygwin environment. All other tools
+    needed to build Erlang are free-ware/open source, but not the C
+    compiler. The Windows SDK is however enough to build Erlang, you
+    do not need to buy Visual C++, just download the SDK (SDK version
+    7.1 == Visual studio 2010).
 
 *   Q: Why haven't you got rid of VC++ then, you \*\*\*\*\*\*?
 
@@ -83,18 +103,22 @@ Frequently Asked Questions
     directories). Unfortunately the development of the SMP version for
     Windows broke the mingw build and we chose to focus on the VC++ build
     as the performance has been much better in the VC++ versions. The
-    mingw build will be back, but as long as VC++ gives better
+    mingw build will possibly be back, but as long as VC++ gives better
     performance, the commercial build will be a VC++ one.
 
-*   Q: OK, VC++ you need, but now you've started to demand a very recent
+*   Q: OK, you need VC++, but now you've started to demand a very recent
     (and expensive) version of Visual studio, not the old and stable VC++
     6.0 that was used in earlier versions. Why?
 
-    A: The SMP version of Erlang needs features in the Visual Studio 2005.
-    Can't live without them. Besides the new compiler gives the Erlang
-    emulator a ~40% performance boost(!). Alternatively you can build Erlang
-    successfully using the free (proprietary) Visual Studio 2008 Express
-    edition C++ compiler.
+    A: Well, it's not expensive, it's free (as in free beer). Just
+    download and install the latest Windows SDK from Microsoft and all
+    the tools you need are there. The included debugger (WinDbg) is
+    also quite usable, it's what I used when porting Erlang to 64bit
+    Windows. Another reason to use the latest Microsoft compilers is
+    DLL compatibility. DLL's using a new version of the standard
+    library might not load if the VM is compiled with an old VC++
+    version, why we should aim to use the latest freely available SDK
+    and compiler.
 
 *   Q: Can/will I build a Cygwin binary with the procedure you describe?
 
@@ -112,15 +136,15 @@ Frequently Asked Questions
 
 *   Q: Hah, I saw you, you used GCC even though you said you didn't!
 
-    A: OK, I admit, one of the files is compiled using Cygwin's GCC and
-    the resulting object code is then converted to MS VC++ compatible coff
-    using a small C hack. It's because that particular file, `beam_emu.c`
-    benefits immensely from being able to use the GCC labels-as-values
-    extension, which boosts emulator performance by up to 50%. That does
-    unfortunately not (yet) mean that all of OTP could be compiled using
-    GCC, that particular source code does not do anything system specific
-    and actually is adopted to the fact that GCC is used to compile it on
-    Windows.
+    A: OK, I admit, one of the files is compiled using Cygwin's or
+    MinGW's GCC and the resulting object code is then converted to MS
+    VC++ compatible coff using a small C hack. It's because that
+    particular file, `beam_emu.c` benefits immensely from being able
+    to use the GCC labels-as-values extension, which boosts emulator
+    performance by up to 50%. That does unfortunately not (yet) mean
+    that all of OTP could be compiled using GCC, that particular
+    source code does not do anything system specific and actually is
+    adopted to the fact that GCC is used to compile it on Windows.
 
 *   Q: So now there's a MS VC++ project file somewhere and I can build OTP
     using the nifty VC++ GUI?
@@ -135,31 +159,36 @@ Frequently Asked Questions
 
 *   Q: So how does it all work then?
 
-    A: Cygwin is the environment, which closely resembles the environments
-    found on any Unix machine. It's almost like you had a virtual Unix
-    machine inside Windows. Configure, given certain parameters, then
-    creates makefiles that are used by the Cygwin gnu-make to built the
-    system. Most of the actual compilers etc are not, however, Cygwin
-    tools, so I've written a couple of wrappers (Bourne-shell scripts),
-    which reside in `$ERL_TOP/etc/win32/cygwin_tools` and they all do
-    conversion of parameters and switches common in the Unix environment
-    to fit the native Windows tools. Most notable is of course the paths,
-    which in Cygwin are Unix-like paths with "forward slashes" (/) and no
-    drive letters, the Cygwin specific command `cygpath` is used for most
-    of the path conversions. Luckily most compilers accept forward slashes
-    instead of backslashes as path separators, one still have to get the
-    drive letters etc right, though. The wrapper scripts are not general
-    in the sense that, for example, cc.sh would understand and translates
-    every possible gcc option and passes correct options to cl.exe. The
-    principle is that the scripts are powerful enough to allow building of
-    Erlang/OTP, no more, no less. They might need extensions to cope with
-    changes during the development of Erlang, that's one of the reasons I
-    made them into shell-scripts and not Perl-scripts, I believe they are
-    easier to understand and change that way. I might be wrong though,
-    cause another reason I didn't write them in Perl is because I've never
-    liked Perl and my Perl code is no pleasant reading...
-
-    In `$ERL_TOP`, there is a script called `otp_build`, that script handles
+    A: Cygwin or Msys is the environment, which closely resembles the
+    environments found on any Unix machine. It's almost like you had a
+    virtual Unix machine inside Windows. Configure, given certain
+    parameters, then creates makefiles that are used by the
+    Cygwin/Msys gnu-make to built the system. Most of the actual
+    compilers etc are not, however, Cygwin/Msys tools, so I've written
+    a couple of wrappers (Bourne-shell scripts), which reside in
+    `$ERL_TOP/etc/win32/cygwin_tools` and
+    `$ERL_TOP/etc/win32/msys_tools`. They all do conversion of
+    parameters and switches common in the Unix environment to fit the
+    native Windows tools. Most notable is of course the paths, which
+    in Cygwin/Msys are Unix-like paths with "forward slashes" (/) and
+    no drive letters, the Cygwin specific command `cygpath` is used
+    for most of the path conversions in a Cygwin environment, other
+    tools are used (when needed) in the corresponding Msys
+    environment. Luckily most compilers accept forward slashes instead
+    of backslashes as path separators, but one still have to get the drive
+    letters etc right, though. The wrapper scripts are not general in
+    the sense that, for example, cc.sh would understand and translates
+    every possible gcc option and passes correct options to
+    cl.exe. The principle is that the scripts are powerful enough to
+    allow building of Erlang/OTP, no more, no less. They might need
+    extensions to cope with changes during the development of Erlang,
+    that's one of the reasons I made them into shell-scripts and not
+    Perl-scripts, I believe they are easier to understand and change
+    that way. I might be wrong though, cause another reason I didn't
+    write them in Perl is because I've never liked Perl and my Perl
+    code is no pleasant reading...
+
+    In `$ERL_TOP`, there is a script called `otp_build`. That script handles
     the hassle of giving all the right parameters to `configure`/`make` and
     also helps you set up the correct environment variables to work with
     the Erlang source under Cygwin.
@@ -177,17 +206,19 @@ Frequently Asked Questions
 
     A: Yes, we use the exactly same build procedure.
 
-*   Q: Which version of Cygwin and other tools do you use then?
+*   Q: Which version of Cygwin/Msys and other tools do you use then?
 
-    A: For Cygwin we try to use the latest releases available when
-    building. What versions you use shouldn't really matter, I try to
-    include workarounds for the bugs I've found in different Cygwin
-    releases, please help me to add workarounds for new Cygwin-related
-    bugs as soon as you encounter them. Also please do submit bug reports
-    to the appropriate Cygwin developers. The Cygwin GCC we used for %OTP-REL%
-    was version 3.4.4. We used VC++ 8.0 (i.e. Visual studio 2005 SP1),
-    Sun's JDK 1.5.0\_17, NSIS 2.37, and Win32 OpenSSL 0.9.8e. Please read
-    the next section for details on what you need.
+    A: For Cygwin and Msys alike, we try to use the latest releases
+    available when building. What versions you use shouldn't really
+    matter, I try to include workarounds for the bugs I've found in
+    different Cygwin/Msys releases, please help me to add workarounds
+    for new Cygwin/Msys-related bugs as soon as you encounter
+    them. Also please do submit bug reports to the appropriate Cygwin
+    adn/or Msys developers. The GCC we used for %OTP-REL% was version
+    4.7.0 (MinGW 64bit) and 4.3.4 (Cygwin 32bit). We used VC++ 10.0
+    (i.e. Visual studio 2010), Sun's JDK 1.5.0\_17 (32bit) and Sun's
+    JDK 1.7.0\_1 (64bit), NSIS 2.46, and Win32 OpenSSL 0.9.8r. Please
+    read the next section for details on what you need.
 
 *   Q: Can you help me setup X in Cygwin?
 
@@ -201,24 +232,21 @@ Frequently Asked Questions
     described as much as I could about the installation of the needed
     tools. Once the tools are installed, building is quite easy. I also
     have tried to make this instruction understandable for people with
-    limited Unix experience. Cygwin is a whole new environment to some
+    limited Unix experience. Cygwin/Msys is a whole new environment to some
     Windows users, why careful explanation of environment variables etc
     seemed to be in place. The short story, for the experienced and
     impatient is:
 
-    *   Get and install complete Cygwin (latest)
-
-    *   (Buy and) Install Microsoft Visual studio 2005 and SP1 (or higher)
+    *   Get and install complete Cygwin (latest) or complete MinGW with msys
 
-    *   Alternatively install the free MS Visual Studio 2008 Express [msvc++]
-    and the Windows SDK [32bit-SDK] or [64bit-SDK] depending on the Windows
-    platform you are running.
+    *   Install Microsofts Windows SDK 7.1 (and .Net 4)
 
-    *   Get and install Sun's JDK 1.4.2
+    *   Get and install Sun's JDK 1.5.0 or higher
 
     *   Get and install NSIS 2.01 or higher (up to 2.46 tried and working)
 
-    *   Get and install OpenSSL 0.9.7c or higher (up to 1.0.0a tried & working)
+    * Get, build and install OpenSSL 0.9.8r or higher (up to 1.0.0a
+        tried & working) with static libs.
 
     *   Get the Erlang source distribution (from
         <http://www.erlang.org/download.html>) and unpack with Cygwin's `tar`.
@@ -251,10 +279,9 @@ Tools you Need and Their Environment
 ------------------------------------
 
 You need some tools to be able to build Erlang/OTP on Windows. Most
-notably you'll need Cygwin and Microsoft VC++, but you also might want
-a Java compiler, the NSIS install system and OpenSSL. Only VC++ costs
-money, but then again it costs a lot of money, I know...
-Well' here's the list:
+notably you'll need Cygwin or Msys and Microsofts Windows SDK, but
+you also might want a Java compiler, the NSIS install system and
+OpenSSL. Well' here's the list:
 
 *   Cygwin, the very latest is usually best. Get all the development
     tools and of course all the basic ditto. In fact getting the complete
@@ -263,6 +290,10 @@ Well' here's the list:
     sure *not* to install a Cygwin'ish Java... The Cygwin jar command is
     used but Sun's Java compiler and virtual machine...
 
+    If you are going to build a 64bit Windows version, you should make
+    sure to get MinGWs 64bit gcc installed with cygwin. It's in one of
+    the development packages.
+
     URL: <http://www.cygwin.com>
 
     Get the installer from the web site and use that to install
@@ -302,72 +333,205 @@ Well' here's the list:
     haven't tried and know of no one that has. I expect
     that you use bash in all shell examples.
 
-*   Microsoft Visual Studio 2005 SP1. Please don't skip the service
-    pack! The installer might update your environment so that you can run
-    the `cl` command from the bash prompt, then again it might
-    not... There is always a BAT file in VC\Bin under the installation
-    directory (default `C:\Program Files\Microsoft Visual Studio 8`) called
-    `VCVARS32.BAT`. Either add the environment settings in that file to the
-    global environment settings in Windows or add the corresponding BASH
-    environment settings to your `.profile`/`.bashrc`. For example, in my case
-    I could add the following to `.profile`
-
-        #Visual C++ Root directory as Cygwin style pathname
-        VCROOT=/cygdrive/c/Program\ Files/Microsoft\ Visual\ Studio 8
-
-        # Visual C++ Root directory as Windows style pathname
-        WIN_VCROOT="C:\\Program Files\\Microsoft Visual Studio 8"
-
-        # The PATH variable should be Cygwin'ish
-        PATH=$VCROOT/Common7/IDE:$VCROOT/VC/BIN:$VCROOT/Common7/Tools:\
-        $VCROOT/Common7/Tools/bin:$VCROOT/VC/PlatformSDK/bin:$VCROOT/SDK/v2.0/bin:\
-        $VCROOT/VC/VCPackages:$PATH
-
-        # Lib and INCLUDE should be Windows'ish
-        # Note that semicolon (;) is used to separate Windows style paths but
-        # colon (:) to separate Cygwin ditto!
-
-        LIBPATH=$WIN_VCROOT\\VC\\ATLMFC\\LIB
-
-        LIB=$WIN_VCROOT\\VC\\ATLMFC\\LIB\;$WIN_VCROOT\\VC\\LIB\;\
-        $WIN_VCROOT\\VC\\PlatformSDK\\lib\;$WIN_VCROOT\\SDK\\v2.0\\lib
-
-        INCLUDE=$WIN_VCROOT\\VC\\ATLMFC\\INCLUDE\;$WIN_VCROOT\\VC\\INCLUDE\;\
-        $WIN_VCROOT\\VC\\PlatformSDK\\include
-
-        export PATH LIB INCLUDE
-
-    Make a simple hello world and try to compile it with the `cl` command
-    from within bash. If that does not work, your environment needs
-    fixing. Also remember to fix up the PATH environment, especially old
-    Erlang installations might have inserted quoted paths that Cygwin does
-    not understand. Remove or correct such paths. There should be no
-    backslashes in your path environment variable in Cygwin bash, but LIB
-    and INCLUDE should contain Windows style paths with semicolon,
-    drive letters and backslashes.
-
-    If you wish to use Visual Studio 2008, a couple things need to be tweaked,
-    namely the fact that some of the SDK stuff is installed in (by default)
-    `C:\Program Files\Microsoft SDKs\v6.0A` . Just ensure that that
-    `C:\Program Files\Microsoft SDKs\v6.0A\Lib` is in `LIB` and
-    `C:\Program Files\Microsoft SDKs\v6.0A\Include` is in `INCLUDE`. A symptom
-    of not doing this is errors about finding kernel32.lib and windows.h.
-
-    Additionally, if you encounter errors about mc.exe not being found, you must
-    install the entire Windows SDK (the partial SDK included in visual studio
-    apparently does not include it). After installing it you'll want to add
-    something like: `/c/cygdrive/Program\ Files/Microsoft\ SDKs/v7.0/bin` to
-    your `PATH` to allow the environment to find mc.exe. The next Visual Studio
-    (2010) is expected to include this tool.
-
-    Alternatively install the free MS Visual Studio 2008 Express [msvc++] and
-    the Windows SDK [32bit-SDK] or [64bit-SDK] depending on the Windows
-    platform you are running, which includes the missing mc.exe message
-    compiler.
-
-[msvc++]:	http://download.microsoft.com/download/E/8/E/E8EEB394-7F42-4963-A2D8-29559B738298/VS2008ExpressWithSP1ENUX1504728.iso
-[32bit-SDK]:	http://download.microsoft.com/download/2/E/9/2E911956-F90F-4BFB-8231-E292A7B6F287/GRMSDK_EN_DVD.iso
-[64bit-SDK]:	http://download.microsoft.com/download/2/E/9/2E911956-F90F-4BFB-8231-E292A7B6F287/GRMSDKX_EN_DVD.iso
+*   Alternatively you download MinGW and Msys. You'll find the latest
+    installer at:
+
+    URL: <http://sourceforge.net/projects/mingw/files/Installer/mingw-get-inst/>
+
+    Make sure to install everything they've got. 
+
+    To be able to build the 64bit VM, you will also need the 64bit
+    MinGW compiler from:
+
+    URL: <http://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20Win64/Automated%20Builds/>
+
+    The latest version should do it. Make sure you download the
+    `mingw-w64-bin_i686-mingw_<something>.zip`, not a linux
+    version. You unzip the package on top of your MinGW installation
+    (`c:\MinGW`) and that's it.
+
+    Setting up your environment in Msys is similar to setting it up in
+    Cygwin.
+
+* Microsofts Windows SDK version 7.1 (corresponding to VC++ 10.0 and
+    Visual Studio 2010). You'll find it here:
+    
+    URL: <http://www.microsoft.com/download/en/details.aspx?id=8279>
+
+    but before you install that, you need to have .Net 4 installed,
+    you'll find that here:
+
+    URL: <http://www.microsoft.com/download/en/details.aspx?id=17851>
+
+    Use the web installer for the SDK, at least when I tried
+    downloading the whole package as an image, I got SDK 7.0 instead,
+    which is not what you want...
+
+    There will be a Windows command file in `%PROGRAMFILES%\Mirosoft
+    SDKs\Windows\v7.1\Bin\SetEnv.cmd` that set's the appropriate
+    environment for a Windows command prompt. This is not appropriate
+    for bash, so you'll need to convert it to bash-style environments
+    by editing your `.bash_profile`. In my case, where the SDK is
+    installed in the default directory and `%PROGRAMFILES%` is
+    `C:\Program Files`, the commands for setting up a 32bit build
+    environment (on a 64bit or 32bit machine) look like this (in cygwin):
+
+        # Some common paths
+        C_DRV=/cygdrive/c
+        PRG_FLS=$C_DRV/Program\ Files
+
+        # nsis
+        NSIS_BIN=$PRG_FLS/NSIS
+        # java
+        JAVA_BIN=$PRG_FLS/Java/jdk1.6.0_16/bin
+
+        ##
+        ## MS SDK
+        ##
+
+        CYGWIN=nowinsymlinks
+        MVS10="$PRG_FILES/Microsoft Visual Studio 10.0"
+        WIN_MVS10="C:\\Program Files\\Microsoft Visual Studio 10.0"
+        SDK10="$PRG_FILES/Microsoft SDKs/Windows/v7.1"
+        WIN_SDK10="C:\\Program Files\\Microsoft SDKs\\Windows\\v7.1"
+
+        PATH="$NSIS_BIN:\
+        $MVS10/Common7/IDE:\
+        $MVS10/Common7/Tools:\
+        $MVS10/VC/Bin:\
+        $MVS10/VC/Bin/VCPackages:\
+        $SDK10/Bin/NETFX 4.0 Tools:\
+        $SDK10/Bin:\
+        /usr/local/bin:/usr/bin:/bin:\
+        /cygdrive/c/WINDOWS/system32:/cygdrive/c/WINDOWS:\
+        /cygdrive/c/WINDOWS/system32/Wbem:\
+        $JAVA_BIN"
+
+        LIBPATH="$WIN_MVS10\\VC\\LIB"
+
+        LIB="$WIN_MVS10\\VC\\LIB;$WIN_SDK10\\LIB"
+
+        INCLUDE="$WIN_MVS10\\VC\\INCLUDE;$WIN_SDK10\\INCLUDE;$WIN_SDK10\\INCLUDE\\gl"
+
+        export CYGWIN PATH LIBPATH LIB INCLUDE 
+
+    If you're using Msys instead, the only thing you need to change is
+    the `C_DRV` setting, which would read:
+
+        C_DRV=/c
+
+    And of course you might need to change `C:\Program Files` etc if
+    you're using a non-english version of Windows (XP). Note that in
+    later versions of Windows, the national adoptions of the program
+    files directories etc are not on the file system but only in the
+    explorer, so even if explorer says that your programs reside in
+    e.g. `C:\Program`, they might still reside in `C:\Program Files`
+    in reality...
+
+    If you are building a 64 bit verision of Erlang, you should set up
+    PATHs etc a little differently. I use the following script to
+    make things work in both Cygwin and Msys:
+
+         make_winpath()
+         {
+                P=$1
+                if [ "$IN_CYGWIN" = "true" ]; then 
+                   cygpath -d "$P"
+                else
+                   (cd "$P" && /bin/cmd //C "for %i in (".") do @echo %~fsi")
+                fi
+         }
+
+         make_upath()
+         {
+                P=$1
+                if [ "$IN_CYGWIN" = "true" ]; then 
+                   cygpath "$P"
+                else
+                   echo "$P" | /bin/sed 's,^\([a-zA-Z]\):\\,/\L\1/,;s,\\,/,g'
+                fi
+         }
+
+         # Some common paths
+         if [ -x /usr/bin/msysinfo ]; then
+            # Without this the path conversion won't work
+            COMSPEC='C:\Windows\SysWOW64\cmd.exe'
+            MSYSTEM=MINGW32
+            export MSYSTEM COMSPEC
+            IN_CYGWIN=false
+         else
+            CYGWIN=nowinsymlinks
+            export CYGWIN
+            IN_CYGWIN=true
+         fi
+
+         if [ "$IN_CYGWIN" = "true" ]; then 
+            PATH=/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:\
+            /cygdrive/c/windows/system32:/cygdrive/c/windows:/cygdrive/c/windows/system32/Wbem
+         else
+            PATH=/usr/local/bin:/mingw/bin:/bin:/c/Windows/system32:/c/Windows:\
+            /c/Windows/System32/Wbem
+         fi
+
+         if [ "$IN_CYGWIN" = "true" ]; then 
+            C_DRV=/cygdrive/c
+         else
+            C_DRV=/c
+         fi
+
+         PRG_FLS64=$C_DRV/Program\ Files
+         PRG_FLS32=$C_DRV/Program\ Files\ \(x86\)
+         VISUAL_STUDIO_ROOT32=$PRG_FLS32/Microsoft\ Visual\ Studio\ 10.0
+         MS_SDK_ROOT64=$PRG_FLS64/Microsoft\ SDKs/Windows/v7.1
+
+         # Okay, now mangle the paths and get rid of spaces by using short names
+         WIN_VCROOT32=`make_winpath "$VISUAL_STUDIO_ROOT32"`
+         VCROOT32=`make_upath $WIN_VCROOT32`
+         WIN_SDKROOT64=`make_winpath "$MS_SDK_ROOT64"`
+         SDKROOT64=`make_upath $WIN_SDKROOT64`
+         WIN_PROGRAMFILES32=`make_winpath "$PRG_FLS32"`
+         PROGRAMFILES32=`make_upath $WIN_PROGRAMFILES32`
+    
+         WIN_PROGRAMFILES64=`make_winpath "$PRG_FLS64"`
+         PROGRAMFILES64=`make_upath $WIN_PROGRAMFILES64`
+
+         # nsis
+         NSIS_BIN=$PROGRAMFILES32/NSIS
+         # java
+         JAVA_BIN=$PROGRAMFILES64/Java/jdk1.7.0_01/bin
+
+         ## The PATH variable should be Unix'ish
+         VCPATH=$VCROOT32/Common7/IDE:$VCROOT32/VC/BIN/amd64:$VCROOT32/Common7/Tools:\
+         $VCROOT32/VC/VCPackages:$SDKROOT64/bin/NETFX4~1.0TO/x64:$SDKROOT64/bin/x64:\
+         $SDKROOT64/bin
+
+         ## Microsoft SDK libs
+
+         LIBPATH=$WIN_VCROOT32\\VC\\LIB\\amd64
+         LIB=$WIN_VCROOT32\\VC\\LIB\\amd64\;$WIN_SDKROOT64\\LIB\\X64
+         INCLUDE=$WIN_VCROOT32\\VC\\INCLUDE\;$WIN_SDKROOT64\\include\;\
+         $WIN_SDKROOT64\\include\\gl
+
+         # Put nsis, c compiler and java in path
+         PATH=$NSIS_BIN:$VCPATH:$PATH:$JAVA_BIN
+
+         # Make sure LIB and INCLUDE is available for others
+         export PATH LIBPATH LIB INCLUDE
+
+    All this is derived from the SetEnv.cmd command file mentioned
+    earlier. The bottom line is to set the PATH so that NSIS and
+    Microsoft SDK is found before the Msys/Cygwin tools and that Java
+    is last in the PATH.
+
+    Make a simple hello world (maybe one that prints out 
+    `sizeof(void *)`) and try to compile it with the `cl` command from within
+    bash. If that does not work, your environment needs fixing. Also
+    remember to fix up the PATH environment, especially old Erlang
+    installations might have inserted quoted paths that Cygwin/Msys
+    does not understand. Remove or correct such paths. There should be
+    no backslashes in your path environment variable in Cygwin bash,
+    but LIB and INCLUDE should contain Windows style paths with
+    semicolon, drive letters and backslashes.
 
 *   Sun's Java JDK 1.5.0 or higher. Our Java code (jinterface, ic) is
     written for JDK 1.5.0. Get it for Windows and install it, the JRE is
@@ -378,11 +542,11 @@ Well' here's the list:
 
     Add javac *LAST* to your path environment in bash, in my case this means:
 
-        PATH="$PATH:/cygdrive/c/Program Files/Java/jdk1.5.0_17/bin"
+        `PATH="$PATH:/cygdrive/c/Program Files/Java/jdk1.5.0_17/bin"`
 
     No `CLASSPATH` or anything is needed. Type `javac` at the bash prompt
     and you should get a list of available Java options. Make sure by
-    typing `which java` that you use the Java you installed. Note however that
+    typing `type java` that you use the Java you installed. Note however that
     Cygwin's `jar.exe` is used, that's why the JDK bin-directory should be
     added last in the `PATH`.
 
@@ -402,78 +566,98 @@ Well' here's the list:
     type makensis at the bash prompt and you should get a list of options
     if everything is OK.
 
-*   OpenSSL for Windows. This is if you want the SSL and crypto
-    applications to compile (and run). Go to <http://www.openssl.org>, click
-    on the `Related` link and then on the `Binaries` link (upper right
-    corner of the page last time I looked), you can then reach the
-    "Shining Lights Productions" Web site for Windows binaries
-    distributions. Get the latest 32-bit installer, or use 0.9.7c if you get
-    trouble with the latest, and install to C:\OpenSSL which is where the
-    Makefiles are expecting to find it. It's a nifty installer. The rest should
-    be handled by `configure`, you needn't put anything in the path or anything.
-
-    If you want to build openssl for windows yourself (which might be
-    possible, as you wouldn't be reading this if you weren't a
-    compile-it-yourself person), you either have to put the resulting
-    DLL's in your path or in the windows system directory and either
-    specify where you put the includes etc with the configure-parameter
-    `--with-ssl=<cygwin path to the root>` or put your installation directly
-    under `c:\OpenSSL`. The directory structure under the installation root
-    for OpenSSL is expected to be one with subdirectories named `include`,
-    `bin` and `lib`, possibly with a `VC` subdirectory of `lib` containing
-    the actual `.lib` files. Note that the cygwin distributed OpenSSL cannot be
-    used, it results in cygwin depending binaries and it has unix style
-    archives (`.a`, not `.lib`).
+* OpenSSL. This is if you want the SSL and crypto applications to
+    compile (and run). There are prebuilt binaries available, but I
+    strongly recommend building this yourself. It's quite easy.
 
-*   Building with wxWidgets. Download wxWidgets-2.8.9 or higher patch
-    release (2.9.\*  is a developer release which currently does not work
-    with wxErlang).
+    First get the source from 
 
-    Install or unpack it to `DRIVE:/PATH/cygwin/opt/local/pgm`.
-    Open from explorer (i.e. by double clicking the file)
-    `C:\cygwin\opt\local\pgm\wxMSW-2.8.11\build\msw\wx.dsw`
-    In Microsoft Visual Studio, click File/Open/File, locate and
-    open:  `C:\cygwin\opt\local\pgm\wxMSW-2.8.11\include\wx\msw\setup.h`
-    enable `wxUSE_GLCANVAS`, `wxUSE_POSTSCRIPT` and `wxUSE_GRAPHICS_CONTEXT`
-    Build it by clicking Build/Batch Build and select all unicode release
-    (and unicode debug) packages.
+    URL: <http://openssl.org/source/>
+
+    I would recommend using 0.9.8r. 
+
+    Download the tar file and unpack it (using your bash prompt) into
+    a directory of your choise.
+
+    You will need a Windowish Perl for the build. ActiveState has one:
+
+    URL: <http://www.activestate.com/activeperl/downloads>
+
+    Download and install that. Disable options to associate it with
+    the .pl suffix and/or adding things to PATH, they are not needed. 
+
+    Now fire up the Microsoft Windows SDK command prompt in RELEASE
+    mode for the architecture you are going to build. The easiest is
+    to copy the shortcut from the SDKs start menu item and edit the
+    command line in the shortcut (Right click->Properties) to end with
+    `/Release`. Make sure the banner when you double click your
+    shortcut (the text in the resulting command window) says
+    `Targeting Windows XP x64 Release` if you are going to do a 64 bit
+    build and `Targeting Windows XP x86 Release` if you are building a
+    32 bit version.
+
+    Now cd to where you unpacked the OpenSSL source using your Release
+    Windows command prompt (it should be on the same drive as where
+    you are going to install it if everything is to work smothly).
+
+      `C:\> cd <some dir>`
+
+    Add ActiveState (or some other windows perl, not cygwins) to your PATH:
+
+      `C:\...\> set PATH=C:\Perl\bin;%PATH%`
+
+    Configure OpenSSL for 32 bit:
 
-    Open `C:\cygwin\opt\local\pgm\wxMSW-2.8.11\contrib/build/stc/stc.dsw`
-    and batch build all unicode packages.
+      `C:\...\> perl Configure VC-WIN32 --prefix=/OpenSSL`
 
-    If you are using Visual C++ 9.0 or higher (Visual Studio 2008 onwards) you
-    will also need to convert and re-create the project dependencies in the new
-    .sln "Solution" format.
+    Or for 64 bit:
 
-    * Open VSC++ & the project  `wxMSW-2.8.11\build\msw\wx.dsw`, accepting the
-    automatic conversion to the newer VC++ format and save as
-    `\wxMSW-2.8.11\build\msw\wx.sln`
+      `C:\...\> perl Configure VC-WIN64A --prefix=/OpenSSL-Win64`
 
-    * right-click on the project, and set up the project dependencies for
-    `wx.dsw` to achieve the below build order
+    Do some setup (for 32 bit):
 
-            jpeg, png, tiff, zlib, regex, expat, base, net, odbc, core,
-            gl, html, media, qa, adv, dbgrid, xrc, aui, richtext, xml
+      `C:\...\> ms\do_win32`
 
-    Build all unicode release (and unicode debug) packages either from the
-    GUI or alternatively launch a new prompt from somewhere like Start ->
-    Programs -> Microsoft Visual C++ -> Visual Studio Tools -> VS2008 Cmd Prompt
-    and cd to where you unpacked wxMSW
+    The same for 64 bit:
 
-            pushd c:\wxMSW*\build\msw
-            vcbuild /useenv /platform:Win32 /M4 wx.sln "Unicode Release|Win32"
-            vcbuild /useenv /platform:Win32 /M4 wx.sln "Unicode Debug|Win32"
+      `C:\...\> ms\do_win64a`
 
-    Open VSC++ & convert `C:\wxMSW-2.8.11\contrib\build\stc\stc.dsw` to
-    `C:\wxMSW-2.8.11\contrib\build\stc\stc.sln`
+    Then build static libraries and install:
 
-    * build the unicode release (and unicode debug) packages from the GUI or
-    alternatively open a VS2008 Cmd Prompt and cd to where you unpacked wxMSW
+      `C:\...\> nmake -f ms\nt.mak`
+      `C:\...\> nmake -f ms\nt.mak install`
 
-            pushd c:\wxMSW*\contrib\build\stc
-            vcbuild /useenv /platform:Win32 /M4 stc.sln "Unicode Release|Win32"
-            vcbuild /useenv /platform:Win32 /M4 stc.sln "Unicode Debug|Win32"
+    That's it - you now have your perfectly consistent static build of
+    openssl. If you want to get rid of any possibly patented
+    algorithms in the lib, just read up on the OpenSSL FAQ and follow
+    the instructions.
 
+    The installation locations chosen are where configure will look
+    for OpenSSL, so try to keep them as is.
+       
+*   Building with wxWidgets. Download wxWidgets-2.8.9 or higher patch
+    release (2.9.\*  is a developer release which currently does not work
+    with wxErlang).
+
+    Install or unpack it to `DRIVE:/PATH/cygwin/opt/local/pgm`.
+
+    edit:  `C:\cygwin\opt\local\pgm\wxMSW-2.8.11\include\wx\msw\setup.h`
+    enable `wxUSE_GLCANVAS`, `wxUSE_POSTSCRIPT` and `wxUSE_GRAPHICS_CONTEXT`
+
+    build: From a command prompt with the VC tools available (usually started from a
+           shortcut installed by the SDK/Visual Studio):
+	   
+	   `cd C:\cygwin\opt\local\pgm\wxMSW-2.8.11\build\msw`
+	   `nmake BUILD=release SHARED=0 UNICODE=1 USE_OPENGL=1 USE_GDIPLUS=1 DIR_SUFFIX_CPU= -f makefile.vc`
+	   `cd C:\cygwin\opt\local\pgm\wxMSW-2.8.11\contrib\build\stc`
+	   `nmake BUILD=release SHARED=0 UNICODE=1 USE_OPENGL=1 USE_GDIPLUS=1 DIR_SUFFIX_CPU= -f makefile.vc`
+    
+    Or - if building a 64bit version:
+	   `cd C:\cygwin\opt\local\pgm\wxMSW-2.8.11\build\msw`
+	   `nmake TARGET_CPU=amd64 BUILD=release SHARED=0 UNICODE=1 USE_OPENGL=1 USE_GDIPLUS=1 DIR_SUFFIX_CPU= -f makefile.vc`
+	   `cd C:\cygwin\opt\local\pgm\wxMSW-2.8.11\contrib\build\stc`
+	   `nmake TARGET_CPU=amd64 BUILD=release SHARED=0 UNICODE=1 USE_OPENGL=1 USE_GDIPLUS=1 DIR_SUFFIX_CPU= -f makefile.vc`
+    	   
 *   The Erlang source distribution (from <http://www.erlang.org/download.html>).
     The same as for Unix platforms. Preferably use tar from within Cygwin to
     unpack the source tar.gz (`tar zxf otp_src_%OTP-REL%.tar.gz`).
@@ -499,6 +683,9 @@ Well' here's the list:
     erlang system without gs (which might be okay as you probably will use
     wx anyway).
 
+    Note that there is no special 64bit version of TCL/TK needed, you
+    can use the 32bit program even for a 64bit build.
+
 The Shell Environment
 ---------------------
 
@@ -526,6 +713,12 @@ the ksh variant:
     $ cd $ERL_TOP
     $ eval $(./otp_build env_win32)
 
+If you are building a 64 bit version, you supply `otp_build` with an architecture parameter:
+
+    $ cd $ERL_TOP
+    $ eval `./otp_build env_win32 x64`
+     
+
 This should do the final touch to the environment and building should
 be easy after this. You could run `./otp_build env_win32` without
 `eval` just to see what it does, and to see that the environment it
@@ -535,10 +728,11 @@ style short names instead), the variables `OVERRIDE_TARGET`, `CC`, `CXX`,
 `$ERL_TOP/erts/etc/win32/cygwin_tools/vc` and
 `$ERL_TOP/erts/etc/win32/cygwin_tool` are added first in the PATH.
 
-Try now a `which erlc`. That should result in the erlc wrapper script
+Try now a `type erlc`. That should result in the erlc wrapper script
 (which does not have the .sh extension, for reasons best kept
-untold...). It should reside in `$ERL_TOP/erts/etc/win32/cygwin_tools`.
-You could also try `which cc.sh`, which `ar.sh` etc.
+untold...). It should reside in `$ERL_TOP/erts/etc/win32/cygwin_tools`
+or `$ERL_TOP/erts/etc/win32/msys_tools`.  You could also try `which
+cc.sh`, which `ar.sh` etc.
 
 Now you're ready to build...
 
@@ -546,8 +740,8 @@ Now you're ready to build...
 Building and Installing
 -----------------------
 
-Now it's assumed that you have executed `` eval `./otp_build env_win32` ``
-for this particular shell...
+Now it's assumed that you have executed `` eval `./otp_build env_win32` `` or 
+`` eval `./otp_build env_win32 x64` `` for this particular shell...
 
 Building is easiest using the `otp_build` script. That script takes care
 of running configure, bootstrapping etc on Windows in a simple
@@ -639,6 +833,13 @@ Lets get into more detail:
         $ release/win32/otp_win32_%OTP-REL% /S
         ...
 
+    or
+
+        $ cd $ERL_TOP
+        $ release/win32/otp_win64_%OTP-REL% /S
+        ...
+    
+
     and after a while Erlang/OTP-%OTP-REL% will have been installed in
     `C:\Program Files\erl%ERTS-VSN%\`, with shortcuts in the menu etc.
 
@@ -761,6 +962,22 @@ Remember that:
 
 That's basically all you need to get going.
 
+Using GIT
+---------
+
+You might want to check out versions of the source code from GitHUB. That is possible directly in cygwin, but not in Msys. There is a project MsysGIT:
+
+URL:<http://code.google.com/p/msysgit/>
+
+that makes a nice Git port. The msys prompt you get from MsysGIT is
+however not compatible with the full version from MinGW, so you will
+need to check out files using MsysGITs command prompt and then switch
+to a common Msys command prompt for building. Also all test suites
+cannot be built as MsysGIT/Msys does not handle symbolic links. To
+build test suites on Windows, you will need Cygwin for now. Hopefully
+all symbolic links will disappear from our repository soon and this
+issue will disappear.
+
 Final Words
 -----------
 My hope is that the possibility to build the whole system on Windows
@@ -778,11 +995,15 @@ be good. The idea to do this came from his work, so credit is well
 deserved.
 
 Of course this would have been completely impossible without the
-excellent Cygwin package. The guys at Cygnus solutions and Redhat
-deserves a huge THANKS! as well as all the other people in the free
-software community who have helped in creating the magnificent
+excellent Cygwin. The guys at Cygnus solutions and
+Redhat deserves a huge THANKS! as well as all the other people in the
+free software community who have helped in creating the magnificent
 software that constitutes Cygwin.
 
+Also the people developing the alternative command prompt Msys anfd
+the MinGW compiler are worth huge THANKS! The 64bit port would have
+been impossible without the 64bit MinGW compiler.
+
 Good luck and Happy Hacking,
 Patrik, OTP
 
@@ -791,7 +1012,7 @@ Copyright and License
 
 %CopyrightBegin%
 
-Copyright Ericsson AB 2003-2010. All Rights Reserved.
+Copyright Ericsson AB 2003-2011. All Rights Reserved.
 
 The contents of this file are subject to the Erlang Public License,
 Version 1.1, (the "License"); you may not use this file except in
diff --git a/INSTALL.md b/INSTALL.md
index 8a3b71e4ec..34868143db 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -44,21 +44,31 @@ At Ericsson we have a "Daily Build and Test" that runs on:
     *   x86
 *   SuSE Linux/GNU 9.4, 10.1
     *   x86
-*   SuSE Linux/GNU 10.0, 10.1
+*   SuSE Linux/GNU 10.0, 10.1, 11.0
     *   x86
     *   x86\_64
-*   SuSE Linux/GNU 11.0
-    *   x86\_64
+*   openSuSE 11.4 (Celadon)
+    *   x86\_64 (valgrind)
+*   Fedora 7
+    *   PowerPC
+*   Fedora 14
+    * x86\_64
 *   Gentoo Linux/GNU 1.12.11.1
     *   x86
+*   Ubuntu Linux/GNU 7.04, 10.04, 10.10, 11.0
+    *   x86\_64
 *   MontaVista Linux/GNU 4.0.1
     *   PowerPC
-*   FreeBSD 7.1
+*   FreeBSD 8.2
     *   x86
-*   Mac OS X 10.4.11 (Tiger), 10.5.8 (Leopard), 10.6.0 (Snow Leopard)
+*   OpenBSD 5.0
+    *   x86\_64
+*   Mac OS X 10.5.8 (Leopard), 10.6.0 (Snow Leopard), 10.7.2 (Lion)
     *   x86
 *   Windows XP SP3, 2003, Vista, 7
     *   x86
+*   Windows 7
+    *   x86\_64
 
 We also have the following "Daily Cross Builds":
 
@@ -132,7 +142,7 @@ These are the tools you will need in order to unpack and build Erlang/OTP.
 *   OpenSSL -- Optional, but needed for building the Erlang/OTP applications
     `ssl` and `crypto`. You need the "development package" of OpenSSL, i.e.
     including the header files. For building the application `ssl` the OpenSSL
-    binary command program `openssl` is also needed. At least version 0.9.7
+    binary command program `openssl` is also needed. At least version 0.9.8
     of OpenSSL is required. Can be downloaded from <http://www.openssl.org>.
 *   Sun Java jdk-1.5.0 or higher -- Optional but needed for building the
     Erlang/OTP application `jinterface` and parts of `ic` and `orber`. Can
@@ -674,6 +684,44 @@ test on).
 
 Universal binaries and 64bit binaries are mutually exclusive options.
 
+Building a fast Erlang VM on Mac OS Lion
+----------------------------------------
+
+Starting with XCode 4.2, Apple no longer includes a "real" `gcc`
+compiler (not based on the LLVM).  Building with `llvm-gcc` or `clang`
+will work, but the performance of the Erlang run-time system will not
+be the best possible.
+
+Note that if you have `gcc-4.2` installed and included in `PATH`
+(from a previous version of XCode), `configure` will automatically
+make sure that `gcc-4.2` will be used to compile `beam_emu.c`
+(the source file most in need of `gcc`).
+
+If you don't have `gcc-4.2.` and want to build a run-time system with
+the best possible performance, do like this:
+
+Install XCode from the AppStore if it is not already installed.
+
+Install MacPorts (<http://www.macports.org/>). Then:
+
+    $ sudo port selfupdate
+    $ sudo port install gcc45 +universal
+
+If you want to build the `wx` application, get wxMac-2.8.12
+(`wxMac-2.8.12.tar.gz` from
+<http://sourceforge.net/projects/wxwindows/files/2.8.12/>) and build:
+
+    $ arch_flags="-arch i386" ./configure CFLAGS="$arch_flags" CXXFLAGS="$arch_flags" CPPFLAGS="$arch_flags" LDFLAGS="$arch_flags" OBJCFLAGS="$arch_flags" OBJCXXFLAGS="$arch_flags" --prefix=/usr/local --with-macosx-sdk=/Developer/SDKs/MacOSX10.6.sdk --with-macosx-version-min=10.6 --enable-unicode --with-opengl --disable-shared
+    $ make
+    $ sudo make install
+
+Build Erlang with the MacPorts GCC as the main compiler (using `clang`
+for the Objective-C Cocoa code in the `wx` application):
+
+    $ PATH=/usr/local/bin:$PATH CC=/opt/local/bin/gcc-mp-4.5 CXX=/opt/local/bin/g++-mp-4.5 ./configure --enable-m32-build make
+    $ sudo make install
+
+
 How to Build a Debug Enabled Erlang RunTime System
 --------------------------------------------------
 
diff --git a/Makefile.in b/Makefile.in
index 902c21fb52..0b1f0930ca 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -219,10 +219,11 @@ BOOTSTRAP_ROOT = $(ERL_TOP)
 # depending on which system is preferred.)
 LOCAL_PATH     = $(ERL_TOP)/erts/bin/$(TARGET):$(ERL_TOP)/erts/bin
 ifeq ($(TARGET),win32)
-WIN32_WRAPPER_PATH=$(ERL_TOP)/erts/etc/win32/cygwin_tools
 BOOT_PREFIX=$(WIN32_WRAPPER_PATH):$(BOOTSTRAP_ROOT)/bootstrap/bin:
+TEST_PATH_PREFIX=$(WIN32_WRAPPER_PATH):$(ERL_TOP)/bin:
 else
 BOOT_PREFIX=$(BOOTSTRAP_ROOT)/bootstrap/bin:
+TEST_PATH_PREFIX=$(ERL_TOP)/bin:
 endif
 
 # ----------------------------------------------------------------------
@@ -599,6 +600,18 @@ secondary_bootstrap_copy:
 			cp $$x $$TF; \
 		true; \
 	done
+	if test ! -d $(BOOTSTRAP_ROOT)/bootstrap/lib/xmerl ; then mkdir $(BOOTSTRAP_ROOT)/bootstrap/lib/xmerl ; fi
+	if test ! -d $(BOOTSTRAP_ROOT)/bootstrap/lib/xmerl/include ; then mkdir $(BOOTSTRAP_ROOT)/bootstrap/lib/xmerl/include ; fi
+	for x in lib/xmerl/include/*.hrl; do \
+		BN=`basename $$x`; \
+		TF=$(BOOTSTRAP_ROOT)/bootstrap/lib/xmerl/include/$$BN; \
+		test -f  $$TF && \
+		test '!' -z "`find $$x -newer $$TF -print`" && \
+			cp $$x $$TF; \
+		test '!' -f $$TF && \
+			cp $$x $$TF; \
+		true; \
+	done
 
 tertiary_bootstrap_build:
 	cd lib && \
@@ -696,6 +709,18 @@ tertiary_bootstrap_copy:
 			cp $$x $$TF; \
 		true; \
 	done
+#       copy wx_object to remove undef behaviour warnings
+	for x in lib/wx/ebin/wx_object.beam; do \
+		BN=`basename $$x`; \
+		TF=$(BOOTSTRAP_ROOT)/bootstrap/lib/wx/ebin/$$BN; \
+		test -f  $$TF && \
+		test '!' -z "`find $$x -newer $$TF -print`" && \
+			cp $$x $$TF; \
+		test '!' -f $$TF && \
+			cp $$x $$TF; \
+		true; \
+	done
+
 	for x in lib/test_server/include/*.hrl; do \
 		BN=`basename $$x`; \
 		TF=$(BOOTSTRAP_ROOT)/bootstrap/lib/test_server/include/$$BN; \
@@ -857,7 +882,7 @@ tests release_tests: $(TEST_DIRS)
 $(TEST_DIRS):
 	if test -f $@/Makefile; then \
 	    (cd $@; $(MAKE) TESTROOT=$(TESTSUITE_ROOT) \
-	    PATH=$(ERL_TOP)/bin:$(BOOT_PREFIX)$${PATH} release_tests) || exit $$?; \
+	    PATH=$(TEST_PATH_PREFIX)$(BOOT_PREFIX)$${PATH} release_tests) || exit $$?; \
 	fi
 
 #
diff --git a/aclocal.m4 b/aclocal.m4
index 32ceb26f5a..339a15a2bb 120000..100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -1 +1,1766 @@
-erts/aclocal.m4
\ No newline at end of file
+dnl
+dnl %CopyrightBegin%
+dnl
+dnl Copyright Ericsson AB 1998-2011. All Rights Reserved.
+dnl
+dnl The contents of this file are subject to the Erlang Public License,
+dnl Version 1.1, (the "License"); you may not use this file except in
+dnl compliance with the License. You should have received a copy of the
+dnl Erlang Public License along with this software. If not, it can be
+dnl retrieved online at http://www.erlang.org/.
+dnl
+dnl Software distributed under the License is distributed on an "AS IS"
+dnl basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+dnl the License for the specific language governing rights and limitations
+dnl under the License.
+dnl
+dnl %CopyrightEnd%
+dnl
+
+dnl
+dnl aclocal.m4
+dnl
+dnl Local macros used in configure.in. The Local Macros which
+dnl could/should be part of autoconf are prefixed LM_, macros specific
+dnl to the Erlang system are prefixed ERL_.
+dnl
+
+AC_DEFUN(LM_PRECIOUS_VARS,
+[
+
+dnl ERL_TOP
+AC_ARG_VAR(ERL_TOP, [Erlang/OTP top source directory])
+
+dnl Tools
+AC_ARG_VAR(CC, [C compiler])
+AC_ARG_VAR(CFLAGS, [C compiler flags])
+AC_ARG_VAR(STATIC_CFLAGS, [C compiler static flags])
+AC_ARG_VAR(CFLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag passed via C compiler])
+AC_ARG_VAR(CPP, [C/C++ preprocessor])
+AC_ARG_VAR(CPPFLAGS, [C/C++ preprocessor flags])
+AC_ARG_VAR(CXX, [C++ compiler])
+AC_ARG_VAR(CXXFLAGS, [C++ compiler flags])
+AC_ARG_VAR(LD, [linker (is often overridden by configure)])
+AC_ARG_VAR(LDFLAGS, [linker flags (can be risky to set since LD may be overriden by configure)])
+AC_ARG_VAR(LIBS, [libraries])
+AC_ARG_VAR(DED_LD, [linker for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LDFLAGS, [linker flags for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LD_FLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(LFS_CFLAGS, [large file support C compiler flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LDFLAGS, [large file support linker flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LIBS, [large file support libraries (set all LFS_* variables or none)])
+AC_ARG_VAR(RANLIB, [ranlib])
+AC_ARG_VAR(AR, [ar])
+AC_ARG_VAR(GETCONF, [getconf])
+
+dnl Cross system root
+AC_ARG_VAR(erl_xcomp_sysroot, [Absolute cross system root path (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_isysroot, [Absolute cross system root include path (only used when cross compiling)])
+
+dnl Cross compilation variables
+AC_ARG_VAR(erl_xcomp_bigendian, [big endian system: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_clock_gettime_correction, [clock_gettime() can be used for time correction: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_nptl, [have Native POSIX Thread Library: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigusrx, [SIGUSR1 and SIGUSR2 can be used: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigaltstack, [have working sigaltstack(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_poll, [have working poll(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_kqueue, [have working kqueue(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_putenv_copy, [putenv() stores key-value copy: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_reliable_fpe, [have reliable floating point exceptions: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_getaddrinfo, [have working getaddrinfo() for both IPv4 and IPv6: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_gethrvtime_procfs_ioctl, [have working gethrvtime() which can be used with procfs ioctl(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_clock_gettime_cpu_time, [clock_gettime() can be used for retrieving process CPU time: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_after_morecore_hook, [__after_morecore_hook can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_dlsym_brk_wrappers, [dlsym(RTLD_NEXT, _) brk wrappers can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+
+])
+
+AC_DEFUN(ERL_XCOMP_SYSROOT_INIT,
+[
+erl_xcomp_without_sysroot=no
+if test "$cross_compiling" = "yes"; then
+    test "$erl_xcomp_sysroot" != "" || erl_xcomp_without_sysroot=yes
+    test "$erl_xcomp_isysroot" != "" || erl_xcomp_isysroot="$erl_xcomp_sysroot"
+else
+    erl_xcomp_sysroot=
+    erl_xcomp_isysroot=
+fi
+])
+
+AC_DEFUN(LM_CHECK_GETCONF,
+[
+if test "$cross_compiling" != "yes"; then
+    AC_CHECK_PROG([GETCONF], [getconf], [getconf], [false])
+else
+    dnl First check if we got a `<HOST>-getconf' in $PATH
+    host_getconf="$host_alias-getconf"
+    AC_CHECK_PROG([GETCONF], [$host_getconf], [$host_getconf], [false])
+    if test "$GETCONF" = "false" && test "$erl_xcomp_sysroot" != ""; then
+	dnl We should perhaps give up if we have'nt found it by now, but at
+	dnl least in one Tilera MDE `getconf' under sysroot is a bourne
+	dnl shell script which we can use. We try to find `<HOST>-getconf'
+    	dnl or `getconf' under sysconf, but only under sysconf since
+	dnl `getconf' in $PATH is almost guaranteed to be for the build
+	dnl machine.
+	GETCONF=
+	prfx="$erl_xcomp_sysroot"
+        AC_PATH_TOOL([GETCONF], [getconf], [false],
+	             ["$prfx/usr/bin:$prfx/bin:$prfx/usr/local/bin"])
+    fi
+fi
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_WINDOWS_ENVIRONMENT
+dnl
+dnl
+dnl Tries to determine thw windows build environment, i.e. 
+dnl MIXED_CYGWIN_VC or MIXED_MSYS_VC 
+dnl
+
+AC_DEFUN(LM_WINDOWS_ENVIRONMENT,
+[
+MIXED_CYGWIN=no
+MIXED_MSYS=no
+
+AC_MSG_CHECKING(for mixed cygwin or msys and native VC++ environment)
+if test "X$host" = "Xwin32" -a "x$GCC" != "xyes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([Cygwin and VC])
+		MIXED_CYGWIN_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_VC"
+	elif test -x /usr/bin/msysinfo; then
+	        CFLAGS="-O2"
+		MIXED_MSYS=yes
+		AC_MSG_RESULT([MSYS and VC])
+		MIXED_MSYS_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_MSYS_VC"
+	else		    
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_VC=no
+	MIXED_MSYS_VC=no
+fi
+AC_SUBST(MIXED_CYGWIN_VC)
+AC_SUBST(MIXED_MSYS_VC)
+
+MIXED_VC=no
+if test "x$MIXED_MSYS_VC" = "xyes" -o  "x$MIXED_CYGWIN_VC" = "xyes" ; then
+   MIXED_VC=yes
+fi
+
+AC_SUBST(MIXED_VC)
+
+if test "x$MIXED_MSYS" != "xyes"; then
+   AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
+   if test "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([yes])
+		MIXED_CYGWIN_MINGW=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_MINGW"
+	else
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+    else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_MINGW=no
+    fi
+else
+	MIXED_CYGWIN_MINGW=no
+fi	
+AC_SUBST(MIXED_CYGWIN_MINGW)
+
+AC_MSG_CHECKING(if we mix cygwin with any native compiler)
+if test "X$MIXED_CYGWIN" = "Xyes"; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_CYGWIN)
+	
+AC_MSG_CHECKING(if we mix msys with another native compiler)
+if test "X$MIXED_MSYS" = "Xyes" ; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_MSYS)
+])		
+	
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_FIND_EMU_CC
+dnl
+dnl
+dnl Tries fairly hard to find a C compiler that can handle jump tables.
+dnl Defines the @EMU_CC@ variable for the makefiles and 
+dnl inserts NO_JUMP_TABLE in the header if one cannot be found...
+dnl
+
+AC_DEFUN(LM_FIND_EMU_CC,
+	[AC_CACHE_CHECK(for a compiler that handles jumptables,
+			ac_cv_prog_emu_cc,
+			[
+AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    __label__ lbl1;
+    __label__ lbl2;
+    int x = magic();
+    static void *jtab[2];
+
+    jtab[0] = &&lbl1;
+    jtab[1] = &&lbl2;
+    goto *jtab[x];
+lbl1:
+    return 1;
+lbl2:
+    return 2;
+],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+
+if test $ac_cv_prog_emu_cc = no; then
+	for ac_progname in emu_cc.sh gcc-4.2 gcc; do
+  		IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  		ac_dummy="$PATH"
+  		for ac_dir in $ac_dummy; do
+    			test -z "$ac_dir" && ac_dir=.
+    			if test -f $ac_dir/$ac_progname; then
+      				ac_cv_prog_emu_cc=$ac_dir/$ac_progname
+      				break
+    			fi
+  		done
+  		IFS="$ac_save_ifs"
+		if test $ac_cv_prog_emu_cc != no; then
+			break
+		fi
+	done
+fi
+
+if test $ac_cv_prog_emu_cc != no; then
+	save_CC=$CC
+	save_CFLAGS=$CFLAGS
+	save_CPPFLAGS=$CPPFLAGS
+	CC=$ac_cv_prog_emu_cc
+	CFLAGS=""
+	CPPFLAGS=""
+	AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    	__label__ lbl1;
+    	__label__ lbl2;
+    	int x = magic();
+    	static void *jtab[2];
+
+    	jtab[0] = &&lbl1;
+    	jtab[1] = &&lbl2;
+    	goto *jtab[x];
+	lbl1:
+    	return 1;
+	lbl2:
+    	return 2;
+	],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+	CC=$save_CC
+	CFLAGS=$save_CFLAGS
+	CPPFLAGS=$save_CPPFLAGS
+fi
+])
+if test $ac_cv_prog_emu_cc = no; then
+	AC_DEFINE(NO_JUMP_TABLE,[],[Defined if no found C compiler can handle jump tables])
+	EMU_CC=$CC
+else
+	EMU_CC=$ac_cv_prog_emu_cc
+fi
+AC_SUBST(EMU_CC)
+])		
+			
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_INSTALL_DIR
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl Figure out how to create directories with parents.
+dnl (In my opinion INSTALL_DIR is a bad name, MKSUBDIRS or something is better)
+dnl
+dnl We prefer 'install -d', but use 'mkdir -p' if it exists.
+dnl If none of these methods works, we give up.
+dnl
+
+
+AC_DEFUN(LM_PROG_INSTALL_DIR,
+[AC_CACHE_CHECK(how to create a directory including parents,
+ac_cv_prog_mkdir_p,
+[
+temp_name_base=config.$$
+temp_name=$temp_name_base/x/y/z
+$INSTALL -d $temp_name >/dev/null 2>&1
+ac_cv_prog_mkdir_p=none
+if test -d $temp_name; then
+        ac_cv_prog_mkdir_p="$INSTALL -d"
+else
+        mkdir -p $temp_name >/dev/null 2>&1
+        if test -d $temp_name; then
+                ac_cv_prog_mkdir_p="mkdir -p"
+        fi
+fi
+rm -fr $temp_name_base           
+])
+
+case "${ac_cv_prog_mkdir_p}" in
+  none) AC_MSG_ERROR(don't know how create directories with parents) ;;
+  *)    INSTALL_DIR="$ac_cv_prog_mkdir_p" AC_SUBST(INSTALL_DIR)     ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_PERL5
+dnl
+dnl Try to find perl version 5. If found set PERL to the absolute path
+dnl of the program, if not found set PERL to false.
+dnl
+dnl On some systems /usr/bin/perl is perl 4 and e.g.
+dnl /usr/local/bin/perl is perl 5. We try to handle this case by
+dnl putting a couple of 
+dnl Tries to handle the case that there are two programs called perl
+dnl in the path and one of them is perl 5 and the other isn't. 
+dnl
+AC_DEFUN(LM_PROG_PERL5,
+[AC_PATH_PROGS(PERL, perl5 perl, false,
+   /usr/local/bin:/opt/local/bin:/usr/local/gnu/bin:${PATH})
+changequote(, )dnl
+dnl[ That bracket is needed to balance the right bracket below
+if test "$PERL" = "false" || $PERL -e 'exit ($] >= 5)'; then
+changequote([, ])dnl
+  ac_cv_path_PERL=false
+  PERL=false
+dnl  AC_MSG_WARN(perl version 5 not found)
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SO_BSDCOMPAT
+dnl
+dnl Check if the system has the SO_BSDCOMPAT flag on sockets (linux) 
+dnl
+AC_DEFUN(LM_DECL_SO_BSDCOMPAT,
+[AC_CACHE_CHECK([for SO_BSDCOMPAT declaration], ac_cv_decl_so_bsdcompat,
+AC_TRY_COMPILE([#include <sys/socket.h>], [int i = SO_BSDCOMPAT;],
+               ac_cv_decl_so_bsdcompat=yes,
+               ac_cv_decl_so_bsdcompat=no))
+
+case "${ac_cv_decl_so_bsdcompat}" in
+  "yes" ) AC_DEFINE(HAVE_SO_BSDCOMPAT,[],
+		[Define if you have SO_BSDCOMPAT flag on sockets]) ;;
+  * ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_INADDR_LOOPBACK
+dnl
+dnl Try to find declaration of INADDR_LOOPBACK, if nowhere provide a default
+dnl
+
+AC_DEFUN(LM_DECL_INADDR_LOOPBACK,
+[AC_CACHE_CHECK([for INADDR_LOOPBACK in netinet/in.h],
+ ac_cv_decl_inaddr_loopback,
+[AC_TRY_COMPILE([#include <sys/types.h>
+#include <netinet/in.h>], [int i = INADDR_LOOPBACK;],
+ac_cv_decl_inaddr_loopback=yes, ac_cv_decl_inaddr_loopback=no)
+])
+
+if test ${ac_cv_decl_inaddr_loopback} = no; then
+  AC_CACHE_CHECK([for INADDR_LOOPBACK in rpc/types.h],
+                   ac_cv_decl_inaddr_loopback_rpc,
+                   AC_TRY_COMPILE([#include <rpc/types.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_rpc=yes,
+                                   ac_cv_decl_inaddr_loopback_rpc=no))
+
+   case "${ac_cv_decl_inaddr_loopback_rpc}" in
+     "yes" )
+        AC_DEFINE(DEF_INADDR_LOOPBACK_IN_RPC_TYPES_H,[],
+		[Define if you need to include rpc/types.h to get INADDR_LOOPBACK defined]) ;;
+      * )
+  	AC_CACHE_CHECK([for INADDR_LOOPBACK in winsock2.h],
+                   ac_cv_decl_inaddr_loopback_winsock2,
+                   AC_TRY_COMPILE([#define WIN32_LEAN_AND_MEAN
+				   #include <winsock2.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_winsock2=yes,
+                                   ac_cv_decl_inaddr_loopback_winsock2=no))
+	case "${ac_cv_decl_inaddr_loopback_winsock2}" in
+     		"yes" )
+			AC_DEFINE(DEF_INADDR_LOOPBACK_IN_WINSOCK2_H,[],
+				[Define if you need to include winsock2.h to get INADDR_LOOPBACK defined]) ;;
+		* )
+			# couldn't find it anywhere
+        		AC_DEFINE(HAVE_NO_INADDR_LOOPBACK,[],
+				[Define if you don't have a definition of INADDR_LOOPBACK]) ;;
+	esac;;
+   esac
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_SOCKADDR_SA_LEN
+dnl
+dnl Check if the sockaddr structure has the field sa_len
+dnl
+
+AC_DEFUN(LM_STRUCT_SOCKADDR_SA_LEN,
+[AC_CACHE_CHECK([whether struct sockaddr has sa_len field],
+                ac_cv_struct_sockaddr_sa_len,
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <sys/socket.h>], [struct sockaddr s; s.sa_len = 10;],
+  ac_cv_struct_sockaddr_sa_len=yes, ac_cv_struct_sockaddr_sa_len=no))
+
+dnl FIXME convbreak
+case ${ac_cv_struct_sockaddr_sa_len} in
+  "no" ) AC_DEFINE(NO_SA_LEN,[1],[Define if you dont have salen]) ;;
+  *) ;;
+esac
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_EXCEPTION
+dnl
+dnl Check to see whether the system supports the matherr function
+dnl and its associated type "struct exception".
+dnl
+
+AC_DEFUN(LM_STRUCT_EXCEPTION,
+[AC_CACHE_CHECK([for struct exception (and matherr function)],
+ ac_cv_struct_exception,
+AC_TRY_COMPILE([#include <math.h>],
+  [struct exception x; x.type = DOMAIN; x.type = SING;],
+  ac_cv_struct_exception=yes, ac_cv_struct_exception=no))
+
+case "${ac_cv_struct_exception}" in
+  "yes" ) AC_DEFINE(USE_MATHERR,[1],[Define if you have matherr() function and struct exception type]) ;;
+  *  ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_IPV6
+dnl
+dnl Check for ipv6 support and what the in6_addr structure is called.
+dnl (early linux used in_addr6 insted of in6_addr)
+dnl
+
+AC_DEFUN(LM_SYS_IPV6,
+[AC_MSG_CHECKING(for IP version 6 support)
+AC_CACHE_VAL(ac_cv_sys_ipv6_support,
+[ok_so_far=yes
+ AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+   [struct in6_addr a6; struct sockaddr_in6 s6;], ok_so_far=yes, ok_so_far=no)
+
+if test $ok_so_far = yes; then
+  ac_cv_sys_ipv6_support=yes
+else
+  AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+    [struct in_addr6 a6; struct sockaddr_in6 s6;],
+    ac_cv_sys_ipv6_support=in_addr6, ac_cv_sys_ipv6_support=no)
+fi
+])dnl
+
+dnl
+dnl Have to use old style AC_DEFINE due to BC with old autoconf.
+dnl
+
+case ${ac_cv_sys_ipv6_support} in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    ;;
+  in_addr6)
+    AC_MSG_RESULT([yes (but I am redefining in_addr6 to in6_addr)])
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    AC_DEFINE(HAVE_IN_ADDR6_STRUCT,[],[Early linux used in_addr6 instead of in6_addr, define if you have this])
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_MULTICAST
+dnl
+dnl Check for multicast support. Only checks for multicast options in
+dnl setsockopt(), no check is performed that multicasting actually works.
+dnl If options are found defines HAVE_MULTICAST_SUPPORT
+dnl
+
+AC_DEFUN(LM_SYS_MULTICAST,
+[AC_CACHE_CHECK([for multicast support], ac_cv_sys_multicast_support,
+[AC_EGREP_CPP(yes,
+[#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#if defined(IP_MULTICAST_TTL) && defined(IP_MULTICAST_LOOP) && defined(IP_MULTICAST_IF) && defined(IP_ADD_MEMBERSHIP) && defined(IP_DROP_MEMBERSHIP)
+yes
+#endif
+], ac_cv_sys_multicast_support=yes, ac_cv_sys_multicast_support=no)])
+if test $ac_cv_sys_multicast_support = yes; then
+  AC_DEFINE(HAVE_MULTICAST_SUPPORT,[1],
+	[Define if setsockopt() accepts multicast options])
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SYS_ERRLIST
+dnl
+dnl Define SYS_ERRLIST_DECLARED if the variable sys_errlist is declared
+dnl in a system header file, stdio.h or errno.h.
+dnl
+
+AC_DEFUN(LM_DECL_SYS_ERRLIST,
+[AC_CACHE_CHECK([for sys_errlist declaration in stdio.h or errno.h],
+  ac_cv_decl_sys_errlist,
+[AC_TRY_COMPILE([#include <stdio.h>
+#include <errno.h>], [char *msg = *(sys_errlist + 1);],
+  ac_cv_decl_sys_errlist=yes, ac_cv_decl_sys_errlist=no)])
+if test $ac_cv_decl_sys_errlist = yes; then
+  AC_DEFINE(SYS_ERRLIST_DECLARED,[],
+	[define if the variable sys_errlist is declared in a system header file])
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_FUNC_DECL( funname, declaration [, extra includes 
+dnl                     [, action-if-found [, action-if-not-found]]] )
+dnl
+dnl Checks if the declaration "declaration" of "funname" conflicts
+dnl with the header files idea of how the function should be
+dnl declared. It is useful on systems which lack prototypes and you
+dnl need to provide your own (e.g. when you want to take the address
+dnl of a function). The 4'th argument is expanded if conflicting, 
+dnl the 5'th argument otherwise
+dnl
+dnl
+
+AC_DEFUN(LM_CHECK_FUNC_DECL,
+[AC_MSG_CHECKING([for conflicting declaration of $1])
+AC_CACHE_VAL(ac_cv_func_decl_$1,
+[AC_TRY_COMPILE([#include <stdio.h>
+$3],[$2
+char *c = (char *)$1;
+], eval "ac_cv_func_decl_$1=no", eval "ac_cv_func_decl_$1=yes")])
+if eval "test \"`echo '$ac_cv_func_decl_'$1`\" = yes"; then
+  AC_MSG_RESULT(yes)
+  ifelse([$4], , :, [$4])
+else
+  AC_MSG_RESULT(no)
+ifelse([$5], , , [$5
+])dnl
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_THR_LIB
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl LM_CHECK_THR_LIB sets THR_LIBS, THR_DEFS, and THR_LIB_NAME. It also
+dnl checks for some pthread headers which will appear in DEFS or config.h.
+dnl
+
+AC_DEFUN(LM_CHECK_THR_LIB,
+[
+
+NEED_NPTL_PTHREAD_H=no
+
+dnl win32?
+AC_MSG_CHECKING([for native win32 threads])
+if test "X$host_os" = "Xwin32"; then
+    AC_MSG_RESULT(yes)
+    THR_DEFS="-DWIN32_THREADS"
+    THR_LIBS=
+    THR_LIB_NAME=win32_threads
+    THR_LIB_TYPE=win32_threads
+else
+    AC_MSG_RESULT(no)
+    THR_DEFS=
+    THR_LIBS=
+    THR_LIB_NAME=
+    THR_LIB_TYPE=posix_unknown
+
+dnl Try to find POSIX threads
+
+dnl The usual pthread lib...
+    AC_CHECK_LIB(pthread, pthread_create, THR_LIBS="-lpthread")
+
+dnl FreeBSD has pthreads in special c library, c_r...
+    if test "x$THR_LIBS" = "x"; then
+	AC_CHECK_LIB(c_r, pthread_create, THR_LIBS="-lc_r")
+    fi
+
+dnl On ofs1 the '-pthread' switch should be used
+    if test "x$THR_LIBS" = "x"; then
+	AC_MSG_CHECKING([if the '-pthread' switch can be used])
+	saved_cflags=$CFLAGS
+	CFLAGS="$CFLAGS -pthread"
+	AC_TRY_LINK([#include <pthread.h>],
+		    pthread_create((void*)0,(void*)0,(void*)0,(void*)0);,
+		    [THR_DEFS="-pthread"
+		     THR_LIBS="-pthread"])
+	CFLAGS=$saved_cflags
+	if test "x$THR_LIBS" != "x"; then
+	    AC_MSG_RESULT(yes)
+	else
+	    AC_MSG_RESULT(no)
+	fi
+    fi
+
+    if test "x$THR_LIBS" != "x"; then
+	THR_DEFS="$THR_DEFS -D_THREAD_SAFE -D_REENTRANT -DPOSIX_THREADS"
+	THR_LIB_NAME=pthread
+	case $host_os in
+	    solaris*)
+		THR_DEFS="$THR_DEFS -D_POSIX_PTHREAD_SEMANTICS" ;;
+	    linux*)
+		THR_DEFS="$THR_DEFS -D_POSIX_THREAD_SAFE_FUNCTIONS"
+
+		LM_CHECK_GETCONF
+		AC_MSG_CHECKING(for Native POSIX Thread Library)
+		libpthr_vsn=`$GETCONF GNU_LIBPTHREAD_VERSION 2>/dev/null`
+		if test $? -eq 0; then
+		    case "$libpthr_vsn" in
+			*nptl*|*NPTL*) nptl=yes;;
+			*) nptl=no;;
+		    esac
+		elif test "$cross_compiling" = "yes"; then
+		    case "$erl_xcomp_linux_nptl" in
+			"") nptl=cross;;
+			yes|no) nptl=$erl_xcomp_linux_nptl;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_nptl value: $erl_xcomp_linux_nptl]);;
+		    esac
+		else
+		    nptl=no
+		fi
+		AC_MSG_RESULT($nptl)
+		if test $nptl = cross; then
+		    nptl=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $nptl = yes; then
+		    THR_LIB_TYPE=posix_nptl
+		    need_nptl_incldir=no
+		    AC_CHECK_HEADER(nptl/pthread.h,
+				    [need_nptl_incldir=yes
+				     NEED_NPTL_PTHREAD_H=yes])
+		    if test $need_nptl_incldir = yes; then
+			# Ahh...
+			nptl_path="$C_INCLUDE_PATH:$CPATH"
+			if test X$cross_compiling != Xyes; then
+			    nptl_path="$nptl_path:/usr/local/include:/usr/include"
+			else
+			    IROOT="$erl_xcomp_isysroot"
+			    test "$IROOT" != "" || IROOT="$erl_xcomp_sysroot"
+			    test "$IROOT" != "" || AC_MSG_ERROR([Don't know where to search for includes! Please set erl_xcomp_isysroot])
+			    nptl_path="$nptl_path:$IROOT/usr/local/include:$IROOT/usr/include"
+			fi
+			nptl_ws_path=
+			save_ifs="$IFS"; IFS=":"
+			for dir in $nptl_path; do
+			    if test "x$dir" != "x"; then
+				nptl_ws_path="$nptl_ws_path $dir"
+			    fi
+			done
+			IFS=$save_ifs
+			nptl_incldir=
+			for dir in $nptl_ws_path; do
+		            AC_CHECK_HEADER($dir/nptl/pthread.h,
+					    nptl_incldir=$dir/nptl)
+			    if test "x$nptl_incldir" != "x"; then
+				THR_DEFS="$THR_DEFS -isystem $nptl_incldir"
+				break
+			    fi
+			done
+			if test "x$nptl_incldir" = "x"; then
+			    AC_MSG_ERROR(Failed to locate nptl system include directory)
+			fi
+		    fi
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need THR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags=$CPPFLAGS
+	CPPFLAGS="$CPPFLAGS $THR_DEFS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h,
+			AC_DEFINE(HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+    fi
+fi
+
+])
+
+AC_DEFUN(ERL_INTERNAL_LIBS,
+[
+
+ERTS_INTERNAL_X_LIBS=
+
+AC_CHECK_LIB(kstat, kstat_open,
+[AC_DEFINE(HAVE_KSTAT, 1, [Define if you have kstat])
+ERTS_INTERNAL_X_LIBS="$ERTS_INTERNAL_X_LIBS -lkstat"])
+
+AC_SUBST(ERTS_INTERNAL_X_LIBS)
+
+])
+
+AC_DEFUN(ETHR_CHK_SYNC_OP,
+[
+    AC_MSG_CHECKING([for $3-bit $1()])
+    case "$2" in
+	"1") sync_call="$1(&var);";;
+	"2") sync_call="$1(&var, ($4) 0);";;
+	"3") sync_call="$1(&var, ($4) 0, ($4) 0);";;
+    esac
+    have_sync_op=no
+    AC_TRY_LINK([],
+	[
+	    $4 res;
+	    volatile $4 var;
+	    res = $sync_call
+	],
+	[have_sync_op=yes])
+    test $have_sync_op = yes && $5
+    AC_MSG_RESULT([$have_sync_op])
+])
+
+AC_DEFUN(ETHR_CHK_INTERLOCKED,
+[
+    ilckd="$1"
+    AC_MSG_CHECKING([for ${ilckd}()])
+    case "$2" in
+	"1") ilckd_call="${ilckd}(var);";;
+	"2") ilckd_call="${ilckd}(var, ($3) 0);";;
+	"3") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0);";;
+	"4") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0, arr);";;
+    esac
+    have_interlocked_op=no
+    AC_TRY_LINK(
+	[
+	#define WIN32_LEAN_AND_MEAN
+	#include <windows.h>
+	#include <intrin.h>
+	],
+	[
+	    volatile $3 *var;
+	    volatile $3 arr[2];
+
+	    $ilckd_call
+	    return 0;
+	],
+	[have_interlocked_op=yes])
+    test $have_interlocked_op = yes && $4
+    AC_MSG_RESULT([$have_interlocked_op])
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_FIND_ETHR_LIB
+dnl
+dnl NOTE! This macro may be changed at any time! Should *only* be used by
+dnl       ERTS!
+dnl
+dnl Find a thread library to use. Sets ETHR_LIBS to libraries to link
+dnl with, ETHR_X_LIBS to extra libraries to link with (same as ETHR_LIBS
+dnl except that the ethread lib itself is not included), ETHR_DEFS to
+dnl defines to compile with, ETHR_THR_LIB_BASE to the name of the
+dnl thread library which the ethread library is based on, and ETHR_LIB_NAME
+dnl to the name of the library where the ethread implementation is located.
+dnl  ERL_FIND_ETHR_LIB currently searches for 'pthreads', and
+dnl 'win32_threads'. If no thread library was found ETHR_LIBS, ETHR_X_LIBS,
+dnl ETHR_DEFS, ETHR_THR_LIB_BASE, and ETHR_LIB_NAME are all set to the
+dnl empty string.
+dnl
+
+AC_DEFUN(ERL_FIND_ETHR_LIB,
+[
+
+LM_CHECK_THR_LIB
+ERL_INTERNAL_LIBS
+
+ethr_have_native_atomics=no
+ethr_have_native_spinlock=no
+ETHR_THR_LIB_BASE="$THR_LIB_NAME"
+ETHR_THR_LIB_BASE_TYPE="$THR_LIB_TYPE"
+ETHR_DEFS="$THR_DEFS"
+ETHR_X_LIBS="$THR_LIBS $ERTS_INTERNAL_X_LIBS"
+ETHR_LIBS=
+ETHR_LIB_NAME=
+
+ethr_modified_default_stack_size=
+
+dnl Name of lib where ethread implementation is located
+ethr_lib_name=ethread
+
+case "$THR_LIB_NAME" in
+
+    win32_threads)
+	ETHR_THR_LIB_BASE_DIR=win
+	# * _WIN32_WINNT >= 0x0400 is needed for
+	#   TryEnterCriticalSection
+	# * _WIN32_WINNT >= 0x0403 is needed for
+	#   InitializeCriticalSectionAndSpinCount
+	# The ethread lib will refuse to build if _WIN32_WINNT < 0x0403.
+	#
+	# -D_WIN32_WINNT should have been defined in $CPPFLAGS; fetch it
+	# and save it in ETHR_DEFS.
+	found_win32_winnt=no
+	for cppflag in $CPPFLAGS; do
+	    case $cppflag in
+		-DWINVER*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    ;;
+		-D_WIN32_WINNT*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    found_win32_winnt=yes
+		    ;;
+		*)
+		    ;;
+	    esac
+        done
+        if test $found_win32_winnt = no; then
+	    AC_MSG_ERROR([-D_WIN32_WINNT missing in CPPFLAGS])
+        fi
+
+	AC_DEFINE(ETHR_WIN32_THREADS, 1, [Define if you have win32 threads])
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT, 1, [Define if you have _InterlockedDecrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement_rel], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT_REL, 1, [Define if you have _InterlockedDecrement_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT, 1, [Define if you have _InterlockedIncrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement_acq], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT_ACQ, 1, [Define if you have _InterlockedIncrement_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD, 1, [Define if you have _InterlockedExchangeAdd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd_acq], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD_ACQ, 1, [Define if you have _InterlockedExchangeAdd_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND, 1, [Define if you have _InterlockedAnd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR, 1, [Define if you have _InterlockedOr()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE, 1, [Define if you have _InterlockedExchange()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE, 1, [Define if you have _InterlockedCompareExchange()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_acq], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_ACQ, 1, [Define if you have _InterlockedCompareExchange_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_rel], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_REL, 1, [Define if you have _InterlockedCompareExchange_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64, 1, [Define if you have _InterlockedDecrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64_rel], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64_REL, 1, [Define if you have _InterlockedDecrement64_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64, 1, [Define if you have _InterlockedIncrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64_acq], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64_ACQ, 1, [Define if you have _InterlockedIncrement64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64, 1, [Define if you have _InterlockedExchangeAdd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64_acq], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64_ACQ, 1, [Define if you have _InterlockedExchangeAdd64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND64, 1, [Define if you have _InterlockedAnd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR64, 1, [Define if you have _InterlockedOr64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE64, 1, [Define if you have _InterlockedExchange64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64, 1, [Define if you have _InterlockedCompareExchange64()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_acq], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_ACQ, 1, [Define if you have _InterlockedCompareExchange64_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_rel], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_REL, 1, [Define if you have _InterlockedCompareExchange64_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange128], [4], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE128, 1, [Define if you have _InterlockedCompareExchange128()]))
+
+	test "$ethr_have_native_atomics" = "yes" && ethr_have_native_spinlock=yes
+	;;
+
+    pthread)
+	ETHR_THR_LIB_BASE_DIR=pthread
+    	AC_DEFINE(ETHR_PTHREADS, 1, [Define if you have pthreads])
+	case $host_os in
+	    openbsd*)
+		# The default stack size is insufficient for our needs
+		# on OpenBSD. We increase it to 256 kilo words.
+		ethr_modified_default_stack_size=256;;
+	    linux*)
+		ETHR_DEFS="$ETHR_DEFS -D_GNU_SOURCE"
+
+		if test	X$cross_compiling = Xyes; then
+		    case X$erl_xcomp_linux_usable_sigusrx in
+			X) usable_sigusrx=cross;;
+			Xyes|Xno) usable_sigusrx=$erl_xcomp_linux_usable_sigusrx;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigusrx value: $erl_xcomp_linux_usable_sigusrx]);;
+		    esac
+		    case X$erl_xcomp_linux_usable_sigaltstack in
+			X) usable_sigaltstack=cross;;
+			Xyes|Xno) usable_sigaltstack=$erl_xcomp_linux_usable_sigaltstack;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigaltstack value: $erl_xcomp_linux_usable_sigaltstack]);;
+		    esac
+		else
+		    # FIXME: Test for actual problems instead of kernel versions
+		    linux_kernel_vsn_=`uname -r`
+		    case $linux_kernel_vsn_ in
+			[[0-1]].*|2.[[0-1]]|2.[[0-1]].*)
+			    usable_sigusrx=no
+			    usable_sigaltstack=no;;
+			2.[[2-3]]|2.[[2-3]].*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=no;;
+		    	*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=yes;;
+		    esac
+		fi
+
+		AC_MSG_CHECKING(if SIGUSR1 and SIGUSR2 can be used)
+		AC_MSG_RESULT($usable_sigusrx)
+		if test $usable_sigusrx = cross; then
+		    usable_sigusrx=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigusrx = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGUSRX"
+		fi
+
+		AC_MSG_CHECKING(if sigaltstack can be used)
+		AC_MSG_RESULT($usable_sigaltstack)
+		if test $usable_sigaltstack = cross; then
+		    usable_sigaltstack=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigaltstack = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGALTSTACK"
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need ETHR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags="$CPPFLAGS"
+	CPPFLAGS="$CPPFLAGS $ETHR_DEFS"
+
+	dnl We need the thread library in order to find some functions
+	saved_libs="$LIBS"
+	LIBS="$LIBS $ETHR_X_LIBS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(ETHR_HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	if test $NEED_NPTL_PTHREAD_H = yes; then
+	    AC_DEFINE(ETHR_NEED_NPTL_PTHREAD_H, 1, \
+[Define if you need the <nptl/pthread.h> header file.])
+	fi
+
+	AC_CHECK_HEADER(sched.h, \
+			AC_DEFINE(ETHR_HAVE_SCHED_H, 1, \
+[Define if you have the <sched.h> header file.]))
+
+	AC_CHECK_HEADER(sys/time.h, \
+			AC_DEFINE(ETHR_HAVE_SYS_TIME_H, 1, \
+[Define if you have the <sys/time.h> header file.]))
+
+	AC_TRY_COMPILE([#include <time.h>
+			#include <sys/time.h>], 
+			[struct timeval *tv; return 0;],
+			AC_DEFINE(ETHR_TIME_WITH_SYS_TIME, 1, \
+[Define if you can safely include both <sys/time.h> and <time.h>.]))
+
+
+	dnl
+	dnl Check for functions
+	dnl
+
+	AC_CHECK_FUNC(pthread_spin_lock, \
+			[ethr_have_native_spinlock=yes \
+			 AC_DEFINE(ETHR_HAVE_PTHREAD_SPIN_LOCK, 1, \
+[Define if you have the pthread_spin_lock function.])])
+
+	have_sched_yield=no
+	have_librt_sched_yield=no
+	AC_CHECK_FUNC(sched_yield, [have_sched_yield=yes])
+	if test $have_sched_yield = no; then
+	    AC_CHECK_LIB(rt, sched_yield,
+			 [have_librt_sched_yield=yes
+			  ETHR_X_LIBS="$ETHR_X_LIBS -lrt"])
+	fi
+	if test $have_sched_yield = yes || test $have_librt_sched_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_SCHED_YIELD, 1, [Define if you have the sched_yield() function.])
+	    AC_MSG_CHECKING([whether sched_yield() returns an int])
+	    sched_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#ifdef ETHR_HAVE_SCHED_H
+				#include <sched.h>
+				#endif
+			   ],
+			   [int sched_yield();],
+			   [sched_yield_ret_int=yes])
+	    AC_MSG_RESULT([$sched_yield_ret_int])
+	    if test $sched_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_SCHED_YIELD_RET_INT, 1, [Define if sched_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_yield=no
+	AC_CHECK_FUNC(pthread_yield, [have_pthread_yield=yes])
+	if test $have_pthread_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_PTHREAD_YIELD, 1, [Define if you have the pthread_yield() function.])
+	    AC_MSG_CHECKING([whether pthread_yield() returns an int])
+	    pthread_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			   ],
+			   [int pthread_yield();],
+			   [pthread_yield_ret_int=yes])
+	    AC_MSG_RESULT([$pthread_yield_ret_int])
+	    if test $pthread_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_PTHREAD_YIELD_RET_INT, 1, [Define if pthread_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_rwlock_init=no
+	AC_CHECK_FUNC(pthread_rwlock_init, [have_pthread_rwlock_init=yes])
+	if test $have_pthread_rwlock_init = yes; then
+
+	    ethr_have_pthread_rwlockattr_setkind_np=no
+	    AC_CHECK_FUNC(pthread_rwlockattr_setkind_np,
+			  [ethr_have_pthread_rwlockattr_setkind_np=yes])
+
+	    if test $ethr_have_pthread_rwlockattr_setkind_np = yes; then
+		AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCKATTR_SETKIND_NP, 1, \
+[Define if you have the pthread_rwlockattr_setkind_np() function.])
+
+		AC_MSG_CHECKING([for PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP])
+		ethr_pthread_rwlock_writer_nonrecursive_initializer_np=no
+		AC_TRY_LINK([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			    ],
+			    [
+				pthread_rwlockattr_t *attr;
+				return pthread_rwlockattr_setkind_np(attr,
+				    PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP);
+			    ],
+			    [ethr_pthread_rwlock_writer_nonrecursive_initializer_np=yes])
+		AC_MSG_RESULT([$ethr_pthread_rwlock_writer_nonrecursive_initializer_np])
+		if test $ethr_pthread_rwlock_writer_nonrecursive_initializer_np = yes; then
+		    AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP, 1, \
+[Define if you have the PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP rwlock attribute.])
+		fi
+	    fi
+	fi
+
+	if test "$force_pthread_rwlocks" = "yes"; then
+
+	    AC_DEFINE(ETHR_FORCE_PTHREAD_RWLOCK, 1, \
+[Define if you want to force usage of pthread rwlocks])
+
+	    if test $have_pthread_rwlock_init = yes; then
+		AC_MSG_WARN([Forced usage of pthread rwlocks. Note that this implementation may suffer from starvation issues.])
+	    else
+		AC_MSG_ERROR([User forced usage of pthread rwlock, but no such implementation was found])
+	    fi
+	fi
+
+	AC_CHECK_FUNC(pthread_attr_setguardsize, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_ATTR_SETGUARDSIZE, 1, \
+[Define if you have the pthread_attr_setguardsize function.]))
+
+	linux_futex=no
+	AC_MSG_CHECKING([for Linux futexes])
+	AC_TRY_LINK([
+			#include <sys/syscall.h>
+			#include <unistd.h>
+			#include <linux/futex.h>
+			#include <sys/time.h>
+		    ],
+		    [
+			int i = 1;
+			syscall(__NR_futex, (void *) &i, FUTEX_WAKE, 1,
+				(void*)0,(void*)0, 0);
+			syscall(__NR_futex, (void *) &i, FUTEX_WAIT, 0,
+				(void*)0,(void*)0, 0);
+			return 0;
+		    ],
+		    linux_futex=yes)
+	AC_MSG_RESULT([$linux_futex])
+	test $linux_futex = yes && AC_DEFINE(ETHR_HAVE_LINUX_FUTEX, 1, [Define if you have a linux futex implementation.])
+
+	AC_CHECK_SIZEOF(int)
+	AC_CHECK_SIZEOF(long)
+	AC_CHECK_SIZEOF(long long)
+	AC_CHECK_SIZEOF(__int128_t)
+
+	if test "$ac_cv_sizeof_int" = "4"; then
+	    int32="int"
+	elif test "$ac_cv_sizeof_long" = "4"; then
+	    int32="long"
+	elif test "$ac_cv_sizeof_long_long" = "4"; then
+	    int32="long long"
+	else
+	    AC_MSG_ERROR([No 32-bit type found])
+	fi
+
+	if test "$ac_cv_sizeof_int" = "8"; then
+	    int64="int"
+	elif test "$ac_cv_sizeof_long" = "8"; then
+	    int64="long"
+	elif test "$ac_cv_sizeof_long_long" = "8"; then
+	    int64="long long"
+	else
+	    AC_MSG_ERROR([No 64-bit type found])
+	fi
+
+	int128=no
+	if test "$ac_cv_sizeof___int128_t" = "16"; then
+	    int128="__int128_t"
+	fi
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP32, 1, [Define if you have __sync_val_compare_and_swap() for 32-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH32, 1, [Define if you have __sync_add_and_fetch() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND32, 1, [Define if you have __sync_fetch_and_and() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR32, 1, [Define if you have __sync_fetch_and_or() for 32-bit integers]))
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP64, 1, [Define if you have __sync_val_compare_and_swap() for 64-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH64, 1, [Define if you have __sync_add_and_fetch() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND64, 1, [Define if you have __sync_fetch_and_and() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR64, 1, [Define if you have __sync_fetch_and_or() for 64-bit integers]))
+
+	if test $int128 != no; then
+	    ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [128], [$int128], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP128, 1, [Define if you have __sync_val_compare_and_swap() for 128-bit integers]))
+	fi
+
+	AC_MSG_CHECKING([for a usable libatomic_ops implementation])
+	case "x$with_libatomic_ops" in
+	    xno | xyes | x)
+		libatomic_ops_include=
+		;;
+	    *)
+		if test -d "${with_libatomic_ops}/include"; then
+		    libatomic_ops_include="-I$with_libatomic_ops/include"
+		    CPPFLAGS="$CPPFLAGS $libatomic_ops_include"
+		else
+		    AC_MSG_ERROR([libatomic_ops include directory $with_libatomic_ops/include not found])
+		fi;;
+	esac
+	ethr_have_libatomic_ops=no
+	AC_TRY_LINK([#include "atomic_ops.h"],
+		    [
+			volatile AO_t x;
+			AO_t y;
+			int z;
+
+			AO_nop_full();
+			AO_store(&x, (AO_t) 0);
+			z = AO_load(&x);
+			z = AO_compare_and_swap_full(&x, (AO_t) 0, (AO_t) 1);
+		    ],
+		    [ethr_have_native_atomics=yes
+		     ethr_have_libatomic_ops=yes])
+	AC_MSG_RESULT([$ethr_have_libatomic_ops])
+	if test $ethr_have_libatomic_ops = yes; then
+	    AC_CHECK_SIZEOF(AO_t, ,
+			    [
+				#include <stdio.h>
+				#include "atomic_ops.h"
+			    ])
+	    AC_DEFINE_UNQUOTED(ETHR_SIZEOF_AO_T, $ac_cv_sizeof_AO_t, [Define to the size of AO_t if libatomic_ops is used])
+
+	    AC_DEFINE(ETHR_HAVE_LIBATOMIC_OPS, 1, [Define if you have libatomic_ops atomic operations])
+	    if test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+		AC_DEFINE(ETHR_PREFER_LIBATOMIC_OPS_NATIVE_IMPLS, 1, [Define if you prefer libatomic_ops native ethread implementations])
+	    fi
+	    ETHR_DEFS="$ETHR_DEFS $libatomic_ops_include"
+	elif test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+	    AC_MSG_ERROR([No usable libatomic_ops implementation found])
+	fi
+
+	case "$host_cpu" in
+	  sparc | sun4u | sparc64 | sun4v)
+		case "$with_sparc_memory_order" in
+		    "TSO")
+			AC_DEFINE(ETHR_SPARC_TSO, 1, [Define if only run in Sparc TSO mode]);;
+		    "PSO")
+			AC_DEFINE(ETHR_SPARC_PSO, 1, [Define if only run in Sparc PSO, or TSO mode]);;
+		    "RMO"|"")
+			AC_DEFINE(ETHR_SPARC_RMO, 1, [Define if run in Sparc RMO, PSO, or TSO mode]);;
+		    *)
+			AC_MSG_ERROR([Unsupported Sparc memory order: $with_sparc_memory_order]);;
+		esac
+		ethr_have_native_atomics=yes;; 
+	  i86pc | i*86 | x86_64 | amd64)
+		if test "$enable_x86_out_of_order" = "yes"; then
+			AC_DEFINE(ETHR_X86_OUT_OF_ORDER, 1, [Define if x86/x86_64 out of order instructions should be synchronized])
+		fi
+		ethr_have_native_atomics=yes;;
+	  macppc | ppc | "Power Macintosh")
+		ethr_have_native_atomics=yes;;
+	  tile)
+		ethr_have_native_atomics=yes;;
+	  *)
+		;;
+	esac
+
+	test ethr_have_native_atomics = "yes" && ethr_have_native_spinlock=yes
+
+	dnl Restore LIBS
+	LIBS=$saved_libs
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+	;;
+    *)
+	;;
+esac
+
+AC_MSG_CHECKING([whether default stack size should be modified])
+if test "x$ethr_modified_default_stack_size" != "x"; then
+	AC_DEFINE_UNQUOTED(ETHR_MODIFIED_DEFAULT_STACK_SIZE, $ethr_modified_default_stack_size, [Define if you want to modify the default stack size])
+	AC_MSG_RESULT([yes; to $ethr_modified_default_stack_size kilo words])
+else
+	AC_MSG_RESULT([no])
+fi
+
+if test "x$ETHR_THR_LIB_BASE" != "x"; then
+	ETHR_DEFS="-DUSE_THREADS $ETHR_DEFS"
+	ETHR_LIBS="-l$ethr_lib_name -lerts_internal_r $ETHR_X_LIBS"
+	ETHR_LIB_NAME=$ethr_lib_name
+fi
+
+AC_CHECK_SIZEOF(void *)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_PTR, $ac_cv_sizeof_void_p, [Define to the size of pointers])
+
+AC_CHECK_SIZEOF(int)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_INT, $ac_cv_sizeof_int, [Define to the size of int])
+AC_CHECK_SIZEOF(long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG, $ac_cv_sizeof_long, [Define to the size of long])
+AC_CHECK_SIZEOF(long long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG_LONG, $ac_cv_sizeof_long_long, [Define to the size of long long])
+AC_CHECK_SIZEOF(__int64)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT64, $ac_cv_sizeof___int64, [Define to the size of __int64])
+AC_CHECK_SIZEOF(__int128_t)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT128_T, $ac_cv_sizeof___int128_t, [Define to the size of __int128_t])
+
+
+case X$erl_xcomp_bigendian in
+    X) ;;
+    Xyes|Xno) ac_cv_c_bigendian=$erl_xcomp_bigendian;;
+    *) AC_MSG_ERROR([Bad erl_xcomp_bigendian value: $erl_xcomp_bigendian]);;
+esac
+
+AC_C_BIGENDIAN
+
+if test "$ac_cv_c_bigendian" = "yes"; then
+    AC_DEFINE(ETHR_BIGENDIAN, 1, [Define if bigendian])
+fi
+
+AC_ARG_ENABLE(native-ethr-impls,
+	      AS_HELP_STRING([--disable-native-ethr-impls],
+                             [disable native ethread implementations]),
+[ case "$enableval" in
+    no) disable_native_ethr_impls=yes ;;
+    *)  disable_native_ethr_impls=no ;;
+  esac ], disable_native_ethr_impls=no)
+
+AC_ARG_ENABLE(x86-out-of-order,
+	      AS_HELP_STRING([--enable-x86-out-of-order],
+                             [enable x86/x84_64 out of order support (default disabled)]))
+
+test "X$disable_native_ethr_impls" = "Xyes" &&
+  AC_DEFINE(ETHR_DISABLE_NATIVE_IMPLS, 1, [Define if you want to disable native ethread implementations])
+
+AC_ARG_ENABLE(prefer-gcc-native-ethr-impls,
+	      AS_HELP_STRING([--enable-prefer-gcc-native-ethr-impls],
+			     [prefer gcc native ethread implementations]),
+[ case "$enableval" in
+    yes) enable_prefer_gcc_native_ethr_impls=yes ;;
+    *)  enable_prefer_gcc_native_ethr_impls=no ;;
+  esac ], enable_prefer_gcc_native_ethr_impls=no)
+
+test $enable_prefer_gcc_native_ethr_impls = yes &&
+  AC_DEFINE(ETHR_PREFER_GCC_NATIVE_IMPLS, 1, [Define if you prefer gcc native ethread implementations])
+
+AC_ARG_WITH(libatomic_ops,
+	    AS_HELP_STRING([--with-libatomic_ops=PATH],
+			   [specify and prefer usage of libatomic_ops in the ethread library]))
+
+AC_ARG_WITH(with_sparc_memory_order,
+	    AS_HELP_STRING([--with-sparc-memory-order=TSO|PSO|RMO],
+			   [specify sparc memory order (defaults to RMO)]))
+
+ETHR_X86_SSE2_ASM=no
+case "$GCC-$ac_cv_sizeof_void_p-$host_cpu" in
+  yes-4-i86pc | yes-4-i*86 | yes-4-x86_64 | yes-4-amd64)
+    AC_MSG_CHECKING([for gcc sse2 asm support])
+    save_CFLAGS="$CFLAGS"
+    CFLAGS="$CFLAGS -msse2"
+    gcc_sse2_asm=no
+    AC_TRY_COMPILE([],
+	[
+		long long x, *y;
+		__asm__ __volatile__("movq %1, %0\n\t" : "=x"(x) : "m"(*y) : "memory");
+	],
+	[gcc_sse2_asm=yes])
+    CFLAGS="$save_CFLAGS"
+    AC_MSG_RESULT([$gcc_sse2_asm])
+    if test "$gcc_sse2_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_SSE2_ASM_SUPPORT, 1, [Define if you use a gcc that supports -msse2 and understand sse2 specific asm statements])
+      ETHR_X86_SSE2_ASM=yes
+    fi
+    ;;
+  *)
+    ;;
+esac
+
+case "$GCC-$host_cpu" in
+  yes-i86pc | yes-i*86 | yes-x86_64 | yes-amd64)
+    gcc_dw_cmpxchg_asm=no
+    AC_MSG_CHECKING([for gcc double word cmpxchg asm support])    
+    AC_TRY_COMPILE([],
+	[
+    char xchgd;
+    long new[2], xchg[2], *p;		  
+    __asm__ __volatile__(
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"pushl %%ebx\n\t"
+	"movl %8, %%ebx\n\t"
+#endif
+#if ETHR_SIZEOF_PTR == 4
+	"lock; cmpxchg8b %0\n\t"
+#else
+	"lock; cmpxchg16b %0\n\t"
+#endif
+	"setz %3\n\t"
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"popl %%ebx\n\t"
+#endif
+	: "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	: "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new[1]),
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	  "r"(new[0])
+#else
+	  "b"(new[0])
+#endif
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+    if test $gcc_dw_cmpxchg_asm = no && test $ac_cv_sizeof_void_p = 4; then
+      AC_TRY_COMPILE([],
+	  [
+      char xchgd;
+      long new[2], xchg[2], *p;
+#if !defined(__PIC__) || !__PIC__
+#  error nope
+#endif
+      __asm__ __volatile__(
+    	  "pushl %%ebx\n\t"
+	  "movl (%7), %%ebx\n\t"
+	  "movl 4(%7), %%ecx\n\t"
+	  "lock; cmpxchg8b %0\n\t"
+  	  "setz %3\n\t"
+	  "popl %%ebx\n\t"
+	  : "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	  : "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new)
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+      if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+        AC_DEFINE(ETHR_CMPXCHG8B_REGISTER_SHORTAGE, 1, [Define if you get a register shortage with cmpxchg8b and position independent code])
+      fi
+    fi
+    AC_MSG_RESULT([$gcc_dw_cmpxchg_asm])
+    if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_DW_CMPXCHG_ASM_SUPPORT, 1, [Define if you use a gcc that supports the double word cmpxchg instruction])
+    fi;;
+  *)
+    ;;
+esac
+
+AC_DEFINE(ETHR_HAVE_ETHREAD_DEFINES, 1, \
+[Define if you have all ethread defines])
+
+AC_SUBST(ETHR_X_LIBS)
+AC_SUBST(ETHR_LIBS)
+AC_SUBST(ETHR_LIB_NAME)
+AC_SUBST(ETHR_DEFS)
+AC_SUBST(ETHR_THR_LIB_BASE)
+AC_SUBST(ETHR_THR_LIB_BASE_DIR)
+AC_SUBST(ETHR_X86_SSE2_ASM)
+
+])
+
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_TIME_CORRECTION
+dnl
+dnl In the presence of a high resolution realtime timer Erlang can adapt
+dnl its view of time relative to this timer. On solaris such a timer is
+dnl available with the syscall gethrtime(). On other OS's a fallback
+dnl solution using times() is implemented. (However on e.g. FreeBSD times()
+dnl is implemented using gettimeofday so it doesn't make much sense to
+dnl use it there...) On second thought, it seems to be safer to do it the
+dnl other way around. I.e. only use times() on OS's where we know it will
+dnl work...
+dnl
+
+AC_DEFUN(ERL_TIME_CORRECTION,
+[if test x$ac_cv_func_gethrtime = x; then
+  AC_CHECK_FUNC(gethrtime)
+fi
+if test x$clock_gettime_correction = xunknown; then
+	AC_TRY_COMPILE([#include <time.h>],
+			[struct timespec ts;
+     			 long long result;
+			 clock_gettime(CLOCK_MONOTONIC,&ts);
+                         result = ((long long) ts.tv_sec) * 1000000000LL + 
+			 ((long long) ts.tv_nsec);],
+			clock_gettime_compiles=yes,
+			clock_gettime_compiles=no)
+else
+	clock_gettime_compiles=no
+fi
+			
+
+AC_CACHE_CHECK([how to correct for time adjustments], erl_cv_time_correction,
+[
+case $clock_gettime_correction in
+    yes)
+	erl_cv_time_correction=clock_gettime;;	
+    no|unknown)
+	case $ac_cv_func_gethrtime in
+  	    yes)
+    		erl_cv_time_correction=hrtime ;;
+  	    no)
+    		case $host_os in
+        	    linux*)
+			case $clock_gettime_correction in
+			    unknown)
+				if test x$clock_gettime_compiles = xyes; then
+				    if test X$cross_compiling != Xyes; then
+				    	linux_kernel_vsn_=`uname -r`
+				    	case $linux_kernel_vsn_ in
+					    [[0-1]].*|2.[[0-5]]|2.[[0-5]].*)
+					    	erl_cv_time_correction=times ;;
+					    *)
+					    	erl_cv_time_correction=clock_gettime;;
+				    	esac
+				    else
+					case X$erl_xcomp_linux_clock_gettime_correction in
+					    X)
+						erl_cv_time_correction=cross;;
+					    Xyes|Xno)
+						if test $erl_xcomp_linux_clock_gettime_correction = yes; then
+						    erl_cv_time_correction=clock_gettime
+						else
+					    	    erl_cv_time_correction=times
+						fi;;
+					    *)
+						AC_MSG_ERROR([Bad erl_xcomp_linux_clock_gettime_correction value: $erl_xcomp_linux_clock_gettime_correction]);;
+					esac
+				    fi
+				else
+				    erl_cv_time_correction=times
+				fi
+				;;
+			     *)				
+        			erl_cv_time_correction=times ;;
+			esac
+			;;
+            	    *)
+        		erl_cv_time_correction=none ;;
+    		esac
+    		;;
+	esac
+	;;
+esac
+])
+
+xrtlib=""
+case $erl_cv_time_correction in
+  times)
+    AC_DEFINE(CORRECT_USING_TIMES,[],
+	[Define if you do not have a high-res. timer & want to use times() instead])
+    ;;
+  clock_gettime|cross)
+    if test $erl_cv_time_correction = cross; then
+	erl_cv_time_correction=clock_gettime
+	AC_MSG_WARN([result clock_gettime guessed because of cross compilation])
+    fi
+    xrtlib="-lrt"
+    AC_DEFINE(GETHRTIME_WITH_CLOCK_GETTIME,[1],
+	[Define if you want to use clock_gettime to simulate gethrtime])
+    ;;
+esac
+dnl
+dnl Check if gethrvtime is working, and if to use procfs ioctl
+dnl or (yet to be written) write to the procfs ctl file.
+dnl
+
+AC_MSG_CHECKING([if gethrvtime works and how to use it])
+AC_TRY_RUN([
+/* gethrvtime procfs ioctl test */
+/* These need to be undef:ed to not break activation of
+ * micro level process accounting on /proc/self 
+ */
+#ifdef _LARGEFILE_SOURCE
+#  undef _LARGEFILE_SOURCE
+#endif
+#ifdef _FILE_OFFSET_BITS
+#  undef _FILE_OFFSET_BITS
+#endif
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/signal.h>
+#include <sys/fault.h>
+#include <sys/syscall.h>
+#include <sys/procfs.h>
+#include <fcntl.h>
+
+int main() {
+    long msacct = PR_MSACCT;
+    int fd;
+    long long start, stop;
+    int i;
+    pid_t pid = getpid();
+    char proc_self[30] = "/proc/";
+
+    sprintf(proc_self+strlen(proc_self), "%lu", (unsigned long) pid);
+    if ( (fd = open(proc_self, O_WRONLY)) == -1)
+	exit(1);
+    if (ioctl(fd, PIOCSET, &msacct) < 0)
+	exit(2);
+    if (close(fd) < 0)
+	exit(3);
+    start = gethrvtime();
+    for (i = 0; i < 100; i++)
+	stop = gethrvtime();
+    if (start == 0)
+	exit(4);
+    if (start == stop)
+	exit(5);
+    exit(0); return 0;
+}
+],
+erl_gethrvtime=procfs_ioctl,
+erl_gethrvtime=false,
+[
+case X$erl_xcomp_gethrvtime_procfs_ioctl in
+    X)
+	erl_gethrvtime=cross;;
+    Xyes|Xno)
+	if test $erl_xcomp_gethrvtime_procfs_ioctl = yes; then
+	    erl_gethrvtime=procfs_ioctl
+	else
+	    erl_gethrvtime=false
+	fi;;
+    *)
+	AC_MSG_ERROR([Bad erl_xcomp_gethrvtime_procfs_ioctl value: $erl_xcomp_gethrvtime_procfs_ioctl]);;
+esac
+])
+
+case $erl_gethrvtime in
+  procfs_ioctl)
+	AC_DEFINE(HAVE_GETHRVTIME_PROCFS_IOCTL,[1],
+		[define if gethrvtime() works and uses ioctl() to /proc/self])
+	AC_MSG_RESULT(uses ioctl to procfs)
+	;;
+  *)
+	if test $erl_gethrvtime = cross; then
+	    erl_gethrvtime=false
+	    AC_MSG_RESULT(cross)
+	    AC_MSG_WARN([result 'not working' guessed because of cross compilation])
+	else
+	    AC_MSG_RESULT(not working)
+	fi
+
+	dnl
+	dnl Check if clock_gettime (linux) is working
+	dnl
+
+	AC_MSG_CHECKING([if clock_gettime can be used to get process CPU time])
+	save_libs=$LIBS
+	LIBS="-lrt"
+	AC_TRY_RUN([
+	#include <stdlib.h>
+	#include <unistd.h>
+	#include <string.h>
+	#include <stdio.h>
+	#include <time.h>
+	int main() {
+	    long long start, stop;
+	    int i;
+	    struct timespec tp;
+
+	    if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp) < 0)
+	      exit(1);
+	    start = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    for (i = 0; i < 100; i++)
+	      clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp);
+	    stop = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    if (start == 0)
+	      exit(4);
+	    if (start == stop)
+	      exit(5);
+	    exit(0); return 0;
+	  }
+	],
+	erl_clock_gettime=yes,
+	erl_clock_gettime=no,
+	[
+	case X$erl_xcomp_clock_gettime_cpu_time in
+	    X) erl_clock_gettime=cross;;
+	    Xyes|Xno) erl_clock_gettime=$erl_xcomp_clock_gettime_cpu_time;;
+	    *) AC_MSG_ERROR([Bad erl_xcomp_clock_gettime_cpu_time value: $erl_xcomp_clock_gettime_cpu_time]);;
+	esac
+	])
+	LIBS=$save_libs
+	case $host_os in
+		linux*)
+			AC_MSG_RESULT([no; not stable])
+			LIBRT=$xrtlib
+			;;
+		*)
+			AC_MSG_RESULT($erl_clock_gettime)
+			case $erl_clock_gettime in
+	  			yes)
+					AC_DEFINE(HAVE_CLOCK_GETTIME,[],
+						  [define if clock_gettime() works for getting process time])
+					LIBRT=-lrt
+					;;
+	  			cross)
+					erl_clock_gettime=no
+					AC_MSG_WARN([result no guessed because of cross compilation])
+					LIBRT=$xrtlib
+					;;
+	  			*)
+					LIBRT=$xrtlib
+					;;
+			esac
+			;;
+	esac
+	AC_SUBST(LIBRT)
+	;;
+esac
+])dnl
+
+dnl ERL_TRY_LINK_JAVA(CLASSES, FUNCTION-BODY
+dnl                   [ACTION_IF_FOUND [, ACTION-IF-NOT-FOUND]])
+dnl Freely inspired by AC_TRY_LINK. (Maybe better to create a 
+dnl AC_LANG_JAVA instead...)
+AC_DEFUN(ERL_TRY_LINK_JAVA,
+[java_link='$JAVAC conftest.java 1>&AC_FD_CC'
+changequote(, )dnl
+cat > conftest.java <<EOF
+$1
+class conftest { public static void main(String[] args) {
+   $2
+   ; return; }}
+EOF
+changequote([, ])dnl
+if AC_TRY_EVAL(java_link) && test -s conftest.class; then
+   ifelse([$3], , :, [rm -rf conftest*
+   $3])
+else
+   echo "configure: failed program was:" 1>&AC_FD_CC
+   cat conftest.java 1>&AC_FD_CC
+   echo "configure: PATH was $PATH" 1>&AC_FD_CC
+ifelse([$4], , , [  rm -rf conftest*
+  $4
+])dnl
+fi
+rm -f conftest*])
+#define UNSAFE_MASK  0xc0000000 /* Mask for bits that must be constant */
+
+
diff --git a/bootstrap/bin/start.boot b/bootstrap/bin/start.boot
index 76fdce52f9..bdaf605488 100644
--- a/bootstrap/bin/start.boot
+++ b/bootstrap/bin/start.boot
diff --git a/bootstrap/bin/start_clean.boot b/bootstrap/bin/start_clean.boot
index 76fdce52f9..bdaf605488 100644
--- a/bootstrap/bin/start_clean.boot
+++ b/bootstrap/bin/start_clean.boot
diff --git a/bootstrap/lib/compiler/ebin/beam_asm.beam b/bootstrap/lib/compiler/ebin/beam_asm.beam
index 103ed82529..4da4c26d92 100644
--- a/bootstrap/lib/compiler/ebin/beam_asm.beam
+++ b/bootstrap/lib/compiler/ebin/beam_asm.beam
diff --git a/bootstrap/lib/compiler/ebin/beam_block.beam b/bootstrap/lib/compiler/ebin/beam_block.beam
index a5699221fe..a7bb91adbb 100644
--- a/bootstrap/lib/compiler/ebin/beam_block.beam
+++ b/bootstrap/lib/compiler/ebin/beam_block.beam
diff --git a/bootstrap/lib/compiler/ebin/beam_bool.beam b/bootstrap/lib/compiler/ebin/beam_bool.beam
index d8f91ec36d..252257b71d 100644
--- a/bootstrap/lib/compiler/ebin/beam_bool.beam
+++ b/bootstrap/lib/compiler/ebin/beam_bool.beam
diff --git a/bootstrap/lib/compiler/ebin/beam_bsm.beam b/bootstrap/lib/compiler/ebin/beam_bsm.beam
index 02f82a9341..0c998c8e8c 100644
--- a/bootstrap/lib/compiler/ebin/beam_bsm.beam
+++ b/bootstrap/lib/compiler/ebin/beam_bsm.beam
diff --git a/bootstrap/lib/compiler/ebin/beam_dead.beam b/bootstrap/lib/compiler/ebin/beam_dead.beam
index b177adb455..17cced3c1a 100644
--- a/bootstrap/lib/compiler/ebin/beam_dead.beam
+++ b/bootstrap/lib/compiler/ebin/beam_dead.beam
diff --git a/bootstrap/lib/compiler/ebin/beam_disasm.beam b/bootstrap/lib/compiler/ebin/beam_disasm.beam
index 377c738709..f90b5c9ae7 100644
--- a/bootstrap/lib/compiler/ebin/beam_disasm.beam
+++ b/bootstrap/lib/compiler/ebin/beam_disasm.beam
diff --git a/bootstrap/lib/compiler/ebin/beam_except.beam b/bootstrap/lib/compiler/ebin/beam_except.beam
new file mode 100644
index 0000000000..5bd28a35d9
--- /dev/null
+++ b/bootstrap/lib/compiler/ebin/beam_except.beam
diff --git a/bootstrap/lib/compiler/ebin/beam_jump.beam b/bootstrap/lib/compiler/ebin/beam_jump.beam
index f45b8d3124..4811360890 100644
--- a/bootstrap/lib/compiler/ebin/beam_jump.beam
+++ b/bootstrap/lib/compiler/ebin/beam_jump.beam
diff --git a/bootstrap/lib/compiler/ebin/beam_receive.beam b/bootstrap/lib/compiler/ebin/beam_receive.beam
index ae873a1082..43f41f6535 100644
--- a/bootstrap/lib/compiler/ebin/beam_receive.beam
+++ b/bootstrap/lib/compiler/ebin/beam_receive.beam
diff --git a/bootstrap/lib/compiler/ebin/beam_split.beam b/bootstrap/lib/compiler/ebin/beam_split.beam
new file mode 100644
index 0000000000..296e6c4671
--- /dev/null
+++ b/bootstrap/lib/compiler/ebin/beam_split.beam
diff --git a/bootstrap/lib/compiler/ebin/beam_trim.beam b/bootstrap/lib/compiler/ebin/beam_trim.beam
index b1275f787a..86f5d027f4 100644
--- a/bootstrap/lib/compiler/ebin/beam_trim.beam
+++ b/bootstrap/lib/compiler/ebin/beam_trim.beam
diff --git a/bootstrap/lib/compiler/ebin/beam_type.beam b/bootstrap/lib/compiler/ebin/beam_type.beam
index 6689135457..116da39f89 100644
--- a/bootstrap/lib/compiler/ebin/beam_type.beam
+++ b/bootstrap/lib/compiler/ebin/beam_type.beam
diff --git a/bootstrap/lib/compiler/ebin/beam_utils.beam b/bootstrap/lib/compiler/ebin/beam_utils.beam
index b80810bfb2..9c6ad019f9 100644
--- a/bootstrap/lib/compiler/ebin/beam_utils.beam
+++ b/bootstrap/lib/compiler/ebin/beam_utils.beam
diff --git a/bootstrap/lib/compiler/ebin/beam_validator.beam b/bootstrap/lib/compiler/ebin/beam_validator.beam
index 211c56424e..52643de79a 100644
--- a/bootstrap/lib/compiler/ebin/beam_validator.beam
+++ b/bootstrap/lib/compiler/ebin/beam_validator.beam
diff --git a/bootstrap/lib/compiler/ebin/cerl.beam b/bootstrap/lib/compiler/ebin/cerl.beam
index 399aeb6442..dcebe13bc8 100644
--- a/bootstrap/lib/compiler/ebin/cerl.beam
+++ b/bootstrap/lib/compiler/ebin/cerl.beam
diff --git a/bootstrap/lib/compiler/ebin/cerl_clauses.beam b/bootstrap/lib/compiler/ebin/cerl_clauses.beam
index e4db75d0e0..97e96c47bd 100644
--- a/bootstrap/lib/compiler/ebin/cerl_clauses.beam
+++ b/bootstrap/lib/compiler/ebin/cerl_clauses.beam
diff --git a/bootstrap/lib/compiler/ebin/cerl_inline.beam b/bootstrap/lib/compiler/ebin/cerl_inline.beam
index 582604e3cc..eed98ecd2c 100644
--- a/bootstrap/lib/compiler/ebin/cerl_inline.beam
+++ b/bootstrap/lib/compiler/ebin/cerl_inline.beam
diff --git a/bootstrap/lib/compiler/ebin/cerl_trees.beam b/bootstrap/lib/compiler/ebin/cerl_trees.beam
index 673954eaac..df3f351c8d 100644
--- a/bootstrap/lib/compiler/ebin/cerl_trees.beam
+++ b/bootstrap/lib/compiler/ebin/cerl_trees.beam
diff --git a/bootstrap/lib/compiler/ebin/compile.beam b/bootstrap/lib/compiler/ebin/compile.beam
index bead5a1399..e2bd3c4ce0 100644
--- a/bootstrap/lib/compiler/ebin/compile.beam
+++ b/bootstrap/lib/compiler/ebin/compile.beam
diff --git a/bootstrap/lib/compiler/ebin/core_lib.beam b/bootstrap/lib/compiler/ebin/core_lib.beam
index ddb5278d00..1a60454b42 100644
--- a/bootstrap/lib/compiler/ebin/core_lib.beam
+++ b/bootstrap/lib/compiler/ebin/core_lib.beam
diff --git a/bootstrap/lib/compiler/ebin/core_lint.beam b/bootstrap/lib/compiler/ebin/core_lint.beam
index 225fa95aea..08fef1eb71 100644
--- a/bootstrap/lib/compiler/ebin/core_lint.beam
+++ b/bootstrap/lib/compiler/ebin/core_lint.beam
diff --git a/bootstrap/lib/compiler/ebin/core_parse.beam b/bootstrap/lib/compiler/ebin/core_parse.beam
index 11926c4a16..4f555d8036 100644
--- a/bootstrap/lib/compiler/ebin/core_parse.beam
+++ b/bootstrap/lib/compiler/ebin/core_parse.beam
diff --git a/bootstrap/lib/compiler/ebin/core_pp.beam b/bootstrap/lib/compiler/ebin/core_pp.beam
index f1841d810b..ef3504058a 100644
--- a/bootstrap/lib/compiler/ebin/core_pp.beam
+++ b/bootstrap/lib/compiler/ebin/core_pp.beam
diff --git a/bootstrap/lib/compiler/ebin/core_scan.beam b/bootstrap/lib/compiler/ebin/core_scan.beam
index e0e4859095..245e59483d 100644
--- a/bootstrap/lib/compiler/ebin/core_scan.beam
+++ b/bootstrap/lib/compiler/ebin/core_scan.beam
diff --git a/bootstrap/lib/compiler/ebin/erl_bifs.beam b/bootstrap/lib/compiler/ebin/erl_bifs.beam
index b411e06c08..9234a54428 100644
--- a/bootstrap/lib/compiler/ebin/erl_bifs.beam
+++ b/bootstrap/lib/compiler/ebin/erl_bifs.beam
diff --git a/bootstrap/lib/compiler/ebin/sys_core_fold.beam b/bootstrap/lib/compiler/ebin/sys_core_fold.beam
index b07afc0938..046a358910 100644
--- a/bootstrap/lib/compiler/ebin/sys_core_fold.beam
+++ b/bootstrap/lib/compiler/ebin/sys_core_fold.beam
diff --git a/bootstrap/lib/compiler/ebin/sys_core_inline.beam b/bootstrap/lib/compiler/ebin/sys_core_inline.beam
index 5b9e9d7c3e..907c9d53a5 100644
--- a/bootstrap/lib/compiler/ebin/sys_core_inline.beam
+++ b/bootstrap/lib/compiler/ebin/sys_core_inline.beam
diff --git a/bootstrap/lib/compiler/ebin/sys_expand_pmod.beam b/bootstrap/lib/compiler/ebin/sys_expand_pmod.beam
index 5142cdde01..1649b9f2ff 100644
--- a/bootstrap/lib/compiler/ebin/sys_expand_pmod.beam
+++ b/bootstrap/lib/compiler/ebin/sys_expand_pmod.beam
diff --git a/bootstrap/lib/compiler/ebin/sys_pre_attributes.beam b/bootstrap/lib/compiler/ebin/sys_pre_attributes.beam
index 4b3e984ed4..a7ca15a033 100644
--- a/bootstrap/lib/compiler/ebin/sys_pre_attributes.beam
+++ b/bootstrap/lib/compiler/ebin/sys_pre_attributes.beam
diff --git a/bootstrap/lib/compiler/ebin/sys_pre_expand.beam b/bootstrap/lib/compiler/ebin/sys_pre_expand.beam
index 12664c7270..d716583b97 100644
--- a/bootstrap/lib/compiler/ebin/sys_pre_expand.beam
+++ b/bootstrap/lib/compiler/ebin/sys_pre_expand.beam
diff --git a/bootstrap/lib/compiler/ebin/v3_codegen.beam b/bootstrap/lib/compiler/ebin/v3_codegen.beam
index 3a8d68a611..a053c54295 100644
--- a/bootstrap/lib/compiler/ebin/v3_codegen.beam
+++ b/bootstrap/lib/compiler/ebin/v3_codegen.beam
diff --git a/bootstrap/lib/compiler/ebin/v3_core.beam b/bootstrap/lib/compiler/ebin/v3_core.beam
index ff7144c2bc..ba92ff6fb0 100644
--- a/bootstrap/lib/compiler/ebin/v3_core.beam
+++ b/bootstrap/lib/compiler/ebin/v3_core.beam
diff --git a/bootstrap/lib/compiler/ebin/v3_kernel.beam b/bootstrap/lib/compiler/ebin/v3_kernel.beam
index 48b89b374b..0c2e54032a 100644
--- a/bootstrap/lib/compiler/ebin/v3_kernel.beam
+++ b/bootstrap/lib/compiler/ebin/v3_kernel.beam
diff --git a/bootstrap/lib/compiler/ebin/v3_life.beam b/bootstrap/lib/compiler/ebin/v3_life.beam
index b7996884f4..ec8fcda8ee 100644
--- a/bootstrap/lib/compiler/ebin/v3_life.beam
+++ b/bootstrap/lib/compiler/ebin/v3_life.beam
diff --git a/bootstrap/lib/kernel/ebin/application.beam b/bootstrap/lib/kernel/ebin/application.beam
index 5bdfcefb87..4485b9e1e8 100644
--- a/bootstrap/lib/kernel/ebin/application.beam
+++ b/bootstrap/lib/kernel/ebin/application.beam
diff --git a/bootstrap/lib/kernel/ebin/application_controller.beam b/bootstrap/lib/kernel/ebin/application_controller.beam
index 38614f1285..9c94dbd5c7 100644
--- a/bootstrap/lib/kernel/ebin/application_controller.beam
+++ b/bootstrap/lib/kernel/ebin/application_controller.beam
diff --git a/bootstrap/lib/kernel/ebin/code.beam b/bootstrap/lib/kernel/ebin/code.beam
index 3d2bf91b93..31ccb7367d 100644
--- a/bootstrap/lib/kernel/ebin/code.beam
+++ b/bootstrap/lib/kernel/ebin/code.beam
diff --git a/bootstrap/lib/kernel/ebin/code_server.beam b/bootstrap/lib/kernel/ebin/code_server.beam
index 567dcf93df..adc53aa5f3 100644
--- a/bootstrap/lib/kernel/ebin/code_server.beam
+++ b/bootstrap/lib/kernel/ebin/code_server.beam
diff --git a/bootstrap/lib/kernel/ebin/disk_log.beam b/bootstrap/lib/kernel/ebin/disk_log.beam
index cd01c579bf..8dbe895823 100644
--- a/bootstrap/lib/kernel/ebin/disk_log.beam
+++ b/bootstrap/lib/kernel/ebin/disk_log.beam
diff --git a/bootstrap/lib/kernel/ebin/disk_log_1.beam b/bootstrap/lib/kernel/ebin/disk_log_1.beam
index a61ef2ad3f..5e286cdd48 100644
--- a/bootstrap/lib/kernel/ebin/disk_log_1.beam
+++ b/bootstrap/lib/kernel/ebin/disk_log_1.beam
diff --git a/bootstrap/lib/kernel/ebin/disk_log_server.beam b/bootstrap/lib/kernel/ebin/disk_log_server.beam
index 39197f3995..d985f64937 100644
--- a/bootstrap/lib/kernel/ebin/disk_log_server.beam
+++ b/bootstrap/lib/kernel/ebin/disk_log_server.beam
diff --git a/bootstrap/lib/kernel/ebin/dist_ac.beam b/bootstrap/lib/kernel/ebin/dist_ac.beam
index c86598a689..3eae6b82a7 100644
--- a/bootstrap/lib/kernel/ebin/dist_ac.beam
+++ b/bootstrap/lib/kernel/ebin/dist_ac.beam
diff --git a/bootstrap/lib/kernel/ebin/dist_util.beam b/bootstrap/lib/kernel/ebin/dist_util.beam
index 094d909535..7fc3325da4 100644
--- a/bootstrap/lib/kernel/ebin/dist_util.beam
+++ b/bootstrap/lib/kernel/ebin/dist_util.beam
diff --git a/bootstrap/lib/kernel/ebin/file.beam b/bootstrap/lib/kernel/ebin/file.beam
index 19251f8a4f..c3289ba11f 100644
--- a/bootstrap/lib/kernel/ebin/file.beam
+++ b/bootstrap/lib/kernel/ebin/file.beam
diff --git a/bootstrap/lib/kernel/ebin/file_io_server.beam b/bootstrap/lib/kernel/ebin/file_io_server.beam
index 3783cd7b11..8193949718 100644
--- a/bootstrap/lib/kernel/ebin/file_io_server.beam
+++ b/bootstrap/lib/kernel/ebin/file_io_server.beam
diff --git a/bootstrap/lib/kernel/ebin/file_server.beam b/bootstrap/lib/kernel/ebin/file_server.beam
index 7b03c3ea0d..fd9a9924bb 100644
--- a/bootstrap/lib/kernel/ebin/file_server.beam
+++ b/bootstrap/lib/kernel/ebin/file_server.beam
diff --git a/bootstrap/lib/kernel/ebin/global.beam b/bootstrap/lib/kernel/ebin/global.beam
index b4a6a5dc3e..96d7365006 100644
--- a/bootstrap/lib/kernel/ebin/global.beam
+++ b/bootstrap/lib/kernel/ebin/global.beam
diff --git a/bootstrap/lib/kernel/ebin/global_group.beam b/bootstrap/lib/kernel/ebin/global_group.beam
index f1e6fa219e..dd7d0e429e 100644
--- a/bootstrap/lib/kernel/ebin/global_group.beam
+++ b/bootstrap/lib/kernel/ebin/global_group.beam
diff --git a/bootstrap/lib/kernel/ebin/group.beam b/bootstrap/lib/kernel/ebin/group.beam
index 67f78948d4..8e813f6964 100644
--- a/bootstrap/lib/kernel/ebin/group.beam
+++ b/bootstrap/lib/kernel/ebin/group.beam
diff --git a/bootstrap/lib/kernel/ebin/hipe_unified_loader.beam b/bootstrap/lib/kernel/ebin/hipe_unified_loader.beam
index c4a1a850a7..9412148a16 100644
--- a/bootstrap/lib/kernel/ebin/hipe_unified_loader.beam
+++ b/bootstrap/lib/kernel/ebin/hipe_unified_loader.beam
diff --git a/bootstrap/lib/kernel/ebin/inet.beam b/bootstrap/lib/kernel/ebin/inet.beam
index 9c19e084a6..62d8cfe163 100644
--- a/bootstrap/lib/kernel/ebin/inet.beam
+++ b/bootstrap/lib/kernel/ebin/inet.beam
diff --git a/bootstrap/lib/kernel/ebin/inet_dns.beam b/bootstrap/lib/kernel/ebin/inet_dns.beam
index be1c7c4766..7f262cf20d 100644
--- a/bootstrap/lib/kernel/ebin/inet_dns.beam
+++ b/bootstrap/lib/kernel/ebin/inet_dns.beam
diff --git a/bootstrap/lib/kernel/ebin/inet_gethost_native.beam b/bootstrap/lib/kernel/ebin/inet_gethost_native.beam
index 4bf616ad46..4e6ce0fc5e 100644
--- a/bootstrap/lib/kernel/ebin/inet_gethost_native.beam
+++ b/bootstrap/lib/kernel/ebin/inet_gethost_native.beam
diff --git a/bootstrap/lib/kernel/ebin/net_kernel.beam b/bootstrap/lib/kernel/ebin/net_kernel.beam
index 451d054667..a81f3e47d5 100644
--- a/bootstrap/lib/kernel/ebin/net_kernel.beam
+++ b/bootstrap/lib/kernel/ebin/net_kernel.beam
diff --git a/bootstrap/lib/kernel/ebin/user.beam b/bootstrap/lib/kernel/ebin/user.beam
index 6433bcf859..f3aae4a980 100644
--- a/bootstrap/lib/kernel/ebin/user.beam
+++ b/bootstrap/lib/kernel/ebin/user.beam
diff --git a/bootstrap/lib/kernel/ebin/user_sup.beam b/bootstrap/lib/kernel/ebin/user_sup.beam
index b68c8979ff..79dd095896 100644
--- a/bootstrap/lib/kernel/ebin/user_sup.beam
+++ b/bootstrap/lib/kernel/ebin/user_sup.beam
diff --git a/bootstrap/lib/kernel/include/dist.hrl b/bootstrap/lib/kernel/include/dist.hrl
index aea1ab81ba..5b52f6f294 100644
--- a/bootstrap/lib/kernel/include/dist.hrl
+++ b/bootstrap/lib/kernel/include/dist.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/bootstrap/lib/kernel/include/dist_util.hrl b/bootstrap/lib/kernel/include/dist_util.hrl
index f2b0598532..c3a7f97418 100644
--- a/bootstrap/lib/kernel/include/dist_util.hrl
+++ b/bootstrap/lib/kernel/include/dist_util.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/bootstrap/lib/kernel/include/file.hrl b/bootstrap/lib/kernel/include/file.hrl
index 3889bce393..bf97173122 100644
--- a/bootstrap/lib/kernel/include/file.hrl
+++ b/bootstrap/lib/kernel/include/file.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,10 +25,11 @@
 	{size   :: non_neg_integer(),	% Size of file in bytes.
 	 type   :: 'device' | 'directory' | 'other' | 'regular' | 'symlink',
 	 access :: 'read' | 'write' | 'read_write' | 'none',
-	 atime  :: file:date_time(),	% The local time the file was last read:
-					% {{Year, Mon, Day}, {Hour, Min, Sec}}.
-	 mtime  :: file:date_time(),	% The local time the file was last written.
-	 ctime  :: file:date_time(),	% The interpretation of this time field
+	 atime  :: file:date_time() | integer(), % The local time the file was last read:
+					         % {{Year, Mon, Day}, {Hour, Min, Sec}}.
+						 % atime, ctime, mtime may also be unix epochs()
+	 mtime  :: file:date_time() | integer(), % The local time the file was last written.
+	 ctime  :: file:date_time() | integer(), % The interpretation of this time field
 					% is dependent on operating system.
 					% On Unix it is the last time the file
 					% or the inode was changed.  On Windows,
diff --git a/bootstrap/lib/kernel/include/net_address.hrl b/bootstrap/lib/kernel/include/net_address.hrl
index 5342076507..9b9ea42931 100644
--- a/bootstrap/lib/kernel/include/net_address.hrl
+++ b/bootstrap/lib/kernel/include/net_address.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/bootstrap/lib/stdlib/ebin/base64.beam b/bootstrap/lib/stdlib/ebin/base64.beam
index 04a1388637..07877625dd 100644
--- a/bootstrap/lib/stdlib/ebin/base64.beam
+++ b/bootstrap/lib/stdlib/ebin/base64.beam
diff --git a/bootstrap/lib/stdlib/ebin/beam_lib.beam b/bootstrap/lib/stdlib/ebin/beam_lib.beam
index 01fc86def0..afe3bcc466 100644
--- a/bootstrap/lib/stdlib/ebin/beam_lib.beam
+++ b/bootstrap/lib/stdlib/ebin/beam_lib.beam
diff --git a/bootstrap/lib/stdlib/ebin/dets.beam b/bootstrap/lib/stdlib/ebin/dets.beam
index 73be548a89..4a33312cc0 100644
--- a/bootstrap/lib/stdlib/ebin/dets.beam
+++ b/bootstrap/lib/stdlib/ebin/dets.beam
diff --git a/bootstrap/lib/stdlib/ebin/dets_server.beam b/bootstrap/lib/stdlib/ebin/dets_server.beam
index d71185c9dd..26de164bd9 100644
--- a/bootstrap/lib/stdlib/ebin/dets_server.beam
+++ b/bootstrap/lib/stdlib/ebin/dets_server.beam
diff --git a/bootstrap/lib/stdlib/ebin/dets_utils.beam b/bootstrap/lib/stdlib/ebin/dets_utils.beam
index a372faf6ac..e4cd1e8b2e 100644
--- a/bootstrap/lib/stdlib/ebin/dets_utils.beam
+++ b/bootstrap/lib/stdlib/ebin/dets_utils.beam
diff --git a/bootstrap/lib/stdlib/ebin/dets_v8.beam b/bootstrap/lib/stdlib/ebin/dets_v8.beam
index a20f0469ce..c8e1549256 100644
--- a/bootstrap/lib/stdlib/ebin/dets_v8.beam
+++ b/bootstrap/lib/stdlib/ebin/dets_v8.beam
diff --git a/bootstrap/lib/stdlib/ebin/dets_v9.beam b/bootstrap/lib/stdlib/ebin/dets_v9.beam
index a52d126adf..8cfcb9f8f1 100644
--- a/bootstrap/lib/stdlib/ebin/dets_v9.beam
+++ b/bootstrap/lib/stdlib/ebin/dets_v9.beam
diff --git a/bootstrap/lib/stdlib/ebin/epp.beam b/bootstrap/lib/stdlib/ebin/epp.beam
index 0cc31bcac9..55f5adc24d 100644
--- a/bootstrap/lib/stdlib/ebin/epp.beam
+++ b/bootstrap/lib/stdlib/ebin/epp.beam
diff --git a/bootstrap/lib/stdlib/ebin/erl_compile.beam b/bootstrap/lib/stdlib/ebin/erl_compile.beam
index 1ce1d02ef0..6fd4e3373e 100644
--- a/bootstrap/lib/stdlib/ebin/erl_compile.beam
+++ b/bootstrap/lib/stdlib/ebin/erl_compile.beam
diff --git a/bootstrap/lib/stdlib/ebin/erl_eval.beam b/bootstrap/lib/stdlib/ebin/erl_eval.beam
index 3184aabc87..6198c4f43a 100644
--- a/bootstrap/lib/stdlib/ebin/erl_eval.beam
+++ b/bootstrap/lib/stdlib/ebin/erl_eval.beam
diff --git a/bootstrap/lib/stdlib/ebin/erl_expand_records.beam b/bootstrap/lib/stdlib/ebin/erl_expand_records.beam
index c5c1d71941..5c9663cd54 100644
--- a/bootstrap/lib/stdlib/ebin/erl_expand_records.beam
+++ b/bootstrap/lib/stdlib/ebin/erl_expand_records.beam
diff --git a/bootstrap/lib/stdlib/ebin/erl_lint.beam b/bootstrap/lib/stdlib/ebin/erl_lint.beam
index 7b1eaf1f15..798924c19b 100644
--- a/bootstrap/lib/stdlib/ebin/erl_lint.beam
+++ b/bootstrap/lib/stdlib/ebin/erl_lint.beam
diff --git a/bootstrap/lib/stdlib/ebin/erl_parse.beam b/bootstrap/lib/stdlib/ebin/erl_parse.beam
index c026e8401f..85fa455908 100644
--- a/bootstrap/lib/stdlib/ebin/erl_parse.beam
+++ b/bootstrap/lib/stdlib/ebin/erl_parse.beam
diff --git a/bootstrap/lib/stdlib/ebin/erl_scan.beam b/bootstrap/lib/stdlib/ebin/erl_scan.beam
index b5e7c1c24e..9e70ed846e 100644
--- a/bootstrap/lib/stdlib/ebin/erl_scan.beam
+++ b/bootstrap/lib/stdlib/ebin/erl_scan.beam
diff --git a/bootstrap/lib/stdlib/ebin/erl_tar.beam b/bootstrap/lib/stdlib/ebin/erl_tar.beam
index 9de0e978e3..7eacf3272c 100644
--- a/bootstrap/lib/stdlib/ebin/erl_tar.beam
+++ b/bootstrap/lib/stdlib/ebin/erl_tar.beam
diff --git a/bootstrap/lib/stdlib/ebin/error_logger_file_h.beam b/bootstrap/lib/stdlib/ebin/error_logger_file_h.beam
index f5609d124c..496e41c858 100644
--- a/bootstrap/lib/stdlib/ebin/error_logger_file_h.beam
+++ b/bootstrap/lib/stdlib/ebin/error_logger_file_h.beam
diff --git a/bootstrap/lib/stdlib/ebin/error_logger_tty_h.beam b/bootstrap/lib/stdlib/ebin/error_logger_tty_h.beam
index 886bba634c..3c4c135495 100644
--- a/bootstrap/lib/stdlib/ebin/error_logger_tty_h.beam
+++ b/bootstrap/lib/stdlib/ebin/error_logger_tty_h.beam
diff --git a/bootstrap/lib/stdlib/ebin/escript.beam b/bootstrap/lib/stdlib/ebin/escript.beam
index 18066abf53..93c1109b41 100644
--- a/bootstrap/lib/stdlib/ebin/escript.beam
+++ b/bootstrap/lib/stdlib/ebin/escript.beam
diff --git a/bootstrap/lib/stdlib/ebin/ets.beam b/bootstrap/lib/stdlib/ebin/ets.beam
index 8bc5103946..642689d749 100644
--- a/bootstrap/lib/stdlib/ebin/ets.beam
+++ b/bootstrap/lib/stdlib/ebin/ets.beam
diff --git a/bootstrap/lib/stdlib/ebin/eval_bits.beam b/bootstrap/lib/stdlib/ebin/eval_bits.beam
index ac375672f6..73e20d9a8d 100644
--- a/bootstrap/lib/stdlib/ebin/eval_bits.beam
+++ b/bootstrap/lib/stdlib/ebin/eval_bits.beam
diff --git a/bootstrap/lib/stdlib/ebin/file_sorter.beam b/bootstrap/lib/stdlib/ebin/file_sorter.beam
index 0c910821f6..633d8acd10 100644
--- a/bootstrap/lib/stdlib/ebin/file_sorter.beam
+++ b/bootstrap/lib/stdlib/ebin/file_sorter.beam
diff --git a/bootstrap/lib/stdlib/ebin/filename.beam b/bootstrap/lib/stdlib/ebin/filename.beam
index ad7cf40df0..e371f3f478 100644
--- a/bootstrap/lib/stdlib/ebin/filename.beam
+++ b/bootstrap/lib/stdlib/ebin/filename.beam
diff --git a/bootstrap/lib/stdlib/ebin/gb_trees.beam b/bootstrap/lib/stdlib/ebin/gb_trees.beam
index bbe958dc66..edf1805440 100644
--- a/bootstrap/lib/stdlib/ebin/gb_trees.beam
+++ b/bootstrap/lib/stdlib/ebin/gb_trees.beam
diff --git a/bootstrap/lib/stdlib/ebin/gen.beam b/bootstrap/lib/stdlib/ebin/gen.beam
index db59451d78..bd08292a87 100644
--- a/bootstrap/lib/stdlib/ebin/gen.beam
+++ b/bootstrap/lib/stdlib/ebin/gen.beam
diff --git a/bootstrap/lib/stdlib/ebin/gen_event.beam b/bootstrap/lib/stdlib/ebin/gen_event.beam
index 95188a534a..c381a17787 100644
--- a/bootstrap/lib/stdlib/ebin/gen_event.beam
+++ b/bootstrap/lib/stdlib/ebin/gen_event.beam
diff --git a/bootstrap/lib/stdlib/ebin/gen_fsm.beam b/bootstrap/lib/stdlib/ebin/gen_fsm.beam
index 03f40579cb..99410275e2 100644
--- a/bootstrap/lib/stdlib/ebin/gen_fsm.beam
+++ b/bootstrap/lib/stdlib/ebin/gen_fsm.beam
diff --git a/bootstrap/lib/stdlib/ebin/gen_server.beam b/bootstrap/lib/stdlib/ebin/gen_server.beam
index 2391903567..7698131678 100644
--- a/bootstrap/lib/stdlib/ebin/gen_server.beam
+++ b/bootstrap/lib/stdlib/ebin/gen_server.beam
diff --git a/bootstrap/lib/stdlib/ebin/io_lib.beam b/bootstrap/lib/stdlib/ebin/io_lib.beam
index 07cefba99e..b240aa157d 100644
--- a/bootstrap/lib/stdlib/ebin/io_lib.beam
+++ b/bootstrap/lib/stdlib/ebin/io_lib.beam
diff --git a/bootstrap/lib/stdlib/ebin/io_lib_pretty.beam b/bootstrap/lib/stdlib/ebin/io_lib_pretty.beam
index f7a239e18c..be283307f3 100644
--- a/bootstrap/lib/stdlib/ebin/io_lib_pretty.beam
+++ b/bootstrap/lib/stdlib/ebin/io_lib_pretty.beam
diff --git a/bootstrap/lib/stdlib/ebin/lib.beam b/bootstrap/lib/stdlib/ebin/lib.beam
index 5d44d3f8f1..4b67bbb774 100644
--- a/bootstrap/lib/stdlib/ebin/lib.beam
+++ b/bootstrap/lib/stdlib/ebin/lib.beam
diff --git a/bootstrap/lib/stdlib/ebin/ms_transform.beam b/bootstrap/lib/stdlib/ebin/ms_transform.beam
index 1af64e9d63..bc16416161 100644
--- a/bootstrap/lib/stdlib/ebin/ms_transform.beam
+++ b/bootstrap/lib/stdlib/ebin/ms_transform.beam
diff --git a/bootstrap/lib/stdlib/ebin/otp_internal.beam b/bootstrap/lib/stdlib/ebin/otp_internal.beam
index f22f936f42..1a9a55dc24 100644
--- a/bootstrap/lib/stdlib/ebin/otp_internal.beam
+++ b/bootstrap/lib/stdlib/ebin/otp_internal.beam
diff --git a/bootstrap/lib/stdlib/ebin/pool.beam b/bootstrap/lib/stdlib/ebin/pool.beam
index a16364e1d9..3b1dbc3524 100644
--- a/bootstrap/lib/stdlib/ebin/pool.beam
+++ b/bootstrap/lib/stdlib/ebin/pool.beam
diff --git a/bootstrap/lib/stdlib/ebin/qlc.beam b/bootstrap/lib/stdlib/ebin/qlc.beam
index 1576557a09..716f28b661 100644
--- a/bootstrap/lib/stdlib/ebin/qlc.beam
+++ b/bootstrap/lib/stdlib/ebin/qlc.beam
diff --git a/bootstrap/lib/stdlib/ebin/qlc_pt.beam b/bootstrap/lib/stdlib/ebin/qlc_pt.beam
index 805203b00e..f51bc3ccbd 100644
--- a/bootstrap/lib/stdlib/ebin/qlc_pt.beam
+++ b/bootstrap/lib/stdlib/ebin/qlc_pt.beam
diff --git a/bootstrap/lib/stdlib/ebin/queue.beam b/bootstrap/lib/stdlib/ebin/queue.beam
index 663b1a49ff..5ebb0f9cc6 100644
--- a/bootstrap/lib/stdlib/ebin/queue.beam
+++ b/bootstrap/lib/stdlib/ebin/queue.beam
diff --git a/bootstrap/lib/stdlib/ebin/re.beam b/bootstrap/lib/stdlib/ebin/re.beam
index 85125291e9..4b9cbb7cfc 100644
--- a/bootstrap/lib/stdlib/ebin/re.beam
+++ b/bootstrap/lib/stdlib/ebin/re.beam
diff --git a/bootstrap/lib/stdlib/ebin/regexp.beam b/bootstrap/lib/stdlib/ebin/regexp.beam
deleted file mode 100644
index 023f2fb9b2..0000000000
--- a/bootstrap/lib/stdlib/ebin/regexp.beam
+++ /dev/null
diff --git a/bootstrap/lib/stdlib/ebin/shell.beam b/bootstrap/lib/stdlib/ebin/shell.beam
index 2a853ea58c..20b9938d06 100644
--- a/bootstrap/lib/stdlib/ebin/shell.beam
+++ b/bootstrap/lib/stdlib/ebin/shell.beam
diff --git a/bootstrap/lib/stdlib/ebin/sofs.beam b/bootstrap/lib/stdlib/ebin/sofs.beam
index 5d9b1bd6c0..a0c8c58c03 100644
--- a/bootstrap/lib/stdlib/ebin/sofs.beam
+++ b/bootstrap/lib/stdlib/ebin/sofs.beam
diff --git a/bootstrap/lib/stdlib/ebin/string.beam b/bootstrap/lib/stdlib/ebin/string.beam
index 5086591504..3ace8184d0 100644
--- a/bootstrap/lib/stdlib/ebin/string.beam
+++ b/bootstrap/lib/stdlib/ebin/string.beam
diff --git a/bootstrap/lib/stdlib/ebin/supervisor.beam b/bootstrap/lib/stdlib/ebin/supervisor.beam
index 9d3b9ddd87..98c8f6d42e 100644
--- a/bootstrap/lib/stdlib/ebin/supervisor.beam
+++ b/bootstrap/lib/stdlib/ebin/supervisor.beam
diff --git a/bootstrap/lib/stdlib/ebin/unicode.beam b/bootstrap/lib/stdlib/ebin/unicode.beam
index b560f13933..7dcf140730 100644
--- a/bootstrap/lib/stdlib/ebin/unicode.beam
+++ b/bootstrap/lib/stdlib/ebin/unicode.beam
diff --git a/bootstrap/lib/stdlib/ebin/zip.beam b/bootstrap/lib/stdlib/ebin/zip.beam
index ca76a6fa3b..2907ee286b 100644
--- a/bootstrap/lib/stdlib/ebin/zip.beam
+++ b/bootstrap/lib/stdlib/ebin/zip.beam
diff --git a/erts/Makefile.in b/erts/Makefile.in
index 8b86fbadf2..1979c50781 100644
--- a/erts/Makefile.in
+++ b/erts/Makefile.in
@@ -1,7 +1,7 @@
 # 
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2006-2010. All Rights Reserved.
+# Copyright Ericsson AB 2006-2012. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@ include vsn.mk
 # ----------------------------------------------------------------------
 
 # Other erts dirs than the emulator dir...
-ERTSDIRS = doc/src etc epmd lib_src
+ERTSDIRS = etc epmd lib_src
 XINSTDIRS = preloaded
 ifeq ($(NO_START_SCRIPTS),)
 ERTSDIRS += start_scripts
@@ -40,42 +40,36 @@ ifeq ($(BUILD_HYBRID_EMU),yes)
 EXTRA_FLAVORS += hybrid
 endif
 
-#
-# Some byggy 'make's get confused when a directory is created and used
-# for storing files which other files depend on during the same "make
-# session". As a workaround we do a 'make generate' (which creates
-# all directories) before doing 'make opt', etc...
-#
-
+.PHONY: all
 ifneq ($(BUILD_HYBRID_EMU),yes)
 all: smp opt
 else
 all: hybrid smp opt
 endif
 
-debug opt docs clean:
-	@ case $@ in \
-	    docs|clean) ;; \
-	    *) ( cd emulator && $(MAKE) generate TYPE=$@ FLAVOR=$(FLAVOR)) ;; \
-	  esac
-	@ ( cd emulator && $(MAKE) $@ FLAVOR=$(FLAVOR))
-	@for d in $(ERTSDIRS); do \
+.PHONY: docs
+docs:
+	( cd doc/src && $(MAKE) $@ )
+
+.PHONY: debug opt clean
+debug opt clean:
+	for d in emulator $(ERTSDIRS); do \
 		if test -d $$d; then \
-			( cd $$d && $(MAKE) $@ ) || exit $$? ; \
+			( cd $$d && $(MAKE) $@ FLAVOR=$(FLAVOR) ) || exit $$? ; \
 		fi ; \
-	 done
+	done
 
 # ----------------------------------------------------------------------
 # These are "convenience targets", provided as shortcuts for developers
 # - don't use them in scripts or assume they will always stay like this!
 #
 
+.PHONY: $(EXTRA_FLAVORS)
 $(EXTRA_FLAVORS):
-	@ ( cd emulator \
-	    && $(MAKE) generate TYPE=opt FLAVOR=$@ \
-	    && $(MAKE) opt FLAVOR=$@ )
+	( cd emulator && $(MAKE) opt FLAVOR=$@ )
 
 ifneq ($(BUILD_HYBRID_EMU),yes)
+.PHONY: hybrid
 hybrid:
 	@echo '*** Omitted build of hybrid heap emulator'
 	@echo '*** since target is $(TARGET)'
@@ -88,6 +82,7 @@ endif
 
 # The copying of beam.dll should be removed when the beam dll need no longer be
 # in the same directory...
+.PHONY: local_setup
 local_setup:
 	@cd start_scripts && $(MAKE)
 	@echo `ls $(ERL_TOP)/bin/`
@@ -110,8 +105,7 @@ local_setup:
 		cp $(ERL_TOP)/bin/$(TARGET)/escript.exe $(ERL_TOP)/bin/escript.exe; \
 	 	chmod 755 $(ERL_TOP)/bin/erl.exe $(ERL_TOP)/bin/erlc.exe \
 			 $(ERL_TOP)/bin/werl.exe; \
-		$(ERL_TOP)/erts/etc/win32/cygwin_tools/make_local_ini.sh \
-			$(ERL_TOP); \
+		make_local_ini.sh $(ERL_TOP); \
 	else \
 	sed	-e "s;%FINAL_ROOTDIR%;$(ERL_TOP);"   \
 		-e "s;erts-.*/bin;bin/$(TARGET);"    \
@@ -135,11 +129,13 @@ local_setup:
 		$(ERL_TOP)/bin/start_clean.script
 
 # Run the configure script
+.PHONY: configure
 configure:
 	@set -e ; cd autoconf && $(MAKE)
 
 # Remake the makefiles, if you already have configured but you have edited
 # a "Makefile.in".
+.PHONY: makefiles
 makefiles:
 	@set -e ; cd autoconf && $(MAKE) $@
 
@@ -147,21 +143,17 @@ makefiles:
 # Release targets
 #
 
-release release_docs:
-ifeq ($(BUILD_HYBRID_EMU),yes)
-	@if test $@ = release; then ( cd emulator && $(MAKE) $@ FLAVOR=hybrid) fi
-else
-	@if test $@ = release; then ( $(MAKE) hybrid ) fi
-endif
-	@if test $@ = release; then ( cd emulator && $(MAKE) $@ FLAVOR=smp) fi
-	@ (cd emulator && $(MAKE) $@ FLAVOR=plain)
-	@for d in $(ERTSDIRS) $(XINSTDIRS); do \
+.PHONY: release
+release:
+	for f in plain $(EXTRA_FLAVORS) ; do \
+		( cd emulator && $(MAKE) release FLAVOR=$$f ) \
+	done
+	for d in $(ERTSDIRS) $(XINSTDIRS); do \
 		if test -d $$d; then \
 			( cd $$d && $(MAKE) $@ ) || exit $$? ; \
 		fi ; \
 	 done
 
-# ----------------------------------------------------------------------
-
-.PHONY: debug opt docs clean local_setup configure release \
-	release_docs run_test_cases hybrid smp
+.PHONY: release_docs
+release_docs:
+	( cd doc/src && $(MAKE) $@ )
diff --git a/erts/aclocal.m4 b/erts/aclocal.m4
index bd228a2d1f..339a15a2bb 100644
--- a/erts/aclocal.m4
+++ b/erts/aclocal.m4
@@ -112,6 +112,94 @@ fi
 
 dnl ----------------------------------------------------------------------
 dnl
+dnl LM_WINDOWS_ENVIRONMENT
+dnl
+dnl
+dnl Tries to determine thw windows build environment, i.e. 
+dnl MIXED_CYGWIN_VC or MIXED_MSYS_VC 
+dnl
+
+AC_DEFUN(LM_WINDOWS_ENVIRONMENT,
+[
+MIXED_CYGWIN=no
+MIXED_MSYS=no
+
+AC_MSG_CHECKING(for mixed cygwin or msys and native VC++ environment)
+if test "X$host" = "Xwin32" -a "x$GCC" != "xyes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([Cygwin and VC])
+		MIXED_CYGWIN_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_VC"
+	elif test -x /usr/bin/msysinfo; then
+	        CFLAGS="-O2"
+		MIXED_MSYS=yes
+		AC_MSG_RESULT([MSYS and VC])
+		MIXED_MSYS_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_MSYS_VC"
+	else		    
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_VC=no
+	MIXED_MSYS_VC=no
+fi
+AC_SUBST(MIXED_CYGWIN_VC)
+AC_SUBST(MIXED_MSYS_VC)
+
+MIXED_VC=no
+if test "x$MIXED_MSYS_VC" = "xyes" -o  "x$MIXED_CYGWIN_VC" = "xyes" ; then
+   MIXED_VC=yes
+fi
+
+AC_SUBST(MIXED_VC)
+
+if test "x$MIXED_MSYS" != "xyes"; then
+   AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
+   if test "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([yes])
+		MIXED_CYGWIN_MINGW=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_MINGW"
+	else
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+    else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_MINGW=no
+    fi
+else
+	MIXED_CYGWIN_MINGW=no
+fi	
+AC_SUBST(MIXED_CYGWIN_MINGW)
+
+AC_MSG_CHECKING(if we mix cygwin with any native compiler)
+if test "X$MIXED_CYGWIN" = "Xyes"; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_CYGWIN)
+	
+AC_MSG_CHECKING(if we mix msys with another native compiler)
+if test "X$MIXED_MSYS" = "Xyes" ; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_MSYS)
+])		
+	
+dnl ----------------------------------------------------------------------
+dnl
 dnl LM_FIND_EMU_CC
 dnl
 dnl
@@ -125,8 +213,10 @@ AC_DEFUN(LM_FIND_EMU_CC,
 			ac_cv_prog_emu_cc,
 			[
 AC_TRY_COMPILE([],[
-#ifdef __llvm__
-#error "llvm is currently unable to compile beam_emu.c"
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
 #endif
     __label__ lbl1;
     __label__ lbl2;
@@ -168,6 +258,11 @@ if test $ac_cv_prog_emu_cc != no; then
 	CFLAGS=""
 	CPPFLAGS=""
 	AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
     	__label__ lbl1;
     	__label__ lbl2;
     	int x = magic();
diff --git a/erts/autoconf/win64.config.cache.static b/erts/autoconf/win64.config.cache.static
new file mode 100755
index 0000000000..a8a2bfb59c
--- /dev/null
+++ b/erts/autoconf/win64.config.cache.static
@@ -0,0 +1,271 @@
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems.  If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+ac_cv_c_bigendian=${ac_cv_c_bigendian=no}
+ac_cv_c_compiler_gnu=${ac_cv_c_compiler_gnu=no}
+ac_cv_c_const=${ac_cv_c_const=yes}
+ac_cv_cxx_compiler_gnu=${ac_cv_cxx_compiler_gnu=no}
+ac_cv_decl_h_errno=${ac_cv_decl_h_errno=no}
+ac_cv_decl_inaddr_loopback=${ac_cv_decl_inaddr_loopback=no}
+ac_cv_decl_inaddr_loopback_rpc=${ac_cv_decl_inaddr_loopback_rpc=no}
+ac_cv_decl_inaddr_loopback_winsock2=${ac_cv_decl_inaddr_loopback_winsock2=yes}
+ac_cv_decl_so_bsdcompat=${ac_cv_decl_so_bsdcompat=no}
+ac_cv_decl_sys_errlist=${ac_cv_decl_sys_errlist=no}
+ac_cv_env_AR_set=set
+ac_cv_env_AR_value=ar.sh
+ac_cv_env_CCC_set=
+ac_cv_env_CCC_value=
+ac_cv_env_CC_set=set
+ac_cv_env_CC_value=cc.sh
+ac_cv_env_CFLAGS_set=
+ac_cv_env_CFLAGS_value=
+ac_cv_env_CPPFLAGS_set=
+ac_cv_env_CPPFLAGS_value=
+ac_cv_env_CPP_set=
+ac_cv_env_CPP_value=
+ac_cv_env_CXXFLAGS_set=
+ac_cv_env_CXXFLAGS_value=
+ac_cv_env_CXX_set=set
+ac_cv_env_CXX_value=cc.sh
+ac_cv_env_LDFLAGS_set=
+ac_cv_env_LDFLAGS_value=
+ac_cv_env_build_alias_set=set
+ac_cv_env_build_alias_value=win32
+ac_cv_env_host_alias_set=set
+ac_cv_env_host_alias_value=win32
+ac_cv_env_target_alias_set=set
+ac_cv_env_target_alias_value=win32
+ac_cv_exeext=${ac_cv_exeext=.exe}
+ac_cv_func___brk=${ac_cv_func___brk=no}
+ac_cv_func___sbrk=${ac_cv_func___sbrk=no}
+ac_cv_func__brk=${ac_cv_func__brk=no}
+ac_cv_func__doprnt=${ac_cv_func__doprnt=no}
+ac_cv_func__sbrk=${ac_cv_func__sbrk=no}
+ac_cv_func_accept=${ac_cv_func_accept=no}
+ac_cv_func_alloca_works=${ac_cv_func_alloca_works=yes}
+ac_cv_func_brk=${ac_cv_func_brk=no}
+ac_cv_func_clock_gettime=${ac_cv_func_clock_gettime=no}
+ac_cv_func_connect=${ac_cv_func_connect=no}
+ac_cv_func_decl_fread=${ac_cv_func_decl_fread=yes}
+ac_cv_func_dlopen=${ac_cv_func_dlopen=no}
+ac_cv_func_dup2=${ac_cv_func_dup2=yes}
+ac_cv_func_fdatasync=${ac_cv_func_fdatasync=no}
+ac_cv_func_finite=${ac_cv_func_finite=no}
+ac_cv_func_flockfile=${ac_cv_func_flockfile=no}
+ac_cv_func_fork=${ac_cv_func_fork=no}
+ac_cv_func_fork_works=${ac_cv_func_fork_works=no}
+ac_cv_func_fpsetmask=${ac_cv_func_fpsetmask=no}
+ac_cv_func_fstat=${ac_cv_func_fstat=yes}
+ac_cv_func_gethostbyaddr=${ac_cv_func_gethostbyaddr=no}
+ac_cv_func_gethostbyaddr_r=${ac_cv_func_gethostbyaddr_r=no}
+ac_cv_func_gethostbyname=${ac_cv_func_gethostbyname=yes}
+ac_cv_func_gethostbyname2=${ac_cv_func_gethostbyname2=no}
+ac_cv_func_gethostbyname_r=${ac_cv_func_gethostbyname_r=no}
+ac_cv_func_gethostname=${ac_cv_func_gethostname=no}
+ac_cv_func_gethrtime=${ac_cv_func_gethrtime=no}
+ac_cv_func_getifaddrs=${ac_cv_func_getifaddrs=no}
+ac_cv_func_getipnodebyaddr=${ac_cv_func_getipnodebyaddr=no}
+ac_cv_func_getipnodebyname=${ac_cv_func_getipnodebyname=no}
+ac_cv_func_getpagesize=${ac_cv_func_getpagesize=no}
+ac_cv_func_gettimeofday=${ac_cv_func_gettimeofday=no}
+ac_cv_func_gmtime_r=${ac_cv_func_gmtime_r=no}
+ac_cv_func_ieee_handler=${ac_cv_func_ieee_handler=no}
+ac_cv_func_inet_ntoa=${ac_cv_func_inet_ntoa=no}
+ac_cv_func_inet_pton=${ac_cv_func_inet_pton=yes}
+ac_cv_func_isinf=${ac_cv_func_isinf=no}
+ac_cv_func_isnan=${ac_cv_func_isnan=no}
+ac_cv_func_localtime_r=${ac_cv_func_localtime_r=no}
+ac_cv_func_mallopt=${ac_cv_func_mallopt=no}
+ac_cv_func_memchr=${ac_cv_func_memchr=yes}
+ac_cv_func_memcmp_working=${ac_cv_func_memcmp_working=yes}
+ac_cv_func_memcpy=${ac_cv_func_memcpy=no}
+ac_cv_func_memmove=${ac_cv_func_memmove=yes}
+ac_cv_func_memset=${ac_cv_func_memset=yes}
+ac_cv_func_mmap=${ac_cv_func_mmap=no}
+ac_cv_func_mmap_fixed_mapped=${ac_cv_func_mmap_fixed_mapped=no}
+ac_cv_func_mremap=${ac_cv_func_mremap=no}
+ac_cv_func_nl_langinfo=${ac_cv_func_nl_langinfo=no}
+ac_cv_func_openpty=${ac_cv_func_openpty=no}
+ac_cv_func_poll=${ac_cv_func_poll=no}
+ac_cv_func_posix2time=${ac_cv_func_posix2time=no}
+ac_cv_func_posix_fadvise=${ac_cv_func_posix_fadvise=no}
+ac_cv_func_pread=${ac_cv_func_pread=no}
+ac_cv_func_pwrite=${ac_cv_func_pwrite=no}
+ac_cv_func_res_gethostbyname=${ac_cv_func_res_gethostbyname=no}
+ac_cv_func_sbrk=${ac_cv_func_sbrk=no}
+ac_cv_func_sctp_bindx=${ac_cv_func_sctp_bindx=no}
+ac_cv_func_sctp_peeloff=${ac_cv_func_sctp_peeloff=no}
+ac_cv_func_select=${ac_cv_func_select=no}
+ac_cv_func_setlocale=${ac_cv_func_setlocale=yes}
+ac_cv_func_setsid=${ac_cv_func_setsid=no}
+ac_cv_func_setvbuf_reversed=${ac_cv_func_setvbuf_reversed=yes}
+ac_cv_func_socket=${ac_cv_func_socket=no}
+ac_cv_func_strchr=${ac_cv_func_strchr=yes}
+ac_cv_func_strerror=${ac_cv_func_strerror=yes}
+ac_cv_func_strerror_r=${ac_cv_func_strerror_r=no}
+ac_cv_func_strlcat=${ac_cv_func_strlcat=no}
+ac_cv_func_strlcpy=${ac_cv_func_strlcpy=no}
+ac_cv_func_strncasecmp=${ac_cv_func_strncasecmp=no}
+ac_cv_func_strrchr=${ac_cv_func_strrchr=yes}
+ac_cv_func_strstr=${ac_cv_func_strstr=yes}
+ac_cv_func_uname=${ac_cv_func_uname=no}
+ac_cv_func_vfork=${ac_cv_func_vfork=no}
+ac_cv_func_vfork_works=${ac_cv_func_vfork_works=no}
+ac_cv_func_vprintf=${ac_cv_func_vprintf=yes}
+ac_cv_func_writev=${ac_cv_func_writev=no}
+ac_cv_have_decl_SCTPS_BOUND=${ac_cv_have_decl_SCTPS_BOUND=no}
+ac_cv_have_decl_SCTPS_COOKIE_ECHOED=${ac_cv_have_decl_SCTPS_COOKIE_ECHOED=no}
+ac_cv_have_decl_SCTPS_COOKIE_WAIT=${ac_cv_have_decl_SCTPS_COOKIE_WAIT=no}
+ac_cv_have_decl_SCTPS_ESTABLISHED=${ac_cv_have_decl_SCTPS_ESTABLISHED=no}
+ac_cv_have_decl_SCTPS_IDLE=${ac_cv_have_decl_SCTPS_IDLE=no}
+ac_cv_have_decl_SCTPS_LISTEN=${ac_cv_have_decl_SCTPS_LISTEN=no}
+ac_cv_have_decl_SCTPS_SHUTDOWN_ACK_SENT=${ac_cv_have_decl_SCTPS_SHUTDOWN_ACK_SENT=no}
+ac_cv_have_decl_SCTPS_SHUTDOWN_PENDING=${ac_cv_have_decl_SCTPS_SHUTDOWN_PENDING=no}
+ac_cv_have_decl_SCTPS_SHUTDOWN_RECEIVED=${ac_cv_have_decl_SCTPS_SHUTDOWN_RECEIVED=no}
+ac_cv_have_decl_SCTPS_SHUTDOWN_SENT=${ac_cv_have_decl_SCTPS_SHUTDOWN_SENT=no}
+ac_cv_have_decl_SCTP_ABORT=${ac_cv_have_decl_SCTP_ABORT=no}
+ac_cv_have_decl_SCTP_ADDR_CONFIRMED=${ac_cv_have_decl_SCTP_ADDR_CONFIRMED=no}
+ac_cv_have_decl_SCTP_ADDR_OVER=${ac_cv_have_decl_SCTP_ADDR_OVER=no}
+ac_cv_have_decl_SCTP_BOUND=${ac_cv_have_decl_SCTP_BOUND=no}
+ac_cv_have_decl_SCTP_CLOSED=${ac_cv_have_decl_SCTP_CLOSED=no}
+ac_cv_have_decl_SCTP_COOKIE_ECHOED=${ac_cv_have_decl_SCTP_COOKIE_ECHOED=no}
+ac_cv_have_decl_SCTP_COOKIE_WAIT=${ac_cv_have_decl_SCTP_COOKIE_WAIT=no}
+ac_cv_have_decl_SCTP_DELAYED_ACK_TIME=${ac_cv_have_decl_SCTP_DELAYED_ACK_TIME=no}
+ac_cv_have_decl_SCTP_EMPTY=${ac_cv_have_decl_SCTP_EMPTY=no}
+ac_cv_have_decl_SCTP_EOF=${ac_cv_have_decl_SCTP_EOF=no}
+ac_cv_have_decl_SCTP_ESTABLISHED=${ac_cv_have_decl_SCTP_ESTABLISHED=no}
+ac_cv_have_decl_SCTP_LISTEN=${ac_cv_have_decl_SCTP_LISTEN=no}
+ac_cv_have_decl_SCTP_SENDALL=${ac_cv_have_decl_SCTP_SENDALL=no}
+ac_cv_have_decl_SCTP_SHUTDOWN_ACK_SENT=${ac_cv_have_decl_SCTP_SHUTDOWN_ACK_SENT=no}
+ac_cv_have_decl_SCTP_SHUTDOWN_PENDING=${ac_cv_have_decl_SCTP_SHUTDOWN_PENDING=no}
+ac_cv_have_decl_SCTP_SHUTDOWN_RECEIVED=${ac_cv_have_decl_SCTP_SHUTDOWN_RECEIVED=no}
+ac_cv_have_decl_SCTP_SHUTDOWN_SENT=${ac_cv_have_decl_SCTP_SHUTDOWN_SENT=no}
+ac_cv_have_decl_SCTP_UNORDERED=${ac_cv_have_decl_SCTP_UNORDERED=no}
+ac_cv_have_decl_posix2time=${ac_cv_have_decl_posix2time=no}
+ac_cv_header_arpa_inet_h=${ac_cv_header_arpa_inet_h=no}
+ac_cv_header_arpa_nameser_h=${ac_cv_header_arpa_nameser_h=no}
+ac_cv_header_dirent_dirent_h=${ac_cv_header_dirent_dirent_h=no}
+ac_cv_header_dirent_ndir_h=${ac_cv_header_dirent_ndir_h=no}
+ac_cv_header_dirent_sys_dir_h=${ac_cv_header_dirent_sys_dir_h=no}
+ac_cv_header_dirent_sys_ndir_h=${ac_cv_header_dirent_sys_ndir_h=no}
+ac_cv_header_dlfcn_h=${ac_cv_header_dlfcn_h=no}
+ac_cv_header_fcntl_h=${ac_cv_header_fcntl_h=yes}
+ac_cv_header_gl_gl_h=${ac_cv_header_gl_gl_h=yes}
+ac_cv_header_ieeefp_h=${ac_cv_header_ieeefp_h=no}
+ac_cv_header_ifaddrs_h=${ac_cv_header_ifaddrs_h=no}
+ac_cv_header_inttypes_h=${ac_cv_header_inttypes_h=no}
+ac_cv_header_langinfo_h=${ac_cv_header_langinfo_h=no}
+ac_cv_header_limits_h=${ac_cv_header_limits_h=yes}
+ac_cv_header_mach_o_dyld_h=${ac_cv_header_mach_o_dyld_h=no}
+ac_cv_header_malloc_h=${ac_cv_header_malloc_h=yes}
+ac_cv_header_memory_h=${ac_cv_header_memory_h=yes}
+ac_cv_header_net_errno_h=${ac_cv_header_net_errno_h=no}
+ac_cv_header_net_if_dl_h=${ac_cv_header_net_if_dl_h=no}
+ac_cv_header_netdb_h=${ac_cv_header_netdb_h=no}
+ac_cv_header_netinet_in_h=${ac_cv_header_netinet_in_h=no}
+ac_cv_header_netpacket_packet_h=${ac_cv_header_netpacket_packet_h=no}
+ac_cv_header_poll_h=${ac_cv_header_poll_h=no}
+ac_cv_header_pty_h=${ac_cv_header_pty_h=no}
+ac_cv_header_stdc=${ac_cv_header_stdc=yes}
+ac_cv_header_stddef_h=${ac_cv_header_stddef_h=yes}
+ac_cv_header_stdint_h=${ac_cv_header_stdint_h=yes}
+ac_cv_header_stdlib_h=${ac_cv_header_stdlib_h=yes}
+ac_cv_header_string_h=${ac_cv_header_string_h=yes}
+ac_cv_header_strings_h=${ac_cv_header_strings_h=no}
+ac_cv_header_sys_devpoll_h=${ac_cv_header_sys_devpoll_h=no}
+ac_cv_header_sys_epoll_h=${ac_cv_header_sys_epoll_h=no}
+ac_cv_header_sys_event_h=${ac_cv_header_sys_event_h=no}
+ac_cv_header_sys_ioctl_h=${ac_cv_header_sys_ioctl_h=no}
+ac_cv_header_sys_param_h=${ac_cv_header_sys_param_h=no}
+ac_cv_header_sys_resource_h=${ac_cv_header_sys_resource_h=no}
+ac_cv_header_sys_select_h=${ac_cv_header_sys_select_h=no}
+ac_cv_header_sys_socket_h=${ac_cv_header_sys_socket_h=no}
+ac_cv_header_sys_socketio_h=${ac_cv_header_sys_socketio_h=no}
+ac_cv_header_sys_sockio_h=${ac_cv_header_sys_sockio_h=no}
+ac_cv_header_sys_stat_h=${ac_cv_header_sys_stat_h=yes}
+ac_cv_header_sys_stropts_h=${ac_cv_header_sys_stropts_h=no}
+ac_cv_header_sys_sysctl_h=${ac_cv_header_sys_sysctl_h=no}
+ac_cv_header_sys_time_h=${ac_cv_header_sys_time_h=no}
+ac_cv_header_sys_types_h=${ac_cv_header_sys_types_h=yes}
+ac_cv_header_sys_uio_h=${ac_cv_header_sys_uio_h=no}
+ac_cv_header_sys_wait_h=${ac_cv_header_sys_wait_h=no}
+ac_cv_header_syslog_h=${ac_cv_header_syslog_h=no}
+ac_cv_header_time=${ac_cv_header_time=no}
+ac_cv_header_unistd_h=${ac_cv_header_unistd_h=no}
+ac_cv_header_util_h=${ac_cv_header_util_h=no}
+ac_cv_header_utmp_h=${ac_cv_header_utmp_h=no}
+ac_cv_header_valgrind_valgrind_h=${ac_cv_header_valgrind_valgrind_h=no}
+ac_cv_header_vfork_h=${ac_cv_header_vfork_h=no}
+ac_cv_header_windows_h=${ac_cv_header_windows_h=yes}
+ac_cv_header_winsock2_h=${ac_cv_header_winsock2_h=yes}
+ac_cv_header_ws2tcpip_h=${ac_cv_header_ws2tcpip_h=yes}
+ac_cv_lib_dl_dlopen=${ac_cv_lib_dl_dlopen=no}
+ac_cv_lib_inet_main=${ac_cv_lib_inet_main=no}
+ac_cv_lib_kstat_kstat_open=${ac_cv_lib_kstat_kstat_open=no}
+ac_cv_lib_m_sin=${ac_cv_lib_m_sin=no}
+ac_cv_lib_nsl_gethostbyname=${ac_cv_lib_nsl_gethostbyname=no}
+ac_cv_lib_nsl_main=${ac_cv_lib_nsl_main=no}
+ac_cv_lib_resolv_res_gethostbyname=${ac_cv_lib_resolv_res_gethostbyname=no}
+ac_cv_lib_rt_clock_gettime=${ac_cv_lib_rt_clock_gettime=no}
+ac_cv_lib_socket_getpeername=${ac_cv_lib_socket_getpeername=no}
+ac_cv_lib_socket_main=${ac_cv_lib_socket_main=yes}
+ac_cv_lib_socket_socket=${ac_cv_lib_socket_socket=no}
+ac_cv_lib_util_openpty=${ac_cv_lib_util_openpty=no}
+ac_cv_lib_ws2_32_main=${ac_cv_lib_ws2_32_main=yes}
+ac_cv_member_struct_ErlDrvEntry_stop_select=${ac_cv_member_struct_ErlDrvEntry_stop_select=no}
+ac_cv_member_struct_sctp_paddrparams_spp_flags=${ac_cv_member_struct_sctp_paddrparams_spp_flags=no}
+ac_cv_member_struct_sctp_paddrparams_spp_pathmtu=${ac_cv_member_struct_sctp_paddrparams_spp_pathmtu=no}
+ac_cv_member_struct_sctp_paddrparams_spp_sackdelay=${ac_cv_member_struct_sctp_paddrparams_spp_sackdelay=no}
+ac_cv_member_struct_sctp_remote_error_sre_data=${ac_cv_member_struct_sctp_remote_error_sre_data=no}
+ac_cv_member_struct_sctp_send_failed_ssf_data=${ac_cv_member_struct_sctp_send_failed_ssf_data=no}
+ac_cv_objext=${ac_cv_objext=o}
+ac_cv_path_MKDIR=${ac_cv_path_MKDIR=/bin/mkdir}
+ac_cv_path_RM=${ac_cv_path_RM=/bin/rm}
+ac_cv_prog_AR=${ac_cv_prog_AR=ar.sh}
+ac_cv_prog_CC=${ac_cv_prog_CC=cc.sh}
+ac_cv_prog_CPP=${ac_cv_prog_CPP='cc.sh -E'}
+ac_cv_prog_CXX=${ac_cv_prog_CXX=cc.sh}
+ac_cv_prog_DED_LD=${ac_cv_prog_DED_LD=ld.sh}
+ac_cv_prog_JAVAC=${ac_cv_prog_JAVAC=javac.sh}
+ac_cv_prog_M4=${ac_cv_prog_M4=m4}
+ac_cv_prog_RANLIB=${ac_cv_prog_RANLIB=true}
+ac_cv_prog_cc_c89=${ac_cv_prog_cc_c89=}
+ac_cv_prog_cc_g=${ac_cv_prog_cc_g=yes}
+ac_cv_search_fdatasync=${ac_cv_search_fdatasync=no}
+ac_cv_search_opendir=${ac_cv_search_opendir=no}
+ac_cv_search_strerror=${ac_cv_search_strerror='none required'}
+ac_cv_sizeof___int64=${ac_cv_sizeof___int64=8}
+ac_cv_sizeof_char=${ac_cv_sizeof_char=1}
+ac_cv_sizeof_int=${ac_cv_sizeof_int=4}
+ac_cv_sizeof_long=${ac_cv_sizeof_long=4}
+ac_cv_sizeof_long_long=${ac_cv_sizeof_long_long=8}
+ac_cv_sizeof_off_t=${ac_cv_sizeof_off_t=4}
+ac_cv_sizeof_short=${ac_cv_sizeof_short=2}
+ac_cv_sizeof_size_t=${ac_cv_sizeof_size_t=8}
+ac_cv_sizeof_void_p=${ac_cv_sizeof_void_p=8}
+ac_cv_struct_exception=${ac_cv_struct_exception=no}
+ac_cv_struct_sockaddr_sa_len=${ac_cv_struct_sockaddr_sa_len=no}
+ac_cv_struct_tm=${ac_cv_struct_tm=time.h}
+ac_cv_type_off_t=${ac_cv_type_off_t=yes}
+ac_cv_type_pid_t=${ac_cv_type_pid_t=no}
+ac_cv_type_signal=${ac_cv_type_signal=void}
+ac_cv_type_size_t=${ac_cv_type_size_t=yes}
+ac_cv_type_uid_t=${ac_cv_type_uid_t=no}
+ac_cv_working_alloca_h=${ac_cv_working_alloca_h=no}
+erl_cv_time_correction=${erl_cv_time_correction=none}
+erts_cv___after_morecore_hook_can_track_malloc=${erts_cv___after_morecore_hook_can_track_malloc=no}
+erts_cv_fwrite_unlocked=${erts_cv_fwrite_unlocked=no}
+erts_cv_have__end_symbol=${erts_cv_have__end_symbol=no}
+erts_cv_have_end_symbol=${erts_cv_have_end_symbol=no}
+erts_cv_putc_unlocked=${erts_cv_putc_unlocked=no}
+erts_cv_windows_h_includes_winsock2_h=${erts_cv_windows_h_includes_winsock2_h=no}
diff --git a/erts/configure.in b/erts/configure.in
index e3eb6034e6..b801994e14 100644
--- a/erts/configure.in
+++ b/erts/configure.in
@@ -2,7 +2,7 @@ dnl Process this file with autoconf to produce a configure script. -*-m4-*-
 
 dnl %CopyrightBegin%
 dnl
-dnl Copyright Ericsson AB 1997-2011. All Rights Reserved.
+dnl Copyright Ericsson AB 1997-2012. All Rights Reserved.
 dnl
 dnl The contents of this file are subject to the Erlang Public License,
 dnl Version 1.1, (the "License"); you may not use this file except in
@@ -383,12 +383,6 @@ case $host_os in
 	# The ethread library requires _WIN32_WINNT of at least 0x0403.
 	# -D_WIN32_WINNT=* from CPPFLAGS is saved in ETHR_DEFS.
 	CPPFLAGS="$CPPFLAGS -D_WIN32_WINNT=0x0500 -DWINVER=0x0500"
-	# _USE_32BIT_TIME_T is needed when using VC++ 2005 (ctime() will fail
-	# otherwise since we pass it a 32-bit value).
-	#
-	# FIXME: Use time_t all the way and remove _USE_32BIT_TIME_T.
-	AC_MSG_WARN([Reverting to 32-bit time_t])
-	CPPFLAGS="$CPPFLAGS -D_USE_32BIT_TIME_T"
 	;;
     darwin*)
         CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE"
@@ -398,53 +392,7 @@ case $host_os in
 esac
 
 
-
-MIXED_CYGWIN=no
-
-AC_MSG_CHECKING(for mixed cygwin and native VC++ environment)
-if test "X$host" = "Xwin32" -a "x$GCC" != x"yes"; then
-	if test -x /usr/bin/cygpath; then
-		CFLAGS="-O2"
-		MIXED_CYGWIN=yes
-		AC_MSG_RESULT([yes])
-		MIXED_CYGWIN_VC=yes
-		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_VC"
-	else
-		AC_MSG_RESULT([undeterminable])
-		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
-	fi
-else
-	AC_MSG_RESULT([no])
-	MIXED_CYGWIN_VC=no
-fi
-AC_SUBST(MIXED_CYGWIN_VC)
-
-AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
-if test "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
-	if test -x /usr/bin/cygpath; then
-		CFLAGS="-O2"
-		MIXED_CYGWIN=yes
-		AC_MSG_RESULT([yes])
-		MIXED_CYGWIN_MINGW=yes
-		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_MINGW"
-	else
-		AC_MSG_RESULT([undeterminable])
-		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
-	fi
-else
-	AC_MSG_RESULT([no])
-	MIXED_CYGWIN_MINGW=no
-fi
-AC_SUBST(MIXED_CYGWIN_MINGW)
-
-AC_MSG_CHECKING(if we mix cygwin with any native compiler)
-if test "X$MIXED_CYGWIN" = "Xyes" ; then
-	AC_MSG_RESULT([yes])	
-else
-	AC_MSG_RESULT([no])
-fi
-
-AC_SUBST(MIXED_CYGWIN)
+LM_WINDOWS_ENVIRONMENT
 	
 dnl
 dnl Flags to the C compiler
@@ -490,19 +438,6 @@ CFLAG_RUNTIME_LIBRARY_PATH="-Wl,-R"
 case $host_os in
   darwin*)
 	CFLAG_RUNTIME_LIBRARY_PATH=
-	AC_TRY_COMPILE([],[
-		#if __GNUC__ >= 4 
-		;
-		#else
-		#error old or no gcc
-		#endif
-		],
-		gcc_need_no_cpp_precomp=no,
-		gcc_need_no_cpp_precomp=yes)
-
-	if test x$gcc_need_no_cpp_precomp = xyes; then
-	   CFLAGS="$CFLAGS -no-cpp-precomp"
-	fi		   
 	;;
   win32)
 	CFLAG_RUNTIME_LIBRARY_PATH=
@@ -1479,9 +1414,71 @@ AC_CHECK_HEADERS(fcntl.h limits.h unistd.h syslog.h dlfcn.h ieeefp.h \
                  sys/types.h sys/stropts.h sys/sysctl.h \
                  sys/ioctl.h sys/time.h sys/uio.h \
                  sys/socket.h sys/sockio.h sys/socketio.h \
-                 net/errno.h malloc.h arpa/nameser.h \
+                 net/errno.h malloc.h arpa/nameser.h libdlpi.h \
 		 pty.h util.h utmp.h langinfo.h poll.h sdkddkver.h)
 
+AC_CHECK_MEMBERS([struct ifreq.ifr_hwaddr], [], [],
+	[#ifdef __WIN32__
+	 #else
+	 #ifdef VXWORKS
+	 #else
+	 #include <net/if.h>
+	 #endif
+	 #endif
+	])
+
+AC_CHECK_MEMBERS([struct ifreq.ifr_enaddr], [], [],
+	[#ifdef __WIN32__
+	 #else
+	 #ifdef VXWORKS
+	 #else
+	 #include <net/if.h>
+	 #endif
+	 #endif
+	])
+
+dnl ----------------------------------------------------------------------
+dnl Check the availability for libdlpi
+dnl ----------------------------------------------------------------------
+AC_CHECK_LIB(dlpi, dlpi_open)
+if test x"$ac_cv_lib_dlpi_dlpi_open" = x"no"; then
+   unset -v ac_cv_lib_dlpi_dlpi_open
+   dnl Try again now with -L/lib (or ditto 64) as argument to linker since
+   dnl gcc makes /usr/ccs/bin/ld ignore the crle configured linker default paths
+   dnl typically causing dlpi not being found on Solaris et.al
+   save_ldflags="$LDFLAGS"
+   try_dlpi_lib=/lib
+   if test x"$ac_cv_sizeof_void_p" = x"8"; then
+      if test -d /lib64; then
+	 try_dlpi_lib=/lib64
+      elif test -d /lib/64; then
+	 try_dlpi_lib=/lib/64
+      fi
+   fi
+   if test ! -f "$try_dlpi_lib/libdlpi.so" && \
+      test -f "$try_dlpi_lib/libdlpi.so.1"
+   then
+      dnl It looks like there is a missing symlink
+      dnl - let's be helpful and notify the user
+      dnl NOTE this help is far from perfect e.g if there would be no
+      dnl *.so.1 but a *.so.1.123 or *.so.2 this will be no help
+      AC_MSG_ERROR(
+	[Your OS installation is missing a symbolic link.
+	Maybe it lacks some development package(s)...
+	It can anyhow be fixed with the following command:
+	# ln -s libdlpi.so.1 $try_dlpi_lib/libdlpi.so
+	])
+   fi
+   LDFLAGS="-L$try_dlpi_lib -R$try_dlpi_lib $LDFLAGS"
+   unset -v try_dlpi_lib
+   AC_MSG_NOTICE([Extending the search to include /lib])
+   AC_CHECK_LIB(dlpi, dlpi_open)
+   if test x"$ac_cv_lib_dlpi_dlpi_open" = x"no"; then
+      LDFLAGS="$save_ldflags"
+   fi
+   unset -v save_ldflags
+fi
+
 AC_CHECK_HEADER(sys/resource.h,
 	[AC_DEFINE(HAVE_SYS_RESOURCE_H, 1,
 		[Define to 1 if you have the <sys/resource.h> header file])
@@ -1508,6 +1505,9 @@ if test "x$enable_sctp" != "xno" ; then
 	 #include <sys/socket.h>
 	 #endif
 	])
+fi
+
+if test x"$ac_cv_header_netinet_sctp_h" = x"yes"; then
     AC_CHECK_FUNCS([sctp_bindx sctp_peeloff])
     AC_CHECK_DECLS([SCTP_UNORDERED, SCTP_ADDR_OVER, SCTP_ABORT,
                     SCTP_EOF, SCTP_SENDALL, SCTP_ADDR_CONFIRMED,
@@ -1589,6 +1589,7 @@ AC_CHECK_SIZEOF(void *)
 AC_CHECK_SIZEOF(long long)
 AC_CHECK_SIZEOF(size_t)
 AC_CHECK_SIZEOF(off_t)
+AC_CHECK_SIZEOF(time_t)
 
 BITS64=
 
@@ -1690,6 +1691,24 @@ dnl       fdatasync requires linking against -lrt on SunOS <= 5.10.
 dnl       OpenSolaris 2009.06 is SunOS 5.11 and does not require -lrt.
 AC_SEARCH_LIBS(fdatasync, [rt])
 
+
+dnl sendfile syscall
+case $host_os in
+    linux*|freebsd*|dragonfly*|darwin*)
+		AC_CHECK_FUNCS([sendfile])
+		;;
+    solaris*)
+		AC_SEARCH_LIBS(sendfilev, sendfile,
+			AC_DEFINE([HAVE_SENDFILEV],[1],
+		           [Define to 1 if you have the `sendfilev' function.]))
+		;;
+    win32)
+		LIBS="$LIBS -lmswsock"
+		;;
+    *)
+		;;
+esac
+
 dnl ----------------------------------------------------------------------
 dnl Checks for library functions.
 dnl ----------------------------------------------------------------------
@@ -2458,6 +2477,17 @@ case $ARCH-$OPSYS in
 		darwin_mcontext_leopard=no
 		;;
 esac
+
+if test X${enable_fp_exceptions} = Xauto ; then
+   case $host_os in
+	darwin*)
+	      enable_fp_exceptions=no
+	      AC_MSG_NOTICE([Floating point exceptions disabled by default on MacOS X]) ;;
+	      *)
+	      ;;
+    esac
+fi
+
 if test X${enable_fp_exceptions} = Xauto ; then
    if test X${enable_hipe} = Xyes; then
       enable_fp_exceptions=yes
@@ -2505,7 +2535,7 @@ static void new_fp_exception(void)
  * Implement unmask_fpe() and check_fpe() based on CPU/OS combination
  */
 
-#if (defined(__i386__) || defined(__x86_64__)) && defined(__GNUC__) && !defined(__CYGWIN__)
+#if (defined(__i386__) || defined(__x86_64__)) && defined(__GNUC__) && !defined(__CYGWIN__) && !defined(__MINGW32__)
 
 static void unmask_x87(void)
 {
@@ -3558,7 +3588,7 @@ elif test "x$with_ssl_zlib" = "xyes" || test "x$with_ssl_zlib" = "x"; then
 		AC_MSG_WARN([Cannot search for zlib; missing cross system root (erl_xcomp_sysroot).])
 		SSL_LINK_WITH_ZLIB=no	
 		STATIC_ZLIB_LIBS=	
-	elif  test "x$MIXED_CYGWIN" = "xyes"; then
+	elif  test "x$MIXED_CYGWIN" = "xyes" -o "x$MIXED_MSYS" = "xyes"; then
 		SSL_LINK_WITH_ZLIB=no	
 		STATIC_ZLIB_LIBS=	
 	else
@@ -3670,16 +3700,23 @@ case "$erl_xcomp_without_sysroot-$with_ssl" in
     	AC_CHECK_PROG(REGTOOL, regtool, regtool, false)
 	if test "$ac_cv_prog_REGTOOL" != false; then
 		wrp="/machine/software/microsoft/windows/currentversion/"
-		urp="uninstall/openssl_is1/inno setup: app path"
+	   	if test "x$ARCH" = "xamd64"; then
+		   urp="uninstall/openssl (64-bit)_is1/inno setup: app path"
+		   regtool_subsystem=-w
+		else
+		   urp="uninstall/openssl (32-bit)_is1/inno setup: app path"
+		   regtool_subsystem=-W
+		fi	
 		rp="$wrp$urp"
-		if regtool -q get "$rp" > /dev/null; then
+		if regtool -q $regtool_subsystem get "$rp" > /dev/null; then
 		   true
 		else
-		   urp="uninstall/openssl (32-bit)_is1/inno setup: app path"
+		   # Fallback to unspecified wordlength
+		   urp="uninstall/openssl_is1/inno setup: app path"
 		   rp="$wrp$urp"
 		fi	
-		if regtool -q get "$rp" > /dev/null; then
-			ssl_install_dir=`regtool -q get "$rp"`
+		if regtool -q $regtool_subsystem get "$rp" > /dev/null; then
+			ssl_install_dir=`regtool -q $regtool_subsystem get "$rp"`
 			# Try hard to get rid of spaces...
 			if cygpath -d "$ssl_install_dir" > /dev/null 2>&1; then
 				ssl_install_dir=`cygpath -d "$ssl_install_dir"`
@@ -3687,6 +3724,20 @@ case "$erl_xcomp_without_sysroot-$with_ssl" in
 			extra_dir=`cygpath $ssl_install_dir`
 		fi
 	fi
+    elif test "x$MIXED_MSYS" = "xyes"; then
+    	AC_CHECK_PROG(REGTOOL, reg_query.sh, reg_query.sh, false)
+	if test "$ac_cv_prog_REGTOOL" != false; then
+	   	if test "x$ARCH" = "xamd64"; then
+		   rp="HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/OpenSSL (64-bit)_is1"
+		else
+		   rp="HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/OpenSSL_is1"
+		fi	
+		key="Inno Setup: App Path"
+		if "$ac_cv_prog_REGTOOL" "$rp" "$key" > /dev/null; then
+			ssl_install_dir=`"$ac_cv_prog_REGTOOL" "$rp" "$key"`
+			extra_dir=`win2msys_path.sh "$ssl_install_dir"`
+		fi
+	fi
     fi
     # We search for OpenSSL in the common OS standard locations.
     SSL_APP=ssl
@@ -3695,14 +3746,25 @@ case "$erl_xcomp_without_sysroot-$with_ssl" in
 
     SSL_CRYPTO_LIBNAME=crypto
     SSL_SSL_LIBNAME=ssl
+    
+    if  test "x$MIXED_CYGWIN" = "xyes" -o "x$MIXED_MSYS" = "xyes"; then
+    	if test "x$ARCH" = "xamd64"; then
+	  std_win_ssl_locations="/cygdrive/c/OpenSSL-Win64 /c/OpenSSL-Win64 /opt/local64/pgm/OpenSSL"
+	else
+	  std_win_ssl_locations="/cygdrive/c/OpenSSL-Win32 /c/OpenSSL-Win32 /cygdrive/c/OpenSSL /c/OpenSSL /opt/local/pgm/OpenSSL"
+	fi
+    else
+        std_win_ssl_locations=""
+    fi
+
 
     AC_MSG_CHECKING(for OpenSSL >= 0.9.7 in standard locations)
-    for rdir in $extra_dir /cygdrive/c/OpenSSL $std_ssl_locations; do
+    for rdir in $extra_dir $std_win_ssl_locations $std_ssl_locations; do
 	dir="$erl_xcomp_sysroot$rdir"
 	if test -f "$erl_xcomp_isysroot$rdir/include/openssl/opensslv.h"; then
 		is_real_ssl=yes
 		SSL_ROOT="$dir"
-		if test "x$MIXED_CYGWIN" = "xyes" ; then
+		if test "x$MIXED_CYGWIN" = "xyes" -o "x$MIXED_MSYS" = "xyes"; then
 			if test -f "$dir/lib/VC/libeay32.lib"; then
 				SSL_RUNTIME_LIBDIR="$rdir/lib/VC"
 				SSL_LIBDIR="$dir/lib/VC"
@@ -3777,7 +3839,7 @@ case "$erl_xcomp_without_sysroot-$with_ssl" in
          		])
          		CPPFLAGS=$old_CPPFLAGS
 			if test "x$ssl_found" = "xyes"; then
-			   	if test "x$MIXED_CYGWIN" = "xyes" ; then
+			   	if test "x$MIXED_CYGWIN" = "xyes" -o "x$MIXED_MSYS" = "xyes"; then
 				   	ssl_linkable=yes
 				else
 					saveCFLAGS="$CFLAGS"
@@ -3889,7 +3951,7 @@ dnl		so it is - be adoptable
     SSL_ROOT="$with_ssl"
     SSL_CRYPTO_LIBNAME=crypto
     SSL_SSL_LIBNAME=ssl
-    if test "x$MIXED_CYGWIN" = "xyes" && test -d "$with_ssl/lib/VC"; then
+    if test "x$MIXED_CYGWIN" = "xyes" -o "x$MIXED_MSYS" = "xyes" && test -d "$with_ssl/lib/VC"; then
 	if test -f "$with_ssl/lib/VC/libeay32.lib"; then
 	    SSL_LIBDIR="$with_ssl/lib/VC"
 	    SSL_CRYPTO_LIBNAME=libeay32
@@ -4303,7 +4365,6 @@ AH_BOTTOM([
 #endif
 ])
 
-
 dnl ----------------------------------------------------------------------
 dnl Output the result.
 dnl ----------------------------------------------------------------------
@@ -4312,7 +4373,6 @@ dnl  Note that the output files are relative to $srcdir
 
 AC_OUTPUT(
   emulator/$host/Makefile:emulator/Makefile.in
-  emulator/zlib/$host/Makefile:emulator/zlib/Makefile.in
   epmd/src/$host/Makefile:epmd/src/Makefile.in
   etc/common/$host/Makefile:etc/common/Makefile.in
   include/internal/$host/ethread.mk:include/internal/ethread.mk.in
diff --git a/erts/doc/src/absform.xml b/erts/doc/src/absform.xml
index 88e8b284fb..4455d0ac92 100644
--- a/erts/doc/src/absform.xml
+++ b/erts/doc/src/absform.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2001</year><year>2009</year>
+      <year>2001</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/erts/doc/src/driver.xml b/erts/doc/src/driver.xml
index 9f246c4a6c..ac5729880d 100644
--- a/erts/doc/src/driver.xml
+++ b/erts/doc/src/driver.xml
@@ -30,11 +30,11 @@
   </header>
 
   <note><p>This document was written a long time ago. A lot of it is still
-           valid, but some things have changed since it was first written.
-	   Updates of this document are planned for the future. The reader
-	   is encouraged to also read the
-	   <seealso marker="erl_driver">erl_driver</seealso>, and the
-	   <seealso marker="erl_driver">driver_entry</seealso> documentation.
+           interesting since it explains important concepts, but it was
+	   written for an older driver interface so the examples does not
+	   work anymore. The reader is encouraged to read
+	   <seealso marker="erl_driver">erl_driver</seealso> and the
+	   <seealso marker="driver_entry">driver_entry</seealso> documentation.
    </p></note>
 
   <section>
diff --git a/erts/doc/src/driver_entry.xml b/erts/doc/src/driver_entry.xml
index 8bdd154cb9..a2efdf3ebc 100644
--- a/erts/doc/src/driver_entry.xml
+++ b/erts/doc/src/driver_entry.xml
@@ -34,18 +34,22 @@
   <lib>driver_entry</lib>
   <libsummary>The driver-entry structure used by erlang drivers.</libsummary>
   <description>
-    <p>As of erts version 5.5.3 the driver interface has been extended
-      (see <seealso marker="driver_entry#extended_marker">extended marker</seealso>).
-      The extended interface introduces
-      <seealso marker="erl_driver#version_management">version management</seealso>,
-      the possibility to pass capability flags
-      (see <seealso marker="driver_entry#driver_flags">driver flags</seealso>)
-      to the runtime system at driver initialization, and some new
-      driver API functions.      </p>
+    <p>
+      As of erts version 5.9 (OTP release R15B) the driver interface
+      has been changed with larger types for the callbacks
+      <seealso marker="#output">output</seealso>,
+      <seealso marker="#control">control</seealso> and
+      <seealso marker="#call">call</seealso>.
+      See driver <seealso marker="erl_driver#version_management">
+      version management</seealso> in
+      <seealso marker="erl_driver">erl_driver</seealso>.
+    </p>
     <note>
       <p>Old drivers (compiled with an <c>erl_driver.h</c> from an
-        earlier erts version than 5.5.3) have to be recompiled
-        (but do not have to use the extended interface).</p>
+      earlier erts version than 5.9) have to be updated and have
+      to use the extended interface (with
+      <seealso marker="erl_driver#version_management">version management
+      </seealso>).</p>
     </note>
     <p>The <c>driver_entry</c> structure is a C struct that all erlang
       drivers define. It contains entry points for the erlang driver
@@ -53,7 +57,7 @@
       the driver.</p>
     <p>      
       <marker id="emulator"></marker>
-      The <seealso marker="driver_entry">erl_driver</seealso> driver
+      The <seealso marker="erl_driver">erl_driver</seealso> driver
       API functions need a port handle
       that identifies the driver instance (and the port in the
       emulator). This is only passed to the <c>start</c> function, but
@@ -84,7 +88,7 @@
       the emulator, the driver is <em>not</em> allowed to modify the
       <c>driver_entry</c>.</p>
     <note>
-      <p>Do <em>not</em> declare the <c>driver_entry</c><c>const</c>. This since the emulator needs to
+      <p>Do <em>not</em> declare the <c>driver_entry</c> <c>const</c>. This since the emulator needs to
         modify the <c>handle</c>, and the <c>handle2</c>
         fields. A statically allocated, and <c>const</c>
         declared <c>driver_entry</c> may be located in
@@ -116,7 +120,7 @@ typedef struct erl_drv_entry {
     void (*stop)(ErlDrvData drv_data);
                                 /* called when port is closed, and when the
                                    emulator is halted. */
-    void (*output)(ErlDrvData drv_data, char *buf, int len);
+    void (*output)(ErlDrvData drv_data, char *buf, ErlDrvSizeT len);
                                 /* called when we have output from erlang to 
                                    the port */
     void (*ready_input)(ErlDrvData drv_data, ErlDrvEvent event); 
@@ -130,8 +134,9 @@ typedef struct erl_drv_entry {
     void (*finish)(void);       /* called before unloading the driver -
                                    DYNAMIC DRIVERS ONLY */
     void *handle;               /* Reserved -- Used by emulator internally */
-    int (*control)(ErlDrvData drv_data, unsigned int command, char *buf, 
-                   int len, char **rbuf, int rlen); 
+    ErlDrvSSizeT (*control)(ErlDrvData drv_data, unsigned int command,
+                            char *buf, ErlDrvSizeT len,
+			    char **rbuf, ErlDrvSizeT rlen);
                                 /* "ioctl" for drivers - invoked by 
                                    port_control/3 */
     void (*timeout)(ErlDrvData drv_data);        /* Handling of timeout in driver */
@@ -144,8 +149,9 @@ typedef struct erl_drv_entry {
                                    closed, and there is data in the 
                                    driver queue that needs to be flushed
                                    before 'stop' can be called */
-    int (*call)(ErlDrvData drv_data, unsigned int command, char *buf, 
-                   int len, char **rbuf, int rlen, unsigned int *flags); 
+    ErlDrvSSizeT (*call)(ErlDrvData drv_data, unsigned int command,
+                         char *buf, ErlDrvSizeT len,
+			 char **rbuf, ErlDrvSizeT rlen, unsigned int *flags);
                                 /* Works mostly like 'control', a synchronous
                                    call into the driver. */
     void (*event)(ErlDrvData drv_data, ErlDrvEvent event,
@@ -192,7 +198,7 @@ typedef struct erl_drv_entry {
 	  <c>start</c>, then <c>stop</c> is the place to deallocate that
 	  memory.</p>
       </item>
-      <tag><marker id="output"/>void (*output)(ErlDrvData drv_data, char *buf, int len)</tag>
+      <tag><marker id="output"/>void (*output)(ErlDrvData drv_data, char *buf, ErlDrvSizeT len)</tag>
       <item>
         <p>This is called when an erlang process has sent data to the
           port. The data is pointed to by <c>buf</c>, and is
@@ -243,7 +249,7 @@ typedef struct erl_drv_entry {
           emulator will modify this field; therefore, it is important
           that the <c>driver_entry</c> isn't declared <c>const</c>.</p> 
       </item>
-      <tag><marker id="control"></marker>int (*control)(ErlDrvData drv_data, unsigned int command, char *buf,  int len, char **rbuf, int rlen)</tag>
+      <tag><marker id="control"></marker>ErlDrvSSizeT (*control)(ErlDrvData drv_data, unsigned int command, char *buf, ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen)</tag>
       <item>
         <p>This is a special routine invoked with the erlang function
           <c>port_control/3</c>. It works a little like an "ioctl" for
@@ -316,7 +322,7 @@ typedef struct erl_drv_entry {
           opposed to the asynchronous function, which is called in
           some thread (if multithreading is enabled).</p>
       </item>
-      <tag><marker id="call"/>int (*call)(ErlDrvData drv_data, unsigned int command, char *buf, int len, char **rbuf, int rlen, unsigned int *flags)</tag>
+      <tag><marker id="call"/>ErlDrvSSizeT (*call)(ErlDrvData drv_data, unsigned int command, char *buf, ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen, unsigned int *flags)</tag>
       <item>
         <p>This function is called from <c>erlang:port_call/3</c>. It
           works a lot like the <c>control</c> call-back, but uses the
@@ -452,7 +458,7 @@ typedef struct erl_drv_entry {
     <title>SEE ALSO</title>
     <p><seealso marker="erl_driver">erl_driver(3)</seealso>, 
       <seealso marker="kernel:erl_ddll">erl_ddll(3)</seealso>,
-      <seealso marker="erts:erlang">erlang(3)</seealso>,
+      <seealso marker="erlang">erlang(3)</seealso>,
       kernel(3)</p>
   </section>
 </cref>
diff --git a/erts/doc/src/erl.xml b/erts/doc/src/erl.xml
index d0a0ceaeba..cfbc38f176 100644
--- a/erts/doc/src/erl.xml
+++ b/erts/doc/src/erl.xml
@@ -41,25 +41,11 @@
       to scroll back to text which has scrolled off the screen.
       The <c><![CDATA[erl]]></c> program must be used, however, in pipelines or if
       you want to redirect standard input or output.</p>
-      <note><p>As of ERTS version 5.8 (OTP-R14A) the runtime system will by
-               default bind schedulers to logical processors using the
-	       <c>default_bind</c> bind type if the amount of schedulers are
-	       at least equal to the amount of logical processors configured,
-	       binding of schedulers is supported, and a CPU topology is
-	       available at startup.
-	    </p><p>
-	       If the Erlang runtime system is the only operating system
-	       process that binds threads to logical processors, this
-	       improves the performance of the runtime system. However,
-	       if other operating system processes (as for example
-	       another Erlang runtime system) also bind threads to
-	       logical processors, there might be a performance penalty
-	       instead. If this is the case you, are are advised to
-	       unbind the schedulers using the
-	       <seealso marker="#+sbt">+sbtu</seealso> command line argument,
-	       or by invoking
-	       <seealso marker="erlang#system_flag_scheduler_bind_type">erlang:system_flag(scheduler_bind_type,
-	       unbound)</seealso>.</p>
+      <note><p>As of ERTS version 5.9 (OTP-R15B) the runtime system will by
+               default <em>not</em> bind schedulers to logical processors.
+	       For more information see documentation of the
+	       <seealso marker="#+sbt">+sbt</seealso> system flag.
+	    </p>
       </note>
   </description>
   <funcs>
@@ -679,41 +665,66 @@
 	    </p>
 	    <taglist>
 	      <tag><c>u</c></tag>
-	      <item><p>Same as
-	      <seealso marker="erlang#system_flag_scheduler_bind_type">erlang:system_flag(scheduler_bind_type, unbound)</seealso>.
-	      </p></item>
+              <item>
+                <p><c>unbound</c> - Schedulers will not be bound to logical
+		processors, i.e., the operating system decides where the
+		scheduler threads execute, and when to migrate them. This is
+		the default.</p>
+              </item>
 	      <tag><c>ns</c></tag>
-	      <item><p>Same as
-	      <seealso marker="erlang#system_flag_scheduler_bind_type">erlang:system_flag(scheduler_bind_type, no_spread)</seealso>.
-	      </p></item>
+              <item>
+                <p><c>no_spread</c> - Schedulers with close scheduler
+		identifiers will be bound as close as possible in hardware.</p>
+              </item>
 	      <tag><c>ts</c></tag>
-	      <item><p>Same as
-	      <seealso marker="erlang#system_flag_scheduler_bind_type">erlang:system_flag(scheduler_bind_type, thread_spread)</seealso>.
-	      </p></item>
+              <item>
+                <p><c>thread_spread</c> - Thread refers to hardware threads
+		(e.g. Intel's hyper-threads). Schedulers with low scheduler
+		identifiers, will be bound to the first hardware thread of
+		each core, then schedulers with higher scheduler identifiers
+		will be bound to the second hardware thread of each core,
+		etc.</p>
+              </item>
 	      <tag><c>ps</c></tag>
-	      <item><p>Same as
-	      <seealso marker="erlang#system_flag_scheduler_bind_type">erlang:system_flag(scheduler_bind_type, processor_spread)</seealso>.
-	      </p></item>
+              <item>
+                <p><c>processor_spread</c> - Schedulers will be spread like
+		<c>thread_spread</c>, but also over physical processor chips.</p>
+              </item>
 	      <tag><c>s</c></tag>
-	      <item><p>Same as
-	      <seealso marker="erlang#system_flag_scheduler_bind_type">erlang:system_flag(scheduler_bind_type, spread)</seealso>.
-	      </p></item>
+              <item>
+                <p><c>spread</c> - Schedulers will be spread as much as
+		possible.</p>
+              </item>
 	      <tag><c>nnts</c></tag>
-	      <item><p>Same as
-	      <seealso marker="erlang#system_flag_scheduler_bind_type">erlang:system_flag(scheduler_bind_type, no_node_thread_spread)</seealso>.
-	      </p></item>
+              <item>
+                <p><c>no_node_thread_spread</c> - Like <c>thread_spread</c>,
+		but if multiple NUMA (Non-Uniform Memory Access) nodes exists,
+		schedulers will be spread over one NUMA node at a time,
+		i.e., all logical processors of one NUMA node will be bound
+		to schedulers in sequence.</p>
+              </item>
 	      <tag><c>nnps</c></tag>
-	      <item><p>Same as
-	      <seealso marker="erlang#system_flag_scheduler_bind_type">erlang:system_flag(scheduler_bind_type, no_node_processor_spread)</seealso>.
-	      </p></item>
+              <item>
+                <p><c>no_node_processor_spread</c> - Like
+		<c>processor_spread</c>, but if multiple NUMA nodes exists,
+		schedulers will be spread over one NUMA node at a time, i.e.,
+		all logical processors of one NUMA node will be bound to
+		schedulers in sequence.</p>
+              </item>
 	      <tag><c>tnnps</c></tag>
-	      <item><p>Same as
-	      <seealso marker="erlang#system_flag_scheduler_bind_type">erlang:system_flag(scheduler_bind_type, thread_no_node_processor_spread)</seealso>.
-	      </p></item>
+              <item>
+                <p><c>thread_no_node_processor_spread</c> - A combination of
+		<c>thread_spread</c>, and <c>no_node_processor_spread</c>.
+		Schedulers will be spread over hardware threads across NUMA
+		nodes, but schedulers will only be spread over processors
+		internally in one NUMA node at a time.</p>
+              </item>
 	      <tag><c>db</c></tag>
-	      <item><p>Same as
-	      <seealso marker="erlang#system_flag_scheduler_bind_type">erlang:system_flag(scheduler_bind_type, default_bind)</seealso>.
-	      </p></item>
+              <item>
+                <p><c>default_bind</c> - Binds schedulers the default way.
+		Currently the default is <c>thread_no_node_processor_spread</c>
+		(which might change in the future).</p>
+              </item>
 	    </taglist>
 	    <p>Binding of schedulers is currently only supported on newer
 	       Linux, Solaris, FreeBSD, and Windows systems.</p>
@@ -725,24 +736,34 @@
 	       that the <c>+sct</c> flag may have to be passed before the
 	       <c>+sbt</c> flag on the command line (in case no CPU topology
 	       has been automatically detected).</p>
-            <p>The runtime system will by default bind schedulers to logical
-	       processors using the <c>default_bind</c> bind type if the amount
-	       of schedulers are at least equal to the amount of logical
-	       processors configured, binding of schedulers is supported,
-	       and a CPU topology is available at startup.
+            <p>The runtime system will by default <em>not</em> bind schedulers
+	       to logical processors.
 	    </p>
-	    <p><em>NOTE:</em> If the Erlang runtime system is the only operating
-	       system process that binds threads to logical processors, this
-	       improves the performance of the runtime system. However, if other
-	       operating system processes (as for example another Erlang runtime
-	       system) also bind threads to logical processors, there might be a
-	       performance penalty instead. If this is the case you, are advised
-	       to unbind the schedulers using the <c>+sbtu</c> command line
-	       argument, or by invoking
-	       <seealso marker="erlang#system_flag_scheduler_bind_type">erlang:system_flag(scheduler_bind_type,
-	       unbound)</seealso>.</p>
-	    <p>For more information, see
-	    <seealso marker="erlang#system_flag_scheduler_bind_type">erlang:system_flag(scheduler_bind_type, SchedulerBindType)</seealso>.
+	    <p><em>NOTE:</em> If the Erlang runtime system is the only operating system
+	       process that binds threads to logical processors, this
+	       improves the performance of the runtime system. However,
+	       if other operating system processes (as for example
+	       another Erlang runtime system) also bind threads to
+	       logical processors, there might be a performance penalty
+	       instead. In some cases this performance penalty might be
+	       severe. If this is the case, you are advised to not
+	       bind the schedulers.</p>
+            <p>How schedulers are bound matters. For example, in
+	       situations when there are fewer running processes than
+	       schedulers online, the runtime system tries to migrate
+	       processes to schedulers with low scheduler identifiers.
+	       The more the schedulers are spread over the hardware,
+	       the more resources will be available to the runtime
+	       system in such situations.
+	    </p>
+	    <p>
+	       <em>NOTE:</em> If a scheduler fails to bind, this
+	       will often be silently ignored. This since it isn't always
+	       possible to verify valid logical processor identifiers. If
+	       an error is reported, it will be reported to the
+	       <c>error_logger</c>. If you want to verify that the
+	       schedulers actually have bound as requested, call
+	       <seealso marker="erlang#system_info_scheduler_bindings">erlang:system_info(scheduler_bindings)</seealso>.
 	    </p>
           </item>
           <tag><marker id="+scl"><c>+scl true|false</c></marker></tag>
@@ -773,6 +794,12 @@
               <item><c><![CDATA[<IdDefs> = <LogicalIds><ThreadIds><CoreIds><ProcessorIds><NodeIds> | <LogicalIds><ThreadIds><CoreIds><NodeIds><ProcessorIds>]]></c></item>
               <item><c><![CDATA[CpuTopology = <IdDefs>:<IdDefs> | <IdDefs>]]></c></item>
             </list>
+            <p>Set a user defined CPU topology. The user defined
+	       CPU topology will override any automatically detected
+	       CPU topology. The CPU topology is used when
+	       <seealso marker="#+sbt">binding schedulers to logical
+	       processors</seealso>.
+	    </p>
             <p>Upper-case letters signify real identifiers and lower-case
 	       letters signify fake identifiers only used for description
 	       of the topology. Identifiers passed as real identifiers may
@@ -872,7 +899,7 @@
 	        how the real CPU topology looks like is likely to
 		decrease the performance of the runtime system.</p>
 	    <p>For more information, see
-	    <seealso marker="erlang#system_flag_cpu_topology">erlang:system_flag(cpu_topology, CpuTopology)</seealso>.</p>
+	    <seealso marker="erlang#system_info_cpu_topology">erlang:system_info(cpu_topology)</seealso>.</p>
           </item>
 	  <tag><marker id="+swt"><c>+swt very_low|low|medium|high|very_high</c></marker></tag>
 	  <item>
diff --git a/erts/doc/src/erl_driver.xml b/erts/doc/src/erl_driver.xml
index 8e18dd6657..b5df4ca0c8 100644
--- a/erts/doc/src/erl_driver.xml
+++ b/erts/doc/src/erl_driver.xml
@@ -37,15 +37,18 @@
     <p>As of erts version 5.5.3 the driver interface has been extended
       (see <seealso marker="driver_entry#extended_marker">extended marker</seealso>).
       The extended interface introduce
-      <seealso marker="erl_driver#version_management">version management</seealso>,
+      <seealso marker="#version_management">version management</seealso>,
       the possibility to pass capability flags
       (see <seealso marker="driver_entry#driver_flags">driver flags</seealso>)
       to the runtime system at driver initialization, and some new
       driver API functions.      </p>
     <note>
-      <p>Old drivers (compiled with an <c>erl_driver.h</c> from an
-        earlier erts version than 5.5.3) have to be recompiled
-        (but does not have to use the extended interface).</p>
+      <p>As of erts version 5.9 old drivers has to be recompiled
+      and has to use the extended interface. They also has to be
+      adjusted to the
+      <seealso marker="#rewrites_for_64_bits">64-bit capable driver interface.
+      </seealso>
+      </p>
     </note>
     <p>The driver calls back to the emulator, using the API
       functions declared in <c>erl_driver.h</c>. They are used for
@@ -242,9 +245,9 @@
       </p>
       </item>
       <tag>Adding / removing drivers</tag>
-      <item>A driver can add and later remove drivers.</item>
+      <item><p>A driver can add and later remove drivers.</p></item>
       <tag>Monitoring processes</tag>
-      <item>A driver can monitor a process that does not own a port.</item>
+      <item><p>A driver can monitor a process that does not own a port.</p></item>
       <tag><marker id="version_management">Version management</marker></tag>
       <item>
         <p>Version management is enabled for drivers that have set the
@@ -268,15 +271,203 @@
           versions differ, or if the major versions are equal and the
           minor version used by the driver is greater than the one used
           by the runtime system.</p>
-        <p>The emulator tries to check that a driver that doesn't use the
-          extended driver interface isn't incompatible when loading it.
-          It can, however, not make sure that it isn't incompatible. Therefore,
-          when loading a driver that doesn't use the extended driver
-          interface, there is a risk that it will be loaded also when
-          the driver is incompatible. When the driver uses the extended driver
-          interface, the emulator can verify that it isn't of an incompatible
-          driver version. You are therefore advised to use the extended driver
-          interface.</p>
+	<p>The emulator will refuse to load a driver that does not use
+	  the extended driver interface since,
+	  to allow for 64-bit capable drivers,
+	  incompatible type changes for the callbacks
+	  <seealso marker="driver_entry#output">output</seealso>,
+	  <seealso marker="driver_entry#control">control</seealso> and
+	  <seealso marker="driver_entry#call">call</seealso>
+	  were introduced in release R15B. A driver written
+	  with the old types would compile with warnings and when
+	  called return garbage sizes to the emulator causing it
+	  to read random memory and create huge incorrect result blobs.</p>
+	<p>Therefore it is not enough to just recompile drivers written with
+	  version management for pre-R15B types; the types has to be changed
+	  in the driver suggesting other rewrites especially regarding
+	  size variables. Investigate all warnings when recompiling!</p>
+	<p>Also, the API driver functions <c>driver_output*</c>,
+	  <c>driver_vec_to_buf</c>, <c>driver_alloc/realloc*</c>
+	  and the <c>driver_*</c> queue functions were changed to have
+	  larger length arguments and return values. This is a
+	  lesser problem since code that passes smaller types
+	  will get them auto converted in the calls and as long as
+	  the driver does not handle sizes that overflow an <c>int</c>
+	  all will work as before.</p>
+      </item>
+    </taglist>
+  </section>
+
+  <section>
+    <marker id="rewrites_for_64_bits"/>
+    <title>
+      REWRITES FOR 64-BIT DRIVER INTERFACE
+    </title>
+    <p>
+      For erts-5.9 two new integer types
+      <seealso marker="#ErlDrvSizeT">ErlDrvSizeT</seealso> and
+      <seealso marker="#ErlDrvSSizeT">ErlDrvSSizeT</seealso>
+      were introduced that can hold 64-bit sizes if necessary.
+    </p>
+    <p>
+      To not update a driver and just recompile it probably works
+      when building for a 32-bit machine creating a false sense of security.
+      Hopefully that will generate many important warnings.
+      But when recompiling the same driver later on for a 64-bit machine
+      there <em>will</em> be warnings and almost certainly crashes.
+      So it is a BAD idea to postpone updating the driver and
+      not fixing the warnings!
+    </p>
+    <p>
+      When recompiling with <c>gcc</c> use the <c>-Wstrict-prototypes</c>
+      flag to get better warnings. Try to find a similar flag if you
+      are using some other compiler.
+    </p>
+    <p>
+      Here follows a checklist for rewriting a pre erts-5.9 driver,
+      most important first.
+    </p>
+    <taglist>
+      <tag>Return types for driver callbacks</tag>
+      <item>
+	<p>
+	  Rewrite driver callback
+	  <c><seealso marker="driver_entry#control">control</seealso></c>
+	  to use return type <c>ErlDrvSSizeT</c> instead of <c>int</c>.
+	</p>
+	<p>
+	  Rewrite driver callback
+	  <c><seealso marker="driver_entry#call">call</seealso></c>
+	  to use return type <c>ErlDrvSSizeT</c> instead of <c>int</c>.
+	</p>
+	<note>
+	  <p>
+	    These changes are essential to not crash the emulator
+	    or worse cause malfunction.
+	    Without them a driver may return garbage in the high 32 bits
+	    to the emulator causing it to build a huge result from random
+	    bytes either crashing on memory allocation or succeeding with
+	    a random result from the driver call.
+	  </p>
+	</note>
+      </item>
+      <tag>Arguments to driver callbacks</tag>
+      <item>
+	<p>
+	  Driver callback
+	  <c><seealso marker="driver_entry#output">output</seealso></c>
+	  now gets <c>ErlDrvSizeT</c> as 3:rd argument instead
+	  of previously <c>int</c>.
+	</p>
+	<p>
+	  Driver callback
+	  <c><seealso marker="driver_entry#control">control</seealso></c>
+	  now gets <c>ErlDrvSizeT</c> as 4:th and 6:th arguments instead
+	  of previously <c>int</c>.
+	</p>
+	<p>
+	  Driver callback
+	  <c><seealso marker="driver_entry#call">call</seealso></c>
+	  now gets <c>ErlDrvSizeT</c> as 4:th and 6:th arguments instead
+	  of previously <c>int</c>.
+	</p>
+	<p>
+	  Sane compiler's calling conventions probably make these changes
+	  necessary only for a driver to handle data chunks that require
+	  64-bit size fields (mostly larger than 2 GB since that is what
+	  an <c>int</c> of 32 bits can hold). But it is possible to think
+	  of non-sane calling conventions that would make the driver
+	  callbacks mix up the arguments causing malfunction.
+	</p>
+	<note>
+	  <p>
+	    The argument type change is from signed to unsigned which
+	    may cause problems for e.g. loop termination conditions or
+	    error conditions if you just change the types all over the place.
+	  </p>
+	</note>
+      </item>
+      <tag>Larger <c>size</c> field in <c>ErlIOVec</c></tag>
+      <item>
+	<p>
+	  The <c>size</c> field in
+	  <seealso marker="#ErlIOVec"><c>ErlIOVec</c></seealso>
+	  has been changed to <c>ErlDrvSizeT</c> from <c>int</c>.
+	  Check all code that use that field.
+	</p>
+	<p>
+	  Automatic type casting probably makes these changes necessary only
+	  for a driver that encounters sizes larger than 32 bits.
+	</p>
+	<note>
+	  <p>
+	    The <c>size</c> field changed from signed to unsigned which
+	    may cause problems for e.g. loop termination conditions or
+	    error conditions if you just change the types all over the place.
+	  </p>
+	</note>
+      </item>
+      <tag>Arguments and return values in the driver API</tag>
+      <item>
+	<p>
+	  Many driver API functions has changed argument type
+	  and/or return value to <c>ErlDrvSizeT</c> from mostly <c>int</c>.
+	  Automatic type casting probably makes these changes necessary only
+	  for a driver that encounters sizes larger than 32 bits.
+	</p>
+	<taglist>
+	  <tag><seealso marker="#driver_output">driver_output</seealso></tag>
+	  <item>3:rd argument</item>
+	  <tag><seealso marker="#driver_output2">driver_output2</seealso></tag>
+	  <item>3:rd and 5:th arguments</item>
+	  <tag>
+	  <seealso marker="#driver_output_binary">driver_output_binary</seealso>
+	  </tag>
+	  <item>3:rd 5:th and 6:th arguments</item>
+	  <tag><seealso marker="#driver_outputv">driver_outputv</seealso></tag>
+	  <item>3:rd and 5:th arguments</item>
+	  <tag>
+	  <seealso marker="#driver_vec_to_buf">driver_vec_to_buf</seealso>
+	  </tag>
+	  <item>3:rd argument and return value</item>
+	  <tag><seealso marker="#driver_alloc">driver_alloc</seealso></tag>
+	  <item>1:st argument</item>
+	  <tag><seealso marker="#driver_realloc">driver_realloc</seealso></tag>
+	  <item>2:nd argument</item>
+	  <tag>
+	  <seealso marker="#driver_alloc_binary">driver_alloc_binary</seealso>
+	  </tag>
+	  <item>1:st argument</item>
+	  <tag>
+	  <seealso marker="#driver_realloc_binary">driver_realloc_binary</seealso>
+	  </tag>
+	  <item>2:nd argument</item>
+	  <tag><seealso marker="#driver_enq">driver_enq</seealso></tag>
+	  <item>3:rd argument</item>
+	  <tag><seealso marker="#driver_pushq">driver_pushq</seealso></tag>
+	  <item>3:rd argument</item>
+	  <tag><seealso marker="#driver_deq">driver_deq</seealso></tag>
+	  <item>2:nd argument and return value</item>
+	  <tag><seealso marker="#driver_sizeq">driver_sizeq</seealso></tag>
+	  <item>return value</item>
+	  <tag><seealso marker="#driver_enq_bin">driver_enq_bin</seealso></tag>
+	  <item>3:rd and 4:th argument</item>
+	  <tag><seealso marker="#driver_pushq_bin">driver_pushq_bin</seealso></tag>
+	  <item>3:rd and 4:th argument</item>
+	  <tag><seealso marker="#driver_enqv">driver_enqv</seealso></tag>
+	  <item>3:rd argument</item>
+	  <tag><seealso marker="#driver_pushqv">driver_pushqv</seealso></tag>
+	  <item>3:rd argument</item>
+	  <tag><seealso marker="#driver_peekqv">driver_peekqv</seealso></tag>
+	  <item>return value</item>
+	</taglist>
+	<note>
+	  <p>
+	    This is a change from signed to unsigned which
+	    may cause problems for e.g. loop termination conditions and
+	    error conditions if you just change the types all over the place.
+	  </p>
+	</note>
       </item>
     </taglist>
   </section>
@@ -285,7 +476,11 @@
     <title>DATA TYPES</title>
 
     <taglist>
-     <tag><marker id="ErlDrvSysInfo"/>ErlDrvSysInfo</tag>
+      <tag><marker id="ErlDrvSizeT"/>ErlDrvSizeT</tag>
+      <item><p>An unsigned integer type to be used as <c>size_t</c></p></item>
+      <tag><marker id="ErlDrvSSizeT"/>ErlDrvSSizeT</tag>
+      <item><p>A signed integer type the size of <c>ErlDrvSizeT</c></p></item>
+      <tag><marker id="ErlDrvSysInfo"/>ErlDrvSysInfo</tag>
       <item>
       <p/>
       <code type="none">
@@ -332,12 +527,12 @@ typedef struct ErlDrvSysInfo {
         <tag><c>erts_version</c></tag>
         <item>A string containing the version number of the runtime system
            (the same as returned by
-          <seealso marker="erts:erlang#system_info_version">erlang:system_info(version)</seealso>).
+          <seealso marker="erlang#system_info_version">erlang:system_info(version)</seealso>).
         </item>
         <tag><c>otp_release</c></tag>
         <item>A string containing the OTP release number
            (the same as returned by
-          <seealso marker="erts:erlang#system_info_otp_release">erlang:system_info(otp_release)</seealso>).
+          <seealso marker="erlang#system_info_otp_release">erlang:system_info(otp_release)</seealso>).
         </item>
         <tag><c>thread_support</c></tag>
         <item>A value <c>!= 0</c> if the runtime system has thread support;
@@ -351,12 +546,12 @@ typedef struct ErlDrvSysInfo {
         <item>The number of async threads in the async thread pool used
            by <seealso marker="#driver_async">driver_async()</seealso>
            (the same as returned by
-          <seealso marker="erts:erlang#system_info_thread_pool_size">erlang:system_info(thread_pool_size)</seealso>).
+          <seealso marker="erlang#system_info_thread_pool_size">erlang:system_info(thread_pool_size)</seealso>).
         </item>
         <tag><c>scheduler_threads</c></tag>
         <item>The number of scheduler threads used by the runtime system
            (the same as returned by
-          <seealso marker="erts:erlang#system_info_schedulers">erlang:system_info(schedulers)</seealso>).
+          <seealso marker="erlang#system_info_schedulers">erlang:system_info(schedulers)</seealso>).
         </item>
         <tag><c>nif_major_version</c></tag>
         <item>The value of <c>ERL_NIF_MAJOR_VERSION</c> when the runtime system was compiled.
@@ -371,7 +566,7 @@ typedef struct ErlDrvSysInfo {
       <p/>
       <code type="none">
 typedef struct ErlDrvBinary {
-   int orig_size;
+   ErlDrvSint orig_size;
    char orig_bytes[];
 } ErlDrvBinary;
 </code>
@@ -423,7 +618,7 @@ typedef struct ErlDrvBinary {
       <item>
         <p>The <c>ErlDrvData</c> is a handle to driver-specific data,
           passed to the driver call-backs. It is a pointer, and is
-          most often casted to a specific pointer in the driver.</p>
+          most often type casted to a specific pointer in the driver.</p>
       </item>
       <tag>SysIOVec</tag>
       <item>
@@ -437,7 +632,7 @@ typedef struct ErlDrvBinary {
       <code type="none">
 typedef struct ErlIOVec {
   int vsize;
-  int size;
+  ErlDrvSizeT size;
   SysIOVec* iov;
   ErlDrvBinary** binv;
 } ErlIOVec;
@@ -630,7 +825,7 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
-      <name><ret>int</ret><nametext>driver_output(ErlDrvPort port, char *buf, int len)</nametext></name>
+      <name><ret>int</ret><nametext>driver_output(ErlDrvPort port, char *buf, ErlDrvSizeT len)</nametext></name>
       <fsummary>Send data from driver to port owner</fsummary>
       <desc>
         <marker id="driver_output"></marker>
@@ -650,7 +845,7 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
-      <name><ret>int</ret><nametext>driver_output2(ErlDrvPort port, char *hbuf, int hlen, char *buf, int len)</nametext></name>
+      <name><ret>int</ret><nametext>driver_output2(ErlDrvPort port, char *hbuf, ErlDrvSizeT hlen, char *buf, ErlDrvSizeT len)</nametext></name>
       <fsummary>Send data and binary data to port owner</fsummary>
       <desc>
         <marker id="driver_output2"></marker>
@@ -665,7 +860,7 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
-      <name><ret>int</ret><nametext>driver_output_binary(ErlDrvPort port, char *hbuf, int hlen, ErlDrvBinary* bin, int offset, int len)</nametext></name>
+      <name><ret>int</ret><nametext>driver_output_binary(ErlDrvPort port, char *hbuf, ErlDrvSizeT hlen, ErlDrvBinary* bin, ErlDrvSizeT offset, ErlDrvSizeT len)</nametext></name>
       <fsummary>Send data from a driver binary to port owner</fsummary>
       <desc>
         <marker id="driver_output_binary"></marker>
@@ -688,7 +883,7 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
-      <name><ret>int</ret><nametext>driver_outputv(ErlDrvPort port, char* hbuf, int hlen,  ErlIOVec *ev, int skip)</nametext></name>
+      <name><ret>int</ret><nametext>driver_outputv(ErlDrvPort port, char* hbuf, ErlDrvSizeT hlen,  ErlIOVec *ev, ErlDrvSizeT skip)</nametext></name>
       <fsummary>Send vectorized data to port owner</fsummary>
       <desc>
         <marker id="driver_outputv"></marker>
@@ -711,7 +906,7 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
-      <name><ret>int</ret><nametext>driver_vec_to_buf(ErlIOVec *ev, char *buf, int len)</nametext></name>
+      <name><ret>ErlDrvSizeT</ret><nametext>driver_vec_to_buf(ErlIOVec *ev, char *buf, ErlDrvSizeT len)</nametext></name>
       <fsummary>Collect data segments into a buffer</fsummary>
       <desc>
         <marker id="driver_vec_to_buf"></marker>
@@ -738,7 +933,7 @@ typedef struct ErlIOVec {
           <c>time</c> parameter is the time in milliseconds before the
           timer expires.</p>
         <p>When the timer reaches 0 and expires, the driver entry
-          function <seealso marker="driver_entry#emulator">timeout</seealso> is called.</p>
+          function <seealso marker="driver_entry#timeout">timeout</seealso> is called.</p>
         <p>Note that there is only one timer on each driver instance;
           setting a new timer will replace an older one.</p>
         <p>Return value is 0 (-1 only when the <c>timeout</c> driver
@@ -832,7 +1027,7 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
-      <name><ret>void *</ret><nametext>driver_alloc(size_t size)</nametext></name>
+      <name><ret>void *</ret><nametext>driver_alloc(ErlDrvSizeT size)</nametext></name>
       <fsummary>Allocate memory</fsummary>
       <desc>
         <marker id="driver_alloc"></marker>
@@ -846,7 +1041,7 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
-      <name><ret>void *</ret><nametext>driver_realloc(void *ptr, size_t size)</nametext></name>
+      <name><ret>void *</ret><nametext>driver_realloc(void *ptr, ErlDrvSizeT size)</nametext></name>
       <fsummary>Resize an allocated memory block</fsummary>
       <desc>
         <marker id="driver_realloc"></marker>
@@ -872,7 +1067,7 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
-      <name><ret>ErlDrvBinary*</ret><nametext>driver_alloc_binary(int size)</nametext></name>
+      <name><ret>ErlDrvBinary*</ret><nametext>driver_alloc_binary(ErlDrvSizeT size)</nametext></name>
       <fsummary>Allocate a driver binary</fsummary>
       <desc>
         <marker id="driver_alloc_binary"></marker>
@@ -892,7 +1087,7 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
-      <name><ret>ErlDrvBinary*</ret><nametext>driver_realloc_binary(ErlDrvBinary *bin, int size)</nametext></name>
+      <name><ret>ErlDrvBinary*</ret><nametext>driver_realloc_binary(ErlDrvBinary *bin, ErlDrvSizeT size)</nametext></name>
       <fsummary>Resize a driver binary</fsummary>
       <desc>
         <marker id="driver_realloc_binary"></marker>
@@ -958,7 +1153,7 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
-      <name><ret>int</ret><nametext>driver_enq(ErlDrvPort port, char* buf, int len)</nametext></name>
+      <name><ret>int</ret><nametext>driver_enq(ErlDrvPort port, char* buf, ErlDrvSizeT len)</nametext></name>
       <fsummary>Enqueue data in the driver queue</fsummary>
       <desc>
         <marker id="driver_enq"></marker>
@@ -982,7 +1177,7 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
-      <name><ret>int</ret><nametext>driver_pushq(ErlDrvPort port, char* buf, int len)</nametext></name>
+      <name><ret>int</ret><nametext>driver_pushq(ErlDrvPort port, char* buf, ErlDrvSizeT len)</nametext></name>
       <fsummary>Push data at the head of the driver queue</fsummary>
       <desc>
         <marker id="driver_pushq"></marker>
@@ -997,7 +1192,7 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
-      <name><ret>int</ret><nametext>driver_deq(ErlDrvPort port, int size)</nametext></name>
+      <name><ret>ErlDrvSizeT</ret><nametext>driver_deq(ErlDrvPort port, ErlDrvSizeT size)</nametext></name>
       <fsummary>Dequeue data from the head of the driver queue</fsummary>
       <desc>
         <marker id="driver_deq"></marker>
@@ -1013,7 +1208,7 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
-      <name><ret>int</ret><nametext>driver_sizeq(ErlDrvPort port)</nametext></name>
+      <name><ret>ErlDrvSizeT</ret><nametext>driver_sizeq(ErlDrvPort port)</nametext></name>
       <fsummary>Return the size of the driver queue</fsummary>
       <desc>
         <marker id="driver_sizeq"></marker>
@@ -1026,7 +1221,7 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
-      <name><ret>int</ret><nametext>driver_enq_bin(ErlDrvPort port, ErlDrvBinary *bin, int offset,  int len)</nametext></name>
+      <name><ret>int</ret><nametext>driver_enq_bin(ErlDrvPort port, ErlDrvBinary *bin, ErlDrvSizeT offset, ErlDrvSizeT len)</nametext></name>
       <fsummary>Enqueue binary in the driver queue</fsummary>
       <desc>
         <marker id="driver_enq_bin"></marker>
@@ -1043,7 +1238,7 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
-      <name><ret>int</ret><nametext>driver_pushq_bin(ErlDrvPort port, ErlDrvBinary *bin, int offset, int len)</nametext></name>
+      <name><ret>int</ret><nametext>driver_pushq_bin(ErlDrvPort port, ErlDrvBinary *bin, ErlDrvSizeT offset, ErlDrvSizeT len)</nametext></name>
       <fsummary>Push binary at the head of the driver queue</fsummary>
       <desc>
         <marker id="driver_pushq_bin"></marker>
@@ -1060,13 +1255,35 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
+      <name><ret>ErlDrvSizeT</ret><nametext>driver_peekqv(ErlDrvPort port, ErlIOVec *ev)</nametext></name>
+      <fsummary>Get the driver queue as an IO vector</fsummary>
+      <desc>
+        <marker id="driver_peekqv"></marker>
+        <p>
+	  This function retrieves the driver queue into a supplied
+	  <c>ErlIOVec</c> <c>ev</c>. It also returns the queue size.
+	  This is one of two ways to get data out of the queue.
+	</p>
+	<p>
+	  If <c>ev</c> is <c>NULL</c> all ones i.e. <c>-1</c> type cast to
+	  <c>ErlDrvSizeT</c> is returned.
+	</p>
+        <p>Nothing is removed from the queue by this function, that must be done
+          with <c>driver_deq</c>.</p>
+        <p>This function can be called from an arbitrary thread if a
+          <seealso marker="#ErlDrvPDL">port data lock</seealso>
+          associated with the <c>port</c> is locked by the calling
+          thread during the call.</p>
+      </desc>
+    </func>
+    <func>
       <name><ret>SysIOVec*</ret><nametext>driver_peekq(ErlDrvPort port, int *vlen)</nametext></name>
       <fsummary>Get the driver queue as a vector</fsummary>
       <desc>
         <marker id="driver_peekq"></marker>
         <p>This function retrieves the driver queue as a pointer to an
           array of <c>SysIOVec</c>s. It also returns the number of
-          elements in <c>vlen</c>. This is the only way to get data
+          elements in <c>vlen</c>. This is one of two ways to get data
           out of the queue.</p>
         <p>Nothing is removed from the queue by this function, that must be done
           with <c>driver_deq</c>.</p>
@@ -1079,7 +1296,7 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
-      <name><ret>int</ret><nametext>driver_enqv(ErlDrvPort port, ErlIOVec *ev, int skip)</nametext></name>
+      <name><ret>int</ret><nametext>driver_enqv(ErlDrvPort port, ErlIOVec *ev, ErlDrvSizeT skip)</nametext></name>
       <fsummary>Enqueue vector in the driver queue</fsummary>
       <desc>
         <marker id="driver_enqv"></marker>
@@ -1095,7 +1312,7 @@ typedef struct ErlIOVec {
       </desc>
     </func>
     <func>
-      <name><ret>int</ret><nametext>driver_pushqv(ErlDrvPort port, ErlIOVec *ev, int skip)</nametext></name>
+      <name><ret>int</ret><nametext>driver_pushqv(ErlDrvPort port, ErlIOVec *ev, ErlDrvSizeT skip)</nametext></name>
       <fsummary>Push vector at the head of the driver queue</fsummary>
       <desc>
         <marker id="driver_pushqv"></marker>
@@ -1494,7 +1711,7 @@ ERL_DRV_EXT2TERM     char *buf, ErlDrvUInt len
 	term encoded with the
 	<seealso marker="erl_ext_dist">external format</seealso>,
 	i.e., a term that has been encoded by
-	<seealso marker="erts:erlang#term_to_binary/2">erlang:term_to_binary</seealso>,
+	<seealso marker="erlang#term_to_binary/2">erlang:term_to_binary</seealso>,
 	<seealso marker="erl_interface:ei">erl_interface</seealso>, etc.
 	For example, if <c>binp</c> is a pointer to an <c>ErlDrvBinary</c>
 	that contains the term <c>{17, 4711}</c> encoded with the
@@ -1694,7 +1911,7 @@ ERL_DRV_EXT2TERM     char *buf, ErlDrvUInt len
            The driver defined handle is normally created in the
           <seealso marker="driver_entry#start">driver start call-back</seealso>
            when a port is created via
-          <seealso marker="erts:erlang#open_port/2">erlang:open_port/2</seealso>. </item>
+          <seealso marker="erlang#open_port/2">erlang:open_port/2</seealso>. </item>
         </taglist>
         <p>The caller of <c>driver_create_port()</c> is allowed to
           manipulate the newly created port when <c>driver_create_port()</c>
@@ -2462,7 +2679,7 @@ ERL_DRV_EXT2TERM     char *buf, ErlDrvUInt len
     <title>SEE ALSO</title>
     <p><seealso marker="driver_entry">driver_entry(3)</seealso>,
       <seealso marker="kernel:erl_ddll">erl_ddll(3)</seealso>,
-      <seealso marker="erts:erlang">erlang(3)</seealso></p>
+      <seealso marker="erlang">erlang(3)</seealso></p>
     <p>An Alternative Distribution Driver (ERTS User's
       Guide Ch. 3)</p>
   </section>
diff --git a/erts/doc/src/erl_nif.xml b/erts/doc/src/erl_nif.xml
index 8daa67aa87..5fc6508aad 100644
--- a/erts/doc/src/erl_nif.xml
+++ b/erts/doc/src/erl_nif.xml
@@ -136,9 +136,7 @@ ok
      then retrieved by calling <seealso marker="#enif_priv_data">enif_priv_data</seealso>.</p>
     <p>There is no way to explicitly unload a NIF library. A library will be
      automatically unloaded when the module code that it belongs to is purged
-     by the code server. A NIF library will also be unloaded if it is replaced
-     by another version of the library by a second call to
-     <c>erlang:load_nif/2</c> from the same module code.</p> 
+     by the code server.</p> 
   </description>
   <section>
   <title>FUNCTIONALITY</title>
@@ -308,21 +306,9 @@ ok
            initialization is needed.</p> 
        </item>
 
-      <tag><marker id="reload"/>int (*reload)(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info)</tag>
-       <item><p><c>reload</c> is called when the NIF library is loaded
-        and there is already a previously loaded library for this
-        module code.</p>
-        <p>Works the same as <c>load</c>. The only difference is that
-        <c>*priv_data</c> already contains the value set by the
-        previous call to <c>load</c> or <c>reload</c>.</p>
-        <p>The library will fail to load if <c>reload</c> returns
-           anything other than 0 or if <c>reload</c> is NULL.</p> 
-      </item>
-
       <tag><marker id="upgrade"/>int (*upgrade)(ErlNifEnv* env, void** priv_data, void** old_priv_data, ERL_NIF_TERM load_info)</tag>
        <item><p><c>upgrade</c> is called when the NIF library is loaded
-        and there is no previously loaded library for this module
-        code, BUT there is old code of this module with a loaded NIF library.</p>
+        and there is old code of this module with a loaded NIF library.</p>
         <p>Works the same as <c>load</c>. The only difference is that
         <c>*old_priv_data</c> already contains the value set by the
          last call to <c>load</c> or <c>reload</c> for the old module
@@ -339,6 +325,23 @@ ok
        called for a replaced library as a consequence of <c>reload</c>.</p>
       </item>
 
+      <tag><marker id="reload"/>int (*reload)(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info)</tag>
+     <note><p>The reload mechanism is <em>deprecated</em>. It was only intended
+     as a development feature. Do not use it as an upgrade method for
+     live production systems. It might be removed in future releases. Be sure
+     to pass <c>reload</c> as <c>NULL</c> to <seealso marker="#ERL_NIF_INIT">ERL_NIF_INIT</seealso>
+     to disable it when not used.</p>
+     </note>
+       <item><p><c>reload</c> is called when the NIF library is loaded
+        and there is already a previously loaded library for this
+        module code.</p>
+        <p>Works the same as <c>load</c>. The only difference is that
+        <c>*priv_data</c> already contains the value set by the
+        previous call to <c>load</c> or <c>reload</c>.</p>
+        <p>The library will fail to load if <c>reload</c> returns
+           anything other than 0 or if <c>reload</c> is NULL.</p> 
+      </item>
+
     </taglist>
   </section>
 
diff --git a/erts/doc/src/erlang.xml b/erts/doc/src/erlang.xml
index 2ea144eb3f..fbe7b36163 100644
--- a/erts/doc/src/erlang.xml
+++ b/erts/doc/src/erlang.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1996</year><year>2011</year>
+      <year>1996</year><year>2012</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -215,9 +215,9 @@
           representation of <c>Atom</c>. If <c>Encoding</c>
 	  is <c>latin1</c>, there will be one byte for each character
 	  in the text representation. If <c>Encoding</c> is <c>utf8</c> or
-	  <c>unicode</c>, the characters will encoded using UTF-8
+	  <c>unicode</c>, the characters will be encoded using UTF-8
 	  (meaning that characters from 16#80 up to 0xFF will be
-	  encode in two bytes).</p>
+	  encoded in two bytes).</p>
 
 	<note><p>Currently, <c>atom_to_binary(Atom, latin1)</c> can
 	never fail because the text representation of an atom can only contain
@@ -268,7 +268,7 @@
 
       <p>If <c>PosLen</c> in any way references outside the binary, a <c>badarg</c> exception is raised.</p>
 
-      <p><c>Start</c> is zero-based, i.e:</p>
+      <p><c>Start</c> is zero-based, i.e.:</p>
 <code>
 1> Bin = &lt;&lt;1,2,3&gt;&gt;
 2> binary_part(Bin,{0,2}).
@@ -724,9 +724,12 @@ false</pre>
                 size limit.</p>
               </item>
               <tag><c>{line_length, integer()}</c></tag>
-              <item><p>Applies only to line oriented protocols
-                (<c>line</c>, <c>http</c>). Lines longer than this
-                will be truncated.</p>
+              <item><p>For packet type <c>line</c>, truncate lines longer
+	      than the indicated length.</p>
+	      <p>Option <c>line_length</c> also applies to <c>http*</c> 
+	      packet types as an alias for option <c>packet_size</c> in the
+	      case when <c>packet_size</c> itself is not set. This usage is
+	      only intended for backward compatibility.</p>
               </item>
             </taglist>
         <pre>
@@ -770,9 +773,9 @@ false</pre>
           turned off, nothing happens.</p>
         <p>Once <c>demonitor(MonitorRef)</c> has returned it is
           guaranteed that no <c>{'DOWN', MonitorRef, _, _, _}</c> message
-          due to the monitor will be placed in the callers message queue
+          due to the monitor will be placed in the caller's message queue
           in the future. A <c>{'DOWN', MonitorRef, _, _, _}</c> message
-          might have been placed in the callers message queue prior to
+          might have been placed in the caller's message queue prior to
           the call, though. Therefore, in most cases, it is advisable
           to remove such a <c>'DOWN'</c> message from the message queue
           after monitoring has been stopped. 
@@ -815,7 +818,7 @@ false</pre>
           <tag><c>flush</c></tag>
           <item>
             <p>Remove (one) <c>{_, MonitorRef, _, _, _}</c> message,
-              if there is one, from the callers message queue after
+              if there is one, from the caller's message queue after
               monitoring has been stopped.</p>
             <p>Calling <c>demonitor(MonitorRef, [flush])</c>
               is equivalent to the following, but more efficient:</p>
@@ -844,7 +847,7 @@ false</pre>
 	      <item><p>The monitor was not found and could not be removed.
 	      	       This probably because someone already has placed a
 		       <c>'DOWN'</c> message corresponding to this monitor
-		       in the callers message queue.
+		       in the caller's message queue.
 		    </p>
 	      </item>
 	    </taglist>
@@ -2866,7 +2869,7 @@ os_prompt%</pre>
 	      <p>For external programs, the <c>PATH</c> is searched
 	      (or an equivalent method is used to find programs,
 	      depending on operating system). This is done by invoking
-	      the shell och certain platforms. The first space
+	      the shell on certain platforms. The first space
 	      separated token of the command will be considered as the
 	      name of the executable (or driver). This (among other
 	      things) makes this option unsuitable for running
@@ -3906,7 +3909,7 @@ os_prompt%</pre>
           <item>
             <p>Return the current call stack back-trace (<em>stacktrace</em>)
               of the process. The stack has the same format as returned by
-	      <seealso marker="#get_stacktrace/1">erlang:get_stacktrace/0</seealso>.
+	      <seealso marker="#get_stacktrace/0">erlang:get_stacktrace/0</seealso>.
 	    </p>
           </item>
           <tag><c>{dictionary, Dictionary}</c></tag>
@@ -4930,6 +4933,21 @@ true</pre>
 	    threads in the Erlang run-time system and may therefore be greater
 	    than the wall-clock time.</p>
           </item>
+          <tag><marker id="statistics_scheduler_wall_time"><c>scheduler_wall_time</c></marker></tag>
+          <item>
+            <p>Returns
+	    <c>[{Scheduler_Id, Scheduler_Worked_Time, Scheduler_Total_Time}]</c>, time lapses are since the
+	    the system flag <seealso marker="#system_flag_scheduler_wall_time">scheduler_wall_time</seealso>
+	    was set to true.
+	    Returns <c>undefined</c> if the system flag <seealso marker="#system_flag_scheduler_wall_time">
+	    scheduler_wall_time</seealso> is set to false.
+	    </p>
+	    <p>The list of scheduler information is unsorted and may come in different order
+	    between calls. The time unit is undefined and may be changed and should only be used
+	    to calculate relative utilization.
+	    </p>
+          </item>
+
           <tag><c>wall_clock</c></tag>
           <item>
             <p>Returns
@@ -5069,6 +5087,14 @@ true</pre>
         <v>Flag, Value, OldValue -- see below</v>
       </type>
       <desc>
+        <warning>
+          <p>The
+	  <seealso marker="#system_flag_cpu_topology">cpu_topology</seealso>,
+	  and
+	  <seealso marker="#system_flag_scheduler_bind_type">scheduler_bind_type</seealso>
+	  <c>Flag</c>s are <em>deprecated</em> and have been scheduled for
+	  removal in erts-5.10/OTP-R16.</p>
+        </warning>
         <p>Sets various system properties of the Erlang node. Returns
           the old value of the flag.</p>
         <taglist>
@@ -5079,6 +5105,12 @@ true</pre>
           </item>
           <tag><marker id="system_flag_cpu_topology"><c>erlang:system_flag(cpu_topology, CpuTopology)</c></marker></tag>
           <item>
+	    <p><em>NOTE:</em> This argument is <em>deprecated</em> and
+	    scheduled for removal in erts-5.10/OTP-R16. Instead of using
+	    this argument you are advised to use the <c>erl</c> command
+	    line argument <seealso marker="erts:erl#+sct">+sct</seealso>.
+	    When this argument has been removed a final CPU topology to use
+	    will be determined at emulator boot time.</p>
             <p>Sets the user defined <c>CpuTopology</c>. The user defined
 	       CPU topology will override any automatically detected
 	       CPU topology. By passing <c>undefined</c> as <c>CpuTopology</c>
@@ -5093,15 +5125,15 @@ true</pre>
 	       to rebind according to the new CPU topology.
 	    </p>
 	    <p>The user defined CPU topology can also be set by passing
-	       the <seealso marker="erl#+sct">+sct</seealso> command
+	       the <seealso marker="erts:erl#+sct">+sct</seealso> command
 	       line argument to <c>erl</c>.
 	    </p>
 	    <p>For information on the <c>CpuTopology</c> type
 	       and more, see the documentation of
 	       <seealso marker="#system_info_cpu_topology">erlang:system_info(cpu_topology)</seealso>,
-	       the <c>erl</c> <seealso marker="erl#+sct">+sct</seealso>
-	       emulator flag, and
-	       <seealso marker="#system_flag_scheduler_bind_type">erlang:system_flag(scheduler_bind_type, How)</seealso>.
+	       and the <c>erl</c> <seealso marker="erts:erl#+sct">+sct</seealso>
+	       and <seealso marker="erts:erl#+sbt">+sbt</seealso>
+	       command line flags.
 	    </p>
           </item>
           <tag><c>erlang:system_flag(fullsweep_after, Number)</c></tag>
@@ -5177,6 +5209,12 @@ true</pre>
           </item>
           <tag><marker id="system_flag_scheduler_bind_type"><c>erlang:system_flag(scheduler_bind_type, How)</c></marker></tag>
           <item>
+	    <p><em>NOTE:</em> This argument is <em>deprecated</em> and
+	    scheduled for removal in erts-5.10/OTP-R16. Instead of using
+	    this argument you are advised to use the <c>erl</c> command
+	    line argument <seealso marker="erts:erl#+sbt">+sbt</seealso>.
+	    When this argument has been removed a final scheduler bind type
+	    to use will be determined at emulator boot time.</p>
 	    <p>Controls if and how schedulers are bound to logical
 	       processors.</p>
 	    <p>When <c>erlang:system_flag(scheduler_bind_type, How)</c> is
@@ -5198,93 +5236,61 @@ true</pre>
 	       the CPU topology needs to be known. If the runtime system fails
 	       to automatically detect the CPU topology, it can be defined.
 	       For more information on how to define the CPU topology, see 
-	       <seealso marker="#system_flag_cpu_topology">erlang:system_flag(cpu_topology, CpuTopology)</seealso>.
+	       the <c>erl</c> <seealso marker="erts:erl#+sct">+sct</seealso> command
+	       line flag.
 	    </p>
-            <p>The runtime system will by default bind schedulers to logical
-	       processors using the <c>default_bind</c> bind type if the amount
-	       of schedulers are at least equal to the amount of logical
-	       processors configured, binding of schedulers is supported,
-	       and a CPU topology is available at startup.
+            <p>The runtime system will by default <em>not</em> bind schedulers
+	       to logical processors.
 	    </p>
 	    <p><em>NOTE:</em> If the Erlang runtime system is the only
 	       operating system process that binds threads to logical processors,
 	       this improves the performance of the runtime system. However,
 	       if other operating system processes (as for example another Erlang
 	       runtime system) also bind threads to logical processors, there
-	       might be a performance penalty instead. If this is the case you,
-	       are are advised to unbind the schedulers using the
-	       <seealso marker="erl#+sbt">+sbtu</seealso> command line argument,
-	       or <c>erlang:system_flag(scheduler_bind_type, unbound)</c>.</p>
+	       might be a performance penalty instead. In some cases this
+	       performance penalty might be severe. If this is the case, you
+	       are advised to not bind the schedulers.</p>
 	    <p>Schedulers can be bound in different ways. The <c>How</c>
 	       argument determines how schedulers are bound. <c>How</c> can
 	       currently be one of:</p>
             <taglist>
               <tag><c>unbound</c></tag>
-              <item>
-                <p>Schedulers will not be bound to logical processors, i.e.,
-		   the operating system decides where the scheduler threads
-		   execute, and when to migrate them. This is the default.</p>
-              </item>
+              <item><p>Same as the <c>erl</c> command line argument
+	      <seealso marker="erts:erl#+sbt">+sbt u</seealso>.
+	      </p></item>
               <tag><c>no_spread</c></tag>
-              <item>
-                <p>Schedulers with close scheduler identifiers will be bound
-		   as close as possible in hardware.</p>
-              </item>
+              <item><p>Same as the <c>erl</c> command line argument
+	      <seealso marker="erts:erl#+sbt">+sbt ns</seealso>.
+	      </p></item>
               <tag><c>thread_spread</c></tag>
-              <item>
-                <p>Thread refers to hardware threads (e.g. Intels
-		   hyper-threads). Schedulers with low scheduler identifiers,
-		   will be bound to the first hardware thread of each core,
-		   then schedulers with higher scheduler identifiers will be
-		   bound to the second hardware thread of each core, etc.</p>
-              </item>
+              <item><p>Same as the <c>erl</c> command line argument
+	      <seealso marker="erts:erl#+sbt">+sbt ts</seealso>.
+	      </p></item>
               <tag><c>processor_spread</c></tag>
-              <item>
-                <p>Schedulers will be spread like <c>thread_spread</c>, but
-		   also over physical processor chips.</p>
-              </item>
+              <item><p>Same as the <c>erl</c> command line argument
+	      <seealso marker="erts:erl#+sbt">+sbt ps</seealso>.
+	      </p></item>
               <tag><c>spread</c></tag>
-              <item>
-                <p>Schedulers will be spread as much as possible.</p>
-              </item>
+              <item><p>Same as the <c>erl</c> command line argument
+	      <seealso marker="erts:erl#+sbt">+sbt s</seealso>.
+	      </p></item>
               <tag><c>no_node_thread_spread</c></tag>
-              <item>
-                <p>Like <c>thread_spread</c>, but if multiple NUMA
-		   (Non-Uniform Memory Access) nodes exists,
-		   schedulers will be spread over one NUMA node at a time,
-		   i.e., all logical processors of one NUMA node will
-		   be bound to schedulers in sequence.</p>
-              </item>
+              <item><p>Same as the <c>erl</c> command line argument
+	      <seealso marker="erts:erl#+sbt">+sbt nnts</seealso>.
+	      </p></item>
               <tag><c>no_node_processor_spread</c></tag>
-              <item>
-                <p>Like <c>processor_spread</c>, but if multiple NUMA
-		   nodes exists, schedulers will be spread over one
-		   NUMA node at a time, i.e., all logical processors of
-		   one NUMA node will be bound to schedulers in sequence.</p>
-              </item>
+              <item><p>Same as the <c>erl</c> command line argument
+	      <seealso marker="erts:erl#+sbt">+sbt nnps</seealso>.
+	      </p></item>
               <tag><c>thread_no_node_processor_spread</c></tag>
-              <item>
-                <p>A combination of <c>thread_spread</c>, and
-		<c>no_node_processor_spread</c>. Schedulers will be
-		spread over hardware threads across NUMA nodes, but
-		schedulers will only be spread over processors internally
-		in one NUMA node at a time.</p>
-              </item>
+              <item><p>Same as the <c>erl</c> command line argument
+	      <seealso marker="erts:erl#+sbt">+sbt tnnps</seealso>.
+	      </p></item>
               <tag><c>default_bind</c></tag>
-              <item>
-                <p>Binds schedulers the default way. Currently the default
-		is <c>thread_no_node_processor_spread</c> (which might change
-		in the future).</p>
-              </item>
+              <item><p>Same as the <c>erl</c> command line argument
+	      <seealso marker="erts:erl#+sbt">+sbt db</seealso>.
+	      </p></item>
 	    </taglist>
-            <p>How schedulers are bound matters. For example, in
-	       situations when there are fewer running processes than
-	       schedulers online, the runtime system tries to migrate
-	       processes to schedulers with low scheduler identifiers.
-	       The more the schedulers are spread over the hardware,
-	       the more resources will be available to the runtime
-	       system in such situations.
-	    </p>
 	    <p>The value returned equals <c>How</c> before the
 	       <c>scheduler_bind_type</c> flag was changed.</p>
 	    <p>Failure:</p>
@@ -5303,17 +5309,25 @@ true</pre>
               </item>
             </taglist>
 	    <p>The scheduler bind type can also be set by passing
-	       the <seealso marker="erl#+sbt">+sbt</seealso> command
+	       the <seealso marker="erts:erl#+sbt">+sbt</seealso> command
 	       line argument to <c>erl</c>.
 	    </p>
 	    <p>For more information, see
 	       <seealso marker="#system_info_scheduler_bind_type">erlang:system_info(scheduler_bind_type)</seealso>,
 	       <seealso marker="#system_info_scheduler_bindings">erlang:system_info(scheduler_bindings)</seealso>,
-	       the <c>erl</c> <seealso marker="erl#+sbt">+sbt</seealso>
-	       emulator flag, and
-	       <seealso marker="#system_flag_cpu_topology">erlang:system_flag(cpu_topology, CpuTopology)</seealso>.
+	       the <c>erl</c> <seealso marker="erts:erl#+sbt">+sbt</seealso>
+	       and <seealso marker="erts:erl#+sct">+sct</seealso> command line
+	       flags.
+	    </p>
+          </item>
+	  <tag><marker id="system_flag_scheduler_wall_time"><c>erlang:system_flag(scheduler_wall_time, Boolean)</c></marker></tag>
+          <item>
+            <p>Turns on/off scheduler wall time measurements. </p>
+	    <p>For more information see,
+	    <seealso marker="#statistics_scheduler_wall_time">erlang:statistics(scheduler_wall_time)</seealso>.
 	    </p>
           </item>
+
           <tag><marker id="system_flag_schedulers_online"><c>erlang:system_flag(schedulers_online, SchedulersOnline)</c></marker></tag>
           <item>
             <p>Sets the amount of schedulers online. Valid range is
@@ -5325,6 +5339,7 @@ true</pre>
 	    <seealso marker="#system_info_schedulers_online">erlang:system_info(schedulers_online)</seealso>.
 	    </p>
           </item>
+
           <tag><c>erlang:system_flag(trace_control_word, TCW)</c></tag>
           <item>
             <p>Sets the value of the node's trace control word to
@@ -5512,10 +5527,12 @@ true</pre>
           <item>
 	    <p>Returns the <c>CpuTopology</c> which currently is used by the
 	       emulator. The CPU topology is used when binding schedulers
-	       to logical processors. The CPU topology used is the user defined
-	       CPU topology if such exist; otherwise, the automatically
-	       detected CPU topology if such exist. If no CPU topology
-	       exist <c>undefined</c> is returned.</p>
+	       to logical processors. The CPU topology used is the
+	       <seealso marker="erlang#system_info_cpu_topology_defined">user
+	       defined CPU topology</seealso> if such exists; otherwise, the
+	       <seealso marker="erlang#system_info_cpu_topology_detected">automatically
+	       detected CPU topology</seealso> if such exists. If no CPU topology
+	       exists, <c>undefined</c> is returned.</p>
             <p>Types:</p>
             <list type="bulleted">
               <item><c>CpuTopology = LevelEntryList | undefined</c></item>
@@ -5562,8 +5579,8 @@ true</pre>
           <item>
             <p>Returns the user defined <c>CpuTopology</c>. For more
 	       information see the documentation of
-	       <seealso marker="#system_flag_cpu_topology">erlang:system_flag(cpu_topology, CpuTopology)</seealso>
-               and the documentation of the
+	       the <c>erl</c> <seealso marker="erts:erl#+sct">+sct</seealso> command
+	       line flag, and the documentation of the
 	       <seealso marker="#system_info_cpu_topology">cpu_topology</seealso>
 	       argument.
 	    </p>
@@ -5641,7 +5658,7 @@ true</pre>
           <item>
             <p>Returns the value of the distribution buffer busy limit
 	    in bytes. This limit can be set on startup by passing the
-	    <seealso marker="erl#+zdbbl">+zdbbl</seealso> command line
+	    <seealso marker="erts:erl#+zdbbl">+zdbbl</seealso> command line
 	    flag to <c>erl</c>.</p>
           </item>
           <tag><c>fullsweep_after</c></tag>
@@ -5843,14 +5860,13 @@ true</pre>
 	    <p>Returns information on how user has requested
 	       schedulers to be bound or not bound.</p>
 	    <p><em>NOTE:</em> Even though user has requested
-	       schedulers to be bound via
-	       <seealso marker="#system_flag_scheduler_bind_type">erlang:system_flag(scheduler_bind_type, How)</seealso>,
-	       they might have silently failed to bind. In order to
-	       inspect actual scheduler bindings call
+	       schedulers to be bound, they might have silently failed
+	       to bind. In order to inspect actual scheduler bindings call
 	       <seealso marker="#system_info_scheduler_bindings">erlang:system_info(scheduler_bindings)</seealso>.
 	    </p>
 	    <p>For more information, see
-	       <seealso marker="#system_flag_scheduler_bind_type">erlang:system_flag(scheduler_bind_type, How)</seealso>, and
+	       the <c>erl</c> <seealso marker="erts:erl#+sbt">+sbt</seealso>
+	       command line argument, and
 	       <seealso marker="#system_info_scheduler_bindings">erlang:system_info(scheduler_bindings)</seealso>.
 	    </p>
           </item>
@@ -5873,7 +5889,8 @@ true</pre>
 	    <p>Note that only schedulers online can be bound to logical
 	       processors.</p>
 	    <p>For more information, see
-	       <seealso marker="#system_flag_scheduler_bind_type">erlang:system_flag(scheduler_bind_type, How)</seealso>,
+	       the <c>erl</c> <seealso marker="erts:erl#+sbt">+sbt</seealso>
+	       command line argument,
 	       <seealso marker="#system_info_schedulers_online">erlang:system_info(schedulers_online)</seealso>.
 	    </p>
           </item>
@@ -7097,7 +7114,7 @@ true</pre>
           <c>Id</c> has no effect on the caller in the future (unless
           the link is setup again). If caller is trapping exits, an
           <c>{'EXIT', Id, _}</c> message due to the link might have
-          been placed in the callers message queue prior to the call,
+          been placed in the caller's message queue prior to the call,
           though. Note, the <c>{'EXIT', Id, _}</c> message can be the
           result of the link, but can also be the result of <c>Id</c>
           calling <c>exit/2</c>. Therefore, it <em>may</em> be
diff --git a/erts/doc/src/erts_alloc.xml b/erts/doc/src/erts_alloc.xml
index 3b5ee5391c..ec5e7d9b74 100644
--- a/erts/doc/src/erts_alloc.xml
+++ b/erts/doc/src/erts_alloc.xml
@@ -212,8 +212,8 @@
     <p>Apart from the ordinary allocators described above a number of
        pre-allocators are used for some specific data types. These
        pre-allocators pre-allocate a fixed amount of memory for certain data
-       types when the run-time system starts. As long as there are available
-       pre-allocated memory, it will be used. When no pre-allocated memory is
+       types when the run-time system starts. As long as pre-allocated memory
+       is available, it will be used. When no pre-allocated memory is
        available, memory will be allocated in ordinary allocators. These
        pre-allocators are typically much faster than the ordinary allocators,
        but can only satisfy a limited amount of requests.</p>
@@ -436,10 +436,10 @@
        in "the <c>alloc_util</c> framework" section.</item>
       <tag><marker id="M_t"><c><![CDATA[+M<S>t true|false]]></c></marker></tag>
       <item>
-       Multiple, thread specific instances of the allocator.
+       <p>Multiple, thread specific instances of the allocator.
        This option will only have any effect on the runtime system
        with SMP support. Default behaviour on the runtime system with
-       SMP support:
+       SMP support:</p>
        <taglist>
          <tag><c>ll_alloc</c></tag>
 	 <item><c>1</c> instance.</item>
@@ -448,9 +448,9 @@
 	 a lock-free instance of its own and other threads will use
 	 a common instance.</item>
        </taglist>
-       It was previously (before ERTS version 5.9) possible to configure
+       <p>It was previously (before ERTS version 5.9) possible to configure
        a smaller amount of thread specific instances than schedulers.
-       This is, however, not possible any more.
+       This is, however, not possible any more.</p>
       </item>
     </taglist>
     <p>Currently the following flags are available for configuration of
diff --git a/erts/doc/src/match_spec.xml b/erts/doc/src/match_spec.xml
index f0390c9db8..cd2b3abc1e 100644
--- a/erts/doc/src/match_spec.xml
+++ b/erts/doc/src/match_spec.xml
@@ -75,7 +75,7 @@
       <item>MatchCondition ::= { GuardFunction } | 
        { GuardFunction, ConditionExpression, ... }
       </item>
-      <item>BoolFunction ::= <c><![CDATA[is_atom]]></c> | <c><![CDATA[is_constant]]></c> |
+      <item>BoolFunction ::= <c><![CDATA[is_atom]]></c> |
       <c><![CDATA[is_float]]></c> | <c><![CDATA[is_integer]]></c> | <c><![CDATA[is_list]]></c> |
       <c><![CDATA[is_number]]></c> | <c><![CDATA[is_pid]]></c> | <c><![CDATA[is_port]]></c> |
       <c><![CDATA[is_reference]]></c> | <c><![CDATA[is_tuple]]></c> | <c><![CDATA[is_binary]]></c> |
@@ -133,7 +133,7 @@
       <item>MatchCondition ::= { GuardFunction } |
        { GuardFunction, ConditionExpression, ... }
       </item>
-      <item>BoolFunction ::= <c><![CDATA[is_atom]]></c> | <c><![CDATA[is_constant]]></c> |
+      <item>BoolFunction ::= <c><![CDATA[is_atom]]></c> |
       <c><![CDATA[is_float]]></c> | <c><![CDATA[is_integer]]></c> | <c><![CDATA[is_list]]></c> |
       <c><![CDATA[is_number]]></c> | <c><![CDATA[is_pid]]></c> | <c><![CDATA[is_port]]></c> |
       <c><![CDATA[is_reference]]></c> | <c><![CDATA[is_tuple]]></c> | <c><![CDATA[is_binary]]></c> |
@@ -172,7 +172,7 @@
       <title>Functions allowed in all types of match specifications</title>
       <p>The different functions allowed in <c><![CDATA[match_spec]]></c> work like this:
         </p>
-      <p><em>is_atom, is_constant, is_float, is_integer, is_list, is_number, is_pid, is_port, is_reference, is_tuple, is_binary, is_function: </em> Like the corresponding guard tests in
+      <p><em>is_atom, is_float, is_integer, is_list, is_number, is_pid, is_port, is_reference, is_tuple, is_binary, is_function: </em> Like the corresponding guard tests in
         Erlang, return <c><![CDATA[true]]></c> or <c><![CDATA[false]]></c>.
         </p>
       <p><em>is_record: </em>Takes an additional parameter, which SHALL
diff --git a/erts/doc/src/notes.xml b/erts/doc/src/notes.xml
index 4cef9669dd..d7967212b1 100644
--- a/erts/doc/src/notes.xml
+++ b/erts/doc/src/notes.xml
@@ -30,6 +30,507 @@
   </header>
   <p>This document describes the changes made to the ERTS application.</p>
 
+<section><title>Erts 5.9.0.1</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    A feature test for the <c>lwsync</c> instruction
+	    performed on PowerPC hardware at runtime system startup
+	    got into an eternal loop if the instruction was not
+	    supported. This bug was introduced in erts-5.9/OTP-R15B.</p>
+          <p>
+	    Own Id: OTP-9843</p>
+        </item>
+        <item>
+          <p>
+	    I/O events could potentially be delayed for ever when
+	    enabling kernel-poll on a non-SMP runtime system
+	    executing on Solaris. When also combined with
+	    async-threads the runtime system hung before completing
+	    the boot phase. This bug was introduced in
+	    erts-5.9/OTP-R15B.</p>
+          <p>
+	    Own Id: OTP-9844</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Erts 5.9</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Honor option <c>packet_size</c> for http packet parsing
+	    by both TCP socket and <c>erlang:decode_packet</c>. This
+	    gives the ability to accept HTTP headers larger than the
+	    default setting, but also avoid DoS attacks by accepting
+	    lines only up to whatever length you wish to allow. For
+	    consistency, packet type <c>line</c> also honor option
+	    <c>packet_size</c>. (Thanks to Steve Vinoski)</p>
+          <p>
+	    Own Id: OTP-9389</p>
+        </item>
+        <item>
+	    <p> A few contracts in the <c>lists</c> module have been
+	    corrected. </p>
+          <p>
+	    Own Id: OTP-9616</p>
+        </item>
+        <item>
+          <p>
+	    The Unicode noncharacter code points 16#FFFE and 16#FFFE
+	    were not allowed to be encoded or decoded using the
+	    <c>unicode</c> module or bit syntax. That was
+	    inconsistent with the other noncharacters 16#FDD0 to
+	    16#FDEF that could be encoded/decoded. To resolve the
+	    inconsistency, 16#FFFE and 16#FFFE can now be encoded and
+	    decoded. (Thanks to Alisdair Sullivan.)</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9624</p>
+        </item>
+        <item>
+          <p>
+	    Make epp search directory of current file first when
+	    including another file This completes a partial fix in
+	    R11 that only worked for include_lib(). (Thanks to
+	    Richard Carlsson)</p>
+          <p>
+	    Own Id: OTP-9645</p>
+        </item>
+        <item>
+          <p>
+	    Fixed memory leak in
+	    <c>enif_inspect_io_list_as_binary</c> when applied on a
+	    process independent environment.</p>
+          <p>
+	    Own Id: OTP-9668</p>
+        </item>
+        <item>
+	    <p>The number of beam catches allowed in code are no
+	    longer statically defined and will grow according to its
+	    need.</p>
+          <p>
+	    Own Id: OTP-9692</p>
+        </item>
+        <item>
+          <p>
+	    Add missing parenthesis in heart doc.</p>
+          <p>
+	    Add missing spaces in the Reference Manual distributed
+	    section.</p>
+          <p>
+	    In the HTML version of the doc those spaces are necessary
+	    to separate those words.</p>
+          <p>
+	    Own Id: OTP-9693</p>
+        </item>
+        <item>
+          <p>
+	    Fixes module erlang doc style: option description (Thanks
+	    to Ricardo Catalinas Jim�nez)</p>
+          <p>
+	    Own Id: OTP-9697</p>
+        </item>
+        <item>
+          <p>
+	    Specifying a scope to binary:match/3 when using multiple
+	    searchstrings resulted in faulty return values. This is
+	    now corrected.</p>
+          <p>
+	    Own Id: OTP-9701</p>
+        </item>
+        <item>
+          <p>
+	    The runtime system crashed if more than one thread tried
+	    to exit the runtime system at the same time.</p>
+          <p>
+	    Own Id: OTP-9705</p>
+        </item>
+        <item>
+          <p>
+	    Fix documentation for erlang:process_flag/2</p>
+          <p>
+	    For the subsection about process_flag(save_calls, N)
+	    there's an unrelated paragraph about process priorities
+	    which was copied from the preceeding subsection regarding
+	    process_flag(priority, Level). (Thanks to Filipe David
+	    Manana)</p>
+          <p>
+	    Own Id: OTP-9714</p>
+        </item>
+        <item>
+          <p>
+	    Calls to <c>erlang:system_flag(schedulers_online, N)</c>
+	    and/or <c>erlang:system_flag(multi_scheduling,
+	    block|unblock)</c> could cause internal data used by this
+	    functionality to get into an inconsistent state. When
+	    this happened various problems occurred. This bug was
+	    quite hard to trigger, so hopefully no-one has been
+	    effected by it.</p>
+          <p>
+	    A spinlock used by the run-queue management sometimes got
+	    heavily contended. This code has now been rewritten, and
+	    the spinlock has been removed.</p>
+          <p>
+	    Own Id: OTP-9727</p>
+        </item>
+        <item>
+          <p>
+	    Use libdlpi to get physical address (Thanks to Trond
+	    Norbye)</p>
+          <p>
+	    Own Id: OTP-9818</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p> An option list argument can now be passed to
+	    <c>file:read_file_info/2, file:read_link_info/2</c> and
+	    <c>file:write_file_info/3</c> and set time type
+	    information in the call. Valid options are <c>{time,
+	    local}, {time, universal}</c> and <c>{time, posix}</c>.
+	    In the case of <c>posix</c> time no conversions are made
+	    which makes the operation a bit faster. </p>
+          <p>
+	    Own Id: OTP-7687</p>
+        </item>
+        <item>
+	    <p>A number of memory allocation optimizations have been
+	    implemented. Most optimizations reduce contention caused
+	    by synchronization between threads during allocation and
+	    deallocation of memory. Most notably:</p> <list> <item>
+	    Synchronization of memory management in scheduler
+	    specific allocator instances has been rewritten to use
+	    lock-free synchronization. </item> <item> Synchronization
+	    of memory management in scheduler specific pre-allocators
+	    has been rewritten to use lock-free synchronization.
+	    </item> <item> The 'mseg_alloc' memory segment allocator
+	    now use scheduler specific instances instead of one
+	    instance. Apart from reducing contention this also
+	    ensures that memory allocators always create memory
+	    segments on the local NUMA node on a NUMA system. </item>
+	    </list>
+          <p>
+	    Own Id: OTP-7775</p>
+        </item>
+        <item>
+          <p>
+	    The ethread atomic memory operations API used by the
+	    runtime system has been extended and improved.</p>
+          <p>
+	    The ethread library now also performs runtime tests for
+	    presence of hardware features, such as for example SSE2
+	    instructions, instead of requiring this to be determined
+	    at compile time.</p>
+          <p>
+	    All uses of the old deprecated atomic API in the runtime
+	    system have been replaced with the use of the new atomic
+	    API. In a lot of places this change imply a relaxation of
+	    memory barriers used.</p>
+          <p>
+	    Own Id: OTP-9014</p>
+        </item>
+        <item>
+	    <p>gen_sctp:open/0-2 may now return
+	    {error,eprotonosupport} if SCTP is not supported</p>
+	    <p>gen_sctp:peeloff/1 has been implemented and creates a
+	    one-to-one socket which also are supported now</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9239</p>
+        </item>
+        <item>
+          <p>
+	    Sendfile has been added to the file module's API.
+	    sendfile/2 is used to read data from a file and send it
+	    to a tcp socket using a zero copying mechanism if
+	    available on that OS.</p>
+          <p>
+	    Thanks to Tuncer Ayaz and Steve Vinovski for original
+	    implementation</p>
+          <p>
+	    Own Id: OTP-9240</p>
+        </item>
+        <item>
+          <p>
+	    enif_get_reverse_list function added to nif API. This
+	    function should be used to reverse small lists which are
+	    deep within other structures making it impractical to do
+	    the reverse in Erlang.</p>
+          <p>
+	    Own Id: OTP-9392</p>
+        </item>
+        <item>
+          <p>
+	    The deprecated concat_binary/1 BIF has been removed. Use
+	    <c>list_to_binary</c> or <c>iolist_to_binary/1</c>
+	    instead.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9421</p>
+        </item>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+	    <p>Line number and filename information are now included
+	    in exception backtraces as a fourth element in the MFA
+	    tuple. The information will be pretty-printed by the
+	    shell and used by <c>common_test</c> to provide better
+	    indication of where a test case.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9468</p>
+        </item>
+        <item>
+	    <p>All binary constants used to be handled as heap
+	    binaries (i.e. the entire binary would be copied when
+	    sent to another process). Binary constants larger than 64
+	    bytes are now refc binaries (i.e. the actual data in the
+	    binary will not be copied when sent to another
+	    process).</p>
+          <p>
+	    Own Id: OTP-9486</p>
+        </item>
+        <item>
+          <p>
+	    If a float and an integer is compared, the integer is
+	    only converted to a float if the float datatype can
+	    contain it. Otherwise the float is converted to an
+	    integer.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9497</p>
+        </item>
+        <item>
+          <p>
+	    Add NIF function enif_is_number</p>
+          <p>
+	    This function allows for easily determining if a term
+	    represents or not a number (integer, float, small or
+	    big).(Thanks to Filipe David Manana)</p>
+          <p>
+	    Own Id: OTP-9629</p>
+        </item>
+        <item>
+          <p>
+	    The ERTS internal system block functionality has been
+	    replaced by new functionality for blocking the system.
+	    The old system block functionality had contention issues
+	    and complexity issues. The new functionality piggy-backs
+	    on thread progress tracking functionality needed by newly
+	    introduced lock-free synchronization in the runtime
+	    system. When the functionality for blocking the system
+	    isn't used, there is more or less no overhead at all.
+	    This since the functionality for tracking thread progress
+	    is there and needed anyway.</p>
+          <p>
+	    Own Id: OTP-9631</p>
+        </item>
+        <item>
+          <p>
+	    An ERTS internal, generic, many to one, lock-free queue
+	    for communication between threads has been introduced.
+	    The many to one scenario is very common in ERTS, so it
+	    can be used in a lot of places in the future. Currently
+	    it is used by scheduling of certain jobs, and the async
+	    thread pool, but more uses are planned for the future.</p>
+          <p>
+	    Drivers using the driver_async functionality are not
+	    automatically locked to the system anymore, and can be
+	    unloaded as any dynamically linked in driver.</p>
+          <p>
+	    Scheduling of ready async jobs is now also interleaved in
+	    between other jobs. Previously all ready async jobs were
+	    performed at once.</p>
+          <p>
+	    Own Id: OTP-9632</p>
+        </item>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+        <item>
+          <p>
+	    Changed the internal BIF calling convention. Will make
+	    simpler faster code and allow BIFs with an arbitrary
+	    arity.</p>
+          <p>
+	    Own Id: OTP-9662</p>
+        </item>
+        <item>
+          <p>
+	    Windows native critical sections are now used internally
+	    in the runtime system on Windows as mutex implementation.
+	    This since they perform better under extreme contention
+	    than our own implementation.</p>
+          <p>
+	    Own Id: OTP-9671</p>
+        </item>
+        <item>
+          <p>
+	    Convert some erl_nif macros into inline functions. Allow
+	    for better compile time type checking. (Thanks to Tuncer
+	    Ayaz)</p>
+          <p>
+	    Own Id: OTP-9675</p>
+        </item>
+        <item>
+          <p>
+	    The <c>+scl</c> command line flag has been added. It can
+	    be used for disabling compaction of scheduler load. For
+	    more information see the <c>erl(1)</c> documentation.</p>
+          <p>
+	    Own Id: OTP-9695</p>
+        </item>
+        <item>
+	    <p>The build system has been updated so that Erlang/OTP
+	    can be built on Mac OS X Lion systems without a GCC
+	    compiler. The INSTALL guide has been updated with
+	    instructions on how to install a GCC compiler and build
+	    Erlang/OTP with it, in order to get a run-time system
+	    with better performance.</p>
+          <p>
+	    Own Id: OTP-9712</p>
+        </item>
+        <item>
+          <p>
+	    When loading a module, the system use to run on a single
+	    scheduler during the entire loading process. This has
+	    been changed to only take down the system just before
+	    inserting the loaded code into the system tables,
+	    resulting in a much shorter disruption if a module is
+	    loaded in a busy system. (Suggested by Bob Ippolito.)</p>
+          <p>
+	    Own Id: OTP-9720</p>
+        </item>
+        <item>
+          <p>
+	    Possible to run HiPE without floating point exceptions
+	    (FPE). Useful on platforms that lack reliable FPE. Slower
+	    float operations compared to HiPE with FPE.</p>
+          <p>
+	    Own Id: OTP-9724</p>
+        </item>
+        <item>
+          <p>
+	    As of ERTS version 5.9 (OTP-R15B) the runtime system will
+	    by default <em>not</em> bind schedulers to logical
+	    processors.</p>
+          <p>
+	    If the Erlang runtime system is the only operating system
+	    process that binds threads to logical processors, this
+	    improves the performance of the runtime system. However,
+	    if other operating system processes (as for example
+	    another Erlang runtime system) also bind threads to
+	    logical processors, there might be a performance penalty
+	    instead. In some cases this performance penalty might be
+	    severe. Due to this, we change the default so that the
+	    user must make an active decision in order to bind
+	    schedulers.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9726</p>
+        </item>
+        <item>
+          <p>
+	    The use of <c>erlang:system_flag(scheduler_bind_type,
+	    _)</c> and <c>erlang:system_flag(cpu_topology, _)</c>
+	    have been deprecated and scheduled for removal in
+	    erts-5.10/OTP-R16. For more information see the
+	    documentation of <c>erlang:system_flag/2</c>.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9749</p>
+        </item>
+        <item>
+          <p>
+	    An ancient workaround for a Windows bug was removed from
+	    the open_port code, open_port({spawn,...}...) is now
+	    faster. Thanks to Daniel Goertzen.</p>
+          <p>
+	    Own Id: OTP-9766</p>
+        </item>
+        <item>
+          <p>
+	    The use of deprecated 32bit time_t on 32bit Windows is
+	    removed.</p>
+          <p>
+	    Own Id: OTP-9767</p>
+        </item>
+        <item>
+          <p>
+	    The NIF <c>reload</c> mechanism is deprecated. Do not use
+	    it as an upgrade method for live production systems. It
+	    might be removed in future releases. It can still serve
+	    as a development feature but a warning message will be
+	    logged each time it is used.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9771</p>
+        </item>
+        <item>
+	    <p>The driver interface has been changed to enable 64-bit
+	    aware drivers. Most importantly the return types for
+	    ErlDrvEntry callbacks 'call' and 'control' has ben
+	    enlarged which require drivers to be changed or they will
+	    cause emulator crashes. See <seealso
+	    marker="erl_driver#rewrites_for_64_bits"> Rewrites for
+	    64-bit driver interface </seealso> in the driver manual.
+	    </p>
+	    <p>Due to this driver <seealso
+	    marker="erl_driver#version_management">version
+	    management</seealso> is now mandatory. A driver that is
+	    not written with version management or a driver that was
+	    compiled with the wrong major version will be not be
+	    loaded by the emulator.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9795</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Erts 5.8.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/erts/emulator/Makefile.in b/erts/emulator/Makefile.in
index 708d4ca0a3..2bd7297231 100644
--- a/erts/emulator/Makefile.in
+++ b/erts/emulator/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1996-2011. All Rights Reserved.
+# Copyright Ericsson AB 1996-2012. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -28,21 +28,26 @@ Z_LIB=@Z_LIB@
 NO_INLINE_FUNCTIONS=false
 OPCODE_TABLES = $(ERL_TOP)/lib/compiler/src/genop.tab beam/ops.tab
 
+DEBUG_CFLAGS = @DEBUG_CFLAGS@
+CONFIGURE_CFLAGS = @CFLAGS@
+
 #
 # Run this make file with TYPE set to the type of emulator you want.
 # Different versions of the emulator for different uses. The default
 # is "debug". For a normal version use "opt".
 #
+DEFS=@DEFS@
 THR_DEFS=@EMU_THR_DEFS@
 M4FLAGS=
 CREATE_DIRS=
 
 LDFLAGS=@LDFLAGS@
+ARFLAGS=rc
 
 ifeq ($(TYPE),debug)
 PURIFY =
 TYPEMARKER = .debug
-TYPE_FLAGS = @DEBUG_CFLAGS@ -DDEBUG
+TYPE_FLAGS = $(DEBUG_CFLAGS) -DDEBUG
 ENABLE_ALLOC_TYPE_VARS += debug
 ifeq ($(TARGET),win32)
 TYPE_FLAGS += -DNO_JUMP_TABLE
@@ -53,7 +58,7 @@ else
 ifeq ($(TYPE),purify)
 PURIFY = purify $(PURIFY_BUILD_OPTIONS)
 TYPEMARKER = .purify
-TYPE_FLAGS = @DEBUG_CFLAGS@ -DPURIFY -DNO_JUMP_TABLE -DERTS_MSEG_FAKE_SEGMENTS
+TYPE_FLAGS = $(DEBUG_CFLAGS) -DPURIFY -DNO_JUMP_TABLE -DERTS_MSEG_FAKE_SEGMENTS
 ENABLE_ALLOC_TYPE_VARS += purify
 else
 
@@ -67,14 +72,14 @@ else
 ifeq ($(TYPE),purecov)
 PURIFY = purecov --follow-child-processes=yes $(PURECOV_BUILD_OPTIONS)
 TYPEMARKER = .purecov
-TYPE_FLAGS = @DEBUG_CFLAGS@ -DPURECOV -DNO_JUMP_TABLE
+TYPE_FLAGS = $(DEBUG_CFLAGS) -DPURECOV -DNO_JUMP_TABLE
 ENABLE_ALLOC_TYPE_VARS += purecov
 else
 
 ifeq ($(TYPE),gcov)
 PURIFY = 
 TYPEMARKER = .gcov
-TYPE_FLAGS = @DEBUG_CFLAGS@ -DERTS_GCOV -DNO_JUMP_TABLE -fprofile-arcs -ftest-coverage -O0 -DERTS_CAN_INLINE=0 -DERTS_INLINE=
+TYPE_FLAGS = $(DEBUG_CFLAGS) -DERTS_GCOV -DNO_JUMP_TABLE -fprofile-arcs -ftest-coverage -O0 -DERTS_CAN_INLINE=0 -DERTS_INLINE=
 ifneq ($(findstring solaris,$(TARGET)),solaris)
 LIBS += -lgcov
 endif
@@ -84,7 +89,7 @@ else
 ifeq ($(TYPE),valgrind)
 PURIFY = 
 TYPEMARKER = .valgrind
-TYPE_FLAGS = @DEBUG_CFLAGS@ -DVALGRIND -DNO_JUMP_TABLE -DERTS_MSEG_FAKE_SEGMENTS
+TYPE_FLAGS = $(DEBUG_CFLAGS) -DVALGRIND -DNO_JUMP_TABLE -DERTS_MSEG_FAKE_SEGMENTS
 ENABLE_ALLOC_TYPE_VARS += valgrind
 else
 
@@ -147,6 +152,15 @@ endif
 
 TF_MARKER=$(TYPEMARKER)$(FLAVOR_MARKER)
 
+ifeq ($(FLAVOR)-@ERTS_BUILD_SMP_EMU@,smp-no)
+VOID_EMULATOR = '*** SMP emulator disabled by configure'
+else
+ifeq ($(TYPE)-@HAVE_VALGRIND@,valgrind-no)
+VOID_EMULATOR = '*** valgrind emulator disabled by configure'
+else
+VOID_EMULATOR =
+endif
+endif
 
 OPSYS=@OPSYS@
 sol2CFLAGS=
@@ -187,7 +201,7 @@ else
 EMU_CC  = @EMU_CC@
 endif
 WFLAGS  = @WFLAGS@
-CFLAGS  = @STATIC_CFLAGS@ $(TYPE_FLAGS) $(FLAVOR_FLAGS) @DEFS@ $(WFLAGS) $(THR_DEFS) $(ARCHCFLAGS)
+CFLAGS  = @STATIC_CFLAGS@ $(TYPE_FLAGS) $(FLAVOR_FLAGS) $(DEFS) $(WFLAGS) $(THR_DEFS) $(ARCHCFLAGS)
 HCC     = @HCC@
 LD      = @LD@
 DEXPORT = @DEXPORT@
@@ -198,6 +212,7 @@ RM	= @RM@
 MKDIR	= @MKDIR@
 
 USING_MINGW=@MIXED_CYGWIN_MINGW@
+MIXED_MSYS=@MIXED_MSYS@
 
 ifeq ($(TARGET),win32)
 LIB_PREFIX=
@@ -237,9 +252,12 @@ ifeq ($(TARGET), win32)
 GEN_OPT_FLGS = $(OPT_LEVEL)
 UNROLL_FLG = 
 RC=rc.sh
+ifeq ($(MIXED_MSYS), yes)
+MAKE_PRELOAD_EXTRA = -msys
+endif
 ifeq ($(USING_MINGW), yes)
-RES_EXT=@OBJEXT@
-MAKE_PRELOAD_EXTRA=-windres
+RES_EXT = @OBJEXT@
+MAKE_PRELOAD_EXTRA += " -windres"
 else
 RES_EXT=res
 endif
@@ -259,30 +277,29 @@ CS_PURIFY =
 CS_TYPE_FLAGS = $(subst QUANTIFY,FAKE_QUANTIFY, \
 		$(subst PURIFY,FAKE_PURIFY, $(TYPE_FLAGS)))
 endif
-CS_CFLAGS_ = $(CS_TYPE_FLAGS) @DEFS@ $(WFLAGS) 
+CS_CFLAGS_ = $(CS_TYPE_FLAGS) $(DEFS) $(WFLAGS)
 ifeq ($(GCC),yes)
 CS_CFLAGS = $(subst -O2, $(GEN_OPT_FLGS) $(UNROLL_FLG), $(CS_CFLAGS_))
 else
 CS_CFLAGS = $(CS_CFLAGS_)
 endif
 CS_LDFLAGS = $(LDFLAGS)
-CS_LIBS = -L../lib/internal/$(TARGET) -lerts_internal @ERTS_INTERNAL_X_LIBS@
+CS_LIBS = -L../lib/internal/$(TARGET) -lerts_internal$(TYPEMARKER) @ERTS_INTERNAL_X_LIBS@
 
 LIBS	+= @TERMCAP_LIB@ -L../lib/internal/$(TARGET) @ERTS_INTERNAL_X_LIBS@
 
 ifdef Z_LIB
 # Use shared zlib library
 LIBS += $(Z_LIB)
+DEPLIBS =
 else
+DEPLIBS=$(ZLIB_LIBRARY)
 ifeq ($(TARGET),win32)
-LIBS    += -L$(ERL_TOP)/erts/emulator/zlib/obj/$(TARGET)/$(TYPE) -lz
-DEPLIBS = $(ERL_TOP)/erts/emulator/zlib/obj/$(TARGET)/$(TYPE)/z.lib
+LIBS    += -L$(ZLIB_OBJDIR) -lz
 else
 # Build on darwin fails if -lz is used
-LIBS += $(ERL_TOP)/erts/emulator/zlib/obj/$(TARGET)/$(TYPE)/libz.a
-DEPLIBS = $(ERL_TOP)/erts/emulator/zlib/obj/$(TARGET)/$(TYPE)/libz.a
+LIBS += $(ZLIB_LIBRARY)
 endif
-
 endif
 
 ifeq ($(TARGET),win32)
@@ -309,12 +326,9 @@ LIBSCTP = @LIBSCTP@
 ORG_THR_LIBS=@EMU_THR_LIBS@
 THR_LIB_NAME=@EMU_THR_LIB_NAME@
 
-ifneq ($(strip $(THR_LIB_NAME)),)
-DEPLIBS +=	$(ERL_TOP)/erts/lib/internal/$(TARGET)/$(LIB_PREFIX)erts_internal_r$(TYPEMARKER)$(LIB_SUFFIX) \
-		$(ERL_TOP)/erts/lib/internal/$(TARGET)/$(LIB_PREFIX)ethread$(TYPEMARKER)$(LIB_SUFFIX)
-else
-DEPLIBS +=	$(ERL_TOP)/erts/lib/internal/$(TARGET)/$(LIB_PREFIX)erts_internal$(TYPEMARKER)$(LIB_SUFFIX)
-endif
+ERTS_LIB_DIR = $(ERL_TOP)/erts/lib_src
+ERTS_LIB = $(ERTS_LIB_DIR)/obj/$(TARGET)/$(TYPE)/MADE
+DEPLIBS += $(ERTS_LIB)
 
 THR_LIBS=$(subst -l$(THR_LIB_NAME),-l$(THR_LIB_NAME)$(TYPEMARKER), \
 	   $(subst -lerts_internal_r,-lerts_internal_r$(TYPEMARKER),$(ORG_THR_LIBS)))
@@ -350,8 +364,7 @@ OBJDIR = obj/$(TTF_DIR)
 
 CREATE_DIRS += $(OBJDIR) \
 	pcre/obj/$(TARGET)/$(TYPE) \
-	zlib/obj/$(TARGET)/$(TYPE)
-
+	$(ZLIB_OBJDIR)
 
 BINDIR = $(ERL_TOP)/bin/$(TARGET)
 
@@ -359,7 +372,6 @@ ERLANG_OSTYPE = @ERLANG_OSTYPE@
 
 ENABLE_ALLOC_TYPE_VARS += @ERLANG_OSTYPE@
 
-EMULATOR_EXECUTABLE_ELIB = beam.elib$(TF_MARKER)
 ifeq ($(TARGET), win32)
 EMULATOR_EXECUTABLE = beam$(TF_MARKER).dll
 else
@@ -375,15 +387,12 @@ else
 UNIX_ONLY_BUILDS =
 endif
 
-ifeq ($(TYPE)-@HAVE_VALGRIND@,valgrind-no)
-all:
-	@echo '*** valgrind not found by configure'
-else
-ifeq ($(FLAVOR)-@ERTS_BUILD_SMP_EMU@,smp-no)
+.PHONY: all
+ifdef VOID_EMULATOR
 all:
-	@echo '*** Omitted build of emulator with smp support'
+	@echo $(VOID_EMULATOR)' - omitted target all'
 else
-all: generate erts_lib zlib $(BINDIR)/$(EMULATOR_EXECUTABLE) $(UNIX_ONLY_BUILDS)
+all: $(BINDIR)/$(EMULATOR_EXECUTABLE) $(UNIX_ONLY_BUILDS)
 ifeq ($(OMIT_OMIT_FP),yes)
 	@echo '* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *'
 	@echo '* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *'
@@ -394,37 +403,25 @@ ifeq ($(OMIT_OMIT_FP),yes)
 	@echo '* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *'
 endif
 endif
-endif
-
-ifdef Z_LIB
-zlib:
-	@echo 'Skip zlib directory, use shared library'
-else
-zlib:
-	@set -e ; cd zlib && $(MAKE) TYPE=$(TYPE) $(TYPE)
-endif
-
 
+include zlib/zlib.mk
 include pcre/pcre.mk
 
-erts_lib:
-	cd $(ERL_TOP)/erts/lib_src && $(MAKE) $(TYPE)
+$(ERTS_LIB):
+	cd $(ERTS_LIB_DIR) && $(MAKE) $(TYPE)
 
+.PHONY: clean
 clean:
-ifeq ($(TARGET),win32)
-	$(RM) -f $(TARGET)/beams.rc
-endif
-	$(RM) -f $(TARGET)/*.c $(TARGET)/*.h $(TARGET)/depend.mk
-	$(RM) -f $(TARGET)/*/*/*.c $(TARGET)/*/*/*.h $(TARGET)/*/*/*.S
-	$(RM) -f $(ERL_TOP)/erts/emulator/obj/$(TARGET)/*/*/*.o
-	$(RM) -f $(BINDIR)/beam $(BINDIR)/beam.*
-	$(RM) -rf $(BINDIR)/child_setup $(BINDIR)/child_setup.*
-	$(RM) -f $(BINDIR)/hipe_mkliterals $(BINDIR)/hipe_mkliterals.*
-	@set -e ; cd zlib && $(MAKE) clean
-	rm -f $(OBJS) $(OBJDIR)/libepcre.a
-
-.PHONY: all zlib clean
-
+	$(RM) -f $(GENERATE)
+	$(RM) -rf $(TARGET)/*.c $(TARGET)/*.h $(TARGET)/*-GENERATED
+	$(RM) -rf $(TARGET)/*/*
+	$(RM) -rf obj/$(TARGET)
+	$(RM) -rf pcre/obj/$(TARGET) $(PCRE_GENINC)
+	$(RM) -rf zlib/obj/$(TARGET)
+	$(RM) -rf bin/$(TARGET)
+	cd $(ERTS_LIB_DIR) && $(MAKE) clean
+
+.PHONY: docs
 docs:
 
 # ----------------------------------------------------------------------
@@ -437,13 +434,11 @@ ifeq ($(TARGET),win32)
 RELEASE_INCLUDES += sys/$(ERLANG_OSTYPE)/erl_win_dyn_driver.h
 endif
 
-ifeq ($(TYPE)-@HAVE_VALGRIND@,valgrind-no)
-release_spec:
-	@echo '*** valgrind not found by configure'
-else
-ifeq ($(FLAVOR)-@ERTS_BUILD_SMP_EMU@,smp-no)
+
+.PHONY: release_spec
+ifdef VOID_EMULATOR
 release_spec:
-	@echo '*** No emulator with smp support to install'
+	@echo $(VOID_EMULATOR)' - omitted target release_spec (install)'
 else
 release_spec: all
 	$(INSTALL_DIR) $(RELSYSDIR)
@@ -460,8 +455,8 @@ ifeq ($(ERLANG_OSTYPE), unix)
 	$(INSTALL_PROGRAM) $(BINDIR)/$(CS_EXECUTABLE) $(RELSYSDIR)/bin
 endif
 endif
-endif
 
+.PHONY: release_docs_spec
 release_docs_spec:
 
 # ----------------------------------------------------------------------
@@ -470,48 +465,41 @@ release_docs_spec:
 
 _create_dirs := $(shell mkdir -p $(CREATE_DIRS))
 
-.PHONY : generate
-
-GENERATE=	$(TTF_DIR)/beam_opcodes.h \
-		$(TARGET)/erl_bif_table.c \
-		$(TARGET)/erl_version.h \
-		$(TTF_DIR)/driver_tab.c \
-		$(TTF_DIR)/erl_alloc_types.h
-
-ifeq ($(TARGET),win32)
-GENERATE +=	$(TARGET)/beams.rc
-else
-GENERATE +=	$(TARGET)/preload.c
-endif
+GENERATE =
+HIPE_ASM =
 
 ifeq ($(findstring vxworks,$(TARGET)),vxworks)
 else
 ifdef HIPE_ENABLED
-GENERATE +=	$(TTF_DIR)/hipe_x86_asm.h \
+HIPE_ASM +=	$(TTF_DIR)/hipe_x86_asm.h \
 		$(TTF_DIR)/hipe_amd64_asm.h \
 		$(TTF_DIR)/hipe_sparc_asm.h \
 		$(TTF_DIR)/hipe_ppc_asm.h \
-		$(TTF_DIR)/hipe_arm_asm.h \
+		$(TTF_DIR)/hipe_arm_asm.h
+
+GENERATE +=	$(HIPE_ASM) \
 		$(TTF_DIR)/hipe_literals.h \
 		$(BINDIR)/hipe_mkliterals$(TF_MARKER)
 endif
 endif
 
-ifeq ($(FLAVOR)-@ERTS_BUILD_SMP_EMU@,smp-no)
-GENERATE=
-endif
-
-generate: $(GENERATE)
-
 ifdef HIPE_ENABLED
 OPCODE_TABLES += hipe/hipe_ops.tab
 endif
 
-$(TTF_DIR)/beam_opcodes.h $(TTF_DIR)/beam_opcodes.c: $(OPCODE_TABLES) utils/beam_makeops
+$(TTF_DIR)/beam_cold.h \
+$(TTF_DIR)/beam_hot.h \
+$(TTF_DIR)/beam_opcodes.c \
+$(TTF_DIR)/beam_opcodes.h \
+$(TTF_DIR)/beam_pred_funcs.h \
+$(TTF_DIR)/beam_tr_funcs.h \
+	: $(TTF_DIR)/OPCODES-GENERATED
+$(TTF_DIR)/OPCODES-GENERATED: $(OPCODE_TABLES) utils/beam_makeops
 	LANG=C $(PERL) utils/beam_makeops \
 		-wordsize @EXTERNAL_WORD_SIZE@ \
 		-outdir $(TTF_DIR) \
-		-emulator $(OPCODE_TABLES)
+		-emulator $(OPCODE_TABLES) && echo $? >$(TTF_DIR)/OPCODES-GENERATED
+GENERATE += $(TTF_DIR)/OPCODES-GENERATED
 
 # bif and atom table
 ATOMS=	beam/atom.names
@@ -531,25 +519,32 @@ BIFS += hipe/hipe_perfctr.tab
 endif
 endif
 
-TABLES=	$(TARGET)/erl_bif_table.c $(TARGET)/erl_bif_table.h	\
-	$(TARGET)/erl_bif_wrap.c $(TARGET)/erl_bif_list.h	\
-	$(TARGET)/erl_atom_table.c $(TARGET)/erl_atom_table.h   \
-	$(TARGET)/erl_pbifs.c
-
-$(TABLES): $(ATOMS) $(BIFS) utils/make_tables
+$(TARGET)/erl_bif_table.c \
+$(TARGET)/erl_bif_table.h \
+$(TARGET)/erl_bif_wrap.c \
+$(TARGET)/erl_bif_list.h \
+$(TARGET)/erl_atom_table.c \
+$(TARGET)/erl_atom_table.h \
+$(TARGET)/erl_pbifs.c \
+	: $(TARGET)/TABLES-GENERATED
+$(TARGET)/TABLES-GENERATED: $(ATOMS) $(BIFS) utils/make_tables
 	LANG=C $(PERL) utils/make_tables -src $(TARGET) -include $(TARGET)\
-		$(ATOMS) $(BIFS)
+		$(ATOMS) $(BIFS) && echo $? >$(TARGET)/TABLES-GENERATED
+GENERATE += $(TARGET)/TABLES-GENERATED
 
 $(TTF_DIR)/erl_alloc_types.h: beam/erl_alloc.types utils/make_alloc_types
 	LANG=C $(PERL) utils/make_alloc_types -src $< -dst $@ $(ENABLE_ALLOC_TYPE_VARS)
+GENERATE += $(TTF_DIR)/erl_alloc_types.h
 
 # version include file
 $(TARGET)/erl_version.h: ../vsn.mk
 	LANG=C $(PERL) utils/make_version -o $@ $(SYSTEM_VSN) $(VSN)$(SERIALNO) $(TARGET)
+GENERATE += $(TARGET)/erl_version.h
 
 # driver table
 $(TTF_DIR)/driver_tab.c: Makefile.in
 	LANG=C $(PERL) utils/make_driver_tab -o $@ $(DRV_OBJS)
+GENERATE += $(TTF_DIR)/driver_tab.c
 
 # Preloaded code.
 # 
@@ -565,6 +560,7 @@ $(TARGET)/beams.rc: $(ERL_TOP)/erts/preloaded/ebin/otp_ring0.beam \
 			$(ERL_TOP)/erts/preloaded/ebin/erl_prim_loader.beam \
 			$(ERL_TOP)/erts/preloaded/ebin/erlang.beam
 	LANG=C $(PERL) utils/make_preload $(MAKE_PRELOAD_EXTRA) -rc $^ > $@
+GENERATE += $(TARGET)/beams.rc
 else
 $(TARGET)/preload.c: $(ERL_TOP)/erts/preloaded/ebin/otp_ring0.beam \
 			$(ERL_TOP)/erts/preloaded/ebin/init.beam \
@@ -575,6 +571,17 @@ $(TARGET)/preload.c: $(ERL_TOP)/erts/preloaded/ebin/otp_ring0.beam \
 			$(ERL_TOP)/erts/preloaded/ebin/erl_prim_loader.beam \
 			$(ERL_TOP)/erts/preloaded/ebin/erlang.beam
 	LANG=C $(PERL) utils/make_preload -old $^ > $@
+GENERATE += $(TARGET)/preload.c
+endif
+
+.PHONY : generate
+ifdef VOID_EMULATOR
+generate:
+	@echo $(VOID_EMULATOR)' - omitted target generate'
+else
+generate: $(TTF_DIR)/GENERATED
+$(TTF_DIR)/GENERATED: $(GENERATE)
+	echo $? >$(TTF_DIR)/GENERATED
 endif
 
 # ----------------------------------------------------------------------
@@ -653,7 +660,7 @@ endif
 #
 CS_SRC = sys/$(ERLANG_OSTYPE)/erl_child_setup.c
 
-$(BINDIR)/$(CS_EXECUTABLE): $(CS_SRC)
+$(BINDIR)/$(CS_EXECUTABLE): $(TTF_DIR)/GENERATED $(CS_SRC) $(ERTS_LIB)
 	$(CS_PURIFY) $(CC) $(CS_LDFLAGS) -o $(BINDIR)/$(CS_EXECUTABLE) \
                $(CS_CFLAGS) $(COMMON_INCLUDES) $(CS_SRC) $(CS_LIBS)
 
@@ -831,6 +838,9 @@ BASE_OBJS = $(RUN_OBJS) $(EMU_OBJS) $(OS_OBJS) $(EXTRA_BASE_OBJS)
 
 OBJS =	$(BASE_OBJS) $(DRV_OBJS)
 
+$(INIT_OBJS): $(TTF_DIR)/GENERATED
+$(OBJS): $(TTF_DIR)/GENERATED
+
 ########################################
 # HiPE section
 
@@ -854,30 +864,49 @@ $(OBJDIR)/%.o: hipe/%.c
 $(BINDIR)/hipe_mkliterals$(TF_MARKER):	$(OBJDIR)/hipe_mkliterals.o
 	$(CC) $(CFLAGS) $(INCLUDES) -o $@ $<
 
-$(OBJDIR)/hipe_mkliterals.o:	$(TTF_DIR)/hipe_x86_asm.h $(TTF_DIR)/hipe_ppc_asm.h $(TTF_DIR)/beam_opcodes.h
+$(OBJDIR)/hipe_mkliterals.o:	$(HIPE_ASM) $(TTF_DIR)/erl_alloc_types.h \
+	$(TTF_DIR)/OPCODES-GENERATED $(TARGET)/TABLES-GENERATED
 
 $(TTF_DIR)/hipe_literals.h:	$(BINDIR)/hipe_mkliterals$(TF_MARKER)
 	$(BINDIR)/hipe_mkliterals$(TF_MARKER) -c > $@
 
-$(OBJDIR)/hipe_x86_glue.o:	hipe/hipe_x86_glue.S $(TTF_DIR)/hipe_x86_asm.h $(TTF_DIR)/hipe_literals.h hipe/hipe_mode_switch.h
-$(TTF_DIR)/hipe_x86_bifs.S:	hipe/hipe_x86_bifs.m4 hipe/hipe_x86_asm.m4 hipe/hipe_bif_list.m4 $(TARGET)/erl_bif_list.h hipe/hipe_gbif_list.h
-$(OBJDIR)/hipe_x86_bifs.o:	$(TTF_DIR)/hipe_x86_bifs.S $(TTF_DIR)/hipe_literals.h
-
-$(OBJDIR)/hipe_amd64_glue.o:	hipe/hipe_amd64_glue.S $(TTF_DIR)/hipe_amd64_asm.h $(TTF_DIR)/hipe_literals.h hipe/hipe_mode_switch.h
-$(TTF_DIR)/hipe_amd64_bifs.S:	hipe/hipe_amd64_bifs.m4 hipe/hipe_amd64_asm.m4 hipe/hipe_bif_list.m4 $(TARGET)/erl_bif_list.h hipe/hipe_gbif_list.h
-$(OBJDIR)/hipe_amd64_bifs.o:	$(TTF_DIR)/hipe_amd64_bifs.S $(TTF_DIR)/hipe_literals.h
-
-$(OBJDIR)/hipe_sparc_glue.o:	hipe/hipe_sparc_glue.S $(TTF_DIR)/hipe_sparc_asm.h hipe/hipe_mode_switch.h $(TTF_DIR)/hipe_literals.h
-$(TTF_DIR)/hipe_sparc_bifs.S:	hipe/hipe_sparc_bifs.m4 hipe/hipe_sparc_asm.m4 hipe/hipe_bif_list.m4 $(TARGET)/erl_bif_list.h hipe/hipe_gbif_list.h
-$(OBJDIR)/hipe_sparc_bifs.o:	$(TTF_DIR)/hipe_sparc_bifs.S $(TTF_DIR)/hipe_literals.h
-
-$(OBJDIR)/hipe_ppc_glue.o:	hipe/hipe_ppc_glue.S $(TTF_DIR)/hipe_ppc_asm.h hipe/hipe_mode_switch.h $(TTF_DIR)/hipe_literals.h
-$(TTF_DIR)/hipe_ppc_bifs.S:	hipe/hipe_ppc_bifs.m4 hipe/hipe_ppc_asm.m4 hipe/hipe_bif_list.m4 $(TARGET)/erl_bif_list.h hipe/hipe_gbif_list.h
-$(OBJDIR)/hipe_ppc_bifs.o:	$(TTF_DIR)/hipe_ppc_bifs.S $(TTF_DIR)/hipe_literals.h
-
-$(OBJDIR)/hipe_arm_glue.o:	hipe/hipe_arm_glue.S $(TTF_DIR)/hipe_arm_asm.h hipe/hipe_mode_switch.h $(TTF_DIR)/hipe_literals.h
-$(TTF_DIR)/hipe_arm_bifs.S:	hipe/hipe_arm_bifs.m4 hipe/hipe_arm_asm.m4 hipe/hipe_bif_list.m4 $(TARGET)/erl_bif_list.h hipe/hipe_gbif_list.h
-$(OBJDIR)/hipe_arm_bifs.o:	$(TTF_DIR)/hipe_arm_bifs.S $(TTF_DIR)/hipe_literals.h
+$(OBJDIR)/hipe_x86_glue.o:	hipe/hipe_x86_glue.S \
+	$(TTF_DIR)/hipe_x86_asm.h $(TTF_DIR)/hipe_literals.h \
+	hipe/hipe_mode_switch.h
+$(TTF_DIR)/hipe_x86_bifs.S:	hipe/hipe_x86_bifs.m4 hipe/hipe_x86_asm.m4 \
+	hipe/hipe_bif_list.m4 $(TARGET)/erl_bif_list.h hipe/hipe_gbif_list.h
+$(OBJDIR)/hipe_x86_bifs.o:	$(TTF_DIR)/hipe_x86_bifs.S \
+	$(TTF_DIR)/hipe_literals.h
+
+$(OBJDIR)/hipe_amd64_glue.o:	hipe/hipe_amd64_glue.S \
+	$(TTF_DIR)/hipe_amd64_asm.h $(TTF_DIR)/hipe_literals.h \
+	hipe/hipe_mode_switch.h
+$(TTF_DIR)/hipe_amd64_bifs.S:	hipe/hipe_amd64_bifs.m4 hipe/hipe_amd64_asm.m4 \
+	hipe/hipe_bif_list.m4 $(TARGET)/erl_bif_list.h hipe/hipe_gbif_list.h
+$(OBJDIR)/hipe_amd64_bifs.o:	$(TTF_DIR)/hipe_amd64_bifs.S \
+	$(TTF_DIR)/hipe_literals.h
+
+$(OBJDIR)/hipe_sparc_glue.o:	hipe/hipe_sparc_glue.S \
+	$(TTF_DIR)/hipe_sparc_asm.h hipe/hipe_mode_switch.h \
+	$(TTF_DIR)/hipe_literals.h
+$(TTF_DIR)/hipe_sparc_bifs.S:	hipe/hipe_sparc_bifs.m4 hipe/hipe_sparc_asm.m4 \
+	hipe/hipe_bif_list.m4 $(TARGET)/erl_bif_list.h hipe/hipe_gbif_list.h
+$(OBJDIR)/hipe_sparc_bifs.o:	$(TTF_DIR)/hipe_sparc_bifs.S \
+	$(TTF_DIR)/hipe_literals.h
+
+$(OBJDIR)/hipe_ppc_glue.o:	hipe/hipe_ppc_glue.S $(TTF_DIR)/hipe_ppc_asm.h \
+	hipe/hipe_mode_switch.h $(TTF_DIR)/hipe_literals.h
+$(TTF_DIR)/hipe_ppc_bifs.S:	hipe/hipe_ppc_bifs.m4 hipe/hipe_ppc_asm.m4 \
+	hipe/hipe_bif_list.m4 $(TARGET)/erl_bif_list.h hipe/hipe_gbif_list.h
+$(OBJDIR)/hipe_ppc_bifs.o:	$(TTF_DIR)/hipe_ppc_bifs.S \
+	$(TTF_DIR)/hipe_literals.h
+
+$(OBJDIR)/hipe_arm_glue.o:	hipe/hipe_arm_glue.S $(TTF_DIR)/hipe_arm_asm.h \
+	hipe/hipe_mode_switch.h $(TTF_DIR)/hipe_literals.h
+$(TTF_DIR)/hipe_arm_bifs.S:	hipe/hipe_arm_bifs.m4 hipe/hipe_arm_asm.m4 \
+	hipe/hipe_bif_list.m4 $(TARGET)/erl_bif_list.h hipe/hipe_gbif_list.h
+$(OBJDIR)/hipe_arm_bifs.o:	$(TTF_DIR)/hipe_arm_bifs.S \
+	$(TTF_DIR)/hipe_literals.h
 
 # end of HiPE section
 ########################################
@@ -924,13 +953,6 @@ $(BINDIR)/$(EMULATOR_EXECUTABLE): $(INIT_OBJS) $(OBJS) $(DEPLIBS)
 
 endif
 
-#
-# Create directories
-#
-
-$(CREATE_DIRS):
-	$(MKDIR) -p $@
-
 # ----------------------------------------------------------------------
 # Dependencies
 #
@@ -942,7 +964,7 @@ $(TARGET)/Makefile: Makefile.in
 
 #SED_REPL_WIN_DRIVE=s|\([ 	]\)\([A-Za-z]\):|\1/cygdrive/\2|g;s|^\([A-Za-z]\):|/cygdrive/\1|g
 SED_REPL_O=s|^\([^:]*:\)|$$(OBJDIR)/\1|g
-SED_REPL_ELIB_O=s|^\([^:]*\).o[ 	]*:|$$(OBJDIR)/\1.elib.o:|g
+SED_REPL_O_ZLIB=s|^\([^:]*:\)|$$(ZLIB_OBJDIR)/\1|g
 SED_REPL_TTF_DIR=s|$(TTF_DIR)/|$$(TTF_DIR)/|g
 SED_REPL_ERL_TOP=s|\([ 	]\)$(ERL_TOP)/|\1$$(ERL_TOP)/|g;s|^$(ERL_TOP)/|$$(ERL_TOP)/|g
 SED_REPL_POLL=s|$$(OBJDIR)/erl_poll.o|$$(OBJDIR)/erl_poll.kp.o $$(OBJDIR)/erl_poll.nkp.o|g
@@ -962,7 +984,7 @@ SED_SUFFIX=
 endif
 
 SED_DEPEND=sed '$(SED_PREFIX)$(SED_REPL_O);$(SED_REPL_TTF_DIR);$(SED_REPL_ERL_TOP)$(SED_SUFFIX)'
-SED_ELIB_DEPEND=sed '$(SED_PREFIX)$(SED_REPL_ELIB_O);$(SED_REPL_TTF_DIR);$(SED_REPL_ERL_TOP)$(SED_SUFFIX)'
+SED_DEPEND_ZLIB=sed '$(SED_PREFIX)$(SED_REPL_O_ZLIB)'
 
 ifdef HIPE_ENABLED
 HIPE_SRC=$(wildcard hipe/*.c)
@@ -971,7 +993,8 @@ HIPE_SRC=
 endif
 
 BEAM_SRC=$(wildcard beam/*.c)
-DRV_SRC=$(wildcard drivers/common/*.c) $(wildcard drivers/$(ERLANG_OSTYPE)/*.c)
+DRV_COMMON_SRC=$(wildcard drivers/common/*.c)
+DRV_OSTYPE_SRC=$(wildcard drivers/$(ERLANG_OSTYPE)/*.c)
 ALL_SYS_SRC=$(wildcard sys/$(ERLANG_OSTYPE)/*.c) $(wildcard sys/common/*.c)
 TARGET_SRC=$(wildcard $(TARGET)/*.c) $(wildcard $(TTF_DIR)/*.c)
 
@@ -982,7 +1005,7 @@ ifeq ($(TARGET),win32)
 
 #DEP_CC=$(EMU_CC)
 DEP_CC=$(CC)
-DEP_FLAGS=-MM  $(subst -O2,,$(CFLAGS)) $(INCLUDES) -I../etc/win32 -Idrivers/common
+DEP_FLAGS=-MM  $(subst -O2,,$(CFLAGS)) $(INCLUDES) -I../etc/win32 -Idrivers/common -Idrivers/$(ERLANG_OSTYPE)
 # ifeq (@MIXED_CYGWIN_VC@,yes)
 # VC++ used for compiling. If __GNUC__ is defined we will include
 # other headers then when compiling which will result in faulty
@@ -1002,28 +1025,40 @@ MG_FLAG=-MG
 endif
 
 DEP_CC=$(CC)
-DEP_FLAGS=-MM $(MG_FLAG) $(CFLAGS) $(INCLUDES) -Idrivers/common
+DEP_FLAGS=-MM $(MG_FLAG) $(CFLAGS) $(INCLUDES) -Idrivers/common -Idrivers/$(ERLANG_OSTYPE)
 SYS_SRC=$(ALL_SYS_SRC)
 endif
 
+.PHONY: depend
+ifdef VOID_EMULATOR
 depend:
+	@echo $(VOID_EMULATOR)' - omitted target depend'
+else
+depend: $(TTF_DIR)/depend.mk
+$(TTF_DIR)/depend.mk: $(TTF_DIR)/GENERATED
 	$(DEP_CC) $(DEP_FLAGS) $(BEAM_SRC) \
-		| $(SED_DEPEND) > $(TARGET)/depend.mk
-	$(DEP_CC) $(DEP_FLAGS) $(DRV_SRC) \
-		| $(SED_DEPEND) >> $(TARGET)/depend.mk
+		| $(SED_DEPEND) > $(TTF_DIR)/depend.mk
+	$(DEP_CC) $(DEP_FLAGS) -DLIBSCTP=$(LIBSCTP) $(DRV_COMMON_SRC) \
+		| $(SED_DEPEND) >> $(TTF_DIR)/depend.mk
+	$(DEP_CC) $(DEP_FLAGS) -I../etc/$(ERLANG_OSTYPE) $(DRV_OSTYPE_SRC) \
+		| $(SED_DEPEND) >> $(TTF_DIR)/depend.mk
 	$(DEP_CC) $(DEP_FLAGS) $(SYS_SRC) \
-		| $(SED_DEPEND) >> $(TARGET)/depend.mk
+		| $(SED_DEPEND) >> $(TTF_DIR)/depend.mk
 	$(DEP_CC) $(DEP_FLAGS) $(TARGET_SRC) \
-		| $(SED_DEPEND) >> $(TARGET)/depend.mk
-ifneq ($(TARGET),win32)
-	$(DEP_CC) $(DEP_FLAGS) $(ELIB_C_FILES) \
-		| $(SED_ELIB_DEPEND) >> $(TARGET)/depend.mk
-endif
+		| $(SED_DEPEND) >> $(TTF_DIR)/depend.mk
+	$(DEP_CC) $(DEP_FLAGS) $(ZLIB_SRC) \
+		| $(SED_DEPEND_ZLIB) >> $(TTF_DIR)/depend.mk
 ifdef HIPE_ENABLED
 	$(DEP_CC) $(DEP_FLAGS) $(HIPE_SRC) \
-		| $(SED_DEPEND) >> $(TARGET)/depend.mk
+		| $(SED_DEPEND) >> $(TTF_DIR)/depend.mk
+endif
+	cd $(ERTS_LIB_DIR) && $(MAKE) depend
 endif
--include $(TARGET)/depend.mk
-
-
 
+ifneq ($(MAKECMDGOALS),clean)
+ifneq ($(MAKECMDGOALS),generate)
+ifndef VOID_EMULATOR
+-include $(TTF_DIR)/depend.mk
+endif
+endif
+endif
diff --git a/erts/emulator/beam/atom.h b/erts/emulator/beam/atom.h
index cb245a87b1..fd9c04d3d0 100644
--- a/erts/emulator/beam/atom.h
+++ b/erts/emulator/beam/atom.h
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 1996-2010. All Rights Reserved.
+ * Copyright Ericsson AB 1996-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -34,7 +34,7 @@
 /* Internal atom cache needs MAX_ATOM_TABLE_SIZE to be less than an
    unsigned 32 bit integer. See external.c(erts_encode_ext_dist_header_setup)
    for more details. */
-#define MAX_ATOM_TABLE_SIZE ((MAX_ATOM_INDEX + 1 < (1UL << 32)) ? MAX_ATOM_INDEX + 1 : (1UL << 32))
+#define MAX_ATOM_TABLE_SIZE ((MAX_ATOM_INDEX + 1 < (UWORD_CONSTANT(1) << 32)) ? MAX_ATOM_INDEX + 1 : (UWORD_CONSTANT(1) << 32))
 #else
 #define MAX_ATOM_TABLE_SIZE (MAX_ATOM_INDEX + 1)
 #endif
diff --git a/erts/emulator/beam/atom.names b/erts/emulator/beam/atom.names
index 71454b3e57..7be40976f6 100644
--- a/erts/emulator/beam/atom.names
+++ b/erts/emulator/beam/atom.names
@@ -95,6 +95,7 @@ atom atom
 atom atom_used
 atom attributes
 atom await_proc_exit
+atom await_sched_wall_time_modifications
 atom awaiting_load
 atom awaiting_unload
 atom backtrace backtrace_depth
@@ -239,6 +240,7 @@ atom generational
 atom get_seq_token
 atom get_tcw
 atom getenv
+atom gather_sched_wall_time_result
 atom getting_linked
 atom getting_unlinked
 atom global
@@ -554,6 +556,7 @@ atom waiting
 atom wall_clock
 atom warning
 atom warning_msg
+atom scheduler_wall_time
 atom wordsize
 atom write_concurrency
 atom xor
diff --git a/erts/emulator/beam/beam_bif_load.c b/erts/emulator/beam/beam_bif_load.c
index bc8c001454..78a9d76a20 100644
--- a/erts/emulator/beam/beam_bif_load.c
+++ b/erts/emulator/beam/beam_bif_load.c
@@ -578,7 +578,7 @@ check_process_code(Process* rp, Module* modp)
 }
 
 #define in_area(ptr,start,nbytes) \
-    ((unsigned long)((char*)(ptr) - (char*)(start)) < (nbytes))
+    ((UWord)((char*)(ptr) - (char*)(start)) < (nbytes))
 
 static int
 any_heap_ref_ptrs(Eterm* start, Eterm* end, char* mod_start, Uint mod_size)
diff --git a/erts/emulator/beam/beam_bp.c b/erts/emulator/beam/beam_bp.c
index dd31376a2d..dd13cd179a 100644
--- a/erts/emulator/beam/beam_bp.c
+++ b/erts/emulator/beam/beam_bp.c
@@ -495,16 +495,6 @@ erts_find_local_func(Eterm mfa[3]) {
     return NULL;
 }
 
-/* bp_hash */
-ERTS_INLINE Uint bp_sched2ix() {
-#ifdef ERTS_SMP
-    ErtsSchedulerData *esdp;
-    esdp = erts_get_scheduler_data();
-    return esdp->no - 1;
-#else
-    return 0;
-#endif
-}
 static void bp_hash_init(bp_time_hash_t *hash, Uint n) {
     Uint size = sizeof(bp_data_time_item_t)*n;
     Uint i;
@@ -1339,15 +1329,19 @@ static BpData *get_break(Process *p, BeamInstr *pc, BeamInstr break_op) {
 }
 
 static BpData *is_break(BeamInstr *pc, BeamInstr break_op) {
-    BpData **rs = (BpData **) pc[-4];
+    BpData **rs;
     BpData  *bd = NULL, *ebd = NULL;
     ASSERT(pc[-5] == (BeamInstr) BeamOp(op_i_func_info_IaaI));
 
+    if (erts_is_native_break(pc)) {
+	return NULL;
+    }
+    rs = (BpData **) pc[-4];
     if (! rs) {
 	return NULL;
     }
 
-    bd = ebd = rs[bp_sched2ix()];
+    bd = ebd = rs[erts_bp_sched2ix()];
     ASSERT(bd);
     if ( (break_op == 0) || (bd->this_instr == break_op)) {
 	return bd;
diff --git a/erts/emulator/beam/beam_bp.h b/erts/emulator/beam/beam_bp.h
index 2ec5818688..167069552f 100644
--- a/erts/emulator/beam/beam_bp.h
+++ b/erts/emulator/beam/beam_bp.h
@@ -144,8 +144,6 @@ extern erts_smp_spinlock_t erts_bp_lock;
 #define ErtsSmpBPUnlock(BDC)
 #endif
 
-ERTS_INLINE Uint bp_sched2ix(void);
-
 #ifdef ERTS_SMP
 #define bp_sched2ix_proc(p) ((p)->scheduler_data->no - 1)
 #else
@@ -247,4 +245,19 @@ BpData *erts_get_time_break(Process *p, BeamInstr *pc);
 
 BeamInstr *erts_find_local_func(Eterm mfa[3]);
 
+ERTS_GLB_INLINE Uint erts_bp_sched2ix(void);
+
+#if ERTS_GLB_INLINE_INCL_FUNC_DEF
+ERTS_GLB_INLINE Uint erts_bp_sched2ix(void)
+{
+#ifdef ERTS_SMP
+    ErtsSchedulerData *esdp;
+    esdp = erts_get_scheduler_data();
+    return esdp->no - 1;
+#else
+    return 0;
+#endif
+}
+#endif
+
 #endif /* _BEAM_BP_H */
diff --git a/erts/emulator/beam/beam_catches.c b/erts/emulator/beam/beam_catches.c
index a550ec5ad0..406ef1db5f 100644
--- a/erts/emulator/beam/beam_catches.c
+++ b/erts/emulator/beam/beam_catches.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2000-2010. All Rights Reserved.
+ * Copyright Ericsson AB 2000-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
diff --git a/erts/emulator/beam/beam_emu.c b/erts/emulator/beam/beam_emu.c
index 68e6383f7f..c65b2be106 100644
--- a/erts/emulator/beam/beam_emu.c
+++ b/erts/emulator/beam/beam_emu.c
@@ -45,7 +45,7 @@
 /* #define HARDDEBUG 1 */
 
 #if defined(NO_JUMP_TABLE)
-#  define OpCase(OpCode)    case op_##OpCode: lb_##OpCode
+#  define OpCase(OpCode)    case op_##OpCode
 #  define CountCase(OpCode) case op_count_##OpCode
 #  define OpCode(OpCode)    ((Uint*)op_##OpCode)
 #  define Goto(Rel) {Go = (int)(Rel); goto emulator_loop;}
@@ -53,7 +53,7 @@
 #else
 #  define OpCase(OpCode)    lb_##OpCode
 #  define CountCase(OpCode) lb_count_##OpCode
-#  define Goto(Rel) goto *(Rel)
+#  define Goto(Rel) goto *((void *)Rel)
 #  define LabelAddr(Label) &&Label
 #  define OpCode(OpCode)  (&&lb_##OpCode)
 #endif
@@ -199,7 +199,7 @@ do {                                     \
     }                                                        \
   } while (0)
 
-#define ClauseFail() goto lb_jump_f
+#define ClauseFail() goto jump_f
 
 #define SAVE_CP(X)				\
    do {						\
@@ -234,6 +234,12 @@ BeamInstr beam_return_trace[1];      /* OpCode(i_return_trace) */
 BeamInstr beam_exception_trace[1];   /* UGLY also OpCode(i_return_trace) */
 BeamInstr beam_return_time_trace[1]; /* OpCode(i_return_time_trace) */
 
+
+/*
+ * We should warn only once for tuple funs.
+ */
+static erts_smp_atomic_t warned_for_tuple_funs;
+
 /*
  * All Beam instructions in numerical order.
  */
@@ -1015,6 +1021,7 @@ init_emulator(void)
 #if defined(VXWORKS)
     init_done = 0;
 #endif
+    erts_smp_atomic_init_nob(&warned_for_tuple_funs, (erts_aint_t) 0);
     process_main();
 }
 
@@ -2540,6 +2547,7 @@ void process_main(void)
  lb_Cl_error: {
      if (Arg(0) != 0) {
 	 OpCase(jump_f): {
+	 jump_f:
 	     SET_I((BeamInstr *) Arg(0));
 	     Goto(*I);
 	 }
@@ -3113,7 +3121,7 @@ void process_main(void)
 
  /* Fall through */
  OpCase(error_action_code): {
- no_error_handler:
+    handle_error:
      reg[0] = r(0);
      SWAPOUT;
      I = handle_error(c_p, NULL, reg, NULL);
@@ -3274,7 +3282,7 @@ void process_main(void)
  OpCase(i_func_info_IaaI): {
      c_p->freason = EXC_FUNCTION_CLAUSE;
      c_p->current = I + 2;
-     goto lb_error_action_code;
+     goto handle_error;
  }
 
  OpCase(try_case_end_s):
@@ -4960,7 +4968,7 @@ void process_main(void)
      if (I) {
 	 Goto(*I);
      }
-     goto no_error_handler;
+     goto handle_error;
  }
 
 
@@ -6187,6 +6195,26 @@ call_fun(Process* p,		/* Current process. */
 	if (!is_atom(module) || !is_atom(function)) {
 	    goto badfun;
 	}
+
+	/*
+	 * If this is the first time a tuple fun is used,
+	 * send a warning to the logger.
+	 */
+	if (erts_smp_atomic_xchg_nob(&warned_for_tuple_funs,
+				     (erts_aint_t) 1) == 0) {
+	    erts_dsprintf_buf_t* dsbufp;
+
+	    dsbufp = erts_create_logger_dsbuf();
+	    erts_dsprintf(dsbufp, "Call to tuple fun {%T,%T}.\n\n"
+			  "Tuple funs are deprecated and will be removed "
+			  "in R16. Use \"fun M:F/A\" instead, for example "
+			  "\"fun %T:%T/%d\".\n\n"
+			  "(This warning will only be shown the first time "
+			  "a tuple fun is called.)\n",
+			  module, function, module, function, arity);
+	    erts_send_warning_to_logger(p->group_leader, dsbufp);
+	}
+
 	if ((ep = erts_find_export_entry(module, function, arity)) == NULL) {
 	    ep = erts_find_export_entry(erts_proc_get_error_handler(p),
 					am_undefined_function, 3);
diff --git a/erts/emulator/beam/beam_load.c b/erts/emulator/beam/beam_load.c
index 4427defe0c..dd788df6e4 100644
--- a/erts/emulator/beam/beam_load.c
+++ b/erts/emulator/beam/beam_load.c
@@ -254,6 +254,7 @@ typedef struct LoaderState {
     char* file_name;		/* Name of file we are reading (usually chunk name). */
     byte* file_p;		/* Current pointer within file. */
     unsigned file_left;		/* Number of bytes left in file. */
+    ErlDrvBinary* bin;		/* Binary holding BEAM file (or NULL) */
 
     /*
      * The following are used mainly for diagnostics.
@@ -499,8 +500,10 @@ static void free_state(LoaderState* stp);
 static Eterm insert_new_code(Process *c_p, ErtsProcLocks c_p_locks,
 			     Eterm group_leader, Eterm module,
 			     BeamInstr* code, Uint size);
+static int init_iff_file(LoaderState* stp, byte* code, Uint size);
 static int scan_iff_file(LoaderState* stp, Uint* chunk_types,
 			 Uint num_types, Uint num_mandatory);
+static int verify_chunks(LoaderState* stp);
 static int load_atom_table(LoaderState* stp);
 static int load_import_table(LoaderState* stp);
 static int read_export_table(LoaderState* stp);
@@ -630,40 +633,23 @@ erts_prepare_loading(LoaderState* stp, Process *c_p, Eterm group_leader,
 		     Eterm* modp, byte* code, Uint unloaded_size)
 {
     Eterm retval = am_badfile;
-    ErlDrvBinary* bin = NULL;
 
     stp->module = *modp;
     stp->group_leader = group_leader;
 
-    /*
-     * Check if the module is compressed (or possibly invalid/corrupted).
-     */
-    if ( !(unloaded_size >= 4 &&
-	   code[0] == 'F' && code[1] == 'O' &&
-	   code[2] == 'R' && code[3] == '1') ) {
-	bin = (ErlDrvBinary *)
-	    erts_gzinflate_buffer((char*)code, unloaded_size);
-	if (bin == NULL) {
-	    goto load_error;
-	}
-	code = (byte*)bin->orig_bytes;
-	unloaded_size = bin->orig_size;
-    }
+#if defined(LOAD_MEMORY_HARD_DEBUG) && defined(DEBUG)
+    erts_fprintf(stderr,"Loading a module\n");
+#endif
 
     /*
      * Scan the IFF file.
      */
 
-#if defined(LOAD_MEMORY_HARD_DEBUG) && defined(DEBUG)
-    erts_fprintf(stderr,"Loading a module\n");
-#endif
-
     CHKALLOC();
     CHKBLK(ERTS_ALC_T_CODE,stp->code);
-    stp->file_name = "IFF header for Beam file";
-    stp->file_p = code;
-    stp->file_left = unloaded_size;
-    if (!scan_iff_file(stp, chunk_types, NUM_CHUNK_TYPES, NUM_MANDATORY)) {
+    if (!init_iff_file(stp, code, unloaded_size) ||
+	!scan_iff_file(stp, chunk_types, NUM_CHUNK_TYPES, NUM_MANDATORY) ||
+	!verify_chunks(stp)) {
 	goto load_error;
     }
 
@@ -787,9 +773,6 @@ erts_prepare_loading(LoaderState* stp, Process *c_p, Eterm group_leader,
     retval = NIL;
 
  load_error:
-    if (bin) {
-	driver_free_binary(bin);
-    }
     if (retval != NIL) {
 	free_state(stp);
     }
@@ -864,6 +847,7 @@ erts_alloc_loader_state(void)
     LoaderState* stp;
 
     stp = erts_alloc(ERTS_ALC_T_LOADER_TMP, sizeof(LoaderState));
+    stp->bin = NULL;
     stp->function = THE_NON_VALUE; /* Function not known yet */
     stp->arity = 0;
     stp->specific_op = -1;
@@ -897,6 +881,9 @@ erts_alloc_loader_state(void)
 static void
 free_state(LoaderState* stp)
 {
+    if (stp->bin != 0) {
+	driver_free_binary(stp->bin);
+    }
     if (stp->code != 0) {
 	erts_free(ERTS_ALC_T_CODE, stp->code);
     }
@@ -956,6 +943,7 @@ free_state(LoaderState* stp)
     if (stp->fname != 0) {
 	erts_free(ERTS_ALC_T_LOADER_TMP, stp->fname);
     }
+
     erts_free(ERTS_ALC_T_LOADER_TMP, stp);
 }
 
@@ -968,7 +956,7 @@ insert_new_code(Process *c_p, ErtsProcLocks c_p_locks,
     Eterm retval;
     int i;
 
-    if ((retval = beam_make_current_old(c_p, c_p_locks, module)) < 0) {
+    if ((retval = beam_make_current_old(c_p, c_p_locks, module)) != NIL) {
 	erts_dsprintf_buf_t *dsbufp = erts_create_logger_dsbuf();
 	erts_dsprintf(dsbufp,
 		      "Module %T must be purged before loading\n",
@@ -1011,23 +999,47 @@ insert_new_code(Process *c_p, ErtsProcLocks c_p_locks,
 }
 
 static int
-scan_iff_file(LoaderState* stp, Uint* chunk_types, Uint num_types, Uint num_mandatory)
+init_iff_file(LoaderState* stp, byte* code, Uint size)
 {
-    MD5_CTX context;
+    Uint form_id = MakeIffId('F', 'O', 'R', '1');
     Uint id;
     Uint count;
-    int i;
+
+    if (size < 4) {
+	goto load_error;
+    }
 
     /*
-     * The binary must start with an IFF 'FOR1' chunk.
+     * Check if the module is compressed (or possibly invalid/corrupted).
      */
+    if (MakeIffId(code[0], code[1], code[2], code[3]) != form_id) {
+	stp->bin = (ErlDrvBinary *) erts_gzinflate_buffer((char*)code, size);
+	if (stp->bin == NULL) {
+	    goto load_error;
+	}
+	code = (byte*)stp->bin->orig_bytes;
+	size = stp->bin->orig_size;
+	if (size < 4) {
+	    goto load_error;
+	}
+    }
 
-    GetInt(stp, 4, id);
-    if (id != MakeIffId('F', 'O', 'R', '1')) {
+    /*
+     * The binary must start with an IFF 'FOR1' chunk.
+     */
+    if (MakeIffId(code[0], code[1], code[2], code[3]) != form_id) {
 	LoadError0(stp, "not a BEAM file: no IFF 'FOR1' chunk");
     }
 
     /*
+     * Initialize our "virtual file system".
+     */
+
+    stp->file_name = "IFF header for Beam file";
+    stp->file_p = code + 4;
+    stp->file_left = size - 4;
+
+    /*
      * Retrieve the chunk size and verify it.  If the size is equal to
      * or less than the size of the binary, it is ok and we will use it
      * as the limit for the logical file size.
@@ -1048,6 +1060,21 @@ scan_iff_file(LoaderState* stp, Uint* chunk_types, Uint num_types, Uint num_mand
     if (id != MakeIffId('B', 'E', 'A', 'M')) {
 	LoadError0(stp, "not a BEAM file: IFF form type is not 'BEAM'");
     }
+    return 1;
+
+ load_error:
+    return 0;
+}
+
+/*
+ * Scan the IFF file. The header should have been verified by init_iff_file().
+ */
+static int
+scan_iff_file(LoaderState* stp, Uint* chunk_types, Uint num_types, Uint num_mandatory)
+{
+    Uint count;
+    Uint id;
+    int i;
 
     /*
      * Initialize the chunks[] array in the state.
@@ -1104,17 +1131,25 @@ scan_iff_file(LoaderState* stp, Uint* chunk_types, Uint num_types, Uint num_mand
 	stp->file_p += count;
 	stp->file_left -= count;
     }
+    return 1;
 
-    /*
-     * At this point, we have read the entire IFF file, and we
-     * know that it is syntactically correct.
-     *
-     * Now check that it contains all mandatory chunks. At the
-     * same time calculate the MD5 for the module.
-     */
+ load_error:
+    return 0;
+}
+
+/*
+ * Verify that all mandatory chunks are present and calculate
+ * MD5 for the module.
+ */
+
+static int
+verify_chunks(LoaderState* stp)
+{
+    int i;
+    MD5_CTX context;
 
     MD5Init(&context);
-    for (i = 0; i < num_mandatory; i++) {
+    for (i = 0; i < NUM_MANDATORY; i++) {
 	if (stp->chunks[i].start != NULL) {
 	    MD5Update(&context, stp->chunks[i].start, stp->chunks[i].size);
 	} else {
@@ -1124,41 +1159,49 @@ scan_iff_file(LoaderState* stp, Uint* chunk_types, Uint num_types, Uint num_mand
 	    LoadError1(stp, "mandatory chunk of type '%s' not found\n", sbuf);
 	}
     }
-    if (LITERAL_CHUNK < num_types) {
-	if (stp->chunks[LAMBDA_CHUNK].start != 0) {
-	    byte* start = stp->chunks[LAMBDA_CHUNK].start;
-	    Uint left = stp->chunks[LAMBDA_CHUNK].size;
 
-	    /*
-	     * The idea here is to ignore the OldUniq field for the fun; it is
-	     * based on the old broken hash function, which can be different
-	     * on little endian and big endian machines.
-	     */
-	    if (left >= 4) {
-		static byte zero[4];
-		MD5Update(&context, start, 4);
-		start += 4;
-		left -= 4;
+    /*
+     * If there is a lambda chunk, include parts of it in the MD5.
+     */
+    if (stp->chunks[LAMBDA_CHUNK].start != 0) {
+	byte* start = stp->chunks[LAMBDA_CHUNK].start;
+	Uint left = stp->chunks[LAMBDA_CHUNK].size;
+
+	/*
+	 * The idea here is to ignore the OldUniq field for the fun; it is
+	 * based on the old broken hash function, which can be different
+	 * on little endian and big endian machines.
+	 */
+	if (left >= 4) {
+	    static byte zero[4];
+	    MD5Update(&context, start, 4);
+	    start += 4;
+	    left -= 4;
 		
-		while (left >= 24) {
-		    /* Include: Function Arity Index NumFree */
-		    MD5Update(&context, start, 20);
-		    /* Set to zero: OldUniq */
-		    MD5Update(&context, zero, 4);
-		    start += 24;
-		    left -= 24;
-		}
-	    }
-	    /* Can't happen for a correct 'FunT' chunk */
-	    if (left > 0) {
-		MD5Update(&context, start, left);
+	    while (left >= 24) {
+		/* Include: Function Arity Index NumFree */
+		MD5Update(&context, start, 20);
+		/* Set to zero: OldUniq */
+		MD5Update(&context, zero, 4);
+		start += 24;
+		left -= 24;
 	    }
 	}
-	if (stp->chunks[LITERAL_CHUNK].start != 0) {
-	    MD5Update(&context, stp->chunks[LITERAL_CHUNK].start,
-		      stp->chunks[LITERAL_CHUNK].size);
+	/* Can't happen for a correct 'FunT' chunk */
+	if (left > 0) {
+	    MD5Update(&context, start, left);
 	}
     }
+
+
+    /*
+     * If there is a literal chunk, include it in the MD5.
+     */
+    if (stp->chunks[LITERAL_CHUNK].start != 0) {
+	MD5Update(&context, stp->chunks[LITERAL_CHUNK].start,
+		  stp->chunks[LITERAL_CHUNK].size);
+    }
+
     MD5Final(stp->mod_md5, &context);
     return 1;
 
@@ -1391,7 +1434,7 @@ static int
 read_literal_table(LoaderState* stp)
 {
     int i;
-    BeamInstr uncompressed_sz;
+    uLongf uncompressed_sz;
     byte* uncompressed = 0;
 
     GetInt(stp, 4, uncompressed_sz);
@@ -1401,7 +1444,7 @@ read_literal_table(LoaderState* stp)
 	LoadError0(stp, "failed to uncompress literal table (constant pool)");
     }
     stp->file_p = uncompressed;
-    stp->file_left = uncompressed_sz;
+    stp->file_left = (unsigned) uncompressed_sz;
     GetInt(stp, 4, stp->num_literals);
     stp->literals = (Literal *) erts_alloc(ERTS_ALC_T_LOADER_TMP,
 					   stp->num_literals * sizeof(Literal));
@@ -3457,7 +3500,6 @@ gen_jump_tab(LoaderState* stp, GenOpArg S, GenOpArg Fail, GenOpArg Size, GenOpAr
     }
     size = max - min + 1;
 
-
     /*
      * Allocate structure and fill in the fixed fields.
      */
@@ -3489,7 +3531,7 @@ gen_jump_tab(LoaderState* stp, GenOpArg S, GenOpArg Fail, GenOpArg Size, GenOpAr
 	op->a[i] = Fail;
     }
     for (i = 0; i < Size.val; i += 2) {
-	int index;
+	Sint index;
 	index = fixed_args+Rest[i].val-min;
 	ASSERT(fixed_args <= index && index < arity);
 	op->a[index] = Rest[i+1];
@@ -5407,7 +5449,7 @@ code_get_chunk_2(BIF_ALIST_2)
     Process* p = BIF_P;
     Eterm Bin = BIF_ARG_1;
     Eterm Chunk = BIF_ARG_2;
-    LoaderState state;
+    LoaderState* stp;
     Uint chunk = 0;
     ErlSubBin* sb;
     Uint offset;
@@ -5419,15 +5461,16 @@ code_get_chunk_2(BIF_ALIST_2)
     Eterm real_bin;
     byte* temp_alloc = NULL;
 
+    stp = erts_alloc_loader_state();
     if ((start = erts_get_aligned_binary_bytes(Bin, &temp_alloc)) == NULL) {
     error:
 	erts_free_aligned_binary_bytes(temp_alloc);
+	if (stp) {
+	    free_state(stp);
+	}
 	BIF_ERROR(p, BADARG);
     }
-    state.module = THE_NON_VALUE; /* Suppress diagnostiscs */
-    state.file_name = "IFF header for Beam file";
-    state.file_p = start;
-    state.file_left = binary_size(Bin);
+    stp->module = THE_NON_VALUE; /* Suppress diagnostics */
     for (i = 0; i < 4; i++) {
 	Eterm* chunkp;
 	Eterm num;
@@ -5445,25 +5488,30 @@ code_get_chunk_2(BIF_ALIST_2)
     if (is_not_nil(Chunk)) {
 	goto error;
     }
-    if (!scan_iff_file(&state, &chunk, 1, 1)) {
-	erts_free_aligned_binary_bytes(temp_alloc);
-	return am_undefined;
+    if (!init_iff_file(stp, start, binary_size(Bin)) ||
+	!scan_iff_file(stp, &chunk, 1, 1) ||
+	stp->chunks[0].start == NULL) {
+	res = am_undefined;
+	goto done;
     }
     ERTS_GET_REAL_BIN(Bin, real_bin, offset, bitoffs, bitsize);
     if (bitoffs) {
-	res = new_binary(p, state.chunks[0].start, state.chunks[0].size);
+	res = new_binary(p, stp->chunks[0].start, stp->chunks[0].size);
     } else {
 	sb = (ErlSubBin *) HAlloc(p, ERL_SUB_BIN_SIZE);
 	sb->thing_word = HEADER_SUB_BIN;
 	sb->orig = real_bin;
-	sb->size = state.chunks[0].size;
+	sb->size = stp->chunks[0].size;
 	sb->bitsize = 0;
 	sb->bitoffs = 0;
-	sb->offs = offset + (state.chunks[0].start - start);
+	sb->offs = offset + (stp->chunks[0].start - start);
 	sb->is_writable = 0;
 	res = make_binary(sb);
     }
+
+ done:
     erts_free_aligned_binary_bytes(temp_alloc);
+    free_state(stp);
     return res;
 }
 
@@ -5476,21 +5524,29 @@ code_module_md5_1(BIF_ALIST_1)
 {
     Process* p = BIF_P;
     Eterm Bin = BIF_ARG_1;
-    LoaderState state;
+    LoaderState* stp;
+    byte* bytes;
     byte* temp_alloc = NULL;
+    Eterm res;
 
-    if ((state.file_p = erts_get_aligned_binary_bytes(Bin, &temp_alloc)) == NULL) {
+    stp = erts_alloc_loader_state();
+    if ((bytes = erts_get_aligned_binary_bytes(Bin, &temp_alloc)) == NULL) {
+	free_state(stp);
 	BIF_ERROR(p, BADARG);
     }
-    state.module = THE_NON_VALUE; /* Suppress diagnostiscs */
-    state.file_name = "IFF header for Beam file";
-    state.file_left = binary_size(Bin);
-
-    if (!scan_iff_file(&state, chunk_types, NUM_CHUNK_TYPES, NUM_MANDATORY)) {
-	return am_undefined;
+    stp->module = THE_NON_VALUE; /* Suppress diagnostiscs */
+    if (!init_iff_file(stp, bytes, binary_size(Bin)) ||
+	!scan_iff_file(stp, chunk_types, NUM_CHUNK_TYPES, NUM_MANDATORY) ||
+	!verify_chunks(stp)) {
+	res = am_undefined;
+	goto done;
     }
+    res = new_binary(p, stp->mod_md5, sizeof(stp->mod_md5));
+
+ done:
     erts_free_aligned_binary_bytes(temp_alloc);
-    return new_binary(p, state.mod_md5, sizeof(state.mod_md5));
+    free_state(stp);
+    return res;
 }
 
 #define WORDS_PER_FUNCTION 6
@@ -5776,7 +5832,6 @@ erts_make_stub_module(Process* p, Eterm Mod, Eterm Beam, Eterm Info)
     int code_size;
     int rval;
     int i;
-    ErlDrvBinary* bin = NULL;
     byte* temp_alloc = NULL;
     byte* bytes;
     Uint size;
@@ -5809,29 +5864,17 @@ erts_make_stub_module(Process* p, Eterm Mod, Eterm Beam, Eterm Info)
     size = binary_size(Beam);
 
     /*
-     * Uncompressed if needed.
-     */
-    if (!(size >= 4 && bytes[0] == 'F' && bytes[1] == 'O' &&
-	  bytes[2] == 'R' && bytes[3] == '1')) {
-	bin = (ErlDrvBinary *) erts_gzinflate_buffer((char*)bytes, size);
-	if (bin == NULL) {
-	    goto error;
-	}
-	bytes = (byte*)bin->orig_bytes;
-	size = bin->orig_size;
-    }
-    
-    /*
      * Scan the Beam binary and read the interesting sections.
      */
 
-    stp->file_name = "IFF header for Beam file";
-    stp->file_p = bytes;
-    stp->file_left = size;
     stp->module = Mod;
     stp->group_leader = p->group_leader;
     stp->num_functions = n;
-    if (!scan_iff_file(stp, chunk_types, NUM_CHUNK_TYPES, NUM_MANDATORY)) {
+    if (!init_iff_file(stp, bytes, size)) {
+	goto error;
+    }
+    if (!scan_iff_file(stp, chunk_types, NUM_CHUNK_TYPES, NUM_MANDATORY) ||
+	!verify_chunks(stp)) {
 	goto error;
     }
     define_file(stp, "code chunk header", CODE_CHUNK);
@@ -5986,13 +6029,11 @@ erts_make_stub_module(Process* p, Eterm Mod, Eterm Beam, Eterm Info)
     if (patch_funentries(Patchlist)) {
 	erts_free_aligned_binary_bytes(temp_alloc);
 	free_state(stp);
-	if (bin != NULL) {
-	    driver_free_binary(bin);
-	}
 	return Mod;
     }
 
  error:
+    erts_free_aligned_binary_bytes(temp_alloc);
     free_state(stp);
     BIF_ERROR(p, BADARG);
 }
diff --git a/erts/emulator/beam/beam_load.h b/erts/emulator/beam/beam_load.h
index 4e22ee4d79..997ba197db 100644
--- a/erts/emulator/beam/beam_load.h
+++ b/erts/emulator/beam/beam_load.h
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 1999-2010. All Rights Reserved.
+ * Copyright Ericsson AB 1999-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
diff --git a/erts/emulator/beam/bif.c b/erts/emulator/beam/bif.c
index 8ab363a1ec..f8305944a4 100644
--- a/erts/emulator/beam/bif.c
+++ b/erts/emulator/beam/bif.c
@@ -43,6 +43,9 @@ static Export* set_cpu_topology_trap = NULL;
 static Export* await_proc_exit_trap = NULL;
 Export* erts_format_cpu_topology_trap = NULL;
 
+static Export *await_sched_wall_time_mod_trap;
+static erts_smp_atomic32_t sched_wall_time;
+
 #define DECL_AM(S) Eterm AM_ ## S = am_atom_put(#S, sizeof(#S) - 1)
 
 /*
@@ -870,8 +873,6 @@ BIF_RETTYPE spawn_opt_1(BIF_ALIST_1)
 		}
 	    } else if (arg == am_scheduler && is_small(val)) {
 		Sint scheduler = signed_val(val);
-		if (erts_common_run_queue && erts_no_schedulers > 1)
-		    goto error;
 		if (scheduler < 0 || erts_no_schedulers < scheduler)
 		    goto error;
 		so.scheduler = (int) scheduler;
@@ -1535,8 +1536,6 @@ BIF_RETTYPE process_flag_2(BIF_ALIST_2)
        ErtsRunQueue *old;
        ErtsRunQueue *new;
        Sint sched;
-       if (erts_common_run_queue && erts_no_schedulers > 1)
-	   goto error;
        if (!is_small(BIF_ARG_2))
 	   goto error;
        sched = signed_val(BIF_ARG_2);
@@ -3389,6 +3388,61 @@ BIF_RETTYPE universaltime_to_localtime_1(BIF_ALIST_1)
     BIF_RET(TUPLE2(hp, res1, res2));
 }
 
+/* convert calendar:universaltime_to_seconds/1 */
+
+BIF_RETTYPE universaltime_to_posixtime_1(BIF_ALIST_1)
+{
+    Sint year, month, day;
+    Sint hour, minute, second;
+
+    Sint64 seconds = 0;
+    Eterm *hp;
+    Uint hsz = 0;
+
+    if (!time_to_parts(BIF_ARG_1, &year, &month, &day, 
+		       &hour, &minute, &second))
+	BIF_ERROR(BIF_P, BADARG);
+
+    if (!univ_to_seconds(year, month, day, hour, minute, second, &seconds)) {
+	BIF_ERROR(BIF_P, BADARG);
+    }
+
+    erts_bld_sint64(NULL, &hsz, seconds);
+    hp = HAlloc(BIF_P, hsz);
+    BIF_RET(erts_bld_sint64(&hp, NULL, seconds));
+}
+
+/* convert calendar:seconds_to_universaltime/1 */
+
+BIF_RETTYPE posixtime_to_universaltime_1(BIF_ALIST_1)
+{
+    Sint year, month, day;
+    Sint hour, minute, second;
+    Eterm res1, res2;
+    Eterm* hp;
+
+    Sint64 time = 0;
+
+    if (!term_to_Sint64(BIF_ARG_1, &time)) {
+	BIF_ERROR(BIF_P, BADARG);
+    }
+
+    if (!seconds_to_univ(time, &year, &month, &day,
+		&hour, &minute, &second)) {
+	BIF_ERROR(BIF_P, BADARG);
+    }
+
+    hp = HAlloc(BIF_P, 4+4+3);
+    res1 = TUPLE3(hp,make_small(year),make_small(month),
+		  make_small(day));
+    hp += 4;
+    res2 = TUPLE3(hp,make_small(hour),make_small(minute),
+		  make_small(second));
+    hp += 4;
+    BIF_RET(TUPLE2(hp, res1, res2));
+}
+
+
 /**********************************************************************/
 
 
@@ -4109,6 +4163,18 @@ BIF_RETTYPE system_flag_2(BIF_ALIST_2)
 	erts_smp_proc_lock(BIF_P, ERTS_PROC_LOCK_MAIN);
 
 	BIF_RET(am_true);
+    } else if (BIF_ARG_1 == am_scheduler_wall_time) {
+	if (BIF_ARG_2 == am_true || BIF_ARG_2 == am_false) {
+	    erts_aint32_t new = BIF_ARG_2 == am_true ? 1 : 0;
+	    erts_aint32_t old = erts_smp_atomic32_xchg_nob(&sched_wall_time,
+							   new);
+	    Eterm ref = erts_sched_wall_time_request(BIF_P, 1, new);
+	    ASSERT(is_value(ref));
+	    BIF_TRAP2(await_sched_wall_time_mod_trap,
+		      BIF_P,
+		      ref,
+		      old ? am_true : am_false);
+	}
     } else if (ERTS_IS_ATOM_STR("scheduling_statistics", BIF_ARG_1)) {
 	int what;
 	if (ERTS_IS_ATOM_STR("disable", BIF_ARG_2))
@@ -4128,8 +4194,20 @@ BIF_RETTYPE system_flag_2(BIF_ALIST_2)
 	if (is_value(res))
 	    BIF_RET(res);
     } else if (ERTS_IS_ATOM_STR("cpu_topology", BIF_ARG_1)) {
+	erts_send_warning_to_logger_str(
+	    BIF_P->group_leader,
+	    "A call to erlang:system_flag(cpu_topology, _) was made.\n"
+	    "The cpu_topology argument is deprecated and scheduled\n"
+	    "for removal in erts-5.10/OTP-R16. For more information\n"
+	    "see the erlang:system_flag/2 documentation.\n");
 	BIF_TRAP1(set_cpu_topology_trap, BIF_P, BIF_ARG_2);
     } else if (ERTS_IS_ATOM_STR("scheduler_bind_type", BIF_ARG_1)) {
+	erts_send_warning_to_logger_str(
+	    BIF_P->group_leader,
+	    "A call to erlang:system_flag(scheduler_bind_type, _) was\n"
+	    "made. The scheduler_bind_type argument is deprecated and\n"
+	    "scheduled for removal in erts-5.10/OTP-R16. For more\n"
+	    "information see the erlang:system_flag/2 documentation.\n");
 	return erts_bind_schedulers(BIF_P, BIF_ARG_2);
     }
     error:
@@ -4394,6 +4472,9 @@ void erts_init_bif(void)
 						    am_format_cpu_topology,
 						    1);
     await_proc_exit_trap = erts_export_put(am_erlang,am_await_proc_exit,3);
+    await_sched_wall_time_mod_trap
+	= erts_export_put(am_erlang, am_await_sched_wall_time_modifications, 2);
+    erts_smp_atomic32_init_nob(&sched_wall_time, 0);
 }
 
 #ifdef HARDDEBUG
diff --git a/erts/emulator/beam/bif.tab b/erts/emulator/beam/bif.tab
index 987008c937..8cc568b16c 100644
--- a/erts/emulator/beam/bif.tab
+++ b/erts/emulator/beam/bif.tab
@@ -806,6 +806,12 @@ bif file:native_name_encoding/0
 #
 bif erlang:check_old_code/1
 
+
+#
+# New in R15B
+#
+bif erlang:universaltime_to_posixtime/1
+bif erlang:posixtime_to_universaltime/1
 #
 # Obsolete
 #
diff --git a/erts/emulator/beam/big.c b/erts/emulator/beam/big.c
index 46db9ca99c..25ac790d81 100644
--- a/erts/emulator/beam/big.c
+++ b/erts/emulator/beam/big.c
@@ -1325,7 +1325,7 @@ static dsize_t I_lshift(ErtsDigit* x, dsize_t xl, Sint y,
 	return 1;
     }
     else {
-	long ay = (y < 0) ? -y : y;
+	SWord ay = (y < 0) ? -y : y;
 	int bw = ay / D_EXP;
 	int sw = ay % D_EXP;
 	dsize_t rl;
@@ -1450,6 +1450,20 @@ erts_make_integer(Uint x, Process *p)
 	return uint_to_big(x,hp);
     }
 }
+/*
+ * As erts_make_integer, but from a whole UWord.
+ */
+Eterm
+erts_make_integer_from_uword(UWord x, Process *p)
+{
+    Eterm* hp;
+    if (IS_USMALL(0,x))
+	return make_small(x);
+    else {
+	hp = HAlloc(p, BIG_UWORD_HEAP_SIZE(x));
+	return uword_to_big(x,hp);
+    }
+}
 
 /*
 ** convert Uint to bigint
@@ -1830,6 +1844,7 @@ dsize_t big_bytes(Eterm x)
 /*
 ** Load a bignum from bytes
 ** xsz is the number of bytes in xp
+** *r is untouched if number fits in small
 */
 Eterm bytes_to_big(byte *xp, dsize_t xsz, int xsgn, Eterm *r)
 {
@@ -1838,7 +1853,7 @@ Eterm bytes_to_big(byte *xp, dsize_t xsz, int xsgn, Eterm *r)
     ErtsDigit d;
     int i;
 
-    while(xsz >= sizeof(ErtsDigit)) {
+    while(xsz > sizeof(ErtsDigit)) {
 	d = 0;
 	for(i = sizeof(ErtsDigit); --i >= 0;)
 	    d = (d << 8) | xp[i];
@@ -1853,11 +1868,20 @@ Eterm bytes_to_big(byte *xp, dsize_t xsz, int xsgn, Eterm *r)
 	d = 0;
 	for(i = xsz; --i >= 0;)
 	    d = (d << 8) | xp[i];
+	if (++rsz == 1 && IS_USMALL(xsgn,d)) {
+	    if (xsgn) d = -d;
+	    return make_small(d);
+	}
 	*rwp = d;
 	rwp++;
-	rsz++;
     }
-    return big_norm(r, rsz, (short) xsgn);
+    if (xsgn) {
+      *r = make_neg_bignum_header(rsz);
+    }
+    else {
+      *r = make_pos_bignum_header(rsz);
+    }
+    return make_big(r);
 }
 
 /*
diff --git a/erts/emulator/beam/big.h b/erts/emulator/beam/big.h
index 256f1c2b45..7eb1e5afe2 100644
--- a/erts/emulator/beam/big.h
+++ b/erts/emulator/beam/big.h
@@ -145,6 +145,7 @@ Eterm small_to_big(Sint, Eterm*);
 Eterm uint_to_big(Uint, Eterm*);
 Eterm uword_to_big(UWord, Eterm*);
 Eterm erts_make_integer(Uint, Process *);
+Eterm erts_make_integer_from_uword(UWord x, Process *p);
 
 dsize_t big_bytes(Eterm);
 Eterm bytes_to_big(byte*, dsize_t, int, Eterm*);
diff --git a/erts/emulator/beam/binary.c b/erts/emulator/beam/binary.c
index 29461877c5..3d2725e239 100644
--- a/erts/emulator/beam/binary.c
+++ b/erts/emulator/beam/binary.c
@@ -47,7 +47,7 @@ erts_init_binary(void)
 	   away. If not, this test is not very expensive... */
 	erl_exit(ERTS_ABORT_EXIT,
 		 "Internal error: Address of orig_bytes[0] of a Binary"
-		 "is *not* 8-byte aligned\n");
+		 " is *not* 8-byte aligned\n");
     }
 }
 
diff --git a/erts/emulator/beam/break.c b/erts/emulator/beam/break.c
index 784e55ecd2..6f5020dc14 100644
--- a/erts/emulator/beam/break.c
+++ b/erts/emulator/beam/break.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 1996-2011. All Rights Reserved.
+ * Copyright Ericsson AB 1996-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -182,6 +182,7 @@ print_process_info(int to, void *to_arg, Process *p)
 {
     int garbing = 0;
     int running = 0;
+    time_t tmp_t;
     struct saved_calls *scb;
 
     /* display the PID */
@@ -244,8 +245,8 @@ print_process_info(int to, void *to_arg, Process *p)
     }
 
     erts_print(to, to_arg, "Spawned by: %T\n", p->parent);
-
-    erts_print(to, to_arg, "Started: %s", ctime((time_t*)&p->started.tv_sec));
+    tmp_t = p->started.tv_sec;
+    erts_print(to, to_arg, "Started: %s", ctime(&tmp_t));
     ERTS_SMP_MSGQ_MV_INQ2PRIVQ(p);
     erts_print(to, to_arg, "Message queue length: %d\n", p->msg.len);
 
@@ -645,6 +646,9 @@ bin_check(void)
 void
 erl_crash_dump_v(char *file, int line, char* fmt, va_list args)
 {
+#ifdef ERTS_SMP
+    ErtsThrPrgrData tpd_buf; /* in case we aren't a managed thread... */
+#endif
     int fd;
     time_t now;
     size_t dumpnamebufsize = MAXPATHLEN;
@@ -662,7 +666,7 @@ erl_crash_dump_v(char *file, int line, char* fmt, va_list args)
      * We do not release system again. We expect an exit() or abort() after
      * dump has been written.
      */
-    erts_thr_progress_fatal_error_block(60000);
+    erts_thr_progress_fatal_error_block(60000, &tpd_buf);
     /* Either worked or not... */
 
     /* Allow us to pass certain places without locking... */
diff --git a/erts/emulator/beam/dist.c b/erts/emulator/beam/dist.c
index 44c5ba1e26..bee61e7273 100644
--- a/erts/emulator/beam/dist.c
+++ b/erts/emulator/beam/dist.c
@@ -54,9 +54,9 @@
 #endif
 
 #if defined(ERTS_DIST_MSG_DBG) || defined(ERTS_RAW_DIST_MSG_DBG)
-static void bw(byte *buf, int sz)
+static void bw(byte *buf, ErlDrvSizeT sz)
 {
-    bin_write(ERTS_PRINT_STDERR,NULL,buf,sz);
+    bin_write(ERTS_PRINT_STDERR, NULL, buf, sz);
 }
 #endif
 
@@ -536,7 +536,7 @@ alloc_dist_obuf(Uint size)
     Binary *bin = erts_bin_drv_alloc(obuf_size);
     bin->flags = BIN_FLAG_DRV;
     erts_refc_init(&bin->refc, 1);
-    bin->orig_size = (long) obuf_size;
+    bin->orig_size = (SWord) obuf_size;
     obuf = (ErtsDistOutputBuf *) &bin->orig_bytes[0];
 #ifdef DEBUG
     obuf->dbg_pattern = ERTS_DIST_OUTPUT_BUF_DBG_PATTERN;
@@ -897,9 +897,9 @@ erts_dsig_send_group_leader(ErtsDSigData *dsdp, Eterm leader, Eterm remote)
 int erts_net_message(Port *prt,
 		     DistEntry *dep,
 		     byte *hbuf,
-		     int hlen,
+		     ErlDrvSizeT hlen,
 		     byte *buf,
-		     int len)
+		     ErlDrvSizeT len)
 {
 #define DIST_CTL_DEFAULT_SIZE 64
     ErtsDistExternal ede;
@@ -924,7 +924,7 @@ int erts_net_message(Port *prt,
     Uint tuple_arity;
     int res;
 #ifdef ERTS_DIST_MSG_DBG
-    int orig_len = len;
+    ErlDrvSizeT orig_len = len;
 #endif
 
     UseTmpHeapNoproc(DIST_CTL_DEFAULT_SIZE);
@@ -940,7 +940,7 @@ int erts_net_message(Port *prt,
 	UnUseTmpHeapNoproc(DIST_CTL_DEFAULT_SIZE);
 	return 0;
     }
-    if (hlen > 0)
+    if (hlen != 0)
 	goto data_error;
     if (len == 0) {  /* HANDLE TICK !!! */
 	UnUseTmpHeapNoproc(DIST_CTL_DEFAULT_SIZE);
diff --git a/erts/emulator/beam/erl_alloc.c b/erts/emulator/beam/erl_alloc.c
index 140a84d5fc..df27186680 100644
--- a/erts/emulator/beam/erl_alloc.c
+++ b/erts/emulator/beam/erl_alloc.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2002-2011. All Rights Reserved.
+ * Copyright Ericsson AB 2002-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -1095,7 +1095,7 @@ get_kb_value(char *param_end, char** argv, int* ip)
     char *param = argv[*ip]+1;
     char *value = get_value(param_end, argv, ip);
     errno = 0;
-    tmp = (Sint) strtol(value, &rest, 10);
+    tmp = (Sint) ErtsStrToSint(value, &rest, 10);
     if (errno != 0 || rest == value || tmp < 0 || max < ((Uint) tmp))
 	bad_value(param, param_end, value);
     if (max == (Uint) tmp)
@@ -1112,7 +1112,7 @@ get_byte_value(char *param_end, char** argv, int* ip)
     char *param = argv[*ip]+1;
     char *value = get_value(param_end, argv, ip);
     errno = 0;
-    tmp = (Sint) strtol(value, &rest, 10);
+    tmp = (Sint) ErtsStrToSint(value, &rest, 10);
     if (errno != 0 || rest == value || tmp < 0)
 	bad_value(param, param_end, value);
     return (Uint) tmp;
@@ -1126,7 +1126,7 @@ get_amount_value(char *param_end, char** argv, int* ip)
     char *param = argv[*ip]+1;
     char *value = get_value(param_end, argv, ip);
     errno = 0;
-    tmp = (Sint) strtol(value, &rest, 10);
+    tmp = (Sint) ErtsStrToSint(value, &rest, 10);
     if (errno != 0 || rest == value || tmp < 0)
 	bad_value(param, param_end, value);
     return (Uint) tmp;
@@ -1577,9 +1577,11 @@ erts_alloc_register_scheduler(void *vesdp)
     }
 }
 
+#ifdef ERTS_SMP
 void
 erts_alloc_scheduler_handle_delayed_dealloc(void *vesdp,
 					    int *need_thr_progress,
+					    ErtsThrPrgrVal *thr_prgr_p,
 					    int *more_work)
 {
     ErtsSchedulerData *esdp = (ErtsSchedulerData *) vesdp;
@@ -1599,10 +1601,12 @@ erts_alloc_scheduler_handle_delayed_dealloc(void *vesdp,
 	    erts_alcu_check_delayed_dealloc(allctr,
 					    1,
 					    need_thr_progress,
+					    thr_prgr_p,
 					    more_work);
 	}
     }
 }
+#endif
 
 erts_aint32_t
 erts_alloc_fix_alloc_shrink(int ix, erts_aint32_t flgs)
@@ -2877,8 +2881,9 @@ reply_alloc_info(void *vair)
 					      ainfo);
 			ainfo = erts_bld_tuple(hpp, szp, 2,
 					       erts_bld_atom(hpp, szp,
-							     "otps"),
+							     "options"),
 					       ainfo);
+			ainfo = erts_bld_cons(hpp, szp,ainfo,NIL);
 		    }
 		    ainfo = erts_bld_tuple(hpp, szp, 3,
 					   alloc_atom,
@@ -3117,10 +3122,10 @@ void *safe_realloc(void *ptr, Uint sz)
 \*                                                                           */
 #define ERTS_ALC_TEST_ABORT erl_exit(ERTS_ABORT_EXIT, "%s:%d: Internal error\n")
 
-unsigned long erts_alc_test(unsigned long op,
-			    unsigned long a1,
-			    unsigned long a2,
-			    unsigned long a3)
+UWord erts_alc_test(UWord op,
+			    UWord a1,
+			    UWord a2,
+			    UWord a3)
 {
     switch (op >> 8) {
     case 0x0:	return erts_alcu_test(op,  a1, a2);
@@ -3134,24 +3139,24 @@ unsigned long erts_alc_test(unsigned long op,
 	case 0xf00:
 #ifdef USE_THREADS
 	    if (((Allctr_t *) a1)->thread_safe)
-		return (unsigned long) erts_alcu_alloc_ts(ERTS_ALC_T_UNDEF,
+		return (UWord) erts_alcu_alloc_ts(ERTS_ALC_T_UNDEF,
 							  (void *) a1,
 							  (Uint) a2);
 	    else
 #endif
-		return (unsigned long) erts_alcu_alloc(ERTS_ALC_T_UNDEF,
+		return (UWord) erts_alcu_alloc(ERTS_ALC_T_UNDEF,
 						       (void *) a1,
 						       (Uint) a2);
 	case 0xf01:
 #ifdef USE_THREADS
 	    if (((Allctr_t *) a1)->thread_safe)
-		return (unsigned long) erts_alcu_realloc_ts(ERTS_ALC_T_UNDEF,
+		return (UWord) erts_alcu_realloc_ts(ERTS_ALC_T_UNDEF,
 							    (void *) a1,
 							    (void *) a2,
 							    (Uint) a3);
 	    else
 #endif
-		return (unsigned long) erts_alcu_realloc(ERTS_ALC_T_UNDEF,
+		return (UWord) erts_alcu_realloc(ERTS_ALC_T_UNDEF,
 							 (void *) a1,
 							 (void *) a2,
 							 (Uint) a3);
@@ -3181,7 +3186,7 @@ unsigned long erts_alc_test(unsigned long op,
 		    if (argv[i][0] == '-' && argv[i][1] == 't')
 			handle_au_arg(&init, &argv[i][2], argv, &i);
 		    else
-			return (unsigned long) NULL;
+			return (UWord) NULL;
 		    i++;
 		}
 	    }
@@ -3222,25 +3227,25 @@ unsigned long erts_alc_test(unsigned long op,
 		break;
 	    }
 
-	    return (unsigned long) allctr;
+	    return (UWord) allctr;
 	}
 	case 0xf04:
 	    erts_alcu_stop((Allctr_t *) a1);
 	    erts_free(ERTS_ALC_T_UNDEF, (void *) a1);
 	    break;
 #ifdef USE_THREADS
-	case 0xf05: return (unsigned long) 1;
-	case 0xf06: return (unsigned long) ((Allctr_t *) a1)->thread_safe;
+	case 0xf05: return (UWord) 1;
+	case 0xf06: return (UWord) ((Allctr_t *) a1)->thread_safe;
 #ifdef ETHR_NO_FORKSAFETY
-	case 0xf07: return (unsigned long) 0;
+	case 0xf07: return (UWord) 0;
 #else
-	case 0xf07: return (unsigned long) ((Allctr_t *) a1)->thread_safe;
+	case 0xf07: return (UWord) ((Allctr_t *) a1)->thread_safe;
 #endif
 	case 0xf08: {
 	    ethr_mutex *mtx = erts_alloc(ERTS_ALC_T_UNDEF, sizeof(ethr_mutex));
 	    if (ethr_mutex_init(mtx) != 0)
 		ERTS_ALC_TEST_ABORT;
-	    return (unsigned long) mtx;
+	    return (UWord) mtx;
 	}
 	case 0xf09: {
 	    ethr_mutex *mtx = (ethr_mutex *) a1;
@@ -3259,7 +3264,7 @@ unsigned long erts_alc_test(unsigned long op,
 	    ethr_cond *cnd = erts_alloc(ERTS_ALC_T_UNDEF, sizeof(ethr_cond));
 	    if (ethr_cond_init(cnd) != 0)
 		ERTS_ALC_TEST_ABORT;
-	    return (unsigned long) cnd;
+	    return (UWord) cnd;
 	}
 	case 0xf0d: {
 	    ethr_cond *cnd = (ethr_cond *) a1;
@@ -3285,7 +3290,7 @@ unsigned long erts_alc_test(unsigned long op,
 				(void *) a2,
 				NULL) != 0)
 		ERTS_ALC_TEST_ABORT;
-	    return (unsigned long) tid;
+	    return (UWord) tid;
 	}
 	case 0xf11: {
 	    ethr_tid *tid = (ethr_tid *) a1;
@@ -3302,13 +3307,13 @@ unsigned long erts_alc_test(unsigned long op,
 	default:
 	    break;
 	}
-	return (unsigned long) 0;
+	return (UWord) 0;
     default:
 	break;
     }
 
     ASSERT(0);
-    return ~((unsigned long) 0);
+    return ~((UWord) 0);
 }
 
 #ifdef DEBUG
@@ -3544,7 +3549,7 @@ check_memory_fence(void *ptr, Uint *size, ErtsAlcType_t n, int func)
 	    erl_exit(ERTS_ABORT_EXIT,
 		     "ERROR: Fence at beginning of memory block (p=0x%u) "
 		     "clobbered.\n",
-		     (unsigned long) ptr);
+		     (UWord) ptr);
     }
 
     memcpy((void *) &post_pattern, (void *) (((char *)ptr)+sz), sizeof(UWord));
@@ -3561,12 +3566,12 @@ check_memory_fence(void *ptr, Uint *size, ErtsAlcType_t n, int func)
 	    erl_exit(ERTS_ABORT_EXIT,
 		     "ERROR: Fence at end of memory block (p=0x%u, sz=%u) "
 		     "clobbered.\n",
-		     (unsigned long) ptr, (unsigned long) sz);
+		     (UWord) ptr, (UWord) sz);
 	if (found_type != GET_TYPE_OF_PATTERN(post_pattern))
 	    erl_exit(ERTS_ABORT_EXIT,
 		     "ERROR: Fence around memory block (p=0x%u, sz=%u) "
 		     "clobbered.\n",
-		     (unsigned long) ptr, (unsigned long) sz);
+		     (UWord) ptr, (UWord) sz);
 
 	ftype = type_no_str(found_type);
 	if (!ftype) {
@@ -3589,7 +3594,7 @@ check_memory_fence(void *ptr, Uint *size, ErtsAlcType_t n, int func)
 	erl_exit(ERTS_ABORT_EXIT,
 		 "ERROR: Memory block (p=0x%u, sz=%u) allocated as type \"%s\","
 		 " but %s as type \"%s\".\n",
-		 (unsigned long) ptr, (unsigned long) sz, ftype, op_str, otype);
+		 (UWord) ptr, (UWord) sz, ftype, op_str, otype);
     }
 
 #ifdef HARD_DEBUG
diff --git a/erts/emulator/beam/erl_alloc.h b/erts/emulator/beam/erl_alloc.h
index f4133cdb1a..e475f9d8a2 100644
--- a/erts/emulator/beam/erl_alloc.h
+++ b/erts/emulator/beam/erl_alloc.h
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2002-2011. All Rights Reserved.
+ * Copyright Ericsson AB 2002-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -21,6 +21,10 @@
 #define ERL_ALLOC_H__
 
 #include "erl_alloc_types.h"
+#undef ERL_THR_PROGRESS_TSD_TYPE_ONLY
+#define ERL_THR_PROGRESS_TSD_TYPE_ONLY
+#include "erl_thr_progress.h"
+#undef ERL_THR_PROGRESS_TSD_TYPE_ONLY
 #include "erl_alloc_util.h"
 #ifdef USE_THREADS
 #include "erl_threads.h"
@@ -80,10 +84,10 @@ void erts_alloc_late_init(void);
 
 #if defined(GET_ERTS_ALC_TEST) || defined(ERTS_ALC_INTERNAL__)
 /* Only for testing */
-unsigned long erts_alc_test(unsigned long,
-			    unsigned long,
-			    unsigned long,
-			    unsigned long);
+UWord erts_alc_test(UWord,
+		    UWord,
+		    UWord,
+		    UWord);
 #endif
 
 #define ERTS_ALC_O_ALLOC		0
@@ -132,9 +136,12 @@ typedef struct {
 extern ErtsAllocatorThrSpec_t erts_allctr_thr_spec[ERTS_ALC_A_MAX+1];
 
 void erts_alloc_register_scheduler(void *vesdp);
+#ifdef ERTS_SMP
 void erts_alloc_scheduler_handle_delayed_dealloc(void *vesdp,
 						 int *need_thr_progress,
+						 ErtsThrPrgrVal *thr_prgr_p,
 						 int *more_work);
+#endif
 erts_aint32_t erts_alloc_fix_alloc_shrink(int ix, erts_aint32_t flgs);
 
 __decl_noreturn void erts_alloc_enomem(ErtsAlcType_t,Uint)		
diff --git a/erts/emulator/beam/erl_alloc.types b/erts/emulator/beam/erl_alloc.types
index 962db8b831..90a6c0cbee 100644
--- a/erts/emulator/beam/erl_alloc.types
+++ b/erts/emulator/beam/erl_alloc.types
@@ -367,6 +367,7 @@ type	EXPORT		LONG_LIVED_LOW	CODE		export_entry
 type	MONITOR_SH	STANDARD_LOW	PROCESSES	monitor_sh
 type	NLINK_SH	STANDARD_LOW	PROCESSES	nlink_sh
 type	AINFO_REQ	STANDARD_LOW	SYSTEM		alloc_info_request
+type	SCHED_WTIME_REQ	STANDARD_LOW	SYSTEM		sched_wall_time_request
 
 +else # "fullword"
 
@@ -383,6 +384,7 @@ type	EXPORT		LONG_LIVED	CODE		export_entry
 type	MONITOR_SH	FIXED_SIZE	PROCESSES	monitor_sh
 type	NLINK_SH	FIXED_SIZE	PROCESSES	nlink_sh
 type	AINFO_REQ	SHORT_LIVED	SYSTEM		alloc_info_request
+type	SCHED_WTIME_REQ	SHORT_LIVED	SYSTEM		sched_wall_time_request
 
 +endif
 
diff --git a/erts/emulator/beam/erl_alloc_util.c b/erts/emulator/beam/erl_alloc_util.c
index af386c9197..e0d525bdde 100644
--- a/erts/emulator/beam/erl_alloc_util.c
+++ b/erts/emulator/beam/erl_alloc_util.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2002-2011. All Rights Reserved.
+ * Copyright Ericsson AB 2002-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -949,7 +949,6 @@ ddq_check_incoming(ErtsAllctrDDQueue_t *ddq)
 		ERTS_THR_MEMORY_BARRIER;
 	    else {
 		ddq->head.next.unref_end = (ErtsAllctrDDBlock_t *) ilast;
-		ERTS_THR_MEMORY_BARRIER;
 		ddq->head.next.thr_progress = erts_thr_progress_later();
 		erts_atomic32_set_relb(&ddq->tail.data.um_refc_ix,
 				       um_refc_ix);
@@ -961,12 +960,24 @@ ddq_check_incoming(ErtsAllctrDDQueue_t *ddq)
     return 1;
 }
 
+static ERTS_INLINE void
+store_earliest_thr_prgr(ErtsThrPrgrVal *prev_val, ErtsAllctrDDQueue_t *ddq)
+{
+    if (!ddq->head.next.thr_progress_reached
+	&& (*prev_val == ERTS_THR_PRGR_INVALID
+	    || erts_thr_progress_cmp(ddq->head.next.thr_progress,
+				     *prev_val) < 0)) {
+	*prev_val = ddq->head.next.thr_progress;
+    }
+}
+
 static ERTS_INLINE int
 handle_delayed_dealloc(Allctr_t *allctr,
 		       int allctr_locked,
 		       int use_limit,
 		       int ops_limit,
 		       int *need_thr_progress,
+		       ErtsThrPrgrVal *thr_prgr_p,
 		       int *need_more_work)
 {
     int need_thr_prgr = 0;
@@ -1008,8 +1019,12 @@ handle_delayed_dealloc(Allctr_t *allctr,
 	    if (have_checked_incoming)
 		break;
 	    need_thr_prgr = ddq_check_incoming(ddq);
-	    if (need_thr_progress)
+	    if (need_thr_progress) {
 		*need_thr_progress |= need_thr_prgr;
+		if (need_thr_prgr)
+		    store_earliest_thr_prgr(thr_prgr_p, ddq);
+
+	    }
 	    have_checked_incoming = 1;
 	    goto dequeue;
 	}
@@ -1067,6 +1082,8 @@ handle_delayed_dealloc(Allctr_t *allctr,
     if (need_thr_progress && !(need_thr_prgr | need_mr_wrk)) {
 	need_thr_prgr = ddq_check_incoming(ddq);
 	*need_thr_progress |= need_thr_prgr;
+	if (need_thr_prgr)
+	    store_earliest_thr_prgr(thr_prgr_p, ddq);
     }
 
     if (allctr->thread_safe && !allctr_locked)
@@ -1086,25 +1103,27 @@ enqueue_dealloc_other_instance(ErtsAlcType_t type, Allctr_t *allctr, void *ptr)
 
 #endif
 
+#ifdef ERTS_SMP
 void
 erts_alcu_check_delayed_dealloc(Allctr_t *allctr,
 				int limit,
 				int *need_thr_progress,
+				ErtsThrPrgrVal *thr_prgr_p,
 				int *more_work)
 {
-#ifdef ERTS_SMP
     handle_delayed_dealloc(allctr,
 			   0,
 			   limit,
 			   ERTS_ALCU_DD_OPS_LIM_HIGH,
 			   need_thr_progress,
+			   thr_prgr_p,
 			   more_work);
-#endif
 }
+#endif
 
 #define ERTS_ALCU_HANDLE_DD_IN_OP(Allctr, Locked) \
     handle_delayed_dealloc((Allctr), (Locked), 1, \
-			 ERTS_ALCU_DD_OPS_LIM_LOW, NULL, NULL)
+			   ERTS_ALCU_DD_OPS_LIM_LOW, NULL, NULL, NULL)
 
 /* Multi block carrier alloc/realloc/free ... */
 
@@ -3014,9 +3033,7 @@ info_options(Allctr_t *allctr,
 	add_2tup(hpp, szp, &res, am.low, allctr->mseg_opt.low_mem ? am_true : am_false);
 #endif
 	add_2tup(hpp, szp, &res, am.ramv, allctr->ramv ? am_true : am_false);
-	add_2tup(hpp, szp, &res, am.t, (allctr->t
-					? bld_uint(hpp, szp, (Uint) allctr->t)
-					: am_false));
+	add_2tup(hpp, szp, &res, am.t, (allctr->t ? am_true : am_false));
 	add_2tup(hpp, szp, &res, am.e, am_true);
     }
 
@@ -3958,7 +3975,8 @@ realloc_thr_pref(ErtsAlcType_t type, void *extra, void *p, Uint size,
 		if (used_allctr->thread_safe && (!force_move
 						 || used_allctr != pref_allctr))
 		    erts_mtx_lock(&used_allctr->mutex);
-		ERTS_SMP_LC_ASSERT(erts_lc_mtx_is_locked(&used_allctr->mutex));
+		ERTS_SMP_LC_ASSERT(!used_allctr->thread_safe ||
+				   erts_lc_mtx_is_locked(&used_allctr->mutex));
 		cpy_size = BLK_SZ(blk);
 		if (used_allctr->thread_safe && (!force_move
 						 || used_allctr != pref_allctr))
diff --git a/erts/emulator/beam/erl_alloc_util.h b/erts/emulator/beam/erl_alloc_util.h
index df560a0de2..cedf4ccf85 100644
--- a/erts/emulator/beam/erl_alloc_util.h
+++ b/erts/emulator/beam/erl_alloc_util.h
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2002-2011. All Rights Reserved.
+ * Copyright Ericsson AB 2002-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -170,7 +170,9 @@ Eterm	erts_alcu_info(Allctr_t *, int, int *, void *, Uint **, Uint *);
 void	erts_alcu_init(AlcUInit_t *);
 void    erts_alcu_current_size(Allctr_t *, AllctrSize_t *,
 			       ErtsAlcUFixInfo_t *, int);
-void    erts_alcu_check_delayed_dealloc(Allctr_t *, int, int *, int *);
+#ifdef ERTS_SMP
+void    erts_alcu_check_delayed_dealloc(Allctr_t *, int, int *, ErtsThrPrgrVal *, int *);
+#endif
 erts_aint32_t erts_alcu_fix_alloc_shrink(Allctr_t *, erts_aint32_t);
 
 #endif
@@ -227,7 +229,7 @@ erts_aint32_t erts_alcu_fix_alloc_shrink(Allctr_t *, erts_aint32_t);
 
 extern int erts_have_sbmbc_alloc;
 
-typedef union {char c[8]; long l; double d;} Unit_t;
+typedef union {char c[ERTS_ALLOC_ALIGN_BYTES]; long l; double d;} Unit_t;
 
 typedef struct Carrier_t_ Carrier_t;
 struct Carrier_t_ {
diff --git a/erts/emulator/beam/erl_async.c b/erts/emulator/beam/erl_async.c
index 2dc7237f7c..8bca9ae582 100644
--- a/erts/emulator/beam/erl_async.c
+++ b/erts/emulator/beam/erl_async.c
@@ -304,8 +304,9 @@ static ERTS_INLINE ErtsAsync *async_get(ErtsThrQ_t *q,
 	    switch (erts_thr_q_inspect(q, 1)) {
 	    case ERTS_THR_Q_DIRTY:
 		break;
+	    case ERTS_THR_Q_NEED_THR_PRGR:
 #ifdef ERTS_SMP
-	    case ERTS_THR_Q_NEED_THR_PRGR: {
+	    {
 		ErtsThrPrgrVal prgr = erts_thr_q_need_thr_progress(q);
 		erts_thr_progress_wakeup(NULL, prgr);
 		/*
@@ -522,8 +523,8 @@ int erts_async_ready_clean(void *varq, void *val)
     switch (cstate) {
     case ERTS_THR_Q_DIRTY:
 	return ERTS_ASYNC_READY_DIRTY;
-#ifdef ERTS_SMP
     case ERTS_THR_Q_NEED_THR_PRGR:
+#ifdef ERTS_SMP
 	*((ErtsThrPrgrVal *) val)
 	    = erts_thr_q_need_thr_progress(&arq->thr_q);
 	return ERTS_ASYNC_READY_NEED_THR_PRGR;
diff --git a/erts/emulator/beam/erl_bif_binary.c b/erts/emulator/beam/erl_bif_binary.c
index 7e7bec9b87..cc4f2be8eb 100644
--- a/erts/emulator/beam/erl_bif_binary.c
+++ b/erts/emulator/beam/erl_bif_binary.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2010. All Rights Reserved.
+ * Copyright Ericsson AB 2010-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
diff --git a/erts/emulator/beam/erl_bif_ddll.c b/erts/emulator/beam/erl_bif_ddll.c
index b2d5722e9b..37d540b41b 100644
--- a/erts/emulator/beam/erl_bif_ddll.c
+++ b/erts/emulator/beam/erl_bif_ddll.c
@@ -1580,24 +1580,6 @@ static int do_load_driver_entry(DE_Handle *dh, char *path, char *name)
     }
 
     switch (dp->extended_marker) {
-    case 0:
-	/*
-	 * This may be an old driver that has been recompiled. If so,
-	 * at least the fields that existed in extended driver version
-	 * 1.0 should be zero. If not, a it is a bad driver. We cannot
-	 * be completely certain that this is a valid driver but this is
-	 * the best we can do with old drivers...
-	 */
-	if (dp->major_version != 0
-	    || dp->minor_version != 0
-	    || dp->driver_flags != 0
-	    || dp->handle2 != NULL
-	    || dp->process_exit != NULL) {
-	    /* Old driver; needs to be recompiled... */
-	    res = ERL_DE_LOAD_ERROR_INCORRECT_VERSION;
-	    goto error;
-	}
-	break;
     case ERL_DRV_EXTENDED_MARKER:
 	if (ERL_DRV_EXTENDED_MAJOR_VERSION != dp->major_version
 	    || ERL_DRV_EXTENDED_MINOR_VERSION < dp->minor_version) {
diff --git a/erts/emulator/beam/erl_bif_guard.c b/erts/emulator/beam/erl_bif_guard.c
index 01e6977a2c..a715756c15 100644
--- a/erts/emulator/beam/erl_bif_guard.c
+++ b/erts/emulator/beam/erl_bif_guard.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2006-2010. All Rights Reserved.
+ * Copyright Ericsson AB 2006-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -52,7 +52,7 @@ BIF_RETTYPE abs_1(BIF_ALIST_1)
     /* integer arguments */
     if (is_small(BIF_ARG_1)) {
 	i0 = signed_val(BIF_ARG_1);
-	i = labs(i0);
+	i = ERTS_SMALL_ABS(i0);
 	if (i0 == MIN_SMALL) {
 	    hp = HAlloc(BIF_P, BIG_UINT_HEAP_SIZE);
 	    BIF_RET(uint_to_big(i, hp));
@@ -467,7 +467,7 @@ Eterm erts_gc_abs_1(Process* p, Eterm* reg, Uint live)
     /* integer arguments */
     if (is_small(arg)) {
 	i0 = signed_val(arg);
-	i = labs(i0);
+	i = ERTS_SMALL_ABS(i0);
 	if (i0 == MIN_SMALL) {
 	    if (ERTS_NEED_GC(p, BIG_UINT_HEAP_SIZE)) {
 		erts_garbage_collect(p, BIG_UINT_HEAP_SIZE, reg, live+1);
diff --git a/erts/emulator/beam/erl_bif_info.c b/erts/emulator/beam/erl_bif_info.c
index a79feaebdb..ebd475f73a 100644
--- a/erts/emulator/beam/erl_bif_info.c
+++ b/erts/emulator/beam/erl_bif_info.c
@@ -57,6 +57,8 @@
 static Export* alloc_info_trap = NULL;
 static Export* alloc_sizes_trap = NULL;
 
+static Export *gather_sched_wall_time_res_trap;
+
 #define DECL_AM(S) Eterm AM_ ## S = am_atom_put(#S, sizeof(#S) - 1)
 
 /* Keep erts_system_version as a global variable for easy access from a core */
@@ -78,7 +80,6 @@ static char erts_system_version[] = ("Erlang " ERLANG_OTP_RELEASE
 #ifdef ERTS_SMP
 				     " [smp:%beu:%beu]"
 #endif
-				     " [rq:%beu]"
 #ifdef USE_THREADS
 				     " [async-threads:%d]"
 #endif
@@ -301,9 +302,7 @@ erts_print_system_version(int to, void *arg, Process *c_p)
 #endif
     return erts_print(to, arg, erts_system_version
 #ifdef ERTS_SMP
-		      , total, online, erts_no_run_queues
-#else
-		      , 1
+		      , total, online
 #endif
 #ifdef USE_THREADS
 		      , erts_async_max_threads
@@ -3183,7 +3182,12 @@ BIF_RETTYPE statistics_1(BIF_ALIST_1)
     Eterm res;
     Eterm* hp;
 
-    if (BIF_ARG_1 == am_context_switches) {
+    if (BIF_ARG_1 == am_scheduler_wall_time) {
+	res = erts_sched_wall_time_request(BIF_P, 0, 0);
+	if (is_non_value(res))
+	    BIF_RET(am_undefined);
+	BIF_TRAP1(gather_sched_wall_time_res_trap, BIF_P, res);
+    } else if (BIF_ARG_1 == am_context_switches) {
 	Eterm cs = erts_make_integer(erts_get_total_context_switches(), BIF_P);
 	hp = HAlloc(BIF_P, 3);
 	res = TUPLE2(hp, cs, SMALL_ZERO);
@@ -3230,7 +3234,7 @@ BIF_RETTYPE statistics_1(BIF_ALIST_1)
 	res = TUPLE2(hp, b1, b2); 
 	BIF_RET(res);
     } else if (BIF_ARG_1 == am_runtime) {
-	unsigned long u1, u2, dummy;
+	UWord u1, u2, dummy;
 	Eterm b1, b2;
 	elapsed_time_both(&u1,&dummy,&u2,&dummy);
 	b1 = erts_make_integer(u1,BIF_P);
@@ -4163,6 +4167,8 @@ erts_bif_info_init(void)
 
     alloc_info_trap = erts_export_put(am_erlang, am_alloc_info, 1);
     alloc_sizes_trap = erts_export_put(am_erlang, am_alloc_sizes, 1);
+    gather_sched_wall_time_res_trap
+	= erts_export_put(am_erlang, am_gather_sched_wall_time_result, 1);
     process_info_init();
     os_info_init();
 }
diff --git a/erts/emulator/beam/erl_bif_port.c b/erts/emulator/beam/erl_bif_port.c
index 6b8f1b21fd..cd423eb200 100644
--- a/erts/emulator/beam/erl_bif_port.c
+++ b/erts/emulator/beam/erl_bif_port.c
@@ -254,13 +254,13 @@ port_call(Process* c_p, Eterm arg1, Eterm arg2, Eterm arg3)
     Uint size;
     byte *bytes;
     byte *endp;
-    size_t real_size;
+    ErlDrvSizeT real_size;
     erts_driver_t *drv;
     byte port_input[256];	/* Default input buffer to encode in */
     byte port_result[256];	/* Buffer for result from port. */
     byte* port_resp;		/* Pointer to result buffer. */
     char *prc;
-    int ret;
+    ErlDrvSSizeT ret;
     Eterm res;
     Sint result_size;
     Eterm *hp;
@@ -366,9 +366,9 @@ port_call(Process* c_p, Eterm arg1, Eterm arg2, Eterm arg3)
     erts_smp_proc_lock(c_p, ERTS_PROC_LOCK_MAIN);
 #ifdef HARDDEBUG
     { 
-	int z;
-	printf("real_size = %ld,%d, ret = %d\r\n",real_size, 
-	       (int) real_size, ret);
+	ErlDrvSizeT z;
+	printf("real_size = %ld,%d, ret = %ld,%d\r\n", (unsigned long) real_size,
+	       (int) real_size, (unsigned long)ret, (int) ret);
 	printf("[");
 	for(z = 0; z < real_size; ++z) {
 	    printf("%d, ",(int) bytes[z]);
@@ -1077,7 +1077,7 @@ struct packet_callback_args
 };
 
 #define in_area(ptr,start,nbytes) \
-    ((unsigned long)((char*)(ptr) - (char*)(start)) < (nbytes))
+    ((UWord)((char*)(ptr) - (char*)(start)) < (nbytes))
 
 static Eterm
 http_bld_string(struct packet_callback_args* pca, Uint **hpp, Uint *szp,
diff --git a/erts/emulator/beam/erl_cpu_topology.c b/erts/emulator/beam/erl_cpu_topology.c
index 03c0ef904a..fe3693d0ca 100644
--- a/erts/emulator/beam/erl_cpu_topology.c
+++ b/erts/emulator/beam/erl_cpu_topology.c
@@ -486,10 +486,7 @@ erts_sched_check_cpu_bind_post_suspend(ErtsSchedulerData *esdp)
 	erts_thr_set_main_status(1, (int) esdp->no);
 
     /* Make sure we check if we should bind to a cpu or not... */
-    if (esdp->run_queue->flags & ERTS_RUNQ_FLG_SHARED_RUNQ)
-	erts_smp_atomic32_set_nob(&esdp->chk_cpu_bind, 1);
-    else
-	esdp->run_queue->flags |= ERTS_RUNQ_FLG_CHK_CPU_BIND;
+    esdp->run_queue->flags |= ERTS_RUNQ_FLG_CHK_CPU_BIND;
 }
 
 #endif
@@ -502,11 +499,7 @@ erts_sched_check_cpu_bind(ErtsSchedulerData *esdp)
     erts_cpu_groups_callback_list_t *cgcl;
     erts_cpu_groups_callback_call_t *cgcc;
 #ifdef ERTS_SMP
-    if (erts_common_run_queue)
-	erts_smp_atomic32_set_nob(&esdp->chk_cpu_bind, 0);
-    else {
-	esdp->run_queue->flags &= ~ERTS_RUNQ_FLG_CHK_CPU_BIND;
-    }
+    esdp->run_queue->flags &= ~ERTS_RUNQ_FLG_CHK_CPU_BIND;
 #endif
     erts_smp_runq_unlock(esdp->run_queue);
     erts_smp_rwmtx_rwlock(&cpuinfo_rwmtx);
@@ -1729,16 +1722,8 @@ erts_init_cpu_topology(void)
 	scheduler2cpu_map[ix].bound_id = -1;
     }
 
-    if (cpu_bind_order == ERTS_CPU_BIND_UNDEFINED) {
-	int ncpus = erts_get_cpu_configured(cpuinfo);
-	if (ncpus < 1 || erts_no_schedulers < ncpus)
-	    cpu_bind_order = ERTS_CPU_BIND_NONE;
-	else
-	    cpu_bind_order = ((system_cpudata || user_cpudata)
-			      && (erts_bind_to_cpu(cpuinfo, -1) != -ENOTSUP)
-			      ? ERTS_CPU_BIND_DEFAULT_BIND
-			      : ERTS_CPU_BIND_NONE);
-    }
+    if (cpu_bind_order == ERTS_CPU_BIND_UNDEFINED)
+	cpu_bind_order = ERTS_CPU_BIND_NONE;
 
     reader_groups_map = add_cpu_groups(reader_groups,
 				       reader_groups_callback,
diff --git a/erts/emulator/beam/erl_db.c b/erts/emulator/beam/erl_db.c
index 38b4a2d460..51bdf53823 100644
--- a/erts/emulator/beam/erl_db.c
+++ b/erts/emulator/beam/erl_db.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 1996-2011. All Rights Reserved.
+ * Copyright Ericsson AB 1996-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -251,7 +251,7 @@ free_dbtable(DbTable* tb)
 	ASSERT(is_immed(tb->common.heir_data));
 	erts_db_free(ERTS_ALC_T_DB_TABLE, tb, (void *) tb, sizeof(DbTable));
 	ERTS_ETS_MISC_MEM_ADD(-sizeof(DbTable));
-	ERTS_THR_MEMORY_BARRIER;
+	ERTS_SMP_MEMORY_BARRIER;
 }
 
 #ifdef ERTS_SMP
@@ -2853,10 +2853,10 @@ void init_db(void)
     bits = erts_fit_in_bits(db_max_tabs-1);
     if (bits > SMALL_BITS) {
 	erl_exit(1,"Max limit for ets tabled too high %u (max %u).",
-		 db_max_tabs, 1L<<SMALL_BITS);
+		 db_max_tabs, ((Uint)1)<<SMALL_BITS);
     }
-    meta_main_tab_slot_mask = (1L<<bits) - 1;
-    meta_main_tab_seq_incr = (1L<<bits);
+    meta_main_tab_slot_mask = (((Uint)1)<<bits) - 1;
+    meta_main_tab_seq_incr = (((Uint)1)<<bits);
 
     size = sizeof(*meta_main_tab)*db_max_tabs;
     meta_main_tab = erts_db_alloc_nt(ERTS_ALC_T_DB_TABLES, size);
@@ -2869,7 +2869,7 @@ void init_db(void)
     SET_NEXT_FREE_SLOT(db_max_tabs-1, (Uint)-1);
     meta_main_tab_first_free = 0;
 
-    meta_name_tab_mask = (1L<<(bits-1)) - 1; /* At least half the size of main tab */
+    meta_name_tab_mask = (((Uint) 1)<<(bits-1)) - 1; /* At least half the size of main tab */
     size = sizeof(struct meta_name_tab_entry)*(meta_name_tab_mask+1);
     meta_name_tab = erts_db_alloc_nt(ERTS_ALC_T_DB_TABLES, size);
     ERTS_ETS_MISC_MEM_ADD(size);
@@ -3816,7 +3816,7 @@ void db_info(int to, void *to_arg, int show)    /* Called by break handler */
 Uint
 erts_get_ets_misc_mem_size(void)
 {
-    ERTS_THR_MEMORY_BARRIER;
+    ERTS_SMP_MEMORY_BARRIER;
     /* Memory not allocated in ets_alloc */
     return (Uint) erts_smp_atomic_read_nob(&erts_ets_misc_mem_size);
 }
diff --git a/erts/emulator/beam/erl_db_hash.c b/erts/emulator/beam/erl_db_hash.c
index 038a667b06..c726be5fb4 100644
--- a/erts/emulator/beam/erl_db_hash.c
+++ b/erts/emulator/beam/erl_db_hash.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 1998-2011. All Rights Reserved.
+ * Copyright Ericsson AB 1998-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -105,11 +105,7 @@
 #define NSEG_2   256 /* Size of second segment table */
 #define NSEG_INC 128 /* Number of segments to grow after that */
 
-#ifdef ETHR_ORDERED_READ_DEPEND
-#define SEGTAB(tb) ((struct segment**)erts_smp_atomic_read_nob(&(tb)->segtab))
-#else
-#define SEGTAB(tb) ((struct segment**)erts_smp_atomic_read_rb(&(tb)->segtab))
-#endif
+#define SEGTAB(tb) ((struct segment**)erts_smp_atomic_read_ddrb(&(tb)->segtab))
 #define NACTIVE(tb) ((int)erts_smp_atomic_read_nob(&(tb)->nactive))
 #define NITEMS(tb) ((int)erts_smp_atomic_read_nob(&(tb)->common.nitems))
 
diff --git a/erts/emulator/beam/erl_db_hash.h b/erts/emulator/beam/erl_db_hash.h
index 23ac493118..cddd8dfadd 100644
--- a/erts/emulator/beam/erl_db_hash.h
+++ b/erts/emulator/beam/erl_db_hash.h
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 1998-2009. All Rights Reserved.
+ * Copyright Ericsson AB 1998-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
diff --git a/erts/emulator/beam/erl_debug.h b/erts/emulator/beam/erl_debug.h
index bdfbaddbbf..c49354a2b3 100644
--- a/erts/emulator/beam/erl_debug.h
+++ b/erts/emulator/beam/erl_debug.h
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2004-2010. All Rights Reserved.
+ * Copyright Ericsson AB 2004-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -51,7 +51,7 @@
 
 extern Uint32 verbose;
 
-void upp(byte*, int);
+void upp(byte*, size_t);
 void pat(Eterm);
 void pinfo(void);
 void pp(Process*);
diff --git a/erts/emulator/beam/erl_driver.h b/erts/emulator/beam/erl_driver.h
index ae0c9def90..7510f6b724 100644
--- a/erts/emulator/beam/erl_driver.h
+++ b/erts/emulator/beam/erl_driver.h
@@ -85,6 +85,7 @@
 #include "erl_drv_nif.h"
 
 #include <stdlib.h>
+#include <string.h>		/* ssize_t on Mac OS X */
 
 #if defined(VXWORKS)
 #  include <ioLib.h>
@@ -134,8 +135,8 @@ typedef struct {
 #define DO_WRITE ERL_DRV_WRITE
 
 #define ERL_DRV_EXTENDED_MARKER		(0xfeeeeeed)
-#define ERL_DRV_EXTENDED_MAJOR_VERSION	1
-#define ERL_DRV_EXTENDED_MINOR_VERSION	5
+#define ERL_DRV_EXTENDED_MAJOR_VERSION	2
+#define ERL_DRV_EXTENDED_MINOR_VERSION	0
 
 /*
  * The emulator will refuse to load a driver with different major
@@ -160,10 +161,15 @@ typedef struct {
 /*
  * Integer types
  */
-
+#if  defined(__WIN32__) && (SIZEOF_VOID_P == 8)
+typedef unsigned __int64 ErlDrvTermData;
+typedef unsigned __int64 ErlDrvUInt;
+typedef signed __int64 ErlDrvSInt;
+#else
 typedef unsigned long ErlDrvTermData;
 typedef unsigned long ErlDrvUInt;
 typedef signed long ErlDrvSInt;
+#endif
 
 #if defined(__WIN32__)
 typedef unsigned __int64 ErlDrvUInt64;
@@ -178,13 +184,21 @@ typedef long long ErlDrvSInt64;
 #error No 64-bit integer type
 #endif
 
+#if defined(__WIN32__)
+typedef ErlDrvUInt ErlDrvSizeT;
+typedef ErlDrvSInt ErlDrvSSizeT;
+#else
+typedef size_t ErlDrvSizeT;
+typedef ssize_t ErlDrvSSizeT;
+#endif
+
 /*
  * A binary as seen in a driver. Note that a binary should never be
  * altered by the driver when it has been sent to Erlang.
  */
 
 typedef struct erl_drv_binary {
-    long orig_size;        /* total length of binary */
+    ErlDrvSInt orig_size;        /* total length of binary */
     char orig_bytes[1];   /* the data (char instead of byte!) */
 } ErlDrvBinary;
 
@@ -244,7 +258,7 @@ typedef struct {
 
 typedef struct erl_io_vec {
     int vsize;			/* length of vectors */
-    int size;			/* total size in bytes */
+    ErlDrvSizeT size;		/* total size in bytes */
     SysIOVec* iov;
     ErlDrvBinary** binv;
 } ErlIOVec;
@@ -285,8 +299,8 @@ typedef struct erl_drv_entry {
     void (*stop)(ErlDrvData drv_data);
                                 /* called when port is closed, and when the
 				   emulator is halted. */
-    void (*output)(ErlDrvData drv_data, char *buf, int len);
-				/* called when we have output from erlang to 
+    void (*output)(ErlDrvData drv_data, char *buf, ErlDrvSizeT len);
+				/* called when we have output from erlang to
 				   the port */
     void (*ready_input)(ErlDrvData drv_data, ErlDrvEvent event); 
 				/* called when we have input from one of 
@@ -299,10 +313,10 @@ typedef struct erl_drv_entry {
     void (*finish)(void);        /* called before unloading the driver -
 				   DYNAMIC DRIVERS ONLY */
     void *handle;		/* Reserved -- Used by emulator internally */
-    int (*control)(ErlDrvData drv_data, unsigned int command, char *buf, 
-		   int len, char **rbuf, int rlen); 
-				/* "ioctl" for drivers - invoked by 
-				   port_control/3 */
+    ErlDrvSSizeT (*control)(ErlDrvData drv_data, unsigned int command,
+			    char *buf, ErlDrvSizeT len, char **rbuf,
+			    ErlDrvSizeT rlen); /* "ioctl" for drivers - invoked by
+						  port_control/3 */
     void (*timeout)(ErlDrvData drv_data);	/* Handling of timeout in driver */
     void (*outputv)(ErlDrvData drv_data, ErlIOVec *ev);
 				/* called when we have output from erlang
@@ -313,10 +327,12 @@ typedef struct erl_drv_entry {
 				   closed, and there is data in the 
 				   driver queue that needs to be flushed
 				   before 'stop' can be called */
-    int (*call)(ErlDrvData drv_data, unsigned int command, char *buf, 
-		   int len, char **rbuf, int rlen, unsigned int *flags); 
-                                /* Works mostly like 'control', a synchronous
-				   call into the driver. */
+    ErlDrvSSizeT (*call)(ErlDrvData drv_data,
+			 unsigned int command, char *buf, ErlDrvSizeT len,
+			 char **rbuf, ErlDrvSizeT rlen,
+			 unsigned int *flags); /* Works mostly like 'control',
+						  a synchronous
+						  call into the driver. */
     void (*event)(ErlDrvData drv_data, ErlDrvEvent event,
 		  ErlDrvEventData event_data);
                                 /* Called when an event selected by 
@@ -355,11 +371,17 @@ typedef struct erl_drv_entry {
 #ifndef ERL_DRIVER_TYPES_ONLY
 
 #if defined(VXWORKS)
-#  define DRIVER_INIT(DRIVER_NAME) ErlDrvEntry* DRIVER_NAME  ## _init(void)
+#  define DRIVER_INIT(DRIVER_NAME) \
+    ErlDrvEntry* DRIVER_NAME  ## _init(void); \
+    ErlDrvEntry* DRIVER_NAME  ## _init(void)
 #elif defined(__WIN32__)
-#  define DRIVER_INIT(DRIVER_NAME) __declspec(dllexport) ErlDrvEntry* driver_init(void)
+#  define DRIVER_INIT(DRIVER_NAME) \
+    __declspec(dllexport) ErlDrvEntry* driver_init(void); \
+    __declspec(dllexport) ErlDrvEntry* driver_init(void)
 #else 
-#  define DRIVER_INIT(DRIVER_NAME) ErlDrvEntry* driver_init(void)
+#  define DRIVER_INIT(DRIVER_NAME) \
+    ErlDrvEntry* driver_init(void); \
+    ErlDrvEntry* driver_init(void)
 #endif
 
 /*
@@ -368,14 +390,16 @@ typedef struct erl_drv_entry {
 EXTERN int driver_select(ErlDrvPort port, ErlDrvEvent event, int mode, int on);
 EXTERN int driver_event(ErlDrvPort port, ErlDrvEvent event, 
 			ErlDrvEventData event_data);
-EXTERN int driver_output(ErlDrvPort port, char *buf, int len);
-EXTERN int driver_output2(ErlDrvPort port, char *hbuf, int hlen, 
-			  char *buf, int len);
-EXTERN int driver_output_binary(ErlDrvPort port, char *hbuf, int hlen,
-				ErlDrvBinary* bin, int offset, int len);
-EXTERN int driver_outputv(ErlDrvPort port, char* hbuf, int hlen, ErlIOVec *ev,
-			  int skip);
-EXTERN int driver_vec_to_buf(ErlIOVec *ev, char *buf, int len);
+
+EXTERN int driver_output(ErlDrvPort port, char *buf, ErlDrvSizeT len);
+EXTERN int driver_output2(ErlDrvPort port, char *hbuf, ErlDrvSizeT hlen,
+			  char *buf, ErlDrvSizeT len);
+EXTERN int driver_output_binary(ErlDrvPort port, char *hbuf, ErlDrvSizeT hlen,
+				ErlDrvBinary* bin,
+				ErlDrvSizeT offset, ErlDrvSizeT len);
+EXTERN int driver_outputv(ErlDrvPort port, char* hbuf, ErlDrvSizeT hlen,
+			  ErlIOVec *ev, ErlDrvSizeT skip);
+EXTERN ErlDrvSizeT driver_vec_to_buf(ErlIOVec *ev, char *buf, ErlDrvSizeT len);
 EXTERN int driver_set_timer(ErlDrvPort port, unsigned long time);
 EXTERN int driver_cancel_timer(ErlDrvPort port);
 EXTERN int driver_read_timer(ErlDrvPort port, unsigned long *time_left);
@@ -436,8 +460,8 @@ EXTERN int  get_port_flags(ErlDrvPort port);
  * since the binary is a shared object it MUST be written once.
  */
 
-EXTERN ErlDrvBinary* driver_alloc_binary(int size);
-EXTERN ErlDrvBinary* driver_realloc_binary(ErlDrvBinary *bin, int size);
+EXTERN ErlDrvBinary* driver_alloc_binary(ErlDrvSizeT size);
+EXTERN ErlDrvBinary* driver_realloc_binary(ErlDrvBinary *bin, ErlDrvSizeT size);
 EXTERN void driver_free_binary(ErlDrvBinary *bin);
 
 /* Referenc count on driver binaries */
@@ -446,24 +470,24 @@ EXTERN ErlDrvSInt driver_binary_inc_refc(ErlDrvBinary *dbp);
 EXTERN ErlDrvSInt driver_binary_dec_refc(ErlDrvBinary *dbp);
 
 /* Allocation interface */
-EXTERN void *driver_alloc(size_t size);
-EXTERN void *driver_realloc(void *ptr, size_t size);
+EXTERN void *driver_alloc(ErlDrvSizeT size);
+EXTERN void *driver_realloc(void *ptr, ErlDrvSizeT size);
 EXTERN void driver_free(void *ptr);
 
 /* Queue interface */
-EXTERN int driver_enq(ErlDrvPort port, char* buf, int len);
-EXTERN int driver_pushq(ErlDrvPort port, char* buf, int len);
-EXTERN int driver_deq(ErlDrvPort port, int size);
-EXTERN int driver_sizeq(ErlDrvPort port);
-EXTERN int driver_enq_bin(ErlDrvPort port, ErlDrvBinary *bin, int offset, 
-			  int len);
-EXTERN int driver_pushq_bin(ErlDrvPort port, ErlDrvBinary *bin, int offset,
-			    int len);
-
-EXTERN int driver_peekqv(ErlDrvPort port, ErlIOVec *ev);
+EXTERN int driver_enq(ErlDrvPort port, char* buf, ErlDrvSizeT len);
+EXTERN int driver_pushq(ErlDrvPort port, char* buf, ErlDrvSizeT len);
+EXTERN ErlDrvSizeT driver_deq(ErlDrvPort port, ErlDrvSizeT size);
+EXTERN ErlDrvSizeT driver_sizeq(ErlDrvPort port);
+EXTERN int driver_enq_bin(ErlDrvPort port, ErlDrvBinary *bin, ErlDrvSizeT offset,
+			  ErlDrvSizeT len);
+EXTERN int driver_pushq_bin(ErlDrvPort port, ErlDrvBinary *bin, ErlDrvSizeT offset,
+			    ErlDrvSizeT len);
+
+EXTERN ErlDrvSizeT driver_peekqv(ErlDrvPort port, ErlIOVec *ev);
 EXTERN SysIOVec* driver_peekq(ErlDrvPort port, int *vlen);
-EXTERN int driver_enqv(ErlDrvPort port, ErlIOVec *ev, int skip);
-EXTERN int driver_pushqv(ErlDrvPort port, ErlIOVec *ev, int skip);
+EXTERN int driver_enqv(ErlDrvPort port, ErlIOVec *ev, ErlDrvSizeT skip);
+EXTERN int driver_pushqv(ErlDrvPort port, ErlIOVec *ev, ErlDrvSizeT skip);
 
 /*
  * Add and remove driver entries.
diff --git a/erts/emulator/beam/erl_gc.c b/erts/emulator/beam/erl_gc.c
index eb2b945877..bde87b8346 100644
--- a/erts/emulator/beam/erl_gc.c
+++ b/erts/emulator/beam/erl_gc.c
@@ -357,10 +357,11 @@ erts_garbage_collect(Process* p, int need, Eterm* objv, int nobj)
     erts_smp_proc_lock(p, ERTS_PROC_LOCK_STATUS);
     p->gcstatus = p->status;
     p->status = P_GARBING;
+    erts_smp_proc_unlock(p, ERTS_PROC_LOCK_STATUS);
+
     if (erts_system_monitor_long_gc != 0) {
 	get_now(&ms1, &s1, &us1);
     }
-    erts_smp_proc_unlock(p, ERTS_PROC_LOCK_STATUS);
 
     ERTS_CHK_OFFHEAP(p);
 
@@ -910,7 +911,18 @@ minor_collection(Process* p, int need, Eterm* objv, int nobj, Uint *recl)
  * XXX: WARNING: If HiPE starts storing other non-Erlang values on the
  * nstack, such as floats, then this will have to be changed.
  */
-#define offset_nstack(p,offs,area,area_size) offset_heap_ptr(hipe_nstack_start((p)),hipe_nstack_used((p)),(offs),(area),(area_size))
+static ERTS_INLINE void offset_nstack(Process* p, Sint offs,
+				      char* area, Uint area_size)
+{
+    if (p->hipe.nstack) {
+	ASSERT(p->hipe.nsp && p->hipe.nstend);
+	offset_heap_ptr(hipe_nstack_start(p), hipe_nstack_used(p),
+			offs, area, area_size);
+    }
+    else {
+	ASSERT(!p->hipe.nsp && !p->hipe.nstend);
+    }
+}
 
 #else /* !HIPE */
 
diff --git a/erts/emulator/beam/erl_gc.h b/erts/emulator/beam/erl_gc.h
index 807ef8ae8d..1801df359a 100644
--- a/erts/emulator/beam/erl_gc.h
+++ b/erts/emulator/beam/erl_gc.h
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2007-2010. All Rights Reserved.
+ * Copyright Ericsson AB 2007-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -62,7 +62,7 @@ do {									\
 } while(0)
 
 #define in_area(ptr,start,nbytes) \
- ((unsigned long)((char*)(ptr) - (char*)(start)) < (nbytes))
+ ((UWord)((char*)(ptr) - (char*)(start)) < (nbytes))
 
 extern Uint erts_test_long_gc_sleep;
 
diff --git a/erts/emulator/beam/erl_init.c b/erts/emulator/beam/erl_init.c
index 6c4ba2af68..717315d8bd 100644
--- a/erts/emulator/beam/erl_init.c
+++ b/erts/emulator/beam/erl_init.c
@@ -111,7 +111,6 @@ Eterm erts_error_logger_warnings; /* What to map warning logs to, am_error,
 
 int erts_compat_rel;
 
-static int use_multi_run_queue;
 static int no_schedulers;
 static int no_schedulers_online;
 
@@ -254,8 +253,7 @@ erl_init(int ncpu)
     erts_init_time();
     erts_init_sys_common_misc();
     erts_init_process(ncpu);
-    erts_init_scheduling(use_multi_run_queue,
-			 no_schedulers,
+    erts_init_scheduling(no_schedulers,
 			 no_schedulers_online);
     erts_init_cpu_topology(); /* Must be after init_scheduling */
     erts_alloc_late_init();
@@ -613,7 +611,6 @@ early_init(int *argc, char **argv) /*
     size_t envbufsz;
 
     erts_sched_compact_load = 1;
-    use_multi_run_queue = 1;
     erts_printf_eterm_func = erts_printf_term;
     erts_disable_tolerant_timeofday = 0;
     display_items = 200;
@@ -1257,12 +1254,8 @@ erl_start(int argc, char **argv)
 		    erts_usage();
 		}
 	    }
-	    else if (sys_strcmp("mrq", sub_param) == 0)
-		use_multi_run_queue = 1;
 	    else if (sys_strcmp("nsp", sub_param) == 0)
 		erts_use_sender_punish = 0;
-	    else if (sys_strcmp("srq", sub_param) == 0)
-		use_multi_run_queue = 0;
 	    else if (sys_strcmp("wt", sub_param) == 0) {
 		arg = get_arg(sub_param+2, argv[i+1], &i);
 		if (erts_sched_set_wakeup_limit(arg) != 0) {
diff --git a/erts/emulator/beam/erl_lock_check.c b/erts/emulator/beam/erl_lock_check.c
index 44da6b6c51..09e85893c3 100644
--- a/erts/emulator/beam/erl_lock_check.c
+++ b/erts/emulator/beam/erl_lock_check.c
@@ -173,7 +173,6 @@ static erts_lc_lock_order_t erts_lock_order[] = {
     {	"pix_lock",				"address"		},
     {	"run_queues_lists",			NULL			},
     {	"sched_stat",				NULL			},
-    {	"run_queue_sleep_list",			"address"		},
 #endif
     {	"async_init_mtx",			NULL			},
 #ifdef ERTS_SMP
@@ -1253,7 +1252,7 @@ erts_lc_init_lock(erts_lc_lock_t *lck, char *name, Uint16 flags)
 {
     lck->id = erts_lc_get_lock_order_id(name);
 
-    lck->extra = &lck->extra;
+    lck->extra = (UWord) &lck->extra;
     ASSERT(is_not_immed(lck->extra));
     lck->flags = flags;
     lck->inited = ERTS_LC_INITITALIZED;
diff --git a/erts/emulator/beam/erl_message.c b/erts/emulator/beam/erl_message.c
index 16be47d540..ab1ab7b1ea 100644
--- a/erts/emulator/beam/erl_message.c
+++ b/erts/emulator/beam/erl_message.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 1997-2010. All Rights Reserved.
+ * Copyright Ericsson AB 1997-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
diff --git a/erts/emulator/beam/erl_nif.c b/erts/emulator/beam/erl_nif.c
index 62798bb2c1..58a09986d2 100644
--- a/erts/emulator/beam/erl_nif.c
+++ b/erts/emulator/beam/erl_nif.c
@@ -531,7 +531,7 @@ int enif_alloc_binary(size_t size, ErlNifBinary* bin)
     }
     refbin->flags = BIN_FLAG_DRV; /* BUGBUG: Flag? */
     erts_refc_init(&refbin->refc, 1);
-    refbin->orig_size = (long) size;
+    refbin->orig_size = (SWord) size;
 
     bin->size = size;
     bin->data = (unsigned char*) refbin->orig_bytes;
@@ -744,7 +744,8 @@ int enif_get_int(ErlNifEnv* env, Eterm term, int* ip)
 {
 #if SIZEOF_INT ==  ERTS_SIZEOF_ETERM
     return term_to_Sint(term, (Sint*)ip);
-#elif SIZEOF_LONG ==  ERTS_SIZEOF_ETERM
+#elif (SIZEOF_LONG ==  ERTS_SIZEOF_ETERM) || \
+  (SIZEOF_LONG_LONG ==  ERTS_SIZEOF_ETERM)
     Sint i;
     if (!term_to_Sint(term, &i) || i < INT_MIN || i > INT_MAX) {
 	return 0;
@@ -760,7 +761,8 @@ int enif_get_uint(ErlNifEnv* env, Eterm term, unsigned* ip)
 {
 #if SIZEOF_INT == ERTS_SIZEOF_ETERM
     return term_to_Uint(term, (Uint*)ip);
-#elif SIZEOF_LONG == ERTS_SIZEOF_ETERM
+#elif (SIZEOF_LONG == ERTS_SIZEOF_ETERM) || \
+  (SIZEOF_LONG_LONG ==  ERTS_SIZEOF_ETERM)
     Uint i;
     if (!term_to_Uint(term, &i) || i > UINT_MAX) {
 	return 0;
@@ -776,6 +778,13 @@ int enif_get_long(ErlNifEnv* env, Eterm term, long* ip)
     return term_to_Sint(term, ip);
 #elif SIZEOF_LONG == 8
     return term_to_Sint64(term, ip);
+#elif SIZEOF_LONG == SIZEOF_INT
+    int tmp,ret;
+    ret = enif_get_int(env,term,&tmp);
+    if (ret) {
+      *ip = (long) tmp;
+    }
+    return ret;
 #else
 #  error Unknown long word size 
 #endif     
@@ -787,6 +796,14 @@ int enif_get_ulong(ErlNifEnv* env, Eterm term, unsigned long* ip)
     return term_to_Uint(term, ip);
 #elif SIZEOF_LONG == 8
     return term_to_Uint64(term, ip);
+#elif SIZEOF_LONG == SIZEOF_INT
+    int ret;
+    unsigned int tmp;
+    ret = enif_get_uint(env,term,&tmp);
+    if (ret) {
+      *ip = (unsigned long) tmp;
+    }
+    return ret;
 #else
 #  error Unknown long word size 
 #endif     
@@ -847,7 +864,8 @@ ERL_NIF_TERM enif_make_int(ErlNifEnv* env, int i)
 {
 #if SIZEOF_INT == ERTS_SIZEOF_ETERM
     return IS_SSMALL(i) ? make_small(i) : small_to_big(i,alloc_heap(env,2));
-#elif SIZEOF_LONG == ERTS_SIZEOF_ETERM
+#elif (SIZEOF_LONG == ERTS_SIZEOF_ETERM) || \
+  (SIZEOF_LONG_LONG == ERTS_SIZEOF_ETERM)
     return make_small(i);
 #endif
 }
@@ -856,7 +874,8 @@ ERL_NIF_TERM enif_make_uint(ErlNifEnv* env, unsigned i)
 {
 #if SIZEOF_INT == ERTS_SIZEOF_ETERM
     return IS_USMALL(0,i) ? make_small(i) : uint_to_big(i,alloc_heap(env,2));
-#elif SIZEOF_LONG == ERTS_SIZEOF_ETERM
+#elif (SIZEOF_LONG ==  ERTS_SIZEOF_ETERM) || \
+  (SIZEOF_LONG_LONG ==  ERTS_SIZEOF_ETERM)
     return make_small(i);
 #endif
 }
@@ -868,6 +887,8 @@ ERL_NIF_TERM enif_make_long(ErlNifEnv* env, long i)
     }
 #if SIZEOF_LONG == ERTS_SIZEOF_ETERM
     return small_to_big(i, alloc_heap(env,2));
+#elif SIZEOF_LONG_LONG ==  ERTS_SIZEOF_ETERM
+    return make_small(i);
 #elif SIZEOF_LONG == 8
     ensure_heap(env,3);
     return erts_sint64_to_big(i, &env->hp);
@@ -881,6 +902,8 @@ ERL_NIF_TERM enif_make_ulong(ErlNifEnv* env, unsigned long i)
     }
 #if SIZEOF_LONG == ERTS_SIZEOF_ETERM
     return uint_to_big(i,alloc_heap(env,2));
+#elif SIZEOF_LONG_LONG ==  ERTS_SIZEOF_ETERM
+    return make_small(i);
 #elif SIZEOF_LONG == 8
     ensure_heap(env,3);
     return erts_uint64_to_big(i, &env->hp);    
@@ -1157,7 +1180,7 @@ static ErlNifResourceType* find_resource_type(Eterm module, Eterm name)
 }
 
 #define in_area(ptr,start,nbytes) \
-    ((unsigned long)((char*)(ptr) - (char*)(start)) < (nbytes))
+    ((UWord)((char*)(ptr) - (char*)(start)) < (nbytes))
 
 
 static void close_lib(struct erl_module_nif* lib)
@@ -1484,6 +1507,7 @@ BIF_RETTYPE load_nif_2(BIF_ALIST_2)
     Eterm ret = am_ok;
     int veto;
     struct erl_module_nif* lib = NULL;
+    int reload_warning = 0;
 
     len = list_length(BIF_ARG_1);
     if (len < 0) {
@@ -1623,6 +1647,7 @@ BIF_RETTYPE load_nif_2(BIF_ALIST_2)
 	else {
 	    mod->nif->entry = NULL; /* to prevent 'unload' callback */
 	    erts_unload_nif(mod->nif);
+	    reload_warning = 1;
 	}
     }
     else {
@@ -1669,7 +1694,7 @@ BIF_RETTYPE load_nif_2(BIF_ALIST_2)
 	    }
 	    else { /* Function traced, patch the original instruction word */
 		BpData** bps = (BpData**) code_ptr[1];
-		BpData*  bp  = (BpData*) bps[bp_sched2ix()];
+		BpData*  bp  = (BpData*) bps[erts_bp_sched2ix()];
 	        bp->orig_instr = (BeamInstr) BeamOp(op_call_nif);
 	    }	    
 	    code_ptr[5+1] = (BeamInstr) entry->funcs[i].fptr;
@@ -1691,6 +1716,15 @@ BIF_RETTYPE load_nif_2(BIF_ALIST_2)
     erts_smp_thr_progress_unblock();
     erts_smp_proc_lock(BIF_P, ERTS_PROC_LOCK_MAIN);
     erts_free(ERTS_ALC_T_TMP, lib_name);
+
+    if (reload_warning) {
+	erts_dsprintf_buf_t* dsbufp = erts_create_logger_dsbuf();
+	erts_dsprintf(dsbufp,
+		      "Repeated calls to erlang:load_nif from module '%T'.\n\n"
+		      "The NIF reload mechanism is deprecated and must not "
+		      "be used in production systems.\n", mod_atom);
+	erts_send_warning_to_logger(BIF_P->group_leader, dsbufp);
+    }
     BIF_RET(ret);
 }
 
diff --git a/erts/emulator/beam/erl_nif.h b/erts/emulator/beam/erl_nif.h
index fea527f954..e5d99dc4f1 100644
--- a/erts/emulator/beam/erl_nif.h
+++ b/erts/emulator/beam/erl_nif.h
@@ -87,7 +87,11 @@ typedef long long ErlNifSInt64;
 typedef unsigned int ERL_NIF_TERM;
 #else
 #  define ERL_NIF_VM_VARIANT "beam.vanilla" 
+#  if SIZEOF_LONG == SIZEOF_VOID_P
 typedef unsigned long ERL_NIF_TERM;
+#  elif SIZEOF_LONG_LONG == SIZEOF_VOID_P
+typedef unsigned long long ERL_NIF_TERM;
+#  endif
 #endif
 
 struct enif_environment_t;
diff --git a/erts/emulator/beam/erl_nmgc.c b/erts/emulator/beam/erl_nmgc.c
index d7bfb2ab12..2a8c819360 100644
--- a/erts/emulator/beam/erl_nmgc.c
+++ b/erts/emulator/beam/erl_nmgc.c
@@ -1391,7 +1391,7 @@ Eterm *erts_inc_alloc(int need)
     if (ma_gc_flags & GC_MAJOR) {
         if (need > 254) {
             blackmap[(Eterm*)this - global_old_heap] = 255;
-            *(int*)((long)(&blackmap[(Eterm*)this - global_old_heap]+4) & ~3) =
+            *(int*)((UWord)(&blackmap[(Eterm*)this - global_old_heap]+4) & ~3) =
                 need;
         } else
             blackmap[(Eterm*)this - global_old_heap] = need;
diff --git a/erts/emulator/beam/erl_node_container_utils.h b/erts/emulator/beam/erl_node_container_utils.h
index 2c67e781e0..329a2204cc 100644
--- a/erts/emulator/beam/erl_node_container_utils.h
+++ b/erts/emulator/beam/erl_node_container_utils.h
@@ -176,7 +176,7 @@ extern int erts_use_r9_pids_ports;
  * 32-bit CPU.
  */
 
-#define ERTS_MAX_PROCESSES ((1L << 27)-1)
+#define ERTS_MAX_PROCESSES ((SWORD_CONSTANT(1) << 27)-1)
 #if (ERTS_MAX_PROCESSES > MAX_SMALL)
 # error "The maximum number of processes must fit in a SMALL."
 #endif
diff --git a/erts/emulator/beam/erl_port_task.c b/erts/emulator/beam/erl_port_task.c
index 87b8e5131b..a2b08fcf56 100644
--- a/erts/emulator/beam/erl_port_task.c
+++ b/erts/emulator/beam/erl_port_task.c
@@ -731,7 +731,6 @@ erts_port_task_execute(ErtsRunQueue *runq, Port **curr_port_pp)
     int reds = ERTS_PORT_REDS_EXECUTE;
     erts_aint_t io_tasks_executed = 0;
     int fpe_was_unmasked;
-    ErtsPortTaskExeBlockData blk_data = {runq, NULL};
 
     ERTS_SMP_LC_ASSERT(erts_smp_lc_runq_is_locked(runq));
 
@@ -965,8 +964,6 @@ erts_port_task_execute(ErtsRunQueue *runq, Port **curr_port_pp)
 #endif
 
  done:
-    blk_data.resp = &res;
-
     ERTS_SMP_LC_ASSERT(erts_smp_lc_runq_is_locked(runq));
 
     ERTS_PORT_REDUCTIONS_EXECUTED(runq, reds);
@@ -1048,8 +1045,6 @@ erts_port_migrate(Port *prt, int *prt_locked,
     ERTS_SMP_LC_CHK_RUNQ_LOCK(from_rq, *from_locked);
     ERTS_SMP_LC_CHK_RUNQ_LOCK(to_rq, *to_locked);
 
-    ASSERT(!erts_common_run_queue);
-
     if (!*from_locked || !*to_locked) {
 	if (from_rq < to_rq) {
 	    if (!*to_locked) {
diff --git a/erts/emulator/beam/erl_process.c b/erts/emulator/beam/erl_process.c
index 84c0ded016..138acfeb2c 100644
--- a/erts/emulator/beam/erl_process.c
+++ b/erts/emulator/beam/erl_process.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 1996-2011. All Rights Reserved.
+ * Copyright Ericsson AB 1996-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -196,8 +196,6 @@ do {							\
 
 erts_sched_stat_t erts_sched_stat;
 
-ErtsRunQueue *erts_common_run_queue;
-
 #ifdef USE_THREADS
 static erts_tsd_key_t sched_data_key;
 #endif
@@ -225,16 +223,11 @@ typedef union {
 
 static ErtsAlignedSchedulerSleepInfo *aligned_sched_sleep_info;
 
-#ifndef BM_COUNTERS
-static int processes_busy;
-#endif
-
 Process**  process_tab;
 static Uint last_reductions;
 static Uint last_exact_reductions;
 Uint erts_default_process_flags;
 Eterm erts_system_monitor;
-Eterm erts_system_monitor_msg_queue_len;
 Eterm erts_system_monitor_long_gc;
 Eterm erts_system_monitor_large_heap;
 struct erts_system_monitor_flags_t erts_system_monitor_flags;
@@ -354,40 +347,25 @@ dbg_chk_aux_work_val(erts_aint32_t value)
 {
     erts_aint32_t valid = 0;
 
-#ifdef ERTS_SSI_AUX_WORK_SET_TMO
     valid |= ERTS_SSI_AUX_WORK_SET_TMO;
-#endif
-#ifdef ERTS_SSI_AUX_WORK_CHECK_CHILDREN
-    valid |= ERTS_SSI_AUX_WORK_CHECK_CHILDREN;
-#endif
-#ifdef ERTS_SSI_AUX_WORK_MISC
     valid |= ERTS_SSI_AUX_WORK_MISC;
-#endif
-#ifdef ERTS_SSI_AUX_WORK_MISC_THR_PRGR
-    valid |= ERTS_SSI_AUX_WORK_MISC_THR_PRGR;
-#endif
-#ifdef ERTS_SSI_AUX_WORK_ASYNC_READY
-    valid |= ERTS_SSI_AUX_WORK_ASYNC_READY;
-#endif
-#ifdef ERTS_SSI_AUX_WORK_ASYNC_READY_CLEAN
-    valid |= ERTS_SSI_AUX_WORK_ASYNC_READY_CLEAN;
-#endif
-
-#ifdef ERTS_SSI_AUX_WORK_FIX_ALLOC_LOWER_LIM
     valid |= ERTS_SSI_AUX_WORK_FIX_ALLOC_LOWER_LIM;
-#endif
-#ifdef ERTS_SSI_AUX_WORK_FIX_ALLOC_DEALLOC
     valid |= ERTS_SSI_AUX_WORK_FIX_ALLOC_DEALLOC;
+#if ERTS_USE_ASYNC_READY_Q
+    valid |= ERTS_SSI_AUX_WORK_ASYNC_READY;
+    valid |= ERTS_SSI_AUX_WORK_ASYNC_READY_CLEAN;
 #endif
-#ifdef ERTS_SSI_AUX_WORK_DD
+#ifdef ERTS_SMP
+    valid |= ERTS_SSI_AUX_WORK_MISC_THR_PRGR;
     valid |= ERTS_SSI_AUX_WORK_DD;
-#endif
-#ifdef ERTS_SSI_AUX_WORK_DD
     valid |= ERTS_SSI_AUX_WORK_DD_THR_PRGR;
 #endif
-#ifdef ERTS_SSI_AUX_WORK_MSEG_CACHE_CHECK
+#if HAVE_ERTS_MSEG
     valid |= ERTS_SSI_AUX_WORK_MSEG_CACHE_CHECK;
 #endif
+#ifdef ERTS_SMP_SCHEDULERS_NEED_TO_CHECK_CHILDREN
+    valid |= ERTS_SSI_AUX_WORK_CHECK_CHILDREN;
+#endif
 
     if (~valid & value)
 	erl_exit(ERTS_ABORT_EXIT,
@@ -497,9 +475,6 @@ erts_init_process(int ncpu)
     p_serial_shift = erts_fit_in_bits(erts_max_processes - 1);
     p_serial_mask = ((~(~((Uint) 0) << proc_bits)) >> p_serial_shift);
     erts_process_tab_index_mask = ~(~((Uint) 0) << p_serial_shift);
-#ifndef BM_COUNTERS
-    processes_busy = 0;
-#endif
     last_reductions = 0;
     last_exact_reductions = 0;
     erts_default_process_flags = 0;
@@ -546,6 +521,209 @@ erts_late_init_process(void)
 
 }
 
+static void
+init_sched_wall_time(ErtsSchedWallTime *swtp)
+{
+    swtp->enabled = 0;
+    swtp->start = 0;
+    swtp->working.total = 0;
+    swtp->working.start = 0;
+    swtp->working.currently = 0;
+}
+
+static ERTS_INLINE Uint64
+sched_wall_time_ts(void)
+{
+#ifdef HAVE_GETHRTIME
+    return (Uint64) sys_gethrtime();
+#else
+    Uint64 res;
+    SysTimeval tv;
+    sys_gettimeofday(&tv);
+    res = (Uint64) tv.tv_sec*1000000;
+    res += (Uint64) tv.tv_usec;
+    return res;
+#endif
+}
+
+static ERTS_INLINE void
+sched_wall_time_change(ErtsSchedulerData *esdp, int working)
+{
+    if (esdp->sched_wall_time.enabled) {
+	Uint64 ts = sched_wall_time_ts();
+	if (working) {
+#ifdef DEBUG
+	    ASSERT(!esdp->sched_wall_time.working.currently);
+	    esdp->sched_wall_time.working.currently = 1;
+#endif
+	    ts -= esdp->sched_wall_time.start;
+	    esdp->sched_wall_time.working.start = ts;
+	}
+	else {
+#ifdef DEBUG
+	    ASSERT(esdp->sched_wall_time.working.currently);
+	    esdp->sched_wall_time.working.currently = 0;
+#endif
+	    ts -= esdp->sched_wall_time.start;
+	    ts -= esdp->sched_wall_time.working.start;
+	    esdp->sched_wall_time.working.total += ts;
+	}
+    }
+}
+
+typedef struct {
+    int set;
+    int enable;
+    Process *proc;
+    Eterm ref;
+    Eterm ref_heap[REF_THING_SIZE];
+    Uint req_sched;
+    erts_smp_atomic32_t refc;
+} ErtsSchedWallTimeReq;
+
+#if !HALFWORD_HEAP
+ERTS_SCHED_PREF_QUICK_ALLOC_IMPL(swtreq,
+				 ErtsSchedWallTimeReq,
+				 5,
+				 ERTS_ALC_T_SCHED_WTIME_REQ)
+#else
+static ERTS_INLINE ErtsSchedWallTimeReq *
+swtreq_alloc(void)
+{
+    return erts_alloc(ERTS_ALC_T_SCHED_WTIME_REQ,
+		      sizeof(ErtsSchedWallTimeReq));
+}
+
+static ERTS_INLINE void
+swtreq_free(ErtsSchedWallTimeReq *ptr)
+{
+    erts_free(ERTS_ALC_T_SCHED_WTIME_REQ, ptr);
+}
+#endif
+
+static void
+reply_sched_wall_time(void *vswtrp)
+{
+    Uint64 working = 0, total = 0;
+    ErtsSchedulerData *esdp = erts_get_scheduler_data();
+    ErtsSchedWallTimeReq *swtrp = (ErtsSchedWallTimeReq *) vswtrp;
+    ErtsProcLocks rp_locks = (swtrp->req_sched == esdp->no
+			      ? ERTS_PROC_LOCK_MAIN
+			      : 0);
+    Process *rp = swtrp->proc;
+    Eterm ref_copy = NIL, msg;
+    Eterm *hp = NULL;
+    Eterm **hpp;
+    Uint sz, *szp;
+    ErlOffHeap *ohp = NULL;
+    ErlHeapFragment *bp = NULL;
+
+    ASSERT(esdp);
+    
+    if (swtrp->set) {
+	if (!swtrp->enable && esdp->sched_wall_time.enabled)
+	    esdp->sched_wall_time.enabled = 0;
+	else if (swtrp->enable && !esdp->sched_wall_time.enabled) {
+	    Uint64 ts = sched_wall_time_ts();
+	    esdp->sched_wall_time.enabled = 1;
+	    esdp->sched_wall_time.start = ts;
+	    esdp->sched_wall_time.working.total = 0;
+	    esdp->sched_wall_time.working.start = 0;
+	    esdp->sched_wall_time.working.currently = 1;
+	}
+    }
+
+    if (esdp->sched_wall_time.enabled) {
+	Uint64 ts = sched_wall_time_ts();
+	ASSERT(esdp->sched_wall_time.working.currently);
+	ts -= esdp->sched_wall_time.start;
+	total = ts;
+	ts -= esdp->sched_wall_time.working.start;
+	working = esdp->sched_wall_time.working.total + ts;
+    }
+
+    sz = 0;
+    hpp = NULL;
+    szp = &sz;
+
+    while (1) {
+	if (hpp)
+	    ref_copy = STORE_NC(hpp, ohp, swtrp->ref);
+	else
+	    *szp += REF_THING_SIZE;
+
+	if (swtrp->set)
+	    msg = ref_copy;
+	else {
+	    msg = (!esdp->sched_wall_time.enabled
+		   ? am_notsup
+		   : erts_bld_tuple(hpp, szp, 3,
+				    make_small(esdp->no),
+				    erts_bld_uint64(hpp, szp, working),
+				    erts_bld_uint64(hpp, szp, total)));
+
+	    msg = erts_bld_tuple(hpp, szp, 2, ref_copy, msg);
+	}
+	if (hpp)
+	    break;
+
+	hp = erts_alloc_message_heap(sz, &bp, &ohp, rp, &rp_locks);
+	szp = NULL;
+	hpp = &hp;
+    }
+
+    erts_queue_message(rp, &rp_locks, bp, msg, NIL);
+
+    if (swtrp->req_sched == esdp->no)
+	rp_locks &= ~ERTS_PROC_LOCK_MAIN;
+ 
+    if (rp_locks)
+	erts_smp_proc_unlock(rp, rp_locks);
+
+    erts_smp_proc_dec_refc(rp);
+
+    if (erts_smp_atomic32_dec_read_nob(&swtrp->refc) == 0)
+	swtreq_free(vswtrp);
+}
+
+Eterm
+erts_sched_wall_time_request(Process *c_p, int set, int enable)
+{
+    ErtsSchedulerData *esdp = ERTS_PROC_GET_SCHDATA(c_p);
+    Eterm ref;
+    ErtsSchedWallTimeReq *swtrp;
+    Eterm *hp;
+
+    if (!set && !esdp->sched_wall_time.enabled)
+	return THE_NON_VALUE;
+
+    swtrp = swtreq_alloc();
+    ref = erts_make_ref(c_p);
+    hp = &swtrp->ref_heap[0];
+
+    swtrp->set = set;
+    swtrp->enable = enable;
+    swtrp->proc = c_p;
+    swtrp->ref = STORE_NC(&hp, NULL, ref);
+    swtrp->req_sched = esdp->no;
+    erts_smp_atomic32_init_nob(&swtrp->refc,
+			       (erts_aint32_t) erts_no_schedulers);
+
+    erts_smp_proc_add_refc(c_p, (Sint32) erts_no_schedulers);
+
+#ifdef ERTS_SMP
+    if (erts_no_schedulers > 1)
+	erts_schedule_multi_misc_aux_work(1,
+					  erts_no_schedulers,
+					  reply_sched_wall_time,
+					  (void *) swtrp);
+#endif
+
+    reply_sched_wall_time((void *) swtrp);
+
+    return ref;
+}
+
 static ERTS_INLINE ErtsProcList *
 proclist_create(Process *p)
 {
@@ -718,6 +896,27 @@ unset_aux_work_flags(ErtsSchedulerSleepInfo *ssi, erts_aint32_t flgs)
     return erts_atomic32_read_band_nob(&ssi->aux_work, ~flgs);
 }
 
+#ifdef ERTS_SMP
+
+static ERTS_INLINE void
+thr_prgr_current_reset(ErtsAuxWorkData *awdp)
+{
+    awdp->current_thr_prgr = ERTS_THR_PRGR_INVALID;
+}
+
+static ERTS_INLINE ErtsThrPrgrVal
+thr_prgr_current(ErtsAuxWorkData *awdp)
+{
+    ErtsThrPrgrVal current = awdp->current_thr_prgr;
+    if (current == ERTS_THR_PRGR_INVALID) {
+	current = erts_thr_progress_current();
+	awdp->current_thr_prgr = current;
+    }
+    return current;
+}
+
+#endif
+
 typedef struct erts_misc_aux_work_t_ erts_misc_aux_work_t;
 struct erts_misc_aux_work_t_ {
     void (*func)(void *);
@@ -778,8 +977,8 @@ misc_aux_work_clean(ErtsThrQ_t *q,
     case ERTS_THR_Q_DIRTY:
 	set_aux_work_flags(awdp->ssi, ERTS_SSI_AUX_WORK_MISC);
 	return aux_work | ERTS_SSI_AUX_WORK_MISC;
-#ifdef ERTS_SMP
     case ERTS_THR_Q_NEED_THR_PRGR:
+#ifdef ERTS_SMP
 	set_aux_work_flags(awdp->ssi, ERTS_SSI_AUX_WORK_MISC_THR_PRGR);
 	erts_thr_progress_wakeup(awdp->esdp,
 				 erts_thr_q_need_thr_progress(q));
@@ -790,7 +989,7 @@ misc_aux_work_clean(ErtsThrQ_t *q,
     return aux_work;
 }
 
-static erts_aint32_t
+static ERTS_INLINE erts_aint32_t
 handle_misc_aux_work(ErtsAuxWorkData *awdp,
 		     erts_aint32_t aux_work)
 {
@@ -810,12 +1009,13 @@ handle_misc_aux_work(ErtsAuxWorkData *awdp,
 
 #ifdef ERTS_SMP
 
-static erts_aint32_t
+static ERTS_INLINE erts_aint32_t
 handle_misc_aux_work_thr_prgr(ErtsAuxWorkData *awdp,
 			      erts_aint32_t aux_work)
 {
-    if (!erts_thr_progress_has_reached(awdp->misc.thr_prgr))
-	return aux_work;
+    if (!erts_thr_progress_has_reached_this(thr_prgr_current(awdp),
+					    awdp->misc.thr_prgr))
+	return aux_work & ~ERTS_SSI_AUX_WORK_MISC_THR_PRGR;
 
     unset_aux_work_flags(awdp->ssi, ERTS_SSI_AUX_WORK_MISC_THR_PRGR);
 
@@ -888,7 +1088,7 @@ erts_notify_check_async_ready_queue(void *vno)
 				  ERTS_SSI_AUX_WORK_ASYNC_READY);
 }
 
-static erts_aint32_t
+static ERTS_INLINE erts_aint32_t
 handle_async_ready(ErtsAuxWorkData *awdp,
 		   erts_aint32_t aux_work)
 {
@@ -910,7 +1110,7 @@ handle_async_ready(ErtsAuxWorkData *awdp,
 	    | ERTS_SSI_AUX_WORK_ASYNC_READY_CLEAN);
 }
 
-static erts_aint32_t
+static ERTS_INLINE erts_aint32_t
 handle_async_ready_clean(ErtsAuxWorkData *awdp,
 			 erts_aint32_t aux_work)
 {
@@ -918,7 +1118,8 @@ handle_async_ready_clean(ErtsAuxWorkData *awdp,
 
 #ifdef ERTS_SMP
     if (awdp->async_ready.need_thr_prgr
-	&& !erts_thr_progress_has_reached(awdp->misc.thr_prgr)) {
+	&& !erts_thr_progress_has_reached_this(thr_prgr_current(awdp),
+					       awdp->async_ready.thr_prgr)) {
 	return aux_work & ~ERTS_SSI_AUX_WORK_ASYNC_READY_CLEAN;
     }
 
@@ -937,6 +1138,7 @@ handle_async_ready_clean(ErtsAuxWorkData *awdp,
 	erts_thr_progress_wakeup(awdp->esdp,
 				 awdp->async_ready.thr_prgr);
 	awdp->async_ready.need_thr_prgr = 1;
+	return aux_work & ~ERTS_SSI_AUX_WORK_ASYNC_READY_CLEAN;
 #endif
     default:
 	return aux_work;
@@ -945,7 +1147,7 @@ handle_async_ready_clean(ErtsAuxWorkData *awdp,
 
 #endif
 
-static erts_aint32_t
+static ERTS_INLINE erts_aint32_t
 handle_fix_alloc(ErtsAuxWorkData *awdp, erts_aint32_t aux_work)
 {
     ErtsSchedulerSleepInfo *ssi = awdp->ssi;
@@ -973,16 +1175,18 @@ erts_alloc_notify_delayed_dealloc(int ix)
 				  ERTS_SSI_AUX_WORK_DD);
 }
 
-static erts_aint32_t
+static ERTS_INLINE erts_aint32_t
 handle_delayed_dealloc(ErtsAuxWorkData *awdp, erts_aint32_t aux_work)
 {
     ErtsSchedulerSleepInfo *ssi = awdp->ssi;
     int need_thr_progress = 0;
+    ErtsThrPrgrVal wakeup = ERTS_THR_PRGR_INVALID;
     int more_work = 0;
 
     unset_aux_work_flags(ssi, ERTS_SSI_AUX_WORK_DD);
     erts_alloc_scheduler_handle_delayed_dealloc((void *) awdp->esdp,
 						&need_thr_progress,
+						&wakeup,
 						&more_work);
     if (more_work) {
 	if (set_aux_work_flags(ssi, ERTS_SSI_AUX_WORK_DD)
@@ -994,9 +1198,12 @@ handle_delayed_dealloc(ErtsAuxWorkData *awdp, erts_aint32_t aux_work)
     }
 
     if (need_thr_progress) {
+	if (wakeup == ERTS_THR_PRGR_INVALID)
+	    wakeup = erts_thr_progress_later_than(thr_prgr_current(awdp));
+	awdp->dd.thr_prgr = wakeup;
 	set_aux_work_flags(ssi, ERTS_SSI_AUX_WORK_DD_THR_PRGR);
-	awdp->dd.thr_prgr = erts_thr_progress_later();
-	erts_thr_progress_wakeup(awdp->esdp, awdp->dd.thr_prgr);
+	awdp->dd.thr_prgr = wakeup;
+	erts_thr_progress_wakeup(awdp->esdp, wakeup);
     }
     else if (awdp->dd.completed_callback) {
 	awdp->dd.completed_callback(awdp->dd.completed_arg);
@@ -1006,14 +1213,16 @@ handle_delayed_dealloc(ErtsAuxWorkData *awdp, erts_aint32_t aux_work)
     return aux_work & ~ERTS_SSI_AUX_WORK_DD;
 }
 
-static erts_aint32_t
+static ERTS_INLINE erts_aint32_t
 handle_delayed_dealloc_thr_prgr(ErtsAuxWorkData *awdp, erts_aint32_t aux_work)
 {
     ErtsSchedulerSleepInfo *ssi;
     int need_thr_progress;
     int more_work;
+    ErtsThrPrgrVal wakeup = ERTS_THR_PRGR_INVALID;
+    ErtsThrPrgrVal current = thr_prgr_current(awdp);
 
-    if (!erts_thr_progress_has_reached(awdp->dd.thr_prgr))
+    if (!erts_thr_progress_has_reached_this(current, awdp->dd.thr_prgr))
 	return aux_work & ~ERTS_SSI_AUX_WORK_DD_THR_PRGR;
 
     ssi = awdp->ssi;
@@ -1022,6 +1231,7 @@ handle_delayed_dealloc_thr_prgr(ErtsAuxWorkData *awdp, erts_aint32_t aux_work)
 
     erts_alloc_scheduler_handle_delayed_dealloc((void *) awdp->esdp,
 						&need_thr_progress,
+						&wakeup,
 						&more_work);
     if (more_work) {
 	set_aux_work_flags(ssi, ERTS_SSI_AUX_WORK_DD);
@@ -1031,8 +1241,10 @@ handle_delayed_dealloc_thr_prgr(ErtsAuxWorkData *awdp, erts_aint32_t aux_work)
     }
 
     if (need_thr_progress) {
-	awdp->dd.thr_prgr = erts_thr_progress_later();
-	erts_thr_progress_wakeup(awdp->esdp, awdp->dd.thr_prgr);
+	if (wakeup == ERTS_THR_PRGR_INVALID)
+	    wakeup = erts_thr_progress_later_than(current);
+	awdp->dd.thr_prgr = wakeup;
+	erts_thr_progress_wakeup(awdp->esdp, wakeup);
     }
     else {
 	unset_aux_work_flags(ssi, ERTS_SSI_AUX_WORK_DD_THR_PRGR);
@@ -1129,7 +1341,7 @@ erts_smp_notify_check_children_needed(void)
 				      ERTS_SSI_AUX_WORK_CHECK_CHILDREN);
 }
 
-static erts_aint32_t
+static ERTS_INLINE erts_aint32_t
 handle_check_children(ErtsAuxWorkData *awdp, erts_aint32_t aux_work)
 {
     unset_aux_work_flags(awdp->ssi, ERTS_SSI_AUX_WORK_CHECK_CHILDREN);
@@ -1139,9 +1351,9 @@ handle_check_children(ErtsAuxWorkData *awdp, erts_aint32_t aux_work)
 
 #endif
 
-#ifdef ERTS_SSI_AUX_WORK_MSEG_CACHE_CHECK
+#if HAVE_ERTS_MSEG
 
-static erts_aint32_t
+static ERTS_INLINE erts_aint32_t
 handle_mseg_cache_check(ErtsAuxWorkData *awdp, erts_aint32_t aux_work)
 {
     unset_aux_work_flags(awdp->ssi, ERTS_SSI_AUX_WORK_MSEG_CACHE_CHECK);
@@ -1151,7 +1363,7 @@ handle_mseg_cache_check(ErtsAuxWorkData *awdp, erts_aint32_t aux_work)
 
 #endif
 
-static erts_aint32_t
+static ERTS_INLINE erts_aint32_t
 handle_setup_aux_work_timer(ErtsAuxWorkData *awdp, erts_aint32_t aux_work)
 {
     unset_aux_work_flags(awdp->ssi, ERTS_SSI_AUX_WORK_SET_TMO);
@@ -1159,69 +1371,92 @@ handle_setup_aux_work_timer(ErtsAuxWorkData *awdp, erts_aint32_t aux_work)
     return aux_work & ~ERTS_SSI_AUX_WORK_SET_TMO;
 }
 
-static ERTS_INLINE erts_aint32_t
-handle_aux_work(ErtsAuxWorkData *awdp, erts_aint32_t aux_work)
+static erts_aint32_t
+handle_aux_work(ErtsAuxWorkData *awdp, erts_aint32_t orig_aux_work)
 {
+#undef HANDLE_AUX_WORK
+#define HANDLE_AUX_WORK(FLG, HNDLR) \
+    ignore |= FLG; \
+    if (aux_work & FLG) { \
+	aux_work = HNDLR(awdp, aux_work); \
+	ERTS_DBG_CHK_AUX_WORK_VAL(aux_work); \
+	if (!(aux_work & ~ignore)) { \
+	    ERTS_DBG_CHK_AUX_WORK_VAL(aux_work); \
+	    return aux_work; \
+	} \
+    }
+
+    erts_aint32_t aux_work = orig_aux_work;
+    erts_aint32_t ignore = 0;
+
+#ifdef ERTS_SMP
+    thr_prgr_current_reset(awdp);
+#endif
+
+    ERTS_DBG_CHK_AUX_WORK_VAL(aux_work);
+    ASSERT(aux_work);
+
     /*
      * Handlers are *only* allowed to modify flags in return value
      * and ssi flags that are explicity handled by the handler.
      * Handlers are, e.g., not allowed to read the ssi flag field and
      * then unconditionally return that value.
+     *
+     * Flag field returned should only contain flags for work that
+     * can continue immediately.
+     */
+
+    /*
+     * Keep ERTS_SSI_AUX_WORK flags in expected frequency order relative
+     * eachother. Most frequent first.
      */
-    ERTS_DBG_CHK_AUX_WORK_VAL(aux_work);
-    if (aux_work & ERTS_SSI_AUX_WORK_SET_TMO) {
-	aux_work = handle_setup_aux_work_timer(awdp, aux_work);
-	ERTS_DBG_CHK_AUX_WORK_VAL(aux_work);
-    }
 #ifdef ERTS_SMP
-    if (aux_work & ERTS_SSI_AUX_WORK_MISC_THR_PRGR) {
-	aux_work = handle_misc_aux_work_thr_prgr(awdp, aux_work);
-	ERTS_DBG_CHK_AUX_WORK_VAL(aux_work);
-    }
+    HANDLE_AUX_WORK(ERTS_SSI_AUX_WORK_DD,
+		    handle_delayed_dealloc);
+    /* DD must be before DD_THR_PRGR */
+    HANDLE_AUX_WORK(ERTS_SSI_AUX_WORK_DD_THR_PRGR,
+		    handle_delayed_dealloc_thr_prgr);
 #endif
-    if (aux_work & ERTS_SSI_AUX_WORK_MISC) {
-	aux_work = handle_misc_aux_work(awdp, aux_work);
-	ERTS_DBG_CHK_AUX_WORK_VAL(aux_work);
-    }
+
+    HANDLE_AUX_WORK((ERTS_SSI_AUX_WORK_FIX_ALLOC_LOWER_LIM
+		     | ERTS_SSI_AUX_WORK_FIX_ALLOC_DEALLOC),
+		    handle_fix_alloc);
+
 #if ERTS_USE_ASYNC_READY_Q
-    if (aux_work & ERTS_SSI_AUX_WORK_ASYNC_READY) {
-	aux_work = handle_async_ready(awdp, aux_work);
-	ERTS_DBG_CHK_AUX_WORK_VAL(aux_work);
-    }
-    if (aux_work & ERTS_SSI_AUX_WORK_ASYNC_READY_CLEAN) {
-	aux_work = handle_async_ready_clean(awdp, aux_work);
-	ERTS_DBG_CHK_AUX_WORK_VAL(aux_work);
-    }
+    HANDLE_AUX_WORK(ERTS_SSI_AUX_WORK_ASYNC_READY,
+		    handle_async_ready);
+    /* ASYNC_READY must be before ASYNC_READY_CLEAN */
+    HANDLE_AUX_WORK(ERTS_SSI_AUX_WORK_ASYNC_READY_CLEAN,
+		    handle_async_ready_clean);
 #endif
-#ifdef ERTS_SMP_SCHEDULERS_NEED_TO_CHECK_CHILDREN
-    if (aux_work & ERTS_SSI_AUX_WORK_CHECK_CHILDREN) {
-	aux_work = handle_check_children(awdp, aux_work);
-	ERTS_DBG_CHK_AUX_WORK_VAL(aux_work);
-    }
-#endif
-    if (aux_work & (ERTS_SSI_AUX_WORK_FIX_ALLOC_LOWER_LIM
-		    | ERTS_SSI_AUX_WORK_FIX_ALLOC_DEALLOC)) {
-	aux_work = handle_fix_alloc(awdp, aux_work);
-	ERTS_DBG_CHK_AUX_WORK_VAL(aux_work);
-    }
+
 #ifdef ERTS_SMP
-    if (aux_work & ERTS_SSI_AUX_WORK_DD) {
-	aux_work = handle_delayed_dealloc(awdp, aux_work);
-	ERTS_DBG_CHK_AUX_WORK_VAL(aux_work);
-    }
-    if (aux_work & ERTS_SSI_AUX_WORK_DD_THR_PRGR) {
-	aux_work = handle_delayed_dealloc_thr_prgr(awdp, aux_work);
-	ERTS_DBG_CHK_AUX_WORK_VAL(aux_work);
-    }
+    HANDLE_AUX_WORK(ERTS_SSI_AUX_WORK_MISC_THR_PRGR,
+		    handle_misc_aux_work_thr_prgr);
 #endif
-#ifdef ERTS_SSI_AUX_WORK_MSEG_CACHE_CHECK
-    if (aux_work & ERTS_SSI_AUX_WORK_MSEG_CACHE_CHECK) {
-	aux_work = handle_mseg_cache_check(awdp, aux_work);
-	ERTS_DBG_CHK_AUX_WORK_VAL(aux_work);
-    }
+    /* MISC_THR_PRGR must be before MISC */
+    HANDLE_AUX_WORK(ERTS_SSI_AUX_WORK_MISC,
+		    handle_misc_aux_work);
+
+#ifdef ERTS_SMP_SCHEDULERS_NEED_TO_CHECK_CHILDREN
+    HANDLE_AUX_WORK(ERTS_SSI_AUX_WORK_CHECK_CHILDREN,
+		    handle_check_children);
+#endif
+
+    HANDLE_AUX_WORK(ERTS_SSI_AUX_WORK_SET_TMO,
+		    handle_setup_aux_work_timer);
+
+#if HAVE_ERTS_MSEG
+    HANDLE_AUX_WORK(ERTS_SSI_AUX_WORK_MSEG_CACHE_CHECK,
+		    handle_mseg_cache_check);
 #endif
+
     ERTS_DBG_CHK_AUX_WORK_VAL(aux_work);
+
     return aux_work;
+
+#undef HANDLE_AUX_WORK
+
 }
 
 typedef struct {
@@ -1715,6 +1950,7 @@ aux_thread(void *unused)
 static void
 scheduler_wait(int *fcalls, ErtsSchedulerData *esdp, ErtsRunQueue *rq)
 {
+    int working = 1;
     ErtsSchedulerSleepInfo *ssi = esdp->ssi;
     int spincount;
     erts_aint32_t aux_work = 0;
@@ -1724,21 +1960,12 @@ scheduler_wait(int *fcalls, ErtsSchedulerData *esdp, ErtsRunQueue *rq)
 
     ERTS_SMP_LC_ASSERT(erts_smp_lc_runq_is_locked(rq));
 
-    erts_smp_spin_lock(&rq->sleepers.lock);
     flgs = sched_prep_spin_wait(ssi);
     if (flgs & ERTS_SSI_FLG_SUSPENDED) {
 	/* Go suspend instead... */
-	erts_smp_spin_unlock(&rq->sleepers.lock);
 	return;
     }
 
-    ssi->prev = NULL;
-    ssi->next = rq->sleepers.list;
-    if (rq->sleepers.list)
-	rq->sleepers.list->prev = ssi;
-    rq->sleepers.list = ssi;
-    erts_smp_spin_unlock(&rq->sleepers.lock);
-
     /*
      * If all schedulers are waiting, one of them *should*
      * be waiting in erl_sys_schedule()
@@ -1754,12 +1981,17 @@ scheduler_wait(int *fcalls, ErtsSchedulerData *esdp, ErtsRunQueue *rq)
 
     tse_wait:
 
+	if (thr_prgr_active != working)
+	    sched_wall_time_change(esdp, thr_prgr_active);
+
 	while (1) {
 
 	    aux_work = erts_atomic32_read_acqb(&ssi->aux_work);
 	    if (aux_work) {
-		if (!thr_prgr_active)
+		if (!thr_prgr_active) {
 		    erts_thr_progress_active(esdp, thr_prgr_active = 1);
+		    sched_wall_time_change(esdp, 1);
+		}
 		aux_work = handle_aux_work(&esdp->aux_work_data, aux_work);
 		if (aux_work && erts_thr_progress_update(esdp))
 		    erts_thr_progress_leader_update(esdp);
@@ -1768,8 +2000,10 @@ scheduler_wait(int *fcalls, ErtsSchedulerData *esdp, ErtsRunQueue *rq)
 	    if (aux_work)
 		flgs = erts_smp_atomic32_read_acqb(&ssi->flags);
 	    else {
-		if (thr_prgr_active)
+		if (thr_prgr_active) {
 		    erts_thr_progress_active(esdp, thr_prgr_active = 0);
+		    sched_wall_time_change(esdp, 0);
+		}
 		erts_thr_progress_prepare_wait(esdp);
 
 		flgs = sched_spin_wait(ssi, spincount);
@@ -1806,8 +2040,10 @@ scheduler_wait(int *fcalls, ErtsSchedulerData *esdp, ErtsRunQueue *rq)
 	if (flgs & ~ERTS_SSI_FLG_SUSPENDED)
 	    erts_smp_atomic32_read_band_nob(&ssi->flags, ERTS_SSI_FLG_SUSPENDED);
 
-	if (!thr_prgr_active)
+	if (!thr_prgr_active) {
 	    erts_thr_progress_active(esdp, thr_prgr_active = 1);
+	    sched_wall_time_change(esdp, 1);
+	}
 
 	erts_smp_runq_lock(rq);
 	sched_active(esdp->no, rq);
@@ -1823,14 +2059,21 @@ scheduler_wait(int *fcalls, ErtsSchedulerData *esdp, ErtsRunQueue *rq)
 
 	sched_waiting_sys(esdp->no, rq);
 
+
 	erts_smp_runq_unlock(rq);
 
+	ASSERT(working);
+	sched_wall_time_change(esdp, working = 0);
+
 	spincount = ERTS_SCHED_SYS_SLEEP_SPINCOUNT;
 
 	while (spincount-- > 0) {
 
 	sys_poll_aux_work:
 
+	    if (working)
+		sched_wall_time_change(esdp, working = 0);
+
 	    ASSERT(!erts_port_task_have_outstanding_io_tasks());
 
 	    erl_sys_schedule(1); /* Might give us something to do */
@@ -1845,6 +2088,8 @@ scheduler_wait(int *fcalls, ErtsSchedulerData *esdp, ErtsRunQueue *rq)
 
 	    aux_work = erts_atomic32_read_acqb(&ssi->aux_work);
 	    if (aux_work) {
+		if (!working)
+		    sched_wall_time_change(esdp, working = 1);
 #ifdef ERTS_SMP
 		if (!thr_prgr_active)
 		    erts_thr_progress_active(esdp, thr_prgr_active = 1);
@@ -1937,6 +2182,9 @@ scheduler_wait(int *fcalls, ErtsSchedulerData *esdp, ErtsRunQueue *rq)
 
 	erts_smp_runq_unlock(rq);
 
+	if (working)
+	    sched_wall_time_change(esdp, working = 0);
+
 #ifdef ERTS_SMP
 	if (thr_prgr_active)
 	    erts_thr_progress_active(esdp, thr_prgr_active = 0);
@@ -1972,6 +2220,8 @@ scheduler_wait(int *fcalls, ErtsSchedulerData *esdp, ErtsRunQueue *rq)
 	if (flgs & ~ERTS_SSI_FLG_SUSPENDED)
 	    erts_smp_atomic32_read_band_nob(&ssi->flags, ERTS_SSI_FLG_SUSPENDED);
 #endif
+	if (!working)
+	    sched_wall_time_change(esdp, working = 1);
 	sched_active_sys(esdp->no, rq);
     }
 
@@ -1997,10 +2247,10 @@ ssi_flags_set_wake(ErtsSchedulerSleepInfo *ssi)
 }
 
 static void
-wake_scheduler(ErtsRunQueue *rq, int incq, int one)
+wake_scheduler(ErtsRunQueue *rq, int incq)
 {
     ErtsSchedulerSleepInfo *ssi;
-    ErtsSchedulerSleepList *sl;
+    erts_aint32_t flgs;
 
     /*
      * The unlocked run queue is not strictly necessary
@@ -2012,56 +2262,13 @@ wake_scheduler(ErtsRunQueue *rq, int incq, int one)
      */
     ERTS_SMP_LC_ASSERT(!erts_smp_lc_runq_is_locked(rq));
 
-    sl = &rq->sleepers;
-
-    erts_smp_spin_lock(&sl->lock);
-    ssi = sl->list;
-    if (!ssi)
-	erts_smp_spin_unlock(&sl->lock);
-    else if (one) {
-	erts_aint32_t flgs;
-	if (ssi->prev)
-	    ssi->prev->next = ssi->next;
-	else {
-	    ASSERT(sl->list == ssi);
-	    sl->list = ssi->next;
-	}
-	if (ssi->next)
-	    ssi->next->prev = ssi->prev;
-
-	erts_smp_spin_unlock(&sl->lock);
-
-	flgs = ssi_flags_set_wake(ssi);
-	erts_sched_finish_poke(ssi, flgs);
-
-	if (incq && !erts_common_run_queue && (flgs & ERTS_SSI_FLG_WAITING))
-	    non_empty_runq(rq);
-    }
-    else {
-	sl->list = NULL;
-	erts_smp_spin_unlock(&sl->lock);
+    ssi = rq->scheduler->ssi;
 
-	ERTS_THR_MEMORY_BARRIER;
-	do {
-	    ErtsSchedulerSleepInfo *wake_ssi = ssi;
-	    ssi = ssi->next;
-	    erts_sched_finish_poke(wake_ssi, ssi_flags_set_wake(wake_ssi));
-	} while (ssi);
-    }
-}
+    flgs = ssi_flags_set_wake(ssi);
+    erts_sched_finish_poke(ssi, flgs);
 
-static void
-wake_all_schedulers(void)
-{
-    if (erts_common_run_queue)
-	wake_scheduler(erts_common_run_queue, 0, 0);
-    else {
-	int ix;
-	for (ix = 0; ix < erts_no_run_queues; ix++) {
-	    ErtsRunQueue *rq = ERTS_RUNQ_IX(ix);
-	    wake_scheduler(rq, 0, 1);
-	}
-    }
+    if (incq && (flgs & ERTS_SSI_FLG_WAITING))
+	non_empty_runq(rq);
 }
 
 #define ERTS_NO_USED_RUNQS_SHIFT 16
@@ -2154,7 +2361,7 @@ chk_wake_sched(ErtsRunQueue *crq, int ix, int activate)
 		erts_smp_xrunq_unlock(crq, wrq);
 	    }
 	}
-	wake_scheduler(wrq, 0, 1);
+	wake_scheduler(wrq, 0);
 	return 1;
     }
     return 0;
@@ -2202,7 +2409,7 @@ smp_notify_inc_runq(ErtsRunQueue *runq)
 {
 #ifdef ERTS_SMP
     if (runq)
-	wake_scheduler(runq, 1, 1);
+	wake_scheduler(runq, 1);
 #endif
 }
 
@@ -2217,19 +2424,12 @@ erts_sched_notify_check_cpu_bind(void)
 {
 #ifdef ERTS_SMP
     int ix;
-    if (erts_common_run_queue) {
-	for (ix = 0; ix < erts_no_schedulers; ix++)
-	    erts_smp_atomic32_set_relb(&ERTS_SCHEDULER_IX(ix)->chk_cpu_bind, 1);
-	wake_all_schedulers();
-    }
-    else {
-	for (ix = 0; ix < erts_no_run_queues; ix++) {
-	    ErtsRunQueue *rq = ERTS_RUNQ_IX(ix);
-	    erts_smp_runq_lock(rq);
-	    rq->flags |= ERTS_RUNQ_FLG_CHK_CPU_BIND;
-	    erts_smp_runq_unlock(rq);
-	    wake_scheduler(rq, 0, 1);
-	};
+    for (ix = 0; ix < erts_no_run_queues; ix++) {
+	ErtsRunQueue *rq = ERTS_RUNQ_IX(ix);
+	erts_smp_runq_lock(rq);
+	rq->flags |= ERTS_RUNQ_FLG_CHK_CPU_BIND;
+	erts_smp_runq_unlock(rq);
+	wake_scheduler(rq, 0);
     }
 #else
     erts_sched_check_cpu_bind(erts_get_scheduler_data());
@@ -2498,7 +2698,7 @@ evacuate_run_queue(ErtsRunQueue *evac_rq, ErtsRunQueue *rq)
     if (notify_to_rq)
 	smp_notify_inc_runq(rq);
 
-    wake_scheduler(evac_rq, 0, 1);
+    wake_scheduler(evac_rq, 0);
 }
 
 static int
@@ -2656,9 +2856,6 @@ static int
 try_steal_task(ErtsRunQueue *rq)
 {
     int res, rq_locked, vix, active_rqs, blnc_rqs;
-    
-    if (erts_common_run_queue)
-	return 0;
 
     /*
      * We are not allowed to steal jobs to this run queue
@@ -3335,14 +3532,10 @@ init_aux_work_data(ErtsAuxWorkData *awdp, ErtsSchedulerData *esdp)
 }
 
 void
-erts_init_scheduling(int mrq, int no_schedulers, int no_schedulers_online)
+erts_init_scheduling(int no_schedulers, int no_schedulers_online)
 {
     int ix, n, no_ssi;
 
-#ifndef ERTS_SMP
-    mrq = 0;
-#endif
-
     init_misc_op_list_alloc();
 
     ASSERT(no_schedulers_online <= no_schedulers);
@@ -3351,7 +3544,7 @@ erts_init_scheduling(int mrq, int no_schedulers, int no_schedulers_online)
 
     /* Create and initialize run queues */
 
-    n = (int) (mrq ? no_schedulers : 1);
+    n = no_schedulers;
 
     erts_aligned_run_queues = 
 	erts_alloc_permanent_cache_aligned(ERTS_ALC_T_RUNQS,
@@ -3376,14 +3569,9 @@ erts_init_scheduling(int mrq, int no_schedulers, int no_schedulers_online)
 	erts_smp_mtx_init_x(&rq->mtx, "run_queue", make_small(ix + 1));
 	erts_smp_cnd_init(&rq->cnd);
 
-#ifdef ERTS_SMP
-	erts_smp_spinlock_init(&rq->sleepers.lock, "run_queue_sleep_list");
-	rq->sleepers.list = NULL;
-#endif
-
 	rq->waiting = 0;
 	rq->woken = 0;
-	rq->flags = !mrq ? ERTS_RUNQ_FLG_SHARED_RUNQ : 0;
+	rq->flags = 0;
 	rq->check_balance_reds = ERTS_RUNQ_CALL_CHECK_BALANCE_REDS;
 	rq->full_reds_history_sum = 0;
 	for (rix = 0; rix < ERTS_FULL_REDS_HISTORY_SIZE; rix++) {
@@ -3429,8 +3617,6 @@ erts_init_scheduling(int mrq, int no_schedulers, int no_schedulers_online)
 	rq->ports.end = NULL;
     }
 
-    erts_common_run_queue = !mrq ? ERTS_RUNQ_IX(0) : NULL;
-
 #ifdef ERTS_SMP
 
     if (erts_no_run_queues != 1) {
@@ -3507,22 +3693,18 @@ erts_init_scheduling(int mrq, int no_schedulers, int no_schedulers_online)
 
 	erts_init_atom_cache_map(&esdp->atom_cache_map);
 
-	if (erts_common_run_queue) {
-	    esdp->run_queue = erts_common_run_queue;
-	    esdp->run_queue->scheduler = NULL;
-	}
-	else {
-	    esdp->run_queue = ERTS_RUNQ_IX(ix);
-	    esdp->run_queue->scheduler = esdp;
-	}
+	esdp->run_queue = ERTS_RUNQ_IX(ix);
+	esdp->run_queue->scheduler = esdp;
 
-#ifdef ERTS_SMP
-	erts_smp_atomic32_init_nob(&esdp->chk_cpu_bind, 0);
-#endif
 	init_aux_work_data(&esdp->aux_work_data, esdp);
+	init_sched_wall_time(&esdp->sched_wall_time);
     }
 
     init_misc_aux_work();
+#if !HALFWORD_HEAP
+    init_swtreq_alloc();
+#endif
+
 
 #ifdef ERTS_SMP
 
@@ -3541,8 +3723,7 @@ erts_init_scheduling(int mrq, int no_schedulers, int no_schedulers_online)
     schdlr_sspnd.msb.ongoing = 0;
     erts_smp_atomic32_init_nob(&schdlr_sspnd.active, no_schedulers);
     schdlr_sspnd.msb.procs = NULL;
-    init_no_runqs(no_schedulers,
-		  erts_common_run_queue ? 1 : no_schedulers_online);
+    init_no_runqs(no_schedulers, no_schedulers_online);
     balance_info.last_active_runqs = no_schedulers;
     erts_smp_mtx_init(&balance_info.update_mtx, "migration_info_update");
     balance_info.forced_check_balance = 0;
@@ -3555,16 +3736,9 @@ erts_init_scheduling(int mrq, int no_schedulers, int no_schedulers_online)
     balance_info.n = 0;
 
     if (no_schedulers_online < no_schedulers) {
-	if (erts_common_run_queue) {
-	    for (ix = no_schedulers_online; ix < no_schedulers; ix++)
-		erts_smp_atomic32_read_bor_nob(&ERTS_SCHED_SLEEP_INFO_IX(ix)->flags,
-					       ERTS_SSI_FLG_SUSPENDED);
-	}
-	else {
-	    for (ix = no_schedulers_online; ix < erts_no_run_queues; ix++)
-		evacuate_run_queue(ERTS_RUNQ_IX(ix),
-				   ERTS_RUNQ_IX(ix % no_schedulers_online));
-	}
+	for (ix = no_schedulers_online; ix < erts_no_run_queues; ix++)
+	    evacuate_run_queue(ERTS_RUNQ_IX(ix),
+			       ERTS_RUNQ_IX(ix % no_schedulers_online));
     }
 
     schdlr_sspnd.wait_curr_online = no_schedulers_online;
@@ -3609,8 +3783,6 @@ ErtsRunQueue *
 erts_schedid2runq(Uint id)
 {
     int ix;
-    if (erts_common_run_queue)
-	return erts_common_run_queue;
     ix = (int) id - 1;
     ASSERT(0 <= ix && ix < erts_no_run_queues);
     return ERTS_RUNQ_IX(ix);
@@ -3855,6 +4027,8 @@ suspend_scheduler(ErtsSchedulerData *esdp)
     if (erts_system_profile_flags.scheduler)
     	profile_scheduler(make_small(esdp->no), am_inactive);
 
+    sched_wall_time_change(esdp, 0);
+
     erts_smp_mtx_lock(&schdlr_sspnd.mtx);
 
     flgs = sched_prep_spin_suspended(ssi, ERTS_SSI_FLG_SUSPENDED);
@@ -3901,9 +4075,11 @@ suspend_scheduler(ErtsSchedulerData *esdp)
 		wake = 0;
 	    }
 
-	    flgs = erts_smp_atomic32_read_acqb(&ssi->flags);
-	    if (!(flgs & ERTS_SSI_FLG_SUSPENDED))
-		break;
+	    if (curr_online && !ongoing_multi_scheduling_block()) {
+		flgs = erts_smp_atomic32_read_acqb(&ssi->flags);
+		if (!(flgs & ERTS_SSI_FLG_SUSPENDED))
+		    break;
+	    }
 	    erts_smp_mtx_unlock(&schdlr_sspnd.mtx);
 
 	    while (1) {
@@ -3911,16 +4087,20 @@ suspend_scheduler(ErtsSchedulerData *esdp)
 
 		aux_work = erts_atomic32_read_acqb(&ssi->aux_work);
 		if (aux_work) {
-		    if (!thr_prgr_active)
+		    if (!thr_prgr_active) {
 			erts_thr_progress_active(esdp, thr_prgr_active = 1);
+			sched_wall_time_change(esdp, 1);
+		    }
 		    aux_work = handle_aux_work(&esdp->aux_work_data, aux_work);
 		    if (aux_work && erts_thr_progress_update(esdp))
 			erts_thr_progress_leader_update(esdp);
 		}
 
 		if (!aux_work) {
-		    if (thr_prgr_active)
+		    if (thr_prgr_active) {
 			erts_thr_progress_active(esdp, thr_prgr_active = 0);
+			sched_wall_time_change(esdp, 0);
+		    }
 		    erts_thr_progress_prepare_wait(esdp);
 		    flgs = sched_spin_suspended(ssi,
 						ERTS_SCHED_SUSPEND_SLEEP_SPINCOUNT);
@@ -3975,8 +4155,10 @@ suspend_scheduler(ErtsSchedulerData *esdp)
     if (erts_system_profile_flags.scheduler)
     	profile_scheduler(make_small(esdp->no), am_active);
 
-    if (!thr_prgr_active)
+    if (!thr_prgr_active) {
 	erts_thr_progress_active(esdp, thr_prgr_active = 1);
+	sched_wall_time_change(esdp, 1);
+    }
 
     erts_smp_runq_lock(esdp->run_queue);
     non_empty_runq(esdp->run_queue);
@@ -4095,10 +4277,6 @@ erts_set_schedulers_online(Process *p,
 		    for (ix = online; ix < no; ix++)
 			erts_sched_poke(ERTS_SCHED_SLEEP_INFO_IX(ix));
 		}
-		else if (erts_common_run_queue) {
-		    for (ix = online; ix < no; ix++)
-			scheduler_ix_resume_wake(ix);
-		}
 		else {
 		    if (plocks) {
 			have_unlocked_plocks = 1;
@@ -4146,15 +4324,6 @@ erts_set_schedulers_online(Process *p,
 		    for (ix = no; ix < online; ix++)
 			erts_sched_poke(ERTS_SCHED_SLEEP_INFO_IX(ix));
 		}
-		else if (erts_common_run_queue) {
-		    for (ix = no; ix < online; ix++) {
-			ErtsSchedulerSleepInfo *ssi;
-			ssi = ERTS_SCHED_SLEEP_INFO_IX(ix);
-			erts_smp_atomic32_read_bor_nob(&ssi->flags,
-						       ERTS_SSI_FLG_SUSPENDED);
-		    }
-		    wake_all_schedulers();
-		}
 		else {
 		    if (plocks) {
 			have_unlocked_plocks = 1;
@@ -4181,7 +4350,7 @@ erts_set_schedulers_online(Process *p,
 		    erts_smp_mtx_lock(&schdlr_sspnd.mtx);
 		    for (ix = no; ix < online; ix++) {
 			ErtsRunQueue *rq = ERTS_RUNQ_IX(ix);
-			wake_scheduler(rq, 0, 1);
+			wake_scheduler(rq, 0);
 		    }
 		}
 	    }
@@ -4274,33 +4443,26 @@ erts_block_multi_scheduling(Process *p, ErtsProcLocks plocks, int on, int all)
 		    res = ERTS_SCHDLR_SSPND_YIELD_DONE_MSCHED_BLOCKED;
 		    schdlr_sspnd.msb.wait_active = 2;
 		}
-		if (erts_common_run_queue) {
-		    for (ix = 1; ix < online; ix++)
-			erts_smp_atomic32_read_bor_nob(&ERTS_SCHED_SLEEP_INFO_IX(ix)->flags,
-						       ERTS_SSI_FLG_SUSPENDED);
-		    wake_all_schedulers();
-		}
-		else {
-		    erts_smp_mtx_unlock(&schdlr_sspnd.mtx);
-		    erts_smp_mtx_lock(&balance_info.update_mtx);
-		    set_no_used_runqs(1);
-		    for (ix = 0; ix < online; ix++) {
-			ErtsRunQueue *rq = ERTS_RUNQ_IX(ix);
-			erts_smp_runq_lock(rq);
-			ASSERT(!(rq->flags & ERTS_RUNQ_FLG_SUSPENDED));
-			ERTS_RUNQ_RESET_MIGRATION_PATHS(rq, 0x7);
-			erts_smp_runq_unlock(rq);
-		    }
-		    /*
-		     * Evacuate all activities in all other run queues
-		     * into the first run queue. Note order is important,
-		     * online run queues has to be evacuated last.
-		     */
-		    for (ix = erts_no_run_queues-1; ix >= 1; ix--)
-			evacuate_run_queue(ERTS_RUNQ_IX(ix), ERTS_RUNQ_IX(0));
-		    erts_smp_mtx_unlock(&balance_info.update_mtx);
-		    erts_smp_mtx_lock(&schdlr_sspnd.mtx);
+
+		erts_smp_mtx_unlock(&schdlr_sspnd.mtx);
+		erts_smp_mtx_lock(&balance_info.update_mtx);
+		set_no_used_runqs(1);
+		for (ix = 0; ix < online; ix++) {
+		    ErtsRunQueue *rq = ERTS_RUNQ_IX(ix);
+		    erts_smp_runq_lock(rq);
+		    ASSERT(!(rq->flags & ERTS_RUNQ_FLG_SUSPENDED));
+		    ERTS_RUNQ_RESET_MIGRATION_PATHS(rq, 0x7);
+		    erts_smp_runq_unlock(rq);
 		}
+		/*
+		 * Evacuate all activities in all other run queues
+		 * into the first run queue. Note order is important,
+		 * online run queues has to be evacuated last.
+		 */
+		for (ix = erts_no_run_queues-1; ix >= 1; ix--)
+		    evacuate_run_queue(ERTS_RUNQ_IX(ix), ERTS_RUNQ_IX(0));
+		erts_smp_mtx_unlock(&balance_info.update_mtx);
+		erts_smp_mtx_lock(&schdlr_sspnd.mtx);
 
 		if (erts_smp_atomic32_read_nob(&schdlr_sspnd.active)
 		    != schdlr_sspnd.msb.wait_active) {
@@ -4412,12 +4574,6 @@ erts_block_multi_scheduling(Process *p, ErtsProcLocks plocks, int on, int all)
 		ASSERT(erts_smp_atomic32_read_nob(&schdlr_sspnd.active) == 1);
 		ERTS_SCHDLR_SSPND_CHNG_SET(0, ERTS_SCHDLR_SSPND_CHNG_MSB);
 	    }
-	    else if (erts_common_run_queue) {
-		for (ix = 1; ix < schdlr_sspnd.online; ix++)
-		    erts_smp_atomic32_read_band_nob(&ERTS_SCHED_SLEEP_INFO_IX(ix)->flags,
-						    ~ERTS_SSI_FLG_SUSPENDED);
-		wake_all_schedulers();
-	    }
 	    else {
 		int online = schdlr_sspnd.online;
 		erts_smp_mtx_unlock(&schdlr_sspnd.mtx);
@@ -5096,7 +5252,7 @@ suspend_process_2(BIF_ALIST_2)
 
     /* This is really a piece of cake without SMP support... */
     if (!smon->active) {
-	suspend_process(erts_common_run_queue, suspendee);
+	suspend_process(ERTS_RUNQ_IX(0), suspendee);
 	smon->active++;
 	res = am_true;
     }
@@ -5666,8 +5822,6 @@ erts_proc_migrate(Process *p, ErtsProcLocks *plcks,
 		       || from_locked);
     ERTS_SMP_LC_CHK_RUNQ_LOCK(from_rq, *from_locked);
     ERTS_SMP_LC_CHK_RUNQ_LOCK(to_rq, *to_locked);
-
-    ASSERT(!erts_common_run_queue);
     
     /*
      * If we have the lock on the run queue to migrate to,
@@ -5818,25 +5972,17 @@ erts_process_status(Process *c_p, ErtsProcLocks c_p_locks,
 	int i;
 	ErtsSchedulerData *esdp;
 
-	if (erts_common_run_queue)
-	    erts_smp_runq_lock(erts_common_run_queue);
-	    
 	for (i = 0; i < erts_no_schedulers; i++) {
 	    esdp = ERTS_SCHEDULER_IX(i);
-	    if (!erts_common_run_queue)
-		erts_smp_runq_lock(esdp->run_queue);
+	    erts_smp_runq_lock(esdp->run_queue);
 	    if (esdp->free_process && esdp->free_process->id == rpid) {
 		res = am_free;
-		if (!erts_common_run_queue)
-		    erts_smp_runq_unlock(esdp->run_queue);
+		erts_smp_runq_unlock(esdp->run_queue);
 		break;
 	    }
-	    if (!erts_common_run_queue)
-		erts_smp_runq_unlock(esdp->run_queue);
+	    erts_smp_runq_unlock(esdp->run_queue);
 	}
 
-	if (erts_common_run_queue)
-	    erts_smp_runq_unlock(erts_common_run_queue);
 #endif
 
     }
@@ -6147,10 +6293,8 @@ Process *schedule(Process *p, int calls)
 
 #ifdef ERTS_SMP
 
-	if (!(rq->flags & ERTS_RUNQ_FLG_SHARED_RUNQ)
-	    && rq->check_balance_reds <= 0) {
+	if (rq->check_balance_reds <= 0)
 	    check_balance(rq);
-	}
 
 	ERTS_SMP_LC_ASSERT(!erts_thr_progress_is_blocking());
 	ERTS_SMP_LC_ASSERT(erts_smp_lc_runq_is_locked(rq));
@@ -6160,20 +6304,15 @@ Process *schedule(Process *p, int calls)
 
  continue_check_activities_to_run:
 
-	if (rq->flags & (ERTS_RUNQ_FLG_SHARED_RUNQ
-			 | ERTS_RUNQ_FLG_CHK_CPU_BIND
+	if (rq->flags & (ERTS_RUNQ_FLG_CHK_CPU_BIND
 			 | ERTS_RUNQ_FLG_SUSPENDED)) {
-	    if ((rq->flags & ERTS_RUNQ_FLG_SUSPENDED)
-		|| (erts_smp_atomic32_read_acqb(&esdp->ssi->flags)
-		    & ERTS_SSI_FLG_SUSPENDED)) {
+	    if (rq->flags & ERTS_RUNQ_FLG_SUSPENDED) {
 		ASSERT(erts_smp_atomic32_read_nob(&esdp->ssi->flags)
 		       & ERTS_SSI_FLG_SUSPENDED);
 		suspend_scheduler(esdp);
 	    }
-	    if ((rq->flags & ERTS_RUNQ_FLG_CHK_CPU_BIND)
-		|| erts_smp_atomic32_read_acqb(&esdp->chk_cpu_bind)) {
+	    if (rq->flags & ERTS_RUNQ_FLG_CHK_CPU_BIND)
 		erts_sched_check_cpu_bind(esdp);
-	    }
 	}
 
 	{
@@ -6215,16 +6354,11 @@ Process *schedule(Process *p, int calls)
 
 	    empty_runq(rq);
 
-	    if (rq->flags & (ERTS_RUNQ_FLG_SHARED_RUNQ
-			     | ERTS_RUNQ_FLG_SUSPENDED)) {
-		if ((rq->flags & ERTS_RUNQ_FLG_SUSPENDED)
-		    || (erts_smp_atomic32_read_acqb(&esdp->ssi->flags)
-			& ERTS_SSI_FLG_SUSPENDED)) {
-		    ASSERT(erts_smp_atomic32_read_nob(&esdp->ssi->flags)
-			   & ERTS_SSI_FLG_SUSPENDED);
-		    non_empty_runq(rq);
-		    goto continue_check_activities_to_run;
-		}
+	    if (rq->flags & ERTS_RUNQ_FLG_SUSPENDED) {
+		ASSERT(erts_smp_atomic32_read_nob(&esdp->ssi->flags)
+		       & ERTS_SSI_FLG_SUSPENDED);
+		non_empty_runq(rq);
+		goto continue_check_activities_to_run;
 	    }
 	    else if (!(rq->flags & ERTS_RUNQ_FLG_INACTIVE)) {
 		/*
@@ -6289,11 +6423,7 @@ Process *schedule(Process *p, int calls)
 		else if (rq->wakeup_other < wakeup_other_limit)
 		    rq->wakeup_other += rq->len*wo_reds + ERTS_WAKEUP_OTHER_FIXED_INC;
 		else {
-		    if (erts_common_run_queue) {
-			if (erts_common_run_queue->waiting)
-			    wake_scheduler(erts_common_run_queue, 0, 1);
-		    }
-		    else if (erts_smp_atomic32_read_acqb(&no_empty_run_queues) != 0) {
+		    if (erts_smp_atomic32_read_acqb(&no_empty_run_queues) != 0) {
 			wake_scheduler_on_empty_runq(rq);
 			rq->wakeup_other = 0;
 		    }
@@ -6892,7 +7022,9 @@ erl_create_process(Process* parent, /* Parent of process (default group leader).
 	goto error;
     }
 
+#ifdef BM_COUNTERS
     processes_busy++;
+#endif
     BM_COUNT(processes_spawned);
 
 #ifndef HYBRID
@@ -8128,15 +8260,6 @@ static void doit_exit_link(ErtsLink *lnk, void *vpcontext)
 	    if (rlnk)
 		erts_destroy_link(rlnk);
 	    erts_deref_dist_entry(dep);
-	} else {
-#ifndef ERTS_SMP
-	    /* XXX Is this possible? Shouldn't this link
-	       previously have been removed if the node
-	       had previously been disconnected. */
-	    ASSERT(0);
-#endif
-	    /* This is possible when smp support has been enabled,
-	       and dist port and process exits simultaneously. */
 	}
 	break;
 	
@@ -8415,7 +8538,9 @@ continue_exit_process(Process *p
     pbt = ERTS_PROC_SET_CALL_TIME(p, ERTS_PROC_LOCKS_ALL, NULL);
 
     erts_smp_proc_unlock(p, ERTS_PROC_LOCKS_ALL);
+#ifdef BM_COUNTERS
     processes_busy--;
+#endif
 
     if (dep) {
 	erts_do_net_exits(dep, reason);
diff --git a/erts/emulator/beam/erl_process.h b/erts/emulator/beam/erl_process.h
index 69ff423133..c23810f15a 100644
--- a/erts/emulator/beam/erl_process.h
+++ b/erts/emulator/beam/erl_process.h
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 1996-2011. All Rights Reserved.
+ * Copyright Ericsson AB 1996-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -144,12 +144,10 @@ extern int erts_sched_thread_suggested_stack_size;
   (((Uint32) 1) << (ERTS_RUNQ_FLG_BASE2 + 1))
 #define ERTS_RUNQ_FLG_SUSPENDED \
   (((Uint32) 1) << (ERTS_RUNQ_FLG_BASE2 + 2))
-#define ERTS_RUNQ_FLG_SHARED_RUNQ \
-  (((Uint32) 1) << (ERTS_RUNQ_FLG_BASE2 + 3))
 #define ERTS_RUNQ_FLG_CHK_CPU_BIND \
-  (((Uint32) 1) << (ERTS_RUNQ_FLG_BASE2 + 4))
+  (((Uint32) 1) << (ERTS_RUNQ_FLG_BASE2 + 3))
 #define ERTS_RUNQ_FLG_INACTIVE \
-  (((Uint32) 1) << (ERTS_RUNQ_FLG_BASE2 + 5))
+  (((Uint32) 1) << (ERTS_RUNQ_FLG_BASE2 + 4))
 
 #define ERTS_RUNQ_FLGS_MIGRATION_QMASKS	\
   (ERTS_RUNQ_FLGS_EMIGRATE_QMASK	\
@@ -250,33 +248,25 @@ typedef enum {
   | ERTS_SSI_FLG_WAITING				\
   | ERTS_SSI_FLG_SUSPENDED)
 
-#define ERTS_SSI_AUX_WORK_SET_TMO		(((erts_aint32_t) 1) << 0)
-#define ERTS_SSI_AUX_WORK_CHECK_CHILDREN	(((erts_aint32_t) 1) << 1)
-#define ERTS_SSI_AUX_WORK_MISC			(((erts_aint32_t) 1) << 2)
-#ifdef ERTS_SMP
-#define ERTS_SSI_AUX_WORK_MISC_THR_PRGR		(((erts_aint32_t) 1) << 3)
-#endif
-#define ERTS_SSI_AUX_WORK_FIX_ALLOC_LOWER_LIM	(((erts_aint32_t) 1) << 4)
-#define ERTS_SSI_AUX_WORK_FIX_ALLOC_DEALLOC	(((erts_aint32_t) 1) << 5)
-#define ERTS_SSI_AUX_WORK_ASYNC_READY		(((erts_aint32_t) 1) << 6)
-#define ERTS_SSI_AUX_WORK_ASYNC_READY_CLEAN	(((erts_aint32_t) 1) << 7)
-#ifdef ERTS_SMP
-#define ERTS_SSI_AUX_WORK_DD			(((erts_aint32_t) 1) << 8)
-#define ERTS_SSI_AUX_WORK_DD_THR_PRGR		(((erts_aint32_t) 1) << 9)
-#endif
-#define ERTS_SSI_AUX_WORK_MSEG_CACHE_CHECK	(((erts_aint32_t) 1) << 10)
+/*
+ * Keep ERTS_SSI_AUX_WORK flags in expected frequency order relative
+ * eachother. Most frequent - lowest bit number.
+ */
 
-#if !HAVE_ERTS_MSEG
-#  undef ERTS_SSI_AUX_WORK_MSEG_CACHE_CHECK
-#endif
+#define ERTS_SSI_AUX_WORK_DD			(((erts_aint32_t) 1) << 0)
+#define ERTS_SSI_AUX_WORK_DD_THR_PRGR		(((erts_aint32_t) 1) << 1)
+#define ERTS_SSI_AUX_WORK_FIX_ALLOC_DEALLOC	(((erts_aint32_t) 1) << 2)
+#define ERTS_SSI_AUX_WORK_FIX_ALLOC_LOWER_LIM	(((erts_aint32_t) 1) << 3)
+#define ERTS_SSI_AUX_WORK_ASYNC_READY		(((erts_aint32_t) 1) << 4)
+#define ERTS_SSI_AUX_WORK_ASYNC_READY_CLEAN	(((erts_aint32_t) 1) << 5)
+#define ERTS_SSI_AUX_WORK_MISC_THR_PRGR		(((erts_aint32_t) 1) << 6)
+#define ERTS_SSI_AUX_WORK_MISC			(((erts_aint32_t) 1) << 7)
+#define ERTS_SSI_AUX_WORK_CHECK_CHILDREN	(((erts_aint32_t) 1) << 8)
+#define ERTS_SSI_AUX_WORK_SET_TMO		(((erts_aint32_t) 1) << 9)
+#define ERTS_SSI_AUX_WORK_MSEG_CACHE_CHECK	(((erts_aint32_t) 1) << 10)
 
 typedef struct ErtsSchedulerSleepInfo_ ErtsSchedulerSleepInfo;
 
-typedef struct {
-    erts_smp_spinlock_t lock;
-    ErtsSchedulerSleepInfo *list;
-} ErtsSchedulerSleepList;
-
 struct ErtsSchedulerSleepInfo_ {
 #ifdef ERTS_SMP
     ErtsSchedulerSleepInfo *next;
@@ -339,10 +329,6 @@ struct ErtsRunQueue_ {
     erts_smp_mtx_t mtx;
     erts_smp_cnd_t cnd;
 
-#ifdef ERTS_SMP
-    ErtsSchedulerSleepList sleepers;
-#endif
-
     ErtsSchedulerData *scheduler;
     int waiting; /* < 0 in sys schedule; > 0 on cnd variable */
     int woken;
@@ -388,7 +374,6 @@ typedef union {
 } ErtsAlignedRunQueue;
 
 extern ErtsAlignedRunQueue *erts_aligned_run_queues;
-extern ErtsRunQueue *erts_common_run_queue;
 
 #define ERTS_PROC_REDUCTIONS_EXECUTED(RQ, PRIO, REDS, AREDS)	\
 do {								\
@@ -406,9 +391,22 @@ do {								\
 } while (0)
 
 typedef struct {
+    int enabled;
+    Uint64 start;
+    struct {
+	Uint64 total;
+	Uint64 start;
+	int currently;
+    } working;
+} ErtsSchedWallTime;
+
+typedef struct {
     int sched_id;
     ErtsSchedulerData *esdp;
     ErtsSchedulerSleepInfo *ssi;
+#ifdef ERTS_SMP
+    ErtsThrPrgrVal current_thr_prgr;
+#endif
     struct {
 	int ix;
 #ifdef ERTS_SMP
@@ -469,10 +467,7 @@ struct ErtsSchedulerData_ {
 
     ErtsSchedAllocData alloc_data;
 
-#ifdef ERTS_SMP
-    /* NOTE: These fields are modified under held mutexes by other threads */
-    erts_smp_atomic32_t chk_cpu_bind; /* Only used when common run queue */
-#endif
+    ErtsSchedWallTime sched_wall_time;
 
 #ifdef ERTS_DO_VERIFY_UNUSED_TEMP_ALLOC
     erts_alloc_verify_func_t verify_unused_temp_alloc;
@@ -1079,7 +1074,9 @@ extern struct erts_system_profile_flags_t erts_system_profile_flags;
 void erts_pre_init_process(void);
 void erts_late_init_process(void);
 void erts_early_init_scheduling(int);
-void erts_init_scheduling(int, int, int);
+void erts_init_scheduling(int, int);
+
+Eterm erts_sched_wall_time_request(Process *c_p, int set, int enable);
 
 ErtsProcList *erts_proclist_create(Process *);
 void erts_proclist_destroy(ErtsProcList *);
@@ -1464,8 +1461,7 @@ erts_get_runq_proc(Process *p)
     ASSERT(p->run_queue);
     return p->run_queue;
 #else
-    ASSERT(erts_common_run_queue);
-    return erts_common_run_queue;
+    return ERTS_RUNQ_IX(0);
 #endif
 }
 
@@ -1478,8 +1474,7 @@ erts_get_runq_current(ErtsSchedulerData *esdp)
 	esdp = erts_get_scheduler_data();
     return esdp->run_queue;
 #else
-    ASSERT(erts_common_run_queue);
-    return erts_common_run_queue;
+    return ERTS_RUNQ_IX(0);
 #endif
 }
 
diff --git a/erts/emulator/beam/erl_process_lock.c b/erts/emulator/beam/erl_process_lock.c
index b4d20480c5..a5a753b798 100644
--- a/erts/emulator/beam/erl_process_lock.c
+++ b/erts/emulator/beam/erl_process_lock.c
@@ -123,10 +123,10 @@ erts_init_proc_lock(int cpus)
     erts_smp_spinlock_init(&qs_lock, "proc_lck_qs_alloc");
     for (i = 0; i < ERTS_NO_OF_PIX_LOCKS; i++) {
 #ifdef ERTS_ENABLE_LOCK_COUNT
-	erts_smp_spinlock_init_x(&erts_pix_locks[i].u.spnlck,
-				 "pix_lock", make_small(i));
+	erts_mtx_init_x(&erts_pix_locks[i].u.mtx,
+			"pix_lock", make_small(i));
 #else
-	erts_smp_spinlock_init(&erts_pix_locks[i].u.spnlck, "pix_lock");
+	erts_mtx_init(&erts_pix_locks[i].u.mtx, "pix_lock");
 #endif
     }
     queue_free_list = NULL;
diff --git a/erts/emulator/beam/erl_process_lock.h b/erts/emulator/beam/erl_process_lock.h
index 97f250138e..97e554914e 100644
--- a/erts/emulator/beam/erl_process_lock.h
+++ b/erts/emulator/beam/erl_process_lock.h
@@ -255,8 +255,8 @@ void erts_proc_lc_unrequire_lock(Process *p, ErtsProcLocks locks);
 
 typedef struct {
     union {
-	erts_smp_spinlock_t spnlck;
-	char buf[64]; /* Try to get locks in different cache lines */
+	erts_mtx_t mtx;
+	char buf[ERTS_ALC_CACHE_LINE_ALIGN_SIZE(sizeof(erts_mtx_t))];
     } u;
 } erts_pix_lock_t;
 
@@ -380,18 +380,18 @@ ERTS_GLB_INLINE void erts_proc_lock_op_debug(Process *, ErtsProcLocks, int);
 ERTS_GLB_INLINE void erts_pix_lock(erts_pix_lock_t *pixlck)
 {
     ERTS_LC_ASSERT(pixlck);
-    erts_smp_spin_lock(&pixlck->u.spnlck);
+    erts_mtx_lock(&pixlck->u.mtx);
 }
 
 ERTS_GLB_INLINE void erts_pix_unlock(erts_pix_lock_t *pixlck)
 {
     ERTS_LC_ASSERT(pixlck);
-    erts_smp_spin_unlock(&pixlck->u.spnlck);
+    erts_mtx_unlock(&pixlck->u.mtx);
 }
 
 ERTS_GLB_INLINE int erts_lc_pix_lock_is_locked(erts_pix_lock_t *pixlck)
 {
-    return erts_smp_lc_spinlock_is_locked(&pixlck->u.spnlck);
+    return erts_lc_mtx_is_locked(&pixlck->u.mtx);
 }
 
 /*
diff --git a/erts/emulator/beam/erl_sched_spec_pre_alloc.c b/erts/emulator/beam/erl_sched_spec_pre_alloc.c
index a7ccea7403..bff9d246a3 100644
--- a/erts/emulator/beam/erl_sched_spec_pre_alloc.c
+++ b/erts/emulator/beam/erl_sched_spec_pre_alloc.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2011. All Rights Reserved.
+ * Copyright Ericsson AB 2011-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -227,7 +227,6 @@ fetch_remote(erts_sspa_chunk_header_t *chdr, int max)
 		    ERTS_THR_MEMORY_BARRIER;
 		else {
 		    chdr->head.next.unref_end = (erts_sspa_blk_t *) ilast;
-		    ERTS_THR_MEMORY_BARRIER;
 		    chdr->head.next.thr_progress = erts_thr_progress_later();
 		    erts_atomic32_set_relb(&chdr->tail.data.um_refc_ix,
 					   um_refc_ix);
diff --git a/erts/emulator/beam/erl_smp.h b/erts/emulator/beam/erl_smp.h
index 63179dfad4..a32e9d9d7c 100644
--- a/erts/emulator/beam/erl_smp.h
+++ b/erts/emulator/beam/erl_smp.h
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2005-2011. All Rights Reserved.
+ * Copyright Ericsson AB 2005-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -61,6 +61,11 @@ typedef erts_spinlock_t erts_smp_spinlock_t;
 typedef erts_rwlock_t erts_smp_rwlock_t;
 void erts_thr_fatal_error(int, char *); /* implemented in erl_init.c */
 
+#define ERTS_SMP_MEMORY_BARRIER ERTS_THR_MEMORY_BARRIER
+#define ERTS_SMP_WRITE_MEMORY_BARRIER ERTS_THR_WRITE_MEMORY_BARRIER
+#define ERTS_SMP_READ_MEMORY_BARRIER ERTS_THR_READ_MEMORY_BARRIER
+#define ERTS_SMP_DATA_DEPENDENCY_READ_MEMORY_BARRIER ERTS_THR_DATA_DEPENDENCY_READ_MEMORY_BARRIER
+
 #else /* #ifdef ERTS_SMP */
 
 #define ERTS_SMP_THR_OPTS_DEFAULT_INITER {0}
@@ -95,6 +100,11 @@ typedef struct { int gcc_is_buggy; } erts_smp_spinlock_t;
 typedef struct { int gcc_is_buggy; } erts_smp_rwlock_t;
 #endif
 
+#define ERTS_SMP_MEMORY_BARRIER
+#define ERTS_SMP_WRITE_MEMORY_BARRIER
+#define ERTS_SMP_READ_MEMORY_BARRIER
+#define ERTS_SMP_DATA_DEPENDENCY_READ_MEMORY_BARRIER
+
 #endif /* #ifdef ERTS_SMP */
 
 ERTS_GLB_INLINE void erts_smp_thr_init(erts_smp_thr_init_data_t *id);
@@ -206,13 +216,8 @@ ERTS_GLB_INLINE void erts_smp_thr_sigwait(const sigset_t *set, int *sig);
 #endif /* #ifdef ERTS_THR_HAVE_SIG_FUNCS */
 
 /*
- * Functions implementing atomic operations with with no (nob),
- * full (mb), acquire (acqb), release (relb), read (rb), and
- * write (wb) memory barriers.
- *
- * If SMP support has been disabled, they are mapped to functions
- * that performs the same operation, but aren't atomic and don't
- * imply memory barriers.
+ * See "Documentation of atomics and memory barriers" at the top
+ * of erl_threads.h for info on atomics.
  */
 
 #ifdef ERTS_SMP
@@ -239,6 +244,11 @@ ERTS_GLB_INLINE void erts_smp_thr_sigwait(const sigset_t *set, int *sig);
 #define erts_smp_dw_atomic_read_relb erts_dw_atomic_read_relb
 #define erts_smp_dw_atomic_cmpxchg_relb erts_dw_atomic_cmpxchg_relb
 
+#define erts_smp_dw_atomic_init_ddrb erts_dw_atomic_init_ddrb
+#define erts_smp_dw_atomic_set_ddrb erts_dw_atomic_set_ddrb
+#define erts_smp_dw_atomic_read_ddrb erts_dw_atomic_read_ddrb
+#define erts_smp_dw_atomic_cmpxchg_ddrb erts_dw_atomic_cmpxchg_ddrb
+
 #define erts_smp_dw_atomic_init_rb erts_dw_atomic_init_rb
 #define erts_smp_dw_atomic_set_rb erts_dw_atomic_set_rb
 #define erts_smp_dw_atomic_read_rb erts_dw_atomic_read_rb
@@ -307,6 +317,20 @@ ERTS_GLB_INLINE void erts_smp_thr_sigwait(const sigset_t *set, int *sig);
 #define erts_smp_atomic_xchg_relb erts_atomic_xchg_relb
 #define erts_smp_atomic_cmpxchg_relb erts_atomic_cmpxchg_relb
 
+#define erts_smp_atomic_init_ddrb erts_atomic_init_ddrb
+#define erts_smp_atomic_set_ddrb erts_atomic_set_ddrb
+#define erts_smp_atomic_read_ddrb erts_atomic_read_ddrb
+#define erts_smp_atomic_inc_read_ddrb erts_atomic_inc_read_ddrb
+#define erts_smp_atomic_dec_read_ddrb erts_atomic_dec_read_ddrb
+#define erts_smp_atomic_inc_ddrb erts_atomic_inc_ddrb
+#define erts_smp_atomic_dec_ddrb erts_atomic_dec_ddrb
+#define erts_smp_atomic_add_read_ddrb erts_atomic_add_read_ddrb
+#define erts_smp_atomic_add_ddrb erts_atomic_add_ddrb
+#define erts_smp_atomic_read_bor_ddrb erts_atomic_read_bor_ddrb
+#define erts_smp_atomic_read_band_ddrb erts_atomic_read_band_ddrb
+#define erts_smp_atomic_xchg_ddrb erts_atomic_xchg_ddrb
+#define erts_smp_atomic_cmpxchg_ddrb erts_atomic_cmpxchg_ddrb
+
 #define erts_smp_atomic_init_rb erts_atomic_init_rb
 #define erts_smp_atomic_set_rb erts_atomic_set_rb
 #define erts_smp_atomic_read_rb erts_atomic_read_rb
@@ -393,6 +417,20 @@ ERTS_GLB_INLINE void erts_smp_thr_sigwait(const sigset_t *set, int *sig);
 #define erts_smp_atomic32_xchg_relb erts_atomic32_xchg_relb
 #define erts_smp_atomic32_cmpxchg_relb erts_atomic32_cmpxchg_relb
 
+#define erts_smp_atomic32_init_ddrb erts_atomic32_init_ddrb
+#define erts_smp_atomic32_set_ddrb erts_atomic32_set_ddrb
+#define erts_smp_atomic32_read_ddrb erts_atomic32_read_ddrb
+#define erts_smp_atomic32_inc_read_ddrb erts_atomic32_inc_read_ddrb
+#define erts_smp_atomic32_dec_read_ddrb erts_atomic32_dec_read_ddrb
+#define erts_smp_atomic32_inc_ddrb erts_atomic32_inc_ddrb
+#define erts_smp_atomic32_dec_ddrb erts_atomic32_dec_ddrb
+#define erts_smp_atomic32_add_read_ddrb erts_atomic32_add_read_ddrb
+#define erts_smp_atomic32_add_ddrb erts_atomic32_add_ddrb
+#define erts_smp_atomic32_read_bor_ddrb erts_atomic32_read_bor_ddrb
+#define erts_smp_atomic32_read_band_ddrb erts_atomic32_read_band_ddrb
+#define erts_smp_atomic32_xchg_ddrb erts_atomic32_xchg_ddrb
+#define erts_smp_atomic32_cmpxchg_ddrb erts_atomic32_cmpxchg_ddrb
+
 #define erts_smp_atomic32_init_rb erts_atomic32_init_rb
 #define erts_smp_atomic32_set_rb erts_atomic32_set_rb
 #define erts_smp_atomic32_read_rb erts_atomic32_read_rb
@@ -445,6 +483,11 @@ ERTS_GLB_INLINE void erts_smp_thr_sigwait(const sigset_t *set, int *sig);
 #define erts_smp_dw_atomic_read_relb erts_no_dw_atomic_read
 #define erts_smp_dw_atomic_cmpxchg_relb erts_no_dw_atomic_cmpxchg
 
+#define erts_smp_dw_atomic_init_ddrb erts_no_dw_atomic_init
+#define erts_smp_dw_atomic_set_ddrb erts_no_dw_atomic_set
+#define erts_smp_dw_atomic_read_ddrb erts_no_dw_atomic_read
+#define erts_smp_dw_atomic_cmpxchg_ddrb erts_no_dw_atomic_cmpxchg
+
 #define erts_smp_dw_atomic_init_rb erts_no_dw_atomic_init
 #define erts_smp_dw_atomic_set_rb erts_no_dw_atomic_set
 #define erts_smp_dw_atomic_read_rb erts_no_dw_atomic_read
@@ -513,6 +556,20 @@ ERTS_GLB_INLINE void erts_smp_thr_sigwait(const sigset_t *set, int *sig);
 #define erts_smp_atomic_xchg_relb erts_no_atomic_xchg
 #define erts_smp_atomic_cmpxchg_relb erts_no_atomic_cmpxchg
 
+#define erts_smp_atomic_init_ddrb erts_no_atomic_set
+#define erts_smp_atomic_set_ddrb erts_no_atomic_set
+#define erts_smp_atomic_read_ddrb erts_no_atomic_read
+#define erts_smp_atomic_inc_read_ddrb erts_no_atomic_inc_read
+#define erts_smp_atomic_dec_read_ddrb erts_no_atomic_dec_read
+#define erts_smp_atomic_inc_ddrb erts_no_atomic_inc
+#define erts_smp_atomic_dec_ddrb erts_no_atomic_dec
+#define erts_smp_atomic_add_read_ddrb erts_no_atomic_add_read
+#define erts_smp_atomic_add_ddrb erts_no_atomic_add
+#define erts_smp_atomic_read_bor_ddrb erts_no_atomic_read_bor
+#define erts_smp_atomic_read_band_ddrb erts_no_atomic_read_band
+#define erts_smp_atomic_xchg_ddrb erts_no_atomic_xchg
+#define erts_smp_atomic_cmpxchg_ddrb erts_no_atomic_cmpxchg
+
 #define erts_smp_atomic_init_rb erts_no_atomic_set
 #define erts_smp_atomic_set_rb erts_no_atomic_set
 #define erts_smp_atomic_read_rb erts_no_atomic_read
@@ -599,6 +656,20 @@ ERTS_GLB_INLINE void erts_smp_thr_sigwait(const sigset_t *set, int *sig);
 #define erts_smp_atomic32_xchg_relb erts_no_atomic32_xchg
 #define erts_smp_atomic32_cmpxchg_relb erts_no_atomic32_cmpxchg
 
+#define erts_smp_atomic32_init_ddrb erts_no_atomic32_set
+#define erts_smp_atomic32_set_ddrb erts_no_atomic32_set
+#define erts_smp_atomic32_read_ddrb erts_no_atomic32_read
+#define erts_smp_atomic32_inc_read_ddrb erts_no_atomic32_inc_read
+#define erts_smp_atomic32_dec_read_ddrb erts_no_atomic32_dec_read
+#define erts_smp_atomic32_inc_ddrb erts_no_atomic32_inc
+#define erts_smp_atomic32_dec_ddrb erts_no_atomic32_dec
+#define erts_smp_atomic32_add_read_ddrb erts_no_atomic32_add_read
+#define erts_smp_atomic32_add_ddrb erts_no_atomic32_add
+#define erts_smp_atomic32_read_bor_ddrb erts_no_atomic32_read_bor
+#define erts_smp_atomic32_read_band_ddrb erts_no_atomic32_read_band
+#define erts_smp_atomic32_xchg_ddrb erts_no_atomic32_xchg
+#define erts_smp_atomic32_cmpxchg_ddrb erts_no_atomic32_cmpxchg
+
 #define erts_smp_atomic32_init_rb erts_no_atomic32_set
 #define erts_smp_atomic32_set_rb erts_no_atomic32_set
 #define erts_smp_atomic32_read_rb erts_no_atomic32_read
diff --git a/erts/emulator/beam/erl_term.h b/erts/emulator/beam/erl_term.h
index bc20b2d798..c270d13365 100644
--- a/erts/emulator/beam/erl_term.h
+++ b/erts/emulator/beam/erl_term.h
@@ -253,15 +253,15 @@ _ET_DECLARE_CHECKED(Eterm*,list_val,Wterm)
 #define SMALL_BITS	(28)
 #define SMALL_DIGITS	(8)
 #endif
-#define MAX_SMALL	((1L << (SMALL_BITS-1))-1)
-#define MIN_SMALL	(-(1L << (SMALL_BITS-1)))
+#define MAX_SMALL	((SWORD_CONSTANT(1) << (SMALL_BITS-1))-1)
+#define MIN_SMALL	(-(SWORD_CONSTANT(1) << (SMALL_BITS-1)))
 #define make_small(x)	(((Uint)(x) << _TAG_IMMED1_SIZE) + _TAG_IMMED1_SMALL)
 #define is_small(x)	(((x) & _TAG_IMMED1_MASK) == _TAG_IMMED1_SMALL)
 #define is_not_small(x)	(!is_small((x)))
 #define is_byte(x)	(((x) & ((~(Uint)0 << (_TAG_IMMED1_SIZE+8)) + _TAG_IMMED1_MASK)) == _TAG_IMMED1_SMALL)
 #define is_valid_bit_size(x) (((Sint)(x)) >= 0 && ((x) & 0x7F) == _TAG_IMMED1_SMALL)
 #define is_not_valid_bit_size(x) (!is_valid_bit_size((x)))
-#define MY_IS_SSMALL(x) (((Uint) (((x) >> (SMALL_BITS-1)) + 1)) < 2)
+#define MY_IS_SSMALL(x) (((Uint) ((((x)) >> (SMALL_BITS-1)) + 1)) < 2)
 #define _unchecked_unsigned_val(x)	((x) >> _TAG_IMMED1_SIZE)
 _ET_DECLARE_CHECKED(Uint,unsigned_val,Eterm)
 #define unsigned_val(x)	_ET_APPLY(unsigned_val,(x))
diff --git a/erts/emulator/beam/erl_thr_progress.c b/erts/emulator/beam/erl_thr_progress.c
index 9324bcde51..9ef83746c5 100644
--- a/erts/emulator/beam/erl_thr_progress.c
+++ b/erts/emulator/beam/erl_thr_progress.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2011. All Rights Reserved.
+ * Copyright Ericsson AB 2011-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -33,10 +33,11 @@
  * This module keeps track of the progress of a set of managed threads. Only
  * threads that behave well can be allowed to be managed. A managed thread
  * should update its thread progress frequently. Currently only scheduler
- * threads and the aux_thread are managed threads. We typically do not want
- * any async threads as managed threads since they cannot guarantee a
- * frequent update of thread progress, since they execute user implemented
- * driver code.
+ * threads, the system-message-dispatcher threads, and the aux-thread are
+ * managed threads. We typically do not want any async threads as managed
+ * threads since they cannot guarantee a frequent update of thread progress,
+ * since they execute user implemented driver code that is assumed to be
+ * time consuming.
  *
  * erts_thr_progress_current() returns the global current thread progress
  * value of managed threads. I.e., the latest progress value that all
@@ -80,12 +81,12 @@
 
 #ifdef ERTS_SMP
 
-/*
- * We use a 64-bit value for thread progress. By this wrapping of
- * the thread progress will more or less never occur.
- *
- * On 32-bit systems we therefore need a double word atomic.
- */
+#define ERTS_THR_PRGR_DBG_CHK_WAKEUP_REQUEST_VALUE 0
+
+#ifdef DEBUG
+#undef ERTS_THR_PRGR_DBG_CHK_WAKEUP_REQUEST_VALUE
+#define ERTS_THR_PRGR_DBG_CHK_WAKEUP_REQUEST_VALUE 1
+#endif
 
 #define ERTS_THR_PRGR_PRINT_LEADER 0
 #define ERTS_THR_PRGR_PRINT_VAL 0
@@ -106,7 +107,16 @@
 		 |ERTS_THR_PRGR_LFLG_ACTIVE_MASK)) \
      == ERTS_THR_PRGR_LFLG_NO_LEADER)
 
+/*
+ * We use a 64-bit value for thread progress. By this wrapping of
+ * the thread progress will more or less never occur.
+ *
+ * On 32-bit systems we therefore need a double word atomic.
+ */
+#undef read_acqb
 #define read_acqb erts_thr_prgr_read_acqb__
+#undef read_nob
+#define read_nob erts_thr_prgr_read_nob__
 
 #ifdef ARCH_64
 
@@ -122,12 +132,6 @@ set_nob(ERTS_THR_PRGR_ATOMIC *atmc, ErtsThrPrgrVal val)
     erts_atomic_set_nob(atmc, val);
 }
 
-static ERTS_INLINE ErtsThrPrgrVal
-read_nob(ERTS_THR_PRGR_ATOMIC *atmc)
-{
-    return (ErtsThrPrgrVal) erts_atomic_read_nob(atmc);
-}
-
 static ERTS_INLINE void
 init_nob(ERTS_THR_PRGR_ATOMIC *atmc, ErtsThrPrgrVal val)
 {
@@ -136,52 +140,44 @@ init_nob(ERTS_THR_PRGR_ATOMIC *atmc, ErtsThrPrgrVal val)
 
 #else
 
-#undef dw_sint_to_val
-#define dw_sint_to_val erts_thr_prgr_dw_sint_to_val__
+#undef dw_aint_to_val
+#define dw_aint_to_val erts_thr_prgr_dw_aint_to_val__
 
 static void
-val_to_dw_sint(ethr_dw_sint_t *dw_sint, ErtsThrPrgrVal val)
+val_to_dw_aint(erts_dw_aint_t *dw_aint, ErtsThrPrgrVal val)
 {
 #ifdef ETHR_SU_DW_NAINT_T__
-    dw_sint->dw_sint = (ETHR_SU_DW_NAINT_T__) val;
+    dw_aint->dw_sint = (ETHR_SU_DW_NAINT_T__) val;
 #else
-    dw_sint->sint[ETHR_DW_SINT_LOW_WORD]
-	= (ethr_sint_t) (val & 0xffffffff);
-    dw_sint->sint[ETHR_DW_SINT_HIGH_WORD]
-	= (ethr_sint_t) ((val >> 32) & 0xffffffff);
+    dw_aint->sint[ERTS_DW_AINT_LOW_WORD]
+	= (erts_aint_t) (val & 0xffffffff);
+    dw_aint->sint[ERTS_DW_AINT_HIGH_WORD]
+	= (erts_aint_t) ((val >> 32) & 0xffffffff);
 #endif
 }
 
 static ERTS_INLINE void
 set_mb(ERTS_THR_PRGR_ATOMIC *atmc, ErtsThrPrgrVal val)
 {
-    ethr_dw_sint_t dw_sint;
-    val_to_dw_sint(&dw_sint, val);
-    erts_dw_atomic_set_mb(atmc, &dw_sint);
+    erts_dw_aint_t dw_aint;
+    val_to_dw_aint(&dw_aint, val);
+    erts_dw_atomic_set_mb(atmc, &dw_aint);
 }
 
 static ERTS_INLINE void
 set_nob(ERTS_THR_PRGR_ATOMIC *atmc, ErtsThrPrgrVal val)
 {
-    ethr_dw_sint_t dw_sint;
-    val_to_dw_sint(&dw_sint, val);
-    erts_dw_atomic_set_nob(atmc, &dw_sint);
-}
-
-static ERTS_INLINE ErtsThrPrgrVal
-read_nob(ERTS_THR_PRGR_ATOMIC *atmc)
-{
-    ethr_dw_sint_t dw_sint;
-    erts_dw_atomic_read_nob(atmc, &dw_sint);
-    return erts_thr_prgr_dw_sint_to_val__(&dw_sint);
+    erts_dw_aint_t dw_aint;
+    val_to_dw_aint(&dw_aint, val);
+    erts_dw_atomic_set_nob(atmc, &dw_aint);
 }
 
 static ERTS_INLINE void
 init_nob(ERTS_THR_PRGR_ATOMIC *atmc, ErtsThrPrgrVal val)
 {
-    ethr_dw_sint_t dw_sint;
-    val_to_dw_sint(&dw_sint, val);
-    erts_dw_atomic_init_nob(atmc, &dw_sint);
+    erts_dw_aint_t dw_aint;
+    val_to_dw_aint(&dw_aint, val);
+    erts_dw_atomic_init_nob(atmc, &dw_aint);
 }
 
 #endif
@@ -908,7 +904,7 @@ has_reached_wakeup(ErtsThrPrgrVal wakeup)
 	if (limit == ERTS_THR_PRGR_VAL_WAITING)
 	    limit = 0;
 	else if (limit < current) /* Wrapped */
-	    limit + 1;
+	    limit += 1;
 
 	if (!erts_thr_progress_has_passed__(limit, wakeup))
 	    erl_exit(ERTS_ABORT_EXIT,
@@ -937,8 +933,10 @@ request_wakeup_managed(ErtsThrPrgrData *tpd, ErtsThrPrgrVal value)
     ASSERT(tpd->is_managed);
     ASSERT(tpd->previous.local != ERTS_THR_PRGR_VAL_WAITING);
 
-    if (has_reached_wakeup(value))
+    if (has_reached_wakeup(value)) {
 	wakeup_managed(tpd->id);
+	return;
+    }
 
     wix = ERTS_THR_PRGR_WAKEUP_IX(value);
     if (tpd->wakeup_request[wix] == value)
@@ -976,6 +974,10 @@ request_wakeup_managed(ErtsThrPrgrData *tpd, ErtsThrPrgrVal value)
     mwd = intrnl->managed.data[wix];
 
     ix = erts_atomic32_inc_read_nob(&mwd->len) - 1;
+#if ERTS_THR_PRGR_DBG_CHK_WAKEUP_REQUEST_VALUE
+    if (ix >= intrnl->managed.no)
+	erl_exit(ERTS_ABORT_EXIT, "Internal error: Too many wakeup requests\n");
+#endif
     mwd->id[ix] = tpd->id;
 
     ASSERT(!erts_thr_progress_has_reached(value));
@@ -1001,8 +1003,10 @@ request_wakeup_unmanaged(ErtsThrPrgrData *tpd, ErtsThrPrgrVal value)
      * we are writing the request.
      */
 
-    if (has_reached_wakeup(value))
+    if (has_reached_wakeup(value)) {
 	wakeup_unmanaged(tpd->id);
+	return;
+    }
 
     wix = ERTS_THR_PRGR_WAKEUP_IX(value);
 
@@ -1207,9 +1211,9 @@ erts_thr_progress_block(void)
 }
 
 void
-erts_thr_progress_fatal_error_block(SWord timeout)
+erts_thr_progress_fatal_error_block(SWord timeout,
+				    ErtsThrPrgrData *tmp_tpd_bufp)
 {
-    ErtsThrPrgrData tpd_buf;
     ErtsThrPrgrData *tpd = perhaps_thr_prgr_data(NULL);
     erts_aint32_t bc;
     SWord time_left = timeout;
@@ -1233,7 +1237,7 @@ erts_thr_progress_fatal_error_block(SWord timeout)
 	 * since we never complete an unblock after a fatal error
 	 * block.
 	 */
-	tpd = &tpd_buf;
+	tpd = tmp_tpd_bufp;
 	init_tmp_thr_prgr_data(tpd);
     }
 
diff --git a/erts/emulator/beam/erl_thr_progress.h b/erts/emulator/beam/erl_thr_progress.h
index 68d14174b9..1bbc49993e 100644
--- a/erts/emulator/beam/erl_thr_progress.h
+++ b/erts/emulator/beam/erl_thr_progress.h
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2011. All Rights Reserved.
+ * Copyright Ericsson AB 2011-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -44,7 +44,6 @@
 #define erts_smp_thr_progress_unblock erts_thr_progress_unblock
 #define erts_smp_thr_progress_is_blocking erts_thr_progress_is_blocking
 
-void erts_thr_progress_fatal_error_block(SWord timeout);
 void erts_thr_progress_block(void);
 void erts_thr_progress_unblock(void);
 int erts_thr_progress_is_blocking(void);
@@ -73,6 +72,10 @@ typedef struct {
 	ErtsThrPrgrVal current;
     } previous;
 } ErtsThrPrgrData;
+
+void erts_thr_progress_fatal_error_block(SWord timeout,
+					 ErtsThrPrgrData *tmp_tpd_bufp);
+
 #endif /* ERTS_SMP */
 
 #endif
@@ -86,6 +89,7 @@ typedef struct {
 #ifdef ERTS_SMP
 
 #define ERTS_THR_PRGR_VAL_WAITING (~((ErtsThrPrgrVal) 0))
+#define ERTS_THR_PRGR_INVALID (~((ErtsThrPrgrVal) 0))
 
 extern erts_tsd_key_t erts_thr_prgr_data_key__;
 
@@ -127,14 +131,19 @@ void erts_thr_progress_dbg_print_state(void);
 
 #ifdef ARCH_32
 #define ERTS_THR_PRGR_ATOMIC erts_dw_atomic_t
-ERTS_GLB_INLINE ErtsThrPrgrVal erts_thr_prgr_dw_sint_to_val__(ethr_dw_sint_t *dw_sint);
+ERTS_GLB_INLINE ErtsThrPrgrVal erts_thr_prgr_dw_aint_to_val__(erts_dw_aint_t *dw_aint);
 #endif
+ERTS_GLB_INLINE ErtsThrPrgrVal erts_thr_prgr_read_nob__(ERTS_THR_PRGR_ATOMIC *atmc);
 ERTS_GLB_INLINE ErtsThrPrgrVal erts_thr_prgr_read_acqb__(ERTS_THR_PRGR_ATOMIC *atmc);
+ERTS_GLB_INLINE ErtsThrPrgrVal erts_thr_prgr_read_mb__(ERTS_THR_PRGR_ATOMIC *atmc);
 
 ERTS_GLB_INLINE int erts_thr_progress_is_managed_thread(void);
+ERTS_GLB_INLINE ErtsThrPrgrVal erts_thr_progress_later_than(ErtsThrPrgrVal val);
 ERTS_GLB_INLINE ErtsThrPrgrVal erts_thr_progress_later(void);
 ERTS_GLB_INLINE ErtsThrPrgrVal erts_thr_progress_current(void);
 ERTS_GLB_INLINE int erts_thr_progress_has_passed__(ErtsThrPrgrVal val1, ErtsThrPrgrVal val2);
+ERTS_GLB_INLINE int erts_thr_progress_has_reached_this(ErtsThrPrgrVal this, ErtsThrPrgrVal val);
+ERTS_GLB_INLINE int erts_thr_progress_cmp(ErtsThrPrgrVal val1, ErtsThrPrgrVal val2);
 ERTS_GLB_INLINE int erts_thr_progress_has_reached(ErtsThrPrgrVal val);
 
 #if ERTS_GLB_INLINE_INCL_FUNC_DEF
@@ -142,33 +151,61 @@ ERTS_GLB_INLINE int erts_thr_progress_has_reached(ErtsThrPrgrVal val);
 #ifdef ARCH_64
 
 ERTS_GLB_INLINE ErtsThrPrgrVal
+erts_thr_prgr_read_nob__(ERTS_THR_PRGR_ATOMIC *atmc)
+{
+    return (ErtsThrPrgrVal) erts_atomic_read_nob(atmc);
+}
+
+ERTS_GLB_INLINE ErtsThrPrgrVal
 erts_thr_prgr_read_acqb__(ERTS_THR_PRGR_ATOMIC *atmc)
 {
     return (ErtsThrPrgrVal) erts_atomic_read_acqb(atmc);
 }
 
+ERTS_GLB_INLINE ErtsThrPrgrVal
+erts_thr_prgr_read_mb__(ERTS_THR_PRGR_ATOMIC *atmc)
+{
+    return (ErtsThrPrgrVal) erts_atomic_read_mb(atmc);
+}
+
 #else /* ARCH_32 */
 
 ERTS_GLB_INLINE ErtsThrPrgrVal
-erts_thr_prgr_dw_sint_to_val__(ethr_dw_sint_t *dw_sint)
+erts_thr_prgr_dw_aint_to_val__(erts_dw_aint_t *dw_aint)
 {
 #ifdef ETHR_SU_DW_NAINT_T__
-    return (ErtsThrPrgrVal) dw_sint->dw_sint;
+    return (ErtsThrPrgrVal) dw_aint->dw_sint;
 #else
     ErtsThrPrgrVal res;
-    res = (ErtsThrPrgrVal) ((Uint32) dw_sint->sint[ETHR_DW_SINT_HIGH_WORD]);
+    res = (ErtsThrPrgrVal) ((Uint32) dw_aint->sint[ERTS_DW_AINT_HIGH_WORD]);
     res <<= 32;
-    res |= (ErtsThrPrgrVal) ((Uint32) dw_sint->sint[ETHR_DW_SINT_LOW_WORD]);
+    res |= (ErtsThrPrgrVal) ((Uint32) dw_aint->sint[ERTS_DW_AINT_LOW_WORD]);
     return res;
 #endif
 }
 
 ERTS_GLB_INLINE ErtsThrPrgrVal
+erts_thr_prgr_read_nob__(ERTS_THR_PRGR_ATOMIC *atmc)
+{
+    erts_dw_aint_t dw_aint;
+    erts_dw_atomic_read_nob(atmc, &dw_aint);
+    return erts_thr_prgr_dw_aint_to_val__(&dw_aint);
+}
+
+ERTS_GLB_INLINE ErtsThrPrgrVal
 erts_thr_prgr_read_acqb__(ERTS_THR_PRGR_ATOMIC *atmc)
 {
-    ethr_dw_sint_t dw_sint;
-    erts_dw_atomic_read_acqb(atmc, &dw_sint);
-    return erts_thr_prgr_dw_sint_to_val__(&dw_sint);
+    erts_dw_aint_t dw_aint;
+    erts_dw_atomic_read_acqb(atmc, &dw_aint);
+    return erts_thr_prgr_dw_aint_to_val__(&dw_aint);
+}
+
+ERTS_GLB_INLINE ErtsThrPrgrVal
+erts_thr_prgr_read_mb__(ERTS_THR_PRGR_ATOMIC *atmc)
+{
+    erts_dw_aint_t dw_aint;
+    erts_dw_atomic_read_mb(atmc, &dw_aint);
+    return erts_thr_prgr_dw_aint_to_val__(&dw_aint);
 }
 
 #endif
@@ -181,9 +218,9 @@ erts_thr_progress_is_managed_thread(void)
 }
 
 ERTS_GLB_INLINE ErtsThrPrgrVal
-erts_thr_progress_later(void)
+erts_thr_progress_later_than(ErtsThrPrgrVal val)
 {
-    ErtsThrPrgrVal val = erts_thr_prgr_read_acqb__(&erts_thr_prgr__.current);
+    ERTS_THR_MEMORY_BARRIER;
     if (val == (ERTS_THR_PRGR_VAL_WAITING-((ErtsThrPrgrVal)2)))
 	return ((ErtsThrPrgrVal) 0);
     else if (val == (ERTS_THR_PRGR_VAL_WAITING-((ErtsThrPrgrVal)1)))
@@ -193,9 +230,19 @@ erts_thr_progress_later(void)
 }
 
 ERTS_GLB_INLINE ErtsThrPrgrVal
+erts_thr_progress_later(void)
+{
+    ErtsThrPrgrVal val = erts_thr_prgr_read_mb__(&erts_thr_prgr__.current);
+    return erts_thr_progress_later_than(val);
+}
+
+ERTS_GLB_INLINE ErtsThrPrgrVal
 erts_thr_progress_current(void)
 {
-    return erts_thr_prgr_read_acqb__(&erts_thr_prgr__.current);
+    if (erts_thr_progress_is_managed_thread())
+	return erts_thr_prgr_read_nob__(&erts_thr_prgr__.current);
+    else
+	return erts_thr_prgr_read_acqb__(&erts_thr_prgr__.current);
 }
 
 ERTS_GLB_INLINE int
@@ -217,13 +264,29 @@ erts_thr_progress_has_passed__(ErtsThrPrgrVal val1, ErtsThrPrgrVal val0)
 }
 
 ERTS_GLB_INLINE int
-erts_thr_progress_has_reached(ErtsThrPrgrVal val)
+erts_thr_progress_has_reached_this(ErtsThrPrgrVal this, ErtsThrPrgrVal val)
+{
+    if (this == val)
+	return 1;
+    return erts_thr_progress_has_passed__(this, val);
+}
+
+ERTS_GLB_INLINE int
+erts_thr_progress_cmp(ErtsThrPrgrVal val1, ErtsThrPrgrVal val2)
 {
-    ErtsThrPrgrVal current;
-    current = erts_thr_prgr_read_acqb__(&erts_thr_prgr__.current);
-    if (current == val)
+    if (val1 == val2)
+	return 0;
+    if (erts_thr_progress_has_passed__(val1, val2))
 	return 1;
-    return erts_thr_progress_has_passed__(current, val);
+    else
+	return -1;
+}	
+
+ERTS_GLB_INLINE int
+erts_thr_progress_has_reached(ErtsThrPrgrVal val)
+{
+    ErtsThrPrgrVal current = erts_thr_progress_current();
+    return erts_thr_progress_has_reached_this(current, val);
 }
 
 #endif
diff --git a/erts/emulator/beam/erl_thr_queue.c b/erts/emulator/beam/erl_thr_queue.c
index 9ac4cd4b8e..70949ece76 100644
--- a/erts/emulator/beam/erl_thr_queue.c
+++ b/erts/emulator/beam/erl_thr_queue.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2011. All Rights Reserved.
+ * Copyright Ericsson AB 2011-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -418,10 +418,9 @@ clean(ErtsThrQ_t *q, int max_ops, int do_notify)
 	    }
 
 	    if (q->head.unref_end == (ErtsThrQElement_t *) ilast)
-		ERTS_THR_MEMORY_BARRIER;
+		ERTS_SMP_MEMORY_BARRIER;
 	    else {
 		q->head.next.unref_end = (ErtsThrQElement_t *) ilast;
-		ERTS_THR_MEMORY_BARRIER;
 #ifdef ERTS_SMP
 		q->head.next.thr_progress = erts_thr_progress_later();
 #endif
@@ -449,32 +448,44 @@ clean(ErtsThrQ_t *q, int max_ops, int do_notify)
 		if (inext == (erts_aint_t) &q->tail.data.marker) {
 		    q->head.head.ptr->next.ptr = &q->tail.data.marker;
 		    q->head.head.ptr = &q->tail.data.marker;
-#ifdef ERTS_SMP
-		    if (!q->head.next.thr_progress_reached)
-			return ERTS_THR_Q_NEED_THR_PRGR;
-#else
-		    if (do_notify)
-			q->head.notify(q->head.arg);
-#endif
-		    return ERTS_THR_Q_DIRTY;
+		    goto check_thr_progress;
 		}
 	    }
 	}
+
+	if (q->q.finalizing) {
+	    ilast = erts_atomic_read_nob(&q->tail.data.last);
+	    if (q->head.first == ((ErtsThrQElement_t *) ilast)
+		&& ((ErtsThrQElement_t *) ilast) == &q->tail.data.marker
+		&& q->head.first == &q->tail.data.marker) {
+		destroy(q);
+	    }
+	    else {
+		goto dirty;
+	    }
+	}
 	return ERTS_THR_Q_CLEAN;
     }
 
-    if (q->head.first != q->head.unref_end) {
-	if (do_notify)
-	    q->head.notify(q->head.arg);
-	return ERTS_THR_Q_DIRTY;
-    }
+    if (q->head.first != q->head.unref_end)
+	goto dirty;
+
+check_thr_progress:
 
 #ifdef ERTS_SMP
-    if (!q->head.next.thr_progress_reached)
-	return ERTS_THR_Q_NEED_THR_PRGR;
+    if (q->head.next.thr_progress_reached)
 #endif
+    {
+	int um_refc_ix = q->head.next.um_refc_ix;
+	if (erts_atomic_read_acqb(&q->tail.data.um_refc[um_refc_ix]) == 0) {
+	dirty:
+	    if (do_notify)
+		q->head.notify(q->head.arg);
+	    return ERTS_THR_Q_DIRTY;
+	}
+    }
 
-    return ERTS_THR_Q_CLEAN; /* Waiting for unmanaged threads to complete... */
+    return ERTS_THR_Q_NEED_THR_PRGR;
 }
 
 #endif
@@ -492,7 +503,9 @@ erts_thr_q_clean(ErtsThrQ_t *q)
 ErtsThrQCleanState_t
 erts_thr_q_inspect(ErtsThrQ_t *q, int ensure_empty)
 {
-#ifdef USE_THREADS
+#ifndef USE_THREADS
+    return ERTS_THR_Q_CLEAN;
+#else
     if (ensure_empty) {
 	erts_aint_t inext;
 	inext = erts_atomic_read_acqb(&q->head.head.ptr->next.atmc);
@@ -523,11 +536,15 @@ erts_thr_q_inspect(ErtsThrQ_t *q, int ensure_empty)
 	return ERTS_THR_Q_DIRTY;
 
 #ifdef ERTS_SMP
-    if (!q->head.next.thr_progress_reached)
-	return ERTS_THR_Q_NEED_THR_PRGR;
+    if (q->head.next.thr_progress_reached)
 #endif
+    {
+	int um_refc_ix = q->head.next.um_refc_ix;
+	if (erts_atomic_read_acqb(&q->tail.data.um_refc[um_refc_ix]) == 0)
+	    return ERTS_THR_Q_DIRTY;
+    }
+    return ERTS_THR_Q_NEED_THR_PRGR;
 #endif
-    return ERTS_THR_Q_CLEAN;
 }
 
 static void
diff --git a/erts/emulator/beam/erl_thr_queue.h b/erts/emulator/beam/erl_thr_queue.h
index 407c23f5eb..edcf2c3823 100644
--- a/erts/emulator/beam/erl_thr_queue.h
+++ b/erts/emulator/beam/erl_thr_queue.h
@@ -96,9 +96,7 @@ typedef struct {
 
 typedef enum {
     ERTS_THR_Q_CLEAN,
-#ifdef ERTS_SMP
     ERTS_THR_Q_NEED_THR_PRGR,
-#endif
     ERTS_THR_Q_DIRTY,
 } ErtsThrQCleanState_t;
 
diff --git a/erts/emulator/beam/erl_threads.h b/erts/emulator/beam/erl_threads.h
index 065e7077c0..ee47c98009 100644
--- a/erts/emulator/beam/erl_threads.h
+++ b/erts/emulator/beam/erl_threads.h
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2001-2011. All Rights Reserved.
+ * Copyright Ericsson AB 2001-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -25,6 +25,235 @@
 #ifndef ERL_THREAD_H__
 #define ERL_THREAD_H__
 
+/*
+ * --- Documentation of atomics and memory barriers --------------------------
+ *
+ * The following explicit memory barriers exist:
+ *   
+ * - ERTS_THR_MEMORY_BARRIER
+ *      Full memory barrier. Orders both loads, and stores. No
+ *      load or store is allowed to be reordered over the
+ *      barrier.
+ * - ERTS_THR_WRITE_MEMORY_BARRIER
+ *      Write barrier. Orders *only* stores. These are not
+ *      allowed to be reordered over the barrier.
+ * - ERTS_THR_READ_MEMORY_BARRIER
+ *      Read barrier. Orders *only* loads. These are not
+ *      allowed to be reordered over the barrier.
+ * - ERTS_THR_DATA_DEPENDENCY_READ_MEMORY_BARRIER
+ *      Data dependency read barrier. Orders *only* loads
+ *      according to data dependency across the barrier.
+ *
+ * If thread support has been disabled, these barriers will become no-ops.
+ *
+ * If the prefix ERTS_THR_ is replaced with ERTS_SMP_, the barriers will
+ * be enabled only in the SMP enabled runtime system.
+ *
+ * --- Atomic operations ---
+ *
+ * Atomics operations exist for 32-bit, word size, and double word size
+ * integers. Function prototypes are listed below.
+ *
+ * Each function implementing an atomic operation exist with the following
+ * implied memory barrier semantics. Not all combinations are useful, but
+ * all of them exist for simplicity. <B> is suffix in function name:
+ *
+ * - <B>  - Description
+ *
+ * - mb   - Full memory barrier. Orders both loads, and
+ *          stores before, and after the atomic operation.
+ *          No load or store is allowed to be reordered
+ *          over the atomic operation.
+ * - relb - Release barrier. Orders both loads, and
+ *          stores appearing *before* the atomic
+ *          operation. These are not allowed to be
+ *          reordered over the atomic operation.
+ * - acqb - Acquire barrier. Orders both loads, and stores
+ *          appearing *after* the atomic operation. These
+ *          are not allowed to be reordered over the
+ *          atomic operation.
+ * - wb   - Write barrier. Orders *only* stores. These are
+ *          not allowed to be reordered over the barrier.
+ *          Store in atomic operation is ordered *after*
+ *          the barrier.
+ * - rb   - Read barrier. Orders *only* loads. These are
+ *          not allowed to be reordered over the barrier.
+ *          Load in atomic operation is ordered *before*
+ *          the barrier. 
+ * - ddrb - Data dependency read barrier. Orders *only*
+ *          loads according to data dependency across the
+ *          barrier. Load in atomic operation is ordered
+ *          before the barrier.
+ *
+ * If thread support has been disabled, these functions are mapped to
+ * functions that performs the same operation, but aren't atomic
+ * and don't imply any memory barriers.
+ *
+ * If the atomic operations are prefixed with erts_smp_ instead of only
+ * erts_ the atomic operations will only be atomic in the SMP enabled
+ * runtime system, and will be mapped to non-atomic operations without
+ * memory barriers in the runtime system without SMP support. Atomic
+ * operations with erts_smp_ prefix should use the atomic types
+ * erts_smp_atomic32_t, erts_smp_atomic_t, and erts_smp_dw_atomic_t
+ * instead of erts_atomic32_t, erts_atomic_t, and erts_dw_atomic_t. The
+ * integer data types erts_aint32_t, erts_aint_t, and erts_dw_atomic_t
+ * are the same.
+ *
+ * --- 32-bit atomic operations ---
+ *
+ * The following 32-bit atomic operations exist. <B> should be
+ * replaced with a supported memory barrier (see above). Note
+ * that sizeof(erts_atomic32_t) might be larger than 4!
+ *
+ *
+ * Initialize (not necessarily the same as the set operation):
+ *   void erts_atomic32_init_<B>(erts_atomic32_t *atmc,
+ *                               erts_aint32_t val);
+ *
+ * Set value:
+ *   void erts_atomic32_set_<B>(erts_atomic32_t *atmc,
+ *                              erts_aint32_t val);
+ *
+ * Read; returns current value:
+ *   erts_aint32_t erts_atomic32_read_<B>(erts_atomic32_t *atmc);
+ *
+ * Increment; returns resulting value:
+ *   erts_aint32_t erts_atomic32_inc_read_<B>(erts_atomic32_t *atmc);
+ *
+ * Decrement; returns resulting value:
+ *   erts_aint32_t erts_atomic32_dec_read_<B>(erts_atomic32_t *atmc);
+ *
+ * Increment:
+ *   void erts_atomic32_inc_<B>(erts_atomic32_t *atmc);
+ *
+ * Decrement:
+ *   void erts_atomic32_dec_<B>(erts_atomic32_t *atmc);
+ *
+ * Add value; returns resulting value:
+ *   erts_aint32_t erts_atomic32_add_read_<B>(erts_atomic32_t *atmc,
+ *                                            erts_aint32_t val);
+ *
+ * Add value:
+ *   void erts_atomic32_add_<B>(erts_atomic32_t *atmc,
+ *                              erts_aint32_t val);
+ *
+ * Bitwise-or; returns previous value:
+ *   erts_aint32_t erts_atomic32_read_bor_<B>(erts_atomic32_t *atmc,
+ *                                            erts_aint32_t val);
+ *
+ * Bitwise-and; returns previous value:
+ *   erts_aint32_t erts_atomic32_read_band_<B>(erts_atomic32_t *atmc,
+ *                                             erts_aint32_t val);
+ *
+ * Exchange; returns previous value:
+ *   erts_aint32_t erts_atomic32_xchg_<B>(erts_atomic32_t *atmc,
+ *                                        erts_aint32_t val);
+ *
+ * Compare and exchange; returns previous or current value. If
+ * returned value equals 'exp' the value was changed to 'new';
+ * otherwise not:
+ *   erts_aint32_t erts_atomic32_cmpxchg_<B>(erts_atomic32_t *a,
+ *                                           erts_aint32_t new,
+ *                                           erts_aint32_t exp);
+ *
+ * --- Word size atomic operations ---
+ *
+ * The following word size (same size as sizeof(void *)) atomic
+ * operations exist. <B> should be replaced with a supported
+ * memory barrier (see above). Note that sizeof(erts_atomic_t)
+ * might be larger than sizeof(void *)!
+ *
+ * Initialize (not necessarily the same as the set operation):
+ *   void erts_atomic_init_<B>(erts_atomic_t *atmc,
+ *                             erts_aint_t val);
+ *
+ * Set value;
+ *   void erts_atomic_set_<B>(erts_atomic_t *atmc,
+ *                            erts_aint_t val);
+ *
+ * Read; returns current value:
+ *   erts_aint_t erts_atomic_read_<B>(erts_atomic_t *atmc);
+ *
+ * Increment; returns resulting value:
+ *   erts_aint_t erts_atomic_inc_read_<B>(erts_atomic_t *atmc);
+ *
+ * Decrement; returns resulting value:
+ *   erts_aint_t erts_atomic_dec_read_<B>(erts_atomic_t *atmc);
+ *
+ * Increment:
+ *   void erts_atomic_inc_<B>(erts_atomic_t *atmc);
+ *
+ * Decrement:
+ *   void erts_atomic_dec_<B>(erts_atomic_t *atmc);
+ *
+ * Add value; returns resulting value:
+ *   erts_aint_t erts_atomic_add_read_<B>(erts_atomic_t *atmc,
+ *                                        erts_aint_t val);
+ *
+ * Add value:
+ *   void erts_atomic_add_<B>(erts_atomic_t *atmc,
+ *                            erts_aint_t val);
+ *
+ * Bitwise-or; returns previous value:
+ *   erts_aint_t erts_atomic_read_bor_<B>(erts_atomic_t *atmc,
+ *                                        erts_aint_t val);
+ *
+ * Bitwise-and; returns previous value:
+ *   erts_aint_t erts_atomic_read_band_<B>(erts_atomic_t *atmc,
+ *                                         erts_aint_t val);
+ *
+ * Exchange; returns previous value:
+ *   erts_aint_t erts_atomic_xchg_<B>(erts_atomic_t *atmc,
+ *                                    erts_aint_t val);
+ *
+ * Compare and exchange; returns previous or current value. If
+ * returned value equals 'exp' the value was changed to 'new';
+ * otherwise not:
+ *   erts_aint_t erts_atomic_cmpxchg_<B>(erts_atomic_t *a,
+ *                                       erts_aint_t new,
+ *                                       erts_aint_t exp);
+ *
+ * --- Double word size atomic operations ---
+ *
+ * The following double word atomic operations exist. <B> should be
+ * replaced with a supported memory barrier (see above).
+ *
+ * Note that sizeof(erts_dw_atomic_t) usually is larger than
+ * 2*sizeof(void *)!
+ * 
+ * The erts_dw_aint_t data type should be accessed as if it was defined
+ * like this:
+ *
+ *     typedef struct {
+ *         erts_aint_t sint[2];
+ *     } erts_dw_aint_t;
+ *
+ *     Most significant word is 'sint[ERTS_DW_AINT_HIGH_WORD]' and least
+ *     significant word is 'sint[ERTS_DW_AINT_LOW_WORD]'.
+ *
+ *
+ * Initialize (not necessarily the same as the set operation):
+ *   void erts_dw_atomic_init_<B>(erts_dw_atomic_t *var,
+ *                           erts_dw_aint_t *val);
+ *
+ * Set; value is written into 'val':
+ *   void erts_dw_atomic_set_<B>(erts_dw_atomic_t *var,
+ *                               erts_dw_aint_t *val);
+ *
+ * Read; value is written into 'val':
+ *   void erts_dw_atomic_read_<B>(erts_dw_atomic_t *var,
+ *                                erts_dw_aint_t *val);
+ *
+ * Compare and exchange; returns a value != 0 if exchange was
+ * made; otherwise 0. 'new_val' contains new value to set. If 'exp_act'
+ * contains the same value as in memory when the function is called,
+ * 'new' is written to memory; otherwise, not. If exchange was not
+ * made, 'exp_act' contains the actual value in memory:
+ *   int erts_dw_atomic_cmpxchg_<B>(erts_dw_atomic_t *var,
+ *                                  erts_dw_aint_t *new,
+ *                                  erts_dw_aint_t *exp_act);
+ */
+
 #define ERTS_SPIN_BODY ETHR_SPIN_BODY
 
 #include "sys.h"
@@ -52,6 +281,9 @@ typedef Sint32 erts_no_atomic32_t;
 #endif
 
 #define ERTS_THR_MEMORY_BARRIER ETHR_MEMORY_BARRIER
+#define ERTS_THR_WRITE_MEMORY_BARRIER ETHR_WRITE_MEMORY_BARRIER
+#define ERTS_THR_READ_MEMORY_BARRIER ETHR_READ_MEMORY_BARRIER
+#define ERTS_THR_DATA_DEPENDENCY_READ_MEMORY_BARRIER ETHR_READ_DEPEND_MEMORY_BARRIER
 
 #ifdef ERTS_ENABLE_LOCK_COUNT
 #define erts_mtx_lock(L) erts_mtx_lock_x(L, __FILE__, __LINE__)
@@ -113,6 +345,9 @@ typedef ethr_ts_event erts_tse_t;
 #define erts_aint32_t ethr_sint32_t 
 #define erts_atomic32_t ethr_atomic32_t
 
+#define ERTS_DW_AINT_HIGH_WORD ETHR_DW_SINT_HIGH_WORD
+#define ERTS_DW_AINT_LOW_WORD ETHR_DW_SINT_LOW_WORD
+
 /* spinlock */
 typedef struct {
     ethr_spinlock_t slck;
@@ -149,6 +384,9 @@ __decl_noreturn void  __noreturn erts_thr_fatal_error(int, char *);
 #else /* #ifdef USE_THREADS */
 
 #define ERTS_THR_MEMORY_BARRIER
+#define ERTS_THR_WRITE_MEMORY_BARRIER
+#define ERTS_THR_READ_MEMORY_BARRIER
+#define ERTS_THR_DATA_DEPENDENCY_READ_MEMORY_BARRIER
 
 #define ERTS_THR_OPTS_DEFAULT_INITER 0
 typedef int erts_thr_opts_t;
@@ -361,18 +599,13 @@ ERTS_GLB_INLINE void erts_thr_sigmask(int how, const sigset_t *set,
 ERTS_GLB_INLINE void erts_thr_sigwait(const sigset_t *set, int *sig);
 #endif /* #ifdef HAVE_ETHR_SIG_FUNCS */
 
+#ifdef USE_THREADS
+
 /*
- * Functions implementing atomic operations with with no (nob),
- * full (mb), acquire (acqb), release (relb), read (rb), and
- * write (wb) memory barriers.
- *
- * If thread support has been disabled, they are mapped to
- * functions that performs the same operation, but aren't atomic
- * and don't imply memory barriers.
+ * See "Documentation of atomics and memory barriers" at the top
+ * of this file for info on atomics.
  */
 
-#ifdef USE_THREADS
-
 /* Double word size atomics */
 
 #define erts_dw_atomic_init_nob ethr_dw_atomic_init
@@ -395,6 +628,11 @@ ERTS_GLB_INLINE void erts_thr_sigwait(const sigset_t *set, int *sig);
 #define erts_dw_atomic_read_relb ethr_dw_atomic_read_relb
 #define erts_dw_atomic_cmpxchg_relb ethr_dw_atomic_cmpxchg_relb
 
+#define erts_dw_atomic_init_ddrb ethr_dw_atomic_init_ddrb
+#define erts_dw_atomic_set_ddrb ethr_dw_atomic_set_ddrb
+#define erts_dw_atomic_read_ddrb ethr_dw_atomic_read_ddrb
+#define erts_dw_atomic_cmpxchg_ddrb ethr_dw_atomic_cmpxchg_ddrb
+
 #define erts_dw_atomic_init_rb ethr_dw_atomic_init_rb
 #define erts_dw_atomic_set_rb ethr_dw_atomic_set_rb
 #define erts_dw_atomic_read_rb ethr_dw_atomic_read_rb
@@ -463,6 +701,20 @@ ERTS_GLB_INLINE void erts_thr_sigwait(const sigset_t *set, int *sig);
 #define erts_atomic_xchg_relb ethr_atomic_xchg_relb
 #define erts_atomic_cmpxchg_relb ethr_atomic_cmpxchg_relb
 
+#define erts_atomic_init_ddrb ethr_atomic_init_ddrb
+#define erts_atomic_set_ddrb ethr_atomic_set_ddrb
+#define erts_atomic_read_ddrb ethr_atomic_read_ddrb
+#define erts_atomic_inc_read_ddrb ethr_atomic_inc_read_ddrb
+#define erts_atomic_dec_read_ddrb ethr_atomic_dec_read_ddrb
+#define erts_atomic_inc_ddrb ethr_atomic_inc_ddrb
+#define erts_atomic_dec_ddrb ethr_atomic_dec_ddrb
+#define erts_atomic_add_read_ddrb ethr_atomic_add_read_ddrb
+#define erts_atomic_add_ddrb ethr_atomic_add_ddrb
+#define erts_atomic_read_bor_ddrb ethr_atomic_read_bor_ddrb
+#define erts_atomic_read_band_ddrb ethr_atomic_read_band_ddrb
+#define erts_atomic_xchg_ddrb ethr_atomic_xchg_ddrb
+#define erts_atomic_cmpxchg_ddrb ethr_atomic_cmpxchg_ddrb
+
 #define erts_atomic_init_rb ethr_atomic_init_rb
 #define erts_atomic_set_rb ethr_atomic_set_rb
 #define erts_atomic_read_rb ethr_atomic_read_rb
@@ -549,6 +801,20 @@ ERTS_GLB_INLINE void erts_thr_sigwait(const sigset_t *set, int *sig);
 #define erts_atomic32_xchg_relb ethr_atomic32_xchg_relb
 #define erts_atomic32_cmpxchg_relb ethr_atomic32_cmpxchg_relb
 
+#define erts_atomic32_init_ddrb ethr_atomic32_init_ddrb
+#define erts_atomic32_set_ddrb ethr_atomic32_set_ddrb
+#define erts_atomic32_read_ddrb ethr_atomic32_read_ddrb
+#define erts_atomic32_inc_read_ddrb ethr_atomic32_inc_read_ddrb
+#define erts_atomic32_dec_read_ddrb ethr_atomic32_dec_read_ddrb
+#define erts_atomic32_inc_ddrb ethr_atomic32_inc_ddrb
+#define erts_atomic32_dec_ddrb ethr_atomic32_dec_ddrb
+#define erts_atomic32_add_read_ddrb ethr_atomic32_add_read_ddrb
+#define erts_atomic32_add_ddrb ethr_atomic32_add_ddrb
+#define erts_atomic32_read_bor_ddrb ethr_atomic32_read_bor_ddrb
+#define erts_atomic32_read_band_ddrb ethr_atomic32_read_band_ddrb
+#define erts_atomic32_xchg_ddrb ethr_atomic32_xchg_ddrb
+#define erts_atomic32_cmpxchg_ddrb ethr_atomic32_cmpxchg_ddrb
+
 #define erts_atomic32_init_rb ethr_atomic32_init_rb
 #define erts_atomic32_set_rb ethr_atomic32_set_rb
 #define erts_atomic32_read_rb ethr_atomic32_read_rb
@@ -601,6 +867,11 @@ ERTS_GLB_INLINE void erts_thr_sigwait(const sigset_t *set, int *sig);
 #define erts_dw_atomic_read_relb erts_no_dw_atomic_read
 #define erts_dw_atomic_cmpxchg_relb erts_no_dw_atomic_cmpxchg
 
+#define erts_dw_atomic_init_ddrb erts_no_dw_atomic_init
+#define erts_dw_atomic_set_ddrb erts_no_dw_atomic_set
+#define erts_dw_atomic_read_ddrb erts_no_dw_atomic_read
+#define erts_dw_atomic_cmpxchg_ddrb erts_no_dw_atomic_cmpxchg
+
 #define erts_dw_atomic_init_rb erts_no_dw_atomic_init
 #define erts_dw_atomic_set_rb erts_no_dw_atomic_set
 #define erts_dw_atomic_read_rb erts_no_dw_atomic_read
@@ -669,6 +940,20 @@ ERTS_GLB_INLINE void erts_thr_sigwait(const sigset_t *set, int *sig);
 #define erts_atomic_xchg_relb erts_no_atomic_xchg
 #define erts_atomic_cmpxchg_relb erts_no_atomic_cmpxchg
 
+#define erts_atomic_init_ddrb erts_no_atomic_set
+#define erts_atomic_set_ddrb erts_no_atomic_set
+#define erts_atomic_read_ddrb erts_no_atomic_read
+#define erts_atomic_inc_read_ddrb erts_no_atomic_inc_read
+#define erts_atomic_dec_read_ddrb erts_no_atomic_dec_read
+#define erts_atomic_inc_ddrb erts_no_atomic_inc
+#define erts_atomic_dec_ddrb erts_no_atomic_dec
+#define erts_atomic_add_read_ddrb erts_no_atomic_add_read
+#define erts_atomic_add_ddrb erts_no_atomic_add
+#define erts_atomic_read_bor_ddrb erts_no_atomic_read_bor
+#define erts_atomic_read_band_ddrb erts_no_atomic_read_band
+#define erts_atomic_xchg_ddrb erts_no_atomic_xchg
+#define erts_atomic_cmpxchg_ddrb erts_no_atomic_cmpxchg
+
 #define erts_atomic_init_rb erts_no_atomic_set
 #define erts_atomic_set_rb erts_no_atomic_set
 #define erts_atomic_read_rb erts_no_atomic_read
@@ -755,6 +1040,20 @@ ERTS_GLB_INLINE void erts_thr_sigwait(const sigset_t *set, int *sig);
 #define erts_atomic32_xchg_relb erts_no_atomic32_xchg
 #define erts_atomic32_cmpxchg_relb erts_no_atomic32_cmpxchg
 
+#define erts_atomic32_init_ddrb erts_no_atomic32_set
+#define erts_atomic32_set_ddrb erts_no_atomic32_set
+#define erts_atomic32_read_ddrb erts_no_atomic32_read
+#define erts_atomic32_inc_read_ddrb erts_no_atomic32_inc_read
+#define erts_atomic32_dec_read_ddrb erts_no_atomic32_dec_read
+#define erts_atomic32_inc_ddrb erts_no_atomic32_inc
+#define erts_atomic32_dec_ddrb erts_no_atomic32_dec
+#define erts_atomic32_add_read_ddrb erts_no_atomic32_add_read
+#define erts_atomic32_add_ddrb erts_no_atomic32_add
+#define erts_atomic32_read_bor_ddrb erts_no_atomic32_read_bor
+#define erts_atomic32_read_band_ddrb erts_no_atomic32_read_band
+#define erts_atomic32_xchg_ddrb erts_no_atomic32_xchg
+#define erts_atomic32_cmpxchg_ddrb erts_no_atomic32_cmpxchg
+
 #define erts_atomic32_init_rb erts_no_atomic32_set
 #define erts_atomic32_set_rb erts_no_atomic32_set
 #define erts_atomic32_read_rb erts_no_atomic32_read
diff --git a/erts/emulator/beam/erl_time.h b/erts/emulator/beam/erl_time.h
index 7a09d30ff6..6c6e193818 100644
--- a/erts/emulator/beam/erl_time.h
+++ b/erts/emulator/beam/erl_time.h
@@ -20,7 +20,11 @@
 #ifndef ERL_TIME_H__
 #define ERL_TIME_H__
 
-extern erts_smp_atomic_t do_time;	/* set at clock interrupt */
+#define ERTS_SHORT_TIME_T_MAX ERTS_AINT32_T_MAX
+#define ERTS_SHORT_TIME_T_MIN ERTS_AINT32_T_MIN
+typedef erts_aint32_t erts_short_time_t;
+
+extern erts_smp_atomic32_t do_time;	/* set at clock interrupt */
 extern SysTimeval erts_first_emu_time;
 
 /*
@@ -71,22 +75,32 @@ void erts_cancel_smp_ptimer(ErtsSmpPTimer *ptimer);
 void erts_init_time(void);
 void erts_set_timer(ErlTimer*, ErlTimeoutProc, ErlCancelProc, void*, Uint);
 void erts_cancel_timer(ErlTimer*);
-void erts_bump_timer(erts_aint_t);
+void erts_bump_timer(erts_short_time_t);
 Uint erts_timer_wheel_memory_size(void);
 Uint erts_time_left(ErlTimer *);
-erts_aint_t erts_next_time(void);
+erts_short_time_t erts_next_time(void);
 
 #ifdef DEBUG
 void erts_p_slpq(void);
 #endif
 
-ERTS_GLB_INLINE erts_aint_t erts_do_time_read_and_reset(void);
-ERTS_GLB_INLINE void erts_do_time_add(long);
+ERTS_GLB_INLINE erts_short_time_t erts_do_time_read_and_reset(void);
+ERTS_GLB_INLINE void erts_do_time_add(erts_short_time_t);
 
 #if ERTS_GLB_INLINE_INCL_FUNC_DEF
 
-ERTS_GLB_INLINE erts_aint_t erts_do_time_read_and_reset(void) { return erts_smp_atomic_xchg_acqb(&do_time, 0L); }
-ERTS_GLB_INLINE void erts_do_time_add(long elapsed) { erts_smp_atomic_add_relb(&do_time, elapsed); }
+ERTS_GLB_INLINE erts_short_time_t erts_do_time_read_and_reset(void)
+{
+    erts_short_time_t time = erts_smp_atomic32_xchg_acqb(&do_time, 0);
+    if (time < 0)
+	erl_exit(ERTS_ABORT_EXIT, "Internal time management error\n");
+    return time;
+}
+
+ERTS_GLB_INLINE void erts_do_time_add(erts_short_time_t elapsed)
+{
+    erts_smp_atomic32_add_relb(&do_time, elapsed);
+}
 
 #endif /* #if ERTS_GLB_INLINE_INCL_FUNC_DEF */
 
@@ -105,7 +119,7 @@ void erts_get_now_cpu(Uint* megasec, Uint* sec, Uint* microsec);
 #endif
 
 void erts_get_timeval(SysTimeval *tv);
-long erts_get_time(void);
+erts_time_t erts_get_time(void);
 void erts_get_emu_time(SysTimeval *);
 
 ERTS_GLB_INLINE int erts_cmp_timeval(SysTimeval *t1p, SysTimeval *t2p);
diff --git a/erts/emulator/beam/erl_time_sup.c b/erts/emulator/beam/erl_time_sup.c
index ca4b54188e..1d0735aa99 100644
--- a/erts/emulator/beam/erl_time_sup.c
+++ b/erts/emulator/beam/erl_time_sup.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 1999-2010. All Rights Reserved.
+ * Copyright Ericsson AB 1999-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -371,7 +371,7 @@ static void init_erts_deliver_time(const SysTimeval *inittv)
 static void do_erts_deliver_time(const SysTimeval *current)
 {
     SysTimeval cur_time;
-    long elapsed;
+    erts_time_t elapsed;
     
     /* calculate and deliver appropriate number of ticks */
     cur_time = *current;
@@ -385,7 +385,10 @@ static void do_erts_deliver_time(const SysTimeval *current)
        this by simply pretend as if the time stood still. :) */
 
     if (elapsed > 0) {
-	erts_do_time_add(elapsed);
+
+	ASSERT(elapsed < ((erts_time_t) ERTS_SHORT_TIME_T_MAX));
+
+	erts_do_time_add((erts_short_time_t) elapsed);
 	last_delivered = cur_time;
     }
 }
@@ -421,11 +424,11 @@ erts_init_time_sup(void)
 /* info functions */
 
 void 
-elapsed_time_both(unsigned long *ms_user, unsigned long *ms_sys, 
-		  unsigned long *ms_user_diff, unsigned long *ms_sys_diff)
+elapsed_time_both(UWord *ms_user, UWord *ms_sys, 
+		  UWord *ms_user_diff, UWord *ms_sys_diff)
 {
-    unsigned long prev_total_user, prev_total_sys;
-    unsigned long total_user, total_sys;
+    UWord prev_total_user, prev_total_sys;
+    UWord total_user, total_sys;
     SysTimes now;
 
     sys_times(&now);
@@ -456,9 +459,9 @@ elapsed_time_both(unsigned long *ms_user, unsigned long *ms_sys,
 /* wall clock routines */
 
 void 
-wall_clock_elapsed_time_both(unsigned long *ms_total, unsigned long *ms_diff)
+wall_clock_elapsed_time_both(UWord *ms_total, UWord *ms_diff)
 {
-    unsigned long prev_total;
+    UWord prev_total;
     SysTimeval tv;
 
     erts_smp_mtx_lock(&erts_timeofday_mtx);
@@ -491,7 +494,7 @@ get_time(int *hour, int *minute, int *second)
     
     the_clock = time((time_t *)0);
 #ifdef HAVE_LOCALTIME_R
-    localtime_r(&the_clock, (tm = &tmbuf));
+    tm = localtime_r(&the_clock, &tmbuf);
 #else
     tm = localtime(&the_clock);
 #endif
@@ -513,7 +516,7 @@ get_date(int *year, int *month, int *day)
 
     the_clock = time((time_t *)0);
 #ifdef HAVE_LOCALTIME_R
-    localtime_r(&the_clock, (tm = &tmbuf));
+    tm = localtime_r(&the_clock, &tmbuf);
 #else
     tm = localtime(&the_clock);
 #endif
@@ -583,7 +586,44 @@ static const int mdays[14] = {0, 31, 28, 31, 30, 31, 30,
                             (((y) % 100) != 0)) || \
                            (((y) % 400) == 0))
 
-#define  BASEYEAR       1970
+/* This is the earliest year we are sure to be able to handle
+   on all platforms w/o problems */
+#define  BASEYEAR       1902 
+
+/* A more "clever" mktime
+ * return  1, if successful
+ * return -1, if not successful
+ */
+
+static int erl_mktime(time_t *c, struct tm *tm) {
+    time_t clock;
+
+    clock = mktime(tm);
+
+    if (clock != -1) {
+	*c = clock;
+	return 1;
+    }
+
+    /* in rare occasions mktime returns -1
+     * when a correct value has been entered
+     *
+     * decrease seconds with one second
+     * if the result is -2, epochs should be -1
+     */
+
+    tm->tm_sec = tm->tm_sec - 1;
+    clock = mktime(tm);
+    tm->tm_sec = tm->tm_sec + 1;
+
+    *c = -1;
+
+    if (clock == -2) {
+	return 1;
+    }
+
+    return -1;
+}
 
 /*
  * gregday
@@ -592,10 +632,10 @@ static const int mdays[14] = {0, 31, 28, 31, 30, 31, 30,
  * greater of equal to 1600 , and month [1-12] and day [1-31] 
  * are within range. Otherwise it returns -1.
  */
-static int long gregday(int year, int month, int day)
+static time_t gregday(int year, int month, int day)
 {
-  int long ndays = 0;
-  int gyear, pyear, m;
+  Sint ndays = 0;
+  Sint gyear, pyear, m;
   
   /* number of days in previous years */
   gyear = year - 1600;
@@ -610,10 +650,72 @@ static int long gregday(int year, int month, int day)
   if (is_leap_year(year) && (month > 2))
     ndays++;
   ndays += day - 1;
-  return ndays - 135140;        /* 135140 = Jan 1, 1970 */
+  return (time_t) (ndays - 135140);        /* 135140 = Jan 1, 1970 */
+}
+
+#define SECONDS_PER_MINUTE  (60)
+#define SECONDS_PER_HOUR    (60 * SECONDS_PER_MINUTE)
+#define SECONDS_PER_DAY     (24 * SECONDS_PER_HOUR)
+
+int seconds_to_univ(Sint64 time, Sint *year, Sint *month, Sint *day, 
+	Sint *hour, Sint *minute, Sint *second) {
+
+    Sint y,mi;
+    Sint days = time / SECONDS_PER_DAY;
+    Sint secs = time % SECONDS_PER_DAY;
+    Sint tmp;
+
+    if (secs < 0) {
+	days--;
+	secs += SECONDS_PER_DAY;
+    }
+    
+    tmp     = secs % SECONDS_PER_HOUR;
+
+    *hour   = secs / SECONDS_PER_HOUR;
+    *minute = tmp  / SECONDS_PER_MINUTE;
+    *second = tmp  % SECONDS_PER_MINUTE;
+
+    days   += 719468;
+    y       = (10000*((Sint64)days) + 14780) / 3652425; 
+    tmp     = days - (365 * y + y/4 - y/100 + y/400);
+
+    if (tmp < 0) {
+	y--;
+	tmp = days - (365*y + y/4 - y/100 + y/400);
+    }
+    mi = (100 * tmp + 52)/3060;
+    *month = (mi + 2) % 12 + 1;
+    *year  = y + (mi + 2) / 12;
+    *day   = tmp - (mi * 306 + 5)/10 + 1;
+
+    return 1;
 }
 
+int univ_to_seconds(Sint year, Sint month, Sint day, Sint hour, Sint minute, Sint second, Sint64 *time) {
+    Sint days;
+
+    if (!(IN_RANGE(1600, year, INT_MAX - 1) &&
+          IN_RANGE(1, month, 12) &&
+          IN_RANGE(1, day, (mdays[month] + 
+                             (month == 2 
+                              && (year % 4 == 0) 
+                              && (year % 100 != 0 || year % 400 == 0)))) &&
+          IN_RANGE(0, hour, 23) &&
+          IN_RANGE(0, minute, 59) &&
+          IN_RANGE(0, second, 59))) {
+      return 0;
+    }
+ 
+    days   = gregday(year, month, day);
+    *time  = SECONDS_PER_DAY;
+    *time *= days;             /* don't try overflow it, it hurts */
+    *time += SECONDS_PER_HOUR * hour;
+    *time += SECONDS_PER_MINUTE * minute;
+    *time += second;
 
+    return 1;
+}
 
 int 
 local_to_univ(Sint *year, Sint *month, Sint *day, 
@@ -644,15 +746,18 @@ local_to_univ(Sint *year, Sint *month, Sint *day,
     t.tm_min = *minute;
     t.tm_sec = *second;
     t.tm_isdst = isdst;
-    the_clock = mktime(&t);
-    if (the_clock == -1) {
+
+    /* the nature of mktime makes this a bit interesting,
+     * up to four mktime calls could happen here
+     */
+
+    if (erl_mktime(&the_clock, &t) < 0) {
 	if (isdst) {
 	    /* If this is a timezone without DST and the OS (correctly)
 	       refuses to give us a DST time, we simulate the Linux/Solaris
 	       behaviour of giving the same data as if is_dst was not set. */
 	    t.tm_isdst = 0;
-	    the_clock = mktime(&t);
-	    if (the_clock == -1) {
+	    if (erl_mktime(&the_clock, &t)) {
 		/* Failed anyway, something else is bad - will be a badarg */
 		return 0;
 	    }
@@ -662,10 +767,13 @@ local_to_univ(Sint *year, Sint *month, Sint *day,
 	}
     }
 #ifdef HAVE_GMTIME_R
-    gmtime_r(&the_clock, (tm = &tmbuf));
+    tm = gmtime_r(&the_clock, &tmbuf);
 #else
     tm = gmtime(&the_clock);
 #endif
+    if (!tm) {
+      return 0;
+    }
     *year = tm->tm_year + 1900;
     *month = tm->tm_mon +1;
     *day = tm->tm_mday;
@@ -719,17 +827,20 @@ univ_to_local(Sint *year, Sint *month, Sint *day,
 #endif
 
 #ifdef HAVE_LOCALTIME_R
-    localtime_r(&the_clock, (tm = &tmbuf));
+    tm = localtime_r(&the_clock, &tmbuf);
 #else
     tm = localtime(&the_clock);
 #endif
-    *year = tm->tm_year + 1900;
-    *month = tm->tm_mon +1;
-    *day = tm->tm_mday;
-    *hour = tm->tm_hour;
-    *minute = tm->tm_min;
-    *second = tm->tm_sec;
-    return 1;
+    if (tm) {
+	*year   = tm->tm_year + 1900;
+	*month  = tm->tm_mon +1;
+	*day    = tm->tm_mday;
+	*hour   = tm->tm_hour;
+	*minute = tm->tm_min;
+	*second = tm->tm_sec;
+	return 1;
+    }
+    return 0;
 }
 
 
@@ -798,13 +909,14 @@ void erts_deliver_time(void) {
 
 void erts_time_remaining(SysTimeval *rem_time)
 {
-    int ticks;
+    erts_time_t ticks;
     SysTimeval cur_time;
-    long elapsed;
+    erts_time_t elapsed;
 
     /* erts_next_time() returns no of ticks to next timeout or -1 if none */
 
-    if ((ticks = erts_next_time()) == -1) {
+    ticks = (erts_time_t) erts_next_time();
+    if (ticks == (erts_time_t) -1) {
 	/* timer queue empty */
 	/* this will cause at most 100000000 ticks */
 	rem_time->tv_sec = 100000;
@@ -839,7 +951,7 @@ void erts_get_timeval(SysTimeval *tv)
     erts_smp_mtx_unlock(&erts_timeofday_mtx);
 }
 
-long
+erts_time_t
 erts_get_time(void)
 {
     SysTimeval sys_tv;
diff --git a/erts/emulator/beam/erl_trace.c b/erts/emulator/beam/erl_trace.c
index b487dbf054..b1d1e1d9b0 100644
--- a/erts/emulator/beam/erl_trace.c
+++ b/erts/emulator/beam/erl_trace.c
@@ -544,7 +544,7 @@ send_to_port(Process *c_p, Eterm message,
  */
 
 static void 
-profile_send(Eterm message) {
+profile_send(Eterm from, Eterm message) {
     Uint sz = 0;
     ErlHeapFragment *bp = NULL;
     Uint *hp = NULL;
@@ -554,6 +554,9 @@ profile_send(Eterm message) {
 
     Eterm profiler = erts_get_system_profile();
 
+    /* do not profile profiler pid */
+    if (from == profiler) return;
+
     if (is_internal_port(profiler)) {
     	Port *profiler_port = NULL;
 
@@ -2617,7 +2620,7 @@ profile_scheduler(Eterm scheduler_id, Eterm state) {
 		 make_small(active_sched), timestamp); hp += 7;
 
 #ifndef ERTS_SMP
-    profile_send(msg);
+    profile_send(NIL, msg);
     UnUseTmpHeapNoproc(LOCAL_HEAP_SIZE);
 #undef LOCAL_HEAP_SIZE
 #else
@@ -2652,7 +2655,7 @@ profile_scheduler_q(Eterm scheduler_id, Eterm state, Eterm no_schedulers, Uint M
     timestamp = TUPLE3(hp, make_small(Ms), make_small(s), make_small(us)); hp += 4;
     msg = TUPLE6(hp, am_profile, am_scheduler, scheduler_id, state, no_schedulers, timestamp); hp += 7;
 #ifndef ERTS_SMP
-    profile_send(msg);
+    profile_send(NIL, msg);
     UnUseTmpHeapNoproc(LOCAL_HEAP_SIZE);
 #undef LOCAL_HEAP_SIZE
 #else
@@ -2919,11 +2922,11 @@ profile_runnable_port(Port *p, Eterm status) {
     msg = TUPLE5(hp, am_profile, p->id, status, count, timestamp); hp += 6;
 
 #ifndef ERTS_SMP
-    profile_send(msg);
+    profile_send(p->id, msg);
     UnUseTmpHeapNoproc(LOCAL_HEAP_SIZE);
 #undef LOCAL_HEAP_SIZE
 #else
-    enqueue_sys_msg_unlocked(SYS_MSG_TYPE_SYSPROF, NIL, NIL, msg, bp);
+    enqueue_sys_msg_unlocked(SYS_MSG_TYPE_SYSPROF, p->id, NIL, msg, bp);
 #endif
     erts_smp_mtx_unlock(&smq_mtx);
 }
@@ -2972,11 +2975,11 @@ profile_runnable_proc(Process *p, Eterm status){
     timestamp = TUPLE3(hp, make_small(Ms), make_small(s), make_small(us)); hp += 4;
     msg = TUPLE5(hp, am_profile, p->id, status, where, timestamp); hp += 6;
 #ifndef ERTS_SMP
-    profile_send(msg);
+    profile_send(p->id, msg);
     UnUseTmpHeapNoproc(LOCAL_HEAP_SIZE);
 #undef LOCAL_HEAP_SIZE
 #else
-    enqueue_sys_msg_unlocked(SYS_MSG_TYPE_SYSPROF, NIL, NIL, msg, bp);
+    enqueue_sys_msg_unlocked(SYS_MSG_TYPE_SYSPROF, p->id, NIL, msg, bp);
 #endif
     erts_smp_mtx_unlock(&smq_mtx);
 }
diff --git a/erts/emulator/beam/export.c b/erts/emulator/beam/export.c
index 18d62dac1d..fb0ee99119 100644
--- a/erts/emulator/beam/export.c
+++ b/erts/emulator/beam/export.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 1996-2010. All Rights Reserved.
+ * Copyright Ericsson AB 1996-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
diff --git a/erts/emulator/beam/external.c b/erts/emulator/beam/external.c
index 4b867f2b10..9d52ed4e98 100644
--- a/erts/emulator/beam/external.c
+++ b/erts/emulator/beam/external.c
@@ -46,7 +46,7 @@
 #ifdef HIPE
 #include "hipe_mode_switch.h"
 #endif
-#define in_area(ptr,start,nbytes) ((Uint)((char*)(ptr) - (char*)(start)) < (nbytes))
+#define in_area(ptr,start,nbytes) ((UWord)((char*)(ptr) - (char*)(start)) < (nbytes))
 
 #define MAX_STRING_LEN 0xffff
 
@@ -3118,6 +3118,9 @@ decoded_size(byte *ep, byte* endp, int internal_tags)
 	case LARGE_BIG_EXT:
 	    CHKSIZE(4);
 	    n = get_int32(ep);
+	    if (n > BIG_ARITY_MAX*sizeof(ErtsDigit)) {
+		return -1;
+	    }
 	    SKIP2(n,4+1);		/* skip, size,sign,digits */
 	    heap_size += 1+1+(n+sizeof(Eterm)-1)/sizeof(Eterm); /* XXX: 1 too much? */
 	    break;
diff --git a/erts/emulator/beam/global.h b/erts/emulator/beam/global.h
index b247576f1c..f1335f600d 100644
--- a/erts/emulator/beam/global.h
+++ b/erts/emulator/beam/global.h
@@ -47,7 +47,7 @@ typedef struct erts_driver_t_ erts_driver_t;
 #define SMALL_IO_QUEUE 5   /* Number of fixed elements */
 
 typedef struct {
-    int size;       /* total size in bytes */
+    ErlDrvSizeT size;       /* total size in bytes */
 
     SysIOVec* v_start;
     SysIOVec* v_end;
@@ -63,9 +63,9 @@ typedef struct {
 } ErlIOQueue;
 
 typedef struct line_buf {  /* Buffer used in line oriented I/O */
-    int bufsiz;              /* Size of character buffer */
-    int ovlen;               /* Length of overflow data */
-    int ovsiz;               /* Actual size of overflow buffer */
+    ErlDrvSizeT bufsiz;      /* Size of character buffer */
+    ErlDrvSizeT ovlen;       /* Length of overflow data */
+    ErlDrvSizeT ovsiz;       /* Actual size of overflow buffer */
     char data[1];            /* Starting point of buffer data,
 			      data[0] is a flag indicating an unprocess CR,
 			      The rest is the overflow buffer. */
@@ -172,7 +172,7 @@ struct port {
     DistEntry *dist_entry;       /* Dist entry used in DISTRIBUTION */
     char *name;		         /* String used in the open */
     erts_driver_t* drv_ptr;
-    long drv_data;
+    UWord drv_data;
     ErtsProcList *suspended;	 /* List of suspended processes. */
     LineBuf *linebuf;            /* Buffer to hold data not ready for
 				    process to get (line oriented I/O)*/
@@ -205,7 +205,7 @@ erts_port_runq(Port *prt)
 	rq1 = rq2;
     }
 #else
-    return erts_common_run_queue;
+    return ERTS_RUNQ_IX(0);
 #endif
 }
 
@@ -323,12 +323,15 @@ struct erts_driver_t_ {
     void (*stop)(ErlDrvData drv_data);
     void (*finish)(void);
     void (*flush)(ErlDrvData drv_data);
-    void (*output)(ErlDrvData drv_data, char *buf, int len);
+    void (*output)(ErlDrvData drv_data, char *buf, ErlDrvSizeT len);
     void (*outputv)(ErlDrvData drv_data, ErlIOVec *ev); /* Might be NULL */
-    int (*control)(ErlDrvData drv_data, unsigned int command, char *buf, 
-		   int len, char **rbuf, int rlen); /* Might be NULL */
-    int (*call)(ErlDrvData drv_data, unsigned int command, char *buf, 
-		int len, char **rbuf, int rlen, unsigned int *flags); /* Might be NULL */ 
+    ErlDrvSSizeT (*control)(ErlDrvData drv_data, unsigned int command,
+			    char *buf, ErlDrvSizeT len,
+			    char **rbuf, ErlDrvSizeT rlen); /* Might be NULL */
+    ErlDrvSSizeT (*call)(ErlDrvData drv_data, unsigned int command,
+			 char *buf, ErlDrvSizeT len,
+			 char **rbuf, ErlDrvSizeT rlen, /* Might be NULL */
+			 unsigned int *flags);
     void (*event)(ErlDrvData drv_data, ErlDrvEvent event,
 		  ErlDrvEventData event_data);
     void (*ready_input)(ErlDrvData drv_data, ErlDrvEvent event); 
@@ -398,7 +401,7 @@ extern Eterm erts_ddll_monitor_driver(Process *p,
 
 typedef struct binary {
     ERTS_INTERNAL_BINARY_FIELDS
-    long orig_size;
+    SWord orig_size;
     char orig_bytes[1]; /* to be continued */
 } Binary;
 
@@ -407,7 +410,7 @@ typedef struct binary {
 
 typedef struct {
     ERTS_INTERNAL_BINARY_FIELDS
-    long orig_size;
+    SWord orig_size;
     void (*destructor)(Binary *);
     char magic_bin_data[1];
 } ErtsMagicBinary;
@@ -1053,7 +1056,8 @@ extern int erts_do_net_exits(DistEntry*, Eterm);
 extern int distribution_info(int, void *);
 extern int is_node_name_atom(Eterm a);
 
-extern int erts_net_message(Port *, DistEntry *, byte *, int, byte *, int);
+extern int erts_net_message(Port *, DistEntry *,
+			    byte *, ErlDrvSizeT, byte *, ErlDrvSizeT);
 
 extern void init_dist(void);
 extern int stop_dist(void);
@@ -1661,7 +1665,7 @@ do {									\
 #define ERTS_SMP_CHK_PEND_TRACE_MSGS(ESDP)
 #endif
 
-void bin_write(int, void*, byte*, int);
+void bin_write(int, void*, byte*, size_t);
 int intlist_to_buf(Eterm, char*, int); /* most callers pass plain char*'s */
 
 struct Sint_buf {
@@ -1677,7 +1681,7 @@ char* Sint_to_buf(Sint, struct Sint_buf*);
 #define ERTS_IOLIST_OVERFLOW 1
 #define ERTS_IOLIST_TYPE 2
 
-Eterm buf_to_intlist(Eterm**, char*, int, Eterm); /* most callers pass plain char*'s */
+Eterm buf_to_intlist(Eterm**, char*, size_t, Eterm); /* most callers pass plain char*'s */
 int io_list_to_buf(Eterm, char*, int);
 int io_list_to_buf2(Eterm, char*, int);
 int erts_iolist_size(Eterm, Uint *);
diff --git a/erts/emulator/beam/io.c b/erts/emulator/beam/io.c
index 132dc78515..b23b1f628d 100644
--- a/erts/emulator/beam/io.c
+++ b/erts/emulator/beam/io.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 1996-2011. All Rights Reserved.
+ * Copyright Ericsson AB 1996-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -164,8 +164,8 @@ erts_port_ioq_size(Port *pp)
 typedef struct line_buf_context {
     LineBuf **b;
     char *buf;
-    int left;
-    int retlen;
+    ErlDrvSizeT left;
+    ErlDrvSizeT retlen;
 } LineBufContext;
 
 #define LINEBUF_EMPTY 0
@@ -445,7 +445,7 @@ setup_port(Port* prt, Eterm pid, erts_driver_t *driver,
 
     prt->control_flags = 0;
     prt->connected = pid;
-    prt->drv_data = (long) drv_data;
+    prt->drv_data = (SWord) drv_data;
     prt->bytes_in = 0;
     prt->bytes_out = 0;
     prt->dist_entry = NULL;
@@ -644,11 +644,10 @@ erts_open_driver(erts_driver_t* driver,	/* Pointer to driver. */
 				    name, opts);
 	erts_unblock_fpe(fpe_was_unmasked);
 	port->caller = NIL;
-	erts_unblock_fpe(fpe_was_unmasked);
 	if (IS_TRACED_FL(port, F_TRACE_SCHED_PORTS)) {
 	    trace_sched_ports_where(port, am_out, am_start);
 	}
-	if (error_number_ptr && ((long) drv_data) == (long) -2)
+	if (error_number_ptr && ((SWord) drv_data) == (SWord) -2)
 	    *error_number_ptr = errno;
 #ifdef ERTS_SMP
 	if (port->xports)
@@ -657,10 +656,10 @@ erts_open_driver(erts_driver_t* driver,	/* Pointer to driver. */
 #endif
     }
 
-    if (((long)drv_data) == -1 || 
-	((long)drv_data) == -2 || 
-	((long)drv_data) == -3) {
-	int res = (int) ((long) drv_data);
+    if (((SWord)drv_data) == -1 || 
+	((SWord)drv_data) == -2 || 
+	((SWord)drv_data) == -3) {
+	int res = (int) ((SWord) drv_data);
 
 	if (res == -3 && error_number_ptr) {
 	    *error_number_ptr = BADARG;
@@ -689,7 +688,7 @@ erts_open_driver(erts_driver_t* driver,	/* Pointer to driver. */
 	erts_port_release(port);
 	return res;
     }
-    port->drv_data = (long) drv_data;
+    port->drv_data = (SWord) drv_data;
     return port_ix;
 }
 
@@ -819,6 +818,11 @@ erts_smp_xports_unlock(Port *prt)
 #define SET_VEC(iov, bv, bin, ptr, len, vlen) do {	\
    (iov)->iov_base = (ptr);				\
    (iov)->iov_len = (len);				\
+   if (sizeof((iov)->iov_len) < sizeof(len)				\
+       /* Check if (len) overflowed (iov)->iov_len */			\
+       && ((len) >> (sizeof((iov)->iov_len)*CHAR_BIT)) != 0) {		\
+       goto L_overflow;							\
+   }									\
    *(bv)++ = (bin);					\
    (iov)++;						\
    (vlen)++;						\
@@ -829,13 +833,13 @@ io_list_to_vec(Eterm obj,	/* io-list */
 	       SysIOVec* iov,	/* io vector */
 	       ErlDrvBinary** binv, /* binary reference vector */
 	       ErlDrvBinary* cbin, /* binary to store characters */
-	       int bin_limit)	/* small binaries limit */
+	       ErlDrvSizeT bin_limit)	/* small binaries limit */
 {
     DECLARE_ESTACK(s);
     Eterm* objp;
     char *buf  = cbin->orig_bytes;
-    int len    = cbin->orig_size;
-    int csize  = 0;
+    ErlDrvSizeT len = cbin->orig_size;
+    ErlDrvSizeT csize  = 0;
     int vlen   = 0;
     char* cptr = buf;
 
@@ -875,7 +879,7 @@ io_list_to_vec(Eterm obj,	/* io-list */
 	    Eterm real_bin;
 	    Uint offset;
 	    Eterm* bptr;
-	    int size;
+	    ErlDrvSizeT size;
 	    int bitoffs;
 	    int bitsize;
 
@@ -950,7 +954,7 @@ io_list_to_vec(Eterm obj,	/* io-list */
 
 #define IO_LIST_VEC_COUNT(obj)						\
 do {									\
-    int _size = binary_size(obj);					\
+    ErlDrvSizeT _size = binary_size(obj);				\
     Eterm _real;							\
     ERTS_DECLARE_DUMMY(Uint _offset);					\
     int _bitoffs;							\
@@ -1105,7 +1109,7 @@ int erts_write_to_port(Eterm caller_id, Port *p, Eterm list)
 	Uint csize;
 	Uint pvsize;
 	Uint pcsize;
-	int blimit;
+	ErlDrvSizeT blimit;
 	SysIOVec iv[SMALL_WRITE_VEC];
 	ErlDrvBinary* bv[SMALL_WRITE_VEC];
 	SysIOVec* ivp;
@@ -1147,11 +1151,21 @@ int erts_write_to_port(Eterm caller_id, Port *p, Eterm list)
 	ivp[0].iov_len = 0;
 	bvp[0] = NULL;
 	ev.vsize = io_list_to_vec(list, ivp+1, bvp+1, cbin, blimit);
+	if (ev.vsize < 0) {
+	    if (ivp != iv) {
+		erts_free(ERTS_ALC_T_TMP, (void *) ivp);
+	    }
+	    if (bvp != bv) {
+		erts_free(ERTS_ALC_T_TMP, (void *) bvp);
+	    }
+	    driver_free_binary(cbin);
+	    goto bad_value;
+	}
 	ev.vsize++;
 #if 0
 	/* This assertion may say something useful, but it can
 	   be falsified during the emulator test suites. */
-	ASSERT((ev.vsize >= 0) && (ev.vsize == vsize));
+	ASSERT(ev.vsize == vsize);
 #endif
 	ev.size = size;  /* total size */
 	ev.iov = ivp;
@@ -1361,7 +1375,8 @@ int bufsiz;
  * buf - A buffer containing the data to be read and split to lines.
  * len - The number of bytes in buf.
  */
-static int init_linebuf_context(LineBufContext *lc, LineBuf **lb, char *buf, int len)
+static int init_linebuf_context(LineBufContext *lc, LineBuf **lb,
+				char *buf, ErlDrvSizeT len)
 {
     if(lc == NULL || lb == NULL)
 	return -1;
@@ -1530,10 +1545,10 @@ deliver_result(Eterm sender, Eterm pid, Eterm res)
  */
 
 static void deliver_read_message(Port* prt, Eterm to,
-				 char *hbuf, int hlen,
-				 char *buf, int len, int eol)
+				 char *hbuf, ErlDrvSizeT hlen,
+				 char *buf, ErlDrvSizeT len, int eol)
 {
-    int need;
+    ErlDrvSizeT need;
     Eterm listp;
     Eterm tuple;
     Process* rp;
@@ -1613,8 +1628,8 @@ static void deliver_read_message(Port* prt, Eterm to,
  * deliver_read_message, and takes the same parameters.
  */
 static void deliver_linebuf_message(Port* prt, Eterm to, 
-				    char* hbuf, int hlen,
-				    char *buf, int len)
+				    char* hbuf, ErlDrvSizeT hlen,
+				    char *buf, ErlDrvSizeT len)
 {
     LineBufContext lc;
     int ret;
@@ -1657,14 +1672,14 @@ static void
 deliver_vec_message(Port* prt,			/* Port */
 		    Eterm to,			/* Receiving pid */
 		    char* hbuf,			/* "Header" buffer... */
-		    int hlen,			/* ... and its length */
+		    ErlDrvSizeT hlen,		/* ... and its length */
 		    ErlDrvBinary** binv,	/* Vector of binaries */
 		    SysIOVec* iov,		/* I/O vector */
 		    int vsize,			/* Size of binv & iov */
-		    int csize)			/* Size of characters in 
+		    ErlDrvSizeT csize)		/* Size of characters in
 						   iov (not hlen) */
 {
-    int need;
+    ErlDrvSizeT need;
     Eterm listp;
     Eterm tuple;
     Process* rp;
@@ -1745,7 +1760,7 @@ deliver_vec_message(Port* prt,			/* Port */
 	}
     }
 
-    if (hlen > 0) {		/* Prepend the header */
+    if (hlen != 0) {		/* Prepend the header */
 	Eterm* thp = hp;
 	listp = buf_to_intlist(&thp, hbuf, hlen, listp);
 	hp = thp;
@@ -1765,10 +1780,10 @@ deliver_vec_message(Port* prt,			/* Port */
 static void deliver_bin_message(Port*  prt,         /* port */
 				Eterm to,           /* receiving pid */
 				char* hbuf,         /* "header" buffer */
-				int hlen,           /* and it's length */
+				ErlDrvSizeT hlen,   /* and it's length */
 				ErlDrvBinary* bin,  /* binary data */
-				int offs,           /* offset into binary */
-				int len)            /* length of binary */
+				ErlDrvSizeT offs,   /* offset into binary */
+				ErlDrvSizeT len)    /* length of binary */
 {
     SysIOVec vec;
 
@@ -2156,8 +2171,9 @@ erts_port_control(Process* p, Port* prt, Uint command, Eterm iolist)
     int must_free = 0;		/* True if the buffer should be freed. */
     char port_result[ERL_ONHEAP_BIN_LIMIT];  /* Default buffer for result from port. */
     char* port_resp;		/* Pointer to result buffer. */
-    int n;
-    int (*control)(ErlDrvData, unsigned, char*, int, char**, int);
+    ErlDrvSSizeT n;
+    ErlDrvSSizeT (*control)
+	(ErlDrvData, unsigned, char*, ErlDrvSizeT, char**, ErlDrvSizeT);
     int fpe_was_unmasked;
 
     ERTS_SMP_LC_ASSERT(erts_lc_is_port_locked(prt));
@@ -3083,7 +3099,7 @@ driver_deliver_term(ErlDrvPort port,
 		Binary* bp = erts_bin_nrml_alloc(size);
 		ASSERT(bufp);
 		bp->flags = 0;
-		bp->orig_size = (long) size;
+		bp->orig_size = (SWord) size;
 		erts_refc_init(&bp->refc, 1);
 		sys_memcpy((void *) bp->orig_bytes, (void *) bufp, size);
 		pbp = (ProcBin *) hp;
@@ -3240,8 +3256,8 @@ driver_send_term(ErlDrvPort ix, ErlDrvTermData to, ErlDrvTermData* data, int len
  * and data is len length of bin starting from offset offs.
  */
 
-int driver_output_binary(ErlDrvPort ix, char* hbuf, int hlen,
-			 ErlDrvBinary* bin, int offs, int len)
+int driver_output_binary(ErlDrvPort ix, char* hbuf, ErlDrvSizeT hlen,
+			 ErlDrvBinary* bin, ErlDrvSizeT offs, ErlDrvSizeT len)
 {
     Port* prt = erts_drvport2port(ix);
 
@@ -3274,7 +3290,8 @@ int driver_output_binary(ErlDrvPort ix, char* hbuf, int hlen,
 ** Example: if hlen = 3 then the port owner will receive the data
 ** [H1,H2,H3 | T]
 */
-int driver_output2(ErlDrvPort ix, char* hbuf, int hlen, char* buf, int len)
+int driver_output2(ErlDrvPort ix, char* hbuf, ErlDrvSizeT hlen,
+		   char* buf, ErlDrvSizeT len)
 {
     Port* prt = erts_drvport2port(ix);
 
@@ -3311,27 +3328,29 @@ int driver_output2(ErlDrvPort ix, char* hbuf, int hlen, char* buf, int len)
 
 /* Interface functions available to driver writers */
 
-int driver_output(ErlDrvPort ix, char* buf, int len)
+int driver_output(ErlDrvPort ix, char* buf, ErlDrvSizeT len)
 {
     ERTS_SMP_CHK_NO_PROC_LOCKS;
     return driver_output2(ix, NULL, 0, buf, len);
 }
 
-int driver_outputv(ErlDrvPort ix, char* hbuf, int hlen, ErlIOVec* vec, int skip)
+int driver_outputv(ErlDrvPort ix, char* hbuf, ErlDrvSizeT hlen,
+		   ErlIOVec* vec, ErlDrvSizeT skip)
 {
     int n;
-    int len;
-    int size;
+    ErlDrvSizeT len;
+    ErlDrvSizeT size;
     SysIOVec* iov;
     ErlDrvBinary** binv;
     Port* prt;
 
     ERTS_SMP_CHK_NO_PROC_LOCKS;
 
-    size = vec->size - skip;   /* Size of remaining bytes in vector */
-    ASSERT(size >= 0);
-    if (size <= 0)
+    ASSERT(vec->size >= skip);
+    if (vec->size <= skip)
 	return driver_output2(ix, hbuf, hlen, NULL, 0);
+    size = vec->size - skip;   /* Size of remaining bytes in vector */
+
     ASSERT(hlen >= 0);       /* debug only */
     if (hlen < 0)
 	hlen = 0;
@@ -3375,17 +3394,14 @@ int driver_outputv(ErlDrvPort ix, char* hbuf, int hlen, ErlIOVec* vec, int skip)
 ** input is a vector a buffer and a max length
 ** return bytes copied
 */
-int driver_vec_to_buf(vec, buf, len)
-ErlIOVec* vec; 
-char* buf;
-int len;
+ErlDrvSizeT driver_vec_to_buf(ErlIOVec *vec, char *buf, ErlDrvSizeT len)
 {
     SysIOVec* iov = vec->iov;
     int n = vec->vsize;
-    int orig_len = len;
+    ErlDrvSizeT orig_len = len;
 
     while(n--) {
-	int ilen = iov->iov_len;
+	size_t ilen = iov->iov_len;
 	if (ilen < len) {
 	    sys_memcpy(buf, iov->iov_base, ilen);
 	    len -= ilen;
@@ -3437,43 +3453,34 @@ driver_binary_dec_refc(ErlDrvBinary *dbp)
 */
 
 ErlDrvBinary*
-driver_alloc_binary(int size)
+driver_alloc_binary(ErlDrvSizeT size)
 {
     Binary* bin;
 
-    if (size < 0)
-	return NULL;
-
     bin = erts_bin_drv_alloc_fnf((Uint) size);
     if (!bin)
 	return NULL; /* The driver write must take action */
     bin->flags = BIN_FLAG_DRV;
     erts_refc_init(&bin->refc, 1);
-    bin->orig_size = (long) size;
+    bin->orig_size = (SWord) size;
     return Binary2ErlDrvBinary(bin);
 }
 
 /* Reallocate space hold by binary */
 
-ErlDrvBinary* driver_realloc_binary(ErlDrvBinary* bin, int size)
+ErlDrvBinary* driver_realloc_binary(ErlDrvBinary* bin, ErlDrvSizeT size)
 {
     Binary* oldbin;
     Binary* newbin;
 
-    if (!bin || size < 0) {
+    if (!bin) {
 	erts_dsprintf_buf_t *dsbufp = erts_create_logger_dsbuf();
 	erts_dsprintf(dsbufp,
-		      "Bad use of driver_realloc_binary(%p, %d): "
+		      "Bad use of driver_realloc_binary(%p, %lu): "
 		      "called with ",
-		      bin, size);
+		      bin, (unsigned long)size);
 	if (!bin) {
 	    erts_dsprintf(dsbufp, "NULL pointer as first argument");
-	    if (size < 0)
-		erts_dsprintf(dsbufp, ", and ");
-	}
-	if (size < 0) {
-	    erts_dsprintf(dsbufp, "negative size as second argument");
-	    size = 0;
 	}
 	erts_send_warning_to_logger_nogl(dsbufp);
 	if (!bin)
@@ -3513,12 +3520,12 @@ ErlDrvBinary* dbin;
  * Allocation/deallocation of memory for drivers 
  */
 
-void *driver_alloc(size_t size)
+void *driver_alloc(ErlDrvSizeT size)
 {
     return erts_alloc_fnf(ERTS_ALC_T_DRV, (Uint) size);
 }
 
-void *driver_realloc(void *ptr, size_t size)
+void *driver_realloc(void *ptr, ErlDrvSizeT size)
 {
     return erts_realloc_fnf(ERTS_ALC_T_DRV, ptr, (Uint) size);
 }
@@ -3780,11 +3787,11 @@ static int expandq(ErlIOQueue* q, int n, int tail)
 
 
 /* Put elements from vec at q tail */
-int driver_enqv(ErlDrvPort ix, ErlIOVec* vec, int skip)
+int driver_enqv(ErlDrvPort ix, ErlIOVec* vec, ErlDrvSizeT skip)
 {
     int n;
-    int len;
-    int size;
+    size_t len;
+    ErlDrvSizeT size;
     SysIOVec* iov;
     ErlDrvBinary** binv;
     ErlDrvBinary*  b;
@@ -3793,10 +3800,10 @@ int driver_enqv(ErlDrvPort ix, ErlIOVec* vec, int skip)
     if (q == NULL)
 	return -1;
 
-    size = vec->size - skip;
-    ASSERT(size >= 0);       /* debug only */
-    if (size <= 0)
+    ASSERT(vec->size >= skip);       /* debug only */
+    if (vec->size <= skip)
 	return 0;
+    size = vec->size - skip;
 
     iov = vec->iov;
     binv = vec->binv;
@@ -3846,11 +3853,11 @@ int driver_enqv(ErlDrvPort ix, ErlIOVec* vec, int skip)
 }
 
 /* Put elements from vec at q head */
-int driver_pushqv(ErlDrvPort ix, ErlIOVec* vec, int skip)
+int driver_pushqv(ErlDrvPort ix, ErlIOVec* vec, ErlDrvSizeT skip)
 {
     int n;
-    int len;
-    int size;
+    size_t len;
+    ErlDrvSizeT size;
     SysIOVec* iov;
     ErlDrvBinary** binv;
     ErlDrvBinary* b;
@@ -3859,8 +3866,10 @@ int driver_pushqv(ErlDrvPort ix, ErlIOVec* vec, int skip)
     if (q == NULL)
 	return -1;
 
-    if ((size = vec->size - skip) <= 0)
+    if (vec->size <= skip)
 	return 0;
+    size = vec->size - skip;
+
     iov = vec->iov;
     binv = vec->binv;
     n = vec->vsize;
@@ -3915,15 +3924,14 @@ int driver_pushqv(ErlDrvPort ix, ErlIOVec* vec, int skip)
 ** Remove size bytes from queue head
 ** Return number of bytes that remain in queue
 */
-int driver_deq(ErlDrvPort ix, int size)
+ErlDrvSizeT driver_deq(ErlDrvPort ix, ErlDrvSizeT size)
 {
     ErlIOQueue* q = drvport2ioq(ix);
-    int len;
-    int sz;
+    ErlDrvSizeT len;
 
-    if ((q == NULL) || (sz = (q->size - size)) < 0)
+    if ((q == NULL) || (q->size < size))
 	return -1;
-    q->size = sz;
+    q->size -= size;
     while (size > 0) {
 	ASSERT(q->v_head != q->v_tail);
 
@@ -3946,16 +3954,16 @@ int driver_deq(ErlDrvPort ix, int size)
 	q->v_head = q->v_tail = q->v_start;
 	q->b_head = q->b_tail = q->b_start;
     }
-    return sz;
+    return q->size;
 }
 
 
-int driver_peekqv(ErlDrvPort ix, ErlIOVec *ev) {
+ErlDrvSizeT driver_peekqv(ErlDrvPort ix, ErlIOVec *ev) {
     ErlIOQueue *q = drvport2ioq(ix);
     ASSERT(ev);
 
     if (! q) {
-	return -1;
+	return (ErlDrvSizeT) -1;
     } else {
 	if ((ev->vsize = q->v_tail - q->v_head) == 0) {
 	    ev->size = 0;
@@ -3984,12 +3992,12 @@ SysIOVec* driver_peekq(ErlDrvPort ix, int* vlenp)  /* length of io-vector */
 }
 
 
-int driver_sizeq(ErlDrvPort ix)
+ErlDrvSizeT driver_sizeq(ErlDrvPort ix)
 {
     ErlIOQueue* q = drvport2ioq(ix);
 
     if (q == NULL)
-	return -1;
+	return (size_t) -1;
     return q->size;
 }
 
@@ -3997,7 +4005,8 @@ int driver_sizeq(ErlDrvPort ix)
 /* Utils */
 
 /* Enqueue a binary */
-int driver_enq_bin(ErlDrvPort ix, ErlDrvBinary* bin, int offs, int len)
+int driver_enq_bin(ErlDrvPort ix, ErlDrvBinary* bin,
+		   ErlDrvSizeT offs, ErlDrvSizeT len)
 {
     SysIOVec      iov;
     ErlIOVec      ev;
@@ -4014,7 +4023,7 @@ int driver_enq_bin(ErlDrvPort ix, ErlDrvBinary* bin, int offs, int len)
     return driver_enqv(ix, &ev, 0);
 }
 
-int driver_enq(ErlDrvPort ix, char* buffer, int len)
+int driver_enq(ErlDrvPort ix, char* buffer, ErlDrvSizeT len)
 {
     int code;
     ErlDrvBinary* bin;
@@ -4030,7 +4039,8 @@ int driver_enq(ErlDrvPort ix, char* buffer, int len)
     return code;
 }
 
-int driver_pushq_bin(ErlDrvPort ix, ErlDrvBinary* bin, int offs, int len)
+int driver_pushq_bin(ErlDrvPort ix, ErlDrvBinary* bin,
+		     ErlDrvSizeT offs, ErlDrvSizeT len)
 {
     SysIOVec      iov;
     ErlIOVec      ev;
@@ -4047,7 +4057,7 @@ int driver_pushq_bin(ErlDrvPort ix, ErlDrvBinary* bin, int offs, int len)
     return driver_pushqv(ix, &ev, 0);
 }
 
-int driver_pushq(ErlDrvPort ix, char* buffer, int len)
+int driver_pushq(ErlDrvPort ix, char* buffer, ErlDrvSizeT len)
 {
     int code;
     ErlDrvBinary* bin;
@@ -4076,7 +4086,7 @@ drv_cancel_timer(Port *prt)
 	erts_port_task_abort(prt->id, &prt->timeout_task);
 }
 
-int driver_set_timer(ErlDrvPort ix, UWord t)
+int driver_set_timer(ErlDrvPort ix, unsigned long t)
 {
     Port* prt = erts_drvport2port(ix);
 
@@ -4768,7 +4778,7 @@ get_current_port(void)
  */
 
 static void
-no_output_callback(ErlDrvData drv_data, char *buf, int len)
+no_output_callback(ErlDrvData drv_data, char *buf, ErlDrvSizeT len)
 {
 
 }
@@ -4819,16 +4829,11 @@ static int
 init_driver(erts_driver_t *drv, ErlDrvEntry *de, DE_Handle *handle)
 {
     drv->name = de->driver_name;
-    if (de->extended_marker == ERL_DRV_EXTENDED_MARKER) {
-	drv->version.major = de->major_version;
-	drv->version.minor = de->minor_version;
-	drv->flags = de->driver_flags;
-    }
-    else {
-	drv->version.major = 0;
-	drv->version.minor = 0;
-	drv->flags = 0;
-    }
+    ASSERT(de->extended_marker == ERL_DRV_EXTENDED_MARKER);
+    ASSERT(de->major_version >= 2);
+    drv->version.major = de->major_version;
+    drv->version.minor = de->minor_version;
+    drv->flags = de->driver_flags;
     drv->handle = handle;
 #ifdef ERTS_SMP
     if (drv->flags & ERL_DRV_FLAG_USE_PORT_LOCKING)
@@ -4861,11 +4866,8 @@ init_driver(erts_driver_t *drv, ErlDrvEntry *de, DE_Handle *handle)
     drv->ready_output = de->ready_output ? de->ready_output : no_ready_output_callback;
     drv->timeout = de->timeout ? de->timeout : no_timeout_callback;
     drv->ready_async = de->ready_async;
-    if (de->extended_marker == ERL_DRV_EXTENDED_MARKER)
-	drv->process_exit = de->process_exit;
-    else
-	drv->process_exit = NULL;
-    if (de->minor_version >= 3/*R13A*/ && de->stop_select)
+    drv->process_exit = de->process_exit;
+    if (de->stop_select)
 	drv->stop_select = de->stop_select;
     else
 	drv->stop_select = no_stop_select_callback;
diff --git a/erts/emulator/beam/packet_parser.c b/erts/emulator/beam/packet_parser.c
index a66d60aa22..f1cfa8df39 100644
--- a/erts/emulator/beam/packet_parser.c
+++ b/erts/emulator/beam/packet_parser.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 2008-2010. All Rights Reserved.
+ * Copyright Ericsson AB 2008-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -301,7 +301,11 @@ int packet_get_length(enum PacketParseType htype,
         /* TCP_PB_LINE_LF:  [Data ... \n]  */
         const char* ptr2;
         if ((ptr2 = memchr(ptr, '\n', n)) == NULL) {
-            if (n >= trunc_len && trunc_len!=0) { /* buffer full */
+            if (n > max_plen && max_plen != 0) { /* packet full */
+                DEBUGF((" => packet full (no NL)=%d\r\n", n));
+                goto error;
+            }
+            else if (n >= trunc_len && trunc_len!=0) { /* buffer full */
                 DEBUGF((" => line buffer full (no NL)=%d\r\n", n));
                 return trunc_len;
             }
@@ -309,6 +313,10 @@ int packet_get_length(enum PacketParseType htype,
         }
         else {
             int len = (ptr2 - ptr) + 1; /* including newline */
+            if (len > max_plen && max_plen!=0) {
+                DEBUGF((" => packet_size %d exceeded\r\n", max_plen));
+                goto error;
+            }
             if (len > trunc_len && trunc_len!=0) {
                 DEBUGF((" => truncated line=%d\r\n", trunc_len));
                 return trunc_len;
@@ -397,33 +405,50 @@ int packet_get_length(enum PacketParseType htype,
             const char* ptr1 = ptr;
             int   len = plen;
             
+	    if (!max_plen) {
+		/* This is for backward compatibility with old user of decode_packet
+		 * that might use option 'line_length' to limit accepted length of
+		 * http lines.
+		 */
+		max_plen = trunc_len;
+	    }
+
             while (1) {
                 const char* ptr2 = memchr(ptr1, '\n', len);
                 
                 if (ptr2 == NULL) {
-                    if (n >= trunc_len && trunc_len!=0) { /* buffer full */
-                        plen = trunc_len;
-                        goto done;
+                    if (max_plen != 0) {
+                        if (n >= max_plen) /* packet full */
+                            goto error;
                     }
                     goto more;
                 }
                 else {
                     plen = (ptr2 - ptr) + 1;
-                    
-                    if (*statep == 0)
+
+                    if (*statep == 0) {
+                        if (max_plen != 0 && plen > max_plen)
+                            goto error;
                         goto done;
-                    
+                    }
+
                     if (plen < n) {
                         if (SP(ptr2+1) && plen>2) {
                             /* header field value continue on next line */
                             ptr1 = ptr2+1;
                             len = n - plen;
                         }
-                        else
+                        else {
+                            if (max_plen != 0 && plen > max_plen)
+                                goto error;
                             goto done;
+                        }
                     }
-                    else
+                    else {
+                        if (max_plen != 0 && plen > max_plen)
+                            goto error;
                         goto more;
+                    }
                 }
             }
         }
diff --git a/erts/emulator/beam/register.h b/erts/emulator/beam/register.h
index 97bab3ab71..bf15e63554 100644
--- a/erts/emulator/beam/register.h
+++ b/erts/emulator/beam/register.h
@@ -41,7 +41,7 @@ struct port;
 typedef struct reg_proc
 {
     HashBucket bucket;  /* MUST BE LOCATED AT TOP OF STRUCT!!! */
-    Process *p;         /* The process registerd (only one of this and
+    Process *p;         /* The process registered (only one of this and
 			   'pt' is non-NULL */
     struct port *pt;    /* The port registered */
     Eterm name;         /* Atom name */
diff --git a/erts/emulator/beam/sys.h b/erts/emulator/beam/sys.h
index 94c36c8c59..eb6f2f8516 100644
--- a/erts/emulator/beam/sys.h
+++ b/erts/emulator/beam/sys.h
@@ -221,7 +221,8 @@ int real_printf(const char *fmt, ...);
 */
 
 #if !((SIZEOF_VOID_P >= 4) && (SIZEOF_VOID_P == SIZEOF_SIZE_T) \
-      && ((SIZEOF_VOID_P == SIZEOF_INT) || (SIZEOF_VOID_P == SIZEOF_LONG)))
+      && ((SIZEOF_VOID_P == SIZEOF_INT) || (SIZEOF_VOID_P == SIZEOF_LONG) || \
+          (SIZEOF_VOID_P == SIZEOF_LONG_LONG)))
 #error Cannot handle this combination of int/long/void*/size_t sizes
 #endif
 
@@ -255,6 +256,7 @@ typedef unsigned int Eterm;
 typedef unsigned int Uint;
 typedef int          Sint;
 #define ERTS_SIZEOF_ETERM SIZEOF_INT
+#define ErtsStrToSint strtol
 #else
 #error Found no appropriate type to use for 'Eterm', 'Uint' and 'Sint'
 #endif
@@ -262,9 +264,18 @@ typedef int          Sint;
 #if SIZEOF_VOID_P == SIZEOF_LONG
 typedef unsigned long UWord;
 typedef long          SWord;
+#define SWORD_CONSTANT(Const) Const##L
+#define UWORD_CONSTANT(Const) Const##UL
 #elif SIZEOF_VOID_P == SIZEOF_INT
 typedef unsigned int UWord;
 typedef int          SWord;
+#define SWORD_CONSTANT(Const) Const
+#define UWORD_CONSTANT(Const) Const##U
+#elif SIZEOF_VOID_P == SIZEOF_LONG_LONG
+typedef unsigned long long UWord;
+typedef long long          SWord;
+#define SWORD_CONSTANT(Const) Const##LL
+#define UWORD_CONSTANT(Const) Const##ULL
 #else
 #error Found no appropriate type to use for 'Eterm', 'Uint' and 'Sint'
 #endif
@@ -275,12 +286,30 @@ typedef int          SWord;
 typedef unsigned long Eterm;
 typedef unsigned long Uint;
 typedef long          Sint;
+#define SWORD_CONSTANT(Const) Const##L
+#define UWORD_CONSTANT(Const) Const##UL
 #define ERTS_SIZEOF_ETERM SIZEOF_LONG
+#define ErtsStrToSint strtol
 #elif SIZEOF_VOID_P == SIZEOF_INT
 typedef unsigned int Eterm;
 typedef unsigned int Uint;
 typedef int          Sint;
+#define SWORD_CONSTANT(Const) Const
+#define UWORD_CONSTANT(Const) Const##U
 #define ERTS_SIZEOF_ETERM SIZEOF_INT
+#define ErtsStrToSint strtol
+#elif SIZEOF_VOID_P == SIZEOF_LONG_LONG
+typedef unsigned long long Eterm;
+typedef unsigned long long Uint;
+typedef long long          Sint;
+#define SWORD_CONSTANT(Const) Const##LL
+#define UWORD_CONSTANT(Const) Const##ULL
+#define ERTS_SIZEOF_ETERM SIZEOF_LONG_LONG
+#if defined(__WIN32__)
+#define ErtsStrToSint _strtoi64
+#else
+#define ErtsStrToSint strtoll
+#endif
 #else
 #error Found no appropriate type to use for 'Eterm', 'Uint' and 'Sint'
 #endif
@@ -615,10 +644,11 @@ extern char *erts_sys_ddll_error(int code);
 /*
  * System interfaces for startup.
  */
+#include "erl_time.h"
 
 void erts_sys_schedule_interrupt(int set);
 #ifdef ERTS_SMP
-void erts_sys_schedule_interrupt_timed(int set, long msec);
+void erts_sys_schedule_interrupt_timed(int set, erts_short_time_t msec);
 void erts_sys_main_thread(void);
 #endif
 
@@ -635,17 +665,24 @@ Preload* sys_preloaded(void);
 unsigned char* sys_preload_begin(Preload*);
 void sys_preload_end(Preload*);
 int sys_get_key(int);
-void elapsed_time_both(unsigned long *ms_user, unsigned long *ms_sys, 
-		       unsigned long *ms_user_diff, unsigned long *ms_sys_diff);
-void wall_clock_elapsed_time_both(unsigned long *ms_total, 
-				  unsigned long *ms_diff);
+void elapsed_time_both(UWord *ms_user, UWord *ms_sys, 
+		       UWord *ms_user_diff, UWord *ms_sys_diff);
+void wall_clock_elapsed_time_both(UWord *ms_total, 
+				  UWord *ms_diff);
 void get_time(int *hour, int *minute, int *second);
 void get_date(int *year, int *month, int *day);
 void get_localtime(int *year, int *month, int *day, 
 		   int *hour, int *minute, int *second);
 void get_universaltime(int *year, int *month, int *day, 
 		       int *hour, int *minute, int *second);
-int univ_to_local(Sint *year, Sint *month, Sint *day, 
+int seconds_to_univ(Sint64 seconds, 
+		    Sint *year, Sint *month, Sint *day, 
+		    Sint *hour, Sint *minute, Sint *second);
+int univ_to_seconds(Sint year, Sint month, Sint day, 
+		    Sint hour, Sint minute, Sint second,
+		    Sint64* seconds);
+int univ_to_local(
+    Sint *year, Sint *month, Sint *day, 
 		  Sint *hour, Sint *minute, Sint *second);
 int local_to_univ(Sint *year, Sint *month, Sint *day, 
 		  Sint *hour, Sint *minute, Sint *second, int isdst);
@@ -968,6 +1005,19 @@ void erl_bin_write(unsigned char *, int, int);
 
 #endif
 
+#ifdef __WIN32__
+#ifdef ARCH_64
+#define ERTS_ALLOC_ALIGN_BYTES 16
+#define ERTS_SMALL_ABS(Small) _abs64(Small) 
+#else
+#define ERTS_ALLOC_ALIGN_BYTES 8
+#define ERTS_SMALL_ABS(Small) labs(Small) 
+#endif
+#else
+#define ERTS_ALLOC_ALIGN_BYTES 8
+#define ERTS_SMALL_ABS(Small) labs(Small) 
+#endif
+
 
 #ifdef __WIN32__
 
diff --git a/erts/emulator/beam/time.c b/erts/emulator/beam/time.c
index db9a24e0a3..932d157cd8 100644
--- a/erts/emulator/beam/time.c
+++ b/erts/emulator/beam/time.c
@@ -107,20 +107,31 @@ static ErlTimer *tiw_min_ptr;
 /* Actual interval time chosen by sys_init_time() */
 static int itime; /* Constant after init */
 
-erts_smp_atomic_t do_time;	/* set at clock interrupt */
-static ERTS_INLINE erts_aint_t do_time_read(void) { return erts_smp_atomic_read_acqb(&do_time); }
-static ERTS_INLINE erts_aint_t do_time_update(void) { return do_time_read(); }
-static ERTS_INLINE void do_time_init(void) { erts_smp_atomic_init_nob(&do_time, 0L); }
+erts_smp_atomic32_t do_time;	/* set at clock interrupt */
+static ERTS_INLINE erts_short_time_t do_time_read(void)
+{
+    return erts_smp_atomic32_read_acqb(&do_time);
+}
+
+static ERTS_INLINE erts_short_time_t do_time_update(void)
+{
+    return do_time_read();
+}
+
+static ERTS_INLINE void do_time_init(void)
+{
+    erts_smp_atomic32_init_nob(&do_time, 0);
+}
 
 /* get the time (in units of itime) to the next timeout,
    or -1 if there are no timeouts                     */
 
-static erts_aint_t next_time_internal(void) /* PRE: tiw_lock taken by caller */
+static erts_short_time_t next_time_internal(void) /* PRE: tiw_lock taken by caller */
 {
     int i, tm, nto;
-    unsigned int min;
+    Uint32 min;
     ErlTimer* p;
-    erts_aint_t dt;
+    erts_short_time_t dt;
   
     if (tiw_nto == 0)
 	return -1;	/* no timeouts in wheel */
@@ -133,7 +144,7 @@ static erts_aint_t next_time_internal(void) /* PRE: tiw_lock taken by caller */
   
     /* start going through wheel to find next timeout */
     tm = nto = 0;
-    min = (unsigned int) -1;	/* max unsigned int */
+    min = (Uint32) -1;	/* max Uint32 */
     i = tiw_pos;
     do {
 	p = tiw[i];
@@ -162,7 +173,11 @@ static erts_aint_t next_time_internal(void) /* PRE: tiw_lock taken by caller */
 	i = (i + 1) % TIW_SIZE;
     } while (i != tiw_pos);
     dt = do_time_read();
-    return ((min >= dt) ? (min - dt) : 0);
+    if (min <= (Uint32) dt)
+	return 0;
+    if ((min - (Uint32) dt) > (Uint32) ERTS_SHORT_TIME_T_MAX)
+	return ERTS_SHORT_TIME_T_MAX;
+    return (erts_short_time_t) (min - (Uint32) dt);
 }
 
 static void remove_timer(ErlTimer *p) {
@@ -191,9 +206,9 @@ static void remove_timer(ErlTimer *p) {
 }
 
 /* Private export to erl_time_sup.c */
-erts_aint_t erts_next_time(void)
+erts_short_time_t erts_next_time(void)
 {
-    erts_aint_t ret;
+    erts_short_time_t ret;
 
     erts_smp_mtx_lock(&tiw_lock);
     (void)do_time_update();
@@ -202,7 +217,7 @@ erts_aint_t erts_next_time(void)
     return ret;
 }
 
-static ERTS_INLINE void bump_timer_internal(erts_aint_t dt) /* PRE: tiw_lock is write-locked */
+static ERTS_INLINE void bump_timer_internal(erts_short_time_t dt) /* PRE: tiw_lock is write-locked */
 {
     Uint keep_pos;
     Uint count;
@@ -273,7 +288,7 @@ static ERTS_INLINE void bump_timer_internal(erts_aint_t dt) /* PRE: tiw_lock is
     }
 }
 
-void erts_bump_timer(erts_aint_t dt) /* dt is value from do_time */
+void erts_bump_timer(erts_short_time_t dt) /* dt is value from do_time */
 {
     erts_smp_mtx_lock(&tiw_lock);
     bump_timer_internal(dt);
@@ -378,8 +393,8 @@ erts_set_timer(ErlTimer* p, ErlTimeoutProc timeout, ErlCancelProc cancel,
     insert_timer(p, t);
     erts_smp_mtx_unlock(&tiw_lock);
 #if defined(ERTS_SMP)
-    if (t <= (Uint) LONG_MAX)
-	erts_sys_schedule_interrupt_timed(1, (long) t);
+    if (t <= (Uint) ERTS_SHORT_TIME_T_MAX)
+	erts_sys_schedule_interrupt_timed(1, (erts_short_time_t) t);
 #endif
 }
 
@@ -419,7 +434,7 @@ Uint
 erts_time_left(ErlTimer *p)
 {
     Uint left;
-    erts_aint_t dt;
+    erts_short_time_t dt;
 
     erts_smp_mtx_lock(&tiw_lock);
 
diff --git a/erts/emulator/beam/utils.c b/erts/emulator/beam/utils.c
index e4ad7dcb24..49b6618f73 100644
--- a/erts/emulator/beam/utils.c
+++ b/erts/emulator/beam/utils.c
@@ -45,6 +45,7 @@
 #include "erl_thr_progress.h"
 #include "erl_thr_queue.h"
 #include "erl_sched_spec_pre_alloc.h"
+#include "beam_bp.h"
 
 #undef M_TRIM_THRESHOLD
 #undef M_TOP_PAD
@@ -2647,7 +2648,7 @@ tailrecur_ne:
 	FloatDef f1, f2;
 	Eterm big;
 #if HEAP_ON_C_STACK
-	Eterm big_buf[32]; /* If HEAP_ON_C_STACK */
+	Eterm big_buf[CMP_TMP_HEAP_SIZE]; /* If HEAP_ON_C_STACK */
 #else
 	Eterm *big_buf = erts_get_scheduler_data()->cmp_tmp_heap;
 #endif
@@ -2660,6 +2661,7 @@ tailrecur_ne:
 #endif
 #define MAX_LOSSLESS_FLOAT ((double)((1LL << 53) - 2))
 #define MIN_LOSSLESS_FLOAT ((double)(((1LL << 53) - 2)*-1))
+#define BIG_ARITY_FLOAT_MAX (1024 / D_EXP) /* arity of max float as a bignum */
 	b_tag = tag_val_def(bw);
 
 	switch(_NUMBER_CODE(a_tag, b_tag)) {
@@ -2692,16 +2694,24 @@ tailrecur_ne:
 	    }
 #endif // ERTS_SIZEOF_ETERM == 8
 	    break;
+        case FLOAT_BIG:
+	{
+	    Wterm tmp = aw;
+	    aw = bw;
+	    bw = tmp;
+	}/* fall through */
 	case BIG_FLOAT:
 	    GET_DOUBLE(bw, f2);
 	    if ((f2.fd < (double) (MAX_SMALL + 1))
 		    && (f2.fd > (double) (MIN_SMALL - 1))) {
 		// Float is a Sint
 		j = big_sign(aw) ? -1 : 1;
-	    } else if ((pow(2.0,(big_arity(aw)-1.0)*D_EXP)-1.0) > fabs(f2.fd)) {
+	    } else if (big_arity(aw) > BIG_ARITY_FLOAT_MAX
+		       || pow(2.0,(big_arity(aw)-1)*D_EXP) > fabs(f2.fd)) {
 		// If bignum size shows that it is bigger than the abs float
 		j = big_sign(aw) ? -1 : 1;
-	    } else if ((pow(2.0,(big_arity(aw))*D_EXP)-1.0) < fabs(f2.fd)) {
+	    } else if (big_arity(aw) < BIG_ARITY_FLOAT_MAX
+		       && (pow(2.0,(big_arity(aw))*D_EXP)-1.0) < fabs(f2.fd)) {
 		// If bignum size shows that it is smaller than the abs float
 		j = f2.fd < 0 ? 1 : -1;
 	    } else if (f2.fd < MAX_LOSSLESS_FLOAT && f2.fd > MIN_LOSSLESS_FLOAT) {
@@ -2715,6 +2725,9 @@ tailrecur_ne:
 		big = double_to_big(f2.fd, big_buf);
 		j = big_comp(aw, big);
 	    }
+	    if (_NUMBER_CODE(a_tag, b_tag) == FLOAT_BIG) {
+		j = -j;
+	    }
 	    break;
 	case FLOAT_SMALL:
 	    GET_DOUBLE(aw, f1);
@@ -2739,29 +2752,6 @@ tailrecur_ne:
 	    }
 #endif // ERTS_SIZEOF_ETERM == 8
 	    break;
-	case FLOAT_BIG:
-	    GET_DOUBLE(aw, f1);
-	    if ((f1.fd < (double) (MAX_SMALL + 1))
-		    && (f1.fd > (double) (MIN_SMALL - 1))) { // Float is a Sint
-		j = big_sign(bw) ? 1 : -1;
-	    } else if ((pow(2.0, (big_arity(bw) - 1.0) * D_EXP) - 1.0) > fabs(f1.fd)) {
-		// If bignum size shows that it is bigger than the abs float
-		j = big_sign(bw) ? 1 : -1;
-	    } else if ((pow(2.0,(big_arity(bw))*D_EXP)-1.0) < fabs(f1.fd)) {
-		// If bignum size shows that it is smaller than the abs float
-		j = f1.fd < 0 ? -1 : 1;
-	    } else if (f1.fd < MAX_LOSSLESS_FLOAT && f1.fd > MIN_LOSSLESS_FLOAT) {
-		// Float is within the no loss limit
-		if (big_to_double(bw, &f2.fd) < 0) {
-		    j = big_sign(bw) ? 1 : -1;
-		} else {
-		    j = float_comp(f1.fd, f2.fd);
-		}
-	    } else {
-		big = double_to_big(f1.fd, big_buf);
-		j = big_comp(big, bw);
-	    }
-	    break;
 	default:
 	    j = b_tag - a_tag;
 	}
@@ -2875,9 +2865,9 @@ store_external_or_ref_in_proc_(Process *proc, Eterm ns)
     return store_external_or_ref_(&hp, &MSO(proc), ns);
 }
 
-void bin_write(int to, void *to_arg, byte* buf, int sz)
+void bin_write(int to, void *to_arg, byte* buf, size_t sz)
 {
-    int i;
+    size_t i;
 
     for (i=0;i<sz;i++) {
 	if (IS_DIGIT(buf[i]))
@@ -2952,15 +2942,15 @@ char* Sint_to_buf(Sint n, struct Sint_buf *buf)
 */
 
 Eterm
-buf_to_intlist(Eterm** hpp, char *buf, int len, Eterm tail)
+buf_to_intlist(Eterm** hpp, char *buf, size_t len, Eterm tail)
 {
     Eterm* hp = *hpp;
-    int i = len - 1;
+    size_t i = len;
 
-    while(i >= 0) {
+    while(i != 0) {
+	--i;
 	tail = CONS(hp, make_small((Uint)(byte)buf[i]), tail);
 	hp += 2;
-	--i;
     }
 
     *hpp = hp;
@@ -3469,11 +3459,9 @@ void erts_silence_warn_unused_result(long unused)
  * Handy functions when using a debugger - don't use in the code!
  */
 
-void upp(buf,sz)
-byte* buf;
-int sz;
+void upp(byte *buf, size_t sz)
 {
-    bin_write(ERTS_PRINT_STDERR,NULL,buf,sz);
+    bin_write(ERTS_PRINT_STDERR, NULL, buf, sz);
 }
 
 void pat(Eterm atom)
diff --git a/erts/emulator/drivers/common/efile_drv.c b/erts/emulator/drivers/common/efile_drv.c
index 901d98c09d..36ed108b76 100644
--- a/erts/emulator/drivers/common/efile_drv.c
+++ b/erts/emulator/drivers/common/efile_drv.c
@@ -55,6 +55,7 @@
 #define FILE_READ_LINE          29
 #define FILE_FDATASYNC          30
 #define FILE_FADVISE            31
+#define FILE_SENDFILE           32
 
 /* Return codes */
 
@@ -98,7 +99,14 @@
 #  include "config.h"
 #endif
 #include <stdlib.h>
+
+// Need (NON)BLOCKING macros for sendfile
+#ifndef WANT_NONBLOCKING
+#define WANT_NONBLOCKING
+#endif
+
 #include "sys.h"
+
 #include "erl_driver.h"
 #include "erl_efile.h"
 #include "erl_threads.h"
@@ -140,6 +148,22 @@ static ErlDrvSysInfo sys_info;
 #define MUTEX_UNLOCK(m)
 #endif
 
+
+/**
+ * On DARWIN sendfile can deadlock with close if called in
+ * different threads. So until Apple fixes so that sendfile
+ * is not buggy we disable usage of the async pool for
+ * DARWIN. The testcase t_sendfile_crashduring reproduces
+ * this error when using +A 10.
+ */
+#if !defined(DARWIN)
+#define USE_THRDS_FOR_SENDFILE (sys_info.async_threads > 0)
+#else
+#define USE_THRDS_FOR_SENDFILE 0
+#endif /* !DARWIN */
+
+
+
 #if 0
 /* Experimental, for forcing all file operations to use the same thread. */
    static unsigned file_fixed_key = 1;
@@ -217,17 +241,25 @@ typedef unsigned char uchar;
 static ErlDrvData file_start(ErlDrvPort port, char* command);
 static int file_init(void);
 static void file_stop(ErlDrvData);
-static void file_output(ErlDrvData, char* buf, int len);
-static int file_control(ErlDrvData, unsigned int command, 
-			char* buf, int len, char **rbuf, int rlen);
+static void file_output(ErlDrvData, char* buf, ErlDrvSizeT len);
+static ErlDrvSSizeT file_control(ErlDrvData, unsigned int command,
+				 char* buf, ErlDrvSizeT len,
+				 char **rbuf, ErlDrvSizeT rlen);
 static void file_timeout(ErlDrvData);
 static void file_outputv(ErlDrvData, ErlIOVec*);
 static void file_async_ready(ErlDrvData, ErlDrvThreadData);
 static void file_flush(ErlDrvData);
 
+#ifdef HAVE_SENDFILE
+static void file_ready_output(ErlDrvData data, ErlDrvEvent event);
+static void file_stop_select(ErlDrvEvent event, void* _);
+#endif /* HAVE_SENDFILE */
 
 
 enum e_timer {timer_idle, timer_again, timer_write};
+#ifdef HAVE_SENDFILE
+enum e_sendfile {sending, not_sending};
+#endif /* HAVE_SENDFILE */
 
 struct t_data;
 
@@ -242,6 +274,9 @@ typedef struct {
     struct t_data  *cq_head;  /* Queue of incoming commands */
     struct t_data  *cq_tail;  /* -""- */
     enum e_timer    timer_state;
+#ifdef HAVE_SENDFILE
+    enum e_sendfile sendfile_state;
+#endif /* HAVE_SENDFILE */
     size_t          read_bufsize;
     ErlDrvBinary   *read_binp;
     size_t          read_offset;
@@ -264,7 +299,11 @@ struct erl_drv_entry efile_driver_entry = {
     file_stop,
     file_output,
     NULL,
+#ifdef HAVE_SENDFILE
+    file_ready_output,
+#else
     NULL,
+#endif /* HAVE_SENDFILE */
     "efile",
     NULL,
     NULL,
@@ -279,7 +318,13 @@ struct erl_drv_entry efile_driver_entry = {
     ERL_DRV_EXTENDED_MAJOR_VERSION,
     ERL_DRV_EXTENDED_MINOR_VERSION,
     ERL_DRV_FLAG_USE_PORT_LOCKING,
+    NULL,
+    NULL,
+#ifdef HAVE_SENDFILE
+    file_stop_select
+#else
     NULL
+#endif /* HAVE_SENDFILE */
 };
 
 
@@ -398,6 +443,14 @@ struct t_data
 	    Sint64 length;
 	    int advise;
 	} fadvise;
+#ifdef HAVE_SENDFILE
+	struct {
+	    int out_fd;
+	    off_t offset;
+	    Uint64 nbytes;
+	    Uint64 written;
+	} sendfile;
+#endif /* HAVE_SENDFILE */
     } c;
     char b[1];
 };
@@ -485,7 +538,6 @@ static void *ef_safe_realloc(void *op, Uint s)
      : 0)
 
 
-
 #if 0
 
 static void ev_clear(ErlIOVec *ev) {
@@ -613,7 +665,6 @@ static struct t_data *cq_deq(file_descriptor *desc) {
 }
 
 
-
 /*********************************************************************
  * Driver entry point -> init
  */
@@ -628,6 +679,7 @@ file_init(void)
 			    ? atoi(buf)
 			    : 0);
     driver_system_info(&sys_info, sizeof(ErlDrvSysInfo));
+
     return 0;
 }
 
@@ -655,6 +707,9 @@ file_start(ErlDrvPort port, char* command)
     desc->cq_head = NULL;
     desc->cq_tail = NULL;
     desc->timer_state = timer_idle;
+#ifdef HAVE_SENDFILE
+    desc->sendfile_state = not_sending;
+#endif
     desc->read_bufsize = 0;
     desc->read_binp = NULL;
     desc->read_offset = 0;
@@ -697,6 +752,15 @@ file_stop(ErlDrvData e)
 
     TRACE_C('p');
 
+#ifdef HAVE_SENDFILE
+    if (desc->sendfile_state == sending && !USE_THRDS_FOR_SENDFILE) {
+	driver_select(desc->port,(ErlDrvEvent)(long)desc->d->c.sendfile.out_fd,
+		      ERL_DRV_WRITE|ERL_DRV_USE,0);
+    } else if (desc->sendfile_state == sending) {
+	SET_NONBLOCKING(desc->d->c.sendfile.out_fd);
+    }
+#endif /* HAVE_SENDFILE */
+
     if (desc->fd != FILE_FD_INVALID) {
 	do_close(desc->flags, desc->fd);
 	desc->fd = FILE_FD_INVALID;
@@ -762,7 +826,16 @@ static void reply_Uint_posix_error(file_descriptor *desc, Uint num,
     driver_output2(desc->port, response, t-response, NULL, 0);
 }
 
+static void reply_string_error(file_descriptor *desc, char* str) {
+    char response[256];		/* Response buffer. */
+    char* s;
+    char* t;
 
+    response[0] = FILE_RESP_ERROR;
+    for (s = str, t = response+1; *s; s++, t++)
+	*t = tolower(*s);
+    driver_output2(desc->port, response, t-response, NULL, 0);
+}
 
 static int reply_error(file_descriptor *desc, 
 		       Efile_error *errInfo) /* The error codes. */
@@ -893,8 +966,6 @@ static int reply_eof(file_descriptor *desc) {
     driver_output2(desc->port, &c, 1, NULL, 0);
     return 0;
 }
-
-
  
 static void invoke_name(void *data, int (*f)(Efile_error *, char *))
 {
@@ -1013,7 +1084,7 @@ static void invoke_read_line(void *data)
 	    d->c.read_line.read_offset - d->c.read_line.read_size;
 	if (size == 0) {
 	    /* Need more place */
-	    size_t need = (d->c.read_line.read_size >= DEFAULT_LINEBUF_SIZE) ? 
+	    ErlDrvSizeT need = (d->c.read_line.read_size >= DEFAULT_LINEBUF_SIZE) ?
 		d->c.read_line.read_size + DEFAULT_LINEBUF_SIZE : DEFAULT_LINEBUF_SIZE;
 	    ErlDrvBinary   *newbin = driver_alloc_binary(need);
 	    if (newbin == NULL) {
@@ -1314,7 +1385,11 @@ static void invoke_writev(void *data) {
 	size = d->c.writev.size;
     }
 
-    /* Copy the io vector to avoid locking the port que while writing */
+    /* Copy the io vector to avoid locking the port que while writing,
+     * also, both we and efile_writev might/will change the SysIOVec
+     * when segmenting or due to partial write and we do not want to
+     * tamper with the actual queue that we get from driver_peekq
+     */
     MUTEX_LOCK(d->c.writev.q_mtx); /* Lock before accessing the port queue */
     iov0 = driver_peekq(d->c.writev.port, &iovlen);
 
@@ -1353,7 +1428,7 @@ static void invoke_writev(void *data) {
 	} else {
 	    d->result_ok = efile_writev(&d->errInfo, 
 					d->flags, (int) d->fd,
-					iov, iovcnt, size);
+					iov, iovcnt);
 	}
     } else if (iovlen == 0) {
 	d->result_ok = 1;
@@ -1694,6 +1769,66 @@ static void invoke_fadvise(void *data)
     d->result_ok = efile_fadvise(&d->errInfo, fd, offset, length, advise);
 }
 
+#ifdef HAVE_SENDFILE
+static void invoke_sendfile(void *data)
+{
+    struct t_data *d = (struct t_data *)data;
+    int fd = d->fd;
+    int out_fd = (int)d->c.sendfile.out_fd;
+    Uint64 nbytes = d->c.sendfile.nbytes;
+    int result = 0;
+    d->again = 0;
+
+    result = efile_sendfile(&d->errInfo, fd, out_fd, &d->c.sendfile.offset, &nbytes, NULL);
+
+    d->c.sendfile.written += nbytes;
+
+    if (result == 1) {
+	if (USE_THRDS_FOR_SENDFILE) {
+	    d->result_ok = 0;
+	} else if (d->c.sendfile.nbytes == 0 && nbytes != 0) {
+	    d->result_ok = 1;
+	} else if ((d->c.sendfile.nbytes - nbytes) != 0) {
+	    d->result_ok = 1;
+	    d->c.sendfile.nbytes -= nbytes;
+	} else {
+	    d->result_ok = 0;
+	}
+    } else if (result == 0 && (d->errInfo.posix_errno == EAGAIN
+				 || d->errInfo.posix_errno == EINTR)) {
+	d->result_ok = 1;
+    } else {
+	d->result_ok = -1;
+    }
+}
+
+static void free_sendfile(void *data) {
+    EF_FREE(data);
+}
+
+static void file_ready_output(ErlDrvData data, ErlDrvEvent event)
+{
+    file_descriptor* fd = (file_descriptor*) data;
+
+    switch (fd->d->command) {
+    case FILE_SENDFILE:
+	driver_select(fd->port, event,
+		      (int)ERL_DRV_WRITE,(int) 0);
+	invoke_sendfile((void *)fd->d);
+	file_async_ready(data, (ErlDrvThreadData)fd->d);
+	break;
+    default:
+	break;
+    }
+}
+
+static void file_stop_select(ErlDrvEvent event, void* _)
+{
+
+}
+#endif /* HAVE_SENDFILE */
+
+
 static void free_readdir(void *data)
 {
     struct t_data *d = (struct t_data *) data;
@@ -1755,6 +1890,10 @@ static void cq_execute(file_descriptor *desc) {
     register void *void_ptr; /* Soft cast variable */
     if (desc->timer_state == timer_again)
 	return;
+#ifdef HAVE_SENDFILE
+    if (desc->sendfile_state == sending)
+	return;
+#endif
     if (! (d = cq_deq(desc)))
 	return;
     TRACE_F(("x%i", (int) d->command));
@@ -2021,24 +2160,25 @@ file_async_ready(ErlDrvData e, ErlDrvThreadData data)
 	    if (d->result_ok) {
 		resbuf[0] = FILE_RESP_INFO;
 
-		put_int32(d->info.size_high,         &resbuf[1 + (0 * 4)]);
-		put_int32(d->info.size_low,          &resbuf[1 + (1 * 4)]);
-		put_int32(d->info.type,              &resbuf[1 + (2 * 4)]);
-
-		PUT_TIME(d->info.accessTime, resbuf + 1 + 3*4);
-		PUT_TIME(d->info.modifyTime, resbuf + 1 + 9*4);
-		PUT_TIME(d->info.cTime, resbuf + 1 + 15*4);
-
-		put_int32(d->info.mode,              &resbuf[1 + (21 * 4)]);
-		put_int32(d->info.links,             &resbuf[1 + (22 * 4)]);
-		put_int32(d->info.major_device,      &resbuf[1 + (23 * 4)]);
-		put_int32(d->info.minor_device,      &resbuf[1 + (24 * 4)]);
-		put_int32(d->info.inode,             &resbuf[1 + (25 * 4)]);
-		put_int32(d->info.uid,               &resbuf[1 + (26 * 4)]);
-		put_int32(d->info.gid,               &resbuf[1 + (27 * 4)]);
-		put_int32(d->info.access,            &resbuf[1 + (28 * 4)]);
-
-#define RESULT_SIZE (1 + (29 * 4))
+		put_int32(d->info.size_high,         &resbuf[1 + ( 0 * 4)]);
+		put_int32(d->info.size_low,          &resbuf[1 + ( 1 * 4)]);
+		put_int32(d->info.type,              &resbuf[1 + ( 2 * 4)]);
+
+		/* Note 64 bit indexing in resbuf here */
+		put_int64(d->info.accessTime,        &resbuf[1 + ( 3 * 4)]);
+		put_int64(d->info.modifyTime,        &resbuf[1 + ( 5 * 4)]);
+		put_int64(d->info.cTime,             &resbuf[1 + ( 7 * 4)]);
+
+		put_int32(d->info.mode,              &resbuf[1 + ( 9 * 4)]);
+		put_int32(d->info.links,             &resbuf[1 + (10 * 4)]);
+		put_int32(d->info.major_device,      &resbuf[1 + (11 * 4)]);
+		put_int32(d->info.minor_device,      &resbuf[1 + (12 * 4)]);
+		put_int32(d->info.inode,             &resbuf[1 + (13 * 4)]);
+		put_int32(d->info.uid,               &resbuf[1 + (14 * 4)]);
+		put_int32(d->info.gid,               &resbuf[1 + (15 * 4)]);
+		put_int32(d->info.access,            &resbuf[1 + (16 * 4)]);
+
+#define RESULT_SIZE (1 + (17 * 4))
 		TRACE_C('R');
 		driver_output2(desc->port, resbuf, RESULT_SIZE, NULL, 0);
 #undef RESULT_SIZE
@@ -2105,6 +2245,42 @@ file_async_ready(ErlDrvData e, ErlDrvThreadData data)
 	  }
 	  free_preadv(data);
 	  break;
+#ifdef HAVE_SENDFILE
+      case FILE_SENDFILE:
+	  if (d->result_ok == -1) {
+	      desc->sendfile_state = not_sending;
+	      if (d->errInfo.posix_errno == ECONNRESET ||
+		  d->errInfo.posix_errno == ENOTCONN ||
+		  d->errInfo.posix_errno == EPIPE)
+		  reply_string_error(desc,"closed");
+	      else
+		  reply_error(desc, &d->errInfo);
+	      if (USE_THRDS_FOR_SENDFILE) {
+		  SET_NONBLOCKING(d->c.sendfile.out_fd);
+		  free_sendfile(data);
+	      } else {
+		driver_select(desc->port, (ErlDrvEvent)(long)d->c.sendfile.out_fd,
+			ERL_DRV_USE, 0);
+		free_sendfile(data);
+	      }
+	  } else if (d->result_ok == 0) {
+	      desc->sendfile_state = not_sending;
+	      reply_Sint64(desc, d->c.sendfile.written);
+	      if (USE_THRDS_FOR_SENDFILE) {
+		SET_NONBLOCKING(d->c.sendfile.out_fd);
+		free_sendfile(data);
+	      } else {
+		driver_select(desc->port, (ErlDrvEvent)(long)d->c.sendfile.out_fd, ERL_DRV_USE, 0);
+		free_sendfile(data);
+	      }
+	  } else if (d->result_ok == 1) { // If we are using select to send the rest of the data
+	      desc->sendfile_state = sending;
+	      desc->d = d;
+	      driver_select(desc->port, (ErlDrvEvent)(long)d->c.sendfile.out_fd,
+			    ERL_DRV_USE|ERL_DRV_WRITE, 1);
+	  }
+	  break;
+#endif
       default:
 	abort();
     }
@@ -2120,7 +2296,7 @@ file_async_ready(ErlDrvData e, ErlDrvThreadData data)
  * Driver entry point -> output
  */
 static void 
-file_output(ErlDrvData e, char* buf, int count)
+file_output(ErlDrvData e, char* buf, ErlDrvSizeT count)
 {
     file_descriptor* desc = (file_descriptor*)e;
     Efile_error errInfo;	/* The error codes for the last operation. */
@@ -2355,15 +2531,16 @@ file_output(ErlDrvData e, char* buf, int count)
     case FILE_WRITE_INFO:
 	{
 	    d = EF_SAFE_ALLOC(sizeof(struct t_data) - 1
-			      + FILENAME_BYTELEN(buf+21*4) + FILENAME_CHARSIZE);
+			      + FILENAME_BYTELEN(buf + 9*4) + FILENAME_CHARSIZE);
 	    
-	    d->info.mode = get_int32(buf + 0 * 4);
-	    d->info.uid = get_int32(buf + 1 * 4);
-	    d->info.gid = get_int32(buf + 2 * 4);
-	    GET_TIME(d->info.accessTime, buf + 3 * 4);
-	    GET_TIME(d->info.modifyTime, buf + 9 * 4);
-	    GET_TIME(d->info.cTime, buf + 15 * 4);
-	    FILENAME_COPY(d->b, buf+21*4);
+	    d->info.mode       = get_int32(buf +  0 * 4);
+	    d->info.uid        = get_int32(buf +  1 * 4);
+	    d->info.gid        = get_int32(buf +  2 * 4);
+	    d->info.accessTime = (time_t)((Sint64)get_int64(buf +  3 * 4));
+	    d->info.modifyTime = (time_t)((Sint64)get_int64(buf +  5 * 4));
+	    d->info.cTime      = (time_t)((Sint64)get_int64(buf +  7 * 4));
+
+	    FILENAME_COPY(d->b, buf + 9*4);
 	    d->command = command;
 	    d->invoke = invoke_write_info;
 	    d->free = free_data;
@@ -2496,9 +2673,9 @@ file_flush(ErlDrvData e) {
 /*********************************************************************
  * Driver entry point -> control
  */
-static int 
+static ErlDrvSSizeT
 file_control(ErlDrvData e, unsigned int command, 
-			 char* buf, int len, char **rbuf, int rlen) {
+	     char* buf, ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen) {
     /*
      *  warning: variable ‘desc’ set but not used 
      *  [-Wunused-but-set-variable]
@@ -2799,8 +2976,8 @@ file_outputv(ErlDrvData e, ErlIOVec *ev) {
 	cq_enq(desc, d);
     } goto done;
     case FILE_WRITE: {
-	int skip = 1;
-	int size = ev->size - skip;
+	ErlDrvSizeT skip = 1;
+	ErlDrvSizeT size = ev->size - skip;
 	if (lseek_flush_read(desc, &err) < 0) {
 	    reply_posix_error(desc, err);
 	    goto done;
@@ -2809,7 +2986,7 @@ file_outputv(ErlDrvData e, ErlIOVec *ev) {
 	    reply_posix_error(desc, EBADF);
 	    goto done;
 	}
-	if (size <= 0) {
+	if (size == 0) {
 	    reply_Uint(desc, size);
 	    goto done;
 	}
@@ -2923,7 +3100,7 @@ file_outputv(ErlDrvData e, ErlIOVec *ev) {
 	    EF_FREE(d);
 	    reply_Uint(desc, 0);
 	} else {
-	    size_t skip = 1 + 4 + 8*(2*n);
+	    ErlDrvSizeT skip = 1 + 4 + 8*(2*n);
 	    if (skip + total != ev->size) {
 		/* Actual amount of data does not match 
 		 * total of all pos/size specs
@@ -3245,9 +3422,69 @@ file_outputv(ErlDrvData e, ErlIOVec *ev) {
 	    goto done;
 	} /* case FILE_OPT_DELAYED_WRITE: */
     } ASSERT(0); goto done; /* case FILE_SETOPT: */
-    
+
+    case FILE_SENDFILE: {
+
+#ifdef HAVE_SENDFILE
+        struct t_data *d;
+	Uint32 out_fd, offsetH, offsetL, hd_len, tl_len;
+	Uint64 nbytes;
+	char flags;
+
+	if (ev->size < 1 + 7 * sizeof(Uint32) + sizeof(char)
+		|| !EV_GET_UINT32(ev, &out_fd, &p, &q)
+		|| !EV_GET_CHAR(ev, &flags, &p, &q)
+		|| !EV_GET_UINT32(ev, &offsetH, &p, &q)
+		|| !EV_GET_UINT32(ev, &offsetL, &p, &q)
+		|| !EV_GET_UINT64(ev, &nbytes, &p, &q)
+		|| !EV_GET_UINT32(ev, &hd_len, &p, &q)
+		|| !EV_GET_UINT32(ev, &tl_len, &p, &q)) {
+	    /* Buffer has wrong length to contain all the needed values */
+	    reply_posix_error(desc, EINVAL);
+	    goto done;
+	}
+
+	if (hd_len != 0 || tl_len != 0 || flags != 0) {
+	    // We do not allow header, trailers and/or flags right now
+	    reply_posix_error(desc, EINVAL);
+	    goto done;
+	}
+
+	d = EF_SAFE_ALLOC(sizeof(struct t_data));
+	d->fd = desc->fd;
+	d->command = command;
+	d->invoke = invoke_sendfile;
+	d->free = NULL;
+	d->level = 2;
+
+	d->c.sendfile.out_fd = (int) out_fd;
+	d->c.sendfile.written = 0;
+
+    #if SIZEOF_OFF_T == 4
+	if (offsetH != 0) {
+	    reply_posix_error(desc, EINVAL);
+	    goto done;
+	}
+	d->c.sendfile.offset = (off_t) offsetL;
+    #else
+	d->c.sendfile.offset = ((off_t) offsetH << 32) | offsetL;
+    #endif
+
+	d->c.sendfile.nbytes = nbytes;
+
+	if (USE_THRDS_FOR_SENDFILE) {
+	    SET_BLOCKING(d->c.sendfile.out_fd);
+	}
+
+	cq_enq(desc, d);
+#else
+	reply_posix_error(desc, ENOTSUP);
+#endif
+	goto done;
+        } /* case FILE_SENDFILE: */
+
     } /* switch(command) */
-    
+
     if (lseek_flush_read(desc, &err) < 0) {
 	reply_posix_error(desc, err);
 	goto done;
diff --git a/erts/emulator/drivers/common/erl_efile.h b/erts/emulator/drivers/common/erl_efile.h
index 3097ded3f1..69ad02633c 100644
--- a/erts/emulator/drivers/common/erl_efile.h
+++ b/erts/emulator/drivers/common/erl_efile.h
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 1997-2010. All Rights Reserved.
+ * Copyright Ericsson AB 1997-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -67,6 +67,11 @@
 #define FILENAMES_16BIT 1
 #endif
 
+// We use sendfilev if it exist on solaris
+#if !defined(HAVE_SENDFILE) && defined(HAVE_SENDFILEV)
+#define HAVE_SENDFILE
+#endif
+
 /*
  * An handle to an open directory.  To be cast to the correct type
  * in the system-dependent directory functions.
@@ -85,14 +90,15 @@ typedef struct _Efile_error {
 /*
  * This structure contains date and time.
  */
-typedef struct _Efile_time {
-    unsigned year;		/* (4 digits). */
-    unsigned month;		/* (1..12). */
-    unsigned day;		/* (1..31). */
-    unsigned hour;		/* (0..23). */
-    unsigned minute;		/* (0..59). */
-    unsigned second;		/* (0..59). */
-} Efile_time;
+
+//typedef struct _Efile_time {
+//    unsigned year;		/* (4 digits). */
+//    unsigned month;		/* (1..12). */
+//    unsigned day;		/* (1..31). */
+//    unsigned hour;		/* (0..23). */
+//    unsigned minute;		/* (0..59). */
+//    unsigned second;		/* (0..59). */
+//} Efile_time;
 
 
 /*
@@ -111,13 +117,26 @@ typedef struct _Efile_info {
     Uint32 inode;		/* Inode number. */
     Uint32 uid;			/* User id of owner. */
     Uint32 gid;			/* Group id of owner. */
-    Efile_time accessTime;	/* Last time the file was accessed. */
-    Efile_time modifyTime;	/* Last time the file was modified. */
-    Efile_time cTime;		/* Creation time (Windows) or last
+    time_t accessTime;		/* Last time the file was accessed. */
+    time_t modifyTime;		/* Last time the file was modified. */
+    time_t cTime;		/* Creation time (Windows) or last
 				 * inode change (Unix).
 				 */
 } Efile_info;
 
+
+#ifdef HAVE_SENDFILE
+/*
+ * Describes the structure of headers/trailers for sendfile
+ */
+struct t_sendfile_hdtl {
+    SysIOVec *headers;
+    int hdr_cnt;
+    SysIOVec *trailers;
+    int trl_cnt;
+};
+#endif /* HAVE_SENDFILE */
+
 /*
  * Functions.
  */
@@ -143,7 +162,7 @@ int efile_write_info(Efile_error* errInfo, Efile_info* pInfo, char *name);
 int efile_write(Efile_error* errInfo, int flags, int fd, 
 		char* buf, size_t count);
 int efile_writev(Efile_error* errInfo, int flags, int fd, 
-		 SysIOVec* iov, int iovcnt, size_t size);
+		 SysIOVec* iov, int iovcnt);
 int efile_read(Efile_error* errInfo, int flags, int fd, 
 	       char* buf, size_t count, size_t* pBytesRead);
 int efile_seek(Efile_error* errInfo, int fd, 
@@ -162,3 +181,7 @@ int efile_symlink(Efile_error* errInfo, char* old, char* new);
 int efile_may_openfile(Efile_error* errInfo, char *name);
 int efile_fadvise(Efile_error* errInfo, int fd, Sint64 offset, Sint64 length,
 		  int advise);
+#ifdef HAVE_SENDFILE
+int efile_sendfile(Efile_error* errInfo, int in_fd, int out_fd,
+		      off_t *offset, Uint64 *nbytes, struct t_sendfile_hdtl *hdtl);
+#endif /* HAVE_SENDFILE */
diff --git a/erts/emulator/drivers/common/gzio.c b/erts/emulator/drivers/common/gzio.c
index 741cb6ae20..a9303d55bc 100644
--- a/erts/emulator/drivers/common/gzio.c
+++ b/erts/emulator/drivers/common/gzio.c
@@ -27,7 +27,9 @@
 #endif
 
 #ifdef __WIN32__
+#ifndef HAVE_CONFLICTING_FREAD_DECLARATION
 #define HAVE_CONFLICTING_FREAD_DECLARATION
+#endif
 #define FILENAMES_16BIT 1
 #endif
 
diff --git a/erts/emulator/drivers/common/inet_drv.c b/erts/emulator/drivers/common/inet_drv.c
index 1fe9e04341..47a99fdbe6 100644
--- a/erts/emulator/drivers/common/inet_drv.c
+++ b/erts/emulator/drivers/common/inet_drv.c
@@ -80,6 +80,13 @@
 #endif
 
 #ifdef __WIN32__
+#define LLU "%I64u"
+#else
+#define LLU "%llu"
+#endif
+typedef unsigned long long llu_t;
+
+#ifdef __WIN32__
 #define  STRNCASECMP strncasecmp
 
 #define INCL_WINSOCK_API_TYPEDEFS 1
@@ -110,6 +117,77 @@
 #undef EWOULDBLOCK
 #undef ETIMEDOUT
 
+#ifdef EINPROGRESS
+#undef EINPROGRESS
+#endif
+#ifdef EALREADY
+#undef EALREADY
+#endif
+#ifdef ENOTSOCK
+#undef ENOTSOCK
+#endif
+#ifdef EDESTADDRREQ
+#undef EDESTADDRREQ
+#endif
+#ifdef EMSGSIZE
+#undef EMSGSIZE
+#endif
+#ifdef EPROTOTYPE
+#undef EPROTOTYPE
+#endif
+#ifdef ENOPROTOOPT
+#undef ENOPROTOOPT
+#endif
+#ifdef EPROTONOSUPPORT
+#undef EPROTONOSUPPORT
+#endif
+#ifdef EOPNOTSUPP
+#undef EOPNOTSUPP
+#endif
+#ifdef EAFNOSUPPORT
+#undef EAFNOSUPPORT
+#endif
+#ifdef EADDRINUSE
+#undef EADDRINUSE
+#endif
+#ifdef EADDRNOTAVAIL
+#undef EADDRNOTAVAIL
+#endif
+#ifdef ENETDOWN
+#undef ENETDOWN
+#endif
+#ifdef ENETUNREACH
+#undef ENETUNREACH
+#endif
+#ifdef ENETRESET
+#undef ENETRESET
+#endif
+#ifdef ECONNABORTED
+#undef ECONNABORTED
+#endif
+#ifdef ECONNRESET
+#undef ECONNRESET
+#endif
+#ifdef ENOBUFS
+#undef ENOBUFS
+#endif
+#ifdef EISCONN
+#undef EISCONN
+#endif
+#ifdef ENOTCONN
+#undef ENOTCONN
+#endif
+#ifdef ECONNREFUSED
+#undef ECONNREFUSED
+#endif
+#ifdef ELOOP
+#undef ELOOP
+#endif
+#ifdef EHOSTUNREACH
+#undef EHOSTUNREACH
+#endif
+
+
 #define HAVE_MULTICAST_SUPPORT
 
 #define ERRNO_BLOCK             WSAEWOULDBLOCK
@@ -445,6 +523,7 @@ static int my_strncasecmp(const char *s1, const char *s2, size_t n)
                                     driver_select(port, e, mode | (on?ERL_DRV_USE:0), on)
 
 #define sock_select(d, flags, onoff) do { \
+        ASSERT(!(d)->is_ignored); \
         (d)->event_mask = (onoff) ? \
                  ((d)->event_mask | (flags)) : \
                  ((d)->event_mask & ~(flags)); \
@@ -467,6 +546,13 @@ static int my_strncasecmp(const char *s1, const char *s2, size_t n)
 			     (((unsigned char*) (s))[1] << 8) | \
 			     (((unsigned char*) (s))[0]))
 
+
+#ifdef VALGRIND
+#  include <valgrind/memcheck.h>   
+#else
+#  define VALGRIND_MAKE_MEM_DEFINED(ptr,size)
+#endif
+
 /*----------------------------------------------------------------------------
 ** Interface constants.
 ** 
@@ -538,6 +624,8 @@ static int my_strncasecmp(const char *s1, const char *s2, size_t n)
 #define INET_REQ_GETIFADDRS    25
 #define INET_REQ_ACCEPT        26
 #define INET_REQ_LISTEN        27
+#define INET_REQ_IGNOREFD      28
+
 /* TCP requests */
 /* #define TCP_REQ_ACCEPT         40 MOVED */
 /* #define TCP_REQ_LISTEN         41 MERGED */
@@ -725,6 +813,11 @@ static int my_strncasecmp(const char *s1, const char *s2, size_t n)
 /* Max interface name */
 #define INET_IFNAMSIZ          16
 
+/* INET Ignore states */
+#define INET_IGNORE_NONE 0
+#define INET_IGNORE_READ 1
+#define INET_IGNORE_WRITE 1 << 1
+
 /* Max length of Erlang Term Buffer (for outputting structured terms):  */
 #ifdef  HAVE_SCTP
 #define PACKET_ERL_DRV_TERM_DATA_LEN  512
@@ -864,6 +957,9 @@ typedef struct {
     double send_avg;            /* average packet size sent */
 
     subs_list empty_out_q_subs; /* Empty out queue subscribers */
+    int is_ignored;             /* if a fd is ignored by the inet_drv.
+				   This flag should be set to true when
+				   the fd is used outside of inet_drv. */
 } inet_descriptor;
 
 
@@ -876,13 +972,14 @@ typedef struct {
 
 static int tcp_inet_init(void);
 static void tcp_inet_stop(ErlDrvData);
-static void tcp_inet_command(ErlDrvData, char*, int);
+static void tcp_inet_command(ErlDrvData, char*, ErlDrvSizeT);
 static void tcp_inet_commandv(ErlDrvData, ErlIOVec*);
 static void tcp_inet_flush(ErlDrvData drv_data);
 static void tcp_inet_drv_input(ErlDrvData, ErlDrvEvent);
 static void tcp_inet_drv_output(ErlDrvData data, ErlDrvEvent event);
 static ErlDrvData tcp_inet_start(ErlDrvPort, char* command);
-static int tcp_inet_ctl(ErlDrvData, unsigned int, char*, int, char**, int);
+static ErlDrvSSizeT tcp_inet_ctl(ErlDrvData, unsigned int,
+				 char*, ErlDrvSizeT, char**, ErlDrvSizeT);
 static void tcp_inet_timeout(ErlDrvData);
 static void tcp_inet_process_exit(ErlDrvData, ErlDrvMonitor *); 
 static void inet_stop_select(ErlDrvEvent, void*); 
@@ -927,15 +1024,15 @@ static struct erl_drv_entry tcp_inet_driver_entry =
 
 static int        packet_inet_init(void);
 static void       packet_inet_stop(ErlDrvData);
-static void       packet_inet_command(ErlDrvData, char*, int);
+static void       packet_inet_command(ErlDrvData, char*, ErlDrvSizeT);
 static void       packet_inet_drv_input(ErlDrvData data, ErlDrvEvent event);
 static void	  packet_inet_drv_output(ErlDrvData data, ErlDrvEvent event);
 static ErlDrvData udp_inet_start(ErlDrvPort, char* command);
 #ifdef HAVE_SCTP
 static ErlDrvData sctp_inet_start(ErlDrvPort, char* command);
 #endif
-static int        packet_inet_ctl(ErlDrvData, unsigned int, char*, 
-				  int, char**, int);
+static ErlDrvSSizeT packet_inet_ctl(ErlDrvData, unsigned int, char*,
+				    ErlDrvSizeT, char**, ErlDrvSizeT);
 static void       packet_inet_timeout(ErlDrvData);
 #ifdef __WIN32__
 static void       packet_inet_event(ErlDrvData, ErlDrvEvent);
@@ -1029,7 +1126,7 @@ typedef struct {
 } tcp_descriptor;
 
 /* send function */
-static int tcp_send(tcp_descriptor* desc, char* ptr, int len);
+static int tcp_send(tcp_descriptor* desc, char* ptr, ErlDrvSizeT len);
 static int tcp_sendv(tcp_descriptor* desc, ErlIOVec* ev);
 static int tcp_recv(tcp_descriptor* desc, int request_len);
 static int tcp_deliver(tcp_descriptor* desc, int len);
@@ -1096,7 +1193,7 @@ static ErlDrvTermData am_tos;
 
 
 static int inet_init(void);
-static int ctl_reply(int, char*, int, char**, int);
+static ErlDrvSSizeT ctl_reply(int, char*, ErlDrvSizeT, char**, ErlDrvSizeT);
 
 struct erl_drv_entry inet_driver_entry = 
 {
@@ -1106,7 +1203,23 @@ struct erl_drv_entry inet_driver_entry =
     NULL, /* output */
     NULL, /* ready_input */
     NULL, /* ready_output */
-    "inet"
+    "inet",
+    NULL,
+    NULL, /* handle */
+    NULL, /* control */
+    NULL, /* timeout */
+    NULL, /* outputv */
+    NULL, /* ready_async */
+    NULL, /* flush */
+    NULL, /* call */
+    NULL, /* event */
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL,
 };
 
 /* XXX: is this a driver interface function ??? */
@@ -1120,7 +1233,7 @@ void erl_exit(int n, char*, ...);
 
 #ifdef FATAL_MALLOC
 
-static void *alloc_wrapper(size_t size){
+static void *alloc_wrapper(ErlDrvSizeT size){
     void *ret = driver_alloc(size);
     if(ret == NULL) 
 	erl_exit(1,"Out of virtual memory in malloc (%s)", __FILE__);
@@ -1128,7 +1241,7 @@ static void *alloc_wrapper(size_t size){
 }
 #define ALLOC(X) alloc_wrapper(X)
 
-static void *realloc_wrapper(void *current, size_t size){
+static void *realloc_wrapper(void *current, ErlDrvSizeT size){
     void *ret = driver_realloc(current,size);
     if(ret == NULL) 
 	erl_exit(1,"Out of virtual memory in realloc (%s)", __FILE__);
@@ -1357,11 +1470,11 @@ static InetDrvBufStk *get_bufstk(void)
     return bs;
 }
 
-static ErlDrvBinary* alloc_buffer(long minsz)
+static ErlDrvBinary* alloc_buffer(ErlDrvSizeT minsz)
 {
     InetDrvBufStk *bs = get_bufstk();
 
-    DEBUGF(("alloc_buffer: %ld\r\n", minsz));
+    DEBUGF(("alloc_buffer: "LLU"\r\n", (llu_t)minsz));
 
     if (bs && bs->buf.pos > 0) {
 	long size;
@@ -1437,7 +1550,7 @@ static void release_buffer(ErlDrvBinary* buf)
     }
 }
 
-static ErlDrvBinary* realloc_buffer(ErlDrvBinary* buf, long newsz)
+static ErlDrvBinary* realloc_buffer(ErlDrvBinary* buf, ErlDrvSizeT newsz)
 {
     return driver_realloc_binary(buf, newsz);
 }
@@ -1466,8 +1579,9 @@ static ErlDrvData dummy_start(ErlDrvPort port, char* command)
     return (ErlDrvData)port;
 }
 
-static int dummy_ctl(ErlDrvData data, unsigned int cmd, char* buf, int len,
-		     char** rbuf, int rsize)
+static ErlDrvSSizeT dummy_ctl(ErlDrvData data, unsigned int cmd,
+			      char* buf, ErlDrvSizeT len, char** rbuf,
+			      ErlDrvSizeT rsize)
 {
     static char error[] = "no_winsock2";
 
@@ -1475,7 +1589,7 @@ static int dummy_ctl(ErlDrvData data, unsigned int cmd, char* buf, int len,
     return ctl_reply(INET_REP_ERROR, error, sizeof(error), rbuf, rsize);
 }
 
-static void dummy_command(ErlDrvData data, char* buf, int len)
+static void dummy_command(ErlDrvData data, char* buf, ErlDrvSizeT len)
 {
 }
 
@@ -1532,7 +1646,8 @@ static struct erl_drv_entry dummy_sctp_driver_entry =
 #endif
 
 /* general control reply function */
-static int ctl_reply(int rep, char* buf, int len, char** rbuf, int rsize)
+static ErlDrvSSizeT ctl_reply(int rep, char* buf, ErlDrvSizeT len,
+			      char** rbuf, ErlDrvSizeT rsize)
 {
     char* ptr;
 
@@ -1548,7 +1663,7 @@ static int ctl_reply(int rep, char* buf, int len, char** rbuf, int rsize)
 }
 
 /* general control error reply function */
-static int ctl_error(int err, char** rbuf, int rsize)
+static ErlDrvSSizeT ctl_error(int err, char** rbuf, ErlDrvSizeT rsize)
 {
     char response[256];		/* Response buffer. */
     char* s;
@@ -1559,7 +1674,7 @@ static int ctl_error(int err, char** rbuf, int rsize)
     return ctl_reply(INET_REP_ERROR, response, t-response, rbuf, rsize);
 }
 
-static int ctl_xerror(char* xerr, char** rbuf, int rsize)
+static ErlDrvSSizeT ctl_xerror(char* xerr, char** rbuf, ErlDrvSizeT rsize)
 {
     int n = strlen(xerr);
     return ctl_reply(INET_REP_ERROR, xerr, n, rbuf, rsize);
@@ -3576,7 +3691,8 @@ static int inet_init()
 ** and is set to actual length of dst on return
 ** return NULL on error and ptr after port address on success
 */
-static char* inet_set_address(int family, inet_address* dst, char* src, int* len)
+static char* inet_set_address(int family, inet_address* dst,
+			      char* src, ErlDrvSizeT* len)
 {
     short port;
 
@@ -3612,7 +3728,7 @@ static char* inet_set_address(int family, inet_address* dst, char* src, int* len
 ** src = [TAG,P1,P0,X1,X2,...] when TAG = INET_AF_INET | INET_AF_INET6
 */
 static char *inet_set_faddress(int family, inet_address* dst,
-			       char *src, int* len) {
+			       char *src, ErlDrvSizeT* len) {
     int tag;
     
     if (*len < 1) return NULL;
@@ -3727,7 +3843,13 @@ static void desc_close(inet_descriptor* desc)
 	desc->forced_events = 0;
 	desc->send_would_block = 0;
 #endif
-	driver_select(desc->port, (ErlDrvEvent)(long)desc->event, ERL_DRV_USE, 0);
+	// We should close the fd here, but the other driver might still
+	// be selecting on it.
+	if (!desc->is_ignored)
+	    driver_select(desc->port,(ErlDrvEvent)(long)desc->event, 
+			  ERL_DRV_USE, 0);
+	else
+	  inet_stop_select((ErlDrvEvent)(long)desc->event,NULL);
 	desc->event = INVALID_EVENT; /* closed by stop_select callback */
 	desc->s = INVALID_SOCKET;
 	desc->event_mask = 0;
@@ -3770,8 +3892,8 @@ static int erl_inet_close(inet_descriptor* desc)
 }
 
 
-static int inet_ctl_open(inet_descriptor* desc, int domain, int type, 
-			 char** rbuf, int rsize)
+static ErlDrvSSizeT inet_ctl_open(inet_descriptor* desc, int domain, int type,
+				  char** rbuf, ErlDrvSizeT rsize)
 {
     if (desc->state != INET_STATE_CLOSED)
 	return ctl_xerror(EXBADSEQ, rbuf, rsize);
@@ -3791,8 +3913,8 @@ static int inet_ctl_open(inet_descriptor* desc, int domain, int type,
 
 
 /* as inet_open but pass in an open socket (MUST BE OF RIGHT TYPE) */
-static int inet_ctl_fdopen(inet_descriptor* desc, int domain, int type,
-			   SOCKET s, char** rbuf, int rsize)
+static ErlDrvSSizeT inet_ctl_fdopen(inet_descriptor* desc, int domain, int type,
+				    SOCKET s, char** rbuf, ErlDrvSizeT rsize)
 {
     inet_address name;
     unsigned int sz = sizeof(name);
@@ -3996,14 +4118,15 @@ static char* buf_to_sockaddr(char* ptr, char* end, struct sockaddr* addr)
 
 #if defined(__WIN32__) && defined(SIO_GET_INTERFACE_LIST)
 
-static int inet_ctl_getiflist(inet_descriptor* desc, char** rbuf, int rsize)
+static ErlDrvSSizeT inet_ctl_getiflist(inet_descriptor* desc,
+				       char** rbuf, ErlDrvSizeT rsize)
 {
     char ifbuf[BUFSIZ];
     char sbuf[BUFSIZ];
     char* sptr;
     INTERFACE_INFO* ifp;
     DWORD len;
-    int n;
+    ErlDrvSizeT n;
     int err;
 
     ifp = (INTERFACE_INFO*) ifbuf;
@@ -4033,8 +4156,8 @@ static int inet_ctl_getiflist(inet_descriptor* desc, char** rbuf, int rsize)
 /* input is an ip-address in string format i.e A.B.C.D 
 ** scan the INTERFACE_LIST to get the options 
 */
-static int inet_ctl_ifget(inet_descriptor* desc, char* buf, int len,
-			  char** rbuf, int rsize)
+static ErlDrvSSizeT inet_ctl_ifget(inet_descriptor* desc, char* buf,
+				   ErlDrvSizeT len, char** rbuf, ErlDrvSizeT rsize)
 {
     char ifbuf[BUFSIZ];
     int  n;
@@ -4135,8 +4258,9 @@ static int inet_ctl_ifget(inet_descriptor* desc, char* buf, int len,
 }
 
 /* not supported */
-static int inet_ctl_ifset(inet_descriptor* desc, char* buf, int len,
-			  char** rbuf, int rsize)
+static ErlDrvSSizeT inet_ctl_ifset(inet_descriptor* desc,
+				   char* buf, ErlDrvSizeT len,
+				   char** rbuf, ErlDrvSizeT rsize)
 {
     return ctl_reply(INET_REP_OK, NULL, 0, rbuf, rsize);
 }
@@ -4179,12 +4303,13 @@ static void free_ifconf(struct ifconf *ifcp) {
     FREE(ifcp->ifc_buf);
 }
 
-static int inet_ctl_getiflist(inet_descriptor* desc, char** rbuf, int rsize)
+static ErlDrvSSizeT inet_ctl_getiflist(inet_descriptor* desc,
+				       char** rbuf, ErlDrvSizeT rsize)
 {
     struct ifconf ifc;
     struct ifreq *ifrp;
     char *sbuf, *sp;
-    int i;
+    ErlDrvSizeT i;
 
     /* Courtesy of Per Bergqvist and W. Richard Stevens */
 
@@ -4196,7 +4321,7 @@ static int inet_ctl_getiflist(inet_descriptor* desc, char** rbuf, int rsize)
     *sp++ = INET_REP_OK;
     i = 0;
     for (;;) {
-	int n;
+	ErlDrvSizeT n;
 
 	ifrp = (struct ifreq *) VOIDP(ifc.ifc_buf + i);
 	n = sizeof(ifrp->ifr_name) + SIZEA(ifrp->ifr_addr);
@@ -4222,13 +4347,39 @@ static int inet_ctl_getiflist(inet_descriptor* desc, char** rbuf, int rsize)
     return sp - sbuf;
 }
 
+#ifdef HAVE_LIBDLPI_H
+#include <libdlpi.h>
+static int hwaddr_libdlpi_lookup(const char *ifnm,
+                                 uchar_t *addr, size_t *alen)
+{
+    dlpi_handle_t handle;
+    dlpi_info_t linkinfo;
+    int ret = -1;
+
+    if (dlpi_open(ifnm, &handle, 0) != DLPI_SUCCESS) {
+        return -1;
+    }
+
+    if (dlpi_get_physaddr(handle, DL_CURR_PHYS_ADDR,
+                          addr, alen) == DLPI_SUCCESS &&
+        dlpi_info(handle, &linkinfo, 0) == DLPI_SUCCESS)
+    {
+        ret = 0;
+    }
+
+    dlpi_close(handle);
+    return ret;
+}
+#endif
+
 /* FIXME: temporary hack */
 #ifndef IFHWADDRLEN
 #define IFHWADDRLEN 6
 #endif
 
-static int inet_ctl_ifget(inet_descriptor* desc, char* buf, int len,
-			  char** rbuf, int rsize)
+static ErlDrvSSizeT inet_ctl_ifget(inet_descriptor* desc,
+				   char* buf, ErlDrvSizeT len,
+				   char** rbuf, ErlDrvSizeT rsize)
 {
     char sbuf[BUFSIZ];
     char* sptr;
@@ -4257,7 +4408,24 @@ static int inet_ctl_ifget(inet_descriptor* desc, char* buf, int len,
 	    break;
 
 	case INET_IFOPT_HWADDR: {
-#ifdef SIOCGIFHWADDR
+#ifdef HAVE_LIBDLPI_H
+	    /*
+	    ** OpenSolaris have SIGCGIFHWADDR, but no ifr_hwaddr member..
+	    ** The proper way to get the mac address would be to
+	    ** use libdlpi...
+	    */
+	    uchar_t addr[DLPI_PHYSADDR_MAX];
+	    size_t alen = sizeof(addr);
+
+	    if (hwaddr_libdlpi_lookup(ifreq.ifr_name, addr, &alen) == 0) {
+		buf_check(sptr, s_end, 1+2+alen);
+		*sptr++ = INET_IFOPT_HWADDR;
+		put_int16(alen, sptr);
+                    sptr += 2;
+                    sys_memcpy(sptr, addr, alen);
+                    sptr += alen;
+	    }
+#elif defined(SIOCGIFHWADDR) && defined(HAVE_STRUCT_IFREQ_IFR_HWADDR)
 	    if (ioctl(desc->s, SIOCGIFHWADDR, (char *)&ifreq) < 0)
 		break;
 	    buf_check(sptr, s_end, 1+2+IFHWADDRLEN);
@@ -4266,7 +4434,7 @@ static int inet_ctl_ifget(inet_descriptor* desc, char* buf, int len,
 	    /* raw memcpy (fix include autoconf later) */
 	    sys_memcpy(sptr, (char*)(&ifreq.ifr_hwaddr.sa_data), IFHWADDRLEN);
 	    sptr += IFHWADDRLEN;
-#elif defined(SIOCGENADDR)
+#elif defined(SIOCGENADDR) && defined(HAVE_STRUCT_IFREQ_IFR_ENADDR)
 	    if (ioctl(desc->s, SIOCGENADDR, (char *)&ifreq) < 0)
 		break;
 	    buf_check(sptr, s_end, 1+2+sizeof(ifreq.ifr_enaddr));
@@ -4405,8 +4573,9 @@ static int inet_ctl_ifget(inet_descriptor* desc, char* buf, int len,
 }
 
 
-static int inet_ctl_ifset(inet_descriptor* desc, char* buf, int len,
-			  char** rbuf, int rsize)
+static ErlDrvSSizeT inet_ctl_ifset(inet_descriptor* desc,
+				   char* buf, ErlDrvSizeT len,
+				   char** rbuf, ErlDrvSizeT rsize)
 {
     struct ifreq ifreq;
     int namlen;
@@ -4429,19 +4598,19 @@ static int inet_ctl_ifset(inet_descriptor* desc, char* buf, int len,
 	    break;
 
 	case INET_IFOPT_HWADDR: {
-	    unsigned int len;
+	    unsigned int hwalen;
 	    buf_check(buf, b_end, 2);
-	    len = get_int16(buf); buf += 2;
-	    buf_check(buf, b_end, len);
+	    hwalen = get_int16(buf); buf += 2;
+	    buf_check(buf, b_end, hwalen);
 #ifdef SIOCSIFHWADDR
 	    /* raw memcpy (fix include autoconf later) */
 	    sys_memset((char*)(&ifreq.ifr_hwaddr.sa_data),
 		       '\0', sizeof(ifreq.ifr_hwaddr.sa_data));
-	    sys_memcpy((char*)(&ifreq.ifr_hwaddr.sa_data), buf, len);
+	    sys_memcpy((char*)(&ifreq.ifr_hwaddr.sa_data), buf, hwalen);
 
 	    (void) ioctl(desc->s, SIOCSIFHWADDR, (char *)&ifreq);
 #endif
-	    buf += len;
+	    buf += hwalen;
 	    break;
 	}
 
@@ -4527,21 +4696,24 @@ static int inet_ctl_ifset(inet_descriptor* desc, char* buf, int len,
 #else
 
 
-static int inet_ctl_getiflist(inet_descriptor* desc, char** rbuf, int rsize)
+static ErlDrvSSizeT inet_ctl_getiflist(inet_descriptor* desc,
+				       char** rbuf, ErlDrvSizeT rsize)
 {
     return ctl_reply(INET_REP_OK, NULL, 0, rbuf, rsize);
 }
 
 
-static int inet_ctl_ifget(inet_descriptor* desc, char* buf, int len,
-			  char** rbuf, int rsize)
+static ErlDrvSSizeT inet_ctl_ifget(inet_descriptor* desc,
+				   char* buf, ErlDrvSizeT len,
+				   char** rbuf, ErlDrvSizeT rsize)
 {
     return ctl_reply(INET_REP_OK, NULL, 0, rbuf, rsize);
 }
 
 
-static int inet_ctl_ifset(inet_descriptor* desc, char* buf, int len,
-			  char** rbuf, int rsize)
+static ErlDrvSSizeT inet_ctl_ifset(inet_descriptor* desc,
+				   char* buf, ErlDrvSizeT len,
+				   char** rbuf, ErlDrvSizeT rsize)
 {
     return ctl_reply(INET_REP_OK, NULL, 0, rbuf, rsize);
 }
@@ -4598,8 +4770,8 @@ int eq_masked_bytes(char *a, char *b, int pref_len) {
     return !0;
 }
 
-static int inet_ctl_getifaddrs(inet_descriptor* desc_p,
-			       char **rbuf_pp, int rsize)
+static ErlDrvSSizeT inet_ctl_getifaddrs(inet_descriptor* desc_p,
+					char **rbuf_pp, ErlDrvSizeT rsize)
 {
     int i;
     DWORD ret, n;
@@ -4609,7 +4781,7 @@ static int inet_ctl_getifaddrs(inet_descriptor* desc_p,
 
     char *buf_p;
     char *buf_alloc_p;
-    int buf_size =512;
+    ErlDrvSizeT buf_size = 512;
 #   define BUF_ENSURE(Size)						\
     do {								\
 	int NEED_, GOT_ = buf_p - buf_alloc_p;				\
@@ -4983,12 +5155,12 @@ done:
 
 #elif defined(HAVE_GETIFADDRS)
 
-static int inet_ctl_getifaddrs(inet_descriptor* desc_p,
-			       char **rbuf_pp, int rsize)
+static ErlDrvSSizeT inet_ctl_getifaddrs(inet_descriptor* desc_p,
+					char **rbuf_pp, ErlDrvSizeT rsize)
 {
     struct ifaddrs *ifa_p, *ifa_free_p;
 
-    int buf_size;
+    ErlDrvSizeT buf_size;
     char *buf_p;
     char *buf_alloc_p;
 
@@ -5091,8 +5263,8 @@ static int inet_ctl_getifaddrs(inet_descriptor* desc_p,
 
 #else
 
-static int inet_ctl_getifaddrs(inet_descriptor* desc_p,
-			       char **rbuf_pp, int rsize)
+static ErlDrvSSizeT inet_ctl_getifaddrs(inet_descriptor* desc_p,
+					char **rbuf_pp, ErlDrvSizeT rsize)
 {
     return ctl_error(ENOTSUP, rbuf_pp, rsize);
 }
@@ -5893,7 +6065,7 @@ static int sctp_set_opts(inet_descriptor* desc, char* ptr, int len)
 	case SCTP_OPT_PRIMARY_ADDR:
 	case SCTP_OPT_SET_PEER_PRIMARY_ADDR:
 	{
-	    int alen;
+	    ErlDrvSizeT alen;
 	    char *after;
 	    
 	    CHKLEN(curr, ASSOC_ID_LEN);
@@ -5935,7 +6107,7 @@ static int sctp_set_opts(inet_descriptor* desc, char* ptr, int len)
 	}
 	case SCTP_OPT_PEER_ADDR_PARAMS:
 	{
-	    int alen;
+	    ErlDrvSizeT alen;
 	    char *after;
 #	    ifdef HAVE_STRUCT_SCTP_PADDRPARAMS_SPP_FLAGS
 	    int eflags, cflags, hb_enable, hb_disable,
@@ -6022,6 +6194,7 @@ static int sctp_set_opts(inet_descriptor* desc, char* ptr, int len)
 	    type    = SCTP_DEFAULT_SEND_PARAM;
 	    arg_ptr = (char*) (&arg.sri);
 	    arg_sz  = sizeof  ( arg.sri);
+	    VALGRIND_MAKE_MEM_DEFINED(arg_ptr, arg_sz); /*suppress "uninitialised bytes"*/
 	    break;
 	}
 	case SCTP_OPT_EVENTS:
@@ -6065,7 +6238,7 @@ static int sctp_set_opts(inet_descriptor* desc, char* ptr, int len)
 	    proto   = IPPROTO_SCTP;
 	    type    = SCTP_DELAYED_ACK_TIME;
 	    arg_ptr = (char*) (&arg.av);
-	    arg_sz  = sizeof  ( arg.es);
+	    arg_sz  = sizeof  ( arg.av);
 	    break;
 	}
 #	endif
@@ -6111,8 +6284,9 @@ static int sctp_set_opts(inet_descriptor* desc, char* ptr, int len)
 ** ptr should point to a buffer with 9*len +1 to be safe!!
 */
 
-static int inet_fill_opts(inet_descriptor* desc,
-			  char* buf, int len, char** dest, int destlen)
+static ErlDrvSSizeT inet_fill_opts(inet_descriptor* desc,
+				   char* buf, ErlDrvSizeT len,
+				   char** dest, ErlDrvSizeT destlen)
 {
     int type;
     int proto;
@@ -6122,8 +6296,8 @@ static int inet_fill_opts(inet_descriptor* desc,
     char* arg_ptr;
     unsigned int arg_sz;
     char *ptr = NULL;
-    int dest_used = 0;
-    int dest_allocated = destlen;
+    ErlDrvSizeT dest_used = 0;
+    ErlDrvSizeT dest_allocated = destlen;
     char *orig_dest = *dest;
 
     /* Ptr is a name parameter */ 
@@ -6138,7 +6312,7 @@ static int inet_fill_opts(inet_descriptor* desc,
 
 #define PLACE_FOR(Size,Ptr)						   \
     do {								   \
-	int need = dest_used + (Size);					   \
+	ErlDrvSizeT need = dest_used + (Size);					   \
 	if (need > INET_MAX_OPT_BUFFER) {				   \
 	    RETURN_ERROR();						   \
 	}								   \
@@ -6159,7 +6333,7 @@ static int inet_fill_opts(inet_descriptor* desc,
     /* Ptr is a name parameter */ 
 #define TRUNCATE_TO(Size,Ptr)				\
     do {						\
-	int new_need = ((Ptr) - (*dest)) + (Size);	\
+	ErlDrvSizeT new_need = ((Ptr) - (*dest)) + (Size);	\
 	if (new_need > dest_used) {			\
 	    erl_exit(1,"Internal error in inet_drv, "	\
 		     "miscalculated buffer size");	\
@@ -6449,8 +6623,9 @@ static int load_paddrinfo (ErlDrvTermData * spec, int i,
 /*
 **  "sctp_fill_opts":   Returns {ok, Results}, or an error:
 */
-static int sctp_fill_opts(inet_descriptor* desc, char* buf, int buflen,
-			  char** dest, int destlen)
+static ErlDrvSSizeT sctp_fill_opts(inet_descriptor* desc,
+				   char* buf, ErlDrvSizeT buflen,
+				   char** dest, ErlDrvSizeT destlen)
 {
     /* In contrast to the generic "inet_fill_opts", the output here is
        represented by tuples/records, which are formed in the "spec":
@@ -6840,7 +7015,7 @@ static int sctp_fill_opts(inet_descriptor* desc, char* buf, int buflen,
 	    unsigned int             sz = sizeof(ap);
 	    int                      n;
 	    char                    *after;
-	    int                      alen;
+	    ErlDrvSizeT              alen;
 	    
 	    if (buflen < ASSOC_ID_LEN) RETURN_ERROR(spec, -EINVAL);
 	    ap.spp_assoc_id = GET_ASSOC_ID(buf);
@@ -7080,7 +7255,7 @@ static int sctp_fill_opts(inet_descriptor* desc, char* buf, int buflen,
 	    struct sctp_paddrinfo  pai;
 	    unsigned int           sz = sizeof(pai);
 	    char                  *after;
-	    int                    alen;
+	    ErlDrvSizeT            alen;
 	    
 	    if (buflen < ASSOC_ID_LEN) RETURN_ERROR(spec, -EINVAL);
 	    pai.spinfo_assoc_id = GET_ASSOC_ID(buf);
@@ -7137,7 +7312,8 @@ static int sctp_fill_opts(inet_descriptor* desc, char* buf, int buflen,
 /* fill statistics reply, op codes from src and result in dest
 ** dst area must be a least 5*len + 1 bytes
 */
-static int inet_fill_stat(inet_descriptor* desc, char* src, int len, char* dst)
+static ErlDrvSSizeT inet_fill_stat(inet_descriptor* desc,
+				   char* src, ErlDrvSizeT len, char* dst)
 {
     unsigned long val;
     int op;
@@ -7170,7 +7346,7 @@ static int inet_fill_stat(inet_descriptor* desc, char* src, int len, char* dst)
 	    val = (unsigned long) desc->send_avg;
 	    break;
 	case INET_STAT_SEND_PND:  
-	    val = driver_sizeq(desc->port); 
+	    val = (unsigned long) driver_sizeq(desc->port);
 	    break;
 	case INET_STAT_RECV_OCT:
 	    put_int32(desc->recv_oct[1], dst);   /* write high 32bit */
@@ -7215,7 +7391,8 @@ send_empty_out_q_msgs(inet_descriptor* desc)
 /* subscribe and fill subscription reply, op codes from src and
 ** result in dest dst area must be a least 5*len + 1 bytes
 */
-static int inet_subscribe(inet_descriptor* desc, char* src, int len, char* dst)
+static ErlDrvSSizeT inet_subscribe(inet_descriptor* desc,
+				   char* src, ErlDrvSizeT len, char* dst)
 {
     unsigned long val;
     int op;
@@ -7302,6 +7479,8 @@ static ErlDrvData inet_start(ErlDrvPort port, int size, int protocol)
 
     sys_memzero((char *)&desc->remote,sizeof(desc->remote));
 
+    desc->is_ignored = 0;
+
     return (ErlDrvData)desc;
 }
 
@@ -7313,14 +7492,14 @@ static ErlDrvData inet_start(ErlDrvPort port, int size, int protocol)
 /*
 ** common TCP/UDP/SCTP control command
 */
-static int inet_ctl(inet_descriptor* desc, int cmd, char* buf, int len,
-		    char** rbuf, int rsize)
+static ErlDrvSSizeT inet_ctl(inet_descriptor* desc, int cmd, char* buf,
+			     ErlDrvSizeT len, char** rbuf, ErlDrvSizeT rsize)
 {
     switch (cmd) {
 
     case INET_REQ_GETSTAT: {
 	  char* dst;
-	  int i;
+	  ErlDrvSizeT i;
 	  int dstlen = 1;  /* Reply code */
 
 	  for (i = 0; i < len; i++) {
@@ -7360,7 +7539,7 @@ static int inet_ctl(inet_descriptor* desc, int cmd, char* buf, int len,
       }
 
     case INET_REQ_GETOPTS: {    /* get options */
-	int replen;
+	ErlDrvSSizeT replen;
 	DEBUGF(("inet_ctl(%ld): GETOPTS\r\n", (long)desc->port)); 
 #ifdef HAVE_SCTP
         if (IS_SCTP(desc))
@@ -7584,6 +7763,33 @@ static int inet_ctl(inet_descriptor* desc, int cmd, char* buf, int len,
 	return ctl_reply(INET_REP_OK, tbuf, 2, rbuf, rsize);
     }
 
+    case INET_REQ_IGNOREFD: {
+      DEBUGF(("inet_ctl(%ld): IGNOREFD, IGNORED = %d\r\n",
+	      (long)desc->port,(int)*buf));
+
+      /*
+       * FD can only be ignored for connected TCP connections for now,
+       * possible to add UDP and SCTP support if needed.
+       */
+      if (!IS_CONNECTED(desc))
+	  return ctl_error(ENOTCONN, rbuf, rsize);
+
+      if (!desc->stype == SOCK_STREAM)
+	  return ctl_error(EINVAL, rbuf, rsize);
+
+      if (*buf == 1 && !desc->is_ignored) {
+	  sock_select(desc, (FD_READ|FD_WRITE|FD_CLOSE|ERL_DRV_USE_NO_CALLBACK), 0);
+	  desc->is_ignored = INET_IGNORE_READ;
+      } else if (*buf == 0 && desc->is_ignored) {
+	  int flags = (FD_READ|FD_CLOSE|((desc->is_ignored & INET_IGNORE_WRITE)?FD_WRITE:0));
+	  desc->is_ignored = INET_IGNORE_NONE;
+	  sock_select(desc, flags, 1);
+      } else
+	  return ctl_error(EINVAL, rbuf, rsize);
+
+      return ctl_reply(INET_REP_OK, NULL, 0, rbuf, rsize);
+    }
+
 #ifndef VXWORKS
 
     case INET_REQ_GETSERVBYNAME: { /* L1 Name-String L2 Proto-String */
@@ -7644,7 +7850,7 @@ static int inet_ctl(inet_descriptor* desc, int cmd, char* buf, int len,
 }
 
 /* update statistics on output packets */
-static void inet_output_count(inet_descriptor* desc, int len)
+static void inet_output_count(inet_descriptor* desc, ErlDrvSizeT len)
 {
     unsigned long n = desc->send_cnt + 1;
     unsigned long t = desc->send_oct[0] + len;
@@ -7664,7 +7870,7 @@ static void inet_output_count(inet_descriptor* desc, int len)
 }
 
 /* update statistics on input packets */
-static void inet_input_count(inet_descriptor* desc, int len)
+static void inet_input_count(inet_descriptor* desc, ErlDrvSizeT len)
 {
     unsigned long n = desc->recv_cnt + 1;
     unsigned long t = desc->recv_oct[0] + len;
@@ -7787,7 +7993,7 @@ static void tcp_clear_input(tcp_descriptor* desc)
 static void tcp_clear_output(tcp_descriptor* desc)
 {
     ErlDrvPort ix  = desc->inet.port;
-    int qsz = driver_sizeq(ix);
+    ErlDrvSizeT qsz = driver_sizeq(ix);
 
     driver_deq(ix, qsz);
     send_empty_out_q_msgs(INETP(desc));
@@ -7955,10 +8161,12 @@ static void tcp_inet_stop(ErlDrvData e)
     
 
 /* TCP requests from Erlang */
-static int tcp_inet_ctl(ErlDrvData e, unsigned int cmd, char* buf, int len,
-			char** rbuf, int rsize)
+static ErlDrvSSizeT tcp_inet_ctl(ErlDrvData e, unsigned int cmd,
+				 char* buf, ErlDrvSizeT len,
+				 char** rbuf, ErlDrvSizeT rsize)
 {
     tcp_descriptor* desc = (tcp_descriptor*)e;
+
     switch(cmd) {
     case INET_REQ_OPEN: { /* open socket and return internal index */
 	int domain;
@@ -8224,13 +8432,14 @@ static int tcp_inet_ctl(ErlDrvData e, unsigned int cmd, char* buf, int len,
 	if (enq_async(INETP(desc), tbuf, TCP_REQ_RECV) < 0)
 	    return ctl_error(EALREADY, rbuf, rsize);
 
-	if (tcp_recv(desc, n) == 0) {
+	if (INETP(desc)->is_ignored || tcp_recv(desc, n) == 0) {
 	    if (timeout == 0)
 		async_error_am(INETP(desc), am_timeout);
 	    else {
 		if (timeout != INET_INFINITY)
-		    driver_set_timer(desc->inet.port, timeout); 
-		sock_select(INETP(desc),(FD_READ|FD_CLOSE),1);
+		    driver_set_timer(desc->inet.port, timeout);
+		if (!INETP(desc)->is_ignored)
+		    sock_select(INETP(desc),(FD_READ|FD_CLOSE),1);
 	    }
 	}
 	return ctl_reply(INET_REP_OK, tbuf, 2, rbuf, rsize);
@@ -8355,7 +8564,7 @@ static void tcp_inet_multi_timeout(ErlDrvData e, ErlDrvTermData caller)
 ** but distribution still uses the tcp_inet_command!!
 */
 
-static void tcp_inet_command(ErlDrvData e, char *buf, int len)
+static void tcp_inet_command(ErlDrvData e, char *buf, ErlDrvSizeT len)
 {
     tcp_descriptor* desc = (tcp_descriptor*)e;
     desc->inet.caller = driver_caller(desc->inet.port);
@@ -8574,8 +8783,15 @@ static int tcp_remain(tcp_descriptor* desc, int* len)
     else if (tlen == 0) { /* need unknown more */
         *len = 0;
         if (nsz == 0) {
-            if (nfill == n)
-                goto error;
+            if (nfill == n) {
+                if (desc->inet.psize != 0 && desc->inet.psize > nfill) {
+                    if (tcp_expand_buffer(desc, desc->inet.psize) < 0)
+                        return -1;
+                    return desc->inet.psize;
+                }
+                else
+                    goto error;
+            }
             DEBUGF((" => restart more=%d\r\n", nfill - n));
             return nfill - n;
         }
@@ -8970,6 +9186,7 @@ static int tcp_inet_input(tcp_descriptor* desc, HANDLE event)
 #ifdef DEBUG
     long port = (long) desc->inet.port;  /* Used after driver_exit() */
 #endif
+    ASSERT(!INETP(desc)->is_ignored);
     DEBUGF(("tcp_inet_input(%ld) {s=%d\r\n", port, desc->inet.s));
     if (desc->inet.state == INET_STATE_ACCEPTING) {
 	SOCKET s;
@@ -9176,12 +9393,12 @@ static int tcp_send_error(tcp_descriptor* desc, int err)
 */
 static int tcp_sendv(tcp_descriptor* desc, ErlIOVec* ev)
 {
-    int sz;
+    ErlDrvSizeT sz;
     char buf[4];
-    int h_len;
-    int n;
+    ErlDrvSizeT h_len;
+    ssize_t n;
     ErlDrvPort ix = desc->inet.port;
-    int len = ev->size;
+    ErlDrvSizeT len = ev->size;
 
      switch(desc->inet.htype) {
      case TCP_PB_1:
@@ -9229,9 +9446,13 @@ static int tcp_sendv(tcp_descriptor* desc, ErlIOVec* ev)
     else {
 	int vsize = (ev->vsize > MAX_VSIZE) ? MAX_VSIZE : ev->vsize;
 	
-	DEBUGF(("tcp_sendv(%ld): s=%d, about to send %d,%d bytes\r\n",
-		(long)desc->inet.port, desc->inet.s, h_len, len));
-	if (desc->tcp_add_flags & TCP_ADDF_DELAY_SEND) {
+	DEBUGF(("tcp_sendv(%ld): s=%d, about to send "LLU","LLU" bytes\r\n",
+		(long)desc->inet.port, desc->inet.s, (llu_t)h_len, (llu_t)len));
+
+	if (INETP(desc)->is_ignored) {
+	    INETP(desc)->is_ignored |= INET_IGNORE_WRITE;
+	    n = 0;
+	} else if (desc->tcp_add_flags & TCP_ADDF_DELAY_SEND) {
 	    n = 0;
 	} else if (IS_SOCKET_ERROR(sock_sendv(desc->inet.s, ev->iov,
 					      vsize, &n, 0))) {
@@ -9252,14 +9473,17 @@ static int tcp_sendv(tcp_descriptor* desc, ErlIOVec* ev)
 	    return 0;
 	}
 	else {
-	    DEBUGF(("tcp_sendv(%ld): s=%d, only sent %d/%d of %d/%d bytes/items\r\n", 
-			(long)desc->inet.port, desc->inet.s, n, vsize, ev->size, ev->vsize));
+	    DEBUGF(("tcp_sendv(%ld): s=%d, only sent "
+		    LLU"/%d of "LLU"/%d bytes/items\r\n",
+		    (long)desc->inet.port, desc->inet.s,
+		    (llu_t)n, vsize, (llu_t)ev->size, ev->vsize));
 	}
 
 	DEBUGF(("tcp_sendv(%ld): s=%d, Send failed, queuing\r\n", 
 		(long)desc->inet.port, desc->inet.s));
 	driver_enqv(ix, ev, n); 
-	sock_select(INETP(desc),(FD_WRITE|FD_CLOSE), 1);
+	if (!INETP(desc)->is_ignored)
+	    sock_select(INETP(desc),(FD_WRITE|FD_CLOSE), 1);
     }
     return 0;
 }
@@ -9267,7 +9491,7 @@ static int tcp_sendv(tcp_descriptor* desc, ErlIOVec* ev)
 /*
 ** Send non blocking data
 */
-static int tcp_send(tcp_descriptor* desc, char* ptr, int len)
+static int tcp_send(tcp_descriptor* desc, char* ptr, ErlDrvSizeT len)
 {
     int sz;
     char buf[4];
@@ -9322,9 +9546,12 @@ static int tcp_send(tcp_descriptor* desc, char* ptr, int len)
 	iov[1].iov_base = ptr;
 	iov[1].iov_len = len;
 
-	DEBUGF(("tcp_send(%ld): s=%d, about to send %d,%d bytes\r\n",
-		(long)desc->inet.port, desc->inet.s, h_len, len));
-	if (desc->tcp_add_flags & TCP_ADDF_DELAY_SEND) {
+	DEBUGF(("tcp_send(%ld): s=%d, about to send "LLU","LLU" bytes\r\n",
+		(long)desc->inet.port, desc->inet.s, (llu_t)h_len, (llu_t)len));
+	if (INETP(desc)->is_ignored) {
+	    INETP(desc)->is_ignored |= INET_IGNORE_WRITE;
+	    n = 0;
+	} else if (desc->tcp_add_flags & TCP_ADDF_DELAY_SEND) {
 	    sock_send(desc->inet.s, buf, 0, 0);
 	    n = 0;
 	} else 	if (IS_SOCKET_ERROR(sock_sendv(desc->inet.s,iov,2,&n,0))) {
@@ -9355,7 +9582,8 @@ static int tcp_send(tcp_descriptor* desc, char* ptr, int len)
 	    n -= h_len;
 	    driver_enq(ix, ptr+n, len-n);
 	}
-	sock_select(INETP(desc),(FD_WRITE|FD_CLOSE), 1);
+	if (!INETP(desc)->is_ignored)
+	    sock_select(INETP(desc),(FD_WRITE|FD_CLOSE), 1);
     }
     return 0;
 }
@@ -9379,6 +9607,7 @@ static int tcp_inet_output(tcp_descriptor* desc, HANDLE event)
     int ret = 0;
     ErlDrvPort ix = desc->inet.port;
 
+    ASSERT(!INETP(desc)->is_ignored);
     DEBUGF(("tcp_inet_output(%ld) {s=%d\r\n", 
 	    (long)desc->inet.port, desc->inet.s));
     if (desc->inet.state == INET_STATE_CONNECTING) {
@@ -9430,7 +9659,7 @@ static int tcp_inet_output(tcp_descriptor* desc, HANDLE event)
     else if (IS_CONNECTED(INETP(desc))) {
 	for (;;) {
 	    int vsize;
-	    int n;
+	    ssize_t n;
 	    SysIOVec* iov;
 
 	    if ((iov = driver_peekq(ix, &vsize)) == NULL) {
@@ -9641,10 +9870,10 @@ static int packet_error(udp_descriptor* udesc, int err)
 /*
 ** Various functions accessible via "port_control" on the Erlang side:
 */
-static int packet_inet_ctl(ErlDrvData e, unsigned int cmd, char* buf, int len,
-			   char** rbuf, int rsize)
+static ErlDrvSSizeT packet_inet_ctl(ErlDrvData e, unsigned int cmd, char* buf,
+				    ErlDrvSizeT len, char** rbuf, ErlDrvSizeT rsize)
 {
-    int replen;
+    ErlDrvSSizeT replen;
     udp_descriptor * udesc = (udp_descriptor *) e;
     inet_descriptor* desc  = INETP(udesc);
     int type = SOCK_DGRAM;
@@ -9754,7 +9983,6 @@ static int packet_inet_ctl(ErlDrvData e, unsigned int cmd, char* buf, int len,
 	DEBUGF(("packet_inet_ctl(%ld): CLOSE\r\n", (long)desc->port)); 
 	erl_inet_close(desc);
 	return ctl_reply(INET_REP_OK, NULL, 0, rbuf, rsize);
-	return 0;
 
 
     case INET_REQ_CONNECT:  {
@@ -9900,7 +10128,7 @@ static int packet_inet_ctl(ErlDrvData e, unsigned int cmd, char* buf, int len,
 		    /* List item format: Port(2), IP(4|16) -- compatible with
 		       "inet_set_address": */
 		    inet_address tmp;
-		    int  alen  = buf + len - curr;
+		    ErlDrvSizeT alen  = buf + len - curr;
 		    curr = inet_set_address(desc->sfamily, &tmp, curr, &alen);
 		    if (curr == NULL)
 			return ctl_error(EINVAL, rbuf, rsize);
@@ -10025,13 +10253,13 @@ static void packet_inet_timeout(ErlDrvData e)
 ** There is no destination address -- SCTYP send is performed over
 ** an existing association, using "sctp_sndrcvinfo" specified.
 */
-static void packet_inet_command(ErlDrvData e, char* buf, int len)
+static void packet_inet_command(ErlDrvData e, char* buf, ErlDrvSizeT len)
 {
     udp_descriptor * udesc= (udp_descriptor*) e;
     inet_descriptor* desc = INETP(udesc);
     char* ptr		  = buf;
     char* qtr;
-    int sz;
+    ErlDrvSizeT sz;
     int code;
     inet_address other;
 
@@ -10049,7 +10277,7 @@ static void packet_inet_command(ErlDrvData e, char* buf, int len)
 #ifdef HAVE_SCTP
     if (IS_SCTP(desc))
     {
-	int           data_len;
+	ErlDrvSizeT   data_len;
 	struct iovec  iov[1];		 /* For real data            */
 	struct msghdr mhdr;		 /* Message wrapper          */
 	struct sctp_sndrcvinfo *sri;     /* The actual ancilary data */
@@ -10085,6 +10313,7 @@ static void packet_inet_command(ErlDrvData e, char* buf, int len)
 	mhdr.msg_iovlen         = 1;
 	mhdr.msg_control        = cmsg.ancd;    /* For ancilary data  */
 	mhdr.msg_controllen     = cmsg.hdr.cmsg_len;
+	VALGRIND_MAKE_MEM_DEFINED(mhdr.msg_control, mhdr.msg_controllen); /*suppress "uninitialised bytes"*/
 	mhdr.msg_flags          = 0;            /* Not used with "sendmsg"   */
 	
 	/* Now do the actual sending. NB: "flags" in "sendmsg" itself are NOT
@@ -10269,6 +10498,7 @@ static int packet_inet_input(udp_descriptor* udesc, HANDLE event)
 	    int code;
 	    void * extra = NULL;
 	    char * ptr;
+	    int nsz;
 
 	    inet_input_count(desc, n);
 	    udesc->i_ptr += n;
@@ -10282,17 +10512,19 @@ static int packet_inet_input(udp_descriptor* udesc, HANDLE event)
 	    ptr = udesc->i_buf->orig_bytes + sizeof(other) - len;
 	    sys_memcpy(ptr, abuf, len);
 
+	    nsz = udesc->i_ptr - ptr;
+
 	    /* Check if we need to reallocate binary */
-	    if ((desc->mode == INET_MODE_BINARY) &&
-		(desc->hsz < (udesc->i_ptr - ptr)) &&
-		((udesc->i_ptr - ptr) + BIN_REALLOC_MARGIN(desc->bufsz) >=
-		 udesc->i_bufsz)) {
+	    if ((desc->mode == INET_MODE_BINARY)
+		&& (desc->hsz < (nsz - len))
+		&& (nsz + BIN_REALLOC_MARGIN(desc->bufsz) < udesc->i_bufsz)) {
 		ErlDrvBinary* tmp;
 		int bufsz;
 		bufsz = udesc->i_ptr - udesc->i_buf->orig_bytes;
 		if ((tmp = realloc_buffer(udesc->i_buf, bufsz)) != NULL) {
 		    udesc->i_buf = tmp;
 		    udesc->i_bufsz = bufsz;
+		    udesc->i_ptr = NULL;  /* not used from here */
 		}
 	    }
 #ifdef HAVE_SCTP
@@ -10300,8 +10532,8 @@ static int packet_inet_input(udp_descriptor* udesc, HANDLE event)
 #endif
 	    /* Actual parsing and return of the data received, occur here: */
 	    code = packet_reply_binary_data(desc, len, udesc->i_buf,
-					    ptr - udesc->i_buf->orig_bytes,
-					    udesc->i_ptr - ptr,
+					    (sizeof(other) - len),
+					    nsz,
 					    extra);
 	    free_buffer(udesc->i_buf);
 	    udesc->i_buf = NULL;
@@ -10793,7 +11025,7 @@ int erts_sock_connect(erts_sock_t socket, byte *ip_addr, int len, Uint16 port)
 {
     SOCKET s = (SOCKET) socket;
     char buf[2 + 4];
-    int blen = 6;
+    ErlDrvSizeT blen = 6;
     inet_address addr;
 
     if (socket == ERTS_SOCK_INVALID_SOCKET || len != 4)
diff --git a/erts/emulator/drivers/common/ram_file_drv.c b/erts/emulator/drivers/common/ram_file_drv.c
index abedcc933a..a109e40333 100644
--- a/erts/emulator/drivers/common/ram_file_drv.c
+++ b/erts/emulator/drivers/common/ram_file_drv.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 1997-2010. All Rights Reserved.
+ * Copyright Ericsson AB 1997-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -98,7 +98,7 @@ typedef unsigned char uchar;
 static ErlDrvData rfile_start(ErlDrvPort, char*);
 static int rfile_init(void);
 static void rfile_stop(ErlDrvData);
-static void rfile_command(ErlDrvData, char*, int);
+static void rfile_command(ErlDrvData, char*, ErlDrvSizeT);
 
 
 struct erl_drv_entry ram_file_driver_entry = {
@@ -108,7 +108,23 @@ struct erl_drv_entry ram_file_driver_entry = {
     rfile_command,
     NULL,
     NULL,
-    "ram_file_drv"
+    "ram_file_drv",
+    NULL,
+    NULL, /* handle */
+    NULL, /* control */
+    NULL, /* timeout */
+    NULL, /* outputv */
+    NULL, /* ready_async */
+    NULL, /* flush */
+    NULL, /* call */
+    NULL, /* event */
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL,
 };
 
 /* A File is represented as a array of bytes, this array is
@@ -121,9 +137,9 @@ typedef struct ram_file {
     int flags;          /* flags read/write */
     ErlDrvBinary* bin;  /* binary to hold binary file */
     char* buf;          /* buffer start (in binary) */
-    int size;           /* buffer size (allocated) */
-    int cur;            /* current position in buffer */
-    int end;            /* end position in buffer */
+    ErlDrvSSizeT size;   /* buffer size (allocated) */
+    ErlDrvSSizeT cur;    /* current position in buffer */
+    ErlDrvSSizeT end;            /* end position in buffer */
 } RamFile;
 
 #ifdef LOADABLE
@@ -211,7 +227,7 @@ static int reply(RamFile *f, int ok, int err)
     return 0;
 }
 
-static int numeric_reply(RamFile *f, int result)
+static int numeric_reply(RamFile *f, ErlDrvSSizeT result)
 {
     char tmp[5];
 
@@ -231,7 +247,8 @@ static int numeric_reply(RamFile *f, int result)
 
 /* install bin as the new binary reset all pointer */
 
-static void ram_file_set(RamFile *f, ErlDrvBinary *bin, int bsize, int len)
+static void ram_file_set(RamFile *f, ErlDrvBinary *bin,
+			 ErlDrvSSizeT bsize, ErlDrvSSizeT len)
 {
     f->size = bsize;
     f->buf = bin->orig_bytes;
@@ -240,9 +257,9 @@ static void ram_file_set(RamFile *f, ErlDrvBinary *bin, int bsize, int len)
     f->bin = bin;
 }
 
-static int ram_file_init(RamFile *f, char *buf, int count, int *error)
+static int ram_file_init(RamFile *f, char *buf, ErlDrvSSizeT count, int *error)
 {
-    int bsize;
+    ErlDrvSSizeT bsize;
     ErlDrvBinary* bin;
     
     if (count < 0) {
@@ -268,9 +285,9 @@ static int ram_file_init(RamFile *f, char *buf, int count, int *error)
     return count;
 }
 
-static int ram_file_expand(RamFile *f, int size, int *error)
+static ErlDrvSSizeT ram_file_expand(RamFile *f, ErlDrvSSizeT size, int *error)
 {
-    int bsize;
+    ErlDrvSSizeT bsize;
     ErlDrvBinary* bin;
     
     if (size < 0) {
@@ -298,10 +315,10 @@ static int ram_file_expand(RamFile *f, int size, int *error)
 }
 
 
-static int ram_file_write(RamFile *f, char *buf, int len, 
-			  int *location, int *error)
+static ErlDrvSSizeT ram_file_write(RamFile *f, char *buf, ErlDrvSSizeT len,
+			  ErlDrvSSizeT *location, int *error)
 {
-    int cur = f->cur;
+    ErlDrvSSizeT cur = f->cur;
     
     if (!(f->flags & RAM_FILE_MODE_WRITE)) {
 	*error = EBADF;
@@ -322,11 +339,11 @@ static int ram_file_write(RamFile *f, char *buf, int len,
     return len;
 }
 
-static int ram_file_read(RamFile *f, int len, ErlDrvBinary **bp, 
-			 int *location, int *error)
+static ErlDrvSSizeT ram_file_read(RamFile *f, ErlDrvSSizeT len, ErlDrvBinary **bp,
+			 ErlDrvSSizeT *location, int *error)
 {
     ErlDrvBinary* bin;
-    int cur = f->cur;
+    ErlDrvSSizeT cur = f->cur;
     
     if (!(f->flags & RAM_FILE_MODE_READ)) {
 	*error = EBADF;
@@ -352,9 +369,10 @@ static int ram_file_read(RamFile *f, int len, ErlDrvBinary **bp,
     return len;
 }
 
-static int ram_file_seek(RamFile *f, int offset, int whence, int *error)
+static ErlDrvSSizeT ram_file_seek(RamFile *f, ErlDrvSSizeT offset, int whence,
+				 int *error)
 {
-    int pos;
+    ErlDrvSSizeT pos;
 
     if (f->flags == 0) {
 	*error = EBADF;
@@ -389,13 +407,13 @@ static int ram_file_seek(RamFile *f, int offset, int whence, int *error)
 
 static int ram_file_uuencode(RamFile *f)
 {
-    int code_len = UULINE(UNIX_LINE);
-    int len = f->end;
-    int usize = 4*((len+2)/3) + 2*((len+code_len-1)/code_len) + 2;    
+    ErlDrvSSizeT code_len = UULINE(UNIX_LINE);
+    ErlDrvSSizeT len = f->end;
+    ErlDrvSSizeT usize = 4*((len+2)/3) + 2*((len+code_len-1)/code_len) + 2;
     ErlDrvBinary* bin;
     uchar* inp;
     uchar* outp;
-    int count = 0;
+    ErlDrvSSizeT count = 0;
 
     if ((bin = driver_alloc_binary(usize)) == NULL)
 	return error_reply(f, ENOMEM);
@@ -447,8 +465,8 @@ static int ram_file_uuencode(RamFile *f)
 
 static int ram_file_uudecode(RamFile *f)
 {
-    int len = f->end;
-    int usize = ( (len+3) / 4 ) * 3;
+    ErlDrvSSizeT len = f->end;
+    ErlDrvSSizeT usize = ( (len+3) / 4 ) * 3;
     ErlDrvBinary* bin;
     uchar* inp;
     uchar* outp;
@@ -510,7 +528,7 @@ static int ram_file_uudecode(RamFile *f)
 
 static int ram_file_compress(RamFile *f)
 {
-    int size = f->end;
+    ErlDrvSSizeT size = f->end;
     ErlDrvBinary* bin;
 
     if ((bin = erts_gzdeflate_buffer(f->buf, size)) == NULL) {
@@ -528,7 +546,7 @@ static int ram_file_compress(RamFile *f)
 
 static int ram_file_uncompress(RamFile *f)
 {
-    int size = f->end;
+    ErlDrvSSizeT size = f->end;
     ErlDrvBinary* bin;
 
     if ((bin = erts_gzinflate_buffer(f->buf, size)) == NULL) {
@@ -541,15 +559,15 @@ static int ram_file_uncompress(RamFile *f)
 }
 
 
-static void rfile_command(ErlDrvData e, char* buf, int count)
+static void rfile_command(ErlDrvData e, char* buf, ErlDrvSizeT count)
 {
     RamFile* f = (RamFile*)e;
     int error = 0;
     ErlDrvBinary* bin;
     char header[5];     /* result code + count */
-    int offset;
-    int origin;		/* Origin of seek. */
-    int n;
+    ErlDrvSSizeT offset;
+    ErlDrvSSizeT origin;		/* Origin of seek. */
+    ErlDrvSSizeT n;
 
     count--;
     switch(*(uchar*)buf++) {
diff --git a/erts/emulator/drivers/common/zlib_drv.c b/erts/emulator/drivers/common/zlib_drv.c
index f50899a730..da4a17db1a 100644
--- a/erts/emulator/drivers/common/zlib_drv.c
+++ b/erts/emulator/drivers/common/zlib_drv.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2003-2010. All Rights Reserved.
+ * Copyright Ericsson AB 2003-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -64,8 +64,8 @@
 static int zlib_init(void);
 static ErlDrvData zlib_start(ErlDrvPort port, char* buf);
 static void zlib_stop(ErlDrvData e);
-static int zlib_ctl(ErlDrvData drv_data, unsigned int command, char *buf, 
-		    int len, char **rbuf, int rlen);
+static ErlDrvSSizeT zlib_ctl(ErlDrvData drv_data, unsigned int command, char *buf,
+			     ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen);
 static void zlib_outputv(ErlDrvData drv_data, ErlIOVec *ev);
 
 ErlDrvEntry zlib_driver_entry = {
@@ -162,12 +162,12 @@ static char* zlib_reason(int code, int* err)
 }
 
 
-static int zlib_return(int code, char** rbuf, int rlen)
+static ErlDrvSSizeT zlib_return(int code, char** rbuf, ErlDrvSizeT rlen)
 {
     int msg_code = 0; /* 0=ok, 1=error */
     char* dst = *rbuf;
     char* src;
-    int len = 0;
+    ErlDrvSizeT len = 0;
 
     src = zlib_reason(code, &msg_code);
     *dst++ = msg_code;
@@ -182,7 +182,8 @@ static int zlib_return(int code, char** rbuf, int rlen)
     return len;
 }
 
-static int zlib_value2(int msg_code, int value, char** rbuf, int rlen)
+static ErlDrvSSizeT zlib_value2(int msg_code, int value,
+				char** rbuf, ErlDrvSizeT rlen)
 {
     char* dst = *rbuf;
 
@@ -197,7 +198,7 @@ static int zlib_value2(int msg_code, int value, char** rbuf, int rlen)
     return 5;
 }
 
-static int zlib_value(int value, char** rbuf, int rlen)
+static ErlDrvSSizeT zlib_value(int value, char** rbuf, ErlDrvSizeT rlen)
 {
     return zlib_value2(2, value, rbuf, rlen);
 }
@@ -409,8 +410,8 @@ static void zlib_stop(ErlDrvData e)
     driver_free(d);
 }
 
-static int zlib_ctl(ErlDrvData drv_data, unsigned int command, char *buf, 
-		    int len, char **rbuf, int rlen)
+static ErlDrvSSizeT zlib_ctl(ErlDrvData drv_data, unsigned int command, char *buf,
+			     ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen)
 {
     ZLibData* d = (ZLibData*)drv_data;
     int res;
diff --git a/erts/emulator/drivers/unix/ttsl_drv.c b/erts/emulator/drivers/unix/ttsl_drv.c
index 45d39a559f..b29f80a8ba 100644
--- a/erts/emulator/drivers/unix/ttsl_drv.c
+++ b/erts/emulator/drivers/unix/ttsl_drv.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 1996-2010. All Rights Reserved.
+ * Copyright Ericsson AB 1996-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -106,7 +106,7 @@ static int lpos;                /* The current "cursor position" in the line buf
 
 /* Main interface functions. */
 static void ttysl_stop(ErlDrvData);
-static void ttysl_from_erlang(ErlDrvData, char*, int);
+static void ttysl_from_erlang(ErlDrvData, char*, ErlDrvSizeT);
 static void ttysl_from_tty(ErlDrvData, ErlDrvEvent);
 static void ttysl_stop_select(ErlDrvEvent, void*);
 static Sint16 get_sint16(char*);
@@ -141,7 +141,8 @@ static void update_cols(void);
 static int tty_init(int,int,int,int);
 static int tty_set(int);
 static int tty_reset(int);
-static int ttysl_control(ErlDrvData, unsigned int, char *, int, char **, int);
+static ErlDrvSSizeT ttysl_control(ErlDrvData, unsigned int,
+				  char *, ErlDrvSizeT, char **, ErlDrvSizeT);
 #ifdef ERTS_NOT_USED
 static RETSIGTYPE suspend(int);
 #endif
@@ -345,13 +346,13 @@ static void ttysl_get_window_size(Uint32 *width, Uint32 *height)
     *height = DEF_HEIGHT;
 }
     
-static int ttysl_control(ErlDrvData drv_data,
-			 unsigned int command,
-			 char *buf, int len,
-			 char **rbuf, int rlen)
+static ErlDrvSSizeT ttysl_control(ErlDrvData drv_data,
+				  unsigned int command,
+				  char *buf, ErlDrvSizeT len,
+				  char **rbuf, ErlDrvSizeT rlen)
 {
     char resbuff[2*sizeof(Uint32)];
-    int res_size;
+    ErlDrvSizeT res_size;
     switch (command) {
     case CTRL_OP_GET_WINSIZE:
 	{
@@ -633,14 +634,14 @@ static int check_buf_size(byte *s, int n)
 }
 
 
-static void ttysl_from_erlang(ErlDrvData ttysl_data, char* buf, int count)
+static void ttysl_from_erlang(ErlDrvData ttysl_data, char* buf, ErlDrvSizeT count)
 {
     if (lpos > MAXSIZE) 
 	put_chars((byte*)"\n", 1);
 
     switch (buf[0]) {
     case OP_PUTC:
-	DEBUGLOG(("OP: Putc(%d)",count-1));
+	DEBUGLOG(("OP: Putc(%lu)",(unsigned long) count-1));
 	if (check_buf_size((byte*)buf+1, count-1) == 0)
 	    return; 
 	put_chars((byte*)buf+1, count-1);
diff --git a/erts/emulator/drivers/unix/unix_efile.c b/erts/emulator/drivers/unix/unix_efile.c
index 4b3934657c..796843a735 100644
--- a/erts/emulator/drivers/unix/unix_efile.c
+++ b/erts/emulator/drivers/unix/unix_efile.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 1997-2010. All Rights Reserved.
+ * Copyright Ericsson AB 1997-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -33,6 +33,9 @@
 #include <sys/types.h>
 #include <sys/uio.h>
 #endif
+#if defined(HAVE_SENDFILE) && (defined(__linux__) || (defined(__sun) && defined(__SVR4)))
+#include <sys/sendfile.h>
+#endif
 
 #if defined(__APPLE__) && defined(__MACH__) && !defined(__DARWIN__)
 #define DARWIN 1
@@ -813,7 +816,6 @@ efile_fileinfo(Efile_error* errInfo, Efile_info* pInfo,
 	       char* name, int info_for_link)
 {
     struct stat statbuf;	/* Information about the file */
-    struct tm *timep;		/* Broken-apart filetime. */
     int result;
 
 #ifdef VXWORKS
@@ -880,40 +882,17 @@ efile_fileinfo(Efile_error* errInfo, Efile_info* pInfo,
     else
 	pInfo->type = FT_OTHER;
 
-#if defined(HAVE_LOCALTIME_R) || defined(VXWORKS)
-    {
-	/* Use the reentrant version of localtime() */
-	static struct tm local_tm;
-#define localtime(a) (localtime_r((a), &local_tm), &local_tm)
-#endif
-
-
-#define GET_TIME(dst, src) \
-    timep = localtime(&statbuf.src); \
-    (dst).year = timep->tm_year+1900; \
-    (dst).month = timep->tm_mon+1; \
-    (dst).day = timep->tm_mday; \
-    (dst).hour = timep->tm_hour; \
-    (dst).minute = timep->tm_min; \
-    (dst).second = timep->tm_sec
-
-    GET_TIME(pInfo->accessTime, st_atime);
-    GET_TIME(pInfo->modifyTime, st_mtime);
-    GET_TIME(pInfo->cTime, st_ctime);
-
-#undef GET_TIME
+    pInfo->accessTime   = statbuf.st_atime;
+    pInfo->modifyTime   = statbuf.st_mtime;
+    pInfo->cTime        = statbuf.st_ctime;
 
-#if defined(HAVE_LOCALTIME_R) || defined(VXWORKS)
-    }
-#endif
-
-    pInfo->mode = statbuf.st_mode;
-    pInfo->links = statbuf.st_nlink;
+    pInfo->mode         = statbuf.st_mode;
+    pInfo->links        = statbuf.st_nlink;
     pInfo->major_device = statbuf.st_dev;
     pInfo->minor_device = statbuf.st_rdev;
-    pInfo->inode = statbuf.st_ino;
-    pInfo->uid = statbuf.st_uid;
-    pInfo->gid = statbuf.st_gid;
+    pInfo->inode        = statbuf.st_ino;
+    pInfo->uid          = statbuf.st_uid;
+    pInfo->gid          = statbuf.st_gid;
 
     return 1;
 }
@@ -921,6 +900,8 @@ efile_fileinfo(Efile_error* errInfo, Efile_info* pInfo,
 int
 efile_write_info(Efile_error *errInfo, Efile_info *pInfo, char *name)
 {
+    struct utimbuf tval;
+
     CHECK_PATHLEN(name, errInfo);
 
 #ifdef VXWORKS
@@ -973,38 +954,18 @@ efile_write_info(Efile_error *errInfo, Efile_info *pInfo, char *name)
 
 #endif /* !VXWORKS */
 
-    if (pInfo->accessTime.year != -1 && pInfo->modifyTime.year != -1) {
-	struct utimbuf tval;
-	struct tm timebuf;
-
-#define MKTIME(tb, ts) \
-    timebuf.tm_year = ts.year-1900; \
-    timebuf.tm_mon = ts.month-1; \
-    timebuf.tm_mday = ts.day; \
-    timebuf.tm_hour = ts.hour; \
-    timebuf.tm_min = ts.minute; \
-    timebuf.tm_sec = ts.second; \
-    timebuf.tm_isdst = -1; \
-    if ((tb = mktime(&timebuf)) == (time_t) -1) { \
-       errno = EINVAL; \
-       return check_error(-1, errInfo); \
-    }
+    tval.actime  = pInfo->accessTime;
+    tval.modtime = pInfo->modifyTime;
 
-        MKTIME(tval.actime, pInfo->accessTime);
-	MKTIME(tval.modtime, pInfo->modifyTime);
-#undef MKTIME
-	
 #ifdef VXWORKS
-	/* VxWorks' utime doesn't work when the file is a nfs mounted
-	 * one, don't report error if utime fails.
-	 */
-	utime(name, &tval);
-	return 1;
+    /* VxWorks' utime doesn't work when the file is a nfs mounted
+     * one, don't report error if utime fails.
+     */
+    utime(name, &tval);
+    return 1;
 #else
-	return check_error(utime(name, &tval), errInfo);
+    return check_error(utime(name, &tval), errInfo);
 #endif
-    }
-    return 1;
 }
 
 
@@ -1043,13 +1004,11 @@ efile_writev(Efile_error* errInfo,   /* Where to return error codes */
 				      * opened */
 	     int fd,                 /* File descriptor to write to */
 	     SysIOVec* iov,          /* Vector of buffer structs.
-				      * The structs are unchanged 
-				      * after the call */
-	     int iovcnt,             /* Number of structs in vector */
-	     size_t size)            /* Number of bytes to write */
+				      * The structs may be changed i.e.
+				      * due to incomplete writes */
+	     int iovcnt)             /* Number of structs in vector */
 {
     int cnt = 0;                     /* Buffers so far written */
-    int p = 0;                       /* Position in next buffer */
 
     ASSERT(iovcnt >= 0);
     
@@ -1060,66 +1019,47 @@ efile_writev(Efile_error* errInfo,   /* Where to return error codes */
 #endif
 
     while (cnt < iovcnt) {
+	if ((! iov[cnt].iov_base) || (iov[cnt].iov_len <= 0)) {
+	    /* Empty buffer - skip */
+	    cnt++;
+	} else { /* Non-empty buffer */
+	    ssize_t w;                   /* Bytes written in this call */
 #ifdef HAVE_WRITEV
-	int w;                       /* Bytes written in this call */
-	int b = iovcnt - cnt;        /* Buffers to write */
-	if (b > MAXIOV)
-	    b = MAXIOV;
-	if (iov[cnt].iov_base && iov[cnt].iov_len > 0) {
-	    if (b == 1) {
-		/* Degenerated io vector */
-		do {
-		    w = write(fd, iov[cnt].iov_base + p, iov[cnt].iov_len - p);
-		} while (w < 0 && errno == EINTR);
-	    } else {
-		/* Non-empty vector first.
-		 * Adjust pos in first buffer in case of 
-		 * previous incomplete writev */
-		iov[cnt].iov_base += p;
-		iov[cnt].iov_len  -= p;
+	    int b = iovcnt - cnt;        /* Buffers to write */
+	    /* Use as many buffers as MAXIOV allows */
+	    if (b > MAXIOV)
+		b = MAXIOV;
+	    if (b > 1) {
 		do {
 		    w = writev(fd, &iov[cnt], b);
 		} while (w < 0 && errno == EINTR);
-		iov[cnt].iov_base -= p;
-		iov[cnt].iov_len  += p;
-	    }
-	    if (w < 0)
-		return check_error(-1, errInfo);
-	} else {
-	    /* Empty vector first - skip */
-	    cnt++;
-	    continue;
-	}
-	ASSERT(w >= 0);
-	/* Move forward to next vector to write */
-	for (; cnt < iovcnt; cnt++) {
-	    if (iov[cnt].iov_base && iov[cnt].iov_len > 0) {
-		if (w < iov[cnt].iov_len)
-		    break;
-		else
-		    w -= iov[cnt].iov_len;
-	    }
-	}
-	ASSERT(w >= 0);
-	p = w > 0 ? w : 0; /* Skip p bytes next writev */
-#else /* #ifdef HAVE_WRITEV */
-	if (iov[cnt].iov_base && iov[cnt].iov_len > 0) {
-	    /* Non-empty vector */
-	    int w;                   /* Bytes written in this call */
-	    while (p < iov[cnt].iov_len) {
-		do {
-		    w = write(fd, iov[cnt].iov_base + p, iov[cnt].iov_len - p);
-		} while (w < 0 && errno == EINTR);
-		if (w < 0)
-		    return check_error(-1, errInfo);
-		p += w;
+	    } else
+		/* Degenerated io vector - use regular write */
+#endif
+		{
+		    do {
+			w = write(fd, iov[cnt].iov_base, iov[cnt].iov_len);
+		    } while (w < 0 && errno == EINTR);
+		    ASSERT(w <= iov[cnt].iov_len);
+		}
+	    if (w < 0) return check_error(-1, errInfo);
+	    /* Move forward to next buffer to write */
+	    for (; cnt < iovcnt && w > 0; cnt++) {
+		if (iov[cnt].iov_base && iov[cnt].iov_len > 0) {
+		    if (w < iov[cnt].iov_len) {
+			/* Adjust the buffer for next write */
+			iov[cnt].iov_len -= w;
+			iov[cnt].iov_base += w;
+			w = 0;
+			break;
+		    } else {
+			w -= iov[cnt].iov_len;
+		    }
+		}
 	    }
-	}
-	cnt++;
-	p = 0;
-#endif /* #ifdef HAVE_WRITEV */
+	    ASSERT(w == 0);
+	} /* else Non-empty buffer */
     } /* while (cnt< iovcnt) */
-    size = 0; /* Avoid compiler warning */
     return 1;
 }
 
@@ -1464,3 +1404,108 @@ efile_fadvise(Efile_error* errInfo, int fd, Sint64 offset,
     return check_error(0, errInfo);
 #endif
 }
+
+#ifdef HAVE_SENDFILE
+// For some reason the maximum size_t cannot be used as the max size
+// 3GB seems to work on all platforms
+#define SENDFILE_CHUNK_SIZE ((1UL << 30) -1)
+
+/*
+ * sendfile: The implementation of the sendfile system call varies
+ * a lot on different *nix platforms so to make the api similar in all
+ * we have to emulate some things in linux and play with variables on
+ * bsd/darwin.
+ *
+ * All of the calls will split a command which tries to send more than
+ * SENDFILE_CHUNK_SIZE of data at once.
+ *
+ * On platforms where *nbytes of 0 does not mean the entire file, this is
+ * simulated.
+ *
+ * It could be possible to implement header/trailer in sendfile. Though
+ * you would have to emulate it in linux and on BSD/Darwin some complex
+ * calculations have to be made when using a non blocking socket to figure
+ * out how much of the header/file/trailer was sent in each command.
+ */
+
+int
+efile_sendfile(Efile_error* errInfo, int in_fd, int out_fd,
+	       off_t *offset, Uint64 *nbytes, struct t_sendfile_hdtl* hdtl)
+{
+    Uint64 written = 0;
+#if defined(__linux__)
+    ssize_t retval;
+    do {
+      // check if *nbytes is 0 or greater than chunk size
+      if (*nbytes == 0 || *nbytes > SENDFILE_CHUNK_SIZE)
+	retval = sendfile(out_fd, in_fd, offset, SENDFILE_CHUNK_SIZE);
+      else
+	retval = sendfile(out_fd, in_fd, offset, *nbytes);
+      if (retval > 0) {
+	written += retval;
+	*nbytes -= retval;
+      }
+    } while (retval == SENDFILE_CHUNK_SIZE);
+    *nbytes = written;
+    return check_error(retval == -1 ? -1 : 0, errInfo);
+#elif defined(__sun) && defined(__SVR4) && defined(HAVE_SENDFILEV)
+    ssize_t retval;
+    size_t len;
+    sendfilevec_t fdrec;
+    fdrec.sfv_fd = in_fd;
+    fdrec.sfv_flag = 0;
+    do {
+      fdrec.sfv_off = *offset;
+      len = 0;
+      // check if *nbytes is 0 or greater than chunk size
+      if (*nbytes == 0 || *nbytes > SENDFILE_CHUNK_SIZE)
+	fdrec.sfv_len = SENDFILE_CHUNK_SIZE;
+      else
+	fdrec.sfv_len = *nbytes;
+      retval = sendfilev(out_fd, &fdrec, 1, &len);
+      if (retval != -1 || errno == EAGAIN || errno == EINTR) {
+        *offset += len;
+	*nbytes -= len;
+	written += len;
+      }
+    } while (len == SENDFILE_CHUNK_SIZE);
+    *nbytes = written;
+    return check_error(retval == -1 ? -1 : 0, errInfo);
+#elif defined(DARWIN)
+    int retval;
+    off_t len;
+    do {
+      // check if *nbytes is 0 or greater than chunk size
+      if(*nbytes > SENDFILE_CHUNK_SIZE)
+	len = SENDFILE_CHUNK_SIZE;
+      else
+	len = *nbytes;
+      retval = sendfile(in_fd, out_fd, *offset, &len, NULL, 0);
+      if (retval != -1 || errno == EAGAIN || errno == EINTR) {
+        *offset += len;
+	*nbytes -= len;
+	written += len;
+      }
+    } while (len == SENDFILE_CHUNK_SIZE);
+    *nbytes = written;
+    return check_error(retval, errInfo);
+#elif defined(__FreeBSD__) || defined(__DragonFly__)
+    off_t len;
+    int retval;
+    do {
+      if (*nbytes > SENDFILE_CHUNK_SIZE)
+	retval = sendfile(in_fd, out_fd, *offset, SENDFILE_CHUNK_SIZE,
+			  NULL, &len, 0);
+      else
+	retval = sendfile(in_fd, out_fd, *offset, *nbytes, NULL, &len, 0);
+      if (retval != -1 || errno == EAGAIN || errno == EINTR) {
+	*offset += len;
+	*nbytes -= len;
+	written += len;
+      }
+    } while(len == SENDFILE_CHUNK_SIZE);
+    *nbytes = written;
+    return check_error(retval, errInfo);
+#endif
+}
+#endif /* HAVE_SENDFILE */
diff --git a/erts/emulator/drivers/win32/registry_drv.c b/erts/emulator/drivers/win32/registry_drv.c
index 05fd2ea55f..1fad34e380 100644
--- a/erts/emulator/drivers/win32/registry_drv.c
+++ b/erts/emulator/drivers/win32/registry_drv.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 1997-2009. All Rights Reserved.
+ * Copyright Ericsson AB 1997-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -84,7 +84,7 @@ static int maperror(DWORD error);
 static int reg_init(void);
 static ErlDrvData reg_start(ErlDrvPort, char*);
 static void reg_stop(ErlDrvData);
-static void reg_from_erlang(ErlDrvData, char*, int);
+static void reg_from_erlang(ErlDrvData, char*, ErlDrvSizeT);
 
 struct erl_drv_entry registry_driver_entry = {
     reg_init,
@@ -95,10 +95,21 @@ struct erl_drv_entry registry_driver_entry = {
     NULL,
     "registry__drv__",
     NULL,
+    NULL, /* handle */
+    NULL, /* control */
+    NULL, /* timeout */
+    NULL, /* outputv */
+    NULL, /* ready_async */
+    NULL, /* flush */
+    NULL, /* call */
+    NULL, /* event */
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
     NULL,
     NULL,
     NULL,
-    NULL
 };
 
 static int
@@ -158,7 +169,7 @@ reg_stop(ErlDrvData clientData)
 }
 
 static void
-reg_from_erlang(ErlDrvData clientData, char* buf, int count)
+reg_from_erlang(ErlDrvData clientData, char* buf, ErlDrvSizeT count)
 {
     RegPort* rp = (RegPort *) clientData;
     int cmd;
@@ -301,7 +312,7 @@ reg_from_erlang(ErlDrvData clientData, char* buf, int count)
 		buf = (char *) &dword;
 		ASSERT(count == 4);
 	    }
-	    result = RegSetValueEx(rp->hkey, name, 0, type, buf, count);
+	    result = RegSetValueEx(rp->hkey, name, 0, type, buf, (DWORD)count);
 	    reply(rp, result);
 	}
 	break;
diff --git a/erts/emulator/drivers/win32/ttsl_drv.c b/erts/emulator/drivers/win32/ttsl_drv.c
index fd88dafd34..1a74d21e99 100644
--- a/erts/emulator/drivers/win32/ttsl_drv.c
+++ b/erts/emulator/drivers/win32/ttsl_drv.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 1996-2009. All Rights Reserved.
+ * Copyright Ericsson AB 1996-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -21,6 +21,9 @@
  * smart line for output.
  */
 
+#ifdef HAVE_CONFIG_H
+#  include "config.h"
+#endif
 #include "sys.h"
 #include <ctype.h>
 #include <stdlib.h>
@@ -80,8 +83,9 @@ int lpos;                       /* The current "cursor position" in the line buf
 static int ttysl_init(void);
 static ErlDrvData ttysl_start(ErlDrvPort, char*);
 static void ttysl_stop(ErlDrvData);
-static int ttysl_control(ErlDrvData, unsigned int, char *, int, char **, int);
-static void ttysl_from_erlang(ErlDrvData, char*, int);
+static ErlDrvSSizeT ttysl_control(ErlDrvData, unsigned int,
+				  char *, ErlDrvSizeT, char **, ErlDrvSizeT);
+static void ttysl_from_erlang(ErlDrvData, char*, ErlDrvSizeT);
 static void ttysl_from_tty(ErlDrvData, ErlDrvEvent);
 static Sint16 get_sint16(char *s);
 
@@ -117,7 +121,19 @@ struct erl_drv_entry ttsl_driver_entry = {
     NULL,
     NULL,
     ttysl_control,
-    NULL
+    NULL, /* timeout */
+    NULL, /* outputv */
+    NULL, /* ready_async */
+    NULL, /* flush */
+    NULL, /* call */
+    NULL, /* event */
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL,
 };
 
 static int utf8_mode = 0;
@@ -151,13 +167,13 @@ static void ttysl_get_window_size(Uint32 *width, Uint32 *height)
 }
     
 
-static int ttysl_control(ErlDrvData drv_data,
+static ErlDrvSSizeT ttysl_control(ErlDrvData drv_data,
 			 unsigned int command,
-			 char *buf, int len,
-			 char **rbuf, int rlen)
+			 char *buf, ErlDrvSizeT len,
+			 char **rbuf, ErlDrvSizeT rlen)
 {
     char resbuff[2*sizeof(Uint32)];
-    int res_size;
+    ErlDrvSizeT res_size;
     switch (command) {
     case CTRL_OP_GET_WINSIZE:
 	{
@@ -173,7 +189,7 @@ static int ttysl_control(ErlDrvData drv_data,
 	res_size = 1;
 	break;
     case CTRL_OP_SET_UNICODE_STATE:
-	if (len > 0) {
+	if (len != 0) {
 	    int m = (int) *buf;
 	    *resbuff = (utf8_mode) ? 1 : 0;
 	    res_size = 1;
@@ -435,14 +451,14 @@ static int check_buf_size(byte *s, int n)
 }
 
 
-static void ttysl_from_erlang(ErlDrvData ttysl_data, char* buf, int count)
+static void ttysl_from_erlang(ErlDrvData ttysl_data, char* buf, ErlDrvSizeT count)
 {
     if (lpos > MAXSIZE) 
 	put_chars((byte*)"\n", 1);
 
     switch (buf[0]) {
     case OP_PUTC:
-	DEBUGLOG(("OP: Putc(%d)",count-1));
+	DEBUGLOG(("OP: Putc(%I64u)",(unsigned long long)count-1));
 	if (check_buf_size((byte*)buf+1, count-1) == 0)
 	    return; 
 	put_chars((byte*)buf+1, count-1);
diff --git a/erts/emulator/drivers/win32/win_con.c b/erts/emulator/drivers/win32/win_con.c
index c788ad409d..6b45b92cbe 100644
--- a/erts/emulator/drivers/win32/win_con.c
+++ b/erts/emulator/drivers/win32/win_con.c
@@ -21,6 +21,9 @@
 #define _UNICODE 1
 #include <tchar.h>
 #include <stdio.h>
+#ifdef HAVE_CONFIG_H
+#  include "config.h"
+#endif
 #include "sys.h"
 #include <windowsx.h>
 #include "resource.h"
@@ -34,6 +37,23 @@
 #define REALLOC(X,Y) realloc(X,Y)
 #define FREE(X) free(X)
 
+#if SIZEOF_VOID_P == 8
+#define WIN64 1
+#ifndef GCL_HBRBACKGROUND
+#define GCL_HBRBACKGROUND GCLP_HBRBACKGROUND
+#endif
+#define DIALOG_PROC_RET INT_PTR
+#define CF_HOOK_RET INT_PTR
+#define CC_HOOK_RET INT_PTR
+#define OFN_HOOK_RET INT_PTR
+#else
+#define DIALOG_PROC_RET BOOL
+#define CF_HOOK_RET UINT
+#define CC_HOOK_RET UINT
+#define OFN_HOOK_RET UINT
+#endif
+
+
 #ifndef STATE_SYSTEM_INVISIBLE
 /* Mingw problem with oleacc.h and WIN32_LEAN_AND_MEAN */
 #define STATE_SYSTEM_INVISIBLE 0x00008000
@@ -150,7 +170,7 @@ static TCHAR *erlang_window_title = TEXT("Erlang");
 static unsigned __stdcall ConThreadInit(LPVOID param);
 static LRESULT CALLBACK ClientWndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam);
 static LRESULT CALLBACK FrameWndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam);
-static BOOL CALLBACK AboutDlgProc(HWND hDlg, UINT iMsg, WPARAM wParam, LPARAM lParam);
+static DIALOG_PROC_RET CALLBACK AboutDlgProc(HWND hDlg, UINT iMsg, WPARAM wParam, LPARAM lParam);
 static ScreenLine_t *ConNewLine(void);
 static void DeleteTopLine(void);
 static void ensure_line_below(void);
@@ -1608,7 +1628,7 @@ OnEditSelAll(HWND hwnd)
     InvalidateRect(hwnd, NULL, TRUE);
 }
 
-UINT APIENTRY CFHookProc(HWND hDlg,UINT iMsg,WPARAM wParam,LPARAM lParam)
+CF_HOOK_RET APIENTRY CFHookProc(HWND hDlg,UINT iMsg,WPARAM wParam,LPARAM lParam)
 {
     /* Hook procedure for font dialog box */
     HWND hOwner;
@@ -1626,11 +1646,11 @@ UINT APIENTRY CFHookProc(HWND hDlg,UINT iMsg,WPARAM wParam,LPARAM lParam)
         OffsetRect(&rc, -rcDlg.right, -rcDlg.bottom); 
         SetWindowPos(hDlg,HWND_TOP,rcOwner.left + (rc.right / 2), 
 		     rcOwner.top + (rc.bottom / 2),0,0,SWP_NOSIZE); 
-        return 1;
+        return (CF_HOOK_RET) 1;
     default:
         break;
     }
-    return 0;			/* Let the default procedure process the message */
+    return (CF_HOOK_RET) 0; /* Let the default procedure process the message */
 }
 
 static BOOL
@@ -1705,7 +1725,7 @@ ConSetFont(HWND hwnd)
     InvalidateRect(hwnd, NULL, TRUE);
 }
 
-UINT APIENTRY
+CC_HOOK_RET APIENTRY
 CCHookProc(HWND hDlg,UINT iMsg,WPARAM wParam,LPARAM lParam)
 {
     /* Hook procedure for choose color dialog box */
@@ -1724,11 +1744,11 @@ CCHookProc(HWND hDlg,UINT iMsg,WPARAM wParam,LPARAM lParam)
         OffsetRect(&rc, -rcDlg.right, -rcDlg.bottom); 
         SetWindowPos(hDlg,HWND_TOP,rcOwner.left + (rc.right / 2), 
 		     rcOwner.top + (rc.bottom / 2),0,0,SWP_NOSIZE); 
-        return 1;
+        return (CC_HOOK_RET) 1;
     default:
         break;
     }
-    return 0;			/* Let the default procedure process the message */
+    return (CC_HOOK_RET) 0;			/* Let the default procedure process the message */
 }
 
 void ConChooseColor(HWND hwnd)
@@ -1758,7 +1778,8 @@ void ConChooseColor(HWND hwnd)
     }    
 }
 
-UINT APIENTRY OFNHookProc(HWND hwndDlg,UINT iMsg,WPARAM wParam,LPARAM lParam)
+OFN_HOOK_RET APIENTRY OFNHookProc(HWND hwndDlg,UINT iMsg,
+				  WPARAM wParam,LPARAM lParam)
 {
     /* Hook procedure for open file dialog box */
     HWND hOwner,hDlg;
@@ -1777,11 +1798,11 @@ UINT APIENTRY OFNHookProc(HWND hwndDlg,UINT iMsg,WPARAM wParam,LPARAM lParam)
         OffsetRect(&rc, -rcDlg.right, -rcDlg.bottom); 
         SetWindowPos(hDlg,HWND_TOP,rcOwner.left + (rc.right / 2), 
 		     rcOwner.top + (rc.bottom / 2),0,0,SWP_NOSIZE); 
-        return 1;
+        return (OFN_HOOK_RET) 1;
     default:
         break;
     }
-    return 0;			/* the let default procedure process the message */
+    return (OFN_HOOK_RET) 0; /* the let default procedure process the message */
 }
 
 static void
@@ -1933,7 +1954,7 @@ write_outbuf(TCHAR *data, int num_chars)
     return num_chars;
 }
 
-BOOL CALLBACK AboutDlgProc(HWND hDlg, UINT iMsg, WPARAM wParam, LPARAM lParam)
+DIALOG_PROC_RET CALLBACK AboutDlgProc(HWND hDlg, UINT iMsg, WPARAM wParam, LPARAM lParam)
 {
     HWND hOwner;
     RECT rc,rcOwner,rcDlg;
@@ -1953,17 +1974,17 @@ BOOL CALLBACK AboutDlgProc(HWND hDlg, UINT iMsg, WPARAM wParam, LPARAM lParam)
 		     rcOwner.top + (rc.bottom / 2),0,0,SWP_NOSIZE); 
         SetDlgItemText(hDlg, ID_VERSIONSTRING,
 		       TEXT("Erlang emulator version ") TEXT(ERLANG_VERSION)); 
-        return TRUE;
+        return (DIALOG_PROC_RET) TRUE;
     case WM_COMMAND:
         switch (LOWORD(wParam)) {
         case IDOK:
         case IDCANCEL:
             EndDialog(hDlg,0);
-            return TRUE;
+            return (DIALOG_PROC_RET) TRUE;
         }
         break;
     }
-    return FALSE;
+    return (DIALOG_PROC_RET) FALSE;
 }
 
 static void
@@ -2117,7 +2138,7 @@ AddToCmdHistory(void)
     }
 }
 
-static TBBUTTON tbb[] =
+/*static TBBUTTON tbb[] =
 {
     0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP,    0, 0, 0, 0,
     0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP,    0, 0, 0, 0,
@@ -2149,6 +2170,39 @@ static TBBUTTON tbb[] =
     2,	        IDMENU_FONT,	TBSTATE_ENABLED, TBSTYLE_AUTOSIZE, 0, 0, 0, 0,
     3,	        IDMENU_ABOUT,	TBSTATE_ENABLED, TBSTYLE_AUTOSIZE, 0, 0, 0, 0,
     0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP,    0, 0, 0, 0,
+    };*/
+static TBBUTTON tbb[] =
+{
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP},
+  {0,          IDMENU_COPY,    TBSTATE_ENABLED, TBSTYLE_AUTOSIZE},
+  {1,	       IDMENU_PASTE,   TBSTATE_ENABLED, TBSTYLE_AUTOSIZE},
+  {2,	       IDMENU_FONT,    TBSTATE_ENABLED, TBSTYLE_AUTOSIZE},
+  {3,	       IDMENU_ABOUT,   TBSTATE_ENABLED, TBSTYLE_AUTOSIZE},
+  {0,          0,              TBSTATE_ENABLED, TBSTYLE_SEP} 
 };
 
 static TBADDBITMAP tbbitmap =
@@ -2156,6 +2210,17 @@ static TBADDBITMAP tbbitmap =
     HINST_COMMCTRL, IDB_STD_SMALL_COLOR,
 };
 
+#ifdef HARDDEBUG
+/* For really hard GUI startup debugging, place DEBUGBOX() macros in code
+   and get modal message boxes with the line number. */
+static void debug_box(int line) {
+  TCHAR buff[1024];
+  swprintf(buff,1024,TEXT("DBG:%d"),line);
+  MessageBox(NULL,buff,TEXT("DBG"),MB_OK|MB_APPLMODAL);
+}
+
+#define DEBUGBOX() debug_box(__LINE__)  
+#endif
 
 static HWND
 InitToolBar(HWND hwndParent) 
@@ -2169,7 +2234,6 @@ InitToolBar(HWND hwndParent)
     COLORMAP colorMap;
     colorMap.from = RGB(192, 192, 192);
     colorMap.to = backgroundColor;
-
     /* Create toolbar window with tooltips */
     hwndTB = CreateWindowEx(0,TOOLBARCLASSNAME,(TCHAR *)NULL,
 			    WS_CHILD|CCS_TOP|WS_CLIPSIBLINGS|TBSTYLE_TOOLTIPS,
@@ -2180,9 +2244,10 @@ InitToolBar(HWND hwndParent)
     tbbitmap.hInst = NULL;
     tbbitmap.nID   = (UINT) CreateMappedBitmap(beam_module, 1,0, &colorMap, 1);
     SendMessage(hwndTB, TB_ADDBITMAP, (WPARAM) 4, 
-		(WPARAM) &tbbitmap); 
+		(LPARAM) &tbbitmap); 
+
     SendMessage(hwndTB,TB_ADDBUTTONS, (WPARAM) 30,
-		(LPARAM) (LPTBBUTTON) tbb); 
+		(LPARAM) tbb); 
     if (toolbarVisible)
 	ShowWindow(hwndTB, SW_SHOW); 
 
diff --git a/erts/emulator/drivers/win32/win_efile.c b/erts/emulator/drivers/win32/win_efile.c
index 931bb196f1..606fa1d7de 100644
--- a/erts/emulator/drivers/win32/win_efile.c
+++ b/erts/emulator/drivers/win32/win_efile.c
@@ -21,6 +21,9 @@
  */
 
 #include <windows.h>
+#ifdef HAVE_CONFIG_H
+#  include "config.h"
+#endif
 #include "sys.h"
 #include <ctype.h>
 #include <wchar.h>
@@ -42,6 +45,26 @@
 #define INVALID_FILE_ATTRIBUTES ((DWORD) 0xFFFFFFFF)
 #endif
 
+#define TICKS_PER_SECOND (10000000ULL)
+#define EPOCH_DIFFERENCE (11644473600LL)
+
+#define FILETIME_TO_EPOCH(epoch, ft) \
+    do { \
+	ULARGE_INTEGER ull; \
+	ull.LowPart  = (ft).dwLowDateTime; \
+	ull.HighPart = (ft).dwHighDateTime; \
+	(epoch) = ((ull.QuadPart / TICKS_PER_SECOND) - EPOCH_DIFFERENCE); \
+    } while(0)
+
+#define EPOCH_TO_FILETIME(ft, epoch) \
+    do { \
+	ULARGE_INTEGER ull; \
+	ull.QuadPart = (((epoch) + EPOCH_DIFFERENCE) * TICKS_PER_SECOND); \
+	(ft).dwLowDateTime = ull.LowPart; \
+	(ft).dwHighDateTime = ull.HighPart; \
+    } while(0)
+
+
 static int check_error(int result, Efile_error* errInfo);
 static int set_error(Efile_error* errInfo);
 static int is_root_unc_name(const WCHAR *path);
@@ -861,14 +884,7 @@ efile_fileinfo(Efile_error* errInfo, Efile_info* pInfo,
         findbuf.cFileName[0] = L'\0';
 
 	pInfo->links = 1;
-	pInfo->modifyTime.year = 1980;
-	pInfo->modifyTime.month = 1;
-	pInfo->modifyTime.day = 1;
-	pInfo->modifyTime.hour = 0;
-	pInfo->modifyTime.minute = 0;
-	pInfo->modifyTime.second = 0;
-
-	pInfo->accessTime = pInfo->modifyTime;
+	pInfo->cTime = pInfo->accessTime = pInfo->modifyTime = 0;
     } else {
 	SYSTEMTIME SystemTime;
         FILETIME LocalFTime;
@@ -902,34 +918,21 @@ efile_fileinfo(Efile_error* errInfo, Efile_info* pInfo,
 	    }	
 	}
 
-#define GET_TIME(dst, src) \
-if (!FileTimeToLocalFileTime(&findbuf.src, &LocalFTime) || \
-    !FileTimeToSystemTime(&LocalFTime, &SystemTime)) { \
-    return set_error(errInfo); \
-} \
-(dst).year = SystemTime.wYear; \
-(dst).month = SystemTime.wMonth; \
-(dst).day = SystemTime.wDay; \
-(dst).hour = SystemTime.wHour; \
-(dst).minute = SystemTime.wMinute; \
-(dst).second = SystemTime.wSecond;
-
-        GET_TIME(pInfo->modifyTime, ftLastWriteTime);
+        FILETIME_TO_EPOCH(pInfo->modifyTime, findbuf.ftLastWriteTime);
 
         if (findbuf.ftLastAccessTime.dwLowDateTime == 0 &&
 	    findbuf.ftLastAccessTime.dwHighDateTime == 0) {
 	    pInfo->accessTime = pInfo->modifyTime;
 	} else {
-	    GET_TIME(pInfo->accessTime, ftLastAccessTime);
+	    FILETIME_TO_EPOCH(pInfo->accessTime, findbuf.ftLastAccessTime);
 	}
 
         if (findbuf.ftCreationTime.dwLowDateTime == 0 &&
 	    findbuf.ftCreationTime.dwHighDateTime == 0) {
 	    pInfo->cTime = pInfo->modifyTime;
 	} else {
-	    GET_TIME(pInfo->cTime, ftCreationTime);
+	    FILETIME_TO_EPOCH(pInfo->cTime ,findbuf.ftCreationTime);
 	}
-#undef GET_TIME
         FindClose(findhandle);
     }
 
@@ -965,17 +968,12 @@ efile_write_info(Efile_error* errInfo,
 		 char* name)
 {
     SYSTEMTIME timebuf;
-    FILETIME LocalFileTime;
     FILETIME ModifyFileTime;
     FILETIME AccessFileTime;
     FILETIME CreationFileTime;
     HANDLE fd;
-    FILETIME* mtime = NULL;
-    FILETIME* atime = NULL;
-    FILETIME* ctime = NULL;
     DWORD attr;
     DWORD tempAttr;
-    BOOL modifyTime = FALSE;
     WCHAR *wname = (WCHAR *) name;
 
     /*
@@ -1000,57 +998,36 @@ efile_write_info(Efile_error* errInfo,
      * Construct all file times.
      */
 
-#define MKTIME(tb, ts, ptr) \
-    timebuf.wYear = ts.year; \
-    timebuf.wMonth = ts.month; \
-    timebuf.wDay = ts.day; \
-    timebuf.wHour = ts.hour; \
-    timebuf.wMinute = ts.minute; \
-    timebuf.wSecond = ts.second; \
-    timebuf.wMilliseconds = 0; \
-    if (ts.year != -1) { \
-      modifyTime = TRUE; \
-      ptr = &tb; \
-      if (!SystemTimeToFileTime(&timebuf, &LocalFileTime ) || \
-	!LocalFileTimeToFileTime(&LocalFileTime, &tb)) { \
-        errno = EINVAL; \
-	return check_error(-1, errInfo); \
-     } \
-    }
-
-    MKTIME(ModifyFileTime, pInfo->modifyTime, mtime);
-    MKTIME(AccessFileTime, pInfo->accessTime, atime);
-    MKTIME(CreationFileTime, pInfo->cTime, ctime);
-#undef MKTIME
+    EPOCH_TO_FILETIME(ModifyFileTime,   pInfo->modifyTime);
+    EPOCH_TO_FILETIME(AccessFileTime,   pInfo->accessTime);
+    EPOCH_TO_FILETIME(CreationFileTime, pInfo->cTime);
 
     /*
      * If necessary, set the file times.
      */
 
-    if (modifyTime) {
-	/*
-	 * If the has read only access, we must temporarily turn on
-	 * write access (this is necessary for native filesystems,
-	 * but not for NFS filesystems).
-	 */
+    /*
+     * If the has read only access, we must temporarily turn on
+     * write access (this is necessary for native filesystems,
+     * but not for NFS filesystems).
+     */
 
-	if (tempAttr & FILE_ATTRIBUTE_READONLY) {
-	    tempAttr &= ~FILE_ATTRIBUTE_READONLY;
-	    if (!SetFileAttributesW(wname, tempAttr)) {
-		return set_error(errInfo);
-	    }
+    if (tempAttr & FILE_ATTRIBUTE_READONLY) {
+	tempAttr &= ~FILE_ATTRIBUTE_READONLY;
+	if (!SetFileAttributesW(wname, tempAttr)) {
+	    return set_error(errInfo);
 	}
+    }
 
-	fd = CreateFileW(wname, GENERIC_READ|GENERIC_WRITE,
-			FILE_SHARE_READ | FILE_SHARE_WRITE,
-			NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
-	if (fd != INVALID_HANDLE_VALUE) {
-	    BOOL result = SetFileTime(fd, ctime, atime, mtime);
-	    if (!result) {
-		return set_error(errInfo);
-	    }
-	    CloseHandle(fd);
+    fd = CreateFileW(wname, GENERIC_READ|GENERIC_WRITE,
+	    FILE_SHARE_READ | FILE_SHARE_WRITE,
+	    NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
+    if (fd != INVALID_HANDLE_VALUE) {
+	BOOL result = SetFileTime(fd, &CreationFileTime, &AccessFileTime, &ModifyFileTime);
+	if (!result) {
+	    return set_error(errInfo);
 	}
+	CloseHandle(fd);
     }
 
     /*
@@ -1138,8 +1115,7 @@ efile_writev(Efile_error* errInfo,   /* Where to return error codes */
 	     SysIOVec* iov,          /* Vector of buffer structs.
 				      * The structs are unchanged 
 				      * after the call */
-	     int iovcnt,             /* Number of structs in vector */
-	     size_t size)            /* Number of bytes to write */
+	     int iovcnt)             /* Number of structs in vector */
 {
     int cnt;                         /* Buffers so far written */
     OVERLAPPED overlapped;
diff --git a/erts/emulator/hipe/hipe_arm.c b/erts/emulator/hipe/hipe_arm.c
index d52f429a9b..e20a8a7969 100644
--- a/erts/emulator/hipe/hipe_arm.c
+++ b/erts/emulator/hipe/hipe_arm.c
@@ -71,7 +71,7 @@ static struct segment {
 } curseg;
 
 #define in_area(ptr,start,nbytes)	\
-	((unsigned long)((char*)(ptr) - (char*)(start)) < (nbytes))
+	((UWord)((char*)(ptr) - (char*)(start)) < (nbytes))
 
 static void *new_code_mapping(void)
 {
diff --git a/erts/emulator/hipe/hipe_bif0.c b/erts/emulator/hipe/hipe_bif0.c
index cec22b3836..28e4382835 100644
--- a/erts/emulator/hipe/hipe_bif0.c
+++ b/erts/emulator/hipe/hipe_bif0.c
@@ -174,8 +174,13 @@ static inline unsigned char *bytearray_lvalue(Eterm bin, Eterm idx)
 {
     Sint i;
     unsigned char *bytes;
+#ifndef DEBUG
+    ERTS_DECLARE_DUMMY(Uint bitoffs);
+    ERTS_DECLARE_DUMMY(Uint bitsize);
+#else
     Uint bitoffs;
     Uint bitsize;
+#endif
 
     if (is_not_binary(bin) ||
 	is_not_small(idx) ||
@@ -235,9 +240,15 @@ BIF_RETTYPE hipe_bifs_bitarray_2(BIF_ALIST_2)
 BIF_RETTYPE hipe_bifs_bitarray_update_3(BIF_ALIST_3)
 {
     unsigned char *bytes, bytemask;
-    Uint bitoffs, bitsize;
     Uint bitnr, bytenr;
     int set;
+#ifndef DEBUG
+    ERTS_DECLARE_DUMMY(Uint bitoffs);
+    ERTS_DECLARE_DUMMY(Uint bitsize);
+#else
+    Uint bitoffs;
+    Uint bitsize;
+#endif
 
     if (is_not_binary(BIF_ARG_1))
 	BIF_ERROR(BIF_P, BADARG);
@@ -267,8 +278,15 @@ BIF_RETTYPE hipe_bifs_bitarray_update_3(BIF_ALIST_3)
 BIF_RETTYPE hipe_bifs_bitarray_sub_2(BIF_ALIST_2)
 {
     unsigned char *bytes, bytemask;
-    Uint bitoffs, bitsize;
     Uint bitnr, bytenr;
+#ifndef DEBUG
+    ERTS_DECLARE_DUMMY(Uint bitoffs);
+    ERTS_DECLARE_DUMMY(Uint bitsize);
+#else
+    Uint bitoffs;
+    Uint bitsize;
+#endif
+
 
     if (is_not_binary(BIF_ARG_1))
 	BIF_ERROR(BIF_P, BADARG);
@@ -397,10 +415,15 @@ BIF_RETTYPE hipe_bifs_enter_code_2(BIF_ALIST_2)
     Uint nrbytes;
     void *bytes;
     void *address;
-    Uint bitoffs;
-    Uint bitsize;
     Eterm trampolines;
     Eterm *hp;
+#ifndef DEBUG
+    ERTS_DECLARE_DUMMY(Uint bitoffs);
+    ERTS_DECLARE_DUMMY(Uint bitsize);
+#else
+    Uint bitoffs;
+    Uint bitsize;
+#endif
 
     if (is_not_binary(BIF_ARG_1))
 	BIF_ERROR(BIF_P, BADARG);
diff --git a/erts/emulator/hipe/hipe_gc.c b/erts/emulator/hipe/hipe_gc.c
index 0199dea99e..e0575c35ff 100644
--- a/erts/emulator/hipe/hipe_gc.c
+++ b/erts/emulator/hipe/hipe_gc.c
@@ -46,9 +46,14 @@ Eterm *fullsweep_nstack(Process *p, Eterm *n_htop)
     char *src, *oh;
     Uint src_size, oh_size;
 
+    if (!p->hipe.nstack) {
+	ASSERT(!p->hipe.nsp && !p->hipe.nstend);
+	return n_htop;
+    }
     if (!nstack_walk_init_check(p))
 	return n_htop;
 
+    ASSERT(p->hipe.nsp && p->hipe.nstend);
     nsp = nstack_walk_nsp_begin(p);
     nsp_end = p->hipe.nstgraylim;
     if (nsp_end)
@@ -136,9 +141,14 @@ void gensweep_nstack(Process *p, Eterm **ptr_old_htop, Eterm **ptr_n_htop)
     char *heap;
     Uint heap_size, mature_size;
 
+    if (!p->hipe.nstack) {
+	ASSERT(!p->hipe.nsp && !p->hipe.nstend);
+	return;
+    }
     if (!nstack_walk_init_check(p))
 	return;
 
+    ASSERT(p->hipe.nsp && p->hipe.nstend);
     nsp = nstack_walk_nsp_begin(p);
     nsp_end = p->hipe.nstgraylim;
     if (nsp_end) {
diff --git a/erts/emulator/hipe/hipe_mode_switch.c b/erts/emulator/hipe/hipe_mode_switch.c
index 4d75883fc5..6a3ce5608f 100644
--- a/erts/emulator/hipe/hipe_mode_switch.c
+++ b/erts/emulator/hipe/hipe_mode_switch.c
@@ -337,14 +337,22 @@ Process *hipe_mode_switch(Process *p, unsigned cmd, Eterm reg[])
 	   * stack: to this end hipe_${ARCH}_glue.S stores the BIF's
 	   * arity in p->hipe.narity.
 	   *
-	   * If the BIF emptied the stack (typically hibernate), p->hipe.nsp is
-	   * NULL and there is no need to get rid of stacked parameters.
+	   * If the BIF emptied the stack (typically hibernate), p->hipe.nstack
+	   * is NULL and there is no need to get rid of stacked parameters.
 	   */
 	  unsigned int i, is_recursive = 0;
 
-          if (p->hipe.nsp != NULL) {
+          if (p->hipe.nstack != NULL) {
+	      ASSERT(p->hipe.nsp != NULL);
 	      is_recursive = hipe_trap_from_native_is_recursive(p);
           }
+	  else {
+	      /* Some architectures (risc) need this re-reset of nsp as the
+	       * BIF wrapper do not detect stack change and causes an obsolete
+	       * stack pointer to be saved in p->hipe.nsp before return to us.
+	       */
+	      p->hipe.nsp = NULL;
+	  }
 
 	  /* Schedule next process if current process was hibernated or is waiting
 	     for messages */
diff --git a/erts/emulator/hipe/hipe_mode_switch.h b/erts/emulator/hipe/hipe_mode_switch.h
index dbc2386e14..a3e908a3b3 100644
--- a/erts/emulator/hipe/hipe_mode_switch.h
+++ b/erts/emulator/hipe/hipe_mode_switch.h
@@ -49,7 +49,7 @@
 
 #include "error.h"
 
-int hipe_modeswitch_debug;
+extern int hipe_modeswitch_debug;
 
 void hipe_mode_switch_init(void);
 void hipe_set_call_trap(Uint *bfun, void *nfun, int is_closure);
diff --git a/erts/emulator/hipe/hipe_ppc.c b/erts/emulator/hipe/hipe_ppc.c
index bc25061a16..2d8fd61e1e 100644
--- a/erts/emulator/hipe/hipe_ppc.c
+++ b/erts/emulator/hipe/hipe_ppc.c
@@ -80,7 +80,7 @@ static struct segment {
 } curseg;
 
 #define in_area(ptr,start,nbytes)	\
-	((unsigned long)((char*)(ptr) - (char*)(start)) < (nbytes))
+	((UWord)((char*)(ptr) - (char*)(start)) < (nbytes))
 
 /* Darwin breakage */
 #if !defined(MAP_ANONYMOUS) && defined(MAP_ANON)
diff --git a/erts/emulator/pcre/pcre.mk b/erts/emulator/pcre/pcre.mk
index b752c11459..352137b341 100644
--- a/erts/emulator/pcre/pcre.mk
+++ b/erts/emulator/pcre/pcre.mk
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2011. All Rights Reserved.
+# Copyright Ericsson AB 2012. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -17,8 +17,6 @@
 # %CopyrightEnd%
 #
 
-ARFLAGS = rc
-
 PCRE_O = \
 pcre_latin_1_table.o \
 pcre_compile.o \
@@ -43,7 +41,7 @@ pcre_xclass.o
 
 PCRE_OBJS = $(PCRE_O:%=$(PCRE_OBJDIR)/%)
 
-GENINC = pcre/pcre_exec_loop_break_cases.inc
+PCRE_GENINC = $(ERL_TOP)/erts/emulator/pcre/pcre_exec_loop_break_cases.inc
 
 PCRE_OBJDIR = $(ERL_TOP)/erts/emulator/pcre/obj/$(TARGET)/$(TYPE)
 
@@ -61,12 +59,12 @@ endif
 $(PCRE_OBJDIR)/%.o: pcre/%.c
 	$(CC) -c $(PCRE_CFLAGS) -o $@ $<
 
-$(GENINC): pcre/pcre_exec.c
+$(PCRE_GENINC): pcre/pcre_exec.c
 	for x in `grep -n COST_CHK pcre/pcre_exec.c | grep -v 'COST_CHK(N)' | awk -F: '{print $$1}'`; \
 	do \
 		N=`expr $$x + 100`; \
 		echo "case $$N: goto L_LOOP_COUNT_$${x};"; \
-	done > $(GENINC)
+	done > $(PCRE_GENINC)
 
 # Dependencies.
 
@@ -79,7 +77,7 @@ $(PCRE_OBJDIR)/pcre_config.o: pcre/pcre_config.c pcre/pcre_internal.h \
 $(PCRE_OBJDIR)/pcre_dfa_exec.o: pcre/pcre_dfa_exec.c pcre/pcre_internal.h \
   pcre/local_config.h pcre/pcre.h pcre/ucp.h
 $(PCRE_OBJDIR)/pcre_exec.o: pcre/pcre_exec.c pcre/pcre_internal.h \
-  pcre/local_config.h pcre/pcre.h pcre/ucp.h $(GENINC)
+  pcre/local_config.h pcre/pcre.h pcre/ucp.h $(PCRE_GENINC)
 $(PCRE_OBJDIR)/pcre_fullinfo.o: pcre/pcre_fullinfo.c pcre/pcre_internal.h \
   pcre/local_config.h pcre/pcre.h pcre/ucp.h
 $(PCRE_OBJDIR)/pcre_get.o: pcre/pcre_get.c pcre/pcre_internal.h \
diff --git a/erts/emulator/sys/common/erl_check_io.c b/erts/emulator/sys/common/erl_check_io.c
index ba88fd1d39..23a4bf1b04 100644
--- a/erts/emulator/sys/common/erl_check_io.c
+++ b/erts/emulator/sys/common/erl_check_io.c
@@ -314,7 +314,7 @@ forget_removed(struct pollset_info* psi)
 	erts_smp_mtx_unlock(mtx);
 	if (drv_ptr) {
 	    int was_unmasked = erts_block_fpe();
-	    (*drv_ptr->stop_select) (fd, NULL);
+	    (*drv_ptr->stop_select) ((ErlDrvEvent) fd, NULL);
 	    erts_unblock_fpe(was_unmasked);
 	    if (drv_ptr->handle) {
 		erts_ddll_dereference_driver(drv_ptr->handle);
@@ -1134,7 +1134,8 @@ ERTS_CIO_EXPORT(erts_check_io_interrupt)(int set)
 }
 
 void
-ERTS_CIO_EXPORT(erts_check_io_interrupt_timed)(int set, long msec)
+ERTS_CIO_EXPORT(erts_check_io_interrupt_timed)(int set,
+					       erts_short_time_t msec)
 {
     ERTS_CIO_POLL_INTR_TMD(pollset.ps, set, msec);
 }
diff --git a/erts/emulator/sys/common/erl_check_io.h b/erts/emulator/sys/common/erl_check_io.h
index 7cc1658062..edab7947ba 100644
--- a/erts/emulator/sys/common/erl_check_io.h
+++ b/erts/emulator/sys/common/erl_check_io.h
@@ -46,8 +46,8 @@ void erts_check_io_async_sig_interrupt_nkp(void);
 #endif
 void erts_check_io_interrupt_kp(int);
 void erts_check_io_interrupt_nkp(int);
-void erts_check_io_interrupt_timed_kp(int, long);
-void erts_check_io_interrupt_timed_nkp(int, long);
+void erts_check_io_interrupt_timed_kp(int, erts_short_time_t);
+void erts_check_io_interrupt_timed_nkp(int, erts_short_time_t);
 void erts_check_io_kp(int);
 void erts_check_io_nkp(int);
 void erts_init_check_io_kp(void);
@@ -64,7 +64,7 @@ int erts_check_io_max_files(void);
 void erts_check_io_async_sig_interrupt(void);
 #endif
 void erts_check_io_interrupt(int);
-void erts_check_io_interrupt_timed(int, long);
+void erts_check_io_interrupt_timed(int, erts_short_time_t);
 void erts_check_io(int);
 void erts_init_check_io(void);
 
diff --git a/erts/emulator/sys/common/erl_poll.c b/erts/emulator/sys/common/erl_poll.c
index 80db2055a2..3817b1e4d5 100644
--- a/erts/emulator/sys/common/erl_poll.c
+++ b/erts/emulator/sys/common/erl_poll.c
@@ -1949,7 +1949,7 @@ check_fd_events(ErtsPollSet ps, SysTimeval *tv, int max_res)
 	     */
 	    struct dvpoll poll_res;
 	    int nfds = (int) erts_smp_atomic_read_nob(&ps->no_of_user_fds);
-#ifdef ERTS_SMP
+#if ERTS_POLL_USE_WAKEUP_PIPE
 	    nfds++; /* Wakeup pipe */
 #endif
 	    if (timeout > INT_MAX)
@@ -2171,7 +2171,7 @@ ERTS_POLL_EXPORT(erts_poll_async_sig_interrupt)(ErtsPollSet ps)
 void
 ERTS_POLL_EXPORT(erts_poll_interrupt_timed)(ErtsPollSet ps,
 					    int set,
-					    long msec)
+					    erts_short_time_t msec)
 {
 #if ERTS_POLL_ASYNC_INTERRUPT_SUPPORT || defined(ERTS_SMP)
     if (!set)
@@ -2487,7 +2487,7 @@ ERTS_POLL_EXPORT(erts_poll_info)(ErtsPollSet ps, ErtsPollInfo *pip)
     pip->memory_size = size;
 
     pip->poll_set_size = (int) erts_smp_atomic_read_nob(&ps->no_of_user_fds);
-#ifdef ERTS_SMP
+#if ERTS_POLL_USE_WAKEUP_PIPE
     pip->poll_set_size++; /* Wakeup pipe */
 #endif
 
diff --git a/erts/emulator/sys/common/erl_poll.h b/erts/emulator/sys/common/erl_poll.h
index e0296c6a33..8dde619105 100644
--- a/erts/emulator/sys/common/erl_poll.h
+++ b/erts/emulator/sys/common/erl_poll.h
@@ -223,7 +223,7 @@ void		ERTS_POLL_EXPORT(erts_poll_interrupt)(ErtsPollSet,
 						      int);
 void		ERTS_POLL_EXPORT(erts_poll_interrupt_timed)(ErtsPollSet,
 							    int,
-							    long);
+							    erts_short_time_t);
 ErtsPollEvents	ERTS_POLL_EXPORT(erts_poll_control)(ErtsPollSet,
 						    ErtsSysFdType,
 						    ErtsPollEvents,
diff --git a/erts/emulator/sys/unix/erl_unix_sys.h b/erts/emulator/sys/unix/erl_unix_sys.h
index 9a5ed9f5bc..c8fcec8547 100644
--- a/erts/emulator/sys/unix/erl_unix_sys.h
+++ b/erts/emulator/sys/unix/erl_unix_sys.h
@@ -146,6 +146,7 @@ typedef void *GETENV_STATE;
 /*
 ** For the erl_timer_sup module.
 */
+typedef time_t erts_time_t;
 
 typedef struct timeval SysTimeval;
 
diff --git a/erts/emulator/sys/unix/sys.c b/erts/emulator/sys/unix/sys.c
index c6b63350e5..f94e0f2296 100644
--- a/erts/emulator/sys/unix/sys.c
+++ b/erts/emulator/sys/unix/sys.c
@@ -265,7 +265,7 @@ struct {
     int (*event)(ErlDrvPort, ErlDrvEvent, ErlDrvEventData);
     void (*check_io_as_interrupt)(void);
     void (*check_io_interrupt)(int);
-    void (*check_io_interrupt_tmd)(int, long);
+    void (*check_io_interrupt_tmd)(int, erts_short_time_t);
     void (*check_io)(int);
     Uint (*size)(void);
     Eterm (*info)(void *);
@@ -371,7 +371,7 @@ erts_sys_schedule_interrupt(int set)
 
 #ifdef ERTS_SMP
 void
-erts_sys_schedule_interrupt_timed(int set, long msec)
+erts_sys_schedule_interrupt_timed(int set, erts_short_time_t msec)
 {
     ERTS_CHK_IO_INTR_TMD(set, msec);
 }
@@ -1033,14 +1033,15 @@ static struct driver_data {
 /* Driver interfaces */
 static ErlDrvData spawn_start(ErlDrvPort, char*, SysDriverOpts*);
 static ErlDrvData fd_start(ErlDrvPort, char*, SysDriverOpts*);
-static int fd_control(ErlDrvData, unsigned int, char *, int, char **, int);
+static ErlDrvSSizeT fd_control(ErlDrvData, unsigned int, char *, ErlDrvSizeT,
+			       char **, ErlDrvSizeT);
 static ErlDrvData vanilla_start(ErlDrvPort, char*, SysDriverOpts*);
 static int spawn_init(void);
 static void fd_stop(ErlDrvData);
 static void stop(ErlDrvData);
 static void ready_input(ErlDrvData, ErlDrvEvent);
 static void ready_output(ErlDrvData, ErlDrvEvent);
-static void output(ErlDrvData, char*, int);
+static void output(ErlDrvData, char*, ErlDrvSizeT);
 static void outputv(ErlDrvData, ErlIOVec*);
 static void stop_select(ErlDrvEvent, void*);
 
@@ -1726,10 +1727,10 @@ static int fd_get_window_size(int fd, Uint32 *width, Uint32 *height)
     return -1;
 }
 
-static int fd_control(ErlDrvData drv_data,
-		      unsigned int command,
-		      char *buf, int len,
-		      char **rbuf, int rlen)
+static ErlDrvSSizeT fd_control(ErlDrvData drv_data,
+			       unsigned int command,
+			       char *buf, ErlDrvSizeT len,
+			       char **rbuf, ErlDrvSizeT rlen)
 {
     int fd = (int)(long)drv_data;
     char resbuff[2*sizeof(Uint32)];
@@ -2001,18 +2002,20 @@ static void outputv(ErlDrvData e, ErlIOVec* ev)
     int ix = driver_data[fd].port_num;
     int pb = driver_data[fd].packet_bytes;
     int ofd = driver_data[fd].ofd;
-    int n;
-    int sz;
+    ssize_t n;
+    ErlDrvSizeT sz;
     char lb[4];
     char* lbp;
-    int len = ev->size;
+    ErlDrvSizeT len = ev->size;
 
     /* (len > ((unsigned long)-1 >> (4-pb)*8)) */
+    /*    if (pb >= 0 && (len & (((ErlDrvSizeT)1 << (pb*8))) - 1) != len) {*/
     if (((pb == 2) && (len > 0xffff)) || (pb == 1 && len > 0xff)) {
 	driver_failure_posix(ix, EINVAL);
 	return; /* -1; */
     }
-    put_int32(len, lb);
+    /* Handles 0 <= pb <= 4 only */
+    put_int32((Uint32) len, lb);
     lbp = lb + (4-pb);
 
     ev->iov[0].iov_base = lbp;
@@ -2043,14 +2046,14 @@ static void outputv(ErlDrvData e, ErlIOVec* ev)
 }
 
 
-static void output(ErlDrvData e, char* buf, int len)
+static void output(ErlDrvData e, char* buf, ErlDrvSizeT len)
 {
     int fd = (int)(long)e;
     int ix = driver_data[fd].port_num;
     int pb = driver_data[fd].packet_bytes;
     int ofd = driver_data[fd].ofd;
-    int n;
-    int sz;
+    ssize_t n;
+    ErlDrvSizeT sz;
     char lb[4];
     char* lbp;
     struct iovec iv[2];
diff --git a/erts/emulator/sys/vxworks/erl_vxworks_sys.h b/erts/emulator/sys/vxworks/erl_vxworks_sys.h
index ae46403600..3d53238ea6 100644
--- a/erts/emulator/sys/vxworks/erl_vxworks_sys.h
+++ b/erts/emulator/sys/vxworks/erl_vxworks_sys.h
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 1997-2009. All Rights Reserved.
+ * Copyright Ericsson AB 1997-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -158,6 +158,7 @@ typedef struct _vxworks_tms {
 
 typedef long long SysHrTime;
 
+typedef time_t erts_time_t;
 typedef struct timeval SysTimeval;
 
 extern int sys_init_hrtime(void);
diff --git a/erts/emulator/sys/vxworks/sys.c b/erts/emulator/sys/vxworks/sys.c
index d6d1fe64e0..739b026fb1 100644
--- a/erts/emulator/sys/vxworks/sys.c
+++ b/erts/emulator/sys/vxworks/sys.c
@@ -565,7 +565,7 @@ static void fd_stop(ErlDrvData);
 static void stop(ErlDrvData);
 static void ready_input(ErlDrvData fd, ErlDrvEvent ready_fd);
 static void ready_output(ErlDrvData fd, ErlDrvEvent ready_fd);
-static void output(ErlDrvData fd, char *buf, int len);
+static void output(ErlDrvData fd, char *buf, ErlDrvSizeT len);
 static void stop_select(ErlDrvEvent, void*);
 
 struct erl_drv_entry spawn_driver_entry = {
@@ -1187,7 +1187,7 @@ static int sched_write(int port_num,int fd, char *buf, int len, int pb)
 }
 
 /* Fd is the value returned as drv_data by the start func */
-static void output(ErlDrvData drv_data, char *buf, int len)
+static void output(ErlDrvData drv_data, char *buf, ErlDrvSizeT len)
 {
     int buf_done, port_num, wval, pb, ofd;
     byte lb[4];
diff --git a/erts/emulator/sys/win32/erl_poll.c b/erts/emulator/sys/win32/erl_poll.c
index ab4ef05118..7a1d129cd5 100644
--- a/erts/emulator/sys/win32/erl_poll.c
+++ b/erts/emulator/sys/win32/erl_poll.c
@@ -442,8 +442,8 @@ poll_wait_timeout(ErtsPollSet ps, SysTimeval *tvp)
     if (erts_atomic32_read_nob(&ps->wakeup_state) != ERTS_POLL_NOT_WOKEN)
 	return (DWORD) 0;
 
-    if (timeout > ERTS_AINT32_T_MAX) /* Also prevents DWORD overflow */
-	timeout = ERTS_AINT32_T_MAX;
+    if (timeout > ((time_t) ERTS_AINT32_T_MAX))
+	timeout = ERTS_AINT32_T_MAX; /* Also prevents DWORD overflow */
 
     erts_smp_atomic32_set_relb(&ps->timeout, (erts_aint32_t) timeout);
     return (DWORD) timeout;
@@ -1012,7 +1012,7 @@ void  erts_poll_interrupt(ErtsPollSet ps, int set /* bool */)
 
 void erts_poll_interrupt_timed(ErtsPollSet ps,
 			       int set /* bool */,
-			       long msec)
+			       erts_short_time_t msec)
 {
     HARDTRACEF(("In erts_poll_interrupt_timed(%d,%ld)",set,msec));
     if (!set)
diff --git a/erts/emulator/sys/win32/erl_win32_sys_ddll.c b/erts/emulator/sys/win32/erl_win32_sys_ddll.c
index a19f49af10..d00eed932b 100644
--- a/erts/emulator/sys/win32/erl_win32_sys_ddll.c
+++ b/erts/emulator/sys/win32/erl_win32_sys_ddll.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 2006-2009. All Rights Reserved.
+ * Copyright Ericsson AB 2006-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -25,6 +25,9 @@
 #include <windows.h>
 
 #define GET_ERTS_ALC_TEST
+#ifdef HAVE_CONFIG_H
+#  include "config.h"
+#endif
 #include "sys.h"
 #include "global.h"
 #include "erl_alloc.h"
diff --git a/erts/emulator/sys/win32/erl_win_dyn_driver.h b/erts/emulator/sys/win32/erl_win_dyn_driver.h
index ecb06868d5..ec5141838a 100644
--- a/erts/emulator/sys/win32/erl_win_dyn_driver.h
+++ b/erts/emulator/sys/win32/erl_win_dyn_driver.h
@@ -39,11 +39,11 @@ WDD_TYPEDEF(int, driver_exit, (ErlDrvPort, int));
 WDD_TYPEDEF(int, driver_failure_eof, (ErlDrvPort));
 WDD_TYPEDEF(int, driver_select, (ErlDrvPort, ErlDrvEvent, int, int));
 WDD_TYPEDEF(int, driver_event, (ErlDrvPort, ErlDrvEvent,ErlDrvEventData));
-WDD_TYPEDEF(int, driver_output, (ErlDrvPort, char *, int));
-WDD_TYPEDEF(int, driver_output2, (ErlDrvPort, char *, int,char *, int));
-WDD_TYPEDEF(int, driver_output_binary, (ErlDrvPort, char *, int,ErlDrvBinary*, int, int));
-WDD_TYPEDEF(int, driver_outputv, (ErlDrvPort, char*, int, ErlIOVec *,int));
-WDD_TYPEDEF(int, driver_vec_to_buf, (ErlIOVec *, char *, int));
+WDD_TYPEDEF(int, driver_output, (ErlDrvPort, char *, ErlDrvSizeT));
+WDD_TYPEDEF(int, driver_output2, (ErlDrvPort, char *, ErlDrvSizeT ,char *, ErlDrvSizeT));
+WDD_TYPEDEF(int, driver_output_binary, (ErlDrvPort, char *, ErlDrvSizeT, ErlDrvBinary*, ErlDrvSizeT, ErlDrvSizeT));
+WDD_TYPEDEF(int, driver_outputv, (ErlDrvPort, char*, ErlDrvSizeT, ErlIOVec *, ErlDrvSizeT));
+WDD_TYPEDEF(ErlDrvSizeT, driver_vec_to_buf, (ErlIOVec *, char *, ErlDrvSizeT));
 WDD_TYPEDEF(int, driver_set_timer, (ErlDrvPort, unsigned long));
 WDD_TYPEDEF(int, driver_cancel_timer, (ErlDrvPort));
 WDD_TYPEDEF(int, driver_read_timer, (ErlDrvPort, unsigned long *));
@@ -51,22 +51,22 @@ WDD_TYPEDEF(char *, erl_errno_id, (int));
 WDD_TYPEDEF(void, set_busy_port, (ErlDrvPort, int));
 WDD_TYPEDEF(void, set_port_control_flags, (ErlDrvPort, int));
 WDD_TYPEDEF(int, get_port_flags, (ErlDrvPort));
-WDD_TYPEDEF(ErlDrvBinary *, driver_alloc_binary, (int));
-WDD_TYPEDEF(ErlDrvBinary *, driver_realloc_binary, (ErlDrvBinary *, int));
+WDD_TYPEDEF(ErlDrvBinary *, driver_alloc_binary, (ErlDrvSizeT));
+WDD_TYPEDEF(ErlDrvBinary *, driver_realloc_binary, (ErlDrvBinary *, ErlDrvSizeT));
 WDD_TYPEDEF(void, driver_free_binary, (ErlDrvBinary *));
-WDD_TYPEDEF(void *, driver_alloc, (size_t));
-WDD_TYPEDEF(void *, driver_realloc, (void *, size_t));
+WDD_TYPEDEF(void *, driver_alloc, (ErlDrvSizeT));
+WDD_TYPEDEF(void *, driver_realloc, (void *, ErlDrvSizeT));
 WDD_TYPEDEF(void, driver_free, (void *));
-WDD_TYPEDEF(int, driver_enq, (ErlDrvPort, char*, int));
-WDD_TYPEDEF(int, driver_pushq, (ErlDrvPort, char*, int));
-WDD_TYPEDEF(int, driver_deq, (ErlDrvPort, int));
-WDD_TYPEDEF(int, driver_sizeq, (ErlDrvPort));
-WDD_TYPEDEF(int, driver_enq_bin, (ErlDrvPort, ErlDrvBinary *, int,int));
-WDD_TYPEDEF(int, driver_pushq_bin, (ErlDrvPort, ErlDrvBinary *, int,int));
-WDD_TYPEDEF(int, driver_peekqv, (ErlDrvPort, ErlIOVec *));
+WDD_TYPEDEF(int, driver_enq, (ErlDrvPort, char*, ErlDrvSizeT));
+WDD_TYPEDEF(int, driver_pushq, (ErlDrvPort, char*, ErlDrvSizeT));
+WDD_TYPEDEF(ErlDrvSizeT, driver_deq, (ErlDrvPort, ErlDrvSizeT));
+WDD_TYPEDEF(ErlDrvSizeT, driver_sizeq, (ErlDrvPort));
+WDD_TYPEDEF(int, driver_enq_bin, (ErlDrvPort, ErlDrvBinary *, ErlDrvSizeT, ErlDrvSizeT));
+WDD_TYPEDEF(int, driver_pushq_bin, (ErlDrvPort, ErlDrvBinary *, ErlDrvSizeT, ErlDrvSizeT));
+WDD_TYPEDEF(ErlDrvSizeT, driver_peekqv, (ErlDrvPort, ErlIOVec *));
 WDD_TYPEDEF(SysIOVec *, driver_peekq, (ErlDrvPort, int *));
-WDD_TYPEDEF(int, driver_enqv, (ErlDrvPort, ErlIOVec *, int));
-WDD_TYPEDEF(int, driver_pushqv, (ErlDrvPort, ErlIOVec *, int));
+WDD_TYPEDEF(int, driver_enqv, (ErlDrvPort, ErlIOVec *, ErlDrvSizeT));
+WDD_TYPEDEF(int, driver_pushqv, (ErlDrvPort, ErlIOVec *, ErlDrvSizeT));
 WDD_TYPEDEF(void, add_driver_entry, (ErlDrvEntry *));
 WDD_TYPEDEF(int, remove_driver_entry, (ErlDrvEntry *));
 WDD_TYPEDEF(ErlDrvTermData, driver_mk_atom, (char*));
@@ -83,10 +83,10 @@ WDD_TYPEDEF(void *, driver_dl_open, (char *));
 WDD_TYPEDEF(void *, driver_dl_sym, (void *, char *));
 WDD_TYPEDEF(int, driver_dl_close, (void *));
 WDD_TYPEDEF(char *, driver_dl_error, (void));
-WDD_TYPEDEF(unsigned long, erts_alc_test, (unsigned long,
-					   unsigned long,
-					   unsigned long,
-					   unsigned long));
+WDD_TYPEDEF(ErlDrvUInt, erts_alc_test, (ErlDrvUInt,
+					ErlDrvUInt,
+					ErlDrvUInt,
+					ErlDrvUInt));
 WDD_TYPEDEF(ErlDrvSInt, driver_binary_get_refc, (ErlDrvBinary *dbp));
 WDD_TYPEDEF(ErlDrvSInt, driver_binary_inc_refc, (ErlDrvBinary *dbp));
 WDD_TYPEDEF(ErlDrvSInt, driver_binary_dec_refc, (ErlDrvBinary *dbp));
diff --git a/erts/emulator/sys/win32/erl_win_sys.h b/erts/emulator/sys/win32/erl_win_sys.h
index 92d8577537..03298a6c54 100644
--- a/erts/emulator/sys/win32/erl_win_sys.h
+++ b/erts/emulator/sys/win32/erl_win_sys.h
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 1997-2009. All Rights Reserved.
+ * Copyright Ericsson AB 1997-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -117,9 +117,30 @@ int erts_check_io_debug(void);
 #define SYS_CLK_TCK 1000
 #define SYS_CLOCK_RESOLUTION 1
 
+#if SIZEOF_TIME_T != 8
+#  error "Unexpected sizeof(time_t)"
+#endif
+
+/*
+ * gcc uses a 4 byte time_t and vc++ uses an 8 byte time_t.
+ * Types seen in beam_emu.c *need* to have the same size
+ * as in the rest of the system...
+ */
+typedef __int64 erts_time_t;
+
+struct tm *sys_localtime_r(time_t *epochs, struct tm *ptm);
+struct tm *sys_gmtime_r(time_t *epochs, struct tm *ptm);
+time_t sys_mktime( struct tm *ptm);
+
+#define localtime_r sys_localtime_r
+#define HAVE_LOCALTIME_R 1
+#define gmtime_r sys_gmtime_r
+#define HAVE_GMTIME_R
+#define mktime sys_mktime
+
 typedef struct {
-    long tv_sec;
-    long tv_usec;
+    erts_time_t tv_sec;
+    erts_time_t tv_usec;
 } SysTimeval;
 
 typedef struct {
@@ -169,10 +190,12 @@ void erts_sys_env_init(void);
 extern volatile int erl_fp_exception;
 
 #include <float.h>
-#if defined (__GNUC__)
+/* I suspect this test isn't right, it might depend on the version of GCC
+   rather than if it's a MINGW gcc, but I havent been able to pinpoint the
+   exact point where _finite was added to the headers in cygwin... */
+#if defined (__GNUC__) && !defined(__MINGW32__)
 int _finite(double x);
 #endif
-#endif
 
 /*#define NO_FPE_SIGNALS*/
 #define erts_get_current_fp_exception() NULL
@@ -191,13 +214,6 @@ int _finite(double x);
 #define erts_sys_block_fpe() 0
 #define erts_sys_unblock_fpe(x) do{}while(0)
 
-#define SIZEOF_SHORT   2
-#define SIZEOF_INT     4
-#define SIZEOF_LONG    4
-#define SIZEOF_VOID_P  4
-#define SIZEOF_SIZE_T  4
-#define SIZEOF_OFF_T   4
-
 /*
  * Seems to be missing.
  */
@@ -210,3 +226,4 @@ typedef long ssize_t;
 int init_async(int);
 int exit_async(void);
 #endif
+#endif
diff --git a/erts/emulator/sys/win32/sys.c b/erts/emulator/sys/win32/sys.c
index 6f33ef7ad6..b106f0932d 100644..100755
--- a/erts/emulator/sys/win32/sys.c
+++ b/erts/emulator/sys/win32/sys.c
@@ -474,7 +474,7 @@ static int spawn_init(void);
 static int fd_init(void);
 static void fd_stop(ErlDrvData);
 static void stop(ErlDrvData);
-static void output(ErlDrvData, char*, int);
+static void output(ErlDrvData, char*, ErlDrvSizeT);
 static void ready_input(ErlDrvData, ErlDrvEvent);
 static void ready_output(ErlDrvData, ErlDrvEvent);
 static void stop_select(ErlDrvEvent, void*);
@@ -1634,17 +1634,6 @@ create_child_process
 	WaitForSingleObject(hProcess, 50);
     }
     
-    /* 
-     * When an application spawns a process repeatedly, a new thread 
-     * instance will be created for each process but the previous 
-     * instances may not be cleaned up.  This results in a significant 
-     * virtual memory loss each time the process is spawned.  If there 
-     * is a WaitForInputIdle() call between CreateProcess() and
-     * CloseHandle(), the problem does not occur. PSS ID Number: Q124121
-     */
-    
-    WaitForInputIdle(piProcInfo.hProcess, 5000);
-    
     return ok;
 }
 
@@ -2442,13 +2431,13 @@ threaded_exiter(LPVOID param)
  */
 
 static void
-output(ErlDrvData drv_data, char* buf, int len)
+output(ErlDrvData drv_data, char* buf, ErlDrvSizeT len)
 /*     long drv_data;		/* The slot to use in the driver data table.
 				 * For Windows NT, this is *NOT* a file handle.
 				 * The handle is found in the driver data.
 				 */
-/*     char *buf;			/* Pointer to data to write to the port program. */
-/*     int len;			/* Number of bytes to write. */
+/*     char *buf;		/* Pointer to data to write to the port program. */
+/*     ErlDrvSizeT len;		/* Number of bytes to write. */
 {
     DriverData* dp;
     int pb;			/* The header size for this port. */
@@ -3301,7 +3290,7 @@ erts_sys_schedule_interrupt(int set)
 
 #ifdef ERTS_SMP
 void
-erts_sys_schedule_interrupt_timed(int set, long msec)
+erts_sys_schedule_interrupt_timed(int set, erts_short_time_t msec)
 {
     erts_check_io_interrupt_timed(set, msec);
 }
diff --git a/erts/emulator/sys/win32/sys_env.c b/erts/emulator/sys/win32/sys_env.c
index 7acc7f07ee..064745d418 100644
--- a/erts/emulator/sys/win32/sys_env.c
+++ b/erts/emulator/sys/win32/sys_env.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2002-2010. All Rights Reserved.
+ * Copyright Ericsson AB 2002-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
diff --git a/erts/emulator/sys/win32/sys_float.c b/erts/emulator/sys/win32/sys_float.c
index 9e67ca7f48..6558ad2d99 100644
--- a/erts/emulator/sys/win32/sys_float.c
+++ b/erts/emulator/sys/win32/sys_float.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 1997-2009. All Rights Reserved.
+ * Copyright Ericsson AB 1997-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -18,6 +18,9 @@
  */
 /* Float conversions */
 
+#ifdef HAVE_CONFIG_H
+#  include "config.h"
+#endif
 #include "sys.h"
 #include "signal.h"
 
diff --git a/erts/emulator/sys/win32/sys_interrupt.c b/erts/emulator/sys/win32/sys_interrupt.c
index 93aaa23f97..347c31053b 100644
--- a/erts/emulator/sys/win32/sys_interrupt.c
+++ b/erts/emulator/sys/win32/sys_interrupt.c
@@ -19,6 +19,9 @@
 /*
  * Purpose: Interrupt handling in windows.
  */
+#ifdef HAVE_CONFIG_H
+#  include "config.h"
+#endif
 #include "sys.h"
 #include "erl_alloc.h"
 #include "erl_thr_progress.h"
diff --git a/erts/emulator/sys/win32/sys_time.c b/erts/emulator/sys/win32/sys_time.c
index 50e43065b5..b5123dc45d 100644
--- a/erts/emulator/sys/win32/sys_time.c
+++ b/erts/emulator/sys/win32/sys_time.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 1997-2009. All Rights Reserved.
+ * Copyright Ericsson AB 1997-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -20,6 +20,9 @@
  * Purpose: System-dependent time functions.
  */
 
+#ifdef HAVE_CONFIG_H
+#  include "config.h"
+#endif
 #include "sys.h"
 #include "assert.h"
 
@@ -32,28 +35,336 @@
 /******************* Routines for time measurement *********************/
 
 #define EPOCH_JULIAN_DIFF LL_LITERAL(11644473600)
+#define TICKS_PER_SECOND LL_LITERAL(10000000)
+#define SECONDS_PER_DAY LL_LITERAL(86400)
+
+#define ULI_TO_FILETIME(ft,ull)			\
+ do {						\
+     (ft).dwLowDateTime = (ull).LowPart;	\
+     (ft).dwHighDateTime = (ull).HighPart;	\
+ } while (0)
+
+#define FILETIME_TO_ULI(ull,ft)			\
+ do {						\
+     (ull).LowPart = (ft).dwLowDateTime;	\
+     (ull).HighPart = (ft).dwHighDateTime;	\
+ } while (0)
+
 
+#define EPOCH_TO_FILETIME(ft, epoch) \
+    do { \
+	ULARGE_INTEGER ull; \
+	ull.QuadPart = (((epoch) + EPOCH_JULIAN_DIFF) * TICKS_PER_SECOND); \
+	ULI_TO_FILETIME(ft,ull); \
+    } while(0)
+
+#define FILETIME_TO_EPOCH(epoch, ft) \
+    do { \
+	ULARGE_INTEGER ull; \
+	FILETIME_TO_ULI(ull,ft); \
+	(epoch) = ((ull.QuadPart / TICKS_PER_SECOND) - EPOCH_JULIAN_DIFF); \
+    } while(0)
+ 
 static SysHrTime wrap = 0;
 static DWORD last_tick_count = 0;
 
+/* Getting timezone information is a heavy operation, so we want to do this 
+   only once */
+
+static TIME_ZONE_INFORMATION static_tzi;
+static int have_static_tzi = 0;
+
+static int days_in_month[2][13] = {
+    {0,31,28,31,30,31,30,31,31,30,31,30,31},
+    {0,31,29,31,30,31,30,31,31,30,31,30,31}};
+
 int 
 sys_init_time(void)
 {
+    if(GetTimeZoneInformation(&static_tzi) && 
+       static_tzi.StandardDate.wMonth != 0 &&
+       static_tzi.DaylightDate.wMonth != 0) {
+	have_static_tzi = 1;
+    }
     return 1;
 }
 
+/* Returns a switchtimes for DST as UTC filetimes given data from a 
+   TIME_ZONE_INFORMATION, see sys_localtime_r for usage. */ 
+static void 
+get_dst_switchtime(DWORD year, 
+		   SYSTEMTIME dstinfo, LONG bias,
+		   FILETIME *utc_switchtime) 
+{
+    DWORD occu;
+    DWORD weekday,wday_1st;
+    DWORD day, days_in;
+    FILETIME tmp,tmp2;
+    ULARGE_INTEGER ull;
+    int leap_year = 0;
+    if (dstinfo.wYear != 0) {
+	/* A year specific transition, in which case the data in the structure
+	   is already properly set for a specific year. Compare year
+	   with parameter and see if they correspond, in that case generate a 
+	   filetime directly, otherwise set the filetime to 0 */
+	if (year != dstinfo.wYear) {
+	    utc_switchtime->dwLowDateTime = utc_switchtime->dwHighDateTime = 0;
+	    return;
+	} 
+    } else {
+	occu = dstinfo.wDay;
+	weekday = dstinfo.wDayOfWeek;
+
+	dstinfo.wDayOfWeek = 0;
+	dstinfo.wDay = 1;
+	dstinfo.wYear = year;
+	
+	SystemTimeToFileTime(&dstinfo,&tmp);
+	ull.LowPart = tmp.dwLowDateTime;
+	ull.HighPart = tmp.dwHighDateTime;
+    
+	ull.QuadPart /= (TICKS_PER_SECOND*SECONDS_PER_DAY); /* Julian Day */
+	wday_1st = (DWORD) ((ull.QuadPart + LL_LITERAL(1)) % LL_LITERAL(7));
+	day = (weekday >= wday_1st) ? 
+	    weekday - wday_1st + 1 :
+	    weekday - wday_1st + 8;
+	--occu;
+	if (((dstinfo.wYear % 4) == 0 && (dstinfo.wYear % 100) > 0) ||
+	    ((dstinfo.wYear % 400) == 0)) {
+	    leap_year = 1;
+	}
+	days_in = days_in_month[leap_year][dstinfo.wMonth];
+	while (occu > 0 && (day + 7 <= days_in)) {
+	    --occu;
+	    day += 7;
+	}
+	dstinfo.wDay = day;
+    }
+    SystemTimeToFileTime(&dstinfo,&tmp);
+    /* correct for bias */
+    ull.LowPart = tmp.dwLowDateTime;
+    ull.HighPart = tmp.dwHighDateTime;
+    ull.QuadPart += (((LONGLONG) bias) * LL_LITERAL(60) * TICKS_PER_SECOND);
+    utc_switchtime->dwLowDateTime = ull.LowPart;
+    utc_switchtime->dwHighDateTime = ull.HighPart;
+    return;
+}
+
+/* This function gives approximately the correct year from a FILETIME
+   Around the actual new year, it may return the wrong value, but that's OK
+   as DST never switches around new year. */
+static DWORD 
+approx_year(FILETIME ft)
+{
+    ULARGE_INTEGER ull;
+    FILETIME_TO_ULI(ull,ft);
+    ull.QuadPart /= LL_LITERAL(1000);
+    ull.QuadPart /= SECONDS_PER_DAY;
+    ull.QuadPart /= LL_LITERAL(3652425);
+    ull.QuadPart += 1601;
+    return (DWORD) ull.QuadPart;
+}
+
+struct tm *
+sys_localtime_r(time_t *epochs, struct tm *ptm)
+{
+    FILETIME ft,lft;
+    SYSTEMTIME st;
+    
+    if ((((*epochs) + EPOCH_JULIAN_DIFF) * TICKS_PER_SECOND) < 0LL) {
+	fprintf(stderr,"1\r\n"); fflush(stderr);
+	return NULL;
+    }
+    
+    EPOCH_TO_FILETIME(ft,*epochs);
+    ptm->tm_isdst = 0;
+    if (have_static_tzi) {
+	FILETIME dst_start, dst_stop;
+	ULARGE_INTEGER ull;
+	DWORD year = approx_year(ft);
+	get_dst_switchtime(year,static_tzi.DaylightDate,
+			   static_tzi.Bias+static_tzi.StandardBias,&dst_start);
+	get_dst_switchtime(year,static_tzi.StandardDate,
+			   static_tzi.Bias+static_tzi.StandardBias+
+			   static_tzi.DaylightBias,
+			   &dst_stop);
+	FILETIME_TO_ULI(ull,ft);
+
+	if (CompareFileTime(&ft,&dst_start) >= 0 && 
+	    CompareFileTime(&ft,&dst_stop) < 0) {
+	    ull.QuadPart -= 
+		((LONGLONG) static_tzi.Bias+static_tzi.StandardBias+
+		 static_tzi.DaylightBias) * 
+		LL_LITERAL(60) * TICKS_PER_SECOND;
+	    ptm->tm_isdst = 1;
+	} else {
+	    ull.QuadPart -= 
+		((LONGLONG) static_tzi.Bias+static_tzi.StandardBias) 
+		* LL_LITERAL(60) * TICKS_PER_SECOND;
+	}
+	ULI_TO_FILETIME(ft,ull);
+    } else {
+	if (!FileTimeToLocalFileTime(&ft,&lft)) {
+	    return NULL;
+	}
+	ft = lft;
+    }
+    
+    if (!FileTimeToSystemTime(&ft,&st)) {
+	return NULL;
+    }
+    
+    ptm->tm_year = (int) st.wYear - 1900;
+    ptm->tm_mon  = (int) st.wMonth - 1;
+    ptm->tm_mday = (int) st.wDay;
+    ptm->tm_hour = (int) st.wHour;
+    ptm->tm_min  = (int) st.wMinute;
+    ptm->tm_sec  = (int) st.wSecond;
+    ptm->tm_wday  = (int) st.wDayOfWeek;
+    {
+	int yday = ptm->tm_mday - 1;
+	int m =  ptm->tm_mon;
+	int leap_year = 0;
+	if (((st.wYear % 4) == 0 && (st.wYear % 100) > 0) ||
+	    ((st.wYear % 400) == 0)) {
+	    leap_year = 1;
+	}
+	while (m > 0) {
+	    yday +=days_in_month[leap_year][m];
+	    --m;
+	}
+	ptm->tm_yday = yday;
+    }
+    return ptm;
+}
+
+struct tm * 
+sys_gmtime_r(time_t *epochs, struct tm *ptm)
+{
+    FILETIME ft;
+    SYSTEMTIME st;
+    
+    if ((((*epochs) + EPOCH_JULIAN_DIFF) * TICKS_PER_SECOND) < 0LL) {
+	return NULL;
+    }
+    
+    EPOCH_TO_FILETIME(ft,*epochs);
+    
+    if (!FileTimeToSystemTime(&ft,&st)) {
+	return NULL;
+    }
+    
+    ptm->tm_year = (int) st.wYear - 1900;
+    ptm->tm_mon  = (int) st.wMonth - 1;
+    ptm->tm_mday = (int) st.wDay;
+    ptm->tm_hour = (int) st.wHour;
+    ptm->tm_min  = (int) st.wMinute;
+    ptm->tm_sec  = (int) st.wSecond;
+    ptm->tm_wday  = (int) st.wDayOfWeek;
+    ptm->tm_isdst  = 0;
+    {
+	int yday = ptm->tm_mday - 1;
+	int m =  ptm->tm_mon;
+	int leap_year = 0;
+	if (((st.wYear % 4) == 0 && (st.wYear % 100) > 0) ||
+	    ((st.wYear % 400) == 0)) {
+	    leap_year = 1;
+	}
+	while (m > 0) {
+	    yday +=days_in_month[leap_year][m];
+	    --m;
+	}
+	ptm->tm_yday = yday;
+    }
+
+    return ptm;
+}
+
+time_t 
+sys_mktime(struct tm *ptm) 
+{
+    FILETIME ft;
+    SYSTEMTIME st;
+    int dst = 0;
+    time_t epochs;
+
+    memset(&st,0,sizeof(st));
+    /* Convert relevant parts of truct tm to SYSTEMTIME */
+    st.wYear =  (USHORT) (ptm->tm_year + 1900);
+    st.wMonth =  (USHORT) (ptm->tm_mon + 1);
+    st.wDay =  (USHORT) ptm->tm_mday;
+    st.wHour =  (USHORT) ptm->tm_hour;
+    st.wMinute =  (USHORT) ptm->tm_min;
+    st.wSecond = (USHORT) ptm->tm_sec;
+
+    SystemTimeToFileTime(&st,&ft);
+    
+    /* ft is now some kind of local file time, but it may be wrong depending 
+       on what is in the tm_dst field. We need to manually convert it to
+       UTC before turning it into epochs */
+
+    if (have_static_tzi) {
+	FILETIME dst_start, dst_stop;
+	ULARGE_INTEGER ull_start,ull_stop,ull_ft;
+
+	FILETIME_TO_ULI(ull_ft,ft);
+
+	/* Correct everything except DST */
+	ull_ft.QuadPart += (static_tzi.Bias+static_tzi.StandardBias) 
+	    * LL_LITERAL(60) * TICKS_PER_SECOND;
+
+	/* Determine if DST is active */
+	if (ptm->tm_isdst >= 0) {
+	    dst = ptm->tm_isdst;
+	} else if (static_tzi.DaylightDate.wMonth != 0){
+	    /* This is how windows mktime does it, meaning it does not
+	       take nonexisting local times into account */
+	    get_dst_switchtime(st.wYear,static_tzi.DaylightDate,
+			       static_tzi.Bias+static_tzi.StandardBias,
+			       &dst_start);
+	    get_dst_switchtime(st.wYear,static_tzi.StandardDate,
+			       static_tzi.Bias+static_tzi.StandardBias+
+			       static_tzi.DaylightBias,
+			       &dst_stop);
+	    FILETIME_TO_ULI(ull_start,dst_start);
+	    FILETIME_TO_ULI(ull_stop,dst_stop);
+	    if ((ull_ft.QuadPart >= ull_start.QuadPart) &&
+		(ull_ft.QuadPart < ull_stop.QuadPart)) {
+		/* We are in DST */
+		dst = 1;
+	    }
+	}
+	/* Correct for DST */
+	if (dst) {
+	    ull_ft.QuadPart += static_tzi.DaylightBias * 
+		LL_LITERAL(60) * TICKS_PER_SECOND;
+	}
+	epochs = ((ull_ft.QuadPart / TICKS_PER_SECOND) - EPOCH_JULIAN_DIFF);
+    } else {
+	/* No DST, life is easy... */
+	FILETIME lft;
+	LocalFileTimeToFileTime(&ft,&lft);
+	FILETIME_TO_EPOCH(epochs,lft);
+    }
+    /* Normalize the struct tm */
+    sys_localtime_r(&epochs,ptm);
+    return epochs;
+}
+
 void 
 sys_gettimeofday(SysTimeval *tv)
 {
     SYSTEMTIME t;
     FILETIME ft;
-    LONGLONG lft;
+    ULARGE_INTEGER ull;
 
     GetSystemTime(&t);
     SystemTimeToFileTime(&t, &ft);
-    memcpy(&lft, &ft, sizeof(lft));
-    tv->tv_usec = (long) ((lft / LL_LITERAL(10)) % LL_LITERAL(1000000));
-    tv->tv_sec = (long) ((lft / LL_LITERAL(10000000)) - EPOCH_JULIAN_DIFF);
+    FILETIME_TO_ULI(ull,ft);
+    tv->tv_usec = (long) ((ull.QuadPart / LL_LITERAL(10)) % 
+			  LL_LITERAL(1000000));
+    tv->tv_sec = (long) ((ull.QuadPart / LL_LITERAL(10000000)) - 
+			 EPOCH_JULIAN_DIFF);
 }
 
 SysHrTime 
@@ -88,9 +399,3 @@ sys_times(SysTimes *buffer) {
     buffer->tms_stime = (clock_t) (system & LL_LITERAL(0x7FFFFFFF));
     return kernel_ticks;
 }
-
-
-
-
-
-
diff --git a/erts/emulator/test/Makefile b/erts/emulator/test/Makefile
index 4d0c87bf12..a3dcbc4cf3 100644
--- a/erts/emulator/test/Makefile
+++ b/erts/emulator/test/Makefile
@@ -61,7 +61,7 @@ MODULES= \
 	exception_SUITE \
 	float_SUITE \
 	fun_SUITE \
-	fun_r12_SUITE \
+	fun_r13_SUITE \
 	gc_SUITE \
 	guard_SUITE \
 	hash_SUITE \
@@ -88,6 +88,7 @@ MODULES= \
 	send_term_SUITE \
 	sensitive_SUITE \
 	signal_SUITE \
+	smoke_test_SUITE \
 	statistics_SUITE \
 	system_info_SUITE \
 	system_profile_SUITE \
diff --git a/erts/emulator/test/a_SUITE_data/timer_driver.c b/erts/emulator/test/a_SUITE_data/timer_driver.c
index ef4dcdf501..44be94e0f0 100644
--- a/erts/emulator/test/a_SUITE_data/timer_driver.c
+++ b/erts/emulator/test/a_SUITE_data/timer_driver.c
@@ -17,7 +17,9 @@
 #define CANCELLED 4
 
 static ErlDrvData timer_start(ErlDrvPort, char*);
-static void timer_stop(ErlDrvData), timer_read(ErlDrvData, char*, int), timer(ErlDrvData);
+static void timer_stop(ErlDrvData),
+    timer_read(ErlDrvData, char*, ErlDrvSizeT),
+    timer(ErlDrvData);
 
 static ErlDrvEntry timer_driver_entry =
 {
@@ -33,6 +35,16 @@ static ErlDrvEntry timer_driver_entry =
     NULL,
     timer,
     NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
     NULL
 };
 
@@ -47,8 +59,9 @@ static ErlDrvData timer_start(ErlDrvPort port, char *buf)
 }
 
 /* set the timer, this is monitored from erlang measuring the time */
-static void timer_read(ErlDrvData port, char *buf, int len)
+static void timer_read(ErlDrvData p, char *buf, ErlDrvSizeT len)
 {
+    ErlDrvPort port = (ErlDrvPort) p;
     char reply[1];
 
     if (buf[0] == START_TIMER) { 
@@ -62,8 +75,9 @@ static void timer_read(ErlDrvData port, char *buf, int len)
     }
 }
 
-static void timer_stop(ErlDrvData port)
+static void timer_stop(ErlDrvData p)
 {
+    ErlDrvPort port = (ErlDrvPort) p;
     driver_cancel_timer(port);
 }
 
diff --git a/erts/emulator/test/alloc_SUITE_data/allocator_test.h b/erts/emulator/test/alloc_SUITE_data/allocator_test.h
index 8b34375980..cd4a91d34a 100644
--- a/erts/emulator/test/alloc_SUITE_data/allocator_test.h
+++ b/erts/emulator/test/alloc_SUITE_data/allocator_test.h
@@ -19,7 +19,7 @@
 #ifndef ALLOCATOR_TEST_H__
 #define ALLOCATOR_TEST_H__
 
-typedef unsigned long Ulong;
+typedef ErlDrvUInt Ulong;
 
 #ifndef __WIN32__
 Ulong erts_alc_test(Ulong, Ulong, Ulong, Ulong);
diff --git a/erts/emulator/test/alloc_SUITE_data/testcase_driver.c b/erts/emulator/test/alloc_SUITE_data/testcase_driver.c
index 1e98844838..66971654a2 100644
--- a/erts/emulator/test/alloc_SUITE_data/testcase_driver.c
+++ b/erts/emulator/test/alloc_SUITE_data/testcase_driver.c
@@ -50,13 +50,32 @@ typedef struct {
 
 ErlDrvData testcase_drv_start(ErlDrvPort port, char *command);
 void testcase_drv_stop(ErlDrvData drv_data);
-void testcase_drv_run(ErlDrvData drv_data, char *buf, int len);
+void testcase_drv_run(ErlDrvData drv_data, char *buf, ErlDrvSizeT len);
 
 static ErlDrvEntry testcase_drv_entry = { 
     NULL,
     testcase_drv_start,
     testcase_drv_stop,
-    testcase_drv_run
+    testcase_drv_run,
+    NULL,
+    NULL,
+    "testcase_drv",
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL
 };
 
 
@@ -92,7 +111,7 @@ testcase_drv_stop(ErlDrvData drv_data)
 }
 
 void
-testcase_drv_run(ErlDrvData drv_data, char *buf, int len)
+testcase_drv_run(ErlDrvData drv_data, char *buf, ErlDrvSizeT len)
 {
     InternalTestCaseState_t *itcs = (InternalTestCaseState_t *) drv_data;
     ErlDrvTermData result_atom;
diff --git a/erts/emulator/test/big_SUITE.erl b/erts/emulator/test/big_SUITE.erl
index 3487917677..413bd3bcae 100644
--- a/erts/emulator/test/big_SUITE.erl
+++ b/erts/emulator/test/big_SUITE.erl
@@ -26,7 +26,7 @@
 	 shift_limit_1/1, powmod/1, system_limit/1, otp_6692/1]).
 
 %% Internal exports.
--export([eval/1, funcall/2]).
+-export([eval/1]).
 -export([init/3]).
 
 -export([fac/1, fib/1, pow/2, gcd/2, lcm/2]).
@@ -162,12 +162,15 @@ multi_match([Node|Ns], Expr, Rs) ->
 multi_match([], _, Rs) -> Rs.
 
 eval(Expr) ->
-    Fun = {?MODULE,funcall},
-    {value,V,_} = erl_eval:expr(Expr, [], Fun),	%Applied arithmetic BIFs.
-    V = eval(Expr, Fun),			%Real arithmetic instructions.
-    V.
+    LFH = fun(Name, As) -> apply(?MODULE, Name, As) end,
+
+    %% Applied arithmetic BIFs.
+    {value,V,_} = erl_eval:expr(Expr, [], {value,LFH}),
 
-funcall(F, As) -> apply(?MODULE, F, As).
+    %% Real arithmetic instructions.
+    V = eval(Expr, LFH),
+
+    V.
 
 %% Like a subset of erl_eval:expr/3, but uses real arithmetic instructions instead of
 %% applying them (it does make a difference).
diff --git a/erts/emulator/test/busy_port_SUITE_data/busy_drv.c b/erts/emulator/test/busy_port_SUITE_data/busy_drv.c
index 1273d610ba..75106d3757 100644
--- a/erts/emulator/test/busy_port_SUITE_data/busy_drv.c
+++ b/erts/emulator/test/busy_port_SUITE_data/busy_drv.c
@@ -11,7 +11,8 @@
 #define YES 1
 
 static ErlDrvData busy_start(ErlDrvPort, char*);
-static void busy_stop(ErlDrvData), busy_from_erlang(ErlDrvData, char*, int);
+static void busy_stop(ErlDrvData),
+    busy_from_erlang(ErlDrvData, char*, ErlDrvSizeT);
 
 ErlDrvEntry busy_driver_entry =
 {
@@ -23,6 +24,20 @@ ErlDrvEntry busy_driver_entry =
     NULL,
     "busy_drv",
     NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
     NULL
 };
 
@@ -73,7 +88,7 @@ static void busy_stop(ErlDrvData port)
 }
 
 static void
-busy_from_erlang(ErlDrvData port, char* buf, int count)
+busy_from_erlang(ErlDrvData port, char* buf, ErlDrvSizeT count)
 {
     if ((ErlDrvPort)port == slave_port) {
 	set_busy_port(slave_port, next_slave_state);
diff --git a/erts/emulator/test/busy_port_SUITE_data/hs_busy_drv.c b/erts/emulator/test/busy_port_SUITE_data/hs_busy_drv.c
index 35919da2d0..9f6bd310c6 100644
--- a/erts/emulator/test/busy_port_SUITE_data/hs_busy_drv.c
+++ b/erts/emulator/test/busy_port_SUITE_data/hs_busy_drv.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 2009. All Rights Reserved.
+ * Copyright Ericsson AB 2009-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -21,9 +21,9 @@
 #include "erl_driver.h"
 
 ErlDrvData start(ErlDrvPort port, char *command);
-void output(ErlDrvData drv_data, char *buf, int len);
-int control(ErlDrvData drv_data, unsigned int command, char *buf, 
-	    int len, char **rbuf, int rlen); 
+void output(ErlDrvData drv_data, char *buf, ErlDrvSizeT len);
+ErlDrvSSizeT control(ErlDrvData drv_data, unsigned int command, char *buf,
+		     ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen);
 
 static ErlDrvEntry busy_drv_entry = { 
     NULL /* init */,
@@ -61,7 +61,7 @@ ErlDrvData start(ErlDrvPort port, char *command)
     return (ErlDrvData) port;
 }
 
-void output(ErlDrvData drv_data, char *buf, int len)
+void output(ErlDrvData drv_data, char *buf, ErlDrvSizeT len)
 {
     int res;
     ErlDrvPort port = (ErlDrvPort) drv_data;
@@ -76,8 +76,8 @@ void output(ErlDrvData drv_data, char *buf, int len)
 	driver_failure_atom(port, "driver_output_term failed");
 }
 
-int control(ErlDrvData drv_data, unsigned int command, char *buf, 
-	    int len, char **rbuf, int rlen)
+ErlDrvSSizeT control(ErlDrvData drv_data, unsigned int command, char *buf,
+		     ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen)
 {
     switch (command) {
     case 'B': /* busy */
diff --git a/erts/emulator/test/call_trace_SUITE.erl b/erts/emulator/test/call_trace_SUITE.erl
index 3e2bee06d1..7030ebed3f 100644
--- a/erts/emulator/test/call_trace_SUITE.erl
+++ b/erts/emulator/test/call_trace_SUITE.erl
@@ -165,10 +165,14 @@ worker_loop() ->
 worker_foo(_Arg) ->
     ok.
 
-basic(doc) ->    
-    "Basic test of the call tracing (we trace one process).";
-basic(suite) -> [];
-basic(Config) when is_list(Config) ->
+%% Basic test of the call tracing (we trace one process).
+basic(_Config) ->
+    case test_server:is_native(lists) of
+	true -> {skip,"lists is native"};
+	false -> basic()
+    end.
+
+basic() ->
     ?line start_tracer(),
     ?line trace_info(self(), flags),
     ?line trace_info(self(), tracer),
@@ -263,9 +267,15 @@ foo() -> foo0.
 foo(X) -> X+1.
 foo(X, Y) -> X+Y.
 
-flags(doc) -> "Test flags (arity, timestamp) for call_trace/3. "
-		  "Also, test the '{tracer,Pid}' option.";
-flags(Config) when is_list(Config) ->
+%% Test flags (arity, timestamp) for call_trace/3.
+%% Also, test the '{tracer,Pid}' option.
+flags(_Config) ->
+    case test_server:is_native(filename) of
+	true -> {skip,"filename is native"};
+	false -> flags()
+    end.
+
+flags() ->
     ?line Tracer = start_tracer_loop(),
     ?line trace_pid(self(), true, [call,{tracer,Tracer}]),
 
@@ -428,9 +438,14 @@ pam_foo(A, B) ->
     {ok,A,B}.
 
 
-change_pam(doc) -> "Test changing PAM programs for a function.";
-change_pam(suite) -> [];
-change_pam(Config) when is_list(Config) ->
+%% Test changing PAM programs for a function.
+change_pam(_Config) ->
+    case test_server:is_native(lists) of
+	true -> {skip,"lists is native"};
+	false -> change_pam()
+    end.
+
+change_pam() ->
     ?line start_tracer(),
     ?line Self = self(),
 
@@ -468,10 +483,11 @@ change_pam_trace(Prog) ->
     {match_spec,Prog} = trace_info({erlang,process_info,2}, match_spec),
     ok.
 
-return_trace(doc) -> "Test the new return trace.";
-return_trace(suite) -> [];
-return_trace(Config) when is_list(Config) ->
-    return_trace().
+return_trace(_Config) ->
+    case test_server:is_native(lists) of
+	true -> {skip,"lists is native"};
+	false -> return_trace()
+    end.
 
 return_trace() ->
     X = {save,me},
@@ -521,7 +537,7 @@ return_trace() ->
     ?line {match_spec,Prog2} = trace_info({erlang,atom_to_list,1}, match_spec),
 
     ?line lists:seq(2, 7),
-    ?line atom_to_list(non_literal(nisse)),
+    ?line _ = atom_to_list(non_literal(nisse)),
     ?line expect({trace,Self,return_from,{lists,seq,2},[2,3,4,5,6,7]}),
     ?line expect({trace,Self,return_from,{erlang,atom_to_list,1},"nisse"}),
 
@@ -539,10 +555,11 @@ return_trace() ->
 nasty() ->
     exit(good_bye).
 
-exception_trace(doc) -> "Test the new exception trace.";
-exception_trace(suite) -> [];
-exception_trace(Config) when is_list(Config) ->
-    exception_trace().
+exception_trace(_Config) ->
+    case test_server:is_native(lists) of
+	true -> {skip,"lists is native"};
+	false -> exception_trace()
+    end.
 
 exception_trace() ->
     X = {save,me},
@@ -600,7 +617,7 @@ exception_trace() ->
 	trace_info({erlang,atom_to_list,1}, match_spec),
 
     ?line lists:seq(2, 7),
-    ?line atom_to_list(non_literal(nisse)),
+    ?line _ = atom_to_list(non_literal(nisse)),
     ?line expect({trace,Self,return_from,{lists,seq,2},[2,3,4,5,6,7]}),
     ?line expect({trace,Self,return_from,{erlang,atom_to_list,1},"nisse"}),
 
diff --git a/erts/emulator/test/code_SUITE.erl b/erts/emulator/test/code_SUITE.erl
index 2f9b01cc92..25ce94096f 100644
--- a/erts/emulator/test/code_SUITE.erl
+++ b/erts/emulator/test/code_SUITE.erl
@@ -20,7 +20,7 @@
 -module(code_SUITE).
 -export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
 	 init_per_group/2,end_per_group/2,
-	 new_binary_types/1,
+	 versions/1,new_binary_types/1,
 	 t_check_process_code/1,t_check_old_code/1,
 	 t_check_process_code_ets/1,
 	 external_fun/1,get_chunk/1,module_md5/1,make_stub/1,
@@ -33,7 +33,7 @@
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
-    [new_binary_types, t_check_process_code,
+    [versions, new_binary_types, t_check_process_code,
      t_check_process_code_ets, t_check_old_code, external_fun, get_chunk,
      module_md5, make_stub, make_stub_many_funs,
      constant_pools, constant_refc_binaries, false_dependency,
@@ -56,6 +56,60 @@ init_per_group(_GroupName, Config) ->
 end_per_group(_GroupName, Config) ->
     Config.
 
+%% Make sure that only two versions of a module can be loaded.
+versions(Config) when is_list(Config) ->
+    V1 = compile_version(1, Config),
+    V2 = compile_version(2, Config),
+    V3 = compile_version(3, Config),
+
+    {ok,P1,1} = load_version(V1, 1),
+    {ok,P2,2} = load_version(V2, 2),
+    {error,not_purged} = load_version(V2, 2),
+    {error,not_purged} = load_version(V3, 3),
+
+    1 = check_version(P1),
+    2 = check_version(P2),
+    2 = versions:version(),
+
+    %% Kill processes, unload code.
+    P1 ! P2 ! done,
+    _ = monitor(process, P1),
+    _ = monitor(process, P2),
+    receive
+	{'DOWN',_,process,P1,normal} -> ok
+    end,
+    receive
+	{'DOWN',_,process,P2,normal} -> ok
+    end,
+    true = erlang:purge_module(versions),
+    true = erlang:delete_module(versions),
+    true = erlang:purge_module(versions),
+    ok.
+
+compile_version(Version, Config) ->
+    Data = ?config(data_dir, Config),
+    File = filename:join(Data, "versions"),
+    {ok,versions,Bin} = compile:file(File, [{d,'VERSION',Version},
+					    binary,report]),
+    Bin.
+
+load_version(Code, Ver) ->
+    case erlang:load_module(versions, Code) of
+	{module,versions} ->
+	    Pid = spawn_link(versions, loop, []),
+	    Ver = versions:version(),
+	    Ver = check_version(Pid),
+	    {ok,Pid,Ver};
+	Error ->
+	    Error
+    end.
+
+check_version(Pid) ->
+    Pid ! {self(),version},
+    receive
+	{Pid,version,Version} ->
+	    Version
+    end.
 
 new_binary_types(Config) when is_list(Config) ->
     ?line Data = ?config(data_dir, Config),
diff --git a/erts/emulator/test/code_SUITE_data/literals.erl b/erts/emulator/test/code_SUITE_data/literals.erl
index d9cb8938db..658427095e 100644
--- a/erts/emulator/test/code_SUITE_data/literals.erl
+++ b/erts/emulator/test/code_SUITE_data/literals.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2007-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/erts/emulator/test/code_SUITE_data/versions.erl b/erts/emulator/test/code_SUITE_data/versions.erl
new file mode 100644
index 0000000000..7a6fd8847d
--- /dev/null
+++ b/erts/emulator/test/code_SUITE_data/versions.erl
@@ -0,0 +1,33 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(versions).
+-export([loop/0,version/0]).
+
+loop() ->
+    receive
+	{Pid,version} ->
+	    Pid ! {self(),version,version()},
+	    loop();
+	done ->
+	    ok
+    end.
+
+version() ->
+    ?VERSION.
diff --git a/erts/emulator/test/ddll_SUITE_data/dummy_drv.c b/erts/emulator/test/ddll_SUITE_data/dummy_drv.c
index e0d5067743..86f2abf1b1 100644
--- a/erts/emulator/test/ddll_SUITE_data/dummy_drv.c
+++ b/erts/emulator/test/ddll_SUITE_data/dummy_drv.c
@@ -7,7 +7,7 @@
 
 static ErlDrvPort erlang_port;
 static ErlDrvData dummy_start(ErlDrvPort, char*);
-static void dummy_read(ErlDrvData port, char *buf, int count);
+static void dummy_read(ErlDrvData port, char *buf, ErlDrvSizeT count);
 static void dummy_stop(ErlDrvData), easy_read(ErlDrvData, char*, int);
 
 static ErlDrvEntry dummy_driver_entry = { 
@@ -18,6 +18,21 @@ static ErlDrvEntry dummy_driver_entry = {
     NULL,
     NULL,
     "dummy_drv",
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
     NULL
 };
 
@@ -37,7 +52,7 @@ static ErlDrvData dummy_start(ErlDrvPort port,char *buf)
     return (ErlDrvData)port;
 }
 
-static void dummy_read(ErlDrvData port, char *buf, int count)
+static void dummy_read(ErlDrvData port, char *buf, ErlDrvSizeT count)
 {
     driver_output(erlang_port, buf, count);
 }
diff --git a/erts/emulator/test/ddll_SUITE_data/echo_drv.c b/erts/emulator/test/ddll_SUITE_data/echo_drv.c
index edf78a979d..2b3510c641 100644
--- a/erts/emulator/test/ddll_SUITE_data/echo_drv.c
+++ b/erts/emulator/test/ddll_SUITE_data/echo_drv.c
@@ -3,9 +3,10 @@
 
 static ErlDrvPort erlang_port;
 static ErlDrvData echo_start(ErlDrvPort, char *);
-static void from_erlang(ErlDrvData, char*, int);
-static int echo_call(ErlDrvData drv_data, unsigned int command, char *buf, 
-		     int len, char **rbuf, int rlen, unsigned *ret_flags);
+static void from_erlang(ErlDrvData, char*, ErlDrvSizeT);
+static ErlDrvSSizeT echo_call(ErlDrvData drv_data, unsigned int command,
+			      char *buf, ErlDrvSizeT len,
+			      char **rbuf, ErlDrvSizeT rlen, unsigned *ret_flags);
 static ErlDrvEntry echo_driver_entry = { 
     NULL,			/* Init */
     echo_start,
@@ -21,7 +22,15 @@ static ErlDrvEntry echo_driver_entry = {
     NULL,
     NULL,
     NULL,
-    echo_call
+    echo_call,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL
 };
 
 DRIVER_INIT(echo_drv)
@@ -36,14 +45,15 @@ echo_start(ErlDrvPort port, char *buf)
 }
 
 static void
-from_erlang(ErlDrvData data, char *buf, int count)
+from_erlang(ErlDrvData data, char *buf, ErlDrvSizeT count)
 {
     driver_output((ErlDrvPort) data, buf, count);
 }
 
-static int 
-echo_call(ErlDrvData drv_data, unsigned int command, char *buf, 
-	  int len, char **rbuf, int rlen, unsigned *ret_flags) 
+static ErlDrvSSizeT
+echo_call(ErlDrvData drv_data, unsigned int command,
+	  char *buf, ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen,
+	  unsigned *ret_flags)
 {
     *rbuf = buf;
     *ret_flags |= DRIVER_CALL_KEEP_BUFFER;
diff --git a/erts/emulator/test/ddll_SUITE_data/echo_drv_fail_init.c b/erts/emulator/test/ddll_SUITE_data/echo_drv_fail_init.c
index 3b2a44d907..26aa03a012 100644
--- a/erts/emulator/test/ddll_SUITE_data/echo_drv_fail_init.c
+++ b/erts/emulator/test/ddll_SUITE_data/echo_drv_fail_init.c
@@ -3,9 +3,10 @@
 
 static ErlDrvPort erlang_port;
 static ErlDrvData echo_start(ErlDrvPort, char *);
-static void from_erlang(ErlDrvData, char*, int);
-static int echo_call(ErlDrvData drv_data, unsigned int command, char *buf, 
-		     int len, char **rbuf, int rlen, unsigned *ret_flags);
+static void from_erlang(ErlDrvData, char*, ErlDrvSizeT);
+static ErlDrvSSizeT echo_call(ErlDrvData drv_data, unsigned int command,
+			      char *buf, ErlDrvSizeT len,
+			      char **rbuf, ErlDrvSizeT rlen, unsigned *ret_flags);
 static int echo_failing_init(void);
 
 static ErlDrvEntry echo_driver_entry = { 
@@ -23,7 +24,15 @@ static ErlDrvEntry echo_driver_entry = {
     NULL,
     NULL,
     NULL,
-    echo_call
+    echo_call,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL
 };
 
 DRIVER_INIT(echo_drv)
@@ -43,14 +52,15 @@ echo_start(ErlDrvPort port, char *buf)
 }
 
 static void
-from_erlang(ErlDrvData data, char *buf, int count)
+from_erlang(ErlDrvData data, char *buf, ErlDrvSizeT count)
 {
     driver_output((ErlDrvPort) data, buf, count);
 }
 
-static int 
-echo_call(ErlDrvData drv_data, unsigned int command, char *buf, 
-	  int len, char **rbuf, int rlen, unsigned *ret_flags) 
+static ErlDrvSSizeT
+echo_call(ErlDrvData drv_data, unsigned int command,
+	  char *buf, ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen,
+	  unsigned *ret_flags)
 {
     *rbuf = buf;
     *ret_flags |= DRIVER_CALL_KEEP_BUFFER;
diff --git a/erts/emulator/test/ddll_SUITE_data/initfail_drv.c b/erts/emulator/test/ddll_SUITE_data/initfail_drv.c
index b676ff5121..ad241b9c4f 100644
--- a/erts/emulator/test/ddll_SUITE_data/initfail_drv.c
+++ b/erts/emulator/test/ddll_SUITE_data/initfail_drv.c
@@ -3,7 +3,7 @@
 
 static ErlDrvPort erlang_port;
 static ErlDrvData easy_start(ErlDrvPort, char*);
-static void easy_stop(ErlDrvData), easy_read(ErlDrvData, char*, int);
+static void easy_stop(ErlDrvData), easy_read(ErlDrvData, char*, ErlDrvSizeT);
 
 static ErlDrvEntry easy_driver_entry =
 {
@@ -14,6 +14,21 @@ static ErlDrvEntry easy_driver_entry =
   NULL,
   NULL,
   "easy",
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  ERL_DRV_EXTENDED_MARKER,
+  ERL_DRV_EXTENDED_MAJOR_VERSION,
+  ERL_DRV_EXTENDED_MINOR_VERSION,
+  0,
+  NULL,
+  NULL,
   NULL
 };
 
@@ -34,7 +49,7 @@ static ErlDrvData easy_start(ErlDrvPort port, char *buf)
     return (ErlDrvData)port;
 }
 
-static void easy_read(ErlDrvData port, char *buf, int count)
+static void easy_read(ErlDrvData port, char *buf, ErlDrvSizeT count)
 {
     driver_output(erlang_port, buf, count);
 }
diff --git a/erts/emulator/test/ddll_SUITE_data/lock_drv.c b/erts/emulator/test/ddll_SUITE_data/lock_drv.c
index 2ec8fa3a29..d2605c5bfc 100644
--- a/erts/emulator/test/ddll_SUITE_data/lock_drv.c
+++ b/erts/emulator/test/ddll_SUITE_data/lock_drv.c
@@ -3,9 +3,10 @@
 
 static ErlDrvPort erlang_port;
 static ErlDrvData echo_start(ErlDrvPort, char *);
-static void from_erlang(ErlDrvData, char*, int);
-static int echo_call(ErlDrvData drv_data, unsigned int command, char *buf, 
-		     int len, char **rbuf, int rlen, unsigned *ret_flags);
+static void from_erlang(ErlDrvData, char*, ErlDrvSizeT);
+static ErlDrvSSizeT echo_call(ErlDrvData drv_data, unsigned int command,
+			      char *buf, ErlDrvSizeT len,
+			      char **rbuf, ErlDrvSizeT rlen, unsigned *ret_flags);
 static ErlDrvEntry echo_driver_entry = { 
     NULL,			/* Init */
     echo_start,
@@ -21,7 +22,15 @@ static ErlDrvEntry echo_driver_entry = {
     NULL,
     NULL,
     NULL,
-    echo_call
+    echo_call,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL
 };
 
 DRIVER_INIT(echo_drv)
@@ -37,14 +46,15 @@ echo_start(ErlDrvPort port, char *buf)
 }
 
 static void
-from_erlang(ErlDrvData data, char *buf, int count)
+from_erlang(ErlDrvData data, char *buf, ErlDrvSizeT count)
 {
     driver_output((ErlDrvPort) data, buf, count);
 }
 
-static int 
-echo_call(ErlDrvData drv_data, unsigned int command, char *buf, 
-	  int len, char **rbuf, int rlen, unsigned *ret_flags) 
+static ErlDrvSSizeT
+echo_call(ErlDrvData drv_data, unsigned int command,
+	  char *buf, ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen,
+	  unsigned *ret_flags)
 {
     ErlDrvPort port = (ErlDrvPort) drv_data;
     driver_lock_driver(port);
diff --git a/erts/emulator/test/ddll_SUITE_data/noinit_drv.c b/erts/emulator/test/ddll_SUITE_data/noinit_drv.c
index 931386a305..5abf5c4dc6 100644
--- a/erts/emulator/test/ddll_SUITE_data/noinit_drv.c
+++ b/erts/emulator/test/ddll_SUITE_data/noinit_drv.c
@@ -3,7 +3,7 @@
 
 static ErlDrvPort erlang_port;
 static ErlDrvData easy_start(ErlDrvPort, char*);
-static void easy_stop(ErlDrvData), easy_read(ErlDrvData, char*, int);
+static void easy_stop(ErlDrvData), easy_read(ErlDrvData, char*, ErlDrvSizeT);
 
 static ErlDrvEntry easy_driver_entry =
 {
@@ -14,6 +14,21 @@ static ErlDrvEntry easy_driver_entry =
     NULL,
     NULL,
     "easy",
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
     NULL
 };
 
@@ -28,7 +43,7 @@ DRIVER_INIT(noinit_drv)
 /*
  * Provoke an error when loading the module.
  */
-int no_driver_init(void *handle)
+ErlDrvEntry* no_driver_init(void *handle)
 #endif
 {
     erlang_port = (ErlDrvPort)-1;
@@ -46,7 +61,7 @@ static ErlDrvData easy_start(ErlDrvPort port,char *buf)
     return (ErlDrvData)port;
 }
 
-static void easy_read(ErlDrvData port, char *buf, int count)
+static void easy_read(ErlDrvData port, char *buf, ErlDrvSizeT count)
 {
     driver_output(erlang_port, buf, count);
 }
diff --git a/erts/emulator/test/ddll_SUITE_data/wrongname_drv.c b/erts/emulator/test/ddll_SUITE_data/wrongname_drv.c
index 3a35820ee7..ac7efa30de 100644
--- a/erts/emulator/test/ddll_SUITE_data/wrongname_drv.c
+++ b/erts/emulator/test/ddll_SUITE_data/wrongname_drv.c
@@ -7,7 +7,7 @@
 
 static ErlDrvPort erlang_port;
 static ErlDrvData easy_start(ErlDrvPort, char*);
-static void easy_stop(ErlDrvData), easy_read(ErlDrvData, char*, int);
+static void easy_stop(ErlDrvData), easy_read(ErlDrvData, char*, ErlDrvSizeT);
 
 static ErlDrvEntry easy_driver_entry =
 {
@@ -18,6 +18,21 @@ static ErlDrvEntry easy_driver_entry =
     NULL,
     NULL,
     "easy",
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
     NULL
 };
 
@@ -38,7 +53,7 @@ static ErlDrvData easy_start(ErlDrvPort port,char *buf)
     return (ErlDrvData)port;
 }
 
-static void easy_read(ErlDrvData port, char *buf, int count)
+static void easy_read(ErlDrvData port, char *buf, ErlDrvSizeT count)
 {
     driver_output(erlang_port, buf, count);
 }
diff --git a/erts/emulator/test/decode_packet_SUITE.erl b/erts/emulator/test/decode_packet_SUITE.erl
index c0499554eb..4acbe8c6e0 100644
--- a/erts/emulator/test/decode_packet_SUITE.erl
+++ b/erts/emulator/test/decode_packet_SUITE.erl
@@ -26,12 +26,14 @@
 -export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
 	 init_per_group/2,end_per_group/2,
 	 init_per_testcase/2,end_per_testcase/2,
-	 basic/1, packet_size/1, neg/1, http/1, line/1, ssl/1, otp_8536/1]).
+	 basic/1, packet_size/1, neg/1, http/1, line/1, ssl/1, otp_8536/1,
+         otp_9389/1, otp_9389_line/1]).
 
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
-    [basic, packet_size, neg, http, line, ssl, otp_8536].
+    [basic, packet_size, neg, http, line, ssl, otp_8536,
+     otp_9389, otp_9389_line].
 
 groups() -> 
     [].
@@ -251,6 +253,28 @@ packet_size(Config) when is_list(Config) ->
 			  ?line {error,_} = decode_pkt(4,<<Size:32,Packet/binary>>)
 		  end, 
 		  lists:seq(-10,-1)),
+
+    %% Test OTP-9389, long HTTP header lines.
+    Opts = [{packet_size, 128}],
+    Pkt = list_to_binary(["GET / HTTP/1.1\r\nHost: localhost\r\nLink: /",
+                          string:chars($Y, 64), "\r\n\r\n"]),
+    <<Pkt1:50/binary, Pkt2/binary>> = Pkt,
+    ?line {ok, {http_request,'GET',{abs_path,"/"},{1,1}}, Rest1} =
+        erlang:decode_packet(http, Pkt1, Opts),
+    ?line {ok, {http_header,_,'Host',_,"localhost"}, Rest2} =
+        erlang:decode_packet(httph, Rest1, Opts),
+    ?line {more, undefined} = erlang:decode_packet(httph, Rest2, Opts),
+    ?line {ok, {http_header,_,"Link",_,_}, _} =
+        erlang:decode_packet(httph, list_to_binary([Rest2, Pkt2]), Opts),
+
+    Pkt3 = list_to_binary(["GET / HTTP/1.1\r\nHost: localhost\r\nLink: /",
+                           string:chars($Y, 129), "\r\n\r\n"]),
+    ?line {ok, {http_request,'GET',{abs_path,"/"},{1,1}}, Rest3} =
+        erlang:decode_packet(http, Pkt3, Opts),
+    ?line {ok, {http_header,_,'Host',_,"localhost"}, Rest4} =
+        erlang:decode_packet(httph, Rest3, Opts),
+    ?line {error, invalid} = erlang:decode_packet(httph, Rest4, Opts),
+
     ok.
 
 
@@ -557,3 +581,35 @@ decode_pkt(Type,Bin,Opts) ->
     %%io:format(" -> ~p\n",[Res]),
     Res.
 
+otp_9389(doc) -> ["Verify line_length works correctly for HTTP headers"];
+otp_9389(suite) -> [];
+otp_9389(Config) when is_list(Config) ->
+    Opts = [{packet_size, 16384}, {line_length, 3000}],
+    Pkt = list_to_binary(["GET / HTTP/1.1\r\nHost: localhost\r\nLink: /",
+                          string:chars($X, 8192),
+                          "\r\nContent-Length: 0\r\n\r\n"]),
+    <<Pkt1:5000/binary, Pkt2/binary>> = Pkt,
+    {ok, {http_request,'GET',{abs_path,"/"},{1,1}}, Rest1} =
+        erlang:decode_packet(http, Pkt1, Opts),
+    {ok, {http_header,_,'Host',_,"localhost"}, Rest2} =
+        erlang:decode_packet(httph, Rest1, Opts),
+    {more, undefined} = erlang:decode_packet(httph, Rest2, Opts),
+    {ok, {http_header,_,"Link",_,Link}, Rest3} =
+        erlang:decode_packet(httph, list_to_binary([Rest2, Pkt2]), Opts),
+    true = (length(Link) > 8000),
+    {ok, {http_header,_,'Content-Length',_,"0"}, <<"\r\n">>} =
+        erlang:decode_packet(httph, Rest3, Opts),
+    ok.
+
+otp_9389_line(doc) -> ["Verify packet_size works correctly for line mode"];
+otp_9389_line(suite) -> [];
+otp_9389_line(Config) when is_list(Config) ->
+    Opts = [{packet_size, 20}],
+    Line1 = <<"0123456789012345678\n">>,
+    Line2 = <<"0123456789\n">>,
+    Line3 = <<"01234567890123456789\n">>,
+    Pkt = list_to_binary([Line1, Line2, Line3]),
+    ?line {ok, Line1, Rest1} = erlang:decode_packet(line, Pkt, Opts),
+    ?line {ok, Line2, Rest2} = erlang:decode_packet(line, Rest1, Opts),
+    ?line {error, invalid} = erlang:decode_packet(line, Rest2, Opts),
+    ok.
diff --git a/erts/emulator/test/distribution_SUITE.erl b/erts/emulator/test/distribution_SUITE.erl
index 19281f6d58..08308629fe 100644
--- a/erts/emulator/test/distribution_SUITE.erl
+++ b/erts/emulator/test/distribution_SUITE.erl
@@ -18,7 +18,7 @@
 %%
 
 -module(distribution_SUITE).
--compile(r12).
+-compile(r13).
 
 %% Tests distribution and the tcp driver.
 
@@ -37,7 +37,7 @@
 	 dist_auto_connect_never/1, dist_auto_connect_once/1,
 	 dist_parallel_send/1,
 	 atom_roundtrip/1,
-	 atom_roundtrip_r12b/1,
+	 atom_roundtrip_r13b/1,
 	 contended_atom_cache_entry/1,
 	 bad_dist_structure/1,
 	 bad_dist_ext_receive/1,
@@ -62,7 +62,7 @@ all() ->
      link_to_dead_new_node, applied_monitor_node,
      ref_port_roundtrip, nil_roundtrip, stop_dist,
      {group, trap_bif}, {group, dist_auto_connect},
-     dist_parallel_send, atom_roundtrip, atom_roundtrip_r12b,
+     dist_parallel_send, atom_roundtrip, atom_roundtrip_r13b,
      contended_atom_cache_entry, bad_dist_structure, {group, bad_dist_ext}].
 
 groups() -> 
@@ -1100,17 +1100,17 @@ atom_roundtrip(Config) when is_list(Config) ->
     ?line stop_node(Node),
     ?line ok.
 
-atom_roundtrip_r12b(Config) when is_list(Config) ->
-    case ?t:is_release_available("r12b") of
+atom_roundtrip_r13b(Config) when is_list(Config) ->
+    case ?t:is_release_available("r13b") of
 	true ->
 	    ?line AtomData = atom_data(),
 	    ?line verify_atom_data(AtomData),
-	    ?line {ok, Node} = start_node(Config, [], "r12b"),
+	    ?line {ok, Node} = start_node(Config, [], "r13b"),
 	    ?line do_atom_roundtrip(Node, AtomData),
 	    ?line stop_node(Node),
 	    ?line ok;
 	false ->
-	    ?line {skip,"No OTP R12B available"}
+	    ?line {skip,"No OTP R13B available"}
     end.
 
 do_atom_roundtrip(Node, AtomData) ->
diff --git a/erts/emulator/test/driver_SUITE.erl b/erts/emulator/test/driver_SUITE.erl
index c07dbc5871..643357263c 100644
--- a/erts/emulator/test/driver_SUITE.erl
+++ b/erts/emulator/test/driver_SUITE.erl
@@ -47,8 +47,8 @@
 	 fd_change/1,
 	 steal_control/1,
 	 otp_6602/1,
-	 'driver_system_info_ver1.0'/1,
-	 'driver_system_info_ver1.1'/1,
+	 driver_system_info_base_ver/1,
+	 driver_system_info_prev_ver/1,
 	 driver_system_info_current_ver/1,
 	 driver_monitor/1,
 	
@@ -135,8 +135,8 @@ all() ->
     [outputv_errors, outputv_echo, queue_echo, {group, timer},
      driver_unloaded, io_ready_exit, use_fallback_pollset,
      bad_fd_in_pollset, driver_event, fd_change,
-     steal_control, otp_6602, 'driver_system_info_ver1.0',
-     'driver_system_info_ver1.1',
+     steal_control, otp_6602, driver_system_info_base_ver,
+     driver_system_info_prev_ver,
      driver_system_info_current_ver, driver_monitor,
      {group, ioq_exit}, zero_extended_marker_garb_drv,
      invalid_extended_marker_drv, larger_major_vsn_drv,
@@ -1083,19 +1083,19 @@ otp_6602(Config) when is_list(Config) ->
 
 -define(EXPECTED_SYSTEM_INFO_NAMES, ?EXPECTED_SYSTEM_INFO_NAMES2).
 
-'driver_system_info_ver1.0'(doc) ->    
+'driver_system_info_base_ver'(doc) ->
     [];
-'driver_system_info_ver1.0'(suite) ->
+'driver_system_info_base_ver'(suite) ->
     [];
-'driver_system_info_ver1.0'(Config) when is_list(Config) ->
-    ?line driver_system_info_test(Config, sys_info_1_0_drv).
+'driver_system_info_base_ver'(Config) when is_list(Config) ->
+    ?line driver_system_info_test(Config, sys_info_base_drv).
 
-'driver_system_info_ver1.1'(doc) ->    
+'driver_system_info_prev_ver'(doc) ->
     [];
-'driver_system_info_ver1.1'(suite) ->
+'driver_system_info_prev_ver'(suite) ->
     [];
-'driver_system_info_ver1.1'(Config) when is_list(Config) ->
-    ?line driver_system_info_test(Config, sys_info_1_1_drv).
+'driver_system_info_prev_ver'(Config) when is_list(Config) ->
+    ?line driver_system_info_test(Config, sys_info_prev_drv).
 
 driver_system_info_current_ver(doc) ->    
     [];
@@ -1796,7 +1796,7 @@ driver_select_use0(Config) ->
 
 thread_mseg_alloc_cache_clean(Config) when is_list(Config) ->
     case {erlang:system_info(threads),
-	  mseg_inst_info(0),
+	  erlang:system_info({allocator,mseg_alloc}),
 	  driver_alloc_sbct()} of
 	{_, false, _} ->
 	    ?line {skipped, "No mseg_alloc"};
@@ -2185,6 +2185,14 @@ wait_deallocations() ->
     end.
 
 driver_alloc_size() ->
+    case erlang:system_info(smp_support) of
+	true ->
+	    ok;
+	false ->
+	    %% driver_alloc also used by elements in lock-free queues,
+	    %% give these some time to be deallocated...
+	    receive after 100 -> ok end
+    end,
     wait_deallocations(),
     case erlang:system_info({allocator_sizes, driver_alloc}) of
 	false ->
diff --git a/erts/emulator/test/driver_SUITE_data/Makefile.src b/erts/emulator/test/driver_SUITE_data/Makefile.src
index dd48f6a0f7..9cc107cc66 100644
--- a/erts/emulator/test/driver_SUITE_data/Makefile.src
+++ b/erts/emulator/test/driver_SUITE_data/Makefile.src
@@ -16,8 +16,8 @@ MISC_DRVS =		outputv_drv@dll@ \
 			thr_free_drv@dll@ \
 			async_blast_drv@dll@
 
-SYS_INFO_DRVS = 	sys_info_1_0_drv@dll@ \
-			sys_info_1_1_drv@dll@ \
+SYS_INFO_DRVS = 	sys_info_base_drv@dll@ \
+			sys_info_prev_drv@dll@ \
 			sys_info_curr_drv@dll@
 
 VSN_MISMATCH_DRVS =	zero_extended_marker_garb_drv@dll@ \
diff --git a/erts/emulator/test/driver_SUITE_data/async_blast_drv.c b/erts/emulator/test/driver_SUITE_data/async_blast_drv.c
index 3821f7e3dc..c2086c5860 100644
--- a/erts/emulator/test/driver_SUITE_data/async_blast_drv.c
+++ b/erts/emulator/test/driver_SUITE_data/async_blast_drv.c
@@ -25,7 +25,7 @@ static void stop(ErlDrvData drv_data);
 static ErlDrvData start(ErlDrvPort port,
 			char *command);
 static void output(ErlDrvData drv_data,
-		   char *buf, int len);
+		   char *buf, ErlDrvSizeT len);
 static void ready_async(ErlDrvData drv_data,
 			ErlDrvThreadData thread_data);
 
@@ -107,7 +107,7 @@ static void ready_async(ErlDrvData drv_data,
 }
 
 static void output(ErlDrvData drv_data,
-		   char *buf, int len)
+		   char *buf, ErlDrvSizeT len)
 {
     async_blast_data_t *abd = (async_blast_data_t *) drv_data;
     if (abd->counter == 0) {
diff --git a/erts/emulator/test/driver_SUITE_data/caller_drv.c b/erts/emulator/test/driver_SUITE_data/caller_drv.c
index a78d51966f..1ed20b0638 100644
--- a/erts/emulator/test/driver_SUITE_data/caller_drv.c
+++ b/erts/emulator/test/driver_SUITE_data/caller_drv.c
@@ -23,17 +23,17 @@
 static ErlDrvData start(ErlDrvPort port,
 			char *command);
 static void output(ErlDrvData drv_data,
-		   char *buf, int len);
+		   char *buf, ErlDrvSizeT len);
 static void outputv(ErlDrvData drv_data,
 		    ErlIOVec *ev);
-static int control(ErlDrvData drv_data,
-		   unsigned int command, char *buf, 
-		   int len, char **rbuf, int rlen);
-static int call(ErlDrvData drv_data,
-		unsigned int command,
-		char *buf, int len,
-		char **rbuf, int rlen,
-		unsigned int *flags);
+static ErlDrvSSizeT control(ErlDrvData drv_data,
+			    unsigned int command, char *buf,
+			    ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen);
+static ErlDrvSSizeT call(ErlDrvData drv_data,
+			 unsigned int command,
+			 char *buf, ErlDrvSizeT len,
+			 char **rbuf, ErlDrvSizeT rlen,
+			 unsigned int *flags);
 
 static ErlDrvEntry caller_drv_entry = { 
     NULL /* init */,
@@ -98,7 +98,7 @@ start(ErlDrvPort port, char *command)
 }
 
 static void
-output(ErlDrvData drv_data, char *buf, int len)
+output(ErlDrvData drv_data, char *buf, ErlDrvSizeT len)
 {
     send_caller(drv_data, "output");
 }
@@ -109,20 +109,20 @@ outputv(ErlDrvData drv_data, ErlIOVec *ev)
     send_caller(drv_data, "outputv");
 }
 
-static int
+static ErlDrvSSizeT
 control(ErlDrvData drv_data,
 	unsigned int command, char *buf, 
-	int len, char **rbuf, int rlen)
+	ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen)
 {
     send_caller(drv_data, "control");
     return 0;
 }
 
-static int
+static ErlDrvSSizeT
 call(ErlDrvData drv_data,
      unsigned int command,
-     char *buf, int len,
-     char **rbuf, int rlen,
+     char *buf, ErlDrvSizeT len,
+     char **rbuf, ErlDrvSizeT rlen,
      unsigned int *flags)
 {
     /* echo call */
diff --git a/erts/emulator/test/driver_SUITE_data/chkio_drv.c b/erts/emulator/test/driver_SUITE_data/chkio_drv.c
index bbdb09cfcb..40f1ad4fea 100644
--- a/erts/emulator/test/driver_SUITE_data/chkio_drv.c
+++ b/erts/emulator/test/driver_SUITE_data/chkio_drv.c
@@ -141,8 +141,8 @@ static void chkio_drv_stop(ErlDrvData);
 static void chkio_drv_ready_input(ErlDrvData, ErlDrvEvent);
 static void chkio_drv_ready_output(ErlDrvData, ErlDrvEvent);
 static void chkio_drv_ready_event(ErlDrvData, ErlDrvEvent, ErlDrvEventData);
-static int chkio_drv_control(ErlDrvData, unsigned int,
-			    char *, int, char **, int);
+static ErlDrvSSizeT chkio_drv_control(ErlDrvData, unsigned int,
+				      char *, ErlDrvSizeT, char **, ErlDrvSizeT);
 static void chkio_drv_timeout(ErlDrvData);
 static void chkio_drv_stop_select(ErlDrvEvent, void*);
 
@@ -188,7 +188,7 @@ stop_use_fallback_pollset(ChkioDrvData *cddp)
 	for (i = 0; i < CHKIO_FALLBACK_FDS; i++) {
 	    if (cbdp->dev_null[i].fd >= 0) {
 		if (driver_select(cddp->port,
-				  (ErlDrvEvent) cbdp->dev_null[i].fd,
+				  (ErlDrvEvent) (ErlDrvSInt) cbdp->dev_null[i].fd,
 				  DO_WRITE,
 				  0) != 0) {
 		    fprintf(stderr,
@@ -200,7 +200,7 @@ stop_use_fallback_pollset(ChkioDrvData *cddp)
 	    }
 	    if (cbdp->dev_zero[i].fd >= 0) {
 		if (driver_select(cddp->port,
-				  (ErlDrvEvent) cbdp->dev_zero[i].fd,
+				  (ErlDrvEvent) (ErlDrvSInt) cbdp->dev_zero[i].fd,
 				  DO_READ,
 				  0) != 0) {
 		    fprintf(stderr,
@@ -212,7 +212,7 @@ stop_use_fallback_pollset(ChkioDrvData *cddp)
 	    }
 	    if (cbdp->pipe_in[i].fd >= 0) {
 		if (driver_select(cddp->port,
-				  (ErlDrvEvent) cbdp->pipe_in[i].fd,
+				  (ErlDrvEvent) (ErlDrvSInt) cbdp->pipe_in[i].fd,
 				  DO_READ,
 				  0) != 0) {
 		    fprintf(stderr,
@@ -224,7 +224,7 @@ stop_use_fallback_pollset(ChkioDrvData *cddp)
 	    }
 	    if (cbdp->pipe_out[i].fd >= 0) {
 		if (driver_select(cddp->port,
-				  (ErlDrvEvent) cbdp->pipe_out[i].fd,
+				  (ErlDrvEvent) (ErlDrvSInt) cbdp->pipe_out[i].fd,
 				  DO_WRITE,
 				  0) != 0) {
 		    fprintf(stderr,
@@ -249,11 +249,11 @@ stop_driver_event(ChkioDrvData *cddp)
 	cddp->test_data = NULL;
 
 	if (cdep->in_fd >= 0) {
-	    driver_event(cddp->port, (ErlDrvEvent) cdep->in_fd, NULL);
+	    driver_event(cddp->port, (ErlDrvEvent) (ErlDrvSInt) cdep->in_fd, NULL);
 	    close(cdep->in_fd);
 	}
 	if (cdep->out_fd >= 0) {
-	    driver_event(cddp->port, (ErlDrvEvent) cdep->out_fd, NULL);
+	    driver_event(cddp->port, (ErlDrvEvent) (ErlDrvSInt) cdep->out_fd, NULL);
 	    close(cdep->out_fd);
 	}
 	driver_free(cdep);	    
@@ -268,7 +268,7 @@ stop_fd_change(ChkioDrvData *cddp)
 	cddp->test_data = NULL;
 	driver_cancel_timer(cddp->port);
 	if (cfcp->fds[0] >= 0) {
-	    driver_select(cddp->port, (ErlDrvEvent) cfcp->fds[0], DO_READ, 0);
+	    driver_select(cddp->port, (ErlDrvEvent) (ErlDrvSInt) cfcp->fds[0], DO_READ, 0);
 	    close(cfcp->fds[0]);
 	    close(cfcp->fds[1]);
 	}
@@ -282,8 +282,8 @@ stop_bad_fd_in_pollset(ChkioDrvData *cddp)
     if (cddp->test_data) {
 	ChkioBadFdInPollset *bfipp = (ChkioBadFdInPollset *) cddp->test_data;
 	cddp->test_data = NULL;
-	driver_select(cddp->port, (ErlDrvEvent) bfipp->fds[0], DO_WRITE, 0);
-	driver_select(cddp->port, (ErlDrvEvent) bfipp->fds[1], DO_READ, 0);
+	driver_select(cddp->port, (ErlDrvEvent) (ErlDrvSInt) bfipp->fds[0], DO_WRITE, 0);
+	driver_select(cddp->port, (ErlDrvEvent) (ErlDrvSInt) bfipp->fds[1], DO_READ, 0);
 	driver_free((void *) bfipp);
     }
 }
@@ -296,21 +296,21 @@ stop_steal(ChkioDrvData *cddp)
 	cddp->test_data = NULL;
 	if (csp->driver_select_fds[0] >= 0)
 	    driver_select(cddp->port,
-			  (ErlDrvEvent) csp->driver_select_fds[0],
+			  (ErlDrvEvent) (ErlDrvSInt) csp->driver_select_fds[0],
 			  DO_READ,
 			  0);
 	if (csp->driver_select_fds[1] >= 0)
 	    driver_select(cddp->port,
-			  (ErlDrvEvent) csp->driver_select_fds[1],
+			  (ErlDrvEvent) (ErlDrvSInt) csp->driver_select_fds[1],
 			  DO_WRITE,
 			  0);
 	if (csp->driver_event_fds[0] >= 0)
 	    driver_event(cddp->port,
-			 (ErlDrvEvent) csp->driver_event_fds[0],
+			 (ErlDrvEvent) (ErlDrvSInt) csp->driver_event_fds[0],
 			 NULL);
 	if (csp->driver_event_fds[1] >= 0)
 	    driver_event(cddp->port,
-			 (ErlDrvEvent) csp->driver_event_fds[1],
+			 (ErlDrvEvent) (ErlDrvSInt) csp->driver_event_fds[1],
 			 NULL);
 	driver_free(csp);
     }
@@ -353,7 +353,7 @@ static void free_smp_select(ChkioSmpSelect* pip, ErlDrvPort port)
 	abort();
     }
     case Selected:
-	driver_select(port, (ErlDrvEvent)pip->read_fd, DO_READ, 0);
+	driver_select(port, (ErlDrvEvent)(ErlDrvSInt)pip->read_fd, DO_READ, 0);
 	/*fall through*/ 
     case Opened:
 	close(pip->read_fd);
@@ -475,8 +475,8 @@ chkio_drv_stop(ErlDrvData drv_data) {
 	fprintf(stderr,	"%s:%d: Failed to open /dev/null\n",
 		__FILE__, __LINE__);
     }
-    driver_select(cddp->port, (ErlDrvEvent) fd, DO_WRITE, 1);
-    driver_select(cddp->port, (ErlDrvEvent) fd, DO_WRITE, 0);
+    driver_select(cddp->port, (ErlDrvEvent) (ErlDrvSInt) fd, DO_WRITE, 1);
+    driver_select(cddp->port, (ErlDrvEvent) (ErlDrvSInt) fd, DO_WRITE, 0);
     close(fd);
 
 
@@ -491,7 +491,7 @@ chkio_drv_ready_output(ErlDrvData drv_data, ErlDrvEvent event)
 {
 #ifdef UNIX
     ChkioDrvData *cddp = (ChkioDrvData *) drv_data;
-    int fd = (int) event;
+    int fd = (int) (ErlDrvSInt) event;
 
     switch (cddp->test) {
     case CHKIO_USE_FALLBACK_POLLSET: {
@@ -533,7 +533,7 @@ chkio_drv_ready_input(ErlDrvData drv_data, ErlDrvEvent event)
 {
 #ifdef UNIX
     ChkioDrvData *cddp = (ChkioDrvData *) drv_data;
-    int fd = (int) event;
+    int fd = (int) (ErlDrvSInt) event;
 
     switch (cddp->test) {
     case CHKIO_USE_FALLBACK_POLLSET: {
@@ -630,7 +630,7 @@ chkio_drv_ready_event(ErlDrvData drv_data,
     case CHKIO_DRIVER_EVENT: {
 #ifdef HAVE_POLL_H
 	ChkioDriverEvent *cdep = cddp->test_data;
-	int fd = (int) event;
+	int fd = (int) (ErlDrvSInt) event;
 	if (fd == cdep->in_fd) {
 	    if (event_data->events == POLLIN
 		&& event_data->revents == POLLIN) {
@@ -679,7 +679,7 @@ chkio_drv_timeout(ErlDrvData drv_data)
 	int in_fd = cfcp->fds[0];
 	int out_fd = cfcp->fds[1];
 	if (in_fd >= 0) {
-	    if (driver_select(cddp->port, (ErlDrvEvent) in_fd, DO_READ, 0) < 0)
+	    if (driver_select(cddp->port, (ErlDrvEvent) (ErlDrvSInt) in_fd, DO_READ, 0) < 0)
 		driver_failure_atom(cddp->port, "deselect_failed");
 	    (void) write(out_fd, (void *) "!", 1);
 	    close(out_fd);
@@ -689,7 +689,7 @@ chkio_drv_timeout(ErlDrvData drv_data)
 	    driver_failure_posix(cddp->port, errno);
 	}
 	else {
-	    if (driver_select(cddp->port, (ErlDrvEvent) cfcp->fds[0],
+	    if (driver_select(cddp->port, (ErlDrvEvent) (ErlDrvSInt) cfcp->fds[0],
 			      DO_READ, 1) < 0)
 		driver_failure_atom(cddp->port, "select_failed");
 	    if (cfcp->fds[0] == in_fd)
@@ -709,14 +709,14 @@ chkio_drv_timeout(ErlDrvData drv_data)
 #endif /* UNIX */
 }
 
-static int
+static ErlDrvSSizeT
 chkio_drv_control(ErlDrvData drv_data,
 		 unsigned int command,
-		 char *buf, int len,
-		 char **rbuf, int rlen)
+		 char *buf, ErlDrvSizeT len,
+		 char **rbuf, ErlDrvSizeT rlen)
 {
     char *res_str;
-    int res_len = -1;
+    ErlDrvSSizeT res_len = -1;
 #ifndef UNIX
 #ifdef __WIN32__
     res_str = "skip: windows_different";
@@ -854,7 +854,7 @@ chkio_drv_control(ErlDrvData drv_data,
 		int fds[2];
 		cbdp->dev_null[i].fd = open("/dev/null", O_WRONLY);
 		if (driver_select(cddp->port,
-				  (ErlDrvEvent) cbdp->dev_null[i].fd,
+				  (ErlDrvEvent) (ErlDrvSInt) cbdp->dev_null[i].fd,
 				  DO_WRITE,
 				  1) != 0) {
 		    driver_failure_posix(cddp->port, errno);
@@ -862,7 +862,7 @@ chkio_drv_control(ErlDrvData drv_data,
 		}
 		cbdp->dev_zero[i].fd = open("/dev/zero", O_RDONLY);
 		if (driver_select(cddp->port,
-				  (ErlDrvEvent) cbdp->dev_zero[i].fd,
+				  (ErlDrvEvent) (ErlDrvSInt) cbdp->dev_zero[i].fd,
 				  DO_READ,
 				  1) != 0) {
 		    driver_failure_posix(cddp->port, errno);
@@ -873,7 +873,7 @@ chkio_drv_control(ErlDrvData drv_data,
 		cbdp->pipe_in[i].fd = fds[0];
 		cbdp->pipe_out[i].fd = fds[1];
 		if (driver_select(cddp->port,
-				  (ErlDrvEvent) cbdp->pipe_in[i].fd,
+				  (ErlDrvEvent) (ErlDrvSInt) cbdp->pipe_in[i].fd,
 				  DO_READ,
 				  1) != 0) {
 		    driver_failure_posix(cddp->port, EIO);
@@ -882,7 +882,7 @@ chkio_drv_control(ErlDrvData drv_data,
 		if (i % 2 == 0)
 		    (void) write(cbdp->pipe_out[i].fd, "!", 1);
 		if (driver_select(cddp->port,
-				  (ErlDrvEvent) cbdp->pipe_out[i].fd,
+				  (ErlDrvEvent) (ErlDrvSInt) cbdp->pipe_out[i].fd,
 				  DO_WRITE,
 				  1) != 0) {
 		    driver_failure_posix(cddp->port, EIO);
@@ -928,8 +928,8 @@ chkio_drv_control(ErlDrvData drv_data,
 		bfipp->fds[0] = fds[9];
 		bfipp->fds[1] = fds[10];
 		cddp->test_data = (void *) bfipp;
-		driver_select(cddp->port, (ErlDrvEvent) fds[9], DO_WRITE, 1);
-		driver_select(cddp->port, (ErlDrvEvent) fds[10], DO_READ, 1);
+		driver_select(cddp->port, (ErlDrvEvent) (ErlDrvSInt) fds[9], DO_WRITE, 1);
+		driver_select(cddp->port, (ErlDrvEvent) (ErlDrvSInt) fds[10], DO_READ, 1);
 	    }
 	}
 	res_str = "ok";
@@ -965,7 +965,7 @@ chkio_drv_control(ErlDrvData drv_data,
 		cdep->in_ok = 0;
 
 		res = driver_event(cddp->port,
-				   (ErlDrvEvent) in_fd,
+				   (ErlDrvEvent) (ErlDrvSInt) in_fd,
 				   &cdep->in_data);
 		if (res < 0) {
 		    res_str = "skip: driver_event() not supported";
@@ -985,7 +985,7 @@ chkio_drv_control(ErlDrvData drv_data,
 		    cdep->out_ok = 0;
 
 		    res = driver_event(cddp->port,
-				       (ErlDrvEvent) out_fd,
+				       (ErlDrvEvent) (ErlDrvSInt) out_fd,
 				       &cdep->out_data);
 		    if (res < 0) {
 			close(out_fd);
@@ -1062,7 +1062,7 @@ chkio_drv_control(ErlDrvData drv_data,
 		    csp->event_data[0].events = POLLIN;
 		    csp->event_data[0].revents = 0;
 		    res = driver_event(cddp->port,
-				       (ErlDrvEvent) csp->driver_event_fds[0],
+				       (ErlDrvEvent) (ErlDrvSInt) csp->driver_event_fds[0],
 				       &csp->event_data[0]);
 		    if (res < 0)
 			driver_failure_atom(cddp->port,
@@ -1071,7 +1071,7 @@ chkio_drv_control(ErlDrvData drv_data,
 			csp->event_data[1].events = POLLOUT;
 			csp->event_data[1].revents = 0;
 			res = driver_event(cddp->port,
-					   (ErlDrvEvent) csp->driver_event_fds[1],
+					   (ErlDrvEvent) (ErlDrvSInt) csp->driver_event_fds[1],
 					   &csp->event_data[1]);
 			if (res < 0)
 			    driver_failure_atom(cddp->port,
@@ -1083,7 +1083,7 @@ chkio_drv_control(ErlDrvData drv_data,
 		/* Steal with driver_select() */
 		if (res >= 0) {
 		    res = driver_select(cddp->port,
-					(ErlDrvEvent) csp->driver_select_fds[0],
+					(ErlDrvEvent) (ErlDrvSInt) csp->driver_select_fds[0],
 					DO_READ,
 					1);
 		    if (res < 0)
@@ -1092,7 +1092,7 @@ chkio_drv_control(ErlDrvData drv_data,
 		}
 		if (res >= 0) {
 		    res = driver_select(cddp->port,
-					(ErlDrvEvent) csp->driver_select_fds[1],
+					(ErlDrvEvent) (ErlDrvSInt) csp->driver_select_fds[1],
 					DO_WRITE,
 					1);
 		    if (res < 0)
@@ -1159,14 +1159,14 @@ chkio_drv_control(ErlDrvData drv_data,
 		csap->driver_event_fds[1] = write_fds[1];
 
 		res = driver_select(cddp->port,
-				    (ErlDrvEvent) csap->driver_select_fds[0],
+				    (ErlDrvEvent) (ErlDrvSInt) csap->driver_select_fds[0],
 				    DO_READ,
 				    1);
 		if (res < 0)
 		    driver_failure_atom(cddp->port, "driver_select_failed");
 		if (res >= 0) {
 		    res = driver_select(cddp->port,
-					(ErlDrvEvent) csap->driver_select_fds[1],
+					(ErlDrvEvent) (ErlDrvSInt) csap->driver_select_fds[1],
 					DO_WRITE,
 					1);
 		    if (res < 0)
@@ -1177,7 +1177,7 @@ chkio_drv_control(ErlDrvData drv_data,
 		    csap->event_data[0].events = POLLIN;
 		    csap->event_data[0].revents = 0;
 		    res = driver_event(cddp->port,
-				       (ErlDrvEvent) csap->driver_event_fds[0],
+				       (ErlDrvEvent) (ErlDrvSInt) csap->driver_event_fds[0],
 				       &csap->event_data[0]);
 		    if (res < 0) {
 			close(csap->driver_event_fds[0]);
@@ -1190,7 +1190,7 @@ chkio_drv_control(ErlDrvData drv_data,
 			csap->event_data[1].events = POLLOUT;
 			csap->event_data[1].revents = 0;
 			res = driver_event(cddp->port,
-					   (ErlDrvEvent) csap->driver_event_fds[1],
+					   (ErlDrvEvent) (ErlDrvSInt) csap->driver_event_fds[1],
 					   &csap->event_data[1]);
 			if (res < 0)
 			    driver_failure_atom(cddp->port,
@@ -1285,7 +1285,7 @@ chkio_drv_control(ErlDrvData drv_data,
 		}
 		else {
 		    TRACEF(("%T: Select on pipe [%d->%d]\n", cddp->id, pip->write_fd, pip->read_fd));
-		    if (driver_select(cddp->port, (ErlDrvEvent)pip->read_fd, DO_READ, 1)) {
+		    if (driver_select(cddp->port, (ErlDrvEvent)(ErlDrvSInt)pip->read_fd, DO_READ, 1)) {
 			fprintf(stderr, "driver_select failed for fd=%d\n", pip->read_fd);
 			abort();
 		    }
@@ -1314,7 +1314,7 @@ chkio_drv_control(ErlDrvData drv_data,
 		op >>= 1;
 		if (op & 1) {
 		    TRACEF(("%T: Deselect on pipe [%d->%d]\n", cddp->id, pip->write_fd, pip->read_fd));
-		    if (driver_select(cddp->port, (ErlDrvEvent)pip->read_fd, DO_READ, 0)) {
+		    if (driver_select(cddp->port, (ErlDrvEvent)(ErlDrvSInt)pip->read_fd, DO_READ, 0)) {
 			fprintf(stderr, "driver_(de)select failed for fd=%d\n", pip->read_fd);
 			abort();
 		    }
diff --git a/erts/emulator/test/driver_SUITE_data/io_ready_exit_drv.c b/erts/emulator/test/driver_SUITE_data/io_ready_exit_drv.c
index 6afa46b3a2..e6a3edcd74 100644
--- a/erts/emulator/test/driver_SUITE_data/io_ready_exit_drv.c
+++ b/erts/emulator/test/driver_SUITE_data/io_ready_exit_drv.c
@@ -40,8 +40,9 @@ static void io_ready_exit_ready_input(ErlDrvData, ErlDrvEvent);
 static void io_ready_exit_ready_output(ErlDrvData, ErlDrvEvent);
 static void io_ready_exit_drv_output(ErlDrvData, char *, int);
 static void io_ready_exit_drv_finish(void);
-static int io_ready_exit_drv_control(ErlDrvData, unsigned int,
-				   char *, int, char **, int);
+static ErlDrvSSizeT io_ready_exit_drv_control(ErlDrvData, unsigned int,
+					      char *, ErlDrvSizeT,
+					      char **, ErlDrvSizeT);
 
 static ErlDrvEntry io_ready_exit_drv_entry = { 
     NULL, /* init */
@@ -56,7 +57,17 @@ static ErlDrvEntry io_ready_exit_drv_entry = {
     io_ready_exit_drv_control,
     NULL, /* timeout */
     NULL, /* outputv */
-    NULL  /* ready_async */
+    NULL, /* ready_async */
+    NULL, /* flush */
+    NULL, /* call */
+    NULL, /* event */
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0, /* ERL_DRV_FLAGs */
+    NULL, /* handle2 */
+    NULL, /* process_exit */
+    NULL  /* stop_select */
 };
 
 /* -------------------------------------------------------------------------
@@ -83,7 +94,7 @@ io_ready_exit_drv_stop(ErlDrvData drv_data) {
 #ifdef UNIX
     if (oeddp->fds[0] >= 0) {
 	driver_select(oeddp->port,
-		      (ErlDrvEvent) oeddp->fds[0],
+		      (ErlDrvEvent) (ErlDrvSInt) oeddp->fds[0],
 		      DO_READ|DO_WRITE,
 		      0);
 	close(oeddp->fds[0]);
@@ -109,15 +120,15 @@ io_ready_exit_ready_input(ErlDrvData drv_data, ErlDrvEvent event)
     driver_failure_atom(oeddp->port, "ready_input_driver_failure");
 }
 
-static int
+static ErlDrvSSizeT
 io_ready_exit_drv_control(ErlDrvData drv_data,
 			  unsigned int command,
-			  char *buf, int len,
-			  char **rbuf, int rlen)
+			  char *buf, ErlDrvSizeT len,
+			  char **rbuf, ErlDrvSizeT rlen)
 {
     char *abuf;
     char *res_str;
-    int res_len;
+    ErlDrvSSizeT res_len;
     IOReadyExitDrvData *oeddp = (IOReadyExitDrvData *) drv_data;
 #ifndef UNIX
     res_str = "nyiftos";
@@ -127,9 +138,9 @@ io_ready_exit_drv_control(ErlDrvData drv_data,
     }
     else {
 	res_str = "ok";
-	write(oeddp->fds[1], "!", 1);
+	(void) write(oeddp->fds[1], "!", 1);
 	driver_select(oeddp->port,
-		      (ErlDrvEvent) oeddp->fds[0],
+		      (ErlDrvEvent) (ErlDrvSInt) oeddp->fds[0],
 		      DO_READ|DO_WRITE,
 		      1);
     }
diff --git a/erts/emulator/test/driver_SUITE_data/ioq_exit_drv.c b/erts/emulator/test/driver_SUITE_data/ioq_exit_drv.c
index e49de388b4..b2cc1e785a 100644
--- a/erts/emulator/test/driver_SUITE_data/ioq_exit_drv.c
+++ b/erts/emulator/test/driver_SUITE_data/ioq_exit_drv.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2007-2010. All Rights Reserved.
+ * Copyright Ericsson AB 2007-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -91,7 +91,8 @@ static ErlDrvData start(ErlDrvPort port, char *command);
 static void stop(ErlDrvData drv_data);
 static void ready_input(ErlDrvData drv_data, ErlDrvEvent event); 
 static void ready_output(ErlDrvData drv_data, ErlDrvEvent event);  
-static int control(ErlDrvData, unsigned int, char *, int, char **, int);
+static ErlDrvSSizeT control(ErlDrvData, unsigned int,
+			    char *, ErlDrvSizeT, char **, ErlDrvSizeT);
 static void timeout(ErlDrvData drv_data);
 static void ready_async(ErlDrvData drv_data, ErlDrvThreadData thread_data);
 static void flush(ErlDrvData drv_data);
@@ -155,10 +156,10 @@ start(ErlDrvPort port, char *command)
     return (ErlDrvData) ddp;
 }
 
-static int control(ErlDrvData drv_data,
-		   unsigned int command,
-		   char *buf, int len,
-		   char **rbuf, int rlen)
+static ErlDrvSSizeT control(ErlDrvData drv_data,
+			    unsigned int command,
+			    char *buf, ErlDrvSizeT len,
+			    char **rbuf, ErlDrvSizeT rlen)
 {
     IOQExitDrvData *ddp = (IOQExitDrvData *) drv_data;
     char *res_str = "nyiftos";
@@ -227,7 +228,7 @@ static int control(ErlDrvData drv_data,
     res_str = "ok";
 
  done: {
-	int res_len = strlen(res_str);
+	ErlDrvSSizeT res_len = strlen(res_str);
 	if (res_len > rlen) {
 	    char *abuf = driver_alloc(sizeof(char)*res_len);
 	    if (!abuf)
diff --git a/erts/emulator/test/driver_SUITE_data/many_events_drv.c b/erts/emulator/test/driver_SUITE_data/many_events_drv.c
index 7417dbf7f8..a34432a8fe 100644
--- a/erts/emulator/test/driver_SUITE_data/many_events_drv.c
+++ b/erts/emulator/test/driver_SUITE_data/many_events_drv.c
@@ -3,14 +3,17 @@
 #endif
 
 #include <stdio.h>
+#include <string.h>
 #include "erl_driver.h"
 
 static ErlDrvPort erlang_port;
 static ErlDrvData many_events_start(ErlDrvPort, char *);
-static void from_erlang(ErlDrvData, char*, int);
+static void from_erlang(ErlDrvData, char*, ErlDrvSizeT);
 static void from_port(ErlDrvData drv_data, ErlDrvEvent event);
-static int many_events_call(ErlDrvData drv_data, unsigned int command, char *buf, 
-		     int len, char **rbuf, int rlen, unsigned *ret_flags);
+static ErlDrvSSizeT many_events_call(ErlDrvData drv_data, unsigned int command,
+				     char *buf, ErlDrvSizeT len,
+				     char **rbuf, ErlDrvSizeT rlen,
+				     unsigned *ret_flags);
 static ErlDrvEntry many_events_driver_entry = { 
     NULL,			/* Init */
     many_events_start,
@@ -26,7 +29,15 @@ static ErlDrvEntry many_events_driver_entry = {
     NULL,
     NULL,
     NULL,
-    many_events_call
+    many_events_call,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL
 };
 
 DRIVER_INIT(many_events_drv)
@@ -41,7 +52,7 @@ many_events_start(ErlDrvPort port, char *buf)
 }
 
 static void
-from_erlang(ErlDrvData data, char *buf, int count)
+from_erlang(ErlDrvData data, char *buf, ErlDrvSizeT count)
 {
     int i;
     int num;
@@ -87,9 +98,10 @@ static void from_port(ErlDrvData data, ErlDrvEvent ev)
     return;
 }
 
-static int 
-many_events_call(ErlDrvData drv_data, unsigned int command, char *buf, 
-	  int len, char **rbuf, int rlen, unsigned *ret_flags) 
+static ErlDrvSSizeT
+many_events_call(ErlDrvData drv_data, unsigned int command,
+		 char *buf, ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen,
+		 unsigned *ret_flags)
 {
     *rbuf = buf;
     *ret_flags |= DRIVER_CALL_KEEP_BUFFER;
diff --git a/erts/emulator/test/driver_SUITE_data/monitor_drv.c b/erts/emulator/test/driver_SUITE_data/monitor_drv.c
index 1da6a56a72..3da067fd09 100644
--- a/erts/emulator/test/driver_SUITE_data/monitor_drv.c
+++ b/erts/emulator/test/driver_SUITE_data/monitor_drv.c
@@ -21,8 +21,9 @@
 #include "erl_driver.h"
 
 static ErlDrvData monitor_drv_start(ErlDrvPort, char *);
-static int monitor_drv_control(ErlDrvData, unsigned int,
-				char *, int, char **, int);
+static void monitor_drv_stop(ErlDrvData data);
+static ErlDrvSSizeT monitor_drv_control(ErlDrvData, unsigned int,
+					char *, ErlDrvSizeT, char **, ErlDrvSizeT);
 static void handle_monitor(ErlDrvData drv_data, ErlDrvMonitor *monitor);
 
 #define OP_I_AM_IPID 1
@@ -50,7 +51,7 @@ typedef struct {
 static ErlDrvEntry monitor_drv_entry = { 
     NULL /* init */,
     monitor_drv_start,
-    NULL /* stop */,
+    monitor_drv_stop,
     NULL /* output */,
     NULL /* ready_input */,
     NULL /* ready_output */,
@@ -122,16 +123,16 @@ static void handle_monitor(ErlDrvData drv_data, ErlDrvMonitor *monitor)
     return;
 }
 
-static int
+static ErlDrvSSizeT
 monitor_drv_control(ErlDrvData drv_data,
 		     unsigned int command,
-		     char *ibuf, int ilen,
-		     char **rbuf, int rlen)
+		     char *ibuf, ErlDrvSizeT ilen,
+		     char **rbuf, ErlDrvSizeT rlen)
 {
     MyDrvData *data = (MyDrvData *) drv_data;
     char *answer = NULL;
     char buff[64];
-    int alen;
+    ErlDrvSSizeT alen;
 
     switch (command) {
     case OP_I_AM_IPID:
diff --git a/erts/emulator/test/driver_SUITE_data/otp_6879_drv.c b/erts/emulator/test/driver_SUITE_data/otp_6879_drv.c
index 8c0a9aadfd..ff44145ca7 100644
--- a/erts/emulator/test/driver_SUITE_data/otp_6879_drv.c
+++ b/erts/emulator/test/driver_SUITE_data/otp_6879_drv.c
@@ -20,11 +20,11 @@
 #include <string.h>
 #include "erl_driver.h"
 
-static int call(ErlDrvData drv_data,
-		unsigned int command,
-		char *buf, int len,
-		char **rbuf, int rlen,
-		unsigned int *flags);
+static ErlDrvSSizeT call(ErlDrvData drv_data,
+			 unsigned int command,
+			 char *buf, ErlDrvSizeT len,
+			 char **rbuf, ErlDrvSizeT rlen,
+			 unsigned int *flags);
 
 static ErlDrvEntry otp_6879_drv_entry = { 
     NULL /* init */,
@@ -57,11 +57,11 @@ DRIVER_INIT(otp_6879_drv)
 }
 
 
-static int call(ErlDrvData drv_data,
-		unsigned int command,
-		char *buf, int len,
-		char **rbuf, int rlen,
-		unsigned int *flags)
+static ErlDrvSSizeT call(ErlDrvData drv_data,
+			 unsigned int command,
+			 char *buf, ErlDrvSizeT len,
+			 char **rbuf, ErlDrvSizeT rlen,
+			 unsigned int *flags)
 {
     /* echo call */
     if (len > rlen)
diff --git a/erts/emulator/test/driver_SUITE_data/otp_9302_drv.c b/erts/emulator/test/driver_SUITE_data/otp_9302_drv.c
index beee1b735f..221fd0ce51 100644
--- a/erts/emulator/test/driver_SUITE_data/otp_9302_drv.c
+++ b/erts/emulator/test/driver_SUITE_data/otp_9302_drv.c
@@ -28,7 +28,7 @@ static void stop(ErlDrvData drv_data);
 static ErlDrvData start(ErlDrvPort port,
 			char *command);
 static void output(ErlDrvData drv_data,
-		   char *buf, int len);
+		   char *buf, ErlDrvSizeT len);
 static void ready_async(ErlDrvData drv_data,
 			ErlDrvThreadData thread_data);
 
@@ -196,13 +196,13 @@ static void ready_async(ErlDrvData drv_data,
 }
 
 static void output(ErlDrvData drv_data,
-		   char *buf, int len)
+		   char *buf, ErlDrvSizeT len)
 {
     Otp9302Data *data = (Otp9302Data *) drv_data;
     ErlDrvTermData td_port = driver_mk_port(data->port);
     ErlDrvTermData td_receiver = driver_caller(data->port);
     ErlDrvTermData td_job = driver_mk_atom("job");
-    unsigned int key = (unsigned int) data->port;
+    unsigned int key = (unsigned int) (ErlDrvSInt) data->port;
     long id[5];
     Otp9302AsyncData *ad[5];
     int i;
diff --git a/erts/emulator/test/driver_SUITE_data/outputv_drv.c b/erts/emulator/test/driver_SUITE_data/outputv_drv.c
index 87f66ae413..3e3d4a3a03 100644
--- a/erts/emulator/test/driver_SUITE_data/outputv_drv.c
+++ b/erts/emulator/test/driver_SUITE_data/outputv_drv.c
@@ -3,7 +3,9 @@
 
 static ErlDrvPort erlang_port;
 static ErlDrvData outputv_start(ErlDrvPort, char*);
-static void outputv_stop(ErlDrvData), outputv_read(ErlDrvData, char*, int), outputv(ErlDrvData, ErlIOVec*);
+static void outputv_stop(ErlDrvData),
+    outputv_read(ErlDrvData, char*, ErlDrvSizeT),
+    outputv(ErlDrvData, ErlIOVec*);
 
 static ErlDrvEntry outputv_driver_entry =
 {
@@ -19,6 +21,16 @@ static ErlDrvEntry outputv_driver_entry =
     NULL,
     NULL,
     outputv,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
     NULL
 };
 
@@ -38,7 +50,7 @@ static ErlDrvData outputv_start(ErlDrvPort port, char *buf)
     return (ErlDrvData)port;
 }
 
-static void outputv_read(ErlDrvData port, char *buf, int count)
+static void outputv_read(ErlDrvData port, char *buf, ErlDrvSizeT count)
 {
     erlang_port = (ErlDrvPort)-1;
 }
diff --git a/erts/emulator/test/driver_SUITE_data/peek_non_existing_queue_drv.c b/erts/emulator/test/driver_SUITE_data/peek_non_existing_queue_drv.c
index 3a5b5af13a..8e203f74ec 100644
--- a/erts/emulator/test/driver_SUITE_data/peek_non_existing_queue_drv.c
+++ b/erts/emulator/test/driver_SUITE_data/peek_non_existing_queue_drv.c
@@ -66,7 +66,8 @@ typedef struct {
 
 static ErlDrvData start(ErlDrvPort, char *);
 static void stop(ErlDrvData);
-static int control(ErlDrvData, unsigned int, char *, int, char **, int);
+static ErlDrvSSizeT control(ErlDrvData, unsigned int,
+			    char *, ErlDrvSizeT, char **, ErlDrvSizeT);
 static void ready_async(ErlDrvData, ErlDrvThreadData);
 static void async_test(void *);
 static void async_wait(void *);
@@ -121,10 +122,10 @@ static void stop(ErlDrvData drv_data)
     driver_free(drv_data);
 }
 
-static int control(ErlDrvData drv_data,
-		   unsigned int command,
-		   char *buf, int len,
-		   char **rbuf, int rlen)
+static ErlDrvSSizeT control(ErlDrvData drv_data,
+			    unsigned int command,
+			    char *buf, ErlDrvSizeT len,
+			    char **rbuf, ErlDrvSizeT rlen)
 {
     PeekNonXQDrvData *dp = (PeekNonXQDrvData *) drv_data;
     unsigned int key = 0;
@@ -158,7 +159,7 @@ static int control(ErlDrvData drv_data,
     }
 
  done: {
-	int res_len = strlen(res_str);
+	ErlDrvSSizeT res_len = strlen(res_str);
 	if (res_len > rlen) {
 	    char *abuf = driver_alloc(sizeof(char)*res_len);
 	    if (!abuf)
diff --git a/erts/emulator/test/driver_SUITE_data/queue_drv.c b/erts/emulator/test/driver_SUITE_data/queue_drv.c
index ded69f89f9..a02b57dc9a 100644
--- a/erts/emulator/test/driver_SUITE_data/queue_drv.c
+++ b/erts/emulator/test/driver_SUITE_data/queue_drv.c
@@ -1,4 +1,5 @@
 #include <stdio.h>
+#include <string.h>
 #include "erl_driver.h"
 
 #define put_int32(i, s) {((char*)(s))[0] = (char)((i) >> 24) & 0xff; \
@@ -33,9 +34,10 @@
 static ErlDrvPort erlang_port;
 static unsigned opcode;		/* Opcode for next operation. */
 static ErlDrvData queue_start(ErlDrvPort, char*);
-static void queue_stop(ErlDrvData), queue_read(ErlDrvData, char*, int);
+static void queue_stop(ErlDrvData), queue_read(ErlDrvData, char*, ErlDrvSizeT);
 static void queue_outputv(ErlDrvData, ErlIOVec*);
-static int control(ErlDrvData, unsigned int, char*, int, char**, int);
+static ErlDrvSSizeT control(ErlDrvData, unsigned int,
+			    char*, ErlDrvSizeT, char**, ErlDrvSizeT);
 static ErlDrvBinary* read_head(ErlDrvPort, int bytes);
 
 static ErlDrvEntry queue_driver_entry =
@@ -52,6 +54,16 @@ static ErlDrvEntry queue_driver_entry =
     control,
     NULL,
     queue_outputv,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
     NULL
 };
 
@@ -73,7 +85,7 @@ static ErlDrvData queue_start(ErlDrvPort port, char *buf)
 }
 
 /* messages from Erlang */
-static void queue_read(ErlDrvData port, char *buf, int len)
+static void queue_read(ErlDrvData port, char *buf, ErlDrvSizeT len)
 {
 }
 
@@ -82,8 +94,9 @@ static void queue_stop(ErlDrvData port)
     erlang_port = (ErlDrvPort) -1;
 }
 
-static int
-control(ErlDrvData drv_data, unsigned command, char* buf, int len, char** rbuf, int rlen)
+static ErlDrvSSizeT
+control(ErlDrvData drv_data, unsigned command,
+	char* buf, ErlDrvSizeT len, char** rbuf, ErlDrvSizeT rlen)
 {
     ErlDrvBinary* b;
 
diff --git a/erts/emulator/test/driver_SUITE_data/sys_info_1_0_drv.c b/erts/emulator/test/driver_SUITE_data/sys_info_base_drv.c
index 0504778086..c22a415c59 100644
--- a/erts/emulator/test/driver_SUITE_data/sys_info_1_0_drv.c
+++ b/erts/emulator/test/driver_SUITE_data/sys_info_base_drv.c
@@ -3,34 +3,35 @@
  * compliance with the License. You should have received a copy of the
  * Erlang Public License along with this software. If not, it can be
  * retrieved via the world wide web at http://www.erlang.org/.
- * 
+ *
  * Software distributed under the License is distributed on an "AS IS"
  * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
  * the License for the specific language governing rights and limitations
  * under the License.
- * 
+ *
  * The Initial Developer of the Original Code is Ericsson Utvecklings AB.
  * Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
  * AB. All Rights Reserved.''
- * 
+ *
  *     $Id$
  */
 
 /*
  * Author: Rickard Green
  *
- * Description: Driver that fakes driver version 1.0 and tests
+ * Description: Driver that fakes driver version 2.0 and tests
  *              driver_system_info().
  *
  */
 
 #include "sys_info_drv_impl.h"
 
-#define SYS_INFO_DRV_MAJOR_VSN		1
+#define SYS_INFO_DRV_MAJOR_VSN		2
 #define SYS_INFO_DRV_MINOR_VSN		0
-#define SYS_INFO_DRV_NAME_STR		"sys_info_1_0_drv"
-#define SYS_INFO_DRV_NAME		sys_info_1_0_drv
+#define SYS_INFO_DRV_NAME_STR		"sys_info_base_drv"
+#define SYS_INFO_DRV_NAME		sys_info_base_drv
 #define SYS_INFO_DRV_LAST_FIELD		smp_support
+#define ERL_DRV_SYS_INFO_SIZE		sizeof(ErlDrvSysInfo)
 
 #define SYS_INFO_DRV_RES_FORMAT "ok: "	\
   "drv_drv_vsn=%d.%d "			\
@@ -38,8 +39,9 @@
   "erts_vsn=%s "			\
   "otp_vsn=%s "				\
   "thread=%s "				\
-  "smp=%s"
-
+  "smp=%s "				\
+  "async_thrs=%d "			\
+  "sched_thrs=%d"
 
 static size_t
 sys_info_drv_max_res_len(ErlDrvSysInfo *sip)
@@ -51,6 +53,8 @@ sys_info_drv_max_res_len(ErlDrvSysInfo *sip)
     slen += strlen(sip->otp_release) + 1;
     slen += 5;		/* threads */
     slen += 5;		/* smp */
+    slen += 20;		/* async_thrs */
+    slen += 20;		/* sched_thrs */
     return slen;
 }
 
@@ -66,7 +70,9 @@ sys_info_drv_sprintf_sys_info(ErlDrvSysInfo *sip, char *str)
 		   sip->erts_version,
 		   sip->otp_release,
 		   sip->thread_support ? "true" : "false",
-		   sip->smp_support ? "true" : "false");
+		   sip->smp_support ? "true" : "false",
+		   sip->async_threads,
+		   sip->scheduler_threads);
 }
 
 #include "sys_info_drv_impl.c"
diff --git a/erts/emulator/test/driver_SUITE_data/sys_info_drv_impl.c b/erts/emulator/test/driver_SUITE_data/sys_info_drv_impl.c
index 2d3203ae5d..c6c70a2075 100644
--- a/erts/emulator/test/driver_SUITE_data/sys_info_drv_impl.c
+++ b/erts/emulator/test/driver_SUITE_data/sys_info_drv_impl.c
@@ -46,7 +46,8 @@
 #endif
 
 static ErlDrvData start(ErlDrvPort, char *);
-static int control(ErlDrvData, unsigned int, char *, int, char **, int);
+static ErlDrvSSizeT control(ErlDrvData, unsigned int,
+			    char *, ErlDrvSizeT, char **, ErlDrvSizeT);
 
 static ErlDrvEntry drv_entry = { 
     NULL /* init */,
@@ -84,13 +85,13 @@ start(ErlDrvPort port, char *command)
     return (ErlDrvData) port;
 }
 
-static int
+static ErlDrvSSizeT
 control(ErlDrvData drv_data,
 	unsigned int command,
-	char *buf, int len,
-	char **rbuf, int rlen)
+	char *buf, ErlDrvSizeT len,
+	char **rbuf, ErlDrvSizeT rlen)
 {
-    int res;
+    ErlDrvSSizeT res;
     char *str;
     size_t slen, slen2;
     ErlDrvPort port = (ErlDrvPort) drv_data;
diff --git a/erts/emulator/test/driver_SUITE_data/sys_info_1_1_drv.c b/erts/emulator/test/driver_SUITE_data/sys_info_prev_drv.c
index fa21828284..815d96cc97 100644
--- a/erts/emulator/test/driver_SUITE_data/sys_info_1_1_drv.c
+++ b/erts/emulator/test/driver_SUITE_data/sys_info_prev_drv.c
@@ -3,34 +3,35 @@
  * compliance with the License. You should have received a copy of the
  * Erlang Public License along with this software. If not, it can be
  * retrieved via the world wide web at http://www.erlang.org/.
- * 
+ *
  * Software distributed under the License is distributed on an "AS IS"
  * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
  * the License for the specific language governing rights and limitations
  * under the License.
- * 
+ *
  * The Initial Developer of the Original Code is Ericsson Utvecklings AB.
  * Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
  * AB. All Rights Reserved.''
- * 
+ *
  *     $Id$
  */
 
 /*
  * Author: Rickard Green
  *
- * Description: Driver that fakes driver version 1.1 and tests
+ * Description: Driver that fakes driver version 2.0 and tests
  *              driver_system_info().
  *
  */
 
 #include "sys_info_drv_impl.h"
 
-#define SYS_INFO_DRV_MAJOR_VSN		1
-#define SYS_INFO_DRV_MINOR_VSN		1
-#define SYS_INFO_DRV_NAME_STR		"sys_info_1_1_drv"
-#define SYS_INFO_DRV_NAME		sys_info_1_1_drv
+#define SYS_INFO_DRV_MAJOR_VSN		2
+#define SYS_INFO_DRV_MINOR_VSN		0
+#define SYS_INFO_DRV_NAME_STR		"sys_info_prev_drv"
+#define SYS_INFO_DRV_NAME		sys_info_prev_drv
 #define SYS_INFO_DRV_LAST_FIELD		scheduler_threads
+#define ERL_DRV_SYS_INFO_SIZE		sizeof(ErlDrvSysInfo)
 
 #define SYS_INFO_DRV_RES_FORMAT "ok: "	\
   "drv_drv_vsn=%d.%d "			\
@@ -42,7 +43,6 @@
   "async_thrs=%d "			\
   "sched_thrs=%d"
 
-
 static size_t
 sys_info_drv_max_res_len(ErlDrvSysInfo *sip)
 {
@@ -76,5 +76,3 @@ sys_info_drv_sprintf_sys_info(ErlDrvSysInfo *sip, char *str)
 }
 
 #include "sys_info_drv_impl.c"
-
-
diff --git a/erts/emulator/test/driver_SUITE_data/thr_alloc_drv.c b/erts/emulator/test/driver_SUITE_data/thr_alloc_drv.c
index c7edbba7f6..95a6ae9bdf 100644
--- a/erts/emulator/test/driver_SUITE_data/thr_alloc_drv.c
+++ b/erts/emulator/test/driver_SUITE_data/thr_alloc_drv.c
@@ -21,14 +21,8 @@
 #include "erl_driver.h"
 
 ErlDrvData start(ErlDrvPort port, char *command);
-int control(ErlDrvData drv_data, unsigned int command, char *buf,
-	    int len, char **rbuf, int rlen);
-
-static int call(ErlDrvData drv_data,
-		unsigned int command,
-		char *buf, int len,
-		char **rbuf, int rlen,
-		unsigned int *flags);
+ErlDrvSSizeT control(ErlDrvData drv_data, unsigned int command, char *buf,
+		     ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen);
 
 static ErlDrvEntry thr_alloc_drv_entry = { 
     NULL /* init */,
@@ -76,12 +70,12 @@ ErlDrvData start(ErlDrvPort port, char *command)
     return (ErlDrvData) port;
 }
 
-int control(ErlDrvData drv_data, unsigned int command, char *buf,
-	    int len, char **rbuf, int rlen)
+ErlDrvSSizeT control(ErlDrvData drv_data, unsigned int command, char *buf,
+		     ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen)
 {
     ErlDrvPort port = (ErlDrvPort) drv_data;
     char *result = "failure";
-    int result_len;
+    ErlDrvSSizeT result_len;
     if (len <= 20) {
 	int res;
 	ErlDrvTid tid;
diff --git a/erts/emulator/test/driver_SUITE_data/thr_free_drv.c b/erts/emulator/test/driver_SUITE_data/thr_free_drv.c
index 622a62ebea..439fe6a184 100644
--- a/erts/emulator/test/driver_SUITE_data/thr_free_drv.c
+++ b/erts/emulator/test/driver_SUITE_data/thr_free_drv.c
@@ -45,8 +45,8 @@ typedef struct {
 
 static ErlDrvData start(ErlDrvPort port, char *command);
 static void stop(ErlDrvData data);
-static int control(ErlDrvData drv_data, unsigned int command, char *buf,
-		   int len, char **rbuf, int rlen);
+static ErlDrvSSizeT control(ErlDrvData drv_data, unsigned int command, char *buf,
+			    ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen);
 
 static ErlDrvEntry thr_free_drv_entry = { 
     NULL /* init */,
@@ -175,7 +175,7 @@ fail:
 		driver_free(ttd[t].blocks[b]);
 	}
     }
-
+    driver_free(td);
     return ERL_DRV_ERROR_GENERAL;
 }
 
@@ -194,14 +194,14 @@ static void stop(ErlDrvData drv_data)
     driver_free(td);
 }
 
-static int control(ErlDrvData drv_data, unsigned int command, char *buf,
-		   int len, char **rbuf, int rlen)
+static ErlDrvSSizeT control(ErlDrvData drv_data, unsigned int command, char *buf,
+			    ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen)
 {
     test_data *td = (test_data *) drv_data;
     char *result = "failure";
     int i, b;
     int res;
-    int result_len;
+    ErlDrvSSizeT result_len;
 
     if (td->b == -1) {
 	erl_drv_mutex_lock(td->ttd[0].mtx);
diff --git a/erts/emulator/test/driver_SUITE_data/timer_drv.c b/erts/emulator/test/driver_SUITE_data/timer_drv.c
index b96a95dd4c..8c3f203a64 100644
--- a/erts/emulator/test/driver_SUITE_data/timer_drv.c
+++ b/erts/emulator/test/driver_SUITE_data/timer_drv.c
@@ -22,7 +22,9 @@
 
 static ErlDrvPort erlang_port;
 static ErlDrvData timer_start(ErlDrvPort, char*);
-static void timer_stop(ErlDrvData), timer_read(ErlDrvData, char*, int), timer(ErlDrvData);
+static void timer_stop(ErlDrvData);
+static void timer_read(ErlDrvData, char*, ErlDrvSizeT);
+static void timer(ErlDrvData);
 
 static ErlDrvEntry timer_driver_entry =
 {
@@ -38,6 +40,16 @@ static ErlDrvEntry timer_driver_entry =
     NULL,
     timer,
     NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
     NULL
 };
 
@@ -57,8 +69,9 @@ static ErlDrvData timer_start(ErlDrvPort port, char *buf)
 }
 
 /* set the timer, this is monitored from erlang measuring the time */
-static void timer_read(ErlDrvData port, char *buf, int len)
+static void timer_read(ErlDrvData p, char *buf, ErlDrvSizeT len)
 {
+    ErlDrvPort port = (ErlDrvPort) p;
     char reply[1];
 
     if (buf[0] == START_TIMER) { 
diff --git a/erts/emulator/test/erl_drv_thread_SUITE_data/testcase_driver.c b/erts/emulator/test/erl_drv_thread_SUITE_data/testcase_driver.c
index 1e98844838..b4542f3e36 100644
--- a/erts/emulator/test/erl_drv_thread_SUITE_data/testcase_driver.c
+++ b/erts/emulator/test/erl_drv_thread_SUITE_data/testcase_driver.c
@@ -50,13 +50,33 @@ typedef struct {
 
 ErlDrvData testcase_drv_start(ErlDrvPort port, char *command);
 void testcase_drv_stop(ErlDrvData drv_data);
-void testcase_drv_run(ErlDrvData drv_data, char *buf, int len);
+void testcase_drv_run(ErlDrvData drv_data, char *buf, ErlDrvSizeT len);
 
 static ErlDrvEntry testcase_drv_entry = { 
     NULL,
     testcase_drv_start,
     testcase_drv_stop,
-    testcase_drv_run
+    testcase_drv_run,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL, /* handle */
+    NULL, /* control */
+    NULL, /* timeout */
+    NULL, /* outputv */
+    NULL, /* ready_async */
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL,
+
 };
 
 
@@ -92,7 +112,7 @@ testcase_drv_stop(ErlDrvData drv_data)
 }
 
 void
-testcase_drv_run(ErlDrvData drv_data, char *buf, int len)
+testcase_drv_run(ErlDrvData drv_data, char *buf, ErlDrvSizeT len)
 {
     InternalTestCaseState_t *itcs = (InternalTestCaseState_t *) drv_data;
     ErlDrvTermData result_atom;
diff --git a/erts/emulator/test/float_SUITE_data/fp_drv.c b/erts/emulator/test/float_SUITE_data/fp_drv.c
index eb453f6cd6..b80385c3f9 100644
--- a/erts/emulator/test/float_SUITE_data/fp_drv.c
+++ b/erts/emulator/test/float_SUITE_data/fp_drv.c
@@ -22,6 +22,7 @@
 #  define PRINTF(X)
 #endif
 
+#include <string.h>
 #include <math.h>
 #ifdef __WIN32__
 #include <float.h>
@@ -37,7 +38,8 @@ int _finite(double x);
 #define ERTS_FP_CONTROL_TEST 0
 #define ERTS_FP_THREAD_TEST 1
 
-static int control(ErlDrvData, unsigned int, char *, int, char **, int);
+static ErlDrvSSizeT control(ErlDrvData, unsigned int, char *,
+			    ErlDrvSizeT, char **, ErlDrvSizeT);
 
 static ErlDrvEntry fp_drv_entry = { 
     NULL /* init */,
@@ -97,10 +99,10 @@ do_test(void *unused)
     return "ok";
 }
 
-static int control(ErlDrvData drv_data,
-		   unsigned int command,
-		   char *buf, int len,
-		   char **rbuf, int rlen)
+static ErlDrvSSizeT control(ErlDrvData drv_data,
+			    unsigned int command,
+			    char *buf, ErlDrvSizeT len,
+			    char **rbuf, ErlDrvSizeT rlen)
 {
     char *res_str;
     PRINTF(("control(%p, %d, ...) called\r\n", drv_data, command));
diff --git a/erts/emulator/test/fun_r12_SUITE.erl b/erts/emulator/test/fun_r13_SUITE.erl
index 3b1dfc9825..76ddf9fec9 100644
--- a/erts/emulator/test/fun_r12_SUITE.erl
+++ b/erts/emulator/test/fun_r13_SUITE.erl
@@ -17,10 +17,10 @@
 %% %CopyrightEnd%
 %%
 
--module(fun_r12_SUITE).
--compile(r12).
+-module(fun_r13_SUITE).
+-compile(r13).
 
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
+-export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
 	 init_per_group/2,end_per_group/2,
 	 init_per_testcase/2,end_per_testcase/2,dist_old_release/1]).
 
@@ -29,10 +29,10 @@
 
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
-all() -> 
+all() ->
     [dist_old_release].
 
-groups() -> 
+groups() ->
     [].
 
 init_per_suite(Config) ->
diff --git a/erts/emulator/test/mtx_SUITE.erl b/erts/emulator/test/mtx_SUITE.erl
index 879d2f61dd..024c3456a8 100644
--- a/erts/emulator/test/mtx_SUITE.erl
+++ b/erts/emulator/test/mtx_SUITE.erl
@@ -122,7 +122,7 @@ long_rwlock(Config) when is_list(Config) ->
     %% A very short run time is expected, since
     %% threads in the test mostly wait
     ?t:format("RunTime=~p~n", [RunTime]),
-    ?line true = RunTime < 100,
+    ?line true = RunTime < 400,
     ?line RunTimeStr = "Run-time during test was "++integer_to_list(RunTime)++" ms.",
     case LLRes of
 	ok ->
@@ -281,7 +281,7 @@ hammer_sched_rwlock_test(FreqRead, LockCheck, Blocking, WaitLocked, WaitUnlocked
 		_ ->
 		    {_, RunTime} = statistics(runtime),
 		    ?t:format("RunTime=~p~n", [RunTime]),
-		    ?line true = RunTime < 500,
+		    ?line true = RunTime < 700,
 		    {comment,
 		     "Run-time during test was "
 		     ++ integer_to_list(RunTime)
diff --git a/erts/emulator/test/nif_SUITE.erl b/erts/emulator/test/nif_SUITE.erl
index 370363bf9e..6bd7361612 100644
--- a/erts/emulator/test/nif_SUITE.erl
+++ b/erts/emulator/test/nif_SUITE.erl
@@ -859,7 +859,13 @@ resource_holder(Pid,Reply,List) ->
 
 
 threading(doc) -> ["Test the threading API functions (reuse tests from driver API)"];
-threading(Config) when is_list(Config) ->    
+threading(Config) when is_list(Config) ->
+    case erlang:system_info(threads) of
+    	true -> threading_do(Config);
+	false -> {skipped,"No thread support"}
+    end.
+
+threading_do(Config) ->
     ?line Data = ?config(data_dir, Config),
     ?line File = filename:join(Data, "tester"),
     ?line {ok,tester,ModBin} = compile:file(File, [binary,return_errors]),
diff --git a/erts/emulator/test/nif_SUITE_data/nif_SUITE.c b/erts/emulator/test/nif_SUITE_data/nif_SUITE.c
index 7d7903af25..03092fef5e 100644
--- a/erts/emulator/test/nif_SUITE_data/nif_SUITE.c
+++ b/erts/emulator/test/nif_SUITE_data/nif_SUITE.c
@@ -345,8 +345,13 @@ static int test_double(ErlNifEnv* env, double d1)
 
 #define TAG_BITS        4
 #define SMALL_BITS	(sizeof(void*)*8 - TAG_BITS)
+#ifdef _WIN64
+#define MAX_SMALL	((1LL << (SMALL_BITS-1))-1)
+#define MIN_SMALL	(-(1LL << (SMALL_BITS-1)))
+#else
 #define MAX_SMALL	((1L << (SMALL_BITS-1))-1)
 #define MIN_SMALL	(-(1L << (SMALL_BITS-1)))
+#endif
 
 static ERL_NIF_TERM type_test(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {
diff --git a/erts/emulator/test/nif_SUITE_data/tester.c b/erts/emulator/test/nif_SUITE_data/tester.c
index 08466d0f18..257b116322 100644
--- a/erts/emulator/test/nif_SUITE_data/tester.c
+++ b/erts/emulator/test/nif_SUITE_data/tester.c
@@ -61,6 +61,7 @@ static int reload(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info)
 static ERL_NIF_TERM run(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {
     testcase_run(NULL);
+    testcase_cleanup(NULL);
     return enif_make_atom(env, "ok");
 }
 
diff --git a/erts/emulator/test/port_SUITE_data/echo_drv.c b/erts/emulator/test/port_SUITE_data/echo_drv.c
index 25eda116fe..1d39c6a00c 100644
--- a/erts/emulator/test/port_SUITE_data/echo_drv.c
+++ b/erts/emulator/test/port_SUITE_data/echo_drv.c
@@ -1,4 +1,5 @@
 #include <stdio.h>
+#include <string.h>
 #include "erl_driver.h"
 
 
@@ -17,11 +18,9 @@ typedef struct _erl_drv_data EchoDrvData;
 
 static EchoDrvData *echo_drv_start(ErlDrvPort port, char *command);
 static void         echo_drv_stop(EchoDrvData *data_p);
-static void         echo_drv_output(EchoDrvData *data_p, char *buf, int len);
+static void         echo_drv_output(ErlDrvData drv_data, char *buf,
+				    ErlDrvSizeT len);
 static void         echo_drv_finish(void);
-static int          echo_drv_control(EchoDrvData *data_p, unsigned int command,
-				     char *buf, int len,
-				     char **rbuf, int rlen);
 
 static ErlDrvEntry echo_drv_entry = { 
     NULL, /* init */
@@ -33,10 +32,20 @@ static ErlDrvEntry echo_drv_entry = {
     "echo_drv",
     echo_drv_finish,
     NULL, /* handle */
-    echo_drv_control,
+    NULL, /* control */
     NULL, /* timeout */
     NULL, /* outputv */
-    NULL  /* ready_async */
+    NULL, /* ready_async */
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL,
 };
 
 
@@ -68,7 +77,8 @@ static EchoDrvData *echo_drv_start(ErlDrvPort port, char *command) {
 static void echo_drv_stop(EchoDrvData *data_p) {
 }
 
-static void echo_drv_output(EchoDrvData *data_p, char *buf, int len) {
+static void echo_drv_output(ErlDrvData drv_data, char *buf, ErlDrvSizeT len) {
+    EchoDrvData *data_p = (EchoDrvData *) drv_data;
     void *void_ptr;
     ErlDrvPort port = void_ptr = data_p;
     
@@ -77,9 +87,3 @@ static void echo_drv_output(EchoDrvData *data_p, char *buf, int len) {
 
 static void echo_drv_finish() {
 }
-
-static int echo_drv_control(EchoDrvData *data_p, unsigned int command,
-			    char *buf, int len,
-			    char **rbuf, int rlen) {
-    return 0;
-}
diff --git a/erts/emulator/test/port_SUITE_data/exit_drv.c b/erts/emulator/test/port_SUITE_data/exit_drv.c
index 60f1b321bd..5f366b3545 100644
--- a/erts/emulator/test/port_SUITE_data/exit_drv.c
+++ b/erts/emulator/test/port_SUITE_data/exit_drv.c
@@ -5,11 +5,9 @@ typedef struct _erl_drv_data ExitDrvData;
 
 static ExitDrvData *exit_drv_start(ErlDrvPort port, char *command);
 static void         exit_drv_stop(ExitDrvData *data_p);
-static void         exit_drv_output(ExitDrvData *data_p, char *buf, int len);
+static void         exit_drv_output(ExitDrvData *data_p, char *buf,
+				    ErlDrvSizeT len);
 static void         exit_drv_finish(void);
-static int          exit_drv_control(ExitDrvData *data_p, unsigned int command,
-				     char *buf, int len,
-				     char **rbuf, int rlen);
 
 static ErlDrvEntry exit_drv_entry = { 
     NULL, /* init */
@@ -21,10 +19,20 @@ static ErlDrvEntry exit_drv_entry = {
     "exit_drv",
     exit_drv_finish,
     NULL, /* handle */
-    exit_drv_control,
+    NULL, /* control */
     NULL, /* timeout */
     NULL, /* outputv */
-    NULL  /* ready_async */
+    NULL, /* ready_async */
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL,
 };
 
 DRIVER_INIT(exit_drv)
@@ -45,7 +53,7 @@ exit_drv_stop(ExitDrvData *datap)
 }
 
 static void
-exit_drv_output(ExitDrvData *datap, char *buf, int len)
+exit_drv_output(ExitDrvData *datap, char *buf, ErlDrvSizeT len)
 {
     driver_exit((ErlDrvPort) datap, 0);
 }
@@ -55,14 +63,3 @@ exit_drv_finish(void)
 {
 
 }
-
-static int
-exit_drv_control(ExitDrvData *datap,
-		 unsigned int command,
-		 char *buf,
-		 int len,
-		 char **rbuf,
-		 int rlen)
-{
-    return 0;
-}
diff --git a/erts/emulator/test/port_SUITE_data/failure_drv.c b/erts/emulator/test/port_SUITE_data/failure_drv.c
index 34d48e00f8..5826e6d5a9 100644
--- a/erts/emulator/test/port_SUITE_data/failure_drv.c
+++ b/erts/emulator/test/port_SUITE_data/failure_drv.c
@@ -5,10 +5,8 @@ typedef struct _erl_drv_data FailureDrvData;
 
 static FailureDrvData *failure_drv_start(ErlDrvPort, char *);
 static void failure_drv_stop(FailureDrvData *);
-static void failure_drv_output(FailureDrvData *, char *, int);
+static void failure_drv_output(ErlDrvData, char *, ErlDrvSizeT);
 static void failure_drv_finish(void);
-static int failure_drv_control(FailureDrvData *, unsigned int,
-			       char *, int, char **, int);
 
 static ErlDrvEntry failure_drv_entry = { 
     NULL, /* init */
@@ -18,12 +16,22 @@ static ErlDrvEntry failure_drv_entry = {
     NULL, /* ready_input */
     NULL, /* ready_output */
     "failure_drv",
-    failure_drv_finish,
+    NULL, /* finish */
     NULL, /* handle */
-    failure_drv_control,
+    NULL, /* control */
     NULL, /* timeout */
     NULL, /* outputv */
-    NULL  /* ready_async */
+    NULL, /* ready_async */
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL,
 };
 
 
@@ -46,7 +54,8 @@ static FailureDrvData *failure_drv_start(ErlDrvPort port, char *command) {
 static void failure_drv_stop(FailureDrvData *data_p) {
 }
 
-static void failure_drv_output(FailureDrvData *data_p, char *buf, int len) {
+static void failure_drv_output(ErlDrvData drv_data, char *buf, ErlDrvSizeT len) {
+    FailureDrvData *data_p = (FailureDrvData *) drv_data;
     void *void_ptr;
     ErlDrvPort port = void_ptr = data_p;
     
@@ -55,9 +64,3 @@ static void failure_drv_output(FailureDrvData *data_p, char *buf, int len) {
 
 static void failure_drv_finish() {
 }
-
-static int failure_drv_control(FailureDrvData *data_p, unsigned int command,
-			       char *buf, int len,
-			       char **rbuf, int rlen) {
-    return 0;
-}
diff --git a/erts/emulator/test/port_bif_SUITE_data/control_drv.c b/erts/emulator/test/port_bif_SUITE_data/control_drv.c
index e9f57a887a..b937a8bb15 100644
--- a/erts/emulator/test/port_bif_SUITE_data/control_drv.c
+++ b/erts/emulator/test/port_bif_SUITE_data/control_drv.c
@@ -1,13 +1,15 @@
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 #include "erl_driver.h"
 
 
 static ErlDrvPort erlang_port;
 static ErlDrvData control_start(ErlDrvPort, char*);
 static void control_stop(ErlDrvData);
-static void control_read(ErlDrvData, char*, int);
-static int control_control(ErlDrvData, unsigned int, char*, int, char**, int);
+static void control_read(ErlDrvData, char*, ErlDrvSizeT);
+static ErlDrvSSizeT control_control(ErlDrvData, unsigned int, char*,
+				    ErlDrvSizeT, char**, ErlDrvSizeT);
 
 static ErlDrvEntry control_driver_entry =
 {
@@ -21,9 +23,19 @@ static ErlDrvEntry control_driver_entry =
     NULL,
     NULL,
     control_control,
+    NULL, /* timeout */
+    NULL, /* outputv */
+    NULL, /* ready_async */
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
     NULL,
     NULL,
-    NULL
 };
 
 DRIVER_INIT(control_drv)
@@ -41,7 +53,7 @@ static ErlDrvData control_start(ErlDrvPort port,char *buf)
     return (ErlDrvData)port;
 }
 
-static void control_read(ErlDrvData port, char *buf, int count)
+static void control_read(ErlDrvData port, char *buf, ErlDrvSizeT count)
 {
     driver_output(erlang_port, buf, count);
 }
@@ -51,8 +63,9 @@ static void control_stop(ErlDrvData port)
     erlang_port = (ErlDrvPort)-1;
 }
 
-static int control_control(ErlDrvData port, unsigned command, char* buf, int count,
-			   char** res, int res_size)
+static ErlDrvSSizeT control_control(ErlDrvData port, unsigned command,
+				    char* buf, ErlDrvSizeT count,
+				    char** res, ErlDrvSizeT res_size)
 {
     switch (command) {
     case 'e':
diff --git a/erts/emulator/test/scheduler_SUITE.erl b/erts/emulator/test/scheduler_SUITE.erl
index debb54579b..8931562828 100644
--- a/erts/emulator/test/scheduler_SUITE.erl
+++ b/erts/emulator/test/scheduler_SUITE.erl
@@ -55,7 +55,7 @@
 	 scheduler_suspend/1,
 	 reader_groups/1]).
 
--define(DEFAULT_TIMEOUT, ?t:minutes(10)).
+-define(DEFAULT_TIMEOUT, ?t:minutes(15)).
 
 -define(MIN_SCHEDULER_TEST_TIMEOUT, ?t:minutes(1)).
 
@@ -519,16 +519,18 @@ bound_loop(NS, N, M, Sched) ->
 bindings(Node, BindType) ->
     Parent = self(),
     Ref = make_ref(),
-    spawn_link(Node,
-	       fun () ->
-		       enable_internal_state(),
-		       Res = (catch erts_debug:get_internal_state(
-				      {fake_scheduler_bindings, BindType})),
-		       Parent ! {Ref, Res}
-	       end),
+    Pid = spawn_link(Node,
+		     fun () ->
+			     enable_internal_state(),
+			     Res = (catch erts_debug:get_internal_state(
+					    {fake_scheduler_bindings,
+					     BindType})),
+			     Parent ! {Ref, Res}
+		     end),
     receive
 	{Ref, Res} ->
 	    ?t:format("~p: ~p~n", [BindType, Res]),
+	    unlink(Pid),
 	    Res
     end.
 
@@ -1684,7 +1686,7 @@ do_it(Tracer, Low, Normal, High, Max, RedsPerSchedLimit) ->
     EndWait = now(),
     BalanceWait = timer:now_diff(EndWait,StartWait) div 1000,
     erlang:display({balance_wait, BalanceWait}),
-    Timeout = ?DEFAULT_TIMEOUT - ?t:seconds(10) - BalanceWait,
+    Timeout = ?DEFAULT_TIMEOUT - ?t:minutes(4) - BalanceWait,
     Res = case Timeout < ?MIN_SCHEDULER_TEST_TIMEOUT of
 	      true ->
 		  stop_work(Low, Normal, High, Max),
diff --git a/erts/emulator/test/send_term_SUITE_data/send_term_drv.c b/erts/emulator/test/send_term_SUITE_data/send_term_drv.c
index 165cce2e9d..b3feca79f0 100644
--- a/erts/emulator/test/send_term_SUITE_data/send_term_drv.c
+++ b/erts/emulator/test/send_term_SUITE_data/send_term_drv.c
@@ -24,7 +24,7 @@
 static ErlDrvPort erlang_port;
 static ErlDrvData send_term_drv_start(ErlDrvPort port, char *command);
 static void send_term_drv_stop(ErlDrvData drv_data);
-static void send_term_drv_run(ErlDrvData drv_data, char *buf, int len);
+static void send_term_drv_run(ErlDrvData drv_data, char *buf, ErlDrvSizeT len);
 
 
 static int make_ext_term_list(ErlDrvTermData *td, int bad);
@@ -39,6 +39,22 @@ static ErlDrvEntry send_term_drv_entry = {
     NULL,
     NULL,
     "send_term_drv",
+    NULL,
+    NULL, /* handle */
+    NULL, /* control */
+    NULL, /* timeout */
+    NULL, /* outputv */
+    NULL, /* ready_async */
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL,
 };
 
 DRIVER_INIT(send_term_drv)
@@ -64,7 +80,7 @@ static void send_term_drv_stop(ErlDrvData drv_data)
 static void output_term(ErlDrvTermData* msg, int len);
 static void fail_term(ErlDrvTermData* msg, int len, int line);
 
-static void send_term_drv_run(ErlDrvData port, char *buf, int count)
+static void send_term_drv_run(ErlDrvData port, char *buf, ErlDrvSizeT count)
 {
     char buf7[1024];
     ErlDrvTermData spec[1024];
diff --git a/erts/emulator/test/sensitive_SUITE.erl b/erts/emulator/test/sensitive_SUITE.erl
index 634df367ca..e073eab596 100644
--- a/erts/emulator/test/sensitive_SUITE.erl
+++ b/erts/emulator/test/sensitive_SUITE.erl
@@ -160,8 +160,7 @@ recv_trace(Config) when is_list(Config) ->
     ?line {messages,Messages} = process_info(Tracer, messages),
     [{trace,Parent,'receive',a},
      {trace,Parent,'receive',{trace_delivered,_,_}},
-     {trace,Parent,'receive',c},
-     {trace,Parent,'receive',{trace_delivered,_,_}}] = Messages,
+     {trace,Parent,'receive',c}|_] = Messages,
 
     ?line unlink(Tracer), exit(Tracer, kill),
     ?line unlink(Sender), exit(Sender, kill),
diff --git a/erts/emulator/test/smoke_test_SUITE.erl b/erts/emulator/test/smoke_test_SUITE.erl
new file mode 100644
index 0000000000..98f1cf1ad5
--- /dev/null
+++ b/erts/emulator/test/smoke_test_SUITE.erl
@@ -0,0 +1,139 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(smoke_test_SUITE).
+
+-include_lib("test_server/include/test_server.hrl").
+
+%-compile(export_all).
+-export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
+	 init_per_group/2,end_per_group/2, 
+	 init_per_testcase/2, end_per_testcase/2]).
+
+-export([boot_combo/1]).
+
+-define(DEFAULT_TIMEOUT, ?t:minutes(2)).
+
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() -> 
+    [boot_combo].
+
+groups() -> 
+    [].
+
+init_per_suite(Config) ->
+    Config.
+
+end_per_suite(_Config) ->
+    ok.
+
+init_per_group(_GroupName, Config) ->
+    Config.
+
+end_per_group(_GroupName, Config) ->
+    Config.
+
+
+init_per_testcase(Case, Config) when is_list(Config) ->
+    Dog = ?t:timetrap(?DEFAULT_TIMEOUT),
+    [{testcase, Case},{watchdog, Dog}|Config].
+
+end_per_testcase(_Case, Config) when is_list(Config) ->
+    Dog = ?config(watchdog, Config),
+    ?t:timetrap_cancel(Dog),
+    ok.
+
+%%%
+%%% The test cases -------------------------------------------------------------
+%%%
+
+boot_combo(Config) when is_list(Config) ->
+    ZFlags = os:getenv("ERL_ZFLAGS"),
+    NOOP = fun () -> ok end,
+    A42 = fun () ->
+		  case erlang:system_info(threads) of
+		      true ->
+			  42 = erlang:system_info(thread_pool_size);
+		      false ->
+			  ok
+		  end
+	  end,
+    SMPDisable = fun () -> false = erlang:system_info(smp_support) end,
+    try
+	chk_boot(Config, "+Ktrue", NOOP),
+	chk_boot(Config, "+A42", A42),
+	chk_boot(Config, "-smp disable", SMPDisable),
+	chk_boot(Config, "+Ktrue +A42", A42),
+	chk_boot(Config, "-smp disable +A42",
+		 fun () -> SMPDisable(), A42() end),
+	chk_boot(Config, "-smp disable +Ktrue", SMPDisable),
+	chk_boot(Config, "-smp disable +Ktrue +A42",
+		 fun () -> SMPDisable(), A42() end),
+	%% A lot more combos could be implemented...
+	ok
+    after
+	os:putenv("ERL_ZFLAGS", case ZFlags of
+				    false -> "";
+				    _ -> ZFlags
+				end)
+    end.
+
+%%%
+%%% Aux functions --------------------------------------------------------------
+%%%
+
+chk_boot(Config, Args, Fun) ->
+    true = os:putenv("ERL_ZFLAGS", Args),
+    Success = make_ref(),
+    Parent = self(),
+    ?t:format("--- Testing ~s~n", [Args]),
+    {ok, Node} = start_node(Config),
+    Pid = spawn_link(Node, fun () ->
+				   Fun(),
+				   Parent ! {self(), Success}
+			   end),
+    receive
+	{Pid, Success} ->
+	    Node = node(Pid),
+	    stop_node(Node),
+	    ?t:format("--- Success!~n", []),
+	    ok
+    end.
+
+start_node(Config) ->
+    start_node(Config, "").
+
+start_node(Config, Args) when is_list(Config) ->
+    ?line Pa = filename:dirname(code:which(?MODULE)),
+    ?line {A, B, C} = now(),
+    ?line Name = list_to_atom(atom_to_list(?MODULE)
+			      ++ "-"
+			      ++ atom_to_list(?config(testcase, Config))
+			      ++ "-"
+			      ++ integer_to_list(A)
+			      ++ "-"
+			      ++ integer_to_list(B)
+			      ++ "-"
+			      ++ integer_to_list(C)),
+    ?line ?t:start_node(Name, slave, [{args, "-pa "++Pa++" "++Args}]).
+
+stop_node(Node) ->
+    ?t:stop_node(Node).
+
diff --git a/erts/emulator/test/statistics_SUITE.erl b/erts/emulator/test/statistics_SUITE.erl
index 0392312a6f..a93dd309c1 100644
--- a/erts/emulator/test/statistics_SUITE.erl
+++ b/erts/emulator/test/statistics_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -29,6 +29,7 @@
 	 runtime_zero_diff/1,
 	 runtime_update/1, runtime_diff/1,
 	 run_queue_one/1,
+	 scheduler_wall_time/1,
 	 reductions/1, reductions_big/1, garbage_collection/1, io/1,
 	 badarg/1]).
 
@@ -51,8 +52,8 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
     [{group, wall_clock}, {group, runtime}, reductions,
-     reductions_big, {group, run_queue}, garbage_collection,
-     io, badarg].
+     reductions_big, {group, run_queue}, scheduler_wall_time,
+     garbage_collection, io, badarg].
 
 groups() -> 
     [{wall_clock, [],
@@ -266,11 +267,10 @@ run_queue_one(Config) when is_list(Config) ->
     
 
 run_queue_one_test(Config) when is_list(Config) ->
-    ?line Hog = spawn_link(?MODULE, hog, [self()]),
+    ?line _Hog = spawn_link(?MODULE, hog, [self()]),
     ?line receive
-	hog_started ->
-	    Hog ! go
-    end,
+	      hog_started -> ok
+	  end,
     ?line receive after 100 -> ok end,		% Give hog a head start.
     ?line case statistics(run_queue) of
 	      N when N >= 1 -> ok;
@@ -280,18 +280,88 @@ run_queue_one_test(Config) when is_list(Config) ->
 
 %% CPU-bound process, going at low priority.  It will always be ready
 %% to run.
-    
+
 hog(Pid) ->
     ?line process_flag(priority, low),
     ?line Pid ! hog_started,
-    ?line receive
-	go -> hog_iter(0)
+    ?line Mon = erlang:monitor(process, Pid),
+    ?line hog_iter(0, Mon).
+
+hog_iter(N, Mon) when N > 0 ->
+    receive
+	{'DOWN', Mon, _, _, _} ->  ok
+    after 0 ->
+	    ?line hog_iter(N-1, Mon)
+    end;
+hog_iter(0, Mon) ->
+    ?line hog_iter(10000, Mon).
+
+%%% Tests of statistics(scheduler_wall_time).
+
+scheduler_wall_time(doc) ->
+    "Tests that statistics(scheduler_wall_time) works as intended";
+scheduler_wall_time(Config) when is_list(Config) ->
+    %% Should return undefined if system_flag is not turned on yet
+    undefined = statistics(scheduler_wall_time),
+    %% Turn on statistics
+    false = erlang:system_flag(scheduler_wall_time, true),
+    try
+	Schedulers = erlang:system_info(schedulers_online),
+	%% Let testserver and everyone else finish their work
+	timer:sleep(500),
+	%% Empty load
+	EmptyLoad = get_load(),
+	{false, _} = {lists:any(fun(Load) -> Load > 50 end, EmptyLoad),EmptyLoad},
+	MeMySelfAndI = self(),
+	StartHog = fun() ->
+			   Pid = spawn(?MODULE, hog, [self()]),
+			   receive hog_started -> MeMySelfAndI ! go end,
+			   Pid
+		   end,
+	P1 = StartHog(),
+	%% Max on one, the other schedulers empty (hopefully)
+	%% Be generous the process can jump between schedulers
+	%% which is ok and we don't want the test to fail for wrong reasons
+	_L1 = [S1Load|EmptyScheds1] = get_load(),
+	{true,_}  = {S1Load > 50,S1Load},
+	{false,_} = {lists:any(fun(Load) -> Load > 50 end, EmptyScheds1),EmptyScheds1},
+	{true,_}  = {lists:sum(EmptyScheds1) < 60,EmptyScheds1},
+
+	%% 50% load
+	HalfHogs = [StartHog() || _ <- lists:seq(1, (Schedulers-1) div 2)],
+	HalfLoad = lists:sum(get_load()) div Schedulers,
+	if Schedulers < 2, HalfLoad > 80 -> ok; %% Ok only one scheduler online and one hog
+	   %% We want roughly 50% load
+	   HalfLoad > 40, HalfLoad < 60 -> ok;
+	   true -> exit({halfload, HalfLoad})
+	end,
+
+	%% 100% load
+	LastHogs = [StartHog() || _ <- lists:seq(1, Schedulers div 2)],
+	FullScheds = get_load(),
+	{false,_} = {lists:any(fun(Load) -> Load < 80 end, FullScheds),FullScheds},
+	FullLoad = lists:sum(FullScheds) div Schedulers,
+	if FullLoad > 90 -> ok;
+	   true -> exit({fullload, FullLoad})
+	end,
+
+	[exit(Pid, kill) || Pid <- [P1|HalfHogs++LastHogs]],
+	AfterLoad = get_load(),
+	{false,_} = {lists:any(fun(Load) -> Load > 5 end, AfterLoad),AfterLoad},
+	true = erlang:system_flag(scheduler_wall_time, false)
+    after
+	erlang:system_flag(scheduler_wall_time, false)
     end.
 
-hog_iter(N) when N > 0 ->
-    ?line hog_iter(N-1);
-hog_iter(0) ->
-    ?line hog_iter(10000).
+get_load() ->
+    Start = erlang:statistics(scheduler_wall_time),
+    timer:sleep(500),
+    End = erlang:statistics(scheduler_wall_time),
+    lists:reverse(lists:sort(load_percentage(lists:sort(Start),lists:sort(End)))).
+
+load_percentage([{Id, WN, TN}|Ss], [{Id, WP, TP}|Ps]) ->
+    [100*(WN-WP) div (TN-TP)|load_percentage(Ss, Ps)];
+load_percentage([], []) -> [].
 
 
 garbage_collection(doc) ->
diff --git a/erts/emulator/test/system_profile_SUITE.erl b/erts/emulator/test/system_profile_SUITE.erl
index 32089e8872..659e43f81d 100644
--- a/erts/emulator/test/system_profile_SUITE.erl
+++ b/erts/emulator/test/system_profile_SUITE.erl
@@ -27,6 +27,7 @@
 	system_profile_on_and_off/1,
 	runnable_procs/1,
 	runnable_ports/1,
+	dont_profile_profiler/1,
 	scheduler/1
         ]).
 
@@ -40,7 +41,7 @@
 -define(default_timeout, ?t:minutes(1)).
 
 init_per_testcase(_Case, Config) ->
-    ?line Dog=?t:timetrap(?default_timeout),
+    Dog=?t:timetrap(?default_timeout),
     [{watchdog, Dog}|Config].
 end_per_testcase(_Case, Config) ->
     Dog=?config(watchdog, Config),
@@ -51,7 +52,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
     [system_profile_on_and_off, runnable_procs,
-     runnable_ports, scheduler].
+     runnable_ports, scheduler, dont_profile_profiler].
 
 groups() -> 
     [].
@@ -77,31 +78,31 @@ system_profile_on_and_off(suite) ->
 system_profile_on_and_off(doc) ->
     ["Tests switching system_profiling on and off."];
 system_profile_on_and_off(Config) when is_list(Config) ->
-    ?line Pid = start_profiler_process(),
+    Pid = start_profiler_process(),
     
     % Test runnable_ports on and off
-    ?line undefined = erlang:system_profile(Pid, [runnable_ports]),
-    ?line {Pid, [runnable_ports]} = erlang:system_profile(),
-    ?line {Pid, [runnable_ports]} = erlang:system_profile(undefined, []),
+    undefined = erlang:system_profile(Pid, [runnable_ports]),
+    {Pid, [runnable_ports]} = erlang:system_profile(),
+    {Pid, [runnable_ports]} = erlang:system_profile(undefined, []),
 
     % Test runnable_procs on and off
-    ?line undefined = erlang:system_profile(Pid, [runnable_procs]),
-    ?line {Pid, [runnable_procs]} = erlang:system_profile(),
-    ?line {Pid, [runnable_procs]} = erlang:system_profile(undefined, []),
+    undefined = erlang:system_profile(Pid, [runnable_procs]),
+    {Pid, [runnable_procs]} = erlang:system_profile(),
+    {Pid, [runnable_procs]} = erlang:system_profile(undefined, []),
 
     % Test scheduler on and off
-    ?line undefined = erlang:system_profile(Pid, [scheduler]),
-    ?line {Pid, [scheduler]} = erlang:system_profile(),
-    ?line {Pid, [scheduler]} = erlang:system_profile(undefined, []),
+    undefined = erlang:system_profile(Pid, [scheduler]),
+    {Pid, [scheduler]} = erlang:system_profile(),
+    {Pid, [scheduler]} = erlang:system_profile(undefined, []),
 
     % Test combined runnable_ports, runnable_procs, scheduler; on and off
-    ?line undefined = erlang:system_profile(Pid, [scheduler, runnable_procs, runnable_ports]),
-    ?line {Pid, [scheduler,runnable_procs,runnable_ports]} = erlang:system_profile(),
-    ?line {Pid, [scheduler,runnable_procs,runnable_ports]} = erlang:system_profile(undefined, []),
+    undefined = erlang:system_profile(Pid, [scheduler, runnable_procs, runnable_ports]),
+    {Pid, [scheduler,runnable_procs,runnable_ports]} = erlang:system_profile(),
+    {Pid, [scheduler,runnable_procs,runnable_ports]} = erlang:system_profile(undefined, []),
 
     % Test turned off and kill process
-    ?line undefined = erlang:system_profile(),
-    ?line exit(Pid,kill),
+    undefined = erlang:system_profile(),
+    exit(Pid,kill),
     ok.
 
 %% Test runnable_procs
@@ -111,25 +112,25 @@ runnable_procs(suite) ->
 runnable_procs(doc) ->
     ["Tests system_profiling with runnable_procs."];
 runnable_procs(Config) when is_list(Config) ->
-    ?line Pid = start_profiler_process(),
+    Pid = start_profiler_process(),
     % start a ring of processes
     % FIXME: Set #laps and #nodes in config file
     Nodes = 10,
     Laps = 10,
-    ?line Master = ring(Nodes),
-    ?line undefined = erlang:system_profile(Pid, [runnable_procs]),
+    Master = ring(Nodes),
+    undefined = erlang:system_profile(Pid, [runnable_procs]),
     % loop a message
-    ?line ok = ring_message(Master, message, Laps),
-    ?line Events = get_profiler_events(),
-    ?line kill_em_all = kill_ring(Master),
-    ?line erlang:system_profile(undefined, []),
+    ok = ring_message(Master, message, Laps),
+    Events = get_profiler_events(),
+    kill_em_all = kill_ring(Master),
+    erlang:system_profile(undefined, []),
     put(master, Master),
     put(laps, Laps),
-    ?line true = has_runnable_event(Events),
+    true = has_runnable_event(Events),
     Pids = sort_events_by_pid(Events),
-    ?line ok = check_events(Pids),
+    ok = check_events(Pids),
     erase(),
-    ?line exit(Pid,kill),
+    exit(Pid,kill),
     ok.
 
 runnable_ports(suite) ->
@@ -137,21 +138,21 @@ runnable_ports(suite) ->
 runnable_ports(doc) ->
     ["Tests system_profiling with runnable_port."];
 runnable_ports(Config) when is_list(Config) ->
-    ?line Pid = start_profiler_process(),
-    ?line undefined = erlang:system_profile(Pid, [runnable_ports]),
-    ?line EchoPid = echo(Config),
+    Pid = start_profiler_process(),
+    undefined = erlang:system_profile(Pid, [runnable_ports]),
+    EchoPid = echo(Config),
     % FIXME: Set config to number_of_echos
     Laps = 10,
     put(laps, Laps),
-    ?line ok = echo_message(EchoPid, Laps, message),
-    ?line Events = get_profiler_events(),
-    ?line kill_em_all = kill_echo(EchoPid),
-    ?line erlang:system_profile(undefined, []),
-    ?line true = has_runnable_event(Events),
+    ok = echo_message(EchoPid, Laps, message),
+    Events = get_profiler_events(),
+    kill_em_all = kill_echo(EchoPid),
+    erlang:system_profile(undefined, []),
+    true = has_runnable_event(Events),
     Pids = sort_events_by_pid(Events),
-    ?line ok = check_events(Pids),
+    ok = check_events(Pids),
     erase(),
-    ?line exit(Pid,kill),
+    exit(Pid,kill),
     ok.
 
 scheduler(suite) ->
@@ -160,46 +161,68 @@ scheduler(doc) ->
     ["Tests system_profiling with scheduler."];
 scheduler(Config) when is_list(Config) ->
     case {erlang:system_info(smp_support), erlang:system_info(schedulers_online)} of
-	{false,_} -> ?line {skipped, "No need for scheduler test when smp support is disabled."};
-	{_,    1} -> ?line {skipped, "No need for scheduler test when only one scheduler online."};
+	{false,_} -> {skipped, "No need for scheduler test when smp support is disabled."};
+	{_,    1} -> {skipped, "No need for scheduler test when only one scheduler online."};
 	_ ->
 	    Nodes = 10,
-	    ?line ok = check_block_system(Nodes),
-	    ?line ok = check_multi_scheduling_block(Nodes),
-	    ok
+	    ok = check_block_system(Nodes),
+	    ok = check_multi_scheduling_block(Nodes)
     end.
 
+% the profiler pid should not be profiled
+dont_profile_profiler(suite) ->
+    [];
+dont_profile_profiler(doc) ->
+    ["Ensure system profiler process is not profiled."];
+dont_profile_profiler(Config) when is_list(Config) ->
+    Pid = start_profiler_process(),
+
+    Nodes = 10,
+    Laps = 10,
+    Master = ring(Nodes),
+    undefined = erlang:system_profile(Pid, [runnable_procs]),
+    % loop a message
+    ok = ring_message(Master, message, Laps),
+    erlang:system_profile(undefined, []),
+    kill_em_all = kill_ring(Master),
+    Events = get_profiler_events(),
+    false  = has_profiler_pid_event(Events, Pid),
+
+    exit(Pid,kill),
+    ok.
+
+
 %%% Check scheduler profiling
 
 check_multi_scheduling_block(Nodes) ->
-    ?line Pid = start_profiler_process(),
-    ?line undefined = erlang:system_profile(Pid, [scheduler]),
-    ?line {ok, Supervisor} = start_load(Nodes),
-    ?line erlang:system_flag(multi_scheduling, block),
-    ?line erlang:system_flag(multi_scheduling, unblock),
-    ?line {Pid, [scheduler]} = erlang:system_profile(undefined, []),
-    ?line Events = get_profiler_events(),
-    ?line true = has_scheduler_event(Events),
+    Pid = start_profiler_process(),
+    undefined = erlang:system_profile(Pid, [scheduler]),
+    {ok, Supervisor} = start_load(Nodes),
+    erlang:system_flag(multi_scheduling, block),
+    erlang:system_flag(multi_scheduling, unblock),
+    {Pid, [scheduler]} = erlang:system_profile(undefined, []),
+    Events = get_profiler_events(),
+    true = has_scheduler_event(Events),
     stop_load(Supervisor),
-    ?line exit(Pid,kill),
+    exit(Pid,kill),
     erase(),
     ok.
 
 check_block_system(Nodes) ->
-    ?line Dummy = spawn(?MODULE, profiler_process, [[]]),
-    ?line Pid = start_profiler_process(),
-    ?line undefined = erlang:system_profile(Pid, [scheduler]),
-    ?line {ok, Supervisor} = start_load(Nodes),
+    Dummy = spawn(?MODULE, profiler_process, [[]]),
+    Pid = start_profiler_process(),
+    undefined = erlang:system_profile(Pid, [scheduler]),
+    {ok, Supervisor} = start_load(Nodes),
     % FIXME: remove wait !!
     wait(300),
-    ?line undefined = erlang:system_monitor(Dummy, [busy_port]),
-    ?line {Dummy, [busy_port]} = erlang:system_monitor(undefined, []),
-    ?line {Pid, [scheduler]} = erlang:system_profile(undefined, []),
-    ?line Events = get_profiler_events(),
-    ?line true = has_scheduler_event(Events),
+    undefined = erlang:system_monitor(Dummy, [busy_port]),
+    {Dummy, [busy_port]} = erlang:system_monitor(undefined, []),
+    {Pid, [scheduler]} = erlang:system_profile(undefined, []),
+    Events = get_profiler_events(),
+    true = has_scheduler_event(Events),
     stop_load(Supervisor),
-    ?line exit(Pid,kill),
-    ?line exit(Dummy,kill),
+    exit(Pid,kill),
+    exit(Dummy,kill),
     erase(),
     ok.
 
@@ -211,17 +234,17 @@ check_events([Pid | Pids]) ->
     Laps = get(laps),
     CheckPids = get(pids),
     {Events, N} = get_pid_events(Pid),
-    ?line ok = check_event_flow(Events),
-    ?line ok = check_event_ts(Events),
+    ok = check_event_flow(Events),
+    ok = check_event_ts(Events),
     IsMember = lists:member(Pid, CheckPids),
     case Pid of
     	Master ->
 	    io:format("Expected ~p and got ~p profile events from ~p: ok~n", [Laps*2+2, N, Pid]),
-	    ?line N = Laps*2 + 2,
+	    N = Laps*2 + 2,
     	    check_events(Pids);
 	Pid when IsMember == true ->
 	    io:format("Expected ~p and got ~p profile events from ~p: ok~n", [Laps*2, N, Pid]),
-	    ?line N = Laps*2,
+	    N = Laps*2,
     	    check_events(Pids);
 	Pid ->
 	    check_events(Pids)
@@ -448,6 +471,12 @@ has_runnable_event(Events) ->
 	    end
         end, Events).
 
+has_profiler_pid_event([], _) -> false;
+has_profiler_pid_event([{profile, Pid, _Activity, _MFA, _TS}|Events], Pid) -> true;
+has_profiler_pid_event([_|Events], Pid) ->
+    has_profiler_pid_event(Events, Pid).
+
+
 wait(Time) -> receive after Time -> ok end.
 
 %%%
diff --git a/erts/emulator/test/system_profile_SUITE_data/echo_drv.c b/erts/emulator/test/system_profile_SUITE_data/echo_drv.c
index d968ff06f9..e0b6ff804c 100644
--- a/erts/emulator/test/system_profile_SUITE_data/echo_drv.c
+++ b/erts/emulator/test/system_profile_SUITE_data/echo_drv.c
@@ -9,11 +9,9 @@ static EchoDrvData echo_drv_data, *echo_drv_data_p;
 
 static EchoDrvData *echo_drv_start(ErlDrvPort port, char *command);
 static void         echo_drv_stop(EchoDrvData *data_p);
-static void         echo_drv_output(EchoDrvData *data_p, char *buf, int len);
+static void         echo_drv_output(ErlDrvData drv_data, char *buf,
+				    ErlDrvSizeT len);
 static void         echo_drv_finish(void);
-static int          echo_drv_control(EchoDrvData *data_p, unsigned int command,
-				     char *buf, int len,
-				     char **rbuf, int rlen);
 
 static ErlDrvEntry echo_drv_entry = { 
     NULL, /* init */
@@ -25,10 +23,21 @@ static ErlDrvEntry echo_drv_entry = {
     "echo_drv",
     echo_drv_finish,
     NULL, /* handle */
-    echo_drv_control,
+    NULL, /* control */
     NULL, /* timeout */
     NULL, /* outputv */
-    NULL  /* ready_async */
+    NULL,  /* ready_async */
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL
+
 };
 
 DRIVER_INIT(echo_drv)
@@ -51,16 +60,11 @@ static void echo_drv_stop(EchoDrvData *data_p) {
     echo_drv_data_p = NULL;
 }
 
-static void echo_drv_output(EchoDrvData *data_p, char *buf, int len) {
+static void echo_drv_output(ErlDrvData drv_data, char *buf, ErlDrvSizeT len) {
+    EchoDrvData* data_p = (EchoDrvData *) drv_data;
     driver_output(data_p->erlang_port, buf, len);
 }
 
 static void echo_drv_finish() {
     echo_drv_data_p = NULL;
 }
-
-static int echo_drv_control(EchoDrvData *data_p, unsigned int command,
-			    char *buf, int len,
-			    char **rbuf, int rlen) {
-    return 0;
-}
diff --git a/erts/emulator/test/time_SUITE.erl b/erts/emulator/test/time_SUITE.erl
index bd48a0a7db..4d12e3449c 100644
--- a/erts/emulator/test/time_SUITE.erl
+++ b/erts/emulator/test/time_SUITE.erl
@@ -32,6 +32,7 @@
 -export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
 	 init_per_group/2,end_per_group/2, univ_to_local/1, local_to_univ/1,
 	 bad_univ_to_local/1, bad_local_to_univ/1,
+	 univ_to_seconds/1, seconds_to_univ/1,
 	 consistency/1,
 	 now_unique/1, now_update/1, timestamp/1]).
 
@@ -59,7 +60,9 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
     [univ_to_local, local_to_univ, local_to_univ_utc,
-     bad_univ_to_local, bad_local_to_univ, consistency,
+     bad_univ_to_local, bad_local_to_univ, 
+     univ_to_seconds, seconds_to_univ,
+     consistency,
      {group, now}, timestamp].
 
 groups() -> 
@@ -162,6 +165,30 @@ bad_test_local_to_univ([Local|Rest]) ->
 bad_test_local_to_univ([]) ->
     ok.
 
+
+%% Test universaltime to seconds conversions
+univ_to_seconds(Config) when is_list(Config) ->
+    test_univ_to_seconds(ok_utc_seconds()).
+
+test_univ_to_seconds([{Datetime, Seconds}|DSs]) ->
+    io:format("universaltime = ~p -> seconds = ~p", [Datetime, Seconds]),
+    Seconds = erlang:universaltime_to_posixtime(Datetime),
+    test_univ_to_seconds(DSs);
+test_univ_to_seconds([]) -> 
+    ok.
+
+%% Test seconds to universaltime conversions
+seconds_to_univ(Config) when is_list(Config) ->
+    test_seconds_to_univ(ok_utc_seconds()).
+
+test_seconds_to_univ([{Datetime, Seconds}|DSs]) ->
+    io:format("universaltime = ~p <- seconds = ~p", [Datetime, Seconds]),
+    Datetime = erlang:posixtime_to_universaltime(Seconds),
+    test_seconds_to_univ(DSs);
+test_seconds_to_univ([]) -> 
+    ok.
+
+
 %% Test that the the different time functions return
 %% consistent results. (See the test case for assumptions
 %% and limitations.)
@@ -453,6 +480,32 @@ dst_dates() ->
      {1998, 06, 3},
      {1999, 06, 4}].
 
+%% exakt utc {date(), time()} which corresponds to the same seconds since 1 jan 1970 
+%% negative seconds are ok
+%% generated with date --date='1979-05-28 12:30:35 UTC' +%s
+ok_utc_seconds() -> [
+	{ {{1970, 1, 1},{ 0, 0, 0}},            0 },
+	{ {{1970, 1, 1},{ 0, 0, 1}},            1 },
+	{ {{1969,12,31},{23,59,59}},           -1 },
+	{ {{1920,12,31},{23,59,59}},  -1546300801 },
+	{ {{1600,02,19},{15,14,08}}, -11671807552 },
+	{ {{1979,05,28},{12,30,35}},    296742635 },
+	{ {{1999,12,31},{23,59,59}},    946684799 },
+	{ {{2000, 1, 1},{ 0, 0, 0}},    946684800 },
+	{ {{2000, 1, 1},{ 0, 0, 1}},    946684801 },
+
+	{ {{2038, 1,19},{03,14,07}},   2147483647 }, % Sint32 full - 1
+	{ {{2038, 1,19},{03,14,08}},   2147483648 }, % Sint32 full
+	{ {{2038, 1,19},{03,14,09}},   2147483649 }, % Sint32 full + 1
+
+	{ {{2106, 2, 7},{ 6,28,14}},   4294967294 }, % Uint32 full  0xFFFFFFFF - 1
+	{ {{2106, 2, 7},{ 6,28,15}},   4294967295 }, % Uint32 full  0xFFFFFFFF
+	{ {{2106, 2, 7},{ 6,28,16}},   4294967296 }, % Uint32 full  0xFFFFFFFF + 1
+	{ {{2012,12, 6},{16,28,08}},   1354811288 },
+	{ {{2412,12, 6},{16,28,08}},  13977592088 }
+    ].
+
+
 %% The following dates should not be near the end or beginning of
 %% a month, because they will be used to test when the dates are
 %% different in UTC and local time.
diff --git a/erts/emulator/test/trace_port_SUITE.erl b/erts/emulator/test/trace_port_SUITE.erl
index 0026da4979..b0ce6f81db 100644
--- a/erts/emulator/test/trace_port_SUITE.erl
+++ b/erts/emulator/test/trace_port_SUITE.erl
@@ -77,7 +77,8 @@ end_per_testcase(_Func, Config) ->
 
 call_trace(doc) -> "Test sending call trace messages to a port.";
 call_trace(Config) when is_list(Config) ->
-    case test_server:is_native(?MODULE) of
+    case test_server:is_native(?MODULE) orelse
+	test_server:is_native(lists) of
 	true -> 
 	    {skip,"Native code"};
 	false ->
@@ -128,7 +129,8 @@ bs_sum_c(<<>>, Acc) -> Acc.
 
 return_trace(doc) -> "Test the new return trace.";
 return_trace(Config) when is_list(Config) ->
-    case test_server:is_native(?MODULE) of
+    case test_server:is_native(?MODULE) orelse
+	test_server:is_native(lists) of
 	true -> 
 	    {skip,"Native code"};
 	false ->
diff --git a/erts/emulator/test/trace_port_SUITE_data/echo_drv.c b/erts/emulator/test/trace_port_SUITE_data/echo_drv.c
index 15c4ca11fe..a8d4ede4fe 100644
--- a/erts/emulator/test/trace_port_SUITE_data/echo_drv.c
+++ b/erts/emulator/test/trace_port_SUITE_data/echo_drv.c
@@ -25,12 +25,14 @@ static EchoDrvData echo_drv_data, *echo_drv_data_p;
 **/
 
 static EchoDrvData *echo_drv_start(ErlDrvPort port, char *command);
-static void         echo_drv_stop(EchoDrvData *data_p);
-static void         echo_drv_output(EchoDrvData *data_p, char *buf, int len);
+static void         echo_drv_stop(ErlDrvData drv_data);
+static void         echo_drv_output(ErlDrvData drv_data, char *buf,
+				    ErlDrvSizeT len);
 static void         echo_drv_finish(void);
-static int          echo_drv_control(EchoDrvData *data_p, unsigned int command,
-				     char *buf, int len,
-				     char **rbuf, int rlen);
+static ErlDrvSSizeT echo_drv_control(ErlDrvData drv_data,
+				     unsigned int command,
+				     char *buf,  ErlDrvSizeT len,
+				     char **rbuf, ErlDrvSizeT rlen);
 
 static ErlDrvEntry echo_drv_entry = { 
     NULL, /* init */
@@ -45,11 +47,19 @@ static ErlDrvEntry echo_drv_entry = {
     echo_drv_control,
     NULL, /* timeout */
     NULL, /* outputv */
-    NULL  /* ready_async */
+    NULL, /* ready_async */
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL
 };
 
-
-
 /* -------------------------------------------------------------------------
 ** Entry functions
 **/
@@ -75,7 +85,8 @@ static void echo_drv_stop(EchoDrvData *data_p) {
     echo_drv_data_p = NULL;
 }
 
-static void echo_drv_output(EchoDrvData *data_p, char *buf, int len) {
+static void echo_drv_output(ErlDrvData drv_data, char *buf, ErlDrvSizeT len) {
+    EchoDrvData* data_p = (EchoDrvData *) drv_data;
     driver_output(data_p->erlang_port, buf, len);
     switch (data_p->heavy) {
     case heavy_off:
@@ -95,9 +106,11 @@ static void echo_drv_finish() {
     echo_drv_data_p = NULL;
 }
 
-static int echo_drv_control(EchoDrvData *data_p, unsigned int command,
-			    char *buf, int len,
-			    char **rbuf, int rlen) {
+static ErlDrvSSizeT echo_drv_control(ErlDrvData drv_data,
+				     unsigned int command,
+				     char *buf, ErlDrvSizeT len,
+				     char **rbuf, ErlDrvSizeT rlen) {
+    EchoDrvData* data_p = (EchoDrvData *) drv_data;
     switch (command) {
     case 'h':
 	data_p->heavy = heavy_set;
diff --git a/erts/emulator/utils/make_preload b/erts/emulator/utils/make_preload
index d22f08f993..13019d4062 100755
--- a/erts/emulator/utils/make_preload
+++ b/erts/emulator/utils/make_preload
@@ -2,7 +2,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -39,6 +39,7 @@ use File::Basename;
 my $gen_rc = 0;
 my $gen_old = 0;
 my $windres = 0;
+my $msys = 0;
 my $file;
 
 my $progname = basename($0);
@@ -49,6 +50,8 @@ while (@ARGV && $ARGV[0] =~ /^-(\w+)/) {
 	$gen_rc = 1;
     } elsif ($opt eq '-windres') {
 	$windres = 1;
+    } elsif ($opt eq '-msys') {
+	$msys = 1;
     } elsif ($opt eq '-old') {
 	$gen_old = 1;
     } else {
@@ -68,7 +71,12 @@ foreach $file (@ARGV) {
 	unless $file =~ /\.beam$/;
     my $module = basename($file, ".beam");
     if ($gen_rc) {
-	my ($win_file) = split("\n", `(cygpath -d $file 2>/dev/null || cygpath -w $file)`);
+	my $win_file;
+	if ($msys) {
+	    ($win_file) = split("\n", `(msys2win_path.sh $file)`);
+	} else {
+	    ($win_file) = split("\n", `(cygpath -d $file 2>/dev/null || cygpath -w $file)`);
+	}
 	$win_file =~ s&\\&\\\\&g;
 	print "$num ERLANG_CODE \"$win_file\"\n";
 	push(@modules, "   ", -s $file, "L, $num, ",
diff --git a/erts/emulator/valgrind/suppress.patched.3.6.0 b/erts/emulator/valgrind/suppress.patched.3.6.0
index 2647949672..8cf4cba2c8 100644
--- a/erts/emulator/valgrind/suppress.patched.3.6.0
+++ b/erts/emulator/valgrind/suppress.patched.3.6.0
@@ -305,3 +305,46 @@ fun:erl_init
 fun:erl_start
 fun:main
 }
+
+{
+Permanent cache aligned malloc for array of mseg allocators
+Memcheck:Leak
+PossiblyLost
+fun:malloc
+fun:erts_mseg_init
+fun:erts_alloc_init
+fun:early_init
+fun:erl_start
+fun:main
+}
+
+{
+Early permanent cache aligned erl_process:aux_work_tmo
+Memcheck:Leak
+PossiblyLost
+fun:malloc
+fun:aux_work_timeout_early_init
+fun:erts_early_init_scheduling
+fun:early_init
+fun:erl_start
+fun:main
+}
+
+{
+Early permanent cache aligned ts_event_pool
+Memcheck:Leak
+PossiblyLost
+fun:malloc
+fun:erts_sys_alloc
+fun:erts_alloc_fnf
+fun:ethr_std_alloc
+fun:ts_event_pool
+fun:init_ts_event_alloc
+fun:ethr_late_init_common__
+fun:ethr_late_init
+fun:erts_thr_late_init
+fun:early_init
+fun:erl_start
+fun:main
+}
+
diff --git a/erts/emulator/valgrind/suppress.standard b/erts/emulator/valgrind/suppress.standard
index d759038c97..26e34e3757 100644
--- a/erts/emulator/valgrind/suppress.standard
+++ b/erts/emulator/valgrind/suppress.standard
@@ -266,3 +266,43 @@ fun:erl_init
 fun:erl_start
 fun:main
 }
+
+{
+Permanent cache aligned malloc for array of mseg allocators
+Memcheck:Leak
+fun:malloc
+fun:erts_mseg_init
+fun:erts_alloc_init
+fun:early_init
+fun:erl_start
+fun:main
+}
+
+{
+Early permanent cache aligned erl_process:aux_work_tmo
+Memcheck:Leak
+fun:malloc
+fun:aux_work_timeout_early_init
+fun:erts_early_init_scheduling
+fun:early_init
+fun:erl_start
+fun:main
+}
+
+{
+Early permanent cache aligned ts_event_pool
+Memcheck:Leak
+fun:malloc
+fun:erts_sys_alloc
+fun:erts_alloc_fnf
+fun:ethr_std_alloc
+fun:ts_event_pool
+fun:init_ts_event_alloc
+fun:ethr_late_init_common__
+fun:ethr_late_init
+fun:erts_thr_late_init
+fun:early_init
+fun:erl_start
+fun:main
+}
+
diff --git a/erts/emulator/zlib/Makefile.in b/erts/emulator/zlib/Makefile.in
deleted file mode 100644
index b44a87551d..0000000000
--- a/erts/emulator/zlib/Makefile.in
+++ /dev/null
@@ -1,102 +0,0 @@
-# Makefile for zlib
-# Copyright (C) 1995-1996 Jean-loup Gailly.
-# For conditions of distribution and use, see copyright notice in zlib.h 
-
-# %ExternalCopyright%
-
-# To compile and test, type:
-#   ./configure; make test
-# The call of configure is optional if you don't have special requirements
-
-# To install /usr/local/lib/libz.* and /usr/local/include/zlib.h, type:
-#    make install
-# To install in $HOME instead of /usr/local, use:
-#    make install prefix=$HOME
-
-ARFLAGS = rc
-CFLAGS = $(subst -O2, -O3, @CFLAGS@ @DEFS@ @EMU_THR_DEFS@)
-#CFLAGS=-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7
-#CFLAGS=-g -DDEBUG
-#CFLAGS=-O3 -Wall -Wwrite-strings -Wpointer-arith -Wconversion \
-#           -Wstrict-prototypes -Wmissing-prototypes
-
-VER=1.0.4
-
-O = adler32.o compress.o crc32.o uncompr.o deflate.o trees.o \
-       zutil.o inflate.o inftrees.o inffast.o
-OBJS = $(O:%=$(OBJDIR)/%)
-
-
-#### Begin OTP targets
-
-include $(ERL_TOP)/make/target.mk
-
-ifeq ($(TYPE),gcov)
-CFLAGS = -O0 -fprofile-arcs -ftest-coverage @DEBUG_CFLAGS@ @DEFS@ @EMU_THR_DEFS@
-else  # gcov
-ifeq ($(TYPE),debug)
-CFLAGS = @DEBUG_CFLAGS@ @DEFS@ @EMU_THR_DEFS@
-endif # debug
-endif # gcov
-
-# On windows we *need* a separate zlib during debug build
-OBJDIR= $(ERL_TOP)/erts/emulator/zlib/obj/$(TARGET)/$(TYPE)
-
-include $(ERL_TOP)/make/$(TARGET)/otp.mk
-
-ifeq ($(TARGET), win32)
-LIBRARY=$(OBJDIR)/z.lib
-else
-LIBRARY=$(OBJDIR)/libz.a
-endif
-
-all: $(LIBRARY)
-
-# ----------------------------------------------------
-# Release Target
-# ---------------------------------------------------- 
-include $(ERL_TOP)/make/otp_release_targets.mk
-
-release_spec: opt
-
-tests release_tests:
-
-docs release_docs release_docs_spec:
-
-clean:
-	rm -f $(OBJS) $(OBJDIR)/libz.a
-
-#### end OTP targets
-
-ifeq ($(TARGET), win32)
-$(LIBRARY): $(OBJS)
-	$(AR) -out:$@ $(OBJS)
-else
-$(LIBRARY): $(OBJS)
-	$(AR) $(ARFLAGS) $@ $(OBJS)
-	-@ ($(RANLIB) $@ || true) 2>/dev/null
-endif
-
-$(OBJDIR)/%.o: %.c
-	$(CC) -c $(CFLAGS) -o $@ $<
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-adler32.o: zlib.h zconf.h
-compress.o: zlib.h zconf.h
-crc32.o: zlib.h zconf.h
-deflate.o: deflate.h zutil.h zlib.h zconf.h
-example.o: zlib.h zconf.h
-gzio.o: zutil.h zlib.h zconf.h
-infblock.o: infblock.h inftrees.h infcodes.h infutil.h zutil.h zlib.h zconf.h
-infcodes.o: zutil.h zlib.h zconf.h
-infcodes.o: inftrees.h infblock.h infcodes.h infutil.h inffast.h
-inffast.o: zutil.h zlib.h zconf.h inftrees.h
-inffast.o: infblock.h infcodes.h infutil.h inffast.h
-inflate.o: zutil.h zlib.h zconf.h infblock.h
-inftrees.o: zutil.h zlib.h zconf.h inftrees.h
-infutil.o: zutil.h zlib.h zconf.h infblock.h inftrees.h infcodes.h infutil.h
-minigzip.o:  zlib.h zconf.h 
-trees.o: deflate.h zutil.h zlib.h zconf.h 
-uncompr.o: zlib.h zconf.h
-zutil.o: zutil.h zlib.h zconf.h  
diff --git a/erts/emulator/zlib/zlib.mk b/erts/emulator/zlib/zlib.mk
new file mode 100644
index 0000000000..fa1f159fae
--- /dev/null
+++ b/erts/emulator/zlib/zlib.mk
@@ -0,0 +1,74 @@
+#-*-makefile-*-   ; force emacs to enter makefile-mode
+# ----------------------------------------------------
+# Make include file for zlib
+#
+# %CopyrightBegin%
+#
+# Copyright Ericsson AB 2011-2012. All Rights Reserved.
+#
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+#
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+#
+# %CopyrightEnd%
+#
+# ----------------------------------------------------
+# Copyright for zlib itself see copyright notice in zlib.h
+
+ZLIB_FILES = \
+	adler32 \
+	compress \
+	crc32 \
+	uncompr \
+	deflate \
+	trees \
+	zutil \
+	inflate \
+	inftrees \
+	inffast
+
+# On windows we *need* a separate zlib during debug build
+ZLIB_OBJDIR = $(ERL_TOP)/erts/emulator/zlib/obj/$(TARGET)/$(TYPE)
+
+ZLIB_OBJS = $(ZLIB_FILES:%=$(ZLIB_OBJDIR)/%.o)
+ZLIB_SRC = $(ZLIB_FILES:%=zlib/%.c)
+
+ifeq ($(TARGET), win32)
+ZLIB_LIBRARY = $(ZLIB_OBJDIR)/z.lib
+else
+ZLIB_LIBRARY = $(ZLIB_OBJDIR)/libz.a
+endif
+
+
+ifeq ($(TYPE),gcov)
+ZLIB_CFLAGS = -O0 -fprofile-arcs -ftest-coverage $(DEBUG_CFLAGS) $(DEFS) $(THR_DEFS)
+else  # gcov
+ifeq ($(TYPE),debug)
+ZLIB_CFLAGS = $(DEBUG_CFLAGS) $(DEFS) $(THR_DEFS)
+else # debug
+ZLIB_CFLAGS = $(subst -O2, -O3, $(CONFIGURE_CFLAGS) $(DEFS) $(THR_DEFS))
+#ZLIB_CFLAGS=-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7
+#ZLIB_CFLAGS=-g -DDEBUG
+#ZLIB_CFLAGS=-O3 -Wall -Wwrite-strings -Wpointer-arith -Wconversion \
+#	-Wstrict-prototypes -Wmissing-prototypes
+endif # debug
+endif # gcov
+
+ifeq ($(TARGET), win32)
+$(ZLIB_LIBRARY): $(ZLIB_OBJS)
+	$(AR) -out:$@ $(ZLIB_OBJS)
+else
+$(ZLIB_LIBRARY): $(ZLIB_OBJS)
+	$(AR) $(ARFLAGS) $@ $(ZLIB_OBJS)
+	-@ ($(RANLIB) $@ || true) 2>/dev/null
+endif
+
+$(ZLIB_OBJDIR)/%.o: zlib/%.c
+	$(CC) -c $(ZLIB_CFLAGS) -o $@ $<
diff --git a/erts/epmd/src/Makefile.in b/erts/epmd/src/Makefile.in
index 2f5296a5e8..5767edc346 100644
--- a/erts/epmd/src/Makefile.in
+++ b/erts/epmd/src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1998-2010. All Rights Reserved.
+# Copyright Ericsson AB 1998-2012. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -24,6 +24,7 @@ PURIFY     =
 TYPEMARKER = .debug
 TYPE_FLAGS = -DDEBUG @DEBUG_FLAGS@
 else
+
 ifeq ($(TYPE),purify)
 PURIFY     = purify
 TYPEMARKER =
@@ -33,6 +34,8 @@ else
   TYPE_FLAGS = -O2 -DPURIFY
 endif
 else
+
+override TYPE = opt
 PURIFY     =
 TYPEMARKER =
 ifeq ($(findstring ose,$(TARGET)),ose)
@@ -65,6 +68,8 @@ ERTS_INTERNAL_LIBS=-L../../lib/internal/$(TARGET) -lerts_internal$(ERTS_LIB_TYPE
 endif
 endif
 
+ERTS_LIB = $(ERL_TOP)/erts/lib_src/obj/$(TARGET)/$(TYPE)/MADE
+
 CC      = @CC@
 WFLAGS  = @WFLAGS@
 CFLAGS  = @CFLAGS@ @DEFS@ $(TYPE_FLAGS) $(WFLAGS) $(ERTS_INCL)
@@ -106,7 +111,7 @@ EPMD_OBJS = $(OBJDIR)/epmd.o       \
 #---------------------------------
 
 
-all: erts_lib $(BINDIR)/$(EPMD)
+all: $(BINDIR)/$(EPMD)
 
 docs:
 
@@ -122,13 +127,13 @@ clean:
 # Objects & executables
 #
 
-$(BINDIR)/$(EPMD): $(EPMD_OBJS)
+$(BINDIR)/$(EPMD): $(EPMD_OBJS) $(ERTS_LIB)
 	$(PURIFY) $(LD) $(LDFLAGS) -o $@ $(EPMD_OBJS) $(LIBS)
 
 $(OBJDIR)/%.o: %.c epmd.h epmd_int.h
 	$(CC) $(CFLAGS) $(EPMD_FLAGS) -o $@ -c $<
 
-erts_lib:
+$(ERTS_LIB):
 	cd $(ERL_TOP)/erts/lib_src && $(MAKE) $(TYPE)
 
 include $(ERL_TOP)/make/otp_release_targets.mk
@@ -139,4 +144,3 @@ release_spec: all
 
 
 release_docs_spec:
-
diff --git a/erts/etc/common/Makefile.in b/erts/etc/common/Makefile.in
index 4754328c0b..28c5e5ccad 100644
--- a/erts/etc/common/Makefile.in
+++ b/erts/etc/common/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1996-2010. All Rights Reserved.
+# Copyright Ericsson AB 1996-2012. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -22,13 +22,14 @@ include $(ERL_TOP)/make/target.mk
 ERTS_LIB_TYPEMARKER=.$(TYPE)
 
 USING_MINGW=@MIXED_CYGWIN_MINGW@
-USING_VC=@MIXED_CYGWIN_VC@
+USING_VC=@MIXED_VC@
 
 ifeq ($(TYPE),debug)
 PURIFY =
 TYPEMARKER = .debug
 TYPE_FLAGS = -DDEBUG @DEBUG_FLAGS@
 else
+
 ifeq ($(TYPE),purify)
 PURIFY = purify
 TYPEMARKER =
@@ -38,6 +39,8 @@ else
 TYPE_FLAGS = -g -O2 -DPURIFY
 endif
 else
+
+override TYPE=opt
 PURIFY =
 TYPEMARKER =
 ERTS_LIB_TYPEMARKER=
@@ -101,6 +104,8 @@ else
 ERTS_INTERNAL_LIBS=-L../../lib/internal/$(TARGET) -lerts_internal$(ERTS_LIB_TYPEMARKER) @ERTS_INTERNAL_X_LIBS@ -lm
 endif
 
+ERTS_LIB = $(ERL_TOP)/erts/lib_src/obj/$(TARGET)/$(TYPE)/MADE
+
 # ----------------------------------------------------
 # Release directory specification
 # ----------------------------------------------------
@@ -161,9 +166,8 @@ ERLSRV_OBJECTS= \
 	$(OBJDIR)/erlsrv_main.o \
 	$(OBJDIR)/erlsrv_util.o \
 	$(OBJDIR)/erlsrv_logmess.res
-MC_OUTPUTS= \
-	$(OBJDIR)/erlsrv_logmess.h $(OBJDIR)/erlsrv_logmess.rc
-	MT_FLAG="-MT"
+MC_OUTPUTS=$(OBJDIR)/erlsrv_logmess.h $(OBJDIR)/erlsrv_logmess.rc
+MT_FLAG="-MT"
 else
 ERLRES_OBJ=erl_res.o
 ERLSRV_OBJECTS= \
@@ -173,9 +177,8 @@ ERLSRV_OBJECTS= \
 	$(OBJDIR)/erlsrv_main.o \
 	$(OBJDIR)/erlsrv_util.o \
 	$(OBJDIR)/erlsrv_logmess.o
-MC_OUTPUTS= \
-	$(OBJDIR)/erlsrv_logmess.h $(OBJDIR)/erlsrv_logmess.res
-	MT_FLAG="-MD"
+MC_OUTPUTS=$(OBJDIR)/erlsrv_logmess.h $(OBJDIR)/erlsrv_logmess.res
+MT_FLAG="-MD"
 endif
 INET_GETHOST = $(BINDIR)/inet_gethost.exe
 INSTALL_EMBEDDED_PROGS += $(BINDIR)/typer.exe $(BINDIR)/dialyzer.exe $(BINDIR)/erlc.exe $(BINDIR)/start_erl.exe $(BINDIR)/escript.exe $(BINDIR)/ct_run.exe
@@ -232,14 +235,17 @@ endif
 endif
 endif
 
-etc:	erts_lib $(ENTRY_OBJ) $(INSTALL_PROGS) $(INSTALL_LIBS) $(TEXTFILES) $(INSTALL_TOP_BIN)
+.PHONY: etc
+etc:	$(ENTRY_OBJ) $(INSTALL_PROGS) $(INSTALL_LIBS) $(TEXTFILES) $(INSTALL_TOP_BIN)
 
 # erlexec needs the erts_internal library...
-erts_lib:
+$(ERTS_LIB):
 	cd $(ERL_TOP)/erts/lib_src && $(MAKE) $(TYPE)
 
+.PHONY: docs
 docs:
 
+.PHONY: clean
 clean:
 ifneq ($(INSTALL_PROGS),)
 	rm -f $(INSTALL_PROGS)
@@ -278,85 +284,9 @@ endif
 	rm -f $(ERL_TOP)/erts/obj*/$(TARGET)/vxcall.o
 	rm -f $(ERL_TOP)/erts/obj*/$(TARGET)/erl.o
 	rm -f $(ERL_TOP)/erts/obj*/$(TARGET)/werl.o
+	rm -f $(TEXTFILES)
 	rm -f *~ core
 
-#
-# Objects & executables
-#
-#$(OBJDIR)/%.o: %.c
-#	$(CC) $(CFLAGS) -o $@ -c $<
-#
-#$(OBJDIR)/%.o: ../unix/%.c
-#	$(CC) $(CFLAGS) -o $@ -c $<
-#
-#$(BINDIR)/%: $(OBJDIR)/%.o
-#	$(PURIFY) $(LD) $(LDFLAGS) -o $@ $< $(LIBS)
-
-$(OBJDIR)/inet_gethost.o: inet_gethost.c
-	$(CC) $(CFLAGS) -o $@ -c inet_gethost.c
-
-$(BINDIR)/inet_gethost@EXEEXT@: $(OBJDIR)/inet_gethost.o $(ENTRY_OBJ)
-	$(PURIFY) $(LD) $(LDFLAGS) $(ENTRY_LDFLAGS) -o $@ $(OBJDIR)/inet_gethost.o $(ENTRY_OBJ) $(LIBS) $(ERTS_INTERNAL_LIBS)
-
-$(BINDIR)/run_erl: $(OBJDIR)/safe_string.o $(OBJDIR)/run_erl.o
-	$(LD) $(LDFLAGS) -o $@ $(OBJDIR)/safe_string.o $(OBJDIR)/run_erl.o $(LIBS)
-
-$(OBJDIR)/run_erl.o: ../unix/run_erl.c
-	$(CC) $(CFLAGS) -o $@ -c ../unix/run_erl.c
-
-$(BINDIR)/to_erl: $(OBJDIR)/safe_string.o $(OBJDIR)/to_erl.o
-	$(LD) $(LDFLAGS) -o $@  $(OBJDIR)/safe_string.o $(OBJDIR)/to_erl.o
-
-$(OBJDIR)/to_erl.o: ../unix/to_erl.c
-	$(CC) $(CFLAGS) -o $@ -c ../unix/to_erl.c
-
-$(BINDIR)/dyn_erl: $(OBJDIR)/safe_string.o $(OBJDIR)/dyn_erl.o
-	$(LD) $(LDFLAGS) -o $@  $(OBJDIR)/safe_string.o $(OBJDIR)/dyn_erl.o
-
-$(OBJDIR)/dyn_erl.o: ../unix/dyn_erl.c
-	$(CC) $(CFLAGS) -o $@ -c ../unix/dyn_erl.c
-
-$(OBJDIR)/safe_string.o: ../unix/safe_string.c
-	$(CC) $(CFLAGS) -o $@ -c ../unix/safe_string.c
-
-ifneq ($(TARGET),win32)
-$(BINDIR)/$(ERLEXEC): $(OBJDIR)/$(ERLEXEC).o
-	$(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/$(ERLEXEC).o $(ERTS_INTERNAL_LIBS)
-
-$(OBJDIR)/$(ERLEXEC).o: $(ERLEXECDIR)/$(ERLEXEC).c
-	$(CC) -I$(EMUDIR) $(CFLAGS) -o $@ -c $(ERLEXECDIR)/$(ERLEXEC).c
-endif
-$(BINDIR)/erlc@EXEEXT@: $(OBJDIR)/erlc.o
-	$(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/erlc.o -L$(OBJDIR) $(LIBS) $(ERTS_INTERNAL_LIBS)
-
-$(OBJDIR)/erlc.o: erlc.c
-	$(CC) $(CFLAGS) -o $@ -c erlc.c
-
-$(BINDIR)/dialyzer@EXEEXT@: $(OBJDIR)/dialyzer.o
-	$(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/dialyzer.o -L$(OBJDIR) $(LIBS) $(ERTS_INTERNAL_LIBS)
-
-$(OBJDIR)/dialyzer.o: dialyzer.c
-	$(CC) $(CFLAGS) -o $@ -c dialyzer.c
-
-$(BINDIR)/typer@EXEEXT@: $(OBJDIR)/typer.o
-	$(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/typer.o -L$(OBJDIR) $(LIBS) $(ERTS_INTERNAL_LIBS)
-
-$(OBJDIR)/typer.o: typer.c
-	$(CC) $(CFLAGS) -o $@ -c typer.c
-
-$(BINDIR)/escript@EXEEXT@: $(OBJDIR)/escript.o
-	$(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/escript.o -L$(OBJDIR) $(LIBS) $(ERTS_INTERNAL_LIBS)
-
-$(OBJDIR)/escript.o: escript.c
-	$(CC) $(CFLAGS) -o $@ -c escript.c
-
-$(BINDIR)/ct_run@EXEEXT@: $(OBJDIR)/ct_run.o
-	$(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/ct_run.o -L$(OBJDIR) $(LIBS) $(ERTS_INTERNAL_LIBS)
-
-$(OBJDIR)/ct_run.o: ct_run.c
-	$(CC) $(CFLAGS) -o $@ -c ct_run.c
-
-
 #------------------------------------------------------------------------
 # Windows specific targets
 # The windows platform is quite different from the others. erl/werl are small C programs
@@ -367,7 +297,7 @@ $(OBJDIR)/ct_run.o: ct_run.c
 
 ifeq ($(TARGET),win32)
 
-$(BINDIR)/$(ERLEXEC): $(OBJDIR)/erlexec.o $(OBJDIR)/win_erlexec.o $(OBJDIR)/init_file.o  $(OBJDIR)/$(ERLRES_OBJ)
+$(BINDIR)/$(ERLEXEC): $(OBJDIR)/erlexec.o $(OBJDIR)/win_erlexec.o $(OBJDIR)/init_file.o  $(OBJDIR)/$(ERLRES_OBJ) $(ERTS_LIB)
 	$(LD) -dll $(LDFLAGS) -o $@ $(OBJDIR)/erlexec.o $(OBJDIR)/win_erlexec.o $(OBJDIR)/init_file.o $(OBJDIR)/$(ERLRES_OBJ) $(ERTS_INTERNAL_LIBS)
 
 $(BINDIR)/erl@EXEEXT@: $(OBJDIR)/erl.o $(OBJDIR)/init_file.o $(OBJDIR)/$(ERLRES_OBJ)
@@ -382,58 +312,75 @@ $(BINDIR)/start_erl@EXEEXT@: $(OBJDIR)/start_erl.o
 $(BINDIR)/Install@EXEEXT@: $(OBJDIR)/Install.o  $(OBJDIR)/init_file.o 
 	$(LD) $(LDFLAGS) -o $@  $(OBJDIR)/Install.o  $(OBJDIR)/init_file.o
 
+# The service expects to be compiled with $(MT_FLAG) flag.
 $(BINDIR)/erlsrv@EXEEXT@: $(ERLSRV_OBJECTS)
 	$(LD) $(LDFLAGS) $(MT_FLAG) -o $@ $(ERLSRV_OBJECTS)
 
-# The service expects to be compiled with $(MT_FLAG) flag.
-
-$(OBJDIR)/%.o: $(WINETC)/erlsrv/%.c $(ERLSRV_HEADERS)
-	$(CC) $(CFLAGS) $(MT_FLAG) -o $@ -c $<
-
-$(OBJDIR)/erlsrv_util.o: $(WINETC)/erlsrv/erlsrv_util.c $(ERLSRV_HEADERS) \
-$(OBJDIR)/erlsrv_logmess.h
-	$(CC) $(CFLAGS) -I$(OBJDIR) $(MT_FLAG) -o $@ -c $<
+# To fix a spooky parallel make build problem on Windows there are some
+# false dependencies on the $(MC), $(RC) and .o rules. The theory behind
+# is that the $(MC) and/or $(RC) compilers seems to temporarily create and
+# destroy a toplevel file vc100.pdb that simultaneous ordinary compilations
+# (that have been by flags explicitly ordered to not use .pdb files)
+# gets upset when that file vanishes from under their feet.
+#
+# The false dependencies are targeted to make make (pun intended) run
+# the $(MC) and $(RC) compilations to completion before all others.
+
+LOGMESS_GENERATED = $(OBJDIR)/LOGMESS-GENERATED
+$(MC_OUTPUTS): $(LOGMESS_GENERATED)
+$(LOGMESS_GENERATED): $(WINETC)/erlsrv/erlsrv_logmess.mc
+	$(MC) -o $(OBJDIR) $(WINETC)/erlsrv/erlsrv_logmess.mc && \
+		echo $? >$(LOGMESS_GENERATED)
+
+$(OBJDIR)/$(ERLRES_OBJ): $(WINETC)/erl.rc $(WINETC)/erlang.ico \
+		$(WINETC)/erl_icon.ico $(WINETC)/hrl_icon.ico \
+		$(WINETC)/beam_icon.ico $(LOGMESS_GENERATED)
+	$(RC) -o $@ -I$(WINETC) $(WINETC)/erl.rc
 
 ifeq ($(USING_VC), yes)
-$(OBJDIR)/erlsrv_logmess.res: $(OBJDIR)/erlsrv_logmess.rc
+RC_GENERATED = $(OBJDIR)/erlsrv_logmess.res
+$(RC_GENERATED): $(OBJDIR)/erlsrv_logmess.rc $(OBJDIR)/$(ERLRES_OBJ)
 	$(RC) -o $(OBJDIR)/erlsrv_logmess.res -I$(OBJDIR) $(OBJDIR)/erlsrv_logmess.rc
 else
-$(OBJDIR)/erlsrv_logmess.o: $(OBJDIR)/erlsrv_logmess.res
+RC_GENERATED = $(OBJDIR)/erlsrv_logmess.o
+$(RC_GENERATED): $(OBJDIR)/erlsrv_logmess.res $(OBJDIR)/$(ERLRES_OBJ)
 	$(RC) -o $(OBJDIR)/erlsrv_logmess.o -I$(OBJDIR) $(OBJDIR)/erlsrv_logmess.res
 endif
 
-$(MC_OUTPUTS): $(WINETC)/erlsrv/erlsrv_logmess.mc
-	$(MC) -o $(OBJDIR) $(WINETC)/erlsrv/erlsrv_logmess.mc
+# The service expects to be compiled with $(MT_FLAG) flag.
+$(OBJDIR)/%.o: $(WINETC)/erlsrv/%.c $(ERLSRV_HEADERS) $(RC_GENERATED)
+	$(CC) $(CFLAGS) $(MT_FLAG) -o $@ -c $<
 
-$(OBJDIR)/werl.o: $(WINETC)/erl.c
+$(OBJDIR)/erlsrv_util.o: $(WINETC)/erlsrv/erlsrv_util.c $(ERLSRV_HEADERS) \
+		$(OBJDIR)/erlsrv_logmess.h $(RC_GENERATED)
+	$(CC) $(CFLAGS) -I$(OBJDIR) $(MT_FLAG) -o $@ -c $<
+
+$(OBJDIR)/werl.o: $(WINETC)/erl.c $(WINETC)/init_file.h $(RC_GENERATED)
 	$(CC) $(CFLAGS) -DBUILD_TYPE=\"-$(TYPE)\" -DERL_RUN_SHARED_LIB=1 \
 	-DWIN32_WERL -o $@ -c $(WINETC)/erl.c
 
-$(OBJDIR)/erl.o: $(WINETC)/erl.c
+$(OBJDIR)/erl.o: $(WINETC)/erl.c $(WINETC)/init_file.h $(RC_GENERATED)
 	$(CC) $(CFLAGS) -DBUILD_TYPE=\"-$(TYPE)\" -DERL_RUN_SHARED_LIB=1 \
 	-o $@ -c $(WINETC)/erl.c
 
-$(OBJDIR)/erlexec.o: $(ERLEXECDIR)/erlexec.c
+$(OBJDIR)/erlexec.o: $(ERLEXECDIR)/erlexec.c $(RC_GENERATED)
 	$(CC) $(CFLAGS) -DBUILD_TYPE=\"-$(TYPE)\" -DERL_RUN_SHARED_LIB=1 \
 	-o $@ -c $(ERLEXECDIR)/erlexec.c
 
-$(OBJDIR)/win_erlexec.o: $(WINETC)/win_erlexec.c
+$(OBJDIR)/win_erlexec.o: $(WINETC)/win_erlexec.c $(RC_GENERATED)
 	$(CC) $(CFLAGS) -DBUILD_TYPE=\"-$(TYPE)\" -DERL_RUN_SHARED_LIB=1 \
 	-o $@ -c $(WINETC)/win_erlexec.c
 
-$(OBJDIR)/init_file.o: $(WINETC)/init_file.c $(WINETC)/init_file.h
+$(OBJDIR)/init_file.o: $(WINETC)/init_file.c $(WINETC)/init_file.h $(RC_GENERATED)
 	$(CC) $(CFLAGS) -o $@ -c $(WINETC)/init_file.c
 
-$(OBJDIR)/Install.o: $(WINETC)/Install.c $(WINETC)/init_file.h
+$(OBJDIR)/Install.o: $(WINETC)/Install.c $(WINETC)/init_file.h $(RC_GENERATED)
 	$(CC) $(CFLAGS) -o $@ -c $(WINETC)/Install.c
 
-$(OBJDIR)/$(ERLRES_OBJ): $(WINETC)/erl.rc $(WINETC)/erlang.ico $(WINETC)/erl_icon.ico $(WINETC)/hrl_icon.ico $(WINETC)/beam_icon.ico
-	$(RC) -o $@ -I$(WINETC) $(WINETC)/erl.rc
-
-$(OBJDIR)/start_erl.o: $(WINETC)/start_erl.c
+$(OBJDIR)/start_erl.o: $(WINETC)/start_erl.c $(RC_GENERATED)
 	$(CC) $(CFLAGS) -o $@ -c $(WINETC)/start_erl.c
 
-$(ENTRY_OBJ): $(ENTRY_SRC)
+$(ENTRY_OBJ): $(ENTRY_SRC) $(RC_GENERATED)
 	$(CC) $(CFLAGS) -o $@ -c $(ENTRY_SRC)
 
 Install.ini:	../$(TARGET)/Install.src ../../vsn.mk $(TARGET)/Makefile
@@ -442,6 +389,8 @@ Install.ini:	../$(TARGET)/Install.src ../../vsn.mk $(TARGET)/Makefile
           ../$(TARGET)/Install.src > Install.ini
 
 
+else
+RC_GENERATED =
 endif
 #---------------------------------------------------------
 # End of windows specific targets.
@@ -469,7 +418,7 @@ $(BINDIR)/heart@EXEEXT@: $(OBJDIR)/heart.o $(ENTRY_OBJ)
 	$(LD) $(LDFLAGS) $(ENTRY_LDFLAGS) -o $@ $(OBJDIR)/heart.o \
 		$(ENTRY_OBJ) $(WINDSOCK)
 
-$(OBJDIR)/heart.o: heart.c
+$(OBJDIR)/heart.o: heart.c $(RC_GENERATED)
 	$(CC) $(CFLAGS) -o $@ -c heart.c
 
 endif
@@ -497,6 +446,84 @@ $(OBJDIR)/vxcall.o: $(VXETC)/vxcall.c
 
 
 
+#
+# Objects & executables
+#
+#$(OBJDIR)/%.o: %.c
+#	$(CC) $(CFLAGS) -o $@ -c $<
+#
+#$(OBJDIR)/%.o: ../unix/%.c
+#	$(CC) $(CFLAGS) -o $@ -c $<
+#
+#$(BINDIR)/%: $(OBJDIR)/%.o
+#	$(PURIFY) $(LD) $(LDFLAGS) -o $@ $< $(LIBS)
+
+$(OBJDIR)/inet_gethost.o: inet_gethost.c $(RC_GENERATED)
+	$(CC) $(CFLAGS) -o $@ -c inet_gethost.c
+
+$(BINDIR)/inet_gethost@EXEEXT@: $(OBJDIR)/inet_gethost.o $(ENTRY_OBJ) $(ERTS_LIB)
+	$(PURIFY) $(LD) $(LDFLAGS) $(ENTRY_LDFLAGS) -o $@ $(OBJDIR)/inet_gethost.o $(ENTRY_OBJ) $(LIBS) $(ERTS_INTERNAL_LIBS)
+
+$(BINDIR)/run_erl: $(OBJDIR)/safe_string.o $(OBJDIR)/run_erl.o
+	$(LD) $(LDFLAGS) -o $@ $(OBJDIR)/safe_string.o $(OBJDIR)/run_erl.o $(LIBS)
+
+$(OBJDIR)/run_erl.o: ../unix/run_erl.c $(RC_GENERATED)
+	$(CC) $(CFLAGS) -o $@ -c ../unix/run_erl.c
+
+$(BINDIR)/to_erl: $(OBJDIR)/safe_string.o $(OBJDIR)/to_erl.o
+	$(LD) $(LDFLAGS) -o $@  $(OBJDIR)/safe_string.o $(OBJDIR)/to_erl.o
+
+$(OBJDIR)/to_erl.o: ../unix/to_erl.c $(RC_GENERATED)
+	$(CC) $(CFLAGS) -o $@ -c ../unix/to_erl.c
+
+$(BINDIR)/dyn_erl: $(OBJDIR)/safe_string.o $(OBJDIR)/dyn_erl.o
+	$(LD) $(LDFLAGS) -o $@  $(OBJDIR)/safe_string.o $(OBJDIR)/dyn_erl.o
+
+$(OBJDIR)/dyn_erl.o: ../unix/dyn_erl.c $(RC_GENERATED)
+	$(CC) $(CFLAGS) -o $@ -c ../unix/dyn_erl.c
+
+$(OBJDIR)/safe_string.o: ../unix/safe_string.c $(RC_GENERATED)
+	$(CC) $(CFLAGS) -o $@ -c ../unix/safe_string.c
+
+ifneq ($(TARGET),win32)
+$(BINDIR)/$(ERLEXEC): $(OBJDIR)/$(ERLEXEC).o $(ERTS_LIB)
+	$(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/$(ERLEXEC).o $(ERTS_INTERNAL_LIBS)
+
+$(OBJDIR)/$(ERLEXEC).o: $(ERLEXECDIR)/$(ERLEXEC).c $(RC_GENERATED)
+	$(CC) -I$(EMUDIR) $(CFLAGS) -o $@ -c $(ERLEXECDIR)/$(ERLEXEC).c
+endif
+$(BINDIR)/erlc@EXEEXT@: $(OBJDIR)/erlc.o $(ERTS_LIB)
+	$(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/erlc.o -L$(OBJDIR) $(LIBS) $(ERTS_INTERNAL_LIBS)
+
+$(OBJDIR)/erlc.o: erlc.c $(RC_GENERATED)
+	$(CC) $(CFLAGS) -o $@ -c erlc.c
+
+$(BINDIR)/dialyzer@EXEEXT@: $(OBJDIR)/dialyzer.o $(ERTS_LIB)
+	$(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/dialyzer.o -L$(OBJDIR) $(LIBS) $(ERTS_INTERNAL_LIBS)
+
+$(OBJDIR)/dialyzer.o: dialyzer.c $(RC_GENERATED)
+	$(CC) $(CFLAGS) -o $@ -c dialyzer.c
+
+$(BINDIR)/typer@EXEEXT@: $(OBJDIR)/typer.o $(ERTS_LIB)
+	$(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/typer.o -L$(OBJDIR) $(LIBS) $(ERTS_INTERNAL_LIBS)
+
+$(OBJDIR)/typer.o: typer.c $(RC_GENERATED)
+	$(CC) $(CFLAGS) -o $@ -c typer.c
+
+$(BINDIR)/escript@EXEEXT@: $(OBJDIR)/escript.o $(ERTS_LIB)
+	$(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/escript.o -L$(OBJDIR) $(LIBS) $(ERTS_INTERNAL_LIBS)
+
+$(OBJDIR)/escript.o: escript.c $(RC_GENERATED)
+	$(CC) $(CFLAGS) -o $@ -c escript.c
+
+$(BINDIR)/ct_run@EXEEXT@: $(OBJDIR)/ct_run.o $(ERTS_LIB)
+	$(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/ct_run.o -L$(OBJDIR) $(LIBS) $(ERTS_INTERNAL_LIBS)
+
+$(OBJDIR)/ct_run.o: ct_run.c $(RC_GENERATED)
+	$(CC) $(CFLAGS) -o $@ -c ct_run.c
+
+
+
 Install:	../unix/Install.src ../../vsn.mk $(TARGET)/Makefile
 	sed -e 's;%I_VSN%;$(VSN);' \
 	    -e 's;%EMULATOR%;$(EMULATOR);' \
@@ -515,6 +542,7 @@ erl.src: ../unix/erl.src.src ../../vsn.mk $(TARGET)/Makefile
 # ---------------------------------------------------- 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
+.PHONY: release_spec
 release_spec: etc
 ifneq ($(INSTALL_OBJS),)
 	$(INSTALL_DIR) $(RELEASE_PATH)/erts-$(VSN)/obj
@@ -561,9 +589,5 @@ ifneq ($(INSTALL_INCLUDES),)
 	$(INSTALL_DATA) $(INSTALL_INCLUDES) $(RELEASE_PATH)/erts-$(VSN)/include
 endif
 
+.PHONY: release_docs_spec
 release_docs_spec:
-
-
-
-
-
diff --git a/erts/etc/common/heart.c b/erts/etc/common/heart.c
index 7a5746e630..fae4d870cc 100644
--- a/erts/etc/common/heart.c
+++ b/erts/etc/common/heart.c
@@ -685,14 +685,16 @@ do_terminate(reason)
 	  print_error("Would reboot. Terminating.");
 	else {
 	  kill_old_erlang();
-	  system(command);
+	  /* suppress gcc warning with 'if' */
+	  if(system(command));
 	  print_error("Executed \"%s\". Terminating.",command);
 	}
 	free_env_val(command);
       }
       else {
 	kill_old_erlang();
-	system((char*)&cmd[0]);
+	/* suppress gcc warning with 'if' */
+	if(system((char*)&cmd[0]));
 	print_error("Executed \"%s\". Terminating.",cmd);
       }
     }
diff --git a/erts/etc/common/inet_gethost.c b/erts/etc/common/inet_gethost.c
index 77bfd5e2bc..d25d2910b4 100644
--- a/erts/etc/common/inet_gethost.c
+++ b/erts/etc/common/inet_gethost.c
@@ -1141,14 +1141,12 @@ static Worker *pick_worker(void)
 static Worker *pick_worker_greedy(AddrByte *domainbuff)
 {
     int i;
-    int ql = 0;
     int found = -1;
     for (i=0; i < num_busy_workers; ++i) {
 	if (domaineq(busy_workers[i].domain, domainbuff)) {
 	    if ((found < 0) || (busy_workers[i].que_size < 
 				busy_workers[found].que_size)) {
 		found = i;
-		ql = busy_workers[i].que_size;
 	    }
 	}
     }
@@ -1945,12 +1943,14 @@ static int worker_loop(void)
 	}
 	m = NULL;
 #else
-	write(1, reply, data_size); /* No signals expected */
+	/* expect no signals */
+	if (write(1, reply, data_size) < 0)
+	    goto fail;
 #endif
     } /* for (;;) */
 
-#ifdef WIN32
  fail:
+#ifdef WIN32
     if (m != NULL) {
 	FREE(m);
     }
@@ -1959,8 +1959,8 @@ static int worker_loop(void)
     if (reply) {
 	FREE(reply);
     }
-    return 1;
 #endif
+    return 1;
 }
 
 static int map_netdb_error(int netdb_code)
@@ -2561,7 +2561,8 @@ static void debugf(char *format, ...)
 	WriteFile(debug_console_allocated,buff,strlen(buff),&res,NULL);
     }
 #else
-    write(2,buff,strlen(buff));
+    /* suppress warning with 'if' */
+    if(write(2,buff,strlen(buff)));
 #endif
     va_end(ap);
 }
@@ -2583,7 +2584,8 @@ static void warning(char *format, ...)
 	WriteFile(GetStdHandle(STD_ERROR_HANDLE),buff,strlen(buff),&res,NULL);
     }
 #else
-    write(2,buff,strlen(buff));
+    /* suppress warning with 'if' */
+    if(write(2,buff,strlen(buff)));
 #endif
     va_end(ap);
 }
@@ -2605,7 +2607,8 @@ static void fatal(char *format, ...)
 	WriteFile(GetStdHandle(STD_ERROR_HANDLE),buff,strlen(buff),&res,NULL);
     }
 #else
-    write(2,buff,strlen(buff));
+    /* suppress warning with 'if' */
+    if(write(2,buff,strlen(buff)));
 #endif
     va_end(ap);
 #ifndef WIN32
diff --git a/erts/etc/unix/to_erl.c b/erts/etc/unix/to_erl.c
index 11fa3ff4cc..67274e67ed 100644
--- a/erts/etc/unix/to_erl.c
+++ b/erts/etc/unix/to_erl.c
@@ -352,7 +352,10 @@ int main(int argc, char **argv)
      * to trigger the version handshaking between to_erl and run_erl
      * at the start of every new to_erl-session.
      */
-    write(wfd, "\022", 1);
+
+    if (write(wfd, "\022", 1) < 0) {
+	fprintf(stderr, "Error in writing ^R to FIFO.\n");
+    }
 
     /*
      * read and write
@@ -412,7 +415,7 @@ int main(int argc, char **argv)
 
 	if (len) {
 #ifdef DEBUG
-	    write(1, buf, len);
+	    if(write(1, buf, len));
 #endif
 	    if (write_all(wfd, buf, len) != len) {
 		fprintf(stderr, "Error in writing to FIFO.\n");
diff --git a/erts/etc/win32/cygwin_tools/vc/emu_cc.sh b/erts/etc/win32/cygwin_tools/vc/emu_cc.sh
index c74c35111b..6c179aed00 100755
--- a/erts/etc/win32/cygwin_tools/vc/emu_cc.sh
+++ b/erts/etc/win32/cygwin_tools/vc/emu_cc.sh
@@ -2,7 +2,7 @@
 # 
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2002-2009. All Rights Reserved.
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -17,6 +17,11 @@
 # 
 # %CopyrightEnd%
 # 
+if [ X"$CONFIG_SUBTYPE" = X"win64" ]; then
+    GCC="x86_64-w64-mingw32-gcc.exe"
+else 
+    GCC="gcc"
+fi
 TOOLDIR=$ERL_TOP/erts/etc/win32/cygwin_tools/vc
 COFFIX=$TOOLDIR/coffix
 WTOOLDIR=`(cygpath -d $TOOLDIR 2>/dev/null || cygpath -w $TOOLDIR)`
@@ -71,7 +76,7 @@ if [ $SKIP_COFFIX = false ]; then
     if [ "X$EMU_CC_SH_DEBUG_LOG" != "X" ]; then
 	echo "gcc -o $TEMPFILE -D__WIN32__ -DWIN32 -DWINDOWS -fomit-frame-pointer $CMD" >> $EMU_CC_SH_DEBUG_LOG 2>&1
     fi
-    eval gcc -o $TEMPFILE -D__WIN32__ -DWIN32 -DWINDOWS -fomit-frame-pointer $CMD
+    eval $GCC -o $TEMPFILE -D__WIN32__ -DWIN32 -DWINDOWS -fomit-frame-pointer $CMD
     RES=$?
     if [ $RES = 0 ]; then
 	$COFFIX.exe -e `(cygpath -d $TEMPFILE 2>/dev/null || cygpath -w $TEMPFILE)`
@@ -85,6 +90,6 @@ if [ $SKIP_COFFIX = false ]; then
     rm -f $TEMPFILE
     exit $RES
 else
-    eval gcc -D__WIN32__ -DWIN32 -DWINDOWS -fomit-frame-pointer -fno-tree-copyrename $CMD 2>/dev/null
+    eval $GCC -D__WIN32__ -DWIN32 -DWINDOWS -fomit-frame-pointer -fno-tree-copyrename $CMD 2>/dev/null
     exit $?
 fi
diff --git a/erts/etc/win32/msys_tools/erl b/erts/etc/win32/msys_tools/erl
new file mode 100644
index 0000000000..525253fd84
--- /dev/null
+++ b/erts/etc/win32/msys_tools/erl
@@ -0,0 +1,42 @@
+#! /bin/sh
+# 
+# %CopyrightBegin%
+# 
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
+# 
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+# 
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+# 
+# %CopyrightEnd%
+# 
+# Note! This shellscript expects to be run in a cygwin environment,
+# it converts erlc command lines to native windows erlc commands, which
+# basically means running the command cygpath on whatever is a path...
+
+CMD=""
+for x in "$@"; do 
+    case "$x" in
+	-I/*|-o/*)
+	    y=`echo $x | sed 's,^-[Io]\(/.*\),\1,g'`;
+	    z=`echo $x | sed 's,^-\([Io]\)\(/.*\),\1,g'`;
+	    MPATH=`msys2win_path.sh -m $y`;
+	    CMD="$CMD -$z\"$MPATH\"";; 
+	/*)
+	    MPATH=`msys2win_path.sh -m $x`;
+	    CMD="$CMD \"$MPATH\"";; 
+	*)
+	    y=`echo $x | sed 's,",\\\",g'`;
+	    CMD="$CMD \"$y\"";;
+    esac
+done
+ERL_TOP=`msys2win_path.sh -m $ERL_TOP`
+export ERL_TOP
+eval erl.exe $CMD
diff --git a/erts/etc/win32/msys_tools/erlc b/erts/etc/win32/msys_tools/erlc
new file mode 100644
index 0000000000..3f53ef7f4f
--- /dev/null
+++ b/erts/etc/win32/msys_tools/erlc
@@ -0,0 +1,59 @@
+#! /bin/sh
+# 
+# %CopyrightBegin%
+# 
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
+# 
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+# 
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+# 
+# %CopyrightEnd%
+# 
+
+
+CMD=""
+ECHO_ONLY=false
+for x in "$@"; do 
+    case "$x" in
+	--echo_only)
+	    ECHO_ONLY=true;;
+	-I/*|-o/*)
+	    y=`echo $x | sed 's,^-[Io]\(/.*\),\1,g'`;
+	    z=`echo $x | sed 's,^-\([Io]\)\(/.*\),\1,g'`;
+	    MPATH=`msys2win_path.sh -m $y`;
+	    CMD="$CMD -$z$MPATH";;
+	-pa/*)
+	    y=`echo $x | sed 's,^-pa\(/.*\),\1,g'`;
+	    MPATH=`msys2win_path.sh -m $y`;
+	    CMD="$CMD -pa $MPATH";;
+	/*)
+	    MPATH=`msys2win_path.sh -m $x`;
+	    CMD="$CMD \"$MPATH\"";; 
+# Needed for  +'{preproc_flags,whatever}'
+	+{preproc_flags,*})
+	     y=`echo $x | sed 's,^+{preproc_flags\,"\(.*\)"},\1,g'`;
+	     z=`eval $0 --echo_only $y`;
+	     case "$z" in # Dont "doubledoublequote"
+		 \"*\") 
+		 CMD="$CMD +'{preproc_flags,$z}'";;
+		 *)
+		 CMD="$CMD +'{preproc_flags,\"$z\"}'";;
+	     esac;;
+	*)
+	    y=`echo $x | sed 's,",\\\",g'`;
+	    CMD="$CMD \"$y\"";;
+    esac
+done
+if [ $ECHO_ONLY = true ]; then
+    echo $CMD
+else
+    eval erlc.exe $CMD
+fi
diff --git a/erts/etc/win32/msys_tools/javac.sh b/erts/etc/win32/msys_tools/javac.sh
new file mode 100644
index 0000000000..2d884bc2c8
--- /dev/null
+++ b/erts/etc/win32/msys_tools/javac.sh
@@ -0,0 +1,65 @@
+#! /bin/sh
+# 
+# %CopyrightBegin%
+# 
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
+# 
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+# 
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+# 
+# %CopyrightEnd%
+# 
+# Note! This shellscript expects to be run in a cygwin environment,
+# it converts erlc command lines to native windows erlc commands, which
+# basically means running the command cygpath on whatever is a path...
+
+CMD=""
+save_IFS=$IFS
+IFS=":"
+NEWCLASSPATH=""
+for x in $CLASSPATH; do
+  TMP=`msys2win_path.sh -m $x`
+  if [ -z "$NEWCLASSPATH" ]; then
+      NEWCLASSPATH="$TMP"
+  else
+      NEWCLASSPATH="$NEWCLASSPATH;$TMP"
+  fi
+done
+IFS=$save_IFS
+CLASSPATH="$NEWCLASSPATH"
+export CLASSPATH
+#echo "CLASSPATH=$CLASSPATH"
+SAVE="$@"
+while test -n "$1" ; do
+    x="$1"
+    case "$x" in
+	-I/*|-o/*|-d/*)
+	    y=`echo $x | sed 's,^-[Iod]\(/.*\),\1,g'`;
+	    z=`echo $x | sed 's,^-\([Iod]\)\(/.*\),\1,g'`;
+	    #echo "Foooo:$z"
+	    MPATH=`msys2win_path.sh -m $y`;
+	    CMD="$CMD -$z\"$MPATH\"";; 
+	-d|-I|-o)
+	    shift;
+	    MPATH=`msys2win_path.sh -m $1`;
+	    CMD="$CMD $x $MPATH";; 
+	/*)
+	    #echo "absolute:"$x;
+	    MPATH=`msys2win_path.sh -m $x`;
+	    CMD="$CMD \"$MPATH\"";; 
+	*)
+	    y=`echo $x | sed 's,",\\\",g'`;
+	    CMD="$CMD \"$y\"";;
+    esac
+    shift
+done
+#echo javac.exe "$CMD"
+eval javac.exe "$CMD"
diff --git a/erts/etc/win32/msys_tools/make_bootstrap_ini.sh b/erts/etc/win32/msys_tools/make_bootstrap_ini.sh
new file mode 100644
index 0000000000..b61965f546
--- /dev/null
+++ b/erts/etc/win32/msys_tools/make_bootstrap_ini.sh
@@ -0,0 +1,44 @@
+#! /bin/bash
+# 
+# %CopyrightBegin%
+# 
+# Copyright Ericsson AB 2003-2011. All Rights Reserved.
+# 
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+# 
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+# 
+# %CopyrightEnd%
+# 
+# Create a local init-file for erlang in the build environment.
+if [ -z "$1" ]; then
+	echo "error: $0: No rootdir given"
+ 	exit 1
+else
+    RDIR=$1
+fi
+if [ -z "$2" ]; then
+	echo "error: $0: No bindir given"
+ 	exit 1
+else
+    BDIR=$2
+fi
+
+DRDIR=`msys2win_path.sh $RDIR | sed 's,\\\,\\\\\\\\,g'`
+DBDIR=`msys2win_path.sh $BDIR | sed 's,\\\,\\\\\\\\,g'`
+
+
+cat > $RDIR/bin/erl.ini <<EOF
+[erlang]
+Bindir=$DBDIR
+Progname=erl
+Rootdir=$DRDIR
+EOF
+
diff --git a/erts/emulator/zlib/Makefile b/erts/etc/win32/msys_tools/make_local_ini.sh
index def8e1aa47..6c5d84c4f5 100644
--- a/erts/emulator/zlib/Makefile
+++ b/erts/etc/win32/msys_tools/make_local_ini.sh
@@ -1,7 +1,8 @@
+#! /bin/bash
 # 
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 2003-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -16,8 +17,25 @@
 # 
 # %CopyrightEnd%
 # 
-#
-# Invoke with GNU make or clearmake -C gnu.
-#
+# Create a local init-file for erlang in the build environment.
+if [ -z "$1" ]; then
+    if [ -z $ERL_TOP ]; then
+	echo "error: $0: No rootdir available"
+ 	exit 1
+    else
+	RDIR=$ERL_TOP
+    fi
+else
+    RDIR=$1
+fi
+
+DDIR=`msys2win_path.sh $RDIR | sed 's,\\\,\\\\\\\\,g'`
+
+
+cat > $RDIR/bin/erl.ini <<EOF
+[erlang]
+Bindir=$DDIR\\\\bin\\\\win32
+Progname=erl
+Rootdir=$DDIR
+EOF
 
-include $(ERL_TOP)/make/run_make.mk
diff --git a/erts/etc/win32/msys_tools/msys2win_path.sh b/erts/etc/win32/msys_tools/msys2win_path.sh
new file mode 100644
index 0000000000..679a9d6a8f
--- /dev/null
+++ b/erts/etc/win32/msys_tools/msys2win_path.sh
@@ -0,0 +1,44 @@
+#! /bin/bash

+MIXED=false

+ABSOLUTE=false

+done=false

+while [ $done = false ]; do

+    case "$1" in

+	-m) 

+	    MIXED=true;

+	    shift;;

+	-a)

+	    ABSOLUTE=true;

+	    shift;;

+	*)

+	    done=true;;

+    esac

+done

+if [ -z "$1" ]; then

+    echo "Usage: $0 <path>" >&2

+    exit 1;

+fi

+MSYS_PATH=`win2msys_path.sh "$1"` # Clean up spaces

+if [ $ABSOLUTE = true ]; then

+    MSYS_DIR=`dirname "$MSYS_PATH"`

+    MSYS_FILE=`basename "$MSYS_PATH"`

+    if [ X"$MSYS_FILE" = X".." ]; then

+	MSYS_DIR="$MSYS_DIR/$MSYS_FILE"

+	WIN_ADD=""

+    else

+	WIN_ADD="/$MSYS_FILE"

+    fi

+    SAVEDIR=`pwd`

+    cd $MSYS_DIR

+    CURRENT=`pwd`

+    cd $SAVEDIR

+    WINPATH=`cmd //C echo $CURRENT`

+    WINPATH="$WINPATH$WIN_ADD"

+else

+    WINPATH=`cmd //c echo $MSYS_PATH`

+fi

+if [ $MIXED = true ]; then

+    echo $WINPATH

+else

+    echo $WINPATH | sed 's,/,\\,g'

+fi
\ No newline at end of file
diff --git a/erts/etc/win32/msys_tools/reg_query.sh b/erts/etc/win32/msys_tools/reg_query.sh
new file mode 100644
index 0000000000..ae6d5c3218
--- /dev/null
+++ b/erts/etc/win32/msys_tools/reg_query.sh
@@ -0,0 +1,24 @@
+#! /bin/sh

+BAT_FILE=/tmp/w$$.bat

+if [ -z "$1" -o -z "$2" ]; then

+    echo "Usage:" "$0" '<key> <valuename>'

+    exit 1

+fi

+BACKED=`echo "$1" | sed 's,/,\\\\,g'`

+# We need to get the 64bit part of the registry, hence we need to execute 

+# a 64bit reg.exe, but c:\windows\system32 is redirected to 32bit versions

+# if we ate in the 32bit virtual environment, why we need to use the 

+# sysnative trick to get to the 64bit executable of reg.exe (ouch!)

+if [ -d $WINDIR/sysnative ]; then

+    REG_CMD="$WINDIR\\sysnative\\reg.exe"

+else

+    REG_CMD="reg"

+fi

+cat > $BAT_FILE <<EOF

+@echo off

+$REG_CMD query "$BACKED" /v "$2"

+EOF

+#echo $BAT_FILE

+#cat $BAT_FILE

+RESULT=`cmd //C $BAT_FILE`

+echo $RESULT | sed "s,.*$2 REG_[^ ]* ,,"

diff --git a/erts/etc/win32/msys_tools/vc/ar.sh b/erts/etc/win32/msys_tools/vc/ar.sh
new file mode 100644
index 0000000000..f4c61e1d92
--- /dev/null
+++ b/erts/etc/win32/msys_tools/vc/ar.sh
@@ -0,0 +1,47 @@
+#! /bin/sh
+# 
+# %CopyrightBegin%
+# 
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
+# 
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+# 
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+# 
+# %CopyrightEnd%
+# 
+CMD=""
+while test -n "$1" ; do
+    x="$1"
+    case "$x" in
+	-out:)
+	    shift
+	    case "$1" in
+		/*)
+		    MPATH=`msys2win_path.sh -m $1`;;
+		 *)
+		    MPATH=$1;;
+	    esac
+	    CMD="$CMD -out:\"$MPATH\"";; 
+	-out:/*)
+	    y=`echo $x | sed 's,^-out:\(/.*\),\1,g'`;
+	    MPATH=`msys2win_path.sh -m $y`;
+	    CMD="$CMD -out:\"$MPATH\"";; 
+	/*)
+	    MPATH=`msys2win_path.sh -m $x`;
+	    CMD="$CMD \"$MPATH\"";; 
+	*)
+	    y=`echo $x | sed 's,",\\\",g'`;
+	    CMD="$CMD \"$y\"";;
+    esac
+    shift
+done
+
+eval lib.exe $CMD
diff --git a/erts/etc/win32/msys_tools/vc/cc.sh b/erts/etc/win32/msys_tools/vc/cc.sh
new file mode 100644
index 0000000000..38b3d2ee81
--- /dev/null
+++ b/erts/etc/win32/msys_tools/vc/cc.sh
@@ -0,0 +1,320 @@
+#! /bin/sh
+# 
+# %CopyrightBegin%
+# 
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
+# 
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+# 
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+# 
+# %CopyrightEnd%
+# 
+# Icky cl wrapper that does it's best to behave like a Unixish cc.
+# Made to work for Erlang builds and to make configure happy, not really 
+# general I suspect.
+# set -x
+# Save the command line for debug outputs
+
+SAVE="$@"
+
+# Constants
+COMMON_CFLAGS="-nologo -D__WIN32__ -DWIN32 -DWINDOWS -D_WIN32 -DNT -D_CRT_SECURE_NO_DEPRECATE"
+
+# Variables
+# The stdout and stderr for the compiler
+MSG_FILE=/tmp/cl.exe.$$.1
+ERR_FILE=/tmp/cl.exe.$$.2
+
+# "Booleans" determined during "command line parsing"
+# If the stdlib option is explicitly passed to this program
+MD_FORCED=false
+# If we're preprocession (only) i.e. -E
+PREPROCESSING=false
+# If we're generating dependencies (implies preprocesing)
+DEPENDENCIES=false
+# If this is supposed to be a debug build
+DEBUG_BUILD=false
+# If this is supposed to be an optimized build (there can only be one...)
+OPTIMIZED_BUILD=false
+# If we're linking or only compiling
+LINKING=true
+
+# This data is accumulated during command line "parsing"
+# The stdlibrary option, default multithreaded dynamic
+MD=-MD
+# Flags for debug compilation
+DEBUG_FLAGS=""
+# Flags for optimization
+OPTIMIZE_FLAGS=""
+# The specified output filename (if any), may be either object or exe.
+OUTFILE=""
+# Unspecified command line options for the compiler
+CMD=""
+# All the c source files, in unix style
+SOURCES=""
+# All the options to pass to the linker, kept in Unix style
+LINKCMD=""
+
+
+# Loop through the parameters and set the above variables accordingly
+# Also convert some cygwin filenames to "mixed style" dito (understood by the
+# compiler very well), except for anything passed to the linker, that script
+# handles those and the sources, which are also kept unixish for now
+
+while test -n "$1" ; do
+    x="$1"
+    case "$x" in
+	-Wall)
+	    ;;
+	-c) 
+	    LINKING=false;;
+	    #CMD="$CMD -c";;
+	-MM)
+	    PREPROCESSING=true;
+	    LINKING=false;
+	    DEPENDENCIES=true;;
+	-E)
+	    PREPROCESSING=true;
+	    LINKING=false;; # Obviously...
+	    #CMD="$CMD -E";;
+	-Owx)
+	    # Optimization hardcoded of wxErlang, needs to disable debugging too
+	    OPTIMIZE_FLAGS="-Ob2ity -Gs -Zi";
+	    DEBUG_FLAGS="";
+	    DEBUG_BUILD=false;
+	    if [ $MD_FORCED = false ]; then
+		MD=-MD;
+	    fi
+	    OPTIMIZED_BUILD=true;;
+	-O*)
+	    # Optimization hardcoded, needs to disable debugging too
+	    OPTIMIZE_FLAGS="-Ox -Zi";
+	    DEBUG_FLAGS="";
+	    DEBUG_BUILD=false;
+	    if [ $MD_FORCED = false ]; then
+		MD=-MD;
+	    fi
+	    OPTIMIZED_BUILD=true;;
+	-g|-ggdb)
+	    if [ $OPTIMIZED_BUILD = false ];then
+		# Hardcoded windows debug flags
+		DEBUG_FLAGS="-Z7";
+		if [ $MD_FORCED = false ]; then
+		    MD=-MDd;
+		fi
+		LINKCMD="$LINKCMD -g";
+		DEBUG_BUILD=true;
+	    fi;;
+	# Allow forcing of stdlib
+	-mt|-MT)
+	    MD="-MT";
+	    MD_FORCED=true;;
+	-md|-MD)
+	    MD="-MD";
+	    MD_FORCED=true;;
+	-ml|-ML)
+	    MD="-ML";
+	    MD_FORCED=true;;
+	-mdd|-MDD|-MDd)
+	    MD="-MDd";
+	    MD_FORCED=true;;
+	-mtd|-MTD|-MTd)
+	    MD="-MTd";
+	    MD_FORCED=true;;
+	-mld|-MLD|-MLd)
+	    MD="-MLd";
+	    MD_FORCED=true;;
+	-o)
+	    shift;
+	    OUTFILE="$1";;
+	-o*)
+	    y=`echo $x | sed 's,^-[Io]\(.*\),\1,g'`;
+	    OUTFILE="$y";;
+	-I/*)
+	    y=`echo $x | sed 's,^-[Io]\(/.*\),\1,g'`;
+	    z=`echo $x | sed 's,^-\([Io]\)\(/.*\),\1,g'`;
+	    MPATH=`echo $y`;
+	    CMD="$CMD -$z\"$MPATH\"";; 
+	-I*)
+	    y=`echo $x | sed 's,",\\\",g'`;
+	    CMD="$CMD $y";;
+	-D*)
+	    y=`echo $x | sed 's,",\\\",g'`;
+	    CMD="$CMD $y";;
+	-EH*)
+	    y=`echo $x | sed 's,",\\\",g'`;
+	    CMD="$CMD $y";;
+	-TP|-Tp)
+	    y=`echo $x | sed 's,",\\\",g'`;
+	    CMD="$CMD $y";;
+	-l*)
+	    y=`echo $x | sed 's,^-l\(.*\),\1,g'`;
+	    LINKCMD="$LINKCMD $x";;
+	/*.c)
+	    SOURCES="$SOURCES $x";;
+	*.c)
+	    SOURCES="$SOURCES $x";;
+	/*.cc)
+	    SOURCES="$SOURCES $x";;
+	*.cc)
+	    SOURCES="$SOURCES $x";;
+	/*.cpp)
+	    SOURCES="$SOURCES $x";;
+	*.cpp)
+	    SOURCES="$SOURCES $x";;
+	/*.o)
+	    LINKCMD="$LINKCMD $x";;
+	*.o)
+	    LINKCMD="$LINKCMD $x";;
+	*)
+	    # Try to quote uninterpreted options
+	    y=`echo $x | sed 's,",\\\",g'`;
+	    LINKCMD="$LINKCMD $y";;
+    esac
+    shift
+done
+
+#Return code from compiler, linker.sh and finally this script...
+RES=0
+
+# Accumulated object names
+ACCUM_OBJECTS=""
+
+# A temporary object file location
+TMPOBJDIR=/tmp/tmpobj$$
+mkdir $TMPOBJDIR
+
+# Compile
+for x in $SOURCES; do
+    start_time=`date '+%s'` 
+    # Compile each source
+    if [ $LINKING = false ]; then
+	# We should have an output defined, which is a directory 
+	# or an object file
+	case $OUTFILE in
+	    /*.o)
+		# Simple output, SOURCES should be one single
+		n=`echo $SOURCES | wc -w`;
+		if [ $n -gt 1 ]; then
+		    echo "cc.sh:Error, multiple sources, one object output.";
+		    exit 1;
+		else
+		    output_filename=`echo $OUTFILE`;
+		fi;;
+	    *.o)
+		# Relative path needs no translation
+		n=`echo $SOURCES | wc -w`
+		if [ $n -gt 1 ]; then
+		    echo "cc.sh:Error, multiple sources, one object output."
+		    exit 1
+		else
+		    output_filename=$OUTFILE
+		fi;;
+	    /*)
+		# Absolute directory
+		o=`echo $x | sed 's,.*/,,' | sed 's,\.c$,.o,'`
+		output_filename=`echo $OUTFILE`
+		output_filename="$output_filename/${o}";;
+	    *)
+		# Relative_directory or empty string (.//x.o is valid)
+		o=`echo $x | sed 's,.*/,,' | sed 's,\.cp*$,.o,'`
+		output_filename="./${OUTFILE}/${o}";;
+	esac
+    else
+	# We are linking, which means we build objects in a temporary 
+	# directory and link from there. We should retain the basename
+	# of each source to make examining the exe easier...
+	o=`echo $x | sed 's,.*/,,' | sed 's,\.c$,.o,'`
+	output_filename=$TMPOBJDIR/$o
+	ACCUM_OBJECTS="$ACCUM_OBJECTS $output_filename"
+    fi
+    # Now we know enough, lets try a compilation...
+    MPATH=`echo $x`
+    if [ $PREPROCESSING = true ]; then
+	output_flag="-E"
+    else
+	output_flag="-c -Fo`cmd //C echo ${output_filename}`"
+    fi
+    params="$COMMON_CFLAGS $MD $DEBUG_FLAGS $OPTIMIZE_FLAGS \
+	    $CMD ${output_flag} $MPATH"
+    if [ "X$CC_SH_DEBUG_LOG" != "X" ]; then
+	echo cc.sh "$SAVE" >>$CC_SH_DEBUG_LOG
+	echo cl.exe $params >>$CC_SH_DEBUG_LOG
+    fi
+    eval cl.exe $params >$MSG_FILE 2>$ERR_FILE
+    RES=$?
+    if test $PREPROCESSING = false; then
+	cat $ERR_FILE >&2
+	tail -n +2 $MSG_FILE
+    else
+	tail -n +2 $ERR_FILE >&2
+	if test $DEPENDENCIES = true; then
+	    if test `grep -v $x $MSG_FILE | grep -c '#line'` != "0"; then
+		o=`echo $x | sed 's,.*/,,' | sed 's,\.cp*$,.o,'`
+		echo -n $o':'
+#		cat $MSG_FILE | grep '#line' | grep -v $x | awk -F\" '{printf("%s\n",$2)}' | sort -u | grep -v " " | xargs -n 1 win2msys_path.sh | awk '{printf("\\\n %s ",$0)}' 
+		cat $MSG_FILE | grep '#line' | grep -v $x | awk -F\" '{printf("%s\n",$2)}' | sort -u | grep -v " " | sed 's,^\([A-Za-z]\):[\\/]*,/\1/,;s,\\\\*,/,g'| awk '{printf("\\\n %s ",$0)}' 
+		echo
+		echo 
+		after_sed=`date '+%s'`
+		echo Made dependencises for $x':' `expr $after_sed '-' $start_time` 's' >&2
+	    fi 
+	else
+	    cat $MSG_FILE
+	fi
+    fi
+    rm -f $ERR_FILE $MSG_FILE
+    if [ $RES != 0 ]; then
+	rm -rf $TMPOBJDIR
+	exit $RES
+    fi
+done
+
+# If we got here, we succeeded in compiling (if there were anything to compile)
+# The output filename should name an executable if we're linking
+if [ $LINKING = true ]; then
+    case $OUTFILE in
+	"")
+	    # Use the first source name to name the executable
+	    first_source=""
+	    for x in $SOURCES; do first_source=$x; break; done;
+	    if [ -n "$first_source" ]; then
+		e=`echo $x | sed 's,.*/,,' | sed 's,\.c$,.exe,'`;
+		out_spec="-o $e";
+	    else
+		out_spec="";
+	    fi;;
+	*)
+	    out_spec="-o $OUTFILE";;
+    esac
+    # Descide which standard library to link against
+    case $MD in
+	-ML)
+	    stdlib="-lLIBC";;
+	-MLd)
+	    stdlib="-lLIBCD";;
+	-MD)
+	    stdlib="-lMSVCRT";;
+	-MDd)
+	    stdlib="-lMSVCRTD";;
+	-MT)
+	    stdlib="-lLIBCMT";;
+	-MTd)
+	    stdlib="-lLIBMTD";;
+    esac
+    # And finally call the next script to do the linking...
+    params="$out_spec $LINKCMD $stdlib" 
+    eval ld.sh $ACCUM_OBJECTS $params
+    RES=$?
+fi
+rm -rf $TMPOBJDIR
+
+exit $RES
diff --git a/erts/etc/win32/msys_tools/vc/coffix.c b/erts/etc/win32/msys_tools/vc/coffix.c
new file mode 100644
index 0000000000..1773b222fe
--- /dev/null
+++ b/erts/etc/win32/msys_tools/vc/coffix.c
@@ -0,0 +1,161 @@
+/*
+ * %CopyrightBegin%
+ * 
+ * Copyright Ericsson AB 1999-2011. All Rights Reserved.
+ * 
+ * The contents of this file are subject to the Erlang Public License,
+ * Version 1.1, (the "License"); you may not use this file except in
+ * compliance with the License. You should have received a copy of the
+ * Erlang Public License along with this software. If not, it can be
+ * retrieved online at http://www.erlang.org/.
+ * 
+ * Software distributed under the License is distributed on an "AS IS"
+ * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ * the License for the specific language governing rights and limitations
+ * under the License.
+ * 
+ * %CopyrightEnd%
+ */
+/*
+** This mini tool fixes an incompatibility between 
+** Microsoft's tools, who dont like the virtual size being put in
+** the physical address field, but rely on the raw size field for
+** sizing the ".bss" section.
+** This fixes some of the problems with linking gcc compiled objects
+** together with MSVC dito.
+**
+** Courtesy DJ Delorie for describing the COFF file format on 
+** http://www.delorie.com/djgpp/doc/coff/
+** The coff structures are fetched from Microsofts headers though.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+
+#include <windows.h>
+#include <winnt.h> /* Structure definitions for PE (COFF) */
+
+static int dump_edit(char *filename, int edit);
+static int v_printf(char *format, ...);
+
+
+char *progname;
+int verbouse = 0;
+
+int main(int argc, char **argv) 
+{
+    int findex = 1;
+    int edit = 0;
+    int ret;
+
+    progname = argv[0];
+    if (argc == 1) {
+	fprintf(stderr,"Format : %s [-e] [-v] <filename>\n", progname);
+	return 1;
+    }
+    for (findex = 1; 
+	 findex < argc && (*argv[findex] == '-' || *argv[findex] == '/');
+	 ++findex)
+	switch (argv[findex][1]) {
+	case 'e':
+	case 'E':
+	    edit = 1;
+	    break;
+	case 'v':
+	case 'V':
+	    verbouse = 1;
+	default:
+	    fprintf(stderr, "%s: unknown option %s\n", progname, argv[findex]);
+	    break;
+	}
+    if (findex == argc) {
+	fprintf(stderr,"%s: No filenames given.\n", progname);
+	return 1;
+    }
+    for(; findex < argc; ++findex)
+	if ((ret = dump_edit(argv[findex],edit)) != 0)
+	    return ret;
+    return 0;
+}
+
+int dump_edit(char *filename, int edit) 
+{
+    FILE *f = fopen(filename, (edit) ? "r+b" : "rb");
+    IMAGE_FILE_HEADER filhdr;
+    IMAGE_SECTION_HEADER scnhdr;
+    int i;
+
+    if (f == NULL) {
+	fprintf(stderr, "%s: cannot open %s.\n", progname, filename);
+	return 1;
+    }
+    
+    if (fread(&filhdr, sizeof(filhdr), 1, f) == 0) {
+	fprintf(stderr,"%s: Could not read COFF header from %s,"
+		" is this a PE (COFF) file?\n", progname, filename);
+	fclose(f);
+	return 1;
+    }
+    v_printf("File: %s\n", filename);
+    v_printf("Magic number: 0x%08x\n", filhdr.Machine);
+    v_printf("Number of sections: %d\n",filhdr.NumberOfSections);
+    
+    if (fseek(f, (long) filhdr.SizeOfOptionalHeader, SEEK_CUR) != 0) {
+	fprintf(stderr,"%s: Could not read COFF optional header from %s,"
+		" is this a PE (COFF) file?\n", progname, filename);
+	fclose(f);
+	return 1;
+    }
+    
+    for (i = 0; i < filhdr.NumberOfSections; ++i) {
+	if (fread(&scnhdr, sizeof(scnhdr), 1, f) == 0) {
+	    fprintf(stderr,"%s: Could not read section header from %s,"
+		    " is this a PE (COFF) file?\n", progname, filename);
+	    fclose(f);
+	    return 1;
+	}
+	v_printf("Section %s:\n", scnhdr.Name);
+	v_printf("Physical address: 0x%08x\n", scnhdr.Misc.PhysicalAddress);
+	v_printf("Size: 0x%08x\n", scnhdr.SizeOfRawData);
+	if (scnhdr.Misc.PhysicalAddress != 0 &&
+	    scnhdr.SizeOfRawData == 0) {
+	    printf("Section header %s in file %s will confuse MSC linker, "
+		   "virtual size is 0x%08x and raw size is 0\n",
+		   scnhdr.Name, filename, scnhdr.Misc.PhysicalAddress, 
+		   scnhdr.SizeOfRawData);
+	    if (edit) {
+		scnhdr.SizeOfRawData = scnhdr.Misc.PhysicalAddress;
+		scnhdr.Misc.PhysicalAddress = 0;
+		if (fseek(f, (long) -((long)sizeof(scnhdr)), SEEK_CUR) != 0 ||
+		    fwrite(&scnhdr, sizeof(scnhdr), 1, f) == 0) {
+		    fprintf(stderr,"%s: could not edit file %s.\n",
+			    progname, filename);
+		    fclose(f);
+		    return 1;
+		}
+		printf("Edited object, virtual size is now 0, and "
+		       "raw size is 0x%08x.\n", scnhdr.SizeOfRawData);
+	    } else {
+		printf("Specify option '-e' to correct the problem.\n");
+	    }
+	}
+    }
+    fclose(f);
+    return 0;
+}
+	    
+
+static int v_printf(char *format, ...)
+{
+    va_list ap;
+    int ret = 0;
+    if (verbouse) {
+	va_start(ap, format);
+	ret = vfprintf(stdout, format, ap);
+	va_end(ap);
+    }
+    return ret;
+}
+
diff --git a/erts/etc/win32/msys_tools/vc/emu_cc.sh b/erts/etc/win32/msys_tools/vc/emu_cc.sh
new file mode 100644
index 0000000000..68ce4e359f
--- /dev/null
+++ b/erts/etc/win32/msys_tools/vc/emu_cc.sh
@@ -0,0 +1,95 @@
+#! /bin/sh
+# 
+# %CopyrightBegin%
+# 
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
+# 
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+# 
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+# 
+# %CopyrightEnd%
+# 
+if [ X"$CONFIG_SUBTYPE" = X"win64" ]; then
+    GCC="x86_64-w64-mingw32-gcc.exe"
+else 
+    GCC="gcc"
+fi
+TOOLDIR=$ERL_TOP/erts/etc/win32/msys_tools/vc
+COFFIX=$TOOLDIR/coffix
+WTOOLDIR0=`win2msys_path.sh "$TOOLDIR"`
+WTOOLDIR=`cmd //C echo $WTOOLDIR0`
+# Do primitive 'make'
+newer_exe=`find $TOOLDIR -newer $COFFIX.c -name coffix.exe -print`
+if [ -z $newer_exe ]; then
+    echo recompiling $COFFIX.exe
+    cl.exe -Fe${WTOOLDIR}/coffix.exe ${WTOOLDIR}/coffix.c
+    rm -f $COFFIX.obj coffix.obj $COFFIX.pdb coffix.pdb
+fi
+
+# Try to find out the output filename and remove it from command line
+CMD=""
+OUTFILE=""
+INFILE=""
+SKIP_COFFIX=false
+while test -n "$1" ; do
+    x="$1"
+    case "$x" in
+	-o/*)
+	    OUTFILE=`echo $x | sed 's,^-[Io]\(/.*\),\1,g'`;;
+	-o)
+	    shift
+	    OUTFILE=$1;;
+	-MM)
+	    SKIP_COFFIX=true
+	    CMD="$CMD \"$x\"";;
+	*.c)
+	    INFILE="$INFILE $x";
+	    CMD="$CMD \"$x\"";;
+	*)
+	    CMD="$CMD \"$x\"";;
+    esac
+    shift
+done
+if [ -z "$INFILE" ]; then
+    echo 'emu_cc.sh: please give an input filename for the compiler' >&2
+    exit 1
+fi    
+if [ -z "$OUTFILE" ]; then
+    OUTFILE=`echo $INFILE | sed 's,\.c$,.o,'`
+fi
+
+if [ $SKIP_COFFIX = false ]; then
+    n=`echo $INFILE | wc -w`;
+    if [ $n -gt 1 ]; then
+	echo "emu_cc.sh:Error, multiple sources, one object output.";
+	exit 1;
+    fi
+    TEMPFILE=/tmp/tmp_emu_cc$$.o
+    if [ "X$EMU_CC_SH_DEBUG_LOG" != "X" ]; then
+	echo "$GCC -o $TEMPFILE -D__WIN32__ -DWIN32 -DWINDOWS -fomit-frame-pointer $CMD" >> $EMU_CC_SH_DEBUG_LOG 2>&1
+    fi
+    eval $GCC -o $TEMPFILE -D__WIN32__ -DWIN32 -DWINDOWS -fomit-frame-pointer $CMD
+    RES=$?
+    if [ $RES = 0 ]; then
+	$COFFIX.exe -e `win2msys_path.sh $TEMPFILE`
+	RES=$?
+	if [ $RES = 0 ]; then
+	    cp $TEMPFILE $OUTFILE
+	else
+	    echo "emu_cc.sh: fatal: coffix failed!" >&2
+	fi
+    fi
+    rm -f $TEMPFILE
+    exit $RES
+else
+    eval $GCC -D__WIN32__ -DWIN32 -DWINDOWS -fomit-frame-pointer -fno-tree-copyrename $CMD 2>/dev/null
+    exit $?
+fi
diff --git a/erts/etc/win32/msys_tools/vc/ld.sh b/erts/etc/win32/msys_tools/vc/ld.sh
new file mode 100644
index 0000000000..0fcbf6f7d9
--- /dev/null
+++ b/erts/etc/win32/msys_tools/vc/ld.sh
@@ -0,0 +1,198 @@
+#! /bin/sh
+# set -x
+# 
+# %CopyrightBegin%
+# 
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
+# 
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+# 
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+# 
+# %CopyrightEnd%
+# 
+# Save the command line for debug outputs
+
+SAVE="$@"
+kernel_libs="kernel32.lib advapi32.lib"
+gdi_libs="gdi32.lib user32.lib comctl32.lib comdlg32.lib shell32.lib"
+DEFAULT_LIBRARIES="$kernel_libs $gdi_libs"
+
+CMD=""
+STDLIB=MSVCRT.LIB
+DEBUG_BUILD=false
+STDLIB_FORCED=false
+BUILD_DLL=false
+OUTPUT_FILENAME=""
+
+while test -n "$1" ; do
+    x="$1"
+    case "$x" in
+	-dll| -DLL)
+	    BUILD_DLL=true;; 
+	-L/*|-L.*)
+	    y=`echo $x | sed 's,^-L\(.*\),\1,g'`;
+	    MPATH=`msys2win_path.sh -m $y`;
+	    CMD="$CMD -libpath:\"$MPATH\"";; 
+	-lMSVCRT|-lmsvcrt)
+	    STDLIB_FORCED=true;
+	    STDLIB=MSVCRT.LIB;; 
+	-lMSVCRTD|-lmsvcrtd)
+	    STDLIB_FORCED=true;
+	    STDLIB=MSVCRTD.LIB;; 
+	-lLIBCMT|-llibcmt)
+	    STDLIB_FORCED=true;
+	    STDLIB=LIBCMT.LIB;; 
+	-lLIBCMTD|-llibcmtd)
+	    STDLIB_FORCED=true;
+	    STDLIB=LIBCMTD.LIB;; 
+	-lsocket)
+	    DEFAULT_LIBRARIES="$DEFAULT_LIBRARIES WS2_32.LIB IPHLPAPI.LIB";;
+	-l*)
+	    y=`echo $x | sed 's,^-l\(.*\),\1,g'`;
+	    MPATH=`msys2win_path.sh -m $y`;
+	    CMD="$CMD \"${MPATH}.lib\"";; 
+	-g)
+	    DEBUG_BUILD=true;;
+	-pdb:none|-incremental:no)
+	    ;;
+	-implib:*)
+	    y=`echo $x | sed 's,^-implib:\(.*\),\1,g'`;
+	    MPATH=`msys2win_path.sh -m $y`;
+	    CMD="$CMD -implib:\"${MPATH}\"";; 
+	-def:*)
+	    y=`echo $x | sed 's,^-def:\(.*\),\1,g'`;
+	    MPATH=`msys2win_path.sh -m $y`;
+	    CMD="$CMD -def:\"${MPATH}\"";; 
+	-o)
+	    shift
+	    MPATH=`msys2win_path.sh -m $1`;
+	    OUTPUT_FILENAME="$MPATH";;
+	-o/*)
+	    y=`echo $x | sed 's,^-[Io]\(/.*\),\1,g'`;
+	    MPATH=`msys2win_path.sh -m $y`;
+	    OUTPUT_FILENAME="$MPATH";;
+	/*)
+	    MPATH=`msys2win_path.sh -m $x`;
+	    CMD="$CMD \"$MPATH\"";; 
+	*)
+	    y=`echo $x | sed 's,",\\\",g'`;
+	    CMD="$CMD \"$y\"";;
+    esac
+    shift
+done
+if [ $DEBUG_BUILD = true ]; then
+    linktype="-debug -pdb:none"
+    if [ $STDLIB_FORCED = false ]; then
+	STDLIB=MSVCRTD.LIB
+    fi
+fi
+# Generate a PDB 
+linkadd_pdb=""
+case "$OUTPUT_FILENAME" in
+    *.exe|*.EXE)
+	    fn=`echo "$OUTPUT_FILENAME" | sed 's,[eE][xX][eE]$,,g'`;
+	    linkadd_pdb="-pdb:\"${fn}pdb\"";;
+    *.dll|*.DLL)
+	    fn=`echo "$OUTPUT_FILENAME" | sed 's,[dD][lL][lL]$,,g'`;
+	    linkadd_pdb="-pdb:\"${fn}pdb\"";;
+    "")
+	    linkadd_pdb="-pdb:\"a.pdb\"";;
+    *)
+	    linkadd_pdb="-pdb:\"${OUTPUT_FILENAME}.pdb\"";;
+esac
+	
+    linktype="-debug $linkadd_pdb"
+
+CHMOD_FILE=""
+
+if [ $BUILD_DLL = true ];then
+    case "$OUTPUT_FILENAME" in
+	*.exe|*.EXE)
+	    echo "Warning, output set to .exe when building DLL" >&2
+	    CHMOD_FILE="$OUTPUT_FILENAME";
+	    CMD="-dll -out:\"$OUTPUT_FILENAME\" $CMD";
+	    OUTPUTRES="${OUTPUT_FILENAME}\;2";
+	    MANIFEST="${OUTPUT_FILENAME}.manifest";;
+	*.dll|*.DLL)
+	    CMD="-dll -out:\"$OUTPUT_FILENAME\" $CMD";
+	    OUTPUTRES="${OUTPUT_FILENAME}\;2";
+	    MANIFEST="${OUTPUT_FILENAME}.manifest";;
+	"")
+	    CMD="-dll -out:\"a.dll\" $CMD";
+	    OUTPUTRES="a.dll\;2";
+	    MANIFEST="a.dll.manifest";;
+	*)
+	    CMD="-dll -out:\"${OUTPUT_FILENAME}.dll\" $CMD";
+	    OUTPUTRES="${OUTPUT_FILENAME}.dll\;2";
+	    MANIFEST="${OUTPUT_FILENAME}.dll.manifest";;
+    esac
+else
+    case "$OUTPUT_FILENAME" in
+	*.exe|*.EXE)
+	    CHMOD_FILE="$OUTPUT_FILENAME";
+	    CMD="-out:\"$OUTPUT_FILENAME\" $CMD";
+	    OUTPUTRES="${OUTPUT_FILENAME}\;1"
+	    MANIFEST="${OUTPUT_FILENAME}.manifest";;
+	*.dll|*.DLL)
+	    echo "Warning, output set to .dll when building EXE" >&2
+	    CMD="-out:\"$OUTPUT_FILENAME\" $CMD";
+	    OUTPUTRES="${OUTPUT_FILENAME}\;1";
+	    MANIFEST="${OUTPUT_FILENAME}.manifest";;
+	"")
+	    CHMOD_FILE="a.exe";
+	    CMD="-out:\"a.exe\" $CMD";
+	    OUTPUTRES="a.exe\;1";
+	    MANIFEST="a.exe.manifest";;
+	*)
+	    CMD="-out:\"${OUTPUT_FILENAME}.exe\" $CMD";
+	    OUTPUTRES="${OUTPUT_FILENAME}.exe\;1";
+	    MANIFEST="${OUTPUT_FILENAME}.exe.manifest";;
+    esac
+fi    
+	    
+p=$$
+CMD="$linktype -nologo -incremental:no $CMD $STDLIB $DEFAULT_LIBRARIES"
+if [ "X$LD_SH_DEBUG_LOG" != "X" ]; then
+    echo ld.sh "$SAVE" >>$LD_SH_DEBUG_LOG
+    echo link.exe $CMD >>$LD_SH_DEBUG_LOG
+fi
+eval link.exe "$CMD"  >/tmp/link.exe.${p}.1 2>/tmp/link.exe.${p}.2
+RES=$?
+
+CMANIFEST=`win2msys_path.sh $MANIFEST`
+if [ "$RES" = "0" -a -f "$CMANIFEST" ]; then
+    # Add stuff to manifest to turn off "virtualization"
+    sed -n -i '1h;1!H;${;g;s,<trustInfo.*</trustInfo>.,,g;p;}' $CMANIFEST 2>/dev/null
+    sed -i "s/<\/assembly>/ <ms_asmv2:trustInfo xmlns:ms_asmv2=\"urn:schemas-microsoft-com:asm.v2\">\n  <ms_asmv2:security>\n   <ms_asmv2:requestedPrivileges>\n    <ms_asmv2:requestedExecutionLevel level=\"AsInvoker\" uiAccess=\"false\"\/>\n   <\/ms_asmv2:requestedPrivileges>\n  <\/ms_asmv2:security>\n <\/ms_asmv2:trustInfo>\n<\/assembly>/" $CMANIFEST 2>/dev/null
+
+    eval mt.exe -nologo -manifest "$MANIFEST" -outputresource:"$OUTPUTRES" >>/tmp/link.exe.${p}.1 2>>/tmp/link.exe.${p}.2
+    RES=$?
+    if [ "$RES" != "0" ]; then
+	REMOVE=`echo "$OUTPUTRES" | sed 's,\\\;[12]$,,g'`
+	CREMOVE=`cygpath $REMOVE`
+	rm -f "$CREMOVE"
+    fi
+    rm -f "$CMANIFEST"
+fi
+
+# This works around some strange behaviour 
+# in cygwin 1.7 Beta on Windows 7 with samba drive.
+# Configure will think the compiler failed if test -x fails, 
+# which it might do as we might not be the owner of the
+# file.
+if [ '!' -z "$CHMOD_FILE" -a -s "$CHMOD_FILE" -a '!' -x "$CHMOD_FILE" ]; then
+    chmod +x $CHMOD_FILE
+fi
+    
+tail -n +2 /tmp/link.exe.${p}.2 >&2
+cat /tmp/link.exe.${p}.1
+rm -f /tmp/link.exe.${p}.2 /tmp/link.exe.${p}.1
+exit $RES
diff --git a/erts/etc/win32/msys_tools/vc/mc.sh b/erts/etc/win32/msys_tools/vc/mc.sh
new file mode 100644
index 0000000000..27d985f73e
--- /dev/null
+++ b/erts/etc/win32/msys_tools/vc/mc.sh
@@ -0,0 +1,87 @@
+#! /bin/sh
+# set -x
+# 
+# %CopyrightBegin%
+# 
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
+# 
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+# 
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+# 
+# %CopyrightEnd%
+# 
+# Save the command line for debug outputs
+SAVE="$@"
+CMD=""
+OUTPUT_DIRNAME=""
+
+# Find the correct mc.exe. This could be done by the configure script,
+# But as we seldom use the message compiler, it might as well be done here...
+MCC=""
+save_ifs=$IFS
+IFS=:
+for p in $PATH; do 
+    if [ -f $p/mc.exe ]; then 
+	if [ -n "`$p/mc.exe -? 2>&1 >/dev/null </dev/null \
+                 | grep -i \"message compiler\"`" ]; then 
+	    MCC=`echo "$p/mc.exe" | sed 's/ /\\\\ /g'`
+	fi
+    fi
+done
+IFS=$save_ifs
+
+if [ -z "$MCC" ]; then
+    echo 'mc.exe not found!' >&2
+    exit 1
+fi
+
+while test -n "$1" ; do
+    x="$1"
+    case "$x" in
+	-o)
+	    shift
+	    OUTPUT_DIRNAME="$1";;
+	-o/*)
+	    y=`echo $x | sed 's,^-[Io]\(/.*\),\1,g'`;
+	    OUTPUT_DIRNAME="$y";;
+	-I)
+	    shift
+	    MPATH=`msys2win_path.sh -m $1`;
+	    CMD="$CMD -I\"$MPATH\"";;
+	-I/*)
+	    y=`echo $x | sed 's,^-[Io]\(/.*\),\1,g'`;
+	    MPATH=`msys2win_path.sh -m $y`;
+	    CMD="$CMD -I\"$MPATH\"";;
+	*)
+	    MPATH=`msys2win_path.sh -m -a $x`;
+	    CMD="$CMD \"$MPATH\"";; 
+    esac
+    shift
+done
+p=$$
+if [ "X$MC_SH_DEBUG_LOG" != "X" ]; then
+    echo mc.sh "$SAVE" >>$MC_SH_DEBUG_LOG
+    echo mc.exe $CMD >>$MC_SH_DEBUG_LOG
+fi
+if [ -n "$OUTPUT_DIRNAME" ]; then
+    cd $OUTPUT_DIRNAME
+    RES=$?
+    if [ "$RES" != "0" ]; then
+	echo "mc.sh: Error: could not cd to $OUTPUT_DIRNAME">&2
+	exit $RES
+    fi
+fi
+eval $MCC "$CMD"  >/tmp/mc.exe.${p}.1 2>/tmp/mc.exe.${p}.2
+RES=$?
+tail +2 /tmp/mc.exe.${p}.2 >&2
+cat /tmp/mc.exe.${p}.1
+rm -f /tmp/mc.exe.${p}.2 /tmp/mc.exe.${p}.1
+exit $RES
diff --git a/erts/etc/win32/msys_tools/vc/rc.sh b/erts/etc/win32/msys_tools/vc/rc.sh
new file mode 100644
index 0000000000..dfa9e324db
--- /dev/null
+++ b/erts/etc/win32/msys_tools/vc/rc.sh
@@ -0,0 +1,86 @@
+#! /bin/sh
+# set -x
+# 
+# %CopyrightBegin%
+# 
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
+# 
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+# 
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+# 
+# %CopyrightEnd%
+# 
+# Save the command line for debug outputs
+SAVE="$@"
+CMD=""
+OUTPUT_FILENAME=""
+
+# Find the correct rc.exe. This could be done by the configure script,
+# But as we seldom use the resource compiler, it might as well be done here...
+RCC=""
+save_ifs=$IFS
+IFS=:
+for p in $PATH; do 
+    if [ -f $p/rc.exe ]; then 
+	if [ -n "`$p/rc.exe -? 2>&1 | grep -i "resource compiler"`" ]; then
+	    RCC=`echo "$p/rc.exe" | sed 's/ /\\\\ /g'`
+	fi
+    fi
+done
+IFS=$save_ifs
+
+if [ -z "$RCC" ]; then
+    echo 'rc.exe not found!' >&2
+    exit 1
+fi
+
+while test -n "$1" ; do
+    x="$1"
+    case "$x" in
+	-o)
+	    shift
+	    MPATH=`msys2win_path.sh -m $1`;
+	    OUTPUT_FILENAME="$MPATH";;
+	-o/*)
+	    y=`echo $x | sed 's,^-[Io]\(/.*\),\1,g'`;
+	    MPATH=`msys2win_path.sh -m $y`;
+	    OUTPUT_FILENAME="$MPATH";;
+	-I)
+	    shift
+	    MPATH=`msys2win_path.sh -m $1`;
+	    CMD="$CMD -I\"$MPATH\"";;
+	-I/*)
+	    y=`echo $x | sed 's,^-[Io]\(/.*\),\1,g'`;
+	    MPATH=`msys2win_path.sh -m $y`;
+	    CMD="$CMD -I\"$MPATH\"";;
+	/*)
+	    MPATH=`msys2win_path.sh -m $x`;
+	    CMD="$CMD \"$MPATH\"";; 
+	*)
+	    y=`echo $x | sed 's,",\\\",g'`;
+	    CMD="$CMD \"$y\"";;
+    esac
+    shift
+done
+p=$$
+if [ -n "$OUTPUT_FILENAME" ]; then
+    CMD="-Fo$OUTPUT_FILENAME $CMD"
+fi
+if [ "X$RC_SH_DEBUG_LOG" != "X" ]; then
+    echo rc.sh "$SAVE" >>$RC_SH_DEBUG_LOG
+    echo rc.exe $CMD >>$RC_SH_DEBUG_LOG
+fi
+eval $RCC "$CMD"  >/tmp/rc.exe.${p}.1 2>/tmp/rc.exe.${p}.2
+RES=$?
+tail +2 /tmp/rc.exe.${p}.2 >&2
+cat /tmp/rc.exe.${p}.1
+rm -f /tmp/rc.exe.${p}.2 /tmp/rc.exe.${p}.1
+exit $RES
diff --git a/erts/etc/win32/msys_tools/win2msys_path.sh b/erts/etc/win32/msys_tools/win2msys_path.sh
new file mode 100644
index 0000000000..6558a15ecd
--- /dev/null
+++ b/erts/etc/win32/msys_tools/win2msys_path.sh
@@ -0,0 +1,38 @@
+#! /bin/bash

+if [ -z "$1" ]; then

+    echo "Usage: $0 <path>" >&2

+    exit 1;

+fi

+

+MSYS_PATH=`echo "$1" | sed 's,^\([a-zA-Z]\):\\\\,/\L\1/,;s,\\\\,/,g'`

+if [ -z "$MSYS_PATH" ]; then

+    echo "$0: Could not translate $1 to msys format" >&2

+    exit 2;

+fi

+

+DELBLANK=`echo "$MSYS_PATH" | sed 's, ,,g'`

+

+if [ "X$DELBLANK" != "X$MSYS_PATH" ]; then

+    if [ -d "$MSYS_PATH" ]; then

+	C1=`(cd "$MSYS_PATH" && cmd //C "for %i in (".") do @echo %~fsi")`

+	MSYS_PATH=`echo "$C1" | sed 's,^\([a-zA-Z]\):\\\\,/\L\1/,;s,\\\\,/,g'`

+    else

+	MSYS_DIR=`dirname "$MSYS_PATH"`

+	MSYS_FILE=`basename "$MSYS_PATH"`

+	if [ -d "$MSYS_DIR" ]; then

+	    	C1=`(cd "$MSYS_DIR" && cmd //C "for %i in (".") do @echo %~fsi")`	

+		BAT_FILE=/tmp/w$$.bat

+		# I simply cannot get the quoting right for this, 

+		# need an intermediate bat file

+		cat > $BAT_FILE <<EOF

+@echo off

+for %%i in ("$MSYS_FILE") do @echo %%~snxi

+EOF

+		C2=`(cd "$MSYS_DIR" && cmd //C $BAT_FILE)`

+		rm -f $BAT_FILE

+		MSYS_PATH=`echo "$C1/$C2" | sed 's,^\([a-zA-Z]\):\\\\,/\L\1/,;s,\\\\,/,g;s," ", ,g'`

+	fi

+    fi

+fi		

+echo $MSYS_PATH

+exit 0
\ No newline at end of file
diff --git a/erts/etc/win32/nsis/Makefile b/erts/etc/win32/nsis/Makefile
index ae2343b420..6a93c5153d 100644
--- a/erts/etc/win32/nsis/Makefile
+++ b/erts/etc/win32/nsis/Makefile
@@ -40,10 +40,29 @@ clean:
 include $(ERL_TOP)/make/otp_release_targets.mk
 
 TARGET_DIR = $(RELEASE_PATH)
-WTESTROOT=$(shell (cygpath -d $(RELEASE_PATH) 2>/dev/null || cygpath -w $(RELEASE_PATH)))
-WTARGET_DIR=$(shell (cygpath -d $(TARGET_DIR) 2>/dev/null || cygpath -d $(TARGET_DIR)))
+
+ifeq ($(MSYSTEM),MINGW32)
+
+  MAKENSISFLAGS = //V2
+  WTESTROOT=$(shell (msys2win_path.sh $(RELEASE_PATH)))
+  WTARGET_DIR=$(shell (msys2win_path.sh $(TARGET_DIR)))
+
+else
+
+  MAKENSISFLAGS = /V2
+  WTESTROOT=$(shell (cygpath -d $(RELEASE_PATH) 2>/dev/null || cygpath -w $(RELEASE_PATH)))
+  WTARGET_DIR=$(shell (cygpath -d $(TARGET_DIR) 2>/dev/null || cygpath -d $(TARGET_DIR)))
+
+endif
+
+ifeq ($(CONFIG_SUBTYPE),win64)
+  WINTYPE=win64
+else
+  WINTYPE=win32
+endif
 
 REDIST_FILE=$(shell (sh ./find_redist.sh || echo ""))
+REDIST_TARGET=$(shell (sh ./find_redist.sh -n || echo ""))
 REDIST_DLL_VERSION=$(shell (sh ./dll_version_helper.sh || echo ""))
 REDIST_DLL_NAME=$(shell (sh ./dll_version_helper.sh -n || echo ""))
 
@@ -65,16 +84,18 @@ release_spec:
 	  echo '!define ERTS_VERSION "$(VSN)"' >> $(VERSION_HEADER);\
 	  echo '!define TESTROOT "$(WTESTROOT)"' >> $(VERSION_HEADER);\
 	  echo '!define OUTFILEDIR "$(WTARGET_DIR)"' >> $(VERSION_HEADER);\
+	  echo '!define WINTYPE "$(WINTYPE)"' >> $(VERSION_HEADER);\
 	  if [ -f $(CUSTOM_MODERN) ];\
 	  then \
 		echo '!define HAVE_CUSTOM_MODERN 1' >> $(VERSION_HEADER); \
 	  fi;\
 	  if [ '!' -z "$(REDIST_FILE)" -a '!' -z "$(REDIST_DLL_VERSION)" ];\
 	  then \
-		cp $(REDIST_FILE) $(RELEASE_PATH)/vcredist_x86.exe;\
+		cp $(REDIST_FILE) $(RELEASE_PATH)/$(REDIST_TARGET);\
 		echo '!define HAVE_REDIST_FILE 1'  >> $(VERSION_HEADER); \
 		echo '!define REDIST_DLL_VERSION "$(REDIST_DLL_VERSION)"' >> $(VERSION_HEADER);\
 		echo '!define REDIST_DLL_NAME "$(REDIST_DLL_NAME)"' >> $(VERSION_HEADER);\
+		echo '!define REDIST_EXECUTABLE "$(REDIST_TARGET)"' >> $(VERSION_HEADER);\
 	  fi;\
 	  if [ -f $(RELEASE_PATH)/docs/doc/index.html ];\
 	  then \
diff --git a/erts/etc/win32/nsis/dll_version_helper.sh b/erts/etc/win32/nsis/dll_version_helper.sh
index eecd4a72b5..96e4532b7a 100755
--- a/erts/etc/win32/nsis/dll_version_helper.sh
+++ b/erts/etc/win32/nsis/dll_version_helper.sh
@@ -36,11 +36,11 @@ int main(void)
 }
 
 EOF
-cl /MD hello.c  > /dev/null 2>&1
+cl -MD hello.c  > /dev/null 2>&1
 if [ '!' -f hello.exe.manifest ]; then
     # Gah - VC 2010 changes the way it handles DLL's and manifests... Again...
     # need another way of getting the version
-    DLLNAME=`dumpbin.exe /imports hello.exe | egrep MSVCR.*dll`
+    DLLNAME=`dumpbin.exe -imports hello.exe | egrep MSVCR.*dll`
     DLLNAME=`echo $DLLNAME`
     cat > helper.c <<EOF
 #include <windows.h>
@@ -59,11 +59,7 @@ int main(void)
   char *vs_verinfo;
   unsigned int vs_ver_size;
   
-  struct LANGANDCODEPAGE {
-    WORD language;
-    WORD codepage;
-  } *translate;
-
+  WORD *translate;
   unsigned int tr_size;
   
   if (!(versize = GetFileVersionInfoSize(REQ_MODULE,&dummy))) {
@@ -79,10 +75,10 @@ int main(void)
     fprintf(stderr,"No translation info in %s!\n",REQ_MODULE);
     exit(3);
   }
-  n = tr_size/sizeof(translate);
+  n = tr_size/(2*sizeof(*translate));
   for(i=0; i < n; ++i) {
     sprintf(buff,"\\\\StringFileInfo\\\\%04x%04x\\\\FileVersion",
-	    translate[i].language,translate[i].codepage);
+	    translate[i*2],translate[i*2+1]);
     if (VerQueryValue(versinfo,buff,&vs_verinfo,&vs_ver_size)) {
       printf("%s\n",(char *) vs_verinfo);
       return 0;
@@ -92,7 +88,7 @@ int main(void)
   return 0;
 }
 EOF
-    cl /MD helper.c version.lib > /dev/null 2>&1
+    cl -MD helper.c version.lib > /dev/null 2>&1
     if [ '!' -f helper.exe ]; then
 	echo "Failed to build helper program." >&2
 	exit 1
diff --git a/erts/etc/win32/nsis/erlang20.nsi b/erts/etc/win32/nsis/erlang20.nsi
index 941e8e6f5d..fb0eff3867 100644
--- a/erts/etc/win32/nsis/erlang20.nsi
+++ b/erts/etc/win32/nsis/erlang20.nsi
@@ -31,17 +31,24 @@ Var STARTMENU_FOLDER
 !define MY_STARTMENUPAGE_REGISTRY_VALUENAME "Start Menu Folder"

 

 ;General

-	OutFile "${OUTFILEDIR}\otp_win32_${OTP_VERSION}.exe"

+	OutFile "${OUTFILEDIR}\otp_${WINTYPE}_${OTP_VERSION}.exe"

 

 ;Folder selection page

+!if ${WINTYPE} == "win64"

+  	InstallDir "$PROGRAMFILES64\erl${ERTS_VERSION}"

+!else

   	InstallDir "$PROGRAMFILES\erl${ERTS_VERSION}"

-  

+!endif  

 ;Remember install folder

   	InstallDirRegKey HKLM "SOFTWARE\Ericsson\Erlang\${ERTS_VERSION}" ""

   

 ; Set the default start menu folder

 

+!if ${WINTYPE} == "win64"

+	!define MUI_STARTMENUPAGE_DEFAULTFOLDER "${OTP_PRODUCT} ${OTP_VERSION} (x64)"

+!else

 	!define MUI_STARTMENUPAGE_DEFAULTFOLDER "${OTP_PRODUCT} ${OTP_VERSION}"

+!endif  

 

 ;--------------------------------

 ;Modern UI Configuration

@@ -98,12 +105,12 @@ Var STARTMENU_FOLDER
 Section "Microsoft redistributable libraries." SecMSRedist

 

   	SetOutPath "$INSTDIR"

-	File "${TESTROOT}\vcredist_x86.exe"

+	File "${TESTROOT}\${REDIST_EXECUTABLE}"

   

 ; Set back verbosity...

   	!verbose 1

 ; Run the setup program  

-  	ExecWait '"$INSTDIR\vcredist_x86.exe"'

+  	ExecWait '"$INSTDIR\${REDIST_EXECUTABLE}"'

 

   	!verbose 1

 SectionEnd ; MSRedist

diff --git a/erts/etc/win32/nsis/find_redist.sh b/erts/etc/win32/nsis/find_redist.sh
index bc4260ecba..7c449c9e4e 100755
--- a/erts/etc/win32/nsis/find_redist.sh
+++ b/erts/etc/win32/nsis/find_redist.sh
@@ -65,7 +65,6 @@ remove_path_element()
     else
 	echo "${ACC}/$1"
     fi
-
     #echo "ACC=$ACC" >&2
     #echo "1=$1" >&2
 }
@@ -89,20 +88,39 @@ add_path_element()
     echo "$PA"
 }
 
+
 CLPATH=`lookup_prog_in_path cl`
 
 if [ -z "$CLPATH" ]; then 
-    echo "Can not locate cl.exe and vcredist_x86.exe - OK if using mingw" >&2
+    echo "Can not locate cl.exe and vcredist_x86/x64.exe - OK if using mingw" >&2
     exit 1
 fi
 
-#echo $CLPATH
+# Look to see if it's 64bit
+XX=`remove_path_element cl "$CLPATH"`
+YY=`remove_path_element amd64 "$XX"`
+if [ "$YY" != "$XX" ]; then
+    AMD64DIR=true
+    VCREDIST=vcredist_x64
+    COMPONENTS="cl amd64 bin vc"
+else
+    AMD64DIR=false
+    VCREDIST=vcredist_x86
+    COMPONENTS="cl bin vc"
+fi
+
+if [ X"$1" = X"-n" ]; then
+    echo $VCREDIST.exe
+    exit 0
+fi
+
+# echo $CLPATH
 BPATH=$CLPATH
-for x in cl bin vc; do
-    #echo $x
+for x in $COMPONENTS; do
+    # echo $x
     NBPATH=`remove_path_element $x "$BPATH"`
     if [ "$NBPATH" = "$BPATH" ]; then
-	echo "Failed to locate vcredist_x86.exe because cl.exe was in an unexpected location" >&2
+	echo "Failed to locate $VCREDIST.exe because cl.exe was in an unexpected location" >&2
 	exit 2
     fi
     BPATH="$NBPATH"
@@ -115,7 +133,12 @@ fail=false
 if [ '!' -z "$RCPATH" ]; then 
     BPATH=$RCPATH
     allow_fail=false
-    for x in rc bin @ANY v6.0A v7.0A v7.1; do
+    if [ $AMD64DIR = true ]; then
+	COMPONENTS="rc x64 bin @ANY v6.0A v7.0A v7.1"
+    else
+	COMPONENTS="rc bin @ANY v6.0A v7.0A v7.1"
+    fi
+    for x in $COMPONENTS; do
 	if [ $x = @ANY ]; then
 	    allow_fail=true
 	else
@@ -131,6 +154,7 @@ if [ '!' -z "$RCPATH" ]; then
 	BPATH_LIST="$BPATH_LIST $BPATH"
     fi
 fi
+# echo "BPATH_LIST=$BPATH_LIST"
 
 # Frantic search through two roots with different 
 # version directories. We want to be very specific about the
@@ -143,7 +167,7 @@ for BP in $BPATH_LIST; do
 	BPATH=$BP
 	fail=false
 	allow_fail=false
-	for x in $verdir @ANY bootstrapper packages vcredist_x86 Redist VC @ALL vcredist_x86.exe; do
+	for x in $verdir @ANY bootstrapper packages $VCREDIST Redist VC @ALL $VCREDIST.exe; do
 	    #echo "x=$x"
 	    #echo "BPATH=$BPATH"
 	    #echo "allow_fail=$allow_fail"
@@ -170,18 +194,18 @@ for BP in $BPATH_LIST; do
     fi
 done
 
-# shortcut for locating vcredist_x86.exe is to put it into $ERL_TOP
-if [ -f $ERL_TOP/vcredist_x86.exe ]; then
-    echo $ERL_TOP/vcredist_x86.exe
+# shortcut for locating $VCREDIST.exe is to put it into $ERL_TOP
+if [ -f $ERL_TOP/$VCREDIST.exe ]; then
+    echo $ERL_TOP/$VCREDIST.exe
     exit 0
 fi
 
 # or $ERL_TOP/.. to share across multiple builds
-if [ -f $ERL_TOP/../vcredist_x86.exe ]; then
-    echo $ERL_TOP/../vcredist_x86.exe
+if [ -f $ERL_TOP/../$VCREDIST.exe ]; then
+    echo $ERL_TOP/../$VCREDIST.exe
     exit 0
 fi
 
-echo "Failed to locate vcredist_x86.exe because directory structure was unexpected" >&2
+echo "Failed to locate $VCREDIST.exe because directory structure was unexpected" >&2
 exit 3
 
diff --git a/erts/etc/win32/win_erlexec.c b/erts/etc/win32/win_erlexec.c
index 0eed8e28b9..11cc6a30f7 100644
--- a/erts/etc/win32/win_erlexec.c
+++ b/erts/etc/win32/win_erlexec.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 1997-2009. All Rights Reserved.
+ * Copyright Ericsson AB 1997-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -30,6 +30,9 @@
 #include <winuser.h>
 #include <wincon.h>
 #include <process.h>
+#ifdef HAVE_CONFIG_H
+#  include "config.h"
+#endif
 #include "sys.h"
 #include "erl_driver.h"
 
diff --git a/erts/include/erl_int_sizes_config.h.in b/erts/include/erl_int_sizes_config.h.in
index 4b8a8e1b98..14d7c6a702 100644
--- a/erts/include/erl_int_sizes_config.h.in
+++ b/erts/include/erl_int_sizes_config.h.in
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2004-2010. All Rights Reserved.
+ * Copyright Ericsson AB 2004-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -32,5 +32,8 @@
 /* The number of bytes in a long long.  */
 #undef SIZEOF_LONG_LONG
 
+/* The size of a pointer. */
+#undef SIZEOF_VOID_P
+
 /* Define if building a halfword-heap 64bit emulator (needed for NIF's) */
 #undef HALFWORD_HEAP_EMULATOR
diff --git a/erts/include/internal/ethr_atomics.h b/erts/include/internal/ethr_atomics.h
index 0f3c26f1df..612894b8c1 100644
--- a/erts/include/internal/ethr_atomics.h
+++ b/erts/include/internal/ethr_atomics.h
@@ -10,7 +10,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2011. All Rights Reserved.
+ * Copyright Ericsson AB 2011-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -64,12 +64,31 @@
  * Appart from a function implementing the atomic operation
  * with unspecified memory barrier semantics, there are
  * functions implementing each operation with the following
- * memory barrier semantics:
- * - rb (read barrier)
- * - wb (write barrier)
- * - acqb (acquire barrier)
- * - relb (release barrier)
- * - mb (full memory barrier)
+ * implied memory barrier semantics:
+ * - mb   - Full memory barrier. Orders both loads, and
+ *          stores before, and after the atomic operation.
+ *          No load or store is allowed to be reordered
+ *          over the atomic operation.
+ * - relb - Release barrier. Orders both loads, and
+ *          stores appearing *before* the atomic
+ *          operation. These are not allowed to be
+ *          reordered over the atomic operation.
+ * - acqb - Acquire barrier. Orders both loads, and stores
+ *          appearing *after* the atomic operation. These
+ *          are not allowed to be reordered over the
+ *          atomic operation.
+ * - wb   - Write barrier. Orders *only* stores. These are
+ *          not allowed to be reordered over the barrier.
+ *          Store in atomic operation is ordered *after*
+ *          the barrier.
+ * - rb   - Read barrier. Orders *only* loads. These are
+ *          not allowed to be reordered over the barrier.
+ *          Load in atomic operation is ordered *before*
+ *          the barrier. 
+ * - ddrb - Data dependency read barrier. Orders *only*
+ *          loads according to data dependency across the
+ *          barrier. Load in atomic operation is ordered
+ *          before the barrier.
  *
  * We implement all of these operation/barrier
  * combinations, regardless of whether they are useful
@@ -535,24 +554,28 @@ char **ethr_native_su_dw_atomic_ops(void);
 #ifdef ETHR_NEED_DW_ATMC_PROTOTYPES__
 ethr_sint_t *ethr_dw_atomic_addr(ethr_dw_atomic_t *var);
 int ethr_dw_atomic_cmpxchg(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_sint_t *old_val);
+int ethr_dw_atomic_cmpxchg_ddrb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_sint_t *old_val);
 int ethr_dw_atomic_cmpxchg_rb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_sint_t *old_val);
 int ethr_dw_atomic_cmpxchg_wb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_sint_t *old_val);
 int ethr_dw_atomic_cmpxchg_acqb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_sint_t *old_val);
 int ethr_dw_atomic_cmpxchg_relb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_sint_t *old_val);
 int ethr_dw_atomic_cmpxchg_mb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_sint_t *old_val);
 void ethr_dw_atomic_set(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
+void ethr_dw_atomic_set_ddrb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ethr_dw_atomic_set_rb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ethr_dw_atomic_set_wb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ethr_dw_atomic_set_acqb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ethr_dw_atomic_set_relb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ethr_dw_atomic_set_mb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ethr_dw_atomic_read(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
+void ethr_dw_atomic_read_ddrb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ethr_dw_atomic_read_rb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ethr_dw_atomic_read_wb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ethr_dw_atomic_read_acqb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ethr_dw_atomic_read_relb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ethr_dw_atomic_read_mb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ethr_dw_atomic_init(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
+void ethr_dw_atomic_init_ddrb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ethr_dw_atomic_init_rb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ethr_dw_atomic_init_wb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ethr_dw_atomic_init_acqb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
@@ -561,24 +584,28 @@ void ethr_dw_atomic_init_mb(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 #if defined(ETHR_RTCHK_USE_NATIVE_DW_ATOMIC_IMPL__)
 ethr_sint_t *ETHR_DW_ATOMIC_FUNC__(addr)(ethr_dw_atomic_t *var);
 int ETHR_DW_ATOMIC_FUNC__(cmpxchg)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_sint_t *old_val);
+int ETHR_DW_ATOMIC_FUNC__(cmpxchg_ddrb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_sint_t *old_val);
 int ETHR_DW_ATOMIC_FUNC__(cmpxchg_rb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_sint_t *old_val);
 int ETHR_DW_ATOMIC_FUNC__(cmpxchg_wb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_sint_t *old_val);
 int ETHR_DW_ATOMIC_FUNC__(cmpxchg_acqb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_sint_t *old_val);
 int ETHR_DW_ATOMIC_FUNC__(cmpxchg_relb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_sint_t *old_val);
 int ETHR_DW_ATOMIC_FUNC__(cmpxchg_mb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_sint_t *old_val);
 void ETHR_DW_ATOMIC_FUNC__(set)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
+void ETHR_DW_ATOMIC_FUNC__(set_ddrb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ETHR_DW_ATOMIC_FUNC__(set_rb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ETHR_DW_ATOMIC_FUNC__(set_wb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ETHR_DW_ATOMIC_FUNC__(set_acqb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ETHR_DW_ATOMIC_FUNC__(set_relb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ETHR_DW_ATOMIC_FUNC__(set_mb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ETHR_DW_ATOMIC_FUNC__(read)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
+void ETHR_DW_ATOMIC_FUNC__(read_ddrb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ETHR_DW_ATOMIC_FUNC__(read_rb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ETHR_DW_ATOMIC_FUNC__(read_wb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ETHR_DW_ATOMIC_FUNC__(read_acqb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ETHR_DW_ATOMIC_FUNC__(read_relb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ETHR_DW_ATOMIC_FUNC__(read_mb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ETHR_DW_ATOMIC_FUNC__(init)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
+void ETHR_DW_ATOMIC_FUNC__(init_ddrb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ETHR_DW_ATOMIC_FUNC__(init_rb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ETHR_DW_ATOMIC_FUNC__(init_wb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
 void ETHR_DW_ATOMIC_FUNC__(init_acqb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val);
@@ -1491,6 +1518,15 @@ static ETHR_INLINE int ETHR_DW_ATMC_FUNC__(cmpxchg_mb)(ethr_dw_atomic_t *var, et
     return res;
 }
 
+static ETHR_INLINE int ETHR_DW_ATMC_FUNC__(cmpxchg_ddrb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_sint_t *old_val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_DW_ATMC_FUNC__(cmpxchg)(var, val, old_val);
+#else
+    return ETHR_DW_ATMC_FUNC__(cmpxchg_rb)(var, val, old_val);
+#endif
+}
+
 
 /* --- set() --- */
 
@@ -1981,6 +2017,15 @@ static ETHR_INLINE void ETHR_DW_ATMC_FUNC__(set_mb)(ethr_dw_atomic_t *var, ethr_
 
 }
 
+static ETHR_INLINE void ETHR_DW_ATMC_FUNC__(set_ddrb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ETHR_DW_ATMC_FUNC__(set)(var, val);
+#else
+    ETHR_DW_ATMC_FUNC__(set_rb)(var, val);
+#endif
+}
+
 
 /* --- read() --- */
 
@@ -2309,6 +2354,15 @@ static ETHR_INLINE void ETHR_DW_ATMC_FUNC__(read_mb)(ethr_dw_atomic_t *var, ethr
 
 }
 
+static ETHR_INLINE void ETHR_DW_ATMC_FUNC__(read_ddrb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ETHR_DW_ATMC_FUNC__(read)(var, val);
+#else
+    ETHR_DW_ATMC_FUNC__(read_rb)(var, val);
+#endif
+}
+
 
 /* --- init() --- */
 
@@ -2607,6 +2661,15 @@ static ETHR_INLINE void ETHR_DW_ATMC_FUNC__(init_mb)(ethr_dw_atomic_t *var, ethr
 
 }
 
+static ETHR_INLINE void ETHR_DW_ATMC_FUNC__(init_ddrb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ETHR_DW_ATMC_FUNC__(init)(var, val);
+#else
+    ETHR_DW_ATMC_FUNC__(init_rb)(var, val);
+#endif
+}
+
 #endif /* ETHR_DW_ATMC_INLINE__ */
 
 
@@ -2616,78 +2679,91 @@ static ETHR_INLINE void ETHR_DW_ATMC_FUNC__(init_mb)(ethr_dw_atomic_t *var, ethr
 #ifdef ETHR_NEED_ATMC_PROTOTYPES__
 ethr_sint_t *ethr_atomic_addr(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_cmpxchg(ethr_atomic_t *var, ethr_sint_t val, ethr_sint_t old_val);
+ethr_sint_t ethr_atomic_cmpxchg_ddrb(ethr_atomic_t *var, ethr_sint_t val, ethr_sint_t old_val);
 ethr_sint_t ethr_atomic_cmpxchg_rb(ethr_atomic_t *var, ethr_sint_t val, ethr_sint_t old_val);
 ethr_sint_t ethr_atomic_cmpxchg_wb(ethr_atomic_t *var, ethr_sint_t val, ethr_sint_t old_val);
 ethr_sint_t ethr_atomic_cmpxchg_acqb(ethr_atomic_t *var, ethr_sint_t val, ethr_sint_t old_val);
 ethr_sint_t ethr_atomic_cmpxchg_relb(ethr_atomic_t *var, ethr_sint_t val, ethr_sint_t old_val);
 ethr_sint_t ethr_atomic_cmpxchg_mb(ethr_atomic_t *var, ethr_sint_t val, ethr_sint_t old_val);
 ethr_sint_t ethr_atomic_xchg(ethr_atomic_t *var, ethr_sint_t val);
+ethr_sint_t ethr_atomic_xchg_ddrb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_xchg_rb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_xchg_wb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_xchg_acqb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_xchg_relb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_xchg_mb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_set(ethr_atomic_t *var, ethr_sint_t val);
+void ethr_atomic_set_ddrb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_set_rb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_set_wb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_set_acqb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_set_relb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_set_mb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_init(ethr_atomic_t *var, ethr_sint_t val);
+void ethr_atomic_init_ddrb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_init_rb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_init_wb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_init_acqb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_init_relb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_init_mb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_add_read(ethr_atomic_t *var, ethr_sint_t val);
+ethr_sint_t ethr_atomic_add_read_ddrb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_add_read_rb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_add_read_wb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_add_read_acqb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_add_read_relb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_add_read_mb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_read(ethr_atomic_t *var);
+ethr_sint_t ethr_atomic_read_ddrb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_read_rb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_read_wb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_read_acqb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_read_relb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_read_mb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_inc_read(ethr_atomic_t *var);
+ethr_sint_t ethr_atomic_inc_read_ddrb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_inc_read_rb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_inc_read_wb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_inc_read_acqb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_inc_read_relb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_inc_read_mb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_dec_read(ethr_atomic_t *var);
+ethr_sint_t ethr_atomic_dec_read_ddrb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_dec_read_rb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_dec_read_wb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_dec_read_acqb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_dec_read_relb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_dec_read_mb(ethr_atomic_t *var);
 void ethr_atomic_add(ethr_atomic_t *var, ethr_sint_t val);
+void ethr_atomic_add_ddrb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_add_rb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_add_wb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_add_acqb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_add_relb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_add_mb(ethr_atomic_t *var, ethr_sint_t val);
 void ethr_atomic_inc(ethr_atomic_t *var);
+void ethr_atomic_inc_ddrb(ethr_atomic_t *var);
 void ethr_atomic_inc_rb(ethr_atomic_t *var);
 void ethr_atomic_inc_wb(ethr_atomic_t *var);
 void ethr_atomic_inc_acqb(ethr_atomic_t *var);
 void ethr_atomic_inc_relb(ethr_atomic_t *var);
 void ethr_atomic_inc_mb(ethr_atomic_t *var);
 void ethr_atomic_dec(ethr_atomic_t *var);
+void ethr_atomic_dec_ddrb(ethr_atomic_t *var);
 void ethr_atomic_dec_rb(ethr_atomic_t *var);
 void ethr_atomic_dec_wb(ethr_atomic_t *var);
 void ethr_atomic_dec_acqb(ethr_atomic_t *var);
 void ethr_atomic_dec_relb(ethr_atomic_t *var);
 void ethr_atomic_dec_mb(ethr_atomic_t *var);
 ethr_sint_t ethr_atomic_read_band(ethr_atomic_t *var, ethr_sint_t val);
+ethr_sint_t ethr_atomic_read_band_ddrb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_read_band_rb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_read_band_wb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_read_band_acqb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_read_band_relb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_read_band_mb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_read_bor(ethr_atomic_t *var, ethr_sint_t val);
+ethr_sint_t ethr_atomic_read_bor_ddrb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_read_bor_rb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_read_bor_wb(ethr_atomic_t *var, ethr_sint_t val);
 ethr_sint_t ethr_atomic_read_bor_acqb(ethr_atomic_t *var, ethr_sint_t val);
@@ -3551,6 +3627,15 @@ static ETHR_INLINE ethr_sint_t ETHR_ATMC_FUNC__(cmpxchg_mb)(ethr_atomic_t *var,
     return res;
 }
 
+static ETHR_INLINE ethr_sint_t ETHR_ATMC_FUNC__(cmpxchg_ddrb)(ethr_atomic_t *var, ethr_sint_t val, ethr_sint_t old_val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_ATMC_FUNC__(cmpxchg)(var, val, old_val);
+#else
+    return ETHR_ATMC_FUNC__(cmpxchg_rb)(var, val, old_val);
+#endif
+}
+
 
 /* --- xchg() --- */
 
@@ -3801,6 +3886,15 @@ static ETHR_INLINE ethr_sint_t ETHR_ATMC_FUNC__(xchg_mb)(ethr_atomic_t *var, eth
     return res;
 }
 
+static ETHR_INLINE ethr_sint_t ETHR_ATMC_FUNC__(xchg_ddrb)(ethr_atomic_t *var, ethr_sint_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_ATMC_FUNC__(xchg)(var, val);
+#else
+    return ETHR_ATMC_FUNC__(xchg_rb)(var, val);
+#endif
+}
+
 
 /* --- set() --- */
 
@@ -3943,6 +4037,15 @@ static ETHR_INLINE void ETHR_ATMC_FUNC__(set_mb)(ethr_atomic_t *var, ethr_sint_t
 #endif
 }
 
+static ETHR_INLINE void ETHR_ATMC_FUNC__(set_ddrb)(ethr_atomic_t *var, ethr_sint_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ETHR_ATMC_FUNC__(set)(var, val);
+#else
+    ETHR_ATMC_FUNC__(set_rb)(var, val);
+#endif
+}
+
 
 /* --- init() --- */
 
@@ -4085,6 +4188,15 @@ static ETHR_INLINE void ETHR_ATMC_FUNC__(init_mb)(ethr_atomic_t *var, ethr_sint_
 #endif
 }
 
+static ETHR_INLINE void ETHR_ATMC_FUNC__(init_ddrb)(ethr_atomic_t *var, ethr_sint_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ETHR_ATMC_FUNC__(init)(var, val);
+#else
+    ETHR_ATMC_FUNC__(init_rb)(var, val);
+#endif
+}
+
 
 /* --- add_read() --- */
 
@@ -4335,6 +4447,15 @@ static ETHR_INLINE ethr_sint_t ETHR_ATMC_FUNC__(add_read_mb)(ethr_atomic_t *var,
     return res;
 }
 
+static ETHR_INLINE ethr_sint_t ETHR_ATMC_FUNC__(add_read_ddrb)(ethr_atomic_t *var, ethr_sint_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_ATMC_FUNC__(add_read)(var, val);
+#else
+    return ETHR_ATMC_FUNC__(add_read_rb)(var, val);
+#endif
+}
+
 
 /* --- read() --- */
 
@@ -4489,6 +4610,15 @@ static ETHR_INLINE ethr_sint_t ETHR_ATMC_FUNC__(read_mb)(ethr_atomic_t *var)
     return res;
 }
 
+static ETHR_INLINE ethr_sint_t ETHR_ATMC_FUNC__(read_ddrb)(ethr_atomic_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_ATMC_FUNC__(read)(var);
+#else
+    return ETHR_ATMC_FUNC__(read_rb)(var);
+#endif
+}
+
 
 /* --- inc_read() --- */
 
@@ -4643,6 +4773,15 @@ static ETHR_INLINE ethr_sint_t ETHR_ATMC_FUNC__(inc_read_mb)(ethr_atomic_t *var)
     return res;
 }
 
+static ETHR_INLINE ethr_sint_t ETHR_ATMC_FUNC__(inc_read_ddrb)(ethr_atomic_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_ATMC_FUNC__(inc_read)(var);
+#else
+    return ETHR_ATMC_FUNC__(inc_read_rb)(var);
+#endif
+}
+
 
 /* --- dec_read() --- */
 
@@ -4797,6 +4936,15 @@ static ETHR_INLINE ethr_sint_t ETHR_ATMC_FUNC__(dec_read_mb)(ethr_atomic_t *var)
     return res;
 }
 
+static ETHR_INLINE ethr_sint_t ETHR_ATMC_FUNC__(dec_read_ddrb)(ethr_atomic_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_ATMC_FUNC__(dec_read)(var);
+#else
+    return ETHR_ATMC_FUNC__(dec_read_rb)(var);
+#endif
+}
+
 
 /* --- add() --- */
 
@@ -4939,6 +5087,15 @@ static ETHR_INLINE void ETHR_ATMC_FUNC__(add_mb)(ethr_atomic_t *var, ethr_sint_t
 #endif
 }
 
+static ETHR_INLINE void ETHR_ATMC_FUNC__(add_ddrb)(ethr_atomic_t *var, ethr_sint_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ETHR_ATMC_FUNC__(add)(var, val);
+#else
+    ETHR_ATMC_FUNC__(add_rb)(var, val);
+#endif
+}
+
 
 /* --- inc() --- */
 
@@ -5081,6 +5238,15 @@ static ETHR_INLINE void ETHR_ATMC_FUNC__(inc_mb)(ethr_atomic_t *var)
 #endif
 }
 
+static ETHR_INLINE void ETHR_ATMC_FUNC__(inc_ddrb)(ethr_atomic_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ETHR_ATMC_FUNC__(inc)(var);
+#else
+    ETHR_ATMC_FUNC__(inc_rb)(var);
+#endif
+}
+
 
 /* --- dec() --- */
 
@@ -5223,6 +5389,15 @@ static ETHR_INLINE void ETHR_ATMC_FUNC__(dec_mb)(ethr_atomic_t *var)
 #endif
 }
 
+static ETHR_INLINE void ETHR_ATMC_FUNC__(dec_ddrb)(ethr_atomic_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ETHR_ATMC_FUNC__(dec)(var);
+#else
+    ETHR_ATMC_FUNC__(dec_rb)(var);
+#endif
+}
+
 
 /* --- read_band() --- */
 
@@ -5473,6 +5648,15 @@ static ETHR_INLINE ethr_sint_t ETHR_ATMC_FUNC__(read_band_mb)(ethr_atomic_t *var
     return res;
 }
 
+static ETHR_INLINE ethr_sint_t ETHR_ATMC_FUNC__(read_band_ddrb)(ethr_atomic_t *var, ethr_sint_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_ATMC_FUNC__(read_band)(var, val);
+#else
+    return ETHR_ATMC_FUNC__(read_band_rb)(var, val);
+#endif
+}
+
 
 /* --- read_bor() --- */
 
@@ -5723,6 +5907,15 @@ static ETHR_INLINE ethr_sint_t ETHR_ATMC_FUNC__(read_bor_mb)(ethr_atomic_t *var,
     return res;
 }
 
+static ETHR_INLINE ethr_sint_t ETHR_ATMC_FUNC__(read_bor_ddrb)(ethr_atomic_t *var, ethr_sint_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_ATMC_FUNC__(read_bor)(var, val);
+#else
+    return ETHR_ATMC_FUNC__(read_bor_rb)(var, val);
+#endif
+}
+
 #endif /* ETHR_ATMC_INLINE__ */
 
 
@@ -5732,78 +5925,91 @@ static ETHR_INLINE ethr_sint_t ETHR_ATMC_FUNC__(read_bor_mb)(ethr_atomic_t *var,
 #ifdef ETHR_NEED_ATMC32_PROTOTYPES__
 ethr_sint32_t *ethr_atomic32_addr(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_cmpxchg(ethr_atomic32_t *var, ethr_sint32_t val, ethr_sint32_t old_val);
+ethr_sint32_t ethr_atomic32_cmpxchg_ddrb(ethr_atomic32_t *var, ethr_sint32_t val, ethr_sint32_t old_val);
 ethr_sint32_t ethr_atomic32_cmpxchg_rb(ethr_atomic32_t *var, ethr_sint32_t val, ethr_sint32_t old_val);
 ethr_sint32_t ethr_atomic32_cmpxchg_wb(ethr_atomic32_t *var, ethr_sint32_t val, ethr_sint32_t old_val);
 ethr_sint32_t ethr_atomic32_cmpxchg_acqb(ethr_atomic32_t *var, ethr_sint32_t val, ethr_sint32_t old_val);
 ethr_sint32_t ethr_atomic32_cmpxchg_relb(ethr_atomic32_t *var, ethr_sint32_t val, ethr_sint32_t old_val);
 ethr_sint32_t ethr_atomic32_cmpxchg_mb(ethr_atomic32_t *var, ethr_sint32_t val, ethr_sint32_t old_val);
 ethr_sint32_t ethr_atomic32_xchg(ethr_atomic32_t *var, ethr_sint32_t val);
+ethr_sint32_t ethr_atomic32_xchg_ddrb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_xchg_rb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_xchg_wb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_xchg_acqb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_xchg_relb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_xchg_mb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_set(ethr_atomic32_t *var, ethr_sint32_t val);
+void ethr_atomic32_set_ddrb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_set_rb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_set_wb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_set_acqb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_set_relb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_set_mb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_init(ethr_atomic32_t *var, ethr_sint32_t val);
+void ethr_atomic32_init_ddrb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_init_rb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_init_wb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_init_acqb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_init_relb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_init_mb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_add_read(ethr_atomic32_t *var, ethr_sint32_t val);
+ethr_sint32_t ethr_atomic32_add_read_ddrb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_add_read_rb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_add_read_wb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_add_read_acqb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_add_read_relb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_add_read_mb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_read(ethr_atomic32_t *var);
+ethr_sint32_t ethr_atomic32_read_ddrb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_read_rb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_read_wb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_read_acqb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_read_relb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_read_mb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_inc_read(ethr_atomic32_t *var);
+ethr_sint32_t ethr_atomic32_inc_read_ddrb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_inc_read_rb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_inc_read_wb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_inc_read_acqb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_inc_read_relb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_inc_read_mb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_dec_read(ethr_atomic32_t *var);
+ethr_sint32_t ethr_atomic32_dec_read_ddrb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_dec_read_rb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_dec_read_wb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_dec_read_acqb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_dec_read_relb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_dec_read_mb(ethr_atomic32_t *var);
 void ethr_atomic32_add(ethr_atomic32_t *var, ethr_sint32_t val);
+void ethr_atomic32_add_ddrb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_add_rb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_add_wb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_add_acqb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_add_relb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_add_mb(ethr_atomic32_t *var, ethr_sint32_t val);
 void ethr_atomic32_inc(ethr_atomic32_t *var);
+void ethr_atomic32_inc_ddrb(ethr_atomic32_t *var);
 void ethr_atomic32_inc_rb(ethr_atomic32_t *var);
 void ethr_atomic32_inc_wb(ethr_atomic32_t *var);
 void ethr_atomic32_inc_acqb(ethr_atomic32_t *var);
 void ethr_atomic32_inc_relb(ethr_atomic32_t *var);
 void ethr_atomic32_inc_mb(ethr_atomic32_t *var);
 void ethr_atomic32_dec(ethr_atomic32_t *var);
+void ethr_atomic32_dec_ddrb(ethr_atomic32_t *var);
 void ethr_atomic32_dec_rb(ethr_atomic32_t *var);
 void ethr_atomic32_dec_wb(ethr_atomic32_t *var);
 void ethr_atomic32_dec_acqb(ethr_atomic32_t *var);
 void ethr_atomic32_dec_relb(ethr_atomic32_t *var);
 void ethr_atomic32_dec_mb(ethr_atomic32_t *var);
 ethr_sint32_t ethr_atomic32_read_band(ethr_atomic32_t *var, ethr_sint32_t val);
+ethr_sint32_t ethr_atomic32_read_band_ddrb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_read_band_rb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_read_band_wb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_read_band_acqb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_read_band_relb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_read_band_mb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_read_bor(ethr_atomic32_t *var, ethr_sint32_t val);
+ethr_sint32_t ethr_atomic32_read_bor_ddrb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_read_bor_rb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_read_bor_wb(ethr_atomic32_t *var, ethr_sint32_t val);
 ethr_sint32_t ethr_atomic32_read_bor_acqb(ethr_atomic32_t *var, ethr_sint32_t val);
@@ -6667,6 +6873,15 @@ static ETHR_INLINE ethr_sint32_t ETHR_ATMC32_FUNC__(cmpxchg_mb)(ethr_atomic32_t
     return res;
 }
 
+static ETHR_INLINE ethr_sint32_t ETHR_ATMC32_FUNC__(cmpxchg_ddrb)(ethr_atomic32_t *var, ethr_sint32_t val, ethr_sint32_t old_val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_ATMC32_FUNC__(cmpxchg)(var, val, old_val);
+#else
+    return ETHR_ATMC32_FUNC__(cmpxchg_rb)(var, val, old_val);
+#endif
+}
+
 
 /* --- xchg() --- */
 
@@ -6917,6 +7132,15 @@ static ETHR_INLINE ethr_sint32_t ETHR_ATMC32_FUNC__(xchg_mb)(ethr_atomic32_t *va
     return res;
 }
 
+static ETHR_INLINE ethr_sint32_t ETHR_ATMC32_FUNC__(xchg_ddrb)(ethr_atomic32_t *var, ethr_sint32_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_ATMC32_FUNC__(xchg)(var, val);
+#else
+    return ETHR_ATMC32_FUNC__(xchg_rb)(var, val);
+#endif
+}
+
 
 /* --- set() --- */
 
@@ -7059,6 +7283,15 @@ static ETHR_INLINE void ETHR_ATMC32_FUNC__(set_mb)(ethr_atomic32_t *var, ethr_si
 #endif
 }
 
+static ETHR_INLINE void ETHR_ATMC32_FUNC__(set_ddrb)(ethr_atomic32_t *var, ethr_sint32_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ETHR_ATMC32_FUNC__(set)(var, val);
+#else
+    ETHR_ATMC32_FUNC__(set_rb)(var, val);
+#endif
+}
+
 
 /* --- init() --- */
 
@@ -7201,6 +7434,15 @@ static ETHR_INLINE void ETHR_ATMC32_FUNC__(init_mb)(ethr_atomic32_t *var, ethr_s
 #endif
 }
 
+static ETHR_INLINE void ETHR_ATMC32_FUNC__(init_ddrb)(ethr_atomic32_t *var, ethr_sint32_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ETHR_ATMC32_FUNC__(init)(var, val);
+#else
+    ETHR_ATMC32_FUNC__(init_rb)(var, val);
+#endif
+}
+
 
 /* --- add_read() --- */
 
@@ -7451,6 +7693,15 @@ static ETHR_INLINE ethr_sint32_t ETHR_ATMC32_FUNC__(add_read_mb)(ethr_atomic32_t
     return res;
 }
 
+static ETHR_INLINE ethr_sint32_t ETHR_ATMC32_FUNC__(add_read_ddrb)(ethr_atomic32_t *var, ethr_sint32_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_ATMC32_FUNC__(add_read)(var, val);
+#else
+    return ETHR_ATMC32_FUNC__(add_read_rb)(var, val);
+#endif
+}
+
 
 /* --- read() --- */
 
@@ -7605,6 +7856,15 @@ static ETHR_INLINE ethr_sint32_t ETHR_ATMC32_FUNC__(read_mb)(ethr_atomic32_t *va
     return res;
 }
 
+static ETHR_INLINE ethr_sint32_t ETHR_ATMC32_FUNC__(read_ddrb)(ethr_atomic32_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_ATMC32_FUNC__(read)(var);
+#else
+    return ETHR_ATMC32_FUNC__(read_rb)(var);
+#endif
+}
+
 
 /* --- inc_read() --- */
 
@@ -7759,6 +8019,15 @@ static ETHR_INLINE ethr_sint32_t ETHR_ATMC32_FUNC__(inc_read_mb)(ethr_atomic32_t
     return res;
 }
 
+static ETHR_INLINE ethr_sint32_t ETHR_ATMC32_FUNC__(inc_read_ddrb)(ethr_atomic32_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_ATMC32_FUNC__(inc_read)(var);
+#else
+    return ETHR_ATMC32_FUNC__(inc_read_rb)(var);
+#endif
+}
+
 
 /* --- dec_read() --- */
 
@@ -7913,6 +8182,15 @@ static ETHR_INLINE ethr_sint32_t ETHR_ATMC32_FUNC__(dec_read_mb)(ethr_atomic32_t
     return res;
 }
 
+static ETHR_INLINE ethr_sint32_t ETHR_ATMC32_FUNC__(dec_read_ddrb)(ethr_atomic32_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_ATMC32_FUNC__(dec_read)(var);
+#else
+    return ETHR_ATMC32_FUNC__(dec_read_rb)(var);
+#endif
+}
+
 
 /* --- add() --- */
 
@@ -8055,6 +8333,15 @@ static ETHR_INLINE void ETHR_ATMC32_FUNC__(add_mb)(ethr_atomic32_t *var, ethr_si
 #endif
 }
 
+static ETHR_INLINE void ETHR_ATMC32_FUNC__(add_ddrb)(ethr_atomic32_t *var, ethr_sint32_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ETHR_ATMC32_FUNC__(add)(var, val);
+#else
+    ETHR_ATMC32_FUNC__(add_rb)(var, val);
+#endif
+}
+
 
 /* --- inc() --- */
 
@@ -8197,6 +8484,15 @@ static ETHR_INLINE void ETHR_ATMC32_FUNC__(inc_mb)(ethr_atomic32_t *var)
 #endif
 }
 
+static ETHR_INLINE void ETHR_ATMC32_FUNC__(inc_ddrb)(ethr_atomic32_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ETHR_ATMC32_FUNC__(inc)(var);
+#else
+    ETHR_ATMC32_FUNC__(inc_rb)(var);
+#endif
+}
+
 
 /* --- dec() --- */
 
@@ -8339,6 +8635,15 @@ static ETHR_INLINE void ETHR_ATMC32_FUNC__(dec_mb)(ethr_atomic32_t *var)
 #endif
 }
 
+static ETHR_INLINE void ETHR_ATMC32_FUNC__(dec_ddrb)(ethr_atomic32_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ETHR_ATMC32_FUNC__(dec)(var);
+#else
+    ETHR_ATMC32_FUNC__(dec_rb)(var);
+#endif
+}
+
 
 /* --- read_band() --- */
 
@@ -8589,6 +8894,15 @@ static ETHR_INLINE ethr_sint32_t ETHR_ATMC32_FUNC__(read_band_mb)(ethr_atomic32_
     return res;
 }
 
+static ETHR_INLINE ethr_sint32_t ETHR_ATMC32_FUNC__(read_band_ddrb)(ethr_atomic32_t *var, ethr_sint32_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_ATMC32_FUNC__(read_band)(var, val);
+#else
+    return ETHR_ATMC32_FUNC__(read_band_rb)(var, val);
+#endif
+}
+
 
 /* --- read_bor() --- */
 
@@ -8839,6 +9153,15 @@ static ETHR_INLINE ethr_sint32_t ETHR_ATMC32_FUNC__(read_bor_mb)(ethr_atomic32_t
     return res;
 }
 
+static ETHR_INLINE ethr_sint32_t ETHR_ATMC32_FUNC__(read_bor_ddrb)(ethr_atomic32_t *var, ethr_sint32_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_ATMC32_FUNC__(read_bor)(var, val);
+#else
+    return ETHR_ATMC32_FUNC__(read_bor_rb)(var, val);
+#endif
+}
+
 #endif /* ETHR_ATMC32_INLINE__ */
 
 #endif /* ETHR_ATOMICS_H__ */
diff --git a/erts/lib_src/Makefile.in b/erts/lib_src/Makefile.in
index 12b8732735..ea80e74100 100644
--- a/erts/lib_src/Makefile.in
+++ b/erts/lib_src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2004-2011. All Rights Reserved.
+# Copyright Ericsson AB 2004-2012. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -138,7 +138,7 @@ INCLUDES=-I$(ERTS_INCL) -I$(ERTS_INCL)/$(TARGET) -I$(ERTS_INCL_INT) -I$(ERTS_INC
 INCLUDES += -I../emulator/beam -I../emulator/sys/$(ERLANG_OSTYPE)
 
 USING_MINGW=@MIXED_CYGWIN_MINGW@
-USING_VC=@MIXED_CYGWIN_VC@
+USING_VC=@MIXED_VC@
 
 ifeq ($(USING_VC),yes)
 LIB_SUFFIX=.lib
@@ -318,10 +318,14 @@ ETHREAD_LIB=
 
 endif
 
+_create_dirs := $(shell mkdir -p $(CREATE_DIRS))
 #
 # Everything to build
 #
-all: $(CREATE_DIRS) $(ETHREAD_LIB) $(ERTS_LIBS) $(ERTS_INTERNAL_LIBS)
+.PHONY: all
+all: $(OBJ_DIR)/MADE
+
+$(OBJ_DIR)/MADE: $(ETHREAD_LIB) $(ERTS_LIBS) $(ERTS_INTERNAL_LIBS)
 ifeq ($(OMIT_OMIT_FP),yes)
 	@echo '* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *'
 	@echo '* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *'
@@ -331,6 +335,8 @@ ifeq ($(OMIT_OMIT_FP),yes)
 	@echo '* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *'
 	@echo '* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *'
 endif
+	echo  $? > $(OBJ_DIR)/MADE
+
 #
 # The libs ...
 #
@@ -428,13 +434,6 @@ $(MTd_OBJ_DIR)/%.o: $(ETHR_THR_LIB_BASE_DIR)/%.c
 	$(CC) $(THR_DEFS) $(CFLAGS) -MTd $(INCLUDES) -c $< -o $@
 
 #
-# Create directories
-#
-
-$(CREATE_DIRS):
-	$(MKDIR) -p $@
-
-#
 # Install
 #
 
@@ -471,6 +470,7 @@ INTERNAL_RELEASE_LIBS= \
 	$(ETHREAD_LIB) \
 	$(ERTS_INTERNAL_LIBS)
 
+.PHONY: release_spec
 release_spec: all
 ifneq ($(strip $(RELEASE_INCLUDES)),)
 	$(INSTALL_DIR) $(RELSYSDIR)/include
@@ -500,19 +500,20 @@ ifneq ($(strip $(INTERNAL_RELEASE_LIBS)),)
 	$(INSTALL_DATA) $(INTERNAL_RELEASE_LIBS) $(RELSYSDIR)/lib/internal
 endif
 
+.PHONY: docs
 docs: 
 
+.PHONY: release_docs_spec
 release_docs_spec:
 
-
 #
 # Cleanup
 #
+.PHONY: clean
 clean:
 	$(RM) -rf ../lib/internal/$(TARGET)/*
 	$(RM) -rf ../lib/$(TARGET)/*
 	$(RM) -rf obj/$(TARGET)/*
-	$(RM) -f $(TARGET)/depend.mk
 
 #
 # Make dependencies
@@ -554,9 +555,11 @@ SED_MDd_DEPEND=sed '$(SED_PREFIX)$(SED_REPL_MDd_O);$(SED_REPL_TT_DIR);$(SED_REPL
 SED_MT_DEPEND=sed '$(SED_PREFIX)$(SED_REPL_MT_O);$(SED_REPL_TT_DIR);$(SED_REPL_TARGET)'
 SED_MTd_DEPEND=sed '$(SED_PREFIX)$(SED_REPL_MTd_O);$(SED_REPL_TT_DIR);$(SED_REPL_TARGET)'
 
-DEPEND_MK=$(TARGET)/depend.mk
+DEPEND_MK=$(OBJ_DIR)/depend.mk
 
-depend:
+.PHONY: depend
+depend: $(DEPEND_MK)
+$(DEPEND_MK):
 	@echo "Generating dependency file $(DEPEND_MK)..."
 	@echo "# Generated dependency rules" > $(DEPEND_MK);
 	@echo "# " >> $(DEPEND_MK);
@@ -629,6 +632,8 @@ endif
 endif
 	@echo "# EOF" >> $(DEPEND_MK);
 
+ifneq ($(MAKECMDGOALS),clean)
 -include $(DEPEND_MK)
+endif
 
 # eof
diff --git a/erts/lib_src/common/erl_memory_trace_parser.c b/erts/lib_src/common/erl_memory_trace_parser.c
index ebf7182913..625c140cf9 100644
--- a/erts/lib_src/common/erl_memory_trace_parser.c
+++ b/erts/lib_src/common/erl_memory_trace_parser.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 2004-2009. All Rights Reserved.
+ * Copyright Ericsson AB 2004-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
diff --git a/erts/lib_src/common/ethr_atomics.c b/erts/lib_src/common/ethr_atomics.c
index 5796bdc22e..e4213e1eef 100644
--- a/erts/lib_src/common/ethr_atomics.c
+++ b/erts/lib_src/common/ethr_atomics.c
@@ -10,7 +10,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2011. All Rights Reserved.
+ * Copyright Ericsson AB 2011-2012. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -64,12 +64,31 @@
  * Appart from a function implementing the atomic operation
  * with unspecified memory barrier semantics, there are
  * functions implementing each operation with the following
- * memory barrier semantics:
- * - rb (read barrier)
- * - wb (write barrier)
- * - acqb (acquire barrier)
- * - relb (release barrier)
- * - mb (full memory barrier)
+ * implied memory barrier semantics:
+ * - mb   - Full memory barrier. Orders both loads, and
+ *          stores before, and after the atomic operation.
+ *          No load or store is allowed to be reordered
+ *          over the atomic operation.
+ * - relb - Release barrier. Orders both loads, and
+ *          stores appearing *before* the atomic
+ *          operation. These are not allowed to be
+ *          reordered over the atomic operation.
+ * - acqb - Acquire barrier. Orders both loads, and stores
+ *          appearing *after* the atomic operation. These
+ *          are not allowed to be reordered over the
+ *          atomic operation.
+ * - wb   - Write barrier. Orders *only* stores. These are
+ *          not allowed to be reordered over the barrier.
+ *          Store in atomic operation is ordered *after*
+ *          the barrier.
+ * - rb   - Read barrier. Orders *only* loads. These are
+ *          not allowed to be reordered over the barrier.
+ *          Load in atomic operation is ordered *before*
+ *          the barrier. 
+ * - ddrb - Data dependency read barrier. Orders *only*
+ *          loads according to data dependency across the
+ *          barrier. Load in atomic operation is ordered
+ *          before the barrier.
  *
  * We implement all of these operation/barrier
  * combinations, regardless of whether they are useful
@@ -542,6 +561,15 @@ int ethr_dw_atomic_cmpxchg(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_s
 }
 #endif
 
+int ETHR_DW_ATOMIC_FUNC__(cmpxchg_ddrb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_sint_t *old_val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ETHR_DW_ATOMIC_FUNC__(cmpxchg)(var, val, old_val);
+#else
+    return ETHR_DW_ATOMIC_FUNC__(cmpxchg_rb)(var, val, old_val);
+#endif
+}
+
 int ETHR_DW_ATOMIC_FUNC__(cmpxchg_rb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val, ethr_dw_sint_t *old_val)
 {
     int res;
@@ -756,6 +784,15 @@ void ethr_dw_atomic_set(ethr_dw_atomic_t *var, ethr_dw_sint_t *val)
 }
 #endif
 
+void ETHR_DW_ATOMIC_FUNC__(set_ddrb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ETHR_DW_ATOMIC_FUNC__(set)(var, val);
+#else
+    ETHR_DW_ATOMIC_FUNC__(set_rb)(var, val);
+#endif
+}
+
 void ETHR_DW_ATOMIC_FUNC__(set_rb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val)
 {
     ETHR_ASSERT(!ethr_not_inited__);
@@ -910,6 +947,15 @@ void ethr_dw_atomic_read(ethr_dw_atomic_t *var, ethr_dw_sint_t *val)
 }
 #endif
 
+void ETHR_DW_ATOMIC_FUNC__(read_ddrb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ETHR_DW_ATOMIC_FUNC__(read)(var, val);
+#else
+    ETHR_DW_ATOMIC_FUNC__(read_rb)(var, val);
+#endif
+}
+
 void ETHR_DW_ATOMIC_FUNC__(read_rb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val)
 {
     ETHR_ASSERT(!ethr_not_inited__);
@@ -1061,6 +1107,15 @@ void ethr_dw_atomic_init(ethr_dw_atomic_t *var, ethr_dw_sint_t *val)
 }
 #endif
 
+void ETHR_DW_ATOMIC_FUNC__(init_ddrb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ETHR_DW_ATOMIC_FUNC__(init)(var, val);
+#else
+    ETHR_DW_ATOMIC_FUNC__(init_rb)(var, val);
+#endif
+}
+
 void ETHR_DW_ATOMIC_FUNC__(init_rb)(ethr_dw_atomic_t *var, ethr_dw_sint_t *val)
 {
     ETHR_ASSERT(var);
@@ -1221,6 +1276,15 @@ ethr_sint_t ethr_atomic_cmpxchg(ethr_atomic_t *var, ethr_sint_t val, ethr_sint_t
     return res;
 }
 
+ethr_sint_t ethr_atomic_cmpxchg_ddrb(ethr_atomic_t *var, ethr_sint_t val, ethr_sint_t old_val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ethr_atomic_cmpxchg(var, val, old_val);
+#else
+    return ethr_atomic_cmpxchg_rb(var, val, old_val);
+#endif
+}
+
 ethr_sint_t ethr_atomic_cmpxchg_rb(ethr_atomic_t *var, ethr_sint_t val, ethr_sint_t old_val)
 {
     ethr_sint_t res;
@@ -1332,6 +1396,15 @@ ethr_sint_t ethr_atomic_xchg(ethr_atomic_t *var, ethr_sint_t val)
     return res;
 }
 
+ethr_sint_t ethr_atomic_xchg_ddrb(ethr_atomic_t *var, ethr_sint_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ethr_atomic_xchg(var, val);
+#else
+    return ethr_atomic_xchg_rb(var, val);
+#endif
+}
+
 ethr_sint_t ethr_atomic_xchg_rb(ethr_atomic_t *var, ethr_sint_t val)
 {
     ethr_sint_t res;
@@ -1437,6 +1510,15 @@ void ethr_atomic_set(ethr_atomic_t *var, ethr_sint_t val)
 
 }
 
+void ethr_atomic_set_ddrb(ethr_atomic_t *var, ethr_sint_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ethr_atomic_set(var, val);
+#else
+    ethr_atomic_set_rb(var, val);
+#endif
+}
+
 void ethr_atomic_set_rb(ethr_atomic_t *var, ethr_sint_t val)
 {
     ETHR_ASSERT(!ethr_not_inited__);
@@ -1536,6 +1618,15 @@ void ethr_atomic_init(ethr_atomic_t *var, ethr_sint_t val)
 
 }
 
+void ethr_atomic_init_ddrb(ethr_atomic_t *var, ethr_sint_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ethr_atomic_init(var, val);
+#else
+    ethr_atomic_init_rb(var, val);
+#endif
+}
+
 void ethr_atomic_init_rb(ethr_atomic_t *var, ethr_sint_t val)
 {
     ETHR_ASSERT(var);
@@ -1632,6 +1723,15 @@ ethr_sint_t ethr_atomic_add_read(ethr_atomic_t *var, ethr_sint_t val)
     return res;
 }
 
+ethr_sint_t ethr_atomic_add_read_ddrb(ethr_atomic_t *var, ethr_sint_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ethr_atomic_add_read(var, val);
+#else
+    return ethr_atomic_add_read_rb(var, val);
+#endif
+}
+
 ethr_sint_t ethr_atomic_add_read_rb(ethr_atomic_t *var, ethr_sint_t val)
 {
     ethr_sint_t res;
@@ -1738,6 +1838,15 @@ ethr_sint_t ethr_atomic_read(ethr_atomic_t *var)
     return res;
 }
 
+ethr_sint_t ethr_atomic_read_ddrb(ethr_atomic_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ethr_atomic_read(var);
+#else
+    return ethr_atomic_read_rb(var);
+#endif
+}
+
 ethr_sint_t ethr_atomic_read_rb(ethr_atomic_t *var)
 {
     ethr_sint_t res;
@@ -1843,6 +1952,15 @@ ethr_sint_t ethr_atomic_inc_read(ethr_atomic_t *var)
     return res;
 }
 
+ethr_sint_t ethr_atomic_inc_read_ddrb(ethr_atomic_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ethr_atomic_inc_read(var);
+#else
+    return ethr_atomic_inc_read_rb(var);
+#endif
+}
+
 ethr_sint_t ethr_atomic_inc_read_rb(ethr_atomic_t *var)
 {
     ethr_sint_t res;
@@ -1949,6 +2067,15 @@ ethr_sint_t ethr_atomic_dec_read(ethr_atomic_t *var)
     return res;
 }
 
+ethr_sint_t ethr_atomic_dec_read_ddrb(ethr_atomic_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ethr_atomic_dec_read(var);
+#else
+    return ethr_atomic_dec_read_rb(var);
+#endif
+}
+
 ethr_sint_t ethr_atomic_dec_read_rb(ethr_atomic_t *var)
 {
     ethr_sint_t res;
@@ -2054,6 +2181,15 @@ void ethr_atomic_add(ethr_atomic_t *var, ethr_sint_t val)
 
 }
 
+void ethr_atomic_add_ddrb(ethr_atomic_t *var, ethr_sint_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ethr_atomic_add(var, val);
+#else
+    ethr_atomic_add_rb(var, val);
+#endif
+}
+
 void ethr_atomic_add_rb(ethr_atomic_t *var, ethr_sint_t val)
 {
     ETHR_ASSERT(!ethr_not_inited__);
@@ -2154,6 +2290,15 @@ void ethr_atomic_inc(ethr_atomic_t *var)
 
 }
 
+void ethr_atomic_inc_ddrb(ethr_atomic_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ethr_atomic_inc(var);
+#else
+    ethr_atomic_inc_rb(var);
+#endif
+}
+
 void ethr_atomic_inc_rb(ethr_atomic_t *var)
 {
     ETHR_ASSERT(!ethr_not_inited__);
@@ -2254,6 +2399,15 @@ void ethr_atomic_dec(ethr_atomic_t *var)
 
 }
 
+void ethr_atomic_dec_ddrb(ethr_atomic_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ethr_atomic_dec(var);
+#else
+    ethr_atomic_dec_rb(var);
+#endif
+}
+
 void ethr_atomic_dec_rb(ethr_atomic_t *var)
 {
     ETHR_ASSERT(!ethr_not_inited__);
@@ -2355,6 +2509,15 @@ ethr_sint_t ethr_atomic_read_band(ethr_atomic_t *var, ethr_sint_t val)
     return res;
 }
 
+ethr_sint_t ethr_atomic_read_band_ddrb(ethr_atomic_t *var, ethr_sint_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ethr_atomic_read_band(var, val);
+#else
+    return ethr_atomic_read_band_rb(var, val);
+#endif
+}
+
 ethr_sint_t ethr_atomic_read_band_rb(ethr_atomic_t *var, ethr_sint_t val)
 {
     ethr_sint_t res;
@@ -2461,6 +2624,15 @@ ethr_sint_t ethr_atomic_read_bor(ethr_atomic_t *var, ethr_sint_t val)
     return res;
 }
 
+ethr_sint_t ethr_atomic_read_bor_ddrb(ethr_atomic_t *var, ethr_sint_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ethr_atomic_read_bor(var, val);
+#else
+    return ethr_atomic_read_bor_rb(var, val);
+#endif
+}
+
 ethr_sint_t ethr_atomic_read_bor_rb(ethr_atomic_t *var, ethr_sint_t val)
 {
     ethr_sint_t res;
@@ -2587,6 +2759,15 @@ ethr_sint32_t ethr_atomic32_cmpxchg(ethr_atomic32_t *var, ethr_sint32_t val, eth
     return res;
 }
 
+ethr_sint32_t ethr_atomic32_cmpxchg_ddrb(ethr_atomic32_t *var, ethr_sint32_t val, ethr_sint32_t old_val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ethr_atomic32_cmpxchg(var, val, old_val);
+#else
+    return ethr_atomic32_cmpxchg_rb(var, val, old_val);
+#endif
+}
+
 ethr_sint32_t ethr_atomic32_cmpxchg_rb(ethr_atomic32_t *var, ethr_sint32_t val, ethr_sint32_t old_val)
 {
     ethr_sint32_t res;
@@ -2675,6 +2856,15 @@ ethr_sint32_t ethr_atomic32_xchg(ethr_atomic32_t *var, ethr_sint32_t val)
     return res;
 }
 
+ethr_sint32_t ethr_atomic32_xchg_ddrb(ethr_atomic32_t *var, ethr_sint32_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ethr_atomic32_xchg(var, val);
+#else
+    return ethr_atomic32_xchg_rb(var, val);
+#endif
+}
+
 ethr_sint32_t ethr_atomic32_xchg_rb(ethr_atomic32_t *var, ethr_sint32_t val)
 {
     ethr_sint32_t res;
@@ -2762,6 +2952,15 @@ void ethr_atomic32_set(ethr_atomic32_t *var, ethr_sint32_t val)
 
 }
 
+void ethr_atomic32_set_ddrb(ethr_atomic32_t *var, ethr_sint32_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ethr_atomic32_set(var, val);
+#else
+    ethr_atomic32_set_rb(var, val);
+#endif
+}
+
 void ethr_atomic32_set_rb(ethr_atomic32_t *var, ethr_sint32_t val)
 {
     ETHR_ASSERT(!ethr_not_inited__);
@@ -2843,6 +3042,15 @@ void ethr_atomic32_init(ethr_atomic32_t *var, ethr_sint32_t val)
 
 }
 
+void ethr_atomic32_init_ddrb(ethr_atomic32_t *var, ethr_sint32_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ethr_atomic32_init(var, val);
+#else
+    ethr_atomic32_init_rb(var, val);
+#endif
+}
+
 void ethr_atomic32_init_rb(ethr_atomic32_t *var, ethr_sint32_t val)
 {
     ETHR_ASSERT(var);
@@ -2921,6 +3129,15 @@ ethr_sint32_t ethr_atomic32_add_read(ethr_atomic32_t *var, ethr_sint32_t val)
     return res;
 }
 
+ethr_sint32_t ethr_atomic32_add_read_ddrb(ethr_atomic32_t *var, ethr_sint32_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ethr_atomic32_add_read(var, val);
+#else
+    return ethr_atomic32_add_read_rb(var, val);
+#endif
+}
+
 ethr_sint32_t ethr_atomic32_add_read_rb(ethr_atomic32_t *var, ethr_sint32_t val)
 {
     ethr_sint32_t res;
@@ -3009,6 +3226,15 @@ ethr_sint32_t ethr_atomic32_read(ethr_atomic32_t *var)
     return res;
 }
 
+ethr_sint32_t ethr_atomic32_read_ddrb(ethr_atomic32_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ethr_atomic32_read(var);
+#else
+    return ethr_atomic32_read_rb(var);
+#endif
+}
+
 ethr_sint32_t ethr_atomic32_read_rb(ethr_atomic32_t *var)
 {
     ethr_sint32_t res;
@@ -3097,6 +3323,15 @@ ethr_sint32_t ethr_atomic32_inc_read(ethr_atomic32_t *var)
     return res;
 }
 
+ethr_sint32_t ethr_atomic32_inc_read_ddrb(ethr_atomic32_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ethr_atomic32_inc_read(var);
+#else
+    return ethr_atomic32_inc_read_rb(var);
+#endif
+}
+
 ethr_sint32_t ethr_atomic32_inc_read_rb(ethr_atomic32_t *var)
 {
     ethr_sint32_t res;
@@ -3185,6 +3420,15 @@ ethr_sint32_t ethr_atomic32_dec_read(ethr_atomic32_t *var)
     return res;
 }
 
+ethr_sint32_t ethr_atomic32_dec_read_ddrb(ethr_atomic32_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ethr_atomic32_dec_read(var);
+#else
+    return ethr_atomic32_dec_read_rb(var);
+#endif
+}
+
 ethr_sint32_t ethr_atomic32_dec_read_rb(ethr_atomic32_t *var)
 {
     ethr_sint32_t res;
@@ -3272,6 +3516,15 @@ void ethr_atomic32_add(ethr_atomic32_t *var, ethr_sint32_t val)
 
 }
 
+void ethr_atomic32_add_ddrb(ethr_atomic32_t *var, ethr_sint32_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ethr_atomic32_add(var, val);
+#else
+    ethr_atomic32_add_rb(var, val);
+#endif
+}
+
 void ethr_atomic32_add_rb(ethr_atomic32_t *var, ethr_sint32_t val)
 {
     ETHR_ASSERT(!ethr_not_inited__);
@@ -3354,6 +3607,15 @@ void ethr_atomic32_inc(ethr_atomic32_t *var)
 
 }
 
+void ethr_atomic32_inc_ddrb(ethr_atomic32_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ethr_atomic32_inc(var);
+#else
+    ethr_atomic32_inc_rb(var);
+#endif
+}
+
 void ethr_atomic32_inc_rb(ethr_atomic32_t *var)
 {
     ETHR_ASSERT(!ethr_not_inited__);
@@ -3436,6 +3698,15 @@ void ethr_atomic32_dec(ethr_atomic32_t *var)
 
 }
 
+void ethr_atomic32_dec_ddrb(ethr_atomic32_t *var)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ethr_atomic32_dec(var);
+#else
+    ethr_atomic32_dec_rb(var);
+#endif
+}
+
 void ethr_atomic32_dec_rb(ethr_atomic32_t *var)
 {
     ETHR_ASSERT(!ethr_not_inited__);
@@ -3519,6 +3790,15 @@ ethr_sint32_t ethr_atomic32_read_band(ethr_atomic32_t *var, ethr_sint32_t val)
     return res;
 }
 
+ethr_sint32_t ethr_atomic32_read_band_ddrb(ethr_atomic32_t *var, ethr_sint32_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ethr_atomic32_read_band(var, val);
+#else
+    return ethr_atomic32_read_band_rb(var, val);
+#endif
+}
+
 ethr_sint32_t ethr_atomic32_read_band_rb(ethr_atomic32_t *var, ethr_sint32_t val)
 {
     ethr_sint32_t res;
@@ -3607,6 +3887,15 @@ ethr_sint32_t ethr_atomic32_read_bor(ethr_atomic32_t *var, ethr_sint32_t val)
     return res;
 }
 
+ethr_sint32_t ethr_atomic32_read_bor_ddrb(ethr_atomic32_t *var, ethr_sint32_t val)
+{
+#ifdef ETHR_ORDERED_READ_DEPEND
+    return ethr_atomic32_read_bor(var, val);
+#else
+    return ethr_atomic32_read_bor_rb(var, val);
+#endif
+}
+
 ethr_sint32_t ethr_atomic32_read_bor_rb(ethr_atomic32_t *var, ethr_sint32_t val)
 {
     ethr_sint32_t res;
diff --git a/erts/lib_src/pthread/ethread.c b/erts/lib_src/pthread/ethread.c
index ad29249bac..fb7d135418 100644
--- a/erts/lib_src/pthread/ethread.c
+++ b/erts/lib_src/pthread/ethread.c
@@ -123,34 +123,53 @@ ethr_ts_event *ethr_get_tse__(void)
 
 #if defined(ETHR_PPC_RUNTIME_CONF__)
 
-static volatile int lwsync_caused_sigill;
+#include <sys/wait.h>
 
 static void
 handle_lwsync_sigill(int signum)
 {
-    lwsync_caused_sigill = 1;
+    _exit(1);
 }
 
 static int
 ppc_init__(void)
 {
-    struct sigaction act, oact;
-    lwsync_caused_sigill = 0;
+    int pid;
 
-    sigemptyset(&act.sa_mask);
-    act.sa_flags = 0;
-    act.sa_handler = handle_lwsync_sigill;
-    if (sigaction(SIGILL, &act, &oact) != 0)
-	return errno;
+    /* If anything what so ever failes we assume no lwsync for safety */
+    ethr_runtime__.conf.have_lwsync = 0;
+
+    /*
+     * We perform the lwsync test (which might cause an illegal
+     * instruction signal) in a separate process in order to be
+     * completely certain that we do not mess up our own state.
+     */
+    pid = fork();
+    if (pid == 0) {
+	struct sigaction act, oact;
 
-    __asm__ __volatile__ ("lwsync\n\t" : : : "memory");
+	sigemptyset(&act.sa_mask);
+	act.sa_flags = SA_RESETHAND;
+	act.sa_handler = handle_lwsync_sigill;
+	if (sigaction(SIGILL, &act, &oact) != 0)
+	    _exit(2);
 
-    act.sa_flags = 0;
-    act.sa_handler = SIG_DFL;
-    if (sigaction(SIGILL, &act, &oact) != 0)
-	return errno;
+	__asm__ __volatile__ ("lwsync\n\t" : : : "memory");
+
+	_exit(0);
+    }
 
-    ethr_runtime__.conf.have_lwsync = (int) !lwsync_caused_sigill;
+    if (pid != -1) {
+	while (1) {
+	    int status, res;
+	    res = waitpid(pid, &status, 0);
+	    if (res == pid) {
+		if (WIFEXITED(status) && WEXITSTATUS(status) == 0)
+		    ethr_runtime__.conf.have_lwsync = 1;
+		break;
+	    }
+	}
+    }
     return 0;
 }
 
diff --git a/erts/lib_src/utils/make_atomics_api b/erts/lib_src/utils/make_atomics_api
index f4e71c7618..d8b1a56100 100755
--- a/erts/lib_src/utils/make_atomics_api
+++ b/erts/lib_src/utils/make_atomics_api
@@ -4,7 +4,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2011. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -50,7 +50,9 @@
 -define(DW_RTCHK_MACRO, "ETHR_RTCHK_USE_NATIVE_DW_ATOMIC_IMPL__").
 
 %% Barrier versions we implement
--define(BARRIERS, [none, rb, wb, acqb, relb, mb]).
+-define(BARRIERS, [none, ddrb, rb, wb, acqb, relb, mb]).
+-define(NON_NATIVE_BARRIERS, [ddrb]).
+-define(NATIVE_BARRIERS, (?BARRIERS -- ?NON_NATIVE_BARRIERS)).
 
 -define(ATOMIC_SIZES, ["dword", "word", "32"]).
 
@@ -381,7 +383,6 @@ do_func_header(#atomic_context{dw = true,
 	       cmpxchg, Inline, Func) ->
     [Inline, "int ", Func, "(", AtomicT, " *", Arg1, ", ", AintT, " *", Arg2, ", ", AintT, " *", Arg3, ")"].
 
-
 xbarriers(_Op, none, _NB) ->
     {"", ""};
 
@@ -455,7 +456,7 @@ try_barrier_order_first(mb) ->
 
 try_barrier_order(B) ->
     First = try_barrier_order_first(B),
-    First ++ (?BARRIERS -- First).
+    First ++ (?NATIVE_BARRIERS -- First).
 
 native_barrier_op(#atomic_context{'NATMC' = NATMC} = AC, If, ExtraDecl, Op, B, NB, TypeCasts) ->
     NOpStr = opstr(native(Op)),
@@ -571,12 +572,12 @@ do_cmpxchg_fallback_define(#atomic_context{'NATMC' = NATMC,
     NoneTryBarrierOrder = try_barrier_order(none),
     %% First a sanity check
     ["
-#if (", NotDefCMPXCHG(hd(?BARRIERS)) ,
+#if (", NotDefCMPXCHG(hd(?NATIVE_BARRIERS)) ,
      lists:map(fun (B) ->
 		       [" \\
      && ", NotDefCMPXCHG(B)]
 	       end,
-	       tl(?BARRIERS)), ")
+	       tl(?NATIVE_BARRIERS)), ")
 #  error \"No native cmpxchg() op available\"
 #endif
 
@@ -744,7 +745,7 @@ translate_have_defs(#atomic_context{dw = DW, 'NATMC' = NATMC}) ->
 								      ]
 							     end]
 						    end,
-						    ?BARRIERS)
+						    ?NATIVE_BARRIERS)
 				  end,
 				  case DW of
 				      true -> ?DW_ATOMIC_OPS;
@@ -801,6 +802,46 @@ rtchk_fallback_call(Return, #atomic_context{dw = DW,
 			false -> [RetVar, " ="]
 		    end, [?DW_FUNC_MACRO, "(", opstr(Op), op_barrier_ext(B), ")"], Arg1, Arg2, Arg3, "").
 
+non_native_barrier(B) ->
+    lists:member(B, ?NON_NATIVE_BARRIERS).
+
+non_native_barrier_impl(AC, Type, Macro, Op, B) ->
+    ["
+", func_header(AC, Type, Macro, Op, B), "
+{",
+     case B of
+	 ddrb ->
+	     ["
+#ifdef ETHR_ORDERED_READ_DEPEND
+    ", func_call(AC, Type, Macro, Op, none, true), "
+#else
+    ", func_call(AC, Type, Macro, Op, rb, true), "
+#endif
+"
+	     ]
+     end,
+     "}
+"
+    ].
+
+func_call(#atomic_context{'ATMC' = ATMC} = AC, inline_implementation, _Macro, Op, B, RetStatement) ->
+    func_call(AC, Op, ["ETHR_", ATMC, "_FUNC__(", opstr(Op), op_barrier_ext(B), ")"], RetStatement);
+func_call(#atomic_context{atomic = Atomic} = AC, implementation, false, Op, B, RetStatement) ->
+    func_call(AC, Op, [Atomic, "_", opstr(Op), op_barrier_ext(B)], RetStatement);
+func_call(AC, implementation, Macro, Op, B, RetStatement) ->
+    func_call(AC, Op, [Macro, "(", opstr(Op), op_barrier_ext(B), ")"], RetStatement).
+
+func_call(#atomic_context{dw = DW, arg1 = Arg1, arg2 = Arg2, arg3 = Arg3} = AC, Op, Func, true) ->
+    op_call(Op, DW, case is_return_op(AC, Op) of
+			true -> "return";
+			false -> ""
+		    end, Func, Arg1, Arg2, Arg3, "");
+func_call(#atomic_context{dw = DW, arg1 = Arg1, arg2 = Arg2, arg3 = Arg3, ret_var = RetVar} = AC, Op, Func, false) ->
+    op_call(Op, DW, case is_return_op(AC, Op) of
+			true -> [RetVar, " = "];
+			false -> ""
+		    end, Func, Arg1, Arg2, Arg3, "").
+
 make_implementations(#atomic_context{dw = DW,
 				     ret_type = RetType,
 				     ret_var = RetVar,
@@ -858,73 +899,78 @@ make_implementations(#atomic_context{dw = DW,
 
 ",
 			lists:map(fun (B) ->
-					  TryBarriers = try_barrier_order(B),
-					  ["
+					  case non_native_barrier(B) of
+					      true ->
+						  non_native_barrier_impl(AC, inline_implementation, false, Op, B);
+					      false ->
+						  TryBarriers = try_barrier_order(B),
+						  ["
 ", func_header(AC, inline_implementation, false, Op, B), "
 {
 ",
-					   case is_return_op(AC, Op) of
-					       true ->
-						   ["    ", RetType, " ", RetVar, ";\n"];
-					       _ -> ""
-					   end,
-					   case DW of
-					       true ->
-						   [RtchkBegin,
-						    "\n",
-						    su_dw_native_barrier_op(AC, "#if", Op, B, hd(TryBarriers)),
-						    lists:map(fun (NB) ->
-								      su_dw_native_barrier_op(AC, "#elif", Op, B, NB)
-							      end,
-							      tl(TryBarriers)),
-						    lists:map(fun (NB) ->
-								      dw_native_barrier_op(AC, "#elif", "", Op, B, NB)
-							      end,
-							      TryBarriers),
-						   case simple_fallback(AC, Op, B) of
-						       "" ->
-							   %% No simple fallback available;
-							   %% use cmpxchg() fallbacks...
-							   [cmpxchg_fallbacks(AC#atomic_context{'NATMC' = ["SU_", NATMC]}, true, Op, B),
-							    cmpxchg_fallbacks(AC, false, Op, B),
-							    "#else
+						   case is_return_op(AC, Op) of
+						       true ->
+							   ["    ", RetType, " ", RetVar, ";\n"];
+						       _ -> ""
+						   end,
+						   case DW of
+						       true ->
+							   [RtchkBegin,
+							    "\n",
+							    su_dw_native_barrier_op(AC, "#if", Op, B, hd(TryBarriers)),
+							    lists:map(fun (NB) ->
+									      su_dw_native_barrier_op(AC, "#elif", Op, B, NB)
+								      end,
+								      tl(TryBarriers)),
+							    lists:map(fun (NB) ->
+									      dw_native_barrier_op(AC, "#elif", "", Op, B, NB)
+								      end,
+								      TryBarriers),
+							    case simple_fallback(AC, Op, B) of
+								"" ->
+								    %% No simple fallback available;
+								    %% use cmpxchg() fallbacks...
+								    [cmpxchg_fallbacks(AC#atomic_context{'NATMC' = ["SU_", NATMC]}, true, Op, B),
+								     cmpxchg_fallbacks(AC, false, Op, B),
+								     "#else
 #error \"Missing implementation of ", Atomic, "_", opstr(Op), op_barrier_ext(B), "()!\"
 #endif
 "
-							   ];
-						       SimpleFallback ->
-							   ["#else\n", SimpleFallback, "#endif\n"]
-						   end,
-						    RtchkEnd(false, Op, B), "\n"];
-					       false ->
-						   [native_barrier_op(AC, "#if", "", Op, B, hd(TryBarriers), true),
-						    lists:map(fun (NB) ->
-								      native_barrier_op(AC, "#elif", "", Op, B, NB, true)
-							      end,
-							      tl(TryBarriers)),
-						    case simple_fallback(AC, Op, B) of
-							"" ->
-							    %% No simple fallback available;
-							    %% use cmpxchg() fallbacks...
-							    [cmpxchg_fallbacks(AC, false, Op, B),
-							     "#else
+								    ];
+								SimpleFallback ->
+								    ["#else\n", SimpleFallback, "#endif\n"]
+							    end,
+							    RtchkEnd(false, Op, B), "\n"];
+						       false ->
+							   [native_barrier_op(AC, "#if", "", Op, B, hd(TryBarriers), true),
+							    lists:map(fun (NB) ->
+									      native_barrier_op(AC, "#elif", "", Op, B, NB, true)
+								      end,
+								      tl(TryBarriers)),
+							    case simple_fallback(AC, Op, B) of
+								"" ->
+								    %% No simple fallback available;
+								    %% use cmpxchg() fallbacks...
+								    [cmpxchg_fallbacks(AC, false, Op, B),
+								     "#else
 #error \"Missing implementation of ", Atomic, "_", opstr(Op), op_barrier_ext(B), "()!\"
 #endif
 "
-							    ];
-							SimpleFallback ->
-							    ["#else\n", SimpleFallback, "#endif\n"]
-						    end]
-					   end,
-					   case is_return_op(AC, Op) of
-					       true ->
-						   ["    return ", RetVar, ";\n"];
-					       false ->
-						   ""
-					   end,
-					   "}\n"]
+								    ];
+								SimpleFallback ->
+								    ["#else\n", SimpleFallback, "#endif\n"]
+							    end]
+						   end,
+						   case is_return_op(AC, Op) of
+						       true ->
+							   ["    return ", RetVar, ";\n"];
+						       false ->
+							   ""
+						   end,
+						   "}\n"]
+					  end
 				  end,
-				  ?BARRIERS)]
+				  ?NATIVE_BARRIERS ++ ?NON_NATIVE_BARRIERS)] %% non-native needs to be after native...
 	       end,
 	       case DW of
 		   true -> ?DW_ATOMIC_OPS;
@@ -1159,33 +1205,38 @@ int ethr_have_native_dw_atomic(void)
 
 ",
 			lists:map(fun (B) ->
-					  ["\n",
-					   func_header(AC, implementation,
-						       case DW of
-							   true -> ?DW_FUNC_MACRO;
-							   false -> false
-						       end,  Op, B),
-					   "\n{\n",
-					   case is_return_op(AC, Op) of
-					       true -> ["    ", RetType, " ", RetVar, ";\n"];
-					       false -> ""
-					   end,
-					   case Op of
-					       init -> "";
-					       _ -> ["    ETHR_ASSERT(!ethr_not_inited__);\n"]
-					   end,
-					   ["    ETHR_ASSERT(", Arg1, ");\n"],
-					   make_native_impl_op(AC, Op, B),
-					   make_amc_fallback_op(AC#atomic_context{arg1 = FallbackVar}, Op, B), 
-					   make_locked_fallback_op(AC#atomic_context{arg1 = FallbackVar}, Op, B),
-					   case is_return_op(AC, Op) of
-					       true -> ["    return ", RetVar, ";"
-						       ];
-					       false ->
-						   ""
-					   end,
-					   "\n}\n",
-					   make_symbol_to_fallback_impl(AC, Op, B)]
+					Macro = case DW of
+						   true -> ?DW_FUNC_MACRO;
+						   false -> false
+						end,
+					case non_native_barrier(B) of
+					    true ->
+						non_native_barrier_impl(AC, implementation, Macro, Op, B);
+					    false ->
+						["\n",
+					   	func_header(AC, implementation, Macro,  Op, B),
+						   "\n{\n",
+						   case is_return_op(AC, Op) of
+						       true -> ["    ", RetType, " ", RetVar, ";\n"];
+						       false -> ""
+						   end,
+						   case Op of
+						       init -> "";
+						       _ -> ["    ETHR_ASSERT(!ethr_not_inited__);\n"]
+						   end,
+						   ["    ETHR_ASSERT(", Arg1, ");\n"],
+						   make_native_impl_op(AC, Op, B),
+						   make_amc_fallback_op(AC#atomic_context{arg1 = FallbackVar}, Op, B), 
+						   make_locked_fallback_op(AC#atomic_context{arg1 = FallbackVar}, Op, B),
+						   case is_return_op(AC, Op) of
+						       true -> ["    return ", RetVar, ";"
+							       ];
+						       false ->
+							   ""
+						   end,
+						   "\n}\n",
+						   make_symbol_to_fallback_impl(AC, Op, B)]
+					  end
 				  end,
 				  ?BARRIERS)]
 	       end,
@@ -1233,7 +1284,7 @@ static char *native_", DW, "atomic", Bits, "_ops[] = {",
 #endif"
 							     ]
 						     end,
-						     ?BARRIERS)
+						     ?NATIVE_BARRIERS)
 				   end,
 				   case NBits of
 				       "dw" -> ?DW_ATOMIC_OPS;
@@ -1390,25 +1441,51 @@ comments() ->
  * Appart from a function implementing the atomic operation
  * with unspecified memory barrier semantics, there are
  * functions implementing each operation with the following
- * memory barrier semantics:
-",
+ * implied memory barrier semantics:",
      lists:map(fun (none) ->
 		       "";
-		   (rb) ->
-		       [" * - rb (read barrier)\n"];
-		   (wb) ->
-		       [" * - wb (write barrier)\n"];
+		   (mb) ->
+		       ["
+ * - mb   - Full memory barrier. Orders both loads, and
+ *          stores before, and after the atomic operation.
+ *          No load or store is allowed to be reordered
+ *          over the atomic operation."];
 		   (acqb) ->
-		       [" * - acqb (acquire barrier)\n"];
+		       ["
+ * - acqb - Acquire barrier. Orders both loads, and stores
+ *          appearing *after* the atomic operation. These
+ *          are not allowed to be reordered over the
+ *          atomic operation."];
 		   (relb) ->
-		       [" * - relb (release barrier)\n"];
-		   (mb) ->
-		       [" * - mb (full memory barrier)\n"];
+		       ["
+ * - relb - Release barrier. Orders both loads, and
+ *          stores appearing *before* the atomic
+ *          operation. These are not allowed to be
+ *          reordered over the atomic operation."];
+		   (rb) ->
+		       ["
+ * - rb   - Read barrier. Orders *only* loads. These are
+ *          not allowed to be reordered over the barrier.
+ *          Load in atomic operation is ordered *before*
+ *          the barrier. "];
+		   (ddrb) ->
+		       ["
+ * - ddrb - Data dependency read barrier. Orders *only*
+ *          loads according to data dependency across the
+ *          barrier. Load in atomic operation is ordered
+ *          before the barrier."];
+		   (wb) ->
+		       ["
+ * - wb   - Write barrier. Orders *only* stores. These are
+ *          not allowed to be reordered over the barrier.
+ *          Store in atomic operation is ordered *after*
+ *          the barrier."];
 		   (B) ->
 		       [" * - ", a2l(B), "\n"]
 	       end,
-	       ?BARRIERS),
-     " *
+	       lists:reverse(?BARRIERS)),
+     "
+ *
  * We implement all of these operation/barrier
  * combinations, regardless of whether they are useful
  * or not (some of them are useless).
diff --git a/erts/preloaded/ebin/erl_prim_loader.beam b/erts/preloaded/ebin/erl_prim_loader.beam
index fe91a604b5..df1831f340 100644
--- a/erts/preloaded/ebin/erl_prim_loader.beam
+++ b/erts/preloaded/ebin/erl_prim_loader.beam
diff --git a/erts/preloaded/ebin/erlang.beam b/erts/preloaded/ebin/erlang.beam
index dda24d4405..b78747bc84 100644
--- a/erts/preloaded/ebin/erlang.beam
+++ b/erts/preloaded/ebin/erlang.beam
diff --git a/erts/preloaded/ebin/init.beam b/erts/preloaded/ebin/init.beam
index 37fd8bb832..cc170b86b2 100644
--- a/erts/preloaded/ebin/init.beam
+++ b/erts/preloaded/ebin/init.beam
diff --git a/erts/preloaded/ebin/otp_ring0.beam b/erts/preloaded/ebin/otp_ring0.beam
index e255cc803f..45a409738c 100644
--- a/erts/preloaded/ebin/otp_ring0.beam
+++ b/erts/preloaded/ebin/otp_ring0.beam
diff --git a/erts/preloaded/ebin/prim_file.beam b/erts/preloaded/ebin/prim_file.beam
index 6227b562a1..87e80aae9b 100644
--- a/erts/preloaded/ebin/prim_file.beam
+++ b/erts/preloaded/ebin/prim_file.beam
diff --git a/erts/preloaded/ebin/prim_inet.beam b/erts/preloaded/ebin/prim_inet.beam
index d44bbbbd27..f382236af7 100644
--- a/erts/preloaded/ebin/prim_inet.beam
+++ b/erts/preloaded/ebin/prim_inet.beam
diff --git a/erts/preloaded/ebin/prim_zip.beam b/erts/preloaded/ebin/prim_zip.beam
index 7e1a5d1fdb..411fc8d524 100644
--- a/erts/preloaded/ebin/prim_zip.beam
+++ b/erts/preloaded/ebin/prim_zip.beam
diff --git a/erts/preloaded/ebin/zlib.beam b/erts/preloaded/ebin/zlib.beam
index ebf9f8e6d6..bf88a51502 100644
--- a/erts/preloaded/ebin/zlib.beam
+++ b/erts/preloaded/ebin/zlib.beam
diff --git a/erts/preloaded/src/erl_prim_loader.erl b/erts/preloaded/src/erl_prim_loader.erl
index 35defde692..14a7a2bf20 100644
--- a/erts/preloaded/src/erl_prim_loader.erl
+++ b/erts/preloaded/src/erl_prim_loader.erl
@@ -129,7 +129,7 @@ start(Id, Pgm0, Hosts) ->
             {error,Reason}
     end.
 
-%% Hosts must be a list on form ['1.2.3.4' ...]
+%% Hosts must be a list of form ['1.2.3.4' ...]
 start_it("inet", Id, Pid, Hosts) ->
     process_flag(trap_exit, true),
     ?dbg(inet, {Id,Pid,Hosts}),
diff --git a/erts/preloaded/src/erlang.erl b/erts/preloaded/src/erlang.erl
index e9a59a7aaf..4cbff3f36e 100644
--- a/erts/preloaded/src/erlang.erl
+++ b/erts/preloaded/src/erlang.erl
@@ -43,6 +43,9 @@
 -export([memory/0, memory/1]).
 -export([alloc_info/1, alloc_sizes/1]).
 
+-export([gather_sched_wall_time_result/1,
+	 await_sched_wall_time_modifications/2]).
+
 -deprecated([hash/2]).
 
 % Get rid of autoimports of spawn to avoid clashes with ourselves.
@@ -1091,8 +1094,6 @@ receive_emd(Ref, EMD, N) ->
 receive_emd(Ref) ->
     receive_emd(Ref, #memory{}, erlang:system_info(schedulers)).
 
-aa_mem_data(notsup, _) ->
-    notsup;
 aa_mem_data(#memory{} = Mem,
 	    [{maximum, Max} | Rest]) ->
     aa_mem_data(Mem#memory{maximum = Max},
@@ -1204,3 +1205,34 @@ receive_allocator(Ref, N, Acc) ->
 	{Ref, _, InfoList} ->
 	    receive_allocator(Ref, N-1, insert_info(InfoList, Acc))
     end.
+
+-spec await_sched_wall_time_modifications(Ref, Result) -> boolean() when
+      Ref :: reference(),
+      Result :: boolean().
+
+await_sched_wall_time_modifications(Ref, Result) ->
+    sched_wall_time(Ref, erlang:system_info(schedulers)),
+    Result.
+
+-spec gather_sched_wall_time_result(Ref) -> [{pos_integer(),
+					      non_neg_integer(),
+					      non_neg_integer()}] when
+      Ref :: reference().
+
+gather_sched_wall_time_result(Ref) when is_reference(Ref) ->
+    sched_wall_time(Ref, erlang:system_info(schedulers), []).
+
+sched_wall_time(_Ref, 0) ->
+    ok;
+sched_wall_time(Ref, N) ->
+    receive Ref -> sched_wall_time(Ref, N-1) end.
+
+sched_wall_time(_Ref, 0, Acc) ->
+    Acc;
+sched_wall_time(Ref, N, undefined) ->
+    receive {Ref, _} -> sched_wall_time(Ref, N-1, undefined) end;
+sched_wall_time(Ref, N, Acc) ->
+    receive
+	{Ref, undefined} -> sched_wall_time(Ref, N-1, undefined);
+	{Ref, SWT} -> sched_wall_time(Ref, N-1, [SWT|Acc])
+    end.
diff --git a/erts/preloaded/src/prim_file.erl b/erts/preloaded/src/prim_file.erl
index 30b7a5246a..36cbe329e8 100644
--- a/erts/preloaded/src/prim_file.erl
+++ b/erts/preloaded/src/prim_file.erl
@@ -26,7 +26,8 @@
 
 %% Generic file contents operations
 -export([open/2, close/1, datasync/1, sync/1, advise/4, position/2, truncate/1,
-	 write/2, pwrite/2, pwrite/3, read/2, read_line/1, pread/2, pread/3, copy/3]).
+	 write/2, pwrite/2, pwrite/3, read/2, read_line/1, pread/2, pread/3,
+	 copy/3, sendfile/10]).
 
 %% Specialized file operations
 -export([open/1, open/3]).
@@ -44,13 +45,13 @@
 	 rename/2, rename/3, 
 	 make_dir/1, make_dir/2,
 	 del_dir/1, del_dir/2,
-	 read_file_info/1, read_file_info/2,
+	 read_file_info/1, read_file_info/2, read_file_info/3,
 	 altname/1, altname/2,
-	 write_file_info/2, write_file_info/3,
+	 write_file_info/2, write_file_info/3, write_file_info/4,
 	 make_link/2, make_link/3,
 	 make_symlink/2, make_symlink/3,
 	 read_link/1, read_link/2,
-	 read_link_info/1, read_link_info/2,
+	 read_link_info/1, read_link_info/2, read_link_info/3,
 	 list_dir/1, list_dir/2]).
 %% How to start and stop the ?DRV port.
 -export([start/0, stop/1]).
@@ -98,6 +99,7 @@
 -define(FILE_READ_LINE,        29).
 -define(FILE_FDATASYNC,        30).
 -define(FILE_ADVISE,           31).
+-define(FILE_SENDFILE,         32).
 
 %% Driver responses
 -define(FILE_RESP_OK,          0).
@@ -537,7 +539,31 @@ write_file(File, Bin) when (is_list(File) orelse is_binary(File)) ->
     end;
 write_file(_, _) -> 
     {error, badarg}.
-    
+
+
+%% Returns {error, Reason} | {ok, BytesCopied}
+%sendfile(_,_,_,_,_,_,_,_,_,_) ->
+%    {error, enotsup};
+sendfile(#file_descriptor{module = ?MODULE, data = {Port, _}},
+	 Dest, Offset, Bytes, _ChunkSize, Headers, Trailers,
+	 _Nodiskio, _MNowait, _Sync) ->
+    case erlang:port_get_data(Dest) of
+	Data when Data == inet_tcp; Data == inet6_tcp ->
+	    ok = inet:lock_socket(Dest,true),
+	    {ok, DestFD} = prim_inet:getfd(Dest),
+	    try drv_command(Port, [<<?FILE_SENDFILE, DestFD:32,
+				     0:8,
+				     Offset:64/unsigned,
+				     Bytes:64/unsigned,
+				     (iolist_size(Headers)):32/unsigned,
+				     (iolist_size(Trailers)):32/unsigned>>,
+				   Headers,Trailers])
+	    after
+		ok = inet:lock_socket(Dest,false)
+	    end;
+	_Else ->
+	    {error,badarg}
+    end.
 
 
 %%%-----------------------------------------------------------------
@@ -699,16 +725,33 @@ del_dir_int(Port, Dir) ->
 
 
 
-%% read_file_info/{1,2}
+%% read_file_info/{1,2,3}
 
 read_file_info(File) ->
-    read_file_info_int({?DRV, [binary]}, File).
+    read_file_info_int({?DRV, [binary]}, File, local).
 
 read_file_info(Port, File) when is_port(Port) ->
-    read_file_info_int(Port, File).
+    read_file_info_int(Port, File, local);
+read_file_info(File, Opts) ->
+    read_file_info_int({?DRV, [binary]}, File, plgv(time, Opts, local)).
+
+read_file_info(Port, File, Opts) when is_port(Port) ->
+    read_file_info_int(Port, File, plgv(time, Opts, local)).
+
+read_file_info_int(Port, File, TimeType) ->
+    try
+	case drv_command(Port, [?FILE_FSTAT, pathname(File)]) of
+	    {ok, FI} -> {ok, FI#file_info{
+			ctime = from_seconds(FI#file_info.ctime, TimeType),
+			mtime = from_seconds(FI#file_info.mtime, TimeType),
+			atime = from_seconds(FI#file_info.atime, TimeType)
+		    }};
+	    Error    -> Error
+	end
+    catch
+	error:_ -> {error, badarg}
+    end.
 
-read_file_info_int(Port, File) ->
-    drv_command(Port, [?FILE_FSTAT, pathname(File)]).
 
 %% altname/{1,2}
 
@@ -721,38 +764,61 @@ altname(Port, File) when is_port(Port) ->
 altname_int(Port, File) ->
     drv_command(Port, [?FILE_ALTNAME, pathname(File)]).
 
-%% write_file_info/{2,3}
+%% write_file_info/{2,3,4}
 
 write_file_info(File, Info) ->
-    write_file_info_int({?DRV, [binary]}, File, Info).
+    write_file_info_int({?DRV, [binary]}, File, Info, local).
 
 write_file_info(Port, File, Info) when is_port(Port) ->
-    write_file_info_int(Port, File, Info).
+    write_file_info_int(Port, File, Info, local);
+write_file_info(File, Info, Opts) ->
+    write_file_info_int({?DRV, [binary]}, File, Info, plgv(time, Opts, local)).
+
+write_file_info(Port, File, Info, Opts) when is_port(Port) ->
+    write_file_info_int(Port, File, Info, plgv(time, Opts, local)).
 
-write_file_info_int(Port, 
-		    File, 
+write_file_info_int(Port, File, 
 		    #file_info{mode=Mode, 
 			       uid=Uid, 
 			       gid=Gid,
 			       atime=Atime0, 
 			       mtime=Mtime0, 
-			       ctime=Ctime}) ->
-    {Atime, Mtime} =
-	case {Atime0, Mtime0} of
-	    {undefined, Mtime0} -> {erlang:localtime(), Mtime0};
-	    {Atime0, undefined} -> {Atime0, Atime0};
-	    Complete -> Complete
-	end,
-    drv_command(Port, [?FILE_WRITE_INFO, 
-			int_to_bytes(Mode), 
-			int_to_bytes(Uid), 
-			int_to_bytes(Gid),
-			date_to_bytes(Atime), 
-			date_to_bytes(Mtime), 
-			date_to_bytes(Ctime),
-			pathname(File)]).
+			       ctime=Ctime0},
+		       TimeType) ->
+
+    % Atime and/or Mtime might be undefined
+    %  - use localtime() for atime, if atime is undefined
+    %  - use atime as mtime if mtime is undefined
+    %  - use mtime as ctime if ctime is undefined
+
+    try
+	Atime = file_info_validate_atime(Atime0, TimeType),
+	Mtime = file_info_validate_mtime(Mtime0, Atime),
+	Ctime = file_info_validate_ctime(Ctime0, Mtime),
+
+	drv_command(Port, [?FILE_WRITE_INFO, 
+		int_to_int32bytes(Mode), 
+		int_to_int32bytes(Uid), 
+		int_to_int32bytes(Gid),
+		int_to_int64bytes(to_seconds(Atime, TimeType)), 
+		int_to_int64bytes(to_seconds(Mtime, TimeType)), 
+		int_to_int64bytes(to_seconds(Ctime, TimeType)),
+		pathname(File)])
+    catch
+	error:_ -> {error, badarg}
+    end.
+
 
+file_info_validate_atime(Atime, _) when Atime =/= undefined -> Atime;
+file_info_validate_atime(undefined, local)     -> erlang:localtime();
+file_info_validate_atime(undefined, universal) -> erlang:universaltime();
+file_info_validate_atime(undefined, posix)     -> erlang:universaltime_to_posixtime(erlang:universaltime()).
 
+file_info_validate_mtime(undefined, Atime) -> Atime;
+file_info_validate_mtime(Mtime, _)         -> Mtime.
+
+file_info_validate_ctime(undefined, Mtime) -> Mtime;
+file_info_validate_ctime(Ctime, _)         -> Ctime.
 
 %% make_link/{2,3}
 
@@ -796,15 +862,31 @@ read_link_int(Port, Link) ->
 %% read_link_info/{2,3}
 
 read_link_info(Link) ->
-    read_link_info_int({?DRV, [binary]}, Link).
+    read_link_info_int({?DRV, [binary]}, Link, local).
 
 read_link_info(Port, Link) when is_port(Port) ->
-    read_link_info_int(Port, Link).
+    read_link_info_int(Port, Link, local);
+
+read_link_info(Link, Opts) ->
+    read_link_info_int({?DRV, [binary]}, Link, plgv(time, Opts, local)).
 
-read_link_info_int(Port, Link) ->
-    drv_command(Port, [?FILE_LSTAT, pathname(Link)]).
+read_link_info(Port, Link, Opts) when is_port(Port) ->
+    read_link_info_int(Port, Link, plgv(time, Opts, local)).
 
 
+read_link_info_int(Port, Link, TimeType) ->
+    try
+	case drv_command(Port, [?FILE_LSTAT, pathname(Link)]) of
+	    {ok, FI} -> {ok, FI#file_info{
+			ctime = from_seconds(FI#file_info.ctime, TimeType),
+			mtime = from_seconds(FI#file_info.mtime, TimeType),
+			atime = from_seconds(FI#file_info.atime, TimeType)
+		    }};
+	    Error    -> Error
+	end
+    catch
+	error:_ -> {error, badarg}
+    end.
 
 %% list_dir/{1,2}
 
@@ -1049,7 +1131,7 @@ translate_response(?FILE_RESP_DATA, List) ->
     {_N, _Data} = ND = get_uint64(List),
     {ok, ND};
 translate_response(?FILE_RESP_INFO, List) when is_list(List) ->
-    {ok, transform_info_ints(get_uint32s(List))};
+    {ok, transform_info(List)};
 translate_response(?FILE_RESP_NUMERR, L0) ->
     {N, L1} = get_uint64(L0),
     {error, {N, list_to_atom(L1)}};
@@ -1103,27 +1185,37 @@ translate_response(?FILE_RESP_ALL_DATA, Data) ->
 translate_response(X, Data) ->
     {error, {bad_response_from_port, [X | Data]}}.
 
-transform_info_ints(Ints) ->
-    [HighSize, LowSize, Type|Tail0] = Ints,
-    Size = HighSize * 16#100000000 + LowSize,
-    [Ay, Am, Ad, Ah, Ami, As|Tail1]  = Tail0,
-    [My, Mm, Md, Mh, Mmi, Ms|Tail2] = Tail1,
-    [Cy, Cm, Cd, Ch, Cmi, Cs|Tail3] = Tail2,
-    [Mode, Links, Major, Minor, Inode, Uid, Gid, Access] = Tail3,
+transform_info([
+    Hsize1, Hsize2, Hsize3, Hsize4, 
+    Lsize1, Lsize2, Lsize3, Lsize4,
+    Type1,  Type2,  Type3,  Type4,
+    Atime1, Atime2, Atime3, Atime4, Atime5, Atime6, Atime7, Atime8,
+    Mtime1, Mtime2, Mtime3, Mtime4, Mtime5, Mtime6, Mtime7, Mtime8,
+    Ctime1, Ctime2, Ctime3, Ctime4, Ctime5, Ctime6, Ctime7, Ctime8,
+    Mode1,  Mode2,  Mode3,  Mode4,
+    Links1, Links2, Links3, Links4,
+    Major1, Major2, Major3, Major4,
+    Minor1, Minor2, Minor3, Minor4,
+    Inode1, Inode2, Inode3, Inode4,
+    Uid1,   Uid2,   Uid3,   Uid4,
+    Gid1,   Gid2,   Gid3,   Gid4,
+    Access1,Access2,Access3,Access4]) ->
     #file_info {
-		size = Size,
-		type = file_type(Type),
-		access = file_access(Access),
-		atime = {{Ay, Am, Ad}, {Ah, Ami, As}},
-		mtime = {{My, Mm, Md}, {Mh, Mmi, Ms}},
-		ctime = {{Cy, Cm, Cd}, {Ch, Cmi, Cs}},
-		mode = Mode,
-		links = Links,
-		major_device = Major,
-		minor_device = Minor,
-		inode = Inode,
-		uid = Uid,
-		gid = Gid}.
+		size   = uint32(Hsize1,Hsize2,Hsize3,Hsize4)*16#100000000 + uint32(Lsize1,Lsize2,Lsize3,Lsize4),
+		type   = file_type(uint32(Type1,Type2,Type3,Type4)),
+		access = file_access(uint32(Access1,Access2,Access3,Access4)),
+		atime  = sint64(Atime1, Atime2, Atime3, Atime4, Atime5, Atime6, Atime7, Atime8),
+		mtime  = sint64(Mtime1, Mtime2, Mtime3, Mtime4, Mtime5, Mtime6, Mtime7, Mtime8),
+		ctime  = sint64(Ctime1, Ctime2, Ctime3, Ctime4, Ctime5, Ctime6, Ctime7, Ctime8),
+		mode   = uint32(Mode1,Mode2,Mode3,Mode4),
+		links  = uint32(Links1,Links2,Links3,Links4),
+		major_device = uint32(Major1,Major2,Major3,Major4),
+		minor_device = uint32(Minor1,Minor2,Minor3,Minor4),
+		inode = uint32(Inode1,Inode2,Inode3,Inode4),
+		uid   = uint32(Uid1,Uid2,Uid3,Uid4),
+		gid   = uint32(Gid1,Gid2,Gid3,Gid4)
+	    }.
+    
     
 file_type(1) -> device;
 file_type(2) -> directory;
@@ -1136,24 +1228,22 @@ file_access(1) -> write;
 file_access(2) -> read;
 file_access(3) -> read_write.
 
-int_to_bytes(Int) when is_integer(Int) ->
+int_to_int32bytes(Int) when is_integer(Int) ->
     <<Int:32>>;
-int_to_bytes(undefined) ->
+int_to_int32bytes(undefined) ->
     <<-1:32>>.
 
-date_to_bytes(undefined) ->
-    <<-1:32, -1:32, -1:32, -1:32, -1:32, -1:32>>;
-date_to_bytes({{Y, Mon, D}, {H, Min, S}}) ->
-    <<Y:32, Mon:32, D:32, H:32, Min:32, S:32>>.
+int_to_int64bytes(Int) when is_integer(Int) ->
+    <<Int:64/signed>>.
 
-%% uint64([[X1, X2, X3, X4] = Y1 | [X5, X6, X7, X8] = Y2]) ->
-%%     (uint32(Y1) bsl 32) bor uint32(Y2).
 
-%% uint64(X1, X2, X3, X4, X5, X6, X7, X8) ->
-%%     (uint32(X1, X2, X3, X4) bsl 32) bor uint32(X5, X6, X7, X8).
+sint64(I1,I2,I3,I4,I5,I6,I7,I8) when I1 > 127 ->
+    ((I1 bsl 56) bor (I2 bsl 48) bor (I3 bsl 40) bor (I4 bsl 32) bor
+	(I5 bsl 24) bor (I6 bsl 16) bor (I7 bsl  8) bor I8) - (1 bsl 64);
+sint64(I1,I2,I3,I4,I5,I6,I7,I8) ->
+    ((I1 bsl 56) bor (I2 bsl 48) bor (I3 bsl 40) bor (I4 bsl 32) bor
+	(I5 bsl 24) bor (I6 bsl 16) bor (I7 bsl  8) bor I8).
 
-%% uint32([X1,X2,X3,X4]) ->
-%%     (X1 bsl 24) bor (X2 bsl 16) bor (X3 bsl 8) bor X4.
 
 uint32(X1,X2,X3,X4) ->
     (X1 bsl 24) bor (X2 bsl 16) bor (X3 bsl 8) bor X4.
@@ -1166,11 +1256,6 @@ get_uint64(L0) ->
 get_uint32([X1,X2,X3,X4|List]) ->
     {(((((X1 bsl 8) bor X2) bsl 8) bor X3) bsl 8) bor X4, List}.
 
-get_uint32s([X1,X2,X3,X4|Tail]) ->
-    [uint32(X1,X2,X3,X4) | get_uint32s(Tail)];
-get_uint32s([]) -> [].
-
-
 
 %% Binary mode
 transform_ldata(<<0:32, 0:32>>) ->
@@ -1249,3 +1334,28 @@ reverse(L, T) -> lists:reverse(L, T).
 % in list_to_binary, which is caught and generates the {error,badarg} return
 pathname(File) ->
     (catch prim_file:internal_name2native(File)).
+
+
+%% proplist:get_value/3
+plgv(K, [{K, V}|_], _) -> V;
+plgv(K, [_|KVs], D)    -> plgv(K, KVs, D);
+plgv(_, [], D)         -> D.
+
+%%
+%% We don't actually want this here
+%% We want to use posix time in all prim but erl_prim_loader makes that tricky
+%% It is probably needed to redo the whole erl_prim_loader
+
+from_seconds(Seconds, posix) when is_integer(Seconds) ->
+    Seconds;
+from_seconds(Seconds, universal) when is_integer(Seconds) ->
+    erlang:posixtime_to_universaltime(Seconds);
+from_seconds(Seconds, local) when is_integer(Seconds) ->
+    erlang:universaltime_to_localtime(erlang:posixtime_to_universaltime(Seconds)).
+
+to_seconds(Seconds, posix) when is_integer(Seconds) ->
+    Seconds;
+to_seconds({_,_} = Datetime, universal) ->
+    erlang:universaltime_to_posixtime(Datetime);
+to_seconds({_,_} = Datetime, local) ->
+    erlang:universaltime_to_posixtime(erlang:localtime_to_universaltime(Datetime)).
diff --git a/erts/preloaded/src/prim_inet.erl b/erts/preloaded/src/prim_inet.erl
index f144f73d68..0cedd284db 100644
--- a/erts/preloaded/src/prim_inet.erl
+++ b/erts/preloaded/src/prim_inet.erl
@@ -36,7 +36,8 @@
 -export([recvfrom/2, recvfrom/3]).
 -export([setopt/3, setopts/2, getopt/2, getopts/2, is_sockopt_val/2]).
 -export([chgopt/3, chgopts/2]).
--export([getstat/2, getfd/1, getindex/1, getstatus/1, gettype/1, 
+-export([getstat/2, getfd/1, ignorefd/2,
+	 getindex/1, getstatus/1, gettype/1,
 	 getifaddrs/1, getiflist/1, ifget/3, ifset/3,
 	 gethostname/1]).
 -export([getservbyname/3, getservbyport/3]).
@@ -842,6 +843,21 @@ getfd(S) when is_port(S) ->
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%
+%% IGNOREFD(insock(),boolean()) -> {ok,integer()} | {error, Reason}
+%%
+%% steal internal file descriptor
+%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+ignorefd(S,Bool) when is_port(S) ->
+    Val = if Bool -> 1; true -> 0 end,
+    case ctl_cmd(S, ?INET_REQ_IGNOREFD, [Val]) of
+	{ok, _} -> ok;
+	Error -> Error
+    end.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%
 %% GETIX(insock()) -> {ok,integer()} | {error, Reason}
 %%
 %% get internal socket index
diff --git a/erts/preloaded/src/prim_zip.erl b/erts/preloaded/src/prim_zip.erl
index 392a9feb45..d29f17ae56 100644
--- a/erts/preloaded/src/prim_zip.erl
+++ b/erts/preloaded/src/prim_zip.erl
@@ -432,7 +432,7 @@ binary_io({file_info, B}, _) ->
 	    is_binary(B) -> {regular, byte_size(B)};
 	    B =:= directory -> {directory, 0}
 	end,
-    Now = calendar:local_time(),
+    Now = erlang:localtime(),
     #file_info{size = Size, type = Type, access = read_write,
 	       atime = Now, mtime = Now, ctime = Now,
 	       mode = 0, links = 1, major_device = 0,
diff --git a/erts/start_scripts/Makefile b/erts/start_scripts/Makefile
index 4df7568484..d8e39062e3 100644
--- a/erts/start_scripts/Makefile
+++ b/erts/start_scripts/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1997-2010. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -74,7 +74,7 @@ $(SS_ROOT)/start_clean.script \
 $(SS_ROOT)/start_clean.boot:	$(SS_ROOT)/start_clean.rel
 	$(INSTALL_DIR) $(SS_TMP)
 	( cd $(SS_TMP) && \
-	$(ERLC) $(SASL_FLAGS) $(SCRIPT_PATH) -o $(SS_ROOT) $< )
+	$(ERLC) $(SASL_FLAGS) $(SCRIPT_PATH) +no_warn_sasl -o $(SS_ROOT) $< )
 
 $(SS_ROOT)/start_sasl.script \
 $(SS_ROOT)/start_sasl.boot:	$(SS_ROOT)/start_sasl.rel
@@ -128,7 +128,7 @@ $(SS_ROOT)/start_all_example.rel:	$(SS_ROOT)/start_all_example.rel.src \
 $(ERL_TOP)/bin/start.script:
 	$(INSTALL_DIR) $(SS_TMP)
 	( cd $(SS_TMP) && \
-	  $(ERLC) $(SCRIPT_PATH) +otp_build -o $@ $(SS_ROOT)/start_clean.rel )
+	  $(ERLC) $(SCRIPT_PATH) +no_warn_sasl +otp_build -o $@ $(SS_ROOT)/start_clean.rel )
 
 $(ERL_TOP)/bin/start_sasl.script:
 	$(INSTALL_DIR) $(SS_TMP)
@@ -138,7 +138,7 @@ $(ERL_TOP)/bin/start_sasl.script:
 $(ERL_TOP)/bin/start_clean.script:
 	$(INSTALL_DIR) $(SS_TMP)
 	( cd $(SS_TMP) && \
-	  $(ERLC) $(SCRIPT_PATH) +otp_build -o $@ $(SS_ROOT)/start_clean.rel )
+	  $(ERLC) $(SCRIPT_PATH) +no_warn_sasl +otp_build -o $@ $(SS_ROOT)/start_clean.rel )
 
 ## Special target used from system/build/Makefile for source code release bootstrap.
 bootstrap_scripts: $(SS_ROOT)/start_clean.rel
diff --git a/erts/test/erl_print_SUITE.erl b/erts/test/erl_print_SUITE.erl
index ee1a200530..adc353bd51 100644
--- a/erts/test/erl_print_SUITE.erl
+++ b/erts/test/erl_print_SUITE.erl
@@ -303,7 +303,7 @@ read_case_data(Port, TestCase) ->
 	      {Port, {data, {eol, [?PID_MARKER | PidStr]}}} ->
 		  ?line ?t:format("Port program pid: ~s~n", [PidStr]),
 		  ?line CaseProc = self(),
-		  ?line list_to_integer(PidStr), % Sanity check
+		  ?line _ = list_to_integer(PidStr), % Sanity check
 		  spawn_opt(fun () ->
 				    port_prog_killer(CaseProc, PidStr)
 			    end,
diff --git a/erts/test/erl_print_SUITE_data/Makefile.src b/erts/test/erl_print_SUITE_data/Makefile.src
index 109d55e572..dec5650416 100644
--- a/erts/test/erl_print_SUITE_data/Makefile.src
+++ b/erts/test/erl_print_SUITE_data/Makefile.src
@@ -1,7 +1,7 @@
 # 
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2005-2009. All Rights Reserved.
+# Copyright Ericsson AB 2005-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -27,7 +27,7 @@ EPTF_CFLAGS = -Wall $(CFLAGS) @DEFS@ -I@erts_lib_include_internal@ -I@erts_lib_i
 EPTF_LIBS = $(LIBS) -L@erts_lib_internal_path@ -lerts_internal@type_marker@
 
 EPTT_CFLAGS = -DTHREAD_SAFE $(ETHR_DEFS) $(EPTF_CFLAGS)
-EPTT_LIBS = $(LIBS) -L@erts_lib_internal_path@ -lerts_internal_r@type_marker@ $(ETHR_LIBS)
+EPTT_LIBS = -L@erts_lib_internal_path@ -lerts_internal_r@type_marker@ $(ETHR_LIBS) $(LIBS)
 
 GCC = .@DS@gccifier -CC"$(CC)"
 
diff --git a/erts/test/erlc_SUITE.erl b/erts/test/erlc_SUITE.erl
index a9e28672e3..6c0d662126 100644
--- a/erts/test/erlc_SUITE.erl
+++ b/erts/test/erlc_SUITE.erl
@@ -154,7 +154,8 @@ compile_mib(Config) when is_list(Config) ->
 
     ?line BadFile = filename:join(SrcDir, "BAD-MIB.mib"),
     ?line run(Config, Cmd, BadFile, "",
-	      ["Error: syntax error before: mibs\$", "compilation_failed_ERROR_"]),
+	      ["BAD-MIB.mib: 1: syntax error before: mibs\$",
+	       "compilation_failed_ERROR_"]),
 
     %% Make sure that no -I option works.
 
@@ -237,6 +238,12 @@ num_d_options() ->
 	    %% of arguments is 16383.
 	    %% See: http://www.in-ulm.de/~mascheck/various/argmax/
 	    5440;
+	{{unix,darwin},{Major,_,_}} when Major >= 11 ->
+	    %% "getconf ARG_MAX" still reports 262144 (as in previous
+	    %% version of MacOS X), but the useful space seem to have
+	    %% shrunk significantly (or possibly the number of arguments).
+	    %% 7673
+	    7500;
 	{_,_} ->
 	    12000
     end.
diff --git a/erts/test/ethread_SUITE.erl b/erts/test/ethread_SUITE.erl
index 4206bebfe7..5bb5aed3ed 100644
--- a/erts/test/ethread_SUITE.erl
+++ b/erts/test/ethread_SUITE.erl
@@ -68,9 +68,6 @@ tests() ->
      atomic,
      dw_atomic_massage].
 
-all(doc) -> [];
-all(suite) -> tests().
-
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
@@ -125,35 +122,37 @@ try_lock_mutex(suite) ->
 try_lock_mutex(Config) ->
     run_case(Config, "try_lock_mutex", "").
 
-wd_dispatch(P) ->
-    receive
-	bye ->
-	    ?line true = port_command(P, "-1 "),
-	    ?line bye;
-	L when is_list(L) ->
-	    ?line true = port_command(P, L),
-	    ?line wd_dispatch(P)
-    end.
-
-watchdog(Port) ->
-    ?line process_flag(priority, max),
-    ?line receive after 500 -> ok end,
-
-    ?line random:seed(),
-    ?line true = port_command(Port, "0 "),
-    ?line lists:foreach(fun (T) ->
-				erlang:send_after(T,
-						  self(),
-						  integer_to_list(T)
-						  ++ " ")
-			end,
-			lists:usort(lists:map(fun (_) ->
-						      random:uniform(4500)+500
-					      end,
-					      lists:duplicate(50,0)))),
-    ?line erlang:send_after(5100, self(), bye),
-
-    wd_dispatch(Port).
+%% Remove dead code?
+
+% wd_dispatch(P) ->
+%     receive
+% 	bye ->
+% 	    ?line true = port_command(P, "-1 "),
+% 	    ?line bye;
+% 	L when is_list(L) ->
+% 	    ?line true = port_command(P, L),
+% 	    ?line wd_dispatch(P)
+%     end.
+% 
+% watchdog(Port) ->
+%     ?line process_flag(priority, max),
+%     ?line receive after 500 -> ok end,
+% 
+%     ?line random:seed(),
+%     ?line true = port_command(Port, "0 "),
+%     ?line lists:foreach(fun (T) ->
+% 				erlang:send_after(T,
+% 						  self(),
+% 						  integer_to_list(T)
+% 						  ++ " ")
+% 			end,
+% 			lists:usort(lists:map(fun (_) ->
+% 						      random:uniform(4500)+500
+% 					      end,
+% 					      lists:duplicate(50,0)))),
+%     ?line erlang:send_after(5100, self(), bye),
+% 
+%     wd_dispatch(Port).
 
 cond_wait(doc) ->
     ["Tests ethr_cond_wait with ethr_cond_signal and ethr_cond_broadcast."];
@@ -174,7 +173,15 @@ detached_thread(doc) ->
 detached_thread(suite) ->
     [];
 detached_thread(Config) ->
-    run_case(Config, "detached_thread", "").
+    case {os:type(), os:version()} of
+	{{unix,darwin}, {9, _, _}} ->
+	    %% For some reason pthread_create() crashes when more
+	    %% threads cannot be created, instead of returning an
+	    %% error code on our MacOS X Leopard machine...
+	    {skipped, "MacOS X Leopard cannot cope with this test..."};
+	_ ->
+	    run_case(Config, "detached_thread", "")
+    end.
 
 max_threads(doc) ->
     ["Tests maximum number of threads."];
@@ -299,7 +306,7 @@ read_case_data(Port, TestCase) ->
 	      {Port, {data, {eol, [?PID_MARKER | PidStr]}}} ->
 		  ?line ?t:format("Port program pid: ~s~n", [PidStr]),
 		  ?line CaseProc = self(),
-		  ?line list_to_integer(PidStr), % Sanity check
+		  ?line _ = list_to_integer(PidStr), % Sanity check
 		  spawn_opt(fun () ->
 				    port_prog_killer(CaseProc, PidStr)
 			    end,
diff --git a/erts/test/ethread_SUITE_data/ethread_tests.c b/erts/test/ethread_SUITE_data/ethread_tests.c
index 7e7e133d6c..ed96ecdbd2 100644
--- a/erts/test/ethread_SUITE_data/ethread_tests.c
+++ b/erts/test/ethread_SUITE_data/ethread_tests.c
@@ -82,6 +82,7 @@ static void
 print_eol(void)
 {
     fprintf(stderr, EOL);
+    fflush(stderr);
 }
 
 static void print_line(char *frmt,...)
@@ -826,6 +827,7 @@ detached_thread_test(void)
  * Tests
  */
 #define MTT_TIMES 10
+#define MTT_HARD_LIMIT (80000)
 
 static int mtt_terminate;
 static ethr_mutex mtt_mutex;
@@ -866,14 +868,20 @@ mtt_create_join_threads(void)
     while (1) {
 	if (ix >= no_tids) {
 	    no_tids += 100;
+	    if (no_tids > MTT_HARD_LIMIT) {
+		print_line("Hit the hard limit on number of threads (%d)!", 
+			   MTT_HARD_LIMIT);
+		break;
+	    }
 	    tids = (ethr_tid *) realloc((void *)tids, sizeof(ethr_tid)*no_tids);
 	    ASSERT(tids);
 	}
 	res = ethr_thr_create(&tids[ix], mtt_thread, NULL, NULL);
-	if (res != 0)
+	if (res != 0) {
 	    break;
+	}
 	ix++;
-    } while (res == 0);
+    }
 
     no_threads = ix;
 
diff --git a/erts/test/otp_SUITE.erl b/erts/test/otp_SUITE.erl
index d61fbbddcf..79cd91221f 100644
--- a/erts/test/otp_SUITE.erl
+++ b/erts/test/otp_SUITE.erl
@@ -94,15 +94,16 @@ undefined_functions(Config) when is_list(Config) ->
     case Undef of
 	[] -> ok;
 	_ ->
+	    Fd = open_log(Config, "undefined_functions"),
 	    foreach(fun ({MFA1,MFA2}) ->
 			    io:format("~s calls undefined ~s",
+				      [format_mfa(MFA1),format_mfa(MFA2)]),
+			    io:format(Fd, "~s ~s\n",
 				      [format_mfa(MFA1),format_mfa(MFA2)])
 		    end, Undef),
+	    close_log(Fd),
 	    ?line ?t:fail({length(Undef),undefined_functions_in_otp})
-
-    end,
-
-    ok.
+    end.
 
 hipe_filter(Undef) ->
     case erlang:system_info(hipe_architecture) of
@@ -211,7 +212,10 @@ deprecated_not_in_obsolete(Config) when is_list(Config) ->
 	_ ->
 	    io:put_chars("The following functions have -deprecated() attributes,\n"
 			 "but are not listed in otp_internal:obsolete/3.\n"),
-	    ?line print_mfas(L),
+	    ?line print_mfas(group_leader(), L),
+	    Fd = open_log(Config, "deprecated_not_obsolete"),
+	    print_mfas(Fd, L),
+	    close_log(Fd),
 	    ?line ?t:fail({length(L),deprecated_but_not_obsolete})
     end.
 
@@ -232,11 +236,13 @@ obsolete_but_not_deprecated(Config) when is_list(Config) ->
 	    io:put_chars("The following functions are listed "
 			 "in otp_internal:obsolete/3,\n"
 			 "but don't have -deprecated() attributes.\n"),
-	    ?line print_mfas(L),
+	    ?line print_mfas(group_leader(), L),
+	    Fd = open_log(Config, "obsolete_not_deprecated"),
+	    print_mfas(Fd, L),
+	    close_log(Fd),
 	    ?line ?t:fail({length(L),obsolete_but_not_deprecated})
     end.
     
-    
 call_to_deprecated(Config) when is_list(Config) ->
     Server = ?config(xref_server, Config),
     ?line {ok,DeprecatedCalls} = xref:q(Server, "strict(E || DF)"),
@@ -302,10 +308,20 @@ strong_components(Config) when is_list(Config) ->
 %%%
     
 
-print_mfas([MFA|T]) ->
-    io:format("~s\n", [format_mfa(MFA)]),
-    print_mfas(T);
-print_mfas([]) -> ok.
+print_mfas(Fd, [MFA|T]) ->
+    io:format(Fd, "~s\n", [format_mfa(MFA)]),
+    print_mfas(Fd, T);
+print_mfas(_, []) -> ok.
 
 format_mfa({M,F,A}) ->
     lists:flatten(io_lib:format("~s:~s/~p", [M,F,A])).
+
+open_log(Config, Name) ->
+    PrivDir = ?config(priv_dir, Config),
+    RunDir = filename:dirname(filename:dirname(PrivDir)),
+    Path = filename:join(RunDir, "system_"++Name++".log"),
+    {ok,Fd} = file:open(Path, [write]),
+    Fd.
+
+close_log(Fd) ->
+    ok = file:close(Fd).
diff --git a/erts/test/z_SUITE.erl b/erts/test/z_SUITE.erl
index 482ecb8fba..28da923497 100644
--- a/erts/test/z_SUITE.erl
+++ b/erts/test/z_SUITE.erl
@@ -236,8 +236,8 @@ format_core(#core_search_conf{file = false}, Core, Ignore) ->
 	      [Ignore, Core] ++ mod_time_list(Core));
 format_core(#core_search_conf{file = File}, Core, Ignore) ->
     FRes = str_strip(os:cmd(File ++ " " ++ Core)),
-    case catch regexp:match(FRes, Core) of
-	{match, _, _} ->
+    case catch re:run(FRes, Core, [caseless,{capture,none}]) of
+	match ->
 	    io:format("  ~s~s " ++ time_fstr() ++ "~n",
 		      [Ignore, FRes] ++ mod_time_list(Core));
 	_ ->
diff --git a/erts/vsn.mk b/erts/vsn.mk
index 1b3cd67947..bbf77b1a68 100644
--- a/erts/vsn.mk
+++ b/erts/vsn.mk
@@ -1,7 +1,7 @@
 # 
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1997-2011. All Rights Reserved.
+# Copyright Ericsson AB 1997-2012. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -17,8 +17,8 @@
 # %CopyrightEnd%
 # 
 
-VSN = 5.9
-SYSTEM_VSN = R15B
+VSN = 5.9.1
+SYSTEM_VSN = R15B01
 
 # Port number 4365 in 4.2
 # Port number 4366 in 4.3
diff --git a/lib/Makefile b/lib/Makefile
index 37e8ce06d7..aa4e074830 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -19,53 +19,21 @@
 include $(ERL_TOP)/make/target.mk
 include $(ERL_TOP)/make/$(TARGET)/otp.mk
 
-#
-# Macros
-#
-ifeq ($(findstring vxworks,$(TARGET)),vxworks)
-  ERTS_SUB_DIRECTORIES = stdlib sasl kernel compiler
-  OTHER_SUB_DIRECTORIES =	\
-     snmp otp_mibs appmon erl_interface os_mon tools runtime_tools
-  ifdef BUILD_ALL
-    OTHER_SUB_DIRECTORIES += mnesia jinterface ic asn1 debugger \
-	inets mnesia_session diameter orber pman tv observer \
-	cosTransactions cosEvent cosTime cosNotification cosProperty 
-	cosFileTransfer cosEventDomain
-  endif
-else
-#
-# unix and win32
-# --------------
-#
-    ERTS_SUB_DIRECTORIES = stdlib sasl kernel compiler
-    OTHER_SUB_DIRECTORIES = tools test_server common_test runtime_tools
-    ifdef BUILD_ALL
-      ifeq ($(findstring win32,$(TARGET)),win32) # BUILD_ALL on win32
-        OTHER_SUB_DIRECTORIES += 			\
-          snmp otp_mibs appmon erl_interface asn1 jinterface gs wx inets ic \
-          mnesia crypto orber os_mon parsetools syntax_tools pman \
-          public_key ssl toolbar tv observer debugger reltool odbc \
-          diameter \
-          cosTransactions cosEvent cosTime cosNotification cosProperty \
-          cosFileTransfer cosEventDomain et megaco webtool \
-	  xmerl edoc eunit ssh inviso typer erl_docgen \
-	  common_test percept dialyzer
-# dialyzer
-        OTHER_SUB_DIRECTORIES += hipe
-      else # BUILD_ALL on unix
-        OTHER_SUB_DIRECTORIES += \
-          snmp otp_mibs appmon erl_interface asn1 jinterface wx debugger reltool gs inets \
+ERTS_SUB_DIRECTORIES = stdlib sasl kernel compiler
+OTHER_SUB_DIRECTORIES = tools test_server common_test runtime_tools
+ifdef BUILD_ALL
+  OTHER_SUB_DIRECTORIES += \
+          snmp otp_mibs appmon erl_interface asn1 jinterface \
+          wx debugger reltool gs inets \
           ic mnesia crypto orber os_mon parsetools syntax_tools \
           pman public_key ssl toolbar tv observer odbc \
           diameter \
           cosTransactions cosEvent cosTime cosNotification \
           cosProperty cosFileTransfer cosEventDomain et megaco webtool \
 	  xmerl edoc eunit ssh inviso typer erl_docgen \
-	  common_test percept dialyzer
-# dialyzer
-        OTHER_SUB_DIRECTORIES += hipe $(TSP_APP)
-      endif
-    endif
+	  percept dialyzer hipe
+  EXTRA_FILE := $(wildcard EXTRA-APPLICATIONS)
+  EXTRA_APPLICATIONS := $(if $(EXTRA_FILE),$(shell cat $(EXTRA_FILE)))
 endif
 
 ifdef BOOTSTRAP
@@ -76,9 +44,11 @@ else
     SUB_DIRECTORIES = hipe parsetools asn1/src
   else
     ifdef TERTIARY_BOOTSTRAP
-      SUB_DIRECTORIES = snmp sasl jinterface ic syntax_tools
+      SUB_DIRECTORIES = snmp sasl jinterface ic syntax_tools wx
     else # Not bootstrap build
-      SUB_DIRECTORIES = $(ERTS_SUB_DIRECTORIES) $(OTHER_SUB_DIRECTORIES)
+      SUB_DIRECTORIES = $(ERTS_SUB_DIRECTORIES) \
+			$(OTHER_SUB_DIRECTORIES) \
+			$(EXTRA_APPLICATIONS)
     endif
   endif
 endif
diff --git a/lib/appmon/doc/src/appmon.xml b/lib/appmon/doc/src/appmon.xml
index ae6147a387..5af50daa53 100644
--- a/lib/appmon/doc/src/appmon.xml
+++ b/lib/appmon/doc/src/appmon.xml
@@ -32,6 +32,12 @@
   <module>appmon</module>
   <modulesummary>A graphical node and application process tree viewer.</modulesummary>
   <description>
+    <warning>
+      <p>
+	The Appmon application has been superseded by the Observer application.
+	Appmon will be removed in R16.
+      </p>
+    </warning>
     <p>The application monitor Appmon is a graphical utility used to
       supervise applications executing either locally or on remote nodes.
       The process tree of an application can furthermore be monitored.</p>
diff --git a/lib/appmon/doc/src/appmon_chapter.xml b/lib/appmon/doc/src/appmon_chapter.xml
index 0dab23b549..3f642ad002 100644
--- a/lib/appmon/doc/src/appmon_chapter.xml
+++ b/lib/appmon/doc/src/appmon_chapter.xml
@@ -31,6 +31,12 @@
 
   <section>
     <title>Introduction</title>
+    <warning>
+      <p>
+	The Appmon application has been superseded by the Observer application.
+	Appmon will be removed in R16.
+      </p>
+    </warning>
     <p>The application monitor Appmon is a graphical node and application viewer. The tool shows an overview of all applications on all known nodes, and it is possible to view the process tree for an application running on any of the nodes.</p>
     <note>
       <p>If the Appmon code is not available at a node, for example an
diff --git a/lib/appmon/doc/src/notes.xml b/lib/appmon/doc/src/notes.xml
index ace163bcad..c469880abd 100644
--- a/lib/appmon/doc/src/notes.xml
+++ b/lib/appmon/doc/src/notes.xml
@@ -30,6 +30,27 @@
   </header>
   <p>This document describes the changes made to the Appmon application.</p>
 
+<section><title>Appmon 2.1.14</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Appmon 2.1.13</title>
 
     <section><title>Improvements and New Features</title>
diff --git a/lib/appmon/src/appmon.erl b/lib/appmon/src/appmon.erl
index 2b982cddf0..7a6d86c9ab 100644
--- a/lib/appmon/src/appmon.erl
+++ b/lib/appmon/src/appmon.erl
@@ -17,6 +17,11 @@
 %% %CopyrightEnd%
 -module(appmon).
 -behaviour(gen_server).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,1}}]).
 
 %%%---------------------------------------------------------------------
 %%% Appmon main module.
diff --git a/lib/appmon/src/appmon_a.erl b/lib/appmon/src/appmon_a.erl
index b0b5847343..2c8185a85d 100644
--- a/lib/appmon/src/appmon_a.erl
+++ b/lib/appmon/src/appmon_a.erl
@@ -17,6 +17,11 @@
 %% %CopyrightEnd%
 %%
 -module(appmon_a).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,1}}]).
 
 %%----------------------------------------------------------------------
 %%
diff --git a/lib/appmon/src/appmon_lb.erl b/lib/appmon/src/appmon_lb.erl
index 4e433f37c5..55fda83027 100644
--- a/lib/appmon/src/appmon_lb.erl
+++ b/lib/appmon/src/appmon_lb.erl
@@ -29,6 +29,13 @@
 %%% then pressing the load button, its application window is started.
 
 -module(appmon_lb).
+-compile([{nowarn_deprecated_function,{gs,button,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,listbox,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 -export ([
 	  start/1, 
diff --git a/lib/appmon/src/appmon_txt.erl b/lib/appmon/src/appmon_txt.erl
index 4e1785c53f..8647bc9890 100644
--- a/lib/appmon/src/appmon_txt.erl
+++ b/lib/appmon/src/appmon_txt.erl
@@ -22,6 +22,11 @@
 %%------------------------------------------------------------
 
 -module(appmon_txt).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,1}}]).
 -export([start/0, start/1, print/1, fprint/1]).
 
 %% gen_server stuff
diff --git a/lib/appmon/src/appmon_web.erl b/lib/appmon/src/appmon_web.erl
index 7c0451c3c3..048f7fa165 100644
--- a/lib/appmon/src/appmon_web.erl
+++ b/lib/appmon/src/appmon_web.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/appmon/vsn.mk b/lib/appmon/vsn.mk
index fa17345daf..047f1eadc1 100644
--- a/lib/appmon/vsn.mk
+++ b/lib/appmon/vsn.mk
@@ -1 +1 @@
-APPMON_VSN = 2.1.13
+APPMON_VSN = 2.1.14
diff --git a/lib/asn1/c_src/asn1_erl_nif.c b/lib/asn1/c_src/asn1_erl_nif.c
index 9c9f83bc2a..accd368af1 100644
--- a/lib/asn1/c_src/asn1_erl_nif.c
+++ b/lib/asn1/c_src/asn1_erl_nif.c
@@ -580,7 +580,7 @@ int per_insert_bits_as_bits(int desired_no, int no_bytes,
 	unsigned char **input_ptr, unsigned char **output_ptr, int *unused) {
     unsigned char *in_ptr = *input_ptr;
     unsigned char val;
-    int no_bits, ret, ret2;
+    int no_bits, ret;
 
     if (desired_no == (no_bytes * 8)) {
 	if (per_insert_octets_unaligned(no_bytes, &in_ptr, output_ptr, *unused)
@@ -606,8 +606,7 @@ int per_insert_bits_as_bits(int desired_no, int no_bytes,
 		== ASN1_ERROR
 		)
 	    return ASN1_ERROR;
-	ret2 = per_pad_bits(desired_no - (no_bytes * 8), output_ptr, unused);
-	/*     printf("ret2 = %d\n\r",ret2); */
+	per_pad_bits(desired_no - (no_bytes * 8), output_ptr, unused);
 	ret = CEIL(desired_no,8);
 	/*     printf("ret = %d\n\r",ret); */
     }
diff --git a/lib/asn1/doc/src/Makefile b/lib/asn1/doc/src/Makefile
index 566173837c..20bd00a3b8 100644
--- a/lib/asn1/doc/src/Makefile
+++ b/lib/asn1/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/asn1/doc/src/notes.xml b/lib/asn1/doc/src/notes.xml
index 52d770c9f6..9b6c482c0a 100644
--- a/lib/asn1/doc/src/notes.xml
+++ b/lib/asn1/doc/src/notes.xml
@@ -31,6 +31,57 @@
   <p>This document describes the changes made to the asn1 application.</p>
 
 
+<section><title>Asn1 1.6.19</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    The linked-in driver used for ber decode and per encode
+	    has been replaced with nifs. To enable the usage of nifs
+	    pass the nif option to erlc or asn1rt:compile when
+	    compiling. If you previously used the linked-in driver,
+	    you have to recompile your ASN1 modules with the current
+	    version of asn1 application as the linked-in driver
+	    modules have been removed.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9419</p>
+        </item>
+        <item>
+          <p>
+	    A few of the heavy calculations which are done for
+	    encoding and decoding operations when dealing with
+	    SEQUENCE OF and DEFAULT in runtime have been moved to be
+	    done in compile time instead.</p>
+          <p>
+	    Own Id: OTP-9440</p>
+        </item>
+        <item>
+          <p>
+	    When compiling an ASN.1 ber module with the +nif option,
+	    the module will use a new nif for ber encoding,
+	    increasing performance by about 5%.</p>
+          <p>
+	    Own Id: OTP-9441</p>
+        </item>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Asn1 1.6.18</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/asn1/src/asn1ct_check.erl b/lib/asn1/src/asn1ct_check.erl
index e318477234..105fc02819 100644
--- a/lib/asn1/src/asn1ct_check.erl
+++ b/lib/asn1/src/asn1ct_check.erl
@@ -5253,6 +5253,9 @@ check_int(S,[{'NamedNumber',Id,Num}|T],Acc) when is_integer(Num) ->
 check_int(S,[{'NamedNumber',Id,{identifier,_,Name}}|T],Acc) ->
     Val = dbget_ex(S,S#state.mname,Name),
     check_int(S,[{'NamedNumber',Id,Val#valuedef.value}|T],Acc);
+check_int(S,[{'NamedNumber',Id,{'Externalvaluereference',_,Mod,Name}}|T],Acc) ->
+    Val = dbget_ex(S,Mod,Name),
+    check_int(S,[{'NamedNumber',Id,Val#valuedef.value}|T],Acc);
 check_int(_S,[],Acc) ->
     lists:keysort(2,Acc).
 
diff --git a/lib/asn1/src/asn1ct_constructed_ber.erl b/lib/asn1/src/asn1ct_constructed_ber.erl
index 77b78dcac7..360de77663 100644
--- a/lib/asn1/src/asn1ct_constructed_ber.erl
+++ b/lib/asn1/src/asn1ct_constructed_ber.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -1542,7 +1542,7 @@ mkfunname(Erule,TopType,Cname,WhatKind,DecOrEnc,Arity) ->
 	    F = lists:concat(["fun '",DecOrEnc,"_",EType,"'/",Arity]),
 	    {F, "?MODULE", F};
 	#'Externaltypereference'{module=Mod,type=EType} ->
-	    {lists:concat(["{'",Mod,"','",DecOrEnc,"_",EType,"'}"]),Mod,
+	    {lists:concat(["fun '",Mod,"':'",DecOrEnc,"_",EType,"'/",Arity]),Mod,
 	     lists:concat(["'",DecOrEnc,"_",EType,"'"])};
 	{constructed,bif} ->
 	    F =
diff --git a/lib/asn1/src/asn1ct_constructed_ber_bin_v2.erl b/lib/asn1/src/asn1ct_constructed_ber_bin_v2.erl
index 243ff234a7..2c4b44996d 100644
--- a/lib/asn1/src/asn1ct_constructed_ber_bin_v2.erl
+++ b/lib/asn1/src/asn1ct_constructed_ber_bin_v2.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/asn1/src/asn1ct_gen_ber_bin_v2.erl b/lib/asn1/src/asn1ct_gen_ber_bin_v2.erl
index 781271bae7..365bb84d52 100644
--- a/lib/asn1/src/asn1ct_gen_ber_bin_v2.erl
+++ b/lib/asn1/src/asn1ct_gen_ber_bin_v2.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2002-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/asn1/src/asn1ct_gen_per.erl b/lib/asn1/src/asn1ct_gen_per.erl
index b90a0adf81..8fd7a69a19 100644
--- a/lib/asn1/src/asn1ct_gen_per.erl
+++ b/lib/asn1/src/asn1ct_gen_per.erl
@@ -358,6 +358,10 @@ greatest_common_range2({_,Int},VR={_Lb,_Ub}) when is_integer(Int) ->
 greatest_common_range2({_,L},{Lb,Ub}) when is_list(L) ->
     Min = least_Lb([Lb|L]),
     Max = greatest_Ub([Ub|L]),
+    [{'ValueRange',{Min,Max}}];
+greatest_common_range2({Lb1,Ub1},{Lb2,Ub2}) ->
+    Min = least_Lb([Lb1,Lb2]),
+    Max = greatest_Ub([Ub1,Ub2]),
     [{'ValueRange',{Min,Max}}].
 
 mk_vr([{Type,I}]) when is_atom(Type), is_integer(I) ->
diff --git a/lib/asn1/src/asn1ct_gen_per_rt2ct.erl b/lib/asn1/src/asn1ct_gen_per_rt2ct.erl
index 1a0a0e211d..fb9613c18d 100644
--- a/lib/asn1/src/asn1ct_gen_per_rt2ct.erl
+++ b/lib/asn1/src/asn1ct_gen_per_rt2ct.erl
@@ -704,6 +704,10 @@ greatest_common_range([{_,Int}],VR=[{_,{_Lb,_Ub}}]) when is_integer(Int) ->
 greatest_common_range([{_,L}],[{_,{Lb,Ub}}]) when is_list(L) ->
     Min = least_Lb([Lb|L]),
     Max = greatest_Ub([Ub|L]),
+    [{'ValueRange',{Min,Max}}];
+greatest_common_range([{_,{Lb1,Ub1}}],[{_,{Lb2,Ub2}}]) ->
+    Min = least_Lb([Lb1,Lb2]),
+    Max = greatest_Ub([Ub1,Ub2]),
     [{'ValueRange',{Min,Max}}].
     
 
diff --git a/lib/asn1/src/asn1rt_per_bin_rt2ct.erl b/lib/asn1/src/asn1rt_per_bin_rt2ct.erl
index c7ead680ce..750b59aba6 100644
--- a/lib/asn1/src/asn1rt_per_bin_rt2ct.erl
+++ b/lib/asn1/src/asn1rt_per_bin_rt2ct.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/asn1/test/asn1_SUITE.erl.src b/lib/asn1/test/asn1_SUITE.erl.src
index 124ee2d2bb..3f51b125ec 100644
--- a/lib/asn1/test/asn1_SUITE.erl.src
+++ b/lib/asn1/test/asn1_SUITE.erl.src
@@ -96,7 +96,8 @@ all() -> [{group,compile},parse,default_per,default_ber,default_per_opt,per,
 	       testSSLspecs, testNortel,test_undecoded_rest,
 	       test_inline, testTcapsystem, testNBAPsystem,
 	       test_compile_options,testDoubleEllipses, test_modified_x420,
-	       testX420, test_x691,ticket_6143, testExtensionAdditionGroup
+	       testX420, test_x691,ticket_6143, testExtensionAdditionGroup,
+               test_OTP_9688
                ] ++ common() ++ particular().
 
 groups() -> 
@@ -2369,4 +2370,23 @@ test_modules() ->
 	 "LDAP"
 	].
 
-
+test_OTP_9688(Config) ->
+    Asn1Mod = "OTP-9688.asn1",
+    %%DataDir = ?config(data_dir,Config),     
+    PrivDir = ?config(priv_dir,Config),
+    Data = "
+OTP-9688 DEFINITIONS ::= BEGIN
+
+ foo INTEGER ::= 1
+ bar INTEGER ::= 42
+
+ Baz ::= INTEGER {x-y-z1(foo), x-y-z2(bar)}
+ Qux ::= SEQUENCE {flerpInfo SEQUENCE {x INTEGER (-10 | -9 | (0..4))} OPTIONAL}
+
+END
+",
+    File = filename:join(PrivDir,Asn1Mod),
+    ok = file:write_file(File, Data),
+    %% Does it compile with changes to asn1ct_check and asn1ct_gen_per_rt2ct?
+    %% (see ticket)
+    ok = asn1ct:compile(File, [{outdir, PrivDir}]).
diff --git a/lib/asn1/vsn.mk b/lib/asn1/vsn.mk
index b1132155e6..ae92fcb11b 100644
--- a/lib/asn1/vsn.mk
+++ b/lib/asn1/vsn.mk
@@ -1,2 +1,2 @@
 #next version number to use is 1.6.15 | 1.7 | 2.0
-ASN1_VSN = 1.6.18
+ASN1_VSN = 1.6.19
diff --git a/lib/common_test/doc/src/Makefile b/lib/common_test/doc/src/Makefile
index 964f7c76c1..d9651f13b0 100644
--- a/lib/common_test/doc/src/Makefile
+++ b/lib/common_test/doc/src/Makefile
@@ -61,6 +61,7 @@ XML_PART_FILES = part.xml
 
 XML_CHAPTER_FILES = \
 	basics_chapter.xml \
+	getting_started_chapter.xml \
 	install_chapter.xml \
 	write_test_chapter.xml \
 	test_structure_chapter.xml \
@@ -80,7 +81,10 @@ MAKE_EDOC = make_edoc
 
 BOOK_FILES = book.xml
 
-GIF_FILES =
+GIF_FILES = \
+	tc_execution.gif \
+	config.gif \
+	html_logs.gif
 
 INSTALL_NOTES = ../../notes.html
 
diff --git a/lib/common_test/doc/src/basics_chapter.xml b/lib/common_test/doc/src/basics_chapter.xml
index c1bb365b1f..20141d2561 100644
--- a/lib/common_test/doc/src/basics_chapter.xml
+++ b/lib/common_test/doc/src/basics_chapter.xml
@@ -28,54 +28,65 @@
     <rev></rev>
     <file>basics_chapter.xml</file>
   </header>
-
+  <marker id="basics"></marker>
   <section>
     <title>Introduction</title>
 
-    <p>
-      The Common Test framework (CT) is a tool which can support
-      implementation and automated execution of test cases towards different
-      types of target systems. The framework is based on the OTP Test
-      Server. Test cases can be run individually or in batches. Common
-      Test also features a distributed testing mode with central
-      control and logging. This feature makes it possible to test
-      multiple systems independently in one common session. This
-      can be very useful e.g. for running automated large-scale regression 
-      tests.
+    <p>The <em>Common Test</em> framework (CT) is a tool which supports
+      implementation and automated execution of test cases towards arbitrary
+      types of target systems. The CT framework is based on the OTP Test
+      Server and it's the main tool being used in all testing- and verification
+      activities that are part of Erlang/OTP system development- and maintenance.
+    </p>
+
+    <p>Test cases can be executed individually or in batches. Common Test
+      also features a distributed testing mode with central control and logging
+      (a feature that makes it possible to test multiple systems independently in
+      one common session, useful e.g. for running automated large-scale regression
+      tests).
     </p>
 
     <p>
       The SUT (System Under Test) may consist of one or several target
-      nodes.  CT contains a generic test server which together with
-      other test utilities is used to perform test case execution. 
-      It is possible to start the tests from the CT GUI or from an OS- or
-      Erlang shell prompt. <em>Test suites</em> are files (Erlang
+      nodes. CT contains a generic test server which, together with
+      other test utilities, is used to perform test case execution. 
+      It is possible to start the tests from a GUI or from the OS- or
+      Erlang shell. <em>Test suites</em> are files (Erlang
       modules) that contain the <em>test cases</em> (Erlang functions)
       to be executed. <em>Support modules</em> provide functions
       that the test cases utilize in order to carry out the tests.
     </p>
     
-    <p>
-      The main idea is that CT based test programs connect to
-      the target system(s) via standard O&amp;M interfaces. CT
-      provides implementations and wrappers of some of these O&amp;M
-      interfaces and will be extended with more interfaces later. 
-      There are a number of target independent interfaces
-      supported in CT such as Generic Telnet, FTP etc. which can be
-      specialized or used directly for controlling instruments, 
-      traffic generators etc.</p> 
+    <p>In a black-box testing scenario, CT based test programs connect to
+      the target system(s) via standard O&amp;M and CLI protocols. CT
+      provides implementations of, and wrapper interfaces to, some of these
+      protocols (most of which exist as stand-alone components and
+      applications in OTP). The wrappers simplify configuration and add
+      verbosity for logging purposes. CT will be continously extended with
+      useful support modules. (Note however that it's
+      a straightforward task to use any arbitrary Erlang/OTP component
+      for testing purposes with Common Test, without needing a CT wrapper
+      for it. It's as simple as calling Erlang functions). There
+      are a number of target independent interfaces supported in CT, such as
+      Generic Telnet, FTP, etc, which can be specialized or used
+      directly for controlling instruments, traffic load generators, etc.
+    </p> 
     
     <p>Common Test is also a very useful tool for white-box testing Erlang
-      code since the test programs can call Erlang API functions directly. 
-      For black-box testing Erlang software, Erlang RPC as well as 
-      standard O&amp;M interfaces can be used.
+      code (e.g. module testing), since the test programs can call exported Erlang
+      functions directly and there's very little overhead required for
+      implementing basic test suites and executing simple tests. For black-box
+      testing Erlang software, Erlang RPC as well as standard O&amp;M interfaces
+      can for example be used.
     </p>
     
     <p>A test case can handle several connections towards one or
       several target systems, instruments and traffic generators in
       parallel in order to perform the necessary actions for a
       test. The handling of many connections in parallel is one of
-      the major strengths of Common Test!      
+      the major strengths of Common Test (thanks to the efficient
+      support for concurrency in the Erlang runtime system - which CT users
+      can take great advantage of!).
     </p>
   </section>
 
@@ -186,7 +197,7 @@
     
     <taglist>
       <tag>all()</tag>
-        <item>Returns a list of all test cases in the suite. (Mandatory)</item>
+        <item>Returns a list of all test cases and groups in the suite. (Mandatory)</item>
       <tag>suite()</tag>
         <item>Info function used to return properties for the suite. (Optional)</item>
       <tag>groups()</tag>
@@ -197,12 +208,14 @@
       <tag>end_per_suite(Config)</tag>
         <item>Suite level configuration function, executed after the last 
 	test case. (Optional)</item>
+      <tag>group(GroupName)</tag>
+        <item>Info function used to return properties for a test case group. (Optional)</item>	
       <tag>init_per_group(GroupName, Config)</tag>
         <item>Configuration function for a group, executed before the first 
-	test case. (Mandatory if groups are defined)</item>
+	test case. (Optional)</item>
       <tag>end_per_group(GroupName, Config)</tag>
         <item>Configuration function for a group, executed after the last 
-	test case. (Mandatory if groups are defined)</item>
+	test case. (Optional)</item>
       <tag>init_per_testcase(TestCase, Config)</tag>
         <item>Configuration function for a testcase, executed before each 
 	test case. (Optional)</item>
diff --git a/lib/common_test/doc/src/common_test_app.xml b/lib/common_test/doc/src/common_test_app.xml
index f58b2ab0a9..c7f6c7ce5c 100644
--- a/lib/common_test/doc/src/common_test_app.xml
+++ b/lib/common_test/doc/src/common_test_app.xml
@@ -69,12 +69,25 @@
   
   <funcs>
     <func>
-      <name>Module:all() -> TestCases | {skip,Reason} </name>
-      <fsummary>Returns the list of all test cases in the module.</fsummary>
+      <name>Module:all() -> Tests | {skip,Reason} </name>
+      <fsummary>Returns the list of all test case groups and test cases
+	in the module.</fsummary>
       <type>
-	<v>TestCases = [atom() | {group,GroupName}]</v>
-	<v>Reason = term()</v>
+	<v>Tests = [TestCase | {group,GroupName} |
+	            {group,GroupName,Properties} |
+	            {group,GroupName,Properties,SubGroups}]</v>
+	<v>TestCase = atom()</v>
 	<v>GroupName = atom()</v>
+	<v>Properties = [parallel | sequence | Shuffle | {RepeatType,N}] |
+	                default</v>
+	<v>SubGroups = [{GroupName,Properties} |
+	                {GroupName,Properties,SubGroups}]</v>
+	<v>Shuffle = shuffle | {shuffle,Seed}</v>
+	<v>Seed = {integer(),integer(),integer()}</v>
+	<v>RepeatType = repeat | repeat_until_all_ok | repeat_until_all_fail |
+                        repeat_until_any_ok | repeat_until_any_fail</v>
+	<v>N = integer() | forever</v>
+	<v>Reason = term()</v>
       </type>
       
       <desc>	
@@ -85,9 +98,14 @@
 	  This list also specifies the order the cases and groups will
 	  be executed by Common Test. A test case is represented by an atom,
 	  the name of the test case function. A test case group is
-	  represented by a <c>{group,GroupName}</c> tuple, where 
-	  <c>GroupName</c>, an atom, is the name of the group (defined
-	  with <c>groups/0</c>).</p>
+	  represented by a <c>group</c> tuple, where <c>GroupName</c>,
+	  an atom, is the name of the group (defined in <c>groups/0</c>).
+	  Execution properties for groups may also be specified, both
+	  for a top level group and for any of its sub-groups.
+	  Group execution properties specified here, will override
+	  properties in the group definition (see <c>groups/0</c>).
+	  (With value <c>default</c>, the group definition properties
+	  will be used).</p>
 	
 	<p> If <c>{skip,Reason}</c> is returned, all test cases
           in the module will be skipped, and the <c>Reason</c> will
@@ -120,14 +138,16 @@
       <desc>	
 	<p> OPTIONAL </p>
 	
-	<p>See <seealso marker="write_test_chapter#test_case_groups">Test case 
+	<p>Function for defining test case groups. Please see
+	  <seealso marker="write_test_chapter#test_case_groups">Test case 
 	  groups</seealso> in the User's Guide for details.</p>      
       </desc>
     </func>
 
       <func>
 	<name>Module:suite() -> [Info] </name>
-	<fsummary>Test suite info function (providing default data for the suite).</fsummary>
+	<fsummary>Test suite info function (providing default data
+	  for the suite).</fsummary>
 	<type>
 	<v> Info = {timetrap,Time} | {require,Required} | 
 	    {require,Name,Required} | {userdata,UserData} |
@@ -160,11 +180,11 @@
 	  
 	<p>This is the test suite info function. It is supposed to 
 	  return a list of tagged tuples that specify various properties
-	  regarding the execution of this test suite (common for all
+	  related to the execution of this test suite (common for all
 	  test cases in the suite).</p>
 	  
 	<p>The <c>timetrap</c> tag sets the maximum time each
-	  test case is allowed to take (including <c>init_per_testcase/2</c>
+	  test case is allowed to execute (including <c>init_per_testcase/2</c>
 	  and <c>end_per_testcase/2</c>). If the timetrap time is
 	  exceeded, the test case fails with reason
 	  <c>timetrap_timeout</c>. If a <c>TimeFunc</c> function is specified,
@@ -172,9 +192,9 @@
 	  <c>TimeVal</c> format.</p>
 	
 	<p>The <c>require</c> tag specifies configuration variables
-	  that are required by test cases in the suite. If the required
-	  configuration variables are not found in any of the
-	  configuration files, all test cases are skipped. For more
+	  that are required by test cases (and/or configuration functions)
+	  in the suite. If the required configuration variables are not found
+	  in any of the configuration files, all test cases are skipped. For more
 	  information about the 'require' functionality, see the
 	  reference manual for the function
 	  <c>ct:require/[1,2]</c>.</p>
@@ -196,8 +216,9 @@
     </func>
 
       <func>
-	<name>Module:init_per_suite(Config) -> NewConfig | {skip,Reason} | {skip_and_save,Reason,SaveConfig}</name>
-	<fsummary>Test suite initialization.</fsummary>
+	<name>Module:init_per_suite(Config) -> NewConfig | {skip,Reason} |
+	  {skip_and_save,Reason,SaveConfig}</name>
+	<fsummary>Test suite initializations.</fsummary>
 	<type>
 	  <v> Config = NewConfig = SaveConfig = [{Key,Value}]</v>
 	  <v> Key = atom()</v>
@@ -208,15 +229,15 @@
 	  
 	  <p> OPTIONAL </p>
 	  
-	  <p>This function is called as the first function in the
-	  suite. It typically contains initialization which is common for
+	  <p>This configuration function is called as the first function in the
+	  suite. It typically contains initializations which are common for
 	  all test cases in the suite, and which shall only be done
-	  once. The <c>Config</c> parameter is the configuration
+	  once. The <c>Config</c> parameter is the configuration data
 	  which can be modified here. Whatever is returned from this
 	  function is given as <c>Config</c> to all configuration functions
 	  and test cases in the suite. If <c>{skip,Reason}</c> 
-	  is returned, all test cases in the suite will be skipped and <c>Reason</c> 
-	  printed in the overview log for the suite.</p>
+	  is returned, all test cases in the suite will be skipped
+	  and <c>Reason</c> printed in the overview log for the suite.</p>
 	  <p>For information on <c>save_config</c> and <c>skip_and_save</c>, 
 	  please see 
 	  <seealso marker="dependencies_chapter#save_config">Dependencies 
@@ -224,29 +245,106 @@
     </desc>      
     </func>
       
-      <func>
-	<name>Module:end_per_suite(Config) -> void() | {save_config,SaveConfig}</name>
-	<fsummary>Test suite finalization. </fsummary>
-	<type>
-	  <v> Config = SaveConfig = [{Key,Value}]</v>
-	  <v> Key = atom()</v>
-	  <v> Value = term()</v>
-	</type>
+    <func>
+      <name>Module:end_per_suite(Config) -> void() | 
+	{save_config,SaveConfig}</name>
+      <fsummary>Test suite finalization. </fsummary>
+      <type>
+	<v> Config = SaveConfig = [{Key,Value}]</v>
+	<v> Key = atom()</v>
+	<v> Value = term()</v>
+      </type>
+      
+      <desc>	
+	<p> OPTIONAL </p>
 	
+	<p>This function is called as the last test case in the
+	  suite. It is meant to be used for cleaning up after
+	  <c>init_per_suite/1</c>.
+	  For information on <c>save_config</c>, please see 
+	  <seealso marker="dependencies_chapter#save_config">Dependencies
+	    between Test Cases and Suites</seealso> in the User's Guide.</p>
+      </desc>
+    </func>
+
+    <func>
+      <name>Module:group(GroupName) -> [Info] </name>
+      <fsummary>Test case group info function (providing default data
+	for a test case group, i.e. its test cases and sub-groups).</fsummary>
+      <type>
+	<v> Info = {timetrap,Time} | {require,Required} | 
+	  {require,Name,Required} | {userdata,UserData} |
+	  {silent_connections,Conns} | {stylesheet,CSSFile} | 
+	  {ct_hooks, CTHs}</v>
+	<v> Time = TimeVal | TimeFunc</v>
+	<v> TimeVal = MilliSec | {seconds,integer()} | {minutes,integer()} |
+	  {hours,integer()}</v>
+	<v> TimeFunc = {Mod,Func,Args} | Fun</v>
+	<v> MilliSec = integer()</v>
+	<v> Mod = atom()</v>
+	<v> Func = atom()</v>
+	<v> Args = list()</v>
+	<v> Fun = fun()</v>
+	<v> Required = Key | {Key,SubKeys}</v>
+	<v> Key = atom()</v>
+	<v> SubKeys = SubKey | [SubKey]</v>
+	<v> SubKey = atom()</v>
+	<v> Name = atom()</v>
+	<v> UserData = term()</v>
+	<v> Conns = [atom()]</v>
+	<v> CSSFile = string()</v>
+	<v> CTHs = [CTHModule | {CTHModule, CTHInitArgs} |
+	  {CTHModule, CTHInitArgs, CTHPriority}]</v>
+	<v> CTHModule = atom()</v>
+	<v> CTHInitArgs = term()</v>
+	</type>
 	<desc>	
+	  
 	  <p> OPTIONAL </p>
 	  
-	  <p>This function is called as the last test case in the
-	    suite. It is meant to be used for cleaning up after <c>init_per_suite/1</c>.
-	    For information on <c>save_config</c>, please see 
-	    <seealso marker="dependencies_chapter#save_config">Dependencies between 
-	    Test Cases and Suites</seealso> in the User's Guide.</p>
-    </desc>
+	<p>This is the test case group info function. It is supposed to 
+	  return a list of tagged tuples that specify various properties
+	  related to the execution of a test case group (i.e. its test cases
+	  and sub-groups). Properties set by <c>groups/1</c> override
+	  properties with the same key that have been previously set by
+	  <c>suite/0</c>.</p>
+	  
+	<p>The <c>timetrap</c> tag sets the maximum time each
+	  test case is allowed to execute (including <c>init_per_testcase/2</c>
+	  and <c>end_per_testcase/2</c>). If the timetrap time is
+	  exceeded, the test case fails with reason
+	  <c>timetrap_timeout</c>. If a <c>TimeFunc</c> function is specified,
+	  it will be called initially and must return a value on
+	  <c>TimeVal</c> format.</p>
+	
+	<p>The <c>require</c> tag specifies configuration variables
+	  that are required by test cases (and/or configuration functions)
+	  in the suite. If the required configuration variables are not found
+	  in any of the configuration files, all test cases in this group are skipped.
+	  For more information about the 'require' functionality, see the
+	  reference manual for the function
+	  <c>ct:require/[1,2]</c>.</p>
+
+	<p>With <c>userdata</c>, it is possible for the user to
+	  specify arbitrary test case group related information which can be 
+	  read by calling <c>ct:userdata/2</c>.</p>
+
+	  <p>The <c>ct_hooks</c> tag specifies which 
+	  <seealso marker="ct_hooks_chapter">Common Test Hooks</seealso>
+	  are to be run together with this suite.</p>
+	
+	<p>Other tuples than the ones defined will simply be ignored.</p>
+
+	<p>For more information about the test case group info function,
+	  see <seealso marker="write_test_chapter#suite">Test
+	  case group info function</seealso> in the User's Guide.</p>
+    </desc>      
     </func>
 
       <func>
-	<name>Module:init_per_group(GroupName, Config) -> NewConfig | {skip,Reason}</name>
-	<fsummary>Test case group initialization.</fsummary>
+	<name>Module:init_per_group(GroupName, Config) -> NewConfig |
+	  {skip,Reason}</name>
+	<fsummary>Test case group initializations.</fsummary>
 	<type>
 	  <v> GroupName = atom()</v>
 	  <v> Config = NewConfig = [{Key,Value}]</v>
@@ -258,16 +356,16 @@
 	  
 	  <p> OPTIONAL </p>
 	  
-	  <p>This function is called before execution of a test case group.
-	  It typically contains initialization which is common for
-	  all test cases in the group, and which shall only be performed
-	  once. <c>GroupName</c> is the name of the group, as specified in
-	  the group definition (see <c>groups/0</c>). The <c>Config</c> 
-	  parameter is the configuration which can be modified here. 
-	  Whatever is returned from this function is given as <c>Config</c> 
-	  to all test cases in the group. If <c>{skip,Reason}</c> is returned, 
-	  all test cases in the group will be skipped and <c>Reason</c> printed
-	  in the overview log for the group.</p>
+	  <p>This configuration function is called before execution of a
+	    test case group. It typically contains initializations which are 
+	    common for all test cases and sub-groups in the group, and which
+	    shall only be performed once. <c>GroupName</c> is the name of the
+	    group, as specified in the group definition (see <c>groups/0</c>). The
+	    <c>Config</c> parameter is the configuration data which can be modified
+	    here. The return value of this function is given as <c>Config</c> 
+	    to all test cases and sub-groups in the group. If <c>{skip,Reason}</c>
+	    is returned, all test cases in the group will be skipped and
+	    <c>Reason</c> printed in the overview log for the group.</p>
 
 	  <p>For information about test case groups, please see 
 	    <seealso marker="write_test_chapter#test_case_groups">Test case 
@@ -276,7 +374,8 @@
     </func>
       
       <func>
-	<name>Module:end_per_group(GroupName, Config) -> void() | {return_group_result,Status}</name>
+	<name>Module:end_per_group(GroupName, Config) -> void() |
+	  {return_group_result,Status}</name>
 	<fsummary>Test case group finalization.</fsummary>
 	<type>
 	  <v> GroupName = atom()</v>
@@ -305,7 +404,7 @@
 
       <func>
 	<name>Module:init_per_testcase(TestCase, Config) -> NewConfig | {fail,Reason} | {skip,Reason}</name>
-	<fsummary>Test case initialization.</fsummary>
+	<fsummary>Test case initializations.</fsummary>
 	<type>
 	  <v> TestCase = atom()</v>
 	  <v> Config = NewConfig = [{Key,Value}]</v>
@@ -385,10 +484,13 @@
 	  
 	<p>This is the test case info function. It is supposed to 
 	  return a list of tagged tuples that specify various properties
-	  regarding the execution of this particular test case.</p>
+	  related to the execution of this particular test case.
+	  Properties set by <c>Testcase/0</c> override
+	  properties that have been previously set for the test case
+	  by <c>group/1</c> or <c>suite/0</c>.</p>
 	  
 	<p>The <c>timetrap</c> tag sets the maximum time the
-	  test case is allowed to take. If the timetrap time is
+	  test case is allowed to execute. If the timetrap time is
 	  exceeded, the test case fails with reason
 	  <c>timetrap_timeout</c>. <c>init_per_testcase/2</c>
 	  and <c>end_per_testcase/2</c> are included in the
@@ -397,16 +499,16 @@
 	  and must return a value on <c>TimeVal</c> format.</p>
 	
 	<p>The <c>require</c> tag specifies configuration variables
-	  that are required by the test case. If the required
-	  configuration variables are not found in any of the
+	  that are required by the test case (and/or <c>init/end_per_testcase/2</c>).
+	  If the required configuration variables are not found in any of the
 	  configuration files, the test case is skipped. For more
 	  information about the 'require' functionality, see the
 	  reference manual for the function
 	  <c>ct:require/[1,2]</c>.</p>
 
 	<p>If <c>timetrap</c> and/or <c>require</c> is not set, the
-	  default values specified in the <c>suite/0</c> return list
-	  will be used.</p>
+	  default values specified by <c>suite/0</c> (or
+	  <c>group/1</c>) will be used.</p>
 
 	<p>With <c>userdata</c>, it is possible for the user to
 	  specify arbitrary test case related information which can be 
@@ -438,12 +540,12 @@
 	<p>This is the implementation of a test case. Here you must
 	  call the functions you want to test, and do whatever you
 	  need to check the result. If something fails, make sure the
-	  function causes a runtime error, or call <c>ct:fail/[0,1]</c> 
-	  (which also causes the test case process to crash).</p>
+	  function causes a runtime error, or call <c>ct:fail/1/2</c> 
+	  (which also causes the test case process to terminate).</p>
 	
-	<p>Elements from the <c>Config</c> parameter can be read
-	  with the <c>?config</c> macro. The <c>config</c>
-	  macro is defined in <c>ct.hrl</c></p>
+	<p>Elements from the <c>Config</c> list can e.g. be read
+	  with <c>proplists:get_value/2</c> (or the macro <c>?config</c>
+	  defined in <c>ct.hrl</c>).</p>
 
 	<p>You can return <c>{skip,Reason}</c> if you decide not to
 	  run the test case after all. <c>Reason</c> will then be
diff --git a/lib/common_test/doc/src/config.gif b/lib/common_test/doc/src/config.gif
new file mode 100644
index 0000000000..ac8006c4fb
--- /dev/null
+++ b/lib/common_test/doc/src/config.gif
diff --git a/lib/common_test/doc/src/config_file_chapter.xml b/lib/common_test/doc/src/config_file_chapter.xml
index 6fc6638bf7..6a860bb58b 100644
--- a/lib/common_test/doc/src/config_file_chapter.xml
+++ b/lib/common_test/doc/src/config_file_chapter.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2004</year><year>2010</year>
+      <year>2004</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/common_test/doc/src/ct_hooks_chapter.xml b/lib/common_test/doc/src/ct_hooks_chapter.xml
index bac0c4eaa8..8505ee8469 100644
--- a/lib/common_test/doc/src/ct_hooks_chapter.xml
+++ b/lib/common_test/doc/src/ct_hooks_chapter.xml
@@ -108,9 +108,10 @@
     </section>
    
     <section>
-      <title>CTH Priority</title>
+      <title>CTH Execution order</title>
       <p>By default each CTH installed will be executed in the order which
-      they are installed. This is not always wanted so common_test allows 
+      they are installed for init calls, and then reversed for end calls.
+      This is not always wanted so common_test allows
       the user to specify a priority for each hook. The priority can either
       be specified in the CTH <seealso marker="ct_hooks#Module:init-2">init/2
       </seealso> function or when installing the hook. The priority given at
diff --git a/lib/common_test/doc/src/ct_run.xml b/lib/common_test/doc/src/ct_run.xml
index 9045646733..b01ab3667d 100644
--- a/lib/common_test/doc/src/ct_run.xml
+++ b/lib/common_test/doc/src/ct_run.xml
@@ -4,7 +4,7 @@
 <comref>
   <header>
     <copyright>
-      <year>2007</year><year>2010</year>
+      <year>2007</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/common_test/doc/src/event_handler_chapter.xml b/lib/common_test/doc/src/event_handler_chapter.xml
index b41b233ce6..a5886b9687 100644
--- a/lib/common_test/doc/src/event_handler_chapter.xml
+++ b/lib/common_test/doc/src/event_handler_chapter.xml
@@ -174,6 +174,16 @@
 	are also given.
 	</p></item>
 
+      <item><c>#event{name = tc_logfile, data = {{Suite,Func},LogFileName}}</c>
+        <p><c>Suite = atom()</c>, name of the test suite.</p>
+        <p><c>Func = atom()</c>, name of test case or configuration function.</p>
+        <p><c>LogFileName = string()</c>, full name of test case log file.</p>
+        <p>This event is sent at the start of each test case (and configuration function
+	  except <c>init/end_per_testcase</c>) and carries information about the
+	  full name (i.e. the file name including the absolute directory path) of
+	  the current test case log file.
+	</p></item>
+
       <marker id="tc_done"/>
       <item><c>#event{name = tc_done, data = {Suite,FuncOrGroup,Result}}</c>
         <p><c>Suite = atom()</c>, name of the suite.</p>
diff --git a/lib/common_test/doc/src/getting_started_chapter.xml b/lib/common_test/doc/src/getting_started_chapter.xml
new file mode 100644
index 0000000000..7de0912036
--- /dev/null
+++ b/lib/common_test/doc/src/getting_started_chapter.xml
@@ -0,0 +1,230 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>2007</year><year>2010</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+
+    </legalnotice>
+
+    <title>Getting Started</title>
+    <prepared>Peter Andersson</prepared>
+    <docno></docno>
+    <date>2011-12-12</date>
+    <rev></rev>
+    <file>getting_started_chapter.xml</file>
+  </header>
+
+  <section>
+    <title>Are you new around here?</title>
+    <p>
+      The purpose of this short chapter is to, with a "learning by example"
+      approach, give the newcomer a chance to get started quickly writing and
+      executing some first simple tests. The chapter will introduce some of the
+      basics, but leave most explanations and details for the later
+      chapters in this User's Guide. Hopefully though, after this chapter, you
+      will be inspired and unintimidated enough to go on and get into the
+      nitty-gritty that follows in this rather heavy User's Guide! If you're
+      not much into "learning by example" and prefer to get into more technical
+      detail right away, go ahead and skip to the next chapter. Again, the basics
+      presented here will be covered in detail in later chapters.
+    </p>
+    <p>
+      This chapter also tries to demonstrate how dead simple it actually is
+      to write a very basic (yet for many module testing purposes, often sufficiently
+      complex) test suite, and execute its test cases. This is not necessarily
+      obvious when you read the rest of the chapters in the User's Guide.
+    </p>
+    <p>
+      A quick note before we start: In order to understand what's discussed and
+      examplified here, it is recommended that you first read through the
+      opening <seealso marker="basics_chapter#basics">Common Test Basics</seealso>
+      chapter.
+    </p>
+    </section>
+
+    <section>
+    <title>Test case execution</title>
+    <p>Execution of test cases is handled this way:</p>
+    
+    <p>
+    <image file="tc_execution.gif">
+      <icaption>
+	Successful vs unsuccessful test case execution.
+      </icaption>
+    </image>
+    </p>
+
+    <p>For each test case that Common Test is told to execute, it spawns a
+      dedicated process on which the test case function in question starts
+      running. (In parallel to the test case process, an idle waiting timer
+      process is started which is linked to the test case process. If the timer
+      process runs out of waiting time, it sends an exit signal to terminate
+      the test case process and this is what's called a <em>timetrap</em>).
+    </p>
+    <p>In scenario 1, the test case process terminates normally after case A has
+      finished executing its test code without detecting any errors. The test
+      case function simply returns a value and Common Test logs the test case as
+      successful.
+    </p>
+    <p>In scenario 2, an error is detected during test case execution
+      which causes the test case B function to generate an exception.
+      This causes the test case process to exit with reason
+      other than normal, and as a result, Common Test will log this as an
+      unsuccessful test case.
+    </p>
+    <p>As you can understand from the illustration above, Common Test requires
+      that a test case generates a runtime error to indicate failure (e.g.
+      by causing a bad match error or by calling <c>exit/1</c>, preferrably
+      through the <c>ct:fail/1/2</c> help function). A succesful execution is
+      indicated by means of a normal return from the test case function.
+    </p>
+    </section>
+
+    <section>
+    <title>A simple test suite</title>
+    <p>As you've seen in the basics chapter, the test suite module implements
+      callback functions (mandatory or optional) for various purposes, e.g:
+      <list>
+	<item>Init/end configuration function for the test suite</item>
+	<item>Init/end configuration function for a test case</item>
+	<item>Init/end configuration function for a test case group</item>
+	<item>Test cases</item>
+      </list>
+      The configuration functions are optional and if you don't need them for
+      your test, a test suite with one simple test case could look like this:
+    </p>
+    <pre>
+      -module(my1st_SUITE).
+      -compile(export_all).
+
+      all() ->
+          [mod_exists].
+
+      mod_exists(_) ->
+          {module,mymod} = code:load_file(mymod).</pre>
+    <p>
+      In this example we check that the <c>mymod</c> module exists (i.e. can be
+      successfully loaded by the code server). If the operation fails, we will
+      get a bad match error which terminates the test case.
+    </p>
+    </section>
+
+    <section>
+    <title>A test suite with configuration functions</title>
+    <p>
+      If we need to perform configuration operations in order to run our test, we
+      implement configuration functions in our suite. The result from a
+      configuration function is configuration data, or simply <em><c>Config</c></em>.
+      This is a list of key-value tuples which get passed from the configuration
+      function to the test cases (possibly through configuration functions on
+      "lower level"). The data flow looks like this:
+    </p>
+
+    <p>
+    <image file="config.gif">
+      <icaption>
+	Config data flow in the suite.
+      </icaption>
+    </image>
+    </p>
+
+    <p>
+      Here's an example of a test suite which uses configuration functions
+      to open and close a log file for the test cases (an operation that would
+      be unnecessary and irrelevant to perform by each test case):
+    </p>
+    <pre>
+      -module(check_log_SUITE).
+      -export([all/0, init_per_suite/1, end_per_suite/1]).
+      -export([check_restart_result/1, check_no_errors/1]).
+      
+      -define(value(Key,Config), proplists:get_value(Key,Config)).
+
+      all() -> [check_restart_result, check_no_errors].
+
+      init_per_suite(InitConfigData) ->
+          [{logref,open_log()} | InitConfigData].
+
+      end_per_suite(ConfigData) ->
+          close_log(?value(logref, ConfigData)).
+
+      check_restart_result(ConfigData) ->
+          TestData = read_log(restart, ?value(logref, ConfigData)),
+          {match,_Line} = search_for("restart successful", TestData).
+      
+      check_no_errors(ConfigData) ->
+          TestData = read_log(all, ?value(logref, ConfigData)),
+          case search_for("error", TestData) of
+              {match,Line} -> ct:fail({error_found_in_log,Line});
+              nomatch -> ok
+          end.</pre>
+    <p>
+      In this example we have test cases that verify, by parsing a
+      log file, that our SUT has performed a successful restart and
+      that no unexpected errors have been printed.
+    </p>
+
+    <p>To execute the test cases in the test suite above, we could type this on
+      the Unix/Linux command line (assuming for this example that the suite module
+      is in the current working directory):
+    </p>
+    <pre>
+      $ ct_run -dir .</pre>
+    <p>or</p>
+    <pre>
+    $ ct_run -suite check_log_SUITE</pre>
+
+    <p>If we want to use the Erlang shell to run our test, we could evaluate this call:
+    </p>
+    <pre>
+      1> ct:run_test([{dir, "."}]).</pre>
+    <p>or</p>
+    <pre>
+      1> ct:run_test([{suite, "check_log_SUITE"}]).</pre>
+    <p>
+      The result from running our test is printed in log files on HTML format
+      (stored in unique log directories on different level). This illustration
+      shows the log file structure:
+    </p>
+
+    <p>
+    <image file="html_logs.gif">
+      <icaption>
+	HTML log file structure.
+      </icaption>
+    </image>
+    </p>
+  </section>
+
+  <section>
+    <title>What happens next?</title>
+    <p>
+      You will find detailed information about the basics introduced here in this
+      chapter in the following chapters in the User's Guide, as well as
+      presentations of many more useful features. Have fun!
+    </p>
+    </section>
+</chapter>
+
+
+
+
+
+
+
+
diff --git a/lib/common_test/doc/src/html_logs.gif b/lib/common_test/doc/src/html_logs.gif
new file mode 100644
index 0000000000..3a3fd86bde
--- /dev/null
+++ b/lib/common_test/doc/src/html_logs.gif
diff --git a/lib/common_test/doc/src/notes.xml b/lib/common_test/doc/src/notes.xml
index af96ef621f..da0b6b2d65 100644
--- a/lib/common_test/doc/src/notes.xml
+++ b/lib/common_test/doc/src/notes.xml
@@ -32,6 +32,163 @@
     <file>notes.xml</file>
     </header>
 
+<section><title>Common_Test 1.6</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    A Getting Started chapter has been added to the Common
+	    Test User's Guide.</p>
+          <p>
+	    Own Id: OTP-9156</p>
+        </item>
+        <item>
+          <p>
+	    The test case group info function has been implemented in
+	    Common Test. Before execution of a test case group, a
+	    call is now made to <c>TestSuite:group(GroupName)</c>.
+	    The function returns a list of test properties, e.g. to
+	    specify timetrap values, require configuration data, etc
+	    (analogue to the test suite- and test case info
+	    function). The scope of the properties set by
+	    <c>group(GroupName)</c> is all test cases and sub-groups
+	    of group <c>GroupName</c>.</p>
+          <p>
+	    Own Id: OTP-9235</p>
+        </item>
+        <item>
+          <p>
+	    Common Test hooks are now in a final supported version.
+	    The Common Test hooks allow you to abstract out
+	    initialization behaviour that is common to multiple test
+	    suites into one place and also extend the behaviour of a
+	    suite without changing the suite itself. For more
+	    information see the Common Test user's guide.</p>
+          <p>
+	    Own Id: OTP-9449</p>
+        </item>
+        <item>
+          <p>
+	    A new built-in common test hook has been added which
+	    captures error_logger and SASL event and prints them in
+	    the testcase log. To disable this (and any other built-in
+	    hooks) pass 'enable_builtin_hooks false' to common test.</p>
+          <p>
+	    Own Id: OTP-9543</p>
+        </item>
+        <item>
+          <p>
+	    Common Test now calls info functions also for the
+	    <c>init/end_per_suite/1</c> and
+	    <c>init/end_per_group/2</c> configuration functions.
+	    These can be used e.g. to set timetraps and require
+	    external configuration data relevant only for the
+	    configuration functions in question (without affecting
+	    properties set for groups and test cases in the suite).
+	    The info function for <c>init/end_per_suite(Config)</c>
+	    is <c>init/end_per_suite()</c>, and for
+	    <c>init/end_per_group(GroupName,Config)</c> it's
+	    <c>init/end_per_group(GroupName)</c>. Info functions can
+	    not be used with <c>init/end_per_testcase(TestCase,
+	    Config)</c>, since these configuration functions execute
+	    on the test case process and will use the same properties
+	    as the test case (i.e. properties set by the test case
+	    info function, <c>TestCase()</c>).</p>
+          <p>
+	    Own Id: OTP-9569</p>
+        </item>
+        <item>
+          <p>
+	    It's now possible to read the full name of the test case
+	    log file during execution. One way to do this is to
+	    lookup it up as value of the key <c>tc_logfile</c> in the
+	    test case <c>Config</c> list (which means it can also be
+	    read by a pre- or post Common Test hook function). The
+	    data is also sent with the event
+	    <c>#event{name=tc_logfile,data={{Suite,Func},LogFileName}}</c>,
+	    and can be read by any installed event handler.</p>
+          <p>
+	    Own Id: OTP-9676 Aux Id: seq11941 </p>
+        </item>
+        <item>
+          <p>
+	    The look of the HTML log files generated by Common Test
+	    and Test Server has been improved (and made easier to
+	    customize) by means of a CSS file.</p>
+          <p>
+	    Own Id: OTP-9706</p>
+        </item>
+        <item>
+          <p>
+	    Functions ct:fail(Format, Args) and ct:comment(Format,
+	    Args) have been added in order to make printouts of
+	    formatted error and comment strings easier (no need for
+	    the user to call io_lib:format/2 explicitly).</p>
+          <p>
+	    Own Id: OTP-9709 Aux Id: seq11951 </p>
+        </item>
+        <item>
+          <p>
+	    The order in which ct hooks are executed for cleanup
+	    hooks (i.e. *_end_per_* hooks) has been reversed.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9774 Aux Id: seq11913 </p>
+        </item>
+        <item>
+          <p>
+	    Printouts to stdout may be captured during test case
+	    execution. This is useful in order to e.g. read and parse
+	    tty printouts from the SUT during test case execution (if
+	    necessary, say, to determine the outcome of the test).
+	    The capturing session is started with
+	    <c>ct:capture_start/0</c>, and stopped with
+	    <c>ct:capture_stop/0</c>. The list of buffered strings is
+	    read and purged with <c>ct:capture_get/0/1</c>. It's
+	    possible to filter out printouts made with
+	    <c>ct:log/2/3</c> and <c>ct:pal/2/3</c> from the captured
+	    list of strings. This is done by calling
+	    <c>capture_get/1</c> with a list of log categories to
+	    exclude.</p>
+          <p>
+	    Own Id: OTP-9775</p>
+        </item>
+        <item>
+          <p>
+	    The syntax for specifying test case groups in the all/0
+	    list has been extended to include execution properties
+	    for both groups and sub-groups. The properties specified
+	    in all/0 for a group overrides the properties specified
+	    in the group declaration (in groups/0). The main purpose
+	    of this extension is to make it possible to run the same
+	    set of tests, but with different properties, without
+	    having to declare copies of the group in question. Also,
+	    the same syntax may be used in test specifications in
+	    order to change properties of groups at the time of
+	    execution, without having to edit the test suite. Please
+	    see the User's Guide for details and examples.</p>
+          <p>
+	    Own Id: OTP-9809 Aux Id: OTP-9235 </p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Known Bugs and Problems</title>
+      <list>
+        <item>
+          <p>
+	    Fix problems in CT/TS due to line numbers in exceptions.</p>
+          <p>
+	    Own Id: OTP-9203</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Common_Test 1.5.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/common_test/doc/src/part.xml b/lib/common_test/doc/src/part.xml
index 3284bcadaa..a74185221d 100644
--- a/lib/common_test/doc/src/part.xml
+++ b/lib/common_test/doc/src/part.xml
@@ -65,6 +65,7 @@
   </description>
 
   <xi:include href="basics_chapter.xml"/>
+  <xi:include href="getting_started_chapter.xml"/>
   <xi:include href="install_chapter.xml"/>
   <xi:include href="write_test_chapter.xml"/>
   <xi:include href="test_structure_chapter.xml"/>
diff --git a/lib/common_test/doc/src/run_test_chapter.xml b/lib/common_test/doc/src/run_test_chapter.xml
index 57059f0ba2..848f278fa6 100644
--- a/lib/common_test/doc/src/run_test_chapter.xml
+++ b/lib/common_test/doc/src/run_test_chapter.xml
@@ -412,6 +412,16 @@
       the way from <c>init_per_suite</c> down to the test cases in the
       sub group).</p>
 
+    <p>With the <c>GroupSpec</c> element (below) it's possible to specify
+      group execution properties that will override those specified in the
+      group definition (i.e. in <c>groups/0</c>). Execution properties for
+      sub-groups may be overridden as well. This feature makes it possible to
+      change properties of groups at the time of execution,
+      without even having to edit the test suite. More detailed documentation,
+      and examples, can be found in the
+      <seealso marker="write_test_chapter#test_case_groups">
+      Test case groups</seealso> chapter.</p>
+
     <p>Below is the test specification syntax. Test specifications can
       be used to run tests both in a single test host environment and
       in a distributed Common Test environment (Large Scale
@@ -475,8 +485,8 @@
       {groups, DirRef, Suite, Groups}.
       {groups, NodeRefsDirRef, Suite, Groups}.
 
-      {groups, DirRef, Suite, Group, {cases,Cases}}.
-      {groups, NodeRefsDirRef, Suite, Group, {cases,Cases}}.
+      {groups, DirRef, Suite, GroupSpec, {cases,Cases}}.
+      {groups, NodeRefsDirRef, Suite, GroupSpec, {cases,Cases}}.
 
       {cases, DirRef, Suite, Cases}.                           
       {cases, NodeRefs, DirRef, Suite, Cases}.
@@ -510,7 +520,8 @@
       DirRef        = DirAlias | Dir
       Suites        = atom() | [atom()] | all
       Suite         = atom()
-      Groups        = atom() | [atom()] | all
+      Groups        = GroupSpec | [GroupSpec] | all
+      GroupSpec     = Group | {Group,Properties} | {Group,Properties,GroupSpec}
       Group         = atom()
       Cases         = atom() | [atom()] | all
       Comment       = string() | ""
@@ -644,14 +655,25 @@
 	to each individual test case log file for quick viewing with an HTML 
 	browser.</p>
       
-      <p>The minor log file contain full details of every single test
-	case, each one in a separate file. This way the files should
-	be easy to compare with previous test runs, even if the set of
-	test cases change. If SASL is running those logs will also be
-        printed there by the
+      <p>The minor log files contain full details of every single test
+	case, each one in a separate file. This way, it should be
+	straightforward	to compare the latest results to that of previous
+	test runs, even if the set of test cases changes. If SASL is running,
+	its logs will also be printed to the current minor log file by the
 	<seealso marker="common_test:ct_hooks_chapter#builtin_cths">
 	  cth_log_redirect built-in hook</seealso>.
-        </p>
+      </p>
+
+      <p>The full name of the minor log file (i.e. the name of the file
+	including the absolute directory path) can be read during execution
+	of the test case. It comes as value in the tuple
+	<c>{tc_logfile,LogFileName}</c> in the <c>Config</c> list (which means it
+	can also be read by a pre- or post Common Test hook function). Also,
+	at the start of a test case, this data is sent with an event
+	to any installed event handler.	Please see the
+	<seealso marker="event_handler_chapter#event_handling">Event Handling</seealso>
+	chapter for details.
+      </p>
       
       <p>Which information goes where is user configurable via the
 	test server controller. Three threshold values determine what
@@ -693,8 +715,15 @@
       <section>
 	<marker id="html_stylesheet"></marker>
 	<title>HTML Style Sheets</title>
-	<p>Common Test includes the <em>optional</em> feature to use
-	  HTML style sheets (CSS) for customizing user printouts. The
+	<p>Common Test uses a CSS file to control the look of the HTML
+	  files generated during test runs. If, for some reason, the
+	  log files are not displayed correctly in the HTML browser of your
+	  choice, or you prefer the "pre Common Test v1.6 look"
+	  of the log files (i.e. not using CSS), use the start flag/option
+	  <c>basic_html</c> to revert to the old style.</p>
+	  
+	<p>Common Test includes an <em>optional</em> feature to allow
+	  user HTML style sheets for customizing printouts. The
 	  functions in <c>ct</c> that print to a test case HTML log
 	  file (<c>log/3</c> and <c>pal/3</c>) accept <c>Category</c>
 	  as first argument. With this argument it's possible to
@@ -708,22 +737,16 @@
 	  look like this:</p>
 
 	<pre>
-&lt;style&gt;
-  div.ct_internal { background:lightgrey; color:black }
-  div.default     { background:lightgreen; color:black }
-  div.sys_config  { background:blue; color:white }
-  div.sys_state   { background:yellow; color:black }
-  div.error       { background:red; color:white }
-&lt;/style&gt;
-	</pre>
+	  div.sys_config  { background:blue; color:white }
+	  div.sys_state   { background:yellow; color:black }
+	  div.error       { background:red; color:white }</pre>
 
 	<p>To install the CSS file (Common Test inlines the definition in the 
 	  HTML code), the name may be provided when executing <c>ct_run</c>.
 	  Example:</p>
 
 	<pre>
-	  $ ct_run -dir $TEST/prog -stylesheet $TEST/styles/test_categories.css
-	</pre>
+	  $ ct_run -dir $TEST/prog -stylesheet $TEST/styles/test_categories.css</pre>
 
 	  <p>Categories in a CSS file installed with the <c>-stylesheet</c> flag
 	    are on a global test level in the sense that they can be used in any 
@@ -744,8 +767,7 @@
 	      ct:log(sys_state, "Connections: ~p", [ConnectionInfo]),
 	      ...
 	      ct:pal(error, "Error ~p detected! Info: ~p", [SomeFault,ErrorInfo]),
-	      ct:fail(SomeFault).
-	  </pre>
+	      ct:fail(SomeFault).</pre>
 
 	<p>If the style sheet is installed as in this example, the categories are 
 	  private to the suite in question. They can be used by all test cases in the 
@@ -769,21 +791,6 @@
 	<p>The <c>Category</c> argument in the example above may have the
 	  value (atom) <c>sys_config</c> (white on blue), <c>sys_state</c>
 	  (black on yellow) or <c>error</c> (white on red).</p>
-
-	<p>If the <c>Category</c> argument is not specified, Common Test will
-	  use the CSS selector <c>div.default</c> for the
-	  printout. For this reason a user supplied style sheet must
-	  include this selector. Also the selector
-	  <c>div.ct_internal</c> must be included. Hence a minimal
-	  user style sheet should look like this (which is also the
-	  default style sheet Common Test uses if no user CSS file is
-	  provided):</p>
-	<pre>
-	  &lt;style&gt;
-	  div.ct_internal { background:lightgrey; color:black }
-	  div.default     { background:lightgreen; color:black }
-	  &lt;/style&gt;
-	</pre>	  
   </section>
 
   <section>
diff --git a/lib/common_test/doc/src/tc_execution.gif b/lib/common_test/doc/src/tc_execution.gif
new file mode 100644
index 0000000000..7c89d7be57
--- /dev/null
+++ b/lib/common_test/doc/src/tc_execution.gif
diff --git a/lib/common_test/doc/src/write_test_chapter.xml b/lib/common_test/doc/src/write_test_chapter.xml
index e35888e68f..c0ec26ddcc 100644
--- a/lib/common_test/doc/src/write_test_chapter.xml
+++ b/lib/common_test/doc/src/write_test_chapter.xml
@@ -68,7 +68,7 @@
 
     <p>Each test suite module must export the function <c>all/0</c>
       which returns the list of all test case groups and test cases 
-      in that module. 
+      to be executed in that module. 
     </p>
 
   </section>
@@ -369,10 +369,12 @@
     <title>Test suite info function</title>
 
       <p>The <c>suite/0</c> function can be used in a test suite
-	module to set the default values for the <c>timetrap</c> and
-	<c>require</c> tags. If a test case info function also specifies
-	any of these tags, the default value is overruled. See above for
-	more information.
+	module to e.g. set a default <c>timetrap</c> value and to
+	<c>require</c> external configuration data. If a test case-, or
+	group info function also specifies any of the info tags, it
+	overrides the default values set by <c>suite/0</c>. See the test
+	case info function above, and group info function below, for more
+	details.
       </p>
       
       <p>Other options that may be specified with the suite info list are:</p>
@@ -450,11 +452,65 @@
     <pre>
       all() -> [testcase1, {group,group1}, testcase2, {group,group2}].</pre>
 
-    <p>Properties may be combined so that e.g. if <c>shuffle</c>, 
-    <c>repeat_until_any_fail</c> and <c>sequence</c> are all specified, the test 
-    cases in the group will be executed repeatedly and in random order until
-    a test case fails, when execution is immediately stopped and the rest of 
-    the cases skipped.</p>
+    <p>It is also possible to specify execution properties with a group
+      tuple in <c>all/0</c>: <c>{group,GroupName,Properties}</c>. These
+      properties will override those specified in the group definition (see
+      <c>groups/0</c> above). This way, it's possible to run the same set of tests,
+      but with different properties, without having to make copies of the group
+      definition in question.</p>
+
+    <p>If a group contains sub-groups, the execution properties for these may
+      also be specified in the group tuple:
+      <c>{group,GroupName,Properties,SubGroups}</c>, where <c>SubGroups</c>
+      is a list of tuples, <c>{GroupName,Properties}</c>, or
+      <c>{GroupName,Properties,SubGroups}</c>, representing the sub-groups.
+      Any sub-groups defined in <c>group/0</c> for a group, that are not specified
+      in the <c>SubGroups</c> list, will simply execute with their pre-defined
+      properties.</p>
+
+    <p>Example:</p>
+    <pre>
+      groups() -> {tests1, [], [{tests2, [], [t2a,t2b]},
+                                {tests3, [], [t31,t3b]}]}.</pre>
+    <p>To execute group 'tests1' twice with different properties for 'tests2'
+      each time:</p>
+    <pre>
+      all() ->
+         [{group, tests1, default, [{tests2, [parallel]}]},
+          {group, tests1, default, [{tests2, [shuffle,{repeat,10}]}]}].</pre>
+    <p>Note that this is equivalent to this specification:</p>
+    <pre>
+      all() ->
+         [{group, tests1, default, [{tests2, [parallel]},
+                                    {tests3, default}]},
+          {group, tests1, default, [{tests2, [shuffle,{repeat,10}]},
+                                    {tests3, default}]}].</pre>
+    <p>The value <c>default</c> states that the pre-defined properties
+      should be used.</p>
+    <p>Here's an example of how to override properties in a scenario
+      with deeply nested groups:</p>
+    <pre>
+      groups() ->
+         [{tests1, [], [{group, tests2}]},
+          {tests2, [], [{group, tests3}]},
+          {tests3, [{repeat,2}], [t3a,t3b,t3c]}].
+
+      all() ->
+         [{group, tests1, default, 
+           [{tests2, default,
+             [{tests3, [parallel,{repeat,100}]}]}]}].</pre>
+
+    <p>The syntax described above may also be used in Test Specifications
+      in order to change properties of groups at the time of execution,
+      without even having to edit the test suite (please see the
+      <seealso marker="run_test_chapter#test_specifications">Test
+	Specifications</seealso> chapter for more info).</p>
+
+    <p>As illustrated above, properties may be combined. If e.g.
+      <c>shuffle</c>, <c>repeat_until_any_fail</c> and <c>sequence</c>
+      are all specified, the test cases in the group will be executed
+      repeatedly, and in random order, until a test case fails. Then
+      execution is immediately stopped and the rest of the cases skipped.</p>
 
     <p>Before execution of a group begins, the configuration function
     <c>init_per_group(GroupName, Config)</c> is called (the function is
@@ -641,6 +697,51 @@
   </section>
 
   <section>
+    <marker id="group_info"></marker>
+    <title>Group info function</title>
+
+      <p>The test case group info function, <c>group(GroupName)</c>,
+	serves the same purpose as the suite- and test case info
+	functions previously described in this chapter. The scope for
+	the group info, however, is all test cases and sub-groups in the
+	group in question (<c>GroupName</c>).</p>
+      <p>Example:</p>
+      <pre>
+	group(connection_tests) ->
+	   [{require,login_data},
+	    {timetrap,1000}].</pre>
+	
+      <p>The group info properties override those set with the
+	suite info function, and may in turn be overridden by test
+	case info properties. Please see the test case info
+	function above for a list of valid info properties and more
+	general information.</p>
+  </section>
+
+  <section>
+    <title>Info functions for init- and end-configuration</title>
+      <p>It is possible to use info functions also for the <c>init_per_suite</c>,
+	<c>end_per_suite</c>, <c>init_per_group</c>, and <c>end_per_group</c>
+	functions, and it works the same way as with info functions
+	for test cases (see above). This is useful e.g. for setting
+	timetraps and requiring external configuration data relevant
+	only for the configuration function in question (without
+	affecting properties set for groups and test cases in the suite).</p>
+
+      <p>The info function <c>init/end_per_suite()</c> is called for
+	<c>init/end_per_suite(Config)</c>, and info function
+	<c>init/end_per_group(GroupName)</c> is called for
+	<c>init/end_per_group(GroupName,Config)</c>. Info functions
+	can not be used with <c>init/end_per_testcase(TestCase, Config)</c>,
+	however, since these configuration functions execute on the test case process
+	and will use the same properties as the test case (i.e. the properties
+	set by the test case info function, <c>TestCase()</c>). Please see the test case
+	info function above for a list of valid info properties and more
+	general information.
+      </p>
+  </section>
+
+  <section>
     <marker id="data_priv_dir"></marker>
     <title>Data and Private Directories</title>
 
diff --git a/lib/common_test/priv/auxdir/config.guess b/lib/common_test/priv/auxdir/config.guess
index fefabd7dd0..38a833903b 120000..100755
--- a/lib/common_test/priv/auxdir/config.guess
+++ b/lib/common_test/priv/auxdir/config.guess
@@ -1 +1,1519 @@
-../../../../erts/autoconf/config.guess
\ No newline at end of file
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-05-17'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner <[email protected]>.
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit build system type.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# ([email protected] 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep __ELF__ >/dev/null
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# [email protected] (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:SunOS:5.*:* | ix86xen:SunOS:5.*:*)
+	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[45])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep __LP64__ >/dev/null
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:[3456]*)
+    	case ${UNAME_MACHINE} in
+	    x86) 
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    EM64T | authenticamd)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    arm*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-gnu
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-gnu
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-gnu
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    mips:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips
+	#undef mipsel
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mipsel
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips64
+	#undef mips64el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mips64el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips64
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-gnu
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-gnu
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-gnu
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
+	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
+	  *)    echo hppa-unknown-linux-gnu ;;
+	esac
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-gnu
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    tile:Linux:*:*)
+	echo tile-unknown-linux-gnu
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-gnu
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-gnu
+	exit ;;
+    xtensa:Linux:*:*)
+    	echo xtensa-unknown-linux-gnu
+	exit ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	# Set LC_ALL=C to ensure ld outputs messages in English.
+	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+		;;
+	  a.out-i386-linux)
+		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+		exit ;;
+	  coff-i386)
+		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+		exit ;;
+	  "")
+		# Either a pre-BFD a.out linker (linux-gnuoldld) or
+		# one that does not give us useful --help.
+		echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+		exit ;;
+	esac
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <features.h>
+	#ifdef __ELF__
+	# ifdef __GLIBC__
+	#  if __GLIBC__ >= 2
+	LIBC=gnu
+	#  else
+	LIBC=gnulibc1
+	#  endif
+	# else
+	LIBC=gnulibc1
+	# endif
+	#else
+	#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+	LIBC=gnu
+	#else
+	LIBC=gnuaout
+	#endif
+	#endif
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^LIBC/{
+		s: ::g
+		p
+	    }'`"
+	test x"${LIBC}" != x && {
+		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+		exit
+	}
+	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i386.
+	echo i386-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <[email protected]>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <[email protected]>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From [email protected].
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From [email protected].
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From [email protected].
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <[email protected]> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/common_test/priv/auxdir/config.sub b/lib/common_test/priv/auxdir/config.sub
index 90979e8924..f43233b104 120000..100755
--- a/lib/common_test/priv/auxdir/config.sub
+++ b/lib/common_test/priv/auxdir/config.sub
@@ -1 +1,1630 @@
-../../../../erts/autoconf/config.sub
\ No newline at end of file
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-04-29'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray)
+		os=
+		basic_machine=$1
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx \
+	| fido | fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64vr | mips64vrel \
+	| mips64orion | mips64orionel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| mt \
+	| msp430 \
+	| nios | nios2 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+	| tron-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa-* \
+	| ymp-* \
+	| z8k-*)
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16c)
+		basic_machine=cr16c-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	tile*)
+		basic_machine=tile-tilera
+		os=-linux-gnu
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+        mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/common_test/priv/auxdir/install-sh b/lib/common_test/priv/auxdir/install-sh
index 9422c370df..a5897de6ea 120000..100755
--- a/lib/common_test/priv/auxdir/install-sh
+++ b/lib/common_test/priv/auxdir/install-sh
@@ -1 +1,519 @@
-../../../../erts/autoconf/install-sh
\ No newline at end of file
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2006-12-25.00
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dst_arg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writeable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	-*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test -z "$d" && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/lib/common_test/priv/ct_default.css b/lib/common_test/priv/ct_default.css
index a64e1ec576..75f8d5db8a 100644
--- a/lib/common_test/priv/ct_default.css
+++ b/lib/common_test/priv/ct_default.css
@@ -147,7 +147,7 @@ td a:visited {
 }
 
 tr:hover th[scope=row], tr:hover td { 
-    background-color: #808080;
+    background-color: #D1D1D1;
     color: #fff;
 } 
 
diff --git a/lib/common_test/src/common_test.app.src b/lib/common_test/src/common_test.app.src
index 57606c01db..7fba484b18 100644
--- a/lib/common_test/src/common_test.app.src
+++ b/lib/common_test/src/common_test.app.src
@@ -1,7 +1,7 @@
 % This is an -*- erlang -*- file.
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2009-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/src/ct.erl b/lib/common_test/src/ct.erl
index 69e15fa246..e0e82283c4 100644
--- a/lib/common_test/src/ct.erl
+++ b/lib/common_test/src/ct.erl
@@ -63,9 +63,10 @@
 	 log/1, log/2, log/3,
 	 print/1, print/2, print/3,
 	 pal/1, pal/2, pal/3,
-	 fail/1, comment/1,
+	 capture_start/0, capture_stop/0, capture_get/0, capture_get/1,
+	 fail/1, fail/2, comment/1, comment/2,
 	 testcases/2, userdata/2, userdata/3,
-	 timetrap/1, sleep/1]).
+	 timetrap/1, get_timetrap_info/0, sleep/1]).
 
 %% New API for manipulating with config handlers
 -export([add_config/2, remove_config/2]).
@@ -108,7 +109,7 @@ install(Opts) ->
 %%%   Cases = atom() | [atom()]
 %%%   Result = [TestResult] | {error,Reason}
 %%%
-%%% @doc Run the given testcase(s).
+%%% @doc Run the given test case(s).
 %%%
 %%% <p>Requires that <code>ct:install/1</code> has been run first.</p>
 %%%
@@ -121,7 +122,7 @@ run(TestDir,Suite,Cases) ->
 %%%-----------------------------------------------------------------
 %%% @spec run(TestDir,Suite) -> Result
 %%%
-%%% @doc Run all testcases in the given suite.
+%%% @doc Run all test cases in the given suite.
 %%% @see run/3.
 run(TestDir,Suite) ->
     ct_run:run(TestDir,Suite).
@@ -130,7 +131,7 @@ run(TestDir,Suite) ->
 %%% @spec run(TestDirs) -> Result
 %%%   TestDirs = TestDir | [TestDir]
 %%%
-%%% @doc Run all testcases in all suites in the given directories.
+%%% @doc Run all test cases in all suites in the given directories.
 %%% @see run/3.
 run(TestDirs) ->
     ct_run:run(TestDirs).
@@ -440,11 +441,10 @@ log(X1,X2) ->
 %%%      Format = string()
 %%%      Args = list()
 %%%
-%%% @doc Printout from a testcase to the log. 
+%%% @doc Printout from a test case to the log file. 
 %%%
-%%% <p>This function is meant for printing stuff directly from a
-%%% testcase (i.e. not from within the CT framework) in the test
-%%% log.</p>
+%%% <p>This function is meant for printing a string directly from a
+%%% test case to the test case log file.</p>
 %%%
 %%% <p>Default <code>Category</code> is <code>default</code> and
 %%% default <code>Args</code> is <code>[]</code>.</p>
@@ -473,10 +473,10 @@ print(X1,X2) ->
 %%%      Format = string()
 %%%      Args = list()
 %%%
-%%% @doc Printout from a testcase to the console. 
+%%% @doc Printout from a test case to the console. 
 %%%
-%%% <p>This function is meant for printing stuff from a testcase on
-%%% the console.</p>
+%%% <p>This function is meant for printing a string from a test case
+%%% to the console.</p>
 %%%
 %%% <p>Default <code>Category</code> is <code>default</code> and
 %%% default <code>Args</code> is <code>[]</code>.</p>
@@ -508,16 +508,75 @@ pal(X1,X2) ->
 %%%      Format = string()
 %%%      Args = list()
 %%%
-%%% @doc Print and log from a testcase. 
+%%% @doc Print and log from a test case. 
 %%%
-%%% <p>This function is meant for printing stuff from a testcase both
-%%% in the log and on the console.</p>
+%%% <p>This function is meant for printing a string from a test case,
+%%% both to the test case log file and to the console.</p>
 %%%
 %%% <p>Default <code>Category</code> is <code>default</code> and
 %%% default <code>Args</code> is <code>[]</code>.</p>
 pal(Category,Format,Args) ->
     ct_logs:tc_pal(Category,Format,Args).
 
+%%%-----------------------------------------------------------------
+%%% @spec capture_start() -> ok
+%%%
+%%% @doc Start capturing all text strings printed to stdout during
+%%% execution of the test case.
+%%%
+%%% @see capture_stop/0
+%%% @see capture_get/1
+capture_start() ->
+    test_server:capture_start().
+
+%%%-----------------------------------------------------------------
+%%% @spec capture_stop() -> ok
+%%%
+%%% @doc Stop capturing text strings (a session started with
+%%% <code>capture_start/0</code>).
+%%%
+%%% @see capture_start/0
+%%% @see capture_get/1
+capture_stop() ->
+    test_server:capture_stop().
+
+%%%-----------------------------------------------------------------
+%%% @spec capture_get() -> ListOfStrings
+%%%      ListOfStrings = [string()]
+%%%
+%%% @equiv capture_get([default])
+capture_get() ->
+    %% remove default log printouts (e.g. ct:log/2 printouts)
+    capture_get([default]).
+
+%%%-----------------------------------------------------------------
+%%% @spec capture_get(ExclCategories) -> ListOfStrings
+%%%      ExclCategories = [atom()]
+%%%      ListOfStrings = [string()]
+%%%
+%%% @doc Return and purge the list of text strings buffered
+%%% during the latest session of capturing printouts to stdout.
+%%% With <code>ExclCategories</code> it's possible to specify
+%%% log categories that should be ignored in <code>ListOfStrings</code>.
+%%% If <code>ExclCategories = []</code>, no filtering takes place.
+%%%
+%%% @see capture_start/0
+%%% @see capture_stop/0
+%%% @see log/3
+capture_get([ExclCat | ExclCategories]) ->
+    Strs = test_server:capture_get(),
+    CatsStr = [atom_to_list(ExclCat) | 
+	       [[$| | atom_to_list(EC)] || EC <- ExclCategories]],
+    {ok,MP} = re:compile("<div class=\"(" ++ lists:flatten(CatsStr) ++ ")\">.*"),
+    lists:flatmap(fun(Str) ->
+			  case re:run(Str, MP) of
+			      {match,_} -> [];
+			      nomatch -> [Str]
+			  end
+		  end, Strs);
+
+capture_get([]) ->
+    test_server:capture_get().
 
 %%%-----------------------------------------------------------------
 %%% @spec fail(Reason) -> void()
@@ -528,18 +587,35 @@ pal(Category,Format,Args) ->
 fail(Reason) ->
     exit({test_case_failed,Reason}).
 
+
+%%%-----------------------------------------------------------------
+%%% @spec fail(Format, Args) -> void()
+%%%      Format = string()
+%%%      Args = list()
+%%%
+%%% @doc Terminate a test case with an error message specified
+%%% by a format string and a list of values (used as arguments to
+%%% <code>io_lib:format/2</code>).
+fail(Format, Args) ->
+    try io_lib:format(Format, Args) of
+	Str ->
+	    exit({test_case_failed,lists:flatten(Str)})
+    catch
+	_:BadArgs ->
+	    exit({BadArgs,{?MODULE,fail,[Format,Args]}})
+    end.
+
+
 %%%-----------------------------------------------------------------
 %%% @spec comment(Comment) -> void()
 %%%      Comment = term()
 %%%
-%%% @doc Print the given <code>Comment</code> in the comment field of
+%%% @doc Print the given <code>Comment</code> in the comment field in
 %%% the table on the test suite result page.
 %%%
 %%% <p>If called several times, only the last comment is printed.
-%%% <code>comment/1</code> is also overwritten by the return value
-%%% <code>{comment,Comment}</code> or by the function
-%%% <code>fail/1</code> (which prints <code>Reason</code> as a
-%%% comment).</p>
+%%% The test case return value <code>{comment,Comment}</code>
+%%% overwrites the string set by this function.</p>
 comment(Comment) when is_list(Comment) ->
     Formatted =
 	case (catch io_lib:format("~s",[Comment])) of
@@ -553,6 +629,29 @@ comment(Comment) ->
     Formatted = io_lib:format("~p",[Comment]),
     send_html_comment(lists:flatten(Formatted)).
 
+%%%-----------------------------------------------------------------
+%%% @spec comment(Format, Args) -> void()
+%%%      Format = string()
+%%%      Args = list()
+%%%
+%%% @doc Print the formatted string in the comment field in
+%%% the table on the test suite result page.
+%%% 
+%%% <p>The <code>Format</code> and <code>Args</code> arguments are
+%%% used in call to <code>io_lib:format/2</code> in order to create
+%%% the comment string. The behaviour of <code>comment/2</code> is
+%%% otherwise the same as the <code>comment/1</code> function (see
+%%% above for details).</p>
+comment(Format, Args) when is_list(Format), is_list(Args) ->
+    Formatted =
+	case (catch io_lib:format(Format, Args)) of
+	    {'EXIT',Reason} ->  % bad args
+		exit({Reason,{?MODULE,comment,[Format,Args]}});
+	    String ->
+		lists:flatten(String)
+	end,
+    send_html_comment(Formatted).
+
 send_html_comment(Comment) ->
     Html = "<font color=\"green\">" ++ Comment ++ "</font>",
     ct_util:set_testdata({comment,Html}),
@@ -606,7 +705,7 @@ listenv(Telnet) ->
 %%%       Testcases = list()
 %%%       Reason = term()
 %%%
-%%% @doc Returns all testcases in the specified suite.
+%%% @doc Returns all test cases in the specified suite.
 testcases(TestDir, Suite) ->
     case make_and_load(TestDir, Suite) of
 	E = {error,_} ->
@@ -664,7 +763,8 @@ userdata(TestDir, Suite) ->
 	    get_userdata(Info, "suite/0")
     end.
 
-get_userdata({'EXIT',{undef,_}}, Spec) ->
+get_userdata({'EXIT',{Undef,_}}, Spec) when Undef == undef;
+					     Undef == function_clause ->
     {error,list_to_atom(Spec ++ " is not defined")};
 get_userdata({'EXIT',Reason}, Spec) ->
     {error,{list_to_atom("error in " ++ Spec),Reason}};
@@ -680,16 +780,27 @@ get_userdata(_BadTerm, Spec) ->
     {error,list_to_atom(Spec ++ " must return a list")}.
    
 %%%-----------------------------------------------------------------
-%%% @spec userdata(TestDir, Suite, Case) -> TCUserData | {error,Reason}
+%%% @spec userdata(TestDir, Suite, GroupOrCase) -> TCUserData | {error,Reason}
 %%%       TestDir = string()
 %%%       Suite = atom()
-%%%       Case = atom()
+%%%       GroupOrCase = {group,GroupName} | atom()
+%%%       GroupName = atom()
 %%%       TCUserData = [term()]
 %%%       Reason = term()
 %%%
 %%% @doc Returns any data specified with the tag <code>userdata</code>
-%%% in the list of tuples returned from <code>Suite:Case/0</code>.
-userdata(TestDir, Suite, Case) ->
+%%% in the list of tuples returned from <code>Suite:group(GroupName)</code>
+%%% or <code>Suite:Case()</code>.
+userdata(TestDir, Suite, {group,GroupName}) ->
+    case make_and_load(TestDir, Suite) of
+	E = {error,_} ->
+	    E;
+	_ ->
+	    Info = (catch apply(Suite, group, [GroupName])),
+	    get_userdata(Info, "group("++atom_to_list(GroupName)++")")
+    end;
+
+userdata(TestDir, Suite, Case) when is_atom(Case) ->
     case make_and_load(TestDir, Suite) of
 	E = {error,_} ->
 	    E;
@@ -867,6 +978,18 @@ timetrap(Time) ->
     test_server:timetrap(Time).
 
 %%%-----------------------------------------------------------------
+%%% @spec get_timetrap_info() -> {Time,Scale}
+%%%       Time = integer() | infinity
+%%%       Scale = true | false
+%%%
+%%% @doc <p>Read info about the timetrap set for the current test case.
+%%%      <c>Scale</c> indicates if Common Test will attempt to automatically
+%%%      compensate timetraps for runtime delays introduced by e.g. tools like
+%%%      cover.</p>
+get_timetrap_info() ->
+    test_server:get_timetrap_info().
+
+%%%-----------------------------------------------------------------
 %%% @spec sleep(Time) -> ok
 %%%       Time = {hours,Hours} | {minutes,Mins} | {seconds,Secs} | Millisecs | infinity
 %%%       Hours = integer()
diff --git a/lib/common_test/src/ct_config.erl b/lib/common_test/src/ct_config.erl
index fc51aea7f3..9277af5bc1 100644
--- a/lib/common_test/src/ct_config.erl
+++ b/lib/common_test/src/ct_config.erl
@@ -1,7 +1,7 @@
 %%--------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/src/ct_config_plain.erl b/lib/common_test/src/ct_config_plain.erl
index 6698332379..237df5c8f3 100644
--- a/lib/common_test/src/ct_config_plain.erl
+++ b/lib/common_test/src/ct_config_plain.erl
@@ -1,7 +1,7 @@
 %%--------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/src/ct_config_xml.erl b/lib/common_test/src/ct_config_xml.erl
index 794174e663..6e0a016161 100644
--- a/lib/common_test/src/ct_config_xml.erl
+++ b/lib/common_test/src/ct_config_xml.erl
@@ -1,7 +1,7 @@
 %%--------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/src/ct_framework.erl b/lib/common_test/src/ct_framework.erl
index 0897675591..c24a7c238b 100644
--- a/lib/common_test/src/ct_framework.erl
+++ b/lib/common_test/src/ct_framework.erl
@@ -36,6 +36,10 @@
 -include("ct_event.hrl").
 -include("ct_util.hrl").
 
+-define(val(Key, List), proplists:get_value(Key, List)). 
+-define(val(Key, List, Def), proplists:get_value(Key, List, Def)).
+-define(rev(L), lists:reverse(L)).
+
 %%%-----------------------------------------------------------------
 %%% @spec init_tc(Mod,Func,Args) -> {ok,NewArgs} | {error,Reason} |
 %%%         {skip,Reason} | {auto_skip,Reason}
@@ -48,6 +52,8 @@
 %%% @doc Test server framework callback, called by the test_server
 %%% when a new test case is started.
 init_tc(Mod,Func,Config) ->
+    %% in case Mod == ct_framework, lookup the suite name
+    Suite = get_suite_name(Mod, Config),
     %% check if previous testcase was interpreted and has left
     %% a "dead" trace window behind - if so, kill it
     case ct_util:get_testdata(interpret) of
@@ -57,34 +63,36 @@ init_tc(Mod,Func,Config) ->
 	_ ->
 	    ok
     end,
-	    
     %% check if we need to add defaults explicitly because
     %% there's no init_per_suite exported from Mod
     {InitFailed,DoInit} =
 	case ct_util:get_testdata(curr_tc) of
-	    {Mod,{suite0_failed,_}=Failure} ->
+	    {Suite,{suite0_failed,_}=Failure} ->
 		{Failure,false};
-	    {Mod,_} ->
+	    {?MODULE,_} ->		    % should not really happen
 		{false,false};
-	    _ when Func == init_per_suite ->
+	    {Suite,_} ->	            % Func is not 1st case in suite
 		{false,false};
-	    _ ->
+	    _ when Func == init_per_suite ->	% defaults will be added anyway
+		{false,false};
+	    _ ->				% first case in suite
 		{false,true}
 	end,
     case InitFailed of
 	false ->
-	    ct_util:set_testdata({curr_tc,{Mod,Func}}),
-	    case ct_util:read_suite_data({seq,Mod,Func}) of
+	    ct_util:set_testdata({curr_tc,{Suite,Func}}),
+	    case ct_util:read_suite_data({seq,Suite,Func}) of
 		undefined ->
 		    init_tc1(Mod,Func,Config,DoInit);
 		Seq when is_atom(Seq) ->
-		    case ct_util:read_suite_data({seq,Mod,Seq}) of
+		    case ct_util:read_suite_data({seq,Suite,Seq}) of
 			[Func|TCs] ->		% this is the 1st case in Seq
 			    %% make sure no cases in this seq are marked as failed
 			    %% from an earlier execution in the same suite
-			    lists:foreach(fun(TC) ->
-						  ct_util:save_suite_data({seq,Mod,TC},Seq)
-					  end, TCs);
+			    lists:foreach(
+			      fun(TC) ->
+				      ct_util:save_suite_data({seq,Suite,TC},Seq)
+			      end, TCs);
 			_ ->
 			    ok
 		    end,
@@ -98,6 +106,17 @@ init_tc(Mod,Func,Config) ->
 	    {skip,InitFailed}
     end.	    
 
+init_tc1(?MODULE,error_in_suite,[Config0],_) when is_list(Config0) ->
+    ct_logs:init_tc(false),
+    ct_event:notify(#event{name=tc_start,
+			   node=node(),
+			   data={?MODULE,error_in_suite}}),
+    case ?val(error, Config0) of
+	undefined ->
+	    {skip,"unknown_error_in_suite"};
+	Reason ->
+	    {skip,Reason}
+    end;
 init_tc1(Mod,Func,[Config0],DoInit) when is_list(Config0) ->
     Config1 = 
 	case ct_util:read_suite_data(last_saved_config) of
@@ -122,35 +141,40 @@ init_tc1(Mod,Func,[Config0],DoInit) when is_list(Config0) ->
 	    %% release all name -> key bindings (once per suite)
 	    ct_config:release_allocated()
     end,
-    TestCaseInfo =
-	case catch apply(Mod,Func,[]) of
-	    Result when is_list(Result) -> Result;
-	    _ -> []
-	end,
+
+    GroupPath = ?val(tc_group_path, Config, []),
+    AllGroups =	[?val(tc_group_properties, Config, []) | GroupPath],
+
     %% clear all config data default values set by previous
     %% testcase info function (these should only survive the
     %% testcase, not the whole suite)
-    ct_config:delete_default_config(testcase),
-    case add_defaults(Mod,Func,TestCaseInfo,DoInit) of
+    FuncSpec = group_or_func(Func,Config0),
+    if is_tuple(FuncSpec) ->			% group
+	    ok;
+       true ->
+	    ct_config:delete_default_config(testcase)
+    end,
+    %% in case Mod == ct_framework, lookup the suite name
+    Suite = get_suite_name(Mod, Config),
+    case add_defaults(Mod,Func,AllGroups,DoInit) of
 	Error = {suite0_failed,_} ->
 	    ct_logs:init_tc(false),
-	    FuncSpec = group_or_func(Func,Config0),
 	    ct_event:notify(#event{name=tc_start,
 				   node=node(),
 				   data={Mod,FuncSpec}}),
-	    ct_util:set_testdata({curr_tc,{Mod,Error}}),
+	    ct_util:set_testdata({curr_tc,{Suite,Error}}),
 	    {error,Error};
 	{SuiteInfo,MergeResult} ->
 	    case MergeResult of
 		{error,Reason} when DoInit == false ->
 		    ct_logs:init_tc(false),
-		    FuncSpec = group_or_func(Func,Config0),
 		    ct_event:notify(#event{name=tc_start,
 					   node=node(),
 					   data={Mod,FuncSpec}}),
 		    {skip,Reason};
 		_ ->
-		    init_tc2(Mod,Func,SuiteInfo,MergeResult,Config,DoInit)
+		    init_tc2(Mod,Func,SuiteInfo,MergeResult,
+			     Config,DoInit)
 	    end
     end;
 init_tc1(_Mod,_Func,Args,_DoInit) ->
@@ -203,8 +227,9 @@ init_tc2(Mod,Func,SuiteInfo,MergeResult,Config,DoInit) ->
     ct_event:notify(#event{name=tc_start,
 			   node=node(),
 			   data={Mod,FuncSpec}}),
-    
-    case catch configure(MergedInfo1,MergedInfo1,SuiteInfo,{Func,DoInit},Config) of
+
+    case catch configure(MergedInfo1,MergedInfo1,SuiteInfo,
+			 {FuncSpec,DoInit},Config) of
 	{suite0_failed,Reason} ->
 	    ct_util:set_testdata({curr_tc,{Mod,{suite0_failed,{require,Reason}}}}),
 	    {skip,{require_failed_in_suite0,Reason}};
@@ -212,7 +237,7 @@ init_tc2(Mod,Func,SuiteInfo,MergeResult,Config,DoInit) ->
 	    {auto_skip,{require_failed,Reason}};
 	{'EXIT',Reason} ->
 	    {auto_skip,Reason};
-	{ok, FinalConfig} ->
+	{ok,FinalConfig} ->
 	    case MergeResult of
 		{error,Reason} ->
 		    %% suite0 configure finished now, report that 
@@ -241,19 +266,20 @@ ct_suite_init(Mod, Func, [Config]) when is_list(Config) ->
 	    Else
     end.
 
-add_defaults(Mod,Func,FuncInfo,DoInit) ->
-    case (catch Mod:suite()) of
+add_defaults(Mod,Func, GroupPath, DoInit) ->
+    Suite = get_suite_name(Mod, GroupPath),
+    case (catch Suite:suite()) of
 	{'EXIT',{undef,_}} ->
-	    SuiteInfo = merge_with_suite_defaults(Mod,[]),
+	    SuiteInfo = merge_with_suite_defaults(Suite,[]),
 	    SuiteInfoNoCTH = [I || I <- SuiteInfo, element(1,I) =/= ct_hooks],
-	    case add_defaults1(Mod,Func,FuncInfo,SuiteInfoNoCTH,DoInit) of
+	    case add_defaults1(Mod,Func, GroupPath, SuiteInfoNoCTH, DoInit) of
 		Error = {error,_} -> {SuiteInfo,Error};
 		MergedInfo -> {SuiteInfo,MergedInfo}
 	    end;
 	{'EXIT',Reason} ->
 	    ErrStr = io_lib:format("~n*** ERROR *** "
 				   "~w:suite/0 failed: ~p~n",
-				   [Mod,Reason]),
+				   [Suite,Reason]),
 	    io:format(ErrStr, []),
 	    io:format(user, ErrStr, []),
 	    {suite0_failed,{exited,Reason}};
@@ -262,18 +288,18 @@ add_defaults(Mod,Func,FuncInfo,DoInit) ->
 			      (_) -> false
 			   end, SuiteInfo) of
 		true ->
-		    SuiteInfo1 = merge_with_suite_defaults(Mod,SuiteInfo),
+		    SuiteInfo1 = merge_with_suite_defaults(Suite, SuiteInfo),
 		    SuiteInfoNoCTH = [I || I <- SuiteInfo1,
 					   element(1,I) =/= ct_hooks],
-		    case add_defaults1(Mod,Func,FuncInfo,
-				       SuiteInfoNoCTH,DoInit) of
+		    case add_defaults1(Mod,Func, GroupPath,
+				       SuiteInfoNoCTH, DoInit) of
 			Error = {error,_} -> {SuiteInfo1,Error};
 			MergedInfo -> {SuiteInfo1,MergedInfo}
 		    end;
 		false ->
 		    ErrStr = io_lib:format("~n*** ERROR *** "
 					   "Invalid return value from "
-					   "~w:suite/0: ~p~n", [Mod,SuiteInfo]),
+					   "~w:suite/0: ~p~n", [Suite,SuiteInfo]),
 		    io:format(ErrStr, []),
 		    io:format(user, ErrStr, []),
 		    {suite0_failed,bad_return_value}
@@ -281,57 +307,178 @@ add_defaults(Mod,Func,FuncInfo,DoInit) ->
 	SuiteInfo ->
 	    ErrStr = io_lib:format("~n*** ERROR *** "
 				   "Invalid return value from "
-				   "~w:suite/0: ~p~n", [Mod,SuiteInfo]),
+				   "~w:suite/0: ~p~n", [Suite,SuiteInfo]),
 	    io:format(ErrStr, []),
 	    io:format(user, ErrStr, []),
 	    {suite0_failed,bad_return_value}
     end.
 
-add_defaults1(_Mod,init_per_suite,[],SuiteInfo,_DoInit) ->
-    SuiteInfo;
-
-add_defaults1(Mod,Func,FuncInfo,SuiteInfo,DoInit) ->
-    %% mustn't re-require suite variables in test case info function,
-    %% can result in weird behaviour (suite values get overwritten)
+add_defaults1(Mod,Func, GroupPath, SuiteInfo, DoInit) ->
+    Suite = get_suite_name(Mod, GroupPath),
+    %% GroupPathInfo (for subgroup on level X) =
+    %%     [LevelXGroupInfo, LevelX-1GroupInfo, ..., TopLevelGroupInfo]
+    GroupPathInfo =  
+	lists:map(fun(GroupProps) ->
+			  Name = ?val(name, GroupProps),
+			  case catch Suite:group(Name) of
+			      GrInfo when is_list(GrInfo) -> GrInfo;
+			      _ -> []
+			  end
+		  end, GroupPath),
+    Args = if Func == init_per_group; Func == ct_init_per_group;
+	      Func == end_per_group; Func == ct_end_per_group ->
+		   [?val(name, hd(GroupPath))];
+	      true ->
+		   []
+	   end,
+    TestCaseInfo =
+	case catch apply(Mod,Func,Args) of
+	    TCInfo when is_list(TCInfo) -> TCInfo;
+	    _ -> []
+	end,
+    %% let test case info (also for all config funcs) override group info,
+    %% and lower level group info override higher level info
+    TCAndGroupInfo = [TestCaseInfo | remove_info_in_prev(TestCaseInfo,
+							 GroupPathInfo)],
+    %% find and save require terms found in suite info
     SuiteReqs = 
 	[SDDef || SDDef <- SuiteInfo,
 		  ((require == element(1,SDDef)) or
 		   (default_config == element(1,SDDef)))],
-    FuncReqs =
-	[FIDef || FIDef <- FuncInfo,
-		  require == element(1,FIDef)],
-    case [element(2,Clash) || Clash <- SuiteReqs,
-			      require == element(1, Clash),
-			      true == lists:keymember(element(2,Clash),2,
-						      FuncReqs)] of
+    case check_for_clashes(TestCaseInfo, GroupPathInfo, SuiteReqs) of
 	[] ->
-	    add_defaults2(Mod,Func,FuncInfo,SuiteInfo,SuiteReqs,DoInit);
+	    add_defaults2(Mod,Func, TCAndGroupInfo,SuiteInfo,SuiteReqs, DoInit);
 	Clashes ->
 	    {error,{config_name_already_in_use,Clashes}}
     end.
 
-add_defaults2(Mod,init_per_suite,IPSInfo,SuiteInfo,SuiteReqs,false) ->
-    %% not common practise to use a test case info function for
-    %% init_per_suite (usually handled by suite/0), but let's support
-    %% it just in case...
-    add_defaults2(Mod,init_per_suite,IPSInfo,SuiteInfo,SuiteReqs,true);
-
-add_defaults2(_Mod,_Func,FuncInfo,SuiteInfo,_,false) ->
-    %% include require elements from test case info, but not from suite/0
-    %% (since we've already required those vars)
-    FuncInfo ++
-	[SFDef || SFDef <- SuiteInfo,
-		  require /= element(1,SFDef),
-		  false == lists:keymember(element(1,SFDef),1,FuncInfo)];
-
-add_defaults2(_Mod,_Func,FuncInfo,SuiteInfo,SuiteReqs,true) ->
-    %% We must include require elements from suite/0 here since
-    %% there's no init_per_suite call before this first test case.
-    %% Let other test case info elements override those from suite/0.
-    FuncInfo ++ SuiteReqs ++
-	[SDDef || SDDef <- SuiteInfo,
-		  require /= element(1,SDDef),
-		  false == lists:keymember(element(1,SDDef),1,FuncInfo)].    
+get_suite_name(?MODULE, [Cfg|_]) when is_list(Cfg), Cfg /= [] ->
+    get_suite_name(?MODULE, Cfg);
+
+get_suite_name(?MODULE, Cfg) when is_list(Cfg), Cfg /= [] ->
+    case ?val(tc_group_properties, Cfg) of
+	undefined ->
+	    case ?val(suite, Cfg) of
+		undefined -> ?MODULE;
+		Suite -> Suite
+	    end;
+	GrProps ->
+	    case ?val(suite, GrProps) of
+		undefined -> ?MODULE;
+		Suite -> Suite
+	    end
+    end;
+get_suite_name(Mod, _) ->
+    Mod.
+
+%% Check that alias names are not already in use
+check_for_clashes(TCInfo, GrPathInfo, SuiteInfo) ->
+    {CurrGrInfo,SearchIn} = case GrPathInfo of
+				[] -> {[],[SuiteInfo]};
+				[Curr|Path] -> {Curr,[SuiteInfo|Path]}
+			    end,
+    ReqNames = fun(Info) -> [element(2,R) || R <- Info,
+					     size(R) == 3,
+					     require == element(1,R)]
+	       end,
+    ExistingNames = lists:flatten([ReqNames(L)  || L <- SearchIn]),
+    CurrGrReqNs = ReqNames(CurrGrInfo),
+    GrClashes = [Name || Name <- CurrGrReqNs,
+			 true == lists:member(Name, ExistingNames)],
+    AllReqNs = CurrGrReqNs ++ ExistingNames,
+    TCClashes = [Name || Name <- ReqNames(TCInfo),
+			 true == lists:member(Name, AllReqNs)],
+    TCClashes ++ GrClashes.
+
+%% Delete the info terms in Terms from all following info lists
+remove_info_in_prev(Terms, [[] | Rest]) ->
+    [[] | remove_info_in_prev(Terms, Rest)];
+remove_info_in_prev(Terms, [Info | Rest]) ->
+    UniqueInInfo = [U || U <- Info,
+			  ((timetrap == element(1,U)) and
+			   (not lists:keymember(timetrap,1,Terms))) or 
+			  ((require == element(1,U)) and
+			   (not lists:member(U,Terms))) or
+			  ((default_config == element(1,U)) and
+                           (not keysmember([default_config,1,
+					    element(2,U),2], Terms)))],
+    OtherTermsInInfo = [T || T <- Info,
+			     timetrap /= element(1,T),
+			     require /= element(1,T),
+			     default_config /= element(1,T),
+			     false == lists:keymember(element(1,T),1,
+						      Terms)],
+    KeptInfo = UniqueInInfo ++ OtherTermsInInfo,
+    [KeptInfo | remove_info_in_prev(Terms ++ KeptInfo, Rest)];
+remove_info_in_prev(_, []) ->
+    [].
+
+keysmember([Key,Pos|Next], List) ->
+    case [Elem || Elem <- List, Key == element(Pos,Elem)] of
+	[]    -> false;
+	Found -> keysmember(Next, Found)
+    end;
+keysmember([], _) -> true.
+
+
+add_defaults2(Mod,init_per_suite, IPSInfo, SuiteInfo,SuiteReqs, false) ->
+    add_defaults2(Mod,init_per_suite, IPSInfo, SuiteInfo,SuiteReqs, true);
+
+add_defaults2(_Mod,IPG, IPGAndGroupInfo, SuiteInfo,SuiteReqs, DoInit) when
+      IPG == init_per_group ; IPG == ct_init_per_group ->
+    %% If DoInit == true, we have to process the suite() list, otherwise
+    %% it has already been handled (see clause for init_per_suite)
+    case DoInit of		
+	true ->
+	    %% note: we know for sure this is a top level group
+	    Info = lists:flatten([IPGAndGroupInfo, SuiteReqs]),
+	    Info ++ remove_info_in_prev(Info, [SuiteInfo]);
+	false ->
+	    SuiteInfo1 =
+		remove_info_in_prev(lists:flatten([IPGAndGroupInfo,
+						   SuiteReqs]), [SuiteInfo]),
+	    %% don't require terms in prev groups (already processed)
+	    case IPGAndGroupInfo of
+		[IPGInfo] ->
+		    lists:flatten([IPGInfo,SuiteInfo1]);
+		[IPGInfo | [CurrGroupInfo | PrevGroupInfo]] ->
+		    PrevGroupInfo1 = delete_require_terms(PrevGroupInfo),
+		    lists:flatten([IPGInfo,CurrGroupInfo,PrevGroupInfo1,
+				   SuiteInfo1])
+	    end
+    end;
+
+add_defaults2(_Mod,_Func, TCAndGroupInfo, SuiteInfo,SuiteReqs, false) ->
+    %% Include require elements from test case info and current group,
+    %% but not from previous groups or suite/0 (since we've already required
+    %% those vars). Let test case info elements override group and suite
+    %% info elements.
+    SuiteInfo1 = remove_info_in_prev(lists:flatten([TCAndGroupInfo,
+						    SuiteReqs]), [SuiteInfo]),
+    %% don't require terms in prev groups (already processed)
+    case TCAndGroupInfo of
+	[TCInfo] ->
+	    lists:flatten([TCInfo,SuiteInfo1]);
+	[TCInfo | [CurrGroupInfo | PrevGroupInfo]] ->
+	    PrevGroupInfo1 = delete_require_terms(PrevGroupInfo),
+	    lists:flatten([TCInfo,CurrGroupInfo,PrevGroupInfo1,
+			   SuiteInfo1])
+    end;
+
+add_defaults2(_Mod,_Func, TCInfo, SuiteInfo,SuiteReqs, true) ->
+    %% Here we have to process the suite info list also (no call to
+    %% init_per_suite before this first test case). This TC can't belong
+    %% to a group, or the clause for (ct_)init_per_group would've caught this.
+    Info = lists:flatten([TCInfo, SuiteReqs]),
+    lists:flatten([Info,remove_info_in_prev(Info, [SuiteInfo])]).
+
+delete_require_terms([Info | Prev]) ->
+    Info1 = [T || T <- Info, 
+		  require /= element(1,T),
+		  default_config /= element(1,T)],
+    [Info1 | delete_require_terms(Prev)];
+delete_require_terms([]) ->
+    [].
 
 merge_with_suite_defaults(Mod,SuiteInfo) ->
     case lists:keysearch(suite_defaults,1,Mod:module_info(attributes)) of
@@ -355,16 +502,17 @@ timetrap_first([Trap = {timetrap,_} | Rest],Info,Found) ->
 timetrap_first([Other | Rest],Info,Found) ->
     timetrap_first(Rest,[Other | Info],Found);
 timetrap_first([],Info,[]) ->
-    [{timetrap,{minutes,30}} | lists:reverse(Info)];
+    [{timetrap,{minutes,30}} | ?rev(Info)];
 timetrap_first([],Info,Found) ->
-    lists:reverse(Found) ++ lists:reverse(Info).
+    ?rev(Found) ++ ?rev(Info).
 
 configure([{require,Required}|Rest],Info,SuiteInfo,Scope,Config) ->
     case ct:require(Required) of
 	ok ->
 	    configure(Rest,Info,SuiteInfo,Scope,Config);
 	Error = {error,Reason} ->
-	    case required_default('_UNDEF',Required,Info,SuiteInfo,Scope) of
+	    case required_default('_UNDEF',Required,Info,
+				  SuiteInfo,Scope) of
 		ok ->
 		    configure(Rest,Info,SuiteInfo,Scope,Config);
 		_ ->
@@ -406,18 +554,24 @@ configure([],_,_,_,Config) ->
     {ok,[Config]}.
 
 %% the require element in Info may come from suite/0 and
-%% should be scoped 'suite', or come from the testcase info
-%% function and should then be scoped 'testcase'
-required_default(Name,Key,Info,SuiteInfo,{Func,true}) ->
+%% should be scoped 'suite', or come from the group info
+%% function and be scoped 'group', or come from the testcase
+%% info function and then be scoped 'testcase'
+
+required_default(Name,Key,Info,SuiteInfo,{FuncSpec,true}) ->
     case try_set_default(Name,Key,SuiteInfo,suite) of
 	ok ->
 	    ok;
 	_ ->
-	    required_default(Name,Key,Info,[],{Func,false})
+	    required_default(Name,Key,Info,[],{FuncSpec,false})
     end;
 required_default(Name,Key,Info,_,{init_per_suite,_}) ->
     try_set_default(Name,Key,Info,suite);
-required_default(Name,Key,Info,_,_) ->
+required_default(Name,Key,Info,_,{{init_per_group,GrName,_},_}) ->
+    try_set_default(Name,Key,Info,{group,GrName});
+required_default(Name,Key,Info,_,{{ct_init_per_group,GrName,_},_}) ->
+    try_set_default(Name,Key,Info,{group,GrName});
+required_default(Name,Key,Info,_,_FuncSpec) ->
     try_set_default(Name,Key,Info,testcase).
 
 try_set_default(Name,Key,Info,Where) ->
@@ -484,7 +638,11 @@ end_tc(Mod,Func,TCPid,Result,Args,Return) ->
     ct_util:delete_suite_data(last_saved_config),
     FuncSpec =
 	case group_or_func(Func,Args) of
-	    {_,GroupName,_Props} = Group ->			       
+	    {_,GroupName,_Props} = Group ->
+		if Func == end_per_group; Func == ct_end_per_group ->
+			ct_config:delete_default_config({group,GroupName});
+		   true -> ok
+		end,
 		case lists:keysearch(save_config,1,Args) of
 		    {value,{save_config,SaveConfig}} ->
 			ct_util:save_suite_data(
@@ -703,12 +861,14 @@ mark_as_failed1(_,_,_,[]) ->
     ok.
 
 group_or_func(Func, Config) when Func == init_per_group; 
-				 Func == end_per_group ->
-    case proplists:get_value(tc_group_properties,Config) of
+				 Func == end_per_group;
+				 Func == ct_init_per_group; 
+				 Func == ct_end_per_group ->
+    case ?val(tc_group_properties, Config) of
 	undefined ->
 	    {Func,unknown,[]};
 	GrProps ->
-	    GrName = proplists:get_value(name,GrProps),
+	    GrName = ?val(name,GrProps),
 	    {Func,GrName,proplists:delete(name,GrProps)}
     end;	  
 group_or_func(Func, _Config) ->
@@ -732,7 +892,7 @@ get_suite(Mod, all) ->
 		    %% (and only) test case so we can report Error properly
 		    [{?MODULE,error_in_suite,[[Error]]}];
 		ConfTests ->
-		    get_all(Mod, ConfTests)
+		    get_all(Mod, ConfTests)		    
 	    end;
 	_ ->
 	    E = "Bad return value from "++atom_to_list(Mod)++":groups/0",
@@ -746,7 +906,7 @@ get_suite(Mod, all) ->
 
 %% group
 get_suite(Mod, Group={conf,Props,_Init,TCs,_End}) ->
-    Name = proplists:get_value(name, Props),
+    Name = ?val(name, Props),
     case catch apply(Mod, groups, []) of
 	{'EXIT',_} ->
 	    [Group];
@@ -764,14 +924,25 @@ get_suite(Mod, Group={conf,Props,_Init,TCs,_End}) ->
 			    %% a *subgroup* specified *only* as skipped (and not
 			    %% as an explicit test) should not be returned, or
 			    %% init/end functions for top groups will be executed
-			    case catch proplists:get_value(name, element(2, hd(ConfTests))) of
+			    case catch ?val(name, element(2, hd(ConfTests))) of
 				Name ->		% top group
 				    delete_subs(ConfTests, ConfTests);
 				_ ->
 				    []
 			    end;
 			false ->
-			    delete_subs(ConfTests, ConfTests)
+			    ConfTests1 = delete_subs(ConfTests, ConfTests),
+			    case ?val(override, Props) of
+				undefined ->
+				    ConfTests1;
+				[] ->
+				    ConfTests1;
+				ORSpec ->
+				    ORSpec1 = if is_tuple(ORSpec) -> [ORSpec];
+						 true -> ORSpec end,
+				    search_and_override(ConfTests1,
+							ORSpec1, Mod)
+			    end							      
 		    end
 	    end;
 	_ ->
@@ -793,13 +964,12 @@ get_all_cases(Suite) ->
 	    {error,Error};
 	Tests ->
 	    Cases = get_all_cases1(Suite, Tests),
-	    lists:reverse(
-	      lists:foldl(fun(TC, TCs) ->
-				  case lists:member(TC, TCs) of
+	    ?rev(lists:foldl(fun(TC, TCs) ->
+				     case lists:member(TC, TCs) of
 				      true  -> TCs;
-				      false -> [TC | TCs]
-				  end
-			  end, [], Cases))
+					 false -> [TC | TCs]
+				     end
+			     end, [], Cases))
     end.
 
 get_all_cases1(Suite, [{conf,_Props,_Init,GrTests,_End} | Tests]) ->
@@ -918,14 +1088,14 @@ delete_subs([], All) ->
     All.
 
 delete_conf({conf,Props,_,_,_}, Confs) ->
-    Name = proplists:get_value(name, Props),
+    Name = ?val(name, Props),
     [Conf || Conf = {conf,Props0,_,_,_} <- Confs,
-	     Name =/= proplists:get_value(name, Props0)].
+	     Name =/= ?val(name, Props0)].
 
 is_sub({conf,Props,_,_,_}=Conf, [{conf,_,_,Tests,_} | Confs]) ->
-    Name = proplists:get_value(name, Props),
+    Name = ?val(name, Props),
     case lists:any(fun({conf,Props0,_,_,_}) ->
-			   case proplists:get_value(name, Props0) of
+			   case ?val(name, Props0) of
 			       N when N == Name ->
 				   true;
 			       _ ->
@@ -1078,29 +1248,116 @@ expand_groups([H | T], ConfTests, Mod) ->
 expand_groups([], _ConfTests, _Mod) ->
     [];
 expand_groups({group,Name}, ConfTests, Mod) ->
-    FindConf = 
-	fun({conf,Props,_,_,_}) ->
-		case proplists:get_value(name, Props) of
-		    Name -> true;
-		    _    -> false
+    expand_groups({group,Name,default,[]}, ConfTests, Mod);
+expand_groups({group,Name,default}, ConfTests, Mod) ->
+    expand_groups({group,Name,default,[]}, ConfTests, Mod);
+expand_groups({group,Name,ORProps}, ConfTests, Mod) when is_list(ORProps) ->
+    expand_groups({group,Name,ORProps,[]}, ConfTests, Mod);
+expand_groups({group,Name,ORProps,SubORSpec}, ConfTests, Mod) ->
+    FindConf =
+	fun(Conf = {conf,Props,Init,Ts,End}) ->
+		case ?val(name, Props) of
+		    Name when ORProps == default ->
+			[Conf];
+		    Name ->
+			[{conf,[{name,Name}|ORProps],Init,Ts,End}];
+		    _    -> 
+			[]
 		end
 	end,					 
-    case lists:filter(FindConf, ConfTests) of
-	[ConfTest|_] ->
-	    expand_groups(ConfTest, ConfTests, Mod);
+    case lists:flatmap(FindConf, ConfTests) of
 	[] ->
-	    E = "Invalid reference to group "++
-		atom_to_list(Name)++" in "++
-		atom_to_list(Mod)++":all/0",
-	    throw({error,list_to_atom(E)})
+	    throw({error,invalid_ref_msg(Name, Mod)});
+	Matching when SubORSpec == [] -> 
+	    Matching;
+	Matching -> 
+	    override_props(Matching, SubORSpec, Name,Mod)
     end;
 expand_groups(SeqOrTC, _ConfTests, _Mod) ->
     SeqOrTC.
 
+%% search deep for the matching conf test and modify it and any 
+%% sub tests according to the override specification
+search_and_override([Conf = {conf,Props,Init,Tests,End}], ORSpec, Mod) ->
+    Name = ?val(name, Props),
+    case lists:keysearch(Name, 1, ORSpec) of
+	{value,{Name,default}} ->
+	    [Conf];
+	{value,{Name,ORProps}} ->
+	    [{conf,[{name,Name}|ORProps],Init,Tests,End}];
+	{value,{Name,default,[]}} ->
+	    [Conf];
+	{value,{Name,default,SubORSpec}} ->
+	    override_props([Conf], SubORSpec, Name,Mod);
+	{value,{Name,ORProps,SubORSpec}} ->
+	    override_props([{conf,[{name,Name}|ORProps],
+			    Init,Tests,End}], SubORSpec, Name,Mod);
+	_ ->
+	    [{conf,Props,Init,search_and_override(Tests,ORSpec,Mod),End}]
+    end.
+
+%% Modify the Tests element according to the override specification
+override_props([{conf,Props,Init,Tests,End} | Confs], SubORSpec, Name,Mod) ->
+    {Subs,SubORSpec1} = override_sub_props(Tests, [], SubORSpec, Mod),
+    [{conf,Props,Init,Subs,End} | override_props(Confs, SubORSpec1, Name,Mod)];
+override_props([], [], _,_) ->
+    [];
+override_props([], SubORSpec, Name,Mod) ->
+    Es = [invalid_ref_msg(Name, element(1,Spec), Mod) || Spec <- SubORSpec],
+    throw({error,Es}).
+
+override_sub_props([], New, ORSpec, _) ->    
+    {?rev(New),ORSpec};
+override_sub_props([T = {conf,Props,Init,Tests,End} | Ts],
+		   New, ORSpec, Mod) ->
+    Name = ?val(name, Props),
+    case lists:keysearch(Name, 1, ORSpec) of
+	{value,Spec} ->				% group found in spec
+	    Props1 =
+		case element(2, Spec) of
+		    default -> Props;
+		    ORProps -> [{name,Name} | ORProps]
+		end,
+	    case catch element(3, Spec) of
+		Undef when Undef == [] ; 'EXIT' == element(1, Undef) ->
+		    override_sub_props(Ts, [{conf,Props1,Init,Tests,End} | New],
+				       lists:keydelete(Name, 1, ORSpec), Mod);
+		SubORSpec when is_list(SubORSpec) ->
+		    case override_sub_props(Tests, [], SubORSpec, Mod) of
+			{Subs,[]} ->
+			    override_sub_props(Ts, [{conf,Props1,Init,
+						     Subs,End} | New],
+					       lists:keydelete(Name, 1, ORSpec),
+					       Mod);
+			{_,NonEmptySpec} ->
+			    Es = [invalid_ref_msg(Name, element(1, GrRef),
+						  Mod) || GrRef <- NonEmptySpec],
+			    throw({error,Es})
+		    end;
+		BadGrSpec ->
+		    throw({error,{invalid_form,BadGrSpec}})
+	    end;
+	_ ->					% not a group in spec
+	    override_sub_props(Ts, [T | New], ORSpec, Mod)
+    end;
+override_sub_props([TC | Ts], New, ORSpec, Mod) ->
+    override_sub_props(Ts, [TC | New], ORSpec, Mod).
+
+invalid_ref_msg(Name, Mod) ->
+    E = "Invalid reference to group "++
+	atom_to_list(Name)++" in "++
+	atom_to_list(Mod)++":all/0",
+    list_to_atom(E).
+
+invalid_ref_msg(Name0, Name1, Mod) ->
+    E = "Invalid reference to group "++
+	atom_to_list(Name1)++" from "++atom_to_list(Name0)++
+	" in "++atom_to_list(Mod)++":all/0",
+    list_to_atom(E).
 
 %%!============================================================
 %%! The support for sequences by means of using sequences/0
-%%! will be removed in OTP R14. The code below is only kept 
+%%! will be removed in OTP R15. The code below is only kept 
 %%! for backwards compatibility. From OTP R13 groups with
 %%! sequence property should be used instead!
 %%!============================================================
@@ -1234,8 +1491,8 @@ report(What,Data) ->
 	loginfo ->
 	    %% logfiles and direcories have been created for a test and the
 	    %% top level test index page needs to be refreshed
-	    TestName = filename:basename(proplists:get_value(topdir, Data), ".logs"),
-	    RunDir = proplists:get_value(rundir, Data),
+	    TestName = filename:basename(?val(topdir, Data), ".logs"),
+	    RunDir = ?val(rundir, Data),
 	    ct_logs:make_all_suites_index({TestName,RunDir}),
 	    ok;
 	tests_start ->
@@ -1274,6 +1531,10 @@ report(What,Data) ->
 	tests_done ->
 	    ok;
 	tc_start ->
+	    %% Data = {{Suite,Func},LogFileName}
+	    ct_event:sync_notify(#event{name=tc_logfile,
+					node=node(),
+					data=Data}),
 	    ok;
 	tc_done ->
 	    {_Suite,Case,Result} = Data,
@@ -1337,11 +1598,24 @@ report(What,Data) ->
 					node=node(),
 					data=Data}),
 	    ct_hooks:on_tc_skip(What, Data),
-	    if Case /= end_per_suite, Case /= end_per_group -> 
+	    if Case /= end_per_suite, 
+	       Case /= end_per_group,
+	       Case /= ct_end_per_group -> 
 		    add_to_stats(auto_skipped);
 	       true -> 
 		    ok
 	    end;
+	framework_error ->
+	    case Data of
+		{{M,F},E} ->
+		    ct_event:sync_notify(#event{name=tc_done,
+						node=node(),
+						data={M,F,{framework_error,E}}});
+		_ ->
+		    ct_event:sync_notify(#event{name=tc_done,
+						node=node(),
+						data=Data})
+	    end;
 	_ ->
 	    ok
     end,
diff --git a/lib/common_test/src/ct_hooks.erl b/lib/common_test/src/ct_hooks.erl
index ffafc582cf..c42adbbdd9 100644
--- a/lib/common_test/src/ct_hooks.erl
+++ b/lib/common_test/src/ct_hooks.erl
@@ -178,8 +178,9 @@ call_generic(#ct_hook_config{ module = Mod, state = State} = Hook,
 call(Fun, Config, Meta) ->
     maybe_lock(),
     Hooks = get_hooks(),
-    Res = call(get_new_hooks(Config, Fun) ++
-		   [{HookId,Fun} || #ct_hook_config{id = HookId} <- Hooks],
+    Calls = get_new_hooks(Config, Fun) ++
+	[{HookId,Fun} || #ct_hook_config{id = HookId} <- Hooks],
+    Res = call(resort(Calls,Hooks,Meta),
 	       remove(?config_name,Config), Meta, Hooks),
     maybe_unlock(),
     Res.
@@ -205,7 +206,7 @@ call([{Hook, call_id, NextFun} | Rest], Config, Meta, Hooks) ->
 		    {Hooks ++ [NewHook],
 		     [{NewId, call_init}, {NewId,NextFun} | Rest]}
 	    end,
-	call(resort(NewRest,NewHooks), Config, Meta, NewHooks)
+	call(resort(NewRest,NewHooks,Meta), Config, Meta, NewHooks)
     catch Error:Reason ->
 	    Trace = erlang:get_stacktrace(),
 	    ct_logs:log("Suite Hook","Failed to start a CTH: ~p:~p",
@@ -221,7 +222,7 @@ call([{HookId, Fun} | Rest], Config, Meta, Hooks) ->
         {NewConf, NewHook} =  Fun(Hook, Config, Meta),
         NewCalls = get_new_hooks(NewConf, Fun),
         NewHooks = lists:keyreplace(HookId, #ct_hook_config.id, Hooks, NewHook),
-        call(resort(NewCalls ++ Rest,NewHooks), %% Resort if call_init changed prio
+        call(resort(NewCalls ++ Rest,NewHooks,Meta), %% Resort if call_init changed prio
 	     remove(?config_name, NewConf), Meta,
              terminate_if_scope_ends(HookId, Meta, NewHooks))
     catch throw:{error_in_cth_call,Reason} ->
@@ -308,6 +309,18 @@ get_hooks() ->
 %% call_id < call_init < ctfirst < Priority 1 < .. < Priority N < ctlast
 %% If Hook Priority is equal, check when it has been installed and
 %% sort on that instead.
+%% If we are doing a cleanup call i.e. {post,pre}_end_per_*, all priorities
+%% are reversed. Probably want to make this sorting algorithm pluginable
+%% as some point...
+resort(Calls,Hooks,[F|_R]) when F == post_end_per_testcase;
+				F == pre_end_per_group;
+				F == post_end_per_group;
+				F == pre_end_per_suite;
+				F == post_end_per_suite ->
+    lists:reverse(resort(Calls,Hooks));
+resort(Calls,Hooks,_Meta) ->
+    resort(Calls,Hooks).
+    
 resort(Calls, Hooks) ->
     lists:sort(
       fun({_,_,_},_) ->
diff --git a/lib/common_test/src/ct_logs.erl b/lib/common_test/src/ct_logs.erl
index d66a31d9a5..19ad7b26d8 100644
--- a/lib/common_test/src/ct_logs.erl
+++ b/lib/common_test/src/ct_logs.erl
@@ -223,7 +223,6 @@ init_tc(RefreshLog) ->
 %%%
 %%% <p>This function is called by ct_framework:end_tc/3</p>
 end_tc(TCPid) ->
-    io:format(xhtml("<br>", "<br />")),
     %% use call here so that the TC process will wait and receive
     %% possible exit signals from ct_logs before end_tc returns ok 
     call({end_tc,TCPid}).
@@ -745,20 +744,19 @@ print_style(Fd,StyleSheet) ->
 		       0 -> string:str(Str,"<STYLE>");
 		       N0 -> N0
 		   end,
-	    case Pos0 of
-		0 -> print_style_error(Fd,StyleSheet,missing_style_tag);
-		_ -> 
-		    Pos1 = case string:str(Str,"</style>") of
-			       0 -> string:str(Str,"</STYLE>");
-			       N1 -> N1
-			   end,
-		    case Pos1 of
-			0 -> 
-			    print_style_error(Fd,StyleSheet,missing_style_end_tag);
-			_ -> 
-			    Style = string:sub_string(Str,Pos0,Pos1+7),
-			    io:format(Fd,"~s\n",[Style])
-		    end
+	    Pos1 = case string:str(Str,"</style>") of
+		       0 -> string:str(Str,"</STYLE>");
+		       N1 -> N1
+		   end,
+	    if (Pos0 == 0) and (Pos1 /= 0) ->
+		    print_style_error(Fd,StyleSheet,missing_style_start_tag);
+	       (Pos0 /= 0) and (Pos1 == 0) ->
+		    print_style_error(Fd,StyleSheet,missing_style_end_tag);
+	       Pos0 /= 0 ->
+		    Style = string:sub_string(Str,Pos0,Pos1+7),
+		    io:format(Fd,"~s\n",[Style]);
+	       Pos0 == 0 ->
+		    io:format(Fd,"<style>~s</style>\n",[Str])
 	    end;
 	{error,Reason} ->
 	    print_style_error(Fd,StyleSheet,Reason)  
diff --git a/lib/common_test/src/ct_make.erl b/lib/common_test/src/ct_make.erl
index 40e9e99f37..8ddb91d355 100644
--- a/lib/common_test/src/ct_make.erl
+++ b/lib/common_test/src/ct_make.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/src/ct_run.erl b/lib/common_test/src/ct_run.erl
index 0a9bb5af67..05b10bca32 100644
--- a/lib/common_test/src/ct_run.erl
+++ b/lib/common_test/src/ct_run.erl
@@ -1660,6 +1660,14 @@ final_tests1([{TestDir,Suite,GrsOrCs}|Tests], Final, Skip, Bad) when
 		     ({skipped,Group,TCs}) ->
 			  [ct_framework:make_conf(TestDir, Suite,
 						  Group, [skipped], TCs)];
+		     ({GrSpec = {Group,_},TCs}) ->
+			  Props = [{override,GrSpec}],
+			  [ct_framework:make_conf(TestDir, Suite,
+						  Group, Props, TCs)];
+		     ({GrSpec = {Group,_,_},TCs}) ->
+			  Props = [{override,GrSpec}],
+			  [ct_framework:make_conf(TestDir, Suite,
+						  Group, Props, TCs)];
 		     ({Group,TCs}) ->
 			  [ct_framework:make_conf(TestDir, Suite,
 						  Group, [], TCs)];
diff --git a/lib/common_test/src/ct_telnet.erl b/lib/common_test/src/ct_telnet.erl
index 71a784870c..f4a551e3ff 100644
--- a/lib/common_test/src/ct_telnet.erl
+++ b/lib/common_test/src/ct_telnet.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2003-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/src/ct_testspec.erl b/lib/common_test/src/ct_testspec.erl
index 317910d5c8..b68cbd3aa1 100644
--- a/lib/common_test/src/ct_testspec.erl
+++ b/lib/common_test/src/ct_testspec.erl
@@ -878,7 +878,11 @@ separate([],_,_,_) ->
 %%              {Suite2,[GrOrCase21,GrOrCase22,...]},...]}
 %% {{Node,Dir},[{Suite1,{skip,Cmt}},
 %%              {Suite2,[{GrOrCase21,{skip,Cmt}},GrOrCase22,...]},...]}
-%% GrOrCase = {GroupName,[Case1,Case2,...]} | Case
+%% GrOrCase = {GroupSpec,[Case1,Case2,...]} | Case
+%% GroupSpec = {GroupName,OverrideProps} |
+%%             {GroupName,OverrideProps,SubGroupSpec}
+%% OverrideProps = Props | default
+%% SubGroupSpec = GroupSpec | []
 
 insert_suites(Node,Dir,[S|Ss],Tests, MergeTests) ->
     Tests1 = insert_cases(Node,Dir,S,all,Tests,MergeTests),
@@ -889,7 +893,7 @@ insert_suites(Node,Dir,S,Tests,MergeTests) ->
     insert_suites(Node,Dir,[S],Tests,MergeTests).
 
 insert_groups(Node,Dir,Suite,Group,Cases,Tests,MergeTests) 
-  when is_atom(Group) ->
+  when is_atom(Group); is_tuple(Group) ->
     insert_groups(Node,Dir,Suite,[Group],Cases,Tests,MergeTests);
 insert_groups(Node,Dir,Suite,Groups,Cases,Tests,false) when
       ((Cases == all) or is_list(Cases)) and is_list(Groups) ->
diff --git a/lib/common_test/test/Makefile b/lib/common_test/test/Makefile
index b7b099069c..284612b8f7 100644
--- a/lib/common_test/test/Makefile
+++ b/lib/common_test/test/Makefile
@@ -30,8 +30,11 @@ MODULES= \
 	ct_userconfig_callback \
 	ct_smoke_test_SUITE \
 	ct_event_handler_SUITE \
+	ct_config_info_SUITE \
 	ct_groups_test_1_SUITE \
 	ct_groups_test_2_SUITE \
+	ct_group_info_SUITE \
+	ct_groups_spec_SUITE \
 	ct_sequence_1_SUITE \
 	ct_repeat_1_SUITE \
 	ct_testspec_1_SUITE \
diff --git a/lib/common_test/test/ct_config_SUITE.erl b/lib/common_test/test/ct_config_SUITE.erl
index 8ce75f582a..18218bee47 100644
--- a/lib/common_test/test/ct_config_SUITE.erl
+++ b/lib/common_test/test/ct_config_SUITE.erl
@@ -228,7 +228,7 @@ expected_events(config_static_SUITE)->
      {?eh,tc_start,{config_static_SUITE,test_config_name_already_in_use2}},
      {?eh,tc_done,
       {config_static_SUITE,test_config_name_already_in_use2,
-       {skipped,{config_name_already_in_use,[x1,alias]}}}},
+       {skipped,{config_name_already_in_use,[alias,x1]}}}},
      {?eh,test_stats,{4,0,{2,0}}},
      {?eh,tc_start,{config_static_SUITE,test_alias_tclocal}},
      {?eh,tc_done,{config_static_SUITE,test_alias_tclocal,ok}},
diff --git a/lib/common_test/test/ct_config_info_SUITE.erl b/lib/common_test/test/ct_config_info_SUITE.erl
new file mode 100644
index 0000000000..40da377ee5
--- /dev/null
+++ b/lib/common_test/test/ct_config_info_SUITE.erl
@@ -0,0 +1,178 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%%-------------------------------------------------------------------
+%%% File: ct_config_info_SUITE
+%%%
+%%% Description: Test how Common Test handles info functions
+%%% for the config functions.
+%%%
+%%%-------------------------------------------------------------------
+-module(ct_config_info_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("common_test/include/ct_event.hrl").
+
+-define(eh, ct_test_support_eh).
+
+%%--------------------------------------------------------------------
+%% TEST SERVER CALLBACK FUNCTIONS
+%%--------------------------------------------------------------------
+
+%%--------------------------------------------------------------------
+%% Description: Since Common Test starts another Test Server
+%% instance, the tests need to be performed on a separate node (or
+%% there will be clashes with logging processes etc).
+%%--------------------------------------------------------------------
+init_per_suite(Config) ->
+    Config1 = ct_test_support:init_per_suite(Config),
+    Config1.
+
+end_per_suite(Config) ->
+    ct_test_support:end_per_suite(Config).
+
+init_per_testcase(TestCase, Config) ->
+    ct_test_support:init_per_testcase(TestCase, Config).
+
+end_per_testcase(TestCase, Config) ->
+    ct_test_support:end_per_testcase(TestCase, Config).
+
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() -> 
+    [
+     config_info
+    ].
+
+%%--------------------------------------------------------------------
+%% TEST CASES
+%%--------------------------------------------------------------------
+
+%%%-----------------------------------------------------------------
+%%% 
+config_info(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "config_info_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},
+			  {label,config_info}], Config),
+    ok = execute(config_info, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% HELP FUNCTIONS
+%%%-----------------------------------------------------------------
+
+setup(Test, Config) ->
+    Opts0 = ct_test_support:get_opts(Config),
+    Level = ?config(trace_level, Config),
+    EvHArgs = [{cbm,ct_test_support},{trace_level,Level}],
+    Opts = Opts0 ++ [{event_handler,{?eh,EvHArgs}}|Test],
+    ERPid = ct_test_support:start_event_receiver(Config),
+    {Opts,ERPid}.
+
+execute(Name, Opts, ERPid, Config) ->
+    ok = ct_test_support:run(Opts, Config),
+    Events = ct_test_support:get_events(ERPid, Config),
+
+    ct_test_support:log_events(Name, 
+			       reformat(Events, ?eh),
+			       ?config(priv_dir, Config),
+			       Opts),
+
+    TestEvents = events_to_check(Name),
+    ct_test_support:verify_events(TestEvents, Events, Config).
+
+reformat(Events, EH) ->
+    ct_test_support:reformat(Events, EH).
+
+%%%-----------------------------------------------------------------
+%%% TEST EVENTS
+%%%-----------------------------------------------------------------
+events_to_check(Test) ->
+    %% 2 tests (ct:run_test + script_start) is default
+    events_to_check(Test, 2).
+
+events_to_check(_, 0) ->
+    [];
+events_to_check(Test, N) ->
+    test_events(Test) ++ events_to_check(Test, N-1).
+
+
+test_events(config_info) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,6}},
+     {?eh,tc_done,{config_info_1_SUITE,init_per_suite,ok}},
+
+     [{?eh,tc_start,{config_info_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{config_info_1_SUITE,
+		    {init_per_group,unknown,[]},
+		    {failed,{timetrap_timeout,350}}}},
+      {?eh,tc_auto_skip,{config_info_1_SUITE,t11,
+	{failed,{config_info_1_SUITE,init_per_group,{timetrap_timeout,350}}}}},
+      {?eh,tc_auto_skip,{config_info_1_SUITE,end_per_group,
+			 {failed,{config_info_1_SUITE,init_per_group,
+				  {timetrap_timeout,350}}}}}],
+
+     [{?eh,tc_start,{config_info_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{config_info_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{config_info_1_SUITE,t21,ok}},
+      {?eh,tc_start,{config_info_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{config_info_1_SUITE,
+		    {end_per_group,unknown,[]},
+		    {failed,{timetrap_timeout,450}}}}],
+     [{?eh,tc_start,{config_info_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{config_info_1_SUITE,{init_per_group,g3,[]},ok}},
+      [{?eh,tc_start,{config_info_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{config_info_1_SUITE,
+		     {init_per_group,unknown,[]},
+		     {failed,{timetrap_timeout,400}}}},
+       {?eh,tc_auto_skip,{config_info_1_SUITE,t41,
+	 {failed,{config_info_1_SUITE,init_per_group,
+		  {timetrap_timeout,400}}}}},
+       {?eh,tc_auto_skip,{config_info_1_SUITE,end_per_group,
+	 {failed,{config_info_1_SUITE,init_per_group,
+		  {timetrap_timeout,400}}}}}],
+      {?eh,tc_start,{config_info_1_SUITE,t31}},
+      {?eh,tc_done,{config_info_1_SUITE,t31,
+		    {skipped,{failed,{config_info_1_SUITE,init_per_testcase,
+				      {timetrap_timeout,250}}}}}},
+      {?eh,tc_start,{config_info_1_SUITE,t32}},
+      {?eh,tc_done,{config_info_1_SUITE,t32,
+		    {failed,{config_info_1_SUITE,end_per_testcase,
+			     {timetrap_timeout,250}}}}},
+
+      [{?eh,tc_start,{config_info_1_SUITE,{init_per_group,g5,[]}}},
+       {?eh,tc_done,{config_info_1_SUITE,{init_per_group,g5,[]},ok}},
+       {?eh,tc_done,{config_info_1_SUITE,t51,ok}},
+       {?eh,tc_start,{config_info_1_SUITE,{end_per_group,g5,[]}}},
+       {?eh,tc_done,{config_info_1_SUITE,
+		     {end_per_group,unknown,[]},
+		     {failed,{timetrap_timeout,400}}}}],
+      {?eh,tc_start,{config_info_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{config_info_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     {?eh,tc_start,{config_info_1_SUITE,end_per_suite}},
+     {?eh,tc_done,{config_info_1_SUITE,end_per_suite,
+		   {failed,{timetrap_timeout,300}}}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ].
diff --git a/lib/common_test/test/ct_config_info_SUITE_data/config_info_1_SUITE.erl b/lib/common_test/test/ct_config_info_SUITE_data/config_info_1_SUITE.erl
new file mode 100644
index 0000000000..53a233b7a4
--- /dev/null
+++ b/lib/common_test/test/ct_config_info_SUITE_data/config_info_1_SUITE.erl
@@ -0,0 +1,168 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(config_info_1_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+%%%-----------------------------------------------------------------
+
+suite() ->
+    [{timetrap,500}].
+
+%%%-----------------------------------------------------------------
+
+group(_) ->
+    [{timetrap,250}].
+
+%%%-----------------------------------------------------------------
+
+init_per_suite() ->
+    ct:pal("init_per_suite info called", []),
+    [{timetrap,1000},
+     {require,suite_data},
+     {default_config,suite_data,suite_data_val}].
+
+init_per_suite(Config) ->
+    suite_data_val = ct:get_config(suite_data),
+    ct:sleep(750),
+    Config.
+
+%%%-----------------------------------------------------------------
+
+end_per_suite() ->
+    ct:pal("end_per_suite info called", []),
+    [{timetrap,300},
+     {require,suite_data2},
+     {default_config,suite_data2,suite_data2_val}].
+
+end_per_suite(_Config) ->
+    suite_data2_val = ct:get_config(suite_data2),
+    ct:sleep(500),
+    ok.
+
+%%%-----------------------------------------------------------------
+
+init_per_group(g1) ->
+    ct:pal("init_per_group(g1) info called", []),
+    [{timetrap,350}];
+init_per_group(G) ->
+    ct:pal("init_per_group(~w) info called", [G]),
+    [{timetrap,400}].
+
+init_per_group(g1, _Config) ->
+    ct:sleep(1000);
+init_per_group(g4, _Config) ->
+    ct:sleep(1000);
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, GrProps1])),
+    ct:pal("init( ~w ): ~p", [G, GrProps1]),
+    Config.
+
+%%%-----------------------------------------------------------------
+
+end_per_group(g2) ->
+    ct:pal("end_per_group(g2) info called", []),
+    [{timetrap,450}];
+end_per_group(G) ->
+    ct:pal("end_per_group(~w) info called", [G]),
+    [{timetrap,400}].
+
+end_per_group(g2, _Config) ->
+    ct:sleep(1000);
+end_per_group(g5, _Config) ->
+    ct:sleep(1000);
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("end( ~w ): ~p", [G, GrProps1])),
+    ct:pal("end( ~w ): ~p", [G, GrProps1]),
+    ok.
+
+%%%-----------------------------------------------------------------
+init_per_testcase() ->
+    [{timetrap,750}].
+
+init_per_testcase(t1, _Config) ->
+    ct:sleep(1000);
+init_per_testcase(t31, _Config) ->
+    ct:sleep(1000);
+init_per_testcase(_TestCase, Config) ->
+    Config.
+
+%%%-----------------------------------------------------------------
+
+end_per_testcase() ->
+    [{timetrap,600}].
+
+end_per_testcase(t2, _Config) ->
+    ct:sleep(1000);
+end_per_testcase(t32, _Config) ->
+    ct:sleep(1000);
+end_per_testcase(_TestCase, _Config) ->
+    ok.
+
+%%--------------------------------------------------------------------
+%% TEST DECLARATIONS
+%%--------------------------------------------------------------------
+
+groups() ->
+    [
+     {g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[{g4,[],[t41]}, t31, t32, {g5,[],[t51]}]}
+    ].
+
+all() -> 
+    [
+     {group,g1},
+     {group,g2},
+     {group,g3}
+    ].
+
+%%-----------------------------------------------------------------
+%% TEST CASES
+%%-----------------------------------------------------------------
+
+t1(_) ->
+    exit(should_not_execute).
+
+t2(_) ->
+    ok.
+
+t11(_) ->
+    exit(should_not_execute).
+
+t21(_) ->
+    ok.
+
+t31(_) ->
+    exit(should_not_execute).
+
+t32(_) ->
+    ok.
+
+t41(_) ->
+    exit(should_not_execute).
+
+t51(_) ->
+    ok.
diff --git a/lib/common_test/test/ct_error_SUITE.erl b/lib/common_test/test/ct_error_SUITE.erl
index c1a455c6d8..2b3157ff3b 100644
--- a/lib/common_test/test/ct_error_SUITE.erl
+++ b/lib/common_test/test/ct_error_SUITE.erl
@@ -493,7 +493,7 @@ test_events(cfg_error) ->
      {?eh,tc_start,{cfg_error_9_SUITE,tc1}},
      {?eh,tc_done,{cfg_error_9_SUITE,tc1,
 		   {skipped,{failed,{cfg_error_9_SUITE,init_per_testcase,
-				     tc1_should_be_skipped}}}}},
+				     {tc1_should_be_skipped,'_'}}}}}},
      {?eh,test_stats,{9,0,{0,15}}},
      {?eh,tc_start,{cfg_error_9_SUITE,tc2}},
      {?eh,tc_done,{cfg_error_9_SUITE,tc2,
@@ -535,12 +535,7 @@ test_events(cfg_error) ->
      {?eh,tc_start,{cfg_error_9_SUITE,tc13}},
      {?eh,tc_done,{cfg_error_9_SUITE,tc13,
 		   {failed,{cfg_error_9_SUITE,end_per_testcase,
-			    {'EXIT',{{badmatch,undefined},
-				     [{cfg_error_9_SUITE,end_per_testcase,2},
-				      {test_server,my_apply,3},
-				      {test_server,do_end_per_testcase,4},
-				      {test_server,run_test_case_eval1,6},
-				      {test_server,run_test_case_eval,9}]}}}}}},
+			    {'EXIT',{{badmatch,undefined},'_'}}}}}},
      {?eh,test_stats,{12,3,{0,18}}},
      {?eh,tc_start,{cfg_error_9_SUITE,tc14}},
      {?eh,tc_done,
@@ -568,8 +563,8 @@ test_events(cfg_error) ->
      {?eh,tc_start,{cfg_error_11_SUITE,init_per_suite}},
      {?eh,tc_done,{cfg_error_11_SUITE,init_per_suite,ok}},
      {?eh,tc_start,{cfg_error_11_SUITE,tc1}},
-     {?eh,tc_done,{cfg_error_11_SUITE,tc1,
-		   {skipped,{config_name_already_in_use,[dummy0]}}}},
+     {?eh,tc_done, {cfg_error_11_SUITE,tc1,
+		    {skipped,{config_name_already_in_use,[dummy_alias]}}}},
      {?eh,test_stats,{12,6,{1,19}}},
      {?eh,tc_start,{cfg_error_11_SUITE,tc2}},
      {?eh,tc_done,{cfg_error_11_SUITE,tc2,ok}},
@@ -577,7 +572,7 @@ test_events(cfg_error) ->
      {?eh,tc_start,{cfg_error_11_SUITE,end_per_suite}},
      {?eh,tc_done,{cfg_error_11_SUITE,end_per_suite,ok}},
      {?eh,tc_start,{cfg_error_12_SUITE,tc1}},
-     {?eh,tc_done,{cfg_error_12_SUITE,tc1,{failed,{timetrap_timeout,500}}}},
+     {?eh,tc_done,{ct_framework,init_tc,{framework_error,{timetrap,500}}}},
      {?eh,test_stats,{13,7,{1,19}}},
      {?eh,tc_start,{cfg_error_12_SUITE,tc2}},
      {?eh,tc_done,{cfg_error_12_SUITE,tc2,{failed,
@@ -875,10 +870,10 @@ test_events(timetrap_fun) ->
      {?eh,tc_done,
       {timetrap_6_SUITE,init_per_suite,{skipped,{timetrap_error,kaboom}}}},
      {?eh,tc_auto_skip,
-      {timetrap_6_SUITE,tc0,{fw_auto_skip,{timetrap_error,kaboom}}}},
+      {timetrap_6_SUITE,tc0,{timetrap_error,kaboom}}},
      {?eh,test_stats,{0,8,{0,5}}},
      {?eh,tc_auto_skip,
-      {timetrap_6_SUITE,end_per_suite,{fw_auto_skip,{timetrap_error,kaboom}}}},
+      {timetrap_6_SUITE,end_per_suite,{timetrap_error,kaboom}}},
 
      {?eh,tc_done,{timetrap_7_SUITE,init_per_suite,ok}},
      {?eh,tc_start,{timetrap_7_SUITE,tc0}},
diff --git a/lib/common_test/test/ct_error_SUITE_data/error/test/cfg_error_11_SUITE.erl b/lib/common_test/test/ct_error_SUITE_data/error/test/cfg_error_11_SUITE.erl
index ce94533110..879561ebb9 100644
--- a/lib/common_test/test/ct_error_SUITE_data/error/test/cfg_error_11_SUITE.erl
+++ b/lib/common_test/test/ct_error_SUITE_data/error/test/cfg_error_11_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -29,10 +29,7 @@
 suite() ->
     [{timetrap,{seconds,2}},
      {require, dummy0}, {default_config, dummy0, "suite/0"},
-     {require, dummy1}, {default_config, dummy1, "suite/0"},
-     {require, dummy2}, {default_config, dummy2, "suite/0"}].
-
-
+     {require, dummy_alias, dummy1}, {default_config, dummy1, "suite/0"}].
 
 %%--------------------------------------------------------------------
 %% Function: init_per_suite(Config0) ->
@@ -119,16 +116,17 @@ groups() ->
 %% Reason = term()
 %%--------------------------------------------------------------------
 all() ->
-    [tc1, tc2].
+    [tc1,tc2].
 
 tc1() ->
-    [{require, dummy0}, {default_config, dummy0, "tc1"}].
+    [{require, dummy0}, {default_config, dummy0, "tc1"},
+     {require, dummy_alias, dummy2}, {default_config, dummy2, "tc1"}].
 
 tc1(_) ->
     dummy.
 
 tc2() ->
-    [{timetrap,1}].
+    [{timetrap,10}].
 
 tc2(_) ->
     dummy.
diff --git a/lib/common_test/test/ct_group_info_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE.erl
new file mode 100644
index 0000000000..2da8219196
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE.erl
@@ -0,0 +1,859 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%%-------------------------------------------------------------------
+%%% File: ct_group_info_SUITE
+%%%
+%%% Description: 
+%%% Test that the group info function works as expected with regards
+%%% to timetraps and require (and default config values).
+%%%
+%%%-------------------------------------------------------------------
+-module(ct_group_info_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("common_test/include/ct_event.hrl").
+
+-define(eh, ct_test_support_eh).
+
+%%--------------------------------------------------------------------
+%% TEST SERVER CALLBACK FUNCTIONS
+%%--------------------------------------------------------------------
+
+%%--------------------------------------------------------------------
+%% Description: Since Common Test starts another Test Server
+%% instance, the tests need to be performed on a separate node (or
+%% there will be clashes with logging processes etc).
+%%--------------------------------------------------------------------
+init_per_suite(Config) ->
+    Config1 = ct_test_support:init_per_suite(Config),
+    Config1.
+
+end_per_suite(Config) ->
+    ct_test_support:end_per_suite(Config).
+
+init_per_testcase(TestCase, Config) ->
+    ct_test_support:init_per_testcase(TestCase, Config).
+
+end_per_testcase(TestCase, Config) ->
+    ct_test_support:end_per_testcase(TestCase, Config).
+
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() -> 
+    [
+     timetrap_all,
+     timetrap_group,
+     timetrap_group_case,
+     timetrap_all_no_ips,
+     timetrap_all_no_ipg,
+     require,
+     require_default,
+     require_no_ips,
+     require_no_ipg
+    ].
+
+%%--------------------------------------------------------------------
+%% TEST CASES
+%%--------------------------------------------------------------------
+
+%%%-----------------------------------------------------------------
+%%% 
+timetrap_all(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_timetrap_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},
+			  {label,timetrap_all}], Config),
+    ok = execute(timetrap_all, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+timetrap_group(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_timetrap_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},{group,[g1,g3,g7]},
+			  {label,timetrap_group}], Config),
+    ok = execute(timetrap_group, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+timetrap_group_case(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_timetrap_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},{group,g4},{testcase,t41},
+			  {label,timetrap_group_case}], Config),
+    ok = execute(timetrap_group_case, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+timetrap_all_no_ips(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_timetrap_2_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},
+			  {label,timetrap_all_no_ips}], Config),
+    ok = execute(timetrap_all_no_ips, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+timetrap_all_no_ipg(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_timetrap_3_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},
+			  {label,timetrap_all_no_ipg}], Config),
+    ok = execute(timetrap_all_no_ipg, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+require(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_require_1_SUITE"),
+    CfgFile = filename:join(DataDir, "vars.cfg"),
+    {Opts,ERPid} = setup([{suite,Suite},{config,CfgFile},
+			  {label,require}], Config),
+    ok = execute(require, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+require_default(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_require_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},
+			  {label,require_default}], Config),
+    ok = execute(require_default, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+require_no_ips(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_require_2_SUITE"),
+    CfgFile = filename:join(DataDir, "vars.cfg"),
+    {Opts,ERPid} = setup([{suite,Suite},{config,CfgFile},
+			  {label,require_no_ips}], Config),
+    ok = execute(require_no_ips, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+require_no_ipg(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_require_3_SUITE"),
+    CfgFile = filename:join(DataDir, "vars.cfg"),
+    {Opts,ERPid} = setup([{suite,Suite},{config,CfgFile},
+			  {label,require_no_ipg}], Config),
+    ok = execute(require_no_ipg, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% HELP FUNCTIONS
+%%%-----------------------------------------------------------------
+
+setup(Test, Config) ->
+    Opts0 = ct_test_support:get_opts(Config),
+    Level = ?config(trace_level, Config),
+    EvHArgs = [{cbm,ct_test_support},{trace_level,Level}],
+    Opts = Opts0 ++ [{event_handler,{?eh,EvHArgs}}|Test],
+    ERPid = ct_test_support:start_event_receiver(Config),
+    {Opts,ERPid}.
+
+execute(Name, Opts, ERPid, Config) ->
+    ok = ct_test_support:run(Opts, Config),
+    Events = ct_test_support:get_events(ERPid, Config),
+
+    ct_test_support:log_events(Name, 
+			       reformat(Events, ?eh),
+			       ?config(priv_dir, Config),
+			       Opts),
+
+    TestEvents = events_to_check(Name),
+    ct_test_support:verify_events(TestEvents, Events, Config).
+
+reformat(Events, EH) ->
+    ct_test_support:reformat(Events, EH).
+
+%%%-----------------------------------------------------------------
+%%% TEST EVENTS
+%%%-----------------------------------------------------------------
+events_to_check(Test) ->
+    %% 2 tests (ct:run_test + script_start) is default
+    events_to_check(Test, 2).
+
+events_to_check(_, 0) ->
+    [];
+events_to_check(Test, N) ->
+    test_events(Test) ++ events_to_check(Test, N-1).
+
+
+test_events(timetrap_all) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,14}},
+     {?eh,tc_done,{group_timetrap_1_SUITE,init_per_suite,ok}},
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,t1,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t11,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t21,{failed,{timetrap_timeout,1500}}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g2,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,t2,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g3,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t41,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_1_SUITE,t31,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g5,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t51,{failed,{timetrap_timeout,1500}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g5,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,t3,{failed,{timetrap_timeout,250}}}},
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g6,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g6,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t61,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g6,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g6,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g7,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g8,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t81,{failed,{timetrap_timeout,750}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g8,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_1_SUITE,t71,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g9,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t91,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g9,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g7,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g10,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g10,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t101,{failed,{timetrap_timeout,1000}}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g10,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g10,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g11,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g11,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t111,{failed,{timetrap_timeout,1000}}}},
+      {?eh,test_stats,{0,14,{0,0}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g11,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g11,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(timetrap_group) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,7}},
+     {?eh,tc_done,{group_timetrap_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t11,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g3,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t41,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_1_SUITE,t31,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g5,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t51,{failed,{timetrap_timeout,1500}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g5,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g7,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g8,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t81,{failed,{timetrap_timeout,750}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g8,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_1_SUITE,t71,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g9,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t91,{failed,{timetrap_timeout,250}}}},
+       {?eh,test_stats,{0,7,{0,0}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g9,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g7,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(timetrap_group_case) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,1}},
+     {?eh,tc_done,{group_timetrap_1_SUITE,init_per_suite,ok}},
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g3,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t41,{failed,{timetrap_timeout,250}}}},
+       {?eh,test_stats,{0,1,{0,0}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(timetrap_all_no_ips) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,14}},
+
+     {?eh,tc_done,{group_timetrap_2_SUITE,t1,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,t11,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,t21,{failed,{timetrap_timeout,1500}}}},
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g2,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_2_SUITE,t2,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g3,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,t41,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_2_SUITE,t31,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g5,[]},ok}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,t51,{failed,{timetrap_timeout,1500}}}},
+       {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g5,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g3,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_2_SUITE,t3,{failed,{timetrap_timeout,250}}}},
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g6,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g6,[]},ok}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,t61,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g6,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g6,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g7,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g8,[]},ok}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,t81,{failed,{timetrap_timeout,750}}}},
+       {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g8,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_2_SUITE,t71,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g9,[]},ok}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,t91,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g9,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g7,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g10,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g10,[]},ok}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,t101,{failed,{timetrap_timeout,1000}}}},
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g10,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g10,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g11,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g11,[]},ok}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,t111,{failed,{timetrap_timeout,1000}}}},
+      {?eh,test_stats,{0,14,{0,0}}},
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g11,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g11,[]},ok}}],
+
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(timetrap_all_no_ipg) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,14}},
+
+     {?eh,tc_done,{group_timetrap_3_SUITE,t1,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g1,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g1,[{suite,group_timetrap_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_timetrap_3_SUITE,t11,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g1,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g1,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g2,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g2,[{suite,group_timetrap_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_timetrap_3_SUITE,t21,{failed,{timetrap_timeout,1500}}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g2,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g2,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_3_SUITE,t2,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g3,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g3,[{suite,group_timetrap_3_SUITE}]},ok}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g4,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g4,[{suite,group_timetrap_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_timetrap_3_SUITE,t41,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g4,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g4,[{suite,group_timetrap_3_SUITE}]},ok}}],
+      {?eh,tc_done,{group_timetrap_3_SUITE,t31,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g5,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g5,[{suite,group_timetrap_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_timetrap_3_SUITE,t51,{failed,{timetrap_timeout,1500}}}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g5,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g5,[{suite,group_timetrap_3_SUITE}]},ok}}],
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g3,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g3,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_3_SUITE,t3,{failed,{timetrap_timeout,250}}}},
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g6,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g6,[{suite,group_timetrap_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_timetrap_3_SUITE,t61,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g6,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g6,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g7,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g7,[{suite,group_timetrap_3_SUITE}]},ok}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g8,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g8,[{suite,group_timetrap_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_timetrap_3_SUITE,t81,{failed,{timetrap_timeout,750}}}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g8,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g8,[{suite,group_timetrap_3_SUITE}]},ok}}],
+      {?eh,tc_done,{group_timetrap_3_SUITE,t71,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g9,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g9,[{suite,group_timetrap_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_timetrap_3_SUITE,t91,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g9,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g9,[{suite,group_timetrap_3_SUITE}]},ok}}],
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g7,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g7,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g10,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g10,[{suite,group_timetrap_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_timetrap_3_SUITE,t101,{failed,{timetrap_timeout,1000}}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g10,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g10,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g11,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g11,[{suite,group_timetrap_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_timetrap_3_SUITE,t111,{failed,{timetrap_timeout,1000}}}},
+      {?eh,test_stats,{0,14,{0,0}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g11,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g11,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(require) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,13}},
+     {?eh,tc_done,{group_require_1_SUITE,init_per_suite,ok}},
+     {?eh,tc_done,{group_require_1_SUITE,t1,ok}},
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t11,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t21,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g2,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g3,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t31,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g4,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g4,[]},
+	{skipped,{require_failed,{name_in_use,common2_alias,common2}}}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,t41,
+			  {require_failed,{name_in_use,common2_alias,common2}}}},
+      {?eh,test_stats,{4,0,{0,1}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,end_per_group,
+	{require_failed,{name_in_use,common2_alias,common2}}}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g5,[]},ok}},
+      [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g6,[]},ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t61,ok}},
+       {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g6,[]},ok}}],
+      {?eh,tc_done,{group_require_1_SUITE,t51,ok}},
+      [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g7,[]},ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t71,ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t72,ok}},
+       {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g7,[]},ok}}],
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g5,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g8,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,
+		    {init_per_group,g8,[]},
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,t81,
+			 {require_failed,{not_available,non_existing}}}},
+      {?eh,test_stats,{8,0,{0,2}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,end_per_group,
+			 {require_failed,{not_available,non_existing}}}}],
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g9,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t91,
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,test_stats,{8,0,{0,3}}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g9,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g10,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t101,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g10,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g11,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t111,ok}},
+      {?eh,test_stats,{10,0,{0,3}}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g11,[]},ok}}],
+
+     {?eh,tc_done,{group_require_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(require_default) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,13}},
+     {?eh,tc_done,{group_require_1_SUITE,init_per_suite,ok}},
+     {?eh,tc_done,{group_require_1_SUITE,t1,ok}},
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t11,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t21,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g2,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g3,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t31,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g4,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,
+		    {init_per_group,g4,[]},
+		    {skipped,{require_failed,{not_available,common3}}}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,t41,
+			 {require_failed,{not_available,common3}}}},
+      {?eh,test_stats,{4,0,{0,1}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,end_per_group,
+			 {require_failed,{not_available,common3}}}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g5,[]},ok}},
+      [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g6,[]},ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t61,ok}},
+       {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g6,[]},ok}}],
+      {?eh,tc_done,{group_require_1_SUITE,t51,ok}},
+      [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g7,[]},ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t71,ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t72,ok}},
+       {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g7,[]},ok}}],
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g5,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g8,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,
+		    {init_per_group,g8,[]},
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,t81,
+			 {require_failed,{not_available,non_existing}}}},
+      {?eh,test_stats,{8,0,{0,2}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,end_per_group,
+			 {require_failed,{not_available,non_existing}}}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g9,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t91,
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,test_stats,{8,0,{0,3}}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g9,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g10,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t101,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g10,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g11,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t111,ok}},
+      {?eh,test_stats,{10,0,{0,3}}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g11,[]},ok}}],
+
+     {?eh,tc_done,{group_require_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(require_no_ips) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,13}},
+     {?eh,tc_done,{group_require_2_SUITE,t1,ok}},
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t11,ok}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t21,ok}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g2,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g3,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t31,ok}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g3,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g4,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g4,[]},
+	{skipped,{require_failed,{name_in_use,common2_alias,common2}}}}},
+      {?eh,tc_auto_skip,{group_require_2_SUITE,t41,
+			  {require_failed,{name_in_use,common2_alias,common2}}}},
+      {?eh,test_stats,{4,0,{0,1}}},
+      {?eh,tc_auto_skip,{group_require_2_SUITE,end_per_group,
+			 {require_failed,{name_in_use,common2_alias,common2}}}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g5,[]},ok}},
+      [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g6,[]},ok}},
+       {?eh,tc_done,{group_require_2_SUITE,t61,ok}},
+       {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g6,[]},ok}}],
+      {?eh,tc_done,{group_require_2_SUITE,t51,ok}},
+      [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g7,[]},ok}},
+       {?eh,tc_done,{group_require_2_SUITE,t71,ok}},
+       {?eh,tc_done,{group_require_2_SUITE,t72,ok}},
+       {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g7,[]},ok}}],
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g5,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g8,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,
+		    {init_per_group,g8,[]},
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,tc_auto_skip,{group_require_2_SUITE,t81,
+			 {require_failed,{not_available,non_existing}}}},
+      {?eh,test_stats,{8,0,{0,2}}},
+      {?eh,tc_auto_skip,{group_require_2_SUITE,end_per_group,
+			 {require_failed,{not_available,non_existing}}}}],
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g9,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t91,
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,test_stats,{8,0,{0,3}}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g9,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g10,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t101,ok}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g10,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g11,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t111,ok}},
+      {?eh,test_stats,{10,0,{0,3}}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g11,[]},ok}}],
+
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(require_no_ipg) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,13}},
+     {?eh,tc_done,{group_require_3_SUITE,t1,ok}},
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g1,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g1,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t11,ok}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g1,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g1,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g2,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g2,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t21,ok}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g2,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g2,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g3,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g3,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t31,ok}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g3,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g3,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g4,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g4,[{suite,group_require_3_SUITE}]},
+	{skipped,{require_failed,{name_in_use,common2_alias,common2}}}}},
+      {?eh,tc_auto_skip,{group_require_3_SUITE,t41,
+			 {require_failed,{name_in_use,common2_alias,common2}}}},
+      {?eh,test_stats,{4,0,{0,1}}},
+      {?eh,tc_auto_skip,{ct_framework,ct_end_per_group,
+			 {require_failed,{name_in_use,common2_alias,common2}}}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g5,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g5,[{suite,group_require_3_SUITE}]},ok}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g6,[{suite,group_require_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g6,[{suite,group_require_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_require_3_SUITE,t61,ok}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g6,[{suite,group_require_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g6,[{suite,group_require_3_SUITE}]},ok}}],
+      {?eh,tc_done,{group_require_3_SUITE,t51,ok}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g7,[{suite,group_require_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g7,[{suite,group_require_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_require_3_SUITE,t71,ok}},
+       {?eh,tc_done,{group_require_3_SUITE,t72,ok}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g7,[{suite,group_require_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g7,[{suite,group_require_3_SUITE}]},ok}}],
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g5,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g5,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g8,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g8,[{suite,group_require_3_SUITE}]},
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,tc_auto_skip,{group_require_3_SUITE,t81,
+			 {require_failed,{not_available,non_existing}}}},
+      {?eh,test_stats,{8,0,{0,2}}},
+      {?eh,tc_auto_skip,{ct_framework,ct_end_per_group,
+			 {require_failed,{not_available,non_existing}}}}],
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g9,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g9,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t91,
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,test_stats,{8,0,{0,3}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g9,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g9,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g10,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g10,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t101,ok}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g10,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g10,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g11,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g11,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t111,ok}},
+      {?eh,test_stats,{10,0,{0,3}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g11,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g11,[{suite,group_require_3_SUITE}]},ok}}],
+
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ].
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_require_1_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_require_1_SUITE.erl
new file mode 100644
index 0000000000..16df897752
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_require_1_SUITE.erl
@@ -0,0 +1,259 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_require_1_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+init_per_suite(Config) ->
+    ct:comment(io_lib:format("init( ~w ): ~p", [?MODULE, suite()])),
+    Config.
+
+end_per_suite(_Config) ->
+    ok.
+
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, Info])),
+    if Info /= [] -> verify_cfg(G); true -> ok end,
+    Config.
+
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("end( ~w )", [G])),
+    if Info /= [] -> verify_cfg(G); true -> ok end,
+    ok.
+
+init_per_testcase(t101, Config) ->
+    Config;
+init_per_testcase(t111, Config) ->
+    Config;
+init_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(t101, Config) ->
+    ok;
+end_per_testcase(t111, Config) ->
+    ok;
+end_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    ok.
+
+verify_cfg(undefined) ->
+    ok;
+verify_cfg(Name) ->
+    Key = list_to_atom(atom_to_list(Name) ++ "_cfg"),
+    Alias = list_to_atom(atom_to_list(Name) ++ "_cfg_alias"),
+    Val = list_to_atom(atom_to_list(Name) ++ "_cfg_val"),
+    ct:pal("Reading ~p & ~p. Expecting ~p.", [Key,Alias,Val]),
+    Val = ct:get_config(Key),
+    Val = ct:get_config(Alias),
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias).
+    
+    
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[t31]},
+     {g4,[],[t41]},
+
+     {g5,[],[{group,g6},t51,{group,g7}]},
+
+       {g6,[],[t61]},
+       {g7,[],[t71,t72]},
+
+     {g8,[],[t81]},
+     {g9,[],[t91]},
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     {group,g3},
+     {group,g4},
+     {group,g5},
+     {group,g8},
+     {group,g9},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{require,suite_cfg},
+	    {require,suite_cfg_alias,suite_cfg},
+	    {require,common1},
+	    {default_config,suite_cfg,suite_cfg_val},
+	    {default_config,common1,common1_val}].
+
+group(g1) -> [{require,g1_cfg},
+	      {require,g1_cfg_alias,g1_cfg},
+	      {default_config,g1_cfg,g1_cfg_val}];
+
+group(g2) -> [{require,g2_cfg},
+	      {require,g2_cfg_alias,g2_cfg},
+	      {require,common1},
+	      {require,common2},
+	      {default_config,g2_cfg,g2_cfg_val},
+	      {default_config,common1,common1_val},
+	      {default_config,common2,common2_val}];
+
+group(g3) -> [{require,g3_cfg},
+	      {require,g3_cfg_alias,g3_cfg},
+	      {require,common2},
+	      {require,common2_alias,common2},
+	      {default_config,g3_cfg,g3_cfg_val},
+	      {default_config,common2,common2_val}];
+
+group(g4) -> [{require,g4_cfg},
+	      {require,g4_cfg_alias,g4_cfg},
+	      {require,common2_alias,common3},
+	      {default_config,g4_cfg,g4_cfg_val}];
+
+group(g5) -> [{require,g5_cfg},
+	      {require,g5_cfg_alias,g5_cfg},
+	      {default_config,g5_cfg,g5_cfg_val}];
+
+group(g6) -> [{require,g6_cfg},
+	      {require,g6_cfg_alias,g6_cfg},
+	      {default_config,g6_cfg,g6_cfg_val}];
+
+group(g7) -> [{require,g7_cfg},
+	      {require,g7_cfg_alias,g7_cfg},
+	      {default_config,g7_cfg,g7_cfg_val}];
+
+group(g8) -> [{require,non_existing}];
+
+group(g9) -> [{require,g9_cfg},
+	      {require,g9_cfg_alias,g9_cfg},
+	      {default_config,g9_cfg,g9_cfg_val}];
+
+group(G) when G /= g11 -> [].
+
+t72() -> [{require,t72_cfg},
+	  {require,t72_cfg_alias,t72_cfg},
+	  {default_config,t72_cfg,t72_cfg_val}].
+
+t91() -> [{require,non_existing}].
+    
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t11(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias),
+    g1_cfg_val = ct:get_config(g1_cfg),
+    g1_cfg_val = ct:get_config(g1_cfg_alias).
+
+t21(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg_alias),
+    common1_val = ct:get_config(common1),
+    common2_val = ct:get_config(common2).
+
+t31(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg_alias),
+    common2_val = ct:get_config(common2),
+    common2_val = ct:get_config(common2_alias).
+
+t41(_) ->
+    exit(should_be_skipped).
+
+t51(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias).
+
+t61(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g6_cfg_val = ct:get_config(g6_cfg),
+    g6_cfg_val = ct:get_config(g6_cfg_alias).
+
+t71(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias).
+
+t72(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias),
+    t72_cfg_val = ct:get_config(t72_cfg).
+
+t81(_) ->
+    exit(should_be_skipped).
+
+t91(_) ->
+    exit(should_be_skipped).
+
+t101(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t111(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_require_2_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_require_2_SUITE.erl
new file mode 100644
index 0000000000..adb53ff564
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_require_2_SUITE.erl
@@ -0,0 +1,252 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_require_2_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, Info])),
+    if Info /= [] -> verify_cfg(G); true -> ok end,
+    Config.
+
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("end( ~w )", [G])),
+    if Info /= [] -> verify_cfg(G); true -> ok end,
+    ok.
+
+init_per_testcase(t101, Config) ->
+    Config;
+init_per_testcase(t111, Config) ->
+    Config;
+init_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(t101, Config) ->
+    ok;
+end_per_testcase(t111, Config) ->
+    ok;
+end_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    ok.
+
+verify_cfg(undefined) ->
+    ok;
+verify_cfg(Name) ->
+    Key = list_to_atom(atom_to_list(Name) ++ "_cfg"),
+    Alias = list_to_atom(atom_to_list(Name) ++ "_cfg_alias"),
+    Val = list_to_atom(atom_to_list(Name) ++ "_cfg_val"),
+    ct:pal("Reading ~p & ~p. Expecting ~p.", [Key,Alias,Val]),
+    Val = ct:get_config(Key),
+    Val = ct:get_config(Alias),
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias).
+    
+    
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[t31]},
+     {g4,[],[t41]},
+
+     {g5,[],[{group,g6},t51,{group,g7}]},
+
+       {g6,[],[t61]},
+       {g7,[],[t71,t72]},
+
+     {g8,[],[t81]},
+     {g9,[],[t91]},
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     {group,g3},
+     {group,g4},
+     {group,g5},
+     {group,g8},
+     {group,g9},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{require,suite_cfg},
+	    {require,suite_cfg_alias,suite_cfg},
+	    {require,common1},
+	    {default_config,suite_cfg,suite_cfg_val},
+	    {default_config,common1,common1_val}].
+
+group(g1) -> [{require,g1_cfg},
+	      {require,g1_cfg_alias,g1_cfg},
+	      {default_config,g1_cfg,g1_cfg_val}];
+
+group(g2) -> [{require,g2_cfg},
+	      {require,g2_cfg_alias,g2_cfg},
+	      {require,common1},
+	      {require,common2},
+	      {default_config,g2_cfg,g2_cfg_val},
+	      {default_config,common1,common1_val},
+	      {default_config,common2,common2_val}];
+
+group(g3) -> [{require,g3_cfg},
+	      {require,g3_cfg_alias,g3_cfg},
+	      {require,common2},
+	      {require,common2_alias,common2},
+	      {default_config,g3_cfg,g3_cfg_val},
+	      {default_config,common2,common2_val}];
+
+group(g4) -> [{require,g4_cfg},
+	      {require,g4_cfg_alias,g4_cfg},
+	      {require,common2_alias,common3},
+	      {default_config,g4_cfg,g4_cfg_val}];
+
+group(g5) -> [{require,g5_cfg},
+	      {require,g5_cfg_alias,g5_cfg},
+	      {default_config,g5_cfg,g5_cfg_val}];
+
+group(g6) -> [{require,g6_cfg},
+	      {require,g6_cfg_alias,g6_cfg},
+	      {default_config,g6_cfg,g6_cfg_val}];
+
+group(g7) -> [{require,g7_cfg},
+	      {require,g7_cfg_alias,g7_cfg},
+	      {default_config,g7_cfg,g7_cfg_val}];
+
+group(g8) -> [{require,non_existing}];
+
+group(g9) -> [{require,g9_cfg},
+	      {require,g9_cfg_alias,g9_cfg},
+	      {default_config,g9_cfg,g9_cfg_val}];
+
+group(G) when G /= g11 -> [].
+
+t72() -> [{require,t72_cfg},
+	  {require,t72_cfg_alias,t72_cfg},
+	  {default_config,t72_cfg,t72_cfg_val}].
+
+t91() -> [{require,non_existing}].
+    
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t11(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias),
+    g1_cfg_val = ct:get_config(g1_cfg),
+    g1_cfg_val = ct:get_config(g1_cfg_alias).
+
+t21(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg_alias),
+    common1_val = ct:get_config(common1),
+    common2_val = ct:get_config(common2).
+
+t31(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg_alias),
+    common2_val = ct:get_config(common2),
+    common2_val = ct:get_config(common2_alias).
+
+t41(_) ->
+    exit(should_be_skipped).
+
+t51(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias).
+
+t61(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g6_cfg_val = ct:get_config(g6_cfg),
+    g6_cfg_val = ct:get_config(g6_cfg_alias).
+
+t71(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias).
+
+t72(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias),
+    t72_cfg_val = ct:get_config(t72_cfg).
+
+t81(_) ->
+    exit(should_be_skipped).
+
+t91(_) ->
+    exit(should_be_skipped).
+
+t101(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t111(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_require_3_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_require_3_SUITE.erl
new file mode 100644
index 0000000000..1f2dfd2a30
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_require_3_SUITE.erl
@@ -0,0 +1,241 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_require_3_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+%% init_per_suite(Config) ->
+%%     Config.
+%% end_per_suite(_) ->
+%%     ok.
+
+init_per_testcase(t101, Config) ->
+    Config;
+init_per_testcase(t111, Config) ->
+    Config;
+init_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(t101, _Config) ->
+    ok;
+end_per_testcase(t111, _Config) ->
+    ok;
+end_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    ok.
+
+verify_cfg(undefined) ->
+    ok;
+verify_cfg(Name) ->
+    Key = list_to_atom(atom_to_list(Name) ++ "_cfg"),
+    Alias = list_to_atom(atom_to_list(Name) ++ "_cfg_alias"),
+    Val = list_to_atom(atom_to_list(Name) ++ "_cfg_val"),
+    ct:pal("Reading ~p & ~p. Expecting ~p.", [Key,Alias,Val]),
+    Val = ct:get_config(Key),
+    Val = ct:get_config(Alias),
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias).
+    
+    
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[t31]},
+     {g4,[],[t41]},
+
+     {g5,[],[{group,g6},t51,{group,g7}]},
+
+       {g6,[],[t61]},
+       {g7,[],[t71,t72]},
+
+     {g8,[],[t81]},
+     {g9,[],[t91]},
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     {group,g3},
+     {group,g4},
+     {group,g5},
+     {group,g8},
+     {group,g9},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{require,suite_cfg},
+	    {require,suite_cfg_alias,suite_cfg},
+	    {require,common1},
+	    {default_config,suite_cfg,suite_cfg_val},
+	    {default_config,common1,common1_val}].
+
+group(g1) -> [{require,g1_cfg},
+	      {require,g1_cfg_alias,g1_cfg},
+	      {default_config,g1_cfg,g1_cfg_val}];
+
+group(g2) -> [{require,g2_cfg},
+	      {require,g2_cfg_alias,g2_cfg},
+	      {require,common1},
+	      {require,common2},
+	      {default_config,g2_cfg,g2_cfg_val},
+	      {default_config,common1,common1_val},
+	      {default_config,common2,common2_val}];
+
+group(g3) -> [{require,g3_cfg},
+	      {require,g3_cfg_alias,g3_cfg},
+	      {require,common2},
+	      {require,common2_alias,common2},
+	      {default_config,g3_cfg,g3_cfg_val},
+	      {default_config,common2,common2_val}];
+
+group(g4) -> [{require,g4_cfg},
+	      {require,g4_cfg_alias,g4_cfg},
+	      {require,common2_alias,common3},
+	      {default_config,g4_cfg,g4_cfg_val}];
+
+group(g5) -> [{require,g5_cfg},
+	      {require,g5_cfg_alias,g5_cfg},
+	      {default_config,g5_cfg,g5_cfg_val}];
+
+group(g6) -> [{require,g6_cfg},
+	      {require,g6_cfg_alias,g6_cfg},
+	      {default_config,g6_cfg,g6_cfg_val}];
+
+group(g7) -> [{require,g7_cfg},
+	      {require,g7_cfg_alias,g7_cfg},
+	      {default_config,g7_cfg,g7_cfg_val}];
+
+group(g8) -> [{require,non_existing}];
+
+group(g9) -> [{require,g9_cfg},
+	      {require,g9_cfg_alias,g9_cfg},
+	      {default_config,g9_cfg,g9_cfg_val}];
+
+group(G) when G /= g11 -> [].
+
+t72() -> [{require,t72_cfg},
+	  {require,t72_cfg_alias,t72_cfg},
+	  {default_config,t72_cfg,t72_cfg_val}].
+
+t91() -> [{require,non_existing}].
+    
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t11(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias),
+    g1_cfg_val = ct:get_config(g1_cfg),
+    g1_cfg_val = ct:get_config(g1_cfg_alias).
+
+t21(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg_alias),
+    common1_val = ct:get_config(common1),
+    common2_val = ct:get_config(common2).
+
+t31(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg_alias),
+    common2_val = ct:get_config(common2),
+    common2_val = ct:get_config(common2_alias).
+
+t41(_) ->
+    exit(should_be_skipped).
+
+t51(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias).
+
+t61(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g6_cfg_val = ct:get_config(g6_cfg),
+    g6_cfg_val = ct:get_config(g6_cfg_alias).
+
+t71(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias).
+
+t72(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias),
+    t72_cfg_val = ct:get_config(t72_cfg).
+
+t81(_) ->
+    exit(should_be_skipped).
+
+t91(_) ->
+    exit(should_be_skipped).
+
+t101(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t111(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_1_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_1_SUITE.erl
new file mode 100644
index 0000000000..0a81edf729
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_1_SUITE.erl
@@ -0,0 +1,191 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_timetrap_1_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+init_per_suite(Config) ->
+    ct:comment(io_lib:format("init( ~w ): ~p", [?MODULE, suite()])),
+    Config.
+
+end_per_suite(_Config) ->
+    ok.
+
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, Info])),
+    Config.
+
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("end( ~w )", [G])),
+    ok.
+
+init_per_testcase(TestCase, Config) ->
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(_TestCase, _Config) ->
+    ok.
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[{group,g4},t31,{group,g5}]},
+
+       {g4,[],[t41]},
+       {g5,[],[t51]},
+
+     {g6,[],[t61]},
+     {g7,[],[{group,g8},t71,{group,g9}]},
+
+       {g8,[],[t81]},
+       {g9,[],[t91]},
+
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     t2,
+     {group,g3},
+     t3,
+     {group,g6},
+     {group,g7},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{timetrap,1000}].
+
+group(g1) -> [{timetrap,500}];
+
+group(g2) -> [{timetrap,1500}];
+
+group(g3) -> [{timetrap,500}];
+
+group(g4) -> [{timetrap,250}];
+
+group(g5) -> [{timetrap,1500}];
+
+group(g6) -> [{timetrap,250}];
+
+group(g7) -> [{timetrap,250}];
+
+group(g8) -> [{timetrap,250}];
+
+group(G) when G /= g11 -> [].
+
+t3() -> [{timetrap,250}].
+
+t61() -> [{timetrap,500}].
+
+t71() -> [{timetrap,500}].
+
+t81() -> [{timetrap,750}].
+
+t91() -> [{timetrap,250}].
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t11(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t21(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t2(_) ->
+    ct:sleep(1250),
+    exit(should_timeout).
+
+t31(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t41(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t51(_) ->
+    ct:sleep(2000),
+    exit(should_timeout).
+
+t3(_) ->
+    ct:sleep(500),
+    exit(should_timeout).
+
+t61(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t71(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t81(_) ->
+    ct:sleep(1000),
+    exit(should_timeout).
+
+t91(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t101(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+t111(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_2_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_2_SUITE.erl
new file mode 100644
index 0000000000..1ebe8bd510
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_2_SUITE.erl
@@ -0,0 +1,184 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_timetrap_2_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, Info])),
+    Config.
+
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("end( ~w )", [G])),
+    ok.
+
+init_per_testcase(TestCase, Config) ->
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(_TestCase, _Config) ->
+    ok.
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[{group,g4},t31,{group,g5}]},
+
+       {g4,[],[t41]},
+       {g5,[],[t51]},
+
+     {g6,[],[t61]},
+     {g7,[],[{group,g8},t71,{group,g9}]},
+
+       {g8,[],[t81]},
+       {g9,[],[t91]},
+
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     t2,
+     {group,g3},
+     t3,
+     {group,g6},
+     {group,g7},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{timetrap,1000}].
+
+group(g1) -> [{timetrap,500}];
+
+group(g2) -> [{timetrap,1500}];
+
+group(g3) -> [{timetrap,500}];
+
+group(g4) -> [{timetrap,250}];
+
+group(g5) -> [{timetrap,1500}];
+
+group(g6) -> [{timetrap,250}];
+
+group(g7) -> [{timetrap,250}];
+
+group(g8) -> [{timetrap,250}];
+
+group(G) when G /= g11 -> [].
+
+t3() -> [{timetrap,250}].
+
+t61() -> [{timetrap,500}].
+
+t71() -> [{timetrap,500}].
+
+t81() -> [{timetrap,750}].
+
+t91() -> [{timetrap,250}].
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t11(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t21(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t2(_) ->
+    ct:sleep(1250),
+    exit(should_timeout).
+
+t31(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t41(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t51(_) ->
+    ct:sleep(2000),
+    exit(should_timeout).
+
+t3(_) ->
+    ct:sleep(500),
+    exit(should_timeout).
+
+t61(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t71(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t81(_) ->
+    ct:sleep(1000),
+    exit(should_timeout).
+
+t91(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t101(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+t111(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_3_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_3_SUITE.erl
new file mode 100644
index 0000000000..66d29802e2
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_3_SUITE.erl
@@ -0,0 +1,171 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_timetrap_3_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+init_per_testcase(TestCase, Config) ->
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(_TestCase, _Config) ->
+    ok.
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[{group,g4},t31,{group,g5}]},
+
+       {g4,[],[t41]},
+       {g5,[],[t51]},
+
+     {g6,[],[t61]},
+     {g7,[],[{group,g8},t71,{group,g9}]},
+
+       {g8,[],[t81]},
+       {g9,[],[t91]},
+
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     t2,
+     {group,g3},
+     t3,
+     {group,g6},
+     {group,g7},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{timetrap,1000}].
+
+group(g1) -> [{timetrap,500}];
+
+group(g2) -> [{timetrap,1500}];
+
+group(g3) -> [{timetrap,500}];
+
+group(g4) -> [{timetrap,250}];
+
+group(g5) -> [{timetrap,1500}];
+
+group(g6) -> [{timetrap,250}];
+
+group(g7) -> [{timetrap,250}];
+
+group(g8) -> [{timetrap,250}];
+
+group(G) when G /= g11 -> [].
+
+t3() -> [{timetrap,250}].
+
+t61() -> [{timetrap,500}].
+
+t71() -> [{timetrap,500}].
+
+t81() -> [{timetrap,750}].
+
+t91() -> [{timetrap,250}].
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t11(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t21(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t2(_) ->
+    ct:sleep(1250),
+    exit(should_timeout).
+
+t31(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t41(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t51(_) ->
+    ct:sleep(2000),
+    exit(should_timeout).
+
+t3(_) ->
+    ct:sleep(500),
+    exit(should_timeout).
+
+t61(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t71(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t81(_) ->
+    ct:sleep(1000),
+    exit(should_timeout).
+
+t91(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t101(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+t111(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/vars.cfg b/lib/common_test/test/ct_group_info_SUITE_data/vars.cfg
new file mode 100644
index 0000000000..8a1960d121
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/vars.cfg
@@ -0,0 +1,19 @@
+{suite_cfg,suite_cfg_val}.
+{g1_cfg,g1_cfg_val}.
+{g2_cfg,g2_cfg_val}.
+{g3_cfg,g3_cfg_val}.
+{g4_cfg,g4_cfg_val}.
+{g5_cfg,g5_cfg_val}.
+{g6_cfg,g6_cfg_val}.
+{g7_cfg,g7_cfg_val}.
+{g8_cfg,g8_cfg_val}.
+{g9_cfg,g9_cfg_val}.
+{g10_cfg,g10_cfg_val}.
+{g11_cfg,g11_cfg_val}.
+
+{t72_cfg,t72_cfg_val}.
+{t91_cfg,t91_cfg_val}.
+
+{common1,common1_val}.
+{common2,common2_val}.
+{common3,common3_val}.
diff --git a/lib/common_test/test/ct_groups_spec_SUITE.erl b/lib/common_test/test/ct_groups_spec_SUITE.erl
new file mode 100644
index 0000000000..5a6d5ac0ac
--- /dev/null
+++ b/lib/common_test/test/ct_groups_spec_SUITE.erl
@@ -0,0 +1,586 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%%-------------------------------------------------------------------
+%%% File: ct_groups_spec_SUITE
+%%%
+%%% Description: 
+%%% Test that overriding default group properties with group terms
+%%% in all/0 and in test specifications works as expected.
+%%%
+%%%-------------------------------------------------------------------
+-module(ct_groups_spec_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("common_test/include/ct_event.hrl").
+
+-define(eh, ct_test_support_eh).
+
+%%--------------------------------------------------------------------
+%% TEST SERVER CALLBACK FUNCTIONS
+%%--------------------------------------------------------------------
+
+%%--------------------------------------------------------------------
+%% Description: Since Common Test starts another Test Server
+%% instance, the tests need to be performed on a separate node (or
+%% there will be clashes with logging processes etc).
+%%--------------------------------------------------------------------
+init_per_suite(Config) ->
+    Config1 = ct_test_support:init_per_suite(Config),
+    Config1.
+
+end_per_suite(Config) ->
+    ct_test_support:end_per_suite(Config).
+
+init_per_testcase(TestCase, Config) ->
+    ct_test_support:init_per_testcase(TestCase, Config).
+
+end_per_testcase(TestCase, Config) ->
+    ct_test_support:end_per_testcase(TestCase, Config).
+
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() -> 
+    [
+     simple_group_opt,
+     simple_group_case_opt,
+     override_with_all,
+     override_with_spec
+    ].
+
+%%--------------------------------------------------------------------
+%% TEST CASES
+%%--------------------------------------------------------------------
+
+%%%-----------------------------------------------------------------
+%%% 
+simple_group_opt(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "groups_spec_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},{group,[g1,g5]},
+			  {label,simple_group_opt}], Config),
+    ok = execute(simple_group_opt, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+simple_group_case_opt(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "groups_spec_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},{group,g5},{testcase,[t52,t54]},
+			  {label,simple_group_case_opt}], Config),
+    ok = execute(simple_group_case_opt, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+override_with_all(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "groups_spec_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},{label,override_with_all}], Config),
+    ok = execute(override_with_all, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+override_with_spec(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Spec = filename:join(DataDir, "override.spec"),
+    {Opts,ERPid} = setup([{spec,Spec},{label,override_with_spec}], Config),
+    ok = execute(override_with_spec, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% HELP FUNCTIONS
+%%%-----------------------------------------------------------------
+
+setup(Test, Config) ->
+    Opts0 = ct_test_support:get_opts(Config),
+    Level = ?config(trace_level, Config),
+    EvHArgs = [{cbm,ct_test_support},{trace_level,Level}],
+    Opts = Opts0 ++ [{event_handler,{?eh,EvHArgs}}|Test],
+    ERPid = ct_test_support:start_event_receiver(Config),
+    {Opts,ERPid}.
+
+execute(Name, Opts, ERPid, Config) ->
+    ok = ct_test_support:run(Opts, Config),
+    Events = ct_test_support:get_events(ERPid, Config),
+
+    ct_test_support:log_events(Name, 
+			       reformat(Events, ?eh),
+			       ?config(priv_dir, Config),
+			       Opts),
+
+    TestEvents = events_to_check(Name),
+    ct_test_support:verify_events(TestEvents, Events, Config).
+
+reformat(Events, EH) ->
+    ct_test_support:reformat(Events, EH).
+
+%%%-----------------------------------------------------------------
+%%% TEST EVENTS
+%%%-----------------------------------------------------------------
+events_to_check(Test) ->
+    %% 2 tests (ct:run_test + script_start) is default
+    events_to_check(Test, 2).
+
+events_to_check(_, 0) ->
+    [];
+events_to_check(Test, N) ->
+    test_events(Test) ++ events_to_check(Test, N-1).
+
+
+test_events(simple_group_opt) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,start_info,{1,1,7}},
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t13,ok}},
+      {?eh,test_stats,{2,1,{0,0}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]},ok}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[]},ok}},
+
+       {parallel,
+	[{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]},ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t51}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t51,ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t52}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t53}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t53,{failed,{error,crashes}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t54}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t54,ok}},
+	 {?eh,test_stats,{4,3,{0,0}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]},ok}}]},
+
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[]},ok}}],
+
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]},ok}}],
+
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(simple_group_case_opt) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,start_info,{1,1,2}},
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]},ok}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[]},ok}},
+
+       {parallel,
+	[{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]},ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t52}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t54}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t54,ok}},
+	 {?eh,test_stats,{1,1,{0,0}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]},ok}}]},
+
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[]},ok}}],
+
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]},ok}}],
+
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(override_with_all) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,start_info,{1,1,45}},
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+
+     %% TEST: {group,g1,default}
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t13,ok}},
+      {?eh,test_stats,{2,1,{0,0}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     %% TEST: {group,g1,[sequence]}
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t13,{failed,{groups_spec_1_SUITE,t12}}}},
+      {?eh,test_stats,{3,2,{0,1}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]},ok}}],
+
+     %% TEST: {group,g1,[parallel],[]}
+     {parallel,
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[parallel]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[parallel]},ok}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t11}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t12}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t13}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t13,ok}},
+       {?eh,test_stats,{5,3,{0,1}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[parallel]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[parallel]},ok}}]},
+
+     %% TEST: {group,g2,[],[]}
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t21,ok}},
+      {?eh,test_stats,{6,3,{0,1}}},
+
+      {parallel,
+       [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[parallel]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[parallel]},ok}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t31}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t32}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t33}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t33,ok}},
+	{?eh,test_stats,{8,4,{0,1}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[parallel]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[parallel]},ok}}]},
+
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,test_stats,{8,5,{0,1}}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t41,ok}},
+       {?eh,test_stats,{9,5,{0,1}}},
+
+       {parallel,
+	[{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]},ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t51}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t51,ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t52}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t53}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t53,{failed,{error,crashes}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t54}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t54,ok}},
+	 {?eh,test_stats,{11,7,{0,1}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]},ok}}]},
+
+       {?eh,tc_done,{groups_spec_1_SUITE,t42,{failed,{error,crashes}}}},
+       {?eh,test_stats,{11,8,{0,1}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[]},ok}}],
+
+      {?eh,tc_done,{groups_spec_1_SUITE,t23,ok}},
+      {?eh,test_stats,{12,8,{0,1}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[]},ok}}],
+
+     %% TEST: {group,g2,default,[{g3,[sequence]}]}
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t21,ok}},
+      {?eh,test_stats,{13,8,{0,1}}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+       {?eh,tc_auto_skip,{groups_spec_1_SUITE,t33,{failed,{groups_spec_1_SUITE,t32}}}},
+       {?eh,test_stats,{14,9,{0,2}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]},ok}}],
+
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t41,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t51,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t52,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t53,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t54,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t42,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t23,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,test_stats,{14,10,{0,9}}},
+
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]},ok}}],
+
+     %% TEST: {group,g2,[],[{g4,[sequence],[{g5,[sequence]}]},{g3,[sequence]}]}
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t21,ok}},
+      {?eh,test_stats,{15,10,{0,9}}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+       {?eh,tc_auto_skip,{groups_spec_1_SUITE,t33,{failed,{groups_spec_1_SUITE,t32}}}},
+       {?eh,test_stats,{16,11,{0,10}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]},ok}}],
+
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,test_stats,{16,12,{0,10}}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t41,ok}},
+       {?eh,test_stats,{17,12,{0,10}}},
+
+       [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[sequence]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[sequence]},ok}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t51,ok}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	{?eh,tc_auto_skip,{groups_spec_1_SUITE,t53,{failed,{groups_spec_1_SUITE,t52}}}},
+	{?eh,tc_auto_skip,{groups_spec_1_SUITE,t54,{failed,{groups_spec_1_SUITE,t52}}}},
+	{?eh,test_stats,{18,13,{0,12}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[sequence]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[sequence]},ok}}],
+
+       {?eh,tc_done,{groups_spec_1_SUITE,t42,{failed,{error,crashes}}}},
+       {?eh,test_stats,{18,14,{0,12}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[sequence]},ok}}],
+
+      {?eh,tc_done,{groups_spec_1_SUITE,t23,ok}},
+      {?eh,test_stats,{19,14,{0,12}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[]},ok}}],
+
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(override_with_spec) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,start_info,{7,4,49}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, {g1,default}}.
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t13,ok}},
+      {?eh,test_stats,{2,1,{0,0}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, [{g1,[sequence]},
+     %%                                           {g1,[parallel],[]}]}.
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t13,{failed,{groups_spec_1_SUITE,t12}}}},
+      {?eh,test_stats,{3,2,{0,1}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]},ok}}],
+     {parallel,
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[parallel]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[parallel]},ok}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t11}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t12}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t13}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t13,ok}},
+       {?eh,test_stats,{5,3,{0,1}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[parallel]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[parallel]},ok}}]},
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, {g2,[],[]}}.
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_start,{groups_spec_1_SUITE,t21}},
+      {?eh,test_stats,{6,3,{0,1}}},
+      {parallel,
+       [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[parallel]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[parallel]},ok}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t31}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t32}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t33}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t33,ok}},
+	{?eh,test_stats,{8,4,{0,1}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[parallel]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[parallel]},ok}}]},
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,test_stats,{8,5,{0,1}}},
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t41,ok}},
+       {?eh,test_stats,{9,5,{0,1}}},
+       {parallel,
+	[{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]},ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t51}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t51,ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t52}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t53}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t53,{failed,{error,crashes}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t54}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t54,ok}},
+	 {?eh,test_stats,{11,7,{0,1}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]},ok}}]},
+       {?eh,tc_done,{groups_spec_1_SUITE,t42,{failed,{error,crashes}}}},
+       {?eh,test_stats,{11,8,{0,1}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_done,{groups_spec_1_SUITE,t23,ok}},
+      {?eh,test_stats,{12,8,{0,1}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, {g2,default,[{g3,[sequence]}]}}
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t21,ok}},
+      {?eh,test_stats,{13,8,{0,1}}},
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+       {?eh,tc_auto_skip,{groups_spec_1_SUITE,t33,{failed,{groups_spec_1_SUITE,t32}}}},
+       {?eh,test_stats,{14,9,{0,2}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]},ok}}],
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t41,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t51,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t52,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t53,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t54,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t42,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t23,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,test_stats,{14,10,{0,9}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE,
+     %%        {g2,[],[{g4,[sequence],[{g5,[sequence]}]},{g3,[sequence]}]}}.
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t21,ok}},
+      {?eh,test_stats,{15,10,{0,9}}},
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+       {?eh,tc_auto_skip,{groups_spec_1_SUITE,t33,{failed,{groups_spec_1_SUITE,t32}}}},
+       {?eh,test_stats,{16,11,{0,10}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]},ok}}],
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,test_stats,{16,12,{0,10}}},
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t41,ok}},
+       {?eh,test_stats,{17,12,{0,10}}},
+       [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[sequence]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[sequence]},ok}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t51,ok}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	{?eh,tc_auto_skip,{groups_spec_1_SUITE,t53,{failed,{groups_spec_1_SUITE,t52}}}},
+	{?eh,tc_auto_skip,{groups_spec_1_SUITE,t54,{failed,{groups_spec_1_SUITE,t52}}}},
+	{?eh,test_stats,{18,13,{0,12}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[sequence]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[sequence]},ok}}],
+       {?eh,tc_done,{groups_spec_1_SUITE,t42,{failed,{error,crashes}}}},
+       {?eh,test_stats,{18,14,{0,12}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[sequence]},ok}}],
+      {?eh,tc_done,{groups_spec_1_SUITE,t23,ok}},
+      {?eh,test_stats,{19,14,{0,12}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, {g1,[sequence]}, {cases,[t12,t13]}}
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t13,{failed,{groups_spec_1_SUITE,t12}}}},
+      {?eh,test_stats,{19,15,{0,13}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, {g5,[]}, {cases,[t53,t54]}}
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]},ok}},
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[]},ok}},
+       [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[]},ok}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t53,{failed,{error,crashes}}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t54,ok}},
+	{?eh,test_stats,{20,16,{0,13}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[]},ok}}],
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ].
+
diff --git a/lib/common_test/test/ct_groups_spec_SUITE_data/groups_spec_1_SUITE.erl b/lib/common_test/test/ct_groups_spec_SUITE_data/groups_spec_1_SUITE.erl
new file mode 100644
index 0000000000..ae6065bae4
--- /dev/null
+++ b/lib/common_test/test/ct_groups_spec_SUITE_data/groups_spec_1_SUITE.erl
@@ -0,0 +1,124 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(groups_spec_1_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+%%--------------------------------------------------------------------
+%% INFO FUNCS
+%%--------------------------------------------------------------------
+suite() ->
+    [{timetrap,1000}].
+
+group(_) ->
+    [{timetrap,2000}].
+
+%%--------------------------------------------------------------------
+%% CONFIG FUNCS
+%%--------------------------------------------------------------------
+init_per_suite(Config) ->
+    Config.
+
+end_per_suite(_Config) ->
+    ok.
+
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, GrProps1])),
+    ct:pal("init( ~w ): ~p", [G, GrProps1]),
+    Config.
+
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("end( ~w ): ~p", [G, GrProps1])),
+    ct:pal("end( ~w ): ~p", [G, GrProps1]),
+    ok.
+
+init_per_testcase(_TestCase, Config) ->
+    Config.
+
+end_per_testcase(_TestCase, _Config) ->
+    ok.
+
+%%--------------------------------------------------------------------
+%% TEST DECLARATIONS
+%%--------------------------------------------------------------------
+
+groups() ->
+    [
+     {g1,[],[t11,t12,t13]},
+     {g2,[sequence],[t21,{group,g3},t22,{group,g4},t23]},
+     {g3,[parallel],[t31,t32,t33]},
+     {g4,[],[t41,{group,g5},t42]},
+     {g5,[parallel],[t51,t52,t53,t54]}
+    ].
+
+all() -> 
+    [
+     {group,g1,default},
+     {group,g1,[sequence]},
+     {group,g1,[parallel],[]},
+     
+     {group,g2,[],[]},
+     {group,g2,default,[{g3,[sequence]}]},
+     {group,g2,[],[{g4,[sequence],[{g5,[sequence]}]},{g3,[sequence]}]}
+    ].
+
+%%-----------------------------------------------------------------
+%% TEST CASES
+%%-----------------------------------------------------------------
+
+t11(_) ->
+    ok.
+t12(_) ->
+    exit(crashes).
+t13(_) ->
+    ok.
+
+t21(_) ->
+    ok.
+t22(_) ->
+    exit(crashes).
+t23(_) ->
+    ok.
+
+t31(_) ->
+    ok.
+t32(_) ->
+    exit(crashes).
+t33(_) ->
+    ok.
+
+t41(_) ->
+    ok.	
+t42(_) ->
+    exit(crashes).
+
+t51(_) ->
+    ok.
+t52(_) ->
+    ct:sleep(3000).
+t53(_) ->
+    exit(crashes).
+t54(_) ->
+    ok.
diff --git a/lib/common_test/test/ct_groups_spec_SUITE_data/override.spec b/lib/common_test/test/ct_groups_spec_SUITE_data/override.spec
new file mode 100644
index 0000000000..1bfc6405c9
--- /dev/null
+++ b/lib/common_test/test/ct_groups_spec_SUITE_data/override.spec
@@ -0,0 +1,15 @@
+{merge_tests,false}.
+
+{alias,dir,"."}.
+
+{groups, dir, groups_spec_1_SUITE, {g1,default}}.
+{groups, dir, groups_spec_1_SUITE, [{g1,[sequence]},
+				    {g1,[parallel],[]}]}.
+
+{groups, dir, groups_spec_1_SUITE, {g2,[],[]}}.
+{groups, dir, groups_spec_1_SUITE, {g2,default,[{g3,[sequence]}]}}.
+{groups, dir, groups_spec_1_SUITE, {g2,[],[{g4,[sequence],[{g5,[sequence]}]},
+					   {g3,[sequence]}]}}.
+
+{groups, dir, groups_spec_1_SUITE, {g1,[sequence]}, {cases,[t12,t13]}}.
+{groups, dir, groups_spec_1_SUITE, {g5,[]}, {cases,[t53,t54]}}.
diff --git a/lib/common_test/test/ct_groups_test_2_SUITE.erl b/lib/common_test/test/ct_groups_test_2_SUITE.erl
index 940d791b15..2392b0b850 100644
--- a/lib/common_test/test/ct_groups_test_2_SUITE.erl
+++ b/lib/common_test/test/ct_groups_test_2_SUITE.erl
@@ -171,16 +171,16 @@ test_events(missing_conf) ->
      {?eh,start_logging,{'DEF','RUNDIR'}},
      {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
      {?eh,start_info,{1,1,2}},
-     {?eh,tc_start,{ct_framework,ct_init_per_group}},
-     {?eh,tc_done,{ct_framework,ct_init_per_group,ok}},
+     {?eh,tc_start,{ct_framework,{ct_init_per_group,group1,[]}}},
+     {?eh,tc_done,{ct_framework,{ct_init_per_group,group1,[]},ok}},
      {?eh,tc_start,{missing_conf_SUITE,tc1}},
      {?eh,tc_done,{missing_conf_SUITE,tc1,ok}},
      {?eh,test_stats,{1,0,{0,0}}},
      {?eh,tc_start,{missing_conf_SUITE,tc2}},
      {?eh,tc_done,{missing_conf_SUITE,tc2,ok}},
      {?eh,test_stats,{2,0,{0,0}}},
-     {?eh,tc_start,{ct_framework,ct_end_per_group}},
-     {?eh,tc_done,{ct_framework,ct_end_per_group,ok}},
+     {?eh,tc_start,{ct_framework,{ct_end_per_group,group1,[]}}},
+     {?eh,tc_done,{ct_framework,{ct_end_per_group,group1,[]},ok}},
      {?eh,test_done,{'DEF','STOP_TIME'}},
      {?eh,stop_logging,[]}
     ];
diff --git a/lib/common_test/test/ct_hooks_SUITE.erl b/lib/common_test/test/ct_hooks_SUITE.erl
index 5c99f0f9f7..2c519f08b5 100644
--- a/lib/common_test/test/ct_hooks_SUITE.erl
+++ b/lib/common_test/test/ct_hooks_SUITE.erl
@@ -1046,29 +1046,34 @@ test_events(prio_cth) ->
 		     [900],[900,900],[500,900],[1000],[1200,1050],
 		     [1100],[1200]]) ++
 	     GenPost(post_end_per_testcase,
-		     [[1100,100],[600,200],[600,600],[600],[700],[800],
-		      [900],[900,900],[500,900],[1000],[1200,1050],
-		      [1100],[1200]]) ++
+		     lists:reverse(
+		       [[1100,100],[600,200],[600,600],[600],[700],[800],
+			[900],[900,900],[500,900],[1000],[1200,1050],
+			[1100],[1200]])) ++
 	     [{?eh,tc_done,{ct_cth_prio_SUITE,test_case,ok}},
 
 	      {?eh,tc_start,{ct_cth_prio_SUITE,{end_per_group,'_',[]}}}] ++
 	     GenPre(pre_end_per_group, 
-		    [[1100,100],[600,200],[600,600],[600],[700],[800],
-		     [900],[900,900],[500,900],[1000],[1200,1050],
-		     [1100],[1200]]) ++
+		    lists:reverse(
+		      [[1100,100],[600,200],[600,600],[600],[700],[800],
+		       [900],[900,900],[500,900],[1000],[1200,1050],
+		       [1100],[1200]])) ++
 	     GenPost(post_end_per_group,
-		     [[1100,100],[600,200],[600,600],[600],[700],[800],
-		      [900],[900,900],[500,900],[1000],[1200,1050],
-		      [1100],[1200]]) ++
+		     lists:reverse(
+		       [[1100,100],[600,200],[600,600],[600],[700],[800],
+			[900],[900,900],[500,900],[1000],[1200,1050],
+			[1100],[1200]])) ++
 	     [{?eh,tc_done,{ct_cth_prio_SUITE,{end_per_group,'_',[]},ok}}],
 
 	 {?eh,tc_start,{ct_cth_prio_SUITE,end_per_suite}}] ++
 	GenPre(pre_end_per_suite,
-	       [[1100,100],[600,200],[600,600],[700],[800],[900],[1000],
-		[1200,1050],[1100],[1200]]) ++
+	       lists:reverse(
+		 [[1100,100],[600,200],[600,600],[700],[800],[900],[1000],
+		  [1200,1050],[1100],[1200]])) ++
 	GenPost(post_end_per_suite,
-		[[1100,100],[600,200],[600,600],[700],[800],[900],[1000],
-		[1200,1050],[1100],[1200]]) ++
+		lists:reverse(
+		  [[1100,100],[600,200],[600,600],[700],[800],[900],[1000],
+		   [1200,1050],[1100],[1200]])) ++
 	[{?eh,tc_done,{ct_cth_prio_SUITE,end_per_suite,ok}},
 	 {?eh,test_done,{'DEF','STOP_TIME'}},
 	 {?eh,stop_logging,[]}];
diff --git a/lib/common_test/test/ct_repeat_1_SUITE_data/repeat_1_SUITE.erl b/lib/common_test/test/ct_repeat_1_SUITE_data/repeat_1_SUITE.erl
index fb8d31edd4..4c5b880e39 100644
--- a/lib/common_test/test/ct_repeat_1_SUITE_data/repeat_1_SUITE.erl
+++ b/lib/common_test/test/ct_repeat_1_SUITE_data/repeat_1_SUITE.erl
@@ -1,11 +1,21 @@
-%%%-------------------------------------------------------------------
-%%% @author Peter Andersson <[email protected]>
-%%% @copyright (C) 2010, Peter Andersson
-%%% @doc
-%%%
-%%% @end
-%%% Created : 11 Aug 2010 by Peter Andersson <[email protected]>
-%%%-------------------------------------------------------------------
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
 -module(repeat_1_SUITE).
 
 -compile(export_all).
diff --git a/lib/common_test/test/ct_test_server_if_1_SUITE.erl b/lib/common_test/test/ct_test_server_if_1_SUITE.erl
index 4471915e69..efc0309781 100644
--- a/lib/common_test/test/ct_test_server_if_1_SUITE.erl
+++ b/lib/common_test/test/ct_test_server_if_1_SUITE.erl
@@ -228,39 +228,39 @@ test_events(ts_if_1) ->
 			{failed,{error,{suite0_failed,{exited,suite0_goes_boom}}}}}},
 
      {?eh,tc_start,{ct_framework,error_in_suite}},
-     {?eh,test_stats,{3,6,{3,7}}},
+     {?eh,test_stats,{3,5,{4,7}}},
 
      {?eh,tc_start,{ct_framework,error_in_suite}},
-     {?eh,test_stats,{3,7,{3,7}}},
+     {?eh,test_stats,{3,5,{5,7}}},
 
      {?eh,tc_start,{ts_if_5_SUITE,init_per_suite}},
      {?eh,tc_done,{ts_if_5_SUITE,init_per_suite,
 		   {skipped,{require_failed_in_suite0,{not_available,undef_variable}}}}},
      {?eh,tc_auto_skip,{ts_if_5_SUITE,my_test_case,
 			{require_failed_in_suite0,{not_available,undef_variable}}}},
-     {?eh,test_stats,{3,7,{3,8}}},
+     {?eh,test_stats,{3,5,{5,8}}},
      {?eh,tc_auto_skip,{ts_if_5_SUITE,end_per_suite,
 			{require_failed_in_suite0,{not_available,undef_variable}}}},
 
      {?eh,tc_start,{ts_if_6_SUITE,tc1}},
      {?eh,tc_done,{ts_if_6_SUITE,tc1,{failed,{error,{suite0_failed,{exited,suite0_byebye}}}}}},
-     {?eh,test_stats,{3,7,{4,8}}},
+     {?eh,test_stats,{3,5,{6,8}}},
 
      {?eh,tc_start,{ts_if_7_SUITE,tc1}},
      {?eh,tc_done,{ts_if_7_SUITE,tc1,ok}},
-     {?eh,test_stats,{4,7,{4,8}}},
+     {?eh,test_stats,{4,5,{6,8}}},
 
      {?eh,tc_start,{ts_if_8_SUITE,tc1}},
      {?eh,tc_done,{ts_if_8_SUITE,tc1,{failed,{error,failed_on_purpose}}}},
-     {?eh,test_stats,{4,8,{4,8}}},
+     {?eh,test_stats,{4,6,{6,8}}},
 
      {?eh,tc_user_skip,{skipped_by_spec_1_SUITE,all,"should be skipped"}},
-     {?eh,test_stats,{4,8,{5,8}}},
+     {?eh,test_stats,{4,6,{7,8}}},
 
      {?eh,tc_start,{skipped_by_spec_2_SUITE,init_per_suite}},
      {?eh,tc_done,{skipped_by_spec_2_SUITE,init_per_suite,ok}},
      {?eh,tc_user_skip,{skipped_by_spec_2_SUITE,tc1,"should be skipped"}},
-     {?eh,test_stats,{4,8,{6,8}}},
+     {?eh,test_stats,{4,6,{8,8}}},
      {?eh,tc_start,{skipped_by_spec_2_SUITE,end_per_suite}},
      {?eh,tc_done,{skipped_by_spec_2_SUITE,end_per_suite,ok}},
 
diff --git a/lib/common_test/test/ct_test_server_if_1_SUITE_data/test_server_if/test/ts_if_1_SUITE.erl b/lib/common_test/test/ct_test_server_if_1_SUITE_data/test_server_if/test/ts_if_1_SUITE.erl
index bda7d91161..06fa6ac638 100644
--- a/lib/common_test/test/ct_test_server_if_1_SUITE_data/test_server_if/test/ts_if_1_SUITE.erl
+++ b/lib/common_test/test/ct_test_server_if_1_SUITE_data/test_server_if/test/ts_if_1_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2009-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/vsn.mk b/lib/common_test/vsn.mk
index 4782a32933..2f43c1bc17 100644
--- a/lib/common_test/vsn.mk
+++ b/lib/common_test/vsn.mk
@@ -1,3 +1 @@
-COMMON_TEST_VSN = 1.5.5
-
-
+COMMON_TEST_VSN = 1.6
diff --git a/lib/compiler/doc/src/compile.xml b/lib/compiler/doc/src/compile.xml
index 522c1dc411..0f8abf1ccf 100644
--- a/lib/compiler/doc/src/compile.xml
+++ b/lib/compiler/doc/src/compile.xml
@@ -333,7 +333,7 @@ module.beam: module.erl \
           <tag><c>{d,Macro,Value}</c></tag>
           <item>
             <p>Defines a macro <c>Macro</c> to have the value
-	      <c>Value</c>. The default is <c>true</c>).</p>
+	      <c>Value</c>. The default is <c>true</c>.</p>
           </item>
 
 	  <tag><c>{parse_transform,Module}</c></tag>
diff --git a/lib/compiler/doc/src/notes.xml b/lib/compiler/doc/src/notes.xml
index 740cbcf8eb..3f53a71764 100644
--- a/lib/compiler/doc/src/notes.xml
+++ b/lib/compiler/doc/src/notes.xml
@@ -31,6 +31,105 @@
   <p>This document describes the changes made to the Compiler
     application.</p>
 
+<section><title>Compiler 4.8</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Add '-callback' attributes in stdlib's behaviours</p>
+          <p>
+	    Replace the behaviour_info(callbacks) export in stdlib's
+	    behaviours with -callback' attributes for all the
+	    callbacks. Update the documentation with information on
+	    the callback attribute Automatically generate
+	    'behaviour_info' function from '-callback' attributes</p>
+          <p>
+	    'behaviour_info(callbacks)' is a special function that is
+	    defined in a module which describes a behaviour and
+	    returns a list of its callbacks.</p>
+          <p>
+	    This function is now automatically generated using the
+	    '-callback' specs. An error is returned by lint if user
+	    defines both '-callback' attributes and the
+	    behaviour_info/1 function. If no type info is needed for
+	    a callback use a generic spec for it. Add '-callback'
+	    attribute to language syntax</p>
+          <p>
+	    Behaviours may define specs for their callbacks using the
+	    familiar spec syntax, replacing the '-spec' keyword with
+	    '-callback'. Simple lint checks are performed to ensure
+	    that no callbacks are defined twice and all types
+	    referred are declared.</p>
+          <p>
+	    These attributes can be then used by tools to provide
+	    documentation to the behaviour or find discrepancies in
+	    the callback definitions in the callback module.</p>
+          <p>
+	    Add callback specs into 'application' module in kernel
+	    Add callback specs to tftp module following internet
+	    documentation Add callback specs to inets_service module
+	    following possibly deprecated comments</p>
+          <p>
+	    Own Id: OTP-9621</p>
+        </item>
+        <item>
+          <p>
+	    The calculation of the 'uniq' value for a fun (see
+	    <c>erlang:fun_info/1</c>) was too weak and has been
+	    strengthened. It used to be based on the only the code
+	    for the fun body, but it is now based on the MD5 of the
+	    BEAM code for the module.</p>
+          <p>
+	    Own Id: OTP-9667</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Variables are now now allowed in '<c>fun M:F/A</c>' as
+	    suggested by Richard O'Keefe in EEP-23.</p>
+	    <p>The representation of '<c>fun M:F/A</c>' in the
+	    abstract format has been changed in an incompatible way.
+	    Tools that directly read or manipulate the abstract
+	    format (such as parse transforms) may need to be updated.
+	    The compiler can handle both the new and the old format
+	    (i.e. extracting the abstract format from a pre-R15 BEAM
+	    file and compiling it using compile:forms/1,2 will work).
+	    The <c>syntax_tools</c> application can also handle both
+	    formats.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9643</p>
+        </item>
+        <item>
+          <p>
+	    <c>filename:find_src/1,2</c> will now work on stripped
+	    BEAM files (reported by Per Hedeland). The HiPE compiler
+	    will also work on stripped BEAM files. The BEAM compiler
+	    will no longer include compilation options given in the
+	    source code itself in <c>M:module_info(compile)</c>
+	    (because those options will be applied anyway if the
+	    module is re-compiled).</p>
+          <p>
+	    Own Id: OTP-9752</p>
+        </item>
+        <item>
+	    <p>Inlining binary matching could cause an internal
+	    compiler error. (Thanks to Rene Kijewski for reporting
+	    this bug.)</p>
+          <p>
+	    Own Id: OTP-9770</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Compiler 4.7.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/compiler/src/Makefile b/lib/compiler/src/Makefile
index 1238d113e1..3415517fff 100644
--- a/lib/compiler/src/Makefile
+++ b/lib/compiler/src/Makefile
@@ -53,12 +53,14 @@ MODULES =  \
 	beam_dead \
 	beam_dict \
 	beam_disasm \
+	beam_except \
 	beam_flatten \
 	beam_jump \
 	beam_listing \
 	beam_opcodes \
 	beam_peep \
 	beam_receive \
+	beam_split \
 	beam_trim \
 	beam_type \
 	beam_utils \
diff --git a/lib/compiler/src/beam_asm.erl b/lib/compiler/src/beam_asm.erl
index 4a9c12dfea..a7c8508321 100644
--- a/lib/compiler/src/beam_asm.erl
+++ b/lib/compiler/src/beam_asm.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/compiler/src/beam_block.erl b/lib/compiler/src/beam_block.erl
index 432d1e7eea..cd568097fa 100644
--- a/lib/compiler/src/beam_block.erl
+++ b/lib/compiler/src/beam_block.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/compiler/src/beam_dead.erl b/lib/compiler/src/beam_dead.erl
index 9f81a6ab43..5f12a98f09 100644
--- a/lib/compiler/src/beam_dead.erl
+++ b/lib/compiler/src/beam_dead.erl
@@ -131,10 +131,9 @@
 -import(lists, [mapfoldl/3,reverse/1]).
 
 module({Mod,Exp,Attr,Fs0,_}, _Opts) ->
-    Fs1 = [split_blocks(F) || F <- Fs0],
-    {Fs2,Lc1} = beam_clean:clean_labels(Fs1),
-    {Fs,Lc} = mapfoldl(fun function/2, Lc1, Fs2),
-    %%{Fs,Lc} = {Fs2,Lc1},
+    {Fs1,Lc1} = beam_clean:clean_labels(Fs0),
+    {Fs,Lc} = mapfoldl(fun function/2, Lc1, Fs1),
+    %%{Fs,Lc} = {Fs1,Lc1},
     {ok,{Mod,Exp,Attr,Fs,Lc}}.
 
 function({function,Name,Arity,CLabel,Is0}, Lc0) ->
@@ -160,64 +159,6 @@ function({function,Name,Arity,CLabel,Is0}, Lc0) ->
 	    erlang:raise(Class, Error, Stack)
     end.
 
-%% We must split the basic block when we encounter instructions with labels,
-%% such as catches and BIFs. All labels must be visible outside the blocks.
-
-split_blocks({function,Name,Arity,CLabel,Is0}) ->
-    Is = split_blocks(Is0, []),
-    {function,Name,Arity,CLabel,Is}.
-
-split_blocks([{block,Bl}|Is], Acc0) ->
-    Acc = split_block(Bl, [], Acc0),
-    split_blocks(Is, Acc);
-split_blocks([I|Is], Acc) ->
-    split_blocks(Is, [I|Acc]);
-split_blocks([], Acc) -> reverse(Acc).
-
-split_block([{set,[R],[_,_,_]=As,{bif,is_record,{f,Lbl}}}|Is], Bl, Acc) ->
-    %% is_record/3 must be translated by beam_clean; therefore,
-    %% it must be outside of any block.
-    split_block(Is, [], [{bif,is_record,{f,Lbl},As,R}|make_block(Bl, Acc)]);
-split_block([{set,[R],As,{bif,N,{f,Lbl}=Fail}}|Is], Bl, Acc) when Lbl =/= 0 ->
-    split_block(Is, [], [{bif,N,Fail,As,R}|make_block(Bl, Acc)]);
-split_block([{set,[R],As,{alloc,Live,{gc_bif,N,{f,Lbl}=Fail}}}|Is], Bl, Acc)
-  when Lbl =/= 0 ->
-    split_block(Is, [], [{gc_bif,N,Fail,Live,As,R}|make_block(Bl, Acc)]);
-split_block([{set,[R],[],{'catch',L}}|Is], Bl, Acc) ->
-    split_block(Is, [], [{'catch',R,L}|make_block(Bl, Acc)]);
-split_block([{set,[],[],{line,_}=Line}|Is], Bl, Acc) ->
-    split_block(Is, [], [Line|make_block(Bl, Acc)]);
-split_block([I|Is], Bl, Acc) ->
-    split_block(Is, [I|Bl], Acc);
-split_block([], Bl, Acc) -> make_block(Bl, Acc).
-
-make_block([], Acc) -> Acc;
-make_block([{set,[D],Ss,{bif,Op,Fail}}|Bl]=Bl0, Acc) ->
-    %% If the last instruction in the block is a comparison or boolean operator
-    %% (such as '=:='), move it out of the block to facilitate further
-    %% optimizations.
-    Arity = length(Ss),
-    case erl_internal:comp_op(Op, Arity) orelse
-	erl_internal:new_type_test(Op, Arity) orelse
-	erl_internal:bool_op(Op, Arity) of
-	false ->
-	    [{block,reverse(Bl0)}|Acc];
-	true ->
-	    I = {bif,Op,Fail,Ss,D},
-	    case Bl =:= [] of
-		true -> [I|Acc];
-		false -> [I,{block,reverse(Bl)}|Acc]
-	    end
-    end;
-make_block([{set,[Dst],[Src],move}|Bl], Acc) ->
-    %% Make optimization of {move,Src,Dst}, {jump,...} possible.
-    I = {move,Src,Dst},
-    case Bl =:= [] of
-	true -> [I|Acc];
-	false -> [I,{block,reverse(Bl)}|Acc]
-    end;
-make_block(Bl, Acc) -> [{block,reverse(Bl)}|Acc].
-
 %% 'move' instructions outside of blocks may thwart the jump optimizer.
 %% Move them back into the block.
 
diff --git a/lib/compiler/src/beam_disasm.erl b/lib/compiler/src/beam_disasm.erl
index 7103d2390f..62bdc74cc8 100644
--- a/lib/compiler/src/beam_disasm.erl
+++ b/lib/compiler/src/beam_disasm.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2000-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2000-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -182,10 +182,14 @@ process_chunks(F) ->
 	    Literals = beam_disasm_literals(LiteralBin),
 	    Code = beam_disasm_code(CodeBin, Atoms, mk_imports(ImportsList),
 				    StrBin, Lambdas, Literals, Module),
-	    Attributes = optional_chunk(F, attributes),
+	    Attributes =
+		case optional_chunk(F, attributes) of
+		    none -> [];
+		    Atts when is_list(Atts) -> Atts
+		end,
 	    CompInfo = 
 		case optional_chunk(F, "CInf") of
-		    none -> none;
+		    none -> [];
 		    CompInfoBin when is_binary(CompInfoBin) ->
 			binary_to_term(CompInfoBin)
 		end,
@@ -198,7 +202,7 @@ process_chunks(F) ->
     end.
 
 %%-----------------------------------------------------------------------
-%% Retrieve an optional chunk or none if the chunk doesn't exist.
+%% Retrieve an optional chunk or return 'none' if the chunk doesn't exist.
 %%-----------------------------------------------------------------------
 
 optional_chunk(F, ChunkTag) ->
diff --git a/lib/compiler/src/beam_except.erl b/lib/compiler/src/beam_except.erl
new file mode 100644
index 0000000000..fb1a43cd9e
--- /dev/null
+++ b/lib/compiler/src/beam_except.erl
@@ -0,0 +1,149 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(beam_except).
+-export([module/2]).
+
+%%% Rewrite certain calls to erlang:error/{1,2} to specialized
+%%% instructions:
+%%%
+%%% erlang:error({badmatch,Value})       => badmatch Value
+%%% erlang:error({case_clause,Value})    => case_end Value
+%%% erlang:error({try_clause,Value})     => try_case_end Value
+%%% erlang:error(if_clause)              => if_end
+%%% erlang:error(function_clause, Args)  => jump FuncInfoLabel
+%%%
+
+-import(lists, [reverse/1]).
+
+module({Mod,Exp,Attr,Fs0,Lc}, _Opt) ->
+    Fs = [function(F) || F <- Fs0],
+    {ok,{Mod,Exp,Attr,Fs,Lc}}.
+
+function({function,Name,Arity,CLabel,Is0}) ->
+    try
+	Is = function_1(Is0),
+	{function,Name,Arity,CLabel,Is}
+    catch
+	Class:Error ->
+	    Stack = erlang:get_stacktrace(),
+	    io:fwrite("Function: ~w/~w\n", [Name,Arity]),
+	    erlang:raise(Class, Error, Stack)
+    end.
+
+-record(st,
+	{lbl,					%func_info label
+	 loc					%location for func_info
+	 }).
+
+function_1(Is0) ->
+    case Is0 of
+	[{label,Lbl},{line,Loc}|_] ->
+	    St = #st{lbl=Lbl,loc=Loc},
+	    translate(Is0, St, []);
+	[{label,_}|_] ->
+	    %% No line numbers. The source must be a .S file.
+	    %% There is no need to do anything.
+	    Is0
+    end.
+
+translate([{call_ext,Ar,{extfunc,erlang,error,Ar}}=I|Is], St, Acc) ->
+    translate_1(Ar, I, Is, St, Acc);
+translate([{call_ext_only,Ar,{extfunc,erlang,error,Ar}}=I|Is], St, Acc) ->
+    translate_1(Ar, I, Is, St, Acc);
+translate([{call_ext_last,Ar,{extfunc,erlang,error,Ar},_}=I|Is], St, Acc) ->
+    translate_1(Ar, I, Is, St, Acc);
+translate([I|Is], St, Acc) ->
+    translate(Is, St, [I|Acc]);
+translate([], _, Acc) ->
+    reverse(Acc).
+
+translate_1(Ar, I, Is, St, [{line,_}=Line|Acc1]=Acc0) ->
+    case dig_out(Ar, Acc1) of
+	no ->
+	    translate(Is, St, [I|Acc0]);
+	{yes,function_clause,Acc2} ->
+	    case {Line,St} of
+		{{line,Loc},#st{lbl=Fi,loc=Loc}} ->
+		    Instr = {jump,{f,Fi}},
+		    translate(Is, St, [Instr|Acc2]);
+		{_,_} ->
+		    %% This must be "error(function_clause, Args)" in
+		    %% the Erlang source code. Don't translate.
+		    translate(Is, St, [I|Acc0])
+	    end;
+	{yes,Instr,Acc2} ->
+	    translate(Is, St, [Instr,Line|Acc2])
+    end.
+
+dig_out(Ar, [{kill,_}|Is]) ->
+    dig_out(Ar, Is);
+dig_out(1, [{block,Bl0}|Is]) ->
+    case dig_out_block(reverse(Bl0)) of
+	no -> no;
+	{yes,What,[]} ->
+	    {yes,What,Is};
+	{yes,What,Bl} ->
+	    {yes,What,[{block,Bl}|Is]}
+    end;
+dig_out(2, [{block,Bl}|Is]) ->
+    case dig_out_block_fc(Bl) of
+	no -> no;
+	{yes,What} -> {yes,What,Is}
+    end;
+dig_out(_, _) -> no.
+
+dig_out_block([{set,[{x,0}],[{atom,if_clause}],move}]) ->
+    {yes,if_end,[]};
+dig_out_block([{set,[{x,0}],[{literal,{Exc,Value}}],move}|Is]) ->
+    translate_exception(Exc, {literal,Value}, Is, 0);
+dig_out_block([{set,[{x,0}],[Tuple],move},
+	       {set,[],[Value],put},
+	       {set,[],[{atom,Exc}],put},
+	       {set,[Tuple],[],{put_tuple,2}}|Is]) ->
+    translate_exception(Exc, Value, Is, 3);
+dig_out_block([{set,[],[Value],put},
+	       {set,[],[{atom,Exc}],put},
+	       {set,[{x,0}],[],{put_tuple,2}}|Is]) ->
+    translate_exception(Exc, Value, Is, 3);
+dig_out_block(_) -> no.
+
+translate_exception(badmatch, Val, Is, Words) ->
+    {yes,{badmatch,Val},fix_block(Is, Words)};
+translate_exception(case_clause, Val, Is, Words) ->
+    {yes,{case_end,Val},fix_block(Is, Words)};
+translate_exception(try_clause, Val, Is, Words) ->
+    {yes,{try_case_end,Val},fix_block(Is, Words)};
+translate_exception(_, _, _, _) -> no.
+
+fix_block(Is, 0) ->
+    reverse(Is);
+fix_block(Is0, Words) ->
+    [{set,[],[],{alloc,Live,{F1,F2,Needed,F3}}}|Is] = reverse(Is0),
+    [{set,[],[],{alloc,Live,{F1,F2,Needed-Words,F3}}}|Is].
+
+dig_out_block_fc([{set,[],[],{alloc,Live,_}}|Bl]) ->
+    dig_out_fc(Bl, Live-1, nil);
+dig_out_block_fc(_) -> no.
+
+dig_out_fc([{set,[Dst],[{x,Reg},Dst0],put_list}|Is], Reg, Dst0) ->
+    dig_out_fc(Is, Reg-1, Dst);
+dig_out_fc([{set,[{x,0}],[{atom,function_clause}],move}], -1, {x,1}) ->
+    {yes,function_clause};
+dig_out_fc(_, _, _) -> no.
diff --git a/lib/compiler/src/beam_jump.erl b/lib/compiler/src/beam_jump.erl
index 537f8ca81b..db67d24514 100644
--- a/lib/compiler/src/beam_jump.erl
+++ b/lib/compiler/src/beam_jump.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/compiler/src/beam_listing.erl b/lib/compiler/src/beam_listing.erl
index 2941f6135c..50d1f3cdb1 100644
--- a/lib/compiler/src/beam_listing.erl
+++ b/lib/compiler/src/beam_listing.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/compiler/src/beam_receive.erl b/lib/compiler/src/beam_receive.erl
index c483d85a97..bd1f44f66b 100644
--- a/lib/compiler/src/beam_receive.erl
+++ b/lib/compiler/src/beam_receive.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/compiler/src/beam_split.erl b/lib/compiler/src/beam_split.erl
new file mode 100644
index 0000000000..cacaaebffe
--- /dev/null
+++ b/lib/compiler/src/beam_split.erl
@@ -0,0 +1,85 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(beam_split).
+-export([module/2]).
+
+-import(lists, [reverse/1]).
+
+module({Mod,Exp,Attr,Fs0,Lc}, _Opts) ->
+    Fs = [split_blocks(F) || F <- Fs0],
+    {ok,{Mod,Exp,Attr,Fs,Lc}}.
+
+%% We must split the basic block when we encounter instructions with labels,
+%% such as catches and BIFs. All labels must be visible outside the blocks.
+
+split_blocks({function,Name,Arity,CLabel,Is0}) ->
+    Is = split_blocks(Is0, []),
+    {function,Name,Arity,CLabel,Is}.
+
+split_blocks([{block,Bl}|Is], Acc0) ->
+    Acc = split_block(Bl, [], Acc0),
+    split_blocks(Is, Acc);
+split_blocks([I|Is], Acc) ->
+    split_blocks(Is, [I|Acc]);
+split_blocks([], Acc) -> reverse(Acc).
+
+split_block([{set,[R],[_,_,_]=As,{bif,is_record,{f,Lbl}}}|Is], Bl, Acc) ->
+    %% is_record/3 must be translated by beam_clean; therefore,
+    %% it must be outside of any block.
+    split_block(Is, [], [{bif,is_record,{f,Lbl},As,R}|make_block(Bl, Acc)]);
+split_block([{set,[R],As,{bif,N,{f,Lbl}=Fail}}|Is], Bl, Acc) when Lbl =/= 0 ->
+    split_block(Is, [], [{bif,N,Fail,As,R}|make_block(Bl, Acc)]);
+split_block([{set,[R],As,{alloc,Live,{gc_bif,N,{f,Lbl}=Fail}}}|Is], Bl, Acc)
+  when Lbl =/= 0 ->
+    split_block(Is, [], [{gc_bif,N,Fail,Live,As,R}|make_block(Bl, Acc)]);
+split_block([{set,[R],[],{'catch',L}}|Is], Bl, Acc) ->
+    split_block(Is, [], [{'catch',R,L}|make_block(Bl, Acc)]);
+split_block([{set,[],[],{line,_}=Line}|Is], Bl, Acc) ->
+    split_block(Is, [], [Line|make_block(Bl, Acc)]);
+split_block([I|Is], Bl, Acc) ->
+    split_block(Is, [I|Bl], Acc);
+split_block([], Bl, Acc) -> make_block(Bl, Acc).
+
+make_block([], Acc) -> Acc;
+make_block([{set,[D],Ss,{bif,Op,Fail}}|Bl]=Bl0, Acc) ->
+    %% If the last instruction in the block is a comparison or boolean operator
+    %% (such as '=:='), move it out of the block to facilitate further
+    %% optimizations.
+    Arity = length(Ss),
+    case erl_internal:comp_op(Op, Arity) orelse
+	erl_internal:new_type_test(Op, Arity) orelse
+	erl_internal:bool_op(Op, Arity) of
+	false ->
+	    [{block,reverse(Bl0)}|Acc];
+	true ->
+	    I = {bif,Op,Fail,Ss,D},
+	    case Bl =:= [] of
+		true -> [I|Acc];
+		false -> [I,{block,reverse(Bl)}|Acc]
+	    end
+    end;
+make_block([{set,[Dst],[Src],move}|Bl], Acc) ->
+    %% Make optimization of {move,Src,Dst}, {jump,...} possible.
+    I = {move,Src,Dst},
+    case Bl =:= [] of
+	true -> [I|Acc];
+	false -> [I,{block,reverse(Bl)}|Acc]
+    end;
+make_block(Bl, Acc) -> [{block,reverse(Bl)}|Acc].
diff --git a/lib/compiler/src/beam_trim.erl b/lib/compiler/src/beam_trim.erl
index 25e6ffbb73..5f4fa3b1f8 100644
--- a/lib/compiler/src/beam_trim.erl
+++ b/lib/compiler/src/beam_trim.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2007-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/compiler/src/beam_type.erl b/lib/compiler/src/beam_type.erl
index 0c51251f1b..6f0ffb5b25 100644
--- a/lib/compiler/src/beam_type.erl
+++ b/lib/compiler/src/beam_type.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/compiler/src/beam_utils.erl b/lib/compiler/src/beam_utils.erl
index f281ad5eac..116ede0bc9 100644
--- a/lib/compiler/src/beam_utils.erl
+++ b/lib/compiler/src/beam_utils.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -474,8 +474,15 @@ check_liveness(R, [{make_fun2,_,_,_,NumFree}|Is], St) ->
     end;
 check_liveness(R, [{try_end,Y}|Is], St) ->
     case R of
-	Y -> {killed,St};
-	_ -> check_liveness(R, Is, St)
+	Y ->
+	    {killed,St};
+	{y,_} ->
+	    %% y registers will be used if an exception occurs and
+	    %% control transfers to the label given in the previous
+	    %% try/2 instruction.
+	    {used,St};
+	_ ->
+	    check_liveness(R, Is, St)
     end;
 check_liveness(R, [{catch_end,Y}|Is], St) ->
     case R of
diff --git a/lib/compiler/src/beam_validator.erl b/lib/compiler/src/beam_validator.erl
index fe3b1680d9..a52e7bb761 100644
--- a/lib/compiler/src/beam_validator.erl
+++ b/lib/compiler/src/beam_validator.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -670,10 +670,20 @@ valfun_4({get_tuple_element,Src,I,Dst}, Vst) ->
 valfun_4({test,bs_start_match2,{f,Fail},Live,[Ctx,NeedSlots],Ctx}, Vst0) ->
     %% If source and destination registers are the same, match state
     %% is OK as input.
-    _ = get_move_term_type(Ctx, Vst0),
+    CtxType = get_move_term_type(Ctx, Vst0),
     verify_live(Live, Vst0),
     Vst1 = prune_x_regs(Live, Vst0),
-    Vst = branch_state(Fail, Vst1),
+    BranchVst = case CtxType of
+		    {match_context,_,_} ->
+			%% The failure branch will never be taken when Ctx
+			%% is a match context. Therefore, the type for Ctx
+			%% at the failure label must not be match_context
+			%% (or we could reject legal code).
+			set_type_reg(term, Ctx, Vst1);
+		    _ ->
+			Vst1
+		end,
+    Vst = branch_state(Fail, BranchVst),
     set_type_reg(bsm_match_state(NeedSlots), Ctx, Vst);
 valfun_4({test,bs_start_match2,{f,Fail},Live,[Src,Slots],Dst}, Vst0) ->
     assert_term(Src, Vst0),
diff --git a/lib/compiler/src/cerl_inline.erl b/lib/compiler/src/cerl_inline.erl
index c15103999f..589685d72d 100644
--- a/lib/compiler/src/cerl_inline.erl
+++ b/lib/compiler/src/cerl_inline.erl
@@ -1262,8 +1262,9 @@ i_receive_1(E, Cs, T, B, S) ->
 i_module(E, Ctxt, Ren, Env, S) ->
     %% Cf. `i_letrec'. Note that we pass a dummy constant value for the
     %% "body" parameter.
+    Exps = i_module_exports(E),
     {Es, _, Xs1, S1} = i_letrec(module_defs(E), void(),
-                                module_exports(E), Ctxt, Ren, Env, S),
+                                Exps, Ctxt, Ren, Env, S),
     %% Sanity check:
     case Es of
         [] ->
@@ -1276,6 +1277,27 @@ i_module(E, Ctxt, Ren, Env, S) ->
     E1 = update_c_module(E, module_name(E), Xs1, module_attrs(E), Es),
     {E1, count_size(weight(module), S1)}.
 
+i_module_exports(E) ->
+    %% If a function is named in an `on_load' attribute, we will
+    %% pretend that it is exported to ensure that it will not be removed.
+    Exps = module_exports(E),
+    Attrs = module_attrs(E),
+    case i_module_on_load(Attrs) of
+	none ->
+	    Exps;
+	[{_,_}=FA] ->
+	    ordsets:add_element(c_var(FA), Exps)
+    end.
+
+i_module_on_load([{Key,Val}|T]) ->    
+    case concrete(Key) of
+	on_load ->
+	    concrete(Val);
+	_ ->
+	    i_module_on_load(T)
+    end;
+i_module_on_load([]) -> none.
+
 %% Binary-syntax expressions are too complicated to do anything
 %% interesting with here - that is beyond the scope of this program;
 %% also, their construction could have side effects, so even in effect
diff --git a/lib/compiler/src/compile.erl b/lib/compiler/src/compile.erl
index bfa7c6cedd..9b505ad15c 100644
--- a/lib/compiler/src/compile.erl
+++ b/lib/compiler/src/compile.erl
@@ -175,6 +175,8 @@ expand_opt(r12, Os) ->
     [no_recv_opt,no_line_info|Os];
 expand_opt(r13, Os) ->
     [no_recv_opt,no_line_info|Os];
+expand_opt(r14, Os) ->
+    [no_line_info|Os];
 expand_opt({debug_info_key,_}=O, Os) ->
     [encrypt_debug_info,O|Os];
 expand_opt(no_float_opt, Os) ->
@@ -235,7 +237,8 @@ format_error({module_name,Mod,Filename}) ->
 		  code=[],
 		  core_code=[],
 		  abstract_code=[],		%Abstract code for debugger.
-		  options=[]  :: [option()],
+		  options=[]  :: [option()],	%Options for compilation
+		  mod_options=[]  :: [option()], %Options for module_info
 		  errors=[],
 		  warnings=[]}).
 
@@ -246,10 +249,11 @@ internal(Master, Input, Opts) ->
 
 internal({forms,Forms}, Opts) ->
     {_,Ps} = passes(forms, Opts),
-    internal_comp(Ps, "", "", #compile{code=Forms,options=Opts});
+    internal_comp(Ps, "", "", #compile{code=Forms,options=Opts,
+				       mod_options=Opts});
 internal({file,File}, Opts) ->
     {Ext,Ps} = passes(file, Opts),
-    Compile = #compile{options=Opts},
+    Compile = #compile{options=Opts,mod_options=Opts},
     internal_comp(Ps, File, Ext, Compile).
 
 internal_comp(Passes, File, Suffix, St0) ->
@@ -625,11 +629,15 @@ asm_passes() ->
       [{unless,no_postopt,
 	[{pass,beam_block},
 	 {iff,dblk,{listing,"block"}},
+	 {unless,no_except,{pass,beam_except}},
+	 {iff,dexcept,{listing,"except"}},
 	 {unless,no_bopt,{pass,beam_bool}},
 	 {iff,dbool,{listing,"bool"}},
 	 {unless,no_topt,{pass,beam_type}},
 	 {iff,dtype,{listing,"type"}},
-	 {pass,beam_dead},	      %Must always run since it splits blocks.
+	 {pass,beam_split},
+	 {iff,dsplit,{listing,"split"}},
+	 {unless,no_dead,{pass,beam_dead}},
 	 {iff,ddead,{listing,"dead"}},
 	 {unless,no_jopt,{pass,beam_jump}},
 	 {iff,djmp,{listing,"jump"}},
@@ -1228,12 +1236,13 @@ beam_unused_labels(#compile{code=Code0}=St) ->
     Code = beam_jump:module_labels(Code0),
     {ok,St#compile{code=Code}}.
 
-beam_asm(#compile{ifile=File,code=Code0,abstract_code=Abst,options=Opts0}=St) ->
+beam_asm(#compile{ifile=File,code=Code0,
+		  abstract_code=Abst,mod_options=Opts0}=St) ->
     Source = filename:absname(File),
     Opts1 = lists:map(fun({debug_info_key,_}) -> {debug_info_key,'********'};
 			 (Other) -> Other
 		      end, Opts0),
-    Opts2 = [O || O <- Opts1, is_informative_option(O)],
+    Opts2 = [O || O <- Opts1, effects_code_generation(O)],
     case beam_asm:module(Code0, Abst, Source, Opts2) of
 	{ok,Code} -> {ok,St#compile{code=Code,abstract_code=[]}}
     end.
@@ -1303,15 +1312,23 @@ embed_native_code(St, {Architecture,NativeCode}) ->
     {ok, BeamPlusNative} = beam_lib:build_module(Chunks),
     St#compile{code=BeamPlusNative}.
 
-%% Returns true if the option is informative and therefore should be included
-%% in the option list of the compiled module.
-
-is_informative_option(beam) -> false;
-is_informative_option(report_warnings) -> false;
-is_informative_option(report_errors) -> false;
-is_informative_option(binary) -> false;
-is_informative_option(verbose) -> false;
-is_informative_option(_) -> true.
+%% effects_code_generation(Option) -> true|false.
+%%  Determine whether the option could have any effect on the
+%%  generated code in the BEAM file (as opposed to how
+%%  errors will be reported).
+
+effects_code_generation(Option) ->
+    case Option of 
+	beam -> false;
+	report_warnings -> false;
+	report_errors -> false;
+	return_errors-> false;
+	return_warnings-> false;
+	binary -> false;
+	verbose -> false;
+	{cwd,_} -> false;
+	_ -> true
+    end.
 
 save_binary(#compile{code=none}=St) -> {ok,St};
 save_binary(#compile{module=Mod,ofile=Outfile,
diff --git a/lib/compiler/src/compiler.app.src b/lib/compiler/src/compiler.app.src
index 4ac879c9a4..1133882728 100644
--- a/lib/compiler/src/compiler.app.src
+++ b/lib/compiler/src/compiler.app.src
@@ -1,7 +1,7 @@
 % This is an -*- erlang -*- file.
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -28,12 +28,14 @@
 	     beam_dead,
 	     beam_dict,
 	     beam_disasm,
+	     beam_except,
 	     beam_flatten,
 	     beam_jump,
 	     beam_listing,
 	     beam_opcodes,
 	     beam_peep,
 	     beam_receive,
+	     beam_split,
 	     beam_trim,
 	     beam_type,
 	     beam_utils,
diff --git a/lib/compiler/src/erl_bifs.erl b/lib/compiler/src/erl_bifs.erl
index 2514c06360..9ad2378d00 100644
--- a/lib/compiler/src/erl_bifs.erl
+++ b/lib/compiler/src/erl_bifs.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -136,6 +136,7 @@ is_pure(math, sinh, 1) -> true;
 is_pure(math, sqrt, 1) -> true;
 is_pure(math, tan, 1) -> true;
 is_pure(math, tanh, 1) -> true;
+is_pure(math, pi, 0) -> true;
 is_pure(_, _, _) -> false.
 
 
diff --git a/lib/compiler/src/genop.tab b/lib/compiler/src/genop.tab
index 39c1e8297f..75ac91907a 100644
--- a/lib/compiler/src/genop.tab
+++ b/lib/compiler/src/genop.tab
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1998-2010. All Rights Reserved.
+# Copyright Ericsson AB 1998-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/compiler/src/sys_core_fold.erl b/lib/compiler/src/sys_core_fold.erl
index 6ea67741fa..5b155398dc 100644
--- a/lib/compiler/src/sys_core_fold.erl
+++ b/lib/compiler/src/sys_core_fold.erl
@@ -2641,9 +2641,9 @@ bsm_leftmost_2([_|Ps], Cs, N, Pos) ->
 bsm_leftmost_2([], Cs, _, Pos) ->
     bsm_leftmost_1(Cs, Pos).
 
-%% bsm_notempty(Cs, Pos) -> true|false
+%% bsm_nonempty(Cs, Pos) -> true|false
 %%  Check if at least one of the clauses matches a non-empty
-%%  binary in the given argumet position.
+%%  binary in the given argument position.
 %%
 bsm_nonempty([#c_clause{pats=Ps}|Cs], Pos) ->
     case nth(Pos, Ps) of
@@ -2704,7 +2704,7 @@ bsm_ensure_no_partition_2([P|_], 1, _, Vstate, State) ->
 	    %%
 	    %% But if the clauses can't be freely rearranged, as in
 	    %%
-	    %% b(Var, <<>>) -> ...
+	    %% b(Var, <<X>>) -> ...
 	    %% b(1, 2) -> ...
 	    %%
 	    %% we do have a problem.
diff --git a/lib/compiler/src/sys_expand_pmod.erl b/lib/compiler/src/sys_expand_pmod.erl
index 4fee26f2a6..da644b4f0b 100644
--- a/lib/compiler/src/sys_expand_pmod.erl
+++ b/lib/compiler/src/sys_expand_pmod.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -317,6 +317,8 @@ expr({'try',Line,Es0,Scs0,Ccs0,As0},St) ->
     Ccs1 = icr_clauses(Ccs0,St),
     As1 = exprs(As0,St),
     {'try',Line,Es1,Scs1,Ccs1,As1};
+expr({'fun',_,{function,_,_,_}}=ExtFun,_St) ->
+    ExtFun;
 expr({'fun',Line,Body,Info},St) ->
     case Body of
 	{clauses,Cs0} ->
diff --git a/lib/compiler/src/v3_codegen.erl b/lib/compiler/src/v3_codegen.erl
index e7dae67085..6623485609 100644
--- a/lib/compiler/src/v3_codegen.erl
+++ b/lib/compiler/src/v3_codegen.erl
@@ -53,7 +53,6 @@
 
 %% Main codegen structure.
 -record(cg, {lcount=1,				%Label counter
-	     finfo,				%Function info label
 	     bfail,				%Fail label for BIFs
 	     break,				%Break label
 	     recv,				%Receive label
@@ -126,7 +125,6 @@ cg_fun(Les, Hvs, Vdb, AtomMod, NameArity, Anno, St0) ->
 			 stk=[]}, 0, Vdb),
     {B,_Aft,St} = cg_list(Les, 0, Vdb, Bef,
 			  St3#cg{bfail=0,
-				 finfo=Fi,
 				 ultimate_failure=UltimateMatchFail,
 				 is_top_block=true}),
     {Name,Arity} = NameArity,
@@ -147,8 +145,6 @@ cg({match,M,Rs}, Le, Vdb, Bef, St) ->
     match_cg(M, Rs, Le, Vdb, Bef, St);
 cg({guard_match,M,Rs}, Le, Vdb, Bef, St) ->
     guard_match_cg(M, Rs, Le, Vdb, Bef, St);
-cg({match_fail,F}, Le, Vdb, Bef, St) ->
-    match_fail_cg(F, Le, Vdb, Bef, St);
 cg({call,Func,As,Rs}, Le, Vdb, Bef, St) ->
     call_cg(Func, As, Rs, Le, Vdb, Bef, St);
 cg({enter,Func,As}, Le, Vdb, Bef, St) ->
@@ -294,39 +290,6 @@ match_cg({block,Es}, Le, _Fail, Bef, St) ->
     Int = clear_dead(Bef, Le#l.i, Le#l.vdb),
     block_cg(Es, Le, Int, St).
 
-%% match_fail_cg(FailReason, Le, Vdb, StackReg, State) ->
-%%	{[Ainstr],StackReg,State}.
-%%  Generate code for the match_fail "call".  N.B. there is no generic
-%%  case for when the fail value has been created elsewhere.
-
-match_fail_cg({function_clause,As}, Le, Vdb, Bef, St) ->
-    %% Must have the args in {x,0}, {x,1},...
-    {Sis,Int} = cg_setup_call(As, Bef, Le#l.i, Vdb),
-    {Sis ++ [{jump,{f,St#cg.finfo}}],
-     Int#sr{reg=clear_regs(Int#sr.reg)},St};
-match_fail_cg({badmatch,Term}, Le, Vdb, Bef, St) ->
-    R = cg_reg_arg(Term, Bef),
-    Int0 = clear_dead(Bef, Le#l.i, Vdb),
-    {Sis,Int} = adjust_stack(Int0, Le#l.i, Le#l.i+1, Vdb),
-    {Sis ++ [line(Le),{badmatch,R}],
-     Int#sr{reg=clear_regs(Int0#sr.reg)},St};
-match_fail_cg({case_clause,Reason}, Le, Vdb, Bef, St) ->
-    R = cg_reg_arg(Reason, Bef),
-    Int0 = clear_dead(Bef, Le#l.i, Vdb),
-    {Sis,Int} = adjust_stack(Int0, Le#l.i, Le#l.i+1, Vdb),
-    {Sis++[line(Le),{case_end,R}],
-     Int#sr{reg=clear_regs(Bef#sr.reg)},St};
-match_fail_cg(if_clause, Le, Vdb, Bef, St) ->
-    Int0 = clear_dead(Bef, Le#l.i, Vdb),
-    {Sis,Int1} = adjust_stack(Int0, Le#l.i, Le#l.i+1, Vdb),
-    {Sis++[line(Le),if_end],Int1#sr{reg=clear_regs(Int1#sr.reg)},St};
-match_fail_cg({try_clause,Reason}, Le, Vdb, Bef, St) ->
-    R = cg_reg_arg(Reason, Bef),
-    Int0 = clear_dead(Bef, Le#l.i, Vdb),
-    {Sis,Int} = adjust_stack(Int0, Le#l.i, Le#l.i+1, Vdb),
-    {Sis ++ [line(Le),{try_case_end,R}],
-     Int#sr{reg=clear_regs(Int0#sr.reg)},St}.
-
 %% bsm_rename_ctx([Clause], Var) -> [Clause]
 %%  We know from an annotation that the register for a binary can
 %%  be reused for the match context because the two are not truly
diff --git a/lib/compiler/src/v3_kernel.erl b/lib/compiler/src/v3_kernel.erl
index 47e5e49a76..f2eaa37617 100644
--- a/lib/compiler/src/v3_kernel.erl
+++ b/lib/compiler/src/v3_kernel.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -83,6 +83,7 @@
 -import(lists, [map/2,foldl/3,foldr/3,mapfoldl/3,splitwith/2,member/2,
 		keymember/3,keyfind/3]).
 -import(ordsets, [add_element/2,del_element/2,union/2,union/1,subtract/2]).
+-import(cerl, [c_tuple/1]).
 
 -include("core_parse.hrl").
 -include("v3_kernel.hrl").
@@ -422,10 +423,11 @@ expr(#c_call{anno=A,module=M0,name=F0,args=Cargs}, Sub, St0) ->
     end;
 expr(#c_primop{anno=A,name=#c_literal{val=match_fail},args=Cargs0}, Sub, St0) ->
     Cargs = translate_match_fail(Cargs0, Sub, A, St0),
-    %% This special case will disappear.
     {Kargs,Ap,St} = atomic_list(Cargs, Sub, St0),
     Ar = length(Cargs),
-    Call = #k_call{anno=A,op=#k_internal{name=match_fail,arity=Ar},args=Kargs},
+    Call = #k_call{anno=A,op=#k_remote{mod=#k_atom{val=erlang},
+				       name=#k_atom{val=error},
+				       arity=Ar},args=Kargs},
     {Call,Ap,St};
 expr(#c_primop{anno=A,name=#c_literal{val=N},args=Cargs}, Sub, St0) ->
     {Kargs,Ap,St1} = atomic_list(Cargs, Sub, St0),
@@ -455,14 +457,14 @@ expr(#ireceive_accept{anno=A}, _Sub, St) -> {#k_receive_accept{anno=A},[],St}.
 translate_match_fail(Args, Sub, Anno, St) ->
     case Args of
 	[#c_tuple{es=[#c_literal{val=function_clause}|As]}] ->
-	    translate_match_fail_1(Anno, Args, As, Sub, St);
+	    translate_match_fail_1(Anno, As, Sub, St);
 	[#c_literal{val=Tuple}] when is_tuple(Tuple) ->
 	    %% The inliner may have created a literal out of
 	    %% the original #c_tuple{}.
 	    case tuple_to_list(Tuple) of
 		[function_clause|As0] ->
 		    As = [#c_literal{val=E} || E <- As0],
-		    translate_match_fail_1(Anno, Args, As, Sub, St);
+		    translate_match_fail_1(Anno, As, Sub, St);
 		_ ->
 		    Args
 	    end;
@@ -471,7 +473,7 @@ translate_match_fail(Args, Sub, Anno, St) ->
 	    Args
     end.
 
-translate_match_fail_1(Anno, Args, As, Sub, #kern{ff=FF}) ->
+translate_match_fail_1(Anno, As, Sub, #kern{ff=FF}) ->
     AnnoFunc = case keyfind(function_name, 1, Anno) of
 		   false ->
 		       none;			%Force rewrite.
@@ -481,10 +483,10 @@ translate_match_fail_1(Anno, Args, As, Sub, #kern{ff=FF}) ->
     case {AnnoFunc,FF} of
 	{Same,Same} ->
 	    %% Still in the correct function.
-	    Args;
+	    translate_fc(As);
 	{{F,_},F} ->
 	    %% Still in the correct function.
-	    Args;
+	    translate_fc(As);
 	_ ->
 	    %% Wrong function or no function_name annotation.
 	    %%
@@ -493,9 +495,12 @@ translate_match_fail_1(Anno, Args, As, Sub, #kern{ff=FF}) ->
 	    %% the current function). match_fail(function_clause) will
 	    %% only work at the top level of the function it was originally
 	    %% defined in, so we will need to rewrite it to a case_clause.
-	    [#c_tuple{es=[#c_literal{val=case_clause},#c_tuple{es=As}]}]
+	    [c_tuple([#c_literal{val=case_clause},c_tuple(As)])]
     end.
 
+translate_fc(Args) ->
+    [#c_literal{val=function_clause},make_list(Args)].
+
 %% call_type(Module, Function, Arity) -> call | bif | apply | error.
 %%  Classify the call.
 call_type(#c_literal{val=M}, #c_literal{val=F}, Ar) when is_atom(M), is_atom(F) ->
@@ -1494,7 +1499,6 @@ iletrec_funs_gen(Fs, FreeVs, St) ->
 %% is_exit_expr(Kexpr) -> boolean().
 %%  Test whether Kexpr always exits and never returns.
 
-is_exit_expr(#k_call{op=#k_internal{name=match_fail,arity=1}}) -> true;
 is_exit_expr(#k_receive_next{}) -> true;
 is_exit_expr(_) -> false.
 
diff --git a/lib/compiler/src/v3_life.erl b/lib/compiler/src/v3_life.erl
index a1d92af9f8..93f8034230 100644
--- a/lib/compiler/src/v3_life.erl
+++ b/lib/compiler/src/v3_life.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -89,19 +89,8 @@ function(#k_fdef{anno=#k{a=Anno},func=F,arity=Ar,vars=Vs,body=Kb}) ->
     end.
 
 %% body(Kbody, I, Vdb) -> {[Expr],MaxI,Vdb}.
-%%  Handle a body, need special cases for transforming match_fails.
-%%  We KNOW that they only occur last in a body.
-
-body(#k_seq{arg=#k_put{anno=Pa,arg=Arg,ret=[R]},
-	    body=#k_enter{anno=Ea,op=#k_internal{name=match_fail,arity=1},
-			  args=[R]}},
-      I, Vdb0) ->
-    Vdb1 = use_vars(Pa#k.us, I, Vdb0),		%All used here
-    {[match_fail(Arg, I, Pa#k.a ++ Ea#k.a)],I,Vdb1};
-body(#k_enter{anno=Ea,op=#k_internal{name=match_fail,arity=1},args=[Arg]},
-      I, Vdb0) ->
-    Vdb1 = use_vars(Ea#k.us, I, Vdb0),
-    {[match_fail(Arg, I, Ea#k.a)],I,Vdb1};
+%%  Handle a body.
+
 body(#k_seq{arg=Ke,body=Kb}, I, Vdb0) ->
     %%ok = io:fwrite("life ~w:~p~n", [?LINE,{Ke,I,Vdb0}]),
     A = get_kanno(Ke),
@@ -353,25 +342,6 @@ guard_clause(#k_guard_clause{anno=A,guard=Kg,body=Kb}, Ls, I, Ctxt, Vdb0) ->
        i=I,vdb=use_vars((get_kanno(Kg))#k.us, I+2, Vdb1),
        a=A#k.a}.
 
-%% match_fail(FailValue, I, Anno) -> Expr.
-%%  Generate the correct match_fail instruction.  N.B. there is no
-%%  generic case for when the fail value has been created elsewhere.
-
-match_fail(#k_literal{anno=Anno,val={Atom,Val}}, I, A) when is_atom(Atom) ->
-    match_fail(#k_tuple{anno=Anno,es=[#k_atom{val=Atom},#k_literal{val=Val}]}, I, A);
-match_fail(#k_literal{anno=Anno,val={Atom}}, I, A) when is_atom(Atom) ->
-    match_fail(#k_tuple{anno=Anno,es=[#k_atom{val=Atom}]}, I, A);
-match_fail(#k_tuple{es=[#k_atom{val=function_clause}|As]}, I, A) ->
-    #l{ke={match_fail,{function_clause,literal_list(As, [])}},i=I,a=A};
-match_fail(#k_tuple{es=[#k_atom{val=badmatch},Val]}, I, A) ->
-    #l{ke={match_fail,{badmatch,literal(Val, [])}},i=I,a=A};
-match_fail(#k_tuple{es=[#k_atom{val=case_clause},Val]}, I, A) ->
-    #l{ke={match_fail,{case_clause,literal(Val, [])}},i=I,a=A};
-match_fail(#k_atom{val=if_clause}, I, A) ->
-    #l{ke={match_fail,if_clause},i=I,a=A};
-match_fail(#k_tuple{es=[#k_atom{val=try_clause},Val]}, I, A) ->
-    #l{ke={match_fail,{try_clause,literal(Val, [])}},i=I,a=A}.
-
 %% type(Ktype) -> Type.
 
 type(k_literal) -> literal;
diff --git a/lib/compiler/test/Makefile b/lib/compiler/test/Makefile
index b90adaf917..e13ad4ae90 100644
--- a/lib/compiler/test/Makefile
+++ b/lib/compiler/test/Makefile
@@ -10,6 +10,7 @@ MODULES= \
 	apply_SUITE \
 	beam_validator_SUITE \
 	beam_disasm_SUITE \
+	beam_expect_SUITE \
 	bs_bincomp_SUITE \
 	bs_bit_binaries_SUITE \
 	bs_construct_SUITE \
@@ -29,7 +30,6 @@ MODULES= \
 	misc_SUITE \
 	num_bif_SUITE \
 	pmod_SUITE \
-	parteval_SUITE \
 	receive_SUITE \
 	record_SUITE \
 	trycatch_SUITE \
@@ -39,6 +39,7 @@ MODULES= \
 NO_OPT= \
 	andor \
 	apply \
+	beam_expect \
 	bs_construct \
         bs_match \
 	bs_utf \
diff --git a/lib/compiler/test/beam_disasm_SUITE.erl b/lib/compiler/test/beam_disasm_SUITE.erl
index 44574ae64a..62afc80ca6 100644
--- a/lib/compiler/test/beam_disasm_SUITE.erl
+++ b/lib/compiler/test/beam_disasm_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2011. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -60,6 +60,6 @@ stripped(Config) when is_list(Config) ->
     ?line true = is_list(Attr),
     ?line true = is_list(CompileInfo),
     ?line {ok, {tmp, _}} = beam_lib:strip(BeamName),
-    ?line {beam_file, tmp, _, none, none, [_|_]} =
+    ?line {beam_file, tmp, _, [], [], [_|_]} =
 	beam_disasm:file(BeamName),
     ok.
diff --git a/lib/compiler/test/beam_expect_SUITE.erl b/lib/compiler/test/beam_expect_SUITE.erl
new file mode 100644
index 0000000000..6f216eac4f
--- /dev/null
+++ b/lib/compiler/test/beam_expect_SUITE.erl
@@ -0,0 +1,67 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(beam_expect_SUITE).
+
+-export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
+	 init_per_group/2,end_per_group/2,
+	 coverage/1]).
+
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() ->
+    [coverage].
+
+groups() ->
+    [].
+
+init_per_suite(Config) ->
+    Config.
+
+end_per_suite(_Config) ->
+    ok.
+
+init_per_group(_GroupName, Config) ->
+    Config.
+
+end_per_group(_GroupName, Config) ->
+    Config.
+
+coverage(_) ->
+    File = {file,"fake.erl"},
+    ok = fc(a),
+    {'EXIT',{function_clause,
+	     [{?MODULE,fc,[[x]],[File,{line,2}]}|_]}} =
+	(catch fc([x])),
+    {'EXIT',{function_clause,
+	     [{?MODULE,fc,[y],[File,{line,2}]}|_]}} =
+	(catch fc(y)),
+    {'EXIT',{function_clause,
+	     [{?MODULE,fc,[[a,b,c]],[File,{line,6}]}|_]}} =
+	(catch fc([a,b,c])),
+
+    {'EXIT',{undef,[{erlang,error,[a,b,c],_}|_]}} =
+	(catch erlang:error(a, b, c)),
+    ok.
+
+-file("fake.erl", 1).
+fc(a) ->	                                %Line 2
+    ok;						%Line 3
+fc(L) when length(L) > 2 ->			%Line 4
+    %% Not the same as a "real" function_clause error.
+    error(function_clause, [L]).		%Line 6
diff --git a/lib/compiler/test/beam_validator_SUITE.erl b/lib/compiler/test/beam_validator_SUITE.erl
index 556dc54a8f..902867bc19 100644
--- a/lib/compiler/test/beam_validator_SUITE.erl
+++ b/lib/compiler/test/beam_validator_SUITE.erl
@@ -79,21 +79,18 @@ beam_files(Config) when is_list(Config) ->
     %% a grammatical error in the output of the io:format/2 call below. ;-)
     ?line [_,_|_] = Fs = filelib:wildcard(Wc),
     ?line io:format("~p files\n", [length(Fs)]),
-    beam_files_1(Fs, 0).
-
-beam_files_1([F|Fs], Errors) ->
-    ?line case beam_validator:file(F) of
-	      ok ->
-		  beam_files_1(Fs, Errors);
-	      {error,Es} ->
-		  io:format("File:  ~s", [F]),
-		  io:format("Error: ~p\n", [Es]),
-		  beam_files_1(Fs, Errors+1)
-	  end;
-beam_files_1([], 0) -> ok;
-beam_files_1([], Errors) ->
-    ?line io:format("~p error(s)", [Errors]),
-    ?line ?t:fail().
+    test_lib:p_run(fun do_beam_file/1, Fs).
+
+
+do_beam_file(F) ->
+    case beam_validator:file(F) of
+	ok ->
+	    ok;
+	{error,Es} ->
+	    io:format("File:  ~s", [F]),
+	    io:format("Error: ~p\n", [Es]),
+	    error
+    end.
 
 compiler_bug(Config) when is_list(Config) ->
     %% Check that the compiler returns an error if we try to
diff --git a/lib/compiler/test/bs_match_SUITE.erl b/lib/compiler/test/bs_match_SUITE.erl
index f8c71a0257..01b7568122 100644
--- a/lib/compiler/test/bs_match_SUITE.erl
+++ b/lib/compiler/test/bs_match_SUITE.erl
@@ -342,6 +342,10 @@ partitioned_bs_match(Config) when is_list(Config) ->
 
     ?line fc(partitioned_bs_match_2, [4,<<0:17>>],
 	     catch partitioned_bs_match_2(4, <<0:17>>)),
+
+    anything = partitioned_bs_match_3(anything, <<42>>),
+    ok = partitioned_bs_match_3(1, 2),
+
     ok.
 
 partitioned_bs_match(_, <<42:8,T/binary>>) ->
@@ -356,6 +360,9 @@ partitioned_bs_match_2(1, <<B:8,T/binary>>) ->
 partitioned_bs_match_2(Len, <<_:8,T/binary>>) ->
     {Len,T}.
 
+partitioned_bs_match_3(Var, <<_>>) -> Var;
+partitioned_bs_match_3(1, 2) -> ok.
+
 function_clause(Config) when is_list(Config)  ->
     ?line ok = function_clause_1(<<0,7,0,7,42>>),
     ?line fc(function_clause_1, [<<0,1,2,3>>],
diff --git a/lib/compiler/test/compilation_SUITE.erl b/lib/compiler/test/compilation_SUITE.erl
index 1343fbd1c9..408fd5ed53 100644
--- a/lib/compiler/test/compilation_SUITE.erl
+++ b/lib/compiler/test/compilation_SUITE.erl
@@ -44,7 +44,7 @@ all() ->
      trycatch_4, opt_crash, otp_5404, otp_5436, otp_5481,
      otp_5553, otp_5632, otp_5714, otp_5872, otp_6121,
      otp_6121a, otp_6121b, otp_7202, otp_7345, on_load,
-     string_table,otp_8949_a,otp_8949_a].
+     string_table,otp_8949_a,otp_8949_a,split_cases].
 
 groups() -> 
     [{vsn, [], [vsn_1, vsn_2, vsn_3]}].
@@ -159,6 +159,7 @@ split({int, N}, <<N:16,B:N/binary,T/binary>>) ->
 ?comp(convopts).
 ?comp(otp_7202).
 ?comp(on_load).
+?comp(on_load_inline).
 
 beam_compiler_7(doc) ->
     "Code snippet submitted from Ulf Wiger which fails in R3 Beam.";
@@ -427,9 +428,9 @@ self_compile_1(Config, Prefix, Opts) ->
     %% Compile the compiler again using the newly compiled compiler.
     %% (In another node because reloading the compiler would disturb cover.)
     CompilerB = Prefix++"compiler_b",
-    ?line CompB = make_compiler_dir(Priv, Prefix++"compiler_b"),
+    CompB = make_compiler_dir(Priv, CompilerB),
     ?line VsnB = VsnA ++ ".0",
-    ?line self_compile_node(CompilerB, CompA, CompB, VsnB, Opts),
+    self_compile_node(CompA, CompB, VsnB, Opts),
 
     %% Compare compiler directories.
     ?line compare_compilers(CompA, CompB),
@@ -438,21 +439,26 @@ self_compile_1(Config, Prefix, Opts) ->
     ?line CompilerC = Prefix++"compiler_c",
     ?line CompC = make_compiler_dir(Priv, CompilerC),
     ?line VsnC = VsnB ++ ".0",
-    ?line self_compile_node(CompilerC, CompB, CompC, VsnC, Opts),
+    self_compile_node(CompB, CompC, VsnC, Opts),
     ?line compare_compilers(CompB, CompC),
 
     ?line test_server:timetrap_cancel(Dog),
     ok.
 
-self_compile_node(NodeName0, CompilerDir, OutDir, Version, Opts) ->
-    ?line NodeName = list_to_atom(NodeName0),
-    ?line Dog = test_server:timetrap(test_server:minutes(10)),
+self_compile_node(CompilerDir, OutDir, Version, Opts) ->
+    ?line Dog = test_server:timetrap(test_server:minutes(15)),
     ?line Pa = "-pa " ++ filename:dirname(code:which(?MODULE)) ++
 	" -pa " ++ CompilerDir,
-    ?line {ok,Node} = start_node(NodeName, Pa),
     ?line Files = compiler_src(),
-    ?line ok = rpc:call(Node, ?MODULE, compile_compiler, [Files,OutDir,Version,Opts]),
-    ?line test_server:stop_node(Node),
+
+    %% We don't want the cover server started on the other node,
+    %% because it will load the same cover-compiled code as on this
+    %% node. Use a shielded node to prevent the cover server from
+    %% being started.
+    ?t:run_on_shielded_node(
+       fun() ->
+	       compile_compiler(Files, OutDir, Version, Opts)
+       end, Pa),
     ?line test_server:timetrap_cancel(Dog),
     ok.
 
@@ -465,9 +471,12 @@ compile_compiler(Files, OutDir, Version, InlineOpts) ->
 	    {d,'COMPILER_VSN',"\""++Version++"\""},
 	    nowarn_shadow_vars,
 	    {i,filename:join(code:lib_dir(stdlib), "include")}|InlineOpts],
-    lists:foreach(fun(File) ->
-			  {ok,_} = compile:file(File, Opts)
-		  end, Files).
+    test_lib:p_run(fun(File) ->
+			   case compile:file(File, Opts) of
+			       {ok,_} -> ok;
+			       _ -> error
+			   end
+		   end, Files).
 
 compiler_src() ->
     filelib:wildcard(filename:join([code:lib_dir(compiler), "src", "*.erl"])).
@@ -657,5 +666,19 @@ otp_8949_b(A, B) ->
 	    id(Var)
     end.
     
+split_cases(_) ->
+    dummy1 = do_split_cases(x),
+    {'EXIT',{{badmatch,b},_}} = (catch do_split_cases(y)),
+    ok.
+
+do_split_cases(A) ->
+    case A of
+        x ->
+	    Z = dummy1;
+        _ ->
+	    Z = dummy2,
+	    a=b
+    end,
+    Z.
 
 id(I) -> I.
diff --git a/lib/compiler/test/compilation_SUITE_data/on_load_inline.erl b/lib/compiler/test/compilation_SUITE_data/on_load_inline.erl
new file mode 100644
index 0000000000..322843b61e
--- /dev/null
+++ b/lib/compiler/test/compilation_SUITE_data/on_load_inline.erl
@@ -0,0 +1,23 @@
+-module(on_load_inline).
+-export([?MODULE/0]).
+-on_load(on_load/0).
+-compile(inline).
+
+?MODULE() ->
+    [{pid,Pid}] = ets:lookup(on_load_executed, pid),
+    exit(Pid, kill),
+    ok.
+
+on_load() ->
+    Parent = self(),
+    spawn(fun() ->
+		  T = ets:new(on_load_executed, [named_table]),
+		  ets:insert(T, {pid,self()}),
+		  Parent ! done,
+		  receive
+		      wait_forever -> ok
+		  end
+	  end),
+    receive
+	done -> ok
+    end.
diff --git a/lib/compiler/test/compile_SUITE.erl b/lib/compiler/test/compile_SUITE.erl
index 8c6a623dfb..640849f2ec 100644
--- a/lib/compiler/test/compile_SUITE.erl
+++ b/lib/compiler/test/compile_SUITE.erl
@@ -29,7 +29,8 @@
 	 binary/1, makedep/1, cond_and_ifdef/1, listings/1, listings_big/1,
 	 other_output/1, package_forms/1, encrypted_abstr/1,
 	 bad_record_use1/1, bad_record_use2/1, strict_record/1,
-	 missing_testheap/1, cover/1, env/1, core/1, asm/1]).
+	 missing_testheap/1, cover/1, env/1, core/1, asm/1,
+	 sys_pre_attributes/1]).
 
 -export([init/3]).
 
@@ -45,7 +46,8 @@ all() ->
      binary, makedep, cond_and_ifdef, listings, listings_big,
      other_output, package_forms, encrypted_abstr,
      {group, bad_record_use}, strict_record,
-     missing_testheap, cover, env, core, asm].
+     missing_testheap, cover, env, core, asm,
+     sys_pre_attributes].
 
 groups() -> 
     [{bad_record_use, [],
@@ -77,12 +79,22 @@ file_1(Config) when is_list(Config) ->
     ?line {Simple, Target} = files(Config, "file_1"),
     ?line {ok, Cwd} = file:get_cwd(),
     ?line ok = file:set_cwd(filename:dirname(Target)),
-    ?line {ok,simple} = compile:file(Simple),	%Smoke test only.
+
+    %% Native from BEAM without compilation info.
     ?line {ok,simple} = compile:file(Simple, [slim]), %Smoke test only.
-    ?line {ok,simple} = compile:file(Simple, [native,report]), %Smoke test.
     ?line {ok,simple} = compile:file(Target, [native,from_beam]), %Smoke test.
-    ?line {ok,simple} = compile:file(Simple, [debug_info]),
+
+    %% Native from BEAM with compilation info.
+    ?line {ok,simple} = compile:file(Simple),	%Smoke test only.
+    ?line {ok,simple} = compile:file(Target, [native,from_beam]), %Smoke test.
+
+    ?line {ok,simple} = compile:file(Simple, [native,report]), %Smoke test.
+
+    ?line compile_and_verify(Simple, Target, []),
+    ?line compile_and_verify(Simple, Target, [native]),
+    ?line compile_and_verify(Simple, Target, [debug_info]),
     ?line {ok,simple} = compile:file(Simple, [no_line_info]), %Coverage
+
     ?line ok = file:set_cwd(Cwd),
     ?line true = exists(Target),
     ?line passed = run(Target, test, []),
@@ -113,10 +125,9 @@ big_file(Config) when is_list(Config) ->
     ?line Big = filename:join(DataDir, "big.erl"),
     ?line Target = filename:join(PrivDir, "big.beam"),
     ?line ok = file:set_cwd(PrivDir),
-    ?line {ok,big} = compile:file(Big, []),
-    ?line {ok,big} = compile:file(Big, [r9,debug_info]),
-    ?line {ok,big} = compile:file(Big, [no_postopt]),
-    ?line true = exists(Target),
+    ?line compile_and_verify(Big, Target, []),
+    ?line compile_and_verify(Big, Target, [debug_info]),
+    ?line compile_and_verify(Big, Target, [no_postopt]),
 
     %% Cleanup.
     ?line ok = file:delete(Target),
@@ -775,3 +786,46 @@ do_asm(Beam, Outdir) ->
 		      [M,Class,Error,erlang:get_stacktrace()]),
 	    error
     end.
+
+sys_pre_attributes(Config) ->
+    DataDir = ?config(data_dir, Config),
+    File = filename:join(DataDir, "attributes.erl"),
+    Mod = attributes,
+    CommonOpts = [binary,report,verbose,
+		  {parse_transform,sys_pre_attributes}],
+    PreOpts = [{attribute,delete,deleted}],
+    PostOpts = [{attribute,insert,inserted,"value"}],
+    PrePostOpts = [{attribute,replace,replaced,42},
+		   {attribute,replace,replace_nonexisting,new}],
+    {ok,Mod,Code} = compile:file(File, PrePostOpts ++ PreOpts ++
+				     PostOpts ++ CommonOpts),
+    code:load_binary(Mod, File, Code),
+    Attr = Mod:module_info(attributes),
+    io:format("~p", [Attr]),
+    {inserted,"value"} = lists:keyfind(inserted, 1, Attr),
+    {replaced,[42]} = lists:keyfind(replaced, 1, Attr),
+    {replace_nonexisting,[new]} = lists:keyfind(replace_nonexisting, 1, Attr),
+    false = lists:keymember(deleted, 1, Attr),
+
+    %% Cover more code.
+    {ok,Mod,_} = compile:file(File, PostOpts ++ CommonOpts),
+    {ok,Mod,_} = compile:file(File, CommonOpts -- [verbose]),
+    {ok,Mod,_} = compile:file(File, PreOpts ++ CommonOpts),
+    {ok,Mod,_} = compile:file(File,
+			      [{attribute,replace,replaced,42}|CommonOpts]),
+    {ok,Mod,_} = compile:file(File, PrePostOpts ++ PreOpts ++
+				  PostOpts ++ CommonOpts --
+				  [report,verbose]),
+    ok.
+
+%%%
+%%% Utilities.
+%%%
+
+compile_and_verify(Name, Target, Opts) ->
+    Mod = list_to_atom(filename:basename(Name, ".erl")),
+    {ok,Mod} = compile:file(Name, Opts),
+    {ok,{Mod,[{compile_info,CInfo}]}} = 
+	beam_lib:chunks(Target, [compile_info]),
+    {options,BeamOpts} = lists:keyfind(options, 1, CInfo),
+    Opts = BeamOpts.
diff --git a/lib/compiler/test/compile_SUITE_data/attributes.erl b/lib/compiler/test/compile_SUITE_data/attributes.erl
new file mode 100644
index 0000000000..9c3451d272
--- /dev/null
+++ b/lib/compiler/test/compile_SUITE_data/attributes.erl
@@ -0,0 +1,23 @@
+%%
+%% %CopyrightBegin%
+%% 
+%% Copyright Ericsson AB 2012. All Rights Reserved.
+%% 
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%% 
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%% 
+%% %CopyrightEnd%
+%%
+
+-module(attributes).
+-deleted(dummy).
+-replaced(dummy).
+
diff --git a/lib/compiler/test/compiler.cover b/lib/compiler/test/compiler.cover
index 9fc4c7dd43..3fd7fc1937 100644
--- a/lib/compiler/test/compiler.cover
+++ b/lib/compiler/test/compiler.cover
@@ -1,5 +1,5 @@
 {incl_app,compiler,details}.
 
 %% -*- erlang -*-
-{excl_mods,[sys_pre_attributes,core_scan,core_parse]}.
+{excl_mods,compiler,[core_scan,core_parse]}.
 
diff --git a/lib/compiler/test/core_SUITE.erl b/lib/compiler/test/core_SUITE.erl
index 26173c62b8..874e02803d 100644
--- a/lib/compiler/test/core_SUITE.erl
+++ b/lib/compiler/test/core_SUITE.erl
@@ -21,7 +21,9 @@
 -export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
 	 init_per_group/2,end_per_group/2,
 	 init_per_testcase/2,end_per_testcase/2,
-	 dehydrated_itracer/1,nested_tries/1]).
+	 dehydrated_itracer/1,nested_tries/1,
+	 make_effect_seq/1,eval_is_boolean/1,
+	 unsafe_case/1,nomatch_shadow/1,reversed_annos/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 
@@ -41,7 +43,8 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
     test_lib:recompile(?MODULE),
-    [dehydrated_itracer, nested_tries].
+    [dehydrated_itracer,nested_tries,make_effect_seq,
+     eval_is_boolean,unsafe_case,nomatch_shadow,reversed_annos].
 
 groups() -> 
     [].
@@ -61,19 +64,18 @@ end_per_group(_GroupName, Config) ->
 
 ?comp(dehydrated_itracer).
 ?comp(nested_tries).
+?comp(make_effect_seq).
+?comp(eval_is_boolean).
+?comp(unsafe_case).
+?comp(nomatch_shadow).
+?comp(reversed_annos).
 
 try_it(Mod, Conf) ->
-    ?line Src = filename:join(?config(data_dir, Conf), atom_to_list(Mod)),
-    ?line Out = ?config(priv_dir,Conf),
-    ?line io:format("Compiling: ~s\n", [Src]),
-    ?line CompRc0 = compile:file(Src, [from_core,{outdir,Out},report,time]),
-    ?line io:format("Result: ~p\n",[CompRc0]),
-    ?line {ok,Mod} = CompRc0,
-
-    ?line {module,Mod} = code:load_abs(filename:join(Out, Mod)),
-    ?line ok = Mod:Mod(),
-    ok.
-
-
-
-
+    Src = filename:join(?config(data_dir, Conf), atom_to_list(Mod)),
+    compile_and_load(Src, []),
+    compile_and_load(Src, [no_copt]).
+
+compile_and_load(Src, Opts) ->
+    {ok,Mod,Bin} = compile:file(Src, [from_core,report,time,binary|Opts]),
+    {module,Mod} = code:load_binary(Mod, Mod, Bin),
+    ok = Mod:Mod().
diff --git a/lib/compiler/test/core_SUITE_data/eval_is_boolean.core b/lib/compiler/test/core_SUITE_data/eval_is_boolean.core
new file mode 100644
index 0000000000..6a68b1414d
--- /dev/null
+++ b/lib/compiler/test/core_SUITE_data/eval_is_boolean.core
@@ -0,0 +1,22 @@
+module 'eval_is_boolean' ['eval_is_boolean'/0]
+    attributes []
+'eval_is_boolean'/0 =
+    %% Line 4
+    fun () ->
+	case <> of
+	  <> when 'true' ->
+		case call 'erlang':'is_boolean'(call 'erlang':'make_ref'()) of
+		    <'false'> when 'true' ->
+			'ok'
+		    ( <_cor1> when 'true' ->
+			  primop 'match_fail'
+			      ({'badmatch',_cor1})
+		      -| ['compiler_generated'] )
+		  end
+	  ( <> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause'})
+		  -| [{'function_name',{'eval_is_boolean',0}}] )
+	    -| ['compiler_generated'] )
+	end
+end
diff --git a/lib/compiler/test/core_SUITE_data/make_effect_seq.core b/lib/compiler/test/core_SUITE_data/make_effect_seq.core
new file mode 100644
index 0000000000..9941e63b76
--- /dev/null
+++ b/lib/compiler/test/core_SUITE_data/make_effect_seq.core
@@ -0,0 +1,51 @@
+module 'make_effect_seq' ['make_effect_seq'/0]
+    attributes []
+'make_effect_seq'/0 =
+    fun () ->
+	case <> of
+	  <> when 'true' ->
+	      let <_cor0> =
+		  catch
+		      apply 't'/1
+			  ('a')
+	      in
+		  case _cor0 of
+		    <{'EXIT',{'badarg',_cor3}}> when 'true' ->
+			let <_cor4> =
+			    apply 't'/1
+				({'a','b','c'})
+			in
+			    case _cor4 of
+			      <'ok'> when 'true' ->
+				  ( _cor4
+				    -| ['compiler_generated'] )
+			      ( <_cor2> when 'true' ->
+				    primop 'match_fail'
+					({'badmatch',_cor2})
+				-| ['compiler_generated'] )
+			    end
+		    ( <_cor1> when 'true' ->
+			  primop 'match_fail'
+			      ({'badmatch',_cor1})
+		      -| ['compiler_generated'] )
+		  end
+	  ( <> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause'})
+		  -| [{'function_name',{'make_effect_seq',0}}] )
+	    -| ['compiler_generated'] )
+	end
+'t'/1 =
+    fun (_cor0) ->
+	case _cor0 of
+	  <T> when 'true' ->
+	      do
+		  {'ok',call 'erlang':'element'(2, T)}
+		  'ok'
+	  ( <_cor2> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause',_cor2})
+		  -| [{'function_name',{'t',1}}] )
+	    -| ['compiler_generated'] )
+	end
+end
diff --git a/lib/compiler/test/core_SUITE_data/nomatch_shadow.core b/lib/compiler/test/core_SUITE_data/nomatch_shadow.core
new file mode 100644
index 0000000000..565d9dc0f3
--- /dev/null
+++ b/lib/compiler/test/core_SUITE_data/nomatch_shadow.core
@@ -0,0 +1,28 @@
+module 'nomatch_shadow' ['nomatch_shadow'/0]
+    attributes []
+'nomatch_shadow'/0 =
+    fun () ->
+	case <> of
+	  <> when 'true' ->
+	      apply 't'/1
+		  (42)
+	  ( <> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause'})
+		  -| [{'function_name',{'nomatch_shadow',0}}] )
+	    -| ['compiler_generated'] )
+	end
+'t'/1 =
+    fun (_cor0) ->
+	case _cor0 of
+	  <42> when 'true' ->
+	      'ok'
+	  <42> when 'true' ->
+	      'ok'
+	  ( <_cor1> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause',_cor1})
+		  -| [{'function_name',{'t',1}}] )
+	    -| ['compiler_generated'] )
+	end
+end
diff --git a/lib/compiler/test/core_SUITE_data/reversed_annos.core b/lib/compiler/test/core_SUITE_data/reversed_annos.core
new file mode 100644
index 0000000000..95b3cd52d6
--- /dev/null
+++ b/lib/compiler/test/core_SUITE_data/reversed_annos.core
@@ -0,0 +1,49 @@
+module 'reversed_annos' ['reversed_annos'/0]
+    attributes []
+'reversed_annos'/0 =
+    fun () ->
+	case <> of
+	  <> when 'true' ->
+	      case apply 't'/1
+		       (['a']) of
+		<'ok'> when 'true' ->
+		    let <_cor2> =
+			apply 't'/1
+			    (['a'|['b']])
+		    in
+			case _cor2 of
+			  <'ok'> when 'true' ->
+			      ( _cor2
+				-| ['compiler_generated'] )
+			  ( <_cor1> when 'true' ->
+				primop 'match_fail'
+				    ({'badmatch',_cor1})
+			    -| ['compiler_generated'] )
+			end
+		( <_cor0> when 'true' ->
+		      primop 'match_fail'
+			  ({'badmatch',_cor0})
+		  -| ['compiler_generated'] )
+	      end
+	  ( <> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause'})
+		  -| [{'function_name',{'reversed_annos',0}}] )
+	    -| ['compiler_generated'] )
+	end
+'t'/1 =
+    fun (_cor0) ->
+	case _cor0 of
+	  <[_cor2|_cor3]> when 'true' ->
+	      'ok'
+	  %% Cover v3_kernel:get_line/1.
+	  ( <['a']> when 'true' ->
+	      'error'
+            -| [{'file',"reversed_annos.erl"},11] )
+	  ( <_cor1> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause',_cor1})
+		  -| [{'function_name',{'t',1}}] )
+	    -| ['compiler_generated'] )
+	end
+end
diff --git a/lib/compiler/test/core_SUITE_data/unsafe_case.core b/lib/compiler/test/core_SUITE_data/unsafe_case.core
new file mode 100644
index 0000000000..84cb2c310a
--- /dev/null
+++ b/lib/compiler/test/core_SUITE_data/unsafe_case.core
@@ -0,0 +1,25 @@
+module 'unsafe_case' ['unsafe_case'/0]
+    attributes []
+'unsafe_case'/0 =
+    fun () ->
+	case apply 't'/1
+		 (42) of
+	  <{'ok',42}> when 'true' ->
+	      'ok'
+	  ( <_cor0> when 'true' ->
+		primop 'match_fail'
+		    ({'badmatch',_cor0})
+	    -| ['compiler_generated'] )
+	end
+'t'/1 =
+    fun (_cor0) ->
+	case _cor0 of
+	  <X>
+	      when call 'erlang':'>'
+		    (_cor0,
+		     0) ->
+	      {'ok',X}
+	  %% The default case is intentionally missing
+	  %% to cover v3_kernel:build_match/2.
+	end
+end
diff --git a/lib/compiler/test/core_fold_SUITE.erl b/lib/compiler/test/core_fold_SUITE.erl
index ac14d36e82..fb5ec88c9f 100644
--- a/lib/compiler/test/core_fold_SUITE.erl
+++ b/lib/compiler/test/core_fold_SUITE.erl
@@ -214,6 +214,7 @@ coverage(Config) when is_list(Config) ->
 	(catch cover_will_match_list_type({a,b,c,d})),
     ?line a = cover_remove_non_vars_alias({a,b,c}),
     ?line error = cover_will_match_lit_list(),
+    {ok,[a]} = cover_is_safe_bool_expr(a),
 
     %% Make sure that we don't attempt to make literals
     %% out of pids. (Putting a pid into a #c_literal{}
@@ -249,4 +250,17 @@ cover_will_match_lit_list() ->
 	    error
     end.
 
+cover_is_safe_bool_expr(X) ->
+    %% Use a try...catch that looks like a try...catch in a guard.
+    try
+	%% let V = [X] in {ok,V}
+	%%    is_safe_simple([X]) ==> true
+	%%    is_safe_bool_expr([X]) ==> false
+	V = [X],
+	{ok,V}
+    catch
+	_:_ ->
+	    false
+    end.
+
 id(I) -> I.
diff --git a/lib/compiler/test/inline_SUITE.erl b/lib/compiler/test/inline_SUITE.erl
index 086fba2649..2e17d3fde6 100644
--- a/lib/compiler/test/inline_SUITE.erl
+++ b/lib/compiler/test/inline_SUITE.erl
@@ -33,7 +33,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 all() -> 
     test_lib:recompile(?MODULE),
     [attribute, bsdecode, bsdes, barnes2, decode1, smith,
-     itracer, pseudoknot, lists, really_inlined, otp_7223,
+     itracer, pseudoknot, comma_splitter, lists, really_inlined, otp_7223,
      coverage].
 
 groups() -> 
@@ -78,6 +78,7 @@ attribute(Config) when is_list(Config) ->
 ?comp(smith).
 ?comp(itracer).
 ?comp(pseudoknot).
+?comp(comma_splitter).
 
 try_inline(Mod, Config) ->
     ?line Src = filename:join(?config(data_dir, Config), atom_to_list(Mod)),
diff --git a/lib/compiler/test/inline_SUITE_data/comma_splitter.erl b/lib/compiler/test/inline_SUITE_data/comma_splitter.erl
new file mode 100644
index 0000000000..eaa89e0edc
--- /dev/null
+++ b/lib/compiler/test/inline_SUITE_data/comma_splitter.erl
@@ -0,0 +1,18 @@
+-module(comma_splitter).
+-export([?MODULE/0]).
+
+?MODULE() ->
+    {<<"def">>,<<"cba">>} = split_at_comma(<<"abc,   def">>, <<>>),
+    ok.
+
+strip_leading_ws(<<N, Rest/binary>>) when N =< $\s ->
+    strip_leading_ws(Rest);
+strip_leading_ws(B) ->
+    B.
+
+split_at_comma(<<>>, Accu) ->
+    {<<>>, Accu};
+split_at_comma(<<$,, Rest/binary>>, Accu) ->
+    {strip_leading_ws(Rest), Accu};
+split_at_comma(<<C, Rest/binary>>, Accu) ->
+    split_at_comma(Rest, <<C, Accu/binary>>).
diff --git a/lib/compiler/test/misc_SUITE.erl b/lib/compiler/test/misc_SUITE.erl
index 9b414cade6..5e13a93c52 100644
--- a/lib/compiler/test/misc_SUITE.erl
+++ b/lib/compiler/test/misc_SUITE.erl
@@ -190,6 +190,15 @@ silly_coverage(Config) when is_list(Config) ->
 		     {label,2}|non_proper_list]}],99},
     ?line expect_error(fun() -> beam_block:module(BlockInput, []) end),
 
+    %% beam_except
+    ExceptInput = {?MODULE,[{foo,0}],[],
+		   [{function,foo,0,2,
+		     [{label,1},
+		      {line,loc},
+		      {func_info,{atom,?MODULE},{atom,foo},0},
+		      {label,2}|non_proper_list]}],99},
+    expect_error(fun() -> beam_except:module(ExceptInput, []) end),
+
     %% beam_bool
     BoolInput = {?MODULE,[{foo,0}],[],
 		  [{function,foo,0,2,
@@ -253,8 +262,15 @@ expect_error(Fun) ->
 	    io:format("~p", [Any]),
 	    ?t:fail(call_was_supposed_to_fail)
     catch
-	_:_ ->
-	    io:format("~p\n", [erlang:get_stacktrace()])
+	Class:Reason ->
+	    Stk = erlang:get_stacktrace(),
+	    io:format("~p:~p\n~p\n", [Class,Reason,Stk]),
+	    case {Class,Reason} of
+		{error,undef} ->
+		    ?t:fail(not_supposed_to_fail_with_undef);
+		{_,_} ->
+		    ok
+	    end
     end.
 
 confused_literals(Config) when is_list(Config) ->
diff --git a/lib/compiler/test/parteval_SUITE.erl b/lib/compiler/test/parteval_SUITE.erl
deleted file mode 100644
index 6b1ae38c1b..0000000000
--- a/lib/compiler/test/parteval_SUITE.erl
+++ /dev/null
@@ -1,66 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
--module(parteval_SUITE).
-
--include_lib("test_server/include/test_server.hrl").
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
-	 init_per_group/2,end_per_group/2, pe2/1]).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() -> 
-    [pe2].
-
-groups() -> 
-    [].
-
-init_per_suite(Config) ->
-    Config.
-
-end_per_suite(_Config) ->
-    ok.
-
-init_per_group(_GroupName, Config) ->
-    Config.
-
-end_per_group(_GroupName, Config) ->
-    Config.
-
-
-%% (This is more general than needed, since we once compiled the same
-%% source code with and without a certain option.)
-compile_and_load(Srcname, Outdir, Module, Options) ->
-    ?line Objname = filename:join(Outdir, "t1") ++ code:objfile_extension(),
-    ?line {ok, Module} =
-	compile:file(Srcname,
-		     [{d, 'M', Module}, {outdir, Outdir}] ++ Options),
-    ?line {ok, B} = file:read_file(Objname),
-    ?line {module, Module} = code:load_binary(Module, Objname, B),
-    B.
-
-pe2(Config) when is_list(Config) ->
-    ?line DataDir = ?config(data_dir, Config),
-    ?line PrivDir = ?config(priv_dir, Config),
-    ?line Srcname = filename:join(DataDir, "t1.erl"),
-    ?line compile_and_load(Srcname, PrivDir, t1, []),
-
-    ?line {Correct, Actual} = t1:run(),
-    ?line Correct = Actual,
-    ok.
diff --git a/lib/compiler/test/parteval_SUITE_data/t1.erl b/lib/compiler/test/parteval_SUITE_data/t1.erl
deleted file mode 100644
index 5e4a40f103..0000000000
--- a/lib/compiler/test/parteval_SUITE_data/t1.erl
+++ /dev/null
@@ -1,140 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1998-2009. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
--module(?M).
-
--compile(export_all).
-
-%%% The arity-0 functions are all called from the test suite.
-
-f2() ->
-    size({1,2}).
-
-i() ->
-    case [] of
-	[] ->
-	    ok;
-	X ->
-	    hopp
-    end.
-
-e() ->
-    case 4+5 of
-%	X when X>10 -> kvock;	% not removed by BEAM opt.
-	{X,X} when list(X) ->
-	    kvack;
-	9 ->
-	    ok;
-	_ ->
-	    ko
-    end.
-
-f() ->
-    element(2,{a,b,c,d}),
-    erlang:element(2,{a,b,c,d}),
-    "hej" ++ "hopp".
-
-g(X) ->
-    if
-	float(3.4) ->
-	    hej;
-	X == 5, 4==4 ->
-	    japp;
-	4 == 4, size({1,2}) == 1 ->
-	    ok
-    end.
-
-g() ->
-    {g(3),g(5)}.
-
-bliff() ->
-    if
-	3==4 ->
-	    himm
-    end.
-
-fi() ->
-    case 4 of
-	X when 4==3 ->
-	    {X};
-	4 ->
-	    4;
-	_ ->
-	    ok
-    end.
-
-iff() when 3==2 ->
-    if
-	3 == 4 ->
-	    baff;
-	3 == 3 ->
-	    nipp
-    end.
-
-sleep(I) -> receive after I -> ok end.
-
-sleep() ->
-    sleep(45).
-
-s() ->
-    case 4 of
-	3 ->
-	    ok
-    end.
-
-error_reason(R) when atom(R) ->
-    R;
-error_reason(R) when tuple(R) ->
-    error_reason(element(1, R)).
-
-plusplus() ->
-    ?MODULE ++ " -> mindre snygg felhantering".
-
-call_it(F) ->
-    case (catch apply(?MODULE, F, [])) of
-	{'EXIT', R0} ->
-	    {'EXIT', error_reason(R0)};
-	V ->
-	    V
-    end.
-
-run() ->
-    L = [{f2, 2},
-	 {i, ok},
-	 {e, ok},
-	 {f, "hejhopp"},
-	 {g, {hej, hej}},
-	 {bliff, {'EXIT', if_clause}},
-	 {fi, 4},
-	 {iff, {'EXIT', function_clause}},
-	 {sleep, ok},
-	 {s, {'EXIT', case_clause},
-	 {plusplus, {'EXIT', badarg}}}],
-    Actual = [call_it(F) || {F, _} <- L],
-    Correct = [C || {_, C} <- L],
-    {Correct, Actual}.
-
-
-%%% Don't call, only compile.
-t(A) ->
-    receive
-	A when 1==2 ->
-	    ok;
-	B ->
-	    B
-    end.
diff --git a/lib/compiler/test/pmod_SUITE.erl b/lib/compiler/test/pmod_SUITE.erl
index 3d02adaf52..5dd09a7245 100644
--- a/lib/compiler/test/pmod_SUITE.erl
+++ b/lib/compiler/test/pmod_SUITE.erl
@@ -100,6 +100,7 @@ basic_1(Config, Opts) ->
     Fun = fun(Arg) -> Prop4:bar(Arg) end,
     ?line ok = Fun({s,0}),
 
+    [{y,[1,2]},{x,[5,19]}] = Prop4:collapse([{y,[2,1]},{x,[19,5]}]),
     ok.
 
 otp_8447(Config) when is_list(Config) ->
diff --git a/lib/compiler/test/pmod_SUITE_data/pmod_basic.erl b/lib/compiler/test/pmod_SUITE_data/pmod_basic.erl
index 0d46cffe00..19cce452dc 100644
--- a/lib/compiler/test/pmod_SUITE_data/pmod_basic.erl
+++ b/lib/compiler/test/pmod_SUITE_data/pmod_basic.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,6 +21,7 @@
 -export([lookup/1,or_props/1,prepend/1,append/1,stupid_sum/0]).
 -export([bar/1,bar_bar/1]).
 -export([bc1/0, bc2/0]).
+-export([collapse/1]).
 
 lookup(Key) ->
     proplists:lookup(Key, Props).
@@ -77,3 +78,6 @@ bc1() ->
 
 bc2() ->
     << <<A:1>> || A <- [1,0,1,0] >>.
+
+collapse(L) ->
+    lists:keymap(fun lists:sort/1, 2, L).
diff --git a/lib/compiler/test/test_lib.erl b/lib/compiler/test/test_lib.erl
index 53d8c04169..2295592a38 100644
--- a/lib/compiler/test/test_lib.erl
+++ b/lib/compiler/test/test_lib.erl
@@ -77,7 +77,14 @@ get_data_dir(Config) ->
 %%  Will fail the test case if there were any errors.
 
 p_run(Test, List) ->
-    N = erlang:system_info(schedulers) + 1,
+    N = case ?t:is_cover() of
+	    false ->
+		erlang:system_info(schedulers);
+	    true ->
+		%% Cover is running. Using more than one process
+		%% will probably only slow down compilation.
+		1
+	end,
     p_run_loop(Test, List, N, [], 0, 0).
 
 p_run_loop(_, [], _, [], Errors, Ws) ->
diff --git a/lib/compiler/test/trycatch_SUITE.erl b/lib/compiler/test/trycatch_SUITE.erl
index 760cf17225..09a23724fe 100644
--- a/lib/compiler/test/trycatch_SUITE.erl
+++ b/lib/compiler/test/trycatch_SUITE.erl
@@ -24,7 +24,7 @@
 	 catch_oops/1,after_oops/1,eclectic/1,rethrow/1,
 	 nested_of/1,nested_catch/1,nested_after/1,
 	 nested_horrid/1,last_call_optimization/1,bool/1,
-	 plain_catch_coverage/1,andalso_orelse/1]).
+	 plain_catch_coverage/1,andalso_orelse/1,get_in_try/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 
@@ -35,7 +35,7 @@ all() ->
     [basic, lean_throw, try_of, try_after, catch_oops,
      after_oops, eclectic, rethrow, nested_of, nested_catch,
      nested_after, nested_horrid, last_call_optimization,
-     bool, plain_catch_coverage, andalso_orelse].
+     bool, plain_catch_coverage, andalso_orelse, get_in_try].
 
 groups() -> 
     [].
@@ -928,3 +928,17 @@ andalso_orelse_2({Type,Keyval}) ->
 
 zero() ->
     0.0.
+
+get_in_try(_) ->
+    undefined = get_valid_line([a], []),
+    ok.
+
+get_valid_line([_|T]=Path, Annotations) ->
+    try
+        get(Path)
+	%% beam_dead used to optimize away an assignment to {y,1}
+	%% because it didn't appear to be used.
+    catch
+        _:not_found ->
+            get_valid_line(T, Annotations)
+    end.
diff --git a/lib/compiler/vsn.mk b/lib/compiler/vsn.mk
index 04290c0a7f..416c2f08bb 100644
--- a/lib/compiler/vsn.mk
+++ b/lib/compiler/vsn.mk
@@ -1 +1 @@
-COMPILER_VSN = 4.7.5
+COMPILER_VSN = 4.8
diff --git a/lib/configure.in.src b/lib/configure.in.src
index 792a7f932a..fea3c7bffa 100644
--- a/lib/configure.in.src
+++ b/lib/configure.in.src
@@ -1,7 +1,7 @@
 dnl
 dnl %CopyrightBegin%
 dnl
-dnl Copyright Ericsson AB 1999-2010. All Rights Reserved.
+dnl Copyright Ericsson AB 1999-2011. All Rights Reserved.
 dnl
 dnl The contents of this file are subject to the Erlang Public License,
 dnl Version 1.1, (the "License"); you may not use this file except in
@@ -17,7 +17,7 @@ dnl
 dnl %CopyrightEnd%
 dnl
 
-dnl Turn of caching
+dnl Turn off caching
 define([AC_CACHE_LOAD], )dnl
 define([AC_CACHE_SAVE], )dnl
 
diff --git a/lib/cosEvent/doc/src/Makefile b/lib/cosEvent/doc/src/Makefile
index db2f7e6da5..6a9b4201d7 100644
--- a/lib/cosEvent/doc/src/Makefile
+++ b/lib/cosEvent/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosEvent/doc/src/notes.xml b/lib/cosEvent/doc/src/notes.xml
index 1da5399755..de98a44b6a 100644
--- a/lib/cosEvent/doc/src/notes.xml
+++ b/lib/cosEvent/doc/src/notes.xml
@@ -32,7 +32,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section>
+  <section><title>cosEvent 2.1.12</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>cosEvent 2.1.11</title>
 
     <section>
diff --git a/lib/cosEvent/src/Makefile b/lib/cosEvent/src/Makefile
index 736b95538a..f8e751f218 100644
--- a/lib/cosEvent/src/Makefile
+++ b/lib/cosEvent/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosEvent/vsn.mk b/lib/cosEvent/vsn.mk
index 85d3cf552b..2cd943e4b2 100644
--- a/lib/cosEvent/vsn.mk
+++ b/lib/cosEvent/vsn.mk
@@ -1,3 +1,3 @@
 
-COSEVENT_VSN = 2.1.11
+COSEVENT_VSN = 2.1.12
 
diff --git a/lib/cosEventDomain/doc/src/Makefile b/lib/cosEventDomain/doc/src/Makefile
index b2cdef278a..cd159c623c 100644
--- a/lib/cosEventDomain/doc/src/Makefile
+++ b/lib/cosEventDomain/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2001-2009. All Rights Reserved.
+# Copyright Ericsson AB 2001-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosEventDomain/doc/src/notes.xml b/lib/cosEventDomain/doc/src/notes.xml
index 585761ce65..fa96792c33 100644
--- a/lib/cosEventDomain/doc/src/notes.xml
+++ b/lib/cosEventDomain/doc/src/notes.xml
@@ -31,7 +31,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section>
+  <section><title>cosEventDomain 1.1.12</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>cosEventDomain 1.1.11</title>
 
     <section>
diff --git a/lib/cosEventDomain/src/Makefile b/lib/cosEventDomain/src/Makefile
index 5af790c760..409cac47f1 100644
--- a/lib/cosEventDomain/src/Makefile
+++ b/lib/cosEventDomain/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2001-2009. All Rights Reserved.
+# Copyright Ericsson AB 2001-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosEventDomain/vsn.mk b/lib/cosEventDomain/vsn.mk
index 7df47cef2e..5ad421e319 100644
--- a/lib/cosEventDomain/vsn.mk
+++ b/lib/cosEventDomain/vsn.mk
@@ -1,3 +1,3 @@
 
-COSEVENTDOMAIN_VSN = 1.1.11
+COSEVENTDOMAIN_VSN = 1.1.12
 
diff --git a/lib/cosFileTransfer/doc/src/Makefile b/lib/cosFileTransfer/doc/src/Makefile
index e62738daba..d9c68987e4 100644
--- a/lib/cosFileTransfer/doc/src/Makefile
+++ b/lib/cosFileTransfer/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosFileTransfer/doc/src/notes.xml b/lib/cosFileTransfer/doc/src/notes.xml
index c7a4fd4504..f38597db10 100644
--- a/lib/cosFileTransfer/doc/src/notes.xml
+++ b/lib/cosFileTransfer/doc/src/notes.xml
@@ -30,7 +30,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section><title>cosFileTransfer 1.1.12</title>
+  <section><title>cosFileTransfer 1.1.13</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>cosFileTransfer 1.1.12</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/cosFileTransfer/src/Makefile b/lib/cosFileTransfer/src/Makefile
index b811ef1106..1d51304f6b 100644
--- a/lib/cosFileTransfer/src/Makefile
+++ b/lib/cosFileTransfer/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosFileTransfer/test/fileTransfer_SUITE.erl b/lib/cosFileTransfer/test/fileTransfer_SUITE.erl
index e94c307ef8..79a234bd28 100644
--- a/lib/cosFileTransfer/test/fileTransfer_SUITE.erl
+++ b/lib/cosFileTransfer/test/fileTransfer_SUITE.erl
@@ -131,10 +131,10 @@ end_per_testcase(_Case, Config) ->
     ok.
 
 init_per_suite(Config) ->
-    case code:which(crypto) of
-	Res when is_atom(Res) ->
+    case crypto_works() of
+	false ->
 	    {skip,"Could not start crypto!"};
-	_Else ->
+	true ->
 	    orber:jump_start(),
 	    cosProperty:install(),
 	    cosProperty:start(),
@@ -165,6 +165,15 @@ init_per_suite(Config) ->
 	    end
     end.
 
+crypto_works() ->
+    try crypto:start() of
+	{error,{already_started,crypto}} -> true;
+	ok -> true
+    catch
+	error:_ ->
+	    false
+    end.
+
 end_per_suite(Config) ->
     ssl:stop(),
     crypto:stop(),
diff --git a/lib/cosFileTransfer/vsn.mk b/lib/cosFileTransfer/vsn.mk
index fe0226e3b3..6d0c6669a3 100644
--- a/lib/cosFileTransfer/vsn.mk
+++ b/lib/cosFileTransfer/vsn.mk
@@ -1 +1 @@
-COSFILETRANSFER_VSN = 1.1.12
+COSFILETRANSFER_VSN = 1.1.13
diff --git a/lib/cosNotification/doc/src/Makefile b/lib/cosNotification/doc/src/Makefile
index 2ead9aba7b..5caee09ec5 100644
--- a/lib/cosNotification/doc/src/Makefile
+++ b/lib/cosNotification/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosNotification/doc/src/notes.xml b/lib/cosNotification/doc/src/notes.xml
index a54230c9f7..c79d040f9a 100644
--- a/lib/cosNotification/doc/src/notes.xml
+++ b/lib/cosNotification/doc/src/notes.xml
@@ -31,7 +31,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section><title>cosNotification 1.1.17</title>
+  <section><title>cosNotification 1.1.18</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>cosNotification 1.1.17</title>
 
     <section><title>Improvements and New Features</title>
       <list>
diff --git a/lib/cosNotification/src/Makefile b/lib/cosNotification/src/Makefile
index be52d1a06f..92225c6cfd 100644
--- a/lib/cosNotification/src/Makefile
+++ b/lib/cosNotification/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosNotification/vsn.mk b/lib/cosNotification/vsn.mk
index b32919a2ef..e7c5465fe4 100644
--- a/lib/cosNotification/vsn.mk
+++ b/lib/cosNotification/vsn.mk
@@ -1,2 +1,2 @@
-COSNOTIFICATION_VSN = 1.1.17
+COSNOTIFICATION_VSN = 1.1.18
 
diff --git a/lib/cosProperty/doc/src/Makefile b/lib/cosProperty/doc/src/Makefile
index d4c89ff44f..50f2e06f6c 100644
--- a/lib/cosProperty/doc/src/Makefile
+++ b/lib/cosProperty/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosProperty/doc/src/notes.xml b/lib/cosProperty/doc/src/notes.xml
index 85b2119e9d..f5f737e2a3 100644
--- a/lib/cosProperty/doc/src/notes.xml
+++ b/lib/cosProperty/doc/src/notes.xml
@@ -31,7 +31,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section>
+  <section><title>cosProperty 1.1.15</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>cosProperty 1.1.14</title>
 
     <section>
diff --git a/lib/cosProperty/src/Makefile b/lib/cosProperty/src/Makefile
index b72019f37d..8060421b4e 100644
--- a/lib/cosProperty/src/Makefile
+++ b/lib/cosProperty/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosProperty/vsn.mk b/lib/cosProperty/vsn.mk
index ecc4a2746c..a4b1a2c94e 100644
--- a/lib/cosProperty/vsn.mk
+++ b/lib/cosProperty/vsn.mk
@@ -1,2 +1,2 @@
-COSPROPERTY_VSN = 1.1.14
+COSPROPERTY_VSN = 1.1.15
 
diff --git a/lib/cosTime/doc/src/Makefile b/lib/cosTime/doc/src/Makefile
index af418896aa..4e97b07cf4 100644
--- a/lib/cosTime/doc/src/Makefile
+++ b/lib/cosTime/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosTime/doc/src/notes.xml b/lib/cosTime/doc/src/notes.xml
index 3698e4813e..c70978df2b 100644
--- a/lib/cosTime/doc/src/notes.xml
+++ b/lib/cosTime/doc/src/notes.xml
@@ -32,7 +32,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section>
+  <section><title>cosTime 1.1.12</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>cosTime 1.1.11</title>
 
     <section>
diff --git a/lib/cosTime/src/Makefile b/lib/cosTime/src/Makefile
index fa456249bd..18c25ca8f1 100644
--- a/lib/cosTime/src/Makefile
+++ b/lib/cosTime/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosTime/vsn.mk b/lib/cosTime/vsn.mk
index 4d982f3013..14d3b61bc6 100644
--- a/lib/cosTime/vsn.mk
+++ b/lib/cosTime/vsn.mk
@@ -1,2 +1,2 @@
-COSTIME_VSN = 1.1.11
+COSTIME_VSN = 1.1.12
 
diff --git a/lib/cosTransactions/doc/src/Makefile b/lib/cosTransactions/doc/src/Makefile
index 7d959cbc8f..4341ec04a3 100644
--- a/lib/cosTransactions/doc/src/Makefile
+++ b/lib/cosTransactions/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosTransactions/doc/src/notes.xml b/lib/cosTransactions/doc/src/notes.xml
index 29addf424d..f3a7a83fb0 100644
--- a/lib/cosTransactions/doc/src/notes.xml
+++ b/lib/cosTransactions/doc/src/notes.xml
@@ -32,7 +32,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section>
+  <section><title>cosTransactions 1.2.12</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>cosTransactions 1.2.11</title>
     <section>
       <title>Improvements and New Features</title>
diff --git a/lib/cosTransactions/src/Makefile b/lib/cosTransactions/src/Makefile
index e7d4b0b080..3c799ca0ca 100644
--- a/lib/cosTransactions/src/Makefile
+++ b/lib/cosTransactions/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosTransactions/vsn.mk b/lib/cosTransactions/vsn.mk
index 3960c58c5b..7ca604b589 100644
--- a/lib/cosTransactions/vsn.mk
+++ b/lib/cosTransactions/vsn.mk
@@ -1 +1 @@
-COSTRANSACTIONS_VSN = 1.2.11
+COSTRANSACTIONS_VSN = 1.2.12
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 802c1991de..4dc62421d2 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -53,6 +53,17 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_SHA256) && defined(NID_sha256)
+# define HAVE_SHA256
+#endif
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_SHA384) && defined(NID_sha384)\
+         && !defined(OPENSSL_NO_SHA512) /* disabled like this in my sha.h (?) */
+# define HAVE_SHA384
+#endif
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_SHA512) && defined(NID_sha512)
+# define HAVE_SHA512
+#endif
+
 #ifdef VALGRIND
     #  include <valgrind/memcheck.h>
 
@@ -124,6 +135,14 @@ static ERL_NIF_TERM sha(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM sha_init(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM sha_update(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM sha_final(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha256_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha256_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha256_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha256_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha512_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha512_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha512_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha512_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM md4(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM md4_init(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM md4_update(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
@@ -148,7 +167,7 @@ static ERL_NIF_TERM strong_rand_mpint_nif(ErlNifEnv* env, int argc, const ERL_NI
 static ERL_NIF_TERM rand_uniform_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM mod_exp_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM dss_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
-static ERL_NIF_TERM rsa_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM rsa_verify_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM aes_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM exor(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rc4_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
@@ -201,6 +220,14 @@ static ErlNifFunc nif_funcs[] = {
     {"sha_init", 0, sha_init},
     {"sha_update", 2, sha_update},
     {"sha_final", 1, sha_final},
+    {"sha256_nif", 1, sha256_nif},
+    {"sha256_init_nif", 0, sha256_init_nif},
+    {"sha256_update_nif", 2, sha256_update_nif},
+    {"sha256_final_nif", 1, sha256_final_nif},
+    {"sha512_nif", 1, sha512_nif},
+    {"sha512_init_nif", 0, sha512_init_nif},
+    {"sha512_update_nif", 2, sha512_update_nif},
+    {"sha512_final_nif", 1, sha512_final_nif},
     {"md4", 1, md4},
     {"md4_init", 0, md4_init},
     {"md4_update", 2, md4_update},
@@ -228,7 +255,7 @@ static ErlNifFunc nif_funcs[] = {
     {"rand_uniform_nif", 2, rand_uniform_nif},
     {"mod_exp_nif", 3, mod_exp_nif},
     {"dss_verify", 4, dss_verify},
-    {"rsa_verify", 4, rsa_verify},
+    {"rsa_verify_nif", 4, rsa_verify_nif},
     {"aes_cbc_crypt", 4, aes_cbc_crypt},
     {"exor", 2, exor},
     {"rc4_encrypt", 2, rc4_encrypt},
@@ -260,6 +287,9 @@ ERL_NIF_INIT(crypto,nif_funcs,load,reload,upgrade,unload)
 #define SHA_CTX_LEN     (sizeof(SHA_CTX))
 #define SHA_LEN         20
 #define SHA_LEN_96      12
+#define SHA256_LEN	(256/8)
+#define SHA384_LEN	(384/8)
+#define SHA512_LEN	(512/8)
 #define HMAC_INT_LEN    64
 
 #define HMAC_IPAD       0x36
@@ -270,6 +300,9 @@ static ErlNifRWLock** lock_vec = NULL; /* Static locks used by openssl */
 static ERL_NIF_TERM atom_true;
 static ERL_NIF_TERM atom_false;
 static ERL_NIF_TERM atom_sha;
+static ERL_NIF_TERM atom_sha256;
+static ERL_NIF_TERM atom_sha384;
+static ERL_NIF_TERM atom_sha512;
 static ERL_NIF_TERM atom_md5;
 static ERL_NIF_TERM atom_ripemd160;
 static ERL_NIF_TERM atom_error;
@@ -286,6 +319,7 @@ static ERL_NIF_TERM atom_not_suitable_generator;
 static ERL_NIF_TERM atom_check_failed;
 static ERL_NIF_TERM atom_unknown;
 static ERL_NIF_TERM atom_none;
+static ERL_NIF_TERM atom_notsup;
 
 
 static int is_ok_load_info(ErlNifEnv* env, ERL_NIF_TERM load_info)
@@ -340,6 +374,9 @@ static int load(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info)
     atom_true = enif_make_atom(env,"true");
     atom_false = enif_make_atom(env,"false");
     atom_sha = enif_make_atom(env,"sha");
+    atom_sha256 = enif_make_atom(env,"sha256");
+    atom_sha384 = enif_make_atom(env,"sha384");
+    atom_sha512 = enif_make_atom(env,"sha512");
     atom_md5 = enif_make_atom(env,"md5");
     atom_ripemd160 = enif_make_atom(env,"ripemd160");
     atom_error = enif_make_atom(env,"error");
@@ -355,6 +392,7 @@ static int load(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info)
     atom_check_failed = enif_make_atom(env,"check_failed");
     atom_unknown = enif_make_atom(env,"unknown");
     atom_none = enif_make_atom(env,"none");
+    atom_notsup = enif_make_atom(env,"notsup");
 
     *priv_data = NULL;
     library_refc++;
@@ -519,6 +557,129 @@ static ERL_NIF_TERM sha_final(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[
     return ret;
 }
 
+static ERL_NIF_TERM sha256_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Data) */
+#ifdef HAVE_SHA256
+    ErlNifBinary ibin;
+    ERL_NIF_TERM ret;
+
+    if (!enif_inspect_iolist_as_binary(env, argv[0], &ibin)) {
+	return enif_make_badarg(env);
+    }
+    SHA256((unsigned char *) ibin.data, ibin.size,
+	 enif_make_new_binary(env,SHA256_LEN, &ret));
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha256_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* () */   
+#ifdef HAVE_SHA256
+    ERL_NIF_TERM ret;
+    SHA256_Init((SHA256_CTX *) enif_make_new_binary(env, sizeof(SHA256_CTX), &ret));
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha256_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Context, Data) */
+#ifdef HAVE_SHA256
+    SHA256_CTX* new_ctx;
+    ErlNifBinary ctx_bin, data_bin;
+    ERL_NIF_TERM ret;
+    if (!enif_inspect_binary(env, argv[0], &ctx_bin) || ctx_bin.size != sizeof(SHA256_CTX)
+	|| !enif_inspect_iolist_as_binary(env, argv[1], &data_bin)) {
+	return enif_make_badarg(env);
+    }
+    new_ctx = (SHA256_CTX*) enif_make_new_binary(env,sizeof(SHA256_CTX), &ret);
+    memcpy(new_ctx, ctx_bin.data, sizeof(SHA256_CTX));
+    SHA256_Update(new_ctx, data_bin.data, data_bin.size);
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha256_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Context) */
+#ifdef HAVE_SHA256
+    ErlNifBinary ctx_bin;
+    SHA256_CTX ctx_clone;
+    ERL_NIF_TERM ret;
+    if (!enif_inspect_binary(env, argv[0], &ctx_bin) || ctx_bin.size != sizeof(SHA256_CTX)) {
+	return enif_make_badarg(env);
+    }
+    memcpy(&ctx_clone, ctx_bin.data, sizeof(SHA256_CTX)); /* writable */
+    SHA256_Final(enif_make_new_binary(env, SHA256_LEN, &ret), &ctx_clone);    
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+
+static ERL_NIF_TERM sha512_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Data) */
+#ifdef HAVE_SHA512
+    ErlNifBinary ibin;
+    ERL_NIF_TERM ret;
+
+    if (!enif_inspect_iolist_as_binary(env, argv[0], &ibin)) {
+	return enif_make_badarg(env);
+    }
+    SHA512((unsigned char *) ibin.data, ibin.size,
+	 enif_make_new_binary(env,SHA512_LEN, &ret));
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha512_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* () */   
+#ifdef HAVE_SHA512
+    ERL_NIF_TERM ret;
+    SHA512_Init((SHA512_CTX *) enif_make_new_binary(env, sizeof(SHA512_CTX), &ret));
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha512_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Context, Data) */
+#ifdef HAVE_SHA512
+    SHA512_CTX* new_ctx;
+    ErlNifBinary ctx_bin, data_bin;
+    ERL_NIF_TERM ret;
+    if (!enif_inspect_binary(env, argv[0], &ctx_bin) || ctx_bin.size != sizeof(SHA512_CTX)
+	|| !enif_inspect_iolist_as_binary(env, argv[1], &data_bin)) {
+	return enif_make_badarg(env);
+    }
+    new_ctx = (SHA512_CTX*) enif_make_new_binary(env,sizeof(SHA512_CTX), &ret);
+    memcpy(new_ctx, ctx_bin.data, sizeof(SHA512_CTX));
+    SHA512_Update(new_ctx, data_bin.data, data_bin.size);
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha512_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Context) */
+#ifdef HAVE_SHA512
+    ErlNifBinary ctx_bin;
+    SHA512_CTX ctx_clone;
+    ERL_NIF_TERM ret;
+    if (!enif_inspect_binary(env, argv[0], &ctx_bin) || ctx_bin.size != sizeof(SHA512_CTX)) {
+	return enif_make_badarg(env);
+    }
+    memcpy(&ctx_clone, ctx_bin.data, sizeof(SHA512_CTX)); /* writable */
+    SHA512_Final(enif_make_new_binary(env, SHA512_LEN, &ret), &ctx_clone);    
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+
+
 static ERL_NIF_TERM md4(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Data) */    
     ErlNifBinary ibin;
@@ -1095,17 +1256,14 @@ static ERL_NIF_TERM dss_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv
     return(i > 0) ? atom_true : atom_false;
 }
 
-static ERL_NIF_TERM rsa_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+static ERL_NIF_TERM rsa_verify_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Type, Data, Signature, Key=[E,N]) */
     ErlNifBinary data_bin, sign_bin;
-    unsigned char hmacbuf[SHA_DIGEST_LENGTH];
+    unsigned char hmacbuf[SHA512_LEN];
     ERL_NIF_TERM head, tail, ret;
-    int i, is_sha;
+    int i;
     RSA* rsa = RSA_new();
-
-    if (argv[0] == atom_sha) is_sha = 1;
-    else if (argv[0] == atom_md5) is_sha = 0;
-    else goto badarg;
+    const ERL_NIF_TERM type = argv[0];
 
     if (!inspect_mpint(env, argv[1], &data_bin)
 	|| !inspect_mpint(env, argv[2], &sign_bin)
@@ -1114,22 +1272,57 @@ static ERL_NIF_TERM rsa_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv
 	|| !enif_get_list_cell(env, tail, &head, &tail)
 	|| !get_bn_from_mpint(env, head, &rsa->n)
 	|| !enif_is_empty_list(env, tail)) {
-    badarg:
+	
 	ret = enif_make_badarg(env);
     }
     else {
-	if (is_sha) {
+	if (type == atom_sha) {
 	    SHA1(data_bin.data+4, data_bin.size-4, hmacbuf);
 	    i = RSA_verify(NID_sha1, hmacbuf, SHA_DIGEST_LENGTH,
 			   sign_bin.data+4, sign_bin.size-4, rsa);
 	}
-	else {
+	else if (type == atom_sha256) {
+	  #ifdef HAVE_SHA256
+	    SHA256(data_bin.data+4, data_bin.size-4, hmacbuf);
+	    i = RSA_verify(NID_sha256, hmacbuf, SHA256_LEN,
+			   sign_bin.data+4, sign_bin.size-4, rsa);
+	  #else
+	    ret = atom_notsup;
+	    goto done;
+	  #endif 
+	}
+	else if (type == atom_sha384) {
+	  #ifdef HAVE_SHA384
+	    SHA384(data_bin.data+4, data_bin.size-4, hmacbuf);
+	    i = RSA_verify(NID_sha384, hmacbuf, SHA384_LEN,
+			   sign_bin.data+4, sign_bin.size-4, rsa);
+	  #else
+	    ret = atom_notsup;
+	    goto done;
+	  #endif 
+	}
+	else if (type == atom_sha512) {
+	  #ifdef HAVE_SHA512
+	    SHA512(data_bin.data+4, data_bin.size-4, hmacbuf);
+	    i = RSA_verify(NID_sha512, hmacbuf, SHA512_LEN,
+			   sign_bin.data+4, sign_bin.size-4, rsa);
+	  #else
+	    ret = atom_notsup;
+	    goto done;	    
+	  #endif
+	}
+	else if (type == atom_md5) {
 	    MD5(data_bin.data+4, data_bin.size-4, hmacbuf);
 	    i = RSA_verify(NID_md5, hmacbuf, MD5_DIGEST_LENGTH,
 			   sign_bin.data+4, sign_bin.size-4, rsa);
 	}
+	else {
+	    ret = enif_make_badarg(env);
+	    goto done;
+	}
 	ret = (i==1 ? atom_true : atom_false);
-    }
+    }    
+done:
     RSA_free(rsa);
     return ret;
 }
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 48243fd693..8cb893cd1c 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -896,7 +896,7 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
         <v>Key = [E, N]</v>
         <v>E, N = Mpint</v>
         <d>Where <c>E</c> is the public exponent and <c>N</c> is public modulus.</d>
-	<v>DigestType = md5 | sha</v>
+	<v>DigestType = md5 | sha | sha256 | sha384 | sha512</v>
 	<d> The default <c>DigestType</c> is sha.</d>
         <v>Mpint = binary()</v>
       </type>
@@ -905,6 +905,8 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
           and verifies that the digest matches the RSA signature using the
           signer's public key <c>Key</c>.
 	</p>
+	<p>May throw exception <c>notsup</c> in case the chosen <c>DigestType</c>
+	is not supported by the underlying OpenSSL implementation.</p>
       </desc>
     </func>
     
diff --git a/lib/crypto/doc/src/notes.xml b/lib/crypto/doc/src/notes.xml
index 763f79e02d..3a44550ae2 100644
--- a/lib/crypto/doc/src/notes.xml
+++ b/lib/crypto/doc/src/notes.xml
@@ -30,6 +30,44 @@
   </header>
   <p>This document describes the changes made to the Crypto application.</p>
 
+<section><title>Crypto 2.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    public_key, ssl and crypto now supports PKCS-8</p>
+          <p>
+	    Own Id: OTP-9312</p>
+        </item>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Add DES and Triple DES cipher feedback (CFB) mode
+	    functions to <c>crypto</c>. (Thanks to Paul Guyot)</p>
+          <p>
+	    Own Id: OTP-9640</p>
+        </item>
+        <item>
+          <p>
+	    Add sha256, sha384 and sha512 support for
+	    <c>crypto:rsa_verify</c>.</p>
+          <p>
+	    Own Id: OTP-9778</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Crypto 2.0.4</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 0714cb686d..d7aac27825 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -25,8 +25,8 @@
 -export([md4/1, md4_init/0, md4_update/2, md4_final/1]).
 -export([md5/1, md5_init/0, md5_update/2, md5_final/1]).
 -export([sha/1, sha_init/0, sha_update/2, sha_final/1]).
-%-export([sha256/1, sha256_init/0, sha256_update/2, sha256_final/1]).
-%-export([sha512/1, sha512_init/0, sha512_update/2, sha512_final/1]).
+-export([sha256/1, sha256_init/0, sha256_update/2, sha256_final/1]).
+-export([sha512/1, sha512_init/0, sha512_update/2, sha512_final/1]).
 -export([md5_mac/2, md5_mac_96/2, sha_mac/2, sha_mac/3, sha_mac_96/2]).
 -export([hmac_init/2, hmac_update/2, hmac_final/1, hmac_final_n/2]).
 -export([des_cbc_encrypt/3, des_cbc_decrypt/3, des_cbc_ivec/1]).
@@ -64,8 +64,8 @@
 -define(FUNC_LIST, [md4, md4_init, md4_update, md4_final,
 		    md5, md5_init, md5_update, md5_final,
 		    sha, sha_init, sha_update, sha_final,
-%% 		    sha256, sha256_init, sha256_update, sha256_final,
-%% 		    sha512, sha512_init, sha512_update, sha512_final,
+ 		    sha256, sha256_init, sha256_update, sha256_final,
+ 		    sha512, sha512_init, sha512_update, sha512_final,
 		    md5_mac,  md5_mac_96,
 		    sha_mac,  sha_mac_96,
                     sha_mac_init, sha_mac_update, sha_mac_final,
@@ -95,7 +95,7 @@
                     aes_ctr_stream_init, aes_ctr_stream_encrypt, aes_ctr_stream_decrypt,
 		    info_lib]).
 
--type rsa_digest_type() :: 'md5' | 'sha'.
+-type rsa_digest_type() :: 'md5' | 'sha' | 'sha256' | 'sha384' | 'sha512'.
 -type dss_digest_type() :: 'none' | 'sha'.
 -type crypto_integer() :: binary() | integer().
 
@@ -219,6 +219,73 @@ sha_init() -> ?nif_stub.
 sha_update(_Context, _Data) -> ?nif_stub.
 sha_final(_Context) -> ?nif_stub.
 
+%
+%% SHA256
+%%
+-spec sha256(iodata()) -> binary().
+-spec sha256_init() -> binary().
+-spec sha256_update(binary(), iodata()) -> binary().
+-spec sha256_final(binary()) -> binary().
+
+sha256(Data) ->
+    case sha256_nif(Data) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha256_init() ->
+    case sha256_init_nif() of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha256_update(Context, Data) ->
+    case sha256_update_nif(Context, Data) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha256_final(Context) ->
+    case sha256_final_nif(Context) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+
+sha256_nif(_Data) -> ?nif_stub.
+sha256_init_nif() -> ?nif_stub.
+sha256_update_nif(_Context, _Data) -> ?nif_stub.
+sha256_final_nif(_Context) -> ?nif_stub.
+
+%
+%% SHA512
+%%
+-spec sha512(iodata()) -> binary().
+-spec sha512_init() -> binary().
+-spec sha512_update(binary(), iodata()) -> binary().
+-spec sha512_final(binary()) -> binary().
+
+sha512(Data) ->
+    case sha512_nif(Data) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha512_init() ->
+    case sha512_init_nif() of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha512_update(Context, Data) ->
+    case sha512_update_nif(Context, Data) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha512_final(Context) ->
+    case sha512_final_nif(Context) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+
+sha512_nif(_Data) -> ?nif_stub.
+sha512_init_nif() -> ?nif_stub.
+sha512_update_nif(_Context, _Data) -> ?nif_stub.
+sha512_final_nif(_Context) -> ?nif_stub.
 
 %%
 %%  MESSAGE AUTHENTICATION CODES
@@ -522,8 +589,14 @@ dss_verify(_Type,_Data,_Signature,_Key) -> ?nif_stub.
 
 % Key = [E,N]  E=PublicExponent N=PublicModulus
 rsa_verify(Data,Signature,Key) ->
-    rsa_verify(sha, Data,Signature,Key).
-rsa_verify(_Type,_Data,_Signature,_Key) -> ?nif_stub.
+    rsa_verify_nif(sha, Data,Signature,Key).
+rsa_verify(Type, Data, Signature, Key) ->
+    case rsa_verify_nif(Type, Data, Signature, Key) of
+    	notsup -> erlang:error(notsup);
+	Bool -> Bool
+    end.
+
+rsa_verify_nif(_Type, _Data, _Signature, _Key) -> ?nif_stub.
 
 
 %%
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 86acdc27df..627c966dfb 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -68,30 +68,29 @@
 	 rc4_test/1,
 	 rc4_stream_test/1,
 	 blowfish_cfb64/1,
-	 smp/1,
-	 cleanup/1]).
+	 smp/1]).
 
 -export([hexstr2bin/1]).
 
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
-    [link_test, md5, md5_update, md4, md4_update, md5_mac,
-     md5_mac_io, sha, sha_update, 
-     hmac_update_sha, hmac_update_sha_n, hmac_update_md5_n, hmac_update_md5_io, hmac_update_md5,
-     %% sha256, sha256_update, sha512,sha512_update,
-     des_cbc, des_cfb, des3_cbc, des3_cfb, rc2_cbc, aes_cfb, aes_cbc,
-     aes_cbc_iter, aes_ctr, aes_ctr_stream, des_cbc_iter, des_cfb_iter, des_ecb,
-     des_cbc, rc2_cbc, aes_cfb, aes_cbc,
-     aes_cbc_iter, aes_ctr, aes_ctr_stream, des_cbc_iter, des_ecb,
-     rand_uniform_test, strong_rand_test,
-     rsa_verify_test, dsa_verify_test, rsa_sign_test,
-     dsa_sign_test, rsa_encrypt_decrypt, dh, exor_test,
-     rc4_test, rc4_stream_test, mod_exp_test, blowfish_cfb64,
-     smp].
-
-groups() -> 
-    [].
+    [link_test, {group, info}].
+
+groups() ->
+    [{info, [sequence],[info, {group, rest}]},
+     {rest, [],
+      [md5, md5_update, md4, md4_update, md5_mac,
+       md5_mac_io, sha, sha_update,
+       hmac_update_sha, hmac_update_sha_n, hmac_update_md5_n,
+       hmac_update_md5_io, hmac_update_md5,
+       des_cbc, aes_cfb, aes_cbc,
+       aes_cbc_iter, aes_ctr, aes_ctr_stream, des_cbc_iter, des_ecb,
+       rand_uniform_test, strong_rand_test,
+       rsa_verify_test, dsa_verify_test, rsa_sign_test,
+       dsa_sign_test, rsa_encrypt_decrypt, dh, exor_test,
+       rc4_test, rc4_stream_test, mod_exp_test, blowfish_cfb64,
+       smp]}].
 
 init_per_suite(Config) ->
     Config.
@@ -105,11 +104,15 @@ init_per_group(_GroupName, Config) ->
 end_per_group(_GroupName, Config) ->
     Config.
 
+init_per_testcase(info, Config) ->
+    Config;
 init_per_testcase(_Name,Config) ->
     io:format("init_per_testcase\n"),
     ?line crypto:start(),
     Config.
 
+end_per_testcase(info, Config) ->
+    Config;
 end_per_testcase(_Name,Config) ->
     io:format("end_per_testcase\n"),
     ?line crypto:stop(),
@@ -197,13 +200,6 @@ info(Config) when is_list(Config) ->
 	    ?line crypto:stop()
     end.
 
-cleanup(doc) ->
-    ["Cleanup (dummy)."];
-cleanup(suite) ->
-    [];
-cleanup(Config) when is_list(Config) ->
-    Config.
-
 %%
 %%
 md5(doc) ->
diff --git a/lib/crypto/vsn.mk b/lib/crypto/vsn.mk
index 33fa9b1ec3..7e82e47d38 100644
--- a/lib/crypto/vsn.mk
+++ b/lib/crypto/vsn.mk
@@ -1 +1 @@
-CRYPTO_VSN = 2.0.4
+CRYPTO_VSN = 2.1
diff --git a/lib/debugger/doc/src/debugger_chapter.xml b/lib/debugger/doc/src/debugger_chapter.xml
index 2d812b0236..de7784b240 100644
--- a/lib/debugger/doc/src/debugger_chapter.xml
+++ b/lib/debugger/doc/src/debugger_chapter.xml
@@ -4,7 +4,7 @@
 <chapter>
 <header>
     <copyright>
-      <year>1997</year><year>2009</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/debugger/doc/src/int.xml b/lib/debugger/doc/src/int.xml
index c9d815755d..0794685f34 100644
--- a/lib/debugger/doc/src/int.xml
+++ b/lib/debugger/doc/src/int.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1998</year><year>2009</year>
+      <year>1998</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/debugger/doc/src/notes.xml b/lib/debugger/doc/src/notes.xml
index 93e447848a..4d8bd8ebe4 100644
--- a/lib/debugger/doc/src/notes.xml
+++ b/lib/debugger/doc/src/notes.xml
@@ -32,6 +32,50 @@
   <p>This document describes the changes made to the Debugger
     application.</p>
 
+<section><title>Debugger 3.2.7</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fix "OK" spelling in debugger messages and variables</p>
+          <p>
+	    Simple code refactor in the debugger: renames all the
+	    occurrences of "Ok" to "OK" in the code, variable names
+	    and strings. This improves the consistency of the code
+	    and follows the GTK UI where "OK" is always used.(Thanks
+	    to Ricardo Catalinas Jim�nez)</p>
+          <p>
+	    Own Id: OTP-9699</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Variables are now now allowed in '<c>fun M:F/A</c>' as
+	    suggested by Richard O'Keefe in EEP-23.</p>
+	    <p>The representation of '<c>fun M:F/A</c>' in the
+	    abstract format has been changed in an incompatible way.
+	    Tools that directly read or manipulate the abstract
+	    format (such as parse transforms) may need to be updated.
+	    The compiler can handle both the new and the old format
+	    (i.e. extracting the abstract format from a pre-R15 BEAM
+	    file and compiling it using compile:forms/1,2 will work).
+	    The <c>syntax_tools</c> application can also handle both
+	    formats.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9643</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Debugger 3.2.6</title>
 
     <section><title>Improvements and New Features</title>
diff --git a/lib/debugger/src/Makefile b/lib/debugger/src/Makefile
index 6dc7d0d783..be9a2d13cb 100644
--- a/lib/debugger/src/Makefile
+++ b/lib/debugger/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/src/dbg_debugged.erl b/lib/debugger/src/dbg_debugged.erl
index 18dcd92ff3..4d9ffc4f3b 100644
--- a/lib/debugger/src/dbg_debugged.erl
+++ b/lib/debugger/src/dbg_debugged.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1998-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/src/dbg_ieval.hrl b/lib/debugger/src/dbg_ieval.hrl
index ea6189ad02..1abf39d247 100644
--- a/lib/debugger/src/dbg_ieval.hrl
+++ b/lib/debugger/src/dbg_ieval.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2005-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/src/dbg_ui_break_win.erl b/lib/debugger/src/dbg_ui_break_win.erl
index abbec158b0..2894e8223b 100644
--- a/lib/debugger/src/dbg_ui_break_win.erl
+++ b/lib/debugger/src/dbg_ui_break_win.erl
@@ -17,6 +17,18 @@
 %% %CopyrightEnd%
 %%
 -module(dbg_ui_break_win).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,entry,2}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,listbox,2}},
+          {nowarn_deprecated_function,{gs,menu,2}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,radiobutton,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 %% External exports
 -export([create_win/5,
diff --git a/lib/debugger/src/dbg_ui_edit_win.erl b/lib/debugger/src/dbg_ui_edit_win.erl
index 82f784aa83..fb40ab3812 100644
--- a/lib/debugger/src/dbg_ui_edit_win.erl
+++ b/lib/debugger/src/dbg_ui_edit_win.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -17,6 +17,12 @@
 %% %CopyrightEnd%
 %%
 -module(dbg_ui_edit_win).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,entry,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 %% External exports
 -export([create_win/5, get_window/1,
diff --git a/lib/debugger/src/dbg_ui_filedialog_win.erl b/lib/debugger/src/dbg_ui_filedialog_win.erl
index 1eced1104d..50d198f361 100644
--- a/lib/debugger/src/dbg_ui_filedialog_win.erl
+++ b/lib/debugger/src/dbg_ui_filedialog_win.erl
@@ -18,6 +18,13 @@
 %%
 
 -module(dbg_ui_filedialog_win).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,entry,3}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,listbox,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 %% External exports
 -export([create_win/6, create_win/7, get_window/1,
diff --git a/lib/debugger/src/dbg_ui_interpret.erl b/lib/debugger/src/dbg_ui_interpret.erl
index 079eaeb634..73392d40cb 100644
--- a/lib/debugger/src/dbg_ui_interpret.erl
+++ b/lib/debugger/src/dbg_ui_interpret.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/src/dbg_ui_mon_win.erl b/lib/debugger/src/dbg_ui_mon_win.erl
index 52e8f433ba..f446fb7fcd 100644
--- a/lib/debugger/src/dbg_ui_mon_win.erl
+++ b/lib/debugger/src/dbg_ui_mon_win.erl
@@ -17,6 +17,19 @@
 %% %CopyrightEnd%
 %%
 -module(dbg_ui_mon_win).
+-compile([{nowarn_deprecated_function,{gs,checkbutton,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,grid,2}},
+          {nowarn_deprecated_function,{gs,gridline,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,listbox,2}},
+          {nowarn_deprecated_function,{gs,menu,2}},
+          {nowarn_deprecated_function,{gs,menubar,2}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 %% External exports
 -export([init/0]).
diff --git a/lib/debugger/src/dbg_ui_settings.erl b/lib/debugger/src/dbg_ui_settings.erl
index 38b2ec424f..fcfd67966f 100644
--- a/lib/debugger/src/dbg_ui_settings.erl
+++ b/lib/debugger/src/dbg_ui_settings.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/src/dbg_ui_trace_win.erl b/lib/debugger/src/dbg_ui_trace_win.erl
index 82d4199630..f237f30e4a 100644
--- a/lib/debugger/src/dbg_ui_trace_win.erl
+++ b/lib/debugger/src/dbg_ui_trace_win.erl
@@ -17,6 +17,25 @@
 %% %CopyrightEnd%
 %%
 -module(dbg_ui_trace_win).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,button,3}},
+          {nowarn_deprecated_function,{gs,checkbutton,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,editor,2}},
+          {nowarn_deprecated_function,{gs,editor,3}},
+          {nowarn_deprecated_function,{gs,entry,2}},
+          {nowarn_deprecated_function,{gs,entry,3}},
+          {nowarn_deprecated_function,{gs,frame,3}},
+          {nowarn_deprecated_function,{gs,grid,3}},
+          {nowarn_deprecated_function,{gs,gridline,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,label,3}},
+          {nowarn_deprecated_function,{gs,menubar,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,window,2}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 %% External exports
 -export([init/0]).
diff --git a/lib/debugger/src/dbg_ui_win.erl b/lib/debugger/src/dbg_ui_win.erl
index 9bed6a1ec5..cef091ee28 100644
--- a/lib/debugger/src/dbg_ui_win.erl
+++ b/lib/debugger/src/dbg_ui_win.erl
@@ -17,6 +17,15 @@
 %% %CopyrightEnd%
 %%
 -module(dbg_ui_win).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,menu,2}},
+          {nowarn_deprecated_function,{gs,menu,3}},
+          {nowarn_deprecated_function,{gs,menubutton,2}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,menuitem,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,1}}]).
 
 %% External exports
 -export([init/0,
diff --git a/lib/debugger/src/dbg_ui_winman.erl b/lib/debugger/src/dbg_ui_winman.erl
index c7aac0df23..8619be344b 100644
--- a/lib/debugger/src/dbg_ui_winman.erl
+++ b/lib/debugger/src/dbg_ui_winman.erl
@@ -18,6 +18,11 @@
 %%
 -module(dbg_ui_winman).
 -behaviour(gen_server).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,menu,3}},
+          {nowarn_deprecated_function,{gs,menubutton,3}},
+          {nowarn_deprecated_function,{gs,menuitem,3}}]).
 
 %% External exports
 -export([start/0]).
diff --git a/lib/debugger/src/dbg_wx_filedialog_win.erl b/lib/debugger/src/dbg_wx_filedialog_win.erl
index 9f45ad0c47..f109652a70 100644
--- a/lib/debugger/src/dbg_wx_filedialog_win.erl
+++ b/lib/debugger/src/dbg_wx_filedialog_win.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2009-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -24,7 +24,7 @@
 -export([new/3, getFilename/1, getFilenames/1, getDirectory/1, destroy/1]).
 
 %% Internal 
--export([init/1, handle_call/3, handle_event/2, 
+-export([init/1, handle_call/3, handle_event/2, handle_cast/2,
 	 handle_info/2, code_change/3, terminate/2]).
 
 -include_lib("wx/include/wx.hrl").
@@ -193,6 +193,9 @@ handle_call(getDirectory, _From, State = #state{path=Dir}) ->
 handle_call(destroy, _From, State) ->
     {stop, normal, ok, State}.
 
+handle_cast(_, State) ->
+    {noreply, State}.
+
 %%  events
 handle_event(#wx{id=?wxID_UP}, State0) ->
     State = update_window(change_dir(0, State0)),
diff --git a/lib/debugger/src/dbg_wx_settings.erl b/lib/debugger/src/dbg_wx_settings.erl
index bc88bdf7da..3be93c495c 100644
--- a/lib/debugger/src/dbg_wx_settings.erl
+++ b/lib/debugger/src/dbg_wx_settings.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/src/dbg_wx_trace_win.erl b/lib/debugger/src/dbg_wx_trace_win.erl
index 720b913024..aab8fddda7 100644
--- a/lib/debugger/src/dbg_wx_trace_win.erl
+++ b/lib/debugger/src/dbg_wx_trace_win.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -19,6 +19,7 @@
 
 %%
 -module(dbg_wx_trace_win).
+-compile([{nowarn_deprecated_function,{gs,config,2}}]).
 
 %% External exports
 -export([init/0, stop/1]).
diff --git a/lib/debugger/src/debugger.app.src b/lib/debugger/src/debugger.app.src
index 5538f66260..807054c983 100644
--- a/lib/debugger/src/debugger.app.src
+++ b/lib/debugger/src/debugger.app.src
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/test/bs_construct_SUITE.erl b/lib/debugger/test/bs_construct_SUITE.erl
index 187c9f53b0..fa7b40ff1e 100644
--- a/lib/debugger/test/bs_construct_SUITE.erl
+++ b/lib/debugger/test/bs_construct_SUITE.erl
@@ -56,7 +56,7 @@ end_per_group(_GroupName, Config) ->
 
 init_per_testcase(_Case, Config) ->
     test_lib:interpret(?MODULE),
-    Dog = test_server:timetrap(?t:minutes(1)),
+    Dog = test_server:timetrap(?t:minutes(15)),
     [{watchdog,Dog}|Config].
 
 end_per_testcase(_Case, Config) ->
diff --git a/lib/debugger/test/bs_match_misc_SUITE.erl b/lib/debugger/test/bs_match_misc_SUITE.erl
index 89fce263f5..ec3746d76a 100644
--- a/lib/debugger/test/bs_match_misc_SUITE.erl
+++ b/lib/debugger/test/bs_match_misc_SUITE.erl
@@ -57,7 +57,7 @@ end_per_suite(Config) when is_list(Config) ->
 
 init_per_testcase(_Case, Config) ->
     test_lib:interpret(?MODULE),
-    Dog = test_server:timetrap(?t:minutes(1)),
+    Dog = test_server:timetrap(?t:minutes(15)),
     [{watchdog,Dog}|Config].
 
 end_per_testcase(_Case, Config) ->
diff --git a/lib/debugger/test/int_eval_SUITE_data/my_int_eval_module.erl b/lib/debugger/test/int_eval_SUITE_data/my_int_eval_module.erl
index 90f83e80e8..c9ac6931e2 100644
--- a/lib/debugger/test/int_eval_SUITE_data/my_int_eval_module.erl
+++ b/lib/debugger/test/int_eval_SUITE_data/my_int_eval_module.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/test/test_lib.erl b/lib/debugger/test/test_lib.erl
index 5e4ac7f164..29b26343e8 100644
--- a/lib/debugger/test/test_lib.erl
+++ b/lib/debugger/test/test_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2000-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2000-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/vsn.mk b/lib/debugger/vsn.mk
index 0f70dafc19..01ff0eb9a8 100644
--- a/lib/debugger/vsn.mk
+++ b/lib/debugger/vsn.mk
@@ -1 +1 @@
-DEBUGGER_VSN = 3.2.6
+DEBUGGER_VSN = 3.2.7
diff --git a/lib/dialyzer/doc/src/book.xml b/lib/dialyzer/doc/src/book.xml
index 0b4e1cb617..ec06427671 100644
--- a/lib/dialyzer/doc/src/book.xml
+++ b/lib/dialyzer/doc/src/book.xml
@@ -4,7 +4,7 @@
 <book xmlns:xi="http://www.w3.org/2001/XInclude">
   <header titlestyle="normal">
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/dialyzer/doc/src/notes.xml b/lib/dialyzer/doc/src/notes.xml
index 17291b24f7..f100865b56 100644
--- a/lib/dialyzer/doc/src/notes.xml
+++ b/lib/dialyzer/doc/src/notes.xml
@@ -31,6 +31,94 @@
   <p>This document describes the changes made to the Dialyzer
     application.</p>
 
+<section><title>Dialyzer 2.5</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fix false warning about closure application</p>
+          <p>
+	    Whenever a variable that could hold one of two or more
+	    possible closures was used in a particular application,
+	    the application was assumed to fail if ONE of the
+	    closures would fail in this application. This has been
+	    corrected to infer failing application if ALL possible
+	    closures would fail in the particular application.</p>
+          <p>
+	    Change category of 'might also return' warnings</p>
+          <p>
+	    Dialyzer emits warnings like the following "The
+	    specification for _ states that the function might also
+	    return _ but the inferred return is _", which are
+	    actually underspecifications and not wrong type
+	    specifications. This patch makes sure that they are filed
+	    under the appropriate category.</p>
+          <p>
+	    Own Id: OTP-9707</p>
+        </item>
+        <item>
+	    <p>Wrap up behaviours patch for Dialyzer</p> <list>
+	    <item><p>Enable warnings by default, add two options for
+	    suppressing them</p></item> <item><p>Fix warning
+	    formatting and update testsuites.</p></item>
+	    <item><p>Detection of callback-spec
+	    discrepancies</p></item> <item><p>Allow none() as return
+	    value in callbacks</p></item> <item><p>Behaviour callback
+	    discrepancy detection for Dialyzer</p></item>
+	    <item><p>Add lookup function for callbacks</p></item>
+	    <item><p>Store callbacks in codeserver and PLT</p></item>
+	    <item><p>Collect callback definitions during
+	    compilation</p></item> <item><p>Update inets
+	    results</p></item> </list>
+          <p>
+	    Own Id: OTP-9731</p>
+        </item>
+        <item>
+          <p>
+	    <list> <item><p>No warnings for underspecs with remote
+	    types</p></item> <item><p> Fix crash in Typer</p></item>
+	    <item><p>Fix Dialyzer's warning for its own
+	    code</p></item> <item><p>Fix Dialyzer's warnings in
+	    HiPE</p></item> <item><p>Add file/line info in a
+	    particular Dialyzer crash</p></item> <item><p>Update
+	    inets test results</p></item> </list></p>
+          <p>
+	    Own Id: OTP-9758</p>
+        </item>
+        <item>
+          <p>
+	    <list> <item><p>Correct callback spec in application
+	    module</p></item> <item><p>Refine warning about callback
+	    specs with extra ranges</p></item> <item><p>Cleanup
+	    autoimport compiler directives</p></item> <item><p>Fix
+	    Dialyzer's warnings in typer</p></item> <item><p>Fix
+	    Dialyzer's warning for its own code</p></item>
+	    <item><p>Fix bug in Dialyzer's behaviours
+	    analysis</p></item> <item><p>Fix crash in
+	    Dialyzer</p></item> <item><p>Variable substitution was
+	    not generalizing any unknown variables.</p></item>
+	    </list></p>
+          <p>
+	    Own Id: OTP-9776</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p> Optimize the joining of maps in
+	    <c>dialyzer_dataflow</c>. </p>
+          <p>
+	    Own Id: OTP-9761</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Dialyzer 2.4.4</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/dialyzer/doc/src/part.xml b/lib/dialyzer/doc/src/part.xml
index 4410840660..564ef3a52f 100644
--- a/lib/dialyzer/doc/src/part.xml
+++ b/lib/dialyzer/doc/src/part.xml
@@ -4,7 +4,7 @@
 <part xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/dialyzer/doc/src/part_notes.xml b/lib/dialyzer/doc/src/part_notes.xml
index cb048d55dd..992ee73daa 100644
--- a/lib/dialyzer/doc/src/part_notes.xml
+++ b/lib/dialyzer/doc/src/part_notes.xml
@@ -4,7 +4,7 @@
 <part xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/dialyzer/doc/src/ref_man.xml b/lib/dialyzer/doc/src/ref_man.xml
index ca5410f6b8..7e5367b7c5 100644
--- a/lib/dialyzer/doc/src/ref_man.xml
+++ b/lib/dialyzer/doc/src/ref_man.xml
@@ -4,7 +4,7 @@
 <application xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/dialyzer/src/dialyzer_analysis_callgraph.erl b/lib/dialyzer/src/dialyzer_analysis_callgraph.erl
index 62153fa176..458f3a4c81 100644
--- a/lib/dialyzer/src/dialyzer_analysis_callgraph.erl
+++ b/lib/dialyzer/src/dialyzer_analysis_callgraph.erl
@@ -2,7 +2,7 @@
 %%--------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2006-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2006-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -359,8 +359,17 @@ store_core(Mod, Core, NoWarn, Callgraph, CServer) ->
   store_code_and_build_callgraph(Mod, LabeledCore, Callgraph, CServer3, NoWarn).
 
 abs_get_nowarn(Abs, M) ->
-  [{M, F, A}
-   || {attribute, _, compile, {nowarn_unused_function, {F, A}}} <- Abs].
+  Opts = lists:flatten([C || {attribute, _, compile, C} <- Abs]),
+  Warn = erl_lint:bool_option(warn_unused_function, nowarn_unused_function,
+                              true, Opts),
+  case Warn of
+    false ->
+      [{M, F, A} || {function, _, F, A, _} <- Abs]; % all functions
+    true ->
+      [{M, F, A} ||
+        {nowarn_unused_function, FAs} <- Opts,
+        {F, A} <- lists:flatten([FAs])]
+  end.
 
 get_exported_types_from_core(Core) ->
   Attrs = cerl:module_attrs(Core),
diff --git a/lib/dialyzer/src/dialyzer_behaviours.erl b/lib/dialyzer/src/dialyzer_behaviours.erl
index 56eb46d78a..e89c08df7d 100644
--- a/lib/dialyzer/src/dialyzer_behaviours.erl
+++ b/lib/dialyzer/src/dialyzer_behaviours.erl
@@ -2,7 +2,7 @@
 %%-----------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -144,15 +144,20 @@ check_all_callbacks(Module, Behaviour, [Cb|Rest],
       'error' -> Acc1;
       {ok, {{File, Line}, Contract}} ->
 	Acc10 = Acc1,
-	SpecReturnType = dialyzer_contracts:get_contract_return(Contract),
-	SpecArgTypes = dialyzer_contracts:get_contract_args(Contract),
+	SpecReturnType0 = dialyzer_contracts:get_contract_return(Contract),
+	SpecArgTypes0 = dialyzer_contracts:get_contract_args(Contract),
+	SpecReturnType = erl_types:subst_all_vars_to_any(SpecReturnType0),
+	SpecArgTypes =
+	  [erl_types:subst_all_vars_to_any(ArgT0) || ArgT0 <- SpecArgTypes0],
 	Acc11 =
 	  case erl_types:t_is_subtype(SpecReturnType, CbReturnType) of
 	    true -> Acc10;
-	    false -> [{callback_spec_type_mismatch,
-		       [File, Line, Behaviour, Function, Arity,
-			erl_types:t_to_string(SpecReturnType, Records),
-			erl_types:t_to_string(CbReturnType, Records)]}|Acc10]
+	    false ->
+	      ExtraType = erl_types:t_subtract(SpecReturnType, CbReturnType),
+	      [{callback_spec_type_mismatch,
+		[File, Line, Behaviour, Function, Arity,
+		 erl_types:t_to_string(ExtraType, Records),
+		 erl_types:t_to_string(CbReturnType, Records)]}|Acc10]
 	  end,
 	Acc12 =
 	  case erl_types:any_none(
diff --git a/lib/dialyzer/src/dialyzer_cl.erl b/lib/dialyzer/src/dialyzer_cl.erl
index e638e2fff2..04a0db890f 100644
--- a/lib/dialyzer/src/dialyzer_cl.erl
+++ b/lib/dialyzer/src/dialyzer_cl.erl
@@ -29,10 +29,6 @@
 
 -module(dialyzer_cl).
 
-%% Avoid warning for local function error/1 clashing with autoimported BIF.
--compile({no_auto_import,[error/1]}).
-%% Avoid warning for local function error/2 clashing with autoimported BIF.
--compile({no_auto_import,[error/2]}).
 -export([start/1]).
 
 -include("dialyzer.hrl").
@@ -88,7 +84,7 @@ init_opts_for_build(Opts) ->
         Plts ->
           Msg = io_lib:format("Could not build multiple PLT files: ~s\n",
                               [format_plts(Plts)]),
-          error(Msg)
+          cl_error(Msg)
       end;
     false -> Opts#options{init_plts = []}
   end.
@@ -110,7 +106,7 @@ init_opts_for_add(Opts) ->
         Plts ->
           Msg = io_lib:format("Could not add to multiple PLT files: ~s\n",
                               [format_plts(Plts)]),
-          error(Msg)
+          cl_error(Msg)
       end;
     false ->
       case Opts#options.init_plts =:= [] of
@@ -134,11 +130,12 @@ check_plt_aux([_] = Plt, Opts) ->
   report_check(Opts2),
   plt_common(Opts2, [], []);
 check_plt_aux([Plt|Plts], Opts) ->
-  Opts1 = Opts#options{init_plts = [Plt]},
-  Opts2 = init_opts_for_check(Opts1),
-  report_check(Opts2),
-  plt_common(Opts2, [], []),
-  check_plt_aux(Plts, Opts).
+  case check_plt_aux([Plt], Opts) of
+    {?RET_NOTHING_SUSPICIOUS, []} -> check_plt_aux(Plts, Opts);
+    {?RET_DISCREPANCIES, Warns} ->
+      {_RET, MoreWarns} = check_plt_aux(Plts, Opts),
+      {?RET_DISCREPANCIES, Warns ++ MoreWarns}
+  end.
 
 init_opts_for_check(Opts) ->
   InitPlt =
@@ -175,7 +172,7 @@ init_opts_for_remove(Opts) ->
         Plts ->
           Msg = io_lib:format("Could not remove from multiple PLT files: ~s\n",
                               [format_plts(Plts)]),
-          error(Msg)
+          cl_error(Msg)
       end;
     false ->
       case Opts#options.init_plts =:= [] of
@@ -193,7 +190,7 @@ plt_common(#options{init_plts = [InitPlt]} = Opts, RemoveFiles, AddFiles) ->
 	none -> ok;
 	OutPlt ->
 	  {ok, Binary} = file:read_file(InitPlt),
-	  file:write_file(OutPlt, Binary)
+	  ok = file:write_file(OutPlt, Binary)
       end,
       case Opts#options.report_mode of
 	quiet -> ok;
@@ -221,19 +218,19 @@ plt_common(#options{init_plts = [InitPlt]} = Opts, RemoveFiles, AddFiles) ->
     {error, no_such_file} ->
       Msg = io_lib:format("Could not find the PLT: ~s\n~s",
 			  [InitPlt, default_plt_error_msg()]),
-      error(Msg);
+      cl_error(Msg);
     {error, not_valid} ->
       Msg = io_lib:format("The file: ~s is not a valid PLT file\n~s",
 			  [InitPlt, default_plt_error_msg()]),
-      error(Msg);
+      cl_error(Msg);
     {error, read_error} ->
       Msg = io_lib:format("Could not read the PLT: ~s\n~s",
 			  [InitPlt, default_plt_error_msg()]),
-      error(Msg);
+      cl_error(Msg);
     {error, {no_file_to_remove, F}} ->
       Msg = io_lib:format("Could not remove the file ~s from the PLT: ~s\n",
 			  [F, InitPlt]),
-      error(Msg)
+      cl_error(Msg)
   end.
 
 default_plt_error_msg() ->
@@ -426,7 +423,7 @@ assert_writable(PltFile) ->
     true -> ok;
     false ->
       Msg = io_lib:format("    The PLT file ~s is not writable", [PltFile]),
-      error(Msg)
+      cl_error(Msg)
   end.
 
 check_if_writable(PltFile) ->
@@ -525,10 +522,7 @@ native_compile(Mods) ->
   end.
 
 hc(Mod) ->
-  case code:ensure_loaded(Mod) of
-    {module, Mod} -> ok;
-    {error, sticky_directory} -> ok
-  end,
+  {module, Mod} = code:ensure_loaded(Mod),
   case code:is_module_native(Mod) of
     true -> ok;
     false ->
@@ -553,7 +547,7 @@ init_output(State0, #options{output_file = OutFile,
 	{error, Reason} ->
 	  Msg = io_lib:format("Could not open output file ~p, Reason: ~p\n",
 			      [OutFile, Reason]),
-	  error(State, lists:flatten(Msg))
+	  cl_error(State, lists:flatten(Msg))
       end
   end.
 
@@ -599,10 +593,10 @@ cl_loop(State, LogCache) ->
       cl_loop(NewState, LogCache);
     {'EXIT', BackendPid, {error, Reason}} ->
       Msg = failed_anal_msg(Reason, LogCache),
-      error(State, Msg);
+      cl_error(State, Msg);
     {'EXIT', BackendPid, Reason} when Reason =/= 'normal' ->
       Msg = failed_anal_msg(io_lib:format("~P", [Reason, 12]), LogCache),
-      error(State, Msg);
+      cl_error(State, Msg);
     _Other ->
       %% io:format("Received ~p\n", [_Other]),
       cl_loop(State, LogCache)
@@ -611,7 +605,7 @@ cl_loop(State, LogCache) ->
 -spec failed_anal_msg(string(), [_]) -> nonempty_string().
 
 failed_anal_msg(Reason, LogCache) ->
-  Msg = "Analysis failed with error: " ++ Reason ++ "\n",
+  Msg = "Analysis failed with error:\n" ++ Reason ++ "\n",
   case LogCache =:= [] of
     true -> Msg;
     false ->
@@ -635,14 +629,14 @@ store_warnings(#cl_state{stored_warnings = StoredWarnings} = St, Warnings) ->
 store_unknown_behaviours(#cl_state{unknown_behaviours = Behs} = St, Beh) ->
   St#cl_state{unknown_behaviours = Beh ++ Behs}.
 
--spec error(string()) -> no_return().
+-spec cl_error(string()) -> no_return().
 
-error(Msg) ->
+cl_error(Msg) ->
   throw({dialyzer_error, Msg}).
 
--spec error(#cl_state{}, string()) -> no_return().
+-spec cl_error(#cl_state{}, string()) -> no_return().
 
-error(State, Msg) ->
+cl_error(State, Msg) ->
   case State#cl_state.output of
     standard_io -> ok;
     Outfile -> io:format(Outfile, "\n~s\n", [Msg])
diff --git a/lib/dialyzer/src/dialyzer_codeserver.erl b/lib/dialyzer/src/dialyzer_codeserver.erl
index c34a9f0b7d..13ca65e4dd 100644
--- a/lib/dialyzer/src/dialyzer_codeserver.erl
+++ b/lib/dialyzer/src/dialyzer_codeserver.erl
@@ -2,7 +2,7 @@
 %%-----------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2006-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2006-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/dialyzer/src/dialyzer_contracts.erl b/lib/dialyzer/src/dialyzer_contracts.erl
index 3469d70a4d..2b78b736ab 100644
--- a/lib/dialyzer/src/dialyzer_contracts.erl
+++ b/lib/dialyzer/src/dialyzer_contracts.erl
@@ -2,7 +2,7 @@
 %%-----------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -256,7 +256,7 @@ check_extraneous([C|Cs], SuccType) ->
 check_extraneous_1(Contract, SuccType) ->
   CRngs = erl_types:t_elements(erl_types:t_fun_range(Contract)),
   STRng = erl_types:t_fun_range(SuccType),
-  %% io:format("CR = ~p\nSR = ~p\n", [CRngs, STRng]),
+  ?debug("CR = ~p\nSR = ~p\n", [CRngs, STRng]),
   case [CR || CR <- CRngs, erl_types:t_is_none(erl_types:t_inf(CR, STRng, opaque))] of
     [] -> ok;
     CRs -> {error, {extra_range, erl_types:t_sup(CRs), STRng}}
@@ -352,28 +352,37 @@ insert_constraints([], Dict) -> Dict.
 
 store_tmp_contract(MFA, FileLine, TypeSpec, SpecDict, RecordsDict) ->
   %% io:format("contract from form: ~p\n", [TypeSpec]),
-  TmpContract = contract_from_form(TypeSpec, RecordsDict),
+  TmpContract = contract_from_form(TypeSpec, RecordsDict, FileLine),
   %% io:format("contract: ~p\n", [Contract]),
   dict:store(MFA, {FileLine, TmpContract}, SpecDict).
 
-contract_from_form(Forms, RecDict) ->
-  {CFuns, Forms1} = contract_from_form(Forms, RecDict, [], []),
+contract_from_form(Forms, RecDict, FileLine) ->
+  {CFuns, Forms1} = contract_from_form(Forms, RecDict, FileLine, [], []),
   #tmp_contract{contract_funs = CFuns, forms = Forms1}.
 
 contract_from_form([{type, _, 'fun', [_, _]} = Form | Left], RecDict,
-		   TypeAcc, FormAcc) ->
+		   FileLine, TypeAcc, FormAcc) ->
   TypeFun =
     fun(ExpTypes, AllRecords) ->
-	Type = erl_types:t_from_form(Form, RecDict),
+	Type =
+	  try
+	    erl_types:t_from_form(Form, RecDict)
+	  catch
+	    throw:{error, Msg} ->
+	      {File, Line} = FileLine,
+	      NewMsg = io_lib:format("~s:~p: ~s", [filename:basename(File),
+						     Line, Msg]),
+	      throw({error, NewMsg})
+	  end,
 	NewType = erl_types:t_solve_remote(Type, ExpTypes, AllRecords),
 	{NewType, []}
     end,
   NewTypeAcc = [TypeFun | TypeAcc],
   NewFormAcc = [{Form, []} | FormAcc],
-  contract_from_form(Left, RecDict, NewTypeAcc, NewFormAcc);
+  contract_from_form(Left, RecDict, FileLine, NewTypeAcc, NewFormAcc);
 contract_from_form([{type, _L1, bounded_fun,
 		     [{type, _L2, 'fun', [_, _]} = Form, Constr]}| Left],
-		   RecDict, TypeAcc, FormAcc) ->
+		   RecDict, FileLine, TypeAcc, FormAcc) ->
   TypeFun =
     fun(ExpTypes, AllRecords) ->
 	Constr1 = [constraint_from_form(C, RecDict, ExpTypes, AllRecords)
@@ -385,8 +394,8 @@ contract_from_form([{type, _L1, bounded_fun,
     end,
   NewTypeAcc = [TypeFun | TypeAcc],
   NewFormAcc = [{Form, Constr} | FormAcc],
-  contract_from_form(Left, RecDict, NewTypeAcc, NewFormAcc);
-contract_from_form([], _RecDict, TypeAcc, FormAcc) ->
+  contract_from_form(Left, RecDict, FileLine, NewTypeAcc, NewFormAcc);
+contract_from_form([], _RecDict, _FileLine, TypeAcc, FormAcc) ->
   {lists:reverse(TypeAcc), lists:reverse(FormAcc)}.
 
 constraint_from_form({type, _, constraint, [{atom, _, is_subtype},
@@ -444,7 +453,21 @@ get_invalid_contract_warnings_funs([{MFA, {FileLine, Contract}}|Left],
 	  {error, invalid_contract} ->
 	    [invalid_contract_warning(MFA, FileLine, Sig, RecDict)|Acc];
 	  {error, {extra_range, ExtraRanges, STRange}} ->
-	    [extra_range_warning(MFA, FileLine, ExtraRanges, STRange)|Acc];
+	    Warn =
+	      case t_from_forms_without_remote(Contract#contract.forms,
+					       RecDict) of
+		{ok, NoRemoteType} ->
+		  CRet = erl_types:t_fun_range(NoRemoteType),
+		  erl_types:t_is_subtype(ExtraRanges, CRet);
+		unsupported ->
+		  true
+	      end,
+	    case Warn of
+	      true ->
+		[extra_range_warning(MFA, FileLine, ExtraRanges, STRange)|Acc];
+	      false ->
+		Acc
+	    end;
 	  {error, Msg} ->
 	    [{?WARN_CONTRACT_SYNTAX, FileLine, Msg}|Acc];
 	  ok ->
@@ -507,26 +530,92 @@ picky_contract_check(CSig0, Sig0, MFA, FileLine, Contract, RecDict, Acc) ->
 extra_contract_warning({M, F, A}, FileLine, Contract, CSig, Sig, RecDict) ->
   SigString = lists:flatten(dialyzer_utils:format_sig(Sig, RecDict)),
   ContractString0 = lists:flatten(dialyzer_utils:format_sig(CSig, RecDict)),
-  case SigString =:= ContractString0 of
+  %% The only difference is in record fields containing 'undefined' or not.
+  IsUndefRecordFieldsRelated = SigString =:= ContractString0,
+  {IsRemoteTypesRelated, SubtypeRelation} =
+    is_remote_types_related(Contract, CSig, Sig, RecDict),
+  case IsUndefRecordFieldsRelated orelse IsRemoteTypesRelated of
     true ->
-      %% The only difference is in record fields containing 'undefined' or not.
       no_warning;
     false ->
       ContractString = contract_to_string(Contract),
       {Tag, Msg} =
-	case erl_types:t_is_subtype(CSig, Sig) of
-	  true ->
+	case SubtypeRelation of
+	  contract_is_subtype ->
 	    {?WARN_CONTRACT_SUBTYPE,
 	     {contract_subtype, [M, F, A, ContractString, SigString]}};
-	  false ->
-	    case erl_types:t_is_subtype(Sig, CSig) of
-	      true ->
-		{?WARN_CONTRACT_SUPERTYPE,
-		 {contract_supertype, [M, F, A, ContractString, SigString]}};
-	      false ->
-		{?WARN_CONTRACT_NOT_EQUAL,
-		 {contract_diff, [M, F, A, ContractString, SigString]}}
-	    end
+	  contract_is_supertype ->
+	    {?WARN_CONTRACT_SUPERTYPE,
+	     {contract_supertype, [M, F, A, ContractString, SigString]}};
+	  neither ->
+	    {?WARN_CONTRACT_NOT_EQUAL,
+	     {contract_diff, [M, F, A, ContractString, SigString]}}
 	end,
       {warning, {Tag, FileLine, Msg}}
   end.
+
+is_remote_types_related(Contract, CSig, Sig, RecDict) ->
+  case erl_types:t_is_subtype(CSig, Sig) of
+    true ->
+      {false, contract_is_subtype};
+    false ->
+      case erl_types:t_is_subtype(Sig, CSig) of
+	true ->
+	  case t_from_forms_without_remote(Contract#contract.forms, RecDict) of
+	    {ok, NoRemoteTypeSig} ->
+	      case blame_remote(CSig, NoRemoteTypeSig, Sig) of
+		true ->
+		  {true, neither};
+		false ->
+		  {false, contract_is_supertype}
+	      end;
+	    unsupported ->
+	      {false, contract_is_supertype}
+	  end;
+	false ->
+	  {false, neither}
+      end
+  end.
+
+t_from_forms_without_remote([{FType, []}], RecDict) ->
+  Type0 = erl_types:t_from_form(FType, RecDict),
+  Map =
+    fun(Type) ->
+	case erl_types:t_is_remote(Type) of
+	  true -> erl_types:t_none();
+	  false -> Type
+	end
+    end,
+  {ok, erl_types:t_map(Map, Type0)};
+t_from_forms_without_remote([{_FType, _Constrs}], _RecDict) ->
+  %% 'When' constraints
+  unsupported;
+t_from_forms_without_remote(_Forms, _RecDict) ->
+  %% Lots of forms
+  unsupported.
+
+blame_remote(ContractSig, NoRemoteContractSig, Sig) ->
+  CArgs  = erl_types:t_fun_args(ContractSig),
+  CRange = erl_types:t_fun_range(ContractSig),
+  NRArgs = erl_types:t_fun_args(NoRemoteContractSig),
+  NRRange = erl_types:t_fun_range(NoRemoteContractSig),
+  SArgs = erl_types:t_fun_args(Sig),
+  SRange = erl_types:t_fun_range(Sig),
+  blame_remote_list([CRange|CArgs], [NRRange|NRArgs], [SRange|SArgs]).
+
+blame_remote_list([], [], []) ->
+  true;
+blame_remote_list([CArg|CArgs], [NRArg|NRArgs], [SArg|SArgs]) ->
+  case erl_types:t_is_equal(CArg, NRArg) of
+    true ->
+      case not erl_types:t_is_equal(CArg, SArg) of
+	true  -> false;
+	false -> blame_remote_list(CArgs, NRArgs, SArgs)
+      end;
+    false ->
+      case erl_types:t_is_subtype(SArg, NRArg)
+	andalso not erl_types:t_is_subtype(NRArg, SArg) of
+	true  -> false;
+	false -> blame_remote_list(CArgs, NRArgs, SArgs)
+      end
+  end.
diff --git a/lib/dialyzer/src/dialyzer_dataflow.erl b/lib/dialyzer/src/dialyzer_dataflow.erl
index d74c04385b..6008dba080 100644
--- a/lib/dialyzer/src/dialyzer_dataflow.erl
+++ b/lib/dialyzer/src/dialyzer_dataflow.erl
@@ -101,6 +101,12 @@
 		behaviour_api_dict = [] ::
 		  dialyzer_behaviours:behaviour_api_dict()}).
 
+-record(map, {dict = dict:new()   :: dict(),
+              subst = dict:new()  :: dict(),
+              modified = []       :: [Key :: term()],
+              modified_stack = [] :: [{[Key :: term()],reference()}],
+              ref = undefined     :: reference() | undefined}).
+
 %% Exported Types
 
 -opaque state() :: #state{}.
@@ -1058,12 +1064,13 @@ handle_case(Tree, Map, #state{callgraph = Callgraph} = State) ->
                                    RaceListSize + 1, State1);
           false -> State1
         end,
+      Map2 = join_maps_begin(Map1),
       {MapList, State3, Type} =
 	handle_clauses(Clauses, Arg, ArgType, ArgType, State2,
-		       [], Map1, [], []),
-      Map2 = join_maps(MapList, Map1),
+		       [], Map2, [], []),
+      Map3 = join_maps_end(MapList, Map2),
       debug_pp_map(Map2),
-      {State3, Map2, Type}
+      {State3, Map3, Type}
   end.
 
 %%----------------------------------------
@@ -1640,14 +1647,15 @@ bind_pat_vars([Pat|PatLeft], [Type|TypeLeft], Acc, Map, State, Rev) ->
 	  false ->
 	    SubTuples = t_tuple_subtypes(Tuple),
 	    %% Need to call the top function to get the try-catch wrapper
+            MapJ = join_maps_begin(Map),
 	    Results =
 	      case Rev of
 		true ->
 		  [bind_pat_vars_reverse(Es, t_tuple_args(SubTuple), [],
-					 Map, State)
+					 MapJ, State)
 		   || SubTuple <- SubTuples];
 		false ->
-		  [bind_pat_vars(Es, t_tuple_args(SubTuple), [], Map, State)
+		  [bind_pat_vars(Es, t_tuple_args(SubTuple), [], MapJ, State)
 		   || SubTuple <- SubTuples]
 	      end,
 	    case lists:keyfind(opaque, 2, Results) of
@@ -1661,7 +1669,7 @@ bind_pat_vars([Pat|PatLeft], [Type|TypeLeft], Acc, Map, State, Rev) ->
 		      false -> bind_error([Pat], Tuple, t_none(), bind)
 		    end;
 		  Maps ->
-		    Map1 = join_maps(Maps, Map),
+		    Map1 = join_maps_end(Maps, MapJ),
 		    TupleType = t_sup([t_tuple(EsTypes)
 				       || {M, EsTypes} <- Results, M =/= error]),
 		    {Map1, TupleType}
@@ -2308,27 +2316,29 @@ handle_guard_and(Guard, Map, Env, Eval, State) ->
 	  end
       end;
     neg ->
+      MapJ = join_maps_begin(Map),
       {Map1, Type1} =
-	try bind_guard(Arg1, Map, Env, neg, State)
-	catch throw:{fail, _} -> bind_guard(Arg2, Map, Env, pos, State)
+	try bind_guard(Arg1, MapJ, Env, neg, State)
+	catch throw:{fail, _} -> bind_guard(Arg2, MapJ, Env, pos, State)
 	end,
       {Map2, Type2} =
-	try bind_guard(Arg2, Map, Env, neg, State)
-	catch throw:{fail, _} -> bind_guard(Arg1, Map, Env, pos, State)
+	try bind_guard(Arg2, MapJ, Env, neg, State)
+	catch throw:{fail, _} -> bind_guard(Arg1, MapJ, Env, pos, State)
 	end,
       case t_is_atom(false, Type1) orelse t_is_atom(false, Type2) of
-	true -> {join_maps([Map1, Map2], Map), t_atom(false)};
+	true -> {join_maps_end([Map1, Map2], MapJ), t_atom(false)};
 	false -> signal_guard_fail(Eval, Guard, [Type1, Type2], State)
       end;
     dont_know ->
-      {Map1, Type1} = bind_guard(Arg1, Map, Env, dont_know, State),
-      {Map2, Type2} = bind_guard(Arg2, Map, Env, dont_know, State),
+      MapJ = join_maps_begin(Map),
+      {Map1, Type1} = bind_guard(Arg1, MapJ, Env, dont_know, State),
+      {Map2, Type2} = bind_guard(Arg2, MapJ, Env, dont_know, State),
       Bool1 = t_inf(Type1, t_boolean()),
       Bool2 = t_inf(Type2, t_boolean()),
       case t_is_none(Bool1) orelse t_is_none(Bool2) of
 	true -> throw({fatal_fail, none});
 	false ->
-	  NewMap = join_maps([Map1, Map2], Map),
+	  NewMap = join_maps_end([Map1, Map2], MapJ),
 	  NewType =
 	    case {t_atom_vals(Bool1), t_atom_vals(Bool2)} of
 	      {['true'] , ['true'] } -> t_atom(true);
@@ -2344,20 +2354,21 @@ handle_guard_or(Guard, Map, Env, Eval, State) ->
   [Arg1, Arg2] = cerl:call_args(Guard),
   case Eval of
     pos ->
+      MapJ = join_maps_begin(Map),
       {Map1, Bool1} =
-	try bind_guard(Arg1, Map, Env, pos, State)
+	try bind_guard(Arg1, MapJ, Env, pos, State)
 	catch
-	  throw:{fail,_} -> bind_guard(Arg1, Map, Env, dont_know, State)
+	  throw:{fail,_} -> bind_guard(Arg1, MapJ, Env, dont_know, State)
 	end,
       {Map2, Bool2} =
-	try bind_guard(Arg2, Map, Env, pos, State)
+	try bind_guard(Arg2, MapJ, Env, pos, State)
 	catch
-	  throw:{fail,_} -> bind_guard(Arg2, Map, Env, dont_know, State)
+	  throw:{fail,_} -> bind_guard(Arg2, MapJ, Env, dont_know, State)
 	end,
       case ((t_is_atom(true, Bool1) andalso t_is_boolean(Bool2))
 	    orelse
 	    (t_is_atom(true, Bool2) andalso t_is_boolean(Bool1))) of
-	true -> {join_maps([Map1, Map2], Map), t_atom(true)};
+	true -> {join_maps_end([Map1, Map2], MapJ), t_atom(true)};
 	false -> signal_guard_fail(Eval, Guard, [Bool1, Bool2], State)
       end;
     neg ->
@@ -2372,14 +2383,15 @@ handle_guard_or(Guard, Map, Env, Eval, State) ->
 	  end
       end;
     dont_know ->
-      {Map1, Type1} = bind_guard(Arg1, Map, Env, dont_know, State),
-      {Map2, Type2} = bind_guard(Arg2, Map, Env, dont_know, State),
+      MapJ = join_maps_begin(Map),
+      {Map1, Type1} = bind_guard(Arg1, MapJ, Env, dont_know, State),
+      {Map2, Type2} = bind_guard(Arg2, MapJ, Env, dont_know, State),
       Bool1 = t_inf(Type1, t_boolean()),
       Bool2 = t_inf(Type2, t_boolean()),
       case t_is_none(Bool1) orelse t_is_none(Bool2) of
 	true -> throw({fatal_fail, none});
 	false ->
-	  NewMap = join_maps([Map1, Map2], Map),
+	  NewMap = join_maps_end([Map1, Map2], MapJ),
 	  NewType =
 	    case {t_atom_vals(Bool1), t_atom_vals(Bool2)} of
 	      {['false'], ['false']} -> t_atom(false);
@@ -2493,8 +2505,9 @@ mk_guard_msg(Eval, F, Args, ArgTypes, State) ->
       end
   end.
 
-bind_guard_case_clauses(Arg, Clauses, Map, Env, Eval, State) ->
+bind_guard_case_clauses(Arg, Clauses, Map0, Env, Eval, State) ->
   Clauses1 = filter_fail_clauses(Clauses),
+  Map = join_maps_begin(Map0),
   {GenMap, GenArgType} = bind_guard(Arg, Map, Env, dont_know, State),
   bind_guard_case_clauses(GenArgType, GenMap, Arg, Clauses1, Map, Env, Eval,
 			  t_none(), [], State).
@@ -2594,7 +2607,7 @@ bind_guard_case_clauses(_GenArgType, _GenMap, _ArgExpr, [], Map, _Env, _Eval,
 			AccType, AccMaps, _State) ->
   case t_is_none(AccType) of
     true -> throw({fail, none});
-    false -> {join_maps(AccMaps, Map), AccType}
+    false -> {join_maps_end(AccMaps, Map), AccType}
   end.
 
 %%% ===========================================================================
@@ -2604,11 +2617,34 @@ bind_guard_case_clauses(_GenArgType, _GenMap, _ArgExpr, [], Map, _Env, _Eval,
 %%% ===========================================================================
 
 map__new() ->
-  {dict:new(), dict:new()}.
+  #map{}.
+
+%% join_maps_begin pushes 'modified' to the stack; join_maps pops
+%% 'modified' from the stack.
+
+join_maps_begin(#map{modified = M, modified_stack = S, ref = Ref} = Map) ->
+  Map#map{ref = make_ref(), modified = [], modified_stack = [{M,Ref} | S]}.
+
+join_maps_end(Maps, MapOut) ->
+  #map{ref = Ref, modified_stack = [{M1,R1} | S]} = MapOut,
+  true = lists:all(fun(M) -> M#map.ref =:= Ref end, Maps), % sanity
+  Keys0 = lists:usort(lists:append([M#map.modified || M <- Maps])),
+  #map{dict = Dict, subst = Subst} = MapOut,
+  Keys = [Key ||
+           Key <- Keys0,
+           dict:is_key(Key, Dict) orelse dict:is_key(Key, Subst)],
+  Out = case Maps of
+          [] -> join_maps(Maps, MapOut);
+          _ -> join_maps(Keys, Maps, MapOut)
+        end,
+  debug_join_check(Maps, MapOut, Out),
+  Out#map{ref = R1,
+          modified = Out#map.modified ++ M1, % duplicates possible
+          modified_stack = S}.
 
 join_maps(Maps, MapOut) ->
-  {Map, Subst} = MapOut,
-  Keys = ordsets:from_list(dict:fetch_keys(Map) ++ dict:fetch_keys(Subst)),
+  #map{dict = Dict, subst = Subst} = MapOut,
+  Keys = ordsets:from_list(dict:fetch_keys(Dict) ++ dict:fetch_keys(Subst)),
   join_maps(Keys, Maps, MapOut).
 
 join_maps([Key|Left], Maps, MapOut) ->
@@ -2631,6 +2667,17 @@ join_maps_one_key([Map|Left], Key, AccType) ->
 join_maps_one_key([], _Key, AccType) ->
   AccType.
 
+-ifdef(DEBUG).
+debug_join_check(Maps, MapOut, Out) ->
+  #map{dict = Dict, subst = Subst} = Out,
+  #map{dict = Dict2, subst = Subst2} = join_maps(Maps, MapOut),
+  F = fun(D) -> lists:keysort(1, dict:to_list(D)) end,
+  [throw({bug, join_maps}) ||
+    F(Dict) =/= F(Dict2) orelse F(Subst) =/= F(Subst2)].
+-else.
+debug_join_check(_Maps, _MapOut, _Out) -> ok.
+-endif.
+
 enter_type_lists([Key|KeyTail], [Val|ValTail], Map) ->
   Map1 = enter_type(Key, Val, Map),
   enter_type_lists(KeyTail, ValTail, Map1);
@@ -2643,20 +2690,21 @@ enter_type_list([{Key, Val}|Left], Map) ->
 enter_type_list([], Map) ->
   Map.
 
-enter_type(Key, Val, {Map, Subst} = MS) ->
+enter_type(Key, Val, MS) ->
   case cerl:is_literal(Key) of
     true -> MS;
     false ->
       case cerl:is_c_values(Key) of
 	true ->
-	  Keys = cerl:values_es(Key),
+          Keys = cerl:values_es(Key),
 	  case t_is_any(Val) orelse t_is_none(Val) of
 	    true ->
 	      enter_type_lists(Keys, [Val || _ <- Keys], MS);
 	    false ->
-	      enter_type_lists(cerl:values_es(Key), t_to_tlist(Val), MS)
+	      enter_type_lists(Keys, t_to_tlist(Val), MS)
 	  end;
 	false ->
+          #map{dict = Dict, subst = Subst} = MS,
 	  KeyLabel = get_label(Key),
 	  case dict:find(KeyLabel, Subst) of
 	    {ok, NewKey} ->
@@ -2664,21 +2712,25 @@ enter_type(Key, Val, {Map, Subst} = MS) ->
 	      enter_type(NewKey, Val, MS);
 	    error ->
 	      ?debug("Entering ~p :: ~s\n", [KeyLabel, t_to_string(Val)]),
-	      case dict:find(KeyLabel, Map) of
+	      case dict:find(KeyLabel, Dict) of
 		{ok, Val} -> MS;
-		{ok, _OldVal} -> {dict:store(KeyLabel, Val, Map), Subst};
-		error -> {dict:store(KeyLabel, Val, Map), Subst}
+		{ok, _OldVal} -> store_map(KeyLabel, Val, MS);
+		error -> store_map(KeyLabel, Val, MS)
 	      end
 	  end
       end
   end.
 
-enter_subst(Key, Val, {Map, Subst} = MS) ->
+store_map(Key, Val, #map{dict = Dict, ref = undefined} = Map) ->
+  Map#map{dict = dict:store(Key, Val, Dict)};
+store_map(Key, Val, #map{dict = Dict, modified = Mod} = Map) ->
+  Map#map{dict = dict:store(Key, Val, Dict), modified = [Key | Mod]}.
+
+enter_subst(Key, Val, #map{subst = Subst} = MS) ->
   KeyLabel = get_label(Key),
   case cerl:is_literal(Val) of
     true ->
-      NewMap = dict:store(KeyLabel, literal_type(Val), Map),
-      {NewMap, Subst};
+      store_map(KeyLabel, literal_type(Val), MS);
     false ->
       case cerl:is_c_var(Val) of
 	false -> MS;
@@ -2691,25 +2743,29 @@ enter_subst(Key, Val, {Map, Subst} = MS) ->
 	      if KeyLabel =:= ValLabel -> MS;
 		 true ->
 		  ?debug("Subst: storing ~p = ~p\n", [KeyLabel, ValLabel]),
-		  NewSubst = dict:store(KeyLabel, ValLabel, Subst),
-		  {Map, NewSubst}
+                  store_subst(KeyLabel, ValLabel, MS)
 	      end
 	  end
       end
   end.
 
-lookup_type(Key, {Map, Subst}) ->
-  lookup(Key, Map, Subst, t_none()).
+store_subst(Key, Val, #map{subst = S, ref = undefined} = Map) ->
+  Map#map{subst = dict:store(Key, Val, S)};
+store_subst(Key, Val, #map{subst = S, modified = Mod} = Map) ->
+  Map#map{subst = dict:store(Key, Val, S), modified = [Key | Mod]}.
+
+lookup_type(Key, #map{dict = Dict, subst = Subst}) ->
+  lookup(Key, Dict, Subst, t_none()).
 
-lookup(Key, Map, Subst, AnyNone) ->
+lookup(Key, Dict, Subst, AnyNone) ->
   case cerl:is_literal(Key) of
     true -> literal_type(Key);
     false ->
       Label = get_label(Key),
       case dict:find(Label, Subst) of
-	{ok, NewKey} -> lookup(NewKey, Map, Subst, AnyNone);
+	{ok, NewKey} -> lookup(NewKey, Dict, Subst, AnyNone);
 	error ->
-	  case dict:find(Label, Map) of
+	  case dict:find(Label, Dict) of
 	    {ok, Val} -> Val;
 	    error -> AnyNone
 	  end
@@ -2744,8 +2800,8 @@ mark_as_fresh([], Map) ->
   Map.
 
 -ifdef(DEBUG).
-debug_pp_map(Map = {Map0, _Subst}) ->
-  Keys = dict:fetch_keys(Map0),
+debug_pp_map(#map{dict = Dict}=Map) ->
+  Keys = dict:fetch_keys(Dict),
   io:format("Map:\n", []),
   lists:foreach(fun (Key) ->
 		    io:format("\t~w :: ~s\n",
diff --git a/lib/dialyzer/src/dialyzer_gui.erl b/lib/dialyzer/src/dialyzer_gui.erl
index ccd80a4835..f60194e01f 100644
--- a/lib/dialyzer/src/dialyzer_gui.erl
+++ b/lib/dialyzer/src/dialyzer_gui.erl
@@ -28,6 +28,23 @@
 %%%-----------------------------------------------------------------------
 
 -module(dialyzer_gui).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,editor,2}},
+          {nowarn_deprecated_function,{gs,entry,2}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,listbox,2}},
+          {nowarn_deprecated_function,{gs,menu,2}},
+          {nowarn_deprecated_function,{gs,menubar,2}},
+          {nowarn_deprecated_function,{gs,menubutton,2}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,radiobutton,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,stop,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/1]).
 
diff --git a/lib/dialyzer/src/dialyzer_typesig.erl b/lib/dialyzer/src/dialyzer_typesig.erl
index 92868b6878..4268814859 100644
--- a/lib/dialyzer/src/dialyzer_typesig.erl
+++ b/lib/dialyzer/src/dialyzer_typesig.erl
@@ -2046,8 +2046,7 @@ lookup_type(Key, Map) ->
   %% case cerl:is_literal(Key) of
   %%   true -> t_from_term(cerl:concrete(Key));
   %%   false ->
-  Subst = t_subst(Key, Map),
-  t_sup(Subst, Subst).
+  t_subst(Key, Map).
   %% end.
 
 mk_var(Var) ->
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/results/callbacks_and_specs b/lib/dialyzer/test/behaviour_SUITE_data/results/callbacks_and_specs
index da498c225d..33d135048e 100644
--- a/lib/dialyzer/test/behaviour_SUITE_data/results/callbacks_and_specs
+++ b/lib/dialyzer/test/behaviour_SUITE_data/results/callbacks_and_specs
@@ -1,5 +1,5 @@
 
 my_callbacks_wrong.erl:26: The return type #state{parent::'undefined' | pid(),status::'closed' | 'init' | 'open',subscribe::[{pid(),integer()}],counter::integer()} in the specification of callback_init/1 is not a subtype of {'ok',_}, which is the expected return type for the callback of my_behaviour behaviour
 my_callbacks_wrong.erl:28: The inferred return type of callback_init/1 (#state{parent::'undefined' | pid(),status::'init',subscribe::[],counter::1}) has nothing in common with {'ok',_}, which is the expected return type for the callback of my_behaviour behaviour
-my_callbacks_wrong.erl:30: The return type {'noreply',#state{parent::'undefined' | pid(),status::'closed' | 'init' | 'open',subscribe::[{pid(),integer()}],counter::integer()}} | {'reply',#state{parent::'undefined' | pid(),status::'closed' | 'init' | 'open',subscribe::[{pid(),integer()}],counter::integer()}} in the specification of callback_cast/3 is not a subtype of {'noreply',_}, which is the expected return type for the callback of my_behaviour behaviour
+my_callbacks_wrong.erl:30: The return type {'reply',#state{parent::'undefined' | pid(),status::'closed' | 'init' | 'open',subscribe::[{pid(),integer()}],counter::integer()}} in the specification of callback_cast/3 is not a subtype of {'noreply',_}, which is the expected return type for the callback of my_behaviour behaviour
 my_callbacks_wrong.erl:39: The specified type for the 2nd argument of callback_call/3 (atom()) is not a supertype of pid(), which is expected type for this argument in the callback of the my_behaviour behaviour
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/results/gen_event_incorrect_return b/lib/dialyzer/test/behaviour_SUITE_data/results/gen_event_incorrect_return
index 2afb5db133..e646eea383 100644
--- a/lib/dialyzer/test/behaviour_SUITE_data/results/gen_event_incorrect_return
+++ b/lib/dialyzer/test/behaviour_SUITE_data/results/gen_event_incorrect_return
@@ -1,2 +1,2 @@
 
-gen_event_incorrect_return.erl:16: The inferred return type of init/1 ('error') has nothing in common with {'ok',_} | {'ok',_,'hibernate'}, which is the expected return type for the callback of gen_event behaviour
+gen_event_incorrect_return.erl:16: The inferred return type of init/1 ('error') has nothing in common with {'error',_} | {'ok',_} | {'ok',_,'hibernate'}, which is the expected return type for the callback of gen_event behaviour
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/results/vars_in_beh_spec b/lib/dialyzer/test/behaviour_SUITE_data/results/vars_in_beh_spec
new file mode 100644
index 0000000000..5284e412f0
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/results/vars_in_beh_spec
@@ -0,0 +1,6 @@
+
+vars_in_beh_spec.erl:3: Undefined callback function handle_call/3 (behaviour 'gen_server')
+vars_in_beh_spec.erl:3: Undefined callback function handle_cast/2 (behaviour 'gen_server')
+vars_in_beh_spec.erl:3: Undefined callback function handle_info/2 (behaviour 'gen_server')
+vars_in_beh_spec.erl:3: Undefined callback function init/1 (behaviour 'gen_server')
+vars_in_beh_spec.erl:3: Undefined callback function terminate/2 (behaviour 'gen_server')
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/vars_in_beh_spec.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/vars_in_beh_spec.erl
new file mode 100644
index 0000000000..dc75b30d0e
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/vars_in_beh_spec.erl
@@ -0,0 +1,10 @@
+-module(vars_in_beh_spec).
+
+-behaviour(gen_server).
+
+-export([code_change/3]).
+
+-spec code_change(_, State, _) -> {ok, State}.
+
+code_change(_, State, _) ->
+    {ok, State}.
diff --git a/lib/dialyzer/test/r9c_SUITE_data/results/inets b/lib/dialyzer/test/r9c_SUITE_data/results/inets
index 6b16dba2ff..24cb39e52b 100644
--- a/lib/dialyzer/test/r9c_SUITE_data/results/inets
+++ b/lib/dialyzer/test/r9c_SUITE_data/results/inets
@@ -12,7 +12,6 @@ httpc_manager.erl:145: The pattern {ErrorReply, State2} can never match the type
 httpc_manager.erl:160: The pattern {ErrorReply, State2} can never match the type {{'ok',number()},number(),#state{reqid::number()}}
 httpc_manager.erl:478: The pattern {'error', Reason} can never match the type 'ok' | {number(),#session{clientclose::boolean(),pipeline::[],quelength::1}}
 httpc_manager.erl:490: The pattern {'error', Reason} can never match the type 'ok' | {number(),#session{clientclose::boolean(),pipeline::[],quelength::1}}
-httpd.erl:583: The pattern <{'error', Reason}, _Fd, SoFar> can never match the type <[any()],pid(),[[any(),...]]>
 httpd_acceptor.erl:105: The pattern {'error', Reason} can never match the type {'ok',pid()}
 httpd_acceptor.erl:110: Function handle_connection_err/4 will never be called
 httpd_acceptor.erl:168: Function report_error/2 will never be called
@@ -24,8 +23,7 @@ httpd_manager.erl:933: Function acceptor_status/1 will never be called
 httpd_request_handler.erl:374: The call httpd_response:send_status(Info::#mod{parsed_header::maybe_improper_list()},417,[32 | 66 | 98 | 100 | 103 | 105 | 111 | 116 | 121,...]) will never return since it differs in the 2nd argument from the success typing arguments: (#mod{socket_type::'ip_comm' | {'ssl',_}},100 | 301 | 304 | 400 | 401 | 403 | 404 | 412 | 414 | 416 | 500 | 501 | 503,any())
 httpd_request_handler.erl:378: The call httpd_response:send_status(Info::#mod{parsed_header::maybe_improper_list()},417,[32 | 77 | 97 | 100 | 101 | 104 | 108 | 110 | 111 | 116 | 119,...]) will never return since it differs in the 2nd argument from the success typing arguments: (#mod{socket_type::'ip_comm' | {'ssl',_}},100 | 301 | 304 | 400 | 401 | 403 | 404 | 412 | 414 | 416 | 500 | 501 | 503,any())
 httpd_request_handler.erl:401: The call httpd_response:send_status(Info::#mod{parsed_header::maybe_improper_list()},417,[32 | 77 | 97 | 100 | 101 | 104 | 108 | 110 | 111 | 116 | 119,...]) will never return since it differs in the 2nd argument from the success typing arguments: (#mod{socket_type::'ip_comm' | {'ssl',_}},100 | 301 | 304 | 400 | 401 | 403 | 404 | 412 | 414 | 416 | 500 | 501 | 503,any())
-httpd_request_handler.erl:644: The call lists:reverse(Fields0::{'error',_} | {'ok',_}) will never return since it differs in the 1st argument from the success typing arguments: ([any()])
-httpd_request_handler.erl:645: Function will never be called
+httpd_request_handler.erl:649: Guard test [{_,_}] =:= Trailers::nonempty_string() can never succeed
 httpd_sup.erl:63: The variable Else can never match since previous clauses completely covered the type {'error',_} | {'ok',[any()],_,_}
 httpd_sup.erl:88: The pattern {'error', Reason} can never match the type {'ok',_,_}
 httpd_sup.erl:92: The variable Else can never match since previous clauses completely covered the type {'ok',_,_}
@@ -40,10 +38,10 @@ mod_dir.erl:72: The pattern {'error', Reason} can never match the type {'ok',[[[
 mod_get.erl:135: The pattern <{'enfile', _}, _Info, Path> can never match the type <atom(),#mod{},atom() | binary() | [atom() | [any()] | char()]>
 mod_head.erl:80: The pattern <{'enfile', _}, _Info, Path> can never match the type <atom(),#mod{},atom() | binary() | [atom() | [any()] | char()]>
 mod_htaccess.erl:460: The pattern {'error', BadData} can never match the type {'ok',_}
-mod_include.erl:193: The pattern {_, Name, {[], []}} can never match the type {[any()],[any()],string()}
-mod_include.erl:195: The pattern {_, Name, {PathInfo, []}} can never match the type {[any()],[any()],string()}
-mod_include.erl:197: The pattern {_, Name, {PathInfo, QueryString}} can never match the type {[any()],[any()],string()}
-mod_include.erl:201: The variable Gurka can never match since previous clauses completely covered the type {[any()],[any()],string()}
+mod_include.erl:193: The pattern {_, Name, {[], []}} can never match the type {[any()],[any()],maybe_improper_list()}
+mod_include.erl:195: The pattern {_, Name, {PathInfo, []}} can never match the type {[any()],[any()],maybe_improper_list()}
+mod_include.erl:197: The pattern {_, Name, {PathInfo, QueryString}} can never match the type {[any()],[any()],maybe_improper_list()}
+mod_include.erl:201: The variable Gurka can never match since previous clauses completely covered the type {[any()],[any()],maybe_improper_list()}
 mod_include.erl:692: The pattern <{'read', Reason}, Info, Path> can never match the type <{'open',atom()},#mod{},atom() | binary() | [atom() | [any()] | char()]>
 mod_include.erl:706: The pattern <{'enfile', _}, _Info, Path> can never match the type <atom(),#mod{},atom() | binary() | [atom() | [any()] | char()]>
 mod_include.erl:716: Function read_error/3 will never be called
diff --git a/lib/dialyzer/test/small_SUITE_data/src/maybe_improper.erl b/lib/dialyzer/test/small_SUITE_data/src/maybe_improper.erl
new file mode 100644
index 0000000000..1743d81493
--- /dev/null
+++ b/lib/dialyzer/test/small_SUITE_data/src/maybe_improper.erl
@@ -0,0 +1,7 @@
+-module(maybe_improper).
+
+-export([s/1]).
+
+-spec s(maybe_improper_list(X,Y)) -> {[X], maybe_improper_list(X,Y)}.
+s(A) ->
+    lists:split(2,A).
diff --git a/lib/dialyzer/test/underspecs_SUITE_data/dialyzer_options b/lib/dialyzer/test/underspecs_SUITE_data/dialyzer_options
new file mode 100644
index 0000000000..f7197ac30f
--- /dev/null
+++ b/lib/dialyzer/test/underspecs_SUITE_data/dialyzer_options
@@ -0,0 +1 @@
+{dialyzer_options, [{warnings, [underspecs]}]}.
diff --git a/lib/dialyzer/test/underspecs_SUITE_data/results/remote b/lib/dialyzer/test/underspecs_SUITE_data/results/remote
new file mode 100644
index 0000000000..1e0cda3bde
--- /dev/null
+++ b/lib/dialyzer/test/underspecs_SUITE_data/results/remote
@@ -0,0 +1,9 @@
+
+remotes1.erl:17: The specification for remotes1:foo5/1 states that the function might also return 'ko' but the inferred return is 'ok'
+remotes1.erl:20: Type specification remotes1:foo6('ok' | 'ko') -> 'ok' is a supertype of the success typing: remotes1:foo6('ok') -> 'ok'
+remotes1.erl:25: The specification for remotes1:foo7/1 states that the function might also return 'ko' but the inferred return is 'ok'
+remotes1.erl:28: Type specification remotes1:foo8(local_type_42()) -> 'ok' is a supertype of the success typing: remotes1:foo8('ok') -> 'ok'
+remotes1.erl:33: The specification for remotes1:foo9/1 states that the function might also return 'ko' but the inferred return is 'ok'
+remotes1.erl:36: Type specification remotes1:foo10(local_and_known_remote_type_42()) -> 'ok' is a supertype of the success typing: remotes1:foo10('ok') -> 'ok'
+remotes1.erl:49: Type specification remotes1:foo13('ok') -> local_and_unknown_remote_type_42() is a supertype of the success typing: remotes1:foo13('ok') -> 'ok'
+remotes1.erl:52: Type specification remotes1:foo14(local_and_unknown_remote_type_42()) -> 'ok' is a supertype of the success typing: remotes1:foo14('ok') -> 'ok'
diff --git a/lib/dialyzer/test/underspecs_SUITE_data/src/remote/remotes1.erl b/lib/dialyzer/test/underspecs_SUITE_data/src/remote/remotes1.erl
new file mode 100644
index 0000000000..b722495095
--- /dev/null
+++ b/lib/dialyzer/test/underspecs_SUITE_data/src/remote/remotes1.erl
@@ -0,0 +1,61 @@
+-module(remotes1).
+
+-compile(export_all).
+
+-spec foo1(some_unknown_remote:type42()) -> ok.
+foo1(ok) -> ok.
+
+-spec foo2(ok) -> some_unknown_remote:type42().
+foo2(ok) -> ok.
+
+-spec foo3(some_known_remote:type42()) -> ok.
+foo3(ok) -> ok.
+
+-spec foo4(ok) -> some_known_remote:type42().
+foo4(ok) -> ok.
+
+-spec foo5(ok|ko) -> ok|ko.
+foo5(ok) -> ok.
+
+-spec foo6(ok|ko) -> ok.
+foo6(ok) -> ok.
+
+-type local_type_42() :: ok | ko.
+
+-spec foo7(ok) -> local_type_42().
+foo7(ok) -> ok.
+
+-spec foo8(local_type_42()) -> ok.
+foo8(ok) -> ok.
+
+-type local_and_known_remote_type_42() :: some_known_remote:type42() | ok | ko.
+
+-spec foo9(ok) -> local_and_known_remote_type_42().
+foo9(ok) -> ok.
+
+-spec foo10(local_and_known_remote_type_42()) -> ok.
+foo10(ok) -> ok.
+
+-type local_and_ok_known_remote_type_42() :: some_known_remote:type42() | ok.
+
+-spec foo11(ok) -> local_and_ok_known_remote_type_42().
+foo11(ok) -> ok.
+
+-spec foo12(local_and_ok_known_remote_type_42()) -> ok.
+foo12(ok) -> ok.
+
+-type local_and_unknown_remote_type_42() :: some_unknown_remote:type42() | ok | ko.
+
+-spec foo13(ok) -> local_and_unknown_remote_type_42().
+foo13(ok) -> ok.
+
+-spec foo14(local_and_unknown_remote_type_42()) -> ok.
+foo14(ok) -> ok.
+
+-type local_and_ok_unknown_remote_type_42() :: some_unknown_remote:type42() | ok.
+
+-spec foo15(ok) -> local_and_ok_unknown_remote_type_42().
+foo15(ok) -> ok.
+
+-spec foo16(local_and_ok_unknown_remote_type_42()) -> ok.
+foo16(ok) -> ok.
diff --git a/lib/dialyzer/test/underspecs_SUITE_data/src/remote/some_known_remote.erl b/lib/dialyzer/test/underspecs_SUITE_data/src/remote/some_known_remote.erl
new file mode 100644
index 0000000000..437f1e7826
--- /dev/null
+++ b/lib/dialyzer/test/underspecs_SUITE_data/src/remote/some_known_remote.erl
@@ -0,0 +1,5 @@
+-module(some_known_remote).
+
+-export_type([type42/0]).
+
+-type type42() :: ok | ko.
diff --git a/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_1 b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_1
new file mode 100644
index 0000000000..de416455e2
--- /dev/null
+++ b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_1
@@ -0,0 +1,2 @@
+
+nowarn_unused_function_1.erl:17: Function f3/1 will never be called
diff --git a/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_2 b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_2
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_2
diff --git a/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_3 b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_3
new file mode 100644
index 0000000000..8ae78673d5
--- /dev/null
+++ b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_3
@@ -0,0 +1,3 @@
+
+nowarn_unused_function_3.erl:12: Function f2/1 will never be called
+nowarn_unused_function_3.erl:9: Function f1/1 will never be called
diff --git a/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_1.erl b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_1.erl
new file mode 100644
index 0000000000..fcce532f73
--- /dev/null
+++ b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_1.erl
@@ -0,0 +1,18 @@
+%% Test that option 'nowarn_unused_funcion' works similarly in
+%% Dialyzer as in the compiler.
+
+-module(nowarn_unused_function_1).
+
+-compile(warn_unused_function).
+
+-compile({nowarn_unused_function,f1/1}).
+f1(_) ->
+    a.
+
+-compile({nowarn_unused_function,[{f2,1}]}).
+f2(_) ->
+    a.
+
+-compile({warn_unused_function,[{f3,1}]}).
+f3(_) ->
+    a.
diff --git a/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_2.erl b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_2.erl
new file mode 100644
index 0000000000..9bc3ab14ea
--- /dev/null
+++ b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_2.erl
@@ -0,0 +1,18 @@
+%% Test that option 'nowarn_unused_funcion' works similarly in
+%% Dialyzer as in the compiler.
+
+-module(nowarn_unused_function_2).
+
+-compile(nowarn_unused_function).
+
+-compile({warn_unused_function,f1/1}).
+f1(_) ->
+    a.
+
+-compile({warn_unused_function,[{f2,1}]}).
+f2(_) ->
+    a.
+
+-compile({nowarn_unused_function,[{f3,1}]}).
+f3(_) ->
+    a.
diff --git a/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_3.erl b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_3.erl
new file mode 100644
index 0000000000..604c5e436b
--- /dev/null
+++ b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_3.erl
@@ -0,0 +1,16 @@
+%% Test that option 'nowarn_unused_funcion' works similarly in
+%% Dialyzer as in the compiler.
+
+-module(nowarn_unused_function_3).
+
+-compile({warn_unused_function,[{f1,1},{f2,1}]}).
+-compile({nowarn_unused_function,[{f3,1}]}).
+
+f1(_) ->
+    a.
+
+f2(_) ->
+    a.
+
+f3(_) ->
+    a.
diff --git a/lib/dialyzer/vsn.mk b/lib/dialyzer/vsn.mk
index a7e82b54ce..622e51b859 100644
--- a/lib/dialyzer/vsn.mk
+++ b/lib/dialyzer/vsn.mk
@@ -1 +1 @@
-DIALYZER_VSN = 2.4.4
+DIALYZER_VSN = 2.5
diff --git a/lib/diameter/bin/diameterc b/lib/diameter/bin/diameterc
index c0e83ea1a4..a72ba2d75c 100755
--- a/lib/diameter/bin/diameterc
+++ b/lib/diameter/bin/diameterc
@@ -73,24 +73,30 @@ gen(Args) ->
     end.
 
 compile(#argv{file = File, options = Opts} = A) ->
-    try
-        Spec = diameter_spec_util:parse(File, Opts),
-        maybe_output(A, Spec, Opts, spec), %% the spec file
-        maybe_output(A, Spec, Opts, erl),  %% the erl file
-        maybe_output(A, Spec, Opts, hrl),  %% The hrl file
-        0
+    try diameter_dict_util:parse({path, File}, Opts) of
+        {ok, Spec} ->
+            maybe_output(A, Spec, Opts, spec), %% the spec file
+            maybe_output(A, Spec, Opts, erl),  %% the erl file
+            maybe_output(A, Spec, Opts, hrl),  %% The hrl file
+            0;
+        {error, Reason} ->
+            error_msg(diameter_dict_util:format_error(Reason), []),
+            1
     catch
         error: Reason ->
-            error_msg({"ERROR: ~p~n  ~p", [Reason, erlang:get_stacktrace()]}),
+            error_msg("ERROR: ~p~n  ~p", [Reason, erlang:get_stacktrace()]),
             2
     end.
 
 maybe_output(#argv{file = File, output = Output}, Spec, Opts, Mode) ->
     lists:member(Mode, Output)
-        andalso diameter_codegen:from_spec(File, Spec, Opts, Mode).
+        andalso diameter_codegen:from_dict(File, Spec, Opts, Mode).
 
 error_msg({Fmt, Args}) ->
-    io:format(standard_error, Fmt ++ "~n", Args).
+    error_msg(Fmt, Args).
+
+error_msg(Fmt, Args) ->
+    io:format(standard_error, "** " ++ Fmt ++ "~n", Args).
 
 norm({_,_} = T) ->
     T;
diff --git a/lib/diameter/doc/src/diameter.xml b/lib/diameter/doc/src/diameter.xml
index 2d8edb1301..93e2603c10 100644
--- a/lib/diameter/doc/src/diameter.xml
+++ b/lib/diameter/doc/src/diameter.xml
@@ -107,7 +107,9 @@ belonging to the application.</p>
 <marker id="application_module"/>
 </item>
 
-<tag><c>application_module() = Mod | [Mod | ExtraArgs]</c></tag>
+<tag><c>application_module() = Mod
+                             | [Mod | ExtraArgs]
+                             | #diameter_callback{}</c></tag>
 <item>
 <code>
 Mod = atom()
@@ -125,6 +127,14 @@ specified to <seealso marker="#call">call/4</seealso>, in which case
 the call-specific arguments are appended to any specified with the
 callback module.</p>
 
+<p>
+Specifying a <c>#diameter_callback{}</c> record allows individual
+functions to be configured in place of the usual <seealso
+marker="diameter_app">diameter_app(3)</seealso> callbacks, with
+default implementations provided by module <c>diameter_callback</c>
+unless otherwise specified.
+See that module for details.</p>
+
 <marker id="application_opt"/>
 </item>
 
diff --git a/lib/diameter/doc/src/diameter_dict.xml b/lib/diameter/doc/src/diameter_dict.xml
index e7c530f1b8..cc638dbc18 100644
--- a/lib/diameter/doc/src/diameter_dict.xml
+++ b/lib/diameter/doc/src/diameter_dict.xml
@@ -36,7 +36,7 @@ under the License.
 <!-- ===================================================================== -->
 
 <file>diameter_dict</file>
-<filesummary>Dictionary inteface of the diameter application.</filesummary>
+<filesummary>Dictionary interface of the diameter application.</filesummary>
 
 <description>
 <p>
@@ -44,9 +44,9 @@ A diameter service as configured with <seealso
 marker="diameter#start_service">diameter:start_service/2</seealso>
 specifies one or more supported Diameter applications.
 Each Diameter application specifies a dictionary module that knows how
-to encode and decode its messages and AVP's.
+to encode and decode its messages and AVPs.
 The dictionary module is in turn generated from a file that defines
-these messages and AVP's.
+these messages and AVPs.
 The format of such a file is defined in
 <seealso marker="#FILE_FORMAT">FILE FORMAT</seealso> below.
 Users add support for their specific applications by creating
@@ -56,7 +56,7 @@ resulting dictionaries modules on a service.</p>
 
 <p>
 The codec generation also results in a hrl file that defines records
-for the messages and grouped AVP's defined for the application, these
+for the messages and grouped AVPs defined for the application, these
 records being what a user of the diameter application sends and receives.
 (Modulo other available formats as discussed in <seealso
 marker="diameter_app">diameter_app(3)</seealso>.)
@@ -74,14 +74,14 @@ corresponding to applications defined in section 2.4 of RFC 3588:
 application with application identifier 0,
 <c>diameter_gen_accounting</c> for the Diameter Base Accounting
 application with application identifier 3 and
-<c>diameter_gen_relay</c>the Relay application with application
+<c>diameter_gen_relay</c> the Relay application with application
 identifier 0xFFFFFFFF.
 The Common Message and Relay applications are the only applications
 that diameter itself has any specific knowledge of.
 The Common Message application is used for messages that diameter
 itself handles: CER/CEA, DWR/DWA and DPR/DPA.
 The Relay application is given special treatment with regard to
-encode/decode since the messages and AVP's it handles are not specifically
+encode/decode since the messages and AVPs it handles are not specifically
 defined.</p>
 
 <marker id="FILE_FORMAT"/>
@@ -94,18 +94,16 @@ defined.</p>
 
 <p>
 A dictionary file consists of distinct sections.
-Each section starts with a line consisting of a tag
-followed by zero or more arguments.
-Each section ends at the the start of the next section or end of file.
+Each section starts with a tag followed by zero or more arguments
+and ends at the the start of the next section or end of file.
 Tags consist of an ampersand character followed by a keyword and are
 separated from their arguments by whitespace.
-Whitespace within a section separates individual tokens but its
-quantity is insignificant.</p>
+Whitespace separates individual tokens but is otherwise insignificant.</p>
 
 <p>
 The tags, their arguments and the contents of each corresponding
 section are as follows.
-Each section can occur at most once unless otherwise specified.
+Each section can occur multiple times unless otherwise specified.
 The order in which sections are specified is unimportant.</p>
 
 <taglist>
@@ -115,7 +113,8 @@ The order in which sections are specified is unimportant.</p>
 <p>
 Defines the integer Number as the Diameter Application Id of the
 application in question.
-Required if the dictionary defines <c>@messages</c>.
+Can occur at most once and is required if the dictionary defines
+<c>@messages</c>.
 The section has empty content.</p>
 
 <p>
@@ -136,16 +135,13 @@ Example:</p>
 <item>
 <p>
 Defines the name of the generated dictionary module.
-The section has empty content.
-Mod must match the regular expression '^[a-zA-Z0-9][-_a-zA-Z0-9]*$';
-that is, contains only alphanumerics, hyphens and underscores begin with an
-alphanumeric.</p>
+Can occur at most once and defaults to the name of the dictionary file
+minus any extension if unspecified.
+The section has empty content.</p>
 
 <p>
-A name is optional and defaults to the name of the dictionary file
-minus any extension.
-Note that a generated module must have a unique name an not colide
-with another module in the system.</p>
+Note that a dictionary module should have a unique name so as not collide
+with existing modules in the system.</p>
 
 <p>
 Example:</p>
@@ -159,22 +155,22 @@ Example:</p>
 <tag><c>@prefix Name</c></tag>
 <item>
 <p>
-Defines Name as the prefix to be added to record and constant names in
-the generated dictionary module and hrl.
-The section has empty content.
-Name must be of the same form as a @name.</p>
+Defines Name as the prefix to be added to record and constant names
+(followed by a <c>'_'</c> character) in the generated dictionary
+module and hrl.
+Can occur at most once.
+The section has empty content.</p>
 
 <p>
-A prefix is optional but can
-be used to disambiguate record and constant names
-resulting from similarly named messages and AVP's in different
-Diameter applications.</p>
+A prefix is optional but can be be used to disambiguate between record
+and constant names resulting from similarly named messages and AVPs in
+different Diameter applications.</p>
 
 <p>
 Example:</p>
 
 <code>
-@prefix etsi_e2_
+@prefix etsi_e2
 </code>
 
 </item>
@@ -182,10 +178,12 @@ Example:</p>
 <tag><c>@vendor Number Name</c></tag>
 <item>
 <p>
-Defines the integer Number as the the default Vendor-ID of AVP's for
+Defines the integer Number as the the default Vendor-Id of AVPs for
 which the V flag is set.
 Name documents the owner of the application
 but is otherwise unused.
+Can occur at most once and is required if an AVP sets the V flag and
+is not otherwise assigned a Vendor-Id.
 The section has empty content.</p>
 
 <p>
@@ -200,10 +198,9 @@ Example:</p>
 <tag><c>@avp_vendor_id Number</c></tag>
 <item>
 <p>
-Defines the integer Number as the Vendor-ID of the AVP's listed in the
+Defines the integer Number as the Vendor-Id of the AVPs listed in the
 section content, overriding the <c>@vendor</c> default.
-The section content consists of AVP names.
-Can occur zero or more times (with different values of Number).</p>
+The section content consists of AVP names.</p>
 
 <p>
 Example:</p>
@@ -221,13 +218,27 @@ Region-Set
 <tag><c>@inherits Mod</c></tag>
 <item>
 <p>
-Defines the name of a generated dictionary module containing AVP
-definitions referenced by the dictionary but not defined by it.
-The section content is empty.</p>
+Defines the name of a dictionary module containing AVP
+definitions that should be imported into the current dictionary.
+The section content consists of the names of those AVPs whose
+definitions should be imported from the dictionary, an empty list
+causing all to be imported.
+Any listed AVPs must not be defined in the current dictionary and
+it is an error to inherit the same AVP from more than one
+dictionary.</p>
 
 <p>
-Can occur 0 or more times (with different values of Mod) but all
-dictionaries should typically inherit RFC3588 AVPs from
+Note that an inherited AVP that sets the V flag takes its Vendor-Id
+from either <c>@avp_vendor_id</c> in the inheriting dictionary or
+<c>@vendor</c> in the inherited dictionary.
+In particular, <c>@avp_vendor_id</c> in the inherited dictionary is
+ignored.
+Inheriting from a dictionary that specifies the required <c>@vendor</c>
+is equivalent to using <c>@avp_vendor_id</c> with a copy of the
+dictionary's definitions but the former makes for easier reuse.</p>
+
+<p>
+All dictionaries should typically inherit RFC3588 AVPs from
 <c>diameter_gen_base_rfc3588</c>.</p>
 
 <p>
@@ -248,13 +259,11 @@ The section consists of definitions of the form</p>
 <p><c>Name Code Type Flags</c></p>
 
 <p>
-where Code is the integer AVP code, Flags is a string of V,
-M and P characters indicating the flags to be
-set on an outgoing AVP or a single - (minus) character if none are to
-be set.
-Type identifies either an AVP Data Format as defined in <seealso
-marker="#DATA_TYPES">DATA TYPES</seealso> below or a
-type as defined by a <c>@custom_types</c> tag.</p>
+where Code is the integer AVP code, Type identifies an AVP Data Format
+as defined in <seealso marker="#DATA_TYPES">DATA TYPES</seealso> below,
+and Flags is a string of V, M and P characters indicating the flags to be
+set on an outgoing AVP or a single <c>'-'</c> (minus) character if
+none are to be set.</p>
 
 <p>
 Example:</p>
@@ -262,8 +271,8 @@ Example:</p>
 <code>
 @avp_types
 
-Location-Information   350  Grouped     VM
-Requested-Information  353  Enumerated  V
+Location-Information   350  Grouped     MV
+Requested-Information  353  Enumerated   V
 </code>
 
 <p>
@@ -276,21 +285,36 @@ to 0 as mandated by the current draft standard.</p>
 <tag><c>@custom_types Mod</c></tag>
 <item>
 <p>
-Defines AVPs for which module Mod provides encode/decode.
-The section contents consists of type names.
-For each AVP Name defined with custom type Type, Mod should export the
-function Name/3 with arguments encode|decode, Type and Data,
-the latter being the term to be encoded/decoded.
-The function returns the encoded/decoded value.</p>
+Specifies AVPs for which module Mod provides encode/decode functions.
+The section contents consists of AVP names.
+For each such name, <c>Mod:Name(encode|decode, Type, Data)</c> is
+expected to provide encode/decode for values of the AVP, where Name is
+the name of the AVP, Type is it's type as declared in the
+<c>@avp_types</c> section of the dictionary and Data is the value to
+encode/decode.</p>
+
+<p>
+Example:</p>
+
+<code>
+@custom_types rfc4005_avps
+
+Framed-IP-Address
+</code>
+</item>
 
+<tag><c>@codecs Mod</c></tag>
+<item>
 <p>
-Can occur 0 or more times (with different values of Mod).</p>
+Like <c>@custom_types</c> but requires the specified module to export
+<c>Mod:Type(encode|decode, Name, Data)</c> rather than
+<c>Mod:Name(encode|decode, Type, Data)</c>.</p>
 
 <p>
 Example:</p>
 
 <code>
-@custom_types rfc4005_types
+@codecs rfc4005_avps
 
 Framed-IP-Address
 </code>
@@ -360,6 +384,10 @@ SIP-Deregistration-Reason ::= &lt; AVP Header: 383 >
                               [ SIP-Reason-Info ]
                             * [ AVP ]
 </code>
+
+<p>
+Specifying a Vendor-Id in the definition of a grouped AVP is
+equivalent to specifying it with <c>@avp_vendor_id</c>.</p>
 </item>
 
 <tag><c>@enum Name</c></tag>
@@ -371,11 +399,9 @@ Integer values can be prefixed with 0x to be interpreted as
 hexidecimal.</p>
 
 <p>
-Can occur 0 or more times (with different values of Name).
-The AVP in question can be defined in an inherited dictionary in order
-to introduce additional values.
-An AVP so extended must be referenced by in a <c>@messages</c> or
-<c>@grouped</c> section.</p>
+Note that the AVP in question can be defined in an inherited
+dictionary in order to introduce additional values to an enumeration
+otherwise defined in another dictionary.</p>
 
 <p>
 Example:</p>
@@ -390,11 +416,18 @@ REMOVE_SIP_SERVER        3
 </code>
 </item>
 
+<tag><c>@end</c></tag>
+<item>
+<p>
+Causes parsing of the dictionary to terminate:
+any remaining content is ignored.</p>
+</item>
+
 </taglist>
 
 <p>
 Comments can be included in a dictionary file using semicolon:
-text from a semicolon to end of line is ignored.</p>
+characters from a semicolon to end of line are ignored.</p>
 
 <marker id="MESSAGE_RECORDS"/>
 </section>
diff --git a/lib/diameter/doc/src/notes.xml b/lib/diameter/doc/src/notes.xml
index e2723f3e99..6e364a3200 100644
--- a/lib/diameter/doc/src/notes.xml
+++ b/lib/diameter/doc/src/notes.xml
@@ -36,6 +36,120 @@ first.</p>
 
 <!-- ===================================================================== -->
 
+<section><title>Diameter 1.0</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fix faulty cleanup after diameter:remove_transport/2.</p>
+          <p>
+	    Removing a transport removed the configuration but did
+	    not prevent the transport process from being restarted.</p>
+          <p>
+	    Own Id: OTP-9756</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Add support for TLS over TCP.</p>
+          <p>
+	    RFC 3588 requires that a Diameter server support TLS. In
+	    practice this seems to mean TLS over SCTP since there are
+	    limitations with running over SCTP: see RFC 6083 (DTLS
+	    over SCTP), which is a response to RFC 3436 (TLS over
+	    SCTP). The current RFC 3588 draft acknowledges this by
+	    equating TLS with TLS/TCP and DTLS/SCTP.</p>
+          <p>
+	    TLS handshaking can take place either following a CER/CEA
+	    that negotiates TLS using the Inband-Security-Id AVP (the
+	    method documented in RFC 3588) or immediately following
+	    connection establishment (the method added to the current
+	    draft).</p>
+          <p>
+	    Own Id: OTP-9605</p>
+        </item>
+        <item>
+          <p>
+	    Improvements to the dictionary parser.</p>
+          <p>
+	    The dictionary parser now emits useful error messages in
+	    case of faults in the input file, also identifying the
+	    line number at which the fault was detected. There are
+	    semantic checks that were missing in the previous parser,
+	    a fault in the interpretation of vendor id's in
+	    combination with @inherits has been fixed and @end can be
+	    used to terminate parsing explicitly instead of always
+	    parsing to end of file.</p>
+          <p>
+	    Own Id: OTP-9639</p>
+        </item>
+        <item>
+          <p>
+	    Improve dictionary reusability.</p>
+          <p>
+	    Reusing a dictionary just to get a different generated
+	    module name or prefix previously required taking a copy
+	    of the source, which may consist of several files if
+	    inheritance is used, just to edit a couple of lines which
+	    don't affect the semantics of the Diameter application
+	    being defined. Options --name, --prefix and --inherits
+	    have been added to diameterc to allow corresponding
+	    values to be set at compile time.</p>
+          <p>
+	    Own Id: OTP-9641</p>
+        </item>
+        <item>
+          <p>
+	    Add capabilities_cb transport option.</p>
+          <p>
+	    Its value is a function that's applied to the transport
+	    reference and capabilities record after capabilities
+	    exchange. If a callback returns anything but 'ok' then
+	    the connection is closed. In the case of an incoming CER,
+	    the callback can return a result code with which to
+	    answer. Multiple callbacks can be specified and are
+	    applied until either all return 'ok' or one doesn't.</p>
+          <p>
+	    This provides a way to reject a peer connection.</p>
+          <p>
+	    Own Id: OTP-9654</p>
+        </item>
+        <item>
+          <p>
+	    Add @codecs to dictionary format.</p>
+          <p>
+	    The semantics are similar to @custom_types but results in
+	    codec functions of the form TypeName(encode|decode,
+	    AvpName, Data) rather than AvpName(encode|decode,
+	    TypeName, Data). That is, the role of the AVP name and
+	    Diameter type name are reversed. This eliminates the need
+	    for exporting one function for each AVP sharing a common
+	    specialized encode/decode.</p>
+          <p>
+	    Own Id: OTP-9708 Aux Id: OTP-9639 </p>
+        </item>
+        <item>
+          <p>
+	    Add #diameter_callback{} for more flexible callback
+	    configuration.</p>
+          <p>
+	    The record allows individual functions to be configured
+	    for each of the diameter_app(3) callbacks, as well as a
+	    default callback.</p>
+          <p>
+	    Own Id: OTP-9777</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Diameter 0.10</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/diameter/examples/GNUmakefile b/lib/diameter/examples/code/GNUmakefile
index 4c3f87939b..a0669119d2 100644
--- a/lib/diameter/examples/GNUmakefile
+++ b/lib/diameter/examples/code/GNUmakefile
@@ -1,19 +1,19 @@
-# 
+#
 # %CopyrightBegin%
-# 
+#
 # Copyright Ericsson AB 2010-2011. All Rights Reserved.
-# 
+#
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
 # compliance with the License. You should have received a copy of the
 # Erlang Public License along with this software. If not, it can be
 # retrieved online at http://www.erlang.org/.
-# 
+#
 # Software distributed under the License is distributed on an "AS IS"
 # basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 # the License for the specific language governing rights and limitations
 # under the License.
-# 
+#
 # %CopyrightEnd%
 #
 
diff --git a/lib/diameter/examples/client.erl b/lib/diameter/examples/code/client.erl
index 36a77dd524..9e65f98de0 100644
--- a/lib/diameter/examples/client.erl
+++ b/lib/diameter/examples/code/client.erl
@@ -112,7 +112,7 @@ cast(Name) ->
                   {'Auth-Application-Id', 0},
                   {'Re-Auth-Request-Type', 1}],
     diameter:call(Name, ?APP_ALIAS, RAR, [detach]).
-    
+
 cast() ->
     cast(?SVC_NAME).
 
diff --git a/lib/diameter/examples/client_cb.erl b/lib/diameter/examples/code/client_cb.erl
index 524a8f94a1..524a8f94a1 100644
--- a/lib/diameter/examples/client_cb.erl
+++ b/lib/diameter/examples/code/client_cb.erl
diff --git a/lib/diameter/examples/peer.erl b/lib/diameter/examples/code/peer.erl
index 89203e15c3..89203e15c3 100644
--- a/lib/diameter/examples/peer.erl
+++ b/lib/diameter/examples/code/peer.erl
diff --git a/lib/diameter/examples/redirect.erl b/lib/diameter/examples/code/redirect.erl
index b54701243f..b54701243f 100644
--- a/lib/diameter/examples/redirect.erl
+++ b/lib/diameter/examples/code/redirect.erl
diff --git a/lib/diameter/examples/redirect_cb.erl b/lib/diameter/examples/code/redirect_cb.erl
index ea7ad38749..ea7ad38749 100644
--- a/lib/diameter/examples/redirect_cb.erl
+++ b/lib/diameter/examples/code/redirect_cb.erl
diff --git a/lib/diameter/examples/relay.erl b/lib/diameter/examples/code/relay.erl
index deecb1cfc0..deecb1cfc0 100644
--- a/lib/diameter/examples/relay.erl
+++ b/lib/diameter/examples/code/relay.erl
diff --git a/lib/diameter/examples/relay_cb.erl b/lib/diameter/examples/code/relay_cb.erl
index 9ed6517d5c..9ed6517d5c 100644
--- a/lib/diameter/examples/relay_cb.erl
+++ b/lib/diameter/examples/code/relay_cb.erl
diff --git a/lib/diameter/examples/sctp.erl b/lib/diameter/examples/code/sctp.erl
index 2e0e9d8b0b..08de023571 100644
--- a/lib/diameter/examples/sctp.erl
+++ b/lib/diameter/examples/code/sctp.erl
@@ -1,3 +1,21 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
 
 -module(sctp).
 
diff --git a/lib/diameter/examples/server.erl b/lib/diameter/examples/code/server.erl
index ebb408e501..ebb408e501 100644
--- a/lib/diameter/examples/server.erl
+++ b/lib/diameter/examples/code/server.erl
diff --git a/lib/diameter/examples/server_cb.erl b/lib/diameter/examples/code/server_cb.erl
index 43b8e24b5c..43b8e24b5c 100644
--- a/lib/diameter/examples/server_cb.erl
+++ b/lib/diameter/examples/code/server_cb.erl
diff --git a/lib/diameter/examples/dict/rfc4004_mip.dia b/lib/diameter/examples/dict/rfc4004_mip.dia
new file mode 100644
index 0000000000..575ad4394a
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4004_mip.dia
@@ -0,0 +1,280 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4004, Diameter Mobile IPv4 Application
+;;
+;; Edits:
+;;
+;; - MIP-nonce  -> MIP-Nonce
+;; - Session-ID -> Session-Id
+;; - Omit MIP-HA-to-MN-SPI, MIP-MN-FA-SPI and MIP-MN-HA-SPI, none of
+;;   which are defined.
+;;
+
+@id 2
+
+@inherits rfc3588_base
+
+;; ===========================================================================
+
+@avp_types
+
+   MIP-Reg-Request                320  OctetString   M
+   MIP-Reg-Reply                  321  OctetString   M
+   MIP-MN-AAA-Auth                322  Grouped       M
+   MIP-Mobile-Node-Address        333  Address       M
+   MIP-Home-Agent-Address         334  Address       M
+   MIP-Candidate-Home-Agent-Host  336  DiamIdent     M
+   MIP-Feature-Vector             337  Unsigned32    M
+   MIP-Auth-Input-Data-Length     338  Unsigned32    M
+   MIP-Authenticator-Length       339  Unsigned32    M
+   MIP-Authenticator-Offset       340  Unsigned32    M
+   MIP-MN-AAA-SPI                 341  Unsigned32    M
+   MIP-Filter-Rule                342  IPFilterRule  M
+   MIP-FA-Challenge               344  OctetString   M
+   MIP-Originating-Foreign-AAA    347  Grouped       M
+   MIP-Home-Agent-Host            348  Grouped       M
+
+   MIP-FA-to-HA-SPI               318  Unsigned32    M
+   MIP-FA-to-MN-SPI               319  Unsigned32    M
+   MIP-HA-to-FA-SPI               323  Unsigned32    M
+   MIP-MN-to-FA-MSA               325  Grouped       M
+   MIP-FA-to-MN-MSA               326  Grouped       M
+   MIP-FA-to-HA-MSA               328  Grouped       M
+   MIP-HA-to-FA-MSA               329  Grouped       M
+   MIP-MN-to-HA-MSA               331  Grouped       M
+   MIP-HA-to-MN-MSA               332  Grouped       M
+   MIP-Nonce                      335  OctetString   M
+   MIP-Session-Key                343  OctetString   M
+   MIP-Algorithm-Type             345  Enumerated    M
+   MIP-Replay-Mode                346  Enumerated    M
+   MIP-MSA-Lifetime               367  Unsigned32    M
+
+;; ===========================================================================
+
+@messages
+
+   ;; 5.1.  AA-Mobile-Node-Request
+
+   AMR ::= < Diameter Header: 260, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { User-Name }
+           { Destination-Realm }
+           { Origin-Host }
+           { Origin-Realm }
+           { MIP-Reg-Request }
+           { MIP-MN-AAA-Auth }
+           [ Acct-Multi-Session-Id ]
+           [ Destination-Host ]
+           [ Origin-State-Id ]
+           [ MIP-Mobile-Node-Address ]
+           [ MIP-Home-Agent-Address ]
+           [ MIP-Feature-Vector ]
+           [ MIP-Originating-Foreign-AAA ]
+           [ Authorization-Lifetime ]
+           [ Auth-Session-State ]
+           [ MIP-FA-Challenge ]
+           [ MIP-Candidate-Home-Agent-Host ]
+           [ MIP-Home-Agent-Host ]
+           [ MIP-HA-to-FA-SPI ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 5.2.  AA-Mobile-Node-Answer
+
+   AMA ::= < Diameter Header: 260, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ Acct-Multi-Session-Id ]
+           [ User-Name ]
+           [ Authorization-Lifetime ]
+           [ Auth-Session-State ]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+           [ Re-Auth-Request-Type ]
+           [ MIP-Feature-Vector ]
+           [ MIP-Reg-Reply ]
+           [ MIP-MN-to-FA-MSA ]
+           [ MIP-MN-to-HA-MSA ]
+           [ MIP-FA-to-MN-MSA ]
+           [ MIP-FA-to-HA-MSA ]
+           [ MIP-HA-to-MN-MSA ]
+           [ MIP-MSA-Lifetime ]
+           [ MIP-Home-Agent-Address ]
+           [ MIP-Mobile-Node-Address ]
+         * [ MIP-Filter-Rule ]
+           [ Origin-State-Id ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+   ;; 5.3.  Home-Agent-MIP-Request
+
+   HAR ::= < Diameter Header: 262, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Authorization-Lifetime }
+           { Auth-Session-State }
+           { MIP-Reg-Request }
+           { Origin-Host }
+           { Origin-Realm }
+           { User-Name }
+           { Destination-Realm }
+           { MIP-Feature-Vector }
+           [ Destination-Host ]
+           [ MIP-MN-to-HA-MSA ]
+           [ MIP-MN-to-FA-MSA ]
+           [ MIP-HA-to-MN-MSA ]
+           [ MIP-HA-to-FA-MSA ]
+           [ MIP-MSA-Lifetime ]
+           [ MIP-Originating-Foreign-AAA ]
+           [ MIP-Mobile-Node-Address ]
+           [ MIP-Home-Agent-Address ]
+         * [ MIP-Filter-Rule ]
+           [ Origin-State-Id ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 5.4.  Home-Agent-MIP-Answer
+
+   HAA ::= < Diameter Header: 262, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ Acct-Multi-Session-Id ]
+           [ User-Name ]
+           [ Error-Reporting-Host ]
+           [ Error-Message ]
+           [ MIP-Reg-Reply ]
+           [ MIP-Home-Agent-Address ]
+           [ MIP-Mobile-Node-Address ]
+           [ MIP-FA-to-HA-SPI ]
+           [ MIP-FA-to-MN-SPI ]
+           [ Origin-State-Id ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+;; ===========================================================================
+
+@grouped
+
+   MIP-MN-AAA-Auth ::= < AVP Header: 322 >
+
+           { MIP-MN-AAA-SPI }
+           { MIP-Auth-Input-Data-Length }
+           { MIP-Authenticator-Length }
+           { MIP-Authenticator-Offset }
+         * [ AVP ]
+
+
+   MIP-Originating-Foreign-AAA ::= < AVP Header: 347 >
+
+           { Origin-Realm }
+           { Origin-Host }
+         * [ AVP ]
+
+   MIP-Home-Agent-Host ::= < AVP Header: 348 >
+
+           { Destination-Realm }
+           { Destination-Host }
+         * [ AVP ]
+
+   MIP-FA-to-MN-MSA ::= < AVP Header: 326 >
+
+           { MIP-FA-to-MN-SPI }
+           { MIP-Algorithm-Type }
+           { MIP-Session-Key }
+         * [ AVP ]
+
+   MIP-FA-to-HA-MSA ::= < AVP Header: 328 >
+
+           { MIP-FA-to-HA-SPI }
+           { MIP-Algorithm-Type }
+           { MIP-Session-Key }
+         * [ AVP ]
+
+   MIP-HA-to-FA-MSA ::= < AVP Header: 329 >
+
+           { MIP-HA-to-FA-SPI   }
+           { MIP-Algorithm-Type }
+           { MIP-Session-Key }
+         * [ AVP ]
+
+   MIP-HA-to-MN-MSA ::= < AVP Header: 332 >
+
+   ;       { MIP-HA-to-MN-SPI   }
+           { MIP-Algorithm-Type }
+           { MIP-Replay-Mode }
+           { MIP-Session-Key }
+         * [ AVP ]
+
+   MIP-MN-to-FA-MSA ::= < AVP Header: 325 >
+
+   ;       { MIP-MN-FA-SPI }
+           { MIP-Algorithm-Type }
+           { MIP-Nonce }
+         * [ AVP ]
+
+   MIP-MN-to-HA-MSA ::= < AVP Header: 331 >
+
+   ;       { MIP-MN-HA-SPI }
+           { MIP-Algorithm-Type }
+           { MIP-Replay-Mode }
+           { MIP-Nonce }
+         * [ AVP ]
+
+;; ===========================================================================
+
+@enum MIP-Algorithm-Type
+
+   HMAC-SHA-1      2
+
+@enum MIP-Replay-Mode
+
+   NONE            1
+   TIMESTAMPS      2
+   NONCES          3
+
+;; ===========================================================================
+
+@define Result-Code
+
+   ;; 6.1.  Transient Failures
+
+   MIP_REPLY_FAILURE              4005
+   HA_NOT_AVAILABLE               4006
+   BAD_KEY                        4007
+   MIP_FILTER_NOT_SUPPORTED       4008
+
+   ;; 6.2.  Permanent Failures
+
+   NO_FOREIGN_HA_SERVICE          5024
+   END_TO_END_MIP_KEY_ENCRYPTION  5025
diff --git a/lib/diameter/examples/dict/rfc4005_nas.dia b/lib/diameter/examples/dict/rfc4005_nas.dia
new file mode 100644
index 0000000000..a4b44e38bb
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4005_nas.dia
@@ -0,0 +1,740 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4005, Diameter Network Access Server Application
+;;
+;; Edits:
+;;
+;; - Acounting-Auth-Method      -> Accounting-Auth-Method
+;; - Connection-Info            -> ConnectInfo
+;; - Framed-Appletalk-Link      -> Framed-AppleTalk-Link
+;; - Framed-Appletalk-Network   -> Framed-AppleTalk-Network
+;; - Framed-Appletalk-Zone      -> Framed-AppleTalk-Zone
+;; - Qos-Filter-Rule            -> QoS-Filter-Rule
+;; - Redirect-Host-Usase        -> Redirect-Host-Usage
+;; - Redirected-Host            -> Redirect-Host
+;; - Redirected-Host-Usage      -> Redirect-Host-Usage
+;; - Redirected-Host-Cache-Time -> Redirect-Max-Cache-Time
+;; - Redirected-Max-Cache-Time  -> Redirect-Max-Cache-Time
+;;
+
+@id 1
+
+@inherits rfc3588_base
+
+;; ===========================================================================
+
+@avp_types
+
+   ;; 4.  NAS Session AVPs
+
+   NAS-Port                           5    Unsigned32    M
+   NAS-Port-Id                       87    UTF8String    M
+   NAS-Port-Type                     61    Enumerated    M
+   Called-Station-Id                 30    UTF8String    M
+   Calling-Station-Id                31    UTF8String    M
+   Connect-Info                      77    UTF8String    M
+   Originating-Line-Info             94   OctetString    -
+   Reply-Message                     18    UTF8String    M
+
+   ;; 5.  NAS Authentication AVPs
+
+   User-Password                      2   OctetString    M
+   Password-Retry                    75    Unsigned32    M
+   Prompt                            76    Enumerated    M
+   CHAP-Auth                        402       Grouped    M
+   CHAP-Algorithm                   403    Enumerated    M
+   CHAP-Ident                       404   OctetString    M
+   CHAP-Response                    405   OctetString    M
+   CHAP-Challenge                    60   OctetString    M
+   ARAP-Password                     70   OctetString    M
+   ARAP-Challenge-Response           84   OctetString    M
+   ARAP-Security                     73    Unsigned32    M
+   ARAP-Security-Data                74   OctetString    M
+
+   ;; 6.  NAS Authorization AVPs
+
+   Service-Type                       6    Enumerated    M
+   Callback-Number                   19    UTF8String    M
+   Callback-Id                       20    UTF8String    M
+   Idle-Timeout                      28    Unsigned32    M
+   Port-Limit                        62    Unsigned32    M
+   NAS-Filter-Rule                  400  IPFilterRule    M
+   Filter-Id                         11    UTF8String    M
+   Configuration-Token               78   OctetString    M
+   QoS-Filter-Rule                  407 QoSFilterRule    -
+   Framed-Protocol                    7    Enumerated    M
+   Framed-Routing                    10    Enumerated    M
+   Framed-MTU                        12    Unsigned32    M
+   Framed-Compression                13    Enumerated    M
+   Framed-IP-Address                  8   OctetString    M
+   Framed-IP-Netmask                  9   OctetString    M
+   Framed-Route                      22    UTF8String    M
+   Framed-Pool                       88   OctetString    M
+   Framed-Interface-Id               96    Unsigned64    M
+   Framed-IPv6-Prefix                97   OctetString    M
+   Framed-IPv6-Route                 99    UTF8String    M
+   Framed-IPv6-Pool                 100   OctetString    M
+   Framed-IPX-Network                23    UTF8String    M
+   Framed-AppleTalk-Link             37    Unsigned32    M
+   Framed-AppleTalk-Network          38    Unsigned32    M
+   Framed-AppleTalk-Zone             39   OctetString    M
+   ARAP-Features                     71   OctetString    M
+   ARAP-Zone-Access                  72    Enumerated    M
+   Login-IP-Host                     14   OctetString    M
+   Login-IPv6-Host                   98   OctetString    M
+   Login-Service                     15    Enumerated    M
+   Login-TCP-Port                    16    Unsigned32    M
+   Login-LAT-Service                 34   OctetString    M
+   Login-LAT-Node                    35   OctetString    M
+   Login-LAT-Group                   36   OctetString    M
+   Login-LAT-Port                    63   OctetString    M
+
+   ;; 7.  NAS Tunneling
+
+   Tunneling                        401       Grouped    M
+   Tunnel-Type                       64    Enumerated    M
+   Tunnel-Medium-Type                65    Enumerated    M
+   Tunnel-Client-Endpoint            66    UTF8String    M
+   Tunnel-Server-Endpoint            67    UTF8String    M
+   Tunnel-Password                   69   OctetString    M
+   Tunnel-Private-Group-Id           81   OctetString    M
+   Tunnel-Assignment-Id              82   OctetString    M
+   Tunnel-Preference                 83    Unsigned32    M
+   Tunnel-Client-Auth-Id             90    UTF8String    M
+   Tunnel-Server-Auth-Id             91    UTF8String    M
+
+   ;; 8.  NAS Accounting
+
+   Accounting-Input-Octets          363    Unsigned64    M
+   Accounting-Output-Octets         364    Unsigned64    M
+   Accounting-Input-Packets         365    Unsigned64    M
+   Accounting-Output-Packets        366    Unsigned64    M
+   Acct-Session-Time                 46    Unsigned32    M
+   Acct-Authentic                    45    Enumerated    M
+   Accounting-Auth-Method           406    Enumerated    M
+   Acct-Delay-Time                   41    Unsigned32    M
+   Acct-Link-Count                   51    Unsigned32    M
+   Acct-Tunnel-Connection            68   OctetString    M
+   Acct-Tunnel-Packets-Lost          86    Unsigned32    M
+
+   ;; 9.3.  AVPs Used Only for Compatibility
+
+   NAS-Identifier                    32    UTF8String    M
+   NAS-IP-Address                     4   OctetString    M
+   NAS-IPv6-Address                  95   OctetString    M
+   State                             24   OctetString    M
+ ;;Termination-Cause                295    Enumerated    M
+   Origin-AAA-Protocol              408    Enumerated    M
+
+;; ===========================================================================
+
+@messages
+
+   AAR ::= < Diameter Header: 265, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Auth-Request-Type }
+           [ Destination-Host ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ Port-Limit ]
+           [ User-Name ]
+           [ User-Password ]
+           [ Service-Type ]
+           [ State ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Auth-Session-State ]
+           [ Callback-Number ]
+           [ Called-Station-Id ]
+           [ Calling-Station-Id ]
+           [ Originating-Line-Info ]
+           [ Connect-Info ]
+           [ CHAP-Auth ]
+           [ CHAP-Challenge ]
+         * [ Framed-Compression ]
+           [ Framed-Interface-Id ]
+           [ Framed-IP-Address ]
+         * [ Framed-IPv6-Prefix ]
+           [ Framed-IP-Netmask ]
+           [ Framed-MTU ]
+           [ Framed-Protocol ]
+           [ ARAP-Password ]
+           [ ARAP-Security ]
+         * [ ARAP-Security-Data ]
+         * [ Login-IP-Host ]
+         * [ Login-IPv6-Host ]
+           [ Login-LAT-Group ]
+           [ Login-LAT-Node ]
+           [ Login-LAT-Port ]
+           [ Login-LAT-Service ]
+         * [ Tunneling ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   AAA ::= < Diameter Header: 265, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Request-Type }
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ User-Name ]
+           [ Service-Type ]
+         * [ Class ]
+         * [ Configuration-Token ]
+           [ Acct-Interim-Interval ]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+         * [ Failed-AVP ]
+           [ Idle-Timeout ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Auth-Session-State ]
+           [ Re-Auth-Request-Type ]
+           [ Multi-Round-Time-Out ]
+           [ Session-Timeout ]
+           [ State ]
+         * [ Reply-Message ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+         * [ Filter-Id ]
+           [ Password-Retry ]
+           [ Port-Limit ]
+           [ Prompt ]
+           [ ARAP-Challenge-Response ]
+           [ ARAP-Features ]
+           [ ARAP-Security ]
+         * [ ARAP-Security-Data ]
+           [ ARAP-Zone-Access ]
+           [ Callback-Id ]
+           [ Callback-Number ]
+           [ Framed-AppleTalk-Link ]
+         * [ Framed-AppleTalk-Network ]
+           [ Framed-AppleTalk-Zone ]
+         * [ Framed-Compression ]
+           [ Framed-Interface-Id ]
+           [ Framed-IP-Address ]
+         * [ Framed-IPv6-Prefix ]
+           [ Framed-IPv6-Pool ]
+         * [ Framed-IPv6-Route ]
+           [ Framed-IP-Netmask ]
+         * [ Framed-Route ]
+           [ Framed-Pool ]
+           [ Framed-IPX-Network ]
+           [ Framed-MTU ]
+           [ Framed-Protocol ]
+           [ Framed-Routing ]
+         * [ Login-IP-Host ]
+         * [ Login-IPv6-Host ]
+           [ Login-LAT-Group ]
+           [ Login-LAT-Node ]
+           [ Login-LAT-Port ]
+           [ Login-LAT-Service ]
+           [ Login-Service ]
+           [ Login-TCP-Port ]
+         * [ NAS-Filter-Rule ]
+         * [ QoS-Filter-Rule ]
+         * [ Tunneling ]
+         * [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+   RAR ::= < Diameter Header: 258, REQ, PXY >
+
+           < Session-Id >
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Destination-Host }
+           { Auth-Application-Id }
+           { Re-Auth-Request-Type }
+           [ User-Name ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+           [ Service-Type ]
+           [ Framed-IP-Address ]
+           [ Framed-IPv6-Prefix ]
+           [ Framed-Interface-Id ]
+           [ Called-Station-Id ]
+           [ Calling-Station-Id ]
+           [ Originating-Line-Info ]
+           [ Acct-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ State ]
+         * [ Class ]
+           [ Reply-Message ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   RAA ::= < Diameter Header: 258, PXY >
+
+           < Session-Id >
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ User-Name ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+         * [ Failed-AVP ]
+         * [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+           [ Service-Type ]
+         * [ Configuration-Token ]
+           [ Idle-Timeout ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Re-Auth-Request-Type ]
+           [ State ]
+         * [ Class ]
+         * [ Reply-Message ]
+           [ Prompt ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+   STR ::= < Diameter Header: 275, REQ, PXY >
+
+           < Session-Id >
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Auth-Application-Id }
+           { Termination-Cause }
+           [ User-Name ]
+           [ Destination-Host ]
+         * [ Class ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   STA ::= < Diameter Header: 275, PXY >
+
+           < Session-Id >
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ User-Name ]
+         * [ Class ]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+         * [ Failed-AVP ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+         * [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+   ASR ::= < Diameter Header: 274, REQ, PXY >
+
+           < Session-Id >
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Destination-Host }
+           { Auth-Application-Id }
+           [ User-Name ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+           [ Service-Type ]
+           [ Framed-IP-Address ]
+           [ Framed-IPv6-Prefix ]
+           [ Framed-Interface-Id ]
+           [ Called-Station-Id ]
+           [ Calling-Station-Id ]
+           [ Originating-Line-Info ]
+           [ Acct-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ State ]
+         * [ Class ]
+         * [ Reply-Message ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ASA ::= < Diameter Header: 274, PXY >
+
+           < Session-Id >
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ User-Name ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ State]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+         * [ Failed-AVP ]
+         * [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+   ACR ::= < Diameter Header: 271, REQ, PXY >
+
+           < Session-Id >
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Accounting-Record-Type }
+           { Accounting-Record-Number }
+           [ Acct-Application-Id ]
+           [ Vendor-Specific-Application-Id ]
+           [ User-Name ]
+           [ Accounting-Sub-Session-Id ]
+           [ Acct-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ Destination-Host ]
+           [ Event-Timestamp ]
+           [ Acct-Delay-Time ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+         * [ Class ]
+           [ Service-Type ]
+           [ Termination-Cause ]
+           [ Accounting-Input-Octets ]
+           [ Accounting-Input-Packets ]
+           [ Accounting-Output-Octets ]
+           [ Accounting-Output-Packets ]
+           [ Acct-Authentic ]
+           [ Accounting-Auth-Method ]
+           [ Acct-Link-Count ]
+           [ Acct-Session-Time ]
+           [ Acct-Tunnel-Connection ]
+           [ Acct-Tunnel-Packets-Lost ]
+           [ Callback-Id ]
+           [ Callback-Number ]
+           [ Called-Station-Id ]
+           [ Calling-Station-Id ]
+         * [ Connect-Info ]
+           [ Originating-Line-Info ]
+           [ Authorization-Lifetime ]
+           [ Session-Timeout ]
+           [ Idle-Timeout ]
+           [ Port-Limit ]
+           [ Accounting-Realtime-Required ]
+           [ Acct-Interim-Interval ]
+         * [ Filter-Id ]
+         * [ NAS-Filter-Rule ]
+         * [ QoS-Filter-Rule ]
+           [ Framed-AppleTalk-Link ]
+           [ Framed-AppleTalk-Network ]
+           [ Framed-AppleTalk-Zone ]
+           [ Framed-Compression ]
+           [ Framed-Interface-Id ]
+           [ Framed-IP-Address ]
+           [ Framed-IP-Netmask ]
+         * [ Framed-IPv6-Prefix ]
+           [ Framed-IPv6-Pool ]
+         * [ Framed-IPv6-Route ]
+           [ Framed-IPX-Network ]
+           [ Framed-MTU ]
+           [ Framed-Pool ]
+           [ Framed-Protocol ]
+         * [ Framed-Route ]
+           [ Framed-Routing ]
+         * [ Login-IP-Host ]
+         * [ Login-IPv6-Host ]
+           [ Login-LAT-Group ]
+           [ Login-LAT-Node ]
+           [ Login-LAT-Port ]
+           [ Login-LAT-Service ]
+           [ Login-Service ]
+           [ Login-TCP-Port ]
+         * [ Tunneling ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ACA ::= < Diameter Header: 271, PXY >
+
+           < Session-Id >
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           { Accounting-Record-Type }
+           { Accounting-Record-Number }
+           [ Acct-Application-Id ]
+           [ Vendor-Specific-Application-Id ]
+           [ User-Name ]
+           [ Accounting-Sub-Session-Id ]
+           [ Acct-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ Event-Timestamp ]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+         * [ Failed-AVP ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+           [ Service-Type ]
+           [ Termination-Cause ]
+           [ Accounting-Realtime-Required ]
+           [ Acct-Interim-Interval ]
+         * [ Class ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+;; ===========================================================================
+
+@grouped
+
+   CHAP-Auth ::= < AVP Header: 402 >
+
+           { CHAP-Algorithm }
+           { CHAP-Ident }
+           [ CHAP-Response ]
+         * [ AVP ]
+
+   Tunneling ::= < AVP Header: 401 >
+
+           { Tunnel-Type }
+           { Tunnel-Medium-Type }
+           { Tunnel-Client-Endpoint }
+           { Tunnel-Server-Endpoint }
+           [ Tunnel-Preference ]
+           [ Tunnel-Client-Auth-Id ]
+           [ Tunnel-Server-Auth-Id ]
+           [ Tunnel-Assignment-Id ]
+           [ Tunnel-Password ]
+           [ Tunnel-Private-Group-Id ]
+
+;; ===========================================================================
+
+@enum NAS-Port-Type
+
+   ASYNC                          0
+   SYNC                           1
+   ISDN_SYNC                      2
+   ISDN_ASYNC_V120                3
+   ISDN_ASYNC_V110                4
+   VIRTUAL                        5
+   PIAFS                          6
+   HDLC_CLEAR_CHANNEL             7
+   X25                            8
+   X75                            9
+   G3FAX                         10
+   SDSL                          11
+   ADSL-CAP                      12
+   ADSL-DMT                      13
+   IDSL                          14
+   ETHERNET                      15
+   XDSL                          16
+   CABLE                         17
+   WIRELESS_OTHER                18
+  'WIRELESS_802.11'              19
+   TOKEN-RING                    20
+   FDDI                          21
+   WIRELESS_CDMA2000             22
+   WIRELESS_UMTS                 23
+   WIRELESS_1X-EV                24
+   IAPP                          25
+
+@enum Prompt
+
+   NO_ECHO                        0
+   ECHO                           1
+
+@enum CHAP-Algorithm
+
+   WITH_MD5                       5
+
+@enum Service-Type
+
+   LOGIN                          1
+   FRAMED                         2
+   CALLBACK_LOGIN                 3
+   CALLBACK_FRAMED                4
+   OUTBOUND                       5
+   ADMINISTRATIVE                 6
+   NAS_PROMPT                     7
+   AUTHENTICATE_ONLY              8
+   CALLBACK_NAS_PROMPT            9
+   CALL_CHECK                    10
+   CALLBACK_ADMINISTRATIVE       11
+   VOICE                         12
+   FAX                           13
+   MODEM_RELAY                   14
+   IAPP-REGISTER                 15
+   IAPP-AP-CHECK                 16
+   AUTHORIZE_ONLY                17
+
+@enum Framed-Protocol
+
+   PPP                            1
+   SLIP                           2
+   ARAP                           3
+   GANDALF                        4
+   XYLOGICS                       5
+   X75                            6
+
+@enum Framed-Routing
+
+   NONE                           0
+   SEND                           1
+   LISTEN                         2
+   SEND_AND_LISTEN                3
+
+@enum Framed-Compression
+
+   NONE                           0
+   VJ                             1
+   IPX                            2
+   STAC-LZS                       3
+
+@enum ARAP-Zone-Access
+
+   DEFAULT                        1
+   FILTER_INCLUSIVELY             2
+   FILTER_EXCLUSIVELY             4
+
+@enum Login-Service
+
+   TELNET                         0
+   RLOGIN                         1
+   TCP_CLEAR                      2
+   PORTMASTER                     3
+   LAT                            4
+   X25-PAD                        5
+   X25-T3POS                      6
+   TCP_CLEAR_QUIET                8
+
+@enum Tunnel-Type
+
+   PPTP                           1
+   L2F                            2
+   L2TP                           3
+   ATMP                           4
+   VTP                            5
+   AH                             6
+   IP-IP                          7
+   MIN-IP-IP                      8
+   ESP                            9
+   GRE                           10
+   DVS                           11
+   IP-IN-IP                      12
+   VLAN                          13
+
+@enum Tunnel-Medium-Type
+
+   IPV4                           1
+   IPV6                           2
+   NSAP                           3
+   HDLC                           4
+   BBN_1822                       5
+  '802'                           6
+   E163                           7
+   E164                           8
+   F69                            9
+   X121                          10
+   IPX                           11
+   APPLETALK                     12
+   DECNET_IV                     13
+   BANYAN_VINES                  14
+   E164_NSAP                     15
+
+
+@enum Acct-Authentic
+
+   RADIUS                         1
+   LOCAL                          2
+   REMOTE                         3
+   DIAMETER                       4
+
+@enum Accounting-Auth-Method
+
+   PAP                            1
+   CHAP                           2
+   MS-CHAP-1                      3
+   MS-CHAP-2                      4
+   EAP                            5
+   NONE                           7
+
+@enum Termination-Cause
+
+   USER_REQUEST                  11
+   LOST_CARRIER                  12
+   LOST_SERVICE                  13
+   IDLE_TIMEOUT                  14
+   SESSION_TIMEOUT               15
+   ADMIN_RESET                   16
+   ADMIN_REBOOT                  17
+   PORT_ERROR                    18
+   NAS_ERROR                     19
+   NAS_REQUEST                   20
+   NAS_REBOOT                    21
+   PORT_UNNEEDED                 22
+   PORT_PREEMPTED                23
+   PORT_SUSPENDED                24
+   SERVICE_UNAVAILABLE           25
+   CALLBACK                      26
+   USER_ERROR                    27
+   HOST_REQUEST                  28
+   SUPPLICANT_RESTART            29
+   REAUTHORIZATION_FAILURE       30
+   PORT_REINIT                   31
+   PORT_DISABLED                 32
diff --git a/lib/diameter/examples/dict/rfc4006_cc.dia b/lib/diameter/examples/dict/rfc4006_cc.dia
new file mode 100644
index 0000000000..b723e4ddbb
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4006_cc.dia
@@ -0,0 +1,349 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4006, Diameter Credit-Control Application
+;;
+
+@id 4
+
+@inherits rfc3588_base
+@inherits rfc4005_nas  Filter-Id
+
+;; ===========================================================================
+
+@avp_types
+
+   CC-Correlation-Id                 411    OctetString   -
+   CC-Input-Octets                   412    Unsigned64    M
+   CC-Money                          413    Grouped       M
+   CC-Output-Octets                  414    Unsigned64    M
+   CC-Request-Number                 415    Unsigned32    M
+   CC-Request-Type                   416    Enumerated    M
+   CC-Service-Specific-Units         417    Unsigned64    M
+   CC-Session-Failover               418    Enumerated    M
+   CC-Sub-Session-Id                 419    Unsigned64    M
+   CC-Time                           420    Unsigned32    M
+   CC-Total-Octets                   421    Unsigned64    M
+   CC-Unit-Type                      454    Enumerated    M
+   Check-Balance-Result              422    Enumerated    M
+   Cost-Information                  423    Grouped       M
+   Cost-Unit                         424    UTF8String    M
+   Credit-Control                    426    Enumerated    M
+   Credit-Control-Failure-Handling   427    Enumerated    M
+   Currency-Code                     425    Unsigned32    M
+   Direct-Debiting-Failure-Handling  428    Enumerated    M
+   Exponent                          429    Integer32     M
+   Final-Unit-Action                 449    Enumerated    M
+   Final-Unit-Indication             430    Grouped       M
+   Granted-Service-Unit              431    Grouped       M
+   G-S-U-Pool-Identifier             453    Unsigned32    M
+   G-S-U-Pool-Reference              457    Grouped       M
+   Multiple-Services-Credit-Control  456    Grouped       M
+   Multiple-Services-Indicator       455    Enumerated    M
+   Rating-Group                      432    Unsigned32    M
+   Redirect-Address-Type             433    Enumerated    M
+   Redirect-Server                   434    Grouped       M
+   Redirect-Server-Address           435    UTF8String    M
+   Requested-Action                  436    Enumerated    M
+   Requested-Service-Unit            437    Grouped       M
+   Restriction-Filter-Rule           438    IPFilterRule  M
+   Service-Context-Id                461    UTF8String    M
+   Service-Identifier                439    Unsigned32    M
+   Service-Parameter-Info            440    Grouped       -
+   Service-Parameter-Type            441    Unsigned32    -
+   Service-Parameter-Value           442    OctetString   -
+   Subscription-Id                   443    Grouped       M
+   Subscription-Id-Data              444    UTF8String    M
+   Subscription-Id-Type              450    Enumerated    M
+   Tariff-Change-Usage               452    Enumerated    M
+   Tariff-Time-Change                451    Time          M
+   Unit-Value                        445    Grouped       M
+   Used-Service-Unit                 446    Grouped       M
+   User-Equipment-Info               458    Grouped       -
+   User-Equipment-Info-Type          459    Enumerated    -
+   User-Equipment-Info-Value         460    OctetString   -
+   Value-Digits                      447    Integer64     M
+   Validity-Time                     448    Unsigned32    M
+
+;; ===========================================================================
+
+@messages
+
+   CCR ::= < Diameter Header: 272, REQ, PXY >
+
+           < Session-Id >
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Auth-Application-Id }
+           { Service-Context-Id }
+           { CC-Request-Type }
+           { CC-Request-Number }
+           [ Destination-Host ]
+           [ User-Name ]
+           [ CC-Sub-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ Origin-State-Id ]
+           [ Event-Timestamp ]
+         * [ Subscription-Id ]
+           [ Service-Identifier ]
+           [ Termination-Cause ]
+           [ Requested-Service-Unit ]
+           [ Requested-Action ]
+         * [ Used-Service-Unit ]
+           [ Multiple-Services-Indicator ]
+         * [ Multiple-Services-Credit-Control ]
+         * [ Service-Parameter-Info ]
+           [ CC-Correlation-Id ]
+           [ User-Equipment-Info ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   CCA ::= < Diameter Header: 272, PXY >
+
+           < Session-Id >
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           { Auth-Application-Id }
+           { CC-Request-Type }
+           { CC-Request-Number }
+           [ User-Name ]
+           [ CC-Session-Failover ]
+           [ CC-Sub-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ Origin-State-Id ]
+           [ Event-Timestamp ]
+           [ Granted-Service-Unit ]
+         * [ Multiple-Services-Credit-Control ]
+           [ Cost-Information]
+           [ Final-Unit-Indication ]
+           [ Check-Balance-Result ]
+           [ Credit-Control-Failure-Handling ]
+           [ Direct-Debiting-Failure-Handling ]
+           [ Validity-Time]
+         * [ Redirect-Host]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ Failed-AVP ]
+         * [ AVP ]
+
+;; ===========================================================================
+
+@grouped
+
+   Cost-Information ::= < AVP Header: 423 >
+
+           { Unit-Value }
+           { Currency-Code }
+           [ Cost-Unit ]
+
+   Unit-Value ::= < AVP Header: 445 >
+
+           { Value-Digits }
+           [ Exponent ]
+
+   Multiple-Services-Credit-Control ::= < AVP Header: 456 >
+
+           [ Granted-Service-Unit ]
+           [ Requested-Service-Unit ]
+         * [ Used-Service-Unit ]
+           [ Tariff-Change-Usage ]
+         * [ Service-Identifier ]
+           [ Rating-Group ]
+         * [ G-S-U-Pool-Reference ]
+           [ Validity-Time ]
+           [ Result-Code ]
+           [ Final-Unit-Indication ]
+         * [ AVP ]
+
+   Granted-Service-Unit ::= < AVP Header: 431 >
+
+           [ Tariff-Time-Change ]
+           [ CC-Time ]
+           [ CC-Money ]
+           [ CC-Total-Octets ]
+           [ CC-Input-Octets ]
+           [ CC-Output-Octets ]
+           [ CC-Service-Specific-Units ]
+         * [ AVP ]
+
+   Requested-Service-Unit ::= < AVP Header: 437 >
+
+           [ CC-Time ]
+           [ CC-Money ]
+           [ CC-Total-Octets ]
+           [ CC-Input-Octets ]
+           [ CC-Output-Octets ]
+           [ CC-Service-Specific-Units ]
+         * [ AVP ]
+
+   Used-Service-Unit ::= < AVP Header: 446 >
+
+           [ Tariff-Change-Usage ]
+           [ CC-Time ]
+           [ CC-Money ]
+           [ CC-Total-Octets ]
+           [ CC-Input-Octets ]
+           [ CC-Output-Octets ]
+           [ CC-Service-Specific-Units ]
+         * [ AVP ]
+
+   CC-Money ::= < AVP Header: 413 >
+
+           { Unit-Value }
+           [ Currency-Code ]
+
+   G-S-U-Pool-Reference ::= < AVP Header: 457 >
+
+           { G-S-U-Pool-Identifier }
+           { CC-Unit-Type }
+           { Unit-Value }
+
+   Final-Unit-Indication ::= < AVP Header: 430 >
+
+           { Final-Unit-Action }
+         * [ Restriction-Filter-Rule ]
+         * [ Filter-Id ]
+           [ Redirect-Server ]
+
+   Redirect-Server ::= < AVP Header: 434 >
+
+           { Redirect-Address-Type }
+           { Redirect-Server-Address }
+
+   Service-Parameter-Info ::= < AVP Header: 440 >
+
+           { Service-Parameter-Type }
+           { Service-Parameter-Value }
+
+   Subscription-Id ::= < AVP Header: 443 >
+
+           { Subscription-Id-Type }
+           { Subscription-Id-Data }
+
+   User-Equipment-Info ::= < AVP Header: 458 >
+
+           { User-Equipment-Info-Type }
+           { User-Equipment-Info-Value }
+
+;; ===========================================================================
+
+@enum CC-Request-Type
+
+   INITIAL_REQUEST                 1
+   UPDATE_REQUEST                  2
+   TERMINATION_REQUEST             3
+   EVENT_REQUEST                   4
+
+@enum CC-Session-Failover
+
+   NOT_SUPPORTED                   0
+   SUPPORTED                       1
+
+@enum Check-Balance-Result
+
+   ENOUGH_CREDIT                   0
+   NO_CREDIT                       1
+
+@enum Credit-Control
+
+   AUTHORIZATION                   0
+   RE_AUTHORIZATION                1
+
+@enum Credit-Control-Failure-Handling
+
+   TERMINATE                       0
+   CONTINUE                        1
+   RETRY_AND_TERMINATE             2
+
+@enum Direct-Debiting-Failure-Handling
+
+   TERMINATE_OR_BUFFER             0
+   CONTINUE                        1
+
+@enum Tariff-Change-Usage
+
+   UNIT_BEFORE_TARIFF_CHANGE       0
+   UNIT_AFTER_TARIFF_CHANGE        1
+   UNIT_INDETERMINATE              2
+
+@enum CC-Unit-Type
+
+   TIME                            0
+   MONEY                           1
+   TOTAL-OCTETS                    2
+   INPUT-OCTETS                    3
+   OUTPUT-OCTETS                   4
+   SERVICE-SPECIFIC-UNITS          5
+
+@enum Final-Unit-Action
+
+   TERMINATE                       0
+   REDIRECT                        1
+   RESTRICT_ACCESS                 2
+
+@enum Redirect-Address-Type
+
+   IPV4                            0
+   IPV6                            1
+   URL                             2
+   SIP_URI                         3
+
+@enum Multiple-Services-Indicator
+
+   NOT_SUPPORTED                   0
+   SUPPORTED                       1
+
+@enum Requested-Action
+
+   DIRECT_DEBITING                 0
+   REFUND_ACCOUNT                  1
+   CHECK_BALANCE                   2
+   PRICE_ENQUIRY                   3
+
+@enum Subscription-Id-Type
+
+   END_USER_E164                   0
+   END_USER_IMSI                   1
+   END_USER_SIP_URI                2
+   END_USER_NAI                    3
+   END_USER_PRIVATE                4
+
+@enum User-Equipment-Info-Type
+
+   IMEISV                          0
+   MAC                             1
+   EUI64                           2
+   MODIFIED_EUI64                  3
+
+;; ===========================================================================
+
+@define Result-Code
+
+   END_USER_SERVICE_DENIED         4010
+   CREDIT_CONTROL_NOT_APPLICABLE   4011
+   CREDIT_LIMIT_REACHED            4012
+
+   USER_UNKNOWN                    5030
+   RATING_FAILED                   5031
diff --git a/lib/diameter/examples/dict/rfc4072_eap.dia b/lib/diameter/examples/dict/rfc4072_eap.dia
new file mode 100644
index 0000000000..111516b347
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4072_eap.dia
@@ -0,0 +1,150 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4072, Diameter Extensible Authentication Protocol (EAP) Application
+;;
+;; Edits:
+;;
+;; - Move EAP-Payload to not break fixed/required/optional order
+;; - Framed-Appletalk-Link    -> Framed-AppleTalk-Link
+;; - Framed-Appletalk-Network -> Framed-AppleTalk-Network
+;; - Framed-Appletalk-Zone    -> Framed-AppleTalk-Zone
+;;
+
+@id 5
+
+@inherits rfc3588_base
+@inherits rfc4005_nas
+
+;; ===========================================================================
+
+@avp_types
+
+   EAP-Master-Session-Key           464   OctetString    -
+   EAP-Key-Name                     102   OctetString    -
+   EAP-Payload                      462   OctetString    -
+   EAP-Reissued-Payload             463   OctetString    -
+   Accounting-EAP-Auth-Method       465    Unsigned64    -
+
+;; ===========================================================================
+
+@messages
+
+   DER ::= < Diameter Header: 268, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Auth-Request-Type }
+           { EAP-Payload }
+           [ Destination-Host ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+           [ Origin-State-Id ]
+           [ Port-Limit ]
+           [ User-Name ]
+           [ EAP-Key-Name ]
+           [ Service-Type ]
+           [ State ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Auth-Session-State ]
+           [ Callback-Number ]
+           [ Called-Station-Id ]
+           [ Calling-Station-Id ]
+           [ Originating-Line-Info ]
+           [ Connect-Info ]
+         * [ Framed-Compression ]
+           [ Framed-Interface-Id ]
+           [ Framed-IP-Address ]
+         * [ Framed-IPv6-Prefix ]
+           [ Framed-IP-Netmask ]
+           [ Framed-MTU ]
+           [ Framed-Protocol ]
+         * [ Tunneling ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   DEA ::= < Diameter Header: 268, PXY >
+
+          < Session-Id >
+          { Auth-Application-Id }
+          { Auth-Request-Type }
+          { Result-Code }
+          { Origin-Host }
+          { Origin-Realm }
+          [ User-Name ]
+          [ EAP-Payload ]
+          [ EAP-Reissued-Payload ]
+          [ EAP-Master-Session-Key ]
+          [ EAP-Key-Name ]
+          [ Multi-Round-Time-Out ]
+          [ Accounting-EAP-Auth-Method ]
+          [ Service-Type ]
+        * [ Class ]
+        * [ Configuration-Token ]
+          [ Acct-Interim-Interval ]
+          [ Error-Message ]
+          [ Error-Reporting-Host ]
+        * [ Failed-AVP ]
+          [ Idle-Timeout ]
+          [ Authorization-Lifetime ]
+          [ Auth-Grace-Period ]
+          [ Auth-Session-State ]
+          [ Re-Auth-Request-Type ]
+          [ Session-Timeout ]
+          [ State ]
+        * [ Reply-Message ]
+          [ Origin-State-Id ]
+        * [ Filter-Id ]
+          [ Port-Limit ]
+          [ Callback-Id ]
+          [ Callback-Number ]
+          [ Framed-AppleTalk-Link ]
+        * [ Framed-AppleTalk-Network ]
+          [ Framed-AppleTalk-Zone ]
+        * [ Framed-Compression ]
+          [ Framed-Interface-Id ]
+          [ Framed-IP-Address ]
+        * [ Framed-IPv6-Prefix ]
+          [ Framed-IPv6-Pool ]
+        * [ Framed-IPv6-Route ]
+          [ Framed-IP-Netmask ]
+        * [ Framed-Route ]
+          [ Framed-Pool ]
+          [ Framed-IPX-Network ]
+          [ Framed-MTU ]
+          [ Framed-Protocol ]
+          [ Framed-Routing ]
+        * [ NAS-Filter-Rule ]
+        * [ QoS-Filter-Rule ]
+        * [ Tunneling ]
+        * [ Redirect-Host ]
+          [ Redirect-Host-Usage ]
+          [ Redirect-Max-Cache-Time ]
+        * [ Proxy-Info ]
+        * [ AVP ]
diff --git a/lib/diameter/examples/dict/rfc4590_digest.dia b/lib/diameter/examples/dict/rfc4590_digest.dia
new file mode 100644
index 0000000000..a4ebe0c456
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4590_digest.dia
@@ -0,0 +1,45 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4590, RADIUS Extension for Digest Authentication
+;;
+
+@avp_types
+
+   Digest-Response          103  OctetString  -
+   Digest-Realm             104  OctetString  -
+   Digest-Nonce             105  OctetString  -
+   Digest-Response-Auth     106  OctetString  -
+   Digest-Nextnonce         107  OctetString  -
+   Digest-Method            108  OctetString  -
+   Digest-URI               109  OctetString  -
+   Digest-Qop               110  OctetString  -
+   Digest-Algorithm         111  OctetString  -
+   Digest-Entity-Body-Hash  112  OctetString  -
+   Digest-CNonce            113  OctetString  -
+   Digest-Nonce-Count       114  OctetString  -
+   Digest-Username          115  OctetString  -
+   Digest-Opaque            116  OctetString  -
+   Digest-Auth-Param        117  OctetString  -
+   Digest-AKA-Auts          118  OctetString  -
+   Digest-Domain            119  OctetString  -
+   Digest-Stale             120  OctetString  -
+   Digest-HA1               121  OctetString  -
+   SIP-AOR                  122  OctetString  -
diff --git a/lib/diameter/examples/dict/rfc4740_sip.dia b/lib/diameter/examples/dict/rfc4740_sip.dia
new file mode 100644
index 0000000000..8c21882649
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4740_sip.dia
@@ -0,0 +1,446 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4740, Diameter Session Initiation Protocol (SIP) Application
+;;
+
+@id 6
+
+@inherits rfc3588_base
+@inherits rfc4590_digest
+
+;; ===========================================================================
+
+@avp_types
+
+    SIP-Accounting-Information          368  Grouped      M
+    SIP-Accounting-Server-URI           369  DiameterURI  M
+    SIP-Credit-Control-Server-URI       370  DiameterURI  M
+    SIP-Server-URI                      371  UTF8String   M
+    SIP-Server-Capabilities             372  Grouped      M
+    SIP-Mandatory-Capability            373  Unsigned32   M
+    SIP-Optional-Capability             374  Unsigned32   M
+    SIP-Server-Assignment-Type          375  Enumerated   M
+    SIP-Auth-Data-Item                  376  Grouped      M
+    SIP-Authentication-Scheme           377  Enumerated   M
+    SIP-Item-Number                     378  Unsigned32   M
+    SIP-Authenticate                    379  Grouped      M
+    SIP-Authorization                   380  Grouped      M
+    SIP-Authentication-Info             381  Grouped      M
+    SIP-Number-Auth-Items               382  Unsigned32   M
+    SIP-Deregistration-Reason           383  Grouped      M
+    SIP-Reason-Code                     384  Enumerated   M
+    SIP-Reason-Info                     385  UTF8String   M
+    SIP-Visited-Network-Id              386  UTF8String   M
+    SIP-User-Authorization-Type         387  Enumerated   M
+    SIP-Supported-User-Data-Type        388  UTF8String   M
+    SIP-User-Data                       389  Grouped      M
+    SIP-User-Data-Type                  390  UTF8String   M
+    SIP-User-Data-Contents              391  OctetString  M
+    SIP-User-Data-Already-Available     392  Enumerated   M
+    SIP-Method                          393  UTF8String   M
+
+;; ===========================================================================
+
+@messages
+
+   ;; 8.1.  User-Authorization-Request
+
+   UAR ::= < Diameter Header: 283, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { SIP-AOR }
+           [ Destination-Host ]
+           [ User-Name ]
+           [ SIP-Visited-Network-Id ]
+           [ SIP-User-Authorization-Type ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.2.  User-Authorization-Answer
+
+   UAA ::= < Diameter Header: 283, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ SIP-Server-URI ]
+           [ SIP-Server-Capabilities ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.3.  Server-Assignment-Request
+
+   SAR ::= < Diameter Header: 284, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { SIP-Server-Assignment-Type }
+           { SIP-User-Data-Already-Available }
+           [ Destination-Host ]
+           [ User-Name ]
+           [ SIP-Server-URI ]
+         * [ SIP-Supported-User-Data-Type ]
+         * [ SIP-AOR ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.4.  Server-Assignment-Answer
+
+   SAA ::= < Diameter Header: 284, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+         * [ SIP-User-Data ]
+           [ SIP-Accounting-Information ]
+         * [ SIP-Supported-User-Data-Type ]
+           [ User-Name ]
+           [ Auth-Grace-Period ]
+           [ Authorization-Lifetime ]
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.5.  Location-Info-Request
+
+  LIR ::= < Diameter Header: 285, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { SIP-AOR }
+           [ Destination-Host ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.6.  Location-Info-Answer
+
+   LIA ::= < Diameter Header: 285, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           [ SIP-Server-URI ]
+           [ SIP-Server-Capabilities ]
+           [ Auth-Grace-Period ]
+           [ Authorization-Lifetime ]
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.7.  Multimedia-Auth-Request
+
+   MAR ::= < Diameter Header: 286, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { SIP-AOR }
+           { SIP-Method }
+           [ Destination-Host ]
+           [ User-Name ]
+           [ SIP-Server-URI ]
+           [ SIP-Number-Auth-Items ]
+           [ SIP-Auth-Data-Item ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.8.  Multimedia-Auth-Answer
+
+   MAA ::= < Diameter Header: 286, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           [ User-Name ]
+           [ SIP-AOR ]
+           [ SIP-Number-Auth-Items ]
+         * [ SIP-Auth-Data-Item ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.9.  Registration-Termination-Request
+
+   RTR ::= < Diameter Header: 287, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Host }
+           { SIP-Deregistration-Reason }
+           [ Destination-Realm ]
+           [ User-Name ]
+         * [ SIP-AOR ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.10.  Registration-Termination-Answer
+
+   RTA ::= < Diameter Header: 287, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.11.  Push-Profile-Request
+
+   PPR ::= < Diameter Header: 288, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { User-Name }
+         * [ SIP-User-Data ]
+           [ SIP-Accounting-Information ]
+           [ Destination-Host ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.12.  Push-Profile-Answer
+
+   PPA ::= < Diameter Header: 288, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+;; ===========================================================================
+
+@grouped
+
+   SIP-Accounting-Information ::= < AVP Header: 368 >
+
+         * [ SIP-Accounting-Server-URI ]
+         * [ SIP-Credit-Control-Server-URI ]
+         * [ AVP]
+
+   SIP-Server-Capabilities ::= < AVP Header: 372 >
+
+         * [ SIP-Mandatory-Capability ]
+         * [ SIP-Optional-Capability ]
+         * [ SIP-Server-URI ]
+         * [ AVP ]
+
+   SIP-Auth-Data-Item ::= < AVP Header: 376 >
+
+           { SIP-Authentication-Scheme }
+           [ SIP-Item-Number ]
+           [ SIP-Authenticate ]
+           [ SIP-Authorization ]
+           [ SIP-Authentication-Info ]
+         * [ AVP ]
+
+   SIP-Authenticate ::= < AVP Header: 379 >
+
+           { Digest-Realm }
+           { Digest-Nonce }
+           [ Digest-Domain ]
+           [ Digest-Opaque ]
+           [ Digest-Stale ]
+           [ Digest-Algorithm ]
+           [ Digest-Qop ]
+           [ Digest-HA1]
+         * [ Digest-Auth-Param ]
+         * [ AVP ]
+
+   SIP-Authorization ::= < AVP Header: 380 >
+
+           { Digest-Username }
+           { Digest-Realm }
+           { Digest-Nonce }
+           { Digest-URI }
+           { Digest-Response }
+           [ Digest-Algorithm ]
+           [ Digest-CNonce ]
+           [ Digest-Opaque ]
+           [ Digest-Qop ]
+           [ Digest-Nonce-Count ]
+           [ Digest-Method]
+           [ Digest-Entity-Body-Hash ]
+         * [ Digest-Auth-Param ]
+         * [ AVP ]
+
+   SIP-Authentication-Info ::= < AVP Header: 381 >
+
+           [ Digest-Nextnonce ]
+           [ Digest-Qop ]
+           [ Digest-Response-Auth ]
+           [ Digest-CNonce ]
+           [ Digest-Nonce-Count ]
+         * [ AVP ]
+
+   SIP-Deregistration-Reason ::= < AVP Header: 383 >
+
+           { SIP-Reason-Code }
+           [ SIP-Reason-Info ]
+         * [ AVP ]
+
+   SIP-User-Data ::= < AVP Header: 389 >
+
+           { SIP-User-Data-Type }
+           { SIP-User-Data-Contents }
+         * [ AVP ]
+
+;; ===========================================================================
+
+@enum SIP-Server-Assignment-Type
+
+   NO_ASSIGNMENT                  0
+   REGISTRATION                   1
+   RE_REGISTRATION                2
+   UNREGISTERED_USER              3
+   TIMEOUT_DEREGISTRATION         4
+   USER_DEREGISTRATION            5
+   TIMEOUT_DEREGISTRATION_STORE   6
+   USER_DEREGISTRATION_STORE      7
+   ADMINISTRATIVE_DEREGISTRATION  8
+   AUTHENTICATION_FAILURE         9
+   AUTHENTICATION_TIMEOUT        10
+   DEREGISTRATION_TOO_MUCH_DATA  11
+
+@enum SIP-Authentication-Scheme
+
+   DIGEST                         0
+
+@enum SIP-Reason-Code
+
+   PERMANENT_TERMINATION          0
+   NEW_SIP_SERVER_ASSIGNED        1
+   SIP_SERVER_CHANGE              2
+   REMOVE_SIP_SERVER              3
+
+@enum SIP-User-Authorization-Type
+
+   REGISTRATION                   0
+   DEREGISTRATION                 1
+   REGISTRATION_AND_CAPABILITIES  2
+
+@enum SIP-User-Data-Already-Available
+
+   USER_DATA_NOT_AVAILABLE        0
+   USER_DATA_ALREADY_AVAILABLE    1
+
+;; ===========================================================================
+
+@define Result-Code
+
+   ;; Success
+
+   FIRST_REGISTRATION                   2003
+   SUBSEQUENT_REGISTRATION              2004
+   UNREGISTERED_SERVICE                 2005
+   SUCCESS_SERVER_NAME_NOT_STORED       2006
+   SERVER_SELECTION                     2007
+   SUCCESS_AUTH_SENT_SERVER_NOT_STORED  2008
+
+   ;; Transient Failures
+
+   USER_NAME_REQUIRED                   4013
+
+   ;; Permanent Failures
+
+   USER_UNKNOWN                         5032
+   IDENTITIES_DONT_MATCH                5033
+   IDENTITY_NOT_REGISTERED              5034
+   ROAMING_NOT_ALLOWED                  5035
+   IDENTITY_ALREADY_REGISTERED          5036
+   AUTH_SCHEME_NOT_SUPPORTED            5037
+   IN_ASSIGNMENT_TYPE                   5038
+   TOO_MUCH_DATA                        5039
+   NOT_SUPPORTED_USER_DATA              5040
diff --git a/lib/diameter/include/diameter.hrl b/lib/diameter/include/diameter.hrl
index 0fa7fd406f..4273262015 100644
--- a/lib/diameter/include/diameter.hrl
+++ b/lib/diameter/include/diameter.hrl
@@ -107,6 +107,21 @@
          transport = sctp,       %% | tcp,
          protocol  = diameter}). %% | radius | 'tacacs+'
 
+%% A diameter_callback record can be specified as an application
+%% module in order to selectively receive callbacks or alter their
+%% form.
+-record(diameter_callback,
+        {peer_up,
+         peer_down,
+         pick_peer,
+         prepare_request,
+         prepare_retransmit,
+         handle_request,
+         handle_answer,
+         handle_error,
+         default,
+         extra = []}).
+
 %% The diameter service and diameter_apps records are only passed
 %% through the transport interface when starting a transport process,
 %% although typically a transport implementation will (and probably
diff --git a/lib/diameter/src/Makefile b/lib/diameter/src/Makefile
index eea2aa894d..dbfaa4e140 100644
--- a/lib/diameter/src/Makefile
+++ b/lib/diameter/src/Makefile
@@ -54,14 +54,16 @@ VPATH = .:base:compiler:transport:gen
 
 include modules.mk
 
+# Modules generated from dictionary specifications.
 DICT_MODULES = $(DICTS:%=gen/diameter_gen_%)
 DICT_ERLS    = $(DICT_MODULES:%=%.erl)
 DICT_HRLS    = $(DICT_MODULES:%=%.hrl)
 
 # Modules to build before compiling dictionaries.
-COMPILER_MODULES = $(filter compiler/%, $(CT_MODULES))
+COMPILER_MODULES = $(notdir $(filter compiler/%, $(CT_MODULES))) \
+                   $(DICT_YRL)
 
-# All handwritten modules.
+# All handwritten modules from which a depend.mk is generated.
 MODULES = \
 	$(RT_MODULES) \
 	$(CT_MODULES)
@@ -74,17 +76,21 @@ APP_MODULES = \
 # Modules for which to build beams.
 TARGET_MODULES = \
 	$(APP_MODULES) \
-	$(CT_MODULES)
+	$(CT_MODULES) \
+	$(DICT_YRL:%=gen/%)
 
 # What to build for the 'opt' target.
 TARGET_FILES = \
-	$(patsubst %,$(EBIN)/%.$(EMULATOR),$(notdir $(TARGET_MODULES))) \
+	$(patsubst %, $(EBIN)/%.$(EMULATOR), $(notdir $(TARGET_MODULES))) \
 	$(APP_TARGET) \
 	$(APPUP_TARGET)
 
 # Subdirectories of src to release modules into.
 TARGET_DIRS = $(sort $(dir $(TARGET_MODULES)))
 
+# Ditto for examples.
+EXAMPLE_DIRS = $(sort $(dir $(EXAMPLES)))
+
 APP_FILE   = diameter.app
 APP_SRC    = $(APP_FILE).src
 APP_TARGET = $(EBIN)/$(APP_FILE)
@@ -125,6 +131,10 @@ opt: $(TARGET_FILES)
 debug:
 	@$(MAKE) TYPE=debug opt
 
+# The dictionary parser.
+gen/$(DICT_YRL).erl: compiler/$(DICT_YRL).yrl
+	$(ERLC) -Werror -o $(@D) $<
+
 # Generate the app file.
 $(APP_TARGET): $(APP_SRC) ../vsn.mk modules.mk
 	M=`echo $(notdir $(APP_MODULES)) | tr ' ' ,`; \
@@ -146,6 +156,8 @@ info:
 	@echo ========================================
 	@$(call list,DICTS)
 	@echo
+	@$(call list,DICT_YRL)
+	@echo
 	@$(call list,RT_MODULES)
 	@echo
 	@$(call list,CT_MODULES)
@@ -160,11 +172,13 @@ info:
 	@echo
 	@$(call list,EXAMPLES)
 	@echo
+	@$(call list,EXAMPLE_DIRS)
+	@echo
 	@$(call list,BINS)
 	@echo ========================================
 
 clean:
-	rm -f $(TARGET_FILES) $(DICT_ERLS) $(DICT_HRLS)
+	rm -f $(TARGET_FILES) gen/*
 	rm -f depend.mk
 
 # ----------------------------------------------------
@@ -180,22 +194,29 @@ endif
 # Can't $(INSTALL_DIR) more than one directory at a time on Solaris.
 
 release_spec: opt
-	for d in bin ebin examples include src/dict $(TARGET_DIRS:%/=src/%); do \
+	for d in bin ebin include src/dict; do \
 	    $(INSTALL_DIR) $(RELSYSDIR)/$$d; \
 	done
 	$(INSTALL_SCRIPT) $(BINS:%=../bin/%) $(RELSYSDIR)/bin
 	$(INSTALL_DATA) $(TARGET_FILES) $(RELSYSDIR)/ebin
-	$(INSTALL_DATA) $(EXAMPLES:%=../examples/%) $(RELSYSDIR)/examples
 	$(INSTALL_DATA) $(EXTERNAL_HRLS:%=../include/%) $(DICT_HRLS) \
 	                $(RELSYSDIR)/include
 	$(INSTALL_DATA) $(DICTS:%=dict/%.dia) $(RELSYSDIR)/src/dict
 	$(MAKE) $(TARGET_DIRS:%/=release_src_%)
+	$(MAKE) $(EXAMPLE_DIRS:%/=release_examples_%)
 
 $(TARGET_DIRS:%/=release_src_%): release_src_%:
-	$(INSTALL_DATA) $(filter $*/%,$(TARGET_MODULES:%=%.erl) \
-	                              $(INTERNAL_HRLS)) \
+	$(INSTALL_DIR) $(RELSYSDIR)/src/$*
+	$(INSTALL_DATA) $(filter $*/%, $(TARGET_MODULES:%=%.erl) \
+	                               $(INTERNAL_HRLS)) \
+	                $(filter $*/%, compiler/$(DICT_YRL).yrl) \
 	                $(RELSYSDIR)/src/$*
 
+$(EXAMPLE_DIRS:%/=release_examples_%): release_examples_%:
+	$(INSTALL_DIR) $(RELSYSDIR)/examples/$*
+	$(INSTALL_DATA) $(patsubst %, ../examples/%, $(filter $*/%, $(EXAMPLES))) \
+	                $(RELSYSDIR)/examples/$*
+
 release_docs_spec:
 
 # ----------------------------------------------------
@@ -207,7 +228,7 @@ gen/diameter_gen_base_accounting.hrl gen/diameter_gen_relay.hrl: \
 	$(EBIN)/diameter_gen_base_rfc3588.$(EMULATOR)
 
 gen/diameter_gen_base_rfc3588.erl gen/diameter_gen_base_rfc3588.hrl: \
-	$(COMPILER_MODULES:compiler/%=$(EBIN)/%.$(EMULATOR))
+	$(COMPILER_MODULES:%=$(EBIN)/%.$(EMULATOR))
 
 $(DICT_MODULES:gen/%=$(EBIN)/%.$(EMULATOR)): \
 	$(INCDIR)/diameter.hrl \
@@ -224,10 +245,13 @@ depend.mk: depend.sed $(MODULES:%=%.erl) Makefile
 
 -include depend.mk
 
-.PRECIOUS: $(DICT_ERLS) $(DICT_HRLS)
 .PHONY: app clean depend dict info release_subdir
 .PHONY: debug opt release_docs_spec release_spec
 .PHONY: $(TARGET_DIRS:%/=%) $(TARGET_DIRS:%/=release_src_%)
+.PHONY: $(EXAMPLE_DIRS:%/=release_examples_%)
+
+# Keep intermediate files.
+.SECONDARY: $(DICT_ERLS) $(DICT_HRLS) gen/$(DICT_YRL:%=%.erl)
 
 # ----------------------------------------------------
 # Targets using secondary expansion (make >= 3.81)
@@ -237,4 +261,6 @@ depend.mk: depend.sed $(MODULES:%=%.erl) Makefile
 
 # Make beams from a subdirectory.
 $(TARGET_DIRS:%/=%): \
-  $$(patsubst $$@/%,$(EBIN)/%.$(EMULATOR),$$(filter $$@/%,$(TARGET_MODULES)))
+  $$(patsubst $$@/%, \
+              $(EBIN)/%.$(EMULATOR), \
+              $$(filter $$@/%, $(TARGET_MODULES) compiler/$(DICT_YRL)))
diff --git a/lib/diameter/src/base/diameter.erl b/lib/diameter/src/base/diameter.erl
index 2f721421d8..336f0c1f2d 100644
--- a/lib/diameter/src/base/diameter.erl
+++ b/lib/diameter/src/base/diameter.erl
@@ -38,17 +38,47 @@
          service_info/2]).
 
 %% Start/stop the application. In a "real" application this should
-%% typically be a consequence of specifying diameter in a release file
-%% rather than by calling start/stop explicitly.
+%% typically be a consequence of a release file rather than by calling
+%% start/stop explicitly.
 -export([start/0,
          stop/0]).
 
+-export_type([evaluable/0,
+              app_alias/0,
+              service_name/0,
+              capability/0,
+              peer_filter/0,
+              service_opt/0,
+              application_opt/0,
+              app_module/0,
+              transport_ref/0,
+              transport_opt/0,
+              transport_pred/0,
+              call_opt/0]).
+
+-export_type(['OctetString'/0,
+              'Integer32'/0,
+              'Integer64'/0,
+              'Unsigned32'/0,
+              'Unsigned64'/0,
+              'Float32'/0,
+              'Float64'/0,
+              'Grouped'/0,
+              'Address'/0,
+              'Time'/0,
+              'UTF8String'/0,
+              'DiameterIdentity'/0,
+              'DiameterURI'/0,
+              'Enumerated'/0,
+              'IPFilterRule'/0,
+              'QoSFilterRule'/0]).
+
+-include_lib("diameter/include/diameter.hrl").
 -include("diameter_internal.hrl").
--include("diameter_types.hrl").
 
-%%% --------------------------------------------------------------------------
-%%% start/0
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% start/0
+%% ---------------------------------------------------------------------------
 
 -spec start()
    -> ok
@@ -57,9 +87,9 @@
 start() ->
     application:start(?APPLICATION).
 
-%%% --------------------------------------------------------------------------
-%%% stop/0
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% stop/0
+%% ---------------------------------------------------------------------------
 
 -spec stop()
    -> ok
@@ -68,9 +98,9 @@ start() ->
 stop() ->
     application:stop(?APPLICATION).
 
-%%% --------------------------------------------------------------------------
-%%% start_service/2
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% start_service/2
+%% ---------------------------------------------------------------------------
 
 -spec start_service(service_name(), [service_opt()])
    -> ok
@@ -80,9 +110,9 @@ start_service(SvcName, Opts)
   when is_list(Opts) ->
     diameter_config:start_service(SvcName, Opts).
 
-%%% --------------------------------------------------------------------------
-%%% stop_service/1
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% stop_service/1
+%% ---------------------------------------------------------------------------
 
 -spec stop_service(service_name())
    -> ok
@@ -91,9 +121,9 @@ start_service(SvcName, Opts)
 stop_service(SvcName) ->
     diameter_config:stop_service(SvcName).
 
-%%% --------------------------------------------------------------------------
-%%% services/0
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% services/0
+%% ---------------------------------------------------------------------------
 
 -spec services()
    -> [service_name()].
@@ -101,9 +131,9 @@ stop_service(SvcName) ->
 services() ->
     [Name || {Name, _} <- diameter_service:services()].
 
-%%% --------------------------------------------------------------------------
-%%% service_info/2
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% service_info/2
+%% ---------------------------------------------------------------------------
 
 -spec service_info(service_name(), atom() | [atom()])
    -> any().
@@ -111,9 +141,9 @@ services() ->
 service_info(SvcName, Option) ->
     diameter_service:info(SvcName, Option).
 
-%%% --------------------------------------------------------------------------
-%%% add_transport/3
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% add_transport/3
+%% ---------------------------------------------------------------------------
 
 -spec add_transport(service_name(), {listen|connect, [transport_opt()]})
    -> {ok, transport_ref()}
@@ -123,9 +153,9 @@ add_transport(SvcName, {T, Opts} = Cfg)
   when is_list(Opts), (T == connect orelse T == listen) ->
     diameter_config:add_transport(SvcName, Cfg).
 
-%%% --------------------------------------------------------------------------
-%%% remove_transport/2
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% remove_transport/2
+%% ---------------------------------------------------------------------------
 
 -spec remove_transport(service_name(), transport_pred())
    -> ok | {error, term()}.
@@ -133,12 +163,9 @@ add_transport(SvcName, {T, Opts} = Cfg)
 remove_transport(SvcName, Pred) ->
     diameter_config:remove_transport(SvcName, Pred).
 
-%%% --------------------------------------------------------------------------
-%%% # subscribe(SvcName)
-%%%
-%%% Description: Subscribe to #diameter_event{} messages for the specified
-%%%              service.
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% subscribe/1
+%% ---------------------------------------------------------------------------
 
 -spec subscribe(service_name())
    -> true.
@@ -146,9 +173,9 @@ remove_transport(SvcName, Pred) ->
 subscribe(SvcName) ->
     diameter_service:subscribe(SvcName).
 
-%%% --------------------------------------------------------------------------
-%%% # unsubscribe(SvcName)
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% unsubscribe/1
+%% ---------------------------------------------------------------------------
 
 -spec unsubscribe(service_name())
    -> true.
@@ -156,9 +183,9 @@ subscribe(SvcName) ->
 unsubscribe(SvcName) ->
     diameter_service:unsubscribe(SvcName).
 
-%%% ----------------------------------------------------------
-%%% # session_id/1
-%%% ----------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% session_id/1
+%% ---------------------------------------------------------------------------
 
 -spec session_id('DiameterIdentity'())
    -> 'OctetString'().
@@ -166,9 +193,9 @@ unsubscribe(SvcName) ->
 session_id(Ident) ->
     diameter_session:session_id(Ident).
 
-%%% ----------------------------------------------------------
-%%% # origin_state_id/0
-%%% ----------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% origin_state_id/0
+%% ---------------------------------------------------------------------------
 
 -spec origin_state_id()
    -> 'Unsigned32'().
@@ -176,9 +203,9 @@ session_id(Ident) ->
 origin_state_id() ->
     diameter_session:origin_state_id().
 
-%%% --------------------------------------------------------------------------
-%%% # call/[34]
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% call/3,4
+%% ---------------------------------------------------------------------------
 
 -spec call(service_name(), app_alias(), any(), [call_opt()])
    -> any().
@@ -188,3 +215,125 @@ call(SvcName, App, Message, Options) ->
 
 call(SvcName, App, Message) ->
     call(SvcName, App, Message, []).
+
+%% ===========================================================================
+
+%% Diameter basic types
+
+-type 'OctetString'() :: iolist().
+-type 'Integer32'()   :: -2147483647..2147483647.
+-type 'Integer64'()   :: -9223372036854775807..9223372036854775807.
+-type 'Unsigned32'()  :: 0..4294967295.
+-type 'Unsigned64'()  :: 0..18446744073709551615.
+-type 'Float32'()     :: '-infinity' | float() | infinity.
+-type 'Float64'()     :: '-infinity' | float() | infinity.
+-type 'Grouped'()     :: list() | tuple().
+
+%% Diameter derived types
+
+-type 'Address'()
+   :: inet:ip_address()
+    | string().
+
+-type 'Time'()             :: {{integer(), 1..12, 1..31},
+                               {0..23, 0..59, 0..59}}.
+-type 'UTF8String'()       :: iolist().
+-type 'DiameterIdentity'() :: 'OctetString'().
+-type 'DiameterURI'()      :: 'OctetString'().
+-type 'Enumerated'()       :: 'Integer32'().
+-type 'IPFilterRule'()     :: 'OctetString'().
+-type 'QoSFilterRule'()    :: 'OctetString'().
+
+%% The handle to a service.
+
+-type service_name()
+   :: any().
+
+%% Capabilities options/avps on start_service/2 and/or add_transport/2
+
+-type capability()
+   :: {'Origin-Host',                    'DiameterIdentity'()}
+    | {'Origin-Realm',                   'DiameterIdentity'()}
+    | {'Host-IP-Address',                ['Address'()]}
+    | {'Vendor-Id',                      'Unsigned32'()}
+    | {'Product-Name',                   'UTF8String'()}
+    | {'Supported-Vendor-Id',            ['Unsigned32'()]}
+    | {'Auth-Application-Id',            ['Unsigned32'()]}
+    | {'Vendor-Specific-Application-Id', ['Grouped'()]}
+    | {'Firmware-Revision',              'Unsigned32'()}.
+
+%% Filters for call/4
+
+-type peer_filter()
+   :: none
+    | host
+    | realm
+    | {host,  any|'DiameterIdentity'()}
+    | {realm, any|'DiameterIdentity'()}
+    | {eval, evaluable()}
+    | {neg, peer_filter()}
+    | {all, [peer_filter()]}
+    | {any, [peer_filter()]}.
+
+-type evaluable()
+   :: {module(), atom(), list()}
+    | fun()
+    | maybe_improper_list(evaluable(), list()).
+
+%% Options passed to start_service/2
+
+-type service_opt()
+   :: capability()
+    | {application, [application_opt()]}.
+
+-type application_opt()
+   :: {alias, app_alias()}
+    | {dictionary, module()}
+    | {module, app_module()}
+    | {state, any()}
+    | {call_mutates_state, boolean()}
+    | {answer_errors, callback|report|discard}.
+
+-type app_alias()
+   :: any().
+
+-type app_module()
+   :: module()
+    | maybe_improper_list(module(), list())
+    | #diameter_callback{}.
+
+%% Identifier returned by add_transport/2
+
+-type transport_ref()
+   :: reference().
+
+%% Options passed to add_transport/2
+
+-type transport_opt()
+   :: {transport_module, atom()}
+    | {transport_config, any()}
+    | {applications, [app_alias()]}
+    | {capabilities, [capability()]}
+    | {capabilities_cb, evaluable()}
+    | {watchdog_timer, 'Unsigned32'() | {module(), atom(), list()}}
+    | {reconnect_timer, 'Unsigned32'()}
+    | {private, any()}.
+
+%% Predicate passed to remove_transport/2
+
+-type transport_pred()
+   :: fun((reference(), connect|listen, list()) -> boolean())
+    | fun((reference(), list()) -> boolean())
+    | fun((list()) -> boolean())
+    | reference()
+    | list()
+    | {connect|listen, transport_pred()}
+    | {atom(), atom(), list()}.
+
+%% Options passed to call/4
+
+-type call_opt()
+   :: {extra, list()}
+    | {filter, peer_filter()}
+    | {timeout, 'Unsigned32'()}
+    | detach.
diff --git a/lib/diameter/src/base/diameter_callback.erl b/lib/diameter/src/base/diameter_callback.erl
index 6d5c8cdca1..90431099b0 100644
--- a/lib/diameter/src/base/diameter_callback.erl
+++ b/lib/diameter/src/base/diameter_callback.erl
@@ -18,11 +18,58 @@
 %%
 
 %%
-%% A minimal application callback module.
+%% A diameter callback module that can redirect selected callbacks,
+%% providing reasonable default implementations otherwise.
+%%
+%% To order alternate callbacks, configure a #diameter_callback record
+%% as the Diameter application callback in question. The record has
+%% one field for each callback function as well as 'default' and
+%% 'extra' fields. A function-specific field can be set to a
+%% diameter:evaluable() in order to redirect the callback
+%% corresponding to that field, or to 'false' to request the default
+%% callback implemented in this module. If neither of these fields are
+%% set then the 'default' field determines the form of the callback: a
+%% module name results in the usual callback as if the module had been
+%% configured directly as the callback module, a diameter_evaluable()
+%% in a callback applied to the atom-valued callback name and argument
+%% list. For all callbacks not to this module, the 'extra' field is a
+%% list of additional arguments, following arguments supplied by
+%% diameter but preceeding those of the diameter:evaluable() being
+%% applied.
+%%
+%% For example, the following config to diameter:start_service/2, in
+%% an 'application' tuple, would result in only a mymod:peer_down/3
+%% callback, this module implementing the remaining callbacks.
+%%
+%%   {module, #diameter_callback{peer_down = {mymod, down, []}}}
+%%
+%% Equivalently, this can also be specified with a [Mod | Args]
+%% field/value list as follows.
+%%
+%%   {module, [diameter_callback, {peer_down, {mymod, down, []}}]}
+%%
+%% The following would result in this module suppying peer_up and
+%% peer_down callback, others taking place in module mymod.
+%%
+%%   {module, #diameter_callback{peer_up = false,
+%%                               peer_down = false,
+%%                               default = mymod}}
+%%
+%% The following would result in all callbacks taking place as
+%% calls to mymod:diameter/2.
+%%
+%%   {module, #diameter_callback{default = {mymod, diameter, []}}}
+%%
+%% The following are equivalent and result in all callbacks being
+%% provided by this module.
+%%
+%%   {module, #diameter_callback{}}
+%%   {module, diameter_callback}
 %%
 
 -module(diameter_callback).
 
+%% Default callbacks when no aleternate is specified.
 -export([peer_up/3,
          peer_down/3,
          pick_peer/4,
@@ -32,6 +79,16 @@
          handle_answer/4,
          handle_error/4]).
 
+%% Callbacks taking a #diameter_callback record.
+-export([peer_up/4,
+         peer_down/4,
+         pick_peer/5,
+         prepare_request/4,
+         prepare_retransmit/4,
+         handle_request/4,
+         handle_answer/5,
+         handle_error/5]).
+
 -include_lib("diameter/include/diameter.hrl").
 
 %%% ----------------------------------------------------------
@@ -41,51 +98,137 @@
 peer_up(_Svc, _Peer, State) ->
     State.
 
+peer_up(Svc, Peer, State, D) ->
+    cb(peer_up,
+       [Svc, Peer, State],
+       D#diameter_callback.peer_up,
+       D).
+
 %%% ----------------------------------------------------------
 %%% # peer_down/3
 %%% ----------------------------------------------------------
 
-peer_down(_SvcName, _Peer, State) ->
+peer_down(_Svc, _Peer, State) ->
     State.
 
+peer_down(Svc, Peer, State, D) ->
+    cb(peer_down,
+       [Svc, Peer, State],
+       D#diameter_callback.peer_down,
+       D).
+
 %%% ----------------------------------------------------------
 %%% # pick_peer/4
 %%% ----------------------------------------------------------
 
-pick_peer([Peer|_], _, _SvcName, _State) ->
-    {ok, Peer}.
+pick_peer([Peer|_], _, _Svc, _State) ->
+    {ok, Peer};
+pick_peer([], _, _Svc, _State) ->
+    false.
+
+pick_peer(PeersL, PeersR, Svc, State, D) ->
+    cb(pick_peer,
+       [PeersL, PeersR, Svc, State],
+       D#diameter_callback.pick_peer,
+       D).
 
 %%% ----------------------------------------------------------
 %%% # prepare_request/3
 %%% ----------------------------------------------------------
 
-prepare_request(Pkt, _SvcName, _Peer) ->
+prepare_request(Pkt, _Svc, _Peer) ->
     {send, Pkt}.
 
+prepare_request(Pkt, Svc, Peer, D) ->
+    cb(prepare_request,
+       [Pkt, Svc, Peer],
+       D#diameter_callback.prepare_request,
+       D).
+
 %%% ----------------------------------------------------------
 %%% # prepare_retransmit/3
 %%% ----------------------------------------------------------
 
-prepare_retransmit(Pkt, _SvcName, _Peer) ->
+prepare_retransmit(Pkt, _Svc, _Peer) ->
     {send, Pkt}.
 
+prepare_retransmit(Pkt, Svc, Peer, D) ->
+    cb(prepare_retransmit,
+       [Pkt, Svc, Peer],
+       D#diameter_callback.prepare_retransmit,
+       D).
+
 %%% ----------------------------------------------------------
 %%% # handle_request/3
 %%% ----------------------------------------------------------
 
-handle_request(_Pkt, _SvcName, _Peer) ->
+handle_request(_Pkt, _Svc, _Peer) ->
     {protocol_error, 3001}.  %% DIAMETER_COMMAND_UNSUPPORTED
 
+handle_request(Pkt, Svc, Peer, D) ->
+    cb(handle_request,
+       [Pkt, Svc, Peer],
+       D#diameter_callback.handle_request,
+       D).
+
 %%% ----------------------------------------------------------
 %%% # handle_answer/4
 %%% ----------------------------------------------------------
 
-handle_answer(#diameter_packet{msg = Ans}, _Req, _SvcName, _Peer) ->
-    Ans.
+handle_answer(#diameter_packet{msg = Ans, errors = []}, _Req, _Svc, _Peer) ->
+    Ans;
+handle_answer(#diameter_packet{msg = Ans, errors = Es}, _Req, _Svc, _Peer) ->
+    [Ans | Es].
+
+handle_answer(Pkt, Req, Svc, Peer, D) ->
+    cb(handle_answer,
+       [Pkt, Req, Svc, Peer],
+       D#diameter_callback.handle_answer,
+       D).
 
 %%% ---------------------------------------------------------------------------
 %%% # handle_error/4
 %%% ---------------------------------------------------------------------------
 
-handle_error(Reason, _Req, _SvcName, _Peer) ->
+handle_error(Reason, _Req, _Svc, _Peer) ->
     {error, Reason}.
+
+handle_error(Reason, Req, Svc, Peer, D) ->
+    cb(handle_error,
+       [Reason, Req, Svc, Peer],
+       D#diameter_callback.handle_error,
+       D).
+
+%% ===========================================================================
+
+%% cb/4
+
+%% Unspecified callback: use default field to determine something
+%% appropriate.
+cb(CB, Args, undefined, D) ->
+    cb(CB, Args, D);
+
+%% Explicitly requested default.
+cb(CB, Args, false, _) ->
+    apply(?MODULE, CB, Args);
+
+%% A specified callback.
+cb(_, Args, F, #diameter_callback{extra = X}) ->
+    diameter_lib:eval([[F|X] | Args]).
+
+%% cb/3
+
+%% No user-supplied default: call ours.
+cb(CB, Args, #diameter_callback{default = undefined}) ->
+    apply(?MODULE, CB, Args);
+
+%% Default is a module name: make the usual callback.
+cb(CB, Args, #diameter_callback{default = M,
+                                extra = X})
+  when is_atom(M) ->
+    apply(M, CB, Args ++ X);
+
+%% Default is something else: apply if to callback name and arguments.
+cb(CB, Args, #diameter_callback{default = F,
+                                extra = X}) ->
+    diameter_lib:eval([F, CB, Args | X]).
diff --git a/lib/diameter/src/base/diameter_capx.erl b/lib/diameter/src/base/diameter_capx.erl
index 842a9e6103..6c4d60ee9b 100644
--- a/lib/diameter/src/base/diameter_capx.erl
+++ b/lib/diameter/src/base/diameter_capx.erl
@@ -54,7 +54,6 @@
 
 -include_lib("diameter/include/diameter.hrl").
 -include("diameter_internal.hrl").
--include("diameter_types.hrl").
 -include("diameter_gen_base_rfc3588.hrl").
 
 -define(SUCCESS,    2001).  %% DIAMETER_SUCCESS
@@ -75,13 +74,17 @@ build_CER(Caps) ->
     try_it([fun bCER/1, Caps]).
 
 -spec recv_CER(#diameter_base_CER{}, #diameter_service{})
-   -> tried({['Unsigned32'()], #diameter_caps{}, #diameter_base_CEA{}}).
+   -> tried({[diameter:'Unsigned32'()],
+             #diameter_caps{},
+             #diameter_base_CEA{}}).
 
 recv_CER(CER, Svc) ->
     try_it([fun rCER/2, CER, Svc]).
 
 -spec recv_CEA(#diameter_base_CEA{}, #diameter_service{})
-   -> tried({['Unsigned32'()], ['Unsigned32'()], #diameter_caps{}}).
+   -> tried({[diameter:'Unsigned32'()],
+             [diameter:'Unsigned32'()],
+             #diameter_caps{}}).
 
 recv_CEA(CEA, Svc) ->
     try_it([fun rCEA/2, CEA, Svc]).
diff --git a/lib/diameter/src/base/diameter_config.erl b/lib/diameter/src/base/diameter_config.erl
index a6b48fe65b..9253af0de2 100644
--- a/lib/diameter/src/base/diameter_config.erl
+++ b/lib/diameter/src/base/diameter_config.erl
@@ -605,6 +605,13 @@ app_acc({application, Opts}, Acc) ->
 app_acc(_, Acc) ->
     Acc.
 
+init_mod(#diameter_callback{} = R) ->
+    init_mod([diameter_callback, R]);
+init_mod([diameter_callback, #diameter_callback{}] = L) ->
+    L;
+init_mod([diameter_callback = M | L])
+  when is_list(L) ->
+    [M, init_cb(L)];
 init_mod(M)
   when is_atom(M) ->
     [M];
@@ -614,6 +621,14 @@ init_mod([M|_] = L)
 init_mod(M) ->
     ?THROW({module, M}).
 
+init_cb(List) ->
+    Fields = record_info(fields, diameter_callback),
+    Defaults = lists:zip(Fields, tl(tuple_to_list(#diameter_callback{}))),
+    Values = [V || F <- Fields,
+                   D <- [proplists:get_value(F, Defaults)],
+                   V <- [proplists:get_value(F, List, D)]],
+    #diameter_callback{} = list_to_tuple([diameter_callback | Values]).
+
 init_mutable(M)
   when M == true;
        M == false ->
diff --git a/lib/diameter/src/base/diameter_peer_fsm.erl b/lib/diameter/src/base/diameter_peer_fsm.erl
index fae5d763dc..99644814d2 100644
--- a/lib/diameter/src/base/diameter_peer_fsm.erl
+++ b/lib/diameter/src/base/diameter_peer_fsm.erl
@@ -46,7 +46,6 @@
 
 -include_lib("diameter/include/diameter.hrl").
 -include("diameter_internal.hrl").
--include("diameter_types.hrl").
 -include("diameter_gen_base_rfc3588.hrl").
 
 -define(GOAWAY, ?'DIAMETER_BASE_DISCONNECT-CAUSE_DO_NOT_WANT_TO_TALK_TO_YOU').
@@ -78,7 +77,8 @@
          parent       :: pid(),
          transport    :: pid(),
          service      :: #diameter_service{},
-         dpr = false  :: false | {'Unsigned32'(), 'Unsigned32'()}}).
+         dpr = false  :: false | {diameter:'Unsigned32'(),
+                                  diameter:'Unsigned32'()}}).
                             %% | hop by hop and end to end identifiers
 
 %% There are non-3588 states possible as a consequence of 5.6.1 of the
diff --git a/lib/diameter/src/base/diameter_service.erl b/lib/diameter/src/base/diameter_service.erl
index 7adcf1c265..3dfdcee2b2 100644
--- a/lib/diameter/src/base/diameter_service.erl
+++ b/lib/diameter/src/base/diameter_service.erl
@@ -64,7 +64,6 @@
 
 -include_lib("diameter/include/diameter.hrl").
 -include("diameter_internal.hrl").
--include("diameter_types.hrl").
 
 -define(STATE_UP,   up).
 -define(STATE_DOWN, down).
@@ -117,7 +116,7 @@
         {pid  :: match(pid()),
          type :: match(connect | accept),
          ref  :: match(reference()),  %% key into diameter_config
-         options :: match([transport_opt()]), %% as passed to start_transport
+         options :: match([diameter:transport_opt()]),%% from start_transport
          op_state = ?STATE_DOWN :: match(?STATE_DOWN | ?STATE_UP),
          started = now(),      %% at process start
          conn = false :: match(boolean() | pid())}).
@@ -126,7 +125,7 @@
 %% Record representing a peer_fsm process.
 -record(conn,
         {pid   :: pid(),
-         apps  :: [{0..16#FFFFFFFF, app_alias()}], %% {Id, Alias}
+         apps  :: [{0..16#FFFFFFFF, diameter:app_alias()}], %% {Id, Alias}
          caps  :: #diameter_caps{},
          started = now(),  %% at process start
          peer  :: pid()}). %% key into peerT
@@ -137,16 +136,16 @@
          handler    :: match(pid()), %% request process
          transport  :: match(pid()), %% peer process
          caps       :: match(#diameter_caps{}),
-         app        :: match(app_alias()),  %% #diameter_app.alias
+         app        :: match(diameter:app_alias()),  %% #diameter_app.alias
          dictionary :: match(module()),     %% #diameter_app.dictionary
-         module     :: match(nonempty_improper_list(module(), list())),
+         module     :: match([module() | list()]),
                     %% #diameter_app.module
-         filter     :: match(peer_filter()),
+         filter     :: match(diameter:peer_filter()),
          packet     :: match(#diameter_packet{})}).
 
 %% Record call/4 options are parsed into.
 -record(options,
-        {filter = none  :: peer_filter(),
+        {filter = none  :: diameter:peer_filter(),
          extra = []     :: list(),
          timeout = ?DEFAULT_TIMEOUT :: 0..16#FFFFFFFF,
          detach = false :: boolean()}).
@@ -630,10 +629,6 @@ insert(Tbl, Rec) ->
     ets:insert(Tbl, Rec),
     Rec.
 
-monitor(Pid) ->
-    erlang:monitor(process, Pid),
-    Pid.
-
 %% Using the process dictionary for the callback state was initially
 %% just a way to make what was horrendous trace (big state record and
 %% much else everywhere) somewhat more readable. There's not as much
@@ -647,11 +642,6 @@ mod_state(Alias) ->
 mod_state(Alias, ModS) ->
     put({?MODULE, mod_state, Alias}, ModS).
 
-%% have_transport/2
-
-have_transport(SvcName, Ref) ->
-    [] /= diameter_config:have_transport(SvcName, Ref).
-
 %%% ---------------------------------------------------------------------------
 %%% # shutdown/2
 %%% ---------------------------------------------------------------------------
@@ -820,10 +810,10 @@ start(Ref, Type, Opts, #state{peerT = PeerT,
                               service = Svc})
   when Type == connect;
        Type == accept ->
-    Pid = monitor(s(Type, Ref, {ConnT,
-                                Opts,
-                                SvcName,
-                                merge_service(Opts, Svc)})),
+    Pid = s(Type, Ref, {ConnT,
+                        Opts,
+                        SvcName,
+                        merge_service(Opts, Svc)}),
     insert(PeerT, #peer{pid = Pid,
                         type = Type,
                         ref = Ref,
@@ -836,7 +826,13 @@ start(Ref, Type, Opts, #state{peerT = PeerT,
 %% callbacks.
 
 s(Type, Ref, T) ->
-    diameter_watchdog:start({Type, Ref}, T).
+    case diameter_watchdog:start({Type, Ref}, T) of
+        {_MRef, Pid} ->
+            Pid;
+        Pid when is_pid(Pid) ->  %% from old code
+            erlang:monitor(process, Pid),
+            Pid
+    end.
 
 %% merge_service/2
 
@@ -1131,7 +1127,7 @@ start_tc(Tc, T, _) ->
 %% tc_timeout/2
 
 tc_timeout({Ref, _Type, _Opts} = T, #state{service_name = SvcName} = S) ->
-    tc(have_transport(SvcName, Ref), T, S).
+    tc(diameter_config:have_transport(SvcName, Ref), T, S).
 
 tc(true, {Ref, Type, Opts}, #state{service_name = SvcName}
                             = S) ->
@@ -1159,7 +1155,7 @@ close(Pid, #state{service_name = SvcName,
           options = Opts}
         = fetch(PeerT, Pid),
 
-    c(Pid, have_transport(SvcName, Ref), Opts).
+    c(Pid, diameter_config:have_transport(SvcName, Ref), Opts).
 
 %% Tell watchdog to (maybe) die later ...
 c(Pid, true, Opts) ->
@@ -1490,7 +1486,7 @@ pd([], _) ->
 send_request(TPid, #diameter_packet{bin = Bin} = Pkt, Req, Timeout)
   when node() == node(TPid) ->
     %% Store the outgoing request before sending to avoid a race with
-   %% reply reception.
+    %% reply reception.
     TRef = store_request(TPid, Bin, Req, Timeout),
     send(TPid, Pkt),
     TRef;
@@ -1946,7 +1942,7 @@ reply(Msg, Dict, TPid, #diameter_packet{errors = Es,
   when [] == Es;
        is_record(hd(Msg), diameter_header) ->
     Pkt = diameter_codec:encode(Dict, make_answer_packet(Msg, ReqPkt)),
-    incr(send, Pkt, Dict, TPid),  %% count result codes in sent answers
+    incr(send, Pkt, TPid),  %% count result codes in sent answers
     send(TPid, Pkt#diameter_packet{transport_data = TD});
 
 %% Or not: set Result-Code and Failed-AVP AVP's.
@@ -2218,12 +2214,11 @@ a(#diameter_packet{errors = []}
   SvcName,
   AE,
   #request{transport = TPid,
-           dictionary = Dict,
            caps = Caps,
            packet = P}
   = Req) ->
     try
-        incr(in, Pkt, Dict, TPid)
+        incr(in, Pkt, TPid)
     of
         _ ->
             cb(Req, handle_answer, [Pkt, msg(P), SvcName, {TPid, Caps}])
@@ -2254,18 +2249,17 @@ e(Pkt, SvcName, discard, Req) ->
 %% Increment a stats counter for an incoming or outgoing message.
 
 %% TODO: fix
-incr(_, #diameter_packet{msg = undefined}, _, _) ->
+incr(_, #diameter_packet{msg = undefined}, _) ->
     ok;
 
-incr(Dir, Pkt, Dict, TPid)
+incr(Dir, Pkt, TPid)
   when is_pid(TPid) ->
     #diameter_packet{header = #diameter_header{is_error = E}
                             = Hdr,
                      msg = Rec}
         = Pkt,
 
-    D  = choose(E, ?BASE, Dict),
-    RC = int(get_avp_value(D, 'Result-Code', Rec)),
+    RC = int(get_avp_value(?BASE, 'Result-Code', Rec)),
     PE = is_protocol_error(RC),
 
     %% Check that the E bit is set only for 3xxx result codes.
@@ -2273,7 +2267,7 @@ incr(Dir, Pkt, Dict, TPid)
         orelse (E andalso PE)
         orelse x({invalid_error_bit, RC}, answer, [Dir, Pkt]),
 
-    Ctr = rc_counter(D, Rec, RC),
+    Ctr = rc_counter(Rec, RC),
     is_tuple(Ctr)
         andalso incr(TPid, {diameter_codec:msg_id(Hdr), Dir, Ctr}).
 
@@ -2291,11 +2285,11 @@ incr(TPid, Counter) ->
 %% Maintain statistics assuming one or the other, not both, which is
 %% surely the intent of the RFC.
 
-rc_counter(_, _, RC)
+rc_counter(_, RC)
   when is_integer(RC) ->
     {'Result-Code', RC};
-rc_counter(D, Rec, _) ->
-    rcc(get_avp_value(D, 'Experimental-Result', Rec)).
+rc_counter(Rec, _) ->
+    rcc(get_avp_value(?BASE, 'Experimental-Result', Rec)).
 
 %% Outgoing answers may be in any of the forms messages can be sent
 %% in. Incoming messages will be records. We're assuming here that the
@@ -2355,8 +2349,8 @@ rt(#request{packet = #diameter_packet{msg = undefined}}, _) ->
     false;  %% TODO: Not what we should do.
 
 %% ... or not.
-rt(#request{packet = #diameter_packet{msg = Msg}, dictionary = D} = Req, S) ->
-    find_transport(get_destination(Msg, D), Req, S).
+rt(#request{packet = #diameter_packet{msg = Msg}} = Req, S) ->
+    find_transport(get_destination(Msg), Req, S).
 
 %%% ---------------------------------------------------------------------------
 %%% # report_status/5
@@ -2468,12 +2462,12 @@ find_transport({alias, Alias}, Msg, Opts, #state{service = Svc} = S) ->
 find_transport(#diameter_app{} = App, Msg, Opts, S) ->
     ft(App, Msg, Opts, S).
 
-ft(#diameter_app{module = Mod, dictionary = D} = App, Msg, Opts, S) ->
+ft(#diameter_app{module = Mod} = App, Msg, Opts, S) ->
     #options{filter = Filter,
              extra = Xtra}
         = Opts,
     pick_peer(App#diameter_app{module = Mod ++ Xtra},
-              get_destination(Msg, D),
+              get_destination(Msg),
               Filter,
               S);
 ft(false = No, _, _, _) ->
@@ -2509,11 +2503,11 @@ find_transport([_,_] = RH,
               Filter,
               S).
 
-%% get_destination/2
+%% get_destination/1
 
-get_destination(Msg, Dict) ->
-    [str(get_avp_value(Dict, 'Destination-Realm', Msg)),
-     str(get_avp_value(Dict, 'Destination-Host', Msg))].
+get_destination(Msg) ->
+    [str(get_avp_value(?BASE, 'Destination-Realm', Msg)),
+     str(get_avp_value(?BASE, 'Destination-Host', Msg))].
 
 %% This is not entirely correct. The avp could have an arity 1, in
 %% which case an empty list is a DiameterIdentity of length 0 rather
diff --git a/lib/diameter/src/base/diameter_session.erl b/lib/diameter/src/base/diameter_session.erl
index bb91e97f39..4c468f207c 100644
--- a/lib/diameter/src/base/diameter_session.erl
+++ b/lib/diameter/src/base/diameter_session.erl
@@ -26,8 +26,6 @@
 %% towards diameter_sup
 -export([init/0]).
 
--include("diameter_types.hrl").
-
 -define(INT64, 16#FFFFFFFFFFFFFFFF).
 -define(INT32, 16#FFFFFFFF).
 
@@ -73,7 +71,7 @@
 %%       consumed (see Section 6.2) SHOULD be silently discarded.
 
 -spec sequence()
-   -> 'Unsigned32'().
+   -> diameter:'Unsigned32'().
 
 sequence() ->
     Instr = {_Pos = 2, _Incr = 1, _Threshold = ?INT32, _SetVal = 0},
@@ -97,7 +95,7 @@ sequence() ->
 %%    counter retained in non-volatile memory across restarts.
 
 -spec origin_state_id()
-   -> 'Unsigned32'().
+   -> diameter:'Unsigned32'().
 
 origin_state_id() ->
     ets:lookup_element(diameter_sequence, origin_state_id, 2).
@@ -130,8 +128,8 @@ origin_state_id() ->
 %%    <optional value> is implementation specific but may include a modem's
 %%    device Id, a layer 2 address, timestamp, etc.
 
--spec session_id('DiameterIdentity'())
-   -> 'OctetString'().
+-spec session_id(diameter:'DiameterIdentity'())
+   -> diameter:'OctetString'().
 %% Note that Session-Id has type UTF8String and that any OctetString
 %% is a UTF8String.
 
diff --git a/lib/diameter/src/base/diameter_types.erl b/lib/diameter/src/base/diameter_types.erl
index 6b1b1b8d39..9ae289034c 100644
--- a/lib/diameter/src/base/diameter_types.erl
+++ b/lib/diameter/src/base/diameter_types.erl
@@ -42,8 +42,23 @@
          'IPFilterRule'/2,
          'QoSFilterRule'/2]).
 
+%% Functions taking the AVP name in question as second parameter.
+-export(['OctetString'/3,
+         'Integer32'/3,
+         'Integer64'/3,
+         'Unsigned32'/3,
+         'Unsigned64'/3,
+         'Float32'/3,
+         'Float64'/3,
+         'Address'/3,
+         'Time'/3,
+         'UTF8String'/3,
+         'DiameterIdentity'/3,
+         'DiameterURI'/3,
+         'IPFilterRule'/3,
+         'QoSFilterRule'/3]).
+
 -include_lib("diameter/include/diameter.hrl").
--include("diameter_internal.hrl").
 
 -define(UINT(N,X), ((0 =< X) andalso (X < 1 bsl N))).
 -define(SINT(N,X), ((-1*(1 bsl (N-1)) < X) andalso (X < 1 bsl (N-1)))).
@@ -433,6 +448,50 @@ uenc([C | Rest], Acc) ->
 'Time'(encode, zero) ->
     <<0:32>>.
 
+%% -------------------------------------------------------------------------
+
+'OctetString'(M, _, Data) ->
+    'OctetString'(M, Data).
+
+'Integer32'(M, _, Data) ->
+    'Integer32'(M, Data).
+
+'Integer64'(M, _, Data) ->
+    'Integer64'(M, Data).
+
+'Unsigned32'(M, _, Data) ->
+    'Unsigned32'(M, Data).
+
+'Unsigned64'(M, _, Data) ->
+    'Unsigned64'(M, Data).
+
+'Float32'(M, _, Data) ->
+    'Float32'(M, Data).
+
+'Float64'(M, _, Data) ->
+    'Float64'(M, Data).
+
+'Address'(M, _, Data) ->
+    'Address'(M, Data).
+
+'Time'(M, _, Data) ->
+    'Time'(M, Data).
+
+'UTF8String'(M, _, Data) ->
+    'UTF8String'(M, Data).
+
+'DiameterIdentity'(M, _, Data) ->
+    'DiameterIdentity'(M, Data).
+
+'DiameterURI'(M, _, Data) ->
+    'DiameterURI'(M, Data).
+
+'IPFilterRule'(M, _, Data) ->
+    'IPFilterRule'(M, Data).
+
+'QoSFilterRule'(M, _, Data) ->
+    'QoSFilterRule'(M, Data).
+
 %% ===========================================================================
 %% ===========================================================================
 
diff --git a/lib/diameter/src/base/diameter_types.hrl b/lib/diameter/src/base/diameter_types.hrl
deleted file mode 100644
index 02bf8a74dd..0000000000
--- a/lib/diameter/src/base/diameter_types.hrl
+++ /dev/null
@@ -1,139 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-%% Types for function specifications, primarily in diameter.erl. This
-%% has nothing specifically to do with diameter_types.erl.
-%%
-
--type evaluable()
-   :: {module(), atom(), list()}
-    | fun()
-    | nonempty_improper_list(evaluable(), list()).   %% [evaluable() | Args]
-
--type app_alias()
-   :: any().
-
--type service_name()
-   :: any().
-
-%% Diameter basic types
-
--type 'OctetString'() :: iolist().
--type 'Integer32'()   :: -2147483647..2147483647.
--type 'Integer64'()   :: -9223372036854775807..9223372036854775807.
--type 'Unsigned32'()  :: 0..4294967295.
--type 'Unsigned64'()  :: 0..18446744073709551615.
--type 'Float32'()     :: '-infinity' | float() | infinity.
--type 'Float64'()     :: '-infinity' | float() | infinity.
--type 'Grouped'()     :: list() | tuple().
-
-%% Diameter derived types
-
--type 'Address'()
-   :: inet:ip_address()
-    | string().
-
--type 'Time'()             :: {{integer(), 1..12, 1..31},
-                               {0..23, 0..59, 0..59}}.
--type 'UTF8String'()       :: iolist().
--type 'DiameterIdentity'() :: 'OctetString'().
--type 'DiameterURI'()      :: 'OctetString'().
--type 'Enumerated'()       :: 'Integer32'().
--type 'IPFilterRule'()     :: 'OctetString'().
--type 'QoSFilterRule'()    :: 'OctetString'().
-
-%% Capabilities options/avps on start_service/2 and/or add_transport/2
-
--type capability()
-   :: {'Origin-Host',                    'DiameterIdentity'()}
-    | {'Origin-Realm',                   'DiameterIdentity'()}
-    | {'Host-IP-Address',                ['Address'()]}
-    | {'Vendor-Id',                      'Unsigned32'()}
-    | {'Product-Name',                   'UTF8String'()}
-    | {'Supported-Vendor-Id',            ['Unsigned32'()]}
-    | {'Auth-Application-Id',            ['Unsigned32'()]}
-    | {'Vendor-Specific-Application-Id', ['Grouped'()]}
-    | {'Firmware-Revision',              'Unsigned32'()}.
-
-%% Filters for call/4
-
--type peer_filter()
-   :: none
-    | host
-    | realm
-    | {host,  any|'DiameterIdentity'()}
-    | {realm, any|'DiameterIdentity'()}
-    | {eval, evaluable()}
-    | {neg, peer_filter()}
-    | {all, [peer_filter()]}
-    | {any, [peer_filter()]}.
-
-%% Options passed to start_service/2
-
--type service_opt()
-   :: capability()
-    | {application, [application_opt()]}.
-
--type application_opt()
-   :: {alias, app_alias()}
-    | {dictionary, module()}
-    | {module, app_module()}
-    | {state, any()}
-    | {call_mutates_state, boolean()}
-    | {answer_errors, callback|report|discard}.
-
--type app_module()
-   :: module()
-    | nonempty_improper_list(module(), list()).  %% list with module() head
-
-%% Identifier returned by add_transport/2
-
--type transport_ref()
-   :: reference().
-
-%% Options passed to add_transport/2
-
--type transport_opt()
-   :: {transport_module, atom()}
-    | {transport_config, any()}
-    | {applications, [app_alias()]}
-    | {capabilities, [capability()]}
-    | {watchdog_timer, 'Unsigned32'() | {module(), atom(), list()}}
-    | {reconnect_timer, 'Unsigned32'()}
-    | {private, any()}.
-
-%% Predicate passed to remove_transport/2
-
--type transport_pred()
-   :: fun((reference(), connect|listen, list()) -> boolean())
-    | fun((reference(), list()) -> boolean())
-    | fun((list()) -> boolean())
-    | reference()
-    | list()
-    | {connect|listen, transport_pred()}
-    | {atom(), atom(), list()}.
-
-%% Options passed to call/4
-
--type call_opt()
-   :: {extra, list()}
-    | {filter, peer_filter()}
-    | {timeout, 'Unsigned32'()}
-    | detach.
diff --git a/lib/diameter/src/base/diameter_watchdog.erl b/lib/diameter/src/base/diameter_watchdog.erl
index 6dc53d9f31..fb22fd8275 100644
--- a/lib/diameter/src/base/diameter_watchdog.erl
+++ b/lib/diameter/src/base/diameter_watchdog.erl
@@ -59,10 +59,19 @@
          message_data}).   %% term passed into diameter_service with message
 
 %% start/2
+%%
+%% Start a monitor before the watchdog is allowed to proceed to ensure
+%% that a failed capabilities exchange produces the desired exit
+%% reason.
 
 start({_,_} = Type, T) ->
-    {ok, Pid} = diameter_watchdog_sup:start_child({Type, self(), T}),
-    Pid.
+    Ref = make_ref(),
+    {ok, Pid} = diameter_watchdog_sup:start_child({Ref, {Type, self(), T}}),
+    try
+        {erlang:monitor(process, Pid), Pid}
+    after
+        Pid ! Ref
+    end.
 
 start_link(T) ->
     {ok, _} = proc_lib:start_link(?MODULE,
@@ -80,14 +89,29 @@ init(T) ->
     proc_lib:init_ack({ok, self()}),
     gen_server:enter_loop(?MODULE, [], i(T)).
 
-i({T, Pid, {ConnT, Opts, SvcName, #diameter_service{applications = Apps,
-                                                    capabilities = Caps}
-                                  = Svc}}) ->
-    {M,S,U} = now(),
-    random:seed(M,S,U),
+i({Ref, {_, Pid, _} = T}) ->
+    MRef = erlang:monitor(process, Pid),
+    receive
+        Ref ->
+            make_state(T);
+        {'DOWN', MRef, process, _, _} = D ->
+            exit({shutdown, D})
+    end;
+
+i({_, Pid, _} = T) ->  %% from old code
+    erlang:monitor(process, Pid),
+    make_state(T).
+
+make_state({T, Pid, {ConnT,
+                     Opts,
+                     SvcName,
+                     #diameter_service{applications = Apps,
+                                       capabilities = Caps}
+                     = Svc}}) ->
+    random:seed(now()),
     putr(restart, {T, Opts, Svc}),  %% save seeing it in trace
     putr(dwr, dwr(Caps)),           %%
-    #watchdog{parent = monitor(Pid),
+    #watchdog{parent = Pid,
               transport = monitor(diameter_peer_fsm:start(T, Opts, Svc)),
               tw = proplists:get_value(watchdog_timer,
                                        Opts,
diff --git a/lib/diameter/src/compiler/diameter_codegen.erl b/lib/diameter/src/compiler/diameter_codegen.erl
index 0fd4a0b301..1e31c40afe 100644
--- a/lib/diameter/src/compiler/diameter_codegen.erl
+++ b/lib/diameter/src/compiler/diameter_codegen.erl
@@ -20,17 +20,18 @@
 -module(diameter_codegen).
 
 %%
-%% This module generates .erl and .hrl files for encode/decode
-%% modules from the orddict parsed from a .dia (aka spec) file by
-%% dis_spec_util. The generated code is very simple (one-liners), the
-%% generated functions being called by code included from dis_gen.hrl
-%% in order to encode/decode messages and AVPs. The orddict itself is
-%% returned by dict/0 in the generated module and dis_spec_util calls
-%% this function when importing spec files. (That is, beam has to be
-%% compiled from an imported spec file before it can be imported.)
+%% This module generates erl/hrl files for encode/decode modules
+%% from the orddict parsed from a dictionary file (.dia) by
+%% diameter_dict_util. The generated code is simple (one-liners),
+%% the generated functions being called by code included iin the
+%% generated modules from diameter_gen.hrl. The orddict itself is
+%% returned by dict/0 in the generated module and diameter_dict_util
+%% calls this function when importing dictionaries as a consequence
+%% of @inherits sections. That is, @inherits introduces a dependency
+%% on the beam file of another dictionary.
 %%
 
--export([from_spec/4]).
+-export([from_dict/4]).
 
 %% Internal exports (for test).
 -export([file/1,
@@ -38,17 +39,23 @@
          file/3]).
 
 -include("diameter_forms.hrl").
+-include("diameter_vsn.hrl").
 
-%% Generated functions that could have no generated clauses will have
-%% a trailing ?UNEXPECTED clause that should never execute.
--define(UNEXPECTED(N), {?clause, [?VAR('_') || _ <- lists:seq(1,N)],
-                        [],
-                        [?APPLY(erlang,
-                                error,
-                                [?TERM({unexpected, getr(module)})])]}).
+-define(S, atom_to_list).
+-define(A, list_to_atom).
 
+-define(Atom(T), ?ATOM(?A(T))).
 
-from_spec(File, Spec, Opts, Mode) ->
+%% ===========================================================================
+
+-spec from_dict(File, Spec, Opts, Mode)
+   -> ok
+ when File :: string(),
+      Spec :: orddict:orddict(),
+      Opts :: list(),
+      Mode :: spec | erl | hrl.
+
+from_dict(File, Spec, Opts, Mode) ->
     Outdir = proplists:get_value(outdir, Opts, "."),
     putr(verbose, lists:member(verbose, Opts)),
     putr(debug,   lists:member(debug, Opts)),
@@ -73,7 +80,7 @@ getr(Key) ->
 %% ===========================================================================
 %% ===========================================================================
 
-%% Generate from parsed spec in a file.
+%% Generate from parsed dictionary in a file.
 
 file(F) ->
     file(F, spec).
@@ -83,55 +90,46 @@ file(F, Mode) ->
 
 file(F, Outdir, Mode) ->
     {ok, [Spec]} = file:consult(F),
-    from_spec(F, Spec, Outdir, Mode).
+    from_dict(F, Spec, Outdir, Mode).
 
 %% ===========================================================================
 %% ===========================================================================
 
-choose(true, X, _)  -> X;
-choose(false, _, X) -> X.
-
 get_value(Key, Plist) ->
     proplists:get_value(Key, Plist, []).
 
-write(Path, [C|_] = Spec)
-  when is_integer(C) ->
-    w(Path, Spec, "~s");
-write(Path, Spec) ->
-    w(Path, Spec, "~p.").
+write(Path, Str) ->
+    w(Path, Str, "~s").
 
-w(Path, Spec, Fmt) ->
+write_term(Path, T) ->
+    w(Path, T, "~p.").
+
+w(Path, T, Fmt) ->
     {ok, Fd} = file:open(Path, [write]),
-    io:fwrite(Fd, Fmt ++ "~n", [Spec]),
+    io:fwrite(Fd, Fmt ++ "~n", [T]),
     file:close(Fd).
 
 codegen(File, Spec, Outdir, Mode) ->
     Mod = mod(File, orddict:find(name, Spec)),
     Path = filename:join(Outdir, Mod),  %% minus extension
-    gen(Mode, Spec, Mod, Path),
+    gen(Mode, Spec, ?A(Mod), Path),
     ok.
 
 mod(File, error) ->
     filename:rootname(filename:basename(File));
 mod(_, {ok, Mod}) ->
-    atom_to_list(Mod).
+    Mod.
 
 gen(spec, Spec, _Mod, Path) ->
-    write(Path ++ ".spec", Spec);
+    write_term(Path ++ ".spec", [?VERSION | Spec]);
 
 gen(hrl, Spec, Mod, Path) ->
     gen_hrl(Path ++ ".hrl", Mod, Spec);
 
-gen(erl = Mode, Spec, Mod, Path)
-  when is_list(Mod) ->
-    gen(Mode, Spec, list_to_atom(Mod), Path);
-
 gen(erl, Spec, Mod, Path) ->
-    putr(module, Mod),  %% used by ?UNEXPECTED.
-
     Forms = [{?attribute, module, Mod},
              {?attribute, compile, [{parse_transform, diameter_exprecs}]},
-             {?attribute, compile, [nowarn_unused_function]},
+             {?attribute, compile, [{parse_transform, diameter_nowarn}]},
              {?attribute, export, [{name, 0},
                                    {id, 0},
                                    {vendor_id, 0},
@@ -175,7 +173,7 @@ gen(erl, Spec, Mod, Path) ->
     gen_erl(Path, insert_hrl_forms(Spec, Forms)).
 
 gen_erl(Path, Forms) ->
-    getr(debug) andalso write(Path ++ ".forms", Forms),
+    getr(debug) andalso write_term(Path ++ ".forms", Forms),
     write(Path ++ ".erl",
           header() ++ erl_prettypr:format(erl_syntax:form_list(Forms))).
 
@@ -224,16 +222,16 @@ a_record(Prefix, ProjF, L) ->
     lists:map(fun(T) -> a_record(ProjF(T), Prefix) end, L).
 
 a_record({Nm, Avps}, Prefix) ->
-    Name = list_to_atom(Prefix ++ atom_to_list(Nm)),
+    Name = list_to_atom(Prefix ++ Nm),
     Fields = lists:map(fun field/1, Avps),
     {?attribute, record, {Name, Fields}}.
 
 field(Avp) ->
     {Name, Arity} = avp_info(Avp),
     if 1 == Arity ->
-            {?record_field, ?ATOM(Name)};
+            {?record_field, ?Atom(Name)};
        true ->
-            {?record_field, ?ATOM(Name), ?NIL}
+            {?record_field, ?Atom(Name), ?NIL}
     end.
 
 %%% ------------------------------------------------------------------------
@@ -256,25 +254,33 @@ c_id({ok, Id}) ->
     {?clause, [], [], [?INTEGER(Id)]};
 
 c_id(error) ->
-    ?UNEXPECTED(0).
+    ?BADARG(0).
 
 %%% ------------------------------------------------------------------------
 %%% # vendor_id/0
 %%% ------------------------------------------------------------------------
 
 f_vendor_id(Spec) ->
-    {Id, _} = orddict:fetch(vendor, Spec),
     {?function, vendor_id, 0,
-     [{?clause, [], [], [?INTEGER(Id)]}]}.
+     [{?clause, [], [], [b_vendor_id(orddict:find(vendor, Spec))]}]}.
+
+b_vendor_id({ok, {Id, _}}) ->
+    ?INTEGER(Id);
+b_vendor_id(error) ->
+    ?APPLY(erlang, error, [?TERM(undefined)]).
 
 %%% ------------------------------------------------------------------------
 %%% # vendor_name/0
 %%% ------------------------------------------------------------------------
 
 f_vendor_name(Spec) ->
-    {_, Name} = orddict:fetch(vendor, Spec),
     {?function, vendor_name, 0,
-     [{?clause, [], [], [?ATOM(Name)]}]}.
+     [{?clause, [], [], [b_vendor_name(orddict:find(vendor, Spec))]}]}.
+
+b_vendor_name({ok, {_, Name}}) ->
+    ?Atom(Name);
+b_vendor_name(error) ->
+    ?APPLY(erlang, error, [?TERM(undefined)]).
 
 %%% ------------------------------------------------------------------------
 %%% # msg_name/1
@@ -287,22 +293,18 @@ f_msg_name(Spec) ->
 %% DIAMETER_COMMAND_UNSUPPORTED should be replied.
 
 msg_name(Spec) ->
-    lists:flatmap(fun c_msg_name/1,
-                  proplists:get_value(command_codes, Spec, []))
+    lists:flatmap(fun c_msg_name/1, proplists:get_value(command_codes,
+                                                        Spec,
+                                                        []))
         ++ [{?clause, [?VAR('_'), ?VAR('_')], [], [?ATOM('')]}].
 
 c_msg_name({Code, Req, Ans}) ->
     [{?clause, [?INTEGER(Code), ?ATOM(true)],
       [],
-      [?ATOM(mname(Req))]},
+      [?Atom(Req)]},
      {?clause, [?INTEGER(Code), ?ATOM(false)],
       [],
-      [?ATOM(mname(Ans))]}].
-
-mname({N, _Abbr}) ->
-    N;
-mname(N) ->
-    N.
+      [?Atom(Ans)]}].
 
 %%% ------------------------------------------------------------------------
 %%% # msg2rec/1
@@ -313,30 +315,11 @@ f_msg2rec(Spec) ->
 
 msg2rec(Spec) ->
     Pre = prefix(Spec),
-    Dict = dict:from_list(lists:flatmap(fun msgs/1,
-                                        get_value(command_codes, Spec))),
-    lists:flatmap(fun(T) -> msg2rec(T, Dict, Pre) end,
-                  get_value(messages, Spec))
-        ++ [?UNEXPECTED(1)].
-
-msgs({_Code, Req, Ans}) ->
-    [{mname(Req), Req}, {mname(Ans), Ans}].
-
-msg2rec({N,_,_,_,_}, Dict, Pre) ->
-    c_msg2rec(fetch_names(N, Dict), Pre).
-
-fetch_names(Name, Dict) ->
-    case dict:find(Name, Dict) of
-        {ok, N} ->
-            N;
-        error ->
-            Name
-    end.
+    lists:map(fun(T) -> c_msg2rec(T, Pre) end, get_value(messages, Spec))
+        ++ [?BADARG(1)].
 
-c_msg2rec({N,A}, Pre) ->
-    [c_name2rec(N, N, Pre), c_name2rec(A, N, Pre)];
-c_msg2rec(N, Pre) ->
-    [c_name2rec(N, N, Pre)].
+c_msg2rec({N,_,_,_,_}, Pre) ->
+    c_name2rec(N, Pre).
 
 %%% ------------------------------------------------------------------------
 %%% # rec2msg/1
@@ -348,10 +331,10 @@ f_rec2msg(Spec) ->
 rec2msg(Spec) ->
     Pre = prefix(Spec),
     lists:map(fun(T) -> c_rec2msg(T, Pre) end, get_value(messages, Spec))
-        ++ [?UNEXPECTED(1)].
+        ++ [?BADARG(1)].
 
 c_rec2msg({N,_,_,_,_}, Pre) ->
-    {?clause, [?ATOM(rec_name(N, Pre))], [], [?ATOM(N)]}.
+    {?clause, [?Atom(rec_name(N, Pre))], [], [?Atom(N)]}.
 
 %%% ------------------------------------------------------------------------
 %%% # name2rec/1
@@ -364,11 +347,11 @@ name2rec(Spec) ->
     Pre = prefix(Spec),
     Groups = get_value(grouped, Spec)
           ++ lists:flatmap(fun avps/1, get_value(import_groups, Spec)),
-    lists:map(fun({N,_,_,_}) -> c_name2rec(N, N, Pre) end, Groups)
+    lists:map(fun({N,_,_,_}) -> c_name2rec(N, Pre) end, Groups)
         ++ [{?clause, [?VAR('T')], [], [?CALL(msg2rec, [?VAR('T')])]}].
 
-c_name2rec(Name, Rname, Pre) ->
-    {?clause, [?ATOM(Name)], [], [?ATOM(rec_name(Rname, Pre))]}.
+c_name2rec(Name, Pre) ->
+    {?clause, [?Atom(Name)], [], [?Atom(rec_name(Name, Pre))]}.
 
 avps({_Mod, Avps}) ->
     Avps.
@@ -390,32 +373,47 @@ f_avp_name(Spec) ->
 %%       allocated by IANA (see Section 11.1).
 
 avp_name(Spec) ->
-    Avps = get_value(avp_types, Spec)
-        ++ lists:flatmap(fun avps/1, get_value(import_avps, Spec)),
-    {Vid, _} = orddict:fetch(vendor, Spec),
-    Vs = lists:flatmap(fun({V,Ns}) -> [{N,V} || N <- Ns] end,
-                       get_value(avp_vendor_id, Spec)),
+    Avps = get_value(avp_types, Spec),
+    Imported = get_value(import_avps, Spec),
+    Vid = orddict:find(vendor, Spec),
+    Vs = vendor_id_map(Spec),
 
-    lists:map(fun(T) -> c_avp_name(T, Vid, Vs) end, Avps)
+    lists:map(fun(T) -> c_avp_name(T, Vs, Vid) end, Avps)
+        ++ lists:flatmap(fun(T) -> c_imported_avp_name(T, Vs) end, Imported)
         ++ [{?clause, [?VAR('_'), ?VAR('_')], [], [?ATOM('AVP')]}].
 
-c_avp_name({Name, Code, Type, Flags, _Encr}, Vid, Vs) ->
-    c_avp_name({Name, Type},
-               Code,
-               lists:member('V', Flags),
-               Vid,
-               proplists:get_value(Name, Vs)).
+c_avp_name({Name, Code, Type, Flags}, Vs, Vid) ->
+    c_avp_name_(?TERM({?A(Name), ?A(Type)}),
+                ?INTEGER(Code),
+                vid(Name, Flags, Vs, Vid)).
 
-c_avp_name(T, Code, false, _, undefined = U) ->
-    {?clause, [?INTEGER(Code), ?ATOM(U)],
+%% Note that an imported AVP's vendor id is determined by
+%% avp_vendor_id in the inheriting module and vendor in the inherited
+%% module. In particular, avp_vendor_id in the inherited module is
+%% ignored so can't just call Mod:avp_header/1 to retrieve the vendor
+%% id. A vendor id specified in @grouped is equivalent to one
+%% specified as avp_vendor_id.
+
+c_imported_avp_name({Mod, Avps}, Vs) ->
+    lists:map(fun(A) -> c_avp_name(A, Vs, {module, Mod}) end, Avps).
+
+c_avp_name_(T, Code, undefined = U) ->
+    {?clause, [Code, ?ATOM(U)],
      [],
-     [?TERM(T)]};
+     [T]};
 
-c_avp_name(T, Code, true, Vid, V)
-  when is_integer(Vid) ->
-    {?clause, [?INTEGER(Code), ?INTEGER(choose(V == undefined, Vid, V))],
+c_avp_name_(T, Code, Vid) ->
+    {?clause, [Code, ?INTEGER(Vid)],
      [],
-     [?TERM(T)]}.
+     [T]}.
+
+vendor_id_map(Spec) ->
+    lists:flatmap(fun({V,Ns}) -> [{N,V} || N <- Ns] end,
+                  get_value(avp_vendor_id, Spec))
+        ++ lists:flatmap(fun({_,_,[],_}) -> [];
+                            ({N,_,[V],_}) -> [{N,V}]
+                         end,
+                         get_value(grouped, Spec)).
 
 %%% ------------------------------------------------------------------------
 %%% # avp_arity/2
@@ -445,60 +443,75 @@ c_avp_arity(Name, Avps) ->
 
 c_arity(Name, Avp) ->
     {AvpName, Arity} = avp_info(Avp),
-    {?clause, [?ATOM(Name), ?ATOM(AvpName)], [], [?TERM(Arity)]}.
+    {?clause, [?Atom(Name), ?Atom(AvpName)], [], [?TERM(Arity)]}.
 
 %%% ------------------------------------------------------------------------
 %%% # avp/3
 %%% ------------------------------------------------------------------------
 
 f_avp(Spec) ->
-    {?function, avp, 3, avp(Spec) ++ [?UNEXPECTED(3)]}.
+    {?function, avp, 3, avp(Spec) ++ [?BADARG(3)]}.
 
 avp(Spec) ->
-    Native   = get_value(avp_types, Spec),
-    Custom   = get_value(custom_types, Spec),
-    Imported = get_value(import_avps, Spec),
-    Enums    = get_value(enums, Spec),
-    avp([{N,T} || {N,_,T,_,_} <- Native], Imported, Custom, Enums).
+    Native     = get_value(avp_types, Spec),
+    CustomMods = get_value(custom_types, Spec),
+    TypeMods   = get_value(codecs, Spec),
+    Imported   = get_value(import_avps, Spec),
+    Enums      = get_value(enum, Spec),
 
-avp(Native, Imported, Custom, Enums) ->
-    Dict = orddict:from_list(Native),
+    Custom = lists:map(fun({M,As}) -> {M, custom_types, As} end,
+                       CustomMods)
+        ++ lists:map(fun({M,As}) -> {M, codecs, As} end,
+                     TypeMods),
+    avp(types(Native), Imported, Custom, Enums).
+
+types(Avps) ->
+    lists:map(fun({N,_,T,_}) -> {N,T} end, Avps).
 
-    report(native, Dict),
+avp(Native, Imported, Custom, Enums) ->
+    report(native, Native),
     report(imported, Imported),
     report(custom, Custom),
 
-    CustomNames = lists:flatmap(fun({_,Ns}) -> Ns end, Custom),
+    TypeDict = lists:foldl(fun({N,_,T,_}, D) -> orddict:store(N,T,D) end,
+                           orddict:from_list(Native),
+                           lists:flatmap(fun avps/1, Imported)),
+
+    CustomNames = lists:flatmap(fun({_,_,Ns}) -> Ns end, Custom),
 
     lists:map(fun c_base_avp/1,
-              lists:filter(fun({N,_}) ->
-                                   false == lists:member(N, CustomNames)
-                           end,
+              lists:filter(fun({N,_}) -> not_in(CustomNames, N) end,
                            Native))
-        ++ lists:flatmap(fun(I) -> cs_imported_avp(I, Enums) end, Imported)
-        ++ lists:flatmap(fun(C) -> cs_custom_avp(C, Dict) end, Custom).
+        ++ lists:flatmap(fun(I) -> cs_imported_avp(I, Enums, CustomNames) end,
+                         Imported)
+        ++ lists:flatmap(fun(C) -> cs_custom_avp(C, TypeDict) end, Custom).
+
+not_in(List, X) ->
+    not lists:member(X, List).
 
 c_base_avp({AvpName, T}) ->
-    {?clause, [?VAR('T'), ?VAR('Data'), ?ATOM(AvpName)],
+    {?clause, [?VAR('T'), ?VAR('Data'), ?Atom(AvpName)],
      [],
-     [base_avp(AvpName, T)]}.
+     [b_base_avp(AvpName, T)]}.
 
-base_avp(AvpName, 'Enumerated') ->
-    ?CALL(enumerated_avp, [?VAR('T'), ?ATOM(AvpName), ?VAR('Data')]);
+b_base_avp(AvpName, "Enumerated") ->
+    ?CALL(enumerated_avp, [?VAR('T'), ?Atom(AvpName), ?VAR('Data')]);
 
-base_avp(AvpName, 'Grouped') ->
-    ?CALL(grouped_avp, [?VAR('T'), ?ATOM(AvpName), ?VAR('Data')]);
+b_base_avp(AvpName, "Grouped") ->
+    ?CALL(grouped_avp, [?VAR('T'), ?Atom(AvpName), ?VAR('Data')]);
 
-base_avp(_, Type) ->
-    ?APPLY(diameter_types, Type, [?VAR('T'), ?VAR('Data')]).
+b_base_avp(_, Type) ->
+    ?APPLY(diameter_types, ?A(Type), [?VAR('T'), ?VAR('Data')]).
 
-cs_imported_avp({Mod, Avps}, Enums) ->
-    lists:map(fun(A) -> imported_avp(Mod, A, Enums) end, Avps).
+cs_imported_avp({Mod, Avps}, Enums, CustomNames) ->
+    lists:map(fun(A) -> imported_avp(Mod, A, Enums) end,
+              lists:filter(fun({N,_,_,_}) -> not_in(CustomNames, N) end,
+                           Avps)).
 
-imported_avp(_Mod, {AvpName, _, 'Grouped' = T, _, _}, _) ->
+imported_avp(_Mod, {AvpName, _, "Grouped" = T, _}, _) ->
     c_base_avp({AvpName, T});
 
-imported_avp(Mod, {AvpName, _, 'Enumerated' = T, _, _}, Enums) ->
+imported_avp(Mod, {AvpName, _, "Enumerated" = T, _}, Enums) ->
     case lists:keymember(AvpName, 1, Enums) of
         true ->
             c_base_avp({AvpName, T});
@@ -506,34 +519,40 @@ imported_avp(Mod, {AvpName, _, 'Enumerated' = T, _, _}, Enums) ->
             c_imported_avp(Mod, AvpName)
     end;
 
-imported_avp(Mod, {AvpName, _, _, _, _}, _) ->
+imported_avp(Mod, {AvpName, _, _, _}, _) ->
     c_imported_avp(Mod, AvpName).
 
 c_imported_avp(Mod, AvpName) ->
-    {?clause, [?VAR('T'), ?VAR('Data'), ?ATOM(AvpName)],
+    {?clause, [?VAR('T'), ?VAR('Data'), ?Atom(AvpName)],
      [],
      [?APPLY(Mod, avp, [?VAR('T'),
                         ?VAR('Data'),
-                        ?ATOM(AvpName)])]}.
+                        ?Atom(AvpName)])]}.
 
-cs_custom_avp({Mod, Avps}, Dict) ->
-    lists:map(fun(N) -> c_custom_avp(Mod, N, orddict:fetch(N, Dict)) end,
+cs_custom_avp({Mod, Key, Avps}, Dict) ->
+    lists:map(fun(N) -> c_custom_avp(Mod, Key, N, orddict:fetch(N, Dict)) end,
               Avps).
 
-c_custom_avp(Mod, AvpName, Type) ->
-    {?clause, [?VAR('T'), ?VAR('Data'), ?ATOM(AvpName)],
+c_custom_avp(Mod, Key, AvpName, Type) ->
+    {F,A} = custom(Key, AvpName, Type),
+    {?clause, [?VAR('T'), ?VAR('Data'), ?Atom(AvpName)],
      [],
-     [?APPLY(Mod, AvpName, [?VAR('T'), ?ATOM(Type), ?VAR('Data')])]}.
+     [?APPLY(?A(Mod), ?A(F), [?VAR('T'), ?Atom(A), ?VAR('Data')])]}.
+
+custom(custom_types, AvpName, Type) ->
+    {AvpName, Type};
+custom(codecs, AvpName, Type) ->
+    {Type, AvpName}.
 
 %%% ------------------------------------------------------------------------
 %%% # enumerated_avp/3
 %%% ------------------------------------------------------------------------
 
 f_enumerated_avp(Spec) ->
-    {?function, enumerated_avp, 3, enumerated_avp(Spec) ++ [?UNEXPECTED(3)]}.
+    {?function, enumerated_avp, 3, enumerated_avp(Spec) ++ [?BADARG(3)]}.
 
 enumerated_avp(Spec) ->
-    Enums = get_value(enums, Spec),
+    Enums = get_value(enum, Spec),
     lists:flatmap(fun cs_enumerated_avp/1, Enums)
         ++ lists:flatmap(fun({M,Es}) -> enumerated_avp(M, Es, Enums) end,
                          get_value(import_enums, Spec)).
@@ -554,11 +573,11 @@ cs_enumerated_avp(false, _, _) ->
 cs_enumerated_avp({AvpName, Values}) ->
     lists:flatmap(fun(V) -> c_enumerated_avp(AvpName, V) end, Values).
 
-c_enumerated_avp(AvpName, {I,_}) ->
-    [{?clause, [?ATOM(decode), ?ATOM(AvpName), ?TERM(<<I:32/integer>>)],
+c_enumerated_avp(AvpName, {_,I}) ->
+    [{?clause, [?ATOM(decode), ?Atom(AvpName), ?TERM(<<I:32/integer>>)],
       [],
       [?TERM(I)]},
-     {?clause, [?ATOM(encode), ?ATOM(AvpName), ?INTEGER(I)],
+     {?clause, [?ATOM(encode), ?Atom(AvpName), ?INTEGER(I)],
       [],
       [?TERM(<<I:32/integer>>)]}].
 
@@ -567,7 +586,7 @@ c_enumerated_avp(AvpName, {I,_}) ->
 %%% ------------------------------------------------------------------------
 
 f_msg_header(Spec) ->
-    {?function, msg_header, 1, msg_header(Spec) ++ [?UNEXPECTED(1)]}.
+    {?function, msg_header, 1, msg_header(Spec) ++ [?BADARG(1)]}.
 
 msg_header(Spec) ->
     msg_header(get_value(messages, Spec), Spec).
@@ -582,7 +601,7 @@ msg_header(Msgs, Spec) ->
 %% Note that any application id in the message header spec is ignored.
 
 c_msg_header(Name, Code, Flags, ApplId) ->
-    {?clause, [?ATOM(Name)],
+    {?clause, [?Atom(Name)],
      [],
      [?TERM({Code, encode_msg_flags(Flags), ApplId})]}.
 
@@ -598,50 +617,61 @@ emf('ERR', N) -> N bor 2#00100000.
 %%% ------------------------------------------------------------------------
 
 f_avp_header(Spec) ->
-    {?function, avp_header, 1, avp_header(Spec) ++ [?UNEXPECTED(1)]}.
+    {?function, avp_header, 1, avp_header(Spec) ++ [?BADARG(1)]}.
 
 avp_header(Spec) ->
     Native = get_value(avp_types, Spec),
     Imported = get_value(import_avps, Spec),
-    {Vid, _} = orddict:fetch(vendor, Spec),
-    Vs = lists:flatmap(fun({V,Ns}) -> [{N,V} || N <- Ns] end,
-                       get_value(avp_vendor_id, Spec)),
+    Vid = orddict:find(vendor, Spec),
+    Vs = vendor_id_map(Spec),
 
-    lists:flatmap(fun(A) -> c_avp_header({Vid, Vs}, A) end,
+    lists:flatmap(fun(A) -> c_avp_header(A, Vs, Vid) end,
                   Native ++ Imported).
 
-c_avp_header({Vid, Vs}, {Name, Code, _Type, Flags, _Encr}) ->
-    [{?clause, [?ATOM(Name)],
+c_avp_header({Name, Code, _Type, Flags}, Vs, Vid) ->
+    [{?clause, [?Atom(Name)],
       [],
       [?TERM({Code, encode_avp_flags(Flags), vid(Name, Flags, Vs, Vid)})]}];
 
-c_avp_header({_, Vs}, {Mod, Avps}) ->
-    lists:map(fun(A) -> c_avp_header(Vs, Mod, A) end, Avps).
+c_avp_header({Mod, Avps}, Vs, _Vid) ->
+    lists:map(fun(A) -> c_imported_avp_header(A, Mod, Vs) end, Avps).
 
-c_avp_header(Vs, Mod, {Name, _, _, Flags, _}) ->
-    Apply = ?APPLY(Mod, avp_header, [?ATOM(Name)]),
-    {?clause, [?ATOM(Name)],
+%% Note that avp_vendor_id in the inherited dictionary is ignored. The
+%% value must be changed in the inheriting dictionary. This is
+%% consistent with the semantics of avp_name/2.
+
+c_imported_avp_header({Name, _Code, _Type, _Flags}, Mod, Vs) ->
+    Apply = ?APPLY(Mod, avp_header, [?Atom(Name)]),
+    {?clause, [?Atom(Name)],
      [],
      [case proplists:get_value(Name, Vs) of
           undefined ->
               Apply;
           Vid ->
-              true = lists:member('V', Flags),  %% sanity check
               ?CALL(setelement, [?INTEGER(3), Apply, ?INTEGER(Vid)])
       end]}.
 
 encode_avp_flags(Fs) ->
     lists:foldl(fun eaf/2, 0, Fs).
 
-eaf('V', F) -> 2#10000000 bor F;
-eaf('M', F) -> 2#01000000 bor F;
-eaf('P', F) -> 2#00100000 bor F.
+eaf($V, F) -> 2#10000000 bor F;
+eaf($M, F) -> 2#01000000 bor F;
+eaf($P, F) -> 2#00100000 bor F.
 
 vid(Name, Flags, Vs, Vid) ->
-    v(lists:member('V', Flags), Name, Vs, Vid).
+    v(lists:member($V, Flags), Name, Vs, Vid).
+
+v(true = T, Name, Vs, {module, Mod}) ->
+    v(T, Name, Vs, {ok, {Mod:vendor_id(), Mod:vendor_name()}});
 
 v(true, Name, Vs, Vid) ->
-    proplists:get_value(Name, Vs, Vid);
+    case proplists:get_value(Name, Vs) of
+        undefined ->
+            {ok, {Id, _}} = Vid,
+            Id;
+        Id ->
+            Id
+    end;
 v(false, _, _, _) ->
     undefined.
 
@@ -656,19 +686,19 @@ empty_value(Spec) ->
     Imported = lists:flatmap(fun avps/1, get_value(import_enums, Spec)),
     Groups = get_value(grouped, Spec)
         ++ lists:flatmap(fun avps/1, get_value(import_groups, Spec)),
-    Enums = [T || {N,_} = T <- get_value(enums, Spec),
+    Enums = [T || {N,_} = T <- get_value(enum, Spec),
                   not lists:keymember(N, 1, Imported)]
         ++ Imported,
     lists:map(fun c_empty_value/1, Groups ++ Enums)
         ++ [{?clause, [?VAR('Name')], [], [?CALL(empty, [?VAR('Name')])]}].
 
 c_empty_value({Name, _, _, _}) ->
-    {?clause, [?ATOM(Name)],
+    {?clause, [?Atom(Name)],
      [],
-     [?CALL(empty_group, [?ATOM(Name)])]};
+     [?CALL(empty_group, [?Atom(Name)])]};
 
 c_empty_value({Name, _}) ->
-    {?clause, [?ATOM(Name)],
+    {?clause, [?Atom(Name)],
      [],
      [?TERM(<<0:32/integer>>)]}.
 
@@ -678,7 +708,7 @@ c_empty_value({Name, _}) ->
 
 f_dict(Spec) ->
     {?function, dict, 0,
-     [{?clause, [], [], [?TERM(Spec)]}]}.
+     [{?clause, [], [], [?TERM([?VERSION | Spec])]}]}.
 
 %%% ------------------------------------------------------------------------
 %%% # gen_hrl/3
@@ -706,10 +736,10 @@ gen_hrl(Path, Mod, Spec) ->
 
     write("ENUM Macros",
           Fd,
-          m_enums(PREFIX, false, get_value(enums, Spec))),
+          m_enums(PREFIX, false, get_value(enum, Spec))),
     write("DEFINE Macros",
           Fd,
-          m_enums(PREFIX, false, get_value(defines, Spec))),
+          m_enums(PREFIX, false, get_value(define, Spec))),
 
     lists:foreach(fun({M,Es}) ->
                           write("ENUM Macros from " ++ atom_to_list(M),
@@ -751,8 +781,8 @@ m_enums(Prefix, Wrap, Enums) ->
 
 m_enum(Prefix, B, {Name, Values}) ->
     P = Prefix ++ to_upper(Name) ++ "_",
-    lists:map(fun({I,A}) ->
-                      N = ["'", P, to_upper(z(atom_to_list(A))), "'"],
+    lists:map(fun({A,I}) ->
+                      N = ["'", P, to_upper(z(A)), "'"],
                       wrap(B,
                            N,
                            ["-define(", N, ", ", integer_to_list(I), ").\n"])
@@ -794,34 +824,34 @@ header() ->
      "%%\n\n").
 
 hrl_header(Name) ->
-    header() ++ "-hrl_name('" ++ Name ++ ".hrl').\n".
+    header() ++ "-hrl_name('" ++ ?S(Name) ++ ".hrl').\n".
 
 %% avp_info/1
 
 avp_info(Entry) ->  %% {Name, Arity}
     case Entry of
-        {'<',A,'>'} -> {A, 1};
-        {A}         -> {A, 1};
-        [A]         -> {A, {0,1}};
+        {{A}} -> {A, 1};
+        {A}   -> {A, 1};
+        [A]   -> {A, {0,1}};
         {Q,T} ->
             {A,_} = avp_info(T),
-            {A, arity(Q)}
+            {A, arity(T,Q)}
     end.
 
 %% Normalize arity to 1 or {N,X} where N is an integer. A record field
 %% for an AVP is list-valued iff the normalized arity is not 1.
-arity('*' = Inf) -> {0, Inf};
-arity({'*', N})  -> {0, N};
-arity({1,1})     -> 1;
-arity(T)         -> T.
+arity({{_}}, '*' = Inf) -> {0, Inf};
+arity([_],   '*' = Inf) -> {0, Inf};
+arity({_},   '*' = Inf) -> {1, Inf};
+arity(_,   {_,_} = Q)   -> Q.
 
 prefix(Spec) ->
     case orddict:find(prefix, Spec) of
         {ok, P} ->
-            atom_to_list(P) ++ "_";
+            P ++ "_";
         error ->
             ""
     end.
 
 rec_name(Name, Prefix) ->
-    list_to_atom(Prefix ++ atom_to_list(Name)).
+    Prefix ++ Name.
diff --git a/lib/diameter/src/compiler/diameter_dict_parser.yrl b/lib/diameter/src/compiler/diameter_dict_parser.yrl
new file mode 100644
index 0000000000..6fd4cedd23
--- /dev/null
+++ b/lib/diameter/src/compiler/diameter_dict_parser.yrl
@@ -0,0 +1,324 @@
+%% -*- erlang -*-
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% A grammar for dictionary specification.
+%%
+
+Nonterminals
+  application_id avp avp_code avp_def avp_defs avp_flags avp_header
+  avp_header_tok avp_name avp_names avp_ref avp_spec avp_type
+  avp_vendor avps bit bits command_def command_id diameter_name
+  dictionary enum_def enum_defs group_def group_defs header header_tok
+  ident idents message_defs module qual section sections.
+
+Terminals
+  avp_types avp_vendor_id codecs custom_types define enum grouped
+  id inherits messages name prefix vendor
+  number word
+  '{' '}' '<' '>' '[' ']' '*' '::=' ':' ',' '-'
+   code
+  'answer-message'
+  'AVP' 'AVP-Header'
+  'Diameter' 'Diameter-Header' 'Header'
+  'REQ' 'PXY' 'ERR'.
+
+Rootsymbol dictionary.
+
+Endsymbol '$end'.
+
+%% ===========================================================================
+
+dictionary -> sections : '$1'.
+
+sections -> '$empty'         : [].
+sections -> section sections : ['$1' | '$2'].
+
+section -> name ident   : ['$1', '$2'].
+section -> prefix ident : ['$1', '$2'].
+section -> id number    : ['$1', '$2'].
+section -> vendor number ident       : ['$1', '$2', '$3'].
+section -> inherits module avp_names : ['$1', '$2' | '$3'].
+section -> avp_types avp_defs        : ['$1' | '$2'].
+section -> avp_vendor_id number avp_names : ['$1', '$2' | '$3'].
+section -> custom_types module avp_names  : ['$1', '$2' | '$3'].
+section -> codecs module avp_names      : ['$1', '$2' | '$3'].
+section -> messages message_defs  : ['$1' | '$2'].
+section -> grouped group_defs     : ['$1' | '$2'].
+section -> enum ident enum_defs   : ['$1', '$2' | '$3'].
+section -> define ident enum_defs : ['$1', '$2' | '$3'].
+
+%% =====================================
+
+module -> ident : '$1'.
+
+avp_names -> idents : '$1'.  %% Note: not 'AVP'
+
+avp_defs -> '$empty'         : [].
+avp_defs -> avp_def avp_defs : ['$1' | '$2'].
+
+avp_def -> ident number avp_type avp_flags : ['$1', '$2', '$3', '$4'].
+
+avp_type -> ident : '$1'.
+
+idents -> '$empty'     : [].
+idents -> ident idents : ['$1' | '$2'].
+
+avp_flags -> '-'   :
+    {_, Lineno} = '$1',
+    {word, Lineno, ""}.
+avp_flags -> ident :
+    '$1'.
+%% Could support lowercase here if there's a use for distinguishing
+%% between Must and Should in the future in deciding whether or not
+%% to set a flag.
+
+ident -> word : '$1'.
+
+%% Don't bother mapping reserved words to make these usable in this
+%% context. That an AVP can't be named Diameter-Header is probably no
+%% great loss, and that it can't be named AVP may even save someone
+%% from themselves. (Temporarily at least.)
+
+group_defs -> '$empty'             : [].
+group_defs -> group_def group_defs : ['$1' | '$2'].
+
+message_defs -> '$empty'                 : [].
+message_defs -> command_def message_defs : ['$1' | '$2'].
+
+enum_defs -> '$empty'           : [].
+enum_defs -> enum_def enum_defs : ['$1' | '$2'].
+
+enum_def -> ident number : ['$1', '$2'].
+
+%% =====================================
+%% 3.2.  Command Code ABNF specification
+%%
+%%    Every Command Code defined MUST include a corresponding ABNF
+%%    specification, which is used to define the AVPs that MUST or MAY be
+%%    present when sending the message.  The following format is used in
+%%    the definition:
+
+%%   command-def      = <command-name> "::=" diameter-message
+%%
+%%   command-name     = diameter-name
+%%
+%%   diameter-name    = ALPHA *(ALPHA / DIGIT / "-")
+%%
+%%   diameter-message = header  [ *fixed] [ *required] [ *optional]
+
+%% answer-message is a special case.
+command_def -> 'answer-message' '::=' '<' header_tok ':' code
+                                          ',' 'ERR' '[' 'PXY' ']' '>'
+               avps
+  : ['$1', false | '$13'].
+
+command_def -> diameter_name '::=' header avps
+  : ['$1', '$3' | '$4'].
+%% Ensure the order fixed/required/optional by semantic checks rather
+%% than grammatically since the latter requires more lookahead: don't
+%% know until after a leading qual which of the three it is that's
+%% being parsed.
+
+diameter_name -> ident : '$1'.
+
+%%   header           = "<" "Diameter Header:" command-id
+%%                      [r-bit] [p-bit] [e-bit] [application-id] ">"
+%%
+%%   command-id       = 1*DIGIT
+%%                      ; The Command Code assigned to the command
+%%
+%%   r-bit            = ", REQ"
+%%                      ; If present, the 'R' bit in the Command
+%%                      ; Flags is set, indicating that the message
+%%                      ; is a request, as opposed to an answer.
+%%
+%%   p-bit            = ", PXY"
+%%                      ; If present, the 'P' bit in the Command
+%%                      ; Flags is set, indicating that the message
+%%                      ; is proxiable.
+%%
+%%   e-bit            = ", ERR"
+%%                      ; If present, the 'E' bit in the Command
+%%                      ; Flags is set, indicating that the answer
+%%                      ; message contains a Result-Code AVP in
+%%                      ; the "protocol error" class.
+%%
+%%   application-id   = 1*DIGIT
+
+header -> '<' header_tok ':' command_id bits application_id '>'
+  : ['$4', '$5', '$6'].
+
+command_id -> number : '$1'.
+
+%% Accept both the form of the base definition and the typo (fixed in
+%% 3588bis) of the grammar.
+header_tok -> 'Diameter' 'Header'.
+header_tok -> 'Diameter-Header'.
+
+bits -> '$empty'     : [].
+bits -> ',' bit bits : ['$2' | '$3'].
+
+%% ERR only makes sense for answer-message so don't allow it here
+%% (despite 3588).
+bit -> 'REQ' : '$1'.
+bit -> 'PXY' : '$1'.
+
+application_id -> '$empty' : false.
+application_id -> number   : '$1'.
+
+%%   fixed            = [qual] "<" avp-spec ">"
+%%                      ; Defines the fixed position of an AVP
+%%
+%%   required         = [qual] "{" avp-spec "}"
+%%                      ; The AVP MUST be present and can appear
+%%                      ; anywhere in the message.
+%%
+%%   optional         = [qual] "[" avp-name "]"
+%%                      ; The avp-name in the 'optional' rule cannot
+%%                      ; evaluate to any AVP Name which is included
+%%                      ; in a fixed or required rule.  The AVP can
+%%                      ; appear anywhere in the message.
+%%                      ;
+%%                      ; NOTE:  "[" and "]" have a slightly different
+%%                      ; meaning than in ABNF (RFC 5234]). These braces
+%%                      ; cannot be used to express optional fixed rules
+%%                      ; (such as an optional ICV at the end). To do this,
+%%                      ; the convention is '0*1fixed'.
+
+avps -> '$empty' : [].
+avps -> avp avps : ['$1' | '$2'].
+
+avp -> avp_ref      : [false | '$1'].
+avp -> qual avp_ref : ['$1' | '$2'].
+
+avp_ref -> '<' avp_spec '>' : [$<, '$2'].
+avp_ref -> '{' avp_name '}' : [${, '$2'].
+avp_ref -> '[' avp_name ']' : [$[, '$2'].
+%% Note that required can be an avp_name, not just avp_spec. 'AVP'
+%% is specified as required by Failed-AVP for example.
+
+%%   qual             = [min] "*" [max]
+%%                      ; See ABNF conventions, RFC 5234 Section 4.
+%%                      ; The absence of any qualifiers depends on
+%%                      ; whether it precedes a fixed, required, or
+%%                      ; optional rule. If a fixed or required rule has
+%%                      ; no qualifier, then exactly one such AVP MUST
+%%                      ; be present.  If an optional rule has no
+%%                      ; qualifier, then 0 or 1 such AVP may be
+%%                      ; present. If an optional rule has a qualifier,
+%%                      ; then the value of min MUST be 0 if present.
+%%
+%%   min              = 1*DIGIT
+%%                      ; The minimum number of times the element may
+%%                      ; be present. If absent, the default value is zero
+%%                      ; for fixed and optional rules and one for required
+%%                      ; rules. The value MUST be at least one for for
+%%                      ; required rules.
+%%
+%%   max              = 1*DIGIT
+%%                      ; The maximum number of times the element may
+%%                      ; be present. If absent, the default value is
+%%                      ; infinity. A value of zero implies the AVP MUST
+%%                      ; NOT be present.
+
+qual -> number '*' number : {'$1', '$3'}.
+qual -> number '*'        : {'$1', true}.
+qual -> '*' number        : {true, '$2'}.
+qual -> '*'               : true.
+
+%%   avp-spec         = diameter-name
+%%                      ; The avp-spec has to be an AVP Name, defined
+%%                      ; in the base or extended Diameter
+%%                      ; specifications.
+
+avp_spec -> diameter_name : '$1'.
+
+%%   avp-name         = avp-spec / "AVP"
+%%                      ; The string "AVP" stands for *any* arbitrary AVP
+%%                      ; Name, not otherwise listed in that command code
+%%                      ; definition. Addition this AVP is recommended for
+%%                      ; all command ABNFs to allow for extensibility.
+
+avp_name -> 'AVP'    : '$1'.
+avp_name -> avp_spec : '$1'.
+
+%%   The following is a definition of a fictitious command code:
+%%
+%%   Example-Request ::= < Diameter Header: 9999999, REQ, PXY >
+%%                       { User-Name }
+%%                     * { Origin-Host }
+%%                     * [ AVP ]
+
+%% =====================================
+%% 4.4.   Grouped AVP Values
+%%
+%%    The Diameter protocol allows AVP values of type 'Grouped'.  This
+%%    implies that the Data field is actually a sequence of AVPs.  It is
+%%    possible to include an AVP with a Grouped type within a Grouped type,
+%%    that is, to nest them.  AVPs within an AVP of type Grouped have the
+%%    same padding requirements as non-Grouped AVPs, as defined in Section
+%%    4.
+%%
+%%    The AVP Code numbering space of all AVPs included in a Grouped AVP is
+%%    the same as for non-grouped AVPs.  Receivers of a Grouped AVP that
+%%    does not have the 'M' (mandatory) bit set and one or more of the
+%%    encapsulated AVPs within the group has the 'M' (mandatory) bit set
+%%    MAY simply be ignored if the Grouped AVP itself is unrecognized.  The
+%%    rule applies even if the encapsulated AVP with its 'M' (mandatory)
+%%    bit set is further encapsulated within other sub-groups; i.e. other
+%%    Grouped AVPs embedded within the Grouped AVP.
+%%
+%%    Every Grouped AVP defined MUST include a corresponding grammar, using
+%%    ABNF [RFC5234] (with modifications), as defined below.
+
+%%          grouped-avp-def  = <name> "::=" avp
+%%
+%%          name-fmt         = ALPHA *(ALPHA / DIGIT / "-")
+%%
+%%          name             = name-fmt
+%%                             ; The name has to be the name of an AVP,
+%%                             ; defined in the base or extended Diameter
+%%                             ; specifications.
+%%
+%%          avp              = header  [ *fixed] [ *required] [ *optional]
+
+group_def -> ident '::=' avp_header avps : ['$1', '$3' | '$4'].
+
+%%          header           = "<" "AVP-Header:" avpcode [vendor] ">"
+%%
+%%          avpcode          = 1*DIGIT
+%%                             ; The AVP Code assigned to the Grouped AVP
+%%
+%%          vendor           = 1*DIGIT
+%%                             ; The Vendor-ID assigned to the Grouped AVP.
+%%                             ; If absent, the default value of zero is
+%%                             ; used.
+
+avp_header -> '<' avp_header_tok ':' avp_code avp_vendor '>'
+  : ['$4', '$5'].
+
+avp_header_tok -> 'AVP-Header'.
+avp_header_tok -> 'AVP' 'Header'.
+
+avp_code -> number : '$1'.
+
+avp_vendor -> '$empty' : false.
+avp_vendor -> number   : '$1'.
diff --git a/lib/diameter/src/compiler/diameter_dict_scanner.erl b/lib/diameter/src/compiler/diameter_dict_scanner.erl
new file mode 100644
index 0000000000..45189376fb
--- /dev/null
+++ b/lib/diameter/src/compiler/diameter_dict_scanner.erl
@@ -0,0 +1,276 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(diameter_dict_scanner).
+
+%%
+%% A scanner for dictionary files of the form expected by yecc.
+%%
+
+-export([scan/1,
+         format_error/1]).
+
+-export([is_name/1]).
+
+%% -----------------------------------------------------------
+%% # scan/1
+%% -----------------------------------------------------------
+
+-spec scan(string() | binary())
+   -> {ok, [Token]}
+    | {error, {string(), string(), Lineno}}
+ when Token  :: {word, Lineno, string()}
+              | {number, Lineno, non_neg_integer()}
+              | {Symbol, Lineno},
+      Lineno   :: pos_integer(),
+      Symbol   :: '{' | '}'   | '<' | '>' | '[' | ']'
+                | '*' | '::=' | ':' | ',' | '-'
+                | avp_types
+                | avp_vendor_id
+                | codecs
+                | custom_types
+                | define
+                | grouped
+                | id
+                | inherits
+                | messages
+                | name
+                | prefix
+                | vendor
+                | '$end'
+                | code
+                | 'answer-message'
+                | 'AVP'
+                | 'AVP-Header'
+                | 'Diameter'
+                | 'Diameter-Header'
+                | 'Header'
+                | 'REQ'
+                | 'PXY'
+                | 'ERR'.
+
+scan(B)
+  when is_binary(B) ->
+    scan(binary_to_list(B));
+scan(S) ->
+    scan(S, {1, []}).
+
+scan(S, {Lineno, Acc}) ->
+    case split(S) of
+        '$end' = E ->
+            {ok, lists:reverse([{E, Lineno} | Acc])};
+        {Tok, Rest} ->
+            scan(Rest, acc(Tok, Lineno, Acc));
+        Reason when is_list(Reason) ->
+            {error, {Reason, S, Lineno}}
+    end.
+
+%% format_error/1
+
+format_error({Reason, Input, Lineno}) ->
+    io_lib:format("~s at line ~p: ~s",
+                  [Reason, Lineno, head(Input, [], 20, true)]).
+
+%% is_name/1
+
+is_name([H|T]) ->
+    is_alphanum(H) andalso lists:all(fun is_name_ch/1, T).
+
+%% ===========================================================================
+
+head(Str, Acc, N, _)
+  when [] == Str;
+       0 == N;
+       $\r == hd(Str);
+       $\n == hd(Str) ->
+    lists:reverse(Acc);
+head([C|Rest], Acc, N, true = T)  %% skip leading whitespace
+  when C == $\s;
+       C == $\t;
+       C == $\f;
+       C == $\v ->
+    head(Rest, Acc, N, T);
+head([C|Rest], Acc, N, _) ->
+    head(Rest, [C|Acc], N-1, false).
+
+acc(endline, Lineno, Acc) ->
+    {Lineno + 1, Acc};
+acc(T, Lineno, Acc) ->
+    {Lineno, [tok(T, Lineno) | Acc]}.
+
+tok({Cat, Sym}, Lineno) ->
+    {Cat, Lineno, Sym};
+tok(Sym, Lineno) ->
+    {Sym, Lineno}.
+
+%% # split/1
+%%
+%% Output: {Token, Rest} | atom()
+
+%% Finito.
+split("") ->
+    '$end';
+
+%% Skip comments. This precludes using semicolon for any other purpose.
+split([$;|T]) ->
+    split(lists:dropwhile(fun(C) -> not is_eol_ch(C) end, T));
+
+%% Beginning of a section.
+split([$@|T]) ->
+    {Name, Rest} = lists:splitwith(fun is_name_ch/1, T),
+    case section(Name) of
+        false ->
+            "Unknown section";
+        'end' ->
+            '$end';
+        A ->
+            {A, Rest}
+    end;
+
+split("::=" ++ T) ->
+    {'::=', T};
+
+split([H|T])
+  when H == ${; H == $};
+       H == $<; H == $>;
+       H == $[; H == $];
+       H == $*; H == $:; H == $,; H == $- ->
+    {list_to_atom([H]), T};
+
+%% RFC 3588 requires various names to begin with a letter but 3GPP (for
+%% one) abuses this. (eg 3GPP-Charging-Id in TS32.299.)
+split([H|_] = L) when $0 =< H, H =< $9 ->
+    {P, Rest} = splitwith(fun is_name_ch/1, L),
+    Tok = try
+              {number, read_int(P)}
+          catch
+              error:_ ->
+                  word(P)
+          end,
+    {Tok, Rest};
+
+split([H|_] = L) when $a =< H, H =< $z;
+                      $A =< H, H =< $Z ->
+    {P, Rest} = splitwith(fun is_name_ch/1, L),
+    {word(P), Rest};
+
+split([$'|T]) ->
+    case lists:splitwith(fun(C) -> not lists:member(C, "'\r\n") end, T) of
+        {[_|_] = A, [$'|Rest]} ->
+            {{word, A}, Rest};
+        {[], [$'|_]} ->
+            "Empty string";
+        _ -> %% not terminated on same line
+            "Unterminated string"
+    end;
+
+%% Line ending of various forms.
+split([$\r,$\n|T]) ->
+    {endline, T};
+split([C|T])
+  when C == $\r;
+       C == $\n ->
+    {endline, T};
+
+%% Ignore whitespace.
+split([C|T])
+  when C == $\s;
+       C == $\t;
+       C == $\f;
+       C == $\v ->
+    split(T);
+
+split(_) ->
+    "Unexpected character".
+
+%% word/1
+
+%% Reserved words significant in parsing ...
+word(S)
+  when S == "answer-message";
+       S == "code";
+       S == "AVP";
+       S == "AVP-Header";
+       S == "Diameter";
+       S == "Diameter-Header";
+       S == "Header";
+       S == "REQ";
+       S == "PXY";
+       S == "ERR" ->
+    list_to_atom(S);
+
+%% ... or not.
+word(S) ->
+    {word, S}.
+
+%% section/1
+
+section(N)
+  when N == "avp_types";
+       N == "avp_vendor_id";
+       N == "codecs";
+       N == "custom_types";
+       N == "define";
+       N == "end";
+       N == "enum";
+       N == "grouped";
+       N == "id";
+       N == "inherits";
+       N == "messages";
+       N == "name";
+       N == "prefix";
+       N == "vendor" ->
+    list_to_atom(N);
+section(_) ->
+    false.
+
+%% read_int/1
+
+read_int([$0,X|S])
+  when X == $X;
+       X == $x ->
+    {ok, [N], []} = io_lib:fread("~16u", S),
+    N;
+
+read_int(S) ->
+    list_to_integer(S).
+
+%% splitwith/3
+
+splitwith(Fun, [H|T]) ->
+    {SH, ST} = lists:splitwith(Fun, T),
+    {[H|SH], ST}.
+
+is_eol_ch(C) ->
+    C == $\n orelse C == $\r.
+
+is_name_ch(C) ->
+    is_alphanum(C) orelse C == $- orelse C == $_.
+
+is_alphanum(C) ->
+    is_lower(C) orelse is_upper(C) orelse is_digit(C).
+
+is_lower(C) ->
+    $a =< C andalso C =< $z.
+
+is_upper(C) ->
+    $A =< C andalso C =< $Z.
+
+is_digit(C) ->
+    $0 =< C andalso C =< $9.
diff --git a/lib/diameter/src/compiler/diameter_dict_util.erl b/lib/diameter/src/compiler/diameter_dict_util.erl
new file mode 100644
index 0000000000..36a6efa294
--- /dev/null
+++ b/lib/diameter/src/compiler/diameter_dict_util.erl
@@ -0,0 +1,1358 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% This module turns a dictionary file into the orddict that
+%% diameter_codegen.erl in turn morphs into .erl and .hrl files for
+%% encode and decode of Diameter messages and AVPs.
+%%
+
+-module(diameter_dict_util).
+
+-export([parse/2,
+         format_error/1,
+         format/1]).
+
+-include("diameter_vsn.hrl").
+
+-define(RETURN(T), throw({T, ?MODULE, ?LINE})).
+-define(RETURN(T, Args), ?RETURN({T, Args})).
+
+-define(A, list_to_atom).
+-define(L, atom_to_list).
+-define(I, integer_to_list).
+-define(F, io_lib:format).
+
+%% ===========================================================================
+%% parse/2
+%% ===========================================================================
+
+-spec parse(File, Opts)
+   -> {ok, orddict:orddict()}
+    | {error, term()}
+ when File :: {path, string()}
+            | iolist()
+            | binary(),
+      Opts :: list().
+
+parse(File, Opts) ->
+    putr(verbose, lists:member(verbose, Opts)),
+    try
+        {ok, do_parse(File, Opts)}
+    catch
+        {Reason, ?MODULE, _Line} ->
+            {error, Reason}
+    after
+        eraser(verbose)
+    end.
+
+%% ===========================================================================
+%% format_error/1
+%% ===========================================================================
+
+format_error({read, Reason}) ->
+    file:format_error(Reason);
+format_error({scan, Reason}) ->
+    diameter_dict_scanner:format_error(Reason);
+format_error({parse, {Line, _Mod, Reason}}) ->
+    lists:flatten(["Line ", ?I(Line), ", ", Reason]);
+
+format_error(T) ->
+    {Fmt, As} = fmt(T),
+    lists:flatten(io_lib:format(Fmt, As)).
+
+fmt({avp_code_already_defined = E, [Code, false, Name, Line, L]}) ->
+    {fmt(E), [Code, "", Name, Line, L]};
+fmt({avp_code_already_defined = E, [Code, Vid, Name, Line, L]}) ->
+    {fmt(E), [Code, ?F("/~p", [Vid]), Name, Line, L]};
+
+fmt({uint32_out_of_range = E, [id | T]}) ->
+    {fmt(E), ["@id", "application identifier" | T]};
+fmt({uint32_out_of_range = E, [K | T]})
+  when K == vendor;
+       K == avp_vendor_id ->
+    {fmt(E), [?F("@~p", [K]), "vendor id" | T]};
+fmt({uint32_out_of_range = E, [K, Name | T]})
+  when K == enum;
+       K == define ->
+    {fmt(E), [?F("@~p ~s", [K, Name]), "value" | T]};
+fmt({uint32_out_of_range = E, [avp_types, Name | T]}) ->
+    {fmt(E), ["AVP " ++ Name, "AVP code" | T]};
+fmt({uint32_out_of_range = E, [grouped, Name | T]}) ->
+    {fmt(E), ["Grouped AVP " ++ Name | T]};
+fmt({uint32_out_of_range = E, [messages, Name | T]}) ->
+    {fmt(E), ["Message " ++ Name, "command code" | T]};
+
+fmt({Reason, As}) ->
+    {fmt(Reason), As};
+
+fmt(avp_code_already_defined) ->
+    "AVP ~p~s (~s) at line ~p already defined at line ~p";
+
+fmt(uint32_out_of_range) ->
+    "~s specifies ~s ~p at line ~p that is out of range for a value of "
+    "Diameter type Unsigned32";
+
+fmt(imported_avp_already_defined) ->
+    "AVP ~s imported by @inherits ~p at line ~p defined at line ~p";
+fmt(duplicate_import) ->
+    "AVP ~s is imported by more than one @inherits, both at line ~p "
+    "and at line ~p";
+
+fmt(duplicate_section) ->
+    "Section @~s at line ~p already declared at line ~p";
+
+fmt(already_declared) ->
+    "Section @~p ~s at line ~p already declared at line ~p";
+
+fmt(inherited_avp_already_defined) ->
+    "AVP ~s inherited at line ~p defined in @avp_types at line ~p";
+fmt(avp_already_defined) ->
+    "AVP ~s at line ~p already in @~p at line ~p";
+fmt(key_already_defined) ->
+    "Value for ~s:~s in @~p at line ~p already provided at line ~p";
+
+fmt(messages_without_id) ->
+    "@messages at line ~p but @id not declared";
+
+fmt(avp_name_already_defined) ->
+    "AVP ~s at line ~p already defined at line ~p";
+fmt(avp_has_unknown_type) ->
+    "AVP ~s at line ~p defined with unknown type ~s";
+fmt(avp_has_invalid_flag) ->
+    "AVP ~s at line ~p specifies invalid flag ~c";
+fmt(avp_has_duplicate_flag) ->
+    "AVP ~s at line ~p specifies duplicate flag ~c";
+fmt(avp_has_vendor_id) ->
+    "AVP ~s at line ~p does not specify V flag "
+    "but is assigned vendor id ~p at line ~p";
+fmt(avp_has_no_vendor) ->
+    "AVP ~s at line ~p specifies V flag "
+    "but neither @vendor_avp_id nor @vendor supplies a value";
+
+fmt(group_already_defined) ->
+    "Group ~s at line ~p already defined at line ~p";
+fmt(grouped_avp_code_mismatch) ->
+    "AVP ~s at line ~p has with code ~p "
+    "but @avp_types specifies ~p at line ~p";
+fmt(grouped_avp_has_wrong_type) ->
+    "Grouped AVP ~s at line ~p defined with type ~s at line ~p";
+fmt(grouped_avp_not_defined) ->
+    "Grouped AVP ~s on line ~p not defined in @avp_types";
+fmt(grouped_vendor_id_without_flag) ->
+    "Grouped AVP ~s at line ~p has vendor id "
+    "but definition at line ~p does not specify V flag";
+fmt(grouped_vendor_id_mismatch) ->
+    "Grouped AVP ~s at line ~p has vendor id ~p "
+    "but ~p specified at line ~p";
+
+fmt(message_name_already_defined) ->
+    "Message ~s at line ~p already defined at line ~p";
+fmt(message_code_already_defined) ->
+    "~s message with code ~p at line ~p already defined at line ~p";
+fmt(message_has_duplicate_flag) ->
+    "Message ~s has duplicate flag ~s at line ~p";
+fmt(message_application_id_mismatch) ->
+    "Message ~s has application id ~p at line ~p "
+    "but @id specifies ~p at line ~p";
+
+fmt(invalid_avp_order) ->
+    "AVP reference ~c~s~c at line ~p breaks fixed/required/optional order";
+fmt(required_avp_has_zero_max_arity) ->
+    "Required AVP has maximum arity 0 at line ~p";
+fmt(required_avp_has_zero_min_arity) ->
+    "Required AVP has minimum arity 0 at line ~p";
+fmt(optional_avp_has_nonzero_min_arity) ->
+    "Optional AVP has non-zero minimum arity at line ~p";
+fmt(qualifier_has_min_greater_than_max) ->
+    "Qualifier ~p*~p at line ~p has Min > Max";
+fmt(avp_already_referenced) ->
+    "AVP ~s at line ~p already referenced at line ~p";
+
+fmt(message_missing) ->
+    "~s message at line ~p but no ~s message is defined";
+
+fmt(requested_avp_not_found) ->
+    "@inherit ~s at line ~p requests AVP ~s at line ~p "
+    "but module does not define that AVP";
+
+fmt(enumerated_avp_has_wrong_local_type) ->
+    "Enumerated AVP ~s in @enum at line ~p defined with type ~s at line ~p";
+fmt(enumerated_avp_has_wrong_inherited_type) ->
+    "Enumerated AVP ~s in @enum at line ~p "
+    "inherited with type ~s from module ~s at line ~p";
+fmt(enumerated_avp_not_defined) ->
+    "Enumerated AVP ~s in @enum at line ~p neither defined nor inherited";
+
+fmt(avp_not_defined) ->
+    "AVP ~s referenced at line ~p neither defined nor inherited";
+
+fmt(recompile) ->
+    "Module ~p appears to have been compiler with an incompatible "
+    "version of the dictionary compiler and must be recompiled";
+fmt(not_loaded) ->
+    "Module ~p is not on the code path or could not be loaded";
+fmt(no_dict) ->
+    "Module ~p does not appear to be a diameter dictionary".
+
+%% ===========================================================================
+%% format/1
+%%
+%% Turn dict/0 output back into a dictionary file (with line ending = $\n).
+
+-spec format(Dict)
+   -> iolist()
+ when Dict :: orddict:orddict().
+
+-define(KEYS, [id, name, prefix, vendor,
+               inherits, codecs, custom_types,
+               avp_types,
+               messages,
+               grouped,
+               enum, define]).
+
+format(Dict) ->
+    Io = orddict:fold(fun io/3, [], Dict),
+    [S || {_,S} <- lists:sort(fun keysort/2, Io)].
+
+keysort({A,_}, {B,_}) ->
+    [HA, HB] = [H || K <- [A,B],
+                     H <- [lists:takewhile(fun(X) -> X /= K end, ?KEYS)]],
+    HA < HB.
+
+%% ===========================================================================
+
+-define(INDENT, "    ").
+-define(SP, " ").
+-define(NL, $\n).
+
+%% io/3
+
+io(K, _, Acc)
+  when K == command_codes;
+       K == import_avps;
+       K == import_groups;
+       K == import_enums ->
+    Acc;
+
+io(Key, Body, Acc) ->
+    [{Key, io(Key, Body)} | Acc].
+
+%% io/2
+
+io(K, Id)
+  when K == id;
+       K == name;
+       K == prefix ->
+    [?NL, section(K), ?SP, tok(Id)];
+
+io(vendor = K, {Id, Name}) ->
+    [?NL, section(K) | [[?SP, tok(X)] || X <- [Id, Name]]];
+
+io(avp_types = K, Body) ->
+    [?NL, ?NL, section(K), ?NL, [body(K,A) || A <- Body]];
+
+io(K, Body)
+  when K == messages;
+       K == grouped ->
+    [?NL, ?NL, section(K), [body(K,A) || A <- Body]];
+
+io(K, Body)
+  when K == avp_vendor_id;
+       K == inherits;
+       K == custom_types;
+       K == codecs;
+       K == enum;
+       K == define ->
+    [[?NL, pairs(K, T)] || T <- Body].
+
+pairs(K, {Id, Avps}) ->
+    [?NL, section(K), ?SP, tok(Id), ?NL, [[?NL, body(K, A)] || A <- Avps]].
+
+body(K, AvpName)
+  when K == avp_vendor_id;
+       K == inherits;
+       K == custom_types;
+       K == codecs ->
+    [?INDENT, word(AvpName)];
+
+body(K, {Name, N})
+  when K == enum;
+       K == define ->
+    [?INDENT, word(Name), ?SP, ?I(N)];
+
+body(avp_types = K, {Name, Code, Type, ""}) ->
+    body(K, {Name, Code, Type, "-"});
+body(avp_types, {Name, Code, Type, Flags}) ->
+    [?NL, ?INDENT, word(Name),
+     [[?SP, ?SP, S] || S <- [?I(Code), Type, Flags]]];
+
+body(messages, {"answer-message", _, _, [], Avps}) ->
+    [?NL, ?NL, ?INDENT,
+     "answer-message ::= < Diameter Header: code, ERR [PXY] >",
+     f_avps(Avps)];
+body(messages, {Name, Code, Flags, ApplId, Avps}) ->
+    [?NL, ?NL, ?INDENT, word(Name), " ::= ", header(Code, Flags, ApplId),
+     f_avps(Avps)];
+
+body(grouped, {Name, Code, Vid, Avps}) ->
+    [?NL, ?NL, ?INDENT, word(Name), " ::= ", avp_header(Code, Vid),
+     f_avps(Avps)].
+
+header(Code, Flags, ApplId) ->
+    ["< Diameter Header: ",
+     ?I(Code),
+     [[", ", ?L(F)] || F <- Flags],
+     [[" ", ?I(N)] || N <- ApplId],
+     " >"].
+
+avp_header(Code, Vid) ->
+    ["< AVP Header: ",
+     ?I(Code),
+     [[" ", ?I(V)] || V <- Vid],
+     " >"].
+
+f_avps(L) ->
+    [[?NL, ?INDENT, ?INDENT, f_avp(A)] || A <- L].
+
+f_avp({Q, A}) ->
+    [D | _] = Avp = f_delim(A),
+    f_avp(f_qual(D, Q), Avp);
+f_avp(A) ->
+    f_avp("", f_delim(A)).
+
+f_delim({{A}}) ->
+    [$<, word(A), $>];
+f_delim({A}) ->
+    [${, word(A), $}];
+f_delim([A]) ->
+    [$[, word(A), $]].
+
+f_avp(Q, [L, Avp, R]) ->
+    Len = length(lists:flatten([Q])),
+    [io_lib:format("~*s", [-1*max(Len+1, 6) , Q]), L, " ", Avp, " ", R].
+
+f_qual(${, '*') ->
+    "1*";  %% Equivalent to "*" but the more common/obvious rendition
+f_qual(_, '*') ->
+    "*";
+f_qual(_, {'*', N}) ->
+    [$*, ?I(N)];
+f_qual(_, {N, '*'}) ->
+    [?I(N), $*];
+f_qual(_, {M,N}) ->
+    [?I(M), $*, ?I(N)].
+
+section(Key) ->
+    ["@", ?L(Key)].
+
+tok(N)
+  when is_integer(N) ->
+    ?I(N);
+tok(N) ->
+    word(N).
+
+word(Str) ->
+    word(diameter_dict_scanner:is_name(Str), Str).
+
+word(true, Str) ->
+    Str;
+word(false, Str) ->
+    [$', Str, $'].
+
+%% ===========================================================================
+
+do_parse(File, Opts) ->
+    Bin  = do([fun read/1, File], read),
+    Toks = do([fun diameter_dict_scanner:scan/1, Bin], scan),
+    Tree = do([fun diameter_dict_parser:parse/1, Toks], parse),
+    make_dict(Tree, Opts).
+
+do([F|A], E) ->
+    case apply(F,A) of
+        {ok, T} ->
+            T;
+        {error, Reason} ->
+            ?RETURN({E, Reason})
+    end.
+
+read({path, Path}) ->
+    file:read_file(Path);
+read(File) ->
+    {ok, iolist_to_binary([File])}.
+
+make_dict(Parse, Opts) ->
+    make_orddict(pass4(pass3(pass2(pass1(reset(make_dict(Parse),
+                                               Opts))),
+                             Opts))).
+
+%% make_orddict/1
+
+make_orddict(Dict) ->
+    dict:fold(fun mo/3,
+              orddict:from_list([{K,[]} || K <- [avp_types,
+                                                 messages,
+                                                 grouped,
+                                                 inherits,
+                                                 custom_types,
+                                                 codecs,
+                                                 avp_vendor_id,
+                                                 enum,
+                                                 define]]),
+              Dict).
+
+mo(K, Sects, Dict)
+  when is_atom(K) ->
+    orddict:store(K, make(K, Sects), Dict);
+
+mo(_, _, Dict) ->
+    Dict.
+
+make(K, [[_Line, {_, _, X}]])
+  when K == id;
+       K == name;
+       K == prefix ->
+    X;
+
+make(vendor, [[_Line, {_, _, Id}, {_, _, Name}]]) ->
+    {Id, Name};
+
+make(K, T)
+  when K == command_codes;
+       K == import_avps;
+       K == import_groups;
+       K == import_enums ->
+    T;
+
+make(K, Sects) ->
+    post(K, foldl(fun([_L|B], A) -> make(K,B,A) end,
+                  [],
+                  Sects)).
+
+post(avp_types, L) ->
+    lists:sort(L);
+
+post(K, L)
+  when K == grouped;
+       K == messages;
+       K == enum;
+       K == define ->
+    lists:reverse(L);
+
+post(_, L) ->
+    L.
+
+make(K, [{_,_,Name} | Body], Acc)
+  when K == enum;
+       K == define;
+       K == avp_vendor_id;
+       K == custom_types;
+       K == inherits;
+       K == codecs ->
+    [{Name, mk(K, Body)} | Acc];
+
+make(K, Body, Acc) ->
+    foldl(fun(T,A) -> [mk(K, T) | A] end, Acc, Body).
+
+mk(avp_types, [{_,_,Name}, {_,_,Code}, {_,_,Type}, {_,_,Flags}]) ->
+    {Name, Code, type(Type), Flags};
+
+mk(messages, [{'answer-message' = A, _}, false | Avps]) ->
+    {?L(A), -1, ['ERR', 'PXY'], [], make_body(Avps)};
+
+mk(messages, [{_,_,Name}, [{_,_,Code}, Flags, ApplId] | Avps]) ->
+    {Name,
+     Code,
+     lists:map(fun({F,_}) -> F end, Flags),
+     opt(ApplId),
+     make_body(Avps)};
+
+mk(grouped, [{_,_,Name}, [{_,_,Code}, Vid] | Avps]) ->
+    {Name, Code, opt(Vid), make_body(Avps)};
+
+mk(K, Body)
+  when K == enum;
+       K == define ->
+    lists:map(fun([{_,_,Name}, {_,_,Value}]) -> {Name, Value} end, Body);
+
+mk(K, Avps)
+  when K == avp_vendor_id;
+       K == custom_types;
+       K == inherits;
+       K == codecs ->
+    lists:map(fun({_,_,N}) -> N end, Avps).
+
+opt(false) ->
+    [];
+opt({_,_,X}) ->
+    [X].
+
+make_body(Avps) ->
+    lists:map(fun avp/1, Avps).
+
+avp([false, D, Avp]) ->
+    avp(D, Avp);
+avp([Q, D, Avp]) ->
+    case {qual(D, Q), avp(D, Avp)} of
+        {{0,1}, A} when D == $[ ->
+            A;
+        {{1,1}, A} ->
+            A;
+        T ->
+            T
+    end.
+%% Could just store the qualifier as a pair in all cases but the more
+%% compact form is easier to parse visually so live with a bit of
+%% mapping. Ditto the use of '*'.
+
+avp(D, {'AVP', _}) ->
+    delim(D, "AVP");
+avp(D, {_, _, Name}) ->
+    delim(D, Name).
+
+delim($<, N) ->
+    {{N}};
+delim(${, N) ->
+    {N};
+delim($[, N) ->
+    [N].
+
+%% There's a difference between max = 0 and not specifying an AVP:
+%% reception of an AVP with max = 0 will always be an error, otherwise
+%% it depends on the existence of 'AVP' and the M flag.
+
+qual(${, {{_,L,0}, _}) ->
+    ?RETURN(required_avp_has_zero_min_arity, [L]);
+qual(${, {_, {_,L,0}}) ->
+    ?RETURN(required_avp_has_zero_max_arity, [L]);
+
+qual($[, {{_,L,N}, _})
+  when 0 < N ->
+    ?RETURN(optional_avp_has_nonzero_min_arity, [L]);
+
+qual(_, {{_,L,Min}, {_,_,Max}})
+  when Min > Max ->
+    ?RETURN(qualifier_has_min_greater_than_max, [Min, Max, L]);
+
+qual(_, true) ->
+    '*';
+
+qual(${, {true, {_,_,N}}) ->
+    {1, N};
+qual(_, {true, {_,_,N}}) ->
+    {0, N};
+
+qual(D, {{_,_,N}, true})
+  when D == ${, N == 1;
+       D /= ${, N == 0 ->
+    '*';
+qual(_, {{_,_,N}, true}) ->
+    {N, '*'};
+
+qual(_, {{_,_,Min}, {_,_,Max}}) ->
+    {Min, Max}.
+
+%% Optional reports when running verbosely.
+report(What, [F | A])
+  when is_function(F) ->
+    report(What, apply(F, A));
+report(What, Data) ->
+    report(getr(verbose), What, Data).
+
+report(true, Tag, Data) ->
+    io:format("##~n## ~p ~p~n", [Tag, Data]);
+report(false, _, _) ->
+    ok.
+
+%% ------------------------------------------------------------------------
+%% make_dict/1
+%%
+%% Turn a parsed dictionary into an dict.
+
+make_dict(Parse) ->
+    foldl(fun(T,A) ->
+                  report(section, T),
+                  section(T,A)
+          end,
+          dict:new(),
+          Parse).
+
+section([{T, L} | Rest], Dict)
+  when T == name;
+       T == prefix;
+       T == id;
+       T == vendor ->
+    case find(T, Dict) of
+        [] ->
+            dict:store(T, [[L | Rest]], Dict);
+        [[Line | _]] ->
+            ?RETURN(duplicate_section, [T, L, Line])
+    end;
+
+section([{T, L} | Rest], Dict)
+  when T == avp_types;
+       T == messages;
+       T == grouped;
+       T == inherits;
+       T == custom_types;
+       T == codecs;
+       T == avp_vendor_id;
+       T == enum;
+       T == define ->
+    dict:append(T, [L | Rest], Dict).
+
+%% ===========================================================================
+%% reset/2
+%%
+%% Reset sections from options.
+
+reset(Dict, Opts) ->
+    foldl([fun reset/3, Opts], Dict, [name, prefix, inherits]).
+
+reset(K, Dict, Opts) ->
+    foldl(fun opt/2, Dict, [T || {A,_} = T <- Opts, A == K]).
+
+opt({inherits = Key, "-"}, Dict) ->
+    dict:erase(Key, Dict);
+
+opt({inherits = Key, Mod}, Dict) ->
+    case lists:splitwith(fun(C) -> C /= $/ end, Mod) of
+        {Mod, ""} ->
+            dict:append(Key, [0, {word, 0, Mod}], Dict);
+        {From, [$/|To]} ->
+            dict:store(Key,
+                       [reinherit(From, To, M) || M <- find(Key, Dict)],
+                       Dict)
+    end;
+
+opt({Key, Val}, Dict) ->
+    dict:store(Key, [[0, {word, 0, Val}]], Dict);
+
+opt(_, Dict) ->
+    Dict.
+
+reinherit(From, To, [L, {word, _, From} = T | Avps]) ->
+    [L, setelement(3, T, To) | Avps];
+reinherit(_, _, T) ->
+    T.
+
+%% ===========================================================================
+%% pass1/1
+%%
+%% Explode sections into additional dictionary entries plus semantic
+%% checks.
+
+pass1(Dict) ->
+    true = no_messages_without_id(Dict),
+
+    foldl(fun(K,D) -> foldl([fun p1/3, K], D, find(K,D)) end,
+          Dict,
+          [id,
+           vendor,
+           avp_types,  %% must precede inherits, grouped, enum
+           avp_vendor_id,
+           custom_types,
+           codecs,
+           inherits,
+           grouped,
+           messages,
+           enum,
+           define]).
+
+%% Multiple sections are allowed as long as their bodies don't
+%% overlap. (Except enum/define.)
+
+p1([_Line, N], Dict, id = K) ->
+    true = is_uint32(N, [K]),
+    Dict;
+
+p1([_Line, Id, _Name], Dict, vendor = K) ->
+    true = is_uint32(Id, [K]),
+    Dict;
+
+p1([_Line, X | Body], Dict, K)
+  when K == avp_vendor_id;
+       K == custom_types;
+       K == codecs;
+       K == inherits ->
+    foldl([fun explode/4, X, K], Dict, Body);
+
+p1([_Line, X | Body], Dict, K)
+  when K == define;
+       K == enum ->
+    {_, L, Name} = X,
+    foldl([fun explode2/4, X, K],
+          store_new({K, Name},
+                    [L, Body],
+                    Dict,
+                    [K, Name, L],
+                    already_declared),
+          Body);
+
+p1([_Line | Body], Dict, K)
+  when K == avp_types;
+       K == grouped;
+       K == messages ->
+    foldl([fun explode/3, K], Dict, Body).
+
+no_messages_without_id(Dict) ->
+    case find(messages, Dict) of
+        [] ->
+            true;
+        [[Line | _] | _] ->
+            [] /= find(id, Dict) orelse ?RETURN(messages_without_id, [Line])
+    end.
+
+%% Note that the AVP's in avp_vendor_id, custom_types, codecs and
+%% enum can all be inherited, as can the AVP content of messages and
+%% grouped AVP's. Check that the referenced AVP's exist after
+%% importing definitions.
+
+%% explode/4
+%%
+%% {avp_vendor_id, AvpName}                 -> [Lineno, Id::integer()]
+%% {custom_types|codecs|inherits,  AvpName} -> [Lineno, Mod::string()]
+
+explode({_, Line, AvpName}, Dict, {_, _, X} = T, K) ->
+    true = K /= avp_vendor_id orelse is_uint32(T, [K]),
+    true = K /= inherits orelse avp_not_local(AvpName, Line, Dict),
+
+    store_new({key(K), AvpName},
+              [Line, X],
+              Dict,
+              [AvpName, Line, K],
+              avp_already_defined).
+
+%% explode2/4
+
+%% {define, {Name, Key}} -> [Lineno, Value::integer(), enum|define]
+
+explode2([{_, Line, Key}, {_, _, Value} = T], Dict, {_, _, Name}, K) ->
+    true = is_uint32(T, [K, Name]),
+
+    store_new({key(K), {Name, Key}},
+              [Line, Value, K],
+              Dict,
+              [Name, Key, K, Line],
+              key_already_defined).
+
+%% key/1
+%%
+%% Conflate keys that are equivalent as far as uniqueness of
+%% definition goes.
+
+key(K)
+  when K == enum;
+       K == define ->
+    define;
+key(K)
+  when K == custom_types;
+       K == codecs ->
+    custom;
+key(K) ->
+    K.
+
+%% explode/3
+
+%% {avp_types, AvpName}       -> [Line | Toks]
+%% {avp_types, {Code, IsReq}} -> [Line, AvpName]
+%%
+%% where AvpName = string()
+%%       Code    = integer()
+%%       IsReq   = boolean()
+
+explode([{_, Line, Name} | Toks], Dict0, avp_types = K) ->
+    %% Each AVP can be defined only once.
+    Dict = store_new({K, Name},
+                     [Line | Toks],
+                     Dict0,
+                     [Name, Line],
+                     avp_name_already_defined),
+
+    [{number, _, _Code} = C, {word, _, Type}, {word, _, _Flags}] = Toks,
+
+    true = avp_type_known(Type, Name, Line),
+    true = is_uint32(C, [K, Name]),
+
+    Dict;
+
+%% {grouped, Name}            -> [Line, HeaderTok | AvpToks]
+%% {grouped, {Name, AvpName}} -> [Line, Qual, Delim]
+%%
+%% where Name  = string()
+%%       AvpName = string()
+%%       Qual  = {Q, Q} | boolean()
+%%       Q     = true | NumberTok
+%%       Delim = $< | ${ | $[
+
+explode([{_, Line, Name}, Header | Avps], Dict0, grouped = K) ->
+    Dict = store_new({K, Name},
+                     [Line, Header | Avps],
+                     Dict0,
+                     [Name, Line],
+                     group_already_defined),
+
+    [{_,_, Code} = C, Vid] = Header,
+    {DefLine, {_, _, Flags}} = grouped_flags(Name, Code, Dict0, Line),
+    V = lists:member($V, Flags),
+
+    true = is_uint32(C, [K, Name, "AVP code"]),
+    true = is_uint32(Vid, [K, Name, "vendor id"]),
+    false = vendor_id_mismatch(Vid, V, Name, Dict0, Line, DefLine),
+
+    explode_avps(Avps, Dict, K, Name);
+
+%% {messages, Name}            -> [Line, HeaderTok | AvpToks]
+%% {messages, {Code, IsReq}}   -> [Line, NameTok]
+%% {messages, Code}            -> [[Line, NameTok, IsReq]]
+%% {messages, {Name, Flag}}    -> [Line]
+%% {messages, {Name, AvpName}} -> [Line, Qual, Delim]
+%%
+%% where Name  = string()
+%%       Code  = integer()
+%%       IsReq = boolean()
+%%       Flag  = 'REQ' | 'PXY'
+%%       AvpName = string()
+%%       Qual  = true | {Q,Q}
+%%       Q     = true | NumberTok
+%%       Delim = $< | ${ | ${
+
+explode([{'answer-message' = A, Line}, false = H | Avps],
+        Dict0,
+        messages = K) ->
+    Name = ?L(A),
+    Dict1 = store_new({K, Name},
+                      [Line, H, Avps],
+                      Dict0,
+                      [Name, Line],
+                      message_name_already_defined),
+
+    explode_avps(Avps, Dict1, K, Name);
+
+explode([{_, Line, MsgName} = M, Header | Avps],
+        Dict0,
+        messages = K) ->
+    %% There can be at most one message with a given name.
+    Dict1 = store_new({K, MsgName},
+                      [Line, Header | Avps],
+                      Dict0,
+                      [MsgName, Line],
+                      message_name_already_defined),
+
+    [{_, _, Code} = C, Bits, ApplId] = Header,
+
+    %% Don't check any application id since it's required to be
+    %% the same as @id.
+    true = is_uint32(C, [K, MsgName]),
+
+    %% An application id specified as part of the message definition
+    %% has to agree with @id. The former is parsed just because RFC
+    %% 3588 specifies it.
+    false = application_id_mismatch(ApplId, Dict1, MsgName),
+
+    IsReq = lists:keymember('REQ', 1, Bits),
+
+    %% For each command code, there can be at most one request and
+    %% one answer.
+    Dict2 = store_new({K, {Code, IsReq}},
+                      [Line, M],
+                      Dict1,
+                      [choose(IsReq, "Request", "Answer"), Code, Line],
+                      message_code_already_defined),
+
+    %% For each message, each flag can occur at most once.
+    Dict3 = foldl(fun({F,L},D) ->
+                          store_new({K, {MsgName, F}},
+                                    [L],
+                                    D,
+                                    [MsgName, ?L(F)],
+                                    message_has_duplicate_flag)
+                  end,
+                  Dict2,
+                  Bits),
+
+    dict:append({K, Code},
+                [Line, M, IsReq],
+                explode_avps(Avps, Dict3, K, MsgName)).
+
+%% explode_avps/4
+%%
+%% Ensure required AVP order and sane qualifiers. Can't check for AVP
+%% names until after they've been imported.
+%%
+%% RFC 3588 allows a trailing fixed while 3588bis doesn't. Parse the
+%% former.
+
+explode_avps(Avps, Dict, Key, Name) ->
+    xa("<{[<", Avps, Dict, Key, Name).
+
+xa(_, [], Dict, _, _) ->
+    Dict;
+
+xa(Ds, [[Qual, D, {'AVP', Line}] | Avps], Dict, Key, Name) ->
+    xa(Ds, [[Qual, D, {word, Line, "AVP"}] | Avps], Dict, Key, Name);
+
+xa([], [[_Qual, D, {_, Line, Name}] | _], _, _, _) ->
+    ?RETURN(invalid_avp_order, [D, Name, close(D), Line]);
+
+xa([D|_] = Ds, [[Qual, D, {_, Line, AvpName}] | Avps], Dict, Key, Name) ->
+    xa(Ds,
+       Avps,
+       store_new({Key, {Name, AvpName}},
+                 [Line, Qual, D],
+                 Dict,
+                 [Name, Line],
+                 avp_already_referenced),
+       Key,
+       Name);
+
+xa([_|Ds], Avps, Dict, Key, Name) ->
+    xa(Ds, Avps, Dict, Key, Name).
+
+close($<) -> $>;
+close(${) -> $};
+close($[) -> $].
+
+%% is_uint32/2
+
+is_uint32(false, _) ->
+    true;
+is_uint32({Line, _, N}, Args) ->
+    N < 1 bsl 32 orelse ?RETURN(uint32_out_of_range, Args ++ [N, Line]).
+%% Can't call diameter_types here since it may not exist yet.
+
+%% application_id_mismatch/3
+
+application_id_mismatch({number, Line, Id}, Dict, MsgName) ->
+    [[_, {_, L, I}]] = dict:fetch(id, Dict),
+
+    I /= Id andalso ?RETURN(message_application_id_mismatch,
+                            [MsgName, Id, Line, I, L]);
+
+application_id_mismatch(false = No, _, _) ->
+    No.
+
+%% avp_not_local/3
+
+avp_not_local(Name, Line, Dict) ->
+    A = find({avp_types, Name}, Dict),
+
+    [] == A orelse ?RETURN(inherited_avp_already_defined,
+                           [Name, Line, hd(A)]).
+
+%% avp_type_known/3
+
+avp_type_known(Type, Name, Line) ->
+    false /= type(Type)
+        orelse ?RETURN(avp_has_unknown_type, [Name, Line, Type]).
+
+%% vendor_id_mismatch/6
+%%
+%% Require a vendor id specified on a group to match any specified
+%% in @avp_vendor_id. Note that both locations for the value are
+%% equivalent, both in the value being attributed to a locally
+%% defined AVP and ignored when imported from another dictionary.
+
+vendor_id_mismatch({_,_,_}, false, Name, _, Line, DefLine) ->
+    ?RETURN(grouped_vendor_id_without_flag, [Name, Line, DefLine]);
+
+vendor_id_mismatch({_, _, I}, true, Name, Dict, Line, _) ->
+    case vendor_id(Name, Dict) of
+        {avp_vendor_id, L, N} ->
+            I /= N andalso
+                ?RETURN(grouped_vendor_id_mismatch, [Name, Line, I, N, L]);
+        _ ->
+            false
+    end;
+
+vendor_id_mismatch(_, _, _, _, _, _) ->
+    false.
+
+%% grouped_flags/4
+
+grouped_flags(Name, Code, Dict, Line) ->
+    case find({avp_types, Name}, Dict) of
+        [L, {_, _, Code}, {_, _, "Grouped"}, Flags] ->
+            {L, Flags};
+        [_, {_, L, C}, {_, _, "Grouped"}, _Flags] ->
+            ?RETURN(grouped_avp_code_mismatch, [Name, Line, Code, C, L]);
+        [_, _Code, {_, L, T}, _] ->
+            ?RETURN(grouped_avp_has_wrong_type, [Name, Line, T, L]);
+        [] ->
+            ?RETURN(grouped_avp_not_defined, [Name, Line])
+    end.
+
+%% vendor_id/2
+
+%% Look for a vendor id in @avp_vendor_id, then @vendor.
+vendor_id(Name, Dict) ->
+    case find({avp_vendor_id, Name}, Dict) of
+        [Line, Id] when is_integer(Id) ->
+            {avp_vendor_id, Line, Id};
+        [] ->
+            vendor(Dict)
+    end.
+
+vendor(Dict) ->
+    case find(vendor, Dict) of
+        [[_Line, {_, _, Id}, {_, _, _}]] ->
+            {vendor, Id};
+        [] ->
+            false
+    end.
+
+%% find/2
+
+find(Key, Dict) ->
+    case dict:find(Key, Dict) of
+        {ok, L} when is_list(L) ->
+            L;
+        error ->
+            []
+    end.
+
+%% store_new/5
+
+store_new(Key, Value, Dict, Args, Err) ->
+    case dict:find(Key, Dict) of
+        {ok, [L | _]} ->
+            ?RETURN(Err, Args ++ [L]);
+        error ->
+            dict:store(Key, Value, Dict)
+    end.
+
+%% type/1
+
+type("DiamIdent") ->
+    "DiameterIdentity";
+type("DiamURI") ->
+    "DiameterURI";
+type(T)
+  when T == "OctetString";
+       T == "Integer32";
+       T == "Integer64";
+       T == "Unsigned32";
+       T == "Unsigned64";
+       T == "Float32";
+       T == "Float64";
+       T == "Grouped";
+       T == "Enumerated";
+       T == "Address";
+       T == "Time";
+       T == "UTF8String";
+       T == "DiameterIdentity";
+       T == "DiameterURI";
+       T == "IPFilterRule";
+       T == "QoSFilterRule" ->
+    T;
+type(_) ->
+    false.
+
+%% ===========================================================================
+%% pass2/1
+%%
+%% More explosion, but that requires the previous pass to write its
+%% entries.
+
+pass2(Dict) ->
+    foldl(fun(K,D) -> foldl([fun p2/3, K], D, find(K,D)) end,
+          Dict,
+          [avp_types]).
+
+p2([_Line | Body], Dict, avp_types) ->
+    foldl(fun explode_avps/2, Dict, Body);
+
+p2([], Dict, _) ->
+    Dict.
+
+explode_avps([{_, Line, Name} | Toks], Dict) ->
+    [{number, _, Code}, {word, _, _Type}, {word, _, Flags}] = Toks,
+
+    true = avp_flags_valid(Flags, Name, Line),
+
+    Vid = avp_vendor_id(Flags, Name, Line, Dict),
+
+    %% An AVP is uniquely defined by its AVP code and vendor id (if any).
+    %% Ensure there are no duplicate.
+    store_new({avp_types, {Code, Vid}},
+              [Line, Name],
+              Dict,
+              [Code, Vid, Name, Line],
+              avp_code_already_defined).
+
+%% avp_flags_valid/3
+
+avp_flags_valid(Flags, Name, Line) ->
+    Bad = lists:filter(fun(C) -> not lists:member(C, "MVP") end, Flags),
+    [] == Bad
+        orelse ?RETURN(avp_has_invalid_flag, [Name, Line, hd(Bad)]),
+
+    Dup = Flags -- "MVP",
+    [] == Dup
+        orelse ?RETURN(avp_has_duplicate_flag, [Name, Line, hd(Dup)]).
+
+%% avp_vendor_id/4
+
+avp_vendor_id(Flags, Name, Line, Dict) ->
+    V = lists:member($V, Flags),
+
+    case vendor_id(Name, Dict) of
+        {avp_vendor_id, _, I} when V ->
+            I;
+        {avp_vendor_id, L, I} ->
+            ?RETURN(avp_has_vendor_id, [Name, Line, I, L]);
+        {vendor, I} when V ->
+            I;
+        false when V ->
+            ?RETURN(avp_has_no_vendor, [Name, Line]);
+        _ ->
+            false
+    end.
+
+%% ===========================================================================
+%% pass3/2
+%%
+%% Import AVPs.
+
+pass3(Dict, Opts) ->
+    import_enums(import_groups(import_avps(insert_codes(Dict), Opts))).
+
+%% insert_codes/1
+%%
+%% command_codes -> [{Code, ReqNameTok, AnsNameTok}]
+
+insert_codes(Dict) ->
+    dict:store(command_codes,
+               dict:fold(fun make_code/3, [], Dict),
+               Dict).
+
+make_code({messages, Code}, Names, Acc)
+  when is_integer(Code) ->
+    [mk_code(Code, Names) | Acc];
+make_code(_, _, Acc) ->
+    Acc.
+
+mk_code(Code, [[_, _, false] = Ans, [_, _, true] = Req]) ->
+    mk_code(Code, [Req, Ans]);
+
+mk_code(Code, [[_, {_,_,Req}, true], [_, {_,_,Ans}, false]]) ->
+    {Code, Req, Ans};
+
+mk_code(_Code, [[Line, _Name, IsReq]]) ->
+    ?RETURN(message_missing, [choose(IsReq, "Request", "Answer"),
+                              Line,
+                              choose(IsReq, "answer", "request")]).
+
+%% import_avps/2
+
+import_avps(Dict, Opts) ->
+    Import = inherit(Dict, Opts),
+    report(imported, Import),
+
+    %% pass4/1 tests that all referenced AVP's are either defined
+    %% or imported.
+
+    dict:store(import_avps,
+               lists:map(fun({M, _, As}) -> {M, [A || {_,A} <- As]} end,
+                         lists:reverse(Import)),
+               foldl(fun explode_imports/2, Dict, Import)).
+
+explode_imports({Mod, Line, Avps}, Dict) ->
+    foldl([fun xi/4, Mod, Line], Dict, Avps).
+
+xi({L, {Name, _Code, _Type, _Flags} = A}, Dict, Mod, Line) ->
+    store_new({avp_types, Name},
+              [0, Mod, Line, L, A],
+              store_new({import, Name},
+                        [Line],
+                        Dict,
+                        [Name, Line],
+                        duplicate_import),
+              [Name, Mod, Line],
+              imported_avp_already_defined).
+
+%% import_groups/1
+%% import_enums/1
+%%
+%% For each inherited module, store the content of imported AVP's of
+%% type grouped/enumerated in a new key.
+
+import_groups(Dict) ->
+    dict:store(import_groups, import(grouped, Dict), Dict).
+
+import_enums(Dict) ->
+    dict:store(import_enums, import(enum, Dict), Dict).
+
+import(Key, Dict) ->
+    flatmap([fun import_key/2, Key], dict:fetch(import_avps, Dict)).
+
+import_key({Mod, Avps}, Key) ->
+    As = lists:flatmap(fun(T) ->
+                               N = element(1,T),
+                               choose(lists:keymember(N, 1, Avps), [T], [])
+                       end,
+                       orddict:fetch(Key, dict(Mod))),
+    if As == [] ->
+            [];
+       true ->
+            [{Mod, As}]
+    end.
+
+%% ------------------------------------------------------------------------
+%% inherit/2
+%%
+%% Return a {Mod, Line, [{Lineno, Avp}]} list, where Mod is a module
+%% name, Line points to the corresponding @inherit and each Avp is
+%% from Mod:dict(). Lineno is 0 if the import is implicit.
+
+inherit(Dict, Opts) ->
+    code:add_pathsa([D || {include, D} <- Opts]),
+    foldl(fun inherit_avps/2, [], find(inherits, Dict)).
+%% Note that the module order of the returned lists is reversed
+%% relative to @inherits.
+
+inherit_avps([Line, {_,_,M} | Names], Acc) ->
+    Mod = ?A(M),
+    report(inherit_from, Mod),
+    case find_avps(Names, avps_from_module(Mod)) of
+        {_, [{_, L, N} | _]} ->
+            ?RETURN(requested_avp_not_found, [Mod, Line, N, L]);
+        {Found, []} ->
+            [{Mod, Line, lists:sort(Found)} | Acc]
+    end.
+
+%% Import everything not defined locally ...
+find_avps([], Avps) ->
+    {[{0, A} || A <- Avps], []};
+
+%% ... or specified AVPs.
+find_avps(Names, Avps) ->
+    foldl(fun acc_avp/2, {[], Names}, Avps).
+
+acc_avp({Name, _Code, _Type, _Flags} = A, {Found, Not} = Acc) ->
+    case lists:keyfind(Name, 3, Not) of
+        {_, Line, Name} ->
+            {[{Line, A} | Found], lists:keydelete(Name, 3, Not)};
+        false ->
+            Acc
+    end.
+
+%% avps_from_module/2
+
+avps_from_module(Mod) ->
+    orddict:fetch(avp_types, dict(Mod)).
+
+dict(Mod) ->
+    try Mod:dict() of
+        [?VERSION | Dict] ->
+            Dict;
+        _ ->
+            ?RETURN(recompile, [Mod])
+    catch
+        error: _ ->
+            ?RETURN(choose(false == code:is_loaded(Mod),
+                           not_loaded,
+                           no_dict),
+                    [Mod])
+    end.
+
+%% ===========================================================================
+%% pass4/1
+%%
+%% Sanity checks.
+
+pass4(Dict) ->
+    dict:fold(fun(K, V, _) -> p4(K, V, Dict) end, ok, Dict),
+    Dict.
+
+%% Ensure enum AVP's have type Enumerated.
+p4({enum, Name}, [Line | _], Dict)
+  when is_list(Name) ->
+    true = is_enumerated_avp(Name, Dict, Line);
+
+%% Ensure all referenced AVP's are either defined locally or imported.
+p4({K, {Name, AvpName}}, [Line | _], Dict)
+  when (K == grouped orelse K == messages),
+       is_list(Name),
+       is_list(AvpName),
+       AvpName /= "AVP" ->
+    true = avp_is_defined(AvpName, Dict, Line);
+
+%% Ditto.
+p4({K, AvpName}, [Line | _], Dict)
+  when K == avp_vendor_id;
+       K == custom_types;
+       K == codecs ->
+    true = avp_is_defined(AvpName, Dict, Line);
+
+p4(_, _, _) ->
+    ok.
+
+%% has_enumerated_type/3
+
+is_enumerated_avp(Name, Dict, Line) ->
+    case find({avp_types, Name}, Dict) of
+        [_Line, _Code, {_, _, "Enumerated"}, _Flags] ->   %% local
+            true;
+        [_Line, _Code, {_, L, T}, _] ->
+            ?RETURN(enumerated_avp_has_wrong_local_type,
+                    [Name, Line, T, L]);
+        [0, _, _, _, {_Name, _Code, "Enumerated", _Flags}] ->   %% inherited
+            true;
+        [0, Mod, LM, LA, {_Name, _Code, Type, _Flags}] ->
+            ?RETURN(enumerated_avp_has_wrong_inherited_type,
+                    [Name, Line, Type, Mod, choose(0 == LA, LM, LA)]);
+        [] ->
+            ?RETURN(enumerated_avp_not_defined, [Name, Line])
+    end.
+
+avp_is_defined(Name, Dict, Line) ->
+    case find({avp_types, Name}, Dict) of
+        [_Line, _Code, _Type, _Flags] ->   %% local
+            true;
+        [0, _, _, _, {Name, _Code, _Type, _Flags}] ->  %% inherited
+            true;
+        [] ->
+            ?RETURN(avp_not_defined, [Name, Line])
+    end.
+
+%% ===========================================================================
+
+putr(Key, Value) ->
+    put({?MODULE, Key}, Value).
+
+getr(Key) ->
+    get({?MODULE, Key}).
+
+eraser(Key) ->
+    erase({?MODULE, Key}).
+
+choose(true, X, _)  -> X;
+choose(false, _, X) -> X.
+
+foldl(F, Acc, List) ->
+    lists:foldl(fun(T,A) -> eval([F,T,A]) end, Acc, List).
+
+flatmap(F, List) ->
+    lists:flatmap(fun(T) -> eval([F,T]) end, List).
+
+eval([[F|X] | A]) ->
+    eval([F | A ++ X]);
+eval([F|A]) ->
+    apply(F,A).
diff --git a/lib/diameter/src/compiler/diameter_exprecs.erl b/lib/diameter/src/compiler/diameter_exprecs.erl
index 5e120d6f44..191f53f29d 100644
--- a/lib/diameter/src/compiler/diameter_exprecs.erl
+++ b/lib/diameter/src/compiler/diameter_exprecs.erl
@@ -96,41 +96,15 @@
 
 -export([parse_transform/2]).
 
-%% Form tag with line number.
--define(F(T), T, ?LINE).
-%% Yes, that's right. The replacement is to the first unmatched ')'.
-
--define(attribute,    ?F(attribute)).
--define(clause,       ?F(clause)).
--define(function,     ?F(function)).
--define(call,         ?F(call)).
--define('fun',        ?F('fun')).
--define(generate,     ?F(generate)).
--define(lc,           ?F(lc)).
--define(match,        ?F(match)).
--define(remote,       ?F(remote)).
--define(record,       ?F(record)).
--define(record_field, ?F(record_field)).
--define(record_index, ?F(record_index)).
--define(tuple,        ?F(tuple)).
-
--define(ATOM(T),      {atom, ?LINE, T}).
--define(VAR(V),       {var, ?LINE, V}).
-
--define(CALL(F,A),    {?call, ?ATOM(F), A}).
--define(APPLY(M,F,A), {?call, {?remote, ?ATOM(M), ?ATOM(F)}, A}).
+-include("diameter_forms.hrl").
 
 %% parse_transform/2
 
 parse_transform(Forms, _Options) ->
     Rs = [R || {attribute, _, record, R} <- Forms],
-    case lists:append([E || {attribute, _, export_records, E} <- Forms]) of
-        [] ->
-            Forms;
-        Es ->
-            {H,T} = lists:splitwith(fun is_head/1, Forms),
-            H ++ [a_export(Es) | f_accessors(Es, Rs)] ++ T
-    end.
+    Es = lists:append([E || {attribute, _, export_records, E} <- Forms]),
+    {H,T} = lists:splitwith(fun is_head/1, Forms),
+    H ++ [a_export(Es) | f_accessors(Es, Rs)] ++ T.
 
 is_head(T) ->
     not lists:member(element(1,T), [function, eof]).
@@ -200,7 +174,7 @@ fname(Op, Rname) ->
 
 '#info-/2'(Exports) ->
     {?function, fname(info), 2,
-     lists:map(fun 'info-'/1, Exports)}.
+     lists:map(fun 'info-'/1, Exports) ++ [?BADARG(2)]}.
 
 'info-'(R) ->
     {?clause, [?ATOM(R), ?VAR('Info')],
@@ -209,7 +183,7 @@ fname(Op, Rname) ->
 
 '#new-/1'(Exports) ->
     {?function, fname(new), 1,
-     lists:map(fun 'new-'/1, Exports)}.
+     lists:map(fun 'new-'/1, Exports) ++ [?BADARG(1)]}.
 
 'new-'(R) ->
     {?clause, [?ATOM(R)],
@@ -218,7 +192,7 @@ fname(Op, Rname) ->
 
 '#new-/2'(Exports) ->
     {?function, fname(new), 2,
-     lists:map(fun 'new--'/1, Exports)}.
+     lists:map(fun 'new--'/1, Exports) ++ [?BADARG(2)]}.
 
 'new--'(R) ->
     {?clause, [?ATOM(R), ?VAR('Vals')],
@@ -227,7 +201,7 @@ fname(Op, Rname) ->
 
 '#get-/2'(Exports) ->
     {?function, fname(get), 2,
-     lists:map(fun 'get-'/1, Exports)}.
+     lists:map(fun 'get-'/1, Exports) ++ [?BADARG(2)]}.
 
 'get-'(R) ->
     {?clause, [?VAR('Attrs'),
@@ -237,7 +211,7 @@ fname(Op, Rname) ->
 
 '#set-/2'(Exports) ->
     {?function, fname(set), 2,
-     lists:map(fun 'set-'/1, Exports)}.
+     lists:map(fun 'set-'/1, Exports) ++ [?BADARG(2)]}.
 
 'set-'(R) ->
     {?clause, [?VAR('Vals'), {?match, {?record, R, []}, ?VAR('Rec')}],
diff --git a/lib/diameter/src/compiler/diameter_forms.hrl b/lib/diameter/src/compiler/diameter_forms.hrl
index d93131df34..4cd86c32aa 100644
--- a/lib/diameter/src/compiler/diameter_forms.hrl
+++ b/lib/diameter/src/compiler/diameter_forms.hrl
@@ -21,6 +21,13 @@
 %% Macros used when building abstract code.
 %%
 
+%% Generated functions that could have no generated clauses will have
+%% a trailing ?BADARG clause that should never execute as called
+%% by diameter.
+-define(BADARG(N), {?clause, [?VAR('_') || _ <- lists:seq(1,N)],
+                    [],
+                    [?APPLY(erlang, error, [?ATOM(badarg)])]}).
+
 %% Form tag with line number.
 -define(F(T), T, ?LINE).
 %% Yes, that's right. The replacement is to the first unmatched ')'.
diff --git a/lib/diameter/src/compiler/diameter_make.erl b/lib/diameter/src/compiler/diameter_make.erl
index 5380ee56ca..16e30c1ffb 100644
--- a/lib/diameter/src/compiler/diameter_make.erl
+++ b/lib/diameter/src/compiler/diameter_make.erl
@@ -20,59 +20,113 @@
 %%
 %% Module alternative to diameterc for dictionary compilation.
 %%
-%% Eg. 1> diameter_make:dict("mydict.dia").
+%% Eg. 1> diameter_make:codec("mydict.dia").
 %%
-%%     $ erl -noshell \
+%%     $ erl -noinput \
 %%           -boot start_clean \
-%%           -s diameter_make dict mydict.dia \
+%%           -eval 'ok = diameter_make:codec("mydict.dia")' \
 %%           -s init stop
 %%
 
 -module(diameter_make).
 
--export([dict/1,
+-export([codec/1,
+         codec/2,
+         dict/1,
          dict/2,
-         spec/1,
-         spec/2]).
+         format/1,
+         reformat/1]).
 
--type opt() :: {outdir|include|name|prefix|inherits, string()}
+-export_type([opt/0]).
+
+-type opt() :: {include|outdir|name|prefix|inherits, string()}
              | verbose
              | debug.
 
-%% dict/1-2
+%% ===========================================================================
+
+%% codec/1-2
+%%
+%% Parse a dictionary file and generate a codec module.
+
+-spec codec(Path, [opt()])
+   -> ok
+    | {error, Reason}
+ when Path :: string(),
+      Reason :: string().
+
+codec(File, Opts) ->
+    case dict(File, Opts) of
+        {ok, Dict} ->
+            make(File,
+                 Opts,
+                 Dict,
+                 [spec || _ <- [1], lists:member(debug, Opts)] ++ [erl, hrl]);
+        {error, _} = E ->
+            E
+    end.
+
+codec(File) ->
+    codec(File, []).
+
+%% dict/2
+%%
+%% Parse a dictionary file and return the orddict that a codec module
+%% returns from dict/0.
 
 -spec dict(string(), [opt()])
-   -> ok.
+   -> {ok, orddict:orddict()}
+    | {error, string()}.
 
-dict(File, Opts) ->
-    make(File,
-         Opts,
-         spec(File, Opts),
-         [spec || _ <- [1], lists:member(debug, Opts)] ++ [erl, hrl]).
+dict(Path, Opts) ->
+    case diameter_dict_util:parse({path, Path}, Opts) of
+        {ok, _} = Ok ->
+            Ok;
+        {error = E, Reason} ->
+            {E, diameter_dict_util:format_error(Reason)}
+    end.
 
 dict(File) ->
     dict(File, []).
 
-%% spec/2
+%% format/1
+%%
+%% Turn an orddict returned by dict/1-2 back into a dictionary file
+%% in the form of an iolist().
+
+-spec format(orddict:orddict())
+   -> iolist().
+
+format(Dict) ->
+    diameter_dict_util:format(Dict).
 
--spec spec(string(), [opt()])
-   -> orddict:orddict().
+%% reformat/1
+%%
+%% Parse a dictionary file and return its formatted equivalent.
 
-spec(File, Opts) ->
-    diameter_spec_util:parse(File, Opts).
+-spec reformat(File)
+   -> {ok, iolist()}
+    | {error, Reason}
+ when File :: string(),
+      Reason :: string().
 
-spec(File) ->
-    spec(File, []).
+reformat(File) ->
+    case dict(File) of
+        {ok, Dict} ->
+            {ok, format(Dict)};
+        {error, _} = No ->
+            No
+    end.
 
 %% ===========================================================================
 
 make(_, _, _, []) ->
     ok;
-make(File, Opts, Spec, [Mode | Rest]) ->
-    try diameter_codegen:from_spec(File, Spec, Opts, Mode) of
-        ok ->
-            make(File, Opts, Spec, Rest)
+make(File, Opts, Dict, [Mode | Rest]) ->
+    try
+        ok = diameter_codegen:from_dict(File, Dict, Opts, Mode),
+        make(File, Opts, Dict, Rest)
     catch
         error: Reason ->
-            {error, {Reason, Mode, erlang:get_stacktrace()}}
+            erlang:error({Reason, Mode, erlang:get_stacktrace()})
     end.
diff --git a/lib/diameter/src/compiler/diameter_nowarn.erl b/lib/diameter/src/compiler/diameter_nowarn.erl
new file mode 100644
index 0000000000..6c17af6563
--- /dev/null
+++ b/lib/diameter/src/compiler/diameter_nowarn.erl
@@ -0,0 +1,41 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% A parse transform to work around dialyzer currently not
+%% understanding nowarn_unused_function except on individual
+%% functions. The include of diameter_gen.hrl by generated dictionary
+%% modules contains code that may not be called depending on the
+%% dictionary. (The relay dictionary for example.)
+%%
+%% Even called functions may contain cases that aren't used for a
+%% particular dictionary. This also causes dialyzer to complain but
+%% there's no way to silence it in this case.
+%%
+
+-module(diameter_nowarn).
+
+-export([parse_transform/2]).
+
+parse_transform(Forms, _Options) ->
+    [{attribute, ?LINE, compile, {nowarn_unused_function, {F,A}}}
+     || {function, _, F, A, _} <- Forms]
+    ++ Forms.
+%% Note that dialyzer also doesn't understand {nowarn_unused_function, FAs}
+%% with FAs a list of tuples.
diff --git a/lib/diameter/src/compiler/diameter_spec_scan.erl b/lib/diameter/src/compiler/diameter_spec_scan.erl
deleted file mode 100644
index bc0448882a..0000000000
--- a/lib/diameter/src/compiler/diameter_spec_scan.erl
+++ /dev/null
@@ -1,157 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
--module(diameter_spec_scan).
-
-%%
-%% Functions used by the spec file parser in diameter_spec_util.
-%%
-
--export([split/1,
-         split/2,
-         parse/1]).
-
-%%% -----------------------------------------------------------
-%%% # parse/1
-%%%
-%%% Output: list of Token
-%%%
-%%%         Token = '{' | '}' | '<' | '>' | '[' | ']'
-%%%               | '*' | '::=' | ':' | ',' | '-'
-%%%               | {name, string()}
-%%%               | {tag, atom()}
-%%%               | {number, integer() >= 0}
-%%%
-%%% Tokenize a string. Fails if the string does not parse.
-%%% -----------------------------------------------------------
-
-parse(S) ->
-    parse(S, []).
-
-%% parse/2
-
-parse(S, Acc) ->
-    acc(split(S), Acc).
-
-acc({T, Rest}, Acc) ->
-    parse(Rest, [T | Acc]);
-acc("", Acc) ->
-    lists:reverse(Acc).
-
-%%% -----------------------------------------------------------
-%%% # split/2
-%%%
-%%% Output: {list() of Token, Rest}
-%%%
-%%% Extract a specified number of tokens from a string. Returns a list
-%%% of length less than the specified number if there are less than
-%%% this number of tokens to be parsed.
-%%% -----------------------------------------------------------
-
-split(Str, N)
-  when N >= 0 ->
-    split(N, Str, []).
-
-split(0, Str, Acc) ->
-    {lists:reverse(Acc), Str};
-
-split(N, Str, Acc) ->
-    case split(Str) of
-        {T, Rest} ->
-            split(N-1, Rest, [T|Acc]);
-        "" = Rest ->
-            {lists:reverse(Acc), Rest}
-    end.
-
-%%% -----------------------------------------------------------
-%%% # split/1
-%%%
-%%% Output: {Token, Rest} | ""
-%%%
-%%% Extract the next token from a string.
-%%% -----------------------------------------------------------
-
-split("" = Rest) ->
-    Rest;
-
-split("::=" ++ T) ->
-    {'::=', T};
-
-split([H|T])
-  when H == ${; H == $};
-       H == $<; H == $>;
-       H == $[; H == $];
-       H == $*; H == $:; H == $,; H == $- ->
-    {list_to_atom([H]), T};
-
-split([H|T]) when $A =< H, H =< $Z;
-                  $0 =< H, H =< $9 ->
-    {P, Rest} = splitwith(fun is_name_ch/1, [H], T),
-    Tok = try
-              {number, read_int(P)}
-          catch
-              error:_ ->
-                  {name, P}
-          end,
-    {Tok, Rest};
-
-split([H|T]) when $a =< H, H =< $z ->
-    {P, Rest} = splitwith(fun is_name_ch/1, [H], T),
-    {{tag, list_to_atom(P)}, Rest};
-
-split([H|T]) when H == $\t;
-                  H == $\s;
-                  H == $\n ->
-    split(T).
-
-%% read_int/1
-
-read_int([$0,X|S])
-  when X == $X;
-       X == $x ->
-    {ok, [N], []} = io_lib:fread("~16u", S),
-    N;
-
-read_int(S) ->
-    list_to_integer(S).
-
-%% splitwith/3
-
-splitwith(Fun, Acc, S) ->
-    split([] /= S andalso Fun(hd(S)), Fun, Acc, S).
-
-split(true, Fun, Acc, [H|T]) ->
-    splitwith(Fun, [H|Acc], T);
-split(false, _, Acc, S) ->
-    {lists:reverse(Acc), S}.
-
-is_name_ch(C) ->
-    is_alphanum(C) orelse C == $- orelse C == $_.
-
-is_alphanum(C) ->
-    is_lower(C) orelse is_upper(C) orelse is_digit(C).
-
-is_lower(C) ->
-    $a =< C andalso C =< $z.
-
-is_upper(C) ->
-    $A =< C andalso C =< $Z.
-
-is_digit(C) ->
-    $0 =< C andalso C =< $9.
diff --git a/lib/diameter/src/compiler/diameter_spec_util.erl b/lib/diameter/src/compiler/diameter_spec_util.erl
deleted file mode 100644
index 62536bf06d..0000000000
--- a/lib/diameter/src/compiler/diameter_spec_util.erl
+++ /dev/null
@@ -1,1089 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-%% This module turns a .dia (aka spec) file into the orddict that
-%% diameter_codegen.erl in turn morphs into .erl and .hrl files for
-%% encode and decode of Diameter messages and AVPs.
-%%
-
--module(diameter_spec_util).
-
--export([parse/2]).
-
--define(ERROR(T), erlang:error({T, ?MODULE, ?LINE})).
--define(ATOM, list_to_atom).
-
-%% parse/1
-%%
-%% Output: orddict()
-
-parse(Path, Opts) ->
-    put({?MODULE, verbose}, lists:member(verbose, Opts)),
-    {ok, B} = file:read_file(Path),
-    Chunks = chunk(B),
-    Spec = reset(make_spec(Chunks), Opts, [name, prefix, inherits]),
-    true = groups_defined(Spec),  %% sanity checks
-    true = customs_defined(Spec), %%
-    Full = import_enums(import_groups(import_avps(insert_codes(Spec), Opts))),
-    true = enums_defined(Full),   %% sanity checks
-    true = v_flags_set(Spec),
-    Full.
-
-reset(Spec, Opts, Keys) ->
-    lists:foldl(fun(K,S) ->
-                        reset([{A,?ATOM(V)} || {A,V} <- Opts, A == K], S)
-                end,
-                Spec,
-                Keys).
-
-reset(L, Spec)
-  when is_list(L) ->
-    lists:foldl(fun reset/2, Spec, L);
-
-reset({inherits = Key, '-'}, Spec) ->
-    orddict:erase(Key, Spec);
-reset({inherits = Key, Dict}, Spec) ->
-    orddict:append(Key, Dict, Spec);
-reset({Key, Atom}, Spec) ->
-    orddict:store(Key, Atom, Spec);
-reset(_, Spec) ->
-    Spec.
-    
-%% Optional reports when running verbosely.
-report(What, Data) ->
-    report(get({?MODULE, verbose}), What, Data).
-
-report(true, Tag, Data) ->
-    io:format("##~n## ~p ~p~n", [Tag, Data]);
-report(false, _, _) ->
-    ok.
-
-%% chunk/1
-
-chunk(B) ->
-    chunkify(normalize(binary_to_list(B))).
-
-%% normalize/1
-%%
-%% Replace CR NL by NL, multiple NL by one, tab by space, and strip
-%% comments and leading/trailing space from each line. Precludes
-%% semicolons being used for any other purpose than comments.
-
-normalize(Str) ->
-    nh(Str, []).
-
-nh([], Acc) ->
-    lists:reverse(Acc);
-
-%% Trim leading whitespace.
-nh(Str, Acc) ->
-    nb(trim(Str), Acc).
-
-%% tab -> space
-nb([$\t|Rest], Acc) ->
-    nb(Rest, [$\s|Acc]);
-
-%% CR NL -> NL
-nb([$\r,$\n|Rest], Acc) ->
-    nt(Rest, Acc);
-
-%% Gobble multiple newlines before starting over again.
-nb([$\n|Rest], Acc) ->
-    nt(Rest, Acc);
-
-%% Comment.
-nb([$;|Rest], Acc) ->
-    nb(lists:dropwhile(fun(C) -> C /= $\n end, Rest), Acc);
-
-%% Just an ordinary character. Boring ...
-nb([C|Rest], Acc) ->
-    nb(Rest, [C|Acc]);
-
-nb([] = Str, Acc) ->
-    nt(Str, Acc).
-
-%% Discard a subsequent newline.
-nt(T, [$\n|_] = Acc) ->
-    nh(T, trim(Acc));
-
-%% Trim whitespace from the end of the line before continuing.
-nt(T, Acc) ->
-    nh(T, [$\n|trim(Acc)]).
-
-trim(S) ->
-    lists:dropwhile(fun(C) -> lists:member(C, "\s\t") end, S).
-
-%% chunkify/1
-%%
-%% Split the spec file into pieces delimited by lines starting with
-%% @Tag. Returns a list of {Tag, Args, Chunk} where Chunk is the
-%% string extending to the next delimiter. Note that leading
-%% whitespace has already been stripped.
-
-chunkify(Str) ->
-    %% Drop characters to the start of the first chunk.
-    {_, Rest} = split_chunk([$\n|Str]),
-    chunkify(Rest, []).
-
-chunkify([], Acc) ->
-    lists:reverse(Acc);
-
-chunkify(Rest, Acc) ->
-    {H,T} = split_chunk(Rest),
-    chunkify(T, [split_tag(H) | Acc]).
-
-split_chunk(Str) ->
-    split_chunk(Str, []).
-
-split_chunk([] = Rest, Acc) ->
-    {lists:reverse(Acc), Rest};
-split_chunk([$@|Rest], [$\n|_] = Acc) ->
-    {lists:reverse(Acc), Rest};
-split_chunk([C|Rest], Acc) ->
-    split_chunk(Rest, [C|Acc]).
-
-%% Expect a tag and its arguments on a single line.
-split_tag(Str) ->
-    {L, Rest} = get_until($\n, Str),
-    [{tag, Tag} | Toks] = diameter_spec_scan:parse(L),
-    {Tag, Toks, trim(Rest)}.
-
-get_until(EndT, L) ->
-    {H, [EndT | T]} = lists:splitwith(fun(C) -> C =/= EndT end, L),
-    {H,T}.
-
-%% ------------------------------------------------------------------------
-%% make_spec/1
-%%
-%% Turn chunks into spec.
-
-make_spec(Chunks) ->
-    lists:foldl(fun(T,A) -> report(chunk, T), chunk(T,A) end,
-                orddict:new(),
-                Chunks).
-
-chunk({T, [X], []}, Dict)
-  when T == name;
-       T == prefix ->
-    store(T, atomize(X), Dict);
-
-chunk({id = T, [{number, I}], []}, Dict) ->
-    store(T, I, Dict);
-
-chunk({vendor = T, [{number, I}, N], []}, Dict) ->
-    store(T, {I, atomize(N)}, Dict);
-
-%% inherits -> [{Mod, [AvpName, ...]}, ...]
-chunk({inherits = T, [_,_|_] = Args, []}, Acc) ->
-    Mods = [atomize(A) || A <- Args],
-    append_list(T, [{M,[]} || M <- Mods], Acc);
-chunk({inherits = T, [Mod], Body}, Acc) ->
-    append(T, {atomize(Mod), parse_avp_names(Body)}, Acc);
-
-%% avp_types -> [{AvpName, Code, Type, Flags, Encr}, ...]
-chunk({avp_types = T, [], Body}, Acc) ->
-    store(T, parse_avp_types(Body), Acc);
-
-%% custom_types -> [{Mod, [AvpName, ...]}, ...]
-chunk({custom_types = T, [Mod], Body}, Dict) ->
-    [_|_] = Avps = parse_avp_names(Body),
-    append(T, {atomize(Mod), Avps}, Dict);
-
-%% messages -> [{MsgName, Code, Type, Appl, Avps}, ...]
-chunk({messages = T, [], Body}, Acc) ->
-    store(T, parse_messages(Body), Acc);
-
-%% grouped -> [{AvpName, Code, Vendor, Avps}, ...]
-chunk({grouped = T, [], Body}, Acc) ->
-    store(T, parse_groups(Body), Acc);
-
-%% avp_vendor_id -> [{Id, [AvpName, ...]}, ...]
-chunk({avp_vendor_id = T, [{number, I}], Body}, Dict) ->
-    [_|_] = Names = parse_avp_names(Body),
-    append(T, {I, Names}, Dict);
-
-%% enums -> [{AvpName, [{Value, Name}, ...]}, ...]
-chunk({enum, [N], Str}, Dict) ->
-    append(enums, {atomize(N), parse_enums(Str)}, Dict);
-
-%% defines -> [{DefineName, [{Value, Name}, ...]}, ...]
-chunk({define, [N], Str}, Dict) ->
-    append(defines, {atomize(N), parse_enums(Str)}, Dict);
-chunk({result_code, [_] = N, Str}, Dict) ->  %% backwards compatibility
-    chunk({define, N, Str}, Dict);
-
-%% commands -> [{Name, Abbrev}, ...]
-chunk({commands = T, [], Body}, Dict) ->
-    store(T, parse_commands(Body), Dict);
-
-chunk(T, _) ->
-    ?ERROR({unknown_tag, T}).
-
-store(Key, Value, Dict) ->
-    error == orddict:find(Key, Dict) orelse ?ERROR({duplicate, Key}),
-    orddict:store(Key, Value, Dict).
-append(Key, Value, Dict) ->
-    orddict:append(Key, Value, Dict).
-append_list(Key, Values, Dict) ->
-    orddict:append_list(Key, Values, Dict).
-
-atomize({tag, T}) ->
-    T;
-atomize({name, T}) ->
-    ?ATOM(T).
-
-get_value(Keys, Spec)
-  when is_list(Keys) ->
-    [get_value(K, Spec) || K <- Keys];
-get_value(Key, Spec) ->
-    proplists:get_value(Key, Spec, []).
-
-%% ------------------------------------------------------------------------
-%% enums_defined/1
-%% groups_defined/1
-%% customs_defined/1
-%%
-%% Ensure that every local enum/grouped/custom is defined as an avp
-%% with an appropriate type.
-
-enums_defined(Spec) ->
-    Avps = get_value(avp_types, Spec),
-    Import = get_value(import_enums, Spec),
-    lists:all(fun({N,_}) ->
-                      true = enum_defined(N, Avps, Import)
-              end,
-              get_value(enums, Spec)).
-
-enum_defined(Name, Avps, Import) ->
-    case lists:keyfind(Name, 1, Avps) of
-        {Name, _, 'Enumerated', _, _} ->
-            true;
-        {Name, _, T, _, _} ->
-            ?ERROR({avp_has_wrong_type, Name, 'Enumerated', T});
-        false ->
-            lists:any(fun({_,Is}) -> lists:keymember(Name, 1, Is) end, Import)
-                orelse ?ERROR({avp_not_defined, Name, 'Enumerated'})
-    end.
-%% Note that an AVP is imported only if referenced by a message or
-%% grouped AVP, so the final branch will fail if an enum definition is
-%% extended without this being the case.
-
-groups_defined(Spec) ->
-    Avps = get_value(avp_types, Spec),
-    lists:all(fun({N,_,_,_}) -> true = group_defined(N, Avps) end,
-              get_value(grouped, Spec)).
-
-group_defined(Name, Avps) ->
-    case lists:keyfind(Name, 1, Avps) of
-        {Name, _, 'Grouped', _, _} ->
-            true;
-        {Name, _, T, _, _} ->
-            ?ERROR({avp_has_wrong_type, Name, 'Grouped', T});
-        false ->
-            ?ERROR({avp_not_defined, Name, 'Grouped'})
-    end.
-
-customs_defined(Spec) ->
-    Avps = get_value(avp_types, Spec),
-    lists:all(fun(A) -> true = custom_defined(A, Avps) end,
-              lists:flatmap(fun last/1, get_value(custom_types, Spec))).
-
-custom_defined(Name, Avps) ->
-    case lists:keyfind(Name, 1, Avps) of
-        {Name, _, T, _, _} when T == 'Grouped';
-                                T == 'Enumerated' ->
-            ?ERROR({avp_has_invalid_custom_type, Name, T});
-        {Name, _, _, _, _} ->
-            true;
-        false ->
-            ?ERROR({avp_not_defined, Name})
-    end.
-
-last({_,Xs}) -> Xs.
-
-%% ------------------------------------------------------------------------
-%% v_flags_set/1
-
-v_flags_set(Spec) ->
-    Avps = get_value(avp_types, Spec)
-        ++ lists:flatmap(fun last/1, get_value(import_avps, Spec)),
-    Vs = lists:flatmap(fun last/1, get_value(avp_vendor_id, Spec)),
-
-    lists:all(fun(N) -> vset(N, Avps) end, Vs).
-
-vset(Name, Avps) ->
-    A = lists:keyfind(Name, 1, Avps),
-    false == A andalso ?ERROR({avp_not_defined, Name}),
-    {Name, _Code, _Type, Flags, _Encr} = A,
-    lists:member('V', Flags) orelse ?ERROR({v_flag_not_set, A}).
-
-%% ------------------------------------------------------------------------
-%% insert_codes/1
-
-insert_codes(Spec) ->
-    [Msgs, Cmds] = get_value([messages, commands], Spec),
-
-    %% Code -> [{Name, Flags}, ...]
-    Dict = lists:foldl(fun({N,C,Fs,_,_}, D) -> dict:append(C,{N,Fs},D) end,
-                       dict:new(),
-                       Msgs),
-
-    %% list() of {Code, {ReqName, ReqAbbr}, {AnsName, AnsAbbr}}
-    %% If the name and abbreviation are the same then the 2-tuples
-    %% are replaced by the common atom()-valued name.
-    Codes = dict:fold(fun(C,Ns,A) -> [make_code(C, Ns, Cmds) | A] end,
-                      [],
-                      dict:erase(-1, Dict)),  %% answer-message
-
-    orddict:store(command_codes, Codes, Spec).
-
-make_code(Code, [_,_] = Ns, Cmds) ->
-    {Req, Ans} = make_names(Ns, lists:map(fun({_,Fs}) ->
-                                                  lists:member('REQ', Fs)
-                                          end,
-                                          Ns)),
-    {Code, abbrev(Req, Cmds), abbrev(Ans, Cmds)};
-
-make_code(Code, Cs, _) ->
-    ?ERROR({missing_request_or_answer, Code, Cs}).
-
-%% 3.3.  Diameter Command Naming Conventions
-%%
-%%    Diameter command names typically includes one or more English words
-%%    followed by the verb Request or Answer.  Each English word is
-%%    delimited by a hyphen.  A three-letter acronym for both the request
-%%    and answer is also normally provided.
-
-make_names([{Rname,_},{Aname,_}], [true, false]) ->
-    {Rname, Aname};
-make_names([{Aname,_},{Rname,_}], [false, true]) ->
-    {Rname, Aname};
-make_names([_,_] = Names, _) ->
-    ?ERROR({inconsistent_command_flags, Names}).
-
-abbrev(Name, Cmds) ->
-    case abbr(Name, get_value(Name, Cmds)) of
-        Name ->
-            Name;
-        Abbr ->
-            {Name, Abbr}
-    end.
-
-%% No explicit abbreviation: construct.
-abbr(Name, []) ->
-    ?ATOM(abbr(string:tokens(atom_to_list(Name), "-")));
-
-%% Abbreviation was specified.
-abbr(_Name, Abbr) ->
-    Abbr.
-
-%% No hyphens: already abbreviated.
-abbr([Abbr]) ->
-    Abbr;
-
-%% XX-Request/Answer ==> XXR/XXA
-abbr([[_,_] = P, T])
-  when T == "Request";
-       T == "Answer" ->
-    P ++ [hd(T)];
-
-%% XXX-...-YYY-Request/Answer ==> X...YR/X...YA
-abbr([_,_|_] = L) ->
-    lists:map(fun erlang:hd/1, L).
-
-%% ------------------------------------------------------------------------
-%% import_avps/2
-
-import_avps(Spec, Options) ->
-    Msgs = get_value(messages, Spec),
-    Groups = get_value(grouped, Spec),
-
-    %% Messages and groups require AVP's referenced by them.
-    NeededAvps
-        = ordsets:from_list(lists:flatmap(fun({_,_,_,_,As}) ->
-                                                  [avp_name(A) || A <- As]
-                                          end,
-                                          Msgs)
-                            ++ lists:flatmap(fun({_,_,_,As}) ->
-                                                     [avp_name(A) || A <- As]
-                                             end,
-                                             Groups)),
-    MissingAvps = missing_avps(NeededAvps, Spec),
-
-    report(needed, NeededAvps),
-    report(missing, MissingAvps),
-
-    Import = inherit(get_value(inherits, Spec), Options),
-
-    report(imported, Import),
-
-    ImportedAvps = lists:map(fun({N,_,_,_,_}) -> N end,
-                             lists:flatmap(fun last/1, Import)),
-
-    Unknown = MissingAvps -- ImportedAvps,
-
-    [] == Unknown orelse ?ERROR({undefined_avps, Unknown}),
-
-    orddict:store(import_avps, Import, orddict:erase(inherits, Spec)).
-
-%% missing_avps/2
-%%
-%% Given a list of AVP names and parsed spec, return the list of
-%% AVP's that aren't defined in this spec.
-
-missing_avps(NeededNames, Spec) ->
-    Avps = get_value(avp_types, Spec),
-    Groups = lists:map(fun({N,_,_,As}) ->
-                               {N, [avp_name(A) || A <- As]}
-                       end,
-                       get_value(grouped, Spec)),
-    Names = ordsets:from_list(['AVP' | lists:map(fun({N,_,_,_,_}) -> N end,
-                                                 Avps)]),
-    missing_avps(NeededNames, [], {Names, Groups}).
-
-avp_name({'<',A,'>'}) -> A;
-avp_name({A}) -> A;
-avp_name([A]) -> A;
-avp_name({_, A}) -> avp_name(A).
-
-missing_avps(NeededNames, MissingNames, {Names, _} = T) ->
-    missing(ordsets:filter(fun(N) -> lists:member(N, NeededNames) end, Names),
-            ordsets:union(NeededNames, MissingNames),
-            T).
-
-%% Nothing found locally.
-missing([], MissingNames, _) ->
-    MissingNames;
-
-%% Or not. Keep looking for for the AVP's needed by the found AVP's of
-%% type Grouped.
-missing(FoundNames, MissingNames, {_, Groups} = T) ->
-    NeededNames = lists:flatmap(fun({N,As}) ->
-                                  choose(lists:member(N, FoundNames), As, [])
-                          end,
-                          Groups),
-    missing_avps(ordsets:from_list(NeededNames),
-                 ordsets:subtract(MissingNames, FoundNames),
-                 T).
-
-%% inherit/2
-
-inherit(Inherits, Options) ->
-    Dirs = [D || {include, D} <- Options] ++ ["."],
-    lists:foldl(fun(T,A) -> find_avps(T, A, Dirs) end, [], Inherits).
-
-find_avps({Mod, AvpNames}, Acc, Path) ->
-    report(inherit_from, Mod),
-    Avps = avps_from_beam(find_beam(Mod, Path), Mod),  %% could be empty
-    [{Mod, lists:sort(find_avps(AvpNames, Avps))} | Acc].
-
-find_avps([], Avps) ->
-    Avps;
-find_avps(Names, Avps) ->
-    lists:filter(fun({N,_,_,_,_}) -> lists:member(N, Names) end, Avps).
-
-%% find_beam/2
-
-find_beam(Mod, Dirs)
-  when is_atom(Mod) ->
-    find_beam(atom_to_list(Mod), Dirs);
-find_beam(Mod, Dirs) ->
-    Beam = Mod ++ code:objfile_extension(),
-    case try_path(Dirs, Beam) of
-        {value, Path} ->
-            Path;
-        false ->
-            ?ERROR({beam_not_on_path, Beam, Dirs})
-    end.
-
-try_path([D|Ds], Fname) ->
-    Path = filename:join(D, Fname),
-    case file:read_file_info(Path) of
-        {ok, _} ->
-            {value, Path};
-        _ ->
-            try_path(Ds, Fname)
-    end;
-try_path([], _) ->
-    false.
-
-%% avps_from_beam/2
-
-avps_from_beam(Path, Mod) ->
-    report(beam, Path),
-    ok = load_module(code:is_loaded(Mod), Mod, Path),
-    orddict:fetch(avp_types, Mod:dict()).
-
-load_module(false, Mod, Path) ->
-    R = filename:rootname(Path, code:objfile_extension()),
-    {module, Mod} = code:load_abs(R),
-    ok;
-load_module({file, _}, _, _) ->
-    ok.
-
-choose(true, X, _)  -> X;
-choose(false, _, X) -> X.
-
-%% ------------------------------------------------------------------------
-%% import_groups/1
-%% import_enums/1
-%%
-%% For each inherited module, store the content of imported AVP's of
-%% type grouped/enumerated in a new key.
-
-import_groups(Spec) ->
-    orddict:store(import_groups, import(grouped, Spec), Spec).
-
-import_enums(Spec) ->
-    orddict:store(import_enums, import(enums, Spec), Spec).
-
-import(Key, Spec) ->
-    lists:flatmap(fun(T) -> import_key(Key, T) end,
-                  get_value(import_avps, Spec)).
-
-import_key(Key, {Mod, Avps}) ->
-    Imports = lists:flatmap(fun(T) ->
-                                    choose(lists:keymember(element(1,T),
-                                                           1,
-                                                           Avps),
-                                           [T],
-                                           [])
-                            end,
-                            get_value(Key, Mod:dict())),
-    if Imports == [] ->
-            [];
-       true ->
-            [{Mod, Imports}]
-    end.
-
-%% ------------------------------------------------------------------------
-%% parse_enums/1
-%%
-%% Enums are specified either as the integer value followed by the
-%% name or vice-versa. In the former case the name of the enum is
-%% taken to be the string up to the end of line, which may contain
-%% whitespace. In the latter case the integer may be parenthesized,
-%% specified in hex and followed by an inline comment. This is
-%% historical and will likely be changed to require a precise input
-%% format.
-%%
-%% Output: list() of {integer(), atom()}
-
-parse_enums(Str) ->
-    lists:flatmap(fun(L) -> parse_enum(trim(L)) end, string:tokens(Str, "\n")).
-
-parse_enum([]) ->
-    [];
-
-parse_enum(Str) ->
-    REs = [{"^(0[xX][0-9A-Fa-f]+|[0-9]+)\s+(.*?)\s*$", 1, 2},
-           {"^(.+?)\s+(0[xX][0-9A-Fa-f]+|[0-9]+)(\s+.*)?$", 2, 1},
-           {"^(.+?)\s+\\((0[xX][0-9A-Fa-f]+|[0-9]+)\\)(\s+.*)?$", 2, 1}],
-    parse_enum(Str, REs).
-
-parse_enum(Str, REs) ->
-    try lists:foreach(fun(R) -> enum(Str, R) end, REs) of
-        ok ->
-            ?ERROR({bad_enum, Str})
-    catch
-        throw: {enum, T} ->
-            [T]
-    end.
-
-enum(Str, {Re, I, N}) ->
-    case re:run(Str, Re, [{capture, all_but_first, list}]) of
-        {match, Vs} ->
-            T = list_to_tuple(Vs),
-            throw({enum, {to_int(element(I,T)), ?ATOM(element(N,T))}});
-        nomatch ->
-            ok
-    end.
-
-to_int([$0,X|Hex])
-  when X == $x;
-       X == $X ->
-    {ok, [I], _} = io_lib:fread("~#", "16#" ++ Hex),
-    I;
-to_int(I) ->
-    list_to_integer(I).
-
-%% ------------------------------------------------------------------------
-%% parse_messages/1
-%%
-%% Parse according to the ABNF for message specifications in 3.2 of
-%% RFC 3588 (shown below). We require all message and AVP names to
-%% start with a digit or uppercase character, except for the base
-%% answer-message, which is treated as a special case. Allowing names
-%% that start with a digit is more than the RFC specifies but the name
-%% doesn't affect what's sent over the wire. (Certains 3GPP standards
-%% use names starting with a digit. eg 3GPP-Charging-Id in TS32.299.)
-
-%%
-%% Sadly, not even the RFC follows this grammar. In particular, except
-%% in the example in 3.2, it wraps each command-name in angle brackets
-%% ('<' '>') which makes parsing a sequence of specifications require
-%% lookahead: after 'optional' avps have been parsed, it's not clear
-%% whether a '<' is a 'fixed' or whether it's the start of a
-%% subsequent message until we see whether or not '::=' follows the
-%% closing '>'. Require the grammar as specified.
-%%
-%% Output: list of {Name, Code, Flags, ApplId, Avps}
-%%
-%%         Name   = atom()
-%%         Code   = integer()
-%%         Flags  = integer()
-%%         ApplId = [] | [integer()]
-%%         Avps   = see parse_avps/1
-
-parse_messages(Str) ->
-    p_cmd(trim(Str), []).
-
-%%   command-def      = command-name "::=" diameter-message
-%%
-%%   command-name     = diameter-name
-%%
-%%   diameter-name    = ALPHA *(ALPHA / DIGIT / "-")
-%%
-%%   diameter-message = header  [ *fixed] [ *required] [ *optional]
-%%                      [ *fixed]
-%%
-%%   header           = "<" Diameter-Header:" command-id
-%%                      [r-bit] [p-bit] [e-bit] [application-id]">"
-%%
-%% The header spec (and example that follows it) is slightly mangled
-%% and, given the examples in the RFC should as follows:
-%%
-%%   header           = "<" "Diameter Header:" command-id
-%%                      [r-bit] [p-bit] [e-bit] [application-id]">"
-%%
-%% This is what's required/parsed below, modulo whitespace. This is
-%% also what's specified in the current draft standard at
-%% http://ftp.ietf.org/drafts/wg/dime.
-%%
-%% Note that the grammar specifies the order fixed, required,
-%% optional. In practise there seems to be little difference between
-%% the latter two since qualifiers can be used to change the
-%% semantics. For example 1*[XXX] and *1{YYY} specify 1 or more of the
-%% optional avp XXX and 0 or 1 of the required avp YYY, making the
-%% iotional avp required and the required avp optional. The current
-%% draft addresses this somewhat by requiring that min for a qualifier
-%% on an optional avp must be 0 if present. It doesn't say anything
-%% about required avps however, so specifying a min of 0 would still
-%% be possible. The draft also does away with the trailing *fixed.
-%%
-%% What will be parsed here will treat required and optional
-%% interchangeably. That is. only require that required/optional
-%% follow and preceed fixed, not that optional avps must follow
-%% required ones. We already have several specs for which this parsing
-%% is necessary and there seems to be no harm in accepting it.
-
-p_cmd("", Acc) ->
-    lists:reverse(Acc);
-
-p_cmd(Str, Acc) ->
-    {Next, Rest} = split_def(Str),
-    report(command, Next),
-    p_cmd(Rest, [p_cmd(Next) | Acc]).
-
-p_cmd("answer-message" ++ Str) ->
-    p_header([{name, 'answer-message'} | diameter_spec_scan:parse(Str)]);
-
-p_cmd(Str) ->
-    p_header(diameter_spec_scan:parse(Str)).
-
-%% p_header/1
-
-p_header(['<', {name, _} = N, '>' | Toks]) ->
-    p_header([N | Toks]);
-
-p_header([{name, 'answer-message' = N}, '::=',
-          '<', {name, "Diameter"}, {name, "Header"}, ':', {tag, code},
-          ',', {name, "ERR"}, '[', {name, "PXY"}, ']', '>'
-          | Toks]) ->
-    {N, -1, ['ERR', 'PXY'], [], parse_avps(Toks)};
-
-p_header([{name, Name}, '::=',
-          '<', {name, "Diameter"}, {name, "Header"}, ':', {number, Code}
-          | Toks]) ->
-    {Flags, Rest} = p_flags(Toks),
-    {ApplId, [C|_] = R} = p_appl(Rest),
-    '>' == C orelse ?ERROR({invalid_flag, {Name, Code, Flags, ApplId}, R}),
-    {?ATOM(Name), Code, Flags, ApplId, parse_avps(tl(R))};
-
-p_header(Toks) ->
-    ?ERROR({invalid_header, Toks}).
-
-%%   application-id   = 1*DIGIT
-%%
-%%   command-id       = 1*DIGIT
-%%                      ; The Command Code assigned to the command
-%%
-%%   r-bit            = ", REQ"
-%%                      ; If present, the 'R' bit in the Command
-%%                      ; Flags is set, indicating that the message
-%%                      ; is a request, as opposed to an answer.
-%%
-%%   p-bit            = ", PXY"
-%%                      ; If present, the 'P' bit in the Command
-%%                      ; Flags is set, indicating that the message
-%%                      ; is proxiable.
-%%
-%%   e-bit            = ", ERR"
-%%                      ; If present, the 'E' bit in the Command
-%%                      ; Flags is set, indicating that the answer
-%%                      ; message contains a Result-Code AVP in
-%%                      ; the "protocol error" class.
-
-p_flags(Toks) ->
-    lists:foldl(fun p_flags/2, {[], Toks}, ["REQ", "PXY", "ERR"]).
-
-p_flags(N, {Acc, [',', {name, N} | Toks]}) ->
-    {[?ATOM(N) | Acc], Toks};
-
-p_flags(_, T) ->
-    T.
-
-%% The RFC doesn't specify ',' before application-id but this seems a
-%% bit inconsistent. Accept a comma if it exists.
-p_appl([',', {number, I} | Toks]) ->
-    {[I], Toks};
-p_appl([{number, I} | Toks]) ->
-    {[I], Toks};
-p_appl(Toks) ->
-    {[], Toks}.
-
-%% parse_avps/1
-%%
-%% Output: list() of Avp | {Qual, Avp}
-%%
-%%         Qual = '*' | {Min, '*'} | {'*', Max} | {Min, Max}
-%%         Avp  = {'<', Name, '>'} | {Name} | [Name]
-%%
-%%         Min, Max = integer() >= 0
-
-parse_avps(Toks) ->
-    p_avps(Toks, ['<', '|', '<'], []).
-%% The list corresponds to the delimiters expected at the front, middle
-%% and back of the avp specification, '|' representing '{' and '['.
-
-%%   fixed            = [qual] "<" avp-spec ">"
-%%                      ; Defines the fixed position of an AVP
-%%
-%%   required         = [qual] "{" avp-spec "}"
-%%                      ; The AVP MUST be present and can appear
-%%                      ; anywhere in the message.
-%%
-%%   optional         = [qual] "[" avp-name "]"
-%%                      ; The avp-name in the 'optional' rule cannot
-%%                      ; evaluate to any AVP Name which is included
-%%                      ; in a fixed or required rule.  The AVP can
-%%                      ; appear anywhere in the message.
-%%
-%%   qual             = [min] "*" [max]
-%%                      ; See ABNF conventions, RFC 2234 Section 6.6.
-%%                      ; The absence of any qualifiers depends on whether
-%%                      ; it precedes a fixed, required, or optional
-%%                      ; rule.  If a fixed or required rule has no
-%%                      ; qualifier, then exactly one such AVP MUST
-%%                      ; be present.  If an optional rule has no
-%%                      ; qualifier, then 0 or 1 such AVP may be
-%%                      ; present.
-%%                      ;
-%%                      ; NOTE:  "[" and "]" have a different meaning
-%%                      ; than in ABNF (see the optional rule, above).
-%%                      ; These braces cannot be used to express
-%%                      ; optional fixed rules (such as an optional
-%%                      ; ICV at the end).  To do this, the convention
-%%                      ; is '0*1fixed'.
-%%
-%%   min              = 1*DIGIT
-%%                      ; The minimum number of times the element may
-%%                      ; be present.  The default value is zero.
-%%
-%%   max              = 1*DIGIT
-%%                      ; The maximum number of times the element may
-%%                      ; be present.  The default value is infinity.  A
-%%                      ; value of zero implies the AVP MUST NOT be
-%%                      ; present.
-%%
-%%   avp-spec         = diameter-name
-%%                      ; The avp-spec has to be an AVP Name, defined
-%%                      ; in the base or extended Diameter
-%%                      ; specifications.
-%%
-%%   avp-name         = avp-spec / "AVP"
-%%                      ; The string "AVP" stands for *any* arbitrary
-%%                      ; AVP Name, which does not conflict with the
-%%                      ; required or fixed position AVPs defined in
-%%                      ; the command code definition.
-%%
-
-p_avps([], _, Acc) ->
-    lists:reverse(Acc);
-
-p_avps(Toks, Delim, Acc) ->
-    {Qual, Rest} = p_qual(Toks),
-    {Avp, R, D} = p_avp(Rest, Delim),
-    T = if Qual == false ->
-                Avp;
-           true ->
-                {Qual, Avp}
-        end,
-    p_avps(R, D, [T | Acc]).
-
-p_qual([{number, Min}, '*', {number, Max} | Toks]) ->
-    {{Min, Max}, Toks};
-p_qual([{number, Min}, '*' = Max | Toks]) ->
-    {{Min, Max}, Toks};
-p_qual(['*' = Min, {number, Max} | Toks]) ->
-    {{Min, Max}, Toks};
-p_qual(['*' = Q | Toks]) ->
-    {Q, Toks};
-p_qual(Toks) ->
-    {false, Toks}.
-
-p_avp([B, {name, Name}, E | Toks], [_|_] = Delim) ->
-    {avp(B, ?ATOM(Name), E),
-     Toks,
-     delim(choose(B == '<', B, '|'), Delim)};
-p_avp(Toks, Delim) ->
-    ?ERROR({invalid_avp, Toks, Delim}).
-
-avp('<' = B, Name, '>' = E) ->
-    {B, Name, E};
-avp('{', Name, '}') ->
-    {Name};
-avp('[', Name, ']') ->
-    [Name];
-avp(B, Name, E) ->
-    ?ERROR({invalid_avp, B, Name, E}).
-
-delim(B, D) ->
-    if B == hd(D) -> D; true -> tl(D) end.
-
-%% split_def/1
-%%
-%% Strip one command definition off head of a string.
-
-split_def(Str) ->
-    sdh(Str, []).
-
-%% Look for the "::=" starting off the definition.
-sdh("", _) ->
-    ?ERROR({missing, '::='});
-sdh("::=" ++ Rest, Acc) ->
-    sdb(Rest, [$=,$:,$:|Acc]);
-sdh([C|Rest], Acc) ->
-    sdh(Rest, [C|Acc]).
-
-%% Look for the "::=" starting off the following definition.
-sdb("::=" ++ _ = Rest, Acc) ->
-    sdt(trim(Acc), Rest);
-sdb("" = Rest, Acc) ->
-    sd(Acc, Rest);
-sdb([C|Rest], Acc) ->
-    sdb(Rest, [C|Acc]).
-
-%% Put name characters of the subsequent specification back into Rest.
-sdt([C|Acc], Rest)
-  when C /= $\n, C /= $\s ->
-    sdt(Acc, [C|Rest]);
-
-sdt(Acc, Rest) ->
-    sd(Acc, Rest).
-
-sd(Acc, Rest) ->
-    {trim(lists:reverse(Acc)), Rest}.
-%% Note that Rest is already trimmed of leading space.
-
-%% ------------------------------------------------------------------------
-%% parse_groups/1
-%%
-%% Parse according to the ABNF for message specifications in 4.4 of
-%% RFC 3588 (shown below). Again, allow names starting with a digit
-%% and also require "AVP Header" without "-" since this is what
-%% the RFC uses in all examples.
-%%
-%% Output: list of {Name, Code, Vendor, Avps}
-%%
-%%         Name   = atom()
-%%         Code   = integer()
-%%         Vendor = [] | [integer()]
-%%         Avps   = see parse_avps/1
-
-parse_groups(Str) ->
-    p_group(trim(Str), []).
-
-%%      grouped-avp-def  = name "::=" avp
-%%
-%%      name-fmt         = ALPHA *(ALPHA / DIGIT / "-")
-%%
-%%      name             = name-fmt
-%%                         ; The name has to be the name of an AVP,
-%%                         ; defined in the base or extended Diameter
-%%                         ; specifications.
-%%
-%%      avp              = header  [ *fixed] [ *required] [ *optional]
-%%                         [ *fixed]
-%%
-%%      header           = "<" "AVP-Header:" avpcode [vendor] ">"
-%%
-%%      avpcode          = 1*DIGIT
-%%                         ; The AVP Code assigned to the Grouped AVP
-%%
-%%      vendor           = 1*DIGIT
-%%                         ; The Vendor-ID assigned to the Grouped AVP.
-%%                         ; If absent, the default value of zero is
-%%                         ; used.
-
-p_group("", Acc) ->
-    lists:reverse(Acc);
-
-p_group(Str, Acc) ->
-    {Next, Rest} = split_def(Str),
-    report(group, Next),
-    p_group(Rest, [p_group(diameter_spec_scan:parse(Next)) | Acc]).
-
-p_group([{name, Name}, '::=', '<', {name, "AVP"}, {name, "Header"},
-         ':', {number, Code}
-         | Toks]) ->
-    {Id, [C|_] = R} = p_vendor(Toks),
-    C == '>' orelse ?ERROR({invalid_group_header, R}),
-    {?ATOM(Name), Code, Id, parse_avps(tl(R))};
-
-p_group(Toks) ->
-    ?ERROR({invalid_group, Toks}).
-
-p_vendor([{number, I} | Toks]) ->
-    {[I], Toks};
-p_vendor(Toks) ->
-    {[], Toks}.
-
-%% ------------------------------------------------------------------------
-%% parse_avp_names/1
-
-parse_avp_names(Str) ->
-    [p_name(N) || N <- diameter_spec_scan:parse(Str)].
-
-p_name({name, N}) ->
-    ?ATOM(N);
-p_name(T) ->
-    ?ERROR({invalid_avp_name, T}).
-
-%% ------------------------------------------------------------------------
-%% parse_avp_types/1
-%%
-%% Output: list() of {Name, Code, Type, Flags, Encr}
-
-parse_avp_types(Str) ->
-    p_avp_types(Str, []).
-
-p_avp_types(Str, Acc) ->
-    p_type(diameter_spec_scan:split(Str, 3), Acc).
-
-p_type({[],[]}, Acc) ->
-    lists:reverse(Acc);
-
-p_type({[{name, Name}, {number, Code}, {name, Type}], Str}, Acc) ->
-    {Flags, Encr, Rest} = try
-                              p_avp_flags(trim(Str), [])
-                          catch
-                              throw: {?MODULE, Reason} ->
-                                  ?ERROR({invalid_avp_type, Reason})
-                          end,
-    p_avp_types(Rest, [{?ATOM(Name), Code, ?ATOM(type(Type)), Flags, Encr}
-                       | Acc]);
-
-p_type(T, _) ->
-    ?ERROR({invalid_avp_type, T}).
-
-p_avp_flags([C|Str], Acc)
-  when C == $M;
-       C == $P;
-       C == $V ->
-    p_avp_flags(Str, [?ATOM([C]) | Acc]);
-%% Could support lowercase here if there's a use for distinguishing
-%% between Must and Should in the future in deciding whether or not
-%% to set a flag.
-
-p_avp_flags([$-|Str], Acc) ->
-    %% Require encr on same line as flags if specified.
-    {H,T} = lists:splitwith(fun(C) -> C /= $\n end, Str),
-
-    {[{name, [$X|X]} | Toks], Rest} = diameter_spec_scan:split([$X|H], 2),
-
-    "" == X orelse throw({?MODULE, {invalid_avp_flag, Str}}),
-
-    Encr = case Toks of
-               [] ->
-                   "-";
-               [{_, E}] ->
-                   (E == "Y" orelse E == "N")
-                       orelse throw({?MODULE, {invalid_encr, E}}),
-                   E
-           end,
-
-    Flags = ordsets:from_list(lists:reverse(Acc)),
-
-    {Flags, ?ATOM(Encr), Rest ++ T};
-
-p_avp_flags(Str, Acc) ->
-    p_avp_flags([$-|Str], Acc).
-
-type("DiamIdent")   -> "DiameterIdentity";  %% RFC 3588
-type("DiamURI")     -> "DiameterURI";       %% RFC 3588
-type("IPFltrRule")  -> "IPFilterRule";      %% RFC 4005
-type("QoSFltrRule") -> "QoSFilterRule";     %% RFC 4005
-type(N)
-  when N == "OctetString";
-       N == "Integer32";
-       N == "Integer64";
-       N == "Unsigned32";
-       N == "Unsigned64";
-       N == "Float32";
-       N == "Float64";
-       N == "Grouped";
-       N == "Enumerated";
-       N == "Address";
-       N == "Time";
-       N == "UTF8String";
-       N == "DiameterIdentity";
-       N == "DiameterURI";
-       N == "IPFilterRule";
-       N == "QoSFilterRule" ->
-    N;
-type(N) ->
-    ?ERROR({invalid_avp_type, N}).
-
-%% ------------------------------------------------------------------------
-%% parse_commands/1
-
-parse_commands(Str) ->
-    p_abbr(diameter_spec_scan:parse(Str), []).
-
- p_abbr([{name, Name}, {name, Abbrev} | Toks], Acc)
-  when length(Abbrev) < length(Name) ->
-    p_abbr(Toks, [{?ATOM(Name), ?ATOM(Abbrev)} | Acc]);
-
-p_abbr([], Acc) ->
-    lists:reverse(Acc);
-
-p_abbr(T, _) ->
-    ?ERROR({invalid_command, T}).
diff --git a/lib/diameter/src/compiler/diameter_vsn.hrl b/lib/diameter/src/compiler/diameter_vsn.hrl
new file mode 100644
index 0000000000..024d047adc
--- /dev/null
+++ b/lib/diameter/src/compiler/diameter_vsn.hrl
@@ -0,0 +1,22 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%% The version of the format of the return value of dict/0 in
+%% generated dictionary modules.
+-define(VERSION, 1).
diff --git a/lib/diameter/src/dict/base_rfc3588.dia b/lib/diameter/src/dict/base_rfc3588.dia
index f7a0b717cd..acd7fffd00 100644
--- a/lib/diameter/src/dict/base_rfc3588.dia
+++ b/lib/diameter/src/dict/base_rfc3588.dia
@@ -136,14 +136,14 @@
               [ Origin-State-Id ]
 
    answer-message ::= < Diameter Header: code, ERR [PXY] >
-                  0*1 < Session-Id >
-                      { Origin-Host }
-                      { Origin-Realm }
-                      { Result-Code }
-                      [ Origin-State-Id ]
-                      [ Error-Reporting-Host ]
-                      [ Proxy-Info ]
-                    * [ AVP ]
+          0*1 < Session-Id >
+              { Origin-Host }
+              { Origin-Realm }
+              { Result-Code }
+              [ Origin-State-Id ]
+              [ Error-Reporting-Host ]
+              [ Proxy-Info ]
+            * [ AVP ]
 
       RAR ::= < Diameter Header: 258, REQ, PXY >
               < Session-Id >
@@ -312,14 +312,14 @@
 
 @enum Termination-Cause
 
-   DIAMETER_LOGOUT                1
-   DIAMETER_SERVICE_NOT_PROVIDED  2
-   DIAMETER_BAD_ANSWER            3
-   DIAMETER_ADMINISTRATIVE        4
-   DIAMETER_LINK_BROKEN           5
-   DIAMETER_AUTH_EXPIRED          6
-   DIAMETER_USER_MOVED            7
-   DIAMETER_SESSION_TIMEOUT       8
+   LOGOUT                         1
+   SERVICE_NOT_PROVIDED           2
+   BAD_ANSWER                     3
+   ADMINISTRATIVE                 4
+   LINK_BROKEN                    5
+   AUTH_EXPIRED                   6
+   USER_MOVED                     7
+   SESSION_TIMEOUT                8
 
 @enum Session-Server-Failover
 
@@ -343,14 +343,53 @@
 
 @define Result-Code
 
-;; 7.1.1.  Informational
+   ;; 7.1.1.  Informational
+   MULTI_ROUND_AUTH            1001
+
+   ;; 7.1.2.  Success
+   SUCCESS                     2001
+   LIMITED_SUCCESS             2002
+
+   ;; 7.1.3.  Protocol Errors
+   COMMAND_UNSUPPORTED         3001
+   UNABLE_TO_DELIVER           3002
+   REALM_NOT_SERVED            3003
+   TOO_BUSY                    3004
+   LOOP_DETECTED               3005
+   REDIRECT_INDICATION         3006
+   APPLICATION_UNSUPPORTED     3007
+   INVALID_HDR_BITS            3008
+   INVALID_AVP_BITS            3009
+   UNKNOWN_PEER                3010
+
+   ;; 7.1.4.  Transient Failures
+   AUTHENTICATION_REJECTED     4001
+   OUT_OF_SPACE                4002
+   ELECTION_LOST               4003
+
+   ;; 7.1.5.  Permanent Failures
+   AVP_UNSUPPORTED             5001
+   UNKNOWN_SESSION_ID          5002
+   AUTHORIZATION_REJECTED      5003
+   INVALID_AVP_VALUE           5004
+   MISSING_AVP                 5005
+   RESOURCES_EXCEEDED          5006
+   CONTRADICTING_AVPS          5007
+   AVP_NOT_ALLOWED             5008
+   AVP_OCCURS_TOO_MANY_TIMES   5009
+   NO_COMMON_APPLICATION       5010
+   UNSUPPORTED_VERSION         5011
+   UNABLE_TO_COMPLY            5012
+   INVALID_BIT_IN_HEADER       5013
+   INVALID_AVP_LENGTH          5014
+   INVALID_MESSAGE_LENGTH      5015
+   INVALID_AVP_BIT_COMBO       5016
+   NO_COMMON_SECURITY          5017
+
+   ;; With a prefix for backwards compatibility.
    DIAMETER_MULTI_ROUND_AUTH          1001
-
-;; 7.1.2.  Success
    DIAMETER_SUCCESS                   2001
    DIAMETER_LIMITED_SUCCESS           2002
-
-;; 7.1.3.  Protocol Errors
    DIAMETER_COMMAND_UNSUPPORTED       3001
    DIAMETER_UNABLE_TO_DELIVER         3002
    DIAMETER_REALM_NOT_SERVED          3003
@@ -361,13 +400,9 @@
    DIAMETER_INVALID_HDR_BITS          3008
    DIAMETER_INVALID_AVP_BITS          3009
    DIAMETER_UNKNOWN_PEER              3010
-
-;; 7.1.4.  Transient Failures
    DIAMETER_AUTHENTICATION_REJECTED   4001
    DIAMETER_OUT_OF_SPACE              4002
-   ELECTION_LOST                      4003
-
-;; 7.1.5.  Permanent Failures
+   DIAMETER_ELECTION_LOST             4003
    DIAMETER_AVP_UNSUPPORTED           5001
    DIAMETER_UNKNOWN_SESSION_ID        5002
    DIAMETER_AUTHORIZATION_REJECTED    5003
@@ -412,3 +447,15 @@
 ;;
       E2E-Sequence ::= <AVP Header: 300 >
                    2* { AVP }
+
+;; Backwards compatibility.
+@define Termination-Cause
+
+   DIAMETER_LOGOUT                1
+   DIAMETER_SERVICE_NOT_PROVIDED  2
+   DIAMETER_BAD_ANSWER            3
+   DIAMETER_ADMINISTRATIVE        4
+   DIAMETER_LINK_BROKEN           5
+   DIAMETER_AUTH_EXPIRED          6
+   DIAMETER_USER_MOVED            7
+   DIAMETER_SESSION_TIMEOUT       8
diff --git a/lib/diameter/src/dict/relay.dia b/lib/diameter/src/dict/relay.dia
index c22293209b..294014b093 100644
--- a/lib/diameter/src/dict/relay.dia
+++ b/lib/diameter/src/dict/relay.dia
@@ -21,5 +21,3 @@
 @name   diameter_gen_relay
 @prefix diameter_relay
 @vendor 0 IETF
-
-@inherits diameter_gen_base_rfc3588
diff --git a/lib/diameter/src/gen/.gitignore b/lib/diameter/src/gen/.gitignore
index d490642eb7..3f32313f56 100644
--- a/lib/diameter/src/gen/.gitignore
+++ b/lib/diameter/src/gen/.gitignore
@@ -1,2 +1,2 @@
-
+/diameter_dict_parser.erl
 /diameter_gen*rl
diff --git a/lib/diameter/src/modules.mk b/lib/diameter/src/modules.mk
index c7cbe598af..7a700a6d53 100644
--- a/lib/diameter/src/modules.mk
+++ b/lib/diameter/src/modules.mk
@@ -24,10 +24,15 @@ DICTS = \
 	base_accounting \
 	relay
 
+# The yecc grammar for the dictionary parser.
+DICT_YRL = \
+	diameter_dict_parser
+
 # Handwritten (runtime) modules included in the app file.
 RT_MODULES = \
 	base/diameter \
 	base/diameter_app \
+	base/diameter_callback \
 	base/diameter_capx \
 	base/diameter_config \
 	base/diameter_codec \
@@ -57,13 +62,13 @@ RT_MODULES = \
 
 # Handwritten (compile time) modules not included in the app file.
 CT_MODULES = \
-	base/diameter_callback \
 	base/diameter_dbg \
 	base/diameter_info \
 	compiler/diameter_codegen \
 	compiler/diameter_exprecs \
-	compiler/diameter_spec_scan \
-	compiler/diameter_spec_util \
+	compiler/diameter_nowarn \
+	compiler/diameter_dict_scanner \
+	compiler/diameter_dict_util \
 	compiler/diameter_make
 
 # Released hrl files in ../include intended for public consumption.
@@ -74,8 +79,8 @@ EXTERNAL_HRLS = \
 # Released hrl files intended for private use.
 INTERNAL_HRLS = \
 	base/diameter_internal.hrl \
-	base/diameter_types.hrl \
-	compiler/diameter_forms.hrl
+	compiler/diameter_forms.hrl \
+	compiler/diameter_vsn.hrl
 
 # Released files relative to ../bin.
 BINS = \
@@ -83,11 +88,17 @@ BINS = \
 
 # Released files relative to ../examples.
 EXAMPLES = \
-	GNUmakefile \
-	peer.erl \
-	client.erl \
-	client_cb.erl \
-	server.erl \
-	server_cb.erl \
-	relay.erl \
-	relay_cb.erl
+	code/GNUmakefile \
+	code/peer.erl \
+	code/client.erl \
+	code/client_cb.erl \
+	code/server.erl \
+	code/server_cb.erl \
+	code/relay.erl \
+	code/relay_cb.erl \
+	dict/rfc4004_mip.dia \
+	dict/rfc4005_nas.dia \
+	dict/rfc4006_cc.dia \
+	dict/rfc4072_eap.dia \
+	dict/rfc4590_digest.dia \
+	dict/rfc4740_sip.dia
diff --git a/lib/diameter/src/transport/diameter_sctp.erl b/lib/diameter/src/transport/diameter_sctp.erl
index 209f8c01c1..68b0342cd5 100644
--- a/lib/diameter/src/transport/diameter_sctp.erl
+++ b/lib/diameter/src/transport/diameter_sctp.erl
@@ -546,10 +546,10 @@ send(Sock, AssocId, Stream, Bin) ->
 %% recv/2
 
 %% Association established ...
-recv({[], #sctp_assoc_change{state = comm_up,
-                             outbound_streams = OS,
-                             inbound_streams = IS,
-                             assoc_id = Id}},
+recv({_, #sctp_assoc_change{state = comm_up,
+                            outbound_streams = OS,
+                            inbound_streams = IS,
+                            assoc_id = Id}},
      #transport{assoc_id = undefined,
                 mode = {T, _},
                 socket = Sock}
@@ -562,7 +562,7 @@ recv({[], #sctp_assoc_change{state = comm_up,
                    streams = {IS, OS}});
 
 %% ... or not: try the next address.
-recv({[], #sctp_assoc_change{} = E},
+recv({_, #sctp_assoc_change{} = E},
      #transport{assoc_id = undefined,
                 socket = Sock,
                 mode = {connect = C, {[RA|RAs], RP, Es}}}
@@ -570,7 +570,7 @@ recv({[], #sctp_assoc_change{} = E},
     S#transport{mode = {C, connect(Sock, RAs, RP, [{RA,E} | Es])}};
 
 %% Lost association after establishment.
-recv({[], #sctp_assoc_change{}}, _) ->
+recv({_, #sctp_assoc_change{}}, _) ->
     stop;
 
 %% Inbound Diameter message.
@@ -580,7 +580,7 @@ recv({[#sctp_sndrcvinfo{stream = Id}], Bin}, #transport{parent = Pid})
                                              bin = Bin}),
     ok;
 
-recv({[], #sctp_shutdown_event{assoc_id = Id}},
+recv({_, #sctp_shutdown_event{assoc_id = Id}},
      #transport{assoc_id = Id}) ->
     stop;
 
@@ -593,10 +593,10 @@ recv({[], #sctp_shutdown_event{assoc_id = Id}},
 %% disabled by default so don't handle it. We could simply disable
 %% events we don't react to but don't.
 
-recv({[], #sctp_paddr_change{}}, _) ->
+recv({_, #sctp_paddr_change{}}, _) ->
     ok;
 
-recv({[], #sctp_pdapi_event{}}, _) ->
+recv({_, #sctp_pdapi_event{}}, _) ->
     ok.
 
 %% up/1
diff --git a/lib/diameter/test/Makefile b/lib/diameter/test/Makefile
index 97d9069f4a..ab5b45ff3d 100644
--- a/lib/diameter/test/Makefile
+++ b/lib/diameter/test/Makefile
@@ -50,6 +50,8 @@ TARGET_FILES = $(MODULES:%=%.$(EMULATOR))
 SUITE_MODULES = $(filter diameter_%_SUITE, $(MODULES))
 SUITES        = $(SUITE_MODULES:diameter_%_SUITE=%)
 
+DATA_DIRS = $(sort $(dir $(DATA)))
+
 # ----------------------------------------------------
 # FLAGS
 # ----------------------------------------------------
@@ -121,12 +123,12 @@ help:
 # diameter_ct:run/1 itself can't tell (it seems). The absolute -pa is
 # because ct will change directories.
 $(SUITES): log opt
-	$(ERL) -noshell \
+	$(ERL) -noinput \
 	       -pa $(realpath ../ebin) \
 	       -sname diameter_test_$@ \
 	       -s diameter_ct run diameter_$@_SUITE \
 	       -s init stop \
-	| awk '1{rc=0} {print} / FAILED /{rc=1} END{exit rc}'
+	| awk '{print} / FAILED /{rc=1} END{exit rc}' rc=0
 # Shorter in sed but requires a GNU extension (ie. Q).
 
 log:
@@ -147,9 +149,7 @@ else
 include $(ERL_TOP)/make/otp_release_targets.mk
 endif
 
-release_spec: 
-
-release_docs_spec:
+release_spec release_docs_spec:
 
 release_tests_spec:
 	$(INSTALL_DIR)  $(RELSYSDIR)
@@ -157,12 +157,18 @@ release_tests_spec:
 	                $(COVER_SPEC_FILE) \
 	                $(HRL_FILES) \
 	                $(RELSYSDIR)
+	$(MAKE) $(DATA_DIRS:%/=release_data_%)
 	$(MAKE) $(ERL_FILES:%=/%)
 
+$(DATA_DIRS:%/=release_data_%): release_data_%:
+	$(INSTALL_DIR) $(RELSYSDIR)/$*
+	$(INSTALL_DATA) $(filter $*/%, $(DATA)) $(RELSYSDIR)/$*
+
 force:
 
 .PHONY: release_spec release_docs_spec release_test_specs
 .PHONY: force
+.PHONY: $(DATA_DIRS:%/=release_data_%)
 
 # Can't just make $(ERL_FILES:%=/%) phony since then implicit rule
 # searching is skipped.
diff --git a/lib/diameter/test/diameter_app_SUITE.erl b/lib/diameter/test/diameter_app_SUITE.erl
index 7f53a4ddd4..53332af626 100644
--- a/lib/diameter/test/diameter_app_SUITE.erl
+++ b/lib/diameter/test/diameter_app_SUITE.erl
@@ -41,6 +41,19 @@
 
 -define(A, list_to_atom).
 
+%% Modules not in the app and that should not have dependencies on it
+%% for build reasons.
+-define(COMPILER_MODULES, [diameter_codegen,
+                           diameter_dict_scanner,
+                           diameter_dict_parser,
+                           diameter_dict_util,
+                           diameter_exprecs,
+                           diameter_nowarn,
+                           diameter_make]).
+
+-define(HELP_MODULES, [diameter_dbg,
+                       diameter_info]).
+
 %% ===========================================================================
 
 suite() ->
@@ -93,14 +106,8 @@ vsn(Config) ->
 modules(Config) ->
     Mods = fetch(modules, fetch(app, Config)),
     Installed = code_mods(),
-    Help = [diameter_callback,
-            diameter_codegen,
-            diameter_dbg,
-            diameter_exprecs,
-            diameter_info,
-            diameter_make,
-            diameter_spec_scan,
-            diameter_spec_util],
+    Help = lists:sort(?HELP_MODULES ++ ?COMPILER_MODULES),
+
     {[], Help} = {Mods -- Installed, lists:sort(Installed -- Mods)}.
 
 code_mods() ->
@@ -167,14 +174,12 @@ xref(Config) ->
     %% stop xref from complaining about calls to module erlang, which
     %% was previously in kernel. Erts isn't an application however, in
     %% the sense that there's no .app file, and isn't listed in
-    %% applications. Seems less than ideal. Also, diameter_tcp does
-    %% call ssl despite ssl not being listed as a dependency in the
-    %% app file since ssl is only required for TLS security: it's up
-    %% to a client who wants TLS it to start ssl.
+    %% applications.
     ok = lists:foreach(fun(A) -> add_application(XRef, A) end,
                        [?APP, erts | fetch(applications, App)]),
 
     {ok, Undefs} = xref:analyze(XRef, undefined_function_calls),
+    {ok, Called} = xref:analyze(XRef, {module_call, ?COMPILER_MODULES}),
 
     xref:stop(XRef),
 
@@ -183,7 +188,21 @@ xref(Config) ->
                               lists:member(F, Mods)
                                   andalso {F,T} /= {diameter_tcp, ssl}
                       end,
-                      Undefs).
+                      Undefs),
+    %% diameter_tcp does call ssl despite the latter not being listed
+    %% as a dependency in the app file since ssl is only required for
+    %% TLS security: it's up to a client who wants TLS it to start
+    %% ssl.
+
+    [] = lists:filter(fun is_bad_dependency/1, Called).
+
+%% It's not strictly necessary that diameter compiler modules not
+%% depend on other diameter modules but it's a simple source of build
+%% errors if not encoded in the makefile (hence the test) so guard
+%% against it.
+is_bad_dependency(Mod) ->
+    lists:prefix("diameter", atom_to_list(Mod))
+        andalso not lists:member(Mod, ?COMPILER_MODULES).
 
 add_application(XRef, App) ->
     add_application(XRef, App, code:lib_dir(App)).
diff --git a/lib/diameter/test/diameter_capx_SUITE.erl b/lib/diameter/test/diameter_capx_SUITE.erl
index e6b1558bf6..54a161d606 100644
--- a/lib/diameter/test/diameter_capx_SUITE.erl
+++ b/lib/diameter/test/diameter_capx_SUITE.erl
@@ -27,8 +27,6 @@
 -export([suite/0,
          all/0,
          groups/0,
-         init_per_group/2,
-         end_per_group/2,
          init_per_testcase/2,
          end_per_testcase/2]).
 
@@ -93,30 +91,26 @@
 -define(cea,            #diameter_base_CEA).
 -define(answer_message, #'diameter_base_answer-message').
 
+-define(fail(T), erlang:error({T, process_info(self(), messages)})).
+
+-define(TIMEOUT, 2000).
+
 %% ===========================================================================
 
 suite() ->
     [{timetrap, {seconds, 10}}].
 
-all() ->
-    [start, start_services, add_listeners
-     | [{group, N} || {N, _, _} <- groups()]]
-        ++ [remove_listeners, stop_services, stop].
+all() -> [start,
+          start_services,
+          add_listeners,
+          {group, all},
+          {group, all, [parallel]},
+          remove_listeners,
+          stop_services,
+          stop].
 
 groups() ->
-    Ts = testcases(),
-    [{grp(P), P, Ts} || P <- [[], [parallel]]].
-
-grp([]) ->
-    sequential;
-grp([parallel = P]) ->
-    P.
-
-init_per_group(_Name, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
+    [{all, [], lists:flatmap(fun tc/1, tc())}].
 
 %% Generate a unique hostname for each testcase so that watchdogs
 %% don't prevent a connection from being brought up immediately.
@@ -137,9 +131,6 @@ end_per_testcase(Name, Config) ->
     ok = diameter:remove_transport(?CLIENT, CRef).
 
 %% Testcases all come in two flavours, client and server.
-testcases() ->
-    lists:flatmap(fun tc/1, tc()).
-
 tc(Name) ->
     [?A([C,$_|?L(Name)]) || C <- "cs"].
 
@@ -270,8 +261,8 @@ s_client_reject(Config) ->
                            ?packet{}}}
                     = Info ->
             Info
-    after 2000 ->
-            fail({LRef, OH})
+    after ?TIMEOUT ->
+            ?fail({LRef, OH})
     end.
 
 c_client_reject(Config) ->
@@ -307,12 +298,12 @@ server_closed(Config, F, RC) ->
                                = Reason,
                                {listen, _}}} ->
             Reason
-    after 2000 ->
-            fail({LRef, OH})
+    after ?TIMEOUT ->
+            ?fail({LRef, OH})
     end.
 
 %% server_reject/3
-    
+
 server_reject(Config, F, RC) ->
     true = diameter:subscribe(?SERVER),
     OH = host(Config),
@@ -328,8 +319,8 @@ server_reject(Config, F, RC) ->
                                = Reason,
                                {listen, _}}} ->
             Reason
-    after 2000 ->
-            fail({LRef, OH})
+    after ?TIMEOUT ->
+            ?fail({LRef, OH})
     end.
 
 %% cliient_closed/4
@@ -345,13 +336,13 @@ client_closed(Config, Host, F, RC) ->
 
 %% client_recv/1
 
-client_recv(CRef) ->    
+client_recv(CRef) ->
     receive
         ?event{service = ?CLIENT,
                info = {closed, CRef, Reason, {connect, _}}} ->
             Reason
-    after 2000 ->
-            fail(CRef)
+    after ?TIMEOUT ->
+            ?fail(CRef)
     end.
 
 %% server_capx/3
@@ -373,9 +364,6 @@ client_capx(_, ?caps{origin_host = {[_,$_|"client_reject." ++ _], _}}) ->
 
 %% ===========================================================================
 
-fail(T) ->
-    erlang:error({T, process_info(self(), messages)}).
-
 host(Config) ->
     {_, H} = lists:keyfind(host, 1, Config),
     ?HOST(H).
diff --git a/lib/diameter/test/diameter_codec_SUITE.erl b/lib/diameter/test/diameter_codec_SUITE.erl
index 30c60be8e9..2e219bbb10 100644
--- a/lib/diameter/test/diameter_codec_SUITE.erl
+++ b/lib/diameter/test/diameter_codec_SUITE.erl
@@ -35,7 +35,8 @@
 %% testcases
 -export([base/1,
          gen/1,
-         lib/1]).
+         lib/1,
+         unknown/1]).
 
 -include("diameter_ct.hrl").
 
@@ -47,7 +48,7 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [base, gen, lib].
+    [base, gen, lib, unknown].
 
 init_per_testcase(gen, Config) ->
     [{application, ?APP, App}] = diameter_util:consult(?APP, app),
@@ -74,3 +75,26 @@ gen([{dicts, Ms} | _]) ->
 
 lib(_Config) ->
     diameter_codec_test:lib().
+
+%% Have a separate AVP dictionary just to exercise more code.
+unknown(Config) ->
+    Priv = proplists:get_value(priv_dir, Config),
+    Data = proplists:get_value(data_dir, Config),
+    ok = make(Data, "recv.dia"),
+    ok = make(Data, "avps.dia"),
+    {ok, _, _} = compile("diameter_test_avps.erl"),
+    ok = make(Data, "send.dia"),
+    {ok, _, _} = compile("diameter_test_send.erl"),
+    {ok, _, _} = compile("diameter_test_recv.erl"),
+    {ok, _, _} = compile(filename:join([Data, "diameter_test_unknown.erl"]),
+                         [{i, Priv}]),
+    diameter_test_unknown:run().
+
+make(Dir, File) ->
+    diameter_make:codec(filename:join([Dir, File])).
+
+compile(File) ->
+    compile(File, []).
+
+compile(File, Opts) ->
+    compile:file(File, [return | Opts]).
diff --git a/lib/diameter/test/diameter_codec_SUITE_data/avps.dia b/lib/diameter/test/diameter_codec_SUITE_data/avps.dia
new file mode 100644
index 0000000000..c9d80a37a9
--- /dev/null
+++ b/lib/diameter/test/diameter_codec_SUITE_data/avps.dia
@@ -0,0 +1,25 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+@name diameter_test_avps
+
+@avp_types
+
+   XXX    111    Unsigned32    M
+   YYY    222    Unsigned32    -
diff --git a/lib/diameter/test/diameter_codec_SUITE_data/diameter_test_unknown.erl b/lib/diameter/test/diameter_codec_SUITE_data/diameter_test_unknown.erl
new file mode 100644
index 0000000000..bce3d78a37
--- /dev/null
+++ b/lib/diameter/test/diameter_codec_SUITE_data/diameter_test_unknown.erl
@@ -0,0 +1,76 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(diameter_test_unknown).
+
+-compile(export_all).
+
+%%
+%% Test reception of unknown AVP's.
+%%
+
+-include_lib("diameter/include/diameter.hrl").
+-include("diameter_test_send.hrl").
+-include("diameter_test_recv.hrl").
+
+-define(HOST,  "test.erlang.org").
+-define(REALM, "erlang.org").
+
+%% Patterns to match decoded AVP's.
+-define(MANDATORY_XXX,     #diameter_avp{code = 111}).
+-define(NOT_MANDATORY_YYY, #diameter_avp{code = 222}).
+
+%% Ensure that an unknown AVP with an M flag is regarded as an error
+%% while one without an M flag is returned as 'AVP'.
+
+run() ->
+    H = #diameter_header{version = 1,
+                         end_to_end_id = 1,
+                         hop_by_hop_id = 1},
+    Vs = [{'Origin-Host', ?HOST},
+          {'Origin-Realm', ?REALM},
+          {'XXX', [0]},
+          {'YYY', [1]}],
+    Pkt = #diameter_packet{header = H,
+                           msg = Vs},
+
+    [] = diameter_util:run([{?MODULE, [run, M, enc(M, Pkt)]}
+                            || M <- ['AR','BR']]).
+
+enc(M, #diameter_packet{msg = Vs} = P) ->
+    diameter_codec:encode(diameter_test_send,
+                          P#diameter_packet{msg = [M|Vs]}).
+
+run(M, Pkt) ->
+    dec(M, diameter_codec:decode(diameter_test_recv, Pkt)).
+%% Note that the recv dictionary defines neither XXX nor YYY.
+
+dec('AR', #diameter_packet
+           {msg = #recv_AR{'Origin-Host'  = ?HOST,
+                           'Origin-Realm' = ?REALM,
+                           'AVP' = [?NOT_MANDATORY_YYY]},
+            errors = [{5001, ?MANDATORY_XXX}]}) ->
+    ok;
+
+dec('BR', #diameter_packet
+           {msg = #recv_BR{'Origin-Host'  = ?HOST,
+                           'Origin-Realm' = ?REALM},
+            errors = [{5008, ?NOT_MANDATORY_YYY},
+                      {5001, ?MANDATORY_XXX}]}) ->
+    ok.
diff --git a/lib/diameter/test/diameter_codec_SUITE_data/recv.dia b/lib/diameter/test/diameter_codec_SUITE_data/recv.dia
new file mode 100644
index 0000000000..15fec5a5dd
--- /dev/null
+++ b/lib/diameter/test/diameter_codec_SUITE_data/recv.dia
@@ -0,0 +1,51 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+@id 17
+@name   diameter_test_recv
+@prefix recv
+
+@inherits diameter_gen_base_rfc3588
+
+    Origin-Host
+    Origin-Realm
+    Result-Code
+
+@messages
+
+      AR ::= < Diameter Header: 123, REQ >
+              { Origin-Host }
+              { Origin-Realm }
+            * [ AVP ]
+
+      AA ::= < Diameter Header: 123 >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+            * [ AVP ]
+
+      BR ::= < Diameter Header: 124, REQ >
+              { Origin-Host }
+              { Origin-Realm }
+
+      BA ::= < Diameter Header: 124 >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+            * [ AVP ]
diff --git a/lib/diameter/test/diameter_codec_SUITE_data/send.dia b/lib/diameter/test/diameter_codec_SUITE_data/send.dia
new file mode 100644
index 0000000000..1472f146ae
--- /dev/null
+++ b/lib/diameter/test/diameter_codec_SUITE_data/send.dia
@@ -0,0 +1,56 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+@id 17
+@name   diameter_test_send
+@prefix send
+
+@inherits diameter_gen_base_rfc3588
+
+    Origin-Host
+    Origin-Realm
+    Result-Code
+
+@inherits diameter_test_avps
+
+@messages
+
+      AR ::= < Diameter Header: 123, REQ >
+              { Origin-Host }
+              { Origin-Realm }
+              [ XXX ]
+              [ YYY ]
+
+      AA ::= < Diameter Header: 123 >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+            * [ AVP ]
+
+      BR ::= < Diameter Header: 124, REQ >
+              { Origin-Host }
+              { Origin-Realm }
+              [ XXX ]
+              [ YYY ]
+
+      BA ::= < Diameter Header: 124 >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+            * [ AVP ]
diff --git a/lib/diameter/test/diameter_codec_test.erl b/lib/diameter/test/diameter_codec_test.erl
index 8046ca4c04..fbd38067a8 100644
--- a/lib/diameter/test/diameter_codec_test.erl
+++ b/lib/diameter/test/diameter_codec_test.erl
@@ -30,6 +30,9 @@
 -define(BASE, diameter_gen_base_rfc3588).
 -define(BOOL, [true, false]).
 
+-define(A, list_to_atom).
+-define(S, atom_to_list).
+
 %% ===========================================================================
 %% Interface.
 
@@ -42,7 +45,7 @@ gen(Mod) ->
                                                       command_codes,
                                                       avp_types,
                                                       grouped,
-                                                      enums,
+                                                      enum,
                                                       import_avps,
                                                       import_groups,
                                                       import_enums]]).
@@ -133,7 +136,7 @@ types() ->
 
 gen(M, T) ->
     [] = run(lists:map(fun(X) -> {?MODULE, [gen, M, T, X]} end,
-                       fetch(T, M:dict()))).
+                       fetch(T, dict(M)))).
 
 fetch(T, Spec) ->
     case orddict:find(T, Spec) of
@@ -143,6 +146,10 @@ fetch(T, Spec) ->
             []
     end.
 
+gen(M, messages = T, {Name, Code, Flags, ApplId, Avps})
+  when is_list(Name) ->
+    gen(M, T, {?A(Name), Code, Flags, ApplId, Avps});
+
 gen(M, messages, {Name, Code, Flags, _, _}) ->
     Rname = M:msg2rec(Name),
     Name = M:rec2msg(Rname),
@@ -156,22 +163,16 @@ gen(M, messages, {Name, Code, Flags, _, _}) ->
            end,
     [] = arity(M, Name, Rname);
 
-gen(M, command_codes = T, {Code, {Req, Abbr}, Ans}) ->
-    Rname = M:msg2rec(Req),
-    Rname = M:msg2rec(Abbr),
-    gen(M, T, {Code, Req, Ans});
-
-gen(M, command_codes = T, {Code, Req, {Ans, Abbr}}) ->
-    Rname = M:msg2rec(Ans),
-    Rname = M:msg2rec(Abbr),
-    gen(M, T, {Code, Req, Ans});
-
 gen(M, command_codes, {Code, Req, Ans}) ->
-    Msgs = orddict:fetch(messages, M:dict()),
+    Msgs = orddict:fetch(messages, dict(M)),
     {_, Code, _, _, _} = lists:keyfind(Req, 1, Msgs),
     {_, Code, _, _, _} = lists:keyfind(Ans, 1, Msgs);
 
-gen(M, avp_types, {Name, Code, Type, _Flags, _Encr}) ->
+gen(M, avp_types = T, {Name, Code, Type, Flags})
+  when is_list(Name) ->
+    gen(M, T, {?A(Name), Code, ?A(Type), Flags});
+
+gen(M, avp_types, {Name, Code, Type, _Flags}) ->
     {Code, Flags, VendorId} = M:avp_header(Name),
     0 = Flags band 2#00011111,
     V = undefined /= VendorId,
@@ -181,11 +182,19 @@ gen(M, avp_types, {Name, Code, Type, _Flags, _Encr}) ->
     B = z(B),
     [] = avp_decode(M, Type, Name);
 
+gen(M, grouped = T, {Name, Code, Vid, Avps})
+  when is_list(Name) ->
+    gen(M, T, {?A(Name), Code, Vid, Avps});
+
 gen(M, grouped, {Name, _, _, _}) ->
     Rname = M:name2rec(Name),
     [] = arity(M, Name, Rname);
 
-gen(M, enums, {Name, ED}) ->
+gen(M, enum = T, {Name, ED})
+  when is_list(Name) ->
+    gen(M, T, {?A(Name), lists:map(fun({E,D}) -> {?A(E), D} end, ED)});
+
+gen(M, enum, {Name, ED}) ->
     [] = run([{?MODULE, [enum, M, Name, T]} || T <- ED]);
 
 gen(M, Tag, {_Mod, L}) ->
@@ -253,17 +262,17 @@ arity(M, Name, AvpName, Rec) ->
 
 %% enum/3
 
-enum(M, Name, {E,_}) ->
+enum(M, Name, {_,E}) ->
     B = <<E:32/integer>>,
     B = M:avp(encode, E, Name),
     E = M:avp(decode, B, Name).
 
 retag(import_avps)   -> avp_types;
 retag(import_groups) -> grouped;
-retag(import_enums)  -> enums;
+retag(import_enums)  -> enum;
 
 retag(avp_types) -> import_avps;
-retag(enums)     -> import_enums.
+retag(enum)     -> import_enums.
 
 %% ===========================================================================
 
@@ -370,8 +379,8 @@ values('Time') ->
 %% wrapped as for values/1.
 
 values('Enumerated', Name, Mod) ->
-    {_Name, Vals} = lists:keyfind(Name, 1, types(enums, Mod)),
-    lists:map(fun({N,_}) -> N end, Vals);
+    {_Name, Vals} = lists:keyfind(?S(Name), 1, types(enum, Mod)),
+    lists:map(fun({_,N}) -> N end, Vals);
 
 values('Grouped', Name, Mod) ->
     Rname = Mod:name2rec(Name),
@@ -400,8 +409,8 @@ values('AVP', _) ->
 
 values(Name, Mod) ->
     Avps = types(avp_types, Mod),
-    {Name, _Code, Type, _Flags, _Encr} = lists:keyfind(Name, 1, Avps),
-    b(values(Type, Name, Mod)).
+    {_Name, _Code, Type, _Flags} = lists:keyfind(?S(Name), 1, Avps),
+    b(values(?A(Type), Name, Mod)).
 
 %% group/5
 %%
@@ -467,7 +476,7 @@ types(T, Mod) ->
     types(T, retag(T), Mod).
 
 types(T, IT, Mod) ->
-    Dict = Mod:dict(),
+    Dict = dict(Mod),
     fetch(T, Dict) ++ lists:flatmap(fun({_,As}) -> As end, fetch(IT, Dict)).
 
 %% random/[12]
@@ -498,3 +507,8 @@ flatten({_, {{badmatch, [{_, {{badmatch, _}, _}} | _] = L}, _}}) ->
     L;
 flatten(T) ->
     [T].
+
+%% dict/1
+
+dict(Mod) ->
+    tl(Mod:dict()).
diff --git a/lib/diameter/test/diameter_compiler_SUITE.erl b/lib/diameter/test/diameter_compiler_SUITE.erl
new file mode 100644
index 0000000000..3b4c9706e0
--- /dev/null
+++ b/lib/diameter/test/diameter_compiler_SUITE.erl
@@ -0,0 +1,489 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% Tests of the dictionary file compiler.
+%%
+
+-module(diameter_compiler_SUITE).
+
+-export([suite/0,
+         all/0,
+         init_per_suite/1,
+         end_per_suite/1]).
+
+%% testcases
+-export([format/1,    format/2,
+         replace/1,   replace/2,
+         generate/1,  generate/4,  generate/0,
+         examples/1, examples/0]).
+
+-export([dict/0]).  %% fake dictionary module
+
+-define(base, "base_rfc3588.dia").
+-define(util, diameter_util).
+-define(S, atom_to_list).
+-define(L, integer_to_list).
+
+%% ===========================================================================
+
+%% RE/Replacement (in the sense of re:replace/4) pairs for morphing
+%% base_rfc3588.dia. The key is 'ok' or the the expected error as
+%% returned in the first element of the error tuple returned by
+%% diameter_dict_util:parse/2.
+-define(REPLACE,
+        [{ok,
+          "",
+          ""},
+         {scan,
+          "@id 0",
+          "@id \\&"},
+         {scan,
+          "@name ",
+          "&'"},
+         {parse,
+          "@id 0",
+          "@id @id"},
+         {avp_code_already_defined,
+          "480",
+          "485"},
+         {uint32_out_of_range,
+          "@id 0",
+          "@id 4294967296"},
+         {uint32_out_of_range,
+          "@vendor 0",
+          "@vendor 4294967296"},
+         {uint32_out_of_range,
+          [{"^ *Failed-AVP .*$", "&V"},
+           {"@avp_types", "@avp_vendor_id 4294967296 Failed-AVP\n&"}]},
+         {imported_avp_already_defined,
+          "@avp_types",
+          "@inherits diameter_gen_base_rfc3588 &"},
+         {duplicate_import,
+          [{"@avp_types", "@inherits diameter_gen_base_rfc3588 Class\n&"},
+           {"@avp_types", "@inherits diameter_gen_base_rfc3588\n&"},
+           {"^@avp_types[^@]*", ""},
+           {"^@enum[^&]*", ""}]},
+         {duplicate_section,
+          "@prefix",
+          "@name"},
+         {already_declared,
+          "@enum Termination-Cause",
+          "& XXX 0\n &"},
+         {already_declared,
+          "@define Result-Code",
+          "& XXX 1000 &"},
+         {inherited_avp_already_defined,
+          "@id",
+          "@inherits nomod Origin-Host &"},
+         {avp_already_defined,
+          "@avp_types",
+          "@inherits m XXX\nXXX\n&"},
+         {avp_already_defined,
+          "@avp_types",
+          "@inherits mod1 XXX\n@inherits mod2 XXX\n&"},
+         {key_already_defined,
+          "DIAMETER_SUCCESS",
+          "& 2001\n&"},
+         {messages_without_id,
+          "@id 0",
+          ""},
+         {avp_name_already_defined,
+          "Class",
+          "& 666 Time M\n&"},
+         {avp_has_unknown_type,
+          "Enumerated",
+          "Enum"},
+         {avp_has_invalid_flag,
+          " -",
+          " X"},
+         {avp_has_duplicate_flag,
+          " -",
+          " MM"},
+         {avp_has_vendor_id,
+          "@avp_types",
+          "@avp_vendor_id 667 Class\n&"},
+         {avp_has_no_vendor,
+          [{"^ *Class .*$", "&V"},
+           {"@vendor .*", ""}]},
+         {group_already_defined,
+          "@grouped",
+          "& Failed-AVP ::= < AVP Header: 279 > " "{AVP}\n&"},
+         {grouped_avp_code_mismatch,
+          "(Failed-AVP ::= [^0-9]*27)9",
+          "&8"},
+         {grouped_avp_has_wrong_type,
+          "(Failed-AVP *279 *)Grouped",
+          "\\1Time"},
+         {grouped_avp_not_defined,
+          "Failed-AVP *.*",
+          ""},
+         {grouped_vendor_id_without_flag,
+          "(Failed-AVP .*)>",
+          "\\1 668>"},
+         {grouped_vendor_id_mismatch,
+          [{"(Failed-AVP .*)>", "\\1 17>"},
+           {"^ *Failed-AVP .*$", "&V"},
+           {"@avp_types", "@avp_vendor_id 18 Failed-AVP\n&"}]},
+         {ok,
+          [{"(Failed-AVP .*)>", "\\1 17>"},
+           {"^ *Failed-AVP .*$", "&V"}]},
+         {message_name_already_defined,
+          "CEA ::= .*:",
+          "& 257 > {Result-Code}\n&"},
+         {message_code_already_defined,
+          "CEA( ::= .*)",
+          "XXX\\1 {Result-Code}\n&"},
+         {message_has_duplicate_flag,
+          "(CER ::=.*)>",
+          "\\1, REQ>"},
+         {message_application_id_mismatch,
+         "(CER ::=.*)>",
+          "\\1 1>"},
+         {invalid_avp_order,
+          "CEA ::=",
+          "{Result-Code} &"},
+         {ok,
+          "{ Product-Name",
+          "* &"},
+         {required_avp_has_zero_max_arity,
+          "{ Product-Name",
+          "*0 &"},
+         {required_avp_has_zero_min_arity,
+          "{ Product-Name",
+          "0* &"},
+         {required_avp_has_zero_min_arity,
+          "{ Product-Name",
+          "0*0 &"},
+         {ok,
+          "{ Product-Name",
+          "*1 &"},
+         {ok,
+          "{ Product-Name",
+          "1* &"},
+         {ok,
+          "{ Product-Name",
+          "1*1 &"},
+         {ok,
+          "{ Product-Name",
+          "2* &"},
+         {ok,
+          "{ Product-Name",
+          "*2 &"},
+         {ok,
+          "{ Product-Name",
+          "2*2 &"},
+         {ok,
+          "{ Product-Name",
+          "2*3 &"},
+         {qualifier_has_min_greater_than_max,
+          "{ Product-Name",
+          "3*2 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "* &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "0* &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "*0 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "0*0 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "0*1 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "0*2 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "*1 &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "1* &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "1*1 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "*2 &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "2* &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "2*2 &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "2*3 &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "3*2 &"},
+         {ok,
+          "^ *< Session-Id",
+          "* &"},
+         {ok,
+          "^ *< Session-Id",
+          "*0 &"},
+         {ok,
+          "^ *< Session-Id",
+          "0* &"},
+         {ok,
+          "^ *< Session-Id",
+          "0*0 &"},
+         {ok,
+          "^ *< Session-Id",
+          "0*1 &"},
+         {ok,
+          "^ *< Session-Id",
+          "0*2 &"},
+         {ok,
+          "^ *< Session-Id",
+          "*1 &"},
+         {ok,
+          "^ *< Session-Id",
+          "1* &"},
+         {ok,
+          "^ *< Session-Id",
+          "1*1 &"},
+         {ok,
+          "^ *< Session-Id",
+          "*2 &"},
+         {ok,
+          "^ *< Session-Id",
+          "2* &"},
+         {ok,
+          "^ *< Session-Id",
+          "2*2 &"},
+         {ok,
+          "^ *< Session-Id",
+          "2*3 &"},
+         {qualifier_has_min_greater_than_max,
+          "^ *< Session-Id",
+          "3*2 &"},
+         {avp_already_referenced,
+          "CER ::=.*",
+          "& {Origin-Host}"},
+         {message_missing,
+          "CER ::=",
+          "XXR ::= < Diameter-Header: 666, REQ > {Origin-Host} &"},
+         {requested_avp_not_found,
+          [{"@id", "@inherits diameter_gen_base_rfc3588 XXX &"},
+           {"CEA ::=", "<XXX> &"}]},
+         {requested_avp_not_found,
+          [{"@id", "@inherits diameter_gen_base_rfc3588 'X X X' &"},
+           {"CEA ::=", "<'X X X'> &"}]},
+         {enumerated_avp_has_wrong_local_type,
+          "Enumerated",
+          "Time"},
+         {enumerated_avp_not_defined,
+         [{"{ Disconnect-Cause }", ""},
+          {"^ *Disconnect-Cause .*", ""}]},
+         {avp_not_defined,
+          "CEA ::=",
+          "<XXX> &"},
+         {not_loaded,
+          [{"@avp_types", "@inherits nomod XXX &"},
+           {"CEA ::=", "<XXX> &"}]},
+         {recompile,
+          [{"@avp_types", "@inherits " ++ ?S(?MODULE) ++ " XXX &"},
+           {"CEA ::=", "<XXX> &"}]},
+         {no_dict,
+          [{"@avp_types", "@inherits diameter XXX &"},
+           {"CEA ::=", "<XXX> &"}]},
+         {ok,
+          "@avp_types",
+          "@end & bad syntax"},
+         {parse,
+          "@avp_types",
+          "& bad syntax"},
+         {ok,
+          [{"@avp_types", "& 3XXX 666 Time M 'X X X' 667 Time -"},
+           {"^ *Class .*", "@avp_types"},
+           {"^ *Failed-AVP ", "@avp_types &"},
+           {"@grouped", "&&"},
+           {"^ *Failed-AVP ::=", "@grouped &"},
+           {"CEA ::=", "<'Class'> &"},
+           {"@avp_types", "@inherits diameter_gen_base_rfc3588 Class\n&"},
+           {"@avp_types", "@custom_types mymod "
+                              "Product-Name Firmware-Revision\n"
+                          "@codecs mymod "
+                              "Origin-Host Origin-Realm\n&"}]}]).
+
+%% Standard dictionaries in examples/dict.
+-define(EXAMPLES, [rfc4004_mip,
+                   rfc4005_nas,
+                   rfc4006_cc,
+                   rfc4072_eap,
+                   rfc4590_digest,
+                   rfc4740_sip]).
+
+%% ===========================================================================
+
+suite() ->
+    [{timetrap, {seconds, 5}}].
+
+all() ->
+    [format,
+     replace,
+     generate,
+     examples].
+
+%% Error handling testcases will make an erroneous dictionary out of
+%% the base dictionary and check that the expected error results.
+%% ?REPLACE encodes the modifications and expected error.
+init_per_suite(Config) ->
+    Path = filename:join([code:lib_dir(diameter, src), "dict", ?base]),
+    {ok, Bin} = file:read_file(Path),
+    [{base, Bin} | Config].
+
+end_per_suite(_Config) ->
+    ok.
+
+%% ===========================================================================
+%% format/1
+%%
+%% Ensure that parse o format is the identity map.
+
+format(Config) ->
+    Bin = proplists:get_value(base, Config),
+    [] = ?util:run([{?MODULE, [format, M, Bin]}
+                    || E <- ?REPLACE,
+                       {ok, M} <- [norm(E)]]).
+
+format(Mods, Bin) ->
+    B = modify(Bin, Mods),
+    {ok, Dict} = diameter_dict_util:parse(B, []),
+    {ok, D} = diameter_dict_util:parse(diameter_dict_util:format(Dict), []),
+    {Dict, Dict} = {Dict, D}.
+
+%% ===========================================================================
+%% replace/1
+%%
+%% Ensure the expected success/error when parsing a morphed common
+%% dictionary.
+
+replace(Config) ->
+    Bin = proplists:get_value(base, Config),
+    [] = ?util:run([{?MODULE, [replace, N, Bin]}
+                    || E <- ?REPLACE,
+                       N <- [norm(E)]]).
+
+replace({E, Mods}, Bin) ->
+    B = modify(Bin, Mods),
+    case {E, diameter_dict_util:parse(B, [{include, here()}]), Mods} of
+        {ok, {ok, Dict}, _} ->
+            Dict;
+        {_, {error, {E,_} = T}, _} ->
+            S = diameter_dict_util:format_error(T),
+            true = nochar($", S, E),
+            true = nochar($', S, E),
+            S
+    end.
+
+re({RE, Repl}, Bin) ->
+    re:replace(Bin, RE, Repl, [multiline]).
+
+%% ===========================================================================
+%% generate/1
+%%
+%% Ensure success when generating code and compiling.
+
+generate() ->
+    [{timetrap, {seconds, 2*length(?REPLACE)}}].
+
+generate(Config) ->
+    Bin = proplists:get_value(base, Config),
+    Rs  = lists:zip(?REPLACE, lists:seq(1, length(?REPLACE))),
+    [] = ?util:run([{?MODULE, [generate, M, Bin, N, T]}
+                    || {E,N} <- Rs,
+                       {ok, M} <- [norm(E)],
+                       T <- [erl, hrl, spec]]).
+
+generate(Mods, Bin, N, Mode) ->
+    B = modify(Bin, Mods ++ [{"@name .*", "@name dict" ++ ?L(N)}]),
+    {ok, Dict} = diameter_dict_util:parse(B, []),
+    File = "dict" ++ integer_to_list(N),
+    {_, ok} = {Dict, diameter_codegen:from_dict("dict",
+                                                Dict,
+                                                [{name, File},
+                                                 {prefix, "base"},
+                                                 debug],
+                                                Mode)},
+    Mode == erl
+        andalso ({ok, _} = compile:file(File ++ ".erl", [return_errors])).
+
+%% ===========================================================================
+%% examples/1
+%%
+%% Compile dictionaries extracted from various standards.
+
+examples() ->
+    [{timetrap, {seconds, 3*length(?EXAMPLES)}}].
+
+examples(_Config) ->
+    Dir = filename:join([code:lib_dir(diameter, examples), "dict"]),
+    [D || D <- ?EXAMPLES, _ <- [examples(?S(D), Dir)]].
+
+examples(Dict, Dir) ->
+    {Name, Pre} = make_name(Dict),
+    ok = diameter_make:codec(filename:join([Dir, Dict ++ ".dia"]),
+                             [{name, Name},
+                              {prefix, Pre},
+                              inherits("rfc3588_base")
+                              | opts(Dict)]),
+    {ok, _, _} = compile:file(Name ++ ".erl", [return]).
+
+opts(M)
+  when M == "rfc4006_cc";
+       M == "rfc4072_eap" ->
+    [inherits("rfc4005_nas")];
+opts("rfc4740_sip") ->
+    [inherits("rfc4590_digest")];
+opts(_) ->
+    [].
+
+inherits(File) ->
+    {Name, _} = make_name(File),
+    {inherits, File ++ "/" ++ Name}.
+
+make_name(File) ->
+    {R, [$_|N]} = lists:splitwith(fun(C) -> C /= $_ end, File),
+    {string:join(["diameter_gen", N, R], "_"), "diameter_" ++ N}.
+
+%% ===========================================================================
+
+modify(Bin, Mods) ->
+    lists:foldl(fun re/2, Bin, Mods).
+
+norm({E, RE, Repl}) ->
+    {E, [{RE, Repl}]};
+norm({_,_} = T) ->
+    T.
+
+nochar(Char, Str, Err) ->
+    Err == parse orelse not lists:member(Char, Str) orelse Str.
+
+here() ->
+    filename:dirname(code:which(?MODULE)).
+
+dict() ->
+    [0 | orddict:new()].
diff --git a/lib/diameter/test/diameter_dict_SUITE.erl b/lib/diameter/test/diameter_dict_SUITE.erl
index 87bb9727fe..5cf8506d3f 100644
--- a/lib/diameter/test/diameter_dict_SUITE.erl
+++ b/lib/diameter/test/diameter_dict_SUITE.erl
@@ -25,9 +25,7 @@
 
 -export([suite/0,
          all/0,
-         groups/0,
-         init_per_group/2,
-         end_per_group/2]).
+         groups/0]).
 
 %% testcases
 -export([append/1,
@@ -53,10 +51,11 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [{group, all} | tc()].
+    [{group, all},
+     {group, all, [parallel]}].
 
 groups() ->
-    [{all, [parallel], tc()}].
+    [{all, [], tc()}].
 
 tc() ->
     [append,
@@ -71,12 +70,6 @@ tc() ->
      update,
      update_counter].
 
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
-
 %% ===========================================================================
 
 -define(KV100, [{N,[N]} || N <- lists:seq(1,100)]).
diff --git a/lib/diameter/test/diameter_failover_SUITE.erl b/lib/diameter/test/diameter_failover_SUITE.erl
index f4d62f94c6..53398dd93e 100644
--- a/lib/diameter/test/diameter_failover_SUITE.erl
+++ b/lib/diameter/test/diameter_failover_SUITE.erl
@@ -48,18 +48,13 @@
          stop/1]).
 
 %% diameter callbacks
--export([peer_up/3,
-         peer_down/3,
-         pick_peer/4,
+-export([pick_peer/4,
          prepare_request/3,
-         prepare_retransmit/3,
          handle_answer/4,
-         handle_error/4,
          handle_request/3]).
 
 -include("diameter.hrl").
 -include("diameter_gen_base_rfc3588.hrl").
--include("diameter_ct.hrl").
 
 %% ===========================================================================
 
@@ -91,7 +86,12 @@
          {'Acct-Application-Id', [Dict:id()]},
          {application, [{alias, ?APP_ALIAS},
                         {dictionary, Dict},
-                        {module, ?MODULE},
+                        {module, #diameter_callback
+                                  {peer_up = false,
+                                   peer_down = false,
+                                   handle_error = false,
+                                   prepare_retransmit = false,
+                                   default = ?MODULE}},
                         {answer_errors, callback}]}]).
 
 -define(SUCCESS, 2001).
@@ -174,23 +174,13 @@ realm(Host) ->
 
 call(Req, Opts) ->
     diameter:call(?CLIENT, ?APP_ALIAS, Req, Opts).
-    
+
 set([H|T], Vs) ->
     [H | Vs ++ T].
 
 %% ===========================================================================
 %% diameter callbacks
 
-%% peer_up/3
-
-peer_up(_SvcName, _Peer, State) ->
-    State.
-
-%% peer_down/3
-
-peer_down(_SvcName, _Peer, State) ->
-    State.
-
 %% pick_peer/4
 
 %% Choose a server other than SERVER3 or SERVER5 if possible.
@@ -219,22 +209,12 @@ prepare(#diameter_packet{msg = Req}, Caps) ->
               {'Origin-Host',  OH},
               {'Origin-Realm', OR}]).
 
-%% prepare_retransmit/3
-
-prepare_retransmit(Pkt, ?CLIENT, _Peer) ->
-    {send, Pkt}.
-
 %% handle_answer/4
 
 handle_answer(Pkt, _Req, ?CLIENT, _Peer) ->
     #diameter_packet{msg = Rec, errors = []} = Pkt,
     Rec.
 
-%% handle_error/4
-
-handle_error(Reason, _Req, ?CLIENT, _Peer) ->
-    {error, Reason}.
-
 %% handle_request/3
 
 %% Only SERVER3 actually answers.
diff --git a/lib/diameter/test/diameter_gen_sctp_SUITE.erl b/lib/diameter/test/diameter_gen_sctp_SUITE.erl
new file mode 100644
index 0000000000..7f435a6b7a
--- /dev/null
+++ b/lib/diameter/test/diameter_gen_sctp_SUITE.erl
@@ -0,0 +1,354 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% Some gen_sctp-specific tests demonstrating problems that were
+%% encountered during diameter development but have nothing
+%% specifically to do with diameter. At least one of them can cause
+%% diameter_transport_SUITE testcases to fail.
+%%
+
+-module(diameter_gen_sctp_SUITE).
+
+-export([suite/0,
+         all/0,
+         init_per_suite/1,
+         end_per_suite/1]).
+
+%% testcases
+-export([send_not_from_controlling_process/1,
+         send_from_multiple_clients/1,
+         receive_what_was_sent/1]).
+
+-include_lib("kernel/include/inet_sctp.hrl").
+
+%% Message from gen_sctp are of this form.
+-define(SCTP(Sock, Data), {sctp, Sock, _, _, Data}).
+
+%% Open sockets on the loopback address.
+-define(ADDR, {127,0,0,1}).
+
+%% Snooze, nap, siesta.
+-define(SLEEP(T), receive after T -> ok end).
+
+%% An indescribably long number of milliseconds after which everthing
+%% that should have happened has.
+-define(FOREVER, 2000).
+
+%% The first byte in each message we send as a simple guard against
+%% not receiving what was sent.
+-define(MAGIC, 42).
+
+%% ===========================================================================
+
+suite() ->
+    [{timetrap, {minutes, 2}}].
+
+all() ->
+    [send_not_from_controlling_process,
+     send_from_multiple_clients,
+     receive_what_was_sent].
+
+init_per_suite(Config) ->
+    case gen_sctp:open() of
+        {ok, Sock} ->
+            gen_sctp:close(Sock),
+            Config;
+        {error, E} when E == eprotonosupport;
+                        E == esocktnosupport ->
+            {skip, no_sctp}
+    end.
+
+end_per_suite(_Config) ->
+    ok.
+
+%% ===========================================================================
+
+%% send_not_from_controlling_process/1
+%%
+%% This testcase failing shows gen_sctp:send/4 hanging when called
+%% outside the controlling process of the socket in question.
+
+send_not_from_controlling_process(_) ->
+    Pids = send_not_from_controlling_process(),
+    ?SLEEP(?FOREVER),
+    try
+        [] = [{P,I} || P <- Pids, I <- [process_info(P)], I /= undefined]
+    after
+        lists:foreach(fun(P) -> exit(P, kill) end, Pids)
+    end.
+
+%% send_not_from_controlling_process/0
+%%
+%% Returns the pids of three spawned processes: a listening process, a
+%% connecting process and a sending process.
+%%
+%% The expected behaviour is that all three processes exit:
+%%
+%% - The listening process exits upon receiving an SCTP message
+%%   sent by the sending process.
+%% - The connecting process exits upon listening process exit.
+%% - The sending process exits upon gen_sctp:send/4 return.
+%%
+%% The observed behaviour is that all three processes remain alive
+%% indefinitely:
+%%
+%% - The listening process never receives the SCTP message sent
+%%   by the sending process.
+%% - The connecting process has an inet_reply message in its mailbox
+%%   as a consequence of the call to gen_sctp:send/4 call from the
+%%   sending process.
+%% - The call to gen_sctp:send/4 in the sending process doesn't return,
+%%   hanging in prim_inet:getopts/2.
+
+send_not_from_controlling_process() ->
+    FPid = self(),
+    {L, MRef} = spawn_monitor(fun() -> listen(FPid) end),%% listening process
+    receive
+        {?MODULE, C, S} ->
+            erlang:demonitor(MRef, [flush]),
+            [L,C,S];
+        {'DOWN', MRef, process, _, _} = T ->
+            error(T)
+    end.
+
+%% listen/1
+
+listen(FPid) ->
+    {ok, Sock} = open(),
+    ok = gen_sctp:listen(Sock, true),
+    {ok, PortNr} = inet:port(Sock),
+    LPid = self(),
+    spawn(fun() -> connect1(PortNr, FPid, LPid) end), %% connecting process
+    Id = assoc(Sock),
+    ?SCTP(Sock, {[#sctp_sndrcvinfo{assoc_id = Id}], _Bin})
+        = recv(). %% Waits with this as current_function.
+
+%% recv/0
+
+recv() ->
+    receive T -> T end.
+
+%% connect1/3
+
+connect1(PortNr, FPid, LPid) ->
+    {ok, Sock} = open(),
+    ok = gen_sctp:connect_init(Sock, ?ADDR, PortNr, []),
+    Id = assoc(Sock),
+    FPid ! {?MODULE,
+            self(),
+            spawn(fun() -> send(Sock, Id) end)}, %% sending process
+    MRef = erlang:monitor(process, LPid),
+    down(MRef).  %% Waits with this as current_function.
+
+%% down/1
+
+down(MRef) ->
+    receive {'DOWN', MRef, process, _, Reason} -> Reason end.
+
+%% send/2
+
+send(Sock, Id) ->
+    ok = gen_sctp:send(Sock, Id, 0, <<0:32>>).
+
+%% ===========================================================================
+
+%% send_from_multiple_clients/0
+%%
+%% Demonstrates sluggish delivery of messages.
+
+send_from_multiple_clients(_) ->
+    {S, Rs} = T = send_from_multiple_clients(8, 1024),
+    {false, [], _} = {?FOREVER < S,
+                      Rs -- [OI || {O,_} = OI <- Rs, is_integer(O)],
+                      T}.
+
+%% send_from_multiple_clients/2
+%%
+%% Opens a listening socket and then spawns a specified number of
+%% processes, each of which connects to the listening socket. Each
+%% connecting process then sends a message, whose size in bytes is
+%% passed as an argument, the listening process sends a reply
+%% containing the time at which the message was received, and the
+%% connecting process then exits upon reception of this reply.
+%%
+%% Returns the elapsed time for all connecting process to exit
+%% together with a list of exit reasons for the connecting processes.
+%% In the successful case a connecting process exits with the
+%% outbound/inbound transit times for the sent/received message as
+%% reason.
+%%
+%% The observed behaviour is that some outbound messages (that is,
+%% from a connecting process to the listening process) can take an
+%% unexpectedly long time to complete their journey. The more
+%% connecting processes, the longer the possible delay it seems.
+%%
+%% eg. (With F = fun send_from_multiple_clients/2.)
+%%
+%%     5> F(2, 1024).
+%%     {875,[{128,116},{113,139}]}
+%%     6> F(4, 1024).
+%%     {2995290,[{2994022,250},{2994071,80},{200,130},{211,113}]}
+%%     7> F(8, 1024).
+%%     {8997461,[{8996161,116},
+%%               {2996471,86},
+%%               {2996278,116},
+%%               {2996360,95},
+%%               {246,112},
+%%               {213,159},
+%%               {373,173},
+%%               {376,118}]}
+%%     8> F(8, 1024).
+%%     {21001891,[{20999968,128},
+%%                {8997891,172},
+%%                {8997927,91},
+%%                {2995716,164},
+%%                {2995860,87},
+%%                {134,100},
+%%                {117,98},
+%%                {149,125}]}
+
+send_from_multiple_clients(N, Sz)
+  when is_integer(N), 0 < N, is_integer(Sz), 0 < Sz ->
+    timer:tc(fun listen/2, [N, <<?MAGIC, 0:Sz/unit:8>>]).
+
+%% listen/2
+
+listen(N, Bin) ->
+    {ok, Sock} = open(),
+    ok = gen_sctp:listen(Sock, true),
+    {ok, PortNr} = inet:port(Sock),
+
+    %% Spawn a middleman that in turn spawns N connecting processes,
+    %% collects a list of exit reasons and then exits with the list as
+    %% reason. loop/3 returns when we receive this list from the
+    %% middleman's 'DOWN'.
+
+    Self = self(),
+    Fun = fun() -> exit(connect2(Self, PortNr, Bin)) end,
+    {_, MRef} = spawn_monitor(fun() -> exit(fold(N, Fun)) end),
+    loop(Sock, MRef, Bin).
+
+%% fold/2
+%%
+%% Spawn N processes and collect their exit reasons in a list.
+
+fold(N, Fun) ->
+    start(N, Fun),
+    acc(N, []).
+
+start(0, _) ->
+    ok;
+start(N, Fun) ->
+    spawn_monitor(Fun),
+    start(N-1, Fun).
+
+acc(0, Acc) ->
+    Acc;
+acc(N, Acc) ->
+    receive
+        {'DOWN', _MRef, process, _, RC} ->
+            acc(N-1, [RC | Acc])
+    end.
+
+%% loop/3
+
+loop(Sock, MRef, Bin) ->
+    receive
+        ?SCTP(Sock, {[#sctp_sndrcvinfo{assoc_id = Id}], B}) ->
+            Sz = size(Bin),
+            {Sz, Bin} = {size(B), B},  %% assert
+            ok = send(Sock, Id, mark(Bin)),
+            loop(Sock, MRef, Bin);
+        ?SCTP(Sock, _) ->
+            loop(Sock, MRef, Bin);
+        {'DOWN', MRef, process, _, Reason} ->
+            Reason
+    end.
+
+%% connect2/3
+
+connect2(Pid, PortNr, Bin) ->
+    erlang:monitor(process, Pid),
+
+    {ok, Sock} = open(),
+    ok = gen_sctp:connect_init(Sock, ?ADDR, PortNr, []),
+    Id = assoc(Sock),
+
+    %% T1 = time before send
+    %% T2 = time after listening process received our message
+    %% T3 = time after reply is received
+
+    T1 = now(),
+    ok = send(Sock, Id, Bin),
+    T2 = unmark(recv(Sock, Id)),
+    T3 = now(),
+    {timer:now_diff(T2, T1), timer:now_diff(T3, T2)}. %% {Outbound, Inbound}
+
+%% recv/2
+
+recv(Sock, Id) ->
+    receive
+        ?SCTP(Sock, {[#sctp_sndrcvinfo{assoc_id = Id}], Bin}) ->
+            Bin;
+        T ->  %% eg. 'DOWN'
+            exit(T)
+    end.
+
+%% send/3
+
+send(Sock, Id, Bin) ->
+    gen_sctp:send(Sock, Id, 0, Bin).
+
+%% mark/1
+
+mark(Bin) ->
+    Info = term_to_binary(now()),
+    <<Info/binary, Bin/binary>>.
+
+%% unmark/1
+
+unmark(Bin) ->
+    {_,_,_} = binary_to_term(Bin).
+
+%% ===========================================================================
+
+%% receive_what_was_sent/1
+%%
+%% Demonstrates reception of a message that differs from that sent.
+
+receive_what_was_sent(_Config) ->
+    send_from_multiple_clients(1, 1024*32).  %% fails
+
+%% ===========================================================================
+
+%% open/0
+
+open() ->
+    gen_sctp:open([{ip, ?ADDR}, {port, 0}, {active, true}, binary]).
+
+%% assoc/1
+
+assoc(Sock) ->
+    receive
+        ?SCTP(Sock, {[], #sctp_assoc_change{state = S,
+                                            assoc_id = Id}}) ->
+            comm_up = S,  %% assert
+            Id
+    end.
diff --git a/lib/diameter/test/diameter_reg_SUITE.erl b/lib/diameter/test/diameter_reg_SUITE.erl
index ade824c9dd..ec6a0ca731 100644
--- a/lib/diameter/test/diameter_reg_SUITE.erl
+++ b/lib/diameter/test/diameter_reg_SUITE.erl
@@ -26,8 +26,6 @@
 -export([suite/0,
          all/0,
          groups/0,
-         init_per_group/2,
-         end_per_group/2,
          init_per_suite/1,
          end_per_suite/1]).
 
@@ -48,10 +46,11 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [{group, all} | tc()].
+    [{group, all},
+     {group, all, [parallel]}].
 
 groups() ->
-    [{all, [parallel], tc()}].
+    [{all, [], tc()}].
 
 tc() ->
     [add,
@@ -61,12 +60,6 @@ tc() ->
      terms,
      pids].
 
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
-
 init_per_suite(Config) ->
     ok = diameter:start(),
     Config.
diff --git a/lib/diameter/test/diameter_relay_SUITE.erl b/lib/diameter/test/diameter_relay_SUITE.erl
index 40cbdf805a..70e1866791 100644
--- a/lib/diameter/test/diameter_relay_SUITE.erl
+++ b/lib/diameter/test/diameter_relay_SUITE.erl
@@ -35,9 +35,7 @@
 
 -export([suite/0,
          all/0,
-         groups/0,
-         init_per_group/2,
-         end_per_group/2]).
+         groups/0]).
 
 %% testcases
 -export([start/1,
@@ -55,18 +53,14 @@
          stop/1]).
 
 %% diameter callbacks
--export([peer_up/3,
-         peer_down/3,
-         pick_peer/4,
+-export([pick_peer/4,
          prepare_request/3,
          prepare_retransmit/3,
          handle_answer/4,
-         handle_error/4,
          handle_request/3]).
 
 -include("diameter.hrl").
 -include("diameter_gen_base_rfc3588.hrl").
--include("diameter_ct.hrl").
 
 %% ===========================================================================
 
@@ -102,7 +96,10 @@
          {'Acct-Application-Id', [Dict:id()]},
          {application, [{alias, ?APP_ALIAS},
                         {dictionary, Dict},
-                        {module, ?MODULE},
+                        {module, #diameter_callback{peer_up = false,
+                                                    peer_down = false,
+                                                    handle_error = false,
+                                                    default = ?MODULE}},
                         {answer_errors, callback}]}]).
 
 -define(SUCCESS, 2001).
@@ -118,21 +115,17 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [start, start_services, connect]
-        ++ tc()
-        ++ [{group, all},
-            disconnect,
-            stop_services,
-            stop].
+    [start,
+     start_services,
+     connect,
+     {group, all},
+     {group, all, [parallel]},
+     disconnect,
+     stop_services,
+     stop].
 
 groups() ->
-    [{all, [parallel], tc()}].
-
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
+    [{all, [], tc()}].
 
 %% Traffic cases run when services are started and connections
 %% established.
@@ -249,23 +242,13 @@ call(Server) ->
 
 call(Req, Opts) ->
     diameter:call(?CLIENT, ?APP_ALIAS, Req, Opts).
-    
+
 set([H|T], Vs) ->
     [H | Vs ++ T].
 
 %% ===========================================================================
 %% diameter callbacks
 
-%% peer_up/3
-
-peer_up(_SvcName, _Peer, State) ->
-    State.
-
-%% peer_down/3
-
-peer_down(_SvcName, _Peer, State) ->
-    State.
-
 %% pick_peer/4
 
 pick_peer([Peer | _], _, Svc, _State)
@@ -309,11 +292,6 @@ handle_answer(Pkt, _Req, ?CLIENT, _Peer) ->
     #diameter_packet{msg = Rec, errors = []} = Pkt,
     Rec.
 
-%% handle_error/4
-
-handle_error(Reason, _Req, _Svc, _Peer) ->
-    {error, Reason}.
-
 %% handle_request/3
 
 handle_request(Pkt, OH, {_Ref, #diameter_caps{origin_host = {OH,_}} = Caps})
diff --git a/lib/diameter/test/diameter_stats_SUITE.erl b/lib/diameter/test/diameter_stats_SUITE.erl
index e50a0050a6..e7807fd360 100644
--- a/lib/diameter/test/diameter_stats_SUITE.erl
+++ b/lib/diameter/test/diameter_stats_SUITE.erl
@@ -26,8 +26,6 @@
 -export([suite/0,
          all/0,
          groups/0,
-         init_per_group/2,
-         end_per_group/2,
          init_per_suite/1,
          end_per_suite/1]).
 
@@ -44,21 +42,16 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [{group, all} | tc()].
+    [{group, all},
+     {group, all, [parallel]}].
 
 groups() ->
-    [{all, [parallel], tc()}].
+    [{all, [], tc()}].
 
 tc() ->
     [an,
      twa].
 
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
-
 init_per_suite(Config) ->
     ok = diameter:start(),
     Config.
diff --git a/lib/diameter/test/diameter_sync_SUITE.erl b/lib/diameter/test/diameter_sync_SUITE.erl
index 84f77b6066..ab629fb1c1 100644
--- a/lib/diameter/test/diameter_sync_SUITE.erl
+++ b/lib/diameter/test/diameter_sync_SUITE.erl
@@ -26,8 +26,6 @@
 -export([suite/0,
          all/0,
          groups/0,
-         init_per_group/2,
-         end_per_group/2,
          init_per_suite/1,
          end_per_suite/1]).
 
@@ -48,10 +46,11 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [{group, all} | tc()].
+    [{group, all},
+     {group, all, [parallel]}].
 
 groups() ->
-    [{all, [parallel], tc()}].
+    [{all, [], tc()}].
 
 tc() ->
     [call,
@@ -59,12 +58,6 @@ tc() ->
      timeout,
      flush].
 
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
-
 init_per_suite(Config) ->
     ok = diameter:start(),
     Config.
diff --git a/lib/diameter/test/diameter_tls_SUITE.erl b/lib/diameter/test/diameter_tls_SUITE.erl
index 127e3435dc..85b953dc1a 100644
--- a/lib/diameter/test/diameter_tls_SUITE.erl
+++ b/lib/diameter/test/diameter_tls_SUITE.erl
@@ -36,8 +36,6 @@
 -export([suite/0,
          all/0,
          groups/0,
-         init_per_group/2,
-         end_per_group/2,
          init_per_suite/1,
          end_per_suite/1]).
 
@@ -58,18 +56,13 @@
          stop_ssl/1]).
 
 %% diameter callbacks
--export([peer_up/3,
-         peer_down/3,
-         pick_peer/4,
-         prepare_request/3,
+-export([prepare_request/3,
          prepare_retransmit/3,
          handle_answer/4,
-         handle_error/4,
          handle_request/3]).
 
 -include("diameter.hrl").
 -include("diameter_gen_base_rfc3588.hrl").
--include("diameter_ct.hrl").
 
 %% ===========================================================================
 
@@ -105,7 +98,11 @@
          {'Auth-Application-Id', [Dict:id()]},
          {application, [{alias, ?APP_ALIAS},
                         {dictionary, Dict},
-                        {module, ?MODULE},
+                        {module, #diameter_callback{peer_up = false,
+                                                    peer_down = false,
+                                                    pick_peer = false,
+                                                    handle_error = false,
+                                                    default = ?MODULE}},
                         {answer_errors, callback}]}]).
 
 %% Config for diameter:add_transport/2. In the listening case, listen
@@ -137,31 +134,33 @@ all() ->
      start_diameter,
      make_certs,
      start_services,
-     add_transports]
-        ++ [{group, N} || {N, _, _} <- groups()]
-        ++ [remove_transports, stop_services, stop_diameter, stop_ssl].
+     add_transports,
+     {group, all},
+     {group, all, [parallel]},
+     remove_transports,
+     stop_services,
+     stop_diameter,
+     stop_ssl].
 
 groups() ->
-    Ts = tc(),
-    [{all, [], Ts},
-     {p, [parallel], Ts}].
-
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
+    [{all, [], tc()}].
 
+%% Shouldn't really have to know about crypto here but 'ok' from
+%% ssl:start() isn't enough to guarantee that TLS is available.
 init_per_suite(Config) ->
-    case os:find_executable("openssl") of
-        false ->
-            {skip, no_openssl};
-        _ ->
-            Config
+    try
+        false /= os:find_executable("openssl")
+            orelse throw({?MODULE, no_openssl}),
+        ok == (catch crypto:start())
+            orelse throw({?MODULE, no_crypto}),
+        Config
+    catch
+        {?MODULE, E} ->
+            {skip, E}
     end.
 
 end_per_suite(_Config) ->
-    ok.
+    crypto:stop().
 
 %% Testcases to run when services are started and connections
 %% established.
@@ -246,21 +245,6 @@ send5(_Config) ->
 %% ===========================================================================
 %% diameter callbacks
 
-%% peer_up/3
-
-peer_up(_SvcName, _Peer, State) ->
-    State.
-
-%% peer_down/3
-
-peer_down(_SvcName, _Peer, State) ->
-    State.
-
-%% pick_peer/4
-
-pick_peer([Peer], _, ?CLIENT, _State) ->
-    {ok, Peer}.
-
 %% prepare_request/3
 
 prepare_request(#diameter_packet{msg = Req},
@@ -285,11 +269,6 @@ handle_answer(Pkt, _Req, ?CLIENT, _Peer) ->
     #diameter_packet{msg = Rec, errors = []} = Pkt,
     Rec.
 
-%% handle_error/4
-
-handle_error(Reason, _Req, ?CLIENT, _Peer) ->
-    {error, Reason}.
-
 %% handle_request/3
 
 handle_request(#diameter_packet{msg = #diameter_base_STR{'Session-Id' = SId}},
diff --git a/lib/diameter/test/diameter_traffic_SUITE.erl b/lib/diameter/test/diameter_traffic_SUITE.erl
index 55c5fc7c54..6eed8d3b5d 100644
--- a/lib/diameter/test/diameter_traffic_SUITE.erl
+++ b/lib/diameter/test/diameter_traffic_SUITE.erl
@@ -89,7 +89,6 @@
 
 -include("diameter.hrl").
 -include("diameter_gen_base_rfc3588.hrl").
--include("diameter_ct.hrl").
 
 %% ===========================================================================
 
@@ -163,27 +162,16 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [start, start_services, add_transports, result_codes
-     | [{group, N} || {N, _, _} <- groups()]]
+    [start, start_services, add_transports, result_codes]
+        ++ [{group, E, P} || E <- ?ENCODINGS, P <- [[], [parallel]]]
         ++ [remove_transports, stop_services, stop].
 
 groups() ->
     Ts = tc(),
-    [{grp(E,P), P, Ts} || E <- ?ENCODINGS, P <- [[], [parallel]]].
-
-grp(E, []) ->
-    E;
-grp(E, [parallel]) ->
-    ?P(E).
+    [{E, [], Ts} || E <- ?ENCODINGS].
 
 init_per_group(Name, Config) ->
-    E = case ?L(Name) of
-            "p_" ++ Rest ->
-                ?A(Rest);
-            _ ->
-                Name
-        end,
-    [{encode, E} | Config].
+    [{encode, Name} | Config].
 
 end_per_group(_, _) ->
     ok.
@@ -517,10 +505,10 @@ send_multiple_filters(Config, Fs) ->
 %% Ensure that we can pass a request in any form to diameter:call/4,
 %% only the return value from the prepare_request callback being
 %% significant.
-send_anything(Config) ->    
+send_anything(Config) ->
     #diameter_base_STA{'Result-Code' = ?SUCCESS}
         = call(Config, anything).
-    
+
 %% ===========================================================================
 
 call(Config, Req) ->
diff --git a/lib/diameter/test/diameter_transport_SUITE.erl b/lib/diameter/test/diameter_transport_SUITE.erl
index c22adc3334..893b7ba2f9 100644
--- a/lib/diameter/test/diameter_transport_SUITE.erl
+++ b/lib/diameter/test/diameter_transport_SUITE.erl
@@ -27,8 +27,6 @@
 -export([suite/0,
          all/0,
          groups/0,
-         init_per_group/2,
-         end_per_group/2,
          init_per_suite/1,
          end_per_suite/1]).
 
@@ -46,7 +44,6 @@
 
 -include_lib("kernel/include/inet_sctp.hrl").
 -include("diameter.hrl").
--include("diameter_ct.hrl").
 
 -define(util, diameter_util).
 
@@ -93,10 +90,13 @@ suite() ->
     [{timetrap, {minutes, 2}}].
 
 all() ->
-    [start | tc()] ++ [{group, all}, stop].
+    [start,
+     {group, all},
+     {group, all, [parallel]},
+     stop].
 
 groups() ->
-    [{all, [parallel], tc()}].
+    [{all, [], tc()}].
 
 tc() ->
     [tcp_accept,
@@ -104,12 +104,6 @@ tc() ->
      sctp_accept,
      sctp_connect].
 
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
-
 init_per_suite(Config) ->
     [{sctp, have_sctp()} | Config].
 
@@ -176,14 +170,12 @@ connect(Prot) ->
 %% have_sctp/0
 
 have_sctp() ->
-    try gen_sctp:open() of
+    case gen_sctp:open() of
         {ok, Sock} ->
             gen_sctp:close(Sock),
             true;
-        {error, eprotonosupport} ->  %% fail on any other reason
-            false
-    catch
-        error: badarg ->
+        {error, E} when E == eprotonosupport;
+                        E == esocktnosupport -> %% fail on any other reason
             false
     end.
 
@@ -220,7 +212,7 @@ init(gen_connect, {Prot, Ref}) ->
     [PortNr] = ?util:lport(Prot, Ref, 20),
 
     %% Connect, send a message and receive it back.
-    {ok, Sock} = gen_connect(Prot, PortNr, Ref),
+    {ok, Sock} = gen_connect(Prot, PortNr),
     Bin = make_msg(),
     ok = gen_send(Prot, Sock, Bin),
     Bin = gen_recv(Prot, Sock);
@@ -359,20 +351,7 @@ tmod(tcp) ->
 
 %% ===========================================================================
 
-%% gen_connect/3
-
-gen_connect(Prot, PortNr, Ref) ->
-    Pid = sync(connect, Ref),
-
-    %% Stagger connect attempts to avoid the situation that no
-    %% transport process is accepting yet.
-    receive after 250 -> ok end,
-
-    try
-        gen_connect(Prot, PortNr)
-    after
-        Pid ! Ref
-    end.
+%% gen_connect/2
 
 gen_connect(sctp = P, PortNr) ->
     {ok, Sock} = Ok = gen_sctp:open([{ip, ?ADDR}, {port, 0} | ?SCTP_OPTS]),
diff --git a/lib/diameter/test/diameter_util.erl b/lib/diameter/test/diameter_util.erl
index 6b1dc1f0c9..0c42f955ad 100644
--- a/lib/diameter/test/diameter_util.erl
+++ b/lib/diameter/test/diameter_util.erl
@@ -212,7 +212,7 @@ read_priv(Config, Name) ->
 read(Path) ->
     {ok, Bin} = file:read_file(Path),
     binary_to_term(Bin).
-    
+
 %% map_priv/3
 %%
 %% Modify a term in a file and return both old and new values.
diff --git a/lib/diameter/test/diameter_watchdog_SUITE.erl b/lib/diameter/test/diameter_watchdog_SUITE.erl
index b40d7c104d..ff40326947 100644
--- a/lib/diameter/test/diameter_watchdog_SUITE.erl
+++ b/lib/diameter/test/diameter_watchdog_SUITE.erl
@@ -306,11 +306,8 @@ watchdog(Type, Ref, TPid, Wd) ->
     Opts = [{transport_module, ?MODULE},
             {transport_config, TPid},
             {watchdog_timer, Wd}],
-    monitor(diameter_watchdog:start({Type, Ref},
-                                    {false, Opts, false, ?SERVICE})).
-
-monitor(Pid) ->
-    erlang:monitor(process, Pid),
+    {_MRef, Pid} = diameter_watchdog:start({Type, Ref},
+                                           {false, Opts, false, ?SERVICE}),
     Pid.
 
 %% ===========================================================================
@@ -350,6 +347,10 @@ init(_, _, TPid, _) ->
     monitor(TPid),
     3.
 
+monitor(Pid) ->
+    erlang:monitor(process, Pid),
+    Pid.
+
 %% Generate a unique hostname for the faked peer.
 hostname() ->
     lists:flatten(io_lib:format("~p-~p-~p", tuple_to_list(now()))).
diff --git a/lib/diameter/test/modules.mk b/lib/diameter/test/modules.mk
index f88258c232..7f163536fb 100644
--- a/lib/diameter/test/modules.mk
+++ b/lib/diameter/test/modules.mk
@@ -24,6 +24,7 @@ MODULES = \
 	diameter_ct \
 	diameter_util \
 	diameter_enum \
+	diameter_compiler_SUITE \
 	diameter_codec_SUITE \
 	diameter_codec_test \
 	diameter_app_SUITE \
@@ -32,6 +33,7 @@ MODULES = \
 	diameter_sync_SUITE \
 	diameter_stats_SUITE \
 	diameter_watchdog_SUITE \
+	diameter_gen_sctp_SUITE \
 	diameter_transport_SUITE \
 	diameter_capx_SUITE \
 	diameter_traffic_SUITE \
@@ -41,3 +43,9 @@ MODULES = \
 
 HRL_FILES = \
 	diameter_ct.hrl
+
+DATA = \
+	diameter_codec_SUITE_data/avps.dia \
+	diameter_codec_SUITE_data/send.dia \
+	diameter_codec_SUITE_data/recv.dia \
+	diameter_codec_SUITE_data/diameter_test_unknown.erl
diff --git a/lib/diameter/vsn.mk b/lib/diameter/vsn.mk
index b1d3ba2241..0c240798cc 100644
--- a/lib/diameter/vsn.mk
+++ b/lib/diameter/vsn.mk
@@ -18,7 +18,7 @@
 # %CopyrightEnd%
 
 APPLICATION  = diameter
-DIAMETER_VSN = 0.11
+DIAMETER_VSN = 1.0
 PRE_VSN      =
 APP_VSN      = "$(APPLICATION)-$(DIAMETER_VSN)$(PRE_VSN)"
 
diff --git a/lib/edoc/doc/src/notes.xml b/lib/edoc/doc/src/notes.xml
index b220067bbe..a74a19bc05 100644
--- a/lib/edoc/doc/src/notes.xml
+++ b/lib/edoc/doc/src/notes.xml
@@ -31,6 +31,21 @@
   <p>This document describes the changes made to the EDoc
     application.</p>
 
+<section><title>Edoc 0.7.9.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Edoc 0.7.9</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/edoc/vsn.mk b/lib/edoc/vsn.mk
index 22f225dd9b..b8f33894f1 100644
--- a/lib/edoc/vsn.mk
+++ b/lib/edoc/vsn.mk
@@ -1 +1 @@
-EDOC_VSN = 0.7.9
+EDOC_VSN = 0.7.9.1
diff --git a/lib/erl_docgen/Makefile b/lib/erl_docgen/Makefile
index 68b41a1ff2..19b129fd5d 100644
--- a/lib/erl_docgen/Makefile
+++ b/lib/erl_docgen/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1996-2010. All Rights Reserved.
+# Copyright Ericsson AB 1996-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/erl_docgen/doc/src/Makefile b/lib/erl_docgen/doc/src/Makefile
index a546d8da33..ff50c12895 100644
--- a/lib/erl_docgen/doc/src/Makefile
+++ b/lib/erl_docgen/doc/src/Makefile
@@ -44,6 +44,7 @@ XML_PART_FILES = \
 
 XML_CHAPTER_FILES = \
 	overview.xml \
+        doc-build.xml \
 	user_guide_dtds.xml \
 	refman_dtds.xml \
 	notes.xml \
diff --git a/lib/erl_docgen/doc/src/doc-build.xml b/lib/erl_docgen/doc/src/doc-build.xml
new file mode 100644
index 0000000000..08410a1539
--- /dev/null
+++ b/lib/erl_docgen/doc/src/doc-build.xml
@@ -0,0 +1,188 @@
+<?xml version="1.0" encoding="iso-8859-1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>1997</year><year>2011</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+    
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+    
+     </legalnotice>
+    <title>How to Build OTP like documentation</title>
+    <prepared></prepared>
+    <docno></docno>
+    <date></date>
+    <rev></rev>
+    <file>doc-build.xml</file>
+  </header>
+
+  <section>
+    <title>Utilities to prepare XML files</title>
+    <section>
+      <title>Create XML files from code</title>
+      <p>
+	If there are EDoc comments in a module, the escript <c>xml_from_edoc.escript</c>
+	can be used to generate an XML file according to the <c>erlref</c> DTD 
+	for this module.
+      </p>
+      <p>
+	Example:
+      </p>
+      <code>
+
+	1> escript $(ERL_TOP)/lib/erl_docgen/priv/bin/xml_from_edoc.escript ex1.erl
+      </code>
+    </section>
+    <section>
+      <title>Include code in XML</title>
+      <p>If there are OTP DTD <i>codeinclude</i> tags in the source XML file, the escript
+          <c>codeline_preprocessing.escript</c> can be used to include the code and produce
+	  an XML file according to the OTP DTDs. 
+      </p>
+      <p>
+	Example:
+      </p>
+      <code>
+
+	1> escript $(ERL_TOP)/lib/erl_docgen/priv/bin/codeline_preprocessing.escript ex1.xmlsrc ex1.xml
+      </code>
+    </section>
+  </section>
+
+  <section>
+    <title>Use xsltproc to generate different output formats</title>
+
+    <section>
+      <title>Parameters used in all the the XSL transformations</title>
+      <p>
+	These parameters to <c>xsltproc</c> are used for all the supported output formats.
+      </p>
+      <taglist>
+	<tag><c>docgen</c></tag>
+	<item>
+	  Path to erl_docgen's top directory.
+	</item>
+	<tag><c>gendate</c></tag>
+	<item>
+	  The date string that will be used in the documentation.
+	</item>
+	<tag><c>appname</c></tag>
+	<item>
+	  The name of the application.>
+	</item> 
+	<tag><c>appver</c></tag>
+	<item>
+	  The version of the application.
+	</item>
+     </taglist>
+    </section>
+
+    <section>
+      <title>Generate HTML output</title>
+      <p>
+	When generating HTML one also needs these three pramaters to <c>xsltproc</c>.
+      </p> 
+      <taglist>
+	<tag><c>outdir</c></tag>
+	<item>
+	  Output directory for the produced html files.
+	</item>
+ 	<tag><c>topdocdir</c></tag>
+	<item>
+	  If one builds a standalone documentation for an application this should be set to ".".
+	</item>
+	<tag><c>pdfdir</c></tag>
+	<item>
+	  Relative path from the html directory to where the pdf file are placed.
+	</item>
+      </taglist>
+      <p>
+	Example:
+      </p>
+      <code>
+	
+	1> xsltproc --noout --stringparam outdir /tmp/myhtmldoc \
+	      --stringparam docgen $(ERL_TOP)/lib/erl_docgen \
+              --stringparam topdocdir . \
+              --stringparam pdfdir "$(PDFDIR)" \
+              --xinclude \
+	      --stringparam gendate "December 5 2011" \
+              --stringparam appname MyApp \
+              --stringparam appver 0.1 \
+              -path $ERL_TOP/lib/erl_docgen/priv/dtd \
+              -path $ERL_TOP/lib/erl_docgen/priv/dtd_html_entities \
+	      $ERL_TOP/lib/erl_docgen/priv/xsl/db_html.xsl mybook.xml
+      </code>
+    </section>
+
+    <section>
+      <title>Generate PDF</title>
+      <p>
+	The generation of the PDF file is done in two steps. First is <c>xsltproc</c> used to generate a <c>.fo</c> file 
+	which is used as input to the <c>fop</c> command to produce th PDF file.
+      </p>
+      <p>
+	Example:
+      </p>
+      <code>
+
+	1> xsltproc --output MyApp.fo \
+             --stringparam docgen $ERL_TOP/lib/erl_docgen \
+	     --stringparam gendate  "December 5 2011" \
+             --stringparam appname MyApp \
+             --stringparam appver 0.1 \
+             --xinclude \
+             -path $ERL_TOP/lib/erl_docgen/priv/dtd \
+             -path $ERL_TOP/lib/erl_docgen/priv/dtd_html_entities \
+	     $ERL_TOP/lib/erl_docgen/priv/xsl/db_pdf.xsl mybook.xml
+
+
+        2> fop -fo MyApp.fo -pdf MyApp.pdf
+      </code>
+    </section>
+
+    <section>
+      <title>Generate man pages</title>
+      <p>
+	Unix man pages can be generated with <c>xsltproc</c> from XML files written according to 
+	the different OTP ref type DTDs. 
+      </p>
+      <p>
+	Example:
+      </p>
+      <code>
+
+	1> xsltproc --output  my_module.3\
+	      --stringparam docgen $ERL_TOP/lib/erl_docgen \
+	      --stringparam gendate  "December 5 2011" \
+	      --stringparam appname MyApp \
+	      --stringparam appver 0.1 \
+	      --xinclude -path $ERL_TOP/lib/erl_docgen/priv/dtd  \
+              -path $ERL_TOP/lib/erl_docgen/priv/dtd_man_entities \
+              $ERL_TOP/lib/erl_docgen/priv/xsl/db_man.xsl my_refpage.xml
+      </code>
+    </section>
+
+    <section>
+      <title>Upcomming changes</title>
+      <p>
+	The output from the <c>erl_docgen</c> documentation build process is now just the OTP style. 
+	But in a near future we will for example add the possibility to change logo, color in the PDF and 
+	style sheet for the HTML.
+      </p>
+    </section>
+
+  </section>
+</chapter>
diff --git a/lib/erl_docgen/doc/src/fasc_dtds.xml b/lib/erl_docgen/doc/src/fasc_dtds.xml
index dec8189b55..86eeb958f6 100644
--- a/lib/erl_docgen/doc/src/fasc_dtds.xml
+++ b/lib/erl_docgen/doc/src/fasc_dtds.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2007</year><year>2009</year>
+      <year>2007</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/erl_docgen/doc/src/header_tags.xml b/lib/erl_docgen/doc/src/header_tags.xml
index 902bce4f68..dfae15107f 100644
--- a/lib/erl_docgen/doc/src/header_tags.xml
+++ b/lib/erl_docgen/doc/src/header_tags.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1997</year><year>2009</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/erl_docgen/doc/src/notes.xml b/lib/erl_docgen/doc/src/notes.xml
index 9591b363f7..23f64b876a 100644
--- a/lib/erl_docgen/doc/src/notes.xml
+++ b/lib/erl_docgen/doc/src/notes.xml
@@ -30,7 +30,50 @@
   </header>
   <p>This document describes the changes made to the <em>erl_docgen</em> application.</p>
 
-  <section><title>Erl_Docgen 0.2.6</title>
+  <section><title>Erl_Docgen 0.3</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+	    <p> Bug fixes concerning the generation of manpages. </p>
+          <p>
+	    Own Id: OTP-9614</p>
+        </item>
+        <item>
+	    <p> Fix syntax bug in eix files. </p>
+          <p>
+	    Own Id: OTP-9617</p>
+        </item>
+        <item>
+	    <p> Bug fix concerning the generation of manpages. </p>
+          <p>
+	    Own Id: OTP-9759</p>
+        </item>
+        <item>
+	    <p> Fixed an arity calculation bug for erlang functions
+	    in the documentation index for html and pdf. </p>
+          <p>
+	    Own Id: OTP-9772</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p> The docbuilder application is removed in R15 and
+	    parts still used in the OTP documentation build process
+	    and the DTD documentation is moved to erl_docgen. </p>
+          <p>
+	    Own Id: OTP-9721</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Erl_Docgen 0.2.6</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/erl_docgen/doc/src/overview.xml b/lib/erl_docgen/doc/src/overview.xml
index f0f97d8d45..2a420c53d9 100644
--- a/lib/erl_docgen/doc/src/overview.xml
+++ b/lib/erl_docgen/doc/src/overview.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE chapter SYSTEM "chapter.dtd">
 
 <chapter>
   <header>
     <copyright>
-      <year>1997</year><year>2009</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -20,7 +20,7 @@
       under the License.
     
      </legalnotice>
-    <title>Overview</title>
+    <title>Overview OTP DTDs</title>
     <prepared></prepared>
     <docno></docno>
     <date></date>
@@ -42,7 +42,7 @@
 	  A collection of chapters
 	  (<seealso marker="user_guide_dtds#chapterDTD">chapter</seealso>).
 	</p>
-      </item>
+      </item> 
 
       <tag><em>Reference Manual</em></tag>
       <item>
@@ -72,23 +72,16 @@
       the <c>application</c> or <c>part</c> DTD to write other types
       of documentation for the application.</p>
 
-  </section>
-
-  <section>
-    <title>Structure of Generated HTML</title>
 
-    <p>The generated HTML corresponding to a <c>part</c> or
-      <c>application</c> document is split into a left frame and a right
-      frame. The left frame contains information about the document
-      and links to the included files, that is chapters or manual pages.
-      The right frame is used to display either the front page for
-      the document, or the selected chapter/manual page.</p>
+    <p>The structure of the different documents and the meaning of the 
+    tags are explained. There are numerous examples of documentation 
+    source code.</p>
 
-    <p>The left frame also contains links to a bibliography and a
-      glossary, which are automatically generated.</p>
+    <p>For readability and simplicity, the examples have been kept as
+      short as possible. For an example of what the generated HTML
+      will look like, it is recommended to look at the documentation of 
+      an OTP application.</p>
 
-    <p>In the case of an <c>application</c> document, the left frame
-      also contains a link to an automatically generated index.</p>
   </section>
 
   <section>
@@ -108,48 +101,5 @@
       tags, for example a highlighted word within a paragraph.</p>
   </section>
 
-  <section>
-    <title>About This Document</title>
-
-    <p>In this User's Guide, the structure of the different documents
-      and the meaning of the tags are explained. There are numerous
-      examples of documentation source code.</p>
-
-    <p>For readability and simplicity, the examples have been kept as
-      short as possible. For an example of what the generated HTML
-      will look like, it is recommended to look at the documentation of 
-      an OTP application.</p>
-    <list>
-      <item>This User's Guides are written using the <c>part</c> and
-	<c>chapter</c> DTDs.</item>
-
-      <item>The Reference Manuals are written using
-	the <c>application</c>, <c>appref</c> and <c>erlref</c> DTDs.
-      </item>
-    </list>
-  </section>
-
-  <section>
-    <title>Usage</title>
-
-    <list type="ordered">
-      <item>
-	<p>Create the relevant XML files.</p>
-
-	<p>If there are EDoc comments in a module, the escript 
-	  <!-- seealso marker="xml_from_edoc">xml_from_edoc</seealso -->
-          <c>xml_from_edoc</c>
-	  can be used to generate an XML file according to
-	  the <c>erlref</c> DTD for this module.</p>
-      </item>
-
-      <!-- item>
-	<p>The XML files can be validated using
-	  <seealso marker="docb_xml_check#validate/1">docb_xml_check:validate/1</seealso>.
-	</p>
-      </item -->
-
-    </list>
-  </section>
 </chapter>
 
diff --git a/lib/erl_docgen/doc/src/part.xml b/lib/erl_docgen/doc/src/part.xml
index 4594778a2f..26d660df08 100644
--- a/lib/erl_docgen/doc/src/part.xml
+++ b/lib/erl_docgen/doc/src/part.xml
@@ -27,10 +27,11 @@
     <rev></rev>
   </header>
   <description>
-    <p><em>Erl_Docgen</em> provides functionality for generating HTML/PDF
+    <p><em>Erl_Docgen</em> provides functionality for generating HTML/PDF/man
        documentation for Erlang modules and Erlang/OTP applications
        from XML source code and/or EDoc comments in Erlang source code.</p>
   </description>
+  <xi:include href="doc-build.xml"/>
   <xi:include href="overview.xml"/>
   <xi:include href="user_guide_dtds.xml"/>
   <xi:include href="refman_dtds.xml"/>
diff --git a/lib/erl_docgen/doc/src/refman_dtds.xml b/lib/erl_docgen/doc/src/refman_dtds.xml
index 7b01c57db4..4f0e388a8a 100644
--- a/lib/erl_docgen/doc/src/refman_dtds.xml
+++ b/lib/erl_docgen/doc/src/refman_dtds.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1997</year><year>2009</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/erl_docgen/doc/src/user_guide_dtds.xml b/lib/erl_docgen/doc/src/user_guide_dtds.xml
index a2db44f830..79a7701ce8 100644
--- a/lib/erl_docgen/doc/src/user_guide_dtds.xml
+++ b/lib/erl_docgen/doc/src/user_guide_dtds.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1997</year><year>2009</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/erl_docgen/info b/lib/erl_docgen/info
index 4dc2a02bfb..31c7eb911a 100644
--- a/lib/erl_docgen/info
+++ b/lib/erl_docgen/info
@@ -1,3 +1,2 @@
 group: doc Documentation Applications
 short: A utility used to produce the OTP documentation.
-
diff --git a/lib/erl_docgen/priv/bin/xml_from_edoc.escript b/lib/erl_docgen/priv/bin/xml_from_edoc.escript
index 9a96a3c25a..2cb81be1be 100755
--- a/lib/erl_docgen/priv/bin/xml_from_edoc.escript
+++ b/lib/erl_docgen/priv/bin/xml_from_edoc.escript
@@ -2,7 +2,7 @@
 %% -*- erlang -*-
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/erl_docgen/priv/css/otp_doc.css b/lib/erl_docgen/priv/css/otp_doc.css
index 97d8c2df74..c56de378f4 100644
--- a/lib/erl_docgen/priv/css/otp_doc.css
+++ b/lib/erl_docgen/priv/css/otp_doc.css
@@ -1,6 +1,5 @@
-
-
-body          { 
+/* standard OTP style sheet */
+body {
   background: white;
   font-family: Verdana, Arial, Helvetica, sans-serif;
   margin: 0;
@@ -11,7 +10,6 @@ body          {
   max-height: 100%;
 }
 
-
 th            { font-family: Verdana, Arial, Helvetica, sans-serif }
 td            { font-family: Verdana, Arial, Helvetica, sans-serif }
 p             { font-family: Verdana, Arial, Helvetica, sans-serif }
@@ -33,8 +31,7 @@ a:visited      { color: blue; text-decoration: none }
   background-color: #fff;
 }
 
-
-#leftnav  {
+#leftnav {
   position: fixed;
   float: left;
   top: 0;
@@ -47,8 +44,7 @@ a:visited      { color: blue; text-decoration: none }
   border-right: 1px solid red;
 }
 
-
-#content   {
+#content {
   margin-left: 240px; /* set left value to WidthOfFrameDiv */
 }
 
@@ -57,7 +53,6 @@ a:visited      { color: blue; text-decoration: none }
   padding-top: 50px; /* Magins for inner DIV inside each DIV (to provide padding) */
 }
 
-
 .innertube 
 {
   margin: 15px; /* Magins for inner DIV inside each DIV (to provide padding) */
@@ -66,16 +61,15 @@ a:visited      { color: blue; text-decoration: none }
 .footer 
 {
   margin: 15px; /* Magins for inner DIV inside each DIV (to provide padding) */
-
 }
-span.bold_code        { font-family: courier;font-weight: bold}
-span.code        { font-family: courier;font-weight: normal}
+
+span.bold_code   { font-family: Courier, monospace; font-weight: bold }
+span.code        { font-family: Courier, monospace; font-weight: normal }
 
 .note, .warning {
   border: solid black 1px;
   margin: 1em 3em;
 }
-
 .note .label {
   background: #30d42a;
   color: white;
@@ -102,16 +96,15 @@ span.code        { font-family: courier;font-weight: normal}
   font-size: 90%;
   padding: 5px 10px;
 }
-
-.example     { 
+.example {
   background-color:#eeeeff;
   padding: 0px 10px;
-} 
+}
 
-pre          { font-family: courier; font-weight: normal }
+pre          { font-family: Courier, monospace; font-weight: normal }
 
 .REFBODY     { margin-left: 13mm }
 
 .REFTYPES    { margin-left: 8mm }
 
-footer       {  }
+footer       { }
diff --git a/lib/erl_docgen/priv/dtd/Makefile b/lib/erl_docgen/priv/dtd/Makefile
index 9454147258..65c68fcca7 100644
--- a/lib/erl_docgen/priv/dtd/Makefile
+++ b/lib/erl_docgen/priv/dtd/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2009. All Rights Reserved.
+# Copyright Ericsson AB 2009-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/erl_docgen/priv/xsl/db_eix.xsl b/lib/erl_docgen/priv/xsl/db_eix.xsl
index 55540317f6..249e6950f7 100644
--- a/lib/erl_docgen/priv/xsl/db_eix.xsl
+++ b/lib/erl_docgen/priv/xsl/db_eix.xsl
@@ -328,7 +328,7 @@
     <xsl:choose>
       <xsl:when test="string-length($tmp1) > 0 or starts-with($string, $start)">
         <xsl:variable name="tmp2">
-          <xsl:value-of select="substring-after($string, $end)"/>
+          <xsl:value-of select="substring-after(substring-after($string, $start), $end)"/>
         </xsl:variable>
         <xsl:variable name="retstring">
           <xsl:call-template name="remove-paren">
diff --git a/lib/erl_docgen/priv/xsl/db_html.xsl b/lib/erl_docgen/priv/xsl/db_html.xsl
index a9052f29e5..7cf5465f90 100644
--- a/lib/erl_docgen/priv/xsl/db_html.xsl
+++ b/lib/erl_docgen/priv/xsl/db_html.xsl
@@ -3,7 +3,7 @@
      #
      # %CopyrightBegin%
      #
-     # Copyright Ericsson AB 2009-2011. All Rights Reserved.
+     # Copyright Ericsson AB 2009-2012. All Rights Reserved.
      #
      # The contents of this file are subject to the Erlang Public License,
      # Version 1.1, (the "License"); you may not use this file except in
@@ -40,6 +40,11 @@
   <xsl:variable name="m2a" select="document($mod2app_file)"></xsl:variable>
   <xsl:key name="mod2app" match="module" use="@name"/>
 
+  <xsl:key
+        name="mfa"
+	match="func/name[string-length(@arity) > 0 and ancestor::erlref]"
+	use="concat(ancestor::erlref/module,':',@name, '/', @arity)"/>
+
   <xsl:template name="err">
     <xsl:param name="f"/>
     <xsl:param name="m"/>
@@ -101,10 +106,14 @@
 	</xsl:message>
       </xsl:when>
       <xsl:when test="ancestor::erlref">
+        <!-- Do not to use preceding since it is very slow! -->
+        <xsl:variable name="curModule" select="ancestor::erlref/module"/>
+        <xsl:variable name="mfas"
+                      select="key('mfa',
+                                  concat($curModule,':',$name,'/',$arity))"/>
 	<xsl:choose>
-	  <xsl:when test="preceding-sibling::name[position() = 1
-			  and @name = $name and @arity = $arity]">
-	    <!-- Avoid duplicated anchors.-->
+          <xsl:when test="generate-id($mfas[1]) != generate-id(.)">
+	    <!-- Avoid duplicated anchors. See also menu.funcs. -->
 	  </xsl:when>
 	  <xsl:otherwise>
 	    <a name="{$name}-{$arity}"></a>
@@ -546,6 +555,23 @@
 
   <!-- End of Dialyzer type/spec tags -->
 
+  <!-- Cache for each module all the elements used for navigation. -->
+  <xsl:variable name="erlref.nav" select="exsl:node-set($erlref.nav_rtf)"/>
+
+  <xsl:variable name="erlref.nav_rtf">
+    <xsl:for-each select="//erlref">
+      <xsl:variable name="cval" select="module"/>
+      <xsl:variable name="link_cval"><xsl:value-of select="translate($cval, '&#173;', '')"/></xsl:variable>
+      <module name="{$cval}">
+	<xsl:call-template name="menu.funcs">
+	  <xsl:with-param name="entries" select="funcs/func/name"/>
+	  <xsl:with-param name="cval" select="$cval"/>
+	  <xsl:with-param name="basename" select="$link_cval"/>
+	</xsl:call-template>
+      </module>
+    </xsl:for-each>
+  </xsl:variable>
+
   <!-- Page layout -->
   <xsl:template name="pagelayout">
     <xsl:param name="chapnum"/>
@@ -1315,11 +1341,25 @@
                   Top of manual page
                 </a>
               </li>
-              <xsl:call-template name="menu.funcs">
-                <xsl:with-param name="entries"
-                  select="funcs/func/name"/>
-                <xsl:with-param name="basename"><xsl:value-of select="$link_cval"/></xsl:with-param>
-              </xsl:call-template>
+              <xsl:call-template name="nl"/>
+                <xsl:choose>
+                  <xsl:when test="local-name() = 'erlref'">
+	            <!-- Use the cached value in order to save time.
+                         value-of a string node is _much_ faster than
+			 copy-of a rtf -->
+		    <xsl:value-of
+		         disable-output-escaping="yes"
+			 select="$erlref.nav/module[@name = $cval]"/>
+                  </xsl:when>
+                  <xsl:otherwise>
+		    <xsl:call-template name="menu.funcs">
+		      <xsl:with-param name="entries"
+			select="funcs/func/name"/>
+		      <xsl:with-param name="basename"><xsl:value-of select="$link_cval"/></xsl:with-param>
+		      <xsl:with-param name="cval" select="$cval"/>
+		    </xsl:call-template>
+                  </xsl:otherwise>
+                </xsl:choose>
             </ul>
           </li>
         </xsl:when>
@@ -1349,6 +1389,7 @@
   <xsl:template name="menu.funcs">
     <xsl:param name="entries"/>
     <xsl:param name="basename"/>
+    <xsl:param name="cval"/>
 
     <xsl:for-each select="$entries">
 
@@ -1434,17 +1475,41 @@
             </xsl:choose>
           </xsl:variable>
 
+	  <!-- Avoid duplicated entries. See also template "spec_name" -->
+          <!-- Do not to use preceding since it is very slow! -->
+          <xsl:variable name="mfas"
+			select="key('mfa',
+				    concat($cval,':',$fname,'/',$arity))"/>
 	  <xsl:choose>
-	    <xsl:when test="preceding-sibling::name[position() = 1
-                            and @name = $fname and @arity = $arity]">
+            <xsl:when test="string-length(@name) > 0 and
+                            generate-id($mfas[1]) != generate-id(.)">
               <!-- Skip. Only works for Dialyzer specs. -->
 	    </xsl:when>
 	    <xsl:otherwise>
+<!--
 	      <li title="{$fname}-{$arity}">
 		<a href="{$basename}.html#{$fname}-{$arity}">
 		  <xsl:value-of select="$fname"/>/<xsl:value-of select="$arity"/>
 		</a>
 	      </li>
+-->
+	      <!-- Generate a text node -->
+	      <xsl:text>&lt;li title="</xsl:text>
+	      <xsl:value-of select="$fname"/>
+	      <xsl:text>-</xsl:text>
+	      <xsl:value-of select="$arity"/>
+	      <xsl:text>">&lt;a href="</xsl:text>
+	      <xsl:value-of select="$basename"/>
+	      <xsl:text>.html#</xsl:text>
+	      <xsl:value-of select="$fname"/>
+	      <xsl:text>-</xsl:text>
+	      <xsl:value-of select="$arity"/>
+	      <xsl:text>"></xsl:text>
+	      <xsl:value-of select="$fname"/>
+	      <xsl:text>/</xsl:text>
+	      <xsl:value-of select="$arity"/>
+	      <xsl:text>&lt;/a>&lt;/li></xsl:text>
+              <xsl:call-template name="nl"/>
 	    </xsl:otherwise>
 	  </xsl:choose>
         </xsl:when>
@@ -1854,18 +1919,24 @@
 
     <xsl:choose>
       <xsl:when test="string-length($filepart) > 0">
-        <xsl:variable name="modulepart"><xsl:value-of select="substring-before($filepart, ':')"/></xsl:variable>
+        <!-- "Filepart#Linkpart" (or "Filepart#") -->
+        <xsl:variable name="app_part"><xsl:value-of select="substring-before($filepart, ':')"/></xsl:variable>
         <xsl:choose>
-          <xsl:when test="string-length($modulepart) > 0">
-            <xsl:variable name="filepart1"><xsl:value-of select="substring-after($filepart, ':')"/></xsl:variable>
-            <span class="bold_code"><a href="javascript:erlhref('{$topdocdir}/../','{$modulepart}','{$filepart1}.html#{$linkpart}');"><xsl:apply-templates/></a></span>
+          <xsl:when test="string-length($app_part) > 0">
+            <!-- "AppPart:ModPart#Linkpart" -->
+            <xsl:variable name="mod_part"><xsl:value-of select="substring-after($filepart, ':')"/></xsl:variable>
+            <span class="bold_code"><a href="javascript:erlhref('{$topdocdir}/../','{$app_part}','{$mod_part}.html#{$linkpart}');"><xsl:apply-templates/></a></span>
           </xsl:when>
           <xsl:otherwise>
+            <!-- "Filepart#Linkpart (there is no ':' in Filepart) -->
+            <xsl:variable name="minus_prefix"
+                          select="substring-before($linkpart, '-')"/>
             <xsl:choose>
-              <!-- Dialyzer seealso (the application is unknown) -->
-              <xsl:when test="string-length($specs_file) > 0
+              <xsl:when test="$minus_prefix = 'type'
+                              and string-length($specs_file) > 0
                               and count($i/specs/module[@name=$filepart]) = 0">
-                <!-- Deemed to slow; use key() instead
+                <!-- Dialyzer seealso (the application is unknown) -->
+                <!-- Following code deemed too slow; use key() instead
 		<xsl:variable name="app"
                               select="$m2a/mod2app/module[@name=$filepart]"/>
                 -->
@@ -1877,41 +1948,45 @@
 		      <span class="bold_code"><a href="javascript:erlhref('{$topdocdir}/../','{$app}','{$filepart}.html#{$linkpart}');"><xsl:value-of select="$this"/></a></span>
 		    </xsl:when>
 		    <xsl:otherwise>
-		      <!-- Unknown application; no link -->
-		      <xsl:value-of select="$this"/>
+		      <!-- Unknown application -->
+		      <xsl:message terminate="yes">
+			Error <xsl:value-of select="$filepart"/>: cannot find module exporting type
+		      </xsl:message>
 		    </xsl:otherwise>
 		  </xsl:choose>
                 </xsl:for-each>
               </xsl:when>
               <xsl:when test="string-length($linkpart) > 0">
+                <!-- Still Filepart#Linkpart (there is no ':' in Filepart -->
                 <span class="bold_code"><a href="{$filepart}.html#{$linkpart}"><xsl:apply-templates/></a></span>
               </xsl:when>
               <xsl:otherwise>
+                <!-- "Filepart#" (there is no ':' in Filepart -->
                 <span class="bold_code"><a href="{$filepart}.html"><xsl:apply-templates/></a></span>
               </xsl:otherwise>
             </xsl:choose>
           </xsl:otherwise>
         </xsl:choose>
+      </xsl:when> <!-- string-length($filepart) > 0 -->
+      <xsl:when test="string-length($linkpart) > 0">
+	<!-- "#Linkpart" -->
+	<span class="bold_code"><a href="#{$linkpart}"><xsl:apply-templates/></a></span>
       </xsl:when>
       <xsl:otherwise>
-        <xsl:choose>
-          <xsl:when test="string-length($linkpart) > 0">
-            <span class="bold_code"><a href="#{$linkpart}"><xsl:apply-templates/></a></span>
-          </xsl:when>
-          <xsl:otherwise>
-            <xsl:variable name="modulepart"><xsl:value-of select="substring-before(@marker, ':')"/></xsl:variable>
+	<!-- "AppPart:Mod" or "Mod" (there is no '#') -->
+	<xsl:variable name="app_part"><xsl:value-of select="substring-before(@marker, ':')"/></xsl:variable>
 
-            <xsl:choose>
-              <xsl:when test="string-length($modulepart) > 0">
-                <xsl:variable name="filepart1"><xsl:value-of select="substring-after(@marker, ':')"/></xsl:variable>
-                <span class="bold_code"><a href="javascript:erlhref('{$topdocdir}/../','{$modulepart}','{$filepart1}.html');"><xsl:apply-templates/></a></span>
-              </xsl:when>
-              <xsl:otherwise>
-                <span class="bold_code"><a href="{@marker}.html"><xsl:apply-templates/></a></span>
-              </xsl:otherwise>
-            </xsl:choose>
-          </xsl:otherwise>
-        </xsl:choose>
+	<xsl:choose>
+	  <xsl:when test="string-length($app_part) > 0">
+	    <!-- "App:Mod" -->
+	    <xsl:variable name="mod_part"><xsl:value-of select="substring-after(@marker, ':')"/></xsl:variable>
+	    <span class="bold_code"><a href="javascript:erlhref('{$topdocdir}/../','{$app_part}','{$mod_part}.html');"><xsl:apply-templates/></a></span>
+	  </xsl:when>
+	  <xsl:otherwise>
+	    <!-- "Mod" -->
+	    <span class="bold_code"><a href="{@marker}.html"><xsl:apply-templates/></a></span>
+	  </xsl:otherwise>
+	</xsl:choose>
       </xsl:otherwise>
     </xsl:choose>
 
@@ -2184,7 +2259,7 @@
     <xsl:choose>
       <xsl:when test="string-length($tmp1) > 0 or starts-with($string, $start)">
         <xsl:variable name="tmp2">
-          <xsl:value-of select="substring-after($string, $end)"/>
+          <xsl:value-of select="substring-after(substring-after($string, $start), $end)"/>
         </xsl:variable>
         <xsl:variable name="retstring">
           <xsl:call-template name="remove-paren">
@@ -2200,4 +2275,9 @@
 
   </xsl:template>
 
+  <xsl:template name="nl">
+    <xsl:text>
+</xsl:text>
+  </xsl:template>
+
 </xsl:stylesheet>
diff --git a/lib/erl_docgen/priv/xsl/db_man.xsl b/lib/erl_docgen/priv/xsl/db_man.xsl
index 0aca74bc97..5234ba6bd0 100644
--- a/lib/erl_docgen/priv/xsl/db_man.xsl
+++ b/lib/erl_docgen/priv/xsl/db_man.xsl
@@ -586,7 +586,15 @@
   </xsl:template>
 
   <xsl:template match="seealso">
-    <xsl:text>\fB</xsl:text><xsl:apply-templates/><xsl:text>\fR\&amp;</xsl:text>
+    <xsl:choose>
+      <xsl:when test="ancestor::head">
+	<!-- The header of Dialyzer specs -->
+	<xsl:apply-templates/>
+      </xsl:when>
+      <xsl:otherwise>
+	<xsl:text>\fB</xsl:text><xsl:apply-templates/><xsl:text>\fR\&amp;</xsl:text>
+      </xsl:otherwise>
+    </xsl:choose>
   </xsl:template>
 
   <!-- Code -->
diff --git a/lib/erl_docgen/priv/xsl/db_pdf.xsl b/lib/erl_docgen/priv/xsl/db_pdf.xsl
index 48a7a026c1..4ed4fa14c4 100644
--- a/lib/erl_docgen/priv/xsl/db_pdf.xsl
+++ b/lib/erl_docgen/priv/xsl/db_pdf.xsl
@@ -1680,7 +1680,7 @@
     <xsl:choose>
       <xsl:when test="string-length($tmp1) > 0 or starts-with($string, $start)">
         <xsl:variable name="tmp2">
-          <xsl:value-of select="substring-after($string, $end)"/>
+          <xsl:value-of select="substring-after(substring-after($string, $start), $end)"/>
         </xsl:variable>
         <xsl:variable name="retstring">
           <xsl:call-template name="remove-paren">
diff --git a/lib/erl_docgen/src/Makefile b/lib/erl_docgen/src/Makefile
index 4a805697e6..cbaf6e4627 100644
--- a/lib/erl_docgen/src/Makefile
+++ b/lib/erl_docgen/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1996-2010. All Rights Reserved.
+# Copyright Ericsson AB 1996-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/erl_interface/aclocal.m4 b/lib/erl_interface/aclocal.m4
index 151fd5ea5a..339a15a2bb 120000..100644
--- a/lib/erl_interface/aclocal.m4
+++ b/lib/erl_interface/aclocal.m4
@@ -1 +1,1766 @@
-../../erts/aclocal.m4
\ No newline at end of file
+dnl
+dnl %CopyrightBegin%
+dnl
+dnl Copyright Ericsson AB 1998-2011. All Rights Reserved.
+dnl
+dnl The contents of this file are subject to the Erlang Public License,
+dnl Version 1.1, (the "License"); you may not use this file except in
+dnl compliance with the License. You should have received a copy of the
+dnl Erlang Public License along with this software. If not, it can be
+dnl retrieved online at http://www.erlang.org/.
+dnl
+dnl Software distributed under the License is distributed on an "AS IS"
+dnl basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+dnl the License for the specific language governing rights and limitations
+dnl under the License.
+dnl
+dnl %CopyrightEnd%
+dnl
+
+dnl
+dnl aclocal.m4
+dnl
+dnl Local macros used in configure.in. The Local Macros which
+dnl could/should be part of autoconf are prefixed LM_, macros specific
+dnl to the Erlang system are prefixed ERL_.
+dnl
+
+AC_DEFUN(LM_PRECIOUS_VARS,
+[
+
+dnl ERL_TOP
+AC_ARG_VAR(ERL_TOP, [Erlang/OTP top source directory])
+
+dnl Tools
+AC_ARG_VAR(CC, [C compiler])
+AC_ARG_VAR(CFLAGS, [C compiler flags])
+AC_ARG_VAR(STATIC_CFLAGS, [C compiler static flags])
+AC_ARG_VAR(CFLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag passed via C compiler])
+AC_ARG_VAR(CPP, [C/C++ preprocessor])
+AC_ARG_VAR(CPPFLAGS, [C/C++ preprocessor flags])
+AC_ARG_VAR(CXX, [C++ compiler])
+AC_ARG_VAR(CXXFLAGS, [C++ compiler flags])
+AC_ARG_VAR(LD, [linker (is often overridden by configure)])
+AC_ARG_VAR(LDFLAGS, [linker flags (can be risky to set since LD may be overriden by configure)])
+AC_ARG_VAR(LIBS, [libraries])
+AC_ARG_VAR(DED_LD, [linker for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LDFLAGS, [linker flags for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LD_FLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(LFS_CFLAGS, [large file support C compiler flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LDFLAGS, [large file support linker flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LIBS, [large file support libraries (set all LFS_* variables or none)])
+AC_ARG_VAR(RANLIB, [ranlib])
+AC_ARG_VAR(AR, [ar])
+AC_ARG_VAR(GETCONF, [getconf])
+
+dnl Cross system root
+AC_ARG_VAR(erl_xcomp_sysroot, [Absolute cross system root path (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_isysroot, [Absolute cross system root include path (only used when cross compiling)])
+
+dnl Cross compilation variables
+AC_ARG_VAR(erl_xcomp_bigendian, [big endian system: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_clock_gettime_correction, [clock_gettime() can be used for time correction: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_nptl, [have Native POSIX Thread Library: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigusrx, [SIGUSR1 and SIGUSR2 can be used: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigaltstack, [have working sigaltstack(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_poll, [have working poll(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_kqueue, [have working kqueue(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_putenv_copy, [putenv() stores key-value copy: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_reliable_fpe, [have reliable floating point exceptions: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_getaddrinfo, [have working getaddrinfo() for both IPv4 and IPv6: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_gethrvtime_procfs_ioctl, [have working gethrvtime() which can be used with procfs ioctl(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_clock_gettime_cpu_time, [clock_gettime() can be used for retrieving process CPU time: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_after_morecore_hook, [__after_morecore_hook can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_dlsym_brk_wrappers, [dlsym(RTLD_NEXT, _) brk wrappers can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+
+])
+
+AC_DEFUN(ERL_XCOMP_SYSROOT_INIT,
+[
+erl_xcomp_without_sysroot=no
+if test "$cross_compiling" = "yes"; then
+    test "$erl_xcomp_sysroot" != "" || erl_xcomp_without_sysroot=yes
+    test "$erl_xcomp_isysroot" != "" || erl_xcomp_isysroot="$erl_xcomp_sysroot"
+else
+    erl_xcomp_sysroot=
+    erl_xcomp_isysroot=
+fi
+])
+
+AC_DEFUN(LM_CHECK_GETCONF,
+[
+if test "$cross_compiling" != "yes"; then
+    AC_CHECK_PROG([GETCONF], [getconf], [getconf], [false])
+else
+    dnl First check if we got a `<HOST>-getconf' in $PATH
+    host_getconf="$host_alias-getconf"
+    AC_CHECK_PROG([GETCONF], [$host_getconf], [$host_getconf], [false])
+    if test "$GETCONF" = "false" && test "$erl_xcomp_sysroot" != ""; then
+	dnl We should perhaps give up if we have'nt found it by now, but at
+	dnl least in one Tilera MDE `getconf' under sysroot is a bourne
+	dnl shell script which we can use. We try to find `<HOST>-getconf'
+    	dnl or `getconf' under sysconf, but only under sysconf since
+	dnl `getconf' in $PATH is almost guaranteed to be for the build
+	dnl machine.
+	GETCONF=
+	prfx="$erl_xcomp_sysroot"
+        AC_PATH_TOOL([GETCONF], [getconf], [false],
+	             ["$prfx/usr/bin:$prfx/bin:$prfx/usr/local/bin"])
+    fi
+fi
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_WINDOWS_ENVIRONMENT
+dnl
+dnl
+dnl Tries to determine thw windows build environment, i.e. 
+dnl MIXED_CYGWIN_VC or MIXED_MSYS_VC 
+dnl
+
+AC_DEFUN(LM_WINDOWS_ENVIRONMENT,
+[
+MIXED_CYGWIN=no
+MIXED_MSYS=no
+
+AC_MSG_CHECKING(for mixed cygwin or msys and native VC++ environment)
+if test "X$host" = "Xwin32" -a "x$GCC" != "xyes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([Cygwin and VC])
+		MIXED_CYGWIN_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_VC"
+	elif test -x /usr/bin/msysinfo; then
+	        CFLAGS="-O2"
+		MIXED_MSYS=yes
+		AC_MSG_RESULT([MSYS and VC])
+		MIXED_MSYS_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_MSYS_VC"
+	else		    
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_VC=no
+	MIXED_MSYS_VC=no
+fi
+AC_SUBST(MIXED_CYGWIN_VC)
+AC_SUBST(MIXED_MSYS_VC)
+
+MIXED_VC=no
+if test "x$MIXED_MSYS_VC" = "xyes" -o  "x$MIXED_CYGWIN_VC" = "xyes" ; then
+   MIXED_VC=yes
+fi
+
+AC_SUBST(MIXED_VC)
+
+if test "x$MIXED_MSYS" != "xyes"; then
+   AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
+   if test "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([yes])
+		MIXED_CYGWIN_MINGW=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_MINGW"
+	else
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+    else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_MINGW=no
+    fi
+else
+	MIXED_CYGWIN_MINGW=no
+fi	
+AC_SUBST(MIXED_CYGWIN_MINGW)
+
+AC_MSG_CHECKING(if we mix cygwin with any native compiler)
+if test "X$MIXED_CYGWIN" = "Xyes"; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_CYGWIN)
+	
+AC_MSG_CHECKING(if we mix msys with another native compiler)
+if test "X$MIXED_MSYS" = "Xyes" ; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_MSYS)
+])		
+	
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_FIND_EMU_CC
+dnl
+dnl
+dnl Tries fairly hard to find a C compiler that can handle jump tables.
+dnl Defines the @EMU_CC@ variable for the makefiles and 
+dnl inserts NO_JUMP_TABLE in the header if one cannot be found...
+dnl
+
+AC_DEFUN(LM_FIND_EMU_CC,
+	[AC_CACHE_CHECK(for a compiler that handles jumptables,
+			ac_cv_prog_emu_cc,
+			[
+AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    __label__ lbl1;
+    __label__ lbl2;
+    int x = magic();
+    static void *jtab[2];
+
+    jtab[0] = &&lbl1;
+    jtab[1] = &&lbl2;
+    goto *jtab[x];
+lbl1:
+    return 1;
+lbl2:
+    return 2;
+],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+
+if test $ac_cv_prog_emu_cc = no; then
+	for ac_progname in emu_cc.sh gcc-4.2 gcc; do
+  		IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  		ac_dummy="$PATH"
+  		for ac_dir in $ac_dummy; do
+    			test -z "$ac_dir" && ac_dir=.
+    			if test -f $ac_dir/$ac_progname; then
+      				ac_cv_prog_emu_cc=$ac_dir/$ac_progname
+      				break
+    			fi
+  		done
+  		IFS="$ac_save_ifs"
+		if test $ac_cv_prog_emu_cc != no; then
+			break
+		fi
+	done
+fi
+
+if test $ac_cv_prog_emu_cc != no; then
+	save_CC=$CC
+	save_CFLAGS=$CFLAGS
+	save_CPPFLAGS=$CPPFLAGS
+	CC=$ac_cv_prog_emu_cc
+	CFLAGS=""
+	CPPFLAGS=""
+	AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    	__label__ lbl1;
+    	__label__ lbl2;
+    	int x = magic();
+    	static void *jtab[2];
+
+    	jtab[0] = &&lbl1;
+    	jtab[1] = &&lbl2;
+    	goto *jtab[x];
+	lbl1:
+    	return 1;
+	lbl2:
+    	return 2;
+	],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+	CC=$save_CC
+	CFLAGS=$save_CFLAGS
+	CPPFLAGS=$save_CPPFLAGS
+fi
+])
+if test $ac_cv_prog_emu_cc = no; then
+	AC_DEFINE(NO_JUMP_TABLE,[],[Defined if no found C compiler can handle jump tables])
+	EMU_CC=$CC
+else
+	EMU_CC=$ac_cv_prog_emu_cc
+fi
+AC_SUBST(EMU_CC)
+])		
+			
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_INSTALL_DIR
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl Figure out how to create directories with parents.
+dnl (In my opinion INSTALL_DIR is a bad name, MKSUBDIRS or something is better)
+dnl
+dnl We prefer 'install -d', but use 'mkdir -p' if it exists.
+dnl If none of these methods works, we give up.
+dnl
+
+
+AC_DEFUN(LM_PROG_INSTALL_DIR,
+[AC_CACHE_CHECK(how to create a directory including parents,
+ac_cv_prog_mkdir_p,
+[
+temp_name_base=config.$$
+temp_name=$temp_name_base/x/y/z
+$INSTALL -d $temp_name >/dev/null 2>&1
+ac_cv_prog_mkdir_p=none
+if test -d $temp_name; then
+        ac_cv_prog_mkdir_p="$INSTALL -d"
+else
+        mkdir -p $temp_name >/dev/null 2>&1
+        if test -d $temp_name; then
+                ac_cv_prog_mkdir_p="mkdir -p"
+        fi
+fi
+rm -fr $temp_name_base           
+])
+
+case "${ac_cv_prog_mkdir_p}" in
+  none) AC_MSG_ERROR(don't know how create directories with parents) ;;
+  *)    INSTALL_DIR="$ac_cv_prog_mkdir_p" AC_SUBST(INSTALL_DIR)     ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_PERL5
+dnl
+dnl Try to find perl version 5. If found set PERL to the absolute path
+dnl of the program, if not found set PERL to false.
+dnl
+dnl On some systems /usr/bin/perl is perl 4 and e.g.
+dnl /usr/local/bin/perl is perl 5. We try to handle this case by
+dnl putting a couple of 
+dnl Tries to handle the case that there are two programs called perl
+dnl in the path and one of them is perl 5 and the other isn't. 
+dnl
+AC_DEFUN(LM_PROG_PERL5,
+[AC_PATH_PROGS(PERL, perl5 perl, false,
+   /usr/local/bin:/opt/local/bin:/usr/local/gnu/bin:${PATH})
+changequote(, )dnl
+dnl[ That bracket is needed to balance the right bracket below
+if test "$PERL" = "false" || $PERL -e 'exit ($] >= 5)'; then
+changequote([, ])dnl
+  ac_cv_path_PERL=false
+  PERL=false
+dnl  AC_MSG_WARN(perl version 5 not found)
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SO_BSDCOMPAT
+dnl
+dnl Check if the system has the SO_BSDCOMPAT flag on sockets (linux) 
+dnl
+AC_DEFUN(LM_DECL_SO_BSDCOMPAT,
+[AC_CACHE_CHECK([for SO_BSDCOMPAT declaration], ac_cv_decl_so_bsdcompat,
+AC_TRY_COMPILE([#include <sys/socket.h>], [int i = SO_BSDCOMPAT;],
+               ac_cv_decl_so_bsdcompat=yes,
+               ac_cv_decl_so_bsdcompat=no))
+
+case "${ac_cv_decl_so_bsdcompat}" in
+  "yes" ) AC_DEFINE(HAVE_SO_BSDCOMPAT,[],
+		[Define if you have SO_BSDCOMPAT flag on sockets]) ;;
+  * ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_INADDR_LOOPBACK
+dnl
+dnl Try to find declaration of INADDR_LOOPBACK, if nowhere provide a default
+dnl
+
+AC_DEFUN(LM_DECL_INADDR_LOOPBACK,
+[AC_CACHE_CHECK([for INADDR_LOOPBACK in netinet/in.h],
+ ac_cv_decl_inaddr_loopback,
+[AC_TRY_COMPILE([#include <sys/types.h>
+#include <netinet/in.h>], [int i = INADDR_LOOPBACK;],
+ac_cv_decl_inaddr_loopback=yes, ac_cv_decl_inaddr_loopback=no)
+])
+
+if test ${ac_cv_decl_inaddr_loopback} = no; then
+  AC_CACHE_CHECK([for INADDR_LOOPBACK in rpc/types.h],
+                   ac_cv_decl_inaddr_loopback_rpc,
+                   AC_TRY_COMPILE([#include <rpc/types.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_rpc=yes,
+                                   ac_cv_decl_inaddr_loopback_rpc=no))
+
+   case "${ac_cv_decl_inaddr_loopback_rpc}" in
+     "yes" )
+        AC_DEFINE(DEF_INADDR_LOOPBACK_IN_RPC_TYPES_H,[],
+		[Define if you need to include rpc/types.h to get INADDR_LOOPBACK defined]) ;;
+      * )
+  	AC_CACHE_CHECK([for INADDR_LOOPBACK in winsock2.h],
+                   ac_cv_decl_inaddr_loopback_winsock2,
+                   AC_TRY_COMPILE([#define WIN32_LEAN_AND_MEAN
+				   #include <winsock2.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_winsock2=yes,
+                                   ac_cv_decl_inaddr_loopback_winsock2=no))
+	case "${ac_cv_decl_inaddr_loopback_winsock2}" in
+     		"yes" )
+			AC_DEFINE(DEF_INADDR_LOOPBACK_IN_WINSOCK2_H,[],
+				[Define if you need to include winsock2.h to get INADDR_LOOPBACK defined]) ;;
+		* )
+			# couldn't find it anywhere
+        		AC_DEFINE(HAVE_NO_INADDR_LOOPBACK,[],
+				[Define if you don't have a definition of INADDR_LOOPBACK]) ;;
+	esac;;
+   esac
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_SOCKADDR_SA_LEN
+dnl
+dnl Check if the sockaddr structure has the field sa_len
+dnl
+
+AC_DEFUN(LM_STRUCT_SOCKADDR_SA_LEN,
+[AC_CACHE_CHECK([whether struct sockaddr has sa_len field],
+                ac_cv_struct_sockaddr_sa_len,
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <sys/socket.h>], [struct sockaddr s; s.sa_len = 10;],
+  ac_cv_struct_sockaddr_sa_len=yes, ac_cv_struct_sockaddr_sa_len=no))
+
+dnl FIXME convbreak
+case ${ac_cv_struct_sockaddr_sa_len} in
+  "no" ) AC_DEFINE(NO_SA_LEN,[1],[Define if you dont have salen]) ;;
+  *) ;;
+esac
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_EXCEPTION
+dnl
+dnl Check to see whether the system supports the matherr function
+dnl and its associated type "struct exception".
+dnl
+
+AC_DEFUN(LM_STRUCT_EXCEPTION,
+[AC_CACHE_CHECK([for struct exception (and matherr function)],
+ ac_cv_struct_exception,
+AC_TRY_COMPILE([#include <math.h>],
+  [struct exception x; x.type = DOMAIN; x.type = SING;],
+  ac_cv_struct_exception=yes, ac_cv_struct_exception=no))
+
+case "${ac_cv_struct_exception}" in
+  "yes" ) AC_DEFINE(USE_MATHERR,[1],[Define if you have matherr() function and struct exception type]) ;;
+  *  ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_IPV6
+dnl
+dnl Check for ipv6 support and what the in6_addr structure is called.
+dnl (early linux used in_addr6 insted of in6_addr)
+dnl
+
+AC_DEFUN(LM_SYS_IPV6,
+[AC_MSG_CHECKING(for IP version 6 support)
+AC_CACHE_VAL(ac_cv_sys_ipv6_support,
+[ok_so_far=yes
+ AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+   [struct in6_addr a6; struct sockaddr_in6 s6;], ok_so_far=yes, ok_so_far=no)
+
+if test $ok_so_far = yes; then
+  ac_cv_sys_ipv6_support=yes
+else
+  AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+    [struct in_addr6 a6; struct sockaddr_in6 s6;],
+    ac_cv_sys_ipv6_support=in_addr6, ac_cv_sys_ipv6_support=no)
+fi
+])dnl
+
+dnl
+dnl Have to use old style AC_DEFINE due to BC with old autoconf.
+dnl
+
+case ${ac_cv_sys_ipv6_support} in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    ;;
+  in_addr6)
+    AC_MSG_RESULT([yes (but I am redefining in_addr6 to in6_addr)])
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    AC_DEFINE(HAVE_IN_ADDR6_STRUCT,[],[Early linux used in_addr6 instead of in6_addr, define if you have this])
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_MULTICAST
+dnl
+dnl Check for multicast support. Only checks for multicast options in
+dnl setsockopt(), no check is performed that multicasting actually works.
+dnl If options are found defines HAVE_MULTICAST_SUPPORT
+dnl
+
+AC_DEFUN(LM_SYS_MULTICAST,
+[AC_CACHE_CHECK([for multicast support], ac_cv_sys_multicast_support,
+[AC_EGREP_CPP(yes,
+[#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#if defined(IP_MULTICAST_TTL) && defined(IP_MULTICAST_LOOP) && defined(IP_MULTICAST_IF) && defined(IP_ADD_MEMBERSHIP) && defined(IP_DROP_MEMBERSHIP)
+yes
+#endif
+], ac_cv_sys_multicast_support=yes, ac_cv_sys_multicast_support=no)])
+if test $ac_cv_sys_multicast_support = yes; then
+  AC_DEFINE(HAVE_MULTICAST_SUPPORT,[1],
+	[Define if setsockopt() accepts multicast options])
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SYS_ERRLIST
+dnl
+dnl Define SYS_ERRLIST_DECLARED if the variable sys_errlist is declared
+dnl in a system header file, stdio.h or errno.h.
+dnl
+
+AC_DEFUN(LM_DECL_SYS_ERRLIST,
+[AC_CACHE_CHECK([for sys_errlist declaration in stdio.h or errno.h],
+  ac_cv_decl_sys_errlist,
+[AC_TRY_COMPILE([#include <stdio.h>
+#include <errno.h>], [char *msg = *(sys_errlist + 1);],
+  ac_cv_decl_sys_errlist=yes, ac_cv_decl_sys_errlist=no)])
+if test $ac_cv_decl_sys_errlist = yes; then
+  AC_DEFINE(SYS_ERRLIST_DECLARED,[],
+	[define if the variable sys_errlist is declared in a system header file])
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_FUNC_DECL( funname, declaration [, extra includes 
+dnl                     [, action-if-found [, action-if-not-found]]] )
+dnl
+dnl Checks if the declaration "declaration" of "funname" conflicts
+dnl with the header files idea of how the function should be
+dnl declared. It is useful on systems which lack prototypes and you
+dnl need to provide your own (e.g. when you want to take the address
+dnl of a function). The 4'th argument is expanded if conflicting, 
+dnl the 5'th argument otherwise
+dnl
+dnl
+
+AC_DEFUN(LM_CHECK_FUNC_DECL,
+[AC_MSG_CHECKING([for conflicting declaration of $1])
+AC_CACHE_VAL(ac_cv_func_decl_$1,
+[AC_TRY_COMPILE([#include <stdio.h>
+$3],[$2
+char *c = (char *)$1;
+], eval "ac_cv_func_decl_$1=no", eval "ac_cv_func_decl_$1=yes")])
+if eval "test \"`echo '$ac_cv_func_decl_'$1`\" = yes"; then
+  AC_MSG_RESULT(yes)
+  ifelse([$4], , :, [$4])
+else
+  AC_MSG_RESULT(no)
+ifelse([$5], , , [$5
+])dnl
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_THR_LIB
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl LM_CHECK_THR_LIB sets THR_LIBS, THR_DEFS, and THR_LIB_NAME. It also
+dnl checks for some pthread headers which will appear in DEFS or config.h.
+dnl
+
+AC_DEFUN(LM_CHECK_THR_LIB,
+[
+
+NEED_NPTL_PTHREAD_H=no
+
+dnl win32?
+AC_MSG_CHECKING([for native win32 threads])
+if test "X$host_os" = "Xwin32"; then
+    AC_MSG_RESULT(yes)
+    THR_DEFS="-DWIN32_THREADS"
+    THR_LIBS=
+    THR_LIB_NAME=win32_threads
+    THR_LIB_TYPE=win32_threads
+else
+    AC_MSG_RESULT(no)
+    THR_DEFS=
+    THR_LIBS=
+    THR_LIB_NAME=
+    THR_LIB_TYPE=posix_unknown
+
+dnl Try to find POSIX threads
+
+dnl The usual pthread lib...
+    AC_CHECK_LIB(pthread, pthread_create, THR_LIBS="-lpthread")
+
+dnl FreeBSD has pthreads in special c library, c_r...
+    if test "x$THR_LIBS" = "x"; then
+	AC_CHECK_LIB(c_r, pthread_create, THR_LIBS="-lc_r")
+    fi
+
+dnl On ofs1 the '-pthread' switch should be used
+    if test "x$THR_LIBS" = "x"; then
+	AC_MSG_CHECKING([if the '-pthread' switch can be used])
+	saved_cflags=$CFLAGS
+	CFLAGS="$CFLAGS -pthread"
+	AC_TRY_LINK([#include <pthread.h>],
+		    pthread_create((void*)0,(void*)0,(void*)0,(void*)0);,
+		    [THR_DEFS="-pthread"
+		     THR_LIBS="-pthread"])
+	CFLAGS=$saved_cflags
+	if test "x$THR_LIBS" != "x"; then
+	    AC_MSG_RESULT(yes)
+	else
+	    AC_MSG_RESULT(no)
+	fi
+    fi
+
+    if test "x$THR_LIBS" != "x"; then
+	THR_DEFS="$THR_DEFS -D_THREAD_SAFE -D_REENTRANT -DPOSIX_THREADS"
+	THR_LIB_NAME=pthread
+	case $host_os in
+	    solaris*)
+		THR_DEFS="$THR_DEFS -D_POSIX_PTHREAD_SEMANTICS" ;;
+	    linux*)
+		THR_DEFS="$THR_DEFS -D_POSIX_THREAD_SAFE_FUNCTIONS"
+
+		LM_CHECK_GETCONF
+		AC_MSG_CHECKING(for Native POSIX Thread Library)
+		libpthr_vsn=`$GETCONF GNU_LIBPTHREAD_VERSION 2>/dev/null`
+		if test $? -eq 0; then
+		    case "$libpthr_vsn" in
+			*nptl*|*NPTL*) nptl=yes;;
+			*) nptl=no;;
+		    esac
+		elif test "$cross_compiling" = "yes"; then
+		    case "$erl_xcomp_linux_nptl" in
+			"") nptl=cross;;
+			yes|no) nptl=$erl_xcomp_linux_nptl;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_nptl value: $erl_xcomp_linux_nptl]);;
+		    esac
+		else
+		    nptl=no
+		fi
+		AC_MSG_RESULT($nptl)
+		if test $nptl = cross; then
+		    nptl=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $nptl = yes; then
+		    THR_LIB_TYPE=posix_nptl
+		    need_nptl_incldir=no
+		    AC_CHECK_HEADER(nptl/pthread.h,
+				    [need_nptl_incldir=yes
+				     NEED_NPTL_PTHREAD_H=yes])
+		    if test $need_nptl_incldir = yes; then
+			# Ahh...
+			nptl_path="$C_INCLUDE_PATH:$CPATH"
+			if test X$cross_compiling != Xyes; then
+			    nptl_path="$nptl_path:/usr/local/include:/usr/include"
+			else
+			    IROOT="$erl_xcomp_isysroot"
+			    test "$IROOT" != "" || IROOT="$erl_xcomp_sysroot"
+			    test "$IROOT" != "" || AC_MSG_ERROR([Don't know where to search for includes! Please set erl_xcomp_isysroot])
+			    nptl_path="$nptl_path:$IROOT/usr/local/include:$IROOT/usr/include"
+			fi
+			nptl_ws_path=
+			save_ifs="$IFS"; IFS=":"
+			for dir in $nptl_path; do
+			    if test "x$dir" != "x"; then
+				nptl_ws_path="$nptl_ws_path $dir"
+			    fi
+			done
+			IFS=$save_ifs
+			nptl_incldir=
+			for dir in $nptl_ws_path; do
+		            AC_CHECK_HEADER($dir/nptl/pthread.h,
+					    nptl_incldir=$dir/nptl)
+			    if test "x$nptl_incldir" != "x"; then
+				THR_DEFS="$THR_DEFS -isystem $nptl_incldir"
+				break
+			    fi
+			done
+			if test "x$nptl_incldir" = "x"; then
+			    AC_MSG_ERROR(Failed to locate nptl system include directory)
+			fi
+		    fi
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need THR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags=$CPPFLAGS
+	CPPFLAGS="$CPPFLAGS $THR_DEFS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h,
+			AC_DEFINE(HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+    fi
+fi
+
+])
+
+AC_DEFUN(ERL_INTERNAL_LIBS,
+[
+
+ERTS_INTERNAL_X_LIBS=
+
+AC_CHECK_LIB(kstat, kstat_open,
+[AC_DEFINE(HAVE_KSTAT, 1, [Define if you have kstat])
+ERTS_INTERNAL_X_LIBS="$ERTS_INTERNAL_X_LIBS -lkstat"])
+
+AC_SUBST(ERTS_INTERNAL_X_LIBS)
+
+])
+
+AC_DEFUN(ETHR_CHK_SYNC_OP,
+[
+    AC_MSG_CHECKING([for $3-bit $1()])
+    case "$2" in
+	"1") sync_call="$1(&var);";;
+	"2") sync_call="$1(&var, ($4) 0);";;
+	"3") sync_call="$1(&var, ($4) 0, ($4) 0);";;
+    esac
+    have_sync_op=no
+    AC_TRY_LINK([],
+	[
+	    $4 res;
+	    volatile $4 var;
+	    res = $sync_call
+	],
+	[have_sync_op=yes])
+    test $have_sync_op = yes && $5
+    AC_MSG_RESULT([$have_sync_op])
+])
+
+AC_DEFUN(ETHR_CHK_INTERLOCKED,
+[
+    ilckd="$1"
+    AC_MSG_CHECKING([for ${ilckd}()])
+    case "$2" in
+	"1") ilckd_call="${ilckd}(var);";;
+	"2") ilckd_call="${ilckd}(var, ($3) 0);";;
+	"3") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0);";;
+	"4") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0, arr);";;
+    esac
+    have_interlocked_op=no
+    AC_TRY_LINK(
+	[
+	#define WIN32_LEAN_AND_MEAN
+	#include <windows.h>
+	#include <intrin.h>
+	],
+	[
+	    volatile $3 *var;
+	    volatile $3 arr[2];
+
+	    $ilckd_call
+	    return 0;
+	],
+	[have_interlocked_op=yes])
+    test $have_interlocked_op = yes && $4
+    AC_MSG_RESULT([$have_interlocked_op])
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_FIND_ETHR_LIB
+dnl
+dnl NOTE! This macro may be changed at any time! Should *only* be used by
+dnl       ERTS!
+dnl
+dnl Find a thread library to use. Sets ETHR_LIBS to libraries to link
+dnl with, ETHR_X_LIBS to extra libraries to link with (same as ETHR_LIBS
+dnl except that the ethread lib itself is not included), ETHR_DEFS to
+dnl defines to compile with, ETHR_THR_LIB_BASE to the name of the
+dnl thread library which the ethread library is based on, and ETHR_LIB_NAME
+dnl to the name of the library where the ethread implementation is located.
+dnl  ERL_FIND_ETHR_LIB currently searches for 'pthreads', and
+dnl 'win32_threads'. If no thread library was found ETHR_LIBS, ETHR_X_LIBS,
+dnl ETHR_DEFS, ETHR_THR_LIB_BASE, and ETHR_LIB_NAME are all set to the
+dnl empty string.
+dnl
+
+AC_DEFUN(ERL_FIND_ETHR_LIB,
+[
+
+LM_CHECK_THR_LIB
+ERL_INTERNAL_LIBS
+
+ethr_have_native_atomics=no
+ethr_have_native_spinlock=no
+ETHR_THR_LIB_BASE="$THR_LIB_NAME"
+ETHR_THR_LIB_BASE_TYPE="$THR_LIB_TYPE"
+ETHR_DEFS="$THR_DEFS"
+ETHR_X_LIBS="$THR_LIBS $ERTS_INTERNAL_X_LIBS"
+ETHR_LIBS=
+ETHR_LIB_NAME=
+
+ethr_modified_default_stack_size=
+
+dnl Name of lib where ethread implementation is located
+ethr_lib_name=ethread
+
+case "$THR_LIB_NAME" in
+
+    win32_threads)
+	ETHR_THR_LIB_BASE_DIR=win
+	# * _WIN32_WINNT >= 0x0400 is needed for
+	#   TryEnterCriticalSection
+	# * _WIN32_WINNT >= 0x0403 is needed for
+	#   InitializeCriticalSectionAndSpinCount
+	# The ethread lib will refuse to build if _WIN32_WINNT < 0x0403.
+	#
+	# -D_WIN32_WINNT should have been defined in $CPPFLAGS; fetch it
+	# and save it in ETHR_DEFS.
+	found_win32_winnt=no
+	for cppflag in $CPPFLAGS; do
+	    case $cppflag in
+		-DWINVER*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    ;;
+		-D_WIN32_WINNT*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    found_win32_winnt=yes
+		    ;;
+		*)
+		    ;;
+	    esac
+        done
+        if test $found_win32_winnt = no; then
+	    AC_MSG_ERROR([-D_WIN32_WINNT missing in CPPFLAGS])
+        fi
+
+	AC_DEFINE(ETHR_WIN32_THREADS, 1, [Define if you have win32 threads])
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT, 1, [Define if you have _InterlockedDecrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement_rel], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT_REL, 1, [Define if you have _InterlockedDecrement_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT, 1, [Define if you have _InterlockedIncrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement_acq], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT_ACQ, 1, [Define if you have _InterlockedIncrement_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD, 1, [Define if you have _InterlockedExchangeAdd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd_acq], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD_ACQ, 1, [Define if you have _InterlockedExchangeAdd_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND, 1, [Define if you have _InterlockedAnd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR, 1, [Define if you have _InterlockedOr()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE, 1, [Define if you have _InterlockedExchange()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE, 1, [Define if you have _InterlockedCompareExchange()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_acq], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_ACQ, 1, [Define if you have _InterlockedCompareExchange_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_rel], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_REL, 1, [Define if you have _InterlockedCompareExchange_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64, 1, [Define if you have _InterlockedDecrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64_rel], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64_REL, 1, [Define if you have _InterlockedDecrement64_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64, 1, [Define if you have _InterlockedIncrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64_acq], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64_ACQ, 1, [Define if you have _InterlockedIncrement64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64, 1, [Define if you have _InterlockedExchangeAdd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64_acq], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64_ACQ, 1, [Define if you have _InterlockedExchangeAdd64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND64, 1, [Define if you have _InterlockedAnd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR64, 1, [Define if you have _InterlockedOr64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE64, 1, [Define if you have _InterlockedExchange64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64, 1, [Define if you have _InterlockedCompareExchange64()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_acq], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_ACQ, 1, [Define if you have _InterlockedCompareExchange64_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_rel], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_REL, 1, [Define if you have _InterlockedCompareExchange64_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange128], [4], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE128, 1, [Define if you have _InterlockedCompareExchange128()]))
+
+	test "$ethr_have_native_atomics" = "yes" && ethr_have_native_spinlock=yes
+	;;
+
+    pthread)
+	ETHR_THR_LIB_BASE_DIR=pthread
+    	AC_DEFINE(ETHR_PTHREADS, 1, [Define if you have pthreads])
+	case $host_os in
+	    openbsd*)
+		# The default stack size is insufficient for our needs
+		# on OpenBSD. We increase it to 256 kilo words.
+		ethr_modified_default_stack_size=256;;
+	    linux*)
+		ETHR_DEFS="$ETHR_DEFS -D_GNU_SOURCE"
+
+		if test	X$cross_compiling = Xyes; then
+		    case X$erl_xcomp_linux_usable_sigusrx in
+			X) usable_sigusrx=cross;;
+			Xyes|Xno) usable_sigusrx=$erl_xcomp_linux_usable_sigusrx;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigusrx value: $erl_xcomp_linux_usable_sigusrx]);;
+		    esac
+		    case X$erl_xcomp_linux_usable_sigaltstack in
+			X) usable_sigaltstack=cross;;
+			Xyes|Xno) usable_sigaltstack=$erl_xcomp_linux_usable_sigaltstack;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigaltstack value: $erl_xcomp_linux_usable_sigaltstack]);;
+		    esac
+		else
+		    # FIXME: Test for actual problems instead of kernel versions
+		    linux_kernel_vsn_=`uname -r`
+		    case $linux_kernel_vsn_ in
+			[[0-1]].*|2.[[0-1]]|2.[[0-1]].*)
+			    usable_sigusrx=no
+			    usable_sigaltstack=no;;
+			2.[[2-3]]|2.[[2-3]].*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=no;;
+		    	*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=yes;;
+		    esac
+		fi
+
+		AC_MSG_CHECKING(if SIGUSR1 and SIGUSR2 can be used)
+		AC_MSG_RESULT($usable_sigusrx)
+		if test $usable_sigusrx = cross; then
+		    usable_sigusrx=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigusrx = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGUSRX"
+		fi
+
+		AC_MSG_CHECKING(if sigaltstack can be used)
+		AC_MSG_RESULT($usable_sigaltstack)
+		if test $usable_sigaltstack = cross; then
+		    usable_sigaltstack=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigaltstack = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGALTSTACK"
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need ETHR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags="$CPPFLAGS"
+	CPPFLAGS="$CPPFLAGS $ETHR_DEFS"
+
+	dnl We need the thread library in order to find some functions
+	saved_libs="$LIBS"
+	LIBS="$LIBS $ETHR_X_LIBS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(ETHR_HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	if test $NEED_NPTL_PTHREAD_H = yes; then
+	    AC_DEFINE(ETHR_NEED_NPTL_PTHREAD_H, 1, \
+[Define if you need the <nptl/pthread.h> header file.])
+	fi
+
+	AC_CHECK_HEADER(sched.h, \
+			AC_DEFINE(ETHR_HAVE_SCHED_H, 1, \
+[Define if you have the <sched.h> header file.]))
+
+	AC_CHECK_HEADER(sys/time.h, \
+			AC_DEFINE(ETHR_HAVE_SYS_TIME_H, 1, \
+[Define if you have the <sys/time.h> header file.]))
+
+	AC_TRY_COMPILE([#include <time.h>
+			#include <sys/time.h>], 
+			[struct timeval *tv; return 0;],
+			AC_DEFINE(ETHR_TIME_WITH_SYS_TIME, 1, \
+[Define if you can safely include both <sys/time.h> and <time.h>.]))
+
+
+	dnl
+	dnl Check for functions
+	dnl
+
+	AC_CHECK_FUNC(pthread_spin_lock, \
+			[ethr_have_native_spinlock=yes \
+			 AC_DEFINE(ETHR_HAVE_PTHREAD_SPIN_LOCK, 1, \
+[Define if you have the pthread_spin_lock function.])])
+
+	have_sched_yield=no
+	have_librt_sched_yield=no
+	AC_CHECK_FUNC(sched_yield, [have_sched_yield=yes])
+	if test $have_sched_yield = no; then
+	    AC_CHECK_LIB(rt, sched_yield,
+			 [have_librt_sched_yield=yes
+			  ETHR_X_LIBS="$ETHR_X_LIBS -lrt"])
+	fi
+	if test $have_sched_yield = yes || test $have_librt_sched_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_SCHED_YIELD, 1, [Define if you have the sched_yield() function.])
+	    AC_MSG_CHECKING([whether sched_yield() returns an int])
+	    sched_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#ifdef ETHR_HAVE_SCHED_H
+				#include <sched.h>
+				#endif
+			   ],
+			   [int sched_yield();],
+			   [sched_yield_ret_int=yes])
+	    AC_MSG_RESULT([$sched_yield_ret_int])
+	    if test $sched_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_SCHED_YIELD_RET_INT, 1, [Define if sched_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_yield=no
+	AC_CHECK_FUNC(pthread_yield, [have_pthread_yield=yes])
+	if test $have_pthread_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_PTHREAD_YIELD, 1, [Define if you have the pthread_yield() function.])
+	    AC_MSG_CHECKING([whether pthread_yield() returns an int])
+	    pthread_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			   ],
+			   [int pthread_yield();],
+			   [pthread_yield_ret_int=yes])
+	    AC_MSG_RESULT([$pthread_yield_ret_int])
+	    if test $pthread_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_PTHREAD_YIELD_RET_INT, 1, [Define if pthread_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_rwlock_init=no
+	AC_CHECK_FUNC(pthread_rwlock_init, [have_pthread_rwlock_init=yes])
+	if test $have_pthread_rwlock_init = yes; then
+
+	    ethr_have_pthread_rwlockattr_setkind_np=no
+	    AC_CHECK_FUNC(pthread_rwlockattr_setkind_np,
+			  [ethr_have_pthread_rwlockattr_setkind_np=yes])
+
+	    if test $ethr_have_pthread_rwlockattr_setkind_np = yes; then
+		AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCKATTR_SETKIND_NP, 1, \
+[Define if you have the pthread_rwlockattr_setkind_np() function.])
+
+		AC_MSG_CHECKING([for PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP])
+		ethr_pthread_rwlock_writer_nonrecursive_initializer_np=no
+		AC_TRY_LINK([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			    ],
+			    [
+				pthread_rwlockattr_t *attr;
+				return pthread_rwlockattr_setkind_np(attr,
+				    PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP);
+			    ],
+			    [ethr_pthread_rwlock_writer_nonrecursive_initializer_np=yes])
+		AC_MSG_RESULT([$ethr_pthread_rwlock_writer_nonrecursive_initializer_np])
+		if test $ethr_pthread_rwlock_writer_nonrecursive_initializer_np = yes; then
+		    AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP, 1, \
+[Define if you have the PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP rwlock attribute.])
+		fi
+	    fi
+	fi
+
+	if test "$force_pthread_rwlocks" = "yes"; then
+
+	    AC_DEFINE(ETHR_FORCE_PTHREAD_RWLOCK, 1, \
+[Define if you want to force usage of pthread rwlocks])
+
+	    if test $have_pthread_rwlock_init = yes; then
+		AC_MSG_WARN([Forced usage of pthread rwlocks. Note that this implementation may suffer from starvation issues.])
+	    else
+		AC_MSG_ERROR([User forced usage of pthread rwlock, but no such implementation was found])
+	    fi
+	fi
+
+	AC_CHECK_FUNC(pthread_attr_setguardsize, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_ATTR_SETGUARDSIZE, 1, \
+[Define if you have the pthread_attr_setguardsize function.]))
+
+	linux_futex=no
+	AC_MSG_CHECKING([for Linux futexes])
+	AC_TRY_LINK([
+			#include <sys/syscall.h>
+			#include <unistd.h>
+			#include <linux/futex.h>
+			#include <sys/time.h>
+		    ],
+		    [
+			int i = 1;
+			syscall(__NR_futex, (void *) &i, FUTEX_WAKE, 1,
+				(void*)0,(void*)0, 0);
+			syscall(__NR_futex, (void *) &i, FUTEX_WAIT, 0,
+				(void*)0,(void*)0, 0);
+			return 0;
+		    ],
+		    linux_futex=yes)
+	AC_MSG_RESULT([$linux_futex])
+	test $linux_futex = yes && AC_DEFINE(ETHR_HAVE_LINUX_FUTEX, 1, [Define if you have a linux futex implementation.])
+
+	AC_CHECK_SIZEOF(int)
+	AC_CHECK_SIZEOF(long)
+	AC_CHECK_SIZEOF(long long)
+	AC_CHECK_SIZEOF(__int128_t)
+
+	if test "$ac_cv_sizeof_int" = "4"; then
+	    int32="int"
+	elif test "$ac_cv_sizeof_long" = "4"; then
+	    int32="long"
+	elif test "$ac_cv_sizeof_long_long" = "4"; then
+	    int32="long long"
+	else
+	    AC_MSG_ERROR([No 32-bit type found])
+	fi
+
+	if test "$ac_cv_sizeof_int" = "8"; then
+	    int64="int"
+	elif test "$ac_cv_sizeof_long" = "8"; then
+	    int64="long"
+	elif test "$ac_cv_sizeof_long_long" = "8"; then
+	    int64="long long"
+	else
+	    AC_MSG_ERROR([No 64-bit type found])
+	fi
+
+	int128=no
+	if test "$ac_cv_sizeof___int128_t" = "16"; then
+	    int128="__int128_t"
+	fi
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP32, 1, [Define if you have __sync_val_compare_and_swap() for 32-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH32, 1, [Define if you have __sync_add_and_fetch() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND32, 1, [Define if you have __sync_fetch_and_and() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR32, 1, [Define if you have __sync_fetch_and_or() for 32-bit integers]))
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP64, 1, [Define if you have __sync_val_compare_and_swap() for 64-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH64, 1, [Define if you have __sync_add_and_fetch() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND64, 1, [Define if you have __sync_fetch_and_and() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR64, 1, [Define if you have __sync_fetch_and_or() for 64-bit integers]))
+
+	if test $int128 != no; then
+	    ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [128], [$int128], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP128, 1, [Define if you have __sync_val_compare_and_swap() for 128-bit integers]))
+	fi
+
+	AC_MSG_CHECKING([for a usable libatomic_ops implementation])
+	case "x$with_libatomic_ops" in
+	    xno | xyes | x)
+		libatomic_ops_include=
+		;;
+	    *)
+		if test -d "${with_libatomic_ops}/include"; then
+		    libatomic_ops_include="-I$with_libatomic_ops/include"
+		    CPPFLAGS="$CPPFLAGS $libatomic_ops_include"
+		else
+		    AC_MSG_ERROR([libatomic_ops include directory $with_libatomic_ops/include not found])
+		fi;;
+	esac
+	ethr_have_libatomic_ops=no
+	AC_TRY_LINK([#include "atomic_ops.h"],
+		    [
+			volatile AO_t x;
+			AO_t y;
+			int z;
+
+			AO_nop_full();
+			AO_store(&x, (AO_t) 0);
+			z = AO_load(&x);
+			z = AO_compare_and_swap_full(&x, (AO_t) 0, (AO_t) 1);
+		    ],
+		    [ethr_have_native_atomics=yes
+		     ethr_have_libatomic_ops=yes])
+	AC_MSG_RESULT([$ethr_have_libatomic_ops])
+	if test $ethr_have_libatomic_ops = yes; then
+	    AC_CHECK_SIZEOF(AO_t, ,
+			    [
+				#include <stdio.h>
+				#include "atomic_ops.h"
+			    ])
+	    AC_DEFINE_UNQUOTED(ETHR_SIZEOF_AO_T, $ac_cv_sizeof_AO_t, [Define to the size of AO_t if libatomic_ops is used])
+
+	    AC_DEFINE(ETHR_HAVE_LIBATOMIC_OPS, 1, [Define if you have libatomic_ops atomic operations])
+	    if test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+		AC_DEFINE(ETHR_PREFER_LIBATOMIC_OPS_NATIVE_IMPLS, 1, [Define if you prefer libatomic_ops native ethread implementations])
+	    fi
+	    ETHR_DEFS="$ETHR_DEFS $libatomic_ops_include"
+	elif test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+	    AC_MSG_ERROR([No usable libatomic_ops implementation found])
+	fi
+
+	case "$host_cpu" in
+	  sparc | sun4u | sparc64 | sun4v)
+		case "$with_sparc_memory_order" in
+		    "TSO")
+			AC_DEFINE(ETHR_SPARC_TSO, 1, [Define if only run in Sparc TSO mode]);;
+		    "PSO")
+			AC_DEFINE(ETHR_SPARC_PSO, 1, [Define if only run in Sparc PSO, or TSO mode]);;
+		    "RMO"|"")
+			AC_DEFINE(ETHR_SPARC_RMO, 1, [Define if run in Sparc RMO, PSO, or TSO mode]);;
+		    *)
+			AC_MSG_ERROR([Unsupported Sparc memory order: $with_sparc_memory_order]);;
+		esac
+		ethr_have_native_atomics=yes;; 
+	  i86pc | i*86 | x86_64 | amd64)
+		if test "$enable_x86_out_of_order" = "yes"; then
+			AC_DEFINE(ETHR_X86_OUT_OF_ORDER, 1, [Define if x86/x86_64 out of order instructions should be synchronized])
+		fi
+		ethr_have_native_atomics=yes;;
+	  macppc | ppc | "Power Macintosh")
+		ethr_have_native_atomics=yes;;
+	  tile)
+		ethr_have_native_atomics=yes;;
+	  *)
+		;;
+	esac
+
+	test ethr_have_native_atomics = "yes" && ethr_have_native_spinlock=yes
+
+	dnl Restore LIBS
+	LIBS=$saved_libs
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+	;;
+    *)
+	;;
+esac
+
+AC_MSG_CHECKING([whether default stack size should be modified])
+if test "x$ethr_modified_default_stack_size" != "x"; then
+	AC_DEFINE_UNQUOTED(ETHR_MODIFIED_DEFAULT_STACK_SIZE, $ethr_modified_default_stack_size, [Define if you want to modify the default stack size])
+	AC_MSG_RESULT([yes; to $ethr_modified_default_stack_size kilo words])
+else
+	AC_MSG_RESULT([no])
+fi
+
+if test "x$ETHR_THR_LIB_BASE" != "x"; then
+	ETHR_DEFS="-DUSE_THREADS $ETHR_DEFS"
+	ETHR_LIBS="-l$ethr_lib_name -lerts_internal_r $ETHR_X_LIBS"
+	ETHR_LIB_NAME=$ethr_lib_name
+fi
+
+AC_CHECK_SIZEOF(void *)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_PTR, $ac_cv_sizeof_void_p, [Define to the size of pointers])
+
+AC_CHECK_SIZEOF(int)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_INT, $ac_cv_sizeof_int, [Define to the size of int])
+AC_CHECK_SIZEOF(long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG, $ac_cv_sizeof_long, [Define to the size of long])
+AC_CHECK_SIZEOF(long long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG_LONG, $ac_cv_sizeof_long_long, [Define to the size of long long])
+AC_CHECK_SIZEOF(__int64)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT64, $ac_cv_sizeof___int64, [Define to the size of __int64])
+AC_CHECK_SIZEOF(__int128_t)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT128_T, $ac_cv_sizeof___int128_t, [Define to the size of __int128_t])
+
+
+case X$erl_xcomp_bigendian in
+    X) ;;
+    Xyes|Xno) ac_cv_c_bigendian=$erl_xcomp_bigendian;;
+    *) AC_MSG_ERROR([Bad erl_xcomp_bigendian value: $erl_xcomp_bigendian]);;
+esac
+
+AC_C_BIGENDIAN
+
+if test "$ac_cv_c_bigendian" = "yes"; then
+    AC_DEFINE(ETHR_BIGENDIAN, 1, [Define if bigendian])
+fi
+
+AC_ARG_ENABLE(native-ethr-impls,
+	      AS_HELP_STRING([--disable-native-ethr-impls],
+                             [disable native ethread implementations]),
+[ case "$enableval" in
+    no) disable_native_ethr_impls=yes ;;
+    *)  disable_native_ethr_impls=no ;;
+  esac ], disable_native_ethr_impls=no)
+
+AC_ARG_ENABLE(x86-out-of-order,
+	      AS_HELP_STRING([--enable-x86-out-of-order],
+                             [enable x86/x84_64 out of order support (default disabled)]))
+
+test "X$disable_native_ethr_impls" = "Xyes" &&
+  AC_DEFINE(ETHR_DISABLE_NATIVE_IMPLS, 1, [Define if you want to disable native ethread implementations])
+
+AC_ARG_ENABLE(prefer-gcc-native-ethr-impls,
+	      AS_HELP_STRING([--enable-prefer-gcc-native-ethr-impls],
+			     [prefer gcc native ethread implementations]),
+[ case "$enableval" in
+    yes) enable_prefer_gcc_native_ethr_impls=yes ;;
+    *)  enable_prefer_gcc_native_ethr_impls=no ;;
+  esac ], enable_prefer_gcc_native_ethr_impls=no)
+
+test $enable_prefer_gcc_native_ethr_impls = yes &&
+  AC_DEFINE(ETHR_PREFER_GCC_NATIVE_IMPLS, 1, [Define if you prefer gcc native ethread implementations])
+
+AC_ARG_WITH(libatomic_ops,
+	    AS_HELP_STRING([--with-libatomic_ops=PATH],
+			   [specify and prefer usage of libatomic_ops in the ethread library]))
+
+AC_ARG_WITH(with_sparc_memory_order,
+	    AS_HELP_STRING([--with-sparc-memory-order=TSO|PSO|RMO],
+			   [specify sparc memory order (defaults to RMO)]))
+
+ETHR_X86_SSE2_ASM=no
+case "$GCC-$ac_cv_sizeof_void_p-$host_cpu" in
+  yes-4-i86pc | yes-4-i*86 | yes-4-x86_64 | yes-4-amd64)
+    AC_MSG_CHECKING([for gcc sse2 asm support])
+    save_CFLAGS="$CFLAGS"
+    CFLAGS="$CFLAGS -msse2"
+    gcc_sse2_asm=no
+    AC_TRY_COMPILE([],
+	[
+		long long x, *y;
+		__asm__ __volatile__("movq %1, %0\n\t" : "=x"(x) : "m"(*y) : "memory");
+	],
+	[gcc_sse2_asm=yes])
+    CFLAGS="$save_CFLAGS"
+    AC_MSG_RESULT([$gcc_sse2_asm])
+    if test "$gcc_sse2_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_SSE2_ASM_SUPPORT, 1, [Define if you use a gcc that supports -msse2 and understand sse2 specific asm statements])
+      ETHR_X86_SSE2_ASM=yes
+    fi
+    ;;
+  *)
+    ;;
+esac
+
+case "$GCC-$host_cpu" in
+  yes-i86pc | yes-i*86 | yes-x86_64 | yes-amd64)
+    gcc_dw_cmpxchg_asm=no
+    AC_MSG_CHECKING([for gcc double word cmpxchg asm support])    
+    AC_TRY_COMPILE([],
+	[
+    char xchgd;
+    long new[2], xchg[2], *p;		  
+    __asm__ __volatile__(
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"pushl %%ebx\n\t"
+	"movl %8, %%ebx\n\t"
+#endif
+#if ETHR_SIZEOF_PTR == 4
+	"lock; cmpxchg8b %0\n\t"
+#else
+	"lock; cmpxchg16b %0\n\t"
+#endif
+	"setz %3\n\t"
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"popl %%ebx\n\t"
+#endif
+	: "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	: "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new[1]),
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	  "r"(new[0])
+#else
+	  "b"(new[0])
+#endif
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+    if test $gcc_dw_cmpxchg_asm = no && test $ac_cv_sizeof_void_p = 4; then
+      AC_TRY_COMPILE([],
+	  [
+      char xchgd;
+      long new[2], xchg[2], *p;
+#if !defined(__PIC__) || !__PIC__
+#  error nope
+#endif
+      __asm__ __volatile__(
+    	  "pushl %%ebx\n\t"
+	  "movl (%7), %%ebx\n\t"
+	  "movl 4(%7), %%ecx\n\t"
+	  "lock; cmpxchg8b %0\n\t"
+  	  "setz %3\n\t"
+	  "popl %%ebx\n\t"
+	  : "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	  : "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new)
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+      if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+        AC_DEFINE(ETHR_CMPXCHG8B_REGISTER_SHORTAGE, 1, [Define if you get a register shortage with cmpxchg8b and position independent code])
+      fi
+    fi
+    AC_MSG_RESULT([$gcc_dw_cmpxchg_asm])
+    if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_DW_CMPXCHG_ASM_SUPPORT, 1, [Define if you use a gcc that supports the double word cmpxchg instruction])
+    fi;;
+  *)
+    ;;
+esac
+
+AC_DEFINE(ETHR_HAVE_ETHREAD_DEFINES, 1, \
+[Define if you have all ethread defines])
+
+AC_SUBST(ETHR_X_LIBS)
+AC_SUBST(ETHR_LIBS)
+AC_SUBST(ETHR_LIB_NAME)
+AC_SUBST(ETHR_DEFS)
+AC_SUBST(ETHR_THR_LIB_BASE)
+AC_SUBST(ETHR_THR_LIB_BASE_DIR)
+AC_SUBST(ETHR_X86_SSE2_ASM)
+
+])
+
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_TIME_CORRECTION
+dnl
+dnl In the presence of a high resolution realtime timer Erlang can adapt
+dnl its view of time relative to this timer. On solaris such a timer is
+dnl available with the syscall gethrtime(). On other OS's a fallback
+dnl solution using times() is implemented. (However on e.g. FreeBSD times()
+dnl is implemented using gettimeofday so it doesn't make much sense to
+dnl use it there...) On second thought, it seems to be safer to do it the
+dnl other way around. I.e. only use times() on OS's where we know it will
+dnl work...
+dnl
+
+AC_DEFUN(ERL_TIME_CORRECTION,
+[if test x$ac_cv_func_gethrtime = x; then
+  AC_CHECK_FUNC(gethrtime)
+fi
+if test x$clock_gettime_correction = xunknown; then
+	AC_TRY_COMPILE([#include <time.h>],
+			[struct timespec ts;
+     			 long long result;
+			 clock_gettime(CLOCK_MONOTONIC,&ts);
+                         result = ((long long) ts.tv_sec) * 1000000000LL + 
+			 ((long long) ts.tv_nsec);],
+			clock_gettime_compiles=yes,
+			clock_gettime_compiles=no)
+else
+	clock_gettime_compiles=no
+fi
+			
+
+AC_CACHE_CHECK([how to correct for time adjustments], erl_cv_time_correction,
+[
+case $clock_gettime_correction in
+    yes)
+	erl_cv_time_correction=clock_gettime;;	
+    no|unknown)
+	case $ac_cv_func_gethrtime in
+  	    yes)
+    		erl_cv_time_correction=hrtime ;;
+  	    no)
+    		case $host_os in
+        	    linux*)
+			case $clock_gettime_correction in
+			    unknown)
+				if test x$clock_gettime_compiles = xyes; then
+				    if test X$cross_compiling != Xyes; then
+				    	linux_kernel_vsn_=`uname -r`
+				    	case $linux_kernel_vsn_ in
+					    [[0-1]].*|2.[[0-5]]|2.[[0-5]].*)
+					    	erl_cv_time_correction=times ;;
+					    *)
+					    	erl_cv_time_correction=clock_gettime;;
+				    	esac
+				    else
+					case X$erl_xcomp_linux_clock_gettime_correction in
+					    X)
+						erl_cv_time_correction=cross;;
+					    Xyes|Xno)
+						if test $erl_xcomp_linux_clock_gettime_correction = yes; then
+						    erl_cv_time_correction=clock_gettime
+						else
+					    	    erl_cv_time_correction=times
+						fi;;
+					    *)
+						AC_MSG_ERROR([Bad erl_xcomp_linux_clock_gettime_correction value: $erl_xcomp_linux_clock_gettime_correction]);;
+					esac
+				    fi
+				else
+				    erl_cv_time_correction=times
+				fi
+				;;
+			     *)				
+        			erl_cv_time_correction=times ;;
+			esac
+			;;
+            	    *)
+        		erl_cv_time_correction=none ;;
+    		esac
+    		;;
+	esac
+	;;
+esac
+])
+
+xrtlib=""
+case $erl_cv_time_correction in
+  times)
+    AC_DEFINE(CORRECT_USING_TIMES,[],
+	[Define if you do not have a high-res. timer & want to use times() instead])
+    ;;
+  clock_gettime|cross)
+    if test $erl_cv_time_correction = cross; then
+	erl_cv_time_correction=clock_gettime
+	AC_MSG_WARN([result clock_gettime guessed because of cross compilation])
+    fi
+    xrtlib="-lrt"
+    AC_DEFINE(GETHRTIME_WITH_CLOCK_GETTIME,[1],
+	[Define if you want to use clock_gettime to simulate gethrtime])
+    ;;
+esac
+dnl
+dnl Check if gethrvtime is working, and if to use procfs ioctl
+dnl or (yet to be written) write to the procfs ctl file.
+dnl
+
+AC_MSG_CHECKING([if gethrvtime works and how to use it])
+AC_TRY_RUN([
+/* gethrvtime procfs ioctl test */
+/* These need to be undef:ed to not break activation of
+ * micro level process accounting on /proc/self 
+ */
+#ifdef _LARGEFILE_SOURCE
+#  undef _LARGEFILE_SOURCE
+#endif
+#ifdef _FILE_OFFSET_BITS
+#  undef _FILE_OFFSET_BITS
+#endif
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/signal.h>
+#include <sys/fault.h>
+#include <sys/syscall.h>
+#include <sys/procfs.h>
+#include <fcntl.h>
+
+int main() {
+    long msacct = PR_MSACCT;
+    int fd;
+    long long start, stop;
+    int i;
+    pid_t pid = getpid();
+    char proc_self[30] = "/proc/";
+
+    sprintf(proc_self+strlen(proc_self), "%lu", (unsigned long) pid);
+    if ( (fd = open(proc_self, O_WRONLY)) == -1)
+	exit(1);
+    if (ioctl(fd, PIOCSET, &msacct) < 0)
+	exit(2);
+    if (close(fd) < 0)
+	exit(3);
+    start = gethrvtime();
+    for (i = 0; i < 100; i++)
+	stop = gethrvtime();
+    if (start == 0)
+	exit(4);
+    if (start == stop)
+	exit(5);
+    exit(0); return 0;
+}
+],
+erl_gethrvtime=procfs_ioctl,
+erl_gethrvtime=false,
+[
+case X$erl_xcomp_gethrvtime_procfs_ioctl in
+    X)
+	erl_gethrvtime=cross;;
+    Xyes|Xno)
+	if test $erl_xcomp_gethrvtime_procfs_ioctl = yes; then
+	    erl_gethrvtime=procfs_ioctl
+	else
+	    erl_gethrvtime=false
+	fi;;
+    *)
+	AC_MSG_ERROR([Bad erl_xcomp_gethrvtime_procfs_ioctl value: $erl_xcomp_gethrvtime_procfs_ioctl]);;
+esac
+])
+
+case $erl_gethrvtime in
+  procfs_ioctl)
+	AC_DEFINE(HAVE_GETHRVTIME_PROCFS_IOCTL,[1],
+		[define if gethrvtime() works and uses ioctl() to /proc/self])
+	AC_MSG_RESULT(uses ioctl to procfs)
+	;;
+  *)
+	if test $erl_gethrvtime = cross; then
+	    erl_gethrvtime=false
+	    AC_MSG_RESULT(cross)
+	    AC_MSG_WARN([result 'not working' guessed because of cross compilation])
+	else
+	    AC_MSG_RESULT(not working)
+	fi
+
+	dnl
+	dnl Check if clock_gettime (linux) is working
+	dnl
+
+	AC_MSG_CHECKING([if clock_gettime can be used to get process CPU time])
+	save_libs=$LIBS
+	LIBS="-lrt"
+	AC_TRY_RUN([
+	#include <stdlib.h>
+	#include <unistd.h>
+	#include <string.h>
+	#include <stdio.h>
+	#include <time.h>
+	int main() {
+	    long long start, stop;
+	    int i;
+	    struct timespec tp;
+
+	    if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp) < 0)
+	      exit(1);
+	    start = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    for (i = 0; i < 100; i++)
+	      clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp);
+	    stop = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    if (start == 0)
+	      exit(4);
+	    if (start == stop)
+	      exit(5);
+	    exit(0); return 0;
+	  }
+	],
+	erl_clock_gettime=yes,
+	erl_clock_gettime=no,
+	[
+	case X$erl_xcomp_clock_gettime_cpu_time in
+	    X) erl_clock_gettime=cross;;
+	    Xyes|Xno) erl_clock_gettime=$erl_xcomp_clock_gettime_cpu_time;;
+	    *) AC_MSG_ERROR([Bad erl_xcomp_clock_gettime_cpu_time value: $erl_xcomp_clock_gettime_cpu_time]);;
+	esac
+	])
+	LIBS=$save_libs
+	case $host_os in
+		linux*)
+			AC_MSG_RESULT([no; not stable])
+			LIBRT=$xrtlib
+			;;
+		*)
+			AC_MSG_RESULT($erl_clock_gettime)
+			case $erl_clock_gettime in
+	  			yes)
+					AC_DEFINE(HAVE_CLOCK_GETTIME,[],
+						  [define if clock_gettime() works for getting process time])
+					LIBRT=-lrt
+					;;
+	  			cross)
+					erl_clock_gettime=no
+					AC_MSG_WARN([result no guessed because of cross compilation])
+					LIBRT=$xrtlib
+					;;
+	  			*)
+					LIBRT=$xrtlib
+					;;
+			esac
+			;;
+	esac
+	AC_SUBST(LIBRT)
+	;;
+esac
+])dnl
+
+dnl ERL_TRY_LINK_JAVA(CLASSES, FUNCTION-BODY
+dnl                   [ACTION_IF_FOUND [, ACTION-IF-NOT-FOUND]])
+dnl Freely inspired by AC_TRY_LINK. (Maybe better to create a 
+dnl AC_LANG_JAVA instead...)
+AC_DEFUN(ERL_TRY_LINK_JAVA,
+[java_link='$JAVAC conftest.java 1>&AC_FD_CC'
+changequote(, )dnl
+cat > conftest.java <<EOF
+$1
+class conftest { public static void main(String[] args) {
+   $2
+   ; return; }}
+EOF
+changequote([, ])dnl
+if AC_TRY_EVAL(java_link) && test -s conftest.class; then
+   ifelse([$3], , :, [rm -rf conftest*
+   $3])
+else
+   echo "configure: failed program was:" 1>&AC_FD_CC
+   cat conftest.java 1>&AC_FD_CC
+   echo "configure: PATH was $PATH" 1>&AC_FD_CC
+ifelse([$4], , , [  rm -rf conftest*
+  $4
+])dnl
+fi
+rm -f conftest*])
+#define UNSAFE_MASK  0xc0000000 /* Mask for bits that must be constant */
+
+
diff --git a/lib/erl_interface/configure.in b/lib/erl_interface/configure.in
index 72ac8c7bbf..c958f80065 100644
--- a/lib/erl_interface/configure.in
+++ b/lib/erl_interface/configure.in
@@ -1,7 +1,7 @@
 #                                               -*- Autoconf -*-
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2000-2010. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -89,7 +89,7 @@ AC_PROG_CC
 AC_PROG_CPP
 dnl AC_PROG_LIBTOOL
 AC_PROG_RANLIB
-AC_CHECK_PROG(LD, ld.sh)
+AC_CHECK_PROGS(LD, ld.sh)
 AC_CHECK_TOOL(LD, ld, '$(CC)')
 AC_SUBST(LD)
 
@@ -224,50 +224,8 @@ elif test "x$with_gmp" != "xno" -a -n "$with_gmp" ;then
     # FIXME return ERROR if no lib
 fi
 
-MIXED_CYGWIN=no
-
-AC_MSG_CHECKING(for mixed cygwin and native VC++ environment)
-if test "X$CC" = "Xcc.sh" -a "X$host" = "Xwin32" -a "x$GCC" != x"yes"; then
-	if test -x /usr/bin/cygpath; then
-		CFLAGS="-O2"
-		MIXED_CYGWIN=yes
-		AC_MSG_RESULT([yes])
-		MIXED_CYGWIN_VC=yes
-	else
-		AC_MSG_RESULT([undeterminable])
-		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
-	fi
-else
-	AC_MSG_RESULT([no])
-	MIXED_CYGWIN_VC=no
-fi
-AC_SUBST(MIXED_CYGWIN_VC)
-
-AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
-if test "X$CC" = "Xcc.sh" -a "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
-	if test -x /usr/bin/cygpath; then
-		CFLAGS="-O2"
-		MIXED_CYGWIN=yes
-		AC_MSG_RESULT([yes])
-		MIXED_CYGWIN_MINGW=yes
-	else
-		AC_MSG_RESULT([undeterminable])
-		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
-	fi
-else
-	AC_MSG_RESULT([no])
-	MIXED_CYGWIN_MINGW=no
-fi
-AC_SUBST(MIXED_CYGWIN_MINGW)
-
-AC_MSG_CHECKING(if we mix cygwin with any native compiler)
-if test "X$MIXED_CYGWIN" = "Xyes" ; then
-	AC_MSG_RESULT([yes])	
-else
-	AC_MSG_RESULT([no])
-fi
-
-AC_SUBST(MIXED_CYGWIN)
+LM_WINDOWS_ENVIRONMENT
+	
 	
 dnl
 dnl Threads
@@ -338,12 +296,6 @@ AC_SUBST(LIB_CFLAGS)
 if test "X$host" = "Xwin32"; then
   LIB_CFLAGS="$CFLAGS"
 else
-  case $host_os in
-    darwin*)
-	CFLAGS="$CFLAGS -no-cpp-precomp"
-	;;
-  esac
-
   if test "x$GCC" = xyes; then
 	LIB_CFLAGS="$CFLAGS -fPIC"
   else
diff --git a/lib/erl_interface/doc/src/notes.xml b/lib/erl_interface/doc/src/notes.xml
index 9a42ebfddf..4cb9532880 100644
--- a/lib/erl_interface/doc/src/notes.xml
+++ b/lib/erl_interface/doc/src/notes.xml
@@ -30,6 +30,44 @@
   </header>
   <p>This document describes the changes made to the Erl_interface application.</p>
 
+<section><title>Erl_Interface 3.7.6</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    An error when getting global names on OS X Lion has been
+	    fixed. The error caused truncated strings to be returned
+	    from the function.</p>
+          <p>
+	    Own Id: OTP-9799</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Erl_Interface 3.7.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/erl_interface/src/Makefile.in b/lib/erl_interface/src/Makefile.in
index 0d841cfa48..d6b0ca1f16 100644
--- a/lib/erl_interface/src/Makefile.in
+++ b/lib/erl_interface/src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1997-2010. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -39,7 +39,9 @@ include ../vsn.mk
 include $(TARGET)/eidefs.mk
 
 USING_MINGW=@MIXED_CYGWIN_MINGW@
-USING_VC=@MIXED_CYGWIN_VC@
+USING_MSYS_VC==@MIXED_MSYS_VC@
+USING_CYGWIN_VC==@MIXED_MSYS_VC@
+USING_VC=@MIXED_VC@
 
 ifdef TESTROOT
 RELEASE_PATH=$(TESTROOT)
diff --git a/lib/erl_interface/src/auxdir/config.guess b/lib/erl_interface/src/auxdir/config.guess
index fefabd7dd0..38a833903b 120000..100755
--- a/lib/erl_interface/src/auxdir/config.guess
+++ b/lib/erl_interface/src/auxdir/config.guess
@@ -1 +1,1519 @@
-../../../../erts/autoconf/config.guess
\ No newline at end of file
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-05-17'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner <[email protected]>.
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit build system type.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# ([email protected] 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep __ELF__ >/dev/null
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# [email protected] (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:SunOS:5.*:* | ix86xen:SunOS:5.*:*)
+	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[45])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep __LP64__ >/dev/null
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:[3456]*)
+    	case ${UNAME_MACHINE} in
+	    x86) 
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    EM64T | authenticamd)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    arm*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-gnu
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-gnu
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-gnu
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    mips:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips
+	#undef mipsel
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mipsel
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips64
+	#undef mips64el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mips64el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips64
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-gnu
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-gnu
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-gnu
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
+	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
+	  *)    echo hppa-unknown-linux-gnu ;;
+	esac
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-gnu
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    tile:Linux:*:*)
+	echo tile-unknown-linux-gnu
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-gnu
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-gnu
+	exit ;;
+    xtensa:Linux:*:*)
+    	echo xtensa-unknown-linux-gnu
+	exit ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	# Set LC_ALL=C to ensure ld outputs messages in English.
+	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+		;;
+	  a.out-i386-linux)
+		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+		exit ;;
+	  coff-i386)
+		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+		exit ;;
+	  "")
+		# Either a pre-BFD a.out linker (linux-gnuoldld) or
+		# one that does not give us useful --help.
+		echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+		exit ;;
+	esac
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <features.h>
+	#ifdef __ELF__
+	# ifdef __GLIBC__
+	#  if __GLIBC__ >= 2
+	LIBC=gnu
+	#  else
+	LIBC=gnulibc1
+	#  endif
+	# else
+	LIBC=gnulibc1
+	# endif
+	#else
+	#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+	LIBC=gnu
+	#else
+	LIBC=gnuaout
+	#endif
+	#endif
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^LIBC/{
+		s: ::g
+		p
+	    }'`"
+	test x"${LIBC}" != x && {
+		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+		exit
+	}
+	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i386.
+	echo i386-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <[email protected]>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <[email protected]>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From [email protected].
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From [email protected].
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From [email protected].
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <[email protected]> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/erl_interface/src/auxdir/config.sub b/lib/erl_interface/src/auxdir/config.sub
index 90979e8924..f43233b104 120000..100755
--- a/lib/erl_interface/src/auxdir/config.sub
+++ b/lib/erl_interface/src/auxdir/config.sub
@@ -1 +1,1630 @@
-../../../../erts/autoconf/config.sub
\ No newline at end of file
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-04-29'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray)
+		os=
+		basic_machine=$1
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx \
+	| fido | fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64vr | mips64vrel \
+	| mips64orion | mips64orionel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| mt \
+	| msp430 \
+	| nios | nios2 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+	| tron-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa-* \
+	| ymp-* \
+	| z8k-*)
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16c)
+		basic_machine=cr16c-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	tile*)
+		basic_machine=tile-tilera
+		os=-linux-gnu
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+        mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/erl_interface/src/auxdir/install-sh b/lib/erl_interface/src/auxdir/install-sh
index 9422c370df..a5897de6ea 120000..100755
--- a/lib/erl_interface/src/auxdir/install-sh
+++ b/lib/erl_interface/src/auxdir/install-sh
@@ -1 +1,519 @@
-../../../../erts/autoconf/install-sh
\ No newline at end of file
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2006-12-25.00
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dst_arg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writeable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	-*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test -z "$d" && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/lib/erl_interface/src/legacy/global_names.c b/lib/erl_interface/src/legacy/global_names.c
index 7333d94931..3a437df3a3 100644
--- a/lib/erl_interface/src/legacy/global_names.c
+++ b/lib/erl_interface/src/legacy/global_names.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 1998-2009. All Rights Reserved.
+ * Copyright Ericsson AB 1998-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -94,7 +94,7 @@ char **erl_global_names(int fd, int *count)
   if (!(names = malloc((arity * sizeof(char**)) + (size-index)))) return NULL;
 
   /* arity pointers first, followed by s */
-  s = (char *)(names+arity+1);
+  s = (char *)(names+arity);
 
   if (count) *count = 0;
   for (i=0; i<arity; i++) {
diff --git a/lib/erl_interface/src/misc/ei_format.c b/lib/erl_interface/src/misc/ei_format.c
index cf50f12451..c1e5d998e4 100644
--- a/lib/erl_interface/src/misc/ei_format.c
+++ b/lib/erl_interface/src/misc/ei_format.c
@@ -149,7 +149,7 @@ static int pdigit(const char** fmt, ei_x_buff* x)
 {
     const char* start = *fmt;
     char c;
-    int len, dotp=0;
+    int dotp=0;
     double d;
     long l;
 
@@ -166,7 +166,6 @@ static int pdigit(const char** fmt, ei_x_buff* x)
 	    break;
     } 
     --(*fmt);
-    len = *fmt - start;
     if (dotp) {
 	sscanf(start, "%lf", &d);
 	return ei_x_encode_double(x, d);
diff --git a/lib/erl_interface/test/all_SUITE_data/Makefile.src b/lib/erl_interface/test/all_SUITE_data/Makefile.src
index 42d4c6f27f..70652e47c5 100644
--- a/lib/erl_interface/test/all_SUITE_data/Makefile.src
+++ b/lib/erl_interface/test/all_SUITE_data/Makefile.src
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2003-2009. All Rights Reserved.
+# Copyright Ericsson AB 2003-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/erl_interface/test/all_SUITE_data/init_tc.erl b/lib/erl_interface/test/all_SUITE_data/init_tc.erl
index 8db4667bf9..7a599994fc 100644
--- a/lib/erl_interface/test/all_SUITE_data/init_tc.erl
+++ b/lib/erl_interface/test/all_SUITE_data/init_tc.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/erl_interface/test/port_call_SUITE_data/port_call_drv.c b/lib/erl_interface/test/port_call_SUITE_data/port_call_drv.c
index 80811fb973..abc76085de 100644
--- a/lib/erl_interface/test/port_call_SUITE_data/port_call_drv.c
+++ b/lib/erl_interface/test/port_call_SUITE_data/port_call_drv.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 2001-2009. All Rights Reserved.
+ * Copyright Ericsson AB 2001-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -18,14 +18,17 @@
  */
 
 #include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
 #include "erl_interface.h"
 #include "erl_driver.h"
 
 static ErlDrvPort my_erlang_port;
 static ErlDrvData echo_start(ErlDrvPort, char *);
-static void from_erlang(ErlDrvData, char*, int);
-static int do_call(ErlDrvData drv_data, unsigned int command, char *buf, 
-		     int len, char **rbuf, int rlen, unsigned *ret_flags);
+static void from_erlang(ErlDrvData, char*, ErlDrvSizeT);
+static ErlDrvSSizeT do_call(ErlDrvData drv_data, unsigned int command,
+			    char *buf, ErlDrvSizeT len, char **rbuf,
+			    ErlDrvSizeT rlen, unsigned *ret_flags);
 static ErlDrvEntry echo_driver_entry = { 
     NULL,			/* Init */
     echo_start,
@@ -41,7 +44,15 @@ static ErlDrvEntry echo_driver_entry = {
     NULL,
     NULL,
     NULL,
-    do_call
+    do_call,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL,
 };
 
 DRIVER_INIT(echo_drv)
@@ -56,14 +67,14 @@ echo_start(ErlDrvPort port, char *buf)
 }
 
 static void
-from_erlang(ErlDrvData data, char *buf, int count)
+from_erlang(ErlDrvData data, char *buf, ErlDrvSizeT count)
 {
     driver_output((ErlDrvPort) data, buf, count);
 }
 
-static int 
+static ErlDrvSSizeT
 do_call(ErlDrvData drv_data, unsigned int command, char *buf, 
-	  int len, char **rbuf, int rlen, unsigned *ret_flags) 
+	  ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen, unsigned *ret_flags) 
 {
     int nlen;
     ei_x_buff x;
diff --git a/lib/erl_interface/vsn.mk b/lib/erl_interface/vsn.mk
index 601958579c..2c402bba6c 100644
--- a/lib/erl_interface/vsn.mk
+++ b/lib/erl_interface/vsn.mk
@@ -1 +1 @@
-EI_VSN = 3.7.5
+EI_VSN = 3.7.6
diff --git a/lib/et/src/et_gs_contents_viewer.erl b/lib/et/src/et_gs_contents_viewer.erl
index f6a87bd608..5331c7697a 100644
--- a/lib/et/src/et_gs_contents_viewer.erl
+++ b/lib/et/src/et_gs_contents_viewer.erl
@@ -21,6 +21,17 @@
 %%----------------------------------------------------------------------
 
 -module(et_gs_contents_viewer).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,editor,2}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,menu,2}},
+          {nowarn_deprecated_function,{gs,menubar,2}},
+          {nowarn_deprecated_function,{gs,menubutton,2}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,menuitem,3}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -behaviour(gen_server).
 
diff --git a/lib/et/src/et_gs_viewer.erl b/lib/et/src/et_gs_viewer.erl
index 0af7814d15..4e6f0e3f64 100644
--- a/lib/et/src/et_gs_viewer.erl
+++ b/lib/et/src/et_gs_viewer.erl
@@ -21,6 +21,23 @@
 %%----------------------------------------------------------------------
 
 -module(et_gs_viewer).
+-compile([{nowarn_deprecated_function,{gs,canvas,2}},
+          {nowarn_deprecated_function,{gs,checkbutton,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,line,2}},
+          {nowarn_deprecated_function,{gs,menu,2}},
+          {nowarn_deprecated_function,{gs,menu,3}},
+          {nowarn_deprecated_function,{gs,menubar,2}},
+          {nowarn_deprecated_function,{gs,menubutton,2}},
+          {nowarn_deprecated_function,{gs,menubutton,3}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,menuitem,3}},
+          {nowarn_deprecated_function,{gs,scale,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,text,2}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -behaviour(gen_server).
 
diff --git a/lib/eunit/doc/src/notes.xml b/lib/eunit/doc/src/notes.xml
index e68330482c..34e8a47e3d 100644
--- a/lib/eunit/doc/src/notes.xml
+++ b/lib/eunit/doc/src/notes.xml
@@ -32,6 +32,24 @@
   </header>
   <p>This document describes the changes made to the EUnit application.</p>
 
+<section><title>Eunit 2.2.2</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Eunit 2.2.1</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/eunit/vsn.mk b/lib/eunit/vsn.mk
index b0a77a225b..445c070e96 100644
--- a/lib/eunit/vsn.mk
+++ b/lib/eunit/vsn.mk
@@ -1 +1 @@
-EUNIT_VSN = 2.2.1
+EUNIT_VSN = 2.2.2
diff --git a/lib/gs/contribs/bonk/bonk.erl b/lib/gs/contribs/bonk/bonk.erl
index 79f01bf659..7e68a4ddc5 100644
--- a/lib/gs/contribs/bonk/bonk.erl
+++ b/lib/gs/contribs/bonk/bonk.erl
@@ -19,6 +19,12 @@
 
 %%
 -module(bonk).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
+
 -export([run/0, run/1,bonk_dir/0,start/0]).
 
 -record(colors, {miss, x, bomb, face}).
diff --git a/lib/gs/contribs/cols/cols.erl b/lib/gs/contribs/cols/cols.erl
index 111c9a58f1..9c44837f3e 100644
--- a/lib/gs/contribs/cols/cols.erl
+++ b/lib/gs/contribs/cols/cols.erl
@@ -19,6 +19,12 @@
 
 %%
 -module(cols).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
 
 -export([start/0, init/0]).
 
diff --git a/lib/gs/contribs/cols/highscore.erl b/lib/gs/contribs/cols/highscore.erl
index 9ffbea50a7..8f984aaa83 100644
--- a/lib/gs/contribs/cols/highscore.erl
+++ b/lib/gs/contribs/cols/highscore.erl
@@ -19,6 +19,13 @@
 
 %%
 -module(highscore).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,grid,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([run/2]).
 
diff --git a/lib/gs/contribs/mandel/mandel.erl b/lib/gs/contribs/mandel/mandel.erl
index 0f1df5c665..6293f867e2 100644
--- a/lib/gs/contribs/mandel/mandel.erl
+++ b/lib/gs/contribs/mandel/mandel.erl
@@ -18,6 +18,11 @@
 %%
 
 -module(mandel).
+-compile([{nowarn_deprecated_function,{gs,assq,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,image,2}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
 -author('(mbj,eklas)@erlang.ericsson.se').
 
 %% User's interface
diff --git a/lib/gs/contribs/othello/othello_board.erl b/lib/gs/contribs/othello/othello_board.erl
index 212ba9bfe1..c52211a495 100644
--- a/lib/gs/contribs/othello/othello_board.erl
+++ b/lib/gs/contribs/othello/othello_board.erl
@@ -19,6 +19,12 @@
 
 %%
 -module(othello_board).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
+
 -export([start/0,stop/0,init/0]).
 
 
diff --git a/lib/gs/doc/src/gs.xml b/lib/gs/doc/src/gs.xml
index f2182fc673..c61e8c4938 100644
--- a/lib/gs/doc/src/gs.xml
+++ b/lib/gs/doc/src/gs.xml
@@ -39,9 +39,7 @@
 	graphical user interface.
       </p>
       <p>
-	GS is not maintained and we plan to deprecate and remove it from
-	the distribution as soon as possible, maybe already in the next
-	major release (R15).
+	GS is deprecated and will be removed in the R16 release.
       </p>
     </warning>
     <p>The Graphics System, GS, is easy to learn and
diff --git a/lib/gs/doc/src/notes.xml b/lib/gs/doc/src/notes.xml
index c32db495a1..cd63104346 100644
--- a/lib/gs/doc/src/notes.xml
+++ b/lib/gs/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2004</year><year>2010</year>
+      <year>2004</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -30,7 +30,31 @@
   </header>
   <p>This document describes the changes made to the GS application.</p>
 
-  <section><title>GS 1.5.14</title>
+  <section><title>GS 1.5.15</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>GS 1.5.14</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/gs/examples/ball.erl b/lib/gs/examples/ball.erl
index 3f91a7b379..03fac3b5fc 100644
--- a/lib/gs/examples/ball.erl
+++ b/lib/gs/examples/ball.erl
@@ -24,6 +24,12 @@
 %% ------------------------------------------------------------
 
 -module(ball).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,canvas,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,oval,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0,init/0]).
 
diff --git a/lib/gs/examples/browser.erl b/lib/gs/examples/browser.erl
index 1dba5a915b..0f8b3fc7e6 100644
--- a/lib/gs/examples/browser.erl
+++ b/lib/gs/examples/browser.erl
@@ -23,6 +23,14 @@
 %% ------------------------------------------------------------
 
 -module(browser).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,entry,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,listbox,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0,start/2,init/3]).
 
diff --git a/lib/gs/examples/calc.erl b/lib/gs/examples/calc.erl
index 992b8adb4e..ca29ae1cb9 100644
--- a/lib/gs/examples/calc.erl
+++ b/lib/gs/examples/calc.erl
@@ -23,6 +23,11 @@
 %% ------------------------------------------------------------
 
 -module(calc).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0,calc/0]).
 
diff --git a/lib/gs/examples/calc2.erl b/lib/gs/examples/calc2.erl
index 0e841397f6..83e1870b7a 100644
--- a/lib/gs/examples/calc2.erl
+++ b/lib/gs/examples/calc2.erl
@@ -24,6 +24,12 @@
 %% ------------------------------------------------------------
 
 -module(calc2).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
+
 -export([start/0,calc/0]).
 
 start() ->
diff --git a/lib/gs/examples/color_demo.erl b/lib/gs/examples/color_demo.erl
index 650f853061..a2f4d0eb87 100644
--- a/lib/gs/examples/color_demo.erl
+++ b/lib/gs/examples/color_demo.erl
@@ -24,6 +24,11 @@
 %% ------------------------------------------------------------
 
 -module(color_demo).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,scale,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0,init/0]).
 
diff --git a/lib/gs/examples/color_demo2.erl b/lib/gs/examples/color_demo2.erl
index 817cc9ed7d..3b0b36221d 100644
--- a/lib/gs/examples/color_demo2.erl
+++ b/lib/gs/examples/color_demo2.erl
@@ -24,6 +24,10 @@
 %% ------------------------------------------------------------
 
 -module(color_demo2).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
 
 -export([start/0,init/0]).
 
diff --git a/lib/gs/examples/distrib_draw.erl b/lib/gs/examples/distrib_draw.erl
index ecb1386c25..8f76bc6650 100644
--- a/lib/gs/examples/distrib_draw.erl
+++ b/lib/gs/examples/distrib_draw.erl
@@ -43,6 +43,11 @@
 %%  
 
 -module(distrib_draw).
+-compile([{nowarn_deprecated_function,{gs,canvas,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,line,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 -export([start/2,init/0]).
 
diff --git a/lib/gs/examples/entry_demo.erl b/lib/gs/examples/entry_demo.erl
index a5ecfbc4d3..4bb64e949e 100644
--- a/lib/gs/examples/entry_demo.erl
+++ b/lib/gs/examples/entry_demo.erl
@@ -23,6 +23,12 @@
 %% ------------------------------------------------------------
 
 -module(entry_demo).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0,init/1]).
 
diff --git a/lib/gs/examples/event_test.erl b/lib/gs/examples/event_test.erl
index f6fcc9b4b9..8c0a109df4 100644
--- a/lib/gs/examples/event_test.erl
+++ b/lib/gs/examples/event_test.erl
@@ -21,6 +21,9 @@
 %% Demo for testing some events
 
 -module(event_test).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0,init/0]).
 
diff --git a/lib/gs/examples/file_dialog.erl b/lib/gs/examples/file_dialog.erl
index ff20321374..c1ef6ed8b1 100644
--- a/lib/gs/examples/file_dialog.erl
+++ b/lib/gs/examples/file_dialog.erl
@@ -23,6 +23,11 @@
 %% ------------------------------------------------------------
 
 -module(file_dialog).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
 
 -export([start/0,start/1,start/2,fs_init/3]).
 
diff --git a/lib/gs/examples/focus_demo.erl b/lib/gs/examples/focus_demo.erl
index b9d86866e6..71ca9c6ff5 100644
--- a/lib/gs/examples/focus_demo.erl
+++ b/lib/gs/examples/focus_demo.erl
@@ -23,6 +23,11 @@
 %% ------------------------------------------------------------
 
 -module(focus_demo).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0,init/0]).
 
diff --git a/lib/gs/examples/frac.erl b/lib/gs/examples/frac.erl
index 139a4be310..46af83de8a 100644
--- a/lib/gs/examples/frac.erl
+++ b/lib/gs/examples/frac.erl
@@ -21,6 +21,9 @@
 %% Purpose : Fractal trees
 
 -module(frac).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
 
 -export([start/0, go/0, test/0, grow/2, expand/3, subst/2]).
 
diff --git a/lib/gs/examples/line_demo.erl b/lib/gs/examples/line_demo.erl
index c8a6a69e2e..ba88605118 100644
--- a/lib/gs/examples/line_demo.erl
+++ b/lib/gs/examples/line_demo.erl
@@ -24,6 +24,12 @@
 %% ------------------------------------------------------------
 
 -module(line_demo).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,canvas,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,line,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0,init/0,line/3]).
 
diff --git a/lib/gs/examples/man.erl b/lib/gs/examples/man.erl
index a0ffd3364e..bddd6930ab 100644
--- a/lib/gs/examples/man.erl
+++ b/lib/gs/examples/man.erl
@@ -23,6 +23,15 @@
 %% ------------------------------------------------------------
 
 -module(man).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,entry,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,listbox,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 -export([start/0,init/0]).
 -export([man_list/0]).
diff --git a/lib/gs/examples/menu_demo.erl b/lib/gs/examples/menu_demo.erl
index c95fc33152..6b2fc4113a 100644
--- a/lib/gs/examples/menu_demo.erl
+++ b/lib/gs/examples/menu_demo.erl
@@ -19,6 +19,12 @@
 
 %%
 -module(menu_demo).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -compile(export_all).
 
diff --git a/lib/gs/examples/rubber.erl b/lib/gs/examples/rubber.erl
index ba263f07ac..da4aa57391 100644
--- a/lib/gs/examples/rubber.erl
+++ b/lib/gs/examples/rubber.erl
@@ -23,6 +23,14 @@
 %% ------------------------------------------------------------
 
 -module(rubber).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,canvas,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,radiobutton,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0, init/0]).
 
diff --git a/lib/gs/src/Makefile b/lib/gs/src/Makefile
index 964966ba00..43b530295b 100644
--- a/lib/gs/src/Makefile
+++ b/lib/gs/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1996-2009. All Rights Reserved.
+# Copyright Ericsson AB 1996-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/gs/src/gs.erl b/lib/gs/src/gs.erl
index 3e9a1c4b8b..92dce12580 100644
--- a/lib/gs/src/gs.erl
+++ b/lib/gs/src/gs.erl
@@ -24,7 +24,13 @@
 %%
 
 -module(gs).
-
+-deprecated(module).
+-compile([{nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,create_tree,2}},
+          {nowarn_deprecated_function,{gs,foreach,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,1}}]).
 
 %% ----- Exports -----
 -export([start/0, stop/0, start/1]).
diff --git a/lib/gs/src/gs_frontend.erl b/lib/gs/src/gs_frontend.erl
index 009b264e69..73954baa8d 100644
--- a/lib/gs/src/gs_frontend.erl
+++ b/lib/gs/src/gs_frontend.erl
@@ -24,6 +24,8 @@
 %%
 
 -module(gs_frontend).
+-compile([{nowarn_deprecated_function,{gs,assq,2}},
+          {nowarn_deprecated_function,{gs,error,2}}]).
 
 -export([create/2,
 	 config/2,
diff --git a/lib/gs/src/gs_make.erl b/lib/gs/src/gs_make.erl
index e41183f9bf..bf8a66001f 100644
--- a/lib/gs/src/gs_make.erl
+++ b/lib/gs/src/gs_make.erl
@@ -19,6 +19,7 @@
 
 %%
 -module(gs_make).
+-compile([{nowarn_deprecated_function,{gs,assq,2}}]).
 
 -export([start/0]).
 
diff --git a/lib/gs/src/gse.erl b/lib/gs/src/gse.erl
index b3ea2af4d4..c62badcc27 100644
--- a/lib/gs/src/gse.erl
+++ b/lib/gs/src/gse.erl
@@ -23,6 +23,68 @@
 %%%----------------------------------------------------------------------
 
 -module(gse).
+-compile([{nowarn_deprecated_function,{gs,arc,2}},
+          {nowarn_deprecated_function,{gs,arc,3}},
+          {nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,button,3}},
+          {nowarn_deprecated_function,{gs,canvas,2}},
+          {nowarn_deprecated_function,{gs,canvas,3}},
+          {nowarn_deprecated_function,{gs,checkbutton,2}},
+          {nowarn_deprecated_function,{gs,checkbutton,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,create_tree,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,editor,2}},
+          {nowarn_deprecated_function,{gs,editor,3}},
+          {nowarn_deprecated_function,{gs,entry,2}},
+          {nowarn_deprecated_function,{gs,entry,3}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,frame,3}},
+          {nowarn_deprecated_function,{gs,grid,2}},
+          {nowarn_deprecated_function,{gs,grid,3}},
+          {nowarn_deprecated_function,{gs,gridline,2}},
+          {nowarn_deprecated_function,{gs,gridline,3}},
+          {nowarn_deprecated_function,{gs,image,2}},
+          {nowarn_deprecated_function,{gs,image,3}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,label,3}},
+          {nowarn_deprecated_function,{gs,line,2}},
+          {nowarn_deprecated_function,{gs,line,3}},
+          {nowarn_deprecated_function,{gs,listbox,2}},
+          {nowarn_deprecated_function,{gs,listbox,3}},
+          {nowarn_deprecated_function,{gs,menu,2}},
+          {nowarn_deprecated_function,{gs,menu,3}},
+          {nowarn_deprecated_function,{gs,menubar,2}},
+          {nowarn_deprecated_function,{gs,menubar,3}},
+          {nowarn_deprecated_function,{gs,menubutton,2}},
+          {nowarn_deprecated_function,{gs,menubutton,3}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,menuitem,3}},
+          {nowarn_deprecated_function,{gs,message,2}},
+          {nowarn_deprecated_function,{gs,message,3}},
+          {nowarn_deprecated_function,{gs,oval,2}},
+          {nowarn_deprecated_function,{gs,oval,3}},
+          {nowarn_deprecated_function,{gs,polygon,2}},
+          {nowarn_deprecated_function,{gs,polygon,3}},
+          {nowarn_deprecated_function,{gs,prompter,2}},
+          {nowarn_deprecated_function,{gs,prompter,3}},
+          {nowarn_deprecated_function,{gs,radiobutton,2}},
+          {nowarn_deprecated_function,{gs,radiobutton,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,rectangle,2}},
+          {nowarn_deprecated_function,{gs,rectangle,3}},
+          {nowarn_deprecated_function,{gs,scale,2}},
+          {nowarn_deprecated_function,{gs,scale,3}},
+          {nowarn_deprecated_function,{gs,scrollbar,2}},
+          {nowarn_deprecated_function,{gs,scrollbar,3}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,start,1}},
+          {nowarn_deprecated_function,{gs,text,2}},
+          {nowarn_deprecated_function,{gs,text,3}},
+          {nowarn_deprecated_function,{gs,window,2}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 %%-compile(export_all).
 -export([
diff --git a/lib/gs/src/gstk.erl b/lib/gs/src/gstk.erl
index 6f83cf8be4..ee974a5f63 100644
--- a/lib/gs/src/gstk.erl
+++ b/lib/gs/src/gstk.erl
@@ -20,6 +20,8 @@
 %%
 
 -module(gstk).
+-compile([{nowarn_deprecated_function,{gs,assq,2}},
+          {nowarn_deprecated_function,{gs,creation_error,2}}]).
 
 -export([start_link/4,
 	 stop/1,
diff --git a/lib/gs/src/gstk_arc.erl b/lib/gs/src/gstk_arc.erl
index 8e80ef92b5..3c6fe54d36 100644
--- a/lib/gs/src/gstk_arc.erl
+++ b/lib/gs/src/gstk_arc.erl
@@ -23,6 +23,7 @@
 %% ------------------------------------------------------------
 
 -module(gstk_arc).
+-compile([{nowarn_deprecated_function,{gs,creation_error,2}}]).
 
 %%-----------------------------------------------------------------------------
 %% 			    ARC OPTIONS
diff --git a/lib/gs/src/gstk_canvas.erl b/lib/gs/src/gstk_canvas.erl
index 868b3020fe..5d15529995 100644
--- a/lib/gs/src/gstk_canvas.erl
+++ b/lib/gs/src/gstk_canvas.erl
@@ -23,6 +23,8 @@
 %% ------------------------------------------------------------
 
 -module(gstk_canvas).
+-compile([{nowarn_deprecated_function,{gs,pair,2}},
+          {nowarn_deprecated_function,{gs,val,2}}]).
 
 %%-----------------------------------------------------------------------------
 %% 			    CANVAS OPTIONS
diff --git a/lib/gs/src/gstk_editor.erl b/lib/gs/src/gstk_editor.erl
index 8cc7021cc6..2686997036 100644
--- a/lib/gs/src/gstk_editor.erl
+++ b/lib/gs/src/gstk_editor.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,6 +23,9 @@
 %% ------------------------------------------------------------
 
 -module(gstk_editor).
+-compile([{nowarn_deprecated_function,{gs,assq,2}},
+          {nowarn_deprecated_function,{gs,error,2}},
+          {nowarn_deprecated_function,{gs,val,2}}]).
 
 %%------------------------------------------------------------------------------
 %% 			    CANVAS OPTIONS
diff --git a/lib/gs/src/gstk_entry.erl b/lib/gs/src/gstk_entry.erl
index 14f7831151..432ccd5fde 100644
--- a/lib/gs/src/gstk_entry.erl
+++ b/lib/gs/src/gstk_entry.erl
@@ -23,6 +23,7 @@
 %% ------------------------------------------------------------
 
 -module(gstk_entry).
+-compile([{nowarn_deprecated_function,{gs,error,2}}]).
 
 %%------------------------------------------------------------------------------
 %% 			    ENTRY OPTIONS
diff --git a/lib/gs/src/gstk_generic.erl b/lib/gs/src/gstk_generic.erl
index 2cc6c4c2d3..50c3da8dc5 100644
--- a/lib/gs/src/gstk_generic.erl
+++ b/lib/gs/src/gstk_generic.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -20,6 +20,7 @@
 %%
 
 -module(gstk_generic).
+-compile([{nowarn_deprecated_function,{gs,assq,2}}]).
 
 -export([out_opts/8,
 	 read_option/5,
diff --git a/lib/gs/src/gstk_grid.erl b/lib/gs/src/gstk_grid.erl
index 4189246822..f703dad074 100644
--- a/lib/gs/src/gstk_grid.erl
+++ b/lib/gs/src/gstk_grid.erl
@@ -19,6 +19,7 @@
 
 %%
 -module(gstk_grid).
+-compile([{nowarn_deprecated_function,{gs,val,2}}]).
 
 -export([event/5,create/3,config/3,option/5,read/3,delete/2,destroy/2,
 	 mk_create_opts_for_child/4,read_option/5]).
diff --git a/lib/gs/src/gstk_gridline.erl b/lib/gs/src/gstk_gridline.erl
index c1dd5a1443..4585c7e043 100644
--- a/lib/gs/src/gstk_gridline.erl
+++ b/lib/gs/src/gstk_gridline.erl
@@ -19,6 +19,8 @@
 
 %%
 -module(gstk_gridline).
+-compile([{nowarn_deprecated_function,{gs,val,2}},
+          {nowarn_deprecated_function,{gs,val,3}}]).
 
 -export([event/5,create/3,config/3,option/5,read/3,delete/2,destroy/3,
 	read_option/5]).
diff --git a/lib/gs/src/gstk_image.erl b/lib/gs/src/gstk_image.erl
index 9adbe42386..2b7a324e28 100644
--- a/lib/gs/src/gstk_image.erl
+++ b/lib/gs/src/gstk_image.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,6 +23,7 @@
 %% ------------------------------------------------------------
 
 -module(gstk_image).
+-compile([{nowarn_deprecated_function,{gs,pair,2}}]).
 
 %%-----------------------------------------------------------------------------
 %% 			    BITMAP OPTIONS
diff --git a/lib/gs/src/gstk_menu.erl b/lib/gs/src/gstk_menu.erl
index 3957951a35..e878669de6 100644
--- a/lib/gs/src/gstk_menu.erl
+++ b/lib/gs/src/gstk_menu.erl
@@ -23,6 +23,7 @@
 %%------------------------------------------------------------------------------
 
 -module(gstk_menu).
+-compile([{nowarn_deprecated_function,{gs,error,2}}]).
 
 %%------------------------------------------------------------------------------
 %% 			    MENU OPTIONS
diff --git a/lib/gs/src/gstk_menuitem.erl b/lib/gs/src/gstk_menuitem.erl
index 36a9253598..8abf5d13aa 100644
--- a/lib/gs/src/gstk_menuitem.erl
+++ b/lib/gs/src/gstk_menuitem.erl
@@ -23,6 +23,7 @@
 %% ------------------------------------------------------------
 
 -module(gstk_menuitem).
+-compile([{nowarn_deprecated_function,{gs,error,2}}]).
 
 %%-----------------------------------------------------------------------------
 %% 			    MENUITEM OPTIONS
diff --git a/lib/gs/src/gstk_port_handler.erl b/lib/gs/src/gstk_port_handler.erl
index 93f3e58dc2..c6ca2c0f5b 100644
--- a/lib/gs/src/gstk_port_handler.erl
+++ b/lib/gs/src/gstk_port_handler.erl
@@ -34,6 +34,7 @@
 %% ------------------------------------------------------------
 
 -module(gstk_port_handler).
+-compile([{nowarn_deprecated_function,{gs,error,2}}]).
 
 -include("gstk.hrl").
 
diff --git a/lib/gs/src/gstk_rectangle.erl b/lib/gs/src/gstk_rectangle.erl
index 1e02977c9a..14be16c990 100644
--- a/lib/gs/src/gstk_rectangle.erl
+++ b/lib/gs/src/gstk_rectangle.erl
@@ -23,6 +23,7 @@
 %% ------------------------------------------------------------
 
 -module(gstk_rectangle).
+-compile([{nowarn_deprecated_function,{gs,pair,2}}]).
 
 %%-----------------------------------------------------------------------------
 %% 			    RECTANGLE OPTIONS
diff --git a/lib/gs/src/gstk_window.erl b/lib/gs/src/gstk_window.erl
index acac452ed1..4b4706eb88 100644
--- a/lib/gs/src/gstk_window.erl
+++ b/lib/gs/src/gstk_window.erl
@@ -23,6 +23,7 @@
 %% ------------------------------------------------------------
 
 -module(gstk_window).
+-compile([{nowarn_deprecated_function,{gs,destroy,1}}]).
 
 %%------------------------------------------------------------------------------
 %% 			    WINDOW OPTIONS
diff --git a/lib/gs/src/tcl2erl.erl b/lib/gs/src/tcl2erl.erl
index 8845cf0b9a..d159681c5c 100644
--- a/lib/gs/src/tcl2erl.erl
+++ b/lib/gs/src/tcl2erl.erl
@@ -25,6 +25,7 @@
 %% ------------------------------------------------------------
 
 -module(tcl2erl).
+-compile([{nowarn_deprecated_function,{gs,error,2}}]).
 
 -export([parse_event/1,
 	 ret_int/1,
diff --git a/lib/gs/src/tool_file_dialog.erl b/lib/gs/src/tool_file_dialog.erl
index 6b2c2e8c81..cfcfcd1bf6 100644
--- a/lib/gs/src/tool_file_dialog.erl
+++ b/lib/gs/src/tool_file_dialog.erl
@@ -19,6 +19,16 @@
 
 %%
 -module(tool_file_dialog).
+-compile([{nowarn_deprecated_function,{gs,button,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,entry,3}},
+          {nowarn_deprecated_function,{gs,frame,3}},
+          {nowarn_deprecated_function,{gs,label,3}},
+          {nowarn_deprecated_function,{gs,listbox,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
+
 -export([start/1]).
 
 -record(opts, {type,          % open | save | multiselect
diff --git a/lib/gs/src/tool_utils.erl b/lib/gs/src/tool_utils.erl
index d09af5f22f..69919b18bd 100644
--- a/lib/gs/src/tool_utils.erl
+++ b/lib/gs/src/tool_utils.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -19,6 +19,11 @@
 
 %%
 -module(tool_utils).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}}]).
+
 -include_lib("kernel/include/file.hrl").
 
 %%%---------------------------------------------------------------------
diff --git a/lib/gs/vsn.mk b/lib/gs/vsn.mk
index 4894c6c13a..41a2561809 100644
--- a/lib/gs/vsn.mk
+++ b/lib/gs/vsn.mk
@@ -1,2 +1,2 @@
-GS_VSN = 1.5.14
+GS_VSN = 1.5.15
 
diff --git a/lib/hipe/cerl/cerl_hipe_primops.hrl b/lib/hipe/cerl/cerl_hipe_primops.hrl
index 36b1b62901..1d82f7bfc7 100644
--- a/lib/hipe/cerl/cerl_hipe_primops.hrl
+++ b/lib/hipe/cerl/cerl_hipe_primops.hrl
@@ -59,7 +59,6 @@
 -define(PRIMOP_IS_ATOM, 'is_atom').		% arity 1
 -define(PRIMOP_IS_BIGNUM, 'is_bignum').		% arity 1
 -define(PRIMOP_IS_BINARY, 'is_binary').		% arity 1
--define(PRIMOP_IS_CONSTANT, 'is_constant').	% arity 1
 -define(PRIMOP_IS_FIXNUM, 'is_fixnum').		% arity 1
 -define(PRIMOP_IS_FLOAT, 'is_float').		% arity 1
 -define(PRIMOP_IS_FUNCTION, 'is_function').	% arity 1
diff --git a/lib/hipe/cerl/cerl_hipeify.erl b/lib/hipe/cerl/cerl_hipeify.erl
index 8f6c3561c9..89b4ec147d 100644
--- a/lib/hipe/cerl/cerl_hipeify.erl
+++ b/lib/hipe/cerl/cerl_hipeify.erl
@@ -392,7 +392,6 @@ call_to_primop(erlang, '=<', 2) -> {yes, ?PRIMOP_LE};
 call_to_primop(erlang, '>=', 2) -> {yes, ?PRIMOP_GE};
 call_to_primop(erlang, is_atom, 1) -> {yes, ?PRIMOP_IS_ATOM};
 call_to_primop(erlang, is_binary, 1) -> {yes, ?PRIMOP_IS_BINARY};
-call_to_primop(erlang, is_constant, 1) -> {yes, ?PRIMOP_IS_CONSTANT};
 call_to_primop(erlang, is_float, 1) -> {yes, ?PRIMOP_IS_FLOAT};
 call_to_primop(erlang, is_function, 1) -> {yes, ?PRIMOP_IS_FUNCTION};
 call_to_primop(erlang, is_integer, 1) -> {yes, ?PRIMOP_IS_INTEGER};
diff --git a/lib/hipe/cerl/cerl_messagean.erl b/lib/hipe/cerl/cerl_messagean.erl
index 6dd93adaa3..b9f82f2a43 100644
--- a/lib/hipe/cerl/cerl_messagean.erl
+++ b/lib/hipe/cerl/cerl_messagean.erl
@@ -1083,7 +1083,6 @@ is_imm_op(erlang, is_alive, 0) -> true;
 is_imm_op(erlang, is_atom, 1) -> true;
 is_imm_op(erlang, is_binary, 1) -> true;
 is_imm_op(erlang, is_builtin, 3) -> true;
-is_imm_op(erlang, is_constant, 1) -> true;
 is_imm_op(erlang, is_float, 1) -> true;
 is_imm_op(erlang, is_function, 1) -> true;
 is_imm_op(erlang, is_integer, 1) -> true;
diff --git a/lib/hipe/cerl/cerl_to_icode.erl b/lib/hipe/cerl/cerl_to_icode.erl
index 362c427cbe..089e3f021e 100644
--- a/lib/hipe/cerl/cerl_to_icode.erl
+++ b/lib/hipe/cerl/cerl_to_icode.erl
@@ -88,7 +88,6 @@
 -define(TYPE_IS_ATOM, atom).
 -define(TYPE_IS_BIGNUM, bignum).
 -define(TYPE_IS_BINARY, binary).
--define(TYPE_IS_CONSTANT, constant).
 -define(TYPE_IS_FIXNUM, fixnum).
 -define(TYPE_IS_FLOAT, float).
 -define(TYPE_IS_FUNCTION, function).
@@ -2051,7 +2050,6 @@ is_record_test(T, A, N, True, False, Ctxt, Env, S) ->
 type_test(?PRIMOP_IS_ATOM) -> ?TYPE_IS_ATOM;
 type_test(?PRIMOP_IS_BIGNUM) -> ?TYPE_IS_BIGNUM;
 type_test(?PRIMOP_IS_BINARY) -> ?TYPE_IS_BINARY;
-type_test(?PRIMOP_IS_CONSTANT) -> ?TYPE_IS_CONSTANT;
 type_test(?PRIMOP_IS_FIXNUM) -> ?TYPE_IS_FIXNUM;
 type_test(?PRIMOP_IS_FLOAT) -> ?TYPE_IS_FLOAT;
 type_test(?PRIMOP_IS_FUNCTION) -> ?TYPE_IS_FUNCTION;
@@ -2082,7 +2080,6 @@ is_bool_op(Op, A) when is_atom(Op), is_integer(A) -> false.
 is_type_test(?PRIMOP_IS_ATOM, 1) -> true;
 is_type_test(?PRIMOP_IS_BIGNUM, 1) -> true;
 is_type_test(?PRIMOP_IS_BINARY, 1) -> true;
-is_type_test(?PRIMOP_IS_CONSTANT, 1) -> true;
 is_type_test(?PRIMOP_IS_FIXNUM, 1) -> true;
 is_type_test(?PRIMOP_IS_FLOAT, 1) -> true;
 is_type_test(?PRIMOP_IS_FUNCTION, 1) -> true;
diff --git a/lib/hipe/cerl/erl_bif_types.erl b/lib/hipe/cerl/erl_bif_types.erl
index 1483b2aee1..845df0ca61 100644
--- a/lib/hipe/cerl/erl_bif_types.erl
+++ b/lib/hipe/cerl/erl_bif_types.erl
@@ -54,7 +54,6 @@
 		    t_cons/2,
 		    t_cons_hd/1,
 		    t_cons_tl/1,
-		    t_constant/0,
 		    t_fixnum/0,
 		    t_non_neg_fixnum/0,
 		    t_pos_fixnum/0,
@@ -81,7 +80,6 @@
 		    t_is_bitstr/1,
 		    t_is_boolean/1,
 		    t_is_cons/1,
-		    t_is_constant/1,
 		    t_is_float/1,
 		    t_is_float/1,
 		    t_is_fun/1,
@@ -845,11 +843,6 @@ type(erlang, is_boolean, 1, Xs) ->
   strict(arg_types(erlang, is_boolean, 1), Xs, Fun);
 type(erlang, is_builtin, 3, Xs) ->
   strict(arg_types(erlang, is_builtin, 3), Xs, fun (_) -> t_boolean() end);
-type(erlang, is_constant, 1, Xs) ->
-  Fun = fun (X) ->
-	    check_guard(X, fun (Y) -> t_is_constant(Y) end, t_constant())
-	end,
-  strict(arg_types(erlang, is_constant, 1), Xs, Fun);
 type(erlang, is_float, 1, Xs) ->
   Fun = fun (X) ->
 	    check_guard(X, fun (Y) -> t_is_float(Y) end, t_float())
@@ -1202,11 +1195,13 @@ type(erlang, process_flag, 2, Xs) ->
 		 case t_atom_vals(Flag) of
 		   ['error_handler'] -> t_atom();
 		   ['min_heap_size'] -> t_non_neg_integer();
+                   ['min_bin_vheap_size'] -> t_non_neg_integer();
 		   ['scheduler'] -> t_non_neg_integer();
 		   ['monitor_nodes'] -> t_boolean();
 		   ['priority'] -> t_process_priority_level();
 		   ['save_calls'] -> t_non_neg_integer();
 		   ['trap_exit'] -> t_boolean();
+                   ['sensitive'] -> t_boolean();
 		   List when is_list(List) ->
 		     T_process_flag_returns;
 		   unknown ->
@@ -1321,6 +1316,9 @@ type(erlang, resume_process, 1, Xs) ->
 	 fun (_) -> t_any() end); %% TODO: overapproximation -- fix this
 type(erlang, round, 1, Xs) ->
   strict(arg_types(erlang, round, 1), Xs, fun (_) -> t_integer() end);
+type(erlang, posixtime_to_universaltime, 1, Xs) ->
+  strict(arg_types(erlang, posixtime_to_universaltime, 1), Xs, 
+	 fun(_) ->  t_tuple([t_date(), t_time()]) end);
 type(erlang, self, 0, _) -> t_pid();
 type(erlang, send, 2, Xs) -> type(erlang, '!', 2, Xs);  % alias
 type(erlang, send, 3, Xs) ->
@@ -1500,6 +1498,8 @@ type(erlang, system_flag, 2, Xs) ->
 		     t_non_neg_fixnum();
 		   ['min_heap_size'] ->
 		     t_non_neg_fixnum();
+		   ['min_bin_vheap_size'] ->
+		     t_non_neg_fixnum();
 		   ['multi_scheduling'] ->
 		     t_system_multi_scheduling();
 		   ['schedulers_online'] ->
@@ -1543,8 +1543,12 @@ type(erlang, system_info, 1, Xs) ->
 			      t_list(t_tuple([t_atom(),
 					      t_list(t_tuple([t_atom(),
 							      t_any()]))]))]);
+		   ['build_type'] ->
+                     t_system_build_type_return();
 		   ['break_ignored'] ->
 		     t_boolean();
+                   ['c_compiler_used'] ->
+                     t_tuple([t_atom(), t_any()]);
 		   ['cpu_topology'] ->
 		     t_system_cpu_topology();
 		   ['compat_rel'] ->
@@ -1557,6 +1561,8 @@ type(erlang, system_info, 1, Xs) ->
 		     t_binary();
 		   ['dist_ctrl'] ->
 		     t_list(t_tuple([t_atom(), t_sup([t_pid(), t_port])]));
+                   ['driver_version'] ->
+                     t_string();
 		   %% elib_malloc is intentionally not included,
 		   %% because it scheduled for removal in R15.
 		   ['endian'] ->
@@ -1570,7 +1576,9 @@ type(erlang, system_info, 1, Xs) ->
 		   ['heap_sizes'] ->
 		     t_list(t_integer());
 		   ['heap_type'] ->
-		     t_sup([t_atom('private'), t_atom('hybrid')]);
+		     t_sup([t_atom('private'),
+                            t_atom('shared'),
+                            t_atom('hybrid')]);
 		   ['hipe_architecture'] ->
 		     t_atoms(['amd64', 'arm', 'powerpc', 'ppc64',
 			      'undefined', 'ultrasparc', 'x86']);
@@ -1578,12 +1586,20 @@ type(erlang, system_info, 1, Xs) ->
 		     t_binary();
 		   ['internal_cpu_topology'] -> %% Undocumented internal feature
 		     t_internal_cpu_topology();
+                   ['kernel_poll'] ->
+                     t_boolean();
 		   ['loaded'] ->
 		     t_binary();
 		   ['logical_processors'] ->
 		     t_non_neg_fixnum();
 		   ['machine'] ->
 		     t_string();
+                   ['min_heap_size'] ->
+                     t_tuple([t_atom('min_heap_size'),
+                              t_non_neg_integer()]);
+                   ['min_bin_vheap_size'] ->
+                     t_tuple([t_atom('min_bin_vheap_size'),
+                              t_non_neg_integer()]);
 		   ['multi_scheduling'] ->
 		     t_system_multi_scheduling();
 		   ['multi_scheduling_blockers'] ->
@@ -1598,6 +1614,8 @@ type(erlang, system_info, 1, Xs) ->
 				    t_non_neg_fixnum(),
 				    t_non_neg_fixnum()]),
 			   t_string());
+                   ['otp_release'] ->
+                     t_string();
 		   ['process_count'] ->
 		     t_non_neg_fixnum();
 		   ['process_limit'] ->
@@ -1627,6 +1645,8 @@ type(erlang, system_info, 1, Xs) ->
 		     t_non_neg_fixnum();
 		   ['trace_control_word'] ->
 		     t_integer();
+                   ['update_cpu_info'] ->
+                     t_sup([t_atom('changed'), t_atom('unchanged')]);
 		   ['version'] ->
 		     t_string();
 		   ['wordsize'] ->
@@ -1717,6 +1737,9 @@ type(erlang, universaltime, 0, _) ->
 type(erlang, universaltime_to_localtime, 1, Xs) ->
   strict(arg_types(erlang, universaltime_to_localtime, 1), Xs,
 	 fun ([T]) -> T end);
+type(erlang, universaltime_to_posixtime, 1, Xs) ->
+  strict(arg_types(erlang, universaltime_to_posixtime,1), Xs,
+	 fun(_) -> t_integer() end);
 type(erlang, unlink, 1, Xs) ->
   strict(arg_types(erlang, unlink, 1), Xs, fun (_) -> t_atom('true') end);
 type(erlang, unregister, 1, Xs) ->
@@ -3561,8 +3584,6 @@ arg_types(erlang, is_boolean, 1) ->
   [t_any()];
 arg_types(erlang, is_builtin, 3) ->
   [t_atom(), t_atom(), t_arity()];
-arg_types(erlang, is_constant, 1) ->
-  [t_any()];
 arg_types(erlang, is_float, 1) ->
   [t_any()];
 arg_types(erlang, is_function, 1) ->
@@ -3741,8 +3762,13 @@ arg_types(erlang, pre_loaded, 0) ->
 arg_types(erlang, process_display, 2) ->
   [t_pid(), t_atom('backtrace')];
 arg_types(erlang, process_flag, 2) ->
-  [t_sup([t_atom('trap_exit'), t_atom('error_handler'),
-	  t_atom('min_heap_size'), t_atom('priority'), t_atom('save_calls'),
+  [t_sup([t_atom('trap_exit'),
+          t_atom('error_handler'),
+	  t_atom('min_heap_size'),
+          t_atom('min_bin_vheap_size'),
+          t_atom('priority'),
+          t_atom('save_calls'),
+          t_atom('sensitive'),
 	  t_atom('scheduler'),                             % undocumented
 	  t_atom('monitor_nodes'), 			  % undocumented
 	  t_tuple([t_atom('monitor_nodes'), t_list()])]), % undocumented
@@ -3776,6 +3802,8 @@ arg_types(erlang, resume_process, 1) ->
   [t_pid()]; % intended for debugging only
 arg_types(erlang, round, 1) ->
   [t_number()];
+arg_types(erlang, posixtime_to_universaltime, 1) ->
+  [t_integer()];
 arg_types(erlang, self, 0) ->
   [];
 arg_types(erlang, send, 2) ->
@@ -3853,6 +3881,7 @@ arg_types(erlang, system_flag, 2) ->
 	  t_atom('display_items'),	% undocumented
 	  t_atom('fullsweep_after'),
 	  t_atom('min_heap_size'),
+	  t_atom('min_bin_vheap_size'),
 	  t_atom('multi_scheduling'),
 	  t_atom('schedulers_online'),
 	  t_atom('scheduler_bind_type'),
@@ -3881,7 +3910,8 @@ arg_types(erlang, system_flag, 2) ->
 arg_types(erlang, system_info, 1) ->
   [t_sup([t_atom(),                     % documented
 	  t_tuple([t_atom(), t_any()]), % documented
-	  t_tuple([t_atom(), t_atom(), t_any()])])];
+	  t_tuple([t_atom(), t_atom(), t_any()]),
+	  t_tuple([t_atom(allocator_sizes), t_reference(), t_any()])])];
 arg_types(erlang, system_monitor, 0) ->
   [];
 arg_types(erlang, system_monitor, 1) ->
@@ -3941,6 +3971,8 @@ arg_types(erlang, universaltime, 0) ->
   [];
 arg_types(erlang, universaltime_to_localtime, 1) ->
   [t_tuple([t_date(), t_time()])];
+arg_types(erlang, universaltime_to_posixtime, 1) ->
+  [t_tuple([t_date(), t_time()])];
 arg_types(erlang, unlink, 1) ->
   [t_sup(t_pid(), t_port())];
 arg_types(erlang, unregister, 1) ->
@@ -4722,6 +4754,7 @@ t_spawn_options() ->
 	 t_atom('monitor'),
 	 t_tuple([t_atom('priority'), t_process_priority_level()]),
 	 t_tuple([t_atom('min_heap_size'), t_fixnum()]),
+	 t_tuple([t_atom('min_bin_vheap_size'), t_fixnum()]),
 	 t_tuple([t_atom('fullsweep_after'), t_fixnum()])]).
 
 t_spawn_opt_return(List) ->
@@ -4810,6 +4843,17 @@ t_system_profile_return() ->
   t_sup(t_atom('undefined'),
 	t_tuple([t_sup(t_pid(), t_port()), t_system_profile_options()])).
 
+t_system_build_type_return() ->
+  t_sup([t_atom('opt'),
+         t_atom('debug'),
+         t_atom('purify'),
+         t_atom('quantify'),
+         t_atom('purecov'),
+         t_atom('gcov'),
+         t_atom('valgrind'),
+         t_atom('gprof'),
+         t_atom('lcnt')]).
+
 %% =====================================================================
 %% These are used for the built-in functions of 'ets'
 %% =====================================================================
diff --git a/lib/hipe/cerl/erl_types.erl b/lib/hipe/cerl/erl_types.erl
index 0ff827ac37..620fed365e 100644
--- a/lib/hipe/cerl/erl_types.erl
+++ b/lib/hipe/cerl/erl_types.erl
@@ -2528,34 +2528,77 @@ findfirst(N1, N2, U1, B1, U2, B2) ->
 %%-----------------------------------------------------------------------------
 %% Substitution of variables
 %%
+%% Dialyzer versions prior to R15B used a dict data structure to map variables
+%% to types. Hans Bolinder suggested the use of lists of Key-Value pairs for
+%% this data structure and measurements showed a non-trivial speedup when using
+%% them for operations within this module (e.g. in t_unify/2). However, there
+%% is code outside erl_types that still passes a dict() in the 2nd argument.
+%% So, for the time being, this module provides a t_subst/2 function for these
+%% external calls and a clone of it (t_subst_kv/2) which is used from all calls
+%% from within this module. This code duplication needs to be eliminated at
+%% some point.
 
 -spec t_subst(erl_type(), dict()) -> erl_type().
 
 t_subst(T, Dict) ->
   case t_has_var(T) of
-    true -> t_subst(T, Dict, fun(X) -> X end);
+    true -> t_subst_dict(T, Dict);
     false -> T
   end.
 
+t_subst_dict(?var(Id), Dict) ->
+  case dict:find(Id, Dict) of
+    error -> ?any;
+    {ok, Type} -> Type
+  end;
+t_subst_dict(?list(Contents, Termination, Size), Dict) ->
+  case t_subst_dict(Contents, Dict) of
+    ?none -> ?none;
+    NewContents ->
+      %% Be careful here to make the termination collapse if necessary.
+      case t_subst_dict(Termination, Dict) of
+	?nil -> ?list(NewContents, ?nil, Size);
+	?any -> ?list(NewContents, ?any, Size);
+	Other ->
+	  ?list(NewContents, NewTermination, _) = t_cons(NewContents, Other),
+	  ?list(NewContents, NewTermination, Size)
+      end
+  end;
+t_subst_dict(?function(Domain, Range), Dict) ->
+  ?function(t_subst_dict(Domain, Dict), t_subst_dict(Range, Dict));
+t_subst_dict(?product(Types), Dict) ->
+  ?product([t_subst_dict(T, Dict) || T <- Types]);
+t_subst_dict(?tuple(?any, ?any, ?any) = T, _Dict) ->
+  T;
+t_subst_dict(?tuple(Elements, _Arity, _Tag), Dict) ->
+  t_tuple([t_subst_dict(E, Dict) || E <- Elements]);
+t_subst_dict(?tuple_set(_) = TS, Dict) ->
+  t_sup([t_subst_dict(T, Dict) || T <- t_tuple_subtypes(TS)]);
+t_subst_dict(T, _Dict) ->
+  T.
+
 -spec subst_all_vars_to_any(erl_type()) -> erl_type().
 
 subst_all_vars_to_any(T) ->
+  t_subst_kv(T, []).
+
+t_subst_kv(T, KVMap) ->
   case t_has_var(T) of
-    true -> t_subst(T, dict:new(), fun(_) -> ?any end);
+    true -> t_subst_aux(T, KVMap);
     false -> T
   end.
 
-t_subst(?var(Id) = V, Dict, Fun) ->
-  case dict:find(Id, Dict) of
-    error -> Fun(V);
-    {ok, Type} -> Type
+t_subst_aux(?var(Id), VarMap) ->
+  case lists:keyfind(Id, 1, VarMap) of
+    false -> ?any;
+    {Id, Type} -> Type
   end;
-t_subst(?list(Contents, Termination, Size), Dict, Fun) ->
-  case t_subst(Contents, Dict, Fun) of
+t_subst_aux(?list(Contents, Termination, Size), VarMap) ->
+  case t_subst_aux(Contents, VarMap) of
     ?none -> ?none;
     NewContents ->
       %% Be careful here to make the termination collapse if necessary.
-      case t_subst(Termination, Dict, Fun) of
+      case t_subst_aux(Termination, VarMap) of
 	?nil -> ?list(NewContents, ?nil, Size);
 	?any -> ?list(NewContents, ?any, Size);
 	Other ->
@@ -2563,17 +2606,17 @@ t_subst(?list(Contents, Termination, Size), Dict, Fun) ->
 	  ?list(NewContents, NewTermination, Size)
       end
   end;
-t_subst(?function(Domain, Range), Dict, Fun) ->
-  ?function(t_subst(Domain, Dict, Fun), t_subst(Range, Dict, Fun));
-t_subst(?product(Types), Dict, Fun) -> 
-  ?product([t_subst(T, Dict, Fun) || T <- Types]);
-t_subst(?tuple(?any, ?any, ?any) = T, _Dict, _Fun) ->
+t_subst_aux(?function(Domain, Range), VarMap) ->
+  ?function(t_subst_aux(Domain, VarMap), t_subst_aux(Range, VarMap));
+t_subst_aux(?product(Types), VarMap) ->
+  ?product([t_subst_aux(T, VarMap) || T <- Types]);
+t_subst_aux(?tuple(?any, ?any, ?any) = T, _VarMap) ->
   T;
-t_subst(?tuple(Elements, _Arity, _Tag), Dict, Fun) ->
-  t_tuple([t_subst(E, Dict, Fun) || E <- Elements]);
-t_subst(?tuple_set(_) = TS, Dict, Fun) ->
-  t_sup([t_subst(T, Dict, Fun) || T <- t_tuple_subtypes(TS)]);
-t_subst(T, _Dict, _Fun) -> 
+t_subst_aux(?tuple(Elements, _Arity, _Tag), VarMap) ->
+  t_tuple([t_subst_aux(E, VarMap) || E <- Elements]);
+t_subst_aux(?tuple_set(_) = TS, VarMap) ->
+  t_sup([t_subst_aux(T, VarMap) || T <- t_tuple_subtypes(TS)]);
+t_subst_aux(T, _VarMap) ->
   T.
 	      
 %%-----------------------------------------------------------------------------
@@ -2590,87 +2633,87 @@ t_unify(T1, T2) ->
 -spec t_unify(erl_type(), erl_type(), [erl_type()]) -> t_unify_ret().
 
 t_unify(T1, T2, Opaques) ->
-  {T, Dict} = t_unify(T1, T2, dict:new(), Opaques),
-  {t_subst(T, Dict), lists:keysort(1, dict:to_list(Dict))}.
-
-t_unify(?var(Id) = T, ?var(Id), Dict, _Opaques) ->
-  {T, Dict};
-t_unify(?var(Id1) = T, ?var(Id2), Dict, Opaques) ->
-  case dict:find(Id1, Dict) of
-    error -> 
-      case dict:find(Id2, Dict) of
-	error -> {T, dict:store(Id2, T, Dict)};
-	{ok, Type} -> t_unify(T, Type, Dict, Opaques)
+  {T, VarMap} = t_unify(T1, T2, [], Opaques),
+  {t_subst_kv(T, VarMap), lists:keysort(1, VarMap)}.
+
+t_unify(?var(Id) = T, ?var(Id), VarMap, _Opaques) ->
+  {T, VarMap};
+t_unify(?var(Id1) = T, ?var(Id2), VarMap, Opaques) ->
+  case lists:keyfind(Id1, 1, VarMap) of
+    false ->
+      case lists:keyfind(Id2, 1, VarMap) of
+	false -> {T, [{Id2, T} | VarMap]};
+	{Id2, Type} -> t_unify(T, Type, VarMap, Opaques)
       end;
-    {ok, Type1} ->
-      case dict:find(Id2, Dict) of
-	error -> {Type1, dict:store(Id2, T, Dict)};
-	{ok, Type2} -> t_unify(Type1, Type2, Dict, Opaques)
+    {Id1, Type1} ->
+      case lists:keyfind(Id2, 1, VarMap) of
+	false -> {Type1, [{Id2, T} | VarMap]};
+	{Id2, Type2} -> t_unify(Type1, Type2, VarMap, Opaques)
       end
   end;
-t_unify(?var(Id), Type, Dict, Opaques) ->
-  case dict:find(Id, Dict) of
-    error -> {Type, dict:store(Id, Type, Dict)};
-    {ok, VarType} -> t_unify(VarType, Type, Dict, Opaques)
+t_unify(?var(Id), Type, VarMap, Opaques) ->
+  case lists:keyfind(Id, 1, VarMap) of
+    false -> {Type, [{Id, Type} | VarMap]};
+    {Id, VarType} -> t_unify(VarType, Type, VarMap, Opaques)
   end;
-t_unify(Type, ?var(Id), Dict, Opaques) ->
-  case dict:find(Id, Dict) of
-    error -> {Type, dict:store(Id, Type, Dict)};
-    {ok, VarType} -> t_unify(VarType, Type, Dict, Opaques)
+t_unify(Type, ?var(Id), VarMap, Opaques) ->
+  case lists:keyfind(Id, 1, VarMap) of
+    false -> {Type, [{Id, Type} | VarMap]};
+    {Id, VarType} -> t_unify(VarType, Type, VarMap, Opaques)
   end;
-t_unify(?function(Domain1, Range1), ?function(Domain2, Range2), Dict, Opaques) ->
-  {Domain, Dict1} = t_unify(Domain1, Domain2, Dict, Opaques),
-  {Range, Dict2} = t_unify(Range1, Range2, Dict1, Opaques),
-  {?function(Domain, Range), Dict2};
+t_unify(?function(Domain1, Range1), ?function(Domain2, Range2), VarMap, Opaques) ->
+  {Domain, VarMap1} = t_unify(Domain1, Domain2, VarMap, Opaques),
+  {Range, VarMap2} = t_unify(Range1, Range2, VarMap1, Opaques),
+  {?function(Domain, Range), VarMap2};
 t_unify(?list(Contents1, Termination1, Size), 
-	?list(Contents2, Termination2, Size), Dict, Opaques) ->
-  {Contents, Dict1} = t_unify(Contents1, Contents2, Dict, Opaques),
-  {Termination, Dict2} = t_unify(Termination1, Termination2, Dict1, Opaques),
-  {?list(Contents, Termination, Size), Dict2};
-t_unify(?product(Types1), ?product(Types2), Dict, Opaques) ->
-  {Types, Dict1} = unify_lists(Types1, Types2, Dict, Opaques),
-  {?product(Types), Dict1};
-t_unify(?tuple(?any, ?any, ?any) = T, ?tuple(?any, ?any, ?any), Dict, _Opaques) ->
-  {T, Dict};
+	?list(Contents2, Termination2, Size), VarMap, Opaques) ->
+  {Contents, VarMap1} = t_unify(Contents1, Contents2, VarMap, Opaques),
+  {Termination, VarMap2} = t_unify(Termination1, Termination2, VarMap1, Opaques),
+  {?list(Contents, Termination, Size), VarMap2};
+t_unify(?product(Types1), ?product(Types2), VarMap, Opaques) ->
+  {Types, VarMap1} = unify_lists(Types1, Types2, VarMap, Opaques),
+  {?product(Types), VarMap1};
+t_unify(?tuple(?any, ?any, ?any) = T, ?tuple(?any, ?any, ?any), VarMap, _Opaques) ->
+  {T, VarMap};
 t_unify(?tuple(Elements1, Arity, _), 
-	?tuple(Elements2, Arity, _), Dict, Opaques) when Arity =/= ?any ->
-  {NewElements, Dict1} = unify_lists(Elements1, Elements2, Dict, Opaques),
-  {t_tuple(NewElements), Dict1};
+	?tuple(Elements2, Arity, _), VarMap, Opaques) when Arity =/= ?any ->
+  {NewElements, VarMap1} = unify_lists(Elements1, Elements2, VarMap, Opaques),
+  {t_tuple(NewElements), VarMap1};
 t_unify(?tuple_set([{Arity, _}]) = T1, 
-	?tuple(_, Arity, _) = T2, Dict, Opaques) when Arity =/= ?any ->
-  unify_tuple_set_and_tuple(T1, T2, Dict, Opaques);
+	?tuple(_, Arity, _) = T2, VarMap, Opaques) when Arity =/= ?any ->
+  unify_tuple_set_and_tuple(T1, T2, VarMap, Opaques);
 t_unify(?tuple(_, Arity, _) = T1,
-	?tuple_set([{Arity, _}]) = T2, Dict, Opaques) when Arity =/= ?any ->
-  unify_tuple_set_and_tuple(T2, T1, Dict, Opaques);
-t_unify(?tuple_set(List1), ?tuple_set(List2), Dict, Opaques) ->
-  {Tuples, NewDict} = 
+	?tuple_set([{Arity, _}]) = T2, VarMap, Opaques) when Arity =/= ?any ->
+  unify_tuple_set_and_tuple(T2, T1, VarMap, Opaques);
+t_unify(?tuple_set(List1), ?tuple_set(List2), VarMap, Opaques) ->
+  {Tuples, NewVarMap} =
     unify_lists(lists:append([T || {_Arity, T} <- List1]), 
-		lists:append([T || {_Arity, T} <- List2]), Dict, Opaques),
-  {t_sup(Tuples), NewDict};
-t_unify(?opaque(Elements) = T, ?opaque(Elements), Dict, _Opaques) ->
-  {T, Dict};
-t_unify(?opaque(_) = T1, ?opaque(_) = T2, _Dict, _Opaques) ->
+		lists:append([T || {_Arity, T} <- List2]), VarMap, Opaques),
+  {t_sup(Tuples), NewVarMap};
+t_unify(?opaque(Elements) = T, ?opaque(Elements), VarMap, _Opaques) ->
+  {T, VarMap};
+t_unify(?opaque(_) = T1, ?opaque(_) = T2, _VarMap, _Opaques) ->
   throw({mismatch, T1, T2});
-t_unify(Type, ?opaque(_) = OpType, Dict, Opaques) ->
-  t_unify_with_opaque(Type, OpType, Dict, Opaques);
-t_unify(?opaque(_) = OpType, Type, Dict, Opaques) ->
-  t_unify_with_opaque(Type, OpType, Dict, Opaques);
-t_unify(T, T, Dict, _Opaques) ->
-  {T, Dict};
+t_unify(Type, ?opaque(_) = OpType, VarMap, Opaques) ->
+  t_unify_with_opaque(Type, OpType, VarMap, Opaques);
+t_unify(?opaque(_) = OpType, Type, VarMap, Opaques) ->
+  t_unify_with_opaque(Type, OpType, VarMap, Opaques);
+t_unify(T, T, VarMap, _Opaques) ->
+  {T, VarMap};
 t_unify(T1, T2, _, _) ->
   throw({mismatch, T1, T2}).
 
-t_unify_with_opaque(Type, OpType, Dict, Opaques) ->
+t_unify_with_opaque(Type, OpType, VarMap, Opaques) ->
   case lists:member(OpType, Opaques) of
     true ->
       Struct = t_opaque_structure(OpType),
-      try t_unify(Type, Struct, Dict, Opaques) of
-	{_T, Dict1} -> {OpType, Dict1}
+      try t_unify(Type, Struct, VarMap, Opaques) of
+	{_T, VarMap1} -> {OpType, VarMap1}
       catch
 	throw:{mismatch, _T1, _T2} ->
 	  case t_inf(OpType, Type, opaque) of
 	    ?none -> throw({mismatch, Type, OpType});
-	    _ -> {OpType, Dict}
+	    _ -> {OpType, VarMap}
 	  end
       end;
     false ->
@@ -2678,20 +2721,20 @@ t_unify_with_opaque(Type, OpType, Dict, Opaques) ->
   end.
 
 unify_tuple_set_and_tuple(?tuple_set([{Arity, List}]), 
-			  ?tuple(Elements2, Arity, _), Dict, Opaques) ->
+			  ?tuple(Elements2, Arity, _), VarMap, Opaques) ->
   %% Can only work if the single tuple has variables at correct places.
   %% Collapse the tuple set.
-  {NewElements, Dict1} = unify_lists(sup_tuple_elements(List), Elements2, Dict, Opaques),
-  {t_tuple(NewElements), Dict1}.
+  {NewElements, VarMap1} = unify_lists(sup_tuple_elements(List), Elements2, VarMap, Opaques),
+  {t_tuple(NewElements), VarMap1}.
 
-unify_lists(L1, L2, Dict, Opaques) ->
-  unify_lists(L1, L2, Dict, [], Opaques).
+unify_lists(L1, L2, VarMap, Opaques) ->
+  unify_lists(L1, L2, VarMap, [], Opaques).
 
-unify_lists([T1|Left1], [T2|Left2], Dict, Acc, Opaques) ->
-  {NewT, NewDict} = t_unify(T1, T2, Dict, Opaques),
-  unify_lists(Left1, Left2, NewDict, [NewT|Acc], Opaques);
-unify_lists([], [], Dict, Acc, _Opaques) ->
-  {lists:reverse(Acc), Dict}.
+unify_lists([T1|Left1], [T2|Left2], VarMap, Acc, Opaques) ->
+  {NewT, NewVarMap} = t_unify(T1, T2, VarMap, Opaques),
+  unify_lists(Left1, Left2, NewVarMap, [NewT|Acc], Opaques);
+unify_lists([], [], VarMap, Acc, _Opaques) ->
+  {lists:reverse(Acc), VarMap}.
 
 %%t_assign_variables_to_subtype(T1, T2) ->
 %%  try 
diff --git a/lib/hipe/doc/src/notes.xml b/lib/hipe/doc/src/notes.xml
index 6b601e3039..3f28cf9959 100644
--- a/lib/hipe/doc/src/notes.xml
+++ b/lib/hipe/doc/src/notes.xml
@@ -30,6 +30,83 @@
   </header>
   <p>This document describes the changes made to HiPE.</p>
 
+<section><title>Hipe 3.9</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    <list> <item><p>No warnings for underspecs with remote
+	    types</p></item> <item><p> Fix crash in Typer</p></item>
+	    <item><p>Fix Dialyzer's warning for its own
+	    code</p></item> <item><p>Fix Dialyzer's warnings in
+	    HiPE</p></item> <item><p>Add file/line info in a
+	    particular Dialyzer crash</p></item> <item><p>Update
+	    inets test results</p></item> </list></p>
+          <p>
+	    Own Id: OTP-9758</p>
+        </item>
+        <item>
+          <p>
+	    <list> <item><p>Correct callback spec in application
+	    module</p></item> <item><p>Refine warning about callback
+	    specs with extra ranges</p></item> <item><p>Cleanup
+	    autoimport compiler directives</p></item> <item><p>Fix
+	    Dialyzer's warnings in typer</p></item> <item><p>Fix
+	    Dialyzer's warning for its own code</p></item>
+	    <item><p>Fix bug in Dialyzer's behaviours
+	    analysis</p></item> <item><p>Fix crash in
+	    Dialyzer</p></item> <item><p>Variable substitution was
+	    not generalizing any unknown variables.</p></item>
+	    </list></p>
+          <p>
+	    Own Id: OTP-9776</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Possible to run HiPE without floating point exceptions
+	    (FPE). Useful on platforms that lack reliable FPE. Slower
+	    float operations compared to HiPE with FPE.</p>
+          <p>
+	    Own Id: OTP-9724</p>
+        </item>
+        <item>
+          <p>
+	    HiPE compiler: The possibility to compile and load
+	    selected functions from a module has been removed.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9751</p>
+        </item>
+        <item>
+          <p>
+	    <c>filename:find_src/1,2</c> will now work on stripped
+	    BEAM files (reported by Per Hedeland). The HiPE compiler
+	    will also work on stripped BEAM files. The BEAM compiler
+	    will no longer include compilation options given in the
+	    source code itself in <c>M:module_info(compile)</c>
+	    (because those options will be applied anyway if the
+	    module is re-compiled).</p>
+          <p>
+	    Own Id: OTP-9752</p>
+        </item>
+        <item>
+	    <p> Optimize <c>erl_types:t_unify()</c>. </p>
+          <p>
+	    Own Id: OTP-9768</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Hipe 3.8.1</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/hipe/flow/Makefile b/lib/hipe/flow/Makefile
index 02f610587b..bbe8ef8666 100644
--- a/lib/hipe/flow/Makefile
+++ b/lib/hipe/flow/Makefile
@@ -65,7 +65,7 @@ DOC_FILES= $(MODULES:%=$(DOCS)/%.html)
 
 include ../native.mk
 
-ERL_COMPILE_FLAGS += +warn_exported_vars +warn_missing_spec +warn_untyped_record
+ERL_COMPILE_FLAGS += +warn_exported_vars +warn_missing_spec # +warn_untyped_record
 
 # ----------------------------------------------------
 # Targets
diff --git a/lib/hipe/icode/Makefile b/lib/hipe/icode/Makefile
index eced90b0ec..bd6436c8b3 100644
--- a/lib/hipe/icode/Makefile
+++ b/lib/hipe/icode/Makefile
@@ -83,7 +83,7 @@ DOC_FILES= $(DOC_MODULES:%=$(DOCS)/%.html)
 
 include ../native.mk
 
-ERL_COMPILE_FLAGS += +warn_unused_import +warn_missing_spec +warn_untyped_record
+ERL_COMPILE_FLAGS += +warn_unused_import +warn_missing_spec # +warn_untyped_record
 
 # ----------------------------------------------------
 # Targets
diff --git a/lib/hipe/icode/hipe_beam_to_icode.erl b/lib/hipe/icode/hipe_beam_to_icode.erl
index 45b390acbd..2d2b414a70 100644
--- a/lib/hipe/icode/hipe_beam_to_icode.erl
+++ b/lib/hipe/icode/hipe_beam_to_icode.erl
@@ -31,7 +31,7 @@
 
 -module(hipe_beam_to_icode).
 
--export([module/2, mfa/3]).
+-export([module/2]).
 
 %%-----------------------------------------------------------------------
 
@@ -111,55 +111,6 @@ trans_beam_function_chunk(FunBeamCode, ClosureInfo) ->
   {MFA,Icode}.
 
 %%-----------------------------------------------------------------------
-%% @doc
-%% Translates the BEAM code of a single function into Icode.
-%%   Returns a tuple whose first argument is list of {{M,F,A}, ICode}
-%%   pairs, where the first entry is that of the given MFA, and the
-%%   following (in undefined order) are those of the funs that are
-%%   defined in the function, and recursively, in the funs.  The
-%%   second argument of the tuple is the HiPE compiler options
-%%   contained in the file.
-%% @end
-%%-----------------------------------------------------------------------
-
--spec mfa(list(), mfa(), comp_options()) -> hipe_beam_to_icode_ret().
-
-mfa(BeamFuns, {M,F,A} = MFA, Options)
-  when is_atom(M), is_atom(F), is_integer(A) ->
-  BeamCode0 = [beam_disasm:function__code(Fn) || Fn <- BeamFuns],
-  {ModCode, ClosureInfo} = preprocess_code(BeamCode0),
-  mfa_loop([MFA], [], sets:new(), ModCode, ClosureInfo, Options).
-
-mfa_loop([{M,F,A} = MFA | MFAs], Acc, Seen, ModCode, ClosureInfo,
-	 Options) when is_atom(M), is_atom(F), is_integer(A) ->
-  case sets:is_element(MFA, Seen) of
-    true ->
-      mfa_loop(MFAs, Acc, Seen, ModCode, ClosureInfo, Options);
-    false ->
-      {Icode, FunMFAs} = mfa_get(M, F, A, ModCode, ClosureInfo, Options),
-      mfa_loop(FunMFAs ++ MFAs, [{MFA, Icode} | Acc],
-	       sets:add_element(MFA, Seen),
-	       ModCode, ClosureInfo, Options)
-  end;
-mfa_loop([], Acc, _, _, _, _) ->
-  lists:reverse(Acc).
-
-mfa_get(M, F, A, ModCode, ClosureInfo, Options) ->
-  BeamCode = get_fun(ModCode, M,F,A),
-  pp_beam([BeamCode], Options),  % cheat by using a list
-  Icode = trans_mfa_code(M,F,A, BeamCode, ClosureInfo),
-  FunMFAs = get_fun_mfas(BeamCode),
-  {Icode, FunMFAs}.
-
-get_fun_mfas([{patched_make_fun,{M,F,A} = MFA,_,_,_}|BeamCode])
-  when is_atom(M), is_atom(F), is_integer(A) ->
-  [MFA|get_fun_mfas(BeamCode)];
-get_fun_mfas([_|BeamCode]) ->
-  get_fun_mfas(BeamCode);
-get_fun_mfas([]) ->
-  [].
-
-%%-----------------------------------------------------------------------
 %% The main translation function.
 %%-----------------------------------------------------------------------
 
@@ -514,10 +465,6 @@ trans_fun([{test,is_nil,{f,Lbl},[Arg]}|Instructions], Env) ->
 trans_fun([{test,is_binary,{f,Lbl},[Arg]}|Instructions], Env) ->
   {Code,Env1} = trans_type_test(binary,Lbl,Arg,Env),
   [Code | trans_fun(Instructions,Env1)];
-%%--- is_constant ---
-trans_fun([{test,is_constant,{f,Lbl},[Arg]}|Instructions], Env) ->
-  {Code,Env1} = trans_type_test(constant,Lbl,Arg,Env),
-  [Code | trans_fun(Instructions,Env1)];
 %%--- is_list ---
 trans_fun([{test,is_list,{f,Lbl},[Arg]}|Instructions], Env) ->
   {Code,Env1} = trans_type_test(list,Lbl,Arg,Env),
@@ -1884,16 +1831,6 @@ find_mfa([{func_info,{atom,M},{atom,F},A}|_])
   when is_atom(M), is_atom(F), is_integer(A), 0 =< A, A =< 255 ->
   {M, F, A}.
 
-%%-----------------------------------------------------------------------
-
-%% Localize a particular function in a module
-get_fun([[L, {func_info,{atom,M},{atom,F},A} | Is] | _], M,F,A) ->
-  [L, {func_info,{atom,M},{atom,F},A} | Is];
-get_fun([[_L1,_L2, {func_info,{atom,M},{atom,F},A} = MFA| _Is] | _], M,F,A) ->
-  ?WARNING_MSG("Consecutive labels found; please re-create the .beam file~n", []),
-  [_L1,_L2, MFA | _Is];
-get_fun([_|Rest], M,F,A) ->
-  get_fun(Rest, M,F,A).    
 
 %%-----------------------------------------------------------------------
 %% Takes a list of arguments and returns the constants of them into
diff --git a/lib/hipe/icode/hipe_icode_coordinator.erl b/lib/hipe/icode/hipe_icode_coordinator.erl
index a71e143192..d8c82cf01c 100644
--- a/lib/hipe/icode/hipe_icode_coordinator.erl
+++ b/lib/hipe/icode/hipe_icode_coordinator.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2007-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -49,6 +49,12 @@ coordinate(CG, Escaping, NonEscaping, Mod) ->
     fun (PM) -> last_action(PM, ServerPid, Mod, All) end, 
   coordinate({Clean,All}, CG, gb_trees:empty(), Restart, LastAction, ServerPid).
 
+-type mfalists() :: {[mfa()], [mfa()]}.
+
+-spec coordinate(mfalists(), hipe_digraph:hdg(), gb_tree(),
+                 fun((mfalists(), gb_tree()) -> mfalists()),
+                 fun((gb_tree()) -> 'ok'), pid()) -> no_return().
+
 coordinate(MFALists, CG, PM, Restart, LastAction, ServerPid) ->
   case MFALists of
     {[], []} ->
@@ -106,8 +112,7 @@ last_action(PM, ServerPid, Mod, All) ->
 		    receive 
 		      {done_rewrite, MFA} -> ok
 		    end
-		end, All),
-  ok.
+		end, All).
 
 restart_funs({Queue, Busy} = QB, PM, All, ServerPid) ->
   case ?MAX_CONCURRENT - length(Busy) of
diff --git a/lib/hipe/icode/hipe_icode_inline_bifs.erl b/lib/hipe/icode/hipe_icode_inline_bifs.erl
index 27296dcad5..9a2fb7846a 100644
--- a/lib/hipe/icode/hipe_icode_inline_bifs.erl
+++ b/lib/hipe/icode/hipe_icode_inline_bifs.erl
@@ -29,7 +29,7 @@
 
 %% Currently inlined BIFs:
 %% and, or, xor, not, <, >, >=, =<, ==, /=, =/=, =:=
-%% is_atom, is_boolean, is_binary, is_constant, is_float, is_function,
+%% is_atom, is_boolean, is_binary, is_float, is_function,
 %% is_integer, is_list, is_pid, is_port, is_reference, is_tuple
 
 -module(hipe_icode_inline_bifs).
@@ -131,7 +131,6 @@ is_type_test(Name) ->
     is_boolean -> {true, boolean};
     is_function -> {true, function};	       
     is_reference -> {true, reference};
-    is_constant -> {true, constant};
     is_port -> {true, port};
     _ -> false
   end.
diff --git a/lib/hipe/icode/hipe_icode_mulret.erl b/lib/hipe/icode/hipe_icode_mulret.erl
index a6529c8519..a3cae621ab 100644
--- a/lib/hipe/icode/hipe_icode_mulret.erl
+++ b/lib/hipe/icode/hipe_icode_mulret.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2005-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -595,9 +595,9 @@ optimizeDefine([I|Code], Dsts, DstLst, Res) ->
   [Ds] = Dsts,
   case isCallPrimop(I, mktuple) andalso DstLst =:= [] of
     true ->
-      case (hipe_icode:call_dstlist(I) =:= Dsts) of
+      case hipe_icode:call_dstlist(I) =:= Dsts of
 	true ->
-	  case (hipe_icode:call_args(I) > 1) of 
+	  case length(hipe_icode:call_args(I)) > 1 of
 	    true ->
 	      optimizeDefine(Code, Dsts, hipe_icode:call_args(I), Res);
 	    false ->
diff --git a/lib/hipe/icode/hipe_icode_pp.erl b/lib/hipe/icode/hipe_icode_pp.erl
index 575bbfe43d..de29b6f779 100644
--- a/lib/hipe/icode/hipe_icode_pp.erl
+++ b/lib/hipe/icode/hipe_icode_pp.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/hipe/icode/hipe_icode_ssa.erl b/lib/hipe/icode/hipe_icode_ssa.erl
index 719d5d8f45..4607a96dda 100644
--- a/lib/hipe/icode/hipe_icode_ssa.erl
+++ b/lib/hipe/icode/hipe_icode_ssa.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/hipe/icode/hipe_icode_type.erl b/lib/hipe/icode/hipe_icode_type.erl
index 3f9488d7c3..cae4325b9e 100644
--- a/lib/hipe/icode/hipe_icode_type.erl
+++ b/lib/hipe/icode/hipe_icode_type.erl
@@ -899,9 +899,7 @@ test_type0(list, T) ->
 test_type0(cons, T) ->
   t_is_cons(T);
 test_type0(nil, T) ->
-  t_is_nil(T);
-test_type0(constant, T) ->
-  t_is_constant(T).
+  t_is_nil(T).
 
 
 true_branch_info(integer) ->
@@ -940,8 +938,6 @@ true_branch_info(nil) ->
   t_nil();
 true_branch_info(boolean) ->
   t_boolean();
-true_branch_info(constant) ->
-  t_constant();
 true_branch_info(T) ->
   exit({?MODULE,unknown_typetest,T}).
 
diff --git a/lib/hipe/main/hipe.app.src b/lib/hipe/main/hipe.app.src
index e5d6d1e540..c05aec4c4a 100644
--- a/lib/hipe/main/hipe.app.src
+++ b/lib/hipe/main/hipe.app.src
@@ -74,7 +74,6 @@
 	     hipe_arm_specific,
 	     hipe_bb,
 	     hipe_beam_to_icode,
-	     hipe_ceach,
 	     hipe_coalescing_regalloc,
 	     hipe_consttab,
 	     hipe_data_pp,
diff --git a/lib/hipe/main/hipe.erl b/lib/hipe/main/hipe.erl
index 570e4d9d17..1be679a13f 100644
--- a/lib/hipe/main/hipe.erl
+++ b/lib/hipe/main/hipe.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -47,9 +47,8 @@
 %%
 %% <h3>Using the direct interface - for advanced users only</h3>
 %%
-%% To compile a module or a specific function to native code and
-%% automatically load the code into memory, call <a
-%% href="#c-1"><code>hipe:c(Module)</code></a> or <a
+%% To compile a module to native code and automatically load the code
+%% into memory, call <a href="#c-1"><code>hipe:c(Module)</code></a> or <a
 %% href="#c-2"><code>hipe:c(Module, Options)</code></a>. Note that all
 %% options are specific to the HiPE compiler. See the <a
 %% href="#index">function index</a> for other compiler functions.
@@ -221,11 +220,10 @@
 %%-------------------------------------------------------------------
 
 -type mod() :: atom().
--type c_unit() :: mod() | mfa().
 -type f_unit() :: mod() | binary().
 -type ret_rtl() :: [_].
--type c_ret() :: {'ok', c_unit()} | {'error', term()} |
-                 {'ok', c_unit(), ret_rtl()}. %% The last for debugging only
+-type c_ret() :: {'ok', mod()} | {'error', term()} |
+                 {'ok', mod(), ret_rtl()}. %% The last for debugging only
 -type compile_file() :: atom() | string() | binary().
 -type compile_ret() :: {hipe_architecture(), binary()} | list().
 
@@ -278,47 +276,44 @@ load(Mod, BeamFileName) when is_list(BeamFileName) ->
   end.
 
 %% @spec c(Name) -> {ok, Name} | {error, Reason}
-%%       Name = mod() | mfa()
+%%       Name = mod()
 %%       Reason = term()
 %%
 %% @equiv c(Name, [])
 
--spec c(c_unit()) -> c_ret().
+-spec c(mod()) -> c_ret().
 
 c(Name) ->
   c(Name, []).
 
 %% @spec c(Name, options()) -> {ok, Name} | {error, Reason}
-%%     Name = mod() | mfa()
+%%     Name = mod()
 %%     options() = [option()]
 %%     option() = term()
 %%     Reason = term()
 %%
-%% @type mfa() = {M::mod(),F::fun(),A::arity()}.
-%%       A fully qualified function name.
-%%
 %% @type fun() = atom(). A function identifier.
 %%
 %% @type arity() = integer(). A function arity; always nonnegative.
 %% 
 %% @doc User-friendly native code compiler interface. Reads BEAM code
-%% from the corresponding "Module<code>.beam</code>" file in the system
-%% path, and compiles either a single function or the whole module to
-%% native code. By default, the compiled code is loaded directly. See
-%% above for documentation of options.
+%% from the corresponding "Module<code>.beam</code>" file in the
+%% system path, and compiles the whole module to native code. By
+%% default, the compiled code is loaded directly. See above for
+%% documentation of options.
 %%
 %% @see c/1
 %% @see c/3
 %% @see f/2
 %% @see compile/2
 
--spec c(c_unit(), comp_options()) -> c_ret().
+-spec c(mod(), comp_options()) -> c_ret().
 
 c(Name, Options) ->
   c(Name, beam_file(Name), Options).
 
 %% @spec c(Name, File, options()) -> {ok, Name} | {error, Reason}
-%%     Name = mod() | mfa()
+%%     Name = mod()
 %%     File = filename() | binary()
 %%     Reason = term()
 %%
@@ -329,7 +324,6 @@ c(Name, Options) ->
 %% @see f/2
 
 c(Name, File, Opts) ->
-  %% No server if only one function is compiled
   Opts1 = user_compile_opts(Opts),
   case compile(Name, File, Opts1) of
     {ok, Res} ->
@@ -359,8 +353,7 @@ f(File) ->
 %%     Reason = term()
 %%
 %% @doc Like <code>c/3</code>, but takes the module name from the
-%% specified <code>File</code>. This always compiles the whole module;
-%% there is no possibility to compile just a single function.
+%% specified <code>File</code>.
 %%
 %% @see c/3
 
@@ -381,26 +374,26 @@ user_compile_opts(Opts) ->
 
 
 %% @spec compile(Name) -> {ok, {Target,Binary}} | {error, Reason}
-%%       Name = mod() | mfa()
+%%       Name = mod()
 %%       Binary = binary()
 %%       Reason = term()
 %% 
 %% @equiv compile(Name, [])
 
--spec compile(c_unit()) -> {'ok', compile_ret()} | {'error', term()}.
+-spec compile(mod()) -> {'ok', compile_ret()} | {'error', term()}.
 
 compile(Name) ->
   compile(Name, []).
 
 %% @spec compile(Name, options()) -> {ok, {Target,Binary}} | {error, Reason}
-%%       Name = mod() | mfa()
+%%       Name = mod()
 %%       Binary = binary()
 %%       Reason = term()
 %%
-%% @doc Direct compiler interface, for advanced use. This just compiles
-%% the named function or module, reading BEAM code from the
-%% corresponding "Module<code>.beam</code>" file in the system path.
-%% Returns <code>{ok, Binary}</code> if successful, or <code>{error,
+%% @doc Direct compiler interface, for advanced use. This just
+%% compiles the module, reading BEAM code from the corresponding
+%% "Module<code>.beam</code>" file in the system path.  Returns
+%% <code>{ok, Binary}</code> if successful, or <code>{error,
 %% Reason}</code> otherwise. By default, it does <em>not</em> load the
 %% binary to memory (the <code>load</code> option can be used to
 %% activate automatic loading). <code>File</code> can be either a file
@@ -412,15 +405,13 @@ compile(Name) ->
 %% @see file/2
 %% @see load/2
 
--spec compile(c_unit(), comp_options()) -> {'ok', compile_ret()} | {'error', _}.
+-spec compile(mod(), comp_options()) -> {'ok', compile_ret()} | {'error', _}.
 
 compile(Name, Options) ->
   compile(Name, beam_file(Name), Options).
 
--spec beam_file(mod() | mfa()) -> string().
+-spec beam_file(mod()) -> string().
 
-beam_file({M,F,A}) when is_atom(M), is_atom(F), is_integer(A), A >= 0 ->
-  beam_file(M);
 beam_file(Module) when is_atom(Module) ->
   case code:which(Module) of
     non_existing ->
@@ -432,7 +423,7 @@ beam_file(Module) when is_atom(Module) ->
 
 %% @spec compile(Name, File, options()) ->
 %%           {ok, {Target, Binary}} | {error, Reason}
-%%       Name = mod() | mfa()
+%%       Name = mod()
 %%       File = filename() | binary()
 %%       Binary = binary()
 %%       Reason = term()
@@ -442,18 +433,11 @@ beam_file(Module) when is_atom(Module) ->
 %%
 %% @see compile/2
 
--spec compile(c_unit(), compile_file(), comp_options()) ->
+-spec compile(mod(), compile_file(), comp_options()) ->
 	 {'ok', compile_ret()} | {'error', term()}.
 
-compile(Name, File, Opts0) ->
-  Opts1 = expand_kt2(Opts0),
-  Opts = 
-    case Name of
-      {_Mod, _Fun, _Arity} ->
-	[no_concurrent_comp|Opts1];
-      _ ->
-	Opts1
-    end,
+compile(Name, File, Opts0) when is_atom(Name) ->
+  Opts = expand_kt2(Opts0),
   case proplists:get_value(core, Opts) of
     true when is_binary(File) ->
       ?error_msg("Cannot get Core Erlang code from BEAM binary.",[]),
@@ -486,23 +470,11 @@ compile(Name, File, Opts0) ->
 	  ?EXIT({cant_compile_source_code, Error})
       end;
     Other when Other =:= false; Other =:= undefined ->
-      NewOpts =
-	case proplists:get_value(use_callgraph, Opts) of
-	  No when No =:= false; No =:= undefined -> Opts;
-	  _ ->
-	    case Name of
-	      {_M,_F,_A} ->
-		%% There is no point in using the callgraph or concurrent_comp
-		%% when analyzing just one function.
-		[no_use_callgraph, no_concurrent_comp|Opts];
-	      _ -> Opts
-	    end
-	end,
       DisasmFun = fun (_) -> disasm(File) end,
       IcodeFun = fun (Code, Opts_) ->
 		     get_beam_icode(Name, Code, File, Opts_)
 		 end,
-      run_compiler(Name, DisasmFun, IcodeFun, NewOpts)
+      run_compiler(Name, DisasmFun, IcodeFun, Opts)
   end.
 
 -spec compile_core(mod(), cerl:c_module(), compile_file(), comp_options()) ->
@@ -604,7 +576,7 @@ disasm(File) ->
     #beam_file{labeled_exports = LabeledExports,
 	       compile_info = CompInfo,
 	       code = BeamCode} ->
-      {options, CompOpts} = lists:keyfind(options, 1, CompInfo),
+      CompOpts = proplists:get_value(options, CompInfo, []),
       HCompOpts = case lists:keyfind(hipe, 1, CompOpts) of
 		    {hipe, L} when is_list(L) -> L;
 		    {hipe, X} -> [X];
@@ -625,11 +597,6 @@ fix_beam_exports([{F,A,_}|BeamExports], Exports) ->
 fix_beam_exports([], Exports) ->
   Exports.
 
-get_beam_icode({M,_F,_A} = MFA, {BeamCode, Exports}, _File, Options) ->
-  ?option_time({ok, Icode} = 
-	       (catch {ok, hipe_beam_to_icode:mfa(BeamCode, MFA, Options)}),
-	       "BEAM-to-Icode", Options),
-  {{M, Exports, Icode}, false};
 get_beam_icode(Mod, {BeamCode, Exports}, File, Options) ->
   ?option_time({ok, Icode} =
 	       (catch {ok, hipe_beam_to_icode:module(BeamCode, Options)}),
@@ -899,7 +866,8 @@ maybe_load(Mod, Bin, WholeModule, Opts) ->
       do_load(Mod, Bin, WholeModule)
   end.
 
-do_load(Mod, Bin, WholeModule) ->
+do_load(Mod, Bin, BeamBinOrPath) when is_binary(BeamBinOrPath);
+				      is_list(BeamBinOrPath) ->
   HostArch = get(hipe_host_arch),
   TargetArch = get(hipe_target_arch),
   %% Make sure we can do the load.
@@ -907,29 +875,22 @@ do_load(Mod, Bin, WholeModule) ->
     ?EXIT({host_and_target_arch_differ, HostArch, TargetArch});
     true -> ok
   end,
-  case WholeModule of 
+  case code:is_sticky(Mod) of
+    true ->
+      %% We unpack and repack the Beam binary as a workaround to
+      %% ensure that it is not compressed.
+      {ok, _, Chunks} = beam_lib:all_chunks(BeamBinOrPath),
+      {ok, Beam} = beam_lib:build_module(Chunks),
+      %% Don't purge or register sticky mods; just load native.
+      code:load_native_sticky(Mod, Bin, Beam);
     false ->
-      %% In this case, the emulated code for the module must be loaded.
-      {module, Mod} = code:ensure_loaded(Mod),
-      code:load_native_partial(Mod, Bin);
-    BeamBinOrPath when is_binary(BeamBinOrPath) orelse is_list(BeamBinOrPath) ->
-      case code:is_sticky(Mod) of
-	true ->
-	  %% We unpack and repack the Beam binary as a workaround to
-	  %% ensure that it is not compressed.
-	  {ok, _, Chunks} = beam_lib:all_chunks(WholeModule),
-	  {ok, Beam} = beam_lib:build_module(Chunks),
-	  %% Don't purge or register sticky mods; just load native.
-	  code:load_native_sticky(Mod, Bin, Beam);
-	false ->
-	  %% Normal loading of a whole module
-	  Architecture = erlang:system_info(hipe_architecture),
-	  ChunkName = hipe_unified_loader:chunk_name(Architecture),
-	  {ok, _, Chunks0} = beam_lib:all_chunks(WholeModule),
-	  Chunks = [{ChunkName, Bin}|lists:keydelete(ChunkName, 1, Chunks0)],
-	  {ok, BeamPlusNative} = beam_lib:build_module(Chunks),
-	  code:load_binary(Mod, code:which(Mod), BeamPlusNative)
-      end
+      %% Normal loading of a whole module
+      Architecture = erlang:system_info(hipe_architecture),
+      ChunkName = hipe_unified_loader:chunk_name(Architecture),
+      {ok, _, Chunks0} = beam_lib:all_chunks(BeamBinOrPath),
+      Chunks = [{ChunkName, Bin}|lists:keydelete(ChunkName, 1, Chunks0)],
+      {ok, BeamPlusNative} = beam_lib:build_module(Chunks),
+      code:load_binary(Mod, code:which(Mod), BeamPlusNative)
   end.
 
 assemble(CompiledCode, Closures, Exports, Options) ->
diff --git a/lib/hipe/opt/Makefile b/lib/hipe/opt/Makefile
index 74fde26c0b..4596201801 100644
--- a/lib/hipe/opt/Makefile
+++ b/lib/hipe/opt/Makefile
@@ -63,7 +63,7 @@ DOC_FILES= $(MODULES:%=$(DOCS)/%.html)
 
 include ../native.mk
 
-ERL_COMPILE_FLAGS += +warn_exported_vars +warn_missing_spec +warn_untyped_record
+ERL_COMPILE_FLAGS += +warn_exported_vars +warn_missing_spec # +warn_untyped_record
 
 # ----------------------------------------------------
 # Targets
diff --git a/lib/hipe/opt/hipe_schedule.erl b/lib/hipe/opt/hipe_schedule.erl
index 4925b2927b..4f153e17ad 100644
--- a/lib/hipe/opt/hipe_schedule.erl
+++ b/lib/hipe/opt/hipe_schedule.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2001-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -797,7 +797,7 @@ dep_arc(N, Lat, M, {Dag,Preds}) ->
 %% Returns     : A dependence graph sorted by To. 
 %% Description : A new arc that is added is sorted in the right place, and if
 %%               there is already an arc between nodes A and B, the one with 
-%%               the greatest latency is choosen.
+%%               the greatest latency is chosen.
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 add_arc(Lat,To, []) -> {[{Lat, To}], added};
 add_arc(Lat1, To, [{Lat2, To} | Arcs]) ->
diff --git a/lib/hipe/rtl/Makefile b/lib/hipe/rtl/Makefile
index 690045b978..48086ec79f 100644
--- a/lib/hipe/rtl/Makefile
+++ b/lib/hipe/rtl/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2001-2011. All Rights Reserved.
+# Copyright Ericsson AB 2001-2012. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -139,27 +139,35 @@ hipe_literals.hrl: $(HIPE_MKLITERALS)
 ../main/hipe.hrl: ../vsn.mk ../main/hipe.hrl.src
 	(cd ../main && $(MAKE) hipe.hrl)
 
-$(EBIN)/hipe_rtl.beam: hipe_rtl.hrl ../main/hipe.hrl
-$(EBIN)/hipe_rtl_arch.beam: hipe_rtl.hrl hipe_literals.hrl
-$(EBIN)/hipe_rtl_binary.beam: hipe_rtl.hrl hipe_literals.hrl
-$(EBIN)/hipe_rtl_bin_util.beam: hipe_rtl.hrl hipe_literals.hrl
-$(EBIN)/hipe_rtl_cfg.beam: hipe_rtl.hrl ../flow/cfg.hrl ../flow/cfg.inc ../main/hipe.hrl
-$(EBIN)/hipe_rtl_cleanup_const.beam: hipe_rtl.hrl
-$(EBIN)/hipe_rtl_liveness.beam: hipe_rtl.hrl ../flow/cfg.hrl ../flow/liveness.inc
-$(EBIN)/hipe_icode2rtl.beam: hipe_literals.hrl ../main/hipe.hrl ../icode/hipe_icode.hrl
-$(EBIN)/hipe_tagscheme.beam: hipe_rtl.hrl hipe_literals.hrl
-$(EBIN)/hipe_rtl_primops.beam: hipe_rtl.hrl ../icode/hipe_icode_primops.hrl hipe_literals.hrl ../main/hipe.hrl
+# 2012-02-24. Please keep these dependencies up to date. They tend to rot.
+# grep ^-include *.erl says a lot, but you need to dig further, e.g:
+# grep ^-include ../flow/*.{hrl,inc}
+$(EBIN)/hipe_icode2rtl.beam: \
+	../main/hipe.hrl ../icode/hipe_icode.hrl hipe_literals.hrl
+$(EBIN)/hipe_rtl_arch.beam: hipe_literals.hrl
 $(EBIN)/hipe_rtl_arith_32.beam: ../main/hipe.hrl hipe_rtl_arith.inc
 $(EBIN)/hipe_rtl_arith_64.beam: ../main/hipe.hrl hipe_rtl_arith.inc
-$(EBIN)/hipe_rtl_bs_ops.beam: hipe_literals.hrl ../main/hipe.hrl
-$(EBIN)/hipe_rtl_cerl_bs_ops.beam: ../main/hipe.hrl hipe_literals.hrl hipe_rtl.hrl
-$(EBIN)/hipe_rtl_exceptions.beam: hipe_literals.hrl ../main/hipe.hrl
-$(EBIN)/hipe_rtl_inline_bs_ops.beam: hipe_rtl.hrl hipe_literals.hrl ../main/hipe.hrl
+$(EBIN)/hipe_rtl_binary_construct.beam: \
+	../main/hipe.hrl hipe_rtl.hrl hipe_literals.hrl
+$(EBIN)/hipe_rtl_binary_match.beam: hipe_literals.hrl
+$(EBIN)/hipe_rtl_cfg.beam: \
+	../main/hipe.hrl hipe_rtl.hrl ../flow/cfg.hrl ../flow/cfg.inc
+$(EBIN)/hipe_rtl_cleanup_const.beam: hipe_rtl.hrl
+$(EBIN)/hipe_rtl.beam: ../main/hipe.hrl hipe_rtl.hrl
+$(EBIN)/hipe_rtl_exceptions.beam: ../main/hipe.hrl hipe_literals.hrl
+$(EBIN)/hipe_rtl_lcm.beam: ../main/hipe.hrl hipe_rtl.hrl ../flow/cfg.hrl
+$(EBIN)/hipe_rtl_liveness.beam: hipe_rtl.hrl ../flow/cfg.hrl ../flow/liveness.inc
 $(EBIN)/hipe_rtl_mk_switch.beam: ../main/hipe.hrl
-$(EBIN)/hipe_rtl_lcm.beam: ../flow/cfg.hrl hipe_rtl.hrl
-$(EBIN)/hipe_rtl_symbolic.beam: hipe_rtl.hrl hipe_literals.hrl ../flow/cfg.hrl ../icode/hipe_icode_primops.hrl
-$(EBIN)/hipe_rtl_varmap.beam: ../main/hipe.hrl ../icode/hipe_icode.hrl
-
-$(EBIN)/hipe_rtl_ssa.beam: ../ssa/hipe_ssa.inc ../main/hipe.hrl ../ssa/hipe_ssa_liveness.inc hipe_rtl.hrl
-$(EBIN)/hipe_rtl_ssa_const_prop.beam: hipe_rtl.hrl ../main/hipe.hrl ../flow/cfg.hrl ../ssa/hipe_ssa_const_prop.inc
-$(EBIN)/hipe_rtl_ssapre.beam: ../main/hipe.hrl ../flow/cfg.hrl hipe_rtl.hrl
+$(EBIN)/hipe_rtl_primops.beam: ../main/hipe.hrl \
+	../icode/hipe_icode_primops.hrl hipe_rtl.hrl hipe_literals.hrl
+$(EBIN)/hipe_rtl_ssa_avail_expr.beam: ../main/hipe.hrl hipe_rtl.hrl
+$(EBIN)/hipe_rtl_ssa_const_prop.beam: ../main/hipe.hrl hipe_rtl.hrl \
+	../flow/cfg.hrl ../ssa/hipe_ssa_const_prop.inc
+$(EBIN)/hipe_rtl_ssa.beam: hipe_rtl.hrl \
+	../main/hipe.hrl ../ssa/hipe_ssa_liveness.inc ../ssa/hipe_ssa.inc
+$(EBIN)/hipe_rtl_ssapre.beam: ../main/hipe.hrl hipe_rtl.hrl
+$(EBIN)/hipe_rtl_symbolic.beam: hipe_rtl.hrl hipe_literals.hrl \
+	../icode/hipe_icode_primops.hrl
+$(EBIN)/hipe_rtl_varmap.beam: ../main/hipe.hrl \
+	../misc/hipe_consttab.hrl ../icode/hipe_icode.hrl
+$(EBIN)/hipe_tagscheme.beam: hipe_rtl.hrl hipe_literals.hrl
diff --git a/lib/hipe/tools/Makefile b/lib/hipe/tools/Makefile
index 0eaa3a7b05..f90d3c9f70 100644
--- a/lib/hipe/tools/Makefile
+++ b/lib/hipe/tools/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2002-2010. All Rights Reserved.
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -42,7 +42,7 @@ RELSYSDIR = $(RELEASE_PATH)/lib/hipe-$(VSN)
 # ----------------------------------------------------
 # Target Specs
 # ----------------------------------------------------
-MODULES = hipe_tool hipe_profile hipe_ceach hipe_jit
+MODULES = hipe_tool hipe_profile hipe_jit
 #	  hipe_timer
 
 HRL_FILES=
diff --git a/lib/hipe/tools/hipe_ceach.erl b/lib/hipe/tools/hipe_ceach.erl
deleted file mode 100644
index b29615e169..0000000000
--- a/lib/hipe/tools/hipe_ceach.erl
+++ /dev/null
@@ -1,74 +0,0 @@
-%% -*- erlang-indent-level: 2 -*-
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% Copyright (c) 2001 by Erik Johansson.  All Rights Reserved 
-%% ====================================================================
-%%  Module   :	hipe_ceach
-%%  Purpose  :  Compile each function in a module, possibly applying a
-%%              fun between each compilation. Useful for bug hunting by
-%%		pinpointing a function that when compiled causes a bug.
-%%  Notes    : 
-%%  History  :	* 2001-12-11 Erik Johansson ([email protected]): Created.
-%% ====================================================================
-%%  Exports  :
-%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
--module(hipe_ceach).
-
--export([c/1, c/2, c/3]).
-
--include("../main/hipe.hrl").
-
-%%---------------------------------------------------------------------
-
--spec c(atom()) -> 'ok'.
-
-c(M) ->
-  lists:foreach(fun({F,A}) -> comp(M, F, A) end,
-		M:module_info(functions)).
-
--spec c(atom(), comp_options()) -> 'ok'.
-
-c(M, Opts) ->
-  lists:foreach(fun({F,A}) -> comp(M, F, A, Opts) end,
-		M:module_info(functions)).
-
--spec c(atom(), comp_options(), fun(() -> any())) -> 'ok'.
-
-c(M, Opts, Fn) ->
-  lists:foreach(fun({F,A}) -> comp(M, F, A, Opts), Fn() end,
-		M:module_info(functions)).
-
--spec comp(atom(), atom(), arity()) -> 'ok'.
-
-comp(M, F, A) ->
-  io:format("~w:~w/~w... ", [M, F, A]),
-  MFA = {M, F, A},
-  {ok, MFA} = hipe:c(MFA),
-  io:format("OK\n").
-
--spec comp(atom(), atom(), arity(), comp_options()) -> 'ok'.
-
-comp(M, F, A, Opts) ->
-  io:format("~w:~w/~w... ", [M, F, A]),
-  MFA = {M, F, A},
-  {ok, MFA} = hipe:c(MFA, Opts),
-  io:format("OK\n").
diff --git a/lib/hipe/tools/hipe_profile.erl b/lib/hipe/tools/hipe_profile.erl
index 7566acb8f4..ea6b1fb42c 100644
--- a/lib/hipe/tools/hipe_profile.erl
+++ b/lib/hipe/tools/hipe_profile.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -89,7 +89,7 @@ calls() ->
 %%   F(), 
 %%   %% Get result.
 %%   R = res(),
-%%   %% Turn of profiling.
+%%   %% Turn off profiling.
 %%   prof_off(),
 %%   R.
 
diff --git a/lib/hipe/tools/hipe_tool.erl b/lib/hipe/tools/hipe_tool.erl
index 990805ceca..190a68ee56 100644
--- a/lib/hipe/tools/hipe_tool.erl
+++ b/lib/hipe/tools/hipe_tool.erl
@@ -30,6 +30,18 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 -module(hipe_tool).
+-compile([{nowarn_deprecated_function,{gs,button,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,editor,3}},
+          {nowarn_deprecated_function,{gs,label,3}},
+          {nowarn_deprecated_function,{gs,listbox,3}},
+          {nowarn_deprecated_function,{gs,menu,3}},
+          {nowarn_deprecated_function,{gs,menubar,3}},
+          {nowarn_deprecated_function,{gs,menubutton,3}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 -export([start/0]).
 
diff --git a/lib/hipe/util/hipe_dot.erl b/lib/hipe/util/hipe_dot.erl
index d6ef801c88..e4a47ae0c4 100644
--- a/lib/hipe/util/hipe_dot.erl
+++ b/lib/hipe/util/hipe_dot.erl
@@ -2,7 +2,7 @@
 %%%
 %%% %CopyrightBegin%
 %%% 
-%%% Copyright Ericsson AB 2004-2009. All Rights Reserved.
+%%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%% 
 %%% The contents of this file are subject to the Erlang Public License,
 %%% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/hipe/vsn.mk b/lib/hipe/vsn.mk
index 65e04ff7fa..347a0336cd 100644
--- a/lib/hipe/vsn.mk
+++ b/lib/hipe/vsn.mk
@@ -1 +1 @@
-HIPE_VSN = 3.8.1
+HIPE_VSN = 3.9
diff --git a/lib/ic/c_src/Makefile.in b/lib/ic/c_src/Makefile.in
index 28040ca42d..5e034c47c6 100644
--- a/lib/ic/c_src/Makefile.in
+++ b/lib/ic/c_src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1998-2009. All Rights Reserved.
+# Copyright Ericsson AB 1998-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ic/doc/src/Makefile b/lib/ic/doc/src/Makefile
index 1e93578cb1..208f16e441 100644
--- a/lib/ic/doc/src/Makefile
+++ b/lib/ic/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1998-2010. All Rights Reserved.
+# Copyright Ericsson AB 1998-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ic/doc/src/notes.xml b/lib/ic/doc/src/notes.xml
index ff289bd76c..6329bf1fb5 100644
--- a/lib/ic/doc/src/notes.xml
+++ b/lib/ic/doc/src/notes.xml
@@ -30,7 +30,25 @@
     <file>notes.xml</file>
   </header>
 
-   <section>
+   <section><title>IC 4.2.29</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>IC 4.2.28</title>
 
     <section>
diff --git a/lib/ic/examples/pre_post_condition/Makefile b/lib/ic/examples/pre_post_condition/Makefile
index d57133c964..8f85babb1a 100644
--- a/lib/ic/examples/pre_post_condition/Makefile
+++ b/lib/ic/examples/pre_post_condition/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ic/vsn.mk b/lib/ic/vsn.mk
index 703c8d29eb..e21fc8fbb2 100644
--- a/lib/ic/vsn.mk
+++ b/lib/ic/vsn.mk
@@ -1 +1 @@
-IC_VSN = 4.2.28
+IC_VSN = 4.2.29
diff --git a/lib/inets/Makefile b/lib/inets/Makefile
index 4765a2ca3c..d837a3396a 100644
--- a/lib/inets/Makefile
+++ b/lib/inets/Makefile
@@ -31,12 +31,16 @@ VSN = $(INETS_VSN)
 
 SPECIAL_TARGETS = 
 
+DIA_PLT      = ./priv/plt/$(APPLICATION).plt
+DIA_ANALYSIS = $(basename $(DIA_PLT)).dialyzer_analysis
+
+
 # ----------------------------------------------------
 # Default Subdir Targets
 # ----------------------------------------------------
 include $(ERL_TOP)/make/otp_subdir.mk
 
-.PHONY: info gclean
+.PHONY: info gclean dialyzer dialyzer_plt dclean
 
 info:
 	@echo "OS:        $(OS)"
@@ -45,6 +49,29 @@ info:
 	@echo "INETS_VSN: $(INETS_VSN)"
 	@echo "APP_VSN:   $(APP_VSN)"
 	@echo ""
+	@echo "DIA_PLT:      $(DIA_PLT)"
+	@echo "DIA_ANALYSIS: $(DIA_ANALYSIS)"
+	@echo ""
 
 gclean: 
 	git clean -fXd
+
+dclean:
+	rm -f $(DIA_PLT)
+	rm -f $(DIA_ANALYSIS)
+
+dialyzer_plt: $(DIA_PLT)
+
+$(DIA_PLT): 
+	@echo "Building $(APPLICATION) plt file"
+	@dialyzer --build_plt \
+                  --output_plt $@ \
+                  -r ../$(APPLICATION)/ebin \
+                  --output $(DIA_ANALYSIS) \
+                  --verbose
+
+dialyzer: $(DIA_PLT)
+	@echo "Running dialyzer on $(APPLICATION)"
+	@dialyzer --plt $< \
+                  ../$(APPLICATION)/ebin \
+                  --verbose
diff --git a/lib/inets/doc/src/Makefile b/lib/inets/doc/src/Makefile
index 82f2a5829f..53d505b102 100644
--- a/lib/inets/doc/src/Makefile
+++ b/lib/inets/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1997-2010. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/inets/doc/src/httpc.xml b/lib/inets/doc/src/httpc.xml
index b1f964ae69..48a2089605 100644
--- a/lib/inets/doc/src/httpc.xml
+++ b/lib/inets/doc/src/httpc.xml
@@ -178,13 +178,14 @@ filename()       = string()
         <v>timeout() = integer() >= 0 | infinity</v>
         <v>Options = options()</v>
         <v>options() = [option()]</v>
-        <v>option() = {sync,          boolean()} | 
-                      {stream,        stream_to()} | 
-                      {body_format,   body_format()} | 
-                      {full_result,   boolean()} | 
-                      {headers_as_is, boolean() |
-                      {socket_opts,   socket_opts()} | 
-                      {receiver,      receiver()}}</v>
+        <v>option() = {sync,                    boolean()} | 
+                      {stream,                  stream_to()} | 
+                      {body_format,             body_format()} | 
+                      {full_result,             boolean()} | 
+                      {headers_as_is,           boolean() |
+                      {socket_opts,             socket_opts()} | 
+                      {receiver,                receiver()},
+	              {ipv6_host_with_brackets, boolean()}}</v>
         <v>stream_to() = none | self | {self, once} | filename() </v>
         <v>socket_opts() = [socket_opt()]</v>
         <v>receiver() = pid() | function()/1 | {Module, Function, Args} </v>
@@ -407,7 +408,18 @@ apply(Module, Function, [ReplyInfo | Args])
 
             <p>Defaults to the <c>pid()</c> of the process calling the request 
 	    function (<c>self()</c>). </p>
+
+	    <marker id="ipv6_host_with_brackets"></marker>
+	  </item>
+
+          <tag><c><![CDATA[ipv6_host_with_brackets]]></c></tag>
+          <item>
+            <p>When parsing the Host-Port part of an URI with a IPv6 address 
+	    with brackets, shall we retain those brackets (<c>true</c>) or 
+	    strip them (<c>false</c>). </p>
+            <p>Defaults to <c>false</c>. </p>
 	  </item>
+
         </taglist>
 
         <marker id="cancel_request"></marker>
@@ -572,17 +584,24 @@ apply(Module, Function, [ReplyInfo | Args])
 
     <func>
       <name>cookie_header(Url) -> </name>
-      <name>cookie_header(Url, Profile) -> header() | {error, Reason}</name>
+      <name>cookie_header(Url, Profile | Opts) -> header() | {error, Reason}</name>
+      <name>cookie_header(Url, Opts, Profile) -> header() | {error, Reason}</name>
       <fsummary>Returns the cookie header that would be sent when
       making a request to Url using the profile <c>Profile</c>.</fsummary>
       <type>
         <v>Url = url()</v>
+        <v>Opts = [cookie_header_opt()]</v>
 	<v>Profile = profile() | pid() (when started <c>stand_alone</c>)</v>
+        <v>cookie_header_opt() = {ipv6_host_with_brackets, boolean()}</v>
       </type>
       <desc>
         <p>Returns the cookie header that would be sent
 	when making a request to <c>Url</c> using the profile <c>Profile</c>.
 	If no profile is specified the default profile will be used. </p>
+	<p>The option <c>ipv6_host_with_bracket</c> deals with how to 
+	parse IPv6 addresses. 
+	See the <c>Options</c> argument of the 
+	<seealso marker="#request2">request/4,5</seealso> for more info. </p>
 
         <marker id="reset_cookies"></marker>
       </desc>
diff --git a/lib/inets/doc/src/notes.xml b/lib/inets/doc/src/notes.xml
index 7f0f61148c..cfc58b8ddb 100644
--- a/lib/inets/doc/src/notes.xml
+++ b/lib/inets/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2002</year><year>2011</year>
+      <year>2002</year><year>2012</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -32,6 +32,58 @@
     <file>notes.xml</file>
   </header>
   
+
+  <section><title>Inets 5.8.1</title>
+    <section><title>Improvements and New Features</title>
+    <p>-</p>
+
+<!--
+      <list>
+        <item>
+          <p>[httpc|httpd] Added support for IPv6 with ssl. </p>
+          <p>Own Id: OTP-5566</p>
+        </item>
+
+      </list>
+-->
+
+    </section>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+<!--
+    <p>-</p>
+-->
+
+      <list>
+        <item>
+          <p>[ftp] Fails to open IPv6 connection due to badly formatted
+          IPv6 address in EPRT command. The address part of the command
+          incorrectly contained decimal elements instead of hexadecimal. </p>
+          <p>Own Id: OTP-9827</p>
+          <p>Aux Id: Seq 11970 </p>
+        </item>
+
+        <item>
+          <p>[httpc] Bad Keep Alive Mode. When selecting a session, 
+          the "state" of the session (specifically if the server has 
+          responded) was not taken into account. </p>
+          <p>Own Id: OTP-9847</p>
+        </item>
+
+        <item>
+          <p>[httpc] The client incorrectly streams 404 responses. 
+          The documentation specifies that only 200 and 206 responses 
+          shall be streamed. </p>
+          <p>Shane Evens</p>
+          <p>Own Id: OTP-9860</p>
+        </item>
+
+      </list>
+    </section>
+  
+  </section> <!-- 5.8.1 -->
+
+
   <section><title>Inets 5.8</title>
 
     <section><title>Improvements and New Features</title>
@@ -50,6 +102,21 @@
 	  <p>Own Id: OTP-9545</p>
         </item>
 
+        <item>
+          <p>[httpc] Wrong Host header in IPv6 HTTP requests.
+	  When a URI with a IPv6 host is parsed, the brackets that encapsulates
+	  the address part is removed. This value is then supplied as the host 
+	  header. This can cause problems with some servers.
+	  A workaround for this is to use headers_as_is and provide the host
+	  header with the requst call. 
+	  To solve this a new option has been added, 
+	  <seealso marker="httpc#ipv6_host_with_brackets">ipv6_host_with_brackets</seealso>. 
+	  This option specifies if the host value of the host header shall 
+	  include the brackets or not. By default, it does not (as before). 
+	  </p>
+	  <p>Own Id: OTP-9628</p>
+        </item>
+
       </list>
 
     </section>
@@ -66,6 +133,20 @@
 	  <p>Own Id: OTP-9715</p>
         </item>
 
+        <item>
+          <p>[httpd] Sometimes entries in the transfer log was written 
+	  with the message size as list of numbers. This list was actually 
+	  the size as a string, e.g. "123", written with the control 
+	  sequence ~w. This has now been corrected so that any string is 
+	  converted to an integer (if possible). </p>
+	  <p>Own Id: OTP-9733</p>
+        </item>
+
+        <item>
+          <p>Fixed various problems detected by Dialyzer. </p>
+	  <p>Own Id: OTP-9736</p>
+        </item>
+
       </list>
 
     </section>
diff --git a/lib/inets/priv/plt/.gitignore b/lib/inets/priv/plt/.gitignore
new file mode 100644
index 0000000000..2051b52d48
--- /dev/null
+++ b/lib/inets/priv/plt/.gitignore
@@ -0,0 +1,2 @@
+/*.plt
+/*.dialyzer_analysis
diff --git a/lib/inets/src/ftp/ftp.erl b/lib/inets/src/ftp/ftp.erl
index b6da92947c..560ee55271 100644
--- a/lib/inets/src/ftp/ftp.erl
+++ b/lib/inets/src/ftp/ftp.erl
@@ -1987,17 +1987,14 @@ setup_ctrl_connection(Host, Port, Timeout, State) ->
 setup_data_connection(#state{mode   = active, 
 			     caller = Caller, 
 			     csock  = CSock} = State) ->    
-    IntToString = fun(Element) -> integer_to_list(Element) end,
-    
     case (catch inet:sockname(CSock)) of
 	{ok, {{_, _, _, _, _, _, _, _} = IP, _}} ->
 	    {ok, LSock} = 
 		gen_tcp:listen(0, [{ip, IP}, {active, false},
 				   inet6, binary, {packet, 0}]),
 	    {ok, Port} = inet:port(LSock),
-	    Cmd = mk_cmd("EPRT |2|~s:~s:~s:~s:~s:~s:~s:~s|~s|", 
-			 lists:map(IntToString, 
-				   tuple_to_list(IP) ++ [Port])),
+	    IpAddress = inet_parse:ntoa(IP),
+	    Cmd = mk_cmd("EPRT |2|~s|~p|", [IpAddress, Port]),
 	    send_ctrl_message(State, Cmd),
 	    activate_ctrl_connection(State),  
 	    {noreply, State#state{caller = {setup_data_connection, 
diff --git a/lib/inets/src/http_client/Makefile b/lib/inets/src/http_client/Makefile
index 3960c36d00..d490e59929 100644
--- a/lib/inets/src/http_client/Makefile
+++ b/lib/inets/src/http_client/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2005-2010. All Rights Reserved.
+# Copyright Ericsson AB 2005-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/inets/src/http_client/httpc.erl b/lib/inets/src/http_client/httpc.erl
index d72c34fa6b..ae87ceed93 100644
--- a/lib/inets/src/http_client/httpc.erl
+++ b/lib/inets/src/http_client/httpc.erl
@@ -34,7 +34,7 @@
 	 set_option/2, set_option/3,
 	 set_options/1, set_options/2,
 	 store_cookies/2, store_cookies/3, 
-	 cookie_header/1, cookie_header/2, 
+	 cookie_header/1, cookie_header/2, cookie_header/3, 
 	 which_cookies/0, which_cookies/1, 
 	 reset_cookies/0, reset_cookies/1, 
 	 stream_next/1,
@@ -290,25 +290,36 @@ store_cookies(SetCookieHeaders, Url, Profile)
 
 
 %%--------------------------------------------------------------------------
-%% cookie_header(Url [, Profile]) -> Header | {error, Reason}
-%%               
+%% cookie_header(Url) -> Header | {error, Reason}
+%% cookie_header(Url, Profile) -> Header | {error, Reason}
+%% cookie_header(Url, Opts,  Profile) -> Header | {error, Reason}
+%% 
 %% Description: Returns the cookie header that would be sent when making
 %% a request to <Url>.
 %%-------------------------------------------------------------------------
 cookie_header(Url) ->
     cookie_header(Url, default_profile()).
 
-cookie_header(Url, Profile) ->
+cookie_header(Url, Profile) when is_atom(Profile) orelse is_pid(Profile) ->
+    cookie_header(Url, [], Profile);
+cookie_header(Url, Opts) when is_list(Opts) ->
+    cookie_header(Url, Opts, default_profile()).
+
+cookie_header(Url, Opts, Profile) 
+  when (is_list(Opts) andalso (is_atom(Profile) orelse is_pid(Profile))) ->
     ?hcrt("cookie header", [{url,     Url},
+			    {opts,    Opts}, 
 			    {profile, Profile}]),
     try 
 	begin
-	    httpc_manager:which_cookies(Url, profile_name(Profile))
+	    httpc_manager:which_cookies(Url, Opts, profile_name(Profile))
 	end
     catch 
 	exit:{noproc, _} ->
 	    {error, {not_started, Profile}}
     end.
+    
+    
 
 
 %%--------------------------------------------------------------------------
diff --git a/lib/inets/src/http_client/httpc_handler.erl b/lib/inets/src/http_client/httpc_handler.erl
index 587e24cc8d..bfe9b14ef6 100644
--- a/lib/inets/src/http_client/httpc_handler.erl
+++ b/lib/inets/src/http_client/httpc_handler.erl
@@ -157,12 +157,12 @@ info(Pid) ->
 %%              memory in vain.)
 %%--------------------------------------------------------------------
 %% Request should not be streamed
-stream(BodyPart, Request = #request{stream = none}, _) ->
+stream(BodyPart, #request{stream = none} = Request, _) ->
     ?hcrt("stream - none", []),
     {BodyPart, Request};
 
 %% Stream to caller
-stream(BodyPart, Request = #request{stream = Self}, Code) 
+stream(BodyPart, #request{stream = Self} = Request, Code) 
   when ((Code =:= 200) orelse  (Code =:= 206)) andalso 
        ((Self =:= self) orelse (Self =:= {self, once})) ->
     ?hcrt("stream - self", [{stream, Self}, {code, Code}]),
@@ -170,17 +170,10 @@ stream(BodyPart, Request = #request{stream = Self}, Code)
 			{Request#request.id, stream, BodyPart}),
     {<<>>, Request};
 
-stream(BodyPart, Request = #request{stream = Self}, 404) 
-  when (Self =:= self) orelse (Self =:= {self, once}) ->
-    ?hcrt("stream - self with 404", [{stream, Self}]),
-    httpc_response:send(Request#request.from, 
-			{Request#request.id, stream, BodyPart}),
-    {<<>>, Request};
-
 %% Stream to file
 %% This has been moved to start_stream/3
 %% We keep this for backward compatibillity...
-stream(BodyPart, Request = #request{stream = Filename}, Code)
+stream(BodyPart, #request{stream = Filename} = Request, Code)
   when ((Code =:= 200) orelse (Code =:= 206)) andalso is_list(Filename) -> 
     ?hcrt("stream - filename", [{stream, Filename}, {code, Code}]),
     case file:open(Filename, [write, raw, append, delayed_write]) of
@@ -192,7 +185,7 @@ stream(BodyPart, Request = #request{stream = Filename}, Code)
     end;
 
 %% Stream to file
-stream(BodyPart, Request = #request{stream = Fd}, Code)  
+stream(BodyPart, #request{stream = Fd} = Request, Code)  
   when ((Code =:= 200) orelse (Code =:= 206)) -> 
     ?hcrt("stream to file", [{stream, Fd}, {code, Code}]),
     case file:write(Fd, BodyPart) of
@@ -295,7 +288,7 @@ handle_call(#request{address = Addr} = Request, _,
 					%% Queue + current
 					queue:len(NewPipeline) + 1,
 					client_close = ClientClose},
-		    httpc_manager:insert_session(NewSession, ProfileName),
+		    insert_session(NewSession, ProfileName),
 		    ?hcrd("session updated", []),
                     {reply, ok, State#state{pipeline = NewPipeline,
 					    session  = NewSession,
@@ -363,7 +356,7 @@ handle_call(#request{address = Addr} = Request, _,
 					%% Queue + current
 					queue:len(NewKeepAlive) + 1,
 					client_close = ClientClose},
-		    httpc_manager:insert_session(NewSession, ProfileName),
+		    insert_session(NewSession, ProfileName),
 		    ?hcrd("session updated", []),
                     {reply, ok, State#state{keep_alive = NewKeepAlive,
 					    session    = NewSession,
@@ -377,7 +370,7 @@ handle_call(#request{address = Addr} = Request, _,
 		    NewSession = 
 			Session#session{queue_length = 1,
 					client_close = ClientClose},
-		    httpc_manager:insert_session(NewSession, ProfileName),
+		    insert_session(NewSession, ProfileName),
 		    Relaxed = 
 			(Request#request.settings)#http_options.relaxed,
 		    MFA = {httpc_response, parse,
@@ -766,23 +759,52 @@ deliver_answer(Request) ->
 %% Func: code_change(_OldVsn, State, Extra) -> {ok, NewState}
 %% Purpose: Convert process state when code is changed
 %%--------------------------------------------------------------------
-%% code_change(_, #state{request = Request, pipeline = Queue} = State, 
-%% 	    [{from, '5.0.1'}, {to, '5.0.2'}]) ->
-%%     Settings = new_http_options(Request#request.settings),
-%%     NewRequest = Request#request{settings = Settings},
-%%     NewQueue = new_queue(Queue, fun new_http_options/1),
-%%     {ok, State#state{request = NewRequest, pipeline = NewQueue}};
-
-%% code_change(_, #state{request = Request, pipeline = Queue} = State, 
-%% 	    [{from, '5.0.2'}, {to, '5.0.1'}]) ->
-%%     Settings = old_http_options(Request#request.settings),
-%%     NewRequest = Request#request{settings = Settings},
-%%     NewQueue = new_queue(Queue, fun old_http_options/1),
-%%     {ok, State#state{request = NewRequest, pipeline = NewQueue}};
+
+code_change(_, 
+	    #state{session      = OldSession, 
+		   profile_name = ProfileName} = State, 
+	    upgrade_from_pre_5_8_1) ->
+    case OldSession of
+	{session, 
+	 Id, ClientClose, Scheme, Socket, SocketType, QueueLen, Type} ->
+	    NewSession = #session{id           = Id, 
+				  client_close = ClientClose, 
+				  scheme       = Scheme, 
+				  socket       = Socket, 
+				  socket_type  = SocketType,
+				  queue_length = QueueLen, 
+				  type         = Type}, 
+	    insert_session(NewSession, ProfileName), 
+	    {ok, State#state{session = NewSession}};
+	_ -> 
+	    {ok, State}
+    end;
+
+code_change(_, 
+	    #state{session      = OldSession, 
+		   profile_name = ProfileName} = State, 
+	    downgrade_to_pre_5_8_1) ->
+    case OldSession of
+	#session{id           = Id, 
+		 client_close = ClientClose, 
+		 scheme       = Scheme, 
+		 socket       = Socket, 
+		 socket_type  = SocketType,
+		 queue_length = QueueLen, 
+		 type         = Type} ->
+	    NewSession = {session, 
+			  Id, ClientClose, Scheme, Socket, SocketType, 
+			  QueueLen, Type},
+	    insert_session(NewSession, ProfileName), 
+	    {ok, State#state{session = NewSession}};
+	_ -> 
+	    {ok, State}
+    end;
 
 code_change(_, State, _) ->
     {ok, State}.
 
+
 %% new_http_options({http_options, TimeOut, AutoRedirect, SslOpts,
 %% 		  Auth, Relaxed}) ->
 %%     {http_options, "HTTP/1.1", TimeOut, AutoRedirect, SslOpts,
@@ -1181,7 +1203,7 @@ handle_pipeline(#state{status       = pipeline,
 
     case queue:out(State#state.pipeline) of
 	{empty, _} ->
-	    ?hcrd("epmty pipeline queue", []),
+	    ?hcrd("pipeline queue empty", []),
 	    
 	    %% The server may choose too teminate an idle pipeline
 	    %% in this case we want to receive the close message
@@ -1191,9 +1213,8 @@ handle_pipeline(#state{status       = pipeline,
 
 	    %% If a pipeline that has been idle for some time is not
 	    %% closed by the server, the client may want to close it.
-	    NewState   = activate_queue_timeout(TimeOut, State),
-	    NewSession = Session#session{queue_length = 0},
-	    httpc_manager:insert_session(NewSession, ProfileName),
+	    NewState = activate_queue_timeout(TimeOut, State),
+	    update_session(ProfileName, Session, #session.queue_length, 0), 
 	    %% Note mfa will be initilized when a new request 
 	    %% arrives.
 	    {noreply, 
@@ -1203,6 +1224,7 @@ handle_pipeline(#state{status       = pipeline,
 			    headers     = undefined,
 			    body        = undefined}};
 	{{value, NextRequest}, Pipeline} ->    
+	    ?hcrd("pipeline queue non-empty", []),
 	    case lists:member(NextRequest#request.id, 
 			      State#state.canceled) of		
 		true ->
@@ -1218,7 +1240,7 @@ handle_pipeline(#state{status       = pipeline,
 			Session#session{queue_length =
 					%% Queue + current
 					queue:len(Pipeline) + 1},
-		    httpc_manager:insert_session(NewSession, ProfileName),
+		    insert_session(NewSession, ProfileName),
 		    Relaxed = 
 			(NextRequest#request.settings)#http_options.relaxed,
 		    MFA = {httpc_response, 
@@ -1257,7 +1279,7 @@ handle_keep_alive_queue(
 
     case queue:out(State#state.keep_alive) of
 	{empty, _} ->
-	    ?hcrd("empty keep_alive queue", []),
+	    ?hcrd("keep_alive queue empty", []),
 	    %% The server may choose too terminate an idle keep_alive session
 	    %% in this case we want to receive the close message
 	    %% at once and not when trying to send the next
@@ -1266,8 +1288,7 @@ handle_keep_alive_queue(
 	    %% If a keep_alive session has been idle for some time is not
 	    %% closed by the server, the client may want to close it.
 	    NewState = activate_queue_timeout(TimeOut, State),
-	    NewSession = Session#session{queue_length = 0},
-	    httpc_manager:insert_session(NewSession, ProfileName),
+	    update_session(ProfileName, Session, #session.queue_length, 0),
 	    %% Note mfa will be initilized when a new request 
 	    %% arrives.
 	    {noreply, 
@@ -1279,6 +1300,7 @@ handle_keep_alive_queue(
 			   } 
 	    };
 	{{value, NextRequest}, KeepAlive} ->    
+	    ?hcrd("keep_alive queue non-empty", []),
 	    case lists:member(NextRequest#request.id, 
 			      State#state.canceled) of		
 		true ->
@@ -1388,10 +1410,10 @@ try_to_enable_pipeline_or_keep_alive(
 	    case (is_pipeline_enabled_client(Session) andalso 
 		  httpc_request:is_idempotent(Method)) of
 		true ->
-		    httpc_manager:insert_session(Session, ProfileName),
+		    insert_session(Session, ProfileName),
 		    State#state{status = pipeline};
 		false ->
-		    httpc_manager:insert_session(Session, ProfileName),
+		    insert_session(Session, ProfileName),
 		    %% Make sure type is keep_alive in session
 		    %% as it in this case might be pipeline
 		    NewSession = Session#session{type = keep_alive}, 
@@ -1403,7 +1425,9 @@ try_to_enable_pipeline_or_keep_alive(
     end.
 
 answer_request(#request{id = RequestId, from = From} = Request, Msg, 
-	       #state{timers = Timers, profile_name = ProfileName} = State) -> 
+	       #state{session      = Session, 
+		      timers       = Timers, 
+		      profile_name = ProfileName} = State) -> 
     ?hcrt("answer request", [{request, Request}, {msg, Msg}]),
     httpc_response:send(From, Msg),
     RequestTimers = Timers#timers.request_timers,
@@ -1412,12 +1436,20 @@ answer_request(#request{id = RequestId, from = From} = Request, Msg,
     Timer = {RequestId, TimerRef},
     cancel_timer(TimerRef, {timeout, Request#request.id}),
     httpc_manager:request_done(RequestId, ProfileName),
-
+    NewSession = maybe_make_session_available(ProfileName, Session), 
+    Timers2 = Timers#timers{request_timers = lists:delete(Timer, 
+							  RequestTimers)}, 
     State#state{request = Request#request{from = answer_sent},
-		timers = 
-		Timers#timers{request_timers =
-			      lists:delete(Timer, RequestTimers)}}.
-
+		session = NewSession, 
+		timers  = Timers2}.
+
+maybe_make_session_available(ProfileName, 
+			     #session{available = false} = Session) ->
+    update_session(ProfileName, Session, #session.available, true),
+    Session#session{available = true};
+maybe_make_session_available(_ProfileName, Session) ->
+    Session.
+    
 cancel_timers(#timers{request_timers = ReqTmrs, queue_timer = QTmr}) ->
     cancel_timer(QTmr, timeout_queue),
     CancelTimer = fun({_, Timer}) -> cancel_timer(Timer, timeout) end, 
@@ -1656,6 +1688,28 @@ send_raw(SocketType, Socket, ProcessBody, Acc) ->
     end.
 
 
+%% ---------------------------------------------------------------------
+%% Session wrappers
+%% ---------------------------------------------------------------------
+
+insert_session(Session, ProfileName) ->
+    httpc_manager:insert_session(Session, ProfileName).
+
+
+update_session(ProfileName, #session{id = SessionId} = Session, Pos, Value) ->
+    try
+	begin
+	    httpc_manager:update_session(ProfileName, SessionId, Pos, Value)
+	end
+    catch
+	error:undef -> % This could happen during code upgrade
+	    Session2 = erlang:setelement(Pos, Session, Value),
+	    insert_session(Session2, ProfileName)
+    end.
+
+
+%% ---------------------------------------------------------------------
+
 call(Msg, Pid) ->
     Timeout = infinity,
     call(Msg, Pid, Timeout).
diff --git a/lib/inets/src/http_client/httpc_internal.hrl b/lib/inets/src/http_client/httpc_internal.hrl
index e4127d992d..8af752546c 100644
--- a/lib/inets/src/http_client/httpc_internal.hrl
+++ b/lib/inets/src/http_client/httpc_internal.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -115,17 +115,37 @@
 	}
        ).               
 
+
 -record(session,
 	{
-	  id,           % {{Host, Port}, HandlerPid}
-	  client_close, % true | false
-	  scheme,       % http (HTTP/TCP) | https (HTTP/SSL/TCP)
-	  socket,       % Open socket, used by connection
-	  socket_type,  % socket-type, used by connection
-	  queue_length = 1, % Current length of pipeline or keep-alive queue  
-	  type          % pipeline | keep_alive (wait for response before sending new request) 
+	  %% {{Host, Port}, HandlerPid}
+	  id, 
+
+	  %% true | false
+	  client_close, 
+
+	  %% http (HTTP/TCP) | https (HTTP/SSL/TCP)
+	  scheme, 
+
+	  %% Open socket, used by connection
+	  socket, 
+	  
+	  %% socket-type, used by connection
+	  socket_type,
+
+	  %% Current length of pipeline or keep-alive queue  
+	  queue_length = 1, 
+
+	  %% pipeline | keep_alive (wait for response before sending new request) 
+	  type, 
+
+	  %% true | false
+	  %% This will be true, when a response has been received for 
+	  %% the first request. See type above.
+	  available = false
 	 }).
 
+
 -record(http_cookie,
 	{
 	  domain,
diff --git a/lib/inets/src/http_client/httpc_manager.erl b/lib/inets/src/http_client/httpc_manager.erl
index ab575d867e..453081da21 100644
--- a/lib/inets/src/http_client/httpc_manager.erl
+++ b/lib/inets/src/http_client/httpc_manager.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2012. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -34,10 +34,11 @@
 	 retry_request/2, 
 	 redirect_request/2,
 	 insert_session/2, 
+	 update_session/4, 
 	 delete_session/2, 
 	 set_options/2, 
 	 store_cookies/3,
-	 which_cookies/1, which_cookies/2, 
+	 which_cookies/1, which_cookies/2, which_cookies/3, 
 	 reset_cookies/1, 
 	 session_type/1,
 	 info/1
@@ -193,6 +194,27 @@ insert_session(Session, ProfileName) ->
 
 
 %%--------------------------------------------------------------------
+%% Function: update_session(ProfileName, SessionId, Pos, Value) -> _
+%%	Session - #session{}
+%%      ProfileName - atom()
+%%
+%% Description: Update, only one field (Pos) of the session record
+%%              identified by the SessionId, the session information 
+%%              of the httpc manager table <ProfileName>_session_db. 
+%%              Intended to be called by the httpc request handler process.
+%%--------------------------------------------------------------------
+
+update_session(ProfileName, SessionId, Pos, Value) ->
+    SessionDbName = session_db_name(ProfileName), 
+    ?hcrt("update session", 
+	  [{id,      SessionId}, 
+	   {pos,     Pos}, 
+	   {value,   Value}, 
+	   {profile, ProfileName}]),
+    ets:update_element(SessionDbName, SessionId, {Pos, Value}).
+
+
+%%--------------------------------------------------------------------
 %% Function: delete_session(SessionId, ProfileName) -> _
 %%	SessionId -  {{Host, Port}, HandlerPid}
 %%      ProfileName - atom()
@@ -271,9 +293,11 @@ reset_cookies(ProfileName) ->
 
 which_cookies(ProfileName) when is_atom(ProfileName) ->
     call(ProfileName, which_cookies).
+
 which_cookies(Url, ProfileName) 
   when is_list(Url) andalso is_atom(ProfileName) ->
-    call(ProfileName, {which_cookies, Url, []}).
+    which_cookies(Url, [], ProfileName).
+
 which_cookies(Url, Options, ProfileName) 
   when is_list(Url) andalso is_list(Options) andalso is_atom(ProfileName) ->
     call(ProfileName, {which_cookies, Url, Options}).
@@ -557,9 +581,70 @@ terminate(_, State) ->
 %% Func: code_change(_OldVsn, State, Extra) -> {ok, NewState}
 %% Purpose: Convert process state when code is changed
 %%--------------------------------------------------------------------
-code_change(_OldVsn, State, _Extra) ->
+code_change(_, 
+	    #state{session_db = SessionDB} = State, 
+	    upgrade_from_pre_5_8_1) ->
+    Upgrade = 
+	fun({session, 
+	     Id, ClientClose, Scheme, Socket, SocketType, QueueLen, Type}) ->
+		{ok, #session{id           = Id, 
+			      client_close = ClientClose, 
+			      scheme       = Scheme, 
+			      socket       = Socket, 
+			      socket_type  = SocketType,
+			      queue_length = QueueLen, 
+			      type         = Type}};
+	   (_) -> % Already upgraded (by handler)
+		ignore
+	end,
+    (catch update_session_table(SessionDB, Upgrade)),
+    {ok, State};
+
+code_change(_, 
+	    #state{session_db = SessionDB} = State, 
+	    downgrade_to_pre_5_8_1) ->
+    Downgrade = 
+	fun(#session{id           = Id, 
+		     client_close = ClientClose, 
+		     scheme       = Scheme, 
+		     socket       = Socket, 
+		     socket_type  = SocketType,
+		     queue_length = QueueLen, 
+		     type         = Type}) ->
+		{ok, {session, 
+		      Id, ClientClose, Scheme, Socket, SocketType, 
+		      QueueLen, Type}};
+	   (_) -> % Already downgraded (by handler)
+		ignore
+	end,
+    (catch update_session_table(SessionDB, Downgrade)),
+    {ok, State};
+
+code_change(_, State, _) ->
     {ok, State}.
 
+%% This function is to catch everything that calls through the cracks...
+update_session_table(SessionDB, Transform) ->
+    ets:safe_fixtable(SessionDB, true),
+    update_session_table(SessionDB, ets:first(SessionDB), Transform),
+    ets:safe_fixtable(SessionDB, false).
+
+update_session_table(_SessionDB, '$end_of_table', _Transform) ->
+    ok;
+update_session_table(SessionDB, Key, Transform) ->
+    case ets:lookup(SessionDB, Key) of
+	[OldSession] ->
+	    case Transform(OldSession) of
+		{ok, NewSession} -> 
+		    ets:insert(SessionDB, NewSession);
+		ignore ->
+		    ok
+	    end;
+	_ ->
+	    ok
+    end,
+    update_session_table(SessionDB, ets:next(SessionDB, Key), Transform).
+
 
 %%--------------------------------------------------------------------
 %% Internal functions
@@ -688,6 +773,7 @@ select_session(Method, HostPort, Scheme, SessionType,
 			       scheme       = Scheme,
 			       queue_length = '$2',
 			       type         = SessionType,
+			       available    = true, 
 			       _            = '_'},
 	    %% {'_', {HostPort, '$1'}, false, Scheme, '_', '$2', SessionTyp}, 
 	    Candidates = ets:match(SessionDb, Pattern), 
@@ -725,7 +811,7 @@ pipeline_or_keep_alive(Request, HandlerPid, State) ->
 	    ets:insert(State#state.handler_db, {Request#request.id,
 						HandlerPid,
 						Request#request.from});
-	_  -> %timeout pipelining failed
+	_  -> % timeout pipelining failed
 	    start_handler(Request, State)
     end.
 
diff --git a/lib/inets/src/http_client/httpc_response.erl b/lib/inets/src/http_client/httpc_response.erl
index 2414ed0911..919115a23a 100644
--- a/lib/inets/src/http_client/httpc_response.erl
+++ b/lib/inets/src/http_client/httpc_response.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/inets/src/http_server/httpd_acceptor.erl b/lib/inets/src/http_server/httpd_acceptor.erl
index bcebb6a9e3..08ee9ee0d0 100644
--- a/lib/inets/src/http_server/httpd_acceptor.erl
+++ b/lib/inets/src/http_server/httpd_acceptor.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -139,11 +139,11 @@ acceptor_loop(Manager, SocketType, ListenSocket, ConfigDb, AcceptTimeout) ->
 	    handle_error(Reason, ConfigDb),
 	    ?MODULE:acceptor_loop(Manager, SocketType, ListenSocket, 
 				  ConfigDb, AcceptTimeout);
-	{'EXIT', _Reason} = EXIT ->
-	    ?hdri("accept exited", [{reason, _Reason}]),
-	    handle_error(EXIT, ConfigDb),
-	    ?MODULE:acceptor_loop(Manager, SocketType, ListenSocket, 
-				  ConfigDb, AcceptTimeout)
+	{'EXIT', Reason} ->
+	    ?hdri("accept exited", [{reason, Reason}]),
+	    ReasonString = 
+		lists:flatten(io_lib:format("Accept exit: ~p", [Reason])),
+	    accept_failed(ConfigDb, ReasonString)
     end.
 
 
@@ -189,15 +189,13 @@ handle_error(esslaccept, _) ->
     %% not write an error message.
     ok;
 
-handle_error({'EXIT', Reason}, ConfigDb) ->
-    String = lists:flatten(io_lib:format("Accept exit: ~p", [Reason])),
-    accept_failed(ConfigDb, String);
-
 handle_error(Reason, ConfigDb) ->
     String = lists:flatten(io_lib:format("Accept error: ~p", [Reason])),
     accept_failed(ConfigDb, String).
 
--spec accept_failed(_, string()) -> no_return(). 
+
+-spec accept_failed(ConfigDB     :: term(), 
+		    ReasonString :: string()) -> no_return(). 
 
 accept_failed(ConfigDb, String) ->
     error_logger:error_report(String),
diff --git a/lib/inets/src/http_server/httpd_log.erl b/lib/inets/src/http_server/httpd_log.erl
index db1e2c627a..60ab326a20 100644
--- a/lib/inets/src/http_server/httpd_log.erl
+++ b/lib/inets/src/http_server/httpd_log.erl
@@ -24,68 +24,110 @@
 -export([access_entry/8, error_entry/5, error_report_entry/5, 
 	 security_entry/5]).
 
+
 %%%=========================================================================
 %%%  Internal Application API 
 %%%=========================================================================
-access_entry(Log, NoLog, Info, RFC931, AuthUser, Date, StatusCode, Bytes) ->
-    ConfigDB = Info#mod.config_db,
-    case httpd_util:lookup(ConfigDB, Log) of
-	undefined ->
-	    NoLog;
-	LogRef ->
-	    {_, RemoteHost}
-		= (Info#mod.init_data)#init_data.peername,
-	    RequestLine = Info#mod.request_line,
-	    Headers =  Info#mod.parsed_header,
-	    Entry = do_access_entry(ConfigDB, Headers, RequestLine, 
-				    RemoteHost, RFC931, AuthUser,
-				    Date, StatusCode, Bytes),
-	    {LogRef, Entry}
-    end.
 
-error_entry(Log, NoLog, Info, Date, Reason) ->
-    ConfigDB = Info#mod.config_db,
-    case httpd_util:lookup(ConfigDB, Log) of
-	undefined ->
-	    NoLog;
-	LogRef ->
-	    {_, RemoteHost} =
-		(Info#mod.init_data)#init_data.peername,
-	    URI = Info#mod.request_uri,
-	    Entry = do_error_entry(ConfigDB, RemoteHost, URI, Date, Reason), 
-	    {LogRef, Entry}
-    end.
+-spec access_entry(Log        :: term(), % Id of the log
+		   NoLog      :: term(), % What to return when no log is found
+		   Info       :: #mod{},
+		   RFC931     :: string(),
+		   AuthUser   :: string(), 
+		   Date       :: string(), 
+		   StatusCode :: pos_integer(),
+		   Size       :: pos_integer() | string()) ->
+    {Log :: atom() | pid(), Entry :: string()}.
+
+access_entry(Log, NoLog, Info, RFC931, AuthUser, Date, StatusCode, SizeStr) 
+  when is_list(SizeStr) ->
+    Size = 
+	case (catch list_to_integer(SizeStr)) of
+	    I when is_integer(I) ->
+		I;
+	    _ ->
+		SizeStr % This is better then nothing
+	end,
+    access_entry(Log, NoLog, Info, RFC931, AuthUser, Date, StatusCode, Size);
+access_entry(Log, NoLog, 
+	     #mod{config_db     = ConfigDB, 
+		  init_data     = #init_data{peername = {_, RemoteHost}}, 
+		  request_line  = RequestLine,
+		  parsed_header = Headers}, 
+	     RFC931, AuthUser, Date, StatusCode, Size) ->
+    MakeEntry = 
+	fun() ->
+		do_access_entry(ConfigDB, Headers, RequestLine, 
+				RemoteHost, RFC931, AuthUser,
+				Date, StatusCode, Size)
+	end,
+    log_entry(Log, NoLog, ConfigDB, MakeEntry).
+
+
+-spec error_entry(Log    :: term(), % Id of the log
+		  NoLog  :: term(), % What to return when no log is found
+		  Info   :: #mod{},
+		  Date   :: string(), 
+		  Reason :: term()) ->
+    {Log :: atom() | pid(), Entry :: string()}.
+
+error_entry(Log, NoLog, 
+	    #mod{config_db   = ConfigDB,
+		 init_data   = #init_data{peername = {_, RemoteHost}}, 
+		 request_uri = URI}, Date, Reason) ->
+    MakeEntry = 
+	fun() ->
+		do_error_entry(ConfigDB, RemoteHost, URI, Date, Reason)	
+	end,
+    log_entry(Log, NoLog, ConfigDB, MakeEntry).
+
+
+-spec error_report_entry(Log      :: term(), 
+			 NoLog    :: term(), 
+			 ConfigDB :: term(),
+			 Date     :: string(), 
+			 ErrroStr :: string()) ->
+    {Log :: atom() | pid(), Entry :: string()}.
 
 error_report_entry(Log, NoLog, ConfigDb, Date, ErrorStr) ->
-    case httpd_util:lookup(ConfigDb, Log) of
-	undefined ->
-	    NoLog;
-	LogRef ->
-	     Entry = io_lib:format("[~s], ~s~n", [Date, ErrorStr]),
-	     {LogRef, Entry}
-     end.
+    MakeEntry = fun() -> io_lib:format("[~s], ~s~n", [Date, ErrorStr]) end,
+    log_entry(Log, NoLog, ConfigDb, MakeEntry).
+
 
-security_entry(Log, NoLog, #mod{config_db = ConfigDb}, Date, Reason) ->
+-spec security_entry(Log      :: term(), 
+		     NoLog    :: term(), 
+		     ConfigDB :: term(),
+		     Date     :: string(), 
+		     Reason   :: term()) ->
+    {Log :: atom() | pid(), Entry :: string()}.
+
+security_entry(Log, NoLog, #mod{config_db = ConfigDB}, Date, Reason) ->
+    MakeEntry = fun() -> io_lib:format("[~s] ~s~n", [Date, Reason]) end,
+    log_entry(Log, NoLog, ConfigDB, MakeEntry).
+
+
+log_entry(Log, NoLog, ConfigDb, MakeEntry) when is_function(MakeEntry) ->
     case httpd_util:lookup(ConfigDb, Log) of
 	undefined ->
 	    NoLog;
 	LogRef ->
-	    Entry = io_lib:format("[~s] ~s~n", [Date, Reason]),
-	    {LogRef, Entry}
+	    {LogRef, MakeEntry()}
     end.
-
+   
+    
 %%%========================================================================
 %%% Internal functions
 %%%========================================================================
+
 do_access_entry(ConfigDB, Headers, RequestLine,
-	     RemoteHost, RFC931, AuthUser, Date, StatusCode,
-	     Bytes) ->
+		RemoteHost, RFC931, AuthUser, Date, StatusCode,
+		Size) ->
     case httpd_util:lookup(ConfigDB, log_format, common) of
 	common ->
 	    lists:flatten(io_lib:format("~s ~s ~s [~s] \"~s\" ~w ~w~n",
 			  [RemoteHost, RFC931, AuthUser, Date,
 			   RequestLine, 
-			   StatusCode, Bytes]));
+			   StatusCode, Size]));
 	combined ->
 	    Referer = 
 		proplists:get_value("referer", Headers, "-"),
@@ -94,7 +136,7 @@ do_access_entry(ConfigDB, Headers, RequestLine,
 				    Headers, "-"),
 	    io_lib:format("~s ~s ~s [~s] \"~s\" ~w ~w ~s ~s~n",
 			  [RemoteHost, RFC931, AuthUser, Date,
-			   RequestLine, StatusCode, Bytes, 
+			   RequestLine, StatusCode, Size, 
 			   Referer, UserAgent])
     end.
 
diff --git a/lib/inets/src/http_server/httpd_request_handler.erl b/lib/inets/src/http_server/httpd_request_handler.erl
index d2f22fce93..b62c10bbc7 100644
--- a/lib/inets/src/http_server/httpd_request_handler.erl
+++ b/lib/inets/src/http_server/httpd_request_handler.erl
@@ -162,7 +162,14 @@ continue_init(Manager, ConfigDB, SocketType, Socket, TimeOut) ->
 %%                                      {stop, Reason, State}
 %% Description: Handling call messages
 %%--------------------------------------------------------------------
-handle_call(Request, From, State) ->
+handle_call(Request, From, #state{mod = ModData} = State) ->
+    Error = 
+	lists:flatten(
+	  io_lib:format("Unexpected request: "
+			"~n~p"
+			"~nto request handler (~p) from ~p"
+			"~n", [Request, self(), From])),
+    error_log(Error, ModData),
     {stop, {call_api_violation, Request, From}, State}.
 
 %%--------------------------------------------------------------------
@@ -171,8 +178,15 @@ handle_call(Request, From, State) ->
 %%                                      {stop, Reason, State}
 %% Description: Handling cast messages
 %%--------------------------------------------------------------------
-handle_cast(Msg, State) ->
-    {reply, {cast_api_violation, Msg}, State}.
+handle_cast(Msg, #state{mod = ModData} = State) ->
+    Error = 
+	lists:flatten(
+	  io_lib:format("Unexpected message: "
+			"~n~p"
+			"~nto request handler (~p)"
+			"~n", [Msg, self()])),
+    error_log(Error, ModData),
+    {noreply, State}.
 
 %%--------------------------------------------------------------------
 %% handle_info(Info, State) -> {noreply, State} |
@@ -253,7 +267,10 @@ handle_info(timeout, #state{mod = ModData} = State) ->
 %% Default case
 handle_info(Info, #state{mod = ModData} = State) ->
     Error = lists:flatten(
-	      io_lib:format("Unexpected message received: ~n~p~n", [Info])),
+	      io_lib:format("Unexpected info: "
+			    "~n~p"
+			    "~nto request handler (~p)"
+			    "~n", [Info, self()])),
     error_log(Error, ModData),
     {noreply, State}.
 
diff --git a/lib/inets/src/http_server/mod_log.erl b/lib/inets/src/http_server/mod_log.erl
index 62faa285df..a912f5616c 100644
--- a/lib/inets/src/http_server/mod_log.erl
+++ b/lib/inets/src/http_server/mod_log.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/inets/src/http_server/mod_responsecontrol.erl b/lib/inets/src/http_server/mod_responsecontrol.erl
index 989f45db20..6af5f6211e 100644
--- a/lib/inets/src/http_server/mod_responsecontrol.erl
+++ b/lib/inets/src/http_server/mod_responsecontrol.erl
@@ -211,7 +211,7 @@ compare_etags(Tag,Etags) ->
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%                                                                  %%
-%% Control if the file is modificated                               %%
+%% Control if the file is modified                                  %%
 %%                                                                  %%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%	    
 
diff --git a/lib/inets/src/inets_app/Makefile b/lib/inets/src/inets_app/Makefile
index 63ab0a5bae..d99e33b4ea 100644
--- a/lib/inets/src/inets_app/Makefile
+++ b/lib/inets/src/inets_app/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2005-2010. All Rights Reserved.
+# Copyright Ericsson AB 2005-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/inets/src/inets_app/inets.app.src b/lib/inets/src/inets_app/inets.app.src
index 4d0defb329..1db7ed2c30 100644
--- a/lib/inets/src/inets_app/inets.app.src
+++ b/lib/inets/src/inets_app/inets.app.src
@@ -1,7 +1,7 @@
 %% This is an -*- erlang -*- file.
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/inets/src/inets_app/inets.appup.src b/lib/inets/src/inets_app/inets.appup.src
index 779dd8e439..e80cb2a23b 100644
--- a/lib/inets/src/inets_app/inets.appup.src
+++ b/lib/inets/src/inets_app/inets.appup.src
@@ -1,7 +1,7 @@
 %% This is an -*- erlang -*- file.
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -18,6 +18,15 @@
 
 {"%VSN%",
  [
+  {"5.8",
+   [
+    {load_module, ftp, soft_purge, soft_purge, []}, 
+    {update, httpc_handler, {advanced, upgrade_from_pre_5_8_1}, 
+     soft_purge, soft_purge, []}, 
+    {update, httpc_manager, {advanced, upgrade_from_pre_5_8_1}, 
+     soft_purge, soft_purge, [httpc_handler]}
+   ]
+  }, 
   {"5.7.2", 
    [
     {restart_application, inets}
@@ -40,6 +49,15 @@
   } 
  ],
  [
+  {"5.8",
+   [
+    {load_module, ftp, soft_purge, soft_purge, []}, 
+    {update, httpc_handler, {advanced, upgrade_from_pre_5_8_1}, 
+     soft_purge, soft_purge, []}, 
+    {update, httpc_manager, {advanced, upgrade_from_pre_5_8_1}, 
+     soft_purge, soft_purge, [httpc_handler]}
+   ]
+  }, 
   {"5.7.2", 
    [
     {restart_application, inets}
diff --git a/lib/inets/src/inets_app/inets.mk b/lib/inets/src/inets_app/inets.mk
index 35fb0d7eca..194b4ca2b1 100644
--- a/lib/inets/src/inets_app/inets.mk
+++ b/lib/inets/src/inets_app/inets.mk
@@ -2,7 +2,7 @@
 
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2010. All Rights Reserved.
+# Copyright Ericsson AB 2010-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/inets/src/tftp/tftp.erl b/lib/inets/src/tftp/tftp.erl
index 8d8fce388d..0d7ae1a89e 100644
--- a/lib/inets/src/tftp/tftp.erl
+++ b/lib/inets/src/tftp/tftp.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2005-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/inets/test/httpc_SUITE.erl b/lib/inets/test/httpc_SUITE.erl
index d86e52f3d5..881266b70a 100644
--- a/lib/inets/test/httpc_SUITE.erl
+++ b/lib/inets/test/httpc_SUITE.erl
@@ -90,6 +90,7 @@ all() ->
      parse_url, 
      options,
      headers_as_is, 
+     selecting_session, 
      {group, proxy}, 
      {group, ssl}, 
      {group, stream}, 
@@ -145,14 +146,6 @@ groups() ->
     ].
 
 
-
-init_per_group(_GroupName, Config) ->
-    Config.
-
-end_per_group(_GroupName, Config) ->
-    Config.
-
-
 %%--------------------------------------------------------------------
 %% Function: init_per_suite(Config) -> Config
 %% Config - [tuple()]
@@ -226,9 +219,7 @@ init_per_testcase(initial_server_connect = Case, Config) ->
     %% this test case does not work unless it does
     try 
 	begin
-	    ensure_started(crypto),
-	    ensure_started(public_key),
-	    ensure_started(ssl),
+	    ?ENSURE_STARTED([crypto, public_key, ssl]),
 	    inets:start(),
 	    Config
 	end
@@ -262,15 +253,17 @@ init_per_testcase(Case, Timeout, Config) ->
 
     %% inets:enable_trace(max, io, httpd),
     %% inets:enable_trace(max, io, httpc),
-    inets:enable_trace(max, io, all),
+    %% inets:enable_trace(max, io, all),
 
     NewConfig = 
 	case atom_to_list(Case) of
 	    [$s, $s, $l | _] ->
+		?ENSURE_STARTED([crypto, public_key, ssl]), 
 		init_per_testcase_ssl(ssl, PrivDir, SslConfFile, 
 				      [{watchdog, Dog} | TmpConfig]);
 
 	    [$e, $s, $s, $l | _] ->
+		?ENSURE_STARTED([crypto, public_key, ssl]), 
 		init_per_testcase_ssl(essl, PrivDir, SslConfFile, 
 				      [{watchdog, Dog} | TmpConfig]);
 
@@ -282,7 +275,7 @@ init_per_testcase(Case, Timeout, Config) ->
 			inets:start(),
 			tsp("init_per_testcase -> "
 			    "[proxy case] start crypto, public_key and ssl"),
-			try ensure_started([crypto, public_key, ssl]) of
+			try ?ENSURE_STARTED([crypto, public_key, ssl]) of
 			    ok ->
 				[{watchdog, Dog} | TmpConfig]
 			catch 
@@ -335,8 +328,8 @@ init_per_testcase(Case, Timeout, Config) ->
 		end;
 
 	    "ipv6_" ++ _Rest ->
-		%% Ensure needed apps (crypto, public_key and ssl) started
-		try ensure_started([crypto, public_key, ssl]) of
+		%% Ensure needed apps (crypto, public_key and ssl) are started
+		try ?ENSURE_STARTED([crypto, public_key, ssl]) of
 		    ok ->
 			Profile = ipv6, 
 			%% A stand-alone profile is represented by a pid()
@@ -370,7 +363,7 @@ init_per_testcase(Case, Timeout, Config) ->
     
     %% This will fail for the ipv6_ - cases (but that is ok)
     ProxyExceptions = ["localhost", ?IPV6_LOCAL_HOST], 
-    http:set_options([{proxy, {{?PROXY, ?PROXY_PORT}, ProxyExceptions}}]),
+    httpc:set_options([{proxy, {{?PROXY, ?PROXY_PORT}, ProxyExceptions}}]),
     inets:enable_trace(max, io, httpc),
     %% inets:enable_trace(max, io, all),
     %% snmp:set_trace([gen_tcp]),
@@ -1773,6 +1766,7 @@ http_stream(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
+
 http_stream_once(doc) ->
     ["Test the option stream for asynchrony requests"];
 http_stream_once(suite) ->
@@ -1780,12 +1774,12 @@ http_stream_once(suite) ->
 http_stream_once(Config) when is_list(Config) ->
     p("http_stream_once -> entry with"
       "~n   Config: ~p", [Config]),
-      
+
     p("http_stream_once -> set ipfamily to inet", []),
     ok = httpc:set_options([{ipfamily, inet}]),
     p("http_stream_once -> start dummy server", []),
     {DummyServerPid, Port} = dummy_server(ipv4),    
-    
+
     PortStr =  integer_to_list(Port),
     p("http_stream_once -> once", []),
     once(?URL_START ++ PortStr ++ "/once.html"),
@@ -1793,14 +1787,14 @@ http_stream_once(Config) when is_list(Config) ->
     once(?URL_START ++ PortStr ++ "/once_chunked.html"),
     p("http_stream_once -> dummy", []),
     once(?URL_START ++ PortStr ++ "/dummy.html"),
-    
+
     p("http_stream_once -> stop dummy server", []),
     DummyServerPid ! stop,
     p("http_stream_once -> set ipfamily to inet6fb4", []),
     ok = httpc:set_options([{ipfamily, inet6fb4}]), 
     p("http_stream_once -> done", []),
     ok.
-  
+
 once(URL) ->
     p("once -> issue sync request for ~p", [URL]),
     {ok, {{_,200,_}, [_ | _], Body}} = 
@@ -2009,6 +2003,7 @@ ipv6(SocketType, Scheme, HTTPOptions, Extra, Config) ->
 
 
 %%-------------------------------------------------------------------------
+
 headers_as_is(doc) ->
     ["Test the option headers_as_is"];
 headers_as_is(suite) ->
@@ -2026,6 +2021,321 @@ headers_as_is(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
+
+selecting_session(doc) ->
+    ["Test selection of sessions - OTP-9847"];
+selecting_session(suite) ->
+    [];
+selecting_session(Config) when is_list(Config) ->
+    tsp("selecting_session -> entry with"
+	"~n   Config: ~p", [Config]),
+
+    tsp("selecting_session -> set ipfamily to inet"),
+    ok = httpc:set_options([{ipfamily, inet}]),
+
+    tsp("selecting_session -> start server"),
+    {ServerPid, Port} = otp_9847_server(),    
+
+    PortStr = integer_to_list(Port),
+    URL     = ?URL_START ++ PortStr ++ "/index.html",
+     
+    tsp("selecting_session -> issue the first batch (three) requests"),
+    lists:foreach(fun(P) -> 
+			  tsp("selecting_session:fun1 -> "
+			      "send stop request to ~p", [P]),
+			  P ! stop 
+		  end, 
+		  reqs(URL, ServerPid, 3, 3, false)),
+    tsp("selecting_session -> sleep some (1) to make sure nothing lingers"),
+    ?SLEEP(5000),
+    tsp("selecting_session -> "
+	"instruct the server to reply to the first request"),
+    ServerPid ! {answer, true}, 
+    receive
+	{answer, true} ->
+	    tsp("selecting_session -> "
+		"received ack from server to reply to the first request"),
+	    ok
+    end,
+    tsp("selecting_session -> issue the second batch (four) requests"),
+    lists:foreach(fun(P) -> 
+			  tsp("selecting_session:fun2 -> "
+			      "send stop request to ~p", [P]),
+			  P ! stop 
+		  end, 
+		  reqs(URL, ServerPid, 4, 1, true)),
+    tsp("selecting_session -> sleep some (2) to make sure nothing lingers"),
+    ?SLEEP(5000),
+
+    tsp("selecting_session -> stop server"),
+    ServerPid ! stop,
+    tsp("selecting_session -> set ipfamily (back) to inet6fb4"),
+    ok = httpc:set_options([{ipfamily, inet6fb4}]), 
+    tsp("selecting_session -> done"),
+    ok.
+
+reqs(URL, ServerPid, NumReqs, NumHandlers, InitialSync) ->
+    tsp("reqs -> entry with"
+	"~n   URL:         ~p"
+	"~n   ServerPid:   ~w"
+	"~n   NumReqs:     ~w"
+	"~n   NumHandlers: ~w"
+	"~n   InitialSync: ~w", 
+	[URL, ServerPid, NumReqs, NumHandlers, InitialSync]),
+    Handlers = reqs2(URL, NumReqs, [], InitialSync),
+    tsp("reqs -> "
+	"~n   Handlers: ~w", [Handlers]),
+    case length(Handlers) of
+	NumHandlers ->
+	    tsp("reqs -> "
+		"~n   NumHandlers: ~w", [NumHandlers]),
+	    ServerPid ! num_handlers, 
+	    receive
+		{num_handlers, NumHandlers} ->
+		    tsp("reqs -> received num_handlers with"
+			"~n   NumHandlers: ~w", [NumHandlers]),
+		    Handlers;
+		{num_handlers, WrongNumHandlers} ->
+		    tsp("reqs -> received num_handlers with"
+			"~n   WrongNumHandlers: ~w", [WrongNumHandlers]),
+		    exit({wrong_num_handlers1, WrongNumHandlers, NumHandlers})
+	    end;
+	WrongNumHandlers ->
+	    tsp("reqs -> "
+		"~n   WrongNumHandlers: ~w", [WrongNumHandlers]),
+	    exit({wrong_num_handlers2, WrongNumHandlers, NumHandlers})
+    end.
+	    
+
+reqs2(_URL, 0, Acc, _Sync) ->
+    lists:reverse(Acc);
+reqs2(URL, Num, Acc, Sync) ->
+    tsp("reqs2 -> entry with"
+	"~n   Num:  ~w"
+	"~n   Sync: ~w", [Num, Sync]),
+    case httpc:request(get, {URL, []}, [], [{sync, Sync}]) of
+	{ok, _Reply} ->
+	    tsp("reqs2 -> successful request: ~p", [_Reply]),
+	    receive
+		{handler, Handler, _Manager} ->
+		    %% This is when a new handler is created
+		    tsp("reqs2 -> received handler: ~p", [Handler]),
+		    case lists:member(Handler, Acc) of
+			true ->
+			    tsp("reqs2 -> duplicate handler"),
+			    exit({duplicate_handler, Handler, Num, Acc});
+			false ->
+			    tsp("reqs2 -> wait for data ack"),
+			    receive
+				{data_received, Handler} ->
+				    tsp("reqs2 -> "
+					"received data ack from ~p", [Handler]),
+				    case Sync of
+					true ->
+					    reqs2(URL, Num-1, [Handler|Acc], 
+						  false);
+					false ->
+					    reqs2(URL, Num-1, [Handler|Acc], 
+						  Sync)
+				    end
+			    end
+		    end;
+
+		{data_received, Handler} ->
+		    tsp("reqs2 -> "
+			"received data ack from ~p", [Handler]),
+		    reqs2(URL, Num-1, Acc, false)
+
+	    end;
+
+	{error, Reason} ->
+	    tsp("reqs2 -> request ~w failed: ~p", [Num, Reason]),
+	    exit({request_failed, Reason, Num, Acc})
+    end.
+
+otp_9847_server() ->
+    TC  = self(), 
+    Pid = spawn_link(fun() -> otp_9847_server_init(TC) end),
+    receive
+	{port, Port} ->
+	    {Pid, Port}
+    end.
+
+otp_9847_server_init(TC) ->
+    tsp("otp_9847_server_init -> entry with"
+	"~n   TC: ~p", [TC]),
+    {ok, ListenSocket} = 
+	gen_tcp:listen(0, [binary, inet, {packet, 0},
+			   {reuseaddr,true},
+			   {active, false}]),
+    tsp("otp_9847_server_init -> listen socket created: "
+	"~n   ListenSocket: ~p", [ListenSocket]),
+    {ok, Port} = inet:port(ListenSocket),
+    tsp("otp_9847_server_init -> Port: ~p", [Port]),
+    TC ! {port, Port},
+    otp_9847_server_main(TC, ListenSocket, false, []).
+
+otp_9847_server_main(TC, ListenSocket, Answer, Handlers) ->
+    tsp("otp_9847_server_main -> entry with"
+	"~n   TC:           ~p"
+	"~n   ListenSocket: ~p"
+	"~n   Answer:       ~p"
+	"~n   Handlers:     ~p", [TC, ListenSocket, Answer, Handlers]),
+    case gen_tcp:accept(ListenSocket, 1000) of
+	{ok, Sock} ->
+	    tsp("otp_9847_server_main -> accepted"
+		"~n   Sock: ~p", [Sock]),
+	    {Handler, Mon, Port} = otp_9847_handler(TC, Sock, Answer), 
+	    tsp("otp_9847_server_main -> handler ~p created for ~w", 
+		[Handler, Port]),
+	    gen_tcp:controlling_process(Sock, Handler),
+	    tsp("otp_9847_server_main -> control transfer"),
+	    Handler ! owner, 
+	    tsp("otp_9847_server_main -> "
+		"handler ~p informed of owner transfer", [Handler]),
+	    TC ! {handler, Handler, self()}, 
+	    tsp("otp_9847_server_main -> "
+		"TC ~p informed of handler ~p", [TC, Handler]),
+	    otp_9847_server_main(TC, ListenSocket, Answer, 
+				 [{Handler, Mon, Sock, Port}|Handlers]);
+
+	{error, timeout} ->
+	    tsp("otp_9847_server_main -> timeout"),
+	    receive 
+		{answer, true} ->
+		    tsp("otp_9847_server_main -> received answer request"),
+		    TC ! {answer, true}, 
+		    otp_9847_server_main(TC, ListenSocket, true, Handlers);
+
+		{'DOWN', _Mon, process, Pid, _Reason} ->
+		    %% Could be one of the handlers
+		    tsp("otp_9847_server_main -> received DOWN for ~p", [Pid]),
+		    otp_9847_server_main(TC, ListenSocket, Answer, 
+					 lists:keydelete(Pid, 1, Handlers));
+
+		num_handlers ->
+		    tsp("otp_9847_server_main -> "
+			"received request for number of handlers (~w)", 
+			[length(Handlers)]),
+		    TC ! {num_handlers, length(Handlers)}, 
+		    otp_9847_server_main(TC, ListenSocket, Answer, Handlers);
+
+		stop ->
+		    tsp("otp_9847_server_main -> received stop request"),
+		    %% Stop all handlers (just in case)
+		    Pids = [Handler || {Handler, _, _} <- Handlers], 
+		    lists:foreach(fun(Pid) -> Pid ! stop end, Pids),
+		    exit(normal);
+
+		Any ->
+		    tsp("otp_9847_server_main -> received"
+			"~n   Any: ~p", [Any]),
+		    exit({crap, Any})
+
+	    after 0 ->
+		    tsp("otp_9847_server_main -> nothing in queue"),
+		    otp_9847_server_main(TC, ListenSocket, Answer, Handlers)
+	    end;
+
+	Error ->
+	    exit(Error)
+    end.
+
+
+otp_9847_handler(TC, Sock, Answer) ->
+    tsp("otp_9847_handler -> entry with"
+	"~n   TC:     ~p" 
+	"~n   Sock:   ~p" 
+	"~n   Answer: ~p", [TC, Sock, Answer]),
+    Self = self(), 
+    {Pid, Mon} = 
+	spawn_opt(fun() -> 
+			  otp_9847_handler_init(TC, Self, Sock, Answer) 
+		  end, 
+		  [monitor]),
+    receive
+	{port, Port} ->
+	    tsp("otp_9847_handler -> received port message (from ~p)"
+		"~n   Port: ~p", [Pid, Port]),
+	    {Pid, Mon, Port}
+    end.
+    
+
+otp_9847_handler_init(TC, Server, Sock, Answer) ->
+    tsp("otp_9847_handler_init -> entry with"
+	"~n   TC:     ~p" 
+	"~n   Server: ~p" 
+	"~n   Sock:   ~p" 
+	"~n   Answer: ~p", [TC, Server, Sock, Answer]),
+    {ok, Port} = inet:port(Sock),
+    Server ! {port, Port},
+    receive 
+	owner ->
+	    tsp("otp_9847_handler_init -> "
+		"received owner message - activate socket"),
+	    inet:setopts(Sock, [{active, true}]),
+	    otp_9847_handler_main(TC, Server, Sock, Answer, [?HTTP_MAX_HEADER_SIZE])
+    end.
+    
+otp_9847_handler_main(TC, Server, Sock, Answer, ParseArgs) ->
+    tsp("otp_9847_handler_main -> entry with"
+	"~n   TC:        ~p" 
+	"~n   Server:    ~p" 
+	"~n   Sock:      ~p" 
+	"~n   Answer:    ~p"
+	"~n   ParseArgs: ~p", [TC, Server, Sock, Answer, ParseArgs]),
+    receive
+	stop ->
+	    tsp("otp_9847_handler_main -> received stop request"),
+	    exit(normal);
+
+	{tcp, Sock, _Data} when Answer =:= false ->
+	    tsp("otp_9847_handler_main -> received tcp data - no answer"),
+	    TC ! {data_received, self()}, 
+	    inet:setopts(Sock, [{active, true}]),
+	    %% Ignore all data
+	    otp_9847_handler_main(TC, Server, Sock, Answer, ParseArgs);
+
+	{tcp, Sock, Data} when Answer =:= true ->
+	    tsp("otp_9847_handler_main -> received tcp data - answer"),
+	    TC ! {data_received, self()}, 
+	    inet:setopts(Sock, [{active, true}]),
+	    NewParseArgs = otp_9847_handler_request(Sock, [Data|ParseArgs]), 
+	    otp_9847_handler_main(TC, Server, Sock, Answer, NewParseArgs);
+
+	{tcp_closed, Sock} ->
+	    tsp("otp_9847_handler_main -> received tcp socket closed"),
+	    exit(normal);
+
+	{tcp_error, Sock, Reason} ->
+	    tsp("otp_9847_handler_main -> socket error: ~p", [Reason]),
+	    (catch gen_tcp:close(Sock)),
+	    exit(normal)
+
+    %% after 30000 ->
+    %% 	    gen_tcp:close(Sock),
+    %% 	    exit(normal)
+    end.
+    
+otp_9847_handler_request(Sock, Args) ->
+    Msg = 
+	case httpd_request:parse(Args) of
+	    {ok, {_, "/index.html" = _RelUrl, _, _, _}} ->
+		B = 
+		    "<HTML><BODY>" ++ 
+		    "...some body part..." ++ 
+		    "</BODY></HTML>", 
+		Len = integer_to_list(length(B)), 
+		"HTTP/1.1 200 ok\r\n" ++
+		    "Content-Length:" ++ Len ++ "\r\n\r\n" ++ B
+	end,
+    gen_tcp:send(Sock, Msg),
+    [?HTTP_MAX_HEADER_SIZE].
+	    
+
+
+%%-------------------------------------------------------------------------
+
 options(doc) ->
     ["Test the option parameters."];
 options(suite) ->
@@ -2050,6 +2360,7 @@ options(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
+
 http_invalid_http(doc) ->
     ["Test parse error"];
 http_invalid_http(suite) ->
@@ -2863,6 +3174,7 @@ otp_8739_dummy_server_main(_Parent, ListenSocket) ->
 	    exit(Error)
     end.
 
+
 %%-------------------------------------------------------------------------
 
 initial_server_connect(doc) ->
@@ -3553,21 +3865,5 @@ dummy_ssl_server_hang_loop(_) ->
     end.
 
 
-ensure_started([]) ->
-    ok;
-ensure_started([App|Apps]) ->
-    ensure_started(App),
-    ensure_started(Apps);
-ensure_started(App) when is_atom(App) ->
-    case (catch application:start(App)) of
-	ok ->
-	    ok;
-	{error, {already_started, _}} ->
-	    ok;
-	Error ->
-	    throw({error, {failed_starting, App, Error}})
-    end.
-
-
 skip(Reason) ->
     {skip, Reason}.
diff --git a/lib/inets/test/httpd_SUITE.erl b/lib/inets/test/httpd_SUITE.erl
index ba31788ccc..a4bb8f7159 100644
--- a/lib/inets/test/httpd_SUITE.erl
+++ b/lib/inets/test/httpd_SUITE.erl
@@ -497,6 +497,7 @@ init_per_testcase2(Case, Config) ->
 		    _ ->
 			NewConfig
 		end;
+
 	    _ ->
 		NewConfig
 	end,
@@ -528,7 +529,7 @@ init_per_testcase3(Case, Config) ->
     application:stop(ssl),
     cleanup_mnesia(),
 
-    %% Set trace
+    %% Set trace level
     case lists:reverse(atom_to_list(Case)) of
 	"tset_emit" ++ _Rest -> % test-cases ending with time_test
 	    io:format(user, "~w:init_per_testcase3(~w) -> disabling trace", 
@@ -581,9 +582,10 @@ init_per_testcase3(Case, Config) ->
 		Rest;
 
 	    [X, $s, $s, $l, $_, $m, $o, $d, $_, $h, $t, $a, $c, $c, $e, $s, $s] ->
+		?ENSURE_STARTED([crypto, public_key, ssl]),		
 		SslTag = 
 		    case X of
-			$p -> ssl;  % plain
+			$p -> ssl;  % Plain
 			$e -> essl  % Erlang based ssl
 		    end,
 		case inets_test_lib:start_http_server_ssl(
@@ -597,6 +599,7 @@ init_per_testcase3(Case, Config) ->
 			{skip, "SSL does not seem to be supported"}
 		end;
 	    [X, $s, $s, $l, $_ | Rest] ->
+		?ENSURE_STARTED([crypto, public_key, ssl]),		
 		SslTag = 
 		    case X of
 			$p -> ssl;
@@ -679,36 +682,6 @@ end_per_testcase2(Case, Config) ->
 %%-------------------------------------------------------------------------
 
 %%-------------------------------------------------------------------------
-
-
-
-
-
-
-%%-------------------------------------------------------------------------
-http_1_1_ip(doc) ->
-    ["HTTP/1.1"];
-http_1_1_ip(suite) ->
-    [
-     ip_host, 
-     ip_chunked, 
-     ip_expect, 
-     ip_range, 
-     ip_if_test, 
-     ip_http_trace,
-     ip_http1_1_head, 
-     ip_mod_cgi_chunked_encoding_test
-    ].
-
-%%-------------------------------------------------------------------------
-
-%%-------------------------------------------------------------------------
-
-%%-------------------------------------------------------------------------
-
-%%-------------------------------------------------------------------------
-
-%%-------------------------------------------------------------------------
 ip_mod_alias(doc) -> 
     ["Module test: mod_alias"];
 ip_mod_alias(suite) -> 
@@ -717,6 +690,7 @@ ip_mod_alias(Config) when is_list(Config) ->
     httpd_mod:alias(ip_comm, ?IP_PORT, 
 		    ?config(host, Config), ?config(node, Config)),
     ok.
+
 %%-------------------------------------------------------------------------
 ip_mod_actions(doc) -> 
     ["Module test: mod_actions"];
@@ -726,6 +700,7 @@ ip_mod_actions(Config) when is_list(Config) ->
     httpd_mod:actions(ip_comm, ?IP_PORT, 
 		      ?config(host, Config), ?config(node, Config)),
     ok.
+
 %%-------------------------------------------------------------------------
 ip_mod_security(doc) -> 
     ["Module test: mod_security"];
@@ -2252,6 +2227,7 @@ ticket_5865(doc) ->
 ticket_5865(suite) ->
     [];
 ticket_5865(Config) ->
+    ?SKIP(as_of_r15_behaviour_of_calendar_has_changed),
     Host = ?config(host,Config),
     ServerRoot = ?config(server_root, Config), 
     DocRoot = filename:join([ServerRoot, "htdocs"]),
diff --git a/lib/inets/test/httpd_test_lib.erl b/lib/inets/test/httpd_test_lib.erl
index 1c7bb512cc..2f5867559a 100644
--- a/lib/inets/test/httpd_test_lib.erl
+++ b/lib/inets/test/httpd_test_lib.erl
@@ -80,14 +80,18 @@
 %% API
 %%------------------------------------------------------------------
 verify_request(SocketType, Host, Port, Node, RequestStr, Options) ->
-    verify_request(SocketType, Host, Port, Node, RequestStr, Options, 30000).
+    verify_request(SocketType, Host, Port, Node, RequestStr, 
+		   Options, 30000).
 verify_request(SocketType, Host, Port, TranspOpts, Node, RequestStr, Options) 
   when is_list(TranspOpts) ->
-    verify_request(SocketType, Host, Port, TranspOpts, Node, RequestStr, Options, 30000);
+    verify_request(SocketType, Host, Port, TranspOpts, Node, RequestStr, 
+		   Options, 30000);
 verify_request(SocketType, Host, Port, Node, RequestStr, Options, TimeOut) 
   when (is_integer(TimeOut) orelse (TimeOut =:= infinity)) ->
-    verify_request(SocketType, Host, Port, [], Node, RequestStr, Options, TimeOut).
-verify_request(SocketType, Host, Port, TranspOpts, Node, RequestStr, Options, TimeOut) ->
+    verify_request(SocketType, Host, Port, [], Node, RequestStr, 
+		   Options, TimeOut).
+verify_request(SocketType, Host, Port, TranspOpts, Node, RequestStr, 
+	       Options, TimeOut) ->
     tsp("verify_request -> entry with"
 	"~n   SocketType: ~p"
 	"~n   Host:       ~p"
@@ -259,10 +263,10 @@ validate(RequestStr, #state{status_line = {Version, StatusCode, _},
 			    headers     = Headers, 
 			    body        = Body}, Options, N, P) ->
     
-    %% tsp("validate -> entry with"
-    %% 	"~n   StatusCode: ~p"
-    %% 	"~n   Headers:    ~p"
-    %% 	"~n   Body:       ~p", [StatusCode, Headers, Body]),
+    tsp("validate -> entry with"
+     	"~n   StatusCode: ~p"
+	"~n   Headers:    ~p"
+	"~n   Body:       ~p", [StatusCode, Headers, Body]),
 
     check_version(Version, Options),
     case lists:keysearch(statuscode, 1, Options) of
@@ -320,9 +324,9 @@ do_validate(Header, [{header, HeaderField}|Rest], N, P) ->
 	{value, {LowerHeaderField, _Value}} ->
 	    ok;
 	false ->
-	    test_server:fail({missing_header_field, LowerHeaderField, Header});
+	    tsf({missing_header_field, LowerHeaderField, Header});
 	_ ->
-	    test_server:fail({missing_header_field, LowerHeaderField, Header})
+	    tsf({missing_header_field, LowerHeaderField, Header})
     end,
     do_validate(Header, Rest, N, P);
 do_validate(Header, [{header, HeaderField, Value}|Rest],N,P) ->
@@ -331,18 +335,15 @@ do_validate(Header, [{header, HeaderField, Value}|Rest],N,P) ->
 	{value, {LowerHeaderField, Value}} ->
 	    ok;
 	false ->
-	    test_server:fail({wrong_header_field_value, LowerHeaderField, 
-			      Header});
+	    tsf({wrong_header_field_value, LowerHeaderField, Header});
 	_ ->
-	    test_server:fail({wrong_header_field_value, LowerHeaderField, 
-			      Header})
+	    tsf({wrong_header_field_value, LowerHeaderField, Header})
     end,
     do_validate(Header, Rest, N, P);
 do_validate(Header,[{no_last_modified, HeaderField}|Rest],N,P) ->
     case lists:keysearch(HeaderField,1,Header) of
 	{value,_} ->
-	    test_server:fail({wrong_header_field_value, HeaderField, 
-			      Header});
+	    tsf({wrong_header_field_value, HeaderField, Header});
 	_ ->
 	    ok
     end,
diff --git a/lib/inets/test/httpd_time_test.erl b/lib/inets/test/httpd_time_test.erl
index c54674be36..0bb457f9b9 100644
--- a/lib/inets/test/httpd_time_test.erl
+++ b/lib/inets/test/httpd_time_test.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -333,51 +333,82 @@ poll(Error, _SocketType, _URI, _ExpRes) ->
     exit({failed_creating_socket, Error}).
 
 await_poll_response(ok, SocketType, Socket, ExpStatusCode) ->
+    await_poll_response2(SocketType, Socket, ExpStatusCode, []);
+await_poll_response(Error, _SocketType, _Socket, _ExpStatusCode) ->
+    exit(Error).
+
+%% The reply *can* be split into two messages (this is a 
+%% result of OTP-9757 for ssl), so we read them all until 
+%% the sockets closes, then we analyze the response.
+await_poll_response2(SocketType, Socket, ExpStatusCode, Data) ->
     receive 
 	%% SSL receives
-	{ssl, Socket, Data} ->
-            validate(ExpStatusCode, SocketType, Socket, Data);
-	{ssl_closed, Socket} ->
-	    exit(connection_closed);
+	{ssl, Socket, NewData} ->
+	    d("await_poll_response2 -> "
+	      "received part (~w bytes) of the response", [sz(NewData)]),
+            await_poll_response2(SocketType, Socket, ExpStatusCode, 
+				 [NewData | Data]);
+	{ssl_closed, Socket} -> 
+	    %% We are done or we failed
+	    d("await_poll_response2 -> "
+	      "we are done after receiving ~w bytes data", [sz(Data)]),
+	    validate(ExpStatusCode, SocketType, Socket, 
+		     lists:flatten(lists:reverse(Data)));
 	{ssl_error, Socket, Error} ->
 	    exit({connection_error, Error});
 
 	%% TCP receives
-        {tcp, Socket, Response} ->
-            validate(ExpStatusCode, SocketType, Socket, Response);
+        {tcp, Socket, NewData} ->
+	    d("await_poll_response2 -> "
+	      "received part (~w bytes) of the response", [sz(NewData)]),
+            await_poll_response2(SocketType, Socket, ExpStatusCode, 
+				 [NewData | Data]);
         {tcp_closed, Socket} ->
-            exit(connection_closed);
+	    %% We are done or we failed
+	    d("await_poll_response2 -> "
+	      "we are done after receiving ~w bytes data", [sz(Data)]),
+	    validate(ExpStatusCode, SocketType, Socket, 
+		     lists:flatten(lists:reverse(Data)));
 	{tcp_error, Socket, Error} ->
 	    exit({connection_error, Error})
 
     after 10000 ->
-            exit(response_timed_out)
-    end;
-await_poll_response(Error, _SocketType, _Socket, _ExpStatusCode) ->
-    exit(Error).
-
+	    d("we timed out while waiting for response, "
+	      "validate whatever we got so far"),
+	    validate(ExpStatusCode, SocketType, Socket, 
+		     lists:flatten(lists:reverse(Data)))
+	    %% exit(response_timed_out)
+    end.
 
-validate(ExpStatusCode, SocketType, Socket, Response) ->
-    Sz = sz(Response),
-    trash_the_rest(Socket, Sz),
-    inets_test_lib:close(SocketType, Socket),
+validate(ExpStatusCode, _SocketType, _Socket, Response) ->
+    %% Sz = sz(Response),
+    %% trash_the_rest(Socket, Sz),
+    %% inets_test_lib:close(SocketType, Socket),
     case inets_regexp:split(Response," ") of
-        {ok,["HTTP/1.0", ExpStatusCode|_]} ->
+        {ok, ["HTTP/1.0", ExpStatusCode|_]} ->
             ok;
-        {ok,["HTTP/1.0", StatusCode|_]} -> 
+        {ok, ["HTTP/1.0", StatusCode|_]} -> 
 	    error_msg("Unexpected status code: ~p (~s). "
 		      "Expected status code: ~p (~s)", 
 		      [StatusCode,    status_to_message(StatusCode),
 		       ExpStatusCode, status_to_message(ExpStatusCode)]),
             exit({unexpected_response_code, StatusCode, ExpStatusCode});
-	{ok,["HTTP/1.1", ExpStatusCode|_]} ->
+	{ok, ["HTTP/1.1", ExpStatusCode|_]} ->
             ok;
-        {ok,["HTTP/1.1", StatusCode|_]} -> 
+        {ok, ["HTTP/1.1", StatusCode|_]} -> 
 	    error_msg("Unexpected status code: ~p (~s). "
 		      "Expected status code: ~p (~s)", 
 		      [StatusCode,    status_to_message(StatusCode),
 		       ExpStatusCode, status_to_message(ExpStatusCode)]),
-            exit({unexpected_response_code, StatusCode, ExpStatusCode})
+            exit({unexpected_response_code, StatusCode, ExpStatusCode});
+        {ok, Unexpected} -> 
+	    error_msg("Unexpected response split: ~p (~s)", 
+		      [Unexpected, Response]),
+            exit({unexpected_response, Unexpected, Response});
+        {error, Reason} -> 
+	    error_msg("Failed processing response: ~p (~s)", 
+		      [Reason, Response]),
+            exit({failed_response_processing, Reason, Response})
     end.
 
 
diff --git a/lib/inets/test/inets_app_test.erl b/lib/inets/test/inets_app_test.erl
index 9d7202e087..db2218f3b6 100644
--- a/lib/inets/test/inets_app_test.erl
+++ b/lib/inets/test/inets_app_test.erl
@@ -45,8 +45,7 @@ end_per_testcase(_Case, Config) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 all() -> 
-    [fields, modules, exportall, app_depend,
-     undef_funcs].
+    [fields, modules, exportall, app_depend, undef_funcs].
 
 groups() -> 
     [].
@@ -243,18 +242,11 @@ undef_funcs(doc) ->
 undef_funcs(Config) when is_list(Config) ->
     %% We need to check if there is a point to run this test.
     %% On some platforms, crypto will not build, which in turn
-    %% causes ssl to not to not build (at this time, this will
+    %% causes ssl to not build (at this time, this will
     %% change in the future).
     %% So, we first check if we can start crypto, and if not, 
     %% we skip this test case!
-    case (catch crypto:start()) of
-	ok ->
-	    ok;
-	{error, {already_started, crypto}} ->
-	    ok;
-	_ ->
-	    ?SKIP(crypto_start_check_failed)
-    end, 
+    ?ENSURE_STARTED(crypto), 
     App            = inets,
     AppFile        = key1search(app_file, Config),
     Mods           = key1search(modules, AppFile),
@@ -266,7 +258,7 @@ undef_funcs(Config) when is_list(Config) ->
     ok             = xref:set_default(XRef, 
 				      [{verbose,false},{warnings,false}]),
     XRefName       = undef_funcs_make_name(App, xref_name),
-    {ok, XRefName} = xref:add_release(XRef, Root, {name,XRefName}),
+    {ok, XRefName} = xref:add_release(XRef, Root, {name, XRefName}),
     {ok, App}      = xref:replace_application(XRef, App, EbinDir),
     {ok, Undefs}   = xref:analyze(XRef, undefined_function_calls),
     xref:stop(XRef),
diff --git a/lib/inets/test/inets_test_lib.erl b/lib/inets/test/inets_test_lib.erl
index ddb1a49394..bbed35e1f8 100644
--- a/lib/inets/test/inets_test_lib.erl
+++ b/lib/inets/test/inets_test_lib.erl
@@ -35,6 +35,7 @@
 -export([check_body/1]).
 -export([millis/0, millis_diff/2, hours/1, minutes/1, seconds/1, sleep/1]).
 -export([oscmd/1, has_ipv6_support/1]).
+-export([ensure_started/1]).
 -export([non_pc_tc_maybe_skip/4, os_based_skip/1, skip/3, fail/3]).
 -export([flush/0]).
 -export([start_node/1, stop_node/1]).
@@ -126,6 +127,37 @@ await_stopped(Node, N) ->
 
 
 %% ----------------------------------------------------------------
+%% Ensure apps are started
+%% This to ensure we dont attempt to run teatcases on platforms 
+%% where there is no working ssl app.
+
+ensure_started([]) ->
+    ok;
+ensure_started([App|Apps]) ->
+    ensure_started(App),
+    ensure_started(Apps);
+ensure_started(crypto = App) ->
+    %% We have to treat crypto in this special way because 
+    %% only this function ensures that the NIF lib is actually
+    %% loaded. And only by loading that lib can we know if it 
+    %% is even possible to run crypto.
+    do_ensure_started(App, fun() -> crypto:start() end);
+ensure_started(App) when is_atom(App) ->
+    do_ensure_started(App, fun() -> application:start(App) end).
+
+do_ensure_started(App, Start) when is_function(Start) ->
+    case (catch Start()) of
+	ok ->
+	    ok;
+	{error, {already_started, _}} ->
+	    ok;
+	Error ->
+	    throw({error, {failed_starting, App, Error}})
+    end.
+
+
+
+%% ----------------------------------------------------------------
 %% HTTPD starter functions
 %%
 
diff --git a/lib/inets/test/inets_test_lib.hrl b/lib/inets/test/inets_test_lib.hrl
index 4dd81093a2..c578398c55 100644
--- a/lib/inets/test/inets_test_lib.hrl
+++ b/lib/inets/test/inets_test_lib.hrl
@@ -64,10 +64,11 @@
 
 %% - Misc macros -
 
--define(UPDATE(K,V,C),  inets_test_lib:update_config(K,V,C)).
--define(CONFIG(K,C),    inets_test_lib:get_config(K,C)).
--define(HOSTNAME(),     inets_test_lib:hostname()).
--define(SZ(X),          inets_test_lib:sz(X)).
+-define(ENSURE_STARTED(A), inets_test_lib:ensure_started(A)).
+-define(UPDATE(K,V,C),     inets_test_lib:update_config(K,V,C)).
+-define(CONFIG(K,C),       inets_test_lib:get_config(K,C)).
+-define(HOSTNAME(),        inets_test_lib:hostname()).
+-define(SZ(X),             inets_test_lib:sz(X)).
 
 
 %% - Test case macros - 
diff --git a/lib/inets/vsn.mk b/lib/inets/vsn.mk
index 1df4558e45..77eb43a7ed 100644
--- a/lib/inets/vsn.mk
+++ b/lib/inets/vsn.mk
@@ -2,7 +2,7 @@
 
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2001-2011. All Rights Reserved.
+# Copyright Ericsson AB 2001-2012. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -18,7 +18,7 @@
 # %CopyrightEnd%
 
 APPLICATION = inets
-INETS_VSN   = 5.8
+INETS_VSN   = 5.8.1
 PRE_VSN     =
 APP_VSN     = "$(APPLICATION)-$(INETS_VSN)$(PRE_VSN)"
 
diff --git a/lib/inviso/doc/src/inviso.xml b/lib/inviso/doc/src/inviso.xml
index 44fe7a3a78..c0e2e8f0de 100644
--- a/lib/inviso/doc/src/inviso.xml
+++ b/lib/inviso/doc/src/inviso.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -30,6 +30,10 @@
   <module>inviso</module>
   <modulesummary>Main API Module to the Inviso Tracer</modulesummary>
   <description>
+    <warning>
+      <p>The <c>inviso</c> application is deprecated and will be
+      removed in the R16 release.</p>
+    </warning>
     <p>With the <c>inviso</c> API runtime components can be started and tracing managed across a network of distributed Erlang nodes, using a control component also started with <c>inviso</c> API functions.</p>
     <p>Inviso can be used both in a distributed environment and in a non-distributed. API functions not taking a list of nodes as argument works on all started runtime components. If it is the non-distributed case, that is the local runtime component. The API functions taking a list of nodes as argument, or as part of one of the arguments, can not be used in a non-distributed environment. Return values named <c>NodeResult</c> refers to return values from a single Erlang node, and will therefore be the return in the non-distributed environment.</p>
   </description>
diff --git a/lib/inviso/doc/src/inviso_chapter.xml b/lib/inviso/doc/src/inviso_chapter.xml
index 4480099c67..b69fb97586 100644
--- a/lib/inviso/doc/src/inviso_chapter.xml
+++ b/lib/inviso/doc/src/inviso_chapter.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -30,8 +30,12 @@
   </header>
 
   <section>
-    <title>Introduction</title>
     <p><em>inviso</em>: (Latin) to go to see, visit, inspect, look at.</p>
+    <warning>
+      <p>The <c>inviso</c> application is deprecated and will be
+      removed in the R16 release.</p>
+    </warning>
+    <title>Introduction</title>
     <p>The Inviso trace system consists of one or several runtime components supposed to run on each Erlang node doing tracing and one control component which can run on any node with available processor power. Inviso may also be part of a higher layer trace tool. See the inviso-tool as an example. The implementation is spread out over the Runtime_tools and the Inviso Erlang/OTP applications. Erlang modules necessary to run the runtime component are located in Runtime_tools and therefore assumed to be available on any node. Even though Inviso is introduced with Erlang/OTP R11B the runtime component implementation is done with backward compatibility in mind. Meaning that it is possible to compile and run it on older Erlang/OTP releases.</p>
     <image file="inviso_users_guide_pic1.gif">
       <icaption>Inviso Trace System Architecture Overview.</icaption>
diff --git a/lib/inviso/doc/src/notes.xml b/lib/inviso/doc/src/notes.xml
index 7c2c3c3bde..661284e786 100644
--- a/lib/inviso/doc/src/notes.xml
+++ b/lib/inviso/doc/src/notes.xml
@@ -31,7 +31,28 @@
   <p>This document describes the changes made to the Inviso application.</p>
 
 

-  <section><title>Inviso 0.6.2</title>
+  <section><title>Inviso 0.6.3</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>The <c>inviso</c> application has been deprecated and
+	    will be removed in the R16 release.</p>
+          <p>
+	    Own Id: OTP-9798</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Inviso 0.6.2</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/inviso/src/inviso.erl b/lib/inviso/src/inviso.erl
index 0eda06a5c2..07bdf3e649 100644
--- a/lib/inviso/src/inviso.erl
+++ b/lib/inviso/src/inviso.erl
@@ -25,6 +25,7 @@
 %% ------------------------------------------------------------------------------

 

 -module(inviso).

+-deprecated(module).
 

 %% ------------------------------------------------------------------------------

 %% Exported API functions.

diff --git a/lib/inviso/test/inviso_tool_SUITE.erl b/lib/inviso/test/inviso_tool_SUITE.erl
index 6b16e506eb..f8a9cea47f 100644
--- a/lib/inviso/test/inviso_tool_SUITE.erl
+++ b/lib/inviso/test/inviso_tool_SUITE.erl
@@ -52,7 +52,12 @@ end_per_group(_GroupName, Config) ->
 %% -----------------------------------------------------------------------------

 

 init_per_suite(Config) ->

-    Config.

+    case test_server:is_native(lists) of
+	true ->
+	    {skip,"Native libs -- tracing doesn't work"};
+	false ->
+	    Config
+    end.
 %% -----------------------------------------------------------------------------

 

 end_per_suite(_Config) ->

diff --git a/lib/inviso/vsn.mk b/lib/inviso/vsn.mk
index 79093597fe..c6b0398bde 100644
--- a/lib/inviso/vsn.mk
+++ b/lib/inviso/vsn.mk
@@ -1 +1 @@
-INVISO_VSN = 0.6.2
+INVISO_VSN = 0.6.3
diff --git a/lib/jinterface/doc/src/notes.xml b/lib/jinterface/doc/src/notes.xml
index 11fcc5f387..bf94077114 100644
--- a/lib/jinterface/doc/src/notes.xml
+++ b/lib/jinterface/doc/src/notes.xml
@@ -30,6 +30,27 @@
   </header>
   <p>This document describes the changes made to the Jinterface application.</p>
 
+<section><title>Jinterface 1.5.5</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    JInterface: improve OtpOutputStream buffer allocation</p>
+          <p>
+	    Previously, the buffer was increased linearly by 2048
+	    bytes. I now propose to use an exponential increase
+	    function (similar to Javas ArrayList, e.g. always at
+	    least +50%). This significantly increases performance of
+	    e.g. doRPC for large parameters. (Thanks to Nico Kruber)</p>
+          <p>
+	    Own Id: OTP-9806</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Jinterface 1.5.4</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile b/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile
index e772a2b0a5..365798e68a 100644
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile
@@ -3,7 +3,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangAtom.java b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangAtom.java
index 4d53447164..60eef7a126 100644
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangAtom.java
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangAtom.java
@@ -53,7 +53,7 @@ public class OtpErlangAtom extends OtpErlangObject implements Serializable,
 
 	if (atom.length() > maxAtomLength) {
 	    throw new java.lang.IllegalArgumentException("Atom may not exceed "
-		    + maxAtomLength + " characters");
+		    + maxAtomLength + " characters: " + atom);
 	}
 	this.atom = atom;
     }
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangString.java b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangString.java
index 23734bf83b..be8b7c5c12 100644
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangString.java
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangString.java
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 2000-2009. All Rights Reserved.
+ * Copyright Ericsson AB 2000-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -154,13 +154,16 @@ public class OtpErlangString extends OtpErlangObject implements Serializable,
      *         Unicode code points
      */
 
-    public static int[] stringToCodePoints(final String s) {
-	final int m = s.codePointCount(0, s.length());
-	final int [] codePoints = new int[m];
-	for (int i = 0, j = 0;  j < m;  i = s.offsetByCodePoints(i, 1), j++) {
-	    codePoints[j] = s.codePointAt(i);
-	}
-	return codePoints;
+   public static int[] stringToCodePoints(final String s) {
+        final int m = s.codePointCount(0, s.length());
+        final int[] codePoints = new int[m];
+        int j = 0;
+        for (int offset = 0; offset < s.length();) {
+            final int codepoint = s.codePointAt(offset);
+            codePoints[j++] = codepoint;
+            offset += Character.charCount(codepoint);
+        }
+        return codePoints;
     }
 
     /**
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpMbox.java b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpMbox.java
index 71a419497a..b0b64e6953 100644
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpMbox.java
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpMbox.java
@@ -31,7 +31,7 @@ package com.ericsson.otp.erlang;
  * the recipient of the message. When sending messages to other mailboxes, the
  * recipient can only respond if the sender includes the pid as part of the
  * message contents. The sender can determine his own pid by calling
- * {@link #self self()}.
+ * {@link #self() self()}.
  * </p>
  * 
  * <p>
@@ -141,7 +141,7 @@ public class OtpMbox {
      * Get the registered name of this mailbox.
      * 
      * @return the registered name of this mailbox, or null if the mailbox had
-     *         no registerd name.
+     *         no registered name.
      */
     public String getName() {
 	return name;
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpNode.java b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpNode.java
index d499fae3fb..be7c8e5b1a 100644
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpNode.java
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpNode.java
@@ -182,7 +182,7 @@ public class OtpNode extends OtpLocalNode {
      * Create an unnamed {@link OtpMbox mailbox} that can be used to send and
      * receive messages with other, similar mailboxes and with Erlang processes.
      * Messages can be sent to this mailbox by using its associated
-     * {@link OtpMbox#self pid}.
+     * {@link OtpMbox#self() pid}.
      * 
      * @return a mailbox.
      */
@@ -248,7 +248,7 @@ public class OtpNode extends OtpLocalNode {
      * Create an named mailbox that can be used to send and receive messages
      * with other, similar mailboxes and with Erlang processes. Messages can be
      * sent to this mailbox by using its registered name or the associated
-     * {@link OtpMbox#self pid}.
+     * {@link OtpMbox#self() pid}.
      * 
      * @param name
      *            a name to register for this mailbox. The name must be unique
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpOutputStream.java b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpOutputStream.java
index 181350100f..22ebb4688a 100644
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpOutputStream.java
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpOutputStream.java
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 2000-2009. All Rights Reserved.
+ * Copyright Ericsson AB 2000-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -25,6 +25,7 @@ import java.io.UnsupportedEncodingException;
 import java.math.BigDecimal;
 import java.math.BigInteger;
 import java.text.DecimalFormat;
+import java.util.Arrays;
 
 /**
  * Provides a stream for encoding Erlang terms to external format, for
@@ -39,7 +40,7 @@ public class OtpOutputStream extends ByteArrayOutputStream {
     /** The default initial size of the stream. * */
     public static final int defaultInitialSize = 2048;
 
-    /** The default increment used when growing the stream. * */
+    /** The default increment used when growing the stream (increment at least this much). * */
     public static final int defaultIncrement = 2048;
 
     // static formats, used to encode floats and doubles
@@ -95,6 +96,41 @@ public class OtpOutputStream extends ByteArrayOutputStream {
     }
 
     /**
+     * Trims the capacity of this <tt>OtpOutputStream</tt> instance to be the
+     * buffer's current size.  An application can use this operation to minimize
+     * the storage of an <tt>OtpOutputStream</tt> instance.
+     */
+    public void trimToSize() {
+	if (super.count < super.buf.length) {
+	    final byte[] tmp = new byte[super.count];
+	    System.arraycopy(super.buf, 0, tmp, 0, super.count);
+	    super.buf = tmp;
+	}
+    }
+
+    /**
+     * Increases the capacity of this <tt>OtpOutputStream</tt> instance, if
+     * necessary, to ensure that it can hold at least the number of elements
+     * specified by the minimum capacity argument.
+     *
+     * @param   minCapacity   the desired minimum capacity
+     */
+    public void ensureCapacity(int minCapacity) {
+	int oldCapacity = super.buf.length;
+	if (minCapacity > oldCapacity) {
+	    int newCapacity = (oldCapacity * 3)/2 + 1;
+	    if (newCapacity < oldCapacity + defaultIncrement)
+		newCapacity = oldCapacity + defaultIncrement;
+	    if (newCapacity < minCapacity)
+		newCapacity = minCapacity;
+	    // minCapacity is usually close to size, so this is a win:
+	    final byte[] tmp = new byte[newCapacity];
+	    System.arraycopy(super.buf, 0, tmp, 0, super.count);
+	    super.buf = tmp;
+	}
+    }
+
+    /**
      * Write one byte to the stream.
      * 
      * @param b
@@ -102,13 +138,7 @@ public class OtpOutputStream extends ByteArrayOutputStream {
      * 
      */
     public void write(final byte b) {
-	if (super.count >= super.buf.length) {
-	    // System.err.println("Expanding buffer from " + this.buf.length
-	    // + " to " + (this.buf.length+defaultIncrement));
-	    final byte[] tmp = new byte[super.buf.length + defaultIncrement];
-	    System.arraycopy(super.buf, 0, tmp, 0, super.count);
-	    super.buf = tmp;
-	}
+	ensureCapacity(super.count + 1);
 	super.buf[super.count++] = b;
     }
 
@@ -122,14 +152,7 @@ public class OtpOutputStream extends ByteArrayOutputStream {
 
     @Override
     public void write(final byte[] buf) {
-	if (super.count + buf.length > super.buf.length) {
-	    // System.err.println("Expanding buffer from " + super.buf.length
-	    // + " to " + (buf.length + super.buf.lengt + defaultIncrement));
-	    final byte[] tmp = new byte[super.buf.length + buf.length
-		    + defaultIncrement];
-	    System.arraycopy(super.buf, 0, tmp, 0, super.count);
-	    super.buf = tmp;
-	}
+	ensureCapacity(super.count + buf.length);
 	System.arraycopy(buf, 0, super.buf, super.count, buf.length);
 	super.count += buf.length;
     }
diff --git a/lib/jinterface/test/nc_SUITE.erl b/lib/jinterface/test/nc_SUITE.erl
index da54f5bf51..9c88400c2a 100644
--- a/lib/jinterface/test/nc_SUITE.erl
+++ b/lib/jinterface/test/nc_SUITE.erl
@@ -296,7 +296,8 @@ lists_roundtrip_2(Config) when is_list(Config) ->
 	  {[z,23|24],tail3},
 	  {[z|25],tail3},
 	  {"abc123",sub3atom},
-	  {"abc",sub3atom}
+	  {"abc",sub3atom},
+	  {"abcdefg",codepointBug}
 	 ],
     Trans =
 	fun ([_|T], tail) ->
@@ -308,7 +309,9 @@ lists_roundtrip_2(Config) when is_list(Config) ->
 	    (L, tail3) when is_list(L) ->
 		null;
 	    ([_,_,_|L], sub3atom) ->
-		list_to_atom(L)
+		list_to_atom(L);
+	    (L, codepointBug) ->
+		L
 	end,
     OutTrans =
 	fun ({L,Twist}) ->
diff --git a/lib/jinterface/test/nc_SUITE_data/echo_server.java b/lib/jinterface/test/nc_SUITE_data/echo_server.java
index 0550e4beb1..5ecb5b72a7 100644
--- a/lib/jinterface/test/nc_SUITE_data/echo_server.java
+++ b/lib/jinterface/test/nc_SUITE_data/echo_server.java
@@ -202,6 +202,12 @@ public class echo_server {
 		final OtpErlangAtom o = new OtpErlangAtom(s.stringValue()
 			.substring(3));
 		return o;
+	    } else if (atomValue.equals("codepointBug")
+		    && i instanceof OtpErlangString) {
+		final OtpErlangString s = (OtpErlangString) i;
+		final String ss = s.stringValue().substring(3, 6);
+		final int[] cps = OtpErlangString.stringToCodePoints(ss);
+		return s;
 	    } else if (atomValue.equals("utf8")) {
 		if (i instanceof OtpErlangString) {
 		    final OtpErlangString s = (OtpErlangString) i;
diff --git a/lib/jinterface/vsn.mk b/lib/jinterface/vsn.mk
index 9d75a653e3..9d8229e9fa 100644
--- a/lib/jinterface/vsn.mk
+++ b/lib/jinterface/vsn.mk
@@ -1 +1 @@
-JINTERFACE_VSN = 1.5.4
+JINTERFACE_VSN = 1.5.5
diff --git a/lib/kernel/doc/src/code.xml b/lib/kernel/doc/src/code.xml
index 6b89711924..ee687511a3 100644
--- a/lib/kernel/doc/src/code.xml
+++ b/lib/kernel/doc/src/code.xml
@@ -229,10 +229,10 @@
      <c>-code_path_choice Choice</c>. If the flag is set to <c>relaxed</c>,
      the code server will instead choose a suitable directory
      depending on the actual file structure. If there exists a regular
-     application ebin directory,situation it will be choosen. But if it does
-     not exist, the ebin directory in the archive is choosen if it
+     application ebin directory,situation it will be chosen. But if it does
+     not exist, the ebin directory in the archive is chosen if it
      exists. If neither of them exists the original directory will be
-     choosen.</p>
+     chosen.</p>
 
     <p>The command line flag <c>-code_path_choice Choice</c> does also
      affect how <c>init</c> interprets the <c>boot script</c>. The
diff --git a/lib/kernel/doc/src/file.xml b/lib/kernel/doc/src/file.xml
index 7db20e6343..772eff13cc 100644
--- a/lib/kernel/doc/src/file.xml
+++ b/lib/kernel/doc/src/file.xml
@@ -149,6 +149,12 @@
     <datatype>
       <name name="mode"/>
     </datatype>
+    <datatype>
+      <name name="file_info_option"/>
+    </datatype>
+    <datatype>
+      <name name="sendfile_option"/>
+    </datatype>
    </datatypes>
 
   <funcs>
@@ -409,7 +415,7 @@
       <name>file_info(Filename) -> {ok, FileInfo} | {error, Reason}</name>
       <fsummary>Get information about a file (deprecated)</fsummary>
       <desc>
-        <p>This function is obsolete. Use <c>read_file_info/1</c>
+        <p>This function is obsolete. Use <c>read_file_info/1,2</c>
           instead.</p>
       </desc>
     </func>
@@ -536,7 +542,7 @@
       <desc>
         <p>Makes a hard link from <c><anno>Existing</anno></c> to
           <c><anno>New</anno></c>, on
-          platforms that support links (Unix). This function returns
+          platforms that support links (Unix and Windows). This function returns
           <c>ok</c> if the link was successfully created, or
           <c>{error, <anno>Reason</anno>}</c>. On platforms that do not support
           links, <c>{error,enotsup}</c> is returned.</p>
@@ -563,11 +569,12 @@
       <name name="make_symlink" arity="2"/>
       <fsummary>Make a symbolic link to a file or directory</fsummary>
       <desc>
-        <p>This function creates a symbolic link <c><anno>Name2</anno></c> to
-          the file or directory <c><anno>Name1</anno></c>, on platforms that
-          support
-          symbolic links (most Unix systems). <c><anno>Name1</anno></c> need not
-          exist. This function returns <c>ok</c> if the link was
+        <p>This function creates a symbolic link <c><anno>New</anno></c> to
+          the file or directory <c><anno>Existing</anno></c>, on platforms that
+          support symbolic links (most Unix systems and Windows beginning with
+	  Vista).
+	  <c><anno>Existing</anno></c> need not exist.
+          This function returns <c>ok</c> if the link was
           successfully created, or <c>{error, <anno>Reason</anno>}</c>.
           On platforms
           that do not support symbolic links, <c>{error, enotsup}</c>
@@ -577,11 +584,11 @@
           <tag><c>eacces</c></tag>
           <item>
             <p>Missing read or write permissions for the parent directories
-            of <c><anno>Name1</anno></c> or <c><anno>Name2</anno></c>.</p>
+            of <c><anno>Existing</anno></c> or <c><anno>New</anno></c>.</p>
           </item>
           <tag><c>eexist</c></tag>
           <item>
-            <p><c><anno>Name2</anno></c> already exists.</p>
+            <p><c><anno>New</anno></c> already exists.</p>
           </item>
           <tag><c>enotsup</c></tag>
           <item>
@@ -1185,6 +1192,7 @@
     </func>
     <func>
       <name name="read_file_info" arity="1"/>
+      <name name="read_file_info" arity="2"/>
       <fsummary>Get information about a file</fsummary>
       <desc>
         <p>Retrieves information about a file. Returns
@@ -1196,6 +1204,20 @@
           from which the function is called:</p>
         <code type="none">
 -include_lib("kernel/include/file.hrl").</code>
+		<p>The time type returned in <c>atime</c>, <c>mtime</c> and <c>ctime</c>
+			is dependent on the time type set in <c>Opts :: {time, Type}</c>.
+			Type <c>local</c> will return local time, <c>universal</c> will
+			return universal time and <c>posix</c> will return seconds since
+			or before unix time epoch which is 1970-01-01 00:00 UTC. 
+			Default is <c>{time, local}</c>.
+		</p> 
+		<note>
+          <p>
+			  Since file times is stored in posix time on most OS it is
+			  faster to query file information with the <c>posix</c> option.
+		  </p> 
+        </note>
+        
         <p>The record <c>file_info</c> contains the following fields.</p>
         <taglist>
           <tag><c>size = integer()</c></tag>
@@ -1210,15 +1232,15 @@
           <item>
             <p>The current system access to the file.</p>
           </item>
-          <tag><c>atime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>atime = <seealso marker="#type-date_time">date_time()</seealso> | integer() </c></tag> 
           <item>
-            <p>The last (local) time the file was read.</p>
+            <p>The last time the file was read.</p>
           </item>
-          <tag><c>mtime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>mtime = <seealso marker="#type-date_time">date_time()</seealso> | integer() </c></tag> 
           <item>
-            <p>The last (local) time the file was written.</p>
+            <p>The last time the file was written.</p>
           </item>
-          <tag><c>ctime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>ctime = <seealso marker="#type-date_time">date_time()</seealso> | integer() </c></tag> 
           <item>
             <p>The interpretation of this time field depends on
               the operating system. On Unix, it is the last time
@@ -1374,9 +1396,11 @@
     </func>
     <func>
       <name name="read_link_info" arity="1"/>
+      <name name="read_link_info" arity="2"/>
       <fsummary>Get information about a link or file</fsummary>
       <desc>
-        <p>This function works like <c>read_file_info/1</c>, except that
+		  <p>This function works like 
+			 <seealso marker="#read_file_info/2">read_file_info/1,2</seealso> except that
           if <c><anno>Name</anno></c> is a symbolic link, information about
           the link will be returned in the <c>file_info</c> record and
           the <c>type</c> field of the record will be set to
@@ -1574,6 +1598,48 @@
       </desc>
     </func>
     <func>
+      <name name="sendfile" arity="2"/>
+      <fsummary>send a file to a socket</fsummary>
+      <desc>
+        <p>Sends the file <c>Filename</c> to <c>Socket</c>.
+        Returns <c>{ok, BytesSent}</c> if successful,
+        otherwise <c>{error, Reason}</c>.</p>
+      </desc>
+    </func>
+    <func>
+      <name name="sendfile" arity="5"/>
+      <fsummary>send a file to a socket</fsummary>
+      <desc>
+        <p>Sends <c>Bytes</c> from the file
+        referenced by <c>RawFile</c> beginning at <c>Offset</c> to
+        <c>Socket</c>.
+        Returns <c>{ok, BytesSent}</c> if successful,
+        otherwise <c>{error, Reason}</c>. If <c>Bytes</c> is set to
+	0 all data after the given <c>Offset</c> is sent.</p>
+	<p>The file used must be opened using the raw flag, and the process
+	calling sendfile must be the controlling process of the socket.
+	See <seealso marker="gen_tcp#controlling_process-2">gen_tcp:controlling_process/2</seealso></p>
+	<p>If the OS used does not support sendfile, an Erlang fallback
+	using file:read and gen_tcp:send is used.</p>
+	<p>The option list can contain the following options:
+	<taglist>
+          <tag><c>chunk_size</c></tag>
+          <item>The chunk size used by the erlang fallback to send
+	  data. If using the fallback, this should be set to a value
+	  which comfortably fits in the systems memory. Default is 20 MB.</item>
+	</taglist>
+	</p>
+	<p>On operating systems with thread support, it is recommended to use
+	async threads. See the command line flag
+	<c>+A</c> in <seealso marker="erts:erl">erl(1)</seealso>. If it is not
+	possible to use async threads for sendfile, it is recommended to use
+	a relatively small value for the send buffer on the socket. Otherwise
+	the Erlang VM might loose some of its soft realtime guarantees.
+	Which size to use depends on the OS/hardware and the requirements
+	of the application.</p>
+      </desc>
+    </func>
+    <func>
       <name name="write" arity="2"/>
       <fsummary>Write to a file</fsummary>
       <desc>
@@ -1645,6 +1711,7 @@
     </func>
     <func>
       <name name="write_file_info" arity="2"/>
+      <name name="write_file_info" arity="3"/>
       <fsummary>Change information about a file</fsummary>
       <desc>
         <p>Change file information. Returns <c>ok</c> if successful,
@@ -1655,18 +1722,25 @@
           from which the function is called:</p>
         <code type="none">
 -include_lib("kernel/include/file.hrl").</code>
+		<p>The time type set in <c>atime</c>, <c>mtime</c> and <c>ctime</c>
+			is dependent on the time type set in <c>Opts :: {time, Type}</c>.
+			Type <c>local</c> will interpret the time set as local, <c>universal</c> will
+			interpret it as universal time and <c>posix</c> must be seconds since
+			or before unix time epoch which is 1970-01-01 00:00 UTC.
+			Default is <c>{time, local}</c>.
+		</p>
         <p>The following fields are used from the record, if they are
           given.</p>
         <taglist>
-          <tag><c>atime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>atime = <seealso marker="#type-date_time">date_time()</seealso> | integer()</c></tag>
           <item>
-            <p>The last (local) time the file was read.</p>
+            <p>The last time the file was read.</p>
           </item>
-          <tag><c>mtime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>mtime = <seealso marker="#type-date_time">date_time()</seealso> | integer()</c></tag>
           <item>
-            <p>The last (local) time the file was written.</p>
+            <p>The last time the file was written.</p>
           </item>
-          <tag><c>ctime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>ctime = <seealso marker="#type-date_time">date_time()</seealso> | integer()</c></tag>
           <item>
             <p>On Unix, any value give for this field will be ignored
               (the "ctime" for the file will be set to the current
diff --git a/lib/kernel/doc/src/gen_sctp.xml b/lib/kernel/doc/src/gen_sctp.xml
index 418bfae4b8..579b7f1f74 100644
--- a/lib/kernel/doc/src/gen_sctp.xml
+++ b/lib/kernel/doc/src/gen_sctp.xml
@@ -270,7 +270,7 @@
 	it is bound to.</p>
 	<p>For type <c>seqpacket</c> sockets (the default)
 	<c><anno>IsServer</anno></c> must be <c>true</c> or <c>false</c>.
-	In the contrast to TCP, in SCTP there is no listening queue length.
+	In contrast to TCP, in SCTP there is no listening queue length.
 	If <c><anno>IsServer</anno></c> is <c>true</c> the socket accepts new associations, i.e.
 	it will become an SCTP server socket.</p>
 	<p>For type <c>stream</c> sockets <anno>Backlog</anno> defines
diff --git a/lib/kernel/doc/src/inet.xml b/lib/kernel/doc/src/inet.xml
index fad5af85bb..1a05b4ba99 100644
--- a/lib/kernel/doc/src/inet.xml
+++ b/lib/kernel/doc/src/inet.xml
@@ -573,6 +573,10 @@ fe80::204:acff:fe17:bf38
               is longer than the max allowed length, the packet is
               considered invalid. The same happens if the packet header
               is too big for the socket receive buffer.</p>
+	    <p>For line oriented protocols (<c>line</c>,<c>http*</c>),
+	    option <c>packet_size</c> also guarantees that lines up to the
+	    indicated length are accepted and not considered invalid due
+	    to internal buffer limitations.</p>
           </item>
           <tag><c>{read_packets, Integer}</c>(UDP sockets)</tag>
           <item>
diff --git a/lib/kernel/doc/src/notes.xml b/lib/kernel/doc/src/notes.xml
index ec57b03bd9..9121186631 100644
--- a/lib/kernel/doc/src/notes.xml
+++ b/lib/kernel/doc/src/notes.xml
@@ -30,6 +30,241 @@
   </header>
   <p>This document describes the changes made to the Kernel application.</p>
 
+<section><title>Kernel 2.15</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+	    <p> Calls to <c>global:whereis_name/1</c> have been
+	    substituted for calls to
+	    <c>global:safe_whereis_name/1</c> since the latter is not
+	    safe at all.</p>
+	    <p>The reason for not doing this earlier is that setting
+	    a global lock masked out a bug concerning the restart of
+	    supervised children. The bug has now been fixed by a
+	    modification of <c>global:whereis_name/1</c>. (Thanks to
+	    Ulf Wiger for code contribution.)</p>
+	    <p>A minor race conditions in <c>gen_fsm:start*</c> has
+	    been fixed: if one of these functions returned <c>{error,
+	    Reason}</c> or ignore, the name could still be registered
+	    (either locally or in <c>global</c>. (This is the same
+	    modification as was done for gen_server in OTP-7669.)</p>
+	    <p>The undocumented function
+	    <c>global:safe_whereis_name/1</c> has been removed. </p>
+          <p>
+	    Own Id: OTP-9212 Aux Id: seq7117, OTP-4174 </p>
+        </item>
+        <item>
+          <p>
+	    Honor option <c>packet_size</c> for http packet parsing
+	    by both TCP socket and <c>erlang:decode_packet</c>. This
+	    gives the ability to accept HTTP headers larger than the
+	    default setting, but also avoid DoS attacks by accepting
+	    lines only up to whatever length you wish to allow. For
+	    consistency, packet type <c>line</c> also honor option
+	    <c>packet_size</c>. (Thanks to Steve Vinoski)</p>
+          <p>
+	    Own Id: OTP-9389</p>
+        </item>
+        <item>
+	    <p> <c>disk_log:reopen/2,3</c> and
+	    <c>disk_log:breopen/3</c> could return the error reason
+	    from <c>file:rename/2</c> rather than the reason
+	    <c>{file_error, Filename, Reason}</c>. This bug has been
+	    fixed. </p> <p> The message <c>{disk_log, Node, {error,
+	    disk_log_stopped}}</c> which according the documentation
+	    is sent upon failure to truncate or reopen a disk log was
+	    sometimes turned into a reply. This bug has been fixed.
+	    </p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9508</p>
+        </item>
+        <item>
+          <p>
+	    Environment variable 'shutdown_timeout' is added to
+	    kernel application. Earlier, application_controller would
+	    hang forever if an application top supervisor did not
+	    terminate upon a shutdown request. If this new
+	    environment variable is set to a positive integer T, then
+	    application controller will now give up after T
+	    milliseconds and instead brutally kill the application.
+	    For backwards compatibility, the default value for
+	    shutdown_timeout is 'infinity'.</p>
+          <p>
+	    Own Id: OTP-9540</p>
+        </item>
+        <item>
+          <p>
+	    Add '-callback' attributes in stdlib's behaviours</p>
+          <p>
+	    Replace the behaviour_info(callbacks) export in stdlib's
+	    behaviours with -callback' attributes for all the
+	    callbacks. Update the documentation with information on
+	    the callback attribute Automatically generate
+	    'behaviour_info' function from '-callback' attributes</p>
+          <p>
+	    'behaviour_info(callbacks)' is a special function that is
+	    defined in a module which describes a behaviour and
+	    returns a list of its callbacks.</p>
+          <p>
+	    This function is now automatically generated using the
+	    '-callback' specs. An error is returned by lint if user
+	    defines both '-callback' attributes and the
+	    behaviour_info/1 function. If no type info is needed for
+	    a callback use a generic spec for it. Add '-callback'
+	    attribute to language syntax</p>
+          <p>
+	    Behaviours may define specs for their callbacks using the
+	    familiar spec syntax, replacing the '-spec' keyword with
+	    '-callback'. Simple lint checks are performed to ensure
+	    that no callbacks are defined twice and all types
+	    referred are declared.</p>
+          <p>
+	    These attributes can be then used by tools to provide
+	    documentation to the behaviour or find discrepancies in
+	    the callback definitions in the callback module.</p>
+          <p>
+	    Add callback specs into 'application' module in kernel
+	    Add callback specs to tftp module following internet
+	    documentation Add callback specs to inets_service module
+	    following possibly deprecated comments</p>
+          <p>
+	    Own Id: OTP-9621</p>
+        </item>
+        <item>
+          <p>
+	    make tab completion work in remote shells (Thanks to Mats
+	    Cronqvist)</p>
+          <p>
+	    Own Id: OTP-9673</p>
+        </item>
+        <item>
+          <p>
+	    Add missing parenthesis in heart doc.</p>
+          <p>
+	    Add missing spaces in the Reference Manual distributed
+	    section.</p>
+          <p>
+	    In the HTML version of the doc those spaces are necessary
+	    to separate those words.</p>
+          <p>
+	    Own Id: OTP-9693</p>
+        </item>
+        <item>
+          <p>
+	    Fixes net_kernel:get_net_ticktime() doc</p>
+          <p>
+	    Adds missing description when `ignored' is returned.
+	    (Thanks to Ricardo Catalinas Jim�nez )</p>
+          <p>
+	    Own Id: OTP-9713</p>
+        </item>
+        <item>
+	    <p> While <c>disk_log</c> eagerly collects logged terms
+	    for better performance, collecting too much data may
+	    choke the system and cause huge binaries to be written.
+	    In order to remedy the situation a (small) limit on the
+	    amount of data that is collected before writing to disk
+	    has been introduced. </p>
+          <p>
+	    Own Id: OTP-9764</p>
+        </item>
+        <item>
+          <p>
+	    <list> <item><p>Correct callback spec in application
+	    module</p></item> <item><p>Refine warning about callback
+	    specs with extra ranges</p></item> <item><p>Cleanup
+	    autoimport compiler directives</p></item> <item><p>Fix
+	    Dialyzer's warnings in typer</p></item> <item><p>Fix
+	    Dialyzer's warning for its own code</p></item>
+	    <item><p>Fix bug in Dialyzer's behaviours
+	    analysis</p></item> <item><p>Fix crash in
+	    Dialyzer</p></item> <item><p>Variable substitution was
+	    not generalizing any unknown variables.</p></item>
+	    </list></p>
+          <p>
+	    Own Id: OTP-9776</p>
+        </item>
+        <item>
+          <p>
+	    Fix a crash when file:change_time/2,3 are called with
+	    invalid dates</p>
+          <p>
+	    Calling file:change_time/2,3 with an invalid date tuple
+	    (e.g file:change_time("file.txt", {undefined,
+	    undefined})) will cause file_server_2 to crash.
+	    error_logger will shutdown and the whole VM will stop.
+	    Change behavior to validate given dates on system
+	    boundaries. (i.e before issuing a server call).(Thanks to
+	    Ahmed Omar)</p>
+          <p>
+	    Own Id: OTP-9785</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p> An option list argument can now be passed to
+	    <c>file:read_file_info/2, file:read_link_info/2</c> and
+	    <c>file:write_file_info/3</c> and set time type
+	    information in the call. Valid options are <c>{time,
+	    local}, {time, universal}</c> and <c>{time, posix}</c>.
+	    In the case of <c>posix</c> time no conversions are made
+	    which makes the operation a bit faster. </p>
+          <p>
+	    Own Id: OTP-7687</p>
+        </item>
+        <item>
+	    <p><c>file:list_dir/1,2</c> will now fill an buffer
+	    entire with filenames from the efile driver before
+	    sending it to an erlang process. This will speed up this
+	    file operation in most cases.</p>
+          <p>
+	    Own Id: OTP-9023</p>
+        </item>
+        <item>
+	    <p>gen_sctp:open/0-2 may now return
+	    {error,eprotonosupport} if SCTP is not supported</p>
+	    <p>gen_sctp:peeloff/1 has been implemented and creates a
+	    one-to-one socket which also are supported now</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9239</p>
+        </item>
+        <item>
+          <p>
+	    Sendfile has been added to the file module's API.
+	    sendfile/2 is used to read data from a file and send it
+	    to a tcp socket using a zero copying mechanism if
+	    available on that OS.</p>
+          <p>
+	    Thanks to Tuncer Ayaz and Steve Vinovski for original
+	    implementation</p>
+          <p>
+	    Own Id: OTP-9240</p>
+        </item>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Kernel 2.14.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/kernel/include/dist.hrl b/lib/kernel/include/dist.hrl
index aea1ab81ba..5b52f6f294 100644
--- a/lib/kernel/include/dist.hrl
+++ b/lib/kernel/include/dist.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/kernel/include/dist_util.hrl b/lib/kernel/include/dist_util.hrl
index f2b0598532..c3a7f97418 100644
--- a/lib/kernel/include/dist_util.hrl
+++ b/lib/kernel/include/dist_util.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/kernel/include/file.hrl b/lib/kernel/include/file.hrl
index 3889bce393..bf97173122 100644
--- a/lib/kernel/include/file.hrl
+++ b/lib/kernel/include/file.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,10 +25,11 @@
 	{size   :: non_neg_integer(),	% Size of file in bytes.
 	 type   :: 'device' | 'directory' | 'other' | 'regular' | 'symlink',
 	 access :: 'read' | 'write' | 'read_write' | 'none',
-	 atime  :: file:date_time(),	% The local time the file was last read:
-					% {{Year, Mon, Day}, {Hour, Min, Sec}}.
-	 mtime  :: file:date_time(),	% The local time the file was last written.
-	 ctime  :: file:date_time(),	% The interpretation of this time field
+	 atime  :: file:date_time() | integer(), % The local time the file was last read:
+					         % {{Year, Mon, Day}, {Hour, Min, Sec}}.
+						 % atime, ctime, mtime may also be unix epochs()
+	 mtime  :: file:date_time() | integer(), % The local time the file was last written.
+	 ctime  :: file:date_time() | integer(), % The interpretation of this time field
 					% is dependent on operating system.
 					% On Unix it is the last time the file
 					% or the inode was changed.  On Windows,
diff --git a/lib/kernel/include/net_address.hrl b/lib/kernel/include/net_address.hrl
index 5342076507..9b9ea42931 100644
--- a/lib/kernel/include/net_address.hrl
+++ b/lib/kernel/include/net_address.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/kernel/src/Makefile b/lib/kernel/src/Makefile
index 02be6b5036..54f21eb2b8 100644
--- a/lib/kernel/src/Makefile
+++ b/lib/kernel/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1996-2010. All Rights Reserved.
+# Copyright Ericsson AB 1996-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/kernel/src/application.erl b/lib/kernel/src/application.erl
index caac4d926c..c299fb085c 100644
--- a/lib/kernel/src/application.erl
+++ b/lib/kernel/src/application.erl
@@ -59,7 +59,7 @@
 
 -callback start(StartType :: normal | {takeover, node()} | {failover, node()},
 		StartArgs :: term()) ->
-    {ok, pid()} | {ok, pid(), State :: term()} | {error, Reason :: term}.
+    {'ok', pid()} | {'ok', pid(), State :: term()} | {'error', Reason :: term()}.
 
 -callback stop(State :: term()) ->
     term().
diff --git a/lib/kernel/src/code.erl b/lib/kernel/src/code.erl
index 882e9625fe..b7fda69ce0 100644
--- a/lib/kernel/src/code.erl
+++ b/lib/kernel/src/code.erl
@@ -324,15 +324,7 @@ start_link(Flags) ->
 %%-----------------------------------------------------------------
 
 do_start(Flags) ->
-    %% The following module_info/1 calls are here to ensure
-    %% that these modules are loaded prior to their use elsewhere in
-    %% the code_server.
-    %% Otherwise a deadlock may occur when the code_server is starting.
-    code_server = code_server:module_info(module),
-    packages = packages:module_info(module),
-    catch hipe_unified_loader:load_hipe_modules(),
-    Modules2 = [gb_sets, gb_trees, ets, os, binary, unicode, filename, lists],
-    lists:foreach(fun (M) -> M = M:module_info(module) end, Modules2),
+    load_code_server_prerequisites(),
 
     Mode = get_mode(Flags),
     case init:get_argument(root) of 
@@ -360,6 +352,25 @@ do_start(Flags) ->
 	    {error, crash}
     end.
 
+%% Make sure that all modules that the code_server process calls
+%% (directly or indirectly) are loaded. Otherwise the code_server
+%% process will deadlock.
+
+load_code_server_prerequisites() ->
+    %% Please keep the alphabetical order.
+    Needed = [binary,
+	      ets,
+	      filename,
+	      gb_sets,
+	      gb_trees,
+	      hipe_unified_loader,
+	      lists,
+	      os,
+	      packages,
+	      unicode],
+    [M = M:module_info(module) || M <- Needed],
+    ok.
+
 do_stick_dirs() ->
     do_s(compiler),
     do_s(stdlib),
diff --git a/lib/kernel/src/code_server.erl b/lib/kernel/src/code_server.erl
index 32a12e2b52..5d4f2eb70c 100644
--- a/lib/kernel/src/code_server.erl
+++ b/lib/kernel/src/code_server.erl
@@ -1317,15 +1317,21 @@ int_list([H|T]) when is_integer(H) -> int_list(T);
 int_list([_|_])                    -> false;
 int_list([])                       -> true.
 
+load_file(Mod0, {From,_}=Caller, St0) ->
+    Mod = to_atom(Mod0),
+    case pending_on_load(Mod, From, St0) of
+	no -> load_file_1(Mod, Caller, St0);
+	{yes,St} -> {noreply,St}
+    end.
 
-load_file(Mod, Caller, #state{path=Path,cache=no_cache}=St) ->
+load_file_1(Mod, Caller, #state{path=Path,cache=no_cache}=St) ->
     case mod_to_bin(Path, Mod) of
 	error ->
 	    {reply,{error,nofile},St};
 	{Mod,Binary,File} ->
 	    try_load_module(File, Mod, Binary, Caller, St)
     end;
-load_file(Mod, Caller, #state{cache=Cache}=St0) ->
+load_file_1(Mod, Caller, #state{cache=Cache}=St0) ->
     Key = {obj,Mod},
     case ets:lookup(Cache, Key) of
 	[] -> 
diff --git a/lib/kernel/src/disk_log.erl b/lib/kernel/src/disk_log.erl
index d6bc23be6d..fb9415d440 100644
--- a/lib/kernel/src/disk_log.erl
+++ b/lib/kernel/src/disk_log.erl
@@ -64,7 +64,7 @@
 %%-define(PROFILE(C), C).
 -define(PROFILE(C), void).
 
--compile({inline,[{log_loop,4},{log_end_sync,2},{replies,2},{rflat,1}]}).
+-compile({inline,[{log_loop,5},{log_end_sync,2},{replies,2},{rflat,1}]}).
 
 %%%----------------------------------------------------------------------
 %%% Contract type specifications
@@ -685,7 +685,7 @@ handle({From, {log, B}}, S) ->
 	L when L#log.mode =:= read_only ->
 	    reply(From, {error, {read_only_mode, L#log.name}}, S);
 	L when L#log.status =:= ok, L#log.format =:= internal ->
-	    log_loop(S, From, [B], []);
+	    log_loop(S, From, [B], [], iolist_size(B));
 	L when L#log.status =:= ok, L#log.format =:= external ->
 	    reply(From, {error, {format_external, L#log.name}}, S);
 	L when L#log.status =:= {blocked, false} ->
@@ -700,7 +700,7 @@ handle({From, {blog, B}}, S) ->
 	L when L#log.mode =:= read_only ->
 	    reply(From, {error, {read_only_mode, L#log.name}}, S);
 	L when L#log.status =:= ok ->
-	    log_loop(S, From, [B], []);
+	    log_loop(S, From, [B], [], iolist_size(B));
 	L when L#log.status =:= {blocked, false} ->
 	    reply(From, {error, {blocked_log, L#log.name}}, S);
 	L when L#log.blocked_by =:= From ->
@@ -714,7 +714,7 @@ handle({alog, B}, S) ->
 	    notify_owners({read_only,B}),
 	    loop(S);
 	L when L#log.status =:= ok, L#log.format =:= internal ->
-	    log_loop(S, [], [B], []);
+	    log_loop(S, [], [B], [], iolist_size(B));
 	L when L#log.status =:= ok ->
 	    notify_owners({format_external, B}),
 	    loop(S);
@@ -730,7 +730,7 @@ handle({balog, B}, S) ->
 	    notify_owners({read_only,B}),
 	    loop(S);
 	L when L#log.status =:= ok ->
-	    log_loop(S, [], [B], []);
+	    log_loop(S, [], [B], [], iolist_size(B));
 	L when L#log.status =:= {blocked, false} ->
 	    notify_owners({blocked_log, B}),
 	    loop(S);
@@ -1029,38 +1029,42 @@ handle(_, S) ->
     loop(S).
 
 sync_loop(From, S) ->
-    log_loop(S, [], [], From).
+    log_loop(S, [], [], From, 0).
+
+-define(MAX_LOOK_AHEAD, 64*1024).
 
 %% Inlined.
-log_loop(S, Pids, _Bins, _Sync) when S#state.cache_error =/= ok ->
+log_loop(S, Pids, _Bins, _Sync, _Sz) when S#state.cache_error =/= ok ->
     loop(cache_error(S, Pids));
-log_loop(S, Pids, Bins, Sync) when S#state.messages =:= [] ->
+log_loop(#state{messages = []}=S, Pids, Bins, Sync, Sz)
+            when Sz > ?MAX_LOOK_AHEAD ->
+    loop(log_end(S, Pids, Bins, Sync));
+log_loop(#state{messages = []}=S, Pids, Bins, Sync, Sz) ->
     receive 
 	Message ->
-	    log_loop(Message, Pids, Bins, Sync, S, get(log))
+            log_loop(Message, Pids, Bins, Sync, Sz, S, get(log))
     after 0 ->
 	    loop(log_end(S, Pids, Bins, Sync))
     end;
-log_loop(S, Pids, Bins, Sync) ->
+log_loop(S, Pids, Bins, Sync, Sz) ->
     [M | Ms] = S#state.messages,
     S1 = S#state{messages = Ms},
-    log_loop(M, Pids, Bins, Sync, S1, get(log)).
+    log_loop(M, Pids, Bins, Sync, Sz, S1, get(log)).
 
 %% Items logged after the last sync request found are sync:ed as well.
-log_loop({alog,B}, Pids, Bins, Sync, S, L) when L#log.format =:= internal ->
+log_loop({alog,B}, Pids, Bins, Sync, Sz, S, #log{format = internal}) ->
     %% {alog, _} allowed for the internal format only.
-    log_loop(S, Pids, [B | Bins], Sync);
-log_loop({balog, B}, Pids, Bins, Sync, S, _L) ->
-    log_loop(S, Pids, [B | Bins], Sync);
-log_loop({From, {log, B}}, Pids, Bins, Sync, S, L) 
-                                           when L#log.format =:= internal ->
+    log_loop(S, Pids, [B | Bins], Sync, Sz+iolist_size(B));
+log_loop({balog, B}, Pids, Bins, Sync, Sz, S, _L) ->
+    log_loop(S, Pids, [B | Bins], Sync, Sz+iolist_size(B));
+log_loop({From, {log, B}}, Pids, Bins, Sync, Sz, S, #log{format = internal}) ->
     %% {log, _} allowed for the internal format only.
-    log_loop(S, [From | Pids], [B | Bins], Sync);
-log_loop({From, {blog, B}}, Pids, Bins, Sync, S, _L) ->
-    log_loop(S, [From | Pids], [B | Bins], Sync);
-log_loop({From, sync}, Pids, Bins, Sync, S, _L) ->
-    log_loop(S, Pids, Bins, [From | Sync]);
-log_loop(Message, Pids, Bins, Sync, S, _L) ->
+    log_loop(S, [From | Pids], [B | Bins], Sync, Sz+iolist_size(B));
+log_loop({From, {blog, B}}, Pids, Bins, Sync, Sz, S, _L) ->
+    log_loop(S, [From | Pids], [B | Bins], Sync, Sz+iolist_size(B));
+log_loop({From, sync}, Pids, Bins, Sync, Sz, S, _L) ->
+    log_loop(S, Pids, Bins, [From | Sync], Sz);
+log_loop(Message, Pids, Bins, Sync, _Sz, S, _L) ->
     NS = log_end(S, Pids, Bins, Sync),
     handle(Message, NS).
 
diff --git a/lib/kernel/src/file.erl b/lib/kernel/src/file.erl
index 706c60caaf..4028dd4f0b 100644
--- a/lib/kernel/src/file.erl
+++ b/lib/kernel/src/file.erl
@@ -28,9 +28,11 @@
 %% File system and metadata.
 -export([get_cwd/0, get_cwd/1, set_cwd/1, delete/1, rename/2,
 	 make_dir/1, del_dir/1, list_dir/1,
-	 read_file_info/1, write_file_info/2,
+	 read_file_info/1, read_file_info/2,
+	 write_file_info/2, write_file_info/3,
 	 altname/1,
-	 read_link_info/1, read_link/1,
+	 read_link_info/1, read_link_info/2,
+	 read_link/1,
 	 make_link/2, make_symlink/2,
 	 read_file/1, write_file/2, write_file/3]).
 %% Specialized
@@ -51,6 +53,9 @@
 
 -export([pid2name/1]).
 
+%% Sendfile functions
+-export([sendfile/2,sendfile/5]).
+
 %%% Obsolete exported functions
 
 -export([raw_read_file_info/1, raw_write_file_info/2]).
@@ -103,6 +108,10 @@
 -type date_time() :: calendar:datetime().
 -type posix_file_advise() :: 'normal' | 'sequential' | 'random'
                            | 'no_reuse' | 'will_need' | 'dont_need'.
+-type sendfile_option() :: {chunk_size, non_neg_integer()}.
+-type file_info_option() :: {'time', 'local'} | {'time', 'universal'} 
+			  | {'time', 'posix'}.
+
 
 %%%-----------------------------------------------------------------
 %%% General functions
@@ -211,6 +220,15 @@ del_dir(Name) ->
 read_file_info(Name) ->
     check_and_call(read_file_info, [file_name(Name)]).
 
+-spec read_file_info(Filename, Opts) -> {ok, FileInfo} | {error, Reason} when
+      Filename :: name(),
+      Opts :: [file_info_option()],
+      FileInfo :: file_info(),
+      Reason :: posix() | badarg.
+
+read_file_info(Name, Opts) when is_list(Opts) ->
+    check_and_call(read_file_info, [file_name(Name), Opts]).
+
 -spec altname(Name :: name()) -> any().
 
 altname(Name) ->
@@ -224,6 +242,16 @@ altname(Name) ->
 read_link_info(Name) ->
     check_and_call(read_link_info, [file_name(Name)]).
 
+-spec read_link_info(Name, Opts) -> {ok, FileInfo} | {error, Reason} when
+      Name :: name(),
+      Opts :: [file_info_option()],
+      FileInfo :: file_info(),
+      Reason :: posix() | badarg.
+
+read_link_info(Name, Opts) when is_list(Opts) ->
+    check_and_call(read_link_info, [file_name(Name),Opts]).
+
+
 -spec read_link(Name) -> {ok, Filename} | {error, Reason} when
       Name :: name(),
       Filename :: filename(),
@@ -240,6 +268,15 @@ read_link(Name) ->
 write_file_info(Name, Info = #file_info{}) ->
     check_and_call(write_file_info, [file_name(Name), Info]).
 
+-spec write_file_info(Filename, FileInfo, Opts) -> ok | {error, Reason} when
+      Filename :: name(),
+      Opts :: [file_info_option()],
+      FileInfo :: file_info(),
+      Reason :: posix() | badarg.
+
+write_file_info(Name, Info = #file_info{}, Opts) when is_list(Opts) ->
+    check_and_call(write_file_info, [file_name(Name), Info, Opts]).
+
 -spec list_dir(Dir) -> {ok, Filenames} | {error, Reason} when
       Dir :: name(),
       Filenames :: [filename()],
@@ -264,9 +301,9 @@ read_file(Name) ->
 make_link(Old, New) ->
     check_and_call(make_link, [file_name(Old), file_name(New)]).
 
--spec make_symlink(Name1, Name2) -> ok | {error, Reason} when
-      Name1 :: name(),
-      Name2 :: name(),
+-spec make_symlink(Existing, New) -> ok | {error, Reason} when
+      Existing :: name(),
+      New :: name(),
       Reason :: posix() | badarg.
 
 make_symlink(Old, New) ->
@@ -1100,8 +1137,9 @@ change_group(Name, GroupId)
       Mtime :: date_time(),
       Reason :: posix() | badarg.
 
-change_time(Name, Time) 
-  when is_tuple(Time) ->
+change_time(Name, {{Y, M, D}, {H, Min, Sec}}=Time)
+  when is_integer(Y), is_integer(M), is_integer(D),
+       is_integer(H), is_integer(Min), is_integer(Sec)->
     write_file_info(Name, #file_info{mtime=Time}).
 
 -spec change_time(Filename, Atime, Mtime) -> ok | {error, Reason} when
@@ -1110,10 +1148,150 @@ change_time(Name, Time)
       Mtime :: date_time(),
       Reason :: posix() | badarg.
 
-change_time(Name, Atime, Mtime) 
-  when is_tuple(Atime), is_tuple(Mtime) ->
+change_time(Name, {{AY, AM, AD}, {AH, AMin, ASec}}=Atime,
+         {{MY, MM, MD}, {MH, MMin, MSec}}=Mtime)
+  when is_integer(AY), is_integer(AM), is_integer(AD),
+       is_integer(AH), is_integer(AMin), is_integer(ASec),
+       is_integer(MY), is_integer(MM), is_integer(MD),
+       is_integer(MH), is_integer(MMin), is_integer(MSec)->
     write_file_info(Name, #file_info{atime=Atime, mtime=Mtime}).
 
+%%
+%% Send data using sendfile
+%%
+
+-define(MAX_CHUNK_SIZE, (1 bsl 20)*20). %% 20 MB, has to fit in primary memory
+
+-spec sendfile(RawFile, Socket, Offset, Bytes, Opts) ->
+   {'ok', non_neg_integer()} | {'error', inet:posix() | 
+				closed | badarg | not_owner} when
+      RawFile :: file:fd(),
+      Socket :: inet:socket(),
+      Offset :: non_neg_integer(),
+      Bytes :: non_neg_integer(),
+      Opts :: [sendfile_option()].
+sendfile(File, _Sock, _Offet, _Bytes, _Opts) when is_pid(File) ->
+    {error, badarg};
+sendfile(File, Sock, Offset, Bytes, []) ->
+    sendfile(File, Sock, Offset, Bytes, ?MAX_CHUNK_SIZE, [], [],
+	     false, false, false);
+sendfile(File, Sock, Offset, Bytes, Opts) ->
+    ChunkSize0 = proplists:get_value(chunk_size, Opts, ?MAX_CHUNK_SIZE),
+    ChunkSize = if ChunkSize0 > ?MAX_CHUNK_SIZE ->
+			?MAX_CHUNK_SIZE;
+		   true -> ChunkSize0
+		end,
+    %% Support for headers, trailers and options has been removed because the
+    %% Darwin and BSD API for using it does not play nice with
+    %% non-blocking sockets. See unix_efile.c for more info.
+    sendfile(File, Sock, Offset, Bytes, ChunkSize, [], [],
+	     false,false,false).
+
+%% sendfile/2
+-spec sendfile(Filename, Socket) ->
+   {'ok', non_neg_integer()} | {'error', inet:posix() | 
+				closed | badarg | not_owner}
+      when Filename :: file:name(),
+	   Socket :: inet:socket().
+sendfile(Filename, Sock)  ->
+    case file:open(Filename, [read, raw, binary]) of
+	{error, Reason} ->
+	    {error, Reason};
+	{ok, Fd} ->
+	    Res = sendfile(Fd, Sock, 0, 0, []),
+	    file:close(Fd),
+	    Res
+    end.
+
+%% Internal sendfile functions
+sendfile(#file_descriptor{ module = Mod } = Fd, Sock, Offset, Bytes,
+	 ChunkSize, Headers, Trailers, Nodiskio, MNowait, Sync)
+  when is_port(Sock) ->
+    case Mod:sendfile(Fd, Sock, Offset, Bytes, ChunkSize, Headers, Trailers,
+		      Nodiskio, MNowait, Sync) of
+	{error, enotsup} ->
+	    sendfile_fallback(Fd, Sock, Offset, Bytes, ChunkSize,
+			      Headers, Trailers);
+	Else ->
+	    Else
+    end;
+sendfile(_,_,_,_,_,_,_,_,_,_) ->
+    {error, badarg}.
+
+%%%
+%% Sendfile Fallback
+%%%
+sendfile_fallback(File, Sock, Offset, Bytes, ChunkSize,
+		  Headers, Trailers)
+  when Headers == []; is_integer(Headers) ->
+    case sendfile_fallback(File, Sock, Offset, Bytes, ChunkSize) of
+	{ok, BytesSent} when is_list(Trailers),
+			     Trailers =/= [],
+			     is_integer(Headers) ->
+	    sendfile_send(Sock, Trailers, BytesSent+Headers);
+	{ok, BytesSent} when is_list(Trailers), Trailers =/= [] ->
+	    sendfile_send(Sock, Trailers, BytesSent);
+	{ok, BytesSent} when is_integer(Headers) ->
+	    {ok, BytesSent + Headers};
+	Else ->
+	    Else
+    end;
+sendfile_fallback(File, Sock, Offset, Bytes, ChunkSize, Headers, Trailers) ->
+    case sendfile_send(Sock, Headers, 0) of
+	{ok, BytesSent} ->
+	    sendfile_fallback(File, Sock, Offset, Bytes, ChunkSize, BytesSent,
+			      Trailers);
+	Else ->
+	    Else
+    end.
+
+
+sendfile_fallback(File, Sock, Offset, Bytes, ChunkSize) ->
+    {ok, CurrPos} = file:position(File, {cur, 0}),
+    {ok, _NewPos} = file:position(File, {bof, Offset}),
+    Res = sendfile_fallback_int(File, Sock, Bytes, ChunkSize, 0),
+    file:position(File, {bof, CurrPos}),
+    Res.
+
+
+sendfile_fallback_int(File, Sock, Bytes, ChunkSize, BytesSent)
+  when Bytes > BytesSent; Bytes == 0 ->
+    Size = if Bytes == 0 ->
+		   ChunkSize;
+	       (Bytes - BytesSent + ChunkSize) > 0 ->
+		   Bytes - BytesSent;
+	      true ->
+		   ChunkSize
+	   end,
+    case file:read(File, Size) of
+	{ok, Data} ->
+	    case sendfile_send(Sock, Data, BytesSent) of
+		{ok,NewBytesSent} ->
+		    sendfile_fallback_int(
+		      File, Sock, Bytes, ChunkSize,
+		      NewBytesSent);
+		Error ->
+		    Error
+	    end;
+	eof ->
+	    {ok, BytesSent};
+	Error ->
+	    Error
+    end;
+sendfile_fallback_int(_File, _Sock, BytesSent, _ChunkSize, BytesSent) ->
+    {ok, BytesSent}.
+
+sendfile_send(Sock, Data, Old) ->
+    Len = iolist_size(Data),
+    case gen_tcp:send(Sock, Data) of
+	ok ->
+	    {ok, Len+Old};
+	Else ->
+	    Else
+    end.
+
+
+
 %%%-----------------------------------------------------------------
 %%% Helpers
 
diff --git a/lib/kernel/src/file_server.erl b/lib/kernel/src/file_server.erl
index 64c61ba3ac..fc6cd823c9 100644
--- a/lib/kernel/src/file_server.erl
+++ b/lib/kernel/src/file_server.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2000-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2000-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -147,15 +147,24 @@ handle_call({get_cwd, Name}, _From, Handle) ->
 handle_call({read_file_info, Name}, _From, Handle) ->
     {reply, ?PRIM_FILE:read_file_info(Handle, Name), Handle};
 
+handle_call({read_file_info, Name, Opts}, _From, Handle) ->
+    {reply, ?PRIM_FILE:read_file_info(Handle, Name, Opts), Handle};
+
 handle_call({altname, Name}, _From, Handle) ->
     {reply, ?PRIM_FILE:altname(Handle, Name), Handle};
 
 handle_call({write_file_info, Name, Info}, _From, Handle) ->
     {reply, ?PRIM_FILE:write_file_info(Handle, Name, Info), Handle};
 
+handle_call({write_file_info, Name, Info, Opts}, _From, Handle) ->
+    {reply, ?PRIM_FILE:write_file_info(Handle, Name, Info, Opts), Handle};
+
 handle_call({read_link_info, Name}, _From, Handle) ->
     {reply, ?PRIM_FILE:read_link_info(Handle, Name), Handle};
 
+handle_call({read_link_info, Name, Opts}, _From, Handle) ->
+    {reply, ?PRIM_FILE:read_link_info(Handle, Name, Opts), Handle};
+
 handle_call({read_link, Name}, _From, Handle) ->
     {reply, ?PRIM_FILE:read_link(Handle, Name), Handle};
 
diff --git a/lib/kernel/src/gen_sctp.erl b/lib/kernel/src/gen_sctp.erl
index 77ca26b845..d8954f0cf7 100644
--- a/lib/kernel/src/gen_sctp.erl
+++ b/lib/kernel/src/gen_sctp.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -314,7 +314,7 @@ eof_or_abort(S, AssocId, Action) ->
 -spec send(Socket, SndRcvInfo, Data) -> ok | {error, Reason} when
       Socket :: sctp_socket(),
       SndRcvInfo :: #sctp_sndrcvinfo{},
-      Data :: binary | iolist(),
+      Data :: binary() | iolist(),
       Reason :: term().
 
 %% Full-featured send. Rarely needed.
@@ -331,7 +331,7 @@ send(S, SRI, Data) ->
       Socket :: sctp_socket(),
       Assoc :: #sctp_assoc_change{} | assoc_id(),
       Stream :: integer(),
-      Data :: binary | iolist(),
+      Data :: binary() | iolist(),
       Reason :: term().
 
 send(S, #sctp_assoc_change{assoc_id=AssocId}, Stream, Data)
diff --git a/lib/kernel/src/gen_tcp.erl b/lib/kernel/src/gen_tcp.erl
index 8ab18c01b4..4d6c7f5f1d 100644
--- a/lib/kernel/src/gen_tcp.erl
+++ b/lib/kernel/src/gen_tcp.erl
@@ -27,6 +27,7 @@
 -export([fdopen/2]).
 
 -include("inet_int.hrl").
+-include("file.hrl").
 
 -type option() ::
         {active,          true | false | once} |
@@ -302,7 +303,7 @@ unrecv(S, Data) when is_port(S) ->
 	    Mod:unrecv(S, Data);
 	Error ->
 	    Error
-    end.    
+    end.
 
 %%
 %% Set controlling process
@@ -354,3 +355,4 @@ mod([_|Opts], Address) ->
     mod(Opts, Address);
 mod([], Address) ->
     mod(Address).
+
diff --git a/lib/kernel/src/hipe_unified_loader.erl b/lib/kernel/src/hipe_unified_loader.erl
index 1d3eb926ca..8b3aa0286d 100644
--- a/lib/kernel/src/hipe_unified_loader.erl
+++ b/lib/kernel/src/hipe_unified_loader.erl
@@ -36,7 +36,6 @@
 
 -export([chunk_name/1,
 	 %% Only the code and code_server modules may call the entries below!
-	 load_hipe_modules/0,
 	 load_native_code/2,
 	 post_beam_load/1,
 	 load_module/3,
@@ -78,16 +77,6 @@ chunk_name(Architecture) ->
 
 %%========================================================================
 
--spec load_hipe_modules() -> 'ok'.
-%% @doc
-%%    Ensures HiPE's loader modules are loaded.
-%%    Called from code.erl at start-up.
-
-load_hipe_modules() ->
-  ok.
-
-%%========================================================================
-
 -spec load_native_code(Mod, binary()) -> 'no_native' | {'module', Mod}
 					  when is_subtype(Mod, atom()).
 %% @doc
diff --git a/lib/kernel/src/inet.erl b/lib/kernel/src/inet.erl
index b60c68e3a1..49f64a9236 100644
--- a/lib/kernel/src/inet.erl
+++ b/lib/kernel/src/inet.erl
@@ -40,6 +40,10 @@
 
 -export([tcp_controlling_process/2, udp_controlling_process/2,
 	 tcp_close/1, udp_close/1]).
+
+%% used by sendfile
+-export([lock_socket/2]).
+
 %% used by socks5
 -export([setsockname/2, setpeername/2]).
 
@@ -1353,3 +1357,14 @@ stop_timer(Timer) ->
 	    end;
 	T -> T
     end.
+
+
+lock_socket(S,Val) ->
+    case erlang:port_info(S, connected) of
+	{connected, Pid} when Pid =/= self() ->
+	    {error, not_owner};
+	undefined ->
+	    {error, einval};
+	_ ->
+	    prim_inet:ignorefd(S,Val)
+    end.
diff --git a/lib/kernel/src/inet_int.hrl b/lib/kernel/src/inet_int.hrl
index f8984b13fe..cf893c73eb 100644
--- a/lib/kernel/src/inet_int.hrl
+++ b/lib/kernel/src/inet_int.hrl
@@ -85,6 +85,8 @@
 -define(INET_REQ_GETIFADDRS,    25).
 -define(INET_REQ_ACCEPT,        26).
 -define(INET_REQ_LISTEN,        27).
+-define(INET_REQ_IGNOREFD,      28).
+
 %% TCP requests
 %%-define(TCP_REQ_ACCEPT,         40). MOVED
 %%-define(TCP_REQ_LISTEN,         41). MERGED
diff --git a/lib/kernel/src/user_drv.erl b/lib/kernel/src/user_drv.erl
index e33b4830ab..8f2ca28f56 100644
--- a/lib/kernel/src/user_drv.erl
+++ b/lib/kernel/src/user_drv.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/kernel/src/user_sup.erl b/lib/kernel/src/user_sup.erl
index 35b7ff0cfe..cb50d9491d 100644
--- a/lib/kernel/src/user_sup.erl
+++ b/lib/kernel/src/user_sup.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -45,7 +45,7 @@ init([]) ->
 	    Pid = start_slave(Master),
 	    {ok, Pid, Pid};
 	{M, F, A} ->
-	    case start_user({M, F}, A) of
+	    case start_user(M, F, A) of
 		{ok, Pid} ->
 		    {ok, Pid, Pid};
 		Error ->
@@ -95,8 +95,8 @@ terminate(_Reason, UserPid) ->
 %% is guaranteed that the user is started.
 %%-----------------------------------------------------------------
 
-start_user(Func,A) ->
-    apply(Func, A),
+start_user(Mod, Func, A) ->
+    apply(Mod, Func, A),
     wait_for_user_p(100).
 
 wait_for_user_p(0) ->
diff --git a/lib/kernel/test/Makefile b/lib/kernel/test/Makefile
index 82bc3fc6d1..5dcaad3f5e 100644
--- a/lib/kernel/test/Makefile
+++ b/lib/kernel/test/Makefile
@@ -74,7 +74,8 @@ MODULES= \
 	wrap_log_reader_SUITE \
 	cleanup \
 	zlib_SUITE \
-	loose_node
+	loose_node \
+	sendfile_SUITE
 
 APP_FILES = \
 	appinc.app \
diff --git a/lib/kernel/test/code_SUITE.erl b/lib/kernel/test/code_SUITE.erl
index 10ab3e4370..99b0cd2ffb 100644
--- a/lib/kernel/test/code_SUITE.erl
+++ b/lib/kernel/test/code_SUITE.erl
@@ -30,9 +30,9 @@
 	 load_cached/1, start_node_with_cache/1, add_and_rehash/1,
 	 where_is_file_cached/1, where_is_file_no_cache/1,
 	 purge_stacktrace/1, mult_lib_roots/1, bad_erl_libs/1,
-	 code_archive/1, code_archive2/1, on_load/1,
-	 big_boot_embedded/1,
-	 on_load_embedded/1, on_load_errors/1, native_early_modules/1]).
+	 code_archive/1, code_archive2/1, on_load/1, on_load_binary/1,
+	 on_load_embedded/1, on_load_errors/1, big_boot_embedded/1,
+	 native_early_modules/1]).
 
 -export([init_per_testcase/2, end_per_testcase/2, 
 	 init_per_suite/1, end_per_suite/1,
@@ -55,8 +55,8 @@ all() ->
      add_and_rehash, where_is_file_no_cache,
      where_is_file_cached, purge_stacktrace, mult_lib_roots,
      bad_erl_libs, code_archive, code_archive2, on_load,
-     on_load_embedded, big_boot_embedded, on_load_errors, 
-     native_early_modules].
+     on_load_binary, on_load_embedded, on_load_errors,
+     big_boot_embedded, native_early_modules].
 
 groups() -> 
     [].
@@ -1286,6 +1286,45 @@ on_load_wait_for_all([Ref|T]) ->
     end;
 on_load_wait_for_all([]) -> ok.
 
+on_load_binary(_) ->
+    Master = on_load_binary_test_case_process,
+    register(Master, self()),
+
+    %% Construct, compile and pretty-print.
+    Mod = on_load_binary,
+    File = atom_to_list(Mod) ++ ".erl",
+    Forms = [{attribute,1,file,{File,1}},
+	     {attribute,1,module,Mod},
+	     {attribute,2,export,[{ok,0}]},
+	     {attribute,3,on_load,{init,0}},
+	     {function,5,init,0,
+	      [{clause,5,[],[],
+		[{op,6,'!',
+		  {atom,6,Master},
+		  {tuple,6,[{atom,6,Mod},{call,6,{atom,6,self},[]}]}},
+		 {'receive',7,[{clause,8,[{atom,8,go}],[],[{atom,8,ok}]}]}]}]},
+	     {function,11,ok,0,[{clause,11,[],[],[{atom,11,true}]}]}],
+    {ok,Mod,Bin} = compile:forms(Forms, [report]),
+    [io:put_chars(erl_pp:form(F)) || F <- Forms],
+
+    {Pid1,Ref1} = spawn_monitor(fun() ->
+					code:load_binary(Mod, File, Bin),
+					true = on_load_binary:ok()
+				end),
+    receive {Mod,OnLoadPid} -> ok end,
+    {Pid2,Ref2} = spawn_monitor(fun() ->
+					true = on_load_binary:ok()
+				end),
+    erlang:yield(),
+    OnLoadPid ! go,
+    receive {'DOWN',Ref1,process,Pid1,Exit1} -> ok end,
+    receive {'DOWN',Ref2,process,Pid2,Exit2} -> ok end,
+    normal = Exit1,
+    normal = Exit2,
+    true = code:delete(on_load_binary),
+    false = code:purge(on_load_binary),
+    ok.
+
 on_load_embedded(Config) when is_list(Config) ->
     try
 	on_load_embedded_1(Config)
diff --git a/lib/kernel/test/erl_prim_loader_SUITE.erl b/lib/kernel/test/erl_prim_loader_SUITE.erl
index 7599a89779..d0d52c5ea7 100644
--- a/lib/kernel/test/erl_prim_loader_SUITE.erl
+++ b/lib/kernel/test/erl_prim_loader_SUITE.erl
@@ -175,10 +175,10 @@ wait_really_started(Node, N) ->
 inet_disconnects(doc) -> ["Start a node using the 'inet' loading method, ",
 			  "then lose the connection."];
 inet_disconnects(Config) when is_list(Config) ->
-    case os:type() of
-	vxworks ->
-	    {comment, "VxWorks: tested separately"};
-	_ ->
+    case test_server:is_native(erl_boot_server) of
+	true ->
+	    {skip,"erl_boot_server is native"};
+	false ->
 	    ?line Name = erl_prim_test_inet_disconnects,
 	    ?line Host = host(),
 	    ?line Cookie = atom_to_list(erlang:get_cookie()),
diff --git a/lib/kernel/test/file_SUITE.erl b/lib/kernel/test/file_SUITE.erl
index 77fc7e73f9..2b6af7e1fb 100644
--- a/lib/kernel/test/file_SUITE.erl
+++ b/lib/kernel/test/file_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -78,7 +78,7 @@
 
 -export([altname/1]).
 
--export([large_file/1]).
+-export([large_file/1, large_write/1]).
 
 -export([read_line_1/1, read_line_2/1, read_line_3/1,read_line_4/1]).
 
@@ -92,6 +92,8 @@
 -export([bytes/2, iterate/3]).
 
 
+%% System probe functions that might be handy to check from the shell
+-export([disc_free/1, memsize/0]).
 
 -include_lib("test_server/include/test_server.hrl").
 -include_lib("kernel/include/file.hrl").
@@ -106,7 +108,7 @@ all() ->
      {group, compression}, {group, links}, copy,
      delayed_write, read_ahead, segment_read, segment_write,
      ipread, pid2name, interleaved_read_write, otp_5814,
-     large_file, read_line_1, read_line_2, read_line_3,
+     large_file, large_write, read_line_1, read_line_2, read_line_3,
      read_line_4, standard_io].
 
 groups() -> 
@@ -143,6 +145,13 @@ end_per_group(_GroupName, Config) ->
 
 
 init_per_suite(Config) when is_list(Config) ->
+    SaslConfig = case application:start(sasl) of
+		     {error, {already_started, sasl}} ->
+			 [];
+		     ok ->
+			 [{sasl,started}]
+		 end,
+    ok = application:start(os_mon),
     case os:type() of
 	{win32, _} ->
 	    Priv = ?config(priv_dir, Config),
@@ -154,9 +163,9 @@ init_per_suite(Config) when is_list(Config) ->
 		    {ok, _} ->
 			[]
 		end,
-	    ?FILE_INIT(HasAccessTime++Config);
+	    ?FILE_INIT(HasAccessTime++Config++SaslConfig);
 	_ ->
-	    ?FILE_INIT(Config)
+	    ?FILE_INIT(Config++SaslConfig)
     end.
 
 end_per_suite(Config) when is_list(Config) ->
@@ -166,6 +175,13 @@ end_per_suite(Config) when is_list(Config) ->
 	_ ->
 	    ok
     end,
+    application:stop(os_mon),
+    case proplists:get_value(sasl, Config) of
+	started ->
+	    application:stop(sasl);
+	_Else ->
+	    ok
+    end,
     ?FILE_FINI(Config).
 
 init_per_testcase(_Func, Config) ->
@@ -394,6 +410,7 @@ make_del_dir(Config) when is_list(Config) ->
 	%% Don't worry ;-) the parent directory should never be empty, right?
 	?line case ?FILE_MODULE:del_dir('..') of
 		  {error, eexist} -> ok;
+		  {error, eacces} -> ok;		%OpenBSD
 		  {error, einval} -> ok			%FreeBSD
 	      end,
 	?line {error, enoent} = ?FILE_MODULE:del_dir(""),
@@ -3144,12 +3161,12 @@ ipread_int(Dir, ModeList) ->
 		{fun (Bin) when is_binary(Bin) -> Bin;
 		     (List) when is_list(List) -> list_to_binary(List)
 		 end, 
-		 {erlang, size}};
+		 fun erlang:byte_size/1};
 	    false ->
 		{fun (Bin) when is_binary(Bin) -> binary_to_list(Bin);
 		     (List) when is_list(List) -> List
 		 end, 
-		 {erlang, length}}
+		 fun erlang:length/1}
 	end,
     ?line Pos = 4711,
     ?line Data = Conv("THE QUICK BROWN FOX JUMPS OVER A LAZY DOG"),
@@ -3287,50 +3304,13 @@ large_file(suite) ->
 large_file(doc) ->
     ["Tests positioning in large files (> 4G)"];
 large_file(Config) when is_list(Config) ->
-    case {os:type(),os:version()} of
-	{{win32,nt},_} ->
-	    do_large_file(Config);
-	{{unix,sunos},{A,B,C}}
-	when A == 5, B == 5, C >= 1;   A == 5, B >= 6;   A >= 6 ->
-	    do_large_file(Config);
-	{{unix,Unix},_} when Unix =/= sunos ->
-	    N = unix_free(Config),
-	    io:format("Free: ~w KByte~n", [N]),
-	    if N < 5 * (1 bsl 20) ->
-		    %% Less than 5 GByte free
-		    {skipped,"Less than 5 GByte free"};
-	       true ->
-		    do_large_file(Config)
-	    end;
-	_ -> 
-	    {skipped,"Only supported on Win32, Unix or SunOS >= 5.5.1"}
-    end.
+    run_large_file_test(Config,
+			fun(Name) -> do_large_file(Name) end,
+			"_large_file").
 
-unix_free(Config) ->
-    Cmd = ["df -k '",?config(priv_dir, Config),"'"],
-    DF0 = os:cmd(Cmd),
-    io:format("$ ~s~n~s", [Cmd,DF0]),
-    [$\n|DF1] = lists:dropwhile(fun ($\n) -> false; (_) -> true end, DF0),
-    {ok,[N],_} = io_lib:fread(" ~*s ~d", DF1),
-    N.
+do_large_file(Name) ->
+    ?line Watchdog = ?t:timetrap(?t:minutes(20)),
 
-do_large_file(Config) ->
-    ?line Watchdog = ?t:timetrap(?t:minutes(5)),
-    %%
-    ?line Name = filename:join(?config(priv_dir, Config),
-			       ?MODULE_STRING ++ "_large_file"),
-    ?line Tester = self(),
-    Deleter = 
-	spawn(
-	  fun() ->
-		  Mref = erlang:monitor(process, Tester),
-		  receive
-		      {'DOWN',Mref,_,_,_} -> ok;
-		      {Tester,done} -> ok
-		  end,
-		  ?FILE_MODULE:delete(Name)
-	  end),
-    %%
     ?line S = "1234567890",
     L = length(S),
     R = lists:reverse(S),
@@ -3366,15 +3346,36 @@ do_large_file(Config) ->
     ?line {ok,R}   = ?FILE_MODULE:read(F1, L+1),
     ?line ok       = ?FILE_MODULE:close(F1),
     %%
-    ?line Mref = erlang:monitor(process, Deleter),
-    ?line Deleter ! {Tester,done},
-    ?line receive {'DOWN',Mref,_,_,_} -> ok end,
-    %%
     ?line ?t:timetrap_cancel(Watchdog),
     ok.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
+large_write(Config) when is_list(Config) ->
+    run_large_file_test(Config,
+			fun(Name) -> do_large_write(Name) end,
+			"_large_write").
+
+do_large_write(Name) ->
+    Memsize = memsize(),
+    io:format("Memsize = ~w Bytes~n", [Memsize]),
+    case {erlang:system_info(wordsize),Memsize} of
+	{4,_} ->
+	    {skip,"Needs a 64-bit emulator"};
+	{8,N} when N < 6 bsl 30 ->
+	    {skip,
+	     "This machine has < 6 GB  memory: "
+	     ++integer_to_list(N)};
+	{8,_} ->
+	    Size = 4*1024*1024*1024+1,
+	    Bin = <<0:Size/unit:8>>,
+	    ok = file:write_file(Name, Bin),
+	    {ok,#file_info{size=Size}} = file:read_file_info(Name),
+	    ok
+    end.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
 
 
 response_analysis(Module, Function, Arguments) ->
@@ -3950,3 +3951,67 @@ flush(Msgs) ->
     after 0 ->
 	    lists:reverse(Msgs)
     end.
+
+%%%
+%%% Support for testing large files.
+%%%
+
+run_large_file_test(Config, Run, Name) ->
+    case {os:type(),os:version()} of
+	{{win32,nt},_} ->
+	    do_run_large_file_test(Config, Run, Name);
+	{{unix,sunos},OsVersion} when OsVersion < {5,5,1} ->
+	    {skip,"Only supported on Win32, Unix or SunOS >= 5.5.1"};
+	{{unix,_},_} ->
+	    N = disc_free(?config(priv_dir, Config)),
+	    io:format("Free disk: ~w KByte~n", [N]),
+	    if N < 5 * (1 bsl 20) ->
+		    %% Less than 5 GByte free
+		    {skip,"Less than 5 GByte free"};
+	       true ->
+		    do_run_large_file_test(Config, Run, Name)
+	    end;
+	_ -> 
+	    {skip,"Only supported on Win32, Unix or SunOS >= 5.5.1"}
+    end.
+
+
+do_run_large_file_test(Config, Run, Name0) ->
+    Name = filename:join(?config(priv_dir, Config),
+			 ?MODULE_STRING ++ Name0),
+    
+    %% Set up a process that will delete this file.
+    Tester = self(),
+    Deleter = 
+	spawn(
+	  fun() ->
+		  Mref = erlang:monitor(process, Tester),
+		  receive
+		      {'DOWN',Mref,_,_,_} -> ok;
+		      {Tester,done} -> ok
+		  end,
+		  ?FILE_MODULE:delete(Name)
+	  end),
+    
+    %% Run the test case.
+    Res = Run(Name),
+
+    %% Delete file and finish deleter process.
+    Mref = erlang:monitor(process, Deleter),
+    Deleter ! {Tester,done},
+    receive {'DOWN',Mref,_,_,_} -> ok end,
+
+    Res.
+
+disc_free(Path) ->
+    Data = disksup:get_disk_data(),
+    {_,Tot,Perc} = hd(lists:filter(
+			fun({P,_Size,_Full}) ->
+				lists:prefix(filename:nativename(P),
+					     filename:nativename(Path))
+			end, lists:reverse(lists:sort(Data)))),
+    round(Tot * (1-(Perc/100))).
+
+memsize() ->
+    {Tot,_Used,_}  = memsup:get_memory_data(),
+    Tot.
diff --git a/lib/kernel/test/gen_sctp_SUITE.erl b/lib/kernel/test/gen_sctp_SUITE.erl
index 300152ddce..8f490b6643 100644
--- a/lib/kernel/test/gen_sctp_SUITE.erl
+++ b/lib/kernel/test/gen_sctp_SUITE.erl
@@ -48,7 +48,9 @@ init_per_suite(_Config) ->
 	{ok,Socket} ->
 	    gen_sctp:close(Socket),
 	    [];
-	{error,eprotonosupport} ->
+	{error,Error}
+	  when Error =:= eprotonosupport;
+	       Error =:= esocktnosupport ->
 	    {skip,"SCTP not supported on this machine"}
     end.
 
diff --git a/lib/kernel/test/gen_tcp_api_SUITE.erl b/lib/kernel/test/gen_tcp_api_SUITE.erl
index cbaec2d6dd..a7af00c12a 100644
--- a/lib/kernel/test/gen_tcp_api_SUITE.erl
+++ b/lib/kernel/test/gen_tcp_api_SUITE.erl
@@ -22,7 +22,7 @@
 %% are not tested here, because they are tested indirectly in this and
 %% and other test suites.
 
--include_lib("test_server/include/test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
 -include_lib("kernel/include/inet.hrl").
 
 -export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
@@ -46,6 +46,8 @@ groups() ->
      {t_connect, [], [t_connect_timeout, t_connect_bad]},
      {t_recv, [], [t_recv_timeout, t_recv_eof]}].
 
+
+
 init_per_suite(Config) ->
     Config.
 
@@ -55,9 +57,8 @@ end_per_suite(_Config) ->
 init_per_group(_GroupName, Config) ->
     Config.
 
-end_per_group(_GroupName, Config) ->
-    Config.
-
+end_per_group(_,_Config) ->
+    ok.
 
 init_per_testcase(_Func, Config) ->
     Dog = test_server:timetrap(test_server:seconds(60)),
@@ -237,7 +238,6 @@ implicit_inet6(S, Addr) ->
     ?line ok = gen_tcp:close(S1).
 
 
-
 %%% Utilities
 
 %% Calls M:F/length(A), which should return a timeout error, and complete
diff --git a/lib/kernel/test/gen_tcp_echo_SUITE.erl b/lib/kernel/test/gen_tcp_echo_SUITE.erl
index fffaaf4c45..5bbaeb02ad 100644
--- a/lib/kernel/test/gen_tcp_echo_SUITE.erl
+++ b/lib/kernel/test/gen_tcp_echo_SUITE.erl
@@ -167,8 +167,12 @@ echo_test_1(SockOpts, EchoFun, Config0) ->
 		      [{type, {cdr, little}}|Config]),
     ?line case lists:keymember(packet_size, 1, SockOpts) of
 	      false ->
-		  ?line echo_packet([{packet, line}|SockOpts],
-				    EchoFun, Config);
+		  % This is cheating, we should test that packet_size
+		  % also works for line and http.
+		  echo_packet([{packet, line}|SockOpts], EchoFun, Config),
+		  echo_packet([{packet, http}|SockOpts], EchoFun, Config),
+		  echo_packet([{packet, http_bin}|SockOpts], EchoFun, Config);
+
 	      true -> ok
 	  end,
     ?line echo_packet([{packet, tpkt}|SockOpts], EchoFun, Config),
@@ -183,9 +187,6 @@ echo_test_1(SockOpts, EchoFun, Config0) ->
 		      [{type, {asn1, short, LongTag}}|Config]),
     ?line echo_packet([{packet, asn1}|SockOpts], EchoFun,
 		      [{type, {asn1, long, LongTag}}|Config]),
-
-    ?line echo_packet([{packet, http}|SockOpts], EchoFun, Config),
-    ?line echo_packet([{packet, http_bin}|SockOpts], EchoFun, Config),
     ok.
 
 echo_packet(SockOpts, EchoFun, Opts) ->
diff --git a/lib/kernel/test/gen_tcp_misc_SUITE.erl b/lib/kernel/test/gen_tcp_misc_SUITE.erl
index b1ef8826d5..3da4b07c05 100644
--- a/lib/kernel/test/gen_tcp_misc_SUITE.erl
+++ b/lib/kernel/test/gen_tcp_misc_SUITE.erl
@@ -40,7 +40,8 @@
 	 accept_timeouts_in_order3/1,accept_timeouts_mixed/1, 
 	 killing_acceptor/1,killing_multi_acceptors/1,killing_multi_acceptors2/1,
 	 several_accepts_in_one_go/1,active_once_closed/1, send_timeout/1, send_timeout_active/1, 
-	 otp_7731/1, zombie_sockets/1, otp_7816/1, otp_8102/1]).
+	 otp_7731/1, zombie_sockets/1, otp_7816/1, otp_8102/1,
+         otp_9389/1]).
 
 %% Internal exports.
 -export([sender/3, not_owner/1, passive_sockets_server/2, priority_server/1, 
@@ -72,7 +73,7 @@ all() ->
      killing_acceptor, killing_multi_acceptors,
      killing_multi_acceptors2, several_accepts_in_one_go,
      active_once_closed, send_timeout, send_timeout_active, otp_7731,
-     zombie_sockets, otp_7816, otp_8102].
+     zombie_sockets, otp_7816, otp_8102, otp_9389].
 
 groups() -> 
     [].
@@ -1030,6 +1031,7 @@ busy_send_loop(Server, Client, N) ->
 			    {Server,send} ->
 				?line busy_send_2(Server, Client, N+1)
 			after 10000 ->
+				%% If this happens, see busy_send_srv
 				?t:fail({timeout,{server,not_send,flush([])}})
 			end
 	  end.
@@ -1049,7 +1051,9 @@ busy_send_2(Server, Client, _N) ->
 
 busy_send_srv(L, Master, Msg) ->
     %% Server
-    %%
+    %% Sometimes this accept does not return, do not really know why
+    %% but is causes the timeout error in busy_send_loop to be
+    %% triggered. Only happens on OS X Leopard?!?
     {ok,Socket} = gen_tcp:accept(L),
     busy_send_srv_loop(Socket, Master, Msg).
 
@@ -2479,4 +2483,63 @@ otp_8102_do(LSocket, PortNum, {Bin,PType}) ->
     io:format("Got error msg, ok.\n",[]),
     gen_tcp:close(SSocket),    
     gen_tcp:close(RSocket).
-    
+
+otp_9389(doc) -> ["Verify packet_size handles long HTTP header lines"];
+otp_9389(suite) -> [];
+otp_9389(Config) when is_list(Config) ->
+    ?line {ok, LS} = gen_tcp:listen(0, []),
+    ?line {ok, {_, PortNum}} = inet:sockname(LS),
+    io:format("Listening on ~w with port number ~p\n", [LS, PortNum]),
+    OrigLinkHdr = "/" ++ string:chars($S, 8192),
+    _Server = spawn_link(
+                fun() ->
+                        ?line {ok, S} = gen_tcp:accept(LS),
+                        ?line ok = inet:setopts(S, [{packet_size, 16384}]),
+                        ?line ok = otp_9389_loop(S, OrigLinkHdr),
+                        ?line ok = gen_tcp:close(S)
+                end),
+    ?line {ok, S} = gen_tcp:connect("localhost", PortNum,
+                                    [binary, {active, false}]),
+    Req = "GET / HTTP/1.1\r\n"
+        ++ "Host: localhost\r\n"
+        ++ "Link: " ++ OrigLinkHdr ++ "\r\n\r\n",
+    ?line ok = gen_tcp:send(S, Req),
+    ?line ok = inet:setopts(S, [{packet, http}]),
+    ?line {ok, {http_response, {1,1}, 200, "OK"}} = gen_tcp:recv(S, 0),
+    ?line ok = inet:setopts(S, [{packet, httph}, {packet_size, 16384}]),
+    ?line {ok, {http_header, _, 'Content-Length', _, "0"}} = gen_tcp:recv(S, 0),
+    ?line {ok, {http_header, _, "Link", _, LinkHdr}} = gen_tcp:recv(S, 0),
+    ?line true = (LinkHdr == OrigLinkHdr),
+    ok = gen_tcp:close(S),
+    ok = gen_tcp:close(LS),
+    ok.
+
+otp_9389_loop(S, OrigLinkHdr) ->
+    ?line ok = inet:setopts(S, [{active,once},{packet,http}]),
+    receive
+        {http, S, {http_request, 'GET', _, _}} ->
+            ?line ok = otp_9389_loop(S, OrigLinkHdr, undefined)
+    after
+        3000 ->
+            ?line error({timeout,request_line})
+    end.
+otp_9389_loop(S, OrigLinkHdr, ok) ->
+    ?line Resp = "HTTP/1.1 200 OK\r\nContent-length: 0\r\n" ++
+        "Link: " ++ OrigLinkHdr ++ "\r\n\r\n",
+    ?line ok = gen_tcp:send(S, Resp);
+otp_9389_loop(S, OrigLinkHdr, State) ->
+    ?line ok = inet:setopts(S, [{active,once}, {packet,httph}]),
+    receive
+        {http, S, http_eoh} ->
+            ?line otp_9389_loop(S, OrigLinkHdr, ok);
+        {http, S, {http_header, _, "Link", _, LinkHdr}} ->
+            ?line LinkHdr = OrigLinkHdr,
+            ?line otp_9389_loop(S, OrigLinkHdr, State);
+        {http, S, {http_header, _, _Hdr, _, _Val}} ->
+            ?line otp_9389_loop(S, OrigLinkHdr, State);
+        {http, S, {http_error, Err}} ->
+            ?line error({error, Err})
+    after
+        3000 ->
+            ?line error({timeout,header})
+    end.
diff --git a/lib/kernel/test/inet_SUITE.erl b/lib/kernel/test/inet_SUITE.erl
index aaa20b7398..7241b093d0 100644
--- a/lib/kernel/test/inet_SUITE.erl
+++ b/lib/kernel/test/inet_SUITE.erl
@@ -97,8 +97,12 @@ t_gethostbyaddr() ->
     required(v4).
 t_gethostbyaddr(doc) -> "Test the inet:gethostbyaddr/1 function.";
 t_gethostbyaddr(Config) when is_list(Config) ->
-    ?line {Name,FullName,IPStr,IP,Aliases,_,_} =
+    ?line {Name,FullName,IPStr,{A,B,C,D}=IP,Aliases,_,_} =
 	ct:get_config(test_host_ipv4_only),
+    ?line Rname = integer_to_list(D) ++ "." ++
+	integer_to_list(C) ++ "." ++
+	integer_to_list(B) ++ "." ++
+	integer_to_list(A) ++ ".in-addr.arpa",
     ?line {ok,HEnt} = inet:gethostbyaddr(IPStr),
     ?line {ok,HEnt} = inet:gethostbyaddr(IP),
     ?line {error,Error} = inet:gethostbyaddr(Name),
@@ -116,7 +120,7 @@ t_gethostbyaddr(Config) when is_list(Config) ->
 	    ok;
 	_ ->
 	    ?line check_elems([{HEnt#hostent.h_name,[Name,FullName]},
-			       {HEnt#hostent.h_aliases,[[],Aliases]}])
+			       {HEnt#hostent.h_aliases,[[],Aliases,[Rname]]}])
     end,
 
     ?line {_DName, _DFullName, DIPStr, DIP, _, _, _} =
diff --git a/lib/kernel/test/inet_res_SUITE.erl b/lib/kernel/test/inet_res_SUITE.erl
index 15b0ed5718..f3ba28e4f9 100644
--- a/lib/kernel/test/inet_res_SUITE.erl
+++ b/lib/kernel/test/inet_res_SUITE.erl
@@ -88,7 +88,7 @@ init_per_testcase(Func, Config) ->
 		    inet_db:ins_alt_ns(IP, Port);
 		_ -> ok
 	    end,
-	    Dog = test_server:timetrap(test_server:seconds(10)),
+	    Dog = test_server:timetrap(test_server:seconds(20)),
 	    [{nameserver,NsSpec},{res_lookup,Lookup},{watchdog,Dog}|Config]
     catch
 	SkipReason ->
@@ -303,7 +303,7 @@ basic(Config) when is_list(Config) ->
     {ok,Msg2} = inet_dns:decode(Bin2),
     %%
     %% lookup
-    [IP] = inet_res:lookup(Name, in, a, [{nameservers,[NS]}]),
+    [IP] = inet_res:lookup(Name, in, a, [{nameservers,[NS]},verbose]),
     %%
     %% gethostbyname
     {ok,#hostent{h_addr_list=[IP]}} = inet_res:gethostbyname(Name),
@@ -410,7 +410,7 @@ edns0(Config) when is_list(Config) ->
     false = inet_db:res_option(edns), % ASSERT
     true = inet_db:res_option(udp_payload_size) >= 1280, % ASSERT
     %% These will fall back to TCP
-    MXs = lists:sort(inet_res:lookup(Domain, in, mx, [{nameservers,[NS]}])),
+    MXs = lists:sort(inet_res:lookup(Domain, in, mx, [{nameservers,[NS]},verbose])),
     %%
     {ok,#hostent{h_addr_list=As}} = inet_res:getbyname(Domain++".", mx),
     MXs = lists:sort(As),
diff --git a/lib/kernel/test/inet_res_SUITE_data/run-named b/lib/kernel/test/inet_res_SUITE_data/run-named
index 39e7b1d5aa..211d2c7af7 100755
--- a/lib/kernel/test/inet_res_SUITE_data/run-named
+++ b/lib/kernel/test/inet_res_SUITE_data/run-named
@@ -2,7 +2,7 @@
 ##
 ## %CopyrightBegin%
 ## 
-## Copyright Ericsson AB 2009-2011. All Rights Reserved.
+## Copyright Ericsson AB 2009-2012. All Rights Reserved.
 ## 
 ## The contents of this file are subject to the Erlang Public License,
 ## Version 1.1, (the "License"); you may not use this file except in
@@ -47,7 +47,6 @@ CONF_FILE=named.conf
 INC_FILE=named_inc.conf
 PID_FILE=named.pid
 LOG_FILE=named.log
-EXIT_FILE=named.exit
 
 error () {
     r=$?
@@ -150,7 +149,6 @@ cat >>"$CONF_FILE" <<-CONF_FILE
 ( cd "$SRCDIR" && ls -1 ) | while read f; do
     cp -fp "$SRCDIR/$f" .
 done
-rm -f "$EXIT_FILE"
 
 # Start nameserver
 echo "Cwd: `pwd`"
@@ -158,19 +156,20 @@ echo "Nameserver: $NAMED_VER"
 echo "Port: $2"
 echo "ZoneDir: $3"
 echo "Command: $NAMED $NAMED_FG -c $CONF_FILE"
-($NAMED $NAMED_FG -c "$CONF_FILE" >"$LOG_FILE" 2>&1 </dev/null; \
- echo "$?" >"$EXIT_FILE")&
+$NAMED $NAMED_FG -c "$CONF_FILE" >"$LOG_FILE" 2>&1 </dev/null &
 NAMED_PID=$!
-trap "kill -TERM $NAMED_PID >/dev/null 2>&1; wait $NAMED_PID >/dev/null 2>&1" \
+echo "Pid: $NAMED_PID"
+trap "kill $NAMED_PID >/dev/null 2>&1; wait $NAMED_PID >/dev/null 2>&1" \
     0 1 2 3 15
-sleep 2 # Give name server time to load its zone files
-if [ -f "$EXIT_FILE" ]; then
-    ERROR="`cat "$EXIT_FILE"`"
-    (exit "$ERROR")& error "$NAMED returned $ERROR on start"
-else
+
+sleep 5 # Give name server time to load its zone files
+
+if ps -p $NAMED_PID >/dev/null 2>&1 || ps p $NAMED_PID >/dev/null 2>&1; then
     echo "Running: Enter \`\`quit'' to terminate nameserver[$NAMED_PID]..."
     while read LINE; do
 	test :"$LINE" = :'quit' && break
     done
+    echo "Closing: Terminating nameserver..."
+else
+    error "$NAMED failed to start"
 fi
-echo "Closing: Terminating nameserver..."
diff --git a/lib/kernel/test/os_SUITE.erl b/lib/kernel/test/os_SUITE.erl
index b08b12c978..ae3410d13f 100644
--- a/lib/kernel/test/os_SUITE.erl
+++ b/lib/kernel/test/os_SUITE.erl
@@ -117,9 +117,21 @@ space_in_name(Config) when is_list(Config) ->
     ?line ok = file:change_mode(Echo, 8#777),	% Make it executable on Unix.
 
     %% Run the echo program.
-
-    ?line comp("", os:cmd("\"" ++ Echo ++ "\"")),
-    ?line comp("a::b::c", os:cmd("\"" ++ Echo ++ "\" a b c")),
+    %% Quoting on windows depends on if the full path of the executable 
+    %% contains special characters. Paths when running common_tests always
+    %% include @, why Windows would always fail if we do not double the 
+    %% quotes (this is the behaviour of cmd.exe, not Erlang's idea).
+    Quote = case os:type() of
+                {win32,_} ->
+		    case (Echo -- "&<>()@^|") =:= Echo of
+		        true -> "\"";
+			false -> "\"\""
+	 	    end;
+		_ ->
+		    "\""
+	    end,
+    ?line comp("", os:cmd(Quote ++ Echo ++ Quote)),
+    ?line comp("a::b::c", os:cmd(Quote ++ Echo ++ Quote ++ " a b c")),
     ?t:sleep(5),
     ?line [] = receive_all(),
     ok.
diff --git a/lib/kernel/test/prim_file_SUITE.erl b/lib/kernel/test/prim_file_SUITE.erl
index 00eda6292f..3e2202922c 100644
--- a/lib/kernel/test/prim_file_SUITE.erl
+++ b/lib/kernel/test/prim_file_SUITE.erl
@@ -32,7 +32,10 @@
 	  file_info_basic_directory_a/1, file_info_basic_directory_b/1,
 	  file_info_bad_a/1, file_info_bad_b/1, 
 	  file_info_times_a/1, file_info_times_b/1, 
-	  file_write_file_info_a/1, file_write_file_info_b/1]).
+	  file_write_file_info_a/1, file_write_file_info_b/1,
+	  file_read_file_info_opts/1, file_write_file_info_opts/1,
+	  file_write_read_file_info_opts/1
+      ]).
 -export([rename_a/1, rename_b/1, 
 	 access/1, truncate/1, datasync/1, sync/1,
 	 read_write/1, pread_write/1, append/1, exclusive/1]).
@@ -49,6 +52,10 @@
 	  list_dir_limit/1]).
 
 -export([advise/1]).
+-export([large_write/1]).
+
+%% System probe functions that might be handy to check from the shell
+-export([unix_free/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 -include_lib("kernel/include/file.hrl").
@@ -80,7 +87,7 @@ groups() ->
        cur_dir_1a, cur_dir_1b]},
      {files, [],
       [{group, open}, {group, pos}, {group, file_info},
-       truncate, sync, datasync, advise]},
+       truncate, sync, datasync, advise, large_write]},
      {open, [],
       [open1, modes, close, access, read_write, pread_write,
        append, exclusive]},
@@ -90,7 +97,10 @@ groups() ->
        file_info_basic_directory_a,
        file_info_basic_directory_b, file_info_bad_a,
        file_info_bad_b, file_info_times_a, file_info_times_b,
-       file_write_file_info_a, file_write_file_info_b]},
+       file_write_file_info_a, file_write_file_info_b,
+       file_read_file_info_opts, file_write_file_info_opts,
+       file_write_read_file_info_opts
+   ]},
      {errors, [],
       [e_delete, e_rename, e_make_dir, e_del_dir]},
      {compression, [],
@@ -284,6 +294,7 @@ make_del_dir(Config, Handle, Suffix) ->
 	%% Don't worry ;-) the parent directory should never be empty, right?
 	?line case ?PRIM_FILE_call(del_dir, Handle, [".."]) of
 		  {error, eexist} -> ok;
+		  {error, eacces} -> ok;	%OpenBSD
 		  {error, einval} -> ok		%FreeBSD
 	      end,
 	?line {error, enoent} = ?PRIM_FILE_call(del_dir, Handle, [""]),
@@ -1074,6 +1085,104 @@ file_write_file_info(Config, Handle, Suffix) ->
     ?line test_server:timetrap_cancel(Dog),
     ok.
 
+%% Test the write_file_info/3 function.
+
+file_write_file_info_opts(suite) -> [];
+file_write_file_info_opts(doc) -> [];
+file_write_file_info_opts(Config) when is_list(Config) ->
+    {ok, Handle} = ?PRIM_FILE:start(),
+    Dog = test_server:timetrap(test_server:seconds(10)),
+    RootDir = get_good_directory(Config),
+    test_server:format("RootDir = ~p", [RootDir]),
+
+    Name = filename:join(RootDir, atom_to_list(?MODULE) ++"_write_file_info_opts"),
+    ok   = ?PRIM_FILE:write_file(Name, "hello_opts"),
+
+    lists:foreach(fun
+	    ({FI, Opts}) ->
+		ok = ?PRIM_FILE_call(write_file_info, Handle, [Name, FI, Opts])
+	end, [ 
+	    {#file_info{ mode=8#600, atime = Time, mtime = Time, ctime = Time}, Opts} || 
+	    Opts <- [[{time, posix}]],
+	    Time <- [ 0,1,-1,100,-100,1000,-1000,10000,-10000 ]
+	]),
+
+    % REM: determine date range dependent on time_t = Uint32 | Sint32 | Sint64
+    % Determine time_t on os:type()?
+    lists:foreach(fun
+	    ({FI, Opts}) ->
+		ok = ?PRIM_FILE_call(write_file_info, Handle, [Name, FI, Opts])
+	end, [ 
+	    {#file_info{ mode=8#400, atime = Time, mtime = Time, ctime = Time}, Opts} || 
+	    Opts <- [[{time, universal}],[{time, local}]],
+	    Time <- [
+		{{1970,1,1},{0,0,0}},
+		{{1970,1,1},{0,0,1}},
+		{{1969,12,31},{23,59,59}},
+		{{1908,2,3},{23,59,59}},
+		{{2012,2,3},{23,59,59}},
+		{{2037,2,3},{23,59,59}},
+		erlang:localtime()
+	    ]]),
+    ok   = ?PRIM_FILE:stop(Handle),
+    test_server:timetrap_cancel(Dog),
+    ok.
+
+file_read_file_info_opts(suite) -> [];
+file_read_file_info_opts(doc) -> [];
+file_read_file_info_opts(Config) when is_list(Config) ->
+    {ok, Handle} = ?PRIM_FILE:start(),
+    Dog = test_server:timetrap(test_server:seconds(10)),
+    RootDir = get_good_directory(Config),
+    test_server:format("RootDir = ~p", [RootDir]),
+
+    Name = filename:join(RootDir, atom_to_list(?MODULE) ++"_read_file_info_opts"),
+    ok   = ?PRIM_FILE:write_file(Name, "hello_opts"),
+
+    lists:foreach(fun
+	    (Opts) ->
+		{ok,_} = ?PRIM_FILE_call(read_file_info, Handle, [Name, Opts])
+    end, [[{time, Type}] || Type <- [local, universal, posix]]),
+    ok   = ?PRIM_FILE:stop(Handle),
+    test_server:timetrap_cancel(Dog),
+    ok.
+
+%% Test the write and read back *_file_info/3 functions.
+
+file_write_read_file_info_opts(suite) -> [];
+file_write_read_file_info_opts(doc) -> [];
+file_write_read_file_info_opts(Config) when is_list(Config) ->
+    {ok, Handle} = ?PRIM_FILE:start(),
+    Dog = test_server:timetrap(test_server:seconds(10)),
+    RootDir = get_good_directory(Config),
+    test_server:format("RootDir = ~p", [RootDir]),
+
+    Name = filename:join(RootDir, atom_to_list(?MODULE) ++"_read_write_file_info_opts"),
+    ok   = ?PRIM_FILE:write_file(Name, "hello_opts2"),
+
+    ok = file_write_read_file_info_opts(Handle, Name, {{1989, 04, 28}, {19,30,22}}, [{time, local}]),
+    ok = file_write_read_file_info_opts(Handle, Name, {{1989, 04, 28}, {19,30,22}}, [{time, universal}]),
+    ok = file_write_read_file_info_opts(Handle, Name, {{1930, 04, 28}, {19,30,22}}, [{time, local}]),
+    ok = file_write_read_file_info_opts(Handle, Name, {{1930, 04, 28}, {19,30,22}}, [{time, universal}]),
+    ok = file_write_read_file_info_opts(Handle, Name, 1, [{time, posix}]),
+    ok = file_write_read_file_info_opts(Handle, Name, -1, [{time, posix}]),
+    ok = file_write_read_file_info_opts(Handle, Name, 300000, [{time, posix}]),
+    ok = file_write_read_file_info_opts(Handle, Name, -300000, [{time, posix}]),
+    ok = file_write_read_file_info_opts(Handle, Name, 0, [{time, posix}]),
+
+    ok = ?PRIM_FILE:stop(Handle),
+    test_server:timetrap_cancel(Dog),
+    ok.
+
+file_write_read_file_info_opts(Handle, Name, Mtime, Opts) ->
+    {ok, FI} = ?PRIM_FILE_call(read_file_info, Handle, [Name, Opts]),
+    FI2 = FI#file_info{ mtime = Mtime },
+    ok = ?PRIM_FILE_call(write_file_info, Handle, [Name, FI2, Opts]),
+    {ok, FI2} = ?PRIM_FILE_call(read_file_info, Handle, [Name, Opts]),
+    ok.
+
+
+
 %% Returns a directory on a file system that has correct file times.
 
 get_good_directory(Config) ->
@@ -1218,6 +1327,41 @@ advise(Config) when is_list(Config) ->
     ?line test_server:timetrap_cancel(Dog),
     ok.
 
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+large_write(Config) when is_list(Config) ->
+    run_large_file_test(Config,
+			fun(Name) -> do_large_write(Name) end,
+			"_large_write").
+
+do_large_write(Name) ->
+    Dog = test_server:timetrap(test_server:minutes(60)),
+    ChunkSize = (256 bsl 20) + 1,	% 256 M + 1
+    Chunks = 16,			% times 16 -> 4 G + 16
+    Base = 100,
+    Interleave = lists:seq(Base+1, Base+Chunks),
+    Chunk = <<0:ChunkSize/unit:8>>,
+    Data = zip_data(lists:duplicate(Chunks, Chunk), Interleave),
+    Size = Chunks * ChunkSize + Chunks,	% 4 G + 32
+    Wordsize = erlang:system_info(wordsize),
+    case prim_file:write_file(Name, Data) of
+	ok when Wordsize =:= 8 ->
+	    {ok,#file_info{size=Size}} = file:read_file_info(Name),
+	    {ok,Fd} = prim_file:open(Name, [read]),
+	    check_large_write(Dog, Fd, ChunkSize, 0, Interleave);
+	{error,einval} when Wordsize =:= 4 ->
+	    ok
+    end.
+
+check_large_write(Dog, Fd, ChunkSize, Pos, [X|Interleave]) ->
+    Pos1 = Pos + ChunkSize,
+    {ok,Pos1} = prim_file:position(Fd, {cur,ChunkSize}),
+    {ok,[X]} = prim_file:read(Fd, 1),
+    check_large_write(Dog, Fd, ChunkSize, Pos1+1, Interleave);
+check_large_write(Dog, Fd, _, _, []) ->
+    eof = prim_file:read(Fd, 1),
+    test_server:timetrap_cancel(Dog),
+    ok.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -1940,3 +2084,70 @@ list_dir_limit_cleanup(Dir, Handle, N, Cnt) ->
     ?PRIM_FILE:delete(Handle, filename:join(Dir, Name)),
     list_dir_limit_cleanup(Dir, Handle, N, Cnt+1).
 
+%%%
+%%% Support for testing large files.
+%%%
+
+run_large_file_test(Config, Run, Name) ->
+    case {os:type(),os:version()} of
+	{{win32,nt},_} ->
+	    do_run_large_file_test(Config, Run, Name);
+	{{unix,sunos},OsVersion} when OsVersion < {5,5,1} ->
+	    {skip,"Only supported on Win32, Unix or SunOS >= 5.5.1"};
+	{{unix,_},_} ->
+	    N = unix_free(?config(priv_dir, Config)),
+	    io:format("Free disk: ~w KByte~n", [N]),
+	    if N < 5 bsl 20 ->
+		    %% Less than 5 GByte free
+		    {skip,"Less than 5 GByte free disk"};
+	       true ->
+		    do_run_large_file_test(Config, Run, Name)
+	    end;
+	_ -> 
+	    {skip,"Only supported on Win32, Unix or SunOS >= 5.5.1"}
+    end.
+
+
+do_run_large_file_test(Config, Run, Name0) ->
+    Name = filename:join(?config(priv_dir, Config),
+			 ?MODULE_STRING ++ Name0),
+    
+    %% Set up a process that will delete this file.
+    Tester = self(),
+    Deleter = 
+	spawn(
+	  fun() ->
+		  Mref = erlang:monitor(process, Tester),
+		  receive
+		      {'DOWN',Mref,_,_,_} -> ok;
+		      {Tester,done} -> ok
+		  end,
+		  prim_file:delete(Name)
+	  end),
+    
+    %% Run the test case.
+    Res = Run(Name),
+
+    %% Delete file and finish deleter process.
+    Mref = erlang:monitor(process, Deleter),
+    Deleter ! {Tester,done},
+    receive {'DOWN',Mref,_,_,_} -> ok end,
+
+    Res.
+
+unix_free(Path) ->
+    Cmd = ["df -k '",Path,"'"],
+    DF0 = os:cmd(Cmd),
+    io:format("$ ~s~n~s", [Cmd,DF0]),
+    Lines = re:split(DF0, "\n", [trim,{return,list}]),
+    Last = lists:last(Lines),
+    RE = "^[^\\s]*\\s+\\d+\\s+\\d+\\s+(\\d+)",
+    {match,[Avail]} = re:run(Last, RE, [{capture,all_but_first,list}]),
+    list_to_integer(Avail).
+
+zip_data([A|As], [B|Bs]) ->
+    [[A,B]|zip_data(As, Bs)];
+zip_data([], Bs) ->
+    Bs;
+zip_data(As, []) ->
+    As.
diff --git a/lib/kernel/test/sendfile_SUITE.erl b/lib/kernel/test/sendfile_SUITE.erl
new file mode 100644
index 0000000000..6d0848ee05
--- /dev/null
+++ b/lib/kernel/test/sendfile_SUITE.erl
@@ -0,0 +1,355 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(sendfile_SUITE).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("kernel/include/file.hrl").
+
+-compile(export_all).
+
+all() ->
+    [t_sendfile_small
+     ,t_sendfile_big
+     ,t_sendfile_partial
+     ,t_sendfile_offset
+     ,t_sendfile_sendafter
+     ,t_sendfile_recvafter
+     ,t_sendfile_sendduring
+     ,t_sendfile_recvduring
+     ,t_sendfile_closeduring
+     ,t_sendfile_crashduring
+    ].
+
+init_per_suite(Config) ->
+    Priv = ?config(priv_dir, Config),
+    SFilename = filename:join(Priv, "sendfile_small.html"),
+    {ok, DS} = file:open(SFilename,[write,raw]),
+    file:write(DS,"yo baby yo"),
+    file:sync(DS),
+    file:close(DS),
+    BFilename = filename:join(Priv, "sendfile_big.html"),
+    {ok, DB} = file:open(BFilename,[write,raw]),
+    [file:write(DB,[<<0:(10*8*1024*1024)>>]) || _I <- lists:seq(1,51)],
+    file:sync(DB),
+    file:close(DB),
+    [{small_file, SFilename},
+     {file_opts,[raw,binary]},
+     {big_file, BFilename}|Config].
+
+end_per_suite(Config) ->
+    file:delete(proplists:get_value(big_file, Config)).
+
+init_per_testcase(TC,Config) when TC == t_sendfile_recvduring;
+				  TC == t_sendfile_sendduring ->
+    Filename = proplists:get_value(small_file, Config),
+
+    Send = fun(Sock) ->
+		   {_Size, Data} = sendfile_file_info(Filename),
+		   {ok,D} = file:open(Filename, [raw,binary,read]),
+		   prim_file:sendfile(D, Sock, 0, 0, 0,
+				      [],[],false,false,false),
+		   Data
+	   end,
+
+    %% Check if sendfile is supported on this platform
+    case catch sendfile_send(Send) of
+	ok ->
+	    Config;
+	Error ->
+	    ct:log("Error: ~p",[Error]),
+	    {skip,"Not supported"}
+    end;
+init_per_testcase(_Tc,Config) ->
+    Config.
+
+
+t_sendfile_small(Config) when is_list(Config) ->
+    Filename = proplists:get_value(small_file, Config),
+
+    Send = fun(Sock) ->
+		   {Size, Data} = sendfile_file_info(Filename),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   Data
+	   end,
+
+    ok = sendfile_send(Send).
+
+t_sendfile_big(Config) when is_list(Config) ->
+    Filename = proplists:get_value(big_file, Config),
+
+    Send = fun(Sock) ->
+		   {ok, #file_info{size = Size}} =
+		       file:read_file_info(Filename),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   Size
+	   end,
+
+    ok = sendfile_send({127,0,0,1}, Send, 0).
+
+t_sendfile_partial(Config) ->
+    Filename = proplists:get_value(small_file, Config),
+    FileOpts = proplists:get_value(file_opts, Config, []),
+
+    SendSingle = fun(Sock) ->
+			 {_Size, <<Data:5/binary,_/binary>>} =
+			     sendfile_file_info(Filename),
+			 {ok,D} = file:open(Filename,[read|FileOpts]),
+			 {ok,5} = file:sendfile(D,Sock,0,5,[]),
+			 file:close(D),
+			 Data
+		 end,
+    ok = sendfile_send(SendSingle),
+
+    {_Size, <<FData:5/binary,SData:3/binary,_/binary>>} =
+	sendfile_file_info(Filename),
+    {ok,D} = file:open(Filename,[read|FileOpts]),
+    {ok, <<FData/binary>>} = file:read(D,5),
+    FSend = fun(Sock) ->
+		    {ok,5} = file:sendfile(D,Sock,0,5,[]),
+		    FData
+	    end,
+
+    ok = sendfile_send(FSend),
+
+    SSend = fun(Sock) ->
+		    {ok,3} = file:sendfile(D,Sock,5,3,[]),
+		    SData
+	    end,
+
+    ok = sendfile_send(SSend),
+
+    {ok, <<SData/binary>>} = file:read(D,3),
+
+    file:close(D).
+
+t_sendfile_offset(Config) ->
+    Filename = proplists:get_value(small_file, Config),
+    FileOpts = proplists:get_value(file_opts, Config, []),
+
+    Send = fun(Sock) ->
+		   {_Size, <<_:5/binary,Data:3/binary,_/binary>> = AllData} =
+		       sendfile_file_info(Filename),
+		   {ok,D} = file:open(Filename,[read|FileOpts]),
+		   {ok,3} = file:sendfile(D,Sock,5,3,[]),
+		   {ok, AllData} = file:read(D,100),
+		   file:close(D),
+		   Data
+	   end,
+    ok = sendfile_send(Send).
+
+
+t_sendfile_sendafter(Config) ->
+    Filename = proplists:get_value(small_file, Config),
+
+    Send = fun(Sock) ->
+		   {Size, Data} = sendfile_file_info(Filename),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   ok = gen_tcp:send(Sock, <<2>>),
+		   <<Data/binary,2>>
+	   end,
+
+    ok = sendfile_send(Send).
+
+t_sendfile_recvafter(Config) ->
+    Filename = proplists:get_value(small_file, Config),
+
+    Send = fun(Sock) ->
+		   {Size, Data} = sendfile_file_info(Filename),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   ok = gen_tcp:send(Sock, <<1>>),
+		   {ok,<<1>>} = gen_tcp:recv(Sock, 1),
+		   <<Data/binary,1>>
+	   end,
+
+    ok = sendfile_send(Send).
+
+t_sendfile_sendduring(Config) ->
+    Filename = proplists:get_value(big_file, Config),
+
+    Send = fun(Sock) ->
+		   {ok, #file_info{size = Size}} =
+		       file:read_file_info(Filename),
+		   spawn_link(fun() ->
+				      timer:sleep(50),
+				      ok = gen_tcp:send(Sock, <<2>>)
+			      end),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   Size+1
+	   end,
+
+    ok = sendfile_send({127,0,0,1}, Send, 0).
+
+t_sendfile_recvduring(Config) ->
+    Filename = proplists:get_value(big_file, Config),
+
+    Send = fun(Sock) ->
+		   {ok, #file_info{size = Size}} =
+		       file:read_file_info(Filename),
+		   spawn_link(fun() ->
+				      timer:sleep(50),
+				      ok = gen_tcp:send(Sock, <<1>>),
+				      {ok,<<1>>} = gen_tcp:recv(Sock, 1)
+			      end),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   timer:sleep(1000),
+		   Size+1
+	   end,
+
+    ok = sendfile_send({127,0,0,1}, Send, 0).
+
+t_sendfile_closeduring(Config) ->
+    Filename = proplists:get_value(big_file, Config),
+
+    Send = fun(Sock,SFServPid) ->
+		   spawn_link(fun() ->
+				      timer:sleep(50),
+				      SFServPid ! stop
+			      end),
+		   case erlang:system_info(thread_pool_size) of
+		       0 ->
+			   {error, closed} = file:sendfile(Filename, Sock);
+		       _Else ->
+			   %% This can return how much has been sent or
+			   %% {error,closed} depending on OS.
+			   %% How much is sent impossible to know as
+			   %%  the socket was closed mid sendfile
+			   case file:sendfile(Filename, Sock) of
+			       {error, closed} ->
+				   ok;
+			       {ok, Size}  when is_integer(Size) ->
+				   ok
+			   end
+		   end,
+		   -1
+	   end,
+
+    ok = sendfile_send({127,0,0,1}, Send, 0).
+
+t_sendfile_crashduring(Config) ->
+    Filename = proplists:get_value(big_file, Config),
+
+    error_logger:add_report_handler(?MODULE,[self()]),
+
+    Send = fun(Sock) ->
+		   spawn_link(fun() ->
+				      timer:sleep(50),
+				      exit(die)
+			      end),
+		   {error, closed} = file:sendfile(Filename, Sock),
+		   -1
+	   end,
+    process_flag(trap_exit,true),
+    spawn_link(fun() ->
+		       ok = sendfile_send({127,0,0,1}, Send, 0)
+	       end),
+    receive
+	{stolen,Reason} ->
+	    process_flag(trap_exit,false),
+	    ct:fail(Reason)
+	after 200 ->
+		receive
+		    {'EXIT',_,Reason} ->
+			process_flag(trap_exit,false),
+			die = Reason
+		end
+	end.
+
+%% Generic sendfile server code
+sendfile_send(Send) ->
+    sendfile_send({127,0,0,1},Send).
+sendfile_send(Host, Send) ->
+    sendfile_send(Host, Send, []).
+sendfile_send(Host, Send, Orig) ->
+    SFServer = spawn_link(?MODULE, sendfile_server, [self(), Orig]),
+    receive
+	{server, Port} ->
+	    {ok, Sock} = gen_tcp:connect(Host, Port,
+					       [binary,{packet,0},
+						{active,false}]),
+	    Data = case proplists:get_value(arity,erlang:fun_info(Send)) of
+		       1 ->
+			   Send(Sock);
+		       2 ->
+			   Send(Sock, SFServer)
+		   end,
+	    ok = gen_tcp:close(Sock),
+	    receive
+		{ok, Bin} ->
+		    Data = Bin,
+		    ok
+	    end
+    end.
+
+sendfile_server(ClientPid, Orig) ->
+    {ok, LSock} = gen_tcp:listen(0, [binary, {packet, 0},
+				     {active, true},
+				     {reuseaddr, true}]),
+    {ok, Port} = inet:port(LSock),
+    ClientPid ! {server, Port},
+    {ok, Sock} = gen_tcp:accept(LSock),
+    {ok, Bin} = sendfile_do_recv(Sock, Orig),
+    ClientPid ! {ok, Bin},
+    gen_tcp:send(Sock, <<1>>).
+
+-define(SENDFILE_TIMEOUT, 10000).
+sendfile_do_recv(Sock, Bs) ->
+    receive
+	stop when Bs /= 0,is_integer(Bs) ->
+	    gen_tcp:close(Sock),
+	    {ok, -1};
+	{tcp, Sock, B} ->
+	    case binary:match(B,<<1>>) of
+		nomatch when is_list(Bs) ->
+		    sendfile_do_recv(Sock, [B|Bs]);
+		nomatch when is_integer(Bs) ->
+		    sendfile_do_recv(Sock, byte_size(B) + Bs);
+		_ when is_list(Bs) ->
+		    ct:log("Stopped due to a 1"),
+		    {ok, iolist_to_binary(lists:reverse([B|Bs]))};
+		_ when is_integer(Bs) ->
+		    ct:log("Stopped due to a 1"),
+		    {ok, byte_size(B) + Bs}
+	    end;
+	{tcp_closed, Sock} when is_list(Bs) ->
+	    ct:log("Stopped due to close"),
+	    {ok, iolist_to_binary(lists:reverse(Bs))};
+	{tcp_closed, Sock} when is_integer(Bs) ->
+	    ct:log("Stopped due to close"),
+	    {ok, Bs}
+    after ?SENDFILE_TIMEOUT ->
+	    ct:log("Sendfile timeout"),
+	    timeout
+    end.
+
+sendfile_file_info(File) ->
+    {ok, #file_info{size = Size}} = file:read_file_info(File),
+    {ok, Data} = file:read_file(File),
+    {Size, Data}.
+
+
+%% Error handler 
+
+init([Proc]) -> {ok,Proc}.
+
+handle_event({error,noproc,{emulator,Format,Args}}, Proc) -> 
+    Proc ! {stolen,lists:flatten(io_lib:format(Format,Args))},
+    {ok,Proc};
+handle_event(_, Proc) -> 
+    {ok,Proc}.
diff --git a/lib/kernel/test/seq_trace_SUITE_data/echo_drv.c b/lib/kernel/test/seq_trace_SUITE_data/echo_drv.c
index dcbb3348d8..aa182b0877 100644
--- a/lib/kernel/test/seq_trace_SUITE_data/echo_drv.c
+++ b/lib/kernel/test/seq_trace_SUITE_data/echo_drv.c
@@ -3,7 +3,7 @@
 
 static ErlDrvPort erlang_port;
 static ErlDrvData echo_start(ErlDrvPort, char *);
-static void echo_stop(ErlDrvData), echo_read(ErlDrvData, char*, int);
+static void echo_stop(ErlDrvData), echo_read(ErlDrvData, char*, ErlDrvSizeT);
 
 static ErlDrvEntry echo_driver_entry = { 
     NULL,
@@ -13,7 +13,22 @@ static ErlDrvEntry echo_driver_entry = {
     NULL,
     NULL,
     "echo_drv",
-    NULL
+    NULL,
+    NULL, /* handle */
+    NULL, /* control */
+    NULL, /* timeout */
+    NULL, /* outputv */
+    NULL, /* ready_async */
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL,
 };
 
 DRIVER_INIT(echo_drv)
@@ -31,7 +46,7 @@ static ErlDrvData echo_start(ErlDrvPort port,char *buf)
     return (ErlDrvData)port;
 }
 
-static void echo_read(ErlDrvData data, char *buf, int count)
+static void echo_read(ErlDrvData data, char *buf, ErlDrvSizeT count)
 {
     driver_output(erlang_port, buf, count);
 }
diff --git a/lib/kernel/test/wrap_log_reader_SUITE.erl b/lib/kernel/test/wrap_log_reader_SUITE.erl
index ffc8def626..96dc3e6d33 100644
--- a/lib/kernel/test/wrap_log_reader_SUITE.erl
+++ b/lib/kernel/test/wrap_log_reader_SUITE.erl
@@ -561,4 +561,4 @@ rec(M, Where) ->
     end.
 	    
 pps() ->
-    {erlang:ports(), lists:filter({erlang, is_process_alive}, processes())}.
+    {erlang:ports(), lists:filter(fun erlang:is_process_alive/1, processes())}.
diff --git a/lib/kernel/vsn.mk b/lib/kernel/vsn.mk
index 76c62ece67..76d3003ff4 100644
--- a/lib/kernel/vsn.mk
+++ b/lib/kernel/vsn.mk
@@ -1 +1 @@
-KERNEL_VSN = 2.15
+KERNEL_VSN = 2.15.1
diff --git a/lib/megaco/Makefile b/lib/megaco/Makefile
index 10efaf667f..9dc84c122c 100644
--- a/lib/megaco/Makefile
+++ b/lib/megaco/Makefile
@@ -97,9 +97,8 @@ endif
 CONFIGURE_OPTS = $(FLEX_SCANNER_LINENO_ENABLER) $(FLEX_SCANNER_REENTRANT_ENABLER)
 
 
-MEGACO_DIA_PLT     = ./priv/megaco.plt
-MEGACO_DIA_PLT_LOG = $(basename $(MEGACO_DIA_PLT)).dialyzer_plt_log
-MEGACO_DIA_LOG     = $(basename $(MEGACO_DIA_PLT)).dialyzer_log
+DIA_PLT      = ./priv/plt/$(APPLICATION).plt
+DIA_ANALYSIS = $(basename $(DIA_PLT)).dialyzer_analysis
 
 
 # ----------------------------------------------------
@@ -140,8 +139,8 @@ info:
 	@echo "OTP_INSTALL_DIR: $(OTP_INSTALL_DIR)"
 	@echo "APP_INSTALL_DIR: $(APP_INSTALL_DIR)"
 	@echo ""
-	@echo "MEGACO_PLT     = $(MEGACO_PLT)"
-	@echo "MEGACO_DIA_LOG = $(MEGACO_DIA_LOG)"
+	@echo "DIA_PLT:      $(DIA_PLT)"
+	@echo "DIA_ANALYSIS: $(DIA_ANALYSIS)"
 	@echo ""
 
 version:
@@ -201,18 +200,18 @@ tar: $(APP_TAR_FILE)
 $(APP_TAR_FILE): $(APP_DIR)
 	(cd $(APP_RELEASE_DIR); gtar zcf $(APP_TAR_FILE) $(DIR_NAME))
 
-dialyzer_plt: $(MEGACO_DIA_PLT)
+dialyzer_plt: $(DIA_PLT)
 
-$(MEGACO_DIA_PLT): 
-	@echo "Building megaco plt file"
+$(DIA_PLT): 
+	@echo "Building $(APPLICATION) plt file"
 	@dialyzer --build_plt \
                   --output_plt $@ \
-                  -r ../megaco/ebin \
-                  -o $(MEGACO_DIA_PLT_LOG) \
+                  -r ../$(APPLICATION)/ebin \
+                  --output $(DIA_ANALYSIS) \
                   --verbose
 
-dialyzer: $(MEGACO_DIA_PLT)
-	(dialyzer --plt $< \
-                  -o $(MEGACO_DIA_LOG) \
-                  ../megaco/ebin \
-                  && (shell cat $(MEGACO_DIA_LOG)))
+dialyzer: $(DIA_PLT)
+	@echo "Running dialyzer on $(APPLICATION)"
+	@dialyzer --plt $< \
+                  ../$(APPLICATION)/ebin \
+                  --verbose
diff --git a/lib/megaco/configure.in b/lib/megaco/configure.in
index b88e17ec85..42c50b8961 100644
--- a/lib/megaco/configure.in
+++ b/lib/megaco/configure.in
@@ -208,7 +208,7 @@ if test "X$host" = "Xwin32"; then
 else
   case $host_os in
     darwin*)
-	CFLAGS="$CFLAGS -no-cpp-precomp -fno-common"
+	CFLAGS="$CFLAGS -fno-common"
 	;;
   esac
 
diff --git a/lib/megaco/doc/src/Makefile b/lib/megaco/doc/src/Makefile
index f782afc3f6..137f0315d8 100644
--- a/lib/megaco/doc/src/Makefile
+++ b/lib/megaco/doc/src/Makefile
@@ -1,7 +1,7 @@
 # 
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2000-2010. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -123,10 +123,13 @@ imgs: $(IMG_FILES:%=$(HTMLDIR)/%)
 man: $(MAN3_FILES) 
 
 $(INDEX_TARGET): $(INDEX_SRC) $(APP_FILE)
-	sed -e 's/%VSN%/$(VSN)/; \
-                s/%ERLANG_SITE%/www\.erlang\.se\//; \
-                s/%UP_ONE_LEVEL%/..\/..\/..\/doc\/index.html/; \
-                s/%OFF_PRINT%/pdf\/megaco-$(VSN).pdf/' $< > $@
+	sed -e 's/%VSN%/$(VSN)/' $< > $@
+
+$(INDEX_TARGET): $(INDEX_SRC) $(APP_FILE)
+	sed -e 's/%VSN%/$(VSN)/' \
+            -e 's/%ERLANG_SITE%/www\.erlang\.se\//' \
+            -e 's/%UP_ONE_LEVEL%/..\/..\/..\/doc\/index.html/' \
+            -e 's/%OFF_PRINT%/pdf\/megaco-$(VSN).pdf/' $< > $@
 
 debug opt: 
 
diff --git a/lib/megaco/doc/src/megaco_run.xml b/lib/megaco/doc/src/megaco_run.xml
index 9ed589b079..b723778890 100644
--- a/lib/megaco/doc/src/megaco_run.xml
+++ b/lib/megaco/doc/src/megaco_run.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2000</year><year>2010</year>
+      <year>2000</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -317,7 +317,7 @@
       "in storage" (indicated by the transaction id) it is assumed to 
       be a resend and everything stored is sent. This could happen if 
       the values of the <c><![CDATA[trans_timer]]></c> and the
-      <c><![CDATA[request_timer]]></c> is not properly choosen.</p>
+      <c><![CDATA[request_timer]]></c> is not properly chosen.</p>
   </section>
 
   <section>
diff --git a/lib/megaco/doc/src/notes.xml b/lib/megaco/doc/src/notes.xml
index baf8c6a201..d9c575885f 100644
--- a/lib/megaco/doc/src/notes.xml
+++ b/lib/megaco/doc/src/notes.xml
@@ -36,9 +36,9 @@
     section is the version number of Megaco.</p>
 
 
-  <section><title>Megaco 3.15.1.2</title>
+  <section><title>Megaco 3.16</title>
 
-    <p>Version 3.15.1.2 supports code replacement in runtime from/to
+    <p>Version 3.16 supports code replacement in runtime from/to
       version 3.15.1.1, 3.15.1 and 3.15.</p>
 
     <section>
@@ -67,6 +67,12 @@
           <p>Own Id: OTP-9679</p>
         </item>
 
+        <item>
+	  <p>The flex driver has been updated to support the new driver format
+	  (changed to enable 64-bit aware drivers). </p>
+          <p>Own Id: OTP-9795</p>
+        </item>
+
      </list>
 
     </section>
@@ -88,7 +94,25 @@
       
     </section>
 
-  </section> <!-- 3.15.1.2 -->
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+
+<!--
+      <list type="bulleted">
+        <item>
+	  <p>Due to the change in the flex driver API, 
+	  we may no longer be able to build and/or use 
+	  the flex driver without reentrant support. </p>
+          <p>Own Id: OTP-9795</p>
+        </item>
+
+      </list>
+-->
+
+    </section>
+
+  </section> <!-- 3.16 -->
 
 
   <section><title>Megaco 3.15.1.1</title>
diff --git a/lib/megaco/include/megaco_message_prev3a.hrl b/lib/megaco/include/megaco_message_prev3a.hrl
index 7b7a60fdae..3e73f94761 100644
--- a/lib/megaco/include/megaco_message_prev3a.hrl
+++ b/lib/megaco/include/megaco_message_prev3a.hrl
@@ -563,7 +563,7 @@
 
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 %% %% String of at least 1 character and at most 67 characters (ASN.1). 
 %% %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 %% -record('ServiceChangeProfile',
diff --git a/lib/megaco/include/megaco_message_prev3b.hrl b/lib/megaco/include/megaco_message_prev3b.hrl
index cfabb29941..b4bde2bb7e 100644
--- a/lib/megaco/include/megaco_message_prev3b.hrl
+++ b/lib/megaco/include/megaco_message_prev3b.hrl
@@ -563,7 +563,7 @@
 
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 %% %% String of at least 1 character and at most 67 characters (ASN.1). 
 %% %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 %% -record('ServiceChangeProfile',
diff --git a/lib/megaco/include/megaco_message_prev3c.hrl b/lib/megaco/include/megaco_message_prev3c.hrl
index 32024c9a02..90612f66c8 100644
--- a/lib/megaco/include/megaco_message_prev3c.hrl
+++ b/lib/megaco/include/megaco_message_prev3c.hrl
@@ -748,7 +748,7 @@
 
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 %% %% String of at least 1 character and at most 67 characters (ASN.1). 
 %% %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 %% -record('ServiceChangeProfile',
diff --git a/lib/megaco/include/megaco_message_v1.hrl b/lib/megaco/include/megaco_message_v1.hrl
index ba50b50c80..f196c26713 100644
--- a/lib/megaco/include/megaco_message_v1.hrl
+++ b/lib/megaco/include/megaco_message_v1.hrl
@@ -404,7 +404,7 @@
 	 }). % with extension mark
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 % %% String of at least 1 character and at most 67 characters (ASN.1). 
 % %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 % -record('ServiceChangeProfile',
diff --git a/lib/megaco/include/megaco_message_v2.hrl b/lib/megaco/include/megaco_message_v2.hrl
index 6190ea7ac4..af79c4dc92 100644
--- a/lib/megaco/include/megaco_message_v2.hrl
+++ b/lib/megaco/include/megaco_message_v2.hrl
@@ -525,7 +525,7 @@
 
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 %% %% String of at least 1 character and at most 67 characters (ASN.1). 
 %% %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 %% -record('ServiceChangeProfile',
diff --git a/lib/megaco/include/megaco_message_v3.hrl b/lib/megaco/include/megaco_message_v3.hrl
index 7a1bc80571..466cfa6856 100644
--- a/lib/megaco/include/megaco_message_v3.hrl
+++ b/lib/megaco/include/megaco_message_v3.hrl
@@ -743,7 +743,7 @@
 
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 %% %% String of at least 1 character and at most 67 characters (ASN.1). 
 %% %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 %% -record('ServiceChangeProfile',
diff --git a/lib/megaco/priv/plt/.gitignore b/lib/megaco/priv/plt/.gitignore
new file mode 100644
index 0000000000..2051b52d48
--- /dev/null
+++ b/lib/megaco/priv/plt/.gitignore
@@ -0,0 +1,2 @@
+/*.plt
+/*.dialyzer_analysis
diff --git a/lib/megaco/src/app/megaco.appup.src b/lib/megaco/src/app/megaco.appup.src
index 7f6fe0c733..3c9740818a 100644
--- a/lib/megaco/src/app/megaco.appup.src
+++ b/lib/megaco/src/app/megaco.appup.src
@@ -141,48 +141,41 @@
 %%   3.15.1.1
 %%      |
 %%      v
-%%   3.15.1.2
+%%    3.16
 %%
 %%
 {"%VSN%",
  [
   {"3.15.1.1", 
    [
+    {restart_application, megaco}
    ]
   },
   {"3.15.1", 
    [
+    {restart_application, megaco}
    ]
   },
   {"3.15", 
    [
-    {load_module, megaco_flex_scanner, soft_purge, soft_purge, []},
-    {load_module, megaco_sdp, soft_purge, soft_purge, []},
-    {load_module, megaco_filter, soft_purge, soft_purge, []},
-    {load_module, megaco_timer, soft_purge, soft_purge, [megaco_config_misc]},
-    {update, megaco_config, soft, soft_purge, soft_purge, 
-     [megaco_timer, megaco_config_misc]},
-    {add_module,  megaco_config_misc}
+    {restart_application, megaco}
    ]
   }
  ],
  [
   {"3.15.1.1", 
    [
+    {restart_application, megaco}
    ]
   },
   {"3.15.1", 
    [
+    {restart_application, megaco}
    ]
   },
   {"3.15", 
    [
-    {load_module, megaco_flex_scanner, soft_purge, soft_purge, []},
-    {load_module, megaco_sdp, soft_purge, soft_purge, []},
-    {load_module, megaco_filter, soft_purge, soft_purge, []},
-    {load_module, megaco_timer, soft_purge, soft_purge, [megaco_config]},
-    {update, megaco_config, soft, soft_purge, soft_purge, []},
-    {remove, {megaco_config_misc, soft_purge, brutal_purge}}
+    {restart_application, megaco}
    ]
   }
  ]
diff --git a/lib/megaco/src/engine/megaco_digit_map.erl b/lib/megaco/src/engine/megaco_digit_map.erl
index de28686d6d..bf798d7938 100644
--- a/lib/megaco/src/engine/megaco_digit_map.erl
+++ b/lib/megaco/src/engine/megaco_digit_map.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2000-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2000-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -362,7 +362,7 @@ collect(Event, State, Timers, STL, Letters) ->
 	       "~n   Timers2:  ~p"
 	       "~n   Letters2: ~p", [State2, Timers2, Letters2]),
 	    MaxWait = choose_timer(State2, Event, Timers2),
-	    ?d("collect -> Timer choosen: "
+	    ?d("collect -> Timer chosen: "
 	       "~n   MaxWait: ~p", [MaxWait]),
 	    receive
 		{?MODULE, _FromPid, Event2} ->
@@ -737,7 +737,7 @@ compute_cont([Next | Cont] = All, Mode, GlobalMode, State, STL) ->
        "~n   Mode:       ~p"
        "~n   GlobalMode: ~p", [Next, Mode, GlobalMode]),
     case Next of
-	%% Retain long timer if that has already been choosen
+	%% Retain long timer if that has already been chosen
 	use_short_timer when GlobalMode =:= use_long_timer ->
 	    compute_cont(Cont, Mode, GlobalMode, State, STL);
 	use_short_timer ->
diff --git a/lib/megaco/src/flex/Makefile.in b/lib/megaco/src/flex/Makefile.in
index 2c46a673e4..7d82644246 100644
--- a/lib/megaco/src/flex/Makefile.in
+++ b/lib/megaco/src/flex/Makefile.in
@@ -1,7 +1,7 @@
 # 
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2001-2010. All Rights Reserved.
+# Copyright Ericsson AB 2001-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/megaco/src/flex/megaco_flex_scanner_drv.flex.src b/lib/megaco/src/flex/megaco_flex_scanner_drv.flex.src
index 9b4f717201..b8146c345d 100644
--- a/lib/megaco/src/flex/megaco_flex_scanner_drv.flex.src
+++ b/lib/megaco/src/flex/megaco_flex_scanner_drv.flex.src
@@ -1,7 +1,7 @@
   /*
    * %CopyrightBegin%
    *
-   * Copyright Ericsson AB 2001-2010. All Rights Reserved.
+   * Copyright Ericsson AB 2001-2011. All Rights Reserved.
    *
    * The contents of this file are subject to the Erlang Public License,
    * Version 1.1, (the "License"); you may not use this file except in
@@ -60,18 +60,11 @@
 #define NUL        0x0
 
 #if defined(MEGACO_REENTRANT_FLEX_SCANNER)
-  #define MEGACO_EXTENDED_MARKER        ERL_DRV_EXTENDED_MARKER
-  #define MEGACO_DRIVER_FLAGS           ERL_DRV_FLAG_USE_PORT_LOCKING
-  #define MEGACO_EXTENDED_MAJOR_VERSION ERL_DRV_EXTENDED_MAJOR_VERSION
-  #define MEGACO_EXTENDED_MINOR_VERSION ERL_DRV_EXTENDED_MINOR_VERSION
-#else
-  #define MEGACO_EXTENDED_MARKER        0
-  #define MEGACO_DRIVER_FLAGS           0
-  #define MEGACO_EXTENDED_MAJOR_VERSION 0
-  #define MEGACO_EXTENDED_MINOR_VERSION 0
+#  define MEGACO_DRIVER_FLAGS           ERL_DRV_FLAG_USE_PORT_LOCKING
+#else 
+#  define MEGACO_DRIVER_FLAGS           0
 #endif
 
-
 #define FREE(bufP)        driver_free(bufP)
 #define ALLOC(sz)         driver_alloc(sz)
 #define REALLOC(bufP, sz) driver_realloc(bufP, sz)
@@ -320,11 +313,11 @@ static void mfs_load_map_token();
 static ErlDrvData mfs_start(ErlDrvPort port, char *buf);
 static void 	  mfs_stop(ErlDrvData handle);
 static void 	  mfs_command(ErlDrvData handle, 
-                              char *buf, int buf_len);
-static int 	  mfs_control(ErlDrvData handle, 
+                              char *buf, ErlDrvSizeT buf_len);
+static ErlDrvSSizeT mfs_control(ErlDrvData handle,
                               unsigned int command,
-                              char *buf, int buf_len, 
-      			      char **res_buf, int res_buf_len);
+                              char *buf, ErlDrvSizeT buf_len, 
+      			      char **res_buf, ErlDrvSizeT res_buf_len);
 static void 	  mfs_finish(void);
 
 /* 
@@ -348,10 +341,10 @@ static ErlDrvEntry mfs_entry = {
     NULL,              /* flush, port is about to be closed */
     NULL,              /* call, a syncronous call into the driver */
     NULL,              /* event, event selected by driver_event() has occurred */
-    MEGACO_EXTENDED_MARKER,         /* extended_marker, which we use if reentrant */
-    MEGACO_EXTENDED_MAJOR_VERSION,  /* major_version, ... */
-    MEGACO_EXTENDED_MINOR_VERSION,  /* minor_version, ... */
-    MEGACO_DRIVER_FLAGS,            /* driver_flags, used for port lock indication */
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    MEGACO_DRIVER_FLAGS, /* driver_flags, used for port lock indication */
     NULL,              /* handle2, emulator internal use */
     NULL               /* process_exit, Called when a process monitor fires */
 };    
@@ -1685,17 +1678,17 @@ static void mfs_stop(ErlDrvData handle)
 }
 
 static void mfs_command(ErlDrvData handle, 
-			char *buf, int buf_len)
+			char *buf, ErlDrvSizeT buf_len)
 {
   driver_failure_atom(((MfsErlDrvData*) handle)->port, "bad_usage");
 
   return;
 }
 
-static int mfs_control(ErlDrvData          handle, 
+static ErlDrvSSizeT mfs_control(ErlDrvData          handle,
 		       unsigned int        command,
-		       char  *buf,     int buf_len, 
-		       char **res_buf, int res_buf_len)
+		       char  *buf,     ErlDrvSizeT buf_len, 
+		       char **res_buf, ErlDrvSizeT res_buf_len)
 {
   MfsErlDrvData*  dataP = (MfsErlDrvData*) handle;
   char*           tmp;
diff --git a/lib/megaco/test/megaco_codec_v2_test.erl b/lib/megaco/test/megaco_codec_v2_test.erl
index 1d3fcb36e9..a44f74166c 100644
--- a/lib/megaco/test/megaco_codec_v2_test.erl
+++ b/lib/megaco/test/megaco_codec_v2_test.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/megaco/test/megaco_mess_test.erl b/lib/megaco/test/megaco_mess_test.erl
index 383e3df774..8bafab1aba 100644
--- a/lib/megaco/test/megaco_mess_test.erl
+++ b/lib/megaco/test/megaco_mess_test.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -456,9 +456,20 @@ connect(Config) when is_list(Config) ->
     ?VERIFY(bad_send_mod, megaco:user_info(MgMid, send_mod)),
     ?VERIFY(bad_send_mod, megaco:conn_info(PrelCH, send_mod)),
     SC = service_change_request(),
-    ?VERIFY({1, {error, {send_message_failed, {'EXIT',
-                  {undef, [{bad_send_mod, send_message, [sh, _]} | _]}}}}},
-	     megaco:call(PrelCH, [SC], [])),
+    case megaco:call(PrelCH, [SC], []) of
+	{error, 
+	 {send_message_failed, 
+	  {'EXIT', {undef, [{bad_send_mod, send_message, [sh, _]} | _]}}}} ->
+	    ok;
+	
+	%% As of R15, we also get some extra info (e.g. line numbers)
+	{error, 
+	 {send_message_failed, 
+	  {'EXIT', {undef, [{bad_send_mod, send_message, [sh, _], _} | _]}}}} ->
+	    ok;
+	Unexpected ->
+	    ?ERROR(Unexpected)
+    end,
 
     ?VERIFY(ok, megaco:disconnect(PrelCH, shutdown)),
 
diff --git a/lib/megaco/test/megaco_profile.erl b/lib/megaco/test/megaco_profile.erl
index 344c551970..fd72604e92 100644
--- a/lib/megaco/test/megaco_profile.erl
+++ b/lib/megaco/test/megaco_profile.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/megaco/vsn.mk b/lib/megaco/vsn.mk
index 35acffcb64..bb6f5f554a 100644
--- a/lib/megaco/vsn.mk
+++ b/lib/megaco/vsn.mk
@@ -18,6 +18,6 @@
 # %CopyrightEnd%
 
 APPLICATION = megaco
-MEGACO_VSN  = 3.15.1.2
+MEGACO_VSN  = 3.16
 PRE_VSN     =
 APP_VSN     = "$(APPLICATION)-$(MEGACO_VSN)$(PRE_VSN)"
diff --git a/lib/mnesia/doc/src/Makefile b/lib/mnesia/doc/src/Makefile
index f2e581f9d3..1ac5760510 100644
--- a/lib/mnesia/doc/src/Makefile
+++ b/lib/mnesia/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/mnesia/doc/src/mnesia.xml b/lib/mnesia/doc/src/mnesia.xml
index 19ec70118f..20133cb6cb 100644
--- a/lib/mnesia/doc/src/mnesia.xml
+++ b/lib/mnesia/doc/src/mnesia.xml
@@ -813,6 +813,21 @@ mnesia:change_table_copy_type(person, node(), disc_copies)
               </p>
           </item>
           <item>
+            <p><c>{storage_properties, [{Backend, Properties}]</c>.
+	    Forwards additional properties to the backend storage.
+	    <c>Backend</c> can currently be <c>ets</c> or <c>dets</c> and
+	    <c>Properties</c> is a list of options sent to the backend storage
+	    during table creation. <c>Properties</c> may not contain properties
+	    already used by mnesia such as <c>type</c> or <c>named_table</c>.
+	    </p>
+	    <p>For example:</p>
+	    <code type="none">
+mnesia:create_table(table, [{ram_copies, [node()]}, {disc_only_copies, nodes()},
+			    {storage_properties,
+			     [{ets, [compressed]}, {dets, [{auto_save, 5000}]} ]}])
+	    </code>
+          </item>
+          <item>
             <p><c>{type, Type}</c>, where <c>Type</c> must be
               either of the atoms <c>set</c>, <c>ordered_set</c> or
               <c>bag</c>. The default value is <c>set</c>. In a
diff --git a/lib/mnesia/doc/src/notes.xml b/lib/mnesia/doc/src/notes.xml
index 1bb80f8fe3..a300fcc12d 100644
--- a/lib/mnesia/doc/src/notes.xml
+++ b/lib/mnesia/doc/src/notes.xml
@@ -38,7 +38,61 @@
     thus constitutes one section in this document. The title of each
     section is the version number of Mnesia.</p>
 
-  <section><title>Mnesia 4.5.1</title>
+  <section><title>Mnesia 4.6</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Reduce calls to phash in key_to_frag_number</p>
+          <p>
+	    Original code calls phash 1..2 times, based on which
+	    fragment the hashed key targets and how many fragments
+	    exist. New code always calls phash only once.</p>
+          <p>
+	    Add mnesia_frag_hash test (Thanks to Philip Robinson)</p>
+          <p>
+	    Own Id: OTP-9722</p>
+        </item>
+        <item>
+          <p>
+	    Fixed a sticky lock bug which caused mnesia:read(Tab,
+	    Key, write) return undefined.</p>
+          <p>
+	    Own Id: OTP-9786</p>
+        </item>
+        <item>
+          <p>
+	    Use the synchronous log_terms instead of alog_terms in
+	    mnesia_log:ets2dcd()</p>
+          <p>
+	    This avoids the situation where mnesia could dump a very
+	    large ets table in its entirety into the message queue of
+	    the disk_log process, causing memory blowup and choking
+	    the disk logger. (Thanks to Richard Carlsson)</p>
+          <p>
+	    Own Id: OTP-9804</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Implemented a new option to mnesia:create_table/2 which
+	    allows the user to assign 'ets' and 'dets' options not
+	    available in mnesia.</p>
+          <p>
+	    Own Id: OTP-8970</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Mnesia 4.5.1</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/mnesia/src/mnesia.appup.src b/lib/mnesia/src/mnesia.appup.src
index e0954ad206..304a15242f 100644
--- a/lib/mnesia/src/mnesia.appup.src
+++ b/lib/mnesia/src/mnesia.appup.src
@@ -1,14 +1,16 @@
 %% -*- erlang -*-
 {"%VSN%",
  [
-  {"4.5", [{restart_application, mnesia}]},
+  {"4.5.1",  [{restart_application, mnesia}]},
+  {"4.5",    [{restart_application, mnesia}]},
   {"4.4.19", [{restart_application, mnesia}]},
   {"4.4.18", [{restart_application, mnesia}]},
   {"4.4.17", [{restart_application, mnesia}]},
   {"4.4.16", [{restart_application, mnesia}]}
  ],
  [
-  {"4.5", [{restart_application, mnesia}]},
+  {"4.5.1",  [{restart_application, mnesia}]},
+  {"4.5",    [{restart_application, mnesia}]},
   {"4.4.19", [{restart_application, mnesia}]},
   {"4.4.18", [{restart_application, mnesia}]},
   {"4.4.17", [{restart_application, mnesia}]},
diff --git a/lib/mnesia/src/mnesia.erl b/lib/mnesia/src/mnesia.erl
index 980a9c6213..3d30debc53 100644
--- a/lib/mnesia/src/mnesia.erl
+++ b/lib/mnesia/src/mnesia.erl
@@ -27,7 +27,7 @@
 	 %% Start, stop and debugging
 	 start/0, start/1, stop/0,           % Not for public use
 	 set_debug_level/1, lkill/0, kill/0, % Not for public use
-	 ms/0, 
+	 ms/0,
 	 change_config/2,
 
 	 %% Activity mgt
@@ -40,14 +40,14 @@
 	 %% Access within an activity - Lock acquisition
 	 lock/2, lock/4,
 	 lock_table/2,
-	 read_lock_table/1, 
+	 read_lock_table/1,
 	 write_lock_table/1,
 
 	 %% Access within an activity - Updates
-	 write/1, s_write/1, write/3, write/5, 
-	 delete/1, s_delete/1, delete/3, delete/5, 
-	 delete_object/1, s_delete_object/1, delete_object/3, delete_object/5, 
-	 
+	 write/1, s_write/1, write/3, write/5,
+	 delete/1, s_delete/1, delete/3, delete/5,
+	 delete_object/1, s_delete_object/1, delete_object/3, delete_object/5,
+
 	 %% Access within an activity - Reads
 	 read/1, read/2, wread/1, read/3, read/5,
 	 match_object/1, match_object/3, match_object/5,
@@ -58,9 +58,9 @@
 	 first/1, next/2, last/1, prev/2,
 	 first/3, next/4, last/3, prev/4,
 
-	 %% Iterators within an activity 
+	 %% Iterators within an activity
 	 foldl/3, foldl/4, foldr/3, foldr/4,
-	 
+
 	 %% Dirty access regardless of activities - Updates
 	 dirty_write/1, dirty_write/2,
 	 dirty_delete/1, dirty_delete/2,
@@ -72,8 +72,8 @@
 	 dirty_select/2,
 	 dirty_match_object/1, dirty_match_object/2, dirty_all_keys/1,
 	 dirty_index_match_object/2, dirty_index_match_object/3,
-	 dirty_index_read/3, dirty_slot/2, 
-	 dirty_first/1, dirty_next/2, dirty_last/1, dirty_prev/2, 
+	 dirty_index_read/3, dirty_slot/2,
+	 dirty_first/1, dirty_next/2, dirty_last/1, dirty_prev/2,
 
 	 %% Info
 	 table_info/2, table_info/4, schema/0, schema/1,
@@ -102,7 +102,7 @@
 	 dump_tables/1, wait_for_tables/2, force_load_table/1,
 	 change_table_access_mode/2, change_table_load_order/2,
 	 set_master_nodes/1, set_master_nodes/2,
-	 
+
 	 %% Misc admin
 	 dump_log/0, subscribe/1, unsubscribe/1, report_event/1,
 
@@ -112,7 +112,7 @@
 
 	 %% Textfile access
 	 load_textfile/1, dump_to_textfile/1,
-	 
+
 	 %% QLC functions
 	 table/1, table/2,
 
@@ -137,20 +137,20 @@
 
 -define(DEFAULT_ACCESS, ?MODULE).
 
-%% Select 
+%% Select
 -define(PATTERN_TO_OBJECT_MATCH_SPEC(Pat), [{Pat,[],['$_']}]).
 -define(PATTERN_TO_BINDINGS_MATCH_SPEC(Pat), [{Pat,[],['$$']}]).
-   
+
 %% Local function in order to avoid external function call
 val(Var) ->
     case ?catch_val(Var) of
-	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason); 
+	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason);
 	Value -> Value
     end.
 
 is_dollar_digits(Var) ->
     case atom_to_list(Var) of
-	[$$ | Digs] -> 
+	[$$ | Digs] ->
 	    is_digits(Digs);
 	_ ->
 	    false
@@ -166,13 +166,13 @@ is_digits([Dig | Tail]) ->
 is_digits([]) ->
     true.
 
-has_var(X) when is_atom(X) -> 
-    if 
-	X == '_' -> 
+has_var(X) when is_atom(X) ->
+    if
+	X == '_' ->
 	    true;
-	is_atom(X) -> 
+	is_atom(X) ->
 	    is_dollar_digits(X);
-	true  -> 
+	true  ->
 	    false
     end;
 has_var(X) when is_tuple(X) ->
@@ -196,9 +196,9 @@ e_has_var(X, Pos) ->
 
 start() ->
     {Time , Res} =  timer:tc(application, start, [?APPLICATION, temporary]),
-    
+
     Secs = Time div 1000000,
-    case Res of 
+    case Res of
 	ok ->
 	    verbose("Mnesia started, ~p seconds~n",[ Secs]),
 	    ok;
@@ -243,10 +243,10 @@ change_config(extra_db_nodes, Ns) when is_list(Ns) ->
     mnesia_controller:connect_nodes(Ns);
 change_config(dc_dump_limit, N) when is_number(N), N > 0 ->
     case mnesia_lib:is_running() of
-	yes ->  
+	yes ->
 	    mnesia_lib:set(dc_dump_limit, N),
 	    {ok, N};
-	_ -> 
+	_ ->
 	    {error, {not_started, ?APPLICATION}}
     end;
 change_config(BadKey, _BadVal) ->
@@ -255,7 +255,7 @@ change_config(BadKey, _BadVal) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Debugging
 
-set_debug_level(Level) -> 
+set_debug_level(Level) ->
     mnesia_subscr:set_debug_level(Level).
 
 lkill() ->
@@ -274,9 +274,9 @@ ms() ->
      mnesia_controller,
      mnesia_dumper,
      mnesia_loader,
-     mnesia_frag, 
-     mnesia_frag_hash, 
-     mnesia_frag_old_hash, 
+     mnesia_frag,
+     mnesia_frag_hash,
+     mnesia_frag_old_hash,
      mnesia_index,
      mnesia_kernel_sup,
      mnesia_late_loader,
@@ -295,9 +295,9 @@ ms() ->
 
      %% Keep these last in the list, so
      %% mnesia_sup kills these last
-     mnesia_monitor, 
+     mnesia_monitor,
      mnesia_event
-    ]. 
+    ].
 
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -305,7 +305,7 @@ ms() ->
 
 -spec abort(_) -> no_return().
 
-abort(Reason) -> 
+abort(Reason) ->
     exit({aborted, Reason}).
 
 is_transaction() ->
@@ -339,7 +339,7 @@ sync_transaction(Fun, Args, Retries) ->
     transaction(get(mnesia_activity_state), Fun, Args, Retries, ?DEFAULT_ACCESS, sync).
 
 
-transaction(State, Fun, Args, Retries, Mod, Kind) 
+transaction(State, Fun, Args, Retries, Mod, Kind)
   when is_function(Fun), is_list(Args), Retries == infinity, is_atom(Mod) ->
     mnesia_tm:transaction(State, Fun, Args, Retries, Mod, Kind);
 transaction(State, Fun, Args, Retries, Mod, Kind)
@@ -348,7 +348,7 @@ transaction(State, Fun, Args, Retries, Mod, Kind)
 transaction(_State, Fun, Args, Retries, Mod, _Kind) ->
     {aborted, {badarg, Fun, Args, Retries, Mod}}.
 
-non_transaction(State, Fun, Args, ActivityKind, Mod) 
+non_transaction(State, Fun, Args, ActivityKind, Mod)
   when is_function(Fun), is_list(Args), is_atom(Mod) ->
     mnesia_tm:non_transaction(State, Fun, Args, ActivityKind, Mod);
 non_transaction(_State, Fun, Args, _ActivityKind, _Mod) ->
@@ -394,7 +394,7 @@ wrap_trans(State, Fun, Args, Retries, Mod, Kind) ->
 	{atomic, GoodRes} -> GoodRes;
 	BadRes -> exit(BadRes)
     end.
-	     
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Access within an activity - lock acquisition
 
@@ -507,13 +507,13 @@ good_global_nodes(Nodes) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Access within an activity - updates
 
-write(Val) when is_tuple(Val), tuple_size(Val) > 2 -> 
+write(Val) when is_tuple(Val), tuple_size(Val) > 2 ->
     Tab = element(1, Val),
     write(Tab, Val, write);
 write(Val) ->
     abort({bad_type, Val}).
 
-s_write(Val) when is_tuple(Val), tuple_size(Val) > 2 -> 
+s_write(Val) when is_tuple(Val), tuple_size(Val) > 2 ->
     Tab = element(1, Val),
     write(Tab, Val, sticky_write).
 
@@ -561,7 +561,7 @@ write_to_store(Tab, Store, Oid, Val) ->
 		_  ->
 		    ?ets_delete(Store, Oid),
 		    ?ets_insert(Store, {Oid, Val, write})
-	    end, 
+	    end,
 	    ok;
 	{'EXIT', _} ->
 	    abort({no_exists, Tab});
@@ -611,7 +611,7 @@ delete(Tid, Ts, Tab, Key, LockKind)
 	      ok;
 	Protocol ->
 	      do_dirty_delete(Protocol, Tab, Key)
-    end; 
+    end;
 delete(_Tid, _Ts, Tab, _Key, _LockKind) ->
     abort({bad_type, Tab}).
 
@@ -640,7 +640,7 @@ delete_object(Tab, Val, LockKind) ->
 delete_object(Tid, Ts, Tab, Val, LockKind)
   when is_atom(Tab), Tab /= schema, is_tuple(Val), tuple_size(Val) > 2 ->
     case has_var(Val) of
-	false -> 
+	false ->
 	    do_delete_object(Tid, Ts, Tab, Val, LockKind);
 	true ->
 	    abort({bad_type, Tab, Val})
@@ -665,7 +665,7 @@ do_delete_object(Tid, Ts, Tab, Val, LockKind) ->
 		      abort({bad_type, Tab, LockKind})
 	      end,
 	      case val({Tab, setorbag}) of
-		  bag -> 
+		  bag ->
 		      ?ets_match_delete(Store, {Oid, Val, '_'}),
 		      ?ets_insert(Store, {Oid, Val, delete_object});
 		  _ ->
@@ -731,7 +731,7 @@ read(Tid, Ts, Tab, Key, LockKind)
 	    add_written(?ets_lookup(Store, Oid), Tab, Objs);
 	_Protocol ->
 	    dirty_read(Tab, Key)
-    end; 
+    end;
 read(_Tid, _Ts, Tab, _Key, _LockKind) ->
     abort({bad_type, Tab}).
 
@@ -744,7 +744,7 @@ first(Tab) ->
 	_ ->
 	    abort(no_transaction)
     end.
-    
+
 first(Tid, Ts, Tab)
   when is_atom(Tab), Tab /= schema ->
     case element(1, Tid) of
@@ -845,9 +845,9 @@ prev(_Tid, _Ts,Tab,_) ->
 stored_keys(Tab,'$end_of_table',Prev,Ts,Op,Type) ->
     case ts_keys(Ts#tidstore.store,Tab,Op,Type,[]) of
 	[] -> '$end_of_table';
-	Keys when Type == ordered_set-> 
+	Keys when Type == ordered_set->
 	    get_ordered_tskey(Prev,Keys,Op);
-	Keys -> 
+	Keys ->
 	    get_next_tskey(Prev,Keys,Tab)
     end;
 stored_keys(Tab,{'EXIT',{aborted,R={badarg,[Tab,Key]}}},
@@ -858,7 +858,7 @@ stored_keys(Tab,{'EXIT',{aborted,R={badarg,[Tab,Key]}}},
 	Ops ->
 	    case lists:last(Ops) of
 		[delete] -> abort(R);
-		_ -> 
+		_ ->
 		    case ts_keys(Store,Tab,Op,Type,[]) of
 			[] -> '$end_of_table';
 			Keys -> get_next_tskey(Key,Keys,Tab)
@@ -869,14 +869,14 @@ stored_keys(_,{'EXIT',{aborted,R}},_,_,_,_) ->
     abort(R);
 stored_keys(Tab,Key,Prev,#tidstore{store=Store},Op,ordered_set) ->
     case ?ets_match(Store, {{Tab, Key}, '_', '$1'}) of
-	[] -> 
+	[] ->
 	    Keys = ts_keys(Store,Tab,Op,ordered_set,[Key]),
 	    get_ordered_tskey(Prev,Keys,Op);
  	Ops ->
 	    case lists:last(Ops) of
 		[delete] ->
 	 	    mnesia:Op(Tab,Key);
-		_ -> 
+		_ ->
 		    Keys = ts_keys(Store,Tab,Op,ordered_set,[Key]),
 		    get_ordered_tskey(Prev,Keys,Op)
 	    end
@@ -898,7 +898,7 @@ get_ordered_tskey(Prev, [_|R],Op) ->  get_ordered_tskey(Prev,R,Op);
 get_ordered_tskey(_, [],_) ->    '$end_of_table'.
 
 get_next_tskey(Key,Keys,Tab) ->
-    Next = 
+    Next =
 	if Key == '$end_of_table' -> hd(Keys);
 	   true ->
 		case lists:dropwhile(fun(A) -> A /= Key end, Keys) of
@@ -912,7 +912,7 @@ get_next_tskey(Key,Keys,Tab) ->
 	_ -> %% Really slow anybody got another solution??
 	    case dirty_read(Tab, Next) of
 		[] -> Next;
-		_ ->  
+		_ ->
 		    %% Updated value we already returned this key
 		    get_next_tskey(Next,Keys,Tab)
 	    end
@@ -921,7 +921,7 @@ get_next_tskey(Key,Keys,Tab) ->
 ts_keys(Store, Tab, Op, Type, Def) ->
     All = ?ets_match(Store, {{Tab,'$1'},'_','$2'}),
     Keys = ts_keys_1(All, Def),
-    if 
+    if
 	Type == ordered_set, Op == prev ->
 	    lists:reverse(lists:sort(Keys));
 	Type == ordered_set ->
@@ -947,7 +947,7 @@ ts_keys_1([], Acc) ->
 
 
 %%%%%%%%%%%%%%%%%%%%%
-%% Iterators 
+%% Iterators
 
 foldl(Fun, Acc, Tab) ->
     foldl(Fun, Acc, Tab, read).
@@ -968,7 +968,7 @@ foldl(ActivityId, Opaque, Fun, Acc, Tab, LockKind) ->
     close_iteration(Res, Tab).
 
 do_foldl(A, O, Tab, '$end_of_table', Fun, RAcc, _Type, Stored) ->
-    lists:foldl(fun(Key, Acc) -> 
+    lists:foldl(fun(Key, Acc) ->
 			lists:foldl(Fun, Acc, read(A, O, Tab, Key, read))
 		end, RAcc, Stored);
 do_foldl(A, O, Tab, Key, Fun, Acc, ordered_set, [H | Stored]) when H == Key ->
@@ -983,7 +983,7 @@ do_foldl(A, O, Tab, Key, Fun, Acc, ordered_set, [H | Stored]) when H > Key ->
     NewAcc = lists:foldl(Fun, Acc, read(A, O, Tab, Key, read)),
     {_, Tid, Ts} = get(mnesia_activity_state),
     do_foldl(Tid, Ts, Tab, dirty_next(Tab, Key), Fun, NewAcc, ordered_set, [H |Stored]);
-do_foldl(A, O, Tab, Key, Fun, Acc, Type, Stored) ->  %% Type is set or bag 
+do_foldl(A, O, Tab, Key, Fun, Acc, Type, Stored) ->  %% Type is set or bag
     NewAcc = lists:foldl(Fun, Acc, read(A, O, Tab, Key, read)),
     NewStored = ordsets:del_element(Key, Stored),
     {_, Tid, Ts} = get(mnesia_activity_state),
@@ -1003,8 +1003,8 @@ foldr(Fun, Acc, Tab, LockKind) when is_function(Fun) ->
 
 foldr(ActivityId, Opaque, Fun, Acc, Tab, LockKind) ->
     {Type, TempPrev} = init_iteration(ActivityId, Opaque, Tab, LockKind),
-    Prev = 
-	if 
+    Prev =
+	if
 	    Type == ordered_set ->
 		lists:reverse(TempPrev);
 	    true ->      %% Order doesn't matter for set and bag
@@ -1014,7 +1014,7 @@ foldr(ActivityId, Opaque, Fun, Acc, Tab, LockKind) ->
     close_iteration(Res, Tab).
 
 do_foldr(A, O, Tab, '$end_of_table', Fun, RAcc, _Type, Stored) ->
-    lists:foldl(fun(Key, Acc) -> 
+    lists:foldl(fun(Key, Acc) ->
 			lists:foldl(Fun, Acc, read(A, O, Tab, Key, read))
 		end, RAcc, Stored);
 do_foldr(A, O, Tab, Key, Fun, Acc, ordered_set, [H | Stored]) when H == Key ->
@@ -1029,7 +1029,7 @@ do_foldr(A, O, Tab, Key, Fun, Acc, ordered_set, [H | Stored]) when H < Key ->
     NewAcc = lists:foldl(Fun, Acc, read(A, O, Tab, Key, read)),
     {_, Tid, Ts} = get(mnesia_activity_state),
     do_foldr(Tid, Ts, Tab, dirty_prev(Tab, Key), Fun, NewAcc, ordered_set, [H |Stored]);
-do_foldr(A, O, Tab, Key, Fun, Acc, Type, Stored) ->  %% Type is set or bag 
+do_foldr(A, O, Tab, Key, Fun, Acc, Type, Stored) ->  %% Type is set or bag
     NewAcc = lists:foldl(Fun, Acc, read(A, O, Tab, Key, read)),
     NewStored = ordsets:del_element(Key, Stored),
     {_, Tid, Ts} = get(mnesia_activity_state),
@@ -1037,25 +1037,25 @@ do_foldr(A, O, Tab, Key, Fun, Acc, Type, Stored) ->  %% Type is set or bag
 
 init_iteration(ActivityId, Opaque, Tab, LockKind) ->
     lock(ActivityId, Opaque, {table, Tab}, LockKind),
-    Type = val({Tab, setorbag}),    
+    Type = val({Tab, setorbag}),
     Previous = add_previous(ActivityId, Opaque, Type, Tab),
     St = val({Tab, storage_type}),
-    if 
-	St == unknown -> 
+    if
+	St == unknown ->
 	    ignore;
 	true ->
 	    mnesia_lib:db_fixtable(St, Tab, true)
-    end, 
+    end,
     {Type, Previous}.
 
 close_iteration(Res, Tab) ->
     case val({Tab, storage_type}) of
-	unknown -> 
+	unknown ->
 	    ignore;
-	St -> 
+	St ->
 	    mnesia_lib:db_fixtable(St, Tab, false)
     end,
-    case Res of 
+    case Res of
 	{'EXIT', {aborted, What}} ->
 	   abort(What);
 	{'EXIT', What} ->
@@ -1074,7 +1074,7 @@ add_previous(_Tid, Ts, _Type, Tab) ->
 %% it is correct with respect to what this particular transaction
 %% has already written, deleted .... etc
 
-add_written([], _Tab, Objs) -> 
+add_written([], _Tab, Objs) ->
     Objs;  % standard normal fast case
 add_written(Written, Tab, Objs) ->
     case val({Tab, setorbag}) of
@@ -1093,7 +1093,7 @@ add_written_to_set(Ws) ->
 
 add_written_to_bag([{_, Val, write} | Tail], Objs, Ack) ->
     add_written_to_bag(Tail, lists:delete(Val, Objs), [Val | Ack]);
-add_written_to_bag([], Objs, Ack) -> 
+add_written_to_bag([], Objs, Ack) ->
     Objs ++ lists:reverse(Ack); %% Oldest write first as in ets
 add_written_to_bag([{_, _ , delete} | Tail], _Objs, _Ack) ->
     %% This transaction just deleted all objects
@@ -1118,7 +1118,7 @@ match_object(Tab, Pat, LockKind) ->
 	    abort(no_transaction)
     end.
 
-match_object(Tid, Ts, Tab, Pat, LockKind) 
+match_object(Tid, Ts, Tab, Pat, LockKind)
   when is_atom(Tab), Tab /= schema, is_tuple(Pat), tuple_size(Pat) > 2 ->
     case element(1, Tid) of
 	ets ->
@@ -1142,11 +1142,11 @@ add_written_match(S, Pat, Tab, Objs) ->
     add_match(Ops, Objs, val({Tab, setorbag})).
 
 find_ops(S, Tab, Pat) ->
-    GetWritten = [{{{Tab, '_'}, Pat, write}, [], ['$_']}, 
+    GetWritten = [{{{Tab, '_'}, Pat, write}, [], ['$_']},
 		  {{{Tab, '_'}, '_', delete}, [], ['$_']},
 		  {{{Tab, '_'}, Pat, delete_object}, [], ['$_']}],
     ets:select(S, GetWritten).
-    
+
 add_match([], Objs, _Type) ->
     Objs;
 add_match(Written, Objs, ordered_set) ->
@@ -1162,13 +1162,13 @@ add_match([{Oid, Val, write}|R], Objs, set) ->
     add_match(R, [Val | deloid(Oid,Objs)],set).
 
 %% For ordered_set only !!
-add_ordered_match(Written = [{{_, Key}, _, _}|_], [Obj|Objs], Acc) 
+add_ordered_match(Written = [{{_, Key}, _, _}|_], [Obj|Objs], Acc)
   when Key > element(2, Obj) ->
     add_ordered_match(Written, Objs, [Obj|Acc]);
-add_ordered_match([{{_, Key}, Val, write}|Rest], Objs =[Obj|_], Acc) 
+add_ordered_match([{{_, Key}, Val, write}|Rest], Objs =[Obj|_], Acc)
   when Key < element(2, Obj) ->
     add_ordered_match(Rest, [Val|Objs],Acc);
-add_ordered_match([{{_, Key}, _, _DelOP}|Rest], Objs =[Obj|_], Acc) 
+add_ordered_match([{{_, Key}, _, _DelOP}|Rest], Objs =[Obj|_], Acc)
   when Key < element(2, Obj) ->
     add_ordered_match(Rest,Objs,Acc);
 %% Greater than last object
@@ -1176,7 +1176,7 @@ add_ordered_match([{_, Val, write}|Rest], [], Acc) ->
     add_ordered_match(Rest, [Val], Acc);
 add_ordered_match([_|Rest], [], Acc) ->
     add_ordered_match(Rest, [], Acc);
-%% Keys are equal from here 
+%% Keys are equal from here
 add_ordered_match([{_, Val, write}|Rest], [_Obj|Objs], Acc) ->
     add_ordered_match(Rest, [Val|Objs], Acc);
 add_ordered_match([{_, _Val, delete}|Rest], [_Obj|Objs], Acc) ->
@@ -1207,7 +1207,7 @@ add_sel_match([Op={Oid, _, delete}|R], Objs, Type, Acc) ->
     end;
 add_sel_match([Op = {_Oid, Val, delete_object}|R], Objs, Type, Acc) ->
     case lists:delete(Val, Objs) of
-	Objs -> 
+	Objs ->
 	    add_sel_match(R, Objs, Type, [Op|Acc]);
 	NewObjs when Type == set ->
 	    add_sel_match(R, NewObjs, Type, Acc);
@@ -1224,26 +1224,26 @@ add_sel_match([Op={Oid={_,Key}, Val, write}|R], Objs, bag, Acc) ->
     end;
 add_sel_match([Op={Oid, Val, write}|R], Objs, set, Acc) ->
     case deloid(Oid,Objs) of
-	Objs -> 
+	Objs ->
 	    add_sel_match(R, Objs,set, [Op|Acc]);
 	NewObjs ->
 	    add_sel_match(R, [Val | NewObjs],set, Acc)
     end.
 
 %% For ordered_set only !!
-add_sel_ordered_match(Written = [{{_, Key}, _, _}|_], [Obj|Objs],Acc) 
+add_sel_ordered_match(Written = [{{_, Key}, _, _}|_], [Obj|Objs],Acc)
   when Key > element(2, Obj) ->
     add_sel_ordered_match(Written, Objs, [Obj|Acc]);
-add_sel_ordered_match([{{_, Key}, Val, write}|Rest], Objs =[Obj|_],Acc) 
+add_sel_ordered_match([{{_, Key}, Val, write}|Rest], Objs =[Obj|_],Acc)
   when Key < element(2, Obj) ->
     add_sel_ordered_match(Rest,[Val|Objs],Acc);
-add_sel_ordered_match([{{_, Key}, _, _DelOP}|Rest], Objs =[Obj|_], Acc) 
+add_sel_ordered_match([{{_, Key}, _, _DelOP}|Rest], Objs =[Obj|_], Acc)
   when Key < element(2, Obj) ->
     add_sel_ordered_match(Rest,Objs,Acc);
 %% Greater than last object
 add_sel_ordered_match(Ops1, [], Acc) ->
     {lists:reverse(Acc), Ops1};
-%% Keys are equal from here 
+%% Keys are equal from here
 add_sel_ordered_match([{_, Val, write}|Rest], [_Obj|Objs], Acc) ->
     add_sel_ordered_match(Rest, [Val|Objs], Acc);
 add_sel_ordered_match([{_, _Val, delete}|Rest], [_Obj|Objs], Acc) ->
@@ -1264,11 +1264,11 @@ deloid(Oid, [H | T]) ->
     [H | deloid(Oid, T)].
 
 %%%%%%%%%%%%%%%%%%
-% select 
+% select
 
 select(Tab, Pat) ->
     select(Tab, Pat, read).
-select(Tab, Pat, LockKind) 
+select(Tab, Pat, LockKind)
   when is_atom(Tab), Tab /= schema, is_list(Pat) ->
     case get(mnesia_activity_state) of
 	{?DEFAULT_ACCESS, Tid, Ts} ->
@@ -1293,13 +1293,13 @@ fun_select(Tid, Ts, Tab, Spec, LockKind, TabPat, SelectFun) ->
 	    select_lock(Tid,Ts,LockKind,Spec,Tab),
 	    Store = Ts#tidstore.store,
 	    Written = ?ets_match_object(Store, {{TabPat, '_'}, '_', '_'}),
-	    case Written of 
-		[] ->  
+	    case Written of
+		[] ->
 		    %% Nothing changed in the table during this transaction,
 		    %% Simple case get results from [d]ets
 		    SelectFun(Spec);
-		_ ->   
-		    %% Hard (slow case) records added or deleted earlier 
+		_ ->
+		    %% Hard (slow case) records added or deleted earlier
 		    %% in the transaction, have to cope with that.
 		    Type = val({Tab, setorbag}),
 		    FixedSpec = get_record_pattern(Spec),
@@ -1326,7 +1326,7 @@ select_lock(Tid,Ts,LockKind,Spec,Tab) ->
     end.
 
 %% Breakable Select
-select(Tab, Pat, NObjects, LockKind) 
+select(Tab, Pat, NObjects, LockKind)
   when is_atom(Tab), Tab /= schema, is_list(Pat), is_integer(NObjects) ->
     case get(mnesia_activity_state) of
 	{?DEFAULT_ACCESS, Tid, Ts} ->
@@ -1356,26 +1356,26 @@ fun_select(Tid, Ts, Tab, Spec, LockKind, TabPat, Init, NObjects, Node, Storage)
 	    select_lock(Tid,Ts,LockKind,Spec,Tab),
 	    Store = Ts#tidstore.store,
 	    do_fixtable(Tab, Store),
-	    
-	    Written0 = ?ets_match_object(Store, {{TabPat, '_'}, '_', '_'}),	    
-	    case Written0 of 
-		[] ->  
+
+	    Written0 = ?ets_match_object(Store, {{TabPat, '_'}, '_', '_'}),
+	    case Written0 of
+		[] ->
 		    %% Nothing changed in the table during this transaction,
 		    %% Simple case get results from [d]ets
 		    select_state(Init(Spec),Def);
-		_ ->   
-		    %% Hard (slow case) records added or deleted earlier 
+		_ ->
+		    %% Hard (slow case) records added or deleted earlier
 		    %% in the transaction, have to cope with that.
 		    Type = val({Tab, setorbag}),
-		    Written = 
+		    Written =
 			if Type == ordered_set -> %% Sort stable
 				lists:keysort(1,Written0);
-			   true -> 
+			   true ->
 				Written0
 			end,
 		    FixedSpec = get_record_pattern(Spec),
 		    CMS = ets:match_spec_compile(Spec),
-		    trans_select(Init(FixedSpec), 
+		    trans_select(Init(FixedSpec),
 				 Def#mnesia_select{written=Written,spec=CMS,type=Type, orig=FixedSpec})
 	    end;
 	_Protocol ->
@@ -1394,7 +1394,7 @@ select(Cont) ->
 
 select_cont(_Tid,_Ts,'$end_of_table') ->
     '$end_of_table';
-select_cont(Tid,_Ts,State=#mnesia_select{tid=Tid,cont=Cont, orig=Ms}) 
+select_cont(Tid,_Ts,State=#mnesia_select{tid=Tid,cont=Cont, orig=Ms})
   when element(1,Tid) == ets ->
     case Cont of
 	'$end_of_table' -> '$end_of_table';
@@ -1415,7 +1415,7 @@ trans_select('$end_of_table', #mnesia_select{written=Written0,spec=CMS,type=Type
 trans_select({TabRecs,Cont}, State = #mnesia_select{written=Written0,spec=CMS,type=Type}) ->
     {FixedRes,Written} = add_sel_match(Written0, TabRecs, Type),
     select_state({ets:match_spec_run(FixedRes, CMS),Cont},
-		 State#mnesia_select{written=Written}). 
+		 State#mnesia_select{written=Written}).
 
 select_state({Matches, Cont}, MS) ->
     {Matches, MS#mnesia_select{cont=Cont}};
@@ -1433,9 +1433,9 @@ all_keys(Tab) ->
 	    Mod:all_keys(Tid, Ts, Tab, read);
 	_ ->
 	    abort(no_transaction)
-    end. 
+    end.
 
-all_keys(Tid, Ts, Tab, LockKind) 
+all_keys(Tid, Ts, Tab, LockKind)
   when is_atom(Tab), Tab /= schema ->
     Pat0 = val({Tab, wild_pattern}),
     Pat = setelement(2, Pat0, '$1'),
@@ -1446,7 +1446,7 @@ all_keys(Tid, Ts, Tab, LockKind)
 	_ ->
 	    Keys
     end;
-all_keys(_Tid, _Ts, Tab, _LockKind) ->    
+all_keys(_Tid, _Ts, Tab, _LockKind) ->
     abort({bad_type, Tab}).
 
 index_match_object(Pat, Attr) when is_tuple(Pat), tuple_size(Pat) > 2 ->
@@ -1465,7 +1465,7 @@ index_match_object(Tab, Pat, Attr, LockKind) ->
 	    abort(no_transaction)
     end.
 
-index_match_object(Tid, Ts, Tab, Pat, Attr, LockKind) 
+index_match_object(Tid, Ts, Tab, Pat, Attr, LockKind)
   when is_atom(Tab), Tab /= schema, is_tuple(Pat), tuple_size(Pat) > 2 ->
     case element(1, Tid) of
 	ets ->
@@ -1501,7 +1501,7 @@ index_read(Tab, Key, Attr) ->
 	    abort(no_transaction)
     end.
 
-index_read(Tid, Ts, Tab, Key, Attr, LockKind) 
+index_read(Tid, Ts, Tab, Key, Attr, LockKind)
   when is_atom(Tab), Tab /= schema ->
     case element(1, Tid) of
 	ets ->
@@ -1536,7 +1536,7 @@ dirty_write(Val) when is_tuple(Val), tuple_size(Val) > 2  ->
     dirty_write(Tab, Val);
 dirty_write(Val) ->
     abort({bad_type, Val}).
-    
+
 dirty_write(Tab, Val) ->
     do_dirty_write(async_dirty, Tab, Val).
 
@@ -1562,7 +1562,7 @@ dirty_delete(Oid) ->
 
 dirty_delete(Tab, Key) ->
     do_dirty_delete(async_dirty, Tab, Key).
-    
+
 do_dirty_delete(SyncMode, Tab, Key) when is_atom(Tab), Tab /= schema  ->
     Oid = {Tab, Key},
     mnesia_tm:dirty(SyncMode, {Oid, Oid, delete});
@@ -1582,7 +1582,7 @@ do_dirty_delete_object(SyncMode, Tab, Val)
     when is_atom(Tab), Tab /= schema, is_tuple(Val), tuple_size(Val) > 2 ->
     Oid = {Tab, element(2, Val)},
     case has_var(Val) of
-	false -> 
+	false ->
 	    mnesia_tm:dirty(SyncMode, {Oid, Val, delete_object});
 	true ->
 	    abort({bad_type, Tab, Val})
@@ -1600,7 +1600,7 @@ dirty_update_counter(Counter, _Incr) ->
 
 dirty_update_counter(Tab, Key, Incr) ->
     do_dirty_update_counter(async_dirty, Tab, Key, Incr).
-    
+
 do_dirty_update_counter(SyncMode, Tab, Key, Incr)
   when is_atom(Tab), Tab /= schema, is_integer(Incr) ->
     case ?catch_val({Tab, record_validation}) of
@@ -1638,7 +1638,7 @@ dirty_match_object(Pat) when is_tuple(Pat), tuple_size(Pat) > 2 ->
     dirty_match_object(Tab, Pat);
 dirty_match_object(Pat) ->
     abort({bad_type, Pat}).
-    
+
 dirty_match_object(Tab, Pat)
   when is_atom(Tab), Tab /= schema, is_tuple(Pat), tuple_size(Pat) > 2 ->
     dirty_rpc(Tab, ?MODULE, remote_dirty_match_object, [Tab, Pat]);
@@ -1697,8 +1697,8 @@ remote_dirty_select(Tab, [{HeadPat,_, _}] = Spec, [Pos | Tail])
 	    %% Returns the records without applying the match spec
 	    %% The actual filtering is handled by the caller
 	    CMS = ets:match_spec_compile(Spec),
-	    case val({Tab, setorbag}) of 
-		ordered_set -> 
+	    case val({Tab, setorbag}) of
+		ordered_set ->
 		    ets:match_spec_run(lists:sort(Recs), CMS);
 		_ ->
 		    ets:match_spec_run(Recs, CMS)
@@ -1730,14 +1730,14 @@ dirty_all_keys(Tab) when is_atom(Tab), Tab /= schema ->
     end;
 dirty_all_keys(Tab) ->
     abort({bad_type, Tab}).
-    
+
 dirty_index_match_object(Pat, Attr) when is_tuple(Pat), tuple_size(Pat) > 2 ->
     Tab = element(1, Pat),
     dirty_index_match_object(Tab, Pat, Attr);
 dirty_index_match_object(Pat, _Attr) ->
     abort({bad_type, Pat}).
 
-dirty_index_match_object(Tab, Pat, Attr) 
+dirty_index_match_object(Tab, Pat, Attr)
   when is_atom(Tab), Tab /= schema, is_tuple(Pat), tuple_size(Pat) > 2 ->
     case mnesia_schema:attr_tab_to_pos(Tab, Attr) of
 	Pos when Pos =< tuple_size(Pat) ->
@@ -1752,7 +1752,7 @@ dirty_index_match_object(Tab, Pat, Attr)
 				      [Tab, Pat, Pos]);
 			true ->
 			    abort({bad_type, Tab, Attr, Elem})
-		    end		    
+		    end
 	    end;
 	BadPos ->
 	    abort({bad_type, Tab, BadPos})
@@ -1810,7 +1810,7 @@ do_dirty_rpc(Tab, Node, M, F, Args) ->
 	    %% Sync with mnesia_monitor
 	    try sys:get_status(mnesia_monitor) catch _:_ -> ok end,
 	    case mnesia_controller:call({check_w2r, Node, Tab}) of % Sync
-		NewNode when NewNode =:= Node -> 
+		NewNode when NewNode =:= Node ->
 		    ErrorTag = mnesia_lib:dirty_rpc_error_tag(Reason),
 		    mnesia:abort({ErrorTag, Args});
 		NewNode ->
@@ -1821,9 +1821,9 @@ do_dirty_rpc(Tab, Node, M, F, Args) ->
 			    %% to acquire the lock on the NewNode.
 			    %% In this context we do neither know
 			    %% the kind or granularity of the lock.
-			    %% --> Abort the transaction 
+			    %% --> Abort the transaction
 			    mnesia:abort({node_not_running, Node});
-			{error, {node_not_running, _}} -> 
+			{error, {node_not_running, _}} ->
 			    %% Mnesia is stopping
 			    mnesia:abort({no_exists, Args});
 			_ ->
@@ -1858,21 +1858,21 @@ table_info(_Tid, _Ts, Tab, Item) ->
     any_table_info(Tab, Item).
 
 
-any_table_info(Tab, Item) when is_atom(Tab) ->    
+any_table_info(Tab, Item) when is_atom(Tab) ->
     case Item of
 	master_nodes ->
 	    mnesia_recover:get_master_nodes(Tab);
-%	checkpoints -> 
+%	checkpoints ->
 %	    case ?catch_val({Tab, commit_work}) of
 %		[{checkpoints, List} | _] -> List;
 %		No_chk when is_list(No_chk) ->  [];
 %		Else -> info_reply(Else, Tab, Item)
 %	    end;
-	size -> 
+	size ->
 	    raw_table_info(Tab, Item);
 	memory ->
 	    raw_table_info(Tab, Item);
-	type -> 
+	type ->
 	    case ?catch_val({Tab, setorbag}) of
 		{'EXIT', _} ->
 		    abort({no_exists, Tab, Item});
@@ -1885,8 +1885,8 @@ any_table_info(Tab, Item) when is_atom(Tab) ->
 		    abort({no_exists, Tab, Item});
 		Props ->
 		    lists:map(fun({setorbag, Type}) -> {type, Type};
-				 (Prop) -> Prop end, 
-			      Props) 
+				 (Prop) -> Prop end,
+			      Props)
 	    end;
 	name ->
 	    Tab;
@@ -1927,14 +1927,14 @@ bad_info_reply(_Tab, memory) -> 0;
 bad_info_reply(Tab, Item) -> abort({no_exists, Tab, Item}).
 
 %% Raw info about all tables
-schema() -> 
+schema() ->
     mnesia_schema:info().
 
 %% Raw info about one tables
-schema(Tab) -> 
+schema(Tab) ->
     mnesia_schema:info(Tab).
 
-error_description(Err) -> 
+error_description(Err) ->
     mnesia_lib:error_desc(Err).
 
 info() ->
@@ -1951,18 +1951,18 @@ info() ->
 	    io:format( "---> Processes waiting for locks <--- ~n", []),
 	    lists:foreach(fun({Oid, Op, _Pid, Tid, OwnerTid}) ->
 				  io:format("Tid ~p waits for ~p lock "
-					    "on oid ~p owned by ~p ~n", 
+					    "on oid ~p owned by ~p ~n",
 					    [Tid, Op, Oid, OwnerTid])
 		  end, Queued),
 	    mnesia_tm:display_info(group_leader(), TmInfo),
-	    
+
 	    Pat = {'_', unclear, '_'},
 	    Uncertain = ets:match_object(mnesia_decision, Pat),
 
 	    io:format( "---> Uncertain transactions <--- ~n", []),
 	    lists:foreach(fun({Tid, _, Nodes}) ->
 				  io:format("Tid ~w waits for decision "
-					    "from ~w~n", 
+					    "from ~w~n",
 					    [Tid, Nodes])
 		  end, Uncertain),
 
@@ -2023,15 +2023,15 @@ display_tab_info() ->
     io:format("master node tables = ~p~n", [lists:sort(MasterTabs)]),
 
     Tabs = system_info(tables),
-    
+
     {Unknown, Ram, Disc, DiscOnly} =
 	lists:foldl(fun storage_count/2, {[], [], [], []}, Tabs),
-    
+
     io:format("remote             = ~p~n", [lists:sort(Unknown)]),
     io:format("ram_copies         = ~p~n", [lists:sort(Ram)]),
     io:format("disc_copies        = ~p~n", [lists:sort(Disc)]),
     io:format("disc_only_copies   = ~p~n", [lists:sort(DiscOnly)]),
-    
+
     Rfoldl = fun(T, Acc) ->
 		     Rpat =
 			 case val({T, access_mode}) of
@@ -2041,7 +2041,7 @@ display_tab_info() ->
 				 table_info(T, where_to_commit)
 			 end,
 		     case lists:keysearch(Rpat, 1, Acc) of
-			 {value, {_Rpat, Rtabs}} -> 
+			 {value, {_Rpat, Rtabs}} ->
 			     lists:keyreplace(Rpat, 1, Acc, {Rpat, [T | Rtabs]});
 			 false ->
 			     [{Rpat, [T]} | Acc]
@@ -2161,20 +2161,20 @@ system_info2(fallback_activated) ->
 
 system_info2(version) ->
     case ?catch_val(version) of
-	{'EXIT', _} -> 
+	{'EXIT', _} ->
 	    Apps = application:loaded_applications(),
 	    case lists:keysearch(?APPLICATION, 1, Apps) of
 		{value, {_Name, _Desc, Version}} ->
 		    Version;
 		false ->
 		    %% Ensure that it does not match
-		    {mnesia_not_loaded, node(), now()} 
+		    {mnesia_not_loaded, node(), now()}
 	    end;
 	Version ->
 	    Version
     end;
 
-system_info2(access_module) -> mnesia_monitor:get_env(access_module); 
+system_info2(access_module) -> mnesia_monitor:get_env(access_module);
 system_info2(auto_repair) -> mnesia_monitor:get_env(auto_repair);
 system_info2(is_running) -> mnesia_lib:is_running();
 system_info2(backup_module) -> mnesia_monitor:get_env(backup_module);
@@ -2183,7 +2183,7 @@ system_info2(debug) -> mnesia_monitor:get_env(debug);
 system_info2(dump_log_load_regulation) -> mnesia_monitor:get_env(dump_log_load_regulation);
 system_info2(dump_log_write_threshold) -> mnesia_monitor:get_env(dump_log_write_threshold);
 system_info2(dump_log_time_threshold) -> mnesia_monitor:get_env(dump_log_time_threshold);
-system_info2(dump_log_update_in_place) -> 
+system_info2(dump_log_update_in_place) ->
     mnesia_monitor:get_env(dump_log_update_in_place);
 system_info2(max_wait_for_decision) -> mnesia_monitor:get_env(max_wait_for_decision);
 system_info2(embedded_mnemosyne) -> mnesia_monitor:get_env(embedded_mnemosyne);
@@ -2204,9 +2204,9 @@ system_info2(transaction_failures) -> mnesia_lib:read_counter(trans_failures);
 system_info2(transaction_commits) -> mnesia_lib:read_counter(trans_commits);
 system_info2(transaction_restarts) -> mnesia_lib:read_counter(trans_restarts);
 system_info2(transaction_log_writes) -> mnesia_dumper:get_log_writes();
-system_info2(core_dir) ->  mnesia_monitor:get_env(core_dir); 
-system_info2(no_table_loaders) ->  mnesia_monitor:get_env(no_table_loaders); 
-system_info2(dc_dump_limit) ->  mnesia_monitor:get_env(dc_dump_limit); 
+system_info2(core_dir) ->  mnesia_monitor:get_env(core_dir);
+system_info2(no_table_loaders) ->  mnesia_monitor:get_env(no_table_loaders);
+system_info2(dc_dump_limit) ->  mnesia_monitor:get_env(dc_dump_limit);
 system_info2(send_compressed) -> mnesia_monitor:get_env(send_compressed);
 
 system_info2(Item) -> exit({badarg, Item}).
@@ -2281,7 +2281,7 @@ system_info_items(no) ->
      core_dir,
      version
     ].
-    
+
 system_info() ->
     IsRunning = mnesia_lib:is_running(),
     case IsRunning of
@@ -2308,62 +2308,62 @@ load_mnesia_or_abort() ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Database mgt
 
-create_schema(Ns) -> 
+create_schema(Ns) ->
     mnesia_bup:create_schema(Ns).
 
-delete_schema(Ns) -> 
+delete_schema(Ns) ->
     mnesia_schema:delete_schema(Ns).
 
-backup(Opaque) -> 
+backup(Opaque) ->
     mnesia_log:backup(Opaque).
 
-backup(Opaque, Mod) -> 
+backup(Opaque, Mod) ->
     mnesia_log:backup(Opaque, Mod).
 
-traverse_backup(S, T, Fun, Acc) -> 
+traverse_backup(S, T, Fun, Acc) ->
     mnesia_bup:traverse_backup(S, T, Fun, Acc).
 
-traverse_backup(S, SM, T, TM, F, A) -> 
+traverse_backup(S, SM, T, TM, F, A) ->
     mnesia_bup:traverse_backup(S, SM, T, TM, F, A).
 
-install_fallback(Opaque) -> 
+install_fallback(Opaque) ->
     mnesia_bup:install_fallback(Opaque).
 
-install_fallback(Opaque, Mod) -> 
+install_fallback(Opaque, Mod) ->
     mnesia_bup:install_fallback(Opaque, Mod).
 
-uninstall_fallback() -> 
+uninstall_fallback() ->
     mnesia_bup:uninstall_fallback().
 
-uninstall_fallback(Args) -> 
+uninstall_fallback(Args) ->
     mnesia_bup:uninstall_fallback(Args).
 
-activate_checkpoint(Args) -> 
+activate_checkpoint(Args) ->
     mnesia_checkpoint:activate(Args).
 
-deactivate_checkpoint(Name) -> 
+deactivate_checkpoint(Name) ->
     mnesia_checkpoint:deactivate(Name).
 
-backup_checkpoint(Name, Opaque) -> 
+backup_checkpoint(Name, Opaque) ->
     mnesia_log:backup_checkpoint(Name, Opaque).
 
-backup_checkpoint(Name, Opaque, Mod) -> 
+backup_checkpoint(Name, Opaque, Mod) ->
     mnesia_log:backup_checkpoint(Name, Opaque, Mod).
 
-restore(Opaque, Args) -> 
+restore(Opaque, Args) ->
     mnesia_schema:restore(Opaque, Args).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Table mgt
 
-create_table(Arg) -> 
+create_table(Arg) ->
     mnesia_schema:create_table(Arg).
-create_table(Name, Arg) when is_list(Arg) -> 
+create_table(Name, Arg) when is_list(Arg) ->
     mnesia_schema:create_table([{name, Name}| Arg]);
 create_table(Name, Arg) ->
     {aborted, badarg, Name, Arg}.
 
-delete_table(Tab) -> 
+delete_table(Tab) ->
     mnesia_schema:delete_table(Tab).
 
 add_table_copy(Tab, N, S) ->
@@ -2371,38 +2371,38 @@ add_table_copy(Tab, N, S) ->
 del_table_copy(Tab, N) ->
     mnesia_schema:del_table_copy(Tab, N).
 
-move_table_copy(Tab, From, To) -> 
+move_table_copy(Tab, From, To) ->
     mnesia_schema:move_table(Tab, From, To).
 
-add_table_index(Tab, Ix) -> 
+add_table_index(Tab, Ix) ->
     mnesia_schema:add_table_index(Tab, Ix).
-del_table_index(Tab, Ix) -> 
+del_table_index(Tab, Ix) ->
     mnesia_schema:del_table_index(Tab, Ix).
 
-transform_table(Tab, Fun, NewA) -> 
+transform_table(Tab, Fun, NewA) ->
     case catch val({Tab, record_name}) of
-	{'EXIT', Reason} -> 
+	{'EXIT', Reason} ->
 	    mnesia:abort(Reason);
-	OldRN -> 
+	OldRN ->
 	    mnesia_schema:transform_table(Tab, Fun, NewA, OldRN)
     end.
 
-transform_table(Tab, Fun, NewA, NewRN) -> 
+transform_table(Tab, Fun, NewA, NewRN) ->
     mnesia_schema:transform_table(Tab, Fun, NewA, NewRN).
 
 change_table_copy_type(T, N, S) ->
     mnesia_schema:change_table_copy_type(T, N, S).
 
 clear_table(Tab) ->
-    case get(mnesia_activity_state) of 
+    case get(mnesia_activity_state) of
 	State = {Mod, Tid, _Ts} when element(1, Tid) =/= tid ->
 	    transaction(State, fun() -> do_clear_table(Tab) end, [], infinity, Mod, sync);
-	undefined -> 
+	undefined ->
 	    transaction(undefined, fun() -> do_clear_table(Tab) end, [], infinity, ?DEFAULT_ACCESS, sync);
 	_ -> %% Not allowed for clear_table
 	    mnesia:abort({aborted, nested_transaction})
     end.
-	    
+
 do_clear_table(Tab) ->
     case get(mnesia_activity_state) of
 	{?DEFAULT_ACCESS, Tid, Ts}  ->
@@ -2415,7 +2415,7 @@ do_clear_table(Tab) ->
 
 clear_table(Tid, Ts, Tab, Obj) when element(1, Tid) =:= tid ->
     Store = Ts#tidstore.store,
-    mnesia_locker:wlock_table(Tid, Store, Tab), 
+    mnesia_locker:wlock_table(Tid, Store, Tab),
     Oid = {Tab, '_'},
     ?ets_insert(Store, {Oid, Obj, clear_table}),
     ok.
@@ -2423,26 +2423,26 @@ clear_table(Tid, Ts, Tab, Obj) when element(1, Tid) =:= tid ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Table mgt - user properties
 
-read_table_property(Tab, PropKey) -> 
+read_table_property(Tab, PropKey) ->
     val({Tab, user_property, PropKey}).
 
-write_table_property(Tab, Prop) -> 
+write_table_property(Tab, Prop) ->
     mnesia_schema:write_table_property(Tab, Prop).
 
-delete_table_property(Tab, PropKey) -> 
+delete_table_property(Tab, PropKey) ->
     mnesia_schema:delete_table_property(Tab, PropKey).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Table mgt - user properties
 
-change_table_frag(Tab, FragProp) -> 
+change_table_frag(Tab, FragProp) ->
     mnesia_schema:change_table_frag(Tab, FragProp).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Table mgt - table load
 
 %% Dump a ram table to disc
-dump_tables(Tabs) -> 
+dump_tables(Tabs) ->
     mnesia_schema:dump_tables(Tabs).
 
 %% allow the user to wait for some tables to be loaded
@@ -2455,10 +2455,10 @@ force_load_table(Tab) ->
 	Other -> Other
     end.
 
-change_table_access_mode(T, Access) -> 
+change_table_access_mode(T, Access) ->
     mnesia_schema:change_table_access_mode(T, Access).
 
-change_table_load_order(T, O) -> 
+change_table_load_order(T, O) ->
     mnesia_schema:change_table_load_order(T, O).
 
 change_table_majority(T, M) ->
@@ -2471,13 +2471,13 @@ set_master_nodes(Nodes) when is_list(Nodes) ->
 	yes ->
 	    CsPat = {{'_', cstruct}, '_'},
 	    Cstructs0 = ?ets_match_object(mnesia_gvar, CsPat),
-	    Cstructs = [Cs || {_, Cs} <- Cstructs0], 
+	    Cstructs = [Cs || {_, Cs} <- Cstructs0],
 	    log_valid_master_nodes(Cstructs, Nodes, UseDir, IsRunning);
 	_NotRunning ->
 	    case UseDir of
 		true ->
 		    mnesia_lib:lock_table(schema),
-		    Res = 
+		    Res =
 			case mnesia_schema:read_cstructs_from_disc() of
 			    {ok, Cstructs} ->
 				log_valid_master_nodes(Cstructs, Nodes, UseDir, IsRunning);
@@ -2497,7 +2497,7 @@ log_valid_master_nodes(Cstructs, Nodes, UseDir, IsRunning) ->
     Fun = fun(Cs) ->
 		  Copies = mnesia_lib:copy_holders(Cs),
 		  Valid = mnesia_lib:intersect(Nodes, Copies),
-		  {Cs#cstruct.name, Valid}  
+		  {Cs#cstruct.name, Valid}
 	  end,
     Args = lists:map(Fun, Cstructs),
     mnesia_recover:log_master_nodes(Args, UseDir, IsRunning).
@@ -2523,7 +2523,7 @@ set_master_nodes(Tab, Nodes) when is_list(Nodes) ->
 	    case UseDir of
 		true ->
 		    mnesia_lib:lock_table(schema),
-		    Res = 
+		    Res =
 			case mnesia_schema:read_cstructs_from_disc() of
 			    {ok, Cstructs} ->
 				case lists:keysearch(Tab, 2, Cstructs) of
@@ -2553,7 +2553,7 @@ set_master_nodes(Tab, Nodes) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Misc admin
 
-dump_log() -> 
+dump_log() ->
     mnesia_controller:sync_dump_log(user).
 
 subscribe(What) ->
@@ -2568,10 +2568,10 @@ report_event(Event) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Snmp
 
-snmp_open_table(Tab, Us) -> 
+snmp_open_table(Tab, Us) ->
     mnesia_schema:add_snmp(Tab, Us).
 
-snmp_close_table(Tab) ->  
+snmp_close_table(Tab) ->
     mnesia_schema:del_snmp(Tab).
 
 snmp_get_row(Tab, RowIndex) when is_atom(Tab), Tab /= schema, is_list(RowIndex) ->
@@ -2583,26 +2583,26 @@ snmp_get_row(Tab, RowIndex) when is_atom(Tab), Tab /= schema, is_list(RowIndex)
 		    SnmpType = val({Tab,snmp}),
 		    Fix = fun({{_,Key},Row,Op}, Res) ->
 				  case mnesia_snmp_hook:key_to_oid(Tab,Key,SnmpType) of
-				      RowIndex -> 
+				      RowIndex ->
 					  case Op of
 					      write -> {ok, Row};
 					      _ ->
 						  undefined
 					  end;
-				      _ -> 
+				      _ ->
 					  Res
 				  end
 			  end,
 		    lists:foldl(Fix, undefined, Ops);
 		Key ->
 		    case Mod:read(Tid, Ts, Tab, Key, read) of
-			[Row] ->  
+			[Row] ->
 			    {ok, Row};
-			_ -> 
+			_ ->
 			    undefined
 		    end
 	    end;
- 	_ -> 
+	_ ->
  	    dirty_rpc(Tab, mnesia_snmp_hook, get_row, [Tab, RowIndex])
     end;
 snmp_get_row(Tab, _RowIndex) ->
@@ -2613,7 +2613,7 @@ snmp_get_row(Tab, _RowIndex) ->
 snmp_get_next_index(Tab, RowIndex) when is_atom(Tab), Tab /= schema, is_list(RowIndex) ->
     {Next,OrigKey} = dirty_rpc(Tab, mnesia_snmp_hook, get_next_index, [Tab, RowIndex]),
     case get(mnesia_activity_state) of
- 	{_Mod, Tid, #tidstore{store=Store}} when element(1, Tid) =:= tid ->		
+	{_Mod, Tid, #tidstore{store=Store}} when element(1, Tid) =:= tid ->
 	    case OrigKey of
 		undefined ->
 		    snmp_order_keys(Store, Tab, RowIndex, []);
@@ -2639,7 +2639,7 @@ snmp_get_next_index(Tab, _RowIndex) ->
 snmp_order_keys(Store,Tab,RowIndex,Def) ->
     All = ?ets_match(Store, {{Tab,'$1'},'_','$2'}),
     SnmpType = val({Tab,snmp}),
-    Keys0 = [mnesia_snmp_hook:key_to_oid(Tab,Key,SnmpType) || 
+    Keys0 = [mnesia_snmp_hook:key_to_oid(Tab,Key,SnmpType) ||
 		Key <- ts_keys_1(All, Def)],
     Keys = lists:sort(Keys0),
     get_ordered_snmp_key(RowIndex,Keys).
@@ -2648,7 +2648,7 @@ get_ordered_snmp_key(Prev, [First|_]) when Prev < First -> {ok, First};
 get_ordered_snmp_key(Prev, [_|R]) ->
     get_ordered_snmp_key(Prev, R);
 get_ordered_snmp_key(_, []) ->
-    endOfTable.	       
+    endOfTable.
 
 %%%%%%%%%%
 
@@ -2657,7 +2657,7 @@ snmp_get_mnesia_key(Tab, RowIndex) when is_atom(Tab), Tab /= schema, is_list(Row
  	{_Mod, Tid, Ts} when element(1, Tid) =:= tid ->
 	    Res = dirty_rpc(Tab,mnesia_snmp_hook,get_mnesia_key,[Tab,RowIndex]),
 	    snmp_filter_key(Res, RowIndex, Tab, Ts#tidstore.store);
-	_ -> 
+	_ ->
 	    dirty_rpc(Tab, mnesia_snmp_hook, get_mnesia_key, [Tab, RowIndex])
     end;
 snmp_get_mnesia_key(Tab, _RowIndex) ->
@@ -2670,7 +2670,7 @@ snmp_oid_to_mnesia_key(RowIndex, Tab) ->
 		{ok, MnesiaKey} -> MnesiaKey;
 		undefined -> unknown
 	    end;
-	MnesiaKey -> 
+	MnesiaKey ->
 	    MnesiaKey
     end.
 
@@ -2690,20 +2690,20 @@ snmp_filter_key(undefined, RowIndex, Tab, Store) ->
 	    SnmpType = val({Tab,snmp}),
 	    Fix = fun({{_,Key},_,Op}, Res) ->
 			  case mnesia_snmp_hook:key_to_oid(Tab,Key,SnmpType) of
-			      RowIndex -> 
+			      RowIndex ->
 				  case Op of
 				      write -> {ok, Key};
 				      _ ->
 					  undefined
 				  end;
-			      _ -> 
+			      _ ->
 				  Res
 			  end
 		  end,
 	    lists:foldl(Fix, undefined, Ops);
 	Key ->
 	    case ?ets_lookup(Store, {Tab,Key}) of
-		[] -> 
+		[] ->
 		    undefined;
 		Ops ->
 		    case lists:last(Ops) of
@@ -2716,9 +2716,9 @@ snmp_filter_key(undefined, RowIndex, Tab, Store) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Textfile access
 
-load_textfile(F) -> 
+load_textfile(F) ->
     mnesia_text:load_textfile(F).
-dump_to_textfile(F) -> 
+dump_to_textfile(F) ->
     mnesia_text:dump_to_textfile(F).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -2727,7 +2727,7 @@ dump_to_textfile(F) ->
 table(Tab) ->
     table(Tab, []).
 table(Tab,Opts) ->
-    {[Trav,Lock,NObjects],QlcOptions0} = 
+    {[Trav,Lock,NObjects],QlcOptions0} =
 	qlc_opts(Opts,[{traverse,select},{lock,read},{n_objects,100}]),
     TF = case Trav of
 	     {select,Ms} ->
@@ -2740,10 +2740,10 @@ table(Tab,Opts) ->
     Pre  = fun(Arg) -> pre_qlc(Arg, Tab) end,
     Post = fun()  -> post_qlc(Tab) end,
     Info = fun(Tag) -> qlc_info(Tab, Tag) end,
-    ParentFun = fun() -> 
-			{mnesia_activity, mnesia:get_activity_id()} 
+    ParentFun = fun() ->
+			{mnesia_activity, mnesia:get_activity_id()}
 		end,
-    Lookup = 
+    Lookup =
 	case Trav of
 	    {select, _} -> [];
 	    _ ->
@@ -2757,27 +2757,27 @@ table(Tab,Opts) ->
 		[{lookup_fun, LFun}]
 	end,
     MFA  = fun(Type) -> qlc_format(Type, Tab, NObjects, Lock, Opts) end,
-    QlcOptions = [{pre_fun, Pre}, {post_fun, Post}, 
-		  {info_fun, Info}, {parent_fun, ParentFun}, 
+    QlcOptions = [{pre_fun, Pre}, {post_fun, Post},
+		  {info_fun, Info}, {parent_fun, ParentFun},
 		  {format_fun, MFA}|Lookup] ++ QlcOptions0,
     qlc:table(TF, QlcOptions).
 
 pre_qlc(Opts, Tab) ->
-    {_,Tid,_} = 
+    {_,Tid,_} =
 	case get(mnesia_activity_state) of
 	    undefined ->
 		case lists:keysearch(parent_value, 1, Opts) of
 		    {value, {parent_value,{mnesia_activity,undefined}}} ->
 			abort(no_transaction);
 		    {value, {parent_value,{mnesia_activity,Aid}}} ->
-			{value,{stop_fun,Stop}} = 
+			{value,{stop_fun,Stop}} =
 			    lists:keysearch(stop_fun,1,Opts),
 			put_activity_id(Aid,Stop),
 			Aid;
 		    _ ->
 			abort(no_transaction)
 		end;
-	    Else -> 
+	    Else ->
 		Else
 	end,
     case element(1,Tid) of
@@ -2785,9 +2785,9 @@ pre_qlc(Opts, Tab) ->
 	_ ->
 	    case ?catch_val({Tab, setorbag}) of
 		ordered_set ->   ok;
-		_ -> 
+		_ ->
 		    dirty_rpc(Tab, mnesia_tm, fixtable, [Tab,true,self()]),
-		    ok	    
+		    ok
 	    end
     end.
 
@@ -2806,7 +2806,7 @@ post_qlc(Tab) ->
 
 qlc_select('$end_of_table') ->     [];
 qlc_select({[], Cont}) -> qlc_select(select(Cont));
-qlc_select({Objects, Cont}) -> 
+qlc_select({Objects, Cont}) ->
     Objects ++ fun() -> qlc_select(select(Cont)) end.
 
 qlc_opts(Opts, Keys) when is_list(Opts) ->
@@ -2826,7 +2826,7 @@ qlc_opts(Opts,[],Acc) -> {lists:reverse(Acc),Opts}.
 
 qlc_info(Tab, num_of_objects) ->
     dirty_rpc(Tab, ?MODULE, raw_table_info, [Tab, size]);
-qlc_info(_, keypos) ->    2;         
+qlc_info(_, keypos) ->    2;
 qlc_info(_, is_unique_objects) ->    true;
 qlc_info(Tab, is_unique_keys) ->
     case val({Tab, type}) of
@@ -2836,9 +2836,9 @@ qlc_info(Tab, is_unique_keys) ->
     end;
 qlc_info(Tab, is_sorted_objects) ->
     case val({Tab, type}) of
-	ordered_set -> 
+	ordered_set ->
 	    case ?catch_val({Tab, frag_hash}) of
-		{'EXIT', _} -> 
+		{'EXIT', _} ->
 		    ascending;
 		_ ->  %% Fragmented tables are not ordered
 		    no
@@ -2856,11 +2856,11 @@ qlc_format({match_spec, Ms}, Tab, NObjects, Lock, Opts) ->
     {?MODULE, table, [Tab,[{traverse,{select,Ms}},{n_objects, NObjects}, {lock,Lock}|Opts]]};
 qlc_format({lookup, 2, Keys}, Tab, _, Lock, _) ->
     io_lib:format("lists:flatmap(fun(V) -> "
-		  "~w:read(~w, V, ~w) end, ~w)", 
+		  "~w:read(~w, V, ~w) end, ~w)",
 		  [?MODULE, Tab, Lock, Keys]);
 qlc_format({lookup, Index,Keys}, Tab, _, _, _) ->
     io_lib:format("lists:flatmap(fun(V) -> "
-		  "~w:index_read(~w, V, ~w) end, ~w)", 
+		  "~w:index_read(~w, V, ~w) end, ~w)",
 		  [?MODULE, Tab, Index, Keys]).
 
 
@@ -2874,7 +2874,7 @@ do_fixtable(Tab, Store) ->
 	    ok;
 	_ ->
 	    case ?ets_match_object(Store, {fixtable, {Tab, '_'}}) of
-		[] -> 
+		[] ->
 		    Node = dirty_rpc(Tab, mnesia_tm, fixtable, [Tab,true,self()]),
 		    ?ets_insert(Store, {fixtable, {Tab, Node}});
 		_ ->
@@ -2886,10 +2886,10 @@ do_fixtable(Tab, Store) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Mnemosyne exclusive
 
-get_activity_id() -> 
+get_activity_id() ->
     get(mnesia_activity_state).
 
-put_activity_id(Activity) -> 
+put_activity_id(Activity) ->
     mnesia_tm:put_activity_id(Activity).
-put_activity_id(Activity,Fun) -> 
+put_activity_id(Activity,Fun) ->
     mnesia_tm:put_activity_id(Activity,Fun).
diff --git a/lib/mnesia/src/mnesia.hrl b/lib/mnesia/src/mnesia.hrl
index 2375b72d59..2855792646 100644
--- a/lib/mnesia/src/mnesia.hrl
+++ b/lib/mnesia/src/mnesia.hrl
@@ -70,6 +70,7 @@
 		  attributes = [key, val],         % [Atom]
 		  user_properties = [],            % [Record]
 		  frag_properties = [],            % [{Key, Val]
+		  storage_properties = [],         % [{Key, Val]
                   cookie = ?unique_cookie,         % Term
                   version = {{2, 0}, []}}).        % {{Integer, Integer}, [Node]}
 
diff --git a/lib/mnesia/src/mnesia_backup.erl b/lib/mnesia/src/mnesia_backup.erl
index f372ca0be5..736f2ed9bf 100644
--- a/lib/mnesia/src/mnesia_backup.erl
+++ b/lib/mnesia/src/mnesia_backup.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -56,14 +56,14 @@
 
 -export([
 	 %% Write access
-         open_write/1, 
-	 write/2, 
-	 commit_write/1, 
+         open_write/1,
+	 write/2,
+	 commit_write/1,
 	 abort_write/1,
 
 	 %% Read access
-         open_read/1, 
-	 read/1, 
+         open_read/1,
+	 read/1,
 	 close_read/1
         ]).
 
diff --git a/lib/mnesia/src/mnesia_bup.erl b/lib/mnesia/src/mnesia_bup.erl
index 14414537b9..fd87be1759 100644
--- a/lib/mnesia/src/mnesia_bup.erl
+++ b/lib/mnesia/src/mnesia_bup.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -62,7 +62,7 @@
                         fallback_tmp,
                         skip_tables = [],
                         keep_tables = [],
-                        default_op = keep_tables                       
+                        default_op = keep_tables
                        }).
 
 -type fallback_args() :: #fallback_args{}.
@@ -134,7 +134,7 @@ abort_restore(R, What, Args, Reason) ->
             [Mod, What, Args, Reason]),
     catch apply(Mod, close_read, [Opaque]),
     throw({error, Reason}).
-            
+
 fallback_to_schema() ->
     Fname = fallback_bup(),
     fallback_to_schema(Fname).
@@ -146,14 +146,14 @@ fallback_to_schema(Fname) ->
             {error, Reason};
         Schema ->
             case catch lookup_schema(schema, Schema) of
-                {error, _} -> 
+                {error, _} ->
                     {error, "No schema in fallback"};
                 List ->
                     {ok, fallback, List}
             end
     end.
 
-%% Opens Opaque reads schema and then close 
+%% Opens Opaque reads schema and then close
 read_schema(Mod, Opaque) ->
     R = #restore{bup_module = Mod, bup_data = Opaque},
     case catch read_schema_section(R) of
@@ -163,7 +163,7 @@ read_schema(Mod, Opaque) ->
             catch safe_apply(R2, close_read, [R2#restore.bup_data]),
             Schema
     end.
-    
+
 %% Open backup media and extract schema
 %% rewind backup media and leave it open
 %% Returns {R, {Header, Schema}}
@@ -227,7 +227,7 @@ refresh_cookie(Schema, NewCookie) ->
             Cs2 = Cs#cstruct{cookie = NewCookie},
             Item = {schema, schema, mnesia_schema:cs2list(Cs2)},
             lists:keyreplace(schema, 2, Schema, Item);
-        
+
         false ->
             Reason = "No schema found. Cannot be used as backup.",
             throw({error, {Reason, Schema}})
@@ -273,7 +273,7 @@ convert_0_1([{schema, db_nodes, DbNodes} | Schema], Acc, Cs) ->
 convert_0_1([{schema, version, Version} | Schema], Acc, Cs) ->
     convert_0_1(Schema, Acc, Cs#cstruct{version = Version});
 convert_0_1([{schema, Tab, Def} | Schema], Acc, Cs) ->
-    Head = 
+    Head =
         case lists:keysearch(index, 1, Def) of
             {value, {index, PosList}} ->
                 %% Remove the snmp "index"
@@ -334,7 +334,7 @@ create_schema(Ns, ok) ->
     case mnesia_lib:ensure_loaded(?APPLICATION) of
         ok ->
             case mnesia_monitor:get_env(schema_location) of
-                ram -> 
+                ram ->
                     {error, {has_no_disc, node()}};
                 _ ->
                     case mnesia_schema:opt_create_dir(true, mnesia_lib:dir()) of
@@ -358,7 +358,7 @@ create_schema(Ns, ok) ->
                                     {error, Reason}
                             end
                     end
-            end;        
+            end;
         {error, Reason} ->
             {error, Reason}
     end;
@@ -434,7 +434,7 @@ check_fallback_args([Arg | Tail], FA) ->
 check_fallback_args([], FA) ->
     {ok, FA}.
 
-check_fallback_arg_type(Arg, FA) ->    
+check_fallback_arg_type(Arg, FA) ->
     case Arg of
         {scope, global} ->
             FA#fallback_args{scope = global};
@@ -462,10 +462,10 @@ atom_list([H | T]) when is_atom(H) ->
     atom_list(T);
 atom_list([]) ->
     ok.
-    
+
 do_install_fallback(FA) ->
     Pid = spawn_link(?MODULE, install_fallback_master, [self(), FA]),
-    Res = 
+    Res =
         receive
             {'EXIT', Pid, Reason} -> % if appl has trapped exit
                 {error, {'EXIT', Reason}};
@@ -506,7 +506,7 @@ restore_recs(Recs, Header, Schema, {start, FA}) ->
             Pids = [spawn_link(N, ?MODULE, fallback_receiver, Args) || N <- Ns],
             send_fallback(Pids, {start, Header, Schema2}),
             Res = restore_recs(Recs, Header, Schema2, Pids),
-            global:del_lock({{mnesia_table_lock, schema}, self()}, Ns), 
+            global:del_lock({{mnesia_table_lock, schema}, self()}, Ns),
             Res
     end;
 
@@ -578,7 +578,7 @@ fallback_tmp_name() -> "FALLBACK.TMP".
 -spec fallback_receiver(pid(), fallback_args()) -> no_return().
 fallback_receiver(Master, FA) ->
     process_flag(trap_exit, true),
-    
+
     case catch register(mnesia_fallback, self()) of
         {'EXIT', _} ->
             Reason = {already_exists, node()},
@@ -610,7 +610,7 @@ local_fallback_error(Master, Reason) ->
     Master ! {self(), {error, Reason}},
     unlink(Master),
     exit(Reason).
-    
+
 check_fallback_dir(Master, FA) ->
     case mnesia:system_info(schema_location) of
         ram ->
@@ -659,7 +659,7 @@ fallback_receiver_loop(Master, R, FA, State) ->
             R2 = safe_apply(R, write, [R#restore.bup_data, Recs]),
             Master ! {self(), ok},
             fallback_receiver_loop(Master, R2, FA, records);
-        
+
         {Master, swap} when State =/= schema ->
             ?eval_debug_fun({?MODULE, fallback_receiver_loop, pre_swap}, []),
             safe_apply(R, commit_write, [R#restore.bup_data]),
@@ -834,7 +834,7 @@ create_dat_files([{schema, Tab, TabDef} | Tail], LocalTabs) ->
             ok = dets:delete(schema, {schema, Tab}),
             create_dat_files(Tail, LocalTabs);
         Storage =:= disc_only_copies ->
-            Args = [{file, TmpFile}, {keypos, 2}, 
+            Args = [{file, TmpFile}, {keypos, 2},
                     {type, mnesia_lib:disk_type(Tab, Cs#cstruct.type)}],
             Open = fun(T, LT) when T =:= LT#local_tab.name ->
                            case mnesia_lib:dets_sync_open(T, Args) of
@@ -861,9 +861,9 @@ create_dat_files([{schema, Tab, TabDef} | Tail], LocalTabs) ->
 	    Swap = fun(T, LT) when T =:= LT#local_tab.name ->
 			   Expunge(),
 			   case LT#local_tab.opened of
-			       true -> 
+			       true ->
 				   Close(T,LT);
-			       false -> 
+			       false ->
 				   Open(T,LT),
 				   Close(T,LT)
 			   end,
@@ -887,8 +887,8 @@ create_dat_files([{schema, Tab, TabDef} | Tail], LocalTabs) ->
 	    create_dat_files(Tail, LocalTabs);
         Storage =:= ram_copies; Storage =:= disc_copies ->
 	    Open = fun(T, LT) when T =:= LT#local_tab.name ->
-			   mnesia_log:open_log({?MODULE, T}, 
-					       mnesia_log:dcl_log_header(), 
+			   mnesia_log:open_log({?MODULE, T},
+					       mnesia_log:dcl_log_header(),
 					       TmpFile,
 					       false,
 					       false,
@@ -917,7 +917,7 @@ create_dat_files([{schema, Tab, TabDef} | Tail], LocalTabs) ->
 			       true ->
 				   Log = mnesia_log:open_log(fallback_tab,
 							     mnesia_log:dcd_log_header(),
-							     DcdFile, 
+							     DcdFile,
 							     false),
 				   mnesia_log:close_log(Log),
 				   case LT#local_tab.opened of
@@ -926,7 +926,7 @@ create_dat_files([{schema, Tab, TabDef} | Tail], LocalTabs) ->
 				       false ->
 					   Open(T,LT),
 					   Close(T,LT)
-				   end,				   
+				   end,
 				   case file:rename(TmpFile, DclFile) of
 				       ok ->
 					   ok;
@@ -959,7 +959,7 @@ create_dat_files([], _LocalTabs) ->
     ok.
 
 uninstall_fallback() ->
-    uninstall_fallback([{scope, global}]).    
+    uninstall_fallback([{scope, global}]).
 
 uninstall_fallback(Args) ->
     case check_fallback_args(Args, #fallback_args{}) of
@@ -969,7 +969,7 @@ uninstall_fallback(Args) ->
             {error, Reason}
     end.
 
-do_uninstall_fallback(FA) ->    
+do_uninstall_fallback(FA) ->
     %% Ensure that we access the intended Mnesia
     %% directory. This function may not be called
     %% during startup since it will cause the
@@ -1040,11 +1040,11 @@ do_uninstall(_ClientPid, [], GoodPids, BadNodes, BadRes) ->
 
 local_uninstall_fallback(Master, FA) ->
     %% Don't trap exit
-    
+
     register(mnesia_fallback, self()),        % May exit
     FA2 = check_fallback_dir(Master, FA), % May exit
     Master ! {self(), started},
-    
+
     receive
         {Master, do_uninstall} ->
             ?eval_debug_fun({?MODULE, uninstall_fallback2, pre_delete}, []),
@@ -1052,7 +1052,7 @@ local_uninstall_fallback(Master, FA) ->
             Tmp = FA2#fallback_args.fallback_tmp,
             Bup = FA2#fallback_args.fallback_bup,
             file:delete(Tmp),
-            Res = 
+            Res =
                 case fallback_exists(Bup) of
                     true -> file:delete(Bup);
                     false -> ok
@@ -1079,7 +1079,7 @@ rec_uninstall(ClientPid, [], Res) ->
     ClientPid ! {self(), Res},
     unlink(ClientPid),
     exit(normal).
-    
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Backup traversal
 
@@ -1130,7 +1130,7 @@ do_traverse_backup(ClientPid, Source, SourceMod, Target, TargetMod, Fun, Acc) ->
         if
             TargetMod =/= read_only ->
                 case catch do_apply(TargetMod, open_write, [Target], Target) of
-                    {error, Error} -> 
+                    {error, Error} ->
                         unlink(ClientPid),
                         ClientPid ! {iter_done, self(), {error, Error}},
                         exit(Error);
@@ -1140,15 +1140,15 @@ do_traverse_backup(ClientPid, Source, SourceMod, Target, TargetMod, Fun, Acc) ->
                 ignore
         end,
     A = {start, Fun, Acc, TargetMod, Iter},
-    Res = 
+    Res =
         case iterate(SourceMod, fun trav_apply/4, Source, A) of
             {ok, {iter, _, Acc2, _, Iter2}} when TargetMod =/= read_only ->
                 case catch do_apply(TargetMod, commit_write, [Iter2], Iter2) of
-                    {error, Reason} -> 
+                    {error, Reason} ->
                         {error, Reason};
-                    _ -> 
+                    _ ->
                         {ok, Acc2}
-                end;            
+                end;
             {ok, {iter, _, Acc2, _, _}} ->
                 {ok, Acc2};
             {error, Reason} when TargetMod =/= read_only->
diff --git a/lib/mnesia/src/mnesia_controller.erl b/lib/mnesia/src/mnesia_controller.erl
index 6a561394d5..d488a33d67 100644
--- a/lib/mnesia/src/mnesia_controller.erl
+++ b/lib/mnesia/src/mnesia_controller.erl
@@ -107,14 +107,14 @@
 
 -include("mnesia.hrl").
 
--define(SERVER_NAME, ?MODULE).  
+-define(SERVER_NAME, ?MODULE).
 
 -record(state, {supervisor,
 		schema_is_merged = false,
 		early_msgs = [],
-		loader_pid = [],     %% Was Pid is now [{Pid,Work}|..] 
+		loader_pid = [],     %% Was Pid is now [{Pid,Work}|..]
 		loader_queue,        %% Was list is now gb_tree
-		sender_pid = [],     %% Was a pid or undef is now [{Pid,Work}|..] 
+		sender_pid = [],     %% Was a pid or undef is now [{Pid,Work}|..]
 		sender_queue =  [],
 		late_loader_queue,   %% Was list is now gb_tree
 		dumper_pid,          %% Dumper or schema commit pid
@@ -124,12 +124,12 @@
 		is_stopping = false
 	       }).
 %% Backwards Comp. Sender_pid is now a list of senders..
-get_senders(#state{sender_pid = Pids}) when is_list(Pids) -> Pids.    
+get_senders(#state{sender_pid = Pids}) when is_list(Pids) -> Pids.
 %% Backwards Comp. loader_pid is now a list of loaders..
-get_loaders(#state{loader_pid = Pids}) when is_list(Pids) -> Pids.    
+get_loaders(#state{loader_pid = Pids}) when is_list(Pids) -> Pids.
 max_loaders() ->
     case ?catch_val(no_table_loaders) of
-	{'EXIT', _} -> 
+	{'EXIT', _} ->
 	    mnesia_lib:set(no_table_loaders,1),
 	    1;
 	Val -> Val
@@ -153,7 +153,7 @@ max_loaders() ->
 		     remote_storage
 		    }).
 
--record(disc_load, {table, 
+-record(disc_load, {table,
 		    reason,
 		    opt_reply_to
 		   }).
@@ -184,7 +184,7 @@ max_loaders() ->
 
 val(Var) ->
     case ?catch_val(Var) of
-	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason); 
+	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason);
 	Value -> Value
     end.
 
@@ -199,7 +199,7 @@ sync_dump_log(InitBy) ->
 
 async_dump_log(InitBy) ->
     ?SERVER_NAME ! {async_dump_log, InitBy}.
-    
+
 %% Wait for tables to be active
 %% If needed, we will wait for Mnesia to start
 %% If Mnesia stops, we will wait for Mnesia to restart
@@ -227,7 +227,7 @@ do_wait_for_tables(Tabs, Timeout) ->
 	    exit(Pid, timeout),
 	    reply_wait(Tabs)
     end.
-	
+
 reply_wait(Tabs) ->
     case catch mnesia_lib:active_tables() of
 	{'EXIT', _} ->
@@ -270,7 +270,7 @@ rec_tabs([Tab | Tabs], AllTabs, From, Init) ->
 	    %% This will trigger an exit signal
 	    %% to mnesia_init
 	    exit(wait_for_tables_timeout);
-	
+
 	{'EXIT', Init, _} ->
 	    %% Oops, mnesia_init stopped,
 	    exit(mnesia_stopped)
@@ -279,11 +279,8 @@ rec_tabs([], _, _, Init) ->
     unlink(Init),
     ok.
 
-%% New function that does exactly what get_cstructs() used to do.
-%% When this function is called, we know that the calling node knows
-%% how to convert cstructs on the receiving end (should they differ).
 get_remote_cstructs() ->
-    call(get_cstructs).
+    get_cstructs().  %% Sigh not forward compatible always check version
 
 %% Old function kept for backwards compatibility; converts cstructs before sending.
 get_cstructs() ->
@@ -319,7 +316,7 @@ get_network_copy(Tab, Cs) ->
 %   We can't let the controller queue this one
 %   because that may cause a deadlock between schema_operations
 %   and initial tableloadings which both takes schema locks.
-%   But we have to get copier_done msgs when the other side 
+%   But we have to get copier_done msgs when the other side
 %   goes down.
     call({add_other, self()}),
     Reason = {dumper,add_table_copy},
@@ -341,14 +338,14 @@ get_network_copy(Tab, Cs) ->
  		    ignore
  	    end,
  	    Res#loader_done.reply;
- 	#loader_done{} -> 
+	#loader_done{} ->
  	    Res#loader_done.reply;
  	Else ->
  	    {not_loaded, Else}
     end.
 
 %% This functions is invoked from the dumper
-%% 
+%%
 %% There are two cases here:
 %% startup ->
 %%   no need for sync, since mnesia_controller not started yet
@@ -380,11 +377,11 @@ force_load_table(Tab) when is_atom(Tab), Tab /= schema ->
     end;
 force_load_table(Tab) ->
     {error, {bad_type, Tab}}.
-    
+
 do_force_load_table(Tab) ->
     Loaded = ?catch_val({Tab, load_reason}),
     case Loaded of
-	unknown -> 
+	unknown ->
 	    set({Tab, load_by_force}, true),
 	    mnesia_late_loader:async_late_disc_load(node(), [Tab], forced_by_user),
 	    wait_for_tables([Tab], infinity);
@@ -394,7 +391,7 @@ do_force_load_table(Tab) ->
 	    wait_for_tables([Tab], infinity);
 	_ ->
 	    ok
-    end.    
+    end.
 master_nodes_updated(schema, _Masters) ->
     ignore;
 master_nodes_updated(Tab, Masters) ->
@@ -438,15 +435,15 @@ connect_nodes(Ns) ->
     connect_nodes(Ns, fun default_merge/1).
 
 connect_nodes(Ns, UserFun) ->
-    case mnesia:system_info(is_running) of 
+    case mnesia:system_info(is_running) of
 	no ->
 	    {error, {node_not_running, node()}};
-	yes ->	  	   
+	yes ->
 	    Pid = spawn_link(?MODULE,connect_nodes2,[self(),Ns, UserFun]),
-	    receive 
-		{?MODULE, Pid, Res, New} -> 
+	    receive
+		{?MODULE, Pid, Res, New} ->
 		    case Res of
-			ok -> 
+			ok ->
 			    mnesia_lib:add_list(extra_db_nodes, New),
 			    {ok, New};
 			{aborted, {throw, Str}} when is_list(Str) ->
@@ -454,8 +451,8 @@ connect_nodes(Ns, UserFun) ->
 			    {error, {merge_schema_failed, lists:flatten(Str)}};
 			Else ->
 			    {error, Else}
-		    end;	    
-		{'EXIT', Pid, Reason} -> 
+		    end;
+		{'EXIT', Pid, Reason} ->
 		    {error, Reason}
 	    end
     end.
@@ -466,16 +463,16 @@ connect_nodes2(Father, Ns, UserFun) ->
     {NewC, OldC} = mnesia_recover:connect_nodes(Ns),
     Connected = NewC ++OldC,
     New1 = mnesia_lib:intersect(Ns, Connected),
-    New = New1 -- Current,    
+    New = New1 -- Current,
     process_flag(trap_exit, true),
     Res = try_merge_schema(New, [], UserFun),
     Msg = {schema_is_merged, [], late_merge, []},
     multicall([node()|Ns], Msg),
-    After = val({current, db_nodes}),    
+    After = val({current, db_nodes}),
     Father ! {?MODULE, self(), Res, mnesia_lib:intersect(Ns,After)},
     unlink(Father),
     ok.
-    
+
 %% Merge the local schema with the schema on other nodes.
 %% But first we must let all processes that want to force
 %% load tables wait until the schema merge is done.
@@ -483,7 +480,7 @@ connect_nodes2(Father, Ns, UserFun) ->
 merge_schema() ->
     AllNodes = mnesia_lib:all_nodes(),
     case try_merge_schema(AllNodes, [node()], fun default_merge/1) of
-	ok -> 
+	ok ->
 	    schema_is_merged();
 	{aborted, {throw, Str}} when is_list(Str) ->
 	    fatal("Failed to merge schema: ~s~n", [Str]);
@@ -535,7 +532,7 @@ im_running(OldFriends, NewFriends) ->
 schema_is_merged() ->
     MsgTag = schema_is_merged,
     SafeLoads = initial_safe_loads(),
-    
+
     %% At this point we do not know anything about
     %% which tables that the other nodes already
     %% has loaded and therefore we let the normal
@@ -545,7 +542,7 @@ schema_is_merged() ->
     %% that all nodes tells each other directly
     %% when they have loaded a table and are
     %% willing to share it.
-    
+
     try_schedule_late_disc_load(SafeLoads, initial, MsgTag).
 
 
@@ -589,7 +586,7 @@ remote_call(Node, Func, Args) ->
 	Else ->
 	    Else
     end.
-    
+
 multicall(Nodes, Msg) ->
     {Good, Bad} = gen_server:multi_call(Nodes, ?MODULE, Msg, infinity),
     PatchedGood = [Reply || {_Node, Reply} <- Good],
@@ -621,9 +618,9 @@ init([Parent]) ->
     Msg = {async_dump_log, time_threshold},
     {ok, Ref} = timer:send_interval(Interval, Msg),
     mnesia_dumper:start_regulator(),
-    
+
     Empty = gb_trees:empty(),
-    {ok, #state{supervisor = Parent, dump_log_timer_ref = Ref, 
+    {ok, #state{supervisor = Parent, dump_log_timer_ref = Ref,
 		loader_queue = Empty,
 		late_loader_queue = Empty}}.
 
@@ -656,17 +653,17 @@ handle_call(block_controller, From, State) ->
 
 handle_call({update,Fun}, From, State) ->
     Res = (catch Fun()),
-    reply(From, Res), 
+    reply(From, Res),
     noreply(State);
 
 handle_call(get_cstructs, From, State) ->
     Tabs = val({schema, tables}),
     Cstructs = [val({T, cstruct}) || T <- Tabs],
     Running = val({current, db_nodes}),
-    reply(From, {cstructs, Cstructs, Running}), 
+    reply(From, {cstructs, Cstructs, Running}),
     noreply(State);
 
-handle_call({schema_is_merged, [], late_merge, []}, From, 
+handle_call({schema_is_merged, [], late_merge, []}, From,
 	    State = #state{schema_is_merged = Merged}) ->
     case Merged of
 	{false, Node} when Node == node(From) ->
@@ -697,8 +694,8 @@ handle_call(disc_load_intents,From,State = #state{loader_queue=LQ,late_loader_qu
 
 handle_call({update_where_to_write, [add, Tab, AddNode], _From}, _Dummy, State) ->
     Current = val({current, db_nodes}),
-    Res = 
-	case lists:member(AddNode, Current) and 
+    Res =
+	case lists:member(AddNode, Current) and
 	    (State#state.schema_is_merged == true) of
 	    true ->
 		mnesia_lib:add_lsort({Tab, where_to_write}, AddNode),
@@ -732,7 +729,7 @@ handle_call({add_active_replica, [Tab, ToNode, RemoteS, AccessMode], From},
 	    noreply(State#state{early_msgs = [{call, Msg, undefined} | Msgs]})
     end;
 
-handle_call({unannounce_add_table_copy, [Tab, Node], From}, ReplyTo, State) ->    
+handle_call({unannounce_add_table_copy, [Tab, Node], From}, ReplyTo, State) ->
     KnownNode = lists:member(node(From), val({current, db_nodes})),
     Merged = State#state.schema_is_merged,
     if
@@ -752,16 +749,16 @@ handle_call({unannounce_add_table_copy, [Tab, Node], From}, ReplyTo, State) ->
     end;
 
 handle_call({net_load, Tab, Cs}, From, State) ->
-    State2 = 
+    State2 =
 	case State#state.schema_is_merged of
-	    true -> 	    
+	    true ->
 		Worker = #net_load{table = Tab,
 				   opt_reply_to = From,
 				   reason = {dumper,add_table_copy},
 				   cstruct = Cs
 				  },
 		add_worker(Worker, State);
-	    false -> 
+	    false ->
 		reply(From, {not_loaded, schema_not_merged}),
 		State
 	end,
@@ -804,16 +801,16 @@ handle_call({add_other, Who}, _From, State = #state{others=Others0}) ->
 handle_call({del_other, Who}, _From, State = #state{others=Others0}) ->
     Others = lists:delete(Who, Others0),
     {reply, ok, State#state{others=Others}};
-	    
+
 handle_call(Msg, _From, State) ->
     error("~p got unexpected call: ~p~n", [?SERVER_NAME, Msg]),
     noreply(State).
 
-late_disc_load(TabsR, Reason, RemoteLoaders, From, 
+late_disc_load(TabsR, Reason, RemoteLoaders, From,
 	       State = #state{loader_queue = LQ, late_loader_queue = LLQ}) ->
     verbose("Intend to load tables: ~p~n", [TabsR]),
     ?eval_debug_fun({?MODULE, late_disc_load},
-		    [{tabs, TabsR}, 
+		    [{tabs, TabsR},
 		     {reason, Reason},
 		     {loaders, RemoteLoaders}]),
 
@@ -822,14 +819,14 @@ late_disc_load(TabsR, Reason, RemoteLoaders, From,
 
     %% Remove deleted tabs and queued/loaded
     LocalTabs = gb_sets:from_ordset(lists:sort(mnesia_lib:val({schema,local_tables}))),
-    Filter = fun(TabInfo0, Acc) -> 
-		     TabInfo = {Tab,_} = 
-			 case TabInfo0 of 
+    Filter = fun(TabInfo0, Acc) ->
+		     TabInfo = {Tab,_} =
+			 case TabInfo0 of
 			     {_,_} -> TabInfo0;
 			     TabN -> {TabN,Reason}
 			 end,
 		     case gb_sets:is_member(Tab, LocalTabs) of
-			 true -> 
+			 true ->
 			     case ?catch_val({Tab, where_to_read}) == node() of
 				 true -> Acc;
 				 false ->
@@ -841,12 +838,12 @@ late_disc_load(TabsR, Reason, RemoteLoaders, From,
 			 false -> Acc
 		     end
 	     end,
-    
+
     Tabs = lists:foldl(Filter, [], TabsR),
-    
+
     Nodes = val({current, db_nodes}),
     LateQueue = late_loaders(Tabs, RemoteLoaders, Nodes, LLQ),
-    State#state{late_loader_queue = LateQueue}. 
+    State#state{late_loader_queue = LateQueue}.
 
 late_loaders([{Tab, Reason} | Tabs], RemoteLoaders, Nodes, LLQ) ->
     case gb_trees:is_defined(Tab, LLQ) of
@@ -859,7 +856,7 @@ late_loaders([{Tab, Reason} | Tabs], RemoteLoaders, Nodes, LLQ) ->
 	    LateLoad = #late_load{table=Tab,loaders=LoadNodes,reason=Reason},
 	    late_loaders(Tabs, RemoteLoaders, Nodes, gb_trees:insert(Tab,LateLoad,LLQ));
 	true ->
-	    late_loaders(Tabs, RemoteLoaders, Nodes, LLQ)	     
+	    late_loaders(Tabs, RemoteLoaders, Nodes, LLQ)
     end;
 late_loaders([], _RemoteLoaders, _Nodes, LLQ) ->
     LLQ.
@@ -899,7 +896,7 @@ late_load_filter([RL | RemoteLoaders], Tab, Nodes, Acc) ->
     end;
 late_load_filter([], _Tab, _Nodes, Acc) ->
     Acc.
-    
+
 %%----------------------------------------------------------------------
 %% Func: handle_cast/2
 %% Returns: {noreply, State}          |
@@ -911,7 +908,7 @@ handle_cast({release_schema_commit_lock, _Owner}, State) ->
     if
 	State#state.is_stopping == true ->
 	    {stop, shutdown, State};
-	true -> 
+	true ->
 	    case State#state.dumper_queue of
 		[#schema_commit_lock{}|Rest] ->
 		    [_Worker | Rest] = State#state.dumper_queue,
@@ -932,7 +929,7 @@ handle_cast(unblock_controller, State) ->
 	    [_Worker | Rest] = State#state.dumper_queue,
 	    State2 = State#state{dumper_pid = undefined,
 				 dumper_queue = Rest},
-	    State3 = opt_start_worker(State2),	    
+	    State3 = opt_start_worker(State2),
 	    noreply(State3)
     end;
 
@@ -948,31 +945,31 @@ handle_cast({mnesia_down, Node}, State) ->
 
     %% Fix if we are late_merging against the node that went down
     case State#state.schema_is_merged of
-	{false, Node} -> 
+	{false, Node} ->
 	    spawn(?MODULE, call, [{schema_is_merged, [], late_merge, []}]);
 	_ ->
 	    ignore
     end,
-    
+
     %% Fix internal stuff
     LateQ = remove_loaders(Alltabs, Node, State#state.late_loader_queue),
-    
+
     case get_senders(State) ++ get_loaders(State) of
 	[] -> ignore;
-	Senders -> 
+	Senders ->
 	    lists:foreach(fun({Pid,_}) -> Pid ! {copier_done, Node} end,
 			  Senders)
     end,
-    lists:foreach(fun(Pid) -> Pid ! {copier_done,Node} end, 
+    lists:foreach(fun(Pid) -> Pid ! {copier_done,Node} end,
 		  State#state.others),
-    
+
     Remove = fun(ST) ->
 		     node(ST#send_table.receiver_pid) /= Node
 	     end,
     NewSenders = lists:filter(Remove, State#state.sender_queue),
     Early = remove_early_messages(State#state.early_msgs, Node),
-    noreply(State#state{sender_queue = NewSenders, 
-			early_msgs = Early, 
+    noreply(State#state{sender_queue = NewSenders,
+			early_msgs = Early,
 			late_loader_queue = LateQ
 		       });
 
@@ -981,8 +978,8 @@ handle_cast({merging_schema, Node}, State) ->
 	false ->
 	    %% This comes from dynamic connect_nodes which are made
 	    %% after mnesia:start() and the schema_merge.
-	    ImANewKidInTheBlock = 
-		(val({schema, storage_type}) == ram_copies) 
+	    ImANewKidInTheBlock =
+		(val({schema, storage_type}) == ram_copies)
 		andalso (mnesia_lib:val({schema, local_tables}) == [schema]),
 	    case ImANewKidInTheBlock of
 		true ->  %% I'm newly started ram_node..
@@ -1000,7 +997,7 @@ handle_cast(Msg, State) when State#state.schema_is_merged /= true ->
     noreply(State#state{early_msgs = [{cast, Msg} | Msgs]});
 
 %% This must be done after schema_is_merged otherwise adopt_orphan
-%% might trigger a table load from wrong nodes as a result of that we don't 
+%% might trigger a table load from wrong nodes as a result of that we don't
 %% know which tables we can load safly first.
 handle_cast({im_running, Node, NewFriends}, State) ->
     LocalTabs = mnesia_lib:local_active_tables() -- [schema],
@@ -1027,7 +1024,7 @@ handle_cast({sync_tabs, Tabs, From}, State) ->
 
 handle_cast({i_have_tab, Tab, Node}, State) ->
     case lists:member(Node, val({current, db_nodes})) of
-	true -> 
+	true ->
 	    State2 = node_has_tabs([Tab], Node, State),
 	    noreply(State2);
 	false ->
@@ -1043,10 +1040,10 @@ handle_cast({force_load_updated, Tab}, State) ->
 	    State2 = node_has_tabs([Tab], SomeNode, State),
 	    noreply(State2)
     end;
-    
+
 handle_cast({master_nodes_updated, Tab, Masters}, State) ->
     Active = val({Tab, active_replicas}),
-    Valid = 
+    Valid =
 	case val({Tab, load_by_force}) of
 	    true ->
 		Active;
@@ -1066,10 +1063,10 @@ handle_cast({master_nodes_updated, Tab, Masters}, State) ->
 	    State2 = node_has_tabs([Tab], SomeNode, State),
 	    noreply(State2)
     end;
-    
+
 handle_cast({adopt_orphans, Node, Tabs}, State) ->
     State2 = node_has_tabs(Tabs, Node, State),
-    
+
     case ?catch_val({node_up,Node}) of
 	true -> ignore;
 	_ ->
@@ -1101,7 +1098,7 @@ handle_cast(Msg, State) ->
     error("~p got unexpected cast: ~p~n", [?SERVER_NAME, Msg]),
     noreply(State).
 
-handle_sync_tabs([Tab | Tabs], From) ->    
+handle_sync_tabs([Tab | Tabs], From) ->
     case val({Tab, where_to_read}) of
 	nowhere ->
 	    case get({sync_tab, Tab}) of
@@ -1145,7 +1142,7 @@ handle_info(#dumper_done{worker_pid=Pid, worker_res=Res}, State) ->
 	    {stop, fatal, State}
     end;
 
-handle_info(Done = #loader_done{worker_pid=WPid, table_name=Tab}, State0) ->    
+handle_info(Done = #loader_done{worker_pid=WPid, table_name=Tab}, State0) ->
     LateQueue0 = State0#state.late_loader_queue,
     State1 = State0#state{loader_pid = lists:keydelete(WPid,1,get_loaders(State0))},
 
@@ -1153,7 +1150,7 @@ handle_info(Done = #loader_done{worker_pid=WPid, table_name=Tab}, State0) ->
 	case Done#loader_done.is_loaded of
 	    true ->
 		%% Optional table announcement
-		if 
+		if
 		    Done#loader_done.needs_announce == true,
 		    Done#loader_done.needs_reply == true ->
 			i_have_tab(Tab),
@@ -1187,7 +1184,7 @@ handle_info(Done = #loader_done{worker_pid=WPid, table_name=Tab}, State0) ->
 		State1#state{late_loader_queue=gb_trees:delete_any(Tab, LateQueue0)};
 	    false ->
 		%% Either the node went down or table was not
-		%% loaded remotly yet 
+		%% loaded remotly yet
 		case Done#loader_done.needs_reply of
 		    true ->
 			reply(Done#loader_done.reply_to,
@@ -1210,7 +1207,7 @@ handle_info(#sender_done{worker_pid=Pid, worker_res=Res}, State)  ->
     Senders = get_senders(State),
     {value, {Pid,_Worker}} = lists:keysearch(Pid, 1, Senders),
     if
-	Res == ok ->	    
+	Res == ok ->
 	    State2 = State#state{sender_pid = lists:keydelete(Pid, 1, Senders)},
 	    State3 = opt_start_worker(State2),
 	    noreply(State3);
@@ -1252,7 +1249,7 @@ handle_info(Msg = {'EXIT', Pid, R}, State) when R /= wait_for_tables_timeout ->
 	    {stop, fatal, State};
 	false ->
 	    case lists:keymember(Pid, 1, get_loaders(State)) of
-		true -> 
+		true ->
 		    fatal("Loader crashed: ~p~n state: ~p~n", [R, State]),
 		    {stop, fatal, State};
 		false ->
@@ -1338,7 +1335,7 @@ code_change(_OldVsn, State0, _Extra) ->
     State1 = case State0#state.loader_pid of
 		 Pids when is_list(Pids) -> State0;
 		 undefined -> State0#state{loader_pid = [],loader_queue=gb_trees:empty()};
-		 Pid when is_pid(Pid) -> 
+		 Pid when is_pid(Pid) ->
 		     [Loader|Rest] = State0#state.loader_queue,
 		     LQ0 = [{element(2,Rec),Rec} || Rec <- Rest],
 		     LQ1 = lists:sort(LQ0),
@@ -1346,7 +1343,7 @@ code_change(_OldVsn, State0, _Extra) ->
 		     State0#state{loader_pid=[{Pid,Loader}], loader_queue=LQ}
 	     end,
     %% LateLoaderQueue
-    State = if is_list(State1#state.late_loader_queue) -> 
+    State = if is_list(State1#state.late_loader_queue) ->
 		    LLQ0 = State1#state.late_loader_queue,
 		    LLQ1 = lists:sort([{element(2,Rec),Rec} || Rec <- LLQ0]),
 		    LLQ  = gb_trees:from_orddict(LLQ1),
@@ -1355,7 +1352,7 @@ code_change(_OldVsn, State0, _Extra) ->
 		    State1
 	    end,
     {ok, State}.
- 
+
 %%%----------------------------------------------------------------------
 %%% Internal functions
 %%%----------------------------------------------------------------------
@@ -1365,20 +1362,20 @@ maybe_log_mnesia_down(N) ->
     %% so if we are not running (i.e haven't decided which tables
     %% to load locally), don't log mnesia_down yet.
     case mnesia_lib:is_running() of
-	yes -> 
+	yes ->
 	    verbose("Logging mnesia_down ~w~n", [N]),
 	    mnesia_recover:log_mnesia_down(N),
 	    ok;
-	_ ->	    	    
+	_ ->
 	    Filter = fun(Tab) ->
 			     inactive_copy_holders(Tab, N)
 		     end,
 	    HalfLoadedTabs = lists:any(Filter, val({schema, local_tables}) -- [schema]),
-	    if 
+	    if
 		HalfLoadedTabs == true ->
 		    verbose("Logging mnesia_down ~w~n", [N]),
 		    mnesia_recover:log_mnesia_down(N),
-		    ok;		
+		    ok;
 		true ->
 		    %% Unfortunately we have not loaded some common
 		    %% tables yet, so we cannot rely on the nodedown
@@ -1407,7 +1404,7 @@ orphan_tables([Tab | Tabs], Node, Ns, Local, Remote) ->
     BeingCreated = (?catch_val({Tab, create_table}) == true),
     Read = val({Tab, where_to_read}),
     case lists:member(Node, DiscCopyHolders) of
-	_ when BeingCreated == true -> 
+	_ when BeingCreated == true ->
 	    orphan_tables(Tabs, Node, Ns, Local, Remote);
 	_ when Read == node() -> %% Allready loaded
 	    orphan_tables(Tabs, Node, Ns, Local, Remote);
@@ -1445,13 +1442,13 @@ orphan_tables([], _, _, LocalOrphans, RemoteMasters) ->
     {LocalOrphans, RemoteMasters}.
 
 node_has_tabs([Tab | Tabs], Node, State) when Node /= node() ->
-    State2 = 
+    State2 =
 	case catch update_whereabouts(Tab, Node, State) of
 	    State1 = #state{} -> State1;
 	    {'EXIT', R} ->  %% Tab was just deleted?
 		case ?catch_val({Tab, cstruct}) of
 		    {'EXIT', _} -> State; % yes
-		    _ ->  erlang:error(R) 
+		    _ ->  erlang:error(R)
 		end
 	end,
     node_has_tabs(Tabs, Node, State2);
@@ -1477,14 +1474,14 @@ update_whereabouts(Tab, Node, State) ->
 	    true ->
 		lists:member(Node, Masters)
 	end,
-    
+
     dbg_out("Table ~w is loaded on ~w. s=~w, r=~w, lc=~w, f=~w, m=~w~n",
 	    [Tab, Node, Storage, Read, LocalC, ByForce, GoGetIt]),
     if
 	LocalC == true ->
 	    %% Local contents, don't care about other node
 	    State;
-	BeingCreated == true ->	    
+	BeingCreated == true ->
 	    %% The table is currently being created
 	    %% It will be handled elsewhere
 	    State;
@@ -1501,8 +1498,8 @@ update_whereabouts(Tab, Node, State) ->
 		    State
 	    end;
 	Storage == unknown ->
-	    %% No own copy, continue to read remotely	    
-	    add_active_replica(Tab, Node),	    
+	    %% No own copy, continue to read remotely
+	    add_active_replica(Tab, Node),
 	    NodeST = mnesia_lib:storage_type_at_node(Node, Tab),
 	    ReadST = mnesia_lib:storage_type_at_node(Read, Tab),
 	    if   %% Avoid reading from disc_only_copies
@@ -1542,16 +1539,16 @@ initial_safe_loads() ->
 	    Tabs = val({schema, local_tables}) -- [schema],
 	    LastC = fun(T) -> last_consistent_replica(T, Downs) end,
 	    lists:zf(LastC, Tabs);
-	
+
 	disc_copies ->
 	    Downs = mnesia_recover:get_mnesia_downs(),
 	    dbg_out("mnesia_downs = ~p~n", [Downs]),
-		
+
 	    Tabs = val({schema, local_tables}) -- [schema],
 	    LastC = fun(T) -> last_consistent_replica(T, Downs) end,
 	    lists:zf(LastC, Tabs)
     end.
-    
+
 last_consistent_replica(Tab, Downs) ->
     Cs = val({Tab, cstruct}),
     Storage = mnesia_lib:cs_to_storage_type(node(), Cs),
@@ -1628,7 +1625,7 @@ remove_early_messages([], _Node) ->
     [];
 remove_early_messages([{call, {add_active_replica, [_, Node, _, _], _}, _}|R], Node) ->
     remove_early_messages(R, Node); %% Does a reply before queuing
-remove_early_messages([{call, {block_table, _, From}, ReplyTo}|R], Node) 
+remove_early_messages([{call, {block_table, _, From}, ReplyTo}|R], Node)
   when node(From) == Node ->
     reply(ReplyTo, ok),  %% Remove gen:server waits..
     remove_early_messages(R, Node);
@@ -1682,9 +1679,9 @@ is_tab_blocked(W2C) when is_list(W2C) ->
 is_tab_blocked({blocked, W2C}) when is_list(W2C) ->
     {true, W2C}.
 
-mark_blocked_tab(true, Value) -> 
+mark_blocked_tab(true, Value) ->
     {blocked, Value};
-mark_blocked_tab(false, Value) -> 
+mark_blocked_tab(false, Value) ->
     Value.
 
 %%
@@ -1717,7 +1714,7 @@ del_active_replica(Tab, Node) ->
     update_where_to_wlock(Tab).
 
 change_table_access_mode(Cs) ->
-    W = fun() -> 
+    W = fun() ->
 		Tab = Cs#cstruct.name,
 		lists:foreach(fun(N) -> add_active_replica(Tab, N, Cs) end,
 			      val({Tab, active_replicas}))
@@ -1746,7 +1743,7 @@ update_where_to_wlock(Tab) ->
 unannounce_add_table_copy(Tab, To) ->
     catch del_active_replica(Tab, To),
     case catch val({Tab , where_to_read}) of
-	To -> 
+	To ->
 	    mnesia_lib:set_remote_where_to_read(Tab);
 	_ ->
 	    ignore
@@ -1759,7 +1756,7 @@ user_sync_tab(Tab) ->
 	_ ->
 	    ignore
     end,
-	
+
     case erase({sync_tab, Tab}) of
 	undefined ->
 	    ok;
@@ -1778,11 +1775,11 @@ i_have_tab(Tab) ->
 
 sync_and_block_table_whereabouts(Tab, ToNode, RemoteS, AccessMode) when Tab /= schema ->
     Current = val({current, db_nodes}),
-    Ns = 
+    Ns =
 	case lists:member(ToNode, Current) of
 	    true -> Current -- [ToNode];
 	    false -> Current
-	end,   
+	end,
     remote_call(ToNode, block_table, [Tab]),
     [remote_call(Node, add_active_replica, [Tab, ToNode, RemoteS, AccessMode]) ||
 	Node <- [ToNode | Ns]],
@@ -1827,7 +1824,7 @@ get_workers(Timeout) ->
 		    {timeout, Timeout}
 	    end
     end.
-    
+
 info() ->
     Tabs = mnesia_lib:local_active_tables(),
     io:format( "---> Active tables <--- ~n", []),
@@ -1836,12 +1833,12 @@ info() ->
 info([Tab | Tail]) ->
     case val({Tab, storage_type}) of
 	disc_only_copies ->
-	    info_format(Tab, 
-			dets:info(Tab, size), 
+	    info_format(Tab,
+			dets:info(Tab, size),
 			dets:info(Tab, file_size),
 			"bytes on disc");
 	_ ->
-	    info_format(Tab, 
+	    info_format(Tab,
 			?ets_info(Tab, size),
 			?ets_info(Tab, memory),
 			"words of mem")
@@ -1881,7 +1878,7 @@ handle_early_msg({cast, Msg}, State) ->
     handle_cast(Msg, State);
 handle_early_msg({info, Msg}, State) ->
     handle_info(Msg, State).
-    
+
 noreply(State) ->
     {noreply, State}.
 
@@ -1929,7 +1926,7 @@ add_worker(Worker = #send_table{}, State) ->
 add_worker(Worker = #disc_load{}, State) ->
     opt_start_worker(add_loader(Worker#disc_load.table,Worker,State));
 % Block controller should be used for upgrading mnesia.
-add_worker(Worker = #block_controller{}, State) -> 
+add_worker(Worker = #block_controller{}, State) ->
     Queue = State#state.dumper_queue,
     Queue2 = [Worker | Queue],
     State2 = State#state{dumper_queue = Queue2},
@@ -1938,13 +1935,13 @@ add_worker(Worker = #block_controller{}, State) ->
 add_loader(Tab,Worker,State = #state{loader_queue=LQ0}) ->
     case gb_trees:is_defined(Tab, LQ0) of
 	true -> State;
-	false -> 
+	false ->
 	    LQ=gb_trees:insert(Tab, Worker, LQ0),
 	    State#state{loader_queue=LQ}
     end.
 
 %% Optionally start a worker
-%% 
+%%
 %% Dumpers and loaders may run simultaneously
 %% but neither of them may run during schema commit.
 %% Loaders may not start if a schema commit is enqueued.
@@ -1958,7 +1955,7 @@ opt_start_worker(State) ->
 	    %% Great, a worker in queue and neither
 	    %% a schema transaction is being
 	    %% committed and nor a dumper is running
-		    
+
 	    %% Start worker but keep him in the queue
 	    if
 		is_record(Worker, schema_commit_lock) ->
@@ -1966,7 +1963,7 @@ opt_start_worker(State) ->
 		    reply(ReplyTo, granted),
 		    {Owner, _Tag} = ReplyTo,
 		    opt_start_loader(State#state{dumper_pid = Owner});
-		
+
 		is_record(Worker, dump_log) ->
 		    Pid = spawn_link(?MODULE, dump_and_reply, [self(), Worker]),
 		    State2 = State#state{dumper_pid = Pid},
@@ -1976,7 +1973,7 @@ opt_start_worker(State) ->
 		    %% or sender
 		    State3 = opt_start_sender(State2),
 		    opt_start_loader(State3);
-		
+
 		is_record(Worker, block_controller) ->
 		    case {get_senders(State), get_loaders(State)} of
 			{[], []} ->
@@ -1989,7 +1986,7 @@ opt_start_worker(State) ->
 		    end
 	    end;
 	_ ->
-	    %% Bad luck, try with a loader or sender instead 
+	    %% Bad luck, try with a loader or sender instead
 	    State2 = opt_start_sender(State),
 	    opt_start_loader(State2)
     end.
@@ -1997,8 +1994,8 @@ opt_start_worker(State) ->
 opt_start_sender(State) ->
     case State#state.sender_queue of
 	[]->   State; 	    %% No need
-	SenderQ -> 
-	    {NewS,Kept} = opt_start_sender2(SenderQ, get_senders(State), 
+	SenderQ ->
+	    {NewS,Kept} = opt_start_sender2(SenderQ, get_senders(State),
 					    [], get_loaders(State)),
 	    State#state{sender_pid = NewS, sender_queue = Kept}
     end.
@@ -2007,11 +2004,11 @@ opt_start_sender2([], Pids,Kept, _) -> {Pids,Kept};
 opt_start_sender2([Sender|R], Pids, Kept, LoaderQ) ->
     Tab = Sender#send_table.table,
     Active = val({Tab, active_replicas}),
-    IgotIt = lists:member(node(), Active),    
-    IsLoading = lists:any(fun({_Pid,Loader}) -> 
+    IgotIt = lists:member(node(), Active),
+    IsLoading = lists:any(fun({_Pid,Loader}) ->
 				  Tab == element(#net_load.table, Loader)
 			  end, LoaderQ),
-    if 
+    if
 	IgotIt, IsLoading  ->
 	    %% I'm currently finishing loading the table let him wait
 	    opt_start_sender2(R,Pids, [Sender|Kept], LoaderQ);
@@ -2029,11 +2026,11 @@ opt_start_loader(State = #state{loader_queue = LoaderQ}) ->
     Current = get_loaders(State),
     Max = max_loaders(),
     case gb_trees:is_empty(LoaderQ) of
-	true -> 
+	true ->
 	    State;
-	_ when length(Current) >= Max -> 
+	_ when length(Current) >= Max ->
 	    State;
-	false -> 
+	false ->
 	    SchemaQueue = State#state.dumper_queue,
 	    case lists:keymember(schema_commit_lock, 1, SchemaQueue) of
 		false ->
@@ -2064,7 +2061,7 @@ already_loading(#disc_load{table=Tab},Loaders) ->
 
 already_loading2(Tab, [{_,#net_load{table=Tab}}|_]) -> true;
 already_loading2(Tab, [{_,#disc_load{table=Tab}}|_]) -> true;
-already_loading2(Tab, [_|Rest]) -> already_loading2(Tab,Rest);     
+already_loading2(Tab, [_|Rest]) -> already_loading2(Tab,Rest);
 already_loading2(_,[]) -> false.
 
 start_remote_sender(Node, Tab, Receiver, Storage) ->
@@ -2093,8 +2090,8 @@ send_and_reply(ReplyTo, Worker) ->
 
 load_and_reply(ReplyTo, Worker) ->
     Load = load_table_fun(Worker),
-    SendAndReply = 
-	fun() -> 
+    SendAndReply =
+	fun() ->
 		process_flag(trap_exit, true),
 		Done = Load(),
 		ReplyTo ! Done#loader_done{worker_pid = self()},
@@ -2161,7 +2158,7 @@ load_table_fun(#disc_load{table=Tab, reason=Reason, opt_reply_to=ReplyTo}) ->
 	ReadNode == nowhere ->
 	    %% Already loaded on other node, lets get it
 	    Cs = val({Tab, cstruct}),
-	    fun() -> 
+	    fun() ->
 		    case mnesia_loader:net_load_table(Tab, Reason, Active, Cs) of
 			{loaded, ok} ->
 			    Done#loader_done{needs_sync = true};
@@ -2204,10 +2201,10 @@ filter_active(Tab) ->
     Active  = val({Tab, active_replicas}),
     Masters = mnesia_recover:get_master_nodes(Tab),
     Ns = do_filter_active(ByForce, Active, Masters),
-    %% Reorder the so that we load from fastest first 
+    %% Reorder the so that we load from fastest first
     LS = ?catch_val({Tab, storage_type}),
     DOC = val({Tab, disc_only_copies}),
-    {Good,Worse} = 
+    {Good,Worse} =
 	case LS of
 	    disc_only_copies ->
 		G = mnesia_lib:intersect(Ns, DOC),
@@ -2218,7 +2215,7 @@ filter_active(Tab) ->
 	end,
     %% Pick a random node of the fastest
     Len = length(Good),
-    if 
+    if
 	Len > 0 ->
 	    R = erlang:phash(node(), Len+1),
 	    random(R-1,Good,Worse);
@@ -2237,5 +2234,5 @@ do_filter_active(false, Active, []) ->
     Active;
 do_filter_active(false, Active, Masters) ->
     mnesia_lib:intersect(Active, Masters).
-    
+
 
diff --git a/lib/mnesia/src/mnesia_dumper.erl b/lib/mnesia/src/mnesia_dumper.erl
index f8d7664156..e2a0aa3bda 100644
--- a/lib/mnesia/src/mnesia_dumper.erl
+++ b/lib/mnesia/src/mnesia_dumper.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -43,7 +43,7 @@
 
  %% Internal stuff
 -export([regulator_init/1]).
-	
+
 -include("mnesia.hrl").
 -include_lib("kernel/include/file.hrl").
 
@@ -70,14 +70,14 @@ incr_log_writes() ->
 
 adjust_log_writes(DoCast) ->
     Token = {mnesia_adjust_log_writes, self()},
-    case global:set_lock(Token, [node()], 1) of 
+    case global:set_lock(Token, [node()], 1) of
 	false ->
 	    ignore; %% Somebody else is sending a dump request
-	true -> 
-	    case DoCast of 
+	true ->
+	    case DoCast of
 		false ->
 		    ignore;
-		true -> 
+		true ->
 		    mnesia_controller:async_dump_log(write_threshold)
 	    end,
 	    Max = mnesia_monitor:get_env(dump_log_write_threshold),
@@ -93,16 +93,16 @@ adjust_log_writes(DoCast) ->
 opt_dump_log(InitBy) ->
     Reg = case whereis(?REGULATOR_NAME) of
 	      undefined ->
-		  nopid; 
+		  nopid;
 	      Pid when is_pid(Pid) ->
-		  Pid 
+		  Pid
 	  end,
     perform_dump(InitBy, Reg).
 
 %% Scan for decisions
 perform_dump(InitBy, Regulator) when InitBy == scan_decisions ->
     ?eval_debug_fun({?MODULE, perform_dump}, [InitBy]),
-    
+
     dbg_out("Transaction log dump initiated by ~w~n", [InitBy]),
     scan_decisions(mnesia_log:previous_log_file(), InitBy, Regulator),
     scan_decisions(mnesia_log:latest_log_file(), InitBy, Regulator);
@@ -112,8 +112,8 @@ perform_dump(InitBy, Regulator) ->
     ?eval_debug_fun({?MODULE, perform_dump}, [InitBy]),
     LogState = mnesia_log:prepare_log_dump(InitBy),
     dbg_out("Transaction log dump initiated by ~w: ~w~n",
-	    [InitBy, LogState]), 
-    adjust_log_writes(false),    
+	    [InitBy, LogState]),
+    adjust_log_writes(false),
     case LogState of
 	already_dumped ->
 	    mnesia_recover:allow_garb(),
@@ -142,7 +142,7 @@ perform_dump(InitBy, Regulator) ->
 			    mnesia_lib:important(Desc, Reason),
 			    %% Ignore rest of the log
 			    mnesia_log:confirm_log_dump(Diff);
-			false -> 
+			false ->
 			    fatal(Desc, Reason)
 		    end
 	    end;
@@ -189,9 +189,9 @@ do_perform_dump(Cont, InPlace, InitBy, Regulator, OldVersion) ->
 insert_recs([Rec | Recs], InPlace, InitBy, Regulator, LogV) ->
     regulate(Regulator),
     case insert_rec(Rec, InPlace, InitBy, LogV) of
- 	LogH when is_record(LogH, log_header) ->	    
+	LogH when is_record(LogH, log_header) ->
 	    insert_recs(Recs, InPlace, InitBy, Regulator, LogH#log_header.log_version);
-	_ -> 
+	_ ->
 	    insert_recs(Recs, InPlace, InitBy, Regulator, LogV)
     end;
 
@@ -199,7 +199,7 @@ insert_recs([], _InPlace, _InitBy, _Regulator, Version) ->
     Version.
 
 insert_rec(Rec, _InPlace, scan_decisions, _LogV) ->
-    if 
+    if
 	is_record(Rec, commit) ->
 	    ignore;
 	is_record(Rec, log_header) ->
@@ -227,7 +227,7 @@ insert_rec(H, _InPlace, _InitBy, _LogV) when is_record(H, log_header) ->
         H#log_header.log_kind /= trans_log ->
 	    exit({"Bad kind of transaction log", H});
 	H#log_header.log_version == CurrentVersion ->
-	    ok; 
+	    ok;
 	H#log_header.log_version == "4.2" ->
 	    ok;
 	H#log_header.log_version == "4.1" ->
@@ -247,8 +247,8 @@ do_insert_rec(Tid, Rec, InPlace, InitBy, LogV) ->
 	[] ->
 	    ignore;
 	SchemaOps ->
-	    case val({schema, storage_type}) of 
-		ram_copies -> 
+	    case val({schema, storage_type}) of
+		ram_copies ->
 		    insert_ops(Tid, schema_ops, SchemaOps, InPlace, InitBy, LogV);
 	        Storage ->
 		    true = open_files(schema, Storage, InPlace, InitBy),
@@ -264,13 +264,13 @@ do_insert_rec(Tid, Rec, InPlace, InitBy, LogV) ->
 	_ ->
 	    ignore
     end.
-    
+
 
 update(_Tid, [], _DumperMode) ->
     dumped;
 update(Tid, SchemaOps, DumperMode) ->
     UseDir = mnesia_monitor:use_dir(),
-    Res = perform_update(Tid, SchemaOps, DumperMode, UseDir),    
+    Res = perform_update(Tid, SchemaOps, DumperMode, UseDir),
     mnesia_controller:release_schema_commit_lock(),
     Res.
 
@@ -279,23 +279,23 @@ perform_update(_Tid, _SchemaOps, mandatory, true) ->
     %% dumper perform needed updates
 
     InitBy = schema_update,
-    ?eval_debug_fun({?MODULE, dump_schema_op}, [InitBy]),    
+    ?eval_debug_fun({?MODULE, dump_schema_op}, [InitBy]),
     opt_dump_log(InitBy);
 perform_update(Tid, SchemaOps, _DumperMode, _UseDir) ->
     %% No need for a full transaction log dump.
     %% Ignore the log file and perform only perform
     %% the corresponding updates.
 
-    InitBy = fast_schema_update, 
+    InitBy = fast_schema_update,
     InPlace = mnesia_monitor:get_env(dump_log_update_in_place),
     ?eval_debug_fun({?MODULE, dump_schema_op}, [InitBy]),
-    case catch insert_ops(Tid, schema_ops, SchemaOps, InPlace, InitBy, 
+    case catch insert_ops(Tid, schema_ops, SchemaOps, InPlace, InitBy,
 			  mnesia_log:version()) of
 	{'EXIT', Reason} ->
 	    Error = {error, {"Schema update error", Reason}},
 	    close_files(InPlace, Error, InitBy),
             fatal("Schema update error ~p ~p", [Reason, SchemaOps]);
-	_ ->		    
+	_ ->
 	    ?eval_debug_fun({?MODULE, post_dump}, [InitBy]),
 	    close_files(InPlace, ok, InitBy),
 	    ok
@@ -318,7 +318,7 @@ insert_ops(Tid, Storage, [Op | Ops], InPlace, InitBy, Ver) when Ver < "4.3" ->
 disc_insert(_Tid, Storage, Tab, Key, Val, Op, InPlace, InitBy) ->
     case open_files(Tab, Storage, InPlace, InitBy) of
 	true ->
-	    case Storage of 
+	    case Storage of
 		disc_copies when Tab /= schema ->
 		    mnesia_log:append({?MODULE,Tab}, {{Tab, Key}, Val, Op}),
 		    ok;
@@ -331,7 +331,7 @@ disc_insert(_Tid, Storage, Tab, Key, Val, Op, InPlace, InitBy) ->
 
 %% To fix update_counter so that it behaves better.
 %% i.e. if nothing have changed in tab except update_counter
-%% trust that the value in the dets file is correct. 
+%% trust that the value in the dets file is correct.
 %% Otherwise we will get a double increment.
 %% This is perfect but update_counter is a dirty op.
 
@@ -353,12 +353,12 @@ dets_insert(Op,Tab,Key,Val) ->
 			_ when Incr < 0 ->
 			    Zero = {RecName, Key, 0},
 			    ok = dets:insert(Tab, Zero);
-			_ -> 
+			_ ->
 			    Init = {RecName, Key, Incr},
 			    ok = dets:insert(Tab, Init)
 		    end;
 		false ->  ok
-	    end;				    
+	    end;
 	delete_object ->
 	    dets_updated(Tab,Key),
 	    ok = dets:delete_object(Tab, Val);
@@ -366,17 +366,17 @@ dets_insert(Op,Tab,Key,Val) ->
 	    dets_cleared(Tab),
 	    ok = dets:delete_all_objects(Tab)
     end.
-	    
-dets_updated(Tab,Key) -> 
+
+dets_updated(Tab,Key) ->
     case get(mnesia_dumper_dets) of
-	undefined -> 
+	undefined ->
 	    Empty = gb_trees:empty(),
 	    Tree = gb_trees:insert(Tab, gb_sets:singleton(Key), Empty),
 	    put(mnesia_dumper_dets, Tree);
 	Tree ->
 	    case gb_trees:lookup(Tab,Tree) of
 		{value, cleared} -> ignore;
-		{value, Set} -> 
+		{value, Set} ->
 		    T = gb_trees:update(Tab, gb_sets:add(Key, Set), Tree),
 		    put(mnesia_dumper_dets, T);
 		none ->
@@ -398,14 +398,14 @@ dets_incr_counter(Tab,Key) ->
 
 dets_cleared(Tab) ->
     case get(mnesia_dumper_dets) of
-	undefined -> 
+	undefined ->
 	    Empty = gb_trees:empty(),
 	    Tree = gb_trees:insert(Tab, cleared, Empty),
 	    put(mnesia_dumper_dets, Tree);
 	Tree ->
 	    case gb_trees:lookup(Tab,Tree) of
 		{value, cleared} -> ignore;
-		_ -> 
+		_ ->
 		    T = gb_trees:enter(Tab, cleared, Tree),
 		    put(mnesia_dumper_dets, T)
 	    end
@@ -417,7 +417,7 @@ insert(Tid, Storage, Tab, Key, [Val | Tail], Op, InPlace, InitBy) ->
 
 insert(_Tid, _Storage, _Tab, _Key, [], _Op, _InPlace, _InitBy) ->
     ok;
-    
+
 insert(Tid, Storage, Tab, Key, Val, Op, InPlace, InitBy) ->
     Item = {{Tab, Key}, Val, Op},
     case InitBy of
@@ -447,18 +447,18 @@ insert(Tid, Storage, Tab, Key, Val, Op, InPlace, InitBy) ->
 disc_delete_table(Tab, Storage) ->
     case mnesia_monitor:use_dir() of
 	true ->
-	    if 		
-		Storage == disc_only_copies; Tab == schema ->  
+	    if
+		Storage == disc_only_copies; Tab == schema ->
 		    mnesia_monitor:unsafe_close_dets(Tab),
 		    Dat = mnesia_lib:tab2dat(Tab),
-		    file:delete(Dat);		
-		true -> 
+		    file:delete(Dat);
+		true ->
 		    DclFile = mnesia_lib:tab2dcl(Tab),
 		    case get({?MODULE,Tab}) of
 			{opened_dumper, dcl} ->
 			    del_opened_tab(Tab),
 			    mnesia_log:unsafe_close_log(Tab);
-			_ -> 
+			_ ->
 			    ok
 		    end,
 		    file:delete(DclFile),
@@ -490,7 +490,7 @@ insert_op(Tid, Storage, {{Tab, Key}, Val, Op}, InPlace, InitBy) ->
 insert_op(_Tid, schema_ops, _OP, _InPlace, Initby)
   when Initby /= startup,
        Initby /= fast_schema_update,
-       Initby /= schema_update -> 
+       Initby /= schema_update ->
     ignore;
 
 insert_op(Tid, _, {op, rec, Storage, Item}, InPlace, InitBy) ->
@@ -507,7 +507,7 @@ insert_op(Tid, _, {op, change_table_copy_type, N, FromS, ToS, TabDef}, InPlace,
 	_ ->
 	    ignore
     end,
-    if  
+    if
 	N == node() ->
 	    Dmp  = mnesia_lib:tab2dmp(Tab),
 	    Dat  = mnesia_lib:tab2dat(Tab),
@@ -531,8 +531,8 @@ insert_op(Tid, _, {op, change_table_copy_type, N, FromS, ToS, TabDef}, InPlace,
 		    true = open_files(Tab, disc_only_copies, InPlace, InitBy),
 		    %% ram_delete_table must be done before init_indecies,
 		    %% it uses info which is reset in init_indecies,
-		    %% it doesn't matter, because init_indecies don't use 
-		    %% the ram replica of the table when creating the disc 
+		    %% it doesn't matter, because init_indecies don't use
+		    %% the ram replica of the table when creating the disc
 		    %% index; Could be improved :)
 		    mnesia_schema:ram_delete_table(Tab, FromS),
 		    PosList = Cs#cstruct.index,
@@ -540,17 +540,17 @@ insert_op(Tid, _, {op, change_table_copy_type, N, FromS, ToS, TabDef}, InPlace,
 		{disc_only_copies, ram_copies} ->
 		    mnesia_monitor:unsafe_close_dets(Tab),
 		    disc_delete_indecies(Tab, Cs, disc_only_copies),
-		    case InitBy of 
-			startup -> 
+		    case InitBy of
+			startup ->
 			    ignore;
-			_ -> 
+			_ ->
 			    mnesia_controller:get_disc_copy(Tab)
 		    end,
 		    disc_delete_table(Tab, disc_only_copies);
 		{disc_copies, disc_only_copies} ->
 		    ok = ensure_rename(Dmp, Dat),
 		    true = open_files(Tab, disc_only_copies, InPlace, InitBy),
-		    mnesia_schema:ram_delete_table(Tab, FromS), 
+		    mnesia_schema:ram_delete_table(Tab, FromS),
 		    PosList = Cs#cstruct.index,
 		    mnesia_index:init_indecies(Tab, disc_only_copies, PosList),
 		    file:delete(Dcl),
@@ -558,8 +558,8 @@ insert_op(Tid, _, {op, change_table_copy_type, N, FromS, ToS, TabDef}, InPlace,
 		{disc_only_copies, disc_copies} ->
 		    mnesia_monitor:unsafe_close_dets(Tab),
 		    disc_delete_indecies(Tab, Cs, disc_only_copies),
-		    case InitBy of 
-			startup -> 
+		    case InitBy of
+			startup ->
 			    ignore;
 			_ ->
 			    mnesia_log:ets2dcd(Tab),
@@ -576,7 +576,7 @@ insert_op(Tid, _, {op, change_table_copy_type, N, FromS, ToS, TabDef}, InPlace,
 insert_op(Tid, _, {op, transform, _Fun, TabDef}, InPlace, InitBy) ->
     Cs = mnesia_schema:list2cs(TabDef),
     case mnesia_lib:cs_to_storage_type(node(), Cs) of
-	disc_copies -> 
+	disc_copies ->
 	    open_dcl(Cs#cstruct.name);
 	_ ->
 	    ignore
@@ -604,28 +604,34 @@ insert_op(Tid, _, {op, restore_recreate, TabDef}, InPlace, InitBy) ->
 		    mnesia_checkpoint:tm_del_copy(Tab, node())
 	    end
     end,
+    StorageProps = Cs#cstruct.storage_properties,
+    
     %% And create new ones..
     if
 	(InitBy == startup) or (Storage == unknown) ->
 	    ignore;
 	Storage == ram_copies ->
-	    Args = [{keypos, 2}, public, named_table, Type],
+	    EtsProps = proplists:get_value(ets, StorageProps, []),
+	    Args = [{keypos, 2}, public, named_table, Type | EtsProps],
 	    mnesia_monitor:mktab(Tab, Args);
 	Storage == disc_copies ->
-	    Args = [{keypos, 2}, public, named_table, Type],
+	    EtsProps = proplists:get_value(ets, StorageProps, []),
+	    Args = [{keypos, 2}, public, named_table, Type | EtsProps],
 	    mnesia_monitor:mktab(Tab, Args),
-	    File = mnesia_lib:tab2dcd(Tab),	    
-	    FArg = [{file, File}, {name, {mnesia,create}}, 
+	    File = mnesia_lib:tab2dcd(Tab),
+	    FArg = [{file, File}, {name, {mnesia,create}},
 		    {repair, false}, {mode, read_write}],
 	    {ok, Log} = mnesia_monitor:open_log(FArg),
 	    mnesia_monitor:unsafe_close_log(Log);
 	Storage == disc_only_copies ->
 	    File = mnesia_lib:tab2dat(Tab),
 	    file:delete(File),
+	    DetsProps = proplists:get_value(dets, StorageProps, []),
 	    Args = [{file, mnesia_lib:tab2dat(Tab)},
 		    {type, mnesia_lib:disk_type(Tab, Type)},
 		    {keypos, 2},
-		    {repair, mnesia_monitor:get_env(auto_repair)}],
+		    {repair, mnesia_monitor:get_env(auto_repair)} 
+		    | DetsProps ],
 	    mnesia_monitor:open_dets(Tab, Args)
     end,
     insert_op(Tid, ignore, {op, create_table, TabDef}, InPlace, InitBy);
@@ -635,6 +641,7 @@ insert_op(Tid, _, {op, create_table, TabDef}, InPlace, InitBy) ->
     insert_cstruct(Tid, Cs, false, InPlace, InitBy),
     Tab = Cs#cstruct.name,
     Storage = mnesia_lib:cs_to_storage_type(node(), Cs),
+    StorageProps = Cs#cstruct.storage_properties,
     case InitBy of
 	startup ->
 	    case Storage of
@@ -644,22 +651,25 @@ insert_op(Tid, _, {op, create_table, TabDef}, InPlace, InitBy) ->
 		    ignore;
 		disc_copies ->
 		    Dcd = mnesia_lib:tab2dcd(Tab),
-		    case mnesia_lib:exists(Dcd) of  
+		    case mnesia_lib:exists(Dcd) of
 			true -> ignore;
 			false ->
-			    mnesia_log:open_log(temp, 
+			    mnesia_log:open_log(temp,
 						mnesia_log:dcd_log_header(),
-						Dcd, 
-						false, 
+						Dcd,
+						false,
 						false,
 						read_write),
 			    mnesia_log:unsafe_close_log(temp)
 		    end;
 		_ ->
+		    DetsProps = proplists:get_value(dets, StorageProps, []),
+
 		    Args = [{file, mnesia_lib:tab2dat(Tab)},
 			    {type, mnesia_lib:disk_type(Tab, Cs#cstruct.type)},
 			    {keypos, 2},
-			    {repair, mnesia_monitor:get_env(auto_repair)}],
+			    {repair, mnesia_monitor:get_env(auto_repair)} 
+			    | DetsProps ],
 		    case mnesia_monitor:open_dets(Tab, Args) of
 			{ok, _} ->
 			    mnesia_monitor:unsafe_close_dets(Tab);
@@ -671,7 +681,7 @@ insert_op(Tid, _, {op, create_table, TabDef}, InPlace, InitBy) ->
 	    Copies = mnesia_lib:copy_holders(Cs),
 	    Active = mnesia_lib:intersect(Copies, val({current, db_nodes})),
 	    [mnesia_controller:add_active_replica(Tab, N, Cs) || N <- Active],
-
+	    
 	    case Storage of
 		unknown ->
 		    mnesia_lib:unset({Tab, create_table}),
@@ -695,8 +705,8 @@ insert_op(Tid, _, {op, create_table, TabDef}, InPlace, InitBy) ->
 			    %% Indecies are still created by loader
 			    disc_delete_indecies(Tab, Cs, Storage)
 			    %% disc_delete_table(Tab, Storage)
-		    end, 
-		    
+		    end,
+
 		    %% Update whereabouts and create table
 		    mnesia_controller:create_table(Tab),
 		    mnesia_lib:unset({Tab, create_table})
@@ -754,7 +764,7 @@ insert_op(Tid, _, {op, clear_table, TabDef}, InPlace, InitBy) ->
 	       true ->
 		    ignore
 	    end,
-	    %% Need to catch this, it crashes on ram_copies if 
+	    %% Need to catch this, it crashes on ram_copies if
 	    %% the op comes before table is loaded at startup.
 	    catch insert(Tid, Storage, Tab, '_', Oid, clear_table, InPlace, InitBy)
     end;
@@ -766,16 +776,16 @@ insert_op(Tid, _, {op, merge_schema, TabDef}, InPlace, InitBy) ->
 	    %% If we bootstrap an empty (diskless) mnesia from another node
 	    %% we might have changed the storage_type of schema.
 	    %% I think this is a good place to do it.
-	    Update = fun(NS = {Node,Storage}) -> 
+	    Update = fun(NS = {Node,Storage}) ->
 			     case mnesia_lib:cs_to_storage_type(Node, Cs) of
 				 Storage -> NS;
-				 disc_copies when Node == node() -> 
-				     Dir = mnesia_lib:dir(),    
+				 disc_copies when Node == node() ->
+				     Dir = mnesia_lib:dir(),
 				     ok = mnesia_schema:opt_create_dir(true, Dir),
 				     mnesia_schema:purge_dir(Dir, []),
 				     mnesia_log:purge_all_logs(),
 
-				     mnesia_lib:set(use_dir, true),	     
+				     mnesia_lib:set(use_dir, true),
 				     mnesia_log:init(),
 				     Ns = val({current, db_nodes}),
 				     F = fun(U) -> mnesia_recover:log_mnesia_up(U) end,
@@ -783,11 +793,11 @@ insert_op(Tid, _, {op, merge_schema, TabDef}, InPlace, InitBy) ->
 				     raw_named_dump_table(schema, dat),
 				     temp_set_master_nodes(),
 				     {Node,disc_copies};
-				 CSstorage -> 
+				 CSstorage ->
 				     {Node,CSstorage}
 			     end
 		     end,
-	    
+
 	    W2C0 = val({schema, where_to_commit}),
 	    W2C = case W2C0 of
 		      {blocked, List} ->
@@ -854,9 +864,9 @@ insert_op(Tid, _, {op, del_snmp, TabDef}, InPlace, InitBy) ->
 	InitBy /= startup,
 	Storage /= unknown ->
 	    case ?catch_val({Tab, {index, snmp}}) of
-		{'EXIT', _} -> 
+		{'EXIT', _} ->
 		    ignore;
-		Stab -> 
+		Stab ->
 		    mnesia_snmp_hook:delete_table(Tab, Stab),
 		    mnesia_lib:unset({Tab, {index, snmp}})
 	    end;
@@ -874,7 +884,7 @@ insert_op(Tid, _, {op, add_index, Pos, TabDef}, InPlace, InitBy) ->
 	    true = open_files(Tab, Storage, InPlace, InitBy),
 	    mnesia_index:init_indecies(Tab, Storage, [Pos]);
 	startup ->
-	    ignore; 
+	    ignore;
 	_  ->
 	    case val({Tab,where_to_read}) of
 		nowhere -> ignore;
@@ -890,7 +900,7 @@ insert_op(Tid, _, {op, del_index, Pos, TabDef}, InPlace, InitBy) ->
     case InitBy of
 	startup when Storage == disc_only_copies ->
 	    mnesia_index:del_index_table(Tab, Storage, Pos);
-	startup -> 
+	startup ->
 	    ignore;
 	_ ->
 	    mnesia_index:del_index_table(Tab, Storage, Pos)
@@ -939,16 +949,19 @@ open_files(Tab, Storage, UpdateInPlace, InitBy)
 		{'EXIT', _} ->
 		    false;
 		Type ->
-		    case Storage of 
+		    case Storage of
 			disc_copies when Tab /= schema ->
 			    Bool = open_disc_copies(Tab, InitBy),
 			    Bool;
 			_ ->
+			    Props = val({Tab, storage_properties}),
+			    DetsProps = proplists:get_value(dets, Props, []),
 			    Fname = prepare_open(Tab, UpdateInPlace),
 			    Args = [{file, Fname},
 				    {keypos, 2},
 				    {repair, mnesia_monitor:get_env(auto_repair)},
-				    {type, mnesia_lib:disk_type(Tab, Type)}],
+				    {type, mnesia_lib:disk_type(Tab, Type)} 
+				    | DetsProps],
 			    {ok, _} = mnesia_monitor:open_dets(Tab, Args),
 			    put({?MODULE, Tab}, {opened_dumper, dat}),
 			    true
@@ -964,7 +977,7 @@ open_files(_Tab, _Storage, _UpdateInPlace, _InitBy) ->
 
 open_disc_copies(Tab, InitBy) ->
     DclF = mnesia_lib:tab2dcl(Tab),
-    DumpEts = 
+    DumpEts =
 	case file:read_file_info(DclF) of
 	    {error, enoent} ->
 		false;
@@ -975,7 +988,7 @@ open_disc_copies(Tab, InitBy) ->
 			mnesia_lib:dbg_out("File ~p info_error ~p ~n",
 					   [DcdF, Reason]),
 			true;
-		    {ok, DcdInfo} -> 
+		    {ok, DcdInfo} ->
 			Mul = case ?catch_val(dc_dump_limit) of
 				  {'EXIT', _} -> ?DumpToEtsMultiplier;
 				  Val -> Val
@@ -983,12 +996,12 @@ open_disc_copies(Tab, InitBy) ->
 			DcdInfo#file_info.size =< (DclInfo#file_info.size * Mul)
 		end
 	end,
-    if 
-	DumpEts == false; InitBy == startup ->	    
-	    mnesia_log:open_log({?MODULE,Tab}, 
-				mnesia_log:dcl_log_header(), 
-				DclF, 
-				mnesia_lib:exists(DclF), 
+    if
+	DumpEts == false; InitBy == startup ->
+	    mnesia_log:open_log({?MODULE,Tab},
+				mnesia_log:dcl_log_header(),
+				DclF,
+				mnesia_lib:exists(DclF),
 				mnesia_monitor:get_env(auto_repair),
 				read_write),
 	    put({?MODULE, Tab}, {opened_dumper, dcl}),
@@ -997,9 +1010,9 @@ open_disc_copies(Tab, InitBy) ->
 	    mnesia_log:ets2dcd(Tab),
 	    put({?MODULE, Tab}, already_dumped),
 	    false
-    end. 
+    end.
 
-%% Always opens the dcl file for writing overriding already_dumped 
+%% Always opens the dcl file for writing overriding already_dumped
 %% mechanismen, used for schema transactions.
 open_dcl(Tab) ->
     case get({?MODULE, Tab}) of
@@ -1007,10 +1020,10 @@ open_dcl(Tab) ->
 	    true;
 	_ -> %% undefined or already_dumped
 	    DclF = mnesia_lib:tab2dcl(Tab),
-	    mnesia_log:open_log({?MODULE,Tab}, 
-				mnesia_log:dcl_log_header(), 
-				DclF, 
-				mnesia_lib:exists(DclF), 
+	    mnesia_log:open_log({?MODULE,Tab},
+				mnesia_log:dcl_log_header(),
+				DclF,
+				mnesia_lib:exists(DclF),
 				mnesia_monitor:get_env(auto_repair),
 				read_write),
 	    put({?MODULE, Tab}, {opened_dumper, dcl}),
@@ -1047,7 +1060,7 @@ close_files(InPlace, Outcome, InitBy, [{{?MODULE, Tab}, {opened_dumper, Type}} |
     case val({Tab, storage_type}) of
 	disc_only_copies when InitBy /= startup ->
 	    ignore;
-	disc_copies when Tab /= schema -> 
+	disc_copies when Tab /= schema ->
 	    mnesia_log:close_log({?MODULE,Tab});
 	Storage ->
 	    do_close(InPlace, Outcome, Tab, Type, Storage)
@@ -1082,7 +1095,7 @@ do_close(InPlace, Outcome, Tab, dat, Storage) ->
 	true ->
 	    file:delete(mnesia_lib:tab2tmp(Tab))
     end.
-    
+
 
 ensure_rename(From, To) ->
     case mnesia_lib:exists(From) of
@@ -1096,7 +1109,7 @@ ensure_rename(From, To) ->
 		    {error, {rename_failed, From, To}}
 	    end
     end.
-    
+
 insert_cstruct(Tid, Cs, KeepWhereabouts, InPlace, InitBy) ->
     Val = mnesia_schema:insert_cstruct(Tid, Cs, KeepWhereabouts),
     {schema, Tab, _} = Val,
@@ -1114,15 +1127,15 @@ delete_cstruct(Tid, Cs, InPlace, InitBy) ->
 
 temp_set_master_nodes() ->
     Tabs = val({schema, local_tables}),
-    Masters = [{Tab, (val({Tab, disc_copies}) ++ 
-		      val({Tab, ram_copies}) ++ 
-		      val({Tab, disc_only_copies})) -- [node()]} 
+    Masters = [{Tab, (val({Tab, disc_copies}) ++
+		      val({Tab, ram_copies}) ++
+		      val({Tab, disc_only_copies})) -- [node()]}
 	       || Tab <- Tabs],
     %% UseDir = false since we don't want to remember these
     %% masternodes and we are running (really soon anyway) since we want this
     %% to be known during table loading.
     mnesia_recover:log_master_nodes(Masters, false, yes),
-    ok.    
+    ok.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Raw dump of table. Dumper must have unique access to the ets table.
@@ -1152,7 +1165,7 @@ raw_named_dump_table(Tab, Ftype) ->
 		{ok, TabRef} ->
 		    Storage = ram_copies,
 		    mnesia_lib:db_fixtable(Storage, Tab, true),
-		    
+
 		    case catch raw_dump_table(TabRef, Tab) of
 			{'EXIT', Reason} ->
 			    mnesia_lib:db_fixtable(Storage, Tab, false),
@@ -1179,11 +1192,11 @@ raw_dump_table(DetsRef, EtsRef) ->
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Load regulator
-%% 
-%% This is a poor mans substitute for a fair scheduler algorithm 
-%% in the Erlang emulator. The mnesia_dumper process performs many 
-%% costly BIF invokations and must pay for this. But since the 
-%% Emulator does not handle this properly we must compensate for 
+%%
+%% This is a poor mans substitute for a fair scheduler algorithm
+%% in the Erlang emulator. The mnesia_dumper process performs many
+%% costly BIF invokations and must pay for this. But since the
+%% Emulator does not handle this properly we must compensate for
 %% this with some form of load regulation of ourselves in order to
 %% not steal all computation power in the Erlang Emulator ans make
 %% other processes starve. Hopefully this is a temporary solution.
@@ -1230,6 +1243,6 @@ regulate(RegulatorPid) ->
 
 val(Var) ->
     case ?catch_val(Var) of
-	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason); 
-	Value -> Value 
+	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason);
+	Value -> Value
     end.
diff --git a/lib/mnesia/src/mnesia_event.erl b/lib/mnesia/src/mnesia_event.erl
index 5a060a28ff..8085155fd5 100644
--- a/lib/mnesia/src/mnesia_event.erl
+++ b/lib/mnesia/src/mnesia_event.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/mnesia/src/mnesia_frag_hash.erl b/lib/mnesia/src/mnesia_frag_hash.erl
index d70579c3b3..3dfdb87f30 100644
--- a/lib/mnesia/src/mnesia_frag_hash.erl
+++ b/lib/mnesia/src/mnesia_frag_hash.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/mnesia/src/mnesia_loader.erl b/lib/mnesia/src/mnesia_loader.erl
index c4b22814a8..e443b54016 100644
--- a/lib/mnesia/src/mnesia_loader.erl
+++ b/lib/mnesia/src/mnesia_loader.erl
@@ -61,9 +61,11 @@ do_get_disc_copy2(Tab, _Reason, Storage, _Type) when Storage == unknown ->
 do_get_disc_copy2(Tab, Reason, Storage, Type) when Storage == disc_copies ->
     %% NOW we create the actual table
     Repair = mnesia_monitor:get_env(auto_repair),
-    Args = [{keypos, 2}, public, named_table, Type],
+    StorageProps = val({Tab, storage_properties}),
+    EtsOpts = proplists:get_value(ets, StorageProps, []),
+    Args = [{keypos, 2}, public, named_table, Type | EtsOpts],
     case Reason of
-	{dumper, _} -> %% Resources allready allocated
+	{dumper, _} -> %% Resources already allocated
 	    ignore;
 	_ ->
 	    mnesia_monitor:mktab(Tab, Args),
@@ -82,7 +84,9 @@ do_get_disc_copy2(Tab, Reason, Storage, Type) when Storage == disc_copies ->
     {loaded, ok};
 
 do_get_disc_copy2(Tab, Reason, Storage, Type) when Storage == ram_copies ->
-    Args = [{keypos, 2}, public, named_table, Type],
+    StorageProps = val({Tab, storage_properties}),
+    EtsOpts = proplists:get_value(ets, StorageProps, []),
+    Args = [{keypos, 2}, public, named_table, Type | EtsOpts],
     case Reason of
 	{dumper, _} -> %% Resources allready allocated
 	    ignore;
@@ -115,10 +119,14 @@ do_get_disc_copy2(Tab, Reason, Storage, Type) when Storage == ram_copies ->
     {loaded, ok};
 
 do_get_disc_copy2(Tab, Reason, Storage, Type) when Storage == disc_only_copies ->
+    StorageProps = val({Tab, storage_properties}),
+    DetsOpts = proplists:get_value(dets, StorageProps, []),
+
     Args = [{file, mnesia_lib:tab2dat(Tab)},
 	    {type, mnesia_lib:disk_type(Tab, Type)},
 	    {keypos, 2},
-	    {repair, mnesia_monitor:get_env(auto_repair)}],
+	    {repair, mnesia_monitor:get_env(auto_repair)} 
+	    | DetsOpts],
     case Reason of
 	{dumper, _} ->
 	    mnesia_index:init_index(Tab, Storage),
@@ -349,17 +357,21 @@ do_init_table(Tab,Storage,Cs,SenderPid,
     end.
 
 create_table(Tab, TabSize, Storage, Cs) ->
+    StorageProps = val({Tab, storage_properties}),
     if
 	Storage == disc_only_copies ->
 	    mnesia_lib:lock_table(Tab),
 	    Tmp = mnesia_lib:tab2tmp(Tab),
 	    Size = lists:max([TabSize, 256]),
+	    DetsOpts = lists:keydelete(estimated_no_objects, 1,
+				       proplists:get_value(dets, StorageProps, [])),
 	    Args = [{file, Tmp},
 		    {keypos, 2},
 %%		    {ram_file, true},
 		    {estimated_no_objects, Size},
 		    {repair, mnesia_monitor:get_env(auto_repair)},
-		    {type, mnesia_lib:disk_type(Tab, Cs#cstruct.type)}],
+		    {type, mnesia_lib:disk_type(Tab, Cs#cstruct.type)}
+		    | DetsOpts],
 	    file:delete(Tmp),
 	    case mnesia_lib:dets_sync_open(Tab, Args) of
 		{ok, _} ->
@@ -370,7 +382,8 @@ create_table(Tab, TabSize, Storage, Cs) ->
 		    Else
 	    end;
 	(Storage == ram_copies) or (Storage == disc_copies) ->
-	    Args = [{keypos, 2}, public, named_table, Cs#cstruct.type],
+	    EtsOpts = proplists:get_value(ets, StorageProps, []),
+	    Args = [{keypos, 2}, public, named_table, Cs#cstruct.type | EtsOpts],
 	    case mnesia_monitor:unsafe_mktab(Tab, Args) of
 		Tab ->
 		    {Storage, Tab};
@@ -516,10 +529,13 @@ handle_last({disc_only_copies, Tab}, Type, nobin) ->
     Dat = mnesia_lib:tab2dat(Tab),
     case file:rename(Tmp, Dat) of
 	ok ->
+	    StorageProps = val({Tab, storage_properties}),
+	    DetsOpts = proplists:get_value(dets, StorageProps, []),
+
 	    Args = [{file, mnesia_lib:tab2dat(Tab)},
 		    {type, mnesia_lib:disk_type(Tab, Type)},
 		    {keypos, 2},
-		    {repair, mnesia_monitor:get_env(auto_repair)}],
+		    {repair, mnesia_monitor:get_env(auto_repair)} | DetsOpts],
 	    mnesia_monitor:open_dets(Tab, Args),
 	    ok;
 	{error, Reason} ->
diff --git a/lib/mnesia/src/mnesia_locker.erl b/lib/mnesia/src/mnesia_locker.erl
index 0492d794f3..a22c95d454 100644
--- a/lib/mnesia/src/mnesia_locker.erl
+++ b/lib/mnesia/src/mnesia_locker.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -66,14 +66,14 @@
 
 -record(queue, {oid, tid, op, pid, lucky}).
 
-%% mnesia_held_locks: contain       {Oid, Op, Tid} entries  (bag)
+%% mnesia_held_locks: contain       {Oid, MaxLock, [{Op, Tid}]} entries
 -define(match_oid_held_locks(Oid),  {Oid, '_', '_'}).
-%% mnesia_tid_locks: contain        {Tid, Oid, Op} entries  (bag) 
+%% mnesia_tid_locks: contain        {Tid, Oid, Op} entries  (bag)
 -define(match_oid_tid_locks(Tid),   {Tid, '_', '_'}).
 %% mnesia_sticky_locks: contain     {Oid, Node} entries and {Tab, Node} entries (set)
 -define(match_oid_sticky_locks(Oid),{Oid, '_'}).
 %% mnesia_lock_queue: contain       {queue, Oid, Tid, Op, ReplyTo, WaitForTid} entries (bag)
--define(match_oid_lock_queue(Oid),  #queue{oid=Oid, tid='_', op = '_', pid = '_', lucky = '_'}). 
+-define(match_oid_lock_queue(Oid),  #queue{oid=Oid, tid='_', op = '_', pid = '_', lucky = '_'}).
 %% mnesia_lock_counter:             {{write, Tab}, Number} &&
 %%                                  {{read, Tab}, Number} entries  (set)
 
@@ -83,11 +83,11 @@ start() ->
 init(Parent) ->
     register(?MODULE, self()),
     process_flag(trap_exit, true),
-    ?ets_new_table(mnesia_held_locks, [bag, private, named_table]), 
+    ?ets_new_table(mnesia_held_locks, [ordered_set, private, named_table]),
     ?ets_new_table(mnesia_tid_locks, [bag, private, named_table]),
     ?ets_new_table(mnesia_sticky_locks, [set, private, named_table]),
     ?ets_new_table(mnesia_lock_queue, [bag, private, named_table, {keypos, 2}]),
-    
+
     proc_lib:init_ack(Parent, {ok, self()}),
     case ?catch_val(pid_sort_order) of
 	r9b_plain -> put(pid_sort_order, r9b_plain);
@@ -98,8 +98,8 @@ init(Parent) ->
 
 val(Var) ->
     case ?catch_val(Var) of
-	{'EXIT', _ReASoN_} -> mnesia_lib:other_val(Var, _ReASoN_); 
-	_VaLuE_ -> _VaLuE_ 
+	{'EXIT', _ReASoN_} -> mnesia_lib:other_val(Var, _ReASoN_);
+	_VaLuE_ -> _VaLuE_
     end.
 
 reply(From, R) ->
@@ -111,10 +111,10 @@ l_request(Node, X, Store) ->
 
 l_req_rec(Node, Store) ->
     ?ets_insert(Store, {nodes, Node}),
-    receive 
-	{?MODULE, Node, Reply} -> 
+    receive
+	{?MODULE, Node, Reply} ->
 	    Reply;
-	{mnesia_down, Node} -> 
+	{mnesia_down, Node} ->
 	    {not_granted, {node_not_running, Node}}
     end.
 
@@ -128,10 +128,10 @@ send_release_tid(Nodes, Tid) ->
     rpc:abcast(Nodes, ?MODULE, {self(), {sync_release_tid, Tid}}).
 
 receive_release_tid_acc([Node | Nodes], Tid) ->
-    receive 
-	{?MODULE, Node, {tid_released, Tid}} -> 
+    receive
+	{?MODULE, Node, {tid_released, Tid}} ->
 	    receive_release_tid_acc(Nodes, Tid);
-	{mnesia_down, Node} -> 
+	{mnesia_down, Node} ->
 	    receive_release_tid_acc(Nodes, Tid)
     end;
 receive_release_tid_acc([], _Tid) ->
@@ -152,27 +152,27 @@ loop(State) ->
 
 	%% Really do a  read, but get hold of a write lock
 	%% used by mnesia:wread(Oid).
-	
+
 	{From, {read_write, Tid, Oid}} ->
 	    try_sticky_lock(Tid, read_write, From, Oid),
 	    loop(State);
-	
+
 	%% Tid has somehow terminated, clear up everything
 	%% and pass locks on to queued processes.
 	%% This is the purpose of the mnesia_tid_locks table
-	
+
 	{release_tid, Tid} ->
 	    do_release_tid(Tid),
 	    loop(State);
-	
+
 	%% stick lock, first tries this to the where_to_read Node
 	{From, {test_set_sticky, Tid, {Tab, _} = Oid, Lock}} ->
 	    case ?ets_lookup(mnesia_sticky_locks, Tab) of
-		[] -> 
+		[] ->
 		    reply(From, not_stuck),
 		    loop(State);
 		[{_,Node}] when Node == node() ->
-		    %% Lock is stuck here, see now if we can just set 
+		    %% Lock is stuck here, see now if we can just set
 		    %% a regular write lock
 		    try_lock(Tid, Lock, From, Oid),
 		    loop(State);
@@ -188,7 +188,7 @@ loop(State) ->
 	    ?ets_insert(mnesia_sticky_locks, {Tab, N}),
 	    loop(State);
 
-	%% The caller which sends this message, must have first 
+	%% The caller which sends this message, must have first
 	%% aquired a write lock on the entire table
 	{unstick, Tab} ->
 	    ?ets_delete(mnesia_sticky_locks, Tab),
@@ -205,14 +205,14 @@ loop(State) ->
 		[{_,N}] ->
 		    Req = {From, {ix_read, Tid, Tab, IxKey, Pos}},
 		    From ! {?MODULE, node(), {switch, N, Req}},
-		    loop(State)	   
+		    loop(State)
 	    end;
 
 	{From, {sync_release_tid, Tid}} ->
 	    do_release_tid(Tid),
 	    reply(From, {tid_released, Tid}),
 	    loop(State);
-	
+
 	{release_remote_non_pending, Node, Pending} ->
 	    release_remote_non_pending(Node, Pending),
 	    mnesia_monitor:mnesia_down(?MODULE, Node),
@@ -229,16 +229,23 @@ loop(State) ->
 	{get_table, From, LockTable} ->
 	    From ! {LockTable, ?ets_match_object(LockTable, '_')},
 	    loop(State);
-	
+
 	Msg ->
 	    error("~p got unexpected message: ~p~n", [?MODULE, Msg]),
 	    loop(State)
     end.
 
-set_lock(Tid, Oid, Op) ->
-    ?dbg("Granted ~p ~p ~p~n", [Tid,Oid,Op]),
-    ?ets_insert(mnesia_held_locks, {Oid, Op, Tid}),
-    ?ets_insert(mnesia_tid_locks, {Tid, Oid, Op}).
+set_lock(Tid, Oid, Op, []) ->
+    ?ets_insert(mnesia_tid_locks, {Tid, Oid, Op}),
+    ?ets_insert(mnesia_held_locks, {Oid, Op, [{Op, Tid}]});
+set_lock(Tid, Oid, read, [{Oid, Prev, Items}]) ->
+    ?ets_insert(mnesia_tid_locks, {Tid, Oid, read}),
+    ?ets_insert(mnesia_held_locks, {Oid, Prev, [{read, Tid}|Items]});
+set_lock(Tid, Oid, write, [{Oid, _Prev, Items}]) ->
+    ?ets_insert(mnesia_tid_locks, {Tid, Oid, write}),
+    ?ets_insert(mnesia_held_locks, {Oid, write, [{write, Tid}|Items]});
+set_lock(Tid, Oid, Op, undefined) ->
+    set_lock(Tid, Oid, Op, ?ets_lookup(mnesia_held_locks, Oid)).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Acquire locks
@@ -261,32 +268,32 @@ try_lock(Tid, Op, Pid, Oid) ->
 
 try_lock(Tid, Op, SimpleOp, Lock, Pid, Oid) ->
     case can_lock(Tid, Lock, Oid, {no, bad_luck}) of
-	yes ->
-	    Reply = grant_lock(Tid, SimpleOp, Lock, Oid),
+	{yes, Default} ->
+	    Reply = grant_lock(Tid, SimpleOp, Lock, Oid, Default),
 	    reply(Pid, Reply);
-	{no, Lucky} ->
+	{{no, Lucky},_} ->
 	    C = #cyclic{op = SimpleOp, lock = Lock, oid = Oid, lucky = Lucky},
 	    ?dbg("Rejected ~p ~p ~p ~p ~n", [Tid, Oid, Lock, Lucky]),
 	    reply(Pid, {not_granted, C});
-	{queue, Lucky} ->
+	{{queue, Lucky},_} ->
 	    ?dbg("Queued ~p ~p ~p ~p ~n", [Tid, Oid, Lock, Lucky]),
 	    %% Append to queue: Nice place for trace output
-	    ?ets_insert(mnesia_lock_queue, 
-			#queue{oid = Oid, tid = Tid, op = Op, 
+	    ?ets_insert(mnesia_lock_queue,
+			#queue{oid = Oid, tid = Tid, op = Op,
 			       pid = Pid, lucky = Lucky}),
 	    ?ets_insert(mnesia_tid_locks, {Tid, Oid, {queued, Op}})
     end.
 
-grant_lock(Tid, read, Lock, Oid = {Tab, Key})
+grant_lock(Tid, read, Lock, Oid = {Tab, Key}, Default)
   when Key /= ?ALL, Tab /= ?GLOBAL ->
     case node(Tid#tid.pid) == node() of
 	true ->
-	    set_lock(Tid, Oid, Lock),
+	    set_lock(Tid, Oid, Lock, Default),
 	    {granted, lookup_in_client};
 	false ->
 	    try
 		Val = mnesia_lib:db_get(Tab, Key), %% lookup as well
-		set_lock(Tid, Oid, Lock),
+		set_lock(Tid, Oid, Lock, Default),
 		{granted, Val}
 	    catch _:_Reason ->
 		    %% Table has been deleted from this node,
@@ -296,87 +303,71 @@ grant_lock(Tid, read, Lock, Oid = {Tab, Key})
 		    {not_granted, C}
 	    end
     end;
-grant_lock(Tid, {ix_read,IxKey,Pos}, Lock, Oid = {Tab, _}) ->
+grant_lock(Tid, {ix_read,IxKey,Pos}, Lock, Oid = {Tab, _}, Default) ->
     try
 	Res = ix_read_res(Tab, IxKey,Pos),
-	set_lock(Tid, Oid, Lock),
+	set_lock(Tid, Oid, Lock, Default),
 	{granted, Res, [?ALL]}
     catch _:_ ->
 	    {not_granted, {no_exists, Tab, {index, [Pos]}}}
     end;
-grant_lock(Tid, read, Lock, Oid) ->
-    set_lock(Tid, Oid, Lock),
+grant_lock(Tid, read, Lock, Oid, Default) ->
+    set_lock(Tid, Oid, Lock, Default),
     {granted, ok};
-grant_lock(Tid, write, Lock, Oid) ->
-    set_lock(Tid, Oid, Lock),
+grant_lock(Tid, write, Lock, Oid, Default) ->
+    set_lock(Tid, Oid, Lock, Default),
     granted.
 
 %% 1) Impose an ordering on all transactions favour old (low tid) transactions
 %%    newer (higher tid) transactions may never wait on older ones,
 %% 2) When releasing the tids from the queue always begin with youngest (high tid)
 %%    because of 1) it will avoid the deadlocks.
-%% 3) TabLocks is the problem :-) They should not starve and not deadlock 
+%% 3) TabLocks is the problem :-) They should not starve and not deadlock
 %%    handle tablocks in queue as they had locks on unlocked records.
 
-can_lock(Tid, read, {Tab, Key}, AlreadyQ) when Key /= ?ALL ->
-    %% The key is bound, no need for the other BIF
-    Oid = {Tab, Key}, 
-    ObjLocks = ?ets_match_object(mnesia_held_locks, {Oid, write, '_'}),
-    TabLocks = ?ets_match_object(mnesia_held_locks, {{Tab, ?ALL}, write, '_'}),
-    check_lock(Tid, Oid, ObjLocks, TabLocks, yes, AlreadyQ, read);
+can_lock(Tid, read, Oid = {Tab, Key}, AlreadyQ) when Key /= ?ALL ->
+    ObjLocks = ?ets_lookup(mnesia_held_locks, Oid),
+    TabLocks = ?ets_lookup(mnesia_held_locks, {Tab, ?ALL}),
+    {check_lock(Tid, Oid,
+		filter_write(ObjLocks),
+		filter_write(TabLocks),
+		yes, AlreadyQ, read),
+     ObjLocks};
 
 can_lock(Tid, read, Oid, AlreadyQ) -> % Whole tab
     Tab = element(1, Oid),
     ObjLocks = ?ets_match_object(mnesia_held_locks, {{Tab, '_'}, write, '_'}),
-    check_lock(Tid, Oid, ObjLocks, [], yes, AlreadyQ, read);
+    {check_lock(Tid, Oid, ObjLocks, [], yes, AlreadyQ, read), undefined};
 
-can_lock(Tid, write, {Tab, Key}, AlreadyQ) when Key /= ?ALL -> 
-    Oid = {Tab, Key},
+can_lock(Tid, write, Oid = {Tab, Key}, AlreadyQ) when Key /= ?ALL ->
     ObjLocks = ?ets_lookup(mnesia_held_locks, Oid),
     TabLocks = ?ets_lookup(mnesia_held_locks, {Tab, ?ALL}),
-    check_lock(Tid, Oid, ObjLocks, TabLocks, yes, AlreadyQ, write);
+    {check_lock(Tid, Oid, ObjLocks, TabLocks, yes, AlreadyQ, write), ObjLocks};
 
 can_lock(Tid, write, Oid, AlreadyQ) -> % Whole tab
     Tab = element(1, Oid),
     ObjLocks = ?ets_match_object(mnesia_held_locks, ?match_oid_held_locks({Tab, '_'})),
-    check_lock(Tid, Oid, ObjLocks, [], yes, AlreadyQ, write).
+    {check_lock(Tid, Oid, ObjLocks, [], yes, AlreadyQ, write), undefined}.
+
+filter_write([{_, read, _}]) -> [];
+filter_write(Res) -> Res.
 
 %% Check held locks for conflicting locks
-check_lock(Tid, Oid, [Lock | Locks], TabLocks, X, AlreadyQ, Type) ->
-    case element(3, Lock) of
-	Tid ->
-	    check_lock(Tid, Oid, Locks, TabLocks, X, AlreadyQ, Type);
-	WaitForTid ->
-	    Queue = allowed_to_be_queued(WaitForTid,Tid),
-	    if Queue == true -> 
-		    check_lock(Tid, Oid, Locks, TabLocks, {queue, WaitForTid}, AlreadyQ, Type);
-	       Tid#tid.pid == WaitForTid#tid.pid ->
-		    dbg_out("Spurious lock conflict ~w ~w: ~w -> ~w~n",
-			    [Oid, Lock, Tid, WaitForTid]),  
-		    %% Test..
-		    {Tab, _Key} = Oid,
-		    HaveQ = (ets:lookup(mnesia_lock_queue, Oid) /= []) 
-			orelse (ets:lookup(mnesia_lock_queue,{Tab,?ALL}) /= []),
-		    if 
-			HaveQ -> 
-			    {no, WaitForTid};
-			true -> 
-			    check_lock(Tid,Oid,Locks,TabLocks,{queue,WaitForTid},AlreadyQ,Type)
-		    end;
-		    %%{no, WaitForTid};  Safe solution 
-	       true ->
-		    {no, WaitForTid}
-	    end
+check_lock(Tid, Oid, [{_, _, Lock} | Locks], TabLocks, _X, AlreadyQ, Type) ->
+    case can_queue(Lock, Tid, Oid, _X) of
+	{no, _} = Res ->
+	    Res;
+	Res ->
+	    check_lock(Tid, Oid, Locks, TabLocks, Res, AlreadyQ, Type)
     end;
 
 check_lock(_, _, [], [], X, {queue, bad_luck}, _) ->
     X;  %% The queue should be correct already no need to check it again
 
 check_lock(_, _, [], [], X = {queue, _Tid}, _AlreadyQ, _) ->
-    X;  
+    X;
 
-check_lock(Tid, Oid, [], [], X, AlreadyQ, Type) ->
-    {Tab, Key} = Oid,
+check_lock(Tid, Oid = {Tab, Key}, [], [], X, AlreadyQ, Type) ->
     if
 	Type == write ->
 	    check_queue(Tid, Tab, X, AlreadyQ);
@@ -387,7 +378,7 @@ check_lock(Tid, Oid, [], [], X, AlreadyQ, Type) ->
 	    %% If there is a queue on that object, read_lock shouldn't be granted
 	    ObjLocks = ets:lookup(mnesia_lock_queue, Oid),
 	    case max(ObjLocks) of
-		empty -> 
+		empty ->
 		    check_queue(Tid, Tab, X, AlreadyQ);
 		ObjL ->
 		    case allowed_to_be_queued(ObjL,Tid) of
@@ -403,16 +394,36 @@ check_lock(Tid, Oid, [], [], X, AlreadyQ, Type) ->
 check_lock(Tid, Oid, [], TabLocks, X, AlreadyQ, Type) ->
     check_lock(Tid, Oid, TabLocks, [], X, AlreadyQ, Type).
 
+can_queue([{_Op, Tid}|Locks], Tid, Oid, Res) ->
+    can_queue(Locks, Tid, Oid, Res);
+can_queue([{Op, WaitForTid}|Locks], Tid, Oid = {Tab, _}, _) ->
+    case allowed_to_be_queued(WaitForTid,Tid) of
+	true when Tid#tid.pid == WaitForTid#tid.pid ->
+	    dbg_out("Spurious lock conflict ~w ~w: ~w -> ~w~n",
+		    [Oid, Op, Tid, WaitForTid]),
+	    HaveQ = (ets:lookup(mnesia_lock_queue, Oid) /= [])
+		orelse (ets:lookup(mnesia_lock_queue,{Tab,?ALL}) /= []),
+	    case HaveQ of
+		true -> {no, WaitForTid};
+		false ->  can_queue(Locks, Tid, Oid, {queue, WaitForTid})
+	    end;
+	true ->
+	    can_queue(Locks, Tid, Oid, {queue, WaitForTid});
+	false ->
+	    {no, WaitForTid}
+    end;
+can_queue([], _, _, Res) -> Res.
+
 %% True if  WaitForTid > Tid -> % Important order
 allowed_to_be_queued(WaitForTid, Tid) ->
     case get(pid_sort_order) of
 	undefined -> WaitForTid > Tid;
-	r9b_plain -> 
+	r9b_plain ->
 	    cmp_tid(true, WaitForTid, Tid) =:= 1;
-	standard  -> 
+	standard  ->
 	    cmp_tid(false, WaitForTid, Tid) =:= 1
-    end.	    
-	    
+    end.
+
 %% Check queue for conflicting locks
 %% Assume that all queued locks belongs to other tid's
 
@@ -421,25 +432,25 @@ check_queue(Tid, Tab, X, AlreadyQ) ->
     Greatest = max(TabLocks),
     case Greatest of
 	empty ->  X;
-	Tid ->    X; 
-	WaitForTid -> 
+	Tid ->    X;
+	WaitForTid ->
 	    case allowed_to_be_queued(WaitForTid,Tid) of
 		true ->
 		    {queue, WaitForTid};
-		false when AlreadyQ =:= {no, bad_luck} -> 
+		false when AlreadyQ =:= {no, bad_luck} ->
 		    {no, WaitForTid}
 	    end
     end.
 
 sort_queue(QL) ->
     case get(pid_sort_order) of
-	undefined -> 
+	undefined ->
 	    lists:reverse(lists:keysort(#queue.tid, QL));
-	r9b_plain -> 
-	    lists:sort(fun(#queue{tid=X},#queue{tid=Y}) -> 
+	r9b_plain ->
+	    lists:sort(fun(#queue{tid=X},#queue{tid=Y}) ->
 			       cmp_tid(true, X, Y) == 1
 		       end, QL);
-	standard  -> 
+	standard  ->
 	    lists:sort(fun(#queue{tid=X},#queue{tid=Y}) ->
 			       cmp_tid(false, X, Y) == 1
 		       end, QL)
@@ -456,22 +467,22 @@ set_read_lock_on_all_keys(Tid, From, Tab, IxKey, Pos) ->
     Op = {ix_read,IxKey, Pos},
     Lock = read,
     case can_lock(Tid, Lock, Oid, {no, bad_luck}) of
-	yes ->
-	    Reply = grant_lock(Tid, Op, Lock, Oid),
+	{yes, Default} ->
+	    Reply = grant_lock(Tid, Op, Lock, Oid, Default),
 	    reply(From, Reply);
-	{no, Lucky} ->
+	{{no, Lucky},_} ->
 	    C = #cyclic{op = Op, lock = Lock, oid = Oid, lucky = Lucky},
 	    ?dbg("Rejected ~p ~p ~p ~p ~n", [Tid, Oid, Lock, Lucky]),
 	    reply(From, {not_granted, C});
-    	{queue, Lucky} ->
+	{{queue, Lucky},_} ->
 	    ?dbg("Queued ~p ~p ~p ~p ~n", [Tid, Oid, Lock, Lucky]),
 	    %% Append to queue: Nice place for trace output
-	    ?ets_insert(mnesia_lock_queue, 
-			#queue{oid = Oid, tid = Tid, op = Op, 
+	    ?ets_insert(mnesia_lock_queue,
+			#queue{oid = Oid, tid = Tid, op = Op,
 			       pid = From, lucky = Lucky}),
 	    ?ets_insert(mnesia_tid_locks, {Tid, Oid, {queued, Op}})
     end.
-       
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Release of locks
 
@@ -520,30 +531,40 @@ release_locks([]) ->
 release_lock({Tid, Oid, {queued, _}}) ->
     ?ets_match_delete(mnesia_lock_queue, #queue{oid=Oid, tid = Tid, op = '_',
 						pid = '_', lucky = '_'});
-release_lock({Tid, Oid, Op}) ->
-    if
-	Op == write ->
-	    ?ets_delete(mnesia_held_locks, Oid);
-	Op == read ->
-	    ets:delete_object(mnesia_held_locks, {Oid, Op, Tid})
+release_lock({_Tid, Oid, write}) ->
+    ?ets_delete(mnesia_held_locks, Oid);
+release_lock({Tid, Oid, read}) ->
+    case ?ets_lookup(mnesia_held_locks, Oid) of
+	[{Oid, Prev, Locks0}] ->
+	    case remove_tid(Locks0, Tid, []) of
+		[] -> ?ets_delete(mnesia_held_locks, Oid);
+		Locks -> ?ets_insert(mnesia_held_locks, {Oid, Prev, Locks})
+	    end;
+	[] -> ok
     end.
 
+remove_tid([{_Op, Tid}|Ls], Tid, Acc) ->
+    remove_tid(Ls,Tid, Acc);
+remove_tid([Keep|Ls], Tid, Acc) ->
+    remove_tid(Ls,Tid, [Keep|Acc]);
+remove_tid([], _, Acc) -> Acc.
+
 rearrange_queue([{_Tid, {Tab, Key}, _} | Locks]) ->
     if
-	Key /= ?ALL->	    
-	    Queue =  
-		ets:lookup(mnesia_lock_queue, {Tab, ?ALL}) ++ 
+	Key /= ?ALL->
+	    Queue =
+		ets:lookup(mnesia_lock_queue, {Tab, ?ALL}) ++
 		ets:lookup(mnesia_lock_queue, {Tab, Key}),
-	    case Queue of 
-		[] -> 
+	    case Queue of
+		[] ->
 		    ok;
 		_ ->
 		    Sorted = sort_queue(Queue),
 		    try_waiters_obj(Sorted)
-	    end;	
-	true -> 
+	    end;
+	true ->
 	    Pat = ?match_oid_lock_queue({Tab, '_'}),
-	    Queue = ?ets_match_object(mnesia_lock_queue, Pat),	    
+	    Queue = ?ets_match_object(mnesia_lock_queue, Pat),
 	    Sorted = sort_queue(Queue),
 	    try_waiters_tab(Sorted)
     end,
@@ -556,7 +577,7 @@ try_waiters_obj([W | Waiters]) ->
     case try_waiter(W) of
 	queued ->
 	    no;
-	_ -> 	    
+	_ ->
 	    try_waiters_obj(Waiters)
     end;
 try_waiters_obj([]) ->
@@ -573,10 +594,10 @@ try_waiters_tab([W | Waiters]) ->
 	    end;
 	Oid ->
 	    case try_waiter(W) of
-		queued -> 	    
+		queued ->
 		    Rest = key_delete_all(Oid, #queue.oid, Waiters),
 		    try_waiters_tab(Rest);
-		_ ->		    
+		_ ->
 		    try_waiters_tab(Waiters)
 	    end
     end;
@@ -592,22 +613,22 @@ try_waiter({queue, Oid, Tid, Op, ReplyTo, _}) ->
 
 try_waiter(Oid, Op, SimpleOp, Lock, ReplyTo, Tid) ->
     case can_lock(Tid, Lock, Oid, {queue, bad_luck}) of
-	yes ->
+	{yes, Default} ->
 	    %% Delete from queue: Nice place for trace output
-	    ?ets_match_delete(mnesia_lock_queue, 
+	    ?ets_match_delete(mnesia_lock_queue,
 			      #queue{oid=Oid, tid = Tid, op = Op,
 				     pid = ReplyTo, lucky = '_'}),
-	    Reply = grant_lock(Tid, SimpleOp, Lock, Oid),	    
+	    Reply = grant_lock(Tid, SimpleOp, Lock, Oid, Default),
 	    reply(ReplyTo,Reply),
 	    locked;
-	{queue, _Why} ->
+	{{queue, _Why}, _} ->
 	    ?dbg("Keep ~p ~p ~p ~p~n", [Tid, Oid, Lock, _Why]),
-	    queued; % Keep waiter in queue	
-	{no, Lucky} ->
+	    queued; % Keep waiter in queue
+	{{no, Lucky}, _} ->
 	    C = #cyclic{op = SimpleOp, lock = Lock, oid = Oid, lucky = Lucky},
 	    verbose("** WARNING ** Restarted transaction, possible deadlock in lock queue ~w: cyclic = ~w~n",
 		    [Tid, C]),
-	    ?ets_match_delete(mnesia_lock_queue, 
+	    ?ets_match_delete(mnesia_lock_queue,
 			      #queue{oid=Oid, tid = Tid, op = Op,
 				     pid = ReplyTo, lucky = '_'}),
 	    Reply = {not_granted, C},
@@ -645,7 +666,7 @@ mnesia_down(N, Pending) ->
 	    Pid ! {release_remote_non_pending, N, Pending}
     end.
 
-%% Aquire a write lock, but do a read, used by 
+%% Aquire a write lock, but do a read, used by
 %% mnesia:wread/1
 
 rwlock(Tid, Store, Oid) ->
@@ -657,9 +678,10 @@ rwlock(Tid, Store, Oid) ->
 	    Lock = write,
 	    case need_lock(Store, Tab, Key, Lock)  of
 		yes ->
-		    {Ns, Majority} = w_nodes(Tab),
+		    {Ns0, Majority} = w_nodes(Tab),
+		    Ns = [Node|lists:delete(Node,Ns0)],
 		    check_majority(Majority, Tab, Ns),
-		    Res = get_rwlocks_on_nodes(Ns, rwlock, Node, Store, Tid, Oid),
+		    Res = get_rwlocks_on_nodes(Ns, make_ref(), Store, Tid, Oid),
 		    ?ets_insert(Store, {{locks, Tab, Key}, Lock}),
 		    Res;
 		no ->
@@ -718,7 +740,7 @@ sticky_rwlock(Tid, Store, Oid) ->
     sticky_lock(Tid, Store, Oid, read_write).
 
 sticky_lock(Tid, Store, {Tab, Key} = Oid, Lock) ->
-    N = val({Tab, where_to_read}), 
+    N = val({Tab, where_to_read}),
     if
 	node() == N ->
 	    case need_lock(Store, Tab, Key, write) of
@@ -805,9 +827,9 @@ sticky_wlock_table(Tid, Store, Tab) ->
 %% aquire a wlock on Oid
 %% We store a {Tabname, write, Tid} in all locktables
 %% on all nodes containing a copy of Tabname
-%% We also store an item {{locks, Tab, Key}, write} in the 
+%% We also store an item {{locks, Tab, Key}, write} in the
 %% local store when we have aquired the lock.
-%% 
+%%
 wlock(Tid, Store, Oid) ->
     wlock(Tid, Store, Oid, _CheckMajority = true).
 
@@ -845,10 +867,10 @@ wlock_no_exist(Tid, Store, Tab, Ns) ->
 
 need_lock(Store, Tab, Key, LockPattern) ->
     TabL = ?ets_match_object(Store, {{locks, Tab, ?ALL}, LockPattern}),
-    if 
+    if
 	TabL == [] ->
 	    KeyL = ?ets_match_object(Store, {{locks, Tab, Key}, LockPattern}),
-	    if 
+	    if
 		KeyL == [] ->
 		    yes;
 		true  ->
@@ -865,7 +887,7 @@ del_debug() ->
     erase(mnesia_wlock_nodes).
 
 %% We first send lock request to the local node if it is part of the lockers
-%% then the first sorted node then to the rest of the lockmanagers on all 
+%% then the first sorted node then to the rest of the lockmanagers on all
 %% nodes holding a copy of the table
 
 get_wlocks_on_nodes([Node | Tail], Orig, Store, Request, Oid) ->
@@ -875,51 +897,31 @@ get_wlocks_on_nodes([Node | Tail], Orig, Store, Request, Oid) ->
     case node() of
 	Node -> %% Local done try one more
 	    get_wlocks_on_nodes(Tail, Orig, Store, Request, Oid);
-	_ ->    %% The first succeded cont with the rest  
+	_ ->    %% The first succeded cont with the rest
 	    get_wlocks_on_nodes(Tail, Store, Request),
 	    receive_wlocks(Tail, Orig, Store, Oid)
     end;
-get_wlocks_on_nodes([], Orig, _Store, _Request, _Oid) -> 
+get_wlocks_on_nodes([], Orig, _Store, _Request, _Oid) ->
     Orig.
 
 get_wlocks_on_nodes([Node | Tail], Store, Request) ->
     {?MODULE, Node} ! Request,
     ?ets_insert(Store,{nodes, Node}),
     get_wlocks_on_nodes(Tail, Store, Request);
-get_wlocks_on_nodes([], _, _) -> 
+get_wlocks_on_nodes([], _, _) ->
     ok.
 
-get_rwlocks_on_nodes([ReadNode|Tail], _Res, ReadNode, Store, Tid, Oid) ->
+get_rwlocks_on_nodes([ReadNode|Tail], Ref, Store, Tid, Oid) ->
     Op = {self(), {read_write, Tid, Oid}},
     {?MODULE, ReadNode} ! Op,
     ?ets_insert(Store, {nodes, ReadNode}),
-    Res = receive_wlocks([ReadNode], undefined, Store, Oid),
-    case node() of
-	ReadNode -> 
-	    get_rwlocks_on_nodes(Tail, Res, ReadNode, Store, Tid, Oid);
-	_ ->
-	    get_wlocks_on_nodes(Tail, Store, {self(), {write, Tid, Oid}}),
-	    receive_wlocks(Tail, Res, Store, Oid)
+    case receive_wlocks([ReadNode], Ref, Store, Oid) of
+	Ref ->
+	    get_rwlocks_on_nodes(Tail, Ref, Store, Tid, Oid);
+	Res ->
+	    get_wlocks_on_nodes(Tail, Res, Store, {self(), {write, Tid, Oid}}, Oid)
     end;
-get_rwlocks_on_nodes([Node | Tail], Res, ReadNode, Store, Tid, Oid) ->
-    Op = {self(), {write, Tid, Oid}},
-    {?MODULE, Node} ! Op,
-    ?ets_insert(Store, {nodes, Node}),
-    receive_wlocks([Node], undefined, Store, Oid),
-    if node() == Node ->
-	    get_rwlocks_on_nodes(Tail, Res, ReadNode, Store, Tid, Oid);
-       Res == rwlock -> %% Hmm	    
-	    Rest = lists:delete(ReadNode, Tail),
-	    Op2 = {self(), {read_write, Tid, Oid}},
-	    {?MODULE, ReadNode} ! Op2,
-	    ?ets_insert(Store, {nodes, ReadNode}),
-	    get_wlocks_on_nodes(Rest, Store, {self(), {write, Tid, Oid}}),
-	    receive_wlocks([ReadNode|Rest], undefined, Store, Oid);
-       true ->
-	    get_wlocks_on_nodes(Tail, Store, {self(), {write, Tid, Oid}}),
-	    receive_wlocks(Tail, Res, Store, Oid)
-    end;
-get_rwlocks_on_nodes([],Res,_,_,_,_) ->
+get_rwlocks_on_nodes([],Res,_,_,_) ->
     Res.
 
 receive_wlocks([], Res, _Store, _Oid) ->
@@ -944,8 +946,8 @@ receive_wlocks(Nodes = [This|Ns], Res, Store, Oid) ->
 	    Tail = lists:delete(Node,Nodes),
 	    Nonstuck = lists:delete(Sticky,Tail),
 	    [?ets_insert(Store, {nodes, NSNode}) || NSNode <- Nonstuck],
-	    case lists:member(Sticky,Tail) of		
-		true -> 		    
+	    case lists:member(Sticky,Tail) of
+		true ->
 		    sticky_flush(Nonstuck,Store),
 		    receive_wlocks([Sticky], Res, Store, Oid);
 		false ->
@@ -957,7 +959,7 @@ receive_wlocks(Nodes = [This|Ns], Res, Store, Oid) ->
 	    flush_remaining(Ns, This, Reason1)
     end.
 
-sticky_flush([], _) -> 
+sticky_flush([], _) ->
     del_debug(),
     ok;
 sticky_flush(Ns=[Node | Tail], Store) ->
@@ -991,7 +993,7 @@ opt_lookup_in_client(lookup_in_client, Oid, Lock) ->
 	    %% Table has been deleted from this node,
 	    %% restart the transaction.
 	    #cyclic{op = read, lock = Lock, oid = Oid, lucky = nowhere};
-	Val -> 
+	Val ->
 	    Val
     end;
 opt_lookup_in_client(Val, _Oid, _Lock) ->
@@ -1000,8 +1002,8 @@ opt_lookup_in_client(Val, _Oid, _Lock) ->
 return_granted_or_nodes({_, ?ALL}   , Nodes) -> Nodes;
 return_granted_or_nodes({?GLOBAL, _}, Nodes) -> Nodes;
 return_granted_or_nodes(_           , _Nodes) -> granted.
-    
-%% We store a {Tab, read, From} item in the 
+
+%% We store a {Tab, read, From} item in the
 %% locks table on the node where we actually do pick up the object
 %% and we also store an item {lock, Oid, read} in our local store
 %% so that we can release any locks we hold when we commit.
@@ -1059,9 +1061,9 @@ rlock_get_reply(Node, Store, Oid, {granted, V}) ->
     ?ets_insert(Store, {{locks, Tab, Key}, read}),
     ?ets_insert(Store, {nodes, Node}),
     case opt_lookup_in_client(V, Oid, read) of
-	C = #cyclic{} -> 
+	C = #cyclic{} ->
 	    mnesia:abort(C);
-	Val -> 
+	Val ->
 	    Val
     end;
 rlock_get_reply(Node, Store, Oid, granted) ->
@@ -1079,7 +1081,7 @@ rlock_get_reply(Node, Store, Tab, {granted, V, RealKeys}) ->
 rlock_get_reply(_Node, _Store, _Oid, {not_granted, Reason}) ->
     exit({aborted, Reason});
 
-rlock_get_reply(_Node, Store, Oid, {switch, N2, Req}) ->    
+rlock_get_reply(_Node, Store, Oid, {switch, N2, Req}) ->
     ?ets_insert(Store, {nodes, N2}),
     {?MODULE, N2} ! Req,
     rlock_get_reply(N2, Store, Oid, l_req_rec(N2, Store)).
@@ -1095,7 +1097,7 @@ ixrlock(Tid, Store, Tab, IxKey, Pos) ->
 	    %%% Old code
 	    %% R = l_request(Node, {ix_read, Tid, Tab, IxKey, Pos}, Store),
 	    %% rlock_get_reply(Node, Store, Tab, R)
-	    
+
 	    case need_lock(Store, Tab, ?ALL, read) of
 		no when Node =:= node() ->
 		    ix_read_res(Tab,IxKey,Pos);
@@ -1135,11 +1137,23 @@ rec_requests([], _Oid, _Store) ->
 
 get_held_locks() ->
     ?MODULE ! {get_table, self(), mnesia_held_locks},
-    receive {mnesia_held_locks, Locks} -> Locks  end.
+    Locks = receive {mnesia_held_locks, Ls} -> Ls after 5000 -> [] end,
+    rewrite_locks(Locks, []).
+
+rewrite_locks([{Oid, _, Ls}|Locks], Acc0) ->
+    Acc = rewrite_locks(Ls, Oid, Acc0),
+    rewrite_locks(Locks, Acc);
+rewrite_locks([], Acc) ->
+    lists:reverse(Acc).
+
+rewrite_locks([{Op, Tid}|Ls], Oid, Acc) ->
+    rewrite_locks(Ls, Oid, [{Oid, Op, Tid}|Acc]);
+rewrite_locks([], _, Acc) ->
+    Acc.
 
 get_lock_queue() ->
     ?MODULE ! {get_table, self(), mnesia_lock_queue},
-    Q = receive {mnesia_lock_queue, Locks} -> Locks  end,
+    Q = receive {mnesia_lock_queue, Locks} -> Locks after 5000 -> [] end,
     [{Oid, Op, Pid, Tid, WFT} || {queue, Oid, Tid, Op, Pid, WFT} <- Q].
 
 do_stop() ->
diff --git a/lib/mnesia/src/mnesia_log.erl b/lib/mnesia/src/mnesia_log.erl
index 94153473cb..18303869ed 100644
--- a/lib/mnesia/src/mnesia_log.erl
+++ b/lib/mnesia/src/mnesia_log.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -180,8 +180,8 @@
 	 view/1,
 	 write_trans_log_header/0
 	]).
-	
-	
+
+
 -compile({no_auto_import,[error/2]}).
 
 -include("mnesia.hrl").
@@ -210,7 +210,7 @@ decision_tab_version() -> "1.0".
 
 dcl_version() -> "1.0".
 dcd_version() -> "1.0".
-     
+
 append(Log, Bin) when is_binary(Bin) ->
     disk_log:balog(Log, Bin);
 append(Log, Term) ->
@@ -218,9 +218,9 @@ append(Log, Term) ->
 
 %% Synced append
 sappend(Log, Bin) when is_binary(Bin) ->
-    ok = disk_log:blog(Log, Bin);  
+    ok = disk_log:blog(Log, Bin);
 sappend(Log, Term) ->
-    ok = disk_log:log(Log, Term).  
+    ok = disk_log:log(Log, Term).
 
 %% Write commit records to the latest_log
 log(C) when  C#commit.disc_copies == [],
@@ -283,7 +283,7 @@ previous_log_file() -> dir("PREVIOUS.LOG").
 decision_log_file() -> dir(decision_log_name()).
 
 decision_tab_file() -> dir(decision_tab_name()).
-    
+
 previous_decision_log_file() -> dir("PDECISION.LOG").
 
 latest_log_name() -> "LATEST.LOG".
@@ -297,10 +297,10 @@ init() ->
 	true ->
 	    Prev = previous_log_file(),
 	    verify_no_exists(Prev),
-	    
+
 	    Latest = latest_log_file(),
 	    verify_no_exists(Latest),
-	    
+
 	    Header = trans_log_header(),
 	    open_log(latest_log, Header, Latest);
 	false ->
@@ -346,20 +346,20 @@ open_log(Name, Header, Fname, Exists, Repair, Mode) ->
 	    write_header(Log, Header),
 	    Log;
 	{repaired, Log, _Recover, BadBytes} ->
-	    mnesia_lib:important("Data may be missing, log ~p repaired: Lost ~p bytes~n", 
+	    mnesia_lib:important("Data may be missing, log ~p repaired: Lost ~p bytes~n",
 				 [Fname, BadBytes]),
 	    Log;
 	{error, Reason} when Repair == true ->
 	    file:delete(Fname),
-	    mnesia_lib:important("Data may be missing, Corrupt logfile deleted: ~p, ~p ~n", 
+	    mnesia_lib:important("Data may be missing, Corrupt logfile deleted: ~p, ~p ~n",
 				 [Fname, Reason]),
-	    %% Create a new 
+	    %% Create a new
 	    open_log(Name, Header, Fname, false, false, read_write);
 	{error, Reason} ->
 	    fatal("Cannot open log file ~p: ~p~n", [Fname, Reason])
     end.
 
-write_header(Log, Header) -> 
+write_header(Log, Header) ->
     append(Log, Header).
 
 write_trans_log_header() ->
@@ -376,12 +376,12 @@ stop() ->
 close_log(Log) ->
 %%    io:format("mnesia_log:close_log ~p~n", [Log]),
 %%    io:format("mnesia_log:close_log ~p~n", [Log]),
-    case disk_log:sync(Log) of 
+    case disk_log:sync(Log) of
 	ok -> ok;
-	{error, {read_only_mode, Log}} -> 
+	{error, {read_only_mode, Log}} ->
 	    ok;
-	{error, Reason} -> 
-	    mnesia_lib:important("Failed syncing ~p to_disk reason ~p ~n", 
+	{error, Reason} ->
+	    mnesia_lib:important("Failed syncing ~p to_disk reason ~p ~n",
 				 [Log, Reason])
     end,
     mnesia_monitor:close_log(Log).
@@ -392,7 +392,7 @@ unsafe_close_log(Log) ->
 
 
 purge_some_logs() ->
-    mnesia_monitor:unsafe_close_log(latest_log), 
+    mnesia_monitor:unsafe_close_log(latest_log),
     file:delete(latest_log_file()),
     file:delete(decision_tab_file()).
 
@@ -466,10 +466,10 @@ chunk_log(Log, Cont) ->
 		  [Log, Reason]);
 	{C2, Chunk, _BadBytes} ->
 	    %% Read_only case, should we warn about the bad log file?
-	    %% BUGBUG Should we crash if Repair == false ?? 
+	    %% BUGBUG Should we crash if Repair == false ??
 	    %% We got to check this !!
 	    mnesia_lib:important("~p repaired, lost ~p bad bytes~n", [Log, _BadBytes]),
-	    {C2, Chunk}; 
+	    {C2, Chunk};
 	Other ->
 	    Other
     end.
@@ -492,7 +492,7 @@ open_decision_log() ->
     Latest = decision_log_file(),
     open_log(decision_log, decision_log_header(), Latest),
     start.
-    
+
 prepare_decision_log_dump() ->
     Prev = previous_decision_log_file(),
     prepare_decision_log_dump(exists(Prev), Prev).
@@ -586,11 +586,11 @@ view_file(C, Log) ->
 	    eof;
 	{C2, Terms, _BadBytes} ->
 	    dbg_out("Lost ~p bytes in ~p ~n", [_BadBytes, Log]),
-	    lists:foreach(fun(X) -> mnesia_lib:show("~p~n", [X]) end, 
+	    lists:foreach(fun(X) -> mnesia_lib:show("~p~n", [X]) end,
 			  Terms),
 	    view_file(C2, Log);
 	{C2, Terms} ->
-	    lists:foreach(fun(X) -> mnesia_lib:show("~p~n", [X]) end, 
+	    lists:foreach(fun(X) -> mnesia_lib:show("~p~n", [X]) end,
 			  Terms),
 	    view_file(C2, Log)
     end.
@@ -655,7 +655,7 @@ check_backup_args([Arg | Tail], B) ->
 check_backup_args([], B) ->
     {ok, B}.
 
-check_backup_arg_type(Arg, B) ->    
+check_backup_arg_type(Arg, B) ->
     case Arg of
 	{scope, global} ->
 	    B#backup_args{scope = global};
@@ -714,7 +714,7 @@ select_tables(AllTabs, B) ->
 
 safe_write(B, []) ->
     B;
-safe_write(B, Recs) ->	
+safe_write(B, Recs) ->
     safe_apply(B, write, [B#backup_args.opaque, Recs]).
 
 backup_schema(B, Tabs) ->
@@ -754,7 +754,7 @@ abort_write(B, What, Args, Reason) ->
 		  [Mod, abort_write, [Opaque], Other]),
 	    throw({error, Reason})
     end.
-	
+
 backup_tab(Tab, B) ->
     Name = B#backup_args.name,
     case mnesia_checkpoint:most_local_node(Name, Tab) of
@@ -768,7 +768,7 @@ backup_tab(Tab, B) ->
 	{error, Reason} ->
 	    abort_write(B, {?MODULE, backup_tab}, [Tab, B], {error, Reason})
     end.
-    
+
 tab_copier(Pid, B, Tab) when is_record(B, backup_args) ->
     %% Intentional crash at exit
     Name = B#backup_args.name,
@@ -829,7 +829,7 @@ handle_last(Pid, _Acc) ->
     exit(normal).
 
 iterate(B, Name, Tab, Pid, Source, Age, Pass, Acc) ->
-    Fun = 
+    Fun =
 	if
 	    Pid == self() ->
 		RecName = val({Tab, record_name}),
@@ -874,7 +874,7 @@ tab_receiver(Pid, B, Tab, RecName, Slot) ->
 	    Recs2 = rec_filter(B, Tab, RecName, Recs),
 	    B2 = safe_write(B, Recs2),
 	    tab_receiver(Pid, B2, Tab, RecName, Next);
-	
+
 	{Pid, {last, {ok,_}}} ->
 	    B;
 
@@ -885,7 +885,7 @@ tab_receiver(Pid, B, Tab, RecName, Slot) ->
 	    Reason = {error, {"Tab copier crashed", {'EXIT', R}}},
 	    abort_write(B, {?MODULE, remote_tab_sender}, [self(), B, Tab], Reason);
 	Msg ->
-	    R = {error, {"Tab receiver got unexpected msg", Msg}}, 
+	    R = {error, {"Tab receiver got unexpected msg", Msg}},
 	    abort_write(B, {?MODULE, remote_tab_sender}, [self(), B, Tab], R)
     end.
 
@@ -910,9 +910,9 @@ ets2dcd(Tab, Ftype) ->
 	case Ftype of
 	    dcd -> mnesia_lib:tab2dcd(Tab);
 	    dmp -> mnesia_lib:tab2dmp(Tab)
-	end,    
+	end,
     TmpF = mnesia_lib:tab2tmp(Tab),
-    file:delete(TmpF),    
+    file:delete(TmpF),
     Log  = open_log({Tab, ets2dcd}, dcd_log_header(), TmpF, false),
     mnesia_lib:db_fixtable(ram_copies, Tab, true),
     ok   = ets2dcd(mnesia_lib:db_init_chunk(ram_copies, Tab, 1000), Tab, Log),
@@ -926,8 +926,8 @@ ets2dcd(Tab, Ftype) ->
 
 ets2dcd('$end_of_table', _Tab, _Log) ->
     ok;
-ets2dcd({Recs, Cont}, Tab, Log) -> 
-    ok = disk_log:alog_terms(Log, Recs),     
+ets2dcd({Recs, Cont}, Tab, Log) ->
+    ok = disk_log:log_terms(Log, Recs),
     ets2dcd(mnesia_lib:db_chunk(ram_copies, Cont), Tab, Log).
 
 dcd2ets(Tab) ->
@@ -937,12 +937,12 @@ dcd2ets(Tab, Rep) ->
     Dcd = mnesia_lib:tab2dcd(Tab),
     case mnesia_lib:exists(Dcd) of
 	true ->
-	    Log = open_log({Tab, dcd2ets}, dcd_log_header(), Dcd, 
+	    Log = open_log({Tab, dcd2ets}, dcd_log_header(), Dcd,
 			   true, Rep, read_only),
 	    Data = chunk_log(Log, start),
 	    ok = insert_dcdchunk(Data, Log, Tab),
 	    close_log(Log),
-	    load_dcl(Tab, Rep); 
+	    load_dcl(Tab, Rep);
 	false -> %% Handle old dets files, and conversion from disc_only to disc.
 	    Fname = mnesia_lib:tab2dat(Tab),
 	    Type = val({Tab, setorbag}),
@@ -956,13 +956,13 @@ dcd2ets(Tab, Rep) ->
 	    end
     end.
 
-insert_dcdchunk({Cont, [LogH | Rest]}, Log, Tab) 
-  when is_record(LogH, log_header),  
-       LogH#log_header.log_kind == dcd_log, 
-       LogH#log_header.log_version >= "1.0" ->    
-    insert_dcdchunk({Cont, Rest}, Log, Tab);   
+insert_dcdchunk({Cont, [LogH | Rest]}, Log, Tab)
+  when is_record(LogH, log_header),
+       LogH#log_header.log_kind == dcd_log,
+       LogH#log_header.log_version >= "1.0" ->
+    insert_dcdchunk({Cont, Rest}, Log, Tab);
 
-insert_dcdchunk({Cont, Recs}, Log, Tab) ->     
+insert_dcdchunk({Cont, Recs}, Log, Tab) ->
     true = ets:insert(Tab, Recs),
     insert_dcdchunk(chunk_log(Log, Cont), Log, Tab);
 insert_dcdchunk(eof, _Log, _Tab) ->
@@ -971,13 +971,13 @@ insert_dcdchunk(eof, _Log, _Tab) ->
 load_dcl(Tab, Rep) ->
     FName = mnesia_lib:tab2dcl(Tab),
     case mnesia_lib:exists(FName) of
-	true -> 	    
+	true ->
 	    Name = {load_dcl,Tab},
-	    open_log(Name, 
-		     dcl_log_header(), 
-		     FName, 
+	    open_log(Name,
+		     dcl_log_header(),
+		     FName,
 		     true,
-		     Rep, 
+		     Rep,
 		     read_only),
 	    FirstChunk = chunk_log(Name, start),
             N = insert_logchunk(FirstChunk, Name, 0),
@@ -1015,10 +1015,10 @@ add_recs([{{Tab, Key}, Val, update_counter} | Rest], N) ->
 	    true = ets:insert(Tab, Zero)
     end,
     add_recs(Rest, N+1);
-add_recs([LogH|Rest], N) 
-  when is_record(LogH, log_header),  
-       LogH#log_header.log_kind == dcl_log, 
-       LogH#log_header.log_version >= "1.0" ->    
+add_recs([LogH|Rest], N)
+  when is_record(LogH, log_header),
+       LogH#log_header.log_kind == dcl_log,
+       LogH#log_header.log_version >= "1.0" ->
     add_recs(Rest, N);
 add_recs([{{Tab, _Key}, _Val, clear_table} | Rest], N) ->
     Size = ets:info(Tab, size),
diff --git a/lib/mnesia/src/mnesia_monitor.erl b/lib/mnesia/src/mnesia_monitor.erl
index 8cb2e92c08..c08bbc879f 100644
--- a/lib/mnesia/src/mnesia_monitor.erl
+++ b/lib/mnesia/src/mnesia_monitor.erl
@@ -80,9 +80,9 @@
 		going_down = [], tm_started = false, early_connects = [],
 		connecting, mq = []}).
 
--define(current_protocol_version,  {8,0}).
+-define(current_protocol_version,  {8,1}).
 
--define(previous_protocol_version, {7,6}).
+-define(previous_protocol_version, {8,0}).
 
 start() ->
     gen_server:start_link({local, ?MODULE}, ?MODULE,
@@ -188,7 +188,7 @@ protocol_version() ->
 %% A sorted list of acceptable protocols the
 %% preferred protocols are first in the list
 acceptable_protocol_versions() ->
-    [protocol_version(), ?previous_protocol_version].
+    [protocol_version(), ?previous_protocol_version, {7,6}].
 
 needs_protocol_conversion(Node) ->
     case {?catch_val({protocol, Node}), protocol_version()} of
@@ -417,6 +417,8 @@ handle_call({negotiate_protocol, Mon, Version, Protocols}, From, State)
 	    case hd(Protocols) of
 		?previous_protocol_version ->
 		    accept_protocol(Mon, MyVersion, ?previous_protocol_version, From, State);
+		{7,6} ->
+		    accept_protocol(Mon, MyVersion, {7,6}, From, State);
 		_ ->
 		    verbose("Connection with ~p rejected. "
 			    "version = ~p, protocols = ~p, "
diff --git a/lib/mnesia/src/mnesia_schema.erl b/lib/mnesia/src/mnesia_schema.erl
index 179e15197e..6e43052fb0 100644
--- a/lib/mnesia/src/mnesia_schema.erl
+++ b/lib/mnesia/src/mnesia_schema.erl
@@ -188,6 +188,7 @@ do_set_schema(Tab, Cs) ->
     [set({Tab, user_property, element(1, P)}, P) || P <- Cs#cstruct.user_properties],
     set({Tab, frag_properties}, Cs#cstruct.frag_properties),
     mnesia_frag:set_frag_hash(Tab, Cs#cstruct.frag_properties),
+    set({Tab, storage_properties}, Cs#cstruct.storage_properties),
     set({Tab, attributes}, Cs#cstruct.attributes),
     Arity = length(Cs#cstruct.attributes) + 1,
     set({Tab, arity}, Arity),
@@ -644,6 +645,14 @@ cs2list(Cs) when is_record(Cs, cstruct) ->
     rec2list(Tags, Tags, 2, Cs);
 cs2list(CreateList) when is_list(CreateList) ->
     CreateList;
+%% 4.6
+cs2list(Cs) when element(1, Cs) == cstruct, tuple_size(Cs) == 19 ->
+    Tags = [name,type,ram_copies,disc_copies,disc_only_copies,
+	    load_order,access_mode,majority,index,snmp,local_content,
+	    record_name,attributes,
+	    user_properties,frag_properties,storage_properties,
+	    cookie,version],
+    rec2list(Tags, Tags, 2, Cs);
 %% 4.4.19
 cs2list(Cs) when element(1, Cs) == cstruct, tuple_size(Cs) == 18 ->
     Tags = [name,type,ram_copies,disc_copies,disc_only_copies,
@@ -674,8 +683,17 @@ cs2list(ver4_4_19, Cs) ->
 	    load_order,access_mode,majority,index,snmp,local_content,
 	    record_name,attributes,user_properties,frag_properties,
 	    cookie,version],
+    rec2list(Tags, Orig, 2, Cs);
+cs2list(ver4_6, Cs) ->
+    Orig = record_info(fields, cstruct),
+    Tags = [name,type,ram_copies,disc_copies,disc_only_copies,
+	    load_order,access_mode,majority,index,snmp,local_content,
+	    record_name,attributes,
+	    user_properties,frag_properties,storage_properties,
+	    cookie,version],
     rec2list(Tags, Orig, 2, Cs).
 
+
 rec2list([Tag | Tags], [Tag | Orig], Pos, Rec) ->
     Val = element(Pos, Rec),
     [{Tag, Val} | rec2list(Tags, Orig, Pos + 1, Rec)];
@@ -728,6 +746,29 @@ list2cs(List) when is_list(List) ->
     Frag = pick(Name, frag_properties, List, []),
     verify({alt, [nil, list]}, mnesia_lib:etype(Frag),
 	   {badarg, Name, {frag_properties, Frag}}),
+
+    BEProps = pick(Name, storage_properties, List, []),
+    verify({alt, [nil, list]}, mnesia_lib:etype(Ix),
+	   {badarg, Name, {storage_properties, BEProps}}),
+    CheckProp = fun(Opt, Opts) when is_atom(Opt) ->
+			lists:member(Opt, Opts)
+			    andalso mnesia:abort({badarg, Name, Opt});
+		   (Tuple, Opts) when is_tuple(Tuple) ->
+			lists:member(element(1,Tuple), Opts)
+			    andalso mnesia:abort({badarg, Name, Tuple});
+		   (What,_) ->
+			mnesia:abort({badarg, Name, What})
+		end,
+    BadEtsOpts = [set, ordered_set, bag, duplicate_bag,
+		  public, private, protected,
+		  keypos, named_table],
+    EtsOpts = proplists:get_value(ets, BEProps, []),
+    is_list(EtsOpts) orelse mnesia:abort({badarg, Name, {ets, EtsOpts}}),
+    [CheckProp(Prop, BadEtsOpts) || Prop <- EtsOpts],
+    BadDetsOpts = [type, keypos, repair, access, file],
+    DetsOpts = proplists:get_value(dets, BEProps, []),
+    is_list(DetsOpts) orelse mnesia:abort({badarg, Name, {dets, DetsOpts}}),
+    [CheckProp(Prop, BadDetsOpts) || Prop <- DetsOpts],
     #cstruct{name = Name,
              ram_copies = Rc,
              disc_copies = Dc,
@@ -743,6 +784,7 @@ list2cs(List) when is_list(List) ->
              attributes = Attrs,
              user_properties = lists:sort(UserProps),
 	     frag_properties = lists:sort(Frag),
+	     storage_properties = lists:sort(BEProps),
              cookie = Cookie,
              version = Version}.
 
@@ -1881,18 +1923,18 @@ prepare_op(Tid, {op, create_table, TabDef}, _WaitFor) ->
             mnesia:abort(UseDirReason);
 	ram_copies ->
 	    mnesia_lib:set({Tab, create_table},true),
-	    create_ram_table(Tab, Cs#cstruct.type),
+	    create_ram_table(Tab, Cs),
 	    insert_cstruct(Tid, Cs, false),
 	    {true, optional};
 	disc_copies ->
 	    mnesia_lib:set({Tab, create_table},true),
-	    create_ram_table(Tab, Cs#cstruct.type),
+	    create_ram_table(Tab, Cs),
 	    create_disc_table(Tab),
 	    insert_cstruct(Tid, Cs, false),
 	    {true, optional};
 	disc_only_copies ->
 	    mnesia_lib:set({Tab, create_table},true),
-	    create_disc_only_table(Tab,Cs#cstruct.type),
+	    create_disc_only_table(Tab,Cs),
 	    insert_cstruct(Tid, Cs, false),
 	    {true, optional};
         unknown -> %% No replica on this node
@@ -2044,7 +2086,7 @@ prepare_op(_Tid, {op, change_table_copy_type,  N, FromS, ToS, TabDef}, _WaitFor)
 	    mnesia_dumper:raw_named_dump_table(Tab, dmp);
 	FromS == disc_only_copies ->
 	    Type = Cs#cstruct.type,
-	    create_ram_table(Tab, Type),
+	    create_ram_table(Tab, Cs),
 	    Datname = mnesia_lib:tab2dat(Tab),
 	    Repair = mnesia_monitor:get_env(auto_repair),
 	    case mnesia_lib:dets_to_ets(Tab, Tab, Datname, Type, Repair, no) of
@@ -2132,8 +2174,9 @@ prepare_op(_Tid, {op, merge_schema, TabDef}, _WaitFor) ->
 prepare_op(_Tid, _Op, _WaitFor) ->
     {true, optional}.
 
-create_ram_table(Tab, Type) ->
-    Args = [{keypos, 2}, public, named_table, Type],
+create_ram_table(Tab, #cstruct{type=Type, storage_properties=Props}) ->
+    EtsOpts = proplists:get_value(ets, Props, []),
+    Args = [{keypos, 2}, public, named_table, Type | EtsOpts],
     case mnesia_monitor:unsafe_mktab(Tab, Args) of
 	Tab ->
 	    ok;
@@ -2141,6 +2184,7 @@ create_ram_table(Tab, Type) ->
 	    Err = "Failed to create ets table",
 	    mnesia:abort({system_limit, Tab, {Err,Reason}})
     end.
+
 create_disc_table(Tab) ->
     File = mnesia_lib:tab2dcd(Tab),
     file:delete(File),
@@ -2154,13 +2198,15 @@ create_disc_table(Tab) ->
 	    Err = "Failed to create disc table",
 	    mnesia:abort({system_limit, Tab, {Err,Reason}})
     end.
-create_disc_only_table(Tab,Type) ->
+create_disc_only_table(Tab, #cstruct{type=Type, storage_properties=Props}) ->
     File = mnesia_lib:tab2dat(Tab),
     file:delete(File),
+    DetsOpts = proplists:get_value(dets, Props, []),
     Args = [{file, mnesia_lib:tab2dat(Tab)},
 	    {type, mnesia_lib:disk_type(Tab, Type)},
 	    {keypos, 2},
-	    {repair, mnesia_monitor:get_env(auto_repair)}],
+	    {repair, mnesia_monitor:get_env(auto_repair)}
+	    | DetsOpts],
     case mnesia_monitor:unsafe_open_dets(Tab, Args) of
 	{ok, _} ->
 	    ok;
@@ -2688,17 +2734,17 @@ restore_schema([{schema, Tab, List} | Schema], R) ->
 	    R2 = R#r{tables = [{Tab, undefined, Snmp, RecName} | R#r.tables]},
 	    restore_schema(Schema, R2);
 	recreate_tables ->
-	    case ?catch_val({Tab, cstruct}) of
-		{'EXIT', _} ->
-		    TidTs = {_Mod, Tid, Ts} = get(mnesia_activity_state),
-		    RunningNodes = val({current, db_nodes}),
-		    Nodes = mnesia_lib:intersect(mnesia_lib:cs_to_nodes(list2cs(List)),
-						 RunningNodes),
-		    mnesia_locker:wlock_no_exist(Tid, Ts#tidstore.store, Tab, Nodes),
-		    TidTs;
-		_ ->
-		    TidTs = get_tid_ts_and_lock(Tab, write)
-	    end,
+	    TidTs = case ?catch_val({Tab, cstruct}) of
+			{'EXIT', _} ->
+			    TTs = {_Mod, Tid, Ts} = get(mnesia_activity_state),
+			    RunningNodes = val({current, db_nodes}),
+			    Nodes = mnesia_lib:intersect(mnesia_lib:cs_to_nodes(list2cs(List)),
+							 RunningNodes),
+			    mnesia_locker:wlock_no_exist(Tid, Ts#tidstore.store, Tab, Nodes),
+			    TTs;
+			_ ->
+			    get_tid_ts_and_lock(Tab, write)
+		    end,
 	    NC    = {cookie, ?unique_cookie},
 	    List2 = lists:keyreplace(cookie, 1, List, NC),
 	    Where = where_to_commit(Tab, List2),
@@ -2839,15 +2885,15 @@ do_merge_schema(LockTabs0) ->
     end.
 
 fetch_cstructs(Node) ->
-    case mnesia_monitor:needs_protocol_conversion(Node) of
-	true ->
+    case need_old_cstructs([Node]) of
+	false ->
+	    rpc:call(Node, mnesia_controller, get_remote_cstructs, []);
+	_Ver ->
 	    case rpc:call(Node, mnesia_controller, get_cstructs, []) of
 		{cstructs, Cs0, RR} ->
 		    {cstructs, [list2cs(cs2list(Cs)) || Cs <- Cs0], RR};
 		Err -> Err
-	    end;
-	false ->
-	    rpc:call(Node, mnesia_controller, get_remote_cstructs, [])
+	    end
     end.
 
 need_old_cstructs() ->
@@ -2868,7 +2914,9 @@ need_old_cstructs(Nodes) ->
 		Cs when element(1, Cs) == cstruct, tuple_size(Cs) == 17 ->
 		    ver4_4_18;			% Without majority
 		Cs when element(1, Cs) == cstruct, tuple_size(Cs) == 18 ->
-		    ver4_4_19			% With majority
+		    ver4_4_19;			% With majority
+		Cs when element(1, Cs) == cstruct, tuple_size(Cs) == 19 ->
+		    ver4_6			% With storage_properties
 	    end
     end.
 
diff --git a/lib/mnesia/src/mnesia_tm.erl b/lib/mnesia/src/mnesia_tm.erl
index f62f7cb7c8..0af7f55c06 100644
--- a/lib/mnesia/src/mnesia_tm.erl
+++ b/lib/mnesia/src/mnesia_tm.erl
@@ -36,7 +36,7 @@
 	 prepare_checkpoint/2,
 	 prepare_checkpoint/1, % Internal
 	 prepare_snmp/3,
-	 do_snmp/2,	 
+	 do_snmp/2,
 	 put_activity_id/1,
 	 put_activity_id/2,
 	 block_tab/1,
@@ -68,7 +68,7 @@
 	       majority = []
 	      }).
 
--record(participant, {tid, pid, commit, disc_nodes = [], 
+-record(participant, {tid, pid, commit, disc_nodes = [],
 		      ram_nodes = [], protocol = sym_trans}).
 
 start() ->
@@ -77,12 +77,12 @@ start() ->
 init(Parent) ->
     register(?MODULE, self()),
     process_flag(trap_exit, true),
-    
+
     %% Initialize the schema
     IgnoreFallback = mnesia_monitor:get_env(ignore_fallback_at_startup),
     mnesia_bup:tm_fallback_start(IgnoreFallback),
     mnesia_schema:init(IgnoreFallback),
-    
+
     %% Handshake and initialize transaction recovery
     mnesia_recover:init(),
     Early = mnesia_monitor:init(),
@@ -101,11 +101,11 @@ init(Parent) ->
 	false ->
 	    ignore
     end,
-    
+
     mnesia_schema:purge_tmp_files(),
     mnesia_recover:start_garb(),
-    
-    ?eval_debug_fun({?MODULE, init},  [{nodes, AllOthers}]),		   
+
+    ?eval_debug_fun({?MODULE, init},  [{nodes, AllOthers}]),
 
     case val(debug) of
 	Debug when Debug /= debug, Debug /= trace ->
@@ -118,8 +118,8 @@ init(Parent) ->
 
 val(Var) ->
     case ?catch_val(Var) of
-	{'EXIT', _ReASoN_} -> mnesia_lib:other_val(Var, _ReASoN_); 
-	_VaLuE_ -> _VaLuE_ 
+	{'EXIT', _ReASoN_} -> mnesia_lib:other_val(Var, _ReASoN_);
+	_VaLuE_ -> _VaLuE_
     end.
 
 reply({From,Ref}, R) ->
@@ -136,7 +136,7 @@ req(R) ->
 	undefined ->
 	    {error, {node_not_running, node()}};
 	Pid ->
-	    Ref = make_ref(), 
+	    Ref = make_ref(),
 	    Pid ! {{self(), Ref}, R},
 	    rec(Pid, Ref)
     end.
@@ -161,7 +161,7 @@ rec(Pid, Ref) ->
 	    Reply;
 	{'EXIT', Pid, _} ->
 	    {error, {node_not_running, node()}}
-    end.   
+    end.
 
 tmlink({From, Ref}) when is_reference(Ref) ->
     link(From);
@@ -209,7 +209,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 		    State2 = State#state{dirty_queue = [Item | State#state.dirty_queue]},
 		    doit_loop(State2)
 	    end;
-	
+
 	{From, {sync_dirty, Tid, Commit, Tab}} ->
 	    case lists:member(Tab, State#state.blocked_tabs) of
 		false ->
@@ -220,7 +220,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 		    State2 = State#state{dirty_queue = [Item | State#state.dirty_queue]},
 		    doit_loop(State2)
 	    end;
-	
+
 	{From, start_outer} -> %% Create and associate ets_tab with Tid
 	    case catch ?ets_new_table(mnesia_trans_store, [bag, public]) of
 		{'EXIT', Reason} -> %% system limit
@@ -236,16 +236,16 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 		    S2 = State#state{coordinators = A2},
 		    reply(From, {new_tid, Tid, Etab}, S2)
 	    end;
-	
+
 	{From, {ask_commit, Protocol, Tid, Commit, DiscNs, RamNs}} ->
-	    ?eval_debug_fun({?MODULE, doit_ask_commit}, 
+	    ?eval_debug_fun({?MODULE, doit_ask_commit},
 			    [{tid, Tid}, {prot, Protocol}]),
 	    mnesia_checkpoint:tm_enter_pending(Tid, DiscNs, RamNs),
-	    Pid = 
+	    Pid =
 		case Protocol of
 		    asym_trans when node(Tid#tid.pid) /= node() ->
 			Args = [tmpid(From), Tid, Commit, DiscNs, RamNs],
-			spawn_link(?MODULE, commit_participant, Args);		
+			spawn_link(?MODULE, commit_participant, Args);
 		    _ when node(Tid#tid.pid) /= node() -> %% *_sym_trans
 			reply(From, {vote_yes, Tid}),
 			nopid
@@ -258,7 +258,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			     protocol = Protocol},
 	    State2 = State#state{participants = gb_trees:insert(Tid,P,Participants)},
 	    doit_loop(State2);
-	
+
 	{Tid, do_commit} ->
 	    case gb_trees:lookup(Tid, Participants) of
 		none ->
@@ -272,14 +272,14 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			    Member = lists:member(node(), P#participant.disc_nodes),
 			    if Member == false ->
 				    ignore;
-			       P#participant.protocol == sym_trans -> 
+			       P#participant.protocol == sym_trans ->
 				    mnesia_log:log(Commit);
-			       P#participant.protocol == sync_sym_trans -> 
+			       P#participant.protocol == sync_sym_trans ->
 				    mnesia_log:slog(Commit)
 			    end,
 			    mnesia_recover:note_decision(Tid, committed),
 			    do_commit(Tid, Commit),
-			    if 
+			    if
 				P#participant.protocol == sync_sym_trans ->
 				    Tid#tid.pid ! {?MODULE, node(), {committed, Tid}};
 				true ->
@@ -296,13 +296,13 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			    doit_loop(State)
 		    end
 	    end;
-	
+
 	{Tid, simple_commit} ->
 	    mnesia_recover:note_decision(Tid, committed),
 	    mnesia_locker:release_tid(Tid),
 	    transaction_terminated(Tid),
 	    doit_loop(State);
-	
+
 	{Tid, {do_abort, Reason}} ->
 	    ?eval_debug_fun({?MODULE, do_abort, pre}, [{tid, Tid}]),
 	    case gb_trees:lookup(Tid, Participants) of
@@ -317,7 +317,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			    Commit = P#participant.commit,
 			    mnesia_recover:note_decision(Tid, aborted),
 			    do_abort(Tid, Commit),
-			    if 
+			    if
 				P#participant.protocol == sync_sym_trans ->
 				    Tid#tid.pid ! {?MODULE, node(), {aborted, Tid}};
 				true ->
@@ -335,7 +335,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			    doit_loop(State)
 		    end
 	    end;
-	
+
 	{From, {add_store, Tid}} -> %% new store for nested  transaction
 	    case catch ?ets_new_table(mnesia_trans_store, [bag, public]) of
 		{'EXIT', Reason} -> %% system limit
@@ -355,14 +355,14 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 
 	{'EXIT', Pid, Reason} ->
 	    handle_exit(Pid, Reason, State);
-	
+
 	{From, {restart, Tid, Store}} ->
 	    A2 = restore_stores(Coordinators, Tid, Store),
 	    clear_fixtable([Store]),
 	    ?ets_match_delete(Store, '_'),
 	    ?ets_insert(Store, {nodes, node()}),
 	    reply(From, {restarted, Tid}, State#state{coordinators = A2});
-	
+
 	{delete_transaction, Tid} ->
 	    %% used to clear transactions which are committed
 	    %% in coordinator or participant processes
@@ -377,7 +377,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			    clear_fixtable(Etabs),
 			    erase_ets_tabs(Etabs),
 			    transaction_terminated(Tid),
-			    doit_loop(State#state{coordinators = 
+			    doit_loop(State#state{coordinators =
 						  gb_trees:delete(Tid,Coordinators)})
 		    end;
 		true ->
@@ -385,20 +385,20 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 		    State2 = State#state{participants=gb_trees:delete(Tid,Participants)},
 		    doit_loop(State2)
 	    end;
-	
+
 	{sync_trans_serial, Tid} ->
 	    %% Do the Lamport thing here
 	    mnesia_recover:sync_trans_tid_serial(Tid),
 	    doit_loop(State);
-	    
+
 	{From, info} ->
-	    reply(From, {info, gb_trees:values(Participants), 
+	    reply(From, {info, gb_trees:values(Participants),
 			 gb_trees:to_list(Coordinators)}, State);
-	
+
 	{mnesia_down, N} ->
 	    verbose("Got mnesia_down from ~p, reconfiguring...~n", [N]),
 	    reconfigure_coordinators(N, gb_trees:to_list(Coordinators)),
-	    
+
 	    Tids = gb_trees:keys(Participants),
 	    reconfigure_participants(N, gb_trees:values(Participants)),
 	    NewState = clear_fixtable(N, State),
@@ -408,34 +408,34 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 	{From, {unblock_me, Tab}} ->
 	    case lists:member(Tab, State#state.blocked_tabs) of
 		false ->
-		    verbose("Wrong dirty Op blocked on ~p ~p ~p", 
+		    verbose("Wrong dirty Op blocked on ~p ~p ~p",
 			    [node(), Tab, From]),
 		    reply(From, unblocked),
 		    doit_loop(State);
 		true ->
-		    Item = {Tab, unblock_me, From}, 
+		    Item = {Tab, unblock_me, From},
 		    State2 = State#state{dirty_queue = [Item | State#state.dirty_queue]},
 		    doit_loop(State2)
-	    end;	    
-	
+	    end;
+
 	{From, {block_tab, Tab}} ->
 	    State2 = State#state{blocked_tabs = [Tab | State#state.blocked_tabs]},
 	    reply(From, ok, State2);
-	
+
 	{From, {unblock_tab, Tab}} ->
 	    BlockedTabs2 = State#state.blocked_tabs -- [Tab],
 	    case lists:member(Tab, BlockedTabs2) of
 		false ->
 		    mnesia_controller:unblock_table(Tab),
 		    Queue = process_dirty_queue(Tab, State#state.dirty_queue),
-		    State2 = State#state{blocked_tabs = BlockedTabs2, 
+		    State2 = State#state{blocked_tabs = BlockedTabs2,
 					 dirty_queue = Queue},
 		    reply(From, ok, State2);
 		true ->
 		    State2 = State#state{blocked_tabs = BlockedTabs2},
 		    reply(From, ok, State2)
 	    end;
-	
+
 	{From, {prepare_checkpoint, Cp}} ->
 	    Res = mnesia_checkpoint:tm_prepare(Cp),
 	    case Res of
@@ -448,18 +448,18 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 	    reply(From, Res, State);
 	{From, {fixtable, [Tab,Lock,Requester]}} ->
 	    case ?catch_val({Tab, storage_type}) of
-		{'EXIT', _} -> 
+		{'EXIT', _} ->
 		    reply(From, error, State);
 		Storage ->
 		    mnesia_lib:db_fixtable(Storage,Tab,Lock),
 		    NewState = manage_fixtable(Tab,Lock,Requester,State),
 		    reply(From, node(), NewState)
 	    end;
-	
+
 	{system, From, Msg} ->
 	    dbg_out("~p got {system, ~p, ~p}~n", [?MODULE, From, Msg]),
 	    sys:handle_system_msg(Msg, From, Sup, ?MODULE, [], State);
-	
+
 	Msg ->
 	    verbose("** ERROR ** ~p got unexpected message: ~p~n", [?MODULE, Msg]),
 	    doit_loop(State)
@@ -508,7 +508,7 @@ prepare_pending_coordinators([{Tid, [Store | _Etabs]} | Coords], IgnoreNew) ->
 		    ignore
 	    end,
 	    prepare_pending_coordinators(Coords, IgnoreNew);
-	{'EXIT', _} -> 
+	{'EXIT', _} ->
 	    prepare_pending_coordinators(Coords, IgnoreNew)
     end;
 prepare_pending_coordinators([], _IgnoreNew) ->
@@ -538,7 +538,7 @@ handle_exit(Pid, _Reason, State) when Pid == State#state.supervisor ->
 
 handle_exit(Pid, Reason, State) ->
     %% Check if it is a coordinator
-    case pid_search_delete(Pid, gb_trees:to_list(State#state.coordinators)) of 
+    case pid_search_delete(Pid, gb_trees:to_list(State#state.coordinators)) of
 	{none, _} ->
 	    %% Check if it is a participant
 	    Ps = gb_trees:values(State#state.participants),
@@ -552,9 +552,9 @@ handle_exit(Pid, Reason, State) ->
 		    NewPs = gb_trees:delete(P#participant.tid,State#state.participants),
 		    doit_loop(State#state{participants = NewPs})
 	    end;
-	
+
 	{{Tid, Etabs}, RestC} ->
-	    %% A local coordinator has died and 
+	    %% A local coordinator has died and
 	    %% we must determine the outcome of the
 	    %% transaction and tell mnesia_tm on the
 	    %% other nodes about it and then recover
@@ -578,7 +578,7 @@ recover_coordinator(Tid, Etabs) ->
 	    %% Tell the participants about the outcome
 	    Protocol = Prep#prep.protocol,
 	    Outcome = tell_outcome(Tid, Protocol, node(), CheckNodes, TellNodes),
-	    
+
 	    %% Recover locally
 	    CR = Prep#prep.records,
 	    {DiscNs, RamNs} = commit_nodes(CR, [], []),
@@ -589,7 +589,7 @@ recover_coordinator(Tid, Etabs) ->
 		    recover_coordinator(Tid, Protocol, Outcome, Local, DiscNs, RamNs),
 		    ?eval_debug_fun({?MODULE, recover_coordinator, post},
 				    [{tid, Tid}, {outcome, Outcome}, {prot, Protocol}]);
-		false ->  %% When killed before store havn't been copied to 
+		false ->  %% When killed before store havn't been copied to
 		    ok    %% to the new nested trans store.
 	    end
     end,
@@ -610,12 +610,12 @@ recover_coordinator(Tid, sync_sym_trans, aborted, _Local, _, _) ->
 
 recover_coordinator(Tid, asym_trans, committed, Local, DiscNs, RamNs) ->
     D = #decision{tid = Tid, outcome = committed,
-		  disc_nodes = DiscNs, ram_nodes = RamNs},		
+		  disc_nodes = DiscNs, ram_nodes = RamNs},
     mnesia_recover:log_decision(D),
     do_commit(Tid, Local);
 recover_coordinator(Tid, asym_trans, aborted, Local, DiscNs, RamNs) ->
     D = #decision{tid = Tid, outcome = aborted,
- 		  disc_nodes = DiscNs, ram_nodes = RamNs},		
+		  disc_nodes = DiscNs, ram_nodes = RamNs},
     mnesia_recover:log_decision(D),
     do_abort(Tid, Local).
 
@@ -631,7 +631,7 @@ add_coord_store(Coords, Tid, Etab) ->
 
 del_coord_store(Coords, Tid, Current, Obsolete) ->
     Stores = gb_trees:get(Tid, Coords),
-    Rest = 
+    Rest =
     	case Stores of
     	    [Obsolete, Current | Tail] -> Tail;
     	    [Current, Obsolete | Tail] -> Tail
@@ -642,14 +642,14 @@ del_coord_store(Coords, Tid, Current, Obsolete) ->
 erase_ets_tabs([H | T]) ->
     ?ets_delete_table(H),
     erase_ets_tabs(T);
-erase_ets_tabs([]) -> 
+erase_ets_tabs([]) ->
     ok.
 
 %% Clear one transactions all fixtables
 clear_fixtable([Store|_]) ->
     Fixed = get_elements(fixtable, Store),
     lists:foreach(fun({Tab,Node}) ->
-			  rpc:cast(Node, ?MODULE, fixtable, [Tab,false,self()]) 
+			  rpc:cast(Node, ?MODULE, fixtable, [Tab,false,self()])
 		  end, Fixed).
 
 %% Clear all fixtable Node have done
@@ -661,7 +661,7 @@ clear_fixtable(Node, State=#state{fixed_tabs = FT0}) ->
 	    lists:foreach(
 	      fun(Tab) ->
 		      case ?catch_val({Tab, storage_type}) of
-			  {'EXIT', _} -> 
+			  {'EXIT', _} ->
 			      ignore;
 			  Storage ->
 			      mnesia_lib:db_fixtable(Storage,Tab,false)
@@ -680,9 +680,9 @@ manage_fixtable(Tab,true,Requester,State=#state{fixed_tabs = FT0}) ->
     end;
 manage_fixtable(Tab,false,Requester,State = #state{fixed_tabs = FT0}) ->
     Node = node(Requester),
-    case mnesia_lib:key_search_delete(Node, 1, FT0) of 
+    case mnesia_lib:key_search_delete(Node, 1, FT0) of
 	{none,_FT} -> State; % Hmm? Safeguard
-	{{Node, Tabs0},FT} -> 
+	{{Node, Tabs0},FT} ->
 	    case lists:delete(Tab, Tabs0) of
 		[] -> State#state{fixed_tabs=FT};
 		Tabs -> State#state{fixed_tabs=[{Node,Tabs}|FT]}
@@ -691,7 +691,7 @@ manage_fixtable(Tab,false,Requester,State = #state{fixed_tabs = FT0}) ->
 
 %% Deletes a pid from a list of participants
 %% or from a gb_trees of coordinators
-%% {none, All} or {Tr, Rest} 
+%% {none, All} or {Tr, Rest}
 pid_search_delete(Pid, Trs) ->
     pid_search_delete(Pid, Trs, none, []).
 pid_search_delete(Pid, [Tr = {Tid, _Ts} | Trs], _Val, Ack) when Tid#tid.pid == Pid ->
@@ -701,7 +701,7 @@ pid_search_delete(Pid, [Tr | Trs], Val, Ack) ->
 
 pid_search_delete(_Pid, [], Val, Ack) ->
     {Val, gb_trees:from_orddict(lists:reverse(Ack))}.
- 
+
 transaction_terminated(Tid)  ->
     mnesia_checkpoint:tm_exit_pending(Tid),
     Pid = Tid#tid.pid,
@@ -713,14 +713,14 @@ transaction_terminated(Tid)  ->
     end.
 
 %% If there are an surrounding transaction, we inherit it's context
-non_transaction(OldState={_,_,Trans}, Fun, Args, ActivityKind, Mod) 
+non_transaction(OldState={_,_,Trans}, Fun, Args, ActivityKind, Mod)
   when Trans /= non_transaction ->
-    Kind = case ActivityKind of 
+    Kind = case ActivityKind of
 	       sync_dirty -> sync;
 	       _ -> async
 	   end,
     case transaction(OldState, Fun, Args, infinity, Mod, Kind) of
-	{atomic, Res} -> 
+	{atomic, Res} ->
 	    Res;
 	{aborted,Res} ->
 	    exit(Res)
@@ -766,7 +766,7 @@ transaction(OldTidTs, Fun, Args, Retries, Mod, Type) ->
 
 execute_outer(Mod, Fun, Args, Factor, Retries, Type) ->
     case req(start_outer) of
-	{error, Reason} -> 
+	{error, Reason} ->
 	    {aborted, Reason};
 	{new_tid, Tid, Store} ->
 	    Ts = #tidstore{store = Store},
@@ -792,7 +792,7 @@ execute_inner(Mod, Tid, OldMod, Ts, Fun, Args, Factor, Retries, Type) ->
 
 copy_ets(From, To) ->
     do_copy_ets(?ets_first(From), From, To).
-do_copy_ets('$end_of_table', _,_) -> 
+do_copy_ets('$end_of_table', _,_) ->
     ok;
 do_copy_ets(K, From, To) ->
     Objs = ?ets_lookup(From, K),
@@ -813,7 +813,7 @@ execute_transaction(Fun, Args, Factor, Retries, Type) ->
 	    mnesia_lib:incr_counter(trans_commits),
 	    erase(mnesia_activity_state),
 	    %% no need to clear locks, already done by commit ...
-	    %% Flush any un processed mnesia_down messages we might have 
+	    %% Flush any un processed mnesia_down messages we might have
 	    flush_downs(),
 	    catch unlink(whereis(?MODULE)),
 	    {atomic, Value};
@@ -846,7 +846,7 @@ check_exit(Fun, Args, Factor, Retries, Reason, Type) ->
 	    maybe_restart(Fun, Args, Factor, Retries, Type, {node_not_running, N});
 	{aborted, {bad_commit, N}} ->
 	    maybe_restart(Fun, Args, Factor, Retries, Type, {bad_commit, N});
-	_ -> 
+	_ ->
 	    return_abort(Fun, Args, Reason)
     end.
 
@@ -888,11 +888,11 @@ restart(Mod, Tid, Ts, Fun, Args, Factor0, Retries0, Type, Why) ->
 	    SleepTime = mnesia_lib:random_time(Factor, Tid#tid.counter),
 	    dbg_out("Restarting transaction ~w: in ~wms ~w~n", [Tid, SleepTime, Why]),
 	    timer:sleep(SleepTime),
-	    execute_outer(Mod, Fun, Args, Factor, Retries, Type);	
+	    execute_outer(Mod, Fun, Args, Factor, Retries, Type);
 	_ ->
 	    SleepTime = mnesia_lib:random_time(Factor0, Tid#tid.counter),
 	    dbg_out("Restarting transaction ~w: in ~wms ~w~n", [Tid, SleepTime, Why]),
-	    
+
 	    if
 		Factor0 /= 10 ->
 		    ignore;
@@ -911,7 +911,7 @@ restart(Mod, Tid, Ts, Fun, Args, Factor0, Retries0, Type, Why) ->
 	    mnesia_locker:receive_release_tid_acc(Nodes, Tid),
 	    case get_restarted(Tid) of
 		{restarted, Tid} ->
-		    execute_transaction(Fun, Args, Factor0 + 1, 
+		    execute_transaction(Fun, Args, Factor0 + 1,
 					Retries, Type);
 		{error, Reason} ->
 		    mnesia:abort(Reason)
@@ -934,7 +934,7 @@ decr(_X) -> 0.
 
 return_abort(Fun, Args, Reason)  ->
     {_Mod, Tid, Ts} = get(mnesia_activity_state),
-    dbg_out("Transaction ~p calling ~p with ~p failed: ~n ~p~n", 
+    dbg_out("Transaction ~p calling ~p with ~p failed: ~n ~p~n",
 	    [Tid, Fun, Args, Reason]),
     OldStore = Ts#tidstore.store,
     Nodes = get_elements(nodes, OldStore),
@@ -945,7 +945,7 @@ return_abort(Fun, Args, Reason)  ->
 	Level == 1 ->
 	    mnesia_locker:async_release_tid(Nodes, Tid),
 	    ?MODULE ! {delete_transaction, Tid},
-	    erase(mnesia_activity_state),	    
+	    erase(mnesia_activity_state),
 	    flush_downs(),
 	    catch unlink(whereis(?MODULE)),
 	    {aborted, mnesia_lib:fix_error(Reason)};
@@ -958,14 +958,14 @@ return_abort(Fun, Args, Reason)  ->
 			      level = Level - 1},
 	    NewTidTs = {OldMod, Tid, Ts2},
 	    put(mnesia_activity_state, NewTidTs),
-	    case Reason of 
+	    case Reason of
 		#cyclic{} ->
 		    exit({aborted, Reason});
-		{node_not_running, _N} -> 
+		{node_not_running, _N} ->
 		    exit({aborted, Reason});
-		{bad_commit, _N}-> 
+		{bad_commit, _N}->
 		    exit({aborted, Reason});
-		_ -> 
+		_ ->
 		    {aborted, mnesia_lib:fix_error(Reason)}
 	    end
     end.
@@ -982,10 +982,10 @@ put_activity_id(MTT) ->
     put_activity_id(MTT, undefined).
 put_activity_id(undefined,_) ->
     erase_activity_id();
-put_activity_id({Mod, Tid = #tid{}, Ts = #tidstore{}},Fun) ->    
+put_activity_id({Mod, Tid = #tid{}, Ts = #tidstore{}},Fun) ->
     flush_downs(),
     Store = Ts#tidstore.store,
-    if 
+    if
 	is_function(Fun) ->
 	    ?ets_insert(Store, {friends, {stop,Fun}});
 	true ->
@@ -1000,14 +1000,14 @@ erase_activity_id() ->
     flush_downs(),
     erase(mnesia_activity_state).
 
-get_elements(Type,Store) ->    
+get_elements(Type,Store) ->
     case catch ?ets_lookup(Store, Type) of
 	[] -> [];
 	[{_,Val}] -> [Val];
 	{'EXIT', _} -> [];
 	Vals -> [Val|| {_,Val} <- Vals]
     end.
-    
+
 opt_propagate_store(_Current, _Obsolete, false) ->
     ok;
 opt_propagate_store(Current, Obsolete, true) ->
@@ -1030,8 +1030,8 @@ intercept_best_friend([],_) ->    ok;
 intercept_best_friend([{stop,Fun} | R],Ignore) ->
     catch Fun(),
     intercept_best_friend(R,Ignore);
-intercept_best_friend([Pid | R],false) ->    
-    Pid ! {activity_ended, undefined, self()}, 
+intercept_best_friend([Pid | R],false) ->
+    Pid ! {activity_ended, undefined, self()},
     wait_for_best_friend(Pid, 0),
     intercept_best_friend(R,true);
 intercept_best_friend([_|R],true) ->
@@ -1047,18 +1047,18 @@ wait_for_best_friend(Pid, Timeout) ->
 		false -> ok
 	    end
     end.
-    
+
 my_process_is_alive(Pid) ->
     case catch erlang:is_process_alive(Pid) of % New BIF in R5
-	true -> 
+	true ->
 	    true;
-	false -> 
+	false ->
 	    false;
-	{'EXIT', _} -> % Pre R5 backward compatibility 
+	{'EXIT', _} -> % Pre R5 backward compatibility
 	    case process_info(Pid, message_queue_len) of
 		undefined -> false;
 		_ -> true
-	    end 
+	    end
     end.
 
 dirty(Protocol, Item) ->
@@ -1070,12 +1070,12 @@ dirty(Protocol, Item) ->
 	async_dirty ->
 	    %% Send commit records to the other involved nodes,
 	    %% but do only wait for one node to complete.
-	    %% Preferrably, the local node if possible. 
-		    
+	    %% Preferrably, the local node if possible.
+
 	    ReadNode = val({Tab, where_to_read}),
 	    {WaitFor, FirstRes} = async_send_dirty(Tid, CR, Tab, ReadNode),
 	    rec_dirty(WaitFor, FirstRes);
-		
+
 	sync_dirty ->
 	    %% Send commit records to the other involved nodes,
 	    %% and wait for all nodes to complete
@@ -1097,7 +1097,7 @@ t_commit(Type) ->
     if
 	Ts#tidstore.level == 1 ->
 	    intercept_friends(Tid, Ts),
-	    %% N is number of updates 
+	    %% N is number of updates
 	    case arrange(Tid, Store, Type) of
 		{N, Prep} when N > 0 ->
 		    multi_commit(Prep#prep.protocol,
@@ -1135,8 +1135,8 @@ arrange(Tid, Store, Type) ->
     Recs = prep_recs(Nodes, []),
     Key = ?ets_first(Store),
     N = 0,
-    Prep = 
-	case Type of 
+    Prep =
+	case Type of
 	    async -> #prep{protocol = sym_trans, records = Recs};
 	    sync -> #prep{protocol = sync_sym_trans, records = Recs}
 	end,
@@ -1146,7 +1146,7 @@ arrange(Tid, Store, Type) ->
 	    case Reason of
 		{aborted, R} ->
 		    mnesia:abort(R);
-		_ -> 
+		_ ->
 		    mnesia:abort(Reason)
 	    end;
 	{New, Prepared} ->
@@ -1155,7 +1155,7 @@ arrange(Tid, Store, Type) ->
 
 reverse([]) ->
     [];
-reverse([H=#commit{ram_copies=Ram, disc_copies=DC, 
+reverse([H=#commit{ram_copies=Ram, disc_copies=DC,
 		   disc_only_copies=DOC,snmp = Snmp}
 	 |R]) ->
     [
@@ -1164,7 +1164,7 @@ reverse([H=#commit{ram_copies=Ram, disc_copies=DC,
        disc_copies      =  lists:reverse(DC),
        disc_only_copies =  lists:reverse(DOC),
        snmp             = lists:reverse(Snmp)
-      }  
+      }
      | reverse(R)].
 
 prep_recs([N | Nodes], Recs) ->
@@ -1191,7 +1191,7 @@ do_arrange(Tid, Store, RestoreKey, Prep, N) when RestoreKey == restore_op ->
 	     (BupRec, CommitRecs, RecName, Where, Snmp) ->
 		  Tab = element(1, BupRec),
 		  Key = element(2, BupRec),
-		  Item = 
+		  Item =
 		      if
 			  Tab == RecName ->
 			      [{{Tab, Key}, BupRec, write}];
@@ -1200,7 +1200,7 @@ do_arrange(Tid, Store, RestoreKey, Prep, N) when RestoreKey == restore_op ->
 			      [{{Tab, Key}, BupRec2, write}]
 		      end,
 		  do_prepare_items(Tid, Tab, Key, Where, Snmp, Item, CommitRecs)
-	  end,	  
+	  end,
     Recs2 = mnesia_schema:arrange_restore(R, Fun, Prep#prep.records),
     P2 = Prep#prep{protocol = asym_trans, records = Recs2},
     do_arrange(Tid, Store, ?ets_next(Store, RestoreKey), P2, N + 1);
@@ -1222,20 +1222,20 @@ prepare_items(Tid, Tab, Key, Items, Prep) when Prep#prep.prev_tab == Tab ->
     Recs = Prep#prep.records,
     Recs2 = do_prepare_items(Tid, Tab, Key, Types, Snmp, Items, Recs),
     Prep#prep{records = Recs2};
-    
+
 prepare_items(Tid, Tab, Key, Items, Prep) ->
     Types = val({Tab, where_to_commit}),
     case Types of
 	[] -> mnesia:abort({no_exists, Tab});
-	{blocked, _} -> 
+	{blocked, _} ->
 	    unblocked = req({unblock_me, Tab}),
 	    prepare_items(Tid, Tab, Key, Items, Prep);
 	_ ->
 	    Majority = needs_majority(Tab, Prep),
 	    Snmp = val({Tab, snmp}),
-	    Recs2 = do_prepare_items(Tid, Tab, Key, Types, 
+	    Recs2 = do_prepare_items(Tid, Tab, Key, Types,
 				     Snmp, Items, Prep#prep.records),
-	    Prep2 = Prep#prep{records = Recs2, prev_tab = Tab, 
+	    Prep2 = Prep#prep{records = Recs2, prev_tab = Tab,
 			      majority = Majority,
 			      prev_types = Types, prev_snmp = Snmp},
 	    check_prep(Prep2, Types)
@@ -1273,7 +1273,7 @@ have_majority([{Tab, AllNodes} | Rest], Nodes) ->
     end.
 
 prepare_snmp(Tab, Key, Items) ->
-    case val({Tab, snmp}) of 
+    case val({Tab, snmp}) of
 	[] ->
 	    [];
 	Ustruct when Key /= '_' ->
@@ -1286,10 +1286,10 @@ prepare_snmp(Tab, Key, Items) ->
 	    [{clear_table, Tab}]
     end.
 
-prepare_snmp(_Tid, _Tab, _Key, _Types, [], _Items, Recs) -> 
+prepare_snmp(_Tid, _Tab, _Key, _Types, [], _Items, Recs) ->
     Recs;
 
-prepare_snmp(Tid, Tab, Key, Types, Us, Items, Recs) -> 
+prepare_snmp(Tid, Tab, Key, Types, Us, Items, Recs) ->
     if Key /= '_' ->
 	    {_Oid, _Val, Op} = hd(Items),
 	    SnmpOid = mnesia_snmp_hook:key_to_oid(Tab, Key, Us), % May exit
@@ -1334,7 +1334,7 @@ prepare_node(Node, Storage, [Item | Items], Rec, Kind) when Kind == snmp ->
     Rec2 = Rec#commit{snmp = [Item | Rec#commit.snmp]},
     prepare_node(Node, Storage, Items, Rec2, Kind);
 prepare_node(Node, Storage, [Item | Items], Rec, Kind) when Kind /= schema ->
-    Rec2 = 
+    Rec2 =
 	case Storage of
 	    ram_copies ->
 		Rec#commit{ram_copies = [Item | Rec#commit.ram_copies]};
@@ -1345,7 +1345,7 @@ prepare_node(Node, Storage, [Item | Items], Rec, Kind) when Kind /= schema ->
 			   [Item | Rec#commit.disc_only_copies]}
 	end,
     prepare_node(Node, Storage, Items, Rec2, Kind);
-prepare_node(_Node, _Storage, Items, Rec, Kind) 
+prepare_node(_Node, _Storage, Items, Rec, Kind)
   when Kind == schema, Rec#commit.schema_ops == []  ->
     Rec#commit{schema_ops = Items};
 prepare_node(_Node, _Storage, [], Rec, _Kind) ->
@@ -1354,7 +1354,7 @@ prepare_node(_Node, _Storage, [], Rec, _Kind) ->
 %% multi_commit((Protocol, Tid, CommitRecords, Store)
 %% Local work is always performed in users process
 multi_commit(read_only, _Maj = [], Tid, CR, _Store) ->
-    %% This featherweight commit protocol is used when no 
+    %% This featherweight commit protocol is used when no
     %% updates has been performed in the transaction.
 
     {DiscNs, RamNs} = commit_nodes(CR, [], []),
@@ -1381,11 +1381,11 @@ multi_commit(sym_trans, _Maj = [], Tid, CR, Store) ->
     %%    perform the updates.
     %%
     %%    The outcome is kept 3 minutes in the transient decision table.
-    %%    
+    %%
     %% Recovery:
     %%    If somebody dies before the coordinator has
     %%    broadcasted do_commit, the transaction is aborted.
-    %%    
+    %%
     %%    If a participant dies, the table load algorithm
     %%    ensures that the contents of the involved tables
     %%    are picked from another node.
@@ -1394,15 +1394,15 @@ multi_commit(sym_trans, _Maj = [], Tid, CR, Store) ->
     %%    the outcome with all the others. If all are uncertain
     %%    about the outcome, the transaction is aborted. If
     %%    somebody knows the outcome the others will follow.
-    
+
     {DiscNs, RamNs} = commit_nodes(CR, [], []),
     Pending = mnesia_checkpoint:tm_enter_pending(Tid, DiscNs, RamNs),
     ?ets_insert(Store, Pending),
 
     {WaitFor, Local} = ask_commit(sym_trans, Tid, CR, DiscNs, RamNs),
-    {Outcome, []} = rec_all(WaitFor, Tid, do_commit, []), 
-    ?eval_debug_fun({?MODULE, multi_commit_sym}, 
-		    [{tid, Tid}, {outcome, Outcome}]), 
+    {Outcome, []} = rec_all(WaitFor, Tid, do_commit, []),
+    ?eval_debug_fun({?MODULE, multi_commit_sym},
+		    [{tid, Tid}, {outcome, Outcome}]),
     rpc:abcast(DiscNs -- [node()], ?MODULE, {Tid, Outcome}),
     rpc:abcast(RamNs -- [node()], ?MODULE, {Tid, Outcome}),
     case Outcome of
@@ -1422,15 +1422,15 @@ multi_commit(sync_sym_trans, _Maj = [], Tid, CR, Store) ->
     %%   This protocol is the same as sym_trans except that it
     %%   uses syncronized calls to disk_log and syncronized commits
     %%   when several nodes are involved.
-    
+
     {DiscNs, RamNs} = commit_nodes(CR, [], []),
     Pending = mnesia_checkpoint:tm_enter_pending(Tid, DiscNs, RamNs),
     ?ets_insert(Store, Pending),
 
     {WaitFor, Local} = ask_commit(sync_sym_trans, Tid, CR, DiscNs, RamNs),
-    {Outcome, []} = rec_all(WaitFor, Tid, do_commit, []), 
-    ?eval_debug_fun({?MODULE, multi_commit_sym_sync}, 
-		    [{tid, Tid}, {outcome, Outcome}]), 
+    {Outcome, []} = rec_all(WaitFor, Tid, do_commit, []),
+    ?eval_debug_fun({?MODULE, multi_commit_sym_sync},
+		    [{tid, Tid}, {outcome, Outcome}]),
     [?ets_insert(Store, {waiting_for_commit_ack, Node}) || Node <- WaitFor],
     rpc:abcast(DiscNs -- [node()], ?MODULE, {Tid, Outcome}),
     rpc:abcast(RamNs -- [node()], ?MODULE, {Tid, Outcome}),
@@ -1451,7 +1451,7 @@ multi_commit(sync_sym_trans, _Maj = [], Tid, CR, Store) ->
     Outcome;
 
 multi_commit(asym_trans, Majority, Tid, CR, Store) ->
-    %% This more expensive commit protocol is used when 
+    %% This more expensive commit protocol is used when
     %% table definitions are changed (schema transactions).
     %% It is also used when the involved tables are
     %% replicated asymetrically. If the storage type differs
@@ -1462,14 +1462,14 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
     %%   commit record and votes yes or no depending of the
     %%   outcome of the prepare. The preparation is also performed
     %%   by the coordinator.
-    %%   
+    %%
     %% 2a Somebody has died or voted no
     %%    Tell all yes voters to do_abort
     %% 2b Everybody has voted yes
     %%    Put a unclear marker in the log.
     %%    Tell the others to pre_commit. I.e. that they should
     %%    put a unclear marker in the log and reply
-    %%    acc_pre_commit when they are done. 
+    %%    acc_pre_commit when they are done.
     %%
     %% 3a Somebody died
     %%    Tell the remaining participants to do_abort
@@ -1492,7 +1492,7 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
     %%    If we have no unclear marker in the log we may
     %%    safely abort, since we know that nobody may have
     %%    decided to commit yet.
-    %%    
+    %%
     %%    If we have a committed marker in the log we may
     %%    safely commit since we know that everybody else
     %%    also will come to this conclusion.
@@ -1506,7 +1506,7 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
     %%    up. When all involved nodes are up and uncertain,
     %%    we decide to commit (first put a committed marker
     %%    in the log, then do the updates).
-    
+
     D = #decision{tid = Tid, outcome = presume_abort},
     {D2, CR2} = commit_decision(D, CR, [], []),
     DiscNs = D2#decision.disc_nodes,
@@ -1518,10 +1518,10 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
     Pending = mnesia_checkpoint:tm_enter_pending(Tid, DiscNs, RamNs),
     ?ets_insert(Store, Pending),
     {WaitFor, Local} = ask_commit(asym_trans, Tid, CR2, DiscNs, RamNs),
-    SchemaPrep = (catch mnesia_schema:prepare_commit(Tid, Local, {coord, WaitFor})), 
-    {Votes, Pids} = rec_all(WaitFor, Tid, do_commit, []), 
-    
-    ?eval_debug_fun({?MODULE, multi_commit_asym_got_votes}, 
+    SchemaPrep = (catch mnesia_schema:prepare_commit(Tid, Local, {coord, WaitFor})),
+    {Votes, Pids} = rec_all(WaitFor, Tid, do_commit, []),
+
+    ?eval_debug_fun({?MODULE, multi_commit_asym_got_votes},
 		    [{tid, Tid}, {votes, Votes}]),
     case Votes of
 	do_commit ->
@@ -1530,20 +1530,20 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
 		    mnesia_log:log(C), % C is not a binary
 		    ?eval_debug_fun({?MODULE, multi_commit_asym_log_commit_rec},
 				    [{tid, Tid}]),
-		    
+
 		    D3 = C#commit.decision,
-		    D4 = D3#decision{outcome = unclear},		
-		    mnesia_recover:log_decision(D4),			
+		    D4 = D3#decision{outcome = unclear},
+		    mnesia_recover:log_decision(D4),
 		    ?eval_debug_fun({?MODULE, multi_commit_asym_log_commit_dec},
 				    [{tid, Tid}]),
 		    tell_participants(Pids, {Tid, pre_commit}),
 		    %% Now we are uncertain and we do not know
 		    %% if all participants have logged that
 		    %% they are uncertain or not
-		    rec_acc_pre_commit(Pids, Tid, Store, {C,Local}, 
+		    rec_acc_pre_commit(Pids, Tid, Store, {C,Local},
 				       do_commit, DumperMode, [], []);
 		{'EXIT', Reason} ->
-		    %% The others have logged the commit 
+		    %% The others have logged the commit
 		    %% record but they are not uncertain
 		    mnesia_recover:note_decision(Tid, aborted),
 		    ?eval_debug_fun({?MODULE, multi_commit_asym_prepare_exit},
@@ -1564,7 +1564,7 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
     end.
 
 %% Returns do_commit or {do_abort, Reason}
-rec_acc_pre_commit([Pid | Tail], Tid, Store, Commit, Res, DumperMode, 
+rec_acc_pre_commit([Pid | Tail], Tid, Store, Commit, Res, DumperMode,
 		   GoodPids, SchemaAckPids) ->
     receive
 	{?MODULE, _, {acc_pre_commit, Tid, Pid, true}} ->
@@ -1598,7 +1598,7 @@ rec_acc_pre_commit([], Tid, Store, {Commit,OrigC}, Res, DumperMode, GoodPids, Sc
 	    %% everybody are uncertain.
 	    prepare_sync_schema_commit(Store, SchemaAckPids),
 	    tell_participants(GoodPids, {Tid, committed}),
-	    D2 = D#decision{outcome = committed},		
+	    D2 = D#decision{outcome = committed},
 	    mnesia_recover:log_decision(D2),
             ?eval_debug_fun({?MODULE, rec_acc_pre_commit_log_commit},
 			    [{tid, Tid}]),
@@ -1611,10 +1611,10 @@ rec_acc_pre_commit([], Tid, Store, {Commit,OrigC}, Res, DumperMode, GoodPids, Sc
 	    sync_schema_commit(Tid, Store, SchemaAckPids),
 	    mnesia_locker:release_tid(Tid),
 	    ?MODULE ! {delete_transaction, Tid};
-	
+
 	{do_abort, Reason} ->
 	    tell_participants(GoodPids, {Tid, {do_abort, Reason}}),
-	    D2 = D#decision{outcome = aborted},		
+	    D2 = D#decision{outcome = aborted},
 	    mnesia_recover:log_decision(D2),
             ?eval_debug_fun({?MODULE, rec_acc_pre_commit_log_abort},
 			    [{tid, Tid}]),
@@ -1702,7 +1702,7 @@ commit_participant(Coord, Tid, Bin, C0, DiscNs, _RamNs) ->
 			    end,
 			    ?eval_debug_fun({?MODULE, commit_participant, do_commit},
 					    [{tid, Tid}]);
-			
+
 			{Tid, {do_abort, _Reason}} ->
 			    mnesia_recover:log_decision(D#decision{outcome = aborted}),
 			    ?eval_debug_fun({?MODULE, commit_participant, log_abort},
@@ -1710,7 +1710,7 @@ commit_participant(Coord, Tid, Bin, C0, DiscNs, _RamNs) ->
 			    mnesia_schema:undo_prepare_commit(Tid, C0),
 			    ?eval_debug_fun({?MODULE, commit_participant, undo_prepare},
 					    [{tid, Tid}]);
-			
+
 			{'EXIT', _, _} ->
 			    mnesia_recover:log_decision(D#decision{outcome = aborted}),
 			    ?eval_debug_fun({?MODULE, commit_participant, exit_log_abort},
@@ -1718,7 +1718,7 @@ commit_participant(Coord, Tid, Bin, C0, DiscNs, _RamNs) ->
 			    mnesia_schema:undo_prepare_commit(Tid, C0),
 			    ?eval_debug_fun({?MODULE, commit_participant, exit_undo_prepare},
 					    [{tid, Tid}]);
-			
+
 			Msg ->
 			    verbose("** ERROR ** commit_participant ~p, got unexpected msg: ~p~n",
 				    [Tid, Msg])
@@ -1739,7 +1739,7 @@ commit_participant(Coord, Tid, Bin, C0, DiscNs, _RamNs) ->
 		    verbose("** ERROR ** commit_participant ~p, got unexpected msg: ~p~n",
 			    [Tid, Msg])
 	    end;
-	
+
 	{'EXIT', Reason} ->
 	    ?eval_debug_fun({?MODULE, commit_participant, vote_no},
 			    [{tid, Tid}]),
@@ -1750,7 +1750,7 @@ commit_participant(Coord, Tid, Bin, C0, DiscNs, _RamNs) ->
     ?MODULE ! {delete_transaction, Tid},
     unlink(whereis(?MODULE)),
     exit(normal).
-    
+
 do_abort(Tid, Bin) when is_binary(Bin) ->
     %% Possible optimization:
     %% If we want we could pass arround a flag
@@ -1761,7 +1761,7 @@ do_abort(Tid, Bin) when is_binary(Bin) ->
     %% mnesia_schema:undo_prepare_commit/1.
     do_abort(Tid, binary_to_term(Bin));
 do_abort(Tid, Commit) ->
-    mnesia_schema:undo_prepare_commit(Tid, Commit), 
+    mnesia_schema:undo_prepare_commit(Tid, Commit),
     Commit.
 
 do_dirty(Tid, Commit) when Commit#commit.schema_ops == [] ->
@@ -1799,7 +1799,7 @@ do_update(Tid, Storage, [Op | Ops], OldRes) ->
 
 	    verbose("do_update in ~w failed: ~p -> {'EXIT', ~p}~n",
 		    [Tid, Op, Reason]),
-	    do_update(Tid, Storage, Ops, OldRes); 
+	    do_update(Tid, Storage, Ops, OldRes);
 	NewRes ->
 	    do_update(Tid, Storage, Ops, NewRes)
     end;
@@ -1807,7 +1807,7 @@ do_update(_Tid, _Storage, [], Res) ->
     Res.
 
 do_update_op(Tid, Storage, {{Tab, K}, Obj, write}) ->
-    commit_write(?catch_val({Tab, commit_work}), Tid, 
+    commit_write(?catch_val({Tab, commit_work}), Tid,
 		 Tab, K, Obj, undefined),
     mnesia_lib:db_put(Storage, Tab, Obj);
 
@@ -1816,7 +1816,7 @@ do_update_op(Tid, Storage, {{Tab, K}, Val, delete}) ->
     mnesia_lib:db_erase(Storage, Tab, K);
 
 do_update_op(Tid, Storage, {{Tab, K}, {RecName, Incr}, update_counter}) ->
-    {NewObj, OldObjs} = 
+    {NewObj, OldObjs} =
         case catch mnesia_lib:db_update_counter(Storage, Tab, K, Incr) of
             NewVal when is_integer(NewVal), NewVal >= 0 ->
                 {{RecName, K, NewVal}, [{RecName, K, NewVal - Incr}]};
@@ -1824,17 +1824,17 @@ do_update_op(Tid, Storage, {{Tab, K}, {RecName, Incr}, update_counter}) ->
                 New = {RecName, K, Incr},
                 mnesia_lib:db_put(Storage, Tab, New),
                 {New, []};
-	    _ -> 
+	    _ ->
 		Zero = {RecName, K, 0},
 		mnesia_lib:db_put(Storage, Tab, Zero),
 		{Zero, []}
         end,
-    commit_update(?catch_val({Tab, commit_work}), Tid, Tab, 
+    commit_update(?catch_val({Tab, commit_work}), Tid, Tab,
 		  K, NewObj, OldObjs),
     element(3, NewObj);
 
 do_update_op(Tid, Storage, {{Tab, Key}, Obj, delete_object}) ->
-    commit_del_object(?catch_val({Tab, commit_work}), 
+    commit_del_object(?catch_val({Tab, commit_work}),
 		      Tid, Tab, Key, Obj, undefined),
     mnesia_lib:db_match_erase(Storage, Tab, Obj);
 
@@ -1846,11 +1846,11 @@ commit_write([], _, _, _, _, _) -> ok;
 commit_write([{checkpoints, CpList}|R], Tid, Tab, K, Obj, Old) ->
     mnesia_checkpoint:tm_retain(Tid, Tab, K, write, CpList),
     commit_write(R, Tid, Tab, K, Obj, Old);
-commit_write([H|R], Tid, Tab, K, Obj, Old) 
+commit_write([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == subscribers ->
     mnesia_subscr:report_table_event(H, Tab, Tid, Obj, write, Old),
     commit_write(R, Tid, Tab, K, Obj, Old);
-commit_write([H|R], Tid, Tab, K, Obj, Old) 
+commit_write([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == index ->
     mnesia_index:add_index(H, Tab, K, Obj, Old),
     commit_write(R, Tid, Tab, K, Obj, Old).
@@ -1859,11 +1859,11 @@ commit_update([], _, _, _, _, _) -> ok;
 commit_update([{checkpoints, CpList}|R], Tid, Tab, K, Obj, _) ->
     Old = mnesia_checkpoint:tm_retain(Tid, Tab, K, write, CpList),
     commit_update(R, Tid, Tab, K, Obj, Old);
-commit_update([H|R], Tid, Tab, K, Obj, Old) 
+commit_update([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == subscribers ->
     mnesia_subscr:report_table_event(H, Tab, Tid, Obj, write, Old),
     commit_update(R, Tid, Tab, K, Obj, Old);
-commit_update([H|R], Tid, Tab, K, Obj, Old) 
+commit_update([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == index ->
     mnesia_index:add_index(H, Tab, K, Obj, Old),
     commit_update(R, Tid, Tab, K, Obj, Old).
@@ -1872,11 +1872,11 @@ commit_delete([], _, _, _, _, _) ->  ok;
 commit_delete([{checkpoints, CpList}|R], Tid, Tab, K, Obj, _) ->
     Old = mnesia_checkpoint:tm_retain(Tid, Tab, K, delete, CpList),
     commit_delete(R, Tid, Tab, K, Obj, Old);
-commit_delete([H|R], Tid, Tab, K, Obj, Old) 
+commit_delete([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == subscribers ->
     mnesia_subscr:report_table_event(H, Tab, Tid, Obj, delete, Old),
     commit_delete(R, Tid, Tab, K, Obj, Old);
-commit_delete([H|R], Tid, Tab, K, Obj, Old) 
+commit_delete([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == index ->
     mnesia_index:delete_index(H, Tab, K),
     commit_delete(R, Tid, Tab, K, Obj, Old).
@@ -1885,12 +1885,12 @@ commit_del_object([], _, _, _, _, _) -> ok;
 commit_del_object([{checkpoints, CpList}|R], Tid, Tab, K, Obj, _) ->
     Old = mnesia_checkpoint:tm_retain(Tid, Tab, K, delete_object, CpList),
     commit_del_object(R, Tid, Tab, K, Obj, Old);
-commit_del_object([H|R], Tid, Tab, K, Obj, Old) 
-  when element(1, H) == subscribers -> 
+commit_del_object([H|R], Tid, Tab, K, Obj, Old)
+  when element(1, H) == subscribers ->
     mnesia_subscr:report_table_event(H, Tab, Tid, Obj, delete_object, Old),
     commit_del_object(R, Tid, Tab, K, Obj, Old);
-commit_del_object([H|R], Tid, Tab, K, Obj, Old) 
-  when element(1, H) == index -> 
+commit_del_object([H|R], Tid, Tab, K, Obj, Old)
+  when element(1, H) == index ->
     mnesia_index:del_object_index(H, Tab, K, Obj, Old),
     commit_del_object(R, Tid, Tab, K, Obj, Old).
 
@@ -1898,11 +1898,11 @@ commit_clear([], _, _, _, _) ->  ok;
 commit_clear([{checkpoints, CpList}|R], Tid, Tab, K, Obj) ->
     mnesia_checkpoint:tm_retain(Tid, Tab, K, clear_table, CpList),
     commit_clear(R, Tid, Tab, K, Obj);
-commit_clear([H|R], Tid, Tab, K, Obj) 
+commit_clear([H|R], Tid, Tab, K, Obj)
   when element(1, H) == subscribers ->
     mnesia_subscr:report_table_event(H, Tab, Tid, Obj, clear_table, undefined),
     commit_clear(R, Tid, Tab, K, Obj);
-commit_clear([H|R], Tid, Tab, K, Obj) 
+commit_clear([H|R], Tid, Tab, K, Obj)
   when element(1, H) == index ->
     mnesia_index:clear_index(H, Tab, K, Obj),
     commit_clear(R, Tid, Tab, K, Obj).
@@ -1913,7 +1913,7 @@ do_snmp(Tid, [Head | Tail]) ->
 	{'EXIT', Reason} ->
 	    %% This should only happen when we recently have
 	    %% deleted our local replica or recently deattached
-	    %% the snmp table 
+	    %% the snmp table
 
 	    verbose("do_snmp in ~w failed: ~p -> {'EXIT', ~p}~n",
 		    [Tid, Head, Reason]);
@@ -1922,7 +1922,7 @@ do_snmp(Tid, [Head | Tail]) ->
     end,
     do_snmp(Tid, Tail).
 
-commit_nodes([C | Tail], AccD, AccR) 
+commit_nodes([C | Tail], AccD, AccR)
         when C#commit.disc_copies == [],
              C#commit.disc_only_copies  == [],
              C#commit.schema_ops == [] ->
@@ -1934,7 +1934,7 @@ commit_nodes([], AccD, AccR) ->
 
 commit_decision(D, [C | Tail], AccD, AccR) ->
     N = C#commit.node,
-    {D2, Tail2} = 
+    {D2, Tail2} =
 	case C#commit.schema_ops of
 	    [] when C#commit.disc_copies == [],
 		    C#commit.disc_only_copies  == [] ->
@@ -1954,8 +1954,8 @@ commit_decision(D, [], AccD, AccR) ->
     {D#decision{disc_nodes = AccD, ram_nodes = AccR}, []}.
 
 ram_only_ops(N, [{op, change_table_copy_type, N, _FromS, _ToS, Cs} | _Ops ]) ->
-    case lists:member({name, schema}, Cs) of 
-	true -> 
+    case lists:member({name, schema}, Cs) of
+	true ->
 	    %% We always use disk if change type of the schema
 	    false;
 	false ->
@@ -2025,12 +2025,12 @@ get_dirty_reply(Node, Res) ->
 	    Reply;
 	{mnesia_down, Node} ->
 	    case get(mnesia_activity_state) of
-		{_, Tid, _Ts} when element(1,Tid) == tid -> 
+		{_, Tid, _Ts} when element(1,Tid) == tid ->
 		    %% Hmm dirty called inside a transaction, to avoid
 		    %% hanging transaction we need to restart the transaction
 		    mnesia:abort({node_not_running, Node});
 		_ ->
-		    %% It's ok to ignore mnesia_down's since we will make 
+		    %% It's ok to ignore mnesia_down's since we will make
 		    %% the replicas consistent again when Node is started
 		    Res
 	    end
@@ -2068,10 +2068,10 @@ ask_commit(_Protocol, _Tid, [], _DiscNs, _RamNs, WaitFor, Local) ->
 %% to be safe we let erts do the translation (many times maybe and thus
 %% slower but it works.
 % opt_term_to_binary(asym_trans, Head, Nodes) ->
-%     opt_term_to_binary(Nodes, Head);    
+%     opt_term_to_binary(Nodes, Head);
 opt_term_to_binary(_Protocol, Head, _Nodes) ->
     Head.
-	    
+
 rec_all([Node | Tail], Tid, Res, Pids) ->
     receive
 	{?MODULE, Node, {vote_yes, Tid}} ->
@@ -2085,7 +2085,7 @@ rec_all([Node | Tail], Tid, Res, Pids) ->
 	{?MODULE, Node, {aborted, Tid}} ->
 	    rec_all(Tail, Tid, Res, Pids);
 
-	{mnesia_down, Node} ->  
+	{mnesia_down, Node} ->
 	    %% Make sure that mnesia_tm knows it has died
 	    %% it may have been restarted
 	    Abort = {do_abort, {bad_commit, Node}},
@@ -2095,7 +2095,7 @@ rec_all([Node | Tail], Tid, Res, Pids) ->
 rec_all([], _Tid, Res, Pids) ->
     {Res, Pids}.
 
-get_transactions() -> 
+get_transactions() ->
     {info, Participant, Coordinator} = req(info),
     lists:map(fun({Tid, _Tabs}) ->
 		      Status = tr_status(Tid,Participant),
@@ -2125,7 +2125,7 @@ get_info(Timeout) ->
 display_info(Stream, {timeout, T}) ->
     io:format(Stream, "---> No info about coordinator and participant transactions, "
 	      "timeout ~p <--- ~n", [T]);
-    
+
 display_info(Stream, {info, Part, Coord}) ->
     io:format(Stream, "---> Participant transactions <--- ~n", []),
     lists:foreach(fun(P) -> pr_participant(Stream, P) end, Part),
@@ -2134,7 +2134,7 @@ display_info(Stream, {info, Part, Coord}) ->
 
 pr_participant(Stream, P) ->
     Commit0 = P#participant.commit,
-    Commit = 
+    Commit =
 	if
 	    is_binary(Commit0) -> binary_to_term(Commit0);
 	    true -> Commit0
@@ -2161,11 +2161,11 @@ search_pr_coordinator(S, [{Tid, _Ts}|Tail]) ->
 	    io:format( "Tid is coordinator, owner == \n", []),
 	    display_pid_info(Tid#tid.pid),
 	    search_pr_coordinator(S, Tail);
-	_ -> 
+	_ ->
 	    search_pr_coordinator(S, Tail)
     end.
 
-search_pr_participant(_S, []) -> 
+search_pr_participant(_S, []) ->
     false;
 search_pr_participant(S, [ P | Tail]) ->
     Tid = P#participant.tid,
@@ -2176,15 +2176,15 @@ search_pr_participant(S, [ P | Tail]) ->
 	    Pid = Tid#tid.pid,
 	    display_pid_info(Pid),
 	    io:format( "Tid wants to write objects \n",[]),
-	    Commit = 
+	    Commit =
 		if
 		    is_binary(Commit0) -> binary_to_term(Commit0);
 		    true -> Commit0
 		end,
-	    
+
 	    io:format("~p~n", [Commit]),
 	    search_pr_participant(S,Tail);  %% !!!!!
-	true -> 
+	true ->
 	    search_pr_participant(S, Tail)
     end.
 
@@ -2200,7 +2200,7 @@ display_pid_info(Pid) ->
 		       Other ->
 			   Other
 		   end,
-	    Reds  = fetch(reductions, Info), 
+	    Reds  = fetch(reductions, Info),
 	    LM = length(fetch(messages, Info)),
 	    pformat(io_lib:format("~p", [Pid]),
 		    io_lib:format("~p", [Call]),
@@ -2254,7 +2254,7 @@ send_to_pids([_ | Pids], Msg) ->
     send_to_pids(Pids, Msg);
 send_to_pids([], _Msg) ->
     ok.
-    
+
 reconfigure_participants(N, [P | Tail]) ->
     case lists:member(N, P#participant.disc_nodes) or
 	 lists:member(N, P#participant.ram_nodes) of
@@ -2262,25 +2262,25 @@ reconfigure_participants(N, [P | Tail]) ->
 	    %% Ignore, since we are not a participant
 	    %% in the transaction.
 	    reconfigure_participants(N, Tail);
- 
+
 	true ->
 	    %% We are on a participant node, lets
 	    %% check if the dead one was a
 	    %% participant or a coordinator.
 	    Tid  = P#participant.tid,
-	    if 
+	    if
 		node(Tid#tid.pid) /= N ->
 		    %% Another participant node died. Ignore.
 		    reconfigure_participants(N, Tail);
 
 		true ->
-		    %% The coordinator node has died and 
+		    %% The coordinator node has died and
 		    %% we must determine the outcome of the
 		    %% transaction and tell mnesia_tm on all
 		    %% nodes (including the local node) about it
 		    verbose("Coordinator ~p in transaction ~p died~n",
 			    [Tid#tid.pid, Tid]),
-			    
+
 		    Nodes = P#participant.disc_nodes ++
 			    P#participant.ram_nodes,
 		    AliveNodes = Nodes  -- [N],
@@ -2332,8 +2332,8 @@ system_terminate(_Reason, _Parent, _Debug, State) ->
 
 system_code_change(State=#state{coordinators=Cs0,participants=Ps0},_Module,_OldVsn,downgrade) ->
     case is_tuple(Cs0) of
-	true -> 
-	    Cs = gb_trees:to_list(Cs0),	    
+	true ->
+	    Cs = gb_trees:to_list(Cs0),
 	    Ps = gb_trees:values(Ps0),
 	    {ok, State#state{coordinators=Cs,participants=Ps}};
 	false ->
@@ -2342,7 +2342,7 @@ system_code_change(State=#state{coordinators=Cs0,participants=Ps0},_Module,_OldV
 
 system_code_change(State=#state{coordinators=Cs0,participants=Ps0},_Module,_OldVsn,_Extra) ->
     case is_list(Cs0) of
-	true -> 
+	true ->
 	    Cs = gb_trees:from_orddict(lists:sort(Cs0)),
 	    Ps1 = [{P#participant.tid,P}|| P <- Ps0],
 	    Ps = gb_trees:from_orddict(lists:sort(Ps1)),
diff --git a/lib/mnesia/test/mnesia_atomicity_test.erl b/lib/mnesia/test/mnesia_atomicity_test.erl
index cf878fc820..06c4d16d71 100644
--- a/lib/mnesia/test/mnesia_atomicity_test.erl
+++ b/lib/mnesia/test/mnesia_atomicity_test.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -31,13 +31,13 @@ end_per_testcase(Func, Conf) ->
     mnesia_test_lib:end_per_testcase(Func, Conf).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-all() -> 
+all() ->
     [explicit_abort_in_middle_of_trans,
      runtime_error_in_middle_of_trans,
      kill_self_in_middle_of_trans, throw_in_middle_of_trans,
      {group, mnesia_down_in_middle_of_trans}].
 
-groups() -> 
+groups() ->
     [{mnesia_down_in_middle_of_trans, [],
       [mnesia_down_during_infinite_trans,
        {group, lock_waiter}, {group, restart_check}]},
@@ -297,7 +297,7 @@ mnesia_down_during_infinite_trans(Config) when is_list(Config) ->
     ?match({atomic, ok},
 	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, test_ok}) end)),
     mnesia_test_lib:start_sync_transactions([A2, A1]),
-    
+
     %% Obtain a write lock and wait forever
     RecA = {Tab, 1, test_not_ok},
     A1 ! fun() -> mnesia:write(RecA) end,
@@ -471,12 +471,12 @@ lock_waiter_w_wt(Config) when is_list(Config) ->
 
 start_lock_waiter(BlockOpA, BlockOpB, Config) ->
     [N1, N2] = Nodes = ?acquire_nodes(2, Config),
-    
+
     TabName = mk_tab_name(lock_waiter_),
     ?match({atomic, ok}, mnesia:create_table(TabName,
 					     [{ram_copies, [N1, N2]}])),
-    
-    %% initialize the table with object {1, c} - when there 	
+
+    %% initialize the table with object {1, c} - when there
     %% is a read transaction, the read will find that  value
     ?match({atomic, ok}, mnesia:sync_transaction(fun() -> mnesia:write({TabName, 1, c}) end)),
     rpc:call(N2, ?MODULE, sync_tid_release, []),
@@ -484,7 +484,7 @@ start_lock_waiter(BlockOpA, BlockOpB, Config) ->
     Tester = self(),
     Fun_A =fun() ->
 		   NewCounter = incr_restart_counter(),
-		   if 
+		   if
 		       NewCounter == 1 ->
 			   Tester ! go_ahead_test,
 			   receive go_ahead -> ok end;
@@ -493,13 +493,13 @@ start_lock_waiter(BlockOpA, BlockOpB, Config) ->
 		   lock_waiter_fun(BlockOpA, TabName, a),
 		   NewCounter
 	   end,
-        
+
     %% it's not possible to just spawn the transaction, because
     %% the result shall be evaluated
     A = spawn_link(N1, ?MODULE, perform_restarted_transaction, [Fun_A]),
-    
+
     ?match(ok, receive go_ahead_test -> ok after 10000 -> timeout end),
-    
+
     mnesia_test_lib:sync_trans_tid_serial([N1, N2]),
 
     Fun_B = fun() ->
@@ -507,21 +507,21 @@ start_lock_waiter(BlockOpA, BlockOpB, Config) ->
 		    A ! go_ahead,
 		    wait(infinity)
 	    end,
-    
+
     B = spawn_link(N2, mnesia, transaction, [Fun_B, 100]),
-    
+
     io:format("waiting for A (~p on ~p) to be in the queue ~n", [A, [N1, N2]]),
     wait_for_a(A, [N1, N2]),
-    
-    io:format("Queus ~p~n", 
+
+    io:format("Queus ~p~n",
 	      [[{N,rpc:call(N, mnesia, system_info, [lock_queue])} || N <- Nodes]]),
-    
+
     KillNode = node(B),
     io:format("A was in the queue, time to kill Mnesia on B's node (~p on ~p)~n",
 	      [B, KillNode]),
-    
+
     mnesia_test_lib:kill_mnesia([KillNode]), % kill mnesia of fun B
-    
+
     %% Read Ops does not need to be restarted
     ExpectedCounter =
 	if
@@ -535,20 +535,22 @@ start_lock_waiter(BlockOpA, BlockOpB, Config) ->
 	    BlockOpA == rt, BlockOpB /= sw -> 1;
 	    true -> 2
 	end,
-    ?match_multi_receive([{'EXIT', A, {atomic, ExpectedCounter}}, 
-			  {'EXIT', B, killed}]),
-    
+    receive {'EXIT', B, _} -> ok
+    after 3000 -> ?error("Timeout~n", []) end,
+    receive {'EXIT', A, Exp1} -> ?match({atomic, ExpectedCounter}, Exp1)
+    after 3000 -> ?error("Timeout~n", []) end,
+
     %% the expected result depends on the transaction of
     %% fun A - when that doesn't change the object in the
     %% table (e.g. it is a read) then the predefined
     %% value {Tabname, 1, c} is expected to be the result here
-    ExpectedResult = 
+    ExpectedResult =
 	case BlockOpA of
 	    w -> {TabName, 1, a};
 	    sw ->{TabName, 1, a};
 	    _all_other -> {TabName, 1, c}
 	end,
-    
+
     ?match({atomic, [ExpectedResult]},
 	   mnesia:transaction(fun() -> mnesia:read({TabName, 1}) end, 100)),
     ?verify_mnesia([N1], [N2]).
@@ -567,7 +569,7 @@ lock_waiter_fun(Op, TabName, Val) ->
 	srw -> mnesia:read(TabName, 1, sticky_write);
 	sw ->  mnesia:s_write({TabName, 1, Val})
     end.
-    
+
 wait_for_a(Pid, Nodes) ->
     wait_for_a(Pid, Nodes, 5).
 
@@ -589,12 +591,12 @@ check_q(Pid, [_ | Tail], N, Count) ->
 check_q(Pid, [], N, Count) ->
     timer:sleep(500),
     wait_for_a(Pid, N, Count - 1).
-    
+
 perform_restarted_transaction (Fun_Trans) ->
     %% the result of the transaction shall be:
     %%  - undefined (if the transaction was never executed)
     %%  - Times ( number of times that the transaction has been executed)
-    
+
     Result = mnesia:transaction(Fun_Trans, 100),
     exit(Result).
 
@@ -666,10 +668,10 @@ restart_sw_two(Config) when is_list(Config) ->
 
 start_restart_check(RestartOp, ReplicaNeed, Config) ->
     [N1, N2, N3] = Nodes = ?acquire_nodes(3, Config),
-    
+
     {TabName, _TabNodes} = create_restart_table(ReplicaNeed, Nodes),
-    
-    %% initialize the table with object {1, c} - when there 	
+
+    %% initialize the table with object {1, c} - when there
     %% is a read transaction, the read will find that  value
     ?match({atomic, ok}, mnesia:sync_transaction(fun() -> mnesia:write({TabName, 1, c}) end)),
 
@@ -681,9 +683,9 @@ start_restart_check(RestartOp, ReplicaNeed, Config) ->
 		    NewCounter = incr_restart_counter(),
 		    case NewCounter of
 			1 ->
-			    mnesia:write({TabName, 1, d}),			    
+			    mnesia:write({TabName, 1, d}),
 			    %% send a message to the test proc
-			    Coord ! {self(),fun_a_is_blocked}, 			    
+			    Coord ! {self(),fun_a_is_blocked},
 			    receive go_ahead -> ok end;
 			_ ->
 			    %% the fun will NOT be blocked here
@@ -691,19 +693,19 @@ start_restart_check(RestartOp, ReplicaNeed, Config) ->
 		    end,
 		    NewCounter
 	    end,
-    
+
     A = spawn_link(N1, ?MODULE, perform_restarted_transaction, [Fun_A]),
-    ?match_receive({A,fun_a_is_blocked}),    		
-    
+    ?match_receive({A,fun_a_is_blocked}),
+
     %% mnesia shall be killed at that node, where A is reading
     %% the information from
     kill_where_to_read(TabName, N1, [N2, N3]),
-    
+
     %% wait some time to let mnesia go down and spread those news around
     %% fun A shall be able to finish its job before being restarted
-    wait(500), 
+    wait(500),
     A ! go_ahead,
-    
+
     %% the sticky write doesnt work on remote nodes !!!
     ExpectedMsg =
 	case RestartOp of
@@ -717,19 +719,19 @@ start_restart_check(RestartOp, ReplicaNeed, Config) ->
 			{'EXIT',A,{atomic, 2}}
 		end
 	end,
-    
-    ?match_receive(ExpectedMsg),    		
-    
+
+    ?match_receive(ExpectedMsg),
+
     %% now mnesia has to be started again on the node KillNode
     %% because the next test suite will need it
     ?match([], mnesia_test_lib:start_mnesia(Nodes, [TabName])),
-    
-    
+
+
     %%  the expected result depends on the transaction of
     %%  fun A - when that doesnt change the object in the
     %%  table (e.g. it is a read) then the predefined
     %%  value {Tabname, 1, c} is expected to be the result here
-    
+
     ExpectedResult =
 	case ReplicaNeed of
 	    one ->
@@ -746,7 +748,7 @@ start_restart_check(RestartOp, ReplicaNeed, Config) ->
     ?verify_mnesia(Nodes, []).
 
 create_restart_table(ReplicaNeed, [_N1, N2, N3]) ->
-    TabNodes = 
+    TabNodes =
 	case ReplicaNeed of
 	    one ->  [N2];
 	    two ->  [N2, N3]
@@ -754,7 +756,7 @@ create_restart_table(ReplicaNeed, [_N1, N2, N3]) ->
     TabName = mk_tab_name(restart_check_),
     ?match({atomic, ok}, mnesia:create_table(TabName, [{ram_copies, TabNodes}])),
     {TabName, TabNodes}.
-    
+
 restart_fun_A(Op, TabName) ->
     case Op of
 	rt -> mnesia:read_lock_table(TabName);
@@ -774,8 +776,8 @@ kill_where_to_read(TabName, N1, Nodes) ->
 	    ?error("Fault while killing Mnesia: ~p~n", [Read]),
 	    mnesia_test_lib:kill_mnesia(Nodes)
     end.
-    
-sync_tid_release() ->    
+
+sync_tid_release() ->
     sys:get_status(whereis(mnesia_tm)),
     sys:get_status(whereis(mnesia_locker)),
     ok.
diff --git a/lib/mnesia/test/mnesia_evil_coverage_test.erl b/lib/mnesia/test/mnesia_evil_coverage_test.erl
index 17d6c6c212..64b61288ef 100644
--- a/lib/mnesia/test/mnesia_evil_coverage_test.erl
+++ b/lib/mnesia/test/mnesia_evil_coverage_test.erl
@@ -37,7 +37,8 @@ end_per_testcase(Func, Conf) ->
 all() -> 
     [system_info, table_info, error_description,
      db_node_lifecycle, evil_delete_db_node, start_and_stop,
-     checkpoint, table_lifecycle, add_copy_conflict,
+     checkpoint, table_lifecycle, storage_options, 
+     add_copy_conflict,
      add_copy_when_going_down, replica_management,
      schema_availability, local_content,
      {group, table_access_modifications}, replica_location,
@@ -244,7 +245,7 @@ db_node_lifecycle(Config) when is_list(Config) ->
     ?match([], mnesia_test_lib:start_mnesia(AllNodes)),
 
     ?match([SNs, SNs, SNs], 
-	   lists:map({lists, sort}, 
+	   lists:map(fun lists:sort/1,
 		     element(1, rpc:multicall(AllNodes, mnesia, table_info, 
 					      [schema, disc_copies])))),
 
@@ -259,7 +260,7 @@ db_node_lifecycle(Config) when is_list(Config) ->
            mnesia:change_table_copy_type(schema, Node2, disc_copies)),
 
     ?match([SNs, SNs, SNs], 
-	   lists:map({lists, sort}, 
+	   lists:map(fun lists:sort/1,
 		     element(1, rpc:multicall(AllNodes, mnesia, table_info, 
 					      [schema, disc_copies])))),
 
@@ -462,7 +463,7 @@ table_lifecycle(Config) when is_list(Config) ->
     ?match({atomic, ok}, mnesia:create_table([{name, already_exists},
 					      {ram_copies, [Node1]}])),
     ?match({aborted, Reason23 } when element(1, Reason23) ==already_exists,
-	   mnesia:create_table([{name, already_exists}, 
+	   mnesia:create_table([{name, already_exists},
 				{ram_copies, [Node1]}])),
     ?match({aborted, Reason21 } when element(1, Reason21) == bad_type,
            mnesia:create_table([{name, bad_node}, {ram_copies, ["foo"]}])),
@@ -520,12 +521,57 @@ table_lifecycle(Config) when is_list(Config) ->
     ?match({atomic, ok},
            mnesia:create_table([{name, create_with_index}, {index, [3]},
                                 {ram_copies, [Node1]}])),
-    ets:new(ets_table, [named_table]),
 
+    ets:new(ets_table, [named_table]),
     ?match({aborted, _}, mnesia:create_table(ets_table, [{ram_copies, Nodes}])),
+    ?match({aborted, _}, mnesia:create_table(ets_table, [{ram_copies, [Node1]}])),
+    ets:delete(ets_table),
+    ?match({atomic, ok}, mnesia:create_table(ets_table, [{ram_copies, [Node1]}])),
+    ?match(Node1, rpc:call(Node1, mnesia_lib, val, [{ets_table,where_to_read}])),
+    ?match(Node1, rpc:call(Node2, mnesia_lib, val, [{ets_table,where_to_read}])),
+    ?match({atomic, ok}, mnesia:change_table_copy_type(ets_table, Node1, disc_only_copies)),    
+    ?match(Node1, rpc:call(Node2, mnesia_lib, val, [{ets_table,where_to_read}])),
+    
+    ?verify_mnesia(Nodes, []).
+
+
+storage_options(suite) -> [];
+storage_options(Config) when is_list(Config) ->
+    [N1,N2,N3] = Nodes = ?acquire_nodes(3, Config),
+
+    ?match({aborted,_}, mnesia:create_table(a, [{storage_properties, [{ets,foobar}]}])),
+    ?match({aborted,_}, mnesia:create_table(a, [{storage_properties, [{ets,[foobar]}]}])),
+    ?match({aborted,_}, mnesia:create_table(a, [{storage_properties, [{ets,[duplicate_bag]}]}])),
+    ?match({aborted,_}, mnesia:create_table(a, [{storage_properties, [{dets,[{type,bag}]}]}])),
+
+    ?match({atomic, ok}, mnesia:create_table(a, [{ram_copies, [N1]},
+						 {disc_only_copies, [N2]},
+						 {storage_properties,
+						  [{ets,[compressed]},
+						   {dets, [{auto_save, 5000}]} ]}])),
+    ?match(true, ets:info(a, compressed)),
+    ?match(5000, rpc:call(N2, dets, info, [a, auto_save])),
+    ?match(ok, mnesia:dirty_write({a,1,1})),
+    ?match([{a,1,1}], mnesia:dirty_read({a,1})),
+    mnesia:dump_log(),
+    W2C1 = [{N2, disc_only_copies}, {N1, ram_copies}],
+    ?match(W2C1, lists:sort(rpc:call(N2, mnesia_lib, val, [{a, where_to_commit}]))),
+    ?match(W2C1, lists:sort(rpc:call(N3, mnesia_lib, val, [{a, where_to_commit}]))),
+    ?match({atomic,ok}, mnesia:change_table_copy_type(a, N1, disc_only_copies)),
+    W2C2 = [{N2, disc_only_copies}, {N1, disc_only_copies}],
+    ?match(W2C2, lists:sort(rpc:call(N2, mnesia_lib, val, [{a, where_to_commit}]))),
+    ?match(W2C2, lists:sort(rpc:call(N3, mnesia_lib, val, [{a, where_to_commit}]))),
+    ?match(undefined, ets:info(a, compressed)),
+    ?match(5000, dets:info(a, auto_save)),
+    ?match({atomic,ok}, mnesia:change_table_copy_type(a, N1, disc_copies)),
+    ?match(true, ets:info(a, compressed)),
 
     ?verify_mnesia(Nodes, []).
 
+
+
+
+
 add_copy_conflict(suite) -> [];
 add_copy_conflict(doc) -> 
     ["Verify that OTP-5065 doesn't happen again, whitebox testing"];
diff --git a/lib/mnesia/test/mnesia_install_test.erl b/lib/mnesia/test/mnesia_install_test.erl
index 3a2d44aa95..06d53d3912 100644
--- a/lib/mnesia/test/mnesia_install_test.erl
+++ b/lib/mnesia/test/mnesia_install_test.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/mnesia/test/mnesia_test_lib.erl b/lib/mnesia/test/mnesia_test_lib.erl
index 9da45975d5..ba5bf84e24 100644
--- a/lib/mnesia/test/mnesia_test_lib.erl
+++ b/lib/mnesia/test/mnesia_test_lib.erl
@@ -99,7 +99,7 @@
 	 slave_start_link/0,
 	 slave_start_link/1,
 	 slave_sup/0,
-	
+
 	 start_mnesia/1,
 	 start_mnesia/2,
 	 start_appls/2,
@@ -131,7 +131,7 @@
 	 struct/1,
 	 init_per_testcase/2,
 	 end_per_testcase/2,
-	 kill_tc/2	
+	 kill_tc/2
 	]).
 
 -include("mnesia_test_lib.hrl").
@@ -187,7 +187,7 @@ verbose(Format, Args, File, Line) ->
 		    ok
 	    end
     end.
-    
+
 -record('REASON', {file, line, desc}).
 
 error(Format, Args, File, Line) ->
@@ -196,9 +196,9 @@ error(Format, Args, File, Line) ->
 		     line = Line,
 		     desc = Args},
     case global:whereis_name(mnesia_test_case_sup) of
-	undefined -> 
+	undefined ->
 	    ignore;
-	Pid -> 
+	Pid ->
 	    Pid ! Fail
 %% 	    global:send(mnesia_test_case_sup, Fail),
     end,
@@ -217,7 +217,7 @@ storage_type(Default, Config) ->
 default_config() ->
     [{nodes, default_nodes()}].
 
-default_nodes() ->    
+default_nodes() ->
     mk_nodes(3, []).
 
 mk_nodes(0, Nodes) ->
@@ -231,7 +231,7 @@ mk_nodes(N, Nodes) when N > 0 ->
 
 mk_node(N, Name, Host) ->
     list_to_atom(lists:concat([Name ++ integer_to_list(N) ++ "@" ++ Host])).
-    
+
 slave_start_link() ->
     slave_start_link(node()).
 
@@ -247,11 +247,11 @@ slave_start_link(Host, Name) ->
 
 slave_start_link(Host, Name, Retries) ->
     Debug = atom_to_list(mnesia:system_info(debug)),
-    Args = "-mnesia debug " ++ Debug ++ 
+    Args = "-mnesia debug " ++ Debug ++
+	" -pa " ++
+	filename:dirname(code:which(?MODULE)) ++
 	" -pa " ++
-	filename:dirname(code:which(?MODULE)) ++ 
-	" -pa " ++ 
-	filename:dirname(code:which(mnesia)),    
+	filename:dirname(code:which(mnesia)),
     case starter(Host, Name, Args) of
 	{ok, NewNode} ->
 	    ?match(pong, net_adm:ping(NewNode)),
@@ -264,8 +264,8 @@ slave_start_link(Host, Name, Retries) ->
 	    {ok, NewNode};
 	{error, Reason} when Retries == 0->
 	    {error, Reason};
-	{error, Reason} ->	    
-	    io:format("Could not start slavenode ~p ~p retrying~n", 
+	{error, Reason} ->
+	    io:format("Could not start slavenode ~p ~p retrying~n",
 		      [{Host, Name, Args}, Reason]),
 	    timer:sleep(500),
 	    slave_start_link(Host, Name, Retries - 1)
@@ -284,7 +284,7 @@ starter(Host, Name, Args) ->
 slave_sup() ->
     process_flag(trap_exit, true),
     receive
-	{'EXIT', _, _} -> 
+	{'EXIT', _, _} ->
 	    case os:type() of
 		vxworks ->
 		    erlang:halt();
@@ -292,7 +292,7 @@ slave_sup() ->
 		    ignore
 	    end
     end.
-    
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Index the test case structure
 
@@ -305,7 +305,7 @@ doc(TestCases) when is_list(TestCases) ->
     io:format(Fd, "<TITLE>Test specification for ~p</TITLE>.~n", [TestCases]),
     io:format(Fd, "<H1>Test specification for ~p</H1>~n", [TestCases]),
     io:format(Fd, "Test cases which not are implemented yet are written in <B>bold face</B>.~n~n", []),
-    
+
     io:format(Fd, "<BR><BR>~n", []),
     io:format(Fd, "~n<DL>~n", []),
     do_doc(Fd, TestCases, []),
@@ -349,7 +349,7 @@ do_doc(Fd, Module, TestCase, List) ->
 
 print_doc(Fd, Mod, Fun, Head) ->
     case catch (apply(Mod, Fun, [doc])) of
-	{'EXIT', _} -> 
+	{'EXIT', _} ->
 	    io:format(Fd, "<DT>~s</DT>~n", [Head]);
 	Doc when is_list(Doc) ->
 	    io:format(Fd, "<DT><U>~s</U><BR><DD>~n", [Head]),
@@ -428,10 +428,10 @@ test_driver({Module, TestCase}, Config) ->
 	_ ->
 	    log("Eval test case: ~w~n", [{Module, TestCase}]),
 	    try timer:tc(?MODULE, eval_test_case, [Module, TestCase, Config]) of
-		{T, Res} -> 
+		{T, Res} ->
 		    log("Tested ~w in ~w sec~n", [TestCase, T div Sec]),
 		    {T div Sec, Res}
-	    catch error:function_clause -> 
+	    catch error:function_clause ->
 		    log("<WARNING> Test case ~w NYI~n", [{Module, TestCase}]),
 		    {0, {skip, {Module, TestCase}, "NYI"}}
 	    end
@@ -472,13 +472,13 @@ get_suite(Module, TestCase, Config) ->
 
 %% Returns a list (possibly empty) or the atom 'NYI'
 get_suite(Mod, {group, Suite}) ->
-    try 
+    try
 	Groups = Mod:groups(),
 	{_, _, TCList} = lists:keyfind(Suite, 1, Groups),
 	TCList
     catch
 	_:Reason ->
-	    io:format("Not implemented ~p ~p (~p ~p)~n", 
+	    io:format("Not implemented ~p ~p (~p ~p)~n",
 		      [Mod,Suite,Reason, erlang:get_stacktrace()]),
 	    'NYI'
     end;
@@ -487,7 +487,7 @@ get_suite(Mod, all) ->
 	{'EXIT', _} -> 'NYI';
 	List when is_list(List) -> List
     end;
-get_suite(_Mod, _Fun) -> 
+get_suite(_Mod, _Fun) ->
     [].
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -511,7 +511,7 @@ wait_for_evaluator(Pid, Mod, Fun, Config) ->
     receive
 	{'EXIT', Pid, {test_case_ok, _PidRes}} ->
 	    Errors = flush(),
-	    Res = 
+	    Res =
 		case Errors of
 		    [] -> ok;
 		    Errors -> failed
@@ -531,7 +531,7 @@ wait_for_evaluator(Pid, Mod, Fun, Config) ->
 
 test_case_evaluator(Mod, Fun, [Config]) ->
     NewConfig = Mod:init_per_testcase(Fun, Config),
-    try 
+    try
 	R = apply(Mod, Fun, [NewConfig]),
 	Mod:end_per_testcase(Fun, NewConfig),
 	exit({test_case_ok, R})
@@ -588,7 +588,7 @@ mapl(_Fun, []) ->
 
 diskless(Config) ->
     case lists:keysearch(diskless, 1, Config) of
-	{value, {diskless, true}} -> 
+	{value, {diskless, true}} ->
 	    true;
 	_Else ->
 	    false
@@ -634,7 +634,7 @@ sync_trans_tid_serial(Nodes) ->
 
 select_nodes(N, Config, File, Line) ->
     prepare_test_case([], N, Config, File, Line).
-    
+
 prepare_test_case(Actions, N, Config, File, Line) ->
     NodeList1 = lookup_config(nodes, Config),
     NodeList2 = lookup_config(nodenames, Config), %% For testserver
@@ -666,10 +666,10 @@ do_prepare([delete_schema | Actions], Selected, All, Config, File, Line) ->
 	true ->
 	    skip;
 	false ->
-	    Del = fun(Node) -> 
+	    Del = fun(Node) ->
 			  case mnesia:delete_schema([Node]) of
 			      ok -> ok;
-			      {error, {"All nodes not running",_}} -> 
+			      {error, {"All nodes not running",_}} ->
 				  ok;
 			      Else ->
 				  ?log("Delete schema error ~p ~n", [Else])
@@ -680,7 +680,7 @@ do_prepare([delete_schema | Actions], Selected, All, Config, File, Line) ->
     do_prepare(Actions, Selected, All, Config, File, Line);
 do_prepare([create_schema | Actions], Selected, All, Config, File, Line) ->
     case diskless(Config) of
-	true -> 
+	true ->
 	    skip;
 	_Else ->
 	    case mnesia:create_schema(Selected) of
@@ -705,12 +705,12 @@ set_kill_timer(Config) ->
     case init:get_argument(mnesia_test_timeout) of
 	{ok, _ } -> ok;
 	_ ->
-	    Time0 = 
+	    Time0 =
 		case lookup_config(tc_timeout, Config) of
 		    [] -> timer:minutes(5);
 		    ConfigTime when is_integer(ConfigTime) -> ConfigTime
 		end,
-	    Mul = try 
+	    Mul = try
 		      test_server:timetrap_scale_factor()
 		  catch _:_ -> 1 end,
 	    (catch test_server:timetrap(Mul*Time0 + 1000)),
@@ -718,7 +718,7 @@ set_kill_timer(Config) ->
     end.
 
 kill_tc(Pid, Time) ->
-    receive 
+    receive
     after Time ->
 	    case process_info(Pid) of
 		undefined ->  ok;
@@ -739,10 +739,10 @@ kill_tc(Pid, Time) ->
 		    exit(Pid, kill)
 	    end
     end.
-    
+
 
 append_unique([], List) -> List;
-append_unique([H|R], List) -> 
+append_unique([H|R], List) ->
     case lists:member(H, List) of
 	true -> append_unique(R, List);
 	false -> [H | append_unique(R, List)]
@@ -751,13 +751,13 @@ append_unique([H|R], List) ->
 pick_nodes(all, Nodes, File, Line) ->
     pick_nodes(length(Nodes), Nodes, File, Line);
 pick_nodes(N, [H | T], File, Line) when N > 0 ->
-    [H | pick_nodes(N - 1, T, File, Line)]; 
+    [H | pick_nodes(N - 1, T, File, Line)];
 pick_nodes(0, _Nodes, _File, _Line) ->
     [];
 pick_nodes(N, [], File, Line) ->
     ?skip("Test case (~p(~p)) ignored: ~p nodes missing~n",
 	  [File, Line, N]).
-   
+
 init_nodes([Node | Nodes], File, Line) ->
     case net_adm:ping(Node) of
 	pong ->
@@ -777,7 +777,7 @@ init_nodes([Node | Nodes], File, Line) ->
 init_nodes([], _File, _Line) ->
     [].
 
-%% Returns [Name, Host]    
+%% Returns [Name, Host]
 node_to_name_and_host(Node) ->
     string:tokens(atom_to_list(Node), [$@]).
 
@@ -793,7 +793,7 @@ lookup_config(Key,Config) ->
 
 start_appls(Appls, Nodes) ->
     start_appls(Appls, Nodes, [],  [schema]).
-    
+
 start_appls(Appls, Nodes, Config) ->
     start_appls(Appls, Nodes, Config, [schema]).
 
@@ -815,9 +815,9 @@ start_appls([], _Nodes, _Config, _Tabs) ->
 
 remote_start(mnesia, Config, Nodes) ->
     case diskless(Config) of
-	true -> 
-	    application_controller:set_env(mnesia, 
-					   extra_db_nodes, 
+	true ->
+	    application_controller:set_env(mnesia,
+					   extra_db_nodes,
 					   Nodes -- [node()]),
 	    application_controller:set_env(mnesia,
 					   schema_location,
@@ -830,7 +830,7 @@ remote_start(mnesia, Config, Nodes) ->
     end,
     {node(), mnesia:start()};
 remote_start(Appl, _Config, _Nodes) ->
-    Res = 
+    Res =
 	case application:start(Appl) of
 	    {error, {already_started, Appl}} ->
 		ok;
@@ -842,13 +842,13 @@ remote_start(Appl, _Config, _Nodes) ->
 %% Start Mnesia on all given nodes and wait for specified
 %% tables to be accessible on each node. The atom all means
 %% that we should wait for all tables to be loaded
-%% 
+%%
 %% Returns a list of error tuples {BadNode, mnesia, Reason}
 start_mnesia(Nodes) ->
     start_appls([mnesia], Nodes).
 start_mnesia(Nodes, Tabs) when is_list(Nodes) ->
     start_appls([mnesia], Nodes, [], Tabs).
-    
+
 %% Wait for the tables to be accessible from all nodes in the list
 %% and that all nodes are aware of that the other nodes also ...
 sync_tables(Nodes, Tabs) ->
@@ -924,26 +924,26 @@ verify_nodes([Tab| Tabs], N) ->
 	mnesia:table_info(Tab, ram_copies),
     Local = mnesia:table_info(Tab, local_content),
     case Copies -- Nodes of
-	[] -> 
+	[] ->
 	    verify_nodes(Tabs, 0);
 	_Else when Local == true, Nodes /= [] ->
 	    verify_nodes(Tabs, 0);
         Else ->
-	    N2 = 
+	    N2 =
 		if
-		    N > 20 -> 
-			log("<>WARNING<> ~w Waiting for table: ~p on ~p ~n", 
+		    N > 20 ->
+			log("<>WARNING<> ~w Waiting for table: ~p on ~p ~n",
 				 [node(), Tab, Else]),
 			0;
 		    true -> N+1
-		end,	    
+		end,
 	    timer:sleep(500),
 	    verify_nodes([Tab| Tabs], N2)
     end.
 
 
 %% Nicely stop Mnesia on all given nodes
-%% 
+%%
 %% Returns a list of error tuples {BadNode, Reason}
 stop_mnesia(Nodes) when is_list(Nodes) ->
     stop_appls([mnesia], Nodes).
@@ -1047,7 +1047,7 @@ verify_replica_location(Tab, DiscOnly0, Ram0, Disc0, AliveNodes0) ->
     Read = ignore_dead(DiscOnly ++ Ram ++ Disc, AliveNodes),
     This = node(),
 
-    timer:sleep(100), 
+    timer:sleep(100),
 
     S1 = ?match(AliveNodes, lists:sort(mnesia:system_info(running_db_nodes))),
     S2 = ?match(DiscOnly, lists:sort(mnesia:table_info(Tab, disc_only_copies))),
@@ -1080,7 +1080,7 @@ do_remote_activate_debug_fun(From, I, F, C, File, Line) ->
     timer:sleep(infinity).  % Dies whenever the test process dies !!
 
 
-sort(L) when is_list(L) -> 
+sort(L) when is_list(L) ->
     lists:sort(L);
 sort({atomic, L}) when is_list(L) ->
     {atomic, lists:sort(L)};
diff --git a/lib/mnesia/test/mnesia_test_lib.hrl b/lib/mnesia/test/mnesia_test_lib.hrl
index fc377dbd2c..281634c239 100644
--- a/lib/mnesia/test/mnesia_test_lib.hrl
+++ b/lib/mnesia/test/mnesia_test_lib.hrl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -112,7 +112,7 @@
 -define(remote_deactivate_debug_fun(N, I),
 	rpc:call(N, mnesia_lib, deactivate_debug_fun, [I, ?FILE, ?LINE])).
 
--define(is_debug_compiled, 
+-define(is_debug_compiled,
 	case mnesia_lib:is_debug_compiled() of
 	    false ->
 		?skip("Mnesia is not debug compiled, test case ignored.~n", []);
@@ -120,7 +120,7 @@
 		ok
 	end).
 
--define(needs_disc(Config), 
+-define(needs_disc(Config),
 	case mnesia_test_lib:diskless(Config) of
 	    false ->
 		ok;
@@ -128,5 +128,5 @@
 		?skip("Must have disc, test case ignored.~n", [])
 	end).
 
--define(verify_mnesia(Ups, Downs), 
+-define(verify_mnesia(Ups, Downs),
 	mnesia_test_lib:verify_mnesia(Ups, Downs, ?FILE, ?LINE)).
diff --git a/lib/mnesia/test/mnesia_trans_access_test.erl b/lib/mnesia/test/mnesia_trans_access_test.erl
index ca3f0fbf49..c040d0ca3f 100644
--- a/lib/mnesia/test/mnesia_trans_access_test.erl
+++ b/lib/mnesia/test/mnesia_trans_access_test.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -31,22 +31,22 @@ end_per_testcase(Func, Conf) ->
 
 -define(receive_messages(Msgs), mnesia_recovery_test:receive_messages(Msgs, ?FILE, ?LINE)).
 
-% First Some debug logging 
+% First Some debug logging
 -define(dgb, true).
 -ifdef(dgb).
 -define(dl(X, Y), ?verbose("**TRACING: " ++ X ++ "**~n", Y)).
--else. 
+-else.
 -define(dl(X, Y), ok).
 -endif.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-all() -> 
+all() ->
     [write, read, wread, delete, delete_object,
      match_object, select, select14, all_keys, transaction,
      {group, nested_activities}, {group, index_tabs},
      {group, index_lifecycle}].
 
-groups() -> 
+groups() ->
     [{nested_activities, [],
       [basic_nested, {group, nested_transactions},
        mix_of_nested_activities]},
@@ -80,128 +80,133 @@ end_per_group(_GroupName, Config) ->
 
 write(suite) -> [];
 write(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = write, 
-    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:write([]) end)), 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 2}) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:write({foo, 2}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:write({Tab, 1, 2})), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = write,
+    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:write([]) end)),
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 2}) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:write({foo, 2}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:write({Tab, 1, 2})),
     ?verify_mnesia(Nodes, []).
 
 %% Read records
 
 read(suite) -> [];
 read(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = read, 
-    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-
-    OneRec = {Tab, 1, 2}, 
-    TwoRec = {Tab, 1, 3}, 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:read([]) end)), 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:read({Tab}) end)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = read,
+    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    OneRec = {Tab, 1, 2},
+    TwoRec = {Tab, 1, 3},
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:read([]) end)),
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:read({Tab}) end)),
     ?match({aborted, {bad_type, _}}
-	   ,  mnesia:transaction(fun() -> mnesia:read(OneRec) end)), 
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    ?match({atomic, [OneRec]}, 
-	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)), 
-    ?match({atomic, [OneRec, TwoRec]}, 
-	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:read({Tab, 1})), 
+	   ,  mnesia:transaction(fun() -> mnesia:read(OneRec) end)),
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+    ?match({atomic, [OneRec]},
+	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)),
+    ?match({atomic, [OneRec, TwoRec]},
+	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:read({Tab, 1})),
     ?verify_mnesia(Nodes, []).
 
 %% Read records and set write lock
 
 wread(suite) -> [];
 wread(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = wread, 
-    Schema = [{name, Tab}, {type, set}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    
-    OneRec = {Tab, 1, 2}, 
-    TwoRec = {Tab, 1, 3}, 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:wread([]) end)), 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:wread({Tab}) end)), 
+    [_N1,N2] = Nodes = ?acquire_nodes(2, Config),
+    Tab = wread,
+    Schema = [{name, Tab}, {type, set}, {attributes, [k, v]}, {ram_copies, Nodes}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    OneRec = {Tab, 1, 2},
+    TwoRec = {Tab, 1, 3},
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:wread([]) end)),
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:wread({Tab}) end)),
     ?match({aborted, {bad_type, _}}
-	   ,  mnesia:transaction(fun() -> mnesia:wread(OneRec) end)), 
-    
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    
-    ?match({atomic, [OneRec]}, 
-	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)), 
-    ?match({atomic, [TwoRec]}, 
-	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:wread({Tab, 1})), 
+	   ,  mnesia:transaction(fun() -> mnesia:wread(OneRec) end)),
+
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+
+    ?match({atomic, [OneRec]},
+	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)),
+    ?match({atomic, [TwoRec]},
+	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:wread({Tab, 1})),
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Tab, {Tab, 42, a}, sticky_write) end)),
+    ?match({atomic, [{Tab,42, a}]},
+	   rpc:call(N2, mnesia, transaction, [fun() -> mnesia:wread({Tab, 42}) end])),
     ?verify_mnesia(Nodes, []).
 
 %% Delete record
 
 delete(suite) -> [];
 delete(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = delete, 
-    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:delete([]) end)), 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:delete({Tab}) end)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = delete,
+    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:delete([]) end)),
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:delete({Tab}) end)),
     ?match({aborted, {bad_type, _}}
-	   ,  mnesia:transaction(fun() -> mnesia:delete({Tab, 1, 2}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:delete({Tab, 1})), 
+	   ,  mnesia:transaction(fun() -> mnesia:delete({Tab, 1, 2}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:delete({Tab, 1})),
     ?verify_mnesia(Nodes, []).
 
 %% Delete matching record
 
 delete_object(suite) -> [];
 delete_object(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = delete_object, 
-    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = delete_object,
+    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
 
-    OneRec = {Tab, 1, 2}, 
+    OneRec = {Tab, 1, 2},
     ?match({aborted, {bad_type, _}},
 	   mnesia:transaction(fun() -> mnesia:delete_object([]) end)),
     ?match({aborted, {bad_type, _}},
@@ -215,17 +220,17 @@ delete_object(Config) when is_list(Config) ->
     ?match({atomic, ok},
 	   mnesia:transaction(fun() -> mnesia:delete_object(OneRec) end)),
     ?match({atomic, ok},
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    ?match({atomic, ok}, 
 	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
-    ?match({atomic, ok}, 
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+    ?match({atomic, ok},
 	   mnesia:transaction(fun() -> mnesia:delete_object(OneRec) end)),
-    
+
     ?match({'EXIT', {aborted, no_transaction}},  mnesia:delete_object(OneRec)),
 
-    ?match({aborted, {bad_type, Tab, _}}, 
+    ?match({aborted, {bad_type, Tab, _}},
 	   mnesia:transaction(fun() -> mnesia:delete_object({Tab, {['_']}, 21}) end)),
-    ?match({aborted, {bad_type, Tab, _}}, 
+    ?match({aborted, {bad_type, Tab, _}},
 	   mnesia:transaction(fun() -> mnesia:delete_object({Tab, {['$5']}, 21}) end)),
 
     ?verify_mnesia(Nodes, []).
@@ -234,108 +239,108 @@ delete_object(Config) when is_list(Config) ->
 
 match_object(suite) -> [];
 match_object(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = match, 
-    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    
-    OneRec = {Tab, 1, 2}, 
-    OnePat = {Tab, '$1', 2}, 
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:match_object(OnePat) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    ?match({atomic, [OneRec]}, 
-	   mnesia:transaction(fun() -> mnesia:match_object(OnePat) end)), 
-    
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:match_object({foo, '$1', 2}) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:match_object({[], '$1', 2}) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:match_object(OnePat)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = match,
+    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    OneRec = {Tab, 1, 2},
+    OnePat = {Tab, '$1', 2},
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:match_object(OnePat) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+    ?match({atomic, [OneRec]},
+	   mnesia:transaction(fun() -> mnesia:match_object(OnePat) end)),
+
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:match_object({foo, '$1', 2}) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:match_object({[], '$1', 2}) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:match_object(OnePat)),
     ?verify_mnesia(Nodes, []).
 
 %% select
 select(suite) -> [];
 select(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = match, 
-    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = match,
+    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
 
-    OneRec = {Tab, 1, 2}, 
-    TwoRec = {Tab, 2, 3}, 
+    OneRec = {Tab, 1, 2},
+    TwoRec = {Tab, 2, 3},
     OnePat = [{{Tab, '$1', 2}, [], ['$_']}],
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:select(Tab, OnePat) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)), 
-    ?match({atomic, [OneRec]}, 
-	   mnesia:transaction(fun() -> mnesia:select(Tab, OnePat) end)), 
-
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:select(Tab, {match, '$1', 2}) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:select(Tab, [{'_', [], '$1'}]) end)), 
-
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:select(Tab, OnePat)), 
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:select(Tab, OnePat) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)),
+    ?match({atomic, [OneRec]},
+	   mnesia:transaction(fun() -> mnesia:select(Tab, OnePat) end)),
+
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:select(Tab, {match, '$1', 2}) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:select(Tab, [{'_', [], '$1'}]) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:select(Tab, OnePat)),
     ?verify_mnesia(Nodes, []).
 
 
 %% more select
 select14(suite) -> [];
 select14(Config) when is_list(Config) ->
-    [Node1,Node2] = Nodes = ?acquire_nodes(2, Config), 
-    Tab1 = select14_ets, 
-    Tab2 = select14_dets, 
-    Tab3 = select14_remote, 
-    Tab4 = select14_remote_dets, 
-    Schemas = [[{name, Tab1}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-	       [{name, Tab2}, {attributes, [k, v]}, {disc_only_copies, [Node1]}], 
+    [Node1,Node2] = Nodes = ?acquire_nodes(2, Config),
+    Tab1 = select14_ets,
+    Tab2 = select14_dets,
+    Tab3 = select14_remote,
+    Tab4 = select14_remote_dets,
+    Schemas = [[{name, Tab1}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+	       [{name, Tab2}, {attributes, [k, v]}, {disc_only_copies, [Node1]}],
 	       [{name, Tab3}, {attributes, [k, v]}, {ram_copies, [Node2]}],
-	       [{name, Tab4}, {attributes, [k, v]}, {disc_only_copies, [Node2]}]], 
+	       [{name, Tab4}, {attributes, [k, v]}, {disc_only_copies, [Node2]}]],
     [?match({atomic, ok},  mnesia:create_table(Schema)) || Schema <- Schemas],
 
     %% Some Helpers
     Trans = fun(Fun) -> mnesia:transaction(Fun) end,
     LoopHelp = fun('$end_of_table',_) -> [];
-		  ({Recs,Cont},Fun) -> 
+		  ({Recs,Cont},Fun) ->
 		       Sel = mnesia:select(Cont),
 		       Recs ++ Fun(Sel, Fun)
 	       end,
-    Loop = fun(Table,Pattern) -> 
+    Loop = fun(Table,Pattern) ->
 		   Sel = mnesia:select(Table, Pattern, 1, read),
 		   Res = LoopHelp(Sel,LoopHelp),
 		   case mnesia:table_info(Table, type) of
 		       ordered_set -> Res;
 		       _ -> lists:sort(Res)
-		   end 
+		   end
 	   end,
-    Test = 
+    Test =
 	fun(Tab) ->
-		OneRec = {Tab, 1, 2}, 
-		TwoRec = {Tab, 2, 3}, 
+		OneRec = {Tab, 1, 2},
+		TwoRec = {Tab, 2, 3},
 		OnePat = [{{Tab, '$1', 2}, [], ['$_']}],
 		All = [OneRec,TwoRec],
 		AllPat = [{'_', [], ['$_']}],
 
-		?match({atomic, []}, Trans(fun() -> Loop(Tab, OnePat) end)), 
-		?match({atomic, ok},   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-		?match({atomic, ok},   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)), 
-		?match({atomic, [OneRec]}, Trans(fun() -> Loop(Tab, OnePat) end)), 
-		?match({atomic, All}, Trans(fun() -> Loop(Tab, AllPat) end)), 
-		
+		?match({atomic, []}, Trans(fun() -> Loop(Tab, OnePat) end)),
+		?match({atomic, ok},   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+		?match({atomic, ok},   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)),
+		?match({atomic, [OneRec]}, Trans(fun() -> Loop(Tab, OnePat) end)),
+		?match({atomic, All}, Trans(fun() -> Loop(Tab, AllPat) end)),
+
 		{atomic,{_, Cont}} = Trans(fun() -> mnesia:select(Tab, OnePat, 1, read) end),
 		?match({aborted, wrong_transaction}, Trans(fun() -> mnesia:select(Cont) end)),
-		
-		?match({aborted, _}, Trans(fun() -> mnesia:select(Tab, {match, '$1', 2},1,read) end)), 
-		?match({aborted, _}, Trans(fun() -> mnesia:select(Tab, [{'_', [], '$1'}],1,read) end)), 
-		?match({aborted, _}, Trans(fun() -> mnesia:select(sune) end)),     
-		?match({'EXIT', {aborted, no_transaction}},  mnesia:select(Tab, OnePat,1,read)), 
-		?match({aborted, {badarg,sune}}, 
+
+		?match({aborted, _}, Trans(fun() -> mnesia:select(Tab, {match, '$1', 2},1,read) end)),
+		?match({aborted, _}, Trans(fun() -> mnesia:select(Tab, [{'_', [], '$1'}],1,read) end)),
+		?match({aborted, _}, Trans(fun() -> mnesia:select(sune) end)),
+		?match({'EXIT', {aborted, no_transaction}},  mnesia:select(Tab, OnePat,1,read)),
+		?match({aborted, {badarg,sune}},
 		       Trans(fun() -> mnesia:select(sune) end))
 	end,
     Test(Tab1),
@@ -349,28 +354,28 @@ select14(Config) when is_list(Config) ->
 
 all_keys(suite) ->[];
 all_keys(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = all_keys, 
-    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    
-    Write = fun() -> mnesia:write({Tab, 14, 4}) end, 
-    AllKeys = fun() -> mnesia:all_keys(Tab) end, 
-    
-    ?match({atomic, []},  mnesia:transaction(AllKeys)), 
-    
-    ?match({atomic, ok},  mnesia:transaction(Write)), 
-    ?match({atomic, [14]},  mnesia:transaction(AllKeys)), 
-    
-    ?match({atomic, ok},  mnesia:transaction(Write)), 
-    ?match({atomic, [14]},  mnesia:transaction(AllKeys)), 
-    
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:all_keys(foo) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:all_keys([]) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:all_keys(Tab)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = all_keys,
+    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    Write = fun() -> mnesia:write({Tab, 14, 4}) end,
+    AllKeys = fun() -> mnesia:all_keys(Tab) end,
+
+    ?match({atomic, []},  mnesia:transaction(AllKeys)),
+
+    ?match({atomic, ok},  mnesia:transaction(Write)),
+    ?match({atomic, [14]},  mnesia:transaction(AllKeys)),
+
+    ?match({atomic, ok},  mnesia:transaction(Write)),
+    ?match({atomic, [14]},  mnesia:transaction(AllKeys)),
+
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:all_keys(foo) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:all_keys([]) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:all_keys(Tab)),
     ?verify_mnesia(Nodes, []).
 
 
@@ -436,49 +441,49 @@ transaction(Config) when is_list(Config) ->
 basic_nested(doc) -> ["Test the basic functionality of nested transactions"];
 basic_nested(suite) -> [];
 basic_nested(Config) when is_list(Config) ->
-    Nodes = ?acquire_nodes(3, Config), 
-    Args =  [{ram_copies,  Nodes}, 
-	     {attributes,  record_info(fields,  ntab)}], 
-    ?match({atomic,  ok},  mnesia:create_table(ntab,  Args)), 
-    do_nested(top), 
+    Nodes = ?acquire_nodes(3, Config),
+    Args =  [{ram_copies,  Nodes},
+	     {attributes,  record_info(fields,  ntab)}],
+    ?match({atomic,  ok},  mnesia:create_table(ntab,  Args)),
+    do_nested(top),
     case mnesia_test_lib:diskless(Config) of
 	false ->
 	    lists:foreach(fun(N) ->
-				  ?match({atomic,  ok}, 
+				  ?match({atomic,  ok},
 					 mnesia:change_table_copy_type(ntab,  N,  disc_only_copies))
-			  end,  Nodes), 
+			  end,  Nodes),
 	    do_nested(top);
-	true -> 
+	true ->
 	    skip
     end,
     ?verify_mnesia(Nodes, []).
 
 do_nested(How) ->
     F1 = fun() ->
-		mnesia:write(#ntab{a= 1}), 
+		mnesia:write(#ntab{a= 1}),
 		mnesia:write(#ntab{a= 2})
-	end, 
+	end,
     F2 = fun() ->
 		 mnesia:read({ntab,  1})
-	 end, 
-    ?match({atomic,  ok},  mnesia:transaction(F1)), 
-    ?match({atomic,  _},  mnesia:transaction(F2)), 
+	 end,
+    ?match({atomic,  ok},  mnesia:transaction(F1)),
+    ?match({atomic,  _},  mnesia:transaction(F2)),
 
-    ?match({atomic,  {aborted,  _}}, 
-	   mnesia:transaction(fun() -> n_f1(), 
+    ?match({atomic,  {aborted,  _}},
+	   mnesia:transaction(fun() -> n_f1(),
 				mnesia:transaction(fun() -> n_f2() end)
-		       end)), 
+		       end)),
 
-    ?match({atomic,  {aborted,  _}}, 
-	   mnesia:transaction(fun() -> n_f1(), 
+    ?match({atomic,  {aborted,  _}},
+	   mnesia:transaction(fun() -> n_f1(),
 				mnesia:transaction(fun() -> n_f3() end)
-		       end)), 
-    ?match({atomic,  {atomic,  [#ntab{a = 5}]}}, 
-	   mnesia:transaction(fun() -> mnesia:write(#ntab{a = 5}), 
+		       end)),
+    ?match({atomic,  {atomic,  [#ntab{a = 5}]}},
+	   mnesia:transaction(fun() -> mnesia:write(#ntab{a = 5}),
 				       mnesia:transaction(fun() -> n_f4() end)
-			      end)), 
-    Cyclic = fun() -> mnesia:abort({cyclic,a,a,a,a,a}) end,  %% Ugly 
-    NodeNotR = fun() -> mnesia:abort({node_not_running, testNode}) end,   
+			      end)),
+    Cyclic = fun() -> mnesia:abort({cyclic,a,a,a,a,a}) end,  %% Ugly
+    NodeNotR = fun() -> mnesia:abort({node_not_running, testNode}) end,
 
     TestAbort = fun(Fun) ->
 			case get(restart_counter) of
@@ -490,46 +495,46 @@ do_nested(How) ->
 				ok
 			end
 		end,
-    
-    ?match({atomic,{atomic,ok}}, 
+
+    ?match({atomic,{atomic,ok}},
 	   mnesia:transaction(fun()->mnesia:transaction(TestAbort,
 							[Cyclic])end)),
-    
-    ?match({atomic,{atomic,ok}}, 
+
+    ?match({atomic,{atomic,ok}},
 	   mnesia:transaction(fun()->mnesia:transaction(TestAbort,
 							[NodeNotR])end)),
-							    
+
     %% Now try the restart thingie
     case How of
-	top ->	    
-	    Pids = [spawn(?MODULE,  do_nested,  [{spawned,  self()}]), 
-		    spawn(?MODULE,  do_nested,  [{spawned,  self()}]), 
-		    spawn(?MODULE,  do_nested,  [{spawned,  self()}]), 
-		    spawn(?MODULE,  do_nested,  [{spawned,  self()}])], 
-	    ?match({info, _, _}, mnesia_tm:get_info(2000)),	    
+	top ->
+	    Pids = [spawn(?MODULE,  do_nested,  [{spawned,  self()}]),
+		    spawn(?MODULE,  do_nested,  [{spawned,  self()}]),
+		    spawn(?MODULE,  do_nested,  [{spawned,  self()}]),
+		    spawn(?MODULE,  do_nested,  [{spawned,  self()}])],
+	    ?match({info, _, _}, mnesia_tm:get_info(2000)),
 	    lists:foreach(fun(P) -> receive
 					{P,  ok} -> ok
 				    end
-			  end,  Pids), 
+			  end,  Pids),
 	    ?match([],  [Tab || Tab <- ets:all(), mnesia_trans_store == ets:info(Tab, name)]);
-				
+
 	{spawned,  Pid} ->
-	    ?match({info, _, _}, mnesia_tm:get_info(2000)),	    
+	    ?match({info, _, _}, mnesia_tm:get_info(2000)),
 	    Pid ! {self(),  ok},
 	    exit(normal)
     end.
 
 
 n_f1() ->
-    mnesia:read({ntab,  1}), 
+    mnesia:read({ntab,  1}),
     mnesia:write(#ntab{a = 3}).
 
 n_f2() ->
-    mnesia:write(#ntab{a = 4}), 
+    mnesia:write(#ntab{a = 4}),
     erlang:error(exit_here).
 
 n_f3() ->
-    mnesia:write(#ntab{a = 4}), 
+    mnesia:write(#ntab{a = 4}),
     throw(funky).
 
 n_f4() ->
@@ -555,24 +560,24 @@ nested_trans_both_dies(Config) when is_list(Config) ->
     nested_transactions(Config, abort, abort).
 
 nested_transactions(Config, Child, Father) ->
-    [Node1, Node2, Node3] = Nodes = ?acquire_nodes(3, Config),    
+    [Node1, Node2, Node3] = Nodes = ?acquire_nodes(3, Config),
     Tab = nested_trans,
 
-    Def = 
+    Def =
 	case mnesia_test_lib:diskless(Config) of
 	    true ->
 		[{name, Tab}, {ram_copies, Nodes}];
 	    false ->
-		[{name, Tab}, {ram_copies, [Node1]}, 
+		[{name, Tab}, {ram_copies, [Node1]},
 		 {disc_copies, [Node2]}, {disc_only_copies, [Node3]}]
 	end,
 
     ?match({atomic, ok}, mnesia:create_table(Def)),
     ?match(ok, mnesia:dirty_write({Tab, father, not_updated})),
-    ?match(ok, mnesia:dirty_write({Tab, child, not_updated})),    
+    ?match(ok, mnesia:dirty_write({Tab, child, not_updated})),
 
     ChildOk = fun() -> mnesia:write({Tab, child, updated}) end,
-    ChildAbort = fun() -> 
+    ChildAbort = fun() ->
 			 mnesia:write({Tab, child, updated}),
 			 erlang:error(exit_here)
 		 end,
@@ -616,7 +621,7 @@ nested_transactions(Config, Child, Father) ->
     ?verify_mnesia(Nodes, []).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-mix_of_nested_activities(doc) -> 
+mix_of_nested_activities(doc) ->
     ["Verify that dirty operations in a transaction are handled like ",
      "normal transactions"];
 mix_of_nested_activities(suite) ->   [];
@@ -624,27 +629,27 @@ mix_of_nested_activities(Config) when is_list(Config) ->
     [Node1, Node2, Node3] = Nodes = ?acquire_nodes(3, Config),
     Tab = tab,
 
-    Def = 
+    Def =
 	case mnesia_test_lib:diskless(Config) of
 	    true -> [{ram_copies, Nodes}];
-	    false -> 
-		[{ram_copies, [Node1]}, 
-		 {disc_copies, [Node2]}, 
+	    false ->
+		[{ram_copies, [Node1]},
+		 {disc_copies, [Node2]},
 		 {disc_only_copies, [Node3]}]
 	end,
 
     ?match({atomic, ok}, mnesia:create_table(Tab, [{type,bag}|Def])),
-    Activities = [transaction, sync_transaction, 
+    Activities = [transaction, sync_transaction,
 		  ets, async_dirty, sync_dirty],
     %% Make a test for all 3000 combinations
-    Tests = [[A,B,C,D,E] || 
+    Tests = [[A,B,C,D,E] ||
 		A <- Activities,
 		B <- Activities,
 		C <- Activities,
 		D <- Activities,
 		E <- Activities],
-    Foreach = 
-	fun(Test,No) -> 
+    Foreach =
+	fun(Test,No) ->
 		Result = lists:reverse(Test),
 		?match({No,Result},{No,catch apply_op({Tab,No},Test)}),
 		No+1
@@ -661,9 +666,9 @@ apply_op(Oid = {Tab,Key},[Type|Next]) ->
 				       apply_op(Oid,Next)
 			       end)).
 
-check_res(transaction, {atomic,Res}) -> 
+check_res(transaction, {atomic,Res}) ->
     Res;
-check_res(sync_transaction, {atomic,Res}) -> 
+check_res(sync_transaction, {atomic,Res}) ->
     Res;
 check_res(async_dirty, Res) when is_list(Res) ->
     Res;
@@ -673,11 +678,11 @@ check_res(ets, Res) when is_list(Res) ->
     Res;
 check_res(Type,Res) ->
     ?match(bug,{Type,Res}).
-    
+
 read_op(Oid) ->
     case lists:reverse(mnesia:read(Oid)) of
 	[] -> [];
-	[{_,_,Ops}|_] -> 
+	[{_,_,Ops}|_] ->
 	    Ops
     end.
 
@@ -686,24 +691,24 @@ read_op(Oid) ->
 
 index_match_object(suite) -> [];
 index_match_object(Config) when is_list(Config) ->
-    [Node1, Node2] = Nodes = ?acquire_nodes(2, Config), 
-    Tab = index_match_object, 
-    Schema = [{name, Tab}, {attributes, [k, v, e]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    ValPos = 3, 
-    BadValPos = ValPos + 2, 
-    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)), 
-
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:index_match_object({Tab, '$1', 2}, ValPos) end)), 
-    OneRec = {Tab, {1, 1}, 2, {1, 1}}, 
-    OnePat = {Tab, '$1', 2, '_'},     
+    [Node1, Node2] = Nodes = ?acquire_nodes(2, Config),
+    Tab = index_match_object,
+    Schema = [{name, Tab}, {attributes, [k, v, e]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+    ValPos = 3,
+    BadValPos = ValPos + 2,
+    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)),
+
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:index_match_object({Tab, '$1', 2}, ValPos) end)),
+    OneRec = {Tab, {1, 1}, 2, {1, 1}},
+    OnePat = {Tab, '$1', 2, '_'},
     BadPat = {Tab, '$1', '$2', '_'},  %% See ref guide
 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
 
-    Imatch = fun(Patt, Pos) -> 
+    Imatch = fun(Patt, Pos) ->
 		     mnesia:transaction(fun() -> lists:sort(mnesia:index_match_object(Patt, Pos)) end)
 	     end,
     ?match({atomic, [OneRec]}, Imatch(OnePat, ValPos)),
@@ -711,13 +716,13 @@ index_match_object(Config) when is_list(Config) ->
     ?match({aborted, _}, Imatch({foo, '$1', 2, '_'}, ValPos)),
     ?match({aborted, _}, Imatch({[], '$1', 2, '_'}, ValPos)),
     ?match({aborted, _}, Imatch(BadPat, ValPos)),
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:index_match_object(OnePat, ValPos)), 
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:index_match_object(OnePat, ValPos)),
 
     Another = {Tab, {3,1}, 2, {4,4}},
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Another) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, {4, 4}, 3, {4, 4}}) end)), 
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Another) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, {4, 4}, 3, {4, 4}}) end)),
 
     ?match({atomic, [OneRec]}, Imatch({Tab, {1,1}, 2, {1,1}}, ValPos)),
     ?match({atomic, [OneRec]}, Imatch({Tab, {1,1}, 2, '$1'}, ValPos)),
@@ -727,110 +732,110 @@ index_match_object(Config) when is_list(Config) ->
     ?match({atomic, [OneRec]}, Imatch({Tab, {'$2', '$1'}, 2, {'_', '$1'}}, ValPos)),
     ?match({atomic, [OneRec, Another]}, Imatch({Tab, '_', 2, '_'}, ValPos)),
 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 4, 5, {7, 4}}) end)),     
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 7, 5, {7, 5}}) end)),     
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 4, 5, {7, 4}}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 7, 5, {7, 5}}) end)),
 
     ?match({atomic, [{Tab, 4, 5, {7, 4}}]}, Imatch({Tab, '$1', 5, {'_', '$1'}}, ValPos)),
 
     ?match({atomic, [OneRec]}, rpc:call(Node2, mnesia, transaction,
-					[fun() -> 
-						lists:sort(mnesia:index_match_object({Tab, {1,1}, 2, 
+					[fun() ->
+						lists:sort(mnesia:index_match_object({Tab, {1,1}, 2,
 										      {1,1}}, ValPos))
-					 end])),    
+					 end])),
     ?verify_mnesia(Nodes, []).
 
 %% Read records by using an index
 
 index_read(suite) -> [];
 index_read(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = index_read, 
-    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    ValPos = 3, 
-    BadValPos = ValPos + 1, 
-    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)), 
-
-    OneRec = {Tab, 1, 2}, 
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    ?match({atomic, [OneRec]}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, BadValPos) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(foo, 2, ValPos) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:index_read([], 2, ValPos) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:index_read(Tab, 2, ValPos)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = index_read,
+    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+    ValPos = 3,
+    BadValPos = ValPos + 1,
+    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)),
+
+    OneRec = {Tab, 1, 2},
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+    ?match({atomic, [OneRec]},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, BadValPos) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:index_read(foo, 2, ValPos) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:index_read([], 2, ValPos) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:index_read(Tab, 2, ValPos)),
     ?verify_mnesia(Nodes, []).
 
 index_update_set(suite) -> [];
 index_update_set(Config)when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = index_test, 
-    Schema = [{name, Tab}, {attributes, [k, v1, v2, v3]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    ValPos = v1, 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = index_test,
+    Schema = [{name, Tab}, {attributes, [k, v1, v2, v3]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+    ValPos = v1,
     ValPos2 = v3,
-    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)), 
-    
+    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)),
+
     Pat1 = {Tab, '$1',  2,   '$2', '$3'},
-    Pat2 = {Tab, '$1', '$2', '$3', '$4'}, 
-    
-    Rec1 = {Tab, 1, 2, 3, 4}, 
+    Pat2 = {Tab, '$1', '$2', '$3', '$4'},
+
+    Rec1 = {Tab, 1, 2, 3, 4},
     Rec2 = {Tab, 2, 2, 13, 14},
-    Rec3 = {Tab, 1, 12, 13, 14}, 
-    Rec4 = {Tab, 4, 2, 13, 14}, 
-    
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec1) end)), 
-    ?match({atomic, [Rec1]}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec2) end)), 
-    {atomic, R1} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end), 
+    Rec3 = {Tab, 1, 12, 13, 14},
+    Rec4 = {Tab, 4, 2, 13, 14},
+
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec1) end)),
+    ?match({atomic, [Rec1]},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec2) end)),
+    {atomic, R1} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2], lists:sort(R1)),
-    
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec3) end)), 
-    {atomic, R2} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end), 
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec3) end)),
+    {atomic, R2} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec2], lists:sort(R2)),
-    ?match({atomic, [Rec2]}, 
-	   mnesia:transaction(fun() -> mnesia:index_match_object(Pat1, ValPos) end)), 
-    
-    {atomic, R3} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end), 
+    ?match({atomic, [Rec2]},
+	   mnesia:transaction(fun() -> mnesia:index_match_object(Pat1, ValPos) end)),
+
+    {atomic, R3} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end),
     ?match([Rec3, Rec2], lists:sort(R3)),
-    
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec4) end)), 
-    {atomic, R4} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end), 
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec4) end)),
+    {atomic, R4} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec2, Rec4], lists:sort(R4)),
-    
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:delete({Tab, 4}) end)), 
-    ?match({atomic, [Rec2]}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:delete({Tab, 4}) end)),
+    ?match({atomic, [Rec2]},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+
     ?match({atomic, ok}, mnesia:del_table_index(Tab, ValPos)),
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:write(Rec4) end)),
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos)),
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos2)),
-    
-    {atomic, R5} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end), 
+
+    {atomic, R5} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end),
     ?match([Rec3, Rec2, Rec4], lists:sort(R5)),
-    
+
     {atomic, R6} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec2, Rec4], lists:sort(R6)),
-    
+
     ?match({atomic, []},
 	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 4, ValPos2) end)),
     {atomic, R7} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 14, ValPos2) end),
@@ -857,62 +862,62 @@ index_update_set(Config)when is_list(Config) ->
     ?match([Rec1], lists:sort(R11)),
     ?match({atomic, [Rec1]},mnesia:transaction(fun() -> mnesia:index_read(Tab, 4, ValPos2) end)),
     ?match({atomic, []},mnesia:transaction(fun() -> mnesia:index_read(Tab, 14, ValPos2) end)),
-    
+
     ?verify_mnesia(Nodes, []).
 
 index_update_bag(suite) -> [];
 index_update_bag(Config)when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = index_test, 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = index_test,
     Schema = [{name, Tab},
 	      {type, bag},
-	      {attributes, [k, v1, v2, v3]}, 
-	      {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    ValPos = v1, 
+	      {attributes, [k, v1, v2, v3]},
+	      {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+    ValPos = v1,
     ValPos2 = v3,
 
-    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)), 
+    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)),
 
     Pat1 = {Tab, '$1',  2,   '$2', '$3'},
-    Pat2 = {Tab, '$1', '$2', '$3', '$4'}, 
+    Pat2 = {Tab, '$1', '$2', '$3', '$4'},
 
-    Rec1 = {Tab, 1, 2, 3, 4},    
-    Rec2 = {Tab, 2, 2, 13, 14},  
-    Rec3 = {Tab, 1, 12, 13, 14}, 
-    Rec4 = {Tab, 4, 2, 13, 4}, 
+    Rec1 = {Tab, 1, 2, 3, 4},
+    Rec2 = {Tab, 2, 2, 13, 14},
+    Rec3 = {Tab, 1, 12, 13, 14},
+    Rec4 = {Tab, 4, 2, 13, 4},
     Rec5 = {Tab, 1, 2, 234, 14},
 
     %% Simple Index
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec1) end)), 
-    ?match({atomic, [Rec1]}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec2) end)), 
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec1) end)),
+    ?match({atomic, [Rec1]},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec2) end)),
     {atomic, R1} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2], lists:sort(R1)),
 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec3) end)), 
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec3) end)),
     {atomic, R2} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2], lists:sort(R2)),
 
     {atomic, R3} = mnesia:transaction(fun() -> mnesia:index_match_object(Pat1, ValPos) end),
     ?match([Rec1, Rec2], lists:sort(R3)),
- 
+
     {atomic, R4} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end),
     ?match([Rec1, Rec3, Rec2], lists:sort(R4)),
- 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec4) end)), 
-    {atomic, R5} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end), 
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec4) end)),
+    {atomic, R5} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2, Rec4], lists:sort(R5)),
 
-    ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete({Tab, 4}) end)), 
+    ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete({Tab, 4}) end)),
     {atomic, R6} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2], lists:sort(R6)),
 
@@ -922,20 +927,20 @@ index_update_bag(Config)when is_list(Config) ->
     ITab = mnesia_lib:val({index_test,{index, IPos}}),
     io:format("~n Index ~p @ ~p => ~p ~n~n",[IPos,ITab, ets:tab2list(ITab)]),
     ?match([{2,1},{2,2},{12,1}], ets:tab2list(ITab)),
-    
+
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:write(Rec5) end)),
     {atomic, R60} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1,Rec5,Rec2], lists:sort(R60)),
 
     ?match([{2,1},{2,2},{12,1}], ets:tab2list(ITab)),
-    
+
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete_object(Rec3) end)),
     {atomic, R61} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1,Rec5,Rec2], lists:sort(R61)),
     {atomic, R62} = mnesia:transaction(fun() -> mnesia:index_read(Tab,12, ValPos) end),
     ?match([], lists:sort(R62)),
     ?match([{2,1},{2,2}], ets:tab2list(ITab)),
-    
+
     %% reset for rest of testcase
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:write(Rec3) end)),
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete_object(Rec5) end)),
@@ -943,19 +948,19 @@ index_update_bag(Config)when is_list(Config) ->
     ?match([Rec1, Rec2], lists:sort(R6)),
     %% OTP-6587
 
-    ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete_object(Rec1) end)), 
-    ?match({atomic, [Rec2]}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
+    ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete_object(Rec1) end)),
+    ?match({atomic, [Rec2]},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
     {atomic, R7} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end),
     ?match([Rec3, Rec2], lists:sort(R7)),
-    
+
     %% Two indexies
     ?match({atomic, ok}, mnesia:del_table_index(Tab, ValPos)),
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:write(Rec1) end)),
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:write(Rec4) end)),
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos)),
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos2)),
-    
+
     {atomic, R8} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2, Rec4], lists:sort(R8)),
 
@@ -1001,12 +1006,12 @@ index_update_bag(Config)when is_list(Config) ->
 index_write(suite) -> [];
 index_write(doc) -> ["See ticket OTP-8072"];
 index_write(Config)when is_list(Config) ->
-    Nodes = ?acquire_nodes(1, Config), 
+    Nodes = ?acquire_nodes(1, Config),
     mnesia:create_table(a, [{index, [val]}]),
     mnesia:create_table(counter, []),
 
     CreateIfNonExist =
-	fun(Index) ->			       
+	fun(Index) ->
 		case mnesia:index_read(a, Index, 3) of
 		    [] ->
 			Id = mnesia:dirty_update_counter(counter, id, 1),
@@ -1017,7 +1022,7 @@ index_write(Config)when is_list(Config) ->
 			Found
 		end
 	end,
-    
+
     Trans = fun(A) ->
 		    mnesia:transaction(CreateIfNonExist, [A])
 		    %% This works better most of the time
@@ -1030,9 +1035,9 @@ index_write(Config)when is_list(Config) ->
 		     Res = lists:map(Trans, lists:seq(1,10)),
 		     Self ! {self(), Res}
 	     end,
-    
+
     Pids = [spawn(Update) || _ <- lists:seq(1,5)],
-    
+
     Gather = fun(Pid, Acc) -> receive {Pid, Res} -> [Res|Acc] end end,
     Results = lists:foldl(Gather, [], Pids),
     Expected = hd(Results),
@@ -1075,7 +1080,7 @@ add_table_index(Config, Storage) ->
            mnesia:add_table_index(Tab, 1)),
     ?match({aborted, Reason44 } when element(1, Reason44) == bad_type,
            mnesia:add_table_index(Tab, 0)),
-    ?match({aborted, Reason45 } when element(1, Reason45) == bad_type, 
+    ?match({aborted, Reason45 } when element(1, Reason45) == bad_type,
            mnesia:add_table_index(Tab, -1)),
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos)),
     ?match({aborted, Reason46 } when element(1, Reason46) == already_exists,
@@ -1083,10 +1088,10 @@ add_table_index(Config, Storage) ->
 
     NestedFun = fun() ->
                         ?match({aborted, nested_transaction},
-                               mnesia:add_table_index(Tab, ValPos)), 
+                               mnesia:add_table_index(Tab, ValPos)),
                         ok
                 end,
-    ?match({atomic, ok}, mnesia:transaction(NestedFun)), 
+    ?match({atomic, ok}, mnesia:transaction(NestedFun)),
     ?verify_mnesia(Nodes, []).
 
 create_live_table_index_ram(suite) -> [];
@@ -1110,7 +1115,7 @@ create_live_table_index(Config, Storage) ->
     mnesia:dirty_write({Tab, 1, 2}),
 
     Fun = fun() ->
-                  ?match(ok, mnesia:write({Tab, 2, 2})),        
+                  ?match(ok, mnesia:write({Tab, 2, 2})),
                   ok
           end,
     ?match({atomic, ok}, mnesia:transaction(Fun)),
@@ -1133,17 +1138,17 @@ create_live_table_index(Config, Storage) ->
 	     end,
 
     ?match([{atomic,ok}|_], [Create(N) || N <- lists:seq(1,50)]),
-    
+
     ?match([], mnesia_test_lib:stop_mnesia([N2,N3])),
     ?match(ok, rpc:call(N2, mnesia, start, [[{extra_db_nodes,[N1]}]])),
     ?match(ok, rpc:call(N3, mnesia, start, [[{extra_db_nodes,[N1]}]])),
-    
+
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos)),
-    
+
     ?match({atomic, [{Tab, 1, 2},{Tab, 2, 2}]}, mnesia:transaction(IRead)),
-    ?match({atomic, [{Tab, 1, 2},{Tab, 2, 2}]}, 
+    ?match({atomic, [{Tab, 1, 2},{Tab, 2, 2}]},
 	   rpc:call(N2, mnesia, transaction, [IRead])),
-    
+
     ?verify_mnesia(Nodes, []).
 
 %% Drop table index
@@ -1210,49 +1215,49 @@ idx_schema_changes(Config, Storage) ->
 	    ram_copies ->
 		{disc_copies, disc_only_copies}
 	end,
-    
+
     Write = fun(N) ->
 		    mnesia:write({Tab, N, N+50})
-	    end,   
-    
+	    end,
+
     [mnesia:sync_transaction(Write, [N]) || N <- lists:seq(1, 10)],
     ?match([{Tab, 1, 51}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 51, Idx])),
     ?match([{Tab, 1, 51}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 51, Idx])),
 
     ?match({atomic, ok}, mnesia:change_table_copy_type(Tab, N1, Storage1)),
-    
+
     ?match({atomic, ok}, rpc:call(N1, mnesia, sync_transaction, [Write, [17]])),
     ?match({atomic, ok}, rpc:call(N2, mnesia, sync_transaction, [Write, [18]])),
-    
+
     ?match([{Tab, 17, 67}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 67, Idx])),
     ?match([{Tab, 18, 68}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 68, Idx])),
-    
+
     ?match({atomic, ok}, mnesia:del_table_copy(Tab, N1)),
     ?match({atomic, ok}, rpc:call(N1, mnesia, sync_transaction, [Write, [11]])),
     ?match({atomic, ok}, rpc:call(N2, mnesia, sync_transaction, [Write, [12]])),
-    
+
     ?match([{Tab, 11, 61}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 61, Idx])),
     ?match([{Tab, 12, 62}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 62, Idx])),
 
     ?match({atomic, ok}, mnesia:move_table_copy(Tab, N2, N1)),
     ?match({atomic, ok}, rpc:call(N1, mnesia, sync_transaction, [Write, [19]])),
     ?match({atomic, ok}, rpc:call(N2, mnesia, sync_transaction, [Write, [20]])),
-    
+
     ?match([{Tab, 19, 69}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 69, Idx])),
-    ?match([{Tab, 20, 70}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 70, Idx])),   
-    
+    ?match([{Tab, 20, 70}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 70, Idx])),
+
     ?match({atomic, ok}, mnesia:add_table_copy(Tab, N2, Storage)),
     ?match({atomic, ok}, rpc:call(N1, mnesia, sync_transaction, [Write, [13]])),
     ?match({atomic, ok}, rpc:call(N2, mnesia, sync_transaction, [Write, [14]])),
-    
+
     ?match([{Tab, 13, 63}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 63, Idx])),
     ?match([{Tab, 14, 64}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 64, Idx])),
-    
+
     ?match({atomic, ok}, mnesia:change_table_copy_type(Tab, N2, Storage2)),
-    
+
     ?match({atomic, ok}, rpc:call(N1, mnesia, sync_transaction, [Write, [15]])),
     ?match({atomic, ok}, rpc:call(N2, mnesia, sync_transaction, [Write, [16]])),
-    
+
     ?match([{Tab, 15, 65}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 65, Idx])),
     ?match([{Tab, 16, 66}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 66, Idx])),
 
diff --git a/lib/mnesia/vsn.mk b/lib/mnesia/vsn.mk
index ebf79dd2ae..080548acac 100644
--- a/lib/mnesia/vsn.mk
+++ b/lib/mnesia/vsn.mk
@@ -1 +1 @@
-MNESIA_VSN = 4.5.1
+MNESIA_VSN = 4.6
diff --git a/lib/observer/doc/src/Makefile b/lib/observer/doc/src/Makefile
index f82a49abbe..cd9f9466ca 100644
--- a/lib/observer/doc/src/Makefile
+++ b/lib/observer/doc/src/Makefile
@@ -36,6 +36,7 @@ RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
 XML_APPLICATION_FILES = ref_man.xml
 XML_REF3_FILES = \
 	crashdump.xml \
+	observer.xml \
 	etop.xml \
 	ttb.xml
 XML_REF6_FILES = observer_app.xml
@@ -48,6 +49,7 @@ XML_PART_FILES = \
 XML_CHAPTER_FILES = \
 	crashdump_ug.xml \
 	etop_ug.xml \
+	observer_ug.xml \
 	ttb_ug.xml \
 	notes.xml \
 	notes_history.xml
diff --git a/lib/observer/doc/src/notes.xml b/lib/observer/doc/src/notes.xml
index baa1354268..a9554a08f4 100644
--- a/lib/observer/doc/src/notes.xml
+++ b/lib/observer/doc/src/notes.xml
@@ -31,6 +31,125 @@
   <p>This document describes the changes made to the Observer
     application.</p>
 
+<section><title>Observer 1.0</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    The following bugs in <c>ttb</c> have been corrected:</p>
+          <p>
+	    <list> <item><c>ttb:tracer/2</c> would earlier crash when
+	    trying to set up tracing for a diskless node to wrap
+	    files, i.e. when option
+	    <c>{file,{local,{wrap,Filename,Size,Count}}}</c> was
+	    used.</item> <item><c>ttb:stop([fetch])</c> would
+	    sometimes silently fail if multiple nodes with different
+	    current working directories were traced.</item>
+	    <item><c>ttb:stop([fetch])</c> would crash if the tracer
+	    was started with option
+	    <c>{file,{local,Filename}}</c></item> <item>A deadlock
+	    would sometimes occur due to an information printout from
+	    the <c>ttb_control</c> process when <c>ttb</c> was
+	    stopped.</item> </list></p>
+          <p>
+	    Own Id: OTP-9431</p>
+        </item>
+        <item>
+          <p>
+	    The file trace port to which the IP trace client relays
+	    all traces from diskless nodes was not flushed and closed
+	    properly on ttb:stop. This has been corrected.</p>
+          <p>
+	    Own Id: OTP-9665</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    A new GUI for Observer. Integrating pman, etop, appmon
+	    and tv into observer with tracing facilities.</p>
+          <p>
+	    Own Id: OTP-4779</p>
+        </item>
+        <item>
+          <p>
+	    The following new features are added to <c>ttb</c>:</p>
+          <p>
+	    <list> <item>A one-command trace setup is added,
+	    <c>ttb:start_trace/4</c>.</item> <item>The following new
+	    options are added to <c>ttb:tracer/2</c>: <list>
+	    <item><em><c>shell</c></em> - Show trace messages on the
+	    console in real time</item> <item><em><c>timer</c></em> -
+	    Time constrained tracing</item>
+	    <item><em><c>overload</c></em> - Overload
+	    protection</item> <item><em><c>flush</c></em> - Flush
+	    file trace port buffers with given frequency</item>
+	    <item><em><c>resume</c></em> - Automatically resume
+	    tracing after node restart</item> </list> </item> <item>
+	    A new shortcut is added for common tracer settings
+	    similar to using the <c>dbg</c> module directly,
+	    <c>ttb:tracer(shell | dbg)</c>. </item> <item> Some
+	    shortcuts are added for commonly used match
+	    specifications in <c>ttb:tp</c> and <c>ttb:tpl</c>.
+	    </item> <item> The <c>Options</c> argument to functions
+	    <c>ttb:tracer</c>, <c>ttb:write_config</c>,
+	    <c>ttb:stop</c> and <c>ttb:format</c> may now be one
+	    single option instead of a list. </item> <item> The
+	    history buffer of the last trace is now always
+	    automatically dumped to the file <c>ttb_last_config</c>
+	    when <c>ttb:stop</c> is called. </item> <item> The
+	    following new options are added to <c>ttb:stop/1</c>:
+	    <list> <item><em><c>fetch_dir</c></em> - Specify where to
+	    store fetched logs</item>
+	    <item><em><c>{format,FormatOpts}</c></em> - Specify
+	    options to use when formatting the fetched logs</item>
+	    <item><em><c>return_fetch_dir</c></em> - Indicate that
+	    the return value from <c>ttb:stop/1</c> should include
+	    the name of the directory where the fetched logs are
+	    stored</item> </list> </item> <item> The option
+	    <c>disable_sort</c> is added to <c>ttb:format/2</c>. When
+	    this option is used, trace messages from different logs
+	    are not merged according to timestamps, but just appended
+	    one log after the other. </item> </list></p>
+          <p>
+	    Own Id: OTP-9403</p>
+        </item>
+        <item>
+          <p>
+	    The following non backwards compatible changes are done
+	    in <c>ttb</c>:</p>
+          <p>
+	    <list> <item> When setting up trace with ttb, the
+	    'timestamp' trace flag will now always be set. </item>
+	    <item> The 'fetch' option to ttb:stop/1 is removed since
+	    it is now default behavior that trace logs are fetched
+	    when stopping ttb. Fetching can be disabled with the
+	    'nofetch' option to ttb:stop/1. </item> <item> The name
+	    of the upload directory is changed from
+	    ttb_upload-Timestamp to ttb_upload_FileName-Timestamp.
+	    </item> <item> To format the output using 'et', you now
+	    need to provide the option {handler,ttb:get_et_handler()}
+	    instead of {handler,et}. </item> <item> When formatting a
+	    trace log, the handler state was earlier reset after each
+	    trace file, this is now changed so the handler state is
+	    passed not only from one trace message to the next in the
+	    same file, but also from one file to the next. </item>
+	    </list></p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9430</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Observer 0.9.10</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/observer/doc/src/observer.xml b/lib/observer/doc/src/observer.xml
new file mode 100644
index 0000000000..03830f2b1c
--- /dev/null
+++ b/lib/observer/doc/src/observer.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE erlref SYSTEM "erlref.dtd">
+
+<erlref>
+  <header>
+    <copyright>
+      <year>2011</year>
+      <holder>Ericsson AB, All Rights Reserved</holder>
+    </copyright>
+    <legalnotice>
+  The contents of this file are subject to the Erlang Public License,
+  Version 1.1, (the "License"); you may not use this file except in
+  compliance with the License. You should have received a copy of the
+  Erlang Public License along with this software. If not, it can be
+  retrieved online at http://www.erlang.org/.
+
+  Software distributed under the License is distributed on an "AS IS"
+  basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+  the License for the specific language governing rights and limitations
+  under the License.
+
+  The Initial Developer of the Original Code is Ericsson AB.
+    </legalnotice>
+
+    <title>Observer</title>
+    <prepared>Dan Gudmundsson</prepared>
+    <responsible></responsible>
+    <docno>1</docno>
+    <approved></approved>
+    <checked></checked>
+    <date>2011-12-08</date>
+    <rev>PA1</rev>
+    <file>observer.xml</file>
+  </header>
+  <module>observer</module>
+  <modulesummary>A GUI tool for observing an erlang system.</modulesummary>
+  <description>
+    <p>The observer is gui frontend containing various tools to
+    inspect a system.  It displays system information, application
+    structures, process information, ets or mnesia tables and a frontend
+    for tracing with <seealso marker="ttb">ttb</seealso>.
+    </p>
+
+    <p>See the <seealso marker="observer_ug">user's guide</seealso>
+    for more information about how to get started.</p>
+  </description>
+  <funcs>
+    <func>
+      <name>start() -> ok</name>
+      <fsummary>Start the observer gui</fsummary>
+      <desc>
+        <p>This function starts the <c>observer</c> gui.
+	Close the window to stop the application.
+	</p>
+      </desc>
+    </func>
+  </funcs>
+</erlref>
diff --git a/lib/observer/doc/src/observer_ug.xml b/lib/observer/doc/src/observer_ug.xml
new file mode 100644
index 0000000000..569d72e71e
--- /dev/null
+++ b/lib/observer/doc/src/observer_ug.xml
@@ -0,0 +1,190 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>2011</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+
+    </legalnotice>
+
+    <title>Observer</title>
+    <prepared></prepared>
+    <docno></docno>
+    <date></date>
+    <rev></rev>
+    <file>observer_ug.xml</file>
+  </header>
+
+  <section>
+    <title>Introduction</title>
+    <p>Observer, is a graphical tool for observing the characteristics of
+    erlang systems.  Observer displays system information, application
+    supervisor trees, process information, ets or mnesia tables and contains
+    a frontend for erlang tracing.
+    </p>
+  </section>
+
+  <section>
+    <title>General</title>
+    <p>Normally observer should be run from a standalone node to minimize
+    the impact of the system being observed. Example:
+    </p>
+    <code>
+ > erl -sname observer -hidden -setcookie MyCookie -run observer
+    </code>
+    <p>
+      Choose which node to observe via <c>Nodes</c> menu. The <c>View/Refresh
+      Interval</c> controls how frequent the view should be updated.
+      The refresh interval is set per viewer so you can
+      have different settings for each viewer. To minimize the system
+      impact only the active viewer is updated and the other
+      views will be updated when activated.
+    </p>
+    <note>
+      <p>Only R15B nodes can be observed.</p>
+    </note>
+
+    <p> In general the mouse buttons behaves as expected, use left click
+    to select objects, right click to pop up a menu with most used
+    choices and double click to bring up information about the
+    selected object. In most viewers with several columns you can change
+    sort order by left clicking on column header.
+    </p>
+  </section>
+
+  <section>
+    <title>Applications</title>
+    <p>The <c>Applications</c> view lists application information.
+    Select an application in the left list to display its supervisor
+    tree.
+    </p>
+    <p><c>Trace process</c> will add the selected process identifier
+    to <c>Trace Overview</c> view and the node the process resides on
+    will be added as well.
+    </p>
+    <p><c>Trace named process</c> will add the
+    registered name of the process. This can be useful when tracing on
+    several nodes, then processes with that name will be traced on all traced
+    nodes.
+    </p>
+    <p><c>Trace process tree</c> and <c>Trace named process
+    tree</c> will add the selected process and all processes below,
+    right of, it to  the <c>Trace Overview</c> view.
+    </p>
+  </section>
+
+  <section>
+    <title>Processes</title>
+    <p>The <c>Processes</c> view lists process information.
+    For each process the following information is presented:
+    </p>
+    <taglist>
+      <tag>Pid</tag>
+      <item>The process identifier.</item>
+      <tag>Reds</tag>
+      <item>This is the number of reductions that has been executed
+       on the process</item>
+      <tag>Memory</tag>
+      <item>This is the size of the process in bytes, obtained by a
+       call to <c>process_info(Pid,memory)</c>.</item>
+      <tag>MsgQ</tag>
+      <item>This is the length of the message queue for the process.</item>
+    </taglist>
+    <note>
+      <p><em>Reds</em> can be presented as accumulated values or as values since last update.</p>
+    </note>
+    <p><c>Trace Processes</c> will add the selected process identifiers to the <c>Trace Overview</c> view and the
+    node the processes reside on will be added as well.
+    <c>Trace Named Processes</c> will add the registered name of processes. This can be useful
+    when tracing is done on several nodes, then processes with that name will be traced on all traced nodes.
+    </p>
+  </section>
+
+  <section>
+    <title>Table Viewer</title>
+    <p>The <c>Table Viewer</c> view lists tables. By default ets tables
+    are visible and unreadable, private ets, tables and tables created by the OTP
+    applications are not visible.  Use <c>View</c> menu to view "system"
+    ets tables, unreadable ets tables or mnesia tables.
+    </p>
+    <p>Double click to view the content of the table. Select table and activate <c>View/Table Information</c>
+    menu to view table information.
+    </p>
+    <p>In the table viewer you can regexp search for objects, edit and delete objects.
+    </p>
+  </section>
+
+  <section>
+    <title>Trace Overview</title>
+    <p>The <c>Trace Overview</c> view handles tracing. Tracing is done
+    by selecting which processes to be traced and how to trace
+    them. You can trace messages, function calls and events, where
+    events are process related events such as <c>spawn</c>,
+    <c>exit</c> and several others.
+    </p>
+
+    <p>When you want to trace function calls, you also need to setup
+    <c>trace patterns</c>.  Trace patterns selects the function calls
+    that will be traced. The number of traced function calls can be
+    further reduced with <c>match specifications</c>.  Match
+    specifications can also be used to trigger additional information
+    in the trace messages.
+    </p>
+    <note><p>Trace patterns only applies to the traced processes.</p></note>
+
+    <p>
+      Processes are added from the <c>Applications</c> or <c>Processes</c> views.
+      A special <c>new</c> identifier, meaning all processes spawned after trace start,
+      can be added with the <c>Add 'new' Process</c> button.
+    </p>
+    <p>
+      When adding processes, a window with trace options will pop up. The chosen options will
+      be set for the selected processes.
+      Process options can be changed by right clicking on a process.
+    </p>
+    <p>
+      Processes added by process identifiers will add the nodes these
+      processes resides on in the node list. Additional nodes can be added by the <c>Add
+      Nodes</c> button.
+    </p>
+    <p>
+      If function calls are traced, trace patterns must be added by <c>Add Trace Pattern</c> button.
+      Select a module, function(s) and a match specification.
+      If no functions are selected, all functions in the module will be traced.
+      A few basic match specifications are provided in the tool, and
+      you can provide your own match specifications. The syntax of match
+      specifications are described in the <seealso
+      marker="erts:match_spec">ERTS User's Guide</seealso>.  To simplify
+      the writing of a match specification they can also be written as
+      <c>fun/1</c> see <seealso marker="stdlib:ms_transform">ms_transform manual page</seealso> for
+      further information.
+    </p>
+
+    <p>Use the <c>Start trace</c> button to start the trace.
+    By default trace output is written to a new window, tracing is stopped when the
+    window is closed, or with <c>Stop Trace</c> button.
+    Trace output can be changed via <c>Options/Output</c> menu.
+    The trace settings, including match specifications, can be saved to, or loaded from, a file.
+    </p>
+    <p>More information about tracing can be found in <seealso
+    marker="runtime_tools:dbg">dbg</seealso> and in the chapter "Match
+    specifications in Erlang" in <seealso marker="erts:match_spec">ERTS User's
+    Guide</seealso> and the
+    <seealso marker="stdlib:ms_transform">ms_transform manual page</seealso>.
+    </p>
+  </section>
+</chapter>
diff --git a/lib/observer/doc/src/part.xml b/lib/observer/doc/src/part.xml
index bd6c2b6c77..0d6aad09f2 100644
--- a/lib/observer/doc/src/part.xml
+++ b/lib/observer/doc/src/part.xml
@@ -4,7 +4,7 @@
 <part xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2002</year><year>2009</year>
+      <year>2002</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -31,6 +31,7 @@
     <p>The <em>Observer</em> application contains tools for tracing
       and investigation of distributed systems.</p>
   </description>
+  <xi:include href="observer_ug.xml"/>
   <xi:include href="ttb_ug.xml"/>
   <xi:include href="etop_ug.xml"/>
   <xi:include href="crashdump_ug.xml"/>
diff --git a/lib/observer/doc/src/ref_man.xml b/lib/observer/doc/src/ref_man.xml
index 3d37570d2d..c33ce74141 100644
--- a/lib/observer/doc/src/ref_man.xml
+++ b/lib/observer/doc/src/ref_man.xml
@@ -4,7 +4,7 @@
 <application xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2002</year><year>2009</year>
+      <year>2002</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -34,6 +34,7 @@
     <br></br>
   </description>
   <xi:include href="observer_app.xml"/>
+  <xi:include href="observer.xml"/>
   <xi:include href="ttb.xml"/>
   <xi:include href="etop.xml"/>
   <xi:include href="crashdump.xml"/>
diff --git a/lib/observer/doc/src/ttb_ug.xml b/lib/observer/doc/src/ttb_ug.xml
index 4f2b55a22a..08093a9451 100644
--- a/lib/observer/doc/src/ttb_ug.xml
+++ b/lib/observer/doc/src/ttb_ug.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2002</year><year>2010</year>
+      <year>2002</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/observer/src/Makefile b/lib/observer/src/Makefile
index 95954d8587..ca26afc11d 100644
--- a/lib/observer/src/Makefile
+++ b/lib/observer/src/Makefile
@@ -42,6 +42,7 @@ MODULES= \
 	etop_tr \
 	etop_txt \
 	observer \
+	observer_app_wx \
 	observer_lib \
 	observer_wx \
 	observer_pro_wx \
@@ -57,6 +58,8 @@ MODULES= \
 HRL_FILES= \
 	../include/etop.hrl
 INTERNAL_HRL_FILES= \
+	observer_tv.hrl \
+	observer_defs.hrl \
 	crashdump_viewer.hrl \
 	etop_defs.hrl
 ERL_FILES= $(MODULES:%=%.erl)
@@ -103,8 +106,7 @@ ERL_COMPILE_FLAGS += \
 # ----------------------------------------------------
 # Targets
 # ----------------------------------------------------
-
-debug opt: $(TARGET_FILES)
+opt debug: $(TARGET_FILES)
 
 clean:
 	rm -f $(TARGET_FILES)
@@ -116,6 +118,8 @@ $(APP_TARGET): $(APP_SRC) ../vsn.mk
 $(APPUP_TARGET): $(APPUP_SRC) ../vsn.mk
 	sed -e 's;%VSN%;$(VSN);' $< > $@
 
+$(TARGET_FILES): $(INTERNAL_HRL_FILES)
+
 docs:
 
 # ----------------------------------------------------
diff --git a/lib/observer/src/etop_gui.erl b/lib/observer/src/etop_gui.erl
index ff1b8078ad..9248d67344 100644
--- a/lib/observer/src/etop_gui.erl
+++ b/lib/observer/src/etop_gui.erl
@@ -17,6 +17,13 @@
 %% %CopyrightEnd%
 %%
 -module(etop_gui).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
+
 -author('[email protected]').
 
 -export([init/1,stop/1]).
diff --git a/lib/observer/src/observer_app_wx.erl b/lib/observer/src/observer_app_wx.erl
new file mode 100644
index 0000000000..62046577ad
--- /dev/null
+++ b/lib/observer/src/observer_app_wx.erl
@@ -0,0 +1,524 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+-module(observer_app_wx).
+
+-export([start_link/2]).
+
+%% wx_object callbacks
+-export([init/1, handle_info/2, terminate/2, code_change/3, handle_call/3,
+	 handle_event/2, handle_sync_event/3, handle_cast/2]).
+
+-behaviour(wx_object).
+-include_lib("wx/include/wx.hrl").
+-include("observer_defs.hrl").
+
+-record(state,
+	{
+	  parent,
+	  panel,
+	  apps_w,
+	  app_w,
+	  paint,
+	  current,
+	  app,
+	  sel,
+	  appmon
+	}).
+
+-record(paint, {font, pen, brush, sel, links}).
+
+-record(app, {ptree, n2p, links, dim}).
+-record(box, {x,y, w,h, s1}).
+-record(str, {x,y,text,pid}).
+
+-define(BX_E, 10). %% Empty width between text and box
+-define(BX_HE, (?BX_E div 2)).
+-define(BY_E, 10). %% Empty height between text and box
+-define(BY_HE, (?BY_E div 2)).
+
+-define(BB_X, 16). %% Empty width between boxes
+-define(BB_Y, 12). %% Empty height between boxes
+
+-define(DRAWAREA, 5).
+-define(ID_PROC_INFO, 101).
+-define(ID_PROC_MSG,  102).
+-define(ID_PROC_KILL, 103).
+-define(ID_TRACE_PID, 104).
+-define(ID_TRACE_NAME, 105).
+-define(ID_TRACE_TREE_PIDS, 106).
+-define(ID_TRACE_TREE_NAMES, 107).
+
+start_link(Notebook, Parent) ->
+    wx_object:start_link(?MODULE, [Notebook, Parent], []).
+
+init([Notebook, Parent]) ->
+    Panel = wxPanel:new(Notebook, [{size, wxWindow:getClientSize(Notebook)},
+				   {winid, 1}
+				  ]),
+    Main = wxBoxSizer:new(?wxHORIZONTAL),
+    Splitter = wxSplitterWindow:new(Panel, [{size, wxWindow:getClientSize(Panel)},
+					    {style, ?wxSP_LIVE_UPDATE},
+					    {id, 2}
+					   ]),
+    Apps = wxListBox:new(Splitter, 3, []),
+    %% Need extra panel and sizer to get correct size updates
+    %% in draw area for some reason
+    P2 = wxPanel:new(Splitter, [{winid, 4}]),
+    Extra = wxBoxSizer:new(?wxVERTICAL),
+    DrawingArea = wxScrolledWindow:new(P2, [{winid, ?DRAWAREA},
+					    {style,?wxFULL_REPAINT_ON_RESIZE}]),
+    wxWindow:setBackgroundColour(DrawingArea, ?wxWHITE),
+    wxWindow:setVirtualSize(DrawingArea, 800, 800),
+    wxSplitterWindow:setMinimumPaneSize(Splitter,50),
+    wxSizer:add(Extra, DrawingArea, [{flag, ?wxEXPAND},{proportion, 1}]),
+    wxWindow:setSizer(P2, Extra),
+    wxSplitterWindow:splitVertically(Splitter, Apps, P2, [{sashPosition, 150}]),
+    wxWindow:setSizer(Panel, Main),
+
+    wxSizer:add(Main, Splitter, [{flag, ?wxEXPAND bor ?wxALL},
+				 {proportion, 1}, {border, 5}]),
+    wxWindow:setSizer(Panel, Main),
+    wxListBox:connect(Apps, command_listbox_selected),
+    wxPanel:connect(DrawingArea, paint, [callback]),
+    wxPanel:connect(DrawingArea, size, [{skip, true}]),
+    wxPanel:connect(DrawingArea, left_up),
+    wxPanel:connect(DrawingArea, left_dclick),
+    wxPanel:connect(DrawingArea, right_down),
+
+    DefFont  = wxSystemSettings:getFont(?wxSYS_DEFAULT_GUI_FONT),
+    SelCol   = wxSystemSettings:getColour(?wxSYS_COLOUR_HIGHLIGHT),
+    SelBrush = wxBrush:new(SelCol),
+    LinkPen  = wxPen:new(SelCol, [{width, 2}]),
+    %%  GC = wxGraphicsContext:create(DrawingArea),
+    %%  _Font = wxGraphicsContext:createFont(GC, DefFont),
+    {Panel, #state{parent=Parent,
+		   panel =Panel,
+		   apps_w=Apps,
+		   app_w =DrawingArea,
+		   paint=#paint{font= DefFont,
+				pen=  ?wxBLACK_PEN,
+				brush=?wxLIGHT_GREY_BRUSH,
+				sel=  SelBrush,
+				links=LinkPen
+			       }
+		  }}.
+
+setup_scrollbar(AppWin, App) ->
+    setup_scrollbar(wxWindow:getClientSize(AppWin), AppWin, App).
+
+setup_scrollbar({CW, CH}, AppWin, #app{dim={W0,H0}}) ->
+    W = max(W0,CW),
+    H = max(H0,CH),
+    PPC = 20,
+    if W0 =< CW, H0 =< CH ->
+	    wxScrolledWindow:setScrollbars(AppWin, W, H, 1, 1);
+       H0 =< CH ->
+	    wxScrolledWindow:setScrollbars(AppWin, PPC, H, W div PPC+1, 1);
+       W0 =< CW ->
+	    wxScrolledWindow:setScrollbars(AppWin, W, PPC, 1, H div PPC+1);
+       true ->
+	    wxScrolledWindow:setScrollbars(AppWin, PPC, PPC, W div PPC+1, H div PPC+1)
+    end;
+setup_scrollbar(_, _, undefined) -> ok.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+handle_event(#wx{event=#wxCommand{type=command_listbox_selected, cmdString=AppStr}},
+	     State = #state{appmon=AppMon, current=Prev}) ->
+    case AppStr of
+	[] ->
+	    {noreply, State};
+	_ ->
+	    App = list_to_atom(AppStr),
+	    (Prev =/= undefined) andalso appmon_info:app(AppMon, Prev, false, []),
+	    appmon_info:app(AppMon, App, true, []),
+	    {noreply, State#state{current=App}}
+    end;
+
+handle_event(#wx{id=Id, event=_Sz=#wxSize{size=Size}},
+	     State=#state{app=App, app_w=AppWin}) ->
+    Id =:= ?DRAWAREA andalso setup_scrollbar(Size,AppWin,App),
+    {noreply, State};
+
+handle_event(#wx{event=#wxMouse{type=Type, x=X0, y=Y0}},
+	     S0=#state{app=#app{ptree=Tree}, app_w=AppWin}) ->
+    {X,Y} = wxScrolledWindow:calcUnscrolledPosition(AppWin, X0, Y0),
+    Hit   = locate_node(X,Y, [Tree]),
+    State = handle_mouse_click(Hit, Type, S0),
+    {noreply, State};
+
+handle_event(#wx{event=#wxCommand{type=command_menu_selected}},
+	     State = #state{sel=undefined}) ->
+    observer_lib:display_info_dialog("Select process first"),
+    {noreply, State};
+
+handle_event(#wx{id=?ID_PROC_INFO, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{panel=Panel, sel={#box{s1=#str{pid=Pid}},_}}) ->
+    observer_procinfo:start(Pid, Panel, self()),
+    {noreply, State};
+
+handle_event(#wx{id=?ID_PROC_MSG, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{panel=Panel, sel={#box{s1=#str{pid=Pid}},_}}) ->
+    case observer_lib:user_term(Panel, "Enter message", "") of
+	cancel ->         ok;
+	{ok, Term} ->     Pid ! Term;
+	{error, Error} -> observer_lib:display_info_dialog(Error)
+    end,
+    {noreply, State};
+
+handle_event(#wx{id=?ID_PROC_KILL, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{panel=Panel, sel={#box{s1=#str{pid=Pid}},_}}) ->
+    case observer_lib:user_term(Panel, "Enter Exit Reason", "") of
+	cancel ->         ok;
+	{ok, Term} ->     exit(Pid, Term);
+	{error, Error} -> observer_lib:display_info_dialog(Error)
+    end,
+    {noreply, State};
+
+%%% Trace api
+handle_event(#wx{id=?ID_TRACE_PID, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{sel={Box,_}}) ->
+    observer_trace_wx:add_processes(observer_wx:get_tracer(), [box_to_pid(Box)]),
+    {noreply, State};
+handle_event(#wx{id=?ID_TRACE_NAME, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{sel={Box,_}}) ->
+    observer_trace_wx:add_processes(observer_wx:get_tracer(), [box_to_reg(Box)]),
+    {noreply, State};
+handle_event(#wx{id=?ID_TRACE_TREE_PIDS, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{sel=Sel}) ->
+    Get = fun(Box) -> box_to_pid(Box) end,
+    observer_trace_wx:add_processes(observer_wx:get_tracer(), tree_map(Sel, Get)),
+    {noreply, State};
+handle_event(#wx{id=?ID_TRACE_TREE_NAMES, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{sel=Sel}) ->
+    Get = fun(Box) -> box_to_reg(Box) end,
+    observer_trace_wx:add_processes(observer_wx:get_tracer(), tree_map(Sel, Get)),
+    {noreply, State};
+
+handle_event(Event, _State) ->
+    error({unhandled_event, Event}).
+
+%%%%%%%%%%
+handle_sync_event(#wx{event = #wxPaint{}},_,
+		  #state{app_w=DA, app=App, sel=Sel, paint=Paint}) ->
+    %% PaintDC must be created in a callback to work on windows.
+    DC = wxPaintDC:new(DA),
+    wxScrolledWindow:doPrepareDC(DA,DC),
+    %% Nothing is drawn until wxPaintDC is destroyed.
+    draw(DC, App, Sel, Paint),
+    wxPaintDC:destroy(DC),
+    ok.
+%%%%%%%%%%
+handle_call(Event, From, _State) ->
+    error({unhandled_call, Event, From}).
+
+handle_cast(Event, _State) ->
+    error({unhandled_cast, Event}).
+%%%%%%%%%%
+handle_info({active, Node}, State = #state{parent=Parent, current=Curr, appmon=Appmon}) ->
+    create_menus(Parent, []),
+    {ok, Pid} = appmon_info:start_link(Node, self(), []),
+    case Appmon of
+	undefined -> ok;
+	Pid -> ok;
+	_ -> %% Deregister me as client (and stop appmon if last)
+	    exit(Appmon, normal)
+    end,
+    appmon_info:app_ctrl(Pid, Node, true, []),
+    (Curr =/= undefined) andalso appmon_info:app(Pid, Curr, true, []),
+    {noreply, State#state{appmon=Pid}};
+
+handle_info(not_active, State = #state{appmon=AppMon, current=Prev}) ->
+    appmon_info:app_ctrl(AppMon, node(AppMon), false, []),
+    (Prev =/= undefined) andalso appmon_info:app(AppMon, Prev, false, []),
+    {noreply, State};
+
+handle_info({delivery, Pid, app_ctrl, _, Apps0},
+	    State = #state{appmon=Pid, apps_w=LBox}) ->
+    Apps = [atom_to_list(App) || {_, App, {_, _, _}} <- Apps0],
+    wxListBox:clear(LBox),
+    wxListBox:appendStrings(LBox, [App || App <- lists:sort(Apps)]),
+    {noreply, State};
+
+handle_info({delivery, _Pid, app, _Curr, {[], [], [], []}},
+	    State = #state{panel=Panel}) ->
+    wxWindow:refresh(Panel),
+    {noreply, State#state{app=undefined, sel=undefined}};
+
+handle_info({delivery, Pid, app, Curr, AppData},
+	    State = #state{panel=Panel, appmon=Pid, current=Curr,
+			   app_w=AppWin, paint=#paint{font=Font}}) ->
+    App = build_tree(AppData, {AppWin,Font}),
+    setup_scrollbar(AppWin, App),
+    wxWindow:refresh(Panel),
+    wxWindow:layout(Panel),
+    {noreply, State#state{app=App, sel=undefined}};
+
+handle_info(_Event, State) ->
+    %% io:format("~p:~p: ~p~n",[?MODULE,?LINE,_Event]),
+    {noreply, State}.
+
+%%%%%%%%%%
+terminate(_Event, _State) ->
+    ok.
+code_change(_, _, State) ->
+    State.
+
+handle_mouse_click(Node = {#box{s1=#str{pid=Pid}},_}, Type,
+		   State=#state{app_w=AppWin,panel=Panel}) ->
+    case Type of
+	left_dclick -> observer_procinfo:start(Pid, Panel, self());
+	right_down ->    popup_menu(Panel);
+	_ ->           ok
+    end,
+    wxWindow:refresh(AppWin),
+    State#state{sel=Node};
+handle_mouse_click(_, _, State = #state{sel=undefined}) ->
+    State;
+handle_mouse_click(_, right_down, State=#state{panel=Panel}) ->
+    popup_menu(Panel),
+    State;
+handle_mouse_click(_, _, State=#state{app_w=AppWin}) ->
+    wxWindow:refresh(AppWin),
+    State#state{sel=undefined}.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+create_menus(Parent, _) ->
+    MenuEntries =
+	[{"File",
+	  [#create_menu{id=?ID_PROC_INFO, text="Process info"},
+	   #create_menu{id=?ID_PROC_MSG,  text="Send Msg"},
+	   #create_menu{id=?ID_PROC_KILL, text="Kill process"}
+	  ]},
+	 {"Trace",
+	  [#create_menu{id=?ID_TRACE_PID,  text="Trace process"},
+	   #create_menu{id=?ID_TRACE_NAME, text="Trace named process"},
+	   #create_menu{id=?ID_TRACE_TREE_PIDS,  text="Trace process tree"},
+	   #create_menu{id=?ID_TRACE_TREE_NAMES,  text="Trace named process tree"}
+	  ]}],
+    observer_wx:create_menus(Parent, MenuEntries).
+
+popup_menu(Panel) ->
+    Menu = wxMenu:new(),
+    wxMenu:append(Menu, ?ID_PROC_INFO,  "Process info"),
+    wxMenu:append(Menu, ?ID_TRACE_PID,  "Trace process"),
+    wxMenu:append(Menu, ?ID_TRACE_NAME, "Trace named process"),
+    wxMenu:append(Menu, ?ID_TRACE_TREE_PIDS, "Trace process tree"),
+    wxMenu:append(Menu, ?ID_TRACE_TREE_NAMES, "Trace named process tree"),
+    wxWindow:popupMenu(Panel, Menu),
+    wxMenu:destroy(Menu).
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+locate_node(X, _Y, [{Box=#box{x=BX}, _Chs}|_Rest])
+  when X < BX ->
+    {left, Box};
+locate_node(X,Y, [Node={Box=#box{x=BX,y=BY,w=BW,h=BH}, _Chs}|Rest])
+  when X =< (BX+BW)->
+    if
+	Y < BY -> {above, Box}; %% Above
+	Y =< (BY+BH) -> Node;
+	true -> locate_node(X,Y,Rest)
+    end;
+locate_node(X,Y, [{_, Chs}|Rest]) ->
+    case locate_node(X,Y,Chs) of
+	Node = {#box{},_} -> Node;
+	_Miss ->
+	    locate_node(X,Y,Rest)
+    end;
+locate_node(_, _, []) -> false.
+
+locate_box(From, [{Box=#box{s1=#str{pid=From}},_}|_]) -> Box;
+locate_box(From, [{_,Chs}|Rest]) ->
+    case locate_box(From, Chs) of
+	Box = #box{} -> Box;
+	_ -> locate_box(From, Rest)
+    end;
+locate_box(From, []) -> {false, From}.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+build_tree({Root, P2Name, Links, XLinks0}, Font) ->
+    Fam = sofs:relation_to_family(sofs:relation(Links)),
+    Name2P = gb_trees:from_orddict(lists:sort([{Name,Pid} || {Pid,Name} <- P2Name])),
+    Lookup = gb_trees:from_orddict(sofs:to_external(Fam)),
+    {_, Tree0} = build_tree2(Root, Lookup, Name2P, Font),
+    {Tree, Dim} = calc_tree_size(Tree0),
+    Fetch = fun({From, To}, Acc) ->
+		    try {value, ToPid} = gb_trees:lookup(To, Name2P),
+			 FromPid = gb_trees:get(From, Name2P),
+			 [{locate_box(FromPid, [Tree]),locate_box(ToPid, [Tree])}|Acc]
+		    catch _:_ ->
+			    Acc
+		    end
+	    end,
+    XLinks = lists:foldl(Fetch, [], XLinks0),
+    #app{ptree=Tree, dim=Dim, links=XLinks}.
+
+build_tree2(Root, Tree0, N2P, Font) ->
+    case gb_trees:lookup(Root, Tree0) of
+	none -> {Tree0, {box(Root, N2P, Font), []}};
+	{value, Children} ->
+	    Tree1 = gb_trees:delete(Root, Tree0),
+	    {Tree, CHs} = lists:foldr(fun("port " ++_, Acc) ->
+					      Acc; %% Skip ports
+					 (Child,{T0, Acc}) ->
+					      {T, C} = build_tree2(Child, T0, N2P, Font),
+					      {T, [C|Acc]}
+				      end, {Tree1, []}, Children),
+	    {Tree, {box(Root, N2P, Font), CHs}}
+    end.
+
+calc_tree_size(Tree) ->
+    Cols = calc_col_start(Tree, [0]),
+    {Boxes,{W,Hs}} = calc_tree_size(Tree, Cols, ?BB_X, [?BB_Y]),
+    {Boxes, {W,lists:max(Hs)}}.
+
+calc_col_start({#box{w=W}, Chs}, [Max|Acc0]) ->
+    Acc = if Acc0 == [] -> [0]; true -> Acc0 end,
+    Depth = lists:foldl(fun(Child, MDepth) -> calc_col_start(Child, MDepth) end,
+			Acc, Chs),
+    [max(W,Max)|Depth].
+
+calc_tree_size({Box=#box{w=W,h=H}, []}, _, X, [Y|Ys]) ->
+    {{Box#box{x=X,y=Y}, []}, {X+W+?BB_X,[Y+H+?BB_Y|Ys]}};
+calc_tree_size({Box, Children}, [Col|Cols], X, [H0|Hs0]) ->
+    Hs1 = calc_row_start(Children, H0, Hs0),
+    StartX = X+Col+?BB_X,
+    {Boxes, {W,Hs}} = calc_tree_sizes(Children, Cols, StartX, StartX, Hs1, []),
+    Y = middle(Boxes, H0),
+    H = Y+Box#box.h+?BB_Y,
+    {{Box#box{x=X,y=Y}, Boxes}, {W,[H|Hs]}}.
+
+calc_tree_sizes([Child|Chs], Cols, X0, W0, Hs0, Acc) ->
+    {Tree, {W,Hs}} = calc_tree_size(Child, Cols, X0, Hs0),
+    calc_tree_sizes(Chs, Cols, X0, max(W,W0), Hs, [Tree|Acc]);
+calc_tree_sizes([], _, _, W,Hs, Acc) ->
+    {lists:reverse(Acc), {W,Hs}}.
+
+calc_row_start(Chs = [{#box{h=H},_}|_], Start, Hs0) ->
+    NChs = length(Chs),
+    Wanted = (H*NChs + ?BB_Y*(NChs-1)) div 2 - H div 2,
+    case Hs0 of
+	[] -> [max(?BB_Y, Start - Wanted)];
+	[Next|Hs] ->
+	    [max(Next, Start - Wanted)|Hs]
+    end.
+
+middle([], Y) -> Y;
+middle([{#box{y=Y}, _}], _) -> Y;
+middle([{#box{y=Y0},_}|List], _) ->
+    {#box{y=Y1},_} = lists:last(List),
+    (Y0+Y1) div 2.
+
+box(Str0, N2P, {Win,Font}) ->
+    Pid = gb_trees:get(Str0, N2P),
+    Str = if hd(Str0) =:= $< -> lists:append(io_lib:format("~w", [Pid]));
+	     true -> Str0
+	  end,
+    {TW,TH, _, _} = wxWindow:getTextExtent(Win, Str, [{theFont, Font}]),
+    Data = #str{text=Str, x=?BX_HE, y=?BY_HE, pid=Pid},
+    %% Add pid
+    #box{w=TW+?BX_E, h=TH+?BY_E, s1=Data}.
+
+box_to_pid(#box{s1=#str{pid=Pid}}) -> Pid.
+box_to_reg(#box{s1=#str{text=[$<|_], pid=Pid}}) -> Pid;
+box_to_reg(#box{s1=#str{text=Name}}) -> list_to_atom(Name).
+
+tree_map({Box, Chs}, Fun) ->
+    tree_map(Chs, Fun, [Fun(Box)]).
+tree_map([{Box, Chs}|Rest], Fun, Acc0) ->
+    Acc = tree_map(Chs, Fun, [Fun(Box)|Acc0]),
+    tree_map(Rest, Fun, Acc);
+tree_map([], _ , Acc) -> Acc.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+draw(_DC, undefined, _, _) ->
+    ok;
+draw(DC, #app{dim={_W,_H}, ptree=Tree, links=Links}, Sel,
+     #paint{font=Font, pen=Pen, brush=Brush, links=LPen, sel=SelBrush}) ->
+    %% Canvas = wxGraphicsContext:create(DC),
+    %% Pen    = wxGraphicsContext:createPen(Canvas, ?wxBLACK_PEN),
+    %% wxGraphicsContext:setPen(Canvas, Pen),
+    %% Brush = wxGraphicsContext:createBrush(Canvas, ?wxLIGHT_GREY_BRUSH),
+    %% wxGraphicsContext:setBrush(Canvas, Brush),
+    %% Font  = wxGraphicsContext:createFont(Canvas, wxSystemSettings:getFont(?wxSYS_DEFAULT_GUI_FONT)),
+    %% wxGraphicsContext:setFont(Canvas, Font),
+    %% draw_tree(Tree, Canvas).
+    wxDC:setPen(DC, LPen),
+    [draw_xlink(Link, DC) || Link <- Links],
+    wxDC:setPen(DC, Pen),
+    %% wxDC:drawRectangle(DC, {2,2}, {W-2,H-2}), %% DEBUG
+    wxDC:setBrush(DC, Brush),
+    wxDC:setFont(DC, Font),
+    draw_tree(Tree, root, DC),
+    case Sel of
+	undefined -> ok;
+	{#box{x=X,y=Y,w=W,h=H,s1=Str1}, _} ->
+	    wxDC:setBrush(DC, SelBrush),
+	    wxDC:drawRoundedRectangle(DC, {X-1,Y-1}, {W+2,H+2}, 8.0),
+	    draw_str(DC, Str1, X, Y)
+    end.
+
+draw_tree({Box=#box{x=X,y=Y,w=W,h=H,s1=Str1}, Chs}, Parent, DC) ->
+    %%wxGraphicsContext:drawRoundedRectangle(DC, float(X), float(Y), float(W), float(H), 8.0),
+    wxDC:drawRoundedRectangle(DC, {X,Y}, {W,H}, 8.0),
+    draw_str(DC, Str1, X, Y),
+    Dot = case Chs of
+	      [] -> ok;
+	      [{#box{x=CX0},_}|_] ->
+		  CY = Y+(H div 2),
+		  CX = CX0-(?BB_X div 2),
+		  wxDC:drawLine(DC, {X+W, CY}, {CX, CY}),
+		  {CX, CY}
+	  end,
+    draw_link(Parent, Box, DC),
+    [draw_tree(Child, Dot, DC) || Child <- Chs].
+
+draw_link({CX,CY}, #box{x=X,y=Y0,h=H}, DC) ->
+    Y = Y0+(H div 2),
+    case Y =:= CY of
+	true ->
+	    wxDC:drawLine(DC, {CX, CY}, {X, CY});
+	false ->
+	    wxDC:drawLines(DC, [{CX, CY}, {CX, Y}, {X,Y}])
+    end;
+draw_link(_, _, _) -> ok.
+
+draw_xlink({#box{x=X0, y=Y0, h=BH}, #box{x=X1, y=Y1}}, DC)
+  when X0 =:= X1 ->
+    draw_xlink(X0,Y0,X1,Y1,BH,DC);
+draw_xlink({#box{x=X0, y=Y0, h=BH, w=BW}, #box{x=X1, y=Y1}}, DC)
+  when X0 < X1 ->
+    draw_xlink(X0+BW,Y0,X1,Y1,BH,DC);
+draw_xlink({#box{x=X0, y=Y0, h=BH}, #box{x=X1, w=BW, y=Y1}}, DC)
+  when X0 > X1 ->
+    draw_xlink(X1+BW,Y1,X0,Y0,BH,DC);
+draw_xlink({_From, _To}, _DC) ->
+    ignore.
+draw_xlink(X0, Y00, X1, Y11, BH, DC) ->
+    {Y0,Y1} = if Y00 < Y11 -> {Y00+BH-6, Y11+6};
+		 true -> {Y00+6, Y11+BH-6}
+	      end,
+    wxDC:drawLines(DC, [{X0,Y0}, {X0+5,Y0}, {X1-5,Y1}, {X1,Y1}]).
+
+draw_str(DC, #str{x=Sx,y=Sy, text=Text}, X, Y) ->
+    %%wxGraphicsContext:drawText(DC, Text, float(Sx+X), float(Sy+Y));
+    wxDC:drawText(DC, Text, {X+Sx,Y+Sy});
+draw_str(_, _, _, _) -> ok.
diff --git a/lib/observer/src/observer_defs.hrl b/lib/observer/src/observer_defs.hrl
index d83a1e2fa5..586e7bbff9 100644
--- a/lib/observer/src/observer_defs.hrl
+++ b/lib/observer/src/observer_defs.hrl
@@ -16,16 +16,6 @@
 %%
 %% %CopyrightEnd%
 
--record(trace_options, {send         = false,
-			treceive     = false,
-			functions    = false,
-			events       = false,
-			on_1st_spawn = false,
-			on_all_spawn = false,
-			on_1st_link  = false,
-			on_all_link  = false,
-			main_window  = true}).
-
 -record(match_spec, {name = "",
 		     term = [],
 		     str  = [],
@@ -37,15 +27,10 @@
 		      arity, %integer
 		      match_spec = #match_spec{}}).
 
--record(on_spawn, {checkbox, all_spawn, first_spawn}).
-
--record(on_link, {checkbox, all_link, first_link}).
-
--record(pid, {window, traced}).
-
 -record(create_menu,
 	{id,
 	 text,
+	 help = [],
 	 type = append,
 	 check = false
 	}).
diff --git a/lib/observer/src/observer_lib.erl b/lib/observer/src/observer_lib.erl
index 90c270e977..5260861497 100644
--- a/lib/observer/src/observer_lib.erl
+++ b/lib/observer/src/observer_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2011. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -19,11 +19,12 @@
 -module(observer_lib).
 
 -export([get_wx_parent/1,
-	 display_info_dialog/1,
+	 display_info_dialog/1, user_term/3,
 	 interval_dialog/4, start_timer/1, stop_timer/1,
 	 display_info/2, fill_info/2, update_info/2, to_str/1,
 	 create_menus/3, create_menu_item/3,
-	 create_attrs/0
+	 create_attrs/0,
+	 set_listctrl_col_size/2
 	]).
 
 -include_lib("wx/include/wx.hrl").
@@ -195,6 +196,7 @@ to_str(No) when is_integer(No) ->
 to_str(Term) ->
     io_lib:format("~w", [Term]).
 
+create_menus([], _MenuBar, _Type) -> ok;
 create_menus(Menus, MenuBar, Type) ->
     Add = fun({Tag, Ms}, Index) ->
 		  create_menu(Tag, Ms, Index, MenuBar, Type)
@@ -239,15 +241,21 @@ create_menu(Name, MenuItems, Index, MenuBar, _Type) ->
 create_menu_item(#create_menu{id = ?wxID_HELP=Id}, Menu, Index) ->
     wxMenu:insert(Menu, Index, Id),
     Index+1;
-create_menu_item(#create_menu{id = Id, text = Text, type = Type, check = Check}, Menu, Index) ->
+create_menu_item(#create_menu{id=Id, text=Text, help=Help, type=Type, check=Check},
+		 Menu, Index) ->
+    Opts = case Help of
+	       [] -> [];
+	       _ -> [{help, Help}]
+	   end,
     case Type of
 	append ->
-	    wxMenu:insert(Menu, Index, Id, [{text, Text}]);
+	    wxMenu:insert(Menu, Index, Id,
+			  [{text, Text}|Opts]);
 	check ->
-	    wxMenu:insertCheckItem(Menu, Index, Id, Text),
+	    wxMenu:insertCheckItem(Menu, Index, Id, Text, Opts),
 	    wxMenu:check(Menu, Id, Check);
 	radio ->
-	    wxMenu:insertRadioItem(Menu, Index, Id, Text),
+	    wxMenu:insertRadioItem(Menu, Index, Id, Text, Opts),
 	    wxMenu:check(Menu, Id, Check);
 	separator ->
 	    wxMenu:insertSeparator(Menu, Index)
@@ -295,3 +303,73 @@ create_box(Panel, Data) ->
     wxSizer:add(Box, Right),
     wxSizer:addSpacer(Box, 30),
     {Box, InfoFields}.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+set_listctrl_col_size(LCtrl, Total) ->
+    wx:batch(fun() -> calc_last(LCtrl, Total) end).
+
+calc_last(LCtrl, _Total) ->
+    Cols = wxListCtrl:getColumnCount(LCtrl),
+    {Total, _} = wxWindow:getClientSize(LCtrl),
+    SBSize = scroll_size(LCtrl),
+    Last = lists:foldl(fun(I, Last) ->
+			       Last - wxListCtrl:getColumnWidth(LCtrl, I)
+		       end, Total-SBSize, lists:seq(0, Cols - 2)),
+    Size = max(150, Last),
+    wxListCtrl:setColumnWidth(LCtrl, Cols-1, Size).
+
+scroll_size(LCtrl) ->
+    case os:type() of
+	{win32, nt} -> 0;
+	{unix, darwin} ->
+	    %% I can't figure out is there is a visible scrollbar
+	    %% Always make room for it
+	    wxSystemSettings:getMetric(?wxSYS_VSCROLL_X);
+	_ ->
+	    case wxWindow:hasScrollbar(LCtrl, ?wxVERTICAL) of
+		true -> wxSystemSettings:getMetric(?wxSYS_VSCROLL_X);
+		false -> 0
+	    end
+    end.
+
+
+user_term(Parent, Title, Default) ->
+    Dialog = wxTextEntryDialog:new(Parent, Title, [{value, Default}]),
+    case wxTextEntryDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    Str = wxTextEntryDialog:getValue(Dialog),
+	    wxTextEntryDialog:destroy(Dialog),
+	    parse_string(ensure_last_is_dot(Str));
+	?wxID_CANCEL ->
+	    wxTextEntryDialog:destroy(Dialog),
+	    cancel
+    end.
+
+parse_string(Str) ->
+    try
+	Tokens = case erl_scan:string(Str) of
+		     {ok, Ts, _} -> Ts;
+		     {error, {_SLine, SMod, SError}, _} ->
+			 throw(io_lib:format("~s", [SMod:format_error(SError)]))
+		 end,
+	case erl_parse:parse_term(Tokens) of
+	    {error, {_PLine, PMod, PError}} ->
+		throw(io_lib:format("~s", [PMod:format_error(PError)]));
+	    Res -> Res
+	end
+    catch
+	throw:ErrStr ->
+	    {error, ErrStr};
+	_:_Err ->
+	    {error, ["Syntax error in: ", Str]}
+    end.
+
+ensure_last_is_dot([]) ->
+    ".";
+ensure_last_is_dot(String) ->
+    case lists:last(String) =:= $. of
+	true ->
+	    String;
+	false ->
+	    String ++ "."
+    end.
diff --git a/lib/observer/src/observer_pro_wx.erl b/lib/observer/src/observer_pro_wx.erl
index cfc1c0665f..7578215ff9 100644
--- a/lib/observer/src/observer_pro_wx.erl
+++ b/lib/observer/src/observer_pro_wx.erl
@@ -32,22 +32,29 @@
 
 %% Defines
 -define(COL_PID,  0).
--define(COL_NAME, 1).
--define(COL_TIME, 2).
--define(COL_REDS, 3).
--define(COL_MEM,  4).
--define(COL_MSG,  5).
--define(COL_FUN,  6).
+-define(COL_NAME, ?COL_PID+1).
+%%-define(COL_TIME, 2).
+-define(COL_REDS, ?COL_NAME+1).
+-define(COL_MEM,  ?COL_REDS+1).
+-define(COL_MSG,  ?COL_MEM+1).
+-define(COL_FUN,  ?COL_MSG+1).
 
 -define(ID_KILL, 201).
 -define(ID_PROC, 202).
 -define(ID_REFRESH, 203).
 -define(ID_REFRESH_INTERVAL, 204).
 -define(ID_DUMP_TO_FILE, 205).
--define(ID_TRACEMENU, 206).
--define(ID_TRACE_ALL_MENU, 207).
--define(ID_TRACE_NEW_MENU, 208).
--define(ID_ACCUMULATE, 209).
+-define(ID_TRACE_PIDS, 206).
+-define(ID_TRACE_NAMES, 207).
+-define(ID_TRACE_NEW, 208).
+-define(ID_TRACE_ALL, 209).
+-define(ID_ACCUMULATE, 210).
+
+-define(TRACE_PIDS_STR, "Trace selected process identifiers").
+-define(TRACE_NAMES_STR, "Trace selected processes, "
+	"if a process have a registered name "
+	"processes with same name will be traced on all nodes").
+
 
 %% Records
 
@@ -98,12 +105,9 @@ setup(Notebook, Parent, Holder) ->
 
     wxWindow:setSizer(ProPanel, Sizer),
 
-    Popup = create_popup_menu(ProPanel),
-
     State = #state{parent=Parent,
 		   grid=Grid,
 		   panel=ProPanel,
-		   popup_menu=Popup,
 		   parent_notebook=Notebook,
 		   holder=Holder,
 		   timer={false, 10}
@@ -124,34 +128,14 @@ create_pro_menu(Parent, Holder) ->
 		     #create_menu{id=?ID_REFRESH, text="Refresh\tCtrl-R"},
 		     #create_menu{id=?ID_REFRESH_INTERVAL, text="Refresh Interval"}]},
 		   {"Trace",
-		    [#create_menu{id=?ID_TRACEMENU, text="Trace selected processes"},
-		     #create_menu{id=?ID_TRACE_NEW_MENU, text="Trace new processes"}
+		    [#create_menu{id=?ID_TRACE_PIDS, text="Trace processes"},
+		     #create_menu{id=?ID_TRACE_NAMES, text="Trace named processes (all nodes)"},
+		     #create_menu{id=?ID_TRACE_NEW, text="Trace new processes"}
 		     %% , #create_menu{id=?ID_TRACE_ALL_MENU, text="Trace all processes"}
 		    ]}
 		  ],
     observer_wx:create_menus(Parent, MenuEntries).
 
-create_popup_menu(ParentFrame) ->
-    MiniFrame = wxMiniFrame:new(ParentFrame, ?wxID_ANY, "Options", [{style, ?wxFRAME_FLOAT_ON_PARENT}]),
-    Panel = wxPanel:new(MiniFrame),
-    Sizer = wxBoxSizer:new(?wxVERTICAL),
-    TraceBtn = wxButton:new(Panel, ?ID_TRACEMENU, [{label, "Trace selected"},
-						   {style, ?wxNO_BORDER}]),
-    ProcBtn = wxButton:new(Panel, ?ID_PROC, [{label, "Process info"},
-					     {style, ?wxNO_BORDER}]),
-    KillBtn = wxButton:new(Panel, ?ID_KILL, [{label, "Kill process"},
-					     {style, ?wxNO_BORDER}]),
-
-    wxButton:connect(TraceBtn, command_button_clicked),
-    wxButton:connect(ProcBtn, command_button_clicked),
-    wxButton:connect(KillBtn, command_button_clicked),
-    wxSizer:add(Sizer, TraceBtn, [{flag, ?wxEXPAND}, {proportion, 1}]),
-    wxSizer:add(Sizer, ProcBtn, [{flag, ?wxEXPAND}, {proportion, 1}]),
-    wxSizer:add(Sizer, KillBtn, [{flag, ?wxEXPAND}, {proportion, 1}]),
-    wxPanel:setSizer(Panel, Sizer),
-    wxSizer:setSizeHints(Sizer, MiniFrame),
-    MiniFrame.
-
 create_list_box(Panel, Holder) ->
     Style = ?wxLC_REPORT bor ?wxLC_VIRTUAL bor ?wxLC_HRULES,
     ListCtrl = wxListCtrl:new(Panel, [{style, Style},
@@ -174,7 +158,7 @@ create_list_box(Panel, Holder) ->
 		   end,
     ListItems = [{"Pid", ?wxLIST_FORMAT_CENTRE,  120},
 		 {"Name or Initial Func", ?wxLIST_FORMAT_LEFT, 200},
-		 {"Time", ?wxLIST_FORMAT_CENTRE, 50},
+%%		 {"Time", ?wxLIST_FORMAT_CENTRE, 50},
 		 {"Reds", ?wxLIST_FORMAT_RIGHT, 100},
 		 {"Memory", ?wxLIST_FORMAT_RIGHT, 100},
 		 {"MsgQ",  ?wxLIST_FORMAT_RIGHT, 50},
@@ -257,10 +241,6 @@ handle_info(not_active, #state{timer=Timer0}=State) ->
     Timer = observer_lib:stop_timer(Timer0),
     {noreply, State#state{timer=Timer}};
 
-handle_info({node, Node}, #state{holder=Holder}=State) ->
-    Holder ! {change_node, Node},
-    {noreply, State};
-
 handle_info(Info, State) ->
     io:format("~p:~p, Unexpected info: ~p~n", [?MODULE, ?LINE, Info]),
     {noreply, State}.
@@ -314,25 +294,17 @@ handle_event(#wx{id=?ID_REFRESH_INTERVAL},
     Timer = observer_lib:interval_dialog(Panel, Timer0, 1, 5*60),
     {noreply, State#state{timer=Timer}};
 
-handle_event(#wx{id=?ID_KILL},
-	     #state{popup_menu=Pop,sel={[_|Ids], [ToKill|Pids]}}=State) ->
-    wxWindow:show(Pop, [{show, false}]),
+handle_event(#wx{id=?ID_KILL}, #state{sel={[_|Ids], [ToKill|Pids]}}=State) ->
     exit(ToKill, kill),
     {noreply, State#state{sel={Ids,Pids}}};
 
 
-handle_event(#wx{id = ?ID_PROC},
-	     #state{panel=Panel,
-		    popup_menu=Pop,
-		    sel={_, [Pid|_]},
-		    procinfo_menu_pids=Opened}=State) ->
-    wxWindow:show(Pop, [{show, false}]),
+handle_event(#wx{id=?ID_PROC},
+	     #state{panel=Panel, sel={_, [Pid|_]},procinfo_menu_pids=Opened}=State) ->
     Opened2 = start_procinfo(Pid, Panel, Opened),
     {noreply, State#state{procinfo_menu_pids=Opened2}};
 
-handle_event(#wx{id = ?ID_TRACEMENU},
-	     #state{popup_menu=Pop, sel={_, Pids}, panel=Panel}=State)  ->
-    wxWindow:show(Pop, [{show, false}]),
+handle_event(#wx{id=?ID_TRACE_PIDS}, #state{sel={_, Pids}, panel=Panel}=State)  ->
     case Pids of
 	[] ->
 	    observer_wx:create_txt_dialog(Panel, "No selected processes", "Tracer", ?wxICON_EXCLAMATION),
@@ -342,50 +314,54 @@ handle_event(#wx{id = ?ID_TRACEMENU},
 	    {noreply,  State}
     end;
 
-handle_event(#wx{id=?ID_TRACE_NEW_MENU, event=#wxCommand{type=command_menu_selected}}, State) ->
+handle_event(#wx{id=?ID_TRACE_NAMES}, #state{sel={SelIds,_Pids}, holder=Holder, panel=Panel}=State)  ->
+    case SelIds of
+	[] ->
+	    observer_wx:create_txt_dialog(Panel, "No selected processes", "Tracer", ?wxICON_EXCLAMATION),
+	    {noreply, State};
+	_ ->
+	    PidsOrReg = call(Holder, {get_name_or_pid, self(), SelIds}),
+	    observer_trace_wx:add_processes(observer_wx:get_tracer(), PidsOrReg),
+	    {noreply,  State}
+    end;
+
+handle_event(#wx{id=?ID_TRACE_NEW, event=#wxCommand{type=command_menu_selected}}, State) ->
     observer_trace_wx:add_processes(observer_wx:get_tracer(), [new]),
     {noreply,  State};
 
 handle_event(#wx{event=#wxSize{size={W,_}}},
 	     #state{grid=Grid}=State) ->
-    wx:batch(fun() ->
-		     Cols = wxListCtrl:getColumnCount(Grid),
-		     Last = lists:foldl(fun(I, Last) ->
-						Last - wxListCtrl:getColumnWidth(Grid, I)
-					end, W-Cols*3-?LCTRL_WDECR, lists:seq(0, Cols - 2)),
-		     Size = max(200, Last),
-		     %% io:format("Width ~p ~p => ~p~n",[W, Last, Size]),
-		     wxListCtrl:setColumnWidth(Grid, Cols-1, Size)
-	     end),
+    observer_lib:set_listctrl_col_size(Grid, W),
     {noreply, State};
 
 handle_event(#wx{event=#wxList{type=command_list_item_right_click,
 			       itemIndex=Row}},
-	     #state{popup_menu=Popup,
-		    holder=Holder}=State) ->
+	     #state{panel=Panel, holder=Holder}=State) ->
 
     case call(Holder, {get_row, self(), Row, pid}) of
 	{error, undefined} ->
-	    wxWindow:show(Popup, [{show, false}]),
 	    undefined;
 	{ok, _} ->
-	    wxWindow:move(Popup, wx_misc:getMousePosition()),
-	    wxWindow:show(Popup)
+	    Menu = wxMenu:new(),
+	    wxMenu:append(Menu, ?ID_PROC, "Process info"),
+	    wxMenu:append(Menu, ?ID_TRACE_PIDS, "Trace processes", [{help, ?TRACE_PIDS_STR}]),
+	    wxMenu:append(Menu, ?ID_TRACE_NAMES, "Trace named processes (all nodes)",
+			  [{help, ?TRACE_NAMES_STR}]),
+	    wxMenu:append(Menu, ?ID_KILL, "Kill Process"),
+	    wxWindow:popupMenu(Panel, Menu),
+	    wxMenu:destroy(Menu)
     end,
     {noreply, State};
 
 handle_event(#wx{event=#wxList{type=command_list_item_focused,
 			       itemIndex=Row}},
-	     #state{grid=Grid,popup_menu=Pop,holder=Holder} = State) ->
+	     #state{grid=Grid,holder=Holder} = State) ->
     case Row >= 0 of
 	true ->
-	    wxWindow:show(Pop, [{show, false}]),
 	    SelIds = [Row|lists:delete(Row, get_selected_items(Grid))],
 	    Pids = call(Holder, {get_pids, self(), SelIds}),
-	    %% io:format("Focused ~p -> ~p~n",[State#state.sel, {SelIds, Pids}]),
 	    {noreply, State#state{sel={SelIds, Pids}}};
 	false ->
-	    %% io:format("Focused -1~n",[]),
 	    {noreply, State}
     end;
 
@@ -448,7 +424,6 @@ set_focus([Old|_], [New|_], Grid) ->
     wxListCtrl:setItemState(Grid, Old, 0, ?wxLIST_STATE_FOCUSED),
     wxListCtrl:setItemState(Grid, New, 16#FFFF, ?wxLIST_STATE_FOCUSED).
 
-
 %%%%%%%%%%%%%%%%%%%%%%%%%%%TABLE HOLDER%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 init_table_holder(Parent, Attrs) ->
@@ -486,6 +461,9 @@ table_holder(#holder{info=#etop_info{procinfo=Info}, attrs=Attrs,
 	{get_rows_from_pids, From, Pids} ->
 	    get_rows_from_pids(From, Pids, Info),
 	    table_holder(S0);
+	{get_name_or_pid, From, Indices} ->
+	    get_name_or_pid(From, Indices, Info),
+	    table_holder(S0);
 
 	{get_node, From} ->
 	    From ! {self(), Node},
@@ -562,7 +540,7 @@ get_procinfo_data(Col, Info) ->
 col_to_element(?COL_PID)  -> #etop_proc_info.pid;
 col_to_element(?COL_NAME) -> #etop_proc_info.name;
 col_to_element(?COL_MEM)  -> #etop_proc_info.mem;
-col_to_element(?COL_TIME) -> #etop_proc_info.runtime;
+%%col_to_element(?COL_TIME) -> #etop_proc_info.runtime;
 col_to_element(?COL_REDS) -> #etop_proc_info.reds;
 col_to_element(?COL_FUN)  -> #etop_proc_info.cf;
 col_to_element(?COL_MSG)  -> #etop_proc_info.mq.
@@ -571,6 +549,14 @@ get_pids(From, Indices, ProcInfo) ->
     Processes = [(lists:nth(I+1, ProcInfo))#etop_proc_info.pid || I <- Indices],
     From ! {self(), Processes}.
 
+get_name_or_pid(From, Indices, ProcInfo) ->
+    Get = fun(#etop_proc_info{name=Name}) when is_atom(Name) -> Name;
+	     (#etop_proc_info{pid=Pid}) -> Pid
+	  end,
+    Processes = [Get(lists:nth(I+1, ProcInfo)) || I <- Indices],
+    From ! {self(), Processes}.
+
+
 get_row(From, Row, pid, Info) ->
     Pid = case Row =:= -1 of
 	      true ->  {error, undefined};
diff --git a/lib/observer/src/observer_procinfo.erl b/lib/observer/src/observer_procinfo.erl
index 127599a39e..ec08d3aff1 100644
--- a/lib/observer/src/observer_procinfo.erl
+++ b/lib/observer/src/observer_procinfo.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2011. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -41,7 +41,7 @@
 -record(worker, {panel, callback}).
 
 start(Process, ParentFrame, Parent) ->
-    wx_object:start(?MODULE, [Process, ParentFrame, Parent], []).
+    wx_object:start_link(?MODULE, [Process, ParentFrame, Parent], []).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -52,7 +52,7 @@ init([Pid, ParentFrame, Parent]) ->
 		  {registered_name, Registered} -> atom_to_list(Registered)
 	      end,
 	Frame=wxFrame:new(ParentFrame, ?wxID_ANY, [atom_to_list(node(Pid)), $:, Title],
-			  [{style, ?wxDEFAULT_FRAME_STYLE}, {size, {800,700}}]),
+			  [{style, ?wxDEFAULT_FRAME_STYLE}, {size, {850,600}}]),
 	MenuBar = wxMenuBar:new(),
 	create_menus(MenuBar),
 	wxFrame:setMenuBar(Frame, MenuBar),
@@ -75,10 +75,7 @@ init([Pid, ParentFrame, Parent]) ->
 		      }}
     catch error:{badrpc, _} ->
 	    observer_wx:return_to_localnode(ParentFrame, node(Pid)),
-	    {stop, badrpc, #state{parent=Parent, pid=Pid}};
-	  Error:Reason ->
-	    io:format("~p:~p: ~p ~p~n ~p~n",
-		      [?MODULE, ?LINE, Error, Reason, erlang:get_stacktrace()])
+	    {stop, badrpc, #state{parent=Parent, pid=Pid}}
     end.
 
 init_panel(Notebook, Str, Pid, Fun) ->
@@ -92,30 +89,27 @@ init_panel(Notebook, Str, Pid, Fun) ->
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%Callbacks%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 handle_event(#wx{event=#wxClose{type=close_window}}, State) ->
-    {stop, shutdown, State};
+    {stop, normal, State};
 
 handle_event(#wx{id=?wxID_CLOSE, event=#wxCommand{type=command_menu_selected}}, State) ->
-    {stop, shutdown, State};
+    {stop, normal, State};
 
 handle_event(#wx{id=?REFRESH}, #state{pages=Pages}=State) ->
     [(W#worker.callback)() || W <- Pages],
     {noreply, State};
 
-handle_event(Event, State) ->
-    io:format("~p: ~p, Handle event: ~p~n", [?MODULE, ?LINE, Event]),
-    {noreply, State}.
+handle_event(Event, _State) ->
+    error({unhandled_event, Event}).
 
-handle_info(Info, State) ->
-    io:format("~p: ~p, Handle info: ~p~n", [?MODULE, ?LINE, Info]),
+handle_info(_Info, State) ->
+    %% io:format("~p: ~p, Handle info: ~p~n", [?MODULE, ?LINE, Info]),
     {noreply, State}.
 
-handle_call(Call, _From, State) ->
-    io:format("~p ~p: Got call ~p~n",[?MODULE, ?LINE, Call]),
-    {reply, ok, State}.
+handle_call(Call, From, _State) ->
+    error({unhandled_call, Call, From}).
 
-handle_cast(Cast, State) ->
-    io:format("~p ~p: Got cast ~p~n", [?MODULE, ?LINE, Cast]),
-    {noreply, State}.
+handle_cast(Cast, _State) ->
+    error({unhandled_cast, Cast}).
 
 terminate(_Reason, #state{parent=Parent,pid=Pid,frame=Frame}) ->
     Parent ! {procinfo_menu_closed, Pid},
@@ -130,9 +124,14 @@ code_change(_, _, State) ->
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 init_process_page(Panel, Pid) ->
-    Fields = process_info_fields(Pid),
-    {FPanel, _, UpFields} = observer_lib:display_info(Panel, Fields),
-    {FPanel, fun() -> observer_lib:update_info(UpFields, process_info_fields(Pid)) end}.
+    Fields0 = process_info_fields(Pid),
+    {FPanel, _, UpFields} = observer_lib:display_info(Panel, Fields0),
+    {FPanel, fun() -> case process_info_fields(Pid) of
+			  Fields when is_list(Fields) ->
+			      observer_lib:update_info(UpFields, Fields);
+			  _ -> ok
+		      end
+	     end}.
 
 init_text_page(Parent) ->
     Style = ?wxTE_MULTILINE bor ?wxTE_RICH2 bor ?wxTE_READONLY,
@@ -150,16 +149,20 @@ init_message_page(Parent, Pid) ->
 		      Number+1}
 	     end,
     Update = fun() ->
-		     {messages,RawMessages} =
-			 observer_wx:try_rpc(node(Pid), erlang, process_info, [Pid, messages]),
-		     {Messages,_} = lists:mapfoldl(Format, 1, RawMessages),
-		     Last = wxTextCtrl:getLastPosition(Text),
-		     wxTextCtrl:remove(Text, 0, Last),
-		     case Messages =:= [] of
-			 true ->
-			     wxTextCtrl:writeText(Text, "No messages");
-			 false ->
-			     wxTextCtrl:writeText(Text, Messages)
+		     case observer_wx:try_rpc(node(Pid), erlang, process_info,
+					      [Pid, messages])
+		     of
+			 {messages,RawMessages} ->
+			     {Messages,_} = lists:mapfoldl(Format, 1, RawMessages),
+			     Last = wxTextCtrl:getLastPosition(Text),
+			     wxTextCtrl:remove(Text, 0, Last),
+			     case Messages =:= [] of
+				 true ->
+				     wxTextCtrl:writeText(Text, "No messages");
+				 false ->
+				     wxTextCtrl:writeText(Text, Messages)
+			     end;
+			 _ -> ok
 		     end
 	     end,
     Update(),
@@ -168,37 +171,61 @@ init_message_page(Parent, Pid) ->
 init_dict_page(Parent, Pid) ->
     Text = init_text_page(Parent),
     Update = fun() ->
-		     {dictionary,RawDict} =
-			 observer_wx:try_rpc(node(Pid), erlang, process_info, [Pid, dictionary]),
-		     Dict = [io_lib:format("~-20.w ~p~n", [K, V]) || {K, V} <- RawDict],
-		     Last = wxTextCtrl:getLastPosition(Text),
-		     wxTextCtrl:remove(Text, 0, Last),
-		     wxTextCtrl:writeText(Text, Dict)
+		     case observer_wx:try_rpc(node(Pid), erlang, process_info, [Pid, dictionary])
+		     of
+			 {dictionary,RawDict} ->
+			     Dict = [io_lib:format("~-20.w ~p~n", [K, V]) || {K, V} <- RawDict],
+			     Last = wxTextCtrl:getLastPosition(Text),
+			     wxTextCtrl:remove(Text, 0, Last),
+			     wxTextCtrl:writeText(Text, Dict);
+			 _ -> ok
+		     end
 	     end,
     Update(),
     {Text, Update}.
 
 init_stack_page(Parent, Pid) ->
-    Text = init_text_page(Parent),
-    Format = fun({Mod, Fun, Arg, Info}) ->
-		     Str = io_lib:format("~w:~w/~w", [Mod,Fun,Arg]),
-		     case Info of
-			 [{file,File},{line,Line}] ->
-			     io_lib:format("~-45.s ~s:~w~n", [Str,File,Line]);
-			 _ ->
-			     [Str,$\n]
+    LCtrl = wxListCtrl:new(Parent, [{style, ?wxLC_REPORT bor ?wxLC_HRULES}]),
+    Li = wxListItem:new(),
+    wxListItem:setText(Li, "Module:Function/Arg"),
+    wxListCtrl:insertColumn(LCtrl, 0, Li),
+    wxListCtrl:setColumnWidth(LCtrl, 0, 300),
+    wxListItem:setText(Li, "File:LineNumber"),
+    wxListCtrl:insertColumn(LCtrl, 1, Li),
+    wxListCtrl:setColumnWidth(LCtrl, 1, 300),
+    wxListItem:destroy(Li),
+    Update = fun() ->
+		     case observer_wx:try_rpc(node(Pid), erlang, process_info,
+					      [Pid, current_stacktrace])
+		     of
+			 {current_stacktrace,RawBt} ->
+			     observer_wx:try_rpc(node(Pid), erlang, process_info,
+						 [Pid, current_stacktrace]),
+			     wxListCtrl:deleteAllItems(LCtrl),
+			     wx:foldl(fun({M, F, A, Info}, Row) ->
+					      _Item = wxListCtrl:insertItem(LCtrl, Row, ""),
+					      ?EVEN(Row) andalso
+						  wxListCtrl:setItemBackgroundColour(LCtrl, Row, ?BG_EVEN),
+					      wxListCtrl:setItem(LCtrl, Row, 0, observer_lib:to_str({M,F,A})),
+					      FileLine = case Info of
+							     [{file,File},{line,Line}] ->
+								 io_lib:format("~s:~w", [File,Line]);
+							     _ ->
+								 []
+							 end,
+					      wxListCtrl:setItem(LCtrl, Row, 1, FileLine),
+					      Row+1
+				      end, 0, RawBt);
+			 _ -> ok
 		     end
 	     end,
-    Update = fun() ->
-		     {current_stacktrace,RawBt} =
-			 observer_wx:try_rpc(node(Pid), erlang, process_info,
-					     [Pid, current_stacktrace]),
-		     Last = wxTextCtrl:getLastPosition(Text),
-		     wxTextCtrl:remove(Text, 0, Last),
-		     [wxTextCtrl:writeText(Text, Format(Entry)) || Entry <- RawBt]
+    Resize = fun(#wx{event=#wxSize{size={W,_}}},Ev) ->
+		     wxEvent:skip(Ev),
+		     observer_lib:set_listctrl_col_size(LCtrl, W)
 	     end,
+    wxListCtrl:connect(LCtrl, size, [{callback, Resize}]),
     Update(),
-    {Text, Update}.
+    {LCtrl, Update}.
 
 create_menus(MenuBar) ->
     Menus = [{"File", [#create_menu{id=?wxID_CLOSE, text="Close"}]},
@@ -206,7 +233,6 @@ create_menus(MenuBar) ->
     observer_lib:create_menus(Menus, MenuBar, new_window).
 
 process_info_fields(Pid) ->
-    RawInfo = observer_wx:try_rpc(node(Pid), erlang, process_info, [Pid, item_list()]),
     Struct = [{"Overview",
 	       [{"Initial Call",     initial_call},
 		{"Current Function", current_function},
@@ -236,7 +262,12 @@ process_info_fields(Pid) ->
 		{"GC Min Heap Size", {bytes, get_gc_info(min_heap_size)}},
 		{"GC FullSweep After", get_gc_info(fullsweep_after)}
 	       ]}],
-    observer_lib:fill_info(Struct, RawInfo).
+    case observer_wx:try_rpc(node(Pid), erlang, process_info, [Pid, item_list()]) of
+	RawInfo when is_list(RawInfo) ->
+	    observer_lib:fill_info(Struct, RawInfo);
+	_ ->
+	    ok
+    end.
 
 item_list() ->
     [ %% backtrace,
diff --git a/lib/observer/src/observer_sys_wx.erl b/lib/observer/src/observer_sys_wx.erl
index ddedcf3829..09602bbd9e 100644
--- a/lib/observer/src/observer_sys_wx.erl
+++ b/lib/observer/src/observer_sys_wx.erl
@@ -24,8 +24,6 @@
 -export([init/1, handle_info/2, terminate/2, code_change/3, handle_call/3,
 	 handle_event/2, handle_cast/2]).
 
--export([sys_info/0]).
-
 -include_lib("wx/include/wx.hrl").
 -include("observer_defs.hrl").
 
@@ -48,7 +46,7 @@ start_link(Notebook, Parent) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 init([Notebook, Parent]) ->
-    SysInfo = sys_info(),
+    SysInfo = observer_backend:sys_info(),
     {Info, Stat} = info_fields(),
     Panel = wxPanel:new(Notebook),
     Sizer = wxBoxSizer:new(?wxHORIZONTAL),
@@ -73,7 +71,7 @@ create_sys_menu(Parent) ->
     observer_wx:create_menus(Parent, [View]).
 
 update_syspage(#sys_wx_state{node = Node, fields=Fields, sizer=Sizer}) ->
-    SysInfo = observer_wx:try_rpc(Node, ?MODULE, sys_info, []),
+    SysInfo = observer_wx:try_rpc(Node, observer_backend, sys_info, []),
     {Info, Stat} = info_fields(),
     observer_lib:update_info(Fields, observer_lib:fill_info(Info, SysInfo) ++
 				 observer_lib:fill_info(Stat, SysInfo)),
@@ -97,20 +95,20 @@ info_fields() ->
 	     ]}
 	   ],
     Stat = [{"Memory Usage", right,
-	     [{"Total", total},
-	      {"Processes", processes},
-	      {"Atoms", atom},
-	      {"Binaries", binary},
-	      {"Code", code},
-	      {"Ets", ets}
+	     [{"Total", {bytes, total}},
+	      {"Processes", {bytes, processes}},
+	      {"Atoms", {bytes, atom}},
+	      {"Binaries", {bytes, binary}},
+	      {"Code", {bytes, code}},
+	      {"Ets", {bytes, ets}}
 	     ]},
 	    {"Statistics", right,
-	     [{"Up time", uptime},
+	     [{"Up time", {time_ms, uptime}},
 	      {"Max Processes", process_limit},
 	      {"Processes", process_count},
 	      {"Run Queue", run_queue},
-	      {"IO Input",  io_input},
-	      {"IO Output",  io_output}
+	      {"IO Input",  {bytes, io_input}},
+	      {"IO Output", {bytes, io_output}}
 	     ]}
 	   ],
     {Info, Stat}.
@@ -126,16 +124,6 @@ handle_info(refresh_interval, #sys_wx_state{panel = Panel,
     end,
     {noreply, State};
 
-handle_info({node, Node}, #sys_wx_state{panel = Panel} = State) ->
-    UpdState = State#sys_wx_state{node = Node},
-    try
-	update_syspage(UpdState),
-	{noreply, UpdState}
-    catch error:{badrpc, _} ->
-	    observer_wx:return_to_localnode(Panel, Node),
-	    {noreply, State}
-    end;
-
 handle_info({active, Node}, #sys_wx_state{parent = Parent, panel = Panel,
 					  timer = Timer} = State) ->
     UpdState = State#sys_wx_state{node = Node},
@@ -148,7 +136,6 @@ handle_info({active, Node}, #sys_wx_state{parent = Parent, panel = Panel,
 	    {noreply, State}
     end;
 
-
 handle_info(not_active, #sys_wx_state{timer = Timer} = State) ->
     {noreply, State#sys_wx_state{timer = observer_lib:stop_timer(Timer)}};
 
@@ -188,36 +175,3 @@ handle_event(#wx{id = ?ID_REFRESH_INTERVAL,
 handle_event(Event, State) ->
     io:format("~p:~p: Unhandled event ~p\n", [?MODULE,?LINE,Event]),
     {noreply, State}.
-
-
-sys_info() ->
-    {{_,Input},{_,Output}} = erlang:statistics(io),
-    [{process_count, erlang:system_info(process_count)},
-     {process_limit, erlang:system_info(process_limit)},
-     {uptime, {time_ms, element(1, erlang:statistics(wall_clock))}},
-     {run_queue, erlang:statistics(run_queue)},
-     {io_input, {bytes, Input}},
-     {io_output, {bytes, Output}},
-     {logical_processors, erlang:system_info(logical_processors)},
-     {logical_processors_available, erlang:system_info(logical_processors_available)},
-     {logical_processors_online, erlang:system_info(logical_processors_online)},
-
-     {total, {bytes, erlang:memory(total)}},
-     %%{processes_used, erlang:memory(processes_used)},
-     {processes, {bytes, erlang:memory(processes)}},
-     %%{atom_used, erlang:memory(atom_used)},
-     {atom, {bytes, erlang:memory(atom)}},
-     {binary, {bytes, erlang:memory(binary)}},
-     {code, {bytes, erlang:memory(code)}},
-     {ets, {bytes, erlang:memory(ets)}},
-
-     {otp_release, erlang:system_info(otp_release)},
-     {version, erlang:system_info(version)},
-     {system_architecture, erlang:system_info(system_architecture)},
-     {kernel_poll, erlang:system_info(kernel_poll)},
-     {smp_support, erlang:system_info(smp_support)},
-     {threads, erlang:system_info(threads)},
-     {thread_pool_size, erlang:system_info(thread_pool_size)},
-     {wordsize_internal, erlang:system_info({wordsize, internal})},
-     {wordsize_external, erlang:system_info({wordsize, external})}
-    ].
diff --git a/lib/observer/src/observer_trace_wx.erl b/lib/observer/src/observer_trace_wx.erl
index 0ab7db121b..d0b6a1e063 100644
--- a/lib/observer/src/observer_trace_wx.erl
+++ b/lib/observer/src/observer_trace_wx.erl
@@ -27,30 +27,43 @@
 -include_lib("wx/include/wx.hrl").
 -include("observer_defs.hrl").
 
--define(OPTIONS, 301).
--define(SAVE_BUFFER, 302).
--define(CLOSE, 303).
--define(CLEAR, 304).
 -define(SAVE_TRACEOPTS, 305).
 -define(LOAD_TRACEOPTS, 306).
 -define(TOGGLE_TRACE, 307).
 -define(ADD_NEW, 308).
 -define(ADD_TP, 309).
--define(PROCESSES, 350).
--define(MODULES, 351).
--define(FUNCTIONS, 352).
--define(TRACERWIN, 353).
+-define(TRACE_OUTPUT, 310).
+-define(TRACE_DEFMS,  311).
+-define(TRACE_DEFPS,  312).
+
+-define(NODES_WIN, 330).
+-define(ADD_NODES, 331).
+-define(REMOVE_NODES, 332).
+
+-define(PROC_WIN, 340).
+-define(EDIT_PROCS, 341).
+-define(REMOVE_PROCS, 342).
+
+-define(MODULES_WIN, 350).
+
+-define(FUNCS_WIN, 360).
+-define(EDIT_FUNCS_MS, 361).
+-define(REMOVE_FUNCS_MS, 362).
+
+-define(LOG_WIN, 370).
+-define(LOG_SAVE, 321).
+-define(LOG_CLEAR, 322).
 
 -record(state,
 	{parent,
 	 panel,
-	 p_view,
-	 m_view,
-	 f_view,
+	 n_view,  p_view, m_view, f_view,  %% The listCtrl's
+	 logwin, %% The latest log window
 	 nodes = [],
 	 toggle_button,
 	 tpids = [],  %% #tpid
 	 def_trace_opts = [],
+	 output = [],
 	 tpatterns = dict:new(), % Key =:= Module::atom, Value =:= {M, F, A, MatchSpec}
 	 match_specs = []}). % [ #match_spec{} ]
 
@@ -72,26 +85,27 @@ create_window(Notebook, ParentPid) ->
     Panel = wxPanel:new(Notebook, [{size, wxWindow:getClientSize(Notebook)}]),
     Sizer = wxBoxSizer:new(?wxVERTICAL),
     Splitter = wxSplitterWindow:new(Panel, [{size, wxWindow:getClientSize(Panel)}]),
-    ProcessView = create_process_view(Splitter),
+    {NodeProcView, NodeView, ProcessView} = create_process_view(Splitter),
     {MatchSpecView,ModView,FuncView} = create_matchspec_view(Splitter),
     wxSplitterWindow:setSashGravity(Splitter, 0.5),
     wxSplitterWindow:setMinimumPaneSize(Splitter,50),
-    wxSplitterWindow:splitHorizontally(Splitter, ProcessView, MatchSpecView),
+    wxSplitterWindow:splitHorizontally(Splitter, NodeProcView, MatchSpecView),
     wxSizer:add(Sizer, Splitter, [{flag, ?wxEXPAND bor ?wxALL}, {border, 5}, {proportion, 1}]),
     %% Buttons
     Buttons = wxBoxSizer:new(?wxHORIZONTAL),
     ToggleButton = wxToggleButton:new(Panel, ?TOGGLE_TRACE, "Start Trace", []),
-    wxSizer:add(Buttons, ToggleButton),
-    New = wxButton:new(Panel, ?ADD_NEW, [{label, "Trace New Processes"}]),
-    wxSizer:add(Buttons, New),
-    ATP = wxButton:new(Panel, ?ADD_TP, [{label, "Add Trace Pattern"}]),
-    wxSizer:add(Buttons, ATP),
-    wxMenu:connect(Panel, command_togglebutton_clicked, []),
-    wxMenu:connect(Panel, command_button_clicked, []),
-    wxSizer:add(Sizer, Buttons, [{flag, ?wxALL},{border, 2}, {proportion,0}]),
+    wxSizer:add(Buttons, ToggleButton, [{flag, ?wxALIGN_CENTER_VERTICAL}]),
+    wxSizer:addSpacer(Buttons, 15),
+    wxSizer:add(Buttons, wxButton:new(Panel, ?ADD_NODES, [{label, "Add Nodes"}])),
+    wxSizer:add(Buttons, wxButton:new(Panel, ?ADD_NEW, [{label, "Add 'new' Process"}])),
+    wxSizer:add(Buttons, wxButton:new(Panel, ?ADD_TP, [{label, "Add Trace Pattern"}])),
+    wxMenu:connect(Panel, command_togglebutton_clicked, [{skip, true}]),
+    wxMenu:connect(Panel, command_button_clicked, [{skip, true}]),
+    wxSizer:add(Sizer, Buttons, [{flag, ?wxLEFT bor ?wxRIGHT bor ?wxDOWN},
+				 {border, 5}, {proportion,0}]),
     wxWindow:setSizer(Panel, Sizer),
     {Panel, #state{parent=ParentPid, panel=Panel,
-		   p_view=ProcessView, m_view=ModView, f_view=FuncView,
+		   n_view=NodeView, p_view=ProcessView, m_view=ModView, f_view=FuncView,
 		   toggle_button = ToggleButton,
 		   match_specs=default_matchspecs()}}.
 
@@ -103,36 +117,51 @@ default_matchspecs() ->
     [make_ms(Name,Term,FunStr) || {Name,Term,FunStr} <- Ms].
 
 create_process_view(Parent) ->
-    Style = ?wxLC_REPORT bor ?wxLC_SINGLE_SEL bor ?wxLC_HRULES,
-    Grid = wxListCtrl:new(Parent, [{winid, ?PROCESSES}, {style, Style}]),
+    Panel  = wxPanel:new(Parent),
+    MainSz = wxBoxSizer:new(?wxHORIZONTAL),
+    Style = ?wxLC_REPORT bor ?wxLC_HRULES,
+    Splitter = wxSplitterWindow:new(Panel, []),
+    Nodes = wxListCtrl:new(Splitter, [{winid, ?NODES_WIN}, {style, Style}]),
+    Procs = wxListCtrl:new(Splitter, [{winid, ?PROC_WIN}, {style, Style}]),
     Li = wxListItem:new(),
-    AddListEntry = fun({Name, Align, DefSize}, Col) ->
+    wxListItem:setText(Li, "Nodes"),
+    wxListCtrl:insertColumn(Nodes, 0, Li),
+
+    AddProc = fun({Name, Align, DefSize}, Col) ->
 			   wxListItem:setText(Li, Name),
 			   wxListItem:setAlign(Li, Align),
-			   wxListCtrl:insertColumn(Grid, Col, Li),
-			   wxListCtrl:setColumnWidth(Grid, Col, DefSize),
+			   wxListCtrl:insertColumn(Procs, Col, Li),
+			   wxListCtrl:setColumnWidth(Procs, Col, DefSize),
 			   Col + 1
 		   end,
     ListItems = [{"Process Id",    ?wxLIST_FORMAT_CENTER,  120},
 		 {"Trace Options", ?wxLIST_FORMAT_LEFT, 300}],
-    lists:foldl(AddListEntry, 0, ListItems),
+    lists:foldl(AddProc, 0, ListItems),
     wxListItem:destroy(Li),
 
-    %% wxListCtrl:connect(Grid, command_list_item_activated),
-    %% wxListCtrl:connect(Grid, command_list_item_selected),
-    wxListCtrl:connect(Grid, size, [{skip, true}]),
+    wxSplitterWindow:setSashGravity(Splitter, 0.0),
+    wxSplitterWindow:setMinimumPaneSize(Splitter,50),
+    wxSplitterWindow:splitVertically(Splitter, Nodes, Procs, [{sashPosition, 155}]),
+    wxSizer:add(MainSz, Splitter, [{flag, ?wxEXPAND}, {proportion, 1}]),
+
+    wxListCtrl:connect(Procs, command_list_item_right_click),
+    wxListCtrl:connect(Nodes, command_list_item_right_click),
+    wxListCtrl:connect(Procs, size, [{skip, true}]),
+    wxListCtrl:connect(Nodes, size, [{skip, true}]),
 
-    wxWindow:setFocus(Grid),
-    Grid.
+    wxPanel:setSizer(Panel, MainSz),
+    wxWindow:setFocus(Procs),
+    {Panel, Nodes, Procs}.
 
 create_matchspec_view(Parent) ->
     Panel  = wxPanel:new(Parent),
     MainSz = wxBoxSizer:new(?wxHORIZONTAL),
-    Style = ?wxLC_REPORT bor ?wxLC_SINGLE_SEL bor ?wxLC_HRULES,
+    Style = ?wxLC_REPORT bor ?wxLC_HRULES,
     Splitter = wxSplitterWindow:new(Panel, []),
-    Modules = wxListCtrl:new(Splitter, [{winid, ?MODULES}, {style, Style}]),
-    Funcs   = wxListCtrl:new(Splitter, [{winid, ?FUNCTIONS}, {style, Style}]),
+    Modules = wxListCtrl:new(Splitter, [{winid, ?MODULES_WIN}, {style, Style}]),
+    Funcs   = wxListCtrl:new(Splitter, [{winid, ?FUNCS_WIN}, {style, Style}]),
     Li = wxListItem:new(),
+
     wxListItem:setText(Li, "Modules"),
     wxListCtrl:insertColumn(Modules, 0, Li),
     wxListItem:setText(Li, "Functions"),
@@ -142,49 +171,45 @@ create_matchspec_view(Parent) ->
     wxListCtrl:insertColumn(Funcs, 1, Li),
     wxListCtrl:setColumnWidth(Funcs, 1, 300),
     wxListItem:destroy(Li),
+
     wxSplitterWindow:setSashGravity(Splitter, 0.0),
     wxSplitterWindow:setMinimumPaneSize(Splitter,50),
-    wxSplitterWindow:splitVertically(Splitter, Modules, Funcs, [{sashPosition, 150}]),
+    wxSplitterWindow:splitVertically(Splitter, Modules, Funcs, [{sashPosition, 155}]),
     wxSizer:add(MainSz, Splitter,   [{flag, ?wxEXPAND}, {proportion, 1}]),
 
     wxListCtrl:connect(Modules, size, [{skip, true}]),
     wxListCtrl:connect(Funcs,   size, [{skip, true}]),
     wxListCtrl:connect(Modules, command_list_item_selected),
-    %% wxListCtrl:connect(Funcs, command_list_item_selected),
+    wxListCtrl:connect(Funcs, command_list_item_right_click),
     wxPanel:setSizer(Panel, MainSz),
     {Panel, Modules, Funcs}.
 
 create_menues(Parent) ->
-    Menus = [{"File", [#create_menu{id = ?LOAD_TRACEOPTS, text = "Load settings"},
-		       #create_menu{id = ?SAVE_TRACEOPTS, text = "Save settings"}]
-	     }],
+    Menus = [{"File",
+	      [#create_menu{id = ?LOAD_TRACEOPTS, text = "Load settings"},
+	       #create_menu{id = ?SAVE_TRACEOPTS, text = "Save settings"}]},
+	     {"Options",
+	      [#create_menu{id = ?TRACE_OUTPUT, text = "Output"},
+	       #create_menu{id = ?TRACE_DEFMS, text = "Match Specifications"},
+	       #create_menu{id = ?TRACE_DEFPS, text = "Default Process Options"}]}
+	    ],
     observer_wx:create_menus(Parent, Menus).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%Main window
 handle_event(#wx{obj=Obj, event=#wxSize{size={W,_}}}, State) ->
     case wx:getObjectType(Obj) =:= wxListCtrl of
-	true ->
-	    wx:batch(fun() ->
-			     Cols = wxListCtrl:getColumnCount(Obj),
-			     Last = lists:foldl(fun(I, Last) ->
-							Last - wxListCtrl:getColumnWidth(Obj, I)
-						end, W-?LCTRL_WDECR, lists:seq(0, Cols - 2)),
-			     Size = max(150, Last),
-			     wxListCtrl:setColumnWidth(Obj, Cols-1, Size)
-		     end);
-	false ->
-	    ok
+	true ->  observer_lib:set_listctrl_col_size(Obj, W);
+	false -> ok
     end,
     {noreply, State};
 
 handle_event(#wx{id=?ADD_NEW}, State = #state{panel=Parent, def_trace_opts=TraceOpts}) ->
-    case observer_traceoptions_wx:process_trace(Parent, TraceOpts) of
-	{ok, Opts} ->
-	    Process = #tpid{pid=new, opts=Opts},
-	    {noreply, do_add_processes([Process], State#state{def_trace_opts=Opts})};
-	cancel ->
-	    {noreply, State}
+    try
+	Opts = observer_traceoptions_wx:process_trace(Parent, TraceOpts),
+	Process = #tpid{pid=new, opts=Opts},
+	{noreply, do_add_processes([Process], State#state{def_trace_opts=Opts})}
+    catch cancel -> {noreply, State}
     end;
 
 handle_event(#wx{id=?ADD_TP},
@@ -200,98 +225,101 @@ handle_event(#wx{id=?ADD_TP},
 	    {noreply, do_add_patterns(Patterns, State)}
     end;
 
-handle_event(#wx{id=?MODULES, event=#wxList{type=command_list_item_selected, itemIndex=Row}},
+handle_event(#wx{id=?MODULES_WIN, event=#wxList{type=command_list_item_selected, itemIndex=Row}},
 	     State = #state{tpatterns=TPs, m_view=Mview, f_view=Fview}) ->
     Module = list_to_atom(wxListCtrl:getItemText(Mview, Row)),
     update_functions_view(dict:fetch(Module, TPs), Fview),
     {noreply, State};
 
-
 handle_event(#wx{event = #wxCommand{type = command_togglebutton_clicked, commandInt = 1}},
 	     #state{panel = Panel,
 		    nodes = Nodes,
 		    tpids = TProcs,
-		    tpatterns = TPs,
-		    toggle_button = ToggleBtn} = State) ->
-    LogWin = wxFrame:new(Panel, ?TRACERWIN, "Trace Log", [{size, {750, 800}}]),
-    Text   = wxTextCtrl:new(LogWin, ?wxID_ANY,
-			    [{style, ?wxTE_MULTILINE bor ?wxTE_RICH2 bor
-				  ?wxTE_DONTWRAP bor ?wxTE_READONLY}]),
-    Font = observer_wx:get_attrib({font, fixed}),
-    Attr = wxTextAttr:new(?wxBLACK, [{font, Font}]),
-    true = wxTextCtrl:setDefaultStyle(Text, Attr),
-    Env = wx:get_env(),
-    Write = fun(Trace) ->
-		    wx:set_env(Env),
-		    wxTextCtrl:appendText(Text, textformat(Trace))
-	    end,
-    {ok, _} = ttb:tracer(Nodes, [{file, {local,"/tmp/foo"}}, {shell, {only, Write}}]),
-    setup_ttb(dict:to_list(TPs), TProcs),
-    wxFrame:connect(LogWin, close_window, [{skip, true}]),
-    wxFrame:show(LogWin),
-    wxToggleButton:setLabel(ToggleBtn, "Stop Trace"),
-    {noreply, State};
+		    tpatterns = TPs0,
+		    toggle_button = ToggleBtn,
+		    output = Opts
+		   } = State) ->
+    try
+	TPs = dict:to_list(TPs0),
+	(TProcs == []) andalso throw({error, "No processes traced"}),
+	(Nodes == []) andalso throw({error, "No nodes traced"}),
+	HaveCallTrace = fun(#tpid{opts=Os}) -> lists:member(functions,Os) end,
+	WStr = "Call trace actived but no trace patterns used",
+	(TPs == []) andalso lists:any(HaveCallTrace, TProcs) andalso
+	    observer_wx:create_txt_dialog(Panel, WStr, "Warning", ?wxICON_WARNING),
+
+	{TTB, LogWin}  = ttb_output_args(Panel, Opts),
+	{ok, _} = ttb:tracer(Nodes, TTB),
+	setup_ttb(TPs, TProcs),
+	wxToggleButton:setLabel(ToggleBtn, "Stop Trace"),
+	{noreply, State#state{logwin=LogWin}}
+    catch {error, Msg} ->
+	    observer_wx:create_txt_dialog(Panel, Msg, "Error", ?wxICON_ERROR),
+	    wxToggleButton:setValue(ToggleBtn, false),
+	    {noreply, State}
+    end;
 
 handle_event(#wx{event = #wxCommand{type = command_togglebutton_clicked, commandInt = 0}},
 	     #state{toggle_button = ToggleBtn} = State) ->
     %%Stop tracing
     ttb:stop(nofetch),
     wxToggleButton:setLabel(ToggleBtn, "Start Trace"),
+    wxToggleButton:setValue(ToggleBtn, false),
+    {noreply, State#state{logwin=false}};
+
+handle_event(#wx{id=Id, obj=LogWin, event=Ev},
+	     #state{toggle_button = ToggleBtn, logwin=Latest} = State)
+  when Id =:= ?LOG_WIN; is_record(Ev, wxClose) ->
+    case LogWin of
+	Latest ->
+	    %%Stop tracing
+	    ttb:stop(nofetch),
+	    wxToggleButton:setLabel(ToggleBtn, "Start Trace"),
+	    wxToggleButton:setValue(ToggleBtn, false),
+	    {noreply, State#state{logwin=false}};
+	_ ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?LOG_CLEAR, userData=TCtrl}, State) ->
+    wxTextCtrl:clear(TCtrl),
     {noreply, State};
 
-handle_event(#wx{id=?TRACERWIN, event=#wxClose{}},
-	     #state{toggle_button = ToggleBtn} = State) ->
-    %%Stop tracing
-    ttb:stop(nofetch),
-    wxToggleButton:setLabel(ToggleBtn, "Start Trace"),
+handle_event(#wx{id=?LOG_SAVE, userData=TCtrl}, #state{panel=Panel} = State) ->
+    Dialog = wxFileDialog:new(Panel, [{style, ?wxFD_SAVE bor ?wxFD_OVERWRITE_PROMPT}]),
+    case wxFileDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    Path = wxFileDialog:getPath(Dialog),
+	    wxDialog:destroy(Dialog),
+	    wxTextCtrl:saveFile(TCtrl, [{file, Path}]);
+	_ ->
+	    wxDialog:destroy(Dialog),
+	    ok
+    end,
     {noreply, State};
 
-%% handle_event(#wx{id = ?CLEAR, event = #wxCommand{type = command_menu_selected}},
-%% 	     #state{text_ctrl = TxtCtrl} = State) ->
-%%     wxTextCtrl:clear(TxtCtrl),
-%%     {noreply, State};
-
-%% handle_event(#wx{id = ?SAVE_BUFFER, event = #wxCommand{type = command_menu_selected}},
-%% 	     #state{frame = Frame, text_ctrl = TxtCtrl} = State) ->
-%%     Dialog = wxFileDialog:new(Frame, [{style, ?wxFD_SAVE bor ?wxFD_OVERWRITE_PROMPT}]),
-%%     case wxFileDialog:showModal(Dialog) of
-%% 	?wxID_OK ->
-%% 	    Path = wxFileDialog:getPath(Dialog),
-%% 	    wxDialog:destroy(Dialog),
-%% 	    case filelib:is_file(Path) of
-%% 		true ->
-%% 		    observer_wx:create_txt_dialog(Frame, "File already exists: " ++ Path ++ "\n",
-%% 						  "Error", ?wxICON_ERROR);
-%% 		false ->
-%% 		    wxTextCtrl:saveFile(TxtCtrl, [{file, Path}])
-%% 	    end;
-%% 	_ ->
-%% 	    wxDialog:destroy(Dialog),
-%% 	    ok
-%%     end,
-%%     {noreply, State};
-
-handle_event(#wx{id = ?SAVE_TRACEOPTS,
-		 event = #wxCommand{type = command_menu_selected}},
+handle_event(#wx{id = ?SAVE_TRACEOPTS},
 	     #state{panel = Panel,
 		    def_trace_opts = TraceOpts,
 		    match_specs = MatchSpecs,
-		    tpatterns = TracePatterns
+		    tpatterns = TracePatterns,
+		    output = Output
 		   } = State) ->
     Dialog = wxFileDialog:new(Panel, [{style, ?wxFD_SAVE bor ?wxFD_OVERWRITE_PROMPT}]),
     case wxFileDialog:showModal(Dialog) of
 	?wxID_OK ->
 	    Path = wxFileDialog:getPath(Dialog),
-	    write_file(Panel, Path, TraceOpts, MatchSpecs, dict:to_list(TracePatterns));
+	    write_file(Panel, Path,
+		       TraceOpts, MatchSpecs, Output,
+		       dict:to_list(TracePatterns)
+		      );
 	_ ->
 	    ok
     end,
     wxDialog:destroy(Dialog),
     {noreply, State};
 
-handle_event(#wx{id = ?LOAD_TRACEOPTS,
-		 event = #wxCommand{type = command_menu_selected}},
-	     #state{panel = Panel} = State) ->
+handle_event(#wx{id = ?LOAD_TRACEOPTS}, #state{panel = Panel} = State) ->
     Dialog = wxFileDialog:new(Panel, [{style, ?wxFD_FILE_MUST_EXIST}]),
     State2 = case wxFileDialog:showModal(Dialog) of
 		 ?wxID_OK ->
@@ -303,27 +331,142 @@ handle_event(#wx{id = ?LOAD_TRACEOPTS,
     wxDialog:destroy(Dialog),
     {noreply, State2};
 
+handle_event(#wx{id=Type, event=#wxList{type=command_list_item_right_click}},
+	     State = #state{panel=Panel}) ->
+    Menus = case Type of
+		?PROC_WIN ->
+		    [{?EDIT_PROCS, "Edit process options"},
+		     {?REMOVE_PROCS, "Remove processes"}];
+		?FUNCS_WIN ->
+		    [{?EDIT_FUNCS_MS, "Edit matchspecs"},
+		     {?REMOVE_FUNCS_MS, "Remove trace patterns"}];
+		?NODES_WIN ->
+		    [{?ADD_NODES, "Trace other nodes"},
+		     {?REMOVE_NODES, "Remove nodes"}]
+	    end,
+    Menu = wxMenu:new(),
+    [wxMenu:append(Menu,Id,Str) || {Id,Str} <- Menus],
+    wxWindow:popupMenu(Panel, Menu),
+    wxMenu:destroy(Menu),
+    {noreply, State};
+
+handle_event(#wx{id=?EDIT_PROCS}, #state{panel=Panel, tpids=Tpids, p_view=Ps} = State) ->
+    try
+	[#tpid{opts=DefOpts}|_] = Selected = get_selected_items(Ps, Tpids),
+	Opts = observer_traceoptions_wx:process_trace(Panel, DefOpts),
+	Changed = [Tpid#tpid{opts=Opts} || Tpid <- Selected],
+	{noreply, do_add_processes(Changed, State#state{def_trace_opts=Opts})}
+    catch _:_ ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?REMOVE_PROCS}, #state{tpids=Tpids, p_view=LCtrl} = State) ->
+    Selected = get_selected_items(LCtrl, Tpids),
+    Pids = Tpids -- Selected,
+    update_process_view(Pids, LCtrl),
+    {noreply, State#state{tpids=Pids}};
+
+handle_event(#wx{id=?TRACE_DEFPS}, #state{panel=Panel, def_trace_opts=PO} = State) ->
+    try
+	Opts = observer_traceoptions_wx:process_trace(Panel, PO),
+	{noreply, State#state{def_trace_opts=Opts}}
+    catch _:_ ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?TRACE_DEFMS}, #state{panel=Panel, match_specs=Ms} = State) ->
+    try %% Return selected MS and sends new MS's to us
+	observer_traceoptions_wx:select_matchspec(self(), Panel, Ms)
+    catch _:_ ->
+	    cancel
+    end,
+    {noreply, State};
+
+handle_event(#wx{id=?EDIT_FUNCS_MS}, #state{panel=Panel, tpatterns=TPs,
+					    f_view=LCtrl, m_view=Mview,
+					    match_specs=Mss
+					   } = State) ->
+    try
+	[Module] = get_selected_items(Mview, lists:sort(dict:fetch_keys(TPs))),
+	Selected = get_selected_items(LCtrl, dict:fetch(Module, TPs)),
+	Ms = observer_traceoptions_wx:select_matchspec(self(), Panel, Mss),
+	Changed = [TP#tpattern{ms=Ms} || TP <- Selected],
+	{noreply, do_add_patterns({Module, Changed}, State)}
+    catch _:_ ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?REMOVE_FUNCS_MS}, #state{tpatterns=TPs0, f_view=LCtrl, m_view=Mview} = State) ->
+    case get_selected_items(Mview, lists:sort(dict:fetch_keys(TPs0))) of
+	[] -> {noreply, State};
+	[Module] ->
+	    FMs0 = dict:fetch(Module, TPs0),
+	    Selected = get_selected_items(LCtrl, FMs0),
+	    FMs = FMs0 -- Selected,
+	    update_functions_view(FMs, LCtrl),
+	    TPs = case FMs of
+		      [] ->
+			  New = dict:erase(Module, TPs0),
+			  update_modules_view(lists:sort(dict:fetch_keys(New)), Module, Mview),
+			  New;
+		      _ ->
+			  dict:store(Module, FMs, TPs0)
+		  end,
+	    {noreply, State#state{tpatterns=TPs}}
+    end;
+
+handle_event(#wx{id=?TRACE_OUTPUT}, #state{panel=Panel, output=Out0} = State) ->
+    try
+	Out = observer_traceoptions_wx:output(Panel, Out0),
+	{noreply, State#state{output=Out}}
+    catch _:_ ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?ADD_NODES}, #state{panel=Panel, n_view=Nview, nodes=Ns0} = State) ->
+    try
+	Possible = [node()|nodes()] -- Ns0,
+	case Possible of
+	    [] ->
+		Msg = "Already selected all connected nodes\n"
+		    "Use the Nodes menu to connect to new nodes first.",
+		observer_wx:create_txt_dialog(Panel, Msg, "No available nodes", ?wxICON_INFORMATION),
+		throw(cancel);
+	    _ ->
+		Ns = lists:usort(Ns0 ++ observer_traceoptions_wx:select_nodes(Panel, Possible)),
+		update_nodes_view(Ns, Nview),
+		{noreply, State#state{nodes=Ns}}
+	end
+    catch cancel ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?REMOVE_NODES}, #state{n_view=Nview, nodes=Ns0} = State) ->
+    Sel = get_selected_items(Nview, Ns0),
+    Ns = Ns0 -- Sel,
+    update_nodes_view(Ns, Nview),
+    {noreply, State#state{nodes = Ns}};
+
 handle_event(#wx{id=ID, event = What}, State) ->
-    io:format("~p:~p: Unhandled event: ~p, ~p ~n", [?MODULE, self(), ID, What]),
+    io:format("~p:~p: Unhandled event: ~p, ~p ~n", [?MODULE, ?LINE, ID, What]),
     {noreply, State}.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-handle_call(Msg, _From, State) ->
-    io:format("~p~p: Got Call ~p~n",[?MODULE, ?LINE, Msg]),
-    {reply, ok, State}.
+handle_call(Msg, From, _State) ->
+    error({unhandled_call, Msg, From}).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 handle_cast({add_processes, Pids}, State = #state{panel=Parent, def_trace_opts=TraceOpts}) ->
-    case observer_traceoptions_wx:process_trace(Parent, TraceOpts) of
-	{ok, Opts} ->
-	    POpts = [#tpid{pid=Pid, opts=Opts} || Pid <- Pids],
-	    {noreply, do_add_processes(POpts, State#state{def_trace_opts=Opts})};
-	cancel ->
+    try
+	Opts = observer_traceoptions_wx:process_trace(Parent, TraceOpts),
+	POpts = [#tpid{pid=Pid, opts=Opts} || Pid <- Pids],
+	S = do_add_processes(POpts, State#state{def_trace_opts=Opts}),
+	{noreply, S}
+    catch cancel ->
 	    {noreply, State}
     end;
-handle_cast(Msg, State) ->
-    io:format("~p ~p: Unhandled cast ~p~n", [?MODULE, ?LINE, Msg]),
-    {noreply, State}.
+handle_cast(Msg, _State) ->
+    error({unhandled_cast, Msg}).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -342,18 +485,30 @@ handle_info(Any, State) ->
     {noreply, State}.
 
 terminate(_Reason, #state{nodes=_Nodes}) ->
-    %% case observer_wx:try_rpc(Node, erlang, whereis, [dbg]) of
-    %% 	undefined -> fine;
-    %% 	Pid -> exit(Pid, kill)
-    %% end,
+    ttb:stop(nofetch),
     ok.
 
 code_change(_, _, State) ->
     {stop, not_yet_implemented, State}.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+do_add_patterns({Module, NewPs}, State=#state{tpatterns=TPs0, m_view=Mview, f_view=Fview}) ->
+    Old = case dict:find(Module, TPs0) of
+	      {ok, Prev}  -> Prev;
+	      error -> []
+	  end,
+    case merge_patterns(NewPs, Old) of
+	{Old, [], []} ->
+	    State;
+	{MPatterns, _New, _Changed} ->
+	    %% if dynamicly updates update New and Changed
+	    TPs = dict:store(Module, MPatterns, TPs0),
+	    update_modules_view(lists:sort(dict:fetch_keys(TPs)), Module, Mview),
+	    update_functions_view(dict:fetch(Module, TPs), Fview),
+	    State#state{tpatterns=TPs}
+    end.
 
-do_add_processes(POpts, S0=#state{p_view=LCtrl, tpids=OldPids, nodes=Ns0}) ->
+do_add_processes(POpts, S0=#state{n_view=Nview, p_view=LCtrl, tpids=OldPids, nodes=Ns0}) ->
     case merge_pids(POpts, OldPids) of
 	{OldPids, [], []} ->
 	    S0;
@@ -363,13 +518,15 @@ do_add_processes(POpts, S0=#state{p_view=LCtrl, tpids=OldPids, nodes=Ns0}) ->
 	    Nodes = case ordsets:subtract(Ns1, Ns0) of
 			[] -> Ns0; %% No new Nodes
 			NewNs ->
-			    %% Handle new nodes
-			    %% BUGBUG add trace patterns for new nodes
-			    ordsets:union(NewNs, Ns0)
+			    %% if dynamicly updates add trace patterns for new nodes
+			    All = ordsets:union(NewNs, Ns0),
+			    update_nodes_view(All, Nview),
+			    All
 		    end,
 	    S0#state{tpids=Pids, nodes=Nodes}
     end.
 
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 update_process_view(Pids, LCtrl) ->
     wxListCtrl:deleteAllItems(LCtrl),
     wx:foldl(fun(#tpid{pid=Pid, opts=Opts}, Row) ->
@@ -381,20 +538,15 @@ update_process_view(Pids, LCtrl) ->
 		     Row+1
 	     end, 0, Pids).
 
-do_add_patterns({Module, NewPs}, State=#state{tpatterns=TPs0, m_view=Mview, f_view=Fview}) ->
-    Old = case dict:find(Module, TPs0) of
-	      {ok, Prev}  -> Prev;
-	      error -> []
-	  end,
-    case merge_patterns(NewPs, Old) of
-	{Old, [], []} ->
-	    State;
-	{MPatterns, _New, _Changed} ->
-	    TPs = dict:store(Module, MPatterns, TPs0),
-	    update_modules_view(lists:sort(dict:fetch_keys(TPs)), Module, Mview),
-	    update_functions_view(dict:fetch(Module, TPs), Fview),
-	    State#state{tpatterns=TPs}
-    end.
+update_nodes_view(Nodes, LCtrl) ->
+    wxListCtrl:deleteAllItems(LCtrl),
+    wx:foldl(fun(Node, Row) ->
+		     _Item = wxListCtrl:insertItem(LCtrl, Row, ""),
+		     ?EVEN(Row) andalso
+			 wxListCtrl:setItemBackgroundColour(LCtrl, Row, ?BG_EVEN),
+		     wxListCtrl:setItem(LCtrl, Row, 0, observer_lib:to_str(Node)),
+		     Row+1
+	     end, 0, Nodes).
 
 update_modules_view(Mods, Module, LCtrl) ->
     wxListCtrl:deleteAllItems(LCtrl),
@@ -419,7 +571,6 @@ update_functions_view(Funcs, LCtrl) ->
 	     end, 0, Funcs).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
 merge_pids([N1=#tpid{pid=new}|Ns], [N2=#tpid{pid=new}|Old]) ->
     {Pids, New, Changed} = merge_pids_1(Ns,Old),
     {[N1|Pids], New, [{N2,N2}|Changed]};
@@ -438,7 +589,6 @@ merge_pids_1(New, Old) ->
 merge_patterns(New, Old) ->
     merge(lists:sort(New), Old, #tpattern.fa, [], [], []).
 
-
 merge([N|Ns], [N|Os], El, New, Ch, All) ->
     merge(Ns, Os, El, New, Ch, [N|All]);
 merge([N|Ns], [O|Os], El, New, Ch, All)
@@ -456,13 +606,78 @@ merge(Ns, [], _El, New, Ch, All) ->
     {lists:reverse(All, Ns), Ns++New, Ch}.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ttb_output_args(Parent, Opts) ->
+    ToWindow = proplists:get_value(window, Opts, true),
+    ToShell = proplists:get_value(shell, Opts, false),
+    ToFile = proplists:get_value(file, Opts, false),
+    ToWindow orelse ToShell orelse ToFile orelse
+	throw({error, "No output of trace"}),
+    {LogWin,Text} = create_logwindow(Parent, ToWindow),
+    Write = output_fun(Text, ToShell),
+    Shell = output_shell(ToFile, Write),
+    FileOpts = output_file(ToFile, proplists:get_value(wrap, Opts, false), Opts),
+    {[{file, {local,FileOpts}}|Shell], LogWin}.
+
+output_shell(true, false) ->
+    []; %% File only
+output_shell(true, Write) when is_function(Write) ->
+    [{shell, Write}];
+output_shell(false, Write) when is_function(Write) ->
+    [{shell, {only, Write}}].
+
+output_fun(false, false) -> false;
+output_fun(false, true) -> fun(Trace) -> io:put_chars(textformat(Trace)) end;
+output_fun(Text, false) ->
+    Env = wx:get_env(),
+    fun(Trace) ->
+	    wx:set_env(Env),
+	    wxTextCtrl:appendText(Text, textformat(Trace))
+    end;
+output_fun(Text, true) ->
+    Env = wx:get_env(),
+    fun(Trace) ->
+	    wx:set_env(Env),
+	    IoList = textformat(Trace),
+	    wxTextCtrl:appendText(Text, IoList),
+	    io:put_chars(textformat(Trace))
+    end.
+
+output_file(false, _, _Opts) ->
+    "ttb";  %% Will be ignored
+output_file(true, false, Opts) ->
+    proplists:get_value(filename, Opts, "ttb");
+output_file(true, true, Opts) ->
+    Name = proplists:get_value(filename, Opts, "ttb"),
+    Size = proplists:get_value(wrap_sz, Opts, 128),
+    Count = proplists:get_value(wrap_c, Opts, 8),
+    {wrap, Name, Size*1024, Count}.
+
+
+create_logwindow(_Parent, false) -> {false, false};
+create_logwindow(Parent, true) ->
+    LogWin = wxFrame:new(Parent, ?LOG_WIN, "Trace Log", [{size, {750, 800}}]),
+    MB = wxMenuBar:new(),
+    File = wxMenu:new(),
+    wxMenu:append(File, ?LOG_CLEAR, "Clear Log\tCtrl-C"),
+    wxMenu:append(File, ?LOG_SAVE, "Save Log\tCtrl-S"),
+    wxMenu:append(File, ?wxID_CLOSE, "Close"),
+    wxMenuBar:append(MB, File, "File"),
+    wxFrame:setMenuBar(LogWin, MB),
+    Text = wxTextCtrl:new(LogWin, ?wxID_ANY,
+			  [{style, ?wxTE_MULTILINE bor ?wxTE_RICH2 bor
+				?wxTE_DONTWRAP bor ?wxTE_READONLY}]),
+    Font = observer_wx:get_attrib({font, fixed}),
+    Attr = wxTextAttr:new(?wxBLACK, [{font, Font}]),
+    true = wxTextCtrl:setDefaultStyle(Text, Attr),
+    wxFrame:connect(LogWin, close_window, [{skip, true}]),
+    wxFrame:connect(LogWin, command_menu_selected, [{userData, Text}]),
+    wxFrame:show(LogWin),
+    {LogWin, Text}.
 
 setup_ttb(TPs, TPids) ->
     _R1 = [setup_tps(FTP, []) || {_, FTP} <- TPs],
     _R2 = [ttb:p(Pid, dbg_flags(Flags)) || #tpid{pid=Pid, opts=Flags} <- TPids],
     [#tpid{pid=_Pid, opts=_Flags}|_] = TPids,
-    %% io:format("ttb:p(pid(\"~w\", ~w).", [Pid, Flags]),
-    %% io:format("TTB ~w ~w~n",[R2, R1]),
     ok.
 
 %% Sigh order is important
@@ -511,33 +726,33 @@ format_trace(Trace, Size, TS0={_,_,MS}) ->
 	    case element(4, Trace) of
 		{dbg,ok} -> "";
 		Message ->
-		    io_lib:format("~s (~100p) << ~100p ~n", [TS,From,Message])
+		    io_lib:format("~s (~100p) << ~100p~n", [TS,From,Message])
 	    end;
 	'send' ->
 	    Message = element(4, Trace),
 	    To = element(5, Trace),
-	    io_lib:format("~s (~100p) ~100p ! ~100p ~n", [TS,From,To,Message]);
+	    io_lib:format("~s (~100p) ~100p ! ~100p~n", [TS,From,To,Message]);
 	call ->
 	    case element(4, Trace) of
 		MFA when Size == 5 ->
 		    Message = element(5, Trace),
 		    io_lib:format("~s (~100p) call ~s (~100p) ~n", [TS,From,ffunc(MFA),Message]);
 		MFA ->
-		    io_lib:format("~s (~100p) call ~s ~n", [TS,From,ffunc(MFA)])
+		    io_lib:format("~s (~100p) call ~s~n", [TS,From,ffunc(MFA)])
 	    end;
 	return_from ->
 	    MFA = element(4, Trace),
 	    Ret = element(5, Trace),
-	    io_lib:format("~s (~100p) returned from ~s -> ~100p ~n", [TS,From,ffunc(MFA),Ret]);
+	    io_lib:format("~s (~100p) returned from ~s -> ~100p~n", [TS,From,ffunc(MFA),Ret]);
 	return_to ->
 	    MFA = element(4, Trace),
-	    io_lib:format("~s (~100p) returning to ~s ~n", [TS,From,ffunc(MFA)]);
+	    io_lib:format("~s (~100p) returning to ~s~n", [TS,From,ffunc(MFA)]);
 	spawn when Size == 5 ->
 	    Pid = element(4, Trace),
 	    MFA = element(5, Trace),
-	    io_lib:format("~s (~100p) spawn ~100p as ~s ~n", [TS,From,Pid,ffunc(MFA)]);
+	    io_lib:format("~s (~100p) spawn ~100p as ~s~n", [TS,From,Pid,ffunc(MFA)]);
 	Op ->
-	    io_lib:format("~s (~100p) ~100p ~s ~n", [TS,From,Op,ftup(Trace,4,Size)])
+	    io_lib:format("~s (~100p) ~100p ~s~n", [TS,From,Op,ftup(Trace,4,Size)])
     end.
 
 %%% These f* functions returns non-flat strings
@@ -567,7 +782,7 @@ ftup(Trace, Index, Size) ->
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
-write_file(Frame, Filename, TraceOps, MatchSpecs, TPs) ->
+write_file(Frame, Filename, TraceOps, MatchSpecs, Output, TPs) ->
     FormatMS = fun(#match_spec{name=Id, term=T, func=F}) ->
 		       io_lib:format("[{name,\"~s\"}, {term, ~w}, {func, \"~s\"}]",
 				     [Id, T, F])
@@ -581,6 +796,7 @@ write_file(Frame, Filename, TraceOps, MatchSpecs, TPs) ->
 	 "%%%\n%%% DO NOT EDIT!\n%%%\n",
 	 [["{ms, ", FormatMS(Ms), "}.\n"] || Ms <- MatchSpecs],
 	 "{traceopts, ", io_lib:format("~w",[TraceOps]) ,"}.\n",
+	 "{output, ", io_lib:format("~w",[Output]) ,"}.\n",
 	 [FormatTP(TP) || TP <- TPs]
 	],
     case file:write_file(Filename, list_to_binary(Str)) of
@@ -602,8 +818,9 @@ read_settings(Filename, #state{match_specs=Ms0, def_trace_opts=TO0} = State) ->
 	{ok, Terms} ->
 	    Ms  = lists:usort(Ms0 ++ [parse_ms(MsList) || {ms, MsList} <- Terms]),
 	    TOs = lists:usort(TO0 ++ proplists:get_value(traceopts, Terms, [])),
+	    Out = proplists:get_value(output, Terms, []),
 	    lists:foldl(fun parse_tp/2,
-			State#state{match_specs=Ms, def_trace_opts=TOs},
+			State#state{match_specs=Ms, def_trace_opts=TOs, output=Out},
 			Terms);
 	{error, _} ->
 	    observer_wx:create_txt_dialog(State#state.panel, "Could not load settings",
@@ -626,3 +843,24 @@ parse_tp({tp, Mod, FAs}, State) ->
     do_add_patterns({Mod, Patterns}, State);
 parse_tp(_, State) ->
     State.
+
+get_selected_items(Grid, Data) ->
+    get_indecies(get_selected_items(Grid, -1, []), Data).
+get_selected_items(Grid, Index, ItemAcc) ->
+    Item = wxListCtrl:getNextItem(Grid, Index, [{geometry, ?wxLIST_NEXT_ALL},
+						{state, ?wxLIST_STATE_SELECTED}]),
+    case Item of
+	-1 ->
+	    lists:reverse(ItemAcc);
+	_ ->
+	    get_selected_items(Grid, Item, [Item | ItemAcc])
+    end.
+
+get_indecies(Items, Data) ->
+    get_indecies(Items, 0, Data).
+get_indecies([I|Rest], I, [H|T]) ->
+    [H|get_indecies(Rest, I+1, T)];
+get_indecies(Rest = [_|_], I, [_|T]) ->
+    get_indecies(Rest, I+1, T);
+get_indecies(_, _, _) ->
+    [].
diff --git a/lib/observer/src/observer_traceoptions_wx.erl b/lib/observer/src/observer_traceoptions_wx.erl
index bad05ec016..6a634e06f0 100644
--- a/lib/observer/src/observer_traceoptions_wx.erl
+++ b/lib/observer/src/observer_traceoptions_wx.erl
@@ -21,9 +21,8 @@
 -include_lib("wx/include/wx.hrl").
 -include("observer_defs.hrl").
 
--export([process_trace/2, trace_pattern/4]).
-
--compile(export_all).
+-export([process_trace/2, trace_pattern/4, select_nodes/2,
+	 output/2, select_matchspec/3]).
 
 process_trace(Parent, Default) ->
     Dialog = wxDialog:new(Parent, ?wxID_ANY, "Process Options",
@@ -53,19 +52,15 @@ process_trace(Parent, Default) ->
     check_box(LinkBox,  LinkBool),
     enable(SpawnBox, [SpwnAllRadio, SpwnFirstRadio]),
     enable(LinkBox, [LinkAllRadio, LinkFirstRadio]),
-    wxRadioButton:setValue(SpwnAllRadio, lists:member(on_spawn, Default)),
-    wxRadioButton:setValue(SpwnFirstRadio, lists:member(on_first_spawn, Default)),
-    wxRadioButton:setValue(LinkAllRadio, lists:member(on_link, Default)),
-    wxRadioButton:setValue(LinkFirstRadio, lists:member(on_first_link, Default)),
-
-    wxSizer:add(LeftSz, FuncBox, []),
-    wxSizer:add(LeftSz, SendBox, []),
-    wxSizer:add(LeftSz, RecBox, []),
-    wxSizer:add(LeftSz, EventBox, []),
+    [wxRadioButton:setValue(Radio, lists:member(Opt, Default)) ||
+	{Radio, Opt} <- [{SpwnAllRadio, on_spawn}, {SpwnFirstRadio, on_first_spawn},
+			 {LinkAllRadio, on_link},  {LinkFirstRadio, on_first_link}]],
+
+    [wxSizer:add(LeftSz, CheckBox, []) || CheckBox <- [FuncBox,SendBox,RecBox,EventBox]],
     wxSizer:add(LeftSz, 150, -1),
 
-    wxSizer:add(PanelSz, LeftSz, [{flag, ?wxEXPAND}]),
-    wxSizer:add(PanelSz, RightSz,[{flag, ?wxEXPAND}]),
+    wxSizer:add(PanelSz, LeftSz, [{flag, ?wxEXPAND}, {proportion,1}]),
+    wxSizer:add(PanelSz, RightSz,[{flag, ?wxEXPAND}, {proportion,1}]),
     wxPanel:setSizer(Panel, PanelSz),
     wxSizer:add(MainSz, Panel, [{flag, ?wxEXPAND}, {proportion,1}]),
     Buttons = wxDialog:createButtonSizer(Dialog, ?wxOK bor ?wxCANCEL),
@@ -81,26 +76,26 @@ process_trace(Parent, Default) ->
 					   enable(LinkBox, [LinkAllRadio, LinkFirstRadio])
 				   end}]),
 
-    Res = case wxDialog:showModal(Dialog) of
-	      ?wxID_OK ->
-		  All = [{SendBox, send}, {RecBox, 'receive'},
-			 {FuncBox, functions}, {EventBox, events},
-			 {{SpawnBox, SpwnAllRadio}, on_spawn},
-			 {{SpawnBox,SpwnFirstRadio}, on_first_spawn},
-			 {{LinkBox, LinkAllRadio}, on_link},
-			 {{LinkBox, LinkFirstRadio}, on_first_link}],
-		  Check = fun({Box, Radio}) ->
-				  wxCheckBox:getValue(Box) andalso wxRadioButton:getValue(Radio);
-			     (Box) ->
-				  wxCheckBox:getValue(Box)
-			  end,
-		  Opts = [Id || {Tick, Id} <- All, Check(Tick)],
-		  {ok, lists:reverse(Opts)};
-	      ?wxID_CANCEL ->
-		  cancel
-	  end,
-    wxDialog:destroy(Dialog),
-    Res.
+    case wxDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    All = [{SendBox, send}, {RecBox, 'receive'},
+		   {FuncBox, functions}, {EventBox, events},
+		   {{SpawnBox, SpwnAllRadio}, on_spawn},
+		   {{SpawnBox,SpwnFirstRadio}, on_first_spawn},
+		   {{LinkBox, LinkAllRadio}, on_link},
+		   {{LinkBox, LinkFirstRadio}, on_first_link}],
+	    Check = fun({Box, Radio}) ->
+			    wxCheckBox:getValue(Box) andalso wxRadioButton:getValue(Radio);
+		       (Box) ->
+			    wxCheckBox:getValue(Box)
+		    end,
+	    Opts = [Id || {Tick, Id} <- All, Check(Tick)],
+	    wxDialog:destroy(Dialog),
+	    lists:reverse(Opts);
+	?wxID_CANCEL ->
+	    wxDialog:destroy(Dialog),
+	    throw(cancel)
+    end.
 
 trace_pattern(ParentPid, Parent, Node, MatchSpecs) ->
     try
@@ -111,6 +106,10 @@ trace_pattern(ParentPid, Parent, Node, MatchSpecs) ->
     catch cancel -> cancel
     end.
 
+select_nodes(Parent, Nodes) ->
+    Choices = [{atom_to_list(X), X} || X <- Nodes],
+    check_selector(Parent, Choices).
+
 module_selector(Parent, Node) ->
     Dialog = wxDialog:new(Parent, ?wxID_ANY, "Select Module",
 			  [{style, ?wxDEFAULT_DIALOG_STYLE bor ?wxRESIZE_BORDER},
@@ -167,6 +166,17 @@ module_selector(Parent, Node) ->
     end.
 
 function_selector(Parent, Node, Module) ->
+    Functions = observer_wx:try_rpc(Node, Module, module_info, [functions]),
+    Choices = lists:sort([{Name, Arity} || {Name, Arity} <- Functions,
+					   not(erl_internal:guard_bif(Name, Arity))]),
+    ParsedChoices = parse_function_names(Choices),
+    case check_selector(Parent, ParsedChoices) of
+	[] -> [{Module, '_', '_'}];
+	FAs ->
+	    [{Module, F, A} || {F,A} <- FAs]
+    end.
+
+check_selector(Parent, ParsedChoices) ->
     Dialog = wxDialog:new(Parent, ?wxID_ANY, "Trace Functions",
 			  [{style, ?wxDEFAULT_DIALOG_STYLE bor ?wxRESIZE_BORDER},
 			   {size, {400, 400}}]),
@@ -195,10 +205,6 @@ function_selector(Parent, Node, Module) ->
     wxWindow:setSizer(Dialog, MainSz),
     wxWindow:setFocus(TxtCtrl),
     %% Init
-    Functions = observer_wx:try_rpc(Node, Module, module_info, [functions]),
-    Choices = lists:sort([{Name, Arity} || {Name, Arity} <- Functions,
-					   not(erl_internal:guard_bif(Name, Arity))]),
-    ParsedChoices = parse_function_names(Choices),
     filter_listbox_data("", ParsedChoices, ListBox, false),
     %% Setup Event handling
     wxTextCtrl:connect(TxtCtrl, command_text_updated,
@@ -242,22 +248,19 @@ function_selector(Parent, Node, Module) ->
     case wxDialog:showModal(Dialog) of
 	?wxID_OK ->
 	    wxDialog:destroy(Dialog),
-	    case get_checked_funcs(ListBox, []) of
-		[] -> [{Module, '_', '_'}];
-		FAs ->
-		    [{Module, F, A} || {F,A} <- FAs]
-	    end;
+	    get_checked(ListBox, []);
 	?wxID_CANCEL ->
 	    wxDialog:destroy(Dialog),
+	    get_checked(ListBox, []),
 	    throw(cancel)
     end.
 
-get_checked_funcs(ListBox, Acc) ->
+get_checked(ListBox, Acc) ->
     receive
 	{ListBox, true, FA} ->
-	    get_checked_funcs(ListBox, [FA|lists:delete(FA,Acc)]);
+	    get_checked(ListBox, [FA|lists:delete(FA,Acc)]);
 	{ListBox, false, FA} ->
-	    get_checked_funcs(ListBox, lists:delete(FA,Acc))
+	    get_checked(ListBox, lists:delete(FA,Acc))
     after 0 ->
 	    lists:reverse(Acc)
     end.
@@ -370,6 +373,38 @@ select_matchspec(Pid, Parent, MatchSpecs) ->
 	    throw(cancel)
     end.
 
+output(Parent, Default) ->
+    Dialog = wxDialog:new(Parent, ?wxID_ANY, "Process Options",
+			  [{style, ?wxDEFAULT_DIALOG_STYLE bor ?wxRESIZE_BORDER}]),
+    Panel = wxPanel:new(Dialog),
+    MainSz = wxBoxSizer:new(?wxVERTICAL),
+    PanelSz = wxStaticBoxSizer:new(?wxVERTICAL, Panel,  [{label, "Output"}]),
+
+    %% Output select
+    WinB = wxCheckBox:new(Panel, ?wxID_ANY, "Window", []),
+    check_box(WinB, proplists:get_value(window, Default, true)),
+    ShellB = wxCheckBox:new(Panel, ?wxID_ANY, "Shell", []),
+    check_box(ShellB, proplists:get_value(shell, Default, false)),
+    [wxSizer:add(PanelSz, CheckBox, []) || CheckBox <- [WinB, ShellB]],
+    GetFileOpts = ttb_file_options(Panel, PanelSz, Default),
+    %% Set sizer and show dialog
+    wxPanel:setSizer(Panel, PanelSz),
+    wxSizer:add(MainSz, Panel, [{flag, ?wxEXPAND bor ?wxALL}, {proportion,1}, {border, 3}]),
+    Buttons = wxDialog:createButtonSizer(Dialog, ?wxOK bor ?wxCANCEL),
+    wxSizer:add(MainSz, Buttons, [{flag, ?wxEXPAND bor ?wxALL}, {border, 5}]),
+    wxWindow:setSizerAndFit(Dialog, MainSz),
+    wxSizer:setSizeHints(MainSz, Dialog),
+    case wxDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    Res = [{window, wxCheckBox:getValue(WinB)},
+		   {shell, wxCheckBox:getValue(ShellB)} | GetFileOpts()],
+	    wxDialog:destroy(Dialog),
+	    Res;
+	?wxID_CANCEL ->
+	    wxDialog:destroy(Dialog),
+	    throw(cancel)
+    end.
+
 edit_ms(TextCtrl, Label0, Parent) ->
     Str = ensure_last_is_dot(wxStyledTextCtrl:getText(TextCtrl)),
     try
@@ -570,3 +605,69 @@ ensure_last_is_dot(String) ->
 	false ->
 	    String ++ "."
     end.
+
+ttb_file_options(Panel, Sizer, Default) ->
+    Top   = wxBoxSizer:new(?wxVERTICAL),
+    NameS = wxBoxSizer:new(?wxHORIZONTAL),
+    FileBox = wxCheckBox:new(Panel, ?wxID_ANY, "File (Using ttb file tracer)", []),
+    check_box(FileBox, proplists:get_value(file, Default, false)),
+    wxSizer:add(Sizer, FileBox),
+    Desc  = wxStaticText:new(Panel, ?wxID_ANY, "File"),
+    FileName = proplists:get_value(filename, Default, "ttb"),
+    FileT = wxTextCtrl:new(Panel, ?wxID_ANY, [{size, {150,-1}}, {value, FileName}]),
+    FileB = wxButton:new(Panel, ?wxID_ANY, [{label, "Browse"}]),
+    wxSizer:add(NameS, Desc,  [{proportion, 0}, {flag, ?wxALIGN_CENTER_VERTICAL}]),
+    wxSizer:add(NameS, FileT, [{proportion, 1}, {flag, ?wxEXPAND bor ?wxALIGN_CENTER_VERTICAL}]),
+    wxSizer:add(NameS, FileB, [{proportion, 0}, {flag, ?wxALIGN_CENTER_VERTICAL}]),
+
+    WrapB = wxCheckBox:new(Panel, ?wxID_ANY, "Wrap logs"),
+    WrapSz = wxSlider:new(Panel, ?wxID_ANY, proplists:get_value(wrap_sz, Default, 128),
+			  64, 10*1024, [{style, ?wxSL_HORIZONTAL bor ?wxSL_LABELS}]),
+    WrapC = wxSlider:new(Panel, ?wxID_ANY, proplists:get_value(wrap_c, Default, 8),
+			 2, 100, [{style, ?wxSL_HORIZONTAL bor ?wxSL_LABELS}]),
+
+    wxSizer:add(Top, NameS, [{flag, ?wxEXPAND}]),
+    wxSizer:add(Top, WrapB, []),
+    wxSizer:add(Top, WrapSz,[{flag, ?wxEXPAND}]),
+    wxSizer:add(Top, WrapC, [{flag, ?wxEXPAND}]),
+    wxSizer:add(Sizer, Top, [{flag, ?wxEXPAND bor ?wxLEFT},{border, 20}]),
+
+    Enable = fun(UseFile, UseWrap0) ->
+		     UseWrap = UseFile andalso UseWrap0,
+		     [wxWindow:enable(W, [{enable, UseFile}]) || W <- [Desc,FileT,FileB,WrapB]],
+		     [wxWindow:enable(W, [{enable, UseWrap}]) || W <- [WrapSz, WrapC]],
+		     check_box(WrapB, UseWrap0)
+	     end,
+    Enable(proplists:get_value(file, Default, false), proplists:get_value(wrap, Default, false)),
+    wxPanel:connect(FileBox, command_checkbox_clicked,
+		    [{callback, fun(_,_) ->
+					Enable(wxCheckBox:getValue(FileBox),
+					       wxCheckBox:getValue(WrapB))
+				end}]),
+    wxPanel:connect(WrapB, command_checkbox_clicked,
+		    [{callback, fun(_,_) ->
+					Enable(true, wxCheckBox:getValue(WrapB))
+				end}]),
+    wxPanel:connect(FileB, command_button_clicked,
+		    [{callback, fun(_,_) ->  get_file(FileT) end}]),
+    fun() ->
+	    [{file, wxCheckBox:getValue(FileBox)},
+	     {filename, wxTextCtrl:getValue(FileT)},
+	     {wrap, wxCheckBox:getValue(WrapB)},
+	     {wrap_sz, wxSlider:getValue(WrapSz)},
+	     {wrap_c, wxSlider:getValue(WrapC)}]
+    end.
+
+get_file(Text) ->
+    Str = wxTextCtrl:getValue(Text),
+    Dialog = wxFileDialog:new(Text,
+			      [{message, "Select a file"},
+			       {default_file, Str}]),
+    case wxDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    Dir = wxFileDialog:getDirectory(Dialog),
+	    File = wxFileDialog:getFilename(Dialog),
+	    wxTextCtrl:setValue(Text, filename:join(Dir, File));
+	_ -> ok
+    end,
+    wxFileDialog:destroy(Dialog).
diff --git a/lib/observer/src/observer_tv_table.erl b/lib/observer/src/observer_tv_table.erl
index 7b5cdb44b9..f432173f57 100644
--- a/lib/observer/src/observer_tv_table.erl
+++ b/lib/observer/src/observer_tv_table.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2011. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -24,8 +24,6 @@
 -export([init/1, handle_info/2, terminate/2, code_change/3, handle_call/3,
 	 handle_event/2, handle_sync_event/3, handle_cast/2]).
 
--export([get_table/3]).
-
 -include("observer_defs.hrl").
 -import(observer_lib, [to_str/1]).
 
@@ -60,7 +58,7 @@
 	  source,
 	  tab,
 	  attrs,
-	  timer
+	  timer={false, 30}
 	}).
 
 -record(opt,
@@ -221,33 +219,10 @@ search_area(Parent) ->
 
 edit(Index, #state{pid=Pid, frame=Frame}) ->
     Str = get_row(Pid, Index, all),
-    Dialog = wxTextEntryDialog:new(Frame, "Edit object:", [{value, Str}]),
-    case wxTextEntryDialog:showModal(Dialog) of
-	?wxID_OK ->
-	    New = wxTextEntryDialog:getValue(Dialog),
-	    wxTextEntryDialog:destroy(Dialog),
-	    case Str =:= New of
-		true -> ok;
-		false ->
-		    complete_edit(Index, New, Pid)
-	    end;
-	?wxID_CANCEL ->
-	    wxTextEntryDialog:destroy(Dialog)
-    end.
-
-complete_edit(Row, New0, Pid) ->
-    New = case lists:reverse(New0) of
-	      [$.|_] -> New0;
-	      _ -> New0 ++ "."
-	  end,
-    try
-	{ok, Tokens, _} = erl_scan:string(New),
-	{ok, Term} = erl_parse:parse_term(Tokens),
-	Pid ! {edit, Row, Term}
-    catch _:{badmatch, {error, {_, _, Err}}} ->
-	    self() ! {error, ["Parse error: ", Err]};
-	  _Err ->
-	    self() ! {error, ["Syntax error in: ", New]}
+    case observer_lib:user_term(Frame, "Edit object:", Str) of
+	cancel -> ok;
+	{ok, Term} -> Pid ! {edit, Index, Term};
+	Err = {error, _} -> self() ! Err
     end.
 
 handle_event(#wx{id=?ID_REFRESH},State = #state{pid=Pid}) ->
@@ -260,14 +235,7 @@ handle_event(#wx{event=#wxList{type=command_list_col_click, col=Col}},
     {noreply, State};
 
 handle_event(#wx{event=#wxSize{size={W,_}}},  State=#state{grid=Grid}) ->
-    wx:batch(fun() ->
-		     Cols = wxListCtrl:getColumnCount(Grid),
-		     Last = lists:foldl(fun(I, Last) ->
-						Last - wxListCtrl:getColumnWidth(Grid, I)
-					end, W-?LCTRL_WDECR, lists:seq(0, Cols - 2)),
-		     Size = max(?DEFAULT_COL_WIDTH, Last),
-		     wxListCtrl:setColumnWidth(Grid, Cols-1, Size)
-	     end),
+    observer_lib:set_listctrl_col_size(Grid, W),
     {noreply, State};
 
 handle_event(#wx{event=#wxList{type=command_list_item_selected, itemIndex=Index}},
@@ -300,8 +268,8 @@ handle_event(#wx{id=?ID_DELETE},
 handle_event(#wx{id=?wxID_CLOSE}, State) ->
     {stop, normal, State};
 
-handle_event(Help = #wx{id=?wxID_HELP}, State = #state{parent=Parent}) ->
-    Parent ! Help,
+handle_event(Help = #wx{id=?wxID_HELP}, State) ->
+    observer ! Help,
     {noreply, State};
 
 handle_event(#wx{id=?GOTO_ENTRY, event=#wxCommand{cmdString=Str}},
@@ -406,40 +374,51 @@ handle_event(#wx{id=?ID_REFRESH_INTERVAL},
     Timer = observer_lib:interval_dialog(Grid, Timer0, 10, 5*60),
     {noreply, State#state{timer=Timer}};
 
-handle_event(Event, State) ->
-    io:format("~p:~p, handle event ~p\n", [?MODULE, ?LINE, Event]),
+handle_event(_Event, State) ->
+    %io:format("~p:~p, handle event ~p\n", [?MODULE, ?LINE, Event]),
     {noreply, State}.
 
-handle_sync_event(Event, _Obj, _State) ->
-    io:format("~p:~p, handle sync_event ~p\n", [?MODULE, ?LINE, Event]),
+handle_sync_event(_Event, _Obj, _State) ->
+    %io:format("~p:~p, handle sync_event ~p\n", [?MODULE, ?LINE, Event]),
     ok.
 
-handle_call(Event, From, State) ->
-    io:format("~p:~p, handle call (~p) ~p\n", [?MODULE, ?LINE, From, Event]),
+handle_call(_Event, _From, State) ->
+    %io:format("~p:~p, handle call (~p) ~p\n", [?MODULE, ?LINE, From, Event]),
     {noreply, State}.
 
-handle_cast(Event, State) ->
-    io:format("~p:~p, handle cast ~p\n", [?MODULE, ?LINE, Event]),
+handle_cast(_Event, State) ->
+    %io:format("~p:~p, handle cast ~p\n", [?MODULE, ?LINE, Event]),
     {noreply, State}.
 
 handle_info({no_rows, N}, State = #state{grid=Grid, status=StatusBar}) ->
     wxListCtrl:setItemCount(Grid, N),
     wxStatusBar:setStatusText(StatusBar, io_lib:format("Objects: ~w",[N])),
     {noreply, State};
+
 handle_info({new_cols, New}, State = #state{grid=Grid, columns=Cols0}) ->
     Cols = add_columns(Grid, Cols0, New),
     {noreply, State#state{columns=Cols}};
+
 handle_info({refresh, Min, Max}, State = #state{grid=Grid}) ->
     wxListCtrl:refreshItems(Grid, Min, Max),
     {noreply, State};
+
+handle_info(refresh_interval, State = #state{pid=Pid}) ->
+    Pid ! refresh,
+    {noreply, State};
+
 handle_info({error, Error}, State = #state{frame=Frame}) ->
-    Dlg = wxMessageDialog:new(Frame, Error),
+    ErrorStr =
+	try io_lib:format("~ts", [Error]), Error
+	catch _:_ -> io_lib:format("~p", [Error])
+	end,
+    Dlg = wxMessageDialog:new(Frame, ErrorStr),
     wxMessageDialog:showModal(Dlg),
     wxMessageDialog:destroy(Dlg),
     {noreply, State};
 
-handle_info(Event, State) ->
-    io:format("~p:~p, handle info ~p\n", [?MODULE, ?LINE, Event]),
+handle_info(_Event, State) ->
+    %% io:format("~p:~p, handle info ~p\n", [?MODULE, ?LINE, _Event]),
     {noreply, State}.
 
 terminate(_Event, #state{pid=Pid, attrs=Attrs}) ->
@@ -537,7 +516,7 @@ table_holder(S0 = #holder{parent=Parent, pid=Pid, table=Table}) ->
 	    %% io:format("ignoring refresh", []),
 	    table_holder(S0);
 	refresh ->
-	    GetTab = rpc:call(S0#holder.node, ?MODULE, get_table,
+	    GetTab = rpc:call(S0#holder.node, observer_backend, get_table,
 			      [self(), S0#holder.tabid, S0#holder.source]),
 	    table_holder(S0#holder{pid=GetTab});
 	{delete, Row} ->
@@ -620,19 +599,22 @@ search([Str, Row, Dir0, CaseSens],
 	      true -> [];
 	      false -> [caseless]
 	  end,
-    {ok, Re} = re:compile(Str, Opt),
     Dir = case Dir0 of
 	      true -> 1;
 	      false -> -1
 	  end,
-    Res = search(Row, Dir, Re, Table),
+    Res = case re:compile(Str, Opt) of
+	      {ok, Re} ->
+		  search(Row, Dir, Re, Table);
+	      {error, _} -> false
+	  end,
     Parent ! {self(), Res},
     S#holder{search=Res}.
 
 search(Row, Dir, Re, Table) ->
     Res = try lists:nth(Row+1, Table) of
 	      Term ->
-		  Str = io_lib:format("~w", [Term]),
+		  Str = format(Term),
 		  re:run(Str, Re)
 	  catch _:_ -> no_more
 	  end,
@@ -645,9 +627,9 @@ search(Row, Dir, Re, Table) ->
 get_row(From, Row, Col, Table) ->
     case lists:nth(Row+1, Table) of
 	[Object|_] when Col =:= all ->
-	    From ! {self(), io_lib:format("~w", [Object])};
+	    From ! {self(), format(Object)};
 	[Object|_] when tuple_size(Object) >= Col ->
-	    From ! {self(), io_lib:format("~w", [element(Col, Object)])};
+	    From ! {self(), format(element(Col, Object))};
 	_ ->
 	    From ! {self(), ""}
     end.
@@ -738,49 +720,6 @@ insert(Object, #holder{tabid=Id, source=Source, node=Node}) ->
     end.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-get_table(Parent, Table, Module) ->
-    spawn(fun() ->
-		  link(Parent),
-		  get_table2(Parent, Table, Module)
-	  end).
-
-get_table2(Parent, Table, Type) ->
-    Size = case Type of
-	       ets -> ets:info(Table, size);
-	       mnesia -> mnesia:table_info(Table, size)
-	   end,
-    case Size > 0 of
-	false ->
-	    Parent ! {self(), '$end_of_table'},
-	    normal;
-	true when Type =:= ets ->
-	    Mem = ets:info(Table, memory),
-	    Average = Mem div Size,
-	    NoElements = max(10, 20000 div Average),
-	    get_ets_loop(Parent, ets:match(Table, '$1', NoElements));
-	true ->
-	    Mem = mnesia:table_info(Table, memory),
-	    Average = Mem div Size,
-	    NoElements = max(10, 20000 div Average),
-	    Ms = [{'$1', [], ['$1']}],
-	    Get = fun() ->
-			  get_mnesia_loop(Parent, mnesia:select(Table, Ms, NoElements, read))
-		  end,
-	    %% Not a transaction, we don't want to grab locks when inspecting the table
-	    mnesia:async_dirty(Get)
-    end.
-
-get_ets_loop(Parent, '$end_of_table') ->
-    Parent ! {self(), '$end_of_table'};
-get_ets_loop(Parent, {Match, Cont}) ->
-    Parent ! {self(), Match},
-    get_ets_loop(Parent, ets:match(Cont)).
-
-get_mnesia_loop(Parent, '$end_of_table') ->
-    Parent ! {self(), '$end_of_table'};
-get_mnesia_loop(Parent, {Match, Cont}) ->
-    Parent ! {self(), Match},
-    get_ets_loop(Parent, mnesia:select(Cont)).
 
 column_names(Node, Type, Table) ->
     case Type of
@@ -799,3 +738,58 @@ key_pos(Node, ets, TabId) ->
     KeyPos = rpc:call(Node, ets, info, [TabId, keypos]),
     is_integer(KeyPos) orelse throw(node_or_table_down),
     KeyPos.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+format(Tuple) when is_tuple(Tuple) ->
+    [${ |format_tuple(Tuple, 1, tuple_size(Tuple))];
+format(List) when is_list(List) ->
+    format_list(List);
+format(Bin) when is_binary(Bin), byte_size(Bin) > 100 ->
+    io_lib:format("<<#Bin:~w>>", [byte_size(Bin)]);
+format(Float) when is_float(Float) ->
+    io_lib:format("~.3g", [Float]);
+format(Term) ->
+    io_lib:format("~w", [Term]).
+
+format_tuple(Tuple, I, Max) when I < Max ->
+    [format(element(I, Tuple)), $,|format_tuple(Tuple, I+1, Max)];
+format_tuple(Tuple, Max, Max) ->
+    [format(element(Max, Tuple)), $}];
+format_tuple(_Tuple, 1, 0) ->
+    [$}].
+
+format_list([]) -> "[]";
+format_list(List) ->
+    case printable_list(List) of
+	true ->  io_lib:format("\"~ts\"", [List]);
+	false -> [$[ | make_list(List)]
+    end.
+
+make_list([Last]) ->
+    [format(Last), $]];
+make_list([Head|Tail]) ->
+    [format(Head), $,|make_list(Tail)].
+
+%% printable_list([Char]) -> bool()
+%%  Return true if CharList is a list of printable characters, else
+%%  false.
+
+printable_list([C|Cs]) when is_integer(C), C >= $ , C =< 255 ->
+    printable_list(Cs);
+printable_list([$\n|Cs]) ->
+    printable_list(Cs);
+printable_list([$\r|Cs]) ->
+    printable_list(Cs);
+printable_list([$\t|Cs]) ->
+    printable_list(Cs);
+printable_list([$\v|Cs]) ->
+    printable_list(Cs);
+printable_list([$\b|Cs]) ->
+    printable_list(Cs);
+printable_list([$\f|Cs]) ->
+    printable_list(Cs);
+printable_list([$\e|Cs]) ->
+    printable_list(Cs);
+printable_list([]) -> true;
+printable_list(_Other) -> false.	     %Everything else is false
diff --git a/lib/observer/src/observer_tv_wx.erl b/lib/observer/src/observer_tv_wx.erl
index ded03fadb1..b276965f83 100644
--- a/lib/observer/src/observer_tv_wx.erl
+++ b/lib/observer/src/observer_tv_wx.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2011. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,8 +23,6 @@
 -export([init/1, handle_info/2, terminate/2, code_change/3, handle_call/3,
 	 handle_event/2, handle_sync_event/3, handle_cast/2]).
 
--export([get_table_list/1]). %% RPC called move to runtime tools?
-
 -behaviour(wx_object).
 -include_lib("wx/include/wx.hrl").
 -include("observer_defs.hrl").
@@ -92,8 +90,7 @@ init([Notebook, Parent]) ->
     wxListCtrl:connect(Grid, size, [{skip, true}]),
 
     wxWindow:setFocus(Grid),
-    Timer = observer_lib:start_timer(10),
-    {Panel, #state{grid=Grid, parent=Parent, timer=Timer}}.
+    {Panel, #state{grid=Grid, parent=Parent, timer={false, 10}}}.
 
 handle_event(#wx{id=?ID_REFRESH},
 	     State = #state{node=Node, grid=Grid, opt=Opt}) ->
@@ -121,20 +118,18 @@ handle_event(#wx{id=Id}, State = #state{node=Node, grid=Grid, opt=Opt0})
 	      ?ID_UNREADABLE -> Opt0#opt{unread_hidden= not Opt0#opt.unread_hidden};
 	      ?ID_SYSTEM_TABLES -> Opt0#opt{sys_hidden= not Opt0#opt.sys_hidden}
 	  end,
-    Tables = get_tables(Node, Opt),
-    Tabs = update_grid(Grid, Opt, Tables),
-    wxWindow:setFocus(Grid),
-    {noreply, State#state{opt=Opt, tabs=Tabs}};
+    case get_tables2(Node, Opt) of
+	Error = {error, _} ->
+	    self() ! Error,
+	    {noreply, State};
+	Tables ->
+	    Tabs = update_grid(Grid, Opt, Tables),
+	    wxWindow:setFocus(Grid),
+	    {noreply, State#state{opt=Opt, tabs=Tabs}}
+    end;
 
 handle_event(#wx{event=#wxSize{size={W,_}}},  State=#state{grid=Grid}) ->
-    wx:batch(fun() ->
-		     Cols = wxListCtrl:getColumnCount(Grid),
-		     Last = lists:foldl(fun(I, Last) ->
-						Last - wxListCtrl:getColumnWidth(Grid, I)
-					end, W-?LCTRL_WDECR, lists:seq(0, Cols - 2)),
-		     Size = max(200, Last),
-		     wxListCtrl:setColumnWidth(Grid, Cols-1, Size)
-	     end),
+    observer_lib:set_listctrl_col_size(Grid, W),
     {noreply, State};
 
 handle_event(#wx{obj=Grid, event=#wxList{type=command_list_item_activated,
@@ -169,18 +164,17 @@ handle_event(#wx{id=?ID_REFRESH_INTERVAL},
     Timer = observer_lib:interval_dialog(Grid, Timer0, 10, 5*60),
     {noreply, State#state{timer=Timer}};
 
-handle_event(Event, State) ->
-    io:format("~p:~p, handle event ~p\n", [?MODULE, ?LINE, Event]),
-    {noreply, State}.
+handle_event(Event, _State) ->
+    error({unhandled_event, Event}).
 
 handle_sync_event(_Event, _Obj, _State) ->
     ok.
 
-handle_call(_Event, _From, State) ->
-    {noreply, State}.
+handle_call(Event, From, _State) ->
+    error({unhandled_call, Event, From}).
 
-handle_cast(_Event, State) ->
-    {noreply, State}.
+handle_cast(Event, _State) ->
+    error({unhandled_cast, Event}).
 
 handle_info(refresh_interval, State = #state{node=Node, grid=Grid, opt=Opt}) ->
     Tables = get_tables(Node, Opt),
@@ -200,12 +194,6 @@ handle_info(not_active, State = #state{timer = Timer0}) ->
     Timer = observer_lib:stop_timer(Timer0),
     {noreply, State#state{timer=Timer}};
 
-handle_info({node, Node}, State = #state{grid=Grid, opt=Opt}) ->
-    Tables = get_tables(Node, Opt),
-    Tabs = update_grid(Grid, Opt, Tables),
-    wxWindow:setFocus(Grid),
-    {noreply, State#state{node=Node, tabs=Tabs}};
-
 handle_info({error, Error}, State) ->
     handle_error(Error),
     {noreply, State};
@@ -240,95 +228,41 @@ create_menus(Parent, #opt{sys_hidden=Sys, unread_hidden=UnR, type=Type}) ->
 		    ]}],
     observer_wx:create_menus(Parent, MenuEntries).
 
-get_tables(Node, Opt) ->
-    case rpc:call(Node, ?MODULE, get_table_list, [Opt]) of
-	{badrpc, Error} ->
-	    self() ! {error, Error},
-	    [];
-	{error, Error} ->
-	    self() ! {error, Error},
+get_tables(Node, Opts) ->
+    case get_tables2(Node, Opts) of
+	Error = {error, _} ->
+	    self() ! Error,
 	    [];
+	Res ->
+	    Res
+    end.
+get_tables2(Node, #opt{type=Type, sys_hidden=Sys, unread_hidden=Unread}) ->
+    Args = [Type, [{sys_hidden,Sys}, {unread_hidden,Unread}]],
+    case rpc:call(Node, observer_backend, get_table_list, Args) of
+	{badrpc, Error} ->
+	    {error, Error};
+	Error = {error, _} ->
+	    Error;
 	Result ->
-	    Result
+	    [list_to_tabrec(Tab) || Tab <- Result]
     end.
 
-get_table_list(#opt{type=ets, unread_hidden=HideUnread, sys_hidden=HideSys}) ->
-    Info = fun(Id, Acc) ->
-		   try
-		       TabId = case ets:info(Id, named_table) of
-				   true -> ignore;
-				   false -> Id
-			       end,
-		       Name = ets:info(Id, name),
-		       Protection = ets:info(Id, protection),
-		       ignore(HideUnread andalso Protection == private, unreadable),
-		       Owner = ets:info(Id, owner),
-		       RegName = case catch process_info(Owner, registered_name) of
-				     [] -> ignore;
-				     {registered_name, ProcName} -> ProcName
-				 end,
-		       ignore(HideSys andalso ordsets:is_element(RegName, sys_processes()), system_tab),
-		       ignore(HideSys andalso ordsets:is_element(Name, sys_tables()), system_tab),
-		       ignore((RegName == mnesia_monitor)
-			      andalso Name /= schema
-			      andalso is_atom((catch mnesia:table_info(Name, where_to_read))), mnesia_tab),
-		       Memory = ets:info(Id, memory) * erlang:system_info(wordsize),
-		       Tab = #tab{name = Name,
-				  id = TabId,
-				  protection = Protection,
-				  owner = Owner,
-				  size = ets:info(Id, size),
-				  reg_name = RegName,
-				  type = ets:info(Id, type),
-				  keypos = ets:info(Id, keypos),
-				  heir = ets:info(Id, heir),
-				  memory = Memory,
-				  compressed = ets:info(Id, compressed),
-				  fixed = ets:info(Id, fixed)
-				 },
-		       [Tab|Acc]
-		   catch _:_What ->
-			   %% io:format("Skipped ~p: ~p ~n",[Id, _What]),
-			   Acc
-		   end
-	   end,
-    lists:foldl(Info, [], ets:all());
-get_table_list(#opt{type=mnesia, sys_hidden=HideSys}) ->
-    Owner = ets:info(schema, owner),
-    Owner /= undefined orelse
-	throw({error, "Mnesia is not running on: " ++ atom_to_list(node())}),
-    {registered_name, RegName} = process_info(Owner, registered_name),
-    Info = fun(Id, Acc) ->
-		   try
-		       Name = Id,
-		       ignore(HideSys andalso ordsets:is_element(Name, mnesia_tables()), system_tab),
-		       ignore(Name =:= schema, mnesia_tab),
-		       Storage = mnesia:table_info(Id, storage_type),
-		       Tab0 = #tab{name = Name,
-				   owner = Owner,
-				   size = mnesia:table_info(Id, size),
-				   reg_name = RegName,
-				   type = mnesia:table_info(Id, type),
-				   keypos = 2,
-				   memory = mnesia:table_info(Id, memory) * erlang:system_info(wordsize),
-				   storage = Storage,
-				   index = mnesia:table_info(Id, index)
-				  },
-		       Tab = if Storage == disc_only_copies ->
-				     Tab0#tab{fixed = element(2, dets:info(Id, safe_fixed)) /= []};
-				(Storage == ram_copies) orelse
-				(Storage == disc_copies) ->
-				     Tab0#tab{fixed = ets:info(Id, fixed),
-					      compressed = ets:info(Id, compressed)};
-				true -> Tab0
-			     end,
-		       [Tab|Acc]
-		   catch _:_What ->
-			   %% io:format("Skipped ~p: ~p ~n",[Id, _What]),
-			   Acc
-		   end
-	   end,
-    lists:foldl(Info, [], mnesia:system_info(tables)).
+list_to_tabrec(PL) ->
+    #tab{name = proplists:get_value(name, PL),
+	 id = proplists:get_value(id, PL, ignore),
+	 size = proplists:get_value(size, PL, 0),
+	 memory= proplists:get_value(memory, PL, 0),   %% In bytes
+	 owner=proplists:get_value(owner, PL),
+	 reg_name=proplists:get_value(reg_name, PL),
+	 protection = proplists:get_value(protection, PL, public),
+	 type=proplists:get_value(type, PL, set),
+	 keypos=proplists:get_value(keypos, PL, 1),
+	 heir=proplists:get_value(heir, PL, none),
+	 compressed=proplists:get_value(compressed, PL, false),
+	 fixed=proplists:get_value(fixed, PL, false),
+	 %% Mnesia Info
+	 storage =proplists:get_value(storage, PL),
+	 index = proplists:get_value(index, PL)}.
 
 display_table_info(Parent0, Node, Source, Table) ->
     Parent = observer_lib:get_wx_parent(Parent0),
@@ -379,62 +313,9 @@ display_table_info(Parent0, Node, Source, Table) ->
 
 list_to_strings([]) -> "None";
 list_to_strings([A]) -> integer_to_list(A);
-list_to_strings([A,B]) ->
+list_to_strings([A|B]) ->
     integer_to_list(A) ++ " ," ++ list_to_strings(B).
 
-sys_tables() ->
-    [ac_tab,  asn1,
-     cdv_dump_index_table,  cdv_menu_table,  cdv_decode_heap_table,
-     cell_id,  cell_pos,  clist,
-     cover_internal_data_table,   cover_collected_remote_data_table, cover_binary_code_table,
-     code, code_names,  cookies,
-     corba_policy,  corba_policy_associations,
-     dets, dets_owners, dets_registry,
-     disk_log_names, disk_log_pids,
-     eprof,  erl_atom_cache, erl_epmd_nodes,
-     etop_accum_tab,  etop_tr,
-     ets_coverage_data,
-     file_io_servers,
-     gs_mapping, gs_names,  gstk_db,
-     gstk_grid_cellid, gstk_grid_cellpos, gstk_grid_id,
-     httpd,
-     id,
-     ign_req_index, ign_requests,
-     index,
-     inet_cache, inet_db, inet_hosts,
-     'InitialReferences',
-     int_db,
-     interpreter_includedirs_macros,
-     ir_WstringDef,
-     lmcounter,  locks,
-%     mnesia_decision,
-     mnesia_gvar, mnesia_stats,
-%     mnesia_transient_decision,
-     pg2_table,
-     queue,
-     schema,
-     shell_records,
-     snmp_agent_table, snmp_local_db2, snmp_mib_data, snmp_note_store, snmp_symbolic_ets,
-     tkFun, tkLink, tkPriv,
-     ttb, ttb_history_table,
-     udp_fds, udp_pids
-    ].
-
-sys_processes() ->
-    [auth, code_server, global_name_server, inet_db,
-     mnesia_recover, net_kernel, timer_server, wxe_master].
-
-mnesia_tables() ->
-    [ir_AliasDef, ir_ArrayDef, ir_AttributeDef, ir_ConstantDef,
-     ir_Contained, ir_Container, ir_EnumDef, ir_ExceptionDef,
-     ir_IDLType, ir_IRObject, ir_InterfaceDef, ir_ModuleDef,
-     ir_ORB, ir_OperationDef, ir_PrimitiveDef, ir_Repository,
-     ir_SequenceDef, ir_StringDef, ir_StructDef, ir_TypedefDef,
-     ir_UnionDef, logTable, logTransferTable, mesh_meas,
-     mesh_type, mnesia_clist, orber_CosNaming,
-     orber_objkeys, user
-    ].
-
 handle_error(Foo) ->
     Str = io_lib:format("ERROR: ~s~n",[Foo]),
     observer_lib:display_info_dialog(Str).
@@ -470,6 +351,3 @@ update_grid2(Grid, #opt{sort_key=Sort,sort_incr=Dir}, Tables) ->
 	       end,
     lists:foldl(Update, 0, ProcInfo),
     ProcInfo.
-
-ignore(true, Reason) -> throw(Reason);
-ignore(_,_ ) -> ok.
diff --git a/lib/observer/src/observer_wx.erl b/lib/observer/src/observer_wx.erl
index f9dec1ab1b..5a593abf11 100644
--- a/lib/observer/src/observer_wx.erl
+++ b/lib/observer/src/observer_wx.erl
@@ -54,13 +54,17 @@
 	 tv_panel,
 	 sys_panel,
 	 trace_panel,
+	 app_panel,
 	 active_tab,
 	 node,
 	 nodes
 	}).
 
 start() ->
-    wx_object:start(?MODULE, [], []).
+    case wx_object:start(?MODULE, [], []) of
+	Err = {error, _} -> Err;
+	_Obj -> ok
+    end.
 
 create_menus(Object, Menus) when is_list(Menus) ->
     wx_object:call(Object, {create_menus, Menus}).
@@ -78,7 +82,7 @@ init(_Args) ->
     wx:new(),
     catch wxSystemOptions:setOption("mac.listctrl.always_use_generic", 1),
     Frame = wxFrame:new(wx:null(), ?wxID_ANY, "Observer",
-			[{size, {1000, 500}}, {style, ?wxDEFAULT_FRAME_STYLE}]),
+			[{size, {850, 600}}, {style, ?wxDEFAULT_FRAME_STYLE}]),
     IconFile = filename:join(code:priv_dir(observer), "erlang_observer.png"),
     Icon = wxIcon:new(IconFile, [{type,?wxBITMAP_TYPE_PNG}]),
     wxFrame:setIcon(Frame, Icon),
@@ -125,6 +129,10 @@ setup(#state{frame = Frame} = State) ->
     %% I postpone the creation of the other tabs so they can query/use
     %% the window size
 
+    %% App Viewer Panel
+    AppPanel = observer_app_wx:start_link(Notebook, self()),
+    wxNotebook:addPage(Notebook, AppPanel, "Applications", []),
+
     %% Process Panel
     ProPanel = observer_pro_wx:start_link(Notebook, self()),
     wxNotebook:addPage(Notebook, ProPanel, "Processes", []),
@@ -137,6 +145,7 @@ setup(#state{frame = Frame} = State) ->
     TracePanel = observer_trace_wx:start_link(Notebook, self()),
     wxNotebook:addPage(Notebook, TracePanel, ?TRACE_STR, []),
 
+
     %% Force redraw (window needs it)
     wxWindow:refresh(Panel),
 
@@ -150,16 +159,24 @@ setup(#state{frame = Frame} = State) ->
 			   pro_panel = ProPanel,
 			   tv_panel  = TVPanel,
 			   trace_panel = TracePanel,
+			   app_panel = AppPanel,
 			   active_tab = SysPid,
 			   node  = node(),
 			   nodes = Nodes
 			  },
     %% Create resources which we don't want to duplicate
-    SysFont = wxSystemSettings:getFont(?wxSYS_DEFAULT_GUI_FONT),
-    SysFontSize = wxFont:getPointSize(SysFont),
-    Modern = wxFont:new(SysFontSize, ?wxFONTFAMILY_MODERN, ?wxFONTSTYLE_NORMAL, ?wxFONTWEIGHT_NORMAL),
-    put({font, modern}, Modern),
-    put({font, fixed}, Modern),
+    SysFont = wxSystemSettings:getFont(?wxSYS_SYSTEM_FIXED_FONT),
+    %% OemFont = wxSystemSettings:getFont(?wxSYS_OEM_FIXED_FONT),
+    %% io:format("Sz sys ~p(~p) oem ~p(~p)~n",
+    %% 	      [wxFont:getPointSize(SysFont), wxFont:isFixedWidth(SysFont),
+    %% 	       wxFont:getPointSize(OemFont), wxFont:isFixedWidth(OemFont)]),
+    Fixed = case wxFont:isFixedWidth(SysFont) of
+		true -> SysFont;
+		false -> %% Sigh
+		    SysFontSize = wxFont:getPointSize(SysFont),
+		    wxFont:new(SysFontSize, ?wxFONTFAMILY_MODERN, ?wxFONTSTYLE_NORMAL, ?wxFONTWEIGHT_NORMAL)
+	    end,
+    put({font, fixed}, Fixed),
     UpdState.
 
 
@@ -270,10 +287,13 @@ handle_cast(_Cast, State) ->
 
 handle_call({create_menus, TabMenus}, _From,
 	    State = #state{menubar=MenuBar, menus=PrevTabMenus}) ->
-    wx:batch(fun() ->
-		     clean_menus(PrevTabMenus, MenuBar),
-		     observer_lib:create_menus(TabMenus, MenuBar, plugin)
-	     end),
+    if TabMenus == PrevTabMenus -> ignore;
+       true ->
+	    wx:batch(fun() ->
+			     clean_menus(PrevTabMenus, MenuBar),
+			     observer_lib:create_menus(TabMenus, MenuBar, plugin)
+		     end)
+    end,
     {reply, ok, State#state{menus=TabMenus}};
 
 handle_call({get_attrib, Attrib}, _From, State) ->
@@ -302,6 +322,10 @@ handle_info({nodedown, Node},
     create_txt_dialog(Frame, Msg, "Node down", ?wxICON_EXCLAMATION),
     {noreply, State3};
 
+handle_info({'EXIT', _Pid, _Reason}, State) ->
+    io:format("Child crashed exiting:  ~p ~p~n", [_Pid,_Reason]),
+    {stop, normal, State};
+
 handle_info(_Info, State) ->
     {noreply, State}.
 
@@ -368,9 +392,8 @@ connect2(NodeName, Opts, Cookie) ->
 	    {error, net_kernel, Reason}
     end.
 
-change_node_view(Node, State = #state{pro_panel=Pro, sys_panel=Sys, tv_panel=Tv}) ->
-    lists:foreach(fun(Pid) -> wx_object:get_pid(Pid) ! {node, Node} end,
-		  [Pro, Sys, Tv]),
+change_node_view(Node, State) ->
+    get_active_pid(State) ! {active, Node},
     StatusText = ["Observer - " | atom_to_list(Node)],
     wxFrame:setTitle(State#state.frame, StatusText),
     wxStatusBar:setStatusText(State#state.status_bar, StatusText),
@@ -380,12 +403,14 @@ check_page_title(Notebook) ->
     Selection = wxNotebook:getSelection(Notebook),
     wxNotebook:getPageText(Notebook, Selection).
 
-get_active_pid(#state{notebook=Notebook, pro_panel=Pro, sys_panel=Sys, tv_panel=Tv, trace_panel=Trace}) ->
+get_active_pid(#state{notebook=Notebook, pro_panel=Pro, sys_panel=Sys,
+		      tv_panel=Tv, trace_panel=Trace, app_panel=App}) ->
     Panel = case check_page_title(Notebook) of
 		"Processes" -> Pro;
 		"System" -> Sys;
 		"Table Viewer" -> Tv;
-		?TRACE_STR -> Trace
+		?TRACE_STR -> Trace;
+		"Applications" -> App
 	    end,
     wx_object:get_pid(Panel).
 
@@ -468,7 +493,7 @@ default_menus(NodesMenuItems) ->
 				 [#create_menu{id = ?ID_CONNECT, text = "Enable distribution"}]}
 	       end,
     case os:type() =:= {unix, darwin} of
-	false -> 
+	false ->
 	    FileMenu = {"File", [Quit]},
 	    HelpMenu = {"Help", [About,Help]},
 	    [FileMenu, NodeMenu, HelpMenu];
diff --git a/lib/observer/test/crashdump_helper.erl b/lib/observer/test/crashdump_helper.erl
index d1c65f97e8..520fcdfd0d 100644
--- a/lib/observer/test/crashdump_helper.erl
+++ b/lib/observer/test/crashdump_helper.erl
@@ -19,7 +19,7 @@
 
 -module(crashdump_helper).
 -export([n1_proc/2,remote_proc/2]).
--compile(r12).
+-compile(r13).
 -include("test_server.hrl").
 
 n1_proc(N2,Creator) ->
diff --git a/lib/observer/test/crashdump_viewer_SUITE.erl b/lib/observer/test/crashdump_viewer_SUITE.erl
index fdc4a2f1ff..79ece7edf5 100644
--- a/lib/observer/test/crashdump_viewer_SUITE.erl
+++ b/lib/observer/test/crashdump_viewer_SUITE.erl
@@ -70,7 +70,7 @@ init_per_suite(Config) when is_list(Config) ->
     application:start(inets), % will be using the http client later
     httpc:set_options([{ipfamily,inet6fb4}]),
     DataDir = ?config(data_dir,Config),
-    Rels = [R || R <- [r12b,r13b], ?t:is_release_available(R)] ++ [current],
+    Rels = [R || R <- [r13b,r14b], ?t:is_release_available(R)] ++ [current],
     io:format("Creating crash dumps for the following releases: ~p", [Rels]),
     AllDumps = create_dumps(DataDir,Rels),
     ?t:timetrap_cancel(Dog),
@@ -722,7 +722,8 @@ dump_prefix(Rel) ->
 	r11b -> "r11b_dump.";
 	r12b -> "r12b_dump.";
 	r13b -> "r13b_dump.";
-	current -> "r14b_dump."
+	r14b -> "r14b_dump.";
+	current -> "r15b_dump."
     end.
 
 compat_rel(Rel) ->
@@ -733,5 +734,6 @@ compat_rel(Rel) ->
 	r11b -> "+R11 ";
 	r12b -> "+R12 ";
 	r13b -> "+R13 ";
+	r14b -> "+R13 ";
 	current -> ""
     end.
diff --git a/lib/observer/test/etop_SUITE.erl b/lib/observer/test/etop_SUITE.erl
index a0782ea809..a277453620 100644
--- a/lib/observer/test/etop_SUITE.erl
+++ b/lib/observer/test/etop_SUITE.erl
@@ -57,11 +57,14 @@ end_per_group(_GroupName, Config) ->
     Config.
 
 
-text(suite) ->
-    [];
-text(doc) ->
-    ["Start etop with text presentation"];
-text(Config) when is_list(Config) ->
+%% Start etop with text presentation
+text(_) ->
+    case test_server:is_native(lists) of
+	true -> {skip,"Native libs -- tracing does not work"};
+	false -> text()
+    end.
+
+text() ->
     ?line {ok,Node} = ?t:start_node(node2,peer,[]),
 
     %% Must spawn this process, else the test case will never end.
diff --git a/lib/observer/vsn.mk b/lib/observer/vsn.mk
index 76e2f591fa..fa104ede01 100644
--- a/lib/observer/vsn.mk
+++ b/lib/observer/vsn.mk
@@ -1 +1 @@
-OBSERVER_VSN = 0.9.10
+OBSERVER_VSN = 1.0
diff --git a/lib/odbc/aclocal.m4 b/lib/odbc/aclocal.m4
index 151fd5ea5a..339a15a2bb 120000..100644
--- a/lib/odbc/aclocal.m4
+++ b/lib/odbc/aclocal.m4
@@ -1 +1,1766 @@
-../../erts/aclocal.m4
\ No newline at end of file
+dnl
+dnl %CopyrightBegin%
+dnl
+dnl Copyright Ericsson AB 1998-2011. All Rights Reserved.
+dnl
+dnl The contents of this file are subject to the Erlang Public License,
+dnl Version 1.1, (the "License"); you may not use this file except in
+dnl compliance with the License. You should have received a copy of the
+dnl Erlang Public License along with this software. If not, it can be
+dnl retrieved online at http://www.erlang.org/.
+dnl
+dnl Software distributed under the License is distributed on an "AS IS"
+dnl basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+dnl the License for the specific language governing rights and limitations
+dnl under the License.
+dnl
+dnl %CopyrightEnd%
+dnl
+
+dnl
+dnl aclocal.m4
+dnl
+dnl Local macros used in configure.in. The Local Macros which
+dnl could/should be part of autoconf are prefixed LM_, macros specific
+dnl to the Erlang system are prefixed ERL_.
+dnl
+
+AC_DEFUN(LM_PRECIOUS_VARS,
+[
+
+dnl ERL_TOP
+AC_ARG_VAR(ERL_TOP, [Erlang/OTP top source directory])
+
+dnl Tools
+AC_ARG_VAR(CC, [C compiler])
+AC_ARG_VAR(CFLAGS, [C compiler flags])
+AC_ARG_VAR(STATIC_CFLAGS, [C compiler static flags])
+AC_ARG_VAR(CFLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag passed via C compiler])
+AC_ARG_VAR(CPP, [C/C++ preprocessor])
+AC_ARG_VAR(CPPFLAGS, [C/C++ preprocessor flags])
+AC_ARG_VAR(CXX, [C++ compiler])
+AC_ARG_VAR(CXXFLAGS, [C++ compiler flags])
+AC_ARG_VAR(LD, [linker (is often overridden by configure)])
+AC_ARG_VAR(LDFLAGS, [linker flags (can be risky to set since LD may be overriden by configure)])
+AC_ARG_VAR(LIBS, [libraries])
+AC_ARG_VAR(DED_LD, [linker for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LDFLAGS, [linker flags for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LD_FLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(LFS_CFLAGS, [large file support C compiler flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LDFLAGS, [large file support linker flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LIBS, [large file support libraries (set all LFS_* variables or none)])
+AC_ARG_VAR(RANLIB, [ranlib])
+AC_ARG_VAR(AR, [ar])
+AC_ARG_VAR(GETCONF, [getconf])
+
+dnl Cross system root
+AC_ARG_VAR(erl_xcomp_sysroot, [Absolute cross system root path (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_isysroot, [Absolute cross system root include path (only used when cross compiling)])
+
+dnl Cross compilation variables
+AC_ARG_VAR(erl_xcomp_bigendian, [big endian system: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_clock_gettime_correction, [clock_gettime() can be used for time correction: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_nptl, [have Native POSIX Thread Library: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigusrx, [SIGUSR1 and SIGUSR2 can be used: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigaltstack, [have working sigaltstack(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_poll, [have working poll(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_kqueue, [have working kqueue(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_putenv_copy, [putenv() stores key-value copy: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_reliable_fpe, [have reliable floating point exceptions: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_getaddrinfo, [have working getaddrinfo() for both IPv4 and IPv6: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_gethrvtime_procfs_ioctl, [have working gethrvtime() which can be used with procfs ioctl(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_clock_gettime_cpu_time, [clock_gettime() can be used for retrieving process CPU time: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_after_morecore_hook, [__after_morecore_hook can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_dlsym_brk_wrappers, [dlsym(RTLD_NEXT, _) brk wrappers can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+
+])
+
+AC_DEFUN(ERL_XCOMP_SYSROOT_INIT,
+[
+erl_xcomp_without_sysroot=no
+if test "$cross_compiling" = "yes"; then
+    test "$erl_xcomp_sysroot" != "" || erl_xcomp_without_sysroot=yes
+    test "$erl_xcomp_isysroot" != "" || erl_xcomp_isysroot="$erl_xcomp_sysroot"
+else
+    erl_xcomp_sysroot=
+    erl_xcomp_isysroot=
+fi
+])
+
+AC_DEFUN(LM_CHECK_GETCONF,
+[
+if test "$cross_compiling" != "yes"; then
+    AC_CHECK_PROG([GETCONF], [getconf], [getconf], [false])
+else
+    dnl First check if we got a `<HOST>-getconf' in $PATH
+    host_getconf="$host_alias-getconf"
+    AC_CHECK_PROG([GETCONF], [$host_getconf], [$host_getconf], [false])
+    if test "$GETCONF" = "false" && test "$erl_xcomp_sysroot" != ""; then
+	dnl We should perhaps give up if we have'nt found it by now, but at
+	dnl least in one Tilera MDE `getconf' under sysroot is a bourne
+	dnl shell script which we can use. We try to find `<HOST>-getconf'
+    	dnl or `getconf' under sysconf, but only under sysconf since
+	dnl `getconf' in $PATH is almost guaranteed to be for the build
+	dnl machine.
+	GETCONF=
+	prfx="$erl_xcomp_sysroot"
+        AC_PATH_TOOL([GETCONF], [getconf], [false],
+	             ["$prfx/usr/bin:$prfx/bin:$prfx/usr/local/bin"])
+    fi
+fi
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_WINDOWS_ENVIRONMENT
+dnl
+dnl
+dnl Tries to determine thw windows build environment, i.e. 
+dnl MIXED_CYGWIN_VC or MIXED_MSYS_VC 
+dnl
+
+AC_DEFUN(LM_WINDOWS_ENVIRONMENT,
+[
+MIXED_CYGWIN=no
+MIXED_MSYS=no
+
+AC_MSG_CHECKING(for mixed cygwin or msys and native VC++ environment)
+if test "X$host" = "Xwin32" -a "x$GCC" != "xyes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([Cygwin and VC])
+		MIXED_CYGWIN_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_VC"
+	elif test -x /usr/bin/msysinfo; then
+	        CFLAGS="-O2"
+		MIXED_MSYS=yes
+		AC_MSG_RESULT([MSYS and VC])
+		MIXED_MSYS_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_MSYS_VC"
+	else		    
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_VC=no
+	MIXED_MSYS_VC=no
+fi
+AC_SUBST(MIXED_CYGWIN_VC)
+AC_SUBST(MIXED_MSYS_VC)
+
+MIXED_VC=no
+if test "x$MIXED_MSYS_VC" = "xyes" -o  "x$MIXED_CYGWIN_VC" = "xyes" ; then
+   MIXED_VC=yes
+fi
+
+AC_SUBST(MIXED_VC)
+
+if test "x$MIXED_MSYS" != "xyes"; then
+   AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
+   if test "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([yes])
+		MIXED_CYGWIN_MINGW=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_MINGW"
+	else
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+    else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_MINGW=no
+    fi
+else
+	MIXED_CYGWIN_MINGW=no
+fi	
+AC_SUBST(MIXED_CYGWIN_MINGW)
+
+AC_MSG_CHECKING(if we mix cygwin with any native compiler)
+if test "X$MIXED_CYGWIN" = "Xyes"; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_CYGWIN)
+	
+AC_MSG_CHECKING(if we mix msys with another native compiler)
+if test "X$MIXED_MSYS" = "Xyes" ; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_MSYS)
+])		
+	
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_FIND_EMU_CC
+dnl
+dnl
+dnl Tries fairly hard to find a C compiler that can handle jump tables.
+dnl Defines the @EMU_CC@ variable for the makefiles and 
+dnl inserts NO_JUMP_TABLE in the header if one cannot be found...
+dnl
+
+AC_DEFUN(LM_FIND_EMU_CC,
+	[AC_CACHE_CHECK(for a compiler that handles jumptables,
+			ac_cv_prog_emu_cc,
+			[
+AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    __label__ lbl1;
+    __label__ lbl2;
+    int x = magic();
+    static void *jtab[2];
+
+    jtab[0] = &&lbl1;
+    jtab[1] = &&lbl2;
+    goto *jtab[x];
+lbl1:
+    return 1;
+lbl2:
+    return 2;
+],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+
+if test $ac_cv_prog_emu_cc = no; then
+	for ac_progname in emu_cc.sh gcc-4.2 gcc; do
+  		IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  		ac_dummy="$PATH"
+  		for ac_dir in $ac_dummy; do
+    			test -z "$ac_dir" && ac_dir=.
+    			if test -f $ac_dir/$ac_progname; then
+      				ac_cv_prog_emu_cc=$ac_dir/$ac_progname
+      				break
+    			fi
+  		done
+  		IFS="$ac_save_ifs"
+		if test $ac_cv_prog_emu_cc != no; then
+			break
+		fi
+	done
+fi
+
+if test $ac_cv_prog_emu_cc != no; then
+	save_CC=$CC
+	save_CFLAGS=$CFLAGS
+	save_CPPFLAGS=$CPPFLAGS
+	CC=$ac_cv_prog_emu_cc
+	CFLAGS=""
+	CPPFLAGS=""
+	AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    	__label__ lbl1;
+    	__label__ lbl2;
+    	int x = magic();
+    	static void *jtab[2];
+
+    	jtab[0] = &&lbl1;
+    	jtab[1] = &&lbl2;
+    	goto *jtab[x];
+	lbl1:
+    	return 1;
+	lbl2:
+    	return 2;
+	],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+	CC=$save_CC
+	CFLAGS=$save_CFLAGS
+	CPPFLAGS=$save_CPPFLAGS
+fi
+])
+if test $ac_cv_prog_emu_cc = no; then
+	AC_DEFINE(NO_JUMP_TABLE,[],[Defined if no found C compiler can handle jump tables])
+	EMU_CC=$CC
+else
+	EMU_CC=$ac_cv_prog_emu_cc
+fi
+AC_SUBST(EMU_CC)
+])		
+			
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_INSTALL_DIR
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl Figure out how to create directories with parents.
+dnl (In my opinion INSTALL_DIR is a bad name, MKSUBDIRS or something is better)
+dnl
+dnl We prefer 'install -d', but use 'mkdir -p' if it exists.
+dnl If none of these methods works, we give up.
+dnl
+
+
+AC_DEFUN(LM_PROG_INSTALL_DIR,
+[AC_CACHE_CHECK(how to create a directory including parents,
+ac_cv_prog_mkdir_p,
+[
+temp_name_base=config.$$
+temp_name=$temp_name_base/x/y/z
+$INSTALL -d $temp_name >/dev/null 2>&1
+ac_cv_prog_mkdir_p=none
+if test -d $temp_name; then
+        ac_cv_prog_mkdir_p="$INSTALL -d"
+else
+        mkdir -p $temp_name >/dev/null 2>&1
+        if test -d $temp_name; then
+                ac_cv_prog_mkdir_p="mkdir -p"
+        fi
+fi
+rm -fr $temp_name_base           
+])
+
+case "${ac_cv_prog_mkdir_p}" in
+  none) AC_MSG_ERROR(don't know how create directories with parents) ;;
+  *)    INSTALL_DIR="$ac_cv_prog_mkdir_p" AC_SUBST(INSTALL_DIR)     ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_PERL5
+dnl
+dnl Try to find perl version 5. If found set PERL to the absolute path
+dnl of the program, if not found set PERL to false.
+dnl
+dnl On some systems /usr/bin/perl is perl 4 and e.g.
+dnl /usr/local/bin/perl is perl 5. We try to handle this case by
+dnl putting a couple of 
+dnl Tries to handle the case that there are two programs called perl
+dnl in the path and one of them is perl 5 and the other isn't. 
+dnl
+AC_DEFUN(LM_PROG_PERL5,
+[AC_PATH_PROGS(PERL, perl5 perl, false,
+   /usr/local/bin:/opt/local/bin:/usr/local/gnu/bin:${PATH})
+changequote(, )dnl
+dnl[ That bracket is needed to balance the right bracket below
+if test "$PERL" = "false" || $PERL -e 'exit ($] >= 5)'; then
+changequote([, ])dnl
+  ac_cv_path_PERL=false
+  PERL=false
+dnl  AC_MSG_WARN(perl version 5 not found)
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SO_BSDCOMPAT
+dnl
+dnl Check if the system has the SO_BSDCOMPAT flag on sockets (linux) 
+dnl
+AC_DEFUN(LM_DECL_SO_BSDCOMPAT,
+[AC_CACHE_CHECK([for SO_BSDCOMPAT declaration], ac_cv_decl_so_bsdcompat,
+AC_TRY_COMPILE([#include <sys/socket.h>], [int i = SO_BSDCOMPAT;],
+               ac_cv_decl_so_bsdcompat=yes,
+               ac_cv_decl_so_bsdcompat=no))
+
+case "${ac_cv_decl_so_bsdcompat}" in
+  "yes" ) AC_DEFINE(HAVE_SO_BSDCOMPAT,[],
+		[Define if you have SO_BSDCOMPAT flag on sockets]) ;;
+  * ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_INADDR_LOOPBACK
+dnl
+dnl Try to find declaration of INADDR_LOOPBACK, if nowhere provide a default
+dnl
+
+AC_DEFUN(LM_DECL_INADDR_LOOPBACK,
+[AC_CACHE_CHECK([for INADDR_LOOPBACK in netinet/in.h],
+ ac_cv_decl_inaddr_loopback,
+[AC_TRY_COMPILE([#include <sys/types.h>
+#include <netinet/in.h>], [int i = INADDR_LOOPBACK;],
+ac_cv_decl_inaddr_loopback=yes, ac_cv_decl_inaddr_loopback=no)
+])
+
+if test ${ac_cv_decl_inaddr_loopback} = no; then
+  AC_CACHE_CHECK([for INADDR_LOOPBACK in rpc/types.h],
+                   ac_cv_decl_inaddr_loopback_rpc,
+                   AC_TRY_COMPILE([#include <rpc/types.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_rpc=yes,
+                                   ac_cv_decl_inaddr_loopback_rpc=no))
+
+   case "${ac_cv_decl_inaddr_loopback_rpc}" in
+     "yes" )
+        AC_DEFINE(DEF_INADDR_LOOPBACK_IN_RPC_TYPES_H,[],
+		[Define if you need to include rpc/types.h to get INADDR_LOOPBACK defined]) ;;
+      * )
+  	AC_CACHE_CHECK([for INADDR_LOOPBACK in winsock2.h],
+                   ac_cv_decl_inaddr_loopback_winsock2,
+                   AC_TRY_COMPILE([#define WIN32_LEAN_AND_MEAN
+				   #include <winsock2.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_winsock2=yes,
+                                   ac_cv_decl_inaddr_loopback_winsock2=no))
+	case "${ac_cv_decl_inaddr_loopback_winsock2}" in
+     		"yes" )
+			AC_DEFINE(DEF_INADDR_LOOPBACK_IN_WINSOCK2_H,[],
+				[Define if you need to include winsock2.h to get INADDR_LOOPBACK defined]) ;;
+		* )
+			# couldn't find it anywhere
+        		AC_DEFINE(HAVE_NO_INADDR_LOOPBACK,[],
+				[Define if you don't have a definition of INADDR_LOOPBACK]) ;;
+	esac;;
+   esac
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_SOCKADDR_SA_LEN
+dnl
+dnl Check if the sockaddr structure has the field sa_len
+dnl
+
+AC_DEFUN(LM_STRUCT_SOCKADDR_SA_LEN,
+[AC_CACHE_CHECK([whether struct sockaddr has sa_len field],
+                ac_cv_struct_sockaddr_sa_len,
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <sys/socket.h>], [struct sockaddr s; s.sa_len = 10;],
+  ac_cv_struct_sockaddr_sa_len=yes, ac_cv_struct_sockaddr_sa_len=no))
+
+dnl FIXME convbreak
+case ${ac_cv_struct_sockaddr_sa_len} in
+  "no" ) AC_DEFINE(NO_SA_LEN,[1],[Define if you dont have salen]) ;;
+  *) ;;
+esac
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_EXCEPTION
+dnl
+dnl Check to see whether the system supports the matherr function
+dnl and its associated type "struct exception".
+dnl
+
+AC_DEFUN(LM_STRUCT_EXCEPTION,
+[AC_CACHE_CHECK([for struct exception (and matherr function)],
+ ac_cv_struct_exception,
+AC_TRY_COMPILE([#include <math.h>],
+  [struct exception x; x.type = DOMAIN; x.type = SING;],
+  ac_cv_struct_exception=yes, ac_cv_struct_exception=no))
+
+case "${ac_cv_struct_exception}" in
+  "yes" ) AC_DEFINE(USE_MATHERR,[1],[Define if you have matherr() function and struct exception type]) ;;
+  *  ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_IPV6
+dnl
+dnl Check for ipv6 support and what the in6_addr structure is called.
+dnl (early linux used in_addr6 insted of in6_addr)
+dnl
+
+AC_DEFUN(LM_SYS_IPV6,
+[AC_MSG_CHECKING(for IP version 6 support)
+AC_CACHE_VAL(ac_cv_sys_ipv6_support,
+[ok_so_far=yes
+ AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+   [struct in6_addr a6; struct sockaddr_in6 s6;], ok_so_far=yes, ok_so_far=no)
+
+if test $ok_so_far = yes; then
+  ac_cv_sys_ipv6_support=yes
+else
+  AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+    [struct in_addr6 a6; struct sockaddr_in6 s6;],
+    ac_cv_sys_ipv6_support=in_addr6, ac_cv_sys_ipv6_support=no)
+fi
+])dnl
+
+dnl
+dnl Have to use old style AC_DEFINE due to BC with old autoconf.
+dnl
+
+case ${ac_cv_sys_ipv6_support} in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    ;;
+  in_addr6)
+    AC_MSG_RESULT([yes (but I am redefining in_addr6 to in6_addr)])
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    AC_DEFINE(HAVE_IN_ADDR6_STRUCT,[],[Early linux used in_addr6 instead of in6_addr, define if you have this])
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_MULTICAST
+dnl
+dnl Check for multicast support. Only checks for multicast options in
+dnl setsockopt(), no check is performed that multicasting actually works.
+dnl If options are found defines HAVE_MULTICAST_SUPPORT
+dnl
+
+AC_DEFUN(LM_SYS_MULTICAST,
+[AC_CACHE_CHECK([for multicast support], ac_cv_sys_multicast_support,
+[AC_EGREP_CPP(yes,
+[#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#if defined(IP_MULTICAST_TTL) && defined(IP_MULTICAST_LOOP) && defined(IP_MULTICAST_IF) && defined(IP_ADD_MEMBERSHIP) && defined(IP_DROP_MEMBERSHIP)
+yes
+#endif
+], ac_cv_sys_multicast_support=yes, ac_cv_sys_multicast_support=no)])
+if test $ac_cv_sys_multicast_support = yes; then
+  AC_DEFINE(HAVE_MULTICAST_SUPPORT,[1],
+	[Define if setsockopt() accepts multicast options])
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SYS_ERRLIST
+dnl
+dnl Define SYS_ERRLIST_DECLARED if the variable sys_errlist is declared
+dnl in a system header file, stdio.h or errno.h.
+dnl
+
+AC_DEFUN(LM_DECL_SYS_ERRLIST,
+[AC_CACHE_CHECK([for sys_errlist declaration in stdio.h or errno.h],
+  ac_cv_decl_sys_errlist,
+[AC_TRY_COMPILE([#include <stdio.h>
+#include <errno.h>], [char *msg = *(sys_errlist + 1);],
+  ac_cv_decl_sys_errlist=yes, ac_cv_decl_sys_errlist=no)])
+if test $ac_cv_decl_sys_errlist = yes; then
+  AC_DEFINE(SYS_ERRLIST_DECLARED,[],
+	[define if the variable sys_errlist is declared in a system header file])
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_FUNC_DECL( funname, declaration [, extra includes 
+dnl                     [, action-if-found [, action-if-not-found]]] )
+dnl
+dnl Checks if the declaration "declaration" of "funname" conflicts
+dnl with the header files idea of how the function should be
+dnl declared. It is useful on systems which lack prototypes and you
+dnl need to provide your own (e.g. when you want to take the address
+dnl of a function). The 4'th argument is expanded if conflicting, 
+dnl the 5'th argument otherwise
+dnl
+dnl
+
+AC_DEFUN(LM_CHECK_FUNC_DECL,
+[AC_MSG_CHECKING([for conflicting declaration of $1])
+AC_CACHE_VAL(ac_cv_func_decl_$1,
+[AC_TRY_COMPILE([#include <stdio.h>
+$3],[$2
+char *c = (char *)$1;
+], eval "ac_cv_func_decl_$1=no", eval "ac_cv_func_decl_$1=yes")])
+if eval "test \"`echo '$ac_cv_func_decl_'$1`\" = yes"; then
+  AC_MSG_RESULT(yes)
+  ifelse([$4], , :, [$4])
+else
+  AC_MSG_RESULT(no)
+ifelse([$5], , , [$5
+])dnl
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_THR_LIB
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl LM_CHECK_THR_LIB sets THR_LIBS, THR_DEFS, and THR_LIB_NAME. It also
+dnl checks for some pthread headers which will appear in DEFS or config.h.
+dnl
+
+AC_DEFUN(LM_CHECK_THR_LIB,
+[
+
+NEED_NPTL_PTHREAD_H=no
+
+dnl win32?
+AC_MSG_CHECKING([for native win32 threads])
+if test "X$host_os" = "Xwin32"; then
+    AC_MSG_RESULT(yes)
+    THR_DEFS="-DWIN32_THREADS"
+    THR_LIBS=
+    THR_LIB_NAME=win32_threads
+    THR_LIB_TYPE=win32_threads
+else
+    AC_MSG_RESULT(no)
+    THR_DEFS=
+    THR_LIBS=
+    THR_LIB_NAME=
+    THR_LIB_TYPE=posix_unknown
+
+dnl Try to find POSIX threads
+
+dnl The usual pthread lib...
+    AC_CHECK_LIB(pthread, pthread_create, THR_LIBS="-lpthread")
+
+dnl FreeBSD has pthreads in special c library, c_r...
+    if test "x$THR_LIBS" = "x"; then
+	AC_CHECK_LIB(c_r, pthread_create, THR_LIBS="-lc_r")
+    fi
+
+dnl On ofs1 the '-pthread' switch should be used
+    if test "x$THR_LIBS" = "x"; then
+	AC_MSG_CHECKING([if the '-pthread' switch can be used])
+	saved_cflags=$CFLAGS
+	CFLAGS="$CFLAGS -pthread"
+	AC_TRY_LINK([#include <pthread.h>],
+		    pthread_create((void*)0,(void*)0,(void*)0,(void*)0);,
+		    [THR_DEFS="-pthread"
+		     THR_LIBS="-pthread"])
+	CFLAGS=$saved_cflags
+	if test "x$THR_LIBS" != "x"; then
+	    AC_MSG_RESULT(yes)
+	else
+	    AC_MSG_RESULT(no)
+	fi
+    fi
+
+    if test "x$THR_LIBS" != "x"; then
+	THR_DEFS="$THR_DEFS -D_THREAD_SAFE -D_REENTRANT -DPOSIX_THREADS"
+	THR_LIB_NAME=pthread
+	case $host_os in
+	    solaris*)
+		THR_DEFS="$THR_DEFS -D_POSIX_PTHREAD_SEMANTICS" ;;
+	    linux*)
+		THR_DEFS="$THR_DEFS -D_POSIX_THREAD_SAFE_FUNCTIONS"
+
+		LM_CHECK_GETCONF
+		AC_MSG_CHECKING(for Native POSIX Thread Library)
+		libpthr_vsn=`$GETCONF GNU_LIBPTHREAD_VERSION 2>/dev/null`
+		if test $? -eq 0; then
+		    case "$libpthr_vsn" in
+			*nptl*|*NPTL*) nptl=yes;;
+			*) nptl=no;;
+		    esac
+		elif test "$cross_compiling" = "yes"; then
+		    case "$erl_xcomp_linux_nptl" in
+			"") nptl=cross;;
+			yes|no) nptl=$erl_xcomp_linux_nptl;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_nptl value: $erl_xcomp_linux_nptl]);;
+		    esac
+		else
+		    nptl=no
+		fi
+		AC_MSG_RESULT($nptl)
+		if test $nptl = cross; then
+		    nptl=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $nptl = yes; then
+		    THR_LIB_TYPE=posix_nptl
+		    need_nptl_incldir=no
+		    AC_CHECK_HEADER(nptl/pthread.h,
+				    [need_nptl_incldir=yes
+				     NEED_NPTL_PTHREAD_H=yes])
+		    if test $need_nptl_incldir = yes; then
+			# Ahh...
+			nptl_path="$C_INCLUDE_PATH:$CPATH"
+			if test X$cross_compiling != Xyes; then
+			    nptl_path="$nptl_path:/usr/local/include:/usr/include"
+			else
+			    IROOT="$erl_xcomp_isysroot"
+			    test "$IROOT" != "" || IROOT="$erl_xcomp_sysroot"
+			    test "$IROOT" != "" || AC_MSG_ERROR([Don't know where to search for includes! Please set erl_xcomp_isysroot])
+			    nptl_path="$nptl_path:$IROOT/usr/local/include:$IROOT/usr/include"
+			fi
+			nptl_ws_path=
+			save_ifs="$IFS"; IFS=":"
+			for dir in $nptl_path; do
+			    if test "x$dir" != "x"; then
+				nptl_ws_path="$nptl_ws_path $dir"
+			    fi
+			done
+			IFS=$save_ifs
+			nptl_incldir=
+			for dir in $nptl_ws_path; do
+		            AC_CHECK_HEADER($dir/nptl/pthread.h,
+					    nptl_incldir=$dir/nptl)
+			    if test "x$nptl_incldir" != "x"; then
+				THR_DEFS="$THR_DEFS -isystem $nptl_incldir"
+				break
+			    fi
+			done
+			if test "x$nptl_incldir" = "x"; then
+			    AC_MSG_ERROR(Failed to locate nptl system include directory)
+			fi
+		    fi
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need THR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags=$CPPFLAGS
+	CPPFLAGS="$CPPFLAGS $THR_DEFS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h,
+			AC_DEFINE(HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+    fi
+fi
+
+])
+
+AC_DEFUN(ERL_INTERNAL_LIBS,
+[
+
+ERTS_INTERNAL_X_LIBS=
+
+AC_CHECK_LIB(kstat, kstat_open,
+[AC_DEFINE(HAVE_KSTAT, 1, [Define if you have kstat])
+ERTS_INTERNAL_X_LIBS="$ERTS_INTERNAL_X_LIBS -lkstat"])
+
+AC_SUBST(ERTS_INTERNAL_X_LIBS)
+
+])
+
+AC_DEFUN(ETHR_CHK_SYNC_OP,
+[
+    AC_MSG_CHECKING([for $3-bit $1()])
+    case "$2" in
+	"1") sync_call="$1(&var);";;
+	"2") sync_call="$1(&var, ($4) 0);";;
+	"3") sync_call="$1(&var, ($4) 0, ($4) 0);";;
+    esac
+    have_sync_op=no
+    AC_TRY_LINK([],
+	[
+	    $4 res;
+	    volatile $4 var;
+	    res = $sync_call
+	],
+	[have_sync_op=yes])
+    test $have_sync_op = yes && $5
+    AC_MSG_RESULT([$have_sync_op])
+])
+
+AC_DEFUN(ETHR_CHK_INTERLOCKED,
+[
+    ilckd="$1"
+    AC_MSG_CHECKING([for ${ilckd}()])
+    case "$2" in
+	"1") ilckd_call="${ilckd}(var);";;
+	"2") ilckd_call="${ilckd}(var, ($3) 0);";;
+	"3") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0);";;
+	"4") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0, arr);";;
+    esac
+    have_interlocked_op=no
+    AC_TRY_LINK(
+	[
+	#define WIN32_LEAN_AND_MEAN
+	#include <windows.h>
+	#include <intrin.h>
+	],
+	[
+	    volatile $3 *var;
+	    volatile $3 arr[2];
+
+	    $ilckd_call
+	    return 0;
+	],
+	[have_interlocked_op=yes])
+    test $have_interlocked_op = yes && $4
+    AC_MSG_RESULT([$have_interlocked_op])
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_FIND_ETHR_LIB
+dnl
+dnl NOTE! This macro may be changed at any time! Should *only* be used by
+dnl       ERTS!
+dnl
+dnl Find a thread library to use. Sets ETHR_LIBS to libraries to link
+dnl with, ETHR_X_LIBS to extra libraries to link with (same as ETHR_LIBS
+dnl except that the ethread lib itself is not included), ETHR_DEFS to
+dnl defines to compile with, ETHR_THR_LIB_BASE to the name of the
+dnl thread library which the ethread library is based on, and ETHR_LIB_NAME
+dnl to the name of the library where the ethread implementation is located.
+dnl  ERL_FIND_ETHR_LIB currently searches for 'pthreads', and
+dnl 'win32_threads'. If no thread library was found ETHR_LIBS, ETHR_X_LIBS,
+dnl ETHR_DEFS, ETHR_THR_LIB_BASE, and ETHR_LIB_NAME are all set to the
+dnl empty string.
+dnl
+
+AC_DEFUN(ERL_FIND_ETHR_LIB,
+[
+
+LM_CHECK_THR_LIB
+ERL_INTERNAL_LIBS
+
+ethr_have_native_atomics=no
+ethr_have_native_spinlock=no
+ETHR_THR_LIB_BASE="$THR_LIB_NAME"
+ETHR_THR_LIB_BASE_TYPE="$THR_LIB_TYPE"
+ETHR_DEFS="$THR_DEFS"
+ETHR_X_LIBS="$THR_LIBS $ERTS_INTERNAL_X_LIBS"
+ETHR_LIBS=
+ETHR_LIB_NAME=
+
+ethr_modified_default_stack_size=
+
+dnl Name of lib where ethread implementation is located
+ethr_lib_name=ethread
+
+case "$THR_LIB_NAME" in
+
+    win32_threads)
+	ETHR_THR_LIB_BASE_DIR=win
+	# * _WIN32_WINNT >= 0x0400 is needed for
+	#   TryEnterCriticalSection
+	# * _WIN32_WINNT >= 0x0403 is needed for
+	#   InitializeCriticalSectionAndSpinCount
+	# The ethread lib will refuse to build if _WIN32_WINNT < 0x0403.
+	#
+	# -D_WIN32_WINNT should have been defined in $CPPFLAGS; fetch it
+	# and save it in ETHR_DEFS.
+	found_win32_winnt=no
+	for cppflag in $CPPFLAGS; do
+	    case $cppflag in
+		-DWINVER*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    ;;
+		-D_WIN32_WINNT*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    found_win32_winnt=yes
+		    ;;
+		*)
+		    ;;
+	    esac
+        done
+        if test $found_win32_winnt = no; then
+	    AC_MSG_ERROR([-D_WIN32_WINNT missing in CPPFLAGS])
+        fi
+
+	AC_DEFINE(ETHR_WIN32_THREADS, 1, [Define if you have win32 threads])
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT, 1, [Define if you have _InterlockedDecrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement_rel], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT_REL, 1, [Define if you have _InterlockedDecrement_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT, 1, [Define if you have _InterlockedIncrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement_acq], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT_ACQ, 1, [Define if you have _InterlockedIncrement_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD, 1, [Define if you have _InterlockedExchangeAdd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd_acq], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD_ACQ, 1, [Define if you have _InterlockedExchangeAdd_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND, 1, [Define if you have _InterlockedAnd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR, 1, [Define if you have _InterlockedOr()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE, 1, [Define if you have _InterlockedExchange()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE, 1, [Define if you have _InterlockedCompareExchange()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_acq], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_ACQ, 1, [Define if you have _InterlockedCompareExchange_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_rel], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_REL, 1, [Define if you have _InterlockedCompareExchange_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64, 1, [Define if you have _InterlockedDecrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64_rel], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64_REL, 1, [Define if you have _InterlockedDecrement64_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64, 1, [Define if you have _InterlockedIncrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64_acq], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64_ACQ, 1, [Define if you have _InterlockedIncrement64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64, 1, [Define if you have _InterlockedExchangeAdd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64_acq], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64_ACQ, 1, [Define if you have _InterlockedExchangeAdd64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND64, 1, [Define if you have _InterlockedAnd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR64, 1, [Define if you have _InterlockedOr64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE64, 1, [Define if you have _InterlockedExchange64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64, 1, [Define if you have _InterlockedCompareExchange64()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_acq], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_ACQ, 1, [Define if you have _InterlockedCompareExchange64_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_rel], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_REL, 1, [Define if you have _InterlockedCompareExchange64_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange128], [4], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE128, 1, [Define if you have _InterlockedCompareExchange128()]))
+
+	test "$ethr_have_native_atomics" = "yes" && ethr_have_native_spinlock=yes
+	;;
+
+    pthread)
+	ETHR_THR_LIB_BASE_DIR=pthread
+    	AC_DEFINE(ETHR_PTHREADS, 1, [Define if you have pthreads])
+	case $host_os in
+	    openbsd*)
+		# The default stack size is insufficient for our needs
+		# on OpenBSD. We increase it to 256 kilo words.
+		ethr_modified_default_stack_size=256;;
+	    linux*)
+		ETHR_DEFS="$ETHR_DEFS -D_GNU_SOURCE"
+
+		if test	X$cross_compiling = Xyes; then
+		    case X$erl_xcomp_linux_usable_sigusrx in
+			X) usable_sigusrx=cross;;
+			Xyes|Xno) usable_sigusrx=$erl_xcomp_linux_usable_sigusrx;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigusrx value: $erl_xcomp_linux_usable_sigusrx]);;
+		    esac
+		    case X$erl_xcomp_linux_usable_sigaltstack in
+			X) usable_sigaltstack=cross;;
+			Xyes|Xno) usable_sigaltstack=$erl_xcomp_linux_usable_sigaltstack;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigaltstack value: $erl_xcomp_linux_usable_sigaltstack]);;
+		    esac
+		else
+		    # FIXME: Test for actual problems instead of kernel versions
+		    linux_kernel_vsn_=`uname -r`
+		    case $linux_kernel_vsn_ in
+			[[0-1]].*|2.[[0-1]]|2.[[0-1]].*)
+			    usable_sigusrx=no
+			    usable_sigaltstack=no;;
+			2.[[2-3]]|2.[[2-3]].*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=no;;
+		    	*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=yes;;
+		    esac
+		fi
+
+		AC_MSG_CHECKING(if SIGUSR1 and SIGUSR2 can be used)
+		AC_MSG_RESULT($usable_sigusrx)
+		if test $usable_sigusrx = cross; then
+		    usable_sigusrx=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigusrx = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGUSRX"
+		fi
+
+		AC_MSG_CHECKING(if sigaltstack can be used)
+		AC_MSG_RESULT($usable_sigaltstack)
+		if test $usable_sigaltstack = cross; then
+		    usable_sigaltstack=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigaltstack = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGALTSTACK"
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need ETHR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags="$CPPFLAGS"
+	CPPFLAGS="$CPPFLAGS $ETHR_DEFS"
+
+	dnl We need the thread library in order to find some functions
+	saved_libs="$LIBS"
+	LIBS="$LIBS $ETHR_X_LIBS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(ETHR_HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	if test $NEED_NPTL_PTHREAD_H = yes; then
+	    AC_DEFINE(ETHR_NEED_NPTL_PTHREAD_H, 1, \
+[Define if you need the <nptl/pthread.h> header file.])
+	fi
+
+	AC_CHECK_HEADER(sched.h, \
+			AC_DEFINE(ETHR_HAVE_SCHED_H, 1, \
+[Define if you have the <sched.h> header file.]))
+
+	AC_CHECK_HEADER(sys/time.h, \
+			AC_DEFINE(ETHR_HAVE_SYS_TIME_H, 1, \
+[Define if you have the <sys/time.h> header file.]))
+
+	AC_TRY_COMPILE([#include <time.h>
+			#include <sys/time.h>], 
+			[struct timeval *tv; return 0;],
+			AC_DEFINE(ETHR_TIME_WITH_SYS_TIME, 1, \
+[Define if you can safely include both <sys/time.h> and <time.h>.]))
+
+
+	dnl
+	dnl Check for functions
+	dnl
+
+	AC_CHECK_FUNC(pthread_spin_lock, \
+			[ethr_have_native_spinlock=yes \
+			 AC_DEFINE(ETHR_HAVE_PTHREAD_SPIN_LOCK, 1, \
+[Define if you have the pthread_spin_lock function.])])
+
+	have_sched_yield=no
+	have_librt_sched_yield=no
+	AC_CHECK_FUNC(sched_yield, [have_sched_yield=yes])
+	if test $have_sched_yield = no; then
+	    AC_CHECK_LIB(rt, sched_yield,
+			 [have_librt_sched_yield=yes
+			  ETHR_X_LIBS="$ETHR_X_LIBS -lrt"])
+	fi
+	if test $have_sched_yield = yes || test $have_librt_sched_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_SCHED_YIELD, 1, [Define if you have the sched_yield() function.])
+	    AC_MSG_CHECKING([whether sched_yield() returns an int])
+	    sched_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#ifdef ETHR_HAVE_SCHED_H
+				#include <sched.h>
+				#endif
+			   ],
+			   [int sched_yield();],
+			   [sched_yield_ret_int=yes])
+	    AC_MSG_RESULT([$sched_yield_ret_int])
+	    if test $sched_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_SCHED_YIELD_RET_INT, 1, [Define if sched_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_yield=no
+	AC_CHECK_FUNC(pthread_yield, [have_pthread_yield=yes])
+	if test $have_pthread_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_PTHREAD_YIELD, 1, [Define if you have the pthread_yield() function.])
+	    AC_MSG_CHECKING([whether pthread_yield() returns an int])
+	    pthread_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			   ],
+			   [int pthread_yield();],
+			   [pthread_yield_ret_int=yes])
+	    AC_MSG_RESULT([$pthread_yield_ret_int])
+	    if test $pthread_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_PTHREAD_YIELD_RET_INT, 1, [Define if pthread_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_rwlock_init=no
+	AC_CHECK_FUNC(pthread_rwlock_init, [have_pthread_rwlock_init=yes])
+	if test $have_pthread_rwlock_init = yes; then
+
+	    ethr_have_pthread_rwlockattr_setkind_np=no
+	    AC_CHECK_FUNC(pthread_rwlockattr_setkind_np,
+			  [ethr_have_pthread_rwlockattr_setkind_np=yes])
+
+	    if test $ethr_have_pthread_rwlockattr_setkind_np = yes; then
+		AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCKATTR_SETKIND_NP, 1, \
+[Define if you have the pthread_rwlockattr_setkind_np() function.])
+
+		AC_MSG_CHECKING([for PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP])
+		ethr_pthread_rwlock_writer_nonrecursive_initializer_np=no
+		AC_TRY_LINK([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			    ],
+			    [
+				pthread_rwlockattr_t *attr;
+				return pthread_rwlockattr_setkind_np(attr,
+				    PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP);
+			    ],
+			    [ethr_pthread_rwlock_writer_nonrecursive_initializer_np=yes])
+		AC_MSG_RESULT([$ethr_pthread_rwlock_writer_nonrecursive_initializer_np])
+		if test $ethr_pthread_rwlock_writer_nonrecursive_initializer_np = yes; then
+		    AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP, 1, \
+[Define if you have the PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP rwlock attribute.])
+		fi
+	    fi
+	fi
+
+	if test "$force_pthread_rwlocks" = "yes"; then
+
+	    AC_DEFINE(ETHR_FORCE_PTHREAD_RWLOCK, 1, \
+[Define if you want to force usage of pthread rwlocks])
+
+	    if test $have_pthread_rwlock_init = yes; then
+		AC_MSG_WARN([Forced usage of pthread rwlocks. Note that this implementation may suffer from starvation issues.])
+	    else
+		AC_MSG_ERROR([User forced usage of pthread rwlock, but no such implementation was found])
+	    fi
+	fi
+
+	AC_CHECK_FUNC(pthread_attr_setguardsize, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_ATTR_SETGUARDSIZE, 1, \
+[Define if you have the pthread_attr_setguardsize function.]))
+
+	linux_futex=no
+	AC_MSG_CHECKING([for Linux futexes])
+	AC_TRY_LINK([
+			#include <sys/syscall.h>
+			#include <unistd.h>
+			#include <linux/futex.h>
+			#include <sys/time.h>
+		    ],
+		    [
+			int i = 1;
+			syscall(__NR_futex, (void *) &i, FUTEX_WAKE, 1,
+				(void*)0,(void*)0, 0);
+			syscall(__NR_futex, (void *) &i, FUTEX_WAIT, 0,
+				(void*)0,(void*)0, 0);
+			return 0;
+		    ],
+		    linux_futex=yes)
+	AC_MSG_RESULT([$linux_futex])
+	test $linux_futex = yes && AC_DEFINE(ETHR_HAVE_LINUX_FUTEX, 1, [Define if you have a linux futex implementation.])
+
+	AC_CHECK_SIZEOF(int)
+	AC_CHECK_SIZEOF(long)
+	AC_CHECK_SIZEOF(long long)
+	AC_CHECK_SIZEOF(__int128_t)
+
+	if test "$ac_cv_sizeof_int" = "4"; then
+	    int32="int"
+	elif test "$ac_cv_sizeof_long" = "4"; then
+	    int32="long"
+	elif test "$ac_cv_sizeof_long_long" = "4"; then
+	    int32="long long"
+	else
+	    AC_MSG_ERROR([No 32-bit type found])
+	fi
+
+	if test "$ac_cv_sizeof_int" = "8"; then
+	    int64="int"
+	elif test "$ac_cv_sizeof_long" = "8"; then
+	    int64="long"
+	elif test "$ac_cv_sizeof_long_long" = "8"; then
+	    int64="long long"
+	else
+	    AC_MSG_ERROR([No 64-bit type found])
+	fi
+
+	int128=no
+	if test "$ac_cv_sizeof___int128_t" = "16"; then
+	    int128="__int128_t"
+	fi
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP32, 1, [Define if you have __sync_val_compare_and_swap() for 32-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH32, 1, [Define if you have __sync_add_and_fetch() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND32, 1, [Define if you have __sync_fetch_and_and() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR32, 1, [Define if you have __sync_fetch_and_or() for 32-bit integers]))
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP64, 1, [Define if you have __sync_val_compare_and_swap() for 64-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH64, 1, [Define if you have __sync_add_and_fetch() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND64, 1, [Define if you have __sync_fetch_and_and() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR64, 1, [Define if you have __sync_fetch_and_or() for 64-bit integers]))
+
+	if test $int128 != no; then
+	    ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [128], [$int128], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP128, 1, [Define if you have __sync_val_compare_and_swap() for 128-bit integers]))
+	fi
+
+	AC_MSG_CHECKING([for a usable libatomic_ops implementation])
+	case "x$with_libatomic_ops" in
+	    xno | xyes | x)
+		libatomic_ops_include=
+		;;
+	    *)
+		if test -d "${with_libatomic_ops}/include"; then
+		    libatomic_ops_include="-I$with_libatomic_ops/include"
+		    CPPFLAGS="$CPPFLAGS $libatomic_ops_include"
+		else
+		    AC_MSG_ERROR([libatomic_ops include directory $with_libatomic_ops/include not found])
+		fi;;
+	esac
+	ethr_have_libatomic_ops=no
+	AC_TRY_LINK([#include "atomic_ops.h"],
+		    [
+			volatile AO_t x;
+			AO_t y;
+			int z;
+
+			AO_nop_full();
+			AO_store(&x, (AO_t) 0);
+			z = AO_load(&x);
+			z = AO_compare_and_swap_full(&x, (AO_t) 0, (AO_t) 1);
+		    ],
+		    [ethr_have_native_atomics=yes
+		     ethr_have_libatomic_ops=yes])
+	AC_MSG_RESULT([$ethr_have_libatomic_ops])
+	if test $ethr_have_libatomic_ops = yes; then
+	    AC_CHECK_SIZEOF(AO_t, ,
+			    [
+				#include <stdio.h>
+				#include "atomic_ops.h"
+			    ])
+	    AC_DEFINE_UNQUOTED(ETHR_SIZEOF_AO_T, $ac_cv_sizeof_AO_t, [Define to the size of AO_t if libatomic_ops is used])
+
+	    AC_DEFINE(ETHR_HAVE_LIBATOMIC_OPS, 1, [Define if you have libatomic_ops atomic operations])
+	    if test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+		AC_DEFINE(ETHR_PREFER_LIBATOMIC_OPS_NATIVE_IMPLS, 1, [Define if you prefer libatomic_ops native ethread implementations])
+	    fi
+	    ETHR_DEFS="$ETHR_DEFS $libatomic_ops_include"
+	elif test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+	    AC_MSG_ERROR([No usable libatomic_ops implementation found])
+	fi
+
+	case "$host_cpu" in
+	  sparc | sun4u | sparc64 | sun4v)
+		case "$with_sparc_memory_order" in
+		    "TSO")
+			AC_DEFINE(ETHR_SPARC_TSO, 1, [Define if only run in Sparc TSO mode]);;
+		    "PSO")
+			AC_DEFINE(ETHR_SPARC_PSO, 1, [Define if only run in Sparc PSO, or TSO mode]);;
+		    "RMO"|"")
+			AC_DEFINE(ETHR_SPARC_RMO, 1, [Define if run in Sparc RMO, PSO, or TSO mode]);;
+		    *)
+			AC_MSG_ERROR([Unsupported Sparc memory order: $with_sparc_memory_order]);;
+		esac
+		ethr_have_native_atomics=yes;; 
+	  i86pc | i*86 | x86_64 | amd64)
+		if test "$enable_x86_out_of_order" = "yes"; then
+			AC_DEFINE(ETHR_X86_OUT_OF_ORDER, 1, [Define if x86/x86_64 out of order instructions should be synchronized])
+		fi
+		ethr_have_native_atomics=yes;;
+	  macppc | ppc | "Power Macintosh")
+		ethr_have_native_atomics=yes;;
+	  tile)
+		ethr_have_native_atomics=yes;;
+	  *)
+		;;
+	esac
+
+	test ethr_have_native_atomics = "yes" && ethr_have_native_spinlock=yes
+
+	dnl Restore LIBS
+	LIBS=$saved_libs
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+	;;
+    *)
+	;;
+esac
+
+AC_MSG_CHECKING([whether default stack size should be modified])
+if test "x$ethr_modified_default_stack_size" != "x"; then
+	AC_DEFINE_UNQUOTED(ETHR_MODIFIED_DEFAULT_STACK_SIZE, $ethr_modified_default_stack_size, [Define if you want to modify the default stack size])
+	AC_MSG_RESULT([yes; to $ethr_modified_default_stack_size kilo words])
+else
+	AC_MSG_RESULT([no])
+fi
+
+if test "x$ETHR_THR_LIB_BASE" != "x"; then
+	ETHR_DEFS="-DUSE_THREADS $ETHR_DEFS"
+	ETHR_LIBS="-l$ethr_lib_name -lerts_internal_r $ETHR_X_LIBS"
+	ETHR_LIB_NAME=$ethr_lib_name
+fi
+
+AC_CHECK_SIZEOF(void *)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_PTR, $ac_cv_sizeof_void_p, [Define to the size of pointers])
+
+AC_CHECK_SIZEOF(int)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_INT, $ac_cv_sizeof_int, [Define to the size of int])
+AC_CHECK_SIZEOF(long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG, $ac_cv_sizeof_long, [Define to the size of long])
+AC_CHECK_SIZEOF(long long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG_LONG, $ac_cv_sizeof_long_long, [Define to the size of long long])
+AC_CHECK_SIZEOF(__int64)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT64, $ac_cv_sizeof___int64, [Define to the size of __int64])
+AC_CHECK_SIZEOF(__int128_t)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT128_T, $ac_cv_sizeof___int128_t, [Define to the size of __int128_t])
+
+
+case X$erl_xcomp_bigendian in
+    X) ;;
+    Xyes|Xno) ac_cv_c_bigendian=$erl_xcomp_bigendian;;
+    *) AC_MSG_ERROR([Bad erl_xcomp_bigendian value: $erl_xcomp_bigendian]);;
+esac
+
+AC_C_BIGENDIAN
+
+if test "$ac_cv_c_bigendian" = "yes"; then
+    AC_DEFINE(ETHR_BIGENDIAN, 1, [Define if bigendian])
+fi
+
+AC_ARG_ENABLE(native-ethr-impls,
+	      AS_HELP_STRING([--disable-native-ethr-impls],
+                             [disable native ethread implementations]),
+[ case "$enableval" in
+    no) disable_native_ethr_impls=yes ;;
+    *)  disable_native_ethr_impls=no ;;
+  esac ], disable_native_ethr_impls=no)
+
+AC_ARG_ENABLE(x86-out-of-order,
+	      AS_HELP_STRING([--enable-x86-out-of-order],
+                             [enable x86/x84_64 out of order support (default disabled)]))
+
+test "X$disable_native_ethr_impls" = "Xyes" &&
+  AC_DEFINE(ETHR_DISABLE_NATIVE_IMPLS, 1, [Define if you want to disable native ethread implementations])
+
+AC_ARG_ENABLE(prefer-gcc-native-ethr-impls,
+	      AS_HELP_STRING([--enable-prefer-gcc-native-ethr-impls],
+			     [prefer gcc native ethread implementations]),
+[ case "$enableval" in
+    yes) enable_prefer_gcc_native_ethr_impls=yes ;;
+    *)  enable_prefer_gcc_native_ethr_impls=no ;;
+  esac ], enable_prefer_gcc_native_ethr_impls=no)
+
+test $enable_prefer_gcc_native_ethr_impls = yes &&
+  AC_DEFINE(ETHR_PREFER_GCC_NATIVE_IMPLS, 1, [Define if you prefer gcc native ethread implementations])
+
+AC_ARG_WITH(libatomic_ops,
+	    AS_HELP_STRING([--with-libatomic_ops=PATH],
+			   [specify and prefer usage of libatomic_ops in the ethread library]))
+
+AC_ARG_WITH(with_sparc_memory_order,
+	    AS_HELP_STRING([--with-sparc-memory-order=TSO|PSO|RMO],
+			   [specify sparc memory order (defaults to RMO)]))
+
+ETHR_X86_SSE2_ASM=no
+case "$GCC-$ac_cv_sizeof_void_p-$host_cpu" in
+  yes-4-i86pc | yes-4-i*86 | yes-4-x86_64 | yes-4-amd64)
+    AC_MSG_CHECKING([for gcc sse2 asm support])
+    save_CFLAGS="$CFLAGS"
+    CFLAGS="$CFLAGS -msse2"
+    gcc_sse2_asm=no
+    AC_TRY_COMPILE([],
+	[
+		long long x, *y;
+		__asm__ __volatile__("movq %1, %0\n\t" : "=x"(x) : "m"(*y) : "memory");
+	],
+	[gcc_sse2_asm=yes])
+    CFLAGS="$save_CFLAGS"
+    AC_MSG_RESULT([$gcc_sse2_asm])
+    if test "$gcc_sse2_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_SSE2_ASM_SUPPORT, 1, [Define if you use a gcc that supports -msse2 and understand sse2 specific asm statements])
+      ETHR_X86_SSE2_ASM=yes
+    fi
+    ;;
+  *)
+    ;;
+esac
+
+case "$GCC-$host_cpu" in
+  yes-i86pc | yes-i*86 | yes-x86_64 | yes-amd64)
+    gcc_dw_cmpxchg_asm=no
+    AC_MSG_CHECKING([for gcc double word cmpxchg asm support])    
+    AC_TRY_COMPILE([],
+	[
+    char xchgd;
+    long new[2], xchg[2], *p;		  
+    __asm__ __volatile__(
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"pushl %%ebx\n\t"
+	"movl %8, %%ebx\n\t"
+#endif
+#if ETHR_SIZEOF_PTR == 4
+	"lock; cmpxchg8b %0\n\t"
+#else
+	"lock; cmpxchg16b %0\n\t"
+#endif
+	"setz %3\n\t"
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"popl %%ebx\n\t"
+#endif
+	: "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	: "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new[1]),
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	  "r"(new[0])
+#else
+	  "b"(new[0])
+#endif
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+    if test $gcc_dw_cmpxchg_asm = no && test $ac_cv_sizeof_void_p = 4; then
+      AC_TRY_COMPILE([],
+	  [
+      char xchgd;
+      long new[2], xchg[2], *p;
+#if !defined(__PIC__) || !__PIC__
+#  error nope
+#endif
+      __asm__ __volatile__(
+    	  "pushl %%ebx\n\t"
+	  "movl (%7), %%ebx\n\t"
+	  "movl 4(%7), %%ecx\n\t"
+	  "lock; cmpxchg8b %0\n\t"
+  	  "setz %3\n\t"
+	  "popl %%ebx\n\t"
+	  : "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	  : "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new)
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+      if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+        AC_DEFINE(ETHR_CMPXCHG8B_REGISTER_SHORTAGE, 1, [Define if you get a register shortage with cmpxchg8b and position independent code])
+      fi
+    fi
+    AC_MSG_RESULT([$gcc_dw_cmpxchg_asm])
+    if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_DW_CMPXCHG_ASM_SUPPORT, 1, [Define if you use a gcc that supports the double word cmpxchg instruction])
+    fi;;
+  *)
+    ;;
+esac
+
+AC_DEFINE(ETHR_HAVE_ETHREAD_DEFINES, 1, \
+[Define if you have all ethread defines])
+
+AC_SUBST(ETHR_X_LIBS)
+AC_SUBST(ETHR_LIBS)
+AC_SUBST(ETHR_LIB_NAME)
+AC_SUBST(ETHR_DEFS)
+AC_SUBST(ETHR_THR_LIB_BASE)
+AC_SUBST(ETHR_THR_LIB_BASE_DIR)
+AC_SUBST(ETHR_X86_SSE2_ASM)
+
+])
+
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_TIME_CORRECTION
+dnl
+dnl In the presence of a high resolution realtime timer Erlang can adapt
+dnl its view of time relative to this timer. On solaris such a timer is
+dnl available with the syscall gethrtime(). On other OS's a fallback
+dnl solution using times() is implemented. (However on e.g. FreeBSD times()
+dnl is implemented using gettimeofday so it doesn't make much sense to
+dnl use it there...) On second thought, it seems to be safer to do it the
+dnl other way around. I.e. only use times() on OS's where we know it will
+dnl work...
+dnl
+
+AC_DEFUN(ERL_TIME_CORRECTION,
+[if test x$ac_cv_func_gethrtime = x; then
+  AC_CHECK_FUNC(gethrtime)
+fi
+if test x$clock_gettime_correction = xunknown; then
+	AC_TRY_COMPILE([#include <time.h>],
+			[struct timespec ts;
+     			 long long result;
+			 clock_gettime(CLOCK_MONOTONIC,&ts);
+                         result = ((long long) ts.tv_sec) * 1000000000LL + 
+			 ((long long) ts.tv_nsec);],
+			clock_gettime_compiles=yes,
+			clock_gettime_compiles=no)
+else
+	clock_gettime_compiles=no
+fi
+			
+
+AC_CACHE_CHECK([how to correct for time adjustments], erl_cv_time_correction,
+[
+case $clock_gettime_correction in
+    yes)
+	erl_cv_time_correction=clock_gettime;;	
+    no|unknown)
+	case $ac_cv_func_gethrtime in
+  	    yes)
+    		erl_cv_time_correction=hrtime ;;
+  	    no)
+    		case $host_os in
+        	    linux*)
+			case $clock_gettime_correction in
+			    unknown)
+				if test x$clock_gettime_compiles = xyes; then
+				    if test X$cross_compiling != Xyes; then
+				    	linux_kernel_vsn_=`uname -r`
+				    	case $linux_kernel_vsn_ in
+					    [[0-1]].*|2.[[0-5]]|2.[[0-5]].*)
+					    	erl_cv_time_correction=times ;;
+					    *)
+					    	erl_cv_time_correction=clock_gettime;;
+				    	esac
+				    else
+					case X$erl_xcomp_linux_clock_gettime_correction in
+					    X)
+						erl_cv_time_correction=cross;;
+					    Xyes|Xno)
+						if test $erl_xcomp_linux_clock_gettime_correction = yes; then
+						    erl_cv_time_correction=clock_gettime
+						else
+					    	    erl_cv_time_correction=times
+						fi;;
+					    *)
+						AC_MSG_ERROR([Bad erl_xcomp_linux_clock_gettime_correction value: $erl_xcomp_linux_clock_gettime_correction]);;
+					esac
+				    fi
+				else
+				    erl_cv_time_correction=times
+				fi
+				;;
+			     *)				
+        			erl_cv_time_correction=times ;;
+			esac
+			;;
+            	    *)
+        		erl_cv_time_correction=none ;;
+    		esac
+    		;;
+	esac
+	;;
+esac
+])
+
+xrtlib=""
+case $erl_cv_time_correction in
+  times)
+    AC_DEFINE(CORRECT_USING_TIMES,[],
+	[Define if you do not have a high-res. timer & want to use times() instead])
+    ;;
+  clock_gettime|cross)
+    if test $erl_cv_time_correction = cross; then
+	erl_cv_time_correction=clock_gettime
+	AC_MSG_WARN([result clock_gettime guessed because of cross compilation])
+    fi
+    xrtlib="-lrt"
+    AC_DEFINE(GETHRTIME_WITH_CLOCK_GETTIME,[1],
+	[Define if you want to use clock_gettime to simulate gethrtime])
+    ;;
+esac
+dnl
+dnl Check if gethrvtime is working, and if to use procfs ioctl
+dnl or (yet to be written) write to the procfs ctl file.
+dnl
+
+AC_MSG_CHECKING([if gethrvtime works and how to use it])
+AC_TRY_RUN([
+/* gethrvtime procfs ioctl test */
+/* These need to be undef:ed to not break activation of
+ * micro level process accounting on /proc/self 
+ */
+#ifdef _LARGEFILE_SOURCE
+#  undef _LARGEFILE_SOURCE
+#endif
+#ifdef _FILE_OFFSET_BITS
+#  undef _FILE_OFFSET_BITS
+#endif
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/signal.h>
+#include <sys/fault.h>
+#include <sys/syscall.h>
+#include <sys/procfs.h>
+#include <fcntl.h>
+
+int main() {
+    long msacct = PR_MSACCT;
+    int fd;
+    long long start, stop;
+    int i;
+    pid_t pid = getpid();
+    char proc_self[30] = "/proc/";
+
+    sprintf(proc_self+strlen(proc_self), "%lu", (unsigned long) pid);
+    if ( (fd = open(proc_self, O_WRONLY)) == -1)
+	exit(1);
+    if (ioctl(fd, PIOCSET, &msacct) < 0)
+	exit(2);
+    if (close(fd) < 0)
+	exit(3);
+    start = gethrvtime();
+    for (i = 0; i < 100; i++)
+	stop = gethrvtime();
+    if (start == 0)
+	exit(4);
+    if (start == stop)
+	exit(5);
+    exit(0); return 0;
+}
+],
+erl_gethrvtime=procfs_ioctl,
+erl_gethrvtime=false,
+[
+case X$erl_xcomp_gethrvtime_procfs_ioctl in
+    X)
+	erl_gethrvtime=cross;;
+    Xyes|Xno)
+	if test $erl_xcomp_gethrvtime_procfs_ioctl = yes; then
+	    erl_gethrvtime=procfs_ioctl
+	else
+	    erl_gethrvtime=false
+	fi;;
+    *)
+	AC_MSG_ERROR([Bad erl_xcomp_gethrvtime_procfs_ioctl value: $erl_xcomp_gethrvtime_procfs_ioctl]);;
+esac
+])
+
+case $erl_gethrvtime in
+  procfs_ioctl)
+	AC_DEFINE(HAVE_GETHRVTIME_PROCFS_IOCTL,[1],
+		[define if gethrvtime() works and uses ioctl() to /proc/self])
+	AC_MSG_RESULT(uses ioctl to procfs)
+	;;
+  *)
+	if test $erl_gethrvtime = cross; then
+	    erl_gethrvtime=false
+	    AC_MSG_RESULT(cross)
+	    AC_MSG_WARN([result 'not working' guessed because of cross compilation])
+	else
+	    AC_MSG_RESULT(not working)
+	fi
+
+	dnl
+	dnl Check if clock_gettime (linux) is working
+	dnl
+
+	AC_MSG_CHECKING([if clock_gettime can be used to get process CPU time])
+	save_libs=$LIBS
+	LIBS="-lrt"
+	AC_TRY_RUN([
+	#include <stdlib.h>
+	#include <unistd.h>
+	#include <string.h>
+	#include <stdio.h>
+	#include <time.h>
+	int main() {
+	    long long start, stop;
+	    int i;
+	    struct timespec tp;
+
+	    if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp) < 0)
+	      exit(1);
+	    start = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    for (i = 0; i < 100; i++)
+	      clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp);
+	    stop = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    if (start == 0)
+	      exit(4);
+	    if (start == stop)
+	      exit(5);
+	    exit(0); return 0;
+	  }
+	],
+	erl_clock_gettime=yes,
+	erl_clock_gettime=no,
+	[
+	case X$erl_xcomp_clock_gettime_cpu_time in
+	    X) erl_clock_gettime=cross;;
+	    Xyes|Xno) erl_clock_gettime=$erl_xcomp_clock_gettime_cpu_time;;
+	    *) AC_MSG_ERROR([Bad erl_xcomp_clock_gettime_cpu_time value: $erl_xcomp_clock_gettime_cpu_time]);;
+	esac
+	])
+	LIBS=$save_libs
+	case $host_os in
+		linux*)
+			AC_MSG_RESULT([no; not stable])
+			LIBRT=$xrtlib
+			;;
+		*)
+			AC_MSG_RESULT($erl_clock_gettime)
+			case $erl_clock_gettime in
+	  			yes)
+					AC_DEFINE(HAVE_CLOCK_GETTIME,[],
+						  [define if clock_gettime() works for getting process time])
+					LIBRT=-lrt
+					;;
+	  			cross)
+					erl_clock_gettime=no
+					AC_MSG_WARN([result no guessed because of cross compilation])
+					LIBRT=$xrtlib
+					;;
+	  			*)
+					LIBRT=$xrtlib
+					;;
+			esac
+			;;
+	esac
+	AC_SUBST(LIBRT)
+	;;
+esac
+])dnl
+
+dnl ERL_TRY_LINK_JAVA(CLASSES, FUNCTION-BODY
+dnl                   [ACTION_IF_FOUND [, ACTION-IF-NOT-FOUND]])
+dnl Freely inspired by AC_TRY_LINK. (Maybe better to create a 
+dnl AC_LANG_JAVA instead...)
+AC_DEFUN(ERL_TRY_LINK_JAVA,
+[java_link='$JAVAC conftest.java 1>&AC_FD_CC'
+changequote(, )dnl
+cat > conftest.java <<EOF
+$1
+class conftest { public static void main(String[] args) {
+   $2
+   ; return; }}
+EOF
+changequote([, ])dnl
+if AC_TRY_EVAL(java_link) && test -s conftest.class; then
+   ifelse([$3], , :, [rm -rf conftest*
+   $3])
+else
+   echo "configure: failed program was:" 1>&AC_FD_CC
+   cat conftest.java 1>&AC_FD_CC
+   echo "configure: PATH was $PATH" 1>&AC_FD_CC
+ifelse([$4], , , [  rm -rf conftest*
+  $4
+])dnl
+fi
+rm -f conftest*])
+#define UNSAFE_MASK  0xc0000000 /* Mask for bits that must be constant */
+
+
diff --git a/lib/odbc/c_src/Makefile.in b/lib/odbc/c_src/Makefile.in
index dda896bcd2..3a96a53ef8 100644
--- a/lib/odbc/c_src/Makefile.in
+++ b/lib/odbc/c_src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1999-2010. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/odbc/configure.in b/lib/odbc/configure.in
index 2369e16813..bec65c71bf 100644
--- a/lib/odbc/configure.in
+++ b/lib/odbc/configure.in
@@ -1,7 +1,7 @@
 dnl
 dnl %CopyrightBegin%
 dnl
-dnl Copyright Ericsson AB 2005-2010. All Rights Reserved.
+dnl Copyright Ericsson AB 2005-2011. All Rights Reserved.
 dnl
 dnl The contents of this file are subject to the Erlang Public License,
 dnl Version 1.1, (the "License"); you may not use this file except in
@@ -63,25 +63,11 @@ AC_PROG_CC
 dnl ---------------------------------------------------------------------
 dnl Special windows stuff regarding CFLAGS and details in the environment...
 dnl ---------------------------------------------------------------------
-AC_MSG_CHECKING(for mixed cygwin and native VC++ environment)
-if test "X$CC" = "Xcc.sh" -a "X$host" = "Xwin32"; then
-	if test -x /usr/bin/cygpath; then
-		CFLAGS="-O2"
-		AC_MSG_RESULT([yes])
-		MIXED_CYGWIN_VC=yes
-	else
-		AC_MSG_RESULT([undeterminable])
-		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
-	fi
-else
-	AC_MSG_RESULT([no])
-	MIXED_CYGWIN_VC=no
-fi
-AC_SUBST(MIXED_CYGWIN_VC)
-
+LM_WINDOWS_ENVIRONMENT
+	
 AC_PROG_MAKE_SET
 
-AC_CHECK_PROG(LD, ld.sh)
+AC_CHECK_PROGS(LD, ld.sh)
 AC_CHECK_TOOL(LD, ld, '$(CC)')
 
 AC_SUBST(LD)
diff --git a/lib/odbc/doc/src/Makefile b/lib/odbc/doc/src/Makefile
index 3e648d854d..0d456085f3 100644
--- a/lib/odbc/doc/src/Makefile
+++ b/lib/odbc/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1999-2010. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/odbc/doc/src/notes.xml b/lib/odbc/doc/src/notes.xml
index 9c6ca8a017..08763163b8 100644
--- a/lib/odbc/doc/src/notes.xml
+++ b/lib/odbc/doc/src/notes.xml
@@ -31,7 +31,43 @@
   <p>This document describes the changes made to the odbc application.
   </p>
 
-  <section><title>ODBC 2.10.11</title>
+  <section><title>ODBC 2.10.12</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    An ODBC process should exit normally if its client exits
+	    with 'shutdown'</p>
+          <p>
+	    There is nothing strange about the client shutting down,
+	    so the ODBC process should exit normally to avoid
+	    generating a crash report for a non-problem. (Thanks to
+	    Magnus Henoch)</p>
+          <p>
+	    Own Id: OTP-9716</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>ODBC 2.10.11</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/odbc/vsn.mk b/lib/odbc/vsn.mk
index 120ed9ee3d..fb6e208a52 100644
--- a/lib/odbc/vsn.mk
+++ b/lib/odbc/vsn.mk
@@ -1 +1 @@
-ODBC_VSN = 2.10.11
+ODBC_VSN = 2.10.12
diff --git a/lib/orber/COSS/CosNaming/Makefile b/lib/orber/COSS/CosNaming/Makefile
index d4b2079036..064447f148 100644
--- a/lib/orber/COSS/CosNaming/Makefile
+++ b/lib/orber/COSS/CosNaming/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/orber/doc/src/Makefile b/lib/orber/doc/src/Makefile
index 8a555cb408..68fbe3dce0 100644
--- a/lib/orber/doc/src/Makefile
+++ b/lib/orber/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1997-2010. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/orber/doc/src/ch_install.xml b/lib/orber/doc/src/ch_install.xml
index dde4bf4006..de9c0e3a9d 100644
--- a/lib/orber/doc/src/ch_install.xml
+++ b/lib/orber/doc/src/ch_install.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE chapter SYSTEM "chapter.dtd">
 
 <chapter>
   <header>
     <copyright>
-      <year>1997</year><year>2010</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -394,84 +394,16 @@ nodeB@hostB> orber:start().
         <cell align="left" valign="middle">The same as <c>iiop_ssl_port</c></cell>
       </row>
       <row>
-        <cell align="left" valign="middle">ssl_server_cacertfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_certfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_verify</cell>
-        <cell align="left" valign="middle">0 | 1 | 2</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_depth</cell>
-        <cell align="left" valign="middle">integer()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_password</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_keyfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_ciphers</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
+        <cell align="left" valign="middle">ssl_server_options</cell>
+        <cell align="left" valign="middle">list()</cell>
+        <cell align="left" valign="middle">See the <seealso marker="ssl:ssl">SSL</seealso> application 
+	for valid options.</cell>
       </row>
       <row>
-        <cell align="left" valign="middle">ssl_server_cachetimeout</cell>
-        <cell align="left" valign="middle">integer() | infinity</cell>
-        <cell align="left" valign="middle">infinity</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_cacertfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_certfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_verify</cell>
-        <cell align="left" valign="middle">0 | 1 | 2</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_depth</cell>
-        <cell align="left" valign="middle">integer()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_password</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_keyfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_ciphers</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_cachetimeout</cell>
-        <cell align="left" valign="middle">integer() | infinity</cell>
-        <cell align="left" valign="middle">infinity</cell>
+        <cell align="left" valign="middle">ssl_client_options</cell>
+        <cell align="left" valign="middle">list()</cell>
+        <cell align="left" valign="middle">See the <seealso marker="ssl:ssl">SSL</seealso> application 
+	for valid options.</cell>
       </row>
       <row>
         <cell align="left" valign="middle">iiop_ssl_out_keepalive</cell>
@@ -698,40 +630,10 @@ nodeB@hostB> orber:start().
       <item>If set, the value must be an integer greater than zero or 
       <c>{local, DefaultNATPort, [{Port, NATPort}]}</c>. See also
       <seealso marker="ch_install#firewall">Firewall Configuration</seealso>.</item>
-      <tag><em>ssl_server_cacertfile</em></tag>
+      <tag><em>ssl_server_options</em></tag>
       <item>the file path to a server side CA certificate.</item>
-      <tag><em>ssl_server_certfile</em></tag>
-      <item>The path to a file containing a chain of PEM encoded certificates.</item>
-      <tag><em>ssl_server_verify</em></tag>
-      <item>The type of verification used by SSL during authentication of the
-       other peer for incoming calls.</item>
-      <tag><em>ssl_server_depth</em></tag>
-      <item>The SSL verification depth for outgoing calls.</item>
-      <tag><em>ssl_server_password</em></tag>
-      <item>The server side key string.</item>
-      <tag><em>ssl_server_keyfile</em></tag>
-      <item>The file path to a server side key.</item>
-      <tag><em>ssl_server_ciphers</em></tag>
-      <item>The server side cipher string.</item>
-      <tag><em>ssl_server_cachetimeout</em></tag>
-      <item>The server side cache timeout.</item>
-      <tag><em>ssl_client_cacertfile</em></tag>
-      <item>The file path to a client side CA certificate.</item>
-      <tag><em>ssl_client_certfile</em></tag>
+      <tag><em>ssl_client_options</em></tag>
       <item>The path to a file containing a chain of PEM encoded certificates.</item>
-      <tag><em>ssl_client_verify</em></tag>
-      <item>The type of verification used by SSL during authentication of the
-       other peer for outgoing calls.</item>
-      <tag><em>ssl_client_depth</em></tag>
-      <item>The SSL verification depth for incoming calls.</item>
-      <tag><em>ssl_client_password</em></tag>
-      <item>The client side key string.</item>
-      <tag><em>ssl_client_keyfile</em></tag>
-      <item>The file path to a client side key.</item>
-      <tag><em>ssl_client_ciphers</em></tag>
-      <item>The client side cipher string.</item>
-      <tag><em>ssl_client_cachetimeout</em></tag>
-      <item>The client side cache timeout.</item>
       <tag><em>iiop_ssl_out_keepalive</em></tag>
       <item>Enables periodic transmission on a connected socket, when no other 
        data is being exchanged. If the other end does not respond, the 
diff --git a/lib/orber/doc/src/ch_security.xml b/lib/orber/doc/src/ch_security.xml
index 938025a629..a25a8a5052 100644
--- a/lib/orber/doc/src/ch_security.xml
+++ b/lib/orber/doc/src/ch_security.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE chapter SYSTEM "chapter.dtd">
 
 <chapter>
   <header>
     <copyright>
-      <year>1999</year><year>2009</year>
+      <year>1999</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -55,40 +55,15 @@
 
     <section>
       <title>Configurations when Orber is Used on the Server Side</title>
-      <p>The following three configuration variables can be used to configure Orber's SSL
-        behavior on the server side.</p>
+      <p>There is a variable to conficure Orber's SSL behavior on the server side.</p>
       <list type="bulleted">
-        <item><em>ssl_server_certfile</em> - which is a path to a file containing a
-         chain of PEM encoded certificates for the Orber domain as server.</item>
-        <item><em>ssl_server_cacertfile</em> - which is a path to a file containing 
-         a chain of PEM encoded certificates for the Orber domain as server.</item>
-        <item><em>ssl_server_verify</em> - which specifies type of verification: 
-         0 = do not verify peer; 1 = verify peer, verify client once,
-         2 = verify peer, verify client once, fail if no peer certificate. 
-         The default value is 0.</item>
-        <item><em>ssl_server_depth</em> - which specifies verification depth, i.e. 
-         how far in a chain of certificates the verification process shall
-         proceed before the verification is considered successful. The default
-         value is 1. </item>
-        <item><em>ssl_server_keyfile</em> - which is a path to a file containing a
-         PEM encoded key for the Orber domain as server.</item>
-        <item><em>ssl_server_password</em> - only used if the private keyfile is
-         password protected.</item>
-        <item><em>ssl_server_ciphers</em> - which is string of ciphers as a colon
-         separated list of ciphers.</item>
-        <item><em>ssl_server_cachetimeout</em> - which is the session cache timeout
-         in seconds.</item>
+        <item><em>ssl_server_options</em> - which is a list of options to ssl. 
+        See the <seealso marker="ssl:ssl">SSL</seealso> application for further 
+	descriptions on these options.</item>
       </list>
-      <p>There also exist a number of API functions for accessing the values of these variables:</p>
+      <p>There also exist an API function for accessing the value of this variable:</p>
       <list type="bulleted">
-        <item>orber:ssl_server_certfile/0</item>
-        <item>orber:ssl_server_cacertfile/0</item>
-        <item>orber:ssl_server_verify/0</item>
-        <item>orber:ssl_server_depth/0</item>
-        <item>orber:ssl_server_keyfile/0</item>
-        <item>orber:ssl_server_password/0</item>
-        <item>orber:ssl_server_ciphers/0</item>
-        <item>orber:ssl_server_cachetimeout/0</item>
+        <item>orber:ssl_server_options/0</item>
       </list>
     </section>
 
@@ -97,50 +72,22 @@
       <p>When the Orber enabled application is the client side in the secure connection the 
         different configurations can be set per client process instead and not for the whole domain
         as for incoming calls.</p>
-      <p>One can use configuration variables to set default values for the domain but they can be changed 
-        per client process. Below is the list of client configuration variables.</p>
+      <p>There is a variable to set default values for the domain but they can be changed 
+        per client process.</p>
       <list type="bulleted">
-        <item><em>ssl_client_certfile</em> - which is a path to a file containing a
-         chain of PEM encoded certificates used in outgoing calls in the current
-         process.</item>
-        <item><em>ssl_client_cacertfile</em> - which is a path to a file containing a
-         chain of PEM encoded CA certificates used in outgoing calls in the
-         current process.</item>
-        <item><em>ssl_client_verify</em> - which specifies type of verification: 
-         0 = do not verify peer; 1 = verify peer, verify client once, 
-         2 = verify peer, verify client once, fail if no peer certificate. 
-         The default value is 0.</item>
-        <item><em>ssl_client_depth</em> - which specifies verification depth, i.e. 
-         how far in a chain of certificates the verification process shall proceed
-         before the verification is considered successful. The default value is 1. </item>
-        <item><em>ssl_client_keyfile</em> - which is a path to a file containing a
-         PEM encoded key when Orber act as client side ORB.</item>
-        <item><em>ssl_client_password</em> - only used if the private keyfile is
-         password protected.</item>
-        <item><em>ssl_client_ciphers</em> - which is string of ciphers as a colon
-         separated list of ciphers.</item>
-        <item><em>ssl_client_cachetimeout</em> - which is the session cache timeout
-         in seconds.</item>
+        <item><em>ssl_client_options</em> - which is a list of options to ssl.
+        See the <seealso marker="ssl:ssl">SSL</seealso> application for further 
+	descriptions on these options.</item>
       </list>
-      <p>There also exist a number of API functions for accessing and changing the values of this 
-        variables in the client processes.</p>
-      <p>Access functions:</p>
+      <p>There also exist two API functions for accessing and changing the values of this 
+        variable in the client processes.</p>
+      <p>Access function:</p>
       <list type="bulleted">
-        <item>orber:ssl_client_certfile/0</item>
-        <item>orber:ssl_client_cacertfile/0</item>
-        <item>orber:ssl_client_verify/0</item>
-        <item>orber:ssl_client_depth/0</item>
-        <item>orber:ssl_client_keyfile/0</item>
-        <item>orber:ssl_client_password/0</item>
-        <item>orber:ssl_client_ciphers/0</item>
-        <item>orber:ssl_client_cachetimeout/0</item>
+        <item>orber:ssl_client_options/0</item>
       </list>
-      <p>Modify functions:</p>
+      <p>Modify function:</p>
       <list type="bulleted">
-        <item>orber:set_ssl_client_certfile/1</item>
-        <item>orber:set_ssl_client_cacertfile/1</item>
-        <item>orber:set_ssl_client_verify/1</item>
-        <item>orber:set_ssl_client_depth/1</item>
+        <item>orber:set_ssl_client_options/1</item>
       </list>
     </section>
   </section>
diff --git a/lib/orber/doc/src/corba.xml b/lib/orber/doc/src/corba.xml
index cae0e09b0b..08ec555f94 100644
--- a/lib/orber/doc/src/corba.xml
+++ b/lib/orber/doc/src/corba.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE erlref SYSTEM "erlref.dtd">
 
 <erlref>
   <header>
     <copyright>
-      <year>1997</year><year>2009</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -221,8 +221,7 @@ Example:
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Object = #objref</v>
       </type>
@@ -287,8 +286,7 @@ Example:
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Object = #objref</v>
       </type>
@@ -319,8 +317,7 @@ Example:
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>ObjectId = string()</v>
       </type>
@@ -360,8 +357,7 @@ Example:
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Object = #objref</v>
       </type>
diff --git a/lib/orber/doc/src/corba_object.xml b/lib/orber/doc/src/corba_object.xml
index e0f9a9f503..ef440f1a2d 100644
--- a/lib/orber/doc/src/corba_object.xml
+++ b/lib/orber/doc/src/corba_object.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE erlref SYSTEM "erlref.dtd">
 
 <erlref>
@@ -75,8 +75,7 @@
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Return = boolean() | {'EXCEPTION', E}</v>
       </type>
@@ -117,8 +116,7 @@
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Return = boolean() | {'EXCEPTION', E}</v>
       </type>
@@ -149,8 +147,7 @@
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Return = boolean() | {'EXCEPTION', E}</v>
       </type>
diff --git a/lib/orber/doc/src/notes.xml b/lib/orber/doc/src/notes.xml
index c8477d9252..35ee5e35dd 100644
--- a/lib/orber/doc/src/notes.xml
+++ b/lib/orber/doc/src/notes.xml
@@ -32,7 +32,51 @@
     <file>notes.xml</file>
   </header>
 
-  <section><title>Orber 3.6.22</title>
+  <section><title>Orber 3.6.23</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+	    <p> Remove usage of ssl:seed/1 in orber test cases. </p>
+          <p>
+	    Own Id: OTP-9728</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+	    <p> The SSL option handling has been changed. There are
+	    now two new orber options <c>ssl_server_options</c> and
+	    <c>ssl_client_options</c> which takes a list of options
+	    to the socket. </p> <p> The old options are now
+	    deprecated and removed from the documentation but they
+	    can still be used for backward compatibility as long as
+	    the two new options not are used. </p> <p> If
+	    <c>ssl_server_options</c> and <c>ssl_client_options</c>
+	    contain an TCP option that <c>orber</c> needs to set to a
+	    specific value it will be skipped and a warning will be
+	    written to the error_log. </p>
+          <p>
+	    Own Id: OTP-9773 Aux Id: seq11932 </p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Orber 3.6.22</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/orber/doc/src/orber.xml b/lib/orber/doc/src/orber.xml
index 5e38e4cf9f..35e9f57008 100644
--- a/lib/orber/doc/src/orber.xml
+++ b/lib/orber/doc/src/orber.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE erlref SYSTEM "erlref.dtd">
 
 <erlref>
   <header>
     <copyright>
-      <year>1997</year><year>2010</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -356,7 +356,7 @@
         <v>Type = normal | ssl</v>
         <v>Port = integer() > 0</v>
         <v>ConfigurationParameters = [{Key, Value}]</v>
-        <v>Key = flags | iiop_in_connection_timeout | iiop_max_fragments | iiop_max_in_requests | interceptors | iiop_port | iiop_ssl_port</v>
+        <v>Key = flags | iiop_in_connection_timeout | iiop_max_fragments | iiop_max_in_requests | interceptors | iiop_port | iiop_ssl_port | ssl_server_options</v>
         <v>Value = as described in the User's Guide</v>
         <v>Result = {ok, Ref} | {error, Reason} | {'EXCEPTION', #'BAD_PARAM'{}}</v>
         <v>Ref = #Ref</v>
@@ -378,7 +378,7 @@
           counterparts (See the
           <seealso marker="ch_install#config">Configuration</seealso> chapter
           in the User's Guide). 
-          But the following parameters there are a few restrictions:</p>
+          But for the following parameters there are a few restrictions:</p>
         <list type="bulleted">
           <item><em>flags</em> - currently it is only possible to override the global
            setting for the <c>Use Current Interface in IOR</c> and 
@@ -450,92 +450,32 @@
       </desc>
     </func>
     <func>
-      <name>ssl_server_certfile() -> string()</name>
-      <fsummary>Display  the path to the server certificate</fsummary>
+      <name>ssl_server_options() -> list()</name>
+      <fsummary>Display the SSL server options</fsummary>
       <desc>
-        <p>This function returns a path to a file containing a chain of PEM encoded 
-          certificates for the Orber domain as server. 
+        <p>This function returns the list of SSL options set for the Orber domain as server. 
           This is configured by setting the application variable 
-          <em>ssl_server_certfile</em>.</p>
+          <em>ssl_server_options</em>.</p>
       </desc>
     </func>
     <func>
-      <name>ssl_client_certfile() -> string()</name>
-      <fsummary>Display the path to the client certificate</fsummary>
+      <name>ssl_client_options() -> list()</name>
+      <fsummary>Display the SSL client options</fsummary>
       <desc>
-        <p>This function returns a path to a file containing a chain of PEM encoded 
-          certificates used in outgoing calls in the current process.
+        <p>This function returns the list of SSL options used in outgoing calls in the current process.
           The default value is configured by setting the application variable 
-          <em>ssl_client_certfile</em>.</p>
+          <em>ssl_client_options</em>.</p>
       </desc>
     </func>
     <func>
-      <name>set_ssl_client_certfile(Path) -> ok</name>
-      <fsummary>Set the value of the client certificate</fsummary>
+      <name>set_ssl_client_options(Options) -> ok</name>
+      <fsummary>Set the SSL options for the client</fsummary>
       <type>
-        <v>Path = string()</v>
+        <v>Options = list()</v>
       </type>
       <desc>
-        <p>This function takes a path to a file containing a chain of PEM encoded 
-          certificates as parameter and sets it for the current process.</p>
-      </desc>
-    </func>
-    <func>
-      <name>ssl_server_verify() -> 0 | 1 | 2</name>
-      <fsummary>Display the SSL verification type for incoming calls</fsummary>
-      <desc>
-        <p>This function returns the type of verification used by SSL during authentication of the other 
-          peer for incoming calls. 
-          It is configured by setting the application variable 
-          <em>ssl_server_verify</em>.</p>
-      </desc>
-    </func>
-    <func>
-      <name>ssl_client_verify() -> 0 | 1 | 2</name>
-      <fsummary>Display the SSL verification type for outgoing calls</fsummary>
-      <desc>
-        <p>This function returns  the type of verification used by SSL during authentication of the other 
-          peer for outgoing calls. 
-          The default value is configured by setting the application variable 
-          <em>ssl_client_verify</em>.</p>
-      </desc>
-    </func>
-    <func>
-      <name>set_ssl_client_verify(Value) -> ok</name>
-      <fsummary>Set the value of the SSL verification type for outgoing calls</fsummary>
-      <type>
-        <v>Value = 0 | 1 | 2</v>
-      </type>
-      <desc>
-        <p>This function sets the SSL verification type for the other peer of outgoing calls.</p>
-      </desc>
-    </func>
-    <func>
-      <name>ssl_server_depth() -> int()</name>
-      <fsummary>Display the SSL verification depth for incoming calls</fsummary>
-      <desc>
-        <p>This function returns the SSL verification depth for incoming calls. 
-          It is configured by setting the application variable 
-          <em>ssl_server_depth</em>.</p>
-      </desc>
-    </func>
-    <func>
-      <name>ssl_client_depth() ->  int()</name>
-      <fsummary>Display the SSL verification depth for outgoing calls</fsummary>
-      <desc>
-        <p>This function returns the SSL verification depth for outgoing calls. 
-          The default value is configured by setting the application variable 
-          <em>ssl_client_depth</em>.</p>
-      </desc>
-    </func>
-    <func>
-      <name>set_ssl_client_depth(Depth) -> ok</name>
-      <fsummary>Sets the value of the SSL verification depth for outgoing calls</fsummary>
-      <type>
-        <v>Depth = int()</v>
-      </type>
-      <desc>
-        <p>This function sets the SSL verification depth for the other peer of outgoing calls.</p>
+        <p>This function takes a list of SSL options as parameter and sets 
+	it for the current process.</p>
       </desc>
     </func>
     <func>
diff --git a/lib/orber/examples/Stack/Makefile b/lib/orber/examples/Stack/Makefile
index 215e57fcbe..b985f348fa 100644
--- a/lib/orber/examples/Stack/Makefile
+++ b/lib/orber/examples/Stack/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/orber/priv/Makefile b/lib/orber/priv/Makefile
index 2847727035..af82177466 100644
--- a/lib/orber/priv/Makefile
+++ b/lib/orber/priv/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2001-2009. All Rights Reserved.
+# Copyright Ericsson AB 2001-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/orber/src/Makefile b/lib/orber/src/Makefile
index e812e22b46..d2e98686da 100644
--- a/lib/orber/src/Makefile
+++ b/lib/orber/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/orber/src/orber.erl b/lib/orber/src/orber.erl
index 386c07d227..5ab240e046 100644
--- a/lib/orber/src/orber.erl
+++ b/lib/orber/src/orber.erl
@@ -36,6 +36,7 @@
 -export([start/0, start/1, stop/0, install/1, install/2, orber_nodes/0, iiop_port/0,
 	 domain/0, iiop_ssl_port/0, iiop_out_ports/0, iiop_out_ports_random/0,
 	 iiop_out_ports_attempts/0,
+	 ssl_server_options/0, ssl_client_options/0, set_ssl_client_options/1,
 	 ssl_server_certfile/0, ssl_client_certfile/0, set_ssl_client_certfile/1,
 	 ssl_server_verify/0, ssl_client_verify/0, set_ssl_client_verify/1,
 	 ssl_server_depth/0, ssl_client_depth/0, set_ssl_client_depth/1,
@@ -524,6 +525,15 @@ iiop_ssl_port() ->
 nat_iiop_ssl_port() ->
     orber_env:nat_iiop_ssl_port().
 
+ssl_server_options() ->
+        orber_env:ssl_server_options().
+
+ssl_client_options() ->
+        orber_env:ssl_client_options().
+
+set_ssl_client_options(Value) ->
+        orber_env:set_ssl_client_options(Value).
+
 ssl_server_certfile() ->
     orber_env:ssl_server_certfile().
     
diff --git a/lib/orber/src/orber_diagnostics.erl b/lib/orber/src/orber_diagnostics.erl
index c115d79524..3ab55c448d 100644
--- a/lib/orber/src/orber_diagnostics.erl
+++ b/lib/orber/src/orber_diagnostics.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/orber/src/orber_env.erl b/lib/orber/src/orber_env.erl
index d80edb4ee0..8758450104 100644
--- a/lib/orber/src/orber_env.erl
+++ b/lib/orber/src/orber_env.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -20,7 +20,7 @@
 %%
 %%-----------------------------------------------------------------
 %% File: orber_env.erl
-%% 
+%%
 %% Description:
 %%    Handling environment parameters for Orber.
 %%
@@ -49,20 +49,22 @@
 	 iiop_max_in_connections/0, iiop_backlog/0, objectkeys_gc_time/0,
 	 get_ORBInitRef/0, get_ORBDefaultInitRef/0, get_interceptors/0,
 	 get_local_interceptors/0, get_cached_interceptors/0,
-	 set_interceptors/1, is_lightweight/0, get_lightweight_nodes/0, secure/0, 
+	 set_interceptors/1, is_lightweight/0, get_lightweight_nodes/0, secure/0,
 	 iiop_ssl_backlog/0, iiop_ssl_port/0, nat_iiop_ssl_port/0, nat_iiop_ssl_port/1,
+	 ssl_server_options/0, ssl_client_options/0, set_ssl_client_options/1,
 	 ssl_server_certfile/0, ssl_client_certfile/0, set_ssl_client_certfile/1,
 	 ssl_server_verify/0, ssl_client_verify/0, set_ssl_client_verify/1,
 	 ssl_server_depth/0, ssl_client_depth/0, set_ssl_client_depth/1,
-	 ssl_server_cacertfile/0, ssl_client_cacertfile/0, 
+	 ssl_server_cacertfile/0, ssl_client_cacertfile/0,
 	 set_ssl_client_cacertfile/1, ssl_client_password/0,
 	 ssl_server_password/0, ssl_client_keyfile/0, ssl_server_keyfile/0,
 	 ssl_client_ciphers/0, ssl_server_ciphers/0, ssl_client_cachetimeout/0,
-	 ssl_server_cachetimeout/0, get_flags/0, typechecking/0,  
+	 ssl_server_cachetimeout/0,
+	 get_flags/0, typechecking/0,
 	 exclude_codeset_ctx/0, exclude_codeset_component/0, partial_security/0,
 	 use_CSIv2/0, use_FT/0, ip_version/0, light_ifr/0, bidir_context/0,
 	 get_debug_level/0, getaddrstr/2, addr2str/1, iiop_packet_size/0,
-	 iiop_ssl_ip_address_local/0, ip_address_local/0, iiop_in_keepalive/0, 
+	 iiop_ssl_ip_address_local/0, ip_address_local/0, iiop_in_keepalive/0,
 	 iiop_out_keepalive/0, iiop_ssl_in_keepalive/0, iiop_ssl_out_keepalive/0,
 	 iiop_ssl_accept_timeout/0, ssl_generation/0]).
 
@@ -87,38 +89,39 @@
 	[flags, iiop_port, nat_iiop_port, iiop_out_ports, domain, ip_address,
 	 nat_ip_address, giop_version, iiop_timeout, iiop_connection_timeout,
 	 iiop_setup_connection_timeout, iiop_in_connection_timeout, iiop_acl,
-	 iiop_max_fragments, iiop_max_in_requests, iiop_max_in_connections, 
+	 iiop_max_fragments, iiop_max_in_requests, iiop_max_in_connections,
 	 iiop_backlog, objectkeys_gc_time, orbInitRef, orbDefaultInitRef,
 	 interceptors, local_interceptors, lightweight, ip_address_local,
-	 secure, iiop_ssl_ip_address_local, iiop_ssl_backlog, 
-	 iiop_ssl_port, nat_iiop_ssl_port, ssl_server_certfile, 
-	 ssl_client_certfile, ssl_server_verify, ssl_client_verify, ssl_server_depth, 
-	 ssl_client_depth, ssl_server_cacertfile, ssl_client_cacertfile, 
-	 ssl_client_password, ssl_server_password, ssl_client_keyfile, 
-	 ssl_server_keyfile, ssl_client_ciphers, ssl_server_ciphers, 
+	 secure, iiop_ssl_ip_address_local, iiop_ssl_backlog,
+	 iiop_ssl_port, nat_iiop_ssl_port, ssl_server_certfile,
+	 ssl_client_certfile, ssl_server_verify, ssl_client_verify, ssl_server_depth,
+	 ssl_client_depth, ssl_server_cacertfile, ssl_client_cacertfile,
+	 ssl_client_password, ssl_server_password, ssl_client_keyfile,
+	 ssl_server_keyfile, ssl_client_ciphers, ssl_server_ciphers,
 	 ssl_client_cachetimeout, ssl_server_cachetimeout, orber_debug_level,
 	 iiop_packet_size, iiop_in_keepalive, iiop_out_keepalive,
-	 iiop_ssl_in_keepalive, iiop_ssl_out_keepalive, iiop_ssl_accept_timeout]).
+	 iiop_ssl_in_keepalive, iiop_ssl_out_keepalive, iiop_ssl_accept_timeout,
+	 ssl_server_options, ssl_client_options]).
 
 %% The 'flags' parameter must be first in the list.
 %-define(ENV_KEYS,
-%	[{flags, ?ORB_ENV_INIT_FLAGS}, {iiop_port, 4001}, nat_iiop_port, 
-%	 {iiop_out_ports, 0}, {domain, "ORBER"}, ip_address, nat_ip_address, 
-%	 {giop_version, {1, 1}}, {iiop_timeout, infinity}, 
-%	 {iiop_connection_timeout, infinity}, {iiop_setup_connection_timeout, infinity}, 
+%	[{flags, ?ORB_ENV_INIT_FLAGS}, {iiop_port, 4001}, nat_iiop_port,
+%	 {iiop_out_ports, 0}, {domain, "ORBER"}, ip_address, nat_ip_address,
+%	 {giop_version, {1, 1}}, {iiop_timeout, infinity},
+%	 {iiop_connection_timeout, infinity}, {iiop_setup_connection_timeout, infinity},
 %	 {iiop_in_connection_timeout, infinity}, {iiop_acl, []},
-%	 {iiop_max_fragments, infinity}, {iiop_max_in_requests, infinity}, 
-%	 {iiop_max_in_connections, infinity}, {iiop_backlog, 5}, 
-%	 {objectkeys_gc_time, infinity}, 
+%	 {iiop_max_fragments, infinity}, {iiop_max_in_requests, infinity},
+%	 {iiop_max_in_connections, infinity}, {iiop_backlog, 5},
+%	 {objectkeys_gc_time, infinity},
 %	 {orbInitRef, undefined}, {orbDefaultInitRef, undefined},
 %	 {interceptors, false}, {local_interceptors, false}, {lightweight, false},
-%	 {secure, no}, {iiop_ssl_backlog, 5}, {iiop_ssl_port, 4002}, 
+%	 {secure, no}, {iiop_ssl_backlog, 5}, {iiop_ssl_port, 4002},
 %	 nat_iiop_ssl_port, {ssl_server_certfile, []}, {ssl_client_certfile, []},
-%	 {ssl_server_verify, 0}, {ssl_client_verify, 0}, {ssl_server_depth, 1}, 
-%	 {ssl_client_depth, 1}, {ssl_server_cacertfile, []}, 
+%	 {ssl_server_verify, 0}, {ssl_client_verify, 0}, {ssl_server_depth, 1},
+%	 {ssl_client_depth, 1}, {ssl_server_cacertfile, []},
 %	 {ssl_client_cacertfile, []}, {ssl_client_password, []},
-%	 {ssl_server_password, []}, {ssl_client_keyfile, []}, 
-%	 {ssl_server_keyfile, []}, {ssl_client_ciphers, []}, 
+%	 {ssl_server_password, []}, {ssl_client_keyfile, []},
+%	 {ssl_server_keyfile, []}, {ssl_client_ciphers, []},
 %	 {ssl_server_ciphers, []}, {ssl_client_cachetimeout, infinity},
 %	 {ssl_server_cachetimeout, infinity}, {orber_debug_level, 0}]).
 
@@ -129,33 +132,33 @@
 
 %%-----------------------------------------------------------------
 %% External functions
-%%-----------------------------------------------------------------    
 %%-----------------------------------------------------------------
-%% function : 
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%%-----------------------------------------------------------------
+%% function :
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 start(Opts) ->
     gen_server:start_link({local, orber_env}, ?MODULE, Opts, []).
 
 %%-----------------------------------------------------------------
 %% function : get_keys
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 get_keys() ->
     ?ENV_KEYS.
 
 %%-----------------------------------------------------------------
 %% function : get_env
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 get_env(Key) when is_atom(Key) ->
     case catch ets:lookup(?ENV_DB, Key) of
@@ -164,13 +167,13 @@ get_env(Key) when is_atom(Key) ->
 	_ ->
 	    undefined
     end.
- 
+
 %%-----------------------------------------------------------------
 %% function : get_env
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 set_env(Key, Value) when is_atom(Key) ->
     case catch ets:insert(?ENV_DB, #parameters{key = Key, value = Value}) of
@@ -179,20 +182,20 @@ set_env(Key, Value) when is_atom(Key) ->
 	_ ->
 	    undefined
     end.
- 
+
 
 %%-----------------------------------------------------------------
 %% function : info
 %% Arguments: IoDervice - info_msg | string | io | {io, Dev}
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 info() ->
     info(info_msg).
 
 info(IoDevice) ->
-    Info = 
+    Info =
 	case orber_tb:is_running() of
 	    true ->
 		Info1 = create_main_info(),
@@ -211,7 +214,7 @@ info(IoDevice) ->
 	string ->
 	    Info;
 	io ->
-	    io:format("~s", [Info]); 
+	    io:format("~s", [Info]);
 	{io, Dev} ->
 	    io:format(Dev, "~s", [Info]);
 	_ ->
@@ -220,14 +223,14 @@ info(IoDevice) ->
 
 create_main_info() ->
     {Major, Minor} = giop_version(),
-    [io_lib:format("======= Orber Execution Environment ======~n"		   
+    [io_lib:format("======= Orber Execution Environment ======~n"
 		   "Orber version.................: ~s~n"
 		   "Orber domain..................: ~s~n"
 		   "IIOP port number..............: ~p~n"
 		   "IIOP NAT port number..........: ~p~n"
 		   "Interface(s)..................: ~p~n"
 		   "Interface(s) NAT..............: ~p~n"
-		   "Local Interface (default).....: ~p~n"		   
+		   "Local Interface (default).....: ~p~n"
 		   "Nodes in domain...............: ~p~n"
 		   "GIOP version (default)........: ~p.~p~n"
 		   "IIOP out timeout..............: ~p msec~n"
@@ -254,18 +257,18 @@ create_main_info() ->
 		   "Debug Level...................: ~p~n"
 		   "orbInitRef....................: ~p~n"
 		   "orbDefaultInitRef.............: ~p~n",
-		   [?ORBVSN, domain(), iiop_port(), nat_iiop_port(), host(), 
+		   [?ORBVSN, domain(), iiop_port(), nat_iiop_port(), host(),
 		    nat_host(), ip_address_local(),
 		    orber:orber_nodes(), Major, Minor,
-		    iiop_timeout(), iiop_connection_timeout(), 
+		    iiop_timeout(), iiop_connection_timeout(),
 		    iiop_setup_connection_timeout(), iiop_out_ports(),
 		    iiop_out_ports_attempts(), iiop_out_ports_random(),
-		    orber:iiop_connections(out), orber:iiop_connections_pending(), 
-		    iiop_out_keepalive(), orber:iiop_connections(in), 
-		    iiop_in_connection_timeout(), iiop_in_keepalive(), 
-		    iiop_max_fragments(), iiop_max_in_requests(), 
+		    orber:iiop_connections(out), orber:iiop_connections_pending(),
+		    iiop_out_keepalive(), orber:iiop_connections(in),
+		    iiop_in_connection_timeout(), iiop_in_keepalive(),
+		    iiop_max_fragments(), iiop_max_in_requests(),
 		    iiop_max_in_connections(), iiop_backlog(), iiop_acl(),
-		    iiop_packet_size(), objectkeys_gc_time(), get_interceptors(), 
+		    iiop_packet_size(), objectkeys_gc_time(), get_interceptors(),
 		    get_local_interceptors(), get_debug_level(), get_ORBInitRef(),
 		    get_ORBDefaultInitRef()])].
 
@@ -277,7 +280,7 @@ create_flag_info(Info) ->
 	    FlagData = check_flags(?ORB_ENV_FLAGS, Flags, []),
 	    [Info, "System Flags Set..............: \n", FlagData, "\n"]
     end.
-  
+
 check_flags([], _, Acc) ->
     Acc;
 check_flags([{Flag, Txt}|T], Flags, Acc) when ?ORB_FLAG_TEST(Flags, Flag) ->
@@ -289,7 +292,7 @@ check_flags([_|T], Flags, Acc) ->
 create_security_info(no, Info) ->
     lists:flatten([Info, "=========================================\n"]);
 create_security_info(ssl, Info) ->
-    lists:flatten([Info, 
+    lists:flatten([Info,
 		   io_lib:format("ORB security..................: ssl~n"
 				 "SSL generation................: ~p~n"
 				 "SSL IIOP in keepalive.........: ~p~n"
@@ -316,26 +319,26 @@ create_security_info(ssl, Info) ->
 				 "SSL client ciphers............: ~p~n"
 				 "SSL client cachetimeout.......: ~p~n"
 				 "=========================================~n",
-				 [ssl_generation(), iiop_ssl_port(), 
+				 [ssl_generation(), iiop_ssl_port(),
 				  iiop_ssl_in_keepalive(), iiop_ssl_out_keepalive(),
-				  nat_iiop_ssl_port(), iiop_ssl_accept_timeout(), 
+				  nat_iiop_ssl_port(), iiop_ssl_accept_timeout(),
 				  iiop_ssl_backlog(), iiop_ssl_ip_address_local(),
 				  ssl_server_certfile(), ssl_server_verify(),
-				  ssl_server_depth(), ssl_server_cacertfile(), 
-				  ssl_server_keyfile(), ssl_server_password(), 
+				  ssl_server_depth(), ssl_server_cacertfile(),
+				  ssl_server_keyfile(), ssl_server_password(),
 				  ssl_server_ciphers(), ssl_server_cachetimeout(),
-				  ssl_client_certfile(), ssl_client_verify(), 
-				  ssl_client_depth(), ssl_client_cacertfile(), 
+				  ssl_client_certfile(), ssl_client_verify(),
+				  ssl_client_depth(), ssl_client_cacertfile(),
 				  ssl_client_keyfile(), ssl_client_password(),
 				  ssl_client_ciphers(), ssl_client_cachetimeout()])]).
 
 
 %%-----------------------------------------------------------------
 %% function : iiop_acl
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 iiop_acl() ->
     case application:get_env(orber, iiop_acl) of
@@ -352,7 +355,7 @@ iiop_packet_size() ->
 	_ ->
 	    infinity
     end.
-  
+
 
 iiop_port() ->
     case application:get_env(orber, iiop_port) of
@@ -368,7 +371,7 @@ nat_iiop_port() ->
 	    Port;
 	{ok, {local, Default, _NATList}} ->
 	    Default;
-	_ -> 
+	_ ->
 	    iiop_port()
     end.
 
@@ -378,7 +381,7 @@ nat_iiop_port(LocalPort) ->
 	    Port;
 	{ok, {local, Default, NATList}} ->
 	    orber_tb:keysearch(LocalPort, NATList, Default);
-	_ -> 
+	_ ->
 	    iiop_port()
     end.
 
@@ -407,9 +410,9 @@ iiop_out_ports_attempts() ->
 	_ ->
 	    1
     end.
-   
 
-domain() -> 
+
+domain() ->
     case application:get_env(orber, domain) of
 	{ok, Domain} when is_list(Domain) ->
 	    Domain;
@@ -449,7 +452,7 @@ nat_host([Host]) ->
 	{ok,{multiple, [I|_] = IList}} when is_list(I) ->
 	    IList;
 	{ok,{local, Default, NATList}} ->
-	    [orber_tb:keysearch(Host, NATList, Default)]; 
+	    [orber_tb:keysearch(Host, NATList, Default)];
 	_ ->
 	    host()
     end.
@@ -462,7 +465,7 @@ host() ->
 	{ok,{multiple, [I|_] = IList}} when is_list(I) ->
 	    IList;
 	%% IPv4. For IPv6 we only accept a string, but we must support this format
-	%% for IPv4 
+	%% for IPv4
 	{ok, {A1, A2, A3, A4}} when is_integer(A1+A2+A3+A4) ->
 	    [integer_to_list(A1) ++ "." ++ integer_to_list(A2) ++ "." ++ integer_to_list(A3)
 	     ++ "." ++ integer_to_list(A4)];
@@ -489,7 +492,7 @@ ip_address_local() ->
 	_ ->
 	    []
     end.
- 
+
 
 ip_address() ->
     ip_address(ip_version()).
@@ -526,7 +529,7 @@ addr2str({A1, A2, A3, A4, A5, A6, A7, A8}) ->
 	int16_to_hex(A3) ++ ":" ++ int16_to_hex(A4) ++ ":" ++
 	int16_to_hex(A5) ++ ":" ++ int16_to_hex(A6) ++ ":" ++
 	int16_to_hex(A7) ++ ":" ++ int16_to_hex(A8).
-    
+
 
 int16_to_hex(0) ->
     [$0];
@@ -613,7 +616,7 @@ iiop_max_fragments() ->
 	_ ->
 	    infinity
     end.
-    
+
 iiop_max_in_requests() ->
     case application:get_env(orber, iiop_max_in_requests) of
 	{ok, Max} when is_integer(Max) andalso Max > 0 ->
@@ -653,7 +656,7 @@ iiop_out_keepalive() ->
 	_ ->
 	    false
     end.
- 
+
 
 
 get_flags() ->
@@ -706,9 +709,9 @@ bidir_context() ->
 	?ORB_FLAG_TEST(Flags, ?ORB_ENV_USE_BI_DIR_IIOP) ->
 	    [#'IOP_ServiceContext'
 	     {context_id=?IOP_BI_DIR_IIOP,
-	      context_data = 
-	      #'IIOP_BiDirIIOPServiceContext'{listen_points = 
-					      [#'IIOP_ListenPoint'{host=host(), 
+	      context_data =
+	      #'IIOP_BiDirIIOPServiceContext'{listen_points =
+					      [#'IIOP_ListenPoint'{host=host(),
 								   port=iiop_port()}]}}];
 	true ->
 	    []
@@ -819,7 +822,7 @@ get_lightweight_nodes() ->
 	_ ->
 	    false
     end.
-   
+
 
 %%-----------------------------------------------------------------
 %% Security access operations (SSL)
@@ -838,8 +841,8 @@ ssl_generation() ->
 	    V;
 	_ ->
 	    2
-    end.	 
- 
+    end.
+
 iiop_ssl_ip_address_local() ->
     case application:get_env(orber, iiop_ssl_ip_address_local) of
 	{ok,I} when is_list(I) ->
@@ -876,10 +879,10 @@ iiop_ssl_accept_timeout() ->
     case application:get_env(orber, iiop_ssl_accept_timeout) of
 	{ok, N} when is_integer(N) ->
 	    N * 1000;
-	_  -> 
+	_  ->
 	    infinity
     end.
- 
+
 iiop_ssl_port() ->
     case application:get_env(orber, secure) of
 	{ok, ssl} ->
@@ -923,6 +926,52 @@ nat_iiop_ssl_port(LocalPort) ->
 	    -1
     end.
 
+ssl_server_options() ->
+    case application:get_env(orber, ssl_server_options) of
+	{ok, V1}  when is_list(V1) ->
+	    V1;
+	_ ->
+	    []
+    end.
+
+ssl_client_options() ->
+    case application:get_env(orber, ssl_client_options) of
+	{ok, V1}  when is_list(V1) ->
+	    V1;
+	_ ->
+	    []
+    end.
+
+check_ssl_opts(Value) ->
+    check_ssl_opts(Value, []).
+check_ssl_opts([], []) ->
+    ok;
+check_ssl_opts([], Acc) ->
+    {error, Acc};
+check_ssl_opts([{active, _} |T], Acc) ->
+    check_ssl_opts(T, [active |Acc]);
+check_ssl_opts([{packet, _} |T], Acc) ->
+    check_ssl_opts(T, [packet |Acc]);
+check_ssl_opts([{mode, _} |T], Acc) ->
+    check_ssl_opts(T, [mode |Acc]);
+check_ssl_opts([list |T], Acc) ->
+    check_ssl_opts(T, [list |Acc]);
+check_ssl_opts([binary |T], Acc) ->
+    check_ssl_opts(T, [binary |Acc]);
+check_ssl_opts([_ |T], Acc) ->
+    check_ssl_opts(T, Acc).
+
+set_ssl_client_options(Value) when is_list(Value) ->
+    case check_ssl_opts(Value) of
+	ok ->
+	    ok;
+	{error, List} ->
+	    exit(lists:flatten(
+		   io_lib:format("TCP options ~p is not allowed in set_ssl_client_options()",
+				 [List])))
+    end,
+    put(ssl_client_options, Value), ok.
+
 ssl_server_certfile() ->
     case application:get_env(orber, ssl_server_certfile) of
 	{ok, V1}  when is_list(V1) ->
@@ -932,7 +981,7 @@ ssl_server_certfile() ->
 	_ ->
 	    []
     end.
-    
+
 ssl_client_certfile() ->
     case get(ssl_client_certfile) of
 	undefined ->
@@ -950,7 +999,7 @@ ssl_client_certfile() ->
 
 set_ssl_client_certfile(Value) when is_list(Value) ->
     put(ssl_client_certfile, Value).
-    
+
 ssl_server_verify() ->
     Verify = case application:get_env(orber, ssl_server_verify) of
 	{ok, V} when is_integer(V) ->
@@ -964,7 +1013,7 @@ ssl_server_verify() ->
 	true ->
 	   0
     end.
-    
+
 ssl_client_verify() ->
     Verify = case get(ssl_client_verify) of
 		 undefined ->
@@ -986,7 +1035,7 @@ ssl_client_verify() ->
 
 set_ssl_client_verify(Value) when is_integer(Value) andalso Value =< 2 andalso Value >= 0 ->
     put(ssl_client_verify, Value), ok.
-    
+
 ssl_server_depth() ->
     case application:get_env(orber, ssl_server_depth) of
 	{ok, V1} when is_integer(V1) ->
@@ -994,7 +1043,7 @@ ssl_server_depth() ->
 	_ ->
 	    1
     end.
-    
+
 ssl_client_depth() ->
     case get(ssl_client_depth) of
 	undefined ->
@@ -1010,7 +1059,7 @@ ssl_client_depth() ->
 
 set_ssl_client_depth(Value) when is_integer(Value) ->
     put(ssl_client_depth, Value), ok.
-    
+
 
 
 ssl_server_cacertfile() ->
@@ -1022,7 +1071,7 @@ ssl_server_cacertfile() ->
 	_ ->
 	    []
     end.
-    
+
 ssl_client_cacertfile() ->
     case get(ssl_client_cacertfile) of
 	undefined ->
@@ -1040,7 +1089,7 @@ ssl_client_cacertfile() ->
 
 set_ssl_client_cacertfile(Value) when is_list(Value) ->
     put(ssl_client_cacertfile, Value), ok.
-    
+
 
 ssl_client_password() ->
     case application:get_env(orber, ssl_client_password) of
@@ -1108,10 +1157,10 @@ ssl_server_cachetimeout() ->
 
 %%-----------------------------------------------------------------
 %% function : configure
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 configure(Key, Value) when is_atom(Key) ->
     configure(Key, Value, check);
@@ -1125,10 +1174,10 @@ configure_override(Key, _) ->
 
 %%-----------------------------------------------------------------
 %% function : multi_configure
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 multi_configure(KeyValueList) when is_list(KeyValueList) ->
     case orber_tb:is_loaded() of
@@ -1144,7 +1193,7 @@ multi_configure(KeyValueList) when is_list(KeyValueList) ->
 	    end
     end;
 multi_configure(KeyValueList) ->
-    ?EFORMAT("Given configuration parameters not a Key-Value-pair list: ~p", 
+    ?EFORMAT("Given configuration parameters not a Key-Value-pair list: ~p",
 	     [KeyValueList]).
 
 multi_configure_helper([], _) ->
@@ -1237,7 +1286,7 @@ configure(iiop_port, Value, Status) when is_integer(Value) ->
 %% Set the NAT listen port
 configure(nat_iiop_port, Value, Status) when is_integer(Value) andalso Value > 0 ->
     do_safe_configure(nat_iiop_port, Value, Status);
-configure(nat_iiop_port, {local, Value1, Value2}, Status) when is_integer(Value1) andalso 
+configure(nat_iiop_port, {local, Value1, Value2}, Status) when is_integer(Value1) andalso
 							       Value1 > 0 andalso
 							       is_list(Value2) ->
     do_safe_configure(nat_iiop_port, {local, Value1, Value2}, Status);
@@ -1312,12 +1361,20 @@ configure(iiop_ssl_backlog, Value, Status) when is_integer(Value) andalso Value
     do_safe_configure(iiop_ssl_backlog, Value, Status);
 configure(nat_iiop_ssl_port, Value, Status) when is_integer(Value) andalso Value > 0 ->
     do_safe_configure(nat_iiop_ssl_port, Value, Status);
-configure(nat_iiop_ssl_port, {local, Value1, Value2}, Status) when is_integer(Value1) andalso 
+configure(nat_iiop_ssl_port, {local, Value1, Value2}, Status) when is_integer(Value1) andalso
 								   Value1 > 0 andalso
 								   is_list(Value2) ->
     do_safe_configure(nat_iiop_ssl_port, {local, Value1, Value2}, Status);
 configure(iiop_ssl_port, Value, Status) when is_integer(Value) ->
     do_safe_configure(iiop_ssl_port, Value, Status);
+
+%% New SSL options
+configure(ssl_server_options, Value, Status) when is_list(Value) ->
+    do_safe_configure(ssl_server_options, Value, Status);
+configure(ssl_client_options, Value, Status) when is_list(Value) ->
+    do_safe_configure(ssl_client_options, Value, Status);
+
+%% Old SSL options
 configure(ssl_server_certfile, Value, Status) when is_list(Value) ->
     do_safe_configure(ssl_server_certfile, Value, Status);
 configure(ssl_server_certfile, Value, Status) when is_atom(Value) ->
@@ -1434,9 +1491,9 @@ code_change(_OldVsn, State, _Extra) ->
 
 %%-----------------------------------------------------------------
 %% function : env
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
+%% Arguments:
+%% Returns  :
+%% Exception:
 %% Effect   : Used when Key always exists (Default Value)
 %%-----------------------------------------------------------------
 env(Key) ->
@@ -1445,10 +1502,10 @@ env(Key) ->
 
 %%-----------------------------------------------------------------
 %% function : init_env
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 init_env() ->
     application:load(orber),
diff --git a/lib/orber/src/orber_ifr.erl b/lib/orber/src/orber_ifr.erl
index 9631a268e4..6799bc1db4 100644
--- a/lib/orber/src/orber_ifr.erl
+++ b/lib/orber/src/orber_ifr.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -478,7 +478,7 @@ get_module(Id, Type) ->
 	What ->
 	    orber:dbg("[~p] ~p:get_module(~p, ~p).~n"
 		      "Id doesn't exist, mismatch Id vs Type or DB error: ~p", 
-		      [?LINE, ?MODULE, Id, What], ?DEBUG_LEVEL),
+		      [?LINE, ?MODULE, Id, Type, What], ?DEBUG_LEVEL),
 	    corba:raise(#'MARSHAL'{completion_status=?COMPLETED_MAYBE})
     end.
 
diff --git a/lib/orber/src/orber_iiop_net.erl b/lib/orber/src/orber_iiop_net.erl
index 58eba9f039..2eed0b538a 100644
--- a/lib/orber/src/orber_iiop_net.erl
+++ b/lib/orber/src/orber_iiop_net.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -161,31 +161,51 @@ terminate(_Reason, _State) ->
 %%-----------------------------------------------------------------
 get_options(normal, _Options) ->
     [];
-get_options(ssl, Options) ->
-    Verify = orber_tb:keysearch(ssl_server_verify, Options, 
-				orber_env:ssl_server_verify()),
-    Depth = orber_tb:keysearch(ssl_server_depth, Options, 
-			       orber_env:ssl_server_depth()),
-    Cert = orber_tb:keysearch(ssl_server_certfile, Options, 
-			      orber_env:ssl_server_certfile()),
-    CaCert = orber_tb:keysearch(ssl_server_cacertfile, Options, 
-				orber_env:ssl_server_cacertfile()),
-    Pwd = orber_tb:keysearch(ssl_server_password, Options, 
-			     orber_env:ssl_server_password()),
-    Key = orber_tb:keysearch(ssl_server_keyfile, Options, 
-			       orber_env:ssl_server_keyfile()),
-    Ciphers = orber_tb:keysearch(ssl_server_ciphers, Options, 
-				 orber_env:ssl_server_ciphers()),
-    Timeout = orber_tb:keysearch(ssl_server_cachetimeout, Options, 
-				 orber_env:ssl_server_cachetimeout()),
-    [{verify, Verify},
-     {depth, Depth} |
-     ssl_server_extra_options([{certfile, Cert},
-			       {cacertfile, CaCert},
-			       {password, Pwd},
-			       {keyfile, Key},
-			       {ciphers, Ciphers},
-			       {cachetimeout, Timeout}], [])].
+get_options(ssl, Options) ->    
+    SSLOpts = 
+	case orber_tb:keysearch(ssl_server_options, Options,
+				orber_env:ssl_server_options()) of
+	    [] ->
+		Verify = orber_tb:keysearch(ssl_server_verify, Options, 
+					    orber_env:ssl_server_verify()),
+		Depth = orber_tb:keysearch(ssl_server_depth, Options, 
+					   orber_env:ssl_server_depth()),
+		Cert = orber_tb:keysearch(ssl_server_certfile, Options, 
+					  orber_env:ssl_server_certfile()),
+		CaCert = orber_tb:keysearch(ssl_server_cacertfile, Options, 
+					    orber_env:ssl_server_cacertfile()),
+		Pwd = orber_tb:keysearch(ssl_server_password, Options, 
+					 orber_env:ssl_server_password()),
+		Key = orber_tb:keysearch(ssl_server_keyfile, Options, 
+					 orber_env:ssl_server_keyfile()),
+		Ciphers = orber_tb:keysearch(ssl_server_ciphers, Options, 
+					     orber_env:ssl_server_ciphers()),
+		Timeout = orber_tb:keysearch(ssl_server_cachetimeout, Options, 
+					     orber_env:ssl_server_cachetimeout()),
+		KeepAlive = orber_tb:keysearch(ssl_server_cachetimeout, Options, 
+					       orber_env:iiop_ssl_in_keepalive()),
+		[{verify, Verify},
+		 {depth, Depth},
+		 {certfile, Cert},
+		 {cacertfile, CaCert},
+		 {password, Pwd},
+		 {keyfile, Key},
+		 {ciphers, Ciphers},
+		 {cachetimeout, Timeout},
+		 {keepalive, KeepAlive}];
+	    Opts ->	
+		case orber_tb:check_illegal_tcp_options(Opts) of
+		    ok -> 
+			check_old_ssl_server_options(Options),
+			Opts;
+		    {error, IllegalOpts} ->
+			error_logger:error_report([{application, orber},
+						   "TCP options not allowed to set on a connection", 
+						   IllegalOpts]),
+			error("Illegal TCP option")
+		end
+	end,
+    ssl_server_extra_options(SSLOpts, []).
 
 %%-----------------------------------------------------------------
 %% Func: parse_options/2
@@ -266,23 +286,28 @@ handle_call({add, IP, Type, Port, AllOptions}, _From, State) ->
     Family = orber_env:ip_version(),
     case inet:getaddr(IP, Family) of
 	{ok, IPTuple} ->
-	    Options = [{ip, IPTuple}|get_options(Type, AllOptions)],
-	    Ref = make_ref(),
-	    ProxyOptions = filter_options(AllOptions, []),
-	    case orber_socket:listen(Type, Port, Options, false) of
-		{ok, Listen, NewPort} ->
-		    {ok, Pid} = orber_iiop_socketsup:start_accept(Type, Listen, Ref,
-								  ProxyOptions),
-		    link(Pid),
-		    ets:insert(?CONNECTION_DB, #listen{pid = Pid, 
-						       socket = Listen, 
-						       port = NewPort, 
-						       type = Type, ref = Ref,
-						       options = Options,
-						       proxy_options = ProxyOptions}),
-		    {reply, {ok, Ref}, State};
-		Error ->
-		    {reply, Error, State}
+	    try [{ip, IPTuple} |get_options(Type, AllOptions)] of
+		Options ->
+     	            Ref = make_ref(),
+		    ProxyOptions = filter_options(AllOptions, []),
+	            case orber_socket:listen(Type, Port, Options, false) of
+		        {ok, Listen, NewPort} ->
+		            {ok, Pid} = orber_iiop_socketsup:start_accept(Type, Listen, Ref,
+		       					                  ProxyOptions),
+		            link(Pid),
+		            ets:insert(?CONNECTION_DB, #listen{pid = Pid, 
+						               socket = Listen, 
+						               port = NewPort, 
+						               type = Type, ref = Ref,
+						               options = Options,
+						               proxy_options = ProxyOptions}),
+		            {reply, {ok, Ref}, State};
+	          	Error ->
+		            {reply, Error, State}
+	            end
+            catch
+		error:Reason ->
+		    {reply, {error, Reason}, State}
 	    end;
 	Other ->
 	    {reply, Other, State}
@@ -461,3 +486,31 @@ update_counter(#state{max_connections = infinity} = State, _) ->
 update_counter(State, Value) ->
     State#state{counter = State#state.counter + Value}.
 
+
+check_old_ssl_server_options(Options) ->
+    try
+	0 = orber_tb:keysearch(ssl_server_verify, Options, 
+			       orber_env:ssl_server_verify()),
+    	1 = orber_tb:keysearch(ssl_server_depth, Options, 
+			       orber_env:ssl_server_depth()),
+     	[] = orber_tb:keysearch(ssl_server_certfile, Options, 
+				orber_env:ssl_server_certfile()),
+	[] = orber_tb:keysearch(ssl_server_cacertfile, Options, 
+				orber_env:ssl_server_cacertfile()),
+	[] = orber_tb:keysearch(ssl_server_password, Options, 
+				orber_env:ssl_server_password()),
+	[] = orber_tb:keysearch(ssl_server_keyfile, Options, 
+				orber_env:ssl_server_keyfile()),
+	[] = orber_tb:keysearch(ssl_server_ciphers, Options, 
+				orber_env:ssl_server_ciphers()),
+	infinity = orber_tb:keysearch(ssl_server_cachetimeout, Options, 
+				      orber_env:ssl_server_cachetimeout()),
+	false = orber_tb:keysearch(iiop_ssl_in_keepalive, Options, 
+				   orber_env:iiop_ssl_in_keepalive())
+    catch
+	_:_ ->
+					      io:format("hej\n",[]),
+	    error_logger:warning_report([{application, orber},
+			 "Ignoring deprecated ssl server options used together with the ssl_server_options"])
+    end.
+   
diff --git a/lib/orber/src/orber_iiop_pm.erl b/lib/orber/src/orber_iiop_pm.erl
index bf36b353bc..927d12b3b2 100644
--- a/lib/orber/src/orber_iiop_pm.erl
+++ b/lib/orber/src/orber_iiop_pm.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -108,44 +108,82 @@ connect(Host, Port, SocketType, Timeout, Chars, Wchars, Ctx)
     end.
 
 get_ssl_socket_options([]) ->
-    [{verify, orber:ssl_client_verify()},
-     {depth, orber:ssl_client_depth()} |
-     ssl_client_extra_options([{certfile, orber:ssl_client_certfile()},
-			       {cacertfile, orber:ssl_client_cacertfile()},
-			       {password, orber:ssl_client_password()},
-			       {keyfile, orber:ssl_client_keyfile()},
-			       {ciphers, orber:ssl_client_ciphers()},
-			       {cachetimeout, orber:ssl_client_cachetimeout()}], [])];
+    SSLOpts = 
+	case orber_env:ssl_client_options() of
+	    [] ->
+		[{verify, orber_env:ssl_client_verify()},
+		 {depth, orber_env:ssl_client_depth()},
+		 {certfile, orber_env:ssl_client_certfile()},
+		 {cacertfile, orber_env:ssl_client_cacertfile()},
+		 {password, orber_env:ssl_client_password()},
+		 {keyfile, orber_env:ssl_client_keyfile()},
+		 {ciphers, orber_env:ssl_client_ciphers()},
+		 {cachetimeout, orber_env:ssl_client_cachetimeout()},
+		 {keepalive, orber_env:iiop_ssl_out_keepalive()}];
+	    Opts ->
+		case orber_tb:check_illegal_tcp_options(Opts) of
+		    ok -> 
+			check_old_ssl_client_options([]),
+			Opts;
+		    {error, IllegalOpts} ->
+			error_logger:error_report([{application, orber},
+						   "TCP options not allowed to set on a connection", 
+						   IllegalOpts]),
+			error("Illegal TCP option")
+		end
+	end,
+    ssl_client_extra_options(SSLOpts, []);
 get_ssl_socket_options([#'IOP_ServiceContext'
 			{context_id=?ORBER_GENERIC_CTX_ID, 
 			 context_data = {configuration, Options}}|_]) ->
-    Verify = orber_tb:keysearch(ssl_client_verify, Options, 
-				orber_env:ssl_client_verify()),
-    Depth = orber_tb:keysearch(ssl_client_depth, Options, 
-			       orber_env:ssl_client_depth()),
-    Cert = orber_tb:keysearch(ssl_client_certfile, Options, 
-			      orber_env:ssl_client_certfile()),
-    CaCert = orber_tb:keysearch(ssl_client_cacertfile, Options, 
-				orber_env:ssl_client_cacertfile()),
-    Pwd = orber_tb:keysearch(ssl_client_password, Options, 
-			     orber_env:ssl_client_password()),
-    Key = orber_tb:keysearch(ssl_client_keyfile, Options, 
-			     orber_env:ssl_client_keyfile()),
-    Ciphers = orber_tb:keysearch(ssl_client_ciphers, Options, 
-				 orber_env:ssl_client_ciphers()),
-    Timeout = orber_tb:keysearch(ssl_client_cachetimeout, Options, 
-				 orber_env:ssl_client_cachetimeout()),
-    [{verify, Verify},
-     {depth, Depth} |
-     ssl_client_extra_options([{certfile, Cert},
-			       {cacertfile, CaCert},
-			       {password, Pwd},
-			       {keyfile, Key},
-			       {ciphers, Ciphers},
-			       {cachetimeout, Timeout}], [])];
+    SSLOpts = 
+	case orber_tb:keysearch(ssl_client_options, Options,
+				orber_env:ssl_client_options()) of
+	    [] ->
+		Verify = orber_tb:keysearch(ssl_client_verify, Options, 
+					    orber_env:ssl_client_verify()),
+		Depth = orber_tb:keysearch(ssl_client_depth, Options, 
+					   orber_env:ssl_client_depth()),
+		Cert = orber_tb:keysearch(ssl_client_certfile, Options, 
+					  orber_env:ssl_client_certfile()),
+		CaCert = orber_tb:keysearch(ssl_client_cacertfile, Options, 
+					    orber_env:ssl_client_cacertfile()),
+		Pwd = orber_tb:keysearch(ssl_client_password, Options, 
+					 orber_env:ssl_client_password()),
+		Key = orber_tb:keysearch(ssl_client_keyfile, Options, 
+					 orber_env:ssl_client_keyfile()),
+		Ciphers = orber_tb:keysearch(ssl_client_ciphers, Options, 
+					     orber_env:ssl_client_ciphers()),
+		Timeout = orber_tb:keysearch(ssl_client_cachetimeout, Options, 
+					     orber_env:ssl_client_cachetimeout()),
+		KeepAlive = orber_tb:keysearch(ssl_server_cachetimeout, Options, 
+					       orber_env:iiop_ssl_out_keepalive()),
+		[{verify, Verify},
+		 {depth, Depth},
+		 {certfile, Cert},
+		 {cacertfile, CaCert},
+		 {password, Pwd},
+		 {keyfile, Key},
+		 {ciphers, Ciphers},
+		 {cachetimeout, Timeout},
+		 {keepalive, KeepAlive}];
+	    Opts ->	
+		case orber_tb:check_illegal_tcp_options(Opts) of
+		    ok -> 
+			check_old_ssl_client_options(Options),
+			Opts;
+		    {error, IllegalOpts} ->
+			error_logger:error_report([{application, orber},
+						   "TCP options not allowed to set on a connection", 
+						   IllegalOpts]),
+			error("Illegal TCP option")
+		end
+	end,
+    ssl_client_extra_options(SSLOpts, []);
 get_ssl_socket_options([_|T]) ->
     get_ssl_socket_options(T).
 
+
 ssl_client_extra_options([], Acc) ->
     Acc;
 ssl_client_extra_options([{_Type, []}|T], Acc) ->
@@ -814,6 +852,36 @@ init_interceptors(Host, Port, {SHost, SPort}) ->
             %% Either 'false' or {Type, PIs}.
 	    Other
     end.
+
+
+check_old_ssl_client_options(Options) ->
+    try
+	0 = orber_tb:keysearch(ssl_client_verify, Options, 
+			       orber_env:ssl_client_verify()),
+    	1 = orber_tb:keysearch(ssl_client_depth, Options, 
+			       orber_env:ssl_client_depth()),
+     	[] = orber_tb:keysearch(ssl_client_certfile, Options, 
+				orber_env:ssl_client_certfile()),
+	[] = orber_tb:keysearch(ssl_client_cacertfile, Options, 
+				orber_env:ssl_client_cacertfile()),
+	[] = orber_tb:keysearch(ssl_client_password, Options, 
+				orber_env:ssl_client_password()),
+	[] = orber_tb:keysearch(ssl_client_keyfile, Options, 
+				orber_env:ssl_client_keyfile()),
+	[] = orber_tb:keysearch(ssl_client_ciphers, Options, 
+				orber_env:ssl_client_ciphers()),
+	infinity = orber_tb:keysearch(ssl_client_cachetimeout, Options, 
+				      orber_env:ssl_client_cachetimeout()),
+	false = orber_tb:keysearch(iiop_ssl_out_keepalive, Options, 
+				   orber_env:iiop_ssl_out_keepalive())
+
+    catch
+	_:_ ->
+	    error_logger:warning_report([{application, orber},
+			 "Ignoring deprecated ssl client options used together with the ssl_client_options"])
+    end.
+   
+
     
 
 %%-----------------------------------------------------------------
diff --git a/lib/orber/src/orber_socket.erl b/lib/orber/src/orber_socket.erl
index ec2cf8f42a..07a0e09ccc 100644
--- a/lib/orber/src/orber_socket.erl
+++ b/lib/orber/src/orber_socket.erl
@@ -14,8 +14,7 @@
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%%
-%% %CopyrightEnd%
+%%%% %CopyrightEnd%
 %%
 %%
 %%-----------------------------------------------------------------
@@ -37,7 +36,7 @@
 %%-----------------------------------------------------------------
 -export([start/0, connect/4, listen/3, listen/4, accept/2, accept/3, write/3,
 	 controlling_process/3, close/2, peername/2, sockname/2, 
-	 peerdata/2, peercert/2, sockdata/2, setopts/3, 
+	 peerdata/2, peercert/2, sockdata/2, setopts/3,
 	 clear/2, shutdown/3, post_accept/2, post_accept/3]).
 
 %%-----------------------------------------------------------------
@@ -75,8 +74,6 @@ connect(Type, Host, Port, Options) ->
 	case Type of
 	    normal ->
 		[{keepalive, orber_env:iiop_out_keepalive()}|Options1];
-	    _ when Generation > 2 ->
-		[{keepalive, orber_env:iiop_ssl_out_keepalive()}|Options1];
 	    _ ->
 		Options1
 	end,
@@ -251,8 +248,7 @@ listen(ssl, Port, Options, Exception) ->
 	       end,
     Options4 = if
 		   Generation > 2 ->
-		       [{reuseaddr, true}, 
-			{keepalive, orber_env:iiop_ssl_in_keepalive()}|Options3];
+		       [{reuseaddr, true} |Options3];
 		   true ->
 		       Options3
 	       end,
@@ -362,8 +358,8 @@ peercert(ssl, Socket) ->
     ssl:peercert(Socket);
 peercert(Type, _Socket) ->
     orber:dbg("[~p] orber_socket:peercert(~p);~n"
-	      "Only available for SSL sockets.", 
-	      [?LINE, Type], ?DEBUG_LEVEL),
+ 	      "Only available for SSL sockets.",
+ 	      [?LINE, Type], ?DEBUG_LEVEL),
     {error, ebadsocket}.
 
 %%-----------------------------------------------------------------
diff --git a/lib/orber/src/orber_tb.erl b/lib/orber/src/orber_tb.erl
index e6d5ee4400..d3e3a8497d 100644
--- a/lib/orber/src/orber_tb.erl
+++ b/lib/orber/src/orber_tb.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -39,7 +39,8 @@
 -compile({no_auto_import,[error/2]}).
 -export([wait_for_tables/1, wait_for_tables/2, wait_for_tables/3,
 	 is_loaded/0, is_loaded/1, is_running/0, is_running/1, 
-	 info/2, error/2, unique/1, keysearch/2, keysearch/3]).
+	 info/2, error/2, unique/1, keysearch/2, keysearch/3,
+	check_illegal_tcp_options/1]).
 
 %%----------------------------------------------------------------------
 %% Internal exports
@@ -179,6 +180,38 @@ error(Format, Args) ->
 				 Args).
 
 
+
+
+
+%%----------------------------------------------------------------------
+%% function : check_illegal_tcp_options/1
+%% Arguments: 
+%% Returns  : 
+%% Exception: 
+%% Effect   : 
+%%----------------------------------------------------------------------
+check_illegal_tcp_options(Options) ->
+    check_illegal_tcp_options(Options, []).
+
+check_illegal_tcp_options([],[]) ->
+    ok;
+check_illegal_tcp_options([],IllegalOpts) ->
+    {error, IllegalOpts};
+check_illegal_tcp_options([{active, V} |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[{active, V} |IllegalOpts]);
+check_illegal_tcp_options([{packet, V} |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[{packet, V} |IllegalOpts]);
+check_illegal_tcp_options([{mode, V} |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[{mode, V} |IllegalOpts]);
+check_illegal_tcp_options([list |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[list |IllegalOpts]);
+check_illegal_tcp_options([binary |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[binary |IllegalOpts]);
+check_illegal_tcp_options([{reuseaddr, V} |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[{reuseaddr, V} |IllegalOpts]);
+check_illegal_tcp_options([_H|T], IllegalOpts) ->
+    check_illegal_tcp_options(T, IllegalOpts).
+
 %%----------------------------------------------------------------------
 %% Internal functions
 %%----------------------------------------------------------------------
diff --git a/lib/orber/test/Makefile b/lib/orber/test/Makefile
index 996d0d1874..d4be009af3 100644
--- a/lib/orber/test/Makefile
+++ b/lib/orber/test/Makefile
@@ -176,6 +176,7 @@ clean:
 	rm -f idl_output/*
 	rm -f $(TARGET_FILES) 
 	rm -f errs core *~
+	rm IDL-GENERATED
 
 
 docs:
diff --git a/lib/orber/test/csiv2_SUITE.erl b/lib/orber/test/csiv2_SUITE.erl
index 406a8ea693..60ffa1eb09 100644
--- a/lib/orber/test/csiv2_SUITE.erl
+++ b/lib/orber/test/csiv2_SUITE.erl
@@ -70,46 +70,46 @@
 	 profiles =
 	 [#'IOP_TaggedProfile'
 	  {tag = ?TAG_INTERNET_IOP,
-	   profile_data = 
+	   profile_data =
 	   #'IIOP_ProfileBody_1_1'{
 	     iiop_version = #'IIOP_Version'{major = 1,
 					    minor = 2},
 	     host =  "127.0.0.1",
 	     port = 0,
 	     object_key = [0,86,66,1,0,0,0,24,47,70,77,65,95,67,73,82,80,77,65,78,95,80,79,65,95,83,69,67,85,82,69,0,0,0,0,4,0,0,4,186,0,0,2,10,81,218,65,185],
-	     components = 
+	     components =
 	     [#'IOP_TaggedComponent'{tag = ?TAG_SSL_SEC_TRANS,
 				     component_data = #'SSLIOP_SSL'{
 				       target_supports = 102,
 				       target_requires = 66,
 				       port = 49934}},
 	      #'IOP_TaggedComponent'{tag = ?TAG_CSI_SEC_MECH_LIST,
-				     component_data = 
+				     component_data =
 	      #'CSIIOP_CompoundSecMechList'{stateful = true,
-					    mechanism_list = 
+					    mechanism_list =
 					    [#'CSIIOP_CompoundSecMech'
 					     {target_requires = 66,
 					      transport_mech = #'IOP_TaggedComponent'{
 						tag = ?TAG_TLS_SEC_TRANS,
-						component_data = 
+						component_data =
 						#'CSIIOP_TLS_SEC_TRANS'{
 						  target_supports = 102,
 						  target_requires = 66,
-						  addresses = 
+						  addresses =
 						  [#'CSIIOP_TransportAddress'
 						   {host_name = "127.0.0.1",
 						    port = 49934}]}},
-					      as_context_mech = 
+					      as_context_mech =
 					      #'CSIIOP_AS_ContextSec'{
 						target_supports = 0,
 						target_requires = 0,
 						client_authentication_mech = [],
 						target_name = []},
-					      sas_context_mech = 
+					      sas_context_mech =
 					      #'CSIIOP_SAS_ContextSec'{
 						target_supports = 1024,
 						target_requires = 0,
-						privilege_authorities = 
+						privilege_authorities =
 						[#'CSIIOP_ServiceConfiguration'
 						 {syntax = 1447174401,
 						  name = "Borland"}],
@@ -124,7 +124,7 @@
 						supported_identity_types = 15}}]}},
 	      #'IOP_TaggedComponent'
 	      {tag = ?TAG_CODE_SETS,
-	       component_data = 
+	       component_data =
 	       #'CONV_FRAME_CodeSetComponentInfo'{'ForCharData' =
 						  #'CONV_FRAME_CodeSetComponent'{
 						    native_code_set = 65537,
@@ -151,15 +151,15 @@
 
 -ifdef(false).
 %% PKIX1Explicit88
--define(AlgorithmIdentifier, 
+-define(AlgorithmIdentifier,
 	#'AlgorithmIdentifier'{algorithm = ?OID,
 			       parameters = ?ANY}).
 
 -define(Validity, #'Validity'{notBefore = {utcTime, "19820102070533.8"},
 			      notAfter = {generalTime, "19820102070533.8"}}).
 
--define(SubjectPublicKeyInfo, 
-	#'SubjectPublicKeyInfo'{algorithm = ?AlgorithmIdentifier, 
+-define(SubjectPublicKeyInfo,
+	#'SubjectPublicKeyInfo'{algorithm = ?AlgorithmIdentifier,
 				subjectPublicKey = ?BIT_STR}).
 
 -define(AttributeTypeAndValue,
@@ -178,26 +178,26 @@
 
 -define(UniqueIdentifier, ?BIT_STR).
 
--define(Extension, #'Extension'{extnID = ?OID, 
-				critical = ?BOOLEAN, 
+-define(Extension, #'Extension'{extnID = ?OID,
+				critical = ?BOOLEAN,
 				extnValue = ?OCTET_STR}).
 
 -define(Extensions, [?Extension]).
 
 -define(TBSCertificate,
-	#'TBSCertificate'{version = ?Version, 
-			  serialNumber = ?CertificateSerialNumber, 
-			  signature = ?AlgorithmIdentifier, 
-			  issuer = ?Name, 
-			  validity = ?Validity, 
-			  subject = ?Name, 
-			  subjectPublicKeyInfo = ?SubjectPublicKeyInfo, 
-			  issuerUniqueID = ?UniqueIdentifier, 
-			  subjectUniqueID = ?UniqueIdentifier, 
+	#'TBSCertificate'{version = ?Version,
+			  serialNumber = ?CertificateSerialNumber,
+			  signature = ?AlgorithmIdentifier,
+			  issuer = ?Name,
+			  validity = ?Validity,
+			  subject = ?Name,
+			  subjectPublicKeyInfo = ?SubjectPublicKeyInfo,
+			  issuerUniqueID = ?UniqueIdentifier,
+			  subjectUniqueID = ?UniqueIdentifier,
 			  extensions = ?Extensions}).
 
--define(Certificate, #'Certificate'{tbsCertificate = ?TBSCertificate, 
-				    signatureAlgorithm = ?AlgorithmIdentifier, 
+-define(Certificate, #'Certificate'{tbsCertificate = ?TBSCertificate,
+				    signatureAlgorithm = ?AlgorithmIdentifier,
 				    signature = ?BIT_STR}).
 
 %% PKIX1Implicit88
@@ -206,66 +206,66 @@
 
 -define(GeneralNames, [?GeneralName]).
 
-%% PKIXAttributeCertificate	
--define(AttCertValidityPeriod, 
-	#'AttCertValidityPeriod'{notBeforeTime = "19820102070533.8", 
+%% PKIXAttributeCertificate
+-define(AttCertValidityPeriod,
+	#'AttCertValidityPeriod'{notBeforeTime = "19820102070533.8",
 				 notAfterTime = "19820102070533.8"}).
 
 
--define(Attribute, #'Attribute'{type = ?OID, 
+-define(Attribute, #'Attribute'{type = ?OID,
 				values = []}).
 
 -define(Attributes, [?Attribute]).
 
--define(IssuerSerial, #'IssuerSerial'{issuer = ?GeneralNames, 
-				      serial = ?CertificateSerialNumber, 
+-define(IssuerSerial, #'IssuerSerial'{issuer = ?GeneralNames,
+				      serial = ?CertificateSerialNumber,
 				      issuerUID = ?UniqueIdentifier}).
 
 -define(DigestedObjectType, publicKey). %% Enum
 
--define(ObjectDigestInfo, 
-	#'ObjectDigestInfo'{digestedObjectType = ?DigestedObjectType, 
-			    otherObjectTypeID = ?OID, 
-			    digestAlgorithm = ?AlgorithmIdentifier, 
+-define(ObjectDigestInfo,
+	#'ObjectDigestInfo'{digestedObjectType = ?DigestedObjectType,
+			    otherObjectTypeID = ?OID,
+			    digestAlgorithm = ?AlgorithmIdentifier,
 			    objectDigest = ?BIT_STR}).
 
--define(V2Form, #'V2Form'{issuerName = ?GeneralNames, 
-			  baseCertificateID = ?IssuerSerial, 
+-define(V2Form, #'V2Form'{issuerName = ?GeneralNames,
+			  baseCertificateID = ?IssuerSerial,
 			  objectDigestInfo = ?ObjectDigestInfo}).
 
 -define(AttCertVersion, v2).
 
--define(Holder, #'Holder'{baseCertificateID = ?IssuerSerial, 
-			  entityName = ?GeneralNames, 
+-define(Holder, #'Holder'{baseCertificateID = ?IssuerSerial,
+			  entityName = ?GeneralNames,
 			  objectDigestInfo = ?ObjectDigestInfo}).
 
 -define(AttCertIssuer, {v2Form, ?V2Form}).
 
 -define(AttributeCertificateInfo,
-	#'AttributeCertificateInfo'{version = ?AttCertVersion, 
-				    holder = ?Holder, 
-				    issuer = ?AttCertIssuer, 
-				    signature = ?AlgorithmIdentifier, 
-				    serialNumber = ?CertificateSerialNumber, 
+	#'AttributeCertificateInfo'{version = ?AttCertVersion,
+				    holder = ?Holder,
+				    issuer = ?AttCertIssuer,
+				    signature = ?AlgorithmIdentifier,
+				    serialNumber = ?CertificateSerialNumber,
 				    attrCertValidityPeriod = ?AttCertValidityPeriod,
-				    attributes = ?Attributes, 
-				    issuerUniqueID = ?UniqueIdentifier, 
+				    attributes = ?Attributes,
+				    issuerUniqueID = ?UniqueIdentifier,
 				    extensions = ?Extensions}).
 
--define(AttributeCertificate, 
-	#'AttributeCertificate'{acinfo = ?AttributeCertificateInfo, 
-				signatureAlgorithm = ?AlgorithmIdentifier, 
+-define(AttributeCertificate,
+	#'AttributeCertificate'{acinfo = ?AttributeCertificateInfo,
+				signatureAlgorithm = ?AlgorithmIdentifier,
 				signatureValue = ?BIT_STR}).
 
 
 %% OrberCSIv2
--define(AttributeCertChain, 
-	#'AttributeCertChain'{attributeCert = ?AttributeCertificate, 
+-define(AttributeCertChain,
+	#'AttributeCertChain'{attributeCert = ?AttributeCertificate,
 			      certificateChain = ?CertificateChain}).
 
 -define(CertificateChain, [?Certificate]).
 
--define(VerifyingCertChain, [?Certificate]).	
+-define(VerifyingCertChain, [?Certificate]).
 
 -endif.
 
@@ -314,15 +314,15 @@
 
 %%-----------------------------------------------------------------
 %% Func: all/1
-%% Args: 
-%% Returns: 
+%% Args:
+%% Returns:
 %%-----------------------------------------------------------------
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
-all() -> 
+all() ->
     cases().
 
-groups() -> 
+groups() ->
     [].
 
 init_per_group(_GroupName, Config) ->
@@ -335,7 +335,7 @@ end_per_group(_GroupName, Config) ->
 %% NOTE - the fragment test cases must bu first since we explicitly set a request
 %% id. Otherwise, the request-id counter would be increased and we cannot know
 %% what it is.
-cases() -> 
+cases() ->
     [ssl_server_peercert_api, ssl_client_peercert_api].
 
 %%-----------------------------------------------------------------
@@ -361,14 +361,20 @@ end_per_testcase(_Case, Config) ->
     ok.
 
 init_per_suite(Config) ->
-    case orber_test_lib:ssl_version() of
-	no_ssl ->
-	    {skip,"SSL is not installed!"};
-	_ ->
-	    Config
+    try crypto:start() of
+        ok ->
+	    case orber_test_lib:ssl_version() of
+		no_ssl ->
+		    {skip, "SSL is not installed!"};
+		_ ->
+		    Config
+	    end
+	catch _:_ ->
+	    {skip, "Crypto did not start"}
     end.
 
 end_per_suite(Config) ->
+    application:stop(crypto),
     Config.
 
 %%-----------------------------------------------------------------
@@ -385,272 +391,272 @@ end_per_suite(Config) ->
 code_CertificateChain_api(doc) -> ["Code CertificateChain"];
 code_CertificateChain_api(suite) -> [];
 code_CertificateChain_api(_Config) ->
-    {ok, Enc} =	
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('CertificateChain', ?CertificateChain)),
-    ?match({ok, [#'Certificate'{}]}, 
+    ?match({ok, [#'Certificate'{}]},
 	   'OrberCSIv2':decode('CertificateChain', list_to_binary(Enc))),
     ok.
 
 code_AttributeCertChain_api(doc) -> ["Code AttributeCertChain"];
 code_AttributeCertChain_api(suite) -> [];
 code_AttributeCertChain_api(_Config) ->
-     {ok, Enc} = 
-	?match({ok, _}, 
+     {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('AttributeCertChain', ?AttributeCertChain)),
-    ?match({ok, #'AttributeCertChain'{}}, 
-	   'OrberCSIv2':decode('AttributeCertChain', list_to_binary(Enc))),   
+    ?match({ok, #'AttributeCertChain'{}},
+	   'OrberCSIv2':decode('AttributeCertChain', list_to_binary(Enc))),
     ok.
 
 code_VerifyingCertChain_api(doc) -> ["Code VerifyingCertChain"];
 code_VerifyingCertChain_api(suite) -> [];
 code_VerifyingCertChain_api(_Config) ->
-     {ok, Enc} = 
-	?match({ok, _}, 
+     {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('VerifyingCertChain', ?VerifyingCertChain)),
-    ?match({ok, [#'Certificate'{}]}, 
-	   'OrberCSIv2':decode('VerifyingCertChain', list_to_binary(Enc))),       
+    ?match({ok, [#'Certificate'{}]},
+	   'OrberCSIv2':decode('VerifyingCertChain', list_to_binary(Enc))),
     ok.
 
 %% PKIXAttributeCertificate
 code_AttributeCertificate_api(doc) -> ["Code AttributeCertificate"];
 code_AttributeCertificate_api(suite) -> [];
 code_AttributeCertificate_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('AttributeCertificate', ?AttributeCertificate)),
-    ?match({ok, #'AttributeCertificate'{}}, 
-	   'OrberCSIv2':decode('AttributeCertificate', list_to_binary(Enc))),   
+    ?match({ok, #'AttributeCertificate'{}},
+	   'OrberCSIv2':decode('AttributeCertificate', list_to_binary(Enc))),
     ok.
 
 code_AttributeCertificateInfo_api(doc) -> ["Code AttributeCertificateInfo"];
 code_AttributeCertificateInfo_api(suite) -> [];
 code_AttributeCertificateInfo_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('AttributeCertificateInfo', ?AttributeCertificateInfo)),
-    ?match({ok, #'AttributeCertificateInfo'{}}, 
-	   'OrberCSIv2':decode('AttributeCertificateInfo', list_to_binary(Enc))),   
+    ?match({ok, #'AttributeCertificateInfo'{}},
+	   'OrberCSIv2':decode('AttributeCertificateInfo', list_to_binary(Enc))),
     ok.
 
 code_AttCertVersion_api(doc) -> ["Code AttCertVersion"];
 code_AttCertVersion_api(suite) -> [];
 code_AttCertVersion_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('AttCertVersion', ?AttCertVersion)),
-    ?match({ok, ?AttCertVersion}, 
-	   'OrberCSIv2':decode('AttCertVersion', list_to_binary(Enc))),   
+    ?match({ok, ?AttCertVersion},
+	   'OrberCSIv2':decode('AttCertVersion', list_to_binary(Enc))),
     ok.
 
 code_Holder_api(doc) -> ["Code Holder"];
 code_Holder_api(suite) -> [];
 code_Holder_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('Holder', ?Holder)),
-    ?match({ok, #'Holder'{}}, 
-	   'OrberCSIv2':decode('Holder', list_to_binary(Enc))),   
+    ?match({ok, #'Holder'{}},
+	   'OrberCSIv2':decode('Holder', list_to_binary(Enc))),
     ok.
 
 code_AttCertIssuer_api(doc) -> ["Code AttCertIssuer"];
 code_AttCertIssuer_api(suite) -> [];
 code_AttCertIssuer_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('AttCertIssuer', ?AttCertIssuer)),
-    ?match({ok, {v2Form, _}}, 
-	   'OrberCSIv2':decode('AttCertIssuer', list_to_binary(Enc))),   
+    ?match({ok, {v2Form, _}},
+	   'OrberCSIv2':decode('AttCertIssuer', list_to_binary(Enc))),
     ok.
 
 code_AttCertValidityPeriod_api(doc) -> ["Code AttCertValidityPeriod"];
 code_AttCertValidityPeriod_api(suite) -> [];
 code_AttCertValidityPeriod_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('AttCertValidityPeriod', ?AttCertValidityPeriod)),
-    ?match({ok, #'AttCertValidityPeriod'{}}, 
-	   'OrberCSIv2':decode('AttCertValidityPeriod', list_to_binary(Enc))),   
+    ?match({ok, #'AttCertValidityPeriod'{}},
+	   'OrberCSIv2':decode('AttCertValidityPeriod', list_to_binary(Enc))),
     ok.
 
 code_V2Form_api(doc) -> ["Code V2Form"];
 code_V2Form_api(suite) -> [];
 code_V2Form_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('V2Form', ?V2Form)),
-    ?match({ok, #'V2Form'{}}, 
-	   'OrberCSIv2':decode('V2Form', list_to_binary(Enc))),   
+    ?match({ok, #'V2Form'{}},
+	   'OrberCSIv2':decode('V2Form', list_to_binary(Enc))),
     ok.
 
 code_IssuerSerial_api(doc) -> ["Code IssuerSerial"];
 code_IssuerSerial_api(suite) -> [];
 code_IssuerSerial_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('IssuerSerial', ?IssuerSerial)),
-    ?match({ok, #'IssuerSerial'{}}, 
-	   'OrberCSIv2':decode('IssuerSerial', list_to_binary(Enc))),   
+    ?match({ok, #'IssuerSerial'{}},
+	   'OrberCSIv2':decode('IssuerSerial', list_to_binary(Enc))),
     ok.
 
 code_ObjectDigestInfo_api(doc) -> ["Code ObjectDigestInfo"];
 code_ObjectDigestInfo_api(suite) -> [];
 code_ObjectDigestInfo_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('ObjectDigestInfo', ?ObjectDigestInfo)),
-    ?match({ok, #'ObjectDigestInfo'{}}, 
-	   'OrberCSIv2':decode('ObjectDigestInfo', list_to_binary(Enc))),   
+    ?match({ok, #'ObjectDigestInfo'{}},
+	   'OrberCSIv2':decode('ObjectDigestInfo', list_to_binary(Enc))),
     ok.
 
 %% PKIX1Explicit88
 code_Certificate_api(doc) -> ["Code Certificate"];
 code_Certificate_api(suite) -> [];
 code_Certificate_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('Certificate', ?Certificate)),
-    ?match({ok, #'Certificate'{}}, 
-	   'OrberCSIv2':decode('Certificate', list_to_binary(Enc))),   
+    ?match({ok, #'Certificate'{}},
+	   'OrberCSIv2':decode('Certificate', list_to_binary(Enc))),
     ok.
 
 code_TBSCertificate_api(doc) -> ["Code TBSCertificate"];
 code_TBSCertificate_api(suite) -> [];
 code_TBSCertificate_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('TBSCertificate', ?TBSCertificate)),
-    ?match({ok, #'TBSCertificate'{}}, 
-	   'OrberCSIv2':decode('TBSCertificate', list_to_binary(Enc))),   
+    ?match({ok, #'TBSCertificate'{}},
+	   'OrberCSIv2':decode('TBSCertificate', list_to_binary(Enc))),
     ok.
 
 code_CertificateSerialNumber_api(doc) -> ["Code CertificateSerialNumber"];
 code_CertificateSerialNumber_api(suite) -> [];
 code_CertificateSerialNumber_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('CertificateSerialNumber', ?CertificateSerialNumber)),
-    ?match({ok, ?CertificateSerialNumber}, 
-	   'OrberCSIv2':decode('CertificateSerialNumber', list_to_binary(Enc))),   
+    ?match({ok, ?CertificateSerialNumber},
+	   'OrberCSIv2':decode('CertificateSerialNumber', list_to_binary(Enc))),
     ok.
 
 code_Version_api(doc) -> ["Code Version"];
 code_Version_api(suite) -> [];
 code_Version_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Version', ?Version)),
-    ?match({ok, ?Version}, 'OrberCSIv2':decode('Version', list_to_binary(Enc))),   
+    ?match({ok, ?Version}, 'OrberCSIv2':decode('Version', list_to_binary(Enc))),
     ok.
 
 code_AlgorithmIdentifier_api(doc) -> ["Code AlgorithmIdentifier"];
 code_AlgorithmIdentifier_api(suite) -> [];
 code_AlgorithmIdentifier_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('AlgorithmIdentifier', ?AlgorithmIdentifier)),
-    ?match({ok, #'AlgorithmIdentifier'{}}, 
-	   'OrberCSIv2':decode('AlgorithmIdentifier', list_to_binary(Enc))),   
+    ?match({ok, #'AlgorithmIdentifier'{}},
+	   'OrberCSIv2':decode('AlgorithmIdentifier', list_to_binary(Enc))),
     ok.
 
 code_Name_api(doc) -> ["Code Name"];
 code_Name_api(suite) -> [];
 code_Name_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Name', ?Name)),
-    ?match({ok, {rdnSequence,_}}, 
-	   'OrberCSIv2':decode('Name', list_to_binary(Enc))),   
+    ?match({ok, {rdnSequence,_}},
+	   'OrberCSIv2':decode('Name', list_to_binary(Enc))),
     ok.
 
 code_RDNSequence_api(doc) -> ["Code RDNSequence"];
 code_RDNSequence_api(suite) -> [];
 code_RDNSequence_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('RDNSequence', ?RDNSequence)),
-    ?match({ok, [[#'AttributeTypeAndValue'{}]]}, 
-	   'OrberCSIv2':decode('RDNSequence', list_to_binary(Enc))),   
+    ?match({ok, [[#'AttributeTypeAndValue'{}]]},
+	   'OrberCSIv2':decode('RDNSequence', list_to_binary(Enc))),
     ok.
 
 code_RelativeDistinguishedName_api(doc) -> ["Code RelativeDistinguishedName"];
 code_RelativeDistinguishedName_api(suite) -> [];
 code_RelativeDistinguishedName_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('RelativeDistinguishedName', ?RelativeDistinguishedName)),
-    ?match({ok, [#'AttributeTypeAndValue'{}]}, 
-	   'OrberCSIv2':decode('RelativeDistinguishedName', list_to_binary(Enc))),   
+    ?match({ok, [#'AttributeTypeAndValue'{}]},
+	   'OrberCSIv2':decode('RelativeDistinguishedName', list_to_binary(Enc))),
     ok.
 
 code_AttributeTypeAndValue_api(doc) -> ["Code AttributeTypeAndValue"];
 code_AttributeTypeAndValue_api(suite) -> [];
 code_AttributeTypeAndValue_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('AttributeTypeAndValue', ?AttributeTypeAndValue)),
-    ?match({ok, #'AttributeTypeAndValue'{}}, 
-	   'OrberCSIv2':decode('AttributeTypeAndValue', list_to_binary(Enc))),   
+    ?match({ok, #'AttributeTypeAndValue'{}},
+	   'OrberCSIv2':decode('AttributeTypeAndValue', list_to_binary(Enc))),
     ok.
 
 code_Attribute_api(doc) -> ["Code Attribute"];
 code_Attribute_api(suite) -> [];
 code_Attribute_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Attribute', ?Attribute)),
-    ?match({ok, #'Attribute'{}}, 
-	   'OrberCSIv2':decode('Attribute', list_to_binary(Enc))),   
+    ?match({ok, #'Attribute'{}},
+	   'OrberCSIv2':decode('Attribute', list_to_binary(Enc))),
     ok.
 
 code_Validity_api(doc) -> ["Code Validity"];
 code_Validity_api(suite) -> [];
 code_Validity_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Validity', ?Validity)),
-    ?match({ok, #'Validity'{}}, 
-	   'OrberCSIv2':decode('Validity', list_to_binary(Enc))),   
+    ?match({ok, #'Validity'{}},
+	   'OrberCSIv2':decode('Validity', list_to_binary(Enc))),
     ok.
 
 code_SubjectPublicKeyInfo_api(doc) -> ["Code SubjectPublicKeyInfo"];
 code_SubjectPublicKeyInfo_api(suite) -> [];
 code_SubjectPublicKeyInfo_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('SubjectPublicKeyInfo', ?SubjectPublicKeyInfo)),
-    ?match({ok, #'SubjectPublicKeyInfo'{}}, 
-	   'OrberCSIv2':decode('SubjectPublicKeyInfo', list_to_binary(Enc))),   
+    ?match({ok, #'SubjectPublicKeyInfo'{}},
+	   'OrberCSIv2':decode('SubjectPublicKeyInfo', list_to_binary(Enc))),
     ok.
 
 code_UniqueIdentifier_api(doc) -> ["Code UniqueIdentifier"];
 code_UniqueIdentifier_api(suite) -> [];
 code_UniqueIdentifier_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('UniqueIdentifier', ?UniqueIdentifier)),
-    ?match({ok, _}, 'OrberCSIv2':decode('UniqueIdentifier', list_to_binary(Enc))),   
+    ?match({ok, _}, 'OrberCSIv2':decode('UniqueIdentifier', list_to_binary(Enc))),
     ok.
 
 code_Extensions_api(doc) -> ["Code Extensions"];
 code_Extensions_api(suite) -> [];
 code_Extensions_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Extensions', ?Extensions)),
-    ?match({ok, [#'Extension'{}]}, 
-	   'OrberCSIv2':decode('Extensions', list_to_binary(Enc))),   
+    ?match({ok, [#'Extension'{}]},
+	   'OrberCSIv2':decode('Extensions', list_to_binary(Enc))),
     ok.
 
 code_Extension_api(doc) -> ["Code Extension"];
 code_Extension_api(suite) -> [];
 code_Extension_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Extension', ?Extension)),
-    ?match({ok, #'Extension'{}}, 
-	   'OrberCSIv2':decode('Extension', list_to_binary(Enc))),   
+    ?match({ok, #'Extension'{}},
+	   'OrberCSIv2':decode('Extension', list_to_binary(Enc))),
     ok.
 
 %% OpenSSL generated x509 Certificate
 code_OpenSSL509_api(doc) -> ["Code OpenSSL generated x509 Certificate"];
 code_OpenSSL509_api(suite) -> [];
 code_OpenSSL509_api(_Config) ->
-    {ok, Cert} = 
-	?match({ok, #'Certificate'{}}, 
+    {ok, Cert} =
+	?match({ok, #'Certificate'{}},
 	       'OrberCSIv2':decode('Certificate', ?X509DER)),
-    AttrCertChain = #'AttributeCertChain'{attributeCert = ?AttributeCertificate, 
+    AttrCertChain = #'AttributeCertChain'{attributeCert = ?AttributeCertificate,
 					  certificateChain = [Cert]},
-    {ok, EAttrCertChain} = 
+    {ok, EAttrCertChain} =
 	?match({ok, _}, 'OrberCSIv2':encode('AttributeCertChain', AttrCertChain)),
-    ?match({ok, #'AttributeCertChain'{}}, 
+    ?match({ok, #'AttributeCertChain'{}},
 	   'OrberCSIv2':decode('AttributeCertChain', list_to_binary(EAttrCertChain))),
     ok.
 
@@ -663,65 +669,65 @@ ssl_server_peercert_api(doc) -> ["Test ssl:peercert (server side)"];
 ssl_server_peercert_api(suite) -> [];
 ssl_server_peercert_api(_Config) ->
     case os:type() of
-        vxworks ->
-	    {skipped, "No SSL-support for VxWorks."};
-        _ ->
-	    Options = orber_test_lib:get_options(iiop_ssl, server, 
-						 2, [{iiop_ssl_port, 0}]),
-	    {ok, ServerNode, ServerHost} = 
-		?match({ok,_,_}, orber_test_lib:js_node(Options)),
-	    ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
-	    SSLOptions = orber_test_lib:get_options(ssl, client),
- 	    {ok, Socket} = 
-		?match({ok, _}, fake_client_ORB(ssl, ServerHost, ServerPort, SSLOptions)),
-	    {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)),
-%% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])),
-%% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])),
-%	    ?match({ok, #'Certificate'{}}, 
-%		   'OrberCSIv2':decode('Certificate', PeerCert)),
-	    destroy_fake_ORB(ssl, Socket),
-	    ok
+	vxworks ->
+ 	    {skipped, "No SSL-support for VxWorks."};
+	_ ->
+ 	    Options = orber_test_lib:get_options(iiop_ssl, server,
+ 						 2, [{iiop_ssl_port, 0}]),
+ 	    {ok, ServerNode, ServerHost} =
+ 		?match({ok,_,_}, orber_test_lib:js_node(Options)),
+ 	    ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
+ 	    SSLOptions = orber_test_lib:get_options(ssl, client),
+  	    {ok, Socket} =
+ 		?match({ok, _}, fake_client_ORB(ssl, ServerHost, ServerPort, SSLOptions)),
+ 	    {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)),
+	    %% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])),
+	    %% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])),
+						%	    ?match({ok, #'Certificate'{}},
+						%		   'OrberCSIv2':decode('Certificate', PeerCert)),
+ 	    destroy_fake_ORB(ssl, Socket),
+ 	    ok
     end.
 
 ssl_client_peercert_api(doc) -> ["Test ssl:peercert (client side)"];
 ssl_client_peercert_api(suite) -> [];
 ssl_client_peercert_api(_Config) ->
     case os:type() of
-        vxworks ->
-	    {skipped, "No SSL-support for VxWorks."};
-        _ ->
-	    Options = orber_test_lib:get_options(iiop_ssl, client, 
-						 2, [{iiop_ssl_port, 0}]),
-	    {ok, ClientNode, _ClientHost} = 
-		?match({ok,_,_}, orber_test_lib:js_node(Options)),
-	    crypto:start(),
-	    ssl:start(),
-	    SSLOptions = orber_test_lib:get_options(ssl, server),
-	    {ok, LSock} = ?match({ok, _}, ssl:listen(0, SSLOptions)),
-	    {ok, {_Address, LPort}} = ?match({ok, {_, _}}, ssl:sockname(LSock)),
-	    IOR = ?match({'IOP_IOR',_,_}, 
-			 iop_ior:create_external({1, 2}, "IDL:FAKE:1.0", 
-						 "localhost", 6004, "FAKE", 
-						 [#'IOP_TaggedComponent'
-						  {tag=?TAG_SSL_SEC_TRANS, 
-						   component_data=#'SSLIOP_SSL'
-						   {target_supports = 2, 
-						    target_requires = 2, 
-						    port = LPort}}])),
-	    spawn(orber_test_lib, remote_apply, 
-		  [ClientNode, corba_object, non_existent, [IOR]]),
-	    {ok, Socket} = ?match({ok, _}, ssl:transport_accept(LSock)),
-	    ?match(ok, ssl:ssl_accept(Socket)),
-	    
-	    {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)),
-%% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])),
-%% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])),
-%	    ?match({ok, #'Certificate'{}}, 
-%		   'OrberCSIv2':decode('Certificate', PeerCert)),
-	    ssl:close(Socket),
-	    ssl:close(LSock),
-	    ssl:stop(),
-	    ok
+	vxworks ->
+ 	    {skipped, "No SSL-support for VxWorks."};
+	_ ->
+ 	    Options = orber_test_lib:get_options(iiop_ssl, client,
+ 						 2, [{iiop_ssl_port, 0}]),
+ 	    {ok, ClientNode, _ClientHost} =
+ 		?match({ok,_,_}, orber_test_lib:js_node(Options)),
+ 	    crypto:start(),
+ 	    ssl:start(),
+ 	    SSLOptions = orber_test_lib:get_options(ssl, server),
+ 	    {ok, LSock} = ?match({ok, _}, ssl:listen(0, SSLOptions)),
+ 	    {ok, {_Address, LPort}} = ?match({ok, {_, _}}, ssl:sockname(LSock)),
+ 	    IOR = ?match({'IOP_IOR',_,_},
+ 			 iop_ior:create_external({1, 2}, "IDL:FAKE:1.0",
+ 						 "localhost", 6004, "FAKE",
+ 						 [#'IOP_TaggedComponent'
+ 						  {tag=?TAG_SSL_SEC_TRANS,
+ 						   component_data=#'SSLIOP_SSL'
+ 						   {target_supports = 2,
+ 						    target_requires = 2,
+ 						    port = LPort}}])),
+ 	    spawn(orber_test_lib, remote_apply,
+ 		  [ClientNode, corba_object, non_existent, [IOR]]),
+ 	    {ok, Socket} = ?match({ok, _}, ssl:transport_accept(LSock)),
+ 	    ?match(ok, ssl:ssl_accept(Socket)),
+
+ 	    {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)),
+	    %% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])),
+	    %% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])),
+						%	    ?match({ok, #'Certificate'{}},
+						%		   'OrberCSIv2':decode('Certificate', PeerCert)),
+ 	    ssl:close(Socket),
+ 	    ssl:close(LSock),
+ 	    ssl:stop(),
+ 	    ok
     end.
 
 %%-----------------------------------------------------------------
@@ -730,105 +736,105 @@ ssl_client_peercert_api(_Config) ->
 -ifdef(false).
 %% Not used yet.
 context_test(Obj) ->
-    IDToken1 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAbsent, 
+    IDToken1 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAbsent,
 				    value = true},
-    IDToken2 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAnonymous, 
+    IDToken2 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAnonymous,
 				    value = false},
-    IDToken3 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTPrincipalName, 
+    IDToken3 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTPrincipalName,
 				    value = [0,255]},
-    IDToken4 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTX509CertChain, 
+    IDToken4 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTX509CertChain,
 				    value = [1,255]},
-    IDToken5 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTDistinguishedName, 
+    IDToken5 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTDistinguishedName,
 				    value = [2,255]},
-    IDToken6 = #'CSI_IdentityToken'{label = ?ULONGMAX, 
+    IDToken6 = #'CSI_IdentityToken'{label = ?ULONGMAX,
 				    value = [3,255]},
 
     MTEstablishContext1 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken1, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken1,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext2 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken2, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken2,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext3 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken3, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken3,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext4 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken4, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken4,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext5 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken5, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken5,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext6 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken6, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken6,
 				       client_authentication_token = [1, 255]}},
     MTCompleteEstablishContext = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTCompleteEstablishContext, 
-       value = #'CSI_CompleteEstablishContext'{client_context_id = ?ULONGLONGMAX, 
+      {label = ?CSI_MsgType_MTCompleteEstablishContext,
+       value = #'CSI_CompleteEstablishContext'{client_context_id = ?ULONGLONGMAX,
 					       context_stateful = false,
 					       final_context_token = [1, 255]}},
     MTContextError = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTContextError, 
+      {label = ?CSI_MsgType_MTContextError,
        value = #'CSI_ContextError'{client_context_id = ?ULONGLONGMAX,
-				   major_status = 1, 
-				   minor_status = 2, 
+				   major_status = 1,
+				   minor_status = 2,
 				   error_token = [2,255]}},
     MTMessageInContext = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTMessageInContext, 
-       value = #'CSI_MessageInContext'{client_context_id = ?ULONGLONGMAX, 
+      {label = ?CSI_MsgType_MTMessageInContext,
+       value = #'CSI_MessageInContext'{client_context_id = ?ULONGLONGMAX,
 				       discard_context = true}},
-    Ctx = [#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+    Ctx = [#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext1},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext2},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext3},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext4},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext5},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext6},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTCompleteEstablishContext},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTContextError},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTMessageInContext}],
     ?line ?match(ok, orber_test_server:testing_iiop_context(Obj, [{context, Ctx}])).
 
@@ -836,7 +842,7 @@ context_test(Obj) ->
 fake_server_ORB(Type, Port, Options) ->
     start_ssl(Type),
     {ok, ListenSocket, NewPort} =
-	orber_socket:listen(Type, Port, 
+	orber_socket:listen(Type, Port,
 			    [{active, false}|Options]),
     Socket = orber_socket:accept(Type, ListenSocket),
     orber_socket:post_accept(Type, Socket),
@@ -846,7 +852,7 @@ fake_server_ORB(Type, Port, Options) ->
 
 fake_server_ORB(Type, Port, Options, Action, Data) ->
     start_ssl(Type),
-    {ok, ListenSocket, _NewPort} = 
+    {ok, ListenSocket, _NewPort} =
 	orber_socket:listen(Type, Port, [{active, false}|Options]),
     Socket = orber_socket:accept(Type, ListenSocket),
     orber_socket:post_accept(Type, Socket),
@@ -885,13 +891,13 @@ fake_client_ORB(Type, Host, Port, Options, Action, Data) ->
 do_client_action(Type, Socket, fragments, FragList) ->
     ok = send_data(Type, Socket, FragList),
     {ok, Bytes} = gen_tcp:recv(Socket, 0),
-    {#reply_header{request_id = ?REQUEST_ID, reply_status = no_exception}, ok, [Par]} = 
+    {#reply_header{request_id = ?REQUEST_ID, reply_status = no_exception}, ok, [Par]} =
 	cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
     Par;
 do_client_action(Type, Socket, fragments_max, FragList) ->
     ok = send_data(Type, Socket, FragList),
     {ok, Bytes} = gen_tcp:recv(Socket, 0),
-    {#reply_header{request_id = ?REQUEST_ID, reply_status = system_exception}, Exc, []} = 
+    {#reply_header{request_id = ?REQUEST_ID, reply_status = system_exception}, Exc, []} =
 	cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
     Exc;
 do_client_action(Type, Socket, message_error, Data) ->
@@ -916,4 +922,4 @@ send_data(_Type, _Socket, []) ->
 send_data(Type, Socket, [H|T]) ->
     orber_socket:write(Type, Socket, H),
     send_data(Type, Socket, T).
-    
+
diff --git a/lib/orber/test/multi_ORB_SUITE.erl b/lib/orber/test/multi_ORB_SUITE.erl
index b9453663c3..3c1ffd59d3 100644
--- a/lib/orber/test/multi_ORB_SUITE.erl
+++ b/lib/orber/test/multi_ORB_SUITE.erl
@@ -50,30 +50,33 @@
 %%-----------------------------------------------------------------
 %% External exports
 %%-----------------------------------------------------------------
--export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0, 
+-export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0,
 	 init_per_suite/1, end_per_suite/1, basic_PI_api/1, multi_orber_api/1,
-	 init_per_testcase/2, end_per_testcase/2, multi_pseudo_orber_api/1, 
-	 light_orber_api/1, light_orber2_api/1, 
+	 init_per_testcase/2, end_per_testcase/2, multi_pseudo_orber_api/1,
+	 light_orber_api/1, light_orber2_api/1,
 	 ssl_1_multi_orber_api/1, ssl_2_multi_orber_api/1, ssl_reconfigure_api/1,
 	 iiop_timeout_api/1, iiop_timeout_added_api/1, setup_connection_timeout_api/1,
 	 setup_multi_connection_timeout_api/1, setup_multi_connection_timeout_random_api/1,
 	 setup_multi_connection_timeout_attempts_api/1,
-	 fragments_server_api/1, fragments_max_server_api/1, 
+	 fragments_server_api/1, fragments_max_server_api/1,
 	 fragments_max_server_added_api/1, fragments_client_api/1,
 	 light_ifr_api/1, max_requests_api/1, max_requests_added_api/1,
-	 max_connections_api/1, max_packet_size_exceeded_api/1, 
+	 max_connections_api/1, max_packet_size_exceeded_api/1,
 	 max_packet_size_ok_api/1, proxy_interface_api/1, proxy_interface_ipv6_api/1,
 	 multiple_accept_api/1, implicit_context_api/1,
-	 pseudo_implicit_context_api/1, pseudo_two_implicit_context_api/1, 
+	 pseudo_implicit_context_api/1, pseudo_two_implicit_context_api/1,
 	 oneway_implicit_context_api/1, implicit_context_roundtrip_api/1,
 	 oneway_pseudo_implicit_context_api/1, flags_added_api/1,
-	 oneway_pseudo_two_implicit_context_api/1, 
+	 oneway_pseudo_two_implicit_context_api/1,
 	 local_interface_api/1, local_interface_ctx_override_api/1,
 	 local_interface_acl_override_api/1, bad_giop_header_api/1,
 	 bad_fragment_id_client_api/1, bad_id_cancel_request_api/1,
 	 close_connections_api/1, close_connections_local_interface_api/1,
-	 close_connections_local_interface_ctx_override_api/1, ssl_reconfigure_generation_3_api/1,
+	 close_connections_local_interface_ctx_override_api/1,
 	 ssl_1_multi_orber_generation_3_api/1, ssl_2_multi_orber_generation_3_api/1,
+	 ssl_reconfigure_generation_3_api/1,
+	 ssl_1_multi_orber_generation_3_api_old/1, ssl_2_multi_orber_generation_3_api_old/1,
+	 ssl_reconfigure_generation_3_api_old/1,
 	 close_connections_alt_iiop_addr_api/1, close_connections_multiple_profiles_api/1]).
 
 
@@ -84,15 +87,15 @@
 
 %%-----------------------------------------------------------------
 %% Func: all/1
-%% Args: 
-%% Returns: 
+%% Args:
+%% Returns:
 %%-----------------------------------------------------------------
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
-all() -> 
+all() ->
     cases().
 
-groups() -> 
+groups() ->
     [].
 
 init_per_group(_GroupName, Config) ->
@@ -105,7 +108,7 @@ end_per_group(_GroupName, Config) ->
 %% NOTE - the fragment test cases must be first since we explicitly set a request
 %% id. Otherwise, the request-id counter would be increased and we cannot know
 %% what it is.
-cases() -> 
+cases() ->
     [fragments_server_api, fragments_max_server_api,
      fragments_max_server_added_api, fragments_client_api,
      flags_added_api, bad_fragment_id_client_api,
@@ -134,21 +137,28 @@ cases() ->
      setup_multi_connection_timeout_attempts_api,
      setup_multi_connection_timeout_random_api,
      ssl_1_multi_orber_api,
+     ssl_1_multi_orber_generation_3_api_old,
      ssl_1_multi_orber_generation_3_api,
      ssl_2_multi_orber_api,
+     ssl_2_multi_orber_generation_3_api_old,
      ssl_2_multi_orber_generation_3_api,
-     ssl_reconfigure_generation_3_api, ssl_reconfigure_api].
+     ssl_reconfigure_api,
+     ssl_reconfigure_generation_3_api_old,
+     ssl_reconfigure_generation_3_api].
 
 %%-----------------------------------------------------------------
 %% Init and cleanup functions.
 %%-----------------------------------------------------------------
-init_per_testcase(TC,Config) 
+init_per_testcase(TC,Config)
   when TC =:= ssl_1_multi_orber_api;
        TC =:= ssl_2_multi_orber_api;
        TC =:= ssl_reconfigure_api ->
     init_ssl(Config);
-init_per_testcase(TC,Config) 
-  when TC =:= ssl_1_multi_orber_generation_3_api; 
+init_per_testcase(TC,Config)
+  when TC =:= ssl_1_multi_orber_generation_3_api_old;
+       TC =:= ssl_2_multi_orber_generation_3_api_old;
+       TC =:= ssl_reconfigure_generation_3_api_old;
+       TC =:= ssl_1_multi_orber_generation_3_api;
        TC =:= ssl_2_multi_orber_generation_3_api;
        TC =:= ssl_reconfigure_generation_3_api ->
     init_ssl_3(Config);
@@ -156,21 +166,31 @@ init_per_testcase(_Case, Config) ->
     init_all(Config).
 
 init_ssl(Config) ->
-    case orber_test_lib:ssl_version() of
-	no_ssl ->
-	    {skip,"SSL is not installed!"};
-	_ ->
-	    init_all(Config)
+    case  ?config(crypto_started, Config) of
+	true ->
+	    case orber_test_lib:ssl_version() of
+		no_ssl ->
+		    {skip, "SSL is not installed!"};
+		_ ->
+		    init_all(Config)
+	    end;
+	false ->
+	    {skip, "Crypto did not start"}
     end.
 
 init_ssl_3(Config) ->
-    case orber_test_lib:ssl_version() of
-	3 ->
-	    init_all(Config);
-	2 ->
-	    {skip,"Could not find the correct SSL version!"};
-	no_ssl ->
-	    {skip,"SSL is not installed!"}
+    case  ?config(crypto_started, Config) of
+	true ->
+	    case orber_test_lib:ssl_version() of
+		3 ->
+		    init_all(Config);
+		2 ->
+		    {skip, "Could not find the correct SSL version!"};
+		no_ssl ->
+		    {skip, "SSL is not installed!"}
+	    end;
+	false ->
+	    {skip, "Crypto did not start"}
     end.
 
 init_all(Config) ->
@@ -194,12 +214,18 @@ end_per_testcase(_Case, Config) ->
 init_per_suite(Config) ->
     if
 	is_list(Config) ->
-	    Config;
+            try crypto:start() of
+                ok ->
+		    [{crypto_started, true} | Config]
+            catch _:_ ->
+	       [{crypto_started, false} | Config]
+            end;
 	true ->
 	    exit("Config not a list")
     end.
 
 end_per_suite(Config) ->
+    application:stop(crypto),    
     Config.
 
 %%-----------------------------------------------------------------
@@ -211,238 +237,238 @@ implicit_context_api(suite) -> [];
 implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([])),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_call(Relay, 
+	   relay_call(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
-    
+
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
 
-implicit_context_roundtrip_api(doc) -> 
+implicit_context_roundtrip_api(doc) ->
     ["IIOP Implicit Contex roundtrip tests"];
 implicit_context_roundtrip_api(suite) -> [];
 implicit_context_roundtrip_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     Relay = ?match(#'IOP_IOR'{},
 		   corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     IOR = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [])),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_call(Relay, 
+	   relay_call(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
-    
 
-    
+
+
 oneway_implicit_context_api(doc) -> ["IIOP Implicit Contex oneway tests"];
 oneway_implicit_context_api(suite) -> [];
 oneway_implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([])),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_cast(Relay, 
+	   relay_cast(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
 
-    %% We must wait for a few seconds for the client to be able to set up the 
+    %% We must wait for a few seconds for the client to be able to set up the
     %% connection (since it's a oneway operation).
     timer:sleep(5000),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
 
-    
+
 pseudo_implicit_context_api(doc) -> ["IIOP Implicit Contex tests (via pseudo object)"];
 pseudo_implicit_context_api(suite) -> [];
 pseudo_implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{pseudo,true}])),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_call(Relay, 
+	   relay_call(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
-    
-pseudo_two_implicit_context_api(doc) -> 
+
+pseudo_two_implicit_context_api(doc) ->
     ["IIOP two Implicit Contex tests (via pseudo object)"];
 pseudo_two_implicit_context_api(suite) -> [];
 pseudo_two_implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{pseudo,true}])),
-    put(oe_server_in_context, 
-	[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
+    put(oe_server_in_context,
+	[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
 			       context_data = {interface,
 					       IP}}]),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_call(Relay, 
+	   relay_call(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
-    
+
 oneway_pseudo_implicit_context_api(doc) -> ["IIOP Implicit Contex tests (via pseudo object oneway)"];
 oneway_pseudo_implicit_context_api(suite) -> [];
 oneway_pseudo_implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{pseudo,true}])),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_cast(Relay, 
+	   relay_cast(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
-    
-oneway_pseudo_two_implicit_context_api(doc) -> 
+
+oneway_pseudo_two_implicit_context_api(doc) ->
     ["IIOP two Implicit Contex tests (via pseudo object oneway)"];
 oneway_pseudo_two_implicit_context_api(suite) -> [];
 oneway_pseudo_two_implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{pseudo,true}])),
     %% Add incoming implicit context which must be removed.
-    put(oe_server_in_context, 
-	[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
+    put(oe_server_in_context,
+	[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
 			       context_data = {interface,
 					       IP}}]),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_cast(Relay, 
+	   relay_cast(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
-    
+
 
 
 multiple_accept_api(doc) -> ["IIOP Multiple Accept tests"];
@@ -450,7 +476,7 @@ multiple_accept_api(suite) -> [];
 multiple_accept_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
@@ -461,84 +487,84 @@ multiple_accept_api(_Config) ->
 
     IOR1 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR1)),
     ?match([_], orber:iiop_connections(out)),
 
     {ok, Ref1} = ?match({ok, _},
-			orber_test_lib:remote_apply(ServerNode, orber, 
-						    add_listen_interface, 
+			orber_test_lib:remote_apply(ServerNode, orber,
+						    add_listen_interface,
 						    [Loopback, normal])),
 
     IOR2 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++Loopback++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR2)),
     ?match([_,_], orber:iiop_connections(out)),
 
     {ok, Ref2} = ?match({ok, _},
-			orber_test_lib:remote_apply(ServerNode, orber, 
-						    add_listen_interface, 
+			orber_test_lib:remote_apply(ServerNode, orber,
+						    add_listen_interface,
 						    [Loopback, normal, 9543])),
     ?match({error, eaddrinuse},
-	   orber_test_lib:remote_apply(ServerNode, orber, 
-				       add_listen_interface, 
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
 				       [Loopback, normal, 9543])),
 
     IOR3 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++Loopback++":9543/NameService")),
-    ?match({'external', {Loopback, 9543, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {Loopback, 9543, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR3)),
     ?match([_,_,_], orber:iiop_connections(out)),
 
-    ?match(ok, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       remove_listen_interface, [Ref1])),
     %% Wait a few seconds to be sure that the connections really has been removed.
     timer:sleep(4000),
     ?match([_,_], orber:iiop_connections(out)),
-    
-    ?match(ok, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       remove_listen_interface, [Ref2])),
     %% Wait a few seconds to be sure that the connections really has been removed.
     timer:sleep(4000),
     ?match([_], orber:iiop_connections(out)),
-    
+
     ?match({'EXCEPTION',_},
 	   corba:string_to_object("corbaloc::1.2@"++Loopback++":9543/NameService")),
     ?match({'EXCEPTION',_},
 	   corba:string_to_object("corbaloc::1.2@"++Loopback++":"++integer_to_list(ServerPort)++"/NameService")),
-   
+
     IOR4 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR4)),
 
     ok.
 
 
-proxy_interface_api(doc) -> ["IIOP Proxy Interface tests", 
+proxy_interface_api(doc) -> ["IIOP Proxy Interface tests",
 			     "This case test if the server ORB use the correct",
 			     "interface when exporting IOR:s"];
 proxy_interface_api(suite) -> [];
 proxy_interface_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR1 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR1)),
     IOR2 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++Loopback++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR2)),
     ok.
 
-proxy_interface_ipv6_api(doc) -> ["IIOP Proxy Interface tests", 
+proxy_interface_ipv6_api(doc) -> ["IIOP Proxy Interface tests",
 				  "This case test if the server ORB use the correct",
 				  "IPv6 interface when exporting IOR:s"];
 proxy_interface_ipv6_api(suite) -> [];
@@ -550,103 +576,103 @@ proxy_interface_ipv6_api(_Config) ->
 	    Reason
     end.
 
-proxy_interface_ipv6_api2() ->		    
+proxy_interface_ipv6_api2() ->
     Loopback = orber_test_lib:get_loopback_interface(inet6),
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor
 							  ?ORB_ENV_LOCAL_INTERFACE)}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
 
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_IPV6}])),
-    
+
     IP = orber_test_lib:remote_apply(ClientNode, orber_test_lib, get_host, []),
 
     IOR1 = ?match(#'IOP_IOR'{},
-		  orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+		  orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 					      ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])),
-    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   orber_test_lib:remote_apply(ClientNode, iop_ior, get_key, [IOR1])),
     IOR2 = ?match(#'IOP_IOR'{},
-		  orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+		  orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 					      ["corbaloc::1.2@"++Loopback++":"++integer_to_list(ServerPort)++"/NameService"])),
-    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   orber_test_lib:remote_apply(ClientNode, iop_ior, get_key, [IOR2])),
     ok.
 
-local_interface_api(doc) -> ["IIOP Local Interface tests", 
+local_interface_api(doc) -> ["IIOP Local Interface tests",
 			     "This case test if the server ORB use the correct",
 			     "local interface when connecting to another ORB"];
 local_interface_api(suite) -> [];
 local_interface_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address_local, Loopback}])),
     Port = orber:iiop_port(),
     ?match(#'IOP_IOR'{},
-	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 				       ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService"])),
-    [{Loopback, RemotePort}] = 
+    [{Loopback, RemotePort}] =
 	?match([{Loopback,_RemotePort}], orber:iiop_connections(in)),
 
-    ?match([{IP, Port}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
     ?match([{IP, Port}], orber:find_sockname_by_peername(Loopback,RemotePort)),
     ?match([{Loopback, RemotePort}], orber:find_peername_by_sockname(IP, Port)),
 
-    ?match([{Loopback, RemotePort}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_sockname_by_peername, 
+    ?match([{Loopback, RemotePort}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_sockname_by_peername,
 				       [IP, Port])),
-    ?match([{IP, Port}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_peername_by_sockname, 
+    ?match([{IP, Port}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_peername_by_sockname,
 				       [Loopback,RemotePort])),
 
 
     ok.
 
-local_interface_ctx_override_api(doc) -> 
-    ["IIOP Local Interface tests", 
+local_interface_ctx_override_api(doc) ->
+    ["IIOP Local Interface tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 local_interface_ctx_override_api(suite) -> [];
 local_interface_ctx_override_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address_local, IP}])),
     Port = orber:iiop_port(),
     ?match(#'IOP_IOR'{},
-	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 				       ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService",
 					[#'IOP_ServiceContext'
-					 {context_id=?ORBER_GENERIC_CTX_ID, 
+					 {context_id=?ORBER_GENERIC_CTX_ID,
 					  context_data = {interface, Loopback}}]])),
-    [{Loopback, RemotePort}] = 
+    [{Loopback, RemotePort}] =
 	?match([{Loopback,_RemotePort}], orber:iiop_connections(in)),
 
-    ?match([{IP, Port, Loopback}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port, Loopback}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
     ?match([{IP, Port}], orber:find_sockname_by_peername(Loopback,RemotePort)),
     ?match([{Loopback, RemotePort}], orber:find_peername_by_sockname(IP, Port)),
 
-    ?match([{Loopback, RemotePort}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_sockname_by_peername, 
+    ?match([{Loopback, RemotePort}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_sockname_by_peername,
 				       [IP, Port])),
-    ?match([{IP, Port}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_peername_by_sockname, 
+    ?match([{IP, Port}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_peername_by_sockname,
 				       [Loopback,RemotePort])),
 
     ok.
 
-local_interface_acl_override_api(doc) -> 
-    ["IIOP Local Interface tests", 
+local_interface_acl_override_api(doc) ->
+    ["IIOP Local Interface tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 local_interface_acl_override_api(suite) -> [];
@@ -654,74 +680,74 @@ local_interface_acl_override_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
     ACL = [{tcp_out, IP ++ "/18", [Loopback]}],
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address_local, IP},
 						 {iiop_acl, ACL},
 						 {flags, ?ORB_ENV_USE_ACL_OUTGOING}])),
     Port = orber:iiop_port(),
     ?match(#'IOP_IOR'{},
-	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 				       ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService",
 					[#'IOP_ServiceContext'
-					 {context_id=?ORBER_GENERIC_CTX_ID, 
+					 {context_id=?ORBER_GENERIC_CTX_ID,
 					  context_data = {interface, IP}}]])),
     ?match([{Loopback,_RemotePort}], orber:iiop_connections(in)),
     ?match(#'IOP_IOR'{},
-	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 				       ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService"])),
 
-    [{Loopback, RemotePort}] = 
+    [{Loopback, RemotePort}] =
 	?match([{Loopback,_RemotePort}], orber:iiop_connections(in)),
-    ?match([{IP, Port, IP}], orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port, IP}], orber_test_lib:remote_apply(ClientNode, orber,
 							 iiop_connections, [out])),
     ?match([{IP, Port}], orber:find_sockname_by_peername(Loopback,RemotePort)),
     ?match([{Loopback, RemotePort}], orber:find_peername_by_sockname(IP, Port)),
 
-    ?match([{Loopback, RemotePort}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_sockname_by_peername, 
+    ?match([{Loopback, RemotePort}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_sockname_by_peername,
 				       [IP, Port])),
-    ?match([{IP, Port}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_peername_by_sockname, 
+    ?match([{IP, Port}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_peername_by_sockname,
 				       [Loopback,RemotePort])),
 
     ok.
 
 
-iiop_timeout_api(doc) -> ["IIOP TIMEOUT API tests", 
+iiop_timeout_api(doc) -> ["IIOP TIMEOUT API tests",
 			 "This case test if timeout configuration behaves correctly"];
 iiop_timeout_api(suite) -> [];
 iiop_timeout_api(_Config) ->
-    
+
     %% Install two secure orber.
-    {ok, ClientNode, ClientHost} = 
+    {ok, ClientNode, ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{iiop_timeout, 6},
 						 {iiop_connection_timeout, 3},
 						 {iiop_in_connection_timeout, 3}])),
     ClientPort = orber_test_lib:remote_apply(ClientNode, orber, iiop_port, []),
-    
-    {ok, ServerNode, ServerHost} = 
+
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{iiop_timeout, 6},
 						 {iiop_connection_timeout, 3},
 						 {iiop_in_connection_timeout, 12}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [timeout])),
 
-    %% Tell client_orb to interoperate with server_orb. 
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
+    %% Tell client_orb to interoperate with server_orb.
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
 					   lookup,
 					   [ServerHost, ServerPort])),
     %% Interop worked fine, perform delay tests.
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
 					   timeouts,
 					   [ServerHost, ServerPort, 6000])),
-    
+
     %% Create a connection to the "client_orb", which will now act as server.
-    ?match({'IOP_IOR',_,_}, 
+    ?match({'IOP_IOR',_,_},
 	   corba:string_to_object("corbaloc::1.2@"++ClientHost++":"++integer_to_list(ClientPort)++"/NameService")),
     %% Check that the connection is established.
     ?match([{_, ClientPort}], orber:iiop_connections(out)),
@@ -729,13 +755,13 @@ iiop_timeout_api(_Config) ->
     %% have been closed.
     timer:sleep(8000),
     ?match([], orber:iiop_connections(out)),
-    
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   uninstall_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
 					   [timeout])),
     ok.
 
-iiop_timeout_added_api(doc) -> ["IIOP TIMEOUT API tests", 
+iiop_timeout_added_api(doc) -> ["IIOP TIMEOUT API tests",
 			 "This case test if timeout configuration behaves correctly"];
 iiop_timeout_added_api(suite) -> [];
 iiop_timeout_added_api(_Config) ->
@@ -743,18 +769,18 @@ iiop_timeout_added_api(_Config) ->
     {ok, Node, _Host} = ?match({ok,_,_}, orber_test_lib:js_node([])),
     Port = 1 + orber_test_lib:remote_apply(Node, orber, iiop_port, []),
     ?match({ok, _},
-	   orber_test_lib:remote_apply(Node, orber, 
-				       add_listen_interface, 
-				       [IP, normal, 
+	   orber_test_lib:remote_apply(Node, orber,
+				       add_listen_interface,
+				       [IP, normal,
 					[{iiop_in_connection_timeout, 3},
 					 {flags, ?ORB_ENV_LOCAL_INTERFACE},
 					 {iiop_port, Port}]])),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [timeout])),
 
-    ?match({'IOP_IOR',_,_}, 
+    ?match({'IOP_IOR',_,_},
 	   corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService")),
     %% Check that the connection is established.
     ?match([{_, Port}], orber:iiop_connections(out)),
@@ -762,9 +788,9 @@ iiop_timeout_added_api(_Config) ->
     %% have been closed.
     timer:sleep(8000),
     ?match([], orber:iiop_connections(out)),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   uninstall_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   uninstall_test_data,
 					   [timeout])),
     ok.
 
@@ -772,27 +798,27 @@ iiop_timeout_added_api(_Config) ->
 %%  API tests for ORB to ORB using pseudo call/cast, no security
 %%-----------------------------------------------------------------
 
-multi_pseudo_orber_api(doc) -> 
-    ["MULTI ORB PSEUDO API tests", 
+multi_pseudo_orber_api(doc) ->
+    ["MULTI ORB PSEUDO API tests",
      "This case test if data encode/decode (IIOP) for pseudo objects",
      "produce the correct result, i.e., the test_server echos",
      "the input parameter or an exception is raised (MARSHAL)."];
 multi_pseudo_orber_api(suite) -> [];
 multi_pseudo_orber_api(_Config) ->
     %% --- Create a slave-node ---
-    {ok, Node, Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node()),    
+    {ok, Node, Host} =
+	?match({ok,_,_}, orber_test_lib:js_node()),
     Port = orber_test_lib:remote_apply(Node, orber, iiop_port, []),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [pseudo])),
-    
+
     NSR = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_},
 		 corba:string_to_object("corbaloc::1.1@"++Host++":"++
 					integer_to_list(Port)++"/NameService")),
-    Obj = 
-	?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj =
+	?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 	       'CosNaming_NamingContext':resolve(NSR, lname:new(["mamba"]))),
     orber_test_lib:corba_object_tests(Obj, NSR),
 
@@ -809,11 +835,11 @@ multi_pseudo_orber_api(_Config) ->
     orber_test_lib:test_coding(Obj),
 
     %% Test if exit is handled properly.
-    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}}, 
+    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}},
 	   orber_test_server:stop_brutal(Obj)),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   uninstall_test_data,
 					   [pseudo])),
     ok.
 
@@ -821,77 +847,77 @@ multi_pseudo_orber_api(_Config) ->
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB with local flags definition set.
 %%-----------------------------------------------------------------
-flags_added_api(doc) -> 
+flags_added_api(doc) ->
     ["MULTI ORB PSEUDO with local flags definition set"];
 flags_added_api(suite) -> [];
 flags_added_api(_Config) ->
     %% --- Create a slave-node ---
     IP = orber_test_lib:get_host(),
-    {ok, Node, _Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node([])),    
+    {ok, Node, _Host} =
+	?match({ok,_,_}, orber_test_lib:js_node([])),
     Port = 1 + orber_test_lib:remote_apply(Node, orber, iiop_port, []),
     ?match({ok, _},
-	   orber_test_lib:remote_apply(Node, orber, 
-				       add_listen_interface, 
-				       [IP, normal, 
+	   orber_test_lib:remote_apply(Node, orber,
+				       add_listen_interface,
+				       [IP, normal,
 					[{flags, (?ORB_ENV_LOCAL_INTERFACE bor
 						  ?ORB_ENV_EXCLUDE_CODESET_COMPONENT)},
 					 {iiop_port, Port}]])),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 install_test_data,
 						 [pseudo])),
     Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		       corba:string_to_object("corbaname::1.1@"++IP++":"++
 					      integer_to_list(Port)++"/NameService#mamba")),
-    ?match({'external', {IP, Port, _ObjectKey, _Counter, 
-			 #'IOP_TaggedProfile'{tag=?TAG_INTERNET_IOP, 
-					      profile_data= 
-					      #'IIOP_ProfileBody_1_1'{components=[]}}, 
-			 _NewHD}}, 
+    ?match({'external', {IP, Port, _ObjectKey, _Counter,
+			 #'IOP_TaggedProfile'{tag=?TAG_INTERNET_IOP,
+					      profile_data=
+					      #'IIOP_ProfileBody_1_1'{components=[]}},
+			 _NewHD}},
 	   iop_ior:get_key(Obj)),
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 uninstall_test_data,
 						 [pseudo])),
 
     ok.
 
 
-					 
+
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB with limited concurrent requests
 %%-----------------------------------------------------------------
-max_requests_api(doc) -> 
+max_requests_api(doc) ->
     ["MULTI ORB PSEUDO with limited concurrent requests tests"];
 max_requests_api(suite) -> [];
 max_requests_api(_Config) ->
     %% --- Create a slave-node ---
-    {ok, Node, Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{iiop_max_in_requests, 1}])),    
+    {ok, Node, Host} =
+	?match({ok,_,_}, orber_test_lib:js_node([{iiop_max_in_requests, 1}])),
     Port = orber_test_lib:remote_apply(Node, orber, iiop_port, []),
     max_requests(Node, Host, Port).
 
-max_requests_added_api(doc) -> 
+max_requests_added_api(doc) ->
     ["MULTI ORB PSEUDO with limited concurrent requests tests"];
 max_requests_added_api(suite) -> [];
 max_requests_added_api(_Config) ->
     %% --- Create a slave-node ---
     [IP] = ?match([_], orber:host()),
-    {ok, Node, _Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node([])),    
+    {ok, Node, _Host} =
+	?match({ok,_,_}, orber_test_lib:js_node([])),
     Port = 1 + orber_test_lib:remote_apply(Node, orber, iiop_port, []),
     ?match({ok, _},
-	   orber_test_lib:remote_apply(Node, orber, 
-				       add_listen_interface, 
-				       [IP, normal, 
+	   orber_test_lib:remote_apply(Node, orber,
+				       add_listen_interface,
+				       [IP, normal,
 					[{iiop_max_in_requests, 1},
 					 {flags, ?ORB_ENV_LOCAL_INTERFACE},
 					 {iiop_port, Port}]])),
     max_requests(Node, IP, Port).
 
-max_requests(Node, Host, Port) ->    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 install_test_data, 
+max_requests(Node, Host, Port) ->
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 install_test_data,
 						 [pseudo])),
     Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		       corba:string_to_object("corbaname::1.1@"++Host++":"++
@@ -899,7 +925,7 @@ max_requests(Node, Host, Port) ->
 
     %% Can we even contact the object?
     ?match(ok, orber_test_server:print(Obj)),
-    
+
     %% Invoke one blocking call followed by several invokations.
     spawn(orber_test_server, pseudo_call_delay, [Obj, 15000]),
     %% Wait for a second to be sure that the previous request has been sent
@@ -912,8 +938,8 @@ max_requests(Node, Host, Port) ->
     %% allow one request at a time to the target ORB.
     ?match(true, (MegaSecsB + (Before+8)*1000000) < (MegaSecsA + After*1000000)),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 uninstall_test_data,
 						 [pseudo])),
 
     ok.
@@ -921,17 +947,17 @@ max_requests(Node, Host, Port) ->
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB with limited concurrent connections
 %%-----------------------------------------------------------------
-max_connections_api(doc) -> 
+max_connections_api(doc) ->
     ["MULTI ORB PSEUDO with limited concurrent connections tests"];
 max_connections_api(suite) -> [];
 max_connections_api(_Config) ->
     %% --- Create a slave-node ---
-    {ok, ServerNode, ServerHost} = 
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{iiop_backlog, 0},
 						 {iiop_max_in_connections, 2}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-						 install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+						 install_test_data,
 						 [nameservice])),
 
     %% Claim connection 1 & 2
@@ -939,26 +965,26 @@ max_connections_api(_Config) ->
 		       corba:string_to_object("corbaname::1.2@"++ServerHost++":"++
 					      integer_to_list(ServerPort)++"/NameService#mamba")),
     %% Claim backlog
-    {ok, ClientNode, _ClientHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node()),    
+    {ok, ClientNode, _ClientHost} =
+	?match({ok,_,_}, orber_test_lib:js_node()),
 
     spawn(ClientNode, orber_test_server, print, [Obj]),
     timer:sleep(5000),
     ?match([_], orber_test_lib:remote_apply(ClientNode, orber,
 						  iiop_connections, [])),
-    
+
     %% Try to connect. Should fail. Due to the behavior of different TCP stacks, backlog 1
     %% might not be the precise value. Hence, we also need to define the iiop_timeout. Otherwise
     %% this test case will fail. For the same reason we must GC this connection.
-    {ok, ClientNodeII, _ClientHostII} = 
+    {ok, ClientNodeII, _ClientHostII} =
 	?match({ok,_,_}, orber_test_lib:js_node([{iiop_setup_connection_timeout, 5},
 						 {iiop_timeout, 5},
 						 {iiop_connection_timeout, 8}])),
 
-    ?match({'EXCEPTION', _}, 
-	   orber_test_lib:remote_apply(ClientNodeII, orber_test_server, 
+    ?match({'EXCEPTION', _},
+	   orber_test_lib:remote_apply(ClientNodeII, orber_test_server,
 				       testing_iiop_string, [Obj, "Fail"])),
-    
+
     %% Remove 2 connections. We need to wait a moment so that both sides has detected it.
     timer:sleep(5000),
     ?match([_,_], orber:iiop_connections()),
@@ -968,23 +994,23 @@ max_connections_api(_Config) ->
     ?match(ok, orber_iiop_pm:close_connection([{Host, Port}])),
     timer:sleep(5000),
     ?match([], orber:iiop_connections()),
-    
+
     ?match([_], orber_test_lib:remote_apply(ClientNode, orber,
 					    iiop_connections, [])),
 
     ?match([], orber_test_lib:remote_apply(ClientNodeII, orber,
 					   iiop_connections, [])),
 
-    ?match({ok, "OK"}, 
-	   orber_test_lib:remote_apply(ClientNodeII, orber_test_server, 
+    ?match({ok, "OK"},
+	   orber_test_lib:remote_apply(ClientNodeII, orber_test_server,
 				       testing_iiop_string, [Obj, "OK"])),
-    
+
     timer:sleep(4000),
     ?match([_], orber_test_lib:remote_apply(ClientNodeII, orber,
 					    iiop_connections, [])),
 
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+						 uninstall_test_data,
 						 [pseudo])),
 
     ok.
@@ -993,18 +1019,18 @@ max_connections_api(_Config) ->
 %%-----------------------------------------------------------------
 %%  API tests for terminating connection by using an IOR.
 %%-----------------------------------------------------------------
-close_connections_api(doc) -> 
+close_connections_api(doc) ->
     ["Close outgoing connection "];
 close_connections_api(suite) -> [];
 close_connections_api(_Config) ->
     %% --- Create a slave-node ---
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IP = orber_test_lib:get_host(),
@@ -1028,108 +1054,108 @@ close_connections_api(_Config) ->
     ok.
 
 
-close_connections_local_interface_api(doc) -> 
-    ["IIOP Local Interface disconnect tests", 
+close_connections_local_interface_api(doc) ->
+    ["IIOP Local Interface disconnect tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 close_connections_local_interface_api(suite) -> [];
 close_connections_local_interface_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address_local, Loopback}])),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address, IP}])),
     Port = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
-		 orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+		 orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 					     ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService"])),
 
     %% Check that the connnection is up and running using the default interface
-    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber,
 								 iiop_connections, [in])),
-    ?match([{IP, Port}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
     %% Try to close the connection
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber,
 					   close_connection, [IOR])),
     %% Wait a moment so that both sides has detected it.
     timer:sleep(5000),
     %% Now the connection shall be gone.
-    ?match([], orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ClientNode, orber,
 					   iiop_connections, [out])),
-    ?match([], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ServerNode, orber,
 					   iiop_connections, [in])),
 
     ok.
 
-close_connections_local_interface_ctx_override_api(doc) -> 
-    ["IIOP Local Interface disconnect tests", 
+close_connections_local_interface_ctx_override_api(doc) ->
+    ["IIOP Local Interface disconnect tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 close_connections_local_interface_ctx_override_api(suite) -> [];
 close_connections_local_interface_ctx_override_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address_local, IP},
 						 {ip_address, IP}])),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address, IP}])),
     Port = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
-		 orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+		 orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 					     ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService",
 					      [#'IOP_ServiceContext'
-					       {context_id=?ORBER_GENERIC_CTX_ID, 
+					       {context_id=?ORBER_GENERIC_CTX_ID,
 						context_data = {interface, Loopback}}]])),
 
     timer:sleep(2000),
     %% Check that the connnection is up and running using the default interface
-    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber,
 								 iiop_connections, [in])),
-    
-    ?match([{IP, Port, Loopback}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+
+    ?match([{IP, Port, Loopback}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
     %% Try to close not supplying the interface.
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber,
 					   close_connection, [IOR])),
-    
+
     timer:sleep(2000),
     %% The connection shall still be up and running
-    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber,
 								 iiop_connections, [in])),
-    ?match([{IP, Port, Loopback}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port, Loopback}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
     %% Try to close not supplying the interface.
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber,
 					   close_connection, [IOR, IP])),
 
-    timer:sleep(2000),    
+    timer:sleep(2000),
     %% The connection shall still be up and running
-    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber,
 								 iiop_connections, [in])),
-    ?match([{IP, Port, Loopback}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port, Loopback}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
-    
+
     %% Try to close supplying the correct interface.
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber,
 					   close_connection, [IOR, Loopback])),
     %% Wait a moment so that both sides has detected it.
     timer:sleep(5000),
     %% Now the connection shall be gone.
-    ?match([], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ServerNode, orber,
 					   iiop_connections, [in])),
-    ?match([], orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ClientNode, orber,
 					   iiop_connections, [out])),
     ok.
 
-close_connections_alt_iiop_addr_api(doc) -> 
-    ["IIOP alternate address disconnect tests", 
+close_connections_alt_iiop_addr_api(doc) ->
+    ["IIOP alternate address disconnect tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 close_connections_alt_iiop_addr_api(suite) -> [];
@@ -1137,12 +1163,12 @@ close_connections_alt_iiop_addr_api(_Config) ->
     %% --- Create a slave-node ---
     Loopback = orber_test_lib:get_loopback_interface(),
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{giop_version, {1, 2}},
 						 {ip_address, {multiple, [IP, Loopback]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [{nameservice, Loopback, ServerPort}])),
     %% Create two connections
     Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
@@ -1151,25 +1177,25 @@ close_connections_alt_iiop_addr_api(_Config) ->
     ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 	   corba:string_to_object("corbaname::1.2@"++Loopback++":"++
 				  integer_to_list(ServerPort)++"/NameService#mamba")),
-    timer:sleep(2000),    
+    timer:sleep(2000),
     %% The connection shall still be up and running
     ?match([{_,_}, {_,_}], orber:iiop_connections(out)),
     ?match([{_,_}, {_,_}],
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       iiop_connections, [in])),
-    
+
     %% Try to close the connection
     ?match(ok, orber:close_connection(Obj)),
     %% Wait a moment so that both sides has detected it.
     timer:sleep(5000),
     %% Now the connections shall be gone.
     ?match([], orber:iiop_connections(out)),
-    ?match([], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ServerNode, orber,
 					   iiop_connections, [in])),
     ok.
 
-close_connections_multiple_profiles_api(doc) -> 
-    ["IIOP alternate address disconnect tests", 
+close_connections_multiple_profiles_api(doc) ->
+    ["IIOP alternate address disconnect tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 close_connections_multiple_profiles_api(suite) -> [];
@@ -1177,11 +1203,11 @@ close_connections_multiple_profiles_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
     %% --- Create a slave-node ---
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{ip_address, 
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([{ip_address,
 						  {multiple, [Loopback, IP]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
 					   install_test_data, [nameservice])),
     %% Create two connections
     Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
@@ -1193,23 +1219,23 @@ close_connections_multiple_profiles_api(_Config) ->
     %% The connection shall still be up and running
     ?match([{_,_}, {_,_}], orber:iiop_connections(out)),
     ?match([{_,_}, {_,_}],
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       iiop_connections, [in])),
-    
+
     %% Try to close the connection
     ?match(ok, orber:close_connection(Obj)),
     %% Wait a moment so that both sides has detected it.
     timer:sleep(5000),
     %% Now the connections shall be gone.
     ?match([], orber:iiop_connections(out)),
-    ?match([], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ServerNode, orber,
 					   iiop_connections, [in])),
     ok.
 
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB with iiop_packet_size set
 %%-----------------------------------------------------------------
-max_packet_size_exceeded_api(doc) -> 
+max_packet_size_exceeded_api(doc) ->
     ["Exceed the maximum request size"];
 max_packet_size_exceeded_api(suite) -> [];
 max_packet_size_exceeded_api(_Config) ->
@@ -1219,11 +1245,11 @@ max_packet_size_exceeded_api(_Config) ->
 	{ok, LS} ->
 	    (catch gen_tcp:close(LS)),
 	    %% --- Create a slave-node ---
-	    {ok, ServerNode, ServerHost} = 
+	    {ok, ServerNode, ServerHost} =
 		?match({ok,_,_}, orber_test_lib:js_node([{iiop_packet_size, 1}])),
 	    ServerPort = orber_test_lib:remote_apply(ServerNode, orber,
 						     iiop_port, []),
-	    ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 
+	    ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}},
 		   corba:string_to_object("corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService")),
 	    ok
     end.
@@ -1231,7 +1257,7 @@ max_packet_size_exceeded_api(_Config) ->
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB with iiop_packet_size set
 %%-----------------------------------------------------------------
-max_packet_size_ok_api(doc) -> 
+max_packet_size_ok_api(doc) ->
     ["Not exceed the maximum request size"];
 max_packet_size_ok_api(suite) -> [];
 max_packet_size_ok_api(_Config) ->
@@ -1241,7 +1267,7 @@ max_packet_size_ok_api(_Config) ->
 	{ok, LS} ->
 	    (catch gen_tcp:close(LS)),
 	    %% --- Create a slave-node ---
-	    {ok, ServerNode, ServerHost} = 
+	    {ok, ServerNode, ServerHost} =
 		?match({ok,_,_}, orber_test_lib:js_node([{iiop_packet_size, 5000}])),
 	    ServerPort = orber_test_lib:remote_apply(ServerNode, orber,
 						     iiop_port, []),
@@ -1251,7 +1277,7 @@ max_packet_size_ok_api(_Config) ->
     end.
 
 
- 
+
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB, no security
 %%-----------------------------------------------------------------
@@ -1259,49 +1285,49 @@ max_packet_size_ok_api(_Config) ->
 light_ifr_api(doc) -> ["LIGHT IFR ORB API tests"];
 light_ifr_api(suite) -> [];
 light_ifr_api(_Config) ->
-    
-    {ok, ClientNode, _ClientHost} = 
+
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, 128}])),
 
     ?match([_,_,_,_], orber_test_lib:remote_apply(ClientNode, orber, get_tables, [])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
-                                                 install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
+                                                 install_test_data,
                                                  [nameservice])),
 
 
-    {ok, ServerNode, ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{flags, 128}])),    
+    {ok, ServerNode, ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([{flags, 128}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     ?match([_,_,_,_], orber_test_lib:remote_apply(ServerNode, orber, get_tables, [])),
 
-    Obj = ?match({'IOP_IOR',_,_}, 
+    Obj = ?match({'IOP_IOR',_,_},
 		 corba:string_to_object("corbaname::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
     ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, test_coding, [Obj])),
 
     ?match(0, orber_test_lib:remote_apply(ClientNode, orber_diagnostics, missing_modules, [])),
 
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write,
 					   [#orber_light_ifr{id = "FakeId1",
-							     module=non_existing, 
+							     module=non_existing,
 							     type=?IFR_StructDef}])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write,
 					   [#orber_light_ifr{id = "FakeId2",
-							     module=non_existing, 
+							     module=non_existing,
 							     type=?IFR_UnionDef}])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write,
 					   [#orber_light_ifr{id = "FakeId3",
-							     module=non_existing, 
+							     module=non_existing,
 							     type=?IFR_ExceptionDef}])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write,
 					   [#orber_light_ifr{id = "FakeId4",
-							     module=non_existing, 
+							     module=non_existing,
 							     type=?IFR_InterfaceDef}])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write,
 					   [#orber_light_ifr{id = "FakeId5",
-							     module=orber_test_lib, 
+							     module=orber_test_lib,
 							     type=?IFR_InterfaceDef}])),
     ?match(5, orber_test_lib:remote_apply(ClientNode, orber_diagnostics, missing_modules, [])),
 
@@ -1316,14 +1342,14 @@ light_ifr_api(_Config) ->
 							 absolute_name="::Module::NonExisting"})),
     ?match(ok, mnesia:dirty_write(#ir_InterfaceDef{ir_Internal_ID = "FakedIId5",
 							 absolute_name="::orber::test::lib"})),
-    
+
     ?match(5, orber_diagnostics:missing_modules()),
 
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+						 uninstall_test_data,
 						 [nameservice])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
+						 uninstall_test_data,
 						 [nameservice])),
     ok.
 
@@ -1331,23 +1357,23 @@ light_ifr_api(_Config) ->
 %%  API tests for ORB to ORB, no security
 %%-----------------------------------------------------------------
 
-light_orber_api(doc) -> ["LIGHT ORB API tests", 
+light_orber_api(doc) -> ["LIGHT ORB API tests",
 			 "This case test if a light Orber can communicate correctly",
 			 "with an fully installed Orber."];
 light_orber_api(suite) -> [];
 light_orber_api(_Config) ->
     %% --- Create a slave-node ---
     LocalHost = net_adm:localhost(),
-    {ok, Node, _Host} = 
+    {ok, Node, _Host} =
 	?match({ok,_,_}, orber_test_lib:js_node([{lightweight, ["iiop://"++LocalHost++":"++integer_to_list(orber:iiop_port())]}],
 						lightweight)),
     ?match(ok, orber:info(io)),
     ?match([_], orber_test_lib:remote_apply(Node, orber_env, get_lightweight_nodes,[])),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 install_test_data,
 						 [light])),
-    
+
     Obj1=(catch orber_test_server:oe_create(state,[{pseudo,true}])),
     ?match({_,pseudo,orber_test_server_impl, _,_, _}, Obj1),
     Obj2=(catch orber_test_server:oe_create(state,[])),
@@ -1357,11 +1383,11 @@ light_orber_api(_Config) ->
     'CosNaming_NamingContext':bind(NS, lname:new(["mamba"]), Obj1),
     'CosNaming_NamingContext':bind(NS, lname:new(["viper"]), Obj2),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
 					   light_tests,
 					   [LocalHost,
 					    orber:iiop_port(), "viper"])),
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
 					   light_tests,
 					   [LocalHost,
 					    orber:iiop_port(), "mamba"])),
@@ -1370,17 +1396,17 @@ light_orber_api(_Config) ->
 
     catch corba:dispose(Obj1),
     catch corba:dispose(Obj2),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 uninstall_test_data,
 						 [light])),
     ok.
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB, no security
 %%-----------------------------------------------------------------
 
-light_orber2_api(doc) -> ["LIGHT ORB API tests", 
+light_orber2_api(doc) -> ["LIGHT ORB API tests",
 			 "This case test if a light Orber can communicate correctly",
 			 "with an fully installed Orber. This case test if we can",
 			 "start as lightweight without first setting the environment",
@@ -1389,16 +1415,16 @@ light_orber2_api(suite) -> [];
 light_orber2_api(_Config) ->
     %% --- Create a slave-node ---
     LocalHost = net_adm:localhost(),
-    {ok, Node, _Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node([], 
+    {ok, Node, _Host} =
+	?match({ok,_,_}, orber_test_lib:js_node([],
 						{lightweight, ["iiop://"++LocalHost++":"++integer_to_list(orber:iiop_port())]})),
     ?match(ok, orber:info(io)),
     ?match([_], orber_test_lib:remote_apply(Node, orber_env, get_lightweight_nodes,[])),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [light])),
-    
+
     Obj1=(catch orber_test_server:oe_create(state,[{pseudo,true}])),
     ?match({_,pseudo,orber_test_server_impl, _,_, _}, Obj1),
     Obj2=(catch orber_test_server:oe_create(state,[])),
@@ -1407,12 +1433,12 @@ light_orber2_api(_Config) ->
     NS  = corba:resolve_initial_references("NameService"),
     'CosNaming_NamingContext':bind(NS, lname:new(["mamba"]), Obj1),
     'CosNaming_NamingContext':bind(NS, lname:new(["viper"]), Obj2),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
 					   light_tests,
 					   [LocalHost,
 					    orber:iiop_port(), "viper"])),
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
 					   light_tests,
 					   [LocalHost,
 					    orber:iiop_port(), "mamba"])),
@@ -1421,10 +1447,10 @@ light_orber2_api(_Config) ->
 
     catch corba:dispose(Obj1),
     catch corba:dispose(Obj2),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   uninstall_test_data,
 					   [light])),
     ok.
 
@@ -1432,13 +1458,13 @@ light_orber2_api(_Config) ->
 %%  API tests for ORB to ORB, no security
 %%-----------------------------------------------------------------
 
-multi_orber_api(doc) -> ["MULTI ORB API tests", 
+multi_orber_api(doc) -> ["MULTI ORB API tests",
 			 "This case test if data encode/decode (IIOP)",
 			 "produce the correct result, i.e., the test_server echos",
 			 "the input parameter or an exception is raised (MARSHAL)."];
 multi_orber_api(suite) -> [];
 multi_orber_api(_Config) ->
-    
+
     NewICObj1 = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([])),
     NewICObj2 = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{regname, {local, newic2}}])),
     NewICObj3 = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{regname, {global, newic3}}])),
@@ -1448,34 +1474,34 @@ multi_orber_api(_Config) ->
     catch corba:dispose(NewICObj1),
     catch corba:dispose(NewICObj2),
     catch corba:dispose(NewICObj3),
-    
+
     %% --- Create a slave-node ---
-    {ok, Node, Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node()),    
+    {ok, Node, Host} =
+	?match({ok,_,_}, orber_test_lib:js_node()),
     Port = orber_test_lib:remote_apply(Node, orber, iiop_port, []),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
-    
+
     NSR = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_},
 		 corba:string_to_object("corbaloc::1.2@"++Host++":"++
 					integer_to_list(Port)++"/NameService")),
-    
+
     ?match({'EXCEPTION',{'CosNaming_NamingContext_NotFound',_,_,_}},
 	   'CosNaming_NamingContext':resolve(NSR, lname:new(["not_exist"]))),
 
-    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		 'CosNaming_NamingContext':resolve(NSR, lname:new(["mamba"]))),
     ?match(ok, orber_test_server:print(Obj)),
 
-    Obj12B = ?match({'IOP_IOR',_,_}, 
+    Obj12B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.2@"++Host++":"++integer_to_list(Port)++"/Mamba")),
-    
-    Obj11B = ?match({'IOP_IOR',_,_}, 
+
+    Obj11B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.1@"++Host++":"++integer_to_list(Port)++"/Mamba")),
 
-    Obj10B = ?match({'IOP_IOR',_,_}, 
+    Obj10B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.0@"++Host++":"++integer_to_list(Port)++"/Mamba")),
 
     context_test(Obj12B),
@@ -1484,7 +1510,7 @@ multi_orber_api(_Config) ->
     ?match(ok, orber_test_server:print(Obj12B)),
     ?match(ok, orber_test_server:print(Obj11B)),
     ?match(ok, orber_test_server:print(Obj10B)),
-    ?match({'EXCEPTION',{'CosNaming_NamingContextExt_InvalidAddress',_}}, 
+    ?match({'EXCEPTION',{'CosNaming_NamingContextExt_InvalidAddress',_}},
 	   corba:string_to_object("corbaloc::1.0@"++Host++":"++integer_to_list(Port)++"/Wrong")),
 
     ?match(ok, orber_test_lib:corba_object_tests(Obj12B, NSR)),
@@ -1493,22 +1519,22 @@ multi_orber_api(_Config) ->
 
     %%--- Testing code and decode arguments ---
     orber_test_lib:test_coding(Obj),
-    
-    ?match({'EXCEPTION',#'BAD_CONTEXT'{}}, 
+
+    ?match({'EXCEPTION',#'BAD_CONTEXT'{}},
 	   orber_test_server:
-	   print(Obj12B, 
+	   print(Obj12B,
 		 [{context,
-		   [#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					  context_data = {interface, 
+		   [#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					  context_data = {interface,
 							  {127,0,0,1}}}]}])),
-    
-    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}}, 
+
+    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}},
 	   orber_test_server:stop_brutal(Obj12B)),
-    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}}, 
+    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}},
 		 orber_test_server:print(Obj12B)),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   uninstall_test_data,
 					   [nameservice])),
     ok.
 
@@ -1516,9 +1542,9 @@ multi_orber_api(_Config) ->
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB, no security, using basic interceptors
 %%-----------------------------------------------------------------
-basic_PI_api(doc) -> ["MULTI ORB API tests", 
+basic_PI_api(doc) -> ["MULTI ORB API tests",
 		      "This case test if data encode/decode (IIOP)",
-		      "produce the correct result when using basic interceptors,", 
+		      "produce the correct result when using basic interceptors,",
 		      "i.e., the test_server echos",
 		      "the input parameter or an exception is raised (MARSHAL)."];
 basic_PI_api(suite) -> [];
@@ -1526,21 +1552,21 @@ basic_PI_api(_Config) ->
     %% Change configuration to use Basic Interceptors.
     orber:configure_override(interceptors, {native, [orber_test_lib]}),
     %% --- Create a slave-node ---
-    {ok, Node, Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{interceptors, {native, [orber_test_lib]}}])),    
+    {ok, Node, Host} =
+	?match({ok,_,_}, orber_test_lib:js_node([{interceptors, {native, [orber_test_lib]}}])),
     Port = orber_test_lib:remote_apply(Node, orber, iiop_port, []),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
-    
-    Obj12 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+
+    Obj12 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		   corba:string_to_object("corbaname::1.2@"++Host++":"++integer_to_list(Port)++"/NameService#mamba")),
-    
-    Obj11 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+
+    Obj11 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		   corba:string_to_object("corbaname::1.1@"++Host++":"++integer_to_list(Port)++"/NameService#mamba")),
-    
-    Obj10 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+
+    Obj10 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		   corba:string_to_object("corbaname::1.0@"++Host++":"++integer_to_list(Port)++"/NameService#mamba")),
 
     ?match(ok, corba:print_object(Obj12)),
@@ -1552,13 +1578,13 @@ basic_PI_api(_Config) ->
     ?match(ok, orber_test_server:print(Obj10)),
 
 
-    Obj12B = ?match({'IOP_IOR',_,_}, 
+    Obj12B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.2@"++Host++":"++integer_to_list(Port)++"/Mamba")),
-    
-    Obj11B = ?match({'IOP_IOR',_,_}, 
+
+    Obj11B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.1@"++Host++":"++integer_to_list(Port)++"/Mamba")),
-    
-    Obj10B = ?match({'IOP_IOR',_,_}, 
+
+    Obj10B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.0@"++Host++":"++integer_to_list(Port)++"/Mamba")),
 
     ?match(ok, corba:print_object(Obj12B, info_msg)),
@@ -1568,7 +1594,7 @@ basic_PI_api(_Config) ->
     ?match(ok, orber_test_server:print(Obj12B)),
     ?match(ok, orber_test_server:print(Obj11B)),
     ?match(ok, orber_test_server:print(Obj10B)),
-    ?match({'EXCEPTION',{'CosNaming_NamingContextExt_InvalidAddress',_}}, 
+    ?match({'EXCEPTION',{'CosNaming_NamingContextExt_InvalidAddress',_}},
 		 corba:string_to_object("corbaloc::1.0@"++Host++":"++integer_to_list(Port)++"/Wrong")),
 
     ?match(ok, orber_test_lib:alternate_iiop_address(Host, Port)),
@@ -1583,8 +1609,8 @@ basic_PI_api(_Config) ->
 
     application:set_env(orber, interceptors, false),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   uninstall_test_data,
 					   [nameservice])),
     ok.
 
@@ -1593,62 +1619,95 @@ basic_PI_api(_Config) ->
 %%  API tests for ORB to ORB, ssl security depth 1
 %%-----------------------------------------------------------------
 
-ssl_1_multi_orber_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)", 
+ssl_1_multi_orber_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
 			       "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_1_multi_orber_api(suite) -> [];
 ssl_1_multi_orber_api(_Config) ->
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
 					       1, [{iiop_ssl_port, 0}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
 					       1, [{iiop_ssl_port, 0}]),
     ssl_suite(ServerOptions, ClientOptions).
-    
-ssl_1_multi_orber_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)", 
+
+
+ssl_1_multi_orber_generation_3_api_old(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
+			       "This case set up two secure orbs and test if they can",
+			     "communicate. The case also test to access one of the",
+			     "secure orbs which must raise a NO_PERMISSION exception."];
+ssl_1_multi_orber_generation_3_api_old(suite) -> [];
+ssl_1_multi_orber_generation_3_api_old(_Config) ->
+
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
+					       1, [{ssl_generation, 3},
+						   {iiop_ssl_port, 0}]),
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
+					       1, [{ssl_generation, 3},
+						   {iiop_ssl_port, 0}]),
+    ssl_suite(ServerOptions, ClientOptions).
+
+
+ssl_1_multi_orber_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
 			       "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_1_multi_orber_generation_3_api(suite) -> [];
 ssl_1_multi_orber_generation_3_api(_Config) ->
-   
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+
+    ServerOptions = orber_test_lib:get_options(iiop_ssl, server,
 					       1, [{ssl_generation, 3},
 						   {iiop_ssl_port, 0}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options(iiop_ssl, client,
 					       1, [{ssl_generation, 3},
 						   {iiop_ssl_port, 0}]),
     ssl_suite(ServerOptions, ClientOptions).
-    
 
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB, ssl security depth 2
 %%-----------------------------------------------------------------
 
-ssl_2_multi_orber_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)", 
+ssl_2_multi_orber_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
 			     "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_2_multi_orber_api(suite) -> [];
-ssl_2_multi_orber_api(_Config) -> 
-    
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+ssl_2_multi_orber_api(_Config) ->
+
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
 					       2, [{iiop_ssl_port, 0}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
 					       2, [{iiop_ssl_port, 0}]),
     ssl_suite(ServerOptions, ClientOptions).
 
-ssl_2_multi_orber_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)", 
+
+ssl_2_multi_orber_generation_3_api_old(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
+			     "This case set up two secure orbs and test if they can",
+			     "communicate. The case also test to access one of the",
+			     "secure orbs which must raise a NO_PERMISSION exception."];
+ssl_2_multi_orber_generation_3_api_old(suite) -> [];
+ssl_2_multi_orber_generation_3_api_old(_Config) ->
+
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
+					       2, [{ssl_generation, 3},
+						   {iiop_ssl_port, 0}]),
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
+					       2, [{ssl_generation, 3},
+						   {iiop_ssl_port, 0}]),
+    ssl_suite(ServerOptions, ClientOptions).
+
+
+ssl_2_multi_orber_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
 			     "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_2_multi_orber_generation_3_api(suite) -> [];
-ssl_2_multi_orber_generation_3_api(_Config) -> 
-    
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+ssl_2_multi_orber_generation_3_api(_Config) ->
+
+    ServerOptions = orber_test_lib:get_options(iiop_ssl, server,
 					       2, [{ssl_generation, 3},
 						   {iiop_ssl_port, 0}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options(iiop_ssl, client,
 					       2, [{ssl_generation, 3},
 						   {iiop_ssl_port, 0}]),
     ssl_suite(ServerOptions, ClientOptions).
@@ -1656,77 +1715,135 @@ ssl_2_multi_orber_generation_3_api(_Config) ->
 %%  API tests for ORB to ORB, ssl security depth 2
 %%-----------------------------------------------------------------
 
-ssl_reconfigure_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)", 
+ssl_reconfigure_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
 			     "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_reconfigure_api(suite) -> [];
-ssl_reconfigure_api(_Config) -> 
-    ssl_reconfigure([]).
+ssl_reconfigure_api(_Config) ->
+    ssl_reconfigure_old([]).
+
 
-ssl_reconfigure_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)", 
+ssl_reconfigure_generation_3_api_old(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
+			     "This case set up two secure orbs and test if they can",
+			     "communicate. The case also test to access one of the",
+			     "secure orbs which must raise a NO_PERMISSION exception."];
+ssl_reconfigure_generation_3_api_old(suite) -> [];
+ssl_reconfigure_generation_3_api_old(_Config) ->
+    ssl_reconfigure_old([{ssl_generation, 3}]).
+
+ssl_reconfigure_old(ExtraSSLOptions) ->
+
+    IP = orber_test_lib:get_host(),
+    Loopback = orber_test_lib:get_loopback_interface(),
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_},
+	       orber_test_lib:js_node([{iiop_port, 0},
+				       {flags, ?ORB_ENV_LOCAL_INTERFACE},
+				       {ip_address, IP}|ExtraSSLOptions])),
+    orber_test_lib:remote_apply(ServerNode, ssl, start, []),
+    orber_test_lib:remote_apply(ServerNode, crypto, start, []),
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
+					   [ssl])),
+    ?match({ok, _},
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
+				       [Loopback, normal, [{iiop_port, 5648},
+							   {iiop_ssl_port, 5649},
+							   {interceptors, {native, [orber_iiop_tracer_silent]}}|ExtraSSLOptions]])),
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
+					       2, [{flags, ?ORB_ENV_LOCAL_INTERFACE},
+						   {iiop_port, 5648},
+						   {iiop_ssl_port, 5649},
+						   {interceptors, {native, [orber_iiop_tracer_silent]}}|ExtraSSLOptions]),
+    ?match({ok, _},
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
+				       [Loopback, ssl, ServerOptions])),
+
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
+					       2, [{iiop_ssl_port, 0}|ExtraSSLOptions]),
+    {ok, ClientNode, _ClientHost} =
+	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
+
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
+					   install_test_data,
+					   [ssl])),
+    orber_test_lib:remote_apply(ClientNode, ssl, start, []),
+    orber_test_lib:remote_apply(ServerNode, crypto, start, []),
+    Obj = ?match(#'IOP_IOR'{},
+		 orber_test_lib:remote_apply(ClientNode, corba,
+					     string_to_object, ["corbaname:iiop:1.1@"++Loopback++":5648/NameService#mamba",
+								[{context, [#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+												  context_data = {configuration, ClientOptions}}]}]])),
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_server,
+					   print, [Obj])).
+
+
+ssl_reconfigure_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
 			     "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_reconfigure_generation_3_api(suite) -> [];
-ssl_reconfigure_generation_3_api(_Config) -> 
+ssl_reconfigure_generation_3_api(_Config) ->
     ssl_reconfigure([{ssl_generation, 3}]).
 
+
 ssl_reconfigure(ExtraSSLOptions) ->
 
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, 
-	       orber_test_lib:js_node([{iiop_port, 0}, 
-				       {flags, ?ORB_ENV_LOCAL_INTERFACE}, 
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_},
+	       orber_test_lib:js_node([{iiop_port, 0},
+				       {flags, ?ORB_ENV_LOCAL_INTERFACE},
 				       {ip_address, IP}|ExtraSSLOptions])),
     orber_test_lib:remote_apply(ServerNode, ssl, start, []),
     orber_test_lib:remote_apply(ServerNode, crypto, start, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [ssl])),
-    ?match({ok, _}, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
-				       add_listen_interface, 
+    ?match({ok, _},
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
 				       [Loopback, normal, [{iiop_port, 5648},
 							   {iiop_ssl_port, 5649},
 							   {interceptors, {native, [orber_iiop_tracer_silent]}}|ExtraSSLOptions]])),
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
-					       2, [{flags, ?ORB_ENV_LOCAL_INTERFACE}, 
+    ServerOptions = orber_test_lib:get_options(iiop_ssl, server,
+					       2, [{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						   {iiop_port, 5648},
 						   {iiop_ssl_port, 5649},
 						   {interceptors, {native, [orber_iiop_tracer_silent]}}|ExtraSSLOptions]),
-    ?match({ok, _}, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
-				       add_listen_interface, 
+    ?match({ok, _},
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
 				       [Loopback, ssl, ServerOptions])),
 
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options(iiop_ssl, client,
 					       2, [{iiop_ssl_port, 0}|ExtraSSLOptions]),
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
 
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
+					   install_test_data,
 					   [ssl])),
     orber_test_lib:remote_apply(ClientNode, ssl, start, []),
     orber_test_lib:remote_apply(ServerNode, crypto, start, []),
-    Obj = ?match(#'IOP_IOR'{}, 
+    Obj = ?match(#'IOP_IOR'{},
 		 orber_test_lib:remote_apply(ClientNode, corba,
 					     string_to_object, ["corbaname:iiop:1.1@"++Loopback++":5648/NameService#mamba",
-								[{context, [#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
+								[{context, [#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
 												  context_data = {configuration, ClientOptions}}]}]])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_server, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_server,
 					   print, [Obj])).
 
 
-
 %%-----------------------------------------------------------------
 %%  API tests for Orber to Java ORB, no security
 %%-----------------------------------------------------------------
 
-%orber_java_api(doc) -> ["ERLANG-ORB <-> JAVA-ORB API tests", 
+%orber_java_api(doc) -> ["ERLANG-ORB <-> JAVA-ORB API tests",
 %			"This case test if data encode/decode (IIOP)",
 %			"produce the correct result, i.e., the test_server echos",
 %			"the input parameter or an exception is raised (MARSHAL)."];
@@ -1739,38 +1856,38 @@ ssl_reconfigure(ExtraSSLOptions) ->
 %% Arguments: Config
 %%            Depth
 %% Returns  : ok
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 
 ssl_suite(ServerOptions, ClientOptions) ->
 
-    {ok, ServerNode, ServerHost} = 
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ServerOptions)),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     SSLServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
 
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
-    
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [ssl])),
     %% Tell the client to interoperate with the server. The purpose of this
     %% operation is to look up, using NameService, an object reference and
     %% use it to contact the object.
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
 					   lookup,
 					   [ServerHost, ServerPort])),
-    
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
+
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
 					   alternate_ssl_iiop_address,
 					   [ServerHost, ServerPort, SSLServerPort])),
-    
+
     %% 'This' node is not secure. Contact the server. Must refuse connection.
     NSR = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_},
 		       corba:string_to_object("corbaloc::1.2@"++ServerHost++":"++
 					      integer_to_list(ServerPort)++"/NameService")),
-    
+
     %% Should be 'NO_PERMISSION'??
     ?match({'EXCEPTION',{'COMM_FAILURE',_,_,_}},
 		 'CosNaming_NamingContext':resolve(NSR, lname:new(["not_exist"]))),
@@ -1780,8 +1897,8 @@ ssl_suite(ServerOptions, ClientOptions) ->
 		 'CosNaming_NamingContext':resolve(NSR, lname:new(["mamba"]))),
 
     %% Uninstall.
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
 					   [ssl])),
     ok.
 
@@ -1793,7 +1910,7 @@ setup_connection_timeout_api(suite) -> [];
 setup_connection_timeout_api(_Config) ->
     ?match(ok, application:set_env(orber, iiop_backlog, 0)),
     %% Wait to be sure that the configuration has kicked in.
-    timer:sleep(2000),    
+    timer:sleep(2000),
     {ok, Ref, Port} = create_fake_server_ORB(normal, 0, [], listen, []),
     ?match(ok, orber:configure(iiop_setup_connection_timeout, 5)),
     ?match(ok, orber:info(io)),
@@ -1813,7 +1930,7 @@ setup_connection_timeout_api(_Config) ->
 %%-----------------------------------------------------------------
 %%  iiop_setup_connection_timeout API tests for ORB to ORB.
 %%-----------------------------------------------------------------
-setup_multi_connection_timeout_api(doc) -> 
+setup_multi_connection_timeout_api(doc) ->
     ["iiop_multi_setup_connection_timeout API tests for ORB to ORB."];
 setup_multi_connection_timeout_api(suite) -> [];
 setup_multi_connection_timeout_api(_Config) ->
@@ -1838,7 +1955,7 @@ setup_multi_connection_timeout_api(_Config) ->
     ?match(ok, application:set_env(orber, iiop_out_ports, undefined)),
     ok.
 
-setup_multi_connection_timeout_attempts_api(doc) -> 
+setup_multi_connection_timeout_attempts_api(doc) ->
     ["iiop_multi_setup_connection_timeout API tests for ORB to ORB."];
 setup_multi_connection_timeout_attempts_api(suite) -> [];
 setup_multi_connection_timeout_attempts_api(_Config) ->
@@ -1864,7 +1981,7 @@ setup_multi_connection_timeout_attempts_api(_Config) ->
     ?match(ok, application:set_env(orber, iiop_out_ports, undefined)),
     ok.
 
-setup_multi_connection_timeout_random_api(doc) -> 
+setup_multi_connection_timeout_random_api(doc) ->
     ["iiop_multi_setup_connection_timeout API tests for ORB to ORB."];
 setup_multi_connection_timeout_random_api(suite) -> [];
 setup_multi_connection_timeout_random_api(_Config) ->
@@ -1899,17 +2016,17 @@ bad_giop_header_api(_Config) ->
     orber:configure_override(interceptors, {native,[orber_iiop_tracer]}),
     orber:configure(orber_debug_level, 10),
     ?match(ok, orber:info(io)),
-    {ok, ServerNode, ServerHost} = 
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node()),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     Req = <<"GIOP",1,2,0,100,0,0,0,5,0,0,0,10,50>> ,
-    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [], 
+    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [],
 				     message_error, [Req])),
-    
+
     application:set_env(orber, interceptors, false),
     orber:configure(orber_debug_level, 0),
     ok.
-    
+
 
 %%-----------------------------------------------------------------
 %%  Fragmented IIOP tests (Server-side).
@@ -1927,34 +2044,34 @@ fragments_server_api(doc) -> ["fragments API tests for server-side ORB."];
 fragments_server_api(suite) -> [];
 fragments_server_api(_Config) ->
     %% --- Create a slave-node ---
-    {ok, Node, Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node()),    
+    {ok, Node, Host} =
+	?match({ok,_,_}, orber_test_lib:js_node()),
     Port = orber_test_lib:remote_apply(Node, orber, iiop_port, []),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
-    
+
     NSR = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_},
 		 corba:string_to_object("corbaloc::1.2@"++Host++":"++
 					integer_to_list(Port)++"/NameService")),
-    
-    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+
+    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		 'CosNaming_NamingContext':resolve(NSR, lname:new(["mamba"]))),
 
     Any = #any{typecode = {tk_string,0},
 	       value = "123"},
-    Target = #'GIOP_TargetAddress'{label = ?GIOP_KeyAddr, 
+    Target = #'GIOP_TargetAddress'{label = ?GIOP_KeyAddr,
 				   value = iop_ior:get_objkey(Obj)},
-    %% Fix a request header. 
+    %% Fix a request header.
     {Hdr, Body, HdrLen, _What, _Flags} =
 	cdr_encode:enc_request_split(
-	  #giop_env{version = {1,2}, objkey = Target, 
+	  #giop_env{version = {1,2}, objkey = Target,
 		    request_id = ?REQUEST_ID,
-		    response_expected = true, 
-		    op = testing_iiop_any, 
-		    parameters = [49], ctx = [], 
-		    tc = {tk_void,[tk_char],[]}, 
+		    response_expected = true,
+		    op = testing_iiop_any,
+		    parameters = [49], ctx = [],
+		    tc = {tk_void,[tk_char],[]},
 		    host = [orber_test_lib:get_host()],
 		    iiop_port = orber:iiop_port(),
 		    iiop_ssl_port = orber:iiop_ssl_port(),
@@ -1969,11 +2086,11 @@ fragments_server_api(_Config) ->
 		<<AligmnetData:Aligned/binary,49>> = Body,
 		list_to_binary([AligmnetData, <<0,0,0,18,0,0,0,0,0,0,0,4,49>> ])
 	end,
-    
+
     MessSize = HdrLen+size(NewBody),
     ReqFrag = list_to_binary([ <<"GIOP",1:8,2:8,2:8,0:8,
 			       MessSize:32/big-unsigned-integer>> , Hdr |NewBody]),
-    ?match(Any, fake_client_ORB(normal, Host, Port, [], fragments, 
+    ?match(Any, fake_client_ORB(normal, Host, Port, [], fragments,
 				[ReqFrag, ?FRAG_2, ?FRAG_3, ?FRAG_4])),
 
     ok.
@@ -1986,9 +2103,9 @@ fragments_max_server_api(suite) -> [];
 fragments_max_server_api(_Config) ->
     %% --- Create a slave-node ---
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{iiop_max_fragments, 2},
-						 {ip_address, IP}])),    
+						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     fragments_max_server(ServerNode, IP, ServerPort).
 
@@ -1997,37 +2114,37 @@ fragments_max_server_added_api(suite) -> [];
 fragments_max_server_added_api(_Config) ->
     %% --- Create a slave-node ---
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([])),    
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([])),
     ServerPort = 1 + orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     ?match({ok, _},
-	   orber_test_lib:remote_apply(ServerNode, orber, 
-				       add_listen_interface, 
-				       [IP, normal, 
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
+				       [IP, normal,
 					[{iiop_max_fragments, 2},
 					 {flags, ?ORB_ENV_LOCAL_INTERFACE},
 					 {iiop_port, ServerPort}]])),
     fragments_max_server(ServerNode, IP, ServerPort).
 
 fragments_max_server(ServerNode, ServerHost, ServerPort) ->
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		 corba:string_to_object("corbaname::1.2@"++ServerHost++":"++
 					integer_to_list(ServerPort)++"/NameService#mamba")),
-    Target = #'GIOP_TargetAddress'{label = ?GIOP_KeyAddr, 
+    Target = #'GIOP_TargetAddress'{label = ?GIOP_KeyAddr,
 				   value = iop_ior:get_objkey(Obj)},
-    %% Fix a request header. 
+    %% Fix a request header.
     {Hdr, Body, HdrLen, _What, _Flags} =
 	cdr_encode:enc_request_split(
-	  #giop_env{version = {1,2}, 
-		    objkey = Target, 
-		    request_id = ?REQUEST_ID, 
-		    response_expected = true, 
-		    op = testing_iiop_any, 
-		    parameters = [49], ctx = [], 
-		    tc = {tk_void,[tk_char],[]}, 
+	  #giop_env{version = {1,2},
+		    objkey = Target,
+		    request_id = ?REQUEST_ID,
+		    response_expected = true,
+		    op = testing_iiop_any,
+		    parameters = [49], ctx = [],
+		    tc = {tk_void,[tk_char],[]},
 		    host = [orber_test_lib:get_host()],
 		    iiop_port = orber:iiop_port(),
 		    iiop_ssl_port = orber:iiop_ssl_port(),
@@ -2046,8 +2163,8 @@ fragments_max_server(ServerNode, ServerHost, ServerPort) ->
     MessSize = HdrLen+size(NewBody),
     ReqFrag = list_to_binary([ <<"GIOP",1:8,2:8,2:8,0:8,
 			       MessSize:32/big-unsigned-integer>> , Hdr |NewBody]),
-    ?match(#'IMP_LIMIT'{}, 
-	   fake_client_ORB(normal, ServerHost, ServerPort, [], fragments_max, 
+    ?match(#'IMP_LIMIT'{},
+	   fake_client_ORB(normal, ServerHost, ServerPort, [], fragments_max,
 			   [ReqFrag, ?FRAG_2, ?FRAG_3, ?FRAG_4])),
 
     ok.
@@ -2063,11 +2180,11 @@ fragments_client_api(_Config) ->
     application:set_env(orber, interceptors, {native,[orber_iiop_tracer]}),
     orber:configure(orber_debug_level, 10),
     orber:info(),
-    IOR = ?match({'IOP_IOR',_,_}, 
-		       iop_ior:create_external({1, 2}, "IDL:FAKE:1.0", 
+    IOR = ?match({'IOP_IOR',_,_},
+		       iop_ior:create_external({1, 2}, "IDL:FAKE:1.0",
 					       "localhost", 6004, "FAKE", [])),
-    spawn(?MODULE, create_fake_server_ORB, [normal, 6004, [], fragments, 
-					    [?REPLY_FRAG_1, ?FRAG_2, 
+    spawn(?MODULE, create_fake_server_ORB, [normal, 6004, [], fragments,
+					    [?REPLY_FRAG_1, ?FRAG_2,
 					     ?FRAG_3, ?FRAG_4]]),
     ?match({ok, Any}, orber_test_server:testing_iiop_any(IOR, Any)),
     application:set_env(orber, interceptors, false),
@@ -2083,16 +2200,16 @@ bad_fragment_id_client_api(_Config) ->
     application:set_env(orber, interceptors, {native,[orber_iiop_tracer]}),
     orber:configure(orber_debug_level, 10),
     orber:info(),
-    {ok, ServerNode, ServerHost} = 
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node()),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     Req = <<71,73,79,80,1,2,2,7,0,0,0,5,0,0,0,100,50>> ,
-    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [], 
+    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [],
 			       message_error, [Req])),
-    
+
     application:set_env(orber, interceptors, false),
     orber:configure(orber_debug_level, 0),
-    
+
     ok.
 
 %%-----------------------------------------------------------------
@@ -2100,22 +2217,22 @@ bad_fragment_id_client_api(_Config) ->
 %%-----------------------------------------------------------------
 bad_id_cancel_request_api(doc) -> ["Description", "more description"];
 bad_id_cancel_request_api(suite) -> [];
-bad_id_cancel_request_api(Config) when is_list(Config) ->   
-    Req10 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 0}, 
+bad_id_cancel_request_api(Config) when is_list(Config) ->
+    Req10 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 0},
 						    request_id = 556}),
-    Req11 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 1}, 
+    Req11 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 1},
 						    request_id = 556}),
-    Req12 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 2}, 
+    Req12 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 2},
 						    request_id = 556}),
-    {ok, ServerNode, ServerHost} = 
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node()),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [], 
-			       message_error, [Req10])),    
-    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [], 
-			       message_error, [Req11])),    
-    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [], 
-			       message_error, [Req12])),    
+    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [],
+			       message_error, [Req10])),
+    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [],
+			       message_error, [Req11])),
+    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [],
+			       message_error, [Req12])),
     ok.
 
 %%-----------------------------------------------------------------
@@ -2131,141 +2248,141 @@ pseudo_calls(0, _) ->
 pseudo_calls(Times, Obj) ->
     orber_test_server:pseudo_call(Obj),
     New = Times - 1,
-    pseudo_calls(New, Obj). 
+    pseudo_calls(New, Obj).
 pseudo_casts(0, _) ->
     ok;
 pseudo_casts(Times, Obj) ->
     orber_test_server:pseudo_cast(Obj),
     New = Times - 1,
-    pseudo_casts(New, Obj). 
+    pseudo_casts(New, Obj).
 
 context_test(Obj) ->
-    CodeSetCtx = #'CONV_FRAME_CodeSetContext'{char_data =  65537, 
+    CodeSetCtx = #'CONV_FRAME_CodeSetContext'{char_data =  65537,
 					      wchar_data = 65801},
     FTGrp = #'FT_FTGroupVersionServiceContext'{object_group_ref_version = ?ULONGMAX},
-    FTReq = #'FT_FTRequestServiceContext'{client_id = "ClientId", 
-					  retention_id = ?LONGMAX, 
+    FTReq = #'FT_FTRequestServiceContext'{client_id = "ClientId",
+					  retention_id = ?LONGMAX,
 					  expiration_time = ?ULONGLONGMAX},
 
-    IDToken1 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAbsent, 
+    IDToken1 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAbsent,
 				    value = true},
-    IDToken2 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAnonymous, 
+    IDToken2 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAnonymous,
 				    value = false},
-    IDToken3 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTPrincipalName, 
+    IDToken3 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTPrincipalName,
 				    value = [0,255]},
-    IDToken4 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTX509CertChain, 
+    IDToken4 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTX509CertChain,
 				    value = [1,255]},
-    IDToken5 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTDistinguishedName, 
+    IDToken5 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTDistinguishedName,
 				    value = [2,255]},
-    IDToken6 = #'CSI_IdentityToken'{label = ?ULONGMAX, 
+    IDToken6 = #'CSI_IdentityToken'{label = ?ULONGMAX,
 				    value = [3,255]},
 
     MTEstablishContext1 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken1, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken1,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext2 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken2, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken2,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext3 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken3, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken3,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext4 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken4, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken4,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext5 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken5, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken5,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext6 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken6, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken6,
 				       client_authentication_token = [1, 255]}},
     MTCompleteEstablishContext = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTCompleteEstablishContext, 
-       value = #'CSI_CompleteEstablishContext'{client_context_id = ?ULONGLONGMAX, 
+      {label = ?CSI_MsgType_MTCompleteEstablishContext,
+       value = #'CSI_CompleteEstablishContext'{client_context_id = ?ULONGLONGMAX,
 					       context_stateful = false,
 					       final_context_token = [1, 255]}},
     MTContextError = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTContextError, 
+      {label = ?CSI_MsgType_MTContextError,
        value = #'CSI_ContextError'{client_context_id = ?ULONGLONGMAX,
-				   major_status = 1, 
-				   minor_status = 2, 
+				   major_status = 1,
+				   minor_status = 2,
 				   error_token = [2,255]}},
     MTMessageInContext = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTMessageInContext, 
-       value = #'CSI_MessageInContext'{client_context_id = ?ULONGLONGMAX, 
+      {label = ?CSI_MsgType_MTMessageInContext,
+       value = #'CSI_MessageInContext'{client_context_id = ?ULONGLONGMAX,
 				       discard_context = true}},
-    Ctx = [#'IOP_ServiceContext'{context_id=?IOP_CodeSets, 
+    Ctx = [#'IOP_ServiceContext'{context_id=?IOP_CodeSets,
 				 context_data = CodeSetCtx},
-	   #'IOP_ServiceContext'{context_id=?IOP_FT_GROUP_VERSION, 
+	   #'IOP_ServiceContext'{context_id=?IOP_FT_GROUP_VERSION,
 				 context_data = FTGrp},
-	   #'IOP_ServiceContext'{context_id=?IOP_FT_REQUEST, 
+	   #'IOP_ServiceContext'{context_id=?IOP_FT_REQUEST,
 				 context_data = FTReq},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext1},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext2},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext3},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext4},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext5},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext6},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTCompleteEstablishContext},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTContextError},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTMessageInContext},
-	   #'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
+	   #'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
 				 context_data = {any_kind_of_data, {127,0,0,1}, 4001}}],
     ?match(ok, orber_test_server:testing_iiop_context(Obj, [{context, Ctx}])).
 
 
 create_fake_server_ORB(Type, Port, Options, listen, _Data) ->
     {ok, _ListenSocket, NewPort} =
-	orber_socket:listen(Type, Port, 
+	orber_socket:listen(Type, Port,
 			    [{backlog, 0}, {active, false}|Options]),
     Socket = orber_socket:connect(Type, 'localhost', NewPort, [{active, false}|Options]),
     {ok, {Type, Socket}, NewPort};
 create_fake_server_ORB(Type, Port, Options, Action, Data) ->
-    {ok, ListenSocket, _NewPort} = 
+    {ok, ListenSocket, _NewPort} =
 	orber_socket:listen(Type, Port, [{active, false}|Options]),
     Socket = orber_socket:accept(Type, ListenSocket),
     do_server_action(Type, Socket, Action, Data),
@@ -2299,14 +2416,14 @@ do_client_action(Type, Socket, fragments, FragList) ->
     ok = send_data(Type, Socket, FragList),
     timer:sleep(3000),
     {ok, Bytes} = gen_tcp:recv(Socket, 0),
-    {#reply_header{request_id = ?REQUEST_ID, reply_status = no_exception}, ok, [Par]} = 
+    {#reply_header{request_id = ?REQUEST_ID, reply_status = no_exception}, ok, [Par]} =
 	cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
     Par;
 do_client_action(Type, Socket, fragments_max, FragList) ->
     ok = send_data(Type, Socket, FragList),
     timer:sleep(3000),
     {ok, Bytes} = gen_tcp:recv(Socket, 0),
-    {#reply_header{request_id = ?REQUEST_ID, reply_status = system_exception}, Exc, []} = 
+    {#reply_header{request_id = ?REQUEST_ID, reply_status = system_exception}, Exc, []} =
 	cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
     Exc;
 do_client_action(Type, Socket, message_error, Data) ->
@@ -2323,4 +2440,4 @@ send_data(_Type, _Socket, []) ->
 send_data(Type, Socket, [H|T]) ->
     orber_socket:write(Type, Socket, H),
     send_data(Type, Socket, T).
-    
+
diff --git a/lib/orber/test/orber_SUITE.erl b/lib/orber/test/orber_SUITE.erl
index be6ffa201c..72b0db1e0d 100644
--- a/lib/orber/test/orber_SUITE.erl
+++ b/lib/orber/test/orber_SUITE.erl
@@ -20,7 +20,6 @@
 -module(orber_SUITE).
 -include_lib("test_server/include/test_server.hrl").
 
-
 -define(default_timeout, ?t:minutes(15)).
 -define(application, orber).
 
@@ -31,7 +30,11 @@
 
 % Test cases must be exported.
 -export([app_test/1, undefined_functions/1, install_load_order/1,
-	 install_local_content/1]).
+	 install_local_content/1, 
+         otp_9887/1]).
+
+%% Exporting error handler callbacks for use in otp_9887
+-export([init/1, handle_event/2]).
 
 %%
 %% all/1
@@ -40,7 +43,8 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
     [app_test, undefined_functions, install_load_order,
-     install_local_content].
+     install_local_content,
+     otp_9887].
 
 groups() -> 
     [].
@@ -76,6 +80,27 @@ app_test(_Config) ->
     ?line ok=?t:app_test(orber),
     ok.
 
+otp_9887(_Config) ->
+    orber:jump_stop(),
+    application:set_env(orber, orber_debug_level, 10),
+    orber:jump_start([]),
+    
+    mnesia:create_table(orber_light_ifr, []),
+
+    error_logger:add_report_handler(?MODULE,[self()]),
+    catch orber_ifr:get_module(foo, bar),
+    
+    receive
+	{stolen,Reason} ->
+            {error,_Pid1, {_Pid2, _ErrorString, ArgumentList}} = Reason,
+            5 = length(ArgumentList)
+    after 500 ->
+            test_server:fail("OTP_9887 TIMED OUT")
+    end,
+
+    orber:jump_stop(),
+    ok.
+
 %% Install Orber using the load_order option.
 install_load_order(suite) ->
     [];
@@ -192,5 +217,10 @@ key1search(Key, L) ->
 fail(Reason) ->
     exit({suite_failed, Reason}).
 
+%% Error handler 
 
+init([Proc]) -> {ok,Proc}.
 
+handle_event(Event, Proc) -> 
+    Proc ! {stolen,Event},
+    {ok,Proc}.
diff --git a/lib/orber/test/orber_acl_SUITE.erl b/lib/orber/test/orber_acl_SUITE.erl
index b43a00be19..49107cde84 100644
--- a/lib/orber/test/orber_acl_SUITE.erl
+++ b/lib/orber/test/orber_acl_SUITE.erl
@@ -80,7 +80,7 @@ end_per_group(_GroupName, Config) ->
 %%-----------------------------------------------------------------
 init_per_suite(Config) ->
     if
-        list(Config) ->
+        is_list(Config) ->
             Config;
         true ->
             exit("Config not a list")
diff --git a/lib/orber/test/orber_nat_SUITE.erl b/lib/orber/test/orber_nat_SUITE.erl
index 625f168520..ee31b162c2 100644
--- a/lib/orber/test/orber_nat_SUITE.erl
+++ b/lib/orber/test/orber_nat_SUITE.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 2006-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 %%
@@ -50,14 +50,15 @@
 %%-----------------------------------------------------------------
 %% External exports
 %%-----------------------------------------------------------------
--export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0, 
+-export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0,
 	 init_per_suite/1, end_per_suite/1,
-	 init_per_testcase/2, end_per_testcase/2, 
+	 init_per_testcase/2, end_per_testcase/2,
 	 nat_ip_address/1, nat_ip_address_multiple/1,
 	 nat_ip_address_local/1, nat_ip_address_local_local/1,
 	 nat_iiop_port/1, nat_iiop_port_local/1,
-	 nat_iiop_port_local_local/1, nat_iiop_ssl_port/1,
-	 nat_iiop_ssl_port_local/1]).
+	 nat_iiop_port_local_local/1,
+	 nat_iiop_ssl_port_old/1, nat_iiop_ssl_port_local_old/1,
+	 nat_iiop_ssl_port/1, nat_iiop_ssl_port_local/1]).
 
 
 %%-----------------------------------------------------------------
@@ -66,15 +67,15 @@
 
 %%-----------------------------------------------------------------
 %% Func: all/1
-%% Args: 
-%% Returns: 
+%% Args:
+%% Returns:
 %%-----------------------------------------------------------------
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
-all() -> 
+all() ->
     cases().
 
-groups() -> 
+groups() ->
     [].
 
 init_per_group(_GroupName, Config) ->
@@ -84,25 +85,38 @@ end_per_group(_GroupName, Config) ->
     Config.
 
 
-cases() -> 
-    [nat_ip_address, nat_ip_address_multiple,
-     nat_ip_address_local, nat_iiop_port,
-     nat_iiop_port_local, nat_ip_address_local_local,
-     nat_iiop_port_local_local, nat_iiop_ssl_port,
+cases() ->
+    [nat_ip_address,
+     nat_ip_address_multiple,
+     nat_ip_address_local,
+     nat_iiop_port,
+     nat_iiop_port_local,
+     nat_ip_address_local_local,
+     nat_iiop_port_local_local,
+     nat_iiop_ssl_port_old,
+     nat_iiop_ssl_port_local_old,
+     nat_iiop_ssl_port,
      nat_iiop_ssl_port_local].
 
 %%-----------------------------------------------------------------
 %% Init and cleanup functions.
 %%-----------------------------------------------------------------
-init_per_testcase(TC, Config) 
+init_per_testcase(TC, Config)
  when TC =:= nat_iiop_ssl_port;
-      TC =:= nat_iiop_ssl_port_local ->
-    case orber_test_lib:ssl_version() of
-	no_ssl ->
-	    {skip,"SSL not installed!"};
-	_ ->
-	    init_per_testcase(dummy_tc, Config)
-    end;
+      TC =:= nat_iiop_ssl_port_local;
+      TC =:= nat_iiop_ssl_port_old;
+      TC =:= nat_iiop_ssl_port_local_old ->
+      case  ?config(crypto_started, Config) of
+	  true ->
+	      case orber_test_lib:ssl_version() of
+		  no_ssl ->
+		      {skip,"SSL not installed!"};
+		  _ ->
+		      init_per_testcase(dummy_tc, Config)
+	      end;
+	  false ->
+	      {skip, "Crypto did not start"}
+      end;
 init_per_testcase(_Case, Config) ->
     Path = code:which(?MODULE),
     code:add_pathz(filename:join(filename:dirname(Path), "idl_output")),
@@ -125,12 +139,18 @@ end_per_testcase(_Case, Config) ->
 init_per_suite(Config) ->
     if
 	is_list(Config) ->
-	    Config;
+            try crypto:start() of
+                ok ->
+		    [{crypto_started, true} | Config]
+            catch _:_ ->
+	       [{crypto_started, false} | Config]
+            end;
 	true ->
 	    exit("Config not a list")
     end.
 
 end_per_suite(Config) ->
+    application:stop(crypto),    
     Config.
 
 %%-----------------------------------------------------------------
@@ -143,13 +163,13 @@ nat_ip_address(suite) -> [];
 nat_ip_address(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_ENABLE_NAT},
 						 {nat_ip_address, Loopback}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR)),
     ok.
 
@@ -158,14 +178,14 @@ nat_ip_address_multiple(doc) -> ["This case test if the server ORB use the corre
 nat_ip_address_multiple(suite) -> [];
 nat_ip_address_multiple(_Config) ->
     IP = orber_test_lib:get_host(),
-   
-    {ok, ServerNode, _ServerHost} = 
+
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_ENABLE_NAT},
 						 {nat_ip_address, {multiple, ["10.0.0.1"]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR)),
     ok.
 
@@ -174,13 +194,13 @@ nat_ip_address_local(doc) -> ["This case test if the server ORB use the correct"
 nat_ip_address_local(suite) -> [];
 nat_ip_address_local(_Config) ->
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_ENABLE_NAT},
 						 {nat_ip_address, {local, "10.0.0.1", [{IP, "127.0.0.1"}]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR)),
     ok.
 
@@ -190,19 +210,19 @@ nat_ip_address_local_local(suite) -> [];
 nat_ip_address_local_local(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{flags, 
-						  (?ORB_ENV_LOCAL_INTERFACE bor 
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([{flags,
+						  (?ORB_ENV_LOCAL_INTERFACE bor
 						   ?ORB_ENV_ENABLE_NAT)},
 						 {nat_ip_address, {local, "10.0.0.1", [{IP, "10.0.0.2"}]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR1 = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {"10.0.0.2", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {"10.0.0.2", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR1)),
     IOR2 = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++Loopback++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR2)),
     ok.
 
@@ -211,13 +231,13 @@ nat_iiop_port(doc) -> ["This case test if the server ORB use the correct",
 nat_iiop_port(suite) -> [];
 nat_iiop_port(_Config) ->
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_ENABLE_NAT},
 						 {nat_iiop_port, 42}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {_IP, 42, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {_IP, 42, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR)),
     ok.
 
@@ -226,13 +246,13 @@ nat_iiop_port_local(doc) -> ["This case test if the server ORB use the correct",
 nat_iiop_port_local(suite) -> [];
 nat_iiop_port_local(_Config) ->
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_ENABLE_NAT},
 						 {nat_iiop_port, {local, 42, [{4001, 43}]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {_IP, 42, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {_IP, 42, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR)),
     ok.
 
@@ -242,27 +262,27 @@ nat_iiop_port_local_local(suite) -> [];
 nat_iiop_port_local_local(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{flags, 
-						  (?ORB_ENV_LOCAL_INTERFACE bor 
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([{flags,
+						  (?ORB_ENV_LOCAL_INTERFACE bor
 						   ?ORB_ENV_ENABLE_NAT)},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     orber_test_lib:remote_apply(ServerNode, orber_env, configure_override, [nat_iiop_port, {local, 42, [{ServerPort, 43}]}]),
     IOR1 = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {IP, 43, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, 43, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR1)),
     {ok, Ref} = ?match({ok, _},
-			orber_test_lib:remote_apply(ServerNode, orber, 
-						    add_listen_interface, 
+			orber_test_lib:remote_apply(ServerNode, orber,
+						    add_listen_interface,
 						    [Loopback, normal, 10088])),
     IOR2 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++Loopback++":10088/NameService")),
-    ?match({'external', {IP, 42, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, 42, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR2)),
-    ?match(ok, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       remove_listen_interface, [Ref])),
     ok.
 
@@ -271,103 +291,204 @@ nat_iiop_port_local_local(_Config) ->
 %%  API tests for ORB to ORB, ssl security depth 1
 %%-----------------------------------------------------------------
 
-nat_iiop_ssl_port(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)", 
+nat_iiop_ssl_port_old(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
+			   "Make sure NAT works for SSL"];
+nat_iiop_ssl_port_old(suite) -> [];
+nat_iiop_ssl_port_old(_Config) ->
+
+    IP = orber_test_lib:get_host(),
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
+					       1, [{iiop_ssl_port, 0},
+						   {flags, ?ORB_ENV_ENABLE_NAT},
+						   {ip_address, IP}]),
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
+					       1, [{iiop_ssl_port, 0}]),
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node(ServerOptions)),
+    ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
+    SSLServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
+    NATSSLServerPort = SSLServerPort+1,
+    {ok, Ref} = ?match({ok, _},
+		       orber_test_lib:remote_apply(ServerNode, orber,
+						   add_listen_interface,
+						   [IP, ssl, NATSSLServerPort])),
+    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override,
+				[nat_iiop_ssl_port,
+				 {local, NATSSLServerPort, [{4001, 43}]}]),
+
+    {ok, ClientNode, _ClientHost} =
+	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
+					   [ssl])),
+
+    IOR1 = ?match(#'IOP_IOR'{},
+		  orber_test_lib:remote_apply(ClientNode, corba,
+					      string_to_object,
+					      ["corbaname::1.2@"++IP++":"++
+						   integer_to_list(ServerPort)++"/NameService#mamba"])),
+
+    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP,
+			 #host_data{protocol = ssl,
+				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}},
+	   iop_ior:get_key(IOR1)),
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
+					   [ssl])),
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       remove_listen_interface, [Ref])),
+    ok.
+
+nat_iiop_ssl_port_local_old(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
+				 "Make sure NAT works for SSL"];
+nat_iiop_ssl_port_local_old(suite) -> [];
+nat_iiop_ssl_port_local_old(_Config) ->
+
+    IP = orber_test_lib:get_host(),
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
+					       1, [{iiop_ssl_port, 0},
+						   {flags,
+						    (?ORB_ENV_LOCAL_INTERFACE bor
+							 ?ORB_ENV_ENABLE_NAT)},
+						   {ip_address, IP}]),
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
+					       1, [{iiop_ssl_port, 0}]),
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node(ServerOptions)),
+    ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
+    SSLServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
+    NATSSLServerPort = SSLServerPort+1,
+    {ok, Ref} = ?match({ok, _},
+		       orber_test_lib:remote_apply(ServerNode, orber,
+						   add_listen_interface,
+						   [IP, ssl, NATSSLServerPort])),
+    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override,
+				[nat_iiop_ssl_port,
+				 {local, NATSSLServerPort, [{NATSSLServerPort, NATSSLServerPort}]}]),
+
+    {ok, ClientNode, _ClientHost} =
+	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
+					   [ssl])),
+
+    IOR1 = ?match(#'IOP_IOR'{},
+		  orber_test_lib:remote_apply(ClientNode, corba,
+					      string_to_object,
+					      ["corbaname::1.2@"++IP++":"++
+						   integer_to_list(ServerPort)++"/NameService#mamba"])),
+
+    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP,
+			 #host_data{protocol = ssl,
+				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}},
+	   iop_ior:get_key(IOR1)),
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
+					   [ssl])),
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       remove_listen_interface, [Ref])),
+    ok.
+
+
+nat_iiop_ssl_port(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
 			   "Make sure NAT works for SSL"];
 nat_iiop_ssl_port(suite) -> [];
 nat_iiop_ssl_port(_Config) ->
 
     IP = orber_test_lib:get_host(),
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+    ServerOptions = orber_test_lib:get_options(iiop_ssl, server,
 					       1, [{iiop_ssl_port, 0},
 						   {flags, ?ORB_ENV_ENABLE_NAT},
 						   {ip_address, IP}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options(iiop_ssl, client,
 					       1, [{iiop_ssl_port, 0}]),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ServerOptions)),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     SSLServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
     NATSSLServerPort = SSLServerPort+1,
     {ok, Ref} = ?match({ok, _},
-		       orber_test_lib:remote_apply(ServerNode, orber, 
-						   add_listen_interface, 
+		       orber_test_lib:remote_apply(ServerNode, orber,
+						   add_listen_interface,
 						   [IP, ssl, NATSSLServerPort])),
-    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override, 
-				[nat_iiop_ssl_port, 
+    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override,
+				[nat_iiop_ssl_port,
 				 {local, NATSSLServerPort, [{4001, 43}]}]),
 
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [ssl])),
 
-    IOR1 = ?match(#'IOP_IOR'{}, 
-		  orber_test_lib:remote_apply(ClientNode, corba, 
+    IOR1 = ?match(#'IOP_IOR'{},
+		  orber_test_lib:remote_apply(ClientNode, corba,
 					      string_to_object,
 					      ["corbaname::1.2@"++IP++":"++
 						   integer_to_list(ServerPort)++"/NameService#mamba"])),
 
-    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP, 
-			 #host_data{protocol = ssl, 
-				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}}, 
+    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP,
+			 #host_data{protocol = ssl,
+				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}},
 	   iop_ior:get_key(IOR1)),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
 					   [ssl])),
-    ?match(ok, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       remove_listen_interface, [Ref])),
     ok.
 
-nat_iiop_ssl_port_local(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)", 
+nat_iiop_ssl_port_local(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
 				 "Make sure NAT works for SSL"];
 nat_iiop_ssl_port_local(suite) -> [];
 nat_iiop_ssl_port_local(_Config) ->
 
     IP = orber_test_lib:get_host(),
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+    ServerOptions = orber_test_lib:get_options(iiop_ssl, server,
 					       1, [{iiop_ssl_port, 0},
-						   {flags, 
-						    (?ORB_ENV_LOCAL_INTERFACE bor 
+						   {flags,
+						    (?ORB_ENV_LOCAL_INTERFACE bor
 							 ?ORB_ENV_ENABLE_NAT)},
 						   {ip_address, IP}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options(iiop_ssl, client,
 					       1, [{iiop_ssl_port, 0}]),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ServerOptions)),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     SSLServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
     NATSSLServerPort = SSLServerPort+1,
     {ok, Ref} = ?match({ok, _},
-		       orber_test_lib:remote_apply(ServerNode, orber, 
-						   add_listen_interface, 
+		       orber_test_lib:remote_apply(ServerNode, orber,
+						   add_listen_interface,
 						   [IP, ssl, NATSSLServerPort])),
-    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override, 
-				[nat_iiop_ssl_port, 
+    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override,
+				[nat_iiop_ssl_port,
 				 {local, NATSSLServerPort, [{NATSSLServerPort, NATSSLServerPort}]}]),
 
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [ssl])),
 
-    IOR1 = ?match(#'IOP_IOR'{}, 
-		  orber_test_lib:remote_apply(ClientNode, corba, 
+    IOR1 = ?match(#'IOP_IOR'{},
+		  orber_test_lib:remote_apply(ClientNode, corba,
 					      string_to_object,
 					      ["corbaname::1.2@"++IP++":"++
 						   integer_to_list(ServerPort)++"/NameService#mamba"])),
 
-    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP, 
-			 #host_data{protocol = ssl, 
-				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}}, 
+    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP,
+			 #host_data{protocol = ssl,
+				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}},
 	   iop_ior:get_key(IOR1)),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
 					   [ssl])),
-    ?match(ok, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       remove_listen_interface, [Ref])),
     ok.
 
diff --git a/lib/orber/test/orber_test_lib.erl b/lib/orber/test/orber_test_lib.erl
index 903ab1d771..0ddde49cd6 100644
--- a/lib/orber/test/orber_test_lib.erl
+++ b/lib/orber/test/orber_test_lib.erl
@@ -41,28 +41,31 @@
 	       end
        end()).
 
--export([js_node/2, 
+-export([js_node/2,
 	 js_node/1,
 	 js_node/0,
-	 slave_sup/0, 
-	 remote_apply/4, 
+	 slave_sup/0,
+	 remote_apply/4,
 	 install_test_data/1,
 	 light_tests/3,
-	 uninstall_test_data/1, 
-	 destroy_node/2, 
+	 uninstall_test_data/1,
+	 destroy_node/2,
 	 lookup/2,
 	 alternate_iiop_address/2,
 	 create_alternate_iiop_address/2,
 	 alternate_ssl_iiop_address/3,
 	 create_alternate_ssl_iiop_address/3,
-	 test_coding/1, 
-	 test_coding/2, 
-	 corba_object_tests/2, 
+	 test_coding/1,
+	 test_coding/2,
+	 corba_object_tests/2,
 	 timeouts/3,
 	 precond/3,
 	 postcond/4,
 	 oe_get_interface/0,
 	 create_components_IOR/1,
+	 get_options_old/2,
+	 get_options_old/3,
+	 get_options_old/4,
 	 get_options/2,
 	 get_options/3,
 	 get_options/4,
@@ -89,13 +92,13 @@
 
 %%------------------------------------------------------------
 %% function : ssl_version
-%% Arguments: 
+%% Arguments:
 %% Returns  : integer()
-%% Effect   : 
-%%            
+%% Effect   :
+%%
 %%------------------------------------------------------------
 ssl_version() ->
-    try 
+    try
 	ssl:module_info(),
 	case catch erlang:system_info(otp_release) of
 	    Version when is_list(Version) ->
@@ -114,10 +117,10 @@ ssl_version() ->
 
 %%------------------------------------------------------------
 %% function : version_ok
-%% Arguments: 
+%% Arguments:
 %% Returns  : true | {skipped, Reason}
-%% Effect   : 
-%%            
+%% Effect   :
+%%
 %%------------------------------------------------------------
 version_ok() ->
     {ok, Hostname} = inet:gethostname(),
@@ -151,8 +154,8 @@ version_ok() ->
 %% function : get_host
 %% Arguments: Family - inet | inet6
 %% Returns  : string()
-%% Effect   : 
-%%            
+%% Effect   :
+%%
 %%------------------------------------------------------------
 get_host() ->
     get_host(inet).
@@ -172,13 +175,13 @@ get_host(Family) ->
 	    [IP] = ?match([_], orber:host()),
 	    IP
     end.
-  
+
 %%------------------------------------------------------------
 %% function : get_loopback_interface
 %% Arguments: Family - inet | inet6
 %% Returns  : string()
-%% Effect   : 
-%%            
+%% Effect   :
+%%
 %%------------------------------------------------------------
 get_loopback_interface() ->
     get_loopback_interface(inet).
@@ -193,12 +196,12 @@ get_loopback_interface(Family) ->
 		_ when Family == inet ->
 		    "127.0.0.1";
 		_ ->
-		    "0:0:0:0:0:FFFF:7F00:0001" 
+		    "0:0:0:0:0:FFFF:7F00:0001"
 	    end;
 	_ when Family == inet ->
 	    "127.0.0.1";
 	_ ->
-	    "0:0:0:0:0:FFFF:7F00:0001" 
+	    "0:0:0:0:0:FFFF:7F00:0001"
     end.
 
 %%------------------------------------------------------------
@@ -220,7 +223,7 @@ js_node(InitOptions, StartOptions) when is_list(InitOptions) ->
     {A,B,C} = erlang:now(),
     [_, Host] = string:tokens(atom_to_list(node()), [$@]),
     _NewInitOptions = check_options(InitOptions),
-    js_node_helper(Host, 0, lists:concat([A,'_',B,'_',C]), 
+    js_node_helper(Host, 0, lists:concat([A,'_',B,'_',C]),
 		   InitOptions, 10, StartOptions).
 
 js_node_helper(Host, Port, Name, Options, Retries, StartOptions) ->
@@ -234,8 +237,8 @@ js_node_helper(Host, Port, Name, Options, Retries, StartOptions) ->
 		    ok = rpc:call(NewNode, file, set_cwd, [Cwd]),
 		    true = rpc:call(NewNode, code, set_path, [Path]),
 		    rpc:call(NewNode, application, load, [orber]),
-		    ok = rpc:call(NewNode, corba, orb_init, 
-				  [[{iiop_port, Port}, 
+		    ok = rpc:call(NewNode, corba, orb_init,
+				  [[{iiop_port, Port},
 				    {orber_debug_level, 10}|Options]]),
 		    start_orber(StartOptions, NewNode),
 		    spawn_link(NewNode, ?MODULE, slave_sup, []),
@@ -247,8 +250,8 @@ js_node_helper(Host, Port, Name, Options, Retries, StartOptions) ->
 	    end;
         {error, Reason} when Retries == 0 ->
             {error, Reason};
-        {error, Reason} ->          
-            io:format("Could not start slavenode ~p:~p due to: ~p~n", 
+        {error, Reason} ->
+            io:format("Could not start slavenode ~p:~p due to: ~p~n",
                       [Host, Port, Reason]),
             timer:sleep(500),
 	    js_node_helper(Host, Port, Name, Options, Retries-1, StartOptions)
@@ -285,7 +288,7 @@ starter(Host, Name, Args) ->
 slave_sup() ->
     process_flag(trap_exit, true),
     receive
-        {'EXIT', _, _} -> 
+        {'EXIT', _, _} ->
             case os:type() of
                 vxworks ->
                     erlang:halt();
@@ -309,68 +312,106 @@ start_orber(lightweight, Node) ->
 start_orber(_, Node) ->
     ok = rpc:call(Node, orber, jump_start, []).
 
-
 %%-----------------------------------------------------------------
 %% Type    - ssl | iiop_ssl
 %% Role    - 'server' | 'client'
 %% Options - [{Key, Value}]
 %%-----------------------------------------------------------------
-get_options(Type, Role) -> 
-    get_options(Type, Role, 2, []).
+get_options_old(Type, Role) ->
+    get_options_old(Type, Role, 2, []).
 
-get_options(ssl, Role, Level) -> 
-    get_options(ssl, Role, Level, []).
+get_options_old(ssl, Role, Level) ->
+    get_options_old(ssl, Role, Level, []).
 
-get_options(ssl, Role, 2, Options) -> 
+get_options_old(ssl, Role, 2, Options) ->
     Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
     [{depth, 2},
      {verify, 2},
      {keyfile, filename:join([Dir, Role, "key.pem"])},
-     {cacertfile, filename:join([Dir, Role, "cacerts.pem"])}, 
-     {certfile, filename:join([Dir, Role, "cert.pem"])}|Options];
-get_options(iiop_ssl, _Role, 2, Options) ->
+     {cacertfile, filename:join([Dir, Role, "cacerts.pem"])},
+     {certfile, filename:join([Dir, Role, "cert.pem"])} |Options];
+get_options_old(iiop_ssl, _Role, 2, Options) ->
     Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
     [{ssl_server_depth, 2},
      {ssl_server_verify, 2},
      {ssl_server_certfile, filename:join([Dir, "server", "cert.pem"])},
-     {ssl_server_cacertfile, filename:join([Dir, "server", "cacerts.pem"])}, 
+     {ssl_server_cacertfile, filename:join([Dir, "server", "cacerts.pem"])},
      {ssl_server_keyfile, filename:join([Dir, "server", "key.pem"])},
      {ssl_client_depth, 2},
      {ssl_client_verify, 2},
      {ssl_client_certfile, filename:join([Dir, "client", "cert.pem"])},
-     {ssl_client_cacertfile, filename:join([Dir, "client", "cacerts.pem"])}, 
+     {ssl_client_cacertfile, filename:join([Dir, "client", "cacerts.pem"])},
      {ssl_client_keyfile, filename:join([Dir, "client", "key.pem"])},
-     {secure, ssl}|Options];
-get_options(iiop_ssl, _Role, 1, Options) ->
+     {secure, ssl} |Options];
+get_options_old(iiop_ssl, _Role, 1, Options) ->
     Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
     [{ssl_server_depth, 1},
      {ssl_server_verify, 0},
      {ssl_server_certfile, filename:join([Dir, "server", "cert.pem"])},
-     {ssl_server_cacertfile, filename:join([Dir, "server", "cacerts.pem"])}, 
+     {ssl_server_cacertfile, filename:join([Dir, "server", "cacerts.pem"])},
      {ssl_server_keyfile, filename:join([Dir, "server", "key.pem"])},
      {ssl_client_depth, 1},
      {ssl_client_verify, 0},
      {ssl_client_certfile, filename:join([Dir, "client", "cert.pem"])},
-     {ssl_client_cacertfile, filename:join([Dir, "client", "cacerts.pem"])}, 
+     {ssl_client_cacertfile, filename:join([Dir, "client", "cacerts.pem"])},
      {ssl_client_keyfile, filename:join([Dir, "client", "key.pem"])},
-     {secure, ssl}|Options].
+     {secure, ssl} |Options].
 
+get_options(Type, Role) ->
+    get_options(Type, Role, 2, []).
+
+get_options(ssl, Role, Level) ->
+    get_options(ssl, Role, Level, []).
+
+get_options(ssl, Role, 2, Options) ->
+    Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
+    [{depth, 2},
+     {verify, 2},
+     {keyfile, filename:join([Dir, Role, "key.pem"])},
+     {cacertfile, filename:join([Dir, Role, "cacerts.pem"])},
+     {certfile, filename:join([Dir, Role, "cert.pem"])} |Options];
+get_options(iiop_ssl, _Role, 2, Options) ->
+    Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
+    [{ssl_server_options, [{depth, 2},
+			{verify, 2},
+			{certfile, filename:join([Dir, "server", "cert.pem"])},
+			{cacertfile, filename:join([Dir, "server", "cacerts.pem"])},
+			{keyfile, filename:join([Dir, "server", "key.pem"])}]},
+     {ssl_client_options, [{depth, 2},
+			{verify, 2},
+			{certfile, filename:join([Dir, "client", "cert.pem"])},
+			{cacertfile, filename:join([Dir, "client", "cacerts.pem"])},
+			{keyfile, filename:join([Dir, "client", "key.pem"])}]},
+     {secure, ssl} |Options];
+get_options(iiop_ssl, _Role, 1, Options) ->
+    Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
+    [{ssl_server_options, [{depth, 1},
+			{verify, 0},
+			{certfile, filename:join([Dir, "server", "cert.pem"])},
+			{cacertfile, filename:join([Dir, "server", "cacerts.pem"])},
+			{keyfile, filename:join([Dir, "server", "key.pem"])}]},
+     {ssl_client_options, [{depth, 1},
+			{verify, 0},
+			{certfile, filename:join([Dir, "client", "cert.pem"])},
+			{cacertfile, filename:join([Dir, "client", "cacerts.pem"])},
+			{keyfile, filename:join([Dir, "client", "key.pem"])}]},
+     {secure, ssl} |Options].
 
 create_paths() ->
     Path = filename:dirname(code:which(?MODULE)),
     " -pa " ++ Path ++ " -pa " ++
-        filename:join(Path, "idl_output") ++ 
+        filename:join(Path, "idl_output") ++
 	" -pa " ++
-        filename:join(Path, "all_SUITE_data") ++ 
-        " -pa " ++ 
+        filename:join(Path, "all_SUITE_data") ++
+        " -pa " ++
         filename:dirname(code:which(orber)).
 
 %%------------------------------------------------------------
 %% function : destroy_node
 %% Arguments: Node - which node to destroy.
 %%            Type - normal | ssl
-%% Returns  : 
-%% Effect   : 
+%% Returns  :
+%% Effect   :
 %%------------------------------------------------------------
 
 destroy_node(Node, Type) ->
@@ -384,13 +425,13 @@ stopper(Node, _Type) ->
             slave:stop(Node)
     end.
 
-  
+
 %%------------------------------------------------------------
 %% function : remote_apply
 %% Arguments: N - Node, M - Module,
 %%            F - Function, A - Arguments (list)
-%% Returns  : 
-%% Effect   : 
+%% Returns  :
+%% Effect   :
 %%------------------------------------------------------------
 remote_apply(N, M,F,A) ->
     case rpc:call(N, M, F, A) of
@@ -411,7 +452,7 @@ remote_apply(N, M,F,A) ->
 
 install_test_data(nameservice) ->
     oe_orber_test_server:oe_register(),
-    Mamba = orber_test_server:oe_create([], [{regname, {local, mamba}}]), 
+    Mamba = orber_test_server:oe_create([], [{regname, {local, mamba}}]),
     true = corba:add_initial_service("Mamba", Mamba),
     NS = corba:resolve_initial_references("NameService"),
     NC1 = lname_component:set_id(lname_component:create(), "mamba"),
@@ -420,7 +461,7 @@ install_test_data(nameservice) ->
 
 install_test_data({nameservice, AltAddr, AltPort}) ->
     oe_orber_test_server:oe_register(),
-    Obj = orber_test_server:oe_create([], [{regname, {local, mamba}}]), 
+    Obj = orber_test_server:oe_create([], [{regname, {local, mamba}}]),
     Mamba = corba:add_alternate_iiop_address(Obj, AltAddr, AltPort),
     true = corba:add_initial_service("Mamba", Mamba),
     NS = corba:resolve_initial_references("NameService"),
@@ -430,8 +471,8 @@ install_test_data({nameservice, AltAddr, AltPort}) ->
 
 install_test_data(timeout) ->
     oe_orber_test_server:oe_register(),
-    Mamba = orber_test_server:oe_create([], {local, mamba}), 
-    Viper = orber_test_timeout_server:oe_create([], {local, viper}), 
+    Mamba = orber_test_server:oe_create([], {local, mamba}),
+    Viper = orber_test_timeout_server:oe_create([], {local, viper}),
     NS = corba:resolve_initial_references("NameService"),
     NC1 = lname_component:set_id(lname_component:create(), "mamba"),
     N1 = lname:insert_component(lname:create(), 1, NC1),
@@ -450,7 +491,7 @@ install_test_data(pseudo) ->
 
 install_test_data(ssl) ->
     oe_orber_test_server:oe_register(),
-    Mamba = orber_test_server:oe_create([], [{regname, {local, mamba}}]), 
+    Mamba = orber_test_server:oe_create([], [{regname, {local, mamba}}]),
     NS = corba:resolve_initial_references("NameService"),
     NC1 = lname_component:set_id(lname_component:create(), "mamba"),
     N = lname:insert_component(lname:create(), 1, NC1),
@@ -458,7 +499,7 @@ install_test_data(ssl) ->
 
 install_test_data(ssl_simple) ->
     oe_orber_test_server:oe_register();
-    
+
 install_test_data(light) ->
     %% Nothing to do at the moment but we might in the future
     ok;
@@ -479,7 +520,7 @@ uninstall_test_data(pseudo) ->
     NC1 = lname_component:set_id(lname_component:create(), "mamba"),
     N = lname:insert_component(lname:create(), 1, NC1),
     _Obj = (catch 'CosNaming_NamingContext':resolve(NS, N)),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
     oe_orber_test_server:oe_unregister();
 
 uninstall_test_data(timeout) ->
@@ -493,7 +534,7 @@ uninstall_test_data(timeout) ->
     Viper = (catch 'CosNaming_NamingContext':resolve(NS, N2)),
     catch corba:dispose(Mamba),
     catch corba:dispose(Viper),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
     oe_orber_test_server:oe_unregister();
 
 uninstall_test_data(nameservice) ->
@@ -503,7 +544,7 @@ uninstall_test_data(nameservice) ->
     N = lname:insert_component(lname:create(), 1, NC1),
     Obj = (catch 'CosNaming_NamingContext':resolve(NS, N)),
     catch corba:dispose(Obj),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
     oe_orber_test_server:oe_unregister();
 
 uninstall_test_data(ssl) ->
@@ -512,7 +553,7 @@ uninstall_test_data(ssl) ->
     N = lname:insert_component(lname:create(), 1, NC1),
     Obj = (catch 'CosNaming_NamingContext':resolve(NS, N)),
     catch corba:dispose(Obj),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
     oe_orber_test_server:oe_unregister();
 
 uninstall_test_data(ssl_simple) ->
@@ -530,27 +571,27 @@ uninstall_test_data(_) ->
 %% Arguments: TestServerObj a orber_test_server ref
 %%            OtherObj - any other Orber object.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 
 corba_object_tests(TestServerObj, OtherObj) ->
-    ?match(false,  
+    ?match(false,
 	   corba_object:is_a(TestServerObj, "IDL:orber_parent/inherrit:1.0")),
-    ?match(true,  
+    ?match(true,
 	   corba_object:is_a(TestServerObj, "IDL:omg.org/orber_parent/inherrit:1.0")),
-    ?match(true,  
+    ?match(true,
 	   corba_object:is_a(TestServerObj, "IDL:omg.org/orber_test/server:1.0")),
-    ?match(false,  
+    ?match(false,
 	   corba_object:is_a(TestServerObj, "IDL:orber_test/server:1.0")),
-    ?match(false, 
+    ?match(false,
 	   corba_object:is_a(TestServerObj, "IDL:omg.org/orber_parent/inherrit:1.1")),
-    ?match(false, 
+    ?match(false,
 	   corba_object:is_a(TestServerObj, "NotValidIFRID")),
-    ?match(false, 
+    ?match(false,
 	   corba_object:is_nil(TestServerObj)),
-    ?match(false, 
+    ?match(false,
 	   corba_object:is_equivalent(OtherObj,TestServerObj)),
-    ?match(true,  
+    ?match(true,
 	   corba_object:is_equivalent(TestServerObj,TestServerObj)),
     ?match(false, corba_object:non_existent(TestServerObj)),
     ?match(false, corba_object:not_existent(TestServerObj)),
@@ -562,32 +603,32 @@ corba_object_tests(TestServerObj, OtherObj) ->
 %% function : lookup
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 
 lookup(Host, Port) ->
     Key = Host++":"++integer_to_list(Port),
-    NSR = corba:resolve_initial_references_remote("NameService", 
+    NSR = corba:resolve_initial_references_remote("NameService",
 						  ["iiop://"++Key]),
 
     NC1 = lname_component:set_id(lname_component:create(), "not_exist"),
     N1 =  lname:insert_component(lname:create(), 1, NC1),
     ?match({'EXCEPTION',{'CosNaming_NamingContext_NotFound',_,_,_}},
 	   'CosNaming_NamingContext':resolve(NSR, N1)),
-    
+
     NC2 = lname_component:set_id(lname_component:create(), "mamba"),
     N2  = lname:insert_component(lname:create(), 1, NC2),
-    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		 'CosNaming_NamingContext':resolve(NSR, N2)),
     orber_test_server:print(Obj),
-    Obj2 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj2 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		  corba:string_to_object("corbaname:iiop:1.1@"++Key++"/NameService#mamba")),
-    
+
     orber_test_server:print(Obj2),
 
-    NSR2 = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_}, 
+    NSR2 = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_},
 		  corba:string_to_object("corbaloc:iiop:1.1@"++Key++"/NameService")),
-    Obj3 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj3 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		  'CosNaming_NamingContext':resolve(NSR2, N2)),
     orber_test_server:print(Obj3).
 
@@ -595,11 +636,11 @@ lookup(Host, Port) ->
 %% function : alternate_iiop_address
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 alternate_iiop_address(Host, Port) ->
     IOR = create_alternate_iiop_address(Host, Port),
-    
+
     ?match(false, corba_object:non_existent(IOR)),
     ?match({'object_forward',_}, corba:locate(IOR)),
     ?match({'object_forward',_}, corba:locate(IOR, 10000)),
@@ -609,145 +650,145 @@ alternate_iiop_address(Host, Port) ->
 %% function : create_alternate_iiop_address
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 create_alternate_iiop_address(Host, Port) ->
-    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE, 
+    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE,
 				 component_data = ?ORBER_ORB_TYPE_1},
-	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS,
 				 component_data = ?DEFAULT_CODESETS},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = Port}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = 8000}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = 8000}}],
     #'IOP_IOR'{type_id=TypeID,
-	       profiles=P1} = _IORA = iop_ior:create({1,2}, 
+	       profiles=P1} = _IORA = iop_ior:create({1,2},
 						     "IDL:omg.org/CosNaming/NamingContextExt:1.0",
-						     [Host], 8000, -1, 
+						     [Host], 8000, -1,
 						     "NameService", MC, 0, 0),
-    #'IOP_IOR'{profiles=P2} = _IORB = iop_ior:create({1,1}, 
+    #'IOP_IOR'{profiles=P2} = _IORB = iop_ior:create({1,1},
 						     "IDL:omg.org/CosNaming/NamingContextExt:1.0",
 						     [Host], 8000, -1,
 						     "NameService", [], 0, 0),
     #'IOP_IOR'{type_id=TypeID, profiles=P2++P1}.
-    
+
 
 %%------------------------------------------------------------
 %% function : create_components_IOR
-%% Arguments: 
+%% Arguments:
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 create_components_IOR(Version) ->
-    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE, 
+    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE,
 				 component_data = ?ORBER_ORB_TYPE_1},
-	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS,
 				 component_data = ?DEFAULT_CODESETS},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = "127.0.0.1", 
+				   'HostID' = "127.0.0.1",
 				   'Port' = 4001}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_SSL_SEC_TRANS, 
-				 component_data = #'SSLIOP_SSL'{target_supports = 0, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_SSL_SEC_TRANS,
+				 component_data = #'SSLIOP_SSL'{target_supports = 0,
 								target_requires = 1,
 								port = 2}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_FT_GROUP, 
-				 component_data = 
+	  #'IOP_TaggedComponent'{tag = ?TAG_FT_GROUP,
+				 component_data =
 				 #'FT_TagFTGroupTaggedComponent'
-				 {version = #'GIOP_Version'{major = 1, 
-							    minor = 2}, 
-				  ft_domain_id = "FT_FTDomainId",		
+				 {version = #'GIOP_Version'{major = 1,
+							    minor = 2},
+				  ft_domain_id = "FT_FTDomainId",
 				  object_group_id = ?ULONGLONGMAX,
 				  object_group_ref_version = ?LONGMAX}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_FT_PRIMARY, 
-				 component_data = 
+	  #'IOP_TaggedComponent'{tag = ?TAG_FT_PRIMARY,
+				 component_data =
 				 #'FT_TagFTPrimaryTaggedComponent'{primary = true}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_FT_HEARTBEAT_ENABLED, 
-				 component_data = 
+	  #'IOP_TaggedComponent'{tag = ?TAG_FT_HEARTBEAT_ENABLED,
+				 component_data =
 				 #'FT_TagFTHeartbeatEnabledTaggedComponent'{heartbeat_enabled = true}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_CSI_SEC_MECH_LIST, 
-				 component_data = 
+	  #'IOP_TaggedComponent'{tag = ?TAG_CSI_SEC_MECH_LIST,
+				 component_data =
 				 #'CSIIOP_CompoundSecMechList'
 				 {stateful = false,
-				  mechanism_list = 
+				  mechanism_list =
 				  [#'CSIIOP_CompoundSecMech'
-				   {target_requires = 6, 
-				    transport_mech = 
+				   {target_requires = 6,
+				    transport_mech =
 				    #'IOP_TaggedComponent'
 				    {tag=?TAG_TLS_SEC_TRANS,
 				     component_data=#'CSIIOP_TLS_SEC_TRANS'
-				    {target_supports = 7, 
-				     target_requires = 8, 
-				     addresses = 
-				     [#'CSIIOP_TransportAddress'{host_name = "127.0.0.1", 
+				    {target_supports = 7,
+				     target_requires = 8,
+				     addresses =
+				     [#'CSIIOP_TransportAddress'{host_name = "127.0.0.1",
 								 port = 6001}]}},
-				    as_context_mech = 
+				    as_context_mech =
 				    #'CSIIOP_AS_ContextSec'
 				    {target_supports = 9, target_requires = 10,
-				     client_authentication_mech = [1, 255], 
-				     target_name = [2,255]}, 
-				    sas_context_mech = 
+				     client_authentication_mech = [1, 255],
+				     target_name = [2,255]},
+				    sas_context_mech =
 				    #'CSIIOP_SAS_ContextSec'
 				    {target_supports = 11, target_requires = 12,
-				     privilege_authorities = 
+				     privilege_authorities =
 				     [#'CSIIOP_ServiceConfiguration'
-				      {syntax = ?ULONGMAX, 
-				       name = [3,255]}], 
+				      {syntax = ?ULONGMAX,
+				       name = [3,255]}],
 				     supported_naming_mechanisms = [[4,255],[5,255]],
 				     supported_identity_types = ?ULONGMAX}},
 				   #'CSIIOP_CompoundSecMech'
-				   {target_requires = 6, 
-				    transport_mech = 
+				   {target_requires = 6,
+				    transport_mech =
 				    #'IOP_TaggedComponent'
 				    {tag=?TAG_NULL_TAG,
 				     component_data=[]},
-				    as_context_mech = 
+				    as_context_mech =
 				    #'CSIIOP_AS_ContextSec'
 				    {target_supports = 9, target_requires = 10,
-				     client_authentication_mech = [1, 255], 
-				     target_name = [2,255]}, 
-				    sas_context_mech = 
+				     client_authentication_mech = [1, 255],
+				     target_name = [2,255]},
+				    sas_context_mech =
 				    #'CSIIOP_SAS_ContextSec'
 				    {target_supports = 11, target_requires = 12,
-				     privilege_authorities = 
+				     privilege_authorities =
 				     [#'CSIIOP_ServiceConfiguration'
-				      {syntax = ?ULONGMAX, 
-				       name = [3,255]}], 
+				      {syntax = ?ULONGMAX,
+				       name = [3,255]}],
 				     supported_naming_mechanisms = [[4,255],[5,255]],
 				     supported_identity_types = ?ULONGMAX}},
 				   #'CSIIOP_CompoundSecMech'
-				   {target_requires = 6, 
-				    transport_mech = 
+				   {target_requires = 6,
+				    transport_mech =
 				    #'IOP_TaggedComponent'
 				    {tag=?TAG_SECIOP_SEC_TRANS,
 				     component_data=#'CSIIOP_SECIOP_SEC_TRANS'
-				    {target_supports = 7, 
-				     target_requires = 8, 
+				    {target_supports = 7,
+				     target_requires = 8,
 				     mech_oid = [0,255],
 				     target_name = [0,255],
-				     addresses = 
-				     [#'CSIIOP_TransportAddress'{host_name = "127.0.0.1", 
+				     addresses =
+				     [#'CSIIOP_TransportAddress'{host_name = "127.0.0.1",
 								 port = 6001}]}},
-				    as_context_mech = 
+				    as_context_mech =
 				    #'CSIIOP_AS_ContextSec'
 				    {target_supports = 9, target_requires = 10,
-				     client_authentication_mech = [1, 255], 
-				     target_name = [2,255]}, 
-				    sas_context_mech = 
+				     client_authentication_mech = [1, 255],
+				     target_name = [2,255]},
+				    sas_context_mech =
 				    #'CSIIOP_SAS_ContextSec'
 				    {target_supports = 11, target_requires = 12,
-				     privilege_authorities = 
+				     privilege_authorities =
 				     [#'CSIIOP_ServiceConfiguration'
-				      {syntax = ?ULONGMAX, 
-				       name = [3,255]}], 
+				      {syntax = ?ULONGMAX,
+				       name = [3,255]}],
 				     supported_naming_mechanisms = [[4,255],[5,255]],
 				     supported_identity_types = ?ULONGMAX}}]}}],
     iop_ior:create(Version, "IDL:omg.org/CosNaming/NamingContextExt:1.0",
@@ -759,11 +800,11 @@ create_components_IOR(Version) ->
 %% function : alternate_ssl_iiop_address
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 alternate_ssl_iiop_address(Host, Port, SSLPort) ->
     IOR = create_alternate_ssl_iiop_address(Host, Port, SSLPort),
-    
+
     ?match(false, corba_object:non_existent(IOR)),
     ?match({'object_forward',_}, corba:locate(IOR)),
     ?match({'object_forward',_}, corba:locate(IOR, 10000)),
@@ -774,37 +815,37 @@ alternate_ssl_iiop_address(Host, Port, SSLPort) ->
 %% function : create_alternate_ssl_iiop_address
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 create_alternate_ssl_iiop_address(Host, Port, SSLPort) ->
-    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE, 
+    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE,
 				 component_data = ?ORBER_ORB_TYPE_1},
-	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS,
 				 component_data = ?DEFAULT_CODESETS},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = Port}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = 8000}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = 8000}},
-	  #'IOP_TaggedComponent'{tag=?TAG_SSL_SEC_TRANS, 
-				 component_data=#'SSLIOP_SSL'{target_supports = 2, 
-							      target_requires = 2, 
+	  #'IOP_TaggedComponent'{tag=?TAG_SSL_SEC_TRANS,
+				 component_data=#'SSLIOP_SSL'{target_supports = 2,
+							      target_requires = 2,
 							      port = SSLPort}}],
     #'IOP_IOR'{type_id=TypeID,
-	       profiles=P1} = _IORA = iop_ior:create_external({1,2}, 
+	       profiles=P1} = _IORA = iop_ior:create_external({1,2},
 							      "IDL:omg.org/CosNaming/NamingContextExt:1.0",
-							      Host, 8000, 
+							      Host, 8000,
 							      "NameService", MC),
-    #'IOP_IOR'{profiles=P2} = _IORB = iop_ior:create_external({1,1}, 
+    #'IOP_IOR'{profiles=P2} = _IORB = iop_ior:create_external({1,1},
 							      "IDL:omg.org/CosNaming/NamingContextExt:1.0",
-							      Host, 8000, 
+							      Host, 8000,
 							      "NameService", []),
     #'IOP_IOR'{type_id=TypeID, profiles=P2++P1}.
 
@@ -813,11 +854,11 @@ create_alternate_ssl_iiop_address(Host, Port, SSLPort) ->
 %% function : timeouts
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 
 timeouts(Host, Port, ReqT) ->
-    NSR = corba:resolve_initial_references_remote("NameService", 
+    NSR = corba:resolve_initial_references_remote("NameService",
             ["iiop://"++Host++":"++integer_to_list(Port)]),
     NC1 = lname_component:set_id(lname_component:create(), "mamba"),
     N1 = lname:insert_component(lname:create(), 1, NC1),
@@ -827,21 +868,21 @@ timeouts(Host, Port, ReqT) ->
     Viper = 'CosNaming_NamingContext':resolve(NSR, N2),
 
     ?match({'EXCEPTION',{'TIMEOUT',_,_,_}},
-	   orber_test_timeout_server:twoway_function(Viper, ReqT, ReqT*2)), 
-    ?match(ok, orber_test_timeout_server:oneway_function(Viper, ReqT*2)), 
+	   orber_test_timeout_server:twoway_function(Viper, ReqT, ReqT*2)),
+    ?match(ok, orber_test_timeout_server:oneway_function(Viper, ReqT*2)),
 
     ?match({'EXCEPTION',{'TIMEOUT',_,_,_}},
-		 orber_test_server:testing_iiop_twoway_delay(Mamba, ReqT)), 
+		 orber_test_server:testing_iiop_twoway_delay(Mamba, ReqT)),
     ?match(ok, orber_test_server:testing_iiop_oneway_delay(Mamba, ReqT)),
-    
+
     %% Since the objects are stalled we must wait until they are available again
     %% to be able to run any more tests and get the correct results.
     timer:sleep(ReqT*4),
-    
-    ?match(ok, orber_test_timeout_server:twoway_function(Viper, ReqT*2, ReqT)), 
-    ?match(ok, orber_test_timeout_server:oneway_function(Viper, ReqT*2)), 
-    
-    ?match(ok, orber_test_server:testing_iiop_twoway_delay(Mamba, 0)), 
+
+    ?match(ok, orber_test_timeout_server:twoway_function(Viper, ReqT*2, ReqT)),
+    ?match(ok, orber_test_timeout_server:oneway_function(Viper, ReqT*2)),
+
+    ?match(ok, orber_test_server:testing_iiop_twoway_delay(Mamba, 0)),
     ?match(ok, orber_test_server:testing_iiop_oneway_delay(Mamba, 0)),
 
     timer:sleep(ReqT*4),
@@ -852,11 +893,11 @@ timeouts(Host, Port, ReqT) ->
 %% Arguments: Host - which node to contact.
 %%            Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 
 light_tests(Host, Port, ObjName) ->
-    NSR = corba:resolve_initial_references_remote("NameService", 
+    NSR = corba:resolve_initial_references_remote("NameService",
             ["iiop://"++Host++":"++integer_to_list(Port)]),
     NC1 = lname_component:set_id(lname_component:create(), "not_exist"),
     N1 =  lname:insert_component(lname:create(), 1, NC1),
@@ -867,7 +908,7 @@ light_tests(Host, Port, ObjName) ->
 	   'CosNaming_NamingContext':resolve(NSR, N1)),
     NC2 = lname_component:set_id(lname_component:create(), ObjName),
     N2  = lname:insert_component(lname:create(), 1, NC2),
-    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		 'CosNaming_NamingContext':resolve(NSR, N2)),
     Nodes = orber:get_lightweight_nodes(),
     io:format("Light Nodes: ~p~n", [Nodes]),
@@ -889,165 +930,165 @@ test_coding(Obj) ->
 test_coding(Obj, Local) ->
     %%--- Testing code and decode arguments ---
     ?match({ok, 1.5}, orber_test_server:testing_iiop_float(Obj, 1.5)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_float(Obj, atom)),
 
     ?match({ok,1.0}, orber_test_server:testing_iiop_double(Obj, 1.0)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_double(Obj, "wrong")),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_short(Obj, 0)),
     ?match({ok,?SHORTMAX}, orber_test_server:testing_iiop_short(Obj, ?SHORTMAX)),
     ?match({ok,?SHORTMIN}, orber_test_server:testing_iiop_short(Obj, ?SHORTMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_short(Obj, atomic)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_short(Obj, ?SHORTMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_short(Obj, ?SHORTMIN-1)),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_ushort(Obj, 0)),
     ?match({ok,?USHORTMAX}, orber_test_server:testing_iiop_ushort(Obj, ?USHORTMAX)),
     ?match({ok,?USHORTMIN}, orber_test_server:testing_iiop_ushort(Obj, ?USHORTMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_ushort(Obj, ?USHORTMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_ushort(Obj, ?USHORTMIN-1)),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_long(Obj, 0)),
     ?match({ok,?LONGMAX}, orber_test_server:testing_iiop_long(Obj, ?LONGMAX)),
     ?match({ok,?LONGMIN}, orber_test_server:testing_iiop_long(Obj, ?LONGMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_long(Obj, "wrong")),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_long(Obj, ?LONGMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_long(Obj, ?LONGMIN-1)),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_longlong(Obj, 0)),
     ?match({ok,?LONGLONGMAX}, orber_test_server:testing_iiop_longlong(Obj, ?LONGLONGMAX)),
     ?match({ok,?LONGLONGMIN}, orber_test_server:testing_iiop_longlong(Obj, ?LONGLONGMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_longlong(Obj, "wrong")),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_longlong(Obj, ?LONGLONGMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_longlong(Obj, ?LONGLONGMIN-1)),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_ulong(Obj, 0)),
     ?match({ok,?ULONGMAX}, orber_test_server:testing_iiop_ulong(Obj, ?ULONGMAX)),
     ?match({ok,?ULONGMIN}, orber_test_server:testing_iiop_ulong(Obj, ?ULONGMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 		 orber_test_server:testing_iiop_ulong(Obj, ?ULONGMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 		 orber_test_server:testing_iiop_ulong(Obj, ?ULONGMIN-1)),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_ulonglong(Obj, 0)),
     ?match({ok,?ULONGLONGMAX}, orber_test_server:testing_iiop_ulonglong(Obj, ?ULONGLONGMAX)),
     ?match({ok,?ULONGLONGMIN}, orber_test_server:testing_iiop_ulonglong(Obj, ?ULONGLONGMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_ulonglong(Obj, ?ULONGLONGMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_ulonglong(Obj, ?ULONGLONGMIN-1)),
-    
+
     ?match({ok,98}, orber_test_server:testing_iiop_char(Obj, 98)),
     ?match({ok,$b}, orber_test_server:testing_iiop_char(Obj, $b)),
 
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_char(Obj, atomic)),
 
     ?match({ok,65535}, orber_test_server:testing_iiop_wchar(Obj, 65535)),
     ?match({ok,$b}, orber_test_server:testing_iiop_wchar(Obj, $b)),
 
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_wchar(Obj, atomic)),
-    
+
     ?match({ok,true}, orber_test_server:testing_iiop_bool(Obj, true)),
     ?match({ok,false}, orber_test_server:testing_iiop_bool(Obj, false)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_bool(Obj, atom)),
-    
+
     ?match({ok,1}, orber_test_server:testing_iiop_octet(Obj, 1)),
 % No real guards for this case.
-%    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+%    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 %	   orber_test_server:testing_iiop_octet(Obj, 1.5)),
     IOR12 = create_components_IOR({1,2}),
     ?match({ok,Obj}, orber_test_server:testing_iiop_obj(Obj, Obj)),
     ?match({ok,IOR12}, orber_test_server:testing_iiop_obj(Obj, IOR12)),
     PObj = orber_test_server:oe_create([], [{pseudo,true}]),
     ?match({ok, _}, orber_test_server:testing_iiop_obj(Obj, PObj)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_obj(Obj, "no_object")),
     ?match({ok,"string"}, orber_test_server:testing_iiop_string(Obj, "string")),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_string(Obj, "ToLongString")),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_string(Obj, atomic)),
 
     ?match({ok,[65535]}, orber_test_server:testing_iiop_wstring(Obj, [65535])),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_wstring(Obj, "ToLongWstring")),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_wstring(Obj, atomic)),
 
-    ?match({ok, one}, 
+    ?match({ok, one},
 		 orber_test_server:testing_iiop_enum(Obj, one)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_enum(Obj, three)),
-    ?match({ok,[1,2,3]}, 
+    ?match({ok,[1,2,3]},
 		 orber_test_server:testing_iiop_seq(Obj, [1,2,3])),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_seq(Obj, [1,2,3,4])),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_seq(Obj, false)),
 
 
-    ?match({ok,[#orber_test_server_struc{a=1, b=2}]}, 
-		 orber_test_server:testing_iiop_struc_seq(Obj, 
+    ?match({ok,[#orber_test_server_struc{a=1, b=2}]},
+		 orber_test_server:testing_iiop_struc_seq(Obj,
 					  [#orber_test_server_struc{a=1, b=2}])),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_struc_seq(Obj, false)),
 
-    ?match({ok,[#orber_test_server_uni{label=1, value=66}]}, 
-		 orber_test_server:testing_iiop_uni_seq(Obj, 
+    ?match({ok,[#orber_test_server_uni{label=1, value=66}]},
+		 orber_test_server:testing_iiop_uni_seq(Obj,
 					  [#orber_test_server_uni{label=1, value=66}])),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_uni_seq(Obj, false)),
 
-    ?match({ok,{"one", "two"}}, 
+    ?match({ok,{"one", "two"}},
 		 orber_test_server:testing_iiop_array(Obj, {"one", "two"})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_array(Obj, {"one", "two", "three"})),
-    ?match({ok,#orber_test_server_struc{a=1, b=2}}, 
-		 orber_test_server:testing_iiop_struct(Obj, 
+    ?match({ok,#orber_test_server_struc{a=1, b=2}},
+		 orber_test_server:testing_iiop_struct(Obj,
                                          #orber_test_server_struc{a=1, b=2})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_struct(Obj, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_struct(Obj,
                                          #orber_test_server_struc{a="WRONG", b=2})),
-    ?match({ok,#orber_test_server_uni{label=1, value=66}}, 
-	   orber_test_server:testing_iiop_union(Obj, 
+    ?match({ok,#orber_test_server_uni{label=1, value=66}},
+	   orber_test_server:testing_iiop_union(Obj,
                                            #orber_test_server_uni{label=1, value=66})),
 
-    ?match({ok,#orber_test_server_uni_d{label=1, value=66}}, 
-	   orber_test_server:testing_iiop_union_d(Obj, 
+    ?match({ok,#orber_test_server_uni_d{label=1, value=66}},
+	   orber_test_server:testing_iiop_union_d(Obj,
                                            #orber_test_server_uni_d{label=1, value=66})),
 
-    ?match({ok,#orber_test_server_uni_d{label=2, value=true}}, 
-	   orber_test_server:testing_iiop_union_d(Obj, 
+    ?match({ok,#orber_test_server_uni_d{label=2, value=true}},
+	   orber_test_server:testing_iiop_union_d(Obj,
                                            #orber_test_server_uni_d{label=2, value=true})),
 
     ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
-	   orber_test_server:testing_iiop_union_d(Obj, 
+	   orber_test_server:testing_iiop_union_d(Obj,
                                            #orber_test_server_uni_d{label=2, value=66})),
 
     case Local of
 	true ->
-	    ?match({ok,#orber_test_server_uni{label=2, value=66}}, 
-		   orber_test_server:testing_iiop_union(Obj, 
+	    ?match({ok,#orber_test_server_uni{label=2, value=66}},
+		   orber_test_server:testing_iiop_union(Obj,
 							#orber_test_server_uni{label=2, value=66}));
 	false ->
-	    ?match({ok,#orber_test_server_uni{label=2, value=undefined}}, 
-		   orber_test_server:testing_iiop_union(Obj, 
+	    ?match({ok,#orber_test_server_uni{label=2, value=undefined}},
+		   orber_test_server:testing_iiop_union(Obj,
 							#orber_test_server_uni{label=2, value=66}))
     end,
 
@@ -1058,258 +1099,258 @@ test_coding(Obj, Local) ->
     C4 = orber_test_server:fixed52negconst1(),
     C5 = orber_test_server:fixed52negconst2(),
     C6 = orber_test_server:fixed52negconst3(),
-    
+
     ?match({ok,C1}, orber_test_server:testing_iiop_fixed(Obj, C1)),
     ?match({ok,C2}, orber_test_server:testing_iiop_fixed(Obj, C2)),
     ?match({ok,C3}, orber_test_server:testing_iiop_fixed(Obj, C3)),
     ?match({ok,C4}, orber_test_server:testing_iiop_fixed(Obj, C4)),
     ?match({ok,C5}, orber_test_server:testing_iiop_fixed(Obj, C5)),
     ?match({ok,C6}, orber_test_server:testing_iiop_fixed(Obj, C6)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-		 orber_test_server:testing_iiop_fixed(Obj, #fixed{digits = 5, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+		 orber_test_server:testing_iiop_fixed(Obj, #fixed{digits = 5,
 								  scale = 2,
 								  value = 123450})),
 
     ?match(ok, orber_test_server:testing_iiop_void(Obj)),
 
-    ?match({'EXCEPTION',{'BAD_QOS',_,_,_}}, 
+    ?match({'EXCEPTION',{'BAD_QOS',_,_,_}},
 	   orber_test_server:pseudo_call_raise_exc(Obj, 1)),
-    ?match({'EXCEPTION',{'BAD_QOS',_,_,_}}, 
+    ?match({'EXCEPTION',{'BAD_QOS',_,_,_}},
 	   orber_test_server:pseudo_call_raise_exc(Obj, 2)),
-    ?match({'EXCEPTION',{'orber_test_server_UserDefinedException',_}}, 
+    ?match({'EXCEPTION',{'orber_test_server_UserDefinedException',_}},
 		 orber_test_server:raise_local_exception(Obj)),
     ?match({'EXCEPTION',{'orber_test_server_ComplexUserDefinedException',_,
-			       [#orber_test_server_struc{a=1, b=2}]}}, 
+			       [#orber_test_server_struc{a=1, b=2}]}},
 		 orber_test_server:raise_complex_local_exception(Obj)),
     %% Test all TypeCodes
-    ?match({ok, #any{typecode = tk_long, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long, 
+    ?match({ok, #any{typecode = tk_long, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long,
 							      value = 1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long,
 							value = "wrong"})),
-    ?match({ok, #any{typecode = tk_float, value = 1.5}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_float, 
+    ?match({ok, #any{typecode = tk_float, value = 1.5}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_float,
 							      value = 1.5})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long,
 							value = "wrong"})),
-    ?match({ok, #any{typecode = tk_double}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_double, 
+    ?match({ok, #any{typecode = tk_double}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_double,
 							      value = 1.0})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_double, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_double,
 							value = "wrong"})),
-    ?match({ok, #any{typecode = tk_short, value = -1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_short, 
+    ?match({ok, #any{typecode = tk_short, value = -1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_short,
 							      value = -1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_short, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_short,
 							value = atomic})),
-    ?match({ok, #any{typecode = tk_ushort, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ushort, 
+    ?match({ok, #any{typecode = tk_ushort, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ushort,
 							      value = 1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ushort, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ushort,
 							value = -1})),
-    ?match({ok, #any{typecode = tk_long, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long, 
+    ?match({ok, #any{typecode = tk_long, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long,
 							      value = 1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long,
 							value = "wrong"})),
-    ?match({ok, #any{typecode = tk_longlong, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_longlong, 
+    ?match({ok, #any{typecode = tk_longlong, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_longlong,
 							      value = 1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_longlong, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_longlong,
 							value = "wrong"})),
-    ?match({ok, #any{typecode = tk_ulong, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong, 
+    ?match({ok, #any{typecode = tk_ulong, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong,
 							      value = 1})),
-    ?match({ok, #any{typecode = tk_ulong, value = 4294967295}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong, 
+    ?match({ok, #any{typecode = tk_ulong, value = 4294967295}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong,
 							      value = 4294967295})),
     ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong, 
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong,
 							      value = 4294967296})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong,
 							value = -1})),
-    ?match({ok, #any{typecode = tk_ulonglong, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulonglong, 
+    ?match({ok, #any{typecode = tk_ulonglong, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulonglong,
 							      value = 1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulonglong, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulonglong,
 							value = -1})),
-    ?match({ok, #any{typecode = tk_char, value = 98}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char, 
+    ?match({ok, #any{typecode = tk_char, value = 98}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char,
 							      value = 98})),
-    ?match({ok, #any{typecode = tk_char, value = $b}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char, 
+    ?match({ok, #any{typecode = tk_char, value = $b}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char,
 							      value = $b})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char,
 							value = atomic})),
-    ?match({ok, #any{typecode = tk_wchar, value = 65535}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar, 
+    ?match({ok, #any{typecode = tk_wchar, value = 65535}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar,
 							      value = 65535})),
-    ?match({ok, #any{typecode = tk_wchar, value = $b}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar, 
+    ?match({ok, #any{typecode = tk_wchar, value = $b}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar,
 							      value = $b})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar,
 							value = atomic})),
-    ?match({ok, #any{typecode = tk_boolean, value = true}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean, 
+    ?match({ok, #any{typecode = tk_boolean, value = true}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean,
 							      value = true})),
-    ?match({ok, #any{typecode = tk_boolean, value = false}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean, 
+    ?match({ok, #any{typecode = tk_boolean, value = false}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean,
 							      value = false})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean,
 							value = 1})),
-    ?match({ok, #any{typecode = tk_octet, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_octet, 
+    ?match({ok, #any{typecode = tk_octet, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_octet,
 							      value = 1})),
-    ?match({ok, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"}, value = Obj}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"}, 
+    ?match({ok, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"}, value = Obj}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"},
 							      value = Obj})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"},
 							value = "No Object"})),
-    ?match({ok, #any{typecode = {tk_string, 6}, value = "string"}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_string, 6}, 
+    ?match({ok, #any{typecode = {tk_string, 6}, value = "string"}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_string, 6},
 							      value = "string"})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_string, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_string,
 							value = atomic})),
-    ?match({ok, #any{typecode = {tk_wstring, 1}, value = [65535]}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_wstring, 1}, 
+    ?match({ok, #any{typecode = {tk_wstring, 1}, value = [65535]}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_wstring, 1},
 							      value = [65535]})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_wstring, 1}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_wstring, 1},
 							value = atomic})),
-    ?match({ok, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]}, 
-			   value = two}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]}, 
+    ?match({ok, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]},
+			   value = two}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]},
 							      value = two})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]},
 							      value = three})),
 
 
-    ?match({ok, #any{typecode = {tk_sequence, tk_long, 3}, 
-			   value = [1,2,3]}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_sequence, tk_long, 3}, 
+    ?match({ok, #any{typecode = {tk_sequence, tk_long, 3},
+			   value = [1,2,3]}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_sequence, tk_long, 3},
 							      value = [1,2,3]})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_sequence, tk_long, 3}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_sequence, tk_long, 3},
 							value = false})),
 
 
 
-    ?match({ok, #any{typecode = {tk_array,{tk_string,0},2}, 
-			   value = {"one", "two"}}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2}, 
+    ?match({ok, #any{typecode = {tk_array,{tk_string,0},2},
+			   value = {"one", "two"}}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2},
 							      value = {"one", "two"}})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2},
 							value = {"one", "two", "three"}})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2},
 							value = {1, 2}})),
     ?match({ok, #any{typecode = {tk_struct,"IDL:omg.org/orber_test/server/struc:1.0",
 				       "struc",
-				       [{"a",tk_long},{"b",tk_short}]}, 
-			   value = #orber_test_server_struc{a=1, b=2}}}, 
+				       [{"a",tk_long},{"b",tk_short}]},
+			   value = #orber_test_server_struc{a=1, b=2}}},
 		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_struct,"IDL:omg.org/orber_test/server/struc:1.0",
 									  "struc",
 									  [{"a",tk_long},{"b",tk_short}]},
 							      value = #orber_test_server_struc{a=1, b=2}})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_struct,"IDL:omg.org/orber_test/server/struc:1.0",
 								    "struc",
-								    [{"a",tk_long},{"b",tk_short}]}, 
+								    [{"a",tk_long},{"b",tk_short}]},
 							value = #orber_test_server_struc{a=1, b="string"}})),
-    ?match({ok, #any{typecode = 
+    ?match({ok, #any{typecode =
 			   {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-			    "uni", tk_long, -1, [{1,"a",tk_long}]}, 
-			   value = #orber_test_server_uni{label=1, value=66}}}, 
+			    "uni", tk_long, -1, [{1,"a",tk_long}]},
+			   value = #orber_test_server_uni{label=1, value=66}}},
 		 orber_test_server:
-		 testing_iiop_any(Obj, 
-				  #any{typecode = 
+		 testing_iiop_any(Obj,
+				  #any{typecode =
 				       {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-					"uni", tk_long,	-1, [{1,"a",tk_long}]}, 
+					"uni", tk_long,	-1, [{1,"a",tk_long}]},
 				       value = #orber_test_server_uni{label=1, value=66}})),
     case Local of
 	true ->
-	    ?match({ok, #any{typecode = 
+	    ?match({ok, #any{typecode =
 				   {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-				    "uni", tk_long, -1, [{1,"a",tk_long}]}, 
-				   value = #orber_test_server_uni{label=2, value=66}}}, 
+				    "uni", tk_long, -1, [{1,"a",tk_long}]},
+				   value = #orber_test_server_uni{label=2, value=66}}},
 			 orber_test_server:
 			 testing_iiop_any(Obj,
-					  #any{typecode = 
+					  #any{typecode =
 					       {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-						"uni", tk_long,	-1, [{1,"a",tk_long}]}, 
+						"uni", tk_long,	-1, [{1,"a",tk_long}]},
 					       value = #orber_test_server_uni{label=2, value=66}}));
 	false ->
-	    ?match({ok, #any{typecode = 
+	    ?match({ok, #any{typecode =
 				   {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-				    "uni", tk_long, -1, [{1,"a",tk_long}]}, 
-				   value = #orber_test_server_uni{label=2, value=undefined}}}, 
+				    "uni", tk_long, -1, [{1,"a",tk_long}]},
+				   value = #orber_test_server_uni{label=2, value=undefined}}},
 			 orber_test_server:
 			 testing_iiop_any(Obj,
-					  #any{typecode = 
+					  #any{typecode =
 					       {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-						"uni", tk_long,	-1, [{1,"a",tk_long}]}, 
+						"uni", tk_long,	-1, [{1,"a",tk_long}]},
 					       value = #orber_test_server_uni{label=2, value=66}}))
     end,
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:
-		 testing_iiop_any(Obj, 
-				  #any{typecode = 
+		 testing_iiop_any(Obj,
+				  #any{typecode =
 				       {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-					"uni", tk_long, -1, [{1,"a",tk_long}]}, 
+					"uni", tk_long, -1, [{1,"a",tk_long}]},
 				       value = #orber_test_server_uni{label=1, value="string"}})),
 
-    ?match({ok, #any{typecode = {tk_fixed,5,2}, 
-			   value = #fixed{digits = 5, scale = 2, value = 12345}}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,5,2}, 
-							      value = #fixed{digits = 5, 
-									     scale = 2, 
+    ?match({ok, #any{typecode = {tk_fixed,5,2},
+			   value = #fixed{digits = 5, scale = 2, value = 12345}}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,5,2},
+							      value = #fixed{digits = 5,
+									     scale = 2,
 									     value = 12345}})),
-    ?match({ok, #any{typecode = {tk_fixed,10,2}, 
-			   value = #fixed{digits = 10, scale = 2, value = 1234567890}}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,10,2}, 
-							      value = #fixed{digits = 10, 
-									     scale = 2, 
+    ?match({ok, #any{typecode = {tk_fixed,10,2},
+			   value = #fixed{digits = 10, scale = 2, value = 1234567890}}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,10,2},
+							      value = #fixed{digits = 10,
+									     scale = 2,
 									     value = 1234567890}})),
-    ?match({ok, #any{typecode = {tk_fixed,6,2}, 
-			   value = #fixed{digits = 6, scale = 2, value = 300000}}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,6,2}, 
-							      value = #fixed{digits = 6, 
-									     scale = 2, 
+    ?match({ok, #any{typecode = {tk_fixed,6,2},
+			   value = #fixed{digits = 6, scale = 2, value = 300000}}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,6,2},
+							      value = #fixed{digits = 6,
+									     scale = 2,
 									     value = 300000}})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
           orber_test_server:
 		 testing_iiop_server_marshal(Obj, "string")),
-    
+
     RecS = #orber_test_server_rec_struct{chain = [#orber_test_server_rec_struct{chain = []}]},
     ?match(RecS, orber_test_server:testing_iiop_rec_struct(Obj, RecS)),
-    
-    RecU = #orber_test_server_rec_union{label = 'RecursiveType', 
+
+    RecU = #orber_test_server_rec_union{label = 'RecursiveType',
 					value = [#orber_test_server_rec_union{label = 'RecursiveType',
 									      value = []}]},
     ?match(RecU, orber_test_server:testing_iiop_rec_union(Obj, RecU)),
 
 %%     RecA1 = #any{typecode = unsupported, value = RecS},
 %%     RecA2 = #any{typecode = unsupported, value = RecU},
-%%     ?match(RecA1, 
-%% 	   orber_test_server:testing_iiop_rec_any(Obj, RecA1)),    
-%%     ?match(RecA2, 
-%% 	   orber_test_server:testing_iiop_rec_any(Obj, RecA2)),    
+%%     ?match(RecA1,
+%% 	   orber_test_server:testing_iiop_rec_any(Obj, RecA1)),
+%%     ?match(RecA2,
+%% 	   orber_test_server:testing_iiop_rec_any(Obj, RecA2)),
 
     ok.
 
@@ -1332,14 +1373,14 @@ Result    : ~p
     ok.
 
 %%--------------- Testing Missing Module ---------------------
-oe_get_interface() ->  
+oe_get_interface() ->
     non_existing_module:tc(foo).
 
 %%--------------- INTERCEPTOR FUNCTIONS ----------------------
 %%------------------------------------------------------------
 %% function : new_in_connection
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 new_in_connection(Arg, CHost, Port) ->
     Host = node(),
@@ -1353,14 +1394,14 @@ To Host   : ~p
 To Port   : ~p
 Peers     : ~p
 Arg       : ~p
-==========================================~n", 
+==========================================~n",
 			  [Host, CHost, Port, SHost, SPort, Peers, Arg]),
     {Host}.
 
 %%------------------------------------------------------------
 %% function : new_out_connection
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 new_out_connection(Arg, SHost, Port) ->
     Host = node(),
@@ -1369,73 +1410,73 @@ Node      : ~p
 To Host   : ~p
 To Port   : ~p
 Arg       : ~p
-==========================================~n", 
+==========================================~n",
 			  [Host, SHost, Port, Arg]),
     {Host}.
 
 %%------------------------------------------------------------
 %% function : closed_in_connection
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 closed_in_connection(Arg) ->
     error_logger:info_msg("=============== closed_in_connection =====
 Node      : ~p
 Connection: ~p
-==========================================~n", 
+==========================================~n",
 			  [node(), Arg]),
     Arg.
 
 %%------------------------------------------------------------
 %% function : closed_out_connection
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 closed_out_connection(Arg) ->
     error_logger:info_msg("=============== closed_out_connection ====
 Node      : ~p
 Connection: ~p
-==========================================~n", 
+==========================================~n",
 			  [node(), Arg]),
     Arg.
 
 %%------------------------------------------------------------
 %% function : in_request_encoded
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
-in_request_encoded(Ref, _ObjKey, Ctx, Op, 
+in_request_encoded(Ref, _ObjKey, Ctx, Op,
 	   <<100:8,101:8,102:8,103:8,104:8,105:8,106:8,107:8,108:8,109:8,110:8,T/binary>>, _Args) ->
     error_logger:info_msg("=============== in_request_encoded =======
 Connection: ~p
 Operation : ~p
 Body      : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, T, Ctx]),
     {T, "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : in_reply_encoded
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 in_reply_encoded(Ref, _ObjKey, Ctx, Op,
-	 <<100:8,101:8,102:8,103:8,104:8,105:8,106:8,107:8,108:8,109:8,110:8,T/binary>>, 
+	 <<100:8,101:8,102:8,103:8,104:8,105:8,106:8,107:8,108:8,109:8,110:8,T/binary>>,
 	 _Args) ->
     error_logger:info_msg("============== in_reply_encoded ==========
 Connection: ~p
 Operation : ~p
 Body      : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, T, Ctx]),
     {T, "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : out_reply_encoded
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 out_reply_encoded(Ref, _ObjKey, Ctx, Op, List, _Args) ->
     error_logger:info_msg("============== out_reply_encoded =========
@@ -1443,14 +1484,14 @@ Connection: ~p
 Operation : ~p
 Body      : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, List, Ctx]),
     {list_to_binary([<<100:8,101:8,102:8,103:8,104:8,105:8,106:8,107:8,108:8,109:8,110:8>>|List]), "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : out_request_encoded
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 out_request_encoded(Ref, _ObjKey, Ctx, Op, List, _Args) ->
     error_logger:info_msg("============== out_request_encoded =======
@@ -1458,14 +1499,14 @@ Connection: ~p
 Operation : ~p
 Body      : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, List, Ctx]),
     {list_to_binary([<<100:8,101:8,102:8,103:8,104:8,105:8,106:8,107:8,108:8,109:8,110:8>>|List]), "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : in_request
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 in_request(Ref, _ObjKey, Ctx, Op, Params, _Args) ->
     error_logger:info_msg("=============== in_request ===============
@@ -1473,14 +1514,14 @@ Connection: ~p
 Operation : ~p
 Parameters: ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, Params, Ctx]),
     {Params, "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : in_reply
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 in_reply(Ref, _ObjKey, Ctx, Op, Reply, _Args) ->
     error_logger:info_msg("=============== in_reply =================
@@ -1488,14 +1529,14 @@ Connection: ~p
 Operation : ~p
 Reply     : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, Reply, Ctx]),
     {Reply, "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : postinvoke
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 out_reply(Ref, _ObjKey, Ctx, Op, Reply, _Args) ->
     error_logger:info_msg("=============== out_reply ================
@@ -1503,14 +1544,14 @@ Connection: ~p
 Operation : ~p
 Reply     : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, Reply, Ctx]),
     {Reply, "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : postinvoke
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 out_request(Ref, _ObjKey, Ctx, Op, Params, _Args) ->
     error_logger:info_msg("=============== out_request ==============
@@ -1518,7 +1559,7 @@ Connection: ~p
 Operation : ~p
 Parameters: ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, Params, Ctx]),
     {Params, "NewArgs"}.
 
diff --git a/lib/os_mon/c_src/Makefile.in b/lib/os_mon/c_src/Makefile.in
index b81d3f564b..bac0413ece 100644
--- a/lib/os_mon/c_src/Makefile.in
+++ b/lib/os_mon/c_src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/os_mon/c_src/memsup.c b/lib/os_mon/c_src/memsup.c
index 241e7718db..b6e417eaa0 100644
--- a/lib/os_mon/c_src/memsup.c
+++ b/lib/os_mon/c_src/memsup.c
@@ -327,27 +327,27 @@ get_mem_procfs(memory_ext *me){
     /* Total and free is NEEDED! */
     
     bp = strstr(buffer, "MemTotal:");    
-    if (sscanf(bp, "MemTotal: %lu kB\n", &(me->total)))  me->flag |= F_MEM_TOTAL;
+    if (bp != NULL && sscanf(bp, "MemTotal: %lu kB\n", &(me->total)))  me->flag |= F_MEM_TOTAL;
 
     bp = strstr(buffer, "MemFree:");    
-    if (sscanf(bp, "MemFree: %lu kB\n", &(me->free)))    me->flag |= F_MEM_FREE;
+    if (bp != NULL && sscanf(bp, "MemFree: %lu kB\n", &(me->free)))    me->flag |= F_MEM_FREE;
     
     /* Extensions */
     
     bp = strstr(buffer, "Buffers:");    
-    if (sscanf(bp, "Buffers: %lu kB\n", &(me->buffered))) me->flag |= F_MEM_BUFFERS;
+    if (bp != NULL && sscanf(bp, "Buffers: %lu kB\n", &(me->buffered))) me->flag |= F_MEM_BUFFERS;
     
     bp = strstr(buffer, "Cached:");    
-    if (sscanf(bp, "Cached: %lu kB\n", &(me->cached)))   me->flag |= F_MEM_CACHED;
+    if (bp != NULL && sscanf(bp, "Cached: %lu kB\n", &(me->cached)))   me->flag |= F_MEM_CACHED;
     
 
     /* Swap */
     
     bp = strstr(buffer, "SwapTotal:");    
-    if (sscanf(bp, "SwapTotal: %lu kB\n", &(me->total_swap))) me->flag |= F_SWAP_TOTAL;
+    if (bp != NULL && sscanf(bp, "SwapTotal: %lu kB\n", &(me->total_swap))) me->flag |= F_SWAP_TOTAL;
     
     bp = strstr(buffer, "SwapFree:");    
-    if (sscanf(bp, "SwapFree: %lu kB\n", &(me->free_swap))) me->flag |= F_SWAP_FREE;
+    if (bp != NULL && sscanf(bp, "SwapFree: %lu kB\n", &(me->free_swap))) me->flag |= F_SWAP_FREE;
     
     me->pagesize = 1024; /* procfs defines its size in kB */
     
diff --git a/lib/os_mon/doc/src/notes.xml b/lib/os_mon/doc/src/notes.xml
index f641bbd828..b459e31fa5 100644
--- a/lib/os_mon/doc/src/notes.xml
+++ b/lib/os_mon/doc/src/notes.xml
@@ -30,6 +30,35 @@
   </header>
   <p>This document describes the changes made to the OS_Mon application.</p>
 
+<section><title>Os_Mon 2.2.8</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Os_Mon 2.2.7</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/os_mon/mibs/Makefile b/lib/os_mon/mibs/Makefile
index a361fef378..655190edf4 100644
--- a/lib/os_mon/mibs/Makefile
+++ b/lib/os_mon/mibs/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/os_mon/src/cpu_sup.erl b/lib/os_mon/src/cpu_sup.erl
index e414e2c10b..34251178ee 100644
--- a/lib/os_mon/src/cpu_sup.erl
+++ b/lib/os_mon/src/cpu_sup.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -764,8 +764,7 @@ port_receive_cpu_util_entries(_, _, Data) ->
      exit({data_mismatch, Data}).
 
 start_portprogram() ->
-    Command = filename:join([code:priv_dir(os_mon), "bin", "cpu_sup"]),
-    Port = open_port({spawn, Command}, [stream]),
+    Port = os_mon:open_port("cpu_sup", [stream]),
     port_command(Port, ?ping),
     4711 = port_receive_uint32(Port, 5000),
     Port.
diff --git a/lib/os_mon/src/memsup.erl b/lib/os_mon/src/memsup.erl
index ba07a529bc..49533da1f7 100644
--- a/lib/os_mon/src/memsup.erl
+++ b/lib/os_mon/src/memsup.erl
@@ -802,8 +802,7 @@ port_init() ->
     port_idle(Port).
 
 start_portprogram() ->
-    Command = filename:join([code:priv_dir(os_mon), "bin", "memsup"]),
-    open_port({spawn, Command}, [{packet, 1}]).
+    os_mon:open_port("memsup",[{packet,1}]).
 
 %% The connected process loops are a bit awkward (several different
 %% functions doing almost the same thing) as
diff --git a/lib/os_mon/src/os_mon.erl b/lib/os_mon/src/os_mon.erl
index ef368571db..3098c38808 100644
--- a/lib/os_mon/src/os_mon.erl
+++ b/lib/os_mon/src/os_mon.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -22,7 +22,7 @@
 -behaviour(supervisor).
 
 %% API
--export([call/2, call/3, get_env/2]).
+-export([call/2, call/3, get_env/2, open_port/2]).
 
 %% Application callbacks
 -export([start/2, stop/1]).
@@ -79,6 +79,22 @@ get_env(Service, Param) ->
 	    Service:param_default(Param)
     end.
 
+open_port(Name, Opts) ->
+    PrivDir = code:priv_dir(os_mon),
+    ReleasedPath = filename:join([PrivDir,"bin",Name]),
+    %% Check os_mon*/priv/bin/Name
+    case filelib:is_regular(ReleasedPath) of
+	true ->
+	    erlang:open_port({spawn, ReleasedPath}, Opts);
+	false ->
+	    %% Use os_mon*/priv/bin/Arch/Name
+	    ArchPath =
+		filename:join(
+		  [PrivDir,"bin",erlang:system_info(system_architecture),Name]),
+	    erlang:open_port({spawn, ArchPath}, Opts)
+    end.
+
+
 %%%-----------------------------------------------------------------
 %%% Application callbacks
 %%%-----------------------------------------------------------------
diff --git a/lib/os_mon/src/os_mon_mib.erl b/lib/os_mon/src/os_mon_mib.erl
index a4ce274a16..ea17f928cc 100644
--- a/lib/os_mon/src/os_mon_mib.erl
+++ b/lib/os_mon/src/os_mon_mib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -65,11 +65,11 @@
 %% Shadow argument macros 
 -define(loadShadowArgs, 
 	{loadTable, string, record_info(fields, loadTable), 5000,
-	 {os_mon_mib, update_load_table}}). 
+	 fun os_mon_mib:update_load_table/0}).
 	
 -define(diskShadowArgs, 
 	{diskTable, {integer, integer}, record_info(fields, diskTable), 5000,
-	 {os_mon_mib, update_disk_table}}). 
+	 fun os_mon_mib:update_disk_table/0}).
 
 %% Misc
 -record(diskAlloc, {diskDescr, diskId}).
diff --git a/lib/os_mon/src/os_mon_sysinfo.erl b/lib/os_mon/src/os_mon_sysinfo.erl
index 5d12bd95d1..080885d5d6 100644
--- a/lib/os_mon/src/os_mon_sysinfo.erl
+++ b/lib/os_mon/src/os_mon_sysinfo.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -108,9 +108,7 @@ code_change(_OldVsn, State, _Extra) ->
 %%----------------------------------------------------------------------
 
 start_portprogram() ->
-    Command =
-	filename:join([code:priv_dir(os_mon),"bin","win32sysinfo.exe"]),
-    Port = open_port({spawn,Command}, [{packet,1}]),
+    Port = os_mon:open_port("win32sysinfo.exe", [{packet,1}]),
     receive
 	{Port, {data, [?OK]}} ->
 	    Port;
diff --git a/lib/os_mon/test/os_mon_mib_SUITE.erl b/lib/os_mon/test/os_mon_mib_SUITE.erl
index 4bd256a3f7..a137efc441 100644
--- a/lib/os_mon/test/os_mon_mib_SUITE.erl
+++ b/lib/os_mon/test/os_mon_mib_SUITE.erl
@@ -718,7 +718,7 @@ del_dir(Dir) ->
     {ok, Files} = file:list_dir(Dir),
     FullPathFiles = lists:map(fun(File) -> filename:join(Dir, File) end,
 			      Files),
-    lists:foreach({file, delete}, FullPathFiles),
+    lists:foreach(fun file:delete/1, FullPathFiles),
     file:del_dir(Dir).
 
 %%---------------------------------------------------------------------
diff --git a/lib/os_mon/vsn.mk b/lib/os_mon/vsn.mk
index f000e24a8f..89dfa59dd9 100644
--- a/lib/os_mon/vsn.mk
+++ b/lib/os_mon/vsn.mk
@@ -1 +1 @@
-OS_MON_VSN = 2.2.7
+OS_MON_VSN = 2.2.8
diff --git a/lib/otp_mibs/doc/src/notes.xml b/lib/otp_mibs/doc/src/notes.xml
index 94c1dd4228..71e33fceb9 100644
--- a/lib/otp_mibs/doc/src/notes.xml
+++ b/lib/otp_mibs/doc/src/notes.xml
@@ -31,6 +31,26 @@
   <p>This document describes the changes made to the OTP_Mibs
     application.</p>
 
+<section><title>Otp_Mibs 1.0.7</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Otp_Mibs 1.0.6</title>
 
     <section><title>Improvements and New Features</title>
diff --git a/lib/otp_mibs/src/otp_mib.erl b/lib/otp_mibs/src/otp_mib.erl
index e8b0e51b91..619104007c 100644
--- a/lib/otp_mibs/src/otp_mib.erl
+++ b/lib/otp_mibs/src/otp_mib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -48,11 +48,11 @@
 %% Shadow argument macros 
 -define(erlNodeShadowArgs, 
 	{erlNodeTable, integer, record_info(fields, erlNodeTable), 5000,
-	 {otp_mib, update_erl_node_table}}). 
+	 fun otp_mib:update_erl_node_table/0}).
 
 -define(applShadowArgs,
 	{applTable, {integer, integer}, record_info(fields, applTable), 
-	 5000, {otp_mib, update_appl_table}}).
+	 5000, fun otp_mib:update_appl_table/0}).
 
 %% Misc
 -record(erlNodeAlloc, {nodeName, nodeId}).
diff --git a/lib/otp_mibs/vsn.mk b/lib/otp_mibs/vsn.mk
index c2fa7c9474..f070288032 100644
--- a/lib/otp_mibs/vsn.mk
+++ b/lib/otp_mibs/vsn.mk
@@ -1,4 +1,4 @@
-OTP_MIBS_VSN = 1.0.6
+OTP_MIBS_VSN = 1.0.7
 
 # Note: The branch 'otp_mibs' is defunct as of otp_mibs-1.0.4 and
 # should NOT be used again.
diff --git a/lib/parsetools/doc/src/notes.xml b/lib/parsetools/doc/src/notes.xml
index 0c611db1ec..ac29cbb893 100644
--- a/lib/parsetools/doc/src/notes.xml
+++ b/lib/parsetools/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1997</year><year>2010</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -30,6 +30,26 @@
   </header>
   <p>This document describes the changes made to the Parsetools application.</p>
 
+<section><title>Parsetools 2.0.7</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Parsetools 2.0.6</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/parsetools/include/yeccpre.hrl b/lib/parsetools/include/yeccpre.hrl
index f638529aa4..3672394fc5 100644
--- a/lib/parsetools/include/yeccpre.hrl
+++ b/lib/parsetools/include/yeccpre.hrl
@@ -28,10 +28,11 @@ parse(Tokens) ->
 
 -spec parse_and_scan({function() | {atom(), atom()}, [_]}
                      | {atom(), atom(), [_]}) -> yecc_ret().
-parse_and_scan({F, A}) -> % Fun or {M, F}
+parse_and_scan({F, A}) ->
     yeccpars0([], {{F, A}, no_line}, 0, [], []);
 parse_and_scan({M, F, A}) ->
-    yeccpars0([], {{{M, F}, A}, no_line}, 0, [], []).
+    Arity = length(A),
+    yeccpars0([], {{fun M:F/Arity, A}, no_line}, 0, [], []).
 
 -spec format_error(any()) -> [char() | list()].
 format_error(Message) ->
diff --git a/lib/parsetools/test/yecc_SUITE.erl b/lib/parsetools/test/yecc_SUITE.erl
index a5f66b48e9..3d26adf1be 100644
--- a/lib/parsetools/test/yecc_SUITE.erl
+++ b/lib/parsetools/test/yecc_SUITE.erl
@@ -1197,7 +1197,7 @@ yeccpre(Config) when is_list(Config) ->
                 catch error: error ->
                         ok
                 end,
-                try parse_and_scan({{yecc_test, scan}, [exit]})
+                try parse_and_scan({fun yecc_test:scan/1, [exit]})
                 catch exit: exit ->
                         ok
                 end,
@@ -1650,10 +1650,11 @@ yeccpre_v1_2() ->
 parse(Tokens) ->
     yeccpars0(Tokens, false).
 
-parse_and_scan({F, A}) -> % Fun or {M, F}
+parse_and_scan({F, A}) ->
     yeccpars0([], {F, A});
 parse_and_scan({M, F, A}) ->
-    yeccpars0([], {{M, F}, A}).
+    Arity = length(A),
+    yeccpars0([], {fun M:F/Arity, A}).
 
 format_error(Message) ->
     case io_lib:deep_char_list(Message) of
diff --git a/lib/parsetools/vsn.mk b/lib/parsetools/vsn.mk
index 093523f0e7..e2594564cb 100644
--- a/lib/parsetools/vsn.mk
+++ b/lib/parsetools/vsn.mk
@@ -1 +1 @@
-PARSETOOLS_VSN = 2.0.6
+PARSETOOLS_VSN = 2.0.7
diff --git a/lib/percept/doc/src/notes.xml b/lib/percept/doc/src/notes.xml
index 95c2bbda56..1ac1a5ab62 100644
--- a/lib/percept/doc/src/notes.xml
+++ b/lib/percept/doc/src/notes.xml
@@ -32,6 +32,21 @@
   </header>
   <p>This document describes the changes made to the Percept application.</p>
 
+<section><title>Percept 0.8.6.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Percept 0.8.6</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/percept/vsn.mk b/lib/percept/vsn.mk
index 3b4d9bbb64..9267a41055 100644
--- a/lib/percept/vsn.mk
+++ b/lib/percept/vsn.mk
@@ -1 +1 @@
-PERCEPT_VSN = 0.8.6
+PERCEPT_VSN = 0.8.6.1
diff --git a/lib/pman/doc/src/notes.xml b/lib/pman/doc/src/notes.xml
index 27e3b5e5fe..407a10a50a 100644
--- a/lib/pman/doc/src/notes.xml
+++ b/lib/pman/doc/src/notes.xml
@@ -30,6 +30,21 @@
   </header>
   <p>This document describes the changes made to the Pman application.</p>
 
+<section><title>Pman 2.7.1.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Pman 2.7.1</title>
 
     <section><title>Improvements and New Features</title>
diff --git a/lib/pman/doc/src/pman.xml b/lib/pman/doc/src/pman.xml
index 84d5a5772a..5f95aecc04 100644
--- a/lib/pman/doc/src/pman.xml
+++ b/lib/pman/doc/src/pman.xml
@@ -32,6 +32,12 @@
   <module>pman</module>
   <modulesummary>A graphical process manager.</modulesummary>
   <description>
+    <warning>
+      <p>
+	The Pman application has been superseded by the Observer application.
+	Pman will be removed in R16.
+      </p>
+    </warning>
     <p>A graphical tool used to inspect the Erlang processes executing either
       locally or on remote nodes. It is also possible to trace events in
       the individual processes.</p>
diff --git a/lib/pman/doc/src/pman_chapter.xml b/lib/pman/doc/src/pman_chapter.xml
index 141b488415..8668628bfa 100644
--- a/lib/pman/doc/src/pman_chapter.xml
+++ b/lib/pman/doc/src/pman_chapter.xml
@@ -32,6 +32,12 @@
 
   <section>
     <title>Introduction</title>
+    <warning>
+      <p>
+	The Pman application has been superseded by the Observer application.
+	Pman will be removed in R16.
+      </p>
+    </warning>
     <p>The process manager Pman is a tool for viewing processes executing
       locally or on remote nodes. Its main purpose is to locate
       erroneous code by inspecting the state of the processes and by tracing
diff --git a/lib/pman/src/pman_buf_converter.erl b/lib/pman/src/pman_buf_converter.erl
index b6f560411c..c6cd8ec9ee 100644
--- a/lib/pman/src/pman_buf_converter.erl
+++ b/lib/pman/src/pman_buf_converter.erl
@@ -29,6 +29,7 @@
 %%----------------------------------------------------------------------
 
 -module(pman_buf_converter).
+-compile([{nowarn_deprecated_function,{gs,start,0}}]).
 
 %%-compile(export_all).
 -export([init/2]).
diff --git a/lib/pman/src/pman_buf_printer.erl b/lib/pman/src/pman_buf_printer.erl
index 74e935171a..62407648d5 100644
--- a/lib/pman/src/pman_buf_printer.erl
+++ b/lib/pman/src/pman_buf_printer.erl
@@ -18,6 +18,8 @@
 %%
 
 -module(pman_buf_printer).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
 
 %%-compile(export_all).
 -export([init/2]).
diff --git a/lib/pman/src/pman_main.erl b/lib/pman/src/pman_main.erl
index b68da1d2c3..adb5b65cd4 100644
--- a/lib/pman/src/pman_main.erl
+++ b/lib/pman/src/pman_main.erl
@@ -17,6 +17,8 @@
 %% %CopyrightEnd%
 %%
 -module(pman_main).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,read,2}}]).
 
 %% Main process and window
 
diff --git a/lib/pman/src/pman_module_info.erl b/lib/pman/src/pman_module_info.erl
index cfd711a6e1..58f956aa42 100644
--- a/lib/pman/src/pman_module_info.erl
+++ b/lib/pman/src/pman_module_info.erl
@@ -17,6 +17,8 @@
 %% %CopyrightEnd%
 %%
 -module(pman_module_info).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,start,1}}]).
 
 %% Window with module information (View->Module Info...)
 
diff --git a/lib/pman/src/pman_shell.erl b/lib/pman/src/pman_shell.erl
index 0b13890460..393ef5f84d 100644
--- a/lib/pman/src/pman_shell.erl
+++ b/lib/pman/src/pman_shell.erl
@@ -25,6 +25,10 @@
 %% ---------------------------------------------------------------
 
 -module(pman_shell).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,start,1}}]).
 
 %% ---------------------------------------------------------------
 %% The user interface exports 
diff --git a/lib/pman/src/pman_tool.erl b/lib/pman/src/pman_tool.erl
index 1d33fb9764..c548e17d00 100644
--- a/lib/pman/src/pman_tool.erl
+++ b/lib/pman/src/pman_tool.erl
@@ -17,6 +17,7 @@
 %% %CopyrightEnd%
 %%
 -module(pman_tool).
+-compile([{nowarn_deprecated_function,{gs,read,2}}]).
 
 %% Listbox selection window
 
diff --git a/lib/pman/src/pman_win.erl b/lib/pman/src/pman_win.erl
index 52d5a237cf..9dd446cd81 100644
--- a/lib/pman/src/pman_win.erl
+++ b/lib/pman/src/pman_win.erl
@@ -21,6 +21,16 @@
 %% ------------------------------------------------------------
 
 -module(pman_win).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,canvas,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,1}},
+          {nowarn_deprecated_function,{gs,text,2}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 %% ---------------------------------------------------------------
 %% The user interface exports 
diff --git a/lib/pman/vsn.mk b/lib/pman/vsn.mk
index d190164053..a62a9d7c89 100644
--- a/lib/pman/vsn.mk
+++ b/lib/pman/vsn.mk
@@ -1 +1 @@
-PMAN_VSN = 2.7.1
+PMAN_VSN = 2.7.1.1
diff --git a/lib/public_key/.gitignore b/lib/public_key/.gitignore
index db24906676..d30fe62c9d 100644
--- a/lib/public_key/.gitignore
+++ b/lib/public_key/.gitignore
@@ -1,7 +1,7 @@
 # public_key
 
-/lib/public_key/asn1/*.asn1db
-/lib/public_key/asn1/*.erl
-/lib/public_key/asn1/*.hrl
-/lib/public_key/include/OTP-PUB-KEY.hrl
-/lib/public_key/include/PKCS-FRAME.hrl
+asn1/*.asn1db
+asn1/*.erl
+asn1/*.hrl
+include/OTP-PUB-KEY.hrl
+include/PKCS-FRAME.hrl
diff --git a/lib/public_key/asn1/InformationFramework.asn1 b/lib/public_key/asn1/InformationFramework.asn1
deleted file mode 100644
index 40fbd11a2a..0000000000
--- a/lib/public_key/asn1/InformationFramework.asn1
+++ /dev/null
@@ -1,682 +0,0 @@
-InformationFramework {joint-iso-itu-t ds(5) module(1) informationFramework(1) 
-  6} DEFINITIONS ::=
-BEGIN
-
--- EXPORTS All 
--- The types and values defined in this module are exported for use in the other ASN.1 modules contained 
--- within the Directory Specifications, and for the use of other applications which will use them to access 
--- Directory services. Other applications may use them for their own purposes, but this will not constrain
--- extensions and modifications needed to maintain or improve the Directory service.
-IMPORTS
-  -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
-  directoryAbstractService, id-ar, id-at, id-mr, id-nf, id-oa, id-oc, 
-    id-sc, selectedAttributeTypes, serviceAdministration
-    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
-      usefulDefinitions(0) 6}
-  SearchRule
-    FROM ServiceAdministration serviceAdministration
-  -- from ITU-T Rec. X.511 | ISO/IEC 9594-3
-  TypeAndContextAssertion
-    FROM DirectoryAbstractService directoryAbstractService
-  -- from ITU-T Rec. X.520 | ISO/IEC 9594-6
-  booleanMatch, commonName, generalizedTimeMatch, generalizedTimeOrderingMatch,
-    integerFirstComponentMatch, integerMatch, integerOrderingMatch,
-    objectIdentifierFirstComponentMatch, UnboundedDirectoryString
-    FROM SelectedAttributeTypes selectedAttributeTypes;
-
--- attribute data types 
-Attribute{ATTRIBUTE:SupportedAttributes} ::= SEQUENCE {
-  type               ATTRIBUTE.&id({SupportedAttributes}),
-  values
-    SET SIZE (0..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@type}),
-  valuesWithContext
-    SET SIZE (1..MAX) OF
-      SEQUENCE {value        ATTRIBUTE.&Type({SupportedAttributes}{@type}),
-                contextList  SET SIZE (1..MAX) OF Context} OPTIONAL
-}
-
-AttributeType ::= ATTRIBUTE.&id
-
-AttributeValue ::= ATTRIBUTE.&Type
-
-Context ::= SEQUENCE {
-  contextType    CONTEXT.&id({SupportedContexts}),
-  contextValues
-    SET SIZE (1..MAX) OF CONTEXT.&Type({SupportedContexts}{@contextType}),
-  fallback       BOOLEAN DEFAULT FALSE
-}
-
-AttributeValueAssertion ::= SEQUENCE {
-  type              ATTRIBUTE.&id({SupportedAttributes}),
-  assertion
-    ATTRIBUTE.&equality-match.&AssertionType
-      ({SupportedAttributes}{@type}),
-  assertedContexts
-    CHOICE {allContexts       [0]  NULL,
-            selectedContexts  [1]  SET SIZE (1..MAX) OF ContextAssertion
-  } OPTIONAL
-}
-
-ContextAssertion ::= SEQUENCE {
-  contextType    CONTEXT.&id({SupportedContexts}),
-  contextValues
-    SET SIZE (1..MAX) OF
-      CONTEXT.&Assertion({SupportedContexts}{@contextType})
-}
-
-AttributeTypeAssertion ::= SEQUENCE {
-  type              ATTRIBUTE.&id({SupportedAttributes}),
-  assertedContexts  SEQUENCE SIZE (1..MAX) OF ContextAssertion OPTIONAL
-}
-
--- Definition of the following information object set is deferred, perhaps to standardized
--- profiles or to protocol implementation conformance statements. The set is required to
--- specify a table constraint on the values component of Attribute, the value component 
--- of AttributeTypeAndValue, and the assertion component of AttributeValueAssertion.
-SupportedAttributes ATTRIBUTE ::=
-  {objectClass | aliasedEntryName, ...}
-
--- Definition of the following information object set is deferred, perhaps to standardized
--- profiles or to protocol implementation conformance statements. The set is required to
--- specify a table constraint on the context specifications
-SupportedContexts CONTEXT ::=
-  {...}
-
--- naming data types 
-Name ::= CHOICE { -- only one possibility for now --rdnSequence  RDNSequence
-}
-
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-DistinguishedName ::= RDNSequence
-
-RelativeDistinguishedName ::=
-  SET SIZE (1..MAX) OF AttributeTypeAndDistinguishedValue
-
-AttributeTypeAndDistinguishedValue ::= SEQUENCE {
-  type                  ATTRIBUTE.&id({SupportedAttributes}),
-  value                 ATTRIBUTE.&Type({SupportedAttributes}{@type}),
-  primaryDistinguished  BOOLEAN DEFAULT TRUE,
-  valuesWithContext
-    SET SIZE (1..MAX) OF
-      SEQUENCE {distingAttrValue
-                  [0]  ATTRIBUTE.&Type({SupportedAttributes}{@type})
-                    OPTIONAL,
-                contextList       SET SIZE (1..MAX) OF Context} OPTIONAL
-}
-
--- subtree data types 
-SubtreeSpecification ::= SEQUENCE {
-  base                 [0]  LocalName DEFAULT {},
-  COMPONENTS OF ChopSpecification,
-  specificationFilter  [4]  Refinement OPTIONAL
-}
-
--- empty sequence specifies whole administrative area
-LocalName ::= RDNSequence
-
-ChopSpecification ::= SEQUENCE {
-  specificExclusions
-    [1]  SET SIZE (1..MAX) OF
-           CHOICE {chopBefore  [0]  LocalName,
-                   chopAfter   [1]  LocalName} OPTIONAL,
-  minimum             [2]  BaseDistance DEFAULT 0,
-  maximum             [3]  BaseDistance OPTIONAL
-}
-
-BaseDistance ::= INTEGER(0..MAX)
-
-Refinement ::= CHOICE {
-  item  [0]  OBJECT-CLASS.&id,
-  and   [1]  SET SIZE (1..MAX) OF Refinement,
-  or    [2]  SET SIZE (1..MAX) OF Refinement,
-  not   [3]  Refinement
-}
-
--- OBJECT-CLASS information object class specification 
-OBJECT-CLASS ::= CLASS {
-  &Superclasses         OBJECT-CLASS OPTIONAL,
-  &kind                 ObjectClassKind DEFAULT structural,
-  &MandatoryAttributes  ATTRIBUTE OPTIONAL,
-  &OptionalAttributes   ATTRIBUTE OPTIONAL,
-  &id                   OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
-  [SUBCLASS OF &Superclasses]
-  [KIND &kind]
-  [MUST CONTAIN &MandatoryAttributes]
-  [MAY CONTAIN &OptionalAttributes]
-  ID &id
-}
-
-ObjectClassKind ::= ENUMERATED {abstract(0), structural(1), auxiliary(2)}
-
--- object classes 
-top OBJECT-CLASS ::= {
-  KIND          abstract
-  MUST CONTAIN  {objectClass}
-  ID            id-oc-top
-}
-
-alias OBJECT-CLASS ::= {
-  SUBCLASS OF   {top}
-  MUST CONTAIN  {aliasedEntryName}
-  ID            id-oc-alias
-}
-
-parent OBJECT-CLASS ::= {KIND  abstract
-                         ID    id-oc-parent
-}
-
-child OBJECT-CLASS ::= {KIND  auxiliary
-                        ID    id-oc-child
-}
-
--- ATTRIBUTE information object class specification 
-ATTRIBUTE ::= CLASS {
-  &derivation            ATTRIBUTE OPTIONAL,
-  &Type                  OPTIONAL, -- either &Type or &derivation required 
-  &equality-match        MATCHING-RULE OPTIONAL,
-  &ordering-match        MATCHING-RULE OPTIONAL,
-  &substrings-match      MATCHING-RULE OPTIONAL,
-  &single-valued         BOOLEAN DEFAULT FALSE,
-  &collective            BOOLEAN DEFAULT FALSE,
-  &dummy                 BOOLEAN DEFAULT FALSE,
-  -- operational extensions 
-  &no-user-modification  BOOLEAN DEFAULT FALSE,
-  &usage                 AttributeUsage DEFAULT userApplications,
-  &id                    OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
-  [SUBTYPE OF &derivation]
-  [WITH SYNTAX &Type]
-  [EQUALITY MATCHING RULE &equality-match]
-  [ORDERING MATCHING RULE &ordering-match]
-  [SUBSTRINGS MATCHING RULE &substrings-match]
-  [SINGLE VALUE &single-valued]
-  [COLLECTIVE &collective]
-  [DUMMY &dummy]
-  [NO USER MODIFICATION &no-user-modification]
-  [USAGE &usage]
-  ID &id
-}
-
-AttributeUsage ::= ENUMERATED {
-  userApplications(0), directoryOperation(1), distributedOperation(2),
-  dSAOperation(3)}
-
--- attributes 
-objectClass ATTRIBUTE ::= {
-  WITH SYNTAX             OBJECT IDENTIFIER
-  EQUALITY MATCHING RULE  objectIdentifierMatch
-  ID                      id-at-objectClass
-}
-
-aliasedEntryName ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  SINGLE VALUE            TRUE
-  ID                      id-at-aliasedEntryName
-}
-
--- MATCHING-RULE information object class specification 
-MATCHING-RULE ::= CLASS {
-  &ParentMatchingRules   MATCHING-RULE OPTIONAL,
-  &AssertionType         OPTIONAL,
-  &uniqueMatchIndicator  ATTRIBUTE OPTIONAL,
-  &id                    OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
-  [PARENT &ParentMatchingRules]
-  [SYNTAX &AssertionType]
-  [UNIQUE-MATCH-INDICATOR &uniqueMatchIndicator]
-  ID &id
-}
-
--- matching rules 
-objectIdentifierMatch MATCHING-RULE ::= {
-  SYNTAX  OBJECT IDENTIFIER
-  ID      id-mr-objectIdentifierMatch
-}
-
-distinguishedNameMatch MATCHING-RULE ::= {
-  SYNTAX  DistinguishedName
-  ID      id-mr-distinguishedNameMatch
-}
-
-MAPPING-BASED-MATCHING{SelectedBy, BOOLEAN:combinable, MappingResult,
-                       OBJECT IDENTIFIER:matchingRule} ::= CLASS {
-  &selectBy          SelectedBy OPTIONAL,
-  &ApplicableTo      ATTRIBUTE,
-  &subtypesIncluded  BOOLEAN DEFAULT TRUE,
-  &combinable        BOOLEAN(combinable),
-  &mappingResults    MappingResult OPTIONAL,
-  &userControl       BOOLEAN DEFAULT FALSE,
-  &exclusive         BOOLEAN DEFAULT TRUE,
-  &matching-rule     MATCHING-RULE.&id(matchingRule),
-  &id                OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
-  [SELECT BY &selectBy]
-  APPLICABLE TO &ApplicableTo
-  [SUBTYPES INCLUDED &subtypesIncluded]
-  COMBINABLE &combinable
-  [MAPPING RESULTS &mappingResults]
-  [USER CONTROL &userControl]
-  [EXCLUSIVE &exclusive]
-  MATCHING RULE &matching-rule
-  ID &id
-}
-
--- NAME-FORM information object class specification 
-NAME-FORM ::= CLASS {
-  &namedObjectClass     OBJECT-CLASS,
-  &MandatoryAttributes  ATTRIBUTE,
-  &OptionalAttributes   ATTRIBUTE OPTIONAL,
-  &id                   OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
-  NAMES &namedObjectClass
-  WITH ATTRIBUTES &MandatoryAttributes
-  [AND OPTIONALLY &OptionalAttributes]
-  ID &id
-}
-
--- STRUCTURE-RULE class and DIT structure rule data types 
-DITStructureRule ::= SEQUENCE {
-  ruleIdentifier          RuleIdentifier,
-  -- shall be unique within the scope of the subschema
-  nameForm                NAME-FORM.&id,
-  superiorStructureRules  SET SIZE (1..MAX) OF RuleIdentifier OPTIONAL
-}
-
-RuleIdentifier ::= INTEGER
-
-STRUCTURE-RULE ::= CLASS {
-  &nameForm                NAME-FORM,
-  &SuperiorStructureRules  STRUCTURE-RULE OPTIONAL,
-  &id                      RuleIdentifier
-}
-WITH SYNTAX {
-  NAME FORM &nameForm
-  [SUPERIOR RULES &SuperiorStructureRules]
-  ID &id
-}
-
--- DIT content rule data type and CONTENT-RULE class
-DITContentRule ::= SEQUENCE {
-  structuralObjectClass  OBJECT-CLASS.&id,
-  auxiliaries            SET SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL,
-  mandatory              [1]  SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL,
-  optional               [2]  SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL,
-  precluded              [3]  SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL
-}
-
-CONTENT-RULE ::= CLASS {
-  &structuralClass  OBJECT-CLASS.&id UNIQUE,
-  &Auxiliaries      OBJECT-CLASS OPTIONAL,
-  &Mandatory        ATTRIBUTE OPTIONAL,
-  &Optional         ATTRIBUTE OPTIONAL,
-  &Precluded        ATTRIBUTE OPTIONAL
-}
-WITH SYNTAX {
-  STRUCTURAL OBJECT-CLASS &structuralClass
-  [AUXILIARY OBJECT-CLASSES &Auxiliaries]
-  [MUST CONTAIN &Mandatory]
-  [MAY CONTAIN &Optional]
-  [MUST-NOT CONTAIN &Precluded]
-}
-
-CONTEXT ::= CLASS {
-  &Type          ,
-  &DefaultValue  OPTIONAL,
-  &Assertion     OPTIONAL,
-  &absentMatch   BOOLEAN DEFAULT TRUE,
-  &id            OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
-  WITH SYNTAX &Type
-  [DEFAULT-VALUE &DefaultValue]
-  [ASSERTED AS &Assertion]
-  [ABSENT-MATCH &absentMatch]
-  ID &id
-}
-
-DITContextUse ::= SEQUENCE {
-  attributeType      ATTRIBUTE.&id,
-  mandatoryContexts  [1]  SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL,
-  optionalContexts   [2]  SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL
-}
-
-DIT-CONTEXT-USE-RULE ::= CLASS {
-  &attributeType  ATTRIBUTE.&id UNIQUE,
-  &Mandatory      CONTEXT OPTIONAL,
-  &Optional       CONTEXT OPTIONAL
-}
-WITH SYNTAX {
-  ATTRIBUTE TYPE &attributeType
-  [MANDATORY CONTEXTS &Mandatory]
-  [OPTIONAL CONTEXTS &Optional]
-}
-
-FRIENDS ::= CLASS {
-  &anchor   ATTRIBUTE.&id UNIQUE,
-  &Friends  ATTRIBUTE
-}WITH SYNTAX {ANCHOR &anchor
-              FRIENDS &Friends
-}
-
--- system schema information objects 
--- object classes 
-subentry OBJECT-CLASS ::= {
-  SUBCLASS OF   {top}
-  KIND          structural
-  MUST CONTAIN  {commonName | subtreeSpecification}
-  ID            id-sc-subentry
-}
-
-subentryNameForm NAME-FORM ::= {
-  NAMES            subentry
-  WITH ATTRIBUTES  {commonName}
-  ID               id-nf-subentryNameForm
-}
-
-subtreeSpecification ATTRIBUTE ::= {
-  WITH SYNTAX  SubtreeSpecification
-  USAGE        directoryOperation
-  ID           id-oa-subtreeSpecification
-}
-
-administrativeRole ATTRIBUTE ::= {
-  WITH SYNTAX             OBJECT-CLASS.&id
-  EQUALITY MATCHING RULE  objectIdentifierMatch
-  USAGE                   directoryOperation
-  ID                      id-oa-administrativeRole
-}
-
-createTimestamp ATTRIBUTE ::= {
-  WITH SYNTAX             GeneralizedTime
-  -- as per 46.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
-  EQUALITY MATCHING RULE  generalizedTimeMatch
-  ORDERING MATCHING RULE  generalizedTimeOrderingMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-createTimestamp
-}
-
-modifyTimestamp ATTRIBUTE ::= {
-  WITH SYNTAX             GeneralizedTime
-  -- as per 46.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
-  EQUALITY MATCHING RULE  generalizedTimeMatch
-  ORDERING MATCHING RULE  generalizedTimeOrderingMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-modifyTimestamp
-}
-
-subschemaTimestamp ATTRIBUTE ::= {
-  WITH SYNTAX             GeneralizedTime
-  -- as per 46.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
-  EQUALITY MATCHING RULE  generalizedTimeMatch
-  ORDERING MATCHING RULE  generalizedTimeOrderingMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-subschemaTimestamp
-}
-
-creatorsName ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-creatorsName
-}
-
-modifiersName ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-modifiersName
-}
-
-subschemaSubentryList ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-subschemaSubentryList
-}
-
-accessControlSubentryList ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-accessControlSubentryList
-}
-
-collectiveAttributeSubentryList ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-collectiveAttributeSubentryList
-}
-
-contextDefaultSubentryList ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-contextDefaultSubentryList
-}
-
-serviceAdminSubentryList ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-serviceAdminSubentryList
-}
-
-hasSubordinates ATTRIBUTE ::= {
-  WITH SYNTAX             BOOLEAN
-  EQUALITY MATCHING RULE  booleanMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-hasSubordinates
-}
-
-accessControlSubentry OBJECT-CLASS ::= {
-  KIND  auxiliary
-  ID    id-sc-accessControlSubentry
-}
-
-collectiveAttributeSubentry OBJECT-CLASS ::= {
-  KIND  auxiliary
-  ID    id-sc-collectiveAttributeSubentry
-}
-
-collectiveExclusions ATTRIBUTE ::= {
-  WITH SYNTAX             OBJECT IDENTIFIER
-  EQUALITY MATCHING RULE  objectIdentifierMatch
-  USAGE                   directoryOperation
-  ID                      id-oa-collectiveExclusions
-}
-
-contextAssertionSubentry OBJECT-CLASS ::= {
-  KIND          auxiliary
-  MUST CONTAIN  {contextAssertionDefaults}
-  ID            id-sc-contextAssertionSubentry
-}
-
-contextAssertionDefaults ATTRIBUTE ::= {
-  WITH SYNTAX             TypeAndContextAssertion
-  EQUALITY MATCHING RULE  objectIdentifierFirstComponentMatch
-  USAGE                   directoryOperation
-  ID                      id-oa-contextAssertionDefault
-}
-
-serviceAdminSubentry OBJECT-CLASS ::= {
-  KIND          auxiliary
-  MUST CONTAIN  {searchRules}
-  ID            id-sc-serviceAdminSubentry
-}
-
-searchRules ATTRIBUTE ::= {
-  WITH SYNTAX             SearchRuleDescription
-  EQUALITY MATCHING RULE  integerFirstComponentMatch
-  USAGE                   directoryOperation
-  ID                      id-oa-searchRules
-}
-
-SearchRuleDescription ::= SEQUENCE {
-  COMPONENTS OF SearchRule,
-  name         [28]  SET SIZE (1..MAX) OF UnboundedDirectoryString OPTIONAL,
-  description  [29]  UnboundedDirectoryString OPTIONAL
-}
-
-hierarchyLevel ATTRIBUTE ::= {
-  WITH SYNTAX             HierarchyLevel
-  EQUALITY MATCHING RULE  integerMatch
-  ORDERING MATCHING RULE  integerOrderingMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-hierarchyLevel
-}
-
-HierarchyLevel ::= INTEGER
-
-hierarchyBelow ATTRIBUTE ::= {
-  WITH SYNTAX             HierarchyBelow
-  EQUALITY MATCHING RULE  booleanMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-hierarchyBelow
-}
-
-HierarchyBelow ::= BOOLEAN
-
-hierarchyParent ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  SINGLE VALUE            TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-hierarchyParent
-}
-
-hierarchyTop ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  SINGLE VALUE            TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-hierarchyTop
-}
-
--- object identifier assignments 
--- object classes 
-id-oc-top OBJECT IDENTIFIER ::=
-  {id-oc 0}
-
-id-oc-alias OBJECT IDENTIFIER ::= {id-oc 1}
-
-id-oc-parent OBJECT IDENTIFIER ::= {id-oc 28}
-
-id-oc-child OBJECT IDENTIFIER ::= {id-oc 29}
-
--- attributes 
-id-at-objectClass OBJECT IDENTIFIER ::= {id-at 0}
-
-id-at-aliasedEntryName OBJECT IDENTIFIER ::= {id-at 1}
-
--- matching rules 
-id-mr-objectIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 0}
-
-id-mr-distinguishedNameMatch OBJECT IDENTIFIER ::= {id-mr 1}
-
--- operational attributes 
-id-oa-excludeAllCollectiveAttributes OBJECT IDENTIFIER ::=
-  {id-oa 0}
-
-id-oa-createTimestamp OBJECT IDENTIFIER ::= {id-oa 1}
-
-id-oa-modifyTimestamp OBJECT IDENTIFIER ::= {id-oa 2}
-
-id-oa-creatorsName OBJECT IDENTIFIER ::= {id-oa 3}
-
-id-oa-modifiersName OBJECT IDENTIFIER ::= {id-oa 4}
-
-id-oa-administrativeRole OBJECT IDENTIFIER ::= {id-oa 5}
-
-id-oa-subtreeSpecification OBJECT IDENTIFIER ::= {id-oa 6}
-
-id-oa-collectiveExclusions OBJECT IDENTIFIER ::= {id-oa 7}
-
-id-oa-subschemaTimestamp OBJECT IDENTIFIER ::= {id-oa 8}
-
-id-oa-hasSubordinates OBJECT IDENTIFIER ::= {id-oa 9}
-
-id-oa-subschemaSubentryList OBJECT IDENTIFIER ::= {id-oa 10}
-
-id-oa-accessControlSubentryList OBJECT IDENTIFIER ::= {id-oa 11}
-
-id-oa-collectiveAttributeSubentryList OBJECT IDENTIFIER ::= {id-oa 12}
-
-id-oa-contextDefaultSubentryList OBJECT IDENTIFIER ::= {id-oa 13}
-
-id-oa-contextAssertionDefault OBJECT IDENTIFIER ::= {id-oa 14}
-
-id-oa-serviceAdminSubentryList OBJECT IDENTIFIER ::= {id-oa 15}
-
-id-oa-searchRules OBJECT IDENTIFIER ::= {id-oa 16}
-
-id-oa-hierarchyLevel OBJECT IDENTIFIER ::= {id-oa 17}
-
-id-oa-hierarchyBelow OBJECT IDENTIFIER ::= {id-oa 18}
-
-id-oa-hierarchyParent OBJECT IDENTIFIER ::= {id-oa 19}
-
-id-oa-hierarchyTop OBJECT IDENTIFIER ::= {id-oa 20}
-
--- subentry classes 
-id-sc-subentry OBJECT IDENTIFIER ::= {id-sc 0}
-
-id-sc-accessControlSubentry OBJECT IDENTIFIER ::= {id-sc 1}
-
-id-sc-collectiveAttributeSubentry OBJECT IDENTIFIER ::= {id-sc 2}
-
-id-sc-contextAssertionSubentry OBJECT IDENTIFIER ::= {id-sc 3}
-
-id-sc-serviceAdminSubentry OBJECT IDENTIFIER ::= {id-sc 4}
-
---  Name forms 
-id-nf-subentryNameForm OBJECT IDENTIFIER ::= {id-nf 16}
-
--- administrative roles 
-id-ar-autonomousArea OBJECT IDENTIFIER ::= {id-ar 1}
-
-id-ar-accessControlSpecificArea OBJECT IDENTIFIER ::= {id-ar 2}
-
-id-ar-accessControlInnerArea OBJECT IDENTIFIER ::= {id-ar 3}
-
-id-ar-subschemaAdminSpecificArea OBJECT IDENTIFIER ::= {id-ar 4}
-
-id-ar-collectiveAttributeSpecificArea OBJECT IDENTIFIER ::= {id-ar 5}
-
-id-ar-collectiveAttributeInnerArea OBJECT IDENTIFIER ::= {id-ar 6}
-
-id-ar-contextDefaultSpecificArea OBJECT IDENTIFIER ::= {id-ar 7}
-
-id-ar-serviceSpecificArea OBJECT IDENTIFIER ::= {id-ar 8}
-
-END -- InformationFramework
diff --git a/lib/public_key/asn1/Makefile b/lib/public_key/asn1/Makefile
index 2ce1168349..943d97bdb8 100644
--- a/lib/public_key/asn1/Makefile
+++ b/lib/public_key/asn1/Makefile
@@ -40,7 +40,7 @@ RELSYSDIR = $(RELEASE_PATH)/lib/public_key-$(VSN)
 
 ASN_TOP = OTP-PUB-KEY PKCS-FRAME
 ASN_MODULES = PKIX1Explicit88 PKIX1Implicit88 PKIX1Algorithms88 \
-	PKIXAttributeCertificate PKCS-1 PKCS-3 PKCS-8 InformationFramework PKCS5v2-0  OTP-PKIX 
+	PKIXAttributeCertificate PKCS-1 PKCS-3 PKCS-8 PKCS5v2-0  OTP-PKIX 
 ASN_ASNS = $(ASN_MODULES:%=%.asn1)
 ASN_ERLS = $(ASN_TOP:%=%.erl)
 ASN_HRLS = $(ASN_TOP:%=%.hrl)
@@ -117,5 +117,4 @@ OTP-PUB-KEY.asn1db:		PKIX1Algorithms88.asn1 \
 $(EBIN)/PKCS-FRAME.beam: 	        PKCS-FRAME.erl PKCS-FRAME.hrl
 PKCS-FRAME.erl PKCS-FRAME.hrl:			PKCS-FRAME.asn1db
 PKCS-FRAME.asn1db:			PKCS-8.asn1\
-					InformationFramework.asn1\
 					PKCS5v2-0.asn1
\ No newline at end of file
diff --git a/lib/public_key/asn1/OTP-PKIX.asn1 b/lib/public_key/asn1/OTP-PKIX.asn1
index ad704191a9..fbf531df40 100644
--- a/lib/public_key/asn1/OTP-PKIX.asn1
+++ b/lib/public_key/asn1/OTP-PKIX.asn1
@@ -91,7 +91,7 @@ IMPORTS
        id-ce-certificateIssuer, CertificateIssuer,
        id-ce-holdInstructionCode, HoldInstructionCode,
        id-ce-invalidityDate, InvalidityDate
-
+       
        FROM PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) 
        internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) 
        id-pkix1-implicit(19) }
@@ -114,8 +114,20 @@ IMPORTS
 	id-ecPublicKey, EcpkParameters, ECPoint
 	FROM PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6)
 	     internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
-	     id-mod-pkix1-algorithms(17) };
-
+	     id-mod-pkix1-algorithms(17) }
+	     
+       md2WithRSAEncryption,
+       md5WithRSAEncryption,
+       sha1WithRSAEncryption,
+       sha256WithRSAEncryption,
+       sha384WithRSAEncryption,
+       sha512WithRSAEncryption	     
+    	     
+      FROM PKCS-1 {
+       iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)
+        modules(0) pkcs-1(1)
+	};	   
+	     
 --
 -- Certificate
 --
@@ -295,6 +307,9 @@ PublicKeyAlgorithm ::=  SEQUENCE  {
 SupportedSignatureAlgorithms SIGNATURE-ALGORITHM-CLASS ::= { 
 		    dsa-with-sha1 | md2-with-rsa-encryption |
 		    md5-with-rsa-encryption | sha1-with-rsa-encryption |
+		    sha256-with-rsa-encryption |
+		    sha384-with-rsa-encryption |
+		    sha512-with-rsa-encryption |
 		    ecdsa-with-sha1 } 
 
 SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= { 
@@ -340,6 +355,18 @@ SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= {
 			    ID sha1WithRSAEncryption 
 			    TYPE NULL }
 
+   sha256-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= {
+			    ID sha256WithRSAEncryption 
+			    TYPE NULL }
+
+   sha384-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= {
+			    ID sha384WithRSAEncryption 
+			    TYPE NULL }
+	    
+   sha512-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= {
+			    ID sha512WithRSAEncryption 
+			    TYPE NULL }
+
    -- Certificate.signature
    -- See PKCS #1 (RFC 2313). XXX
 
diff --git a/lib/public_key/asn1/PKCS-8.asn1 b/lib/public_key/asn1/PKCS-8.asn1
index 7413519b57..8412345b68 100644
--- a/lib/public_key/asn1/PKCS-8.asn1
+++ b/lib/public_key/asn1/PKCS-8.asn1
@@ -14,15 +14,15 @@ BEGIN
 -- All types and values defined in this module is exported for use in other
 -- ASN.1 modules.
 
-IMPORTS
+--IMPORTS
 
 -- informationFramework
 --        FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
 --                                usefulDefinitions(0) 3} 
 
-Attribute
+--Attribute
 --        FROM InformationFramework informationFramework
-        FROM InformationFramework;
+--        FROM InformationFramework;
 
 -- This import is really unnecessary since ALGORITHM-IDENTIFIER is defined as a 
 -- TYPE-IDENTIFIER
@@ -55,8 +55,8 @@ Version ::= INTEGER {v1(0)} (v1,...)
 
 PrivateKey ::= OCTET STRING
 
--- Attributes ::= SET OF Attribute
-Attributes ::= SET OF Attribute {{...}}
+-- Attributes ::= SET OF PKAttribute
+Attributes ::= SET OF PKAttribute {{...}}
 
 -- Encrypted private-key information syntax
 
@@ -78,6 +78,66 @@ KeyEncryptionAlgorithms TYPE-IDENTIFIER ::= {
     ... -- For local profiles
 }
 
+-- From InformationFramework
+PKAttribute{ATTRIBUTE:SupportedAttributes} ::= SEQUENCE {
+  type               ATTRIBUTE.&id({SupportedAttributes}),
+  values
+    SET SIZE (0..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@type}),
+  valuesWithContext
+    SET SIZE (1..MAX) OF
+      SEQUENCE {value        ATTRIBUTE.&Type({SupportedAttributes}{@type}),
+                contextList  SET SIZE (1..MAX) OF Context} OPTIONAL
+}
+
+Context ::= SEQUENCE {
+  contextType    CONTEXT.&id({SupportedContexts}),
+  contextValues
+    SET SIZE (1..MAX) OF CONTEXT.&Type({SupportedContexts}{@contextType}),
+  fallback       BOOLEAN DEFAULT FALSE
+}
+-- Definition of the following information object set is deferred, perhaps to standardized
+-- profiles or to protocol implementation conformance statements. The set is required to
+-- specify a table constraint on the context specifications
+SupportedContexts CONTEXT ::=
+  {...}
+
+
+CONTEXT ::= CLASS {
+  &Type          ,
+  &DefaultValue  OPTIONAL,
+  &Assertion     OPTIONAL,
+  &absentMatch   BOOLEAN DEFAULT TRUE,
+  &id            OBJECT IDENTIFIER UNIQUE
+}
+  
+-- ATTRIBUTE information object class specification 
+ATTRIBUTE ::= CLASS {
+  &derivation            ATTRIBUTE OPTIONAL,
+  &Type                  OPTIONAL, -- either &Type or &derivation required 
+  &equality-match        MATCHING-RULE OPTIONAL,
+  &ordering-match        MATCHING-RULE OPTIONAL,
+  &substrings-match      MATCHING-RULE OPTIONAL,
+  &single-valued         BOOLEAN DEFAULT FALSE,
+  &collective            BOOLEAN DEFAULT FALSE,
+  &dummy                 BOOLEAN DEFAULT FALSE,
+  -- operational extensions 
+  &no-user-modification  BOOLEAN DEFAULT FALSE,
+  &usage                 AttributeUsage DEFAULT userApplications,
+  &id                    OBJECT IDENTIFIER UNIQUE
+}
+
+-- MATCHING-RULE information object class specification 
+MATCHING-RULE ::= CLASS {
+  &ParentMatchingRules   MATCHING-RULE OPTIONAL,
+  &AssertionType         OPTIONAL,
+  &uniqueMatchIndicator  ATTRIBUTE OPTIONAL,
+  &id                    OBJECT IDENTIFIER UNIQUE
+}
+
+AttributeUsage ::= ENUMERATED {
+  userApplications(0), directoryOperation(1), distributedOperation(2),
+  dSAOperation(3)}
+
 END
 
 
diff --git a/lib/public_key/asn1/PKCS-FRAME.set.asn b/lib/public_key/asn1/PKCS-FRAME.set.asn
index a0777ff260..69b6727bef 100644
--- a/lib/public_key/asn1/PKCS-FRAME.set.asn
+++ b/lib/public_key/asn1/PKCS-FRAME.set.asn
@@ -1,3 +1,2 @@
 PKCS-8.asn1
-InformationFramework.asn1	
 PKCS5v2-0.asn1
diff --git a/lib/public_key/doc/src/notes.xml b/lib/public_key/doc/src/notes.xml
index efd4a37eb9..c9a5561e3f 100644
--- a/lib/public_key/doc/src/notes.xml
+++ b/lib/public_key/doc/src/notes.xml
@@ -34,6 +34,28 @@
     <file>notes.xml</file>
   </header>
 
+<section><title>Public_Key 0.14</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    public_key, ssl and crypto now supports PKCS-8</p>
+          <p>
+	    Own Id: OTP-9312</p>
+        </item>
+        <item>
+          <p>
+	    The asn1 decoder/encoder now uses a runtime nif from the
+	    asn1 application if it is available.</p>
+          <p>
+	    Own Id: OTP-9414</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Public_Key 0.13</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index 821e7a2300..0b6673e826 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -453,7 +453,7 @@
   <desc>
     <p>Encodes a list of ssh file entries (public keys and attributes) to a binary. Possible
     attributes depends on the file type, see <seealso
-    marker="ssh_decode"> ssh_decode/2 </seealso></p>
+    marker="#ssh_decode-2"> ssh_decode/2 </seealso></p>
   </desc>
   </func>
 
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index 5ab9642279..b76e32a2a0 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -351,7 +351,7 @@ extensions_list(Extensions) ->
 
 
 extract_verify_data(OtpCert, DerCert) ->
-    {0, Signature} = OtpCert#'OTPCertificate'.signature,
+    {_, Signature} = OtpCert#'OTPCertificate'.signature,
     SigAlgRec = OtpCert#'OTPCertificate'.signatureAlgorithm,
     SigAlg = SigAlgRec#'SignatureAlgorithm'.algorithm,
     PlainText = encoded_tbs_cert(DerCert),
@@ -376,6 +376,10 @@ encoded_tbs_cert(Cert) ->
 
 digest_type(?sha1WithRSAEncryption) ->
     sha;
+digest_type(?sha256WithRSAEncryption) ->
+    sha256;
+digest_type(?sha512WithRSAEncryption) ->
+    sha512;
 digest_type(?md5WithRSAEncryption) ->
     md5;
 digest_type(?'id-dsa-with-sha1') ->
diff --git a/lib/public_key/src/pubkey_ssh.erl b/lib/public_key/src/pubkey_ssh.erl
index f342eab159..f0c94e29a5 100644
--- a/lib/public_key/src/pubkey_ssh.erl
+++ b/lib/public_key/src/pubkey_ssh.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2011-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -146,16 +146,7 @@ do_openssh_decode(auth_keys = FileType, [Line | Lines], Acc) ->
     Split = binary:split(Line, <<" ">>, [global]),
     case mend_split(Split, []) of
 	%% ssh2
-	[Options, KeyType, Base64Enc, Comment] when KeyType == <<"ssh-rsa">>;
-						     KeyType == <<"ssh-dss">> ->
-	    do_openssh_decode(FileType, Lines,
-			      [{openssh_pubkey_decode(KeyType, Base64Enc),
-				[{comment, string_decode(Comment)},
-				 {options, comma_list_decode(Options)}]}
-			       | Acc]);
-
-	[KeyType, Base64Enc, Comment] when KeyType == <<"ssh-rsa">>;
-					    KeyType == <<"ssh-dss">> ->
+	[KeyType, Base64Enc, Comment] ->
 	    do_openssh_decode(FileType, Lines,
 			      [{openssh_pubkey_decode(KeyType, Base64Enc),
 				[{comment, string_decode(Comment)}]} | Acc]);
@@ -166,44 +157,32 @@ do_openssh_decode(auth_keys = FileType, [Line | Lines], Acc) ->
 				[{comment, string_decode(Comment)},
 				 {options, comma_list_decode(Options)},
 				 {bits, integer_decode(Bits)}]} | Acc]);
-	[Bits, Exponent, Modulus, Comment]  ->
-	    do_openssh_decode(FileType, Lines,
-			      [{ssh1_rsa_pubkey_decode(Modulus, Exponent),
-				[{comment, string_decode(Comment)},
-				 {bits, integer_decode(Bits)}]} | Acc])
-	end;
+	[A, B, C, D]  ->
+	    ssh_2_or_1(FileType, Lines, Acc, A,B,C,D)
+    end;
 
 do_openssh_decode(known_hosts = FileType, [Line | Lines], Acc) ->
-    case binary:split(Line, <<" ">>, [global]) of
+    Split = binary:split(Line, <<" ">>, [global]),
+    case mend_split(Split, []) of
 	%% ssh 2
-	[HostNames, KeyType, Base64Enc] when KeyType == <<"ssh-rsa">>;
-					     KeyType == <<"ssh-dss">> ->
+	[HostNames, KeyType, Base64Enc] ->
 	    do_openssh_decode(FileType, Lines,
 			      [{openssh_pubkey_decode(KeyType, Base64Enc),
 				[{hostnames, comma_list_decode(HostNames)}]}| Acc]);
-	[HostNames, KeyType, Base64Enc, Comment] when KeyType == <<"ssh-rsa">>;
-						       KeyType == <<"ssh-dss">> ->
-	    do_openssh_decode(FileType, Lines,
-			      [{openssh_pubkey_decode(KeyType, Base64Enc),
-				[{comment, string_decode(Comment)},
-				 {hostnames, comma_list_decode(HostNames)}]} | Acc]);
+	[A, B, C, D] ->
+	    ssh_2_or_1(FileType, Lines, Acc, A, B, C, D);			  
 	%% ssh 1
 	[HostNames, Bits, Exponent, Modulus, Comment] ->
 	    do_openssh_decode(FileType, Lines,
 			      [{ssh1_rsa_pubkey_decode(Modulus, Exponent),
 				[{comment, string_decode(Comment)},
 				 {hostnames, comma_list_decode(HostNames)},
-				 {bits, integer_decode(Bits)}]} | Acc]);
-	[HostNames, Bits, Exponent, Modulus]  ->
-	    do_openssh_decode(FileType, Lines,
-			      [{ssh1_rsa_pubkey_decode(Modulus, Exponent),
-				[{comment, []},
-				 {hostnames, comma_list_decode(HostNames)},
 				 {bits, integer_decode(Bits)}]} | Acc])
 	end;
 
 do_openssh_decode(openssh_public_key = FileType, [Line | Lines], Acc) ->
-    case binary:split(Line, <<" ">>, [global]) of
+    Split = binary:split(Line, <<" ">>, [global]),
+    case mend_split(Split, []) of
 	[KeyType, Base64Enc, Comment0] when KeyType == <<"ssh-rsa">>;
 					    KeyType == <<"ssh-dss">> ->
 	    Comment = string:strip(binary_to_list(Comment0), right, $\n),
@@ -212,6 +191,46 @@ do_openssh_decode(openssh_public_key = FileType, [Line | Lines], Acc) ->
 				[{comment, Comment}]} | Acc])
     end.
 
+ssh_2_or_1(known_hosts = FileType, Lines, Acc, A, B, C, D) ->
+    try integer_decode(B) of
+	Int -> 
+	    file_type_decode_ssh1(FileType, Lines, Acc, A, Int, C,D)
+    catch
+	error:badarg  ->
+	    file_type_decode_ssh2(FileType, Lines, Acc, A,B,C,D)
+    end;
+ssh_2_or_1(auth_keys = FileType, Lines, Acc, A, B, C, D) ->
+  try integer_decode(A) of
+	Int -> 
+	    file_type_decode_ssh1(FileType, Lines, Acc, Int, B, C,D)
+    catch
+	error:badarg  ->
+	    file_type_decode_ssh2(FileType, Lines, Acc, A,B,C,D)
+    end.
+
+file_type_decode_ssh1(known_hosts = FileType, Lines, Acc, HostNames, Bits, Exponent, Modulus) ->
+    do_openssh_decode(FileType, Lines,
+		      [{ssh1_rsa_pubkey_decode(Modulus, Exponent),
+			[{comment, []},
+			 {hostnames, comma_list_decode(HostNames)},
+			 {bits, Bits}]} | Acc]);  
+file_type_decode_ssh1(auth_keys = FileType, Lines, Acc, Bits, Exponent, Modulus, Comment) ->
+    do_openssh_decode(FileType, Lines,
+		      [{ssh1_rsa_pubkey_decode(Modulus, Exponent),
+			[{comment, string_decode(Comment)},
+			 {bits, Bits}]} | Acc]).
+
+file_type_decode_ssh2(known_hosts = FileType, Lines, Acc, HostNames, KeyType, Base64Enc, Comment) ->
+    do_openssh_decode(FileType, Lines,
+		      [{openssh_pubkey_decode(KeyType, Base64Enc),
+			[{comment, string_decode(Comment)},
+			 {hostnames, comma_list_decode(HostNames)}]} | Acc]);
+file_type_decode_ssh2(auth_keys = FileType, Lines, Acc, Options, KeyType, Base64Enc, Comment) ->
+    do_openssh_decode(FileType, Lines,
+		      [{openssh_pubkey_decode(KeyType, Base64Enc),
+			[{comment, string_decode(Comment)},
+			 {options, comma_list_decode(Options)}]}
+		       | Acc]).
 
 openssh_pubkey_decode(<<"ssh-rsa">>, Base64Enc) ->
     <<?UINT32(StrLen), _:StrLen/binary,
@@ -231,7 +250,9 @@ openssh_pubkey_decode(<<"ssh-dss">>, Base64Enc) ->
     {erlint(SizeY, Y),
      #'Dss-Parms'{p = erlint(SizeP, P),
 		  q = erlint(SizeQ, Q),
-		  g = erlint(SizeG, G)}}.
+		  g = erlint(SizeG, G)}};
+openssh_pubkey_decode(KeyType, Base64Enc) ->
+    {KeyType, base64:mime_decode(Base64Enc)}.
 
 erlint(MPIntSize, MPIntValue) ->
     Bits= MPIntSize * 8,
@@ -412,6 +433,12 @@ is_key_field(<<"ssh-dss">>) ->
     true;
 is_key_field(<<"ssh-rsa">>) ->
     true;
+is_key_field(<<"ecdsa-sha2-nistp256">>) ->
+    true;
+is_key_field(<<"ecdsa-sha2-nistp384">>) ->
+    true;
+is_key_field(<<"ecdsa-sha2-nistp521">>) ->
+    true;
 is_key_field(_) ->
     false.
 
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 753322b46d..2e2a6cd296 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -48,7 +48,7 @@
 -type rsa_padding()          :: 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding' 
 			      | 'rsa_no_padding'.
 -type public_crypt_options() :: [{rsa_pad, rsa_padding()}].
--type rsa_digest_type()      :: 'md5' | 'sha'.
+-type rsa_digest_type()      :: 'md5' | 'sha'| 'sha256' | 'sha512'.
 -type dss_digest_type()      :: 'none' | 'sha'.
 
 -define(UINT32(X), X:32/unsigned-big-integer).
@@ -354,7 +354,10 @@ sign(PlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X})
 %%--------------------------------------------------------------------
 verify(PlainText, DigestType, Signature, 
        #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}) 
-  when is_binary (PlainText), DigestType == sha; DigestType == md5 ->
+  when is_binary (PlainText) and (DigestType == sha orelse
+				  DigestType == sha256 orelse 
+				  DigestType == sha512 orelse 
+				  DigestType == md5) ->
     crypto:rsa_verify(DigestType,
 		      sized_binary(PlainText), 
 		      sized_binary(Signature), 
diff --git a/lib/public_key/test/erl_make_certs.erl b/lib/public_key/test/erl_make_certs.erl
index 8b01ca3ad4..254aa6d2f9 100644
--- a/lib/public_key/test/erl_make_certs.erl
+++ b/lib/public_key/test/erl_make_certs.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -175,7 +175,7 @@ issuer(true, Opts, SubjectKey) ->
 issuer({Issuer, IssuerKey}, _Opts, _SubjectKey) when is_binary(Issuer) ->
     {issuer_der(Issuer), decode_key(IssuerKey)};
 issuer({File, IssuerKey}, _Opts, _SubjectKey) when is_list(File) ->
-    {ok, [{cert, Cert, _}|_]} = public_key:pem_to_der(File),
+    {ok, [{cert, Cert, _}|_]} = pem_to_der(File),
     {issuer_der(Cert), decode_key(IssuerKey)}.
 
 issuer_der(Issuer) ->
@@ -185,7 +185,7 @@ issuer_der(Issuer) ->
     Subject.
 
 subject(undefined, IsRootCA) ->
-    User = if IsRootCA -> "RootCA"; true -> os:getenv("USER") end,
+    User = if IsRootCA -> "RootCA"; true -> user() end,
     Opts = [{email, User ++ "@erlang.org"},
 	    {name, User},
 	    {city, "Stockholm"},
@@ -196,6 +196,14 @@ subject(undefined, IsRootCA) ->
 subject(Opts, _) ->
     subject(Opts).
 
+user() ->
+    case os:getenv("USER") of
+	false ->
+	    "test_user";
+	User ->
+	    User
+    end.
+
 subject(SubjectOpts) when is_list(SubjectOpts) ->
     Encode = fun(Opt) ->
 		     {Type,Value} = subject_enc(Opt),
diff --git a/lib/public_key/test/pkits_SUITE.erl b/lib/public_key/test/pkits_SUITE.erl
index a325a975e9..e59f299399 100644
--- a/lib/public_key/test/pkits_SUITE.erl
+++ b/lib/public_key/test/pkits_SUITE.erl
@@ -72,7 +72,8 @@ groups() ->
       [invalid_name_chain, whitespace_name_chain, capitalization_name_chain,
        uid_name_chain, attrib_name_chain, string_name_chain]},
      {verifying_paths_with_self_issued_certificates, [],
-      [basic_valid, basic_invalid, crl_signing_valid, crl_signing_invalid]},
+      [basic_valid, %%basic_invalid, 
+       crl_signing_valid, crl_signing_invalid]},
      %% {basic_certificate_revocation_tests, [],
      %%  [missing_CRL, revoked_CA, revoked_peer, invalid_CRL_signature,
      %%   invalid_CRL_issuer, invalid_CRL, valid_CRL,
@@ -116,14 +117,12 @@ end_per_testcase(_Func, Config) ->
     Config.
 
 init_per_suite(Config) ->
-    {skip, "PKIX Conformance test certificates expired 14 of April 2011,"
-     " new conformance test suite uses new format so skip until PKCS-12 support is implemented"}.
-    %% try crypto:start() of
-    %% 	ok ->
-    %% 	    Config
-    %% catch _:_ ->
-    %% 	    {skip, "Crypto did not start"}
-    %% end.
+    try crypto:start() of
+     	ok ->
+	  crypto_support_check(Config)  
+    catch _:_ ->
+     	    {skip, "Crypto did not start"}
+    end.
 
 end_per_suite(_Config) ->
     application:stop(crypto).
@@ -134,109 +133,109 @@ valid_rsa_signature(doc) ->
 valid_rsa_signature(suite) ->
     [];
 valid_rsa_signature(Config) when is_list(Config) ->
-    run([{ "4.1.1", "Valid Signatures Test1", ok}]).
+    run([{ "4.1.1", "Valid Certificate Path Test1 EE", ok}]).
 
 invalid_rsa_signature(doc) ->
     ["Test rsa signatur verification"];
 invalid_rsa_signature(suite) ->
     [];
 invalid_rsa_signature(Config) when is_list(Config) ->
-    run([{ "4.1.2", "Invalid CA Signature Test2", {bad_cert,invalid_signature}},
-	 { "4.1.3", "Invalid EE Signature Test3", {bad_cert,invalid_signature}}]).
+    run([{ "4.1.2", "Invalid CA Signature Test2 EE", {bad_cert,invalid_signature}},
+	 { "4.1.3", "Invalid EE Signature Test3 EE", {bad_cert,invalid_signature}}]).
 
 valid_dsa_signature(doc) ->
     ["Test dsa signatur verification"];
 valid_dsa_signature(suite) ->
     [];
 valid_dsa_signature(Config) when is_list(Config) ->
-    run([{ "4.1.4", "Valid DSA Signatures Test4", ok},
-	 { "4.1.5", "Valid DSA Parameter Inheritance Test5", ok}]).
+    run([{ "4.1.4", "Valid DSA Signatures Test4 EE", ok},
+	 { "4.1.5", "Valid DSA Parameter Inheritance Test5 EE", ok}]).
 
 invalid_dsa_signature(doc) ->
     ["Test dsa signatur verification"];
 invalid_dsa_signature(suite) ->
     [];
 invalid_dsa_signature(Config) when is_list(Config) ->
-    run([{ "4.1.6", "Invalid DSA Signature Test6",{bad_cert,invalid_signature}}]).
+    run([{ "4.1.6", "Invalid DSA Signature Test6 EE",{bad_cert,invalid_signature}}]).
 %%-----------------------------------------------------------------------------
 not_before_invalid(doc) ->
     [""];
 not_before_invalid(suite) ->
     [];
 not_before_invalid(Config) when is_list(Config) ->
-    run([{ "4.2.1", "Invalid CA notBefore Date Test1",{bad_cert, cert_expired}},
-	 { "4.2.2", "Invalid EE notBefore Date Test2",{bad_cert, cert_expired}}]).
+    run([{ "4.2.1", "Invalid CA notBefore Date Test1 EE",{bad_cert, cert_expired}},
+	 { "4.2.2", "Invalid EE notBefore Date Test2 EE",{bad_cert, cert_expired}}]).
 
 not_before_valid(doc) ->
     [""];
 not_before_valid(suite) ->
     [];
 not_before_valid(Config) when is_list(Config) ->
-    run([{ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", ok},
-	 { "4.2.4", "Valid GeneralizedTime notBefore Date Test4", ok}]).
+    run([{ "4.2.3", "Valid pre2000 UTC notBefore Date Test3 EE", ok},
+	 { "4.2.4", "Valid GeneralizedTime notBefore Date Test4 EE", ok}]).
 
 not_after_invalid(doc) ->
     [""];
 not_after_invalid(suite) ->
     [];
 not_after_invalid(Config) when is_list(Config) ->
-    run([{ "4.2.5", "Invalid CA notAfter Date Test5", {bad_cert, cert_expired}},
-	 { "4.2.6", "Invalid EE notAfter Date Test6", {bad_cert, cert_expired}},
-	 { "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7",{bad_cert, cert_expired}}]).
+    run([{ "4.2.5", "Invalid CA notAfter Date Test5 EE", {bad_cert, cert_expired}},
+	 { "4.2.6", "Invalid EE notAfter Date Test6 EE", {bad_cert, cert_expired}},
+	 { "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7 EE",{bad_cert, cert_expired}}]).
 
 not_after_valid(doc) ->
     [""];
 not_after_valid(suite) ->
     [];
 not_after_valid(Config) when is_list(Config) ->
-    run([{ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", ok}]).
+    run([{ "4.2.8", "Valid GeneralizedTime notAfter Date Test8 EE", ok}]).
 %%-----------------------------------------------------------------------------
 invalid_name_chain(doc) ->
     [""];
 invalid_name_chain(suite) ->
     [];
 invalid_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.1", "Invalid Name Chaining EE Test1", {bad_cert, invalid_issuer}},
-	 { "4.3.2", "Invalid Name Chaining Order Test2", {bad_cert, invalid_issuer}}]).
+    run([{ "4.3.1", "Invalid Name Chaining Test1 EE", {bad_cert, invalid_issuer}},
+	 { "4.3.2", "Invalid Name Chaining Order Test2 EE", {bad_cert, invalid_issuer}}]).
 
 whitespace_name_chain(doc) ->
     [""];
 whitespace_name_chain(suite) ->
     [];
 whitespace_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.3", "Valid Name Chaining Whitespace Test3", ok},
-	 { "4.3.4", "Valid Name Chaining Whitespace Test4", ok}]).
+    run([{ "4.3.3", "Valid Name Chaining Whitespace Test3 EE", ok},
+	 { "4.3.4", "Valid Name Chaining Whitespace Test4 EE", ok}]).
 
 capitalization_name_chain(doc) ->
     [""];
 capitalization_name_chain(suite) ->
     [];
 capitalization_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.5", "Valid Name Chaining Capitalization Test5",ok}]).
+    run([{ "4.3.5", "Valid Name Chaining Capitalization Test5 EE",ok}]).
 
 uid_name_chain(doc) ->
     [""];
 uid_name_chain(suite) ->
     [];
 uid_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.6", "Valid Name Chaining UIDs Test6",ok}]).
+    run([{ "4.3.6", "Valid Name UIDs Test6 EE",ok}]).
 
 attrib_name_chain(doc) ->
     [""];
 attrib_name_chain(suite) ->
     [];
 attrib_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", ok},
-	 { "4.3.8", "Valid RFC3280 Optional Attribute Types Test8",  ok}]).
+    run([{ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7 EE", ok},
+	 { "4.3.8", "Valid RFC3280 Optional Attribute Types Test8 EE",  ok}]).
 
 string_name_chain(doc) ->
     [""];
 string_name_chain(suite) ->
     [];
 string_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.9", "Valid UTF8String Encoded Names Test9", ok},
-	 { "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", ok},
-	 { "4.3.11", "Valid UTF8String Case Insensitive Match Test11", ok}]).
+    run([{ "4.3.9", "Valid UTF8String Encoded Names Test9 EE", ok},
+	 %%{ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10 EE", ok},
+	 { "4.3.11", "Valid UTF8String Case Insensitive Match Test11 EE", ok}]).
 
 %%-----------------------------------------------------------------------------
 
@@ -245,9 +244,9 @@ basic_valid(doc) ->
 basic_valid(suite) ->
     [];
 basic_valid(Config) when is_list(Config) ->
-    run([{ "4.5.1",  "Valid Basic Self-Issued Old With New Test1", ok},
-	 { "4.5.3",  "Valid Basic Self-Issued New With Old Test3", ok},
-	 { "4.5.4",  "Valid Basic Self-Issued New With Old Test4", ok}
+    run([{ "4.5.1",  "Valid Basic Self-Issued Old With New Test1 EE", ok},
+	 { "4.5.3",  "Valid Basic Self-Issued New With Old Test3 EE", ok},
+	 { "4.5.4",  "Valid Basic Self-Issued New With Old Test4 EE", ok}
 	]).
 
 basic_invalid(doc) ->
@@ -255,9 +254,9 @@ basic_invalid(doc) ->
 basic_invalid(suite) ->
     [];
 basic_invalid(Config) when is_list(Config) ->
-    run([{"4.5.2",  "Invalid Basic Self-Issued Old With New Test2",
+    run([{"4.5.2",  "Invalid Basic Self-Issued Old With New Test2 EE",
 	  {bad_cert, {revoked, keyCompromise}}},
-	 {"4.5.5",  "Invalid Basic Self-Issued New With Old Test5",
+	 {"4.5.5",  "Invalid Basic Self-Issued New With Old Test5 EE",
 	  {bad_cert, {revoked, keyCompromise}}}
 	]).
 
@@ -266,16 +265,16 @@ crl_signing_valid(doc) ->
 crl_signing_valid(suite) ->
     [];
 crl_signing_valid(Config) when is_list(Config) ->
-    run([{ "4.5.6",  "Valid Basic Self-Issued CRL Signing Key Test6", ok}]).
+    run([{ "4.5.6",  "Valid Basic Self-Issued CRL Signing Key Test6 EE", ok}]).
 
 crl_signing_invalid(doc) ->
     [""];
 crl_signing_invalid(suite) ->
     [];
 crl_signing_invalid(Config) when is_list(Config) ->
-    run([{ "4.5.7",  "Invalid Basic Self-Issued CRL Signing Key Test7",
-	   {bad_cert, {revoked, keyCompromise}}},
-	 { "4.5.8",  "Invalid Basic Self-Issued CRL Signing Key Test8",
+    run([%% { "4.5.7",  "Invalid Basic Self-Issued CRL Signing Key Test7 EE",
+	 %%   {bad_cert, {revoked, keyCompromise}}},
+	 { "4.5.8",  "Invalid Basic Self-Issued CRL Signing Key Test8 EE",
 	   {bad_cert, invalid_key_usage}}
 	]).
 
@@ -285,7 +284,7 @@ missing_CRL(doc) ->
 missing_CRL(suite) ->
     [];
 missing_CRL(Config) when is_list(Config) ->
-    run([{ "4.4.1", "Missing CRL Test1",{bad_cert,
+    run([{ "4.4.1", "Missing CRL Test1 EE",{bad_cert,
     revocation_status_undetermined}}]).
 
 revoked_CA(doc) ->
@@ -293,7 +292,7 @@ revoked_CA(doc) ->
 revoked_CA(suite) ->
     [];
 revoked_CA(Config) when is_list(Config) ->
-    run([{ "4.4.2", "Invalid Revoked CA Test2", {bad_cert,
+    run([{ "4.4.2", "Invalid Revoked CA Test2 EE", {bad_cert,
     {revoked, keyCompromise}}}]).
 
 revoked_peer(doc) ->
@@ -301,7 +300,7 @@ revoked_peer(doc) ->
 revoked_peer(suite) ->
     [];
 revoked_peer(Config) when is_list(Config) ->
-    run([{ "4.4.3", "Invalid Revoked EE Test3", {bad_cert,
+    run([{ "4.4.3", "Invalid Revoked EE Test3 EE", {bad_cert,
     {revoked, keyCompromise}}}]).
 
 invalid_CRL_signature(doc) ->
@@ -309,7 +308,7 @@ invalid_CRL_signature(doc) ->
 invalid_CRL_signature(suite) ->
     [];
 invalid_CRL_signature(Config) when is_list(Config) ->
-    run([{ "4.4.4", "Invalid Bad CRL Signature Test4",
+    run([{ "4.4.4", "Invalid Bad CRL Signature Test4 EE",
 	   {bad_cert, revocation_status_undetermined}}]).
 
 invalid_CRL_issuer(doc) ->
@@ -317,7 +316,7 @@ invalid_CRL_issuer(doc) ->
 invalid_CRL_issuer(suite) ->
     [];
 invalid_CRL_issuer(Config) when is_list(Config) ->
-    run({ "4.4.5", "Invalid Bad CRL Issuer Name Test5",
+    run({ "4.4.5", "Invalid Bad CRL Issuer Name Test5 EE",
 	  {bad_cert, revocation_status_undetermined}}).
 
 invalid_CRL(doc) ->
@@ -325,7 +324,7 @@ invalid_CRL(doc) ->
 invalid_CRL(suite) ->
     [];
 invalid_CRL(Config) when is_list(Config) ->
-    run([{ "4.4.6", "Invalid Wrong CRL Test6",
+    run([{ "4.4.6", "Invalid Wrong CRL Test6 EE",
 	   {bad_cert, revocation_status_undetermined}}]).
 
 valid_CRL(doc) ->
@@ -333,18 +332,18 @@ valid_CRL(doc) ->
 valid_CRL(suite) ->
     [];
 valid_CRL(Config) when is_list(Config) ->
-    run([{ "4.4.7", "Valid Two CRLs Test7", ok}]).
+    run([{ "4.4.7", "Valid Two CRLs Test7 EE", ok}]).
 
 unknown_CRL_extension(doc) ->
     [""];
 unknown_CRL_extension(suite) ->
     [];
 unknown_CRL_extension(Config) when is_list(Config) ->
-    run([{ "4.4.8", "Invalid Unknown CRL Entry Extension Test8",
+    run([{ "4.4.8", "Invalid Unknown CRL Entry Extension Test8 EE",
 	   {bad_cert, {revoked, keyCompromise}}},
-	 { "4.4.9", "Invalid Unknown CRL Extension Test9",
+	 { "4.4.9", "Invalid Unknown CRL Extension Test9 EE",
 	   {bad_cert, {revoked, keyCompromise}}},
-	 { "4.4.10", "Invalid Unknown CRL Extension Test10",
+	 { "4.4.10", "Invalid Unknown CRL Extension Test10 EE",
 	   {bad_cert, revocation_status_undetermined}}]).
 
 old_CRL(doc) ->
@@ -352,9 +351,9 @@ old_CRL(doc) ->
 old_CRL(suite) ->
     [];
 old_CRL(Config) when is_list(Config) ->
-    run([{ "4.4.11", "Invalid Old CRL nextUpdate Test11",
+    run([{ "4.4.11", "Invalid Old CRL nextUpdate Test11 EE",
 	   {bad_cert, revocation_status_undetermined}},
-	 { "4.4.12", "Invalid pre2000 CRL nextUpdate Test12",
+	 { "4.4.12", "Invalid pre2000 CRL nextUpdate Test12 EE",
 	   {bad_cert, revocation_status_undetermined}}]).
 
 fresh_CRL(doc) ->
@@ -362,7 +361,7 @@ fresh_CRL(doc) ->
 fresh_CRL(suite) ->
     [];
 fresh_CRL(Config) when is_list(Config) ->
-    run([{ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", ok}]).
+    run([{ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13 EE", ok}]).
 
 valid_serial(doc) ->
     [""];
@@ -370,9 +369,9 @@ valid_serial(suite) ->
     [];
 valid_serial(Config) when is_list(Config) ->
     run([
-	 { "4.4.14", "Valid Negative Serial Number Test14",ok},
-	 { "4.4.16", "Valid Long Serial Number Test16", ok},
-	 { "4.4.17", "Valid Long Serial Number Test17", ok}
+	 { "4.4.14", "Valid Negative Serial Number Test14 EE",ok},
+	 { "4.4.16", "Valid Long Serial Number Test16 EE", ok},
+	 { "4.4.17", "Valid Long Serial Number Test17 EE", ok}
 	]).
 
 invalid_serial(doc) ->
@@ -380,9 +379,9 @@ invalid_serial(doc) ->
 invalid_serial(suite) ->
     [];
 invalid_serial(Config) when is_list(Config) ->
-    run([{ "4.4.15", "Invalid Negative Serial Number Test15",
+    run([{ "4.4.15", "Invalid Negative Serial Number Test15 EE",
 	   {bad_cert, {revoked, keyCompromise}}},
-	 { "4.4.18", "Invalid Long Serial Number Test18",
+	 { "4.4.18", "Invalid Long Serial Number Test18 EE",
 	   {bad_cert, {revoked, keyCompromise}}}]).
 
 valid_seperate_keys(doc) ->
@@ -390,7 +389,7 @@ valid_seperate_keys(doc) ->
 valid_seperate_keys(suite) ->
     [];
 valid_seperate_keys(Config) when is_list(Config) ->
-    run([{ "4.4.19", "Valid Separate Certificate and CRL Keys Test19",   ok}]).
+    run([{ "4.4.19", "Valid Separate Certificate and CRL Keys Test19 EE",   ok}]).
 
 invalid_separate_keys(doc) ->
     [""];
@@ -408,11 +407,11 @@ missing_basic_constraints(doc) ->
 missing_basic_constraints(suite) ->
     [];
 missing_basic_constraints(Config) when is_list(Config) ->
-    run([{ "4.6.1",  "Invalid Missing basicConstraints Test1",
+    run([{ "4.6.1",  "Invalid Missing basicConstraints Test1 EE",
 	   {bad_cert, missing_basic_constraint}},
-	 { "4.6.2",  "Invalid cA False Test2",
+	 { "4.6.2",  "Invalid cA False Test2 EE",
 	   {bad_cert, missing_basic_constraint}},
-	 { "4.6.3",  "Invalid cA False Test3",
+	 { "4.6.3",  "Invalid cA False Test3 EE",
 	   {bad_cert, missing_basic_constraint}}]).
 
 valid_basic_constraint(doc) ->
@@ -420,20 +419,20 @@ valid_basic_constraint(doc) ->
 valid_basic_constraint(suite) ->
     [];
 valid_basic_constraint(Config) when is_list(Config) ->
-    run([{"4.6.4", "Valid basicConstraints Not Critical Test4", ok}]).
+    run([{"4.6.4", "Valid basicConstraints Not Critical Test4 EE", ok}]).
 
 invalid_path_constraints(doc) ->
     [""];
 invalid_path_constraints(suite) ->
     [];
 invalid_path_constraints(Config) when is_list(Config) ->
-    run([{ "4.6.5", "Invalid pathLenConstraint Test5", {bad_cert, max_path_length_reached}},
-	 { "4.6.6", "Invalid pathLenConstraint Test6", {bad_cert, max_path_length_reached}},
-	 { "4.6.9", "Invalid pathLenConstraint Test9", {bad_cert, max_path_length_reached}},
-	 { "4.6.10", "Invalid pathLenConstraint Test10", {bad_cert, max_path_length_reached}},
-	 { "4.6.11", "Invalid pathLenConstraint Test11", {bad_cert, max_path_length_reached}},
-	 { "4.6.12", "Invalid pathLenConstraint Test12", {bad_cert, max_path_length_reached}},
-	 { "4.6.16", "Invalid Self-Issued pathLenConstraint Test16",
+    run([{ "4.6.5", "Invalid pathLenConstraint Test5 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.6", "Invalid pathLenConstraint Test6 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.9", "Invalid pathLenConstraint Test9 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.10", "Invalid pathLenConstraint Test10 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.11", "Invalid pathLenConstraint Test11 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.12", "Invalid pathLenConstraint Test12 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.16", "Invalid Self-Issued pathLenConstraint Test16 EE",
 	   {bad_cert, max_path_length_reached}}]).
 
 valid_path_constraints(doc) ->
@@ -441,12 +440,12 @@ valid_path_constraints(doc) ->
 valid_path_constraints(suite) ->
     [];
 valid_path_constraints(Config) when is_list(Config) ->
-    run([{ "4.6.7",  "Valid pathLenConstraint Test7", ok},
-	 { "4.6.8",  "Valid pathLenConstraint Test8", ok},
-	 { "4.6.13", "Valid pathLenConstraint Test13", ok},
-	 { "4.6.14", "Valid pathLenConstraint Test14", ok},
-	 { "4.6.15", "Valid Self-Issued pathLenConstraint Test15", ok},
-	 { "4.6.17", "Valid Self-Issued pathLenConstraint Test17", ok}]).
+    run([{ "4.6.7",  "Valid pathLenConstraint Test7 EE", ok},
+	 { "4.6.8",  "Valid pathLenConstraint Test8 EE", ok},
+	 { "4.6.13", "Valid pathLenConstraint Test13 EE", ok},
+	 { "4.6.14", "Valid pathLenConstraint Test14 EE", ok},
+	 { "4.6.15", "Valid Self-Issued pathLenConstraint Test15 EE", ok},
+	 { "4.6.17", "Valid Self-Issued pathLenConstraint Test17 EE", ok}]).
 
 %%-----------------------------------------------------------------------------
 invalid_key_usage(doc) ->
@@ -454,14 +453,14 @@ invalid_key_usage(doc) ->
 invalid_key_usage(suite) ->
     [];
 invalid_key_usage(Config) when is_list(Config) ->
-    run([{ "4.7.1",  "Invalid keyUsage Critical keyCertSign False Test1",
+    run([{ "4.7.1",  "Invalid keyUsage Critical keyCertSign False Test1 EE",
 	   {bad_cert,invalid_key_usage} },
-	 { "4.7.2",  "Invalid keyUsage Not Critical keyCertSign False Test2",
-	   {bad_cert,invalid_key_usage}},
-	{ "4.7.4",  "Invalid keyUsage Critical cRLSign False Test4",
-	  {bad_cert, revocation_status_undetermined}},
-	 { "4.7.5",  "Invalid keyUsage Not Critical cRLSign False Test5",
-	   {bad_cert, revocation_status_undetermined}}
+	 { "4.7.2",  "Invalid keyUsage Not Critical keyCertSign False Test2 EE",
+	   {bad_cert,invalid_key_usage}}
+	%% { "4.7.4",  "Invalid keyUsage Critical cRLSign False Test4 EE",
+	%%   {bad_cert, revocation_status_undetermined}},
+	%%  { "4.7.5",  "Invalid keyUsage Not Critical cRLSign False Test5 EE",
+	%%    {bad_cert, revocation_status_undetermined}}
 	]).
 
 valid_key_usage(doc) ->
@@ -469,7 +468,7 @@ valid_key_usage(doc) ->
 valid_key_usage(suite) ->
     [];
 valid_key_usage(Config) when is_list(Config) ->
-    run([{ "4.7.3",  "Valid keyUsage Not Critical Test3", ok}]).
+    run([{ "4.7.3",  "Valid keyUsage Not Critical Test3 EE", ok}]).
 
 %%-----------------------------------------------------------------------------
 certificate_policies(doc) ->    [""];
@@ -503,32 +502,32 @@ valid_DN_name_constraints(doc) ->
 valid_DN_name_constraints(suite) ->
     [];
 valid_DN_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.1",  "Valid DN nameConstraints Test1", ok},
-	 { "4.13.4",  "Valid DN nameConstraints Test4", ok},
-	 { "4.13.5",  "Valid DN nameConstraints Test5", ok},
-	 { "4.13.6",  "Valid DN nameConstraints Test6", ok},
-	 { "4.13.11", "Valid DN nameConstraints Test11", ok},
-	 { "4.13.14", "Valid DN nameConstraints Test14", ok},
-	 { "4.13.18", "Valid DN nameConstraints Test18", ok},
-	 { "4.13.19", "Valid Self-Issued DN nameConstraints Test19", ok}]).
+    run([{ "4.13.1",  "Valid DN nameConstraints Test1 EE", ok},
+	 { "4.13.4",  "Valid DN nameConstraints Test4 EE", ok},
+	 { "4.13.5",  "Valid DN nameConstraints Test5 EE", ok},
+	 { "4.13.6",  "Valid DN nameConstraints Test6 EE", ok},
+	 { "4.13.11", "Valid DN nameConstraints Test11 EE", ok},
+	 { "4.13.14", "Valid DN nameConstraints Test14 EE", ok},
+	 { "4.13.18", "Valid DN nameConstraints Test18 EE", ok},
+	 { "4.13.19", "Valid DN nameConstraints Test19 EE", ok}]).
 
 invalid_DN_name_constraints(doc) ->
     [""];
 invalid_DN_name_constraints(suite) ->
     [];
 invalid_DN_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.2", "Invalid DN nameConstraints Test2", {bad_cert, name_not_permitted}},
-	 { "4.13.3",  "Invalid DN nameConstraints Test3", {bad_cert, name_not_permitted}},
-	 { "4.13.7",  "Invalid DN nameConstraints Test7", {bad_cert, name_not_permitted}},
-	 { "4.13.8",  "Invalid DN nameConstraints Test8", {bad_cert, name_not_permitted}},
-	 { "4.13.9",  "Invalid DN nameConstraints Test9", {bad_cert, name_not_permitted}},
-	 { "4.13.10", "Invalid DN nameConstraints Test10",{bad_cert, name_not_permitted}},
-	 { "4.13.12", "Invalid DN nameConstraints Test12",{bad_cert, name_not_permitted}},
-	 { "4.13.13", "Invalid DN nameConstraints Test13",{bad_cert, name_not_permitted}},
-	 { "4.13.15", "Invalid DN nameConstraints Test15",{bad_cert, name_not_permitted}},
-	 { "4.13.16", "Invalid DN nameConstraints Test16",{bad_cert, name_not_permitted}},
-	 { "4.13.17", "Invalid DN nameConstraints Test17",{bad_cert, name_not_permitted}},
-	 { "4.13.20", "Invalid Self-Issued DN nameConstraints Test20",
+    run([{ "4.13.2", "Invalid DN nameConstraints Test2 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.3",  "Invalid DN nameConstraints Test3 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.7",  "Invalid DN nameConstraints Test7 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.8",  "Invalid DN nameConstraints Test8 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.9",  "Invalid DN nameConstraints Test9 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.10", "Invalid DN nameConstraints Test10 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.12", "Invalid DN nameConstraints Test12 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.13", "Invalid DN nameConstraints Test13 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.15", "Invalid DN nameConstraints Test15 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.16", "Invalid DN nameConstraints Test16 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.17", "Invalid DN nameConstraints Test17 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.20", "Invalid DN nameConstraints Test20 EE",
 	   {bad_cert, name_not_permitted}}]).
 
 valid_rfc822_name_constraints(doc) ->
@@ -536,9 +535,9 @@ valid_rfc822_name_constraints(doc) ->
 valid_rfc822_name_constraints(suite) ->
     [];
 valid_rfc822_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.21", "Valid RFC822 nameConstraints Test21", ok},
-	 { "4.13.23", "Valid RFC822 nameConstraints Test23", ok},
-	 { "4.13.25", "Valid RFC822 nameConstraints Test25", ok}]).
+    run([{ "4.13.21", "Valid RFC822 nameConstraints Test21 EE", ok},
+	 { "4.13.23", "Valid RFC822 nameConstraints Test23 EE", ok},
+	 { "4.13.25", "Valid RFC822 nameConstraints Test25 EE", ok}]).
 
 
 invalid_rfc822_name_constraints(doc) ->
@@ -546,11 +545,11 @@ invalid_rfc822_name_constraints(doc) ->
 invalid_rfc822_name_constraints(suite) ->
     [];
 invalid_rfc822_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.22", "Invalid RFC822 nameConstraints Test22",
+    run([{ "4.13.22", "Invalid RFC822 nameConstraints Test22 EE",
 	   {bad_cert, name_not_permitted}},
-	 { "4.13.24", "Invalid RFC822 nameConstraints Test24",
+	 { "4.13.24", "Invalid RFC822 nameConstraints Test24 EE",
 	   {bad_cert, name_not_permitted}},
-	 { "4.13.26", "Invalid RFC822 nameConstraints Test26",
+	 { "4.13.26", "Invalid RFC822 nameConstraints Test26 EE",
 	   {bad_cert, name_not_permitted}}]).
 
 valid_DN_and_rfc822_name_constraints(doc) ->
@@ -558,16 +557,16 @@ valid_DN_and_rfc822_name_constraints(doc) ->
 valid_DN_and_rfc822_name_constraints(suite) ->
     [];
 valid_DN_and_rfc822_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", ok}]).
+    run([{ "4.13.27", "Valid DN and RFC822 nameConstraints Test27 EE", ok}]).
 
 invalid_DN_and_rfc822_name_constraints(doc) ->
     [""];
 invalid_DN_and_rfc822_name_constraints(suite) ->
     [];
 invalid_DN_and_rfc822_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28",
+    run([{ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28 EE",
 	   {bad_cert, name_not_permitted}},
-	 { "4.13.29", "Invalid DN and RFC822 nameConstraints Test29",
+	 { "4.13.29", "Invalid DN and RFC822 nameConstraints Test29 EE",
 	   {bad_cert, name_not_permitted}}]).
 
 valid_dns_name_constraints(doc) ->
@@ -575,33 +574,33 @@ valid_dns_name_constraints(doc) ->
 valid_dns_name_constraints(suite) ->
     [];
 valid_dns_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.30", "Valid DNS nameConstraints Test30", ok},
-	 { "4.13.32", "Valid DNS nameConstraints Test32", ok}]).
+    run([{ "4.13.30", "Valid DNS nameConstraints Test30 EE", ok},
+	 { "4.13.32", "Valid DNS nameConstraints Test32 EE", ok}]).
 
 invalid_dns_name_constraints(doc) ->
     [""];
 invalid_dns_name_constraints(suite) ->
     [];
 invalid_dns_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.31", "Invalid DNS nameConstraints Test31", {bad_cert, name_not_permitted}},
-	 { "4.13.33", "Invalid DNS nameConstraints Test33", {bad_cert, name_not_permitted}},
-	 { "4.13.38", "Invalid DNS nameConstraints Test38", {bad_cert, name_not_permitted}}]).
+    run([{ "4.13.31", "Invalid DNS nameConstraints Test31 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.33", "Invalid DNS nameConstraints Test33 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.38", "Invalid DNS nameConstraints Test38 EE", {bad_cert, name_not_permitted}}]).
 
 valid_uri_name_constraints(doc) ->
     [""];
 valid_uri_name_constraints(suite) ->
     [];
 valid_uri_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.34", "Valid URI nameConstraints Test34", ok},
-	 { "4.13.36", "Valid URI nameConstraints Test36", ok}]).
+    run([{ "4.13.34", "Valid URI nameConstraints Test34 EE", ok},
+	 { "4.13.36", "Valid URI nameConstraints Test36 EE", ok}]).
 
 invalid_uri_name_constraints(doc) ->
     [""];
 invalid_uri_name_constraints(suite) ->
     [];
 invalid_uri_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.35", "Invalid URI nameConstraints Test35",{bad_cert, name_not_permitted}},
-	 { "4.13.37", "Invalid URI nameConstraints Test37",{bad_cert, name_not_permitted}}]).
+    run([{ "4.13.35", "Invalid URI nameConstraints Test35 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.37", "Invalid URI nameConstraints Test37 EE",{bad_cert, name_not_permitted}}]).
 
 %%-----------------------------------------------------------------------------
 delta_without_crl(doc) ->
@@ -609,20 +608,20 @@ delta_without_crl(doc) ->
 delta_without_crl(suite) ->
     [];
 delta_without_crl(Config) when is_list(Config) ->
-  run([{ "4.15.1",  "Invalid deltaCRLIndicator No Base Test1",{bad_cert,
+  run([{ "4.15.1",  "Invalid deltaCRLIndicator No Base Test1 EE",{bad_cert,
 							       revocation_status_undetermined}},
-       {"4.15.10", "Invalid delta-CRL Test10", {bad_cert,
-						revocation_status_undetermined}}]).
+       {"4.15.10", "Invalid delta-CRL Test10 EE", {bad_cert,
+						   revocation_status_undetermined}}]).
 
 valid_delta_crls(doc) ->
     [""];
 valid_delta_crls(suite) ->
     [];
 valid_delta_crls(Config) when is_list(Config) ->
-    run([{ "4.15.2",  "Valid delta-CRL Test2", ok},
-	 { "4.15.5",  "Valid delta-CRL Test5", ok},
-	 { "4.15.7",  "Valid delta-CRL Test7", ok},
-	 { "4.15.8",  "Valid delta-CRL Test8", ok}
+    run([{ "4.15.2",  "Valid delta-CRL Test2 EE", ok},
+	 { "4.15.5",  "Valid delta-CRL Test5 EE", ok},
+	 { "4.15.7",  "Valid delta-CRL Test7 EE", ok},
+	 { "4.15.8",  "Valid delta-CRL Test8 EE", ok}
 	]).
 
 invalid_delta_crls(doc) ->
@@ -630,10 +629,10 @@ invalid_delta_crls(doc) ->
 invalid_delta_crls(suite) ->
     [];
 invalid_delta_crls(Config) when is_list(Config) ->
-    run([{ "4.15.3",  "Invalid delta-CRL Test3", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.15.4",  "Invalid delta-CRL Test4", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.15.6",  "Invalid delta-CRL Test6", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.15.9",  "Invalid delta-CRL Test9", {bad_cert,{revoked, keyCompromise}}}]).
+    run([{ "4.15.3",  "Invalid delta-CRL Test3 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.15.4",  "Invalid delta-CRL Test4 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.15.6",  "Invalid delta-CRL Test6 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.15.9",  "Invalid delta-CRL Test9 EE", {bad_cert,{revoked, keyCompromise}}}]).
 
 %%-----------------------------------------------------------------------------
 
@@ -642,10 +641,10 @@ valid_distribution_points(doc) ->
 valid_distribution_points(suite) ->
     [];
 valid_distribution_points(Config) when is_list(Config) ->
-    run([{ "4.14.1",  "Valid distributionPoint Test1", ok},
-	 { "4.14.4",  "Valid distributionPoint Test4", ok},
-	 { "4.14.5",  "Valid distributionPoint Test5", ok},
-	 { "4.14.7",  "Valid distributionPoint Test7", ok}
+    run([{ "4.14.1",  "Valid distributionPoint Test1 EE", ok},
+	 { "4.14.4",  "Valid distributionPoint Test4 EE", ok},
+	 { "4.14.5",  "Valid distributionPoint Test5 EE", ok},
+	 { "4.14.7",  "Valid distributionPoint Test7 EE", ok}
 	]).
 
 valid_distribution_points_no_issuing_distribution_point(doc) ->
@@ -661,13 +660,13 @@ invalid_distribution_points(doc) ->
 invalid_distribution_points(suite) ->
     [];
 invalid_distribution_points(Config) when is_list(Config) ->
-    run([{ "4.14.2",  "Invalid distributionPoint Test2", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.3",  "Invalid distributionPoint Test3", {bad_cert,
+    run([{ "4.14.2",  "Invalid distributionPoint Test2 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.14.3",  "Invalid distributionPoint Test3 EE", {bad_cert,
 							  revocation_status_undetermined}},
-	 { "4.14.6",  "Invalid distributionPoint Test6", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.8",  "Invalid distributionPoint Test8", {bad_cert,
+	 { "4.14.6",  "Invalid distributionPoint Test6 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.14.8",  "Invalid distributionPoint Test8 EE", {bad_cert,
 							  revocation_status_undetermined}},
-	 { "4.14.9",  "Invalid distributionPoint Test9", {bad_cert,
+	 { "4.14.9",  "Invalid distributionPoint Test9 EE", {bad_cert,
 							  revocation_status_undetermined}}
 	]).
 
@@ -676,7 +675,7 @@ valid_only_contains(doc) ->
 valid_only_contains(suite) ->
     [];
 valid_only_contains(Config) when is_list(Config) ->
-    run([{ "4.14.13", "Valid onlyContainsCACerts CRL Test13", ok}]).
+    run([{ "4.14.13", "Valid onlyContainsCACerts CRL Test13 EE", ok}]).
 
 
 invalid_only_contains(doc) ->
@@ -684,11 +683,11 @@ invalid_only_contains(doc) ->
 invalid_only_contains(suite) ->
     [];
 invalid_only_contains(Config) when is_list(Config) ->
-    run([{ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11",
+    run([{ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11 EE",
 	   {bad_cert, revocation_status_undetermined}},
-	 { "4.14.12", "Invalid onlyContainsCACerts CRL Test12",
+	 { "4.14.12", "Invalid onlyContainsCACerts CRL Test12 EE",
 	   {bad_cert, revocation_status_undetermined}},
-	 { "4.14.14", "Invalid onlyContainsAttributeCerts Test14",
+	 { "4.14.14", "Invalid onlyContainsAttributeCerts Test14 EE",
 	   {bad_cert, revocation_status_undetermined}}
 	]).
 
@@ -697,8 +696,8 @@ valid_only_some_reasons(doc) ->
 valid_only_some_reasons(suite) ->
     [];
 valid_only_some_reasons(Config) when is_list(Config) ->
-    run([{ "4.14.18", "Valid onlySomeReasons Test18", ok},
-	 { "4.14.19", "Valid onlySomeReasons Test19", ok}
+    run([{ "4.14.18", "Valid onlySomeReasons Test18 EE", ok},
+	 { "4.14.19", "Valid onlySomeReasons Test19 EE", ok}
 	]).
 
 invalid_only_some_reasons(doc) ->
@@ -706,15 +705,15 @@ invalid_only_some_reasons(doc) ->
 invalid_only_some_reasons(suite) ->
     [];
 invalid_only_some_reasons(Config) when is_list(Config) ->
-    run([{ "4.14.15", "Invalid onlySomeReasons Test15",
+    run([{ "4.14.15", "Invalid onlySomeReasons Test15 EE",
 	   {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.16", "Invalid onlySomeReasons Test16",
+	 { "4.14.16", "Invalid onlySomeReasons Test16 EE",
 	   {bad_cert,{revoked, certificateHold}}},
-	 { "4.14.17", "Invalid onlySomeReasons Test17",
+	 { "4.14.17", "Invalid onlySomeReasons Test17 EE",
 	   {bad_cert, revocation_status_undetermined}},
-	 { "4.14.20", "Invalid onlySomeReasons Test20",
+	 { "4.14.20", "Invalid onlySomeReasons Test20 EE",
 	   {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.21", "Invalid onlySomeReasons Test21",
+	 { "4.14.21", "Invalid onlySomeReasons Test21 EE",
 	   {bad_cert,{revoked, affiliationChanged}}}
 	]).
 
@@ -723,9 +722,9 @@ valid_indirect_crl(doc) ->
 valid_indirect_crl(suite) ->
     [];
 valid_indirect_crl(Config) when is_list(Config) ->
-    run([{ "4.14.22", "Valid IDP with indirectCRL Test22", ok},
-	 { "4.14.24", "Valid IDP with indirectCRL Test24", ok},
-	 { "4.14.25", "Valid IDP with indirectCRL Test25", ok}
+    run([{ "4.14.22", "Valid IDP with indirectCRL Test22 EE", ok},
+	 { "4.14.24", "Valid IDP with indirectCRL Test24 EE", ok},
+	 { "4.14.25", "Valid IDP with indirectCRL Test25 EE", ok}
 	]).
 
 invalid_indirect_crl(doc) ->
@@ -733,9 +732,9 @@ invalid_indirect_crl(doc) ->
 invalid_indirect_crl(suite) ->
     [];
 invalid_indirect_crl(Config) when is_list(Config) ->
-    run([{ "4.14.23", "Invalid IDP with indirectCRL Test23",
+    run([{ "4.14.23", "Invalid IDP with indirectCRL Test23 EE",
 	   {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.26", "Invalid IDP with indirectCRL Test26",
+	 { "4.14.26", "Invalid IDP with indirectCRL Test26 EE",
 	   {bad_cert, revocation_status_undetermined}}
 	]).
 
@@ -744,9 +743,9 @@ valid_crl_issuer(doc) ->
 valid_crl_issuer(suite) ->
     [];
 valid_crl_issuer(Config) when is_list(Config) ->
-    run([{ "4.14.28", "Valid cRLIssuer Test28", ok}%%,
-	 %%{ "4.14.29", "Valid cRLIssuer Test29", ok},
-	 %%{ "4.14.33", "Valid cRLIssuer Test33", ok}
+    run([{ "4.14.28", "Valid cRLIssuer Test28 EE", ok}%%,
+	 %%{ "4.14.29", "Valid cRLIssuer Test29 EE", ok},
+	 %%{ "4.14.33", "Valid cRLIssuer Test33 EE", ok}
 	]).
 
 invalid_crl_issuer(doc) ->
@@ -755,11 +754,11 @@ invalid_crl_issuer(suite) ->
     [];
 invalid_crl_issuer(Config) when is_list(Config) ->
     run([
-	 { "4.14.27", "Invalid cRLIssuer Test27", {bad_cert, revocation_status_undetermined}},
-	 { "4.14.31", "Invalid cRLIssuer Test31", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.32", "Invalid cRLIssuer Test32", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.34", "Invalid cRLIssuer Test34", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.35", "Invalid cRLIssuer Test35", {bad_cert, revocation_status_undetermined}}
+	 { "4.14.27", "Invalid cRLIssuer Test27 EE", {bad_cert, revocation_status_undetermined}},
+	 { "4.14.31", "Invalid cRLIssuer Test31 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.14.32", "Invalid cRLIssuer Test32 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.14.34", "Invalid cRLIssuer Test34 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.14.35", "Invalid cRLIssuer Test35 EE", {bad_cert, revocation_status_undetermined}}
 	]).
 
 
@@ -780,7 +779,7 @@ unknown_critical_extension(doc) ->
 unknown_critical_extension(suite) ->
     [];
 unknown_critical_extension(Config) when is_list(Config) ->
-    run([{ "4.16.2",  "Invalid Unknown Critical Certificate Extension Test2",
+    run([{ "4.16.2",  "Invalid Unknown Critical Certificate Extension Test2 EE",
 	   {bad_cert,unknown_critical_extension}}]).
 
 unknown_not_critical_extension(doc) ->
@@ -788,16 +787,18 @@ unknown_not_critical_extension(doc) ->
 unknown_not_critical_extension(suite) ->
     [];
 unknown_not_critical_extension(Config) when is_list(Config) ->
-    run([{ "4.16.1",  "Valid Unknown Not Critical Certificate Extension Test1", ok}]).
+    run([{ "4.16.1",  "Valid Unknown Not Critical Certificate Extension Test1 EE", ok}]).
 
 %%-----------------------------------------------------------------------------
 run(Tests) ->    
-    File = file(?CERTS,"TrustAnchorRootCertificate.crt"),
-    {ok, TA} = file:read_file(File),
+    [TA] = read_certs("Trust Anchor Root Certificate"),
     run(Tests, TA).
 
 run({Chap, Test, Result}, TA) ->
-    CertChain = sort_chain(read_certs(Test),TA, [], false, Chap),
+    CertChain = cas(Chap) ++ read_certs(Test),
+    lists:foreach(fun(C) ->
+			  io:format("CERT: ~p~n", [public_key:pkix_decode_cert(C, otp)])
+		  end, CertChain),
     Options = path_validation_options(TA, Chap,Test),
     try public_key:pkix_path_validation(TA, CertChain, Options) of
 	{Result, _} -> ok;
@@ -1134,6 +1135,7 @@ read_crls(Test) ->
     [CRL || {'CertificateList', CRL, not_encrypted} <- Ders].
 
 test_file(Test) ->
+    io:format("TEST: ~p~n", [Test]),
     file(?CONV, lists:append(string:tokens(Test, " -")) ++ ".pem").
 
 file(Sub,File) ->
@@ -1150,79 +1152,246 @@ file(Sub,File) ->
     end,
     AbsFile.
 
-sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.5.3"->
-     [CA, Entity, Self] = do_sort_chain(Certs, TA, Acc, Bool, Chap),
-     [CA, Self, Entity];
-sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.5.4";
-					    Chap == "4.5.5" ->
-     [CA, Entity, _Self] = do_sort_chain(Certs, TA, Acc, Bool, Chap),
-     [CA, Entity];
-
-sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.14.24";
-					    Chap == "4.14.25";
-					    Chap == "4.14.26";
-					    Chap == "4.14.27";
-					    Chap == "4.14.31";
-					    Chap == "4.14.32";
-					    Chap == "4.14.33" ->
-    [_OtherCA, Entity, CA] = do_sort_chain(Certs, TA, Acc, Bool, Chap),
-    [CA, Entity];
-
-sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.14.28";
-					    Chap == "4.14.29" ->
-    [CA, _OtherCA, Entity] = do_sort_chain(Certs, TA, Acc, Bool, Chap),
-    [CA, Entity];
-
-
-sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.14.33" ->
-    [Entity, CA, _OtherCA] = do_sort_chain(Certs, TA, Acc, Bool, Chap),
-    [CA, Entity];
-
-
-sort_chain(Certs, TA, Acc, Bool, Chap) ->
-    do_sort_chain(Certs, TA, Acc, Bool, Chap).
-
-do_sort_chain([First], TA, Try, Found, Chap) when Chap == "4.5.6";
-						  Chap == "4.5.7";
-						  Chap == "4.4.19";
-						  Chap == "4.4.20";
-						  Chap == "4.4.21"->
-    case public_key:pkix_is_issuer(First,TA) of
-	true -> 
-	    [First|do_sort_chain([],First,Try,true, Chap)];
-	false ->
-	    do_sort_chain([],TA,[First|Try],Found, Chap)
-    end;
-do_sort_chain([First|Certs], TA, Try, Found, Chap) when Chap == "4.5.6";
-							Chap == "4.5.7";
-							Chap == "4.4.19";
-							Chap  == "4.4.20";
-							Chap == "4.4.21"->
-%%    case check_extension_cert_signer(public_key:pkix_decode_cert(First, otp)) of
-%%	true ->
-    case public_key:pkix_is_issuer(First,TA) of
-	true ->
-	    [First|do_sort_chain(Certs,First,Try,true, Chap)];
-	false ->
-	    do_sort_chain(Certs,TA,[First|Try],Found, Chap)
-    end;
-%%	false ->
-%%	    do_sort_chain(Certs, TA, Try, Found, Chap)
-%%   end;
-
-do_sort_chain([First|Certs], TA, Try, Found, Chap) ->
-    case public_key:pkix_is_issuer(First,TA) of
-	true ->
-	    [First|do_sort_chain(Certs,First,Try,true, Chap)];
-	false ->
-	    do_sort_chain(Certs,TA,[First|Try],Found, Chap)
-    end;
-
-do_sort_chain([], _, [],_, _) -> [];
-do_sort_chain([], Valid, Check, true, Chap) ->
-    do_sort_chain(lists:reverse(Check), Valid, [], false, Chap);
-do_sort_chain([], _Valid, Check, false, _) ->
-    Check.
+cas(Chap) ->
+    CAS = intermidiate_cas(Chap),
+    lists:foldl(fun([], Acc) ->
+			Acc;
+		   (CA, Acc) -> 
+			[CACert] = read_certs(CA),
+			[CACert | Acc]
+		end, [], CAS).
+ 
+intermidiate_cas(Chap) when Chap == "4.1.1";
+			    Chap == "4.1.3";
+			    Chap == "4.2.2";
+			    Chap == "4.2.3";
+			    Chap == "4.2.4";
+			    Chap == "4.2.6";
+			    Chap == "4.2.7";
+			    Chap == "4.2.8";
+			    Chap == "4.3.1";
+			    Chap == "4.3.3";
+			    Chap == "4.3.4";
+			    Chap == "4.3.5";
+			    Chap == "4.4.3"
+			    ->
+    ["Good CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.1.2" ->
+    ["Bad Signed CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.1.4";
+			    Chap == "4.1.6" ->
+    ["DSA CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.1.5" ->
+    ["DSA Parameters Inherited CA Cert", "DSA CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.2.1";
+			   Chap == "4.2.5" ->
+    ["Bad notBefore Date CA Cert"];
+
+intermidiate_cas(Chap) when  Chap == "4.16.1";
+			    Chap == "4.16.2" ->
+    ["Trust Anchor Root Certificate"];			    
+
+intermidiate_cas(Chap) when Chap == "4.3.2" ->
+    ["Name Ordering CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.34";
+			    Chap == "4.13.35" ->
+    ["nameConstraints URI1 CA Cert"];
+intermidiate_cas(Chap) when Chap == "4.13.36";
+			   Chap == "4.13.37" ->
+    ["nameConstraints URI2 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.30";
+			    Chap == "4.13.31";
+			    Chap == "4.13.38"
+			    ->
+    ["nameConstraints DNS1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.32";
+			   Chap == "4.13.33" ->
+    ["nameConstraints DNS2 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.27";
+			    Chap == "4.13.28";
+			    Chap == "4.13.29" ->
+    ["nameConstraints DN1 subCA3 Cert", 
+     "nameConstraints DN1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.21";
+			    Chap == "4.13.22" ->
+    ["nameConstraints RFC822 CA1 Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.23";
+			    Chap == "4.13.24" ->
+    ["nameConstraints RFC822 CA2 Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.25";
+			    Chap == "4.13.26" ->
+    ["nameConstraints RFC822 CA3 Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.1" ->
+    ["Missing basicConstraints CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.2" ->
+    ["basicConstraints Critical cA False CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.3" ->
+    ["basicConstraints Not Critical cA False CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.5.2";
+			    Chap == "4.5.5" ->
+    ["Basic Self-Issued New Key CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.5.1" ->
+    ["Basic Self-Issued New Key OldWithNew CA Cert", "Basic Self-Issued New Key CA Cert"];
+
+intermidiate_cas(Chap) when	Chap == "4.5.3" ->
+    ["Basic Self-Issued Old Key NewWithOld CA Cert", "Basic Self-Issued Old Key CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.5.4" ->
+    ["Basic Self-Issued Old Key CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.1"; 
+			    Chap == "4.13.2";
+			    Chap == "4.13.3";
+			    Chap == "4.13.4";
+			    Chap == "4.13.20"
+			    ->
+    ["nameConstraints DN1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.5" ->
+    ["nameConstraints DN2 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.6";
+			    Chap == "4.13.7" ->
+    ["nameConstraints DN3 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.8";
+			    Chap == "4.13.9" ->
+    ["nameConstraints DN4 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.10";
+			    Chap == "4.13.11" ->
+    ["nameConstraints DN5 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.12" ->
+    ["nameConstraints DN1 subCA1 Cert",
+     "nameConstraints DN1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.13";
+			    Chap == "4.13.14" ->
+    ["nameConstraints DN1 subCA2 Cert",
+     "nameConstraints DN1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.15";
+			    Chap == "4.13.16" ->
+    ["nameConstraints DN3 subCA1 Cert",
+     "nameConstraints DN3 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.17";
+			    Chap == "4.13.18" ->
+    ["nameConstraints DN3 subCA2 Cert",
+     "nameConstraints DN3 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.19" ->
+    ["nameConstraints DN1 Self-Issued CA Cert",
+     "nameConstraints DN1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.5.6" ->
+    ["Basic Self-Issued CRL Signing Key CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.7.1";
+			    Chap == "4.7.4" -> 
+    ["keyUsage Critical keyCertSign False CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.7.2";
+			    Chap == "4.7.5" -> 
+    ["keyUsage Not Critical keyCertSign False CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.7.3" -> 
+    ["keyUsage Not Critical CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.3.7" -> 
+    ["RFC3280 Mandatory Attribute Types CA Cert"];
+intermidiate_cas(Chap) when Chap == "4.3.8" -> 
+    ["RFC3280 Optional Attribute Types CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.3.6" -> 
+    ["UIDCACert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.4" -> 
+    ["basicConstraints Not Critical CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.1.26" -> 
+    ["nameConstraints RFC822 CA3 Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.3.9" -> 
+    ["UTF8String Encoded Names CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.3.10" -> 
+    ["Rollover from PrintableString to UTF8String CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.3.11" -> 
+    ["UTF8String Case Insensitive Match CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.7";
+			    Chap == "4.6.8"
+			    -> 
+    ["pathLenConstraint0 CA Cert"];
+intermidiate_cas(Chap) when Chap == "4.6.13" -> 
+    [ "pathLenConstraint6 subsubsubCA41X Cert",
+      "pathLenConstraint6 subsubCA41 Cert", 
+      "pathLenConstraint6 subCA4 Cert", 
+      "pathLenConstraint6 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.14" -> 
+    [ "pathLenConstraint6 subsubsubCA41X Cert",
+      "pathLenConstraint6 subsubCA41 Cert", 
+      "pathLenConstraint6 subCA4 Cert", 
+      "pathLenConstraint6 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.15" -> 
+     [ "pathLenConstraint0 Self-Issued CA Cert",
+       "pathLenConstraint0 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.17" -> 
+    ["pathLenConstraint1 Self-Issued subCA Cert",
+     "pathLenConstraint1 subCA Cert", 
+     "pathLenConstraint1 Self-Issued CA Cert", 
+     "pathLenConstraint1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.5";
+			    Chap == "4.6.6" -> 
+    ["pathLenConstraint0 subCA Cert", 
+     "pathLenConstraint0 CA Cert"]; 
+
+intermidiate_cas(Chap) when Chap == "4.6.9";
+			    Chap == "4.6.10" -> 
+    ["pathLenConstraint6 subsubCA00 Cert",
+     "pathLenConstraint6 subCA0 Cert",
+     "pathLenConstraint6 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.11";
+			    Chap == "4.6.12" -> 
+    ["pathLenConstraint6 subsubsubCA11X Cert",
+     "pathLenConstraint6 subsubCA11 Cert",
+     "pathLenConstraint6 subCA1 Cert",
+     "pathLenConstraint6 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.16" ->
+    ["pathLenConstraint0 subCA2 Cert",
+     "pathLenConstraint0 Self-Issued CA Cert",
+     "pathLenConstraint0 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.5.7";
+			    Chap == "4.5.8"
+			    ->
+    ["Basic Self-Issued CRL Signing Key CRL Cert", 
+     "Basic Self-Issued CRL Signing Key CA Cert"].
 
 error(Format, Args, File0, Line) ->
     File = filename:basename(File0),
@@ -1340,3 +1509,12 @@ inhibit_any_policy() ->
      {"4.12.8",  "Invalid Self-Issued inhibitAnyPolicy Test8",    43 },
      {"4.12.9",  "Valid Self-Issued inhibitAnyPolicy Test9",      ok},
      {"4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10",   43 }].
+
+crypto_support_check(Config) ->
+    try crypto:sha256(<<"Test">>) of
+     	_ ->
+	    Config
+    catch error:notsup ->
+	    crypto:stop(),
+     	    {skip, "To old version of openssl"}
+    end.
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesAnyPolicyTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesAnyPolicyTest11.pem
deleted file mode 100644
index 8f00499440..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesAnyPolicyTest11.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=anyPolicy CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfDCCAeWgAwIBAgIBJjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMYW55UG9saWN5
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGOGYJ7e91FozKo0McZ6T1
-zTYa4IXfHqChuqKgri79fgKVZZsKwOyoHWJfsLn6ClknlWE9NJATHZfQp8GfLy9k
-MbdXEKgZQoyWOV2Q0s37ez+I4yuR33JZpxtpKqYQW2fKdhhOdR+DcLwgWUJ4s1Gg
-KCXhxYnC4nfSho/lgR3h/QIDAQABo4GFMIGCMB8GA1UdIwQYMBaAFPts1C2Bnson
-ep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ+s56i5EOF+2dAMYYTm8Zh7YbV4jAOBgNV
-HQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAAMA8GA1UdEwEB/wQFMAMBAf8w
-DAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQA8JxYIM/manOaFxyoO3y+p
-th/jCQFiR6fDo5mhYEOjZuHDWdejSZvNtbpPfNnKmM6W/qI57hZBgVDil9P/CMSi
-wYPJvKl0ofonnhhPd+uMPhJENho/NhWyc1cgruABceTtBP966dRIhejL3K7SewrT
-aV+IWdHVMKREjOXtHakoKQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=All Certificates anyPolicy EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=anyPolicy CA
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBD
-QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMwQWxsIENlcnRp
-ZmljYXRlcyBhbnlQb2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVzdDExMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQDXI8MbFkMJTmeIdP1EpYg8qYdNkQRq1yNQYMHH
-9TxFgw3L7sCGGxJS6PN4SS67CdnNZKNseFT+qAIDIbBw+p6uuAB4PWZEireOFo+s
-PSdbG2Os76qFi12SpIniE64W5aSMzmccMf6RqzuqUROYH8wOzk8w6y+RI2qnkqDx
-0HxJrwIDAQABo2UwYzAfBgNVHSMEGDAWgBQ+s56i5EOF+2dAMYYTm8Zh7YbV4jAd
-BgNVHQ4EFgQUC8LFyye3gbbbFeNrasBg1Fq10JYwDgYDVR0PAQH/BAQDAgTwMBEG
-A1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQUFAAOBgQAmASNJNMm+5XfUYE/I
-IhtOmsbGvCrIWyMyhcv7gosAMSsXYU+8CzWpkjP0zS42rEphyqP8zUAWjR/BqUJV
-9uwenHlpNeVflKgq0UVqYeoqc+afpvgLe+2o2Fe81Uz2tQ+LjwRQCm0/dhEVeZ4B
-JutCF8LtmT3hv2RlWp5v1mmG4w==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=anyPolicy CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3E:B3:9E:A2:E4:43:85:FB:67:40:31:86:13:9B:C6:61:ED:86:D5:E2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2a:c3:2d:e7:f3:91:d6:67:7b:66:88:f9:22:e8:64:c9:80:a2:
-        88:bb:d7:a0:84:a3:75:ab:d5:af:72:d0:fa:1f:ed:4e:42:29:
-        62:23:32:25:59:4d:a3:45:c1:bc:ae:37:c8:b2:d0:79:00:96:
-        84:0d:7d:a2:f0:58:d7:c4:99:64:cc:4e:8b:5f:88:f6:6f:cf:
-        ee:39:54:34:8c:7b:0f:e7:43:0b:26:d8:6e:c4:f8:6a:ed:80:
-        9a:47:d3:38:bb:82:9b:fe:bf:6b:01:6e:c9:e7:8f:3e:cc:b1:
-        4a:a3:df:86:3a:2d:ca:62:6c:dd:27:a8:51:c2:b4:3f:c5:ba:
-        90:6c
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBDQRcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUPrOeouRD
-hftnQDGGE5vGYe2G1eIwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAKsMt
-5/OR1md7Zoj5IuhkyYCiiLvXoISjdavVr3LQ+h/tTkIpYiMyJVlNo0XBvK43yLLQ
-eQCWhA19ovBY18SZZMxOi1+I9m/P7jlUNIx7D+dDCybYbsT4au2AmkfTOLuCm/6/
-awFuyeePPsyxSqPfhjotymJs3SeoUcK0P8W6kGw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2.pem
deleted file mode 100644
index ea336fce35..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2.pem
+++ /dev/null
@@ -1,107 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=No Policies CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICWzCCAcSgAwIBAgIBIjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEXMBUGA1UEAxMOTm8gUG9saWNp
-ZXMgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWH/haSHmzYQAYFLKMA
-cbwROk7OaY3N6TMLQIz4yWrwGzpy+kiIDZ2xVPnyHRHp12VlAI5u78kQKAivhpNw
-ovjgrUmE86zb3/OOa341tubElI6Y9G1Y1tnzPCK+hi1vjrHAHr1Glf8VOgZ9ijpU
-SjXOsw5pFlz22uc7BRI7S/K1AgMBAAGjYzBhMB8GA1UdIwQYMBaAFPts1C2Bnson
-ep4NsDzqmryH/0nqMB0GA1UdDgQWBBRTwRQlfeVbPleR+JYOkJ5dxiWoujAOBgNV
-HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBr
-G1ayCZm1VdyAqi1JuxUTt6bQcd8iNR0vvnl49QzjKgCNRqNV69RCH0U4ZST8D57t
-TVN8DJITlnH+Kbid6OWcgkb+vi5C0SPLPNym18RVzKNQtR88lJCByvNbx/CprRYl
-EfsMrs6FA8loVY0rVrUpEsTjVxyDh+fb8GZ3CAJIng==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=All Certificates No Policies EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=No Policies CA
------BEGIN CERTIFICATE-----
-MIICbzCCAdigAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDk5vIFBvbGljaWVz
-IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQDEzFBbGwgQ2Vy
-dGlmaWNhdGVzIE5vIFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3QyMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbFHIGRAKQBl4eS/EWvFaVcb/7H30je7Yf
-LmXoIYQGeWJZQfXWSsJyXyoaMhf4uLonxy8mi1Ap8vy3Fqc9b55Cm48xatNCao6D
-W6YbSQu9hiSXCMxjXWnrYfi62KywO6I2y5JbT0CZ2PbQO0lFXYKPaTFDKzgf9l4x
-ppvlkUQdsQIDAQABo1IwUDAfBgNVHSMEGDAWgBRTwRQlfeVbPleR+JYOkJ5dxiWo
-ujAdBgNVHQ4EFgQUy5AB5Gdr2u2a+KXtJZFHFSHyopEwDgYDVR0PAQH/BAQDAgTw
-MA0GCSqGSIb3DQEBBQUAA4GBAGk2l02zPeeK5Xca7UysnHmcjV08jAnZw6WqKJlS
-ZK/upXnIu/i4JXjxhC/aBpFDs1foGPEPb7vPwJBq6psJ/qvrL3FxzWnmp08P4iUP
-c7e9vxXYaMIQC3duKeV6SOn5VrpSPYRfchw/i70FJ+QCw9xAvNZ2X45Pzi9k9xUg
-VfLw
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=No Policies CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:53:C1:14:25:7D:E5:5B:3E:57:91:F8:96:0E:90:9E:5D:C6:25:A8:BA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        32:a4:9a:ca:5f:51:9e:91:db:fb:8a:0a:85:9b:64:c7:08:ef:
-        d5:17:43:34:7b:ad:53:90:4d:d1:43:10:f9:47:88:de:f3:78:
-        67:2a:3a:4b:0e:5c:1a:a5:ee:19:b9:ef:f9:eb:3f:f1:39:2c:
-        31:ab:e5:14:a7:90:8a:87:71:c6:78:a1:75:df:84:aa:3a:68:
-        37:8a:ba:65:79:1f:31:93:8c:4e:6a:f1:1c:3b:fb:68:79:34:
-        55:5b:42:55:8d:f3:2d:9f:f6:47:8d:64:6a:02:84:0b:97:aa:
-        2c:c6:96:18:ed:b3:b1:a1:62:b4:73:40:83:00:1f:1e:96:ec:
-        d2:ff
------BEGIN X509 CRL-----
-MIIBOzCBpQIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDk5vIFBvbGljaWVzIENBFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBRTwRQl
-feVbPleR+JYOkJ5dxiWoujAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQAy
-pJrKX1Gekdv7igqFm2THCO/VF0M0e61TkE3RQxD5R4je83hnKjpLDlwape4Zue/5
-6z/xOSwxq+UUp5CKh3HGeKF134SqOmg3irpleR8xk4xOavEcO/toeTRVW0JVjfMt
-n/ZHjWRqAoQLl6osxpYY7bOxoWK0c0CDAB8eluzS/w==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2EE.pem
new file mode 100644
index 0000000000..0c32ce2edb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 2A D0 22 62 8A 0E 0C C6 9F EB 81 2D 56 D1 0F 7A 3D B2 F9 79 
+    friendlyName: All Certificates No Policies Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=All Certificates No Policies EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=No Policies CA
+-----BEGIN CERTIFICATE-----
+MIIDfjCCAmagAwIBAgIBATANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEXMBUGA1UEAxMOTm8gUG9s
+aWNpZXMgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBqMQswCQYD
+VQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE6MDgGA1UE
+AxMxQWxsIENlcnRpZmljYXRlcyBObyBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6WDyHxhLZpA4ge
+LxU8BbeIOR03CkUXr/Vvnl1X/ncT1gvBBBnQ7Po7o90+gGpGzBPMjif4gMSkUJ8q
+Q+R0STU5SIHBBPl3mxEKU6htvRX47h0hvUzRWKnN2lvQyzD4GkwQhJC7Tv2TDLCr
+tVm5E324xPUAmBYLnbILJ4yQjLXWIa+usF0r1rm0L77cjkVz7HQp9hT/VAOEof8u
+/TWuHTr6CoPEJQLsybS6/tP9WbyD3aPS0F/X//QGM2jwbVVcwlkuodxKrFz5DaMb
+D4EaG5cr5NdDyjbnd71OUXG6j/LuQYuRb2fmXo3YQE3KK6/iStbqEudSUqma7DdD
+7PhI3McCAwEAAaNSMFAwHwYDVR0jBBgwFoAUQiQD7aVLdpyXmFx06gU6G/w15Jww
+HQYDVR0OBBYEFNpNr/S+ZFlUsYAeWIckHljqxZp+MA4GA1UdDwEB/wQEAwIE8DAN
+BgkqhkiG9w0BAQsFAAOCAQEA0xqFOkeCtxlsvCwBTB4pfZNN6qpoRnJFjYD7vmaU
+6XJQAO2EUUCVefK8eYoxPYwgbg2uTYk4HtTTF4cbvsr04hNjh0rBm7F0X7BlyvcF
+TLBW7FEk5aAKjtNGca9kJw7aPo/5vaDkPjnrwTwkUBzEfRveXJE8JqS7KIL/0+SS
+QCNhqf/Fn9KOpcwhQRKZXLcLlvVGtAqkexNM8ZNWuSLidt1Aeihudf0h/dC7g/fx
+NTGfhBSvoKVyGS3AdadQvv9Ce3l2IY3P1NAczdaY/RY+gE2ccmEiRSc3IXETiUXj
+gyzsUXK129XEY9fOQ88ns7RLifh3JBp4NhIvCx0oDWcezQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2A D0 22 62 8A 0E 0C C6 9F EB 81 2D 56 D1 0F 7A 3D B2 F9 79 
+    friendlyName: All Certificates No Policies Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F93E81F0FC4D6CD1
+
+8/7NnGtFRy+0fJgWW6hMw8LZ4Hm65YTBb/+ft8ET419gDdlc4exP6dWbvUNTx+3n
+xM59XpMjLFRFKhM72sBWc5ORymftUErbvWz6Mk2Uij6V2kVGUZ9GyCwQIkcixem6
+BH9vjXvu/v8R78fYfXbwhRFLmDxVs7d+J08a4vRR5bZkNkVHycGPBPojQYQ2AUrt
+IBgn5l/HY6tMMNDOBe3VGXCHesGcnsxnjmTcYhG4VTAFchZj6NqSwCmEuV8RDwCd
+odkN9BqFvbYp8uuBT87THx8+QYYySFmMfSlpJcTibQVkvCEyBSF0lccAeqW5WPCW
+6l4ACED5lBBoVzxYERtfiEE1i1C/c0tMYahGDyRtjX5khh3IT2WDLbt0ktaBBViB
+3BbBv7pkJEyMp1SjjFXwXiBwOqEWqEjGgnQB9LYafpjxSn7ZwGZ8/ihnqBUUr27Z
+o3TmQV4JV+Ar4/sSz3vjg3/vKgjCymjLKw0hAB4fodJN0CAdTeK6gPhFp4gjcu5B
+a4sc4loF6xKf5YCOIGb9xWZLi+w4M5Yp6wWHI6KvNTC8Pp9/dt+7F/hiZ7q1YeG5
+YN2LDHmHgCjMAGMlScJ0+D/fgCFrCA30BkOmzXPRaudCSg75zSuBh/oYPkLBDOof
+ko4zs4TFplXqL1Omi25H2h6eF/0PBo8DQL6KYzBrCvzw5hLcrAY3cHRCLMfBUY7y
+bE56+LTb53z/dGK/2KfjgdTGcimGe5AQ6DQTFnelqDNzODXjnc7x+Bt5ngK16N/H
+cEWE5IUvmYf66aUGiImP4cyvDq4gChNj8AUxh2HpXYN9kYGz0qjPJyS8jsvN0cMe
+SWN38A8jXCc63Di6Bqj8JLTJ0kSFnTyiu1tFm2EDCgLT5JLMe8dkfKCX1eN9vvZQ
+JG9iMt0SMm/kNnxKWP/aV79W112FYZKjkceus6MUDkxqGXbcmF6TRSEFl7E2Nh9t
+ebEHGznMVUef0v2o/ksggndfQZGYrvPJZ6/rBiWA85FHCerbtATm2JuIP0uuGpLw
+Hp9xZJTo7Q8sMvP7KCKAq+3c/c1gRgggWsmGvLhTNg1Y2InGGVGcF4TA5PfNxHrM
+XRFwqMwt7hEZpzJFzuc+Q2QwbUcjIgTmzYgPc0u22L7cgB7zykihmuqHNtA8jZFn
+dEVffyO6kPM579Ebrb75d3QUtY8mJXzc4ZFczV9sXlzxC0MctvB2INUfgYwTBHqh
+kNv1vh0HvXEkKUCMmmvEMY+dmscDZN4HzLfqRsOBTbNQPIwOxj4RnSco1tiz/JxM
+EmIrjUvX6/5FrHdr3IeRdECO2+/oGO9MYj+siqKwnPsqbIcX1Agz2h6KGJYxXPPz
+IoTM8g7AKjL3z2zkuckW47EvH2tJgBi3GXxVMUzOxhZKrvTVyA4UgNq5B5dZqnJL
+JOK7xlbGCf1D4hXNG8Hzv7Gf/uesog2pUt8wEApRAUDxXTWrhUQyXfRkkc9FDWBy
+36QCTtRt4EE2kn+TLSbtAoVzHXb5lxBdHEoQ+57yXA9tLxDUgNE79c1LSi1AqRdD
+27CN5LFKEEPf1RzHhrlc6u9KVYke1Z+PhXHE4x2/RlLLmzTLmDNcdg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10.pem
deleted file mode 100644
index 62412e9602..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBJTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPUG9saWNpZXMg
-UDEyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5unCMuN8PuVFWbqxO
-/wnIQsciPiEo1GoKWjM6+kb9l3h6wWyWYwmst2c158qcJLY9PxaUMhqQd/SY0Tt9
-WlHXVcE8rMoWSGmFxfK33UpeCtqwz9ugPSWwZkqx2lI/0ozQXgjYb0J9/EoKw1O0
-CxxrdQdPQkyLD4Uxe87/MlpzsQIDAQABo4GZMIGWMB8GA1UdIwQYMBaAFPts1C2B
-nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQA42XpgdSGuccd5/MzOQZeTBGl+TAO
-BgNVHQ8BAf8EBAMCAQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFl
-AwIBMAIwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEB
-BQUAA4GBABX9GMyAC90FH8BvpnNh6SDn2MIT7iINc4/9u64d1dxEhqogqcR58khK
-btHyx8YrgbCcqUNS4Xs7ckW5k2VNAd9dG0Chc0uk6rwkv+sD1/zJi8LIGd/3cFjk
-biIVYqPxb7WpKqo97V+43tMFsTqJNBSh+6W14vlP55+Ep5IlxcOm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=All Certificates Same Policies EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=Policies P12 CA
------BEGIN CERTIFICATE-----
-MIICmjCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAx
-MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGgxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE9MDsGA1UEAxM0QWxsIENl
-cnRpZmljYXRlcyBTYW1lIFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3QxMDCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmrdM0DTddXChaxuvVK1/9AmbK3pj
-B7nrBT7FrZ4f+6sp0e/vN7kCNEiAaRq1BDUFjyiesHIoL7gVKw96xoYTQ1qdCGZO
-04GFQtVjtBx8SZCDsvjWgaXxs2BPj3ooNV199aMCiKTeNPm1TwL2zpmGRBaV5As8
-X8eCNYjiya9c6jMCAwEAAaN5MHcwHwYDVR0jBBgwFoAUAONl6YHUhrnHHefzMzkG
-XkwRpfkwHQYDVR0OBBYEFMb2N25TEoHRRp8AmP8/XLXv9HDaMA4GA1UdDwEB/wQE
-AwIE8DAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjANBgkq
-hkiG9w0BAQUFAAOBgQBM+wZzcjByDVKWb9MADcwg0VTmgmhOhSmt3fqhHagC9q3G
-ZY6+OWkM6gCdmw1JBr9JRTHPl1uo/W5dI4OVIupjsct4ObPWx1yn29VM30lyaYDR
-iBhgjOp5tonCixdFbt7pMnviPwsIDKdQLQz0k8m7d/au9BVHVSlyDoqm0I0uSg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:00:E3:65:E9:81:D4:86:B9:C7:1D:E7:F3:33:39:06:5E:4C:11:A5:F9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a2:21:e6:6b:0b:99:66:79:2d:86:a7:9b:cd:37:9b:4d:73:1f:
-        df:91:63:c4:de:55:15:53:b0:32:ac:c8:3c:bd:96:aa:ae:c9:
-        4f:b2:7c:9d:40:d7:f4:5d:99:8e:fa:2b:44:2d:75:ef:01:38:
-        86:c8:59:ae:e4:62:e4:83:b4:73:03:34:d1:7f:52:bc:3d:bb:
-        77:7e:7c:c9:41:09:4c:08:4f:a9:7f:d9:d9:0f:bc:46:9d:05:
-        70:2f:66:0b:d4:0d:80:ec:11:83:4e:1b:90:95:ad:86:02:77:
-        e8:19:aa:a6:48:29:a3:9f:36:c3:ec:9a:f5:a4:9a:0b:f5:11:
-        1d:72
------BEGIN X509 CRL-----
-MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAxMiBDQRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUAONl
-6YHUhrnHHefzMzkGXkwRpfkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-oiHmawuZZnkthqebzTebTXMf35FjxN5VFVOwMqzIPL2Wqq7JT7J8nUDX9F2Zjvor
-RC117wE4hshZruRi5IO0cwM00X9SvD27d358yUEJTAhPqX/Z2Q+8Rp0FcC9mC9QN
-gOwRg04bkJWthgJ36Bmqpkgpo582w+ya9aSaC/URHXI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10EE.pem
new file mode 100644
index 0000000000..3db8e63cbc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: ED 37 7A 96 E4 F4 B9 50 1C 32 6F C3 52 F4 15 29 25 8A CA 1D 
+    friendlyName: All Certificates Same Policies Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=All Certificates Same Policies EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P12 CA
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPUG9saWNp
+ZXMgUDEyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowbTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExPTA7BgNV
+BAMTNEFsbCBDZXJ0aWZpY2F0ZXMgU2FtZSBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0MTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQIvsOjHjY
+csCDpWm9SJNK2Lwz8/4bpvlcdaG59lROqyk6OL+0/Rd214G74S26m6BrgZuzoLbH
+MlAaCjdFDbUSjh086jFDMgXHwdud78f442+V3ms02gqmijFPvSsOWWyRu0BzTz0P
+bW9IWYtIAG8DDqGflBISatXkxS8wQHCuZdY/x+XjjISn7oSOjPamfdoqT5jEThof
+50jzBxDEdW1vbjU4afAwQBD28t6fZCdCG5kUO1uZ3CED0R44ZV0gajS1Oah9qvrH
+jeCFGGRmoi1biVzNqe9N9tyqw4PWZ+TnzANsaf+InI09mZGyPoiQXB6mbfJFnuCD
+ZQ7AcQiP1VPbAgMBAAGjeTB3MB8GA1UdIwQYMBaAFNhfNeKawTcqJs6DzHMOcBUq
+OuIxMB0GA1UdDgQWBBQKlt4EYF5FmsVHFjO1gRk49P4KtzAOBgNVHQ8BAf8EBAMC
+BPAwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwDQYJKoZI
+hvcNAQELBQADggEBACu8kiAp80ujcBGHavjXgp+HpVSQTqRzTLKbf0EFFib6KedE
+sT67cvLjuTZMcPmwYHnUjBk/KGdyn9IwetblMTj3hueKNx1yKXfYYNVmE13KPPpN
+NcPe4Eal9g4I2noPVt8Eg3SgNIghPFz3XJQNGjN5hMdhmcQfeaEJe1Mlwv2cdgs3
+D02kpjI/KGca9whyDpE0jpu77gkO4ZmRXZxaGe8i35xaRrrs124Zhz0qtJn7iIaV
+s7ouezKkvE1UinCY2pdTZHMTs8LSklBE/IL0Ojwqpt81FptUFMihOaMtMrg01E/D
+rahtaL5Nbj8nVUGlVwiEkUy1CII3ALs50xqw8gM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: ED 37 7A 96 E4 F4 B9 50 1C 32 6F C3 52 F4 15 29 25 8A CA 1D 
+    friendlyName: All Certificates Same Policies Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0EB98A807DC3D399
+
+fhnzBwxtkklORe+Yh4iudRuENOFlYa9T0GStebQUNLB4fpdxlVUWKCd6hGDhVdAh
+xrTDyXWAE/CUquhCUphGt3vhZgThk03pYX4MiAGyC/Dyw4VGSkqujc+P/3oMpWyI
+Z7Q5yKYxmXIPo0ueQMXL9gMJjOJfmHweVMEaGZGozIh0fNO3QLC8X65yttS9xxT+
+dMG+3o5B+wRcwFMxe5i44FbGiDHdarsaHTYrmxiuWgsQaxD5iSM4TSXfFReAerkG
+3/M6GdeHGbyd/ePTzbLY6APLoj3zREmrRlxPdV+pqMXp1TJORyoea3Dwwn8tzlEC
+juh/7dvzeUCX3yFZmO70nyC3YY3pVHE44yj8tx5JswNvQUWnXPK/imvJbRgs7RfH
+syU6uFD2nOrHa9DoKNDUENZuSt8Ck+6xpLwUfgrzE0IcP0S+o7xC7lfs8KfjbkgO
+CtMxS8AacRkfv5GQCDcS7aT37aQz1Z3chZkjbacW/FljDupK6FZBmQo/KIvrRZWQ
+KhaTG7EfLEwDGzHQB85dAyTcacNRzpZg0tccdfBFNzj/52vLVWm+ng2pvR/TudaL
+M5xA9I6Ykp5VNFR5jwNwNvOhxQ7T2I4dfTXbhFW9VgMJYTqoTxtdt5skL8mSiRHd
+24pnV+B3Io17jPhuNXPpJgtbCFd+H8Nx24yo9Lo3L/lAQvgvwuAD8rrAnSBVY7mG
+vXuabzh93vgEt6tL4UJEVBMTIEuclcDTsSPPWVAcdcHqFFbXseQwJDGRSHRRMIP7
+UAb71S6jx0CBeO5igiIwpPBpfmDujskCo6CihN9fxH2TqaCvR2dYaE/V9qj0tBWb
+nze8mdsTfo0l2zKp5F2EWfnE047vDRS2M6fCS1hCIkvN1DLsDcSd19dafG4SKEgM
+lHeY6wf0cnus/fhK6Z7yaG6mffHALPHhZBk4yGV8pwB3413DCG/0cEHNO4DSSQBB
+113ZUUcnzeSvjYYeUV2LHRPi1+bc+Go35j12PZ1xk3wQq23yPfcJdGdNzpNvMM5g
+F2KMJhdJXfZoDgqDpiS0F/UNnivYl0/IDmcdalMhc9NATBtDSQvSVvCcDlKeo7QK
+cc08JwoBN1aF7XDCqb1fxr4GZDk6V5qgRFOAEXm83QjE9ADNJ3tS/1u6PwEAebWs
+KJjE4EvYG3bcADvoyoU6I1BbewUtHCxEvorYuj0t0wZxodnOew9Lx7JeDNFQTmxW
+PB10T16LEu4Myw+/W3zZ/oGOJsGfVZ/f0eSnkrfHMMGiBg+BYpliyZvBtrXTkGLA
+7yAFUwu0yiIfpt3y7aJjjYyujyKDqKuMz3nSIoAANEVHyGdlMIknlxqsf1FVpM7L
+muN46G5nn5howKX52NPe7zyEb61NwkalDHriVl6a8pImGv991ZMfVjavc5ODubXf
+sJl+hTCejauRGf878kyomrb/ullIz8t2WgaAePfKvw4cGsmZ2N3kqfjKYWg7K/gJ
+jC4HrmnRc/Wak01ZVgRL4hk3R2AQu1lklzdSBSZKO3rbzIOe65qsSK/Bh2ViA7y2
+hUlzqaotDhjZ21oOa6+wfzYx0oe/I+jzmOvV7Qb8XyVJWS4BDFTC1ZLLS/SyIYoM
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13.pem
deleted file mode 100644
index 888f8c117a..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P123 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICojCCAgugAwIBAgIBJDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEQxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UEAxMQUG9saWNpZXMg
-UDEyMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuGtVArq1otVEuN/s
-xR5XSOEfVzIms1FiprO4UReYXUDbKzmCYC6YypbEnOP2JpLQOPwAfVqLL8FV7xiS
-o+HmK25R0aK9nQGFUPX0U9o4b5NRcWFAoYBAF2GOFBNqGF6d9wBFPlijGMT8nWr5
-ahnujYSC1Emy88N4hkp1fj4o7yMCAwEAAaOBpzCBpDAfBgNVHSMEGDAWgBT7bNQt
-gZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcww
-DgYDVR0PAQH/BAQDAgEGMDMGA1UdIAQsMCowDAYKYIZIAWUDAgEwATAMBgpghkgB
-ZQMCATACMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTAD
-gAEAMA0GCSqGSIb3DQEBBQUAA4GBAHcVVBwhebD5vRKleXMh71kleQIL8QOQFpHM
-jVYS/KJiBsVUTebOeONSU0cuPmzomEkpLyYPz8cDroidExtxGEpkKgYBGi1c5ext
-cDUGFsTWENTFFWjZ7xA56XUtGd8alXJfY0v6QSHqoYFosJvoqU2bjX6jqQVK5HbY
-kko1SxlW
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=All Certificates Same Policies EE Certificate Test13
-issuer=/C=US/O=Test Certificates/CN=Policies P123 CA
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAx
-MjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBoMQswCQYDVQQG
-EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPTA7BgNVBAMTNEFsbCBD
-ZXJ0aWZpY2F0ZXMgU2FtZSBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTMw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ6RCve4HAIbl7RQiw7tPY3IJ0oT
-KvS2jsUu4eNuzThRoKW0cWW3N+Jk1rkqgaaebVodXrb9cuDFONWRL0X2DZazb5h/
-4FX3obShqywkydsz7vBoixmRXa/oKtIa78h5zQTSDPR0sJeWIikOUJZMIJv4CNw1
-Pwvu3Y3i9CwT6m2fAgMBAAGjgYgwgYUwHwYDVR0jBBgwFoAU0L/Nm9/xkf2Ch1oQ
-z5Cvi7zyxcwwHQYDVR0OBBYEFGqUba1DKQxc60sgeqLAqyOR/22bMA4GA1UdDwEB
-/wQEAwIE8DAzBgNVHSAELDAqMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjAM
-BgpghkgBZQMCATADMA0GCSqGSIb3DQEBBQUAA4GBAAd1diIEB4YaH7gH6DO1vptE
-G2YpbuvISfPDhWjrLI/sLSJTH3l+kC/GE4FDEHJ0Rc76la5gyUbRwX1zTZKHGyxx
-NhuE3i0XkrAlR6xRUJRcb1SgD7JqMzup7ZuFP9h3+txi71G33fMStCxKGa6ijUKd
-LTzImFXGxbWm6SZujuyJ
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D0:BF:CD:9B:DF:F1:91:FD:82:87:5A:10:CF:90:AF:8B:BC:F2:C5:CC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        81:c2:63:b3:65:bd:c4:2d:98:7c:e0:85:dd:5f:07:d7:b4:1b:
-        7a:64:a7:7f:60:3d:62:3a:70:af:d5:97:23:23:9a:48:e3:b7:
-        8b:c0:3d:43:c1:66:e8:24:db:ed:a9:ab:0a:70:51:d8:7d:65:
-        92:ea:e9:6f:cb:96:8e:3b:cf:94:e9:9c:d2:27:54:29:8c:81:
-        84:1d:a6:22:65:85:46:70:07:da:1d:e9:79:9f:e7:3c:4e:96:
-        1b:11:d9:08:ec:f7:95:15:c9:db:8d:a7:17:16:3e:76:bb:41:
-        98:15:94:b3:1a:19:6f:1e:dc:10:24:c8:ae:bc:38:93:c5:04:
-        ef:9d
------BEGIN X509 CRL-----
-MIIBPTCBpwIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAxMjMgQ0EX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNC/
-zZvf8ZH9godaEM+Qr4u88sXMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AIHCY7NlvcQtmHzghd1fB9e0G3pkp39gPWI6cK/VlyMjmkjjt4vAPUPBZugk2+2p
-qwpwUdh9ZZLq6W/Llo47z5TpnNInVCmMgYQdpiJlhUZwB9od6Xmf5zxOlhsR2Qjs
-95UVyduNpxcWPna7QZgVlLMaGW8e3BAkyK68OJPFBO+d
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13EE.pem
new file mode 100644
index 0000000000..286627830f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 98 55 92 32 22 6E A5 AD A2 4F EE 02 A2 E5 67 24 74 DF 79 20 
+    friendlyName: All Certificates Same Policies Test13 EE
+subject=/C=US/O=Test Certificates 2011/CN=All Certificates Same Policies EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 CA
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEZMBcGA1UEAxMQUG9saWNp
+ZXMgUDEyMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMG0xCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMT0wOwYD
+VQQDEzRBbGwgQ2VydGlmaWNhdGVzIFNhbWUgUG9saWNpZXMgRUUgQ2VydGlmaWNh
+dGUgVGVzdDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuonnfN9t
+4ddPZ+ia26RVmETsLKghhyuChxjPOzey0QTTUvM7qpHFYdIxV33GrQo6A7gFqhHd
+fWyAk0/BneTtf7NMzEVpBhgN/ALibFRF+gtg+9+PRECBOBTE4/Fn3NTVei0br+vY
+IHq3/S1YmJfbaT75IMLxJLevjBaIEg1ZAC8e42BydhD6yOvclRCtQaTmlVMPAF2w
+16xXisHhOlIdkmoTvVUNsggM7sfp3Mh7rdUsUgZTdx7lN7COEYIo+i3IU8YqOfeo
+nonwyxPR9p+vHCCau0445QquJxq6BBiIIFBqyEKPbw2y0a5tXWu9HAqkWSZD+1oJ
+y15//w8dWuiHwwIDAQABo4GIMIGFMB8GA1UdIwQYMBaAFIwoCtoNCRRi7j09lrhx
+kxKJ6uhjMB0GA1UdDgQWBBQV5I2I9FFatmEJLjYrRhl3ENmoajAOBgNVHQ8BAf8E
+BAMCBPAwMwYDVR0gBCwwKjAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwDAYK
+YIZIAWUDAgEwAzANBgkqhkiG9w0BAQsFAAOCAQEAebUg/2b+Scy+m8LoFzpVGpLL
+81MsDH+Ft+90ub0m3BPmLhy6M+pL6I3w4roiOqdnbokcNWiUKLV+0aGR0T+fLw7H
+mhltaORuZHTZAPZq3X1GwRS80r7kPBJDCmT5sf0DrxMg9e0tpJSKu3UQrONk8DyH
+z64u6w4tlg702fdr2VZv4VLlUtLkx2cMPwMK+ZKJ+FBK07z/69EroGdakfaJqMA8
+SW+VOyqg+koUo35DUv1n/t8/DaE7rNux298Ii1JZj8umtVmIet4sHBuIf5Y4nmYD
+KJxml+xOmIJ2jXfAb0A0VmpGg4SYCcUTH4gWKA7oPAYnic4llcUeM71RGKzuoA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 98 55 92 32 22 6E A5 AD A2 4F EE 02 A2 E5 67 24 74 DF 79 20 
+    friendlyName: All Certificates Same Policies Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6598F90C651D7B14
+
+gLVeHzEcRzOUseMCKz1TMOnYdSgh9Vc/Miav9QDr3v24THseAgHafvP/HSB4YUSL
+O83vdnoePDKsNavnbhgKIeW+c6N+ByqWGbuerECn6m41aJJ5VSoch6RwMva8W1T1
+DiW1WR1mqU0heCgd6iMP3ja+oL49GQdBcT3RHBT5Vj+eHJaruOTCGMlG1q2Z5vVy
+Ofj7ZXIx42RP5AkLRTXXTORpLqnG8E0wA5u+S3EYDpEecrjNlq/lejCgwEWh2++U
+ODFw4FqZ24v03RLqpzeWQvT8oCrLv/HuZUqeGHK/PBCMNzRkNHsF7E78m2SdhbCo
+ysIGCwfZzHk+yKf6+xktAfDFf1XpFZ4gEfjddfH/IsKLMcrAwLQnqKUpN1eUvG6l
+JUteVwwpxHIP46ZdOvMHExYp82uGFE92yyGrJS/3z5JGISpLqh1PqA5lhqd5a5eW
+7p6qdcvwzSuBPLVKbwgKE3QROHNjvmCmVDeY/U+U7bYhZ535Zq5vdm1ZLpclhcP9
+qE1XOGl+Nf1nnyGEk2ITECnZFSdsUo+HdSA27qCqQ6IHgI1P6I5vGCLWuuE2OQ6N
+EckKeOw+NXKUxqDJDCXhOLa2UMDYHopOO3hx4MjMg5d0CZHv9Dbc11sPnpENx+dX
+XO2qJGuhQV2a1O0B2hFMGkDAUkcSoFXyWf8kJVh5s9Og8GDP3IeskUzbEKmhBsb6
+5nKBq/OX0dZFuObEBiDuG069yGlxSut8L5d3agB8F965efezS/tJmAjfK+JVXxGw
+Kq4rE30aOhxVybbUrJYCLsq6g4GmRtPGxWyCGrteJHSr6iMJwU8IqpKShM3XV+KD
+I/8V5H+3/QoF2BLiz6HaP+uwQZmoXX1/5QCvzqArLYeBGx8ucoPDuAnw6acS9khi
+pKuZwBsVX2UfuqPdWNNR/DC5kf95/ldg31cfgiU/5YyjtvuK82PU06nJ7SYchlZW
+QZ+4b6LY4X+rhxIzDJ6CeTDnYq5RuqaUA5Kteu9Tg+4xmijS1paatZghRJjnYrgc
+Gy96sn6LwmHWcIvlEXPEZJ0YKkF189FpJNWRpnpjz3+bvLDi/MeBx4c6zWOlDmtU
+OZyU4k4C9sphpmX3QslS6pVNV0wkkGJNScgGePjkviAC3RIwf8fHozAub4tLKG9Q
+onhrdCV+ivoHO193GZq2FbKn9XkeGKfJLrA3mQaebjiYln0O79+B9vdzF5ceDDLS
+eLvK2sFmyxt9EWtCRy847uW08xUU3Get2g50v8o4blbRh0G0I0JcMjFGaoFPaMP7
+kWC4DaBEHHSP131NV0rq6boQx4kWTaEZnXBf+F/A838+7jSTXfsWbvwhkLmi7XtI
+trFU11oYTHx1KHhhyA68GdDH+kCbg7NrPdF+ur06kpG4N87iSBeCpiodYmlDv0wA
+7MUYlH3cZ3OYG6MJdWwA2hjSNeqeNvqLJE4+wfFUxkSs8JZEMQLCqaS8+4rvXAgb
+/rzzTnI+MVFQWNen6bvobvMFHpEhn77FMmE6WPdhvp/bR2nFoEH4QAXUbgpIw9K5
+wwhVODTI4Ux0eIpKFKeC+7OXUmFQdESB2qdSHEhyVwuFrJL2YPMOKA9yyNT0LxyG
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePolicyTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePolicyTest1.pem
deleted file mode 100644
index de409f5895..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePolicyTest1.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICajCCAdOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlZhbGlkIEVFIENlcnRp
-ZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtpKu/a6Co
-7KcKOymboEA+MmgoryXHT1dxExmQ1lO7yah2L8j8RG6ox5Tr37TV8Y21ti3MopcF
-H+iXDSX31fixsYCZkcpjMI4kbjXmjGOeFKu1vnbBmcb5JBISiUeg22tIRFoJ4zTh
-i3GLVecGijyOVReA5LiPymEKG7fAB3241wIDAQABo2swaTAfBgNVHSMEGDAWgBS3
-LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUOsyUZQyFqTzB4K9RMyoUSI+e
-kVswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
-hkiG9w0BAQUFAAOBgQCkaGfCqYi0681n9Dit36lg3U/9gTZoNqPMaAaLUQV3Crzx
-x2MGInhTyKchYydbV8HD89N2jzzYq7J2KM/ZEAfjskCdsj1SiMNkbYZe3rZZOldr
-PCGFgzUGTNakQxkpxU5j7plivQic/OZ7+mMTi0fnjGRi9M+aa744VmH6FgCt1w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesanyPolicyTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesanyPolicyTest11EE.pem
new file mode 100644
index 0000000000..4cc6cfff41
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesanyPolicyTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 59 4F 91 03 49 2A 65 52 E3 14 F7 53 14 56 CF 19 A0 86 25 43 
+    friendlyName: All Certificates anyPolicy Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=All Certificates anyPolicy EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=anyPolicy CA
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMYW55UG9s
+aWN5IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowaTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOTA3BgNVBAMT
+MEFsbCBDZXJ0aWZpY2F0ZXMgYW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRlc3Qx
+MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKLRwAzuUEtOy/V47M/
+rUpbPiMDRXuhXbrcDN+erHgrUrGHJA5FpjmB6PRYL7fR1mJl+yGRCDrquNaHkEoi
+iUVGpuC59jBUIguJr46ZPrAg4XYzWe/Wh8JTCDubDKEVlbN5F3c+ih8N8aKxQpGW
+ZPm/CWaMljKSBgZeyFzDN4lrAvQYfFeR5yvRQ1rZbQPi3mLjUHG0JwsaCbPYSv3y
+v8XSye1NENSaPaDQ9H/CzLfUKldvkNCnZmeFaI6UKkaqr7RMvqymdIpSjz/Ic7fR
+96ZZgQzCX3EPZ5k4qyaTDgvuLCvlMrYVmHRy3oj8XHkb0VP1zEFmVYyx8gM1UBk0
+HKkCAwEAAaNlMGMwHwYDVR0jBBgwFoAUu8neyByV50LikKKOrgNcqyRgfoUwHQYD
+VR0OBBYEFP0x7qhv8jhIP4wDRMsNB2Ztq9jpMA4GA1UdDwEB/wQEAwIE8DARBgNV
+HSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAGpQqQ5cWZS64sgYSqdC
+NW7g6xU43pbHIqs0NxBefMaYoHRcnBZKZZ51mesxhLHBqOQmJZfEGmUVDJvdOfDD
+N2ShmiO9sZhVqkPZ+PMu3M1hNcnuhyNO7XnlmKKzWXApasvMivL9qM6ZNa0yHELY
+2sgKEo3y/pL4Pxld5usNH+dBib7FrhEvCZzgOKZcfC6ZQskkVDiduhtPlRM8FRtl
+wlrWwLPEPMrYe9rtqGozEOKS7HP8SWI2zzkhIZK5dVXYUpJ+oRAYtLmKuiIAJ+PY
+hWFAwNYtyafe1P164tjeT/JtHAGPQ5ogzcelmzRk8UDG+G/V/MW9wqQTCDzkCR1c
+Fmo=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 59 4F 91 03 49 2A 65 52 E3 14 F7 53 14 56 CF 19 A0 86 25 43 
+    friendlyName: All Certificates anyPolicy Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F7043571D5460386
+
+EEhobVClGaXIyJ/GA9o6jtbCSsogPBfCwuUDW0AsT/M5xV1I8L0q5D/IhNM3QJj+
+acq0D04zTNEJQC+06OdxYA4XiLXLJrepc8+e6crkS25+YkCPaWhxVElquJIrORca
+nl7fH8CbF/sTzNVs3dO8pA+WmIqaYdkZCMOT4U3P7chwyqszBQn8PHvS14Il1YCX
+MINX3YiYr9YCsA2yMy5QwBnQx2G74O/+gdyfpJzbP5Rs8L2x4aYHm+w+MlQTF0Hl
+wo+LMbGC2Eu0AWTOSH88d41nDzZPBnCY8CKUWu00JP7OAWEODTe/MAlqn5AZ5Edx
+M9c1PknSgHFB3atXTgc7oEMaX14xDmCxET26mWOfmixDvBVIGh613Eh9FUba0rlV
+BsUhD49w4E2phyz4vy12BPihlthYGHtg9osWOSPFtAWGk0JjcbwgvwT2SlBUs5/E
+zl5lfB2YIA+OkdyTKIG0sdAZqyXdZX0cuwV7sir8WtfJQusXRqEtFIqbNaTFpoB3
+r32YavVyG7Vjlz12BuznCmlGazQeLlHw1LZISVFBzPaIwzDwJPRXjVyB19sxOLCv
+LdrTQHSRLJosfFoMxbKOqm1Lzhh/ExOQ2ZLBCul4PH3e9Txy+h/eQbuS/P5ee2G1
+6zFXhMQT+M8oyDfJJ+QsfOoevk4bG98uQr+6IRx+1IifUpx63DYHTpnQUVzdnhCg
+qHTgxbyJRRkxNWgXb3feSw0T0ZUkyG4XMOF+iqCuaADwtk1DlAG7Dxq0D8YnbUAF
+JNRRxTFgrIW5Rea9zqAyg2dPLqJ6vAl7QezVRIc8QG1QQr0z24neQ6hKLOhhHzdD
+X7NNfAQHEFmMncJBd4EsY0HdBYK3ZkXIYgJtzVopBEW6XTlmRe0mj+LQ//Vz2nzj
+SP63MY6zmNlCklF30O2raSKjBew2EM602jNHu/S5RYDPzFASWDvzWboY2gDYGDzF
+zhhucl1Ij/kyejH6EF8uSOdAJvxfolXlVn73+zAHt3lk1TaHDygtBdD3lRWVYa7Z
+GUg08X2GBrEGo9v0CkdD6/YiFU2M0/oFhNdm6Wej2MJ9+a3LDuXAi8/HsU7QtxA6
+xg2wCB58x4Lk+dR/sUWQxjVeQfkiZkjJfGYtOMp1b07AjCWI5w+EQmc0THwrteE9
+WAq2RKmqexXkTmCEMzgzeJnk5YxuwgzNqwxzl9O5ja95H8iXQgy94RDIIqIsX4oZ
+nRVlr15PpH3oAHlkX7+uCBYuZb84I5pz+lqiXEOkEDIXRc2oSExxW5tEhkmTmSB8
+KLlCtzxg3ALXulXc4VbqJUrRkJGRFx8GJlhuNE9bnc1stcpg5fpbEqTMD+NQuiDz
+0m5NZSS83hHClPyFebiOlXYrZQR9FThWezPmDOzCuVVFO3szL/IZ7YOG3Lt0NJaM
+Kz4HmJsF8h9SENI6+nWbYAow7F/gwgADx5AsqLBdmmq0pouawsZYPNZSqz+++p+u
+/ZYzPflLW8HOwqbH0H/gq89H3675/YbwHSPNpfTLkUOBSkwpwerkF40/U1w5a3e3
+fMs8UNwxyv2h1hhEO7CCVE2hmODBsyM5tOAAF7abgVXqNL90ztjoOg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14.pem
deleted file mode 100644
index 82576fb4a3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=anyPolicy EE Certificate Test14
-issuer=/C=US/O=Test Certificates/CN=anyPolicy CA
------BEGIN CERTIFICATE-----
-MIICdDCCAd2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBD
-QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEoMCYGA1UEAxMfYW55UG9saWN5
-IEVFIENlcnRpZmljYXRlIFRlc3QxNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAosJmcfDGby4vpcrZs7/LeCfqnvDfXgZakoRonLHgudPwLK839x7AtBqsAAsx
-wYNmtj+gGNu9x2hjBOrEFHjxVhCZbr+V2b3NuZ0C2p+OcSZ6nKYxxmgtP9NrTYZs
-MVo8uJ/d9zDXB7/Hflbl2iOtwHe4CpWlWkAcb55leIZdFx0CAwEAAaNrMGkwHwYD
-VR0jBBgwFoAUPrOeouRDhftnQDGGE5vGYe2G1eIwHQYDVR0OBBYEFEAG933vDjVc
-5TJ4xVFIKNj24AmHMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFl
-AwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAHS2x3KJlEZ/YeT5mje964ccV/zmiYkiy
-SP02lLjIQuB7b4R8xS4TYb6lXC18dc0776mMu6BQVqECrBq71A77N5cd5Xuc/+5U
-5ZMyLiowPxjhgjqMOZV6Vno6zYQh+4bdFIqNZ4Wv1l0KyhvD5KU5gBQ6uK/Gbmgx
-gC2356iQiJE=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=anyPolicy CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfDCCAeWgAwIBAgIBJjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMYW55UG9saWN5
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGOGYJ7e91FozKo0McZ6T1
-zTYa4IXfHqChuqKgri79fgKVZZsKwOyoHWJfsLn6ClknlWE9NJATHZfQp8GfLy9k
-MbdXEKgZQoyWOV2Q0s37ez+I4yuR33JZpxtpKqYQW2fKdhhOdR+DcLwgWUJ4s1Gg
-KCXhxYnC4nfSho/lgR3h/QIDAQABo4GFMIGCMB8GA1UdIwQYMBaAFPts1C2Bnson
-ep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ+s56i5EOF+2dAMYYTm8Zh7YbV4jAOBgNV
-HQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAAMA8GA1UdEwEB/wQFMAMBAf8w
-DAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQA8JxYIM/manOaFxyoO3y+p
-th/jCQFiR6fDo5mhYEOjZuHDWdejSZvNtbpPfNnKmM6W/qI57hZBgVDil9P/CMSi
-wYPJvKl0ofonnhhPd+uMPhJENho/NhWyc1cgruABceTtBP966dRIhejL3K7SewrT
-aV+IWdHVMKREjOXtHakoKQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=anyPolicy CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3E:B3:9E:A2:E4:43:85:FB:67:40:31:86:13:9B:C6:61:ED:86:D5:E2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2a:c3:2d:e7:f3:91:d6:67:7b:66:88:f9:22:e8:64:c9:80:a2:
-        88:bb:d7:a0:84:a3:75:ab:d5:af:72:d0:fa:1f:ed:4e:42:29:
-        62:23:32:25:59:4d:a3:45:c1:bc:ae:37:c8:b2:d0:79:00:96:
-        84:0d:7d:a2:f0:58:d7:c4:99:64:cc:4e:8b:5f:88:f6:6f:cf:
-        ee:39:54:34:8c:7b:0f:e7:43:0b:26:d8:6e:c4:f8:6a:ed:80:
-        9a:47:d3:38:bb:82:9b:fe:bf:6b:01:6e:c9:e7:8f:3e:cc:b1:
-        4a:a3:df:86:3a:2d:ca:62:6c:dd:27:a8:51:c2:b4:3f:c5:ba:
-        90:6c
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBDQRcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUPrOeouRD
-hftnQDGGE5vGYe2G1eIwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAKsMt
-5/OR1md7Zoj5IuhkyYCiiLvXoISjdavVr3LQ+h/tTkIpYiMyJVlNo0XBvK43yLLQ
-eQCWhA19ovBY18SZZMxOi1+I9m/P7jlUNIx7D+dDCybYbsT4au2AmkfTOLuCm/6/
-awFuyeePPsyxSqPfhjotymJs3SeoUcK0P8W6kGw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14EE.pem
new file mode 100644
index 0000000000..2ea5812527
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 5F 71 8A 9C 9E FA B6 77 CB 18 B2 A0 2F 5D 73 4E 72 B5 2C D8 
+    friendlyName: AnyPolicy Test14 EE
+subject=/C=US/O=Test Certificates 2011/CN=anyPolicy EE Certificate Test14
+issuer=/C=US/O=Test Certificates 2011/CN=anyPolicy CA
+-----BEGIN CERTIFICATE-----
+MIIDgzCCAmugAwIBAgIBAjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMYW55UG9s
+aWN5IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowWDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExKDAmBgNVBAMT
+H2FueVBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDKV4x9YSxioiuPeQ7ngd0MdwlQUnIwpX/DTeU+Zjxw
+UXS4MzHRn8zuzbGP7DfS6lmx9RMpFE0UV+zyo6/iXaeGgSYIoDoP+mX+o2Fy1ctK
+sJjDmq42VSs4OOKsYGm4kVvLhRI3xPdj/OzB38aukiJgBpyBa6d/y9RoTSdRibE1
+yjgI7GeZq1Oe8L6U4JwHTDG4HXZe1cHYROPtr0favOsOsROEvScIOG6nzNtcdCgy
+yHcRODBMqI7huxuQdgdUDk1oc7upF6H/RHLIWnIYPTT7zR1J5+6LEt4OG9jKB2/X
+M8FbTR0OYcg5gpAHMNfWozYLLolyNdo/PUz8os9N9T9BAgMBAAGjazBpMB8GA1Ud
+IwQYMBaAFLvJ3sgcledC4pCijq4DXKskYH6FMB0GA1UdDgQWBBSxz2HJeKGhgtmf
+nkgFMNb1Oc+6ZzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
+ATABMA0GCSqGSIb3DQEBCwUAA4IBAQBPBpWPbfq2YB7SyxdRFRsYl0Y88JvLRKme
+jmCrJlUPetIxVd64HNJrcrguqsXM/iWn+U4Z3lyNS0gGDUkazuKi5yoWonFqdrzg
+z9e7c7HY9NoLfb0c3dNmfll9ZGLB977XFWOIPj7Nwrfaoge6LvjyUT/hT1QqZ1aX
+2DOGOwucC6HoO1S3uDQuWDO5ZvVrLLP9oydpd3nfHtBu1S04qG1fZ0A58YYLhT1k
++IiZX35xhNtNDKbiCQPu6uYeN5zABQuL+e5SjDujOPVHJDeHphAGLgpbFIu5+NkO
+SXbxdzrX+dllyieqlkyWIuEPHWa9SSNRRUv1kQSqd9ON+iL7DilL
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5F 71 8A 9C 9E FA B6 77 CB 18 B2 A0 2F 5D 73 4E 72 B5 2C D8 
+    friendlyName: AnyPolicy Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,057D52701BD0DDD5
+
+JLZVDDBeeuWyNhonJgsHH8oLBq9lCLmBtMlJcSnDCCd1p3q8BwqpnXKEu06luy1d
+pBBSnx1UrYdslgGV7NumlcuOnDY/YwgpqxvFVHWk8cpUTZArqkij36YDj5ItGuhN
+V7OtGMxz/9dvc/8X9QiSaINo7WWkNr2ac4mHjltgCCnIiyFRKeX156inNdrrHhr6
+0UU0I8Q4CYf6rRH03pLhGCdDFV8fI1fSagJ80nGsYNPis06RFXjIS3vwNfT7PNeM
+LGnLjTnRJWjIQ4Oes6gQ63GFrq2Pyhrd9sBuZZDidhLGosbYWWMlVcX4lEsuN/Wo
+BIRIS4C37WGLCQPTizlTHFLlUBZEVkhW9yiTxDeKeg6cZDEuYLKPaiD6+UnmxUlN
+WW+ag+BMisyGSBJHcTMRiV4yisNM2Hfwl9yd0RLK8my8iXXjpx0DEy4Eqmol9vwF
+GqC3TfhqDCKVN311JeDJDj+4JZ7Cf1EtNT6SYgu1feS1cPX9MJOm4xshF3Dpys/3
+Wv0Z7rZi3QczqFt4D+Dr5YV7iYXuX+i27zECMQsjFhT283f4YdZVJ2OegCXNQIKY
+g75IiIUqNRJPlkolyeUHs0q1fP6DyTfOMRzu/WmQtnmwqLml6+pE62ZjxKyJz3bB
+H/9cm7WmsFKzRMPf/53NsofLHzkr3VXxC5hb3zLKoAKfAyih2jpov5EWDr2USEMF
+gII54p2s7x1dh43/sBCfZ9ujM0MMuhvI6nG2mkvOf+XnnSA4zP1Chvo3JlcBmJVf
+dWamIjZi0EeBcSo9oqXj3lo96fFBIzx+pPb4E/mxdnBagWCWyu4s7/GTm23Pf9AI
+UdzlMpZuzEMQslRMJy0ikb6OGL21qs7JkhQ3XnQxawSl0+sBto5Em6jkIB1FhAeR
+UCuN7MZQ9QuxOHJwO5yMqG6IeslWGex96GVaoq3dKQh6SPkFXO0WaTOlvs4836c7
+jpBEZdJq3180WYwMOvm6U09FiIP0oWDsnn2REydlO579DuT8vkpDdJCJmNRwqcAb
+uDTulMEDuodGP28cojooGzRh6SaqXHXLUqUD0iPgzo5+jtvww7IdNCsCaC8DbvT8
+OGdjpZm/QMtjpl8C9sAIMhB8UvrT6uJfeknPshrzpmi90YM6eRZsoRtCNWNyZFJq
+ATbOY0EdCyujOknEVO9sqdKIRyFaA3nyOpalT54Gp5Y0LiQPZsWvuEigC00JLwD9
+AsVjnhr65mA7ySL8+8A4QVmVTokByWxc7byp+AG40FkzYcnUw/3Z1+klikpnXCDQ
+mIaEiPvH27OVHL37jtp3y0umbsrd58YsdUqo8nRa/5jv6MRqt6GmfN0mB//MkBFS
+MZBikweEmGj0YVW33o6wlNpxL8l+AMMw8lucu2ZtpqDrwq/n95GjIuIWwo+qRvWH
+GBiV/T77L8ktuE2PPhgPaDnh0/LspJ017ocHGANHOLbdeDHj6AQcJjP2Ow+R0Rzx
+4EjDxGPmmZ/LPKXqOnVKpJRNp0Na05ZjnyYY9m3HKEpwVUG9soKUYZ9iTukBcWbP
+jwx8Z+YPZWQ7Khze0JL6hORGf4vyu0udFl5IcaX49C3nFKb5Ld6Zdg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLIssuerNameCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLIssuerNameCACert.pem
new file mode 100644
index 0000000000..af919d4076
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLIssuerNameCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 6C 2E 70 1D 7D 2F 76 3F DB 8C 72 E3 FE F8 E8 EC F0 51 EA 09 
+    friendlyName: Bad CRL Issuer Name CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Bad CRL Issuer Name CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDizCCAnOgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+FkJhZCBDUkwgSXNzdWVyIE5hbWUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDF7G8LGjdh/MYdt6lQvrWQX7aQBOGHFSdheaon8f6pFkeQ6kE4aIKq
+Iw++7OQ6YfzkVfZRRJXC9SxqjdR+hGjUlGcwV4g5hDHRzZwyDa14++AMjmSMM+VB
+j9qcz3OviM4zmJf0Rlt6znCxVO72cARGJ2Qzly+RKlkN+/uKdayvHKhnVp+YVfyr
+C7gt7bfq7pjNXSrfS8F6UAU5u9f2z46volJYEaCzAoWa88PGtNbg8hwwydsZxuZ4
+WtZFuogcZJG+G1+gOA0Fz75xb8WL5dVLj4SCiqwjmncy1x3nosWjalb3kmHF5RXQ
+mLlVX6TRuOlS1MoOuucFEULpC7hNcCDtAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQRcvI1XQTVDkogBwdBKP2UcAAc
+cTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACss9Ku6BdiLgwVZq4DX+N6E
+dZWy5a3zfTRVo7Xb9nLTuzxlu+OeoCwgMf/+hCtFxJoAuQWWvhU00AaYQHGyG7ol
+odpaA1Ys/vqEg3XnDpIlHWbTYE5PSRS5Kcfh2bUk+o2BimVwxMYazaltdktclOXD
+ajPu5aE5fgLHoCi/fLghLGcr5WEzBR2l/pYvK40CtsUutuA1PgL1GIGql8yYeZT0
+jQ6ohUM7I/kTzvQcMjML7rFPJkyzjEuji2d5/4Vehh29wg3kap/FuDiPSYwAsxto
+0+uPT9Uu/vgcMq/js5sP65AJ6A3NiciYaq4/Mgfic+zOKz5MDq6+WILzoWnY96I=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6C 2E 70 1D 7D 2F 76 3F DB 8C 72 E3 FE F8 E8 EC F0 51 EA 09 
+    friendlyName: Bad CRL Issuer Name CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7EC803DAA0D9D267
+
+7RECEzxjaCmI3Tg6198FOdR4qkfyYprNug4mGyspIeBsHfpsfkyNOi7Iz+zR/NjB
+ad52bL9B9MIxU7VDN2+dPQtPoBIhir23O59ct7S/2Jxlw6W0aFOUZ+KuuAuuwsVg
+2wGJ+kdpzn2M/Gg8MZ3DBzIB7GUWzUU5EBF2M7TmgrPZ8Ga6UoIvo9ae02hkTXeR
+YASFVlLbfr30RF6h7XPVzwVHDmsikdcdbFAafFJuKMeCz4/JurpSf8ywbgw5BfJD
+Jx60v8JWEGt5JuXYCMd8ZeGGDJfO8NXjV54sp5oiKRM5b1ldeQfzciihmtCwEbrt
+Jxk0Mu3tyl3tvnzHTK7MiRU3txvA22//MkR9XpGZDTEKh+OSG0hcDf5Y6Qzwp7FK
+1elWJ6DDZrXyZeqQMnVFy1K+ZdGFG0K2Q9D9Ff6GfD8gurEDrGOuuY2DRVvGpvKp
+yZcPcjAnMB85oQKmw5k2JLWmMhtf6Ur5Zim/HqbXUTh+pGS+pa7SCT/G2Rj9uPa3
+1sYPhI9AYMmP8lMfUycc2UF0Oh7yIUou57MzcwK1YatEmsnnnkbMB3dOngv8nS/7
+FV+maszUmn7YvP5+HRqsLfN2qA8aV4ovBdBdD7XGbznyvFS/bHbfbiMKPfRhPf4H
+CmSfgFa3n3dA2Htokp3vhxds/6tKFf+zZclN8Yb9TWrXhlahkGVtBe6Y0nt8u0oz
+LBQSJJ458dzU9Q0aeU8tSAmbYZo19FkzveMpQihSHWrCxJUw+vYV0JYkKBobjsnV
+8aq2HIgvHv168rZisoNxJ+AVc8wYheGhHiZDQFXHe9NRyt5p0buCof4eMeEDenUP
+N2VAvRIjm+YWt0EbcPS1xknormptWPH8QvRS95R7nivsPPRbijQidrqmZ9VIbBd4
+JWJ5XqFqdZmVl/Bneid/DqMMkd4ATNnPow16MUWLi61xuLY8ILLJoYGVGZ8Y+fyC
+DGTlbSS5RLCIncImxui/yVmL/ZCdryvAs7yutkNFYkMqfz0fTvhTTklzsktt5MN8
+BlW6JR46qbj0rksJ0ELoCfxY07JaNDZakkC/aY8fvuNX9HP3A4BhNBDHAO0AnbQU
+Pq3bM3PLdopsWeFraQlHj1gex0RbjCzBXJX8eQB2UEyOjqOiWZfSvHBAODKnKFu9
+DUup46HrdBSYMEsJ3voQtyT3tLW2FTP8HiX3zm6/qittG0rOdyB3syW55QtqXt6m
+CmsJ14b7JDbeRhBXZMjKG8HCw3RuCIXifUqnWpTBArKm3bKV5qx5JaPQyvSKpTXZ
+p/yDEREYJCKUrRoAQC5aN1hHiNThmMaXoxBvI9iYliB7ql/1NkZ2TW9OfkkNr67o
+cv1AtD6i9u7BDqKFMH7LTUbd2Y5k1+97AXYW4nQW/5bdZQ+93E/KJoTG52YJ6/Lm
+I6e+GR/UMPS4OcdFEaqPAJZmjlULKB6WltEiiSJlGKbK1q5lWIZj+cpDW2BY7NW/
+kq2r4zHwbDsHTojGQE48B3ng2qv9xvSADJeq+w4DzmDMB012+ejFBSB9orJYs/w9
+Y4551TT74ecSgtHQf1m8+HhVilIQk0t3nen5hWsxLPbfY8aax5Ee9E3NKl91JV3d
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLSignatureCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLSignatureCACert.pem
new file mode 100644
index 0000000000..b9676c0c12
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLSignatureCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: DA B9 9D 19 8C B0 DB E4 62 3D DB 90 AF C6 87 F0 8E A1 DB AF 
+    friendlyName: Bad CRL Signature CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Bad CRL Signature CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FEJhZCBDUkwgU2lnbmF0dXJlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAopjCrwdkeFD3gKtDsVn8LE7eimUrRMYO2xbIQvoovb7ovBhk5DSjwQcH
+IPV10+5GZi2mTMN1/EIVbljKPn+flNvMv/TQRlyGL4OlX6Cn8jgs+YQomw+xPWC6
+jW5x3lLxzkGF+5XJEJFMLDBAYOQUNj41BMlJX47wWalyulucuJAnbbesOdJ3DUso
+1sDlkZ+GGHQB/U49naBOqf4EbSP/TAQbGNfOd8vuZl77D97eDYD1/SpgW6BbwdU7
+2aeKVkOqg7l0efHzTlgpnKmrlyDrAj5HFD3aqbOdOBezhTwz57rAufiJbpPJo8PY
+zTJ6YxBtJ5z11P80SN5IPgI6rUpTbwIDAQABo3wwejAfBgNVHSMEGDAWgBTkfV/R
+XJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUMYs1jZ5EYTAU3ucLLhQZSCTb+b0w
+DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAsBDSBWEBw5h39jknYGFWZO8XM
+4ZH0g/9MXqCIhvGwQqAqs62pcMlEWhhXJkxTlKHEBeNqb+L5iffq7RhfH2CMeWbM
+FW896V2CHxnYXToKQTq+y550qOX0m7Wm9OvFebCW4B2OCKWZde9esxkTZvlNCCkm
+wVFBvb3+nrlW3fLFsAmfixxftD+pYkA91Bud0M9zJElT/vKwzXa5nNrvc2UmIATg
+D4i3+iR75+yXdJ3e4xe8LAjJqqMXJfjgHOmM2IJTIuBOKKwkuEFuQYRAQsrPd4j6
+l7ibnhqlEkAF2gsaHkQhL55l/8d7H//Qjk5TSUuYThqhqeZEHfabdVUJAUEv
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DA B9 9D 19 8C B0 DB E4 62 3D DB 90 AF C6 87 F0 8E A1 DB AF 
+    friendlyName: Bad CRL Signature CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F7EBA9B2412BFCCD
+
+JfZvfm1e18aeiPLCPi8xpXJui/JMWaxa2yNeIaDVWvfIvLxKPKUZrwj4bvCColo4
+H5z2ibaZaHjkykulFaLTDfZd4RwQdKy4kL35IzfQj1ZwczXvq0vrqbmk7t2os1JN
+6X7D4rAl/cjzjnmjeMVqkv+M1I0vew7UQ0AzSPrtoDQn4Tn9ePu1RUFzYPa4z+fZ
+umqxCXQJ7OdYMtc4Sryjehc930DTXa9FMKjnckpq7AJ1vJbMn+FdOEv34tzVmwiv
+7XT+/7Db1e/lfVyPb+eoltGANuzku5Ov1Ow9gzhuN1rFWXAsCKlnpGm86Oeo5Xh5
+mUx0nyYt+OXkb/HwaLVHYVglUcN/BdUu6YFRjnyoebwFltoniCslfRko4Jntn1XN
+PazLe7yDBGCYDE+mNlHhpsNQm1GU52HxDknb4QQ/UiqmIh0+hABQL/xWmPkh87mi
+0QfHJClNeATOoux4vERgRnQBAwjNp2kumDbYZopQzRlR/4APL+Rj+gZQDwSdPar/
+PGLm4hKwoHkR/qql60Y/9UOzkmMAND3Gx2mg02uwr34XkNUtpssc7I5S6W+C8lJ8
+jbZledwVLWP9Nc5heZHo51HejD6ewzuC3QLfkkSfo3TO+NcZt/nBmnvf1avg4t35
+eRQVeWAk2SclJ2snD69sYxQKRN6owRZz3KnDUZaGXyVjzKmLlGg/rkiXvD8h1V0u
+tgEsSF2EPeGIQiExgbausGNxZMxPgOxc2esdjipxZJ9Kd3P4DeBrhF5eOyE68Ikc
+g2E1omF1ZgUv5OlEjfpS4k7d0kQXaSfYAuCBMA3ayvaIDe8cXpKXMJ1hGB/o7mvg
+rEkQAAWExtdJofFSfGI4KtMKgcxcMDbTZoAQNL2s5D5ImnsDjnyonFGL8zxYIhFo
+g9N4I495b7yy7v1e/6m6TLB2BAWRaa2M6aI6f8w3vEuMclloDP6AUJCiLavld0E6
+iOk9uUB45XLM9ZnZRC5uzJZ3JwI6kBrEatHOkLxXevUfnxyCvEqKsJAIlC4NNkvm
+aE6LCfCK+Tq2joGWAxArBK/ZwGLskJWGddmCcaH2Z78mOmLdwqUsk0xAuQIQLtvO
+Roj1rJqhlukXgzu/6VD6u0rCLIPK6+wKNIoFT9IPRpf2FqD7JntSRPUjb4WEE+6d
+AqA7+5T04cc1VDGqjy39zz8AgQkV2ze5/y57d0YkyfEFzbM0HU2xFplnuuq4/8VE
+RZtJvOohrq+7qrG1d0MVWtxCJl+0cwM/pX7x3iphtM1f7KiiJpYvSHXvEKkO6eFr
+e276hHFQ2+qHmTGpXhjAgCUdoWJ/F4XL5GKaKzei7vMnJrJIV9E6GEHJcvbH0C69
+wAuuYznu2eujeryPtb85ze+BHStBuRDhGTWURZV7bMCkS4lrSI/WxyFjJCOJh5yl
+spIykbdqDeKHtXcB42GL0WGtiwhLIul+VKTfqEBK6RS0t/JiN/n5iViGTvwnBrHy
+E+mYHMlrBDiMUQGgktAmf1+Aoo+5ArXOuTsGoCEdHy/u3y01PGS5kIP/nofNriEC
++/8fQh5CTahXzAZs4kgxb4WYCm12CEoc43xIHWSz3YRgD1XprueTa4m5oHsjZ52l
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadSignedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadSignedCACert.pem
new file mode 100644
index 0000000000..7e1c0cbd44
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadSignedCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 78 48 C3 C1 72 F3 54 5B C2 57 A6 5C BD AA 01 AB 25 C7 06 D9 
+    friendlyName: Bad Signed CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Bad Signed CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgjCCAmqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFjAUBgNVBAMT
+DUJhZCBTaWduZWQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf
+77zrq/d3vnq9i8r8Trn+BmzL4FkkTxewQRXNUnk6QnZ3Zi929sKAyv6cHCJK0r3p
+JQj89gjkcHFt4Wsqzo9cRS/39ynAiCBoPqdOdCiy6J1AhKjMAVjrx0U597QUMKXj
+jQvxpsLptqnn6kEX0VQzHqrChCbYogCHGVzyOEM8EA4KK8byAf2ZwUE34FqcSYjb
+XtX2Kl+NsNGEBMTiqNEE82w+HmuRM5XYxG9+3EnCuT5O5b4WWqzsvYHAXEzgu+K0
+ghe4Wail7rFP1Ho046GZCwUzi+U518bek8liQ9qiqS1L6oVa8dnQf7QDImDBIb5F
++2IJmU/NPAJwTNAhK3mBAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWu
+vnW2ZafZXahmMB0GA1UdDgQWBBR73RA7SuDI3USFTog8WovNmSKTrzAOBgNVHQ8B
+Af8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQELBQADggEBAWS/T/8EU0O0tLjvTs5hWudZV+co6/NMpRBk
+gUjCI8VuNjpi/bmhLuNioJ3tCgLWlZ4Lhd9fLyOvktEo5HtJ0HNedz1Nq6+L4S+u
+h8yYAIXSawnnyZLof8p67U4Z0hz7typr+a9FLpbkvOi6KUykbEgNOwES0+2PZLlf
+0O3/I4JLkA7w0JXQi6CyOgVlRxF6fxw4O3Z/C+u560TndrUaISdyugt9a00gTmZc
+9cQpAfZUn6WS0xp4D+xQ1h1l8BU0nXR32uODwxTh4PHh6sjZhY4pWrwbRgBjKkzI
+iqEDzQlzqYwtPjIntlbAkwC4KM1pFaMwZU+WJ79rrPJGMGWFF3Y=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 78 48 C3 C1 72 F3 54 5B C2 57 A6 5C BD AA 01 AB 25 C7 06 D9 
+    friendlyName: Bad Signed CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C048FC6B63AB6285
+
+DawdHO3mXL21Xkgpb/P19gucgX1ie3SOsq91XIvu5o6fhnoWjLjyhXCAFEAW81Ch
+lZqDMwAHIh7VVGpaSh2lhbaX3gncOiPbI7JXoZtBKuv8tRSY24/B6Bllnp2igveS
+7uTrD6RZKgiZ11zbPzUk31ikV8s28GXkhFd9wXDKYqvyBUHnPHBJ283RxirE6KTA
+e6LASDhQckX47Knjb2tQFuH/geRGxvaE9DpR45gppDqvguMsaKNOFl5cB/XotePj
+VDqCOB5+Syj+yVM86U92fB9lYnIzhwT+fPuZoBnXolegb0FxzzBvp2A8X9srQ5Iy
++W1mIXtSLzjXUhoKyVH0LEaw0/gS5qTfNTBpJJ2qCxahiUviydXBaOPxU0k+EC+S
+2tVJDgC8P+uQML/X02kHdzhf1y/0j40GBUCUhiXVcv2koXpjxrNt732RhsH+2z1s
+5FbtgZ8OCNGtyx8CwUBrL6eqEhN/QJWypDlAbaidZb8OAljVv457nQYvztoRBS7S
+e/zwpUQb6afUHij5ZkrRA4DxT88HUIiCxOhlbTbY1a+f+4pk3I1zCqZlutITvIx7
+RbAzmXKCGbsb+W087tew4MmqqNw9f+RTTia0ZzB0+Y1O6ABL5OBj+/lK57nQHzLK
+g4s1MOLqM3BSuAMqVfoHcWuzew8xGKoPm0W7aGU8oRTeSGQRgqsFUd57F9x5ekB8
+HzWlyVjoSMNiaijy0dqAzsQmz2AzpAQzD3Ri8PG+nRysvu0xuRLfgE/23zW619Hh
+1Sj0P/S+GiSZF2K2Tt4jkWGzZytfEoyRpueDxxM45wRHSzLfg+4EsWpKyFRNQMI4
+arYmsiZeQwSZbwgT//rJbpxuUQyDVa0u6xR6EIL7USqH/ZoPBVfeGG3Q3E9swzjb
+/DXh7aTNt4ACBVfIe94p1cLkxB2px1aONmtA66gsmHPkR4YLydySdcdqlBwH1+h0
+FrheWxP48P6okxZit3HJgTENa6CTLfGnC5QHARU6zvpFC1OuZxyWmM9xXmERGOUy
+fff499oyEl86KDjCySX2nAGRzJ1UqPIL5xu2NwEIsGF/IP2kG5BsmBoEoHy6SjLz
+0U3Esx6aUCFS7tI8QiqE16N1yzswtG2GHBVurhHvsU6q08b3nP4RQYSlnBrWsAGp
+D6xBuIFQY8LVuhDbM3iLiEiZThbv7iEw2olJWCxsiyuyFAiVs13xfMwIFVW9QRtU
+zSISktCZ0h2qT0+R5o97cetHR3YKoDgpGT6Vf/asm2HwwcBjAsDnUOJrbfW+Aqar
+Igi8lNhTPKXXowc93l6rXvRY1P62pRnu4IMSdqWFboDOS5aTTzPWJX+lywKH8aY+
+BEnVMVwMHR21Wi6vMbMU3l89TCOLTtdDzwv47vEMPhn6y6Wv7H+jRPKNmLYPFptt
+/utX9RtwsPLLqGqtX1/ZXWFaQbV0iGLLEV02h6kTiW75qyqZMKaQItmThIbKzV5D
+EA62TMKyKfbXmEd/6TU6V2MATTGJjLhTIan6gxAeYSpolrirXrukOEGUPEXLDbaJ
+2UR+KFUiXm8wtzNIorzqVOpPfSdOsqcAzaGnus/d9QBXj6r7CT79Rdfbm1XN+hIf
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotAfterDateCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotAfterDateCACert.pem
new file mode 100644
index 0000000000..948c1aaeaa
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotAfterDateCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 9F 98 F9 64 49 AB 11 7B 7E 52 9C 0F BD C6 5E DC 60 CF B9 66 
+    friendlyName: Bad notAfter Date CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Bad notAfter Date CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTExMDEwMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FEJhZCBub3RBZnRlciBEYXRlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAypzKnjMK9B852wzLGnbU3ueOStmx1eypNdu7Hp4p+tGo4yA+MtHxmowk
+V6+nvIJPlouENL+PsGm5hG78ZUcZdyJxIWDjSwdq3xI8nLFWfNftlDBg46lWJUoq
+NLktefuraN7VVdxT3BAS2qTV0t4jjXHwgwln+cnQbxWPD1wjLY87yip9vkhPVMnR
+bLjdPIkvW5C99JjcqCyDn29T0mbWuYtUmsYbYYdIAbwAHU915tJQJ15JqHucNfu8
+Xk67nakILTO6vzc++lmYSkVJEkGE7Gen2BMpOCAjLjmRU9nFBfp2d8SOVl5aggu2
+hJrok70GS9auRuJBwZoQJjp0PiTJkwIDAQABo3wwejAfBgNVHSMEGDAWgBTkfV/R
+XJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQULA799+4886Rm7OcFn4iz4s90Rtgw
+DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCmiMVZwyJLiTnmwJLfGZ5jfdi4
+nNcnS202Eao1JeJ7+N1npN3KyAj6lHsey8PtRvsliHAtTOgILzAKdY7pfXoqbUKg
+KB0lwXQAquIA0yXuVZRledjaSvqoyadymyDds+5oFuk1X1i4VQAxzF6PmTu669E5
+WGQryGH8oR6+xLAB+kQ3xAkE/X1NsQSrwp87GKGBAG2VXTvBEVCXovRBWEhqQLaK
+OXS/YMCySS+G9WHXQdW4IPj7lB/2ri/N/+zUE59szrmO5Q2uqZsMqHAiSzj3cWhq
+o7jIJZfyQ9biZZVo5NnR4Eltpev0Tl+4Z/OqZt4is6dHKI2A1p7ze4KqZrQm
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9F 98 F9 64 49 AB 11 7B 7E 52 9C 0F BD C6 5E DC 60 CF B9 66 
+    friendlyName: Bad notAfter Date CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B48D9A8A87153757
+
+/XVUIfzT/dqBk4T1wAytV/NIEjXjYgeCG73089udaZQ+0uvOxpWaMlyeX3pi0fQ9
+Cff16gFGpthFZV1FGzghdG8Ycb8Pkaxz8f5b6E6rfgUuoWdY+TJnS1l/hIPrK7jp
+NaL0/atBVOEiFucipTPZ2DTfNCtZ0oRh7R6BSKosy7WVERrQWMy9PCNH4BqlezbS
+dgiGKwQ1CNFrrePRoJLzfesRFZ1ogw9F0v9WzbV+8hHNiJKnJCEFYlHnNKiJKFX1
+YhnSnNFQfJ/RGSLUVpOZziU9yJs6DwpO7rcLY9WW+H8KGhzD8b5pVoE/SFd5MznM
+0HjAkk6hAJ9wRiOFCPaE0ziBg73yfR51I307JY0FmWMfcQQp/t8aBfMnUP9irRwV
+sb2g7ud4zGDzc1dq9qPMvT2pjrLJVLJnAg07cYg6RjFw7DdnradQICVEnmuDbry2
+aggynkfiFKvNiZ+57LQJYzNJZpTjJcTdpfEL4UBK3PuUSpz6W8AHLnPcm8m3zUXd
+dqCgkIPVy2kCAD5pvLA1wtl8Q13VMT0/SJywjJWx/vx+g8jDirxXN8TwOa0hc2BK
++gyXufS/phlv6NqMKYxmMGkoScCkcxaUidHP3h0H/RpaLhPxD5JpgCjvHtMWhCHS
+s1JXAPBLDewrZdvc7R6A/GCnznrJ/BpV8iwDjtC5vKf4mSdqm/1KJMdi/PHYRDBr
+EqsQfBa2Y11DL0OqMBkBUT+2aYc3cDfIZqsIj91Hk6z7E41/j0b5SfaXFqWSL3rH
+mbkUCoH45UR2Yo/dHFIOyyMCckfkQChbjOiVpJ/pX2qaG0u/j7JkF5eqdBpsEK3d
+ke1OOLvbwkHhwmj9u6Fy+HobF3F3he81L72iuYkqTqPPx+qT138ovbrgj/1thYox
+xEj8tDJv4R4w3vG1pebV1Rq/2HN+Z9c2I16xO5lQJrHtnMEIksO1UuQ6pyDF5hX/
+p4ez0TSq9PEXMC4iqaz4du4Zx7/sUYmo2fFVEll9jWpURcsRf4qbQXEsFf19hsuh
+bsv3bV5gWEgxSruXYcCAXDzuYnW29yh3XQuq1w3T0XiSZLp6rYoU2GNxTRjJgyOm
+UBGr4zyHJa3pauo1+C3XftpmmFvu7tCGH39ZlFk0iMuCDVrTeMAiaCeMrgfbIDr/
+K8c13FwapkpFxy3Pm3cnGN6/vtxyxWB6TgEuILQJrO4Msnmoh/AF9mkZ+odeLD/s
+9BuiIH5CaF8pTF410b/xIVeRhc6K2HZRRf9LNBNYeDu+c8ji/RBWWNj0nJpMyzJc
+DMfuf3EmN92pt77t1/Ow2M/MgsFhTdQQjfuLAP8NOABumYXLpjgAivirhwEbhMF1
+SOPy719UpJ871VLAAobjNxVvq/kgLxmdFBbw/Vpk5wjBCtppRYyum4XRE1QBK2EK
+imLZvpFn65RK0yr1cG2e6MukI5bAcZshBn0Yxr5q4C9GN+5UDDytLVAf+hfFwcBu
+CHt5ec385GqphIYFxJ90h9dLRYDbJNglEm7fc2lT80dhTBepbVVn1GkCNsi+bcf3
+aGITjjQBqGHXYBrzRhuaSy95ZqVqjJKmHyvBv+rSznGUeh+e/XaN9Mb2p5BX6tLf
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotBeforeDateCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotBeforeDateCACert.pem
new file mode 100644
index 0000000000..65a6a205a7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotBeforeDateCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: D0 48 89 61 17 78 37 17 95 F7 CA 06 62 4B 39 71 31 8A C7 5E 
+    friendlyName: Bad notBefore Date CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Bad notBefore Date CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTQ3MDEwMTEyMDEwMFoXDTQ5MDEwMTEyMDEwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FUJhZCBub3RCZWZvcmUgRGF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKdTl1qhx5hGD+CvPHQU/pDSJCVnLWeXmdblHoJ746b/bW3/GkXFSUPl
+1yT36yl6CZJzUJqOYzFkSE3aN2vDcrjviJOAInET39JOxLTkc7J8DxCpz13PmliN
+KpQl5p3fY3Lll8UumG/5mZsdphQSp2gIN6w68nJKS6Nmad46or/5l1qsAteEjIGx
+a26CC6tV5yEqchk1Htsd4hJz7xUi7vijBM987pOidUjCYNltpZYQYvdbGIjl2LnX
+ILVLy2B7Sska+bMVllQM6d932/mzFUxCXCR7eow5ZKo3dPAKOuwTnjTAR3MHfCij
+/mRVgxSBDh017j55dVB16y0Si9flCfkCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFGM+vBqe+6HyWaEvS5X+5t5WuIZA
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAtkgaLAbOwuudAqkh/5xJw8ur
+RsA3e1joOqVXy3iP5Uj8o663gzdoBl+sIyDGntdx0h5GjR4QM/SWPlz5yxFrExe/
+AaoxXHr77fYZfkgGBCLblxo3wb0iNpKz5OKmb4qtwEOpHygOpSSiV5e2wZDjhN1q
+yR3v2lR5L2exD+k4l2Td/0w4uCpom62k+sWY36/h/zKiWFWhnIWqpHYyYOGhYzTM
+EtJNWj6H0EWEoB1YNsNZYT3f2w4jOFa7oxfiqFS9kzXIjenc+MIt9uU6+oLFjdzt
+jVCxa181mRD3+OiQw9SDtTZXEwPQmp0jj7B5bLGSKK477cAIX1uqxE7jyO8t2g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D0 48 89 61 17 78 37 17 95 F7 CA 06 62 4B 39 71 31 8A C7 5E 
+    friendlyName: Bad notBefore Date CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0854315DC810CC2B
+
+oU+cNRSsrQLPHupZquTWR5MxFD5aQCMQ98zPAIBMby8OcQgmJK75sTatLp3R2tTO
+uux6L2ITikqV4OX5oWqF5rkqsukF7OvtXpFjZfOvg+an+3LymMhWfMRT+YflUGvJ
+XFu2tq9CbQ7Ov1Dwv35SFAzX6lDG0/c9ct148i90vMFrLZUpIl5fxI2x6B+lLALL
+tJ3T0oXCh5Ux4x3YEgG/NpCMyfB5QeX6C69/Dv/qbr4GkK35OktT2LkcO+9o2dj9
+lC/B8Jx2lpNDw+wAw/nURngTRMvSoYCInCq3m3PnZaSAzq4/XKS0wjznYqBhSDrD
+uUjf0K3b6MK/DxKFdp/F6sH77CwNapTH5SLrXL8wEKK9AHM3HEab8Ec8i9gFFrku
+irVkDXFkvFNDohE6xAPcHRHKLmQI90L92lepUuBp7Eb3AQu3V3OKfLW1Onpuh3kd
+RAUbhtzGAEGB1Nl+C9GJ8G6gCS3hKPBDyM+QXdulkurz3XuVRxcxboH7eB5HFA2q
+NH1kjmvHCXszOHltUDq4MxcjaGlI7apBtyrgWaPBWjGg7M+yiCHhTC9hl0ZOxgzV
+NaatnTAJk0JwZ5I5b8hy5SyTV38QRQo3DmW6TC/oS2jmAC9dWUXh0SwGoViWRqBF
+6Xx3B9To9tgEtpfTG5m7snLNwxqtW/FX3uZn01Yz2WMwUYxh8DTTOF5q+dWyhTYF
+vBvSxqmetd9zVGJHIdik5zfVwnzbHanrMhW1+zEVUeO+kz+2i/clJmvnmBhWNMHe
+ElLj8tGifpWMGAZbz270k539SZL+O4DcMaukA5oyp0vhl8kVWkvmw9L5+pZH2gUR
+PoV0AZ/9gYEAgzFqvNLcNkkjQWcjYkc+htxVbaKdCVFTm+LC4hEkjT0WUz38IZoF
+vufOUTlaRHZpHOIALn5vlmnt2VZ9LUWKdWLQHU87pDBKkwLNl7i03+PGnzVhdUrf
+daSY38cOxEOaqkaV8ZPu7p7nSRMTwrrC4aaUYLjrKVNVXY+ULj2Jy+K0tgOa1ast
+p3VXCnAEBmbvQ0xAiWnkTz2iljE1GTPs0i8iZYfuCM5Y0ZzBcdD2KDjM/C9MykUR
+iv+1QQ2uvYwOlQw9jMVsXfqAvh6Bwlzacc5bIZNO/C2EQZiXBW/w1AmNcqU2I+bS
+h3rAnBIpR3yYFH/E+m78m70hQt2b9a/OF54ncjBoJPI/wCyEkbuX6BdZzmnwEeon
+NzKqgO3auHBnaGwmV58jnhHm8nSUttj2D/9xHgPmkbIMeF4Rb9ri558XXh4yF1Q7
+P+vxmk7Lev8qxCV7S1Cuj7zjkiIKM32qT0gJO57dSxHYY6LwGWlCHHkdXFMBMNNz
+2FqjzPyPqfA9vA8hd/y8E6mGAibIrJtbn+XAd4tG2qVI+AObYGWUR7N/AR/NDLdV
+e+n8xyudrcdhxQ2VzLN+R75H8ogNyUypp/COlULBnj5GsxCfmiujqIpfM6mOUyoj
+f4c4B70aDbf+GTMmVU/w3XjPCRfft83tQDdDj58iOh5h5kHTHIRypLp5atXJDKIN
+1E8ar3xB+hKJutkBoP+xIRQTE9ma52+nJ0OMuZWnFI3hkpfTFHCbBusGentg38Ty
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCACert.pem
new file mode 100644
index 0000000000..914736b9ef
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F7 AB 05 2F BA 7C E0 A7 7C A8 B9 C5 C7 44 3B A3 F3 79 36 83 
+    friendlyName: Basic Self-Issued CRL Signing Key CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBFTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLTArBgNVBAMT
+JEJhc2ljIFNlbGYtSXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJvLh5HoW8mGRzWeJaiULtvBNwejGSVKBBvs
+kgOl3tZPkDrTH+O8gQ1os1sTlAGpEbCeXJ4wBFM7++R2BT5uxrAM/DThMcSakEuz
+IK7p896N+CzCy+ylZt8q/3mlND5z4uWH9f9sUSv/iA9Gppye3aqQWQfFcgeCF4PX
+6loBMiEpfccBQL1bWSRYklkZFVzMwqVZurxqOqlLVkX3YiWuKdP4d1H92NzMCSY6
+bd4qYOeNx3pEHeW//Xn6JV9UPa2NrsBgAFxsXCEq3EgIk/Vy6yrJ1gM4c6hQZNo5
+mMHHhfwFJ9W7nI4v6G38Ih8R1BimvAMgbB67QWbB1M9fvs7dKfcCAwEAAaN8MHow
+HwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFCmaRS42
+lZ3s8l5UnBPV2fZEkSwTMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAlYZp
+OypzMxPbyQTGr4YyG6KfC6jsXWoDPjKTQ0Hf1MxJqwRhwmS4VfAff+mVu4E/c7D5
+6RM94oLGUSvhDOY/i4Sd3GvRMCHcMl+oIx+2ixhSVhekvtdZayPWTmSDzAjw02yg
+6KSCHolEL0pKs9+SuvelVQtO/r8/7AL3vVfJyS/S8bG3Q8rPG1G7LY6y92kbsq4i
+uxHWR8y9kY4nJDgXztdPmQND89UeqmhhgiSj2vEI7nSFDNRqtVFmLJubjhc335q1
+O4ziqvRFfhrFoEAuZdo5ivsYA4lVR7OSiAA2CBu7p5AKhn5njeGXSfqXRE32xzAj
+AlBwl0hRSkow5npWfw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F7 AB 05 2F BA 7C E0 A7 7C A8 B9 C5 C7 44 3B A3 F3 79 36 83 
+    friendlyName: Basic Self-Issued CRL Signing Key CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,44D03361F214F3FE
+
+4G8csmNRDxV5P5lDILi1qKO7gK12cBhwKnzMbPzpxMmABdmisgALWgDBfLBBaimq
+d0YAT4S+O++fBaJnFwO441VMAy1qKWdcfGmyBOqKyAE1jeLV6lBKr96rLjZ0Ues7
+L9e3AsIE45dpn0cP3VENj8BKD8g5kK3QeqsoRSybF88FtJGdemx4kuulMfBSoDja
+wBB+4p6HHZqgDl8/bOFY+KI5p3ToROyhmcM6DioCDRcxrMh0bco9LoES3WHmBROH
+w8NcMv22BG6armqMW8iIG3u/f1RtEy9fSfKTX3bt8qRPMKhJIov6I9YuEWpjUPee
+Jq+I1IHof4GMKh1wQQIXG23Ya18vLTwg9NFh8PL6eu5s3Z3gef+POGIJqsY+25Sq
+mLTqjSNUur1yCm2JEshgu9aFQs7kQwwjcbozxKlRVQWY2QmSdbkuZnxXtRrZJqy6
+e/DHG/URstn7u0Z91cvjhwgeOkDc0HToqNRu50gn2QiSXvYJnHI+FKjcfRpNiCgl
+dA7e6dBOZiXiev7Jj6ThYH4uwiGsABkiwY/Lm25ufrnl6DFERC10Phw7qpyPt6YO
+Saw8u+6OzyhDMFVRXquOxVp0R0my398OWPZgU2CUa4ofJTYq5xZPYoFnd9VGElTY
+wDnWIF7O0QpSiyVoFHeV7WuZH6JHzXZB/r8KcrW4qNYOztOuuKMNshxBaJAPqKVr
+uvSRqd14518ZyLfPzRSFbJXEOLL9tAwLFcbFC3SpdJdHBYUQ+oB9ULxqMS6PBw+P
+m6pBVK84a5VCmQp0e4wlmSG34i/Sjm2aZ20avaUrlu/PvJR572wzrmY6CzV4L8ea
+lhTpJGjop+o9XUUeCSldvNPRoCJJOEV3q+3MVGnh7/on5buBEj7pbULd/IzV8p4N
+/krV1N99ikIELRoSNKzFVPF7ivgkQOCdVw3+rwa8nCSCOC6bqVfx6145fFouGUoI
+COEzt3HG187d2aUvXwcACvlxkjPLN05pzHrrKu019AU/6mDOZLm+wxzsrfQYqSjK
+n9hHpdOkf0MTwaO5mYDP/J0/fUE0KPla491SJIoPwGUHFG6t77xj+PlyOZK3u1op
+ySmC7aBx0WwbQ8RaX1WBAVTmo++J4tGxobpftJx7dlpjs98rP5+EUjph2oBoszCY
+hgXOWxVpAhEup9MSKx5TZI0qkH1Ory7/p4lNOgSpAALFlXpTTZmGMGhR40i+N+uR
+iM4akQ9A0tVUvXZEynMEK10n4W8G51HhbJB/BPcq20VeJaPm3hdDgHmbyDmnn51n
+iDKJCSJ5wn3EsB7qDwxbMsMN8OTLM1c6nsvdvoZzITUVG2VMSYx2py636OXwRClB
+3okmWP1CM0XyKF/ZjTpcKcoGK/k5UfEgM9qtfiK63Lrj+ZCTcTAU6msTUqjd30Xb
+X+JLvgWfWHzJjx4gV4OjiSY9SeFKtZRL0BU5GWvEMzN9bh8ypSZhgvcXVakuGpnU
+7WpSHjtVHCMNsTIK+QcmBwQL8TU/yeBQcc+Bv2VlkwdwdjP1YEhlwRj2xqqDaKj5
+Z3SWFzdYa0C37X91LrmgA4jyOQ5JDwvmSuiyEXgB2b2ubQ5aL9hDCA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCRLCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCRLCert.pem
new file mode 100644
index 0000000000..d26b6e327a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCRLCert.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 7B 46 A6 9E 26 6A DE 25 57 81 65 81 4B 80 C3 BB DC 97 03 B4 
+    friendlyName: Basic Self-Issued CRL Signing Key CRL Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+-----BEGIN CERTIFICATE-----
+MIIELjCCAxagAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEtMCsGA1UEAxMkQmFzaWMg
+U2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMB4XDTEwMDEwMTA4MzAwMFoX
+DTMwMTIzMTA4MzAwMFowXTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2Vy
+dGlmaWNhdGVzIDIwMTExLTArBgNVBAMTJEJhc2ljIFNlbGYtSXNzdWVkIENSTCBT
+aWduaW5nIEtleSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMB7
+JPY6CCsaf7+x7xOXYuekYA6S8sncRWor8AbIH0EXsWYHwfoE6cWVmtYrvewbvug4
+iO39JecD8f5/U3v400q9tM9wnLK1WQeGMktU9y9kv5qcbLDpO+ayIo64MCT+N1zP
+QMMjaTTT0p7bKxDBXJ9xfQ/WRDd4XCHpR/i1VdJwUz3XM1NF3rwdYQo9N4ZOCqlw
+oWo5cUiAsU8kJNqO7oS6O4SbEgTpE4b3k0+a0vWFbLB4GVgC33VBPYW2yh+0f9b5
+4XUkz2xTk8q48xHxQSD0QV4F2AyHLjuTg+ynSZwLVoQ/Z6muzDjmDZ92lX1aWp+G
+IflBWKEVf9NcFb0e4kECAwEAAaOB+DCB9TAfBgNVHSMEGDAWgBQpmkUuNpWd7PJe
+VJwT1dn2RJEsEzAdBgNVHQ4EFgQUJMFVcfqe4SGFKvCtYacVudVNQxcwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMA4GA1UdDwEB/wQEAwIBAjCBiQYDVR0fBIGBMH8w
+faB7oHmkdzB1MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTFFMEMGA1UEAxM8U2VsZi1Jc3N1ZWQgQ2VydCBEUCBmb3IgQmFzaWMg
+U2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMA0GCSqGSIb3DQEBCwUAA4IB
+AQApbC4TkWyKb+M6KLhhxF8tjfw/GjGv1laoCAlhW/kUWaJluNiOjIPvcrd+yx9y
+1Fqq6HGPaNv73GaO+rEp8aGG3tiCiviCaWq9SB2JpTgvQRz7qOGJ3boMTN4i55zl
+5+acq11NdMbLxnFb7Lpzc2QbnIKIuXQ2EJ2wgGm9jfs6cFLNKfNQiBkObeQVRSf2
+es9xqkY9X4Dj4h0HDYW9qOg/50r9/6kCByUWmTNAFm17IgqBwMK6n8N9O8qAPnhr
+E55WLuUUTllwQME1BukTrtrALVXFlFohEzA58wtNoZQ2PPGPP0TO/pQ7VtGCi8pW
+TJxkdlqxBhl/uyOGYopFSjw2
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7B 46 A6 9E 26 6A DE 25 57 81 65 81 4B 80 C3 BB DC 97 03 B4 
+    friendlyName: Basic Self-Issued CRL Signing Key CRL Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,81E92508AFE521EF
+
+VYXB1vTlA6McBsEVnThW2sKdDnJiTghN6vmfRJ9gytkwgmlpc6zY9AmNg9xhDRQL
+zf96D+W6HoI+sU8Qv1s7zADF9FOxtDntwgH9Uhw0Fj6QWsXRcGbs6m6KgmdDGN9G
+fZWct3qI0j8n4LFn8Kc2ygR/WbeOZAthBD5Rj8rCceoEMbKmCh43XOJe/0UGybZi
+p3C2HMfkNPPeKZ37Mpwy3ucM3gVjk71fTbi9VXHRvn9SSAjiFQSstKGH23TuP3gj
+wxBMvzOqDZhtmRtzXFV9RAEhs/ryKpZg61OV97tW9wZm8p3tJePKxbmdaa/VHurf
+As8OKzG3x3VR/fUN95uTjchxMSckeAoVuQNCW3z4SI4RO/eA6LhZED03sSe1M1W6
+qCquSGVmkHknb5AqxgrWtINKQOqu/iV+gD+rlzcGjCSrzIKbNbElrE2YRtdvEf+d
+E7hm/zdFwo0Ag/lF8o5s7A+ygTI+3dkwwVuWPTq7JINGApspXDgehIJf7zIKregK
+XnwNr+MvlP9qJm6LrzTrJW6IW8aaJo7vSLg7jKRXcjMOhnkkYag2pvYgeTODARIl
+2LUaH9xcfKQwuo7hXOCOgz3mDzuFNSrqA/8LPKaGASFQCsJ+JWlqQNqMxTxU57RE
+4DyrEezMmUMBGgtf5k5QyrAThx16+zdbJPbkLJ1F4cMHYhDfowRXwNkZNCOqW3zl
+u7fciLynocwD0xwh8z/Fr6wSelVRL8cb7iTc3aEfMSBPGp6GLUcO8wDT8Kg5dQUM
+F+AgxooIUdHqZbwIT25g9hZWhv78hJfUPdRCFzi3LE7owvwyKxinUw5gZ8eqcqrJ
+AAuNRPUJWfbk7q5JuImHIgQltwiCycYRazjwvckJvX3KTsxDOJR44Zkl9cS3AA1r
+abBpI8MDjEIoC8Is+IuXdqX1wyA7fK9w6UUXSqzfd23CNpXZDLH2gV7U4WiMVJjB
++6Vr/j7uRTjUmEQ7H/UuCgQprs/4HD09L6J7rvncs+dq8CGccQG4HLuywBgzQd+N
+6I3WpMtmnflPJAHRMb7Z/XLeed5wAy+GHX2oYnauMdIvBfMiycXtx0U03Dmei8YQ
+ymgR0+AR3tCjKZkWFDcutED1Bs8+uvYx8Quc1CMM3Aoclkov/yMbldwOzMyBY8uY
+9GBSd7HYk7y51ksbOKyusHO43v8vh+Y+jkoOKGYqwCMBRepXhPn6Zi/lhuduITXn
+Jp+CFzzdglaqXNXoBzm0i3BdMrymmHpOOax5WOb3RCePNHau94Ohck+7WizVJd38
+2dhAEPnOyTS4ABhCkV1VkLHvXEFFgGBqHG1oqJxz8UI20jc5NXiaJeHX11/U9Znu
+itcrTBZ3VgLkIXkd4bV1olpXNM33GK0tvOA+pOqeG6kYJiIW9XVILwZcCJTLyFVj
+w31PCbEVD+RDQNw5brCOtTFA2xhnKjqEo5JrBNJbzQvZaPp8W88wuGDGeu6S4q4R
+gAZmcYpUrMfpM2bHk8di/clepLwlT551b6aFfPbuLvgYZbPauJM8Mm/L06P4WXRu
+mow3wA49YZtkBqfUPrGyO9sLMsOFO8T4lYBuqVLQTwFH21q5+fJFDWEtcqoDKwSu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyCACert.pem
new file mode 100644
index 0000000000..0c57da8dda
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 8A B0 4E 26 B4 94 C4 F4 FB 01 1C 89 1E 7A 47 7F 7E F3 90 EE 
+    friendlyName: Basic Self-Issued New Key CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued New Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBEzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJTAjBgNVBAMT
+HEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBLZXkgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC5XNHuGz6iZWNrbQQ+XdMzbP1SPooVGGXGj+rqjwsBJMBd
+apOl0bPLVFAikdp9fDHrH35OtKliNJDYMF8bHIDNAslp4XzXSL5c375aKBwBh45E
+qqMf5Ny3Hx4rD6T8bGgusQfLpkByPW3vXvJdvMVOxBebK86wjlRzqtkJmR8sUFZb
+1LvX2lqPV+kAEMRET7EpvYYsEtWK2v4JxwM3AXn4BO6/q4CZnOkdscQ0s0l6wE81
+TWepi1DQ2gXQdCsRYMT38MhKfUnOC2E3N7YKgR7lvs19p15Zbjzo7yhC+jNvbDdu
+/IpQFYp7Zx5FXN7VVoYnUL9LtVlDRx8lekzidFo7AgMBAAGjfDB6MB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBSg/MAs61XukgZsqR7p
+X1+in2IjlTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEVk+zdazhBmjrFG
+k8gFU/zIFK2usFkMJEJKlrNib05uBQZOb2CImrFQyPnxtBb8ejZRk9d1zlTXQs4G
+6O4k9Z24Pd9zbTq/rponVyu7VmW1vAkNJg+716lTeH1VtuqTuqX63mBkISHRY7Tb
+O/KpL7cla8EfoH/I8iITinQR6c2jbqtUhuiEPsgvLXJg1MRuLY4fjJavcH156FZE
+R3ctID4Ww0uesZfVsV6sIBkw8S/EbCmGxs0aSph4qPIzSa/ay+HWN+gXR3PucFoL
+K8Ryx/7FB2JHAUu52idJF2liIhrEeA0Mneiu+RY1RPUel3t/YIVFtqcFJvVz143U
+M6elH8Y=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8A B0 4E 26 B4 94 C4 F4 FB 01 1C 89 1E 7A 47 7F 7E F3 90 EE 
+    friendlyName: Basic Self-Issued New Key CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1CA182710FD852CF
+
+NoTa0aX1LM2mIEhbAb/Dfvueb+Io0G+kEJcuIV/07hQ09nMvb6azUEYh9T8b5nul
+a+tsYrIba7vB+xqhk595df66YKMay0JwLzBF9zABlRB/XpomHTcyA1cc6r9kclpw
+fyhLMiN6GxW4zJZrq6/UipFIhBHSdYcf7SnqeweaUO+Al0691ieWrDzc6qC781Pm
+gBsvTwOtehUJhd58G+rZAcz8XKKlNKmPedD9Ljoba+pQLe16jTqKLEmYOkqfROng
+nUAp60UhDZiM8ea6VTvQpE+TT/as91msr0daH6II/ztVALFKnYGg+0JMA3XEo1lU
+QTvxpc30u7XCIcPWO3yiyvmkiyQFUFslfuMK4yfM2GVTDNs3q53X/32iiQEjR2B1
+/bHXWCXrJfjTw/R0oSyKZAIRE6oiVnBD+HxmaQPAAOU5yVQMRdPAWEhlmt8iJzsM
+zb2GU32FF6G5P4KPM8e5bQXIv1wOS5OHOJ6FF9UMW2uMa3IgVWR1fvc/r6L3nauV
+BK3QWDfrqWargvW/tYnK+oKKJfbKwl2uUO4uBaENZQDxOptmCMjRi1xcNBnmvPzV
+EJVM+Az3fpL7wEmJJW1rap6DmoLiMC1qNvIIAo23PjUnz0CVbrYlXY3WMHzoSnrA
+aZF63VS0wKdlVQzvX07nbck0XoPAeaU4imj1Uo5DiSeaaHZtI6HjvydDpO00jJ/x
+r6pBphRUZrLyO+qm2X4iM8yZV+Tpx00DdwFxOqCq1nkOOxo6sgmc2SS+p6Bjo/Qw
+PfY48SyXaYPyDYuJNnjiYG69Vn/LxCbUH9iIpOzNNhR5V4L08C9fGsAnCIWD58Gu
+vQFM2eCwJoWpSpO33K8hlrgkODcNW4djbFY59qDNhSeSN2Vek+R7Mxg5s1n+WEb/
+ETMnmZXhar4eazlYlbTyBJC/GP6W7bT+TCSpMmBdEpQ/oaMVanax/gnVB8LFaa0D
+LadAY/fD2jgM7tZS7k2g8c3M07pMjE8Mhv3CJkgalH0Ruzf8wndfqWp0BRw0EKss
+yamMO9RUhCHXdBVdmkgOy49v8BhC+yCd9Jml8s83pGNkqprU36Zz+hZTLYxtouU0
+HeMw3aa5D78CpO/Hr4PN5QxVQMvzvBBG3SQFE8M0Au+u316pIZjUp5qHEJATazFz
+o9ZlAieuN9O21drccNYPBCWssXbV+GtfQxTjngHnqrrJtBhiUyqQOH6FzBmQnjfu
+uZaP5wNeWxdejV7/QQlt4mtNdEztHyKqNe2q4l1FR/VeBCi79uA/uSuazSe4xqoC
+nY1tEpKtQ0u/Z0uu8jjVtNlFskvWUJUikM0o/LOHkk/9DuphqoR2gKXdVsDpA5u4
+SFk7LSdEKnkDCyx7flzoIcyfWFhN6UCkKlmypHpnCRhWEeIRhtwILLUNNU9hBd8W
+80bmUd1bOVzlEHqmzmJA5qlxiBn7Fo6j5zemA5CtiPhduNsecKvdOa4hIzvtuJev
+vUI+qurHN9ep4FVVXzsExW7aLRKEpm9QhNj3N1ubTSic8B++RkrAAzBgQqpnAJxB
+BLWHT6NyCCm/sBAXTwlLr+uasGFbJAOOF+k4ENapkAbrtkQmPG+wfg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyOldWithNewCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyOldWithNewCACert.pem
new file mode 100644
index 0000000000..c04ed686f5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyOldWithNewCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 11 8B BC C3 76 8B 8A 53 89 80 E1 B5 AC 95 25 AB 3F 34 CB 36 
+    friendlyName: Basic Self-Issued New Key OldWithNew CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued New Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued New Key CA
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgTmV3IEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3VlZCBOZXcgS2V5IENBMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuYeWkqqoBSkNp3YdQQ4G+ay
+LFZFCn+bnYVlzzsOkYPtTBLCrGmO4pbRT17KlawJz6BHgKuorO6P3gDDtxyJA4Ia
+i4E3JFxtv496ZacKkj8ktM4GpSPK3e7GioWaGd7lUqS9OYAIJxrphwHE2Vg069r+
+EmwSDZFGl97qxJsEkapd/FfrnYGCmCeIxZix5ulH8+cQbBwZJ3sLCW4S/HYhmYc+
+9yaL3A29enmnPMRtqhqv0yeSugUweimx9BcZ5LmQL3usvWnsvC/OwuuXVt9u9SMF
+NvrM1YNraYPYDCXt5Iin38J/N7tQDoohgbZJ08nBfQk8ki+wSYiu/e5dC2UKlQID
+AQABo3wwejAfBgNVHSMEGDAWgBSg/MAs61XukgZsqR7pX1+in2IjlTAdBgNVHQ4E
+FgQUdnzYZAQ0CU/fcSF0DwwWmzaogtcwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQANwgEHq+Gto3HLdtdiToVQjR+jvcI2oAMSwxwU0eHK1gxXvcT4zZR6i+aq
+Y7wtO+dHmo30QF4AeHGK7k1sYrlg3gbmd2dYKkhDmGO/Jz+Ca+4ekt/6TKgNMaVp
+30vI4wZrWaF0WGgjAhmvnqVn2FJR3QvYODBnLP+FI7wPejWa8zotkGqwfItm0UMF
+0VSKJ9OYB6hdNX01INtZmCdP7oPaH2syEHAmjjrotbQjdX1IQCzUCRoWAY6vs1ig
+pFuraG04tCBR/iqw1FYiASQuYEnlDezh6/g5939WqY4DFdXZDDmPx5P6E8hsLeNN
+1KkYRLxXEMcNVa9szORpOQP16nuU
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 11 8B BC C3 76 8B 8A 53 89 80 E1 B5 AC 95 25 AB 3F 34 CB 36 
+    friendlyName: Basic Self-Issued New Key OldWithNew CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B88FDDABBD002B91
+
+Ye82Wk/TIzdwItiZon6+kZrsjnbUdVdTaw8BxIwYtP5m1nbKHpKCtGzk4kM79iLD
+gqjwSidKu8aaK0on/QJiUvAv/r8PusRTcSuJ/2tXeLAxcPjFjoamHmfJtfW/sx1z
+nahpijCH6qL/GlznyvbokF3Ay6PRWYhcCyc6KBKkJtNs2wLDNV+cwjr/9xjRKmvz
+MbPBfzScPyYHTnKs7OtvVXBCrIw8yX0xkfTOd+o9JVJVoGjwvIofau1jQwbWXOn9
+KBJw0hO+yTd1xHC0YdEIJJcCfkd4m3IMCmREgASTtIyc9aEtNB+5goC2hj31g8yn
+ma77pYegInyt3mzN5idiBq3DfSsj4k1McsllrtJ6ZhThmEkKRw0y1iyXUDJt8HZe
+Mh99A2M0I/kafvqnfkBp50pEfLY5mOw1LlKfYSWncmgtUpnZRTl5mm/gw9x5zVLU
+Fn5xuPo+5fSqf73FTfww9cJ7iB9Q5Ye6B8081KPJYD/0tyBi51+2KEy0iltcNRhi
+Pe8vLKNfMWJYx0FneZWdLg2d9NyfderEZSkFuIjwKGpoRQL0DQoUxqOrKjudDy6V
+eotuDpp1J1iZjxgUejtzTbmH9pxASFAfuhMyaQo5ktDjVVpjABC0Uy2CHMhcJ5CI
+EGb6lVRAnAiYSnH+FKDa3EqYFGEYLMn6bs9eo6htWJF/P1uWPve6ID59Fa/QzHVS
+B/xiiLsy6XmAETsh5kUwvftJ45SXEOBVhfFOGqU0N7aQ8dBWwjUD2CsiKn5IWyw+
+J8H1cerc0jPsB+K8Wj6NO3TbLr/GmeefvxjvKi3GlUApf479L8Mw2SBnUBnPDnmp
+aw95YfWaCs/3DgqOcAfpEXt8stsuZSoLQfYkMfJBJObIcvd6mQChe2/ifFVNtknD
++5DBeKB/+HH3fpTU/57uQQpO7hfLebSVIf7O07ToPOo9FLevTMg5iTcux3NvsfCW
+kVmIOfkT8sPgeeGbqpCHGMRSZB56ZJlogQE7zXjJeSeR2/uTQT3amiRLZDBIxk0V
+sA9tcMNW8re79QjQQnTOjYYrRmrq6Dg6fLLbWWdJZUpAhXBE5J2Qk+BI/8rY0AU5
+VRnjqq5TfURuPPozQhVsQZHBGDNJQUOICeF0ELNn7/PAtNdh0BtqiAfowZx+2Adq
+2nw2CaqaGOdyxbrRC9rYHULA6nrjCGquL9XGWONFjL5qwCyprasYOuE/N3g5dEiF
+I9STgmrTjqR98ydBPo7iORWPWgtmAv/YEywjOahKYWcSaymJMkFMvvyLEaswdR74
+0ETMllJlun83DpRiAiYBcQ3aHN7QEcB//YcVnXAp0Ce9BZKZfU/OqJyMrQVznCjq
+p7nXXcUdw6xolRwumuWdzADiwbs+0WKQbDnQZAIGe9Btl1JhZk5ZUJq9TWjLHdfT
+x3vAy8/PHh1qsY5D16r/If9wlKftSQqABEqKJTkD95dZx6QEvoYb+6S8EPcJsSgI
+p+aMnTcupRxrPMd32SYDkhsCIo3QD3myJvr2r/81cV2jaKusihdSvxD6B4Aw6kjI
+R+9itv+ciAr5D9woo+ty0S+qLx524wd919/UgYhzBlTGhOEntgNVQw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyCACert.pem
new file mode 100644
index 0000000000..13d9b8cad7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C1 21 F7 65 9F 11 1C DC 53 33 E9 C3 7D 17 B2 88 64 29 E6 81 
+    friendlyName: Basic Self-Issued Old Key CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBFDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJTAjBgNVBAMT
+HEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDON/+4hQq8n9yn0+zOChnBhoToiUxpbFbxeXd2nZuipHsT
+I6CihmiMA+KSX2Dmugp79bMcGt2V0q8wpFzH7unuyGj2J46gLJzE59a9CY9K9SaW
+aW3cnQdpY3XpaqvYX/5VNvbC9xNsdM78d3wYQtWGWF4q19orG5zbWkASYmDjiwGR
+inJcWBtZ+wcBiAKjMBIthvuKlr48QCwhda7xETbcd6Ms1xPVJNMF9NHEVcLgpXbl
+4ZEAlsUu9pqT+4re9wzgNrHCGTxzsz5uOHUl/kFhpSaSbEYmqwGnMH0Y0W/okVZX
+/sXUaaGeyEgLeoT/3/WjQte2X1Axbi33LFnm6egPAgMBAAGjfDB6MB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTdDXWNU2gSxMsVQMAU
+hhQWMKG+rzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAI+gcK03dWLaBlfh
+1iFqzeQoN9IffPfdEr45bA0kKELDQ2mhez7xqmZc05p54BJQVCldcZ5L+L8HRuYA
+rDXQxoaahQE6QevQtsvdcoVfixLF5xc4nkizsHCx5foyZlo9l9mkeyBmLQtMn8iN
+UnOkZOhkPxsWrgOLE5F/3y+UAf2vYu9AblcXz0w9UOecDkNrzt/6BB54DzIHYWCZ
+v/CC9cwPpwVOgOAwZ9oUfb3IPDhsolRLFlXKSdZEK2MO3B/ATqrvDm1ndETnPs5N
+PB2K5jXS9ydHxNJhm8SUT10gxOV/WNIqATHZAHxEWL/7wGi3sZVqLdUegxBDV2Ap
+8GR6OMg=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C1 21 F7 65 9F 11 1C DC 53 33 E9 C3 7D 17 B2 88 64 29 E6 81 
+    friendlyName: Basic Self-Issued Old Key CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,686BA42463727BE8
+
+eCspoSk+HBiBPxPw3/jc6CjBbtpzrvvAvUdXwjNr4dVcyUBoApqhs7DvMk9WaHNz
+hvKgkqB3uis+cS7nJqYD75/Fkkm9hNQBj0jSORAlkLdhERMURTLE51Lgfw1U8wX0
+n0jcO+6tQaN3VADG8haui4RRZ01y6pTtYxnN9ry98/WDKgNdkMI76U9o1k6dTXhO
+anSzkbtCL/N/nlTDvcZGdT+PQcHUy1pjYgpfcE6xxC4vNWpgcfMRFtZ7KZHv5QzW
+dexqgBoTP6VMgVUpbpUm26L4sQ0Vs6wpVQrHrHjIo2ZThuIUH8iX8GNreZl/LhIH
+foYNeY2LtWca9+qOZGUNWzFwnXtK6vtfbmQMWYtYg3YxOIlqKbzkbkJufErP4dnL
+6Idfwz7mgw8KfNpvh1VamoHiGZV2FksZazv5N5fsKvuUokK82FvyfY9eIIU6ObRA
+fROowXltBFobm0VGIfjGvRlZrNFFJdkbDTIZLqF01+u2/E5SO92QiZ6N16SmuJxE
+hAEcW/NRFz4b2JhHaYO3dLxtI/QLXhuW0jvMZaRyAB3jTdsVIzT7S4HIOgHnJi/G
+Z3o39Ss/cdGCuejzDfVarPx2CTSmFI5Xy2T20DJkvQU4gKYeZWZarr1UMIUybXPs
+A9aBZHjisoSWe8eevsIH3ywbeP9TUC9OFQy2K8gZ49g4/Is9ETMz+FpuqVXIqDLl
+gm7nVFX5nNDEvnzHcJKa0Sor28I8mI6a7Fr8/6eXjWkJdn9xWoMTiqnFiZ7+6kmK
+hIJ457ZLJ1LVwD3vHA9xtZTv6S0CiaJp+qUpTT94WuZm+bE6/10h15JHTWIR1Cz8
+z4lAI7EDNMoeso2Z9F9UvhLnfcwRqsZ2DqSlYv+DBPH/3GaEk1CbLhMc+CFoiSJ1
+YAs6utmbPxqDRuKnvBrlLUGdFuIepzcCWv6z/IH/gCcnrmE8domcnQQHAm+nNQWa
+0K/XX1uPjhdMaq/vsj1LT8Lx2atmVFVEHTRJTPlPB0Pn8ySmgutIqn1+7JrWBwqF
+oNX1aTDg6tOm5Au3CD4Pn0kQYuR3aQouc+QHBjlDoMXfQAEThnZTPpkUEqFWmkCD
+yQh1ptEbp4OLDasG/4ZSqW+8hisy6KBw94vnuDihyipEjXCcNyl7OuiaLnaoqlpC
+2f3uAdWPl1SiQmqdpvNeTAa13P7ZhZM9bhY4+5ihczRv0OTMYevfjpNJWfdG7cI9
+8MKRMsGL4SmlZHAhQnalvjrH5+5xO3u2Jpne2rwe5kAqx0tXKfVCIQo/gXfCg3Rj
+qgGizdk3DebGq0NPSju+iaqhcXGTz6nkpGrIoUYq72RBQ7zDN4xN5x6ujeCMHCHG
+vXrk9M+QMzWy8IPKjpWVSWwA8OMLAq8UeN3xlvMxpeDsY3j8PQ41mjyXTzi1xGxB
+jmFj0AiC5VFEds/UA5RRU74QYpjD6I9ugIj1nZgsF03k2nPo9736UNt0vsc1HQrI
+GyTU+JI/eT2lAT6jSW2LFkRf3QtNOqhdQfLx2qHZxmUpkeFf5SkBUWixNPsEm1kM
+V4SsRP8ofaSV/ek6/mSw9E2sJ1dDXVeToBEsSpa6hv3mDGxXunJDgg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyNewWithOldCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyNewWithOldCACert.pem
new file mode 100644
index 0000000000..25358166c3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyNewWithOldCACert.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 8A 32 06 AC 0D 6B 5A F8 27 70 A5 01 B0 CF FE DF B4 D7 33 5C 
+    friendlyName: Basic Self-Issued Old Key NewWithOld CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+-----BEGIN CERTIFICATE-----
+MIIEJzCCAw+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgT2xkIEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3VlZCBPbGQgS2V5IENBMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnBPMPPNq8WIRK88icq0J2qG
+OEExybgfxxPFyBcrFCWbj0inqiig0WPqiSCrcW4ZT6VZISTr6QCAl1dLOcVbuQee
+RAb0cAmOQjJi0uwwJbU0x7v/SXnDVRLsfSVEr/MidweYBGypXZGAKgkdc970LaZG
+929yh9RUliQ5BCSskTfrigH49LEgGBAW3apYmxtEMQb/ut/RcDXHKd7737AGlOAt
+b8X8scwNro1xtAg65ZAZC/QJUtSb/M8RuwWFoR5MJJPJIIqseUnWEfdJkbD847eJ
+GdqXrOG1mg7sbrV7ZP15aGoDPQBxaMMfIZfHcHUGqTQ3IiGzC7yr69PtEN9ZCQID
+AQABo4IBADCB/TAfBgNVHSMEGDAWgBTdDXWNU2gSxMsVQMAUhhQWMKG+rzAdBgNV
+HQ4EFgQUiF++PzU5ZprrTcImGyaxKie1CCowDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MIGABgNVHR8EeTB3
+MHWgc6BxpG8wbTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExPTA7BgNVBAMTNFNlbGYtSXNzdWVkIENlcnQgRFAgZm9yIEJhc2lj
+IFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwDQYJKoZIhvcNAQELBQADggEBAGstwlRN
+EPUE3/8XGiiovpDxI2IFDQui4YhbkoxuY0Cn99tG6XeAnO2RNmERe02iTqDTM+dQ
+VRBNkmCSN4doDsi8/14pFeoDz4KSwQeV8H1bFZn+BPHs3E1rCiZOxNSPsgPseReT
+F/FkVyLsChKEJpPC+mCFB6DUUAaoun3EMFKFZzL0BqAHOnQPWj5mff1XKth0CyPD
+4KLl/n+n/IXyMPftmCDaFpvC3QcYDll2jnSXB7VVcipEcSJbzbCRKU0WEEYl7cd+
+agEmeuwWa3KldkWU2hZ5iiGxPPrZOzemyRRu1a2bWARcGJIrnZaJHiDrPmRZmYNX
+VIztjeAlYFC/hDU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8A 32 06 AC 0D 6B 5A F8 27 70 A5 01 B0 CF FE DF B4 D7 33 5C 
+    friendlyName: Basic Self-Issued Old Key NewWithOld CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EE464B14C12B703D
+
+kPOe+CWFp+pW4sWunL4ROXcBMn2cNwjylW9O5KugAhvwh8zRntaVyltp/JQTz5ly
+zVIeTOsdWkaOq0sT1gAXqBQ8ZAsHFPFxuxYGMLHZaIllbgZh9DV0AV9NjmDpsCJv
+eqTg/uvwLY1qbMF6qkiaM6pHxglhF0sgkZBhmJGXTkoyuoB+PpBtm5E4to22ks/s
+WkPKFgOt9qX5Pe8qEYfCxvnZ0mfg+iyQFPLMgTH+NaOzvGoQl0KrsNDCiuWEFswA
+2Y0mJ7y+dVkeaYyIy6XSjymvWF9vMuqozC5jpbc1OloAtdCNClsPJ3sD75Jz/+Rd
+TMxgamq9oeB6OZrLK2Ep25uBF7NsHxgidcoBLdxck1LlJD90vs/9+dockrwfFScj
+FSfU9O9Tkg3+m5oYchI2jeIQuscVGJHKxd7/j6sBEhJyYiZzQsbMqhZjNGuYZxBm
+wDih9bawzIdu7GGE63bu58gdYrEFuU2/DNUuu7OcGn106TYiEkQZC2yMIud5lOYe
+Vt/m9t8iBxZBDXRWqer+YCcYvsN5fRDmtAKbJe3Josi0RRpCcEL0+J8PcSbA51yE
+q94iEPWIA5gAuROzDs8BzUxqefMVh2jfMCmnmCT7/TSQsTaYs2lm3MuUg2MDEN4W
+xe5Tv4JHIvx6bx+wfU+Qt31MGoVEhhdtLCUlJVkbv0rwLZWbllmBPVlqkBBMFP9V
+CPQN+ujEpFH9v76uBnYf66bQYcMYcnRC5ZAgI3aEgG1sCdTL6WIewqaSBhV2rzeR
+ZG0THu/a68IuQ4RFmNOBxYBSV0U5j3qTgQWNtritn9yA2sJBqtYrxeJBOaLGvs/G
+70VVNv7JH7VfY2BpefcmixoyOUHegj6/y1kTy2PAnchF+uW/MndqdgZQwBp2WqWI
+yYAXyqteQedhXKPAIkSqhkXuRTzFmNs+0ePk0ai6D3Emjujx+9JPu/onex6ft+lm
+4tctQL3O7m3TMqhJ4epyWHOeinIu7794NBH8BM1eCJg+Hnmfy9eHGhcmBUH3FBR/
+cuENsrlPAhZrZ55P0vIMq4CL8sImcDKmjDuf1HNftTLRfu1ujq9VISwV5jIGWm2v
+zNG+E+H9oDWOwVWihVn7RW8pOQnsy3JS0dMw5JTUHl3096uZvfy4P9sFicKRrFm7
+AaH1266VcV9dcmVwIKy5QUYiXdAQoY8AGzLBbMqo+ItjNrvyiFYeAjRZevBLnyhk
+vFHK+L3V3IcHgag2Y+ELzLXu1vrKYKA5b1jJGvYsCZACgDFJjlIg1uwbPZAwb65/
+50+7UFjhiC9DnrW73d6LnsmsronNhUqUMmQbt3+U5b97+5EOdrHl33DiAEE5oWYt
+4BWaKJ/aEPIKTFAVKdm1N6G83CinQDnpYTMWIVNt5+m1MVm+eyEi1j4pXI6JxePG
+3cK+1Byg4y8dQJDRMdbUfeYqjCgSMT4L2th14w6bDmy128TEqXo2K3Rv9qvgr11o
+rl1uyVR3pVbMTU/X5qdk1W36JaUqdByX3jyXjdApecfKMCXccwWI2gl/V9MmLZ8d
+tg4dAMfeLNZHpQJ5cYSH/OXLCmjEkqGlOUTkbUUxa6s42ENKBGE21/Ti9e/XMOa+
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20.pem
deleted file mode 100644
index bd06526d83..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20.pem
+++ /dev/null
@@ -1,120 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=CPS Pointer Qualifier EE Certificate Test20
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICuTCCAiKgAwIBAgIBFTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK0NQUyBQb2ludGVyIFF1
-YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjAwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAMoJaBG/FNuQhA4cgeiGiLpg79tevgtM1J+7DRztxWNGR1ETJ2fT
-76YKUm8p81GifGLyp0GPixlRYrORVU04fWNYnx8Zf7rkoCPeVEDinuLDtIrrENam
-41t/iHh8pI2pzuA+AUUT9MOXDyVHFx+hGhjOseGtcUIJB0h641auD/XtAgMBAAGj
-gagwgaUwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYE
-FMLcmlwicNMKSIWer8jYAJSooOpzMA4GA1UdDwEB/wQEAwIE8DBTBgNVHSAETDBK
-MEgGCmCGSAFlAwIBMAEwOjA4BggrBgEFBQcCARYsaHR0cDovL2NzcmMubmlzdC5n
-b3YvY3Nvci9wa2lyZWcuaHRtI3BraXRlc3QwDQYJKoZIhvcNAQEFBQADgYEAfDo9
-XQCL4ynO7TfTvX9MENaHI304AZw1YU+SP2zkPuDd4HxsI1FK04q1NbIaJ+TOVfk3
-Fke0kNKWelXWa4JcqZ8eg1RxzRsqB47a0IdMOcVwwjKNI5U9KkHRvHjCBMip0wjU
-j6Qw2ktcJRAOZf2zsNks/lq7d2+7udwTCiASQ84=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20EE.pem
new file mode 100644
index 0000000000..88d531697b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 10 DB EA EB 83 D9 52 B0 6E 6B FB F7 D3 A1 04 D5 B2 47 49 0F 
+    friendlyName: CPS Pointer Qualifier Test20 EE
+subject=/C=US/O=Test Certificates 2011/CN=CPS Pointer Qualifier EE Certificate Test20
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBFTANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGQxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTQwMgYDVQQDEytDUFMg
+UG9pbnRlciBRdWFsaWZpZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDIwMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhW1cwuWNSLDxdyrOixpJM40XwVpspuF
+pFGa73TiwQs58B/3i6tfcGygyAAmZHYGoVKjIq5LvPbirMTnCYQ4AtPQwji0AuQN
+KmCwSAAjY8WPT73mSvAEpv1C6vhWq/PYcNbHq1PHstsD+V3dXc/sLvBXAXPFEbD+
+nyhBpIReB+efZ+fcLDRg34th2GezPq07Q7OsROHL+35JDqtMTPibpsNSSMETa8B/
+5wW0j9PxpQqufx0sVPpSXtrcK7tn0dlhhwW6UnDfOQn1XwFqmYG/UQ7fKU/uIH1a
+VQTAA7GnemZ4W0XFZwoccOOiDapNmlMfMIs4JhlkpUd1uTinDGCzPwIDAQABo4HP
+MIHMMB8GA1UdIwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJMB0GA1UdDgQWBBTu
+QtAPWnapZlaIwYeYrcROSL3D4zAOBgNVHQ8BAf8EBAMCBPAwegYDVR0gBHMwcTBv
+BgpghkgBZQMCATABMGEwXwYIKwYBBQUHAgEWU2h0dHA6Ly9jc3JjLm5pc3QuZ292
+L2dyb3Vwcy9TVC9jcnlwdG9fYXBwc19pbmZyYS9jc29yL3BraV9yZWdpc3RyYXRp
+b24uaHRtbCNQS0lUZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQBqPx9Nphzkn+AqwLQC
+tz30JaETh2kPhqKYjS7nUwbHzXz/zxeTrbQ7fRy6UGa8c1hyUtnekKZ7Y8T/cNAv
+ltT+mxWtye/58YbSBSu+RdTJmJZIXbr7ZHFDwZC6gcMwvIuOe5nGRom6Yxthmciz
+rCQ7m6H0VqkwZLMc2rKPKw9t2MmkUMHgxCIyh+Fa0x7jvkbe4cUP/7+CRr9tT7m+
+Lh/94RYNQ16zIN/GCZnH9s4sjQLnOiGMQ41fa9zKngazpS4fMrxXPGc+NgFjVrk6
+qZ+NRavzckQPEGoIZrR+8i4GFxfjFzTD+rGUiKHb/LO+n/+GKJhc3EhyIuHulRV4
+eB2G
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 10 DB EA EB 83 D9 52 B0 6E 6B FB F7 D3 A1 04 D5 B2 47 49 0F 
+    friendlyName: CPS Pointer Qualifier Test20 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7280BC01FA9C2DEF
+
+hO0TJe62lPeI7f8ZwXJ6u89ylbiT79g54Mbri0gQDYk1oAZDn+7JkkNOwsZyI7Bw
+mdPQYqnSaWYkIZXCqm/vuQuWpO58SgxqLoL9PfAkG9M0I8FpEmI4BaXrv9m30Kkx
+1d52XSE3h6d9LdJ51qXsxgSngM7tUaKo/6mk3u/MLdfhETfqB19Q19wLR2yoeYsn
+SaizInE9STM6yswayHOrlrhVDGDtbRi7gavaxaM6WgQ/8P98JwrcZ+IK+4K/kdkl
+KhhOZsyZYrJ19HlWccv0Vxn/rX/K+2Ddu8MLr/g79E7Q8k6TAcS1ExAhmMtqXVlR
+oF3fGa96Ai3cjehUgIrgsx/lKjB9bMTV0m7Nvzlfr5ERuaEHR/Xr7jl+rpAU3jPc
+7gAThCQe90xFzOnNhFhw7xcAPMZX4NFtED6LXt0sEV/NbBxVcHBeYaLBZRXi7dNu
+PggRhqAA19Sl7DDyf+VFAdlVTbHRllU4SMsW/2xbicM0SzVrjs1h47n4SiJZzR1n
+RXZ5WY11ADHUyep74Ba+wgZJASPj0t2/gjRg8FCmUq+sAy8oAo95Khkm1rx/wOBA
+gINsYtfVql7Rj7Nnh1e6W28Mml1o4xrjYzLcqHWTqnt3NH1xHSPm51PKKUnb74qT
+JzgXbABQ4u1JTKMmlxPPUBnKLswap3fdazvr5rlNiKN+tW4qEj4JLNtib2NpLExn
+aceBVaH2G5IuuUGAachdvEGO61ZC+lXHEarffCsQD7xAt0w3zu4nYs4FTudtdn3X
+iVFqC+a9fPPR93YfHB+m6pD3LfTeP2IVGhSAIS5C9OV7iHqR/Hzzt+kitaQxjj4S
+dZpKFh3w1G5hbkfyHII0AWWPgIKJyOEz+9pJVsIogXRC9elZIFwAcDPr/ugoiErL
+hVWKxgbQe9KkPEnEogrU3zcAlqTPiDIHWSqZ7nEdImBDR0LF9yAXBEy0tyPynNHU
+vqR0vjp372HN3CyH1huszkJ6l58qiU8JnOBS8xjnwnE+aZR1zPVuLFyqYmUxwhFd
+rR8LCCR6k1JhKFgZoGDYEqRmFB78pKajK8YoZlF/7oYAfjVh8bygHMYuFIXl2+BX
+lyHOmGUGawsW3VuHMWM6nprLckqt3EA7faG5ifXYvYUy2REqzfUaRocHHm3sNs8V
+vhkSDakppHozbUyfnqU4GWkp5xI8rPHRyoKl14RRsVd2vphVTACoACXLzZNh0u2C
+iX5dXJ4wQdoecDKtF0mgtRqjJ14ps8pBVFk5wA2oZGUO6t89cdKdYNGW2o+agmep
+u5xAh9rhPd5tWSoyzydM1jBfKcGGa9RyqoHe6YYjfpYdGnI+gHsm+qr21FaT2CAt
+hVB4pygAoB6l9uFXsPbm4QMRTPwloquHOHJUUN5bEjxhcQR79T5qPtYxSEWzRxda
+Eb6qiD0x143h94j7PAV5uC750Vr5abQqMpqwfV7Q6JgNBvhqw3CLN91G/1YBZ+e5
+2gxfSR3a8T0ExkFEtYjB1XCs62jnujUcqrEWYuiE6lmxUidXyIyw5FQHwmIPPFq2
+axismUOyMVjarITj+KlE30ZLrolKzgkQMpC0vwjMJYlIhdPZY65UXX8T+n/wqSQ4
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSACACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSACACert.pem
new file mode 100644
index 0000000000..b6eb97d8bc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSACACert.pem
@@ -0,0 +1,48 @@
+Bag Attributes
+    localKeyID: 6D FE 06 FE 1E 1C B9 70 5C 82 34 BE 5A E9 49 2C 2D E1 99 AF 
+    friendlyName: DSA CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=DSA CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIEETCCAvmgAwIBAgICB9EwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDFRydXN0
+IEFuY2hvcjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMD8xCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMQ8wDQYDVQQD
+EwZEU0EgQ0EwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA3+URPtrptm4Q1uqd4p06
+sEe9RADHVsjMbtAzhFZHNT32VMjjwq27unXzLzMMpvkx7Gfj5Zlt/CluqleIcjTi
+jgCQ4KOsZI7A9jwdj7TISkgwXn+qnHYmC9sTczODl8DFs+Y39T7/FQ3UoS66Mfir
+h9gLzHeYQm6sk5jCvS57NAsCFQDPBgTY/4vrAOn2XAeWc/2WZTovBwKBgQDM4Xyw
+zpJfY+w4u0S63ZI0tl6+ZXvYcXcEnexmfDsEzrbzUv4PklUC704Sq12aLi9uVvNw
+7GrtmyK4qBPLDJwW6sEKjiEmRKUM+aDsYuBwMcxo9QuFpEobbnn0wfk2WjhvTu+E
+U99n/cz3WWKPnJzNEI9cpA+ctwfsYPO+r345mAOBhAACgYAm8r68RrnkebglcwaR
+1iwnDKicj8nv2gXOXfK9O7sigjC4yPmhGy9h5RrMWu/BS88O0U+nfGtn37ap9xYy
+cmH0x6ionWK0gfjwiP274z1r27bbXVQ6hbaP9z1vizdHHPPNiP1sRFJMWBSKt5SO
+cfWhPir+cD8ln0CrcSVAm6e5x6N8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+
+dbZlp9ldqGYwHQYDVR0OBBYEFI+Qxox06HsMyFnHfTxbVFlgJQuxMA4GA1UdDwEB
+/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAGE4aQgafVYNodDWs4oastLldKjYFnOlegU3B
+iKKfHJTPRF7ibMpIEx26666j+8r/yAo3mdO3AjjEcRYpY861CTnwXFbwvkZ+LDCm
+oWVRj4E7yElt9B6VlL0kkKGvsQsuVTOF6wBApuBRezet6egoy/tlnvhy/BIzEWpd
+2O1Id4Ty8p52hujNqVLWS4WV0zObdvNc9hv028L/hcuXPKFsSUBZLxdAezJqu5Lp
+SS5XKS8jW7qkkzMqnlj5JwZlZ/MkbR74zHzr2YYf4N4oH4LjlQLaTMeoul/Gx4c1
+4baQloxKPHAS6pZgSLW4Q2FEGJMAz8CXT3sFjrX3m+H4V/u1UA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6D FE 06 FE 1E 1C B9 70 5C 82 34 BE 5A E9 49 2C 2D E1 99 AF 
+    friendlyName: DSA CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FF088FBCDF515038
+
+0/MfMzElgraRX9os51FaeJdcx6A9jjAzUNa5OUxtrvUKd6DzckyDweCe1boFF/hF
+29DeFyqQZPiHcRA1/hKgGaXhOD469xGlbcdBEVfP+uhdknwihEer+llPlZBndbQx
+ue6w3urDVOI6bU/YkQtFIGah8FCvviPVK08/6HFHqn47+S1cyqaZwGUpwKqDFqI3
+mwujq3jFLs5iqb9q6pBybrxQ8Dq9rYyxM9LW15PjU2qev4e18vK3zhyY4l61xPqr
+m/9PWTvt10OFsusjOnQFsrnhGmKfAYBVlFZMGjJOkmGuuWr2GCdAih0r0rpys2hF
+5G2HvFB1fUbYz0YNnsR+HmGel7FkLlhkVwLmKE/shXGKaLOKEM5A1VxfHAyl/4Xw
+d7ytkUScDWJ1Q0MOZRI8NZXCPagVUFwxYy0GyrSqSyKJS+nlIGSDuokuUYNBEDYT
+5eYamXAS6QvyK71nQa9/+8LTqoWblvUITYlXgfABxiNQklxjc1PfOfihqeLHuMyz
+j+JwpUK+OVAXkyo7jY6AgjQFehk1ce/2VQtVkvo/KZKw8q1z+4p/WNeeMUbXe+H3
+Ni9y/gecu4oNjYZK1ZQIlm+ucDFs6J4e
+-----END DSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSAParametersInheritedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSAParametersInheritedCACert.pem
new file mode 100644
index 0000000000..eb0e3f5a1b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSAParametersInheritedCACert.pem
@@ -0,0 +1,38 @@
+Bag Attributes
+    localKeyID: 17 40 D3 E7 90 C7 A5 D9 5D 9E C7 97 9F FC AB DD 19 CC 36 F7 
+    friendlyName: DSA Parameters Inherited CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=DSA Parameters Inherited CA
+issuer=/C=US/O=Test Certificates 2011/CN=DSA CA
+-----BEGIN CERTIFICATE-----
+MIICHjCCAd2gAwIBAgIBAjAJBgcqhkjOOAQDMD8xCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMQ8wDQYDVQQDEwZEU0EgQ0EwHhcN
+MTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBUMQswCQYDVQQGEwJVUzEfMB0G
+A1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbRFNBIFBhcmFt
+ZXRlcnMgSW5oZXJpdGVkIENBMIGSMAkGByqGSM44BAEDgYQAAoGAdC9PddCBVyNv
+LWZjkNFCIMtDn07i9ToU0tjH6t3zsh6BmmEQQAmyelHzZvk2I3BU6OlmepSlsfQb
+MRhWXb+KGRZHkWCq+Y1FXAJLf2ezAvaPbRS5zWSQ3QyIx8RLEtG4vjKgn7lKhDPD
+q7ZCS0sy7Sk9B/gHfqL32KJWU3EqU3ujfDB6MB8GA1UdIwQYMBaAFI+Qxox06HsM
+yFnHfTxbVFlgJQuxMB0GA1UdDgQWBBRlgZ9wOoyt9kMdyOePVY7oS9uH4jAOBgNV
+HQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQF
+MAMBAf8wCQYHKoZIzjgEAwMwADAtAhRH8JjJuwWpgsURK3pfyRHlg5C32QIVAJPh
+C76tJQgAB4hw38NZTyKc6tQP
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 17 40 D3 E7 90 C7 A5 D9 5D 9E C7 97 9F FC AB DD 19 CC 36 F7 
+    friendlyName: DSA Parameters Inherited CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4582A07BDBECD705
+
+pDmXrWFfJ+/o5nvbPDvx4ixcy5zuqvwYuAIkUqfl0KbsgtnEtnbmx/Nx0PnELeTF
+CsC9BXd0ojXHd5kV/xp8iU0IT3YoKl7OZ2wzm2rKQ3EA4GhKLlJGcVjpTX1Xu78s
+Yl2qUhl/Y9UCfT8bltXeLxT3A2qJAkiGE2UC0BKz7ZRjVWeus8eSw6mjtuZxquqr
+vAwC1ridF+Xg/ENgv+NpxqXvN8alKjiBdI2t+hjyKsYjEjf+fCX8XXObLmpRru8s
+MZdn/Zxi6FODJE6lm1no+k7zc9Em+MQ3ZCcdy9ebI4ibFCf1uCzzOR+SOGUe+6Hh
+1vX9wch8GYLaCg4nZDj+TI1YxcxVP0lKhRJrvUaeiGBd61s9iqwpctGvLFGGG7zw
+eEpWnrecPtXrqAadYyK7y1SFABf9rxiyBz8VsXgeDnXK4LbK0ftkA71neFi+dXM8
+AewSr0h+K5isEQrUneGwRGohVuedL/W3PnEZEHMg20ixOm4oPBO4EpoBbb0oJVg2
++wfMFUnyil66xR3YI3uAZjh17TbFYhvx+jb5+5YF9GucBsbZxgEt9bkwHJpmjss5
+YSuS69n7MCK69o1y3cW3MA==
+-----END DSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12.pem
deleted file mode 100644
index 4084a4851c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test12
-issuer=/C=US/O=Test Certificates/CN=Policies P3 CA
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDlBvbGljaWVzIFAz
-IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTEwLwYDVQQDEyhEaWZmZXJl
-bnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDEyMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCyCzdT70A8+vsLoViq8TWIYg7Eta6CLxVYgGuIT/jHnsK+
-+FbOsG9GIxdLYhdZrrlKG4cAlkpS/6K9L23KfQGiNNjQ4LaWC/geLyNeOOOrnXBk
-nMhffhtlQ4PzTnEtjtr0fUr5iNZtCZpTUSQKxvZfEL8s8HUbsiPagLV9TwXO3QID
-AQABo2swaTAfBgNVHSMEGDAWgBSOvWaPjlVlz1HkWabJKh5iv/elvDAdBgNVHQ4E
-FgQUgYdlKg2WZsyn5n9xnCVxsVRQwz4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwBDANBgkqhkiG9w0BAQUFAAOBgQA+sKsTmg7nH6jqpWTD
-0+ku3zH37P/CeNynrYlFtFA/3QZZNSeBUtmPEgSANp/iYSgpIOeqcUR+vJZhsIXT
-+0wX4SS7+hy3sHAuDmSZ7d4XXowNWmfn2MElY7INaPvTzjRY3+XIeTfMK43LglF5
-sftSt0FIy+7QSZiQwKIX35Hdig==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBJzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEXMBUGA1UEAxMOUG9saWNpZXMg
-UDMgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKzB4tlymiLVW8a6Ps0y
-porV4ZwLRY6O21qBHaMeOvMroSc49aMMmsNM5Hq1c37ETR2NROBT065S3xFyQT58
-Q+6gu30masLdypu0ewe1f4waXVKzrOrXleRrha2wyu33duzC9XoU5rLxLJUrPXjd
-F7bYw/NIHmdKb2gKdGDD5ZhlAgMBAAGjgYswgYgwHwYDVR0jBBgwFoAU+2zULYGe
-yid6ng2wPOqavIf/SeowHQYDVR0OBBYEFI69Zo+OVWXPUeRZpskqHmK/96W8MA4G
-A1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/
-BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAGIeHrFlfEpz
-33KeWUQrArkcbXi4ONGl0zsMAelL8FjVyZJqVjBi4/z+31K608b9FleH0H4QlO1V
-pADcQhn+/9ChWXCvHtSUuBsIPFO3WWIdgYTtmSAqxsEq3uwQIR3ku8NoMpgiak6B
-EdVSLx709Z1oHVmuqVn1fYV/0968h9fo
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8E:BD:66:8F:8E:55:65:CF:51:E4:59:A6:C9:2A:1E:62:BF:F7:A5:BC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        70:a1:09:11:c0:05:80:09:b9:cb:96:bd:30:59:49:1e:07:57:
-        d3:9b:e2:f1:41:3f:f5:f1:d7:90:67:ab:db:81:2f:1f:b6:6d:
-        b4:e5:45:ba:94:55:25:9c:e1:11:06:71:a3:dc:ed:1f:6d:eb:
-        91:33:7f:7d:1f:40:2e:1c:84:1a:c2:45:8a:26:ed:0c:a5:6f:
-        1c:00:50:99:fd:7b:d1:3a:cf:a0:1a:da:0c:f0:7a:9a:4e:b5:
-        f1:fb:90:9b:ab:54:57:1d:55:ab:b7:c3:a6:c4:27:e9:c8:6b:
-        83:28:68:cc:9e:0b:f0:99:7e:0a:f5:f2:ca:35:28:7b:78:59:
-        7c:88
------BEGIN X509 CRL-----
-MIIBOzCBpQIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDlBvbGljaWVzIFAzIENBFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBSOvWaP
-jlVlz1HkWabJKh5iv/elvDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQBw
-oQkRwAWACbnLlr0wWUkeB1fTm+LxQT/18deQZ6vbgS8ftm205UW6lFUlnOERBnGj
-3O0fbeuRM399H0AuHIQawkWKJu0MpW8cAFCZ/XvROs+gGtoM8HqaTrXx+5Cbq1RX
-HVWrt8OmxCfpyGuDKGjMngvwmX4K9fLKNSh7eFl8iA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12EE.pem
new file mode 100644
index 0000000000..9f256c30ff
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 00 D8 F9 29 B3 56 E8 17 FD 7D D0 C2 BC 92 05 FD 79 AA 2B A9 
+    friendlyName: Different Policies Test12 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P3 CA
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIBATANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEXMBUGA1UEAxMOUG9saWNp
+ZXMgUDMgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBhMQswCQYD
+VQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTExMC8GA1UE
+AxMoRGlmZmVyZW50IFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3QxMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPN0T7wjQBhGUgt53voETJXwpFYH
+7LSwR966p1DkDY/sTYGE7D/xxxxrz8FP0BPUvcAncfBKwBkEJ0ioEc7Wjgz9vnaJ
+o+tzJxiC3Ez1aRXEcEUNCYybApVy4hWAoKBqFp3sSZJjrZ97hzYkihCJEkTewMDg
+nE7Ru8WTt1JjSaplKZ5OajYdhdLGvESIOpFGMEbA4RlptpHeUjN8TU5a2E18vHfP
+yOs5tZzD3H9ZnmdKosn6RswkMO2W7gMO+nmvo4BfDnpmXgwMzBzDVoS+rW7MGVwP
+eMNNVz7h9UYlBYhRDSceAjF8DThevpzMAYfr4+g1lmdxmVT0ATXZ1OYl6FECAwEA
+AaNrMGkwHwYDVR0jBBgwFoAU2AWrLKCLw5Lcxq1qP7/zxpjl3P0wHQYDVR0OBBYE
+FMNvgVWsNk7EWKBgwL8ilshd+5PVMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAQwDQYJKoZIhvcNAQELBQADggEBAKMG4iNWYroyty8c3qaz
+37GdWGbiDQEhIQ6xJqxykoNZoi7D+ixkbH4OxT3pGB407ig84zH6rSHTgUrGh+gZ
+nrNWzDJY1qUc6NDcmH4VkoX0XpGoxqcWe3F9WV9HA1ZHY24Oa9wPTg3Srjdg9V7/
+eMe8KiObAMGy19rgrmiPX1NrhsYL+E79qfp9UpjwrSr4YWwQo8vzxwFxClAdFbK0
+eeNxr8/kn4+9Q8+z2R9L7NMpKU4nSsZdozcJBqPsmRRKDjbBxKQg1defVscbp0Wk
+i8eOL7EJYT0oljx5QMQ1o3HUDzsYGQ84MfJ7fCkLcT2kQpRR9cF743q0CZMYl4JA
+XTo=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 00 D8 F9 29 B3 56 E8 17 FD 7D D0 C2 BC 92 05 FD 79 AA 2B A9 
+    friendlyName: Different Policies Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DBA3E0F11E927D17
+
+eYd1nqpaoKS3dlDv+Ge3fOtBToNio0qP5xYCCdtWRoW6cBAMGLAeU6fA+225MCD/
+cc4sDMIs+17o8sGH+CHZosLY/MJyEnM/uZELt1VbQ7vKvvz2Umkotv5HEoyk/BWX
+BK0iWlYwL6rzYZMKssKczdCpSnUB06lKAx54LsIm2Zvjk96FkD2uDyDyvq8qVzCH
+ssyjbWiybrlYVIJsqW3Q/5SnEBv+GJ6kVqPEhfILLzSgJS9mL+DdINawWTL0IIJU
+eYjxfz+McHYGP7EYyVNUpCoUmv5kojy9b93gAXXiXpskseBC7Smxiw6SSupWVcDG
+Sv8+3gIRW0P2emzaLBUf5z5y6o6++s7NMFIieMiRk/BXr9jjjXyQjmfXNb/YxHFw
+9RSn3wou5v7z6dLjgAmMiTaQdkAhsXBp+Lyg5l2Sy25K4b2TEN9WFb4VKZzg4vM8
+GdUpxlcaOQoPfSGdzqq3D9SPyzGBpflkPv3isJo3P7EL6B9fPXC6ZG7AlTWAsUIL
+v7JJvtbe02P/mVObkqINnYztAsbQT0goDA2l09Lv4QlqC0qDFv755kLCoZiUABS8
+gs6+OUmouBrog2YmmHk/WWTrzdqq1yIXSiZNztTkgkcVc76OfpspeOt2B4FEFlAj
+Vpr42EPjVYlfxUr10Eotv5UsKmpYo0bxJvH7HZMC8JOC93mw7IuLRqsIncRov+Z3
+3OkYFM1NCxSMWi9csQM03EG6gs0jG8ofeWryySKfTy5oGYDO19YrYw1/v3Ydmyj0
+0xY9oz5eoQEFjsaikfcAKJMLlfg4G8HNJsrl6WFSXxqtKn8mP+dHU9QNHLOpU48x
+t//Yw6yrRg0KajrxmCCQLhyk/qmfTYV0RBmpPtcQGPGznY+Xfro78q1gpKKkjwmC
+scxb3SHnMAZ2m3w/szPxjnKHsT8URkrYga69McNgNUtupckDrQqaIvRciIap44Oy
+pw1YBuj4YVUlsy5JjSIXuFDHts/bF4lbwgvYb9fwEaUmU94INnyaIccbxuXHB0Np
+1uFHo0Trjr4uNpWrbdk4V0SfpU9wTF/pztciVIIfjItjJJM/HWUZrvilKl6LbmA7
+OxV0S6BkO+elzNOD7GTuGvNytta3GSD74rfy2ybIFSzOU/o0AMANCfk3HHEMHJoK
+QhnC3a0P2QaPF3y7IpCNDtYd4MgQjYjO0f2IZCbbnGc8Dz8e8qV05uHaA6A8VnWT
+oAFJXrfGrGHCa6JfjQensBph7R0gi8aMSlde+MWgVuCsegHe4hwWHNR6dfuVA66z
+zp96xLgpe5nhYKheXsbNfGaa5mpfr6LqPPfgl2Ea9/IVO0QPVLsLLIrPc2mAU6Hw
+Zch6w6ncqE//Rba48b5/t/21gZhVGD5W5lrP3CDPd0qX5Y6FivVEFZIYdaMIzW74
+fdJtdoXrY0X8TqsLqWXQSyCn8hndq/QasfLBXcBHEjA/lwZ9xsaGuH5egnSDaV1M
+sTxWTAxywse94eFTxopJ4dkQ/i5gMHfEiRvsKOrgbjVVl7dMwUgg2+aIIVojxbKK
+LdITZTwfoqtKRYl1o3xsy2i7CV/ptgC1/EvL/UU5MA+kyGcBBTc9q/Hq1o/Icsp8
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3.pem
deleted file mode 100644
index 81624cdd69..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3.pem
+++ /dev/null
@@ -1,170 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P2 subCA
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBEDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBFMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAyIHN1
-YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFuj/BeKqm7wDc+UMIp7Qh
-eY7RqfB/VGqZuKUb5UNpLiXT37UrhteMqYSqBkd76l1qvhhBwRPJt9Nq2tf5slrS
-NJOAnUfF0McB9RUJMGhkITa9As3KZy0u31hre09MUaacltcuJx4irpHKUEjn+qY1
-ZdZ7NNEzH9VXWN+6lARLIQIDAQABo3wwejAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7
-J0TXNTPfmhWUxzAdBgNVHQ4EFgQU5FhKqtjykfUZF2iehQcjbgo0680wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAGilgDaBiDA1cbd6xUxAl/K5DVQ8ack+2fk1
-P8G5fTuQoQtDbWX6eA7Q/nXFXBCj2i1tmJF/q8Pzh1GU6MKQ5f7J5ibEstM1+lgb
-hidM5kd85uVTxTBL7GSS94BSfXFnNOOSWbRTyhSIZRxScCjERfnSfF8yBDRIbFGO
-ma6qPeAC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=Policies P2 subCA
------BEGIN CERTIFICATE-----
-MIICgTCCAeqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAy
-IHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowWzELMAkGA1UE
-BhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTAwLgYDVQQDEydEaWZm
-ZXJlbnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDMwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBANc03XT9xYcVcwSWI/zfZ5VWnTC4uy5WFMe8/BNL8QuP
-5xFw/xGTjgkS/ABNJJJ+a/RWsi0Q92MSeMbVNkgD0/i94SgjALWOdsg9k4LI3iH1
-ziOZ1OWKjKsJIxgCbTls+JRu7bRi4dnVYHB96WnGFVsVp9xyoS3hUYYwpCFXYLWz
-AgMBAAGjazBpMB8GA1UdIwQYMBaAFORYSqrY8pH1GRdonoUHI24KNOvNMB0GA1Ud
-DgQWBBRyOnvPdzFG1aaQtBqWQiKlfmoaPjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATACMA0GCSqGSIb3DQEBBQUAA4GBACWQn4A03gqLgppl
-ROwBGIIxHZD+wVr9BgoDJj2xwX6NaofqHfhAyVq9hDqEwylmfr0rH6m8PBAgnST0
-CnoWgQEQQ2sESHf6f/7/CTcVLlx8UQDXaTlA22nhmoJG9Y4iOdjdzhgvn/9yYySs
-aTByh3KCB3TV4q9GJw6nUNAmnoOo
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P2 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E4:58:4A:AA:D8:F2:91:F5:19:17:68:9E:85:07:23:6E:0A:34:EB:CD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c3:6b:fd:b1:c9:49:fe:a7:76:33:87:24:1f:f7:df:41:31:b8:
-        37:15:f2:3c:ae:8e:c7:17:a1:30:ea:a6:53:99:4a:8b:a1:7c:
-        ae:c1:4e:58:81:4f:65:e2:0d:eb:a0:cc:2d:f5:a2:ba:03:ee:
-        1e:81:1c:64:3a:b1:9f:2b:d2:40:27:69:6f:32:95:fa:85:f7:
-        c8:76:8b:4b:7a:11:12:8d:7c:fa:1f:54:84:d7:ff:72:23:63:
-        46:55:0a:e4:d2:38:1d:83:2c:57:bb:60:21:dc:44:0d:6a:95:
-        11:ad:f0:b5:57:82:68:f4:20:37:f4:d7:46:93:cd:c4:c6:90:
-        fd:c1
------BEGIN X509 CRL-----
-MIIBPjCBqAIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAyIHN1YkNB
-Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBTk
-WEqq2PKR9RkXaJ6FByNuCjTrzTAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOB
-gQDDa/2xyUn+p3YzhyQf999BMbg3FfI8ro7HF6Ew6qZTmUqLoXyuwU5YgU9l4g3r
-oMwt9aK6A+4egRxkOrGfK9JAJ2lvMpX6hffIdotLehESjXz6H1SE1/9yI2NGVQrk
-0jgdgyxXu2Ah3EQNapURrfC1V4Jo9CA39NdGk83ExpD9wQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3EE.pem
new file mode 100644
index 0000000000..1862cf4545
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BF 95 B8 E8 8F 67 D3 65 DD E4 08 43 E1 5E 46 35 4E DB B2 AC 
+    friendlyName: Different Policies Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P2 subCA
+-----BEGIN CERTIFICATE-----
+MIIDkDCCAnigAwIBAgIBATANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UEAxMRUG9saWNp
+ZXMgUDIgc3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBgMQsw
+CQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEwMC4G
+A1UEAxMnRGlmZmVyZW50IFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3QzMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2L32QT0g01F68LYjocgXqdQT
+T3dlBxvACUPsrp2+NKeweuoSK2yPKvs/QN4Ce4ox41QANy0KredM+kotXEl38eDC
+PTdSueu4Aib8XwXqNN47H0jXb3GXebDzdSdJRbrkLvV4hNYaf/PVWxtKdL/W4R7Y
+zWCisxXow4MIXFcGS29ZGcx4yReMxwZ1UCbk0Vg7lfxIIsM0AJ7mCKXWKpGAYxrl
+nAOjI1fvdD/NdEncadoeBL/Nv0wa9MA1k+EumSoPggSSZEmQJICZOJMeEiI12Lqv
+oOgbPaCkDIlpnRzk06h8D2JC1LxIxoX56lSkzQKLBBtS0X4Y0LNOqjHUr0KZYwID
+AQABo2swaTAfBgNVHSMEGDAWgBRePIRznjBwcnGYroE2GdsiDnyvAzAdBgNVHQ4E
+FgQUWCD2nzAOZgQ9p8fRaOygrwpU7vYwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAZKkhGrleiJkNwbr5
+/sNaPHcU8EvmcsUyyxHIUoQmXOcVDAFiUxs0TVTDoopeTMD6Mw/H2HXX1EOz41dI
+MiHRWAZGKl9v1Y0t67D5aNoZly9QZxm7hkZ7O9SdC2pdE3y9xyQK4cTIafEedLLh
+2+qOIFhB8GZlU+drtdCV9SVK+1R2vcurVkTHYeOeK7Clisfo4vEdhqFNnxKtnIvu
++LXurxBQvol14NuLoOTPvysuR+K9oNogoAUZMbpy76fkDO4usRkrE3+cJb3kx/pd
+W1BlJ95+daVa30HVXq+jD1VwFyoX9wonijkfjgmk/nWBxjgeVxk/xwAdvF0qI8CH
+Ggqn5g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BF 95 B8 E8 8F 67 D3 65 DD E4 08 43 E1 5E 46 35 4E DB B2 AC 
+    friendlyName: Different Policies Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,57D8FF98C92B6676
+
+1JVtB1HPXYvncvcKeUmtRWpZQ9fnqS4ea22mgzVZpRjqq3EuU8O2cfb0gi+ZnaUg
+sWjSUaK9nEnEnxTCHrfr7+IQAG6DcdwOYv0nH4udLEQbj2avZ0hn2XI2UGalEp3q
+vquIqtI7SLVF8U2vYc2e8XXJ6lsKv2CR+5z9mP4uL2KnwhXYz94sD3K7r9ForKo/
+TBl5lfXK5rGoYRV2PbtyX/YnACsIlj/RuCCxiTqZIxUJ0Ic4F9APYLd6yrNhe0PX
+2jahWnYkJUaAk1fn1x9X+rQiC732WvEXPcWgM644i+6u1qRGNNMmCw/kRCxXFN2E
+gLWeRpeNZYxiqzcQlDD1N61FwmRDIomCtPvMVvhhYB0N8JKyMMpSz8qEU3Q5bStG
+KYUvOsyt0dulrA9cWqSB5sLGeSIaqvVwE8BrP26m2T6D3E6BvlbD9dPpFhnAFnmI
+mrHU0nWV1x9DEEACBTVVohQ7f+235UUjXjt93aTxVaKqWv9yr6M9NozKTukoxAQI
+6rcyBwwIBpTeQwOGcb9PcROWmN7xoUqahxerxN1Ti6ePcOlXAe1RAiMV9WRrJudj
+OnQzcFHXCZ2qzYDcr1dIDPqnsLF5N6pHvMFvkYSXKd9eWT+BfOrrvCHiMGJQgsBf
+NfLBBgdomEoCwarvjt8fW6p38HZ0EpUbKtb9e+Zv+bY3W2je4t301w1zqlLbV7hT
+gmd/P/opiILDj0pg4cUmJH6IFxmeSQ2jPb7TV4uUhaJWTWaTb67FUKvijT6QGMZC
+uYxIG5dw8caYb9hlYzwI6Uy6PO609Y387QZTpi1ZdVyH392s9YdC1I4eYkYCbF5s
+pYKxCP9CFtstwe9FNnDrt8UIF2rEzlurLAgo9lUP8RTqOPKpt5jY2TZn3t9Zw//c
+LfTvOCFw1KDRhJyCjhXg1XCqxCF2JzGd+YLhoNA0feZAWdif1lvHNoHCy1ypP1V6
+ErsMpQAz4KD3k0gpVbIZYdj4nrPpSc8hRWKMSHmihanPG6VKETm4wuzL+FY6jtPa
+bSZ79R1ckie+TpCV3EEQhUkFOtFG7qWDk8Ypo0XqeN19YVo9JS5ACBpBOxkRTRZc
+8pr2CqWEEGQr4aUBe1ba4JkKV/AWOyGiVoFETO5efL0UF2JNEQgDqyEwHhfX34it
+CZrowX/1TjAYV/Jq5KrlP6PIWmKaDKge2iUJ9ED1IJdtM3LFqCTeHsi1xbnNdcHl
+h3oJAPKT+dC6+2CdZHuzPJCDXr0JHGsT/Hw0b9UlhkYRpWEYlh1owfUAeZYFz6AN
+7BkOwU/Bv1my8OmgwTu6v7X08+9kjmhG62x0c8Mj4iXy1/kIn2Wbp00pceXkwWqr
+ZTtMoVHkd0JfuSXxjAyPfUdTy6z8fPWT6SpKTLRG8B2PSKw+BpHlVkf1QxzzLgmI
+SA9VX3tfrBJ3DySTdC6AH1dVElLeIz5+Gopts7+tK7H9PQYp+6vhjO7W7r/9ePSy
+wM3SWtnLS7pm9qeNJSgRzuDa9pPue+EKlJnjypzB+Xhq8w9QROKe56oHFAQOSk4U
+NUkVhKDzT0o9vuVFbgIPKosfWYbMuB/NwfP+8miY9wqyXjOd2S6tqQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4.pem
deleted file mode 100644
index 42c902dac2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4.pem
+++ /dev/null
@@ -1,170 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=Good subCA
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgNVBAMTCkdvb2Qgc3ViQ0Ew
-HhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBbMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMDAuBgNVBAMTJ0RpZmZlcmVudCBQ
-b2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAo97r9TnN6B3H+x4fSXruIfEelkjmA4Ti1Q93FP3Op0Pfk8ybf7W8
-/meQsMFMMXAVrZ+pwfLj3YvzTspivZUbJGWA4o7r2DwkVkuXr6Rv2n3OhPlCwljb
-TAFxb5S3wOOJ53FHJw33R19R8d3B0CpxKxLK1oXQVOOu0t3UKizFJakCAwEAAaNr
-MGkwHwYDVR0jBBgwFoAUfFxpfJ3IVbEiBSlD+8R7j+rquH0wHQYDVR0OBBYEFOIy
-WsL+F3ByhN7vnBDlbJNEkZS3MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAIwDQYJKoZIhvcNAQEFBQADgYEAVoBWMI/tY2C3bNKXPdDQHwOq
-+JplKCmu37pLQlMNSVP8yssW5khRqkKYi48Jz7b21NKFN3w3/0MuV2AxjEA6ROZX
-MBwaIKyeHMRCRDJndHYU3CkOvex/eDDnLXvNxTXuda755S3qZUbhNKRZnLv1iDzH
-KN6TmIq39yQReXlNoNo=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good subCA
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA+MQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgNVBAMTCkdvb2Qgc3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPPDgvwjnBtonTcZM5RPe+FqtX3glBmw
-zdb+WOm6gKoAp5euYnW2UZOOjSztJyTUKsmnK3qhKgntDjO8z/ito6Pz0Uo7zoby
-wftFeKr76K0iBIp0t2DJQ4khnA8KjIB7LJp5CKIT1rhPdrLhPbc/r+LcUTZrAfRt
-ZcQkxbznhxZxAgMBAAGjgYswgYgwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz
-35oVlMcwHQYDVR0OBBYEFHxcaXydyFWxIgUpQ/vEe4/q6rh9MA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAM
-BgNVHSQEBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAI8yIYi19lr+NUCxlq3CXkpZ
-TAgRtU0pqH1VbEootkv0o7apbF2cC8SHB0UDiih/yqZjqw3kHtpbBaf75KHxqoQ4
-PKqoZXt3K4rjiQooU+2cyC+mxI3uegcFjQ444R10jXwv5EqNQ4joXhz5hocJA/PF
-JGFA0gkGm2pMEBR567ka
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:7C:5C:69:7C:9D:C8:55:B1:22:05:29:43:FB:C4:7B:8F:EA:EA:B8:7D
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a1:14:35:58:41:58:4a:93:ea:8a:e7:cc:c1:be:02:22:8c:9a:
-        21:32:d6:a9:bf:1d:df:7d:60:8c:ba:f2:8c:01:a9:38:a4:94:
-        8a:6d:69:46:e5:ac:63:48:17:e5:c9:c0:de:df:13:73:c6:ec:
-        3f:b7:ed:61:a2:6c:42:d8:cf:7a:ff:3b:35:41:8a:04:c8:fe:
-        85:37:b8:7d:dc:a0:05:35:ba:e0:bb:39:c8:be:2a:79:57:82:
-        db:f1:da:21:e0:c6:54:2b:37:2a:e1:0d:82:aa:2f:47:ab:15:
-        fc:30:11:dd:52:ba:93:cf:bc:46:39:a7:94:29:7d:e0:2a:5c:
-        d4:ce
------BEGIN X509 CRL-----
-MIIBNzCBoQIBATANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgNVBAMTCkdvb2Qgc3ViQ0EXDTAxMDQx
-OTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHxcaXydyFWx
-IgUpQ/vEe4/q6rh9MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAKEUNVhB
-WEqT6ornzMG+AiKMmiEy1qm/Hd99YIy68owBqTiklIptaUblrGNIF+XJwN7fE3PG
-7D+37WGibELYz3r/OzVBigTI/oU3uH3coAU1uuC7Oci+KnlXgtvx2iHgxlQrNyrh
-DYKqL0erFfwwEd1SupPPvEY5p5QpfeAqXNTO
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4EE.pem
new file mode 100644
index 0000000000..c03b2ee55f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: E7 47 03 92 87 C2 13 AA D2 64 83 7F E3 21 B5 CE 86 91 D5 66 
+    friendlyName: Different Policies Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=Good subCA
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBDMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTETMBEGA1UEAxMKR29vZCBz
+dWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGAxCzAJBgNVBAYT
+AlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTAwLgYDVQQDEydE
+aWZmZXJlbnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxty81j9zfbcl+YtNeRrNlpCRHCO1tJ7MZ
+0EjEu8j64WkbvrzcPfxHeYAyzwduXLOORu3FJar1wJ+ZTJ4ay4ONqvTiOnnw/tLx
+KFI3aQSu4SWDl/F16bL6cfelY+B+tc2J7QoMMNQLvNGShnaefeqtS2xNQeCB8Zjk
+quY9lsQlmafVfOPxKtJA9EjnokOU9+mfnhh/ngbr24NKkT1uuRQ0Tg6sWoa7QB0V
+S+gGV6CNGEB7pJo58cCEOu7Tsxjd3q4bhazCXf4BQCtsF/MtkyFXfdkL2D+WzYzu
+XoEyQL/o/2SM4SU13PfhtrF0StEnRbvlNF5Hefxhd8SLPFRjf9uXAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFDIHLJ50XS1dKbuxeo07FVK0fUJ4MB0GA1UdDgQWBBSxPono
+OMkTA43/Ahv4n1sw3dzLdjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATACMA0GCSqGSIb3DQEBCwUAA4IBAQBiTlDMrFBwu0cpUufJeAXPXKdQ
+ohGYFCCTW2DA/T+PsQHnvRlRizHgt9kIJI6+4lqKAKmw240r1rsVecwDBd/Y++HP
+LGofEWvgA66DjnSOI45C7uJC01fu9Xhc4QJ3FGgDNHncsqFIJs/Bijol94PnPYjZ
+Tf6xUYy4pAU/CMWuc+sox34TZE9KjXgQp7JbjYHRrFWNTyDoFBQKqoechN3tWGH+
+bIRx9Ck8RT6mhkUouR2KP+d8212wOEE/6ctpFCslGXyMt7jZjcuSlYAOcRNQWhkM
+hiRoCMkvqO1yGAHvXCo+kGeHe5flqzQdcmuEknkDmPZx8XEse+XjtR5hI7D3
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E7 47 03 92 87 C2 13 AA D2 64 83 7F E3 21 B5 CE 86 91 D5 66 
+    friendlyName: Different Policies Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,78D7FC965498441D
+
+P87XTD3VLVwqhAUwYB4Ulb8Xi35NMdW+5ajmm2za5Pk99uwJ9iXEchDPEG4LRhOp
+sR9q0d7Sn3Z5cs2odT0+a6sun2ijAy4tTC7ZqDJRsW2NPzo4mbUamsLqcS9jLNAM
+8cq/RA2EdTb40bKOgherEPZmwiZYkLrGoYApUCP8uneOGZf2wVifSOSTKxysNELC
+XSlz+sISR5Nj8gfMDVtlZf2k38kUn8GE1YfJItr4ALAva66Vo4ix6YRhQqLRdw8e
+vjGoDG7gXfhQttgqr5pTaMYcrhEH4IRpeB6AIgthKZkrYXHniYL30tiCghHhdtob
+Sjoym+I4TAnZu5PgfuJeAX6xaxRlFJcZtl1/+Of4Z0w5Ap2qXB52yDp2fMzxLkOL
+A5Cu94A9XXJTVU1R54LnF2BPOFYW9pt0eKdQ4RwbxXHIpq5ik5/JVZZQb8FiRxEL
+1Oapr+339WsRdpAHbksFGfhY9IEsS4P4nfPqW08moc1ryM6aNIjr/J4XO23Qmgw1
+WMxH52fg1cR2nHWpw8NmHWGxoNi7rIC0QjUMlTZlLM1ZASWrBwY1xaNgAfO1kj6/
+BTgbHBqXq6bhTBJ8lBaQm21IfCBv4GUKyFzCnAcVtqWJiCiXP99arSyBWIqkh02K
+Hejinsb3zYgYbZrurPcWEr96LQL8hjDlrMSD8Jiw8wQzSpasvMiaexBxG3gQ0MNq
+VIkpNd2QtvdhiK7zRVdkvRv02vu4ELYPNFzCgud+aapH4Zun/QfFKrvSgmX6AoUL
+HOc2ufDHxfj6JcFoT/MvAHM11xcSANhOKB5lb1fPi+8G3BoSfoxf043+aShIPX4p
+d2xTreOmA919uhGS2zuGrvFse2xkiTFHWBXtcpX1qOLCnQ7CDvGkx9NMJpjHMpQn
+MPgcJuxHHQo3l8MdOesfs8gTnX2wTAkEEla6v5sYtGsxUfoFlUoUaElbtBkP5Xul
+imdt75jxlE6AifsZ6mw4a1XGqCU8yvkKCFleuR+6ZntfRQ617j8EAD8G0nxoAbdb
+hmUL1h7q6HxxjxrHcw4SiaeZPkEeKhxkdW1baQ1zi96obw9PGR5BBaCSVS9OQ15T
+4D3lumHaXoqJihul8xapaISU9a97ApOuJiKYsLTPyctV0gSYymlUAFhpZIVKt/vA
+7043fcoElNWwhq+FvHUtRCl+go7lftinYJyaf1mWTRumm45jxtvgsXw7eUc8qqMK
+F7rpOmSSV0jD1eEXAgcLc1l1COL4Vm7Cv+s8CzKXYAFp9HM7PbgzKc+z/frW+RYT
+pEWN+7WyufYPIcbXXtG2pkI/TfqKpPGNlUN/1NOJpssZHxGYUJZaZO8lN9eH8aE8
+ppD3bwrfB2XMY+2Qq0G0ous5pX98fWp8hsQ5BIyqP9/fZTI7PCKUN5toJqJwlvBs
+dY+7QRe9xxSpQCX5XzD+swQHuWtYPvgukpgumg1wgwxBz+GqctFbzNs24zY0NDQ/
+EHMFDdBZalY8uC5NT9j871DeJlnLhK3TNVB0zwtCid8R0fP0tV22oDJ4oyt0biE/
+ChrQlI6SVqRXaWdCjGcp5xEpiGi8aBnWlINayceaLFQ37yoESDMgjNplZCs2zuLP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5.pem
deleted file mode 100644
index bb476975c0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5.pem
+++ /dev/null
@@ -1,170 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=Policies P2 subCA2
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBATANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGzAZBgNVBAMTElBvbGljaWVzIFAy
-IHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNV
-BAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnRGlm
-ZmVyZW50IFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3Q1MIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQCwZH5VW/9MO5bUFBrHnWcQmxnLKiqHAu593o6kFZKt
-zkkYkVCA/vu0Wqgk09UeJz2jQPFuJEFYl/VdkkyS3U5TMdJBBcIHMYpmVTeTJSzP
-G+II79/nOVLpVRfuMtKclAU+oCCJb29oiXRaOFzZjzbXuU/NvSXZu24sVctBtFQA
-DQIDAQABo2swaTAfBgNVHSMEGDAWgBRx6y8V7VGl/4VJjHwa9kumm6SUBjAdBgNV
-HQ4EFgQU0BTRTBvIbX1D6I9/J/Wkp7/iGNwwDgYDVR0PAQH/BAQDAgTwMBcGA1Ud
-IAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAVgTBnKECQtHJE
-rSdkBjW41mPMbdbsbYgsl00518Qv4kS2bIsmMOB4V6kl48oIlmIql2dgUqb0QgvA
-JFFmwyLWdyUy1Ngv1H4tT2i9htTQAG7Yhx619BHqWCfqCiue49ySUsKOefY3ZYuy
-Ew2nYu2yBbFQuBajQDA+6rT6RjvF+Q==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P2 subCA2
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICgzCCAeygAwIBAgIBEjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBGMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGzAZBgNVBAMTElBvbGljaWVzIFAyIHN1
-YkNBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtLTO6yKdiF3dWPmvdMIU
-ljhMl5k5/mSISipm74fsNPvCJOAfdPJa7ZsmCH2mXZeXa5xOUPG9YzcqgSoj8YEa
-L6h9u4t40L+OyapOZKiYykXi9hoZEzCuilIIu3km9rU0jF/hTntZ5QSdE65fM5qn
-iMQnAPkod5ehi3XASsHZu9cCAwEAAaOBizCBiDAfBgNVHSMEGDAWgBS3LqaCy8LI
-vKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUcesvFe1Rpf+FSYx8GvZLppuklAYwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8E
-BTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEApvxtR+QrmkV9
-u+IYUO9+MXgIGn7U3aab9pnQfxH2Dqkx2uPGGYsw3+Md7m0+Y29god0WgGwgrmlS
-9VnFhuDw0Sks4ofgjOWCrO0gK10fO2AHzYMwxcbsaqrIPS0dIkUflnnB6vUPoz1t
-0/y853VkBY8fwZC5lSrXe1j/wkrITt4=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P2 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:71:EB:2F:15:ED:51:A5:FF:85:49:8C:7C:1A:F6:4B:A6:9B:A4:94:06
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0f:c9:61:2b:d8:db:62:52:36:67:85:d2:bf:79:00:4e:44:4c:
-        3b:2e:a1:0f:58:1d:06:1d:47:bb:2d:b2:3f:62:d5:9c:7d:da:
-        bd:34:86:5d:44:f2:ec:42:d8:cb:37:16:8d:87:d7:73:3b:d1:
-        82:e3:e9:2c:d6:db:6f:f5:f3:db:d4:11:bf:bf:aa:15:10:7a:
-        51:76:d6:56:e5:f6:27:00:54:54:87:14:e8:0f:5a:e1:5b:64:
-        16:53:de:31:1a:69:c2:6b:a5:fe:77:8c:bc:f2:42:d6:ad:84:
-        6a:f5:bb:94:16:c0:12:64:af:4a:2e:68:64:2f:f5:14:5c:b1:
-        c5:cf
------BEGIN X509 CRL-----
-MIIBPzCBqQIBATANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGzAZBgNVBAMTElBvbGljaWVzIFAyIHN1YkNB
-MhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU
-cesvFe1Rpf+FSYx8GvZLppuklAYwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQAD
-gYEAD8lhK9jbYlI2Z4XSv3kATkRMOy6hD1gdBh1Huy2yP2LVnH3avTSGXUTy7ELY
-yzcWjYfXczvRguPpLNbbb/Xz29QRv7+qFRB6UXbWVuX2JwBUVIcU6A9a4VtkFlPe
-MRppwmul/neMvPJC1q2EavW7lBbAEmSvSi5oZC/1FFyxxc8=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5EE.pem
new file mode 100644
index 0000000000..5b2666edb1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BB 77 D6 04 86 C7 AF 5A 53 52 F6 9C AF 07 E5 C4 57 9E B2 73 
+    friendlyName: Different Policies Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P2 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEbMBkGA1UEAxMSUG9saWNp
+ZXMgUDIgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDEL
+MAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAu
+BgNVBAMTJ0RpZmZlcmVudCBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANc7eW7KCq7KAlGjq9aqVs2M
+lsnXH8C8SqOXRofpJ0M/j53afDE0ILmH4hgoaOVhxyRcpVmcC/72sVP4gSTpAHck
+XHULhlvx5E3tUr+ki6goatM9qKTboJymwV/hmx10idGMNVWT6ejet9ji/J23RiC+
+EQ+TxjIsAF/fWdB74H4zCvPXnxRWy1CitydVL26GH8MnekOcp4njmDmIyVWrAwUF
+geTwAB3xHz6/7iA9C9W95xRCTtHXUHeMAIEdELouBZotgsP725TXCC+pm1tUvbZi
+a0P2LxR9QcMgZCsDfO7t7My49fegLLaZpJqd7V6+b/2JlJeIcNrDmmrNiopd9VkC
+AwEAAaNrMGkwHwYDVR0jBBgwFoAUFyzqA7gHd4E9ZaW/Mx/MetKY/L4wHQYDVR0O
+BBYEFJiUy7I6Fq3xRsRaizIrMbUtUg75MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAE
+EDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAB+8jMz17pv82w09
+6pJhu2R2WHjLME/wzJ5dRBzcG8tniwcSXKzravLiOVJPFIHt4K2WGHK5D06E+6yw
+VU4BLu1lvL8jsZwsmdXishdolGNpmZEdOH8X9siOUvtxmApeVnwsyKCEsc41Y4Sr
+itz2siDC2nNtvG+MtVGi4tbGBsAD2+COHFWGSqjc5nBG7RBTxJL9c2JpZ+Ln8udp
+7ccOfxSrF/LgVkdPyHj+6CvO7R57WWjcBIT2UTACl9ERGGxhAIEe0T/odhaU+9P9
++qkb4ZxyYBAuarU8/qRGzk2lAnjv0gfnurCrRCjLwh83uF9dF/eo9SF0N9/6J1bT
+OOZB0Ek=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BB 77 D6 04 86 C7 AF 5A 53 52 F6 9C AF 07 E5 C4 57 9E B2 73 
+    friendlyName: Different Policies Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CBA4E381EE361867
+
+p9Hn+TnHC4Q+ErF33Ril0s0y84bpX+RK9zwxK1s0I/xSEneCjV9TaL7BORl8P6kB
+3+zZKnNR9jb2fqJVG3UWW+UIpjxsDsplIcn+QAbUfU7mzGwsTa3yb7K/0omItCWI
+XJvlbxhytb+zgOOZGg9ES28quIGJtXpAwEx4fLKQuXaMKsnUMFUjPt+KZTCDcsNs
+e4cM9PFk5L1w2JFckYyfe7eW0DTuNsmLH0QQqq/QkspIQXhJYeE1JTNEW9LlV9cT
+ZGTTK2JBWg7ipKX2F1OgXW2OvMKUkdTke1U95FkJh6oGD4kGgwhdtB9EnnbTrc3L
+vvEzvNCeZZaVNazhby2e/+5qPOfxhe4EPPHhtHejZdmt2xwqcRU3JjMF78zab8ro
+m5zIUdKkU0X1YLO2O6QE1yA1Hyy+AvOfT27aU4+nE8hAkZxcp4E0uG5N4IJVRKbW
+MuOWJZgEGSRI31Z5yhhthGbM7B9Su/lS8lKqTv0ZuZvwtjAZIBbLocVvjt47KTY1
+q7MHB0wlrgPUVv4zqbfkp40Mgr892Jow7gHeVTCTSbeF48zg/I2NbrDGaSMkuqee
+X6fpbXPiYMcHMMZWaBXmhqqsBB035JeAIG7cfkcJi5+6IrM3Ttg41klvdJTihrV3
+iEfJLwQcIR62Qa9OGVdanT9oJKoDhkFbO8KjI36Lj5XcJR+SvtJ4WnFI87U2vEY+
+TqL9B9M41wLPh8RPyKWXd4ppqUV5TsGvAakVFUeTlDMET/1smHC544vryJnLTdCH
+2IWJaRjqUi7oUazKvXcgEETQ4sko9F5Hgjf34OVchxUe1QZOOOUfCP4tSTtUG3AJ
+bkSTtAJ5mHviEL115RYwLbJMD5j3y10ynQkmQHQbT/v1/3zBsiUPJ4lq+ELvRSSS
+rYYileo/RTH0kp5hD0tOyJRSLXmWfhpEtccpJZOw6EBFOHs8l0RubK0kvQgCnqn5
+MxZwxP0JnL+amE1MsttK724Uo2bXcf8rInBwsuyhNobHsApli7buerVhSGn7xa7b
+EmO5GZUMEywe5SMKNMyk9L4G6G7in0tW+qrAHRbpid+BpOFmZ7hTs4hGEfDd2gbH
+NP4HuOiMMQz24ckcyPq4fPECCWYyaixxt39TbD0RSgwwQxzRj/V8OyL8+PLN1Eld
+i7ijnvpasIz1Xa1FyrynYjfU0KMRr+Xh2R2iPAR6kZxQu1Y1ORAm7Lhe2aElHiDb
+oNCcoufceGTkXB8uzMYOgH6LrtfQcrjRIZdZyvHlZPlbMsMbKokamAJNtzHuhH0T
+QDkQVtHV4ext11mf1ebSt4wKmTVTiXS79ieVHWAcxVX0OOFOQeKKfrlpY3UNxUF1
+y1rSWp879v9DyiJmy0/pVrtAXf8a4WHoU1btyAQBvFv0LL2Ta7em35ytmpYS8cst
+hUjXbUtMDha08no0jzwFLsX5SZ975ILA26E/qtP7PLcbwezb8B0VKQpsPmbp+/1m
+iyoUQaMdYo2I/lkAHj/MLjXLwZBn5jTYGtLewVNTRSFRze8doZ1JD5G1Extd0bBh
+FjKSe4WmSXZ/EO5M1ADH4JOEUnK045DCYSxPfAhuueIUulKXr8cvLw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7.pem
deleted file mode 100644
index 64913817fc..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7.pem
+++ /dev/null
@@ -1,211 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P1
-issuer=/C=US/O=Test Certificates/CN=Policies P123 subCAP12
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAx
-MjMgc3ViQ0FQMTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBPMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMT
-G1BvbGljaWVzIFAxMjMgc3Vic3ViQ0FQMTJQMTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEA3JEcFcmqBaOdX0aQIeLKgr184G8kZkUDCWXFVa8Rl8JEbH8nKumt
-oT+D502p0fAxQ/lu67/+Wz9X+0bAwkuPsCzJ1QCXR2UIRpVr1NxN7Rpz/7c6kzfL
-/DJwrly/lSBnj0R0YirNdtTRRbIo0/YEP7P2B0gorC16aSbZViLod4ECAwEAAaN8
-MHowHwYDVR0jBBgwFoAUWocIIfvckxBtmgt8x2qxaEvfVdcwHQYDVR0OBBYEFCOJ
-nPgjYULoGZabFjVqvDC9XoqCMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBE
-8ZcL9nvf0LT9xC+cY0M+u5LPMYNxkecfdmiF5H1xmtqQ+pyLB7lUIyeSE0FWSbFS
-HxkKQAkO31yPfR0lvAkmJS8uVhZf7kiMfNhK/iHQA2LE4ubMmgyfbnAidPaVhPJ/
-waAqgUmU3waTfWo4RyKCWsWN6L95KJNO3HkS5l83zg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P123 subCAP12
-issuer=/C=US/O=Test Certificates/CN=Policies P123 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAx
-MjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYDVQQG
-EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGlj
-aWVzIFAxMjMgc3ViQ0FQMTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOll
-J21WulD37Mn1rV21nTiHp+5zJm7d2iKVBk051MbS63EnC5jnUm0D6a5QJiQR8Ai2
-tuB17ppJED42WQtI7o8exytiya4Y4BvDOeGlVbVZSGgbk2vjlTzg+caDcAkVSzWD
-YMs02A14NrbFODXEyAyJ7rsOTycvQorNHm6zUBvRAgMBAAGjgYswgYgwHwYDVR0j
-BBgwFoAU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcwwHQYDVR0OBBYEFFqHCCH73JMQbZoL
-fMdqsWhL31XXMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIB
-MAEwDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAD9AiTI21pU5RaP49a5YdThygUEjL+Hvvoq4cbbg7dN3qbjYJBXUruTWyY+c
-pSqrS3q3rUlt99O+9JFqZSX8LCVRMg0yWSlwymdeY8a5EBS099ZFB+r9v4tIndk0
-r1uaX/PyEiMNd+eT8GdxBwl+Jo+AHTvuHx0G9iRwLbS5Es0u
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P1
------BEGIN CERTIFICATE-----
-MIICnDCCAgWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAx
-MjMgc3Vic3ViQ0FQMTJQMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFsxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4G
-A1UEAxMnRGlmZmVyZW50IFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3Q3MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq7BLYQUkQ5JoVVov7G3lnh8JAEwYq
-LMbqpRCqw7cUk5pzpmQsxkZs6/Ucuz/aR9dCCaRZJ+YQ8GZSQ+igOWzOfGwugT2P
-1F9uHaqW5hLEm4nKD0sCR7e+SSsZcVLDu43aKeP9M9W+eIiVgBDqqO/sIiP+H9lA
-XGxBY7aZKR9PbQIDAQABo3wwejAfBgNVHSMEGDAWgBQjiZz4I2FC6BmWmxY1arww
-vV6KgjAdBgNVHQ4EFgQU8kOeHdO942r3cR78izbu/QscRBMwDgYDVR0PAQH/BAQD
-AgH2MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4GBAB7JKK79k5557tO3m4Z6Ggwb+wna9YjHdiEEmFrP0CbG
-ydKsCOn176W5roPXJfVz4LNWRaQ1VD9hJBRNk7l7hCgrbazLj9TtrU9RrklDu54/
-tyZH3BQrH0znl+dxlEgYdfzhd0XQhMP4AGAlIzZUANHCnmjRKkqikPNXO5bMpnza
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P123 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICojCCAgugAwIBAgIBJDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEQxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UEAxMQUG9saWNpZXMg
-UDEyMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuGtVArq1otVEuN/s
-xR5XSOEfVzIms1FiprO4UReYXUDbKzmCYC6YypbEnOP2JpLQOPwAfVqLL8FV7xiS
-o+HmK25R0aK9nQGFUPX0U9o4b5NRcWFAoYBAF2GOFBNqGF6d9wBFPlijGMT8nWr5
-ahnujYSC1Emy88N4hkp1fj4o7yMCAwEAAaOBpzCBpDAfBgNVHSMEGDAWgBT7bNQt
-gZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcww
-DgYDVR0PAQH/BAQDAgEGMDMGA1UdIAQsMCowDAYKYIZIAWUDAgEwATAMBgpghkgB
-ZQMCATACMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTAD
-gAEAMA0GCSqGSIb3DQEBBQUAA4GBAHcVVBwhebD5vRKleXMh71kleQIL8QOQFpHM
-jVYS/KJiBsVUTebOeONSU0cuPmzomEkpLyYPz8cDroidExtxGEpkKgYBGi1c5ext
-cDUGFsTWENTFFWjZ7xA56XUtGd8alXJfY0v6QSHqoYFosJvoqU2bjX6jqQVK5HbY
-kko1SxlW
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D0:BF:CD:9B:DF:F1:91:FD:82:87:5A:10:CF:90:AF:8B:BC:F2:C5:CC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        81:c2:63:b3:65:bd:c4:2d:98:7c:e0:85:dd:5f:07:d7:b4:1b:
-        7a:64:a7:7f:60:3d:62:3a:70:af:d5:97:23:23:9a:48:e3:b7:
-        8b:c0:3d:43:c1:66:e8:24:db:ed:a9:ab:0a:70:51:d8:7d:65:
-        92:ea:e9:6f:cb:96:8e:3b:cf:94:e9:9c:d2:27:54:29:8c:81:
-        84:1d:a6:22:65:85:46:70:07:da:1d:e9:79:9f:e7:3c:4e:96:
-        1b:11:d9:08:ec:f7:95:15:c9:db:8d:a7:17:16:3e:76:bb:41:
-        98:15:94:b3:1a:19:6f:1e:dc:10:24:c8:ae:bc:38:93:c5:04:
-        ef:9d
------BEGIN X509 CRL-----
-MIIBPTCBpwIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAxMjMgQ0EX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNC/
-zZvf8ZH9godaEM+Qr4u88sXMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AIHCY7NlvcQtmHzghd1fB9e0G3pkp39gPWI6cK/VlyMjmkjjt4vAPUPBZugk2+2p
-qwpwUdh9ZZLq6W/Llo47z5TpnNInVCmMgYQdpiJlhUZwB9od6Xmf5zxOlhsR2Qjs
-95UVyduNpxcWPna7QZgVlLMaGW8e3BAkyK68OJPFBO+d
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 subCAP12
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5A:87:08:21:FB:DC:93:10:6D:9A:0B:7C:C7:6A:B1:68:4B:DF:55:D7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        67:b8:b5:f3:01:89:95:0b:52:9b:23:ed:15:82:33:84:16:99:
-        d5:19:f9:2a:ba:7a:1a:fd:61:2e:32:9b:bf:50:d0:02:cc:b8:
-        5e:0c:f9:8f:7d:6b:d7:ce:29:7d:cd:9a:0d:01:4a:c9:ef:38:
-        13:2e:a6:46:a5:13:4a:ba:01:58:71:13:21:6a:52:1a:e5:2f:
-        c8:58:ba:dd:bb:b5:18:3e:a0:5b:94:3a:96:d0:47:05:fa:a4:
-        84:37:c0:e4:5a:42:31:19:c3:86:cc:42:90:32:85:aa:e4:70:
-        23:e2:cf:eb:fe:f3:fe:e0:83:17:bc:c4:15:07:0f:b8:c0:d9:
-        57:d2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAxMjMgc3Vi
-Q0FQMTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFFqHCCH73JMQbZoLfMdqsWhL31XXMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAGe4tfMBiZULUpsj7RWCM4QWmdUZ+Sq6ehr9YS4ym79Q0ALMuF4M+Y99
-a9fOKX3Nmg0BSsnvOBMupkalE0q6AVhxEyFqUhrlL8hYut27tRg+oFuUOpbQRwX6
-pIQ3wORaQjEZw4bMQpAyharkcCPiz+v+8/7ggxe8xBUHD7jA2VfS
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:23:89:9C:F8:23:61:42:E8:19:96:9B:16:35:6A:BC:30:BD:5E:8A:82
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        38:53:72:c0:cb:e3:f9:84:7d:49:58:c4:73:96:61:3f:7d:1a:
-        78:47:82:fa:be:2b:9a:55:99:d4:73:ad:49:14:9d:a3:3c:5e:
-        99:66:20:f4:df:d9:c3:d3:03:61:75:0d:18:f6:c4:b8:29:0f:
-        e7:e3:e9:37:f3:0d:e0:74:a0:ef:8e:9f:fa:12:18:20:a2:8a:
-        3a:bb:72:e6:20:4f:2a:2b:7f:22:5d:56:01:e8:fb:76:fd:62:
-        44:16:83:a8:7e:53:4d:6a:4a:0c:94:10:64:85:02:07:1d:d3:
-        28:57:9f:e7:57:65:99:37:99:f4:52:ae:de:5e:4f:5c:e9:08:
-        f2:cc
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAxMjMgc3Vi
-c3ViQ0FQMTJQMRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUI4mc+CNhQugZlpsWNWq8ML1eioIwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAOFNywMvj+YR9SVjEc5ZhP30aeEeC+r4rmlWZ1HOtSRSdozxe
-mWYg9N/Zw9MDYXUNGPbEuCkP5+PpN/MN4HSg746f+hIYIKKKOrty5iBPKit/Il1W
-Aej7dv1iRBaDqH5TTWpKDJQQZIUCBx3TKFef51dlmTeZ9FKu3l5PXOkI8sw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7EE.pem
new file mode 100644
index 0000000000..37fd72a219
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E3 C8 85 A5 89 54 F8 7A 74 DA 95 B7 7D 60 D7 81 41 5E 30 A6 
+    friendlyName: Different Policies Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubCAP12P1
+-----BEGIN CERTIFICATE-----
+MIIDqzCCApOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbUG9saWNp
+ZXMgUDEyMyBzdWJzdWJDQVAxMlAxMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowYDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExMDAuBgNVBAMTJ0RpZmZlcmVudCBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALX5qIQqd/Uw
+7MRg2gQjHoTe735/Mxlza2yZGICgJIvj2V7auQHGGXTgsFg1rWaJUXJMGGql2z07
+xZa7WLruITA+1kU1BZ87zY4aifFG/WvgItXFhtDB+OT4kSEJZiNWOg8996AwuhcV
+6w8pZ0cm7idgb/gMJ6lbeI5DN04of9ojxKbuq6JzLKLLxLQmha1XC2PqSUHOHiS3
+yfX9hElPnrORJGjnDZ03p/l8eIb/J8s+L9osoqQ363Km837bdxuioYv42D4YHHLy
+lBm9vTuxd7R234qTINJ7jOSg43/0DPg0gO8gMfZ12JRvy+DyP+Askl7RDGMuxTRq
+z8moPGpV1TkCAwEAAaN8MHowHwYDVR0jBBgwFoAU5Bs+RrfmyKnY7dEzfwXh8V0S
+JMIwHQYDVR0OBBYEFJn4esVCw8dzBLgHq2Sp4l01/p9yMA8GA1UdEwEB/wQFMAMB
+Af8wFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMA4GA1UdDwEB/wQEAwIB9jANBgkq
+hkiG9w0BAQsFAAOCAQEAfzbl1OcrDaD7SGeIH23hl+fmPWKKJhbP6QUM9NRGHVIr
+FaxxdfvL1YJrU5Y4zcqK0O2pYespDfNRJOFJMVAoOzwWrhi4f9lkZIiEaUyIppXP
+mDpI2UQeru/mvOrMvuvd9/FeKi2KtqyxNHCJgj3Z9pdYPUv3pad7cdIILVV3jRbz
+YPS4WguwQhCEEw3ft9D+B2PXMSPhvEBNfAUC0xan6yODR1XjgIihkLuiQe/80Bql
+d5EX0ib/SO9JK/7ybfssFcmxzjas+0geZyg2gDP4H1J1PBoZLw6SXTJ4DO6CIud0
+EhNY3lZQpWUlN7CXlAJiqiQ4tPDto9XZcQJ4S2nHJQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E3 C8 85 A5 89 54 F8 7A 74 DA 95 B7 7D 60 D7 81 41 5E 30 A6 
+    friendlyName: Different Policies Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C81C50A3417BD7AC
+
+35uZCwoHIukL6Eoc7HT9txdqgFWZO7UvF2/K1+AU8WplGZAL/D62oWsT+xlEOrug
+FsGiIH/6GpVkF/8NOB2nlWAVv4F6hkDdzfFRIt4vJJmQlGZnG5YKpMfmm95ZnFre
+TE5l3eGnZyhEUK++4Bfq3GwN3AHMV9QSKSjq+EY3D00yaThjWJw3D8YHvXjSIAFz
+gQq6PY9YjtrTFbTgwYo5C7VscvMEhClQs4awU8lBKzt8SFQJVnrG6c8TrQDCq8T5
+N7jNbraxlX0A68djM1ZtisIOTJ5ZoiamshSBU6RFoxPPo714AcSeAYd8dy/7AzAC
+o9FGqxjQe5vRu7OBDTVvKez9hqVgQhEoXBYFDGq1ztRdbBSPc8osXSOlrh+TZjWf
+BrMBznxsP5I07MNaRteQpfFZVQCyIbaeyMO7u5Vb65RNvl/KBoVrN/mu6ONoWInY
++cJBxeA9T9TJmHkA+X1ljR9ofdiRG6C1TQx3XSy5BS7ABaO5RfJpk3tDokAZLB6k
+GnQGu1qfaERGPhOgmejatEs8YKHbUss4jFTzehteJzC9YTvjnd6azAQ1ig2/i0ki
+9PZ1if7o+LkQ9otIM9PzHK04VMf5kv9OgfYSFOTx3wZXisj6kplBgEFl5owKzNHZ
+uAQd/hdPvZU9Cg2MjOnnQg0N6w6ld9GFyVmBWqStibYxLu7z5XrmGrhy5o4C+zTw
+PUjUxKW15GgG3StbOPD/IEgMPOJYgBMZiIM/9kJ1PfmSCVVc4gsKeqTsLsMDzKMM
+QwgAz5Ay1fsJBefxv46KGnubeVPJ427UcUUOMQIajrP6zdKRkPDY1H10l2SV7Jgh
+MQV3lO032PkT/bj+DyXSUnnj5Lr9T/zvPYMml+Rws+P6HFkq1o3VaMxt2p1hHkLY
+ytjaGOsvwGGhIRom0zFsZx39elkG88hqQS46yjR+sV19k+TozKgWwd34LxYhejE+
+qtMa1tunKwJPk7x8zZZRS9X402ZCuds9/6knwlMBtIiSjW3wLv2wYJxyZoyljZ1o
+jUjLzG89VwbLGigf+MZxBMvCH242Gbt8TeyquMTZgX9soXVxqiItzH+jWpEoq8Dp
+CkNOa8bpxFi2ff2hNmfejFB+qdYEWX6Bha4wvXtazSySwKgQjzZZ2++UHOuH+k+v
+/7M7GutB1ZEzsGIErH0FUPKORFHAFR8bbW0GYz3Lxr264HW1JQL31+WDGMUfiRLG
+iI6uwn5ZoCxfjaQ7NKgjlGQsmplDCEeiOEjQEypYdNE01pv5vhIdF9BOGjFVq+Ud
+wnrLYQqk1v1EucB/sb8IatsHu+eQDS4kIRJBlxiMKSNc0uEVqBDBGnE5QXOb2fKi
+pCw7dkdVjgsl92ZJpAhUOQ1KVNTMQku2hi+cCJXtHes8+DcB6G5saJHrNoZBi85O
+gtJQOVbhTqdLke3/6ZuAt3aJHGhUDosQGKAsM7UFJWJWYau5AfA+oiqwtkwF9PxT
+RIrjwmgEMU1xqxssAGvwQFYOXs5IsA4BZg5fL6aTiJFfRWc9nrsrwod7ddU9dPOx
+TbblMBSQCMWjuLIgYXfYx2FHGjdJ1VZKosl4EG3h4rVdtTxrFkP6jza1fgGyJbkq
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8.pem
deleted file mode 100644
index 0468f302f0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8.pem
+++ /dev/null
@@ -1,210 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P12 subCAP1
-issuer=/C=US/O=Test Certificates/CN=Policies P12 CA
------BEGIN CERTIFICATE-----
-MIICfTCCAeagAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAx
-MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUUG9saWNp
-ZXMgUDEyIHN1YkNBUDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKniBOhW
-3+GUH9cLSjfU8TnmUuKC8zu+bx+7Vd8N20wFU83y33ReAvzS9j5mBAT6qqLMg52i
-t5h4ni8MAttxqQivCwZR6U+Mg2KMdHEAbvTp8ya69ZdGzc8StBaJ1OIIRHtRicl2
-Ek85wzHazjfWPtmnO0EaIzJImL3U24pAKDq3AgMBAAGjfDB6MB8GA1UdIwQYMBaA
-FADjZemB1Ia5xx3n8zM5Bl5MEaX5MB0GA1UdDgQWBBRCiBzBeLdD2gCvvd66Q6fl
-tWH/8jAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
-A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAYKVZU12G6lcEkxyRYlMJ
-umN4xtytcDe50I4AFgMJlgCcLvupgFN+5QWwSGtdBpSrN3lDBFTUQ/ZrAL3O4nzA
-HaKM6LaBCQS1//FE6qbi2UvRHfp8RoYUH4hM1nzTb7/Za0wsWTwegcz1uOZ4aLQ5
-M7QKfWfzax6EarTJ4jorUQA=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P12 subsubCAP1P2
-issuer=/C=US/O=Test Certificates/CN=Policies P12 subCAP1
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFBvbGljaWVzIFAx
-MiBzdWJDQVAxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTTELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQDExlQ
-b2xpY2llcyBQMTIgc3Vic3ViQ0FQMVAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQCgzy2UzpvEK8JSY1wMRMaoYi/MuP+Hkmtwerm88lsIWe07HlT55nuxjp5/
-vSPZEgCYm+wk0AU87yD2n6OkCJn+oUVbeucGoJSwuTEs7HK0YZq+RyYdzcoZ7Z4Z
-EzNUC2I+vPj01u9NL0XBZLJ7g5h6Au8d3zGEkn6bEPk565LiewIDAQABo3wwejAf
-BgNVHSMEGDAWgBRCiBzBeLdD2gCvvd66Q6fltWH/8jAdBgNVHQ4EFgQUZ+UNjYxs
-KrtVbS3oIqoES3MriCowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI
-AWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAESq+2Cg
-vywkdxLqsugNl7K/+BK8s0yadUr/Q/DZKPALlPRaVW7GzKJ7aCGw1xRiMmkV5Z1Z
-UjSdHXTJetXdNpCfjpVnnrAB9DjkA7RrKI1KTPxhnywtwQNTpD4gceRP6icRwaN6
-7Y/GlL6Fi1LbuHlGF94I9XchvB1mTQ0PF52O
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBJTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPUG9saWNpZXMg
-UDEyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5unCMuN8PuVFWbqxO
-/wnIQsciPiEo1GoKWjM6+kb9l3h6wWyWYwmst2c158qcJLY9PxaUMhqQd/SY0Tt9
-WlHXVcE8rMoWSGmFxfK33UpeCtqwz9ugPSWwZkqx2lI/0ozQXgjYb0J9/EoKw1O0
-CxxrdQdPQkyLD4Uxe87/MlpzsQIDAQABo4GZMIGWMB8GA1UdIwQYMBaAFPts1C2B
-nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQA42XpgdSGuccd5/MzOQZeTBGl+TAO
-BgNVHQ8BAf8EBAMCAQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFl
-AwIBMAIwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEB
-BQUAA4GBABX9GMyAC90FH8BvpnNh6SDn2MIT7iINc4/9u64d1dxEhqogqcR58khK
-btHyx8YrgbCcqUNS4Xs7ckW5k2VNAd9dG0Chc0uk6rwkv+sD1/zJi8LIGd/3cFjk
-biIVYqPxb7WpKqo97V+43tMFsTqJNBSh+6W14vlP55+Ep5IlxcOm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=Policies P12 subsubCAP1P2
------BEGIN CERTIFICATE-----
-MIICmjCCAgOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVBvbGljaWVzIFAx
-MiBzdWJzdWJDQVAxUDIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBb
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMDAuBgNV
-BAMTJ0RpZmZlcmVudCBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxJrMY6Ju+VhfX1vaWidfiPUdCuUMy5lF
-7s2Vle2r9FOQQ8se76y2jPKssqb3XIIG+VLRlS5GMp8T4t6VgLtE+gqb4mcBuIdV
-KMwJtDrYnfNFML4yyCKSvh51ionton2akkJGnJ2POvQ4z7sLXrKKCKcGTWvbVqej
-BwfkNvwk9KcCAwEAAaN8MHowHwYDVR0jBBgwFoAUZ+UNjYxsKrtVbS3oIqoES3Mr
-iCowHQYDVR0OBBYEFOEf7/tJiP53/PPTMiuw+1ENh3KRMA4GA1UdDwEB/wQEAwIB
-9jAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDwYDVR0TAQH/BAUwAwEB/zANBgkq
-hkiG9w0BAQUFAAOBgQAkAFezJ/Jf3nv9Kuw+VwXEuX91e8e8wClFff+eY0Af+kXl
-fvUJnXN2TOh1iBU8C21WkavgIS9o8grJb3hbDpS03Yodnt/0151BiCMdLQI02sFK
-mHABJwiZZlLj7peF4avVV4Piw4arjXD7Z1bKYlHOZeTHF1hgS/XINAc8IUsfDQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:00:E3:65:E9:81:D4:86:B9:C7:1D:E7:F3:33:39:06:5E:4C:11:A5:F9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a2:21:e6:6b:0b:99:66:79:2d:86:a7:9b:cd:37:9b:4d:73:1f:
-        df:91:63:c4:de:55:15:53:b0:32:ac:c8:3c:bd:96:aa:ae:c9:
-        4f:b2:7c:9d:40:d7:f4:5d:99:8e:fa:2b:44:2d:75:ef:01:38:
-        86:c8:59:ae:e4:62:e4:83:b4:73:03:34:d1:7f:52:bc:3d:bb:
-        77:7e:7c:c9:41:09:4c:08:4f:a9:7f:d9:d9:0f:bc:46:9d:05:
-        70:2f:66:0b:d4:0d:80:ec:11:83:4e:1b:90:95:ad:86:02:77:
-        e8:19:aa:a6:48:29:a3:9f:36:c3:ec:9a:f5:a4:9a:0b:f5:11:
-        1d:72
------BEGIN X509 CRL-----
-MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAxMiBDQRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUAONl
-6YHUhrnHHefzMzkGXkwRpfkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-oiHmawuZZnkthqebzTebTXMf35FjxN5VFVOwMqzIPL2Wqq7JT7J8nUDX9F2Zjvor
-RC117wE4hshZruRi5IO0cwM00X9SvD27d358yUEJTAhPqX/Z2Q+8Rp0FcC9mC9QN
-gOwRg04bkJWthgJ36Bmqpkgpo582w+ya9aSaC/URHXI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P12 subCAP1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:42:88:1C:C1:78:B7:43:DA:00:AF:BD:DE:BA:43:A7:E5:B5:61:FF:F2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        38:85:fb:83:ec:f4:d5:e4:42:27:68:d3:d6:5f:c9:d5:60:4a:
-        fc:33:39:94:ce:d9:28:71:4e:fe:aa:e6:61:05:6b:1c:42:96:
-        56:40:e4:48:e6:96:65:21:17:f2:e6:8e:69:50:6f:44:8f:33:
-        a3:8c:28:e9:f5:85:d6:de:55:bb:03:30:02:eb:bc:49:70:3b:
-        bb:12:c6:f0:8c:8e:d6:5f:3f:30:aa:58:a9:6a:4e:3e:46:a1:
-        f6:76:e7:a8:7d:28:e8:d8:44:32:58:76:88:f0:05:5f:37:27:
-        03:28:e0:b3:88:c3:75:41:50:81:c2:fe:04:22:be:ea:4a:2b:
-        fc:a1
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFBvbGljaWVzIFAxMiBzdWJD
-QVAxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRCiBzBeLdD2gCvvd66Q6fltWH/8jAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQA4hfuD7PTV5EInaNPWX8nVYEr8MzmUztkocU7+quZhBWscQpZWQORI5pZl
-IRfy5o5pUG9EjzOjjCjp9YXW3lW7AzAC67xJcDu7EsbwjI7WXz8wqlipak4+RqH2
-dueofSjo2EQyWHaI8AVfNycDKOCziMN1QVCBwv4EIr7qSiv8oQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P12 subsubCAP1P2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:67:E5:0D:8D:8C:6C:2A:BB:55:6D:2D:E8:22:AA:04:4B:73:2B:88:2A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        25:a2:e2:75:db:ff:f0:10:9c:e2:59:90:7c:f9:c6:8e:63:cc:
-        d4:d1:19:7e:d4:97:09:0e:ea:09:59:88:13:b4:ec:07:f9:58:
-        7d:fd:87:4e:85:00:16:e2:e4:54:c3:ec:fe:0e:bf:f3:ab:59:
-        af:49:e4:97:ba:c2:df:6e:45:e9:4f:e9:0e:4a:07:41:85:8e:
-        f5:7c:da:c7:21:73:33:37:ff:e1:e0:fc:ae:98:29:f6:04:2d:
-        d1:4b:54:a4:fb:ee:17:ae:4d:73:b9:ff:ca:6e:6d:56:c3:27:
-        d8:d2:b4:d5:9c:c6:3d:40:48:f9:37:8d:2f:22:bb:55:4f:84:
-        07:65
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVBvbGljaWVzIFAxMiBzdWJz
-dWJDQVAxUDIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFGflDY2MbCq7VW0t6CKqBEtzK4gqMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBACWi4nXb//AQnOJZkHz5xo5jzNTRGX7UlwkO6glZiBO07Af5WH39
-h06FABbi5FTD7P4Ov/OrWa9J5Je6wt9uRelP6Q5KB0GFjvV82schczM3/+Hg/K6Y
-KfYELdFLVKT77heuTXO5/8pubVbDJ9jStNWcxj1ASPk3jS8iu1VPhAdl
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8EE.pem
new file mode 100644
index 0000000000..768abb6848
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B0 E5 E0 9E 85 E8 D6 CB 4B DC EE DE 28 1C 24 C5 7D 32 B6 7A 
+    friendlyName: Different Policies Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P12 subsubCAP1P2
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZUG9saWNp
+ZXMgUDEyIHN1YnN1YkNBUDFQMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMGAxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMTAwLgYDVQQDEydEaWZmZXJlbnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUg
+VGVzdDgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBmcAEklgPYV1v
+LOS3HNnWEIU4xixNfJqIAwV8nqXrQx7a0eymXeQ7ijyCkGPTOG+X5SHl7MT1EYun
+ASdRHbAgauU8IMhcG3a9GW6cP1uT04cHpS5WJ9SU71MDPRmLN9YorypgZP3ZxqIm
+Jp4g1KWYqwqegJ26wu+8JpmFFhj79MYGRmbM9TisxgPZP0kyJroYcSrdNJMXOXaU
+bmsJpQwwuzuDn4NtH+nTpaHx7ab2BKyqKYKyxkFLmr84YbD9Hqa9/czLJGF0Tf+u
+IUwenhHylbsWRlHirRA0FqHagTIl1O9+ptNsYcQGtYKE4mqMtRohd3GMgKqJx7IK
+yjG9uSWHAgMBAAGjfDB6MB8GA1UdIwQYMBaAFMelN6fQ+iTlfN/b8l1p2+7K9pnu
+MB0GA1UdDgQWBBQXoW+qF2xTgQ0UHV2q7B8e9Jbn9DAPBgNVHRMBAf8EBTADAQH/
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAOBgNVHQ8BAf8EBAMCAfYwDQYJKoZI
+hvcNAQELBQADggEBAASApMwfhokiI14ONWgsD8Q0fVCOMZAHpFBEFWWsI7FPtyPR
+sLVIdpHCBg1CqlW8hM9EMOa8IGBlN/rfsX/EbWFtOTUD5VNXG7HD9qfexVdddf01
+hqyLKW6IQUZdiGy8ljN2nuLN5kjrv6EaAYbbcrfgkrSiB1dNMvSG0ZCZfALNXAl8
+5ny4g1l6uvzGmb6k3O6F6s1NOMpJuUpHlgZ9Ggd6NZG61vpYDSMHzknfduvzbHhy
+r5A57ceLPfJrCzdGXNhKhtIrq63zfkIFCC8MygAWcySXN3HtxcHu7QTz4M3rVID6
+tVUg+PqT+oteuGr6tqeJpZwM4xZk9VabHaVr4i0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B0 E5 E0 9E 85 E8 D6 CB 4B DC EE DE 28 1C 24 C5 7D 32 B6 7A 
+    friendlyName: Different Policies Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0FB51308505B1026
+
+tYU/hbHcZnDlwz+bcFhFWFNLw8Ha/+9Rg+i9j1SaFMEQAWkj/tBkhoXKd3+8F/IQ
+gIonTU2u3keet25wJueGZnryg8c/tGAcWaZby36qIA6Q2BFK8UYu1NsRKKGMJF+V
+RQ2W0NuHNCfvM8J//9BmFggNtK/IDWa9KgbDstIJW70Q3Y4pJdrgSiiR4+nj0G/4
+oxH+rIy9Wds+8BgacJkwbPSVgzNjFwlxDZHefOeA6kUBcp9G6ZhnoAv0C4IBL2nH
+rIGzuyJuZ4ziU7I2D6ABGdzc0kcLqbP3D4d7iVILh7Bn2P1RWqmnzwHmFO3Obcvm
+e7amM0y2KCQyPqrtCXB+1a5jBsYE/KI4w7Ckp1X4ZylFx8gNgW4OHJHoHBor6nss
+rb+sL8sRviary3nbtUFIjWSHxDaebo7m4nP32dk7k3fd+EKq3FegSCLeUpbhk0+L
+dw/Gn0xWJIgrMcHgYYil+h+VKIJ8zhLY2BmRb1u8uGcGzKh7XkKLP1tBuzxdmwa8
+gLfpBeqT+4GAxFb1CeiTgoBoJSci0taRyNa8+BAtiVfZTf1NgAneqvK0ElpmAu6F
+H3cH1H+Suq+rL0nBDKtY6VwTZsSAigYVky4ZI6lGKUFT+qilK6V0TqTWNfTJ+Cxg
+RqK8jESxzRWWkF7cXe7FCEuUiBIQPjEp4CJiv5pfVfUoFpIF2yWw29MxmlZvb1g2
+xAaY7m6jjXuHovWMzKJfc1bXCW3uq02hTlk5NHcJtnSOYok1tZ+YjmJU1Uv8wKYF
+A3IzGAqUMQUjIxYNQDe3Osy90tqKnqjX9FrwRi58cpdWu4vejPp91mnWuvGvfdBQ
+FIi3m6hUFTCIN8bZXwBswEjCcztjWgPCDBthLST1B2MKgdHHbSQ15L6o8njMvN4j
+zeufk1L5/+RaBPvKtaE5Oa542DdZIMOSx6u9FeZ7PtPqw8bU8JfMqvt9iP1SPvvo
+55OC8Nmxv+liwEgZ6bK3PwBGJDBEutgNvrlh8LC9DxYh3Xp+DTdeZHLljr6FWmWq
+f2gGHh5lP0L2bLLVk8rioiTy/SYaX0ik96cBzAyy4IUMIbfFB8B0zYNyP8YSbDHD
+gnk39nwpDHm7LaT3LL8zg+8nSSAnXdJonjOCV8s1f5At2Gg0JJXx197FlH8S/tIm
+VLe49xTMs4MsXgW7Yn7Pe+obc8P5GkYBaprXW7b3JTpox8AhTJPXcwIXs3CorosN
+yTdDunGLXbSFIUdA/xEzJOfiuOaiBTk7ippGeT+2ZgMVRvaztnH2hcgAjTJ0I3t0
+HYu4Ax1y3w+q+x5viRvDbC2zQF1Mpl041dvwngI0kevx7p/BOdZaslZiAwVm0k8m
+1+KZFkVTxa06uVCOas3LnaxF49NOrLnW0dVLJPVl85ucPpZp5y7wKV9Z2lSNF2m8
+hBbVT7JV+gQjJC9l1CFbtzTNV54XHEsNYptv73/JkdVz5IBOylfrY7QzILF47BYG
+ecmTZqvFuNS0bFSyev5OEL4ZtQoA6Bvnpmq0+prtQ4lbyahCBmXaCaF8xATLbVB6
+wwOMl2DL64fIIAtNzq2tDE5oqWr5T8+9t3jp8jdeMVTn8D7vK11HKg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9.pem
deleted file mode 100644
index 4b2ed859a9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9.pem
+++ /dev/null
@@ -1,263 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P2
-issuer=/C=US/O=Test Certificates/CN=Policies P123 subCAP12
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAx
-MjMgc3ViQ0FQMTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBPMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMT
-G1BvbGljaWVzIFAxMjMgc3Vic3ViQ0FQMTJQMjCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEA/QzSHTVMWeTWiSZ9qa++M+UWF0AfCPT9oTdaLUwN0Tnb845G4Jh5
-Ov5u75dfUmAmvRM1brlhZoYZZa3cBvQP+1YoAOosVY1qy4xX/6OE2zqM45IRhyLd
-VlAJ2WJ96jOpb/HV3vodX2vjDndDMMxKRXd0WIHzbC/aZGzWYXwUvfkCAwEAAaN8
-MHowHwYDVR0jBBgwFoAUWocIIfvckxBtmgt8x2qxaEvfVdcwHQYDVR0OBBYEFIvs
-OfOjrm45cGR/aCtNVJAsjgXAMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCg
-uNxU4/XUIM6O0+DSr6607Epm4PaQEAnvLsgMdHGHCLXL0mwL/9sNnSXGQg08zVpa
-k5RjmIGMD+UcMJ28kArNA9u3q4QNB5OXZtrhoPTGhBaBtwR3rL2ZEvQxUw67t2wV
-TpBcguqwCt7IIuNbBOoN3Uilox3T4WptJ/A7+zW8oA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P123 subCAP12
-issuer=/C=US/O=Test Certificates/CN=Policies P123 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAx
-MjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYDVQQG
-EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGlj
-aWVzIFAxMjMgc3ViQ0FQMTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOll
-J21WulD37Mn1rV21nTiHp+5zJm7d2iKVBk051MbS63EnC5jnUm0D6a5QJiQR8Ai2
-tuB17ppJED42WQtI7o8exytiya4Y4BvDOeGlVbVZSGgbk2vjlTzg+caDcAkVSzWD
-YMs02A14NrbFODXEyAyJ7rsOTycvQorNHm6zUBvRAgMBAAGjgYswgYgwHwYDVR0j
-BBgwFoAU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcwwHQYDVR0OBBYEFFqHCCH73JMQbZoL
-fMdqsWhL31XXMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIB
-MAEwDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAD9AiTI21pU5RaP49a5YdThygUEjL+Hvvoq4cbbg7dN3qbjYJBXUruTWyY+c
-pSqrS3q3rUlt99O+9JFqZSX8LCVRMg0yWSlwymdeY8a5EBS099ZFB+r9v4tIndk0
-r1uaX/PyEiMNd+eT8GdxBwl+Jo+AHTvuHx0G9iRwLbS5Es0u
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=Policies P123 subsubsubCAP12P2P1
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIFBvbGljaWVzIFAx
-MjMgc3Vic3Vic3ViQ0FQMTJQMlAxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0
-NTcyMFowWzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVz
-MTAwLgYDVQQDEydEaWZmZXJlbnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKiBlSODZy8jLC4WxxNVbFCA
-SbxY2A4DLV2OXhCjWmUmHQvZhiXk2p/wQCX/9VMcX7XRH9a3JLM9l6ZSEIGVT6lO
-R55lGOjNfpF8x+pGe/t0yPB/6ntPn5e9ZSNhDJDoYkJHfdplTFu2AZLbaVPlysXL
-AoO69sbnDPVxAjxFX2zLAgMBAAGjazBpMB8GA1UdIwQYMBaAFNMqu/C1V0GVUt3P
-qLuSnOARbnO8MB0GA1UdDgQWBBQg7JO9uU0ScBZcuzznmEWH36QRTzAOBgNVHQ8B
-Af8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUA
-A4GBAEeaZ7Bsae+J0lNKAzqJhR4MHfT/5SBBazWGVSwIbpWl02esU9RtrStOTA8d
-zcMp2eLg3KDI+XRsYkxFb+fmJDckIYhGk2g3B9kW1a24k8DetYIqOXtFvleJ55dG
-iROwoCaH8/bW75CMK0alSXqJCAnTq+Pbg5i0nPX0ShJlSjAf
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P123 subsubsubCAP12P2P1
-issuer=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P2
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAx
-MjMgc3Vic3ViQ0FQMTJQMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFQxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEpMCcG
-A1UEAxMgUG9saWNpZXMgUDEyMyBzdWJzdWJzdWJDQVAxMlAyUDEwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAMa9AAnNzFuqJqv1OdC4F1PtY4Lqcc+JJQBnnaIi
-roTN/plb6fUL5m/SFbfSZnf/qQbYUkosko2p0cdF5VrblaCvx7vB6l12at9Zskn4
-wKneBrfSJUVDEgSyWm7mY6t1Fla7OSfywUObt1NWEzq3pyWoSKTIQxpMJ3jnYERr
-/wJ9AgMBAAGjfDB6MB8GA1UdIwQYMBaAFIvsOfOjrm45cGR/aCtNVJAsjgXAMB0G
-A1UdDgQWBBTTKrvwtVdBlVLdz6i7kpzgEW5zvDAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
-AQEFBQADgYEAgk/D/ABBm/yIi8Qk1ISreDz7OgEaqXoqyrQY9uq3nf/Xzlmrktxe
-C7bEDiYGugly0cHFHGProTJppes2ECdcVmrpXoIHSlbP3WucAOsWcyIW9tfH+Xsk
-HAts3bXwDmfI5WEndwM+p6kMKwRsMT8/q8XJ3ZCNgsu34eoKRWhBzlQ=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P123 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICojCCAgugAwIBAgIBJDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEQxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UEAxMQUG9saWNpZXMg
-UDEyMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuGtVArq1otVEuN/s
-xR5XSOEfVzIms1FiprO4UReYXUDbKzmCYC6YypbEnOP2JpLQOPwAfVqLL8FV7xiS
-o+HmK25R0aK9nQGFUPX0U9o4b5NRcWFAoYBAF2GOFBNqGF6d9wBFPlijGMT8nWr5
-ahnujYSC1Emy88N4hkp1fj4o7yMCAwEAAaOBpzCBpDAfBgNVHSMEGDAWgBT7bNQt
-gZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcww
-DgYDVR0PAQH/BAQDAgEGMDMGA1UdIAQsMCowDAYKYIZIAWUDAgEwATAMBgpghkgB
-ZQMCATACMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTAD
-gAEAMA0GCSqGSIb3DQEBBQUAA4GBAHcVVBwhebD5vRKleXMh71kleQIL8QOQFpHM
-jVYS/KJiBsVUTebOeONSU0cuPmzomEkpLyYPz8cDroidExtxGEpkKgYBGi1c5ext
-cDUGFsTWENTFFWjZ7xA56XUtGd8alXJfY0v6QSHqoYFosJvoqU2bjX6jqQVK5HbY
-kko1SxlW
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D0:BF:CD:9B:DF:F1:91:FD:82:87:5A:10:CF:90:AF:8B:BC:F2:C5:CC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        81:c2:63:b3:65:bd:c4:2d:98:7c:e0:85:dd:5f:07:d7:b4:1b:
-        7a:64:a7:7f:60:3d:62:3a:70:af:d5:97:23:23:9a:48:e3:b7:
-        8b:c0:3d:43:c1:66:e8:24:db:ed:a9:ab:0a:70:51:d8:7d:65:
-        92:ea:e9:6f:cb:96:8e:3b:cf:94:e9:9c:d2:27:54:29:8c:81:
-        84:1d:a6:22:65:85:46:70:07:da:1d:e9:79:9f:e7:3c:4e:96:
-        1b:11:d9:08:ec:f7:95:15:c9:db:8d:a7:17:16:3e:76:bb:41:
-        98:15:94:b3:1a:19:6f:1e:dc:10:24:c8:ae:bc:38:93:c5:04:
-        ef:9d
------BEGIN X509 CRL-----
-MIIBPTCBpwIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAxMjMgQ0EX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNC/
-zZvf8ZH9godaEM+Qr4u88sXMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AIHCY7NlvcQtmHzghd1fB9e0G3pkp39gPWI6cK/VlyMjmkjjt4vAPUPBZugk2+2p
-qwpwUdh9ZZLq6W/Llo47z5TpnNInVCmMgYQdpiJlhUZwB9od6Xmf5zxOlhsR2Qjs
-95UVyduNpxcWPna7QZgVlLMaGW8e3BAkyK68OJPFBO+d
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 subCAP12
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5A:87:08:21:FB:DC:93:10:6D:9A:0B:7C:C7:6A:B1:68:4B:DF:55:D7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        67:b8:b5:f3:01:89:95:0b:52:9b:23:ed:15:82:33:84:16:99:
-        d5:19:f9:2a:ba:7a:1a:fd:61:2e:32:9b:bf:50:d0:02:cc:b8:
-        5e:0c:f9:8f:7d:6b:d7:ce:29:7d:cd:9a:0d:01:4a:c9:ef:38:
-        13:2e:a6:46:a5:13:4a:ba:01:58:71:13:21:6a:52:1a:e5:2f:
-        c8:58:ba:dd:bb:b5:18:3e:a0:5b:94:3a:96:d0:47:05:fa:a4:
-        84:37:c0:e4:5a:42:31:19:c3:86:cc:42:90:32:85:aa:e4:70:
-        23:e2:cf:eb:fe:f3:fe:e0:83:17:bc:c4:15:07:0f:b8:c0:d9:
-        57:d2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAxMjMgc3Vi
-Q0FQMTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFFqHCCH73JMQbZoLfMdqsWhL31XXMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAGe4tfMBiZULUpsj7RWCM4QWmdUZ+Sq6ehr9YS4ym79Q0ALMuF4M+Y99
-a9fOKX3Nmg0BSsnvOBMupkalE0q6AVhxEyFqUhrlL8hYut27tRg+oFuUOpbQRwX6
-pIQ3wORaQjEZw4bMQpAyharkcCPiz+v+8/7ggxe8xBUHD7jA2VfS
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:EC:39:F3:A3:AE:6E:39:70:64:7F:68:2B:4D:54:90:2C:8E:05:C0
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9a:7c:38:8c:95:0d:e2:8e:c6:fb:4c:43:f5:4f:c6:0f:4b:ec:
-        2e:bb:a1:8b:67:77:3f:7f:55:8a:02:ed:2a:f0:4e:0a:7c:e8:
-        d8:c1:26:37:47:28:ba:e5:47:de:79:74:30:b4:a1:66:8f:bd:
-        8e:7d:9a:4f:37:52:71:ad:c6:50:b1:fb:ce:eb:0b:f0:58:54:
-        a8:22:51:9f:d5:d3:92:06:20:35:f6:e2:4b:8e:7f:a8:12:f8:
-        38:a3:51:fb:cd:92:4b:2d:40:2f:f9:b9:ff:25:4d:f0:7d:9d:
-        20:00:e3:eb:94:24:fe:05:ed:e2:b3:7e:fc:fb:1b:c1:4e:cf:
-        9d:30
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAxMjMgc3Vi
-c3ViQ0FQMTJQMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUi+w586OubjlwZH9oK01UkCyOBcAwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAmnw4jJUN4o7G+0xD9U/GD0vsLruhi2d3P39VigLtKvBOCnzo
-2MEmN0couuVH3nl0MLShZo+9jn2aTzdSca3GULH7zusL8FhUqCJRn9XTkgYgNfbi
-S45/qBL4OKNR+82SSy1AL/m5/yVN8H2dIADj65Qk/gXt4rN+/PsbwU7PnTA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 subsubsubCAP12P2P1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D3:2A:BB:F0:B5:57:41:95:52:DD:CF:A8:BB:92:9C:E0:11:6E:73:BC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        37:cf:8e:70:a0:12:c6:cf:ee:13:28:cd:1d:e3:f8:8c:6b:09:
-        fd:d7:31:1a:c3:2c:77:f5:13:3e:ff:6e:b7:23:0d:4d:33:3f:
-        a1:f4:37:4d:c2:84:0f:6d:2a:25:df:40:f8:25:96:40:7a:fb:
-        59:29:4e:99:c8:8d:63:7b:23:b6:c8:eb:72:70:8e:f3:ca:5a:
-        2a:36:bb:c6:9a:80:45:63:49:c9:9f:68:32:90:84:e4:a6:ca:
-        22:52:d9:99:16:fa:34:93:38:ec:ba:f9:81:0d:26:b9:5b:03:
-        3b:0a:ce:85:43:8e:bd:47:ca:de:50:4b:42:e8:97:91:74:12:
-        ac:5a
------BEGIN X509 CRL-----
-MIIBTTCBtwIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIFBvbGljaWVzIFAxMjMgc3Vi
-c3Vic3ViQ0FQMTJQMlAxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8w
-LTAfBgNVHSMEGDAWgBTTKrvwtVdBlVLdz6i7kpzgEW5zvDAKBgNVHRQEAwIBATAN
-BgkqhkiG9w0BAQUFAAOBgQA3z45woBLGz+4TKM0d4/iMawn91zEawyx39RM+/263
-Iw1NMz+h9DdNwoQPbSol30D4JZZAevtZKU6ZyI1jeyO2yOtycI7zyloqNrvGmoBF
-Y0nJn2gykITkpsoiUtmZFvo0kzjsuvmBDSa5WwM7Cs6FQ469R8reUEtC6JeRdBKs
-Wg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9EE.pem
new file mode 100644
index 0000000000..6771c05fc5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 81 22 E6 1F 10 35 F9 D3 8E 1C 0B 35 C9 38 1A BE 5E CA 1B 30 
+    friendlyName: Different Policies Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubsubCAP12P2P1
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBATANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEpMCcGA1UEAxMgUG9saWNp
+ZXMgUDEyMyBzdWJzdWJzdWJDQVAxMlAyUDEwHhcNMTAwMTAxMDgzMDAwWhcNMzAx
+MjMxMDgzMDAwWjBgMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZp
+Y2F0ZXMgMjAxMTEwMC4GA1UEAxMnRGlmZmVyZW50IFBvbGljaWVzIEVFIENlcnRp
+ZmljYXRlIFRlc3Q5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvves
+edFLgv8vlu0sxCTplwV97n0bNnx9po9ihH5BWII4NuhB1SG566w+qeo+LxlUDCr7
+SF3lwgxIvo+PaKcNP7SIiFEt++kSyhk8DjX5qKNZjPWDNWDDD6ZJBTLAl9YGlUdY
+knJdMBfjmsCQ0BP66ip203PSnQTCuhLdRN/syXTP5GC7MejAmILFCyIddxBi9wwd
+nDNMKNl4qhwcYdU8gCAB52ERHJ/WFJ9fSGkVWus81ViI5FaWblGC33EgUm8jqFX4
+hlvygwD4Q/9bjVVJefDXXXJ6uStLrY+K6Vf8rwtTLneOo51ZE3QMfkL2VqR9sB1v
+8Yx4HcOez04D3XiIvQIDAQABo2swaTAfBgNVHSMEGDAWgBSJIBeE+6y7CdfeXl6e
+aPY5UB9AiDAdBgNVHQ4EFgQU4wZXd/NUEr4ONS0cVpjBz6mlU+gwDgYDVR0PAQH/
+BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOC
+AQEAO8XGc+e+gxRvjmGI9a7myCl3mhrS9UuU+yid6C6u+C00it+ummR7SeHikTDJ
+j4VGXGpsaIRTPg0O+ddfegXB+WsQ8Rls4dpjUz7RLfMZFVvr7vWBMBDSZjQPYieE
+BYvzK0boQRrTeAchP06/SOl9JHfFuYm/YOqvgofTJaG1SiEULCdC3kqhU6V5rY1w
+oJPvgmBOyw0Cudj4H2zdLlcWqF0wl9Tc+BECqyJe+A4WW1nbrCmS98aHtLOnWlSI
+nAfWDY6emd7hja7EuJdNqWVenkX/mske6yMlH7PNNEhMjeNVQMt9YlLNb+A7i/XP
++W/k74kCn3JDwq9dfLK1kya+xQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 81 22 E6 1F 10 35 F9 D3 8E 1C 0B 35 C9 38 1A BE 5E CA 1B 30 
+    friendlyName: Different Policies Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EA41D9D067E8186F
+
+20aVc5sPdsVTrKZiDEgRPqQDKgU5ItFmVr9RfnxMnSqLAS35g5nTuIpKrpX1n4oi
+rUqa86/MEW//0BFkaw9+N4wTfhbuASR5PulqxwaREjhlcbwQaeGyenJMv/Kk0ZlR
+EvTQl8ATW6Z3zAnfmDB5AEwjy/0uddw1ApYgk8uRh5K1aXYKYW7iBIju0nqu8+Dm
+7lwlVvJXGRf+YUUeMIYHFPAY6OIdLFGPJrIGxmc717a4pGXKRyUw8g0EGAc/wR7+
+ZzJCo1DBMphBXIF9NOYBbOBjQqXW7+Pq9lFfXq7SbVzGCnJnJ3rJm54Pkh+RBosS
+Dhv8WsKHwH4szC2isG8vWiK0ymIDYak6ii1joPmR9kRBjxGRgdfVoluUHdWZ9XcT
+y5w/XULCdiRv0j1rLtGTP/A7th+urJUONHd4S5fh/RQVhGN7MCK54V9pwULHvGz7
+qWSE221o2lAjPW73G0aGESqMTE5w9Hx70GWtdeCO0uBTizf0TVL73Ycfa0+5bGpc
+tT/kNvYT2cxiM9dgSY9fc4v3X77V9AdibgA5/rVS1w+XQpsYVA4OpeOiNoT5+3X9
+cq1eS5U2iceom/uL2lXa+s3WGopFpl31b8zRyd49AMnqFD2OSn7VSy9SXff8nj1Q
+7QdU8d+3seGzEqolAfJuOmPUDAL6C2gx0Fyov9BIFcuTYfsS5XB77uxcdoaMsUSN
+Oq7F0DEHYEi09ZJtxjvsUXMALib12j8v0YhU1oOF6S+XGytBhfzNeZlKFXiiY5o3
+TRyJyldpH3uLn7CC17NoCqC4SEmDxJTHFdItvGNX1YnRz1TGw4wiLKdao+IBytqB
+MV7RzC0PGFVeEkbd5w6NoLdyydT1lYMN6WntX+maf0VPUfDjoEp6qAPctW05Hj/I
+4VjdBpf5AlNHh0heOgEMYhbckyLvfUAEBCCKSAAnxkHIoqF4IcQpYXG1IEQg63KJ
+EeFAX+ea8U0ggzbHMkCWKTFp4FmBbDR9mgggv+eCNWKhmU23yxuBXDIilqRlBA01
+5QbwHLJEyUcznsAuyU1q7EC957Zxu4rFrxVmE59Fh9rRY9WyoCE7unHoqYpP8HFE
+fJw9+xYYgDnyfGad6q0o+RwSXNhvaG2nxMGap48nkHISmONY1um5ikFotyir6sA3
+4p25JKJADhHWFHMvZzReaS749hAlduWfN8Es9vwzuPGxSiimfBeMBblcOC4j7AO7
+iJF6cQXvrR437XxkJ7UbB0zp+6bFXjQuYOtbTP3tEYKuovdGSD76PsqSzcZYdEC5
+6dWvIGO+1ThdJQwrRyKAG19cXdPwPW79ziPeiOrLXPEHwADOVebpfBCGUz0aY/eq
+NDJhwxRBttgQZRojV7DMQt0wVGlW2eFWBHmrxKk08gx3BUcurW7+3Y30esB9kQdn
+/EvI5GTmUaGxhpSAftvlVL5JCw6ro2f5MFr8xtKIgFX5EpVeEDDIF0Mq19kgkTFq
+hKPA9joU4FFX4DR046n0IIonsH+uFig8p0n1TvqEWNX8CO754ppQauoxfr/uysxp
+rgFIGwVhUmzE0iDEnuleLTKZZ/Tmb3Kk7kApVhnAw5EChe1GzSEx/g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GeneralizedTimeCRLnextUpdateCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GeneralizedTimeCRLnextUpdateCACert.pem
new file mode 100644
index 0000000000..5b4e1a8184
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GeneralizedTimeCRLnextUpdateCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 4A AD A2 3C FC C5 21 08 24 A2 27 F2 BF FB F5 69 7E FA DD 72 
+    friendlyName: GeneralizedTime CRL nextUpdate CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=GenerizedTime CRL nextUpdate CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAnygAwIBAgIBEDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowWDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExKDAmBgNVBAMT
+H0dlbmVyaXplZFRpbWUgQ1JMIG5leHRVcGRhdGUgQ0EwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDIYwPTkYLo2i4nGu322ECa0tqWdZ8/nED3T6b9CkeI
+qHuEoNkfyqjF5BUs0WdomqKXQtJ3UB0MOX0E5j0QUBaU/Hlg8/JQw7v1E44AeNFQ
+nAaQIXzIppIPl9DXe1UZebGRW2DzYS5sBhtxqpJ9xsdcK5oAUKETy/SoBNL7k9r9
+d5vdC0Au1b0W++GhavoJvgPDaoiYNZB2Mm8D4Q/KlR6WpWkOK4PVxFpOdteyJOIP
+6Iw17x6g7WKiBg3NhJnKjmACxPjZLJSqSocyFRRGGLiHd5/drpO8zPysx52IklDz
+dYm2VWvGTqPUJYzTGExj3ZJfOReyHnBDr3aOkRT/+503AgMBAAGjfDB6MB8GA1Ud
+IwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBR+KnXvDDbHS+cg
+2X9hSEeOEoMaLDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
+ATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKpBfr1XfvGm
+jFyTY4aoS/B9PFwiKgDbh0QVQ98D5vH/1kEsz45DwjaIbhiPXQd4pa/y+om6j/Vj
+dNrbxhUTKGsl/HHQN0kUDK8h2HbNEzgaRSiaENVcCef8N8HzoljsF+M1CglctyaP
+j4b2oFcqoJDezN1Bcmvwte0WmQ8zEhIh4gwzhmoMcSlV0cOoZtB66JRou28Z8FeD
+q5ns/Q+C/fOlFv19RuzhLhps9l4LylzzBx72fUdAGzeyvsVxJCG6if/jBG+DB1Ty
+hqKBozIY/MncXochP7Pkkixx43pomL942n5eLmflhJS9g/Yl0tutw7EtjTDmURCa
+TpyqzihsbBQ=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4A AD A2 3C FC C5 21 08 24 A2 27 F2 BF FB F5 69 7E FA DD 72 
+    friendlyName: GeneralizedTime CRL nextUpdate CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,82A93BC67947ED12
+
+TwDHTK6R5L4AYOO4XVPJjzV+CvgWSREM7UgQDzniSlI/Ll4jLylVXELbgrbfChDl
+tpVy01j3pzzXAdLLyJlafT/LMOzO6XkC+IBPEtK0OmkTZy74yy9qF1/s0Rcn5y4x
+0OcvUvKiB5BdmNYwsWVIPxIewExuXJXFpiUzAsSKfVQGfrBHI87QvXfLv6ozTlcX
+YeTAF+7yvQjkYYi7ibO9+Tc2VNlUNRsx86EnMjN8osqQYG4cUnpYeYGDhdeTd3nh
+gHXq0cuHYjMr4RWj7ZtDOLAxahDv1qRL6V/mfdWtXuiaMyN8f23s7GI8hDNSsxXA
+PlvE7tiSGlvCZNtRR7rXWo6tkZdvot+yn3XoRE8fwOm7gIAeD2GQDKaGr5B6XWG0
+dXFwZ10kIXeYEMSFOMWf17AT1cXl0JyfFLCpzPXuWPBgeMeuESrOm+f51pgbYMJL
+7iRwAWppAdQXCNcXSaAs4XCHOm89tEFT6uNUVwatzdMpYwWe0lE+W+pImWcH8/rp
+Mcn5j8mL50KDH3nKjLisj4nSu8t/A1mUfspLsz3GymnTsPO7pRhFhl92nQp+GGSK
+kNFCEYkFTk02eJE6XhGVP9+0pdG7tK1aGlnymQkqDTvhYID1dxIGGIg7pb1ZQy2Z
+zc9w9ka/bJsVTxt+v3ey8r6K3oqM7chOkOQOK/7HXHK/NSoejWoT4Wne8GxDIWbY
+ok63wZ2bLxumA2Odg3kzNSB/pvwzhK4GMJ1ETuFsAQJv4zkxUBf1+2P9g2i6OKOD
+P1sY3VjkbuSsRHUC/qxGsM7sMLjDmSKSJYcf/0vnJbAEG1Qo+r1g+wO7nFnRw50m
+/3sRYQtmgjP78ikN2fLedqzJluF/xj44beluU2mCoHsDAd4z5szK2YlHrTf8Wib9
+0Aef1QI7leym+/8meKpkL2HxWb1O4FnUJelmJIxgTT1pMZ9pYn5U2TMNIN+Zt5Yo
+Z1KfZN+4BuUc1v3jsZ/WuRI+zoRer36iCf7OwwvjOE6uX/4UZHVNRX0EhDEf5+Xt
+fVjeT3NE+6Y/E2kYHT7mnHOTL7wNEvL1FRyt2Ii9161VIP4BZTA/pc/1MTuwN6O/
+rCLM4q08VucXxc10fW6y0HfMci1XK3sw7VhQtxEjBlZk4fS8aUPm+QPKvHfn1h8M
+8H21FWaFDzuDPBQutOdjE8SZPejQinPAfYkYWpynBrmio+1gv1F0NBUcjYbSVZwO
+tYMTu8/7tfcT3zhsBblP+g9CGetVxw9eDrRTQF7+K/nCgToPTCg5znHMZ1j8N59X
+GwS/YsGM2DNrW8aldQ5nJxRS+aEGwlcHfqLc1CXv1uHkUxBUMwqm8aoGF2hIGGJ/
+62l06ZzkirqlJtxMxAZ8MOz0v05bqkvggVoafiNQBgZLg/rMO8KNRIYckszQOwLK
+L1UOupVEgPtrQvmjw16yuUbTDk5Q/cBuB4FytxmPD29RiBYVkk3bn8/oum7PRm1V
+TJtWPmsZf9kymTmHZaYarR3G5DgVFM7sdEDGtCUtGHwc3CtToHg6dmMLmU8Ap7bw
+UfjUmU25Ys9rt/j3QTNMfM6hf2tVZyguLPqD4+NIjzfd+MJ7i10eBdZhMd3gpaUa
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodCACert.pem
new file mode 100644
index 0000000000..ac9006fab1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 6F 49 77 95 33 D5 65 E8 B7 C1 06 25 03 EA B4 14 92 C3 8E 4D 
+    friendlyName: Good CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Good CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowQDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExEDAOBgNVBAMT
+B0dvb2QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQWJpHYo37
+Xfb7oJSPe+WvfTlzIG21WQ7MyMbGtK/m8mejCzR6c+f/pJhEH/OcDSMsXq8h5kXa
+BGqWK+vSwD/Pzp5OYGptXmGPcthDtAwlrafkGOS4GqIJ8+k9XGKs+vQUXJKsOk47
+RuzD6PZupq4s16xaLVqYbUC26UcY08GpnoLNHJZS/EmXw1ZZ3d4YZjNlpIpWFNHn
+UGmdiGKXUPX/9H0fVjIAaQwjnGAbpgyCumWgzIwPpX+ElFOUr3z7BoVnFKhIXze+
+VmQGSWxZxvWDUN90Ul0tLEpLgk3OVxUB4VUGuf15OJOpgo1xibINPmWt14Vda2N9
+yrNKloJGZNqLAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZ
+XahmMB0GA1UdDgQWBBRYAYQkG7wrUpRKPaUQchRR9a86yTAOBgNVHQ8BAf8EBAMC
+AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBADWHlxbmdTXNwBL/llwhQqwnazK7CC2WsXBBqgNPWj7m
+tvQ+aLG8/50Qc2Sun7o2VnwF9D18UUe8Gj3uPUYH+oSI1vDdyKcjmMbKRU4rk0eo
+3UHNDXwqIVc9CQS9smyV+x1HCwL4TTrq+LXLKx/qVij0Yqk+UJfAtrg2jnYKXsCu
+FMBQQnWCGrwa1g1TphRp/RmYHnMynYFmZrXtzFz+U9XEA7C+gPq4kqDI/iVfIT1s
+6lBtdB50lrDVwl2oYfAvW/6sC2se2QleZidUmrziVNP4oEeXINokU6T6p//HM1FG
+QYw2jOvpKcKtWCSAnegEbgsGYzATKjmPJPJ0npHFqzM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6F 49 77 95 33 D5 65 E8 B7 C1 06 25 03 EA B4 14 92 C3 8E 4D 
+    friendlyName: Good CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A56D1AC2450522CA
+
+ie3dH3qeOIyFqScl7j3cb0iu+A+OWH0vEz1BO1dVcqv/APWWvSbNl4zsBoFdeIHn
+SGSDnSskPpBgH0ca25h7xo3jOfxxAVoA7lCGT1fNlFtxCNaztHSP31Dyyn6ZpXY1
+OMSllMqNfH0aateQFl8aE+0TPg8oUq2wS0axrWMU0qQe/TOxuliDTfXskJxp7Jag
+jk8sp5PoZ2qmlO7fhvbWL6jljFdoTYeJGCHGEkc57FpD0gE6PVfJ+hZ9DYwpz//5
+yiONS1IjuY3b5BB53/cZ5WerPNZoHpGmAq4FsrP19IAXz9GdRvTlfNelBh8lwhoU
+T/YLB90JRegpbcFzzVCenD7NvXk/0Tk6qwP6JfED+1755HnknP8M1E26uFZYKFLf
+N7KCKEdZ+cim0EYH5cJyeHk3dD1laBdaxz1bK1n2Vle4Ymps1xpyj1YKAhIjEl3s
+guJg2TRDL2t056AhuXrk6J0qzO8Zj17KVq2RMXKqIGLJqi3ggfin52hL1n1idkoR
+IRj9Oo9TN8/qxt6i7xXr9Hmt4oyrJE1xfoRofwgNNM8N8Ku3Q67g4Ky2iAI6SGgU
+aqPCCPdrEIh+bQyklS6yOCtHb4S477sPr3R7raypUmrD4zqczA8sE56OCnOyW69C
+Y3JKGcfOAL3v3e8YehGmgtpMRitAIDQEIYyvBr+Bup8lNyEF4PZF4zdeuDmuk1ga
+BtPKyz6VxCoK3lLTyuky8SqL/SaAVWpazrZpbMlv8XDUIbZOcRlaAhowyyW9MSKg
+j1jJ4u3zkqUL6nJIUcjqVTKWPJC4f10LcHa63SGYu6IWK6YKbtKKXKOpuOc/HVUt
+3YStOhVdB2OJZvPGqp0xVo9alhjQrHnIQ/CAkfOWt3x5VneHw1cli4PJAzlzs11L
+isLtJTIlPSxCK1BIWH7KbSMUj3TWQYzanvomOiLqNdE+HH8EbusylOUhJilCj9tO
+lcxHwwRu5lhoYvnlDLy9ulocCsPpiNzVyZsI/efRXf1NAcjASVSO8S9KBFw27kqV
+/jKHME01NPM4sFZmbnbcH9HoNk+XBhxNcsEnIhh7CKcf0QH6M2x3eTKyomHwB3G0
+MZxp0TtlgB2ynGsDgnWkSAduKZdDruGauUvj3ykT6ErYkK/nrXPZspRlrYaoFiHt
+n++sACgyrhDY5EyZrx8kiBjvdoTpXvG2jD2tPkj7VO5jYP9kmfwya+VYXI3pm2zp
+qIDgP3Rj8ZwmMuZJbSgwfjEJ2wBGOIAoDWYlVaJ+CRXe5/z6NPSjgOheOATOXZJJ
+3+HCe+8V79k6W+pWlA0lIPYmHvpTZvvGgpEB8DEFqvVCYuxh8TNxUREGi4vzUf0/
+/7T21PeCuTUzUDLMxV3a5C7Y88G2DxiupE3xD5SnQ0Yue51RUurVEGTD4dIuPSR9
+T8luhGHJon1BtsYDHPKRqqO12tIEZCVOHOkPcIVjxuQQtV00/rAFiIN7x4Z/Y7bH
+yqr/dRb+t0l0crgk8GlW5ReLokplkaApD58ypueken9PifDbfehz/yChLA/7SlFY
+8BJC7dF3t6lQSw9BXZmgP5Ukx7Wqqjn4bOBi5WYan7MZxD02Ovnpfg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCACert.pem
new file mode 100644
index 0000000000..c169547ead
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: CF B2 F3 BA B8 E9 70 C8 5A B2 DA A5 F8 DE 28 23 A2 59 BE 41 
+    friendlyName: Good subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Good subCA
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBETANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMEMxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRMwEQYDVQQDEwpHb29k
+IHN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsg6YlsgUI+Jx
+eULQ+eIB+57x/d39rz5zlcqfjzxk95+il+BC1o3VuwtIIxYMSNmi/5GvBuGLtjA0
+/XLCvM9GnONzZhmBUGU6voomA7W/WFZAqi7cDNEEzT9E7oJAoiQBNXPXngmJX8OL
+G9yLMOTolFlLoUvmAoDGryln42gYcYXdJMoWCq+JkAaxs4tVCl+OkAfLRM7yh/IZ
+rhjfeQpMcy01e+Oku2AqdJTQSDjDBrvI21+rB3LnjJvWbpm7NbJL35LmOc/kd2YP
+yFw4vJ0uFdn95lKEuM6HY/PtkJNr36/qwJ0ixntXPCyYLyDSFqaSa+9LGbcJrp6y
+RoCD4hcZOwIDAQABo4GLMIGIMB8GA1UdIwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1
+rzrJMB0GA1UdDgQWBBQyByyedF0tXSm7sXqNOxVStH1CeDAOBgNVHQ8BAf8EBAMC
+AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDAYD
+VR0kBAUwA4ABADANBgkqhkiG9w0BAQsFAAOCAQEAcX2vRsH1O1HQsB/7Jlf+ov4p
+fIwfT5PAvv+p4bo+wWcumPIC1DjUk8xnOQUz3RkhQyqTbE+1OGuA1fjO0VJZ7Yev
+KlO6MHkMYT4N5mge2ZuxMW+35ohZ23DHEHGk174QY6V8l4ICau2s1/SRajFqfRmY
+3s8gZFo0UBX0KIcmXSu0YHfaHWXnq7bs8kCODW0qMQnlpsUtbwdlPn5jt1kbMnRk
+rKzjruehXGm7gXC2QlHgH/MfJgpawne/n0DwPBVMs/KVuR/HRadunSuGf5Vy/rm6
+kZ8Lnu8+sk3pfWXdwEK2tWArcVUv3wh6jROOasEQC1Ah3H0iXv/ETCv3BnBHFQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CF B2 F3 BA B8 E9 70 C8 5A B2 DA A5 F8 DE 28 23 A2 59 BE 41 
+    friendlyName: Good subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0C57A135D4BC7FE7
+
+MudOD7QTH7R0S0CeaqyAAHnkZQhrmWUqA+ZRYQLsN48JP/xaCrJ0yn8dcKpPxCr/
+Qv9TCnMStiRu4wRBqVSx1yIrIkEnWNFEXntzRM2+I486+kpXO038R9tg0U8Is9hl
+A++U5DM5+W07bhlJ5BRbwmBSXhqIqWozjOclAw4bTpkQEiiJFBgwo7ZBxZW0pDWq
+cldBvQvswXPkn42XBNKKebz+cAQENWqGUuz8GEx59UjUVg5Bj6GFknUSc6q41pdF
+dQw5acMtkHQwY7kvMBiy26Upx/vuZwlkPZxdf4C8jBwg9r/dCtHcQRhjZV70fiax
+SAwZbPwmf9cMweSrKPZ1WmG1fTqKW9zPd+tEsPTQTeri2zS70s6EsqwIYIZIifGI
+P1mS+LZ9cUXHfaQT9R9WjLM+mPZjzSkeEltx/30e9L2/UvE6/cYXYeTiKmusxD8b
+nb1ZQGhoqf3efij0+pfvCp709156LGyLe/g6Xg5SgpijQfTQkFfuXtk8cyHpa4/n
+9/JDAClHTa4sRo3uii30Y0Gvcu2bzG5McPmhjRQiIsHrEKq8M3f2h8VMeAktEwiO
+cc9FQy4ODUlO3TQ5CwUsTSBUhF/SvHP3e0jMpgEj+l88bxIyfVLz5grnbwTm3BHA
+4sjm4cCCae/OdRb6kqtyrKdFXRaiAfTX9d6gdJwrQPsaeW9bjeMJDHviMkwJ13Jx
+YBeaU9VOi/sf0vxgnWDndRcLQzKwDeGwH+LlNIur94QcKv98X4wpFJ9CrpDpap0W
+wHnWit/2dNWkbL8GeAsCnLhx5blaPY/TvAxnuUKgZ9o97MEUf2gBDhg/buHA8YGi
+c9eg5XWtwrfny7/HWRYtdnrG0eqY1uhBKeFCNz7sG5IY6vT0RHadOlTFzmFAmHp7
+8UG01hUHnMZKFPVTb19PQw8ZgmjmnIAhhwXvrVjddFtqqOjIkIg/Vfzyjl6aE4UN
+jPzc8j24p78EYqo+6gqT73Mci4x3wSjlYNQRVCKDMOQ6fhWV/TRe6jEpykRLdTJb
+B9oeRIbwIH90VcbTarhW5MqRSgpPi8dNc5XkrYlqXzJjghQGEnnjbHYYUvJkbNfk
+08XVP1SIDk212veafCGou78BzCUM1NXyQwy9zcKlb02/F7KYItaPQ99oyKxOk0h3
+/1iNUdesBBKfyowG6BOpD/aknUxVJVehKutmDTirbEMcIBWyu/7ehp7J1+GhmtTC
+CxhgoWtqozHDTf+O0ZHk9cYb0/SzveAvziJOuKzAP0cEW4+VWD+JSj6E/B5h0AGl
+Fr6ROjVTNFDZRdAPGisW79klZZuiqllWgwLTVOnSuFrwn+BHsYk9XuYBWBTXxDfN
+424SLBEHpWNcad8syLz5bpx9EOLrE2llWwXlYc/3DjN+bOFzkRrapZwHtUKjLIZ+
+Q0HF/rwYTaC5HiFuznGj98yhFlZ6r7pMSZtSs6e4ZDWe26B6WiGkFw3PIOXzwKNM
+4NrG6c1x8ERwKA1tI7bn+OGhthjj9oHVFBGnIesR/F86iU4pq9kLlcNTTf9IVSFh
+h3fgE5MREQNeJ2VxNmoNwEc/qYBfejVGA/fLsi85FJoJ39JTqbpAQTDo2o+1fn0a
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCAPanyPolicyMapping1to2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCAPanyPolicyMapping1to2CACert.pem
new file mode 100644
index 0000000000..a06c938cbc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCAPanyPolicyMapping1to2CACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 8B 5F BB 21 90 3F 65 D3 30 D6 81 F7 76 B1 A6 AC 31 5D 51 42 
+    friendlyName: Good subCA PanyPolicy Mapping 1to2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Good subCA PanyPolicy Mapping 1to2
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDxDCCAqygAwIBAgIBFjANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMFsxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSswKQYDVQQDEyJHb29k
+IHN1YkNBIFBhbnlQb2xpY3kgTWFwcGluZyAxdG8yMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAyHIxLkjNU7QX3AYrkULGwUqy03uLcvbUEHQInt9Bp/Pg
+XVX+CqX7DX4nF+BumfO3NZ1vgPO7fYrpw2igH+2wgB/eebl5xHhGzurjNNKJf1Rj
+ikk0VDg7HVHpEoFZO+LQj+GVNj42mkrjEF9zhk8Gz1+K7I+MsdNN4qqJsavkO99s
+ZKh8tuleFRUakUSdMDA8LrJbQgsfvVgrO2/AYiIwPiLbSRDqhNse3Hg4/+c9rQ5f
+AxUBaW6j5gyNDbo3x9Zv4frFmtKqutRSzCHTfPXPsPduRozkQ9klYGOw2BDxiWfj
+QTJYTESOFXwamS5hui8Y8J4Vunngk6WFtse3+VSTQQIDAQABo4GtMIGqMB8GA1Ud
+IwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJMB0GA1UdDgQWBBRbc3mZ464G04qm
+M04UeOSgHbHkyTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBgNV
+HSQEBTADgAEAMBEGA1UdIAQKMAgwBgYEVR0gADAmBgNVHSEBAf8EHDAaMBgGCmCG
+SAFlAwIBMAEGCmCGSAFlAwIBMAIwDQYJKoZIhvcNAQELBQADggEBACIjsluMNLOx
+owudQB61hn4d2AhLpSGzbgqU0PE7p/666w49TrJ66XGuIq0c+z/Xtl8mdGQ/lz2Q
+CZqGNX0rb5NdjMV1MNJtEaiied89eI9sLBwbvu0cFAXeW6EYjyRCaQwh8/kn3K/b
+Wvr1Tnj9SmBfyGaPoTZDpQ60rE2mrDL0CbKGnp4H/jIYtHnItuRe+ETOvkSiF0qG
+X382kqIBHKji6xTF7HNHQr+C86OzdU0hffbCf38gt3LwUYn8MOKdInt1UEmKwG8W
+1kqf3Y/IaGhhfBNEN8yNaJFNr+Bjj0blSkuqtt53jxHjXrZ9NPVmE6A7IAIx8av/
+u7BUc8H7ALE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8B 5F BB 21 90 3F 65 D3 30 D6 81 F7 76 B1 A6 AC 31 5D 51 42 
+    friendlyName: Good subCA PanyPolicy Mapping 1to2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0C5018292BD2605F
+
+M3Ol5bfO74yfUMcETlL+y/qZXK6sPzgX7ae0iWbHucn1l9UGwfDbdq9GMhjdXoeH
+LcZhgBNNhQ9uqABdmHnULn/0oot9BntYDLtj5j2TAK1a8HHf0sAhNuugpEcSuN1Q
+m6ewmF2HKpFBE0QIxn52GOussAQkwqQ1TFpCBK39E3pUf23U1KZxtZnTWMuIxX6q
+TwrjKb20AAzLIkja0dlFluQzQyRLDbUo17yXjoiYMzqUtbQekvNcxThtH6xnAsjv
+ItIRWOiSmoMoNwTHMuuhhKOacYpHpdofbfxeLphvXRBGnwGuG6r4+mepxDTKUa7D
+DiFLRT95vPfGCd7SiOEK8IadIjIMDEPLoW1eTVKMgESCxaULDM9O1X/qLq/17wDD
++a+9/+jOhfypJ+tb0qVlfRY/uzrwsYqepKcg5OwhWRc/c9moSv6GNbDrA5QJRV/r
+I0sQ0KzK8AkapeQXDhkM5Bmr21HVtaQtTSozf5xIhninpRSIQMfxDPHRqgKgP9xH
+tqG8bBFSygzlmHR7U9YBvm5G0tNXhyIyumEMj3ljpJqbxe08+feIiZqv17HwEhVE
+/N+J1Ou+dk5p3CwUH0Zs61NY3W90TwVut7L0nF30VaGg4FHFKmUNZIZR4zxcgBec
+Wyich+jHlowm91DQeazmTec6EJKCyPlLGOP6p0ez2qX3+Qnu4zrFBmFkpqYdpbOp
+maCnsvzrYn3J5gC0yp7UhPFduDLi7oSFlNQs6GYVKjGjVhghx+un2mb+SwPboC1f
+6ok3Y5q3POY2WL/ox4qzToppMjulYiXJwCPv1IqxJGc4xyOplJfJSvCjJOg1StT+
+8+MjWcBMrjnWDB7YO/ZXFfnecQVlskbFG2u3TCjpMMdkyIZTTBgUZAm1dy3TJM1x
+EczaWDipUsgrs9p6Ip9UHwytclLk3Sl2Xf/V260myoWj6Nfv8QpXOzYH4lID3kp9
+tMw8wXUpZDXQAB6VvyAgrJX6s/9jCGDZn6WXvahaRN7eEyvMT1AbTgKmPzbjZOO9
+/JR3dIpAdeUHjfhrfec+x3qo3JZFKWn+2M2z8TQfng6jTs+o9+Tzh3xsclAO8lB8
+08T/Mp84hSZJ2sYHpLFi9qpmQCdMOJ209FIoP/q6yqlivU2ZEcWdoWIzuNw4s+6R
+29KQ8+nDm89nlsBR1jgJUJO6nX2IiLjQSr9TEUdcpTwvlKGz6lkr+WuvyfzgV4fm
+5sBczXMHmudkV14TWfHEUH2wb5TzLk+6EbFLb20y7knwu7TIaw9TAtXA6wgsFCkg
+1tcXzWnt70cZHOOVWHc3V3mlUx6lmWgakLwS8NaQp5MpqLucS+YuZAbyBvKjWOW2
+IEQyuKKRC9iNCWzg6D1MvBF9A0bZ6iIu4mNj6NhMEul5/dmTKQSy5pCo6mv36kYx
+NWaZsie3Dwqk63op5VPBoz9xkGzTcUDPr3kqQ/kwZPMsdx6+aasyWY6w9f511dDr
+ml08wn/zF72P00Go2Jl7PCdwJIeK0Ggu+4nMJSrTp8jn2wKt6NREjY1tA/C/8MCu
+ivdfNGnhMjBwfkO4nodwc2+tyIikYP1+LCXHGgsxCbB4T6KNsNmyGpgKOGuuvkyn
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5.pem
deleted file mode 100644
index f8cfbfdebc..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Bad CRL Issuer Name CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfDCCAeWgAwIBAgIBCTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWQmFkIENSTCBJ
-c3N1ZXIgTmFtZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8VTZxnGg
-pV60/E3F2RBR9N0VgI/w8ZdVENnRoqcpmY276I2t0UaRM95qNori4u/6Rb6RI6Jy
-BL5dPaJuS4hoVphnqLjMMF+huDF61ov49vcOtMo9Qw7NJYgeoINC4KcUrxvn5O33
-IjvyvGkMbrzczslZh1IaGrquWlS9DQDv3jECAwEAAaN8MHowHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMg02+C1YxZR0VCkMtLFWfhD
-jOBnMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCYg+l+IX369jmWSOMWB2Gw
-tuancmzEylYvy1g4di3sVNNOTRaST6hG6M0QkyVJDpr5wYwDCAu1me4CkJlaRHT9
-RZB8rW2LK9ydBJG5peFQa8QPQv9phrb4Hc7/2xjr0Eq6sUAQOBsCL09IY5pi2jxH
-o4m0vETRDlhl/Lqsc3dLTQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Bad CRL Issuer Name EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=Bad CRL Issuer Name CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFkJhZCBDUkwgSXNz
-dWVyIE5hbWUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBkMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxOTA3BgNVBAMT
-MEludmFsaWQgQmFkIENSTCBJc3N1ZXIgTmFtZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0
-NTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmWwjDb3FCLH56CnXApSXwVHB
-KUEdYLsDL5afA0uwYq3CutM9nFTfpI4wfWoh8z8rbcyzMhNU/b90XnkcJeUlLe4R
-GVC87g/Oh67ONY431E5nS0t2mU3gA5A+QJwCJ5GgkoRJy4aZS7IhIVayya97aITa
-eeInMge1hpOIbhG4RWMCAwEAAaNrMGkwHwYDVR0jBBgwFoAUyDTb4LVjFlHRUKQy
-0sVZ+EOM4GcwHQYDVR0OBBYEFLIo4xfziwpQ8zkzEpaYHC7RAmffMA4GA1UdDwEB
-/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQAD
-gYEAYRbr0XdXa3sve8krgu8sJ/Dj90/LJexPg4kRViyO7965tP3sBCNUAIO1Q8QW
-n27WeL4IjVXDSrspE/72yM2b8MNWJ4phd+PJMkQb+ioBbC8qPrNvnesSKPbqNcDR
-qLz/G2oPMHBWA5zuzG1O2ecxU1MLUV3tY4QxY1oNRuMunPo=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Incorrect CRL Issuer Name
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C8:34:DB:E0:B5:63:16:51:D1:50:A4:32:D2:C5:59:F8:43:8C:E0:67
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2a:95:96:bc:9d:a1:bc:e9:8b:10:db:0c:3a:19:c0:f6:b3:bc:
-        a0:15:ef:97:6c:c5:83:6b:e6:ee:c3:8b:fa:54:c7:86:7b:ba:
-        e8:73:c0:9d:d6:e5:1a:90:74:4c:8c:71:bf:ce:81:e7:36:df:
-        95:4a:d8:6a:71:e6:16:6a:20:ab:9b:7b:de:eb:c6:ec:2e:83:
-        e9:0d:61:4f:62:df:3b:5f:02:28:98:01:04:5b:d7:19:18:1a:
-        f9:18:63:83:62:2f:de:0b:9f:a8:5a:d4:8b:91:5b:94:cf:bf:
-        44:d8:18:71:89:fd:99:14:c9:92:7a:a0:6b:ed:15:13:5d:37:
-        91:fd
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGUluY29ycmVjdCBDUkwgSXNz
-dWVyIE5hbWUXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFMg02+C1YxZR0VCkMtLFWfhDjOBnMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBACqVlrydobzpixDbDDoZwPazvKAV75dsxYNr5u7Di/pUx4Z7uuhz
-wJ3W5RqQdEyMcb/Ogec235VK2Gpx5hZqIKube97rxuwug+kNYU9i3ztfAiiYAQRb
-1xkYGvkYY4NiL94Ln6ha1IuRW5TPv0TYGHGJ/ZkUyZJ6oGvtFRNdN5H9
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5EE.pem
new file mode 100644
index 0000000000..c3d5661683
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 83 38 B9 B1 1E 8B 1A B1 01 EC 85 06 77 73 50 80 9E 77 8D 72 
+    friendlyName: Invalid Bad CRL Issuer Name Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Bad CRL Issuer Name EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=Bad CRL Issuer Name CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWQmFkIENS
+TCBJc3N1ZXIgTmFtZSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MGkxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MTkwNwYDVQQDEzBJbnZhbGlkIEJhZCBDUkwgSXNzdWVyIE5hbWUgRUUgQ2VydGlm
+aWNhdGUgVGVzdDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbUQc/
+aDfzozsGi/PMBuOvwbdh4u/eGd5PwWOqPgwARtSrxA+gRKdsLq/Gh9ySRhABGV+h
+92N/B4xPnilGJJt2SUULOZz65G2Jb8yUZrO2RSLXcGSzExmQL58GC8jQ13rPveDn
+tChy8oiRh1Q+Qswy1dIP/iya8fhceDjt6YhP35Du/CzDaPIEdxlMYfnsiM5PZukl
+Yc/0+bg/T59xvjypk1oAOxVdGngaXEpkpwDyKoTdXMATrWWIIoA+NgmsJfTRlwes
+l/Mzy2pJxRRql9tW8yteW78ddNBIMHeSfJkqcwJ9y3rdW6CC4qE2ih+5O119FMTU
+hlkdv0bKseMyrb8zAgMBAAGjazBpMB8GA1UdIwQYMBaAFBFy8jVdBNUOSiAHB0Eo
+/ZRwABxxMB0GA1UdDgQWBBTJMGp5bfvpKIG6aOzEVAK6YN1WYzAOBgNVHQ8BAf8E
+BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IB
+AQCNUhve7sX9MgDZzE0LREXi85Qx+HDApJzt7BZ0n7jjN+mKBR7z3mGqfvIWd+nd
+yEtDj2G5+PEd59nPp/tlNGwcKHuD2ht/83jX2tjrNZE1XizGyPS6m7vI07OiVhNi
+8CODBlCX5jimwwqH6i+2WNFI/3xQZwqjx//q5izI9TMryIDbX8mwWGYtDd9O04u5
+3Ey1oZdm7fxE9QJ5Hsg3zOGHKNVr0JFlIHx2yaub9F4CUEHVx56rAdY/13v89iUD
+yD3KEZHOxuGRLD1nKvK4rU7vEmYOXRF1z2iobzxA9VbBuybrsJwZyaCZRZ9C09XU
+kw1e5M/h7zZuDUtLKIyzA0pJ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 83 38 B9 B1 1E 8B 1A B1 01 EC 85 06 77 73 50 80 9E 77 8D 72 
+    friendlyName: Invalid Bad CRL Issuer Name Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,619AE424395184AF
+
+fidkvMzQmt7seLs9JoKXAFeoeWyIs/Dn0wWqjju6InvbFGt5e9dBqJOHqXOiR2Ad
+hSGbVkcvXRyUokJudi60t1cHjXd37l/8tK1f0Cji6EUUMUekG08BlF4jrsA2R3Pb
+5Q2Ya9uhNO+2FDf1dYk7+Tyvg2SOUPtyN3xS8S54+Ao6761jSy9yGHm4KOws8ViQ
+c0njkI8erjzYo/H9TPgOtW48JHBxa/GA5gBWFF/2z/AOIhSLtOMeIiJEcqiENlnm
+pOzHXp+UnCDdVb+xEO5lYKyNA9h2BPhZ6x9SA5VXjNK+S+rC6g0Vj6bgX58JfAg3
+DoFKy+RpkYBB4MXskmU8+SWVXrXmcd3JTZS2dN+pkFRxEvdR+Xj6Wi7XIpZIY9Dw
+BL/YNX5+ruefdisDncgR4WdDy0rWuKnJvFl8FyE3M3cQl+LBUwxwf46TotGcIHwj
+Lb43hD0p1xPSPwcElVi0iJIZClVEDM4jNXv0rYk0fD1GUD5I3f3jTILxlTrIjWcr
+y0I3c74aRgRBp4B+Wh6Vh8OzHDVZeko4e8WCWT9QnknQw0b56/yKQErymhT5xCSe
+ZxLZ+JsveW5s6u8ySC2iScdRh/TTHag8Y2y1aIkc4iZRCFcLi/Udh/EuZ9unNHOE
+4lSEMD5gwHaeb+y8iVdwHOVIdelp0RceTmHiyzd/OlDCZOKt2Ha2TasdVdK1g43e
+MNqvW77Lz4isgIuROIZmn8vwBoprFXXSPZBnjDvEtichw6i3kRJbLtI60CkVK7dx
+P5Ffx7IhwOIFoxfxzMxOaxB2FknnciEoUpAyTUOqI007BVuwx+mQk6Anzh2/Osc6
+AvVf8SvuufJYAaTYovAmJlwFpTETkwUui6zH2Qt1k3x5njTN2EXscUJDLAJ8PWGW
+QNj3YlKdQdT5bfQGRolmQN/Aki5BhjhNamGzN66T5Bi+MjTmaK9o2kz+ed1sdGUO
+M9g7RPJ390RzTjMf2g+pagVw6Q5jzNFmgKn/3QPnhREeFZXUby2KkrENqf5Gv34C
+s10//lqT2ln0Qx6OZjYn/ydWt0fmdn3msDYzMn0UcSxSRqHZgf5Z/J7GAPeUtxzE
+1sTo/qx5gkZ7KV+HAkODoGOjUWDY56aVTzNvukzZ7g/HoB+71m06ce01hgxEhduu
+eDdVoWlRaV3MWATYKGsEO7G2dOP8oouzYYXxip8TZClYy0QJkfSxrHx+eoYDU16M
+SxGrtYkSRf9SvBTAjpcI1IYJwCmLOXbyJldhNDz/XgXjE7VNjwpucy4n/NSkGA98
++cE4oG8FKPvU1rlAZP8uSi+jW64yOykMYrGyCRfe72Gc0WrDp/TPVoJpFiDulLJt
+06XV+LA1A7Iv+aOgej4NMYvQDHUuDlQGgTPeU6aWSgiFQZkMWyxt1r63MTC0qeK6
+6buWTP/teEyzDyJlTb2dTwsUJaK9BwT6Cm4M0MW75zlQw0lnR4VWwKHCnAn1OQka
+ojcVVmSs2ixDCAB8fOBrcqRZIEw427lb8rJyHhvqCdMyje+D3s/T87vTtPaYaaYV
+SAF6BFFcV+3bAymDNnVB01QLIOlQbucjE/M49Y+J+ZS1gke6WFRGPdV4SvcHtYaR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4.pem
deleted file mode 100644
index 6fd7c1dc31..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Bad CRL Signature CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBCDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUQmFkIENSTCBT
-aWduYXR1cmUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJdogWv9CPXo
-9rQEcxwXXws6b/WT7R/AspFsq4aVO/l7puHNxGIQybx5jK5W55wqPtHa5PPGSpJA
-YkcuKVXL1ZqZh8A+VenvazNg0XoldwJZalTN0AwR3FprLL3cXYIwu8FFFERp8l/S
-YgHz8wHRlA37Ph4a7cU78oLWK0wziElzAgMBAAGjfDB6MB8GA1UdIwQYMBaAFPts
-1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBT7CxX9unvmOEiZWhVgVVCXqjZs
-QzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
-EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAmZ8+7Hn2elBnvNREi2gDIa3P
-POFc8RHEq6ajCkhgeJoQRygSFdfenhTKGtfvet/3j6hBZRHEVI2e8x5yiyBN/ZKV
-SAdRCjXTg99nJJtkkqDhifkO5uUaxfcgj2LFt9DI7/b/jZzlNSD8BXqcifbjAf1s
-IIlWmY0HVZgwucYLmC8=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Bad CRL Signature EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=Bad CRL Signature CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBDUkwgU2ln
-bmF0dXJlIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYjELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTcwNQYDVQQDEy5J
-bnZhbGlkIEJhZCBDUkwgU2lnbmF0dXJlIEVFIENlcnRpZmljYXRlIFRlc3Q0MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQDbS7uYXT/RjXcp9qBIMFgzo5WJJA
-3/1rXCiA/BzowTDl87A4iGOmZ+LEkwpLarYI8mFzGmQAVIlJCn3KlTO4AuTWaMth
-VZPgVZ5gVxVHQbqdb2VZXHVJGYB/yn+PJrghL5uy+kv9qzocq/jUrEHcnvBTQ+iI
-8mutd/z8C/Qy9QIDAQABo2swaTAfBgNVHSMEGDAWgBT7CxX9unvmOEiZWhVgVVCX
-qjZsQzAdBgNVHQ4EFgQUK1L621YMk2XrXnaVZG9PC/61mSYwDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQA5
-Kis0tSW5S+c/zwTmKqh6DTRRISk2nn+KeQSUJdi6YXcuX3YIX/P4SxWNQ46dwKDl
-lNNDVR3u7fiwwYf9BxICorMqY2FhrdFOoGclO1mCpRuBMhmER7hWivrftdi7ekeE
-2aEHKWWnWwzU/qs6Z/6FK9waN4GviF8X+sqt/EHo+A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Bad CRL Signature CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:0B:15:FD:BA:7B:E6:38:48:99:5A:15:60:55:50:97:AA:36:6C:43
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        68:7d:ef:9b:2c:27:82:c2:3c:2f:16:6a:09:27:73:ac:90:da:
-        2e:66:07:a0:f4:c2:4e:4c:3a:52:02:f7:23:dc:52:f5:3e:2e:
-        94:29:22:b8:f4:f1:c7:44:85:5e:84:8a:6e:37:5c:84:16:5e:
-        70:b5:f5:13:81:8e:89:09:b6:48:0e:51:9c:15:94:21:f1:21:
-        e6:38:14:50:a4:c3:85:4c:84:e9:eb:f6:b7:6a:a4:cc:12:02:
-        a5:0f:42:af:9a:1c:d9:c0:4c:98:c3:1c:12:2e:f7:84:d8:fa:
-        24:4b:68:3c:20:c6:7c:60:78:d6:46:37:68:28:4f:81:c1:b7:
-        32:30
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBDUkwgU2lnbmF0dXJl
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBT7CxX9unvmOEiZWhVgVVCXqjZsQzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBofe+bLCeCwjwvFmoJJ3OskNouZgeg9MJOTDpSAvcj3FL1Pi6UKSK49PHH
-RIVehIpuN1yEFl5wtfUTgY6JCbZIDlGcFZQh8SHmOBRQpMOFTITp6/a3aqTMEgKl
-D0KvmhzZwEyYwxwSLveE2PokS2g8IMZ8YHjWRjdoKE+BwbcyMA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4EE.pem
new file mode 100644
index 0000000000..2ee07eb3f4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1A DE BE 1C 7E 70 F5 E1 0E BA 55 EB 2D 41 E2 4C 7D F6 6A 8F 
+    friendlyName: Invalid Bad CRL Signature Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Bad CRL Signature EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=Bad CRL Signature CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUQmFkIENS
+TCBTaWduYXR1cmUgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBn
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE3
+MDUGA1UEAxMuSW52YWxpZCBCYWQgQ1JMIFNpZ25hdHVyZSBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoh2hBRa2n/
+4/sUJnItoF7DlFyPUGn2CSBjfW61rFCpa0UFPhjN18/5HPV2AvDSyfeVsQbaOqBN
+mGcN+3ClEaDM0MxDR373PtXwfZlqxBeyufsFrgskpV77KB0dwTPJBkFDDf5K8Z+d
+kRv6wf8L3TVQkWCZmqtBGyYpb+ciqjqlON79M+mX5rGy+95P49jqzq3Ufe7/frQ3
+twWzfLyvT16+X3erXinXrkMBOJqKvH9n0AmeV7H244Ekak/kyYjn8cMKCHptmpyO
+XXB2dhDrSSkFClVE6Qyk/ynFBPo29lq1ZBM4WeKI961/Sku3DL8cE9LgNvzRx448
+wM8vF++T9EUCAwEAAaNrMGkwHwYDVR0jBBgwFoAUMYs1jZ5EYTAU3ucLLhQZSCTb
++b0wHQYDVR0OBBYEFDFtEQEQ4iF+FFSg1ZEs2O0msQvFMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBACXx
+1TSmGPZscKlY2e9Zuqp5LP8ehTiXLtWOErouEeF9tfobMh+hOGruSmdtJv7tmqz7
+ePchR3c+ROsT51qEpOW+y7Hjv8opoRaWJdMJZ4zVGiH6wlaj9Iy1rrxFMnbRM2ZN
++md4SDJnKmMzbUf1H05qAuiCDiDleVkPycyIOLWInwEX+5cW9SOaeoiBnO0GmkBe
+RJPNV9rrTNpcq8cDoQh08xaaoKRPtIlxR14XP25SNfljdbCVZQXIoKHEsQV+UV27
+RVKCSqzZAv9W1nXeZX7rH+8kEKvQR8y5fMYi7Hi9zk3tqH53A/8QGPKrCqRJaw/+
+UAQA3LZBkaU9hpO5JAU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A DE BE 1C 7E 70 F5 E1 0E BA 55 EB 2D 41 E2 4C 7D F6 6A 8F 
+    friendlyName: Invalid Bad CRL Signature Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6CD186847B6D8CF0
+
+e+e0uY4ANLFnP1kBMLdAz6JO7+Tq5FRSVOAEOGNG8Sx3QgbEpLfgJ/MkMC6n3Fw/
+AqnQFZh7Edi0RsFAr0GWyOzcyz3fpUfMS1WtRpIgC7E5Cx6MK4iOQN3yUinvtKnI
+9qV1nHMw+UlvBV7mfODEBHOum3M4wXtgWcjDXGE3VrDqwxeYTqb2z/gMMFSUDRGZ
+2ZFYveiiIT8B2nGAxtTKTeG0Yv4BzRhArKLSMD0zJl+x3QM3PH7a5WhKS+b69uzy
+PaCxjdRzYsNsVNjnIhVFdnXtFJ3njDL6Shn5yCJkNWdoJk3wnG4FUuhR5FKCCEtO
+2mLRGcVXj6fonOy5KZ79GN7kp6N0L6EtUhZiO7Gn2Xp34EjfoXyCoGRKQsVr6Xmk
+vyaR+Ui+81ro1xGRpMGRyyFzovXFWTMSIvq6RDC3ru555/OCQ0HisCSDfxu/xAIQ
+VhAENI1Fmj5TJuzS39nZsDfNX+G9mkv0W8V5YNR2mZSEeurGWFOYEqxPNXEdZgci
+pMkjN8vVIv12pDds9YYqpJuexjCFLaS8ZS3ZU/55KBNY/U+/q9MuhKO49sdtNBxq
+5ffXYc2ybnHKDTcN9bzLgbBuqYP3bfGtgn+BSK2nxX24PRckFjj9h7QqSXot05mX
+Z9WdQMRs0vAsnhhEZXOjMhxusLeJIOssnXY2EuXt79Z/Sc4BEE7KFWQ+ZTgZ7kv2
+l/vJWlYBLcUrlbcgWdu5DgLau45fgWFfx7Z7R+cg5cB6W0ZVlE89+c8FRTh4v1UR
+rfG/k0QMIzP1CNMuc4rngEjVLpWn53jXlNM1ljeQynOYQTBZuCiwyXCJs59ZU3v+
+AYr129U2ooPpe24N+Nvu6qHnQ9V+jeHgoU4nbOD9/akhy68xukVaeDIDgezVD7oa
+BIAOziVFo37SHFC6Fbi0/JNQCoByhRbpUnHiG5PRsBO5OEY3Ud3irlhuPFofg27y
+QJ5qnl+qdlGbH0iBZrGXwiE7ZUjpEPPxR3+IaLSvj7k0l7zxOtK4JoHAa4njxXNC
+VAKdjrekp+6lbfJwZjrAVVSU2wuTQ5UFbdZLugfyHgWH7qb6BFePytfM69eD73b5
+ZaU4lWcTFaa+IEdqAZZG+DJ79jcYiynBHdOVOcLnRt+hKlo/NGY7nP46hytuEefh
+0ppwNMkXXWxNGVzfUKiWoKBUNpkMyRcPveQKJhBQpbNt/soCTkh0csH7CieRXQj8
+7LQMKC15St07nncPVsXYtcD9fPMh0aU576SdoYTW9sb0kTThV9evEAdS/NFervwJ
+yqBa/a5kCxhpi78LrfljTkfL2/9weS80UNj/4ebC/Et8uuES1WeUyDE7ELFqMoHg
+NBfBnsyu82KRRxU8BpEqZ05CX7VrZHHL9hGPIp9+7isSFyjx2t4PUZmab93CwI5z
+Psj+z+IsR2ZLA25ttpi3bOcnqKJ91okUBVJCaiR533Ss3Ar+/tl+ZRESSDhh8vbP
+Wqgd6YpXVOADF3F4tdRwPhwTSUM4mJ/0JFVNINOkONfMai/hEbHZfPh9XMfctspF
+XWXsaBMejr6WBE8wUYQ9tI68cQld2Y6tr+LyBYy04fglExIn9GmPYWsfEMoUipC0
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7.pem
deleted file mode 100644
index a70e68731c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBFTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEtMCsGA1UEAxMkQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCfjlwgIWm+Taynv+38GP1Yf2hDPMT5pcsPYlRaeFeg7Tsr/GhTZQKB
-qfO7h8J6JjoKD1m1BTcrdiHbRBnn183kxyhljulJLu87gOUt6LlTGTBFeaUhNNxv
-wpzF5uQ7xQcChTE7GF4kxt/oyehJFi9TGtnjdjlSi3LXG/xfQn81GwIDAQABo3ww
-ejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUScn8
-twM8Z20KAJOp5NalHpIftREwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABV8
-zJCN9czUhadFLy10H1usL1xGEcB8SRR3Row0a+Zmj8T9Se71hTgW7LfXQj3bCDJV
-3AyAd+WA4N0y0+eSRWRGNAcMrOeqNp1/Ki6iGNYceZ41Goudsc34StO7symFfatg
-hTr8/7eU6NXu2o9cDREBOJujBK/Uy52E4rx/Faxk
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Basic Self-Issued CRL Signing Key EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMHIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczFHMEUGA1UEAxM+SW52YWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2ln
-bmluZyBLZXkgRUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBANehtRiWYBhPipRRR0tIxuV4U49+DofUBRVQP5JDT79DtTbKaVOR
-HWgSi30ZrKSm3WkblfZoncF9ZMN/ocoqxeUNXwBqp8/wJYbE6js5YwBGTsfi3UfP
-s14vC1mU4ssE+ogwozLkXRcJGuFtJwNTZcEf43OkjdjLWiIH5DVhj9ZXAgMBAAGj
-azBpMB8GA1UdIwQYMBaAFEnJ/LcDPGdtCgCTqeTWpR6SH7URMB0GA1UdDgQWBBTa
-6ZIK1lgoOotgyyB2SLZbDxCDHDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAA/4ne7fgjMJuty5+P1V3QiH
-TxmpO+boz9+NO3Wc2Nj23sToATQqIcc6W1G3yKbN7uQEXtHgtPcIz5diAIJ8JNQl
-INBUxGlFASTWHNfnNJDgN7lwn4VjSAE7HzEKIJ3+HVTXI6+mdiCl/IYL9q02KSGi
-djAHT73bFgK6ydVH8Cal
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIIDGTCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczEtMCsGA1UEAxMkQmFzaWMgU2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXGyrLR0BviK/81C9C/igI
-9zh+808dGICz2wS1Oh2CWCeYia4J/65Y7XBDRBW1TJbQLdrxt2289Lc/gc9+PW9j
-gwVpGRuYkFf+AwbMgLa1Ro5zqoIbD7WjTu7vgGdDvJmrSVLfSXavpeUBzp37Dsw6
-KzSHcBjPwGes7q3pjfhOMwIDAQABo4HyMIHvMB8GA1UdIwQYMBaAFEnJ/LcDPGdt
-CgCTqeTWpR6SH7URMB0GA1UdDgQWBBQPcsozQ6nEEVGrY9pEhw9hpPS+RzAOBgNV
-HQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGDBgNVHR8EfDB6
-MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJKoZIhvcNAQEFBQADgYEAjoyS
-h7zhrGkL40stundacKPqIEZ3HyWW0NQhD0wBhWslGAOvlCaf44kuTKggRY6r96sy
-4kWEjvfGu/r/dBgrFaCCGNv0ui5FfXu8WeZ4jvHg7wZbx5ATx5Jpumqbm0PcEYCr
-YnA6WBCstG0lohNV2ohM/wqRFmBB0WL1K+9IdfQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0F:72:CA:33:43:A9:C4:11:51:AB:63:DA:44:87:0F:61:A4:F4:BE:47
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        5c:cd:8f:a3:3d:9e:64:f7:64:73:9c:2c:39:e2:e7:d7:0e:b8:
-        1c:3e:9b:1d:14:dc:98:c2:8e:5a:1f:e5:47:31:fd:7e:a7:d5:
-        9f:52:31:c8:10:f7:d0:a2:84:3f:77:c7:f1:ba:7e:24:62:ad:
-        05:ae:1c:7b:ff:f0:e2:ce:55:f5:27:d3:cc:24:7f:c8:1d:a6:
-        b8:ce:42:05:e1:06:ec:1f:87:4c:d5:69:8d:78:59:d2:33:94:
-        1c:3b:27:68:80:3d:6f:3d:a6:c7:9f:2b:39:9f:d7:c3:83:eb:
-        77:bd:cc:7f:96:b3:ad:24:68:99:d1:1a:bf:05:1c:8c:3e:2a:
-        02:f8
------BEGIN X509 CRL-----
-MIIBdTCB3wIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYtSXNzdWVk
-IENSTCBTaWduaW5nIEtleSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjAiMCACAQMXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0j
-BBgwFoAUD3LKM0OpxBFRq2PaRIcPYaT0vkcwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAXM2Poz2eZPdkc5wsOeLn1w64HD6bHRTcmMKOWh/lRzH9fqfVn1Ix
-yBD30KKEP3fH8bp+JGKtBa4ce//w4s5V9SfTzCR/yB2muM5CBeEG7B+HTNVpjXhZ
-0jOUHDsnaIA9bz2mx58rOZ/Xw4Prd73Mf5azrSRomdEavwUcjD4qAvg=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:49:C9:FC:B7:03:3C:67:6D:0A:00:93:A9:E4:D6:A5:1E:92:1F:B5:11
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0x.v.t.r0p1.0...U....US1.0...U.
-..Test Certificates1E0C..U...<Self-Issued Cert DP for Basic Self-Issued CRL Signing Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2e:12:1f:54:36:68:73:b2:5c:f6:11:48:f1:d6:7a:bf:ce:1d:
-        d9:21:7a:96:29:44:bc:83:26:d8:8c:f5:11:36:9a:f1:23:78:
-        57:00:8b:13:c6:74:57:4d:3d:ba:ee:d4:ac:d4:40:b1:d0:80:
-        91:f1:06:81:91:ba:a4:f8:1e:c7:6b:d6:20:3c:92:26:23:94:
-        80:33:df:c7:3b:ac:fc:94:ea:e8:3d:d0:37:c1:d5:e9:ba:53:
-        83:9e:26:ed:da:fb:10:0a:6e:d8:cd:d7:20:42:2c:d6:7d:18:
-        32:6b:75:2a:3c:51:03:dd:4d:a1:80:e6:d8:95:6a:2c:b0:b6:
-        72:31
------BEGIN X509 CRL-----
-MIIB2zCCAUQCAQEwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMS0wKwYDVQQDEyRCYXNpYyBTZWxmLUlzc3Vl
-ZCBDUkwgU2lnbmluZyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqggbcwgbQwHwYDVR0jBBgwFoAUScn8twM8Z20KAJOp5NalHpIftREwCgYDVR0U
-BAMCAQEwgYQGA1UdHAEB/wR6MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0
-IERQIGZvciBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJ
-KoZIhvcNAQEFBQADgYEALhIfVDZoc7Jc9hFI8dZ6v84d2SF6lilEvIMm2Iz1ETaa
-8SN4VwCLE8Z0V009uu7UrNRAsdCAkfEGgZG6pPgex2vWIDySJiOUgDPfxzus/JTq
-6D3QN8HV6bpTg54m7dr7EApu2M3XIEIs1n0YMmt1KjxRA91NoYDm2JVqLLC2cjE=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.pem
new file mode 100644
index 0000000000..f5ae145d4c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E6 12 3F 89 00 F0 C6 9C 39 A2 C7 8F 9B 88 6B D5 E4 71 62 9F 
+    friendlyName: Invalid Basic Self-Issued CRL Signing Key Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Basic Self-Issued CRL Signing Key EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEtMCsGA1UEAxMkQmFzaWMg
+U2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMB4XDTEwMDEwMTA4MzAwMFoX
+DTMwMTIzMTA4MzAwMFowdzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2Vy
+dGlmaWNhdGVzIDIwMTExRzBFBgNVBAMTPkludmFsaWQgQmFzaWMgU2VsZi1Jc3N1
+ZWQgQ1JMIFNpZ25pbmcgS2V5IEVFIENlcnRpZmljYXRlIFRlc3Q3MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJ1Ncwjk9f7Jh7x49a+7BccpR9imE9kX
+WNxzQRvvBx/ps0H6O0u1zIdwap06h2+FtZTsrSUn86di4rh93ebVSvSdyvjRTZ8C
+9Wzp2bL+hkeKHLwDWu9EMXUGCudejQGRzcSdR3UBA8vyQcxzG0fNqaXVv6R9OLcW
+fOg4hZCB7eROyjQlGw5EbDQb1Mwn5b3uqTtW13lFLIcCcoW4RfhyW75japyyi9Oh
++tCN54yJsOOwjZ52PLbHTYr6/iRRKXkosL8BLS5B+B4WkIRXeFkwlq7wJRFfFiI7
+tyd9h5vHk7cwBl2ZiZCvxQ/Nlfi9wzXEFPto0LbD1feSoZ1BkWDmqwIDAQABo2sw
+aTAfBgNVHSMEGDAWgBQpmkUuNpWd7PJeVJwT1dn2RJEsEzAdBgNVHQ4EFgQUV4fq
+Vxkw9RXSdq1WA6DhF8IkJzcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEATKc5gYlWDtz8z6JjAO7O2AuY
+LB9lOLe6vRxZHjGME9s9lrupp3rM1lMEvDEcOkfo/36AR0ZWmdWbW0m94TUyu8wd
+MmF3aXQxxkJGHAdwgD8OzpzVQWYM966uD4awzXMLvzx3IqymLwiLK4veDIaNeOVU
++LTZO/CgO8jp9lbyhNs3PLU/jeeAXSpx2WCIwHVMzuetpicwWAab57FAov7p5MPo
+Est9Pk7dk9iXe5XvnnNyOavoCSbOP5XddVUR370ghSNXnoFsgzh40LWDe6HSrgXO
+ZyaArB/ECUADegv99A29DiKxDSmM0zM5NzTrmbQEpALzt57CfnsHt1T2C5ck2Q==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E6 12 3F 89 00 F0 C6 9C 39 A2 C7 8F 9B 88 6B D5 E4 71 62 9F 
+    friendlyName: Invalid Basic Self-Issued CRL Signing Key Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,276B857A89B89609
+
+ucRyf9n3BU/DKfv7RVXPVBnyhidmBvM5gIlW+KzmUFP/h6oGZaW8OaU7HC5frMZ2
+GTMBvXwAootFy2HHGOoiKawgo2Zq+Fs3O0amgrn4RTIFYwfn3Dlg1fU+JnCU+ST+
+ZlGtAjPQ8vfSeCRlxkz1SSA28R+8mKQymBFF6ZkLGBraZNVFmIxGPs9PFJewX2hD
+iC+UoIdLulYgwg1RrXRy5hVxKkvaYDBUIMlYOyqzUmkQRaJhC3pr+ngb5THJj6y5
+T78tVRhkuo70/WoB6fVXF2XTd3fujEN4ksW5S2LkgWs+9XfMsntP3jeVZouOyinP
+SHySjke0TCOdzcZYedAaLcHZUsnheevsvQa5pmNSuxJBYX10f5y5sehojgcvL/uy
+c928kBlyd3b3jTzbuirTV0/AO4081BT1733bQmIfArplPWngSex4ADIF8cgIPjT0
+A2WgBOaZWNIsP5KyNiokVc4hM7ulcyurI37E1mgHMlS0cUyv53dvZcrg6g+ScjMu
+rco2GhA1LlGKWofyTC8dWpikip8S00FR2JAggL/4LQMoPJioqLv3PywU43FJyK41
+OG7CZ3GEzXJgkx2h7bbJINjz/CvhC12CBGXejXJP0kU+1fp2Pr0LBYMYOUbj2tXA
+hfMpSWElN+XZaRRsIOaYxgVIMvTpsKHudr4o4Jo7+BgJZ3V6Po60z4QZCZi7TdOV
+FZVFM9yjCzFPRU5Xv09eSf9zTVM8AKXDJvMIQ+FcaErTsO4EpdB90/jCgsk4W9R/
+ZooWrSARU0DBd7V+OIRLt0FbSXC0BKm68zg5eqLG/skbWVvZzrU0ef9BNiOuAyck
+IKcex2M0Aw3TAvpj4ZKW6ADGfBANl4/IbNDn6kU+c/7NoGGIo9c5AqAlGFKSaHkq
+y7AJdC55HqR03Y9604mB48cHwcHhpqjw6L3TF4/nv/CTYeUGw3ng1er3bxDdLdZJ
+A2ephKjF1uYYWsjmXWmAxLs1zasXC5QCTRKOWr3J/UN7f2jtTYfux5hmnh+73aQ7
+3khln5kT0s7AoWt9ML69TivVT1rdZnPDxyIBUBfmplrnHZobdpDNpapwuJxzFyQn
+QrFd/flMDvMaoTczflg0+koN4iEmOhPQpzcIDC9DikHSbryf9zcVl044qdUADI88
+saczJwKYSSKdtCAF7oldisvekfhZcERLkXLi6WrNGzI1YX4Qf6MhWyOvTs9danxR
+ukGQ8WOmb/TfQftwa/r5v9L122qJVZLjPAOPO9lGgUa/DydPYiABjOKVIfbo8u28
+KFDoP/BSAZ6ibH/2XmIfEPyf9Hr0BXDWgFiV0IbuPxE/TD6SCH0dnu/MOZiHC2Gh
+Tq14PMr/8+kmZkw0btc9/3rOsm/Phmf5BaqpQzp+KjQim7XYx2VwbJUyEXoAPNBY
+Vq8WstHlvZWe87WeMlCfjAxzP14BqqC6tCUEHi47dVoOEmC6QR3VxESWBPV6VE6j
+1vP4d9TFkamwfxQHFSdbverYgfxnWw5DcJGDaOc/BKmucFi7RwO7PImw5mYnPdSF
+Z8pTqupvQEz2ZL6gYBAHptwykG16VqNYI+4t65ZmVk2HW7Tw0/1BIR5qefjXL8BR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8.pem
deleted file mode 100644
index 1865a68006..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBFTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEtMCsGA1UEAxMkQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCfjlwgIWm+Taynv+38GP1Yf2hDPMT5pcsPYlRaeFeg7Tsr/GhTZQKB
-qfO7h8J6JjoKD1m1BTcrdiHbRBnn183kxyhljulJLu87gOUt6LlTGTBFeaUhNNxv
-wpzF5uQ7xQcChTE7GF4kxt/oyehJFi9TGtnjdjlSi3LXG/xfQn81GwIDAQABo3ww
-ejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUScn8
-twM8Z20KAJOp5NalHpIftREwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABV8
-zJCN9czUhadFLy10H1usL1xGEcB8SRR3Row0a+Zmj8T9Se71hTgW7LfXQj3bCDJV
-3AyAd+WA4N0y0+eSRWRGNAcMrOeqNp1/Ki6iGNYceZ41Goudsc34StO7symFfatg
-hTr8/7eU6NXu2o9cDREBOJujBK/Uy52E4rx/Faxk
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Basic Self-Issued CRL Signing Key EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMHIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczFHMEUGA1UEAxM+SW52YWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2ln
-bmluZyBLZXkgRUUgQ2VydGlmaWNhdGUgVGVzdDgwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAKvhIgfCe7osai3K6RoZSmpIrNAB/YJ7ImOrOZihxenRuEczoaGn
-0dC3ajSeX3sg2RIomf4JTDpzcBM2swr8JOcChUwnFzOZ/Fz6Q6OREST65hRxXECk
-GbkjgRrFnTgv3/s/v9Ilt/GbdIcgBxJ1797Fr+rOEDkwld4TGgIAIOO/AgMBAAGj
-azBpMB8GA1UdIwQYMBaAFA9yyjNDqcQRUatj2kSHD2Gk9L5HMB0GA1UdDgQWBBRx
-0uz3/5i8F8pGl1n7xes8mS3ymzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBABvl4GhXI+6jjTcXaeraQVtN
-9WsB0kIXPXptGui6yVAMTsB6MhCgqlhY3xihDUJIIXRy1oV4efSfFO7UbRWOoN5T
-MikwqCAVoLnl3KAZZ4qXuwi6+OIUSXx0m8CfPRNAYdEAHCHJT+KFR8wtY4eAgyVw
-ZVhFDwnSxbqX6ThJ5wdN
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIIDGTCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczEtMCsGA1UEAxMkQmFzaWMgU2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXGyrLR0BviK/81C9C/igI
-9zh+808dGICz2wS1Oh2CWCeYia4J/65Y7XBDRBW1TJbQLdrxt2289Lc/gc9+PW9j
-gwVpGRuYkFf+AwbMgLa1Ro5zqoIbD7WjTu7vgGdDvJmrSVLfSXavpeUBzp37Dsw6
-KzSHcBjPwGes7q3pjfhOMwIDAQABo4HyMIHvMB8GA1UdIwQYMBaAFEnJ/LcDPGdt
-CgCTqeTWpR6SH7URMB0GA1UdDgQWBBQPcsozQ6nEEVGrY9pEhw9hpPS+RzAOBgNV
-HQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGDBgNVHR8EfDB6
-MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJKoZIhvcNAQEFBQADgYEAjoyS
-h7zhrGkL40stundacKPqIEZ3HyWW0NQhD0wBhWslGAOvlCaf44kuTKggRY6r96sy
-4kWEjvfGu/r/dBgrFaCCGNv0ui5FfXu8WeZ4jvHg7wZbx5ATx5Jpumqbm0PcEYCr
-YnA6WBCstG0lohNV2ohM/wqRFmBB0WL1K+9IdfQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0F:72:CA:33:43:A9:C4:11:51:AB:63:DA:44:87:0F:61:A4:F4:BE:47
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        5c:cd:8f:a3:3d:9e:64:f7:64:73:9c:2c:39:e2:e7:d7:0e:b8:
-        1c:3e:9b:1d:14:dc:98:c2:8e:5a:1f:e5:47:31:fd:7e:a7:d5:
-        9f:52:31:c8:10:f7:d0:a2:84:3f:77:c7:f1:ba:7e:24:62:ad:
-        05:ae:1c:7b:ff:f0:e2:ce:55:f5:27:d3:cc:24:7f:c8:1d:a6:
-        b8:ce:42:05:e1:06:ec:1f:87:4c:d5:69:8d:78:59:d2:33:94:
-        1c:3b:27:68:80:3d:6f:3d:a6:c7:9f:2b:39:9f:d7:c3:83:eb:
-        77:bd:cc:7f:96:b3:ad:24:68:99:d1:1a:bf:05:1c:8c:3e:2a:
-        02:f8
------BEGIN X509 CRL-----
-MIIBdTCB3wIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYtSXNzdWVk
-IENSTCBTaWduaW5nIEtleSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjAiMCACAQMXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0j
-BBgwFoAUD3LKM0OpxBFRq2PaRIcPYaT0vkcwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAXM2Poz2eZPdkc5wsOeLn1w64HD6bHRTcmMKOWh/lRzH9fqfVn1Ix
-yBD30KKEP3fH8bp+JGKtBa4ce//w4s5V9SfTzCR/yB2muM5CBeEG7B+HTNVpjXhZ
-0jOUHDsnaIA9bz2mx58rOZ/Xw4Prd73Mf5azrSRomdEavwUcjD4qAvg=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:49:C9:FC:B7:03:3C:67:6D:0A:00:93:A9:E4:D6:A5:1E:92:1F:B5:11
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0x.v.t.r0p1.0...U....US1.0...U.
-..Test Certificates1E0C..U...<Self-Issued Cert DP for Basic Self-Issued CRL Signing Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2e:12:1f:54:36:68:73:b2:5c:f6:11:48:f1:d6:7a:bf:ce:1d:
-        d9:21:7a:96:29:44:bc:83:26:d8:8c:f5:11:36:9a:f1:23:78:
-        57:00:8b:13:c6:74:57:4d:3d:ba:ee:d4:ac:d4:40:b1:d0:80:
-        91:f1:06:81:91:ba:a4:f8:1e:c7:6b:d6:20:3c:92:26:23:94:
-        80:33:df:c7:3b:ac:fc:94:ea:e8:3d:d0:37:c1:d5:e9:ba:53:
-        83:9e:26:ed:da:fb:10:0a:6e:d8:cd:d7:20:42:2c:d6:7d:18:
-        32:6b:75:2a:3c:51:03:dd:4d:a1:80:e6:d8:95:6a:2c:b0:b6:
-        72:31
------BEGIN X509 CRL-----
-MIIB2zCCAUQCAQEwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMS0wKwYDVQQDEyRCYXNpYyBTZWxmLUlzc3Vl
-ZCBDUkwgU2lnbmluZyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqggbcwgbQwHwYDVR0jBBgwFoAUScn8twM8Z20KAJOp5NalHpIftREwCgYDVR0U
-BAMCAQEwgYQGA1UdHAEB/wR6MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0
-IERQIGZvciBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJ
-KoZIhvcNAQEFBQADgYEALhIfVDZoc7Jc9hFI8dZ6v84d2SF6lilEvIMm2Iz1ETaa
-8SN4VwCLE8Z0V009uu7UrNRAsdCAkfEGgZG6pPgex2vWIDySJiOUgDPfxzus/JTq
-6D3QN8HV6bpTg54m7dr7EApu2M3XIEIs1n0YMmt1KjxRA91NoYDm2JVqLLC2cjE=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.pem
new file mode 100644
index 0000000000..f615bcf744
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F4 66 4F DE C2 E1 DB FC FB 51 0B 82 61 B3 31 5C 81 09 D3 DD 
+    friendlyName: Invalid Basic Self-Issued CRL Signing Key Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Basic Self-Issued CRL Signing Key EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEtMCsGA1UEAxMkQmFzaWMg
+U2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMB4XDTEwMDEwMTA4MzAwMFoX
+DTMwMTIzMTA4MzAwMFowdzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2Vy
+dGlmaWNhdGVzIDIwMTExRzBFBgNVBAMTPkludmFsaWQgQmFzaWMgU2VsZi1Jc3N1
+ZWQgQ1JMIFNpZ25pbmcgS2V5IEVFIENlcnRpZmljYXRlIFRlc3Q4MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAol4o/PaoUHfmfauJSNBudpqdHZMlL9Sy
+AWTgosb1N1sDIAswsQmo0kHLjxW1p1zcVljpQso+13cnjBtP+k6PGCmfQ7uAuRGb
+r4zljd0X5talJ+jaCcQrmoDDcl/aznqVQySJ1jLSuDKLqSEjvObatrLvyhrawMH6
+9oEuno612WHt2L0kxjDtrTqauVCkUDsbC40LK4Qc4UBponYRqgOedeFnGJSmt5WF
+SeLEELadfaxCSVeT+IEUFQ3HV6D3icKhRsS9YKneOnOUn7BvuTHFUEisz07Q7wJp
+3NatsukCsRMW0w7KJhzYh8QElm188tzJoScQR/ETIQw49tDBH1M1qwIDAQABo2sw
+aTAfBgNVHSMEGDAWgBQkwVVx+p7hIYUq8K1hpxW51U1DFzAdBgNVHQ4EFgQUaAjV
+TuVUjiYIJGsaF16hnMaOnu0wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAmAQkit0tiMpNN+36ZZKdZgJ4
+h4s5B/oh+1NS53RzqD2fSEcLuh2zaX5Lq4GJJ5q0KQTn4yhyLDZbXSGNnmR+T3vM
+b6cBIA173e2na7ZaYmNsdTLeSdX29QFxJvWGFeGrnpft1JW0uQStrRTaqu5WCCJF
+7tWCNs/Y4V6VmnjXKs54TophgffFFSizMHOq5eedZ0ZLDQCct36gPPHcF4MFdEDB
+kpatcioxP7NA+ANWxkkQ3bm469ivlolt6cM3qhVwaQdXgv1kPUNsgpe1rZi4n4pJ
+ldddkxuiu0SYBnxtAsutBl9tA0cfUrORcDyMOTJI51Ql1FKq4qVPHBCi/uDn/A==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F4 66 4F DE C2 E1 DB FC FB 51 0B 82 61 B3 31 5C 81 09 D3 DD 
+    friendlyName: Invalid Basic Self-Issued CRL Signing Key Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C9EEE21DB0A49417
+
+kjbZTeNlxh/qNwryOSveCeSjWhfJXP2/eMetmVAJ2roO5FIoy2WK8fqpsRu68rq2
+1UIwv3hl39NmfxIXzvX5s70HyzXzNLfm82ElvVKjrCzFS3b47pdcZQCczMYzz3ht
+2XDxqubJqaj8zIZxizdokvkg8656jRM78sr5vhxd59Wkp6VHwh/8Z1iYnx0RuRRd
+7K4GwkfbBqn4BMEvw5j40MSC//48hGDljNVwLNIcWPHybzGXHwjvwaynkqjYo9X4
+BuwlBZZdd4sPKUCaGmpz2gOTBOyPVuVJFKjCjZYAV333CQu0WBJu0r+BB96RJ7c4
+Hoby3fkmO/QlIYtCCWrHOCnulUTyP5HNWy7qN22Cs7XTaWFw0hAV3EmJ9xDdYyMp
+DoEoJAdu1npfDCw69qURfJqZdZWcRHV0IdEiW0lEDaXwarHO4465+rLQ6Cz+fXoq
+ThRxbMwqWC0xcaMvrzu4DmQ/0gaWxAOgBm6mhhcgVXEAs/gmytGwesTBWLFembLg
+DT8HEYuaP+JUzvblpPNqNsmDy7Awg8VFns6UmdN1/BPcjcN55Ex/S8HUi/6nrcTc
+EEEp36OKRG+MeYKLN6M5XKVFIyjpba/3uN4cftvcp93R4tPaopfOvZeVua5SVVch
+Q8pYrCwe6h6Cjo+SkYiIKsMZWN9azFaj5cHHDbqy8v9kXvVtnumAKJarb6l3ET9W
+R9IKboeoNWFxNdrJJ0nIwVW8bFdBGSNU3nRdunLcukvyNk9kKMNtKW31MmnDTPvX
+lyzE63H4U6HiXxYGF0Kkw9URCL42qkUumDgjQEOOCaVdA5/FfuhiPJH9m9cHVBO5
+ZivnvMw1SExTthqUgMZCWhRpTR+rvfnUi7OJ1bWcjcz7Ot0CkXrFkbqeOb4o1Zvf
+LKQxtD/rV+7A2hvjFvDvYG72txT7JSlpPmK3/70MVB21DVKQf1vLYeEV+Tc/9zPh
+UKezzpUhZVfn0EJXtxItuwT8ZR+LQdsZRTGFA1U/PjXDamBfmHFQCOkdFkAgnNLz
+ErRq13os5jChZ23citg5+cQnmlzgQXHMidyOylHqagohJ2ZVuo3hXna+dVD2yTTs
+UMPO4JJ6MLtsNbtFJ9wI8wpC9upnr0jIxVcPhzNi4uIi6B5qkQGcjSTFtqwHxll4
+n1WW4PKArth+v54FGI7BzROHzsU0rX2y8eZJSuWH/yLwFpj/osQtrdsYP0If+ZqN
+AHuf1LyFA+8XOGU1HAgxu5dVWdaqpIVib8BdkLBSMsvXtBY8vx16KIYyD5Wnrcds
+dj9fy1wgpBoalkOuDG4UXPf2tEZ58oM64fgho56z721RT5WKLqIMpvS7dclkzAs6
+IBCDrZwGWl5oEGmyqQAqBjSxrDUfzrwDS2y85ULfukqqw7rWdNH74jUvYsny1uq8
+FzGUbfLeDlyyGX0GIKilL5e1eNVoYgH66lYqDATpfwxWqV3Hx9eZviOUr4dYbI1J
+f8k3Y8x8Yz9ooAuWXJq0c46Zt5mOiSMpu457+fK6/AW1n313s15Dx6Lor8DgQLrv
+rR264AasTQDI2rZdYqrMRj2UTkE7sfpHK9kbGbnqInm/KWYUXKALuph4ZACiQj+T
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5.pem
deleted file mode 100644
index 51a795fa99..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBFDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgT2xkIEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-q8Gbt04t1VYDzow3lv3G+lNNQ/gCP0fz7/PBxNPzAwluA2Qzeix8gg74cXMpRe8u
-PosT3EZZ9iK1PyFmcNq+CjzCuvi8d+1gaGS36wkcQBB6g7HiKRQ8ERQ4cEE6CH21
-ntbFzVbn3d+NofzVo6e1AIdHDNPm7G0+F6f034Lo508CAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPqiarnu+k/Fcp11
-00t6bYzkXDkkMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBzQl++7X/MYd9h
-3E0XroNDuD8TflER0UTgWOwN5UO8BXz8j402hmhEPyw66u6R27V7U1/wf8wtCAli
-W7LnTcJKWFy9HKnpibiz50ike8zgsVmv1godVgDn/xvQPRAnWq+OX9Abc+6OTqiw
-aDNRQp2WD1ph+daLu1XQgeAoD4Gajw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Basic Self-Issued New With Old EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBvMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRDBC
-BgNVBAMTO0ludmFsaWQgQmFzaWMgU2VsZi1Jc3N1ZWQgTmV3IFdpdGggT2xkIEVF
-IENlcnRpZmljYXRlIFRlc3Q1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCT
-jnQuWQQfSAPHMxbQs5/JPin7talEYrAwqnyOVuFLu5omsqP9HAX7nkKxNRfOUlP6
-af7Ha9u8C+frLG5WwPmnf9XYIBaisUdEiga8saNMEGChSlZmaPoLD/LTNlCcwCEt
-HaHuhAAN62AgP9WMXsrfctRTccjIaQVsJnnTOCUAqwIDAQABo2swaTAfBgNVHSME
-GDAWgBT6omq57vpPxXKdddNLem2M5Fw5JDAdBgNVHQ4EFgQUUw9DlHqj5ferws7b
-XdljGKM4E7cwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATANBgkqhkiG9w0BAQUFAAOBgQAzzPXRKubQgAmne7+Rqggy+8Ezi3Q7+1cNjILV
-wVSnnVggqbd6C/cOV9P4aw1ljohm6fH5IXxfCpP1UqahccTT/m0482gfIxmCobF4
-MBi/cq6qlhQQIjBxGRkyysQIb911FCME2mVUlLQJbjkgpzl6oMu0M2Lt8m8ypgVf
-YqDhRA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIIDETCCAnqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBALQ4a61C9wpu5W0cACccONm+QLNESmbHtLwy498fByU6
-h5UnHkutUfy7DbIv3rELFXUd2yM5xQI/QuQZ20EjXOZiCSJEcvzfoAyFLrAPf1pN
-xQybX5HhLnJK+oGlwmD4ZatL7oDqV5IhlIS0So7g+SBOCh5lkKdzbH3l6D7nQXSD
-AgMBAAGjgfowgfcwHwYDVR0jBBgwFoAU+qJque76T8VynXXTS3ptjORcOSQwHQYD
-VR0OBBYEFBu6jCGHcwcFmPrrudlvQaRF1YbqMA4GA1UdDwEB/wQEAwIBBjAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDBy
-MHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAHDVnYLXKN//Mu1w
-BZS8DbfQ8p/DlXZ0n9EmdXRzoHXReDWeOaoiHU1H1HNJcLMe4YgEjsttTEBGfsZo
-OvyNNUZ7C/oQymaDykP9W/m1TX3ZVLmx96zj36gCkVPczoG78kQ5zVjoLl5G5BJQ
-4YX3NumsNd2WpHY34K21Cd/KJ5KJ
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:1B:BA:8C:21:87:73:07:05:98:FA:EB:B9:D9:6F:41:A4:45:D5:86:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        62:de:93:8c:36:dd:b2:71:56:bb:4e:e4:32:37:51:de:6e:19:
-        01:dd:3e:25:8c:d4:81:7e:fc:66:54:74:0d:32:30:d2:11:49:
-        dc:ad:6a:b4:fc:8f:ec:e6:56:fe:e6:ec:53:9e:41:66:31:2c:
-        ee:3a:be:bd:74:34:9b:71:c1:67:1d:3b:28:04:b9:85:e5:72:
-        cd:f0:2b:a7:d9:d5:e3:43:25:4a:52:2e:79:24:52:cf:75:e1:
-        3c:35:82:d1:5d:1e:f6:05:8b:45:24:67:ed:84:9f:c7:8d:c0:
-        19:55:5e:52:76:3e:2f:f4:af:13:ae:d8:24:a3:17:68:5d:b5:
-        45:74
------BEGIN X509 CRL-----
-MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk
-IE9sZCBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEE
-Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFBu6
-jCGHcwcFmPrrudlvQaRF1YbqMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AGLek4w23bJxVrtO5DI3Ud5uGQHdPiWM1IF+/GZUdA0yMNIRSdytarT8j+zmVv7m
-7FOeQWYxLO46vr10NJtxwWcdOygEuYXlcs3wK6fZ1eNDJUpSLnkkUs914Tw1gtFd
-HvYFi0UkZ+2En8eNwBlVXlJ2Pi/0rxOu2CSjF2hdtUV0
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FA:A2:6A:B9:EE:FA:4F:C5:72:9D:75:D3:4B:7A:6D:8C:E4:5C:39:24
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0p.n.l.j0h1.0...U....US1.0...U.
-..Test Certificates1=0;..U...4Self-Issued Cert DP for Basic Self-Issued Old Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:6b:ec:1f:5b:3d:31:1c:fe:c6:40:ca:e3:c5:52:30:a0:9a:
-        55:ee:f8:c3:bd:cd:b1:45:d0:7f:44:f6:42:1c:0f:b9:df:8f:
-        4d:25:0b:ba:5b:bd:0c:68:c2:ce:b0:c4:17:e7:be:81:de:73:
-        55:5c:6b:d6:3d:e5:e2:18:31:d7:5f:6e:1d:4b:0b:31:cd:44:
-        fe:29:d5:27:77:f5:83:bc:ee:3f:46:31:d5:66:5a:a1:9b:1f:
-        16:d0:8c:ef:ae:bb:36:75:a4:b3:62:be:16:cd:de:b8:90:bd:
-        5f:26:1f:a7:d8:1e:59:ce:27:af:ee:ab:de:9d:1d:66:ef:9e:
-        49:cb
------BEGIN X509 CRL-----
-MIIByjCCATMCAQEwDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3Vl
-ZCBPbGQgS2V5IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIGuMIGr
-MB8GA1UdIwQYMBaAFPqiarnu+k/Fcp1100t6bYzkXDkkMAoGA1UdFAQDAgEBMHwG
-A1UdHAEB/wRyMHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBC
-YXNpYyBTZWxmLUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAIxr
-7B9bPTEc/sZAyuPFUjCgmlXu+MO9zbFF0H9E9kIcD7nfj00lC7pbvQxows6wxBfn
-voHec1Vca9Y95eIYMddfbh1LCzHNRP4p1Sd39YO87j9GMdVmWqGbHxbQjO+uuzZ1
-pLNivhbN3riQvV8mH6fYHlnOJ6/uq96dHWbvnknL
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5EE.pem
new file mode 100644
index 0000000000..b517fee0c2
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E0 6A 28 AF FC A8 53 FD 75 C8 02 E3 3A 5D BD AE F4 8C EA 46 
+    friendlyName: Invalid Basic Self-Issued New With Old Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Basic Self-Issued New With Old EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBBDANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgT2xkIEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUQwQgYDVQQDEztJbnZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBX
+aXRoIE9sZCBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAKdBgafx2op0ilCfXFnMomtQos2eWUOojL0pa0weh+1coc/s
+JP0Bi4a/lqr4zKPuomUMUG9rjaA+PW85qbCBh3I7MliOmaEfIrbjrBjXv5xOv7PL
+IJSUAYCfCsvLtm2djtMOxfSiOFCqCcP0wBUI7lKRAvFvodF+cNs6h8Uyb7Q29DgS
+W9Qz6oAXIXLCkLGbIE1aPqwja7bznjJOd7YcpH7muDaVIripW2INqJViDvHDPXnA
+29KTjY4i5sre9W/k9iudexcHircRRdLDCeSjccmhR0ogzZEeVctQ32icG2+Yl4ak
+PgqCrMwCVOXomDyVYakR9eo9vLC39EUNssATgtECAwEAAaNrMGkwHwYDVR0jBBgw
+FoAU3Q11jVNoEsTLFUDAFIYUFjChvq8wHQYDVR0OBBYEFLQGHiravKZOSLcCXHIN
+6rlg79jcMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DQYJKoZIhvcNAQELBQADggEBAHlrlGfh2haGDB2u/qW9ngyAyYIMXbEOf9548qyp
+yNLIu5SKP4oMnhJoMQ4sG2rxAtABo9UjGv+yOLAGOZQlP8n1dPc3n09i5QFroAnQ
+mV2SwHnalmq2IIxhsvs1TcLDLwIV3bOikZq4U8rFdly/Qh9j3VcJvmJdBhP+0roW
+XDyLIfqQdAeTtxszKdDSTatd2uKyGh/Sef2Z6A2T2s7Yn8txRWHPIj0QeTaE49r9
+TQVjJZ3lLD4O2f0qXFbvYWy2x19LizWWkNR+79Xivfo1lSxp2D32gwd0HFvpqVHp
+RyA9g3kOvZuzTe3J5n50iTH4fxWotF1tNnmuwZFHC1qs+q8=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E0 6A 28 AF FC A8 53 FD 75 C8 02 E3 3A 5D BD AE F4 8C EA 46 
+    friendlyName: Invalid Basic Self-Issued New With Old Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C00A44F6FBA277D7
+
+OWjEf2A/4WUr/ODkDuwfwtuhFPz1X11cB7hYcaiY54tjOo8QdWjFHI77buK+Q46m
+fL7Mq/GE3KINNNIxCMNN9HLMBNG+g2724TCsJZq+misTQiVx1FWk+rtKs5W/HIrD
+PfJ8youcyd9Ngw1BWDZ6QWuBcsu/MmCBZxA/vUyplhOac4MZH6Gorkb3yBZiWrCj
+xbq02XsImhif45rOjtJ4yHVJEpBLSasjbO+lMB4sQ1ihHU7pZIWrd5epVKSLXkRU
+355xjT2Nsw9UY5KSN258FgEHzQq7G/sUGXw8vp7S2rT/P/3iJr+Q72AZKsKT9yBG
+OGNBEfGy/CsptoKU1sOlbpVZml8vV30pM1SMPAvyqau4Chj3K2Sj+DT0CcRgqAjC
+JW3NHqZpTR0A4I77unNOfT0LWwCAAQNxcC+RjjN7ZHL8F1PzIB/9JzCey8sXYgHf
+X97E8lAH905xdfhyBg+R5CsLRL62KCdebu5wJj8993jNCIQKuHlLqnUXdOFS0s/C
+KjHYgL3aMDIf36QxCk0Fsmdqhxp7DdRihw0Kv00IhrRZHKW+7bMrR1I+9kh3L6sB
+zrjWGNXFbIkB6/ZuW4t4l3mc6pOLfFS0yuRxfZbEVCKO9bjoASTfImELoeeHj7qA
+n50NFidOD9AKn220BrDgnH/9vuDp8bRrEQTLNpncVyp2gv47REosIDfn+0AdxcrD
+JUB8gzN1lvqQl5Sns17zTl/74kkxW0B020ih7acF0d38DnDkiVGUrZd3OcabpKxd
+axZ1WxY9ZhNxr7+Nz774twnL4NRX9RVy9Ofw9XQMqA4yl3nYrl/tD3PE4DvDivSg
+o/HpfldrBnYVfS1Ts7HdhidXqm5EW0sFYNXysOnDHiqM7YSaya2xFPI+37jhMOlL
+Nn3WrKEfPUXlBhkEVNNPC+1ANpLoGgf6hEwHbjho/znOzPWAlWITqtaiZoL82gZD
+zGox5aBSOfdkRX+tFSn+wOD4QkH0YUr7jUtLROIAPUUCs+OWCwdwc05fTmaz9vi3
+r3WeU329HUtl/NUOgxidZSMDw9+HHKLzRfRASEmK7qvy/FEL7zC2mAiThv+90Tct
+37KnfMifUcsRyORjontpmmor5Y5agaE2h3CnPQpxKKs7SyrUGAhpHJ7zzd+Q1HXY
+Ya7JGduB7T83EJv2mRpNQxJ5kXcIk3RBEhwVUjVVtqK+FP+/ZZL14VaNbxgps2j4
+LakQAZG2WOi/wv46fVrS63seYG8yu1/c2D21jfRT6kK8+Qs6V/zaXbuDxhd7TsMy
+T/khtdChhr1kt8Rz7XNbc2H4DREeKTqwhpVFG+o73ySfALgO0ECVMBS8POhytBqf
+URP5GUQwGDqDwBKvS7JotpJSkrCApAesduv/7Vq5I/+7B2HUiYt5RLVUYL4tgYdo
+gtPKrerlGu+zXJ672z2kmKg5LVWd2zsw96efGgFop5s129BpCzY+d5axCP0Y/oCj
+Jpas8ODtvadh611R2YqNOcgKcTH7lhTEOGc9IzKI0rf2pFL1eUvDOwe8Edwldn0M
+EgZAf9jZm8yVb+AdTBfhiusnDtftQge5PXiJQFnpujVe8LNy4SWPJjBxhbidx54/
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2.pem
deleted file mode 100644
index e0924953b8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2.pem
+++ /dev/null
@@ -1,134 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBEzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgTmV3IEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-tCkygqcMEOy3i8p6ZV3685us1lOugSU4pUMRJNRH/lV2ykesk+JRcQy1s7WS12j9
-GCnSJ919/TgeKLmV3ps1fC1B8HziC0mzBAr+7f5LkJqSf0kS0kfpyLOoO8VSJCip
-/8uENkSkpvX+Lak96OKzhtyvi4KpUdQKfwpg6xUqakECAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFK+5+R3CRRjMuCHi
-p0e8Sb0ZtXgoMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCuRBfDy2gSPp2k
-ZR7OAvt+xDx4toJ9ImImUvJ94AOLd6Uxsi2dvQT5HLrIBrTYsSfQj1pA50XY2F7k
-3eM/+JhYCcyZD9XtAslpOkjwACPJnODFAY8PWC00CcOxGb6q+S/VkrCwvlBeMjev
-IH4bHvAymWsZndBZhcG8gBmDrZMwhQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE5ldyBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBLZXkgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBANa7RRhusOV0Ub10qBKMsUMG7QViaonYz0IcJLX0FKEI
-EpTq0SV6NeVjjzmcrSrzjHQfJpkywOHRiMw7XvYunmzlwGSoD6TW1ZUYVDaQbKUT
-oWooVoCzVstf6AsZiJiHQtBt4x4OHap7QRcJdlh7aPhp6TR+zq8gB1HsG8yUlG0x
-AgMBAAGjfDB6MB8GA1UdIwQYMBaAFK+5+R3CRRjMuCHip0e8Sb0ZtXgoMB0GA1Ud
-DgQWBBTJW9PRvwbxAcF5XLtzDY1MRsst2TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF
-BQADgYEAhIZ09WrNK3jX+b8HugQygNCBEVVfX7TOCCFkmRaxp4R/QBHWvcts0YQT
-6M5ZC6b877id6zRYegHadKekVVqwFbLKEO0MnpD2yGhGgDpbil2HlEaQ9yKQXpGF
-CBx05/e7jkNhk/zGDsBqmNzkozrJOYBohkwUOjVFkAuLyovPhTY=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Basic Self-Issued Old With New EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE5ldyBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBvMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRDBC
-BgNVBAMTO0ludmFsaWQgQmFzaWMgU2VsZi1Jc3N1ZWQgT2xkIFdpdGggTmV3IEVF
-IENlcnRpZmljYXRlIFRlc3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv
-b2Xj8btEB2QsPM7mVVrsnON6Aw/LdDQc2nszxDNBn133XQWeVkHORkod3p9DEg4i
-TEdCG+rweF78vMSAhWAucXcFC59NAjUgxMiaIneUK2lKDW3afmmLHzV3nHjlNkj2
-DN/BvUmo3Pp2lhrmdTY1WFfvQdueeiZKbCB5dor8+QIDAQABo2swaTAfBgNVHSME
-GDAWgBTJW9PRvwbxAcF5XLtzDY1MRsst2TAdBgNVHQ4EFgQUJuUNG88pizoZguKT
-iPPiMZLmggYwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATANBgkqhkiG9w0BAQUFAAOBgQDGIVBl9ctXIMIN1Zy2QYgGnP8POYBiHPRkHZwT
-IGhox7QsinsIS/Lc83H8Y4OeUaJWrGGL2HkSTR/eQgSFGwf2u297IhHOwtutllNJ
-MvzlnvuG6uNAfRCuJftf8hSU3ouJoVVCi9CuCg1IhW6Eg61/oFIqZW33Jr6EvI8R
-WDDSrQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AF:B9:F9:1D:C2:45:18:CC:B8:21:E2:A7:47:BC:49:BD:19:B5:78:28
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        73:fe:c5:db:86:ee:6b:0e:f8:68:85:d2:0d:c1:44:01:d1:33:
-        5d:9a:42:14:a7:a9:20:bd:38:30:c1:f1:3e:c1:b8:d9:4c:ba:
-        fd:3d:7c:a9:66:5f:94:fa:46:e8:23:94:4e:8d:09:1c:45:6b:
-        21:ce:b5:cf:3f:e6:18:33:d0:ac:a6:ea:c5:f9:32:6e:75:31:
-        79:6b:1a:8e:50:05:86:89:f9:f3:e9:8f:67:e7:93:b7:d3:05:
-        b0:9f:2c:97:9c:b7:7e:01:7e:c6:5e:f8:72:4d:11:6b:9d:30:
-        f2:69:df:68:5d:aa:a0:84:f1:07:68:15:fd:93:f6:14:a1:f9:
-        90:ce
------BEGIN X509 CRL-----
-MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk
-IE5ldyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgED
-Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFK+5
-+R3CRRjMuCHip0e8Sb0ZtXgoMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AHP+xduG7msO+GiF0g3BRAHRM12aQhSnqSC9ODDB8T7BuNlMuv09fKlmX5T6Rugj
-lE6NCRxFayHOtc8/5hgz0Kym6sX5Mm51MXlrGo5QBYaJ+fPpj2fnk7fTBbCfLJec
-t34BfsZe+HJNEWudMPJp32hdqqCE8QdoFf2T9hSh+ZDO
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2EE.pem
new file mode 100644
index 0000000000..add056fc3c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 93 4A 83 29 A5 7E 8E 01 5A 7D 6E 64 BB BC 80 08 D1 AD EC 46 
+    friendlyName: Invalid Basic Self-Issued Old With New Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Basic Self-Issued Old With New EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued New Key CA
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBAzANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgTmV3IEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUQwQgYDVQQDEztJbnZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBX
+aXRoIE5ldyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAONFtaBbEeY/tf224reAYPfWB1koSJrZRslSjHqNiok5MQ1J
+d8kfXe8BJafeKWnWfmwg4aoVR82DdeUlRjZwiypHduV85fP4Vt/BYAmlM3xZB9bX
+Pz0H4Frzk7//+RXs5TOhdpgVoCD6GmVvx/leAjdcPXbFoM+QmDa7ZZ9ef6Cdy71d
+4Wed7Ps/2NlGda2fBbVAeVE1RVNAeEEzu/6y431aoCaIZgNRMKqu6AhieUV9Ivzr
+Z4pdThxoR+nLSATSD2/hT+OENQuU58KeluxHOSSrNdcikbLU2dg7ZEeAh0lt8kJr
+IVmHxiXAB4ijXHjsExkbOrXtztcaZR89K/cko1kCAwEAAaNrMGkwHwYDVR0jBBgw
+FoAUdnzYZAQ0CU/fcSF0DwwWmzaogtcwHQYDVR0OBBYEFGCc3XbGoH8/97MyHZJe
+FFeD8q91MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DQYJKoZIhvcNAQELBQADggEBADwA+jd4g5vKoR+8C1UXnL8eCHaiO3TNCL58JLqe
+BAErAUSEzOtdZ7g4eefuWwOGiLy0gP8CmnZ8F0g9urAVT18h8VmbnT+h9sfUI/6V
+bcTourPNHdB3YzcwC9rX/wx3DK14NNIMPMM8vwLaroGNYvVZjyTWkIQGmDlZqC32
+ibV4zFYTaw+MuqcqmKC2IrUXQoNLE/aQzEKZk4rSs6o0l/0ikDrsQUgvJMf1DBVV
+cae81wsyvqyg+mbm+lBXnE8D3lfuQHZisx9zxCMmk/VHCtHG8FBZtyvuobSpfMKq
+uUwnwRtDO35UgLdA5/SGtuSvGrMUyjUTH/PK+VySElBtA14=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 93 4A 83 29 A5 7E 8E 01 5A 7D 6E 64 BB BC 80 08 D1 AD EC 46 
+    friendlyName: Invalid Basic Self-Issued Old With New Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2767B788F932E013
+
+xnFbMzgh5RkhuVCWZqr0bLQ7assqqQTViX9rNT41QM6gCGKywyGn14fB6i6fSRe6
+xeRXske/LUmJO8Vi8hcCANGj6Bb3WUBqxfGO2LX2q+pBvqh9qztx51/7uF0x7A/p
+w/1M4eIVltBJl3gpDzc78ISRUIb6KRAQswcNSOhvavlE+e3VbJ3iFP5c5hLvTBC6
+ogT8GcjpvQIMWHyDIZIXJuZyMojWhuddQxGplB4korkB4cSRcM0uleTSkyVFyjgA
+n/wm0k5juurwdhXP89Gp0TtiC3eL4+b7ygwFZpND81eFptXzwNCE1cLZX38ubFcU
+jY0cqufvpvCcU2afW01OtFObc+3RXPAjSz3anaX6Hu4etKZAjGw9fiqRcqdNTYE7
+GEzWqfCIAG/7mE/lcNT9HVJtolLQhjcl+LoYrWc5IWSuoJauZ7gs6/ENM6PPeU+h
+nktNe+J8flQLiPufJDdsbICYIBYyA+rBJWRyHAxb7WBrNFuFfrkLEKRAj39YlbzP
+ryQ92uXCLGWcp/d6uKYNuegjw12mxnP3yb+6ngUYQkoeZNXLRAEyWb5nO/iZQiNO
+RwDyFBmmJTFnO+dSoKE1Mf4EyppwrHoi/dITvqu55bOohIHQ4+XaX2we+G5CQzb/
+QiTreQudv57y1tH9alx9Hw6WdW225TpDDCNG/PI8OpQZLpK6duUoEN8I1tG8kTq7
+kJwOS9x8QymT0gIUQ5zOCH0SWHodM3+JdukocKds+J6St0YmCIjFpKNeMAEpg7VX
+oVjEWCEOHaDuViRerXiEkPzZGh0/BLqjiBeyTogXfjvN31hZAyxmDxst1MlwhiAz
+H8KIDqPZmDSxUHAYouulA0grrpA77OJFGXgINXxi5OtkEywe/6fmy0gWg+U/o9nK
+ctkURuXfJej398hjRI7Z2/gN5vM5GeDPMJBIp8sQrbZqueXXuyyXSbBV9X7I05WS
+m09jBpflDoRZANx5CLz3o+EXA1pb3carkCipakcHVunCCjT6RZv043leZVymREd0
+WmHngxm+gDreNJPzcxWpbj3lRsrq9lzZZHQRYosyga1fLOK9966G9AwJnClaI5EV
+Gp/fMMkBQS5n6s4k9uwX3m95PLkypG2gK7vyXmsdQGMx8RSeJT4gx/l3zoOibn61
+EONf9A7geaApsEDDoxS9i1m2N7dUbv73E0IUT4W5qSBidNCj+PniWB2ostRiH80d
+6r0GkvboaAMxfKTYatdo2ZURmFC0P1JNmM9tCuhhxBkQ3RGgnqgUcKE8vFV/S0Aw
+nBqatpC+r1KpmoMG7AzunAeA7nZJXkBbq8lGEcArKiEvxo4brDM+OnxE3o3Kn8/W
+mmpOwuaUTfNbGgAvwLYf18ltCqXHRwqm74T/o1pl9Ax8UoHVR2n3rn6ivs7idtDQ
+d4aEfaLer3trPOZ2Ljesend2A7P6mqvEAnF5bSebx+VE8HgxrEpnPUBKmx7DtIVO
+PGTedGW+Y8MOLBhtKQEcM4240pBCDSda9E3LkB7kAtGiwf9ncvRKlxRSwj5uhKSt
+QX5nyHBLdRv/woaLUhTJrPQu7WbIlHYBgjCDGvHmi5TCR3fXZqJqkg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2.pem
deleted file mode 100644
index 520f583902..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid CA Signature Test2
-issuer=/C=US/O=Test Certificates/CN=Bad Signed CA
------BEGIN CERTIFICATE-----
-MIICcDCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDUJhZCBTaWduZWQg
-Q0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGkludmFsaWQg
-Q0EgU2lnbmF0dXJlIFRlc3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw
-QAB1tOhQDQfPXGHNyIA/wyXWG+GAx10kyG++1vTg81Le2VcCJjiZqVFLmLfBA9n1
-cD4b9zSs2MrdUpnwVRWbHmeVYLW558PktB5UwAoEPQuV73PuRiN3GQQULGgh2AlF
-k8PciufvFGkmYEco5d8AEM9Gv3QIgOKEraQME0I/NQIDAQABo2swaTAfBgNVHSME
-GDAWgBRCG2+XCyN5H8EIV546pgqckIgf2DAdBgNVHQ4EFgQUfIdcwY2/jxziMCvk
-H33rpDMUuV4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATANBgkqhkiG9w0BAQUFAAOBgQBgBJI+iPa3EWEHQqZr88JOAiU+tMO54vqLZ56J
-visDO48tZuOHCSkrqHvBzsabiTuHjDvcHtivavtV43IyHAnyrajntNrs4lPBJlr3
-XvTn5qVlsmuNGJqUrbxiyeNH/y1OB1Embx/RaoSOy0ffruRpL5PXyFvhn9z30I8f
-2zkCOA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Bad Signed CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICczCCAdygAwIBAgIBAzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEExCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEWMBQGA1UEAxMNQmFkIFNpZ25l
-ZCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA16COIB4MAs+kpSoCuSHv
-grtYTFABazGQDi3rvkQzAbL4QlKE64PAaeN4S3E9A1wg7uWYiru7ZM2D4k6grNKR
-3QGx9APutE7yZHZt8Wd2upDOP62BTYHPrP7hWBSDWBmOKi367A3eviObljIH6BeF
-EY6XcgDZg3o5AisPFzKK/pECAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6
-ng2wPOqavIf/SeowHQYDVR0OBBYEFEIbb5cLI3kfwQhXnjqmCpyQiB/YMA4GA1Ud
-DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
-AwEB/zANBgkqhkiG9w0BAQUFAAOBgQASa6C+NTUfhhObLuxx8/8DFxAuEv5l+BQV
-S7NV/MAZBPHBSw89ffEPEfbxBTcBYRI+UP59a/zHrzscTSqri7WoTEy/8tKIegHd
-QDjTSXNL6oYGiQXDJY/r2kQB2mArrcL+KzKkC++gNgrdoJlpk6+4lfaBLiETQNtD
-RBJVYzR5MA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Bad Signed CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:42:1B:6F:97:0B:23:79:1F:C1:08:57:9E:3A:A6:0A:9C:90:88:1F:D8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        11:91:7d:19:a5:03:4e:a7:f1:1f:18:62:94:fa:97:a0:46:41:
-        96:31:95:19:49:79:a9:e5:f1:84:aa:c8:dc:c8:7f:92:07:e4:
-        fc:66:96:9b:2e:8e:73:aa:ad:70:11:19:fd:8e:be:f2:74:3f:
-        79:02:5a:e6:2a:67:b4:46:d7:1d:8a:de:c8:d0:b7:cc:f6:85:
-        db:90:a6:46:9c:ad:23:09:47:aa:f0:44:45:63:f5:40:dd:fc:
-        75:bf:4b:85:2f:fa:74:09:f8:19:8f:29:97:92:ae:34:5c:6e:
-        6b:6b:40:74:51:58:26:df:95:b7:72:13:3d:b1:76:9a:0a:43:
-        37:31
------BEGIN X509 CRL-----
-MIIBOjCBpAIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDUJhZCBTaWduZWQgQ0EXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFEIbb5cL
-I3kfwQhXnjqmCpyQiB/YMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBABGR
-fRmlA06n8R8YYpT6l6BGQZYxlRlJeanl8YSqyNzIf5IH5PxmlpsujnOqrXARGf2O
-vvJ0P3kCWuYqZ7RG1x2K3sjQt8z2hduQpkacrSMJR6rwREVj9UDd/HW/S4Uv+nQJ
-+BmPKZeSrjRcbmtrQHRRWCbflbdyEz2xdpoKQzcx
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2EE.pem
new file mode 100644
index 0000000000..6bb7e343f8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 1D C0 51 02 E4 A0 E0 B0 BF 9D 2A F0 E7 6B 23 E0 39 16 90 FC 
+    friendlyName: Invalid CA Signature Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid CA Signature Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Bad Signed CA
+-----BEGIN CERTIFICATE-----
+MIIDfzCCAmegAwIBAgIBATANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEWMBQGA1UEAxMNQmFkIFNp
+Z25lZCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMFMxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSMwIQYDVQQD
+ExpJbnZhbGlkIENBIFNpZ25hdHVyZSBUZXN0MjCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJpto6V//mi4jC6Q4e/y1J79mi//TInYf0KaP3Aw5rsaMhC8
+IJbEAdkIhfj6Skvg6uPj6gJB0zsmN9Tf8NVArEfcRwjAq7IvvDtVrDz6I5Ie0bFD
+8MGkcdP0otJIpbTTHAcefxoqQQeTCt39X9viZokrLeBHWnB4L6zE4d05f/7Wh8ca
+KlDiKjRQl8aIqj8wPsu4MlVC4jnSYTQ6wEd6cA3gJRygcUWkaLaVleaV+PYyUqD7
+8X7p3+i16q1DzgtL9yXUP1b0rt48UWqfGBiIkTNUB0zN9heA7GyI/ilo1Ga8THpN
+pha2SLqNB1rMWl3T9fRTsu0HGKRHZobhzGi7zJsCAwEAAaNrMGkwHwYDVR0jBBgw
+FoAUe90QO0rgyN1EhU6IPFqLzZkik68wHQYDVR0OBBYEFK0h9T1WA6JYJDOopjeq
+QZiYko4FMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DQYJKoZIhvcNAQELBQADggEBAJKcaDXNDhjePhSydqe+QrUBUS0YNqamRezwkiQ/
+NoKO8CMTNvta/bbq/tIYarPtac6n4d0rTuHURuCSC1l6VsruAWsNgn6Ja+G3nqeV
+MP8WM5XYIToIPHy8OMzCXfu04IV2dAuaX4igWL3hn0PXrh7JnrTwfnK5ytSbzxbh
+IWcFLpSqxL0XzEAfJz24325SbAyXqvwx+McF5UU34JHgEUQcvTUTXjr2Xp1i5moV
+68a0CjqYABdZ2pDpHAWoFzvVrcv7o93Y+/DbR+5dVpuN2184q7cJcoez/c7aSp8W
+A7R6Ggi+lJEic2RkktRRZTjh0oMM0ndj5c9Ya7CGfEN3gEY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1D C0 51 02 E4 A0 E0 B0 BF 9D 2A F0 E7 6B 23 E0 39 16 90 FC 
+    friendlyName: Invalid CA Signature Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AB5FA72411EBEACC
+
+W5xxITU6f1vDKkdkfxFdGDxGjjQPgqDQzeqA7LqNAtn8uc814vH8D5HzzMTau2HX
+M/NMlo21ewfEUKlm7VFKu1GLnTKS1gOJ2KQTg6/IUTx+OPPN5AnwFZsnsJ2z1RqA
+M3VZQPEofeODlNBTxujCQr2TR+F2pQd/uZCuiiLtY/I4YjYMu9ueyycgyhh9Xu4r
+UKqaQD/JYtSkW+pQelS+pK1FoHn+5wOUXEO+02cAn+n9L8/1ztSZalEZcpmEZ60O
+tXNhIaPtAVlMKRh9LP2kD35deL6I7VDEeqLrz+4L150w9mCNFEYeiHrr9EszeGf0
+KAvej45ALQqZhVTPhP8ySZvUy0C7bVk+eY3XWZ9BIevmIhoruZNGFapoSSyDbp0j
+FBXptGYFi2FUKQClSUAg6YEoHV8Sh/r4vWJBdhWbaiGSl2umak4kTE15tUdv6QuJ
+qWcEQwgAEGhfjm+fCJ6Pf2KA6R1Ywe8TulmCtIjEPk6+jTQ4AXEqfw0gIvQ7STYj
+9kwTeYvtYODk7QHYBUEH30IQKTj/KhDq2Ld8/2V2GDPsj6zTzEM8PW6UHZj1Ngj6
+14qFEc21iDRKhAiRjQ6G40mZVtBdONL7HrG6CKrAfsniEMXrdmceRCI6/mWmVUNF
+WQzQUbMUtFj6h8aemQhUUR+AT1MgzKhNQwSNhKiIjmGRniLEaZ4CkAuZyQzwmr/x
+GckD0Nho39EhoTNGHl08gN6yQM/1mYf4lQg0w6DZN2hazEplBvnn87b0BT0/Gji1
+WfVGIsiYqnhtP9pC12TQbQnpg3ICxZBKLsrKxIdnMlwJRidKhsWzWRuDrwa9f4ox
+6ZAGYICdaaxur2xwWk3xQrzRgSJOqqFh99U5VGnASr76OoX58yLnF1UvB7nnhaKK
+GOKVhgRnIqB68Vr7FBAAy0qq6o2xQZD8djMsTHS0Oyl9bzy5Ov8eW1+1j0uREfsg
+Z3rGVxcnPdQSvbN42xHF2qJ4P9IrMZB8EDfVLcfuUKAb8VsT0eN6gR5OsWaOlHTu
+C+DHXaBgp7qeIFCDKZYdj1mOEhSoEVI7h4IYnrqlRAD7U3sYNNMaWLiZnu6n6Lk2
+ECLUomojHHljU4EoJYGVft4cDy5uijcZv25x60wJM+RnqYr6Xt0ckHWYLwyBp3kW
+YSlRJ7olV1mJqJp9FekUGcbR09KnOtksqLiaS2PSALTU527bFAVeHZCAPtk/7T/A
+I/Ek3TTaLSvj+3gA9u7Xdm82w/qxfn2H0snLaCyU8LDT5Y3JHD27gmCKBUqVAAHo
+qzSUOPr93j5LsXBRx7mcZPESjz3MmxZxYovo/OKtT2JDRGZgxU9BjYHpEW8jIdna
+qpXyvCLaz7zd4zSob530Wnhg21X5KKOhsatypGOkedBDBoGyMOOJyIycyhloHpCc
+GVti6QjBrx8tzYjJ8Zl6qmyn/NFftRK4S1+z7Hor68rPC/E5xgKWGXIR1BG5X7iw
+JTmzqVTLhdKDW5J2juyKMRh/AInLl4cH66R226yhzka4n9XR8uPGEfAsj/0RYkHK
+927AA61HiHcggeEhyHxxt7xxNQKCwJyy7XRWvHd+h8XVaCB3PDVdgQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5.pem
deleted file mode 100644
index db8f821780..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Bad notAfter Date CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBBTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0wMjAxMDExMjAxMDBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUQmFkIG5vdEFm
-dGVyIERhdGUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO8t6F1gCSiD
-eAh0EXEEP1RGW1G+zM3TmSeKbm0GLmH4SJp7HbsjBab4wtNEVlOrYMG5phm3dro3
-P6YEmVt0q2yzDo8OkpfbYwJEy6e/vdjF9itss2yajms7qA6xPbggpdYElK4y/1Ei
-o0+nUli6dZQpEz7/V5tSk8S3zvh+lJ+jAgMBAAGjfDB6MB8GA1UdIwQYMBaAFPts
-1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQtDCY+YSMuNxOnyukyqVHgELUF
-MjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
-EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMDkUbWtYhitXM+mGr3TBaTgM
-IlnMLUMsqxka0EQ7fiEaLtVsOD8CjMRKeNcWo6ZwVfJk7EDOnV4+E1TlAzNp1m9z
-rHB+fc97XJlIaQwOF1WMnjaZl96TO5Tb8FIaebsIeknz2m8IhfZ/EuWPfqs37ZxQ
-b0YPNilIGsUSrT3rTBk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid CA notAfter Date EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=Bad notAfter Date CA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBub3RBZnRl
-ciBEYXRlIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYTELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTYwNAYDVQQDEy1J
-bnZhbGlkIENBIG5vdEFmdGVyIERhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOhmxDd5kdaDqSlvran3+R64X7ilMaOb
-DINojoBxIW3XAxrXD3TFdV/twdn97GoxEkeh14g1W9IV7RTwfDoVf95tjNli7Zsg
-ye+NVj1gYVV+DdMpxy44biOW6s9l2wRqNqoeE1AFSj2su1PgamWIHiGo4BQkcE5F
-bMwHbJCR8znNAgMBAAGjazBpMB8GA1UdIwQYMBaAFC0MJj5hIy43E6fK6TKpUeAQ
-tQUyMB0GA1UdDgQWBBRsW4S+GLLshXYDAKY/yVcV2NlPtjAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBANJW
-FdT2Ss72xFAtOuGm5EoRp7tP32SI2iyLmeLRi7YeIo/95FVK6xVzjZ8zT3pjyKvx
-7qe2O/cF9SyQssnebmTqLJQxCeWHWzt0BpbI4U9GZJF0vEeqTU/psLhr6p+20T6R
-XmeWECYyRGe0Wmndt5GJ74PBYrUjR5mtDojhKn/o
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Bad notAfter Date CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:2D:0C:26:3E:61:23:2E:37:13:A7:CA:E9:32:A9:51:E0:10:B5:05:32
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a6:dd:d9:bd:87:0d:1d:95:02:a5:1f:92:e9:dd:bc:1f:16:df:
-        b4:5d:31:d9:76:6f:06:90:cf:da:09:6e:f8:15:1e:bd:41:d6:
-        4f:a3:f4:78:a8:67:96:1d:ef:8a:c1:77:e8:b2:83:81:5e:d0:
-        f3:53:36:a8:78:39:d2:cf:eb:b7:57:e6:13:ac:33:87:9c:19:
-        64:08:a3:14:5d:71:79:b7:10:88:93:44:a5:32:79:85:fc:fa:
-        a5:a5:81:d6:99:60:2e:a5:2e:2e:6a:60:41:29:70:2a:27:b7:
-        9b:52:75:fd:9e:06:e2:80:f6:6e:0e:19:39:75:9e:a8:70:b3:
-        ca:d7
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBub3RBZnRlciBEYXRl
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBQtDCY+YSMuNxOnyukyqVHgELUFMjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQCm3dm9hw0dlQKlH5Lp3bwfFt+0XTHZdm8GkM/aCW74FR69QdZPo/R4qGeW
-He+KwXfosoOBXtDzUzaoeDnSz+u3V+YTrDOHnBlkCKMUXXF5txCIk0SlMnmF/Pql
-pYHWmWAupS4uamBBKXAqJ7ebUnX9ngbigPZuDhk5dZ6ocLPK1w==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5EE.pem
new file mode 100644
index 0000000000..3b3758fc03
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 71 89 00 06 55 9E 49 96 C1 F6 06 A4 66 6A 0E 6C AD 32 17 AD 
+    friendlyName: Invalid CA notAfter Date Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid CA notAfter Date EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=Bad notAfter Date CA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUQmFkIG5v
+dEFmdGVyIERhdGUgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBm
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE2
+MDQGA1UEAxMtSW52YWxpZCBDQSBub3RBZnRlciBEYXRlIEVFIENlcnRpZmljYXRl
+IFRlc3Q1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CcZ0DqE9Pw6
+P0I9jfc3becBcujw8y+uEiSGI2WWZvtY/5cEnif001zkbDJYCCXsaegUoJeh1/uv
+GL+wFCAw9ZKJ/po3NzuLSq9ER+jZrkjQeskhs1TWFVAL5Z1HphBRruutpMB31nhx
+P6MCP1ZS1wxbWwZRTtg2yINKqX2wRRGTIPB2dWa5Dlv0UL7DfypPfQsVoQF6XZ/7
+X6yWyYmRsiL9OJRh07ExsVAQFALZ/6tIXrWpgyQWRJInygoNwmkSTTc9gmetr53d
+5e0W/EPBSr8sCbmYpDI6MWJsyZvh16lAc3Zf6sx1PHJtaZ9tt6/WJ148aLV0ffUS
+gnvHrdBjjwIDAQABo2swaTAfBgNVHSMEGDAWgBQsDv337jzzpGbs5wWfiLPiz3RG
+2DAdBgNVHQ4EFgQUc086TbYTKqLTmNpBE0qlpFjKkKMwDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEANsYL
+aZkskh6vUFY0z42Z3HqV7ewk535l/Zcqytm9JFoUtt4tX11iVVLvzKRzE1xRZQrI
+1SIvfCSexc+vwMjw4bIRV8PSytQqXI6R27RERT5RLkpSBFfSXYJXrl6z4txFcEGD
+ed9220tfXUDOt5lZ/V9qlvOKInpq1gKj2C8mknHDYm6643I4Sefi+Mw5M3ohPfEs
+8y1AdEwow02R702NYa2dvBDu309BpjryhYrRxfXezN2l0Yc7z8Y2bISXclx3W2dh
+dqeABI571GE28EkfhPbRKuW+yQOUnjyMqvik6y5A7jtnFicTeoi/IIT8COWEg7gE
+/6N/kRUqqgeRucK71g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 71 89 00 06 55 9E 49 96 C1 F6 06 A4 66 6A 0E 6C AD 32 17 AD 
+    friendlyName: Invalid CA notAfter Date Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7AF8507B66BE68CC
+
+c+7/e3hmItJX4kdcx342E2hSdfXjFdUSN2T7OGDruPUtWjolA8t00FXibbhk4HFn
+J/PB5+gdQaouG63l9AIHGpSjIfc0djUVi+fr6ceQELkQ0JdsZvgPLD7OnRIN+GiH
+GGkiLschzGxHi/+GvhpACDSgPOhuOkO3aOaO3RfQxLmWNo2Ufpulh+pmii2mAcwz
+F9IblPWkFHj/86VQVxWC7OF/XnydfZA1QBTGOp8XCnmyUErrcXLqS9RsaTupxpzs
+MZINtHcluFL4jpoNDzkgmxts1zfqSRJAbcwzUd3OSPAYXHg5/NPt2PGRL+LL54YU
+D8yczY+FGwlVJcAJ6pVv2LJ+Qah7ynoo265+wtPX24WpdoecqPoBmYaIYQmnPAay
+CAn5Rgs3sjtfmb99/P3lOUsmguKbJCZFmnGEDzZHBlKDw2Q5EpyLGXV6khVsmaUC
+/+8BAeUkuHwA9tHYPHTFnlRSlN4eDVavE6dkOWXrgE8zkbMNTfxqi/UG0kdQR0RA
+P1ND+jLEwst5fauzSIIsTUwwB0M65fIdm5syQiLuyV7B5BwKshE4dbjFRSBMBWiC
+pyA+eEjuVwn9AoZLcnWyQ6nVtRIzx6YeP3B+SoeDpboTtXIlfIveO10bffctE2F9
+hsc9BXzWpjSvqF4uWM2dDnCTOhXDymOlynZQLphTChILPJihsdWtzIG6wtaJaZU1
+ucWncCwv+3nx8L5cH4PXHvn2gkCeHo/6E8maZwwVpfOWcc/azhS1F06jvIrN9DmZ
+wFBve3317ehzYAc4TpACqUqtI9oZusH84R2HBuATBBimzkBJjkMLGJy782MJQQf4
+P/uJJx5Ov2Op0YfSYrHxWlEqLnpKn4gLCzro7sjwbBp2rrZ96LL8qIxcOzisXz/t
+XYZiJS+PZsAsXHCBUf8UJ2Bb31Fl9HSKXqIUL22bOOtyZxyeZR57bZGmnsfYmjck
+GNPa8ZRupbYDCDiCPWA4cOiiSvqpPpr0ABYptZh2KkirQJ9kkU6CLnN7wjGCPJTd
+g89MxnUWF/FjdTcD8URi8oJ1EVMi28BqvYNLBtoG+oWCGZeejSPOJgbM4b+5gLBq
+AJqB54BUX8IoIW0So1AUwj1OhL5vsFYByNiPMe+suCLLi7KrljqROMWtavgEKxcE
+7VZEalyrUQ5kW5ctZ8TVjW58nRBgP1oQRaspqox5L6RxnGUpGlI4PU0/E/HAKcFm
+v0XMwoG2+03Sfa+H9gXjsjP2C5TR8RVb+AqsKKMH3FczH3h2mLVran/AQe72z8Gy
+h/LF4GtN/1W4tDWX9WqCpWzdhEt67mA1XjDtR3XmLjOYXnS1gcvcPDHVltfUNKYM
+MfjFepzaU57WmCy7o7LgwsP3qkhS5Cb8N37hyhCutyASsaQ2lM/AQu7SK2Lmwanr
+tGIt85QmIiSMuamLDz7RvnPQ+AaRwx7MRu9JMiA2ck1Saa2mdlHE8RDF7WylxSQ+
+91KDyN1ea+98COzfG40/jbIuw5uJyWV/SCsz/Z3WU18CKBdfRris+uRJRT99LIMb
+DkQPq+iK7PTI6bxDVCjUmXvv/Rmn8C0tnskXDMRP3zwVAewg4hjluwohXwUr5QOO
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1.pem
deleted file mode 100644
index 6a9d14d41f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Bad notBefore Date CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw00NzAxMDExMjAxMDBaFw00OTAxMDExMjAxMDBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVQmFkIG5vdEJl
-Zm9yZSBEYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJp+RthgxM
-5Y+NQaGv+L8CNjnEejXyimG9JuXmo6Uc6ZjMhYgIlr3iAA+dcZRCJhsJxY7RXaS4
-q3rRLSR7ROQdjSDNbuGXRht0SGe3MlOoIJEqFVGWppp3BVY4GUwN/s5zmgj/vE+2
-eCwl96Fk8NWIm/qvugmG7+bvAy80zDvMLwIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUHnoz+COKGJwqbE84ItXL/Z2Q
-fVgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAJpC5ygICALpvY5i3Q5a3179
-Ao05EA6N8ZKZHoS49lok81lUMy/MLGY5zQlggicV916WyTdDd2CO8q/lSCMTRO3C
-CrsU9kd4w1V1J/OnfYDuHoRIH0hqowTdm6bEnyMhuq2YnRotAKhkX2g/ekDYuC9A
-Lo8Ispl3HslMbhf/mhGj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid CA notBefore Date EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Bad notBefore Date CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUJhZCBub3RCZWZv
-cmUgRGF0ZSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBDQSBub3RCZWZvcmUgRGF0ZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuT/PBuMdSN+JtQHVYA67GVmByJJV
-4dw76fphkGkaVX0EhLBs1ZK0jH4H+/rGlzrmDGTT5k2xwYc73ZJOkGDq+5EPnKy2
-0MMuiU34oORcfElE/rYu4tqGwh9aARFDBpjzBNqCNMTR6wD5uIJ1HpZI3KfyuP1b
-sX5KW83tw4qRbmsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUHnoz+COKGJwqbE84ItXL
-/Z2QfVgwHQYDVR0OBBYEFGl/WT2zZWdmw1t+EsACdTdTWeWwMA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEA
-bf33IqIzT3eBs8IJCqw6hFy40WjrIDPUgfNMdPE02k+Z8/0y+QCczqm4PXynRsyk
-Zrn38tggQf2IVs/q+1IJsZS+3FWaj/iucO3twNWqPGqq60uc0xwpRhbIx1V8s1Dt
-1Jh1zD4+KU9o+ai5aN2ErGWfCjBpIlFhwI1XXT0NLKY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Bad notBefore Date CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:1E:7A:33:F8:23:8A:18:9C:2A:6C:4F:38:22:D5:CB:FD:9D:90:7D:58
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8a:4b:5c:e0:02:33:0e:3b:5e:59:a5:2d:7e:5c:16:2d:22:fc:
-        b4:11:aa:00:7f:9c:51:f3:38:85:a3:84:33:3e:68:e5:7a:0d:
-        d9:e1:c7:6a:f9:48:cc:f0:ee:0c:c8:15:b4:41:b7:a6:20:2a:
-        9d:68:8e:74:dd:b6:ee:eb:03:ae:fa:4d:50:c4:80:e7:7a:6a:
-        0a:0e:eb:64:ca:a5:a6:64:e4:98:96:75:f1:50:9f:c3:a6:c8:
-        b6:d5:b7:64:7b:8e:ce:40:f2:bc:13:1b:16:52:4a:e5:8b:22:
-        ae:9a:59:a9:e3:a7:44:0a:8f:92:b6:15:76:cc:25:f3:c7:a4:
-        1c:f0
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUJhZCBub3RCZWZvcmUgRGF0
-ZSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUHnoz+COKGJwqbE84ItXL/Z2QfVgwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAiktc4AIzDjteWaUtflwWLSL8tBGqAH+cUfM4haOEMz5o5XoN2eHHavlI
-zPDuDMgVtEG3piAqnWiOdN227usDrvpNUMSA53pqCg7rZMqlpmTkmJZ18VCfw6bI
-ttW3ZHuOzkDyvBMbFlJK5YsirppZqeOnRAqPkrYVdswl88ekHPA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1EE.pem
new file mode 100644
index 0000000000..832f36523f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 85 27 76 BF 51 D8 74 A2 97 51 FD 88 33 89 7E E5 84 06 67 8A 
+    friendlyName: Invalid CA notBefore Date Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid CA notBefore Date EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Bad notBefore Date CA
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVQmFkIG5v
+dEJlZm9yZSBEYXRlIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgQ0Egbm90QmVmb3JlIERhdGUgRUUgQ2VydGlmaWNh
+dGUgVGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8ENtBwoEZ
+CsDl8JmmxVIgE7Oxt2NxKj5KrXslioWozKJzjRKKK1N2jHF/RHEmzFYoolOnNMJJ
+gIFFYSeAeJshYirpGm9mI5xZ9l72ZfaxtA7SA8m2UhE78WwJJ+oa82CDIiqoOCEm
+26yEV1M8OgtFFu/g3by/PcknMXXLd3C7zYPynO/ExnHUfiPfTsorYCTEPqr/p7Ds
+yGjTRwdNbF9diPObop4B29TZanZ3gYOVBOTn9N0k1oy2eLF12W9W5CwY+FgywI4R
+ZMYQHNK3XNde4KuBoUxgXdAGUBzL/Puz2LY3Vd+2AjNS/hl3i76SKKwK9VrbUkXl
+v0EVWvc00ZDJAgMBAAGjazBpMB8GA1UdIwQYMBaAFGM+vBqe+6HyWaEvS5X+5t5W
+uIZAMB0GA1UdDgQWBBSp+Lh7Vm9xnfn/IdnPPSVIJfemjTAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBK
+OJZjmGp4sWnBQ541UKsMzBO4X8+YGKPA8tGpC/ZjLPG/G7zwq9IUaKekb6KZ3Q17
+KeX8YwORze2nSsMzAkED+rJKa8Bgx7+OFBU10b5qTdVc0Ac9PCDhhq9CGa/sj/yv
+ggEXLKq3f2BRnDLKdWO20hR2+FkOrmqtDx4q7wZQDtspGFl20AigOV83joWKHPcB
+DtjS5/N8zxeOzciNMHhxy1Sv6A9RCUw95ujhrs7c6WM7yXqWbsWhF2sT2856/FIH
+m+Hl4rSmu2MMsrZbcWSbga3AbanFdDX2wsccdmsqAPBzYGpJbTdR/s5HXnPei4fw
+PY7kH4Kc9zHuOqFxkL6k
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 85 27 76 BF 51 D8 74 A2 97 51 FD 88 33 89 7E E5 84 06 67 8A 
+    friendlyName: Invalid CA notBefore Date Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BEED679442F2FAAF
+
+DS4CtEvKIWfQlTyjruaWDz4w7XphOaMNg5RW4vKNL/VJ4D7UKOH9VqCPFrrdsybI
+S2BMpR3vwR84ZKF2ZOOjawzT9CC8ZFAjvCCnVJgetSNI93bvbrM6C38wwro51y9N
+P0vjOF1IaK9JZ/XPWG35Q2h09Z4oESK7HZyxD9FpiCueNW1wM5FQ0kGQdhvLWQaA
+S65EkfZZ1dBjAMywmxjsFdIYU51p6kLFhvh20p7ev+Y1kkwLiYB3/Bbo8z8Ktotc
+1bPC9HS0tjDxRVdg91uKto31VRRK0Lqi2/L5NsInQtxgGWkzxFgbM9BsmZ6WxJn7
+by5FvlzmNvwQZMwIE0XH5y+35RCeRY6Iy8FjbRO60567gh73b5gM8zD3C85gD0EX
+uZFJ3nBn+AaUaiPi99y0Vc+JKJmfVmGQ007FIQgjdlOO/XqPoanmzagfETI3tqgC
+blvTsK1eFnXu6INi7KkxQRkGqYi8T1LqcfKXF++woL6U8d5ypovRwtGWJPKc574h
+xagG5n0sw5/nTPH1YiK1KpP7/VuxRCjuWG9kQ8QPp0HsW8pRSZQnOUR0ySrRE19A
+SW6jO/1QZf75WkQFtGVYrA0GDfVzY31d8qtSv3+kcp2hkZuudqoEpR8TrZCgoUpW
+6sWOKEifzXTO1r3Hw9iPtP58BHDX+/Ojv2B+u8Jocv8MMicrxVaiEGyOtttkZ63Z
+uG4e0JBkxhWvztDP83/BtWRxm0yKs+PXntlIEz25wg79vzcDNZg5pP3/TW8GkrWW
+WxO4J2CzgVNvrWih8W5IGwfytslFhzzkNJRS3kY7CRT5VSWHu8pCG7scN8Vdia6Q
+1yjcxu7VwQ+lU2qbHPQAmbUqDU+F/Lq3SmMZ6fN9FrYPPoxAHRH9d+SyA9TyJdNQ
+kyxtpA2jLX66g1gIcrQGeOSIEKgWRi1XinUaMMRVeHmrjtYyEmKh/ydD+bZIDueN
+Lwgv3Gxwmykhux27PPo2LAP2Ep9+O5TCpDHz95mlpQrH+e4/up/x9ZTXCTMzp+tA
+YJ5CYqijDG/yOL2LPC50AFup0TIcF7MUlDMOrAxkZpjxJH9SeM6jM0voC2eASuQx
+9Y6ZWROyk8xNh0agvY/iCkjC0ko2hSANEDAE61+JDuby3kzk9s0XEtTw/c7lB1av
+dG0ZjaHcmlLrXpa97fdLVl5p09RU2mXkI147575EN/7odJFWPtbynSDVQpHRBtwB
+6yAR1nU0FUyl8KbJ7L9jbnPKPVqXsHSta2tpqNWCMN36d7688lAs0i5tP1vVDkxK
+LdwJSh964kFI0eYhrqyS08YIlk1x/HWQ6O+J/+Y4TJlOT5mkoJePzmdlBR4V34Te
+tHdbuBk4O1hQvw2m9WKNKuxgb2W3j4AIvc0ZJRJp9yKLBcPQRJroMeeB/kjPfGG8
+Qnxuy4ZRbhPaoRuJllTwunPc2m7ejbHr7yhJTEpGO2eB7YXjO3dGMMwIh1VZ9y2d
+Vdp5MJzNIofqXBfG1JOMQTlLkInZAAP6RN1PklLa8wzuelUIaPsIU+EYUdyvWhdH
+G2rOcQ8OhSZd7DtoSCqkjunKF3R8SwpX4aK4KRIxdg2L6cbLV4ZMxQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31.pem
deleted file mode 100644
index 732af1b50b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBRjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIEROUzEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKF4cGWB
-eAaOHCGkAPlmkE9/9XtvEpanIGNf1g0ab0PBnZR8ffY+IK2+rwOeMVtfXmJbaxi/
-Z70teNn94XkPXH6Pmz/pL170Q96CasAsPU2uQC4AtNjkUSeFbSoY7Ul2NaBYqLrW
-yQ7O3jEXdX76KQWqYcihAq1Jw+AEruMq98WrAgMBAAGjgaUwgaIwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFHXnZ0cYCavxiIjbno3V
-F1KO/HN4MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoIUdGVzdGNlcnRpZmlj
-YXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAzUV5anoiOD8wQQnetIFcg5wLnNlr
-dPixWje4q2JQcPnqZk3TW9O0GDtWHmZwVoS3PixQlJPHZGvkliTKM9vO7a8J2FDl
-/ZFRNrm2rHFjZxygk+UTwj+SI4CO8kmtSesvV0ViWwNNyfOV/nmvBjqy6pEbTnCD
-pax2/2P2ruVALCk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid DNS nameConstraints EE Certificate Test31
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
------BEGIN CERTIFICATE-----
-MIICwjCCAiugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBETlMxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIEROUyBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDMxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8Xm5JY/SJcUmQCDr+0GM+
-besWWL+OVllIdYjVus23p+8nx/r0PV4GQIKxh/12lQHPVKesX5OzuXUnlrFs0MNS
-hDKURr8PbBBD9pCKfwqTuDVGjcYNbxgOR7uCxwIWs62VK/yw3NqulTjTxjVba+Ih
-NDJEggvzeyEavzd9UoppGQIDAQABo4GbMIGYMB8GA1UdIwQYMBaAFHXnZ0cYCavx
-iIjbno3VF1KO/HN4MB0GA1UdDgQWBBQvlbhY4sw3ciETxMClyRfo7svC/DAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMC0GA1UdEQQmMCSC
-InRlc3RzZXJ2ZXIuaW52YWxpZGNlcnRpZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEF
-BQADgYEAS0/t3TgdHeRWJY1IdcR6w3gBMrNIweoAzXNnKgrodk3esABKU4lZrMr8
-UMW4sDbD1yNjLhGagmSj+1joyqYLTCh0NYgGbj7xS+zQfAGBdbctVpKYJ1l/pmxe
-CVPOHHU/YkBHnWMouumAnTpEcgbtHTMvsxQNef/pH9IcCBlnOSY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:75:E7:67:47:18:09:AB:F1:88:88:DB:9E:8D:D5:17:52:8E:FC:73:78
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        90:61:77:a1:94:8e:c3:62:6b:dd:eb:ec:3f:0d:e0:dc:1f:b9:
-        04:fa:e1:74:e4:5d:d2:0a:cb:42:4f:41:9a:a5:91:d4:2d:57:
-        d2:6f:1d:5f:cd:9a:2c:24:5f:3d:21:9f:87:78:17:33:96:09:
-        1b:d1:bd:f9:50:b7:17:c1:e0:af:50:95:7a:9d:03:9e:2c:95:
-        ef:f2:c2:a2:74:93:d3:9c:c2:73:74:96:90:b0:78:15:69:e5:
-        eb:b4:5d:dd:19:4d:ea:9a:78:af:ae:a4:b5:69:78:58:aa:7d:
-        5d:9e:05:ee:a8:8d:2d:16:03:86:18:62:6b:cd:67:8c:5e:13:
-        1d:46
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE
-TlMxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBR152dHGAmr8YiI256N1RdSjvxzeDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQCQYXehlI7DYmvd6+w/DeDcH7kE+uF05F3SCstCT0GapZHULVfSbx1f
-zZosJF89IZ+HeBczlgkb0b35ULcXweCvUJV6nQOeLJXv8sKidJPTnMJzdJaQsHgV
-aeXrtF3dGU3qmnivrqS1aXhYqn1dngXuqI0tFgOGGGJrzWeMXhMdRg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31EE.pem
new file mode 100644
index 0000000000..7271d9b923
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: AB 42 AA 02 73 01 C7 1E AC CB 57 EC 44 91 72 EE B4 07 CC 97 
+    friendlyName: Invalid DNS nameConstraints Test31 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid DNS nameConstraints EE Certificate Test31
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS1 CA
+-----BEGIN CERTIFICATE-----
+MIID0TCCArmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIEROUzEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBETlMgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QzMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMWz
+PkxcjfrTx5HDvt3XZVNg70GescrEk15PleNAp9F5sKxnbKvlJXk9Ei6imacf6tqY
+GH4gtc0fdD/Tk77oT26I+Q6E/hPk+QvoFi5CyHEKa1EsupAWS+/yudrVkKCxQgoi
+43pTUFPVZf2OgnTyGAqR+n4EjOeFKCQbXblGQjOQm0gHXiSDqYgsAam1Hw3P/R33
+6SNSrs1ClBL6m2cLE36e5zANzNfl9ev0avuc2QS46XNteE+Dol6d6B0StjCV2CSi
+Ipl0tqvurU/fYPJsYFVVPt2cdHEmig35BY3R+A+LLyYtT8j565p0tsoFtpTxC07e
+FaV7CAwwF6qtUj0TpPkCAwEAAaOBmzCBmDAfBgNVHSMEGDAWgBSxqhfw48/M0qeJ
+poMH3f9u2gfjSTAdBgNVHQ4EFgQUcth3X+ns0hx1Nih4TvYCKoI/bXMwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAtBgNVHREEJjAkgiJ0
+ZXN0c2VydmVyLmludmFsaWRjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUA
+A4IBAQA6HLry6wY654Uab5ADefymDgTAUI+zFlTB4rxL+zz5H01iwjyFOQDhkpWO
+yJLbj7Ncwr1AZW19zYAeJ9et3mWTv6assHW22CRecv1M/oSFGmNlbTUYS/UPO4wc
+rCOx4rAnTXwIPaUdzF88HVdGqlTr45sUuH9OwQDnPmb+TKLCkLfRo+TUsvBhzjeF
++tuaca3sFhLvw8hZixlySkpYRmQ2Ih+w16G2ocA3tfqSb4U+vhM4PAqeRP/E1i5K
+1WRY5ZTuSn2nMS3s+ItayivhPoWjMBa3+LIqvlZM1vB6ALREKt9ab5B0lj9IO3Jf
+SHQ4skVRdnOis7u2cSrdZnbCy3Xx
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AB 42 AA 02 73 01 C7 1E AC CB 57 EC 44 91 72 EE B4 07 CC 97 
+    friendlyName: Invalid DNS nameConstraints Test31 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,97EDBBB8B797E455
+
+5vqItS7ic0Fq6H4D7dklCCKzIo8FvyQsXz4LYVTLhRbBnAx5hO4oNNQB54+l0gpj
+zHOQUnJoexwy/3ozzhs/zRLswktS0b0gBOo2aiVnO8ypNuTFfOUuWt+lj3dx1UAe
+ILT5kGJjsI0wqEB8l9gZtm4042m1TaWuFTaMrQYWsb0DIU/Enf3XJmVDRwO2o3Sa
+jze7+pX+okd86ZHm5MAXSFPdAakWOz020sL9vt3EMue93lwP0kfn0FYJTnlJ5Qaj
+hez0VA3y17gzmT2TJyEYuI66wxLXPgYB5ppujH9DPOscQsioumiD2b1XhruXb9u4
+rcw8ppML7eyV/gB+SC0L3MkSBL7etxB9Is1RyyXh5WFgIn2Y/sLzLgWCxG67JVQ8
++Vfu/IevfQ1WwjH6JLLY6imBbNXyKLXQu9jjlH/IwixPzIi+LqjTcq26W9VBZkB/
+LOCmmO+t+x7LKUyFzeZ+sq5wKjVpVKV5mXni6FXKgmA0zbx+MK27LkGbd71ZEP/J
+bYp5oJqON2xKaXs+oAs/9KCHlz4VWCUl1yLxRN63XbhLtRc1xlQeSKoqzmWTQXdN
+xy6K+sutPJkLbmleAVDy3exyyz7Zs17b5Tk8yAUxdGpxnyYgNmOmjpZXVsxVLuz/
+TX2mAHAS0XHjT5Ry+oRwi6HXu0dGkpWxE6H96vhbQCg5boPz4aYj3acOqkXDQ0y9
+4LasYPgO6EE0u+tFtgQ4tHZ2MItQ7Lun6XFOMfBqAYYISwvrppNOO0VPd2ra/gd+
+1XVbWLCyM+C5HATHNB4unsEX9A1zqzmJeIJzRlwPUOgS3gSGULFoHjLS+Q6gzVIa
+HQqftYuiJ5oKw32UAHZK70WXbNd2yO9oOOWAgK06C1d5PDxe6y+eMb3Rr80upj3T
+OsFni+rOkX0TxT/3t2VXB0sxX7fw2NkvVnACV3P+udjqQcqHPQy0M4n5e8N4qgmS
+wnVosaDxL65vyRHrl3rDMsi0yCCBE+vJCvPPK2jmy64IUYsGi70Fe+K/ZGrQPkam
+0B6CNbF+DzOC8OHK4hZLMXhp5hwWSYmai3SMTJ0l366bajY24gN9KQVZ5Y+G1QCj
+3DgE08T3XhiMbz1wlTleQ09BmMUB4h+LPhSG3TdsthRCg6SBDq2eyUcLDU53XEin
+jWElYmxDV1XRTRHHhT1VBymtSKSvGwRZLFYhbTxWfpH7FgBxBdxyfeRLaoJLIsST
+ASKTuts+QcTQ2hadEmpg7kNZXmJ/Ccd4iCmiP/oV2P8vg7W4MkvUVk4ZIJtdNRlu
+L2Mg6wkr7Z8ENasEdDfCULwNlYFEE+AiDqgwl2Iw1fgVbize+eEFzwCNQLd7f8r6
+LlveOwtnUlVHqjDe/gOb2CuenWhVR2sNYMHImDMr13Hmxfsv9v/bYJSVd/jcpcfg
+1F2umrq10UPFzI5Lth9vWiws8AtJ88E7hTMJTRWGna2BHA/2Mvg3O5ggYacoNcUl
+sCFCA+hKCngy9c0PnqnXDLLtPT0HWIo4t7K4SQ2upcbU5PGrHYfitCIIjEWqLN/J
+Bjg1wDGNxsQ20K/2CPMYaRac1g4MXahKQWRiBWbq5asv/vrEJTmbWg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33.pem
deleted file mode 100644
index fc1e759012..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIEROUzIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANmefIFU
-RUgrahNMyIfzibuPD5LXv1aF765kc/ROx4BQYuBUZehjaB0G3eHv0wGu5rSJbnoy
-Lpdv0XVvBKEai/K+9iIereljhcwZzKTbHHvAdhCtgImX/Zz/KZ7OU4GZJGkdcj9r
-e/szQBEqTWkWB7hT25WM4ghi5xAz1Tn3foOxAgMBAAGjgagwgaUwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFH6Q3Dvq3pzSm0JE73sa
-zW6PkuC0MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zApBgNVHR4BAf8EHzAdoRswGYIXaW52YWxpZGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAekwpteebcTHJ3RTTqNmNlRsw
-aSa2MtBlaOVNyWi/Qsgy/LO5We9Ahkq56VlKB4WTWCFBdrbbnZ4k1Dpgj+NA8YBD
-Ysuq9KofKqycs+alN4JOOMtKHzbm05wPqkhY1qbBFAUbrEm5felp5drbJys97mCX
-bm7XHTxTuImtWM4ESC4=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid DNS nameConstraints EE Certificate Test33
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
------BEGIN CERTIFICATE-----
-MIICtzCCAiCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBETlMyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIEROUyBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDMzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxL/NbfBumGy235WIg06BG
-/D3/nRm8g5DewpBeSbgEPD/1yljXiblJ9TItVB7HrbJsewZWk28/396FVXb69SeD
-rmYXPflrEmgQlCp6IT0axE+gS6zTeS6qCAeHVWGLLvKOx6/9j/xqw2zUUDb1kZTy
-IedQLQlkNsdE966MUxr7fwIDAQABo4GQMIGNMB8GA1UdIwQYMBaAFH6Q3Dvq3pzS
-m0JE73sazW6PkuC0MB0GA1UdDgQWBBTg13snqN9OjzwRLPdrP94IHHcERDAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCIGA1UdEQQbMBmC
-F2ludmFsaWRjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBALVLczfP
-n/oPIoeyzrVNW7swi6hL0k/Hp4Ki4rB1HA+cXcuGMJTM1mnk7gLd9Mjjyp0Iz7DP
-82k+Kv+9+EpOWHhwkvAJVJisKGVO4NrUbuxGhoYggP+ig5gsuHAfCAlzLfzQgW+V
-BtejP9VrkYTGxKno9uiIjXfO/VQ9w8pB1Kci
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:7E:90:DC:3B:EA:DE:9C:D2:9B:42:44:EF:7B:1A:CD:6E:8F:92:E0:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        02:f1:3c:9c:25:d8:e5:f3:99:97:72:47:d1:94:a1:f0:11:0a:
-        8d:ef:9f:4c:c6:3e:93:23:1c:76:92:f7:68:f7:8f:9d:d0:ab:
-        7d:73:20:ba:f8:ea:1c:90:10:59:01:07:c3:11:36:15:70:b3:
-        e1:80:3f:38:65:42:77:78:95:79:6d:a9:88:c7:54:59:b2:52:
-        9d:da:5a:58:a1:73:1e:07:78:00:01:67:02:41:9e:82:b4:ab:
-        f3:d1:74:00:8f:ce:fa:78:8b:c5:ff:ca:40:ca:88:90:ac:74:
-        78:41:4b:60:85:3f:43:31:7e:1c:60:bb:3d:91:09:df:9d:f3:
-        6a:40
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE
-TlMyIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBR+kNw76t6c0ptCRO97Gs1uj5LgtDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQAC8TycJdjl85mXckfRlKHwEQqN759Mxj6TIxx2kvdo94+d0Kt9cyC6
-+OockBBZAQfDETYVcLPhgD84ZUJ3eJV5bamIx1RZslKd2lpYoXMeB3gAAWcCQZ6C
-tKvz0XQAj876eIvF/8pAyoiQrHR4QUtghT9DMX4cYLs9kQnfnfNqQA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33EE.pem
new file mode 100644
index 0000000000..98e9795eb3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 37 53 53 19 AB 78 01 73 27 05 18 43 EE 87 32 9E C1 06 7A D1 
+    friendlyName: Invalid DNS nameConstraints Test33 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid DNS nameConstraints EE Certificate Test33
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS2 CA
+-----BEGIN CERTIFICATE-----
+MIIDxjCCAq6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIEROUzIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBETlMgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QzMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYb
+B1v9GpRI/WrpcpiPQwAnQbViU0MATTXN5t8MypI72+0ExFrnmC3gPpZkImwXOlIn
+EpFA/EU2xNrc5+1mzC+rfPUzZ9W1xpM189Nsdobp7UP8laTGpeP1qB/5bYKwHr3w
+poPYnm189HfyTcVfOBqrb4w8SxyfZBZv9znzHlNayguKAgx+7v1IBrPSYz2dQKpm
+44UfeKpdRLfBYmfwtFn8fo7G+gSzLev19SdPiiTM6Mm/7c3wvSjPfoFChOmCDjmR
+hHcDC/Y3IOp9913OU6MyfX1JWWtCekDmovPzH9FdYvmYA4qJEP+RTHLG3Tjjx1MY
+rGfjZf+FnQktoa7DG1kCAwEAAaOBkDCBjTAfBgNVHSMEGDAWgBRGSJxCCY5dU3DY
+Fh7gwckYFTUKBjAdBgNVHQ4EFgQUqPuoi5cYHAfhxk4Sb8kAu3oLs1MwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAiBgNVHREEGzAZghdp
+bnZhbGlkY2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQsFAAOCAQEAL59qoRdK
+H5WO0ZnkKiOAfs0egI4Hm9xbC+xax2LVNHxtmsXa1ksxOgX9dMuJH4uo6XXzNqyp
+KbZ3m6z6g1lAsdfww1o7d+7EOIGhTNOBWhRZOxYe+XEWxzIKKgO7qPGffYbEhpM4
+HI+2QsGnKGP2iBcVWS22KE3O/3xRGjiSUff9hGsroTtv8xTbPBA93d4Vr36VzRp6
+noAywsV0iZt45Zpoo368aX+Ph62TqXCg/1+VERrG8OJe3+lWQqeBfKo05pwZhh7D
+Vi1VnGCLRptvUiwJuiOBksuCI6Uidi9vEN2DaIz5K+8mGAWn9C9Qjps/Kat9dHFD
+ctZ9Gd4lR1XzyA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 37 53 53 19 AB 78 01 73 27 05 18 43 EE 87 32 9E C1 06 7A D1 
+    friendlyName: Invalid DNS nameConstraints Test33 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,42DDDCCC4E0E0812
+
+InO/EZ0bUhdxLdwVzylMQPQR9u4xMA41CFhQBlg8yS4ovqtRm1MVkKsVHOEm0VgT
+Xnez/9FZqk6KilG9MCXFGeQCbK3fhtIlRJMp4pft+7P3MpNYj09crslN4DqPWosc
+4ffNKCbHcfxYknEjn5CvxEmSwcSYXGs99n80jb4TNc9h22rIJPMxcA4JjZVJymyG
+Ym80H+9BKpgWgG47VWH9E4Pe7rsYKQNYlOEeK32xNQe/Ukj+/ANlPyCssMt1W6FZ
+1NVdme/Vhiwp4aYdCvUP4c878Yu3BcqWakw5JfKTghSiLosqu0YcqQGd5GATe0iI
+OWhANpFojMvJXeQdOzWL+VnSmqtMsixJ0l0DtiWJIF/PAA/j4Ab50yWUOoSrusp4
+9OWPdLfXRqEqdIL2GrEBbYd6AxP/5QG2cFq/K5oKpK4KzHWY3RhmWXy6rqD0VMZf
+y+GfjSUmrEH+S7oKhLPBH4Mq+iAfX8R2YfXFM3QCf8yhWQiOmUft2XDxq8BVULnH
+zLFZWY8WI6+ZgUAcDZGmN4Hki3sjmt6gGiI1CouN8wlrDs4doneb+GWyB18k4EmN
+8FboI5b1kjr//76kpIhAG7yIIDQcXS3GU7I1iD8wcjV3u0dYYnnsc9jcRnkgTbkD
+U8F42AVFdfC+nCKR9oKRBlqBnD97SFbneNcZS3PyOaEUY1AxeMPfbBXeEOmUBp/r
+YVYBNSUbIyIcwpe+gMkX76/pTZkaOnnzN/vLXnYTlW9Mbh0oNIpnAD+BAyT2dc0R
+LMUVlu1+t+RMQaBgDEiWw5jdHf9JRjYO6Lf8G8nNbZupbhGtkY+mAroK7MoPRGlc
+1WQkQD3P6Y31IEAli0iObCAS2MOLL75XPhbapja0KHiTX1QGWiY6JT1QTsJ5ZPDc
+r7ZtVHJRyL6omdz1xLKqD69IG0krmbjWZUq+aeFg1LbsEPX10r3yzaz12BMs0Gmy
+ZG2qA3GGiQMrh5toE0uWZCBvZCLqpM2GauWKF7R8Bsj59rSPtYpIpSGib80lUAbL
+eYB1NOeoPzQQOVRS+C2UiTGmZmq0ID94Vnb7vWcHVk3zLYi3sQ0XozqJ2T6vI2XU
+5DLzUqUW6jSnWDQA5Y93/Y5W3b8bdyxWKfTAKVBNjciGlTM2s2sk6sQie3/c8Gye
+SZ+HFnX1jGTROgprJvcFZTFUuVDIQx4mdIufm7IiwY4V/zJRiDTfybzVxDD6pr59
+8RTQNvZpggWvtwSM9zlxBGnQ4Pg5HWJi06xZsOwgZ8Pvve6TW+GgOlbVKrdUwdUe
+V8t8MMa/48rR77/xb5k2xI8uwWuxE/bpiYzUjpsi0ZPh/GX0ruNZn+hn9ph2thx8
+QYMHbNIszbBAY6FSZSuaOTUOKu7Jg2zzAR9rxYDkyaRbF431NRjHEIhS32EL6k2l
+98abtTqhtMUJ+Odq6B9vttvOBunGQh7ym3jiWbT54b9wFgVcHtu2CsPu3H7A/E9k
+5trrY8QKvcmyZt/Y57OQ8yDoYcVLG+6boI7F7c9IZWNDocF7gEV0/rEFwIudVRr3
+bxy1izO7o1l2X1V+/E0yvV21MY+0c/yrrO+n8yrK+wvy5xB/fns5eDhAyNkKByDu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38.pem
deleted file mode 100644
index 7930eb4ddc..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBRjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIEROUzEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKF4cGWB
-eAaOHCGkAPlmkE9/9XtvEpanIGNf1g0ab0PBnZR8ffY+IK2+rwOeMVtfXmJbaxi/
-Z70teNn94XkPXH6Pmz/pL170Q96CasAsPU2uQC4AtNjkUSeFbSoY7Ul2NaBYqLrW
-yQ7O3jEXdX76KQWqYcihAq1Jw+AEruMq98WrAgMBAAGjgaUwgaIwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFHXnZ0cYCavxiIjbno3V
-F1KO/HN4MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoIUdGVzdGNlcnRpZmlj
-YXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAzUV5anoiOD8wQQnetIFcg5wLnNlr
-dPixWje4q2JQcPnqZk3TW9O0GDtWHmZwVoS3PixQlJPHZGvkliTKM9vO7a8J2FDl
-/ZFRNrm2rHFjZxygk+UTwj+SI4CO8kmtSesvV0ViWwNNyfOV/nmvBjqy6pEbTnCD
-pax2/2P2ruVALCk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid DNS nameConstraints EE Certificate Test38
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
------BEGIN CERTIFICATE-----
-MIICtjCCAh+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBETlMxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIEROUyBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDM4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLztSKsWY+S4ZhmNgTffbb
-H8aIXhiw0mDQqoBzB40KjeMgX3OEnxCBBmDLNqdQtcMhlcKST+FbcFNUzrWySjDL
-UhFqTes5kgzTAyyIeMKHG/Y8b9D7mNuH3GJmtCWOCcajKBy7g9IuPRTtOu/f217J
-pqw42pwtbI+7PX2v2cTiVwIDAQABo4GPMIGMMB8GA1UdIwQYMBaAFHXnZ0cYCavx
-iIjbno3VF1KO/HN4MB0GA1UdDgQWBBQtwjU8JMdU3wDsp2MQVttA0RtaVTAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCEGA1UdEQQaMBiC
-Fm15dGVzdGNlcnRpZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAYzw7EH4l
-W8Vcu3FH96T5cE/RL5hRpoj2PU440l6/1ScnutWvY2WXwCAhO5LkkyDdE+a8Pv4S
-v5BusKldAEzFQy3H6jlDnK29Z9m/6RNIrskTys2Jqt04I+JWV85ZNVCyTu4px5iY
-SmR9uXP/4hfVB74Ct8bSrOBQVy0te1ZcR08=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:75:E7:67:47:18:09:AB:F1:88:88:DB:9E:8D:D5:17:52:8E:FC:73:78
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        90:61:77:a1:94:8e:c3:62:6b:dd:eb:ec:3f:0d:e0:dc:1f:b9:
-        04:fa:e1:74:e4:5d:d2:0a:cb:42:4f:41:9a:a5:91:d4:2d:57:
-        d2:6f:1d:5f:cd:9a:2c:24:5f:3d:21:9f:87:78:17:33:96:09:
-        1b:d1:bd:f9:50:b7:17:c1:e0:af:50:95:7a:9d:03:9e:2c:95:
-        ef:f2:c2:a2:74:93:d3:9c:c2:73:74:96:90:b0:78:15:69:e5:
-        eb:b4:5d:dd:19:4d:ea:9a:78:af:ae:a4:b5:69:78:58:aa:7d:
-        5d:9e:05:ee:a8:8d:2d:16:03:86:18:62:6b:cd:67:8c:5e:13:
-        1d:46
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE
-TlMxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBR152dHGAmr8YiI256N1RdSjvxzeDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQCQYXehlI7DYmvd6+w/DeDcH7kE+uF05F3SCstCT0GapZHULVfSbx1f
-zZosJF89IZ+HeBczlgkb0b35ULcXweCvUJV6nQOeLJXv8sKidJPTnMJzdJaQsHgV
-aeXrtF3dGU3qmnivrqS1aXhYqn1dngXuqI0tFgOGGGJrzWeMXhMdRg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38EE.pem
new file mode 100644
index 0000000000..dd33413a94
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 48 A3 C9 BB D3 CD F0 ED F5 84 3A 8C 2E 9D E2 86 7D 30 E7 6F 
+    friendlyName: Invalid DNS nameConstraints Test38 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid DNS nameConstraints EE Certificate Test38
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS1 CA
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIEROUzEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBETlMgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QzODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKh6
+dMeji/U5K/ekBPo8CedDexJtu59S60Zbb3AdsoCF+t7mMkB7bkSY9aNOPXfsmBfi
+YH7FJFNzIwIoG0yHAB8qROxhbt4STVpB4c3XyqkWByLdHAzPM/+CAwX2ZtYTLF81
+FqT8KM7QmUMbjkcNx87nD+r8OQ795j0fAQQ3fC8XXgYVdDdfuoACAyYVgJplwLMF
+ejdjj72LERuDgiJKHy5BiUrtOr74ZRRoysDnX6C9cAD6BJjkrvFryQmCsnifit41
+3X5TWR3nSYY+93/ioiZ8kr+xDCtx6ODFs8DohTpue+SNnTW8w7QwtoR4gxnLWw2C
+3FNRWu1l++/VOOZEd0UCAwEAAaOBjzCBjDAfBgNVHSMEGDAWgBSxqhfw48/M0qeJ
+poMH3f9u2gfjSTAdBgNVHQ4EFgQUzkAnIqjWGiY7B5H+8RntUEbOS3cwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAhBgNVHREEGjAYghZt
+eXRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQBFZ1PNe87h
+xxEKYU1zDBenTJ4doWDxfNls/SC1fl9y4sV5gYdVvXMfMvFNpv3cuO9RdFhc/r7U
+an8zS8YA1bP+ts5EDma3yIuRkOAifEeE1ivPjzmEH0acOsfFmjgF5OBqS850KFqS
+Gtxa5YDgeuV6/GaUh+QTnkweGcQau51QIalB34UMxmG93hsNI3M4ZxPAiInJjb5n
++XKyQBWwAhaPhGPVbLIU0BtnyafxIs3fkksxFvp0TvrxNoDKmyGn1xMPf66rKgPV
+ziiayHvu9e8uhwEjXmugCy0T5zxb67CVVgHofZZfphlk99gUzeqr0rxA+7gPsoVt
+99WV0A+bbNk7
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 48 A3 C9 BB D3 CD F0 ED F5 84 3A 8C 2E 9D E2 86 7D 30 E7 6F 
+    friendlyName: Invalid DNS nameConstraints Test38 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6E7BE2BB1EBDA90D
+
+/3LYRb7V6mLvFHL6h6V+UcL+eHtdgcQIYRfMJnf9duANOgPmFcASfUGnwWP04Kzz
+cmG9hi7a5mHX1ZMLL6r5xw/TI+ui15RGKL1QqJKU/bs0W7A8Pv7fJPXIkRyozXvo
+qk4Y8oGUHYFGZ4CSNl6B6MiBghjHitDxcYq8HSiLpuZc0eoRNvGx+2K08tz5e99r
+69w3sRTMrjdwraRuH2I/KUVGd6zsYc0Y58EbimoakEuAmU85fQV5CSmFJrxY4VQ9
+W0EHnUMt6ay3eKe9CpdDVZL0REjaNeBA3wm+aD8o2ajnZgHZh3q/HTTAn+05x9mY
+bGzJE01HmJnqskot8RWGFUfgcIXFOH3I9w3gF7niJrRBl1IjXprZlPAxEMdas70w
+WMI7ereIJbe1HOYd7s8B5TZXhJr400rw/KkcPFJaYRTRPpe0k7R+hxzVI+o8zDV8
+Cq1/GKENTcnI9Y1FlrH7yt5vLo0nJD+jXhbj6etgshYQnfdyNs9qEJVftaYeKnGj
+C10l2YmsLrn1F/OtfDNUYIfEPw11t9PNxygTGBmOcZ0rCsPcpcimdWh+qWnhjcYr
+SqanW0CZj4RKhE0R7zPvUbBGkssGu165NkPSyTDLrwQJtoAX3hjPuJ9R58Wc50Cy
+fFdglrp7WhLJ3IGTlWSv4TbLYjQfrSVgwHcUnnUGjkK4Akd/bxNKFq7hCHosb9aC
+oiFwRuIPUh9Xk7cAhqL3ELZpmvHUMoU8KzXOu0zL81C5J7j5n4w0/64Ih3qe3MRP
+bLm9fyOQU2dNc+onffryZF7BhHOwicV57GqV2awUUGqSln6g+CGcFOMzvTv+txr5
+Gk7mjIoIM2Cm/Y+kRhJkKmAwystZMnxVJfauSO0uNCtOuU/ay29br7V4mixZPUAL
+xTF+aRlYQGsH91UVkAJZqqiUe4ZjCKuoYgahim9UMViyq7XHzCq9tvfMLTHT9Q/q
+NPbzmqXcupL2/o23dtPHcF9YBTvfZ1bFdJPianLBt0LrC0Rxz0E3t5glt7tPfDpf
+uFmoisv1/APxyo5m796LzJg+tYl1HjlKEw+CUEZczmuvCvLh5ChwofTGmg/cA/tw
+fMjkMeFBmd1Hgqf7+q7v4wlIZwNnINXPj6yBqTX35TTxEaotlnCD9IJ5yfQsoEEl
+0qPPiLBKwUDUK2GyA/+jJMOUTodoTc+vuFHngdrhQ0Y2y9gwwX/sy8DcgIcGfN/E
+wGZLMoaI3Cz6q6JPg9su+gEToivrWwJE9ESgOmBMPa2lguBU/4OKkYcmtNeNfWeZ
+Wcq1UavyfhJ92ybnEXHJnTYSDixbRQh4A8ghK01ES4LVGK2Bb1dC5lc8DECo+iLw
+ogpKsVPYjbyeMYq4AN/B8qDP7BSm8ejQ5yTy92HouO1e9rc7/9LFr1M24OhsTYTr
+ONzxGwxf4joBPYyuJQ4Om9llVpLEbXNYeuotga3cUnshAc/e+Aj+6pSlY16gfGsb
+vUHEKa24nvEaOD4Tan7ojRg6+dcgiG9OPLZb8gCuL3sU1jEecMNzaq63UDYmkokC
+2JXgDG9UngFxugmBrhhLKHm2y6pVtRx4DZ+ZIK/wezyGPiFKvNeHpg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28.pem
deleted file mode 100644
index 18fb09781b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIC0DCCAjmgAwIBAgIBCjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA37aIkV7sYy0JnIQ6
-oLcZr4T5fsXvU6SzOxBfPrtNDpq884ix+hP3zDxAwCSO5mU0znQe9s5im5Mf9yKK
-0FIXOAHFwMb5M5mAZNwn7Tx0XYxDfBx94lsMvJdBDCddmTB5akZgQF5Iir+Y52y7
-yiWRJM+ZmowFfoi5rp/PgkSOJxsCAwEAAaOBpTCBojAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQUV6v4nCfI0vTmz2+qIAs1ZwSDJGsw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MCYGA1UdHgEB/wQcMBqgGDAWgRR0ZXN0Y2VydGlmaWNhdGVzLmdv
-djANBgkqhkiG9w0BAQUFAAOBgQBlTO2ECGQPZsbXzVHd/rGejurHrD9MHfTQYJCn
-pFjAPq3wSo4qFVopG5gl9s4rdpNU+XvoY5zO8MVxTnfFi5G+y2CWZTG0iIWQmC8b
-ReqDdpVeAV3ictgaDyoU1ApdemyOS2pHV0mgm7vPYCx+17EXzFBphUICViSFv45n
-cu1nCg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN and RFC822 nameConstraints EE Certificate Test28
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
------BEGIN CERTIFICATE-----
-MIIDBjCCAm+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMzAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGLMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
-ZWUxMUQwQgYDVQQDEztJbnZhbGlkIEROIGFuZCBSRkM4MjIgbmFtZUNvbnN0cmFp
-bnRzIEVFIENlcnRpZmljYXRlIFRlc3QyODCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEA5P+v5wlPmnZe/uEH6HyaKnq85ORqBL8HNiSn0EhAtQNHISd/M6VJvcrJ
-YCdSaQbE+A61yEjhCfckVgjt0lY081fJsDvDU757lDPe7SLP5hyrVS+myINWP3V3
-Fnu8BeK5Lz4Ytkx6uvnfE73jdWSregNtKqtyQD7kyLMTFVlVXt0CAwEAAaOBmTCB
-ljAfBgNVHSMEGDAWgBRXq/icJ8jS9ObPb6ogCzVnBIMkazAdBgNVHQ4EFgQUDvHN
-oL4nbNoIN4BmY5QBKMupyFQwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATArBgNVHREEJDAigSBUZXN0MjhFRUBpbnZhbGlkY2VydGlmaWNh
-dGVzLmdvdjANBgkqhkiG9w0BAQUFAAOBgQBtZkdww8Uz1loAnrdjOhd30Om7eO4h
-Ph2kKsyLJm3aeptHUIKnAXrY4+drzXmVlzMcMK0t7VT0CMP2vWSVrzHyUXnGxpsK
-ZGKNRLzdCrr4sEVtsYjGvMK9LzM66kx1CFVbl2IftM7cVEgadA7RyfakTHJJAAQw
-by2klF/gQrv13A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:57:AB:F8:9C:27:C8:D2:F4:E6:CF:6F:AA:20:0B:35:67:04:83:24:6B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9a:01:ff:a2:5a:8d:4a:16:d9:8f:d1:7d:40:a2:bc:eb:6f:fc:
-        4d:58:3b:b2:03:77:79:60:99:5e:f7:f5:b0:39:62:10:15:8f:
-        67:ad:12:b7:a6:2c:ef:de:76:3b:90:26:79:b7:1b:7c:3c:25:
-        b7:bd:11:82:78:21:93:5b:11:66:15:e2:e3:d9:77:e6:a1:18:
-        6d:dc:46:88:f9:13:7f:28:5e:17:95:7b:a6:da:4a:00:c3:44:
-        8e:f4:00:50:a6:a0:52:86:90:cd:40:54:66:92:30:0a:64:0d:
-        09:19:17:64:41:33:08:5d:c3:11:b5:ab:d8:61:5e:a2:60:56:
-        a7:d5
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMxcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUV6v4nCfI0vTmz2+q
-IAs1ZwSDJGswCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAmgH/olqNShbZ
-j9F9QKK862/8TVg7sgN3eWCZXvf1sDliEBWPZ60St6Ys7952O5AmebcbfDwlt70R
-gnghk1sRZhXi49l35qEYbdxGiPkTfyheF5V7ptpKAMNEjvQAUKagUoaQzUBUZpIw
-CmQNCRkXZEEzCF3DEbWr2GFeomBWp9U=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28EE.pem
new file mode 100644
index 0000000000..eed50ffe62
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: CD F3 00 7D CE 6A AB C7 2C 72 7B 2B A8 53 D8 C4 04 A5 77 3F 
+    friendlyName: Invalid DN and RFC822 nameConstraints Test28 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Invalid DN and RFC822 nameConstraints EE Certificate Test28
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ez
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgZAxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTFEMEIGA1UEAxM7SW52YWxpZCBETiBhbmQgUkZDODIyIG5h
+bWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjgwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC4vbpQh0jJq3Nji3nx4Sfd4a9Ek4bG4H6jLwpj
+rsy/shoK6yz8nnXe/w8ZSIYH/pETrz72I3kEz5/VI6rxHf9Qo+lqLURImkRhxwSc
+ylpDPcbu6LApCackMGAms8ocHu+g6ZELzg5ubrcfg7IcHjnZMdUjXqEWptkZf74X
+cDGjkJtpA1jJgvEiwSy5A2MkBRkf51/4SGxpN0tbnLyW4P9T4s9p0ZECanXijTK0
+px8Ln6lAaV8/mwjat4G1WzpMsiMKYkzD7dC4uSunEY+1+M0NOsiWJwxS8oIA8AcF
+DOzTjx9WV8xeofZeY3ZJQJyJoCI+L70s+/9dwHxeXVbBbkGbAgMBAAGjgZkwgZYw
+HwYDVR0jBBgwFoAUJ0nkBNlF+myYlGz87Q3DJFJtVUQwHQYDVR0OBBYEFK8MG92q
+3AJ6cZcpow9Tp0emF1RiMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwKwYDVR0RBCQwIoEgVGVzdDI4RUVAaW52YWxpZGNlcnRpZmljYXRl
+cy5nb3YwDQYJKoZIhvcNAQELBQADggEBAIZk5m0SIfQF5ZF59PLUTrwGaG3jiJKm
++IdyCCM2JsVcKiJ/DoWkU3Ao14nmJkyjAFG3HoYqap5lxKyWpwvmv9VzBGmvJun5
+v38Z6zVGWSAKMt/w4yAJBVWWaDKHTP4nfBBYX8uAKmAewlNxn4LjWuZ3AWKfbuqx
+ve0yYWP9wBs95PlW47j9ky9uYjwAgXX3z4XnG3NkOH13uxPI6ZjBCdacVuIKDVZt
+3pqzHcBT5FV+9JrwvPxnaIauRpb07aWopvcl8vUF5Z2ndZjtBIjAtlnH8AHo3dwy
+b1v4tBbIjYfNUSlCtBjUC2SrlX0AiAqzq0jPL9YBiT+E0VnjRaYHmM8=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CD F3 00 7D CE 6A AB C7 2C 72 7B 2B A8 53 D8 C4 04 A5 77 3F 
+    friendlyName: Invalid DN and RFC822 nameConstraints Test28 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1D6AA7F606ABEB63
+
+B44Kh+Eawf7VN46/8/zrkiV2Nx5S/ABhA1JNcjIUoXWr1bsHOwPrru1/PZMzh2pT
+Xi+U5L0pAVLKGNxAzx2iyOEHQLKHNqmxLJ05kcn4edJYY38dmP/Mv/VobSmIFcQ0
+7o5ZSCP43dcSHCAtoRYvNfLRrWnaXkm4bMz5j1OfPSN5fu15F5HvAW84yd5WgGoI
++1d5dwdRrxtm0BYtdJqNjxk/zKsxAkP27Qj0YxaLZCEt5mMcKIqRvnW41k0vFDUZ
+xovH3/X+VeQJCJSQtibLqwhiN/16q+BLicADRiN6Tr+18nn7qYNjIPNBbGnYWKsi
+KkRx48nhkOa66HIqs3mPupQi8vLoYqB/nFkrT7kRwZt1fspbfUuSqWaGwYLbgwpH
+bTEWI82g/5emW21YXwIekvI13YwzQb0tXSJH8uUQENXqiWtQwJ2ke8tI/6sYqIWj
+CrDQEGX1iZmedCvuPtZpS1oPO70n+5RaKmBg43QP2fhp0mrCHR3zMof/wt6t/yUe
+Zs3KL5yp3pb00FxivqYlYhsBMwhc7LkBZz8auIsunXyoF6BZ9ZoHb2AkXHetQc/H
+GY1W0zpVWG1dFIrpQogNWtpZmd78915iepHXAHyl0cFTF30fj31Ae90lhJU3ivRM
+3LdqdnOAU3khHIIzJfEnFa1bP4860RBhbHoNmwykE68BrlOsdfpZ0DrcB4H6yhC3
+hl3DnJI+BARFWD4ApWkSNMbfYwFkHbcSebJ33k/bR2k0KjAIJYfcznVoPEXbGL8E
+5uKaqgTloQH8tCpPPd52IhyzMQBkqR3/Iv25jua2L4Cq9lgaQXoGYsxj0e0BCRqs
+cOgLQVahRPX8HJr9dZA1lyjg+0/usQAlm0GcpPqw/NZOFdGXyjxnPCXUQOxjSfSt
+PqUkTUzqUjK2SOKKxn4acil7O/zg7n0H9Y85rKB7pieouVen5du6Z824hZQySlMN
+JWEsjg4YbRVP6aqrU8sUpkXRyThJvtDA2dADGNVqUfD5k4UkP7XlNqEqmzXKZnXu
+S9pmo93kY7i0k6ebzzCurc5D3fg69TDcFREfXOow6Wo9VbP0PB+wo1FDrejQynAu
+4KaPN9KS5Cwv8SfH44T17VltAOuopHkZyLaFN30CyENyJksFvVGCi9UH9pLqQaaZ
+B1GU+twMzxG8uNwkhzy4Wen1D7PxfqiH35ruxQxRavodft2OXRCeq0Nemr9dnDGt
+wEymDDFVlYSdLgasWLosEQhnsgeUy5xdT06minlE9eOBuxA1Hx7tg5n0c+t3ulFT
+08nF7m0pxhCDpPF/RVEgoZp4eO2/4OUfNroGunAvNnL2zmKPMkZmREprfewa+q6z
+STCVLXjVmK97nZLjfZRPNFuqd17aSs9BMdGE6+eMCCXd612vAntzbKF5zzfQjlqU
+yHJ+c5h3VrYLxlgdBsZaMR6ymNk8KS4aKiZoSStplenXVO//N3+a95KOUGiqDVa6
+ZYVuQ4jxxmMFCK3wfvcR1PHE76eILoRH6TaOTKy044IY+/sE7+vDsDSBdEG4z7PH
+qQOPHsYzCmT/h7oK8fmRwk5Ka/xHO9Vl5phWbadMjFUY2aehN/WWqpgoWenOQafR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29.pem
deleted file mode 100644
index cb31959b73..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIC0DCCAjmgAwIBAgIBCjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA37aIkV7sYy0JnIQ6
-oLcZr4T5fsXvU6SzOxBfPrtNDpq884ix+hP3zDxAwCSO5mU0znQe9s5im5Mf9yKK
-0FIXOAHFwMb5M5mAZNwn7Tx0XYxDfBx94lsMvJdBDCddmTB5akZgQF5Iir+Y52y7
-yiWRJM+ZmowFfoi5rp/PgkSOJxsCAwEAAaOBpTCBojAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQUV6v4nCfI0vTmz2+qIAs1ZwSDJGsw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MCYGA1UdHgEB/wQcMBqgGDAWgRR0ZXN0Y2VydGlmaWNhdGVzLmdv
-djANBgkqhkiG9w0BAQUFAAOBgQBlTO2ECGQPZsbXzVHd/rGejurHrD9MHfTQYJCn
-pFjAPq3wSo4qFVopG5gl9s4rdpNU+XvoY5zO8MVxTnfFi5G+y2CWZTG0iIWQmC8b
-ReqDdpVeAV3ictgaDyoU1ApdemyOS2pHV0mgm7vPYCx+17EXzFBphUICViSFv45n
-cu1nCg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN and RFC822 nameConstraints EE Certificate Test29/[email protected]
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
------BEGIN CERTIFICATE-----
-MIIDCDCCAnGgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMzAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIG8MQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
-ZWUxMUQwQgYDVQQDEztJbnZhbGlkIEROIGFuZCBSRkM4MjIgbmFtZUNvbnN0cmFp
-bnRzIEVFIENlcnRpZmljYXRlIFRlc3QyOTEvMC0GCSqGSIb3DQEJARYgVGVzdDI5
-RUVAaW52YWxpZGNlcnRpZmljYXRlcy5nb3YwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBANFptsaiuqG58SeSbnVMTNr7XG3kbwY6wtsLkDomOXBGR/46vTeRu4CG
-CaubArviUAJ+JILIVs3bO02m4H6NUk6clLHjb1iou8cA0UR8XHkzJ1ZNmDZJiBJA
-CAqNmtpuolbgToov0SeuLYdDRTwLlkLpjykO6EMiAjI0bs0u769XAgMBAAGjazBp
-MB8GA1UdIwQYMBaAFFer+JwnyNL05s9vqiALNWcEgyRrMB0GA1UdDgQWBBR/JuUf
-MNbcNM7ktf6v5K72qnwyNzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
-hkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAHgiOAzfqxYOlP2ugGMXcXWDQai9
-VcfKXZM4zdBV3TmksgiLkZTyhj51RfoZOhQn8RB90lDZYdSqRGnGHuUZW6ejX+A2
-JXWuY3uhE2d2WwJIwYHItLSl+DVv2Jm0Wrv8BFY2PnKaDKJgLG3WM0bp2LKn2dzi
-FXK5SfJJE0q4WU2x
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:57:AB:F8:9C:27:C8:D2:F4:E6:CF:6F:AA:20:0B:35:67:04:83:24:6B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9a:01:ff:a2:5a:8d:4a:16:d9:8f:d1:7d:40:a2:bc:eb:6f:fc:
-        4d:58:3b:b2:03:77:79:60:99:5e:f7:f5:b0:39:62:10:15:8f:
-        67:ad:12:b7:a6:2c:ef:de:76:3b:90:26:79:b7:1b:7c:3c:25:
-        b7:bd:11:82:78:21:93:5b:11:66:15:e2:e3:d9:77:e6:a1:18:
-        6d:dc:46:88:f9:13:7f:28:5e:17:95:7b:a6:da:4a:00:c3:44:
-        8e:f4:00:50:a6:a0:52:86:90:cd:40:54:66:92:30:0a:64:0d:
-        09:19:17:64:41:33:08:5d:c3:11:b5:ab:d8:61:5e:a2:60:56:
-        a7:d5
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMxcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUV6v4nCfI0vTmz2+q
-IAs1ZwSDJGswCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAmgH/olqNShbZ
-j9F9QKK862/8TVg7sgN3eWCZXvf1sDliEBWPZ60St6Ys7952O5AmebcbfDwlt70R
-gnghk1sRZhXi49l35qEYbdxGiPkTfyheF5V7ptpKAMNEjvQAUKagUoaQzUBUZpIw
-CmQNCRkXZEEzCF3DEbWr2GFeomBWp9U=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29EE.pem
new file mode 100644
index 0000000000..90a2b0d652
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: D7 F1 F2 82 16 4C 9F 48 C4 47 62 0A 5F B4 7F 6C B0 9E 94 A6 
+    friendlyName: Invalid DN and RFC822 nameConstraints Test29 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Invalid DN and RFC822 nameConstraints EE Certificate Test29/[email protected]
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ez
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgcExCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTFEMEIGA1UEAxM7SW52YWxpZCBETiBhbmQgUkZDODIyIG5h
+bWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjkxLzAtBgkqhkiG9w0B
+CQEWIFRlc3QyOUVFQGludmFsaWRjZXJ0aWZpY2F0ZXMuZ292MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoHPUN2bg6yLDHBYTGVFhMWB7jFvgUuh1geM
+i3nK4E4UqszjE3nm6YRJDExcfBRCPuH4NoiF7aQtOXqAP90h6hY+6ikQ18WZDx07
+1FxSDTqwSgDpNS3UyheEDvTyD9d5GpcVasvuLmQ4ITibTT3GHaGcV6Tg7jwif3lY
+6GxNl73YoOzscwtYuzSNmVerlrUAoy+w5LhLjuwWxPzeoaUHayamLXipBwiaKLWL
+4WYr/S7rNHz92cHFzIHjF3bQuFLpP9r6El3MDfZbXmu6K5vj/LDGKcOj1gCHbIC5
+GZIW0tbPxuMfLh4CPZfsrpGw7Cw+fnTocUPTv1yasn46YzhA1wIDAQABo2swaTAf
+BgNVHSMEGDAWgBQnSeQE2UX6bJiUbPztDcMkUm1VRDAdBgNVHQ4EFgQUKqooRqSK
+ejekpkSf3GDoIwRd8JgwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZI
+AWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAIJzDlmebZhMjzkhP+mOudtaSDpex
+GaQjDFetxOQ84CcVDofcsMoxWqRv/DRBHd3YfY90nbRpxNVPx55/C8hjYugK+KIB
+tY8JfMZrLY+nb4Ol2IFdPIDBX129nKrpaudrRE7onKdCAmfneGQfZIA4Hy7PozB2
+I0AscYOZp+e4F/0YBo5iaO74fafllHCN5nj3WL5+hRcghhvTaOrmTea3D14OIl17
+wn1aIdclzOQoMu/SQUXuwflUDDbDHntudZBpr9TTtm0M+fuAYcJvsXdrT0PfoQSj
+BpV5kId6JE3tjhsIc0e+Hv27Hrifq2xQAIonuOgqlDLPqlTHeoAgofv43g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D7 F1 F2 82 16 4C 9F 48 C4 47 62 0A 5F B4 7F 6C B0 9E 94 A6 
+    friendlyName: Invalid DN and RFC822 nameConstraints Test29 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3D2649F13B51B3AB
+
+Ohs7+yDEVD1+Km2b7OswFMWhpy90ZHv69BL+zOULt5p9bpAMvG1kZwsIkdMqK/3N
+dT78GnLlgvLflgvVf8mCeJ0Vu7YG9wyD2hU058v7y5bELb2PZpP40y5QUDFI5gy9
+yoWfMy6/5DSpIP9uNgDNHRQ2DXo1hR7v/PSTSU21LvkwdaIsmSf2F/oOXD9UMbWm
+SnDmT6UuPqQaimgE4ejXrztGr5Bac1pPKj3t3iOnpVPTltN+A27bSKXgFUVJ3rxc
+DVUms/BzCwyxnnA2lT7IPidq0ZtZhX8075gFd7Fug5v6GRxd0OhBNC2TvO0Bt8m7
+K96BvurO7nveZqwtnL/zIRFVbnjAo2B6t5Y37uPzDtZcpB2sGhMcaZEA2aF4Pb6y
+ZiSY9BHm8AxoIiI5Wpo03vtPyAKvBXRP8xsEizmyPkf95ji57hB0zTsqx8SyiQLg
+HGigqleXR4aDMadnXlPUG6h7xcAimmSbxkIbdGNRf6pG8EcP8eE5Uk4gho1q+sji
+j6BZpu+7qy5UIlpLJIxoYEGA3+zMsUgzYokFyLfIf3Q9lNAwoSV72cpqkNHUKYH0
+IYk/kTk4Ej+Ypha/Ex2Yy0PJsJsaUQTlV0EC/GEkSyxu7nGItGfzIJoZPelC3PAU
+KwSzlKyJaR53QGN+kgd2K40XFxnpr0QPVJSGgQcq/rb1gPzoTxLOWC4bufVDvimW
+2VKVtlzcOPuSWM57psVWavi0XeIf1hAqtcWwbwXN6wYWkbtXIH32Arg5m9hYogKA
+ml1PIbgRyPK/2cK7y9DVW4UGZC14a0jUZ6JWZLA5sH+MtZ9TZ+lh5/0nEDPpxSKp
+HpO75Bs7aFywUwmGj3kxVZgmOBY97X+GpNnyye8RFaxQhXm6tQcGnYP8GnXnb2Ig
+YG5g4L+C3giVaUiYIVjGQY88kRC8u+ZwKFsnrkIzhtRmofuMwBhwJAZ5n0SIzUqh
+oDNPKWXWVTWV5cbssTdNAXiPwDh7om/htkf6rYn2HcWJssERFqD+WOWm61yKaa4N
+4CckPcH9G9gC/rVMAhBp/xmeH/KOHz72ygZYDgPskT35z4wpXy835OipyLJuDafg
+qtXtVPoXCzfdqjacQ0Y/yTXtGM+Ti9dri6Mbu8nSIa2RlVtf9GxAgv7lRbzRln14
+htlZpjrzdwnXV+kNbybqP525K+iKwjIwAwcqX8H+GMkkHRQOsyBDR5fRrnziC9yS
+Syl/5nkfiR2YR1qLpUK6/Nvs89vogX/o+rb+1ixw2ZevRG8rGLoY3OVaJ4HT6GWZ
+wN1Fpl3Iq7pxEpNvYkiVhf9QDRYLmZa0171LL2FWJGPQu3Z+d4JXg9PlWN2Gv7o1
+NIlF72ExRD5eRUjVKy1s7NxyxTK5McKm9OUNfn9VCW0nL7lj0X3iEz/SQRClAeSO
+YJheKoST8PKuyORHHI6PffbeShcgAl/N6Cj1RBb+87XlYAa8dSU3BpQ6jKJsgnXd
+/5PimVl9vbzWfxYu3oVMky8+GuDvY1njxuMBuam9ciQIfJVK9t026ZV4iamXxxxi
+bXyZYyVmO6BzIJ3toXCdNGCFdUoPlCOpzuudo2doNOomSEb64IDJ1Bu2kv4gmugX
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10.pem
deleted file mode 100644
index d79077aaba..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10.pem
+++ /dev/null
@@ -1,113 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN5 CA
------BEGIN CERTIFICATE-----
-MIICxzCCAjCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjCBmzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQL
-ExFwZXJtaXR0ZWRTdWJ0cmVlMTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMTE5
-MDcGA1UEAxMwSW52YWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNh
-dGUgVGVzdDEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4wtLGQI2aSdxL
-gklYOXIk2EqQgeDaSAj8Qxcobr8rZ0rgMBdG0A4ygWX+jdsMNqu18m+WGLs4W84P
-I3+0QpnI7DrNez1cOAzew7lPKnkDW9tnBqKQaGzafp/L9i/QwFxw7q0/OyJXLNqx
-96I70felgr/e9i6Yk/NzhfHNoKqL1QIDAQABo2swaTAfBgNVHSMEGDAWgBQSNZ+s
-wbmh4zr+8S+6d7IITk1Z7TAdBgNVHQ4EFgQUwaAOiJj2GtamtV9rZWhiH3jfonUw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
-9w0BAQUFAAOBgQAsM+4rszF68aQzKZtZ+iLup5xun1WT0hwwvbL4qbzJuLAcCNWj
-22+3xcVPnJ/ODouOh8JN6vzYFUIm4Zojsdm6VJQlcf8Avp09vAMUWLyo7ScyNJgi
-/BXluYQ6PfjP/XwskA4RlOGYZ33Ewmh1xaic85c78iFgRWe1UfjmPxvMQA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN5 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDRjCCAq+gAwIBAgIBQjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIERONSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxmMyGO18
-wxt7plFRZcGPd5GxKiCL+NJ+O/UB82qQ1+GhwlsBTSo86QNLh9KPIjs3rrARYIo0
-FqA86FPnpIiE/yWOfuQOeI3t6yvWf0XsXvcffhjW6n6sErOqhXX7voiJODZMseiM
-wQ2Md8CcE3j78i6crfbdO6xGp2xNX63VmkMCAwEAAaOCAUQwggFAMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQSNZ+swbmh4zr+8S+6
-d7IITk1Z7TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wgcMGA1UdHgEB/wSBuDCBtaBLMEmkRzBFMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBl
-cm1pdHRlZFN1YnRyZWUxoWYwZKRiMGAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExGTAX
-BgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTEwDQYJKoZIhvcNAQEFBQADgYEAp32j43pb
-BqBj+2V14kyvmo+pgQ9H/ag1zf7WG4ei+McEkF7yvHSC6nfXJA19r+q2fAnvIU4M
-TriscCGq9oE6qzd3VIQ5wx8eJp8v9SG62gxZe3n1A8gzG37TvTwBOeEgxOKBa/BS
-8MNUbMO2SJwuE2pi9fnMhCgx9JxUQvQLou0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN5 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:12:35:9F:AC:C1:B9:A1:E3:3A:FE:F1:2F:BA:77:B2:08:4E:4D:59:ED
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        74:3d:76:85:10:61:c5:e4:1e:19:16:23:27:99:ac:bf:2e:c9:
-        07:40:7b:fb:45:44:5d:c1:6e:d5:5a:e5:6d:35:d1:4e:9c:e1:
-        b7:21:0c:2a:7b:7f:27:ed:9f:f4:59:15:1c:67:1d:4b:8e:ca:
-        19:7c:a2:78:22:bf:28:67:31:5f:bf:f3:73:73:ed:c3:9c:fe:
-        2f:16:56:80:ea:ec:27:dd:7a:85:15:2c:e8:fd:c5:80:2d:ad:
-        36:ac:8f:39:5b:d9:79:ff:54:82:c6:61:37:e2:b6:07:46:8b:
-        df:2c:86:2b:69:ca:d1:c3:71:4f:3f:c7:e9:4c:c9:23:85:85:
-        19:9d
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjUgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFBI1n6zBuaHjOv7xL7p3sghOTVntMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAHQ9doUQYcXkHhkWIyeZrL8uyQdAe/tFRF3BbtVa5W010U6c4bchDCp7
-fyftn/RZFRxnHUuOyhl8ongivyhnMV+/83Nz7cOc/i8WVoDq7CfdeoUVLOj9xYAt
-rTasjzlb2Xn/VILGYTfitgdGi98shitpytHDcU8/x+lMySOFhRmd
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10EE.pem
new file mode 100644
index 0000000000..dc3b928db1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: A4 C4 39 FD 46 16 0B 83 D6 45 2A E7 E8 2A DC 7C FC 5D 92 26 
+    friendlyName: Invalid DN nameConstraints Test10 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN5 CA
+-----BEGIN CERTIFICATE-----
+MIID1jCCAr6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIERONSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGgMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExGTAXBgNVBAsTEGV4Y2x1ZGVk
+U3VidHJlZTExOTA3BgNVBAMTMEludmFsaWQgRE4gbmFtZUNvbnN0cmFpbnRzIEVF
+IENlcnRpZmljYXRlIFRlc3QxMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMtcOJE/RnaVHILDfZtHlUhM1+XAYb43ZVRpNwV5FSIRq9QuSR5liQ/UspVX
+Sf8+7TtcTN2jsJf8mpTsMFRg7bM7U9MYdtKkEMCuSZw23p7ViAdMXA8C1ZTrQP/a
+eqWRqjxcnywYAygYhxq3zJ+JPUzKJSOosgfd5bzhnteVXKUktQeOZkoJyi421/1b
+eXkMGK6EeMl7wQY0LofwaXVdjo07iv9T5c4CeHhTTctGqxEvpvkx5tf/eP7wEdvV
+5sQ9/FxcG+lzlnsi5G1ScvPoHrbWzSL18qnm7cVkTnl5qhKVWrGluFca9UDNgXEZ
+fMjrPn0KbHzma61GVkg9+W5SSRkCAwEAAaNrMGkwHwYDVR0jBBgwFoAUup8JypA5
+nE53Wuv7EJWs06dKXScwHQYDVR0OBBYEFPh89wp4MlOC1+WYAt+HqvvzZdLQMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
+AQELBQADggEBABeqoXPiGjUdCzGWnsb1grkUibPx8tfb31bfSFuo0iWoKA+RVecI
+xaepmZjcSRFdYN3lKRiPpmCXsBa8zN3vnQzAc53FGkxKmX/0FCUI/tKAKdeWN4Tj
+dahGQAjXBVWBUCaRlonqQ8xDzkWEGIuYS2/indcUZ3b4mp2QOD9tWMbglcRIpwoo
++Jp/VT0GjCncj/NOr5tnsImNUbZDSXUSQEatXsjQCK4kPqRhe56A7AWAXvS28L+2
+1BOYIyshE8G/2zYHwexSna4gvhrN23NbvLE0Jib+XzHekc2s2sss26qY7ZlkzMLq
+Ad88C6Kz0Va/w3kSxfmhF1fUrmYWgHkJ75w=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A4 C4 39 FD 46 16 0B 83 D6 45 2A E7 E8 2A DC 7C FC 5D 92 26 
+    friendlyName: Invalid DN nameConstraints Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,306CF9F2D3E6B1A6
+
+Zp9pcPFWANIirpQvHK1Oo/0T8DgG7mQeMIIuDWfKIv5pVvgFMchXizcEoqPCGtAA
+oH1UJhJCXbqO7Iwckv27OzpT8H6q9fQkQhd1sIYN++h0eOfwlC98Dc+Chq1sUFNx
+KzDU5qa51Io+K5m1KB+IDFmUmodpF2abmHC1EGF3DrR+a0GK/gZKEDiQ/80H0Uhq
+nyVj6Db3t8CQfFSvOoDFOQ4SnDOQ5Dd6yl55spw5LxO3fvFpXKtp8VMAmeAYMfKq
+2nJB0FhRNFNVDsnFmlHfAFrDZNCXWcCzE5s6uRirmnkNkwic6UZG1shPym/Ov6E7
+TxsMW5lLMPpHup2tCHcFl40LvH+6dIteDIvH/RW+/GU2RQMSqexoVjLKVeIRsCJN
+2YaSSYWXbu1r39ago1hxZpQpiAb/zSFX9WLnbwwkgF+LxXkRGhCDN9CF/+OaEvCR
+6zhuEChW8H24LCZ1Eiylv1jwL/tGaxgJgaW1WZx5+rgdtm1kDA3yljyPNzNQM5gq
+hQtvnCR8xvvl/oRpP1pfOJT01hw/CIGVMaAbuD4GkUbyq8qbACPoUV7VkAdyNYtC
+p+4cpsfibY3z2mG3Ln76zqCH8fFanAmKgvK8ywR0J7g6T9DWmIeqx2uexdoGNLag
+GWJkE7/Gl8149SN3Yl9foTf6+xnfHkgCZkLeYRaOU659pNrqsDjZ+/tXIaDh1de4
+YEs2F+LhKZB+U3+gh7vs1c/4+rViHcexFBagr8fSVnvFZyH968vb41al1tyPxXke
+I/MCqAvq84vA/WSE3jdpu1/1FdS8+hbiT5hGgClJJqYCFBXuQ5IeSQX75cNQgU4W
+BUkbiZqA/gMAjoT0Yr1C4dWgK6099WfEVqhlJTwRNGleDI6kQWTUnBUIo+ZU6u6C
+AXKllUPix9dlIKW+c2pOs+eAhM9oP4QXPP+63xFnVlTg7yuSzbZ8Xfnv66FKSq1c
+1HRbkIw1CO8A5r3u/ysK/iZdyA/EaBXSmgK0iy4Q3kMyYgqdbWrFyaxZIe4r0180
+dXE71fhUCiSIaF27KUPd/ZHQ+YDLec/ZW2nnA9DcLqAaMIEjLgszyt6DTqerS/YL
+zwv5fSZw9jlFQQPoiyuCRx1iXlVjeBDLwpH9iBBb1PZTbx544O+yYW/JtMwpBRg8
+d7zneCezW81dKMczmJvxhGEoGNIZ9FPAbfRbqWg2Il1Zz5mYyinUbso/UTYa1RUP
+tzkuZulPM6aPYEQbm+gMlFUqhZJ81VozDgj4k2XHIXiHApmMVXRyOvlEcCxOWJSh
+SksqVxwNjf+OlNZ0SwYDqdqxd/o3zovsSW0viH1dmorG+R9Yjil2HkZTxh9c8VOJ
+9EUWdlGmdV0YsiV2VkZ7Pl5x90mKZ8Jac5iZdPE1T8soQTlow/fGO3PCILun1Sym
+W5nR0amYd/xswerC63u5pd8XPGZZxcrLhZED9aipGSo51N2mwUFDcu2wI25VetDr
+DJdLglyIjWWIakrCEAYNcN8ekPDpxTJENPj1QoLMIb9T+n++TPiDAv+ourN4Cjfo
+FuwyMRdBEk9hRUo1oV2cdPO/oq6TTC0iEvYRjB7gCjoYXb4Va4y5W3PzVoYnmeu/
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12.pem
deleted file mode 100644
index 4b5c41460e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12.pem
+++ /dev/null
@@ -1,166 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test12
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1
------BEGIN CERTIFICATE-----
-MIICzDCCAjWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMTAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGAMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
-ZWUxMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0MTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK3EJPKm
-RDv1REuSTNdGYi/Gay9ESpl/z2BBw2n0WqiF9SLFNEuRfTZ7FQVNFQ0qhoP4V2xa
-YUeaSgmwZNcIdZg159xf8j2Qkc3uGAQoMGmRp4vbcj1Ev5yFXhvVLPnhp5eE8wKx
-u96ZMOfL8M/sxSRrI0zUKEUCMbzK2E0Mr/RBAgMBAAGjazBpMB8GA1UdIwQYMBaA
-FO65z9YvjsiFkwj+EBDuo1BY/kIwMB0GA1UdDgQWBBRlWUYl70WL4wPhhb56CsXD
-+SjqmzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
-CSqGSIb3DQEBBQUAA4GBAKnGr+IbKqqwN2t7AB4bae9QRHntR6fokA0gcPPMY7qA
-GxZGcA1fClTM+WZKr4AoCiDelOsxy45Pim+0bZUtzqtfhWKulkfgpS5cdPZmNj2r
-UkLeXnjjTjDm5s8YsQovhy20KPc4VoeYRMhkB5Wika28mXV2l0jFTG1VxcDZ2BxV
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIDHzCCAoigAwIBAgIBBTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtpBRaRDexKAJwtC+
-60QonOrQnFJ3VA/u5f6qj4iI30hKCIXL1aeAM5c2KmzL5gO3Vg7dZWw1f9gW2uaj
-mpHjfGmScQpaIFP7yNbI29PIlN0h8H2o4I6v7zDCteSnYy2qAkDkNLX6fbVENa7f
-eHcx8cvG7W1VNi0PKVQdVBz/PHkCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU7rnP1i+OyIWTCP4QEO6jUFj+QjAw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MHUGA1UdHgEB/wRrMGmgZzBlpGMwYTELMAkGA1UEBhMCVVMxGjAY
-BgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0
-cmVlMTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTIwDQYJKoZIhvcNAQEFBQAD
-gYEAm5m4xlbfmnv2vDQ/hGoNbPv96saVQ2NMhkH3JVSF5lGUWfamMIsH866TS9Jm
-BDWOWMPDF1kL5hLEiGLSWA8ki5s+29AwhYXt0jcwdIbGfGCwVX1w3KF5k1nYv8RR
-FhwwXNlM+EKqqLc1nWgaXnsE8fSRMesdyNjQaJdCqRAYFXI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:EE:B9:CF:D6:2F:8E:C8:85:93:08:FE:10:10:EE:A3:50:58:FE:42:30
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        31:75:7f:a7:8f:25:e4:4b:09:d0:29:6a:68:0c:3c:54:a8:42:
-        d4:f8:f7:6e:be:e5:b0:bb:f1:4a:e5:1d:e7:1d:b8:d6:98:ba:
-        3c:6f:23:4d:a0:8c:53:2a:5a:13:7e:4f:3c:1b:fc:16:c6:18:
-        54:05:e5:fe:b6:48:84:fb:c1:0b:7a:ea:bc:44:55:bf:4a:7a:
-        51:1a:e3:a6:d5:94:0f:37:3c:fa:4d:f8:51:ae:c6:74:de:06:
-        d8:41:69:92:8e:a2:a8:d9:6c:73:98:d1:63:5d:52:61:7d:90:
-        88:c2:0e:ee:ba:eb:74:c9:19:b8:c8:20:f3:09:a3:50:7f:10:
-        f9:e0
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMRcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU7rnP1i+OyIWTCP4Q
-EO6jUFj+QjAwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAMXV/p48l5EsJ
-0ClqaAw8VKhC1Pj3br7lsLvxSuUd5x241pi6PG8jTaCMUypaE35PPBv8FsYYVAXl
-/rZIhPvBC3rqvERVv0p6URrjptWUDzc8+k34Ua7GdN4G2EFpko6iqNlsc5jRY11S
-YX2QiMIO7rrrdMkZuMgg8wmjUH8Q+eA=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12EE.pem
new file mode 100644
index 0000000000..2905cbe756
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: E0 B4 95 9A 2A 9C 56 3B 18 FF 89 B7 70 82 97 38 1A 1E 3E 3F 
+    friendlyName: Invalid DN nameConstraints Test12 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ex
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgYUxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTE5MDcGA1UEAxMwSW52YWxpZCBETiBuYW1lQ29uc3RyYWlu
+dHMgRUUgQ2VydGlmaWNhdGUgVGVzdDEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAsaY3YvZQ0g7cMEm8Ci7BM6eT6NjOLozJ+1H72HTRBstqGwFfoQow
+3jyt9v5Ea1qcrsDbzaCtV2JJDEx5jmt3//MkuJLNpXJRic2AZzK5zBlV5PoxzjId
+TiB28gPJ9JASOO6tC142FjxfZzn1/Id4xcEf4WccFfJiQbNMUe9kuIIBfEVLfVco
+gfEB1Vo5WblyMPbUWwt+b8xY7wFF2NQpNb8Cg6ebTGqPy9OSOaraNZQ+mLQOVVDT
+NqfwAaEY3QoqObS/zoI+aDE/ebim7U6MvWzZU1NZkbWY1ngD0+pLZX9l8op4NjJV
+Z4SOoUvhdn5NRdcEqYcpCXMW2ETJnMj9jwIDAQABo2swaTAfBgNVHSMEGDAWgBTh
+OA4UGBRDXM7nS2LHGsGS9maC6jAdBgNVHQ4EFgQUhQ2EBOSyja4LSx4MxUG0kb2e
+/jkwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
+hkiG9w0BAQsFAAOCAQEAj32dGQGImnemdjlbIgsR+DypC8tThQ6wED4/9HUarJ34
+NJ7yHV3s3GhPyfjGr+WiGgqp6Yo1Prd/epDxbDvdBKfrTV0yDZI/yCYZtZ6WHc9J
+x/ThYTx2XyTKdZs6GrgOMviX+ZgpV8147nxK6DKZv5jk0WoshMh7nYh84JeehjQY
+UON3XZ5NoiQD57HCUSNGrc0M7pUOK1CQHZzDh9pJnqSbR1sHERVgD8U38bEUFfUv
+mweQov0WolmQJmcVuzPZioDeNlhv72gt4qg9gAZEgbQDSyKo72qbcEZ7EMVB4nFU
+QOcPMqU0aq6HXBcML7OcgGZQm0iqDJrCpVwlqsaWlA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E0 B4 95 9A 2A 9C 56 3B 18 FF 89 B7 70 82 97 38 1A 1E 3E 3F 
+    friendlyName: Invalid DN nameConstraints Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E3F57532B0E11C3A
+
+IhKIRIJX5AaatoF08s5ynXUb6FbIPL2Rbb0YcUFAw1pFgq87cvUAXWyyTkFna+H/
+bL395/7gnF7AdVAHYuRDhr38mgi5JPFkkB61s8j6Xts7RflSs87WV5lhDRV6d6z9
+/Ym13Ci9F9maC+ySb/ueTshw4htYQL8nK1wL7W8K+RKD3EHubHG4dd8fKkVWsA+C
+yrllIQKAxq03Biu0yjVqNweZXfLEer0nkh+3gh4xiS27EyuwOR875rdv+WXpHfdk
+bJWJVLCZ8KzwJumgQvHCWs7vXzjOtp9szlfshheA+VzngAw0wng03z9VqM60xtg0
+RfjgoTRkkGCgYTWDzrYIJ/pKYKIm+VmWlOXX4utPUtH2P3JQRJfjGVQiwlrQ4nP2
+m/aiLNGp4+wuaMg+fwDJGs1pZNZqy1EO3nuQSvVtwuZw1EcgAn0yn2XFoJWKxNZF
+rdSDpqV7zbmQMkRapqoRK89JG3wlaz+c5uCsHaAMBxmmxH10ZWz+uIIa69M3JCGj
+8pYA2KTI/e4Fic2sKrBMECzZvQf5AZvZIp9YbUR5PBzWLQ7FUDL2AAYtwBFi9QV6
+A9JAXFxH4Fe8Qop+zefRzcnl+8JPNNirkMx/GM+LsBhWyXUyRrC/PexSoL+S6L3J
+ub/zTPbIHUYUHn6Pt1yxQ1Xz0V0a28uaP/BVsDayC7dMcUJ9gYoJbTTNq0or18oy
+PyQ/Ws3vEYGYtmjvBJuXWdOi3vdhK+OGZ4qz/+/W2BKaVFoLD+x0rCZGrqTDR/Cd
+7yHlM6jAVlB27N3TiOLq+U7xHdTag5WQfhlAzJe3LpXzR3pngfw2+s5NYnEAf48k
+UIz5oonMVKGJ5s9XBIOOG9OXiooEfmRD4w+0YLiY2DEPaKAgU9VT+rdk3BZAdCtM
+4aeEe60YzTHU5xQJO/fe4BrEOGfyF5Lr9doWa0x7Bj1kZIUwuAX6Oa/egMqsReX9
+MxFb/fhRsl2x+O6LAcrWuS0ZagdUzpaKtqw77viXDO52fplUbRINyMtsjRHnZ5vP
+4e5z7NU/ER6IiFLLwXLATUPEmtozGUefL2wt9RzBH+UpZOohKWjc/eET5DvejBAU
+e+QepPEnLVVjqI1veeuo3gzdGMUczRwyPw7t6bhKaxf+fmR9xVxV1pjpX++QzMx6
+842Rd3eKMwPI9jdpSq5U21K/7NlNzQZKa9T6y1lBIgWY8F+ocdPU1Oi8x7X0Vhkr
+NP1kFG+D1kBMcd34gfQw+orvMACI++DgXWb8zQzwlTlPkQjmPTHjn0aeIZii1ZMt
+zTUGeojlP/9aaBrjhrhcAUdTvGBK5MS+TSxc2IAgDtM+XrmHxK/L5OJWhOLlfsvt
+OjOh4Bz8lRe4ybz7znywoGpISK9KtJsh47m+WON8XrIGRxlQDw4HlPi42XBbleqa
+FrQWaat16buFiG2OoJL6qKe2fqpuaT/zd4vQBEuBE0Be4zhBEoJZ1hJyFq157LBD
+9u6XAat3riRv6kzJ2G8RvFwGbTVoYtIOSIwzVdRtk2HHPaE6yp3cc/tpis1ig5cG
+xI5qksskLmPRC5FGvQ0i3K3t4YJrWQisrVwth4wSe/5YvfbNpD+QjA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13.pem
deleted file mode 100644
index f80308db49..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13.pem
+++ /dev/null
@@ -1,166 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test13
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
------BEGIN CERTIFICATE-----
-MIICzDCCAjWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMjAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGAMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
-ZWUxMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0MTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKzBUwkX
-ODmjiKuO7MZlzTSc4Re/YVclO6AWzJbjVn1RazUtEisXPWkpv08n2R5ufbWSSnp9
-Q2/iMhNutgXf1w1kQ3tCZ/T3bhIR1c6w/ouwi8ykUP/dQlCo91V9PBaGbA/ARORv
-R5mJqw113jWqok2Mr9xcMe393f7kLFt8yx5fAgMBAAGjazBpMB8GA1UdIwQYMBaA
-FNWvaygNna1IbAyCKv/SaAkvFG1XMB0GA1UdDgQWBBSCt3/nyCSzztm6BrD2K2Fl
-4aJOtjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
-CSqGSIb3DQEBBQUAA4GBAJaAuvc9jA52+D7MggYkPmix9SdKXbI3nEcYpIXuzwO2
-hAzPuV6wpHgf4Ol9x+zrbWQ2KVvJ7zXGEKOjbKZb7O7ynb0yqDv9nRbOWIEU4lwD
-Fzj8Pb3n9FnnF7awDloK1pMoqxOXeLWsk7RP+psMqVuAQgVxrYYBbTwQXqMCAmIi
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIDAzCCAmygAwIBAgIBBjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAteRgCqKcIeCHmYMc
-xyzmM+fCjW6MAEl+OFQ9Q7UJ1n9YE0TuaGiSxjTkrTXwDF2JoDwMtC6FoqnvEyEk
-kAxNlM0oiLhRxM9FcNCow3VK458jtPozrIgd/7PAP+FXsqPanD2DRYj4c1gNKSl4
-U/l6HyTj+yV6ax5EkPgQDLQlJksCAwEAAaOB2DCB1TAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU1a9rKA2drUhsDIIq/9JoCS8UbVcw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMCVVMxGjAY
-BgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0
-cmVlMjANBgkqhkiG9w0BAQUFAAOBgQANN5YtrqXFWfdpK19qY+rn50d/fYdLaOU5
-dSIAqmnB5woTCXdWF0LUADF4DkPfcWBxbE36lwBuGXBfiInH/5yLRy0Y9cZbtHSg
-QwTIf2a+38pR6QyBniftVBmBTuhO/PV+/kA8gKAZ6X4+vGMv69YjU9avYeS1o+XW
-liQdX8l7vg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D5:AF:6B:28:0D:9D:AD:48:6C:0C:82:2A:FF:D2:68:09:2F:14:6D:57
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        af:f5:73:47:0b:2b:ce:c1:5c:82:7a:07:ed:cd:ce:55:02:85:
-        34:07:7e:46:10:13:e0:94:7e:8c:27:9c:f5:52:89:55:5b:fc:
-        e9:08:32:b3:54:75:03:c0:ad:8a:b7:e3:fa:5e:73:10:90:5f:
-        26:ca:6e:1c:e2:68:e4:99:4c:06:38:3b:56:25:ce:82:a5:7a:
-        3f:0e:c5:a4:78:8b:19:d2:fc:a6:4f:f2:6d:d6:12:5f:69:03:
-        98:b8:00:c2:0d:4f:9e:47:fd:66:3e:ac:e4:fb:55:f3:4b:bf:
-        42:54:ce:46:a2:5c:fd:c4:5f:d8:61:5a:61:9b:a1:2c:af:0a:
-        a2:2e
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMhcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU1a9rKA2drUhsDIIq
-/9JoCS8UbVcwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAr/VzRwsrzsFc
-gnoH7c3OVQKFNAd+RhAT4JR+jCec9VKJVVv86Qgys1R1A8Ctirfj+l5zEJBfJspu
-HOJo5JlMBjg7ViXOgqV6Pw7FpHiLGdL8pk/ybdYSX2kDmLgAwg1Pnkf9Zj6s5PtV
-80u/QlTORqJc/cRf2GFaYZuhLK8Koi4=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13EE.pem
new file mode 100644
index 0000000000..a630148db1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 4A 1F 06 92 A4 FF A8 63 D9 EB E7 9D D9 DB B8 18 BF BA 17 DD 
+    friendlyName: Invalid DN nameConstraints Test13 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ey
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgYUxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTE5MDcGA1UEAxMwSW52YWxpZCBETiBuYW1lQ29uc3RyYWlu
+dHMgRUUgQ2VydGlmaWNhdGUgVGVzdDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuD/PFvZ4Qii7uYsJkBh3y1o8UCIOhlno/UJa9fVTjh3hwChhv4mR
+V2+1yfOib7xKN7694HOCyl/u13ZrsLG7rG/7FcQnZmEd43+1gpinF1Y9QNYv6Ilh
+/inHyGe4iLRveuNCzneUH5JcDtklbuaEhUZvVBch9BWEeD/Jp/th2q0ojbFzltMI
+3dG2a24zL4BGbNHBdD8PkbfKdE2N9CYC6f2Rd1c0TYdhZ8ZCW2WZ7zUiK70zUKAO
+Ng/Bs1VGhaB1DjWu3gbrC+d4z4Q77FN1h1ZPJP5ON/SC7Tf93TWHHXHfWT1lCot7
++abuzyuN6kCKjunaC5tRCaMXGTT5EMEt3QIDAQABo2swaTAfBgNVHSMEGDAWgBSi
+L1iDW0yVl7fu9oe0lw7gf+CXFTAdBgNVHQ4EFgQUwJd0yB0ypi+GIJqugHjmrt1C
+HB8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
+hkiG9w0BAQsFAAOCAQEAJv/hxkQtOORch6bfYubBEe1urCmntR2Fj73iIooxcewT
+5iC1EPgWR3IluR44YUoWulHhmRNeUqnAtfJYJu5HhYIt1NLXU5yODWJKJ+ZSIUsa
+WkFqdPAVp1GDRhDUP4shZC1Nur3gH0wXBQQ3pxsWjwPWNccxF9ZHR7gJxPRPPdE+
+FYGeeTyfzpOaDdiQ8Tgihhjh3CTk463nA5XaFWd/7MG+YjnbvGQWb/ag5TZh4yHo
+O0Qm5dWFzqyY/UUDV8D2YaDY9DFEk0rpJsfRTCg6fvq+PviGAY+D6uC4YMe3mVBz
++HYIIgOC1OOet4dCoXsgIiy/0nyx5lRU1LSWOCUCSw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4A 1F 06 92 A4 FF A8 63 D9 EB E7 9D D9 DB B8 18 BF BA 17 DD 
+    friendlyName: Invalid DN nameConstraints Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0EFE45D2311943BF
+
+t2sVjyqv8j4shfBShB9JGyHiR66fXfETyuBtShElRz9MZAEVETzBGUunQoY8nkcB
+VkntDIige6tpxLUM55A0JNqsd9wfaR16FtJyEa0yVjaaKHgLjKfp+Kjg/t6tXnmR
+V7RV6CpyVkyXaBnXFg35JC1KPl5SNJQM/RlYAPI1uigyFuEQdLdArA5L+eY4p+Xt
+m0xwkZDVFAkQDnjz/I1+d8HkXzNfwFZI/F/CkwCdkDaezKTxUix5h9DDmTcxa63+
+xWUF3jmXRw7UQP3WKAlAQQp0H8uWLfS3iEQSsq9L1vPFG99sXQG3QxRihDBilUKb
+Qj7JMst36B/xSRH8vHAU+VqellZaKHM2HB9p+wk9t76j2yS9HQqwW5InjM0KEabq
+Ik9dZg0TJ2lXJGHKWn0zUv1u+yCZZslES6n+7kFspDGhu4Z7tUnlBzWCM0xTyt+b
+PtE8cnudvqUzOgic2GOOyb8fZQ82IONasVHgkFSMt5swBcB9zp6vmNoi7U7POjxh
+h4HajSQiPRTUE1J5hePLVkAqC92PxsT/Nl8IJDuSOySojFGepuOddL2o1KbyYru/
+7UEnSJHliaEQPwiCCI4crMFx6Km4W7UagalhqF3g3aqjPS3TnID9gQKpv9SN67FQ
+9D3E98AEEV0G0SBLzSu6ZFD9cfDhg120FX5m7xwkLdFjy9P3n9M/sqTiV9GyewGa
+HO9tnJZ6fh6+PR+Yd+RYf6827KTCHbVs9Ure1g2SsAtzjjg84tnjpEm+aHQxGa12
+IGnWTdAFr2gNG+7nq4I0gaqPpbdTwpT108hrv/IO6JZnjolTl3fQ99QyiP8YPqXt
+kuAuJLf2wKM/KJzdq/UW/94s9G17FOkmxdnXKs5dh+wNivcpUtlWGPcEorCTU+mH
+I4Saic1oT1/zgH3ldvAlWjKc4ht4nxRJdnwAwssEZqu0beqUu+35IjeblkpATzAW
+6ec/DR3P/Cq5UwT1ZbEO9E0y/NzbDKb8TE4fTWe2G9PU6e1IQ3J70kCyMEcY9wJu
+UN9p8qEa8NZUL5b5fN4dOfg0MeeOIwGIu7H3j7OlBkdc15WEWUAnoKgg2m/E8mL/
+72JcmiWeWXvuwK0FVln2XhDdOSAn4S5xg02zftorRQSP4Mg8OMigG7goq0qZAX5F
+VOGJewlfsyq2vD4NRPxVhRw9AvECpox3hDW9xHaxiyf4VjDOZzAPgM2aYqnmxJ4o
+XxrAqlKu8mBf69eCd+WFdL+dzSht7x6s4FBZ87Bj+A0Yr8+X2G6+XMIY4xh/hrIN
+gtlNwVlqduguhFgBBN1mKAds/wQT4EiHoeP6ctveHI9c/FgRuT5NsVYQgum/cxIR
+MW9zMJxOySC77Q9OSMRP1TL2pBETBqVX+rI0Bhzoh4Aw+Eav9w6Be1zJN/8rW8Yx
+FLdRnKbXeUduW41E/MC4pnLMHWCriXjBzN4w3rAIHUz9Rb/rcBpicY9ELfGO4ynT
+nrTVGd/Pr/XOgartdpCBenRsnKAy3pOksHI6POpbEB4oNUspFIEPooJ9jH/xiDuV
+4UIBhmbDgt7yu+x2IJ4wwOhQHxRdFVaNaqHc57o0QLyePTBH+aQJDg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15.pem
deleted file mode 100644
index bc87ba867d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15.pem
+++ /dev/null
@@ -1,164 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test15
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
------BEGIN CERTIFICATE-----
-MIICrjCCAhegAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBETjMgc3ViQ0ExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-fzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYD
-VQQLExBleGNsdWRlZFN1YnRyZWUxMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVD
-b25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTUwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBALLQPz8+2Ja6+sIASgBJ/ylBL061WtWS7vJK/LRNLFf9MyYG
-VjXkjZyk9ZzlafhinCiXgrG77RGH8mVjuSwDNewt+DGGphh4dSnvg/MHRdi+NdSX
-hjVOzH76HO6U0iKSSQCvNPSlTJrPWQkZDfj6AGO+5Pmn5RXRX7vwRuKDSsAdAgMB
-AAGjazBpMB8GA1UdIwQYMBaAFK2SFB0uK9H4irG3IS5+jhlpPDR1MB0GA1UdDgQW
-BBSpk2fPoInUxlgPeiQDw8iOa8Xp6DAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBACfYnz7Xr82ytcccJe6v
-+1rv6v8SSi/dupn3lA8ZLFPQiM8Ep2kf5XkmrQCHk498pBRQJirzWX20QQSTv83B
-M9DG721LCvFZuFB17sf03DMGDXw4ISy3bs+3I87HwHyziC9OtryWACWfZ2lAGUpD
-V3U25s5CA62+qbg1jhc5LAKq
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIIC5jCCAk+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMT
-Gm5hbWVDb25zdHJhaW50cyBETjMgc3ViQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCmh9zeM9BeyKndgrRFYNxn7+qDC4AKVdFmpv1ciqlk3RwU04FCEhC9
-kN1hhqnghWi2XzHZ67kQD/azFMLQZU1b0JTg062pMox1ezyVsZCejrXUK8kMHEnW
-SNSHkU6KnrSC4aHU5jSV8T2uANRsR0wQ80iBfuq+XcyF3r8jVsbpqQIDAQABo4HX
-MIHUMB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBSt
-khQdLivR+IqxtyEufo4ZaTw0dTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wWAYDVR0eAQH/BE4wTKFKMEik
-RjBEMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAX
-BgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZIhvcNAQEFBQADgYEATe1pMNm0
-Ae3tuDLPpXrBaSog47WFgLklqGnB7xH9+4x4SGehRirWS/0TH839Rbb/rmp0XptG
-ECuOUS+tqrhiMPYmWxv65XMpPfwKHjxj9etcu/MgXytG7l1kFwuHP08zu43BEqRS
-JY0NuHpCTzI4Natc8cB3JTktdUOAF2P22c0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:92:14:1D:2E:2B:D1:F8:8A:B1:B7:21:2E:7E:8E:19:69:3C:34:75
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2e:dc:3c:fd:cc:c2:50:20:4a:d3:de:11:60:93:75:ef:28:af:
-        87:35:19:c7:47:5e:f2:c0:73:35:5c:47:4a:bd:54:84:f9:04:
-        30:4c:a1:32:27:85:14:cb:ca:72:9e:77:70:14:ac:20:72:a9:
-        d2:6f:50:b2:ae:b4:29:03:fe:00:c4:92:96:14:68:81:b3:d2:
-        dd:60:41:d5:ee:d5:66:db:b4:f0:d4:5f:a0:6c:93:d8:3e:e7:
-        a2:59:90:af:9f:05:22:b0:1e:f1:67:06:2b:85:eb:dc:a3:16:
-        13:ad:74:89:dd:db:2a:71:8d:a8:22:8e:2f:f8:ca:7b:15:f3:
-        cf:32
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBE
-TjMgc3ViQ0ExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBStkhQdLivR+IqxtyEufo4ZaTw0dTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQAu3Dz9zMJQIErT3hFgk3XvKK+HNRnHR17ywHM1XEdKvVSE+QQw
-TKEyJ4UUy8pynndwFKwgcqnSb1CyrrQpA/4AxJKWFGiBs9LdYEHV7tVm27Tw1F+g
-bJPYPueiWZCvnwUisB7xZwYrhevcoxYTrXSJ3dsqcY2oIo4v+Mp7FfPPMg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15EE.pem
new file mode 100644
index 0000000000..f0fe0166dd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 60 0A 20 9C 91 CF 51 0B 4C ED 5E 8F 9D 2F 1D 28 18 91 9E AE 
+    friendlyName: Invalid DN nameConstraints Test15 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test15
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA1
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIEROMyBzdWJDQTEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjCBhDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExGTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTExOTA3BgNVBAMTMEludmFs
+aWQgRE4gbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3QxNTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK4B4XI7DVIEJPX7gqGREXO6XSno
+4X9Z4RamnbW0YiB1VGZeK6xusEN/StHlO4bDt/KfrvqUXJvm9D1oJjPX2rE6By+t
+Mi5al/5fCGE9rUov73jyKb4eUSCy5aTHfyjuu5b/ts46WkYOKqGEwSBCQLPqGR4O
+YXK5/QSZPIJwuvVJXwEp5/4dv9Fg2WRwRab7EXQfYut7AbQcyb4FrMwGPpja84JW
+q5jCvM7EsdmWZXhRvoDrqUtap+aotmfhps67INDFvoL4waIKzrTX2gmjO5kU62VT
+78gJfCWE2boB0tUsGGZLyRdvJ8SPbd0eEKykBejqvHcXb51ea205H8xZarECAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUgLzHLveOGn/xOHv0Nevd6VjGPFAwHQYDVR0OBBYE
+FHfYNlCl24s86ePnQaSo5hQFK+GuMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAGqCCsaPWvIjVZbJd4Eh
+wY/G7O/cnYbUjVR4IRbj5Ce0lS2+nspJK3D6gqT+DCOxZF6LJQuGOJP6sQUX9OHR
+T2oAbrb02A0UqlrpA3s9DtbspM1/yWcHoU9hAP81zVcNq5VNrcdqdFMvmV2MwSiy
++Fvlc6K8QhHxnDaL6kSfdci+C27FWCahH5r2N/1l3Bpou8WhTtjsRqvAgzj2yHRd
+DgJhZKMjtieSQkSWQF4yvkUMH/AVnD5xOpSqceaiVFqUFfRSRhHKbtq/eCNZW0RY
+i1she5uNHI3aMZS7cajWOltPZ6GYCQ9ovLddg5foIcr6YMaH5u3BYAUCdvMwZeZw
+8Qw=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 60 0A 20 9C 91 CF 51 0B 4C ED 5E 8F 9D 2F 1D 28 18 91 9E AE 
+    friendlyName: Invalid DN nameConstraints Test15 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FC1B613AD21A2C7F
+
+Ebd82tkOQya0n0wh75My+7nzbmeoUtouc5grb4vdfB5fiU6VOE+W+tV6qJLOUBXr
+Bue1GRFfVMkOKhHdzfK6fKKoaVSOxMZJhM8uieJrFnfGPwMhl52el81y4A6lvN80
+VKwybkHXZZ43kyi2CwUN1Qrj/AsXSpwQ4pJntYt8ukqqp1NN52HUbNFraHP+/xrN
+qGinXGbcwYJCmBhwEyC9LvLWDP8svwJFBsRN2RCfZarlKNjNxqxiyJzej0C/1qp3
+0ATwsmMhGkLq8UBNeaJtzppKQJh/SEeLS0FpKybImxXJ4L5vKOkTsTeDH42SpQnq
+xQCBf+4S2ZMOtyyD6LYVeR4pkWycJIdDtlfKNdsNt0ynitlyLDPqGM3L1hShfqpE
+9O7TL5rNzccnejc4KzqiSISjAF3tM5nYTPbyfOlx44XS11K36OMnMewPQ2Yu1+os
+NGam/6TTM2wshx2zH2bgxq2gGKIEcNn9Tlab3bB2fxt5Gu0WJZ+LuMW0KtWEGLJy
+K1kWkUE7cnF/sqtsbz6sZd5ooyJyOuJfgI+Y3xNeqbAaBDddYUsuORrXbRzRNIrs
+PlwddJQzcZoQ9lyN2KsTUi44zv2oc1BNBWQtRDZqimgdFouybnnhcjAD7Nj3mNLG
+ewf1vFubZeQRIGFkgwBBMgjU5HST1BDNbOrMxZiwmvVF01k6sCDvRlxRVaSZepBA
+ewwenA4hoaYpcXkgooFDuLfRFzlrtkVsO/3mpLT9PYGrWbETfdkKbWhQ0dwi/Vo2
+7eptrrZNJy6oyLzNk7ptXf1M5DVXDCjqg0yH+dE1RrGH+ursq0q845j3iwhMX7sL
+xlJcj/Fi8kkKI2YrzsDNbB557JK3RuudID2WPu7EuUYgbSVckX8Jl8P2OhH+DrDi
+PBHkJvnxaWLs9tZA3edfS7uFGeTobNP2Lk5Xvc3ecf1vGsnnLsN3F4UgT7u2+cKP
+WQ1CO0fQcJd7V79NzDqf/q7fPn3XM4PlykhZIVQF6fZvGpo+BJKyqOGRuNz/0YSF
+D8mqyA3RJxxkiIuUi9hogA52kuuMd1Jb+rZWMJzpg9OB6/B1X8TVR9NGcSS7qxyl
+Fl8+Vu9MdDT1VTtrWrAV9WjdBHUfrZ7ZGeEMoe6ZZHz7V7H31mUZlNZ8TWrRlv4r
+e2ph1qYp2DPNpX2hFyp62q/2niSZ4o98Z6IcIxF3ARjP5NpEH/n4lyeegXhBfC+E
+BEc33I6FFiq/vLixq51DkE4Dl2ou4TOZzpdSive3WYU+KVCQSaOFQIMPFwjY0ObN
+5rk7in6sac7IxPgAr4wB1xdwiAwKisDs3okGAAXzhXmkiN48P1CGaznDKUqgViih
+xiA+3cxCn5xzviO+lpb6A7V8NEgIHeSqL8BeRTkx07a8smQEHZFi/wjIc9DNYd57
+xDtwbcdvXfoJmtTQGgkzIWdzXuy0Gy7f3FmDV83WBfsv9RN9Kpgy8wn9Wbj4Z5E6
+HaIwE1/hQkXQSft2EmUrnGH5zmHDNf6FS+HR2w0OauvIsfkZ5ULrj8iy4byTzVbi
+4YGMGQTdBSCuVV06seeFhQpdSkVIBSM2U4ks6o3hea9MRx2U1CeT8sYria7trvdJ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16.pem
deleted file mode 100644
index febf0898f0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16.pem
+++ /dev/null
@@ -1,164 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree2/CN=Invalid DN nameConstraints EE Certificate Test16
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
------BEGIN CERTIFICATE-----
-MIICrjCCAhegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBETjMgc3ViQ0ExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-fzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYD
-VQQLExBleGNsdWRlZFN1YnRyZWUyMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVD
-b25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTYwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAOHnVdpKkQqlze09wh5nIsO6XQJwHBHVdhdaB5eaMXveb0Vj
-yiVBMk4NTrzIJ/7lL9J/qc4WzXAr1u1AFed4shRiiOEMAT10BXPoDfS3FjPytZC5
-UWXRE49DyE8Ksc9hSa0IBwf77wKXBAIM/ygc8XXYwFLHWy0Nbq1C2mo5AFpFAgMB
-AAGjazBpMB8GA1UdIwQYMBaAFK2SFB0uK9H4irG3IS5+jhlpPDR1MB0GA1UdDgQW
-BBT3GktmXZE00780GNgXA/GoC2kWPzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAJtYdflHLEVQC1ar27ke
-RBKtpwSsi61XphZ/gDlrI7bo3wG41pjy5tvPv8xuIOsC5isYgU8dyjJw3CF5LRdF
-FweDdftBHwQ/zmwL1sWj0h01k2ggA4c0AHDqG1J9gPKRO42rdqcRUQ2wgq1rZSDu
-iaJY1seFNoxyls5MxFF26Gue
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIIC5jCCAk+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMT
-Gm5hbWVDb25zdHJhaW50cyBETjMgc3ViQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCmh9zeM9BeyKndgrRFYNxn7+qDC4AKVdFmpv1ciqlk3RwU04FCEhC9
-kN1hhqnghWi2XzHZ67kQD/azFMLQZU1b0JTg062pMox1ezyVsZCejrXUK8kMHEnW
-SNSHkU6KnrSC4aHU5jSV8T2uANRsR0wQ80iBfuq+XcyF3r8jVsbpqQIDAQABo4HX
-MIHUMB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBSt
-khQdLivR+IqxtyEufo4ZaTw0dTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wWAYDVR0eAQH/BE4wTKFKMEik
-RjBEMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAX
-BgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZIhvcNAQEFBQADgYEATe1pMNm0
-Ae3tuDLPpXrBaSog47WFgLklqGnB7xH9+4x4SGehRirWS/0TH839Rbb/rmp0XptG
-ECuOUS+tqrhiMPYmWxv65XMpPfwKHjxj9etcu/MgXytG7l1kFwuHP08zu43BEqRS
-JY0NuHpCTzI4Natc8cB3JTktdUOAF2P22c0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:92:14:1D:2E:2B:D1:F8:8A:B1:B7:21:2E:7E:8E:19:69:3C:34:75
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2e:dc:3c:fd:cc:c2:50:20:4a:d3:de:11:60:93:75:ef:28:af:
-        87:35:19:c7:47:5e:f2:c0:73:35:5c:47:4a:bd:54:84:f9:04:
-        30:4c:a1:32:27:85:14:cb:ca:72:9e:77:70:14:ac:20:72:a9:
-        d2:6f:50:b2:ae:b4:29:03:fe:00:c4:92:96:14:68:81:b3:d2:
-        dd:60:41:d5:ee:d5:66:db:b4:f0:d4:5f:a0:6c:93:d8:3e:e7:
-        a2:59:90:af:9f:05:22:b0:1e:f1:67:06:2b:85:eb:dc:a3:16:
-        13:ad:74:89:dd:db:2a:71:8d:a8:22:8e:2f:f8:ca:7b:15:f3:
-        cf:32
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBE
-TjMgc3ViQ0ExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBStkhQdLivR+IqxtyEufo4ZaTw0dTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQAu3Dz9zMJQIErT3hFgk3XvKK+HNRnHR17ywHM1XEdKvVSE+QQw
-TKEyJ4UUy8pynndwFKwgcqnSb1CyrrQpA/4AxJKWFGiBs9LdYEHV7tVm27Tw1F+g
-bJPYPueiWZCvnwUisB7xZwYrhevcoxYTrXSJ3dsqcY2oIo4v+Mp7FfPPMg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16EE.pem
new file mode 100644
index 0000000000..c316526811
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: AE 1E 1A 0A 94 59 91 60 A1 B2 34 57 3D 1B F4 FF 56 01 07 37 
+    friendlyName: Invalid DN nameConstraints Test16 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree2/CN=Invalid DN nameConstraints EE Certificate Test16
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA1
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIEROMyBzdWJDQTEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjCBhDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExGTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIxOTA3BgNVBAMTMEludmFs
+aWQgRE4gbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3QxNjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANZg8OxefrZytpf0OyjRrUzPyqCB
+BZveBF5ZuHB7qRZwF/Qq1v05U23mk3+7fz7oE6xGAgPvNKjktkfflGZI2hRdPNlN
+GGqlc2YwMWDwLTmtS0hyyT8Ui7AL0cwHJrDeau7litk6uFOBP6VE7FlUEnMU9ENm
+hHBOmYt/tjARDf+kzSle2+saArLbWqBPdMtLtRwD3vTS9Zr+DvccEn2Jx7YiSZDM
+tRJaPgoiv+15Voln0E2/XS2fDdog4olDCO5fZ51KNIokMmp+6r55yevXxWxUae2j
+ZBLFyfD7hS3NTGDBhCFEry2dbRZb/sXOlPSwKN+x+QwCWBRo63UArRoi348CAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUgLzHLveOGn/xOHv0Nevd6VjGPFAwHQYDVR0OBBYE
+FGC39OnVftLAciz19L+MYPKsjyXGMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAE7YpcJArWSxTC/zSZh/
+22a7N/+JOQysAJJ+wKuudXUeN//eiycICbpkUy+hVF9JtZ8Ryy07GyEXm/CMg/Ub
+PX1EEvIkH3nyAI6rw13hw2PywCzRabDXwaipbRU8A4dhTh3IAcuQoCcnO4gYVBk5
+2Z2Wl5v1jXsCzgEj9gUuZdwLeWqJ2NIQvrOIvauRDP11OcUs69lC7zjJLWgCQ9y3
+2UC8nFkkN85P7Mc4A90HcGPJuc1DnPCTvhY5JdXem9/snjVcpa7PTbusyZbrh0X0
+inB2hldbyOVTyX4mpUsUW1h2X3rOETdkBHZuLwWRwbyXc01ElGuGnfgihaX1w1i5
+BoM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AE 1E 1A 0A 94 59 91 60 A1 B2 34 57 3D 1B F4 FF 56 01 07 37 
+    friendlyName: Invalid DN nameConstraints Test16 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EF370C6F852FA1AF
+
+Q+F/GgVNCGwQOIJ1hUTYigCtf69Z66XJ4h79h2Tq3LzgC3OS55xpdLWgxqDXftbv
+gxZuben61n/Ui0vpQs5g870JJcYLJfic5DXAlRHsP+aXOyUssvJ4IV3UetqnGjF/
+0p2rC0jgjdIR+jdlXLjPU8JaegWMdd1/Mx67PW49CfWg+ZvnbIs0UB3ADwrjBrb4
+OKL9dkVXqg0+pPjXhOgD62GT8DUXtAH24o76E6gJLBaivXHnihxx36dVdmOYampv
+kVn9NHir0isprjjpY7Es8QLDXc16HvEyO2oUSRcE2x8tmblUyuTrm8+CFfYQ2Y8P
+0zfa8bwDdxr8L3/DTAgsam/ckjo6wdOhvkqvMiiErl8DdoLyAysCNRhhDROkr62V
+syFeJfzOP+5RvHDkMaHTt8QpsV/2yqW8LoIyxhnDHxh4+SrZDjxg/3sh0aNApWOl
+m/WVsBITcdX4w5XtnkqqOWVr3YH72aPy7RQ6MSYLHSh1q2vrYOrbigcFnwFWFag1
+ZlavGpxatKwADvpCslZqM7NtSQDF8onL0vDaZ/1hU7BsLamfSCmXhlzeLyqCKeLN
+XtC3fMog4Gy8qOYC/JEYAIptZMjjuocDfbGVhUrJVhXxqzBgUxxAtw4Pm1ZgNxTD
+0qS438itpk9U2ZT15YqTOidKclWOIYEtJx1BHIZXCbgXl+YToHH1WhSDlPrOEr8v
+6Ptbd6KgkZhlpkzEi5wFo5iWCtHSXPD3dcv36goD/eNU/FcjtuTSWUtQdrS6sBks
+m9luLlHosaVb8VImmbQpyzLyWBVWg5NnlO+DjWM7pmQbFRGsIuHc9eP8H4TJ+6ci
+P8AiV3GF0zQbYVBT4Uvkk3J8lGSsKYOFYkDIrxaLid66dWEjBvTO/McXTbs0EhqO
+iOLms7t+CH1Y0FWhL5fYOWj5GxjY+ZNPv9L1geVSPydGKw0nCtpASXyeC5RTJ0lC
+DOBEBL727nwXe847qxdt2IcKJPEHiTkyO2+wUxw52Ge/Wbb3iwF3uWJBDZwiMzdL
+3RGAYe1pCL/rh4nJ2abp7iLY5iaqqTlKebSV8KQf8jb0o/oNvNPP9Mpkcis3afIG
+ntlCE/lxCSSxG9VxMmRUZaYIiRP16c3yGCNaBi3DKXTNLXUZ7q+9USq0co5IgpkO
+f9eA+GZPYBkvfxXUgIN396nGpMOxlbkueDjK24oQmdYqynVRslmj0VxYGC53nrzw
+8EO5qdETufndMNCWWB1yy9xxxNjDI8DibSdC2nd/b/U4egRC6OJad7RwpOWy6Kdl
+dPQHosJBaLJLkpCjA8HXgnEcuk3PrdzjL7MiO67QxbW64ZRA1OD7ib8iS60/ijyi
+7kloHMH4WJlf956AKxTENts8dbKaXP5H45yxuc90H0LhZzenSOrgcFIIwGzGZtow
+yjFHY+5O/lXvXOgKSC3UnsdVXVqrw6pvKrnWioodr647xfUYw252KSD1D/xW54wc
+Mi337lAgoExNUJEzXilq/FVYksTvcnzCgIJarut6jqCuGPzTvVPWz6h6bgQv6A7T
+fyUTgdS3WCH5nBhGQ1k/CWySuIsDHuxrQVbYBpBl2u8xLEKxTgOx7q3IZly3FWj/
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17.pem
deleted file mode 100644
index 0c9aa3554b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17.pem
+++ /dev/null
@@ -1,163 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test17
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
------BEGIN CERTIFICATE-----
-MIICrjCCAhegAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBETjMgc3ViQ0EyMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-fzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYD
-VQQLExBleGNsdWRlZFN1YnRyZWUxMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVD
-b25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTcwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBANw5GunDquXK+XElcoKtGRzY1ESARSYhxi+qK4BM6L0rxSe5
-tXiajO4Eb379Qv2z7wkn224q4lkLiiry/gmRj27aTjhch3XF5C7E2hIeHz5qGtcu
-uY6vyT4DxweIYibYubyBZC/MCk2YuLtsLiSd5QuyXXmQYZzeyu2SpRax/nXHAgMB
-AAGjazBpMB8GA1UdIwQYMBaAFAtIvihxakgkCjziStQFKuLXHjXvMB0GA1UdDgQW
-BBRFrHYfuo8284F89Fc//hnutkf4KTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAEPuGBhTmRXtD/1JNHgo
-Jj8yfLsXQzG8AENHe1KZs7Kpj45M3p4u0TGUJI2S3MXh3IY8gEf33t9eQbJIY0s4
-AiUXe1G/CjtDeo5ZkfTpZHRd654czJ9oLQ3c2vczwYEeaeLxQXqEFS0xewIz5udq
-AUVVqV79i9BB/BOmAx9qBkiH
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIICyzCCAjSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMT
-Gm5hbWVDb25zdHJhaW50cyBETjMgc3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDCH3OWCAvPFZXpNTKMN3DoOML+FK32+icT19l0MQXIXBqoJyw8qF2z
-xcl4ahdLxfSFpf8OF3ttKbzN5fk2/Dxue6beAMs0L1r4VUilJaUhOmTMrlYXB6UI
-QX2nzlu6lZbNrI0VFt8qM2C9CdbG+2ZQuJQQO0BtHXWJC9el4t68/QIDAQABo4G8
-MIG5MB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBQL
-SL4ocWpIJAo84krUBSri1x417zAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wPQYDVR0eAQH/BDMwMaAvMC2k
-KzApMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMwDQYJ
-KoZIhvcNAQEFBQADgYEAV7W8Yarxgw2gPgl0gz1Vz7IdH6ZbzLBpsB0W+gyPTd+R
-toE/N42Efda3DIG5BoxqTj00uc9j2GF5LqBgKaEieenzkv5E6qbTrZ0F/FdX1c17
-DBpRvkchpd4FACNL+FhSq824LEKdBDOx669LmsH664nk6NSPtv04LjUxa+822aw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0B:48:BE:28:71:6A:48:24:0A:3C:E2:4A:D4:05:2A:E2:D7:1E:35:EF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c0:0c:a7:28:80:0d:2c:71:66:4d:67:82:ec:c7:30:4f:48:29:
-        fe:d4:20:82:f2:5c:e6:ef:24:8b:9f:f2:b8:c5:3b:e0:86:53:
-        f4:b5:fc:67:db:b2:1d:45:77:8a:78:47:eb:63:bb:43:b8:14:
-        c0:05:ff:ca:7b:d5:1f:fa:df:e7:7a:a5:39:e7:00:ed:4a:d9:
-        6d:fd:d1:78:a1:44:f0:71:f4:89:4c:52:d5:ef:99:5c:59:eb:
-        80:c4:5d:ed:48:2b:5a:55:0b:d1:df:4a:a5:49:69:f1:67:a2:
-        aa:ce:9d:99:9b:74:0f:ec:da:60:d9:3e:14:45:a3:6c:5b:47:
-        fa:d0
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBE
-TjMgc3ViQ0EyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBQLSL4ocWpIJAo84krUBSri1x417zAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQDADKcogA0scWZNZ4LsxzBPSCn+1CCC8lzm7ySLn/K4xTvghlP0
-tfxn27IdRXeKeEfrY7tDuBTABf/Ke9Uf+t/neqU55wDtStlt/dF4oUTwcfSJTFLV
-75lcWeuAxF3tSCtaVQvR30qlSWnxZ6Kqzp2Zm3QP7Npg2T4URaNsW0f60A==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17EE.pem
new file mode 100644
index 0000000000..7cf51db10e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 0A F8 83 93 BF 5D 4F FC 86 5C 8F 47 1B 63 B2 D7 BC F4 A3 A2 
+    friendlyName: Invalid DN nameConstraints Test17 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test17
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIEROMyBzdWJDQTIwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjCBhDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExGTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTExOTA3BgNVBAMTMEludmFs
+aWQgRE4gbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3QxNzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMP9rpCat1D5Io1BWYqPNBT3HkkQ
++k2vKuqHt9zXif0WRtnmGzqUvpy5crHBlToyawqJQAMVPMt5W/gTJrzzV+Bf79+X
+yetrlM3qs5n5eNfIU5D897S1AEfPIkRdjR9kdL1xZYkDZrEBmFHgsRS9TDK+01rt
+aJ2qOKscJI1z1ngZUZscSLwCwznvw44W5AP6WLxX+g0ERBsNRjakWQS6JlWgGvn5
+oq5PYqnrIh7TgtGgjL9jVX+xbz8lg/f5iLwbfTw6SxGMZV+89jrMPHjW+58NMUDy
+2kn5W7B6eUqUOA2Eb+oYKWLujNqYeaoUZa5TUBo2iUV9WnJ4ndiMHwzveOUCAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUzATtaigdft5k6gCIKux1Eb+lLmcwHQYDVR0OBBYE
+FBFLTj7lB0xsW4f9PPb1I2VfHkVqMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBADjr4s6VekQmcVVddOQH
+8wbIQNXHEQINEtlqUQqaCE+wlszME24sKPs3qMNEuVyQVFvwZdpnPXF7/oSxAyMw
+yO/hzSGcJmBEd1VvlabY0IJ/PAy5vq5XuQk0sWbWRAOF4bcgAdn8gH0vCX+6+ajC
+o7znSglF/G0vsEkaqPhaUk7Ookee59hpHSKOOqhp/f82/BFjrF6lo+AJcRKqj3rx
+aMckYizxJ4+pLPEtG7shS5KKZsz8PW6DHDhJpNe733gSKU4wx/Lf9BNBRdlKmnqo
+EmIG/lzkZWwd4kh3/CGOko7qTLcLQy3ARHRQg6z+8qhmtTySJriamAHL/3nIFKCx
+z84=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0A F8 83 93 BF 5D 4F FC 86 5C 8F 47 1B 63 B2 D7 BC F4 A3 A2 
+    friendlyName: Invalid DN nameConstraints Test17 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,076EA454D8F48AD9
+
+znVgT6cIGCKODD69NLk8D1gEFWz5Z73ySLjV0FgXUrhyxphSEAeEcg0VI9bP7qzJ
+LBTpalVSXEaydZM6cHxjD68IYb3C6hnX4D0DHshzq425oK/BUTh8623SLxDTFLA3
+pt8iX21ubhngnFRNseZAZgZLp9xdH63mlW/DwAn0PGgks4mhdjHcJUmkKqsVUavZ
+GSoAjyC/xi1TEE/sasofRr5BvoO3xbn2NnzgO5hPPbZFgZzJ7KCHl/QHm0NH9LBl
+Vmmb0es8oAqL+z3NfcdAJJE7Czz2ItXfl/iZX9bmOv+u+RWPZlHI1PwTnaCCebcS
+Ks+n+9J1CaS1pu1ztvOSJXD5C2zOCpcWTwjTnsLs9y8Vc+MBls5PDWLA4qx9tiqR
+dF3rZBBN+xSWZt0ahbHLkI/F1jMBZtA8OOc0eKs3+kmadSUr/koGvyN51jydWBJx
+VRsku6Frhj6/RSfOEi2nB1wg6D7lryg29+x5/UCj1vZeT31r3J9k6UIZvd0c2D77
+rh9OiIwO2bNb3enSiEd2KfRPCHKK5LuEwq9sECZRYjCYksRt0vmFRflGbR22nvAV
+bBEwxxcGxC+T+XWgDJiIoWq2d/C77PiSAQTVaSE5WHEMFJ0MtxEvw5mAv2g74lIP
+cj/hD0tC27mB94xaLIfcHlQT6CtCHwYSB/7zlVdMBHJbwyjTIAvqIFYwhvLweCGC
+Q0aUKqXwBVaVvZypZkGKnjsUukLeX0ISLkrmMv0r156nTmh2pyY2AaSDJi3jcjbd
+UAnE1wHbuELkOTsyznDgxMiOFGlySEyyzGWSimzrmvCnecQOi8nV0YnfG7S+ITpb
+FBVY9tfP1ExOJT0TJURihJpWmXNKmd1LiJZTa+eXZVaqNKz3pgb81tPFcXZue9rA
+vtyG/fG67CFoJsPorFEO2r5PwbIgxl+S55/oTyc1DUDGF8jGa5CCj7V8OnPH2/fr
+eJ4x4pk/bsjzWIZg5cFHmQEFZZZTjVnsf5uiVGCxKgOImd4maWXZFv2nsG4RXUNf
+IwgJcNXeDxgEUA3RDFyljIRC/qtedSo+dRiPJ2O2yjsnjwg/o56MzjB8EkBIUrH6
+AD6CmUxweF90v1XShplFKa8/Z9suBTmXAvuwZPXLbES4PpLwXANxDGCSbLNaWfyl
+P5Vs9AmwuMbI0QBKjiWrxw4mijFy2Oim5JX8GP9HIYhtFIvYy7JcbBBsI6EZgyCi
+ZVAjdyHg/ECwrPBsRRIRckjYfCCJ02ZiIxYQNec/AMlvJUo6MeKl7Hl7cjyAANDQ
+GXZxilURtg+ITxh+8NtjIrtQDIjxKdyTNq99Bk5UuN0bAu5AklnA8asConrhp+su
+4VcFnYMnlrhwNra6BWna+Mlw79+DF484nMbaIcuDg0vPuzYCVwgJvdV6JOWWXM4b
+nb4cIr2oY6VD+he3ZkFYTArPS0A+aZ0eZphwJJdPy2T1B4Ed5bicBRIq1eEN5JEI
+L+eUyW9HdSf8lso6eMRZ7MWPO7L0KNfXf9yPMwMoATgrOoX/3H3ktIguKQWNiAuT
+ekMbzY4kgpm50T7wsBPBw7K4+1HLIdW0xxj/pGKKXstvNiEigu3BTtUqLSO5ZGGm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2.pem
deleted file mode 100644
index 04a7eb62a5..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsT
-EGV4Y2x1ZGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0
-cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCbvVmVPGFgKGPBqkMhQ8HfwsS10dQ7ark92qOnKM0cmOtqxp7Y+5xK
-fVwtP4znhPQr3rGzj2x81FCIghi3hwSRBg2O6DhpFdTAXAwHnM0QkUb29QTNqRfW
-E4jOPciTY/BonXFJXf+VM61ntdAT4aoVshmiy64p2SBUhRYA/QrYuQIDAQABo2sw
-aTAfBgNVHSMEGDAWgBROLqPn2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU3rps
-AkOOTOy07L8tC4ckaa3lRqMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCOtc7hRrlpfYG3VtjPhElE0x7R
-VEiASfooTBrkKHNkajTVNgolaJq1+1UqMpIFCe0KBUL+k9YQgsjDbr3m/oL7ml3x
-9iNWxEjBOH8YRaPvArpcb6HMvMVTdbInB7T/ogFDs2bdUBWt4H2KJLoogGJjLBX/
-NkpGvXdFmxasmv0wkw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest20EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest20EE.pem
new file mode 100644
index 0000000000..3635391d3a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest20EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 3B 85 87 B8 28 20 E2 20 BE E0 2F 14 5E 60 AD D7 A5 CC DA A3 
+    friendlyName: Invalid DN nameConstraints Test20 EE
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBCTANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+ME8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MR8wHQYDVQQDExZuYW1lQ29uc3RyYWludHMgRE4xIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA1ExvqY+GA/Rkxpv9Ks8KcNqtdknXm5idOg9XrvIe
+d8xy9vkyIs8iZbBgoOI9JI2mhabIchnw9ALe+XFtKL64UEWS2dTH8EqhLgkoIfBB
+B8kHZhNaiUxf6kjvOx+/H4TWeTws9iawctciW2FwmmP4G4bZlBP10tZFAspJj/fu
+UWJ4rZn4jks7qHNpUOpZw4z8Q8Xf7cKLLSloCIDIJtyUxpM2bT/fC5w2Q6Z3MmKQ
+BMi38zWscyG7z7zy6ceYyRBlG5xRsgCYUsj5sWVvtHn3uDpJ6XAW27Im3YxqnRuA
+R7fO/i4pNX2RZpkFuJhQ+CveyXXvj0loAbcyDAX8OcbnHQIDAQABo2swaTAfBgNV
+HSMEGDAWgBRBeEJGzU6ogufhOd/3qRbACvzvhjAdBgNVHQ4EFgQUWEq64IDyyEM8
+lrIC90qylY3WwjMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwATANBgkqhkiG9w0BAQsFAAOCAQEASvXlo2YzLidKbhlVkkfFsdclc0NAn1yT
+YgVEgLpFixmVilXQqH4lX1cZ/wkFljd90H7VUQacMnqfacLOyJyHLBhxA1kBv+bG
+bERpTDveXwmBgNxs2uMinO+EbCEZbWdSrALyUyLrJUaiqVln/m9gtA3tnLJ6/9lS
+uHcZ8uYHjZC05SQOgCp2GI6yo/nS0Pm4D9Z6Ljh676Zoc+Xqe8mbOPUdCNfnv/xS
+6jIIN7HtRNLUWlrq0RfT7T2oOls0lVX6vE6tunEwh5Nqw+aHLFcQNRJw8nqeoJ3o
++1t4936HAgpU6H9+qejS3qXKnGSalhyEZF4B7YIjMw+QgMq1iy3FDQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3B 85 87 B8 28 20 E2 20 BE E0 2F 14 5E 60 AD D7 A5 CC DA A3 
+    friendlyName: Invalid DN nameConstraints Test20 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3BAB1EB257C75977
+
+RJHzKgebVBCq5Ke0uIHW19JC7LSCkTYhTIdLpy9yRhD3dFndup70fBmZrWu6Sgsw
+FNU22CTI1L4JfftRwry0/xsM48FGHdW9Jo8D++OOeC1Rkzplw/SC7gPpDpE0YP/f
+iedr244vRtUemUI2Zqqh2Np/lzrIl8GWraoRKsCGbGzWe7axPtnrlMaP+/YR3m2D
+cOVmDl3iYwwkMYgDZrO7lHop6fdfCRnU32Aws3ooio/eR2/GUbYJVmkxP9p4Z1Uk
+t6SaBau1R/YnEKYAxJCbiUhStiSonBgvrMkZ7uMGdsMTkGUqAmHgtzsKWq8EKJct
+viHL5AZ2+tGB+feO4HGnT7ANEO5V9+ygYpfvbolGSpB2Ym4E8I1e7henuQtOSTu+
+dmib/dKHovXFtB5AVy3kdeP2cw74/bLScuads1oMR4GKn3VaNzyFbdY4JkQJiK6Z
+rfKYdJkna6Go6bSVHAb7nwvDLcyrFc+5mR6bEz8j25gq/RWm2N22dqRG8bBo85iM
+53KAhOYrYwd5AivXjGtZ2gkHAbZ6ilublmd5/7lNsFQbUatHMa0w7Db/8cFADDfC
+wB42czsmHFBE68jqV4AUvIWssDCPXiGyGsZbpRwxDPkZLg3iXS04LmB03m0+f+L2
+D0DxtBiVuczD4jhnfCYokjL41PWGT1gNaovyd3JcXNUjOit6m8ndZ3hih1B51i67
+gLXxjaj80ZFbNljAUXo58GFinvYM5PlRKTOGN96PZflivJQuy6RK8UY30O40Ir4k
+9RX7MFkaIKDnoprm3hv8KPaAP6QFXuCUNwG0XMdEX2Q5I0LKi+Gu2ADfMnEq9Ka1
+rQSzFt+Wq0AWrisUy48kgAlQeBYkfzE0t6njTO4gJJPnMwSptBhPnFhVHH9mF/Fw
+PQl5kn0sHi9sNucvQ0Oc7k1QuhbZPM2oK6YngEEBC10t5Bu/9mDZnBOqNQIJbUxL
+D8pBk5XiPNal5MQkeTCFqya0vJTXZNIcvsgZTKDEfmx1o+rblG2YSRZ+nKux4nGf
+iPAPYRjymw8+YyAnpbPRcI6pzF+aKY1C20gs2AqWC5dgQkOlcKY+8kFqeXp3Rh7t
+S2uz6p/uCupugKKd+q5DrGsNQB9eO0D5vdZ4Aw4rnLK67MEbJgIaneXzl34xoQ76
+5Lf9ws7jLo0jvhq7HztTyKTvHUJXG+8aOb6Zg/S1LK2LtlGly+h81FECtNmXR7LL
+t0F84jkQeMrIcEtmg0QYoJ4fTAvukwhdeRfggYgEO3EXl+CIDWMSXVcn0++/SFCO
+QXufLmU2ISwZGc53oRvC/eiDQmT46AygqJCV5fMoDwa5o7X4uYXh9+H9Ayxa9Zmu
+VT/59nvNhU5oNI1owaLgsDAywLm6l0vaRbQQVpHYxwH8D49uXXJu3Ad+cz1NcSlr
+/L3qrGJ+42FNaMrT8NfrC9MjjAOgGA/yHAs3C9KdJq3SVB9Ff9r7lFujJGHVIItd
+sO5nhzgGXwjDL5E/3CTuqm2eTiLm0xxeXX5aK2KwQ7dR7NXcriQgNSQv09jgWlqa
+KAopv//ImlmYGdOrb2UN6+ICTti1hhf6iXEJmAI9YLwEBvuqT66VPw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2EE.pem
new file mode 100644
index 0000000000..60e47e3724
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: DB 51 E4 D1 79 AE CD 38 A2 4C 2A CC 70 48 05 19 03 13 80 04 
+    friendlyName: Invalid DN nameConstraints Test2 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGDMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMTE4MDYGA1UEAxMvSW52YWxpZCBE
+TiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEhHHtIQeSm0sk2SFRU1s6R4tZgm0tafsm
+dRRDgwig7Ne2fUawQFelK+hr+kMzQJMCb+ogMkzZfPtgOjDnhH7Z2964MaZPHzpf
+JlxY4aM6A91wZ4WopRp24jyeMmKlH/CO19LqjOc+UBuhtGUHKk4ZFdPac3PMXIXj
+x9ogd57ttbYdjIk9Ix+X+o/tPnrL1Lp4RSjhkPs4VnsOkm90rgxEwNZTyCTgNVkc
+qhJE/0eXgBIV7ZXc59uS1TDVImybZa8NY79ClvJ0Lhl6mvtPnoUvOgOZh+SQu0nh
+OOuy8hzmhqNLqTYkTDzjtVzOHW4wKZ1qfwVjcmXq0fCR7uyHdup7AgMBAAGjazBp
+MB8GA1UdIwQYMBaAFEF4QkbNTqiC5+E53/epFsAK/O+GMB0GA1UdDgQWBBT8c/+k
+4lqB9ybLskI79g0ctafZ1TAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBW6ljxbVxaa654QlFBrLWa3bDc
+FfC1lnbmE0Ya1pzkcIbsD+ayZ0JcKcuLPUjWp36m7BpuIrmEpndmc1O0cEQyqveH
+R9vfSDxd3/R6jVMQbFfa10HVNDmlKrjYyIq+FQla0qv3qn3W2icJWRds031t92+6
+gb+fLBd3YMXEtEH7+VCQNyfVZo+9F2xoUTxKWSr52jsxsMaIdRXjZUIZBI8pZI21
+QcYSdNPk4TxvHgbQijY8+n9y8qV0aPUckZOjo00KczVPtytT9v5tzvNk3JubXJ9W
+hh+9WSe9uJT92xu6e3aAt1WVhCx0XIdg49GK0hFQs50dTT1mLAoi6aGEd8+R
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DB 51 E4 D1 79 AE CD 38 A2 4C 2A CC 70 48 05 19 03 13 80 04 
+    friendlyName: Invalid DN nameConstraints Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3A5D187640629E66
+
+R+I5lkrhsMjEbdFbvxmcljp5A0rL8EcZXNyXp1qZtrvNK2wLbKwGuYJfVhLnsKMJ
+y5Iloj/U8UHGe5GhUbxdE3iCmUu3UXheHTyU+IGWQvnH2F6KZm8dopYWMAqZAJfj
+PHJyz8Clv4c03i681QCQ7LBHSa7voWOEHp/9oeheeZFWeGrIR/sUJ9cfSxIBeeDR
+fkNwDsEzWmGtMhT+LAN5A/cA031ILesY3mdDY+ILePSAy5/+x1dcuU8vbebjgvSk
+qx2iXR++ygK6or8UWYP3Cf+xyAloCm5eKmLwQUMZ+IwrR66pXPdCEKEbrMw5p9Qx
+ZrCctSzIH1Aw+Gmy8gTSUCNdx85vRCa8Tn7joj2BK53YzMGtKGzA8BzsV8L3erKY
+oRT3fji5cT4dJRTvxROWU1GOwW/r2lYOYggg+uNjEo6OwWydX06X29rC3fymnkuL
+hsVNOPxDc2ie6rcDyGqHjDpmiYOEppQd23utZKIHQyPhag6rTC3V7AgPCjL92c19
+BT15n6Wa8VXXos6PBIQHWZb4dUj1B9XwTQtLoZZv/RVnUjEMo+NNCpUwvK+5ke0V
+9/xtiFNnKedcbaMVNku9XlmSaKjX+fsmT+wulA65Osc+ZEobJ/EXC4AVChRsMl9v
+ujiG1z+Vo/UKEmIf4/8PXVZMFSLNLEaUAO9wiJeDpeGAvfAT3ScIH70nTyR4q3qf
+4DRXq404NTy8AzCy36PufW944a5+3FP+q3afLuuzWVvytQun6byFZOE6fo7zcOn3
+mEnbG42n9f+3SyS1ND8yVwAR0VoqRcmk5QtacUE1tPrX5pvVyphIZaKsadmf9fsC
+X+TJ1jgkGDCY0RxGhR9uGiPNYPjNBg48o7/w1LSYiOQ6LHwf3PBYHe56E2MSOOeh
+bvpu7eN35J8uwswfXOZxefmEQ3COUGAZnMcHn/q46cyLpEqlf1s7tPyAjIAV2yvi
+9ETgUD+KCpcQSn5qednbVPStEgljRTTM4pR+PFNhNGNgqntuY8HMWzHFjsO2uafF
+0mhn8ytDbziAc6IvNo7xbkTOzjY+CcuirfN7FsRcyxs0qvwQTWcB4yj+c7Wg0W7S
+O8qZ0siZajvOXAgMNHNnYZFG7YiVl/IwMXWTQD2pk6Ff2PEw6pD1c+w4hPO51z5W
+7kUXuwb1tlcmSeYz1PDu1ozcbhJOpSuECq5E1ezX4HrNIbpysTrVlzx3cnSVyhhW
+0AJ7dvVH0NuRBSLhfKlr45K5uVTW/Y1zX5GPte6fauqj2JFvG9NNOeUYoK78HBk+
+dvrrrKpoLHsCiRPL5OJPRRb510+b6lZK7YLW5uIF0PvH3duS5v2m54jcB9HUBr4+
+z8Z2czuSirHRjH7gXp4OTfURUkCI9HMRz1neYw9G+SxwhJWOYoD8iOzEuqmAbLOE
++ErjtU9vz7So8VsvhDSmZy5cyY+pmg1HGAqZvUllR8ZEFPMXk5c53I7NEoHURO1k
+KQAPj3uIv8ONuReC/2/HLH/0qtaLmVdJNuRVqI9fX1X30Z2RmcvKio4GpZYzNddr
+MvwSluhTd8Ir/2KJJ/uQ6mgFSrTvtU/iWJAyft0DOIJMrcziBTDVpg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3.pem
deleted file mode 100644
index 7c2b410b91..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3.pem
+++ /dev/null
@@ -1,114 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIDPTCCAqagAwIBAgIBAzANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB/MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTgwNgYDVQQDEy9JbnZhbGlkIEROIG5hbWVDb25z
-dHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAyUV/VUccWeiLd97UNg9PsfI5JBKyMkLviLCMbEGIggBG9W+5DKyu
-loDjDpVTzzz4pO4/LQqcZgxP61RsM9sdvJTyxHWpU8fEb3CFFPX47WEEdzFEjvay
-iqEorgwgt0OuiDc6ygpjvje94MD9/tn2oXGXiZXf225UPJOAg/4G2CECAwEAAaOB
-/TCB+jAfBgNVHSMEGDAWgBROLqPn2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU
-XNZp2F2DSh5YkgNExED/5j5eRE4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATCBjgYDVR0RBIGGMIGDpIGAMH4xCzAJBgNVBAYTAlVTMRow
-GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0
-cmVlMTE4MDYGA1UEAxMvSW52YWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUgQ2Vy
-dGlmaWNhdGUgVGVzdDMwDQYJKoZIhvcNAQEFBQADgYEAF0YtbEJ7UriPhjA5X7Ms
-bjlEt6/l18J5LUKX6SdvzojVZW6wSnfiinjESVIMS7+nvplPU1D5y6BBzB2jCHZx
-uxC/Db9r8CeNek1COMl9nvav4pyuA1e+INl/it59qgfHMZ/pBdsYkYKI3B31oinp
-TSHj4AKIIi1y358PHk3BZWw=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3EE.pem
new file mode 100644
index 0000000000..bbb2dabaed
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 8F 46 F1 9C B9 73 85 3F E8 0D 08 C5 23 3E 06 4A 97 E9 29 90 
+    friendlyName: Invalid DN nameConstraints Test3 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIEVTCCAz2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGEMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQg
+RE4gbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3QzMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQ+BCdHFQbNq1Bp0GEuyOvaYS2gc2xwp
+YD7153M9L0wHxwNCAnjTjFdAc5e2SLlaCI8Bb3ZbGl8yTKyXaJ25CceHxpyzNWW+
+elq9FJDZjGpxZ5hbiYnhdkS9RVwgkDbVXwv4QfU2blSlQy1vyAH8gfy4mF5XJqfh
+58o+tcECrOZcD+116VHrK4HIMsp+FBGowH6VNhuyOOp3FaXII0NLLUVjBsjGwbkj
+3gFoTq5dPnTuFkr5Q3RQw55A9vcJkmzxHbZko1UiywiVIbcXHneqWrKgyJCp00sb
+w3gEc1Gk8jpKtluNsj3ogmnRrG27SKjcpVhZi+KLzOkAEOvBAVU2/wIDAQABo4IB
+BDCCAQAwHwYDVR0jBBgwFoAUQXhCRs1OqILn4Tnf96kWwAr874YwHQYDVR0OBBYE
+FDipyuJ4S5MA+1KCLlTd2a5ByjG0MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwgZQGA1UdEQSBjDCBiaSBhjCBgzELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGTAXBgNVBAsTEGV4Y2x1
+ZGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0cmFpbnRz
+IEVFIENlcnRpZmljYXRlIFRlc3QzMA0GCSqGSIb3DQEBCwUAA4IBAQAbvjL5yhOt
+fWiiB5PSQ+FM3M39S/xDOI5uMQpo0Z/KMs/ENKT5SVqKeOGuNOItovk0pNpBfrOr
+8jHuo4KuZbWiVUFSrUeB7gX6lJHXoM+Vqa602UHkrxKeZVQGEQ899RTysUH/zW5e
+RIRTbU4GVuYYyFl6PXp5Ve7Fb5grC6moak+bzuF0eN/GTrp1o7l036LHSdAbi2qz
+Blg5KbihSptmhELFjnC2lZyD6eyYvpcBeW0qUjH+PqQzqdOnrxpfy2aH0qGWceMa
+y7RE3OZklQsUbF06hrhuviBgkz988Ih/fVXtANKOIrdsEZXx2UoHOGILDpZxa+WG
+Fov/1Hl0j699
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8F 46 F1 9C B9 73 85 3F E8 0D 08 C5 23 3E 06 4A 97 E9 29 90 
+    friendlyName: Invalid DN nameConstraints Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C504397326E13FA8
+
+JVQONDk8Fa+egVOWef6gv8NQR9V+3X5PzOPmNMWb3WIipTeXloazJEki4ei8DaPb
+CA2TkayTEfIm5jN072iS2aUQtSaQvwX6uh8xm6mEmPz+zcyeolxhMfTsIz8n1kVP
+a0FRWb7u75H953g/ojaR1JhiYXzo9RkjbQHnCu2iwt2lpE2aZ8nf1ngJx2p0hcSl
+xWZmWU7DFF1AQIK2oHCjd/iWQr/yEi+Btlr60Z8dVRiRHxVj+UHhmn2+mB2JzL0f
+CFwP2xOQ6z0ksg+GzvVu0CvM0NQn2/SrmlvfiGkoFbCzX3b/I/6raiS7hYR+G9Ju
+X4NK/2jOsFRX5itDjCn1SADuKz1hP4sy6B97psrvDr8aYvDw+nN4Z17mOI2zrvF6
+sP3OOTMnFuWfY9fs23qCnyZ0mmLfZrw3vKxQPH/oBlGDbtM+tRG7jUOdU/NP6XMG
+7mYRU31GKHHsQXYBWSLMRyEBtsnP/fbzU/krPk56v1EdZoEgXt5TeBIt+C5XQpe/
++8eZvxJp2VDkYjE1OTi9CGf4A5aobWy/OnjMMXLzm+R1O0Vc7Tn8rObEDgoEYNl8
+7DfH2ESGEWLbdrto7WmyI6oEPyqRcsxGSIgb7oKLKEcu1dqfmyNxrgRcUUB6t3XF
+1becWs93DrU2p1MIaqJ/rCOE/VavhLXsY1siAFS+04+Fpb0eKgCiffHjAVGa3pgB
+47urVqUo1ztDKZgX2mbrTrPfhfd3nockXoNq/+BJvNsMEXrwwn0SRrMAy4MGhU6Y
+vwlUbnEi2GIXjauvGEF3L1xLtL4m7IuhBuLld+bzo9tqcohdgKpnQttuOP2uz81r
+uphiyTcP5kvEdcY4qNx4C3N/VvryYzyrNK8VwiA790jTYJ4Vvquv9j13NAYYNkv+
+Bu6vkw0js6KZeKKsevMMfS/OR5HboXJjB4yiBpPRtt3jPIikXxfZpokAbfqKReeu
+4StZjZS6KrgRnVCUom7dhVU+N9+KByEk1kNna2dh+tt+bd4RNI6H0ZDb7nnW6yjc
+0rV45zcNH+Hwfn+H7+1wg2ayd8mF/DarKXANKGYXQ6BPa1n8oc39so6vsMO87CtK
+5n8UwiIgKpteEAEy/ktysgi3Hi8ieLJaTylOwZBec/rW8l91AqNzXQYas1xYQU2s
+nbuaLK8n6tgHQPDtq69KCRm2Ds2Mibxoa44uTSWFaWGVDCQT8HwmPdmQLe5xcD/0
+y5uHHsnMrUmw7uGh/BgcKI1D8jCKs8ehVAZNKcXLE5aYzVfKXFVps7L0BmFs3M6H
+6yH6Z6Xmn2oHH7aeuAjqPN+0KCFiDpi5+3yRovgvi0qUXI/h2qvKTLemmOO32Ld+
+x+itnJY6vLRt3q6RE/iLGvCPJTtd5DNyvsHFoaxGZp4arOzlAZfkbKNC5SFu0ijJ
+4LXOkaPYGR8p/2eroUtGqg02tUFz0f3jXOk8d5NTNoiqDawgXJ3E6yTGvJH9Km5e
+eH8WFD8g7OWvwSvcQVQ35hqnoDvpFptf79AZ2qymQAD3rghvmAA/nslcrHzEXk9x
+zVJXK/0I6gQhy1VV2pR0wBHO/XD2mAHrVATuEB+Z3bxQcgL3rP/pGXqui99BNKOS
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7.pem
deleted file mode 100644
index 66b10244d4..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsT
-EGV4Y2x1ZGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0
-cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Q3MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCTL1HBt+N66tLKmFW98QfimYn+8h4asDqh1Q919/M7TSNyoUAS9y3U
-ZCRVwviSwB78P1HReztqDDX7dkKHazvtXY28fVhPwv1lCxj8sh+U3QoprauZoukz
-wx6J56XR40wEckL6qf6l2qNeVTuPEQW21ZRBgPEKIqikZYLjl1c/jQIDAQABo2sw
-aTAfBgNVHSMEGDAWgBSL47hYVp8Dat892Ac7swc24cu2yjAdBgNVHQ4EFgQU8nNR
-dG/7HQqs2Y/HH+yF2vQ6QYUwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQA4Lj7z67AHCPqJNPK30vJT6DzO
-BIMzF5uXn1uLFPibVYwzith0bxt+lS6X+XY0D8JVcCoGvQXIajaOz6SQW1Rjl9d4
-/ZtQK/Fa4aWO/SNJ/mUev7+CaFuSpzVNwU6TyY8mBs3THbFis9zVbllRK8ejAkZz
-CrLUsdP7tsReU49LLA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7EE.pem
new file mode 100644
index 0000000000..57dea771a7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D7 12 98 EE 93 96 EE E1 85 90 C8 0F 4E 99 FF 95 78 10 1A 4A 
+    friendlyName: Invalid DN nameConstraints Test7 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 CA
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGDMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMTE4MDYGA1UEAxMvSW52YWxpZCBE
+TiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDcwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeg0Q4UuYbfP+YbFOzQ9YSaIj6bLj1XqVJ
+wNegsJlRNNFOlEqGjLx2s7WKQQz+GhTXN49e09Dnsf8V1uYS02UlaSMM5NKF5mJ/
+xq7eOAbq+yzYMjl9GsL8HQghiy9E6igRDOIrvfYDIJydWGMAyMO2AjW0MGJHzvFl
+F/kV3c9b9goVmWSvxCzHuv2aTyaPPzXQQpY5ZNkquU12xRiujJzCdiXU7csjySJA
+1FHHI3n8oE/+fi/LMnPdBO+rpaLfr/IA5XKUeJUHb3WEXJ3iwi+mMoZrn9doiUvb
+gnWUsKmPSoQ85RL0HWVSU/Qw7vItixSHKcKrXCSanL7A4jRWrI9VAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFAbcW77HEjdZpIpAdHwJnUU8SqHbMB0GA1UdDgQWBBSFsJW4
+SPk0c+uYjBzxBnzjY03dtTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAihLqlYMuqWs3P74TsKop+Ilgy
+d+zng8ltbEFodH7lYIIdbghsS4nHHmYIApf8Fd++zpf2Vg5NY1Celolriqb8v6nb
+VeygO1Mhtwq/yKUCAU2DgSpj3KkbcP4gaS8PwHtSTNzus/soD8jaRd1y3/37QGMl
+LxatbtPI3+nHsaVPqwQJfeeyQAnOXGyB2t11LD171aS2uoRkGp+9ZwX1lhXEGV2D
+oNnwQ9NzO1JJUWYtnDl0Q9xbWzT2AZ2FXQr4uVBnkdtTOPvpH88gNpRt8y5WIkjd
+0pQDFt+EyePgBAKk2HXPImtseHPPH3z+ZRoRUGet4iESVIFVekv5/olJrfeL
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D7 12 98 EE 93 96 EE E1 85 90 C8 0F 4E 99 FF 95 78 10 1A 4A 
+    friendlyName: Invalid DN nameConstraints Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B45FD083D1103F77
+
+SBwOS6JkHV4xazjf3hMz+pQIdJABaX+JxoOLhDp77GtVbTXTL7gVYK7JDAU2dSAv
+MUCI2V0EL+3lsu9afJcTqYMBa6dWAUXA+HQ+4ztQ7oqeHuHvYuAKIm+ks1QF+YdV
+CrYjmto1LN+UDt7HA0tFf0LEGC9Axdlc0hxf/EhX1UV7BiIs/AFL8dI2TEMzHBSL
+Ugx+7HxpZ86mJYwfqyV57lWFIlZHDZ0w221wcb9tZj0jPhfZQ6iWsiFB9uk8CA+M
+z7vFpCHc1+/m4G+gAX0R+diYA9rSVjSS3068O3kkW31aSQGwTlM3u/Fnr5ouRfSj
+JoQEhCSGY+Axo2lJi1jRdZ86Uc4Fy5k/ou/Na7YAuZRvFe88BgMonjrEaD8hZOaq
+F5sZFKfLfLInQ7mHj6RPR9lwYdh0MsoHKhJztSkVnCpkRJFwAgZavPQ2AiYE/Fiy
+WPOwQPszKyjSFCTWQxCefiOCj6RCkcW0y/2xvy+nvSGtD8Lbt42uz/8wErpnKnIC
+50LT5t8bwC2O2pcjnZ3wdaOXT4PVdUu/rc4UgetzkkLxBfpNyHSpjyamVIY3S95e
+dnmVEJ9P0Ga/rNxIHK9l/BNLouMf8n6f6DJTn/fFbWeUYByp/WZUi5MUngg9qfop
+Zw371/PhyhhpQghj3SJEmfLZZlZfVBYIlFUT5xQyNP3L840HTog+11LW+uFabsFf
+VqlWUDHGKJN/cVOMYiijTrtNF8kpemqXS7Y7eS7mvbW8U6nyHGqQXrji1pQo1O0W
+d1bfNY4jlPR9pIgP++TG1IqCeu4GFMo6BZMi0Exir+0Ag8VB0zcjKgXWZMzXOWYN
+aYZgI1bEkAAPC6HJ0UOwQ1BBT0SxiQyeyZSRyvO+rYNZPzHvrxB8ChM6QyDJD4Se
+DfnWcBwUeC37oKuqsk3abkWiF615/KnuEFF6AcR5sbiIq+STRZmCvS+GXqksR1Qd
++gdBaKBqhlbNrciNQXsFqX1Z4JYG0zRM/MC3tTEhq7xpU1rOVdCzyT0yd67chK8b
+G58ZXl+PckkWe8IC/06NWECsjtVAR8pqBnQmNfVIVCS1U9dHQ8L6j84n3/qF3fpN
+++OG8Wqmql/ZB9/X4yk1XWEnb7vI0chnDQBJPg/0sdLM3hzVwZ7xH9WC4CX/5URL
+NUlMazP5zFS49lUyY07kps+P6/jJdl6rqMQNDJ2BliBSUe6JXsgZ7fcLTehJ6ltJ
+bOrnelOfh9HyrGEgynGweEG2/ouCh+8k7L/Wfada8ad2G7MpSTrWF+IGvBSSlR/X
+pFv2Jc1W6LjjrrC0MTD1yojnykfN3jgU/9CVGnKFLdCc3WX7MeLki+aIJndlq6iF
+Co7/rN0aZsuNPpQQ+XXF5Zacn2iPgoAaLzrRCaG4wIG6sliuZIinMobi1aLruZOM
+JZFR7EQp8LZMkVxeNtdYWfk16NaASUJt+oeFRZW3sBs3WRZxuCErZzI7fBReCtGr
+mjrg2XXW0sEJy91PyPoN1EtxGvTTnibB1SivT+/o7ainX4BFXEd41uxWoRL7h+DM
+FIDNy7O4xM9N87c2WaUbA8ErtTghYapiEkfb74jQY1xd+2YEnB4Zmk0WttWKEnnV
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8.pem
deleted file mode 100644
index de2503fe99..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN4 CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjQgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsT
-EGV4Y2x1ZGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0
-cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Q4MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDRLWTNLHouiD2wN3hJ0jdnrj4fTjlz2+99l/B+6xTOCtwBUJpACTye
-HIN9D2KKM0Qmh9stFmyS37OoOs2WPy4d6zXJI09x3ENRMHVD4XL8zIYvdc554XCO
-r6r5F4NDD9PXfx7zbY5zIa8xvuuRodLcz7HjxXCATmiy/Ylbq/tAvQIDAQABo2sw
-aTAfBgNVHSMEGDAWgBQzKeiMgEymrSeDjSUCZ8XltnYEzDAdBgNVHQ4EFgQU2i3L
-WI4ETNSzaANnEBgojWiA0sowDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCF1bG1gRn+77BAUXRG0YGUPMgR
-9DHNB3htuZ16XVRT2TqgE6hFiTROTrYgQekzo37hAKapBXUk09KjbIEZZWimwkzo
-lsh96Mt3Mri/s1KHNnRsPWR7Z9noTDZW2doxIx9IdZnbpceQ/z+E9xHaEZZX2QTU
-oFgdRZWQ6koAHlJt+A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN4 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBQTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIERONCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy/f6yuk+
-9T8iA8JCNC3qD0GOvAIXRNgKM4QLcAsVsDZkgrXmmyKyX3e+W5lgLeuzzgLxM9Fc
-Pm1NCRAX+AleMx8MI9Vyii9xcNT3KY90roWbXvSiixffCQyKwgjcNazm4nMgcKcY
-GCrTnvtjwDq4r0ov0chfZ4FYvOdxRXKJIscCAwEAAaOCASYwggEiMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQzKeiMgEymrSeDjSUC
-Z8XltnYEzDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wgaUGA1UdHgEB/wSBmjCBl6GBlDBIpEYwRDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBl
-eGNsdWRlZFN1YnRyZWUxMEikRjBEMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVz
-dCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZI
-hvcNAQEFBQADgYEABIMFw3c0vt6dsO0Lzu4cyBPZB6GobaJ9EVCLCKcuwdvmyMgo
-YamK8D4AEsT88YhCFji3zELvEeg4P8QsRhtIsr0nto5r+CV02degP3F2XAPQr8gw
-qBP/8ejUC0UPnOz3QlkiM4mZ3mN3A3KJPCmPmtRIVst622/8nt4HWGLYi38=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN4 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:33:29:E8:8C:80:4C:A6:AD:27:83:8D:25:02:67:C5:E5:B6:76:04:CC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        7d:57:1e:3d:c5:08:85:5b:0a:d1:cb:66:61:ba:9c:ad:1e:d1:
-        7c:28:1c:08:2f:2e:52:53:18:63:ac:0f:c1:fd:30:d2:f1:90:
-        bd:fa:89:97:c4:2f:73:a9:c7:36:bf:5d:e6:2a:21:f2:d9:81:
-        ae:f3:47:05:14:8c:ec:fc:80:c9:c5:3d:37:cb:5a:e5:8c:56:
-        d7:be:e7:ed:8f:f7:21:0f:d6:6c:e3:f8:cd:dc:c6:bd:70:90:
-        b6:30:bd:d1:76:47:62:33:02:ba:bf:97:41:a1:cf:62:12:21:
-        4c:1f:d0:49:a8:b7:50:f9:a3:63:40:5e:f9:0b:5b:ac:de:7e:
-        f4:27
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjQgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFDMp6IyATKatJ4ONJQJnxeW2dgTMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAH1XHj3FCIVbCtHLZmG6nK0e0XwoHAgvLlJTGGOsD8H9MNLxkL36iZfE
-L3Opxza/XeYqIfLZga7zRwUUjOz8gMnFPTfLWuWMVte+5+2P9yEP1mzj+M3cxr1w
-kLYwvdF2R2IzArq/l0Ghz2ISIUwf0Emot1D5o2NAXvkLW6zefvQn
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8EE.pem
new file mode 100644
index 0000000000..1e804be846
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B0 F4 81 5A CD C5 8B 61 B1 98 71 20 81 CB B9 D4 74 B9 44 6A 
+    friendlyName: Invalid DN nameConstraints Test8 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN4 CA
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIERONCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGDMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMTE4MDYGA1UEAxMvSW52YWxpZCBE
+TiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDgwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDd8E++Do+azS0Y/46cd+mli2KpLKET6z1f
+h6a2XTdv41TEtc0FJwgrEUxzzPX9gbx/NVNU0lHpVs9xoZ3/g8k4sC3/tSB5Ud8o
+dNy5yjOzrkCqMmf3dwxQ5bmf/8pQUsN4qch/nCnnLH6LllR8S6ZlO7HD2+jqS7jS
+FnGm/ExZs1fvBz647RQi1RxojTdd8ek18y2xMMf5c+0BqNBjuuSQ2l7iWCSPsT9n
+UVrvwhJopi5irEti0QP/bUcax7okraeFT0RnJTGrrxIREx+/bvTJ8jc4yFAsmuu5
+KsMzROuEPWz6tPjXHJItIAy9hhtIjHOE5tkfFwfBQI6KJpwi0RzXAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFGxJNq0uWIkSNlFBO1RSJiQA08p1MB0GA1UdDgQWBBQdy6zN
+eXfT6urnrougyDWvP3JkPDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAmvLMakt11xX2Nh0adOhzCqqB2
+Ea9gZ1LAusrw87JblOzSrHUGrwR3cL/yTAdyNhuudqJQTe4aobU+7DorluFEF29v
+hvwtIEHAhw+WRmX/pNZ9txamcYTfH4Pi/HHaSxG0nFNNT4LWTr0ACO61wkIH8FhZ
+Y+K6iHx7+e1vvGfuUFimKyH6lW2Ia59LCo3E02OUEv7r/d8z4oc2sH7wYZ1fFlOF
+RHzcE/rMmO+3t41Ejwg8WXCrojdeYpWxXjA/kL7dOQoYs4E0fffiousFtMkAi57V
+daf/BhKsPsr6vCIucSZVcoFXqVTXhRdKR9bqcczLjG8um0VXD+GcABkC/5Rs
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B0 F4 81 5A CD C5 8B 61 B1 98 71 20 81 CB B9 D4 74 B9 44 6A 
+    friendlyName: Invalid DN nameConstraints Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D0469F3B107F0E0E
+
+uKVaM0Ffc6kK79EkfZBuI/L2JuyQphClPbrmZNq9puVY+VLlVLwjEq3S/JK7clhg
+ofOl5OJbVF0vWrqDW2hR/vbMplgtn9CJ/u8A0UJG4mHln+0EclUqZQlAg2MI2FCV
+3uEe6Z6Z2VD6R8QwNEMkC4bBLcX/kwvIKxUi4lRB5bPzWiHvEGjN70b1FEO1Ewy+
+CNEMJ82REYzZ1ddH+N6KfTYtZxT87Jv/4YjcRVK5vKdlMnEmuMWW4EQM8l/Ey0lx
+DL6tjTfjcQ/idf2lO+tPrYEWYKGQLwotsF8iHgcW3umgMPA9CbeId3em7Aa9Fuzy
+tGp6DUMGWdmeVFL6bipNXYNgwia/wSKZcLcldWzSzcMdWDm64rP7UF8bDi2UWSBb
+jGvLzmTlVORMHhkqF6qzDbZWJjN0HCpoOClux8H9hoEY3n/WGsyzZaMAzoemHMMt
+3adetPrQYXUt0qGeJzf8IZrgds3TQhjakzDhPoi0Vjf1MY/+THp5z5A5zWJrcL07
+0eZOdNt1ahys94lHeILgh3eeqHCPP+q5hcmDbuxSRzeEnu7wjtPACuExYYTpNnfW
+1aHtGicw29jQcucPJlh1V9Dq4rVJVtVnr+AtNyPvq3FxIQ5rzniPHvAoZgzB7pmj
+oE/TNR2Pf6LIbc5JoiuAuH+2wMynDqZbD6X8QbYOxZazu0FX6JkdsVk7luH+B7Wz
+fZsXijSC/Kb5VOoQddJ+4pLXBForVWgwfULvFyF0sXN7cwxfTIC93N3q7jfWfd/q
+dsizeO2v/qbcXL6PTCGxPBtXQu5oTeur31/xeXeYPMXp2QMAjgFJN03au3W48NCi
+vxjrTVkxHaK550B7i5KfYNrvCtqYBctZNaCcRVwTsbfyxKfLzW5n9jDp47ataDn+
+bxu/hjgJNaZ/eJl36bJXXMK+WsF50lMhtNztD32pCwCBC/wjHWQc67ughlhExuFM
+hOZTOZd8B9OTAQZcPf8g/aoXrd3rxHY/TsHgGQsTPUJPPkEnvXnwy70vn/6ORb0o
+K6ftAMAYwZ7epmnNs7o3eMgjyEA6FegUQBuSr6upvM1+xBHQ6dWnYJfRJYY8j06+
+Cffd0k7yd3700KSeFMHNyaXkzIs5ixyZ8Ambb6LsnLQta40HcT4hBG6fjCQMKBLn
+K2AKHxcwIOp/GZ7u6lrjamuZ6v8LHF3vNaS+lvMUkWTLXt2t8cw4ddG5qPzXhavL
+a1eBeOv03QuFXgTLo6xNDFlZYBReHCnPomU72UiM6F/Adl+FL5BtSd6lda5YYAxU
+QS77VUc4M+YjZCmfkisch1fQ/byksgP/e/dhNJAXg6nywNemjUOfk3CW7NZK+0SI
+nyghbuwcc94aOOcjdh7k+DtUQxOeAEXta7Jb/FQJnnvdqtsd7oCiadCnU6oP+DVv
+wxfE7dA7ghqaND6SG0RfM2ve9h+Odquq9Xo64xOyByHL7Vl+CiWz3SUOM4i8qZol
+eHIQe3FybwC5VLZJVTWBRPo4r3WMVaRlMtcFR7Z+M77KOoUfCMsv547hSXWbQVHl
+eOoaJIlqZkYDbYvtO2VZuD9A+S1ItU8eWDzBJXx8Csh/uNEAs/+hfA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9.pem
deleted file mode 100644
index 450c232004..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree2/CN=Invalid DN nameConstraints EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN4 CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjQgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsT
-EGV4Y2x1ZGVkU3VidHJlZTIxODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0
-cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Q5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCh34/kUYUgkdgErLgpO39ywlNRcYoZme/9B+Qf6xXvtvQsMVSTRlYj
-SSl7WicS1s0i8wU0jrejAaH4wKVmEKpUXvDAnMWqnRTgL7EN4ni4vaorV9S5/6+A
-qXnmW+4GGg76TP9cj+SQ31mg5DHaHMGc5WeGygDJ0iaYXHqtUczkQwIDAQABo2sw
-aTAfBgNVHSMEGDAWgBQzKeiMgEymrSeDjSUCZ8XltnYEzDAdBgNVHQ4EFgQUWfRX
-bghjCb+4MfpDq1DFnXXWtZkwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQBqpi8ums5mTqAUxfvjuqAIdAzU
-vDfiJ9uAvSRyTLckdIKvbvqgn1xK4LFKEHh98dWr48RosYc8wkofI0wHpwYrhYcP
-y2kgyqtaTrdeSgbBcBibusuagwpz9o25LUTRTMVg9sq+1yJJYlGHGV9LuTnn/ZcP
-vCtQwWgLy74cJC0WvQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN4 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBQTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIERONCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy/f6yuk+
-9T8iA8JCNC3qD0GOvAIXRNgKM4QLcAsVsDZkgrXmmyKyX3e+W5lgLeuzzgLxM9Fc
-Pm1NCRAX+AleMx8MI9Vyii9xcNT3KY90roWbXvSiixffCQyKwgjcNazm4nMgcKcY
-GCrTnvtjwDq4r0ov0chfZ4FYvOdxRXKJIscCAwEAAaOCASYwggEiMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQzKeiMgEymrSeDjSUC
-Z8XltnYEzDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wgaUGA1UdHgEB/wSBmjCBl6GBlDBIpEYwRDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBl
-eGNsdWRlZFN1YnRyZWUxMEikRjBEMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVz
-dCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZI
-hvcNAQEFBQADgYEABIMFw3c0vt6dsO0Lzu4cyBPZB6GobaJ9EVCLCKcuwdvmyMgo
-YamK8D4AEsT88YhCFji3zELvEeg4P8QsRhtIsr0nto5r+CV02degP3F2XAPQr8gw
-qBP/8ejUC0UPnOz3QlkiM4mZ3mN3A3KJPCmPmtRIVst622/8nt4HWGLYi38=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN4 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:33:29:E8:8C:80:4C:A6:AD:27:83:8D:25:02:67:C5:E5:B6:76:04:CC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        7d:57:1e:3d:c5:08:85:5b:0a:d1:cb:66:61:ba:9c:ad:1e:d1:
-        7c:28:1c:08:2f:2e:52:53:18:63:ac:0f:c1:fd:30:d2:f1:90:
-        bd:fa:89:97:c4:2f:73:a9:c7:36:bf:5d:e6:2a:21:f2:d9:81:
-        ae:f3:47:05:14:8c:ec:fc:80:c9:c5:3d:37:cb:5a:e5:8c:56:
-        d7:be:e7:ed:8f:f7:21:0f:d6:6c:e3:f8:cd:dc:c6:bd:70:90:
-        b6:30:bd:d1:76:47:62:33:02:ba:bf:97:41:a1:cf:62:12:21:
-        4c:1f:d0:49:a8:b7:50:f9:a3:63:40:5e:f9:0b:5b:ac:de:7e:
-        f4:27
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjQgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFDMp6IyATKatJ4ONJQJnxeW2dgTMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAH1XHj3FCIVbCtHLZmG6nK0e0XwoHAgvLlJTGGOsD8H9MNLxkL36iZfE
-L3Opxza/XeYqIfLZga7zRwUUjOz8gMnFPTfLWuWMVte+5+2P9yEP1mzj+M3cxr1w
-kLYwvdF2R2IzArq/l0Ghz2ISIUwf0Emot1D5o2NAXvkLW6zefvQn
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9EE.pem
new file mode 100644
index 0000000000..d0a035da68
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 7B D8 8F 64 F4 1A 03 69 E2 8A 68 DD 4F 46 8B 56 B8 6A B4 FA 
+    friendlyName: Invalid DN nameConstraints Test9 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree2/CN=Invalid DN nameConstraints EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN4 CA
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIERONCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGDMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMjE4MDYGA1UEAxMvSW52YWxpZCBE
+TiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyBT5iEc/Tv46A838epWd5siS3H6q5kdzw
+winlJhMTUca8dVCuiZ9Xwgh+N86g54NvIJXzQiAey/KJan+2DXRcMu5EGOJjABk8
+t6jc/oTvdX4KjMkvYobBKcSsRuhuMkCn3vy47e40e8nxhmVhO/f0crEsmWGE4Eaq
+pnrcFD3YPRZLaW/2HRWXiOn0TpwJLpus+NYxghAwvI/IKDh5ymBj2BywUvvxngT3
+iKQ4BgoT5W/4Ce5XMekn/S78BD/DWiQMHqNjBPeb6eH+WvyPXpn6pTuIGg/Vpn3d
+KJzpl9t3WMo0yQaFzYlrUhNYGOJMXWboX27tHetlmdhQ7kF+E8WPAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFGxJNq0uWIkSNlFBO1RSJiQA08p1MB0GA1UdDgQWBBRQpDE2
+BhuO18HQzangbKt4zr2s7zAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQCom5SmP8qsQSlBzA8HM0nOGzLG
+oD7VEV8/kxv8VBLzXzgI7bijCIWzSReTUFCp8gBzdMYLlvXHkfy+5kvC9fIEmzyw
+uq7vNwjmFOA2sXtoGcbn5LwOhEepf0qdi2Y5oOxqQRrj98FelZ62bsXjOEKdR5g9
+J+2+VcU3P0ENrAQisVy7mw/MteuUEL7v8iEtfpvxjR6ZP9IsRQY2XsPXNX5hzlzZ
+C+M3eKDVmg3c4QEjXvbBdhntVU9H+YYaEtQZ2F0vKH/lv2f2/Vj7yupxExakxpQP
+6ukRNeDvnG6ujitq8qhWu6QDEfCdzzEx2ZuAVZqTJjAKWC6HwfZUioDjhHFZ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7B D8 8F 64 F4 1A 03 69 E2 8A 68 DD 4F 46 8B 56 B8 6A B4 FA 
+    friendlyName: Invalid DN nameConstraints Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,454FD50E5AA86909
+
+snoxER3TwKSfJIMUgfnKUjqQ96OcVNV92TihvkayHtqbUXsaqgQ9z+zIRp7Q+oiy
+7kkNkgPXPLVVM0SfIEIdtxRH70Fg6nwV+We8YH/3etFY8yxhr+qbbx9ouIVzk5YA
+4inJNfS2OU13J+26BGzi/eqosJzgNJ8jMBxsxbCQNb1TDC/WfFQiOUUW+Qxha5c9
+vNhJwQeI8s4YCic7HJ2a1xUviMLAkFXBtn+1uptLR4M0eZh9yZA4udYzsugk/uvW
+h5Wz3ZjZgM0mRYsBzsymxOBc/UhmXMFvMsiEmoO/TEexvGEXODhsALxzUhxQttgT
+7BlBko7cqKN01cxie8ePJKXa0BmLRcY2fQklVi5Nts90Yr15QFJ3R41Iah4zoigT
+PJ9U8f4fDhMkDdiriAcXYFpSDYd+jQ99EsoQi6c9LH/PtX4EUsVAWsM2xjlVUGCq
+iaVx5lKEjsN4UCtxEu/LdLwExnYUZwgiJEC0lCZoRTz8iPEoblMtB2mYmJp2coPx
+9JjULNwUiKa7+4UoxzBMOjGjsRel1J+NkXXjaA6tGI3ul3SeQ542SSAesv4MLwJR
+weNL6hEFdLtJ98TqhaXibr7iupjmAIqdN+IwdbViLeSHa/YaxtI/W/5D3ub/KdjX
+tegv0+IJrPg+HSFB7FZY+HDha8h5xNariyjz/K7EgfWqYl0XyMFvEHZ4VWr+M4aY
+kUGLfnoIVWBl+7n3YhzzCyyRgzos09SkWPuqsj5NAIDFIruFZ45TcQ6wRP1UV59a
+iPrEsmv+bwAYw+L71LtGKgWp4OfhjuxZp8XmEtcMcRPq+luNny/oZO2GVJ75mm++
+b9Aqdl8tkWjFRYleDv/IBu/eRqhQH387gICxQORpjIIo/tuHyOGdYbIIXL08cbMQ
+h+cNSGR3kQ24IFoFUGBnF/LgsfftretK09zV4Uk1uPUdOHZjt3eZf2VWk3aWoLQz
+krgL3yR2Y+yqfrdPeDAzfzQr2QtyS9ioN0fNDqk6vdCz138YGr/X/wfPZoj8ynxY
+1NbDQHKNl8Wp+4a/OQJT+SleL/SsHkCj/st+UBDZ5eGNdZGT9Zc+4wwPY5oXUFU0
+owqODQFLhEpU9a2tru39wTTrQQJJgUBTTHfjrMACCbatlOIDBNrf2kf8R4q8Jqtu
+wXrpbOiINsGqv+Mi9/qHOXXQO9M7keyMoIcg4nRCtTVmqz1aMs3NTEbPV8das8E8
+gd6AgGWOCmQUUh9z8v2U8zLOCR30mTmh3kstV+v6UniPzmVBMLj5SZSDJyCor/az
+bx2LQvTQ187fmKrSJwbVzQa5GHWeKQ5x6MU7la/5CjdlGxLmkzgd10Quk3RAOzAb
+aIPDUk49hV0Wb7VuMjkerhXyDX6ZE0o5O7UWNBXxDX6qUGKnq85f2XNxqUjvkZZ2
+fbUuVrbOC2gei52XzRhbaDiFbESg/mxTRprjIIBx+tPYgWzSFYBENRBYqUQQQSN4
+W1RM99Z6q838RXAFTKQr4jNtaZnSP3LOpDyuo9TbxHHSM6c+ldtgaL51mY8jHJO/
+p6clyR6EaRhKFeS4VmrTqUszOiaOeq2Cv/wRaxuXN+FDUrtV0FF9ZHpKDSxOTkFg
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6.pem
deleted file mode 100644
index 55164dda04..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6.pem
+++ /dev/null
@@ -1,104 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid DSA Signature EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=DSA CA
------BEGIN CERTIFICATE-----
-MIIDNzCCAvagAwIBAgIBAzAJBgcqhkjOOAQDMDoxCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEPMA0GA1UEAxMGRFNBIENBMB4XDTAxMDQx
-OTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXjELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMTMwMQYDVQQDEypJbnZhbGlkIERTQSBTaWduYXR1
-cmUgRUUgQ2VydGlmaWNhdGUgVGVzdDYwggG2MIIBKwYHKoZIzjgEATCCAR4CgYEA
-vbB6Gzy0SX2N5smRzWMqz0VoZRd5JR2pZblQy69qF7L9wXPemawRZc4n8w8GB+4+
-IDHq2L8Uex+2KP9lRuXNnaUp+C/BCIB1cHBBJwA2Wzqhe0uyoVb9qvDOQuU27zRU
-dymarmOqSfc+ruHC+faJMv+ZaHv5zjRd8XwpZHs0ZK0CFQCXYwgNQsqfF7gNfgA6
-5QUzpC5bwwKBgGBfbUNGPILwforCRr06QOuBEKduLdWEZngS7RkwrK5N12jxDw34
-bvbzjzqlldmdKRu8kUG2bhSV9aF/EzvyppEkVBZ0j4NmnQtO/kvigCL12hmSucnN
-3Ir4+32prJX4ycxuECJYsbU5LPfHicJT9x5o8Yy4IcxJkzfkL/O3WE1KA4GEAAKB
-gC1pr90wK1tDu2BegyCB0M5MOerDtoYTJ+js/5N0yrMApqjdguHSRoq6nyc/33dn
-gAlOKsmYuClo4V9v5sQ1rPYYa4Pt9DL105oCu3uZAlASTSqiUc6FV1IYlEEyErXp
-JM5sYFEtet0LoIq2QvmcbHx3OZXrTS7ZgvKCNwNFBQ3Qo2swaTAdBgNVHQ4EFgQU
-3GZpOXKnsDrffRsT0zC/TrR+oPEwHwYDVR0jBBgwFoAUdBXVJBy9XmWIH+GLCX5/
-6hlITmEwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA4GA1UdDwEB/wQEAwIGwDAJ
-BgcqhkjOOAQDAzAAMC0CFQC8jW6jJtLFOVb/3gB8Ud6zDADC1AIUXggJS+znTQfq
-yuMe+SHndjnV3Gw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=DSA CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDhjCCAu+gAwIBAgICB9EwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxUcnVzdCBBbmNo
-b3IwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA6MQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBkRTQSBDQTCC
-AbcwggEsBgcqhkjOOAQBMIIBHwKBgQDf5RE+2um2bhDW6p3inTqwR71EAMdWyMxu
-0DOEVkc1PfZUyOPCrbu6dfMvMwym+THsZ+PlmW38KW6qV4hyNOKOAJDgo6xkjsD2
-PB2PtMhKSDBef6qcdiYL2xNzM4OXwMWz5jf1Pv8VDdShLrox+KuH2AvMd5hCbqyT
-mMK9Lns0CwIVAM8GBNj/i+sA6fZcB5Zz/ZZlOi8HAoGBAMzhfLDOkl9j7Di7RLrd
-kjS2Xr5le9hxdwSd7GZ8OwTOtvNS/g+SVQLvThKrXZouL25W83Dsau2bIrioE8sM
-nBbqwQqOISZEpQz5oOxi4HAxzGj1C4WkShtuefTB+TZaOG9O74RT32f9zPdZYo+c
-nM0Qj1ykD5y3B+xg876vfjmYA4GEAAKBgBHyudi+QivFhL6RAhz8jDJyi6hsIdeI
-ihS6MGV1wBw9gmllp6yQehQdhXvlU8Jg/LHPZ6/B8i4IMmo4x5FOO7w8CdD5cW0I
-3ydJjQV02L1G0NtRpVO6h/P6XSWDT38KdeWp44mnQXdjQF8rLITSwXF4CttrVxnh
-5xQMnsT2MjkOo3wwejAdBgNVHQ4EFgQUdBXVJBy9XmWIH+GLCX5/6hlITmEwHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
-DQEBBQUAA4GBADo7ch93LLrc7PUdW0XOP3+kP+Sywfqf2ApcmOLufmM60siw4rzA
-1ssoITB2Rs3TPQKBiJzMdFKrq8tQ+8TcpXJ9M4SVfbAFB0P0vB4UC2Eg6iSnVJbB
-tsZFj12gpqv5Gawo3yUTw34h3opDGSX1pz6eZUIZBFKpAX5gyIpiEBI2
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c7:32:ea:21:ff:7d:01:d4:f3:d9:c5:a9:ea:04:35:21:81:d2:
-        13:f2:35:d3:e4:53:c5:03:93:de:a1:2d:25:56:64:bc:52:20:
-        81:53:69:6a:a6:90:26:38:bd:ed:31:7f:a9:7b:c1:e8:a9:e5:
-        07:97:82:bb:3e:8a:f9:79:ec:2e:bd:16:4c:31:6b:b6:80:ca:
-        ba:ba:0c:35:0a:d6:08:3c:31:78:fe:d3:3d:06:69:6c:3a:e4:
-        07:4d:6e:84:21:d3:c3:90:60:8f:99:90:62:a9:16:38:25:2f:
-        7e:08:5f:2f:cc:59:d7:7d:9b:2f:d8:0b:e7:70:d9:64:f7:01:
-        38:8d
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU+2zULYGe
-yid6ng2wPOqavIf/SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAxzLq
-If99AdTz2cWp6gQ1IYHSE/I10+RTxQOT3qEtJVZkvFIggVNpaqaQJji97TF/qXvB
-6KnlB5eCuz6K+XnsLr0WTDFrtoDKuroMNQrWCDwxeP7TPQZpbDrkB01uhCHTw5Bg
-j5mQYqkWOCUvfghfL8xZ132bL9gL53DZZPcBOI0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: dsaWithSHA1
-        Issuer: /C=US/O=Test Certificates/CN=DSA CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:74:15:D5:24:1C:BD:5E:65:88:1F:E1:8B:09:7E:7F:EA:19:48:4E:61
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: dsaWithSHA1
-        30:2c:02:14:46:20:d2:4b:f9:cd:91:09:e9:71:6a:bf:d2:3e:
-        88:5d:d0:47:ee:aa:02:14:25:ae:d3:6a:ca:3f:a4:54:41:d9:
-        a3:57:74:b3:48:ab:c5:9f:01:f9
------BEGIN X509 CRL-----
-MIHYMIGZAgEBMAkGByqGSM44BAMwOjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMQ8wDQYDVQQDEwZEU0EgQ0EXDTAxMDQxOTE0NTcyMFoX
-DTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHQV1SQcvV5liB/hiwl+f+oZ
-SE5hMAoGA1UdFAQDAgEBMAkGByqGSM44BAMDLwAwLAIURiDSS/nNkQnpcWq/0j6I
-XdBH7qoCFCWu02rKP6RUQdmjV3SzSKvFnwH5
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6EE.pem
new file mode 100644
index 0000000000..767c46f04a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6EE.pem
@@ -0,0 +1,44 @@
+Bag Attributes
+    localKeyID: 9E E2 98 1C FE 0B 6B 55 A4 BD D5 C2 22 34 2D C3 98 4E F4 8A 
+    friendlyName: Invalid DSA Signature Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid DSA Signature EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=DSA CA
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAwCgAwIBAgIBAzAJBgcqhkjOOAQDMD8xCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMQ8wDQYDVQQDEwZEU0EgQ0EwHhcN
+MTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBjMQswCQYDVQQGEwJVUzEfMB0G
+A1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEzMDEGA1UEAxMqSW52YWxpZCBE
+U0EgU2lnbmF0dXJlIEVFIENlcnRpZmljYXRlIFRlc3Q2MIIBtjCCASsGByqGSM44
+BAEwggEeAoGBAL2wehs8tEl9jebJkc1jKs9FaGUXeSUdqWW5UMuvahey/cFz3pms
+EWXOJ/MPBgfuPiAx6ti/FHsftij/ZUblzZ2lKfgvwQiAdXBwQScANls6oXtLsqFW
+/arwzkLlNu80VHcpmq5jqkn3Pq7hwvn2iTL/mWh7+c40XfF8KWR7NGStAhUAl2MI
+DULKnxe4DX4AOuUFM6QuW8MCgYBgX21DRjyC8H6Kwka9OkDrgRCnbi3VhGZ4Eu0Z
+MKyuTddo8Q8N+G728486pZXZnSkbvJFBtm4UlfWhfxM78qaRJFQWdI+DZp0LTv5L
+4oAi9doZkrnJzdyK+Pt9qayV+MnMbhAiWLG1OSz3x4nCU/ceaPGMuCHMSZM35C/z
+t1hNSgOBhAACgYAQWbmkwRf6MP4B9U3eJlPnnlqXNvSHUkc20sM1M+rUzpCjtMD9
+A19x3QZBz2/6zKHJH5FErjnPtTzrGeTf5Z+TKVJZhnu0h7488ylP6DH1xHlIGotx
+192SGnw2XbuwsovncnWlqcT7+Agh9y+xdVzyUJ0FhE3Qx+x/teDgzlz4lqNrMGkw
+HwYDVR0jBBgwFoAUj5DGjHToewzIWcd9PFtUWWAlC7EwHQYDVR0OBBYEFIZoDvoq
+SWtJ8EVev2KlUt2FIGBFMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAOBgNVHQ8B
+Af8EBAMCBsAwCQYHKoZIzjgEAwM+ATAtAhQ/pOQA65i8c4YUyXW7sZs/U+tedgIV
+AIgP6varGB6QfVQJyKjqwXPCn5iiAAAAAAAAAAAAAAAAAAI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9E E2 98 1C FE 0B 6B 55 A4 BD D5 C2 22 34 2D C3 98 4E F4 8A 
+    friendlyName: Invalid DSA Signature Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4EAF1A94DD24EEA9
+
+DVXBBzQxV6Wl7CrTeW5ZOsIk2TDqnaxGZecFTO2LrzXipC8TwHQjNnB1qi/XHgUU
+z8fnnHYvcEexfyUpR79IWaZaf4e6i3ptKAPtVqxTZjic1Kjg/JTARpP51s3AkFwW
++5dvcjJbA4NRq29N5ciVs5kCTmXOOy7VvC81to5b2g6rZR+xEDNnjuMjbhph4vBV
+RyFpNGMjkC8ZMy8ykXGt14aHIv7tSdSjObIZO5/xrlpfx6ldAQxZS6RwgbjumPu9
+sRYxh+e//cOv+qbl+a4VCqEovlpCZAj2ycwPGRLxbQi8NpgM2LH0D+eVjDio9ft+
+Kxv7DFVQPGJvWD5ZtF8x90DAEM2qdx/5ILO8X85Spmc2zDzqd4Sq43BU9ftPTOw1
+A5ih2j1bZu9euZakhEB3v+XneXslXNwri0+N9WSXMthSWYzXVRQR+kYkfFEh1GUF
+GwUYg3YUKFO8B7gn4s/f7imqStJOftrYWz11cDuBNXDDHJwvWglwRfptuNwd96LL
+8rCYpqY6wvcq0zTKt72ohfqVkLa3DoKKX9id8AQ3XvD13/x39NXakiyUNcGGbz2K
+yKcBBRVnq4Q9FpNQPMV92Q==
+-----END DSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3.pem
deleted file mode 100644
index 998b139518..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid EE Signature Test3
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICajCCAdOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGkludmFsaWQgRUUgU2ln
-bmF0dXJlIFRlc3QzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYuEosZMlo
-4XLnLFz0FHAoAVIElosiQpT0Z0p3AtLcG9tCIN83S7m8WXOBhuRBoRLaHQvEnPE0
-n5azBwJ+zhWD4+MglyPcJ1FrO7SPiHOB9UotWr0EG4cjkAVUMrrkFRLfoLIPJqz3
-sNEYnP5qPOe32IGDKbXybjoddfzHbompcwIDAQABo2swaTAfBgNVHSMEGDAWgBS3
-LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUU/uacMtyT3ntU/H7h/8/HstM
-ebcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
-hkiG9w0BAQUFAAOBgQBHY2fzJrZTRjpqPLxzU7ZABeS9O/01ZTY/9uYl0JrJsfN4
-WlxaYMtSRcTJceQAvfyrafk1x354iJF+GjW7XIJR9RhGlkQXquT1Pqlv/Z2vpSjq
-glf4JuAbERm1V92qP2Acyiphm+P98Pu21c/Vq9xK3Jh/9/GUSOCmPIhvVG00MA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3EE.pem
new file mode 100644
index 0000000000..7f8cb9673c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: B2 88 B6 C1 D4 45 AC 2D 04 63 A5 A8 3F 32 C7 47 65 EA 65 78 
+    friendlyName: Invalid EE Signature Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid EE Signature Test3
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDeTCCAmGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMFMxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSMwIQYDVQQDExpJbnZh
+bGlkIEVFIFNpZ25hdHVyZSBUZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAL0hKwE3BTkysVg5uG7li7trnzIg3Nr5gt86tdXWBMvUxtobZoTirYpn
+xeWYd7nak/BcsY1/s2PG0eKHK7p0/U8TwSiOKrjaY4MbEXD9nnWdsOttQbNufHvj
+clD+rj4qxFjpUPhDNO4hlC97x+A3PUwarY7UfPbmHSOxwhXdaC+ewQ5PP0KpjYdV
+ImdRiDW/6ViFocaoEi7X6oxa7wq+fX0I+EIYF9ff5gQWXjH7627CGS5Mb4pPMIqu
+uNAucKCUhm5ebNp+4IGm0aS8NY/Nps5Ar2bj7tJqneiUDi/NtMRF1DG5f1hrNTMc
+URVDk+EGDknqLO8FfOH/T2ePhrYFo3MCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGE
+JBu8K1KUSj2lEHIUUfWvOskwHQYDVR0OBBYEFMGDz5JBPp/wUvjh7G5TzmS74rxC
+MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZI
+hvcNAQELBQADggEBAAOz8GXBwa0o8jyF/ebFdC11whr/04CPLRHs8QK3VAeOaeKU
+qnN3retPzhN69/6vVl8ZngJqFZMQFVZ727iSDsva1w1j4eNbugjU6Hv8754pVBsz
+7aaR9Aza/JobeMmQ8iWZ0H3oR7ArV7vLbMwrDPpAMM4fT4lUnitVtbcggiY9H+LG
+guH2d8PbtEv2CZsE3nj3kSW+Tbo3cVd3BmRMyRvgqJGwEnRlJl33bWi2g0n2n5P9
+liABaYGW0oVeGPGHaKLrj7mIfKJHiz8xWHgouzjYv0amTHRqat01y9HCuRTvw0VS
+EXfdrlGih5HJj6SPux0KTr5O4PeaPJVrlFHi7Ts=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B2 88 B6 C1 D4 45 AC 2D 04 63 A5 A8 3F 32 C7 47 65 EA 65 78 
+    friendlyName: Invalid EE Signature Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B5DD1EEAB4CFFF8C
+
+eG6G3FYzv3Cw+pSy2czXeDfoSoe3uR0FcWK2ZHPR3ZqIPOJAytegNUW8e2rGwuA1
+dIJjE1FVKG7aREmp5MNNxxU4pS2LtmMh+tsoprWGuCHNGe3MMCkRpLDFhMI6HEKk
+I/XIWmGRAvXExp/u86IghVb7hLBOpBprtcX/AoYA3Wca/USq/XjG70dxcub2U5Al
+0Iu01dsYoNv1yjMBXAyDLwVeOBhgeAN/xb+xSaCG+i85lIL2GFQCi8B+mc7j5EVf
+DVhNrXR+uRZ2LeW72Z6XwMnbQRiaqd8rDTJWlLWGagPWYeCaKRB8eYR5GksZzmko
+YA0bUBuj9lhhmPWWq7ExifNlMBm+nqBxzOiDk0HkzvndGaUUaNPXOXL1ImjBZ3Uv
+iG76OcBh0OnABW2SGj7Nk8DRbJt0WpSKq413vZbfCxPZkbpw/Lo/Zil5tqDM+7G4
+aTW9DDx4lXGotgFVR0yn6AwSs71BjpzTf3AI1DzCc9N1xU6Q3M4YLezvX43WX3Zv
+wcygNFLrSJScJwhu9glNluPsD7leJfczNUMeclSbXSrIx6VWSEVuadQr1hriqZK6
+ELdGSeKeYU/Eg30umu6QcA8SoF5jIDpVjZSHI290rWLwEN38pgohBSZ58XrdObSO
+3gTHIQqcTBBucDKpAD0tcwx+tNyjht/4m8oer6ROk8/ewkCHOZFVpK97MJA0J9aB
+MFfqpe/yJ5uTXy8PR8uxw0r8DgvWOqM3VwCdguNlcKVE+SgIARi+gX6jq7InkQBu
+VCsnR6+ZosQNXNH248XzOoeiXL4JNUi+d3U6dlb5DbY2adC5VwNgC1JlUmkk1clF
+V/P42cCwDn9DmGM8+Wpe4eT9hwZ7iTkxb9s/kcjNGJg1cME1kFjFxZw9cPMfgqRA
+UOgEprTXSBFTuBsOnzQSQ6HsdaBCHrVwxBn0mn2NH+nwQ8Pyk7XW+WCKW2OT02fW
+PQz7KYPcm9Exoozkn1eHyULqpGNY4Sw9nKmmjMa8Zty/VfrYwwz8xfm/t9+LOi8m
+415J2IQIslxutzbD6/aNDsZLlvvnSLkGaTA5tPdT/GO9A2tk1kY3d7/nArnOQTWR
+jZulgzLWi33fABX8rXBU+JtWmX7RKbM9yP6cKXG2BumJb8xMqULGkupynv3a/iFX
+nmkkl99DFqwGmhliqQEm0swjB/p7lY4LpiaNkwMmX/jXkKXet+qtIpYMH4Uo88vZ
+oWfoyOzKEKl/p6/lRTVO2toLU79rejdzTwAbL3mbiMYWjFM38aJGQQ8GQiNVcLvq
+JFnpa3JxkFhTZPQlfqAHD3Y9dyR4cNU/6jP2rGYKJlrkqA1KmhgdJVDWyYRkiYgn
+vZFtbnuHSPrRmrdjoaSCR6UIm7Xmwpe9Tv35IHrXAi9wQphZo3CTMFedInQi5Z6o
+wrYifORXu0f1CBlJeWAgFw9yZIslVmKQiGsV7o5GXPC6sFSvAisJ5tL0nZkZaQ8Z
+gkubFwqQ06fOP/1UZK/ck2veBueNG7/PHgNSP2rhQGXhAoqdcmxXMvgEUNh15B9c
+TC3eQ+z+90tksKUZNmlx/U7eO97TMAXqx7KysqwAL4xXdnr6whxjIw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6.pem
deleted file mode 100644
index a9fb2b27fc..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid EE notAfter Date EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICfTCCAeagAwIBAgIBBjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMDIwMTAxMTIwMTAwWjBhMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUludmFsaWQgRUUgbm90
-QWZ0ZXIgRGF0ZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAyCOeDYaml7SOL+2x9UWcwqcMIR9a0vGlP8Do87TNFZz+wiLZ
-0nMYVMfnQWT28E37L2tcdoZUM7SW8dlvfMfTKIoSKeXUiD4bRftrWVj4/s9Ipb/h
-8Gl9k0GwUmg9gN3LDvdRw2z2CiBtP6xsNJZ9vFW+o5QIhd84r74TPs1H2xECAwEA
-AaNrMGkwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYE
-FP4ipJtrQCKWa5Vq2wk2HfpPnJnGMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
-MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEADdATbChw44x7r1EYA7A2
-1BGzR/9Qmz2Dhd9d1stBum7SiD6Rclpo9A+CfwMmPhzNuaAScE6jL7LGwOYIbKp0
-LczJhPXVy5XLwf+pciCQFDFVc04/qEIugQJm25iQkm6W0E6kpOuwrOlpUU6SRAB8
-AktPedUhRoKNsB06vemChz8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6EE.pem
new file mode 100644
index 0000000000..e80dbea823
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: F6 4C 36 C8 65 51 7B A9 5F 73 BB 49 44 AC 4A EF CF DC A6 CF 
+    friendlyName: Invalid EE notAfter Date Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid EE notAfter Date EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDjDCCAnSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0xMTAxMDEwODMwMDBaMGYxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYwNAYDVQQDEy1JbnZh
+bGlkIEVFIG5vdEFmdGVyIERhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDYwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVkIXCcTqIC0o6oloj+rv8wFYVu8ss
+0yLlBy5nINdpFsuWwMezsprPdut5NnThg0m+t6SiQpFqJcqQKVh2i+z8/DUWfWNr
+1H6ShCDO7xPupe2o5pSJe5dTonyC2LHLABc9HQxGxCvL6hAXz+/nMciADvYrCHlr
+n8ztVSKXI6jaBZwb0KzcsWHtjFxVWbPZ2KVp2yElWUJxUdX9rUnOYVATeKVKHohV
+QFYA6wAe/UETnkCdz1JWqs+vG3QMjw5/w1V1lthf+SFbJiT3PVV8VCxq23bNy4wF
+M5GVeDJYs3lIm7rIo0/d7PvLhVUCQWmsQKMyLwS3xgBrOeIWNsVAPM5LAgMBAAGj
+azBpMB8GA1UdIwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJMB0GA1UdDgQWBBQl
+6Mt3tdW2ryNfEQ9WI7oGr62koTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
+BgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBUXyfp0KcfRQdV031V8bA9
+gngzQtrEI05Aa0VbgTv3b7VKeIcgwsUMeNjuJZ5hUxAISm8+xwoY5e27EOHxWG+y
+Dtk2Czfv46Ga7Pau5P5wag2QkPk2WlmVovMp92zb+GI5vyLFnEdNY3zkTtFxCbYI
+LEMROtRjDM3EGkXmkoblz+Z+u7NaLW4cKI9gBYytP3Ezg0R8dCRjDRkXy+95CE8q
+6taAwnxIQ6FqGxjBgf84oXVW81qcIf8N3i+ZztMK2a3swEDY1CyeSnj9WAX4kt18
+Qou/YP2hqVJxApNFFcBfqybSUOyLu8mbYlBAAYNB70QchygcEayvAXOIXX/NunA5
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F6 4C 36 C8 65 51 7B A9 5F 73 BB 49 44 AC 4A EF CF DC A6 CF 
+    friendlyName: Invalid EE notAfter Date Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D12A38D94C74CBDE
+
+7qNutaQU4Li4WSh6pGKQKoSS5jbHR/a2L5H6DcpJYGjDaHRyWmf5FEC/VEC0NXda
+QA8xVcZD8AMM1e1HnlniqwGDE4+SwPSNHOZ5qnIPmnwz/9iW0HxkQT95bMzcur+Z
+Nuew4iwrJ0VfjbB5DeX8OZSW/Ut9kQMRakWSPsygjTudsC+RMG+/SJDBDsA+8A7N
+SELORpkRB8WL5szF+tifUMg1fCLeXIWk1S1ByBezSNYkUmtVkdpzBWCHWQ6CjL2s
+a0aU56Vb3AYex4srhgM1Hp6XOvrRAAYmSU0DMoy2xh1XHgi2pK9dx0+hveuHTTIU
+/XbK5CQgMFGvOvSMx6qlMlp3diEFsw6JtC0Iqc6RX5iSHmJ1S5uL0Uk6vw+/UV3W
+68D1DzaXr12gLF1kpMFq/16mVBzvBAlGBQAKNwvPtZRgU866V5rf3/bWh1p5FlAI
+vaiokUR/tUQuDQjAQ8PwgH1csHtKW6BpGHDZK5D9FXtAQOZNP8l6LOX+4LRpcgZx
+x2Yp8sOhuzjO359cxGt9TZnIKpEjX/M/tQEO298q8EMjHTWSRzTb03PwoUUIgZyZ
+3lyCGY456MORDM8DUpl028kG/hwJi68EyfDmDR9jFAy3UNHyK9fEhP+VInk+82Ix
+GemQXlGr998QeuOodUisUufn+yYyE7hIIahTDlHW05earGfg3UhYHjb+w4WYM3Gd
+aQRiEqF8srAGZL7HXnl5OGXSABheyIaqi0SLzPpJTtoWcKOi5TthXavMpHNnz+3q
+WXD2XkzJBCZyiMkDW/BYmmtOoVdIawEAuFoIuyIht3TmjQQmao6II2LlT3a/XFLB
+p8Rm2zw2IF23+nDdHQ1o3MJ6JBQPChAjDGMrXI4aKWXURqO75+9Z8VaK2zBwB0EQ
+HsJUAlFnCVrEic7m0PQbJcfU0XjCOaYT26ICmX6InwkdQH3p/jFxaSpT7dRiijUL
+SGqP4Gtv+Um+ZJ+IdfZvYDqZ54Ga9wFoJvDvuSkptasrzre2IfJXm2+sj2WNYP5L
+eNAaBWfY66NJ7Smfl9WBmyQ99yX8J50Yyq+CKOvRupNSYHWLnXOq8a7rhaTGNPse
+KjbVtsxG81wkOMed+7t2LWLj585FVBqIpHkAiAdFEZW54eWXC2Fc48VSmfBJfmqF
+Ub3petrSdSC642Bpx8FUlvLz8dQOMT9l0Y0MiHIrS579hihlEkC5D+ycYVO9PhtB
+gDV5xSHaILQ9IzMg1bmoFXvIOcFN0/qRfo257znG0nMUMeemQsQJLLzH2BQStHrM
+Htjbty4n03oYuiTd/B51ztLHd0Ou2y7X6hBpKuAHSsA95tAJ2rPG+nf5ylXXC4AY
+2CBysvFPm1TWthSiwL4X9TRTjxTw5PKB2hZzxBEZJ0o3/I7RMH6pq3KEn0Xl5yhC
+PErTitHGfMCUkol3o1C/C1PJJXIepEcrahZKSUriCTvRZgrg7wHfODGmKncroHHi
+i0g38wYLdqVy8GkK69zOuSexeJZk4G3/eZwxBDJ+ST1m9oYLVHCz8YAVIr9Jr5N8
+ZskNdz+wSV2xyfFTbzmG7s+dpb5y9CcP+jTfGZG5TvfpMzS1cuv611o8EzFlQJ6L
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2.pem
deleted file mode 100644
index 6208b7d277..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid EE notBefore Date EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-NDcwMTAxMTIwMTAwWhcNNDkwMTAxMTIwMTAwWjBiMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNzA1BgNVBAMTLkludmFsaWQgRUUgbm90
-QmVmb3JlIERhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDIwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAM6vu936ab1N3e528zJ2ryTW9quJh45gf03iwH7dWEYsZpO5
-t9UBImXpFR+j74ZQenhHmcgGQNy58Zc4KwbzxnNMnvW7INMVc36TZzdvq5hfXCsV
-SX5gBctkPQ1hgh6LZHLQoUnxJiI7iijUUE6P2p4HfaqfEkh1tQfjivyF2yo1AgMB
-AAGjazBpMB8GA1UdIwQYMBaAFLcupoLLwsi8qHsnRNc1M9+aFZTHMB0GA1UdDgQW
-BBShT/d1PnEn2vh4FZtBbivDFsd2djAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAGYyJnIuxfaHwIyiOnLc
-T3IRt4wcrAOMimrliGD1dHOozDxUnNA2gZqA11JYlTJ6QzScfOQ7Wg8XKu3mxA8u
-c2A/x1cX9PYiJ5Js37f4OBW3/sWTk+X+9G5iS3cDB4e7LDqCdf+Q4eEGlyEZ8xw3
-FgxmIZrL8hh7RlY8QIAMRc3S
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2EE.pem
new file mode 100644
index 0000000000..24330b19a6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 44 B4 F4 DB 49 50 44 B5 A2 25 5B 57 D9 F2 92 13 9E 7E 9D 39 
+    friendlyName: Invalid EE notBefore Date Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid EE notBefore Date EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw00NzAxMDExMjAxMDBaFw00OTAxMDExMjAxMDBaMGcxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTcwNQYDVQQDEy5JbnZh
+bGlkIEVFIG5vdEJlZm9yZSBEYXRlIEVFIENlcnRpZmljYXRlIFRlc3QyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtc20YJ/j2rSNlGJ/J9rqsxZKwQvD
++f2lCf9yV6nowMsJGRYdX5ERKWoqW29xpRaseNUf38roqv9TiBy5bXzOoJ3a6zfN
+SvhWPf//uk4zP5fBAEwq7VL8+UrpZBsKpbTaVIvIeOfTpvWr9qW1N9J1aH0Y5B8D
+VsFsdzrGc7rjbDvb3bz2bymkDKGW2A4XClecaAIGJiJOguEuYMhq4B5tndQ0cAQN
+QcDXS9li//HO3vlYyiRYv40hZwaTt41m5cQ21xTfFOa/ORsCa96sAL2TR64sT/u4
+DWck/9kh3qxsw9gRSkRydr1xOX3HjA6gYUl7nv04OmUSHwf/w590ry4elwIDAQAB
+o2swaTAfBgNVHSMEGDAWgBRYAYQkG7wrUpRKPaUQchRR9a86yTAdBgNVHQ4EFgQU
+mXSnPUJsL24xEXiVXHTV4VzB9nIwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAPSuzpUlBOhAZ8lTzHWdq
+Zoo5cC8+mX8vg3YOTm02idO47H/HcqUjQMJZaUr/gsnr0dABy2kuiU802/JbLp3i
+jLGTygmGtU7Wqj2t9IEgDeZdQflrYfaCm8rPqNeiwrQb0Mw52dXLMz3YFLqG1BAG
+Fqrxg2utLDQfstLrpMs2BHXsSxSBq6ad7BS32qRweNr1KXQJ4QNnRGFrOARTMxi6
+MBY3zCiMJWYtgtV6aCt9t/q1kt1NFCkc8CzFdpgV8/rz4poS4FNweXhT+RqyF7UT
+PBzHycgL90/QG2N6LlTHxux9ElHQYy8HwwxlJoE+lPv89DSLNwra1mQ8MJMu7h9+
+qg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 44 B4 F4 DB 49 50 44 B5 A2 25 5B 57 D9 F2 92 13 9E 7E 9D 39 
+    friendlyName: Invalid EE notBefore Date Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CAAA900EEACAED9E
+
+d+pM/3UW90Y4Ig/6oE1g9MLVEkCn//6Oo3HubTLjk3NM88UFOAyLp1Ifm1Dhhz2r
+njXXB7Hxz1LkRin974RKvNfHZMmrFBHNCHHGpfWP6680dVmCBygdUnBX1Ex8d9Ua
+pt2+MIq/O4ceA5ajoCLENp/l1oBaqkBNEmzJ0vO6UWjOe9TipYzmhzyIbw8K6Q7E
+BoXnQCt5kKWOWFJx3wlfhap9ecd1YxFG9C+EXzI9rJhbZ72Nm5VJSFefQ+YmnerW
+oOV05pXUm76QrcpJH5SUAMdIajUnlrXlHKXTyBAIG8iKSBg17fU3kBJil9sLBrL6
+wp9/hW54KiUBdGhQ4jyqOp0rbHALHF7Rrj0iOn8oxG+vjXywMlvH6UDY9iLBRqwq
+q0fQ3W2T/fG9XQHLBjRD/y6OgG3k4nWtOatOzPsyZsUwU97jNzVtUd4gHR/vc3im
+DmecIfmNrt4owEv1dOi6vGoowgA+tSAzzD+r+brHwynTM5YFXHBtHKlt5EaA9A6M
+hBA4hpwnhBcBVI+Ai9FZhUfPl70K9vGYlF4Xv+yclGLlTKDryVfqrT/XH7I4oImB
+LwgcywnocjjP895Te9MDpxZE+FSeiTnLoI4dks0O/kMwZ4g2R4wmc+3h0RWXFCEL
+PMCgBbHVJ/n/8vt/L6AnKgShx5dcP6gEh+2zUxzPocQP4oJt/kJslGiINQlYXzXn
+wZ7b1iKz8zfFzPhzDp9qpYH13xs6/NvAXq/VdWUqZfkHSZEs6BL5wc3LHIsrwoQm
+aPqMTn2roBW1/gRaaa6bjErKf8Kfk7S/aVyyck1LB6hhgzAtHd6ZWBegRZaEguse
+0RlePqDtJ1Aj1FkogR26ZQhVmP1k7XpQtsvOO+fGE9IAEEv2OlxLCnD9IULxbeK2
+QDiPd/AKkMXtQ1C445ayKbEYOfIU1DEBRXzXz637dy0HiOHPyslRjEKz8KwvKcMt
+Z4uLTt7h9uNzn9GuNrDZPy5k8qieM4QTCKLvgA3NUxuEQnfrVo5ySQ5yNh635AOC
+NRRhv2wpEDivSUzpOK2rdw76K4Yu81st5nwi3NSvvfX5maEV0AqUneIzZr2qK42I
+Myrq9ZVqgt9mrrKIgV2qVfStVOpYaJ0aL8Qlo8MVtjpcZ06/eIpBsE3zVcTr9xfs
+QIV4LH+/5/pEXVRQuhYLMRcpTheIUDLex/dfELb4xe/Ekf0v7/RllB2nVgxMRauT
+Z54UTj5fE4aw8Sswcg00D8Bi/BuCEnNmtR6upGsVN/8Ltpj04Ql24+YzEt0YJ4ua
+3XjM9QVd1YwsNnwIUxX4GLBFfXVLmUKUM3Ou9CuIJPcW4Ea3H/bFgl6Zf9nAX7JU
+hE7esuv6KMOgKZsTjlPhZ/k/Z3NSyNqPRQdjlaL2Ax6DGBO2Pseiyp3idLjwMyov
+P9+y/IWlR+poqb5NvZnx6LVWvIc8Zc+0ygIvOi+olaB3F+ziiYse49V298CiAAVI
+E7a24HgcjkYVLihaZ+qZInQnu5eX3JznGC6s/PTToLjDqTWrb0MJeLTjEokc7S3e
+gKA4ka4Uwx0Qhcbiag8JCr4/RMm+JTeQ5pgwOXWAw2TxKm7+qa2p/hhgH07tXTGh
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23.pem
deleted file mode 100644
index e8f2b80b3d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23.pem
+++ /dev/null
@@ -1,116 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV
-EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t
-vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD
-ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki
-QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA
-tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc
-XHLxTJCox/SL
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid IDP with indirectCRL EE Certificate Test23
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA1
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGYxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE7MDkGA1UEAxMySW52YWxp
-ZCBJRFAgd2l0aCBpbmRpcmVjdENSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjMwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJR1Ogq33bnWdnMPT8T7u4psSBkPFbwr
-6mSgwNE1ZPPI3wkF66/zJAKMPK8LTskPhZ9QVaKvAt2MnLz004Yv+rS2N5H+cvTL
-oeXp0h0SbIgwRsgHWNBoOLACifcpIqR+dGuSakGD7dHG+NClC6jVJp8mf9EzxW84
-bjJvdhmADg7LAgMBAAGjazBpMB8GA1UdIwQYMBaAFGzBFF/Ypy3ghpMZXAvwSbkl
-W+gcMB0GA1UdDgQWBBTbRhIag+0VzAQ6Vki6uTqYN+IjxzAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAGxw
-5QQhnpLypGVABOGVcbBYU+WO8Wkdo3htkGA1XHJSVggDQSbnHzX+1V/ETnAicQrh
-6ktOuzBTCLOG5TjmgKKcnS5y7rIndkGZ/3lo3DJydBzVGoLVUs5FWAvuWjIikQZO
-BEymYFtHwJh7iV0ma8n5No+re9BhnsQuWIfS7YXX
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5:
-        c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28:
-        a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2:
-        6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13:
-        25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e:
-        9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89:
-        a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e:
-        87:e8
------BEGIN X509 CRL-----
-MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy
-MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ
-uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF
-AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF
-lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b
-IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23EE.pem
new file mode 100644
index 0000000000..919f66170f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1C 9B 82 D8 89 4E 86 A0 03 5B 14 40 C5 CC 2F C7 D4 ED 03 97 
+    friendlyName: Invalid IDP with indirectCRL Test23 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid IDP with indirectCRL EE Certificate Test23
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowazELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOzA5BgNV
+BAMTMkludmFsaWQgSURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUg
+VGVzdDIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtm7caH1lpNAI
+shNu0OY69PXWaaBENPHHSe3ot0KHTb7EN9Rc4Ypl9KadClpdSmNdgUvL0QSqmdZA
+k592lYXRBS6kSlumWQpIx2SA3MWsc1XWAeWOE/aw0m6fhTQ8yL/4S97stjfJgjwl
+97G0sXcMF4DDeTNR3NHleo11/SPasoZqQvjCWfKEJ+vuzP0zW6JR6PzJdhll+VzO
+A9txxI6Vtq6gusfoq2e3Gf+9YTl03G/ta0S3Ssf/G1FZbNS9U1hSJlff969925kE
+Py2cgVq0i99mGGSf9dxLj21jgZH7lTuPYDiXz6mR6qdgK+5EKJroI+ev1qH6921R
+XOAzsi0wzwIDAQABo2swaTAfBgNVHSMEGDAWgBQl+K/8r7apGht5S9vLZCyLS7EV
+zTAdBgNVHQ4EFgQUTEZlYAf0YvkjTogjZLSWonv4Q1UwDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAdWW7
+g+KdfMOKQal4UHHE9pxyR/z3CLnVck4gGmGkdnsuaUV4BsuPC3PHCeKyNJcrLneS
+vb56GZm6WcLohMLBIsasqg7H7VK9ActQx4fC23qV2zRqtLsATIcWOKVLSYP0XNxS
+1yu967LvXoOlgF5RojE62aaLfAWgi9L8+DNyUiFMxM8ymKOr3K+AmgAQRtT3s+99
+V/t6q+2pHMQkA48GOU/0us9Pb5dQs6KDEZUmt8g5jvLiX1XrXKl1zBODmFJMViJx
+VWtSwncbqzE2DwWpmUPxN/tMFtzC9vcxf/Y3DW65hA6654YR6esTw6xJBknJv5NB
+PyJyp1AOs8KblEtA7w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1C 9B 82 D8 89 4E 86 A0 03 5B 14 40 C5 CC 2F C7 D4 ED 03 97 
+    friendlyName: Invalid IDP with indirectCRL Test23 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,48A5FEA583B75121
+
+BvzSOqMhhehMvvoyLiaXS9wzeebKAz0sV7pRF6OjYeM1yV166w4vEaU86z4Q2rQ1
+GkvIfnJ0TP+EmpHmK/qUaJALEy7GCYEcceNLNF1+ciN1wBP8z/n16ff7pOeVQHsF
+N7Zwx1oPKKMl6K3zdsNrbIYMbLMa7dx/U4+0JtAI7EtMwZ6Xuj9htCjkf+KLkSU4
+2hfom4dyTjJLiffl2Wq5YqyoJZyVgq99/LOPjIltDpL1Atrv9BSbNpZpZV7c4i8r
+R82feIJqaQwT/T3rg+7hfp2EiJGwlQv2umtlywm5Se3W6y79tjC/CSBS/kKI03SZ
+d7RETnqczKXi27wB2vSjKIQIMP4LyydfLLvSNzKQyIlWAiSELLKR4hUD8vhFykGf
+/PFox9uXQ8hP/Mzd3ZXOZwOpiLKg8aJ4FUD4VWwtnuBA7YHxPXMr5egZaALp/aYa
+9FAQgLr6qkMXBwQu9XCr7E5eXlhh6DMghNwIrnrjnecpUcUpYO9i5Gsp6jGyoGJ/
+V7UroRL4cfw61Pegz5C5KbwXtWVn8Bj6EU+TNvTdLCKUGvaoyR/7Fw1FyjHn670V
+0/P+MWtaG/Wv9TFGr+xW6ytM0lJ4E7fNXyzMDnaRKZKYLFik+Z8VsqTmrNZp2MMi
+iOEre4X6sjYY9n4o5R16H2XjOPSzCokg9DfmVN/kRZU1RrVmlSUPFeQqnGFH/Prw
+f52/LPx6mECYYj3muFSIehzcDf2GAYn/JA8xTSbKdTiJzH8OZwVqdePMpwM+3bHz
+/JfdU/+6UKAhONcHCgaFnLCUXNiEIn0eAqGsxlFDlzxVsm7GOG8a3U+LLJohx1O7
+FTLKLE95MPryQ4exC3Q4U0VvqbI1aN8oYqoOyYor2A48oPo2ptc1kZqNVHKrvBEh
+ujJTGy7KZNaidCz8zgVBEKFz/LlmAdvMprMQdxz/00RSoWXugqDDdt7X9L7pY6Fv
+4vZAW6pDFORPGIV1q9Y1zninGaMn6Yjou8tWmTl3r/lT8DsKD6pi/djhSiU8/KWH
++c2odEWSU9YSlp7yG5eylV9d/ki0iBMEp5gE4pqiybfnqOjOKSYzNBWNWPtbc3EW
+rHSrcwVRecviTLrCfN2849oyibnoN2vf2N/8KNv6+ysivEgmMpq4lmDksmNkB3ir
+kgRzjASm4zZaXbgIghn4pFWxmcfOBpJLQegX7F3sFVSoUQv+DFBOlocMlAXJKCY8
+/H1THWUVJGwlw30uQc47qt9d9SfmxgsRfGR8fPLC5WtGf3o+S/UaMvwtHmTX42TC
+GbAS9bP/ymPmK0iUyxngTmGJ3Ke8kWRihRK6M5bPdHkOHFveFbBs34e0OfLMObc4
+tX1vi+wsNT1hPEpWJisKtzzXaZ+h7msiuZrb7IODtKzwUgDL756uCgK/vxrl+VLu
+LNd9QEnnNWlfteaDNSPB7PXb95BeJ3T8kX0NCjbSQRQWq2DW1NNrgy/E49+k4VPz
+PP9XZPo4+cabHWzv8GKF/N6YceD6qAZv06x4RuKV4oGuVtnr+REIcTb8dK3CxOyL
+WQD+zIEggED3WeiAyygyV7FANxi27LbSzYJQCJnDlDQSVZ052ZhnU4Ih/dUbA2S/
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26.pem
deleted file mode 100644
index ec66261d9d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26.pem
+++ /dev/null
@@ -1,137 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV
-EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t
-vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD
-ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki
-QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA
-tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc
-XHLxTJCox/SL
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDblDsGRxVahA98R7vE
-/DS4nbSbyoerDINPIyc8wkOtWcS+y+f9O5IIdDJOZm2I5px1PA840SXYHh15o3ZW
-Vn4gFU3AgKF/CWMJ1g79LAYAMnQN/T7kSfuz/0rqhLH9tjz3Qtjt+/zy45YIny80
-7JOBLH3eLX0H2aOmsJUenp5ExQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwa+CD9XTTxDwMWI8WIm5inS7nAEwDgYD
-VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEvc066az+E8sftMAgkECVeJVw0Mcr2y
-YlJ0SAbZUNaU7KbzXxm3j8Q5v8K8GDy7EB4H0Gyh0vgsbChTAdLip7xQf7V7SetA
-nE66H4ikF/UAhXlSz+E48Qe2+L3w2weGbU3zwmNMeYkI6dmGFMfEut7hL9ak0Ulc
-0meAGzOu5kHt
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid IDP with indirectCRL EE Certificate Test26
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA2
------BEGIN CERTIFICATE-----
-MIIC4zCCAkygAwIBAgIBAzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGYxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE7MDkGA1UEAxMySW52YWxp
-ZCBJRFAgd2l0aCBpbmRpcmVjdENSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjYwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJWG0QMGGkC8v7EYNdgiIW21p0tpEHdc
-A5GWLdFuWvXKCk0fjKc6H/xux8sQgSPzqQkSVwRCvoQZuP8YbELalcOpbU1KN+NY
-xJUjVXB1FZwvz+9tBl8EXV6h+WdvQ5i0H9q5HIhiRqKx3ol2pTbnbE7Tq2lSeFZs
-J9pjj19d2bEvAgMBAAGjgcMwgcAwHwYDVR0jBBgwFoAUwa+CD9XTTxDwMWI8WIm5
-inS7nAEwHQYDVR0OBBYEFNqqzRuM3BRGiQozMByWP0u9kYvjMA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwVQYDVR0fBE4wTDBKokikRjBE
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNV
-BAMTEGluZGlyZWN0Q1JMIENBMXgwDQYJKoZIhvcNAQEFBQADgYEASYGU+PXCspmb
-cqsXmUr/HLCeEc9QXXTDPtkqweBOdgVc27fLaugIkTOEcwkHnxGBst2VRxbG7TXR
-sdcakIKE52+VN4ll8u/oPLs+rp+Fp4Xe9nMj0scOzjcSzBRMTN1VtpVoFUM1Jp5T
-JFEnAXzAMD3ex1dtQYriGo4yHKWcpkc=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5:
-        c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28:
-        a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2:
-        6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13:
-        25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e:
-        9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89:
-        a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e:
-        87:e8
------BEGIN X509 CRL-----
-MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy
-MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ
-uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF
-AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF
-lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b
-IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26EE.pem
new file mode 100644
index 0000000000..6e70b85799
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 3D B0 2E F2 05 35 87 13 B6 6F E8 54 C2 6B DF F5 0E DB AD E9 
+    friendlyName: Invalid IDP with indirectCRL Test26 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid IDP with indirectCRL EE Certificate Test26
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA2
+-----BEGIN CERTIFICATE-----
+MIID9zCCAt+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowazELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOzA5BgNV
+BAMTMkludmFsaWQgSURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUg
+VGVzdDI2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJp7Mm8AkEMq
+W4e034nVkgFmlWsFMdAxhIzcgHthAQ7sIQTi7sN7P0EenZOMSSeP0K10xy4EXyzW
+AQXFU9P4fsVpQDgh2U6fHO3t0YNikBvfOvaiZ9eQ4WPhIPx4RO0cw4iBpq5ysfSP
+WedNqTG/pc4qH3f7fXz2m85kMaNj2hUwe7/bJL00ey+PPtNU/Rt9p/fH9B+Y+iPw
+fjwIkzS79mhQqYrMlnozbZoNGPgEhIfOK7evenqKzx7uSF5U2Hl7Nhn8FyDKDSEj
+Hn7uwH0xyxwNiur6LEPT1tjp9UPAF1gkxkoTA6TsswvqYLv6AdZn9AQv2RShzjtU
+ATC1fwKXqwIDAQABo4HIMIHFMB8GA1UdIwQYMBaAFIgj4bOz8mz+Mam+i2GqO5KH
+BaSjMB0GA1UdDgQWBBQdm73CEymor8YNtVmDdOAPqDK4LDAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMFoGA1UdHwRTMFEwT6JNpEswSTEL
+MAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGTAX
+BgNVBAMTEGluZGlyZWN0Q1JMIENBMXgwDQYJKoZIhvcNAQELBQADggEBAAL+uBvK
+t4dq2d7MweVluDX0HLIGnti0R6b4E/IVXl10IPGh+X1XijPwVfV2Qm/5hDw6BXqh
+t/rs1JoEwEEJ6y+O2XAJjJtHWwI9hzwgW3DOj9qIK5BZ1iGlvINyF2zCbTfrralf
+6xWNJ1ranPB881cS0LzAMt0BhfhzjPC/NSs4gwu1MXY7MEUR6WPlUzhw/s4gnEtC
+0ZJFHYC8ZxC3WNHOgS9P4hVibw9dvZVFrtF+eNogqxuJqABvMv5qWJFd2h96ErVk
+ZjYHStm+iX+qoygvbRV/b88Oby7CCLevBru0T/TsyFPfxxx4m1bLjpdfaz2wPrZV
+RnN3PlAouVSXbb4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3D B0 2E F2 05 35 87 13 B6 6F E8 54 C2 6B DF F5 0E DB AD E9 
+    friendlyName: Invalid IDP with indirectCRL Test26 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,890D36A52515C723
+
+BuvcGzvcJdjeMJfbJwLTep9xfmuaoQmVL7ApyJF7FLCghz6Uay8cCpaULPB27Z69
+LRSHtaZB23jYdSSdC0dy/94a1QsAPRdt+OfrnXE2M/pd/TGLM36EKANr0uslDIaF
+B3DBHsM3fV00UqCVCLZANUEKGEF3DNQ7F9uXQYDgvpWkLdoenC/bnIw6f9NO7ZZE
+kQYLZj9WH8KIo0EH3DlAg456UeVkawsYYlBRQTnUUbFEOpsM1q+xwMjpiDJfg9vI
+72nGeElfy9O7QWDQzEKui8LrMiIk7YVev42awnwjCiEhGIqKrwpQv+JPv0tAf9KK
+v5nrzpitqv9/jtZTkGoIQDg9CueDr1UvDGSBOKgFSdgDihwTbmS7xzM2cS1awXMF
+2RgFIrRSg0fR4iU6mJn3tqzxFmzg7TKYWEKvGhcEuJsKo3637Ru6xzpq41iMfccw
+FtzLLAVdYW3t3DVd0Dwkg2WzJCxm8W0mLnQ1Sa6rsXiK4uaFKnbIC6L/wZyZqnCf
+GzyPHmjh1Watm/znXrbUV8wtpKPX4UD4kxt9O5HO0XdM50Fq3QkEw0KCfbKzkcqG
+2ARJzY/Z+DfK/atudcg1LNy8RieTPrgUcuPkrlN8Vvu/vpqGt8bHKFh1SOOju8fX
+WwWUb0MQBOordLkD+sTPBn9SYZ7GnfHxtIbzCWkzkuBIDVWx8bvW/01+i59k0wed
+96WRazUK5cz0w94DgZ9MLdY1tUGoR9LdykLdQxrQO6m5WuFy7+aqLrF8+1UBqqXj
+WmaP+soIGcc83f2Yx7No5PD0oEJzbTRCSVK7/Yf84UvrptHAF8bLYeX84D+9DTEp
+HuVpsteNClcXuw6qlj2+RgwjFtZ/a4dECtuIWg6yC17YB+kuso0A4F0ESSEC9ghL
+CWz7bcvtE2UxPG51RC1UY/xWDdOdtTVEWdrGen2ypU9h0m7Zgd78LivGZ0mL/mmF
+ykZDHY+zok28LJiKuLdX6VEoP82uKD7pJ389QkRVUIgseQtq3egGt0HZ73PRFB1E
+kXvqHtJz63voKyyd165fscJ7kl+gJO1m1cZa0pDRVGv491fNboukFrRDcaGyrp2d
+G1L54kvoy+gcKF630Ob4DYvRdi1ti78r7PJ/uwnNfpEE+bBu+AL7HO5TTYPn3V8h
+ARYmHJ3UOEOdoU0We3DSn3yYQSEsSlsL8asAat3qCNuPr8/1siCD52238TqPl5wA
+86fQmEd80rK87iJx8mpYZ4GVK54abh9FMuhajpR9wfNPF9ts+cwPnFOajKmK8IFU
+KXZbSVG2zFMl1wb6WEV0KVsVNZI1rmyrI8pa/l6ZxEKRKITtrV/pX2c7+4QWe6aJ
+iIPHTzjEDtLztB8GVFaRKtUp2GVXE0K1XN5WWTXLTmdG8ZqJ53lKfKrSnV3MOa5c
+Q3lT9dZnSc+kMPiGbJEVlZSqaNlbRtxpyssvRmH3apd76KdmYHSgs3R7rBJU1iA1
+4jzQFQvu1yA92Yy5ODuv8hTwrXxim7WH8oQmhvaQ2qkkhG+NMy/Hebrn3EMEFBoe
+cjIti5UdMcN9/kSmUuuQSHsTxyTwYpGjtgvFGwedSJ1XcOig+/xsVA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18.pem
deleted file mode 100644
index 81cb0d51d7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18.pem
+++ /dev/null
@@ -1,115 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Long Serial Number CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVTG9uZyBTZXJp
-YWwgTnVtYmVyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1mCudsqPk
-irIFe3XQBPzhyyRQyreJH26B3Yg6kYq1Obd6I1j7Ber4BDVyCCAvnS6rNkzsbaJf
-+sWVf27Vug0uhasZx/3XGc0DbhZNr5iYknU1LEh8Ccq1Oymq0LPolAHqaJNOaYpb
-K5Fq0P0RDcBK/ENgmtdY0CJrR7MWUTttqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU3z1I++My57kmUova7PgJT7PH
-36YwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHJqd5P8eBN05uB3+fPCfVjO
-qX7csbAx6X1LNibOoWDlB9Y6fElHQS+i8HDPmIIdC7N/9xoCW/fhzZqb6VKDQXNM
-9pwf6jOJKnNQOaQISdoIvj2Jn1FoE4Bo1SGGQo6ZgCWfXPA1TE93BXTua9Oa+FZ5
-fhG3y3gMYLC6ciKePSDf
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Long Serial Number EE Certificate Test18
-issuer=/C=US/O=Test Certificates/CN=Long Serial Number CA
------BEGIN CERTIFICATE-----
-MIICoTCCAgqgAwIBAgIUfwECAwQFBgcICQoLDA0ODxAREhMwDQYJKoZIhvcNAQEF
-BQAwSTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4w
-HAYDVQQDExVMb25nIFNlcmlhbCBOdW1iZXIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcN
-MTEwNDE5MTQ1NzIwWjBkMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0
-aWZpY2F0ZXMxOTA3BgNVBAMTMEludmFsaWQgTG9uZyBTZXJpYWwgTnVtYmVyIEVF
-IENlcnRpZmljYXRlIFRlc3QxODCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-2sI1yl0rje3fSYBkT9yPudlTELF0ndMo5oaWr8vE9UjhpBrgSFFtYu6GZAbqeZEB
-i0faI9SWBl06pWZj47auSdPeU0Akrzn6If3Vc2eVJKCtAHQuxnd9dToJDqjIiA0z
-YVT7YTE7zLs9d0HHhDhM/VYqBKqtqrOTEhss0ryQRSsCAwEAAaNrMGkwHwYDVR0j
-BBgwFoAU3z1I++My57kmUova7PgJT7PH36YwHQYDVR0OBBYEFLVbztWeCD3WQICU
-BucmQT4POFoDMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDQYJKoZIhvcNAQEFBQADgYEAZjyhu29ssno3io8WqDGabhCgGRL6lS3tgEsq
-k5sxDXO5xgZf//iGlwXTy8w2H+MZ/SX+2acfmFnALYXcGkK5ZHjKQjMOpJZwF/kB
-mzJP4HDEVY5lsvPyVKYqks4lRkbJOMXVBh3Ub5/ag1eOcTeljYhwU66DUMByVzQP
-1RwAcK8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Long Serial Number CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DF:3D:48:FB:E3:32:E7:B9:26:52:8B:DA:EC:F8:09:4F:B3:C7:DF:A6
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 7F0102030405060708090A0B0C0D0E0F10111213
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        7a:20:63:9e:55:8d:d1:c3:ab:3f:37:97:45:61:6c:a3:21:9f:
-        83:bd:ce:63:48:7c:a8:ca:36:15:02:3b:1b:51:66:e0:23:df:
-        de:ea:86:72:e6:92:9a:63:c7:0e:31:30:ee:62:83:1c:3e:23:
-        20:29:23:ec:aa:2e:f6:18:ba:94:45:e7:af:5e:44:0d:3c:2b:
-        13:6b:8c:7c:7a:6d:a2:f7:b5:9e:ea:d6:f9:9d:4d:31:91:8f:
-        ea:4d:b7:ef:5f:5a:2e:63:fc:37:02:5a:db:a6:3e:de:6b:a7:
-        84:83:d2:a7:5b:e2:07:85:9f:0a:03:f0:33:53:eb:a3:d1:d4:
-        16:02
------BEGIN X509 CRL-----
-MIIBeTCB4wIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJl
-ciBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA1MDMCFH8BAgMEBQYH
-CAkKCwwNDg8QERITFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8G
-A1UdIwQYMBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAHogY55VjdHDqz83l0VhbKMhn4O9zmNIfKjKNhUCOxtRZuAj
-397qhnLmkppjxw4xMO5igxw+IyApI+yqLvYYupRF569eRA08KxNrjHx6baL3tZ7q
-1vmdTTGRj+pNt+9fWi5j/DcCWtumPt5rp4SD0qdb4geFnwoD8DNT66PR1BYC
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18EE.pem
new file mode 100644
index 0000000000..3fda53159a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 92 F9 81 17 68 15 DD D6 FE 9B CD 7C E0 AA 62 28 9A B4 D5 7E 
+    friendlyName: Invalid Long Serial Number Test18 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Long Serial Number EE Certificate Test18
+issuer=/C=US/O=Test Certificates 2011/CN=Long Serial Number CA
+-----BEGIN CERTIFICATE-----
+MIIDsDCCApigAwIBAgIUfwECAwQFBgcICQoLDA0ODxAREhMwDQYJKoZIhvcNAQEL
+BQAwTjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJlciBDQTAeFw0xMDAxMDEwODMw
+MDBaFw0zMDEyMzEwODMwMDBaMGkxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMTkwNwYDVQQDEzBJbnZhbGlkIExvbmcgU2VyaWFs
+IE51bWJlciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTgwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDGM6BFTNKAqi4hroDetUQaaLcSL1wz3qHK8yuKvBRb8Xfw
+OUPa8/hk8GA1HMsJSbs+X5vdq3mTlGehpLFFWimXhMUPY0GbYgo9wR68xGohj4SB
+57eYDXqc5X3Yu6N1nspAH7VxHkeLtKVbj8ggJzw1nsoW2f9Qd1FKHvH8+ds1HiqR
+FabGg2Aeyq0roXZNBASnXPagI+t2Qe3XME2ZDkdtUW8p4L15IegiNSNYnbVGiT94
+KVHtnEmuXmj7pslehnPu884Bi0KBzVRVQujp3bmu6lW59JAXRmNhTrMHyHrTdmOC
+zR5jds44d9e96mM25boq3k3Q8ItLi+FsIj6r86IZAgMBAAGjazBpMB8GA1UdIwQY
+MBaAFAtjt0euwgcyG39v4zq46gv/12SkMB0GA1UdDgQWBBSioFR+93C1hrptVnU8
+tv8CWImEdDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA0GCSqGSIb3DQEBCwUAA4IBAQBZtZv/5s2Km20KY3ZKpVYTYffZ/ITIojuqcInT
+P6lsq+tT5+Akm26rPffWJ7gUkjHKr5vpMpScFTMLYCIs9KWoSmv9INeZBjsbFt+N
+B/GPj7PM0zYlgoRdVZYlmXOgJ+XBhIZ3QwgK+Es2DBWpEdpXBmls8o6QfbwUx7bN
+mJ5UhtC8SOrPsHz9BkiZ5oD1PmbcMY4m8Z6wmjiQzHUw2c9sDdWrxqJ9Gw/uCZif
+C8OFAtKeCUbIS/1H4r+PQV6k51tgFZH8nluvWYTQPL/uCbAbfHlDpbWqQRRJce2/
+OtRZsO6qQznDK+2y75B5aTCq2fhT8UvxA6NgKHhh4rFBdTrG
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 92 F9 81 17 68 15 DD D6 FE 9B CD 7C E0 AA 62 28 9A B4 D5 7E 
+    friendlyName: Invalid Long Serial Number Test18 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,34BA072362B77DFE
+
+BP22t+h1zL/WWHrXvkKh5OFPlIwzhZ2jkQMTxl49VtK1AyIo58NsQQnghfoQ3Ct8
+mBfrFDuG3qyyshyDp47CvXiOyckjOX8eyG4BOhfuadqk8/d2bAUddXLSw9ijE/hL
+C9P6OdRU6WdTc1UiMF7sLfIcO22cewEuoR/+ZKMT4ZI4fCDyD6gbvtu5au9xcSdU
+q58vvWTOQ5zCZktiqWphRzv9cBe2B7bzvSRvzuFWiw4reIZZa30/H+Al5p+T98f8
+3Pujr5Fnigb+xHUnk3kokSoWXUX9gh0ckU5sGpeWXma00EF4gkW/qV9lOTlTAycV
+7X8lsIKwsUnBcE/nNmvku21M+BpKP4EKBefTLFCKqLUjltDobSzPqoNg2fdZGqDj
+tb32RwEowFV3kFfRe2OpdXiaTwMk0s9tytEf1F21NKVhqZ6ILNgnWHp/Vk263XXT
+bedwgSEel/I3c3DGRaR71ETabsrkpQ5vi6+0AUm4XuW5H84gqXXJ884Z+RNkXEAT
+lpRhfg3JV1WR5ardhyTDKcx3VZHjRSxBLUvDp9O5YwAEecENQgf+QTAYnPnOeXHX
+fye/sspezzKF3fb1rAB3yuUDjzTd2ov5Z1eJqmzsaI17lw60TONTACMEv4QL/T/f
+AKyE5h0f90EjVkU/vj9YhA8JF1kt1NEPZWaGvw3LdXY6vLa68/KQcS4auUI3CH2U
+MzgYT6VCjiOwZUlrW73oFRKA9dfQhgVjxeG6pj5GvN8gYkiHRLSJnBYrmZJGEveF
+WGYVQKr1HRz67GDGvAF9AnMcYaXJNrAGwMdO+xm0I9hKoYdfeLhxyXLMfl6+YZxN
+lHSvY4F0tv514A3P1ISELU306JtGuKiVI9ZwTJukak2QGYHd1ctokPJ/yvOJ3UfK
+QYOxGLgUR/HKVpkL+X7IuDoRoiybK+NaPhnJvQSttl8F3ZRkuhXkB5S5n4FdizXk
+kEpL8ojKm+C2oJqnrDLVUBfOFjShqDzbbfVBTY2T6vI8lyH/IwHn6rBkU8HaP/X6
+t4REr7Vk6F9f8PlBfIAGSIHeWhoPalUWcY8WxxatwODX3X7+o2ylvfqAyYwLn2lg
+kvIawM4Dpfv7n63NxLdNpG4g9pnPTicrasGCBRKiEJ9WvGGXJmClKoi+dXLaZsci
+0eS06glbt4Q7JU+BhM4ehnjOJNdKWBH9fLpTybEiT4o5mBbMPU3rsxhaClSA08iB
+v6tMSvltG3hZpfd6x0uz/j6x+Bby6F0plMVcLyf/4Vn9ld7N3Kml9fH9ACYZaiWx
+pmppHMiUMS+VRtbj4fS5IXe7lYEb3TTbtUccYGkUiI0lDkoF1fMlarQ+MLHjANWo
+cn3bi/+GHp8//dPcO8z1z7B/fTctrs7IsIp3foaqLLxGKIqrYApDLTzBDiX5PLcc
+/5uyy+q9F/jf4UWwHa0RhfwIRZJp4ZNbnMnbzuJpWQjG3609kw6eSJtE4czM2X+T
+3n252jwqRZFK77eXns9ovYU6eEISj5CoK/HFLOt0kHP5zVOWiKFm8x+qY4iyEXlh
+3ZVw3/MLrrLbmNbbgTfPeSUAvNZ+xJTpbHT/qFpFwmyzpH2x3CIg8lTzaUjCgGWV
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7.pem
deleted file mode 100644
index 792032e282..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Mapping From anyPolicy EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=Mapping From anyPolicy CA
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU1hcHBpbmcgRnJv
-bSBhbnlQb2xpY3kgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBn
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPDA6BgNV
-BAMTM0ludmFsaWQgTWFwcGluZyBGcm9tIGFueVBvbGljeSBFRSBDZXJ0aWZpY2F0
-ZSBUZXN0NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtfiBNk2i7y/WBuI5
-GCW0+6q3VwFnT3frj/wV+Ie2r2bKy2iasXlilOldX5jcywoO2qcMHUmoeK2eE6rM
-/ffDK4Zd4EhJJ5RJdgoWhjBpfKNGD73JlCIAVGGooCiVx9zJICN9DFl/X6hybpM8
-Gs/BWxcHB7vzpzCGqKwI91lstiUCAwEAAaNrMGkwHwYDVR0jBBgwFoAU98GrNdgv
-hgNaNjdZb8HBpG2kpEgwHQYDVR0OBBYEFNuifbLkKO+WtPZNnKM58l/XwUD6MA4G
-A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
-AQEFBQADgYEAXZ+i/Dd4d11xpuKLT90bOID/badZcsjgBbJ2hTG4JhzrHQN6kxzI
-Xt3L5FBaqgg1SfvC0K6/eex8SDEdEJ5LlbmflMths7r8DICoo3Dyo+y/G6ziqRR7
-fOrYKBk6zhliAHXNqrtQ/fUCCNke/OMk62U7WgbaQuELj+tzZHPHShA=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Mapping From anyPolicy CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICrjCCAhegAwIBAgIBMzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZTWFwcGluZyBG
-cm9tIGFueVBvbGljeSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmMII
-TPwdFq+61dFOwrrjLrVHakDcX3fO14s58oprgJ0Qcm88Fjs1+HyurbqB1r7rySfg
-zIZhJjb6ZZqV4qwd2fyQGhYHSctVTxOfxYc+JnK/eLQ09eCM0Uv2U2e9AyyObT0A
-Gt8DpfnfiMrkyadyKRICC/6dOHLb/OnT82jrw/UCAwEAAaOBqjCBpzAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU98GrNdgvhgNaNjdZ
-b8HBpG2kpEgwDgYDVR0PAQH/BAQDAgEGMBEGA1UdIAQKMAgwBgYEVR0gADAgBgNV
-HSEBAf8EFjAUMBIGBFUdIAAGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAP
-BgNVHSQBAf8EBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAImTlpjaX4CkEQLrZZsd
-iyLe+gkOFWF7maBKcZQcCHDUNuIGFeYmRqB+eXsYqooAvYOUfSz30L709ODiWLH4
-Zm5y79xssrJYzS+sDfDHmNMjKo/U9Dj4nVO+ln6PGGe8PPW7P04gUXcQjJFHCLfh
-+czJLt8J7JUOUznIvSEIIsto
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Mapping From anyPolicy CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F7:C1:AB:35:D8:2F:86:03:5A:36:37:59:6F:C1:C1:A4:6D:A4:A4:48
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        05:b0:d2:68:c9:a0:5c:dd:e8:e0:e1:ed:95:35:cd:01:70:d6:
-        24:88:d7:37:d3:05:59:04:38:c3:51:64:ca:aa:c4:07:31:80:
-        c5:12:d7:9a:38:5f:67:c7:dd:0b:05:98:71:a1:b3:65:dd:09:
-        cb:87:c5:8a:e2:bf:26:27:0a:56:0b:8d:c3:46:b1:75:4f:f3:
-        03:5b:3d:ec:84:f9:e1:03:ee:a1:8a:c7:e9:22:6f:29:b2:6b:
-        64:02:e4:aa:7b:5e:bd:84:fe:af:a9:25:98:7d:7b:b8:f0:ef:
-        3f:df:f9:26:a6:84:d0:16:6e:b9:2d:bd:15:95:8f:47:7a:a8:
-        28:28
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU1hcHBpbmcgRnJvbSBhbnlQ
-b2xpY3kgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFPfBqzXYL4YDWjY3WW/BwaRtpKRIMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAAWw0mjJoFzd6ODh7ZU1zQFw1iSI1zfTBVkEOMNRZMqqxAcxgMUS
-15o4X2fH3QsFmHGhs2XdCcuHxYrivyYnClYLjcNGsXVP8wNbPeyE+eED7qGKx+ki
-bymya2QC5Kp7Xr2E/q+pJZh9e7jw7z/f+SamhNAWbrktvRWVj0d6qCgo
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7EE.pem
new file mode 100644
index 0000000000..f378d4d029
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 0F 0F B4 FA C4 86 AD 59 C5 CB 92 28 10 E7 7E AF 50 2F 13 C3 
+    friendlyName: Invalid Mapping From anyPolicy Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Mapping From anyPolicy EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=Mapping From anyPolicy CA
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZTWFwcGlu
+ZyBGcm9tIGFueVBvbGljeSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMGwxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMTwwOgYDVQQDEzNJbnZhbGlkIE1hcHBpbmcgRnJvbSBhbnlQb2xpY3kgRUUg
+Q2VydGlmaWNhdGUgVGVzdDcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDF9e5qo1oWtVVI+OfFQW0ZD4HihKuXcOZyHrCSc/UQJuc4inG5/g8CLClzXX9g
+xSnOeyREom5k1AY0N+W/ynyH31lbKPVZvBmT/nMMhgzIVq691d3O3wSIiYEH44Oi
+wMyhkY+mCRHerh0LktpIX5fnmS0FvT1wYAVFiECrFPCOR2cNsvKL8KZOutoJYtIG
+nM2QtKcUYfdYhwpKq+3f1ae8nlErlhWS8GIn0C7E8x1HPeoCPAoPBuM9BDsa4q7R
+tQ8vkCiL+7mMMf02mBvY6qddPK+LpCvaFZSTFGFZwX7T+TQUXnZtYRFjI0aMWajm
+X7NGQYjwDrojn0v07UMmjLmlAgMBAAGjazBpMB8GA1UdIwQYMBaAFGhzFOALNM9y
+QNqUltYVq3qkby6MMB0GA1UdDgQWBBQxi4iTbnfO7LvkRyyrlaUs+tKzdTAOBgNV
+HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEB
+CwUAA4IBAQA730R9YAV/PansUKZky4hN5m2RQibLIju1MNH6xqQD0T7Bkq4aP1mQ
+TqzZbk7n7v1hcLpLxDZDQnZZ1AQAHQl5JNjLMwKgonL8gX0YLIypXXFeZtxU7oJR
+zdmVNPxTmcnPgLcMm6uPVRGR76qV2DhhgSWYV4C4ewIuEG1Zl6x4azJ5eOkL5xp1
+yM9ara/0T+lGywgOr06T0+76/Kmwrr+kF+fHXkb5r8unU32lvSpIuKKxkyjEcN6A
+1s9g6BxFkfpNVzZUuXphYoAy0olkMAvUWmrAeMz/jP9Zq4Bmq8UHLGmFFg4y5+fh
+6OV3RFRDk3BzX8WuG40rlzE1IYgDDmV/
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0F 0F B4 FA C4 86 AD 59 C5 CB 92 28 10 E7 7E AF 50 2F 13 C3 
+    friendlyName: Invalid Mapping From anyPolicy Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A906794B7E07D855
+
+oFcaEPtdmJzgte9y/6wrEQ3s6bIGNZNXWACnA+udLYD/fHdN62qALuN+ajqeeIPP
+Kr4BxU+M4TLcImd4zpqLqvJyDtySGIBZhc7dplXjviJOaG5/DzrvvSesg2oOugqI
+B721nJmoeKilLMd5StbBFt/4xPe60eB6IeUlura3IMMitV2WK3SR390LfnU9H48g
+10jlzTxyoyFpXfLkoV2SHlu6ujz5MXdvnaKeJUbFvsAGXnzyU+c+Z0sTzlkiE3Lu
+8CPDVMDNQDcbSoUOoI81v4cI71j2QVdnH2W2wtsrjImoxtUUkSOc2e2HM75UTorh
+PgsS7WzMxWONng6OurElcH7mbciVCmEc0razbJb2NHnbp5tp+iLeJAAeDSCgUpwM
+QaqLBciEY4ds5/6guGd3AuKOX3D6oi1ARTvyXSDAFoGVgMdiBj7yc28W2xatqJHI
+q8DBt6Qhl0JoYu9uyg74PZf9VBD85/vIlZXrNRWwwJ2iTwbY3pBehqpXMCbYBZ3F
+gjRj9tn+peVlpggZlvYo6gRm0Uo2HnLLqURljHCFKzxh7B2he3Ud+xJrxrMlpQsN
+XQDB87Ej1RjjRfzBIZbQhZsxoqEoHrSbsHDMa5zVLN0Uy/yCEmw99YaZx0utrsGK
+0ZWawS58TqvfFRFne8zFl/8ZFB420yXpBWh248IYCF45atHzGTAqxtpuKxAbxcc2
+DcuchCX1zGFpcoyBl5aytL9TVSaxeNARzk35nGx8JrO/niIM59VwgGVI5UCarhqI
+dfsS2wY3f74vSGlv8i2d1r3GT7UMM6hm9UDRqR+78KKicQ98eCVrqDylghOa1udZ
+mFaOcdlm1lJYh/rLPZynLBXjzaAqjCS/vo0zMV/+i/mOGOCcYzXCBw7oNSWSGOcX
+9jCZkDpNorgfzsuS7pl7xyUi2Lk/7LF5s+qwiT+DdQkNN+nPf0QfQBcB/cQcOM+U
+pksQbvIV7v2y2iqiQYpNp6I/PWROaKWpGAUjLevtKpxYezaJjjmtpx4y+5mQtSxh
+BZi8HUjSXA5qGtjj0eozhen9WFsweuXMQL1RmIBL8UWvXFNcH2DIZ92KnkwPcVKU
+0qF9TSkV/mMEPAXjxu03V4ByEaJiiQ1tmmT8MUJxR2DnPLDwXhLQrxC4atfNxPGH
+NNdLGFt9CEE7VSjyDs1H+sLlHEsK1Oh/ADVbHmg/iOR5ZfFyDS7vj9g6PjTB2qsQ
+Lv1qjtns+XpLkknri04PqcxEadolJPu9wfMERdjq4GVwTvoSb5H31IdcOZKoBksy
+bvSeTfpoIGXR39lDPfYWQdc1SyORg2JKYXvEUo2BVaAK6MDmhQ63nyTVxO9I6oNM
+ZUE15sTeuHmYU9MXVqjM4vviON0pTzuTSobTxtdCZljYZqoWI8yVUFiQTzwFGvCj
+kBvImf6h4G67dkLr1y8oWuEqVdVyTIUmgmdvtFhXI7M/7xtsGpOqbG53QYC73G5R
+nrNdMMLMBd+sCV+G2XFSYhlCCB2EctBqegMoN4/ZbXkC9QjFQT1Ce8B8JzxhwBOA
+tv2N8hHzXMH/gexgaIYjmweefcWMB5Mx22b0l7v5NNK8PwWoBmjYIXM3Py8MxrJ1
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8.pem
deleted file mode 100644
index 9981bba023..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Mapping To anyPolicy EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=Mapping To anyPolicy CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF01hcHBpbmcgVG8g
-YW55UG9saWN5IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIE1hcHBpbmcgVG8gYW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRl
-c3Q4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1bl/gTqVbi6yVtJxnXxNx
-DlekTcCxPmcwCs7HEqTWzpbyvYxgoXfNIP7bjtabs/IK9+SG1YQpqAHt/UFImBzC
-jdgEBzfRwt2eGR4wSeGN09s2jAjT2aq9dbkF+Ib99D2DNKjlPKBbb4GeNWnNEDno
-yf4eZEPAx8P3QSsAfUqocQIDAQABo2UwYzAfBgNVHSMEGDAWgBS6gMx6LKdjWhCr
-Tj+ExFNVCmn6HTAdBgNVHQ4EFgQUm+ENjbV3/gxDFuaWw6Dwa1YRk3swDgYDVR0P
-AQH/BAQDAgTwMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQUFAAOBgQCQ
-H92kSHC9YZU7taUlRQda3eEkg775JMosyIMd1DwSzbT/wRoWU7/6BnsV99dq1Ja8
-2pZn316o7wfz6POeSg/VzNFd4HC+j84NTUMBrFt/SSdoqh1CkUXNAKbqffDzn4gN
-Sry4MX5zRGXwI3GYFol9TnNutj6HQl9Tr3iolkPufg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Mapping To anyPolicy CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBNDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXTWFwcGluZyBU
-byBhbnlQb2xpY3kgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJrojWZR
-mKqz0wTzKWxK+BvdLHiNYkl7deU8v1nJqthPCd0D2ZxiM1IwaskiG9Nm+sO+91AZ
-pk/QFCW8XKa70to819onqj29QyYeO8ukMtlXuLI0pXVjyN4cWxfHH9o5IUH897/t
-hcTbFWYC1+TqZUNaPASnCw67YZejfdZZtD4VAgMBAAGjgbAwga0wHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFLqAzHosp2NaEKtOP4TE
-U1UKafodMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-IAYDVR0hAQH/BBYwFDASBgpghkgBZQMCATABBgRVHSAAMA8GA1UdEwEB/wQFMAMB
-Af8wDwYDVR0kAQH/BAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQC4HMzKV0x+spl2
-wCvBKf+ArCiSCklHEDKpj3HrJ7zIH1lqU73rZjOJQB3hsnSMYEB+ch4DQNDzOQIB
-bGspRwEeTIRjZ1u6CZ9h+kIVu2R4eyfq9mNYOvYFeY/kB/zwrMQnoeJtJ9sQ6IQi
-rwtT53uxl1gZv4pBZRIURDq8KEyoUQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Mapping To anyPolicy CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:BA:80:CC:7A:2C:A7:63:5A:10:AB:4E:3F:84:C4:53:55:0A:69:FA:1D
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        92:da:09:1f:2a:48:11:8d:5a:7b:8f:a6:74:bc:32:70:4a:03:
-        30:8b:f1:26:b4:cf:a0:9c:9d:89:84:98:71:48:4f:93:09:59:
-        08:c0:07:e4:65:bf:12:ca:49:90:3d:36:f3:31:83:3e:34:b3:
-        9a:df:d3:a4:f6:7d:cb:ee:5b:1e:cf:e0:70:25:94:0e:0e:54:
-        9c:32:4a:50:41:ea:bf:f4:57:d3:53:02:7c:c7:bc:d4:04:a9:
-        9f:36:51:04:26:6f:37:1f:62:8a:ea:f7:7b:2f:d1:24:53:17:
-        de:db:e1:ce:89:00:3e:71:23:73:b2:da:af:79:f7:4a:2b:a4:
-        2a:bb
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF01hcHBpbmcgVG8gYW55UG9s
-aWN5IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBS6gMx6LKdjWhCrTj+ExFNVCmn6HTAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQCS2gkfKkgRjVp7j6Z0vDJwSgMwi/EmtM+gnJ2JhJhxSE+TCVkIwAfk
-Zb8SykmQPTbzMYM+NLOa39Ok9n3L7lsez+BwJZQODlScMkpQQeq/9FfTUwJ8x7zU
-BKmfNlEEJm83H2KK6vd7L9EkUxfe2+HOiQA+cSNzstqvefdKK6Qquw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8EE.pem
new file mode 100644
index 0000000000..7ec0a9a27e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1D F9 67 26 C4 8C DA E1 53 C3 F9 DF DC FE BC EA E0 D8 AF 13 
+    friendlyName: Invalid Mapping To anyPolicy Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Mapping To anyPolicy EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=Mapping To anyPolicy CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXTWFwcGlu
+ZyBUbyBhbnlQb2xpY3kgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBNYXBwaW5nIFRvIGFueVBvbGljeSBFRSBDZXJ0
+aWZpY2F0ZSBUZXN0ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMr1
+1erPw8vN57992tE1rFW83nzG1kHn6XMLHEmZkIdJASQbO/ZReTiFot1Xi+K6PpBO
+mGbcSQ8uXLxWZVCk4fIwD6a0MU2Jmy5oHWFd4dqDmsBUroCbhiU5wrDWv49zV6ap
+PmqPeQrLsN7FV0cwrFqS6YqU7MHaBkEoRlFvT8FyvyDb2SYaMbF1Vc3GPWudBQPo
+Uq8qwpBYriAflA3P2dO4bTnr09XDZxV2FGbH6cVuKVpwErEHFYZ77ykngP9VfTQO
+dXhygSD0jWvCgTqg5jXkcdfyyT1zxbVSGusMw+lBh3wBJKo0hJWq0Qup7GQkFV09
+m0iTMj1vhbasHvBCPDUCAwEAAaNlMGMwHwYDVR0jBBgwFoAUFCztk/EeGnAVlIst
+k7SY0rcFCKwwHQYDVR0OBBYEFKLkfME6MVHySnJusYPgXpJL2uCoMA4GA1UdDwEB
+/wQEAwIE8DARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAE2j
+J+NBiXf7fiA+1jBa1NWMTi/Fkrt7h35JicUUr6GGsfmS722UHOxcnqsxm22aqu04
+HYld9m4FA6/ntPRQj1uDw26FM3r9sPXKExdF+Ohufqd7ACiiE4KXF94Be5oHk6YP
+tfbMxoNx1C6gJqAr5nqLLGxuV/NfUKH2RnvU2QDVNZ1MjlooubzTtEeORrVnLqIh
+8Qt3olTa1dYY1t+bAmea7+vyVd7aK+CXQ/iSCyVpX+oMkJGh263OLXGsniXK1A3d
+HWf5jgBRLr5aUQe4prFZ/cgM+gFe0QNe88ObgrgKHL14OJw210WKHazf1xQKErar
+Jk9IJeH/nwZq46/Nhn0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1D F9 67 26 C4 8C DA E1 53 C3 F9 DF DC FE BC EA E0 D8 AF 13 
+    friendlyName: Invalid Mapping To anyPolicy Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4ECA13BB3BB90EC3
+
+SDIdiEs9qfLaXJ4j393SyXyi1O9vQdH+XanYSz8aVIMNPXL56Kz1UkiV+JBqhTVI
+C44UDsPE/Hra72K8RA9GeARFBS5SggpUm4UoefVHq/v6Utm+UAZQGLKr+W2NCLMH
+KpJPRs1iECtVZ4iyVVxtAAWZGE2kf2aEknOiVhiQnZfiR9YA/5wigmJKQJK8JrLh
+XWgTDqXtXVRI4sJjomLfVRSBy4Robmoed4o24rLY9MD2Te4v7ASDpJYGXH6oVBBf
+V5GB0vRWJ/nmNuNGLmcW2dS+gaaeFQl4+rECtsXUqT/AK+nLH1Cr2B+FN1IRBIzA
+Q7o4LsObBn6BDZyk8jpFgEkq3j4EPF3SB5zM6gFWmER9UQgaSZKSjwbbChKVAZDC
+DbKViSJ9WcyA2tQYI6rYYIkDHI3ipVcYwvg1cVzWqVvX4q68QOfesaZcOHApv3G1
+rgDdanA85hcf/2l8nGdlDBAjuPazygc1eZM2ircZtRQXFlEfqsc7vtQOg9y3no4w
+5G8C6EslaIgbncaNHdr1E8iEO6PKRsoQGmAZrodUnsXXxW3V0/XHHL5DM47Ye1UJ
+Xm8S9LUfH2F05p9YaJ2ZUlx6glE2q7SrRmALUVLWVzVRZHbFVx4cpvVEpTYANgBe
+qN6KpvjDCAxKly6GtoWuSH+HtjZaPoIi7Ksg8jnAg6VGolAenGUmdeIrMSHDLdt0
+bmJIp7o/Gx3U3deAcvyIGZzDK4A8z21HdxRu1/hLq4981wHJxHeZZPgHZToP0+PQ
+jSoSyeO7cKoBlex3xFz92y5fsf+xu8g2UR8ghYUzsrRK8jsbkQEhP8pmRgCBDkKe
+Gq5iVshIWSI9M8A8hmxwhNCAr83pEqmY4uIeQzMz8JA8fA5z7bZQ7/Kdo1MBac1D
+vGL7uO7rEijBMiL7K5Q5P8fTFG7z0tNd19OaTa/kZ38FSKa82lgZmEB7+mQoaRk+
+7JwmW39vGsKeJ9NxAZ+cBvS6ECCi1L4ze4uGRjos2X1yrjFziWdTp76Ys8MuHkWZ
+LIQhpSCVkYJBTtL9kWf4dWlBIU8LV3LdvKlHVUVxVgpFgWh68N/JSbPhL2G9NxQG
+mF/BR9NchW83nE79tOpUKv9Xz82xWphTgh1vx3pSBV21rxZtCwkE6aOzZtN1GOzf
+BlrAAzB5OE8LDm5RDSkDgVcOE5Wy3IWFn+1tbVY+TsnHExuyrBr8q/rfys50PfCc
+9mAQgXQpD+MR1MnkdTLKXi4hBbX/wlA8Jtq9nsuap2MgDPX0SfwLWeV1vKG7xnqL
+FfnG/ZYLuv1P+ia7dPdfQclay8kLLPd/fO4OAFOVAV7v4MbZHT8PCtIftGx6NkEs
+iFMiEyDC3oQBQvnUvq6PwEa7GXBfFV7gJGOrDZKiFcN7zdV+kF8LhiTYSvBL+xF1
+EN8Gz8RPFXekevqL5LQcwI2movy0uXKpzhCOKkvfLChBQQpl9gK8vPk6ZwDUMsSK
+qgTpuiKFdLZt3RSf/AwGaG6cQjHcPtg2qOgBM27fOQdt4L6v1yvW3FAkKhgM5GHt
+EvD30T+Xua1v1o0G3Y5AmoA1uU/Mshkvw1akhbmuD3HhEMri4zBcmrPd64Q4Iw66
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingCRLTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingCRLTest1EE.pem
new file mode 100644
index 0000000000..e424cc9db2
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingCRLTest1EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: A3 3F 2A A0 BF 95 C5 73 EC 6E B9 44 71 6A A6 87 2B 36 17 06 
+    friendlyName: Invalid Missing CRL Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Missing CRL EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=No CRL CA
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTESMBAGA1UEAxMJTm8gQ1JM
+IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYTELMAkGA1UEBhMC
+VVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMTAvBgNVBAMTKElu
+dmFsaWQgTWlzc2luZyBDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwDJ7k0JNn4/Y2C7aFezOHrjKJg7+w523p
+euAG+QWBedeSq3v7KwwmYK8B/xT4lqkMsujlYZ2VZOuClpvStmSE6/scFnoLSpjR
+Irw5ATpG3PuqclSElxMqufaxZbHo0Or/YOM3Ik6m+sP2bg+PZVzmM4EqylvF2Yfd
+BtlWSgNykgJ423auEY6eTc+bMtqD+76pBY30iBuDnEal+t+ToFP79JuY5MbbCRFG
+0ub7n1tJdJ4TIT59HBjrQhUevqtJWvP7B7RVu+aTyaCfupuqgU8DDgC9dtugV9RK
+T4obzxGqrazxH6Fc7EQ5YlhdnlOlZWPPDjjANxxtI5a6RlZws6HJAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFG6uRdP5/cyueml//bgG0kwH7AIWMB0GA1UdDgQWBBSApNzR
+MY0z53gpJM2Z2jxyk7abfDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQCnahkAQGoZS+74N7JrW2MEYonr
+q+Dj4rRjyMKBQtTfTMds6/6hkExRLIXBiqc5mlGpeP+QHggU1L+1KTlXxXxJNG1I
+dXCYV2JNRmS3rtt3taKtvZHiJmWI0anc0x04wqVffmiIECuLdjP26Kd02WlK6djp
+EVBYK9SzthVfNAiJ5FJbHcoG+wuMWmiL7V6JkLNJXlzPV5XqDfUvnjte8BDAyxYc
+uquJd1uKqX+pdCLhho4QL0QXth4lXtyyhQ1Y7b31QHI8hySnqXbrArZeuFg7o/Ed
+fOmwvmwt8Tu4YQ0Q7gdj5YLpxhthAPaNd0csdKXzfiIcMoWC3Y4L1vtszqPS
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A3 3F 2A A0 BF 95 C5 73 EC 6E B9 44 71 6A A6 87 2B 36 17 06 
+    friendlyName: Invalid Missing CRL Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,ADA5D50F350C44C2
+
+/hPizfAKmJuQrbvRfUq70yiL3owIVL25akrbu/Y4MqYc+RzLjB6c8k7tC8Rf+GQQ
+9Ky6ngj6wfiRSiFYkajAWRa7tHu3kw9TommWCSFVVVqx01+c3wshMWh5EBCCG0wY
+ysWw5vfDJYWlFj51rbEOeSJrVVeNusUmHATqbk/QRXm7DeAuTd5yQosYJTGQcebg
+6e3OfTV+e7ysUd28RBva72h+fHTXmL7KzO+RiVx5IMNd9fiYl2VVYovxJLRdVyhM
+iBqs59krueWWHxp/Z2FL9lIMmH1zU2VwDwgAG13IWNSeXKox1C/XuDG4OY+rSuFE
+l20xShbrEPoZ8HyIdwyUlqkIBz83hf1sifdC5mWWEBdMzZk2/25R2mx8idZuObRC
+xRzRUTyay0UOUVSQwKJKXhha3FdYlsQGODNRnX8wsleb8Ps1ME85P79XU8ymL/X6
+IkO1blRIec9U/q5cNeUr+6GlS28Rp7SnAuLSmVY4NxeUbyQVm/eCIKRE9Da38mph
+xyfLijm6j9J2UQvJdQY0NDTHQ1djJvHpGWZ1XfVfFF2mM7ur/zr+HijUWd0+0rbd
+iyMgXiuGsN5inZn53ge2KJM3OgQBDxXy47SRb4jzOlh0xmhAYsRANQ42V2R1Sj3z
+cWHcEzzsg2eumbqGVpOKWKG8YPe8OpRkvkSfh3F6fLhySCqkr576D7pF0PD6ZL/q
+nM6f05sIpQAGnRah9opHjLIVCggXREwrZXWnIEyUb4/UYGYxs3Sj5QIEVV7j8bdm
+8wlXmoUA648KxS/PUfPjFqjBisXrSmYtDUJCmKqCJhR+F8fuiAtGqnYkOelV8BqM
+697v7jtkPbond/WDa6MN7Ga2P5fwm6qaUht0tuqb59UFBeO37n+Ayc2kXCX5CL3j
+wtXajaiYfhcP5zpr6cmot1utKZ0WHYYx0srwMC9Derof6Tryj5aWnlS6cG4JZZC7
+qoAccg6d7dweMVq2KlYdUlwzln06L9hslorPq1jx9/kIdyM52hV6w7cTPDYZAczd
+JWbUQhluWFQlvuCju8LLYsN/HgHunEC2WV1Nirj02qEPGB2xFX75jMTykcUajKlw
+A7sQg9upSuDIqPy1H3vX/csj7JGX/uz7omF8DeFL7Jf6MjxGqf6nQXGk/pjiByQy
+R/+1qxUFccLE7ike9PolA07dUChNGYZ4uvAv2e6AMUiPW0dtF4o3ic+PIpAom+/9
+krfoHpk7poD/RbvMOOLG7jDpokt5EjU6HmQMYcKRPqNXO8ISHtc5E7w0OQoDnsTH
+nyjCLiRt1QnJPM4Fu1b59DcVfWTsgwaBrgAyTBCeC2E2QV/ph7KOJ1jL9VjIUXpr
+RmEeoZARSXjOWx2oq/NQ7yT0QOLDNHgCc8VWYwEfDiyEqkHAMbWL7gb3yv8h0qly
+Jh/y+LK+CIfXHwk79CBtH4vaC2RvXIK6Kos2+J12Ww+VA4Hc7afUGcjabggijjrC
+tKE7yfHjXjYe+KeLwjWJMWZPP0T798AdtNjm9KVUXY16Uv7qAhZToDNaB0yvGCpD
+kPEeaVZVhV7PHYSk0Ph8fFGeNDKj7YKLVsFL2cdvO4xTyFYKD6+0kYlzFCFSaAC7
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1.pem
deleted file mode 100644
index 77a888caf9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Missing basicConstraints CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcDCCAdmgAwIBAgIBFjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbTWlzc2luZyBi
-YXNpY0NvbnN0cmFpbnRzIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO
-9yKuCeu6dhjdDO1FYBjOw7a3vWSCZ6ukoQAD5724THVzb548yc2GIGKHC0mWgXiX
-fB6PBIQAwAhwCIetZaZICbOaJLAEgrfYEc2BK1uYPcnPDq3akXxh5lwFwL8N/xT9
-ajSDOeq+fWCIH4K3cgzvQFksXSMBrCLeSqRqpxg7aQIDAQABo2swaTAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQURqBdN9KpBRGTRazt
-XDHnzRcB9gEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATANBgkqhkiG9w0BAQUFAAOBgQCIvIvzmMIwJ8YV4vFP0812ct/Jsheq3QAcCH22
-0akUpHCoryoLL8cVkdCCP6lG5QD0BdEszwovHnuu6X1kPCe/85mpvlueAMAcr3Wh
-sSZA7vot2fdmAqwje/64fADpW2pI3muEixUfmNSMsjXFzGSFT2tWJ1XNfFAI9EYK
-j0nmiw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Missing basicConstraints EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Missing basicConstraints CA
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG01pc3NpbmcgYmFz
-aWNDb25zdHJhaW50cyBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MGkxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE+MDwG
-A1UEAxM1SW52YWxpZCBNaXNzaW5nIGJhc2ljQ29uc3RyYWludHMgRUUgQ2VydGlm
-aWNhdGUgVGVzdDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIu/B3NsTKFd
-3NwujgznvY/HGzG+YIVddeXJ/bIUYqj0gIh6FNebF1p5DnC4tljBvuux5UMrmGOi
-6/MoDmiVL8VyVr87z69Hx4DKUjwmHa8KOQ8L5KcklyNCiqovL+IWvl/ifcvU3tQ2
-olOq4vjYRupu8NdmpY4IZl6UQScR5P6lAgMBAAGjazBpMB8GA1UdIwQYMBaAFEag
-XTfSqQURk0Ws7Vwx580XAfYBMB0GA1UdDgQWBBT7lvAQxDdV8M61puLxGf+ZGq5u
-WDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqG
-SIb3DQEBBQUAA4GBALqhV3pig7Li1sMxfgarLLYB4xxjsbFinx7EtEDlju0sTe3j
-F7e9rh62n7fnZqZ8KSyRCikPu3r3qBCLx2TV+i31inM/GqvU2yrBGdVm9HUi2CSp
-YUePLjOyojWECk+rYNq3vVYFVKJkonzfR3533mruAKakqDJ0PQLTEx84ugv9
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Missing basicConstraints CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:46:A0:5D:37:D2:A9:05:11:93:45:AC:ED:5C:31:E7:CD:17:01:F6:01
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        94:49:47:9b:06:de:66:8d:df:13:40:35:7f:95:83:f5:1c:92:
-        da:0d:33:78:99:cd:9c:34:02:32:14:17:ea:86:48:3a:9e:ba:
-        c6:5a:de:0e:5b:68:0d:1e:9c:f5:07:b6:81:e3:47:fe:29:45:
-        aa:c4:51:01:21:b6:70:ed:1b:28:cd:c1:81:f2:43:e7:12:00:
-        48:78:7b:6e:28:5f:71:8f:f9:56:2a:22:8f:3a:7c:8b:8b:7c:
-        8a:f4:2c:23:67:c7:b6:b4:85:02:99:d9:48:01:29:c8:6c:ad:
-        be:24:a7:3a:8e:56:ea:92:4b:e4:8d:d8:9b:f7:17:b3:e9:b5:
-        87:fa
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG01pc3NpbmcgYmFzaWNDb25z
-dHJhaW50cyBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAURqBdN9KpBRGTRaztXDHnzRcB9gEwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAlElHmwbeZo3fE0A1f5WD9RyS2g0zeJnNnDQCMhQX6oZIOp66
-xlreDltoDR6c9Qe2geNH/ilFqsRRASG2cO0bKM3BgfJD5xIASHh7bihfcY/5Vioi
-jzp8i4t8ivQsI2fHtrSFApnZSAEpyGytviSnOo5W6pJL5I3Ym/cXs+m1h/o=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1EE.pem
new file mode 100644
index 0000000000..b244a1b201
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F5 04 22 89 16 8F 33 16 74 FC EE 68 D4 17 0A 0A 64 05 88 D6 
+    friendlyName: Invalid Missing basicConstraints Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Missing basicConstraints EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Missing basicConstraints CA
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbTWlzc2lu
+ZyBiYXNpY0NvbnN0cmFpbnRzIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowbjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExPjA8BgNVBAMTNUludmFsaWQgTWlzc2luZyBiYXNpY0NvbnN0cmFpbnRz
+IEVFIENlcnRpZmljYXRlIFRlc3QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAz0Q7jVXn/KP1L4kWn3MnNkLMHv4kNcWGV8Sz2Z2VUq8WlLhFuzpFvyPh
+NXcaZ98iVRqDqvSmb25/Gf5HoyrLTFxayY0wm72Drm5VW6REQ9evIg3xJV2x/4pg
+7qHE1ikSCD1yHSgrhQvWVVbkYnnTSgVERxm81TDFMmn6nOQzuvjLr50dgcdz9tI1
+sULjP7pyk7vDuBRNhsphW+QP7iUDr02Fph7IO2nJevAZ1p+80O4lMoLLAWelO7c5
+KKyhGa2NqZOCqSsS+cUMtkhUGhEyDdlxC1maCPpsS6zfmtWasUKBn1FLLGXDzALC
+COWJwxztub3n2UVKu2bFEn6aYK9iFQIDAQABo2swaTAfBgNVHSMEGDAWgBQwVrwV
+EY1PxibGtZyhcJLS+U8NeTAdBgNVHQ4EFgQUTfAA8MgHRVCO/ShtbVSoByR2AIQw
+DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
+9w0BAQsFAAOCAQEAVnYgcBUarDoQoiuDXLPNBtPKARX91BCSAJSI4s0yP8Ba307d
+28L6BUVWzbYevwBKK1042PTO3Baz5WTc8I/cgNMUolZKfSbjrTCZ5H3MLVpH1Zdj
+zr7Y4bNppL3aGwXPjjaDHHE6F3h4ukFZaoX9fTr1OTxcyOmz96/hLJ3NbHmRPHPv
+pA1y5yepi3RDltyIMQsXIGPIofZ19LQ/+hCjYuh01wrd2r4DEQYDmyEEDMXRaeFy
+LSZqGQBhvOwcrfX6iz2cIz8YnbfU/cte5C2Id7V7zW5GZP4oCgjHsANbe+hGVbsR
+AUSJ4G96MY5zlwVFYdpLldKm2BywOGs+CU+uxQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F5 04 22 89 16 8F 33 16 74 FC EE 68 D4 17 0A 0A 64 05 88 D6 
+    friendlyName: Invalid Missing basicConstraints Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FBCC7DE9B3E67417
+
+ddz83O0BO0HXwyO0stvbC3Vgu0Xdmk958NkNArfvUA6xAU11fif4N+53XHRy5azv
+4dcEBgdx1cMq2FH0Fsq3NjNKDALJV6jCewzHkPTOgqbJhkwbAZxpVDjnAf8j1cyK
+SV7f7aPg33n9/If8lOao3ZSIYZoKaiOY3oLxchNHNWLZoH83hocKgtx6rcZxOpEf
+Q4ySjllF+jn+jBMTpURJ+WBTwSebP+spHe3vi9jnKxpXhZq42GdMeFLa7RmFCmXZ
+yfgI9VJY/YFtCqivKmWRlAvTA7MTPGnGr7j1T7jAzg+wfgiuAtBssVAKmXFwSrYz
+r/TW6AxvVVj0sgovGPuxrpdSmHdThlm42UVUfw4HaSLjYBK3BD5vFPVaLfLwwYgr
+oN8/mOslZlUkPVr4JV+uAzpVniY5d98YAUSnYn7ASrH6KGrQgbPQFUv6IWY9nS9r
+n5stGf15Ncbx/NnnqsuuIglSHnYQlhXnoBdJGvqMiXAL/QPxxAMNJAsTA22Je55f
+M9xmPxOtszKXAiDB66bhVN1msfDC6i896vLgwsggdyPH3ljJbVHNh+YAmmVtrGgJ
+5sfoPCI8anpBf+LzIzV1rtmV2uQT9aR8cQ4nzkFViS/UKI9BfZPSlXeIkZbjb0fQ
+nwJXYn4xAXhXdV6B33zX2Ih6b/5aXVrdZ6AcZDtSfTwSEEdLgHmQaZAMX8IsGI+y
+gzGnbQTYk4jMyL/C0Z9ikmd/DOGrNCepM3ui9eXxal74qiDla4rVZGXMCghyNt7O
+Ak8TxTogNmcQUNKFWCT5eNCSq5Ewljq+ivdSWbw2vE42JFSWmXSDQycWyi2/bDcr
+0qEksyaJYgbcff+KON6zomidVZOeNl7vHjUHSAzdzN4uCQ1f/EgQsJy2kwUg+Q4Y
+/zM0wTLkl0gELwYi8IhpOkcNtBX8+IE9fG0wg3mzcD9iadOEymBfgGpxRk8MvGyF
+46LJRWZv9UtuuuJRnGGu7czCMYAMJfV+gzm47B6Kw21OHREoEZXtVZaJnUL4AIyD
+cWfTPZOOrUNgKlNIgxNGsHxYK9ATpdDCAh4bV9W7e4WdcBFDgI7e94bQhC2RrK4w
+xN9b1+inE8rlANVn2brIBYuFZoIHeVz0qRBAgNOWo/94puFcafWhyZ4uGZ4wS/a4
+slmsz/T5+sOArZxgrlcMdhtPntonDUZKv7uEvfNl78L8G6rkw6Y7ePDv/1723UuO
+p5SigZc0BFse3wJwvrLKkka/qX4ZXXBm96+atfIappYR4GNpGLKjRyThFp9MQ5AR
+u4be4qNfx2fTWJT+vODocWS0dx9QFZxP9QZan1/hP94Xl1wIMcFgDpATY7yZXfyI
+M0a2baduud6dzjnJ0V0pBYMHG/PmfeEWJU/xCCgHq8Eemxq28HXmNjXSAjOAyQWk
+gl8WRUh0MZm6F/hSR2r4IPbjGNbBVvmhYmXYw0iPMpimMIapI01eVHq8QvCfjjFW
+KTVDcHW/XgdX96k6fO9wVfpHhgGhWj6dPYvFQ+RxpvcyyHzZgaEYRC0mTFY++UW6
+KJk4OrJsoEbPA01cvfflIZNAIaz6HJDiUSUKCanbPbXT3Ca50evkPHMGkGpBNVXL
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingEETest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingEETest1.pem
deleted file mode 100644
index ce0428ec3b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingEETest1.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Name Chaining EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Good CA Root
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBCTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDEdvb2QgQ0EgUm9v
-dDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEzMDEGA1UEAxMqSW52YWxpZCBO
-YW1lIENoYWluaW5nIEVFIENlcnRpZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCtoV9f+SA4KyB9i+bRylcLprvUHWg6W/anXTtNepZjeYRI
-h45BCVfF9mYQIoBvqYkSOdB64I/qUShwGf3kj75YiGotm1AzP/e8A1dIyvdxVT75
-vZwCWaOjqX5wEyaGnXS2u1NDzvZ/5JBtwo1KumaVAd9bLw2nhHAwbJ65Hx1eWwID
-AQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4E
-FgQU0QFCXwgNnxwQuYUlKF7ehgYiFvYwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQB8cokOobcm6ZNTDk59
-Ieo9rWzeCUeh8ku0vO2bp0hyVadPHfCvXRRFlWZ6WKMTkBXOs/i5gHEtEGB9cLDO
-kmOOHijG06pi9KyYqh54As2hG8wKngUEyOZsIkKK6JfdMx9besNZ5lQlSK3SZpV4
-wTIx6poqzlbJx24yad7rPgiUxg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2.pem
deleted file mode 100644
index dd9f0a5d86..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2.pem
+++ /dev/null
@@ -1,113 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=Organizational Unit Name 1/OU=Organizational Unit Name 2/CN=Name Ordering CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICwTCCAiqgAwIBAgIBBjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGOMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAsTGk9yZ2FuaXph
-dGlvbmFsIFVuaXQgTmFtZSAxMSMwIQYDVQQLExpPcmdhbml6YXRpb25hbCBVbml0
-IE5hbWUgMjEZMBcGA1UEAxMQTmFtZSBPcmRlcmluZyBDQTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAz4GBJOnsdl/i9wT8fK6n4zN5AHkLGLTaV9MLbBL5heti
-HmMEj4t80NsHynN8WrNyxjxjeDoAnlUixCHAT6totgzgeWKumN7Pt48lWyP7K9eV
-j0mJ/e0X8EYCrm1idgjBevSpFpC8sT0m7Lgo60wWBrYqKBE2OW2oLqjK2a9itJkC
-AwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0O
-BBYEFP/4JkT0Lojo+NeoS4SRoshoYlphMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAE
-EDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOBgQCrzt7jsc3zpys78suxiiHSl9hYrO0L3UJE4TYhMKsTdu2r1KStNCY1MA05
-8U2gLxTSvnibuRTn81AHALvjm5bd3oiKFRr3ISzo9SkBx6wXO7x23f26giO4h6WR
-Yjce1wWutjpvkyXJWxLqKD5eE2PVqwjujs3eiNAV0KkiQTqZkQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Name Chaining Order EE Certificate Test2
-issuer=/C=US/O=Test Certificates/OU=Organizational Unit Name 2/OU=Organizational Unit Name 1/CN=Name Ordering CA
------BEGIN CERTIFICATE-----
-MIIC1DCCAj2gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSMwIQYDVQQLExpPcmdhbml6YXRp
-b25hbCBVbml0IE5hbWUgMjEjMCEGA1UECxMaT3JnYW5pemF0aW9uYWwgVW5pdCBO
-YW1lIDExGTAXBgNVBAMTEE5hbWUgT3JkZXJpbmcgQ0EwHhcNMDEwNDE5MTQ1NzIw
-WhcNMTEwNDE5MTQ1NzIwWjBkMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxOTA3BgNVBAMTMEludmFsaWQgTmFtZSBDaGFpbmluZyBPcmRl
-ciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAlIUiHjq7IwwwfDgHAnDwX3nPnYsaZ6Bu8w8lZNS/15MDdOmQg71tVoCIC0he
-PJBMDiqwuUQ3pbgsavDR26tQnAXGzmJllHIFry4XfdUozW3Du9KUR4eFHDkgiQCj
-IXj4VSgaMAXyDSGO8tQpZvweKQLreeur5220Pf3K7zabhcMCAwEAAaNrMGkwHwYD
-VR0jBBgwFoAU//gmRPQuiOj416hLhJGiyGhiWmEwHQYDVR0OBBYEFEu0FDAWAxWm
-n1pTTcqqIcZ0G7JJMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFl
-AwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAHrnqIOietTCGSRZ38iulDWfnU8JraF8Z
-x0MJGiOWHh5iM21Rfwux8XyoJ022fncuDoZAsUjriRwBn3u0faPPFouOEEVMglWU
-woUFoMYymfDUYmA+kavP7A4gRhSfhi4JJJHdb1AbnNkHbMfIBRSz48wsphGJEyk/
-NE5gmcum3Bg=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=Organizational Unit Name 1/OU=Organizational Unit Name 2/CN=Name Ordering CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FF:F8:26:44:F4:2E:88:E8:F8:D7:A8:4B:84:91:A2:C8:68:62:5A:61
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        b4:c4:1d:56:f0:e3:a4:27:bc:09:13:d4:99:6e:6a:94:5c:0a:
-        5e:33:09:0a:a0:6c:df:0f:3d:a5:03:15:e8:da:cd:53:10:e0:
-        26:82:d4:82:34:2e:75:62:f0:8d:a5:b0:17:ba:77:e5:1c:b2:
-        ca:d4:71:78:2c:fb:3c:cb:51:58:4f:1f:b8:90:22:7e:60:c1:
-        60:03:64:04:58:60:3d:a8:36:c4:37:6e:b4:c1:28:0c:4d:16:
-        89:5e:31:4b:1a:7d:4d:33:35:8d:0b:92:38:90:f2:70:e1:f4:
-        c6:14:7e:fd:3b:9c:c2:d7:da:8f:ce:1f:6d:36:3b:ce:5e:28:
-        1b:fb
------BEGIN X509 CRL-----
-MIIBiDCB8gIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSMwIQYDVQQLExpPcmdhbml6YXRpb25hbCBV
-bml0IE5hbWUgMTEjMCEGA1UECxMaT3JnYW5pemF0aW9uYWwgVW5pdCBOYW1lIDIx
-GTAXBgNVBAMTEE5hbWUgT3JkZXJpbmcgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQx
-OTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFP/4JkT0Lojo+NeoS4SRoshoYlphMAoG
-A1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBALTEHVbw46QnvAkT1JluapRcCl4z
-CQqgbN8PPaUDFejazVMQ4CaC1II0LnVi8I2lsBe6d+UcssrUcXgs+zzLUVhPH7iQ
-In5gwWADZARYYD2oNsQ3brTBKAxNFoleMUsafU0zNY0LkjiQ8nDh9MYUfv07nMLX
-2o/OH202O85eKBv7
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2EE.pem
new file mode 100644
index 0000000000..6cbfdc3a6a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: D2 C7 3A EE 21 D6 E3 2F 8C 6A 2A BC 1A FF A1 9B 04 2E 74 92 
+    friendlyName: Invalid Name Chaining Order Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Name Chaining Order EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/OU=Organizational Unit Name 2/OU=Organizational Unit Name 1/CN=Name Ordering CA
+-----BEGIN CERTIFICATE-----
+MIID4zCCAsugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAsTGk9yZ2Fu
+aXphdGlvbmFsIFVuaXQgTmFtZSAyMSMwIQYDVQQLExpPcmdhbml6YXRpb25hbCBV
+bml0IE5hbWUgMTEZMBcGA1UEAxMQTmFtZSBPcmRlcmluZyBDQTAeFw0xMDAxMDEw
+ODMwMDBaFw0zMDEyMzEwODMwMDBaMGkxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZU
+ZXN0IENlcnRpZmljYXRlcyAyMDExMTkwNwYDVQQDEzBJbnZhbGlkIE5hbWUgQ2hh
+aW5pbmcgT3JkZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDIwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCmGHtkF4itTUq3AQnzZatlEBh9xeYcGGHKW4YG71VW
+tuN7bK7l/LNJ2rANrU4d3FvjcjS/uz1mInuC8Jmc83z4O6E07zDERh3vJMuMYZRM
+/3Gq/b5MfGc2SSPiE0x3I8K7IVOjwa2GtYAKm7W3nEJ80//fkdRbzu9WYXLpKGfx
+ffEZq4j8kBwmNGYLO2eyOmIKLeY/UdnzN+IV/wy9u4CvNQEoagLCXsaAsLJZWPeO
+e+92n90GVdAdKB/Ml9PMTBfDh0R1jrmOFAEOcJfIYGpfj0tFIsAZ1AdcDNPXSx4s
+A0cLfSG0xuJu6iBxHHIsCRW2Q2cK8yo2aIq7FNNE8bvPAgMBAAGjazBpMB8GA1Ud
+IwQYMBaAFL9Ki4GbTYwUMYxb6czdL+h5ElFQMB0GA1UdDgQWBBRXIRom3xYohMEv
+pN0iRtvORdgoWDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
+ATABMA0GCSqGSIb3DQEBCwUAA4IBAQAynecH6qf01AWM0adG9SZ3BQ5N/oBfcu7e
+WjwU0dPuMZP5O3+Ak0x7lt9F4QRwmcoyHsB7AZgGMNu5xWE3dpebr4mF09RP0+pa
+T0lli8Vi5QMUCaqYkbXOfchl/A9k2py5H5xrZ0OJZrZonmAGZTMmSuAhY1xu6scW
+gs6X2CSnU8siNg9Zcd7jqbfHUWSLvz4k9N7UzTqT7Pzwof1vaTPqcggDGUC/jQV3
+v6BgnIcxxHjRL4VSg4Z/fMh4hwXQlEFZGHoyBzzYNhYPnpgpxU/64cVHbOLNC6X0
+sUVsT9JfCt/kFAPOoWnBOifSzjeqVXmteVsb/9SP4wF/f4gBmJjg
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D2 C7 3A EE 21 D6 E3 2F 8C 6A 2A BC 1A FF A1 9B 04 2E 74 92 
+    friendlyName: Invalid Name Chaining Order Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4EBB2B43D79854E2
+
+M4O8H3FXV/0Q8oJmUXqDk60NUbwnBWNKvGM2twA2XZU1rEodmvWWlwo0mmH+j8rX
++A0itJomhWox8Q88Sdi56G8PhZfBk2ocPPAIDrG2z4EFqbjCNATqJlIJmMyukzbl
+B6tYDt3Tx/vWdYRZSFyNPtn4GTuY+KIGTNlyf2F1hBhbSU4MKPoEAgF0JLRvKj5E
+tZIZO+EHfHctq6cTcqLdqBhP0bS70UqqqlvZ/232SwpPmaXWvMYjnqMo9W3neBID
+XIEP5mF4vmaTLoVcH2hoRM5qvh5DDSYfp5StfFcN0R6d5bl5v//bP+1tu79kLr4W
+HPvXQcApsUrNUgmtGNUiqM/uwEdlgYiyjN+yQpSrc7I5lT+5nBYWfJ4fsUD/K5Nb
+2/rECornDiP53DJ5daM26Q4P/mpNCHZQzBXCFb84aSSLtUvijvOtUxt4Ej2rGtHb
+t8F5ucVb9JmU7CkP9a5uy/t43z/NPxVqqgxltlb3Qh+4Pky8xUd9j24578KevBUd
+Ufi0kErFk+1ShcYBVab1QcQh4zeuq0oPWmfgyWjWZ3KyKwdMDo613YA41MgoCvbh
+OtZmi52rtoFJ/dIrYp7ls8o3L9H7UZDugRuSQmDNsFYN7+xSSb/6Tgzq1vQIo5CY
+g5At1yRtiirZoKPA4NlrCtXTVe4hAdGRQOKC2uSmZAC3pbES03lCxtTsAQncxBfL
+Z3eeR/n57waMKPykDwrIzIvbxebA7obPfpX2Pqapt/WGRbseX4/JPDYQVM/6vLfA
+DyTwC16eMO2XUIAMJ3ThBmRCzz/2cMxsMIVMGEZKFOSmcvL6FvqCtve9/vEUxCs1
+BbUWetauDkZypEPEHWPVYCGl7aMOG2SmeeUECx2xoTCCPC2gp03L2LlS4STvgKig
+Nwe+A7WwTVQlxUq+x2BXJEcU3lZh+qemj/b6bcomvkuszWyiiLh1yUSERdTZDUSC
+oYyasTIlDpERQGyyAcn3vqSKx3gdcOqX/bl8o8yR/EdUncAde5KMKegpBZlxbF5V
+TkXHeOUBJotq7qMjcxBbT4+YKwmBO6QwK79bwpuFuzBswCAquVPsg/uRylT78Qpz
+GRit5SxH+S4KkFxGAmPAzQLILGpS35qxVrFBv47MzWbxBOakFpFvBWujWC2eBVfq
+y1YnF5NU1++kIRFORX05sq6aDdeIhcA/OnCZESQKp92Nud2Br8wHHHpbDr9sF9tY
+17qjulQQ75JXuGm0CEp+wwud3Lfc++IlMRI8bUSn8xGe06bZng1mK3kdHyK2tkgM
++4pljAh3JVzfv2q2sB4ZAv7omkBFemfoeiqrxF+8jpOq961v+nySeFYsHV64LRyQ
+hoISt1GrdsCL59/dd7PX/3YYqUGIsKSdzxJVPlds+Gn7uku0jPSUgCF0RfVtri7t
+cpXGiz7irjZV4RDkvBKfM4NQpIKLGW/Hf1NnUM11Yc8aEhzaUgw6NwqB98CBTaUg
+8QhczEGBSQhzVBuEINKwbopB91UwsmdHQXhth75e2+miV+T15JBievUfS2LFC1jK
+qhBPfRfWK4I9JMzAiI3lN6sL07O/z74c9coci28MKLg0iSEtCw7H3//MdHsRLWek
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingTest1EE.pem
new file mode 100644
index 0000000000..97ff96bc49
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 7D 6D BF 10 BB 59 DF EC 2A 3E D7 D5 26 AE CF 0A B3 5A 21 F5 
+    friendlyName: Invalid Name Chaining Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Name Chaining EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA Root
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIBCTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMR29vZCBD
+QSBSb290MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMzAxBgNVBAMT
+KkludmFsaWQgTmFtZSBDaGFpbmluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+nEW5gQmCvT4PQ4bfEwb8YmHX2
+bhQjlGRTHO894s1c8ntn8sOGipmZujpyWKEnuLYYXnrx/8d6EaQ5iHWc2STa5xO2
+/FYakp8YF7+wGIrvAKI2gXIaIFzFC6BBtZiDBb9esrLPA3tiu6u5F9WBsGWuA1TQ
+jKqaTll9i5WvnXY8Fq4JbfHOeh9SCJKnyLtY/o6QqfJu4IvGIy3SVMUOpy35ZR6O
+Hdy4JXBISnOe44NDd27PQNnkb7VlcvspL873wQSp5YJKW5tvoPMtCGegEssZIGGN
+lN9bNTzeXAB+BfwtYoqP0Ej769uC6863UgGeWztLxe5YlvyS7CXaMmNdyosCAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWvOskwHQYDVR0OBBYE
+FBrADjt6tfm3fhTgKkOCvTN+XnXkMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAHmYLicHjD0aYoBwgy4J
+fY9KHQVyP3enwjKFrzxt3lLh0+hvUeJG49oxt3lRPjU5d7GJYSzB9hmbECnD8hYf
+/NVRIa6UnLTK/blp3yc0fgYrZSFgzU77f6i51hxScIwprI/rNKUKjwYwPBQ6XZoS
+Lb5nZkbFoSaPjorD7/rTBp1A0vPt9QNn8wBph59HSKyUnHm256Y5kv67Knkt5W11
+tazp3HAc2nsE21MClKg4S4IHQYCva6p3KhViH5Wntu0AaG6Cl3eVbMDe+rzu2i7a
+SsP+m1IhK/geXvUOHGkKQd0ESsNaHakpy5mQXpYbxxpem1NCcsbPPlipMa0AN5p/
+ksU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7D 6D BF 10 BB 59 DF EC 2A 3E D7 D5 26 AE CF 0A B3 5A 21 F5 
+    friendlyName: Invalid Name Chaining Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D8417684F15C42FF
+
+vKv6b2ZRAwVHf3IhthcuPQrJKx3OAjv8c+lHRnmJfHrFJkUf1am4rrCc05dszvUF
+TjTR92O3UYb41SmqEJhgidYEcM1I8ktzt5It1pItk/ZHlnrJ30qoWmtYx7GGI6En
+fXsV4tuL7jEvgKlkrYztkaUCpbauktbKcgLCeZM0YQ1WTHsDFK3KTGnz+a7Y0Wvs
+sl7UtwwjaiGLzJBF3AxKIDwGatxAxZaSUR5+9/17pLJ9Aw4irQUlERtjwKcs2LdS
+EZDbgbfPMqXOmZoZO1zCD+ZfyUM3BNOfXs9S7DqzHYjW0EeOmQiOLOWDApUPpSwl
+Ywp/hr/8DCv7POi0uiAO3xK+DNRMKHtig33+d3xU4YkEw8yZDmesgByeEEF8KlzW
+lWasO6kimeIBSmhccj7E2bu1+FEg6x3m5AJkVUxOs5hj+D5zOuihofhatD3aCJ4G
+jdRZenNZAre4l/5rKHsndQVsKOOFjVhMBP7Id+wv//eRez+OHS1yxlRzunm0O05T
+1a+jypMOV8v9lb/UYTx3CRsEtXJeqB6tObGZP/BcLDw4e3qhrEZ8wj4ys8J6Gk1q
+czlYliZzVEc6qCCnIRMf4q2jMSb++klUAuWO9ieU9uD5ms2CYyKDM2b+Swky852z
+PBh9b8/pKidwhXc5xSGxEP2lDjVHajBhlzloPpmTz31bACS1RMsYnmskU6PAFuWY
+sUVObgF3C0hbjCCZlubAqEgmfAJTfsta5ILZ9t3yn+ucS05fniAXQGPZ2dTg5zh+
+r86+Bz7h7ZVEF5aQIx4nYouJsW6vUYNBb6FV0ej7n1QbS25d9BtIlicncKaGNIis
+OIXYNICAD267B2Y0+7/NJTjO6LZwE2sFAZM5k/5fjK28DiR+Z7TqZxzcbMurTguZ
+FmbKunAe+wBaaN3cunbi33hwIMIVNuFfRYiYNnPvoLpIzm4zfxpDXfVNEqpWqIuN
+J0Aj+dq95RFo7cHiwp9wXAwkM36rMK9I0ahutISvEWIDDyw7qk9E9ivUHcMk5YT4
+Mn+IVromU0cXcM6sp1pxX8sDeu5M72nw4NDSvEvHtj0fIxHvzhlwsBy9US2yEAsK
+SUxlQsDnkDJrY5G+yEt7MkuibJBPgR4CYQKoq/GIGPyjB86TQqAeRTV4OTHE3xkY
+t4CuqoKOwzy1ieFZtgW67n6qpMsD0tPNYk4zWkIDM58yOpZ77PdMclSuUjffHAKm
+v5SAFXoAB2n/ld+k9j3cOsuBKvrlRZNADZmgeYM9ttNDM3n6pyPi2+yyc4RqfEfk
+CMckhOCI6OL8Rkl8UvPyo50+kYzBNsrEUDgtgXh6zTNzE+0KCoMcvgW/dRjjGJwQ
++VEKwPOSTXMQJAKx6g8qjOoM76gZrr10geiHhalicn6a16gaa8E2or3DlgXUV9ZG
+Mac3Esvn5x/gnljjLnkaNzf0ehfe/blTlaCeqJjLv7j+ZD+zt0tL5mfBmkS7zaY4
+3p9AvHVaLB/wFT2z6BCxBAm0hAu3Cxd54NhKrYg6aI5hKiJ8DMROCadRsc6ydM6h
+84WRHdKOI7J3jkTVDyKG/1Zug7IgHkv6nzC6xvpwMYIHJttUoz2F0g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15.pem
deleted file mode 100644
index 9310adbf42..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15.pem
+++ /dev/null
@@ -1,114 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Negative Serial Number CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBETANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZTmVnYXRpdmUg
-U2VyaWFsIE51bWJlciBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw5yD
-rVmP3dVETqSrKKVXvXWAnpc5K5Xh6mhHBvy/YpoERigE1MP8A/6eE3mY6OnMJVAh
-QJRWniYBrIDg5zR873cTAbn1O7MwSfs3LLxEO81iAf2k4nFFxAGtQp5AUwx0cQVK
-8oMVty8BEcAkazVA87HQgpycQySqDLmklHNqkncCAwEAAaN8MHowHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJCMpyNNS/fqobISh7nA
-0w4zWMuCMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBYz9xXPhMcniA6W0RG
-0A59JbhJJpAZmnLBusWQjWYIZsVit1M1OXc/zDGAP/ik3blednL+t+wbdJc1qg9m
-4bgoXS14lg+6IGMF2VWcoKkDJDIHpkVrdQc9WGNm0qqPyHGW0ggbi5VrBv1potkF
-xBtl1WkY3ZTLuI71pJ15ebGZ/A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Negative Serial Number EE Certificate Test15
-issuer=/C=US/O=Test Certificates/CN=Negative Serial Number CA
------BEGIN CERTIFICATE-----
-MIICljCCAf+gAwIBAgIB/zANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU5lZ2F0aXZlIFNl
-cmlhbCBOdW1iZXIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBo
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPTA7BgNV
-BAMTNEludmFsaWQgTmVnYXRpdmUgU2VyaWFsIE51bWJlciBFRSBDZXJ0aWZpY2F0
-ZSBUZXN0MTUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANKczL4/N4jrniwj
-6tO7tR683qVrEG+1DB4XcrWL4wENZS5O2qkppGZD7cOXkGuOemheT0QGmaEtQjOa
-yRVw86jvq4n3iQdSEvRb6C2GtYQ7hFASTBsQn4qKbcldkhv+XQAzLMc65GcFv0l6
-n0xR1miZq8E0mDxBLg9J5iv6abyHAgMBAAGjazBpMB8GA1UdIwQYMBaAFJCMpyNN
-S/fqobISh7nA0w4zWMuCMB0GA1UdDgQWBBR1iOR4fH+ykQ1KqxHgeC1Wl2TuQzAO
-BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3
-DQEBBQUAA4GBAAAfyUd30ByRjggXgiu4vNE7KBbaY6fbiYYugGriPx/HPPIJM3M9
-3W2m85AhLW9Qt/dpaXQGeICkDfrLrpTCV8MWnedoVwQMBla8v5QNs4pUdkTXuV7R
-9LZqxgeDvUTEadGrNLjZ4WumiFApRA+DRjJE0LsnS58wWtklsYDoHJtH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Negative Serial Number CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:90:8C:A7:23:4D:4B:F7:EA:A1:B2:12:87:B9:C0:D3:0E:33:58:CB:82
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: -01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        7d:55:77:de:74:f8:ae:25:02:35:ad:53:74:92:6f:89:f9:ed:
-        b3:4c:bf:a7:70:b1:0e:20:4a:c3:03:7f:a9:99:01:5b:5a:a0:
-        67:df:cd:74:08:d6:80:2d:ca:f7:c0:be:9e:68:35:d3:79:89:
-        45:a7:6e:f2:75:86:e5:28:d0:00:2c:96:14:03:96:eb:75:d0:
-        fa:a7:78:f8:50:e7:70:6b:cc:1a:9d:8a:30:1e:c5:5d:22:a9:
-        ef:dd:07:48:85:87:d6:2f:15:02:d0:07:81:2c:bf:fa:c6:ce:
-        49:03:44:08:37:f3:f3:79:b1:61:ab:c7:f9:21:29:3f:4f:cb:
-        36:c0
------BEGIN X509 CRL-----
-MIIBajCB1AIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU5lZ2F0aXZlIFNlcmlhbCBO
-dW1iZXIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgH/Fw0w
-MTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFJCMpyNN
-S/fqobISh7nA0w4zWMuCMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAH1V
-d950+K4lAjWtU3SSb4n57bNMv6dwsQ4gSsMDf6mZAVtaoGffzXQI1oAtyvfAvp5o
-NdN5iUWnbvJ1huUo0AAslhQDlut10PqnePhQ53BrzBqdijAexV0iqe/dB0iFh9Yv
-FQLQB4Esv/rGzkkDRAg38/N5sWGrx/khKT9PyzbA
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15EE.pem
new file mode 100644
index 0000000000..7479b46674
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 17 72 29 99 FA BE 47 81 E4 B1 01 CE DF FF 1E 8F 24 20 D0 99 
+    friendlyName: Invalid Negative Serial Number Test15 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Negative Serial Number EE Certificate Test15
+issuer=/C=US/O=Test Certificates 2011/CN=Negative Serial Number CA
+-----BEGIN CERTIFICATE-----
+MIIDpTCCAo2gAwIBAgIB/zANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZTmVnYXRp
+dmUgU2VyaWFsIE51bWJlciBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMG0xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMT0wOwYDVQQDEzRJbnZhbGlkIE5lZ2F0aXZlIFNlcmlhbCBOdW1iZXIgRUUg
+Q2VydGlmaWNhdGUgVGVzdDE1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA62KPWxrURH3uoUly4l86zjX1hpi4DnpB94DYzQ9LSGGpGznlFDt+RyvkNjRB
+UomO6ZpzUw05LdrHNwEKY/Lt8l23PrRH6rUQW+epbYq8F7xXb2UMlmgjRw+IVY7+
+sVnLKk4bWzyCOOU4QXY1MZnoaOJGnZauWePVvA932WDny1MEV6THpnb3TUR4GVoY
+wP1rTv8knj+kMr822fT/QixZiAm6Jimm7ja0Nlj/FpXx/9Gv/LP8LMMnQ2esKJUM
+iLBZHPNtZhHcGKzVzqxAhrzRTZUddXmBS24k2doY1iV1KypyxgG7WBFX0MfLlqCK
+jC+9IpoPA6manH6k3R1UJfZ0KwIDAQABo2swaTAfBgNVHSMEGDAWgBRi5C41xg/F
+6JHQC8GN3rav2ojZPzAdBgNVHQ4EFgQUkfQx97LimEmUaVujcr+gLY2rJqkwDgYD
+VR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0B
+AQsFAAOCAQEASWqVVZv1Mi0Wor1uUCsSnDwNn1qBhzHRgCJ7RvTS5I/uKey6YqtG
+ozvw22AfDPOa43ltwuCuOeVX0rG1BpC57ZzHEJgQcksysR6iZ/uY/vN0tD4chgHp
+yi+8sTayGRPBqrpANbgTD2vzNULrcHo/nZIBiUAWs5I/38iWMAnRvuskzwEhAZcJ
+xU3Z7laFlU5TQGoTMxLeyMzKbJRJWW098aYscKWhG8bEy8CIRsXiuF+BcrFqqzTb
+jZA9n2Yn6S805yMK+TuDWDh+VzPwHRZliww4+ROGHT7LgRdxeN9ZlKx+XqJ1yvVo
+OSsRBKUwZyf/8dm9ItkC5J6XM6dfreX/bg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 17 72 29 99 FA BE 47 81 E4 B1 01 CE DF FF 1E 8F 24 20 D0 99 
+    friendlyName: Invalid Negative Serial Number Test15 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,89AF3DBDD02217E9
+
+uv4c65SWYATqAOZuPg0VAf2OWnVv4nfLYiMSqgjc5mHTtRKWvXrA6uP8otgl3iQb
+PmyXN/C2eFwFfzM+JU2VnREj7Y40YVLMPKARJ/sbY/SfUhZOVsI/IuKWk/o3EiBV
+LDulYfkt+9yPOdvJRivNx96Tr6+6ItdMGiNFfouZMIA8N6GI8PyWcygI+XQU43Bx
+hVdoQsD/yrpSKzNUVqXEYbPcK34D4W7wVMkxToQHwKe7N+GDFMQbc+yqC+do97of
+lK5Ps8dv7U1SAhXb+bAxnwvRqQ20+KKlXb4FGlS56rK7ksKrGpr5lTAVbDGrCu1K
+Ib6rmdLwDM6lz+it3JM4hwlDg5s3v0uND3BIBkVzIi5b71VRNBsEoXVt96LsTCoi
+pwW7cDZm7pG2uDH/jVrpEtqfDskRWuFz5KwB4uP3Ne9g4/uAOj8QIDkmqH4gxep6
+XEmTaVEQ1kDAn5NoURExr8Z6uW5EsVpfKeXiWg5AlnqrUKoCLXxf7+bYxzd8KbF9
+QixAGeUy2Hk4l39afPcAOg5/av/UZL6S8YHMWZ5H6ks8bPnLPoYMBtwegxFRMvXP
+QS/z83bhAkw2s1DKlU4jkBM2McFAJJgl3D5G10Ps8BNNERpZr9pdiKQOPXz1RIAp
+bhaYE4EvYWV8yV1pODnYH8Y0YN9RaG1L1D9PuGBpZAtsVc/kcMz0JLzNPzp3LYbb
+aoJzoXj3VdrqdgefYmj5FbjgdIl887ZcAnm+3t1MydwDZQDtk6WluSw13/Pm8nM1
+O/bRCUadOyCSIfUHP54AABGlpto4wH8pPB2OOSe+2oEHqDq2qBRZ4mH5gDquPSPo
+TdQTgQVltNiAE9H2P3wEOob0xk8uxZgq+tR7ZYrsevBkOMXL+egimccgqndEh0pn
+bg7j1TPC/6dj5UVYpvEhcvZ1oEWEPMcMxm6Tmvr2PtcfT2Z1M5+jGYVRQVknWL6R
+ELJMLeoZ8QchYnHBg7IlRaLyKt5OAl3PpAjrQOtnXdjmEy51C2ujrpTyelZ8q9lh
+KKzGg3N0wtT7Bwg97fyYQP37wHDi7fuyPtbdF8T4JnCZxeCXgNyXUOZ0NbEUgMVC
+tC7Azst1YdtyR1ErUirsu9kAbr91KWqF9dj49wgzzuoiOsuxr3O7WykzuGf4iBIe
+WSGoucPvyStZc0ZTDtJiLsqYE52VXAjJmGarh7i64bP2v2v/ssMEKY0WNPiX4Wtb
+955ippwJsI2b+MEr1BpisujKkzoreRLAT7Tnx9tz5Z7R12iNKP4w0uhPVwZDUHBT
+qz+GB5sukQMCzhSMXhbEkHZvQhZNVp4Vkn2E6CYi0LvLLGDF+Q7docAoo5ciw95Y
+tjffPgYVSaHSMg4ndhgGxFIxJMci6IbZF0j1Mmf6A8UQET05gr6trD/yj82irR/i
+Quyj4ZkV3Hjb0K7JXS5KCxGfYZHvN7y27s5712dhuO+fIr19VUc+erlMVbcEXGlg
+ligwtLjZDp74ZA7Vbi3HyRLlhHDN9bGQcRIL7CiJCC/9Bm1B3PRPZ1q8x2Bpakg4
+l3WIs6epQEaYWO7IrgHBeS2G/M34gl3jwV+DdaVSMU2Z+eOK6LOlQk/xKvFAoWFu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11.pem
deleted file mode 100644
index 43f4c11eeb..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Old CRL nextUpdate CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBDjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVT2xkIENSTCBu
-ZXh0VXBkYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3mWvvYS5A
-sFNH3PbxcSFtUQ/3TzWlO4y6wINHN6Ypk9Okpx3uHSwBpkQ1N0htmUhGQYFyhzBx
-ATrb4vlB4KzylhOwfX0F4cYko464NaCZNL7OzwjzOCgZ8097o6RD+Z2vsM0GmOeD
-ycpB9yeqLhC4e30k8dFJqxzCAEJC0Et5swIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwGrz/yOO0EdEUB5DUcJ8XjGJ
-zAcwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADOSGYLxhRxOj7gm33bTOeiQ
-PIlmAlvVtqg+44hgkcovBETHehNU1xBQRF/tdPACobZUA1/0YoyNZTHIY87qLDkJ
-Ks0twBDEHmgmadu+IKhutKIZzHSsU9xVfyipeAX7BfgDDeEaRdyPCan3KO9hpbhS
-CruOE+/WuIQiY2bS2SPs
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Old CRL nextUpdate EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=Old CRL nextUpdate CA
------BEGIN CERTIFICATE-----
-MIICjjCCAfegAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFU9sZCBDUkwgbmV4
-dFVwZGF0ZSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMw
-SW52YWxpZCBPbGQgQ1JMIG5leHRVcGRhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDEx
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvSHDwBMR2xa4zMZPJ+4WCtp4V
-RyIBBXrHretH519ipC4dqURqRrI7/N9ApYs6t/xevUxi+T2rDzXZB8L6x3AhE+BZ
-xOknZ/gpSN3du4ofSeM8DT7vzkwkj9S+bdEcU480Om0P40OwnQUIiR92HM8xO5r1
-qNrXauV14rf3F461HwIDAQABo2swaTAfBgNVHSMEGDAWgBTAavP/I47QR0RQHkNR
-wnxeMYnMBzAdBgNVHQ4EFgQU/pqWPiQxXU/VEoME39jSmPZFApEwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOB
-gQC2hDiZpMieKwCdZ3STNKZnLhmmgmcxMnshFx6iQ2B8XIbpY8fNvTUCPf9MMEvP
-a+1O7EDTEdrQCEpnKZWExBuB5qpOeP6ddjsedieij7YZUsPCn8aYxz3Cc8uBailz
-2ooOjU9ubv3hI/vnWXYKhZZwPdognMfenzqgqVonVkrt7A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Old CRL nextUpdate CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Jan  1 12:01:00 2002 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C0:6A:F3:FF:23:8E:D0:47:44:50:1E:43:51:C2:7C:5E:31:89:CC:07
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        09:dc:b4:50:29:96:87:a1:e0:b8:2e:39:6e:17:6e:95:7c:a2:
-        45:a8:24:5d:ce:da:6a:00:6f:8c:7a:19:77:5e:d8:d6:ff:63:
-        12:a5:68:c5:3e:e2:17:87:57:98:08:d7:2b:26:2e:1b:3d:12:
-        56:39:9c:93:8c:0e:c4:ed:19:af:37:4e:9c:2e:4a:54:85:8b:
-        54:2f:b2:a5:c9:ca:5a:9c:d2:a7:76:c5:00:1f:92:c0:cb:3e:
-        1d:0f:69:63:4c:f9:40:fe:40:d7:17:fa:ae:b2:5f:e2:f4:8b:
-        01:b1:2f:bc:7e:8a:b4:05:1a:97:21:8a:84:66:94:ec:5f:fa:
-        4d:28
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFU9sZCBDUkwgbmV4dFVwZGF0
-ZSBDQRcNMDEwNDE5MTQ1NzIwWhcNMDIwMTAxMTIwMTAwWqAvMC0wHwYDVR0jBBgw
-FoAUwGrz/yOO0EdEUB5DUcJ8XjGJzAcwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEACdy0UCmWh6HguC45bhdulXyiRagkXc7aagBvjHoZd17Y1v9jEqVoxT7i
-F4dXmAjXKyYuGz0SVjmck4wOxO0ZrzdOnC5KVIWLVC+ypcnKWpzSp3bFAB+SwMs+
-HQ9pY0z5QP5A1xf6rrJf4vSLAbEvvH6KtAUalyGKhGaU7F/6TSg=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11EE.pem
new file mode 100644
index 0000000000..61ed3e8504
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 3D 56 D6 60 D6 34 00 EC 8D B6 50 91 FC DA 09 9A F3 9B 79 A5 
+    friendlyName: Invalid Old CRL nextUpdate Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Old CRL nextUpdate EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=Old CRL nextUpdate CA
+-----BEGIN CERTIFICATE-----
+MIIDnTCCAoWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVT2xkIENS
+TCBuZXh0VXBkYXRlIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+aTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+OTA3BgNVBAMTMEludmFsaWQgT2xkIENSTCBuZXh0VXBkYXRlIEVFIENlcnRpZmlj
+YXRlIFRlc3QxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMUCQ6ht
+nIHGtGfWIymBLnkyZ/b+51EMYGK3oG2KyVWoC+++h1CzZaDiG8p0Gv54dQjJm5Vi
+z3SPO5TTkzmEIWCa/1uKIQPjOVVRey0qApCvymRoXXEJf59gnBqPDx26bXb6NsoZ
+fGk6yEkvhH+MhGzQCHN95ARUNMtYSbPgooEDzJR0ym+qj2LFmZhRwKEp0IubF109
+JPVk/NQIbI3HPZXUdCzp5jK1clTWl+NGS958LnnO4jEK9xJ6euTg/6x/uR+t1oRa
+IxLnB28PFaavkhQG4vVQ+M4Nb8QGBsXmjl8XyOB0YLf+ZVbDXZ1f1UG3MYsjY/4Y
+vksxOmddND9NtIMCAwEAAaNrMGkwHwYDVR0jBBgwFoAUztof2lrMjpf6IBUpT6yW
+jSrNeBMwHQYDVR0OBBYEFFZ23wygTM9MCKaXTBWP52hKEFSlMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEB
+AK1ocp8QO0gPKOT/sFZ92czs4wkA6tiiPte/lWgK1OQ5bPt5u3kT51mqBp+7c2T5
+Vph6MyKO3mp9gLEwFQPyxp4DyZd2i0GfTz50sIM7JUYFvpjThENKLkBwIHDB+fFp
+O2K6JtboC2dutQXhseGvWNc9nadR6/MaNlYEZGBCtcRv7jkNzsqzrVCwKZySxh5a
+Gz+yM9JeDcTJQIIi9FTtiI5EmBAmWU9Ny2GuehF71srlR6Vv+TNxZHZCPc+jAzBh
+3CAV7MPCTIDXbBTtRrh60063/x94KJQ6RIvnqnkX+y3A0wIbEDv8XtwvG8GI8q7a
+Ff95NQbv9wnAVBcG7YoEI6k=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3D 56 D6 60 D6 34 00 EC 8D B6 50 91 FC DA 09 9A F3 9B 79 A5 
+    friendlyName: Invalid Old CRL nextUpdate Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6D678DE8D634ED06
+
+vwypvzYx+kueXlE9gvBOHTXYAezmvVluBqFSC8jJO+am6Qe6ky3oQFcPMZ2xP9n3
+nHwS5xwXEdabH/uLxZ0t0uE41oWW3L6cpnhR+Rc4zY7qHB4pF/9fBya2jUg0fREe
+ItQrFbLZdTfLNMF5+DGuLwxE5RblToi9InTMBrZyUHBvE6sj8YFuZ//qzkV1VnD+
+JmIRZUNOBwUXsfCG4qoBrjOcrFgktQz8SsAxGflwWkchf15X6s5OxtHm5dImXpPN
+EPzewQSvQnnE9P8/44BLtvEwFRLbuR8oT+YLFcyJO//KgoZN2ojpjRB1/skW5BNM
+ABe91qhsyAMdFmNcWQz5HZ+ouovZByaP2CI3+J1WDUjakAY9roWS7X1pBXV792+W
++w7S1gd62vKS/+lds/SF6mrKPzJz21NJlgAtqPj5QrKvgN88MYfpEp3GxN8D7k7A
+lgeMVrHhh/v3aFaJ/G/Hl+nJmzunNaIdTXrqwIj70sqy+QWVOZOTkVevaW31nG4v
+Hs5V/ZC7+4gdG+Pu4XCFoRgVQKJd+XBkOgZXaX2XDi2WvCDfnPJA0calf+eUVUjq
+owoYbQCX5brOwUgqmkBzHWyFRqxBxvJqOLCreFykvWDQpSN6gmGaBlpb/V28ltLr
+V3rFBoZ6+tVnocDlUhvOkCrxpd99E+hmBkofyaQRH2az1fJCv/0unooxNFdy3FAU
+tsaQik2vo5NUpBhn14/XkN7/qv84CXVek54ip+ho9zJiuz+tAyu39dGdlZ4W5pMx
+euuR6NdVoeXmGzsDMW7AV+d+skgDSajlBgurbN6uIZqUS4emRjDizbmmHkecg8K+
+Q8UwKFVc3lQYdetgIdHEXPebSrhtfjfGSo7Ie8LIkX0vx0CAGeElsUwIYDfQxZUi
+Pe0K0HiDGG0f+Cj5lozDJM/Qlf4a0QK00qwABuoI10Tn9dfa0snUJcSC0gi9X5j6
+gwLUzKhb6KlSeU2YxPQFioIzWBMEy4Fb4P3vkwnEeTYe8iAwXXGuZ80iVeIkU3sI
+CffT4O+u9OTNNHqXAa9AHtyNyjK7RybJAahPThzriiMrBAgJfA7JsDEYbBfDIuIM
+O5Tj6MPHcRXLjoZp4shSfLzREvoZ67iSjwfc5rXMVgdCez4TQiq2KGsiYtxSt/gY
+mlioWnkyLsMpITAt68rJBGxM3Q22hBI1VeDPg6HOk4IBb4oDruum+/DpHgx62T7F
+UCPRbxybGqIoIFd1m4toOh/Wtsgj6uukAqLCc2mZF6LZCzV2jS9+KdDi/2dISNEE
++R5KlNAXTtlnhlfjwWTmbw9Xk+x8Km8LSldHgDPC8J5ZlQskxECKcMD7mC6qxZoJ
+6mcdyMKpJo2fqwyAkrDMal7lnFt04/O43zCobhVojfptju0GFXpXVIgRsr37t08/
+ULdYl/ZU1aa5jJNrlxM7XnyzE9s5ln3dJOz36Un/VeoMF4ffOotex9EV5NOzrPnq
+fXv2YG3pDfGHPPhrnQ+VJPeQspYplCDaRSX7m1yFw5B7wKXxCgh5+cTlG2FadXYr
+vkGg7YiBDPVd3IF0NhrI55ghEo8Q71WhzWFZibnjqPFpeh0inSKAQw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10.pem
deleted file mode 100644
index 3c896b358d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10.pem
+++ /dev/null
@@ -1,172 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Policy Mapping EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0Eg
-UGFueVBvbGljeSBNYXBwaW5nIDF0bzIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBgMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxNTAzBgNVBAMTLEludmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNh
-dGUgVGVzdDEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChB9eTYlpZl1JR
-8TrbGxGjxB92HiDmmZ2KLK8LOAzDhLn6pDzsOGwkyo7M6CDyAoWz/eaCmRD1i6qy
-QKVu2sn162p7KlvlNyd1JYAVIAPjkGR/a8VfCm9q3N/lRKwsSj/GZIek/8iSW/KC
-FdaqSGbsEbHK6Fn8vcQ4Lh4eUroNKwIDAQABo2swaTAfBgNVHSMEGDAWgBSR1+G1
-pJYIkfGicS9m2Sd7SoKTmjAdBgNVHQ4EFgQUqFpT/L04k96R6J+5dQbd8YN6qoMw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
-9w0BAQUFAAOBgQADIM+40SMZ1r8wWXESNPXd8FCdvGJyWdeFjUA0Ads0pN+XIsnC
-4sPLYgWB1xdrSQyNdrwkLoyy2UGPHgSTwlhlX7NxZHyfxaMZRN1FKRPHs6alDc/M
-603qZ04FrwJd54rHiHLAI5/fgJzZRu5bOUBiDFxW7skEOp/4AiVZG4+8Wg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICtTCCAh6gAwIBAgIBFjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0EgUGFu
-eVBvbGljeSBNYXBwaW5nIDF0bzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ANGY6UqVJ9oB3KneANaPiYS3vFaEAo7CVhPn358boVTv2/wQv8iwT9MvDcASa4Fi
-5kaob+B5k7T8qjNOtxaZJb69UDUDsAYww6r/NK5pkS1KNf7CJZW6/RQC06GsivKO
-kQoudXfGEjAMhmHNuEXS4biTlRuVUXJqLPq2yLwAJPZ1AgMBAAGjga0wgaowHwYD
-VR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYEFJHX4bWklgiR
-8aJxL2bZJ3tKgpOaMA4GA1UdDwEB/wQEAwIBBjARBgNVHSAECjAIMAYGBFUdIAAw
-JgYDVR0hAQH/BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMA8GA1UdEwEB
-/wQFMAMBAf8wDAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQBNuXYJvgOn
-wez9J/K4ZZhWpMPo/7Qso2S6BAoJh7QdTymJKxD6nDnPwetIpbQkbEtq+V30ZA+o
-6v+0cntT/I7cm9JKOXMOKn35BODzS8u5UJTDwWc/l5SA0scCSRfTT9LJambCyz+m
-C0/k+v5zw5VpFozVY4FoV4/KnwIhJPuDwg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:91:D7:E1:B5:A4:96:08:91:F1:A2:71:2F:66:D9:27:7B:4A:82:93:9A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        97:e7:b7:e3:46:cf:59:49:72:d2:0e:de:0e:f6:c3:1a:ca:34:
-        59:50:f1:2d:fb:11:31:f7:bb:b2:f7:dd:0e:fb:bd:6b:7a:7f:
-        e7:dd:02:be:6c:7b:36:1c:49:50:38:d9:85:67:97:a5:0f:84:
-        49:de:8a:d5:0b:d0:36:fc:6c:4a:82:cb:83:73:ed:1e:af:31:
-        dc:0f:6f:eb:69:18:67:b7:fb:1e:a8:1d:a5:36:84:dd:05:72:
-        52:f1:51:e1:93:6a:ff:2f:92:6b:7a:c1:67:90:0b:7f:66:0e:
-        f1:83:22:d9:52:5e:f7:58:5d:5c:7a:1b:69:84:91:da:b1:18:
-        11:c2
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0EgUGFueVBv
-bGljeSBNYXBwaW5nIDF0bzIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFJHX4bWklgiR8aJxL2bZJ3tKgpOaMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAJfnt+NGz1lJctIO3g72wxrKNFlQ8S37ETH3u7L3
-3Q77vWt6f+fdAr5sezYcSVA42YVnl6UPhEneitUL0Db8bEqCy4Nz7R6vMdwPb+tp
-GGe3+x6oHaU2hN0FclLxUeGTav8vkmt6wWeQC39mDvGDItlSXvdYXVx6G2mEkdqx
-GBHC
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10EE.pem
new file mode 100644
index 0000000000..9f7ffefc55
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C3 F9 93 C4 0D 7F C8 D2 5E 2B F1 AA FD B7 35 76 2B 93 F7 1D 
+    friendlyName: Invalid Policy Mapping Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Policy Mapping EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=Good subCA PanyPolicy Mapping 1to2
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMiR29vZCBz
+dWJDQSBQYW55UG9saWN5IE1hcHBpbmcgMXRvMjAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTUwMwYDVQQDEyxJbnZhbGlkIFBvbGljeSBNYXBwaW5nIEVF
+IENlcnRpZmljYXRlIFRlc3QxMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAKgYrs2bp2rDpT6ZXc4PgBYjMV+WHjSqGUgrAPdR62UDChqzNHrE1Pw0Lgh2
+IoWY+M7poGGp2Gsl9puYwBnXoViJ4dcD3EHwJGG0FvlWGpvKbV3l1AAd7cEJHokv
+S72hma5YVH20kPfdF3Kd34WZNZTY14L0k+h/COfBuL9EQfq47rmSAiWLy1K+4fBF
+jgc2Fo+UG37bpSxjZqTVt0dPmHzaJT5Ft9WfElx9GDQPl8tMES5gbY2asmubPk6q
+FmG6ey1hM5Tn4EvoouxgHEEAKqeo6jZVPbVgDgL6vKiMbmDUUvB+ujR+diuvmp2L
+HxrVx1s2bXkD9mkal41OxPy9/c0CAwEAAaNrMGkwHwYDVR0jBBgwFoAUW3N5meOu
+BtOKpjNOFHjkoB2x5MkwHQYDVR0OBBYEFPG//ujd6Iehzjh3gjYhBFAefR0kMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
+AQELBQADggEBAK96lyXiY85zaUn/7YefYb8m7f0S+IghFiiq8tbityudKhvMlna6
+0C/os+x2O5Mhy84okB3MBcjghp9/Nl2WUnyYyO+BjCeDk51xyAFNtXl5VkEsa029
+vfMKMWWOy51egYnVzErYmeud4H5pOFB7+x/55hMbMRrs6ww2eqtuM+i14iYKLNaM
+MIAMJKMjGUu20CoNnEeYz/lLCtcD3+/qlMrBcnM+H662A46e6L+5Q/o7mMyQQCvc
+jMKI90clD+5t7o6pA/rhv0wSpYz/GAcGciuAA5GMuJJOZjHSycMISz3nrBFvo6Jr
+F5tYb+cl5W0BUCJDswlj4X0wWsXvblfOG20=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C3 F9 93 C4 0D 7F C8 D2 5E 2B F1 AA FD B7 35 76 2B 93 F7 1D 
+    friendlyName: Invalid Policy Mapping Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A32053B6D3456380
+
+b3XSd0KkeY/Put6bpMXSPKWjmmmQGmo1oBTol3Gucht0gv9oVx3WQ2F2C0Kcl3q5
+GngVI39rccFLRt4uLbBugJ+FwvGuukeCW2OYF/PH+vuYZXfzKrS/DcuVV0q/KchN
+CkqWwSGFCLtUibk+jDwtSS0N7WzLmmXTBhBUrk7vXSP4dQex5xEuVJtl0/rXvV6j
+jQno4k5UwFldNY1Ynffaq15lxu0p0x67f4rR3mJjTwXS0mHR6T6t5uNqUUlQLl7f
+fVjSakaAHlVLhZmKNJ2vgVTaHDMOZaDOiQ99DFseaKajhUB/tCYd5sq7PLeOoeLW
+pLm5VcRt2LQyzMicoHTDfDSKNpcfzVxv7uCAExOaGE9DzPpe8WqwiWRvhuyN4+XT
+f4L2ZjOXxvcM05v41x/xxTKDDZEt7YitP53YQWgmLwR7mrba0jYYRWK6WyR0VzsS
+kW9KCvapfBNO0LVTfUhEVrpqk88pIy0X3vLk/Fa52G2N4bj8TU+hDyudilJCnL5c
+gHIPOyP2YGkatRdMsZh5janilmom28RV/wnoESMKIfRL0Gt8Ct7k6syg5rp1X6r8
+WRD9pK1vp3BQb7dGOzDM13S3ZFD49hqoIQb1p3Lc8S1hlDKQO0pVvuPHK2EltbwV
+R0nAFbGW506dTNdpEbAR13zXS0H/WtisIAxVtpiKPY3vEEFX+dmyU7uKICCcttkQ
+LV3LqGo30fg5NgX554g4x37pW4wj+SDbHnmw+YaTAgSJN+n2zfBYmh2nb7WZgBSO
+5cRRwDson3j4HUX4Kdxbi1zNzQy/R7PKwtq9i/BpSxFLvFFt/nVbKCH2AQ1p5bqT
+kaYdL2b9L8eb82nJE42gOJ2m9mLG6FmLWEcb5EAyH2MTCET403T//cun+EVu2raw
+iJ9oUuNQfVGbU9dIkrVQ+fpMKkO3yiB9GoPYy0U8zMXRvKJEruKZpLKGgz/RNWex
+Rb4umWp43DhxO0zCLVWVAdr/Bj2qgGjDDO8j6TuYO1zIb8M3Y6HlQJ//3GDmmEys
+yzuLmIMpSJTbqQG5+sXdjpUfH3UHEYSda3x9g8irkkAPv5GOlZwoSaw+un4VvAK5
+qE2zj0k3PH57/1YKdddUZUqYJm/L1TP9TzBxWYyDgWH3DxY/mGtz2hcIDs48wTj0
+IaiBenFCy0ulz/+zg5e8bgFXPqzyFkOYQg90Kj1Tm+E73Bd0/my7FpBGbDvs+xzV
+aZIrG5XxeOumLXRMr3SrjpgqMR1izY8oSpbWsBXGKyuBWaBGS3Qxd3riIOnFXPxO
+89XO/Jn2Ts3VneDvQaOotAcgrzNT/FwiMtfwk502Xes/Mg/Chb1C+hloIGwJBD0D
+NuE3R69v4Ky/BgvRUNmIvcK5sKuRgnDW0bMmEP6KdLx3IDxPVME6TV7W0pDVSiU3
+j3WmApXzM+Fha+W6aKfZuIu4rqVmQKaNc7zDD+5Zc4YkyjMW43r05vbjBR4GDp2K
+DptJ/xlDLNiUDJ8IdP8t+5Uz1rPRb9VL4aOuSvvM3F2CgaeECQ13BEzMqX3TIrKt
+n2BXWScOnLxDb8EpgA5AjjGRHrwtJ3LsaKC+ck5bYj2sM+aXuhduzA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2.pem
deleted file mode 100644
index 43fc124d7d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Policy Mapping EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=Mapping 1to2 CA
------BEGIN CERTIFICATE-----
-MIICgzCCAeygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD01hcHBpbmcgMXRv
-MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF8xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE0MDIGA1UEAxMrSW52YWxp
-ZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAoadvCebWnauqUaHFp40w4mCV71scsCOfYsKd2A1Z
-qG7a+bY47N5PYZ3U5Ma08y9eYo1tp/KdyjpqVjRyjuThypOpD9w0G+SKNSSO9qWC
-MDvLPUi28tTApRjWztYYwN/g5vFkSu17fxV+2UFjktKI5L7kajObs+ukIn+CZjp2
-ZJsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUNzuKobqNp3SbwOvWOcshDI2jVn0wHQYD
-VR0OBBYEFP3Ru6m0Dy03xmdc1XvYMeSY1zK/MA4GA1UdDwEB/wQEAwIE8DAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAGhBCvmaevxrJ
-N0Kz2kBu8iSaQ909Y6uo5N0DyRRCZQGADpcApXIr7/C/Uu4qBIyC3WTBsx2cxZFV
-5FThscR7x6s7loGSYxVh2GrCKj3t643zzznkIP7iMZxSGBdVJpEsjScMJ/7tXnkp
-IaawhSXoSuDs35Gvi32ldHbXmUh9NvY=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Mapping 1to2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICrTCCAhagAwIBAgIBMDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPTWFwcGluZyAx
-dG8yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXwTHRx8gVHWtSe1VX
-oLPFQmGX4Y0U4v535jowfMd9254hmwW4VbZzK7rrXGOAimFxGHKwa7mkPEo80MIW
-8YQC5HZs3jaXLh/xsmV1qlzwceCXooef+wu8W0pgoJ63MmY+ZJWiNK2ygRV/EVFF
-x2ii8ZGDW+SKEX2WIYI7JhmcTQIDAQABo4GzMIGwMB8GA1UdIwQYMBaAFPts1C2B
-nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ3O4qhuo2ndJvA69Y5yyEMjaNWfTAO
-BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB
-/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/
-MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEAphAVDZECciXjDiCta9HU
-ZubezLaRjcl0IaUmTlvuhUqkfGG2x1KhB6QTq7JGCmBrlxL93qhU+8sGW1k26/3p
-c3hc60bKZ5oBG96iN05oLWWF3udbqBESMO7gn1zX14s97qLtuqQAyuERy2L2uOkk
-n/emInqTFTixe284WjHR3XY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Mapping 1to2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:37:3B:8A:A1:BA:8D:A7:74:9B:C0:EB:D6:39:CB:21:0C:8D:A3:56:7D
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        29:63:8c:57:a4:35:bb:2c:2e:a0:1e:7e:c1:e2:0e:39:2c:83:
-        d6:5f:29:3a:03:70:63:aa:1f:42:e8:fd:3f:64:f6:8b:ad:86:
-        27:c3:a6:5d:48:9d:ef:6d:bc:be:7a:24:a9:6d:b0:4e:4d:58:
-        4f:52:c8:bf:dc:70:7c:ea:8d:5e:54:12:db:5d:62:c5:63:06:
-        2e:00:b4:d2:fa:51:6c:da:3f:41:04:36:14:ce:63:b5:46:e6:
-        7d:10:01:db:50:07:69:82:6a:34:45:0b:38:5e:f2:d5:8b:77:
-        e4:ea:6a:7f:9a:18:fa:74:ed:b4:5a:ba:68:f2:68:c4:d2:55:
-        17:9e
------BEGIN X509 CRL-----
-MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD01hcHBpbmcgMXRvMiBDQRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUNzuK
-obqNp3SbwOvWOcshDI2jVn0wCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-KWOMV6Q1uywuoB5+weIOOSyD1l8pOgNwY6ofQuj9P2T2i62GJ8OmXUid7228vnok
-qW2wTk1YT1LIv9xwfOqNXlQS211ixWMGLgC00vpRbNo/QQQ2FM5jtUbmfRAB21AH
-aYJqNEULOF7y1Yt35Opqf5oY+nTttFq6aPJoxNJVF54=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2EE.pem
new file mode 100644
index 0000000000..d371a30fe0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: DD 2D 93 ED 79 0D 8A 49 8F 16 40 52 06 71 64 BC A0 C3 D0 B8 
+    friendlyName: Invalid Policy Mapping Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Policy Mapping EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Mapping 1to2 CA
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPTWFwcGlu
+ZyAxdG8yIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowZDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExNDAyBgNV
+BAMTK0ludmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDIw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP0ZnJwVL9VAfdOd5XKlTy
+DBfVk0gJc5L/Xc1KAvdB4p8wMJnx08oy7X9zp2zJUdN8nMP8+C/PL9LssmwLIPCz
+MfZJmiCynpann3CPnoXjlRyYZtHFMeW6D8ganSXetE4O1vKrCR0KOVU0xEwp5PuE
+JvC2c9QrTyZQYKgv7Gj3zZ2QFNi46Mullsibu3FOWfVpncFDZMebzPS+qIfv5I5U
+Vjec7wYjoSY25aL1/vDLwkzlTBkrPjGJeGb2oKeK1cmuDzHB5k6kPTpyBXYpF2z6
+ifqjU/wLFo94hASA0l4cMh2IstJ+koKUZIuWOipTR5K2nDMywNpLyrHwdJ9Nwzwt
+AgMBAAGjazBpMB8GA1UdIwQYMBaAFJnFeGnLPTN2wpmsROWwDv659NvHMB0GA1Ud
+DgQWBBQc93qRn7CZN550xzB1rEvWIX+9tTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQDGxaCY0Qeaztw8
+J0tdbO75i+EoXmPj8SdrzEvPS4YNnCsOt0sgBKQeP5BpfFScQgIoGHTt3leCUXlM
+c6hu8rLTLB1Shs0ZSAPj+nmNx4LdppBbgZQ3KNBzhsgvz16CXK3PceMIuDfrcyRR
+DtpqeIXCTp66esYzwq1LsdJuBdusYlkywZ/Q4NR8cHubhcAFM+iA289XjucldDDK
+Xo1L2XERrSqXK3R4p1ZUIIcbYeFsOhZyBPU5UnXJcac4DG5LPZnnZxMAbUL8Rq+9
+nx4NpZeML+uuIu+heoU51t2PzKDjJZOFhnspC7ZwrTmAYYIxTblTaZULF97Zvvc5
+QKBZoV2y
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DD 2D 93 ED 79 0D 8A 49 8F 16 40 52 06 71 64 BC A0 C3 D0 B8 
+    friendlyName: Invalid Policy Mapping Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9AA315A6F70CA697
+
+UpFJgV3wr8eBPi/ZnZni/I2XHHWMLBoM8LbF33siJxRhRGuWxqbg8ja0HwbY1KCM
+whlDYTc+wWp1VwEf8vxSykcdwBjgPlS9ITjf09Qr9A+YquKVZD8kLt9kBWeoFtz9
+RKlsZ2a0MNoQ9aEA9KgrR21K3iuxHhyKgacba4anc4wDNOJgmMqww7KkTTVN+y5C
+4P2mFxPR+57MH7sDyAdCrtL21kXdlzoAUqp7HdExKqJhb9RDbSiaIPDuCdIV4GuG
+U1N1dVVJRU+dpnLVOACmBZWJF9RoavZzo/CIL9aSHgYCqBpqMyM9xRL0ZzXcHtyq
+jTeqkSY5L+ffKmZQrdpz5/zAYlcAgpWDfnvH2VhqTw9jOjbXT168/zIXhoX9ZfSw
+WTX6Ko3s6Hxdq2xds4AFAt4eFJ321JVuRa1pwMbm/B682QVxsEQMRGmsZQRd46rc
+Hk1RCP4IEkh1ERU/1R6s48rL72j3nhKgs3reh67p8Eyawh1UToF1nerghUBlqHu7
+KOaUBOHwHWAAdEINf2wQKnJsgJJ2+4u/g2nwhUgyvn/XikstUCHMkx7Sx80aq16C
+tyQHZohWFU91grZO6Xixxbj57nJgtzD8hrPsbhNZ530ECNiHBC7BilJ5QXGRGAjP
+BWFSuNpP7payaETMQkWts+m+yHFEgSsdEFo4q4kZLLm/unR1SYQGcJTMF68efBlg
+MUc+//uXGBkeL6r2iwPeg75l/T0vrSdhRDSH64+2vitoJ4MXu+QotDeZKBwPuJXG
+umk4Lusz2lKbaBGhKTCn7zqZPKR+7ixKDhOYMtlquczeoQVBv4qzCdeI0+EKpTCz
+zQeRkS6J9NUiaJopMqY0LAzisWfAEOIu0++kJ6t8+XyGTIKNR7Onlh14p66pP+EL
+WaPBrIB4gXlEj4Sf+lrrv+k8scah7iTsQA+y3vpqGv/f8clZ4vB2OHp2UtXFxhka
+bcYUuXrRk8z48Y8YinQr/KYXLWbJAqOcHn0K6IkhbNusT8FRrQFFKJmBFkWfWeW5
+7Nllrf3jsQC8qeVb+PiKt2nmaP5iJzK4Z9djxSyusDIszTklDTmX5L1+K4jEa8lv
+ch6pGEXNBr5LC5QOl8OBfKzRgFRjCjFchEAHiuw9eeMQLd5mxXA+z3xQxr7jdTpj
+K+SMIKIHzzsX7pGmzyZY1LbpyN/DvfCT2EgkXOtiGvV8GuHCsDMtkeMUIij4aTV3
+0aRkjOM58AVUVGNwN8TqnOZIxcv+1Jdb2/JGxK9b0y/ksinfBUr+bulHUx7C608F
+y5mbNEVA1mlRX7PV7cywWXeyPtcQchqHgi5IHIg2xKkUZhZOYbB6NIfaVhzNdV83
+7AlZ5w/04tFCZgkoCq95ndcov8Rxdjx/5KDDwx+07GcXalMQCfKO0lGFNYMlLtxJ
+NjFHh4RcIMS1gwQYwkuWbB4DYg63Vp+oUapeSMbxm4Jh3TatdMmh8fMV9fjE3hVJ
+XzD8mbBgD1SbU07CIWCFaYMmqZcaYparGe09XdbjoguNRiTQyMI+kVMeS3Iuk1wi
+bRn/dirFwfRdB1TkoEJZ10VUT7FAD7fosGgs8/wY6IK/jvf6T+Gs+A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4.pem
deleted file mode 100644
index 5c77a406bd..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4.pem
+++ /dev/null
@@ -1,214 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Policy Mapping EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
------BEGIN CERTIFICATE-----
-MIICjTCCAfagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVAxMiBNYXBwaW5n
-IDF0bzMgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBf
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNV
-BAMTK0ludmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDQw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJprKoJhJkwv9iBN1IYtMV3uRD5s
-uHrGKo8QKVwNvqYLHai3buTlKV5MkXVGAX4jOoo4gsNST1yqaYHmB/PN8gpC5Zei
-k0+5yWdAraOAj6IeMEJzs6Vu9ajsCKNQ/hbc6SBJ7wYIxviyUzvUVS9L7tGbO9ww
-+pDzJ+GDcBzAhMJNAgMBAAGjazBpMB8GA1UdIwQYMBaAFPYssbcpta6Vf7D4OUFT
-LS4PBOPHMB0GA1UdDgQWBBSEY/EgMg6/W2kqOBHmu0ZzH+8FdjAOBgNVHQ8BAf8E
-BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATADMA0GCSqGSIb3DQEBBQUAA4GB
-AI26nbSlHGf56TsealBKtrzfLJm4+UtAODZ+a5qU/JtzajvXGdh66TgEK+NFB83w
-h3OtGs/OQ39fhXosCcXXmXk8mNBj6MokhRptFdnJz+edT9yqz96ufAHZSKpG1Di2
-d9bllknCKDikzWUOGTOiCuHc2n7ymexbgnYnUAdvLw2s
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICvzCCAiigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTUDEyIE1hcHBp
-bmcgMXRvMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmTEwLH6u6mb6
-kvz4ulbBVFC2Ea6WdEv2uH/vNi23mER2Nl+xAbeopiy3OLEiXavvD3uvVjX0bSOH
-BGk2j/ern/Urw6djfKt5V4O3NMYi6Grvfm346kdutjJuBcNlhLOE8mLXUguspocr
-AoAEjrQtuS4Bkb9A5wj3OYy4jr2JhtMCAwEAAaOBwTCBvjAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUreIKE61SbSWszamYogoEaK1y
-rrIwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpg
-hkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEw
-AzAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQAD
-gYEAEelnHhW6SAs3Zj4a5YMVTKDe7vCThen9bA1Awt3yFincViRt5/s2ZyzTN5fr
-Xi+2m42Gm+Anb3D7rpV9IJ/PahHq4yrKSrcAzhT3IcHbuHFNwiw8Z3T+31hhjJUx
-3atYpYOZZPYwuT0inFHJWRfBNA8NGBtqYlxI1C+/ucdy7ik=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
------BEGIN CERTIFICATE-----
-MIICwTCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAxMiBNYXBwaW5n
-IDF0bzMgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBNMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMT
-GVAxMiBNYXBwaW5nIDF0bzMgc3Vic3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAJjo4/4TekqllLI7gPzmE2OceB30SRuraEVWVdR/lmFpFTks5fKkqf96
-WjYpnJZwaqE1ZdUQxgeNsswPm4pUAhVmU9IHvqBaM+bNXFsrwBOYYhfZY3xnwcxp
-IZsvkLPuEq1vLwxpn+0zTDOpDGf9zhiTrswEUoGYBwOVqRDaToYdAgMBAAGjgbMw
-gbAwHwYDVR0jBBgwFoAUXcS6eHk0JsNyV9FZ9KPiVKcocdEwHQYDVR0OBBYEFPYs
-sbcpta6Vf7D4OUFTLS4PBOPHMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwG
-CmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNVHSEBAf8EHDAaMBgGCmCGSAFl
-AwIBMAQGCmCGSAFlAwIBMAgwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOBgQCass0kmtqSdWX5lffBs/tSTSvnGK38REo2IwTFLHduO4cvzAyS7ProbF/J
-al8FtT9mdnl+NpwrH4KlFNu+uti47wFj9xov/kbcmp21DvZ/m8ihmStk4FG2r6Ad
-0gdmVfBYem0mOu/1r/F8deNFP/Dpd8w3KFnv3Dd9wZd/Eb5hrg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
------BEGIN CERTIFICATE-----
-MIIC1TCCAj6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5n
-IDF0bzMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAx
-MiBNYXBwaW5nIDF0bzMgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AMsNrOgngQPHY/5QvmR5y8mHOJJ2T8Vjf+3/DPv5eMF+q11urxfCat4faDdtchBa
-QXOWQ2TEy6tqpR7u8UJ2wnI7phld51gAcT2I8V7swo/EM1Ga1i5bWa5G10vPmZw5
-l7QwqT/D6JkHdthcaJdQrBP9zesYPEp13RFQU9mP5451AgMBAAGjgc0wgcowHwYD
-VR0jBBgwFoAUreIKE61SbSWszamYogoEaK1yrrIwHQYDVR0OBBYEFF3Eunh5NCbD
-clfRWfSj4lSnKHHRMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFl
-AwIBMAIwDAYKYIZIAWUDAgEwBTBABgNVHSEBAf8ENjA0MBgGCmCGSAFlAwIBMAIG
-CmCGSAFlAwIBMAQwGAYKYIZIAWUDAgEwBQYKYIZIAWUDAgEwBzAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHwK+aOYJpXAoXSRQ1o82pqD++jA/uvr
-2eJoXbcch64CAdRNuCA7rQoRAx1nSUgjoLmHcTDrowQzodrVXVmCmYqXxB5XswG6
-z5Oj09NorxHxpAs7E/izElYwEXl5n0NMInD6S2r1SWOnRpGnCL8PYM3gW+xne8rJ
-CZMIMADOWvrc
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:E2:0A:13:AD:52:6D:25:AC:CD:A9:98:A2:0A:04:68:AD:72:AE:B2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        94:34:62:ba:34:51:b4:ad:dd:01:40:fe:3d:eb:bc:6c:7c:89:
-        cb:f0:7e:e5:38:03:50:93:5b:68:ba:d1:ca:14:39:ec:a8:9c:
-        37:24:c3:0f:01:eb:14:67:8c:07:fc:37:1f:bb:45:b9:4f:5f:
-        56:ad:f3:85:03:23:a8:bd:93:1c:ca:01:e8:b5:1c:c8:60:18:
-        13:95:bf:5a:11:11:b2:3c:3c:27:69:bf:97:08:c0:b7:4a:7a:
-        39:5e:03:2c:67:5a:11:a0:4f:6f:8d:70:4e:e2:b5:31:73:2a:
-        bf:5b:15:af:5b:4e:14:e0:73:5b:f1:2d:cd:bc:75:44:42:d4:
-        da:3b
------BEGIN X509 CRL-----
-MIIBQDCBqgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5nIDF0bzMg
-Q0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaA
-FK3iChOtUm0lrM2pmKIKBGitcq6yMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUA
-A4GBAJQ0Yro0UbSt3QFA/j3rvGx8icvwfuU4A1CTW2i60coUOeyonDckww8B6xRn
-jAf8Nx+7RblPX1at84UDI6i9kxzKAei1HMhgGBOVv1oREbI8PCdpv5cIwLdKejle
-AyxnWhGgT2+NcE7itTFzKr9bFa9bThTgc1vxLc28dURC1No7
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5D:C4:BA:78:79:34:26:C3:72:57:D1:59:F4:A3:E2:54:A7:28:71:D1
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        15:bb:13:8f:22:9e:5f:ae:7d:26:76:5b:6f:8d:8b:a4:37:1d:
-        fa:87:83:61:23:70:ca:f2:bd:ba:ae:72:04:3e:0a:21:70:4e:
-        01:97:4c:e3:16:d0:ef:d9:31:50:6f:5b:ff:51:10:40:73:82:
-        0f:f2:00:90:1a:bb:f8:93:68:b9:0c:15:9d:b2:c3:5b:56:73:
-        52:d3:1c:0f:75:2f:51:5b:40:3f:8b:71:42:54:33:af:55:20:
-        c8:ff:bf:ff:68:43:78:93:55:01:fb:7e:4d:db:a8:57:36:34:
-        df:a2:90:75:bb:fa:23:f3:9f:de:e4:4d:92:30:65:8c:f2:64:
-        e0:01
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAxMiBNYXBwaW5nIDF0bzMg
-c3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFF3Eunh5NCbDclfRWfSj4lSnKHHRMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBABW7E48inl+ufSZ2W2+Ni6Q3HfqHg2EjcMryvbqucgQ+CiFwTgGXTOMW
-0O/ZMVBvW/9REEBzgg/yAJAau/iTaLkMFZ2yw1tWc1LTHA91L1FbQD+LcUJUM69V
-IMj/v/9oQ3iTVQH7fk3bqFc2NN+ikHW7+iPzn97kTZIwZYzyZOAB
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F6:2C:B1:B7:29:B5:AE:95:7F:B0:F8:39:41:53:2D:2E:0F:04:E3:C7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        6f:b3:1a:29:36:35:76:c7:62:11:6e:e9:29:e6:83:8b:5e:bf:
-        25:ea:4d:71:56:16:50:25:92:68:a8:a2:e9:4d:09:a3:74:36:
-        e2:9b:c1:52:dd:87:0a:64:98:58:da:6a:96:e6:c4:02:90:d8:
-        cd:4c:10:71:4c:98:1d:bb:d4:8d:7d:74:f9:34:3f:98:f7:8a:
-        5e:eb:bf:7c:8f:90:2a:7b:c4:f3:29:cc:3c:62:a3:f8:08:c2:
-        0a:ae:35:92:8d:ed:c0:30:a3:f2:a1:c7:7c:a1:68:1d:b0:48:
-        4d:c1:4f:50:7f:1f:af:c6:f3:a1:d0:ad:8a:1a:78:05:84:6d:
-        d9:7e
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVAxMiBNYXBwaW5nIDF0bzMg
-c3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFPYssbcpta6Vf7D4OUFTLS4PBOPHMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAG+zGik2NXbHYhFu6Snmg4tevyXqTXFWFlAlkmiooulNCaN0NuKb
-wVLdhwpkmFjaapbmxAKQ2M1MEHFMmB271I19dPk0P5j3il7rv3yPkCp7xPMpzDxi
-o/gIwgquNZKN7cAwo/Khx3yhaB2wSE3BT1B/H6/G86HQrYoaeAWEbdl+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4EE.pem
new file mode 100644
index 0000000000..2ba54b3a1b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CD A2 F4 2B 63 C8 3E C1 A4 26 1B 31 5F A7 8C 6B EB 6A B7 B5 
+    friendlyName: Invalid Policy Mapping Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Policy Mapping EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDnDCCAoSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZUDEyIE1h
+cHBpbmcgMXRvMyBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMGQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMTQwMgYDVQQDEytJbnZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmlj
+YXRlIFRlc3Q0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOegev0I
+rw/xlikpHk/FMYCcY96SImlDS0RBDaTJkie8ehC41c2dn4GAWeTxoFn5c+joQ6dq
+Y1Po7teA59bYP4USHordfUKh7UjD36NPQnzbfU4GVUmVksb0f5PdABQnRwmYH+AX
+ZaCfS37WRuoge7+XqUza3YLgY32y1Fh9VPNRygcGfvbhyYv4S2T+qruvc70C5ILB
+lBGt+deKtqDqngE+7DZEZN6hn3H8Fgme8AAPdx48JNTLi4apId9Aag0BR7MMb0nC
+Ntz463ci+/EhcD3HYZihuoZQ+kDlF2/zQOukhnebBpUv3VZqDuCvGJUAZPRrDRRo
+dK5QZ6BSyfJ1zwIDAQABo2swaTAfBgNVHSMEGDAWgBQAXTk+D+WqKl4t9q5oKq0z
+mz2bczAdBgNVHQ4EFgQU8p5RygFbuse22sy2ekGu4lIT1zQwDgYDVR0PAQH/BAQD
+AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAzANBgkqhkiG9w0BAQsFAAOCAQEA
+bXWDCbc7hJbeoWLcbO9gVwLftrtj68acV7Z+Jq0giW79OirTxTOZz9qmrkHiVZ+M
+l5EdyY8TYchJBzxztll0mpbCc8j4tdin6H7I5X6/+RnTp3OBN6yln9X9Ap1iJTzA
+t8y0K0LR55ytAMboQBvv7Qzd5AaWV3LP5Ue1QbrSMBwy5CBeUz6wKktrgzXUn/UM
+Nmuf01iaEAt/GbhrSxC4EaUIF3P3H1u/TI/8Jw3uKdKnCMl1I/FGxeJyQL5CqJ9a
+jFoZCpRcYKFItuPzr3HIpcjqaiZTB/qJXCLOQr4Vc2HAIOtt/eV2FXIc3pgqi87p
+wojndjN58Fvx90EZIkOiMg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CD A2 F4 2B 63 C8 3E C1 A4 26 1B 31 5F A7 8C 6B EB 6A B7 B5 
+    friendlyName: Invalid Policy Mapping Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7784074D4170A74D
+
+QuOusDv3vk1IUQEPwqV+p8unoJTsvfgFwSOgKI4keWDWGC8v8jlcKduJkHrDAGmk
+X4oBRY82mcMjOtD7VvYVSvGkdVUPz/CQF6FdUNCpzTR9DrZHDO3dYnqNZfO6xFd0
+ZTa8HYiiiM7/NOb6Vjms/1HVg2dw3gWcUaiX4o27JYoEi3VvggMAv2W021HHGlud
+ppHw/RvY+VhLZsLT/JfgF5NvSUP/n2nkKvej+mFwuwuRRqp6TNqlwOF4iAgtiCWX
+fqdq8/XWmyvGf43M/n1Ipz/q4zQxIzNrq/ZNN7C255cQGKVf8n0H7b5zxoQcLDGz
+odVr16t01X/PM+i/wJiph1BcY/xYRXGkIGpu8l/JfGx7rwZCS4IhaEHnjOzosrnH
+U2wGuVkC+AVBBCz0dQzEcqm38TRl/c/8c+lrepDpY5H9WsMAfo7fBKPT2FyO0Diw
+G8PX6NDyEsE0L41Wbqpob7gmyApNmF5iH3LPTuLapXw0OQiwEj3KyBf6ktSO0dCP
+/gP9k8FKqVmzuwGd7/1f4NoZxYEg1F7CODSAxKxPJphSHKeQi7e0SxqvT7AsEFqe
++BZ7crQ+B0+sSDsMbSzNUeX5tQFg8NyHs9IbbvSCeDV/8mF1T/xxlIlUs0A6YKAY
+IByqE4dYbVvIXKcLPUdDMHu9nIusna7tcgHk7MDzLqRs5JLADdQRyLe3zolRaAdr
+QJFLiE1yDdspJS5iyfeYr4fDzSs7wg5A+M9oF4JNTRarZgUMz8CBwowV5QY1XZS2
+8i2LMKUSC2iTwz9TwwnkaSQSJHf9Zc50iAn+BW5Sq3QgDUATEiRDmmXQfq7DiFQI
+BTM/INoyYA/BoqnV1Tn5iJLC9m2XGBUNH+PEwcyADC1Jjv6gqZOe8XMizMUcqKko
+0yZMERleSwvDOeTIctkiHLaEFUwYOQnnHd4KIJ3UZMt+9Ce/UnwZYQMV+mtMiYEH
+2j8BIOz51h1GLCPa8Lc1KRVHDwn8riBpugH77NL6XcfsiAI/1DpUG2u/hcnt8Tp4
+VZeMQT1ugJQUVQNxqRFrT8vvwyk5IsmgVa9RbSGmuIJk7dT3lDMFMmgEpEFDa+wH
+A5bL6y83zbYV5bzNjv8rHn0Vj0Zoo8dnkBva20OyPSlLAWH7Uo3D7TPIZNJ2PJwa
++6OlaVaPOQ/iEJqv20TqJ4qHkTynkt5dpJZDeXTzE1w6+6CABcWPdnE1bhdDTY3u
+Mrsw17n4gRnp/AXCgUZSg7dO49x4ZdNcsOQwIrmRrjXZ1vtX4nMaewN3e61KHc2H
+q6llFD1//0qLmWC8tAkW+jLDJalblJPo+BqjefGcp9ts6+/RnqR0jfDX8nTVNf9T
+alpIef//juR9V/nEloUQm28tvW26MDd6k3ESgs9qBWtofx/4TQ8hfF2T0Qg7dLfQ
+tQVcWcQQ2ZcPdv9rV5y80k/sCJpWvSZYkRb0pTHMtueD/GZg36XK9kLsbw6OermC
+DI6qNMIywpC527nYgx2ENnjAB53TCylfaOWrNaOfCrXnkmapGcwrv1kMNRClGCQV
+aXeDZEQhpWrCGLfpRanYDUvUJ1BFc1XvULQGSOH2+9viVWuFMdfF3vo0NZ3U27kD
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22.pem
deleted file mode 100644
index 074716e415..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBQzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOYG
-d2HszTJIsVTazKriCUJ/ExxUo4U4HEZN9+/XVXsQVkZYIzWtyCTC3IFmSAyb9ZED
-Gu3jmF/evXpfNXmxiURUu6W0bLEpIkZiVpPpTKqoJx2EHj+wXOfe31AD0OmKidXP
-66+LVgIJLWGMr3Msbzb4T3gpKb2ynQc2/XnE3RkbAgMBAAGjgaYwgaMwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFON/hXqOojue7rgS
-HXkTqsS9LlmtMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAnBgNVHR4BAf8EHTAboBkwF4EVLnRlc3RjZXJ0
-aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAJjXEGmrQ1/Muud+NZwajR9x
-it/32SNVvHI+/O7bopout/RnhJudrmsdqGlcSk0KXfcXI22cJOkAYe1M39znxgba
-VitYYLxfsS+3O2pLpMgQMFCZuOJATfAQUlui+dVtPTaIam7jimms5Qam2K2SuZ/t
-eJ2J/rIDHCOrIGktQS8H
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid RFC822 nameConstraints EE Certificate Test22
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0ExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMT0wOwYD
-VQQDEzRJbnZhbGlkIFJGQzgyMiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNh
-dGUgVGVzdDIyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZ3Uy3P0KWoLsX
-XvhOf4ODgEJBTbtvW+xeevCGrTVdm3mG+1Lobp74rIRSpQShRCN+ltNnmEOHPIeJ
-YuV92pX3FQbBX9mz3ZgKznyb9qVBwysiyfX19PBeESDLn+O6Kcvl9XfUu3HdXMQP
-KA+UPU6txM1pbhkvRK5OSG/TBaRI+QIDAQABo4GWMIGTMB8GA1UdIwQYMBaAFON/
-hXqOojue7rgSHXkTqsS9LlmtMB0GA1UdDgQWBBT4EdpzVCY8SgosOEgawdqBAjYT
-5zAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCgGA1Ud
-EQQhMB+BHVRlc3QyMkVFQHRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEB
-BQUAA4GBAENRegfOIUdgTAhpzFZDtmSaJUrYqkW4ft0v2t+flv6Nf+uAjlYMXThj
-7Q4LUtevMKeoFkGX5gnGL7HKo0/QwTPETD0qTCYcQo9uw3SCdVie4kp7X0/w/rHo
-sNUMPAPe86k7l98/xN3/zO6P4o82pX4vp5xqgs5koOZKqExh8kzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E3:7F:85:7A:8E:A2:3B:9E:EE:B8:12:1D:79:13:AA:C4:BD:2E:59:AD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        b4:77:73:f7:12:e7:d7:20:9a:bd:e1:00:a8:b1:6a:7a:65:1e:
-        8e:56:c9:ca:38:33:7e:d5:37:41:c1:e7:95:a4:81:ab:9b:40:
-        31:1d:aa:6c:14:f9:19:e4:3f:85:6b:24:ff:d6:bf:cb:fd:27:
-        a9:65:35:5c:b7:6b:82:87:b7:e1:c2:4d:34:ca:42:5c:46:66:
-        45:11:d2:c0:48:0f:08:8c:b0:a7:58:66:63:9d:ae:0a:68:0a:
-        5b:5b:ee:fe:12:93:77:03:90:6e:a4:8d:32:2e:56:56:cf:1f:
-        85:b8:95:52:f7:73:78:5e:d0:04:66:2c:8c:ca:78:36:da:43:
-        10:07
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0ExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTjf4V6jqI7nu64Eh15E6rEvS5ZrTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQC0d3P3EufXIJq94QCosWp6ZR6OVsnKODN+1TdBweeVpIGrm0Ax
-HapsFPkZ5D+FayT/1r/L/SepZTVct2uCh7fhwk00ykJcRmZFEdLASA8IjLCnWGZj
-na4KaApbW+7+EpN3A5BupI0yLlZWzx+FuJVS93N4XtAEZiyMyng22kMQBw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22EE.pem
new file mode 100644
index 0000000000..1cb3880747
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 79 FA B2 5A 2B 67 0B FA 4F F3 76 2A BF 0E F3 F3 06 C0 C2 8D 
+    friendlyName: Invalid RFC822 nameConstraints Test22 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid RFC822 nameConstraints EE Certificate Test22
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA1
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBtMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE9MDsGA1UEAxM0SW52YWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVF
+IENlcnRpZmljYXRlIFRlc3QyMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBANL6mw8zfZFK7YonjGlE008qAPEdOsOk+EExeugqWGTUCv/Dq74SUVM5jDWf
+CsQtfPc/miyUEvcl5ep3fISwLriz3lSSQW3Qn5RzYJdpA5U4ahg4FKqMjNTqt9/2
+VAEsRiP3tdsyYREY1G0QT9ROpN95Cr6siEm2qVa2r4iPApydbxxYr2yR4uIk5HsY
+IZ5gnJvnrP68ibAoKrhVr0V5Y9bhsYEreS4LpBpHGwidcrN49vg3WhuRNFVhCNz7
+qgfAU2vnCJdWsE/4R4rlhmlm7uvorkDX2++YoOMKxS8Q7OreLzMHdDqAFMtjyj9C
+N+FEQZBku2asKYHBehARSa8nCL0CAwEAAaOBljCBkzAfBgNVHSMEGDAWgBTIao6x
+D0uqpYi4p4+R2+ozSujV4jAdBgNVHQ4EFgQUz4Q/P/5DzDB2OPkED44YfyyeisEw
+DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAoBgNVHREE
+ITAfgR1UZXN0MjJFRUB0ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQsF
+AAOCAQEAAU/7LeKzJxvHV8Z871YW+xG1i2nsULXHrweWhaKU3u6L7HYNxvZJSHti
+9vhgqOBc8JyyIvu8GUCyqED7S0/VDalPwCysrbAJDNTfgxx2amlOp9gb2LBgpMVv
+EROwfwFsZhl486M57w8qK/PvRuVFDhm1+QhDm1q7boTU4+az+9DgX+UjBtWPPYGq
+nAMyH/0X9Abmkv7Tm9egKtVxe3ScjV1P0Ti385LaUVqIekrxjItWZIU8lMBgsbXV
+1jA3HKOwHNJGyL8D0TnoF/8Q2GRA4j747hHyz4bkSxnLi/GwTLb4ldEab87vzzOp
+tlNkycHkL4+iAMH1ZBHG5CnoVVmg6g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 79 FA B2 5A 2B 67 0B FA 4F F3 76 2A BF 0E F3 F3 06 C0 C2 8D 
+    friendlyName: Invalid RFC822 nameConstraints Test22 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,55CCC16C61DECF36
+
+Xyu6redjnchvrC3oGfm0cnAJKK4XAWtzVg3aj7+4jh/7Gab9LDBBSzzoY9WFPKzi
+/FNaZotEfW4vgsTVGZk4HqI94RqX5CjAxbcrWivNVdc9whEsIOuEqKb8oYYfU1Q4
+ZA1Sv8UPfFOPKIw/IUyev7brY/BddG8zvbDqQNOYsZG3KhZ5s6n3i/taNhUmOWV8
+Oei/vLkW8SYjlaY2mgOohWmQQ9Pi449Tl0mX0Ng47cWCXqsy5k3AC8oQnyMMnQ4V
+FN+iDJyRePYNxTJRL6/7dAWAvlBRd4aL+4Qvwy/WAozfWWO6g/5/YOasbZph+Dav
+twZIgyV7QV410VRTNNA2ipqzSVl1/aPyq1Q15nS9GOa+HJMEuJUFjEl+q5Xa2lbt
+XeI/N77iJgmSWQvVuVyyr6azwiivDFL/Nq6RE00Vl938PgOnBiWwlik2VSzXuyD7
+ZbKgGpBt/hnF/mt3Vl71QW8FB9llffrYXvoBcAw/9mMeT5pt0lxKSTm619UdlAR7
+r2DB02VfWue58nhZ/UldpjkGVbALaCxlPavS8zi9Vhp3tIMrNX0K+BYY4vZhzgJZ
+HSw1png5MUqZVQQkSg6RuhW+cN9ZJWcmGZpvHKEOjRM6AG8qrsGc657Zg8D2eV+s
+S3w1ZssF2Eca9j2ZVdt+hDJ4yBZHDPgO+clM7oMqb0PP9LJSPHayFkrG2rtYniI3
+zwO/qrv+OuW1AIufZJtE3SQDjgf9sAcDi0iFcMtW7X748BvOKZJSDr7mgET8mPRS
+Zyt0RVKB/rvvajk1j5zgPncY4dQ1t+eNVtr5f4T6fZ2SwqfdDK/u11+PfJAL/owf
++yEHScSQm6EqOxLEdUli/H5QICT9yy5KkDgusc2yo8WDU2mqzdCEqq+0ZtA3hbZH
+33ZCqg+wfpGgMpxzSgOU1oFv4Fh+Pxenlj+GppLpX3STtDA/a/TaSeyHPyl+p2xX
+6k9heoiEPQRvD6PU9WMICMtjcvIOAdXBin4ImnpSOGOy2F6RTy2fbUIXN6qnWUU5
+5JOjoH+gr67lXOG3xDLViw5qLp9U3OyQlixU7ZdC7YlOEN2c4o4qWJGBfzIvN8Hj
+O3B5tBat+IxlozMLeWHmVwj1HsfkuKpw29ET4bh37vKGzU/U5cHNw+BSxlYoZjJ5
+7dtQjE+Nci1JWg927kpK8FnKuY7JxlW62l21S8MDHrCCgNVY6KTcU6YFbEVOWVhS
+WY588wAIR9bkMDq+mqinyHn6rV2jwoJR757vALTQOXG8F1XYpW5/axE203m/S0pq
+qWTLmY+IZP7xn7sApm0y4LTToBn/mb9VJ6xSkUWhwJfxbNtQDmkoBNwHwG2rABaT
+f5Q5hCrjzojFs4IvrALSj8WUJPTnsCUgr5MAXHVPdk0vFPhOaYDEKifFtKyDOOz5
+hM0p6PwdnbPin7UPM5gjXaVFqKzutZvIjUV4jWmMPylDGqXvD/HaPiVGg6a942bx
+T/cMrrCQEjm/LX6rkEpJnJJLWl1PDT7jIn9OXw22+j88QURqjbMHMiHxE8y3yMIP
+xUQNfSTPzbSP24llbuBfVYt2rcpIZ15dZ+b2sY2Wyga50SRu27FvThFzVvwVFfUq
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24.pem
deleted file mode 100644
index 10cf51c207..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMPZ
-S8+5+/2AgG2N8tsByPeKGxCC5bOrNXho0b3fSjvK452P3luNUPIf46KvIBU6UYAP
-4rGMqcUdmgFD+PdXq6TMW8bWNuYRICw6c6ni5uyre5bovptoJCsmBw/IqinDoqbO
-Qyoq0YDltds+lSROlTUCA/7qOBHOdwpcjhVfYJSJAgMBAAGjgaUwgaIwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFBQbKzZmdEuTqzFV
-h6QxqzZjbzXJMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoEUdGVzdGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAsOYxl05xGFDRHUO8Myp9EM/X
-ahfChzUabmgo1Tqpk+TLbxcZw+GfesxOp+jCd7jtTBJKhB0HeX1vaCVUpURbWEAt
-fuE35slQQr/c9dgwCw/JwBNdkFFT2z/73nDEN96rUK3GYs2OO8OJVMqdKb4iBUxH
-M/bZyCy4CB3+hthr4to=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid RFC822 nameConstraints EE Certificate Test24
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
------BEGIN CERTIFICATE-----
-MIICzjCCAjegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0EyMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMT0wOwYD
-VQQDEzRJbnZhbGlkIFJGQzgyMiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNh
-dGUgVGVzdDI0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqPW6bvTBs4Led
-75oTaGYT0mZgPeMvygJtDc882QlIF9vXBnhm4761p+ULe5iKwIWjfjyGva96UcKU
-bFfkfWeMxS+dDwb9v7pBjxCUMp9tTVWIFZDPZJTi/RpNCwPVSN9pE7JxoXKPHZsN
-20WcbrGJtUvvKFhei9eltGndiYkSrQIDAQABo4GhMIGeMB8GA1UdIwQYMBaAFBQb
-KzZmdEuTqzFVh6QxqzZjbzXJMB0GA1UdDgQWBBTyvLyqMRiaUCgziZZt9Dl46omW
-eDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDMGA1Ud
-EQQsMCqBKFRlc3QyNEVFQG1haWxzZXJ2ZXIudGVzdGNlcnRpZmljYXRlcy5nb3Yw
-DQYJKoZIhvcNAQEFBQADgYEArrFpI+Kiy9ZDD8Q9WoEG1XixP5/icUu/fk+PYsad
-2fU9G82dE2gBtN0L/T5FqgYo7uMY8R/ZDptaB6l/exqrPIGsA7xvvOYBzO8sAPyS
-GZul8SmHmKX117/0ZhZ6Ln9vCMK/IablztFZ+LcEDvpldAu8ro/lW2XXgd/KLdY5
-m8g=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:14:1B:2B:36:66:74:4B:93:AB:31:55:87:A4:31:AB:36:63:6F:35:C9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        47:93:cd:d6:9b:31:b0:dd:6a:d8:c4:e2:5e:3a:73:cd:2b:69:
-        5c:47:1a:75:56:6b:56:1c:a4:2f:c2:66:4c:6b:a4:9a:86:53:
-        fb:26:39:3e:61:d2:14:1b:85:1e:9c:f0:1e:ac:c8:c1:73:a5:
-        c3:29:1c:c6:12:21:08:4c:4a:5a:d6:1d:21:4e:eb:7d:16:14:
-        a4:a8:18:07:2e:e9:31:ef:39:ce:f8:6e:2b:d7:09:c1:ad:be:
-        6a:c3:d8:46:24:95:12:ea:cf:2c:c6:84:50:bf:78:31:91:79:
-        35:8c:02:47:d1:11:0d:aa:55:34:22:d6:d4:a2:ac:be:b8:07:
-        60:3c
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0EyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBQUGys2ZnRLk6sxVYekMas2Y281yTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQBHk83WmzGw3WrYxOJeOnPNK2lcRxp1VmtWHKQvwmZMa6SahlP7
-Jjk+YdIUG4UenPAerMjBc6XDKRzGEiEITEpa1h0hTut9FhSkqBgHLukx7znO+G4r
-1wnBrb5qw9hGJJUS6s8sxoRQv3gxkXk1jAJH0RENqlU0ItbUoqy+uAdgPA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24EE.pem
new file mode 100644
index 0000000000..d17a9a393a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 33 67 FA 2A 63 B5 47 5E B4 8E 48 32 E1 20 9A E0 3E 2A A3 E5 
+    friendlyName: Invalid RFC822 nameConstraints Test24 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid RFC822 nameConstraints EE Certificate Test24
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA2
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTIwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBtMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE9MDsGA1UEAxM0SW52YWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVF
+IENlcnRpZmljYXRlIFRlc3QyNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAO3QrhcrFnARNcuvNoKoiR9dNECwpiyjNYIMkr/sbcZQnnDHLTX+KgQf09Mm
+5DI6sXWmBwFlZCJYDP03ntCXO5thnb9X2fU5eYlsKivE/gPsasDXYjBCkhiztSzG
+n8P504ZOy/lfnn4AryvauvAnN/2PjPCoysWp5hUmSotCCbpu7i6MyLdjVx1slPbg
+W+nIthsZGIbo/6n4eXq70D+PA0fpnS47DLaT2wgmveiXE+493ilAE8LcQqhcHJo6
+Pw08KQtPo23Fpf3o3Kh5QWOPm8lw4AAE2A7btkYJr8LsN8hYF3EApmEjFelHI4wW
+3OpRe0FKh6l00rZzmWyrwom8nrMCAwEAAaOBoTCBnjAfBgNVHSMEGDAWgBRRgM36
+SXJIPO0OTgvOzh9AZRJwoDAdBgNVHQ4EFgQUjKQ6o0y35k1d94MC6HLB+wAbONAw
+DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAzBgNVHREE
+LDAqgShUZXN0MjRFRUBtYWlsc2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0G
+CSqGSIb3DQEBCwUAA4IBAQAw+N6NgtahpWR9GAlOpTU6BDQ1jAUlL04btBcufBrr
+6QCBibzNfigkYBS014FyJ86qCj7JoRLjzyYP7C6PE3tKBXklxB1hwoqE6CdLL200
+amMPsWfORjIBp5vSC1m99pPUOVyxFJSFV4oRZQ752AoXEWXJj7qYlqL+3hdNdxjH
+xw1UQQITlsEYmPJSmhh/HrBXNB6+5rRxyu0uYo3y3f1B8khq10wSrQV5pXj1Jowk
+oZjjqd/pMUWWJU7UoJom9FdwKUZ9hhfEwL8pT75yVgZLvqoqGsqR/o3ni1NJ5LK0
+GST2v+jrlvs4riCqbFPRMk70Ix6UOoO3Psv2urfsxTx0
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 33 67 FA 2A 63 B5 47 5E B4 8E 48 32 E1 20 9A E0 3E 2A A3 E5 
+    friendlyName: Invalid RFC822 nameConstraints Test24 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BC2846C0A372C848
+
+AOoji699wLDwE10c4MhSQDvO4d3D6IQwEESJ8cMXQwkQYJqgmLUf1xYbhpH0/+uu
+5CPbz5QcdyXuu50LnkTNXIkVfVC2Vx0w8Q9HuCZRQFjR+XQgRzzWC3LJkpTd5dy9
+OsMR9ZN2+TRvue8kFTt2zbV+JaHAWKOPQqx4+mEf9eI73jqIHhznjaNF+OaIfBB4
+t4BFo9yLDzabgD5WR15sQt/S1zzdm0jOZurcpB6gjlZMjjaMglynxeBR+JJIsf5L
+pGkC+AMP89ghoaNDMX3deD3x2pdZFGOQN9jVJzW7ambDl0ASQWqz9OROPwWxIU7K
+E5fmI2ZDizsKGo1+YE/3qeJwsNNEx2xMJDqjA3IeF4WcvEUmAcsEAPQ7awqH8Pwy
+u/cSLJqmwzN6F81VNX4u30VwR42pHqyKrGbHLHIDZxmbKvNx42zu9XzSTORIW6qj
+qouAQc3vz5NYs00S34llMvzNp+ncxEAmhEiF6YNjTBPnbYnBtXcGq/iDyU794j00
+T89FxT/4FT/gwbRugkEMYGZ6XqcGqoYRfYQANEZoUrVrzBEer+lrqMlz/IYvmktp
+3hbyZJAHpruaM3IdhDiEMWLABXqTZCu/nLal61nkhIFOWrmI+gAQ1rHFCRpwWgus
+mMLYAFyS3bve+M/vwSjmk3ZnjQ3J3TxhMSPGFPfdRSMo2hOY5ecw+f95am5zE4SB
+qhPekhGVtTiwfl2fafjHe08T8MNvM9rYMhgJqelqWmWSg3GSFEQ4svBBSAUOFnG7
+s2AzXvZesEiAhm/ocwmmWydgTUV2JGXC+WKC4O2LYNC/vJ8h47F9aoihYicwp/nE
+8QUlpcht+lOOKcVA5NeKbLDdKCbYiAqA85qW25Gzu7l3bAGboTo0IzyL1pe+GVrs
+sQgJLXXXn/xnh1A8KCEqr5KP8ZLEJk2rya0NQI+LFfUyomjGrrd7FZ1QXomBGTUJ
+mDqYqR4hwWHEPSPJ+jsV0TxdnlWgReeW5Ge1Ma2kj5UQz7GNZoCHRbFrMc81rMU7
+N30kI2UMo9yw/lN9G51GAVuq8tyZ6eEWG4xfCiBas0ilfyHlbkScmjbLQ6kh4YKg
+I3mAnJwqcBeF6AFIJB8T+ctp5IromVxW3qlZ/J1KlXUuszOqobGLoMzTIYMPwf/C
+SRZ9vwShbIqI1jr+nIsjaedUCmXGCFNDT4tqKryVZ6JBBYfDbFvYU66Q6lji3JIO
+ziDg250XZJYkpId7OcZlU1Cubh/onqSV534Ll9CJeLsBiXvarbn7bPtc5qE/h4by
+lZS/7YW1bmpxxerRFFuLBz+GhRVFUQ/NdQsvwinTQUbF5YF2YOHoq4rtwnuk079W
+f6yLLIJfycmtgIevnA8vhLk2zfwF+3eBXfHjT2c9bOOLItG+emBpiehmhiEzOHSP
+jFv7UaVlKUU4Pq8oer4rBvvvlIGK+DuI8HWhg93i1nEKvGWkaPVSmeLbbICGIdgH
+U6qIKB+fQJ8t+zQheYuOh9P5wn1Bs8OKcUFsYozfAkW/8bUJC85filjE0ClTTIUM
+m8AY8YcVBxNMQTF6KjxmL2FZOuNRzFMRoV+vll1XPUycub1HGn7xbE1tUpoo0Het
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26.pem
deleted file mode 100644
index 05b770b3f2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMii
-1odFMCSlNLo+1reNBLAhQ3rkRllmPUUfznMkHE+tVOXNCuGNSPuCJPQNO5495PH/
-vsBZUVltMrhOpo00ibzoFrcLwaxj5Gmb8rNV/aPwDiRX8frLslhpw+QEjxMZKP8O
-bdOlItBR3dFauvxrwLz1DUUlG7aX/QoEtws/fE59AgMBAAGjgaUwgaIwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFOq3bporCYA2Z2m1
-jdo1pYY9KXgcMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoRgwFoEUdGVzdGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAcyB2R0h4mQZ671JhQ0r6cmPF
-iaEHtdJL+REJT8yGWiERgT/2wh65vHtCierHK8+0aJ8Wy/nJzUAWcKeGESTPVTey
-IxQg08VdFJIohXm1lvJ3hfzgHIcFPk2tXZvYSk3qYllYHt8tGCoyh4p3q4vpyTou
-HcOOTD0ogzE9KbjD3Dk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid RFC822 nameConstraints EE Certificate Test26
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0EzMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMT0wOwYD
-VQQDEzRJbnZhbGlkIFJGQzgyMiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNh
-dGUgVGVzdDI2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7jNtdzJgwipTJ
-BBs5x+7Zode/Av/i5gvFc0vC7CQSf8VCYp5gKT5H1lXopLZt6hYd0cr+IuDRVMCU
-ipwl1nRUgnh+5XOWwN83Eu4AVd8B/aAWOngoac5Th0S+Dm4jCE0MNgOEySMKDZEQ
-niPNQo8/t6RyIkKxWqVbIyazMwecSwIDAQABo4GWMIGTMB8GA1UdIwQYMBaAFOq3
-bporCYA2Z2m1jdo1pYY9KXgcMB0GA1UdDgQWBBSUvOjq7LDrQWg4ycgFgZma5kZn
-KjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCgGA1Ud
-EQQhMB+BHVRlc3QyNkVFQHRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEB
-BQUAA4GBAMNNCicEAT2nht/rinoSsxFccd2XKYncNITOUA/eKz2SqXcRPCimQjHn
-CEfGgdPU+/Sw47+dBQ2aFNUmGyJazLIdnx18TczXpVmTIcgyUQGWOkG+RdAeSn15
-kIsvSAdiDQuzrptYG9TvTicyLKcl+FuOCLN+uBJ5FutlSWvMNIpa
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:EA:B7:6E:9A:2B:09:80:36:67:69:B5:8D:DA:35:A5:86:3D:29:78:1C
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:6d:0a:0a:c4:67:91:af:de:5d:89:9f:fc:df:e2:7a:7a:52:
-        3e:4d:ec:50:b9:46:83:3a:7d:2d:9b:5d:84:8b:6d:ba:bf:4b:
-        41:74:e3:3b:c1:90:73:a2:83:02:4f:e4:04:b8:b9:7a:70:7b:
-        0c:bc:59:f7:db:83:93:00:87:98:53:43:a2:71:d5:2f:d0:fe:
-        2f:c2:46:55:d5:64:54:01:90:72:4f:a2:37:dd:88:b8:3b:63:
-        24:df:d3:ed:7e:6d:da:2f:57:9b:cc:d7:96:67:48:7e:a5:b0:
-        6d:cb:c9:5e:e9:78:58:c6:be:f0:cc:b1:16:e3:4a:57:45:86:
-        90:12
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0EzFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTqt26aKwmANmdptY3aNaWGPSl4HDAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQCMbQoKxGeRr95diZ/83+J6elI+TexQuUaDOn0tm12Ei226v0tB
-dOM7wZBzooMCT+QEuLl6cHsMvFn324OTAIeYU0OicdUv0P4vwkZV1WRUAZByT6I3
-3Yi4O2Mk39Ptfm3aL1ebzNeWZ0h+pbBty8le6XhYxr7wzLEW40pXRYaQEg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26EE.pem
new file mode 100644
index 0000000000..6922557d6d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 96 5F 97 3D 72 E1 88 14 07 36 12 E7 DA 47 93 EE 6A D1 1D 01 
+    friendlyName: Invalid RFC822 nameConstraints Test26 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid RFC822 nameConstraints EE Certificate Test26
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA3
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTMwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBtMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE9MDsGA1UEAxM0SW52YWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVF
+IENlcnRpZmljYXRlIFRlc3QyNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAOPaHJrQm/Kqqf/4/xBLsdQP9fekUUNe2JiuIA3XdwLgabu6paTFdV5jVcR/
+imqnAWJ8Wx2IBlfy6li6la4rhHrc0aU1T2mmiqXcbFyxnslvKsPTOevBh++PfbLx
+zP+NkPl8tA6W33/oLnCQsDBYmqdZiLrjL5hZStWAq0YugLKE2HSjRorXTRT6Ged9
+xwawSrbCsG2RRP5+jJtvtu/AhCjx+75mVBsBinhlDN10/7TNmwA1hYNQ1BBiszxZ
+PuWkI72jCjsJtI4uG5Ds9B4FzWMLjCRMS/eCO4/wX3WbeQHzHsTbPg+qsgo4kElv
+XvInxXNc7ZJH8UC1WfKbryDd4L0CAwEAAaOBljCBkzAfBgNVHSMEGDAWgBSaujlN
+2iF1r+pBwzxsUdioRal/ozAdBgNVHQ4EFgQUImSefsikOFzboCbTld2bd2ooI/cw
+DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAoBgNVHREE
+ITAfgR1UZXN0MjZFRUB0ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQsF
+AAOCAQEAXr9hF23UlbewDYWKUwzUTOrAUaEQ3SiN8f+D9c0bX0S61RUZWDcsiqVb
+pThRuIamdDPEPoyxOSJOGNHKJc/mIixymmnjDRwSCho+FvbI75T710aOecpmrQ8k
+IymBEXfebP9GXc1jQxi0tDKYpv4avAz1zMnKs4JLxiUYftwiQd99JizQKnG9bqsS
+M2Ogn1QWsZRzW/YZD8i4k69WQIV/a4M45b510y/qHU6T5U61JO/EXiEJPxsjOwta
+W613Q0ow022r4b7pTyU8gKyDgi0sgF6k2GL+cD9Q0+rcFwT8w0OQlynq5yM9n1Dp
+gHWSV1lpJjz1R59LX1j77NESaDhDyw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 96 5F 97 3D 72 E1 88 14 07 36 12 E7 DA 47 93 EE 6A D1 1D 01 
+    friendlyName: Invalid RFC822 nameConstraints Test26 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4C6FCE24D6C96FB8
+
+wMA3pyp1K7bxUCEYDMA6/xklluUcN7LlYpYddtOz0PvbskbEANGyd3jWAdQDGDJv
+LZvSGYXEVYgXKO1kZJC27wGisYnnN1XpgiBrg3I84Uh34FB2iVioAK7Ngs4gaW7Z
+uPysTJSmurhCmp2HQ5p0hIHxtUsC1jVV8Un3lsnVlNVB2uWYXilqqb+9cJXL498o
+SdMn4R/F7/m5MipDlk12dBJQywbSlEj0tVR3MPxadpZRgMT6URFQEHbdqtLYE25m
+9DzFMuSQNQIDi5CPV9s2RLsHXUgGMhWDAMsNem7SXDkZ/0F95BIBtRLXtrVxp8Jf
+8lZV7+ndJlI+6Nx9dup366O6ogb4wQUZ0B9JNLJLy2n58CV3UQq4nz04fCZGg/M8
+vwFRxF9SAwsKstrm7+5CIK5hSriApS7W2QnKA0SyRcl4OkCBKCEya5OsIHuW+H4H
+LGo2NMbo6HKxIRuT2mvSH3EhIRQ/EJHsd9vsUQOB1ax6ZUT9GmUsdllntbnwJo3r
+bzhQ65PI/xe3lc7GU3NQylQjDND/RtS3ZahxRFFlPxD+vn4geVpdQDfjCSq9hoJy
+Kxjzzzt8aZKfKFAZoL/cuvN2c4KzRCjSIfPGhgeUg2g/rCYrFc3RrqaA8u4H5B4O
+hhGEca8g6oxwKNFICFOo4Oq/BE9u/HDXx/Fr30sPD5WbsqvwP3oa458Yjg5Sp2+2
+xvufYBFd09mVqSDn1VCaBEM7xUhs8ncRD2v4aklYS0ByBQSadL7xKvwsnPwD/d8i
+6nlPQvcDz2Lk9d+pmrJWBxMvfYxvl7H3z+GUJV3acVXamTr6Ju0xBZRHctrEDRId
+MDWXdy8ILy9mSD8RwAA+VV+YGUJ4XBTONGP2lb4tLcYIphXhTbm9jlI2Ey1IR334
+y4+LsYku5l8zUz6fqDVnZUbYfMxQ2gnlKUsD6SM26eRYdcG6QSheh8VoPQz6aM8s
+5Z1FLVCHr9HKKeAar8DtOwp1lfRRgCk0iG4bTzh4OwFGdR64rUZe6BnmH9F6C6PE
+jjm6G686fCIbuw22gM8DAE48XoA00rL3F2JjfiC1n8C1JqYFAVosU+LVAS10mbcf
+eWNCj81sknWtP25KZAKx8VJT6p1pYPGIYSYCQIMdxkSggXGvCMuRUmZ9RrBd+Ag4
+IpVOB8So5wWnwu7xX7/gcJMNepE9b/Iwr4bO+hbe2eycFrSSWZwfOD0IUCwMbVkR
+v/0D1QVOajeAA2Ns7WJ27ir579jR2CznW5Dpea2CbCw35CxlIwAxw+LJJqWZMX/F
+gj5DA0lFbch6XNgApfxoqOQeKRekjgghSLN6AnnIqYW/47FKdXWWYpmiY3rKfPOR
+vpG9liCJnNswSxV8TeV5zg9fFaR6Yn9Zu3AO8xbw9ZDG4tzUF+PDpnirhqFaqEaq
+2hXly5xFm7lhZ70l6v/POq6YEy6HIYFd7zI5yapB3Xk82fdP+ZbgktglT2Q94EgL
+SHW14KgNwT7XwgIJoYNVMVGK0QacrAB6wkyWk+hu7bfEr1asHRXGsVEwYJBBtcmK
+hjwDVnruEiH/GGhwnN1Xel4yL/ZBWCs0K+EomCXrlScm2Dq6KqDCWDArIKxiVLKZ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest3.pem
deleted file mode 100644
index 1b70f7cd0f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest3.pem
+++ /dev/null
@@ -1,262 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid requireExplicitPolicy EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubsubCA
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBs
-aWNpdFBvbGljeTQgc3Vic3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBmMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxOzA5BgNVBAMTMkludmFsaWQgcmVxdWlyZUV4cGxpY2l0UG9saWN5IEVFIENl
-cnRpZmljYXRlIFRlc3QzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFGGwB
-xudAxGlVkjikIYygmyMRqHU1E/QoVNlt9Ebezg0wLbnUUkCIPw2HMIMfbDIHeaJN
-eOaIwT3f4QVMET9H4tp5gWQOKRBl8Lj3Qted/du3ZnX85zwGimmHpE5HPLUus1xJ
-FEDvx8tiCGFe/MThjl7mwPANLHMWEQN0JqJhNwIDAQABo1IwUDAfBgNVHSMEGDAW
-gBT3hCvdsfuVH7p6WmLgczEWsirIeTAdBgNVHQ4EFgQUT4ePIvuBwyFLywgAVQDh
-kO/dvOwwDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4GBAJkkSBpAtETJ
-/dkW/B+frVBgw9yRjQ5r03xtGarbShYju5enZfbWEg2t8HkbDzyw3b0Upp8GcSyX
-zrbFBiGyo2hxjN8U6j5w+MCd9NJtGEW1C2O8m3S2uP44Zi0rTALMCI1thhoiDezC
-+To+oSu15R1fOkNPNHwlpaFpryy8ZJM2
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTQgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV
-BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTQgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAKa5BuVP6ndJvlLbsZTTbB4nvZWYbY2Ihc7C5sly521U1EBj
-aLheGs9ObXh32aFJ3kZQuAj8VpBEakL9zChjwFkBU7dEWO9OQFf8NV+RD01i6c7g
-NquatLdDUmTvS16/E23aZBNa9jDAQ4nQffOf/cx06GbvOBF80dnNnM8TXve5AgMB
-AAGjfDB6MB8GA1UdIwQYMBaAFCV+kLQN0LLzwRNH8EF577JC5jX7MB0GA1UdDgQW
-BBQjYThxLAlhvqK819WJ1thQPr3rxTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-gYEAzVx4zKfg2OZPg4KGdTVJSzYGD69T0AfuFdTI101IvDNbKuc2SEmpmul33Px4
-z5gMKCZsIpsVXzf4rm6kuxl89PofVdztUuHIivKy5gr4iBt07YDmUNZZfl86CPoF
-7aARp2XRQ0rJCbF1RU0YVWZRyn//oFYyY49Bq1aDelri0WM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5NCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5LYa
-vXx/4T4pOwg2eV0ZZmBRTcjTivfmUhGf4t3BjAXalsDsWFkwmVCVg0jnQW4iuT3s
-a3lq9JO4ZUMcejACcPBO0AyXyrTo6DjXDy7Snf89AIpyDx/ct/WqvnO07ceHwTDO
-CZY11pYLMerONqANweAyCKsio69S35piBx1QqmcCAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUJX6QtA3QsvPBE0fw
-QXnvskLmNfswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQQwDQYJKoZIhvcNAQEF
-BQADgYEAPUNGMb0+cubTj0DAP3jW3mlPGZeGtc6jDLe/Fdrf30Au88GX5G2FJTql
-/I7wFlUgHTGQyHF3Zad9Qfzf6+dO0j9RhlEqgCk5+FqFsboPQ9E8rtCrABUUuovD
-RgkPDAKZsSLR7uQBUDgk0A3OqN1UpiMKKxFz1O1ya8u1DgGWxJU=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subCA
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTQgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBvbGljeTQgc3Vic3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBANF3obVmdl9+Tj44uOFKTDkrdPu/AlUyitHu0YQC
-vsUY7GjYy3dKjm70g7hQfnCtA3XIwm3H1a36Wo41R0Dvj8QJ/8qPhQNejONRzBzB
-jnXx2Lr+bfh3zxebwgUmDyzCkPXj8tjFerVTpxc8aAgfWcSLD6xK9h5OtKy17aME
-zZ9zAgMBAAGjfDB6MB8GA1UdIwQYMBaAFCNhOHEsCWG+orzX1YnW2FA+vevFMB0G
-A1UdDgQWBBS+bKwACUxTlLgb5MIRkSOlqwdjCDAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
-AQEFBQADgYEAF1/+ajWFOu2Im9slgmi4YnPnqk5oWYqOrOh3yAR44wEchHfHD74/
-ed+jlGZewF+V4QotdYoG8dnld7lbYZzkdtTxcOUr4k/aUgml3yTeb5O8rBXNXytN
-JqEKXEp/ggaG4rKzUyA8zwYm9fIjG1jL0KU/1L9JSMzmwJAmR6aIq0Q=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubCA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBs
-aWNpdFBvbGljeTQgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-KzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBvbGljeTQgc3Vic3Vic3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALjYqyTd452AWgD9QeSfn+Exc56nVJkK
-dx0FEleM5YEqeEUl33GTd7FRwtkYdznsQzeFYOWbWluYE5Gl3DapcqpMlu2PQmo6
-dZMbzh1Bi2yahE1wWmY15NSjOz3TFAJBZRZk0PgxvohpdPP8LLCwA9zQUlTnpG7D
-LBESzn390XCLAgMBAAGjfDB6MB8GA1UdIwQYMBaAFL5srAAJTFOUuBvkwhGRI6Wr
-B2MIMB0GA1UdDgQWBBT3hCvdsfuVH7p6WmLgczEWsirIeTAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADgYEAJzvxMRdZl5IWypM7YNiMcWqk7GpMuRvozUyoRQq8cA+z
-fdskZk75lh97jsW2RFnP/fyA30/5NAfVuD2R8+TqJaF28jgHOnU/6qTcM5sxnRJ0
-h+icRKt6II8LNfWUQ1zv+pBxfuy/yOrYpw7/7ba2Zeson/cLpa0dhLFNCGEkfbs=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy4 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:25:7E:90:B4:0D:D0:B2:F3:C1:13:47:F0:41:79:EF:B2:42:E6:35:FB
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        98:e7:69:c4:4c:c3:6b:08:80:30:4c:81:3c:d8:b3:06:88:91:
-        e8:a3:c5:d3:c0:35:51:35:f0:16:8e:38:0f:b3:e6:26:20:d1:
-        45:39:1a:a9:08:be:f0:5f:e1:00:8c:a6:91:54:ff:ec:32:bd:
-        e2:17:92:a3:41:f3:c0:fc:e0:84:86:54:18:ff:b5:89:9d:15:
-        e9:a9:92:a8:96:a7:4e:97:02:2e:d5:e5:e5:f7:70:5a:1e:5d:
-        d2:6f:40:34:f5:c6:63:65:5b:85:c9:b7:6a:4b:60:5a:76:35:
-        12:01:1c:80:59:9a:d3:1a:a7:27:7d:f4:f8:00:ea:b7:f1:3a:
-        62:e6
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTQgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFCV+kLQN0LLzwRNH8EF577JC5jX7MAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJjnacRMw2sIgDBMgTzYswaIkeijxdPANVE18BaOOA+z5iYg0UU5
-GqkIvvBf4QCMppFU/+wyveIXkqNB88D84ISGVBj/tYmdFempkqiWp06XAi7V5eX3
-cFoeXdJvQDT1xmNlW4XJt2pLYFp2NRIBHIBZmtMapyd99PgA6rfxOmLm
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy4 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:23:61:38:71:2C:09:61:BE:A2:BC:D7:D5:89:D6:D8:50:3E:BD:EB:C5
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a3:9c:67:02:44:57:a0:9d:d2:78:46:fb:e7:76:bb:66:cc:60:
-        1c:2c:7a:7e:d6:ec:a4:c2:4d:2c:51:8a:97:1a:e2:c2:7a:0e:
-        e7:7b:4d:79:49:c2:6c:a2:b7:a5:e1:74:64:9a:03:f5:7a:5d:
-        cc:18:2e:25:dd:a2:fd:84:03:ae:d8:cf:1d:17:ea:fa:59:77:
-        9e:22:3b:7e:97:f5:74:12:34:71:c1:10:6a:4b:03:6e:92:d0:
-        a9:6d:cd:ca:5f:69:7f:c8:b0:b5:97:78:5f:14:b1:34:d3:30:
-        09:36:f3:03:2e:dd:01:52:33:61:2c:8d:cf:74:01:71:47:9e:
-        f4:66
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTQgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFCNhOHEsCWG+orzX1YnW2FA+vevFMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAKOcZwJEV6Cd0nhG++d2u2bMYBwsen7W7KTCTSxRipca4sJ6
-Dud7TXlJwmyit6XhdGSaA/V6XcwYLiXdov2EA67Yzx0X6vpZd54iO36X9XQSNHHB
-EGpLA26S0KltzcpfaX/IsLWXeF8UsTTTMAk28wMu3QFSM2Esjc90AXFHnvRm
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:BE:6C:AC:00:09:4C:53:94:B8:1B:E4:C2:11:91:23:A5:AB:07:63:08
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        84:fa:09:1f:fe:84:d0:14:26:86:5c:37:6b:2c:31:aa:04:7a:
-        22:84:ec:b0:df:99:15:99:f0:b7:e9:d6:fc:70:9a:8f:4f:50:
-        d5:24:28:0b:12:79:90:85:69:a3:56:ca:0e:16:79:5e:77:d3:
-        7a:62:9f:14:58:8a:d5:7d:de:e2:6f:a4:0f:d1:2e:27:ec:25:
-        82:a2:91:67:0b:44:39:cc:b2:e5:21:49:ac:25:2c:91:df:33:
-        95:1d:08:6e:ab:8d:8b:fc:2a:59:7b:8d:5d:c2:68:90:c2:a7:
-        06:00:26:e0:cd:40:6e:f3:37:1f:37:61:f6:6a:50:a1:dd:92:
-        53:fe
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBv
-bGljeTQgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFL5srAAJTFOUuBvkwhGRI6WrB2MIMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAIT6CR/+hNAUJoZcN2ssMaoEeiKE7LDfmRWZ8Lfp1vxw
-mo9PUNUkKAsSeZCFaaNWyg4WeV5303pinxRYitV93uJvpA/RLifsJYKikWcLRDnM
-suUhSawlLJHfM5UdCG6rjYv8Kll7jV3CaJDCpwYAJuDNQG7zNx83YfZqUKHdklP+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F7:84:2B:DD:B1:FB:95:1F:BA:7A:5A:62:E0:73:31:16:B2:2A:C8:79
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        05:e0:f0:e8:75:5d:d6:4f:dc:29:ea:db:22:b6:bb:72:13:f1:
-        ff:b5:e0:03:31:9c:64:d9:3b:2b:4d:78:f7:5e:ab:0b:e5:82:
-        13:7e:61:18:95:79:42:bb:9d:56:78:dd:9a:01:92:5e:0b:e8:
-        fa:78:b3:b3:e2:4a:9e:d7:d1:30:60:03:7d:31:e4:04:13:61:
-        a0:de:ac:e9:0e:a0:97:16:aa:03:81:40:56:de:36:a8:e2:13:
-        45:f6:08:72:c2:4e:d3:2d:55:25:9e:0c:dd:da:40:82:d8:75:
-        01:44:75:35:92:92:fc:79:bb:d8:b1:54:83:7f:ff:13:da:df:
-        11:ea
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBv
-bGljeTQgc3Vic3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFPeEK92x+5UfunpaYuBzMRayKsh5MAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAAXg8Oh1XdZP3Cnq2yK2u3IT8f+14AMxnGTZOytN
-ePdeqwvlghN+YRiVeUK7nVZ43ZoBkl4L6Pp4s7PiSp7X0TBgA30x5AQTYaDerOkO
-oJcWqgOBQFbeNqjiE0X2CHLCTtMtVSWeDN3aQILYdQFEdTWSkvx5u9ixVIN//xPa
-3xHq
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest5.pem
deleted file mode 100644
index 8eccc6c3b0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest5.pem
+++ /dev/null
@@ -1,266 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid requireExplicitPolicy EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubsubCARE2RE4
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMTAvBgNVBAMTKHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTcgc3Vic3Vic3ViQ0FSRTJSRTQwHhcNMDEwNDE5MTQ1NzIwWhcN
-MTEwNDE5MTQ1NzIwWjBmMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0
-aWZpY2F0ZXMxOzA5BgNVBAMTMkludmFsaWQgcmVxdWlyZUV4cGxpY2l0UG9saWN5
-IEVFIENlcnRpZmljYXRlIFRlc3Q1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQCg0lngplHQSomxVxizv8r33zMQpbWDB+H13FvEhgFq5KE02tWBVkz7vXAr2hXP
-Y7LVgaGSQIOZqHrbMR+Izv57cGr+79ResVXZ4ulw8qxCgVrA/1Bty6kmyvQiyQZ/
-1z8EARO+Mu2R/XgSx2uCasNmLtgo3Stuop+2coLPfwqW9QIDAQABo1IwUDAfBgNV
-HSMEGDAWgBTnAqvOKOVo6WoEaT4ppTZjcAShmjAdBgNVHQ4EFgQUUj/qKg3WunpK
-bbAcCDrHDB8Awg8wDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4GBAAZO
-rTXTH1bBaJ1hKzh+NWBuI+gHfWUhVlxs3mgw4oCtqqhrbDCBQwA+D5sN/91EPODR
-oEUqrZbyUgTQWas37LqDXhoxm9uvX0Z3521iA5pwllvHgtmrNpPxNE1ylbIT5lLa
-927kjS03tbzpOlbvFj/OTmh4yyPaeL2oJyvDaC3X
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5NyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoN8Q
-UsSTUjVJGaxxoQdGouge30kgdc3+9+sup5NAWj8oyZQiGa/FlrayJlgnNXIO5xbA
-Foe3dhwCEAfsrDIofXlPacb6W9dTxdlh3GwG4GJY9gvfuVfkEb4EaYVyU8J+tmPq
-WDI/P7B03nMhQNNChUFIcuBKaAzDRwqIIGd5I7cCAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnSIV59sBcIhO8mIv
-cMu1wc0QTk0wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQcwDQYJKoZIhvcNAQEF
-BQADgYEAL+ADYS2dJuo7zZ5LoNXv2wNfJcyaTU25ajW4jvi4dN4jwEPgqCfrQ1Vy
-lf1YHDAzKYc6nIZnG031PEqEFTZmuXCcngo+CFmOpT3O8WOb/vHVolb6Cd5MhCZj
-AWkQgkXQ7HW3nIEkPFqNC5ljPrmRkGtu1MjN5jAq70iztFF1hpw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subCARE2
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 CA
------BEGIN CERTIFICATE-----
-MIICpTCCAg6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTcgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBT
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNV
-BAMTH3JlcXVpcmVFeHBsaWNpdFBvbGljeTcgc3ViQ0FSRTIwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAN8u+z8KfD1wxuMq85cY2R9ISBwrx0kSTvHcxkgfd8Hh
-/aOd/f5SUqPS0TsXeUJZ4491ildJLBmeyOsaMXfR1wUCjs1GzCTV2lwmHy1v8TEA
-Y8Zk77Z0xk7JM+Qa6sYNBQDvcqMerys/5ky8Lvqentpzs/rW1L3SBQYg2PfJX3S9
-AgMBAAGjgY4wgYswHwYDVR0jBBgwFoAUnSIV59sBcIhO8mIvcMu1wc0QTk0wHQYD
-VR0OBBYEFOtoCcblL8PzCgZRS7NYc5w5GD9LMA4GA1UdDwEB/wQEAwIBBjAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8E
-BTADgAECMA0GCSqGSIb3DQEBBQUAA4GBACFHfp/nuX3TO1xb40P5+iKE+BZPRduA
-ftJoYKvefkbjxlmMHoUdIUcntVLAyhaJlW797m/y+C+FDfkqtbBUFDjycGuAmFgA
-y59FSYCF8j4X1ghg+neMHyCzvkhN2IokMmzt3IITVLINy17XKITOwuMtJJSaR34A
-e0IQMPlYYnGK
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubsubCARE2RE4
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubCARE2RE4
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTcgc3Vic3ViQ0FSRTJSRTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw
-NDE5MTQ1NzIwWjBcMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp
-Y2F0ZXMxMTAvBgNVBAMTKHJlcXVpcmVFeHBsaWNpdFBvbGljeTcgc3Vic3Vic3Vi
-Q0FSRTJSRTQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALo8WG8R0uWydjHS
-XfEB/PfNI/TnhECaPZoH2W5ht/eblnw1w1zAJGFgDQt3USnxkZvjIa/Eud0VJ3KP
-1WFyD2IA40YtxHQsVTWF608T2eRLc1URZ23e/C7Op7EiXdo+YoJ7KwhiUyhNxxS6
-oIa1OQlAEOurYT7cU1BSxe4X+oY5AgMBAAGjfDB6MB8GA1UdIwQYMBaAFMsSDLuK
-o5HnMkT9UFBgNQkdakUmMB0GA1UdDgQWBBTnAqvOKOVo6WoEaT4ppTZjcAShmjAO
-BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB
-/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAR64KcgRdPGS/TLDzWJlnI2aOww1U
-eFC/9/IQbIeFS6Q6uwO58GzT7DdeGDwBiztdMcGMUx0z0HX9lTVEQu1zWMNnTWuz
-7LJPjucrwXeA/s2vhMTA44l0hgMIJjjiLDOJWm3/gI2DWh0HPOGCo/cRdLeXKiyO
-O9E/0IzZw84Ul+k=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubCARE2RE4
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subCARE2
------BEGIN CERTIFICATE-----
-MIICsTCCAhqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBs
-aWNpdFBvbGljeTcgc3ViQ0FSRTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBZMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-LjAsBgNVBAMTJXJlcXVpcmVFeHBsaWNpdFBvbGljeTcgc3Vic3ViQ0FSRTJSRTQw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALR5w4GO7XWupkCybIrksb86Qn9A
-XltnfkZIGhDabLaMyFOrnfcfJnh1RKKwqJfi8/pF7xDxJL301Qud+jUZc78vFUYT
-lMO6u7jmYYl6zLgoshCc4T95EMH8r/qoGx7U4S1o5B9maWm/Xrov12WP7mjPxeBb
-BmWY4BAPOQBt6gS9AgMBAAGjgY4wgYswHwYDVR0jBBgwFoAU62gJxuUvw/MKBlFL
-s1hznDkYP0swHQYDVR0OBBYEFMsSDLuKo5HnMkT9UFBgNQkdakUmMA4GA1UdDwEB
-/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
-/zAPBgNVHSQBAf8EBTADgAEEMA0GCSqGSIb3DQEBBQUAA4GBACwLeGO55YLNW2d9
-1sZkNe3ulFUkXCfVtxfO7FoO7gvCv9xKjnGOef+hnMFeLj5L4UtOUeekpnipm/51
-pi2QP8O9Vvwt6YtZ57t+ednuOPORQsvh/SaPSo7GT5H6ILwf4E/JaFiAtuwgYJQX
-D9YTw88ufWnBrPQ1yX8ReXseLZPN
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy7 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:22:15:E7:DB:01:70:88:4E:F2:62:2F:70:CB:B5:C1:CD:10:4E:4D
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        95:5b:d2:82:80:08:3a:f4:5f:8a:3a:63:b6:7e:46:e6:49:5f:
-        d1:ea:1e:82:24:cf:15:80:4b:37:bd:f2:e4:b7:28:10:54:eb:
-        60:d8:3b:e5:be:a0:3e:38:70:aa:d0:7b:0e:98:99:55:9a:0c:
-        30:2e:8d:86:ce:65:a1:16:5d:60:55:e9:b4:af:c1:a2:df:cb:
-        63:c7:a3:45:82:85:87:4e:2c:7a:3b:52:e7:3f:37:0b:0b:8a:
-        41:f2:a8:e8:d9:db:2a:a9:e5:e8:50:4a:bc:f5:51:b2:47:fd:
-        8c:73:13:57:cf:97:35:dd:0f:08:a3:c7:cb:ac:2a:cb:53:0d:
-        df:45
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTcgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFJ0iFefbAXCITvJiL3DLtcHNEE5NMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJVb0oKACDr0X4o6Y7Z+RuZJX9HqHoIkzxWASze98uS3KBBU62DY
-O+W+oD44cKrQew6YmVWaDDAujYbOZaEWXWBV6bSvwaLfy2PHo0WChYdOLHo7Uuc/
-NwsLikHyqOjZ2yqp5ehQSrz1UbJH/YxzE1fPlzXdDwijx8usKstTDd9F
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy7 subCARE2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:EB:68:09:C6:E5:2F:C3:F3:0A:06:51:4B:B3:58:73:9C:39:18:3F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        00:dc:24:0a:9b:ba:25:d9:fb:09:b0:e6:d8:9c:61:d1:09:f9:
-        f9:d8:09:86:fb:ea:e4:13:5a:c6:0e:0c:53:c6:e2:38:78:70:
-        1e:6f:39:25:5c:b5:4f:b7:5c:07:7c:1a:7f:b4:8e:0b:7a:b3:
-        6e:85:c9:88:9a:8d:07:d4:f2:8b:8d:e0:49:f0:86:7e:b7:2b:
-        a2:be:c4:8d:e5:36:03:b4:47:3b:c1:8d:eb:8d:34:3e:a1:97:
-        ce:97:10:84:e9:06:79:72:c1:a1:4c:7a:b3:78:99:97:01:1f:
-        90:cd:a4:ed:30:2c:df:36:64:46:ff:c1:0a:9d:61:26:89:c7:
-        40:b2
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBv
-bGljeTcgc3ViQ0FSRTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFOtoCcblL8PzCgZRS7NYc5w5GD9LMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAADcJAqbuiXZ+wmw5ticYdEJ+fnYCYb76uQTWsYODFPG
-4jh4cB5vOSVctU+3XAd8Gn+0jgt6s26FyYiajQfU8ouN4Enwhn63K6K+xI3lNgO0
-RzvBjeuNND6hl86XEITpBnlywaFMerN4mZcBH5DNpO0wLN82ZEb/wQqdYSaJx0Cy
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubCARE2RE4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:CB:12:0C:BB:8A:A3:91:E7:32:44:FD:50:50:60:35:09:1D:6A:45:26
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a6:50:12:5a:4a:b8:b4:85:a7:62:1c:b0:bf:67:05:d6:37:9f:
-        56:37:ff:51:90:9e:8e:f1:7a:27:03:e2:02:8d:2b:64:0f:fc:
-        db:28:76:69:63:2c:36:63:48:43:12:3f:06:7b:29:87:cf:2d:
-        7a:05:9f:8b:03:3f:be:fd:e7:0f:fb:5c:19:fb:c1:35:b1:27:
-        17:dd:00:b4:10:70:f0:92:79:33:0b:05:89:8b:07:c1:96:2e:
-        72:03:00:ce:db:e7:a0:f6:05:69:15:e4:c7:7f:4a:ba:e7:ff:
-        9a:f0:6f:98:f9:e9:aa:df:d4:c4:7b:14:d6:1e:8d:a7:83:48:
-        33:a8
------BEGIN X509 CRL-----
-MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTcgc3Vic3ViQ0FSRTJSRTQXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqgLzAtMB8GA1UdIwQYMBaAFMsSDLuKo5HnMkT9UFBgNQkdakUmMAoGA1UdFAQD
-AgEBMA0GCSqGSIb3DQEBBQUAA4GBAKZQElpKuLSFp2IcsL9nBdY3n1Y3/1GQno7x
-eicD4gKNK2QP/NsodmljLDZjSEMSPwZ7KYfPLXoFn4sDP7795w/7XBn7wTWxJxfd
-ALQQcPCSeTMLBYmLB8GWLnIDAM7b56D2BWkV5Md/Srrn/5rwb5j56arf1MR7FNYe
-jaeDSDOo
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubsubCARE2RE4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E7:02:AB:CE:28:E5:68:E9:6A:04:69:3E:29:A5:36:63:70:04:A1:9A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        01:2e:d1:19:d1:46:60:25:13:6f:1e:9c:04:5b:c9:4f:6e:e2:
-        fe:f6:3a:8c:eb:4d:50:cd:03:36:d9:aa:cf:ce:14:30:7e:8a:
-        0c:24:6d:67:63:c8:87:69:a4:1b:cd:86:aa:d2:3b:40:38:c9:
-        f9:ff:19:47:8d:23:f1:3e:dc:f8:9f:d1:af:30:a5:47:59:cf:
-        8a:c2:0e:8f:2a:8c:9c:d9:78:63:5d:8c:cf:18:1c:79:fa:13:
-        0e:3e:f0:8e:0f:97:dc:67:28:af:5f:19:6d:01:87:e5:e0:26:
-        8d:03:8b:91:f5:69:f6:09:30:f8:5e:d0:79:e2:86:51:36:32:
-        1f:48
------BEGIN X509 CRL-----
-MIIBVTCBvwIBATANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMTAvBgNVBAMTKHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTcgc3Vic3Vic3ViQ0FSRTJSRTQXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0
-NTcyMFqgLzAtMB8GA1UdIwQYMBaAFOcCq84o5WjpagRpPimlNmNwBKGaMAoGA1Ud
-FAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAAEu0RnRRmAlE28enARbyU9u4v72Oozr
-TVDNAzbZqs/OFDB+igwkbWdjyIdppBvNhqrSO0A4yfn/GUeNI/E+3Pif0a8wpUdZ
-z4rCDo8qjJzZeGNdjM8YHHn6Ew4+8I4Pl9xnKK9fGW0Bh+XgJo0Di5H1afYJMPhe
-0HnihlE2Mh9I
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2.pem
deleted file mode 100644
index da9273524d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2.pem
+++ /dev/null
@@ -1,170 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Revoked subCA
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICbjCCAdegAwIBAgIBDjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBBMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDVJldm9rZWQgc3ViQ0Ew
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOOm11GxhTUrNTzIsGL2HeKkXDSY
-fuue6iKn5fTFuhHFBY9sABHgqkRwS7lT9J5OL+Li0oTfq3En9SzqPZ1pTG7nI0tc
-qo/XLks9e9E5GrdjiSPJSvcdETspZ4MKgNIeEQXyX/KqhvOlFuIkvQ6CkB26h0Ys
-ds/2NM1G2HIcqoGdAgMBAAGjfDB6MB8GA1UdIwQYMBaAFLcupoLLwsi8qHsnRNc1
-M9+aFZTHMB0GA1UdDgQWBBR49b1LlhuzLeZAUDLruLRHVAvySDAOBgNVHQ8BAf8E
-BAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8w
-DQYJKoZIhvcNAQEFBQADgYEAUGhyEOC1558EMH9u+aVPXS5vZ39mJh2Y719gMZiT
-OXDZsqIbxJ5npOYdL40yZD5vhio5mvpKFm0DtAmAQsp6SF5nTdj9Rn70rqQI0rdN
-9m7nF1ZRRL6YBRkSymloliboDsspsoZUSitT7yMtxcIocV9V0QxcGFSFw1i6W3/H
-OYw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Revoked CA Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=Revoked subCA
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDVJldm9rZWQgc3Vi
-Q0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBYMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEludmFsaWQg
-UmV2b2tlZCBDQSBDZXJ0aWZpY2F0ZSBUZXN0MjCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEA2aktQuUqYvrSvuQR0Y5vu/X29VQgITZB3a39NV5uIZXvWgUWyD1Q
-SGYbtu0YzKSDMzLAeuSgs9c6u4r1wTxno9XgzSJvcaupysi94Eeqqt3OCaJmLg5Z
-sV12741X6CqpUSZ6Tap8rsFqYspyzMExUZqJ0d1zszbDQ9uqfCan5ocCAwEAAaNr
-MGkwHwYDVR0jBBgwFoAUePW9S5Ybsy3mQFAy67i0R1QL8kgwHQYDVR0OBBYEFD7V
-xiNcO7bHOzxBFfhSNMhrEZnyMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEA3uoPgaDGPEy7AddpjA6a7Dm4
-3Mm2CcAZuFUSURGmmoYfaTQldWpf6ySCHr9t7vOm+7Gv607TPdqF1Gw0BU6DpC7h
-Et/uaN0/vE/XHxyYEi3Gfzx//aNgr9ZcDnhr6iGmVAAxjfSmVoq1SYvWo2cskAq1
-UO8Ub1+lilBTCeJDLTo=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Revoked subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:78:F5:BD:4B:96:1B:B3:2D:E6:40:50:32:EB:B8:B4:47:54:0B:F2:48
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        38:13:8b:21:ea:c4:2e:36:3b:d1:23:d0:aa:e8:87:13:62:4b:
-        63:07:14:68:8d:92:b1:00:5a:22:3a:99:5e:72:a7:92:01:41:
-        b6:b0:85:f0:ff:48:ea:da:58:d2:77:26:c2:e1:56:52:69:45:
-        ca:38:98:f5:ab:9d:1b:4c:fe:9a:30:64:58:64:e3:68:f7:a5:
-        3f:86:1c:ff:3a:82:bd:56:a7:a3:a2:5b:fb:f7:21:8d:14:98:
-        0d:00:3b:81:bc:09:3d:94:90:8c:df:4f:6b:14:b5:10:68:3c:
-        07:cf:e7:06:69:71:4c:0d:b1:7a:53:24:5c:49:8f:fa:05:05:
-        18:9a
------BEGIN X509 CRL-----
-MIIBOjCBpAIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDVJldm9rZWQgc3ViQ0EXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHj1vUuW
-G7Mt5kBQMuu4tEdUC/JIMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBADgT
-iyHqxC42O9Ej0KrohxNiS2MHFGiNkrEAWiI6mV5yp5IBQbawhfD/SOraWNJ3JsLh
-VlJpRco4mPWrnRtM/powZFhk42j3pT+GHP86gr1Wp6OiW/v3IY0UmA0AO4G8CT2U
-kIzfT2sUtRBoPAfP5wZpcUwNsXpTJFxJj/oFBRia
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2EE.pem
new file mode 100644
index 0000000000..b3ebd9f981
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: F8 11 2E B1 BB 28 D9 92 63 FB 6C E9 A9 9E AD 87 A3 15 51 D5 
+    friendlyName: Invalid Revoked CA Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Revoked CA Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Revoked subCA
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEWMBQGA1UEAxMNUmV2b2tl
+ZCBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMF0xCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMS0wKwYDVQQD
+EyRJbnZhbGlkIFJldm9rZWQgQ0EgQ2VydGlmaWNhdGUgVGVzdDIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ9Y5RCWTe1kcC0UDNMfNbMB7mhZg2IYyd
+wVIZ0H7zUCGeRgP+EnH5/lCL7F2FAUGgC6iYOY89bJ3a5/CsYyMXrO4iRqxM9kUt
+fGKJRTCYlOjuWEEOPzcFTo9bdrZk9k5oxwhAqk17m0IvPpoOTAIDKqLaoIz0gqyy
+ziEmaRRxGehXBLCgJwDA7zs1qRZPOiJ7LI8EIXm7l940eGUbU5Rs+XlA/YY/HeG2
+IfKKo9I/fCwV3kFTvYWiL0TCrRtKEyihLwytrpa+NsG2Pk+lHjtmXnRnDCzTkDF8
+g4BT+6WYI8puLUFxzOEpRhVUycH8S9FLP3Gfrkosc4fb0ZaE5O4PAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFJZvkpmg6XZ0u1/U+PsZ2c8dBaDvMB0GA1UdDgQWBBSsAecm
+BprTTYb0YInq5LHji2iDxjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBy+xF3B7mOc/clEsV/pqovLkjI
+iBu5SIcDpgbLDC4ob53X0xFC6EPo+FTkjVNBMZ6ICQOI+NWCHrhAe9NgfWivzORF
+dDiP/w4v7n7QL8XFug9+Ib+KKO98TSEAO0X9DY0YNyOHHO17Zo5Ev0sU7UuZ/3za
+9A7gG8P7Fjl1u53FnR6BT7S7pLmQabCEy+cVnN41giSUX82Wtc+VLo7AuOAxbXqE
+/fy6+/bvldsbMz9KcgoG5Qdj6E6nVyaENDaJe7eWZhfLeXKb905YkqXU4H0T8bLM
+YA9BW15DSOhrylXqLHIg+pa79+ujLyqlw9Xz9shQQedLz4y4nf8DbjmYa/nA
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F8 11 2E B1 BB 28 D9 92 63 FB 6C E9 A9 9E AD 87 A3 15 51 D5 
+    friendlyName: Invalid Revoked CA Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,10B18725F104434C
+
+G1BIGWw8PiMynohCHUCkVX8obnqxs7hNDvjaAjqm70Tyli2vUjjH+o0IR2liO0VC
+2F2ecwJZUBuLGWGkd/8N1lXW2ishF0Y/7AtJGpOoUpH9kgRyShNbjIJzkBSDhxtP
+x3Uh6jJ7i64YnWdaW2/Cfm9s3SXYT9DJ4HJVohFosnLCKimaEdAfM0ui9OD+/kYU
+zsGqcXAqQ4St6oXmwPqcVbv1UP4+sLO+VQrddFvJbs8hkZpI2eoSo7LD+axsC+Tx
+fa0cRuregZlRm/xIKobBkdEeLANUszDcWKKNGNPa/ywX9brgkQlzS7vTUrZdeVKU
+/rLuQTjoh34h1NdZkux4LsdWnbff/TK3twj2Ge/ZsdmS6Sq9wKniqQDE+LUUlj+k
+BeL6jjxAsd36cTUWTDTU/zmCFoFjhQteSK1ldY+PWK59cQS13tawvn98I1FWz/83
+Q6O6bfzB3/8v5DDx6TPv37IuwN82WNxWPYyy/tFx8rlW5jHIxmP1foTnxgeQSDx9
+8lukOJJjPt0byE/pNcJbdfaU5mOOwsaXPiYrvCN36kQkPxWTrN6zqv+AXpU55r2N
+DB3oA1MS4FghmQjXr6uDA1ugmN3xQEJl7/biNdPk9TL/5ur38tJ2utb68hXKey/s
+xG1EWxvRO38btEZjlI7W4b5LlfmEOaEss5l5d9W3O+Fl8Pk1TD//5zx0ielHcqbd
+7wdAluO0Yq2KgSIzj8wHmzJsHqoamoP6VbwnIq9igYkzIw7wgOEGpf2iGCia3Ptw
+hqr0VYZwKODUj4ZaidckmjS4ncbf3Fk2TwXOPI0Udqo0qU50U0uV/6LM0i27/ygY
+EM0MqKU/9L6PC73Cm2Qgp8iCbN+nN2s8LQ95MfoJ/i9wWcB8xlx0cbdD6c+L72xq
+K4THPxfWkgULbZYVPbLvTlw5jVdyzxaH6szLGhiUz9Z2d2xFl29o0WWvlXtTQcHB
+m+WL83LmmvV508Rmi/yhHmGFSG9kUgyCZF9K4iPLQ+33kgAif6sg2fXaJ2Kxhfi4
+twLtue6PZsrJm4pjFhCMbG3LLFE0Epo/1D1dRfUab4Bi1L2hf9h0nijAwFh9eay4
+19Oldc2x7bB/KRk4i4/h4bmWscJj6nhFREzqs6dL87Gpl9pZHtTBnQEc0y4gacCz
+jv13Nl2g8PH/YTQd7tvdbOUn7MqZA8oP6lff511Ef3gHNWp6LaxqFDGB9wumwAy+
+9CY6dBPjRXf+Bfya6Q4qUrVrw8DL1LrUf5gta++eSOgWW2eFVjPiffY+FE3TqaHC
+J7QcbR6G8hJqFYrAc6yrbe8nCLF0CP5r5U2k/JaJJXA85ZtvPke1Q3LGd+anRLgg
+HE/BxMafRRQHEQQ4gCLT+3ZN+G1hi3dTBmP0ufSAXCwgYRIMikkXEOHG2DKLtYBb
+fULiXYAfFKqtgLqKKLunKHyI99gCGKLNZ2tBKPqypJoemFV9fCwlnXARsgwreRmX
+Kiu98Xc0SMImSL8N94jwGsHI6k5y4FlGn88JWlZjrtAo90A7Vj/UHPAdpUusLmXP
+uFIHQaQrCM+WpspxugtWAP3LuUOYoqvmkvcv9i1Ufn3ThDUtp00IHP9u80pkWmCv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3.pem
deleted file mode 100644
index 1463a6fd34..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Revoked EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICdDCCAd2gAwIBAgIBDzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBYMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEludmFsaWQgUmV2b2tl
-ZCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEArULgNTYVsg53ILvaQpaeciApmyq6N0bmhjEiwYKYPdZSQ6A5tHN2X0hNYGEf
-Qg37W+OVgufTdQYW9KHRNQDisSLHoFpDaxdeSJbRshvd3iaY70ad01q0/L+mAhoq
-ULHc6QVDrE3PiDd2M2Rt+JNpIMX07CPN/nq8EyiJQUYI5AsCAwEAAaNrMGkwHwYD
-VR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYEFJyIJr6rimQM
-qOzR65FZzrJ1clsAMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFl
-AwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAHLF0HF9GpuEFWTdc4BuejhAejEBiOTAb
-YfTbYZYqwl0l+JU5CtXiOOdbOcY0XNpPI1XwN1HtIhTiFIxjaRLQ8uSd7yExaiJp
-HR2lqTC8A1efBd0eFY2MuknW6tGu3XWv+2I/NKGGyIKfWAwpPZbt3EdRnjKGhfgU
-VixHhlnpHlE=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3EE.pem
new file mode 100644
index 0000000000..2921552453
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 1A 57 03 C4 6F 9F 1A 40 19 C8 9F F9 43 D9 A8 59 9D 9C A7 02 
+    friendlyName: Invalid Revoked EE Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Revoked EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDgzCCAmugAwIBAgIBDzANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMF0xCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMS0wKwYDVQQDEyRJbnZh
+bGlkIFJldm9rZWQgRUUgQ2VydGlmaWNhdGUgVGVzdDMwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC3CqKP+NqhATHU9Ype3p9gqwZT2yJYnoZS0jqLff20
+2TShaoPJ7V0RtaTdle3RMAw6nsu5jehIzYk21kGlNURVYcKO6y+undUfJgYTXX0F
+ZHSCMuMAWuGVdla5oFSqVlzNS9m4gIHlYunhBuzJRFSJQV+eKzPr/ITdO14QEGrO
+DNzu2N1MEMlBzwuExczNN5ZIRWvqLyd52380a+oD9vujGIM8oZQOHcBPZTvbgn7q
+RaH1719locD7oMhj67trLALbsHuRnP2APe/0vuaM7mNTlLzUpb9mAefSjY8o5t93
+38am1l2Z3BDBDLu4BgBi3q8131dczc3y6IrrBtYfpREzAgMBAAGjazBpMB8GA1Ud
+IwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJMB0GA1UdDgQWBBQHFry9nAga3iH1
+aQqYBs0caFrLfDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
+ATABMA0GCSqGSIb3DQEBCwUAA4IBAQCCPGXUH3RC5BlNt3cfMDGxsZkfsxYhftwU
+m2b9gwZwBYcHppIxBzHV1ktOPl3uJgpFar02ypnHKWANAcIUIjFZaHhZ6X2YlBeA
+5iQalPQvOyPEUwncGSwWTYNo1KdCev8p29UgyjvZnmdEtMMBUejzDfVHfdyvo0Le
+Z3Gvclnqpn7tu4xkMrYbVGwDmcNRAGhSpXzINk1SUDcHvONQk0n2swPZs3/NjxR5
+oQK3prqEj/ANim+ujHAWVIRIuRwhR1hOQ7SwbZ5CSF7rYB2QZVlpuORrsNurmonK
+JOLp2lDXvMiR6JFO7JAy89bQSCkUNqpPjNIaF8KQ9bEbCZ8qH9W3
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A 57 03 C4 6F 9F 1A 40 19 C8 9F F9 43 D9 A8 59 9D 9C A7 02 
+    friendlyName: Invalid Revoked EE Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8B62CB31A9ACE059
+
+9GmR577tNmXpWrBhkP0uF+4EUaEXZt2RbDCE2iFeGK8muqDRlK9857ybYNuq0cQ+
+tMqJrXHtoqGEomrH3L0slGVhopdlZTuIyT4iy+XPQs0ArZYZfie0mfhtXWiNJrSd
+TJFdFsMp9KZ+/jaP90DltOPmg7CVt8PBBNEvdVtvHfRTOZ1ytNZACgNeMxMSDng/
+UXu4kZ+zEQWDttZxCv8DD4emZJ6PYei9szEHosjYGVFLCiPHvvMV5JBWq42tnvOm
+cRxmOxZ8qx2J8NMpluEZN2bgEPIjdlXbG7slayqFkUqoPgzKYnBDjR6Vi4Tq+1xd
++Zw5d2f6Z0LB/938imM8ZM+y6BTN+6v4I/Mc4vEnan+klMDqGCW/3wcYH0YaRfS9
+eD2ViJuGNApQ5t/Y9W+yOoqWkz43wL/9UUPzFlJOG3+Qoks95ZqhVaQI07vH61z/
+hUXHiaUmQOn07QKrgcRiFkSrV8v6B0hXK3FCOPIlzJkqGr4GswaNM6cd8y62UISX
+UqoZm3gUVBpPrgqbqmabyWEFtBk+RgObs8S3lbtvRaLJMSqiYfoUheXX+3USfOsp
+hS6O6CzeD0zPClicf8dekZWTge6vmUTZNyd8Wrze2X3nrQ0KFWlZjQkQAId3KK3I
+T3ZrBbnqNTyqqVWFbXwltMeqcfVj24GSaYWTcTPbzWPiwNkhbTsBATNtcgKVsPYr
+fpHcxmq4EZNSk5+aPiDrltrYAPgLjWV5+7wXs9wueRoQtsLEJdKa2B+8yak0OZ7E
+v8OILfX7oDaKYldahTBbYCZEAIh9YMcyPIwn/n8RrUM9Mqw+4kUnv7ug1nlrLT/0
+nk6NqtvDCHPMuwnGOvWs0b2qjhQ/8QELPgbp2vlg4Qc5/3owJ/3micil35WyOH2O
+8SmXgeDeBRiNAprlSjB0lCo0Z3cTECFqPpAVrmZMgC3yaTUbvywoDak8muqeh3zv
+Zv8UOgS5zzuKyUtKoB6pLaPPflX0uX89wGYZ2pZyvY2NzjYNRbKbSy6LTFFd3Krm
+c9ub/6N3F/p4JxOx47Baw0Dc7NlkNfuSZJDKK4oflW20DqNl+DPmO9Qmler3Z0a6
+cxAjfgZCOITJzQGL9DV99gAAy9KiNRuem8/5WutIX0wT3StvRK9r5yUyaF6hh6Ru
+c/4sgveqxox7wxEsX20IQVoNGNd+Tw87A+8xiXtL1jOWjApATepDygRRvzCZFCDZ
+jjL0p4TUth0xIfKVrLAeWYyO4s9VHQG3eh2XW9eOuQYK2+fFsqks28kkmI6E+eDi
+tnanUjjv/vTXVAGugmfxuNI6Qr02otA2TXipkfuTAl+b3z1RgKPC7SCB0FbTfFzK
+fx19/89KXHRi3078u/Dsgc1O6S3zNFlydgwIxFQCUQWMu649S/o4XGPb8oYEZ71+
+tlRBuecqmECiiOLSk6t4T8rtiVsP84j82/FFBu8LEP4AMpmMUAnecIue4nK4x680
+L4iI/tUZW9puzgC+qKS0w1kHaQU431yzR7A6RwpRAXZuAQzf3CdQCUajTCr2m3Y6
++Z1qmrV+7rN4Bp+goSuUcuf5kIFRsgh0QaIMKspzZ9zDP5t99zvbJuNYT2SCUwDK
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedDNnameConstraintsTest20.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedDNnameConstraintsTest20.pem
deleted file mode 100644
index eb302f72da..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedDNnameConstraintsTest20.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBCTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMT
-Fm5hbWVDb25zdHJhaW50cyBETjEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBANItJYQvAndzEuOPLnWhU3+T5fsnTmDZ6JJ02F66VAcrpMjpsFaFiojEgiY/
-nfnbJzFwi6A0VjvStsiM6fOFbVY0vALdhKMSl1OJvPspcf6YMW1MUg68akqffpG2
-1zIqiltFmmT4Lvq/yg9+q2A9W7yB68fS6173hf2h+fGzR8JDAgMBAAGjazBpMB8G
-A1UdIwQYMBaAFE4uo+fZ3YungjtBSsOefFkjV05TMB0GA1UdDgQWBBShuvXAVFzy
-kwUMm0EKULQY2GdPITAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAElrFa8GafGokZssZp8xXcrnM2FIcSbd
-JXCXQeSFsH7JvXS+3BT1v+0saEhJou7UQ55B7Z0t6COKHryuC0E0ySNyDAOMHGJy
-nbbqmdyyKeXb8cEzFUWN+jTte+P4bCc7qJW+mBGNMLjWFZ0sD6R//NF/LiS8kDhU
-CSYphECUPTcs
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10.pem
deleted file mode 100644
index 7462210961..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10.pem
+++ /dev/null
@@ -1,178 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAOJaxR70a7a1EjJOHlf9fG9BEsSto4MGr1bnQLMud29/o1aka1mDrcT4ehXL
-RT2j2lOFHI+7Cv5UrjI2iI/CWsH+z+PM+sB19pJmrqshzC5FwfeHDzFTUsn8D+5R
-WJAx3NZbB++nDKkIIPql/K61Z8VyKD+3k7nNSHvXV+dKCWd3AgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFKeFECzgAW7nVCNqd6KPFwSv++MSMB0GA1UdDgQWBBSryEEAJtDV
-TOYrVmfs74LEwt3yVTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcBSBfFavoevmu4Jr
-Fzz3LyHSA3rWhajms8ZL6AtVPDfyQaJsZizVZqKYejWLXv3jNCri/c5BBB2XTXdD
-zAQfwr2W2FfXMkNDUWt95C0NOF7NK5Z2XbmFMGaqn8y/rsYv+Zj7zl98yp0efRKw
-JEDyqFgkV/+0sLFjQvvcCdY9ucM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR0wGwYDVQQDExRp
-bmhpYml0QW55UG9saWN5MSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vcxz0dHrlH/i+DaS78z2Y0O98xlH0yo64kCvWxGo//3ZvMZl+wyQwcAOqDnIH20X
-Fi+G9BhwuyzlaqMenvEQFImtvvDspxYtq/xqmTHET1+9rkF0f8Ex8uV9VgGGMJFB
-Kjax2S+jexoGNro4EeLopi6cOXBgeqwkzcpdi0C3ugECAwEAAaN8MHowHwYDVR0j
-BBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFKeFECzgAW7nVCNq
-d6KPFwSv++MSMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGuWkVLrBfOy6K
-Y46FaTMnWYkjBWyjC9mgPrq97h90tejc8Z+5Q7u+WD+f//iSoC19Uy65lnk10g56
-UqaqA7zZQ25N28un3YqnKwS1pWrtUGNiAi3vYPUkmwq+6PJvWAcVl56td6OmQOIO
-hDwXMBUcDUYTCVAMRY5fiMx7ARRmeQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBBTANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UE
-AxMYaW5oaWJpdEFueVBvbGljeTEgc3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCd/67ojjbNifZYVq2WHl1rQRvHb6qWjPGD/UvROusJiCTgq+tLG56G
-Yhb5//E5lAwUUzNZIfrwHml2Pn4iH3vJeRDzhdlPd0IIlP6Q2Dxy2/QrBf7k4luQ
-F9TLihsAH9NuOh1bR/+hB4tV3/E2fvztlVmHOlxbAW/c0xE3jI+WiwIDAQABo3Yw
-dDAfBgNVHSMEGDAWgBSryEEAJtDVTOYrVmfs74LEwt3yVTAdBgNVHQ4EFgQU7253
-ms8B2VtX6DNkqlHmWAPzWTgwDgYDVR0PAQH/BAQDAgH2MBEGA1UdIAQKMAgwBgYE
-VR0gADAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACgW+giBnGTr
-WXyUZ38pVKHUK9uAxjpPOw5UZC2krfC4nqifiItuVLJgqbPmvETc+8fGD4hi07Lv
-owJkVeBq0ZQGlYoxtz7z6/gEt46nf+lK5gU+al33eTzgga0845cxLE7kpKRYsyhX
-eCRGC8Cmifmc+1AJ12kj61Ys7XE8P9q+
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AB:C8:41:00:26:D0:D5:4C:E6:2B:56:67:EC:EF:82:C4:C2:DD:F2:55
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:eb:03:68:bb:91:5d:9a:09:2a:f7:5c:73:90:8d:e8:4b:23:
-        92:c3:d6:b3:8b:81:ba:d2:b9:dc:a1:e4:48:29:a8:98:cf:59:
-        db:2b:1e:de:1a:ce:db:cd:5a:dd:de:f5:f3:91:13:9c:1e:a6:
-        c8:4c:d1:ee:24:10:7c:95:df:a0:ed:4d:f9:a5:16:43:89:af:
-        18:f6:1c:24:b0:70:9c:62:86:07:f8:0c:e1:61:d6:99:ed:7b:
-        88:58:9f:79:d6:3a:1e:ba:aa:52:97:13:5e:00:7d:00:ce:9a:
-        d2:34:9f:0d:bc:18:09:f8:10:2d:c5:d2:8f:d7:eb:a9:59:25:
-        45:1c
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUq8hBACbQ1UzmK1Zn7O+CxMLd8lUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAhesDaLuRXZoJKvdcc5CN6EsjksPWs4uButK53KHkSCmomM9Z2yse
-3hrO281a3d7185ETnB6myEzR7iQQfJXfoO1N+aUWQ4mvGPYcJLBwnGKGB/gM4WHW
-me17iFifedY6HrqqUpcTXgB9AM6a0jSfDbwYCfgQLcXSj9frqVklRRw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10EE.pem
new file mode 100644
index 0000000000..e1d36aaa9b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5E D2 45 B6 7F E4 4B 8E 8E 55 E5 51 AB A4 39 EA 62 3E 9D 43 
+    friendlyName: Invalid Self-Issued inhibitAnyPolicy Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBBTANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowUTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kxIHN1YkNBMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALF4YK3LWtJiBgUl5Tn3nfwLF69a8RzoolTy
+yaH+AC5GnpkNUDC8Mae8jF0rRErvKDlDgHmHFYrEXoZ6ROCsqx2m0PCYcM0aSc5I
+Nt0zfc0V/SjB8PEitoIsDTBNWQHoWBysMKdEvPcPgEbQ6g/I9AMuo2ENAu3JAK/k
+mFT7y5P4Auk3pwAzK9eM/qiVVSoK62ykN2e90B/v/W8Mp2B1oSLkbrUq+pZdG0Cl
+lqPw8jaA6/GRttWiOINW1MERdhyYXIZa9HrhE1vHQNBWT9ZNs0z8WXlSx0qSe5Bf
+ZRC6U4A7HagfKnp97XwcfgzLEZVeRzq8ydhdKyYL/GIQ6skBA00CAwEAAaN2MHQw
+HwYDVR0jBBgwFoAUjAXc335k22K+20tRZIxqZthco6MwHQYDVR0OBBYEFNeq4+x4
+jtMItdkkxE+pjUaRGjiSMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRV
+HSAAMA4GA1UdDwEB/wQEAwIB9jANBgkqhkiG9w0BAQsFAAOCAQEAw+zWEOZ2oOy7
+pak+z0Wn3q9yg06WNlv55x61qIF9FLPsUKHcq5HZNHUqYUXhsGP08cU5bIq20epK
+xuAj34fGieLjH1KgbgG+Bwe8pkG43gzh7ggqdqcUEXQZFOMLlZz6AnRWeG8/ZoKt
+J1u5XBLhBO6poXF8n3T8t0us4f+HtVOjdNeRdrS1QEiHrXLOanN6YIViBraciCOd
+ezeYCJvDquy2ZCoAUDpJS6dofveoHGr4BpMDgLe1g19JWAbZhvHQ/WHzTJrMnd/q
+rvpQcTRAwaLr/Sp3zY5tp4Mb7AV4iYYszVbwQQyHhsq0E590x6kQz6lVtKh7joOU
+4naDVzv2ig==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5E D2 45 B6 7F E4 4B 8E 8E 55 E5 51 AB A4 39 EA 62 3E 9D 43 
+    friendlyName: Invalid Self-Issued inhibitAnyPolicy Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9DBA21FEB1BBF3A3
+
+vEXQyEjZcFlzS31kO8IeWEvB/hYjpm7DzvDAFbfVZtfW9/khycLB1pUhbMEzVvH8
+L6pKBRETAoU33dCwAIkySaegzKzLCd9WFpmlOIeFH+WSyVoRs4nnSHPBk42mBKj/
+NK5ue63pzko+QZVIiFPt8x7R44i2lGRXRCgaqiyIJkSyby98aPlAxi3AUChU49vA
+ZXCDUg1YQIe4xVqJ6ONYRmyVk5DbIWY6aQSV7jQ0OL3olL8+WgXmUiQFuvva1rdL
+s3Z2MTGQMJH4wU0lpsAtX6UCgGvoSy6PSu+W0OUH7zG/4/MjCp82BnY5xJLzmPKi
++2jEWuw9CfdiFMLrFNLew1SIe1attx8CZ6sYAKakOcyZ856HiOsO634yzaRgOhh5
+SmmNN49StebbBv261z4cmVc4VeDPvjyvkGKjLxBYLMgWwsvZOhskednUDwGi3cJ2
++3FMFDorpbJ4+7o2MkyjIAMuvqVI/cWaKlzTsi7NWVeNQf1Shg1P+m6jLL1SueiH
++4Ce1Mah3OujFO+Rd3Vb0NcKgobKklL7Jc828ArMC2t1P6xmEUJPG2PngXC3mDII
+x3aj+ApQ7Fbt2UIXRGA10z+hRYvELAACGUA4lPMI/7/p2xoEgE/2+6pyKaGhZc7r
+VEhygISd46RcMUb053KqY4vPP4lDRjyZ7N1ebGVYGrJ85mMWR35B2Lh2jGqbCecx
+X2jMqvOUTGScgx0afxA4gPHO9McQwusrG3AePcmRrR4qxiur0DhK8veK1j8wFuRk
+ZwXhXSP87NLtUQ0F5TzJm8zFviF8Ad8+Tpb+nEYrZK4XEnwVzJZXwAeikJu/wWmZ
+23w56a8YAR5KEz/lXhFgJqXV1x2RteToTNKp7X5ofVHjJeySdRvrJbwEPokRoHgz
+mhwK8rEBeAjeQpImLzjjACV2gU1BybOnnB67WoM5z9mByscCFumy/bni+5Dogqua
+WApGMeRdqLPl3KX5bc9Q1F1b6gXygSYxGsBVAIFxwxmJdKlShat8qP2rYUySE4Pi
+c0WoXMwx4bHgLM7eXlMgfM1D9sV+kww9B2kQlC33cVMTkqcPcP87sJJXXO933xQQ
+RxNnPQ5SlkbapVZAiajhagcALhNLVFxgxz+wJX8cxoGj5aZutJcKEsRpt/UGgx78
+ZMDHLEelO5dt2KUci3Zd4qQTVBkxkfLIGyV/6nZUyPNK2l36yTRmd64DiAMyF8NY
+vU8aNb/aiVtTKLTr5edZOTJ84inTqLdsORpsWqRU2i25epB9TkHsTQHky83kUSqX
+at7iuELBsREAhhUmviJgnRwPiH/FZUVAwaS1frZ27kxEPuicZZKqTL7sz0tHduQA
+TiQvrbuKUDdyLjLRGYLow1LZFDpL1DXZcEI8YhzDVCfU5u0EaAGFeBq+3owBjpVi
+RJCdp9ZRl1SGdY/Lbs+/S+Jxgq4MLqFs/d2+NRijh+jTZfTHCggih5vbkB+A36pY
+CUYmYOsnLmcV4cD2K9S4X1Rgl51rLqnYRuJLIgNW2yRh/g2bCHakLqUeHOb7UlQq
+H8CIaxiSjdS5tVntPnQQYr9DwZ137JY4xBLMzasFYcU70DWkCO/xTA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8.pem
deleted file mode 100644
index c4536e1bc9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8.pem
+++ /dev/null
@@ -1,230 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAOJaxR70a7a1EjJOHlf9fG9BEsSto4MGr1bnQLMud29/o1aka1mDrcT4ehXL
-RT2j2lOFHI+7Cv5UrjI2iI/CWsH+z+PM+sB19pJmrqshzC5FwfeHDzFTUsn8D+5R
-WJAx3NZbB++nDKkIIPql/K61Z8VyKD+3k7nNSHvXV+dKCWd3AgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFKeFECzgAW7nVCNqd6KPFwSv++MSMB0GA1UdDgQWBBSryEEAJtDV
-TOYrVmfs74LEwt3yVTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcBSBfFavoevmu4Jr
-Fzz3LyHSA3rWhajms8ZL6AtVPDfyQaJsZizVZqKYejWLXv3jNCri/c5BBB2XTXdD
-zAQfwr2W2FfXMkNDUWt95C0NOF7NK5Z2XbmFMGaqn8y/rsYv+Zj7zl98yp0efRKw
-JEDyqFgkV/+0sLFjQvvcCdY9ucM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR0wGwYDVQQDExRp
-bmhpYml0QW55UG9saWN5MSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vcxz0dHrlH/i+DaS78z2Y0O98xlH0yo64kCvWxGo//3ZvMZl+wyQwcAOqDnIH20X
-Fi+G9BhwuyzlaqMenvEQFImtvvDspxYtq/xqmTHET1+9rkF0f8Ex8uV9VgGGMJFB
-Kjax2S+jexoGNro4EeLopi6cOXBgeqwkzcpdi0C3ugECAwEAAaN8MHowHwYDVR0j
-BBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFKeFECzgAW7nVCNq
-d6KPFwSv++MSMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGuWkVLrBfOy6K
-Y46FaTMnWYkjBWyjC9mgPrq97h90tejc8Z+5Q7u+WD+f//iSoC19Uy65lnk10g56
-UqaqA7zZQ25N28un3YqnKwS1pWrtUGNiAi3vYPUkmwq+6PJvWAcVl56td6OmQOIO
-hDwXMBUcDUYTCVAMRY5fiMx7ARRmeQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subsubCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8x
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UE
-AxMbaW5oaWJpdEFueVBvbGljeTEgc3Vic3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQCSWo7+2d9aVEIC1GxMTDBcE+ozTf3DLetgbtqH0eb/EK+ZLwVz
-cVTjWrdl1UTfNgUR9FkYIxWkXmme/JXqvYFtYTmNiz0Yj4KGpl25Mi4qoxtRFk2M
-BKLOpp+oY4PsNGSc5CMRc3sfZHeKe8jZK3nA4G5nv0/KELI4m69QKI7u4wIDAQAB
-o3YwdDAfBgNVHSMEGDAWgBSryEEAJtDVTOYrVmfs74LEwt3yVTAdBgNVHQ4EFgQU
-Iskd1THdwnbnw9yS/MCFk6rmzc4wDgYDVR0PAQH/BAQDAgEGMBEGA1UdIAQKMAgw
-BgYEVR0gADAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADf72Lgp
-rqTepmy2dScOvurWUGzi/mA303snWu2b/DOnZOn2MJmmN2OIau2+7H9N1CVJDq+9
-gF97Zy3sIukm2yyJ623TL2sO5JeKNIP87CGXEiuU8qe/7BaW8C4dkm9dE0hIq82/
-vPG+JF3KAey6HeGOdaLoj+DyiSWJsJmzb1OC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitAnyPolicy EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subsubCA2
------BEGIN CERTIFICATE-----
-MIICnTCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRBbnlQ
-b2xpY3kxIHN1YnN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MG0xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAG
-A1UEAxM5SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0QW55UG9saWN5IEVFIENl
-cnRpZmljYXRlIFRlc3Q4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQ/9Ia
-17vdObtOssUs8md1zwyBeKcC3f6mFfybdaruKZpzVmuAkDJec9ZV+ye3BJUB/5Vd
-FE+xni7v7HcxxRwnFHLMDEqoBYuAuMxi8tWDpWAT9bG9tlMH27i6in9PqUFDtMba
-A2eI2p7J64Nm+mtNtbwY8obe+0CbvRPJDnBU+wIDAQABo2swaTAfBgNVHSMEGDAW
-gBQiyR3VMd3CdufD3JL8wIWTqubNzjAdBgNVHQ4EFgQUON+KAQ3zmTRqwEhvTM0g
-vMZUZF4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAN
-BgkqhkiG9w0BAQUFAAOBgQBxH+ujnhDuJ8w84wkOZvsaXK8TaJMO7AkbWriyl9Bm
-rMj0tb0bKud0bFlnK+uuetnpFGNysBArTwGQMpQ8C9KsHDEDVoC5A7TAUXHJgtyG
-geWX6fiC8ZBA/LDkDjqLchdfF2r/Enjo84+EbjA28xHQeJt+AMv2PrX41z7EWjjj
-dA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AB:C8:41:00:26:D0:D5:4C:E6:2B:56:67:EC:EF:82:C4:C2:DD:F2:55
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:eb:03:68:bb:91:5d:9a:09:2a:f7:5c:73:90:8d:e8:4b:23:
-        92:c3:d6:b3:8b:81:ba:d2:b9:dc:a1:e4:48:29:a8:98:cf:59:
-        db:2b:1e:de:1a:ce:db:cd:5a:dd:de:f5:f3:91:13:9c:1e:a6:
-        c8:4c:d1:ee:24:10:7c:95:df:a0:ed:4d:f9:a5:16:43:89:af:
-        18:f6:1c:24:b0:70:9c:62:86:07:f8:0c:e1:61:d6:99:ed:7b:
-        88:58:9f:79:d6:3a:1e:ba:aa:52:97:13:5e:00:7d:00:ce:9a:
-        d2:34:9f:0d:bc:18:09:f8:10:2d:c5:d2:8f:d7:eb:a9:59:25:
-        45:1c
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUq8hBACbQ1UzmK1Zn7O+CxMLd8lUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAhesDaLuRXZoJKvdcc5CN6EsjksPWs4uButK53KHkSCmomM9Z2yse
-3hrO281a3d7185ETnB6myEzR7iQQfJXfoO1N+aUWQ4mvGPYcJLBwnGKGB/gM4WHW
-me17iFifedY6HrqqUpcTXgB9AM6a0jSfDbwYCfgQLcXSj9frqVklRRw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subsubCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:22:C9:1D:D5:31:DD:C2:76:E7:C3:DC:92:FC:C0:85:93:AA:E6:CD:CE
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1d:88:c0:b5:68:f8:c5:35:0c:66:d2:54:82:7f:06:cd:fb:e4:
-        14:7b:81:fd:e0:ff:7f:0c:33:e4:b4:07:82:8e:40:8e:46:36:
-        5c:05:8c:72:bc:b9:83:50:2b:c9:d5:23:08:40:c9:a3:47:ca:
-        cf:41:15:86:1d:a8:fe:50:a9:ec:75:78:c9:d1:6f:94:00:86:
-        c3:05:3d:e4:39:af:b4:a0:9e:07:88:24:fe:66:f9:7b:f5:95:
-        7c:dc:08:c5:ca:e4:4c:d3:82:bb:6c:de:07:8a:f2:18:71:ff:
-        8b:d2:a0:95:2d:c4:e2:12:37:bf:12:cc:e9:bb:75:de:16:9f:
-        86:32
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRBbnlQb2xpY3kx
-IHN1YnN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUIskd1THdwnbnw9yS/MCFk6rmzc4wCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAHYjAtWj4xTUMZtJUgn8GzfvkFHuB/eD/fwwz5LQHgo5AjkY2
-XAWMcry5g1ArydUjCEDJo0fKz0EVhh2o/lCp7HV4ydFvlACGwwU95DmvtKCeB4gk
-/mb5e/WVfNwIxcrkTNOCu2zeB4ryGHH/i9KglS3E4hI3vxLM6bt13hafhjI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8EE.pem
new file mode 100644
index 0000000000..55fd665be7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CC 64 FB 32 6F 67 8A 1E 96 53 A4 EC FE 77 2C 95 89 CE E7 02 
+    friendlyName: Invalid Self-Issued inhibitAnyPolicy Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued inhibitAnyPolicy EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subsubCA2
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dEFueVBvbGljeTEgc3Vic3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowcjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExQjBABgNVBAMTOUludmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdEFueVBv
+bGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANrGXh8C+n2LlFXpLZsOJgBIEL0cYBmcOraLKe7Uvg2hJc9AD8r/
+z8WHmVQlSq4B8l5SFHNeRfZ80BEnvnpsTYyLF8ANVwtG5OT/tYqaJnda7njYnjML
+hMkR8VHTaeplaXavFjQAesIG/JXDzHpX4U3FzcLo32jX30Jl0t1wSSVgufSYzPmz
+vN4snvG+K/U6wIwW1Zj+bzDTf+WFNTL2KW+jEr7X8XfWi7gqNUaWdqkskRAkBM0n
+CyiuRiEe9bFulCodYxEJB2pJKwdjXCxdHtJS3FiwOq86oOXgvThoQdHgxbAt7JWC
+RqwyDXmi1cLLG5sioGKwAKDcE1jtuL9Ep2UCAwEAAaNrMGkwHwYDVR0jBBgwFoAU
+EX3AnIp2+Ukz96SBS44wdZU76IgwHQYDVR0OBBYEFJ/nMvWSZoe1IShDy5EYfznX
+2OM+MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJ
+KoZIhvcNAQELBQADggEBAJjr02r+qm4q+XG/oDosR+zfakP0pcDGVwwLwHqHV6i6
+hf32iODdTy7N+3GfB1vOdWJ1HKJT8TbXcM/zyYyglvw9rXAWdeaTeZLExRaavB+k
+LlIAycxXFl4gSslEqbxnGl7FN4BN8DAa+4WtHwW0Ff3U0wTbSNMBx4x7skvP/9ZO
+8Qllw94V7dAwBUDwbVL185tJsJI87lMXUqxMdrBCGoa0lqS1I8ZFCYXV0TOCeeTI
+ruSYrANu8eHRJliHGb4+SAZ9xVWFqsqAJyqrs+pJHFm4+7q/YdBeVjV70jTjN+R+
+Jxh+nojv3Cn5l9DmG8xQZzc4Q3QTsd7Dpmb51+N+N7Y=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CC 64 FB 32 6F 67 8A 1E 96 53 A4 EC FE 77 2C 95 89 CE E7 02 
+    friendlyName: Invalid Self-Issued inhibitAnyPolicy Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6A1C69F9982793EE
+
+k71tl+AyI5R0Zaid9r0W4MdpNwhQHzNbrE0OybQzNpvyMYEd45AAPZSkTw3P0loK
+MyWXVvI9Y8xTBtorqE0bHlPbpJhdxBqv8NO2glThprJYVG+G8m9O3y2/vKSFCOqr
+nsHAHR7X4KjpPif3gTovYdKLGRDBSpFnTzwGGEHX47Ey/7goy+r6gbHYfpGaCHwQ
+UcDpatkSc3GUkgSwSodNZPvWeymvdZBXyHyp73GWN+tgX0WyQYsh5bADAjIsReXu
+D0wnzYcXQtHxmbQbqv6QyXiBPY91GNxcvAwa/1QcbiI5O20EIieOesTQI31yCRHT
+a8mp/E47C191Gn+9DrgXtk4/YyR2JIWxhsbHceTOCN3JLnPngFHKZ6A0bNfLtZP9
+Uj7ZclhcVz6dxoqs3hM3j4MEGJ2PMNp9u+03He2Rt1NMZuns81ioXSzHAWsGzVSn
+PcUyqUMafdzHlGYLxq7NHzw95+SpSvWAIXDnfOfrlZiP1LOnWNwxFXWnQ8JksahG
+rQQPCv7YFhTJzr8MvlKdDrOoG709ANpsnWgf+G1vD9MVuZ7ZrBHSFFzjnyZu4OW9
+c2JTlB+ZPWfspMDNMhuVhpVkOWktPFGpHz1sB+r/GsAq3MqeuefcQVeR9hHApbdZ
+CBwHqjZVatSDMV6DCXGPAjShRLLNAi22wa+Nsu/k4AqSiSnnT/6UWyFTwYDBxk0f
+fTqHgOd18A2vVjL90tlAlyzC6vcYM/fM1xmBaX9y8M+MesZPBIAhMHN1Axl4iX5W
+q5vkqh9u1pxtKJnhn9pQ9g/hqZbcRp1T/na7HWAzwOoty9157Kl6WrkRFiJXicy5
+7MsEzjyUPtCv51YVgvNHVGadCeQprKkVNYjuZAzXt0E901xqyOLMOeFv2LSwAe6N
+BE3BMBOq4QIUYw1ia9bKeju8GdfdDKpCwbtnjns1Pk5O04TCJFuAk/1VWzKnfGUp
+4+JrN9VCM6x+Rhwlw+uHiDDQwgRU0W41BUJv+EI3Ol47NnnuaaRYGx36q3k2XVhk
+/F/KoDDyDcc2P9oxGJTdkimmgSeW2XTkoiet7Oop+9SOmr8+6QiPuSe3hTJq5548
+5ihfZVZRzT8AOL3wYr1RTYfcEW3/Yhnlm3r2htLphB/05NxcZJTubVpybHFcfZSD
+KNqqjZicL5MwMR8Jx3/oDKJ0Y2Hl335HUZez3d4SFuNf2FTVe8gLPEe2l82SFLJJ
+WOyIpmKyGI3GzkIet7hi4V33va4Yvvh02IPfKd4JsDXYMNoj8cusVRuDwobFbLF6
+rB1UXfYH799oAUBnZBzNLip2WKCBqU8NJi4aYpyszq4afuZ6umG9oXuXzXBtSt0j
+32kdr8/7WrOJzAb4qpzKjY0uPrh/W8hR0tJphVQB71qFMs6jKc6TFdeuDORnX5Ky
+45U5ZL+WeRF9+s7Aoist+n0ObC6kdVUMd64Ft7VPmRwv0ayOuMvdBvKTUMOeDgFV
+c9vaPZHNo5d7Rd5WGn53A7f+9vs54sx/GcXyYZgsfewKqmautEGmzmwCxP2PA9KL
+6r2mgE3b7WI+AfaORZh3s6r5GK0jtbxLyobFxWfG+I/bjjj4cLDXJ6fzcpSWM7uD
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10.pem
deleted file mode 100644
index 5d5bad56aa..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10.pem
+++ /dev/null
@@ -1,200 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG
-A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE
-99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y
-emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID
-AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E
-FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu
-YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD
-OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY
-Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk
-m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK
-oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG
-9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb
-IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99
-pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICpTCCAg6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMHIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFH
-MEUGA1UEAxM+SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0UG9saWN5TWFwcGlu
-ZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBALSurY6um4v6Evz2ZZkBR0WlROEOIvWcYk9AFjbvZnEXlHBzmkfiz93q0Bi1
-a98FZyy05zNbGmfXdXDbAuNwWdWnYFJqFQF5yKUTSQOjNNy5afttfVbM3ibrmE52
-KsMfdN73UU2pHclkhpRJ9ex52s3nofBFCXZQVRZzoeOqe/tfAgMBAAGjazBpMB8G
-A1UdIwQYMBaAFEGmJOdLRsqNTr1i/ZUfoEVERdaDMB0GA1UdDgQWBBThQ779KH6I
-bjPzWxJ3ysMVnek3RjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATADMA0GCSqGSIb3DQEBBQUAA4GBAHsSdG99XQKSMIQzQLp/vngNcqtmTCC5
-jBCt3KnnUwJ/Nrk2oEQpRwjetItPwFFYN/IR1MUnb0TtKwr+WqFeMI5MgyzkuiG8
-b8Wi8Nfa+GP+ZaWx9W0hIwlvixhloYr/wO5roHJLmZdiyrUJlEGb/7VLK5ZlmSDd
-LhmwYoEZUDxg
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/
-EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP
-uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt
-iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G
-A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw
-AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD
-6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC
-WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICwDCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEn
-MCUGA1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQC8nvl2y4d/yNUHP7aG5vOrKPi3d7UXdNZHRGzP
-KFYbJk+OVhNwnX26uR8hCEDDfjBI28f/541hjsDbgy60IS+nCklaPQkS5uD2R6Lq
-9WPZpnSNT+obNGFQqIuE0iQbBIXeXKy/E1lxCIQazKZHl7/QhjIso5/eRagUVF6m
-ahAnsQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFLamwerAUlPfhv1mSeS0Rr5jMwwV
-MB0GA1UdDgQWBBRBpiTnS0bKjU69Yv2VH6BFREXWgzAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUD
-AgEwAgYKYIZIAWUDAgEwAzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAKKfnJVgNVANlABGqhZPFB+MA6EeX9BLJIERR69poKaUCigLoIdovWQx9/sT
-MYvGE/gIulPhyTI2P+UM8yJHPmsucrlDwVwgyTE9WCsfVRZOV/DVqGzvHtpUGetp
-GZVUYWRIJtdAFXq1h04c6KSFenC2BqH6A19N8SkUyT9v8khC
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25:
-        50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2:
-        09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56:
-        7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7:
-        2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e:
-        74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86:
-        f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db:
-        f7:a4
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y
-CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC
-VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee:
-        4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51:
-        0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9:
-        c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64:
-        ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb:
-        cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22:
-        d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9:
-        45:a0
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw
-v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh
-zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10EE.pem
new file mode 100644
index 0000000000..c06445050d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2A 05 D1 E1 38 BC D1 DA 42 C0 F7 50 50 DA 43 FD 84 D8 96 20 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApygAwIBAgIBBDANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowdzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExRzBFBgNVBAMTPkludmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdFBv
+bGljeU1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDEwMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAp5QAd+u/Uos7XJmpFiMxS2UfCoX4S7F2Z8X+H5aE
+ROK+YmaczS0wMScaDNXiqifUvntr2PEVPGpjAdVg711oP4yJUO6yxljUqZl/DVV7
+//qRPkD76MUCIxNx1dxLrsOd6PDmFV3ZcS1w5R6dB7E4AGV6jG2ikMHAp1UH69sJ
+nxbMKCtpigzpxYTQtcH9+oB59lMkkAtSk0k09NvW0GHlDR6+suZgQHHfmJMV8C1+
+WitpjZncCSlS6jc0QnYpGeytIPY3JVq5I9xaaiBsKLQAxf+N2XSNzs/SoUWDNfPy
+tBlUdU9h8HmLx5ZB6OV8fF0G8jTH/kJ9qhOtzOBGuz26BwIDAQABo2swaTAfBgNV
+HSMEGDAWgBRZuWxk6vOuluq2UVwljzvP7fWTDjAdBgNVHQ4EFgQUKnl4yMYjPGWd
+wygY26eKCylWgpowDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwAzANBgkqhkiG9w0BAQsFAAOCAQEAmjzrR+7LxCOYhqiancHFg4jAXcy8IQNF
+w8M3p9yWNIusPl3UwTBGf1o6nn7Pbp+sWPrqsdRETfOk+14+UpVFwwIu4tpNdNZN
+KQGsovaMjGdr1ZawnSxGg7s7aRaTA/EN66brxdWQosoDVPByNjDIqzLx89UIcEPt
+qVSK6UukAx6UqPPyZSj31V3VK/5zCvpaSmekzBdmRYoRyhTyCE9Siqqtqh+MOJYn
+QRGpn1qPp+wZAqH9x4g+lsuUVjU3mll81rwQGHAWke/ZAbUmzZIkw2i6G08SJUhY
+M6a3CsWate1y1nryzWjsVOzERK1X1dkKC5GsYm1X36COcZq+lkIshw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2A 05 D1 E1 38 BC D1 DA 42 C0 F7 50 50 DA 43 FD 84 D8 96 20 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,45343F863105C0DC
+
+jROO6JFmYZtrJFFPJ803OpyapdIAijSNsy44v78PGRCPbqp5qCErYohOUfD+o/au
+iQZIeAOqfJQA4M8PISN7fyIQjfCoKT58HJ2O3R1x65CkbL7eSC1VKkTvOcZed4v4
+kSCqWp66spB51u1akvAwd9EYTtdZh6HPFg6wf89Lpav1sagKX42e5A3E6WhUasdk
+/WGvLJiar6rRbrCxw/ydicSgM2VmGV4X+drp7OVr2Mgl6mJ0FTbnSFFMREUHncE9
+MHM30XIU1/Cm4cH3jUspYftlRmJetghwLI1MZrKONIHz4Ko5ZXgKA++6f4cKKnCK
+ycCXTj3NOG3VRor/auTzMZ2lqYFsUjjH3QnrfxSKvz1K7Jj81mkdRQDP47vAbi3R
+gNgg2r7vwRpxzQgoVd4Bl2cL2VwQMspXH9RehhuAoMcVOuRBWUKed2abtjwuNBPC
+nENtMKeVfovnbEVkurNVSAROmQ4LEf2XA4HnAIXOKN2TvE4Z64yhuZvU9r9Si5JW
+VEXPpYUFrgFCr9lvGzYQWl2lbS1r8tmZJRbLz/FWm++fXHt3j60IEGMREZw96Wlz
+dasKD/sx96PSa/8PPzwsGGgn8+fvTc3T9F4rQ9AVNlvEs9ynU7Nzxk5NxomgMqBz
+NvTVA6+jzzGP3rmIV0fxdnmTXHSJVb5Z47R34KMmVXBHQBcJ/4jjQKK+ayItymSS
+TYDGlde65C8YRUKg/OGSrUvhKAPh1hxEDza279vTV46+HFDO2uus888+UH/M81tY
+Qjks7kz3l7SjXD9tb8bsI93nI5Ab1fjqJ44xN8GMVehUCFDsrpgQjZzHHUPagXig
+zotyOh5P2OCFuANf1KNmkkbP3xHqGMMnfA9VmGZHMrvfrAh0HfmfS/vrtL9iuPfK
+j/xi7cTHx23FuAx+aUbHzu6vkvdu4pcZoieI9CvZuQwmSTHsuD3XzLEKc51rI7HV
+W6GxUDWb4bSEQMidT9npTtIXpjyGoIYkZyChqJTxqi6UQmvf20AONH88crHpaID6
+cBbtcHjob13A/yxVD54es943TCWFdR8eAhXEcmbAiayhRULWSgNKlsLykPHQ3ldo
+AX4gQKZWtxm/aIEGyoGcWQ14JAz1Seo5B/lmG23gKIs9gtqwXN7rslKPR1dhGFMY
+g2KazhBpXinjFXQayRatQVWjko0R7jJoTlHOewHm1JiQzOcphLugrDIwVKRAnPJ4
+MTpbRrNAJp+zAhoS0PUB51cYzQrWNzgslN+g9D90+fYEPxhTlNkoG9oeSJPdT7sT
+JQhe2tucqY8BHB17uSMsdSlXDJvryefplRtfnveO/b2Q8xcauj/1BSDAw5FNHnAs
+meunYTQIT+DxdD3HWnoJGj0hqHGwzfO3pnFzMz/Y2f0Wl7BBC2exRYwrMmXLFr5Q
+IdQd4FSpg12EpBo7DsMyMGG3VejUa744Lg4cHMgpvHmVnUMzE1a1Yv+KWFLyfxzh
+w44r9fdyveDrtHxcQbyz7TngSRUcQKLcoUwVK6jDWEK7AG8uM2VbuRJwDetqMVAo
+ucVr5gScU6tepyHwSsC1/kSG8YDFtnJtdNy0hhuWcSSAEUAsfwkHbA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11.pem
deleted file mode 100644
index 30cfbd8ac3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11.pem
+++ /dev/null
@@ -1,200 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG
-A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE
-99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y
-emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID
-AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E
-FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu
-YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD
-OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY
-Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk
-m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK
-oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG
-9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb
-IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99
-pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICpTCCAg6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMHIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFH
-MEUGA1UEAxM+SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0UG9saWN5TWFwcGlu
-ZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBALCdOCljPs8W35hbzEaZA4tSBiEAP7TpJfmh7c+CyK7UORyXxmyvM6U8V4Gs
-PBqmswzgVMkMhosS/Bhk73RmCn38i5dNYizu/3yOGp9piOxNNtktH6bhKyeHq/wM
-hHhgiZhACGBZZDdZFinn4ohF2SmbpxFuugZsJPnX4tj1KZJRAgMBAAGjazBpMB8G
-A1UdIwQYMBaAFEGmJOdLRsqNTr1i/ZUfoEVERdaDMB0GA1UdDgQWBBTTdhSEDG2I
-nAn6zC50pNDdzdZIezAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATACMA0GCSqGSIb3DQEBBQUAA4GBAK/N3uvvde9B7whxXVd4IA0MSe3DHGLK
-n/OBEw3cIXCYST42xPqPV8mkuz82JMTlete1834sdk/ayNFUloeyXzQTAdDg1JoD
-s6Cq3DzqfG1sVcu3wcsYbmpq7zxjXAERJQb2xSOYTvaJC0eb8FSfY6pXWx57qak/
-EPSox/J2fkc6
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/
-EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP
-uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt
-iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G
-A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw
-AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD
-6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC
-WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICwDCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEn
-MCUGA1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQC8nvl2y4d/yNUHP7aG5vOrKPi3d7UXdNZHRGzP
-KFYbJk+OVhNwnX26uR8hCEDDfjBI28f/541hjsDbgy60IS+nCklaPQkS5uD2R6Lq
-9WPZpnSNT+obNGFQqIuE0iQbBIXeXKy/E1lxCIQazKZHl7/QhjIso5/eRagUVF6m
-ahAnsQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFLamwerAUlPfhv1mSeS0Rr5jMwwV
-MB0GA1UdDgQWBBRBpiTnS0bKjU69Yv2VH6BFREXWgzAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUD
-AgEwAgYKYIZIAWUDAgEwAzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAKKfnJVgNVANlABGqhZPFB+MA6EeX9BLJIERR69poKaUCigLoIdovWQx9/sT
-MYvGE/gIulPhyTI2P+UM8yJHPmsucrlDwVwgyTE9WCsfVRZOV/DVqGzvHtpUGetp
-GZVUYWRIJtdAFXq1h04c6KSFenC2BqH6A19N8SkUyT9v8khC
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25:
-        50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2:
-        09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56:
-        7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7:
-        2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e:
-        74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86:
-        f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db:
-        f7:a4
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y
-CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC
-VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee:
-        4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51:
-        0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9:
-        c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64:
-        ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb:
-        cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22:
-        d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9:
-        45:a0
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw
-v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh
-zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11EE.pem
new file mode 100644
index 0000000000..df95d54f0f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 13 79 42 A0 AC F6 47 3D B9 5E B6 E8 5D B5 7C 8B 86 3B 91 37 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApygAwIBAgIBBTANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowdzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExRzBFBgNVBAMTPkludmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdFBv
+bGljeU1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDExMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA7Ubrj1mNP+NcBMyG2sr7H6cZ6y3lj+3xG6IfCsfO
+TWglSnkb2CjlNIx/NjcGYn1YNubiDge31rG7CZNdO61NGtYgFxiAl3DQtg2HR+se
+TWg7h8ZdTt6bCV2ccoGTajtCzKtfJbxEjC+ah94NvIk+IHcEu7JSf9A94efdSxnH
+ESeVTat7aPkW7UlwTUZ/ua3oJ+1WwdUN3KgVmB9mDbATCYfiRk63RL/X1cKQZr2C
+qYGnhh8ugZme/BgoClJrvDw0rYnepgPxYyV/XDTHe1F/KCclUCt2X74n9kwIGcyk
+89i9pk4Tmr4WWDkSViuBBym+f/SDxnUFsgg4d2k265vaWQIDAQABo2swaTAfBgNV
+HSMEGDAWgBRZuWxk6vOuluq2UVwljzvP7fWTDjAdBgNVHQ4EFgQUsEmMF+z3zVR8
+cNCXb40wgeCroccwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAShWF28EnDlNq3BCLCZnLPBE173JUcUzG
+W8M3dA/+WBXujtD0xCKDnWMy+2QVNZkiao4ovBJBhZQXVVhkv1lGulx6kpuQwv/f
+G8HB0esbeYOvGsRntOQM28vpioCKn2+7jG79SURwXGLO9k4QtQKEVrbOyQq+ki1O
+r4ZUIBsKnsQe14SJJWN/vqAOfvoA6StL6l0LHoGr58TZdEyqINecPq0Uw+KWQLpN
+oq//RG53Vm9P6yujzumBLf6llJII1izqotfy7jjFPS0azvJUO+LrtNMZB0Zf+8/L
+0yj1hgvr5+em6YVvaOX4kG8xBQuSNYLyPF2O9aUo97lqZLKvyNm7Kw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 13 79 42 A0 AC F6 47 3D B9 5E B6 E8 5D B5 7C 8B 86 3B 91 37 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,713450B885AEA6B0
+
+XUgfUQQxUwpHLBeZxdJ/HzBHng6cMez7ndN+8M68U02XwYk6Ypa31Ny5FzdCV6Nn
+tNDPlFUuc3aoH28fAcVccb0wFmsGYcodnYDqlsEyB4ednidgyTB46m4wK34kPH7H
+86wztEN8ruPKZIXUQM/blOC6NMbJsbFSGS0v+izolbX9ne3YaHqUJ/8/fxJ7HV61
+ZPk8f0xlojgbYBetrzD0bAzmJfTTjUgnBDTwE7HxS0lydnqZM6BBE59usDZ+n0Py
++TzRl5v+IE8aC9Y6n2LzxzoXNNdsIG/ooSmPYwx9lGFW1meXtALaGDsEKS/fJLN7
+N1CEOpatI5lKbpJX/g5Z3sKmFLdDaqlOBWaY4rqp3OeKmCDsDonu4urBfCwGmWMl
+LCEXXqsz51BtVoLiP/x1zzjdutgLYx3M4dV4qkD9hiCPeaq+BCz/N8nc2bKu/ldt
+j1jV+/xQs3VYNitR/lhN3Hg32m0C/VSZ428jJUMKbjXQBca5CcYN2yGEpLAC7pnG
+C+IW2Z1w4nBJfs4KCeB0WIeDc6KMPgsiG5Joc4LlGEssmMJL4fHENyiXnA48Lc/s
+jF6vnWSjOU9Lck/0aoJYhNMoXebVhOddexAS9vjl90IV90MYMBChcPVfzqRbMOWB
+PMX8z5RDOV4lcDfE1whYmkkjwnU7H3iMYXv3vCxropvj/YRk3cu7DCS9FN60BrNJ
+ybU+uGsTFog1Rl4hFP5KQ233dy9+cpkkgc8qL6QSUeO9iebDPEVyP8uiHv/n5Add
+yEQTuyHIy4EsAFmeVZV1A3zXi0RX0UoHJ/275EJhh2apV4T9hhvAkoOxy8EC2n8m
+UocPHdBs5HQXcyVa2nmiRwSnXm04V6SldsunJ21XiGMWAckDLfSxPYuwNgZxZx+/
+lrd20Ol1tj6vic5k15iCnNK+kaTjO+EkS4/0XrJBtve1Fa5HO2RVuLiGG3ddqfsY
+Zdy6pH4N0Sb6B7y1d8qFRcRE56sWK6bGwQH6Uwq4IREMwfNjWKYghl0Vg/qh6+WU
+djCXwySkWkxzR4sswSisAAFqH+NBdBPRgFU0UBy6ayggEO8Ry12UnDV3Ver/TmpV
+KX/tiZ+lz4DRHj+MbVMIOXJtpNxlfiByof0MMIRQ3RE6Jne/S9JCVqUWTLVb030J
+RXEa0Z0K7w+6eWKF/oSaNj4u7TQvX+sO9+DNYAfwVcW4XXnIfTUovsfrC+rYaQ6P
+/9kuB4vDmV06sCzCcBs8Xuq+wywAUJOu9t9xGNHmiEfCCcHrz/qx849flTIAFrvB
+yxR7KQ/4bCJu5f7NmdN6ZY6T5luQY7BRmE8Sf0D9IdpWxXO8rlmhnnk8NJeY4YdJ
+Fz8xaWb2AtvBcaVHkgK/mxlE0GuHVQqXUVf7p9N2Jy8wCbgk+YN6ycEqD0DTJHAz
+MhsSbkHICtLQ+hccdAZyzQjVnggzjfgrejJRKvguDvTa4kS2Up0yfo7IZWkQITfU
+iyKgd5gs0yM1tnUEI720CKYkuwVmgeB8PhbvKeAUh4aMCsWGtYyo6EoQdFR/RvLN
+4LcYszGIv8kVZtUO1jNinHSCQ0S+aMUwv5MkVzgstZBudIY59YUR9A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8.pem
deleted file mode 100644
index c6ef8e0f7a..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8.pem
+++ /dev/null
@@ -1,233 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG
-A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE
-99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y
-emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID
-AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E
-FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu
-YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD
-OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY
-Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk
-m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK
-oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG
-9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb
-IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99
-pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czFGMEQGA1UEAxM9SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0UG9saWN5TWFw
-cGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEA2ZkYyttS3QceAgvQBMI8apGZ8GOGdNJJrZmaGrXTlkDpRqFBGwv5vx0I
-D958BpDYH1LIN7/T0VKWubFI7UIsU8brS5aic8C92RXCvZM2QdGkQKoiWLE66AeH
-+Fy35j8Tkrk/hoO764l/U3eQB3MD2u4Hf5NuqRAGcngjWAJyIjsCAwEAAaNrMGkw
-HwYDVR0jBBgwFoAUfpdDpAJ93mWROzcZfSe9EqTz0KMwHQYDVR0OBBYEFDKnsv6Y
-5OcDK1R9UWEjFuJ9ytbxMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAMwDQYJKoZIhvcNAQEFBQADgYEARAcPbJvFFgARsBpZO6o4SSHkn4if
-ZfTlwL3z5foZWrjQ0JDVIBj6uz9n3sP0V/xTfR+ZYVH13WgaoIxBIRMhV8lzW7yu
-d2Zz/d98BA0wwE8C9yxqVUuPje9zLRlmAEVQcYY4eWMlFZz2d8XHyckt/LcrCYrK
-iNQtbHdgmlb3dDM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/
-EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP
-uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt
-iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G
-A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw
-AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD
-6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC
-WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMFUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEq
-MCgGA1UEAxMhaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YnN1YkNBMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDzSzQEVqFvTtWkK35YRQKG14a/Ui8zOCix
-lDhIv5FBbG4G15V4laMoRYB38uWxU4/v0K/7UsU7J2ZQZA0iJNgZdYZmM9mMF//t
-37x13Zxd4GcHDbX0FoSgZUNXxSF/AUN86GXCCjrFMhHZAFgqLuYaust5NQdTk9Li
-tSFfyfRl1QIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFLamwerAUlPfhv1mSeS0Rr5j
-MwwVMB0GA1UdDgQWBBR+l0OkAn3eZZE7Nxl9J70SpPPQozAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZI
-AWUDAgEwAgYKYIZIAWUDAgEwAzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-BQUAA4GBALHfJ6kZFXxW875Sui9xpPd2/OXVv4ltULYqS4sYa6iAKR2nNl2dwe4x
-g4crvrxXC8Dp29uqsmno4zOqNaSVjEYctbN3htkL/k/QG4Y9GgklkdqZosT2UXV7
-BI1xQXAiQVbBwcABjHTEAoW4flzUO7+GhapXp36TsEUOYA32+n5X
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25:
-        50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2:
-        09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56:
-        7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7:
-        2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e:
-        74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86:
-        f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db:
-        f7:a4
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y
-CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC
-VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee:
-        4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51:
-        0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9:
-        c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64:
-        ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb:
-        cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22:
-        d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9:
-        45:a0
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw
-v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh
-zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:7E:97:43:A4:02:7D:DE:65:91:3B:37:19:7D:27:BD:12:A4:F3:D0:A3
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        04:cc:f2:b1:f4:89:f0:41:53:c8:66:c7:4d:6f:88:a1:63:45:
-        28:ff:81:51:07:c0:ef:98:b9:b5:a7:9b:b3:77:d9:1d:ed:f1:
-        6e:80:66:f4:0d:cf:35:ab:67:18:fd:e0:10:7c:0c:06:50:44:
-        fa:4e:bd:eb:1a:69:b4:e5:80:56:a2:21:b2:8c:0c:36:6d:13:
-        ac:b4:1a:00:86:bb:90:69:00:ff:66:c4:a2:16:bf:e3:70:5f:
-        2a:dd:c1:78:cf:a8:cf:1c:d3:33:4b:b2:67:6d:16:96:23:3b:
-        08:68:e3:00:c0:71:88:38:16:17:7e:fd:fb:f7:5a:79:77:f6:
-        6c:f5
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUfpdDpAJ93mWROzcZfSe9EqTz0KMwCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEABMzysfSJ8EFTyGbHTW+IoWNFKP+BUQfA75i5taeb
-s3fZHe3xboBm9A3PNatnGP3gEHwMBlBE+k696xpptOWAVqIhsowMNm0TrLQaAIa7
-kGkA/2bEoha/43BfKt3BeM+ozxzTM0uyZ20WliM7CGjjAMBxiDgWF379+/daeXf2
-bPU=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8EE.pem
new file mode 100644
index 0000000000..7f8ad6be61
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1D 6D 26 20 E8 AE 2F 69 0A A5 F2 4A A6 C3 8A B6 AD 96 4A 2B 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YnN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowdjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExRjBEBgNVBAMTPUludmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJp
+dFBvbGljeU1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDgwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC21AXVGQebH8AHBIoewxwmy42xH3DuTS5GYC9g
+FXijp4jeOhdLJCM2uAzHMM7Qib+uSYR0O/Cdz9NKQ/Np9gudh49XgtGMzflsjSM7
+SgijS2qF97/TYv3wq8BkFjATs/PXJWo2S2VQuPce/yHzo63LO8ObEjnHcC1j4r5G
+LY7718RgxXw6NeJDSXOxwJtFjPLMrXEFSVOiPh0vbew3EM1x9ieqJqVwcSaiBUpX
+qIawbxJczfi2UqTuj9SVa7zuObF8qrDdhkdNUYOEFc2IzuVVIOskotPcAB4PwbDE
+HFw02dcwdFrG5BUHhpdvIOmEy5IxQXwMyvsd0Phv/kwqNw/rAgMBAAGjazBpMB8G
+A1UdIwQYMBaAFD5FdKKL0vFWjEYBZnhwJMYiwQOeMB0GA1UdDgQWBBSyFwdJn4xf
+l/2lQPJVfyRDZWC6gTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATADMA0GCSqGSIb3DQEBCwUAA4IBAQAY3dfWtAt0zVsSibvIAi3jQ4bHtVq6
+jSo+i/7Cl2E2qevfmDrS/uUPwjjUXLOsJeiyFIPl/lB8yNC8KkT0oEe1PTr34gLw
+9TTnLt3ZRdCbKqg2WRMv9Y1PsBgWTRcYED+/0U8UQxePr2pyHDetdpJuT+phwvRc
+2GvvJ10UjVJvRCVw521PuHwDyF8JBmpsJQSPOe/L+jnLWOehAxHOeI7CMaqsddpq
+JEq6LZ5ofOV7JaFJMxYscuj9mLRKcXTAnnWUp/9PzrUGI6wr1WG5OdECNwQHqO9s
+uxeEelksAhiqK4Yg1BFJeppQvyfKwd/Njw7ohwTYBcsfojiSLl2a//HO
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1D 6D 26 20 E8 AE 2F 69 0A A5 F2 4A A6 C3 8A B6 AD 96 4A 2B 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,63347D0B822C10C3
+
+HPQLqJ3F6WsoqOtawonx9WdBroYveRAPN69bZFHKZ0pygr/kwvoCe7hY7FWZP/4k
+JlmpQ0fVTmh6nPRcl4KLc9Dk3CoJYLZwejlKMhjpF5SEBMuoYEqZYC8MGgV4NOZt
++KLZCxTsgXVz1HOXVbXXKZuWaf+X2ecbUPU71/aij6GZzYQ9uoJAZ8lPmW4T2Ndd
+ibtiMvwJO4R6V6CTdGvfaaQ2wrD0h5MsR6ZZXdLLKyu4KviFQtX5kOhn3K8eUFTT
+IDLmnE7mZahEiKmDDQ3p+eO9xlgUihwG9L7l2hXaSHvxEtdglqAPW52Ym4gzKzfD
+LJlA5la3tXz13c+syqO80xkhZOs9ZAJJYvvrcVG05kFWADr/Mx6qeik52uMdizVk
+a+ugMhLzdnaMQDGbH0DPaes0mV7vqkVv+3M9Zhad7S6VpqkE10SMy0zpOKuNdPu8
+ZpaEN/DyCwLGcpYRs7KnsCnI7pZV0stizEGx4SzuMiL0JTEcky550fxGVO72GLlM
+RuMHohNxAB9ie5kCJoM5QiNGaDaw8x1k0duTSGpsN+ZDFvE/0KTq46Mwumfx9cVU
+mPhkPiiJ89tQx7Ejv9wUK1J4w14DkATQyAEueZePTQ04YMF/spBGXb1YtaMqhbpF
+HDwcnwL+dXH5N8R3HBxUsVKk6fJMM9VfzmmJxw6g77quo/amRsQqQBptD8pBDms5
+LziokjnLT7Jpmc2g44HtTTwKFmFi1E/DZTRQp3nx6WcsYI4o8waHDk2KSY0A4ll0
+2OgNYwiEh5J60dsxMebTORFO/DsATVHE3kCUGvS0I2uwnADgteO8jrTCRaw6Mq08
+VucKsKddHLiC6McgdQukFiRq0w0vr1vcd+IWJwTSlHcRheDWOfaguJYoX8SMBPu9
+Et15NwYkYl03cZB3FNPXhUouRqYIwL85dNCdYlyp43hWQRg/LX+ENaSNr/hJ7+ea
+9f8jYvH1whWj34YKVYpFfbXu2yJyvw2Tz8yTBRiKWszcSXm/uXRJczIzWZFfWRp5
+Su1Qeh6CBjpj/yXd68xsqdOc/akI/ftZvrvklJxbUcJ7u35oTvcTtUE8k+aIvGBU
+HvA+cX/Jg12XuYFRIsdHaxyocuWNum35RY9IktqEkcc4xhY550kAzCvgTFawA8fj
+ODQexc0n8SEc3a57VpRnXLPRe7uKjvNeqjbymRrFhohyvB1pfqgFGKmAb7ppUk0d
+1KIART1MaKtG7/IbddaEmyZ60QaP5N6UtiOWbtZHMSGV265XOoh7YWiT15F9p5go
+voqg0d/RHqlxisDcXOyTS3c3dWsqixFEoocEgocpDVCQ8I6VB6cQ8bCicwdp2AXQ
+c1cTmuOlQHmnQbGR7wahWEauEMMa0QUFz75hEQO+qwygtrTxwetTmEzXlVVU2Ruq
+56Hu4IjlXrYpC2NAsE79hmbguTGZkdlCbVzTC/vKjKaOJ6KlWUDdfbgHFJzRkSoJ
+uC0D5I+fFy6kdBpavlCEYktrvR/PnHVRtrE32i3UevEsfc80+n5QENqutYS40d9P
+tL+xPb3QYYkiLbgfLBf2vttk52aImULXlPQWqzf288dSE+WUKaExM/qMVii0t2Ka
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9.pem
deleted file mode 100644
index ecd49f4f58..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9.pem
+++ /dev/null
@@ -1,233 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG
-A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE
-99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y
-emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID
-AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E
-FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu
-YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD
-OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY
-Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk
-m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK
-oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG
-9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb
-IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99
-pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czFGMEQGA1UEAxM9SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0UG9saWN5TWFw
-cGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAylxeQoRBPgPQvR6PrLfrhYdQPa+pAircmIyNSp/en2b65foW6Dvx/sHc
-Y9lLvbx48Dv+XPUR4a0xsGGvX0GBy4GOUv+6nqaFOdce8VYwmIFybQGDaxoqytYo
-bhhZZD8g6dfyWuWMQ5LUt5vyIL2FbCnDevgD/ivnIwBKJFEn/B0CAwEAAaNrMGkw
-HwYDVR0jBBgwFoAUfpdDpAJ93mWROzcZfSe9EqTz0KMwHQYDVR0OBBYEFN+F7ghB
-89TFNj8vas0p8wMYmcU1MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAIwDQYJKoZIhvcNAQEFBQADgYEAKODQTLmhlOsijlIfpBZNXzohZOzj
-J27r0eok4ACPAFNwUCue2GMNerlrKqHiHChov8zvh4AoQDfcZBwRFcGnRMq8QyDn
-EkxvE9P/4Ib7XERwVDPmVPgvQYvcqC7hz7B7oYO7rigckrroh2X2x/tynphxnIRS
-6Mpc00/1Fs34Cv0=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/
-EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP
-uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt
-iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G
-A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw
-AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD
-6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC
-WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMFUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEq
-MCgGA1UEAxMhaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YnN1YkNBMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDzSzQEVqFvTtWkK35YRQKG14a/Ui8zOCix
-lDhIv5FBbG4G15V4laMoRYB38uWxU4/v0K/7UsU7J2ZQZA0iJNgZdYZmM9mMF//t
-37x13Zxd4GcHDbX0FoSgZUNXxSF/AUN86GXCCjrFMhHZAFgqLuYaust5NQdTk9Li
-tSFfyfRl1QIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFLamwerAUlPfhv1mSeS0Rr5j
-MwwVMB0GA1UdDgQWBBR+l0OkAn3eZZE7Nxl9J70SpPPQozAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZI
-AWUDAgEwAgYKYIZIAWUDAgEwAzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-BQUAA4GBALHfJ6kZFXxW875Sui9xpPd2/OXVv4ltULYqS4sYa6iAKR2nNl2dwe4x
-g4crvrxXC8Dp29uqsmno4zOqNaSVjEYctbN3htkL/k/QG4Y9GgklkdqZosT2UXV7
-BI1xQXAiQVbBwcABjHTEAoW4flzUO7+GhapXp36TsEUOYA32+n5X
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25:
-        50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2:
-        09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56:
-        7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7:
-        2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e:
-        74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86:
-        f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db:
-        f7:a4
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y
-CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC
-VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee:
-        4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51:
-        0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9:
-        c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64:
-        ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb:
-        cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22:
-        d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9:
-        45:a0
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw
-v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh
-zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:7E:97:43:A4:02:7D:DE:65:91:3B:37:19:7D:27:BD:12:A4:F3:D0:A3
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        04:cc:f2:b1:f4:89:f0:41:53:c8:66:c7:4d:6f:88:a1:63:45:
-        28:ff:81:51:07:c0:ef:98:b9:b5:a7:9b:b3:77:d9:1d:ed:f1:
-        6e:80:66:f4:0d:cf:35:ab:67:18:fd:e0:10:7c:0c:06:50:44:
-        fa:4e:bd:eb:1a:69:b4:e5:80:56:a2:21:b2:8c:0c:36:6d:13:
-        ac:b4:1a:00:86:bb:90:69:00:ff:66:c4:a2:16:bf:e3:70:5f:
-        2a:dd:c1:78:cf:a8:cf:1c:d3:33:4b:b2:67:6d:16:96:23:3b:
-        08:68:e3:00:c0:71:88:38:16:17:7e:fd:fb:f7:5a:79:77:f6:
-        6c:f5
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUfpdDpAJ93mWROzcZfSe9EqTz0KMwCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEABMzysfSJ8EFTyGbHTW+IoWNFKP+BUQfA75i5taeb
-s3fZHe3xboBm9A3PNatnGP3gEHwMBlBE+k696xpptOWAVqIhsowMNm0TrLQaAIa7
-kGkA/2bEoha/43BfKt3BeM+ozxzTM0uyZ20WliM7CGjjAMBxiDgWF379+/daeXf2
-bPU=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9EE.pem
new file mode 100644
index 0000000000..9529a12af2
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 03 9C 43 5D 1B 7D 07 1F 16 A4 A8 35 4A F8 11 40 8E FF 44 71 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YnN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowdjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExRjBEBgNVBAMTPUludmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJp
+dFBvbGljeU1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDh7DaIU7QitpglwGQwVBh4gziggxUNZYv4N9CF
+ua9cMz1wtL8igEcrkH3bS7ExC4XDquZH5UQpQ/rrMvW5McM8DB8yoHcDq6PdTHts
+swQ/IhF9IxGcHYlC6xXf2IDFk/QVa6PGEa8a+M///xPK5m3ikh6LJDJhWwOjcYyh
+uOh8CR5E7qN2F48w/Rn3JkOVEfYzR+x36DUE4qYZ9prP1EE9f8zurYqPNfGRRfou
+pSANSXjvEd4WJgWeL6Hc0KnEbxTvGywdIZFopeyxyWFpi5Dhl0XoM5ViS5IqL2yG
+6yJgtrnhkwRV6vTRr0pZlHul1LPLVf92wGHGe3VdiXRBwI7jAgMBAAGjazBpMB8G
+A1UdIwQYMBaAFD5FdKKL0vFWjEYBZnhwJMYiwQOeMB0GA1UdDgQWBBQGUJPs1t5H
+/XdkaQnJb4buZH4dZjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATACMA0GCSqGSIb3DQEBCwUAA4IBAQBd4fpr0FEBAS7pX+anaaynR6VwZngp
+VoG0SZ0FUwOTvUAU80cI8G0QJCcjQ7Ho6/KmeKznOb7zXJj0j6bmdlUvOTTQCDtd
+Qh3Exa0x4Yv1s/wp3FVMFt8kc5V31ABQDj480IrFjHW5TZF7lsSE3eHpxKkl70oK
+idmdbcVUbLHRm1+S8RYAUMrQn1kJpnP61URJZgiYoFzbCYgcswaIrf0oFZwdTZ/C
+ueXiVLJdlbVkYp4u6FoC77Oo7vcIe8kw8i1byu2PaOmIjpmI4xjOBlYbwnqOeG7X
+Z3vfgaVVMZ/fygknW+LpZZakKSnAkDun7Pm5WRNDCiRRn8rVL0NIYnuK
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 03 9C 43 5D 1B 7D 07 1F 16 A4 A8 35 4A F8 11 40 8E FF 44 71 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E7BB37E587E6FC08
+
+qCYMlRWoxSwmtR9ff3GkkMZm92syFY5jMFQmaddFj3gBagBR7MCMlL8t8MUEvuFA
+VCyYG9xfgDyAGE4o0ALc4jy3ZQG1wqf1WuUeNxNmx1JHtmGGvUIIkIK21hIQVWP6
+1CgGOh1MoCOp3SEI7bBTC//3rqdelq1QvC0tCORmbFZYdNCn0YUjwmLOeaWh1VhE
+YK5O21MUkkcGOaeDEvq8TNQ8GXMCZQVYa0ooselhZpFG7puKQ3Gm4D2IIqXOXtnv
+HuUlxpCYedxF7ggNkJRLhEDYv4HQ7jyHiRompH8dYVTNEhHSw1ivI3TxVC0Rbd0R
+jspNZL3rn8yb4Lf3yembLHLozmREBoKArQPc7rY2SGeuz5lG2szibuJLTkx3qMGt
+6agb1wGVfdlnTd1AOgUL2ChoYiMR56IJFcNzbkfNI5jGuq4TaIStkgdWygnQGJzS
+N86elMc+LgnCUI1P0HZm4RzLV5MTrh4N7MK56rAU6OVCRSLPSqN7ds8V54owjHBt
+RycZLp3E/7o2m93Vp+/IcLSpuVHs3aW0hA49DbOH4UyONIKwSFpPfsfFRIgftrCy
+Tc1AD6rEuJzmbbHPeiB1sxbgSxMPL26r+DiDBwTo61FpGWAoRPEbBptjFzLyKESi
+B6I/DWpIIJLSq0uYtTpE1JzIYisK7GV2YUf2DcmWOT9kfXLlsLNGWOalk5taYuft
+T8vVPcF+ALXQElcr0Gf5WY2UnpWDZ8J2rQZvJZHYVm5SsnvmoX48aUvp1+HcC5BR
+2GLM7bMerNvLQDGBtFrbvLwhFDxBJ6b4MCQ5lLa5siw+tUqRoLJl9IbzruH1mGoe
+zilz8uYUeJ9MGy8vMkxFbG+LeQLQn6bT+3WiWjJoB3K1foloZHOHHYwjiUaguMWZ
+giMBC52RYZRfFI8TmwReTreJFFuEsTwceUaLKg1mlHq+c32MRrNb5133ir863rFu
+tKy7PNe2buXgC1Url8BBC9C3UYUy8ISVLbdUfWmjfeqBrk1uWRdGsb84ZvxMfVzw
+iBbdXCayyMX86PlVCp6NboTn/K+Tth4bQQx9wRSB+sfr/fe6eDnaIQ85LsdoXr+k
+sJ8pOoH8DtTwbiQRsTh6pnivOiN+zTJK4VGDT+7AeFBjRRi7sMF9AkuZWcNiiKj1
+bbYJAEMNVC6bioxnWb4240wCy1TBelFITStR7RtfnVFLTmV1SmFtkLDoGqe80w6c
+I+zPVrbTgoHfa6U7fFIFid5BEhf1oKoySYPV9JlFTvwvJZV7W7EmRx6ycH62r/1u
+lauM0tFYhhuwWvmGB7ha5uHne9wKPb4rJrzApG1lgQEi2IR/MYBGj1UkILAqx7sv
+3VxBP82zMKJ7otH1TiiDMPWqanj61jUFfGhKx3S0SpDNm1jklIKtO6U/1bC9T7Xy
+jXw7fVPDpH26/gBSycX199ve96uvolzAmeF1qY9PY1CF2fnJNaZRzoo6glAfNr5u
+LwCP3jKOT8YRVUfLDMKJlWU7/8OJDR5FQCIjjaIDaue5dzRQYPAmmqd69h1QcG/7
+bdJOy46SR5R0dMV2BpGkf5T5Vk7oP8I0I1Qtb6hy0Ew90HH5Dhut6kHr7Sju2kPm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16.pem
deleted file mode 100644
index cec2eaaf87..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16.pem
+++ /dev/null
@@ -1,179 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMV
-cGF0aExlbkNvbnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDDqMCqoLUxLw5wCcxhD3+5J80k2C5ESu+Co4n3V3Nu2SyzcfKET0wx5QvxYm5V
-bzsntf6IudJpfXgzxHIwJ4i5v+Ycc8NYiqmCNhsW5sFRzhjQDyTWu0fEYm+tmyBv
-FavwXAcp8ptUMElDMAv/bKSD+7MDC9uHZQOmVsY0ndcNUQIDAQABo3wwejAfBgNV
-HSMEGDAWgBQhDLUBdnbTsyqsJvyqpk/y1qFvSzAdBgNVHQ4EFgQUOK0lyEJa1w3p
-SvQY5iylU6RQ9EwwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAA9NjcDXXcF4
-FXkwZWIDYtowLXCpbshsU80nGx0/7QVNApSTnUq9pe0t8qAClcYZuaXgB/uYINl5
-qozAW6KR4wFaNUv6mnm+0ppWeiTnIn5O37IycPbAKVZRhauf3p/cTkZ6RZ3MJ5Q+
-fMTJscvSXtMhU+Q3Pp5PGRXlXhs1zFNp
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA2
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBBjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQwIHN1YkNBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAsFRY6folIcigIrpQ/iMlyqdk9EBMIL6NqCJEqkvun/36zcYeHsPv8t29
-hFHDBrhQT/Fi+9MNOXx0uiJT0cetYETo/HiiAqub27NG0Z82sxwsEiLASEWZ4ctu
-8AIom0mQl11rsK/4z4OemcI4Mxh5j6fCiI1ouogv1Vx4us4ew/UCAwEAAaN8MHow
-HwYDVR0jBBgwFoAUOK0lyEJa1w3pSvQY5iylU6RQ9EwwHQYDVR0OBBYEFAJSemtC
-TrDjzYKlY89uAwAjlIk1MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCFLUIH
-3Nuh+TAs+Kpg/tZTFK3cl2DGM1+W+wnsgn3pQhJnqIYCI/iAuPRs2bJGH1lQ0CTr
-HAQU9y0kmWpsNCzI6k9ZyuLd2w7MdXezVhjpE3iwAQCnVG1vw0MTFGzyR7wMeWp0
-Ejrp6mVdwu8LV6lngeqmNv0QNjYSutrFAsDHUg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued pathLenConstraint EE Certificate Test16
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA2
------BEGIN CERTIFICATE-----
-MIICnTCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50MCBzdWJDQTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBv
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRDBCBgNV
-BAMTO0ludmFsaWQgU2VsZi1Jc3N1ZWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2Vy
-dGlmaWNhdGUgVGVzdDE2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfnEYg
-5tV8iksMhoNkR/PLNDStGXw9l6sTCiF+m+EF+/pDeN0Y/509SepxvXOZbQ8D7CkB
-PfgmSL8hs0dxdE3Fvf/AjvTFyyjI1q5wkFXd/qWMewquuMMm2j+FWn0fmSoFnyM6
-EEYvKLhqj1QuWiJJN/250ngjuufsh51HnlR/6QIDAQABo2swaTAfBgNVHSMEGDAW
-gBQCUnprQk6w482CpWPPbgMAI5SJNTAdBgNVHQ4EFgQURA7pZi8vxURs7KKf3U9B
-ItsxSAMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAN
-BgkqhkiG9w0BAQUFAAOBgQAweIEFGj6V0Kr9Dz4wEyhUVK5bf5Frg+J8ap0YnoNT
-EmoLFqQtKPB3MVfcUkXrZAY149XFJJLI0v5VCK2mBN535do/Grxve2MMW8BbmmU4
-FQOKJruMJARneqYEHxbZUEmBvEoIoi4C/2SLxO7hOnhpiK+6UsetU35F19FPfGVp
-UQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:02:52:7A:6B:42:4E:B0:E3:CD:82:A5:63:CF:6E:03:00:23:94:89:35
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        23:10:0e:ae:60:60:7f:db:a0:d8:fe:8e:bb:0e:99:db:df:36:
-        32:a0:54:7c:1c:ea:79:12:34:f1:a5:cb:75:f7:4b:d6:5d:6e:
-        df:56:9d:c1:d9:a2:a1:ab:7e:53:ac:ab:4f:fb:61:c6:86:bb:
-        60:ec:f2:44:14:49:22:54:6e:5e:72:96:23:b0:bb:d7:8f:e8:
-        4b:c1:5e:f1:16:d7:1b:2a:68:ef:ca:25:1c:63:15:21:7b:a3:
-        80:c3:50:97:f6:41:81:b1:ec:5c:5b:77:b2:df:1c:cc:48:97:
-        61:56:01:b2:9e:6e:8e:c0:89:05:82:7c:42:1f:61:34:e8:12:
-        c6:72
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-MCBzdWJDQTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFAJSemtCTrDjzYKlY89uAwAjlIk1MAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBACMQDq5gYH/boNj+jrsOmdvfNjKgVHwc6nkSNPGly3X3S9Zdbt9W
-ncHZoqGrflOsq0/7YcaGu2Ds8kQUSSJUbl5yliOwu9eP6EvBXvEW1xsqaO/KJRxj
-FSF7o4DDUJf2QYGx7Fxbd7LfHMxIl2FWAbKebo7AiQWCfEIfYTToEsZy
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16EE.pem
new file mode 100644
index 0000000000..edf314a84d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 16 21 0C FD 5B A4 24 DF 48 9A F6 49 6E 38 F4 BF F7 79 21 9A 
+    friendlyName: Invalid Self-Issued pathLenConstraint Test16 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued pathLenConstraint EE Certificate Test16
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcGF0aExl
+bkNvbnN0cmFpbnQwIHN1YkNBMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMHQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMUQwQgYDVQQDEztJbnZhbGlkIFNlbGYtSXNzdWVkIHBhdGhMZW5Db25zdHJh
+aW50IEVFIENlcnRpZmljYXRlIFRlc3QxNjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMUAJaSBrAZoZKqqNKxkwBcU+6HyF8FbDUmVONn7QXBreqY5hP/u
+iH4t1VgIIQfYuDq4KuFG8w+j8XlwNyG1/LRipLXAGFPTthfve4YqxksDMlEtjKEv
+6/Ed2/u27iRmTN4Xclfae50TcS/lPI7LcGhA3xb8i1zRV9jhwSOze/lUrH7w7XTd
+S0l+PZXwjFlz4rQF0nglux9GWUIIfi6j98lKkSlozIJ+i9UheODwktnaLcYIJdvW
+fh7c5g023RzmkF35VetdYnalZRQuAoqxRMMMJbUP4fQdHePTSG4N4tazyjeFebnE
+bvZcaXaTpXPe4EGW4oLQQ4yg6RP5f3hQEkECAwEAAaNrMGkwHwYDVR0jBBgwFoAU
+xgkqG/u46T5oYHrHl86zWFF7dt4wHQYDVR0OBBYEFPfHm47xpBBMA/uidLHze1WU
+6Yn1MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJ
+KoZIhvcNAQELBQADggEBAEaV6lhnnBOu4mwaZuNF2UldqMeLtPZchw0uoVW0fwjL
+9BLVSV6A8kwJnxINPrpcCOY56IHjfYR8cT1cbGRABEq+FDsdNFhRLXnUWnaPprGW
+fZo/Fb1KS6EfGupVp2h3jKG8fsSD81KfRaJNc/jbEJi0vKoHIlW87/SHk1B2sN57
+wMWG1d13zwbVULq34Dr125HMU4kgvvwyBPx2pf3tf4mAeXK8WlLyu5s3aTrLACso
+ZYRkh6hcY+LNx5nUa6xwU6LmwNg6VgnHu4aHCrjcofFDcF9Ww488XisnugMVo7FR
+8QiAz8k5MWqiBbvpfHkgvWLOdpj56uvH+waD3GjD+04=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 16 21 0C FD 5B A4 24 DF 48 9A F6 49 6E 38 F4 BF F7 79 21 9A 
+    friendlyName: Invalid Self-Issued pathLenConstraint Test16 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A518FB9EF9ABBD73
+
+bCPVUoj67Xsx51BOv9b+sk6qYULYNCbXCXzMs9Db8Aos1p3jz24J8z2RuPss3WuO
+AewIRUEoQXvJ1WomHEfON62mxw7RSi3stDFNLpQ/V1JiMv0WZzUQrIynJIXxSoGC
+rMIkBHvX3kV5FnImE1AwU1YXWwtR8Hi4vpZpQzwyEk/nR5kzVPfHmbflje8yy+aR
+ZNEpxrlpceZ3KcroyAItehWl0LbLutbFeQlWIUp8rh4O/rjoBvmiOR66FpL3KvKI
+gh8tOA575bG+dMBGOBvDFBSjP16VBxtg+goxkCBqDz3j+k7/VVP+N3FcssR5Bq/V
+3uqRLUuxQI8dsn+TY6UcGrJTNd37Lizb6z9rjxTQzGlCX6cOWeZDnmfIpyETNLOG
+e1q4/OB2ru+z2Os4N8wuBVQYFhO4RcZja5MkTut+e/gi7LS1Kpb2F5EfyllL8A6u
+BPj8HcDe51devdgojvwaq/0GwYR+DtvYfhXm0TwgqorNWhp3LTjw0ZAQxL9IX2Sb
+cBIwIR6TVIoHbFsOQUzsyZSujms7nRM3Hrmfod7Cv1gNRUJiNurQDKuOYFxj4Dlr
+vhDgQ5LxTPu2QLise8tS/a2wDhyVZ727D53n+iLSGZFEiIw2FMAZbG1nXTv46KZ1
+J/oXU7OSvKyKRroGPuXIk65yQnLcmINfgQgTeB8OpKEL4Wsyx9MHsRAMGhFLpYUI
+z6wvPis5Vi1hk0KTQOYFSRe2lRJpqAdgmxPyafRoOFwwJg1wqpqvy1kK/PHUbj/i
+r9biXV8SZ/6DBKdR9bqZm8EPzLx4Gs7ZDl2uQp/tSAuTKGPoBKzGIshMmC1/RhbP
+H8kb3uUu0VSgOQgU0d4dDkhLjYpEYRTkCcX6QFmnBG3GcNC9OyZeNvSyU3IfsTgD
+2DwPRkTF6HeLGSV9sQHM/+TQsof+wEnDEFmXdgdcMmBWzmOC8ljExx9YdWiocjz+
+NlJDEovng6ks3DNLf1xtsBDOsHarPwJG+spPQ3pwoyww9PrRYXi7VCyhxjMb+JbV
+xuxSFQiy7hdPZb3KGC95obRYXU+x+pJNaZaiU3jXMvo9UjlawHVxqr7h0pTTu/uD
+IeBshxhA1Ag/V+hd38Lm06lpM5pr6fXE73s6+ax4e+it6OEjUv8RkPSOpWcoIieD
+Ooqpruqq8KmXx1jpcxmCGyrAEGvzpFcc1/Zh/mO1G8cEpEAtEUQVhYMScKqTr0cH
+0A8Jy56wpolGumTNlMTGXFCzfemfrEchinpYJtRJzfdfcynjvtn2amrr9sgBk61L
+GL5kHYbBa+juZbIIKcRrNGZTpGkJcVgDs2hRkGQ9wjTfAmmVbDL2nSDR075u/SMC
+4wWX8JrSy2zAjN3gOxbmaJ2JlwUAqXE14TF/Lz93rJbh+bAfGhvkkaSArSX9CJbW
+c2Bv8GiHwUH2ZnFauxFJo/SrJDsvKj6AQlqn7vZS9dKrnscThEWRhC/EHWR/Y/Rc
+LYYoFX2aMNsY/xdyO1Wta52VTPBpoWHNdnEVTwhumd4wOWZj5R8l4iDWzyTxEwrU
+bCbEMR8d3sXJZI6Nmz1x8GghU/VVEItNQHS0FqwqPce9shcBpWA5+7DTjwPgYl4H
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7.pem
deleted file mode 100644
index 317350f047..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7.pem
+++ /dev/null
@@ -1,178 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued requireExplicitPolicy EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjByMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRzBF
-BgNVBAMTPkludmFsaWQgU2VsZi1Jc3N1ZWQgcmVxdWlyZUV4cGxpY2l0UG9saWN5
-IEVFIENlcnRpZmljYXRlIFRlc3Q3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDXic0buOl4pV10DvAMBMgoZ3V0agmq+0F+nQLwUbtdeSIl99vQg0Mm1p7TLuBE
-ABo1EoiXuHlZCog5DA4XokYy6FpTEonY7whLXSUYYCfOzPAvG9v83mIGwoIlGyAf
-r80gVbCuYRpW2LcaqwmGiplI/k7AW4HgDPnPNoTI6wndIwIDAQABo1IwUDAfBgNV
-HSMEGDAWgBTeKdbm40+XHQOoOqbqTeRGX4+CMDAdBgNVHQ4EFgQUq/kyDfFv0NrK
-Hsyq7J+/np0Fn38wDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4GBADdS
-qEYYNaD9ukw0/coVvMDpPV7exx7R58ORlWTm0f/OMOI/dQv35ePIHaJCgInLtKgZ
-/e6UcxGi76E3j9oFzHjd3B9LIYeleJD5w0oASN+63KCbbtpVphjTo7KdsJUli+Cl
-WZJMNDS1X6486Y2zjJcQZ6F8SWW3+ij1o/JqEyfq
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBN
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNV
-BAMTGXJlcXVpcmVFeHBsaWNpdFBvbGljeTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALnxr9bA0oGlaihhiPR0d8F/y9ai99F6w8+DtAfGlFtJ4WU3GPih
-ftUTRqZelcu+u6hZgekMwVhjUHyo6sFt5SfbCzJEmjWxI1anTrGAAcH6pG7zF2Z0
-iae8kVE7C8GOgwm+F1Y1RHkw8Wz/UbZ4QGIhzA++KPDi2du40LEGD4BZAgMBAAGj
-fDB6MB8GA1UdIwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMB0GA1UdDgQWBBQT
-5ozBKw9nS0x6HQ62wCFaJJlQhDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-B6X+ALEMO8yG/lXfGuoX4XPyaZrb1A8oWFk2ZNCx9QIzI6CQ0vRfO47TF20iK5wr
-HN8y7yXpJGZcNTa5+697/kRziJ/zrNiL4b4BP6QRxYv+3Edq7FOb842JguqWw6nP
-SfsshPhMilo3C4X3PESiI67m18AlqgJcYcmemF1R6Ng=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBAzANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV
-BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTIgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAJ2xj97xq5PBOjaij1jBcMKFCjaRE1wlUR+5Zz8QkwCtipee
-6O1spOPGECu/sOzZ766YgD6B9GrGQsjXYGzHSxnOl8rcgpkeN99/57f2LYSLxKfc
-/qvcMvgHk6SZiGtpkYOvlLl1r1qUMedtPK29920CI0sp5sxygDaL6PgMvtoVAgMB
-AAGjfDB6MB8GA1UdIwQYMBaAFBPmjMErD2dLTHodDrbAIVokmVCEMB0GA1UdDgQW
-BBTeKdbm40+XHQOoOqbqTeRGX4+CMDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-gYEAH0fkK5ieWFtKe6g/7cN3kI240vvPajxZTkTPnacLXOL4nCfA7kkHnhVVIgzP
-liF4TQ60/yMlUBSBBgTV3/AaMaSO4eZlEdLkKchYp9OwrZ9dfyKdJW3wuEFyGKpZ
-6END4vk7F87/ZyFQNkhMPLD890f4ArarDhqw5eHuFoarvxo=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5MiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnrdC
-9sroeA9MJlV1ukIu8XNT9cUF70XCDwxMm5vKZZc2+XVNwgxe4aGse4bPdZ9okZ7y
-2ZMuLyDLEBZaA7GsBzG6snQRgHkmMFS6v+pC3ep9ieqtpnrP3b1f743Y1jFp9zvX
-ZDoddeI/xvYF/73KgiYdTFPLa9ARaKiwpQPMXyECAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUccI8Tjs1Yvclh5+9
-owEeOOAldMgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQIwDQYJKoZIhvcNAQEF
-BQADgYEADGhYvyIjl02LK5PZdbH9TrAFF66SGgdk+7nl93vr3XB9UnpvJqUfyG55
-ljoX+kKaRd7Z2O+GLTMmH+tqjMQ6bW+7RawMpFVzfhE3EdAr9/K31K6Q6lft8NuP
-wgqhDrrVqYMPa3YM7n+ebATJ0DJ26evfQu5HfIL7Cs/w+CpXi2E=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:71:C2:3C:4E:3B:35:62:F7:25:87:9F:BD:A3:01:1E:38:E0:25:74:C8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        95:0a:96:af:24:83:ca:92:a2:7b:e7:d9:50:bb:49:ec:22:19:
-        7b:a3:b9:3d:5f:b4:8c:5b:76:25:27:88:6a:26:24:c1:e1:cd:
-        3e:b6:ef:b4:0f:ef:85:7c:0e:95:9b:13:fa:dd:c0:bf:7c:fe:
-        e1:d9:fc:2a:7a:2f:fd:48:0d:11:58:69:6d:5a:e8:37:26:30:
-        67:83:83:90:4c:b1:9e:6b:1b:04:d0:8d:60:42:88:13:25:91:
-        ae:42:24:ea:61:ba:5d:34:6a:7c:22:6b:be:cf:2c:e0:67:36:
-        db:28:0e:5c:be:bd:7a:75:3d:ac:cf:3c:9a:44:8e:ca:30:7a:
-        e9:97
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJUKlq8kg8qSonvn2VC7SewiGXujuT1ftIxbdiUniGomJMHhzT62
-77QP74V8DpWbE/rdwL98/uHZ/Cp6L/1IDRFYaW1a6DcmMGeDg5BMsZ5rGwTQjWBC
-iBMlka5CJOphul00anwia77PLOBnNtsoDly+vXp1PazPPJpEjsoweumX
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DE:29:D6:E6:E3:4F:97:1D:03:A8:3A:A6:EA:4D:E4:46:5F:8F:82:30
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:5f:f9:84:20:e3:84:f0:ea:6b:4e:78:c8:18:98:e9:17:56:
-        9b:ed:99:2f:d5:94:89:60:a0:11:82:40:e0:7f:94:0b:36:76:
-        9e:1b:88:e2:bb:e2:41:81:cd:f7:66:e4:85:e7:ad:63:d7:e0:
-        07:7a:9b:4e:54:27:76:49:c4:8d:30:07:c6:ce:6a:e4:b7:d9:
-        f5:9d:94:02:e7:91:5a:17:bb:ef:23:8a:66:20:27:cc:34:f7:
-        3f:e0:f0:57:43:1e:72:4f:2f:ac:75:48:a6:ab:74:19:95:a1:
-        a2:38:5b:3b:6d:67:4b:69:6b:01:ca:96:b0:76:83:2a:b5:1e:
-        c3:fe
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFN4p1ubjT5cdA6g6pupN5EZfj4IwMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAIVf+YQg44Tw6mtOeMgYmOkXVpvtmS/VlIlgoBGCQOB/lAs2
-dp4biOK74kGBzfdm5IXnrWPX4Ad6m05UJ3ZJxI0wB8bOauS32fWdlALnkVoXu+8j
-imYgJ8w09z/g8FdDHnJPL6x1SKardBmVoaI4WzttZ0tpawHKlrB2gyq1HsP+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7EE.pem
new file mode 100644
index 0000000000..b33f740e03
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    friendlyName: 
+    localKeyID: 26 65 4C D2 03 03 A2 AA 2D 7A D7 81 A3 81 F7 32 DA 05 2E D3 
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued requireExplicitPolicy EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHcxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUcwRQYDVQQDEz5JbnZhbGlkIFNlbGYtSXNzdWVkIHJlcXVpcmVFeHBs
+aWNpdFBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NzCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMpH5Ypo+vnXJBia4f1mbnxhkV5cPzmsJbefrK6N19Q1
+/eCApM79FHX9P+kh0bZnbdbjXiUKwNsQc9JAG1Il66+qu9bfOvF73Au7qAvYH4Yh
+bAvpARaQZD9sIXjUfOY1t4NK6uRdNOSoykfpVqwa2GhsI2NfVgKNzJj4HwO2/k2c
+qcOUTds82VbcOHM9Z9AcXwK4TvQo6gUs0HkNNXVO7Vj3+Y4JXG5BFG0K0xoJT1tj
+M4ZKn1z29+TOkIDoYD9qM2ZGVMGhDLam2+OXM/f/d6C3eVGMBc4wLPYZxwnExrwY
+07GQUBn6dgM2DVMY7BDVqQG8frfDa4kIZ+vZzD9BoysCAwEAAaNSMFAwHwYDVR0j
+BBgwFoAUIHf+TDCN4rNRHY+w9xx/HYOYDkcwHQYDVR0OBBYEFBdp3Tg8vwRCOWFC
+TfeJoRRkfWArMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQsFAAOCAQEABr0a
+hM0sHQk9v6Z/9xK3gKE0iphqV5SrOUgtJz/DBzm2VapDSY0No7dTsSweTR8toL4f
+1ynzt3V8u3NP4Se82nphDaFD2eaUDnGWcFCj604pfhlt+rJtjF1mWgWAy6HQP2qf
+5+jhDE+S0AqqlOwlkj4wVEVlodDTUJyeU54kR2aUIXMTs/OD2PtNJ+7w0Sl9UspB
+SBuiJ964Qi+MdZRoFOpYCR3avVagU3CpURNyLm/l5rNu15sbnpFLhCsDx2jffIGP
+yikRtq3rrmY/xeGj4lX06KJkOCa6jAjlZEjlOPDXWOZtx93nowyliPZI1yjVfCYj
+zVx3huyEnj+ozMCnlA==
+-----END CERTIFICATE-----
+Bag Attributes
+    friendlyName: 
+    localKeyID: 26 65 4C D2 03 03 A2 AA 2D 7A D7 81 A3 81 F7 32 DA 05 2E D3 
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,450C5A5904CAA6E4
+
+qgynPJ6g496fN3uZ6Wnmbobkj52yLp9F8A3yI+fjFvmrIdQuqsLS2h4bbItcHhvk
+ohe6axiG+WIkOrdzfjkPq53PbTdZ1/aW2AkKFcF8D6lQJFM678lYQpQq64m7h3Rq
+bLr9ood2HzXoKVh0b4lVSICXXyEj43WPPnkRQ8w2gSX93Ts+Yf/JEEr8E2u4div1
+6dkX8ifdp7vTt9ocCPTySRE7R3AAJX3sxBjTK/XCR8AHllQIRIVzsOQrq7kKCjcS
+1SZT9v3GLdyKKfsur5bNuHBaAv/B4UvNTlfsOcX4ul/MEet2cylhvIlhoNkvGCT5
+YgyelRm8IQ1hL+KNFIOWzomaDXETJBjpycHNg/RbhBcJf5pfb5tJNU0m3xPKsq2Y
+ZcSrmddcdICbgedZXaqYTkxrgl5cpdJG0OztIgXTw8WWhAe8LgLsjQ2W3T1+mBFL
+hKRzqXUgR0PHRwTvgJYHS36UWkSU8BUb3L1076CFssmdxKZe4ptiMIFQoDZqfv+0
+pY7RCCC2AoaaBR540myOWV/FgiQu6DP/KhFcqHa/Ba1LXJ9r1qgbZ+uGpZnZ1dOY
+7dtwcoLTBR3PUlp5BIzeWW2eDZuBE2pHmFhxiJlozmvN/ClKEO91SZ+RWEEnlu6s
+kWSYNUQSXrcrjBzfXserdVqYF8DU0qceFKwaX6dCYEkYQT0BEE/3/6d8PeygGzuJ
+fFKecRVK+vO36cXvxXIDVt2GRVZ9bo23yQRp+afNGQhJfjwwWOrjCaw6QM+cld+p
+nybgnPmkzMRhvAuz0r8qyc+gbiuiYIgGkP6a0QLWPz0UfdT1LtlVGd5Lkw1+0zsW
+mvaW4y+RqIzLqkOqlZ69N3e0OyKe4lB8znpCWYsmGCh/ZiMzIzFt7fxklbwcL/nx
+4Lbecqy19V4rbxmWQET5kHgh5T24TfYjuo+63f0s7pfiHTpXW7ledqdN+kWpXrt5
+p6aWCRuQMTpKvGCJUP4a/zj8ENrtiqv1+yHcyXTq1oILUrHnyxzBR2dwAZiRuZNf
+UJQzF//0g2XHbzjU4jgSmo34FC16mTSy5s6RfOwvBi+UGlInpVSo7Zrc9GZG346m
+Xvf1y9FY5ijOWKcW/EeL5Zwuvp7BFtA/jGSTFWZNbfOrpwvLTRibyjZNpzfg3lEZ
+w5i0SZpmi0elv8fiZuHfepdapbhu2lMIZS8nozbIDcsCFSI+4L47BQuuQYt4mLnx
+i/MwIS1xc/VLY99EqVw59meXjtmbCniX7LGjYRcE2bBJxTjH4lLfLMZ9FWSciom1
+Pqb2CHlMr8wEAamuKkqck5f2NskJn0svrz8gGHsdA15vmZ30Dnvwt2GxP9dB1F0J
+NgqlUdYNkbXE/czDp1RWygNgRgjAM3Vm6cwrtaiFLULbAvVio/fSfm4WVQXkKR4u
+wg//bgbIiLJc/u33LOaUiRBtNcsGoXSBF+Wy+4k681pzAGbNi4hWUS2eY77z8w0q
+5kKmemOpt1RWirmJMEbw5jZJGPY0Y1eKnGpwAKCXOQxHCpnGAslHlS5foSo1VHEq
+Vj0Ts24KKqUGNXxvKBaCMy4ZeycuWVUK1Vw6nfoeskq6422jkHev/azgbOXxdyRP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8.pem
deleted file mode 100644
index d87c1081b1..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8.pem
+++ /dev/null
@@ -1,197 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued requireExplicitPolicy EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjByMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRzBF
-BgNVBAMTPkludmFsaWQgU2VsZi1Jc3N1ZWQgcmVxdWlyZUV4cGxpY2l0UG9saWN5
-IEVFIENlcnRpZmljYXRlIFRlc3Q4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDJsMQQW4ogbj2q9WRWxOqmrcy6BVtHesg3yJh2pcqzUxvNGZWtrZ3M/JI82WbD
-Ns4kgihlmrZZH3sZhjzcdMw/+m05p+rvy7//zB6P1qCRraiYdNJHquzG/7HSnf6f
-i6GdUBsK6YzhP7MtTwfpwVRIUepSCNPIXMVlbIqmh+7fdwIDAQABo1IwUDAfBgNV
-HSMEGDAWgBTTC/BpEgViARafFwSWNmeHq7iGMDAdBgNVHQ4EFgQUjuHoODqDJSoy
-729WEoyqq6oPRNYwDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4GBAKvn
-C5ifYeQnv76PvBmEmSAh1whhdRDKTrua+Zl86HgUZZY7/NJl3ny9FyJr0kE9DAN9
-+KRem7jju5ciq8gEwArflK87sdGcpAIq+jiPbGFnD698w7EANZIhIefy3d+lcB6k
-LWpjLAY3+ontoTQAB+/iTBtv4mXMzEh/M7kC3CSC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBN
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNV
-BAMTGXJlcXVpcmVFeHBsaWNpdFBvbGljeTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALnxr9bA0oGlaihhiPR0d8F/y9ai99F6w8+DtAfGlFtJ4WU3GPih
-ftUTRqZelcu+u6hZgekMwVhjUHyo6sFt5SfbCzJEmjWxI1anTrGAAcH6pG7zF2Z0
-iae8kVE7C8GOgwm+F1Y1RHkw8Wz/UbZ4QGIhzA++KPDi2du40LEGD4BZAgMBAAGj
-fDB6MB8GA1UdIwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMB0GA1UdDgQWBBQT
-5ozBKw9nS0x6HQ62wCFaJJlQhDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-B6X+ALEMO8yG/lXfGuoX4XPyaZrb1A8oWFk2ZNCx9QIzI6CQ0vRfO47TF20iK5wr
-HN8y7yXpJGZcNTa5+697/kRziJ/zrNiL4b4BP6QRxYv+3Edq7FOb842JguqWw6nP
-SfsshPhMilo3C4X3PESiI67m18AlqgJcYcmemF1R6Ng=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBAzANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV
-BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTIgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAJ2xj97xq5PBOjaij1jBcMKFCjaRE1wlUR+5Zz8QkwCtipee
-6O1spOPGECu/sOzZ766YgD6B9GrGQsjXYGzHSxnOl8rcgpkeN99/57f2LYSLxKfc
-/qvcMvgHk6SZiGtpkYOvlLl1r1qUMedtPK29920CI0sp5sxygDaL6PgMvtoVAgMB
-AAGjfDB6MB8GA1UdIwQYMBaAFBPmjMErD2dLTHodDrbAIVokmVCEMB0GA1UdDgQW
-BBTeKdbm40+XHQOoOqbqTeRGX4+CMDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-gYEAH0fkK5ieWFtKe6g/7cN3kI240vvPajxZTkTPnacLXOL4nCfA7kkHnhVVIgzP
-liF4TQ60/yMlUBSBBgTV3/AaMaSO4eZlEdLkKchYp9OwrZ9dfyKdJW3wuEFyGKpZ
-6END4vk7F87/ZyFQNkhMPLD890f4ArarDhqw5eHuFoarvxo=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTIgc3ViQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBANKdKlFcL/bTvKva2ieqdnoU22tpCEtz1o0HfL/Pz/O0
-4DV5ZVG6hKXh69ev5TjepWl25LTNShr/q+MzVRAEaZ2nxmlAcK9/bneomo1JEuyi
-nE2YDexqxrA8mvilh7k7KF88FBLM6x62rRoW5Pa3rImUa7BruBnOVENN9FiT+Bzr
-AgMBAAGjfDB6MB8GA1UdIwQYMBaAFN4p1ubjT5cdA6g6pupN5EZfj4IwMB0GA1Ud
-DgQWBBTTC/BpEgViARafFwSWNmeHq7iGMDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF
-BQADgYEAG301e612hE7Pdkp3cuJYqwZjTc3NpGnxXnr9uwU44o7qHInBBN0S9GDe
-L++I1sIIiGLIeCflVfEsrGNpkRdHUM2fpfAR7iI0fOfQE7bnAxzFMRyVXXnBoTu/
-N6DupbEncPs47o/raseXsxSBteu7BkiORxBEOXxGtbCktIZ+tRk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5MiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnrdC
-9sroeA9MJlV1ukIu8XNT9cUF70XCDwxMm5vKZZc2+XVNwgxe4aGse4bPdZ9okZ7y
-2ZMuLyDLEBZaA7GsBzG6snQRgHkmMFS6v+pC3ep9ieqtpnrP3b1f743Y1jFp9zvX
-ZDoddeI/xvYF/73KgiYdTFPLa9ARaKiwpQPMXyECAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUccI8Tjs1Yvclh5+9
-owEeOOAldMgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQIwDQYJKoZIhvcNAQEF
-BQADgYEADGhYvyIjl02LK5PZdbH9TrAFF66SGgdk+7nl93vr3XB9UnpvJqUfyG55
-ljoX+kKaRd7Z2O+GLTMmH+tqjMQ6bW+7RawMpFVzfhE3EdAr9/K31K6Q6lft8NuP
-wgqhDrrVqYMPa3YM7n+ebATJ0DJ26evfQu5HfIL7Cs/w+CpXi2E=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:71:C2:3C:4E:3B:35:62:F7:25:87:9F:BD:A3:01:1E:38:E0:25:74:C8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        95:0a:96:af:24:83:ca:92:a2:7b:e7:d9:50:bb:49:ec:22:19:
-        7b:a3:b9:3d:5f:b4:8c:5b:76:25:27:88:6a:26:24:c1:e1:cd:
-        3e:b6:ef:b4:0f:ef:85:7c:0e:95:9b:13:fa:dd:c0:bf:7c:fe:
-        e1:d9:fc:2a:7a:2f:fd:48:0d:11:58:69:6d:5a:e8:37:26:30:
-        67:83:83:90:4c:b1:9e:6b:1b:04:d0:8d:60:42:88:13:25:91:
-        ae:42:24:ea:61:ba:5d:34:6a:7c:22:6b:be:cf:2c:e0:67:36:
-        db:28:0e:5c:be:bd:7a:75:3d:ac:cf:3c:9a:44:8e:ca:30:7a:
-        e9:97
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJUKlq8kg8qSonvn2VC7SewiGXujuT1ftIxbdiUniGomJMHhzT62
-77QP74V8DpWbE/rdwL98/uHZ/Cp6L/1IDRFYaW1a6DcmMGeDg5BMsZ5rGwTQjWBC
-iBMlka5CJOphul00anwia77PLOBnNtsoDly+vXp1PazPPJpEjsoweumX
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DE:29:D6:E6:E3:4F:97:1D:03:A8:3A:A6:EA:4D:E4:46:5F:8F:82:30
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:5f:f9:84:20:e3:84:f0:ea:6b:4e:78:c8:18:98:e9:17:56:
-        9b:ed:99:2f:d5:94:89:60:a0:11:82:40:e0:7f:94:0b:36:76:
-        9e:1b:88:e2:bb:e2:41:81:cd:f7:66:e4:85:e7:ad:63:d7:e0:
-        07:7a:9b:4e:54:27:76:49:c4:8d:30:07:c6:ce:6a:e4:b7:d9:
-        f5:9d:94:02:e7:91:5a:17:bb:ef:23:8a:66:20:27:cc:34:f7:
-        3f:e0:f0:57:43:1e:72:4f:2f:ac:75:48:a6:ab:74:19:95:a1:
-        a2:38:5b:3b:6d:67:4b:69:6b:01:ca:96:b0:76:83:2a:b5:1e:
-        c3:fe
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFN4p1ubjT5cdA6g6pupN5EZfj4IwMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAIVf+YQg44Tw6mtOeMgYmOkXVpvtmS/VlIlgoBGCQOB/lAs2
-dp4biOK74kGBzfdm5IXnrWPX4Ad6m05UJ3ZJxI0wB8bOauS32fWdlALnkVoXu+8j
-imYgJ8w09z/g8FdDHnJPL6x1SKardBmVoaI4WzttZ0tpawHKlrB2gyq1HsP+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8EE.pem
new file mode 100644
index 0000000000..6c39f75247
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D6 2A B2 F2 66 0C 2C 58 01 B2 A2 CB E5 34 90 29 F7 A6 DB 9D 
+    friendlyName: Invalid Self-Issued requireExplicitPolicy Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued requireExplicitPolicy EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHcxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUcwRQYDVQQDEz5JbnZhbGlkIFNlbGYtSXNzdWVkIHJlcXVpcmVFeHBs
+aWNpdFBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMy56QuuWL4z4T/hWo/3VB/kVEeDeGVv1rUBciSdtpBc
+G+dYzJ0Y4IhU5rTLKjCPgL9NWXJAlZ1xCHG1NKDtNXKhXFtWUBvjGg8cVn0K3g8Y
+FMOR9rxiDaXyzTQSBSMhUXfyc+T93eyt5OdlKSh5dljxtLI4L3UZunZ31hqCOxTd
+N41T7S7XBKlmFnh+ICv44ApWOxndOjY6X72Yfgn1JOaz52YyDDRK/fLzSevInhee
+IJVfWEqj3nSZ4SK1AFGID8JK5yxhtO/aa0M92TYNCBZDJb+Ow1aA1sS1gAt94kwV
+4l+VBqmLyJehvfNfH3zYDGLDN0AQ1Pt6bsuEu05JrKECAwEAAaNSMFAwHwYDVR0j
+BBgwFoAUSQpnYVZHjdJZl68iZjBRd1Cq3KIwHQYDVR0OBBYEFMgulWC04OIHYKL5
+NsodeizMbr+rMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQsFAAOCAQEAPXjo
+buDiYyD2GJrx/C5uDJWDWnvG8RQpPaPjexNQqyOXqopA8g/64QkBZHnzfDtsxmIo
+182199sp8LhA0IK1kOktpKdDwpVdwavDHmVwEdEBSaz9JL7kRUHZ7ui+Z9Ka/gi+
+/RyBOqMfVrugxdru0CthfGAtap7OpADZcbactgL6/F+jMgHhGQDkSY8fe3Dg+JvR
+BLW42PItCICC1LvD45w7oVHVgnQlgYfJhxf6ZKKqy5oHeOtpX6FMqs7TZ1+6V+qV
+9wGpYNk812vN8AykTv8MO6iTOoafhfTSDB8vuxSBA6ilQ8BXOzgf7iBGUedKAiDo
+Xf9GhVMsdvLU83Eogg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D6 2A B2 F2 66 0C 2C 58 01 B2 A2 CB E5 34 90 29 F7 A6 DB 9D 
+    friendlyName: Invalid Self-Issued requireExplicitPolicy Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2FE0DD66672C2306
+
+8Gn+x7A90lItKcrrp3OBpBvu1rQQRDWKvaHtLjjiX1WE1Wibym1iJfY0dq9ARYYf
+R/97+Bdrw3pufmLgOiFOKUpKFnDBWb4mgXOrkB1QK9s7E8v4PQFF2Sjhr408B4zp
+2obPk5j+snftrBhtNFsqnxcXdpmYXmO1RYys6LztVyg604OPpyQXTk5Gj49ZZjJt
++rS7r0Ecuy8SOXrR6rhPGLqS/fKd8b/36hI5x1nXKDkX02EwMksffpdufg2P6UGk
+7yXYriDXo2LDD4e8V4QwqbO2G5DYxIqqVoNgwnMyXMSsUPRLfESBKgKw730lCCps
+GOwD4Ae1B8Inr0Hsf9/bsQ3Ll9tgFHle4K0y3Kx6MRia1r+SZ4c6mjbjWXzMw7MJ
+s+66X6OqrrBs1NX7TfWD29NsYDOAv6fyheQo4FKYXMRSx43kr2N+fBZWsU2VKJ1C
+FvAO4W0zd9WsbZYKVaMZq7pT6I/+ZepE9tvMXeOTUm+3wTPcfIjcEq3JD9paOSYh
+92+JRCcW/KKGd+WPeUJR5HEoxnLi3uQHhBriG84xWEYSm/NMJFENFLPS144/K8D0
+PERXi5jqoB+TLS9NHcZgGmmW4tVUi5SqGURXArHdyN97wkh+wuisa8yDYPO1A5lH
+DghmYj8u1BpX9VCWgJGPN+IQJYea2gnoYIPXxy4p6xB6v+k4WytVzlkCVocWf/7a
+1ZgdbeOF9JKEYDmzV8gJLYDF05TONI9tN1czfcUReRHINp2WvMdoyup7n8JPbckg
+OcVnrUc7GyQNQMkCHDT81UTTgLOZJBfN20JCFqZRGAAtFavkE7uy+lP4UCLYrAsr
+pvw6MTdvJKbO/4vZey82M9mjwplCJrGNvwjhZLx/xcjPrOqjOUCTgEfuQphfv4yG
+s0zFzfq4wA9n9ecApPfkGl417/S+YST7sWSV+MsOxm92bQCk5rHyI7zENvTgfuvr
+L0+9Ld8mTUgS09Rl1IBxuA9KLJSK6dDjguxBS9uRoeGCm5IlDFZlqZ6hxR8K9gpn
+Io4ZbhBXbErk5DHpo4f6TgMPJtUmsvHq+V3mlybyFb6eLZyf/xMV31fOK7+bwa9V
+4F4ynGHiLxjy1hsHKwNqJvnFCx2Pq4Ps6fu8TEQ8zZ4QPgoeUdA45gp9e8pd7GUK
+Q/ikA8gq9JOpLb4ha1F73fDDu/eKQcaAOj/ddA3hJERfjMLUjn4PgeT5cfi+eNr9
+EIe0Gtg+7sS8bMmLZTN/TzpI2MYpEarIyAo4K3cLLZv2bsq70USTe+m1YSuqSQqu
+FaJW2NQTivug2pksUEkbXwAs3UoX3c2re4m9dLwtKmjoezaq0qYBydOQ0MlSlD33
+ssAd9Hi9ghURMGE6KqXZfGmXh6GWe7sT1eSsvCnwMkZOxMyZDunv+QsJSTUWoNWt
+NHqe9bA2DVTnxrLK2HwL2+4PX0Y1CkanADx//+seTPbeYVmkdGhHXMg4ZjXgsNie
+POVSEqQ0MkSYMjQtqMNJPnckMqCw1RWdZ2OQ7qIL6tSR9TV+sFqGSINGwGR5oLRR
+8Y5iwuytQ1NpwQ7GJu0cr4t1MOZ9GcnmK7Nu727vsyaXVCtaM8qqEPtrfZ49YCGH
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20.pem
deleted file mode 100644
index 8850f5ee64..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20.pem
+++ /dev/null
@@ -1,134 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBZjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAzpVbQYnufknoy1tKbCSY840pKcfP2S+jFm6OFC9hzkLFn9uiYzCV
-rCjczQI8lFfM/4p9rUApMIgp4IUAxCOEcgJuKPKmiuoTwPD9XxbmZ/uv+iaLXqF+
-QVcbDGouj0z6RMNz3KGtf0pbgg+/+/wIK4c0XOIM9wTSK0aJVqweAnECAwEAAaNr
-MGkwHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIr9
-Qil7WXhSSvdIHHG3xHGKplfbMA4GA1UdDwEB/wQEAwIBAjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAo0h6slmGQJsCsth+yeyOMK3j
-2CqJ9gEajx3fWs7x2JJ8LM4zfbFFYctGPKpXdGRBTO8Dj9lQJCr7i1IMMHTitTa/
-xpjn8E0SQgzvkB/0BnSt7DiwV0LXCdtBlLxOS2Fw9NdvbE7jsuBK2W4KDOPElhHJ
-TKQ0T3TjKv8gwxTq8mw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBZTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAtI4Yuumg8WznOojgeWHVZxG23imfdB9ntiQccDxAnvywEfQv6Vlq
-HNVQ5vsVQfvfUZCad2Nbf42DHRtpmVhlxIhKBjoNu/m6xdvz/A6/kvDvrEg+7M7N
-A2ZRVI0T3Z/mMaPuLHuCzKwU20TF6NonxgZXIbATrppAqRUfSY+UQCsCAwEAAaN8
-MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJtc
-UbwiJzEiQJQJJf/Pg3mto4EZMA4GA1UdDwEB/wQEAwICBDAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBs
-BZsxRaZk1qx3balE6qmVZd7jG6C9Gg/n+I5QfXR75ZIus+0Y6GAviBzywvJ8CDZ3
-kIOOrYolpnycedLS17Jnv4D/IDP6OwvmT6/0XvforKDQlmAk6ioJBRAwHRDYHBZg
-lj8FXyMNUS313Un0l2FXJBhfJNBqb1ZqYwWcmJ2t+w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Separate Certificate and CRL Keys EE Certificate Test20
-issuer=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
------BEGIN CERTIFICATE-----
-MIICrTCCAhagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENl
-cnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw
-NDE5MTQ1NzIwWjBzMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp
-Y2F0ZXMxSDBGBgNVBAMTP0ludmFsaWQgU2VwYXJhdGUgQ2VydGlmaWNhdGUgYW5k
-IENSTCBLZXlzIEVFIENlcnRpZmljYXRlIFRlc3QyMDCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEA19qbNR+soft39JVcTiKn2OTKmaGswAGUpi1lZGYOE4O7xiq9
-FIlSEq2xDeNXvcOEx0GFhZxKefbPzGp8mxtaGpfnV17G1SS/dCxeGZL4D8FUGlzg
-Q0GmhbMZvgroxNvGQD6X/+kdpA34fc6mtgHcR94KE+O5sYTKO4MhqLczr7cCAwEA
-AaNrMGkwHwYDVR0jBBgwFoAUm1xRvCInMSJAlAkl/8+Dea2jgRkwHQYDVR0OBBYE
-FDep7bd0aDt8e8YpJLYhvRpdGYqPMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
-MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAAMSu/B2VpmHV3q3fxUJ3
-7MbeT000oqwthzAG8xJUMten8hTYui0iB5EdxQXBnai07+ZHPBKZVSu6kya/W/zU
-PbSkjS5Agq5eVUDUjCnuVkjOwQsZGA4V86i3oLxyrYeUgmxUSl2/O2tbonLm2u7o
-jkncAUpUj+Sk1N2wFIiBenI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8A:FD:42:29:7B:59:78:52:4A:F7:48:1C:71:B7:C4:71:8A:A6:57:DB
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:7f:8e:79:fc:1e:57:0e:34:9e:bc:05:3c:28:df:90:bb:1f:
-        c7:f4:6a:a1:95:51:f1:d2:b4:1f:3a:64:41:35:b6:42:62:b7:
-        e7:14:1c:bf:0b:ed:6b:ca:f6:4c:c9:a7:48:ab:42:9e:04:9e:
-        0a:b5:f1:86:99:0f:b1:7e:6e:dd:d6:a6:b3:b1:3f:fc:79:6a:
-        bf:f0:39:3f:03:ac:69:15:b5:2f:5a:17:12:64:8b:e9:46:9f:
-        82:09:f2:09:91:90:b4:fd:56:a1:ab:04:79:a0:17:33:26:c6:
-        49:6a:96:d9:42:8b:44:a5:ed:ad:69:82:63:78:8e:e7:96:1d:
-        17:2d
------BEGIN X509 CRL-----
-MIIBdjCB4AIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENlcnRpZmlj
-YXRlIGFuZCBDUkwgS2V5cyBDQTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowIjAgAgECFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1Ud
-IwQYMBaAFIr9Qil7WXhSSvdIHHG3xHGKplfbMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAAV/jnn8HlcONJ68BTwo35C7H8f0aqGVUfHStB86ZEE1tkJit+cU
-HL8L7WvK9kzJp0irQp4Engq18YaZD7F+bt3WprOxP/x5ar/wOT8DrGkVtS9aFxJk
-i+lGn4IJ8gmRkLT9VqGrBHmgFzMmxklqltlCi0Sl7a1pgmN4jueWHRct
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20EE.pem
new file mode 100644
index 0000000000..99c9ac1734
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D7 96 E0 4A FD 8C 92 2F 28 EB F9 C9 A3 99 B0 57 7B 21 8E ED 
+    friendlyName: Invalid Separate Certificate and CRL Keys Test20 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Separate Certificate and CRL Keys EE Certificate Test20
+issuer=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA1
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlU2VwYXJh
+dGUgQ2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTAeFw0xMDAxMDEwODMwMDBa
+Fw0zMDEyMzEwODMwMDBaMHgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENl
+cnRpZmljYXRlcyAyMDExMUgwRgYDVQQDEz9JbnZhbGlkIFNlcGFyYXRlIENlcnRp
+ZmljYXRlIGFuZCBDUkwgS2V5cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjAwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy9hAZ7ztyJhNh2rSY+hM5b60feX34
+EeKvDgFGMYroiDVjUnlDnvdS0bIDNbw2FPl1ArAutE8uxS6uu682pT15YJXGXUDV
+rgW+/IKHUDXOvoXL+CsaykJQv2Ev5L//GKsL1m9XsClk++WHcZoB+9CmV9rvWQkV
+OzOY2H+Ql8uCtaFb2bPEB5+p2z+wcRYG+flPR7g5VlzTjOeim6mH3g+KpPTl9CMR
+1QLFhkrJiSIKJCo/v1vSOHG7ZwVgwgwsS8+MJcA1syIhPktec8misa/3X22w7KeI
+/teFMGIfXfPQNhYRsz9KU8l48H+zLmBJr/8eJQcl0sYOZ6GHQDrYpBpDAgMBAAGj
+azBpMB8GA1UdIwQYMBaAFPBl2j8aF1re1bZImTsXFBDXTBSkMB0GA1UdDgQWBBQm
+qTfRPNZ64UsoODQnQmbEedR80jAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
+BgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBmHeWnPEFJr+PH5Qpxg/Kw
+jlLc1+sL/wVjqMyYsL2xZxalijHZaYrW48cT6fuLkOMLEZaJaXRu0rj+mTY6rhmu
+ZOpBA+rBaHFlC41h+z2sWmutmSbZPQuhqTzH3/5+8NKVgnpTdV0WElzqfC+vOjZ9
+3Etny1E5GpdwwOUZEcKW6xqhUCysVY9zJzWhMPCvs9GJaQbjAG2X8Sz0o5boSVux
+PX8oftrzRx4uAbAPDX/UCWpcOmLaBYqVxZEjyz3cqO3IPgwMifSggtlKFxsRVS37
+mu2+InNHi6pWLxFTgNRkK0tdEjpORbacDZwkWUWE89WtJ84WEgLuCZEO3kCepZuy
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D7 96 E0 4A FD 8C 92 2F 28 EB F9 C9 A3 99 B0 57 7B 21 8E ED 
+    friendlyName: Invalid Separate Certificate and CRL Keys Test20 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0EA55018A4C99C6A
+
+CQpOARkAEerLL+qYOQp9l2E9YcuNSOSPXcGnP0qV3KzZhC3LIHnVwVZu2htiwhZ4
+Qn8yddIzJKLm87TEmsMOV0Hp2Oz5XFbaNTbai92/EdNgu1MVp78SEqkr5STHyvmc
+yLREBia+D43509LGNRKAk610qUNf+RJ/mIGfiweEQITd435G2C5G4uKRUj6Zo6mB
+E0WYA36b27/RWPsjikQHKw8BkgMgc8Tc22vOfESUzx6Q8QAQ905QFAnOv5zrAsd2
+CjVL0XudrZXn+wDg9V1x9mvPdV8YEtA3j03L+ajSmYvafKqw6o0YW6hlxtwIZKnn
+MNn6CXVQ9J6fih9r+GAs0ouwk4l2y7Dxj3iL/WlEJE91y5YUpuwEPqihNVx2jJht
+5O30u+HXVypznzMirPLjuX7ORJF30r4rIzVu1KORYuvK5JY7741o2qCsDOCOJVQ3
+JB4v3aRxJoghUdzUwHtLWRMD+AAZ48bOr8pMcx2y1wCGBqQEyTt9ASUBR/lixfeH
+slm5KK02kB15V2RYiPpCeJ6wpHYueX6Tbwy0lxT9PTPOxE+NE5u5plfllU8tL8t1
+7ZB+olVdEVkmoZ+xGTySkRa3QC80gx9IzqcAprHlnfdWq2i9k4THDfDMxickEYxA
++ufhOI2iXe3apBs7Wa9caNuNwIfdziZ2/bc+hbJlJdPOsxGdk10ASAofk+7TkY41
+ntCNTPaa82AM8hTymWpK8yU5oKGzEV/4c2A9pLEEX36vi+D7/mJhs2gijNKA63UN
+aZfBfta43AKCoEpsgf5ijBtK9x+9lyjIQNYpG0o3s1b42K6g4q/DmjUHSJzFqBro
+7QGMbFtrdLfxehbhOLJa3U2+eCT2/nXx1xErzQIyUq7X+vxgcPEVJT1uEzg/9NoJ
+4v0w78L8izWg5nGEAVeQ4p9UHBSA6NQs2xrsfilUMWkbRLmRdYLFCzFjBhhJ4rcN
+ty+ZWj5xbcK7p2ix8rRDDpV8AHJ39+g+vHvTeZTxtjKw5yltcaF21IJPzrV85Q0O
+UTIRBiPIy8pI0j+JglRdS9WkIl4MSryC6lWLyk3bI1mbYwOuSxnP5F/j+L1F/mXu
+8GLaEIjqGvM9Jgm2wQ7hMdEdevy+FIF85cHUfUgKM9nIEWseV1lrIa7pgb3PwpUj
+cYaqzfu7ml3r5oVIXRQMsnQx+S8PC7agYmmTTDelgz14qhmjFIQTiktnCSCflBfE
+trcxcTfWSb7pRQzpkWOXGPQBvAiKtZnzWwbJkJ0uKfz3C98N6WjOi2RgvYvfGc3D
+2Dc+8yX++Q3V9TAI3o0wMDnvIgFBK8e9vmg/DYtBGWQ1+8VWM1ExTIzFRNTjvyxz
+fE8b8c+wO0rivUrRT+L3f9b0jxsj710DPZAfTI8bESvlSBujeX4GHyVEpqyz/Tf7
+J+H6G8mQqsj9lGrhKjf6E/RF+aPgqAh6GLRAdv703ySNLec71LMrWI8D6dmfNiB5
+J9wlJwVNr84SFdr6LtfliVUWvQK5QaGm0trFgidDvSxmGRLUw65VHfXtZwsrbUPi
+KFZBezCmGvPODOvRoA+8U5wbsSnErBceW32bSoPEcyNB3pNsLlNu6Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21.pem
deleted file mode 100644
index 10fae293df..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21.pem
+++ /dev/null
@@ -1,129 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBaDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMjCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAkE8ewG6H/K9jn0Mr7uh5z08m2Q6L7j8F5TVV2RmRs5Pg7bhbYp84
-NplFussZhcF8atUil4VjtO7lRP7tJU1+whPYfXiGfJD4zPT/Xm6lmDdSFc8R2y0q
-tzJgoGWHlJgV//Pqd+n+UOLGZ5zGu6RW032gStSaTqwSKJZb4teHKEECAwEAAaNr
-MGkwHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFFX8
-0tqrZMOyYTeQKZ7TKM9hKhqnMA4GA1UdDwEB/wQEAwIBAjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAQED5V5G6uHHjObLE3i2wzZcA
-u6p/+2z2HqalTsdJp8Nrbi6HIYSknqTJISfZtamnd7a5yoevYv6NCt2pE35uXibI
-4RppXx1RfRHygFa/owUulclmTIfUnF2OqAvKJ2kIHyaEaS4xOZsH2czU9tHC63Nf
-ps1BS8MMZbABdGW8398=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBZzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMjCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEA3KYLjNA57lhgkT+vLnGuU5pyEDLnM+ziS9ieLUKICACgJVoWIffi
-mlCwAibbpcCvUUXOXuJafNB0BrgRf40KooyTOQJUckIm4UsMNuth0c0rkM0uT8sO
-dzfZ2OmD4or6Og4QQlHHFnSJJ/Z8sELlzOot8jb1LmpNW+j9DamSUq8CAwEAAaN8
-MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFLgZ
-mHzJeDS0JL5/mP3lo87ejVq+MA4GA1UdDwEB/wQEAwICBDAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCt
-w82gQMooCa5xgbsT0eM6FUdx767nks7Ty/HLHe0EJ6NwKxIV1JQ7QO1A9+B/i3oX
-I4bStXzp7xb6I0F+9vkpjDf/rOLN384olQ5WMvck2yiud7606uYPGPKNY5pK2KbP
-Au452W+m5r1g5hzg7Cp/VolIepWLazfVISLk/D3EuA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Separate Certificate and CRL Keys EE Certificate Test21
-issuer=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA2
------BEGIN CERTIFICATE-----
-MIICrTCCAhagAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENl
-cnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw
-NDE5MTQ1NzIwWjBzMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp
-Y2F0ZXMxSDBGBgNVBAMTP0ludmFsaWQgU2VwYXJhdGUgQ2VydGlmaWNhdGUgYW5k
-IENSTCBLZXlzIEVFIENlcnRpZmljYXRlIFRlc3QyMTCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAz5LVC14LIVOAWSDaOhj3dMdR3uhZoXO8IIu2MptactPNTm0y
-vKDMchcc9c33HActpSJH6vGOrl1DWTMfFv7g+lAfhxAyD7/Pe+MY82bUCee/2y3M
-5hlk9MlVlFKCuZ3w3GST1bOxnwIunLQ3OuZw90o88OWQ56udtd1pDlFSs3sCAwEA
-AaNrMGkwHwYDVR0jBBgwFoAUuBmYfMl4NLQkvn+Y/eWjzt6NWr4wHQYDVR0OBBYE
-FIRTaV2lGD+eaFK3LoplVXGjlEG0MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
-MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAX8GUnKuy9YrVyKYhWiNY
-XXNHf78GfFyK+477KeBSUdNQlX3swh3jQZAMgEY0hy/SrunP4TcO/G9Wba1y+O3T
-dO7bBLaMNHNcbnfJZL7py11wtl0BryXFbQWeWQulRw/8AohgtrAzhz4C6KCNZBKl
-x5j9BiH1ClsZAQMLLFjZYEk=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:55:FC:D2:DA:AB:64:C3:B2:61:37:90:29:9E:D3:28:CF:61:2A:1A:A7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        73:25:e2:82:ca:46:5a:88:06:0d:a4:bb:97:86:32:d8:a0:c7:
-        8e:04:6d:f3:43:05:d5:a5:e3:87:f6:6f:19:5a:56:49:87:15:
-        c1:f8:26:67:e2:ec:28:c3:e1:3f:ab:aa:ed:3f:40:9a:0d:e0:
-        16:22:47:ba:3a:c2:b4:ff:ea:5d:80:82:df:68:0d:ad:b0:11:
-        bd:15:3c:1d:1c:56:87:81:2e:d4:e8:cf:53:ac:c0:41:fa:5d:
-        22:53:3c:f5:6e:25:e4:8f:43:59:c8:17:22:4f:13:da:38:55:
-        dd:92:d3:b0:23:27:8e:c5:85:35:1e:28:e2:a7:6b:79:f9:25:
-        43:ee
------BEGIN X509 CRL-----
-MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENlcnRpZmlj
-YXRlIGFuZCBDUkwgS2V5cyBDQTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqgLzAtMB8GA1UdIwQYMBaAFFX80tqrZMOyYTeQKZ7TKM9hKhqnMAoGA1UdFAQD
-AgEBMA0GCSqGSIb3DQEBBQUAA4GBAHMl4oLKRlqIBg2ku5eGMtigx44EbfNDBdWl
-44f2bxlaVkmHFcH4Jmfi7CjD4T+rqu0/QJoN4BYiR7o6wrT/6l2Agt9oDa2wEb0V
-PB0cVoeBLtToz1OswEH6XSJTPPVuJeSPQ1nIFyJPE9o4Vd2S07AjJ47FhTUeKOKn
-a3n5JUPu
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21EE.pem
new file mode 100644
index 0000000000..7979fc7e21
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F4 5E 46 CB DF 93 A7 E4 A7 49 A0 16 D6 07 DD 5F 5B 7A F2 38 
+    friendlyName: Invalid Separate Certificate and CRL Keys Test21 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Separate Certificate and CRL Keys EE Certificate Test21
+issuer=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA2
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlU2VwYXJh
+dGUgQ2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMjAeFw0xMDAxMDEwODMwMDBa
+Fw0zMDEyMzEwODMwMDBaMHgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENl
+cnRpZmljYXRlcyAyMDExMUgwRgYDVQQDEz9JbnZhbGlkIFNlcGFyYXRlIENlcnRp
+ZmljYXRlIGFuZCBDUkwgS2V5cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjEwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4eso2FdVu4KMbGh5ZSUiUNKvacwKd
+xo+zNg9SrAdzpn+b6f1MroSAsBHEt6nKNF2CxLET40hRCUzV/YWVIfSLhnA4J685
+PcSwahhEUdO0b0yHpre8eH4jzvccREjJYfY0GlMc4w0IwQ4GHFlazUZ0lSWyC8vQ
+OgldRnRIRwODBtaQeTe3Q18A14M1bvrhnyUcj55QzqOrHLLrN+e86TV5bIs0Ju1n
+9OmT9CiA4sQt4clJUWpKSfE92tMRN7MTQiSYQA6s25+TgAOJUVsrwHsqXKmLYN8n
+r5wJyCaZP+0m6t4OmYLIY1VL3Jecg9sgQMoyX+Rn/in5y8mrYDo0FhOnAgMBAAGj
+azBpMB8GA1UdIwQYMBaAFDijFoE4jhhORX8H9hGi4kBnm3TgMB0GA1UdDgQWBBQY
+XHzOUCQFF6+ld+krVQWdvRm5fTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
+BgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBTLc/iHmqWng5utaXE8hhP
+V3alhBweT+f8to1OhLB/2uwsFS2IUWtcalvNsfJQ6uxRzuC4Yomalxj/fHBUr5pT
+SnPlz+ToE+7Ic6rJ1UJrweZ+6t43+wgvpUVPj5kaCngZZ6qzHLd+kiaVHc2GQF9C
+/OZoBcY0AUvRDlvICdxlR0CLJXIvJG5mr0ypqS/zm0U70HDVgRkt2YX/uUbP2l2r
+ZUF2rnpVVjB3lyD3bweR6pJ3nKCdjf+LMKtDyWYow2o68NlQUArJdVqRdWCBsPJn
+923k+3wXHxmlYphFLXKrpzfvsnawWQZih/g/Vo1NQrbNeYEQu0x/WDoV1f6H1eba
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F4 5E 46 CB DF 93 A7 E4 A7 49 A0 16 D6 07 DD 5F 5B 7A F2 38 
+    friendlyName: Invalid Separate Certificate and CRL Keys Test21 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0201561735544790
+
+j71gmSgbPl7vHaG1iNScu8Fu8xpELkYq1CswaVOepZlXZk7seVupIl3gLzPBNLa0
+3YRX75NT6IZNKvzoKFcV0kwCpgZ0KFTahZbBpkzhdVnjE8C6Te9HB8OvtZlhP9z1
+6hHNcyCtoqB99PFLklIoTm52QXNN1hUIEfNIWFL/lZ00df3u/7Iq4gBhezIdSeQR
+JzPyTt8ymxMcFS+cdb/FvyIlgWoKDJ2KVl/+0KI38FMTGXIN0gdoJayRMfR/kx9i
+y9BmbWWvlXTr+bwOuCtw7Vr/RNynCa7YsJB10FnBDvvONFu/vzRNhAwsC4efuTVd
+ash4mKMKSNgALDS8y/vMpC1j7+cN7xNhxCAyI/RLVVc943NnxMK75G8q+C4rWCaH
+39/8aDAOLhUib7VMGgtPAvKWJXoTLqG0LRZIbmWYeeiEciqdgg0nEYVQ+0ycCakX
+zFwLfrLTYI1oMDVRJ24M5gLjO38kThlmzsxPyXLMAE01TENweoV/XkQ20NSnzP2x
+Tr8Sw6I2/o6PBZ0denVl1RER8VfeZd4K/PPXfQuC3bXOkHl1DCJxyuzrlhXI9e9U
+VADhdE4fACaq5PBLQNnDKNZEfO8L6AgCO0CixnoY+/fI/xQz5XDr6N+UFvwUNnW8
+fvwFyXKDLGIRRlO0xRtXHuqGiVbyDW5chziPqAuoODroA4+cA6DGk/pdTW8oicOB
+MYTtJL7v0yBwU3xDdflRXneJxPhAlbTYfrA9q4iM8BPoD7HSHuBd6jxMizUHN+7z
+GP+UpTvK/ulKF1gc55M9G9MpxLlMW7AIwe0oiZhv6oZLG7JeymuPoKtbzooIRqtL
+uXAEynKHPkNs00IwQ4S95uwjkv5gKKo8gNuG3X0lclle+9ZED6MCPxBN2+3xjBsi
+Jw3hQAG1W/D0sPlVS95gDQO8RntpMlV5CeRKBEgE+Psrsz5rbDtV2nd0o6ywCHGX
+gxS1qMLdXgsXVEzVhi1o01DSpuFPMZnV/Yx7mzG5wCB6Hwxqp/dOKQ7bOZy9MCtg
+6vjmoV+ftEbovwX6HxcTtvnxEfpDmTvhuvX/nnI4guFIthL+EACQnIgwYnUMhiMx
+CXCX56FdxqldA/Q+o8+XpnpoDl+v+d50kCOZKCPBGlWh5YUZD40OyFKQH8mmPKu5
+1TgwgzK2TC+qV1zZEA54fNsA0l8APfhjt9/3KGxxsReuHw/uMJkbY/NM/+pmCYAr
+uxzW7pxKT8EdqH5FsVj59OJegfK5adzS++VO5MffS/xA6pGsK3Jot5UOpW/FodTr
+xJMCuxTUi1TSXTRP06VmbGpQKy5kVHkNPeZyGP8KzV8EAwdZUIZPAuhgmiPaXFCO
+WFfjKcrYgi0p+2P3wsa83aSHsH8wUchQLGIADJMGkwA388lufE5OL2CEz9HJ2xpC
+nV8F0E4q3g/m8R+aRIVXWsnf1SD0FX8SA3NRWOggIdaHmd65V03c46a5dQtGASt+
+cwIrx44UWggJyZ6iwmmPo+eKK2Sc/fVbm3r0TVcDCta3flUda+uN+ZUEishDzok5
+W5Q3yy/nlsHJkLUo0JSWRq5fSRMAq22XyvVoMmX9EXFUyfVsTgO4gw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35.pem
deleted file mode 100644
index 8cda2ecdb0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints URI1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqDCCAhGgAwIBAgIBSDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIFVSSTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKxL9gyE
-2WbKCoEEU+RviucDsSOeDHQfoVxci7AD0RhpGDZkMaDQhM+DUHywwIo9zUpLVeGi
-xQNu1+1bQ4SzVBT6k7vcf8ZxPOUI+8WQzMNO5H2/PGz3XGpfIw/RJrRH79ICwZlC
-6QzvSbLJhOtJTQS9kFTECA4AeBzHEN3f0igTAgMBAAGjgaYwgaMwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFKwdFrpLHgtf4rxhruHZ
-ZFp5vkXWMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zAnBgNVHR4BAf8EHTAboBkwF4YVLnRlc3RjZXJ0aWZp
-Y2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAHbVqbpvjgN0GV8abRGms01xVNHT
-PtqMarG3/zQImm9xDzqUqv81kX/8DOy9I/lo3Mvp83M9B74mEEiTTnxkYEpaSouE
-fE3/VAW8dTJb35NeZcOCNWDQv3eA7bufOVO+4KjEHERlxBfEYlPEkJGSLD98SF62
-OYmmR3Cda8cKBk6p
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid URI nameConstraints EE Certificate Test35
-issuer=/C=US/O=Test Certificates/CN=nameConstraints URI1 CA
------BEGIN CERTIFICATE-----
-MIICyDCCAjGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBVUkkxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIFVSSSBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDM1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq7pFXOed1oA+6DHAsdURi
-YtGnBPvAO55F3hR42UcP8vCvKmdtq0HpJsn34xYHoFPjGctei8AiFVXnj1jrbb8w
-LyDLTRVPFPFHmy3Q956KRU0DteJ8ptI4FRQRT7KeqKADvth4tP91aH2DyFy4MTr4
-wvUfV1mnYKgY7gpfBGlOPQIDAQABo4GhMIGeMB8GA1UdIwQYMBaAFKwdFrpLHgtf
-4rxhruHZZFp5vkXWMB0GA1UdDgQWBBRJujI3sGa+0thW8SoF9JqAlJH04zAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDMGA1UdEQQsMCqG
-KGh0dHA6Ly90ZXN0Y2VydGlmaWNhdGVzLmdvdi9pbnZhbGlkLmh0bWwwDQYJKoZI
-hvcNAQEFBQADgYEAMZko+lW6d/NUyq1yPydllz9hzKbH8duOaaM8azG14FqmvYnz
-EylKSfh2WuqTwkvpusjhdtr/33S7AFU74OJ9dJy1IgqvLWhD/qCm4fbEq44Ejhr5
-sChHIwMIvecNIEOi6e2R7Ue9ivA2gtFEQCfse4ZVPf/f3MLErRsp1dtITxI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints URI1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AC:1D:16:BA:4B:1E:0B:5F:E2:BC:61:AE:E1:D9:64:5A:79:BE:45:D6
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        48:8d:62:fe:d7:4c:f3:06:9a:78:4d:e0:96:d6:4b:12:b3:93:
-        23:96:6d:00:b6:6b:7f:35:25:e3:94:20:1b:fe:c8:cb:3d:5c:
-        7b:e8:f3:cf:c3:db:96:d3:62:4e:b7:5b:93:05:11:c3:7f:41:
-        94:e8:75:d2:8a:67:bf:f3:b0:81:25:22:99:a3:4c:02:9f:1c:
-        87:1d:b1:20:a6:0f:b7:c8:f2:2b:e5:b2:4d:b4:e1:bc:c3:85:
-        b7:54:29:13:e8:7e:53:ed:d2:cc:a7:95:3f:71:32:5d:3a:09:
-        a1:fe:af:ba:45:14:41:1a:67:fb:8f:46:03:6a:fb:78:26:71:
-        02:1b
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBV
-UkkxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBSsHRa6Sx4LX+K8Ya7h2WRaeb5F1jAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBIjWL+10zzBpp4TeCW1ksSs5Mjlm0Atmt/NSXjlCAb/sjLPVx76PPP
-w9uW02JOt1uTBRHDf0GU6HXSime/87CBJSKZo0wCnxyHHbEgpg+3yPIr5bJNtOG8
-w4W3VCkT6H5T7dLMp5U/cTJdOgmh/q+6RRRBGmf7j0YDavt4JnECGw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35EE.pem
new file mode 100644
index 0000000000..ea4090779e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: B9 9C EE E5 06 0B AB 05 CA 39 77 87 BA 12 4E B5 D9 31 F3 BC 
+    friendlyName: Invalid URI nameConstraints Test35 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid URI nameConstraints EE Certificate Test35
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints URI1 CA
+-----BEGIN CERTIFICATE-----
+MIID1zCCAr+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIFVSSTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBVUkkgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QzNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALA8
+CtHPii7fw28cFZaZuH3dG0rXPq84FZPv6pvNJw69Z2qgNbiwyudr+U3JacGVOQl0
+DxncAg+RfSCSzkZoIwtukH9TC+IFD3J4POTu1uLATudMVsiDM0gmzHR64zc9GRSQ
+2pfSDs5zHFStkdfcZau0xxSff0vXU59UtO+n6AuVOZcZfosrFWTxSf2hEyyt04MH
+FVH/vDIT0mym1kChxQ+NYLqo7A104ZTrJq4ejxFP7Fp62JGqvDGLSnisFNjkcVac
+5f1dehlAIm/ssRyMHK+Q6Dh2KrjPRdkcSuYzDFz82ZhWGaoBj3OrYYljISCZnT8p
+s0HqA6BFbBXhveCFVgMCAwEAAaOBoTCBnjAfBgNVHSMEGDAWgBT6KK1BFt4qaBfI
+DxwjPyYD3gIUAjAdBgNVHQ4EFgQUokLglRky7eXtrwkCdqZ9KB4g5tMwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAzBgNVHREELDAqhiho
+dHRwOi8vdGVzdGNlcnRpZmljYXRlcy5nb3YvaW52YWxpZC5odG1sMA0GCSqGSIb3
+DQEBCwUAA4IBAQBY+uta9QOhKurTMvpDULkPL4HU4wWHAN7+kL+Q9va6SDimwLTt
+N+PT5OfoPbALrC3ETTdcfyJXcvvEbuLcu2/mozR8ZPE76pLeV03v73UlApv3pfzM
+u0ydogvBtA+//I2cZv9JDN55LwM2NxHzEps0GBNjDSqgF5jEPqOqJYZF3U5JvIvd
+tx6OzIGAbq4Y1p4iiyMjEhOZUZ11V9V37LPl7wkWxbp7a6a2+jZCupfWJbDLJHiR
+MrEM7imDoSbkOkwgajrtmRHksuQi1fk/faJfP84fVRFIrBzHhPgG8yV5fLSmLgTp
+O7lmeu5uvo7psQ2Qa1JHtMbw+9YqgK23nR2I
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B9 9C EE E5 06 0B AB 05 CA 39 77 87 BA 12 4E B5 D9 31 F3 BC 
+    friendlyName: Invalid URI nameConstraints Test35 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,25C09EB350EDA71D
+
+fzMhGZFyuZHOZar1Ex1YnClyTLjlH99699MkjHMwap8R7dljeW2EcgW5AmE9FfZ6
+36OUWMoleVzXUc3Maz6Cmm+9uaaPY8/OyJN8F56Nkeyh66O/3C3ZpcYP6xLiPfRW
+qp3qtpDqrXlPQ+7agcnEAvcAkPtMU8+8LxSbam7AVdYegUrKBTF6n/8sXWQkBQ1b
+MaH6dsEqBI8dpa42mC+DSXtj68ep6uoLupbLkBy+1KAekkLTRARwjCjo2yPclMIO
+XvOF+o0/tIntRwmkyqV+m0aVTEoI828ptbjQsRXyIozdRiZBYQpb7evweLrr1OGE
+bQb3VU81mczr0gvaRoS3977eHasbPKnLRNaEhn/YtuqJZzWqM9m7F5ZhX18Jw2VT
+hKlShw0qHLQwO5RgelNxiq99l/EICtR1ZdAe0rW1UPyho17XTRDBSLVHB5/bKc78
+Qgpz0Jn7iCRSur4n3w+MYhtpH1B4lctNrcU4rbj2GLBwYaps3H9Zh6qtlyhiRgpq
+4mUhbELsVZgIAEA1I5coax6EKQ1INTEjNInQ2qXXfXpFOzQiXRZN5FyTdJcr3eYp
+lW4w1Ftx/gCcnd39ASOuNHFu9wI1zud0FglhuLYqP9MKzQxKp8vsri8DaU/08eDi
+/xhR9yhiNlTgoMrVXs9ymW5bMQVPuXOem1wnaOj10tS+7IUt4dMvWYaSwBhNhs4Z
+WYUNNF/+K+uXwGLLG7olR8KDGAz1Ntcj/YFJ0gFxHOO7VHzneJPQaEGV7F7S/+m0
+G6xqRTjv56ZA7RdZYvyhhcJ6+8040b7bXAuxeBILg/R2yoi26KDsXlUN8VkqTQJi
+rvlymcRkPdA1P77mcBZ2FIGvDT6kfpmQ4J3fgAlxeRA6Z1yud1MWYjI+QjhH8k98
+3TRmHiITXssfAAAvFauWBef9waFydBuksceDgMgVcMaAL89hC7SlKSJ9EIKBWqB0
+Z27UIZXVjz6qlLu+1k9yLVjE8v3isfIN6WUBb/Epw5tyOUReIH3a4Ejo7C7sG8W5
+SajwycO6+fGYpb5H1ins0CHbGYqFMkjKVsiI707ZC83D4hXuubXp2YbWM2LLqVlx
+MQHiISQRhS7u3Edqnx0iK2s7cxwgn4RnAglzgE7OwgrOF/tRVF68ljKNYyb2+dvJ
+P+B0tHWe9leMyoWNNl/cKkHmDXBbjSQlNkE154Af0q4ncKY2WRmCA9G4LuNIONuP
+TRnaBMxikRWAPEJBt8X5CEsiXzRC8+Aa9ULwdrid3Blv2QiaUlPJ9D6z5ffDDXue
+xJFEKYOcMwkVHzJ0+DO/gdtNLXsDdGrsjGRjDwJIKaOY5Z5YgEMQRnsjSoxhGqIP
+QfFFNaoyidM3paJ7+0Cj9J0716Sv4dNiALkA0wHuTQfGZ7JZITYGsQ0errFqnq8R
+ZmlUEs8gXMd8iE98D+gmegENCaUe1MtN3lTpuomzzN4p1PljDYGeioFSm96Uw4QA
+2IKLQuJi9Njfn6/E3sMdZpgZ4lxl1rOY1MQIYTYIdrOKRFyrJNJXRW4xdmmHdoFd
+Eb9YHCkR9DCy5hDRaVXxW3DJNKTEnwUD+e32UkOj9C5LaiwKwKzC4QoAIFsn95Ju
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37.pem
deleted file mode 100644
index 8564b40553..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints URI2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBSTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIFVSSTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANCu/tVS
-XB6TUXM4bU2lQ7EKvQrGMy49TSnHlIwEVZ9UNvbSA/ChnCxPIKWiVWlqdqr0evlL
-xdLPxQe6xHuVjkvgFleY6RjA9LqD7YFFvf8AnDD6BV0kIr3itChNI2abON8Dh6IG
-+o48bCPAt9bqxCepQbrSn4mYSlcKjyn66Ev7AgMBAAGjgagwgaUwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIakVWPxjKAjp6e8y2yq
-bdBaxg9aMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zApBgNVHR4BAf8EHzAdoRswGYYXaW52YWxpZGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAXeaQUlCHmmhg1rKHYxVfKaCq
-S574GPbDh1QtQoNmVqFF+yGHse9s4hcYcv7VZB74kYKCFUShbBWl1VcmgPbJLDnc
-MDjP1B35WdH4IGAxCBLHOiuv/1AWL9EfHUdhX2ZoFpJqNty9lFkahCZ6MARJwtS2
-fBh60OItInetzMDECnE=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid URI nameConstraints EE Certificate Test37
-issuer=/C=US/O=Test Certificates/CN=nameConstraints URI2 CA
------BEGIN CERTIFICATE-----
-MIICyDCCAjGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBVUkkyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIFVSSSBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDM3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7RoVBb6HAXuZfLDEJZHtZ
-ZqQoQWTPZt8PsM1IGx7uBWtoC8OpBufVE0QTJZV7uKwsbPCvIAHlsKsoTgxWMPpG
-83/daynjox1RbmbI9Vlc+tK/SbwbkIVJ7bO65t52t1SDIfnPSxBa24BxP8wPqbCj
-d1alYdvUt+5ERxY6pW+3tQIDAQABo4GhMIGeMB8GA1UdIwQYMBaAFIakVWPxjKAj
-p6e8y2yqbdBaxg9aMB0GA1UdDgQWBBQJ/mqtsTQDfDnYag36Bwgfh5EMFDAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDMGA1UdEQQsMCqG
-KGZ0cDovL2ludmFsaWRjZXJ0aWZpY2F0ZXMuZ292OjIxL3Rlc3QzNy8wDQYJKoZI
-hvcNAQEFBQADgYEAWfo3+4bDtxvUvo7zJGGkAMWVXpX27OK57XmNG8U6Ge4H9ruL
-S3OImTHGFt4EbUhw7OIxtSSCdT9x3SAg+jLVLn5FZYM3tkPk83lLSgSS1kvoRJNN
-zf69vibTDpsT9yzeMDt0vFKe/YN4RJwfBWm0ty7yrI6uUu3oxcwLsV7+Wbo=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints URI2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:86:A4:55:63:F1:8C:A0:23:A7:A7:BC:CB:6C:AA:6D:D0:5A:C6:0F:5A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        73:1d:ee:ad:1d:21:24:88:c7:70:27:82:cf:68:1d:fa:61:18:
-        da:2c:a9:9e:05:0d:b4:7e:e3:ac:49:fc:82:76:d0:6c:80:1c:
-        b3:b0:36:4c:44:da:e9:0e:aa:9a:df:66:1e:0a:80:f4:f0:0c:
-        84:02:2f:57:47:96:e1:f7:ae:e6:be:85:9e:53:e0:97:1e:9a:
-        68:7e:f2:32:8c:d7:89:1e:63:dd:3f:47:06:30:44:e3:42:ee:
-        30:c2:d6:ce:3a:46:4f:6c:8c:e2:43:c3:7e:5a:51:ce:5e:73:
-        7a:ed:f7:5a:04:a8:0d:f2:f0:67:af:e1:0e:b8:eb:9f:cd:2b:
-        24:62
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBV
-UkkyIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBSGpFVj8YygI6envMtsqm3QWsYPWjAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBzHe6tHSEkiMdwJ4LPaB36YRjaLKmeBQ20fuOsSfyCdtBsgByzsDZM
-RNrpDqqa32YeCoD08AyEAi9XR5bh967mvoWeU+CXHppofvIyjNeJHmPdP0cGMETj
-Qu4wwtbOOkZPbIziQ8N+WlHOXnN67fdaBKgN8vBnr+EOuOufzSskYg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37EE.pem
new file mode 100644
index 0000000000..6bef580768
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 53 75 D0 B7 C9 37 05 AB BE 60 9B 70 09 E6 46 C4 1D BC 94 63 
+    friendlyName: Invalid URI nameConstraints Test37 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid URI nameConstraints EE Certificate Test37
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints URI2 CA
+-----BEGIN CERTIFICATE-----
+MIID1zCCAr+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIFVSSTIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBVUkkgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QzNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM2x
+nbrTtgYrZ7vvgjKR+rj+GcPuu7hubTLNz64dJYq4bO1F2Pp3AGeit4SFt5mWT67B
+p+jjMo8dpqoO7+Y6+sebnJv1pharZ0fzQodcfl9/wTPTCwQ3hd5hOIwIKEC5rwhF
+OfC7CfAG0LBIc3L8ayYbDu3rfvHr43tSrXeNQCDs4sT50yYrkmSc9cSx9zrBin7y
+1XEEsyvcxbwG6vfazFyBtWylBIxrryPqp8/tCpj4v+YKpjNtBXbtI/rh3NQRWqmC
+0/byyDKuu+ZqkOwBZ/VWX0QysdoH+z010rhboJp09kQqL9P9hgB8WW+8zBk1mjnK
+fhk9TBzniVk7SZFntLUCAwEAAaOBoTCBnjAfBgNVHSMEGDAWgBRN64lx3/AEAbL6
+djpYsbpg3YzTwzAdBgNVHQ4EFgQUtJ9QNnzYVFt58I4Udp2pJfKkuSAwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAzBgNVHREELDAqhihm
+dHA6Ly9pbnZhbGlkY2VydGlmaWNhdGVzLmdvdjoyMS90ZXN0MzcvMA0GCSqGSIb3
+DQEBCwUAA4IBAQBB9r2UKkXqMVYrheLH937+0QmR/JOtK+oaJcw+mJBOzy2NbIPO
+7m9OEAElkt/PSaONwtLyuoEm3/c2Z9DVyFE/ep1ndQ/58Ow9vj0WE2mwU1zhwn1x
+R/pZz2WAfFQrgJZLqFoACN38Hsb4SsGbDIWGQrJSabtJPr2XDfKE6TBhVAMHYtcs
+Xia5zyRiL8c4BEATlHrBlw1CngLBfBIDGDc9sKaXboOoz44uyisAwG6FJ9XR/v47
+Wt1hVvxa2WF7AJAI+HZn8KdlLyJK9zi+eCETErxPu0hwMLhe53M+MllHSzD9kOfq
+7gHu2jUzx/W4G4YH5jEo0EW8qEUcCEQX1cR9
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 53 75 D0 B7 C9 37 05 AB BE 60 9B 70 09 E6 46 C4 1D BC 94 63 
+    friendlyName: Invalid URI nameConstraints Test37 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,75BC6CB11B15DF92
+
+3DizqDfEvcgL0nq3ByKA+fh1S3y6pB6VUxFVsKq3gqNoh/y551DDwYTXq9f6ZlSD
+j984y50YtYufkDg948E+w31Ja4J2/Q6LWSQ6KsHSRzao+rYVIGY5Bi6ClPJRZH9/
+ffym90Xi3HHhmdqBbmUGeWGegYcXLUR8bxH/EMRP3QVuxeMr4oXkNWIa2Daw3SGO
+ea6hvfUOOqLVj/22zswqBiu2u8IJYhL4ZSECTck8uFLvs8ys4CP4RkSQ3lqW2cJ/
+BeGqWWTO1naMkNvyywaObDkiM5IuKH5AkN7aMYr+VTAWJXOlQnrsixMZgRQsBAD4
+sz4sN88En7ZnGCxVrzEKdigvYlwUqTOl5Al1Z7Lb/u+//jyHw8ooF92f9RcLhkFZ
+9o3riTn7PJUNiyHC1i7XfXm0o2TC0NEJrNeTTs6a7JQDjY+1vcUT0KGPJ9CYWWOn
+k6MTqq7Y0CwrOiI5LGnrXn0BGMLD3lLtCve03Io0XthCKcLWa7pyiHmlKyAg1LsH
+Q4uVRMIy/Vc50k4MF4q58UKj+LVZtoFOBBR/aMYK77QtfobrVLJk+9qgscS8iz7h
+YdeE08tvk64AOnzyOZGXXkvHDifXTILbdwsM9yiweKoAMMLRelX6IKaldcku+sa7
+OmR6bOXv6jqWl9PuYte/T6HOqQEqFGOUMR58pC9si8LWiNYzEEGXdcduysZ3lF+o
+UtmfmKHRKBWf5xFLma81mhhp3RbZG8gRKkDqnIJRUBBs7oJEDxZGMX3THCkx2FP+
+TfS2ToyOFk3fIUxR7s/e3ej4wmM3panPmZjwy88AKl4Vjd4c0FLR6FHORlYgdTj3
+c1Rfvj+8TNZVuzn4OL3L5mnuc0q9MqhELeQtNE9E4uVifD8//IAknnEABrJpGgcT
+XbJGmM7ZGMm21jMKnZkDgV4bvCNeuPp2SmM++v6tu8fX+nUePbMMbzFt8tbGfjLp
+6addsVIwNGrsh7XYIV9KvcwCDVMPFbQ3oJd3QS+UYvTwxNvSpAXBeMpmToxuCn9l
+E4JVRWrL9yKEo1GF+2mVGHOasuicjQ2RjXFJ2vtJBk4RDdE9/4b454hL9nXN2ghg
+mAKkn53PypLprugnvywhRSEQ3YBgqLQkq6bRjcJElUFv3YfQdWOamI/KAKn82J2r
+FO5AiNgFAilZHuBSxsfCmK3VAdKE+CZlWWkDEJsjlMFdYY8Lg5iHzDjfMJD8iSDm
++urOHgyvh2eSaOW9SB+7+1ucjga0xIIkotUzxv7HqLdCMYNk/6YYRR8fHmc+Czid
+mMTScS0FZaBLZrR6k6DUBvE2NCzhVu/8w8fYq2yeZch3sv7wIyhVvct91g99gIfr
+wUCw6KAOAJXtCSR4neqKQDh3yKUj9CPCeSUPAwtH+9KDRRaiNuGFgXejLjRsYlwe
+EpJPHcnXy2P7/AWCMmjx24CAgtezPoqkLr8aK8cJcA2CUkO3bSVe30MZzgqWxQ7R
+u26EjHPWF/fOmCPpx2D6mTh/nZa1yqSxmgOVecODKkD4y3m2iF0m1ZPAZdhZNDzb
+2KnX9sAjPjw9t3YFEd5+Jm607M9DfZLr+c6YnRiQKJ1GDCFhQt8LNw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8.pem
deleted file mode 100644
index 0834f93e74..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Unknown CRL Entry Extension CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBDDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUGA1UEAxMeVW5rbm93biBD
-UkwgRW50cnkgRXh0ZW5zaW9uIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQC4N3fv71Sg97CctA2gdnDYdBCxvD0dw26KQaNDbFJBOuoUZ2YczhV1669VascT
-67yTxIEcK9/IDZ3YH24KxfGvQ/QPio8W8AMrVyCcHJvX6LyAe8VOYc1STiqxmpxi
-lp0TtHeYT9eIybRSaoqtDChQrkbPKB3unwxZbFwK7EJz+QIDAQABo3wwejAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU9Vvr2srl76qI
-n9lsv1vOk2kRTYAwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAAHH0P2ABpSL
-gN0JmwJ5PRblM4ot5qt69t9Qxgui/fn5pIZa+tDA3zKtJx1/S1Sm3gdZb+2A71hS
-3h/LIkmSD7rTwgJTfjtKd2rVxvPhLlvC6Pt+8cOlOAfxT88Q5atXsU0P+7ZMw/4U
-3F6PnahEk6JTNn1ylgi/e3jRoVAew8qv
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Unknown CRL Entry Extension EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=Unknown CRL Entry Extension CA
------BEGIN CERTIFICATE-----
-MIICnzCCAgigAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHlVua25vd24gQ1JM
-IEVudHJ5IEV4dGVuc2lvbiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMGwxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFB
-MD8GA1UEAxM4SW52YWxpZCBVbmtub3duIENSTCBFbnRyeSBFeHRlbnNpb24gRUUg
-Q2VydGlmaWNhdGUgVGVzdDgwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPIB
-J/eXGbgEoIPq9cvpKM1LhdR/nU/V8FVZG6E6cGIPHhm6FpNthtmafeQMPHMkT4eV
-41lXx8f9O4+xj0BUXNv/WhGhsT1PHxs+VzLNTG2mp4a6gOaLprNo0vi8C0jMfyQ/
-QMqq0d3vM/QmM4H1AJnguuG4xoSFqLZqIAYC1Xb1AgMBAAGjazBpMB8GA1UdIwQY
-MBaAFPVb69rK5e+qiJ/ZbL9bzpNpEU2AMB0GA1UdDgQWBBQoe5/NueRG8dILVNg3
-c7z7YF5PVjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA0GCSqGSIb3DQEBBQUAA4GBADjyBhwUgM1wXGm948RATjxho9tRdPLLVwj3K0Mh
-JSy5uURrxX2u5UUutqr2ZOpMjUcO0KY0qePFA7Oi2i1Wh49awyxUEqYVxRgBxNtB
-sKxMJG/iV6sX+9X3ObXDCG960+AD2q16GmjPiVrqxE3JQE/1dvdEyHduVgugTEpu
-WOKs
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Unknown CRL Entry Extension CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F5:5B:EB:DA:CA:E5:EF:AA:88:9F:D9:6C:BF:5B:CE:93:69:11:4D:80
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.16.840.1.101.2.1.12.2: critical
-                ...
-    Signature Algorithm: sha1WithRSAEncryption
-        46:89:76:03:d1:a8:eb:7d:04:de:bf:a8:1f:86:48:8a:d9:78:
-        ae:21:21:62:91:3d:ba:79:b0:17:d4:ca:41:ae:d3:43:4c:77:
-        2d:9e:99:65:93:59:dc:72:dc:d4:90:04:e4:f3:ec:ed:63:bd:
-        09:59:3c:a8:0b:ae:fa:ef:11:73:b2:a4:9a:e7:6e:c2:fe:11:
-        04:f1:f5:58:78:95:d2:24:2d:4c:4b:7e:7b:f1:8e:9f:ce:82:
-        76:be:a5:5e:77:e2:33:10:a5:d1:2a:2a:c8:e2:f5:09:6d:e2:
-        e7:c7:9c:cc:5b:3c:52:29:f4:a0:3d:6e:8a:87:8a:94:2a:65:
-        74:fb
------BEGIN X509 CRL-----
-MIIBhDCB7gIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHlVua25vd24gQ1JMIEVudHJ5
-IEV4dGVuc2lvbiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA3MDUC
-AQEXDTAxMDQxOTE0NTcyMFowITAKBgNVHRUEAwoBATATBglghkgBZQIBDAIBAf8E
-AwIBAKAvMC0wHwYDVR0jBBgwFoAU9Vvr2srl76qIn9lsv1vOk2kRTYAwCgYDVR0U
-BAMCAQEwDQYJKoZIhvcNAQEFBQADgYEARol2A9Go630E3r+oH4ZIitl4riEhYpE9
-unmwF9TKQa7TQ0x3LZ6ZZZNZ3HLc1JAE5PPs7WO9CVk8qAuu+u8Rc7Kkmuduwv4R
-BPH1WHiV0iQtTEt+e/GOn86Cdr6lXnfiMxCl0SoqyOL1CW3i58eczFs8Uin0oD1u
-ioeKlCpldPs=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8EE.pem
new file mode 100644
index 0000000000..64d05c4a64
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CA 4B E6 E6 B1 A7 D1 4B 05 CA E0 3A 9C D6 BD CC 66 FA B4 EA 
+    friendlyName: Invalid Unknown CRL Entry Extension Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Unknown CRL Entry Extension EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=Unknown CRL Entry Extension CA
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeVW5rbm93
+biBDUkwgRW50cnkgRXh0ZW5zaW9uIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowcTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExQTA/BgNVBAMTOEludmFsaWQgVW5rbm93biBDUkwgRW50cnkgRXh0
+ZW5zaW9uIEVFIENlcnRpZmljYXRlIFRlc3Q4MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA8pQkABHQjAg0Rtoy+Yv5tsEOzBdRIAZdfoierPmbsVp9mOZG
+LkHAevOhNvunCVK8NeFinVz7NEaIaxsBdbAOqcQOez338byeOKLTA3woSTTHK0Yz
+yE2P57stG28RtP6oDYBN/+7Em1V7HT3+nZmvut6hX/ijhYM3wCtq/wwb0Yvopms3
+fMKM8wJ2XCBHIdKhFrQ7d9rW03VYQvsRnLEasOCYIDaoguRgM60pHfdQVCj+ahUs
+9/ZEJCg6bSmnybJnhdEjiy48AOJJwx5dE51diw8aCruouIlpZcuAjx8QGHmtDl41
+VhjDT5UvvsI1Zl4LIF8aCnO/7PAZGtOaRB05dQIDAQABo2swaTAfBgNVHSMEGDAW
+gBQAphnLoS1NKC8i89JMN8//TDDN6jAdBgNVHQ4EFgQUmuFGJWWGdlodm00iyfNS
+V8B1N6wwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAN
+BgkqhkiG9w0BAQsFAAOCAQEAhom7StGhTRkAiy7XBsP7ToZ/jg3ErbepTvpGLQw3
+TH+zX5Sc1b3R8tR4zJ6RChxonMEWq3HvLNdn8ddyI/n0z9yJxanvt3MTg1OPYIBU
+zV6Oua7ryA4BaVNQ6Mg21pdYtFFxoVfhdP6O/2T97GeW8fp9cvKLagDIegl/KQoX
+CGM9uqjiFup6u/EllniCZsx0EKJXsjxA8CptSxbEgiqxFdo+t+7LM+UMMhcqynMx
+imHOzUGLh8H7WSiPo8H0+KNCDRCh8mO1CANEt+PuW6o3hD1K79QTd3b5qBzMPlW6
+5UWHk/Ncn72YrKxKZT8gc0QMdOtGO2L2h7fH2hPXZWETbA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CA 4B E6 E6 B1 A7 D1 4B 05 CA E0 3A 9C D6 BD CC 66 FA B4 EA 
+    friendlyName: Invalid Unknown CRL Entry Extension Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8ED5E5A518FD8B64
+
+5a8ty0N+/lsBZJVhArhMOdNjFyjrJZyD5xea97tdyu8+xtqWQguWvFbhvnHktP1J
+ZKEVrSa+KY/3RWa9/tYs7fpMrQf2FHBB8Dnrx0sw03RAdKiKEnB+9psQxGPBYfEG
+nGFtJvDgrASnrDdpRW1izeixNTMA3/w63wt0InU26KV+5CfV8iRVH0OFm1mmhEnY
+ZKvRxVAtR3WX7DvaYyaRhLRIHWOYT+NzQ+i/I4p0LXTaeYcMTEc3zVHNELpqGiEY
+FQ48IFvqR73reeC5T79OCfXRlDtRvTACZIeig6KsDQET60/cz3DKzJnBJ4m+uQF8
+kVoxz6zVSjTdqwUiA2QBeJ0HYwR5H0617M+OOegG8KC+UmKy3OSkq4DI1A7pzAMZ
+fRxSaQ3jVUX+BJZZt0QKRQdvlKCV7p2wnvb+YCaZ3WwczlM8MLgJ2XtEmHsqsy0m
+ReU/aP5BukEambvjwa/dw8zvDXZehCwqmNoLjT38u/Z4hAMS8vhH0B5bPMabWINU
+fv3uZUsssRg2/1cwtaOU1QaWWKruKDXMFoZ1Q6CEQpZCsYSEoEb3MCAKqZ72KGCh
+XWKWiXL533z8e1PoTJfaWplUSd0ki11xZVrawcJq+zY9nD8z2z5C5C3p97Cko9Hq
+F8Ub/eYPIb32S6jH+U0kbKnjXxq+3/71gianVgUoHb5+V9O9mwVUR6C6eVf68P3L
+tmcMQK6GUu+XKyVMM4lwd/Ql11fyj+LO7EYNCFtne9nYV1K70H4l83FM/ptDeh9u
+IADB8XPzHtm9cxDmEaDD0qSkZJdTWO54RSa9pXR6dljYA61b618ydq2uG9vz/PME
+VLQBy+7VyK8wU8srI9GWtTUD16GrX3CuYhZHo33pqbnkFPDwFqKHkaI0ya4y0lDD
+tUTpBkv9a9v6gzXvb4ZlRWr6Qapm1x5YeU0KZKrOrsbW5WqJeMaraIJPDJtNnCGu
+Uva+oAdtpXOa7yvw1nZS+uU22SoM4q8duLwd4xJO7++V0/iL0Mec5OBIKsSLuGdW
+bbzQs/r/u5wjXhn/iSUrPD+OrllCAHHZI/LYjBr7A/MFoXx3BTCGWKbGf78gPTpi
+fjCtBBxdlOSaDa29dkKddNJ3QHTaCY38e+pfY+nYTc6dzybH1azWKzEUDKWOX+/8
+SSNMLkOD81guneMVIduKhfujej+gQia1ZARIAcI1SoJI++LaEZBgvIxGuK6Es9pn
+mUEXWKWBk6cWEV4o98PdOK8Odx4qfXT0nEWJlrnIUeccfYjmfhwl9dmWoyPy0PlT
+/QNPPQ4/dgPwQc6MaDrxfqecIJs3ng1o+CEsJTLYgEKreD84HXNUoiOswbqGAHaX
+QUjiQFr8Xo6m5slci7Le2WFzNELJhwAYicEZXeBkN+cShcgOjbVHQiNmkaZBLhqZ
+plX0K9kGFRRsAstse5LIoIlgaq4DeKfvYglIukZy0JTGWDWdsnU2mqVwPuc15SbL
+yoPaVX5a3oPv5MxeLiZP3y2r3sisid0+AOCc9Ey6P/iZGiorVu+RBLfE3ft/cROr
+ZxLGPRV3YBguu1WnhBNneSDGaRm0O8O4NrtyQwXt7EAy4XAIqMP4w51RNrkjtSiP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10.pem
deleted file mode 100644
index 8dc7416970..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10.pem
+++ /dev/null
@@ -1,117 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Unknown CRL Extension CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBDTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYVW5rbm93biBD
-UkwgRXh0ZW5zaW9uIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCytAs/
-JAs2Ja8c89As83uwUulH9T9tQPZcA7nYHvlyElO2ck8TAyHsxyTJEX3dSXo5IOhG
-VD2Onq3BDeRFf6pu5OMpoQ3OGJbb4q22/qZtN6etR0haIBvS2ftAIPX1mJHU48rv
-TuMEQ0hoVtFxKdyYSeFaw9iBTbcaZdPUCMbnIwIDAQABo3wwejAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUao8V/5j0N/1M9CcF3W7o
-YaFVtKswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFoi3BNwtKmwgQu7YVgw
-RJCuLiqFCNPny8zbrLdJOyTSB1MqnPBzrnx0E2U6i+5RTiuIUrD5V54/46OcAenb
-ABT5jTygyoV5M03Iy6ZRQ71ZqeX2hc8LeHetvMTN1fZiNOtwt6Qn4LtWGyw5KH34
-KMAytthglbz5meZVb+cbK820
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Unknown CRL Extension EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=Unknown CRL Extension CA
------BEGIN CERTIFICATE-----
-MIIClDCCAf2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFVua25vd24gQ1JM
-IEV4dGVuc2lvbiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGcx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE8MDoGA1UE
-AxMzSW52YWxpZCBVbmtub3duIENSTCBFeHRlbnNpb24gRUUgQ2VydGlmaWNhdGUg
-VGVzdDEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCi6/iZeRoibZWIgFQb
-pVXsmxIdt4k56SpvzvPgJPyoxkehfaVCNpZQ9udynRLZaogzk1Js85Xmf+O3MBul
-a/xJq4BU0Mit5jPBDcfqEpOu4ovFBfX7i+nBDbBiS+2v+QkqntokkwaDKKCnDRV2
-qjQdAnTFbFNpkpyO3yhWJ6ASOwIDAQABo2swaTAfBgNVHSMEGDAWgBRqjxX/mPQ3
-/Uz0JwXdbuhhoVW0qzAdBgNVHQ4EFgQUkm2zSID0l7fhHwrbvsB+O9PRHtkwDgYD
-VR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0B
-AQUFAAOBgQCMYaiiImk6MCNreccITRisfSs0mHnXu7opjgpXuD6GcKnQtOhN/52T
-12dfAZMp+ROHHg2hZ1xWY7Uvn5IWbWEepjY0SpyGDsuzLgEO2xXg7DU5n1yxZpao
-mnsYHYHJPrTQK7jpsbutOP27RSNid2jQNfnyDoYsn2uCl6zen1aoCw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Unknown CRL Extension CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:8F:15:FF:98:F4:37:FD:4C:F4:27:05:DD:6E:E8:61:A1:55:B4:AB
-
-            X509v3 CRL Number: 
-                1
-            2.16.840.1.101.2.1.12.2: critical
-                ...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        87:83:34:a5:84:cb:5a:ea:95:df:cf:c0:15:aa:4a:32:5a:e7:
-        29:82:92:af:40:f0:c1:5b:0f:f8:4f:c5:ba:af:bf:12:16:85:
-        b2:d9:df:d5:f3:5a:da:bd:15:8a:ec:d3:a1:af:e7:8f:80:48:
-        54:1f:22:c2:8a:74:9e:c1:c8:5b:33:a4:8f:6a:30:43:91:35:
-        0b:08:c2:87:c5:5a:b0:b4:30:6c:f4:f7:22:7b:71:b6:ff:7e:
-        3f:ae:da:aa:b7:d2:4a:a7:10:7c:70:b7:6a:10:85:d1:9f:d1:
-        5d:bc:36:44:30:32:6c:bc:a6:8e:24:96:62:d6:68:c0:24:13:
-        55:3a
------BEGIN X509 CRL-----
-MIIBfjCB6AIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFVua25vd24gQ1JMIEV4dGVu
-c2lvbiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQEXDTAx
-MDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaBEMEIwHwYDVR0jBBgwFoAUao8V/5j0
-N/1M9CcF3W7oYaFVtKswCgYDVR0UBAMCAQEwEwYJYIZIAWUCAQwCAQH/BAMCAQAw
-DQYJKoZIhvcNAQEFBQADgYEAh4M0pYTLWuqV38/AFapKMlrnKYKSr0DwwVsP+E/F
-uq+/EhaFstnf1fNa2r0ViuzToa/nj4BIVB8iwop0nsHIWzOkj2owQ5E1CwjCh8Va
-sLQwbPT3Intxtv9+P67aqrfSSqcQfHC3ahCF0Z/RXbw2RDAybLymjiSWYtZowCQT
-VTo=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10EE.pem
new file mode 100644
index 0000000000..346ce3a3ad
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A7 BB 02 45 25 F3 7D F1 D8 E1 43 94 79 35 18 70 BF 19 F4 03 
+    friendlyName: Invalid Unknown CRL Extension Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Unknown CRL Extension EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=Unknown CRL Extension CA
+-----BEGIN CERTIFICATE-----
+MIIDozCCAougAwIBAgIBAjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYVW5rbm93
+biBDUkwgRXh0ZW5zaW9uIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowbDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExPDA6BgNVBAMTM0ludmFsaWQgVW5rbm93biBDUkwgRXh0ZW5zaW9uIEVFIENl
+cnRpZmljYXRlIFRlc3QxMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKxv/RraXalQIMNtg/u4DOowVy6Z42Ie7yUF43FcKATg9O4UDlM6fPF/Kex2QvwX
+zFx5gy3obUkZ+IdCmuURe+zb5NpPWdvT6XnMG4gkNsXnjWIXA2aSLJocDfktOcZ8
+xDpagVh0LjRgXJ0sZqYBG5xV3AS60+2ZZ76F6sS5DieU5ZM8kjVPtZg+keG5iB66
+N0VSeoeunx12TABPn98i8pqkhqd29KWKLZ0fAa9nwx+W79BDvEhitdEl+RZtiHmI
+XojnB8nlNWNqQd22Ecr2HVxDXZ7K2rraHnjfecQL3Hfi5/0IGdPxO1GAjW+3v2bv
+Ok7qDdZt7DMnzmrCSMB0wwUCAwEAAaNrMGkwHwYDVR0jBBgwFoAU/f/+GU3bDJ3F
+otiCVuuw2RBh4zEwHQYDVR0OBBYEFOvpVndbfwazHTWOwGmszyZU2w5AMA4GA1Ud
+DwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEL
+BQADggEBACtOcemz0wi8/F5s10MSmAelSSFXOe9srcYq+E6wGW2tdBgf4hDZZ7wo
+RixYJgU0ia5ZhIcEvpU97rZV/wRwDhl/W9mSgj9WFpKNaS1BVl4dmLlQ366Ssxqj
+lMxugFKpqA1lK8R3CG/XlMXVfJYQD5yonkkw7H9Ozu5tqn7sXmRRvMGD2GpyoHDq
+h5TXQ9X/gEcEpvilOUqju0PxZ4XGqf7v12X+RaQRg3CSwZR1OufNQxBUYDkfhW91
+MD0rFQLdXZMTLtvWD7N/8Ycqb4d6BUWgWfIC3hzO+LBlGSPio+2G51XbsjoJbF2N
+1rHplRvqqoK7mUx5TaxKmRmB3O/N0C0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A7 BB 02 45 25 F3 7D F1 D8 E1 43 94 79 35 18 70 BF 19 F4 03 
+    friendlyName: Invalid Unknown CRL Extension Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,44BA9792D4E9C9EE
+
+7XjVfX5tOxPAvijjneOooE1jtYcjKeKaOAdWnwPa5hSobrsxgyIvTUKuTkaiNmFC
+viD5YeOMD02uRdoUE56QnSFFgm/7KUw7B+ei6b7x/Gw+T0o73Po7Kn0MSS6LZ81P
+kBCyETCrt8nGnVXunU1ufyKZQuoQr8egypfg+iNaOJ2m74KZMoXHeZWIfX2sh6HO
+8jZdlRbjQip1mR37c+pxf2aNMN7M1L2yy4HXGcATI3GRgWyoHT/Y2N96fplG7q/f
+ql72slc7kA2590sDFLLndIJYbkNTshjcwds6/EhimEdQ/ji4rnh2srp4mNgLbz3X
+GAsJxmrd1OHycZ4nhxgGHwk9ww/sI/sb7FNsc0+uKWUNcN7MPqVdX1R4N/hn/H3z
+S4UNFdRG6fX0qjDFccRzq4CSPqdcarNwRKrLSN2WairHdY1N60gSDPdt1rgdxhsm
+4myi2h+nIJc1qKU9ddUox3+mJ4r/xmXxeD1U1bXU5pvsiTP1GGQMQcVBsuzHINkP
+FCAVnOREP6wVCKbgZwg6kFe65NeJ19hBSFHZKFim9rjwFSfAfQoVsh7nUHCoAOGI
+FtabfzLbyucleuUk24s1Qtcc67FOGbZCsTgshzqjAkeyciEVDyx0JiuNb51DCsEP
+oav665KQodNU1rZHz2nBI1veDaiHBMsuoTytuVg5q77w9THo2HqJOp6zIiO4dJbt
+k95boKUOw5oQCPEj2ALumzBT3W6maYwNDXKiC4IPnJr6OcgqAKv3UdECgOUYNTAJ
+78ogF7fv4cSA3iwj05cIsiE2vN5Sqk/3HyD+OrSrk8BUQzD0MCv1B3M8GlVs3cvj
+/6q+p+u5q3VK2IymLnm7kb+cI6s/l5COpTA6P/Np4G2Y1JGus0L3p0Y5GsGbeFap
+YHl+e8TtvAZTqALnNlx1844VOOgp3GdYDlKpgChs+Od3ARuLTNpppm2yUhpbeQ2h
+uNkuzYgkZuXZT94ExPaOHEF4OmHz8iWLF3i22+F2UmvqGMYAO4EpS0y1CrIcNFTZ
+BiW2a98/uWmwffp8PuMAATABqbU8xbPJEhyxhl8VLnef8j+mlUJDsCq3Kq235Pvq
+zuSTK8mFz7NHbRzH+LUl588Xg42nhgLkDzVSpql6sONENrdoEU1KVxBEp/LpXA8c
+Wks+vQVkXLpNLB4PmtraOiRtYbmYk7QLNv/Woxjr4BljrOS6uz71dvHcZnCGopuY
+4FHDYF92Z2HmkTjHMEIKzVWlBAeBiYn4WQlS+n8Ov3t2odUBlXZYrcNU9uMsdrJF
+HH+Ja4B1QW1xT6qg736fssi5xD7hdOinNV8hliQ9mAlYuTtPVZSFvYDu5Xwe0N5g
+fqc49ifyy7RUOoK9m993sx+6JQc3MoaKZnW1GlgV0QX99AQ+60sVCJDqgm+kAioa
+sLuJZlBDGXnsxYktWvKVmgwndj3QfFXEx2CQr4csjrUzQEJNotrje644hd6dOHuu
+Ol8dWNgkRiJV0xmP9H9eX2ybFdmDadnind2ntwqV0z+UJxWnujqDC7oxnbb+gLO1
+K/w/PlfbJGpvhGqa24JelP2v5/zersCzPmliw6pzRCF73FcBLhJoozyxMfQrNVzQ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9.pem
deleted file mode 100644
index ed2ddac429..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9.pem
+++ /dev/null
@@ -1,117 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Unknown CRL Extension CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBDTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYVW5rbm93biBD
-UkwgRXh0ZW5zaW9uIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCytAs/
-JAs2Ja8c89As83uwUulH9T9tQPZcA7nYHvlyElO2ck8TAyHsxyTJEX3dSXo5IOhG
-VD2Onq3BDeRFf6pu5OMpoQ3OGJbb4q22/qZtN6etR0haIBvS2ftAIPX1mJHU48rv
-TuMEQ0hoVtFxKdyYSeFaw9iBTbcaZdPUCMbnIwIDAQABo3wwejAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUao8V/5j0N/1M9CcF3W7o
-YaFVtKswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFoi3BNwtKmwgQu7YVgw
-RJCuLiqFCNPny8zbrLdJOyTSB1MqnPBzrnx0E2U6i+5RTiuIUrD5V54/46OcAenb
-ABT5jTygyoV5M03Iy6ZRQ71ZqeX2hc8LeHetvMTN1fZiNOtwt6Qn4LtWGyw5KH34
-KMAytthglbz5meZVb+cbK820
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Unknown CRL Extension EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=Unknown CRL Extension CA
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFVua25vd24gQ1JM
-IEV4dGVuc2lvbiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGYx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE7MDkGA1UE
-AxMySW52YWxpZCBVbmtub3duIENSTCBFeHRlbnNpb24gRUUgQ2VydGlmaWNhdGUg
-VGVzdDkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN5hxrET3bqQkPGYoOqM
-k59f/6Bz8rfuR0w0CP8UqMM+W2xDKIj+J1+sHfl1rsbgm3kKLrIF/DeRgOUS9k+m
-1gTj4NxYqTLXRu3AeqoWe7Z04z8WxqhHyD40VbqJeZgRl960H7nqSS7FUCE5Uhrz
-cBhoLlhH2/lYNtZmNFemPVA9AgMBAAGjazBpMB8GA1UdIwQYMBaAFGqPFf+Y9Df9
-TPQnBd1u6GGhVbSrMB0GA1UdDgQWBBQ/ld8yhWsnGl6nmqhcM8TxDa9n7jAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEB
-BQUAA4GBADFhplcYCh5Wt/vpCzwZMGj0be5RMlPSh+6UWKY8gR+TknXyeyhIN0TU
-R7DRXv/XE6ZRQda9Pslooz1WB/VBez54Sg3EirsB8hK/E+PS//mo0NN5ooOdWb8s
-WqML3eEo3XVs0Fj1mYc+8U4bYRPrtDVO4Mr/SnyKNNCf1O5R+X74
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Unknown CRL Extension CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:8F:15:FF:98:F4:37:FD:4C:F4:27:05:DD:6E:E8:61:A1:55:B4:AB
-
-            X509v3 CRL Number: 
-                1
-            2.16.840.1.101.2.1.12.2: critical
-                ...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        87:83:34:a5:84:cb:5a:ea:95:df:cf:c0:15:aa:4a:32:5a:e7:
-        29:82:92:af:40:f0:c1:5b:0f:f8:4f:c5:ba:af:bf:12:16:85:
-        b2:d9:df:d5:f3:5a:da:bd:15:8a:ec:d3:a1:af:e7:8f:80:48:
-        54:1f:22:c2:8a:74:9e:c1:c8:5b:33:a4:8f:6a:30:43:91:35:
-        0b:08:c2:87:c5:5a:b0:b4:30:6c:f4:f7:22:7b:71:b6:ff:7e:
-        3f:ae:da:aa:b7:d2:4a:a7:10:7c:70:b7:6a:10:85:d1:9f:d1:
-        5d:bc:36:44:30:32:6c:bc:a6:8e:24:96:62:d6:68:c0:24:13:
-        55:3a
------BEGIN X509 CRL-----
-MIIBfjCB6AIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFVua25vd24gQ1JMIEV4dGVu
-c2lvbiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQEXDTAx
-MDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaBEMEIwHwYDVR0jBBgwFoAUao8V/5j0
-N/1M9CcF3W7oYaFVtKswCgYDVR0UBAMCAQEwEwYJYIZIAWUCAQwCAQH/BAMCAQAw
-DQYJKoZIhvcNAQEFBQADgYEAh4M0pYTLWuqV38/AFapKMlrnKYKSr0DwwVsP+E/F
-uq+/EhaFstnf1fNa2r0ViuzToa/nj4BIVB8iwop0nsHIWzOkj2owQ5E1CwjCh8Va
-sLQwbPT3Intxtv9+P67aqrfSSqcQfHC3ahCF0Z/RXbw2RDAybLymjiSWYtZowCQT
-VTo=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9EE.pem
new file mode 100644
index 0000000000..242a518027
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 22 6C 84 58 83 E7 67 7B 55 13 23 18 2F 9F 0C 4A 9F 44 5D F1 
+    friendlyName: Invalid Unknown CRL Extension Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Unknown CRL Extension EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=Unknown CRL Extension CA
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYVW5rbm93
+biBDUkwgRXh0ZW5zaW9uIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowazELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExOzA5BgNVBAMTMkludmFsaWQgVW5rbm93biBDUkwgRXh0ZW5zaW9uIEVFIENl
+cnRpZmljYXRlIFRlc3Q5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+sZdrxzcECX8Ri0LLXI1mzV9xmBAlrK0DAO2FWpm7H/EojNUfwYjmGK5Im4UWJ/Gj
+HpOopwkum3ZmnsjIGZwv/8xZhzTvirJwlvXluaTLpxjjec38Ns/aS4KMRBZfYTe3
+nffklLOsmYUiEaDehtA8igBCA7PQCMmi/UzEPx4oBBErihBid80k1fooZy2Rdm1q
+Y9oWRDZtDZQnoloPzp0Z9NjqB7AzaTMYnhmo7kJu5LyUeGM/oWjHw6K5XFT0Ktiw
+d7RUquN0FbMKgYJlpuB0SygFqkO7Vd/Cik0qDfgzfSN3Q7e5bwF9gWKBxJHh8oeW
+vjJIhJlaDCJjyG6wCBq7SwIDAQABo2swaTAfBgNVHSMEGDAWgBT9//4ZTdsMncWi
+2IJW67DZEGHjMTAdBgNVHQ4EFgQUqInp6e7BpgRmX50LwW/1K/AeplgwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsF
+AAOCAQEAK0J7ckIbbVyqqgEXIzziD1qpliCNXcjw0ei9x873IYVdmkGqFF0aFAo5
+lRdzVw451cGt81zHoJekwpQSUKneH1bFEsXWY1Z2wSbu8VFSGwcdnvMHhvhRJ2vv
+qeX/GG4VZm8QH6Ut9MKQB0ouQ4WCNR9nSeomSomQd7NapE9JcxZ7s1c0nBpGeIaX
+q5+MN4vVMrkEv6RvaeXJEtQw2S+wz4ZLgT74bzi52VxpCW9L1ilH+LO6LVqL+LWO
+SghiO/N5LT7oPT6+uIUCAXZn1JQw0j5v3+ljPLiuxHzr8bJKQu/dnqgsz9VA4C+B
+HRsOqzFlVMaEjl4nJtiLhm3NEs4Xlw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 22 6C 84 58 83 E7 67 7B 55 13 23 18 2F 9F 0C 4A 9F 44 5D F1 
+    friendlyName: Invalid Unknown CRL Extension Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B4184B7D6FCDA35C
+
+yM86fFbHKFOUuwVFtV3YvfqNhikDBjZqcXZHqEErVMcks6oU5aSFzKXZKENZRSK/
+2mSlo2d2/9bNC+2Q+e7PPanZ/pyst2c3TcfL4Zvkx4qe9rR1Lys6el0eQEVv4reO
+Bvnh/kh7G/+bkYNiAIS54A3XH6bdSI+nde2B3ZODePJNFuRkAlOzEVzTSlxgia/B
+P3a6TrmlrkfMHavoue5AQj+pmNJkrSfWrzo/Qx0lrpJpOoHEpIyCM1vMEz5gR0xI
+OjuVcA9jVwaVttiOlSfPsPMwNbi3JwRc/x2IRFvL92z1ZkaEOlPIP0g4e1d2M//8
+OPqouTcPH/mFq1i0PPnQllX3+uhkk67Y4zFKcr745an9t5fH+g0gD/D+K8cZ7hha
+DRVRJx3kWhqv1TNrMQmssd3qgApmB++P/LlV3uEwu3Sam+Vv/DCesxSd4rEEFv7E
+KMWa+7aQfZ9HWdG7HEHfGrx9v06cWiBEN15SPF7+BERQSV137M8ElUlpwQj5WY5r
+Xo9dkqc6c2yt9s3xlHilUrinOi+fWhoE7cpd/6LEiOAEKq/j6QI3Uaj2/ih/tsBc
+7EVwSQeSIasf+eIPGq8BDouMCIQ3nBxGfUHwJ+U4zGLzqpPPGXT1QfvS+9SnstSq
+5RL3HpBHKfclSC5HYLdE7h9PVDYW1baVt+jDSOYJqntDK4+KeiIVTLQu3aIrzssv
+sLGKfofCAxDvNMCEZjyoPXjwo5qdltSx4qZ2u+7knsMmeIaP0no9dTS0ZbZaRfLW
+DfX2TMZdXl++jrQh9VHiNwvJN/vM0gOpLdOjvn3CPnms6m0/YRf/nj2yYkT6AMay
+EaxXlKPS6G3MAtPwoJ24X1k7WliDJztZzP11nF+CHllbtUpTgUoOfOKOmuPk4b8K
+SWO/udoNjrXFQwD/zI4RoF1z5Hz46JpmYDYH7XrX0y0rbUuLfEp9SCK3BfTEmMzM
+HZ1lefBDXDBImkbugtf2Zd6xaxTHL0BeE245mnOiEkwPon+lW6JkSavhSEfH7I5M
+LvO86Ovy2y5T+YZz2mXky8UfywFhGPPUW9SIOkTgGwrS71n+7c3j28U4OiCG4JB4
+8JzxqJ2O9rufxFYF+HcbWYK1vd5+jq47mnvSCRn7EMLZKtK/IenFyENRPHNhPicm
+0n52bn2lGz8BzD4EX/OTOzPyrS6Lm/g+82RMX5ygu4CRf4WwmNOi/3mPj/tNnLeN
+yGIYN9k70MTSdaoI1HBp4X8o9/tJGmcLEtu0/tLtRr66034kqqz/L6SZT5NV5wym
+W2HAGz2ae5LsOL19rr1Sr/x7PYPURTJnFY1N6nkEHZ/4+lfekAd1JKPtMk40RljG
+Vix75xnH4CVlb/DjXl5aq6kxrD2Xmpssw02VxGlcIu42FXyI9UfkH8qkQBuQYyE5
+8L3yOehKV/b5IdtCVMZ0JUfT8ugqK4g27KTXS4FCAvbJsbv3A0PpQ67XNU8eDAMo
+aKBPsM6gcyd3asAU5lERXuT8VQT2yxlYQo6l4pTk8WbTh8TmXDsYlldfkdIFtSkX
+gQMXf5gcj6XotTMchY97Qarv7mUsujxg23e9CnbijWpceV8aA4VUHVFLG6ctVn39
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2.pem
deleted file mode 100644
index bf772ff279..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2.pem
+++ /dev/null
@@ -1,58 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Unknown Critical Certificate Extension EE Cert Test2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBXzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMHAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFFMEMGA1UEAxM8SW52YWxpZCBV
-bmtub3duIENyaXRpY2FsIENlcnRpZmljYXRlIEV4dGVuc2lvbiBFRSBDZXJ0IFRl
-c3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdgE9VN0Ghm/NmN4sGBIWC
-mYNYrK8ADbOxwu75ug/F5jR3Wq3Hlg4aC8SCNQ2h/sEnsGhZ1nsQwF1mDWMvsGrR
-87vV31pE9SlPQvMPG5S9UlqHO0b/4wj057sWoMHSvOcROdgJti2Dzt9p9+ArbK56
-kYAf4TYDVQi/UvCb4TYe9wIDAQABo4GAMH4wHwYDVR0jBBgwFoAU+2zULYGeyid6
-ng2wPOqavIf/SeowHQYDVR0OBBYEFCWr0F6axQ7dDvC4QVdDsvqzwEdgMA4GA1Ud
-DwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEwYJYIZIAWUCAQwC
-AQH/BAMCAQAwDQYJKoZIhvcNAQEFBQADgYEAC49hK2AAPynegAqkmf6gK9o2lbGR
-G1PQFqTf+zLATRWYbB+S1lvMJEOYcf1/T2arOgWO6xXJHvQ2xvYr6VbfBSnIdhUW
-OoIQIAowM3RWpZaHu9Ze31BXnoiw3AJxmzIzuD5l+4RyE5OeqTtfJK15kOpeJVdH
-aMmBFW2/5/9zl0k=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2EE.pem
new file mode 100644
index 0000000000..1a90066703
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 20 42 CE B3 BB 2A 33 9E E1 57 6F BA 05 88 00 FB 02 43 03 E9 
+    friendlyName: Invalid Unknown Critical Certificate Extension Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Unknown Critical Certificate Extension EE Cert Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBXzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowdTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExRTBDBgNVBAMT
+PEludmFsaWQgVW5rbm93biBDcml0aWNhbCBDZXJ0aWZpY2F0ZSBFeHRlbnNpb24g
+RUUgQ2VydCBUZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL11
+HGmB8QxySRRl7MvXOzraGLZJeos5aZMRg3lNXzHEmkW+O4/2YkjzYUvj10VhEs9D
+lUAejvIboJ6ZXkYiFx87pZww1Ab7tp0TbrSzT4N2O3+oYosaRNTyYB9Rl6+JOmAQ
+nmk0Wz6Q7KbFzhQPG10mbFtP6WZPW36l9M+KNiLgTdpbPk3R+cVI+ICwaHBC+8Tv
+dNlDsK//6P5NwqS0LyYTT24Tjk7WTpt7f/i/Uczr4k+2hG3hGbMh9x18sZcsSsZi
+5QdsTU0PgefHt1dFlyRP+zY7xBEyCDkLR2KWZdPW6f19qPNagNOLzu7k88oa50v4
+YAegSLRu8SI2dA1Ys0UCAwEAAaOBgDB+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWu
+vnW2ZafZXahmMB0GA1UdDgQWBBQK0YrYt0innsAmNsSrdytVebzazDAOBgNVHQ8B
+Af8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBMGCWCGSAFlAgEMAgEB
+/wQDAgEAMA0GCSqGSIb3DQEBCwUAA4IBAQAckvMPK/r5WshWWXP+qSdUqT7WOfj7
+hdAJfI0aAdCT4sNrR0boObpmHl7sqo9CVRhW9GCgsavFNl4yjEOOdjyz/9wzs08Q
+YI3qgnbqV/r6OiklMuSar8PLoy4v2EmSnB7RLQ2ErbAtLv/gK7lKYj/Rq3Ktyfds
+rnudx2kHpi7t4M1rmHa9SxlheEj4JCTTiDjkn0dVyMov0dvgegQ2bfvTBOmvjt6e
+yo7uiCo0UqrDyoV1ZFa00ylk4EgoenpMfsXbQMUgzS/m0w5O4nPA2YxyBxL+pJAf
+4XP9PD0Ro2E8EKk1i81OuEucKruaXBy774BEGrdZ72TTo0XJSp/TT4L1
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 20 42 CE B3 BB 2A 33 9E E1 57 6F BA 05 88 00 FB 02 43 03 E9 
+    friendlyName: Invalid Unknown Critical Certificate Extension Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,651BDA338F446BFF
+
+AZUCywxK4m9yRJrXqO2HqYZyh099Z1G0dOf0B9Bj3onzixwTb/2NJphl/KP3qeoR
+N/TqXCawDW6VtEHD2beiP/6AMbucgK0aPwHn6S/RYU0Y3tedPD9ZfiIx7Wu024Jf
+2XMCM+WhNv4MRcW8lq08lm3eRk6awQOtNJKUpA1AsPtxwjGVNSVKgaZS4/IHREdu
+r2AYg1R4amj7/PFfZFAymPyWXwNFGHIf4IlORu2yOyjnVFm96OZYm6H89DgKZtkk
+y29ZKEVhyljM4CIfqAT84OVRKLN4182dPL+F+GKoctQjVP/7+CgNya+d5SObsBSy
+s0SNwJ2bz9Ea3H40s2tjSy1tK/NbsgIf8QMODvUqzaB+09vBXrhH0fVR6NeA+8KV
+0gpoZI7lfcJUcCf90bosVxSSWcxNZkqbO5dUmrDS5ZeT8/O+62Ibnb5nmJCzqQZ8
+s7mlbzNaZ+gxQjdpPQufLN9iiVVR3hQPWxbev71DoQEI3HC1iq5/CwlDyOPKVUcp
+Yvboxki+vsYEpxDklSgOcVNnEnRZcSk/YnwGJbOCaWo4bWqAoR7EIfXFiSDW65Pn
+vuJOFQPDFXejfT6MIoqpxhquIh/9CtE0mnfFq4ZvqNzLlaTA0j8nb2tXiimXlMtX
+iosOCPSmKhkzam5NeoiXxo00LAJLISolPA0nfOEF/WWkzE6cw9+6UGo1UZYBKwp6
+O4bwHzv4LAjn98sXOQlEJF9n9ODH10oM+Q6b/ZTfeSA0OfZkV8g+s3/WkXVg2Pwn
+KiPdAnwzj1puY2sdeaDxraJdf8G1F7eerwMILDdkdftb2NjUl9dBhnQuOSp4srwb
+8oLvJMFDqqHWcRW+phkNIUDep19iDfgfiDDTzhSFZdeVIqHywzoXj/KttiQT57n+
+mZtRvdvoUJ//5OioMhuiXBaRL90GfA6/i326mTgWELdI6XGsohsVzH6rPZDJiWFU
+sABwl4fMTTAsSkDA76kFb4SwwENY01uRDbF/U3GqKt8Wl3gil0PkMs9vaBM/zyBb
+xuwjVrFAYl8qLyfYcs/r0prYwp8pIvjZNzo9po4RXGLIu0DXZaHCH0Gl4lgAfDar
+vK8U96JM6m1BW1ktNZO9WW7IVyiytxhRMVEL4qV9bwb/77aMAGe6mHrivh7N1HT6
+9pRrM+fUB2/8xIqpnGR7EJ3e+Ci79MPbD2Kt4UW7XuhzOBlY9Hc5Yh0SaYcVPfUO
+iBXwkUbuEIMIjJbnVowW0+fM8dCMABO5n4LTULJG4LejSLFhNC6RKhddHK471HbH
+Sunz1bsnOPkukh6ipjdZvn4jtRvR8frY66qvmi/bEqUJ9Zypy7iz1H3I8aD9v9ly
+WVuKLkDFOu/p4Yw0yU6UGZl+XNGmXm1eOw7Rqf0J4Xk8HA7XJB4fOplBhXbt79+P
+e5Z7u8uo8BZhXHAZaEPnFf7JAVBEfP4Y8J4ptcWLvISv+5cy3zX9VcrXOxPCBIm9
+crSxMn6VqbpnyEzvmZQlCJKBCNxckAciqHJsVOjSKi0yiJYNPc7q794H8dK2hXij
+szapKjWjmPPd3hzOrEMHqFqhuL1LPfZ4uD71D0RG9QJw7LC0UPOIIBM/E9APGIW5
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6.pem
deleted file mode 100644
index 7f10e7695f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Wrong CRL CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBCjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMV3JvbmcgQ1JM
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrjpkZYUtNf/4W6weCyaK0
-JDUtJyXxK8YEL9R2hpnPnGceXRXEkq7XPWyNBAC+lpGPd+mWjvX4A/MAsGHsOiY3
-I35sJHR0ViNoDDIpACYBuNhtFTQ0JHS34zOZR+jG0BYSib4h+svHctlVWGOY3l8F
-lp8EWSm8YZ3kt7kycshWzQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQU1G3jwp/Wffea3VwN0SfwS1Rpd6gwDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAI844RkGSuDIY9HF+gW3Nd6C3sILutA0Zsqw
-Ih0wWh/y9VOV6TNvPd8BlF1i0WkAMcswgqhrODgySpG7fdDlgMTSI/Tz0ObYbsA/
-Dcd3OplmCfRKi8biDWnBn6LdZysZ9uiIOBFyOFr5cfWGlgSctiXxtZc15sju+TTA
-EwWcPVar
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Wrong CRL EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=Wrong CRL CA
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFdyb25nIENSTCBD
-QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEvMC0GA1UEAxMmSW52YWxpZCBX
-cm9uZyBDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDYwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALC3wWGmw5/yOOPg3RNvStJ9JJIfBz6CyFWksquf/4icnW/wL4rx
-hCxN1vNOSiH+IrOgWYTpkpGPiMvbvn4h9I2Ytzimw1O0EPTXFAE6CdJagxdcsFHA
-1UJMR/+666NEypeYmyaFMPduqmcR7rED7TZZgQGhltY2+06s0SghWO1fAgMBAAGj
-azBpMB8GA1UdIwQYMBaAFNRt48Kf1n33mt1cDdEn8EtUaXeoMB0GA1UdDgQWBBTI
-T2I2nkS+ARaPkr3QPXOlb30emTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAKM9XsZ6SDRWXHk1nyBsa28P
-ItsxtO1B0ZnK4Aboih9fOPg14udmRCVjgc7Z3UCl+F8YXFWKkisitt55o74MCv60
-2vlEaBrRBPMvTpHwqyNIWCcuDYBT4JrfC+iF8RwHtts9c0KUUn/bwXAuvDclEg79
-XUWTzrxsqFVOnMEktZUm
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c7:32:ea:21:ff:7d:01:d4:f3:d9:c5:a9:ea:04:35:21:81:d2:
-        13:f2:35:d3:e4:53:c5:03:93:de:a1:2d:25:56:64:bc:52:20:
-        81:53:69:6a:a6:90:26:38:bd:ed:31:7f:a9:7b:c1:e8:a9:e5:
-        07:97:82:bb:3e:8a:f9:79:ec:2e:bd:16:4c:31:6b:b6:80:ca:
-        ba:ba:0c:35:0a:d6:08:3c:31:78:fe:d3:3d:06:69:6c:3a:e4:
-        07:4d:6e:84:21:d3:c3:90:60:8f:99:90:62:a9:16:38:25:2f:
-        7e:08:5f:2f:cc:59:d7:7d:9b:2f:d8:0b:e7:70:d9:64:f7:01:
-        38:8d
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU+2zULYGe
-yid6ng2wPOqavIf/SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAxzLq
-If99AdTz2cWp6gQ1IYHSE/I10+RTxQOT3qEtJVZkvFIggVNpaqaQJji97TF/qXvB
-6KnlB5eCuz6K+XnsLr0WTDFrtoDKuroMNQrWCDwxeP7TPQZpbDrkB01uhCHTw5Bg
-j5mQYqkWOCUvfghfL8xZ132bL9gL53DZZPcBOI0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6EE.pem
new file mode 100644
index 0000000000..8a764dae01
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 49 9A 22 5C 7E 4F 47 9C F9 9D 01 7F BA C4 B9 7D B7 18 B9 A2 
+    friendlyName: Invalid Wrong CRL Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Wrong CRL EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=Wrong CRL CA
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMV3Jvbmcg
+Q1JMIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLzAtBgNVBAMT
+JkludmFsaWQgV3JvbmcgQ1JMIEVFIENlcnRpZmljYXRlIFRlc3Q2MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLSUqSQ+ff5gAG8H8PWG4MFHgx2SKmPN
+Rr1wAwhfFEIrA9cJWns8gYqTKXRkfTHoQlqHXdg+7dzmZ3QRy9DZ8FHDTGK1YikH
+lTTbTo3j19OmOY7pVmByLa7FOHitP+0ck0QdFTw1eS5frVgs7K9abmLbvz+4YZY5
+bPAdVttyOnw0h4IoHEftx1K+7F+aZUc0WR9GD/XL3gsrnRkiNYVOraX+07frVn4a
+3hLtDWqOEn/0GDZoSfDuMdsjFhwjkObbnzzOQGZOMZerLdwva9c3F5nl52H7iNk+
+4UfaSahjOPfcCNDSQf/teiId+VnO0mCMMqkDxDh+dAENlKwbjGfO1wIDAQABo2sw
+aTAfBgNVHSMEGDAWgBQMJUbgiXpRB0qvNa/NkMRyDreoBjAdBgNVHQ4EFgQUg4Fm
+s0iyLn2sM7+I9tk78gxwvKEwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAIhouVXz76OgM7KW9IxI4DJ5N
+SYjcUdKLaVKMmmxsvAt4M5dqPFEmpJMRon+gcR7rFF/M5BkNw0nBQZHUarzMG42F
+u73I2sJWTEbEbg3usXPJKnDISUrvJTBA9y5R+DZ9aRlnZ/OCJz05cS59R2MKdIJ4
+ntOEvWVKeRet0oz1UScIY1hc1DqdZ8YgjUR3waTMKLxRayESKysAAoOxDILlWovk
+WPTD32as+5goMh44r6+0Ntwj0vZ5W0Sg4F24m/R6ZEHhs+elV1ilPNCgghMJ85Tp
+pbE/8xN3Z2ndZzhXlXkFQLdWGQwpQ+2Lld2NFrsn+2+OXGEzT6v+QRLZse0WOw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 49 9A 22 5C 7E 4F 47 9C F9 9D 01 7F BA C4 B9 7D B7 18 B9 A2 
+    friendlyName: Invalid Wrong CRL Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DB3B0C652578E1F9
+
+WTacPVyIqEiSiv5N8GuiGcrH3xfwU/TZehvEIPBwkx9PginD2FwfwVqltOaCHSBd
+OXs9LCoWsAsAoCcp8GlNwSTYer4lgJsBNnJlGVF0WUMvMandeHrmnR9Ig4LJLH9M
+WHFtmLyY+2Il2aRYN5PPCKKAV9ifAB4bygdOsm76Rat8SFNLC1HD4lmjSEwPmvxR
+bhgs19wti5I708K7kFnV4OdQpqcMIbfgRLA3HZxPdTnN53tGxXUjRxEEAP6SG8pC
+WAleiIS2tyoIYTu0lZSO/OiPb2wQ5mLVxIDrN2PgN6HrqrpRRXwcaAQmuUpA3nkX
+Bx04EtNXHJo59kK8+a6r3BXlT9FxUl+liTZemxC+6aek79zhHgM7xaExOvUdgQWR
+2rY2KZtDkSp7k06hPe0f08kW8GfpRCmkBNIltk3Gn+PxszsPUwZSPZPKjMagmWGX
+AVEKrvMZoVmhTVJAlS4km+sQ246XjrztUGeWwKndsB7YmKYxc1mozguKt/pd9pwF
+DhGKjh9IHxWLSEc0DniLHEDWgwnVOa+TCZVwSPqQHNfXQzKeRSiGCvxBF3mLx4ge
+QGcFKkAPxBb30ZGKlrHxbkFHl+kusXXEZ3neSYZBDwR8H66aAb3lgDmybPeb0kgS
+XP5pW1yk4ldngaEr03NomxqxjtX8p4Dn2TUqnTRzBSGkBSw/2khdgk/s+bgF8QnO
+fEl3gzcGFEcqqH1R8UMJ5lEtRqA2ynVDlAb1d2+5pFkpLh7B3DqiYXz+a0ITf3/X
+sHR+7oTg7olwCLR5xEAPhTKC3QyNBtX4jpt3y0V+HqZCqphJnb49XcJjSPcZF2mk
+quE1kpgjP8U465PR6fmRl6lx82YOWXren0/QMH8FIL18dTXFVJr/+HqluARx4cIQ
+1R4bvG066jYOy4yUPrPDDhqIwBccxVfOWH18wHMBIM0GVUg43glYnKL4Vf8eJwnx
+YXXgC74daXMQK747+/CUsxn7OLk7OrIW8/7969TwQphEoKXxnSNbJy+P/32t5ikb
+HPQ48TBlRoXF+/pD1Jh/BDT2gZT35KrukCUdtzyqkIrl2pd6KVJfXHqObEInysQv
+QXSbhoug1lJZtmzkhF9LcGEFU6fp4suEhmsj39K5UpXIrjjcY17gGOafEVg3FN30
+tetlrlGSrzTg/7i9HwZoB1W2CQmr+D/2v6PdFDJOXAoeYft1clWKNowNY+t9X81v
+NHEwJ8/TY1//TOQHJ+TlrrHgmtP+Z4pehsXvU9ILopFxeaE56KTggsEE32QMC2Iw
+BiyxwYWiM/b3sirmxJ+KdCzKKX8WOvVKflsAYqK9UhrofEsjblwtGtoAvjm/5tjQ
+M+vPvwrHA1pr6O+Ttq7QA+AvVOGPTBSN0DJ+FJgIqLJa5mGZ1Aeshuh/4bqijoCl
+x5/02Hg+YMqxCgqObq/ddlgQRIRelNCyBJA+LD1PMT5wtg992udAFPjtpgISDXr9
+BjaGp9J29L1LevQNQa4T8wLs8XCgLWdW4jEt8mW+b5pPFvkMH7LRFIND+m6fjttO
+G7re6NHwzVsUImFR7pEgZvL1BLTOQUMbS53NBUtxux3wDhdnusPONg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2.pem
deleted file mode 100644
index f64a9bb06c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=basicConstraints Critical cA False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBFzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlYmFzaWNDb25z
-dHJhaW50cyBDcml0aWNhbCBjQSBGYWxzZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAsmocvHtIhy06xoGU8RgpDv0nBGXIPSXRG6Poy/+IGxarpbG06NmC
-maF9YsRYKMKl35fIYgRSJXsZQNbNdFp+OP0unEc2gkWnRFkd5UYXaUYUw+1joRBQ
-rv66WNwMkTSpFnzmb0Pvvxw+5Yy8MMzvfYTwnw4GIgLtTrffpS9B4V8CAwEAAaN5
-MHcwHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMdH
-T3Qigo2QmpSYRbO1Q8N1GDbOMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOBgQCYmJK2
-5OMOWxlviglY0yKGvQpDwTyJ4CJmsGGI/rtSjvfFiqHPmq2c/QGm+pAdKMqkhGXN
-FjVPKm8pLqrFbAnWXSG5OeWq5wEMckNe1Qjp91ag5gmWEVwdq86eNxkkA6w/+hjp
-BxoCAT74c74EqPpOX8c6NGlI3VyN0hODzePSHA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cA False EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=basicConstraints Critical cA False CA
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJWJhc2ljQ29uc3Ry
-YWludHMgQ3JpdGljYWwgY0EgRmFsc2UgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw
-NDE5MTQ1NzIwWjBZMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp
-Y2F0ZXMxLjAsBgNVBAMTJUludmFsaWQgY0EgRmFsc2UgRUUgQ2VydGlmaWNhdGUg
-VGVzdDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWAnb4eGXIMKqcvxV1N
-I1WYOIgPGw0pmor0ePIVaJFQZALxDndu3IUvzZCuK/m5nBAn3qtGItKULZEqeZx1
-sqbagMshYrHDkntnRShl1luH40b/RdWn0SnkWcYiA+ZTmcUYTV4t0OmgeUzQMtMj
-LRQ76i3JymtkR6MDgbJ6NWQzAgMBAAGjazBpMB8GA1UdIwQYMBaAFMdHT3Qigo2Q
-mpSYRbO1Q8N1GDbOMB0GA1UdDgQWBBTQ3jc8Qy+MJLvnf+0PWJpzZUdgHzAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEB
-BQUAA4GBAKhCguYapRZdH/DcOaj9Mtc/x8+/QbXwwWTyETUNHItDAWqwXgCbEHKN
-tbgWB6IZnzhzWvLcNk0HJrqf8jnYEC3EWj9ruOl7oaCWRuq5uLwtnf6MCI32zjzT
-yJDh7QLWt2STzMDmppGt84nl3PjN8MaQhp2qTJyP9f8ue+n+Ng0D
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=basicConstraints Critical cA False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C7:47:4F:74:22:82:8D:90:9A:94:98:45:B3:B5:43:C3:75:18:36:CE
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        32:bc:12:1f:84:d0:b6:3e:72:a0:fb:d9:75:99:ca:e5:2a:05:
-        09:e6:c8:27:74:47:1c:dc:0c:d4:9f:bc:9f:b2:62:25:b4:6d:
-        5b:e5:0b:e8:2a:8e:07:eb:3e:6b:c5:1e:9a:d2:14:fd:89:5b:
-        c3:10:bf:19:77:67:0a:33:45:1b:bc:6c:ed:af:84:30:59:fb:
-        7c:71:95:63:60:31:9b:9b:0a:ea:77:f1:70:f1:b9:2e:d1:a9:
-        04:42:66:94:b9:54:48:db:44:56:56:1a:57:5a:01:0e:7c:4d:
-        d7:c0:1f:5c:6f:13:f5:a3:57:88:6a:9a:71:cd:d5:ae:c3:00:
-        b1:28
------BEGIN X509 CRL-----
-MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJWJhc2ljQ29uc3RyYWludHMg
-Q3JpdGljYWwgY0EgRmFsc2UgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqgLzAtMB8GA1UdIwQYMBaAFMdHT3Qigo2QmpSYRbO1Q8N1GDbOMAoGA1UdFAQD
-AgEBMA0GCSqGSIb3DQEBBQUAA4GBADK8Eh+E0LY+cqD72XWZyuUqBQnmyCd0Rxzc
-DNSfvJ+yYiW0bVvlC+gqjgfrPmvFHprSFP2JW8MQvxl3ZwozRRu8bO2vhDBZ+3xx
-lWNgMZubCup38XDxuS7RqQRCZpS5VEjbRFZWGldaAQ58TdfAH1xvE/WjV4hqmnHN
-1a7DALEo
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2EE.pem
new file mode 100644
index 0000000000..1c8a8c279c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E5 65 2B 75 8B E9 2A F9 2E C8 83 32 11 38 9E 62 D2 61 91 73 
+    friendlyName: Invalid cA False Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cA False EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=basicConstraints Critical cA False CA
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlYmFzaWND
+b25zdHJhaW50cyBDcml0aWNhbCBjQSBGYWxzZSBDQTAeFw0xMDAxMDEwODMwMDBa
+Fw0zMDEyMzEwODMwMDBaMF4xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENl
+cnRpZmljYXRlcyAyMDExMS4wLAYDVQQDEyVJbnZhbGlkIGNBIEZhbHNlIEVFIENl
+cnRpZmljYXRlIFRlc3QyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+5pPuSskaT7pQvNS0XtLWfsJa8Jtq4V2jt2MY0BMegVCjknFfUEajR7X40eKlCACB
+QD9awY8FrNrkR+k6IHrtNsn7YhwyO7gxC+8loRip9NEnrKweYDB1MiYGEhmep3wu
+IXUrFdNVIXbazuQDQzTNVRnJGGSKxP8SlxIrLg6C7gxmYpr61WlajauE87FtalMe
+lAMQp3pJUiwF8Ooy36Ja/38fgyVhEX/0Qw+OcMfAg4Oe8xVhLaffWF8ZBpji/z45
+NqiNJ/ZJ+IqwfcAp+8vhcM26GBX4l0c7CBXfjSCi2NvUdsHjv2XeloDRDdfZfoBx
+lGdkeODccKklxTJE72ylVwIDAQABo2swaTAfBgNVHSMEGDAWgBRw30QvA5kcF3MY
+8jY8FDTQCdHy7TAdBgNVHQ4EFgQUfLh7mOwGIojKj5FQ2sTCLnyBGFIwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsF
+AAOCAQEAYrhQ0Oit0VO721Zoeuz9vRSVb5pEyWOkXstseN4oBBCAwd+L63rzNYGT
+SIzFTMh7ePO160xVWOJnSjbCDhEDdLG48yYI1bIZ5B7mdOaGqfo+kh3+oWXbM8CE
++hQu0PbS2d931zpzKgikars+50o3g8veVaD59Wxft/JGeiIIK1Hld97vjNRnsi2o
+7wqeYVTQHeRT4kksFTPfY0O2DgeGDVvCwIPP11DtSxkgBkonxBqCSUIqngKdDPV9
+nD1PbNFiabVgIB1AWLThO0zAge4ZjiHSzaY6lZwCzqW7KWLgjscmvHDd2Y2DTIR3
+xE8o44JWsXaJAO5uYDD8w0iQQ2Zagw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E5 65 2B 75 8B E9 2A F9 2E C8 83 32 11 38 9E 62 D2 61 91 73 
+    friendlyName: Invalid cA False Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,55AFA660EF18FA45
+
+kf6xL6LLcWVhm2YeI9NLp7e/QJi8iblF79iSwggzH3uozQOYuAaeA3tVfIxRHu5o
+CvsnvytZmsF0uaxGhm1mtPerBOQZHtqOXU2J1jKIZguAWW8qNID3CitLVDmibx/J
+jOr8m2gtgGEbJ6Z/Oa35JgNQPU5rbypAQJIrxiW9Uh3CWWVXXNyab1/WtxE2CzF+
+8eegosPhUSyjP1qrGdij+tsmgygQbnp+sShHb+/viY2dpfuzkBX6HzK5YdDpssp7
+hf+5mijMck80JrJIIgdMCCkpv/C/Xjk7bF8apchmUEDCLGva4QKKZ/Qh3+LJD9+m
++BXGab0Hh2PdGkLLZR41Mgjt6CYz+UgoxSlkJNK6TzovmXPlJ29mVBo8+L/ECWW6
+5amVM6ZHax2PLRfskZYl2Dj06aCJcbz+Hgnh4dMoL76KEb4p1rGXkULO/zewM+pr
+4j2zVpOKgJi2iv6QI39MfpIWuxM5MDKqgYsYcdDhuuXn0R+VcGPeQoGPWJ2VCoFr
+8tTL+SFpilNrtLmrlw1x7RmrxKpifWAUUQNHd9D5o5cbpwPwq7GYaIE2AKtrps4r
+NFzq57NZPak1kN4tzFfgiW/etl6A1zCS80Keb7/uZ3W8/rsaT3PwJF4tRxkQgRHe
+9l8Avk6g7Suu+viySRXXyL+bPVt3OonxKdN059sKyqaWl0iTLBk9nK6HX55gG+FI
+lmSf2fHixg7b13ur65SE5ypg/TUmF0kRMGusscwv4EP9JJv8eFcOo5LfzmkMsHhB
+chTZz6EEw8NK1okSSyzYnQF00XrNpeo3bIb1dAg1XeGI97XuJn3c8cc3KdMBKLsG
+OG4Df08YFCVInVkeKyGvQYec5eGKlkByXTpriDiQ4hlMzu6enGzVkRggffSRnX1G
+VK49gPBqIDA3872xizE3CV+h5yGyjaI6c5wokkt0XbCQmpO1ZmocMrvlgrt2SirC
+IOPC9WYkwumsvaS/ne2uPnPkEAdWQWllvHW/u9GFD00wb4aYW54xiXepxYM+ZR8n
+jXUt6X6r3SA0VYPsM0vxVqyPyFGnbkKiG16EK7EqL2HwFCbujIABUSVn3i/tYRSL
+uV6wrkmPN/XtgWXANChCsZ62n6bTKj7Red/W9FZPPWw8RHJrdCBPX6+EjHnGW9To
+J/CpXlkJoqZHXnqbqIvk/HTwQCGFUDRvLwAJamxAnkQbxSoowsKgaaKy3NiMH/AX
+vsKXhL+hwpQuyHNaOt7TxFq3YmbLMjXldl5yhzPJ2HjZNhkm3U7Gr/REq4vZjmEj
+q2o5cQOLhsS39Ao2G4hRdKbIg9N2e+vNzWPlS626m8Zc2vCySdJ/GR6d049nve5o
+cavpyiXav2VF9tZQfGrI/y+SuRYIoQAz/1BmP4RY3zL6b7vCNgTGq93vlR2Db0VT
+H389riCMDpV8M3GDpZBhu7CO4C6KUM2JM93prRN9vHZNZzFcDQIZofRpNlnvzXS/
+Lw73X1WbxLHcI2BoyvOZRfO1bKBbWr73M8ZtEEFuQ/K4umfEnIXh2KjUVEVTb+I8
+KJZqJbulxVkfnRxx9ihb3+TmP/APxJu/0IedxU02CYKD95+13STPQrec097TUz26
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3.pem
deleted file mode 100644
index 8784c21050..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=basicConstraints Not Critical cA False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBGDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEyMDAGA1UEAxMpYmFzaWNDb25z
-dHJhaW50cyBOb3QgQ3JpdGljYWwgY0EgRmFsc2UgQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBALebKuy5EJW95AkM4MZ0p12UxwWQqlclzW+C7Ntov96ejAjA
-ciH9FrTh8IzXl99nnQnHHO8O+pZ1jzh8hQx+kAGx6ENV87E9ByTgcNUwSgHgEHX+
-59fIr8RTbdUtF2T1U8iyFM88FkpI682I0GvNDuej65588/P/OAHTmZbqcWrfAgMB
-AAGjdjB0MB8GA1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQW
-BBTEleK6dmzd47tLaP1CRfgUVOxbzTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADgYEAhjgF
-Diuvic63KpOvuZxczWMf0K//uMCtUxtXXRTI3/Wm4ryKa+yI52FUGhUcNB5wRAES
-R1tJSuphGx6rdcSHZTE95gLo24lnyc+oTZQ3gcK2xouTy3F3CvhmPs9QMMjaqtfn
-NDJKzUyBvAasUQ9SZxk+bifeeSQ/RDzmQxNKHr8=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cA False EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=basicConstraints Not Critical cA False CA
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMjAwBgNVBAMTKWJhc2ljQ29uc3Ry
-YWludHMgTm90IENyaXRpY2FsIGNBIEZhbHNlIENBMB4XDTAxMDQxOTE0NTcyMFoX
-DTExMDQxOTE0NTcyMFowWTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMS4wLAYDVQQDEyVJbnZhbGlkIGNBIEZhbHNlIEVFIENlcnRpZmlj
-YXRlIFRlc3QzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5JEpPUEhR94hD
-geH4nu6tuBiM/sUvTffvOfzdSftTXOQ/4pHuZPXKDz7SrM5gAimRZMXlC0ZngP7z
-9Q7StXqOqMvZI75GjHGYr3S3W56vvCxfDh639L/x3UlhfKqEzn3rMLMDC52lJzcH
-npMqMRIYWdedIvqg6OaxMDj30va12wIDAQABo2swaTAfBgNVHSMEGDAWgBTEleK6
-dmzd47tLaP1CRfgUVOxbzTAdBgNVHQ4EFgQUxBUts6LKOH9HITo2TnmeY1hdGNsw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
-9w0BAQUFAAOBgQAnnZ9Y8fdKeA3cdodXsQqz302mCLQLH1jhcE7UnfAYrTdecJ5s
-8xxE7AKdNEG7/KUAoSwKDsGw0HBIQDPD62kblZEWKViT4+e4isf4Dy3G31BRbkiu
-bcJsDKzOOdCeCdXJvGXAJ18su8P+4srOddrQuINqRy2YgDG5Rka2WArY2g==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=basicConstraints Not Critical cA False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C4:95:E2:BA:76:6C:DD:E3:BB:4B:68:FD:42:45:F8:14:54:EC:5B:CD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a4:53:e8:4c:ac:c5:d6:66:9f:c8:a6:4c:ad:d2:6f:2e:31:b6:
-        48:37:6b:9e:e8:76:8a:ff:23:80:3a:49:a2:91:d4:94:0a:bd:
-        9b:2c:0b:cd:c3:9f:e8:a4:7e:b1:ce:37:ea:23:5c:ff:c2:76:
-        6e:c4:84:d3:21:2a:ef:7d:2e:fd:71:54:2d:8a:ef:f5:96:73:
-        f1:7a:c9:1a:7c:77:86:b4:df:0c:47:a3:8b:9b:b1:f7:bc:21:
-        64:6d:19:97:ca:b2:1b:e8:4d:f7:66:c4:78:75:5d:76:b8:7c:
-        5d:88:f4:ae:b8:6c:27:11:c4:96:09:b2:35:fb:6a:da:f8:fe:
-        73:df
------BEGIN X509 CRL-----
-MIIBVjCBwAIBATANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMjAwBgNVBAMTKWJhc2ljQ29uc3RyYWludHMg
-Tm90IENyaXRpY2FsIGNBIEZhbHNlIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaoC8wLTAfBgNVHSMEGDAWgBTEleK6dmzd47tLaP1CRfgUVOxbzTAKBgNV
-HRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQCkU+hMrMXWZp/Ipkyt0m8uMbZIN2ue
-6HaK/yOAOkmikdSUCr2bLAvNw5/opH6xzjfqI1z/wnZuxITTISrvfS79cVQtiu/1
-lnPxeskafHeGtN8MR6OLm7H3vCFkbRmXyrIb6E33ZsR4dV12uHxdiPSuuGwnEcSW
-CbI1+2ra+P5z3w==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3EE.pem
new file mode 100644
index 0000000000..54a073fb11
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BE F6 72 6E EE 29 F1 27 15 4E CD 61 48 20 85 A7 AA 00 6E 1B 
+    friendlyName: Invalid cA False Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cA False EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=basicConstraints Not Critical cA False CA
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEyMDAGA1UEAxMpYmFzaWND
+b25zdHJhaW50cyBOb3QgQ3JpdGljYWwgY0EgRmFsc2UgQ0EwHhcNMTAwMTAxMDgz
+MDAwWhcNMzAxMjMxMDgzMDAwWjBeMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVz
+dCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlSW52YWxpZCBjQSBGYWxzZSBF
+RSBDZXJ0aWZpY2F0ZSBUZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAOMqfzk11boRFBbpNA1tq4GZJbk1M45bsflY/IBB0d8KUdhotWgSOm065GL3
+sB10F5JZI/sLVpXuH7R9TABBvnZu8XqX5RKKkNB7zMXlkpr4TFXGZnYgSmX09ta+
+fuZ4TQgj6BdztW1l/634f4exa7qZirzCISqddB99CN318WhQgMqxmounqUfkUD12
+e1UM3TjOPKqI7eYOJIfnfw2Ea6BhT55ncTXp5lcAhAajos+iWYhiqlPWc+cd1c8U
+3VrVi7kuKK6uuVBqA68QTiDnuaPEJsxadp9AuYY5WYGT4HT2HpsXzCd6R2fk94hZ
+iV/C0hSIAq0mVtq9FJF9qh/XwsECAwEAAaNrMGkwHwYDVR0jBBgwFoAUOdCbt08p
+N77TsIp26mqeze9GvlgwHQYDVR0OBBYEFI/4W2j9iCltyb9KCY6b8q11whJ3MA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
+AQELBQADggEBAG22QQs5JmmHtqLDRPAiJP+IjtpGyiOCH7IhyGLW6MKk88cjH9xe
+M066O9SE3asTYTrhQBirfy+nOxV1Qg+DdSmtA6ibr3USxTkH5xcz3OR+Sd3fkxEI
+qkjK5nYkXWs6B/xbX8A3iUrRmG2Yp/gLI4Fs3ZEobwh93E7wIamQ8PJ1SbnXTTcx
+xBy/IKY/usd7NdwtobmHP6fH2bWM0GyNxmOscLCxAhESLjmuq30srVG/jHs/Q0vL
+Jww3lWZSPbJXcRxKMzlu35IrP92RZWjtByv1Wndugh7q5rjT1ccw0eF95b/U5whx
+X2XPc74bSpqoh8dfNGTWjtq2JeHhGoJd+9k=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BE F6 72 6E EE 29 F1 27 15 4E CD 61 48 20 85 A7 AA 00 6E 1B 
+    friendlyName: Invalid cA False Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CF0C33F0D543AF3F
+
+TqNxwYWalKi89i8CJ27L6UcVTOqnEwzxawfBToP2sP2gwAcuYy/XrECuWOyTyeX3
+yJcZdmSSbHdXEyxZPgcRLTB3rzn5fb3tJHy7pU257nJtm7NnyT/4iPUXYe5QRpeZ
+SrIPxY8IXG26zv8hgs4hxwKWUFOzBKJrHLB1Q7MXlTxGYltJahDUmS6nwEcKBRJK
+pxhFQb+804FuNyrhidWfh1ubibvPX9AGX4QgWEcaL42trTbVFjc6VNAN51vE8j4t
+L/bIGdhEUbbE+SHxIBityvyntiiMb1lJyQpsvNr5svsvzXdv9adMFdiBzRxkf9RI
+hJWsPTqQvBN5mtX+aw9Ag4xCYwkE2eb6Vy6pWyow1WsXDaYbH89T7rPZEAl6ZmK4
+FNnycmLQWlmcuKB7Qd3vUIrjiUZ569vuQobdkEq/HjYpgIQVLKFb60tLLrVwraly
+ZEZAHIRf3kxR4P9tlcI3MvTXPSR2FdLCHNvp+JfRcXulFfPLOSJiMQo/t/TJjRVi
+iLv1W+UAp6flSOArCTf/SkEBnF101kf+KMVQoJrhRlEDdWGOCWxchrcni3LRxl+r
+wyZqqZYsA2UKGSB7E9ZWgN1XKxIxIUAh4xBu1amwm8KOfIiNSwarOi4E/73wAiW4
+f4WBzD4nhh1x6JwY9b0Ot+tqgCRL/LYcdCfJwLd+aO3cIiYFyVER2TV387QANCy+
+QgO6CC91I75pdPt0yLuyFQeoEuvzBpsZnC4d7pN6xI/JeUfBhaHzgDWX8ay6iH0G
++mON7WpEXqZXEgJCZovBtPx98gqE6fuBvdN2DpljQnDsVSzxqZ5TpfNE2NNUNFlK
+pXgq3F5MyueCHm3GT/yl5EIxJo0mB47h9rIV8iPIqDOdb5BjlfRqNbQhl9DBWDvq
+dtWNp8PBpVRU51IswMoVRqSMqTlWnZyyX/vjPkbErpei37NGfLeJadqaM970XAid
+IjVzGNEWKVo0Oc6coK2si7GVF1Dq1gTwiAJDdqbjEBlM4YgDOHxuYWg2/0vONZM1
+AuxdJftyJonRctNoc9r+AmEihjPKsbJb5uMBXUKyz7h/m34rU8X0gmRC3LD0IIsO
+IXV7+MSWWPISg+rdmYk1QN+imQuUv9qgxXfwEnHt/ZX3Eki4bed4NYfHZFCk5yMn
+vIM/oCIJStlIIE0aEUG9AJhaYSLFsnKWEjZBT5tQhmewi/I1YJ2NtcBSbELjRa3Y
+QbgICdGWP/FvvtX50oPSApRkfA+6UmxajF7FotYcupF7jD+dYuL19JaDY1D/zBYu
+QzYE4SY14SVyMazzk7meRAGE82C3p5gTx8hIxXq7Em5H9Ls+V/+JgKDv843gsf0W
+qdbk57p39Ib0LP3JROfPibPPTBVOsQ03UjD1a2WUxvWLBgCRC3P3QVbZVkcqztzV
+cLGnxuqAKziFQPcjp2djCy/7SOZ/WSnLh4UPtyryjCtEo37ojtiPeWi9hiHnT3MD
+Q4pYnLafEapb5U5c+4VfnF+6c/gH20jg6so7RpRZj7LYt8rCIeaLrfZFBsiuhAsN
+1t1Auz4G9Q4IG2RMZzl8C8QvkMnXjIc8DSy8mIjEdPj9bmAur5nAXKfJgK9WJc53
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27.pem
deleted file mode 100644
index 357566f6e2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27.pem
+++ /dev/null
@@ -1,140 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDblDsGRxVahA98R7vE
-/DS4nbSbyoerDINPIyc8wkOtWcS+y+f9O5IIdDJOZm2I5px1PA840SXYHh15o3ZW
-Vn4gFU3AgKF/CWMJ1g79LAYAMnQN/T7kSfuz/0rqhLH9tjz3Qtjt+/zy45YIny80
-7JOBLH3eLX0H2aOmsJUenp5ExQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwa+CD9XTTxDwMWI8WIm5inS7nAEwDgYD
-VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEvc066az+E8sftMAgkECVeJVw0Mcr2y
-YlJ0SAbZUNaU7KbzXxm3j8Q5v8K8GDy7EB4H0Gyh0vgsbChTAdLip7xQf7V7SetA
-nE66H4ikF/UAhXlSz+E48Qe2+L3w2weGbU3zwmNMeYkI6dmGFMfEut7hL9ak0Ulc
-0meAGzOu5kHt
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test27
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA2
------BEGIN CERTIFICATE-----
-MIICzzCCAjigAwIBAgIBBDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp
-ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDI3MIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDBePXreW7TEQz9U98u5IjkoUpf/CRELuDW4EWLSx0ib7kJ
-njp5do8pREmTX9nvLo1/CiJnv0RRNY4hKwqjR3V+j/2+BT7JDu5T8YuM3MmgWlJt
-G46pHVekb8uXAofDTqMlvAtGTQauE9F3JU7oJ1FJebMo9SRHwIBQvvwnLIn2qQID
-AQABo4G6MIG3MB8GA1UdIwQYMBaAFMGvgg/V008Q8DFiPFiJuYp0u5wBMB0GA1Ud
-DgQWBBRA5ST4jwbcfGOGKDw9sAjuw+hKSzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMEwGA1UdHwRFMEMwQaI/pD0wOzELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRAwDgYDVQQDEwdHb29kIENB
-MA0GCSqGSIb3DQEBBQUAA4GBADHmdwVGWHDLCpX0n65DVgDpC2wWpGgu929rlB5w
-nhGi79lgn3z2a5+3UCaXHQY+vMhJgMFVYoOfmUCNd4cnTgHMtr5Ai9tOS934lj0Z
-xL/XOfx1v6ownw2VOZ5LWxMi2YnYTqC8323wPhcHjTecnE9JprakdJa6q54gsbZR
-j1fs
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27EE.pem
new file mode 100644
index 0000000000..ef47e0ac46
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 8C 29 EC 44 7C D6 41 58 5C 23 39 CD A4 39 0F B4 06 89 86 7B 
+    friendlyName: Invalid cRLIssuer Test27 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cRLIssuer EE Certificate Test27
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA2
+-----BEGIN CERTIFICATE-----
+MIID4zCCAsugAwIBAgIBBDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAuBgNV
+BAMTJ0ludmFsaWQgY1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QyNzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvJAVQl+mEVV76pxF99Fc9KxIhU
+DuSfs05Fqh87Pl42ZCLpoiPbhudnMaqp2y1ifi3dxPvDIAxH5Tc/N3SoftcSPxdn
+W3DE4tS1A4uymQeWnY1eGHnhz5Y6NsqYCbm/lxCZQLRO/krnm7xrTH57QG54M9E+
+MTMpEidf1718C5K8y/OvGbtv15Edefc+k69SplhiTJc394PYUxt0LI9HzHdOlsXt
+WAQwhjZnt0EXuqn+J6NFum9IM6MYaFsTjZaGHSRroKz+UfAzFGW5tA/6EXLBVGD6
+DPLZta+5Z1LUfveWbBoKkgnH8PUwBtrEDY5SBENtlO9NSVWiXJ3VsrfIPpMCAwEA
+AaOBvzCBvDAfBgNVHSMEGDAWgBSII+Gzs/Js/jGpvothqjuShwWkozAdBgNVHQ4E
+FgQUVSJwCEr2Q8gS6e/AwFKOUnZdz2swDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATBRBgNVHR8ESjBIMEaiRKRCMEAxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRAwDgYDVQQDEwdHb29k
+IENBMA0GCSqGSIb3DQEBCwUAA4IBAQBf33KnXHUpBAiIQXAWCZAEbyNYB6Fk/BIa
+zgm21r/1dqB9Wuovu+AiacxaeqOfusdB8HsQHKk8uTxK1LS1Zqmf0Ym37tPd3Qtp
+dK1D+Lnthbw89dBBjr9MTbwZKblrsqArmhulfo2LB+OYLaODU24zy8i+pwUkJuMF
+lApg5z1ksE2+Hhcavz7ZljjSrQTZU4gZ7rq5IleXw6i4a4RqROQdwGXSdAMKO2fr
+14aq/21J3VZ8hqIPy8KLokwwD/7979H0AvKCyWJh6UHGqWiq+2tLOzXTMSVEDztF
+V3lYqmXmnK4YmWwD+L4YO3JI1Har+eC1Xr2WRD/IVhELgJzybsUQ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8C 29 EC 44 7C D6 41 58 5C 23 39 CD A4 39 0F B4 06 89 86 7B 
+    friendlyName: Invalid cRLIssuer Test27 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FE17934CAEAF3C91
+
+ssa3xZ1gRO+SH8hvfDW0uJsR43CM1VKsQCNm9IRuH+qhEgRA1ElYCCvH02lLGTJ5
+MR+sPJFrDM3Wf2Ho6g9E1UZ5OfyPmNIk5iHCUvdQbRB0TGRhnTMcG5EbI371DPyv
+tU0DwTqgItTsJyWmw9gLdE400rP5BgYZpmt47/DVKNheXfSeeg647Wt3baSxHxUb
+iy4iOdbYhVnEouT9zJC8Bbp05hhNtQaOBpF3MyUUi1OHtp31Ep+3YWKFz/3ghiB6
+r8Fgy8CZ9wfXQDnjPB0FRnBlz14lcbyxM2et8fdqFFnyIoQ1tU8wJbVB6QTursSZ
+FSVX8Nm3T9xqHiv5yzpoM4Jxrqmq+jzFeaNX1NekLhREybhBHZweW5tWrjcsshAx
+uWa8AaL2X4Fpq1XdnNHfTBIn1jDfAa2dwyB56gXXgm1GHGRaakvxkP3nLfeHtj8e
+DFEZN1gc+T0djaxaoO/b+J9cnML4mqY+faWHkJTCh+mbtTHwLcil63HIWSvohtWM
+xMhcJkLhNVo+8kjlu6+BzYG6Uf9tX/W4nBT77qrTBjUyYeVF6r0OlyQzA4kf1O9T
+eUQmrQ10mcMrc5rVrDXRlBeivio+uuc5LvdgG8rV5XzlEFf0OXPbDMh5/1UHXrkM
+lT8egxMrAtC0yx/3zTPBTLd8681OAZiqX6WUHWk0e9BxnQmYW1DayQWJnMODmyPn
+m2cMtLn47/MFOPIMQSzMfdT463wjPTRybhJR5eLKXXJWTxlPktqEoG5ZFz/9KtfH
+HH7maYTHiRv5TgvU4vH4x5y7IXjt7m1KB1EUympq5MYmQ5/9j5npPKfxeToZQxJk
+50fwcss7zQW2fbDrudy1Rl35dVgr91A04DHHhzuPnxbHgBsJtPOF5NuvQByTDvf8
+yhleM9HNchEPW3Ohu5aVL8oFRyFfFGntAVtSiGFUHM+JqXwpT0dp7AIx3pwfVnAy
+eDY6b44cuq51f+26fw593uxKNcwvPkQVl6xMDThGuF9j/lrAj0vySxof67uybDgK
+wP36pId5bfSLApDFj7Kk7hHhAA4hM2MOmw1nsf9vf+rpXuyyuMPZpqQXmRdaqz4d
+pw9S2neKBl2MtWNIL/YJqMkFdTj0DxE7hhOLGGbJ7pMUyVH7YC7ZYN3ztlJNLekH
+/3lfG/hFLsqTRI79Rl8wneNDfncdPkhT8LJxz7qF3VJsE1iwGdPuK9DJeT24brqx
+N6qubGkzIWIyGEDfrNR4fi+TRfzabnVixL9tREyTbGmL17RWDePhzNwSu7SZMVSP
+bqRctEsUpgJxKWNR4Tr3Sx0B8ZLogoMmQeOgf9zLh3l4UFLlituCc/1QTS8GcpPt
+6l1akizdOBEAyW66QReVPwj9HIaUiN8Fs33nEbA8dMRuWuhMxz4Ly20LJYUeDQLV
+wZpL0WCO9WMmee3P2a4gMPT4QkHFFJPzn6fnQ1M1cLA+BgFNAE3YrcWDLM/c+LC3
+1B9uQZS8cY8OhLTk8mZaAN2PYvSR3Zur9MlXMEA0YQ4e+nh9WI8WL46BMGpoq6BD
+mZ1mRLC64lIb9mxh96r7dTlexKoIh9rej80/eoXObqf1mpe0eSkGzUOP6dP8b8qf
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31.pem
deleted file mode 100644
index a370fa86a3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31.pem
+++ /dev/null
@@ -1,226 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA5
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI
-iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok
-km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM
-6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn
-6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J
-7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H
-sN+wLRApTQTr
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA6
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0E2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5/raWoeX0Fp14qkKY
-Ypdts+gzpB6uEBcK8SpAa5FzydBYcIJajJ7MbWLlH1o1nzd27E2YQQPaVuRvB9vS
-4Tih5plnbOXvkaUVh/iohILhb0Q49JWe4JU2yQsphppmzXgUH7C0Zygn3N/fd8JF
-MUxK0kDYmuerHsZ7DDIJsAOTpQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwhs+qhpOwTOKGqpZSQOxZqIc8H0wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACMudfomzqT284TDQDAaT8SdUGpP0bH0
-ofTP/6WODMD3M2+AYgM5ES2McuNKWBx/iifIy42icqmtiP4EjbwjK5JKPJzSSyIF
-/BL1+/TdNfvGBuDBG7qoVzqALx4QeAdCh9tjM9eZQbwVuIIUiI94VPU3hT1OcJRE
-ZCkFIjgPYCPR
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test31
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA6
------BEGIN CERTIFICATE-----
-MIIDUzCCArygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBNjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp
-ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDMxMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDF62+bmWqsIJDuZD87vUAXArOAHy8ctB87FGlfVI/UMp3x
-SJEM7Bb7cFD9DtWIsr+NcvEGIJIHqxSS+uqbSTkhLRkkQ6V3vZBWw9iK4YCixNHV
-4ngJovgzMWKjjTHBN0+8wtZz2gccx4lD4l8gvC41scMQ7qyQqIX0ByUafTEMAQID
-AQABo4IBPTCCATkwHwYDVR0jBBgwFoAUwhs+qhpOwTOKGqpZSQOxZqIc8H0wHQYD
-VR0OBBYEFDRJXOe+nS5RsQPtEvFYSSZSIXVPMA4GA1UdDwEB/wQEAwIE8DAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwgc0GA1UdHwSBxTCBwjCBv6B0oHKkcDBuMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsT
-D2luZGlyZWN0Q1JMIENBNTEpMCcGA1UEAxMgaW5kaXJlY3QgQ1JMIGZvciBpbmRp
-cmVjdENSTCBDQTaiR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENl
-cnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RDUkwgQ0E1MA0GCSqGSIb3DQEB
-BQUAA4GBAIPT9aAYLcz53VCc4i5LC7bw2UhSE06ovDozPQVlLW7ykaoApryS0aRb
-jRDf/csLFBaDbcmymFBGlYDsnDMv1+R2Azj5eUy4ssEpCYDsKyJnNvY1AD1aldyn
-hwyrIcLgWdU0rmHIT9m+/yLKdk31P8B3WKl6nNEtJVe1hlyeR8Fs
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0..Y...R...N.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA7
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 07
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 08
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 09
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0A
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA5
-    Serial Number: 0B
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c:
-        d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c:
-        f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e:
-        44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce:
-        51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53:
-        79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab:
-        7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c:
-        c7:af
------BEGIN X509 CRL-----
-MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0
-NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V
-BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX
-DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB
-MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG
-A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV
-HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1
-NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE
-AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN
-MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU
-lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd
-MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS
-TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3
-pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw
-FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly
-ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb
-uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu
-TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq
-xL1FzpoJ1fesDYN8YjzHrw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31EE.pem
new file mode 100644
index 0000000000..90560091ca
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 04 69 7A C0 F8 D1 7E 3D 6C D4 CC E2 AB EC D3 47 99 21 7F 3A 
+    friendlyName: Invalid cRLIssuer Test31 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cRLIssuer EE Certificate Test31
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA6
+-----BEGIN CERTIFICATE-----
+MIIEbDCCA1SgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0E2MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAuBgNV
+BAMTJ0ludmFsaWQgY1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOdZlYRiJUYOp5WYFV1jVCmoQisZ
+Wrsuz0ZIazNWxlXfUx6xCMZrSVa4uixQ8dwvvqUbQ6/H3DLXdhp9R6br11Fw9Hcb
+E7cCYSJ6/NuP1koE0eBHooh78n5thPOzOJks0DfVYPwoXM63B+z1MN+w0juSdNYH
+5ck2QeCO6FU0xlk2UnkmuWhoIvA2UFFx9LQgv4nX0WfmHg/k5e6dSU/O1hcjxT/r
+ivNnvBNLKjRhLrEOb57Fv47C0rs2nOruQSK95oxuBRgGaSSDdrT9TTFSgHQ3POUD
+pqm5vhrBzBPwBsoWZYMHaYz/HnQlBhIWgBDP47Vq7OrXx38n56Q0tcbaYqECAwEA
+AaOCAUcwggFDMB8GA1UdIwQYMBaAFB/JII0Lo2wtd08T3kL0C7beKnYxMB0GA1Ud
+DgQWBBSRqu0FdQ+STZMQVrOX23I4Bqkh5jAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMIHXBgNVHR8Egc8wgcwwgcmgeaB3pHUwczELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNV
+BAsTD2luZGlyZWN0Q1JMIENBNTEpMCcGA1UEAxMgaW5kaXJlY3QgQ1JMIGZvciBp
+bmRpcmVjdENSTCBDQTaiTKRKMEgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwDQYJ
+KoZIhvcNAQELBQADggEBALJdyQ0VWtdTlrYjwxr1svYyFO4orqmxszn+1Bjhbqy2
+9jTBWUv5Cf/+wnRjFsS74OuLxS+CXkR5LJ5K9Wzk0oVBIS32QqSVZf4RkP935p5r
+D4QpQVnKqdzoqGJ+qfWkayXjNW3kxaXc33v12Z3JeAnh5kpZv7CmBe1FDpoAVu72
+wGbbZ4joNc5QV0qTTw0jHL/mH2iaaPiJClmC0l5zB9w/t3OXCWOyr4fBmnUag2vu
+ROYeTpfBXPBLJqxtDoAnkr2fqeNiyxJ+ORGC0sbbI2cIbs7TWomS5l6VnJCv0R+X
+TpqqCqwccXjJmR/qhF3iJkn9bxrDgrixX6H3FcXcIiM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 04 69 7A C0 F8 D1 7E 3D 6C D4 CC E2 AB EC D3 47 99 21 7F 3A 
+    friendlyName: Invalid cRLIssuer Test31 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8DF42EF54A7ED06E
+
+4nKZD/ybq6VJE6lI6y1Xk4SDZ7OPMhDEsnLnYqu+/V03g8ItSWKWwZG/wQ02LlSt
+NXGLPbx2hURYayjCjGKMgHPTfImuKUcurL7qKaftZ1D8YoroyybQ6SMLmmdanBAX
+y1SDOyMud73jgrfDj80Dej2eX8CL3ip5myGmFr3HJ4riysWLOaS9lttcXgXXs2kl
+LTC5HUKLtr9wPjbgC9PD25Rx1gG00XnSUWthYn8ATVVrRhf41VbIDM9ZGISBa2j1
+ibfIZ3Bl/AerrTRknDJe/tHILGX6Q8Zy0Umep6K5ByM9O1rsjuTbcCNxXiO+bGYk
+tehb+1e+i/dkv92NZ7xC2NCAI+bSqwi0vvKL1E9Vlrp8ix1oBAIy2bY7qYETRFY/
+qNKqa7oyo9f4ThTDo94Cfk8wp36/PMyqQD4addS1yYTQFbTAPqtM7NApL23O9Q6q
+a9kSE+yereIu3ztAAqKwaEGBZPqrLS1ldXt9xBtxUr7F1KoytENESylVo8ULVSfc
+/ew5/2toQGVB0YkJfzPKL+ZCqGnaelwh/m+V3D7o+RJlZhfd8cTMAEP0MI8xO78R
+VeG7nowYvLSd+fbG+ehyALH3JRPdLrjnyjlta3ALa1bfNh08U9ZCswdh8+mAca5x
+p4VQwgAtDo1Iu8lYpmJa1oYMdJhRsE+x6KwI1/ZL8tE3h2q3YDEZrieHu5FniIod
++0gz6EGUNYiSel4gxNEvcDs14itsy9AM97fEDWR3U3M7u9y/hS5/htICWsyOXtGD
+SPqwWtD4nlsmWkd1TM9eUyKI1PmrRPQXkEb2i1G5gAFXn1JXV2ju2CCvqoLaLBHE
+UJgTujUAx6A851T3/K1WtJT4/eVvlC2P3KlkYAaKysEHzvHVzPmR/JeutgNdtlk0
+pwMO4ITTCdjWkjbAaIImlpbrDGTROcjaf/CllSfcTXPQwV5V4rotW2UYOwGEgidS
+x2+17lQkVnJRQlhVMY3iwNK+mg3VD6hrV9ACWZ4uf8o0Y33UcAea35qeXj+JktUz
+ZcQwO3N2ZRRK90vipd7SlL11oGgPeHS6YHCPDI4nzy6JX9WyK5WLxcbMw2m5rx25
+pDw7ZH8As6IDcQVX3w/SlMXjJsSL4mX+nqKTo9sGzOButih0ZzLbvK6Ty0ZllPSG
+IGbllNI/JZmNbu1ozkKYn/1X2H1/8+igfXYaMlJsR/QRcLseGbHWUOuCS/VvnnUa
+HnUtWpQN1nDzv/6zGhCEe0aLM3OeQG6KjmUpyFakF/GVPpuCmkcTsOkL2HOQv+r/
+fvYgpiNCC0/bR1D4m0U9byIIg8qVBEItex7q6eMBgHNYVuOVvzVhK2AWcvuM6n3U
+2hluJHJPRKoODvBqlzlTz7Hh1P6eROWlKRB8sokKWe+pEYQro1oSGpOCOpWbe2Y/
+oYADEZ+CgKeCglKAtXeDBOSrUo/lmvrLFsMI08pdddNHgdFwApNFfy6ZNo51LAA9
+GvjJ5NxEKbbIscGUhEQ/RVTObduQqUpcuYqkcnEqtJAEgZR6qy8bos9cLR5bG5Y0
+oN0RB8NRTPw4l7Bldp1+iDRmlYM2TvKqBwtbV04/TPcrxKAzjIgZmw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32.pem
deleted file mode 100644
index 5dab635a7e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32.pem
+++ /dev/null
@@ -1,226 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA5
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI
-iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok
-km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM
-6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn
-6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J
-7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H
-sN+wLRApTQTr
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA6
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0E2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5/raWoeX0Fp14qkKY
-Ypdts+gzpB6uEBcK8SpAa5FzydBYcIJajJ7MbWLlH1o1nzd27E2YQQPaVuRvB9vS
-4Tih5plnbOXvkaUVh/iohILhb0Q49JWe4JU2yQsphppmzXgUH7C0Zygn3N/fd8JF
-MUxK0kDYmuerHsZ7DDIJsAOTpQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwhs+qhpOwTOKGqpZSQOxZqIc8H0wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACMudfomzqT284TDQDAaT8SdUGpP0bH0
-ofTP/6WODMD3M2+AYgM5ES2McuNKWBx/iifIy42icqmtiP4EjbwjK5JKPJzSSyIF
-/BL1+/TdNfvGBuDBG7qoVzqALx4QeAdCh9tjM9eZQbwVuIIUiI94VPU3hT1OcJRE
-ZCkFIjgPYCPR
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test32
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA6
------BEGIN CERTIFICATE-----
-MIIDUzCCArygAwIBAgIBCTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBNjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp
-ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDMyMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDGNK1Y+eOYRm50GYuyrg+CaupAyx1885TUh0lz/2sHwXp2
-OmsLIqfukEyyIfBt/gEHZ4e3CvSb8unsTq/Jlt++srjlPkTPaJAJZmVhhLBS33c/
-L4t1J9CE+W5JEzzQjzhhtAgsOxH4gy6PqQ7MQ3LPRSUFqwtFlOjUaVDekanP/wID
-AQABo4IBPTCCATkwHwYDVR0jBBgwFoAUwhs+qhpOwTOKGqpZSQOxZqIc8H0wHQYD
-VR0OBBYEFCFEpTMSRVJmDIG3biuYZ63bFngaMA4GA1UdDwEB/wQEAwIE8DAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwgc0GA1UdHwSBxTCBwjCBv6B0oHKkcDBuMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsT
-D2luZGlyZWN0Q1JMIENBNTEpMCcGA1UEAxMgaW5kaXJlY3QgQ1JMIGZvciBpbmRp
-cmVjdENSTCBDQTaiR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENl
-cnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RDUkwgQ0E1MA0GCSqGSIb3DQEB
-BQUAA4GBAKZ16nizt2hCVkrf+WfJV1t/frRX9W7Oi4whQqH9BEA2nEZ9LVeGnCAZ
-he10WnY1rXA2JHICijj3YDBoAlOMWtp43Qhv32QJ4dFR08kuSWjvCygSokh9uyoX
-Q/zpF1amF1x/Br/uteHCBILXFFGLLsSauW15U4HWUiJQHob56396
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0..Y...R...N.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA7
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 07
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 08
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 09
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0A
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA5
-    Serial Number: 0B
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c:
-        d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c:
-        f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e:
-        44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce:
-        51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53:
-        79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab:
-        7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c:
-        c7:af
------BEGIN X509 CRL-----
-MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0
-NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V
-BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX
-DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB
-MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG
-A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV
-HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1
-NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE
-AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN
-MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU
-lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd
-MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS
-TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3
-pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw
-FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly
-ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb
-uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu
-TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq
-xL1FzpoJ1fesDYN8YjzHrw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32EE.pem
new file mode 100644
index 0000000000..913d2a06e6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 83 AF 9B 57 E2 15 82 8D AD 37 03 DC BF 66 47 87 B1 78 53 6F 
+    friendlyName: Invalid cRLIssuer Test32 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cRLIssuer EE Certificate Test32
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA6
+-----BEGIN CERTIFICATE-----
+MIIEbDCCA1SgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0E2MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAuBgNV
+BAMTJ0ludmFsaWQgY1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANR/hypQd5ZfgQVkP+On0t+Rs82X
+m+cbn8RfIKdGJ16TJx+umPn5RbrBegqLCsNMlnuSayqfI8dRDNud1lygtx3o8jVq
+7Hghl+UKnhzgq6kJoQLTcps12ELcEU78o8hkf7p//zpHTu4KgPu8uOlHHeh4poqG
+2HumXXJjVXgl3YTUeufUCIp83N0U+bzZ1hJp/1giElpUO7mzg3Fgqod8pklHsIab
+NwYPMA7nBGpOgd5U2OTJezmxd0s+qIpB8pE2TOHkg0j2K3o28YHHtCdRR+0eR8bv
+e/9c1JguAgwlOxYexaw8ILTF2AIRCdCqKQGzuayx1wkuyMrbTbZRhIQrSdkCAwEA
+AaOCAUcwggFDMB8GA1UdIwQYMBaAFB/JII0Lo2wtd08T3kL0C7beKnYxMB0GA1Ud
+DgQWBBTzLCUxrEFAGDyfXPzyKzqsnz+oMTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMIHXBgNVHR8Egc8wgcwwgcmgeaB3pHUwczELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNV
+BAsTD2luZGlyZWN0Q1JMIENBNTEpMCcGA1UEAxMgaW5kaXJlY3QgQ1JMIGZvciBp
+bmRpcmVjdENSTCBDQTaiTKRKMEgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwDQYJ
+KoZIhvcNAQELBQADggEBAH6YyaHCZXx+PWVzfSNQJClpQbMWgdnFe6430QrRzXXq
+djUbh94OnKIJsv8Q4IjN2dgcClEm/UMyPmE5BYNhrUwtTJ1qkaVJPXWDhUHACKiM
+fpyvFedpP744+uyE5hjGe/d6Yy67XIJ31Utj37u9dqA1u51nN+lsy4UN8a8OVeqO
+Coe7QZjlVLn3VVr981YvW/3zbk+RE1AZlOtZ6UhRfUaYSJpKjBf4PO1NzGVEWSgQ
+2I97mAcgjwgt/xY4ydOUqPvExGvsbG3fC0tBmzbqPuV4ISoZ64bWW2sEX8Wuz1aw
+yTzhyxQSkCTUNlGS7DRkguwFpjMGUr8D4i6QOdkAnCY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 83 AF 9B 57 E2 15 82 8D AD 37 03 DC BF 66 47 87 B1 78 53 6F 
+    friendlyName: Invalid cRLIssuer Test32 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B98AA6601A7ABDD2
+
+MrLMqzxICNQXMq2sBzGu6gIhOpr0VCPS50gHE8ZaiQo1Fo5cburZWUG3xwtivTxK
+spxUCoomPrP3vgyK/xZLuIVxsblHuRn3UnlgESB5fNoTbpkhA2ayz892tC9e5vw2
+wnQOW876vd4XT3vB6U9zH7QXGh5IJP5ynbtvHu0j9hQZbYuUBXBCXt9WWzAEpSEp
+udL3BLUJ8LsMkCExS7rRwKd6DauL1Wl3/PZx7wMiAX1xgoAatQJt2R8fC5cK50Pk
+rUpGXASy7tAYvkKgXDtoSePpZPeQG1JBH/Atr6MNuIBNvCR/FCWTb/RHcZONi1k2
+TaQ2lHwK69hV+irlsmnU0x0GXwlSW16PRcwp5I5OBqJDGUdKVBhcb8+oqu2ihNaj
+mPx9fY+BS89RdMwHWZPopgxzvsOfOO1yXK6Iv5jA5GZGoko5BswKjfC8AdZcNvay
+IjQ/tOhQIfxZUjYAuKvItR5lUEy189nMJBApQ5a9H6c6gdnBk6qvlKVJuzwW0B5X
+2WcQuf9aFL5H1vugKCQZYOQYVN3sm8/t0zTjs3eKQTU/opIVoz7QialxljJUa5Pg
+loNFztRsvkB2SjowGy4tkKWhiIWqGCl628RQHrZdDrye2S/+OgfiOsBZKm9K4wAX
+aMH7lIxlnsgZTW6VCN2FP53TRV2CA4eNqXec8Pu0WXyXkglN+VNZ5r2wL25mdwDq
+eRRM2nKzypS2tT3FpxbU+orZtfVQV4nEhMPCs4rYsq+R2+OITr+2DGcTLGnsMyBj
+K8+lQ4PVaWJuzank5TSjK9wZtlOtyp9ewZ/TZ8evyQ8SvKm908CiTtSBGUfUfeRt
+SS2Nh2UlsSIQ6FT59vjf6/N+mZevXoWLSaLyVZLVANLKSQ5VkAPtrVJaM9c5Bij/
+axO7+gPMuCI4Ee6OJsKEfc+VglKnyA4rdr3RRmXQjjuWItrsxrt++VRoOuoMGTrJ
+tnymW8vAykeXQYUEsfNbeXqsC4NdKG7EBuSkEKpV8x03PIyqpyQoNUT3W6QeiPHs
+FtRiRcTlfP9T9f+8vZnsCMn3m2tciAvZCBzodCZLWuAtxfFm45evG8NzwnVPSmQb
+aBrdW3l/QOwPmdQMv81sd1fkn4Cc39ZN1+49KSiJlX70BgnDCBRxRNPGCBiyg4Cn
+bLZhUZW+ctPMkj5wEXxcveairewFJqvpc6rRTg5MG4Yo5sfKj0F4xwWYY+I0BzKW
+4gCXSXiPnmPR8Vnw0mKOxUyBCFW7/kx0K6h+PyqUQO3yNAZqs3lr/qRCnVqs9PHf
+cXTqfqKjavbLKTejYgdSnzJlYRShFjE2E4YB+0c9OkJbV0epua/N9wrFxj3ineXv
+wYQclFFY9ZWXpdh+8Z9Mh0EJk8z3UC8wV6/+nh77cHGOY8NnTyxCMIHyVtoQe73h
+ang99VGp0KwC7AHReWWorS/m1jldGKtXnFgs+ImuLa8cVAr3g6hYpOI4+gyDgvbs
+jvkaw/sWFznat664Ztvi/08s6SfS4CpqqLrQiHh+NExso8mmt+N1mKNuSBfFlQiX
+Pjm7yMZEc/Oy6cOvjWt9qU9z3JyTwS341E/jojBMX4VO417KLib65A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34.pem
deleted file mode 100644
index 2e62d70320..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34.pem
+++ /dev/null
@@ -1,205 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA5
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI
-iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok
-km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM
-6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn
-6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J
-7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H
-sN+wLRApTQTr
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test34
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA5
------BEGIN CERTIFICATE-----
-MIIC/DCCAmWgAwIBAgIBCzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBNTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp
-ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDM0MIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCSaPRkABN56ESU2SA5P4mVXVChuwxsllnznUrRrpaH+L60
-m9Sa11iyGiUqTcGPQbEsPUN8zQQmsjnGSpIMtMRrnkaOTaUmzszVKp9xOuZ5vgSd
-8KeQJjqISqeeJL/oSynuMBOfir1TH2HToo+HetNsfXhumdPDKUojywjZcp1N7wID
-AQABo4HnMIHkMB8GA1UdIwQYMBaAFJStEtHhDn7DuzdLQT1tWYA/RFdtMB0GA1Ud
-DgQWBBQ4QCS2SjHLQtR3kH7i8O8sleHk8DAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMHkGA1UdHwRyMHAwbqBsoGqkaDBmMQswCQYDVQQG
-EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGly
-ZWN0Q1JMIENBNTEhMB8GA1UEAxMYQ1JMMSBmb3IgaW5kaXJlY3RDUkwgQ0E1MA0G
-CSqGSIb3DQEBBQUAA4GBAAppj9RM8AKRmrj/d56ZzOcNlN79bi39iFp7ZuxrkdL7
-ZcnUm4A5y0u2ZoywD1LTUUYh+egAhtpccsYYjmMVQVbEtgwVKorXOwcm6iNmENQ6
-lsZPlEkEXBLlfZLuhPr4Ju+QjaMo7SLAiXOG9lwry8ZFcfAGLIfpLlQyGZ2cnahX
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0..Y...R...N.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA7
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 07
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 08
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 09
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0A
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA5
-    Serial Number: 0B
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c:
-        d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c:
-        f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e:
-        44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce:
-        51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53:
-        79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab:
-        7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c:
-        c7:af
------BEGIN X509 CRL-----
-MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0
-NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V
-BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX
-DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB
-MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG
-A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV
-HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1
-NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE
-AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN
-MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU
-lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd
-MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS
-TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3
-pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw
-FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly
-ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb
-uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu
-TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq
-xL1FzpoJ1fesDYN8YjzHrw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34EE.pem
new file mode 100644
index 0000000000..c59c3f3943
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 89 5F 98 0C B1 66 E7 9E 21 5E 85 65 34 D3 11 DC D3 14 31 8E 
+    friendlyName: Invalid cRLIssuer Test34 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cRLIssuer EE Certificate Test34
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA5
+-----BEGIN CERTIFICATE-----
+MIIEEDCCAvigAwIBAgIBCzANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0E1MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAuBgNV
+BAMTJ0ludmFsaWQgY1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzNDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALZM/UiUPAWzidGDMrvQQbEw5ccN
+ZDki0OBiRr2Tu3rM4VqPd/QD7mFrjNMrncCBdxjE1Qsz3ZEJ89HXf+G6M8uYosh2
+spbvAtn79j73GDlVAhhZwFSx9zgd4pgpsFmufyFdHQrh7UldgyJ6pmEbtxbWcee7
+ZqkSPY5rtvNEDRcF16sUjkXGdfQK+5my17lltU8uZJtmZ/5xY61HpfvI0Owjy6Ay
+tHCf9/Kf2WXHFT4ezwIQW1eTA3cNtQFHOIBuQu0C1EtiZFJBHthJyG4u7plg9FOr
+V7b8rtv9hIerEX6FGJ+/Jw8H+gPInhaFxdzOtkCV3LBiwgM4XhStsTegLGUCAwEA
+AaOB7DCB6TAfBgNVHSMEGDAWgBSB96q9SHVZgLDP3yMYndiTRoIWszAdBgNVHQ4E
+FgQUiiMx2fHS3UBFAJNBSQUGJhyCgP4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATB+BgNVHR8EdzB1MHOgcaBvpG0wazELMAkGA1UEBhMC
+VVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAsTD2lu
+ZGlyZWN0Q1JMIENBNTEhMB8GA1UEAxMYQ1JMMSBmb3IgaW5kaXJlY3RDUkwgQ0E1
+MA0GCSqGSIb3DQEBCwUAA4IBAQBtVJxXc5x2a9fH2xCyJz8Rb2A/vJhatQ5J13Tr
+yPCuFcFfadOtMHGAZJL4A0bHxyiML5zhaNeXn7vk22RQxzLa/lSsJB9dRoSR3R9/
+XCK+f0babRaz5MxjGg6Xak+L2ZAYqhyHDeE+P13Hq64QZFsz8wuhX3dK6fd8pEOg
+3BtLHFjgOnrYZ3q93i7f6ehf3skfkEANC1rIiVwuTQdMutnVQzdw8tKw9pQHWgLZ
+f7r8zNr5YZV2RcPlK8alAfcGANKikTi6l+9SpOIpUDx/ebOjEekNA2tA1SPQCvqU
+J2nP9ZZ3l8MFwJHA56doOY+wy0Ee6AJZvYMjjx9RMAGXPyVX
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 89 5F 98 0C B1 66 E7 9E 21 5E 85 65 34 D3 11 DC D3 14 31 8E 
+    friendlyName: Invalid cRLIssuer Test34 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,55A1A3201C7E23DA
+
+OAZ2ghpfbykGcuAG0gn6n5Jr84azhS9N/KWE1AsXazS1Za6WsDRP5c5fdKf/7Q2C
+7f/G60/zxazydN5IjhGnowKjkam9qQIoe5fpOYwBQ/cS2BOYiUUvnqgf7x2MMpKF
+lLdpSMR+/UgfQV61e26IqsYCv6Fxqsy2Mrido569V1UFR1HS5UoV3hU64d9DIx60
+hItCW+bk0SeHsj3V9DqyWW22jNJ5udGFEjEzUXyla9xr1NUt69uPvyFpyrajLNSD
+6VzDZOTGTQ55QAAYMDO3G4sSZI3SUAueOZdW4IFa8p4PdJaNaIIXmHu94WKGJwAp
+PMhHsY5V43VO9eHDwbDHpw3qQ7t/fpg3wy7M2GDSaCreilnojgss/Y02s6+lU8mH
+Hsn+2NcAwqrtdLkuCmLx4AtAWdsO+rqtMVHDwFaHrlaOezBlYTvycCQhpu3NAAkR
+zWVXLqageP2oBRCdjLshUE5XH5AqDjws+YANM3LUyEFojGeA14nJsCmGFKoUdSCh
+rorhOm5DxtA/0ETzBhkr64iE9RGMIg9lYl3WVZ+IewFoOhcO0jPnv/wRnQFpvNxV
+pXamOAnfdJzaBDhobizVK2XnSkI1gV4CVeBkf2PxjcsQwC/qfxPW+4L6wa/ISiTF
+9/7QnEF9ejY9JSbv0wKCZsCw64CPatVmgDN3HYc166VEQG9uKM4nhJzbrf3qFHu9
+3AWdObVlIBTBRanwW0/iRLlGZJTsyJ57bQgHU3dxWwafWtycgLfvDXe6+zV2FH9e
+inZwNUB+gQtNC07V0YmozwDO6XM9Mm7eul46suit8NFC7RTeEezzHDB8Wvprf9Bp
+lR7UVCyS2NrEWxpjEgSCv+kNKMqQLzZGnBt7+KPbWMR12EzHgvxuyaglK9CqjW+8
+r8GSwbWBpCfRr7QxR26zyF9eaS92E2io/WKHOD+bidzl8eesCohHxCqFqYvm97sy
+e2zqUPJHU8lUVjr9W7IdUDwTdQfV9+F+y+otPsahu9DhxGqTp7COjeluxb1Ef6AW
+3rBhLxyWk7tGtzaBkQlJoQbQc2/JxVz/M2CEGqJ1PEcodulYRTr6Pp2IB5triivQ
+1GCUjOL0mlSJqBcexvx8/P7u0czhfefZW4MT/iMV9J7Dt1L9N/nTqpm+yYghYr4+
+/l7YhXZ1Gv39FTlh+FTmhNyZRPSt3mY2fnHF3vzLukV76r1Zw+sN/xtTYyJw4tIQ
+NC12TofcaZ69cQGj3qDQv8EajEfAhUcX2vEb7x15sYg+LjKjcfe1dpMgWx9U++Ie
+MlACrfZKc/QtIhPgG+alrR/tbmuUBU9+RyEM46IyWf3i0FU+6BMDjJk0kNWGLnYq
+XGZrQriPoqNvH3cG4qeC/1lFblEuseoMCZyEurGYRR48actk0fV6wahKDGE1whq8
+JVreifyiAtPjelNsMdjd8KBqFIWQ2zL3exyW3JkmoyxTl/ykHTFtPhFDZ9X7fqv+
+lvtUwpsH6s1I5jh8q8Se04Zv9d1RlCuZpax8e9q3ImP8c06/097BEAS8N74cnW7E
+pW6Nft+fN2jY1Rcvi8/34OFpO9P7ZSXp9BhJgehMosDXPKEvTdTm0e0oK/g4ozRZ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35.pem
deleted file mode 100644
index 814ed525f6..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35.pem
+++ /dev/null
@@ -1,207 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA5
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI
-iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok
-km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM
-6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn
-6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J
-7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H
-sN+wLRApTQTr
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test35
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA5
------BEGIN CERTIFICATE-----
-MIIDSzCCArSgAwIBAgIBDDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBNTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp
-ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDM1MIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDcad27MapNxZI8cHsmcsbc69H6JrfyxEdrb8jo4H7kREvw
-Ysye/I+06+hyhrY2ziYjoPjk5qwOT6MZoD6a8nysxt+wJwTtwWP7qrrHUrTTM4wZ
-825zHunib1GDGS6NDkRGi3ZZyHgwYGJIpNFvpZ2tYbnQ1YCd+82ApJ/pVK7luwID
-AQABo4IBNTCCATEwHwYDVR0jBBgwFoAUlK0S0eEOfsO7N0tBPW1ZgD9EV20wHQYD
-VR0OBBYEFHF/hceoUsXQv3cfdoCyVLgI9NqMMA4GA1UdDwEB/wQEAwIE8DAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwgcUGA1UdHwSBvTCBujCBt6BsoGqkaDBmMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsT
-D2luZGlyZWN0Q1JMIENBNTEhMB8GA1UEAxMYQ1JMMSBmb3IgaW5kaXJlY3RDUkwg
-Q0E1okekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNjANBgkqhkiG9w0BAQUFAAOBgQAH
-2pRXjertT5rd9nPU9I5ZthZL8EBhTAfMObbfi8/CYJ+Cftct++cBQATBDBr6ho3Z
-TNjd6Qkd1wPPR2EgMk1HWJ6QS4/eQooeTsqstbgz6n/KcMB/+gQeYZbEyFoVu5e6
-C13SPmHSsdy1dtEVVELLreIOhfgSjoMBBQYMCJwffw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0..Y...R...N.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA7
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 07
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 08
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 09
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0A
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA5
-    Serial Number: 0B
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c:
-        d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c:
-        f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e:
-        44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce:
-        51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53:
-        79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab:
-        7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c:
-        c7:af
------BEGIN X509 CRL-----
-MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0
-NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V
-BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX
-DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB
-MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG
-A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV
-HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1
-NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE
-AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN
-MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU
-lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd
-MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS
-TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3
-pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw
-FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly
-ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb
-uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu
-TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq
-xL1FzpoJ1fesDYN8YjzHrw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35EE.pem
new file mode 100644
index 0000000000..4df5ca0eff
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 27 B3 78 2D BE B8 62 40 21 6A 96 79 23 0F 12 D1 10 89 05 8F 
+    friendlyName: Invalid cRLIssuer Test35 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cRLIssuer EE Certificate Test35
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA5
+-----BEGIN CERTIFICATE-----
+MIIEZDCCA0ygAwIBAgIBDDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0E1MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAuBgNV
+BAMTJ0ludmFsaWQgY1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzNTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEZ3vjFkn5G0Phb9GsSjLsBjr69
+XZacj4oUQYXZE6KTPrGTuLxdS2p9kfr63rMkSLoKY+XcbcHDuc3MC9a8JUxCLLts
+TCi1XmiuiEy+/cTS8k0rQf/A/9uKZvqdp6AoVQmtIxWFbKV3SiOz9nz7d5tva6zV
+oxcpy6tNNuCB9On/t6teb548WBpMM2S28uzLLvTYKfB0J7QHCRf/kUhnWJX+ZkIG
+hq8b1UMZPSFNmm9pw7tYPNcra2u9MkP7FxnoBM7W0rQAEMZaKwhKQv8aE23pJyVD
+df59MBeqMEk7Jmejf4FQ+EiyF9EFdFnGc3VARqPYxk7RQzG4aXJxodf361sCAwEA
+AaOCAT8wggE7MB8GA1UdIwQYMBaAFIH3qr1IdVmAsM/fIxid2JNGghazMB0GA1Ud
+DgQWBBQ0OaRqmcOBlY37EyGFHakWthy79zAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMIHPBgNVHR8EgccwgcQwgcGgcaBvpG0wazELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNV
+BAsTD2luZGlyZWN0Q1JMIENBNTEhMB8GA1UEAxMYQ1JMMSBmb3IgaW5kaXJlY3RD
+UkwgQ0E1okykSjBIMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZp
+Y2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MA0GCSqGSIb3DQEB
+CwUAA4IBAQBL5cTjpHCWMwkWTeogYVLdVYyuUsPNyTJrGmx3Z9j0zBz4iEJoNJ92
+85zcB2deTuHIlFT+U3UZEk6ifJ8zUOE9TBC8Oyjl84EDOguoPgK0oQ3Jj/6b55Hl
+OS8A9CrB57Tn4slKocrF00uFdCiqmEjU1v+sbu6ABVBvAVd50qO2Tvy7kYu7H/eO
+M3hQPS5fo76cYJTtsn3ASFjtHZ2Zy06LRuE8YA4/h8h7Lvf26MfHeSJilhdibbmK
+C6qzmPhSKJTX4aFwhy4p/y5vNeSWy11eEjuCK8Szqhg/wfo+b5gtSlbUQLhXJAqQ
+24n2R4wWJ4Qic9ILAGdWLSa0uKAh3Vam
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 27 B3 78 2D BE B8 62 40 21 6A 96 79 23 0F 12 D1 10 89 05 8F 
+    friendlyName: Invalid cRLIssuer Test35 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DDC5EBDD1E2194D9
+
+Eo+ohoIFCoEj7N81YA/LxKJRjP9pBtRPlbBr4NBi5s/aUb/xB9zcacJHmnKxhoda
+bJQsd18mTuoGW9LZaIEjt9bYyLXIK/4xfep8Cysn23AQJXzkLpY3x5g2aOVnX0B9
+Ou9LUtZvQWQdZlfceA9LeDZPYsAaf+UGw1H36KVIwPyChZ/G68MKnNUPkbNNM2y2
+ndft9/HmIYB5/KzXdx5BnHkvXG2eU/bVuzUSzfdtHra8IJEHcY0Ox6dymoVW+sSG
+6H5t2kUIp/z9z7gAv9JH4L0asVs2HYb5puWP7Lt/4iKuOTF839YeJ/7h2DkGv5Vv
+mGfJIyqUHZzpi+SIVj7X88Ab8DPs1j/7OHAWp7BYFdE1Owa7X5gtBW1sHJmPbTfq
+3moN3miZoti9hFj13N+S/+BR5GpRHott3QO/Y5SUq5CKfAZsFS8SPSBNDn7tZ7gF
+atS1dHQfWXG53L5qN0JUWMuNCae1IrWGF0ChbwWG3GkRnckhZWo+5Yi9MxX3NfjC
+EUWn0Csb9BjLap1JSXRzoQIhEYsephk1xlYm4z93Li+6+ixiPldxN4NSp4osdpFc
+JBsewhkYgyiYBhZ4hC/SorLeWNupjfSi7kI7VPgMWA3Xi9qTkLoxjh1kfTKAlf69
+x0HqjdByVof1/n29mke01yyq6Q0XZExDtj82ST7lNK43job76NNYqdH+eEWu31aD
+qUcGT1veiuE4oi5wpiO/RNyPZ9cknXNJUk8zgEEah3BLp137FYJ5LpRc886yXw9z
+TNbNhQMdEQLDmZgJwYYEoDTNB48Iu3cghH1PN9Pmf36RDZPkWvLt8+8UhabgwtIf
+Qlmgm9Ux7GML+E7Ijs3+2XiIXx8VaNHJF969pWOkzJV3v/Y/lpbYnb/cJ149k178
+kfCKZNDLXUm1Nm8I94/X4m75K1bLzUXDbCkMbLnAhsfy9kMHNKKAeVzJ7jcdw4av
+h0RsWUy6c39xtxlm8ZvnDW/3xZ0HXRT00jxmqSb36J1gtSrsK7rcFf5XyCoqjH1n
+uwgXN13VpMelQTg6FV6OsnJZHnHdIEcOQ5+H8VQwizJz/D0C1IgD/YsxMRlZYzPG
+3hwNy2XbCTWh0oK0ddEGeFotuLDKpthaLb0euW4UHv5hPoNoMb7r0lpbt57tzjV9
+qQJXf8unpPNLPtS2lbHKGiy6eAPQiy+LFK6tLT8bWDM9/mcGid+N5jM6WI8yXjNo
+391XgOpIFK385rEslj/yNbn2aRfBjtPJzAe8QSnv2+t6zDUBW1CTSEUvWa5aVkp3
+Gq/1hwGKRE0WUmAEWQYOn8wrhUKnBtWgFvpOWeNcT0wtDxD188W4rLCYJ6WSMAMv
+0Jta6Lirm4DlW3MAMW6ZJ3Tc6NtKGEoZKU91g/DIE2g7rFlESTeSNirLjIYjXnJb
+PlurzxN7Sj9Ssy46V0RLmFJrVQIwnwp3IjLr2NAKMs2pq4onpACGUagmDU3H4cr4
+2AOUT/aR+IEHREeO+6r33vzcvFq7zp78rcubRk2/ftw14IZmyO9HFwUQBHLaFS4C
+4JlJtknLnOlPoygMe3gCeQCWfi8r+Q3OimxRwuUiO3y9WOVYVjBTmQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1.pem
deleted file mode 100644
index 3cafe6afb8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRLIndicator No Base CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBWjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcZGVsdGFDUkxJ
-bmRpY2F0b3IgTm8gQmFzZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-oG4BhBi9qCt4Gbrc/LcngtoFA7DzmY22GBOLt1eBY0FyQGpf4K9UJ/LOfsnV+Q1z
-VMrQi85AV2IqI6mgtxHLyw698P62RlAXRHWMHyj7K/bgc9YjZXUrY7Dy/rAbHaww
-JVlnlNsli3eVdnIPzuxxJ4qRhRgxixJng9IvLPDQaSUCAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIvW/54p6SweUNEj
-eV1lB9tgcPTTMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQARpTTRRjgFmYIu
-Mnx53B9cpWlZhaDRm9P+XdLuN3Tc4rdqxW3PccPPBB02TbfuXKXNGOQZpKhhF2BR
-oulfvRUkwEfeB7DHQNuEGVct08IknDXryj2KFLPQgWdprgO0hOgZxF1SPuUOh1q7
-iSvok8TmmeNswbnOq7EszJMT6EmnUA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRLIndicator No Base EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=deltaCRLIndicator No Base CA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGRlbHRhQ1JMSW5k
-aWNhdG9yIE5vIEJhc2UgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBqMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPzA9
-BgNVBAMTNkludmFsaWQgZGVsdGFDUkxJbmRpY2F0b3IgTm8gQmFzZSBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvGpcW2w
-QEDfvwR7XCYsQkH0qjyrTAjaWC37qTDFXdVea7SsRiN2tW0REkGLtoF/BGWwq3/K
-KNS47aRTkHkYyNJIlv+1vRXEYxlHI0k6HGfH+50i/40w6T3EzV7RUhcGUGQzP2bT
-K9Bpc6fHT2sjEgqChhY1By2i/j1sQcIt9TMCAwEAAaNrMGkwHwYDVR0jBBgwFoAU
-i9b/ninpLB5Q0SN5XWUH22Bw9NMwHQYDVR0OBBYEFGc/qnf9bJRTuHQc0l5B5FN/
-kKYbMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJ
-KoZIhvcNAQEFBQADgYEADuC/4FucvKYngf2DKlHL2CRM7Io+GiuRab4hlwCc+ma1
-VPQC6R+vlIABlQvMPmw4WG+SuFUDZNUssb8KPHQZdrvlnFHPjim3wRzYsdvAPIJt
-5zncVjkebsrXuA///nNffcUlemq0f871Une/4Vtxe1VBbGzCZ7s8DxQumEH4B6E=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRLIndicator No Base CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:D6:FF:9E:29:E9:2C:1E:50:D1:23:79:5D:65:07:DB:60:70:F4:D3
-
-            X509v3 CRL Number: 
-                1
-            X509v3 Delta CRL Indicator: critical
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        73:84:e0:d0:5d:12:bb:90:a4:b0:49:2d:9c:98:2f:c5:8f:39:
-        aa:08:09:8d:4a:14:7f:5b:59:00:a0:4d:f2:b6:47:88:33:fb:
-        a8:51:d9:b1:44:71:66:7d:48:c4:02:fe:ee:fd:2b:ab:80:0d:
-        07:ad:41:d6:51:cb:86:03:c8:8e:99:0a:6e:b3:65:72:65:58:
-        3b:f1:b9:af:cc:75:ab:ac:7c:59:18:32:59:8e:ca:d9:cd:50:
-        f2:f9:03:d6:4e:41:13:5e:62:2a:e2:3a:98:12:d8:ff:08:cb:
-        14:6e:1d:69:4d:d6:19:74:cf:b5:2d:c7:2d:3c:60:a6:30:95:
-        34:4c
------BEGIN X509 CRL-----
-MIIBWDCBwgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGRlbHRhQ1JMSW5kaWNhdG9y
-IE5vIEJhc2UgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgPjA8MB8G
-A1UdIwQYMBaAFIvW/54p6SweUNEjeV1lB9tgcPTTMAoGA1UdFAQDAgEBMA0GA1Ud
-GwEB/wQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAHOE4NBdEruQpLBJLZyYL8WPOaoI
-CY1KFH9bWQCgTfK2R4gz+6hR2bFEcWZ9SMQC/u79K6uADQetQdZRy4YDyI6ZCm6z
-ZXJlWDvxua/MdausfFkYMlmOytnNUPL5A9ZOQRNeYiriOpgS2P8IyxRuHWlN1hl0
-z7Utxy08YKYwlTRM
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1EE.pem
new file mode 100644
index 0000000000..cf4a0188f3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 14 51 E3 D7 23 38 AF 15 1A E2 D6 76 9A 9B 1A EE 53 65 D3 16 
+    friendlyName: Invalid deltaCRLIndicator No Base Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRLIndicator No Base EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRLIndicator No Base CA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcZGVsdGFD
+UkxJbmRpY2F0b3IgTm8gQmFzZSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMG8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMT8wPQYDVQQDEzZJbnZhbGlkIGRlbHRhQ1JMSW5kaWNhdG9yIE5vIEJh
+c2UgRUUgQ2VydGlmaWNhdGUgVGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCbhw2QqOjic0nMo+o+00dV/CeqcpriB+Ybd37dJoPpNPan0fliKh7L
+gC5qlfRMl1/G4aiY9/rn4c6IZKHKvZvtqxWeWdk9rfkZrzd5jdchg3X9js3W+Pew
+os3xdg0s5C6LAxUpdZKXUfnp+rgXJP+5DBJbp0zT0E+E2+wFCEFmCwvBXsdC4wS5
+V37eh0xM3D+AmmRpmZU1sNwE6CHCXS/FxAT6M0l2uOrrsAasOAlYyKomNrwuI4JX
+F3o2iOP2FmcUdfbipILts/m/i9IXBbD7Y6CHpxaxwO5C5M2QGmbrzpWRwnH2X5si
+lC9xrwWMDkDICl4iWZM0EpD/fvylKDXnAgMBAAGjazBpMB8GA1UdIwQYMBaAFPQ4
+diWrpOMcwMh1jI0Ta2MjtoqBMB0GA1UdDgQWBBReXpncoHSAGA199holyuOyoazn
+5DAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqG
+SIb3DQEBCwUAA4IBAQBJ/eVvOyfvPW6TIbZC836c9ReK6HHWGskd3H5FmhJpOGRD
+yqKrWC44Zg9TaEcnMUZdvGT70DPTKaHVte9hOzQHWlXPDZlpIPQie2luL4i/6hsY
+r4kGcK3jbPw/rexK0R8K6s0ZE+CpP5VQnRbRzCxdQiWny1m/PACa9zhklI/wEovL
+ha+CdOwDNBNDQzA1dsz8IqRAyIRiHJ1W/n71rkK72xCphrl0EcIZRk+aIkDNrO6j
+EHYzDFuGiknsLCZ9nrxUbdx16eeTaqG8wEkiZP/f8hERqB4TqNw+J0d2m4IVdo/B
++ZbHSIBkCA4aE92Z+PM4gibKanjLggGYrkPMshkJ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 14 51 E3 D7 23 38 AF 15 1A E2 D6 76 9A 9B 1A EE 53 65 D3 16 
+    friendlyName: Invalid deltaCRLIndicator No Base Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3AF61BEF1EAC1D72
+
+dWuz0jfIsicCkLiRuz0wUgfo5h7OVwLWI3sJEz8MJV5O9BEiF5t4ixGeIboEHbap
+4IBUKJ6MTWmtY9tmfXvKSWxM+BkyZXeAj0SzqTfNiPPOfG9wJqBgWKjVKQCnN1CV
+jM+A5IXthf/4Frbgbqccrzzd2fLOhJICaVOrcrTh//1ryATG2rUnMYMVbbLlxeHz
+8vWsJQZRNElgPl3BHeBRL6/K4qrP8UWQo/uivNmpVRY1OmzNtpFfOIt2jC5m7Hni
+6iVyta8GNn+633oxjn/Ji19JIX/yTjY7G4MoQY2MnQyML2mS9GUVllIiQqwN6tMn
+4Xk5CbxKKXx3Mqv6WN01o0oObRahhXx3GDHi8i0rWXFi+L6vz2fRPxInX4b0USIS
+oZvBS6JXJnYGctRp8akBajUEd9zb+cdP06J6YHlEV2ZzHVjulYPW10tgyLkJHesF
+n8bbfeUkaokt4yThN8cRiLqwj6r8/sLeo7DEguHkV/S7XKo5G5+AKT8TMg9qjEku
+pRmMnITqgtwQlNm/04g7woWLod7SdmOASsOhi1zko86MOLUKkCUSFa4ABOszpx3y
+oQEbnSHPI9Zaj93XLikF/RwS9pGdj3UHqbcuEvAowWlttt85JmD7VQR6JH7Q3dw5
+ISIdQJZVIVH3/IFCxe0tpw3Otqlee42m+OLq6DQOxrHJDyeHds0PTz9revgV2YTv
+4TGgxZSJMf+eRjNhxXwEB2+a3op/jWLv/kcV7ZN5tO8YbiaU/4v2DzLZu/rqRFz5
+HiMSVUc6wRVUm+EFasFBut/Hria/SDta4ayL+OUDXJ0G3NewngH7OG8H65v2jKbQ
+3hm3iaQgnm4YMwcRyOiF4qt6wPaR+uZXJcaflPfvR/nBnoN6L93dy4hpRuI0KIDW
+Wq7/KpVnBqEVJST2sOq1wGskbSvr2ozse02lObk0xAtlBLDFCkaRZDPZnG0tJ0F/
+j5dLAYe9e0j8SBkmY7AnxQyC82u4silVdMYk4tF9uuc2SuOswD0BFcy6+pwvJ9US
+gP5LRnVR0cCm9sdmitmulkMME6RzRXeXtLrfcv+XWOgT9anL/on/qOJ2JfWkTWhj
+z0wgwe3iIPvLYixOj25V2IPH4jz00ma9aLS8byebwWBLUZ8nN+oib7wQL/I6iOD5
+ARMcTb7SsJyiz5wWtJOkCRSnZrm6IsdRc2apuKIdjCivN+sIZiSIpqg4xfgB3bl5
+X/w9DtXHc/gWDOopWvDTC5BCjF00pZhvBclypVu9xsnjqcrW2IVBrz21Rb7RY2UW
+y78+DzkrE2FhrpgIgCltOe+J38gF7ywC+LEjL0BzDwFtF+wHthH9nPiaq3qrhrfe
+X2ynSuD8Y1D+2ygbO6gLZZvZBe8kY09h2F1qpcnezXwWYxnHThGsllzo8sh+yFTY
+xL0eU7ID/H7oVJaRrF3n6Y2r6OCu9lbjmrvJsvJ5T/RoY4IkxOFQ8gh0mxrHH5Fq
+kavoB/OjUGTgVTyjDslAKnbdUXI88SwyjOczbiX919PISbrnGsvsdU8O4eTbfK2K
+PfNniDgCGDc/aWRyfs/a+RjKG4lUmd7gGIjriXg+etZbbNG8/xbDzg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10.pem
deleted file mode 100644
index 4ca36378b2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10.pem
+++ /dev/null
@@ -1,150 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA3
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBXTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0EzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyjb9j3IekGOkHy1SMKbO2
-cxwOgq+Yl8JiAoQJk+wbolHouwKi3RFA75+gpgOiN0SeLz08puksttu+6NNeBmlI
-VBHm6vN402CMD2mE5JN9ze88PmgzLW/NusnlGNUoYksZn6JLwIyAMqCq9ftTWh/d
-Dy0s9MipYeAfErZCKqRoewIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQU4hgGT7/eQNb/M10iVoncEPfOcL0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJ3F2hdP5d9HdGajPqfdokQc5GBFeZOqwu0M
-3NB8RwFrC1PmrnRvCZETjCk9bMAlDIYde7XTym3nNwdl2xrMWn6xBBnBtVBU1uAo
-96PxqkGgbm/uFUgMLUlww+CwMtAWfpZylChZNNxZSK40iS4jOlN5JajF1iLB+CTG
-rC1IKMyc
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA3
------BEGIN CERTIFICATE-----
-MIIDKTCCApKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEvMC0GA1UEAxMmSW52YWxpZCBk
-ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTAwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAPg+ULgLYvxSkvSwcxwt2gPwS+Snwayze8EhWojhINAcpYlb8sPh
-4OaEgcnDvdOrOUGPIB2D/KOYrKEAqlRmM5zx12ZvpLevcV81RvNfe4FTRCqAqwhK
-Vs+5ktfrGpJxjBVWC0Lds9VitDFQpVoA8ksVekcaTe2bHsI0Ovr0DJiXAgMBAAGj
-ggEXMIIBEzAfBgNVHSMEGDAWgBTiGAZPv95A1v8zXSJWidwQ985wvTAdBgNVHQ4E
-FgQU10CyKhocLN3j/y/kw/ue6MjvEF8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNS
-TCBDQTMwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQK
-ExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0EzMA0GCSqG
-SIb3DQEBBQUAA4GBAAUoNQS5AyzkN32ziPcC+VbKBJACILROlR93/RKUabl710wa
-BNk1iOD+MQ9iUwOLXI/bAo5bqQP43gvVFETGio6KpzbsDfofpXMbliYNRyX6NYqy
-38eEMeX/Tu2GvtAwIWPlW2rdCrAl0KS57hwRtpXvyikNxUHoYGmtREmOdFN+
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA3
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E2:18:06:4F:BF:DE:40:D6:FF:33:5D:22:56:89:DC:10:F7:CE:70:BD
-
-            X509v3 CRL Number: 
-                3
-            X509v3 Delta CRL Indicator: critical
-                2
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        14:8e:0d:04:69:d0:fb:fc:c1:e0:51:af:b2:9c:b1:0e:d6:8d:
-        da:4a:f1:94:a2:23:3e:6f:c9:9c:4d:d6:b0:03:6e:ae:c7:23:
-        fc:6c:69:3e:66:ee:12:fa:2d:b4:12:08:76:16:e7:45:7c:6b:
-        7c:b5:ca:dd:f3:67:81:c7:78:d0:0a:54:52:05:0e:a9:8e:36:
-        5c:3e:9b:b7:b5:f1:18:a9:04:61:5a:95:4c:3f:a9:d2:76:c3:
-        71:dd:2a:9a:78:27:4d:3e:e8:02:93:40:21:42:14:02:a8:0d:
-        86:f4:27:53:8c:3c:07:ab:d4:70:29:2e:42:6b:db:5a:2d:06:
-        54:e9
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENBMxcNMDMw
-MTAxMTIwMDAwWhcNMTEwNDE5MTQ1NzIwWqA+MDwwHwYDVR0jBBgwFoAU4hgGT7/e
-QNb/M10iVoncEPfOcL0wCgYDVR0UBAMCAQMwDQYDVR0bAQH/BAMCAQIwDQYJKoZI
-hvcNAQEFBQADgYEAFI4NBGnQ+/zB4FGvspyxDtaN2krxlKIjPm/JnE3WsANurscj
-/GxpPmbuEvottBIIdhbnRXxrfLXK3fNngcd40ApUUgUOqY42XD6bt7XxGKkEYVqV
-TD+p0nbDcd0qmngnTT7oApNAIUIUAqgNhvQnU4w8B6vUcCkuQmvbWi0GVOk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Jan  1 12:00:00 2003 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E2:18:06:4F:BF:DE:40:D6:FF:33:5D:22:56:89:DC:10:F7:CE:70:BD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA3
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        87:f9:64:9d:19:1d:03:e9:68:e0:a8:3b:2a:8a:f2:74:a3:26:
-        8a:2b:00:7e:6c:b3:4f:ae:70:d1:e3:ad:39:b5:ba:70:25:34:
-        31:9b:12:06:6e:b2:59:f0:a8:56:24:67:c9:fc:76:54:74:4f:
-        28:14:6c:7d:51:20:d7:8f:52:69:12:e1:67:2b:3a:d1:70:03:
-        d6:8a:e5:c5:92:1e:61:29:9d:e5:55:c6:54:bb:8a:a9:b4:b7:
-        f6:3b:ee:b1:63:90:a3:39:2c:29:b0:f3:2e:00:1c:f4:dd:76:
-        46:40:31:0c:7e:29:ab:fb:35:ae:a8:73:8e:ca:a1:23:1c:12:
-        8e:50
------BEGIN X509 CRL-----
-MIIBkDCB+gIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENBMxcNMDEw
-NDE5MTQ1NzIwWhcNMDMwMTAxMTIwMDAwWqCBhTCBgjAfBgNVHSMEGDAWgBTiGAZP
-v95A1v8zXSJWidwQ985wvTAKBgNVHRQEAwIBATBTBgNVHS4ETDBKMEigRqBEpEIw
-QDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYD
-VQQDEwxkZWx0YUNSTCBDQTMwDQYJKoZIhvcNAQEFBQADgYEAh/lknRkdA+lo4Kg7
-KorydKMmiisAfmyzT65w0eOtObW6cCU0MZsSBm6yWfCoViRnyfx2VHRPKBRsfVEg
-149SaRLhZys60XAD1orlxZIeYSmd5VXGVLuKqbS39jvusWOQozksKbDzLgAc9N12
-RkAxDH4pq/s1rqhzjsqhIxwSjlA=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10EE.pem
new file mode 100644
index 0000000000..1b705fb0e3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 68 FE 2C E6 EB F7 D1 DC 72 5F E6 EF 20 5A 31 AD 25 7D 30 FD 
+    friendlyName: Invalid deltaCRL Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRL EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA3
+-----BEGIN CERTIFICATE-----
+MIIEQjCCAyqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0EzMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLzAtBgNVBAMT
+JkludmFsaWQgZGVsdGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDEwMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvANALh142nlDnxUbBVwMZf4H8TGU6+cn
+B3S/k65XoHWSCIQaHJm8ViPDebtC2Y1lxXJAuUQ5vrXhMNViCXvsXVv3Fyqh0v8Q
+xWCcW3Mx8f1uIBa4iWs+GyD2978gvyy4wOLeAYAESUYG0XStMq2JvmLqAugT21T0
+0CrRVBXBcG4tsbxJFoCMFN/UrS87ampiKLDfUrer1kKOpTIYVZJ/tLqy/MIyTzsl
+cll6n2Qs6BH77TijvQ+SzRja+f3jbrUHUZuHSoJ1VF9hsyKO6jnVwIqzIMXOox5G
+n4jqfRmMVf77zPZF87XJ2lqgDoqmiEzxth/B94GOqxavMadaVT+czwIDAQABo4IB
+ITCCAR0wHwYDVR0jBBgwFoAU72PTqE6x+d9h4g3DBaOYGNKTmecwHQYDVR0OBBYE
+FBLdWepYnXF0v83nAlTQiBuan5S7MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwWAYDVR0fBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0
+YUNSTCBDQTMwWAYDVR0uBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNSTCBD
+QTMwDQYJKoZIhvcNAQELBQADggEBAKpHl7P1CWrLLGUFP6PuAz4hr9Y0OyCV2JLt
+sravF+p4eArmXPaAVzZz6/lYajw2i+b4eVQxm3qds6WoxgIIKSGyHPEBU2kz/93B
+kHP87Lwwk5yPG7XdX18t0dJ7AQhbPhyACkUbpwsZrN0tNCUby0S6iHUgCDBPU5MW
+duSUqgptZCka9niVz6eVtTbY5796ayHh36+MWGzodBQByJQqNum3/Wxhftbj04Ng
+wlL2MfEcDnE3swKRRE4uxe/GEdaaUmSzbFsQX+fokCrHO6udaaoMLpKIa/HZpb4f
+xvCy+cimsD/LjJ8hIo1A0sgGbeM4oybqfLkQ3ELSljF9R8+svdY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 68 FE 2C E6 EB F7 D1 DC 72 5F E6 EF 20 5A 31 AD 25 7D 30 FD 
+    friendlyName: Invalid deltaCRL Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AC1EB1F42BAD4578
+
+Cs8dov7sh8fRdw/5WuIE9nxqQvg/rjIq5qYQnxcyNZXsr7ktj1Y+JPybHvcku8Md
+8Wrg8u/C0vINm5f0/dyzdF5KwidTg3EI0x++5HQmvK+3agest+PldX+8Kvpr6EyL
+TZKqvsMqAYoAsSbC4jeMoFUGRF/7kzIar7mkY0yw+v155q9Ot3wvUwvcEqug720m
+4zJ6kGAZNIzQvoZjdf9bvQgaFXJ5gWuHCmKdOyb2Jd2rSzVdE7vgtF7Gi6ID3NUy
+kDek+PLQQFbTlUWdG8KaSqI9qEp3j1Cbuqc6CKtTLPcNWDZ1rHP39ag1ZFnP89uY
+9DX5Xekraq54c1CYozZ2PKtLSXmWqW8io+c4/LurIvMKjJR0gAuIUZtD1m813h8L
+w07izH6QKZjAJ0ALNa/SBkOKeSNSN9o+2u3cCh9KmFMYcebNXoCPeacdNSpRrl3F
+cWXwaGUP8JGn2HMYJOYE1KdQKmeiIAigrrKYgNilQtKzo43TVHkG0758gaEz3P8L
+fogsqPHDWIf+t9c0PSnE/g1ZsXOVTDQmkk+inW4RzAOW0i0leIRklA0WQLrdpPBI
+O509+0WsPsdN0dFtQa4GhmsskjGt5JTDgfi/5Yge8TgGmHEoeSZuz5M8HRpfjMr2
+BRn5WBkOUgwEHsP08fE7YyjEE7lpiBRtSqryPpezN1JfBUllbgHMQ2x3MMmKUyvN
+Q8wqH0bG3+ORSU/swn0xemObXf0Y/dzlCxlF2t6yd6m2HrE2oCkT2AW1eF2mVBZR
+zzQugVYSudBRHH6AvtohGdoIBE7tDQ7DqL7BQi1rbCtZ1THEpVTiSENxRUumP08K
+ElP1G5lb96GdZJepltrKJ9iXEbxMjHbYejZ3X309zmCOKymJvanAAhs7BleED1Yz
+0EdD3mAHVaycjnXn8SxC6/libT3jsU8sO/Hy5u1qxqwFHUlIJhxu7foV9KMMyVML
+sXo+H0kiflUg3iHKNFBI/UM07ml2Z+VVSbxTl3D0zxpJFRUaUD8JSdwZos+dqNhP
+qpig4z04eMzGTSTzaoQ6VHx3TvAIbyLFjGzynk1upk/lDVOsNR8mxklV8XkvPV2p
+onSQ9xzX9o44SMlp+KsBmPOBiJI9Vgzhz0EwspTHs0r4w9B9kg6sfPpAo7BsJWzb
+PNJgxyXyIsqW765VR0btgSJjA4g46GzhzrKo7irwtgZtXe2SjeglyIileefBbj+b
+OHI/0IS05TFR7l0MqpPZFhpLBY5NLwV2cCsZ+Fgq9rHq/o//XfEgNI4hlr0TvenU
+g+wiO1K4Hh+zlgTGor654HFoUepehXjOEvhBAuj6+6weusjXGg1PEpNWZQ2qcrqV
+EfT4bYpf3AsLYt3AXRu4HUM7JyRX7VCgNZ8onBVosG36rdv2Dw53vqKDTnD5ISPB
+MeiKYjKJAFK8090u+T4H4qZKfwa/wa81rqQ4Ussfio3J6nkMqUDBr95wVmcvD6Or
+KSQQDqXdtwP8fNWvqKO/QOapGfzVVWRtvdciipuicjYWdXZudKAuBd8x5xrrg8yx
+ClR34LtK8hg87MIMfT0ppXUe2TanG34+86GGHeq81lKlpTiqN7jX/A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3.pem
deleted file mode 100644
index b76c876c1e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlSW52YWxpZCBk
-ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAzxx97S8BoEgN9xfoNoA/Llxt6uPlOWZ+ivv604fkNJjK8fwEFgGh
-IX2rOp0JvgxD9GNhW03cAb99VuVWaKCGZetc3qdUF2xWlxxXgYBV1Js2xsyjmGbR
-pqAvaRtcrtlqE6hmltSJmkP92c49XhgCOIkV/KNyODYzPpFNe5RyZ/MCAwEAAaOC
-ARcwggETMB8GA1UdIwQYMBaAFJOPTbzyHNcMriBIrLoyGg3X6A3NMB0GA1UdDgQW
-BBSxLLxeL6rboh2Wk+01TTFMKEr2LTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMFMGA1UdHwRMMEowSKBGoESkQjBAMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JM
-IENBMTBTBgNVHS4ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZI
-hvcNAQEFBQADgYEAjeR/ZFSYPKsGsR0G5k/dJwEp8GMQM/lG8s5DOWP1JbD8Ebl6
-aao3oD0FCF9jzK+rtRkL1GVRXX48sLANOStAEInSVm06g7LocOuGGb7NRggCbLRY
-rMCjHVqCHM8aJLARHyGGvUlhNfuzWxTNX4Ru6LnhGQmXqvWcGlY4dVv4vUg=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3EE.pem
new file mode 100644
index 0000000000..3f2d5cfb17
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: DF 2B AC 36 40 9C 8E 17 CD FB D5 7A 6B 23 8D A1 F0 05 94 5A 
+    friendlyName: Invalid deltaCRL Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRL EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAymgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JUludmFsaWQgZGVsdGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDMwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0thD2uHKXQil6QX9ihT20V55pfCU176xg
+xfE4bF/rUqIJr1QtBB3go+0Haquuzo9Nnm13khuoWMyaSmjdzvSCT3w0GW3ynnU3
+yYJ/p7fJZ3jlVWPkvMn3Meba6o2+txfsws25NSzmKdImawaPbWTeBPuzOGXNY0Lq
+ApdYfUd+Qq2jf+RWWMYQExBlgXwP2k5PgtmVqsKcbNKTC6rUP1L5McjM2ZFi5h9W
+HsHgOObOsGKYKIiVX+7pEQQkdNTSbPmiuS3f668FY9CCXwCGtyfrFt1OeL1ZTnDx
+/yjc0LppdCQv0EMuj0CORDhUjk8Uocu6GkieECZXF1s127oZ3+arAgMBAAGjggEh
+MIIBHTAfBgNVHSMEGDAWgBR3GCPldoTIFJQ/gtCB6nSx4KQvMzAdBgNVHQ4EFgQU
+psHlOGWlxb4PmdbGfVntoeCyBNgwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATBYBgNVHR8EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRh
+Q1JMIENBMTBYBgNVHS4EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRhQ1JMIENB
+MTANBgkqhkiG9w0BAQsFAAOCAQEAYHmgNuF1unFbwYcC0qsNM9gWmk3vbXFecTPL
+0EPYmRqi9MUgxFQGrNN89TJiCMiTqnUVHJy2jq16crGIQQPTknd+h1UehoyQ27qA
+yxHJK3dJK76vaWAU7+MJU2cWAxZ5eRD5kvpfjTvIWjEvCt3HJUAlkXnbn4GNkKAx
+XMkk3jQ/7xzHrSYEBLfuFrw6Kyphs4AACCY/b8AUONImu3BBAF3jKHr6CubpiuEF
+fOAUDfJdtxf71i7dUVPARF8Yo9IZdRW9OXXXjlWsXwKsCdiutyjaXXdyeHIFK59T
+IYDaSBblRRwTeVYrW2O04AQgyeSIj6L5M+OjsffPMNSc0+ib+g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DF 2B AC 36 40 9C 8E 17 CD FB D5 7A 6B 23 8D A1 F0 05 94 5A 
+    friendlyName: Invalid deltaCRL Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3432D17D5C1A80E7
+
+9MtYHI+46l3XbWivigwkEoOJorfDpDN0SfjSL6zaWqT7sC2Q6wV4IY+l709oc/o9
+Yj0NanvgWxEVpFFw4mwQ8UkQcuIeZS4uh8+5w0QeYZa4vbX/SdpOX0rD9oNocmTl
+kVpLc2TTDNk9ve9S9FZp8XtgUtutXk5xal7WIj2CNooJm2FnT3S9C343nPajCchU
+ElCaxJk/tOijvvnk/AkucWgjdxi8eU89zC18ffvzPSnx2X7wJu8BoHtLiewm3mNI
+AY+FK3R+Cd2xrfISlQVVznJ5Ydg3iZFTLKwPzWVKBYpGNvskKSHZDHmvkqYFiKZW
+xqFyLpDVCAjtGwIGYpQVg0EPuWnhHlm1X5cd7/XJFt3XaXuvrAqixgZAa9PpN/sj
+CwvOvsjlUsvPFJtpnSykQ66pa5Q3Dxt/OxYqkF7/PRWO1+0RU5/ilV6+aG8Mt7JI
+PDnG8pGVHs+ItOwjUcJl8W3gxGJy1MWX3mC+jNKcNYbp6pY6XFO2zOriGgHJCgLU
+hxX+GmVwmkxxC4grURsRBqbY+eE66qaMkTlcdXL3POsyi7CQ4pBBTM1RXHm8I6hx
+HP6SyWePXcR7ayd/zxIH8RT7hkFV9CCty0Adg2P4WKPgyBubZp4NzrqYoYM6WsT/
+ala1iUpwayas2S/5Mqwo9bwXBUVgLQA5zKz/epAX+d/SIg+7LJeeaZ3N5YOL8XNM
+HbxgjHvcA4MHhZTO4uPiT6nG2Q5G8/y1FYr9nneJc/mIP0M/90ecGVLcSoMfrgPD
+74oLyB05QPZA5jpT+kCqHhHfPNF6yiMinMCw0JiXNbC2If4GckIalUmVUysiIyNk
+7XQ8/zPWqIppefMBRCuxdlr5IPhyLXet/qSD2MSOZUB6dtG29BycOwI144xvcXDO
+erJQSBdoRVLzH8Lwwq7lM1M7Vt1e3TW3Dw68LOx7eNs+A9hx7kexFB3LnGjIwSGP
+wOAqWMLY4RMpg3hN/CHl9TViI1P6WxJIj/Zcc8IkCM8x47bb+eTyscj/fW/9YDiu
+1eyvNajjFXJ7BT4FB+VknysFB7GLIcs8uImTM8adtmQC8X5p1PtCg0yuICgeHnQV
+UrzjVPY74QnI8UcWgnfiyeJ2r8rl38ldwjSQSL8Sp3/72C15iB/NoZF1NmANQobg
+ZvwZVpgPhB8+z/iQgtBKCKsfaqZ3tat0P9PqwljoXI1o1tCRdd+rmed/qbEfwD5Q
+m3M59rRPgkMvgxWerdBzU9QpjC38+wInuIJBhLG5ESmTM5ILQWcGbthdHpteOIlv
+iyp3/aEB+5eAI3ZR41vmaVhCrhySLMCE1wHW3YJlR2gbbK78lluPVy0IbsJUW32C
+wDU8RMQnW7Vihc6p2uyjd+jMmllXzu18EyVJ0wFE04ukeGY3MhU54396LLZSgkra
+CR4xaFEq3RywIjZ40Xdxv3pYkuaG5JVcAf9fs0OLUvX4u5M8M8ArRC8GlflVPwCo
+6tiRJg5H/jE+s51iLeQp0r8Q9m+Vd1rKIoMYSUB+SGqd+68aT+wQFHIFcOqELKhg
+ZP3LRnJHvxutJNVykZhRi6wdjcBZ9PorVS70Wcs1ATd4o4wRqfvcUA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4.pem
deleted file mode 100644
index a23bf8d464..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlSW52YWxpZCBk
-ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEApl35weU2/WxOlBNEikRZQw51mRQgwiHdME99VsoaDgFPYglJARYk
-IQDYMoImgMANlcfHOiVaOAyXU4lXuGmpw8z64BNhazbSkSEl5lHedJaTrG3pwst8
-RIaAAvQbxOYAqrZyDz+9InoAj7ci9+TPhthUrmjkHxs7x/Bmkbmj9pcCAwEAAaOC
-ARcwggETMB8GA1UdIwQYMBaAFJOPTbzyHNcMriBIrLoyGg3X6A3NMB0GA1UdDgQW
-BBSZxHSKiyXXvxkmVXDhDuryYei0YTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMFMGA1UdHwRMMEowSKBGoESkQjBAMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JM
-IENBMTBTBgNVHS4ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZI
-hvcNAQEFBQADgYEAVQbnMvz/UBEqrjWC/M/CNgiN/9NfiIj2+eYySOYG+HoJrVWC
-qCDdYeXfKIHh8CtoS6s+S+xaYpEschIVX3kOjn/VMGOmvAtWlR3iy0nvVoRUoGDa
-4eBv1NPq2MlQn5L7WsYHJFnJrLx+z9lWgfFYNKPiDY60dVmNPSfFzQpevu8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4EE.pem
new file mode 100644
index 0000000000..0be4778f49
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: AE 85 DF 8C 89 D8 AB 19 F7 29 2B C4 7B 9B 8D FA C7 F9 9B 92 
+    friendlyName: Invalid deltaCRL Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRL EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAymgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JUludmFsaWQgZGVsdGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZqiQixIeBTrVSToKowkdbwEHI0yH5H5QQ
+6K1sURO5gJwPnZhXO1S5cFaQo7WwKYfxbFMcEx/kPI3lmcUfm5tBVk11bAjgp5Ft
+Y0vW80Vz6ABCOjPtaF2lVItqBMFroDU7H2ZVjwuhunj5AzURHqMIR1N4N1a/L46/
+/nyR6uZRLe2FDH4XmymO/Yh/hqEgnyOwYIQWnm5oE8CLh90Z4sc1Xw/CanCvhaDc
+AM7VFiZH1r/0hx/ogQ7ZzhfZ7IY5OWK7c+ww+StDOiIOG/7kHChh09yoURji7a/Z
+c8Rx2BB05jTSzjI/RxoRNi22Iq3lCTX45PQub8KRTA8cRugPT/inAgMBAAGjggEh
+MIIBHTAfBgNVHSMEGDAWgBR3GCPldoTIFJQ/gtCB6nSx4KQvMzAdBgNVHQ4EFgQU
+yMWFM4r6w1i+BiUVek9gmjbgnAEwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATBYBgNVHR8EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRh
+Q1JMIENBMTBYBgNVHS4EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRhQ1JMIENB
+MTANBgkqhkiG9w0BAQsFAAOCAQEAWIZ2nB1hbPwnabw3PDZdYtB7oAg69uP4Bes1
+alM0Wr/mwFeWf8TVF/GuVt+5Ef1IK2hgbx6YpwDC6762CoHUCC0jsu2VtmSESITk
+tRTOMNLpzp5qbxg21Hs9q2dIJXBZyltzKqh95+kERpsanp8x2u++/0JZycKzvZZr
+0W557uKJSforuvrYXIk9+PtAdF/HqEhCI8UWufJsMNeGjn14SnnXy0id7leIBWfs
+5AuGkSR/AnlBQYcImdBJtlHbq6a7llTwZOuOrQvtIPkwdkKeFC3oxhKUU7Psn7Vw
+6bVE0zECH4cx86j3jEdXzQfA+93hFBL/9D7ngXheTNDftFKT/g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AE 85 DF 8C 89 D8 AB 19 F7 29 2B C4 7B 9B 8D FA C7 F9 9B 92 
+    friendlyName: Invalid deltaCRL Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7BB7D5713526F3DD
+
+XgiCoLDnlzYySBOR7RpxZ6PYgYBgtkfG5/1UuarivwaJ5AhS3quH1pNZM5FCG96u
+icSAGBAy02/mT2tWK53NsEhpS1iKR1577PgeBYAFt+3UEfSok8eUtyYdy5ubb3+P
+NGtwNVvr5oc67XcMtxKVeOccDb8vYUyrGfhxQA7aAxjEd3+5YPec5x3n/FjJvFy3
+VJIzF9OzE4jrJsyC/Wj11q/R4aTC2qKBu04B7U4N9+7HWvmT26zB/yismeDFJTWC
+Lng6xTaVW8C/HcRsGUH/rmaByYotIbptz03nomZINWRKoJhOjDL/H29UbnMak35v
+CUuilzP//VLW1IFJ0KlorqbfVu0NIHcI2yF925SFgGW4S5r4QlnTYwqi9umjg0XQ
+YySKHqA+pVt5cHM6w/8AITb+o/e27yClm/UmMr9x26DYkNLXaGJht4n3CL6sD+bq
+tw6F+ZYNzrvZ14p0/iyNv11iR92dXLCPN8EJr8AtFUvX8ioNveEN6RanTfmUq3q9
+0CCXWThSIreab8qnaUkOa02IivgBHYW1OdRWAA8pH31JHYGMGdqGh5xhBpgx7vke
+nHv8btoQ/Ur9BqZN8hlwWSgMT6V45JOweSv2mR18EqryMUj+cWom2GEgwpuY/C9U
+TAMi8qSFBRtomvbag4wFVvs4mvN8hG0wSxbGCC0wRT/bn711FexwwM5rmeHVILRV
+HMrCpihBI9ZKelGiSSDGdeMWXqXsjVgrIzxzQUfro53XVzMfFAiFvNCgrnM5ViDS
+uxmUjdu580Ncz20MZt0pom4T5h1VjQ+f3grfnOfcW3mIkZS1gLCmTHRrcMEQqVDL
+nXh7CyFwAF2pKbInkmx9NAtVYjld0cU+e7WehJBwwzNAJmTh1DsuXSbjuOdgXPbm
+4xCZCqeJGPKa1KuwS9zFiwdgTN5rR9BuqG2ad+F/glkYV9v8SAhc7YVjRVBCRNsS
+xQP+WgZFWkGZlsdei6aib8/3C8ktR8vga2jr1tZ/TTcNz1i7RssgUjxN0BQLjz53
+tRmBNklFn0PeJ9LmlEULoRQR35nmHfSBPQ3QwRhDxQ32jbKLe073ZekBZc+M0Rdh
+Cvgd+A7Gcnrct+PnzUDccyMk4uhAdiRRnmawscYupGid3Vm4CsJJaNxWeSRQuH7X
+4u/EHvI89r9ixJd4s87bi6VhFa22sg8eGDEgBUNfH5UqVSI9RRVfW4Iz2GkRR2WN
+ZcjWjeunn5PbQRcKOzn7x81ZfF3IBuCbmWnzNl1B8DGrDsQytTzE4ar3pBGNHZ6+
+HBj42b8hBAY7OXyoob91mn8b9RvOxsI+jxd8frdoNXgGLWsmy3fcPNY/SOXDkgle
+mNIYOkTl/XxUlQMdnCsLv1u8Dyy5ZEdhRYFX93k5XIOvfASU6KuxuHMT6hY3hNzo
+6X/Jc58AYC2+pVoMW3Z7DJaXFc3byhwEudfgYrrUtJNfrzSyU1Ic1qktDzsiDBa6
+59zHO99ftdB6WC5RhCtcljBSPKnOhD/5oAnqLTiY3irgn/wdqBvMJn0dkSiWrT8a
+aGpWOAO0QfmAfvZYUk8LQrtTakNa7lW9Msd4+3aaVJruqcVrh+2OSQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6.pem
deleted file mode 100644
index e918530f97..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBBTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlSW52YWxpZCBk
-ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAscrNGz91htFkIREH4kXyOxo9/1St8nJA9dIDFUm8mrrSSju1W8oD
-Xp8EeOhyKguxnDGTfGnp5SIrvLUB3IEn2Jjme0QUKtz3lVdWYMNZcyESeKIhz2Hs
-GCFxmYHAzafSbJ4dh9VLWVEkARbN31prGZT9BIls24r6PWhRDanqOZ0CAwEAAaOC
-ARcwggETMB8GA1UdIwQYMBaAFJOPTbzyHNcMriBIrLoyGg3X6A3NMB0GA1UdDgQW
-BBRyJcnOHzbSUbchF1gWSl+d/EKipjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMFMGA1UdHwRMMEowSKBGoESkQjBAMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JM
-IENBMTBTBgNVHS4ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZI
-hvcNAQEFBQADgYEAUGZgoTW4dnlTr4u8+RArHmwDwiSDY0cXQimlo5QXcoeZczkt
-s6hrTXRDO2ZiijUqoKqP+F7hBWROoKc2U9kq0yLfZXxsRBx5atus0zwV9PE2pYS9
-5doAUve+eXvnEBzwjBzlPNoWo0yklkwaVIhBZFY8HS2G8P115VnipQebcZk=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6EE.pem
new file mode 100644
index 0000000000..33323e9a29
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: EC 20 A3 FC BF 35 4B 38 27 1D DB B9 77 DE DA F1 7C 38 13 B2 
+    friendlyName: Invalid deltaCRL Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRL EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAymgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JUludmFsaWQgZGVsdGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDYwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQChdlfiKhgkVBZls9SSGM+R/2fkQXuDV0hM
+wkswSv31By0st3Rxv/Rdk2M5HQYcG9BJwfWqHmmfIywnsfWXY8hXl9W81O5xCQT8
+6I2qVmxulBwFDGa21Ik6vyOaVkh3GjNoUYDFvngr1srEpd8Y9j6ooDr6uQBuvaeV
+p7loDWGnCQFldjlZfHoSvmiOyx9oV14ZIW+8o6IoUQTOrnTuXXtr7whOd63KMBjg
+tPTczxQ6pGIF4c5CjmEzasNs0bcovGhmRfL078elh8VrB5sv2XMAeCUNWQP/GSoy
+OdP8R+FDzke+teFQmBaAJkKPLlHlBFRMIFoZ6WG76hB8GzaoflGZAgMBAAGjggEh
+MIIBHTAfBgNVHSMEGDAWgBR3GCPldoTIFJQ/gtCB6nSx4KQvMzAdBgNVHQ4EFgQU
+spIp9bjrEucJCdPG4GtrsDiEOD8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATBYBgNVHR8EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRh
+Q1JMIENBMTBYBgNVHS4EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRhQ1JMIENB
+MTANBgkqhkiG9w0BAQsFAAOCAQEAGTUyGnLvpOUE4M2D+spZazvR0m54B0BHclY1
+rNqvv0PZ2Qg4hi9l/bntIH0q5F8OpH0LSZ/4CgcJfmflRtOgxU0R7m76yYZpH+K3
+7qhwBzd9Ij7tZWD1C1eKwaLGSduMVm01PbjjqHG1wuoGM14524GKoq/6g049c6Nm
+dOqVSxFf10LhI1StU/ptj3RhSz1YXquDHuMimPeFxI/yPpdVUNO4kF4qZrj7Nwp1
+L5zFnmpXpSo2QeIEfWjgCfEKOyGo7jgNshhsoEwogFQp+VS8opaKnJn5J6uNkrPz
+4UgLpsTk4UYXqgYMLDx54HTzVELXocW+YdeRv+H70w2XyfBwSg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EC 20 A3 FC BF 35 4B 38 27 1D DB B9 77 DE DA F1 7C 38 13 B2 
+    friendlyName: Invalid deltaCRL Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6BF125E43F84522D
+
+yYCvvGQ/1feC0wRhswMyrwY/pF3JbXfstV3xlG00CXrVeZ8NlZdAg5Q6QJ9krJPD
+VRYziXTi+aMZbF4auvwRFe/CNuFxclKTHGDSQwIl9qRz/1EPKUhiJi4Xp/RSnAY8
+PBSYL/Pg/53apWqMOUHwAdoQ/9EkYC09gd8nXk/XfKuNRXDrAYd2x9dfmLZ743dl
+aXLr+6L+AzjzTNKLLjbhSPh2QRfUPwaiG44uAkl3mch7W8yNF41rBOLDuXbpzI82
+iAH3D34mtpiZmD7a8psm0R+2NgxYzfnAIe6ak8DmKTXGYk1OBhoKQTvABteai7dv
+utZD3JAQeCt4+Reom2bu+trjD4iAP4Rl/vCu7r4PnaVxRKsPsrAWapzIJmdBWdud
+4rTmSvnZzBmlTF/VrND52a09T4GgmXndWPhJdCyi9obOEpkNHFNBqQcntU3IW+Ow
+a3RBKIeKOuXhOLo86VblzRqP1xt4GJ5dp/8EK93hosocEos7T9e+0w0FF+IgjK3Y
+FfDgwdfepNS6FBs7gVxq8wuly9GNe2NrQezmNtQzLwM/IvuRLHh7oSWnjnwi/4Ux
+lbMYdQZduhHYvVbqTYgKaxn7Jye+8naQsJ6eWq9wLVSEx4dvHISWv5Fu3HeiskGv
+7GSqE174AaqCr4K/vQvxNVMy5PI1tdqTvPU6CeDwPM658hzuCS51qADbJkFY4pOj
+XaS1+phNt1a9t/sIrOLpX7I4bT6b094qVXqy6OuKWHLyky9QsL4Abp6MpnLShi8W
+QrUiCcw0I4BbtCGJRqfggRI5kR70zfTEDs7eBOWhuzTDTCm5sG2jaGLdH5mKFC7D
+aw7u774F3aIZA08ktj9tqeUDmJ0I3X7zWm3/CW3MdFkX0qehCqL7rk0IaO9cJtjT
+05/l9CTSEWQqQPryV+W8EyHJf9jEsDcY435hxD4x+q9PSeztcBMqOG4eh/l3XfLN
+JQXWdi0xIESrJUcOK/ca/psKcRIEIlw2LUdZupXFdJwuxrcjxfmwie5WMMXFv4tH
+pDKDOmDb9tJ/eJ0o3HLllPQ3VSzuKsSHcxKmx76MEqe0a5HcZ+7tzlSXIgFQ/7hM
+VUH7PBn+knEL+OSw1lfgfVmRiQm1B1FVAK4e/0IkqWZB09/7V/NO2zOvErR2bbWP
+ZpjLo8jJ9P9SjWiW7RCmvBS1SYdLtqAU+A8blpDpxMpXN3WKpRzhBt1MRj3ymSyO
+Ze7nm17FmfYQumU8DNqHR0gKSXVT7Swty9vmjUh/5X1MxPizVEnpxAWbvZ4E5wPm
+L4nMHIywYNWfaDXICBffWQm3Pv7wkCTTOqhQW1I27nYxz1CiVTWIExnEJdU1oXK1
+aM54hKv1v25xVctT4KFT0/gO2JpNcTAkWGhjvosPSI/FKXK3/KYdzo6jI0faGtR2
+BU+XYH9frKc68kwHbRu8DTem4IMl1WJ64MnJ3GsOr6S+V6r58UW9rFkcSOnAiocM
+bOrROd1qQhiv778dHseayZx2Si4T6jXviV/qV2ATQhJNbjTWwAltX40h7JZ4BN1i
+AxGR7TWCWtdkrauff5cXQujwWHAt1vRgPG/CtvdM9E+gOFBopayb8g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9.pem
deleted file mode 100644
index f96feae051..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9.pem
+++ /dev/null
@@ -1,162 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBXDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr2MUpxzH8HIqzmAylEvng
-qJvVIxI4xzM8NSpC7P7T2R1dmFXK/19W+m5yqOagB9VxgxP9IYbI2VJ/FrbQSD/+
-afpuHA8++piSAs2e/1BoRagiln3PnQTLemPsmVy00eSLnsw6QRdC0MIZjme0/SHv
-Z6XuWPNvicDyA/Uml2pCqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUo5OrV2YmbXI6bLyDZaOa/I4MQwswDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAFnKbCQCHJI6HhnaoKJkHKk3dBK/E1DNHc3a
-u9yx3wYdmqwkoG5iKJjssQDLcbLfpjuF7jU9nKbk2gcmOIa5//lgCmUaok4WZSUA
-u8bzMnpiZyzIjjoW78RyuntCMXbZzcs7umsOKfOlDXj4wwsev4E7m5nvP2Qv7hEX
-ECR/9DaG
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA2
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlSW52YWxpZCBk
-ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAuJgOh28x++Wg1L68WeOKQN8XdV1qhrZmuHQgwEWL8HA4HNqPU18v
-laXijT2AqIMjNJs0Ja41CFGbeaiVSNrV7nMsuQAiXTiiS6R8yrRScEd1baqSvzRT
-PPgXoN1qSTYKXXeEYR3dKsHZ2DVAjdlvm/bwIm6lGKGchu4FxwoHCecCAwEAAaOC
-ARcwggETMB8GA1UdIwQYMBaAFKOTq1dmJm1yOmy8g2WjmvyODEMLMB0GA1UdDgQW
-BBRJKQemGd+zHC3BYsO7nLEzQ8rHazAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMFMGA1UdHwRMMEowSKBGoESkQjBAMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JM
-IENBMjBTBgNVHS4ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTIwDQYJKoZI
-hvcNAQEFBQADgYEAf2NJLZQsLgMF9j1YG0b0IP3nQETOE/M1kAExKmgex/QteM25
-DBV4d4vJzuh6DFQxNk91Y9K9bR7qIPlsK31NGGpq4lbct4XgbIlM0+4phq3sORcJ
-AU3cfsMvJwZNmfJ6W22nEhF9Dgd0JNo+9g9FQGlSH6z2O34vBB/jPtkDJEU=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA2
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A3:93:AB:57:66:26:6D:72:3A:6C:BC:83:65:A3:9A:FC:8E:0C:43:0B
-
-            X509v3 CRL Number: 
-                3
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        25:e0:e6:a0:65:11:f0:81:2b:f1:ed:47:8c:1c:a4:dd:79:26:
-        78:05:22:84:96:35:60:de:7b:13:ec:70:ee:50:3d:ac:d4:9a:
-        22:fe:e3:9a:77:a4:fb:bb:86:98:21:80:3e:d3:20:85:57:b2:
-        0f:2e:bd:53:d4:7a:ac:96:02:3e:17:00:67:67:6d:16:01:9d:
-        93:cb:fc:b6:f1:c2:23:0b:e2:de:c2:02:5a:70:05:34:35:8a:
-        72:8c:cb:78:ad:62:96:86:50:5d:6c:ba:1a:bb:e5:b8:e8:5f:
-        b6:7c:33:8f:8b:aa:c6:b1:78:a7:e4:56:12:76:09:7a:db:ae:
-        f5:ff
------BEGIN X509 CRL-----
-MIIBbDCB1gIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENBMhcNMDMw
-MTAxMTIwMDAwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaA+MDwwHwYDVR0jBBgwFoAUo5OrV2YmbXI6bLyDZaOa/I4M
-QwswCgYDVR0UBAMCAQMwDQYDVR0bAQH/BAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-JeDmoGUR8IEr8e1HjByk3XkmeAUihJY1YN57E+xw7lA9rNSaIv7jmnek+7uGmCGA
-PtMghVeyDy69U9R6rJYCPhcAZ2dtFgGdk8v8tvHCIwvi3sICWnAFNDWKcozLeK1i
-loZQXWy6GrvluOhftnwzj4uqxrF4p+RWEnYJetuu9f8=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A3:93:AB:57:66:26:6D:72:3A:6C:BC:83:65:A3:9A:FC:8E:0C:43:0B
-
-            X509v3 CRL Number: 
-                2
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA2
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6a:af:6c:a0:70:12:90:02:5b:70:fd:d4:b6:8d:28:9a:51:5c:
-        fd:04:ed:47:e1:a0:5a:60:e7:41:83:23:ff:a3:e0:c6:b1:fc:
-        71:db:cb:8e:a7:20:0e:f6:9a:ae:e3:fd:61:33:a6:21:69:4f:
-        7f:7f:23:cc:33:47:45:23:bc:fc:a1:79:02:31:3f:8d:77:e7:
-        c0:9c:8d:90:ef:6a:9d:38:fe:13:b7:03:dd:ac:36:72:b5:94:
-        e5:7b:43:a8:7a:96:ce:16:bc:55:00:bd:cc:1b:a7:81:93:40:
-        f7:f6:11:bf:c6:dd:7a:ab:32:e5:be:fb:88:32:e2:06:41:9f:
-        5f:d5
------BEGIN X509 CRL-----
-MIIBtTCCAR4CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTIXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQGggYUwgYIwHwYDVR0jBBgwFoAUo5OrV2YmbXI6bLyDZaOa
-/I4MQwswCgYDVR0UBAMCAQIwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFD
-UkwgQ0EyMA0GCSqGSIb3DQEBBQUAA4GBAGqvbKBwEpACW3D91LaNKJpRXP0E7Ufh
-oFpg50GDI/+j4Max/HHby46nIA72mq7j/WEzpiFpT39/I8wzR0UjvPyheQIxP413
-58CcjZDvap04/hO3A92sNnK1lOV7Q6h6ls4WvFUAvcwbp4GTQPf2Eb/G3XqrMuW+
-+4gy4gZBn1/V
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9EE.pem
new file mode 100644
index 0000000000..cbb9429d12
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 9E 19 61 2D 56 31 8E 7E 86 26 8B 26 46 08 30 44 ED 1B C6 A9 
+    friendlyName: Invalid deltaCRL Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRL EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA2
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAymgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JUludmFsaWQgZGVsdGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcE10fbivD8YbnEDA+sI0O+XaIUsukUp/a
+yfj/WxEn9t2eUiwN5UbG579KJ8eLcFDNQhZrRjzsy1yWNJllb8pBjjRRyQozZ7rd
+mHlzW492WmaspKUVT/enEDTGOXlmvxGFRz91isOCgEqGPZ+6MLcXx5halMlQfD80
+X6qsJjaSFGSMxPPFUij4eyghF2dnmAzdJrLW8UKjSDjFPCrTY+1AGkzIaifpKDN1
+qdxUR936ago3xfCKujbRhOkjbeaAHxwBVdAPZQhmsJejhRl6kY5k0rA0Hbz8I03K
+6Ev61b9y6j/WFIU/GSnTvvZ98gwpI24lIRS/7uE47Uyf2pgXU6tFAgMBAAGjggEh
+MIIBHTAfBgNVHSMEGDAWgBR82Pa+A0zOz7c/oRm7M6u11437xDAdBgNVHQ4EFgQU
+lHekQ7FVrwObog3Zam6ZJLkbICowDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATBYBgNVHR8EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRh
+Q1JMIENBMjBYBgNVHS4EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRhQ1JMIENB
+MjANBgkqhkiG9w0BAQsFAAOCAQEASXs9VkAAMDzy/RNxg/DiQJf6z53J8rBmrKZd
+LgHqb0nWVu42Ibgmcc9GvE3jRekXAkoZOESOKzwnzTKFoNkSh4iOf2TwDajamAwZ
+4NTsy33kgxLggaVOqx+YHJDVGxc8LBPVlQK/1fgNuq0zQdCbzp2qcK5cFJ9PY9Xv
+4ktwPMZb7mDMuO6Oav3JjAy9obJ413mF7RAo75wrHL/+fUfFGpVT0sN5dNR9kjeo
+undhANx2cP4tuCvTq3IUROFr8s6qNFHsYP+kCIAsQHLYK8vnaJ8APIZfm589SAeR
+ohx5pQ/4gghyE1vBqnuDf4tzZyari1c7EQ7CTe2PVJF/g2nsHA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9E 19 61 2D 56 31 8E 7E 86 26 8B 26 46 08 30 44 ED 1B C6 A9 
+    friendlyName: Invalid deltaCRL Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7FF86D7F3F2E87A3
+
+6vAuGMtew8Lpbmh+ROvHn4bEG1cDfkxZ5zJZigKNUagHN4nwEP9lD5y3Bv/K65gf
+d4/ac4RHMnaexNBR/8e5Dq7UqFWJpJSV1IgQBn0dlloLoqhXgHl2vsLEXGlJFZKa
+w8/V1yRW0+Gt/GxtpjdOzLE5dVH7JH/9GETETF83Bz0LTBCQZK0soRXPKRuQZqmF
+ukAuZKPz5bROEipUIe4DWm8O5jN7joP5irs+wdB7KnI2rOlZAQZT0GIONWOWfVQ0
+zhFzKVxB1ETU+8eUnY42NUXdArvILK/Adh+lCfv6wYabF8ezmZQpFNTf1wSDu1Ug
+Q1jd48shwbu1ZzR+86w2BjAA3kgHfSC3ljkVrVLOyGw2HMPHekAGm68vxchsv1vU
+DTrHWIU/hQCvsOmLXGhfF/sPVg+uivuI6fc8UVm/AFAOm5AcaSBnIcoUNjKHOq0A
+JzbJG1ATpNfQ1kn2aWAhl+VwT2wf6lhrNNyqnpAzUbpNe5Xt39x8YrQH7j3eXCjT
+JS5mDHiLq5iMmsATTF5u8+ZSZB+2+Xh31joNyf85qS90KccxyxwvXkSUUmvhaDYy
++chSCNwYnPHpy3/B0LrZt5ixs0a0kQAxhx10lpWFc/OSvwnOmITAtD0jD5iYftZs
+IMs9V0EDfwCU5rI2RLQcEZkG4DzlXbhnu91dSmssMrMp5GCgOHlrTOWKMMdEnVQ4
+/e1v3YHArSHWMUureOXIb23TQjZuqVFbWU/UlRO+xYgCbLrhlNQ6/67UUc5OaY6Q
+1pikMkJxpaeQmMqJ5p501QLVRfr0Tvt21GjGmKS6n6o+mrklGhBzWNS0qmuX2Kpk
+0ZrTNckSiWtjfvxMCWG8erQsTayws2gpJkXOSzqWEZhhwBZ5OacqQGi4N875mZ+f
+yjNWp2PYxcnxy8NwS6xgFBBtXrPlF2iJHNV+SgXrJiAVC4W3hG4p54e0C+xsVX/H
+w2iJkyMSVUTKdYxcqaJdCQbx2QrV4LVoFIubOIAz3a078RKPoWdLcvB29tWCn+g6
+M88Ciz0Bljq6SbsyBRwtH6rwPuM1WrupWTXyZhVKs/ni3kPBXUsWUQzfmAEllfT9
+gj7HuQRoKl5iZh2LAYNuFnrcgPHzdgWEwE8YcZCZCmDNSFqZusgouQ5Wwjgq1Tex
+KTFOnEbQ8e7oKxTm8k/cUQFcXBTp09NnmbwkEZklWEni8VyoM8wu1o+hVqwvBOto
+Jqm9qXUTqY/VTJPumnxrWBtBhQTO70L07c5WAk8rqLHA954XRvG1SAR0JC3LnS/I
+o9TtyGdSJEHHy9DdMvLfb0305eeeSo5vO7VTZwfSZIXRuzrx56UjVBRMzDZlB0YC
+FiKvWchbLnmC7uzDc9p2qBvrvawP1lql3pE91BOyi3Mk23Ew5ssJVXva9qFIzLfK
+1yCfPKDv5sDq4B1sriVsNvz1l8x/dbeyptE2QEqZiVsSOT0Yc3Ka25yMvG4ZRGxs
+wO/pX+5hnXCh2WwzvfTHXcZmak96HLJaPDl+QNydGqc4BSQ52Hb50w2Sd1v+QzPK
+acM2W5mjpgvxUwAOjkCx29dsrv1EYiBqkWmmgfVyaDBzZKcN0X9pOJcb5rFlpTl0
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2.pem
deleted file mode 100644
index e2b8ef58dc..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2.pem
+++ /dev/null
@@ -1,123 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVIDlX8Ue
-jptTAccp199par4Wi+6zdvpzdmUXj6UICGge/S5OJUY6nmBMligfESDLwjhbFB9V
-wm194odW9eAiWfUenAN7i4xIyorZwf5dPqHZVOcv9M3jRBce9j/ZuO8ard6c8Dp+
-UQ7gGH0Avyz4IM9x52TNBjYLthRcxwRPywIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnh8dUFdqhW8b+OZBXut6ujB+
-uvQwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMM6gfNW7Hs8z/E7U5NW/M1Y
-eT2VxqvZaq+HqK/GnxQeJUalPUbLk66F3XU5QmU/gQ/F6wP5yEV8UZALVj7OuJ56
-Vz21USzCSPGXPazeDdBQSx0otXHbKVtamBKYMn+jFqYPuPmNxUWzu4iczvEsBZFK
-0dm+b6846EQQbmI8jNru
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test2
-issuer=/C=US/O=Test Certificates/OU=distributionPoint1 CA
------BEGIN CERTIFICATE-----
-MIIDFTCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA737UO+PFs1t9bQRYiD1XQvoj5CgT
-W0o3qMiBsk3AhuMx4ozSScw86kyooet/wxn2pJeFuHhNbdmWF5Mz4kyUuTWHl11Z
-T0aauPWb15KkPWKyYGcwMPrh1xNR17ddZWhDJsgvtraLthiXLTiumcoof7LrTWd8
-lR6y9AZzJkxw3aUCAwEAAaOB8zCB8DAfBgNVHSMEGDAWgBSeHx1QV2qFbxv45kFe
-63q6MH669DAdBgNVHQ4EFgQUDby2uXBoHkNmqlHt58+tVdKbG6UwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCBhAYDVR0fBH0wezB5oHeg
-daRzMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEe
-MBwGA1UECxMVZGlzdHJpYnV0aW9uUG9pbnQxIENBMSYwJAYDVQQDEx1DUkwxIG9m
-IGRpc3RyaWJ1dGlvblBvaW50MSBDQTANBgkqhkiG9w0BAQUFAAOBgQDcQ+nXCvsA
-WSXbtnoQr+PKV/BOIwQGVJgCtsiEj3Qt04kNFEDjXnXwsKB4LNclGBe5Hi/PsxLG
-nrxqkXIoArMFjjZe4eNbkZotgOz2xN1lH/e4+5O1Ji7CbuNXbtSABVh4ZJYzZJYu
-d418yGh18wIXgBC0R7QwhHtX5I5tRJPSOA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9E:1F:1D:50:57:6A:85:6F:1B:F8:E6:41:5E:EB:7A:BA:30:7E:BA:F4
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0y.w.u.s0q1.0...U....US1.0...U.
-..Test Certificates1.0...U....distributionPoint1 CA1&0$..U....CRL1 of distributionPoint1 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        bb:36:57:87:39:3f:49:50:07:42:5f:a4:2b:3e:b2:04:52:a9:
-        1b:dc:5e:8b:c1:6c:47:19:83:1d:5f:81:da:ae:bf:ba:1d:57:
-        8d:a7:f0:41:bf:d1:40:e3:f8:7f:bf:80:ac:8d:2d:97:15:88:
-        6c:91:39:87:3d:0d:45:79:a3:b8:41:a2:17:b6:a3:24:cd:a9:
-        7b:f2:f9:57:b5:98:a0:a7:07:2b:3e:5a:2a:d8:5b:84:7d:25:
-        75:25:51:9f:58:1e:6f:ea:f9:3a:62:59:e6:54:01:d7:76:91:
-        2d:0f:b9:f5:2a:ce:0c:46:e4:dd:b1:3c:23:92:a8:67:d2:39:
-        6a:49
------BEGIN X509 CRL-----
-MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGggbgwgbUwHwYDVR0jBBgwFoAUnh8dUFdq
-hW8b+OZBXut6ujB+uvQwCgYDVR0UBAMCAQEwgYUGA1UdHAEB/wR7MHmgd6B1pHMw
-cTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYD
-VQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNSTDEgb2YgZGlz
-dHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBBQUAA4GBALs2V4c5P0lQB0Jf
-pCs+sgRSqRvcXovBbEcZgx1fgdquv7odV42n8EG/0UDj+H+/gKyNLZcViGyROYc9
-DUV5o7hBohe2oyTNqXvy+Ve1mKCnBys+WirYW4R9JXUlUZ9YHm/q+TpiWeZUAdd2
-kS0PufUqzgxG5N2xPCOSqGfSOWpJ
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2EE.pem
new file mode 100644
index 0000000000..c734f6b3b7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 84 11 59 C5 D9 70 BC F6 E2 E3 AE 65 5B 85 ED 97 AD 51 92 82 
+    friendlyName: Invalid distributionPoint Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid distributionPoint EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint1 CA
+-----BEGIN CERTIFICATE-----
+MIIEKzCCAxOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNh
+dGUgVGVzdDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTYO+uijkL
+kLhQ6RCPP/jdjZaflgwCZ/5vJf836R0+nLLKy1a5ixBZRJZpBCo38Yu0dhUSFNaB
+sb+GCrY1qVbRaAndL1k2vNJibkXPaixlOxi6ujXoOCZmRNL5bAhxosUxjp9YPFYP
+dLMaCPMfOy/cg3r/gbI2g7ZG5DYeJxyuRfZN73P2klfctSmIfAVQprTT++L0VvAY
+yFO6tZkpRVMeFN/MmhNh96414DyXFFrkItsuvG8GexZneUVQHT8QZJsX0ObzJn9t
+ctienvZ9AQGKWB715t78MU4UCRcqB++KFCZIl9lKM/VQZi/ZLn1xukwyDZ2Fgv69
+gO5EiDlezxU3AgMBAAGjgfowgfcwHwYDVR0jBBgwFoAUETBzvY1wKILSb8/SN+3N
+6yOR2+8wHQYDVR0OBBYEFEPX0sGOqiykogAik/m2vAhdQh/oMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwgYsGA1UdHwSBgzCBgDB+oHyg
+eqR4MHYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNS
+TDEgb2YgZGlzdHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBCwUAA4IBAQCI
+cEp1LqU+I90nVxwQnTlwlRtzX/Y7WOva6Ob7orHrFXCaT0ZFr6J2xs2wio7rML5F
+x5swu8SPOgCMtEh/LQdqyLYu3VP4IR1QMTjdELWliX68HJt8ySe1g3gpFchv4U5F
+JiOfSawNJqx0LPFdNNq5lJsY1BBgIvp6v9vucDcNOiASWeCDlHQzZ8AFOUMO7smK
+23qjZjUP5xAEOqeGEQ72ASfLJ8toA19FxT+JoP4A+y78d9P/kROrrPtLJOqJPCd0
+cAvuHv7beOJpeceSjxdJ9rbrcWQ3D7G/ln+Q8ljD+H74UWuo2Toy2m3Q9KaeMY2v
+r8GAm558Phcf5kn5wfyc
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 84 11 59 C5 D9 70 BC F6 E2 E3 AE 65 5B 85 ED 97 AD 51 92 82 
+    friendlyName: Invalid distributionPoint Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,788F49663AD6ABE8
+
+WghmPOUfBAREyv5bDVqkJvMinWhwqTqEdQXEEb6A12s8mWvKA5GFH59GmiF0VZlQ
+2t48KNtCbpfZQE2SjCULKif1y8ENnsSogv3mYPo0RwdaEd0on1pPBi8APrrJkX9q
+44Os0s95LRhWU/9xZalOVTJhelgJWUXt2hoCJLNy9Hy1AnzGxYWYUb3ybV5E4n1S
+69p4AF6F+nKc8R5Xq5oEbTN/Me8wn9+bmUe135SWZXlnkJgTVE1fXm63rTQ6Y6Xf
+9H04vWz3NSowE6oyoEk0+oK/e9yi1O7fwg83W/2d2Bxdfns81rBEnulLUAZ/prqY
+cg+EOcTd2UN6/MqhGfpf4ymg/uT52jpuzw0YQtyBKEre3JU6OZlhm9Q4kRQ6DfdV
+rSArKVC+rWoTR1j1NnWmP1J+Hckh42hob4OlyYCpMEVWPkA0HQLIjD3THUoQVoSu
+aIPSBPLchTi/SLAX7/hq1mhl7iu1oDeF/PoGtN7PP2DNjWYVI3lN2uPBH4eQDBbO
+4zvUEFP/6RP3/CPfCG6g14KsRTV4j3VfVAYDOQE9S2sZwLpbLrFQnJcYvgn7C97P
+kpjdF4irqSJFnxWrRjkAc6a26FZH9p72NF4JqCtQQPkvaDAhLSOP8Bf+SPhdbmym
+mf1gKde9jXG+Wh0YgjXdVKx2PvRNMaXP4ezhuQqdQM0Pg+TdnrDm0GOrCk00iHs7
+g6ZiOa1SCi1yl8OTpLiAG3Z/1Hy6Fa5u0KzZOw5C9JPO1HWC2IRuO+xNef5YkacC
+l6BqKvny/W6TzAvIiA8zLh5v/X/OH+QHMHRtn/sickxeCnAcPBxB39xwDVVxVQI1
+vZr3ya016Y5hL/NtxhxbcpT5BdzVHysHMS7QHKXKUdZ4W08oWZ/MQD8u7kWGFZ9c
+CJXfYAyp+vA/esa/grpNSVJJE7cl4bt+5JMrXlsnLEbav6mjZknt0j/zUj2LcJ70
+648FUu+GgEk7f0mWbNwnxch7wBNSOKYKYHYNPht+cia+BTX10ln2FbWrROxfkZIX
+XEDqxhypqIxAAVri3PljkDdAXwqmqV+HtBBoPc6YJvXb7ekIfd4BZIxPrJf6n/iG
+jW53P5lYJqrZ50sZva7VyihgE4q+VBgGNvkSd8V8qM5BM+UkJ3ZIk2DsegJDqiNI
+lBw9q/GGxjdMSbRFdg9lE5eAhUqqdvWlhI7Gvu37KiQ+BPVFX2Xcm05ONo0Y6DK8
+yRUynfvlDZP19+a8FEk0oEuw4xBn4/XUqtq/GbwmTx8waoVJFAc50FqDtpcG4Fev
+b1oB7G36MfBnagevljMRJW7q7GIN0ZoSlYhciH536dESqgekJBj1M4fg7+c98kZQ
+3sIHNhddclj75cYWnWxLr5CkwPYlwiwwbgczUJYu+GO0Rer6uURHr+Tb1iOi7QXg
+uUkZoSbdTxlIzfd2MeQblf9b8sTSEdDHexvnw3TJnKCZaOeeKHtK97HD1hHoZ2Kj
+NFjIRog88KW+2+JvCQws0x5wCB/1fxzTyZoYpYJMCHwlQ9mk2dinUMapefPkqirP
+moRBI9R7F7Kiysfp5MNszbAJqjkIIb5tOgH+ITQlZI76XEd26nN/q43AMccA05S1
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3.pem
deleted file mode 100644
index 2772115950..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3.pem
+++ /dev/null
@@ -1,123 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVIDlX8Ue
-jptTAccp199par4Wi+6zdvpzdmUXj6UICGge/S5OJUY6nmBMligfESDLwjhbFB9V
-wm194odW9eAiWfUenAN7i4xIyorZwf5dPqHZVOcv9M3jRBce9j/ZuO8ard6c8Dp+
-UQ7gGH0Avyz4IM9x52TNBjYLthRcxwRPywIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnh8dUFdqhW8b+OZBXut6ujB+
-uvQwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMM6gfNW7Hs8z/E7U5NW/M1Y
-eT2VxqvZaq+HqK/GnxQeJUalPUbLk66F3XU5QmU/gQ/F6wP5yEV8UZALVj7OuJ56
-Vz21USzCSPGXPazeDdBQSx0otXHbKVtamBKYMn+jFqYPuPmNxUWzu4iczvEsBZFK
-0dm+b6846EQQbmI8jNru
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test3
-issuer=/C=US/O=Test Certificates/OU=distributionPoint1 CA
------BEGIN CERTIFICATE-----
-MIIDFTCCAn6gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuS5Lgb3o+ul4HsVLgHgzRL9MeLx1
-KnKHTzQ7EedCPCAL/7h2oNWVaOCqaRzy5E4ke3W53AP0lHEyygZjKFnLw2QjEtGj
-1qytIz79bI9YKeHX1pnOldsesBJtKAfb/RBhtwEsieibfV3nFTTckFhqtMWkRX+b
-xgbfcd5yKPMhQRECAwEAAaOB8zCB8DAfBgNVHSMEGDAWgBSeHx1QV2qFbxv45kFe
-63q6MH669DAdBgNVHQ4EFgQUxeG0ipAP1oMfhg4iMi/dmI5iNgcwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCBhAYDVR0fBH0wezB5oHeg
-daRzMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEe
-MBwGA1UECxMVZGlzdHJpYnV0aW9uUG9pbnQxIENBMSYwJAYDVQQDEx1DUkx4IG9m
-IGRpc3RyaWJ1dGlvblBvaW50MSBDQTANBgkqhkiG9w0BAQUFAAOBgQDnY+V8RkGw
-+kpIYbTDHFKNX/7Tkk4ZRLWJXXk21ah6V7OqKJblsAWGSOKJa65p4GKLrf+uNvW5
-BuOTRbdFpJrjslIZ87Z8XSdWXo/guQWTLacYkBPfKeimVeBInc2uoKkzt3L3gunO
-zcm1s3DmNsCcQFvuG+GsDDn3xIkTxnTkHQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9E:1F:1D:50:57:6A:85:6F:1B:F8:E6:41:5E:EB:7A:BA:30:7E:BA:F4
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0y.w.u.s0q1.0...U....US1.0...U.
-..Test Certificates1.0...U....distributionPoint1 CA1&0$..U....CRL1 of distributionPoint1 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        bb:36:57:87:39:3f:49:50:07:42:5f:a4:2b:3e:b2:04:52:a9:
-        1b:dc:5e:8b:c1:6c:47:19:83:1d:5f:81:da:ae:bf:ba:1d:57:
-        8d:a7:f0:41:bf:d1:40:e3:f8:7f:bf:80:ac:8d:2d:97:15:88:
-        6c:91:39:87:3d:0d:45:79:a3:b8:41:a2:17:b6:a3:24:cd:a9:
-        7b:f2:f9:57:b5:98:a0:a7:07:2b:3e:5a:2a:d8:5b:84:7d:25:
-        75:25:51:9f:58:1e:6f:ea:f9:3a:62:59:e6:54:01:d7:76:91:
-        2d:0f:b9:f5:2a:ce:0c:46:e4:dd:b1:3c:23:92:a8:67:d2:39:
-        6a:49
------BEGIN X509 CRL-----
-MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGggbgwgbUwHwYDVR0jBBgwFoAUnh8dUFdq
-hW8b+OZBXut6ujB+uvQwCgYDVR0UBAMCAQEwgYUGA1UdHAEB/wR7MHmgd6B1pHMw
-cTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYD
-VQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNSTDEgb2YgZGlz
-dHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBBQUAA4GBALs2V4c5P0lQB0Jf
-pCs+sgRSqRvcXovBbEcZgx1fgdquv7odV42n8EG/0UDj+H+/gKyNLZcViGyROYc9
-DUV5o7hBohe2oyTNqXvy+Ve1mKCnBys+WirYW4R9JXUlUZ9YHm/q+TpiWeZUAdd2
-kS0PufUqzgxG5N2xPCOSqGfSOWpJ
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3EE.pem
new file mode 100644
index 0000000000..fa5abf8e5d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 40 7F CC 7C 2C 8B 21 AC 98 C5 2D F7 70 0F B2 6A 0A BC 2F D0 
+    friendlyName: Invalid distributionPoint Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid distributionPoint EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint1 CA
+-----BEGIN CERTIFICATE-----
+MIIEKzCCAxOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNh
+dGUgVGVzdDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCD0xHj/74
+p3hpJkJHrM7PT5avhjPpoPT3z/V3qkE6pwe1wFF4WGpuCEN1CsOlyESi1LoT5vxb
+BeMk588wa+n/hr1T5bwn2EfyzbLLJDbuNE4NvQunN3byvnBUw1wcEMns4WAPzI5Q
+UQ9wt+w6yt9fzZECOODbpR4vLK3BKgVv0+LCwNeNfHXaalzGgChMo0xTDwknSLY8
+2Pvf3j5aP4X8ly/XksCgEZzzosn9a+4DHPC3jhR8D4vHj6k4IDZK3gz0nw2e14QV
+bhRov6qkHFNuRNFImxwdVcaII2D3O/s7ktHvuxQYuVpu9Xi2be8FZXn48qlnDrDC
+Gn3yo+rUdahXAgMBAAGjgfowgfcwHwYDVR0jBBgwFoAUETBzvY1wKILSb8/SN+3N
+6yOR2+8wHQYDVR0OBBYEFGakshok498dtHSxxOvB7FKt50npMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwgYsGA1UdHwSBgzCBgDB+oHyg
+eqR4MHYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNS
+THggb2YgZGlzdHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBCwUAA4IBAQAU
+agmCYpMQKrh7PpozaNQM9OFYe7O27WlMMCVh+nkAsoyABAeO7lVI/ey+D9E8ntAt
+aJZf6EnG2k/DQcpZUWwGtbx+uIDL3zpaKxGZ0x0Or6OF/UjjAURx/Hfs4iOLpwR5
+jtFG2Y55j3AQMsFtXBuocJh13pLKO8rTwK31HezwIq2le9CqZh0UzAEharNYEuxp
+x0cE04sEutiOECDVaoVPUoA3WXinaW69lc/nLKI1upWoSRslPAqn472nozcQQ29B
+CrSibOfrxuN5AwmX0VPfqyQCqAwRcQLZqhZMZu2NDTGxpAe0gJi1wHrQ49LfRRSp
+Xs5hGFBfB9kzE7VuoalE
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 40 7F CC 7C 2C 8B 21 AC 98 C5 2D F7 70 0F B2 6A 0A BC 2F D0 
+    friendlyName: Invalid distributionPoint Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DA935BF2297D8F72
+
+kIAs9fHkWQqKBc6mGkdMTENh0UIAeYw6k28cbsgRsVL3TDGlRSA7ukrQrj6OlUy6
+vES23ccL/K2p7x3YdM+4/D+s7vWZU4phiu93jG2RGYK8E/r62kllwRAM8AVF0eDe
+uJvZXM3XrcW+L8W0j3lFHwM1hWXYVZiY+xGMpQH5WyNfzN5UwOyiR48/sQdUWCrJ
+meVcOmTEgFBTgRj6SdNiw8cIqRBtYSJoNYPYctPGTt4Dm0BTki659/7Cms+mubVR
+CR2X5R8/GTbb4ymvQoiQ/Pf/46VVR6iuG7nJ6n0tZ3sLAGUTDmCeBqwNKThQoYjn
+h6AK6+GFM2B2/VZu6BzvdJamw15O3fuEQJeLQr7lGzK5LbVk7whzwSEwuFkWOt/t
+6XKRCrTWF6gDhBuQTd/JtVX+Hu0D4OnI7Da5SX+sRZRkrtFduN4NrO1BHHFU6pLB
+Hr3qJYTJSkJzTCBFiOOGmXQb/uPpPZinOC3xBTILlMJ8GmTXBRil7Wez4RDyvuKn
+4UC+832/X014xmANYgbYOZfS8PBglN9DrNB0OnWgLOxsQkdI03zNu/tjfqXSaYPt
+1hu/iJJ+Z1b9f2ffL7rE7aAc7VsuL3+auL9Q7SQxAlMqxWibauoltJBdm08WDxeX
+dYRvQWnjTd8txwnjN5emJkpCa9WrfuziFLHEZTnLuuIz05rQSDbIsAD3d4R87LmM
+8HWQrOeN7fryk/dYVCrSTQAH0UT+RlFuTsQmGSEc/3dl+LdK09CuG40V86g08d12
+Qku5FAe/b6yREqZhWNlQjWolfkQzUML98Ry0mekZuWqKwGkSebYpk05S/DxcSzPX
+6PNl4M04rEM8SlyEFwNbTTweKgJ3BdVFixhp/00MeMuBN+x25/MfqVCxCOEjmZo3
+ossHKoZjpU2eUgaV1JQ5bA9t4Vz3wBpA4sXsATFcH7NLfW1NYL5lNS6bg9dGsyQ7
+U0z1YrmEcAmaId6BJbALu+9B0CKKmpCy2GGdX5s3iQ9v/U3jTCKMOHDsAzJid9Se
+aneyFZacnAmAuKSGkovHIdFRRpQ0dDt4rIMvY0zmhGy0PN1F4Q8eB9I0XIUE0o+0
+Tyqu6BTgE5qXD2zAaSi6s5/3PC0dJz5r1Zg0J0h/uvXBsIEDXqFB9/B3YS1bebiW
+z/GSFpsx4/qYjsV7kRZNG4WbGiHu0B/TZ+swQkeYBawORdDWZa8YFDYvv/WzWiP2
+503mTd5dIYsI1f2rBexeapv/oZKG8pwOQnBo+BbfVXp1xgC7Zd92N9zv4RcrXG1z
+jz8Lsy6YQLRQxuI/A+u6EBWUu/qWslbY0PnVQ1njzR+pxQKJsBV4vJrX6SFTRZ/u
+IBUe0cEGZ14yaZOqypyP4SsqlpYeEqRQd7M2KiLJQD4MGnSqkPh1zr2bt9KbKEOB
+D8jcIv5zLynb/YnDCCtTU0XKIWWMhS4nj4SSYoH42tttBmFHWAHF0txr7oqCQxoe
+SFWeYw1W2KgxosKPa0RJmHvpHviapcRJrfE8pdDaYMSKQKzr9mcCCv/2jpgFpmJO
+F2DNjtfScbY1D9sLK2OmD+NTWMO96TMTrVUzbps3DASrEmRmknj1hQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6.pem
deleted file mode 100644
index 0d018c8e11..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z
-XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna
-SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK
-u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd
-uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i
-8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA
-p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF
-nhKgwK6jkVuYAf9HHtVh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test6
-issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA
------BEGIN CERTIFICATE-----
-MIICxTCCAi6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwbnDywy9lvaPs3ihfyfLPtBoMo+v
-C+fBtx91KNEmBz2ACO825iLx9Cyq+vbSLMDPiBbEbBpUtXDAXuaa6omJ1BnyVp+4
-dDmnpIB7IZm6z2mwQ1/xp1Nse1vb1zxkbDnMVVpkSJTqaTqMUnR5s9ht0XI62DgL
-ZEFlpTiBkCVCWFsCAwEAAaOBozCBoDAfBgNVHSMEGDAWgBQ6NIsF43ZYWMSHBJh9
-fh2MrF25TjAdBgNVHQ4EFgQUNTlA81m7xBu1FOhMV8hYWiP2hpIwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATA1BgNVHR8ELjAsMCqgKKEm
-MCQGA1UEAxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcN
-AQEFBQADgYEANn9ezG9vEUyKzHQDQt0yQTrF9KcG5PUqzKQiaIIzKvEBLX9d/nj5
-N0wEpklLq//fxWFFPlhZS7qsDal+jjkPnccIlgIDLNAYYOXEm05+6eeXXKMKwC9I
-TdJghmMFwSDvbp2s/dnQvjOrHIexlatSbbCEDS9XnSeMmHVJ0lx7aZ8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0*.(.&0$..U....CRL1 of distributionPoint2 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f:
-        e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0:
-        1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e:
-        ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06:
-        bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3:
-        fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95:
-        a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad:
-        d9:03
------BEGIN X509 CRL-----
-MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY
-xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE
-AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD
-gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis
-MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6
-OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6EE.pem
new file mode 100644
index 0000000000..586acb4680
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 36 B9 D3 99 DD 92 AE 80 2E B9 68 DA 6E 73 9C AF 01 68 DF EA 
+    friendlyName: Invalid distributionPoint Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid distributionPoint EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+-----BEGIN CERTIFICATE-----
+MIID1DCCArygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNh
+dGUgVGVzdDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV4IgjGn5Z
+rdXDjs4TsxeXIQB2TgPlOe/PcBeqCUIlP1YAWrevsPt/Py2Qr2EYRaMGjtGGtgok
+tZGSrRRCo2cf187WWyAs3iycMhRIwfh4ZAOC/kGhKY2nsZeScqid/3tlB4HC5xFt
+fpR9Yx3KU/KNKY8qw8ecHNayu3d5Zj6RflcvQuv2LmfUWorIYBcv+Bm/lc83Tb6P
+cGem7WLCqN2AGe2fbT+IDjffHNjJyuAILv4EBAeht44bkNNGHyjkhgMxkinJmcuV
+kdwTNw8Zo4M6cFrQzYhN4nAwJknflLWB4Pkoo0++ZoAyuf0HGVq+ZmzHQv/NQi1G
+XxICk4yWBq6XAgMBAAGjgaMwgaAwHwYDVR0jBBgwFoAURGzu229/605Jf3j+zeUY
+oOy7YGswHQYDVR0OBBYEFHsvpwhX2kU3OE6JlvWn2bNsPJJUMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwNQYDVR0fBC4wLDAqoCihJjAk
+BgNVBAMTHUNSTDEgb2YgZGlzdHJpYnV0aW9uUG9pbnQyIENBMA0GCSqGSIb3DQEB
+CwUAA4IBAQBN6kTmJtDkGt05YiGKwnHkV7cbwRVAMCzmco2ulLYMXKsYGOTTfTYc
+w5qlHizxUygLyqWRByTpFWA8NXTc8VGQOrBrhtczKGdE2tir9bH5N53PcNWTvS0g
+GQr4AkCpd/aBm9WIx6iK4rK/f+B5E9TxLkJiubbbV2aWz8LUPpjU+9NxUm53ihE7
+XNg69ZhEqU1f61S6k7Rm44sXrJ9jQvD4ioC2FivP8H3NmQxNQlkxE6eo9cZqaW+n
+jeulLanRbnGTCKr38w3sjNJrWHdhserC5owK+toTPkZMNo7qQRrIvEVFiY1x8uOZ
+qPv9L26IlojDBKab6fjPOSZ6EaYaWl5L
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 36 B9 D3 99 DD 92 AE 80 2E B9 68 DA 6E 73 9C AF 01 68 DF EA 
+    friendlyName: Invalid distributionPoint Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DD4CD9F490AFA91D
+
+pDLSI0fVUz5UXLvYn5W7dr7xx00QG0G1qW/NGiXRvwwhXzA1BPKzYPqf/xJe858X
+nuONm7bsOuYWrvTIRElM1M47eRITuqdYBbNGB96UK245A/T/67C8x+yVV3r26YoQ
+rnzbreb7Lk0xoVtDzG39BtEJQ2GnKEtKrQ+jhhAta4ZhAMTmaCD/JX0iCVHK6Ine
+tHbRK9S++B6RIX4LT5vBPo3CSBhXMT1hK8i4WQs+sfYtP/Kj2mgx1baZBMlcrGYT
+5F6hK80aUeJYpVxiz4IhKkg8ssTKatMGDULSR9WiuUbWCdI4A3IT8iuFzb2yaCys
+A1rKtUrbkufE0dsn/jceYLhpbHSLiIwDBy9K1+M4RzZk8cqe3urgFgWNN4usRX2D
+eW/gS4EWmcgvHkWv1Pi3YLuU0cYmUtKzryOTInMEyjbIKkRqhTsffPdiXxB4BpFn
+R8Tk1x3MZvHtt/j1NGiWX5f8+giSqfXuEDkjKFHuotsRuEMQ8tJk3KRJ9imVeQSQ
+NIopXNxypyDurLYE507f2rxJgvRDVSSk5a1mPdXw4H1YJWtFJ49Wa4mNWT26oEPX
+tpz+ifqIiAwtU7RAOJRSdbTaFmHh2gx7PocEE+26w6iQMXKqHTsooq4W0QKPk2e3
+2TON2XrEy6oLQxcYNwVucfVCkOddpcQyXe8D0UxSkiGFppLoGPC90SFI03xwj4Hl
+CiITSLznaMjXp/t2dT5DHNUSNYn3e0h/RGz190StT0Jrx31UvHeO1NBeKdKDAod1
+x54rH5ePECBMt9Wzd2zTNbpFJfSuNP2WCWD+PGji44ICpGYJlgRsNRzw1wED+cwW
+6txxmDBXH0kudLNE5aCoIvJPBJUkZxwu2Nib87Ekh4KMYPHs8k2DXfk2txPl6evo
+rRNjDxGT8+YAMmuLAvNRw8Lvco0GsQjrIzjUED9lb7qmks8JBaJN2gYztPBq8LXa
+NWU4mFGBEkRvJI+IBLZ5Cv504ztosfcuXVTQM3yW1fM2kWQYkkhaUfMNOEWrpGMy
+epGV2SU/ZImnpQE5azAeoyI8/g6Sq/TYSZ1rAsN0eiTTOb6iu9QwQ0G2ISPWpWbN
+DriYzoGWAfpG5qElsKF9+44q95TPfOg6VKoxGGWjdNfQpduS7hcsccchbJfvOcgQ
+wL9mubUhRIsmd+80TIGmsdlkkunPCTDjrr6A8S4VCSFVMnWb0pf9Pz4E2fgzNztq
+oZ4awGu2A4f9JzPPqYGNzAEJierpDiOIJeq+a4RWmoSXqVgVJwld1J03ZrcttPao
+OWlQilY+M0+nNpGJ84kW/ClsLFdTWEek4qpkbNeKAdGSkWsszuQh13wZ5SNpx2DO
+GXELXcqTCSX5ykAmmyTNZpjIU/wYgOPVVeli5WYtnOSM7na4iZNKx0q/vkLxKwv8
+v6PC/N0K8OxmImQ59Dy51UOxhSQaRGKCzZTH/KNPF4R2oIRogu/iv3VE02g/BHdi
+i9MaUbYL6H7wy+v2qNzu+XgFhvq2pOEq6raWFFwN+UXsY5N7FHgr4YuMYLTIzpDU
+w7LBJXMtUgCPkIiv0ccWHnsMu8YpMo/GyZ1nTxASrp+ADPRU96+geg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8.pem
deleted file mode 100644
index 2ccff7ecb8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z
-XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna
-SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK
-u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd
-uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i
-8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA
-p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF
-nhKgwK6jkVuYAf9HHtVh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test8
-issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA
------BEGIN CERTIFICATE-----
-MIIC7DCCAlWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtqwbk/YTst4JgaZksbi+cItOdDg1
-ZDBk0znRRey4EXHLWBRaSV8RAAw9bNbbQEuq8IgHKD2Gny2ObJsV1WXdoGXwz/Kt
-zGLxkxN7VMH/euhCh/0aMr7sO4yRZgC72ub09FOxmDtEynuiurF5+jGJ8FoLHkke
-TMWpLls04hy4ITUCAwEAAaOByjCBxzAfBgNVHSMEGDAWgBQ6NIsF43ZYWMSHBJh9
-fh2MrF25TjAdBgNVHQ4EFgQUsMTcbBp2ScLfBL5qe3q9w9pjVuUwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATBcBgNVHR8EVTBTMFGgT6BN
-pEswSTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4w
-HAYDVQQLExVkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQADgYEA
-lvXRt3px1v5T+WzaqJpecpxWzan+l2WrMC4vCYTcyFyQvQKDZl2jGO2PubJTDLym
-xwenSbt7quBVMKJ9pbXkNe9gFQInbT/3+NMPsI9Kc3Ajn7cfWW8TslHPaxtG5pcM
-XQR5wls8vzdmE9pirEbf4HDsnKBfC5sP1GOAYhIt/Ms=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0*.(.&0$..U....CRL1 of distributionPoint2 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f:
-        e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0:
-        1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e:
-        ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06:
-        bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3:
-        fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95:
-        a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad:
-        d9:03
------BEGIN X509 CRL-----
-MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY
-xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE
-AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD
-gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis
-MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6
-OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8EE.pem
new file mode 100644
index 0000000000..791d9ca257
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 14 55 C6 99 6E A5 E7 3C 42 E9 30 3A E9 9B EE 2F 04 5D 2C 93 
+    friendlyName: Invalid distributionPoint Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid distributionPoint EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBBDANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNh
+dGUgVGVzdDgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC203pOwsFZ
+g4ufpsQb/dtjKIoc8xzFlvmEwLV/KKdqUOwpmtCAVzP+KVT1S77NGtErNItytt9l
+lzeDn4Kdu/Vgy19LLbjU2RPYbi0WqXihFrh2Je9lHoc+Rb+pofpf3M8Ou9BtqKRg
+pSpqR7Q/d/uu0mmlpqKXRTM/ok1ExfFJoub3C0siQWRmHRDs9ob7qQK5erpvFNf+
+R5HTEg/LacOauYWGuD2czWeZ7iYhCc1G7dAdtq5ufauPA8LzSSROvzhp62Yaqhme
+vnBStTlE01ZtT/quS5shxpcn50EaI6Za51oW49fzQoNjeCm99cXZLYfv32i7Xga3
+6jhZdZLP3NNXAgMBAAGjgc8wgcwwHwYDVR0jBBgwFoAURGzu229/605Jf3j+zeUY
+oOy7YGswHQYDVR0OBBYEFIQjF/h4qPlUpp067Gu9q64IfsVZMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwYQYDVR0fBFowWDBWoFSgUqRQ
+ME4xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQELBQAD
+ggEBAFEGXuXGGGNMBSosWxFRbvB1/VkumjXFubrMkUb6n8RYdNlBiQ9aO9QsYXoO
+fRoSds0ZyFvClBV5ohPH0IQgQrBKDUmUdas9BtzACdjjeLTsPNFLYR1BiKv5iCWU
+gLuakMFiEKCJXry+DglaJPWQR63b/eQWvXuWixYxCX/urpluCvQrmTQcbhYlHzeJ
++s7Fbr+IEIsn0bpyd5fFXkuw70Yj4iYwkA3GdD5/KjHRaBWj0sfUz1RJdHzZTNce
+sTW6RZtz5eHPIIj//1G6rB3llO4eUijSTObnl8VXzkhTNyC/Ln/IkI71RCerrWpL
+T2WQ7NXT+oaKNdWkNV2goYgdFsI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 14 55 C6 99 6E A5 E7 3C 42 E9 30 3A E9 9B EE 2F 04 5D 2C 93 
+    friendlyName: Invalid distributionPoint Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D8EF51F4CFB3050E
+
+9lUj0kxhfaJBYQ1BPgfR8YhA9kjcjpsGE5na7KM4T2HOCqubF7Bpmbq73W0m1ngY
+SKXcBkURwCcnZG527YQ74pf+HZ5Ar3yrE4UVAnMqlRCzEoFEvereQ2/MUobb8lxE
+E4sPKBXCk5XJ2/xj66U22wQycB9PEJahIGSPNe1hBl6UPLdBQQ4vBzQMkitAarjx
+K2O61FdXBZdqPNf7uwoWyJhBOCI9Yf25b4+90RkQhYhWE9g+CYI7yEyujayN7+a3
+Q5Eb2By5HdituZO0DWQDmJPvVACDACFTOw4jE1uW2c4CTOldSLMoci5MlpuMCY+U
+v1ymketI9rm1wKPG+4Aagvcgyf2gsqx1Zh1f+YqkWcZ8VR/1ohplPpzS9/gVtlUu
+2xNu+KUojCseqzbwJxWOqEEqbAV1YhnT9h4dkBFGVCUNhZRieeqli7E13/+XHLZv
+z2xltvd1xBEfr5XNv5RGdpbD9L7/X8reQLHkLwOi3w3fBHAO2uw3aCt6fWIHT8qv
+r8o3mP/sJ3M9kXuLOkQaInswafzKGzvVhE7/FeGLAG3JiF365aiVpCedeYaWhTL4
+IUG1km3edyZXyAs1NntHB9WG3RPtR8jNOdbeySZp04Cz/nHYB7v+Hd+FlecDnl0W
+fUEXAAlPlRS3J66bKP40QlnW3BSh3+ESwXy74MQIoKXpMdTG6oU8efp5x6wVjMG2
+VeHJRC6WMWwSqSFlugyV7csoqcym0L5jeIw06LAl/OrqohEdZrp5kOK0S6ZIkyTA
+IiZgHK2R85m3WjGw0SGWj9qAlKm72syDDvkpkoet1CWbeQZZzF5r4MCNtskNTOTv
+EvKMsThqaI4Ao4yT4Hq98/DMfscYC+mlymvqOUYxFFxHecQ4QKVsUv5IpXmplYBS
+vi4jRarAxk8HCpwAGzZ43NSA9Fv3fLaxlTTbf36itIq1LP3h1AtapkzOoac6KXTg
+25IPi6VtLxUIFWKEwzhkNB/SLiNqAgCtriVEd/P51OorWDUFYvAZolVmks/ON6Il
+EqHWGsBIfUKHhX0dk2684PekGEAZr7g4U9/Wef1WMkCYppnhoH7tUEqIJkuuqyYL
+MEIl5OxGgeUnr140Gh7bx48vbZZPNLBpFRzWcDbi97Mw3VDxTUIg4CO3LHMOEMff
+Wyev77l9sy6cp/+wNJaRnlnlbEPKo39RZrow/awWFzJLTqee531PTaOxzPL4eO+i
+b+lMquN2KO7eGSndp14JLVL5HHZS9O9FiYoapjr7WOP9QLibL3MlbQhecRG5X4EB
+pxGIesurYKuDNirrwuG75HIqNo1lczQNpX0qBZ3WxBqQH0u9PE3/IQXLEPGm3Ka6
+2erK5KYHf9fGwGpDSe/armKLhTU9hTGXJWY2UtGg5U1jVjdQFqD7AkODMP+3Xhdr
+8pMMe/ZLj+I9Yop4A4g/BD9cEqc6gzM1GidFu0lP1DkVFTgtxaUUqU+dI0PCLD7X
+d38/olQaUKrmjlboL+GyAuhI/h9wFS5eJT9mpYcADjfZgRS3ULkcwC6vOVlC8KGO
+Gro/DBndgzyF1QCOL+uXC9L9MxPlbPDssYbqcJjyOPbISo1FfYp7hg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9.pem
deleted file mode 100644
index 3a3eeefc07..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9.pem
+++ /dev/null
@@ -1,117 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z
-XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna
-SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK
-u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd
-uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i
-8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA
-p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF
-nhKgwK6jkVuYAf9HHtVh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test9
-issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0/suVDtpZX4ZdGIHhrhtDHDiiy4k
-5awaeTNhUVeZhKlIDNnniPSVG5/0Q2JlWvIywo/Ch0y41j/ihleGbI69zoL1p5z8
-hh+yK51J32JdQ5gpc49P1NnVtoNSZApTJt1VUR4LwJv1/AhIksEEOg6YHN3/yq/C
-wVMoMv7wnisqqykCAwEAAaNrMGkwHwYDVR0jBBgwFoAUOjSLBeN2WFjEhwSYfX4d
-jKxduU4wHQYDVR0OBBYEFLYB9DyXTb7g1exMOFd6gOIt97g+MA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEA
-HdkglZQIYTBxilyAJvuFkSrvNo90F3wuIb0FmfVrjH6Hs147bgRF9nsp3sh/VvC4
-gf7pwYRING0tY/RV+n79U2FxHcE3MN6WNGA+GX77LcWth+s3Sa6Hr5QMaUcapGbq
-2B+bkzQUiWX8sXPvX0KWzBmbcY3Aup56MpwytlF7ywQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0*.(.&0$..U....CRL1 of distributionPoint2 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f:
-        e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0:
-        1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e:
-        ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06:
-        bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3:
-        fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95:
-        a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad:
-        d9:03
------BEGIN X509 CRL-----
-MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY
-xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE
-AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD
-gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis
-MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6
-OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9EE.pem
new file mode 100644
index 0000000000..aa001dbd71
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: EB 5B B8 8B 0B 10 C2 79 81 7B 27 2E E7 9B 75 D9 E6 E0 DD 62 
+    friendlyName: Invalid distributionPoint Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid distributionPoint EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNh
+dGUgVGVzdDkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLKyk8HE6e
+PQjbQTZ9IkLDPjf+22btjiqAtAWS+6W2uVxyU6dliSHMswdSVOO+08YgmZtcRFVD
+rsw85o91RW5i4Pm20IIeCBNf+WVgmFUJ7t3uy5biH0s930zWyxkCqfyI9eKrxia9
+ej0hU1vdJ4K1L0XBSDpkHmn3vG74ARa7k2ZrlnD5NMn7UhEegwaLs8RKTCcH0kWW
+u7cfYgBD+AUjTbP6iR1ll4V7UNIGVcmyc4LdSnZE4+ihyWdwzPGp/E4ph1G6lGmX
+1knyIKhpIC9BW92e3DMCAPA7DjBVQNduGqaCIxrZ3nPk3GBVXqumNowmVb8+K+kN
+0CAe6eX1pO2BAgMBAAGjazBpMB8GA1UdIwQYMBaAFERs7ttvf+tOSX94/s3lGKDs
+u2BrMB0GA1UdDgQWBBQHhKpeEYEjvTDgLVQu6PXIjYv0CzAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAq
+yXgKDIVqTrgboHhLxi4heoZnxuohXK8Ag/1xFQ0DWLL0mgLemNqzrutLhWwQC2LD
+MHXbDT9B3ZgIOIgWBVDG2qV642Ln4xG5VCug+AWk+N2meTvDUaE7HtjQ9qvL4Zbn
+X+0pafFSuY1q6xcW7s2EDggf7hnnyb86LXSJwiP5St2er86QJ08Z47DKrrEkTaJY
+mx5lhCJYdtA0/pWeS4teEmDskJU8GDRlc4ZA+okCHVgU4zvLig5t5Q4tS7I8ICd8
+KtstuDiUyIdVy1MN4pVetIQO5cu4kQfCliHKH99+c/QYz3GIzz3U/9TiMv3wBlLg
+vZl51izphB8ha9hzCzJN
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EB 5B B8 8B 0B 10 C2 79 81 7B 27 2E E7 9B 75 D9 E6 E0 DD 62 
+    friendlyName: Invalid distributionPoint Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CF20677602086B07
+
+NYiiAl4fxd7wtuqSspb2fJi+hJaU2mxNuf1QQdw0Jhr9EmD+2OhqGEbaUBHXw62X
+6rONswcLoz6oawOaQtnYzbG36E6b5q1cgowCc6o4+hk/T2NFhVZ9GOaEbIq8qqXB
+iZLOD324II0VHMAU/OOkJ/l848dMiJEJTizxfiUAB5er1RgFpGF7eqqkjy4OSd7N
+q90RIhoSgWy8+wwOgZ5Wg2fdxki9Ja/UvXYuYMY5qAGFL4J1+vjggLPLD8D+gN9r
+Rgj4Zz/MWDY1brdY9xjHFWUAxvr5s5zpXQg4U3GFAd4PJZRthvw6ta6Pta5cKOFu
+yGkTr9UX6PYGjyxbnEcdKXMbnl0uAIkXIacGUdVxhNHVLxDsGN0k5mF9SYEkH0IA
+AC0B6CYLTo1ATTCqucvINxXuoV6AwbC+IbWq95RgVqxgkn94BTdGTsal0fv4QzGE
+4n/P05tqdKZYVntp9YTDGGaf0mbFmN3B68mqWghM8MEW31SB6uUqIdnZtF6FPjgg
+kKnfuIc0lTpc8YKh/UjKiyF2+jvN11v5srJ0UyUnUmI+5R6uTuYPKBbIkFydoFHU
+66iuXfLjilJMD9pw370qxTVfaLnVtDZbhyj1oX6zB5Knf70EfyClSbEHgXxwZwWP
+OhmlGxGD3ggeat+uhlETH1qiZfH9c3fUN+HDhnVC6tzBMzQmpk6Q2VGpvvcjc1Qu
+7S9wB/6EDWKyXliVBa9W5+woKPOWs5cOkuUyPKNgUhTu9dwBwnDZo9fePMEnznb6
+xJ1dIzwN7oZp31NofTiNxTKt1i2ih9Eiiqy2NlGUACuD+04CWTKvi89V/PufCW/W
+q44dEHCbm4PrLclSI/rqs7NUq5zsBMRkcgFeEe1gARXGt+qbLEV4spWBZv8DzuJ3
+xL7PQuAofN1dOHSSX8aP7NOBEWMt0Zlh8lpu0UJN8xIgLQciXrb/QXevYrXugqRe
+TdH/a3o9IqjabXbMM7qPTlrsh6D4xv6aQHmht/4gLgpPZxua2xBFDXsdyXw9i8Ic
+wPd65o00smrOeJjDsVdbCrPSCfJDUUoSIXk8G60OTSY0R0vRW7S1Wy387cF2vYH7
+LEX10/Nm81xeKzDi4cMOp/hPtGSEtCFj69eeDTVX8+oVRwRPSb/KZkYNq/JaHQFd
+uZ7jbqNkomrAK9PAnBdZAHwSlNOVZMPUWMCQOPcTP2rKC7IVrjtzmpvfvuNNfeOs
+d1x1Z3XwdhlKr8aNff2BjOlmuH+ZTaua8CJi93Qf//+klpWxCLVniHIea9ZPZ1VI
+tVeyD+MuQlEoHVuxuKnNvxDp1vzzY7IRT1uRpjV6bkfetq9LcTdiZtebTQ6sVeks
+/fzUyrkD0t2qC27lan4YlFze/0bILXeVCuGt15uyv/N9ug3Im4xQErp2vnZRpiR9
+uO0dkBnpw2b2YTex9j974Lb4CYqXouq1LwEKKlvov1e6i+9A1DI3HOA0TB7YvgNC
+p4Tq2SVf3bp2OfSTkvMfaXTyW60iIxoeuGFPfXf5u86uRBqjqdREJVLkH7Epfvsk
+KFc/qbi9cdzybWqfS6lpWZNaCkZu7wCFQX8X+ohIEQdQZjgb9gQI8R68U/KwbBSl
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1.pem
deleted file mode 100644
index c873549a35..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitAnyPolicy EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kwIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYTELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTYwNAYDVQQDEy1J
-bnZhbGlkIGluaGliaXRBbnlQb2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVzdDEwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALU75+fsqkoJ1rj9rLPys9PtX999U+V+
-71N40CaTnqxIlY4+U6A/BBm3iqNTQdcyEGo3Buy3OJEELx0+8jI3Sm9ja4iR/4tk
-gi9OYh29Ps0LcRyqUihECPaPFOvI2vEFJId74DFoUPgwNfPD0CzYkm1bYwNcMHwb
-0QMmUcxk8yTDAgMBAAGjZTBjMB8GA1UdIwQYMBaAFJ1AmGAI5sj9XNHYLwvqAOwa
-RQbPMB0GA1UdDgQWBBRgJfQvy84RFEADVPWlCcnfV9YiljAOBgNVHQ8BAf8EBAMC
-BPAwEQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBBQUAA4GBAI1bh7Hi4BQZ
-w7LpH+0QxTA+hUMNiV3kKdM9vhGFAwm+UbQvTYeIDaIpDxX42Sv2j7Vw9Z9nkMc1
-UyaIcxezk4LAN4vG3WIJiO/eAFuCz49QWhE53AbRVprrra8N/Mzv0yB/8ysQ9fUJ
-AVMgwRz+4Fd2AoK0CWNHeDRUD+IN+enU
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBOzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTAgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALXCzoaXAEbX
-pgMPDk3SCu2nzrt+I18MsI4lg/0oLjQAgPsD0np8LOGHMzo3UBtfJtpV0BXCc+E+
-+Ni+ehXFWfA4BXjFc3GdUdJmn7y3F9X7XSIauTE1GSYR2+bMW/IRbmjpMDzldmRs
-WNb40N+jWAxw1h+YN61Pv0MD7Ef2ds0NAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJ1AmGAI5sj9XNHYLwvqAOwa
-RQbPMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEAMA0GCSqG
-SIb3DQEBBQUAA4GBALhhUDb9VolIM2bKpbpat4dNjGrkOmVT/HvGBl+FGwSXa7Mj
-cLgZ3WygZ9gil3l7X+wL7lM9zKpXljV5WNpX+58RclQ2kK7Yk4qcY0tpPEUn8R4/
-9yg64Nferl/2gn9W79ODU3BiBFF/GiAJJ4SiwvLWl/JnPDoQuJv67IS24+Oa
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:40:98:60:08:E6:C8:FD:5C:D1:D8:2F:0B:EA:00:EC:1A:45:06:CF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        60:ab:a2:8a:e3:22:04:cb:95:4a:c5:ca:68:46:70:0a:d0:31:
-        b0:98:cc:ad:4b:23:8c:3e:fc:b4:c7:7a:93:0d:6a:31:68:c4:
-        ff:30:37:7b:5c:48:01:6d:e1:85:f7:d0:9b:73:53:ca:62:36:
-        00:5c:29:c8:af:a6:40:62:d5:f5:af:32:a9:4a:b6:a2:a7:0b:
-        cb:bb:72:2e:3e:0b:77:64:17:8d:2d:59:2f:fc:cf:2f:1f:a6:
-        77:83:9a:7c:68:b0:15:f6:5a:63:67:74:b2:3a:fa:74:b8:d3:
-        a9:70:e6:87:04:bc:4c:79:ef:c8:b4:31:70:17:ae:f3:ef:ae:
-        7a:3b
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kw
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBSdQJhgCObI/VzR2C8L6gDsGkUGzzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBgq6KK4yIEy5VKxcpoRnAK0DGwmMytSyOMPvy0x3qTDWoxaMT/MDd7XEgB
-beGF99Cbc1PKYjYAXCnIr6ZAYtX1rzKpSraipwvLu3IuPgt3ZBeNLVkv/M8vH6Z3
-g5p8aLAV9lpjZ3SyOvp0uNOpcOaHBLxMee/ItDFwF67z7656Ow==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1EE.pem
new file mode 100644
index 0000000000..ba817eea6c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B1 B5 95 BF 5E 4E 68 BC 59 6E D1 37 D5 5D 8A D0 31 AF D1 F7 
+    friendlyName: Invalid inhibitAnyPolicy Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitAnyPolicy EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy0 CA
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTAgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBm
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE2
+MDQGA1UEAxMtSW52YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRpZmljYXRl
+IFRlc3QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNW1wTtifNXg
+S/7/6OTB9nSbSKSw2BLiidrM8x0nGdCwUY++tWaryTAV6tJVLmfDOSrlcqgNgubo
+U2ufM/4Kxrkt4I7I8V7GIuXMVSOSG9DjroelJDTfv/PKfxd/Eb+6mV0lrfempURc
+27X5CfAfKmM22sCPohtfBzKwjsi22RA5dZ6nlUygOhrJgvz3D7/3Gzrrnt+fEtye
+USyq+8nR/zXX+JbOi9gC2WsZMvyRb7pR5+9Lu/qQjXQldZaY+trrEfUmLRUmrxUZ
+CwFjs3eV+vObbmsXnORZWwuTPhw/GBMx227uefpgnZ6x1uJB+YEitiHX72MDkS4q
+6I4Y8p3y2wIDAQABo2UwYzAfBgNVHSMEGDAWgBQYoKB6av9qnYWCJM3DJoX4v4o3
+BjAdBgNVHQ4EFgQUBKSzfwBnruEoSD6YjRYo9lI4/ZcwDgYDVR0PAQH/BAQDAgTw
+MBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEARGD3khHtk07o
+014aVan3Tjr0c4mX7zn4cgm4Vgep+/DOtUEcV44m13/YZ4KjUXR9zaHc8OQhOZW2
+oWCAaEyL0Qw4im0m5LVWkKhlomLU4TJPT34u6m2xlURUwmcUkAaaKf4Jpy949zH6
+x5SFLFB0VCWUgsxSgIgTI0cdl1gnd8WE5nsc3yUKbC/1HRscx0RgjH3y0UFE85FC
+fkcICoA6prUdt2Q328dRd+mY82AI0/lD4Amr1gvbyUC1M0znxTsCZPNHRPQDVqbx
+rQLcUDlh4004RiOEkfPyvm4OsfTD8df7euRyegy/gPde/vipEYQP4bARJalAC+ae
+/U1rEo3zNA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B1 B5 95 BF 5E 4E 68 BC 59 6E D1 37 D5 5D 8A D0 31 AF D1 F7 
+    friendlyName: Invalid inhibitAnyPolicy Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,83990521C98D081C
+
+PVZi2XabBgzng1zcjU/P0sUAiwIEJmPAIQAnbG9kzRvv+a1qFXm6LvXFsW/lb+aO
+hZPOcBrO4ABhZl3ctCHpMDb2oHpQ2HxA3y2YgS+LCm/+VR4LbO3TCTmcuX0oKGWD
+4wqbJQKmKLzDiXNDvZYm/7FMmFtp4cXVqECiAEAx8peRlfEj4YvfS3vQMXWbLCK7
+v06Ge/HJJ5byyhIxRUhSMSZdPuhZLq6UYw0wAdpW99f1gEv7GPY2MVPxJQ5pDE3g
+4xeRGdWAYdUSPi/eSj3JDQucMV1ujm9DfAPxc/LaRo+nLcy8FCvrw+HmPBL778Ic
+cN6ryTqjzsQacPrhtvzB91BbMKgKRM2rgPafgmSmNBcWFE++X5OJUQe0/4liT4Sk
+tFUd4eahfXj+LsXoqlJa3l+jTTJN68OivyHNesJm75mRFnTkURs5gNBCwibs8wlq
+SSDkQlUEKXs7/6Un9hpZj3Xb5Uv0jhXpAz5iNfOe6+z/nLYB52B2cGege0NZPNot
+4738AyHrxPIxYanLiFZCMA+X5tdfc7sgMi6siY95c3VdWwdkVVk2oYxJ0QGYR9/b
+D6Si23/trJZOVbfIkqqOYTR75T05FJA1p5tP1xfKt4+/dcJ4ZO4q6dsEvAR5RGqG
+VPpRyhFYxGBqLwncfYqH9C+vZ75uWyJHAxC6G0DOre8h3KUOs6/DsPBe19c99oUR
+G8/65pMxrGrEcR/T79CKbcF8zEMC4xexP+JAvbILdEMO4b8IgfPlNGZRjcok0VZ9
+Y7WAOlOr/Wj5qkUKmHYbCHb0+Y2uawZW3kA+TzBXvAbddzL4gCELIo5IFig0qG91
+6TJyn5EmmAy3B8J8DFioZBdy4zYw9m6xmpElGpSzFHAQodqCNlREiwihhG8hI2Eo
+zgVtKMPoY1h/722M5kMZnQ33Y30pi7Dqo5Eeph07pI0G5wxJ+SzyKoAqj623Cdz0
+ofxRLoWb8g0BVfJ/S0kkFhgG2pq7Z9/huNCBySk1SHwT+wqWXT4l2AD19gvSe3QO
+SgVv2igWo3Kc8ORbYxW69szAescLoee/50Y9Di/uTNaBd7/KV1BVaPxocVFNReGf
+17nZdjRi9N09FISZ3kRLG37rl7A1yp8ihdqbsVRXo+TSsW3K3/mjdkJjhC7IveRu
+07nSM+xo8BT4Lpvd8cOY4nxTJ75r159Z6mRCeTDFsarjsRg9ZZk9+qvLFiAY1JvD
+5IDb1zpVeo6NKTIbD2u1YrArI1HR1A50XGS2R9ywSv545A8imQFH/lh8rJdW3KQU
+BY73YnJVg/TlueyKzIi2nG5+S076S3QIXbeKegtIoELxMNvMogZG3UoGN+MtRVtJ
+pCK5oBbOg3zgsBtyPYBu4RLx4TYUBudsZdwa9YFmf0OwtKYl1GVoUoNeAcoZRX7S
+DRkX8PLWdbVq6f3n3AthHZlGp2T36yc2gFU9JOupUb9iXutML3cHpBelfBhmggBo
+5MIoQKb9huNXTJV4WR4tV0vGKqi1gkcsJm6kN8SpxrgyWqKPl8GWxc7oWxSVQRjs
+d0c0xL+s6Ffz8kM8dHl2O2SL3yFHdH4IF1CJV7SfwRTqF/r/g9SIMg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4.pem
deleted file mode 100644
index a81968caaa..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4.pem
+++ /dev/null
@@ -1,159 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAMvuM5rrG+hunxSZwR8TVsLND7teVaTAzIxbnJv0xpVvawDeQiN1A+CIdJH8
-TUXrgcfdU+E04StBCqDRBr1+DBMt/PuBDS/I2PcKqBuP6sfkSDr/lPYkbRBI8wZ9
-87H/ke7seqh7cSVORfqg4KupdEE3i2gxONHlTT/7XV0C5aOlAgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFGbbtZTHBcSzPiuRud/IqNBNKzREMB0GA1UdDgQWBBQpIHiUjoSQ
-KUJLfKsOgyq+NVs8FTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAuKZUyh6gvU8Ab5pl
-P79yddRQcx4G1navwUD3YSS7q2rnmqY2ucmHX8H1JsOhQUqvLL81fIqAkWPANAmQ
-K4NU/ZSkkjtfTcJy5oYsVXjz0MyLKOwrt52j8MLZsUW/TIf5e57kPbORC7RQhEr+
-yMDT6AY3En8iF4h8mqMhwnQnO3U=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitAnyPolicy EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGEx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE2MDQGA1UE
-AxMtSW52YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRlc3Q0
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCulajzJmaByVbyDkLDGhU38CXN
-JW16bKIyjnbsg1tPLvigEcShDVU6jXZt8gRlscw+5nINvdOEYD9l/0QEzonMhVRP
-0GFT8aToKcCcPBlmhIA0PJqChMNZBGp4uitZKXKi8F8lGo09eB84V7bGs5YvP1LK
-J/G7vkncZXQbCUaX0wIDAQABo2UwYzAfBgNVHSMEGDAWgBQpIHiUjoSQKUJLfKsO
-gyq+NVs8FTAdBgNVHQ4EFgQUhUkKnqSDJde1NS49+ClAYeMS9kswDgYDVR0PAQH/
-BAQDAgTwMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQUFAAOBgQDK4Dok
-Sw1YWZrBgRIF5omNPAn9ZimPP/+5QRuYz42bdOl0F3v0uID3CnVfk+7UHbeylW/2
-n2KlU7OeOk5/B/FtFEm9RFaQIoeMkZadszaleUIvZxkrYkkwd///I0T9LzBBKUGV
-gDbif+oCGUYlgqLCQ/aXPDWA0mHKwmHD3FdRoQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:29:20:78:94:8E:84:90:29:42:4B:7C:AB:0E:83:2A:BE:35:5B:3C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        75:3b:42:7f:44:c5:fa:ab:b2:c4:63:ac:10:89:84:e0:50:32:
-        4b:96:80:48:15:1d:19:1c:b8:49:6d:42:c3:4c:b4:bd:a0:29:
-        e0:14:56:1a:1d:df:92:90:19:27:a0:b7:f3:1b:7a:32:32:2d:
-        cd:ee:29:38:d0:75:8e:8c:51:9d:02:7f:92:a6:af:08:ef:23:
-        8e:bc:b2:a6:47:36:d1:9c:e6:dd:4b:05:55:1c:56:47:1a:40:
-        67:4b:01:bd:b4:d0:74:12:5a:97:83:20:d5:4e:a7:d2:bb:ad:
-        52:a5:ac:13:44:fc:95:1f:d9:70:fa:a2:05:fb:73:e2:9d:15:
-        61:ac
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUKSB4lI6EkClCS3yrDoMqvjVbPBUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAdTtCf0TF+quyxGOsEImE4FAyS5aASBUdGRy4SW1Cw0y0vaAp4BRW
-Gh3fkpAZJ6C38xt6MjItze4pONB1joxRnQJ/kqavCO8jjryypkc20Zzm3UsFVRxW
-RxpAZ0sBvbTQdBJal4Mg1U6n0rutUqWsE0T8lR/ZcPqiBftz4p0VYaw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4EE.pem
new file mode 100644
index 0000000000..1c375e882b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 35 94 63 D5 71 32 01 BB 1C FB 48 70 19 F2 ED 4D 8D 71 71 2C 
+    friendlyName: Invalid inhibitAnyPolicy Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitAnyPolicy EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA1
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowZjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExNjA0BgNVBAMTLUludmFsaWQgaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZp
+Y2F0ZSBUZXN0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKOzb2us
+Rap/gcyEbEwwK0iXF70rX0khyal5XsZa1RjAWbLF+wifYFR/Y1Pee1seu+5+Y9d5
+Y6OlpDWYZd81RunoYs10UNfSC+MdbLEJrqKsX9Ol/iDg3PaGnsHHqJPkPpnZgCxM
+9KgV3SxPXgg9UzDeFgNs142NbrFeCUjtU4s6Z3h4CRNUG08DTB06aq5c5PWnNJDo
+HGXkssX6+seFinJZC1S4og/wJOclr0g3+6rBw6aftcvQgsUMl1aeLe6adl9yLuYt
+HMopbU0wbgiGeNyjs/Z1/sZZ52xrsGCt6iUMZ6i+EAEoqCrwhNMG/zRUSDyXN3m4
+9lZCX4HJh9VGHxMCAwEAAaNlMGMwHwYDVR0jBBgwFoAUdKDVWNkrU9IrsM1dccah
+v0OnyBUwHQYDVR0OBBYEFBIkx7AI9TiDfo2NT4HTCl44Z0KyMA4GA1UdDwEB/wQE
+AwIE8DARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAHhbECZV
+VvZ3I4PTD5AZubZbJlT4CrJXvqc02fLFqiG5/n/XsEwIBAPBiHw+ni6N/10w9Sl1
+SZxkONAMLx688plmbZl1sq+uWVLo7Zn8oLte1ka5di5YteBL3Q9xgxTiT/n5gLip
+AamIJ2+Sconm6lw/ox2Bwk9GvQ1V9BhTCXZYpA636a2qwhgsgypHcvBtxxo5dpAH
+76B1+opjDl90vtMmOLYZ3DDmE05SdQOW3hu3FyOZWlo9hveSKp1jCpI9YTBh5xs7
+YtziLdcidNDuWF5qCrkAfJKn2bVIgWCV6QUGsa68tMzM2tX9PDEIulsjIrEy7TDE
+TWdj2tcah6t6zqQ=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 35 94 63 D5 71 32 01 BB 1C FB 48 70 19 F2 ED 4D 8D 71 71 2C 
+    friendlyName: Invalid inhibitAnyPolicy Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,42A99473A944A1DF
+
+5zr76H83m6KniZ1E38SpAkE9Ha9JPtTrSaRfDt6p7We0CbiD0BDdBaTjy5iDnp2s
+CRAnwCuzfdLZNaYtc29N55KPfdWDoxp2uk9AVYovCPtWI8gPS5q9WUVw//MniWOz
+EgR13VdqTOMeW74wYvcVt4TBtTPZ468EbPUDSnrHU3htehvudOojgXKw2oeTpbVJ
++Yh9yWJoRUIhxkk1IoDK7+06Fb7Uxh29HdX6ZWxp4LPbgjB4iXV1bIp/5Ee2p0W1
+dhKu1RE7F1IPRdRG2JGv4LBQAPu/Roq68XvUNjqcnnTLC9M0d9ukTajwM1fcLzj6
+AxW40V3xT357tY34Swh+WlXlogfymD+dVIgkfS+lPPYhJxF0QpuLWLegIyRrbiVH
+ssu2p2phv+MjkcwKiMBWS92cJ8ev6p1E9yD8U+43Ri9TyES4xtz0EerJWMj/8AQ5
+PBBq4kLflT95PxdUlltfl9vpQE3USlOSCOx0nTTU0lOoKxRcVWmeuDPDF6dAAqEH
+vIW6SYX919Ty5glcLTxD4kyBKEZowecjsxxQHVSWL8C0/sZJaNz4JYYaUILgRcXO
+Vchs05mbh3d3Z06jDPleBCGAelL9hDZMlt9nIVqS0TJL1VtsuWbothe9npeDMv57
+h/AxQr8RCWMzslIKRRKsVchBjHfVieu659Yz6c0Ot3AH3jGNCn9L1KRjHZU9oAN4
+xLkw+iGgrMVvefiU3WW3BnDGmw1bjjIVO+sQl7aihtq6HinhLixYd8AMlgivsjVb
+RWWHt4NBBkizbHv2lRzwZOA1KNtw7RABmmyz1vbSQ+I2VGsyApADcRZMuYb7CnSs
+q8GsLhNkI6cag+RqDu6Msqs04yktB2mJOdg5oxYHhubfVGKVp+J3yhfcmHHY5/2L
+kiZRA0PdBR2CxS1CrDIme5ML/mwLAw1nbQatGnJIihey9wgalJ1jPSMiyEMcA2xj
+0p4FHsWGE+cUtRurogz+FjpKBlagriTqesnEYOsMRXM+Z8wyKoGJXmoB8uZCippa
+wdsb0k3qSiyZitrs4ZAENKza6BQJGM8+27T5jP0HOjCM51imH2jPgHFFn6Q5XjSI
+mpZ1mp5IGF3qMAr1Gi3/aDZxSC3Q2QWC9Mpd9gsyjZdAhFd+Vh+3BUmd106/LI74
+qBsGGd2PcWW0S8e7wq3GxPqOOvz4UPfCyYyEgaAoteW77ysTDxBcRCDv322Yvz+U
+FDWH7her6L3SraX588aZ+sxqRH/NLoTKwf288bSFJTXzIgYbt5NYR+pBSip1gjpz
+HLISC/jUtDUL8WSd1YLGjwe8J3bay49F9vsODmrm6w7yKyNbYvzxqHHdoLPtLLSr
+UHRyCQsGez2cxJrR9YKdyD/wkY4TvK2S7aI+C2dt/Qk4Eh146UHAbjupe/ls6jW/
+POPOJm5z5huX8D5w4lGnAP3/8++8RTabbTNuQtbVVZP5bAN2raKJbR2e4QibZHrC
+U1u/A5xbd9Wj+8R9fSH2B60f7416QVzyZ547U5QgI6T0M6Sm3fkFUFpUO4f84W3j
+Ep0CV7eKYtUwFMLZDaim8rcahMN8RJc2LOwfElpKA5M8fLEww34pSzHa6vpPoi+f
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5.pem
deleted file mode 100644
index 20f42c20ac..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5.pem
+++ /dev/null
@@ -1,210 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitAnyPolicy EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subsubCA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGmluaGliaXRBbnlQ
-b2xpY3k1IHN1YnN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-YTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTYwNAYD
-VQQDEy1JbnZhbGlkIGluaGliaXRBbnlQb2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVz
-dDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALJx+sbJu7vInzoWetJ2rz0L
-6GPGRCd/xtyjMfyMSExsWdgxczZPdBMn9ON9XI/ASBPwvhcoq2pB9VqD+g2X9tfV
-y7usPePkKYweFOPmIlrWZb9tAEfTgwkoHYiWEWazYt+6y65407713raA+9DmYQgX
-m9RHrTFiSVJ3Z9RAtBEHAgMBAAGjZTBjMB8GA1UdIwQYMBaAFHMQBPkM9GScsvEb
-je+3VaqkohmvMB0GA1UdDgQWBBQTUueG5HoT3TWlqqICt/b/VK5ROjAOBgNVHQ8B
-Af8EBAMCBPAwEQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBBQUAA4GBAEp6
-lUPLqrzZI5cW9d33rfE+6PJIi7fI3T6aRuc2eG0GuaiGnwOJvwDXA1uHC2GzbiJZ
-U61janUuTgxWCdE7uDZFU7f4M6Ws0V/RP0BDzWca9mLZenhrmNFYwCp+9ve9QMMx
-6WjbrV0PBuEStbrdAH4wRquSNws7JKnHrpW2O88C
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subCA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF2luaGliaXRBbnlQ
-b2xpY3k1IHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSMwIQYDVQQD
-ExppbmhpYml0QW55UG9saWN5NSBzdWJzdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEArf8a4YQqh0caACibKN+ne7IKGYWnwL8N2E4534sCUjlfic+5O3/s
-ELf3kOpyOfw7NMoMTXQcsi+9wtB24eilTbHwdStKU/Mt15FCe5go7GepA2TbdomL
-3mKUocf87YN4pZc8QBPA/hs5sYPbnCx4X2TK2oCNCwvfUgWWhnCN2mMCAwEAAaN8
-MHowHwYDVR0jBBgwFoAUSndiWCMHosO57sdu3+0AiYhNl28wHQYDVR0OBBYEFHMQ
-BPkM9GScsvEbje+3VaqkohmvMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCG
-LcmSqA61BeAN21ekDRt5DAa9UGDAU8Bp/txAT+4H81/dzp5710w8QBHUcViEoL7l
-Znf4/IR4isqKlRS6ctmN/K2BRJ/19TQiYN8JiaZQAluzpLlgMUV4iC+/JwZHnJZu
-2c4mhWPSSBfUqHME3sp4dQxsrZNou/yOwzhTjmsNVw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 CA
------BEGIN CERTIFICATE-----
-MIICljCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3k1IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSzELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSAwHgYDVQQDExdp
-bmhpYml0QW55UG9saWN5NSBzdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAqzUjeD5TJL7TtPxRXU0nMcnBDmkPWyIAC1pNu3Tv0XwSE59I5Wr/Ytc+wMkJ
-dM4d1IFPKtN+MlzNv4dHwxOQrb9Fi3ItNVRIOLRIttgQFMvCWl0FTh9svTC8NIUZ
-lKD8zzDoBGD2ZEwHTYX1qLzneeTf3hMN4AyvxDVGekJWsdECAwEAAaOBjDCBiTAf
-BgNVHSMEGDAWgBTGAIxxpplipn/SVG/ybgTKMLU6vzAdBgNVHQ4EFgQUSndiWCMH
-osO57sdu3+0AiYhNl28wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI
-AWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GA1UdNgEB/wQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBABOzlfB8CEJvHMdfoVtuMRmwTdF+Ypyvb6ileMKr9P+8j4gRzVgr
-jZiHkH/a8ODtOat8ADR9USeVUAMIv2LZnw33x6xKWCZNJCwPysTVz72PLIPQ+2c0
-yeOayIZxdJb9hidU7BT4q6FdbFecUUgSZS5FySOod8WI1jYTyHNEZeLa
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJDz7OZ8u34K
-hjI6cDaSvyyjIWPPGVdObfPls5iLOT434gz5hx3uyX17mOJnw+/5rOgcqatRDJ1I
-mAI1pl0ZUVaaattiyBifI6LONlUpzVOmtr6yotsGY0DiCmtKBJh4geA9jQl/UCou
-of64Smt1vsIL3SqiWkqCg0XFrXpTCCz1AgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMYAjHGmmWKmf9JUb/JuBMow
-tTq/MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEFMA0GCSqG
-SIb3DQEBBQUAA4GBAGt+M+PIMRTWFAO2C58l6vCjg40P4NFF6B3LWjGcpPnRDYP4
-injOp/wD4IVvnXRpIFOq59qlJzmOJJDxCHGB11jkkxJK0v+pi7gvDrDw2av8wznR
-K735aiuC7KCpEy7tQ59Ive9M8PPOuQ+Vd3CgKhv0GuGNb/6M+3cojz0fCNx6
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy5 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C6:00:8C:71:A6:99:62:A6:7F:D2:54:6F:F2:6E:04:CA:30:B5:3A:BF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        4e:c7:09:29:78:ea:ef:43:a3:de:f8:6f:a5:b6:13:f2:ac:8e:
-        93:7b:ce:f9:4f:12:e3:48:f5:f5:1e:47:b1:39:20:b4:ce:33:
-        ea:bc:72:c1:11:a0:ab:75:59:68:03:68:dd:c8:96:02:1d:73:
-        7f:fa:39:9d:2a:88:ce:53:d0:3d:73:27:d3:61:6f:d3:75:01:
-        f2:2f:f8:02:cb:d4:00:63:71:eb:0c:84:19:10:d9:ac:48:6d:
-        77:8f:3a:23:36:9a:63:98:4d:9a:16:bd:bd:08:1d:77:4b:59:
-        98:21:d2:89:fd:1a:f5:f0:70:86:40:08:c5:be:59:5f:de:a8:
-        fb:f2
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3k1
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBTGAIxxpplipn/SVG/ybgTKMLU6vzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBOxwkpeOrvQ6Pe+G+lthPyrI6Te875TxLjSPX1HkexOSC0zjPqvHLBEaCr
-dVloA2jdyJYCHXN/+jmdKojOU9A9cyfTYW/TdQHyL/gCy9QAY3HrDIQZENmsSG13
-jzojNppjmE2aFr29CB13S1mYIdKJ/Rr18HCGQAjFvllf3qj78g==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4A:77:62:58:23:07:A2:C3:B9:EE:C7:6E:DF:ED:00:89:88:4D:97:6F
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        86:aa:0d:7c:0b:72:97:47:34:6d:6c:97:58:2d:d9:6a:0d:c5:
-        8c:df:04:31:39:f7:22:cf:a8:20:3f:06:71:91:7b:72:cc:08:
-        ae:bd:b5:c6:21:ec:95:a9:7c:95:8a:4d:b0:f5:ab:ff:0f:bf:
-        5c:24:8f:01:fd:f6:1b:d2:08:61:ef:d0:8a:6e:84:29:cf:6c:
-        32:bd:79:b6:bb:e1:cb:71:c9:ef:eb:17:14:fd:ca:87:4d:c9:
-        54:5b:47:ee:f9:39:c4:9c:c2:fd:64:0e:2b:66:8d:0a:a8:6c:
-        83:9b:07:e4:fa:5d:8a:34:91:99:e9:9a:0d:34:60:7c:0c:20:
-        ba:44
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF2luaGliaXRBbnlQb2xpY3k1
-IHN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBRKd2JYIweiw7nux27f7QCJiE2XbzAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQCGqg18C3KXRzRtbJdYLdlqDcWM3wQxOfciz6ggPwZxkXtyzAiuvbXG
-IeyVqXyVik2w9av/D79cJI8B/fYb0ghh79CKboQpz2wyvXm2u+HLccnv6xcU/cqH
-TclUW0fu+TnEnML9ZA4rZo0KqGyDmwfk+l2KNJGZ6ZoNNGB8DCC6RA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:73:10:04:F9:0C:F4:64:9C:B2:F1:1B:8D:EF:B7:55:AA:A4:A2:19:AF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1d:c7:8a:0a:91:d4:7e:b5:29:3b:00:db:72:e0:8f:61:ef:9a:
-        d1:b2:cc:11:bb:06:bb:aa:dd:6b:aa:76:8a:44:f5:57:b4:d2:
-        ae:b5:28:29:7b:eb:06:a6:1c:c9:de:0c:61:d5:f4:6d:df:76:
-        ee:9f:d4:00:6b:29:2d:15:18:e6:cb:02:52:4b:48:38:4c:b1:
-        ed:4e:50:1d:60:68:92:85:86:b5:fb:98:d5:b5:1a:52:ba:a1:
-        7e:d8:22:fe:b4:f1:04:b6:8b:6d:cc:5f:1f:dd:25:a2:a6:42:
-        f0:13:60:de:bf:2e:fb:d6:38:dd:ed:ec:ea:7c:dd:5d:f0:a7:
-        4a:c3
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGmluaGliaXRBbnlQb2xpY3k1
-IHN1YnN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBRzEAT5DPRknLLxG43vt1WqpKIZrzAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQAdx4oKkdR+tSk7ANty4I9h75rRsswRuwa7qt1rqnaKRPVXtNKu
-tSgpe+sGphzJ3gxh1fRt33bun9QAayktFRjmywJSS0g4TLHtTlAdYGiShYa1+5jV
-tRpSuqF+2CL+tPEEtottzF8f3SWipkLwE2Devy771jjd7ezqfN1d8KdKww==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5EE.pem
new file mode 100644
index 0000000000..a9363a60c3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 45 86 77 29 4F 2D 37 B5 A9 F8 51 C4 B6 73 CF 2F 85 37 6F 80 
+    friendlyName: Invalid inhibitAnyPolicy Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitAnyPolicy EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMaaW5oaWJp
+dEFueVBvbGljeTUgc3Vic3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBmMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE2MDQGA1UEAxMtSW52YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRp
+ZmljYXRlIFRlc3Q1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA195F
+jNz2GSpq6/NfJwsI1oWaPDb/TIRaMvsEhof4Du7/nnHZLHEKCHncySsw3S1wqAaf
+gJCqFiOuUUQNc7KORn2p3OQjnQ6Rx+bqFTRFhUopVriqtIohLh14uvN30gZCwz4b
+cw7uw2I5uEzPWVZjF6gnY3p+mVHCRR5+rp7glk0TIzOUDK8nvu9iUUPB88rRwlm4
+4CwQZPMCnd7+3TEcX2Z53do2w7OStN/J28/tuEO7CMwYeOFZZ+Umy3xX6fD1GHTa
+d3aeqdKGHpTs3UzKS55z++st87x9o/9SDMzDhzuiJv7eVtW5w/df8B6YCXZajDq0
+D7pcygmL2EZsRbvpuwIDAQABo2UwYzAfBgNVHSMEGDAWgBQx4T/8Ym6AZc2peRAA
+K26JWugFwzAdBgNVHQ4EFgQU7ezFAtleK5pOd1B3fpcAOhJ7b5QwDgYDVR0PAQH/
+BAQDAgTwMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEALvsV
+SM9/5C8mjAMEOnsUzL6HCXvgRuQ8nHmTEDTOThapesSndUMoJQMPlXlCbeRP1apB
+zUsPuavZxi4DAmSs+xdge9QLVDbVzf6uC698FeHXKMoVs77HNKFQOpWATB9J+1OL
+zgSzZYGdrFQyYl8rQFdrpXTguzMDKAbCcyQiSoSGr4zlHg2yJXUP/nxtgsDVqYfF
+SIpduRdnil3dV5h9GH/74QIqBZC/9sKO6jVnxD0RbIc64nL35LoVlMFSke4UBS6Z
+PmcQzvnfMtpK4Gi3v4H8btSpKstdIt+jgUpgz48xzejGlaRX5Ad0MNgNjFmN61ib
+XANJSNmGQZWK4w1woQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 45 86 77 29 4F 2D 37 B5 A9 F8 51 C4 B6 73 CF 2F 85 37 6F 80 
+    friendlyName: Invalid inhibitAnyPolicy Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,56DCA0D712C9A6A3
+
+k/kKgh/wqFfQslGzpJ0/Vqt5MnfjMpCCf9qmbLS856/K48AUhDnY2bkLrC8PP6cJ
+/aykfk4CNZODl+a8xh3G3CBdKsCH92VNhKqtAQdNHVRNJJA8CA95LsftMhUZ9ajM
+52KWmXbbB1H/wCbV5ZcNtvnDtTJGGMAOmYBvxpynP9+aVlFuIWiDYdoINv2NZR/K
+Qixw6k475ERS8nixxNAOiDtoZZ+vy4xSIIrMzkkQ2hlqklrzB47uBn2UORtUuot8
+TDhpNo864EEKb2lvRW+AQ0EM3zvpO4Px6vOVvS2dGv0eSDsmNWZh99ZABtu3WHPX
+3nAqQTSAI6zLmRLVq9rCeD6eX0YfvdtRty8eqJbVp6N9pz2ejudAfX3bx04kmXK9
+CXlqOyXo03iprSe8EACZDFvB9p/lCS1MCkNBmq829zC3VVyGjSMNP6JJ7+mxkhwd
+MnnjJ8MjR103FE7gxnsE/68wrJN7o740yuV5AE8axxJtaGpafjc/D2KlfXvxnjyV
+078BFgp3u3lFHPEKPEwzJePvnbC+yE7nxUbBKoLyk58+0ge7eQAbgwyLLsQws3PP
+nJukh68PubJEXveMAK5+o4pVqEG86EcCwRQ2M/VkpIPTcw4YIZaS6BlbLqcvCLL8
+QSg+N15RsegNJHq37Urdq7gXLwoD5EHnPWn3DjL8sqDr9p1EO8Z4im9fE8aCMaW2
+K3zOiIoAWlZEHTrjkg2gwcpbCMIuB6wlxm+4sF5coUdcRAfVzPO9c5730xA9NSHc
+gdkcMooKrte2HqrpRxI3qR+J4501ND1YIIdnJS//ebKVy1UMT/m9/+8Hz2i9h7Bh
+vk2xZE+F8XW8GVDftCKCi4Hhbo2DLGQSNYjfpqPW6M0chdtEFCECEJTohso0/2hy
+OYq9MChRUHpsYf8r046lnB/kiKHZBB/Q/9wLeEUC1+/P9WPBlPvUONJtwVl5hWdI
+lwxy0dg/gvo3SxVetYnbqQIz4RrHpQj8bD5OInUVkzXdy7ESTj4pNb6cJjZsW/ym
+7thBFsJza/XcWPuwvUB53YHy40SqqYUJ4LL/yEYB5SeDZv2ykPC6W/p5f1kGzGMr
+wIWKxzoyfRuEbHM6ckn/kZ+qVzGUJl/ErPwl5gAZXl67Y08QS8AdzvnJ/niUty4+
+ia3Q9KgssqS2dCQgXkGNcsapVk3CH/7srxrB7JtHnGok2vr83+JaZixQCN7iXaDD
+tHNh+ODJ2h+Pq0mWUr9aX4AA6W2ar0JMOdlEoHQPpAnDDVyVX99oVkqydASefToX
+i7rPun8430TLGXmfD1Y4Y+6EvhioHgCkTgGQur9yhqf8h9BGPVULAfzjiBj1blwS
+6sIMn0u3PwuoekTeW0E3Dz+EqoYsoTE1HigHnigt5iwG5+zJJerpzCPI00JiNgYc
+GJRAchiiHxKSognw4rjOQb9ov0XmN7YHYXk3jQyhQVuw2eHeAvKdnrTSZvGtzI0O
+8+l3bQ45GlNtsjpNohUBw9QKyAELUHGrPpZ9YXJxmN8PMYSywL4xIs8pCc/3nmIy
+ApVjOExkqMfFpVv1r98zVuAJvgx5b6ANgCWOKd5+gud4h5c0WRgD4S9kOppwwyMJ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6.pem
deleted file mode 100644
index ed99033596..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6.pem
+++ /dev/null
@@ -1,159 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitAnyPolicy EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCAIAP5
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBSUFQNTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MGExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE2MDQG
-A1UEAxMtSW52YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRl
-c3Q2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmovuW9G83CLO5Kfr9ogDW
-3M2PMCzM46Btwj9BIzBg6T+Z0toxnoHQHTRXf2tp8Nj5bLXb66AotgJeHWXGrGxI
-Kjx0w4OKRuhiBVjMsT7gJmbmJ9neH+D6gfc83LPzHtMNrH0OPlfAEiCXGfTeHBug
-bMfQlc3WJ747aWkIv54emwIDAQABo2UwYzAfBgNVHSMEGDAWgBQFKWMS3ubCghc9
-e190DHOosBJvaDAdBgNVHQ4EFgQUswzkrq5gD2HHDjnsZYw9qjeh7WEwDgYDVR0P
-AQH/BAQDAgTwMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQUFAAOBgQBl
-Ndj1mSjoh6od200M/46rSMjCcoQ92FMFygp/7mEK3MomCWTKikCKTp1xDYS20vE6
-R2hCQlhkV2nRYNoSLvYM88uba0diTZDbX+txbiJ1DX82U9f0/zpXhCVLxc962ftK
-ZneaZF9AzYxqTvGS1yOwGFV7jimzg4ZdSKWcUX44+g==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCAIAP5
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICmjCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTzELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSQwIgYDVQQDExtp
-bmhpYml0QW55UG9saWN5MSBzdWJDQUlBUDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBANW9X4Le7QZci9gVhxS6PY2u0Fxe2EtutUH8zZO66QHNyygwW510D4dQ
-tOvvKfuiS+Ciu2PV2zjc2AcL5U1x9j6hGKIl7NbVFo+mZbBV6GzWLP+oaTy8oz69
-BNSDXwFW6FPTOQbaiyRa8f4nXVFl3QQYM8jTdGGS9lalXnxusSE3AgMBAAGjgYww
-gYkwHwYDVR0jBBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFAUp
-YxLe5sKCFz17X3QMc6iwEm9oMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgNVHTYBAf8EAwIBBTANBgkq
-hkiG9w0BAQUFAAOBgQCzfOac7wbFryN6VSS2bfYlcBtdLypBJugZaDururS3VvRk
-Y9SVSAQSh/m+ydbzhZ8LyNw7e7Uj4mjGuyFzznlAHsWxyO0JTPbhUwutJ3QrQhJW
-kIbsGR97otFLnmhZwotzU9dr0LhhJEqeyrM64zPoOT2SyhbooCh7Oh27eUSSjg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCAIAP5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:05:29:63:12:DE:E6:C2:82:17:3D:7B:5F:74:0C:73:A8:B0:12:6F:68
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        cf:a9:d2:6e:1b:81:59:22:25:1b:6b:2a:df:26:ac:ee:64:cf:
-        2d:65:1b:ad:15:43:22:fd:7b:ec:84:c0:8d:4e:b1:17:dc:9d:
-        ae:d3:45:ba:91:2d:b6:7c:be:a5:80:5c:d6:e2:89:80:fe:54:
-        8e:15:90:f8:dd:e4:0d:c6:16:c2:24:6e:61:94:44:6a:fe:4d:
-        44:ac:be:fb:46:4c:c7:3b:24:36:10:c1:d5:9c:89:3e:a6:f8:
-        f3:7e:0c:79:08:65:68:a0:c5:18:30:4c:d3:e4:c1:c8:7e:2d:
-        9a:65:b6:e0:84:2c:b2:58:e2:fc:96:8f:95:13:cb:e1:e5:fa:
-        e8:9b
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRBbnlQb2xpY3kx
-IHN1YkNBSUFQNRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUBSljEt7mwoIXPXtfdAxzqLASb2gwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAz6nSbhuBWSIlG2sq3yas7mTPLWUbrRVDIv177ITAjU6xF9yd
-rtNFupEttny+pYBc1uKJgP5UjhWQ+N3kDcYWwiRuYZREav5NRKy++0ZMxzskNhDB
-1ZyJPqb4834MeQhlaKDFGDBM0+TByH4tmmW24IQsslji/JaPlRPL4eX66Js=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6EE.pem
new file mode 100644
index 0000000000..bc14434030
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 42 42 4D 29 08 2B 18 F3 76 C6 31 67 2C 5E 89 BD E2 5C 75 00 
+    friendlyName: Invalid inhibitAnyPolicy Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitAnyPolicy EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCAIAP5
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0FJQVA1MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowZjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExNjA0BgNVBAMTLUludmFsaWQgaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0
+aWZpY2F0ZSBUZXN0NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMQU
+JVlJJR67nbtRHW3D6vzK+HBOXh5S097ZMQEPce170libKgRiLesqEC9fNpzls8pN
+VPwxOcZOgaHes1XlzdDkbf4TVXuprfJwcvHT6KWfzIehUopULihB/oJuMa289M0q
+VFhS0XAhzLR8KPzNjyqEew5g20u4uvpDG2TQOO4QQgLJ8nQEtQuSTsAPK8E6d0sD
+jgsHLOGETorVSgjW7zSIp2RZ1dNx8AEGm3l7tCl+xhkzKl7Me2W2qXJg+Iy17Jl5
+0Ik0uj38yZaUt0LNuddEQaqZVGwh+19uZdbj8wD6QgHcF8sUBLeOHbKrsI8VaGvH
+SHgiBW8dGWLp7rETQqkCAwEAAaNlMGMwHwYDVR0jBBgwFoAUiQRUdAZgs/cAbqBh
+jhX7vlICBiYwHQYDVR0OBBYEFAOX8L+bVJZR0b0hAu1UhcFEzOxMMA4GA1UdDwEB
+/wQEAwIE8DARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAFFd
+fv8IwDnGrwxVdDqlMHz2fz7dZOnpMPRX5sleEzs0q11YJpVWu2VZJhDtqEFoLtZ8
+7HRCdkeN3kI0RWsXhj/j5F1UdPKu3exA5aQ/+BQeeboF8DqbawC2kTf71cY48sS8
+ECgGbXmd4dNI2ByZjMLVsq8ow9566ZpJZsfTEAw0dQ7TU9/4fasWSQ7LDFK/N9Z2
+hqUS5eIJdveMB2HDL9o8pNohsA8smIfX0ARKCkcEbMTjLjEABcZKtK+y9cwdln3p
+hQoA6GPCFY29vEqaq/T8XMNcWaTobelNsDMgKD9GZfa1CVnh1rwDve4f3PairHKm
+h+iOTwouhOvswtsridM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 42 42 4D 29 08 2B 18 F3 76 C6 31 67 2C 5E 89 BD E2 5C 75 00 
+    friendlyName: Invalid inhibitAnyPolicy Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F9AA48841E5D1B2E
+
+B6CcWA4SnOnxWmixvDlAO44VUbwuTRWzqz1Zwx66zlVkLDwnyxisRrBKzkx7TY9j
+IGZ3nT2WDSsmRifc2Up7iwO+e3cHJPgK1IMxEAzX+W/0G2b9oG7Y7FObIk9xF84/
+XHwy5yVzGVKfskLiXSSUS3y7v0KFDD1hs6XyZ7ZhioG0Dzkpka7BcgZmf/mwWIxB
+uXmFY1pMs1fIrSe7h+C8JSoYHk7mtD9GWin5SomqI8/MCEDUmVr2/5+QiKgg4Miz
+C9wAUM97wfo1pGhNRtHpfLcm7pliZ9bh5bYYhV4J1CnCSiwYmYJC2WMk9z8107kE
+wMYYmDORSuKkxLDD760jTeZ+T6ggnfocZQjZG7cBZG8lfji7S06mFK9y5pkd2a+z
+LQQPCmGGCZ7jT7MQgdqitw7x7iR3KNaPXECitVS8doMbL1g9ueo4rNJ/vblD8tDn
+H5gTbaLv9MzPghyvO/Pk9HHK1uT50nTpEKVjNGA5f+soB8/1dDZAMz/hCma+4qhL
+anN0QpcW3Cg7WtFjpoGV0UDqd+XAwYT8niWwaEz4YCvRFOqKk4UbnQHobxaPWuI3
+iXyNSTk6FKx8L08j58vqFHKnxLMVUbOLokq8Cm6oDEIKQO1Xm2h5/Lo7KTWCSXEU
+EnGbVMWy6S5+qjvUDp4A10GIxQ5G3owyhanv94arbiGSmj2CJIR5XnjUwxKXdRR/
+e4739AqJ32kbSWu8/aFnYrCsy5lrtuvikLQGPERAT6UgHXNC+hoWCEzu62K1//PK
+35GKaS1V437hJJfzdrxboJSapEe4u58lBOy2ZWiJMT8UWxrQzwPWXgIgrZppet0E
+9Ep/3cgvLbydq1Tipg6YXXUn3+RHWbdzH6tVjIe5yU0kQtb6UlevC27xau+1tb0K
+kyCh96ZlHrZuoaLsFS0QnTOg+f4w4M/EBLkgjd/ezU9TSlLZibMK3Y/OGf5uoxlj
+TCqGkoPgMI/lU7QbNBu/ZOPEBIxXAihVwl5AQeCBldj6kWYFw8DqUG0lKEYceEdg
+TeIKQQk5WMZ1rWLIf+x7Lm4HxCW3gf04yExwWW/o0EXieE8m2vwFrCYTV9iGVUCO
+rq1/IoCNNjnVjYJdFol633/xPwVYeCCzoOU0ulUwHjIzPE5FW/qRKKnlRvVg/V7T
+NZuGDuNhHAtRldXpMgDFH+3/iXjQ8jNFnbQmFhY2QxogPSt9O0f+oSk5dIjgsTXR
+qizviC+Qz9AuB1e2h+98kNog/e6c9bFaF2H/j4AdX4H1t+QnILEMW8tTwNRcN1aF
+khpI8fpx8PFrLCTx41meBYJYTwfSQErat8/OafS+qf21rMG0OeDbFRSBs32/7IzJ
+tpRpATwZphMks0ke0y5r3b7ey4Vs44AsuJclBryecfMzLbbP1BP1wgUnOAb1U+Cv
+h2JaN0VRjS6MCdTjNCRamr5n4HQJ5eeY48iD81skBuVVsV1GjrTqKAdZ2R1eRnA5
+1ApHYGMepNuw6VcONLoyQxOVKx2/vBEi4SK9g5/IhQ875TKsyZrEQ9wiZ9EylFAW
+OipkcTblhCJ7n1+lJHazw0hlshnIqAdD3HxwOA1EmFJX5XcummtU/ZT9LdLr3o8r
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1.pem
deleted file mode 100644
index 785448794a..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1.pem
+++ /dev/null
@@ -1,161 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClDCCAf2gAwIBAgIBNzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYaW5oaWJpdFBv
-bGljeU1hcHBpbmcwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQIzx8
-7J8x9DkeOhXlBG/eAUo6B99wk9uPjSwrZ7f+CXzaECXTCOk88n35mahe/lgpBbr8
-ujs9D6bCgS+AVciyqJAtZFW45FX6xjb6fcLzebF4HTOpBYVxkqlJ9nLLCkaBHMIq
-1U5jR8jDZhgTnMBvNm0yBdNFo6Lh6A5d+Gr5jwIDAQABo4GRMIGOMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBRs6ccKAUJAQfXzcI7u
-4dFSXtc3WjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBADANBgkqhkiG9w0B
-AQUFAAOBgQDR8om42wMsHX434zvF/Yl3Lm4GBdFmFWIiRNpqH5iS8X1lGbi1pEAg
-m37Pvvobd5tcsZd2tsz0/DOTvntZhUdX5rmvN4x0i3JUXb9bOPMDs2iJs5oFF6Iq
-TSk9wJXUwsPy3ltGGWpU817s4uj8HU3tffkyOyc7j1u3l8x2LJWPvA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitPolicyMapping EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping0 subCA
------BEGIN CERTIFICATE-----
-MIICozCCAgygAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMCBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MGUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE6MDgG
-A1UEAxMxSW52YWxpZCBpbmhpYml0UG9saWN5TWFwcGluZyBFRSBDZXJ0aWZpY2F0
-ZSBUZXN0MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsNiBmaKBCN2+twi8
-zZHkggWucFtI5ZszQOXjX8ivFQMOkIaUz2HqFIeurNmSEN2Ta8WHJJ/thRgpUF4l
-p8ovjgthh7/tScnTlJMN60ros1uQl6+qm/dzqn8kQ42EGLA9n6Ut5LuJ8AGCil+L
-9TFs7vbPktHo0h2YcwCvEjyyZRECAwEAAaN5MHcwHwYDVR0jBBgwFoAUMLGv3K7V
-MPIMOabjLBUhOK+ii9AwHQYDVR0OBBYEFDO/lIeGch/Q9DaWzigYcWwKxuVBMA4G
-A1UdDwEB/wQEAwIE8DAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUD
-AgEwAjANBgkqhkiG9w0BAQUFAAOBgQCKhd9JcXnw+W9w7fb+IhKEeepUh2J7y4w6
-11+U8Skm7KgNeSHdCzQjFMqGyeoJK+XV1j21mGK1YqXrbLjo+fHbHF68tf2rzWTC
-Y2igOFwDQFpFFbqrKbYogBOuqR8TCR3LFH9mypYIqbcfiohQF5XSwMnyNEzDc8WH
-hEapxbpusQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping0 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping0 CA
------BEGIN CERTIFICATE-----
-MIICtzCCAiCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRQb2xp
-Y3lNYXBwaW5nMCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8x
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UE
-AxMbaW5oaWJpdFBvbGljeU1hcHBpbmcwIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQDWkQsHOT5qYxFfYJsGV/LbLwMtr5DBFdB/k19gzvAjYpjlKgVD
-MgfJDc/d3WyMB8t5oICqdJDVFEq4JBU+T/J27G89SJusZSRJdmQXogfiXWHSOXtA
-f3Z4IcRxAwjoNJaF6n9LR2q5YTDIoiEK3+h1jhOiNoFwYmvTajzcJ15SKQIDAQAB
-o4GlMIGiMB8GA1UdIwQYMBaAFGzpxwoBQkBB9fNwju7h0VJe1zdaMB0GA1UdDgQW
-BBQwsa/crtUw8gw5puMsFSE4r6KL0DAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZI
-AWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKnjTqcv
-cg3JfloLHCOwWWPdk64BNIs0gLMI584sPNdiQR5bCz4KCoKMzvzIEZDL+kVo6RnR
-l39fdQ1rIbv5lE6nUVlTJNcj5Mq66NMsdVFsz5plRGUN4YpEDhz30hiwjkoo/B6N
-Bs76rDEC1VReVfNcwcglyKXIIEjHTMMsG0GH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:E9:C7:0A:01:42:40:41:F5:F3:70:8E:EE:E1:D1:52:5E:D7:37:5A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        cc:98:13:01:ea:eb:7a:16:12:f0:2e:66:3a:2e:6b:fd:c4:2a:
-        17:89:46:64:18:5a:ca:d2:00:55:3e:bd:00:bc:ce:f4:76:7e:
-        68:bf:f2:73:cb:d2:04:b4:e4:b4:21:6b:e0:4e:ea:c5:61:20:
-        3d:b8:db:61:e2:d5:27:19:48:65:cb:47:d1:66:3b:29:a9:c7:
-        66:f6:11:09:2c:48:9a:c3:37:a9:b0:74:16:91:b3:d4:ea:90:
-        2c:af:a8:4a:6a:1f:4e:fb:40:b0:e8:5e:13:58:f6:cb:82:53:
-        47:43:79:ef:05:89:6b:5e:e9:99:1c:1e:83:07:10:5d:40:ed:
-        f2:06
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRQb2xpY3lNYXBw
-aW5nMCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUbOnHCgFCQEH183CO7uHRUl7XN1owCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAzJgTAerrehYS8C5mOi5r/cQqF4lGZBhaytIAVT69ALzO9HZ+aL/y
-c8vSBLTktCFr4E7qxWEgPbjbYeLVJxlIZctH0WY7KanHZvYRCSxImsM3qbB0FpGz
-1OqQLK+oSmofTvtAsOheE1j2y4JTR0N57wWJa17pmRwegwcQXUDt8gY=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping0 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:30:B1:AF:DC:AE:D5:30:F2:0C:39:A6:E3:2C:15:21:38:AF:A2:8B:D0
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        ce:d5:06:91:52:5b:f0:21:b9:9e:d1:3b:5c:d3:17:a9:f1:b7:
-        70:51:ab:64:ac:d3:3d:4b:e6:bd:eb:68:fb:0b:45:7e:04:45:
-        4b:26:b5:fd:ca:66:7f:39:9b:42:2d:bc:1a:56:92:65:39:2a:
-        28:6b:d3:6a:7e:6a:8f:eb:c6:2c:3f:29:1e:73:75:9e:dd:01:
-        19:29:e5:d4:5c:fd:d8:ce:15:81:35:f7:8c:45:19:1a:64:35:
-        79:e2:00:cb:3c:38:56:63:11:38:05:07:c6:1c:c4:27:61:fb:
-        0e:a8:b1:1a:3c:6f:8c:e9:0f:3c:8e:ab:d7:3a:45:bb:15:4b:
-        41:60
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMCBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUMLGv3K7VMPIMOabjLBUhOK+ii9AwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAztUGkVJb8CG5ntE7XNMXqfG3cFGrZKzTPUvmveto+wtFfgRF
-Sya1/cpmfzmbQi28GlaSZTkqKGvTan5qj+vGLD8pHnN1nt0BGSnl1Fz92M4VgTX3
-jEUZGmQ1eeIAyzw4VmMROAUHxhzEJ2H7DqixGjxvjOkPPI6r1zpFuxVLQWA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1EE.pem
new file mode 100644
index 0000000000..2689b692e8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 71 15 64 2C 19 9D 4E F7 74 B4 7F D7 B0 5B 4D 45 4B FF F6 D0 
+    friendlyName: Invalid inhibitPolicyMapping Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitPolicyMapping EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping0 subCA
+-----BEGIN CERTIFICATE-----
+MIIDsjCCApqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dFBvbGljeU1hcHBpbmcwIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowajELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExOjA4BgNVBAMTMUludmFsaWQgaW5oaWJpdFBvbGljeU1hcHBpbmcgRUUg
+Q2VydGlmaWNhdGUgVGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDN0IaRs5W2GuI+RQoATLnfq2uut62sjrBHpXm+/0DkgNuM/dfoGsYDLwBKfGn3
+qgoAo6ji6khYrCtR/+SKIurS8zuH+I/cYeiRZ12Ibg/Ua8/xKRbh/7nd/80SBDiA
+9CxbInnuiP+oHXSLf40ITa8aFCfrlPah71XFk5J7LBWKrGgNmQoA23m0tP1R8QWS
+OvvlxEVeQGazDd/2gQlr5t/cmbvzGTS7beiHjq+guzeoaERJ1oYldpvk9hYf2IsG
++MaVIyNLj935jopLVkAG5Zt1zVfYeSgm8Rxba3+S2OcCmHlAOM3XBUxBUVJN9WsC
+PkLXw+Dk0SAGw8zDQXh9a6+NAgMBAAGjeTB3MB8GA1UdIwQYMBaAFP+0c2JSjVyW
+OlqQrhq8uDx5gWMeMB0GA1UdDgQWBBRGnoIVM9ZVKmQsZhmhhwsQpoe8VTAOBgNV
+HQ8BAf8EBAMCBPAwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIB
+MAIwDQYJKoZIhvcNAQELBQADggEBAIYTbq4NLd0+LIfk3ppsdEzOz5LONFBc54w0
+sh386ycVC5SBgXxibYDy0oN238lmZoAjvx6TWgAeVMP7TRwPyjMrOWivYWN2wBQy
+8wE4g+Bo/NoLBzAHm9yaWUeILEG7xDm9Qpkj81Am/2jDJv4RTHkPqhC90Tbh/j9I
+itkoVftRQlxsXx0NxJoSsfjDoG4+0LRM5elYHfBIldlHYLQiPcI4z4YW5FgtIs8m
+WTAzVduck7L/ttW00UBYyWjek8HE6eDkTJFvHFfwOQ832M6inyBLrFiB0lD6w/qH
+wekDTXqRelr/dtJvG0LpHq8/dEZeachaKBkm1oJoLKARAFkZWtE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 71 15 64 2C 19 9D 4E F7 74 B4 7F D7 B0 5B 4D 45 4B FF F6 D0 
+    friendlyName: Invalid inhibitPolicyMapping Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,588D74E5A29155F8
+
+QG7xbh7WoC9L/rNrseIj+nvQux4U7zOP9BdQSRKJaTb20ydKw/loQoSHLfDyR4OK
++qs2RFYTXuq9x0UwJVBZxVirlvkfikGaOaYX3PdsHyQJxgi5mvXkGzey9sHGPBOT
+qBkU/Bkn41Fle+UGoYesfQ3kZx2j0u8AN8C6r9EoQHRbOD8a/B0ls5q7n6YQ+MYc
+BfmELzhRCkRzBHkwbhBaurI1SfNIlO5ze/VTV0UzDZcRkpzBIiEYBKt3R/wV6rSV
+dEgrdFLgKk2y0a92Ai4GqevmtnJFboKUPb7gHj8hfInN+5M5po76ahHw9fpRlS0D
+/GYzw9Uh2R2cxMr7Gv10GW9MNHB9+zHoOa4v5RH+zPp2edttXAEUCFFFzi952ehb
+dwkJ8HVD1phftmSpmpy6RetpUoMlKjWyGWjE/A/WGrGvnIwrbPfFPo560PZDtNtC
+VUN4hZTiUYe+bf2tycKgSouPP9N5y5Y6t0eIFWh3U0A2YV+VFac7rWHYT8gDr23b
+YYvYdnR29W4M9g23rO65nb4+dMEOfLte1BgdI404/kVVNaBXJL7FndKnCYsUaz7T
+TaL2gh/oT2jA1BxTrJGy/koXjyydLMyPL9NpWETIfjssiDSc6AVp6MuT72Mz33Rb
+e53QYH0shuxRjJ9tQ+iRN85IoJzlzwhEwgo8QjMi1XCd3SIRArrbtzehgAb0HRxC
+QGLVF6mIaGeT7LkBp347v4qM8ezkYEhsF7Sh9Cpb9hxJMCBsv8U6rIyHQUV9xYfJ
+l6gVkis83Fqa1zLydbDIpFxyPO8t1qeCNXMU/PSgi3QQBeq2DvDREJel+eYCXNUc
+0GvZjQXs13e8DwrWufp2dIOW7FwgAR9BtkHSc2gbDoIotVBQPiqC0Yyy8vcSmpLf
+b+NXzqLm6MRTW6+i6qkEqeOVGNRQLyTFoBAiGpVsYhTqdeNMBAulkLc9Wwjbtemu
+lDmfjPoAq/funxct+7NMl+JI3UtmDfa8t6dQ1v5soYa8cby3vcN7pqb/Fe9GwSce
+pkUem8sffrM9Vr0EPNlKi27flJYtu9qbM4wn3JRfIkd5XIeyO0CSHCL5rVgvAHL8
+k6Q1HB0iIT3SJivlVT97ilvVhV5DsRlI52FYQj+a5WExHLgjdx7XtTqaUTnHMLnr
+NSbammoSyY4MKSrf3gNK5u76nMls4QmDumPb+DxDZGqQK/k041bb6oWblJeBQ0RA
+ZO0KHDfNNd+Ksi6dXCATAJ4jOfU9ohbq7kYGjhQZ/y+4/qhe9Z3g6mRRFg/ygc7B
+GEra8F2JiFFzYVqZbRcOeTVfeFsZJ5xP7RVtO4qFdjk+q1udkSQ+CfuEM61A8dXv
+2ByLevRVfAq9BxivadALLcXq6P/Q5/dcjQDB6U7ptgHdDHvjXcVQllGu7esgXLUH
+oK7H3GlRkwVRgdFbJehYEAnc+qee67J4V/QrOXQqaGi5V4i1KHg5RMpN6HDJnY2z
+d54v6DPMOE08xfVai8YSOXx6+mP0kPpQvd+66eD35WrgJf+Kct2uQGcW9SuIQW2q
++rCkdeAWv4PVJTMt5yT1J1j4vQYxKu4+G8QzngeSfCBYIU4rTIBqoRVq1H8Abtd2
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3.pem
deleted file mode 100644
index b1fe680fbd..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3.pem
+++ /dev/null
@@ -1,216 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitPolicyMapping EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
------BEGIN CERTIFICATE-----
-MIICnDCCAgWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBlMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxOjA4BgNVBAMTMUludmFsaWQgaW5oaWJpdFBvbGljeU1hcHBpbmcgRUUgQ2Vy
-dGlmaWNhdGUgVGVzdDMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKb7DrW9
-Hb+KTJCO7IrKHRUs3FihVXeQr2+m4mUyxOo1SFMZQq+7bojuyImkv08GBbeMXPqV
-RHdNWwVUgMMfynWekNRrlwGFNAfSKd+vxmPUTTqzH6fxQqCRx1CGp4dVV1o9BTES
-DuwmZurFPYEu2/tf6gnxaHBNUUsYqRdztXIZAgMBAAGjazBpMB8GA1UdIwQYMBaA
-FFqTS++Wnq4+QxYmpBgeeYui5pshMB0GA1UdDgQWBBS7Wt9YatmqgSrox0Q7yWRL
-lJU+9zAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAFMA0G
-CSqGSIb3DQEBBQUAA4GBADOVfkwUiMO6wkkOxQ/lMXr+bjJlFLz4nFQx7/YBmUBH
-cn7z1B8KAhf9SlqwOmMSz0OD/1ALmdjyX0oymWVB9RWyQyvvmin7tTZKBW0KdcQZ
-GKmRog0HaZ8rHx37ewB3ANJfyarjBABp9einu4Aj8ak+aePYU1mth1YNGS1YVwfb
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpjCCAg+gAwIBAgIBODANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-s4T6CQeTrbqUSlSczfx8iMSRK4ip9F4liS7giqCrZeZYEuP+/XoRZKzqmT3G+io6
-zcenL7cegP9DJnTNuZ1nHEoeJTlhQZq00PD1n33OMK0zhMIirByYBpabztuw1dJ0
-MKKcRzJ1AswgccI8seh2W1FXdFo/vGkDOkcD21Se0XUCAwEAAaOBnzCBnDAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUj3Ywg1+jhUuQ
-FB4GBHs3AQUgJmYwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUD
-AgEwATAMBgpghkgBZQMCATACMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgw
-BoABAIEBATANBgkqhkiG9w0BAQUFAAOBgQCXSeQ5mEkpmqCHstAZJbAGVSNrj3ka
-eA0k2v+n7vDeZ+9F8bByDiBBz3RMTqmdZxQ6zroOPsw66HLxv5D7oJImbhyvFrnN
-uxPGh8hvvP67N7UT9cM0RAoIQHmoI+3+o9cqOnTIJWXXPyq5q08yTrUt1lzFyrcK
-wGB7PyQXRRDWjA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
------BEGIN CERTIFICATE-----
-MIIC0zCCAjygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-KzApBgNVBAMTImluaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJiRgbTlXD7Tr33rE8bkM1fLhA/0RcC0
-n6UIcVb6xSELqRqVIpXK2C038i/3Ta6+eoiCdjT6kvQwsM9uMBJnB7uePzDzpkSE
-G3Php6MSbnAO+6LPrGFBJ0LNo6yXvsV3HQ1Uwh8iND8Yt37obPJ05PzfU6hSnMgV
-47YDMrmE5h+5AgMBAAGjgbMwgbAwHwYDVR0jBBgwFoAUF3qKMAb26lw2QA2u2J+/
-ub2CzFIwHQYDVR0OBBYEFFqTS++Wnq4+QxYmpBgeeYui5pshMA4GA1UdDwEB/wQE
-AwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNV
-HSEBAf8EHDAaMBgGCmCGSAFlAwIBMAMGCmCGSAFlAwIBMAUwDwYDVR0TAQH/BAUw
-AwEB/zANBgkqhkiG9w0BAQUFAAOBgQCh/ZM7m2L0OxzF6RXxeVUhY5xlTjRO0HGd
-0xOnDkOesSYfCI4gUflMo6/T9Ot67Vnb9mgzwWSEXB6g2R22/3DVR1ord/UgZFKe
-w4llbMnwRS5e3zjqLGsLeWk2ZdyjoD2vmKiFBiX+rlHvaLk+5xYcGEfOupTVqWMO
-OHuz9iinWQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
------BEGIN CERTIFICATE-----
-MIIC5zCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAMX6LszkJcSryGVxfI4egJDv3zFztB0M+jGHKEc8
-uPkbpVlPSjM2LWqUOks/C1q34lfaC6J5O+V3/DmN7GjLpJmdjBDn7k/aqGeE7XHR
-Wns707M/rcEWxPP/ErMQNIsqSkvy92GtwuaG7wsY4a+KyB0YCdqikJr6oK2Cvhwf
-LmC1AgMBAAGjgc0wgcowHwYDVR0jBBgwFoAUj3Ywg1+jhUuQFB4GBHs3AQUgJmYw
-HQYDVR0OBBYEFBd6ijAG9upcNkANrtifv7m9gsxSMA4GA1UdDwEB/wQEAwIBBjAl
-BgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBABgNVHSEBAf8E
-NjA0MBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAgYKYIZI
-AWUDAgEwBDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAE3ZflJR
-6b/Pwip7bO1ZIkiym+8uTzlT5nx3CF4P5Yyhje4VKVqoAOdljbZoaL5x1Zdd733W
-MxbQk/QP+wziLjZJlnqX+lSxg4wUiSU6mGtDJ1rPwMsbiiVBld7iP5JhFAWoTg0b
-XJ0ZSTHABPtNeMg2desSHwfh2I5WtX3hpXwE
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8F:76:30:83:5F:A3:85:4B:90:14:1E:06:04:7B:37:01:05:20:26:66
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1f:20:b6:9f:f6:68:a0:22:5f:24:73:c0:ac:bc:8b:05:86:58:
-        7b:97:ad:38:8e:70:61:7c:17:9d:38:21:06:0a:72:b5:41:3c:
-        b6:9a:93:77:6f:e3:15:e6:06:74:67:90:b1:95:56:f2:be:52:
-        21:6a:de:f7:bf:d9:2c:12:11:9d:dc:f9:ba:46:f9:92:24:75:
-        ef:83:af:a2:8b:3a:79:da:ca:c5:72:a4:7b:19:e1:a2:f7:02:
-        18:92:eb:a6:1b:74:bc:ba:62:51:d6:9f:69:af:20:34:3d:43:
-        08:e7:15:da:75:79:b7:81:6e:ae:95:08:cb:7d:e0:3a:50:7e:
-        c1:7e
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEFICZmMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAB8gtp/2aKAiXyRzwKy8iwWGWHuXrTiOcGF8F504IQYKcrVB
-PLaak3dv4xXmBnRnkLGVVvK+UiFq3ve/2SwSEZ3c+bpG+ZIkde+Dr6KLOnnaysVy
-pHsZ4aL3AhiS66YbdLy6YlHWn2mvIDQ9QwjnFdp1ebeBbq6VCMt94DpQfsF+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:17:7A:8A:30:06:F6:EA:5C:36:40:0D:AE:D8:9F:BF:B9:BD:82:CC:52
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        01:73:17:d4:24:e8:3a:79:6d:9c:a4:96:74:fd:60:fa:65:82:
-        c6:0a:26:9c:64:d6:f8:c5:01:8e:ce:70:b2:a4:1a:a0:1c:41:
-        df:1e:a2:36:1b:4f:2d:56:6f:ef:e2:fb:e7:84:d3:aa:0c:08:
-        04:44:67:57:88:8b:34:b1:74:8c:57:96:9b:e2:b7:dc:2e:d4:
-        a3:05:41:bb:24:fa:be:2c:a4:cf:be:0a:aa:8d:64:ff:6f:ee:
-        e1:24:c8:06:8e:15:fb:fd:19:fe:92:d6:55:84:ae:71:58:2c:
-        6a:65:53:34:39:20:43:1a:5b:20:41:81:00:6c:5c:10:25:b0:
-        3f:f3
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFBd6ijAG9upcNkANrtifv7m9gsxSMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAAFzF9Qk6Dp5bZyklnT9YPplgsYKJpxk1vjFAY7OcLKk
-GqAcQd8eojYbTy1Wb+/i++eE06oMCAREZ1eIizSxdIxXlpvit9wu1KMFQbsk+r4s
-pM++CqqNZP9v7uEkyAaOFfv9Gf6S1lWErnFYLGplUzQ5IEMaWyBBgQBsXBAlsD/z
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5A:93:4B:EF:96:9E:AE:3E:43:16:26:A4:18:1E:79:8B:A2:E6:9B:21
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        64:90:80:33:7a:e3:e8:e4:66:09:4e:4d:1d:ae:cb:f4:f5:b2:
-        ea:4d:48:24:be:04:8f:39:9e:c1:da:6c:14:fa:0a:a5:be:47:
-        84:19:27:c0:3e:15:ab:18:78:71:0e:93:e7:6e:c8:05:ea:f2:
-        bd:c3:7b:fc:52:04:be:fc:b2:22:80:81:35:b3:ab:57:7b:23:
-        ca:39:66:ed:47:19:cd:1f:2c:ab:14:4a:28:5d:23:ab:24:7b:
-        e3:51:bb:78:79:05:20:25:ff:13:4f:c5:d1:2c:e1:67:b3:e4:
-        29:35:2b:1c:5e:aa:01:17:aa:49:bb:04:66:52:a3:1a:7c:0b:
-        f5:57
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFFqTS++Wnq4+QxYmpBgeeYui5pshMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAGSQgDN64+jkZglOTR2uy/T1supNSCS+BI85nsHa
-bBT6CqW+R4QZJ8A+FasYeHEOk+duyAXq8r3De/xSBL78siKAgTWzq1d7I8o5Zu1H
-Gc0fLKsUSihdI6ske+NRu3h5BSAl/xNPxdEs4Wez5Ck1KxxeqgEXqkm7BGZSoxp8
-C/VX
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3EE.pem
new file mode 100644
index 0000000000..5b1e4ed0c8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: EA 9D E0 FA 86 7E 3B 5C B8 87 06 8A FE 4B 65 C3 6F 21 7F D7 
+    friendlyName: Invalid inhibitPolicyMapping Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitPolicyMapping EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqzCCApOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMiaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGoxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTowOAYDVQQDEzFJbnZhbGlkIGluaGliaXRQb2xpY3lNYXBw
+aW5nIEVFIENlcnRpZmljYXRlIFRlc3QzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAv52QYQ1BWUErsri346fudEihcaQNINeU16WfsFvSYR/3ouv3u2Iu
+kK9BngF3VahW7oyBeXwxmj/iAV2jimT/Fi1g2h639V3eHn8mOa5f9xzRbnUDk7vz
+HqIx8UYup1zPcup4grk44BrkYyJoE3U4CRxDQB2Vw6lNV6osd+MuNyxkFZLnOie5
+Hcl3UoXWG4lc5nCN5iNxxkaooKKlnOh4UR0Zd1jUh+AVP2zkzjw3OtER8PILl3fv
+9hN/qcwW+0BSAemGQJDV5Nd7D5fCNJzbbXHToA3k/Bp3F3BqeE45IdFv4varhUjc
+9pXAmno8Y9TXt6QAM5iN5UaJvOLTHkqqUwIDAQABo2swaTAfBgNVHSMEGDAWgBTX
+gFwTi45BdroKtXNx6KNAgHQO0TAdBgNVHQ4EFgQUfdcKiPEJVz+3CWS6VMEBm+M5
+jCIwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwBTANBgkq
+hkiG9w0BAQsFAAOCAQEAVLVv3n3zSEYB7Pva607pG1mONfUdPsSkK+F+2SA3tSDW
+v39v9BuFVejJ/WcJi8S9Oj7dB4F8GkbH/Mgjlr/SGWNC2gG5z1eG/Xa5ZsVYxT8M
+o1XTK4S8TKdPPT2fvL3rHFwfsvhjama4zbB9/cG4HV0rRGOZIl2Dr4DwfdKxVllu
+pF8syWwTfzNOPiwbBVGRVDqVapQ0s/qjMkwKYmVj0E+xcVphBmjG5f4KLzB3fTiL
+YQHp6e/hD6fqDy34gnJKnvIdIpPS3mCJ32jUvs00gihBUXytvmF9mDmtx4D0gr/I
+HW06yZ8bXGZay35h+u/+32Qi8rs6E5p9xZjqhk7yzA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EA 9D E0 FA 86 7E 3B 5C B8 87 06 8A FE 4B 65 C3 6F 21 7F D7 
+    friendlyName: Invalid inhibitPolicyMapping Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2EFFAF2EC16FBA85
+
+mnA8D/OO9/bRdXRtgF1460ooWSCBxgdMIp/ykM51o530doJX7pWwntIUnJstg5aZ
+wHhC7vJUrpcojZl1jzjNlMPAQ2GD5Tf3vGgvn+RoNrslRY8b0ipPh1R+73tn6ChN
+6dRI/GFbX0DbyxECglvrNynf1jbQaK+ljECnvypbjkBic4daBEAZzREP0RqWXzb4
+54MUmDGBFiOuGYNrUmFBk/1T2neOTHI0ry0nYVQqtU80QsNVbsYTs63dY7YR4RZQ
+voC+jW8xsrRFnCZkkmAsXFPzJPK8aUI5oAuOuE/cq0ymOXz3PcjGtZ5J0pCK7ruC
+i/YdtSmHwoJH/TEV/hWErlSduHziitORjqk6KHnSRUbU+bd2CEcgo9JBwn9OV56o
+QdUpPFfdrGFA768qPqmQnXSCeCUGvtqIR/sxdUhQ0LLUbdbMDgLsaOqXkXwchTPC
+LvWexL2kbtQUaUaV0pgDlaBfRYx/Vdm7hhM+b8Fdd6zy1eET+60fdsLyZuh8eyXx
+jDIWCRh7htT1XPdxGsCTXBMzgjG2PmbMfXWuZ293YnRsWx0Ll5Ed48kvzQiLjPEq
+duVDh9PIw3lOnjZGBk33ubn+8b/ZmCkTCVbNT0c7a060TXgekJnoXxut/7bexlf+
+nq57Z9JBmhVpUrT8Nu0Qrss/OwNuE2ZPUPDxzYoPqXu+WEUqlgs0wmpcpCFxc79z
+ELYXJAK1pVkw9ddVouLXbB+u+C7YpmoxZg8biUb0Z09eTDcw5ngHu8MoUMBLQpho
+TSrC/pH0fEpe192cqWyUY1oaAfFFzzRLvTSfBvzHYEGI3pPL9+4JSKbBvRjyIIz9
+yiPnXm673/mchrkKM4kfACRvhIlbUtF3VcZAE10mI24teFnsS+pjBij+hDI8fh8z
+W4CE9KUj/AhXGfjFveFRVmJ1vi4WX9h8Sl76Ne1MEqzyha7jNc+8orwMOEoHXI+v
+Dkws7KLCtVfhsRY14vQXFuOw02H3hQI39VfMhb7gerfllO33ZjdR8ygNuGc0DI0l
+H4Zib5SgtuawMpxKLH9hTCCQqkssKS6UZUtCP8iOnz5xq3+x7aRLblZqpINVdBEv
+DkPcROdqssbzHT29kheDd0KfZJF8zAHzRBvdM1LFLyvlJuSyWnnGuRDJj9Ttno+g
+/QZVRbjs/LIz74FOQjx33rFJGYGewH41mz6+4BbFjYDo8Kee9sqxte4Dj3YnNgdV
+Wcb3UDFHNv0qy9Ec/U/6a2JNx0fT3sKl624j+GMDddJv7/2ToR2GWYb5vF9peoUE
+KaeyGlIdi6nfCtTJzbTlg6on+i3T8xnft0IdrfNyfm8h6q7TtBYgsBhJYHX1sccc
+YY9oOcfq8Ymm7M1ER6wdTKYZY8WFXRCOtUrK3N3TrVStpjhIxlYgCILeCYo2/ceC
+GzJLjSlaXUWGZi0JziP0jym1K5poLrhVQGaRQ/NZheSmJ4H+s3BDFwy2g92Slb8b
+pw58GvcOukDjrAPafNRn8C5unDLBkHjHI0OzS1VvksldFRHuLhqvYmzFgbGq68M5
+hzakqEVOTr+Ny3vqF6nXOpVn1ckkUbMa54uPtiTM/LxJPpODjvCYXA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5.pem
deleted file mode 100644
index a14824bcb7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5.pem
+++ /dev/null
@@ -1,264 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subCA
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nNSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmc1IHN1YnN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQCzgPv0jUMseTafKoAOspqZCAtVctNqO5SipAee2vLt
-7PijWRyqmveQUmDdJ5SFkFnevzRHhOINFIhKjygmtJQe0px86XknNJhW6OPICI2M
-jxgzst9Cs5w3cYjsOxsD5+FXzritqz6jSQ8Fa52IhmBYcbRncSOcu2IOGGMOUfLf
-7wIDAQABo3wwejAfBgNVHSMEGDAWgBTvkHRdvSchXG13RCZt3L/7vmNrCzAdBgNV
-HQ4EFgQUBN9qa50ER9oRS3e69lS0UhaUJsowDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
-IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-BQUAA4GBALo5V4PwqAf314Emx79p7ce/cKrLjdi63pS2BsN4dFQ7TbY4Uru6/0Gc
-lZvOzyBVyvb4KxYTgvmOUkaNIpEe6xyRjHN5oAOEuOOgnXjL6kQz1st793h3WaTA
-hTg1AyHkktBRVhr0g1rCHCsGdrq6HSU9jZqvOOPaWomS+woTciNh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClDCCAf2gAwIBAgIBOTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYaW5oaWJpdFBv
-bGljeU1hcHBpbmc1IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmgb4z
-lKzduO0U0YgdsR69hYe1HUrPtFTUc7C3KMaX2LsYdutgdW5fQ5atnORTBTTRY11C
-G4hIuo7WabxJOcSK9lrleEw58bZjDsNc5/o8xo3cF1zkmc6/DH4P5CGxk0nOzeLY
-XJ9vyj/nZc5i0k6H7NU+cde/s5tknCDntmnf3QIDAQABo4GRMIGOMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBRAFr9wLgI4+Lavp1rZ
-sgNDWZj1TDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBBTANBgkqhkiG9w0B
-AQUFAAOBgQAfLQvmb/5mx+Mi05zSJQyITwTfrw+AMrYezSpljeUZcymBLkK64BCs
-eVXrxImcI3hi3oWPcJL2dt5mmQB/o96qOYkEBbxDD0WQ0rwKgXOODhD+Di5aZPqB
-g9ZeBDxQgveLqLpEh0JL0MwJDLXH8Lca6XVdmPmFuaob3aIOP/zdcQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitPolicyMapping EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubsubCA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xp
-Y3lNYXBwaW5nNSBzdWJzdWJzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMGUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czE6MDgGA1UEAxMxSW52YWxpZCBpbmhpYml0UG9saWN5TWFwcGluZyBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0NTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqU2HY4J5
-i4TyagwhHyTz6DgQT7GKk0xSor3iKrPjBUTpEVWM041qODnfp8RL42lhZ24okQbQ
-8DoNH5dL/jtH5RsbZnfJnhHL8GDttKjLwHpRVRLbv4IlV4eQoPzTSRR7D0ishs06
-PdRXDoy0+UhNcABrm3ko1gZjAcPRL/ammFMCAwEAAaNrMGkwHwYDVR0jBBgwFoAU
-JLZxrVfA94Sar1a34h5IbPP9rjEwHQYDVR0OBBYEFEqYOSxfq1nokOSM2rwp2uDB
-0O6pMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDQYJ
-KoZIhvcNAQEFBQADgYEASMkNNbv9N1yfYt5C2j3Lmy5rhbrTjrEDjNCJsQ1Pun3c
-qrJCtX52pGRNef3Sabh2W4jOExljobE/P45PdPw5uJtQd7YgGN58cr6wOz08SA2c
-j4vAlaNjcbNW5d3sUX6LgXFOHsamawjTncegVpR7mCY8lqVjxmW9ha9NF7h6ACY=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 CA
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRQb2xp
-Y3lNYXBwaW5nNSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8x
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UE
-AxMbaW5oaWJpdFBvbGljeU1hcHBpbmc1IHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQDcDskVa22gKY6hi1NN0qxc3EGcrc7Ef9QD5LomWJ0NbPF2omux
-VOp4diM850F8rFaVpqHpOI6ElWc1K4PYVN+gp/sZ5V6unFR0ixzEvpsPTZa38btH
-kcqGMFfxw/f5HtdvgB1dt09da6xG2UFKxnubgQuxUPEx9FcEYSCrbLq3gQIDAQAB
-o4GOMIGLMB8GA1UdIwQYMBaAFEAWv3AuAjj4tq+nWtmyA0NZmPVMMB0GA1UdDgQW
-BBTvkHRdvSchXG13RCZt3L/7vmNrCzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0kAQH/BAUwA4EB
-ATANBgkqhkiG9w0BAQUFAAOBgQBNZ4dVlouj30O2fD0c418lyzVO85YIAuof3wDW
-LW4XjH/r40L/BUPDyFJceZXA7Yaym+UuYLZh9RQBEtkplLkcqgezH5GT5EkefBjQ
-CrQFgsqRttLQAuw03v+2I9a8vHY3u0L2puzJQ1l1GkV4gqSAgEv2YVdva0gkq7sQ
-52udtw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubCA
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nNSBzdWJzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMFUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEq
-MCgGA1UEAxMhaW5oaWJpdFBvbGljeU1hcHBpbmc1IHN1YnN1YnN1YkNBMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT9hQ7qYK6NHbsH0I4rzox6PZHPasVXKNr
-Er1k+U5DVQ4tuCaZk6QEdBpLSMc4V62MtVl6mu/Zox73h6yvllHZDBuH63fEVFLc
-WWCQ0TejhcMx4wp6A0TVqocawS4C1gMhOeXrYZ18ZWakU8DPVwOb23y4/zseqUt6
-1tXPvs2uwQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFATfamudBEfaEUt3uvZUtFIW
-lCbKMB0GA1UdDgQWBBQktnGtV8D3hJqvVrfiHkhs8/2uMTAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZI
-AWUDAgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-BQUAA4GBAHwn3D10SDne03e21/XMdNEGPmNE+jCS3S12gtAPbeHa3KxqsmmuBcEv
-ahsKPoF8CtAAPiLUK4M9GqwK5Vf0bsBlduOnF6vSnZQGKp9OQKOhbTfIoLSWRGIF
-TtQX94lVnOBpO+qXCl+FBKm/eUGyAa6/K1s6vwVtNwW2uT1YPKe/
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping5 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:40:16:BF:70:2E:02:38:F8:B6:AF:A7:5A:D9:B2:03:43:59:98:F5:4C
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        6f:3b:6c:aa:51:1a:cf:0c:81:3f:8c:c1:f0:60:03:0a:7f:36:
-        01:0d:82:fe:71:4a:14:99:5d:f7:cd:33:30:2c:e5:11:0c:8b:
-        6e:7e:79:6f:56:9a:eb:cc:20:49:44:c0:1d:33:2a:3c:52:98:
-        3a:dc:32:37:d1:54:16:96:4c:b8:e5:32:39:ae:93:d5:8b:1d:
-        36:06:b8:bc:05:d5:d9:71:bf:79:4f:b9:45:6d:86:50:38:b1:
-        af:af:68:eb:32:c5:77:86:53:6f:d8:dc:f1:a8:bc:e2:fd:e0:
-        4b:81:5b:1f:33:7f:9d:2e:45:c9:66:1d:5d:8c:da:ad:79:aa:
-        8b:7f
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRQb2xpY3lNYXBw
-aW5nNSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUQBa/cC4COPi2r6da2bIDQ1mY9UwwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAbztsqlEazwyBP4zB8GADCn82AQ2C/nFKFJld980zMCzlEQyLbn55
-b1aa68wgSUTAHTMqPFKYOtwyN9FUFpZMuOUyOa6T1YsdNga4vAXV2XG/eU+5RW2G
-UDixr69o6zLFd4ZTb9jc8ai84v3gS4FbHzN/nS5FyWYdXYzarXmqi38=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:EF:90:74:5D:BD:27:21:5C:6D:77:44:26:6D:DC:BF:FB:BE:63:6B:0B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        33:e0:23:55:35:fa:8c:e8:35:21:f8:35:28:a6:2f:57:5b:6b:
-        df:3e:12:97:76:05:15:72:73:5c:da:7b:17:86:63:13:80:19:
-        33:5e:c8:f6:3b:13:a1:33:e0:06:ed:1a:8e:1f:ef:8a:02:cc:
-        9e:33:22:c2:b5:94:05:32:98:0e:65:71:02:c4:ae:e8:36:9d:
-        81:d3:9e:24:51:01:77:ea:d1:a9:a1:e6:04:c5:62:bb:82:2a:
-        7f:aa:3a:59:a6:72:48:95:07:91:ba:34:20:26:a9:d4:ef:6b:
-        11:09:57:8e:64:19:29:70:77:34:92:e3:eb:82:9a:c1:ee:a9:
-        83:32
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nNSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAU75B0Xb0nIVxtd0Qmbdy/+75jawswCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAM+AjVTX6jOg1Ifg1KKYvV1tr3z4Sl3YFFXJzXNp7F4ZjE4AZ
-M17I9jsToTPgBu0ajh/vigLMnjMiwrWUBTKYDmVxAsSu6DadgdOeJFEBd+rRqaHm
-BMViu4Iqf6o6WaZySJUHkbo0ICap1O9rEQlXjmQZKXB3NJLj64Kawe6pgzI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:04:DF:6A:6B:9D:04:47:DA:11:4B:77:BA:F6:54:B4:52:16:94:26:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1c:39:2f:17:f0:d4:ca:3a:70:97:52:46:b0:ed:08:8e:3a:3a:
-        92:e3:5e:f5:33:4c:73:0a:a8:14:49:ae:ca:d8:90:6f:e1:ec:
-        23:36:9f:95:e8:a9:d2:b1:6c:2d:99:94:21:f2:6b:7f:98:c8:
-        f4:e7:f0:a8:26:e4:58:e6:a1:f4:68:dc:10:33:a1:c6:c5:0f:
-        a7:a6:7d:1b:4e:cf:6e:b7:72:71:a2:6a:d2:e5:e5:e1:b8:d7:
-        88:3a:a8:d2:e7:bd:a4:ce:ff:1f:ca:f5:7e:7d:fd:2c:4c:03:
-        2f:96:87:d8:4b:ba:35:a3:63:e2:87:cd:95:2e:c9:34:97:9c:
-        fe:30
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nNSBzdWJzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUBN9qa50ER9oRS3e69lS0UhaUJsowCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAHDkvF/DUyjpwl1JGsO0Ijjo6kuNe9TNMcwqoFEmuytiQ
-b+HsIzafleip0rFsLZmUIfJrf5jI9OfwqCbkWOah9GjcEDOhxsUPp6Z9G07Pbrdy
-caJq0uXl4bjXiDqo0ue9pM7/H8r1fn39LEwDL5aH2Eu6NaNj4ofNlS7JNJec/jA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:24:B6:71:AD:57:C0:F7:84:9A:AF:56:B7:E2:1E:48:6C:F3:FD:AE:31
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        35:d5:ce:cc:ec:10:2e:1a:1a:f7:ff:19:1f:16:bd:7e:46:c2:
-        ea:f8:79:b1:36:48:74:28:e9:6a:68:59:f0:a0:32:c5:9f:64:
-        f4:02:5a:bc:5c:2a:bb:62:10:2f:73:66:a7:cf:de:b7:77:26:
-        1b:c8:7a:95:6a:2f:1d:e6:3e:db:1b:15:02:3b:fe:bf:e1:5f:
-        3f:08:29:6b:a7:84:0a:08:46:6f:66:f3:71:84:41:97:8f:96:
-        02:39:ab:ea:c3:c9:21:99:1f:6f:93:5d:19:4b:df:95:59:60:
-        0a:71:2b:a9:e6:a1:bc:e0:e4:fc:5e:b4:a6:2c:99:a0:2a:76:
-        cd:d4
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBw
-aW5nNSBzdWJzdWJzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUJLZxrVfA94Sar1a34h5IbPP9rjEwCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEANdXOzOwQLhoa9/8ZHxa9fkbC6vh5sTZIdCjpamhZ
-8KAyxZ9k9AJavFwqu2IQL3Nmp8/et3cmG8h6lWovHeY+2xsVAjv+v+FfPwgpa6eE
-CghGb2bzcYRBl4+WAjmr6sPJIZkfb5NdGUvflVlgCnErqeahvODk/F60piyZoCp2
-zdQ=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5EE.pem
new file mode 100644
index 0000000000..3c52fc5fc4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: DE 8C 5F DA 70 9A 8C 60 6F F9 AE BB A1 65 E3 82 D9 09 27 B9 
+    friendlyName: Invalid inhibitPolicyMapping Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitPolicyMapping EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subsubsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhaW5oaWJp
+dFBvbGljeU1hcHBpbmc1IHN1YnN1YnN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowajELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExOjA4BgNVBAMTMUludmFsaWQgaW5oaWJpdFBvbGljeU1hcHBp
+bmcgRUUgQ2VydGlmaWNhdGUgVGVzdDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC0i3fp+XfZPUG9DSTq/8OqOa6mw5BfqUR2OVuxulyooJ4qHigWqHCk
+muBd/ACPkowfECXCUCBypLRZ9hfDv+jZ+Jm5VWVMQ9N5qEkKae0BIxa7yv+r2r7Y
+5zHMWK67D0qIh29nCdCJE9aH4q56ig/8oz5icRc5tA723KT7/nDHVBGIfr5EPkAI
+/W2x1uNEwq85Qvy1bQdCUQkH4tbe0qLpYs013UQNFNH/NLuRQpDYFTMTyGApf34r
+gNlFzcnwNtbDj8ewQITe4LWC0zw54McUtzmqdvSdSaawg91XyXg7bg6ecDoRCnPn
+Ig/bCtm5RYKwPOIG5TMBFpn/vUtdUcyhAgMBAAGjazBpMB8GA1UdIwQYMBaAFK5j
+y9fiw3Hj9M5u/DX0m9JNPtwXMB0GA1UdDgQWBBQMlU4t80WgAZvBvO7pkJDrW61R
+nzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMA0GCSqG
+SIb3DQEBCwUAA4IBAQAubNdSsC6g4XBAAeavQ+94LbgE5Doy/MprXYSH7gGUDEDJ
+aLUiqgOS4imF0gdBv2v4PQpsD3yALD4igMdIwO8M7wMSEwY2WyCNHa95KGmzvbSl
+CcYjpPqXsrZOrZjYWF3JSSjIBEFVzWgSM5pGbtAnRD+wRXygTBGkUzKq9Rj6pFUs
+FWs90SxaR0EBCc5vtNcpIQK5iXnYCO3rPHzcdcSN5Cr8VCrt5WvCrbxLFIoKr/Kz
+KKoj1CbFqedcGBnRwwskfTLvEZdDs9xTr8I+A9DAZEoIPrcVB0rz9MH4biZBPDBg
+GxCqwudDV9TUmuqh1Udp39odeV1CPWfTSzJz/gK2
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DE 8C 5F DA 70 9A 8C 60 6F F9 AE BB A1 65 E3 82 D9 09 27 B9 
+    friendlyName: Invalid inhibitPolicyMapping Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,00F5B427B5DC90D5
+
+HL3b7J8zUgENhTrSgUcPeQKTGJF3nUZi2FSeAC6x9TQW2jciLcI+ySs6oovnLbpv
+KRRcr9wgPwjw8fbzajYEVK6Q041QNE7XdOocq167PtSdKmQVMlLTabzsNNvHnatb
+A/vXXFk7OGWEKuit8HBTYiK38Ur1xI2YNT7kx6Fu7udBoimPZ1dj5y8dktbzWFCq
+pcf2xrhKbXhCZvTAcaDZgQHJWcnQIzTFdEa6L78r1eavrtD35ebEYyNRePSGSmNp
+1cDJ6CF5INsSvmdAjWIXHYmmoqdRe1buLSq8ar9pc9jfxYZjH+RnqWqiNdakti2a
+FUMn966dQCxaTOmWeruSg4ySXos/E1ZWwhY3qzuwc0PSc45dLr/FNY1YB5VtrHlZ
+OXd+s/CdElmXATjt1f05+AZAzRw32JENUHBNPLlG5v0Ze79y8aQyq4FWIZvfawoE
+su0W0hIM9EEb+Jgfl1Lew9FeKHETnzOQcOKvxQwnzbiwwG3v/ttFkquRAN9y3rn+
+uT1Ab1uBK/KptHBJlC1xcL4PLmM9vxsM13xsPdzbnRXvgvouAmZUirrwdQkau0K9
+mPP5GfhmV+yueaUleLa+KitNH2sSQ8hYUHZL8JfUFR1T+XAL+njZsVw0kdmbVsTs
+FCmRhPUYABxZInGRUXS49AFKbS+nz6+m5p825R2/kGmu6Kj9AX273fzWUvQT28J1
+IL/GEbIrp9uMm8rokUhCJNKW7us5A1M2cxXCVtGGxX0SuP0UdrOvaeepBFAqoqV1
+2X/jNPaEpu82pIXjYOZU2p/JSdQiwHrojcJUeiWl3gALhNkuwaesPOrIYow5Yv+u
+Nyro+J2aSYcunfuUgD/0A7lhpXae2PGFG6dP/GxJzsNYvaj/YCZb4MSGh/K9qpP7
+e+1YTxwRE4jcpwLb1RrpcuuPVmT6c836hbHPTJHnq8ELyDYooDum6BwquVifebZj
+nUaxpmL5hHgR6QR9GdmGiQBlWlGZo4lmOBMBIVqnW+OWKSgJFUSdsWTmZBGmYrG3
+cp9bj8hNFfGt/G/11atg/A8jJZlv17s1xYWcM6QUcAhCnCwvftL+N2odYYwhcD6e
+RIO11B5MN/jDDA42qvZic1wk2MKp0Vs1c/LcvDhyvYv2KxbTg4ytyy1g+LvVBZFY
+aJxgrSaZ+kuvccc2KWgDe4XSOnxqv5vh6mTY4d4RxJPAvDrjWMcTqJSDoKyApKZf
+k49dNtwzLQj1iZM5T6aDYOAMhCvphHlIFqBaF/XPtdoPbzOSSjnfBxORYRfQ4/ON
+v+LcBcDMBOJPzyD2IIvQCUrhS3e5+1KLBARrDH7Z4i7g6XP47mirM9tujdTmBeL+
+UCxgqpjEChegVP8aMWj6jVzjewDHLhv4S6PIte254vBHROT0WRPgRwP6qgeN2/pm
+auULnZwpXuYe3bwUtIYWMrO8Esi6AMvwWhVcLpZy6aV3hbqkUsUL+2t47VLToReZ
+p3ZKcwKs2lzCLyFc3eV6ZfuCrUfk3cZxISPs1ENS92KUGPKCsgWAybCJrKmjJTtB
+SyiNMKvAUySLMeyxe14tgIp+3cMOvksQmFXbWWWm7ZmcU/pRze1Be3jJaCO+MB5k
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6.pem
deleted file mode 100644
index 1e617839c9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6.pem
+++ /dev/null
@@ -1,217 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitPolicyMapping EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCAIPM5
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0FJUE01MB4XDTAxMDQxOTE0NTcyMFoXDTEx
-MDQxOTE0NTcyMFowZTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMTowOAYDVQQDEzFJbnZhbGlkIGluaGliaXRQb2xpY3lNYXBwaW5nIEVF
-IENlcnRpZmljYXRlIFRlc3Q2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-pIyvpHy1AEaR244X+WehPi6kJ4zfm/clYT73uCvd/wtRc1ecFT83WALtOg6iWRxn
-DxQ/Av2+6Sb5BGvOIyHVT/2cJIf325EZ/zxW6u9qb6+u2oWp8PX5ddUbH7yKAmXm
-l3p3cVsZB1GkL4KdBrCQGdF8Khnb5cF5YBSuYEPZXQIDAQABo2swaTAfBgNVHSME
-GDAWgBQkqwNVlYuV1wNEx93/fv32kbGgFjAdBgNVHQ4EFgQUYSBfuS0yhqXL/Jfv
-5l9yYaw12g8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-AzANBgkqhkiG9w0BAQUFAAOBgQBa/IMv8cgYRBzo8cjsbIb+tzD4986MKnaHn5lL
-SEdCOU8nZTscVwdXEg0N1Bza86ara3HXHtgpLauXgmcA0L7BUkGJty9vIMzqc6LN
-VfDTX5iZoftoIKzFx8AsQio3Y9BlGRGU1NxKWyvrZj+PvT9lXym/Moe+b5pxez8b
-WLtRZw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpjCCAg+gAwIBAgIBODANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-s4T6CQeTrbqUSlSczfx8iMSRK4ip9F4liS7giqCrZeZYEuP+/XoRZKzqmT3G+io6
-zcenL7cegP9DJnTNuZ1nHEoeJTlhQZq00PD1n33OMK0zhMIirByYBpabztuw1dJ0
-MKKcRzJ1AswgccI8seh2W1FXdFo/vGkDOkcD21Se0XUCAwEAAaOBnzCBnDAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUj3Ywg1+jhUuQ
-FB4GBHs3AQUgJmYwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUD
-AgEwATAMBgpghkgBZQMCATACMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgw
-BoABAIEBATANBgkqhkiG9w0BAQUFAAOBgQCXSeQ5mEkpmqCHstAZJbAGVSNrj3ka
-eA0k2v+n7vDeZ+9F8bByDiBBz3RMTqmdZxQ6zroOPsw66HLxv5D7oJImbhyvFrnN
-uxPGh8hvvP67N7UT9cM0RAoIQHmoI+3+o9cqOnTIJWXXPyq5q08yTrUt1lzFyrcK
-wGB7PyQXRRDWjA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCAIPM5
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
------BEGIN CERTIFICATE-----
-MIICujCCAiOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBXMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAq
-BgNVBAMTI2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3ViQ0FJUE01MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg4hWz7PbBhsTO+fpr6qznJLoay+MQhSxm
-gq7gcER+qcx6hOwpIxvX2HUQ/q5RqJ6X539C1HyngpS383VGDqxzWTILMJ9p79He
-5GhleTga2r/BSvq51G4uSJz4iJUJDEhzhQncRKUY65v1L8dz+lh/IHLRBGues3zP
-dWc1cRQ1mQIDAQABo4GcMIGZMB8GA1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEF
-ICZmMB0GA1UdDgQWBBTm3o5WsPOWysSqTpK6CZqUqZRwPjAOBgNVHQ8BAf8EBAMC
-AQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwDwYDVR0T
-AQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgQEFMA0GCSqGSIb3DQEBBQUAA4GBAEge
-Ag2ZoOuHLLqscTmz4NbRwXvWWtesM8lVBhQtShOlAgBpxm6c7kd4e1LMeAPN7yPD
-63DL3mDZnK+qtyvqXaK3uVSMg9CMGsGCqXGDRbmml0nbxbkLNGKYEtkJVzmIR9nZ
-vf0ZHnAqC4006H8s1uFPNIJwjb6hfK6oecY1nqms
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCAIPM5
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCAIPM5
------BEGIN CERTIFICATE-----
-MIIC2zCCAkSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAqBgNVBAMTI2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3ViQ0FJUE01MB4XDTAxMDQxOTE0NTcyMFoXDTExMDQx
-OTE0NTcyMFowWjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMS8wLQYDVQQDEyZpbmhpYml0UG9saWN5TWFwcGluZzEgUDEyIHN1YnN1YkNB
-SVBNNTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoWsXQ0sXtSdVHZZ6NBai
-/YaSnuULPstaxcOXjt23ujwGnhffZLbzqoz6crjhOj3j7u5CAl76NNcQPuYi9/EW
-vxys93HyGAbgpl+YZ/zKL61BPTj5sBK4l5NEQoKUoPZsoeTDTXyD3HDWMDlJifXK
-gDYpaao45yFD8N0WCfd8pccCAwEAAaOBszCBsDAfBgNVHSMEGDAWgBTm3o5WsPOW
-ysSqTpK6CZqUqZRwPjAdBgNVHQ4EFgQUJKsDVZWLldcDRMfd/3799pGxoBYwDgYD
-VR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMC
-ATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAzAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAImakMw5q9O9ghGN6g4TQ/IG
-gI7NgrjqoAKQiqZuD+kmbzSf1sGONmiLK44kykgJ0zZY4xbkoXVOQiNrnqDclNdf
-Za0+Fmvfx9vVTlSoLQGwSHE3oWDKcamton847GkEmnP0RacqUkRkgpZam83tnDEX
-c6eHTCxBYDmTTPuFe4fi
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8F:76:30:83:5F:A3:85:4B:90:14:1E:06:04:7B:37:01:05:20:26:66
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1f:20:b6:9f:f6:68:a0:22:5f:24:73:c0:ac:bc:8b:05:86:58:
-        7b:97:ad:38:8e:70:61:7c:17:9d:38:21:06:0a:72:b5:41:3c:
-        b6:9a:93:77:6f:e3:15:e6:06:74:67:90:b1:95:56:f2:be:52:
-        21:6a:de:f7:bf:d9:2c:12:11:9d:dc:f9:ba:46:f9:92:24:75:
-        ef:83:af:a2:8b:3a:79:da:ca:c5:72:a4:7b:19:e1:a2:f7:02:
-        18:92:eb:a6:1b:74:bc:ba:62:51:d6:9f:69:af:20:34:3d:43:
-        08:e7:15:da:75:79:b7:81:6e:ae:95:08:cb:7d:e0:3a:50:7e:
-        c1:7e
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEFICZmMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAB8gtp/2aKAiXyRzwKy8iwWGWHuXrTiOcGF8F504IQYKcrVB
-PLaak3dv4xXmBnRnkLGVVvK+UiFq3ve/2SwSEZ3c+bpG+ZIkde+Dr6KLOnnaysVy
-pHsZ4aL3AhiS66YbdLy6YlHWn2mvIDQ9QwjnFdp1ebeBbq6VCMt94DpQfsF+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCAIPM5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E6:DE:8E:56:B0:F3:96:CA:C4:AA:4E:92:BA:09:9A:94:A9:94:70:3E
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        14:9f:a7:ad:6e:15:65:a1:9b:cc:49:11:63:ae:0e:76:54:26:
-        5f:8b:a3:f4:12:98:db:47:80:4f:38:bf:c0:0a:f6:d8:df:b4:
-        07:7e:06:6a:ae:f2:9c:6a:c2:9c:6a:75:99:df:19:36:ee:d3:
-        de:59:91:32:7f:08:93:c3:31:6c:b1:cd:42:cb:72:74:04:27:
-        1c:49:66:33:e0:10:8a:99:32:7b:66:6b:8b:8d:48:21:23:6d:
-        1f:c4:b4:40:d6:8f:76:00:00:9c:6e:a1:bf:90:95:5e:b8:8d:
-        e9:c7:a1:18:f1:bc:5c:28:05:7c:73:72:85:da:f1:a6:00:53:
-        5c:0e
------BEGIN X509 CRL-----
-MIIBUDCBugIBATANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAqBgNVBAMTI2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3ViQ0FJUE01Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-oC8wLTAfBgNVHSMEGDAWgBTm3o5WsPOWysSqTpK6CZqUqZRwPjAKBgNVHRQEAwIB
-ATANBgkqhkiG9w0BAQUFAAOBgQAUn6etbhVloZvMSRFjrg52VCZfi6P0EpjbR4BP
-OL/ACvbY37QHfgZqrvKcasKcanWZ3xk27tPeWZEyfwiTwzFssc1Cy3J0BCccSWYz
-4BCKmTJ7ZmuLjUghI20fxLRA1o92AACcbqG/kJVeuI3px6EY8bxcKAV8c3KF2vGm
-AFNcDg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCAIPM5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:24:AB:03:55:95:8B:95:D7:03:44:C7:DD:FF:7E:FD:F6:91:B1:A0:16
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:dc:20:33:f7:b1:e9:f8:9d:47:00:86:08:2e:56:bc:02:0a:
-        e4:46:90:48:a0:cd:37:63:71:fb:69:34:e1:0a:d0:aa:e4:f7:
-        61:67:46:a7:b8:ba:11:67:30:eb:1b:85:e1:1d:0c:9b:e6:fd:
-        fb:50:ea:c9:f3:e4:19:73:05:85:6b:cc:c3:f0:4a:2b:bc:75:
-        7e:0f:b4:d1:64:39:b6:38:39:dc:30:77:33:91:b8:77:52:b6:
-        70:ed:24:b3:34:7a:b8:ef:46:93:78:f7:7e:6d:6a:ae:2e:c8:
-        a0:d7:76:ac:46:47:ff:1e:9d:fa:51:9b:47:cb:06:c3:c6:85:
-        4c:9e
------BEGIN X509 CRL-----
-MIIBUzCBvQIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3Vic3ViQ0FJUE01Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaoC8wLTAfBgNVHSMEGDAWgBQkqwNVlYuV1wNEx93/fv32kbGgFjAKBgNVHRQE
-AwIBATANBgkqhkiG9w0BAQUFAAOBgQAD3CAz97Hp+J1HAIYILla8AgrkRpBIoM03
-Y3H7aTThCtCq5PdhZ0anuLoRZzDrG4XhHQyb5v37UOrJ8+QZcwWFa8zD8EorvHV+
-D7TRZDm2ODncMHczkbh3UrZw7SSzNHq470aTePd+bWquLsig13asRkf/Hp36UZtH
-ywbDxoVMng==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6EE.pem
new file mode 100644
index 0000000000..9ec0bff532
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 41 AF E0 5C 50 DC 4A F2 4A F9 36 A6 FA 5A 12 CD 25 20 65 6D 
+    friendlyName: Invalid inhibitPolicyMapping Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitPolicyMapping EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subsubCAIPM5
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBATANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEvMC0GA1UEAxMmaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJzdWJDQUlQTTUwHhcNMTAwMTAxMDgzMDAw
+WhcNMzAxMjMxMDgzMDAwWjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBD
+ZXJ0aWZpY2F0ZXMgMjAxMTE6MDgGA1UEAxMxSW52YWxpZCBpbmhpYml0UG9saWN5
+TWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANL0XE/6QZLLGmP45AS6Fok2FJ3qtjzy+nkJFlJ4QfdgvkLA
+F/wf/aCbiX/p41LtukSbRGLWwVPfwN6uWZRvZcj4SOxhIRAgvWK4WrwNtgqVwGNE
+3lt8AOJ83NFUArK+FANDH2rtzbY8igJOIEGQ0H1CPyYHM0g6O9gbACN6iABkxeoS
+UrAFL6u+cjDFg7Huwt3C0DgZzZZk3zmi82K4RyfQnQ5n4sFHhJHCDviY3xQvW8u/
+gC7o4LxeWrPJWSgn2jFUly771l+bg557D9CbR40HH37/JNf328clwHIFqwweU1gp
+2MNz6/IobTvdSL9b0AgSUjbwpjCn1CtuN4p46t0CAwEAAaNrMGkwHwYDVR0jBBgw
+FoAUEocbNWfwvKGgNroVqCkZ7RqbW3AwHQYDVR0OBBYEFJCTnO92Cq+5fy1mUiJ4
+S7FH+7GqMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAMw
+DQYJKoZIhvcNAQELBQADggEBAKWNC8GBMa/d2a5ls5LSN4BVRt0OK2AK41N0Ts/Q
+A6D5aE29h4nScxZ20I7LB+8fMcuNyfT2rZFuBgZQ62Oqad+XsDsBFRj4NITol6M3
+1OdW86Dezbc272tAukA2KqYAo/Z4j+/ag167leUKu5tf+5Cz/xrAx8/FbVZEXS3K
+kyprlh/fy27UadewavhCgc88KTLF3DMnTPg15Ov/0SEtDZ46wdy7V4D7ao57Xe6Q
+V2pPUHl6w5mvgCtscZkCqf0+AL3AUL81ks+wUghBnzCUBdn9Lsv/lfHYIUanRO7z
+0VEto1h+4ot/XjDSG1nqJ3bTAJ++VB7pBJMGuiHeiEyhKQM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 41 AF E0 5C 50 DC 4A F2 4A F9 36 A6 FA 5A 12 CD 25 20 65 6D 
+    friendlyName: Invalid inhibitPolicyMapping Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B9A03DDA465C74E3
+
+clCgBK0EV4rLPjpjo7s1sVyde1o38htaXjfAdmsQxZM4RoNr+XxkGRmPp2JU9/K4
+nzyYCl7E+ONJPogEVLv7P7PAfDrDNo6eCWPWksKP6tP+aIaTmA0jHjqAHDxuUOTp
+Oa7D8VhtDs7d2JIWQv5tgz8N45DC4XA+lfH7lTpgXbKzdbCaLNwWpJ4rHLtGpMJ5
+u3eADc+oVG1RY+5Ia8Towk6Va1t155vjiZZsOgMfogeCEYaG6jLPZX5RftB0Pr5n
+RHdVjDCeasLxLK0wSAQ+AX3j8mXEtP3DQNfhKM4MwQK6wPd2JwKAtZ3f9UimcaAJ
+t88ioUP7ODiRU2QPuBLNO7YnvFmBmPh+ogUPElVZPu6owqS4kTEVB2/f1SgwA1V2
+YaGPyhOoGlxi5BCFFN+mg0tWe/f6d05WFWIvA4p5phAfZcd6SySaaV/DG1EP0+DP
+xL9M0LZmPnqJQ/ZINakDvmn/dHA2AK2GAwgOyrXuwq1ODUfp24k7kqUAY8ZDC932
+rMkAp0HemgeZ6TXO6sIbAzTceboYxEEnYklfuM8wnpVwejkT5bwevfL46Pde8WKU
+uL/0L3BEMxSB0Yt1zNErTBvKJupRjRk8V+VC+O20O8PpIdey7Sj1Ai8fkxgIfRe3
+4aCRzIvCFe2a0FrFxKQiUjVLRXKUbuQfr6Wh0PC84rdY/DKjPAB0dG97FPQjDfTW
+CWb8MmpEHaj5Jh+LY/GJp1FkeB4xHPCJseyCQoRVvmt6WeAntoorHXk17+esGod6
+y3wWEC1kpZyT3kFbBI/QLku87SJe2cG3C3qLmLZgPOBNvD5tijryVziC0ydg8c8M
+D7IFXhs0/lwyZeQZkw+DbqMWRh6HyjR869/7M7SKiYtS6KeCDY0T/b7Dw61Vde8L
+5VeddnonZ6akZBxT62QqdqUZC9Xp0fsD2kQnHCOTOFkc1aV21/1ldzJ8z6NBe6NQ
+SqIFBNzfGzudSaXoznpIWeiAfayc3gFULYeP80ZjorVbb4LFI33M/X6K2jkKcQkY
++SNlPzE2u3jskw3eyh8CLsWp02Ax7wdlyHC25BPsbR95IJcVjOYym1JbDZeqU3C0
+afb2atFq1QM2PZQswl0W/DGDiri3BLi2Fo0VnX+99Kxjdw9F1lqlyKjW3T8EXYIB
+ohK90Vs0PaD9TcZuw36TrgvjnbwOmw+3dH5PG5WQ9qxDDxsjE5lDSfpKqn6trV3b
++EBiHiuYyiJin4Ib6aOGy/+fONkVG7eUHpXttzhtPOGbjtmas3bOjgIBs/JBzqjm
+VH4l5rEkgM9sVIPzgWHLj0z5VtZjKSIkcFwSG/WfcEHZ5dzkbybWFryEfnP5hrA3
+3QsfxBH3gzKsDdh6BqTmj2FqSf5uS+ImUOn6KEk4XaXCNsLgadh7UbKS3kP6eZq0
+rgtmIYNDkOHmiYkH0/K7NP89satMkNbIi4DD7o9WvHqGHhsAczDkEqnmP5GXdxpx
+GYsl03gV/F5OjqG19mVmuMV9sSJRqF2pH6str9WNCDHTTVcDXn3Aam/U79310/vB
+J8ko2grQRkTPox8P995o+ocp2yIRq+5XTmMmvHsb/R+v/w5NA9UDbQ2Ve6TeA81r
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4.pem
deleted file mode 100644
index 12418ff1a1..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=keyUsage Critical cRLSign False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBIDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFYxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczErMCkGA1UEAxMia2V5VXNhZ2Ug
-Q3JpdGljYWwgY1JMU2lnbiBGYWxzZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEA4iwG9rt4eJXUwy+UTNrUEq7gFuAYWGYaf0DCMDkLcYPIAwlWow99RTeX
-jXir2B5PC/YcGARB1+bLQDTn7C8R2bilNXujkHWU4w10Vt56sONz+0ASNoIXCPn4
-EFXAneC3z7q9ZONoU4U3MBxMhuepSqGeBWNgh5KI/ICyYI/P61UCAwEAAaN8MHow
-HwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJSB6cRQ
-9gcgcCaUPO/fMC7eP3TNMA4GA1UdDwEB/wQEAwICBDAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBvUd6L
-OoQLwzSqlbFY2JYA5GGxYuAdrT0FxeuRK2wGwiPmNCKn0w8t/wwQTrbPdrENV2Rc
-gzeZ9A5RY/Qs6EogNvy0qfC6lw2aUZsjEFjpPvnXmjb23sL2A3twFUWuoZdy8Wtd
-PTGWD96vq7KEdsMb3IRwUMk0XxyPZ4MUOqtVyg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid keyUsage Critical cRLSign False EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=keyUsage Critical cRLSign False CA
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImtleVVzYWdlIENy
-aXRpY2FsIGNSTFNpZ24gRmFsc2UgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBwMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxRTBDBgNVBAMTPEludmFsaWQga2V5VXNhZ2UgQ3JpdGljYWwgY1JMU2lnbiBG
-YWxzZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAy7qxBfmtCspcqkqi9Slrzqm5Oaxst+HoLMAM77zVMEmIDI2IYsm1+PKV
-WNIdR8whYpz9OvVP16/Ujt4D4902/HLCQGcMfprQ4M7S2ba4Ujvig4fe6SFwVCRs
-YbCOmVA7rHiPEz2uguVgeAkJolSooUz/QEtakvGSEKGO8zhuQFsCAwEAAaNrMGkw
-HwYDVR0jBBgwFoAUlIHpxFD2ByBwJpQ8798wLt4/dM0wHQYDVR0OBBYEFOsTlV2h
-OTNSDv1rZhunjIMov0boMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAgST/vGwENhUdJayqletDgqTapBVi
-mXOpojLaV5Q71AWzCA6oY3D0ATMW3QbzK9OBaDtURLb6zyKPLtx/2jZU3hw1c1Ia
-bIIKe8MPc9VVlABo3GW8vYwKucYZValIq4YAV9AbtFYz+5L+7UAsZC3iU9t5UJ9G
-GftSrxstYAKAeRg=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=keyUsage Critical cRLSign False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:81:E9:C4:50:F6:07:20:70:26:94:3C:EF:DF:30:2E:DE:3F:74:CD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        df:6c:04:71:99:bd:11:54:35:2e:e7:bb:54:60:3c:46:38:0c:
-        cb:d3:e9:06:bd:55:2a:03:35:2b:cf:e5:a3:b6:f1:13:5c:8b:
-        43:5e:9b:8c:10:8e:c6:82:83:ee:af:1f:50:3a:14:2c:f3:a4:
-        43:00:90:21:f9:59:4b:15:c4:5c:30:1c:86:75:2a:cb:a1:86:
-        33:b1:f9:75:46:99:34:07:64:dc:4f:6e:d1:f2:cd:f5:0b:7f:
-        00:1d:ca:9e:60:0f:93:8a:c5:22:cd:59:46:e5:21:2d:26:ef:
-        98:ff:6d:50:2a:7d:5e:15:81:4c:b8:3c:ca:9a:1a:b5:1b:6f:
-        4c:9f
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImtleVVzYWdlIENyaXRpY2Fs
-IGNSTFNpZ24gRmFsc2UgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFJSB6cRQ9gcgcCaUPO/fMC7eP3TNMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAN9sBHGZvRFUNS7nu1RgPEY4DMvT6Qa9VSoDNSvP
-5aO28RNci0Nem4wQjsaCg+6vH1A6FCzzpEMAkCH5WUsVxFwwHIZ1KsuhhjOx+XVG
-mTQHZNxPbtHyzfULfwAdyp5gD5OKxSLNWUblIS0m75j/bVAqfV4VgUy4PMqaGrUb
-b0yf
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4EE.pem
new file mode 100644
index 0000000000..19ff6b3bf4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D3 3B EB 31 DA B7 F3 2C 87 7D 9A 83 E1 31 FF 35 A2 20 88 61 
+    friendlyName: Invalid keyUsage Critical cRLSign False Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid keyUsage Critical cRLSign False EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=keyUsage Critical cRLSign False CA
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMia2V5VXNh
+Z2UgQ3JpdGljYWwgY1JMU2lnbiBGYWxzZSBDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMHUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMUUwQwYDVQQDEzxJbnZhbGlkIGtleVVzYWdlIENyaXRpY2Fs
+IGNSTFNpZ24gRmFsc2UgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDEU52VUxkPNxFuLOEIPwROevCUVbZbolJu2uOK
+hMqmu3yXDYKR1FBC5xGsxfZeep3tn+PGr9z5+O2gaD39SGxlMhxvSdbVc/QT1u25
+0fTq1U0gte59c0JsrG9MhvZBwz0kC7jMkc/1De1UTKtz8kSLwTqZgKQKruSHBgM1
+QLeMl47cR27fiUnzXAa2ZEOGIByyxdEG37yXJ924NHffS3Ig9PrPYFyt74Ck9Fir
+pc+gS5ayFmJLrmerYNTDkA1lVehXWkxZeK/xwj1+PIhlOFylbKKPrB3gFN6fqppT
+TkP/PSLoJcAA40b91W8T1sJvqRvgx31t/72sTup5zEUIHnglAgMBAAGjazBpMB8G
+A1UdIwQYMBaAFMLKafW0rxMt9JzyEVXLKjCz0lpJMB0GA1UdDgQWBBQ+1JjhVKTI
+Ycfsx9NS9lCKWrDbIjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBiFYY8R0mw8pMTdH+nZzSKMKj3aONg
+mhYYsS5cKGpx8oQOv/iNdYZf+W2f20nLKt9iKoCwbV7qWFai5HasT2AeXypTgEMc
+nRcn5NkQCIkOFYjKwouSFUF9Lt5gcRfQhD2E6yEORH+6OuhRhkydk0NbmOu3EctI
+hR9RKSIY3cCS1got9Kxmj1N8/KFqKTOXleg6tdC27Fqo3tfPQOYccxagBPAzmZbR
+f17XUbqiY0fl0CVUBZImmUY1C18ov0xgnUF5m7vc+DQOhFemNemdi3wMbIN77Dva
+925L/R1Pek6PDaTRYrikU9zS+CkdEgfB7Pt/+PkV01xA11ew60ob+QEB
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D3 3B EB 31 DA B7 F3 2C 87 7D 9A 83 E1 31 FF 35 A2 20 88 61 
+    friendlyName: Invalid keyUsage Critical cRLSign False Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,336947DE40803472
+
+8ihZdQwa7EBBTKR6EeY4EW9YEwdyd4+xMA3jGB6d89YisIsJ+xBpMRDI8CzEWG2d
+rWJ7Tsoc1EfcAC5TP6ObS7BHhcDaebA23xMBdrInYaZFqLUKVBTL4tGP8auqQuAJ
++Y4fxnd2DTlXIjSAtuFA8PLmqMdtbAmI8pf0qmG/60R6yMExB7tYdEdkGJALaleB
+C4VJtcd6kRqfyuXcs15QDc5+dohTn39t7i+flu1srBxVkqLUNcS3P1Juo7FEtRAb
+xSE1hgQyz1b14PqnSOA8Z7G3aS3uZRwyq4lR/aip6qJmfbREKvxY3BXOE+1woqbO
+76glocZMWcUJ7rZawysJAZCA0ixGk2pIBhcvacCAsGczojkhADnTlie0KOyIuYsw
+0ExHSVeSGNlQqvT2SoDIgnZkb7Cbnc6yqK5mjVjRlG/PKrBbSztmbEbNxwFllsJQ
+oHBeyp/QGVhEkjNyf08OYfY2WZkYMkXnNGzoM8keW6Lya+sckfP+RWLfHC9c3Mmf
+U+tmKz9Cxizfuq2OVJyFSsRTLr3sOsz7NUWp3e7rzo8H28986nH+Omr7RXJBmUMz
+vHtKFNgZc1+06KYmfWRMtOYuRpUAODRF0Vw47JqUPbLg5J+BuAE26pbqbvPSY9rx
+RFNgnvxUM6L2sZim7UgfM8jAJip11NMtn5e19QmQw3jcO6KH9sFn6rGxRMOsDTvU
+qoPlYRhR+JvJPG24q2M6uWAGzkq3Cdp7IgRbfj+RD6bhuPlII2ODQVHYL3LWQvOF
+MsugpnZIqNcN69qQuRjvmq1+xOWC5EOzjgIXsSirT0Odw6At2pxxDros8lgVeq3D
+WTsuogGG1knw4kUB5cbvrnCdn5xHf3CXfSzuZAuBnMFI2BtFznDSSv6E52eQRMG1
+BUno9M9UsBSlqVNem3tmjaT0Lil1q3GPaJ5kguBPEddiYY1uUrym6hIUVxk14Bbv
+Hn9oVmIR86h94H18p4Qt+wrC+yl4uv5PAeXOnLjtgt9BvDYiAU6aikfyB+ij/jMv
+X/OotNasHmv6N8dlLI5r4XaaLIK9vKnQFRg7+Q2nkXTC3f3rbfrJS4chIcxKLzK5
+WRrwtZW5SueY/nDXF7wH4VVWD9aBKR7oJSUsIqPsF13Lf3O/WolzpwQyhyJGQV7h
+DMaeloxnp7fF08QKuowYYScAUJgHiNRUawLLldr+uHcBgt1JyZhsFNRpJL959jFU
+1JqTI43tWplzN56O5vzO5KO/P5ub7kqJWNFzI8wxUBq9/0MEuru9mDs8BiaNP6cP
+mCMp/KY7RpQ9Rr9EomplXLrroPp97kLzbWfKG59DHYLn6YynRaOjqcSsl1iLT7FX
+AQPhIKIMZGxJePHgFvzAbx+XlABrf4+AOErI7m3lBTOyKcq0+fQFgFxNxtXlRQko
+xlS0bFh2koJlbKtzY/ris68r0dz2ahIzdfI+v+HUAY3pBbr4Ptsz66fI9yzuwVDI
+DNX0vZ7rKLwlUwpZ6ZuDKdV8JJTYWb1p9EcPRYo1izO1S+jXbpDfH0ajkKuBVaw3
+fnSMTZGWZfu2iBTLXk3LuPvoNBLuIT+Kq6p0nN7XZWofgnAJ+HV+3TwF1JAhrEOD
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1.pem
deleted file mode 100644
index 70eca0a203..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=keyUsage Critical keyCertSign False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBHTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEvMC0GA1UEAxMma2V5VXNhZ2Ug
-Q3JpdGljYWwga2V5Q2VydFNpZ24gRmFsc2UgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALm+L1UcoJG+mviuHuN0sBN3JeuYb9p4T8GP3zMU2o4qU0bwjq9L
-PcOqj8RnfIrHIMUR9kgNmxJVXX+02rORMvzU9LsxdQxFNxN8sokG04ZZv5iqSr4W
-NnG/UD+RYlBLRrHuNx0fDoW1zAac8JO28LeCdhot2Un+J1W8knpYlAt9AgMBAAGj
-fDB6MB8GA1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSU
-Abz4nHw/6JK2TckGtNNyMU46NzAOBgNVHQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-ifJcYkKWo1wikfXTF8s9sBKQjt+cMW2Kn2+25hF8KBXRmo3lJzJXyKtMQucC/+6W
-rWB4brLC4KiyxVC9OCbEIxlsc9Mx35cgX39iXI5b2BEn/pZt9ceios9WPQYU6t/Y
-D78koBp3ni6yy5WGa3mpU/xh18UaG/8VnfARvbTQcGs=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid keyUsage Critical keyCertSign False EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=keyUsage Critical keyCertSign False CA
------BEGIN CERTIFICATE-----
-MIICrzCCAhigAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmtleVVzYWdlIENy
-aXRpY2FsIGtleUNlcnRTaWduIEZhbHNlIENBMB4XDTAxMDQxOTE0NTcyMFoXDTEx
-MDQxOTE0NTcyMFowdDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMUkwRwYDVQQDE0BJbnZhbGlkIGtleVVzYWdlIENyaXRpY2FsIGtleUNl
-cnRTaWduIEZhbHNlIEVFIENlcnRpZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCgVfrVarIrsGAAz+ak13NJrkcspcEeCVsjrOtzHf619eeO
-TDalq7iyspJxTEhn7lG7q/UazRqEp6lBu1fVFkdFBPHi1uuNtyLB80MNy0ztjPAf
-Ct0/wV1jDvNbaCg/TFXflKtDTY+jcVWTOmWMwI6hZwokQ7Csbee02czrHw3gLQID
-AQABo2swaTAfBgNVHSMEGDAWgBSUAbz4nHw/6JK2TckGtNNyMU46NzAdBgNVHQ4E
-FgQU9ghpzs2MqUouYVwzB2XsoCyL6W8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQADeKlzkdXLEofSM2r4
-SIPYc9g0A4EXIb1h+1YhhYyiuhSRb3zpAHlvgtfDaHu/ic2pHNDRKAjHGf6349p8
-OCAnqQvl9yZIvOa5/N7F13V1Ay+igdgGSPXmKRD76jX5ccQvoEQUQlA9G4P5/qaC
-IonfinaLZXjcklWJuhV/XMzYWA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=keyUsage Critical keyCertSign False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:01:BC:F8:9C:7C:3F:E8:92:B6:4D:C9:06:B4:D3:72:31:4E:3A:37
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        37:7b:99:a3:64:09:89:d3:3b:eb:15:ec:5c:bf:4e:86:74:eb:
-        de:88:f2:7e:33:ee:e1:2a:ed:04:81:bd:f3:bb:33:69:16:ca:
-        f0:89:38:11:1f:5c:11:ba:83:2a:be:e4:8b:ff:12:68:c5:58:
-        d4:fd:cc:fd:58:8f:49:5c:6f:2d:86:7c:1c:86:b8:b9:3b:4d:
-        47:06:4d:e3:f5:d3:c4:f0:b0:e2:56:41:19:b9:a7:08:77:78:
-        80:49:55:f9:7d:d7:b0:84:92:28:bb:25:e2:83:75:e2:59:a9:
-        12:8c:cb:d0:7b:03:c7:30:13:c2:79:d6:c5:9c:f3:73:7d:63:
-        3a:e0
------BEGIN X509 CRL-----
-MIIBUzCBvQIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmtleVVzYWdlIENyaXRpY2Fs
-IGtleUNlcnRTaWduIEZhbHNlIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaoC8wLTAfBgNVHSMEGDAWgBSUAbz4nHw/6JK2TckGtNNyMU46NzAKBgNVHRQE
-AwIBATANBgkqhkiG9w0BAQUFAAOBgQA3e5mjZAmJ0zvrFexcv06GdOveiPJ+M+7h
-Ku0Egb3zuzNpFsrwiTgRH1wRuoMqvuSL/xJoxVjU/cz9WI9JXG8thnwchri5O01H
-Bk3j9dPE8LDiVkEZuacId3iASVX5fdewhJIouyXig3XiWakSjMvQewPHMBPCedbF
-nPNzfWM64A==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.pem
new file mode 100644
index 0000000000..b3509c2e69
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 26 27 30 F3 44 29 A8 E5 D9 F4 4B 83 92 0A AE C3 05 CA 79 96 
+    friendlyName: Invalid keyUsage Critical keyCertSign False Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid keyUsage Critical keyCertSign False EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=keyUsage Critical keyCertSign False CA
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBATANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEvMC0GA1UEAxMma2V5VXNh
+Z2UgQ3JpdGljYWwga2V5Q2VydFNpZ24gRmFsc2UgQ0EwHhcNMTAwMTAxMDgzMDAw
+WhcNMzAxMjMxMDgzMDAwWjB5MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBD
+ZXJ0aWZpY2F0ZXMgMjAxMTFJMEcGA1UEAxNASW52YWxpZCBrZXlVc2FnZSBDcml0
+aWNhbCBrZXlDZXJ0U2lnbiBGYWxzZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANf896E4DA1yEvLrX3/cGYNrRlVf
+A76pwTLL8ttdnT5H5CjhJ+iiSRGJex/SIqyw65lOAji765fxX7F4zxrYr3fdS+d2
+dPzMwT4K7a7EHoM+CbjS4cK6/8h6YinfliLa8vsma1/cNNTImaTCAwbJu12j7PzY
+9c/z6mkdrrtl2FFO2QNATVfkr+W0ySGvl6i3ptILE4cveSRZcUBXJZRF5PF35ntz
+DETThlUZ3gm3BpW+qVskj4EkaVvdsVh4dAU1knFbzC5QeamvtIsaVnOcGl4bq7dy
+PQcNI1BNUfcM8ohqq8DaHl+lxpIkL2Wctd+C/TivzyP7dAXFk6tkjWcJ/SkCAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUNFULZ/wcsdzCcgoU8GPp1JvwY/kwHQYDVR0OBBYE
+FIQbJBPifwi611fyrtWctSgqZB4dMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAJmjrWO0GlQGCOakvQrm
+qhUsHPSqpZKgM1i2NSp+MnJp3zJoHa9kp8jwkykLSK2AuKKfoLOixQ4r6dLmwLkJ
+rlB5V5vmNVUCSqgIjD+vN2QAiNsE9R0ct40c0XUiTNv+87XTzZ0Y9XrsvHi5OAhy
+t0d3R6lFVDmLB0S0/BueNpW9JPW0R6Hj5p9aDJyYHllAWNzONsr6PVwIfKAw3I2T
+PTS2uEwVSCRi1bp1itJJOsefwogh+EXVwAaT4CcA98XllAGn4aw7l3niL3GRhDN0
+r4a80Zy4bCS42pAvqpq7BvzGlP3UaW5vRSPwV3MGyX2W7765rm05lT/QuGApTZ+K
+Igk=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 26 27 30 F3 44 29 A8 E5 D9 F4 4B 83 92 0A AE C3 05 CA 79 96 
+    friendlyName: Invalid keyUsage Critical keyCertSign False Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,813B1DE6E55637D1
+
+baDEG0KJJmA76GdmNBYhREkCTLfiBp9GtpJIOrbe4/Y/GFmSqQrGpk4Xd60VAaRb
+crmQOYbN0A0Xnack4U060+KskFg11RpR/pE6MBN4WxyOx1R3wUSiuaPh/taxFwMA
+loI+Bdyxc+jA63BtC+cwhzllusE2T2pNLW50YMnwV1XmmjO61VMJLLKs2P6FCi1Z
+nE8z6ycuQl9mP6VAB1p2mB9rzLY4BkQS6vpOhpxVGj+flMu9qJyVmn1y+TIdjJTP
+xrpyJrXfnJa9uvdAgzi/XAN4W0/mCyMqiTa+Q1oKfjAGCItG/Hfqozh+GY5OsEIc
+acKW+i+3KPNy+4oqo+IYqDRFD1YfUntV1DafkFBV0Cqjphv3iHUh+gmvPPRlhDI2
+TupL6/zUogp4jEqq9LSROWNOqvQMjmUPDaaPiHfNd5Oaf2yvMuLhWiZDeqvePjNw
+BOOftWofOWOa+a0WNq3l/O2ldjCafUOAzqDzrWjMtPy4GlZy1KVtopS53Jrrd92Y
+cyX55wc2cUG7QGzWhYqbTC36C/ePg6Gunqz1+28vkReKdsfF/Rn7GVuT++H0kLPk
+GdzjjOaTBB3PO+gpubpq9oXQTj8W1Imt09rfCZhmaatWstqGc3j89ypSDTd2unfm
+DHrGsDsbIAPfDsqX8RhlGouoB46GrsxcT30VztHabMQ2G/x2Kc4RmMbCxp6INaP2
+dq3g/2sFpiLycHmXFGu+rRYWUP+PlSuQnRiOaLGaLnzibWgmR7tGcHSUcU64dWHK
+TgwselBiKHQUnaMz4zY4Z+BATbZonL5bIWIEofRiGEeGyyaRguMAc7jQJRN4kb0h
+dynrxzD6mZLZ7gA5gh/Aay61CrDhA2/7NTwVhrZeYDukKTvJox7WT5DpS7Mg+RGu
+uH0HzEfWw9Y97l2N79t0PCvfXcfAO/RhbisLp4m0FpFACiENbBVatYrIKwTWmgh0
+KL32vu8HFGxR5Aw1CFIez7+J1QJ6wvcvGhDtMN6lU7N8AfgUhS53kMBumz7FKtyd
+J1jmDBY5iDfPPcv217VENjF/3mBPIAZtw7+gbIThuG+8fjcKKp4LqaaRdBpeMv2g
+eaN89jRL7/bO+/7jnQymSPm5DHHMHbKwA1ueY/eW+TaHgDnSp2PWvtRSi9CKSMSY
+3x+viL4wjDqlv+ruiDjIgrx8dNpZc+hv9nFYHH3jYT+VlzAK8CHxHXnySD9Y+47L
+kclbK7QZvOrl2XmP6QHjQE+BQBtNpxkbqkEuDQCuKCqew7+7bGBXkXFQ+3NS8zab
+YwBr0FVOiwFKOocJgW16CdAD3fQNIdrT74lBVQBLaAWTZVsvGV9jSSu1Tict7ku6
+GIcZjZWG1anwH8327XoXmjG7Vii+ZHZUAZ29TPucMmICWyQjcBXM9MD/Ip57qe//
+CxuNovlwwgcn/VTJ07c0zp04iTnG2CvYDEhmHBQ65HPl3nR0T77j/06V1/fwesMf
+lADnfRsHXYajjj7oawzhawGtv+74dUTMKVWgOK6tJyRR0XnU5gZCHLkX/d07vQcW
+c+C/3BxYLD8opbX34Z2UVxFQxxF4LrX+sd0Dob8oDuCfT0ixrxSdsrLRTg255Q2N
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5.pem
deleted file mode 100644
index 0efaff7138..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=keyUsage Not Critical cRLSign False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBITANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEvMC0GA1UEAxMma2V5VXNhZ2Ug
-Tm90IENyaXRpY2FsIGNSTFNpZ24gRmFsc2UgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAMLOm8AZjGbhdJ7A5TMeS8YqKDv+sSvYbu/N0xYhBYw9btWqMvhg
-UQRchnPigIMNH270hJTB0xUODgi5kEfd3aMcqP4p7092jT7nGwWiWqMfcOiDob/B
-jwJbfa/pcDWtLtL9gGu3mD5phBMV422/vXk7DNPVTOsm0LK+kYcbkutzAgMBAAGj
-eTB3MB8GA1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSb
-FqRb5CIAWLVWFP8usoK/Iuj2+DALBgNVHQ8EBAMCAgQwFwYDVR0gBBAwDjAMBgpg
-hkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAXayz
-RGBvRtkZyRHdFZY+3aIHHo7AdgjRSbvWFShHnbrZnd2E8mbkkk5NH7sD6IQygi5b
-6s2ZEpMFRDc8NNSG1Qh5NagIp8Wguyqa8HgSA15CytfKd9nDdIY8NSFPiqXCXIOp
-AXIf+LI9d8QnF/zOuRdKQiX26iVbh/Ofiij5b8s=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid keyUsage Not Critical cRLSign False EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=keyUsage Not Critical cRLSign False CA
------BEGIN CERTIFICATE-----
-MIICrzCCAhigAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmtleVVzYWdlIE5v
-dCBDcml0aWNhbCBjUkxTaWduIEZhbHNlIENBMB4XDTAxMDQxOTE0NTcyMFoXDTEx
-MDQxOTE0NTcyMFowdDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMUkwRwYDVQQDE0BJbnZhbGlkIGtleVVzYWdlIE5vdCBDcml0aWNhbCBj
-UkxTaWduIEZhbHNlIEVFIENlcnRpZmljYXRlIFRlc3Q1MIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCniZx3i5eOoYfB4+DHDtBDWS3+uKOzezExgLASJeRuST/z
-FBDywPOCHD9BqbsVdo+fQMjOEBs5C2QePhrQmo36vBpuTGeS6o0ZwnPqZEiR7BDm
-BhaU5GfHWArITIQqqKeGMrcd6inS3EgiNfLoIgErgIYUE2Ay7N3jNAkZ+gHFsQID
-AQABo2swaTAfBgNVHSMEGDAWgBSbFqRb5CIAWLVWFP8usoK/Iuj2+DAdBgNVHQ4E
-FgQUO/h+SZvyJuF7i3RkSFnq+ekut+kwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQB63lqdcOrQ5elffexi
-Pm+erQomlHA4QBd/o7W9oGu3wh9o/OxaXUX+q1y/xsFQPWY8rnd9WX2K/GbDnAkg
-b9VumR4AI31DBsR9ON1LP252rSHzpH5VeLVX4yp+RU1J6VvXAFXD3RgVwYE16JFC
-NKsFf0HL8FRjpLQp9+/qcp6A7Q==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=keyUsage Not Critical cRLSign False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9B:16:A4:5B:E4:22:00:58:B5:56:14:FF:2E:B2:82:BF:22:E8:F6:F8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        09:d0:9f:43:ea:14:8b:96:bc:51:a7:26:e2:ad:a1:d9:85:d4:
-        c4:54:67:72:3b:27:b9:51:74:ca:a5:72:a2:88:21:2d:f0:46:
-        21:ca:5e:36:02:5f:bb:9c:1f:a4:84:63:64:8a:52:5a:17:b8:
-        d5:5f:3f:d5:73:38:f0:f5:7e:e3:59:80:ef:1a:70:89:da:37:
-        d4:b1:31:4a:94:01:ea:c9:71:98:aa:c4:ae:e2:8c:18:ab:7d:
-        a9:7a:fc:23:1b:57:ee:90:81:0e:29:4b:c6:1f:78:2f:65:4d:
-        38:df:f9:6e:74:90:71:57:a1:aa:06:4a:8a:a9:15:ab:87:17:
-        1a:ee
------BEGIN X509 CRL-----
-MIIBUzCBvQIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmtleVVzYWdlIE5vdCBDcml0
-aWNhbCBjUkxTaWduIEZhbHNlIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaoC8wLTAfBgNVHSMEGDAWgBSbFqRb5CIAWLVWFP8usoK/Iuj2+DAKBgNVHRQE
-AwIBATANBgkqhkiG9w0BAQUFAAOBgQAJ0J9D6hSLlrxRpybiraHZhdTEVGdyOye5
-UXTKpXKiiCEt8EYhyl42Al+7nB+khGNkilJaF7jVXz/Vczjw9X7jWYDvGnCJ2jfU
-sTFKlAHqyXGYqsSu4owYq32pevwjG1fukIEOKUvGH3gvZU043/ludJBxV6GqBkqK
-qRWrhxca7g==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.pem
new file mode 100644
index 0000000000..56a6656ed1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 3A 45 96 8B E1 9F 54 7B 94 F1 83 24 33 A5 5A F0 D8 3C 7F 09 
+    friendlyName: Invalid keyUsage Not Critical cRLSign False Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid keyUsage Not Critical cRLSign False EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical cRLSign False CA
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBATANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEvMC0GA1UEAxMma2V5VXNh
+Z2UgTm90IENyaXRpY2FsIGNSTFNpZ24gRmFsc2UgQ0EwHhcNMTAwMTAxMDgzMDAw
+WhcNMzAxMjMxMDgzMDAwWjB5MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBD
+ZXJ0aWZpY2F0ZXMgMjAxMTFJMEcGA1UEAxNASW52YWxpZCBrZXlVc2FnZSBOb3Qg
+Q3JpdGljYWwgY1JMU2lnbiBGYWxzZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6kAGMAGNnO8CvJ2PjAYd6v3pcL
+vPjKj7gXi4mOj0xJc1rp6f/8pxy/Ua1aPCyRiGonwfc8rZb/mdR+HKpTTJjZgygW
+26aX93qRrJIvvb/Vie0yu63PraLINIUKzg4FeTIAmCu3g58FhVdsaLALdA9wD6st
+Ru+BcE5BbZCssejYjMxiAxjrv7GWE08R/O+6u5GxqE+3ZWg4StDq1UyvDL/HhEjc
+DmuODxI/sruN7fMv3SN4o+GfkkennaAnYE4YWK37p8gbeUSglVsTHliyEPFcclH0
+sAElmBLEOfkZK6XRGQVln7g4+CjmbSuvuoZUKT4RHOPTwdoXB68uwIALDW8CAwEA
+AaNrMGkwHwYDVR0jBBgwFoAU+X5SoHlmBAhECGV5EA7dkOZD8dgwHQYDVR0OBBYE
+FP/OMrJ781bfdvIdIFOwNrNmArfaMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAIvo2bd8LXplAdh4RhqY
+XGsOB5E6oyj5lqaZ9SH+wi8ss5J+Oiv28rYRYVqYnS4ceffJz0q9waAuab8GIbfS
+NWXIfsXTncRqEq2kM3W+/77qIItkjcfEOCxV3rtWayCd/ugW+dwO+YChBRdiAMV6
+VkBLR4lo8pO+rT/pS4REBTZbdoZ2ToQB3RF2M4AJMrHGzeBi4vMNcxTVo9iMnvOb
+QvGLwU20mmMt5+WsR8HZviXmOnyhikb/pba5sLhFm+kY6VZoZ4eMaGIjbs9okOjs
+hOyxLkfZYsICWxDMrHeLnat1/hV7dQ2jZd4iZzvXaHfRK16y9c9kX6nXeQRDuays
+HpM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3A 45 96 8B E1 9F 54 7B 94 F1 83 24 33 A5 5A F0 D8 3C 7F 09 
+    friendlyName: Invalid keyUsage Not Critical cRLSign False Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,15F9F9CF3F6BEE9B
+
+EfR+sG4W6NxweenHODSkvOFk6tg9VJLdcV4Ui6KXy36UW24j1fztUlUu6RJE7XKc
+EVvhy9sXPngo3eFOS5ziK5aY+rVMuDHp00kRfG76P4iCUpiPo6BGXrt+gBf6CQ39
+Z9Z5U890M2Ljt4cpKj4lTdHSsAef83Y7GZM4xgH2V5ihTOgO71OuDnZdtDrfoVtJ
+r901xr35u+1spyA9EscEMZqgbffFGQK8rBEdCR3dH2EPawxdrkj0Ud6Aa7meY1BQ
+IGkzbGDasO7aLJMxqtJfwWe2xaESgDKo+g5Z4Yh2xcAGH6MlHLIt8iN3OhFh7qaC
+kTnGOySSL46dh4oHdk0QoiSjVuICYkXFZLXxiaP7+4IRRFo1+4YTL5Hw2nd9afO3
+1xb5vqewZULv7td7NT8NGBHHFDnhY2Vi5Ilg5NHNhc8VIqsi9DBT50ShaBgAdxLO
+2X1SkBXFeYPFVfVgJUhDLAzFU6lm0GNGkX9kz4r6f5bmrgEAaPC1Ct0rq5m92Orn
+VnfNsKg2F/AHa/VzLHA9HNHqPatin/cFC5rhLRLpssKdFuyJVnuBg6LeUeuiCh1g
+FmU2w1Ka0h0/0YEBOxY+QfeGWoF7gEhX22o8ttcUTsFs2BQpnVKmuW6S0JZcH/f2
+p6ykr9pN1Sl7C/sE2MLoF7zaCFxHBUG4pdabi1D3Gx0ch9bD28M23W4NiJYudACd
+mf3scQDlABKsvN2AV+StGcza+kbvRJOjz9EsyEffienzc2qfPcgm8G/NyX0TiQn9
+8Ci261Db7gpdDdJKDYjCfi3zMhLhyw+hVGI4f3rb66GYGwIOk9yf8vhwsMaNuvHm
+eCM0AEX+RTHaZixPhPSfCo/LLdK/YN0zGwERcdii7/8sS8WrhZk5u03il9gf57l4
+vHf03lAcZSZB/5aZJs0YJil0Whb3li9BIZRd0g5GF36qajHEGbS1aNgmyQ2H8Xuf
+9B7/sVDgkK4X2NOqxMqsrSJmDJ+vF1+UN3e/pKlwSNNffTzSMwTHzexHOrsDdHnm
+GqoLOhtnCtqTq2f/r9LWCzkg0nj/oboZfIxIZKfnRV252N+2/XWKkLyJZnLvfrdC
+NYiKukdLQpYVCvwknIq3aWrnOZLXogqhFcMHCQY5W7F5mWUefFtklYZ3SYB0i7Y1
+lSka1MHLVxkDiycVh4EW4MwEJ3S58I5lPqOclktKuz2p00C56D369lS85Uds0L2L
+jRi0Ojz8C0QctT/QTunJwX9ev7XJSR5UNLPjkGsEcGF1YEd0UReKFo/wZTM39bvq
+uGWfYEAS4MrkSqNHlXeoAY/luhb6PIbTOE1/Y0Sl8hXf91GeJNWDfLSo+HuhObtL
+GmXTdW8NTWmDnHPbQTh/qnFCWwZLDZD0cytnrUKpgEqW0n6/kTKURlvQRtDAVWWu
+U67Bc1Jypui6OLWaOX43ef8HFF0KTORX/luz11cBu0aiU1T5lwdAcYCEZSHWNhLw
+x1DiNKhQcnu6PSRnlRCp2KLcF8A+oLDyjBAaEVT7Mw51o+dt5dZM6qrDmv2UDWL1
+wFHJW7E/MRw9S07KCB3YgnLQUKC2hHK9pjIw4qDcn3RxpaVouXaZbg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2.pem
deleted file mode 100644
index 7fc272ea18..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=keyUsage Not Critical keyCertSign False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICjTCCAfagAwIBAgIBHjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEzMDEGA1UEAxMqa2V5VXNhZ2Ug
-Tm90IENyaXRpY2FsIGtleUNlcnRTaWduIEZhbHNlIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCo1QPZC5T5F1L7XkkAguXC8vf9C9YbYfj8VbP8CXU6/3EG
-wUPK43eDJfWBzzwk7bgumreNheNFRcFW+dcroOFvVflXXBjj/UR7qkXULMf9DqK4
-dqMYYafyTrI3QrgNfdN06ngaY0qNnXa4Z58ecPAQPnQprJHJ0fDTlwultqudJQID
-AQABo3kwdzAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4E
-FgQU3wy5NIl1eNIjkh7wgSHfwnYXZbQwCwYDVR0PBAQDAgECMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AFYPjvJm9+IVM7cHs7OMJLoeNCnhUL5nlx9HuDLzP6/+0o4V3aQgiP787/zfOBFj
-yWLTLfKqJTkm+8fs+TLFf675Vs2s3dPELXJLvFwgQFYDiSQpV46thD7NLw474dse
-tN1i9Scl7y0RsDHbi9qBIPsRX4UV8/8nawbo9yW8hpqt
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid keyUsage Not Critical keyCertSign False EE Cert Test2
-issuer=/C=US/O=Test Certificates/CN=keyUsage Not Critical keyCertSign False CA
------BEGIN CERTIFICATE-----
-MIICsDCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMzAxBgNVBAMTKmtleVVzYWdlIE5v
-dCBDcml0aWNhbCBrZXlDZXJ0U2lnbiBGYWxzZSBDQTAeFw0wMTA0MTkxNDU3MjBa
-Fw0xMTA0MTkxNDU3MjBaMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENl
-cnRpZmljYXRlczFGMEQGA1UEAxM9SW52YWxpZCBrZXlVc2FnZSBOb3QgQ3JpdGlj
-YWwga2V5Q2VydFNpZ24gRmFsc2UgRUUgQ2VydCBUZXN0MjCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAp67g5m0ja/YdBc6nUr+UTz3XzQoajL7y9/EF7M0He7yq
-nlQvh/d2kEpE3e0EUZviJtg9L9sxQRgCFWVR+f9rLpPNEBIAZ2HQ83SxFRr+UbfX
-LTOLNaLhasu4lG9LY8DtyYxjrnvmOHkvTk14kD9L+YPJbR9LmCjNHbmoFiNu0Z8C
-AwEAAaNrMGkwHwYDVR0jBBgwFoAU3wy5NIl1eNIjkh7wgSHfwnYXZbQwHQYDVR0O
-BBYEFLkvB65lcMDXjd55uk984ACgePDSMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAE
-EDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAf9WmZ9PcF2mY7Fst
-f0t6wDbfkMenvluK5yTnfZGZi1Xa5WFt+1ifSxYjkxTMTw4DJ5IXWRZNr40+NhCo
-2dvFQbeTEh90GuwSrFOY1LoT6stxoc/OXatyOCuO4rved9tzjRAArQndpnd6Zqsd
-p/cT+7yvFwM9fxMinMUy3p6rR9E=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=keyUsage Not Critical keyCertSign False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DF:0C:B9:34:89:75:78:D2:23:92:1E:F0:81:21:DF:C2:76:17:65:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9e:b2:db:db:fb:42:09:bb:05:d6:af:1d:1e:b5:2a:e7:88:75:
-        f0:e6:a9:52:0d:ad:a3:4d:a6:64:06:e3:53:b4:39:db:4f:96:
-        08:5d:ea:da:bb:09:d1:d6:32:53:91:62:ed:33:e9:0d:87:6c:
-        f9:12:a0:4a:c5:e9:e9:6f:d5:d1:02:8f:22:9a:d7:7c:82:d2:
-        17:48:0c:c3:2a:c2:d9:e5:f7:0e:77:1b:52:e7:1a:9c:2c:7d:
-        5f:31:a3:aa:90:32:ca:9e:ad:42:ef:b3:9b:cd:11:da:13:36:
-        7c:cb:85:48:75:59:7e:6c:03:9a:a0:70:e3:19:d4:c1:dd:c5:
-        7a:3b
------BEGIN X509 CRL-----
-MIIBVzCBwQIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMzAxBgNVBAMTKmtleVVzYWdlIE5vdCBDcml0
-aWNhbCBrZXlDZXJ0U2lnbiBGYWxzZSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU3wy5NIl1eNIjkh7wgSHfwnYXZbQwCgYD
-VR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAnrLb2/tCCbsF1q8dHrUq54h18Oap
-Ug2to02mZAbjU7Q520+WCF3q2rsJ0dYyU5Fi7TPpDYds+RKgSsXp6W/V0QKPIprX
-fILSF0gMwyrC2eX3DncbUucanCx9XzGjqpAyyp6tQu+zm80R2hM2fMuFSHVZfmwD
-mqBw4xnUwd3Fejs=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.pem
new file mode 100644
index 0000000000..713655159d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 96 66 5F 5A DF 09 34 F8 08 18 23 5C 0E E1 91 99 9E CB 07 77 
+    friendlyName: Invalid keyUsage Not Critical keyCertSign False Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid keyUsage Not Critical keyCertSign False EE Cert Test2
+issuer=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical keyCertSign False CA
+-----BEGIN CERTIFICATE-----
+MIIDvzCCAqegAwIBAgIBATANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEzMDEGA1UEAxMqa2V5VXNh
+Z2UgTm90IENyaXRpY2FsIGtleUNlcnRTaWduIEZhbHNlIENBMB4XDTEwMDEwMTA4
+MzAwMFoXDTMwMTIzMTA4MzAwMFowdjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRl
+c3QgQ2VydGlmaWNhdGVzIDIwMTExRjBEBgNVBAMTPUludmFsaWQga2V5VXNhZ2Ug
+Tm90IENyaXRpY2FsIGtleUNlcnRTaWduIEZhbHNlIEVFIENlcnQgVGVzdDIwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc8DNtbU9YabxHAoWqRyRxHTrx
+VL8YwSE94cbcBbMA4tskut30Eqd/j1CYbCrD9KIyn68THeypVDFGL82wg3/N2lZM
+P44b8KvH2ouJNqljDVDhipAu8Tjiun0y+3L9diMlpsfrx2ZSdDO+WbeHoUjovd8Y
+DrPtG0U6THisgQj9sgWI8oIgPpQRjoMIb1ZAC/IsMPYVNJL/a14dlqit2PsGpLnW
+RYEG064MAde5SHUfgV66pwAxisEWH5xl/v4Bbrh2mqMsQ16izLKStQiuW/sVMEdH
+iEJefQh4y8anEbWkudAUDvV31mUyHivZmfz8eldAy9ICi2RdSEOf0QCfARalAgMB
+AAGjazBpMB8GA1UdIwQYMBaAFLIl0igw0FVobky1wkjzypsV8kBFMB0GA1UdDgQW
+BBTzsk4G1clcuVdkoLbl/++tircPZDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQB4eFm1jkEg53bNCSXO
+pa2ViAfw7FgAGt0+trq/MaMv0SVuIWZRgkhDWSuTffNi6zC0cIXO+H/IlOA9pPz9
+CHnH9FRigpZleyl8/WMx9EeEYzpS8Bde6LLZh8nzeLiBsXZ3A9+Bp8lqfgMoj3kW
+GUIcMGyN0MS4PtXuuwz0Ur3FXfyXEEJCqwQ3iyiIfDvYaA2Qq+ttHZcJlwkzeMEZ
+pwM/lZZEnapou8sdKtfbA9h0+0ep6tamOC6tRv7Gz4OGtPKWstl0jdf382Oq60hX
+0TqCs8uCX5l46vnYweDOFzj9118sceZ9XXCYxNmRXPNbEf2guCrirvPZCRXcmE0v
+7AOi
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 96 66 5F 5A DF 09 34 F8 08 18 23 5C 0E E1 91 99 9E CB 07 77 
+    friendlyName: Invalid keyUsage Not Critical keyCertSign False Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,76FDB2972170DCBE
+
+EaoMivLV7+N1+6wNegyZ2zfOaRVnjO+se3Y5Py1dOOrrUs6R7tv42WSmrU5nYbXe
+DkgVoQrH6xBqPbTLqewzqjvBycQM8qdVXUAI444cosm4tFV0V+UlU7F97jDYBrR/
+0c75ee+8dfUM0iS92TfO0+znPYFjstsvNczbL7O9XFS2IzdBVXDHWsevvzmTjOiV
+KA3iPFrpzUWhrTCYmZsnmjy5w2e+KTGQLhgN0RHDSj4kja7YZJWi7+nUtUjHKtIs
+T6AnvuthxCieYmaC2RCsqT0ptU6gyQQahMkr6ZTJqgvmhQTqDDdRE5xx07V2xol/
+JGzOCxvi/LlUR2HXyxt2Ip6k+nHixE6E3/PCmkHm2EfM766z6jS777etp+TOKsuT
+j/hyr3FT67qfp1/M0p4jTttJgSfQ+gmlIaNzYu31VklODJGzXJ6l1QxOx7TWgefn
+/K2Qi2WaQjEfKlcUZXVilt/DucRDsDPnMV70yMzl6VXiVkDDXSgUZg85AK0v/sKM
+EbqrDmZq+QbNZOh93/lQdd402ujrIcmk89O0Pq8V+9t2/Lkjiu0PWoEbAfUYe49r
+dMSh7biAlqfe6dXA+9h/Ggco00dm1diXtSZpdDrv1yyttLyCpaF1en8suqXc69FD
+30jjXsRSGZ5xRKnj1hfFiET8PD9TKuCvHDHCc4k1KttQaRtSzAEUvHIuN89SWVdr
+CiXTcw+FM8wrtRYM2I/GmrNU/klyHBycgog0hppUPUGnRJSevnw9CO2HiBLtSScj
++NlId3IjXi/zO6vmtxYtqAl18hK9aS8KU/lxsvZGhCHs1CDea8TQUW8womcYOKk/
+WFAs8KWcgeuVPPSExFXh9L0Gmcd45qBQLfSuFyc3IwBbptpOPTxnPqsam8fe7ohp
+F6DBClXexeZIOSCWFYI2x+heoO76W9caw31zkIAJpBGFB10FOoBy9uCApGdPj0zz
+zVHPD/EH7xkxeBGf0jMBTcf/j0w8otkNRSMc0TwZxuCN+1rMvG+5pcKNQA5xeAhG
++ViOO8Pbm+/iNY7Q23rSW6n8Og+6rZhgmD5LyIVW5lSJ5KH9yXJX2IhvHSYL1VZW
+5bAnPemCdIESLovzgj4D+ZQQVOPyoBO5jaltisqySTGVFKjWTvA2KHpB2khJQI3h
+sxUHAORjmSNOjHw9k/JFEIAr8o4U9XP1X9fsLyORVqNxAGuhatmllFRUv8QGEAVo
+IZfYZB1OL6qN3azk/hERP3DjHrnrNochgMmXgV6XDZC8D7fc20JcX3+LhpoVgIU0
+P+BBumdym8t1wH6XNLUUIS71V/BrWayt0luiJwiiju5AflV0rkdQ74wjanvcU5Av
+bQTyZYXTP/tw/qV9cLeNtyjBXHcoLXjWn6fyZmZRZfipGrGdIYmBtQIVUW+QDunW
+TSdG1pzZDOI5PHeIGpmeRiz7PXj1W0bTnuBaca/LH0DXu5DbuMcqS/plysObH0Za
+An9Mw9UFzlo445TXP9gwEllgeEeCiy33QCTmssgBRBiHNCSHW5C25igewYkChvvm
+7HtIjHWQF6hld+zE+YRPmR/DWbSvztovy7wPr9zlOzpOffC6f6r9SA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14.pem
deleted file mode 100644
index f1d3094eed..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlyContainsAttributeCerts CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgzCCAeygAwIBAgIBTzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFExCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEmMCQGA1UEAxMdb25seUNvbnRh
-aW5zQXR0cmlidXRlQ2VydHMgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ALSCJ7MnQSSfqf3cAKyFUJRK6CV6MSLa2t9JmoGgpu6snUGfPogvAguvdYP27085
-2+7ZAe2MA5+VRBKl2gtUJeS0qdMlrQyLMw8SBfIuCc0cMrbGnRHqeBPHPVdq1n3b
-xx+pwvDV2egYWx53Vyq72HVv7E6QhdGjEwO41216OFXzAgMBAAGjfDB6MB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBTFKJWbEsMCo9m4
-+7Yd323jU625IjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAH50jqtmZxb9s
-51U/Olz2Z4OskoazeeNVJ0LXvUzF2vYzqBhXseLUd996wDmvQWsoczt8etO5zJdI
-/iXtC61WyqmSDgSSSEvoIAL/xWFYQh1QAjG+FD7qHxfJ5TUiVFUzkQe/nE2wSWYL
-oiZe8DkJHsi/T6sBMbZeNLcXa8CliLI=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlyContainsAttirubteCerts EE Certificate Test14
-issuer=/C=US/O=Test Certificates/CN=onlyContainsAttributeCerts CA
------BEGIN CERTIFICATE-----
-MIICnjCCAgegAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHW9ubHlDb250YWlu
-c0F0dHJpYnV0ZUNlcnRzIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowbDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMUEw
-PwYDVQQDEzhJbnZhbGlkIG9ubHlDb250YWluc0F0dGlydWJ0ZUNlcnRzIEVFIENl
-cnRpZmljYXRlIFRlc3QxNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnRFu
-rk1+JntR2FWOywl3/YsAK7L4yrNCEx5T7OIJOPeYo2gQ4HcNYzhCfrs8BnXBgRWm
-SmYiz83DHjDXf1v1EYvmLbuorfhe6oqbZjFFmFSFVYoBBQGoweqSBuEP+Dfz5JCQ
-3j/U5P9kHacuVt5EvNDFuxC2QpNlKDMKVp1kO1ECAwEAAaNrMGkwHwYDVR0jBBgw
-FoAUxSiVmxLDAqPZuPu2Hd9t41OtuSIwHQYDVR0OBBYEFH75KmUzZ/T1lVkx9E97
-tlW7zv91MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DQYJKoZIhvcNAQEFBQADgYEAcnsbImj6Bq19wrmv1lsHuwr0rR9v5AU5A5BvxBGX
-7L9250MNODFbkR2trDXDu8Aj4xDl14ksrH1CW5oqqvhSIN890dWabjEIWXzPJPXm
-Ogj5ekGTXsXnOsbO8CEfvjAvg8zfRVlWuR+mxGvk8qw4t0xB0GIqutURQegGF/zY
-tJ4=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlyContainsAttributeCerts CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C5:28:95:9B:12:C3:02:A3:D9:B8:FB:B6:1D:DF:6D:E3:53:AD:B9:22
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        4d:d0:f1:a7:37:36:13:e4:57:d2:e5:1b:bb:c0:68:35:91:0c:
-        84:53:55:01:9e:2f:bf:4b:d4:7e:55:4f:ea:6c:71:f4:54:a5:
-        b7:38:50:ac:43:c7:85:b9:13:88:4f:36:5c:35:5c:83:56:49:
-        1d:ea:d0:34:ce:bf:d6:21:40:f8:4a:62:ee:c4:88:74:f7:05:
-        13:cc:15:90:46:d3:8e:04:5f:00:2e:ef:1f:43:cf:da:84:d4:
-        27:b1:22:c6:b5:ad:83:cd:aa:8b:cf:0e:d7:1f:76:37:a6:29:
-        8e:3a:e7:3f:58:12:8d:2b:77:58:b1:eb:7f:35:6d:96:74:f6:
-        48:1d
------BEGIN X509 CRL-----
-MIIBWzCBxQIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHW9ubHlDb250YWluc0F0dHJp
-YnV0ZUNlcnRzIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoEAwPjAf
-BgNVHSMEGDAWgBTFKJWbEsMCo9m4+7Yd323jU625IjAKBgNVHRQEAwIBATAPBgNV
-HRwBAf8EBTADhQH/MA0GCSqGSIb3DQEBBQUAA4GBAE3Q8ac3NhPkV9LlG7vAaDWR
-DIRTVQGeL79L1H5VT+pscfRUpbc4UKxDx4W5E4hPNlw1XINWSR3q0DTOv9YhQPhK
-Yu7EiHT3BRPMFZBG044EXwAu7x9Dz9qE1CexIsa1rYPNqovPDtcfdjemKY465z9Y
-Eo0rd1ix6381bZZ09kgd
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14EE.pem
new file mode 100644
index 0000000000..efbb15d909
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 70 8F 11 3C FD DF C2 D5 D0 76 89 58 15 1F DE C6 C9 D9 E4 D5 
+    friendlyName: Invalid onlyContainsAttributeCerts Test14 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlyContainsAttirubteCerts EE Certificate Test14
+issuer=/C=US/O=Test Certificates 2011/CN=onlyContainsAttributeCerts CA
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdb25seUNv
+bnRhaW5zQXR0cmlidXRlQ2VydHMgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBxMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTFBMD8GA1UEAxM4SW52YWxpZCBvbmx5Q29udGFpbnNBdHRpcnVidGVD
+ZXJ0cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCupG+ZQFa1+AF3vKIN0iZQf4EAprxupX4n8IgjFQWXI42ZN8sQ
+rgpjM7GU/jQbheNxHcuZSPIkp9MAYkaoESZsq81ai045iqZRKEsCnoL8rWN9OJVK
+wRSkHXLeKfaRhYo86JFfjx0KkefPGw4G4IIxbtlulVcc/q4OSa0cKNEhrDQWD2uM
+dTNhHDYQQxt6kHaYZRb8krtPWwlEl+s3oYAVfzYo/b55hKlWCBkGa17X2RfFreGQ
+WcV+EseidphAB5YytCiZMsZ6L6CW0DEICVYi0OhH/0UX0BgRdOIvfgd2PRmL6uGj
+Jwd4yqI5aGfLOTF7bxrjqHdPOhdNJXHlk4VPAgMBAAGjazBpMB8GA1UdIwQYMBaA
+FE0H/vYtvLUZGlBN35kEem0zcJBOMB0GA1UdDgQWBBT/0UE0DUG+pU7lJIfWua/D
+vs0c6zAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
+CSqGSIb3DQEBCwUAA4IBAQCOPkqYnbLIBrJBXY6Jdcs0/qHhYCKjUGuwSM0xV+ui
+/11R419qTZlDeVEkUnF6wzHa2LrvGOxQuRfGcW4GeOnEq4p20iJy3h/kkZjwhuTO
+4GfrWYkHIH3wFdQ8xwSOW0egU4h+zdki7Z5ABi0nUYWQMV0bcIj5t69r8YM2Y/DD
+dddGgtxOkM5wJ1zuaFEvDT7YXrPXv2ndPy1j2ZecQ1N/87XS5Vt1y9whcfUyT2E1
+vy42AkyG+ePgNG4Z/ldDXOXYpCmfsITWgipmmkBgHztWgfdCRq780P1zKRwfMWyl
+C1ajhmo05Zm2uO2rQ1QoyzseVqS9d5oW9jEPaRQ3Q/FU
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 70 8F 11 3C FD DF C2 D5 D0 76 89 58 15 1F DE C6 C9 D9 E4 D5 
+    friendlyName: Invalid onlyContainsAttributeCerts Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,60AF22A385D8A200
+
+vOM/Va8LUV+WEEoQr2eSsCybH+PMQPzHDwFvGiy7JEPwODr0e6qeaEaWFYj44RDN
+/SWUbgktQFzykev9OCIiyUP9cbGOD8T3O62k5omFStgZpMIF7SysnBLK1Tb4wLrR
+U/xA+h04SsZpUXWbVtTV8kIzG7zjoEVFZQkTMYTM46ax+wVCsF6O199rofHjtUBV
+hOwqE6ae2ntBrAioWIPI2iiZMhdJUk5fX8Meq7rQLBmEXgrNZlRVJn6OIjAjTpin
+UDu6Wh85Y4oEA6F/+JzhA5fF0iglRL+8NQEAwGTx8uLs3BzUGNisSBtiURtLoNvK
+/LU/iUcUfoU7YZDW9SgfE5LCcEJEHHj/kiCFsu491sCFS+6fqNMM7E20bxZZ3Ufn
+3ZJ/eBXapNI/rhqTlFhyBWxrOFhMcbuK8smmTsG1EOrl+B+9JcGZbjJhNfX0MIhL
+w4nLxg2+GS2f3pxz43c8+RkxdENCPe2DSaeTn15kNgo3KD1gg0aORN0OqFee8X3r
+lWbSmj0jwjLtxoEwy36A1K+sCVzvNy7ai2iHwk2XzPEgMK7rvPjjL0XPEI36YvMX
+LeAm2MGjAUHlzBoqcCQI4juhRT+tyudaW3+zfQeoM4adlja4RYpSV+7CGJsjvZ7I
+GxO99Wojl7sD3B0LhFpMAqFob38dqyadETWys9L9OcqQJwi657b8VfmnfIN0V61Q
+H5Nuo0rHmHiz+QJOEBwXj9KwMpPEBp6wl1KJsMuf0YbVDERd6uFdlH+nz7JnxJqU
+TE7GBDI1CC1Sw0eRBwHLMgNnJGF8BDa9dtTDCGhfOU0OWaslmMMsno/I7ujztQ0Q
+HElkSzLasv9u7eDeBN7c5D6e3Wew0FNpzG9c98SWbGa7UZRU24hKlBy6eLKNmCAg
+e+YrtxfJ6LZ1BGiq/1wAK+wePdG4WPAcOEmj3LmDTvCwwvs9tp93wxVdNK2U3eKD
+MN9aAHZvYBRatOkuuF5xdTUXHSD/xOCPCvrGckGPhd3UP4TXmynqJxXDeJLZRRQ6
+Xtm9TB/AyWDnfBqNQY+oWEUzwxHPge/rexI14MCptsA6vJwHHVZISwHyTme9yeUX
+XnXudqEoFpDPp6CJufFXQJZsIadgc9gFlRfQ+daqzziKoTy4HplpZ9uTjsPS5soD
+hO1ZqHX7XU/7m0eSRKzp0I2/HdZr/JycnU1Pj19vzbrMsgccfOq8Ih8et+JJsid4
+50/x5sbNdj8UCDEbF08sn+TyOqnPSibburaug3K3mLFOhCb1ss6NV2nsnRV1xquU
+GzbYay1ig7I1un9XDnNzva4jcuQYUfQt2mogStozmkmBrvDIJr6VgJdoUWU7MNwK
+CT7wZsrP760mh5Lf5YrRJm8DSu/QjdZ/Kq7b45DTHeBjDsdj3KPecZ8qG1gBcmNN
+eODKpKqmXMQDDioJFXp8ljOIr4zgZHd7w2HiuxX0BqnQZUNyenymEmHEABzM3Qn5
+WpsvZT3uB5HY5R/sRcu/mPqm90V0Kyv+68WvKfZSWacOZpYP0QEaLMcpqoT3QnL4
+F9ccIQ4dx0Wg0V3+sVFnjaZGYYbV4mJHOYlyD++eHwERceloZPIZ7A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsCRLTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsCRLTest12.pem
deleted file mode 100644
index 14d5cba2f9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsCRLTest12.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlyContainsCACerts CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfDCCAeWgAwIBAgIBTjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWb25seUNvbnRh
-aW5zQ0FDZXJ0cyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqP8z3Y0v
-UCVXIVXCpbr+dcdoZFi0UZQPvl77hqqVORSs9FefV5mTeuoDDfhtUYa+O6Wzh2v/
-Yzv1MzPQzePG3eho/6CLs4pzqVWZDzYTG6OXubjPvYT10WykqfaWuivcn5YxbHuA
-cRitNsBAvY1Nq/kPDtsPJz1t5+PDRVO64gsCAwEAAaN8MHowHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPOhB0Zne+mPWavrVYaTyKzk
-VbcYMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGkMUjQFfto4SQpRJ2fAeU
-qXp2dn4kt+s/ITPOIykUFaybQ6eaGRcWN4kTi7IufbSeI7lmaa4SC+bq14tfSf/w
-gJSpwu58pIbPHKN0IgB+9S8eRS8wmB4HcBflmNZz/NX6wJzwJt15ZC+gek+eZGUw
-Qck6L9wt5i1wMFyRwBmAHQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlyContainsCACerts EE Certificate Test12
-issuer=/C=US/O=Test Certificates/CN=onlyContainsCACerts CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm9ubHlDb250YWlu
-c0NBQ2VydHMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBlMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxOjA4BgNVBAMT
-MUludmFsaWQgb25seUNvbnRhaW5zQ0FDZXJ0cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0
-MTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANFmoy4sb7+FLLRfH0FTJkEA
-4DUgy6WKlx+o6gViRTKyicSNbY5GWZ31r5z+B8SyeL0HaAYwkDBBNIJ2tLhSgKCs
-YASvqHqBa8YgpnDs3fh7d7perSH4t7SLblf2Ul9ABuDvFt/lCizK2LXgfDhcdrUU
-D7ZeOZTr59cuMd+tAN+vAgMBAAGjazBpMB8GA1UdIwQYMBaAFPOhB0Zne+mPWavr
-VYaTyKzkVbcYMB0GA1UdDgQWBBSsVnmrX9OpfaLqvFvE4FydtKiYrDAOBgNVHQ8B
-Af8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUA
-A4GBAFqv88cSXJ667X0tM4dQ5AyFGYONJIioud7mI0SXcDeh0Me/J1wmqDmlS7oj
-3vVTE6unv0EjjtEcLJr6FkHqYIksi9Fsuudte8FvQQ7aJEz6nzBpTe+kBINtK59k
-picBSyDN77AoX8AMqoDj39NP9DCaiq7fO3XL2Ei0MF4uG/1Y
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlyContainsCACerts CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F3:A1:07:46:67:7B:E9:8F:59:AB:EB:55:86:93:C8:AC:E4:55:B7:18
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        54:27:ac:fc:b5:7a:93:93:e7:f2:e9:63:f7:52:ad:20:08:4c:
-        52:08:62:e6:f6:81:71:1d:72:f4:1d:bf:db:06:52:d6:4f:8b:
-        86:68:4a:ca:01:4a:fd:b9:7e:5d:7a:df:48:67:36:9b:31:12:
-        dd:13:29:b2:8e:b6:ba:c4:20:31:57:4f:7e:c6:d1:3c:0b:e5:
-        1c:a0:c2:15:c6:09:5b:77:ca:95:37:31:7d:a8:08:4d:ae:60:
-        4f:3c:b4:ef:92:9d:f1:11:5f:a1:1b:2d:ff:e6:2e:07:88:4e:
-        2c:88:54:b8:e1:be:4e:6c:22:90:0e:37:0d:b2:8d:61:21:46:
-        36:29
------BEGIN X509 CRL-----
-MIIBVDCBvgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm9ubHlDb250YWluc0NBQ2Vy
-dHMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgQDA+MB8GA1UdIwQY
-MBaAFPOhB0Zne+mPWavrVYaTyKzkVbcYMAoGA1UdFAQDAgEBMA8GA1UdHAEB/wQF
-MAOCAf8wDQYJKoZIhvcNAQEFBQADgYEAVCes/LV6k5Pn8ulj91KtIAhMUghi5vaB
-cR1y9B2/2wZS1k+LhmhKygFK/bl+XXrfSGc2mzES3RMpso62usQgMVdPfsbRPAvl
-HKDCFcYJW3fKlTcxfagITa5gTzy075Kd8RFfoRst/+YuB4hOLIhUuOG+TmwikA43
-DbKNYSFGNik=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsTest12EE.pem
new file mode 100644
index 0000000000..7ee148209f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsTest12EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 13 FC A4 6D 9C FF 3E B8 F2 54 76 76 5F 2D 50 2E 88 CB E7 9E 
+    friendlyName: Invalid onlyContainsCACerts Test12 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlyContainsCACerts EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/CN=onlyContainsCACerts CA
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWb25seUNv
+bnRhaW5zQ0FDZXJ0cyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MGoxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MTowOAYDVQQDEzFJbnZhbGlkIG9ubHlDb250YWluc0NBQ2VydHMgRUUgQ2VydGlm
+aWNhdGUgVGVzdDEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/4K
+0zMGaBEBzUZZ6uDkrqE773KlasKE7Ymp+9lwJD/u21K+67usJGF5nAdf8TJo39zd
+gzRiXpjJDEi6vHev7JQF7ZAfBUzpawXXCWKE22qrXC5mPYuaVKpGVgVqcPc2wscl
+LgqbTx+M/Jv6tT3Fc7v6i0xTdr0dC/ibu6Z2RIYRzK9oqzBMlSNbRhtK+dAUJWd/
+8eLtuLcjZYnEpomjCvWrx5g+rG6fYynQVY8vatECuuqNl8xzKhjvR19OX5PTTU/i
+1Nk8UynsEEBfdY+E0p+wXbsTMbUT40F07tc6QdOOzl2h3vxAD/ndNElaGeaN6myk
+98oly7EBZvDdxiW/MQIDAQABo2swaTAfBgNVHSMEGDAWgBQlOMOuyi11eltN1MAD
+kogTIsdsVDAdBgNVHQ4EFgQUR+X98QRRekMAokMlz+LSmBXnQUcwDgYDVR0PAQH/
+BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOC
+AQEADDWIC5mPJ09cQA+cNKz5Q+ChL1bQA0/1BLW5pKJQnG32QprScoDhWue75BZf
+3xR3XvpQA1TQSDdZUSVyO3p2gr7EwZEfpmM6VqXV8V4CH5J5ftXdHXVZxjauLxXg
+xaS7ijTZYuz20GryP01mqFdd5xrtE2Vc8DeAs4sES5HkPYcmlMV+tlplmDO9S4Fn
+rGigBRCu/+AnyJqDXipXNn3cEY3FXPx/e8z4Ol0N+UeVq8QyRNDAvwO3h9mXlQQm
+tQ219UqTn8gUfIl0P89PC8FRXK+kzcHW+oqDeiMGqMov1SQaAnYUCJ7dS9j7LtKt
+I6J24jnmVifPHYRTxEoggCGWHg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 13 FC A4 6D 9C FF 3E B8 F2 54 76 76 5F 2D 50 2E 88 CB E7 9E 
+    friendlyName: Invalid onlyContainsCACerts Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,024C1D296C254FC7
+
+u65GxQQYdsrHdpxx4wp7d0J4WnlUBfQXvJnCauLK21H6ucElJUF9ILhdTst5vKSs
+jkNtGorKh7b7M2r91Wvc3GkzxhNBNgKJHW9/XsIXWc7KaO0X3d1rnts5VMsD3hmk
+ad4oO5NOslsJ02TKy/56rPTiQ9uRH6Y+jalbY0DPcy+6ul/IsRn6EZ+eRLcy/Bp6
+fSNiR6IvUWV8yr0qXuE/koxxW4m6JgL7x3hwi52GFEMewJ4u0Tk6ytTvmhMkQyAj
+pE12zRd3szUjO7OkSzqp3r4Kgahx5dmJBei6S0rc/nqoHDoy746uTVG0h55Dnvul
+rhOg/3Ioe1Qs0kToQBy/WFjzkJKD3opz0Y1vUm/KG2S9Wwsw5s6irkwO5s5tBwp6
+RJnW2TvS6bKZ6AJsvLGAhIh6m2MOeJV5H3FEqttA0cahzNfhLjIJKR3imEYVm2mS
+BU2LztU7sxlFSpJg0uGW1x6N5LQ4vTM6dS/SD+J5FpT3JSkokrjoI35xt15vkPQV
+94uIQuP5A5j3xFhakoWKvnX11ivb7VTr5kO4rcLMSsoqeRVD1+9Q/j6UFky1Uitb
+nwjRBHj8Xe9yBIJQQGhSe0f6HlC3DHsEMWgKpTHtUCNUuwEU5tDYJ6iULkpXz4if
+4adDW5d8yOWAywfdvOMyizl+GCbeyaGhHPUoFePmkoqLUtpBDhPgEUqUiUI7GlTk
+H57XnCBBvkwLmIRyrpcItU78GB9qFoRKK2/oyVGbtlct28Jt02GXQ0i6OVWyFUIe
+5uTlUrYJX51rcCbksk0zrLBkzYrUV1Jv+MRso1u5Ik/Zl8It3LGZSvrFcVjbQgf3
+mab0A7p19mElW51KmbQGTcWqXUNTsLD/7VPKEve8CtnQJ/gqWdM7ZN+w66X52uJX
+xvGgEDZf529wBfTuqLX13EVMovtcYql60MO9haH2Nlr1xs96vE1Vk8iYhxRt+c6Z
+HSZHGSJWhvt66pKRHxhyFM/csjoh2MAJPfKT9Ybrm2pz6rlSXdZ8I1UiBeN4Y/Ps
+97mxctU5iZI678tt7toQLF6PCyqrQKqWydLccd1145jz+R7tzwsBBfxCSsAJxZ8q
+exLe/FVRlkUK2yzRD5eDq0Axla3QuK3yzZ3BWV5Y+StUh+6BitLwFAZSNE7QZSRC
+tDUwWeyWMLuQLg2aWG/Lc+OPH8ypRQNeMj0fouQyxx0KFxP9cbK0Ue+k6lMwK62q
+1lYI0Ovv7dQ9CV9weSrmay0pPnv1mXhmBvQYN7jpT5VJIxYOo4n0/q5PfhpZLlj+
+OJB69K+AwPiPi5hPvX4LXn8CBSFJxb8fdR4lpGnU+MkKWxAoy8JUoQ1DZNxJCXyj
+qJzenggc5hmdaZBbjwFbSeqdwFuq3kk4lZkb90L/lIVTjS88pgsdRct/Q/bs3MYx
+HzZDRo0xB8nJNi5mZZyKYBAfG6hpFrPmTqTSgeEz9UjVY4AI2sS7Yoc0LZ6Vb+eJ
+DJ2pWSMmdfU7ziRp7eaiCs7TPzsk0aT92dhCcbKGX/mudxmguqtHYdlRgIJmmUUh
+9SAsK/4/yQx+GR49kpUcPlmBekrAoX7HcEOAjRHpgYk4V/UlT0PRrw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsCRLTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsCRLTest11.pem
deleted file mode 100644
index 237f79a05e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsCRLTest11.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlyContainsUserCerts CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBTTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYb25seUNvbnRh
-aW5zVXNlckNlcnRzIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9uYsu
-53u2+DI6YJnVIbUEBXbifJtOvR4Id3dAWtLRtp1J1/cjbUdtunT8MP8UdMiOu5GH
-qkkjCow40bwn18zVUFC+tbTitFHZwkcY6vpoBiYh7kfUGyOWMuGhYDDmL6f1GyGq
-1cPMSG3TI65vxTRu69NqZ6A69+6oecCzEhZwDQIDAQABo3wwejAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUWss3HtJGmFwTlfjfuDr/
-EUCtFfIwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB4p94csINQawOHlCIzE
-BoDqe6fIaND41iV0Ho1HK5OQyoKdGUAUm3cuoyXOmA++mMrGdqZd+xqQswur3Ve1
-iKj1z3ZAfFHI07GT7nOS9yTHPwIwW1FaFsaMkJyHm5McmiVJ2RVPcuhZM8Hg/O1t
-lEtxFRbVcGf+7bi5eI/HHmmB
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlyContainsUserCerts EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=onlyContainsUserCerts CA
------BEGIN CERTIFICATE-----
-MIICpTCCAg6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGG9ubHlDb250YWlu
-c1VzZXJDZXJ0cyBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGcx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE8MDoGA1UE
-AxMzSW52YWxpZCBvbmx5Q29udGFpbnNVc2VyQ2VydHMgRUUgQ2VydGlmaWNhdGUg
-VGVzdDExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgvtvHKcfaEySW+gTB
-goP/idcErgtO4WHFdiTLJV2wwSRVKNwruXMNUfgnsksQ+Tqa24KJWAJpnh44cvcT
-C63piJcmXs35SuSRbS3kefpDW1HmvkZUJ+xEp+jouS6IXKBI+bX0iASJpBC8rDtw
-TdyTa1MWv7veksCshAZr3cxBgQIDAQABo3wwejAfBgNVHSMEGDAWgBRayzce0kaY
-XBOV+N+4Ov8RQK0V8jAdBgNVHQ4EFgQUb0/1XSOZ9YvHmG7rvM8eBcBgOI8wDgYD
-VR0PAQH/BAQDAgH2MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAJybyf0fbsSEKPlQbxKeyZBQXdWfQGeo
-1NVyDN87XSKQUe9fech7qiUC4Ua2z7mWrIIbDBylvl7ff0NFiPTK6+tl4Rt+zaX9
-qzA+dIuVr/7NPrlaTSmJglaX5n1/2h/dYhFbJUXe5L5FOpE3uq/Cp83MC5AQzDxR
-UrWoUQdNtOhm
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlyContainsUserCerts CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5A:CB:37:1E:D2:46:98:5C:13:95:F8:DF:B8:3A:FF:11:40:AD:15:F2
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        52:63:40:55:91:4a:88:23:0d:64:84:b4:3e:50:a2:0c:ba:30:
-        81:b2:86:2f:ce:0e:b5:b7:e0:c2:d5:10:63:82:0e:88:ab:90:
-        d6:a4:df:11:22:96:15:f3:7e:cd:ce:0b:87:54:0b:3f:60:c7:
-        6b:a6:04:9a:25:8d:51:af:b2:c4:da:f9:d5:63:57:f2:b8:f8:
-        07:d1:bf:0b:a3:77:a7:e6:e3:87:a0:97:5d:4a:41:07:b9:36:
-        98:bd:54:93:95:32:d9:7c:07:83:e5:d7:54:77:be:e4:eb:e1:
-        03:fa:e7:83:fd:78:45:4b:a0:42:87:52:c1:1c:18:06:4f:39:
-        f3:09
------BEGIN X509 CRL-----
-MIIBVjCBwAIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGG9ubHlDb250YWluc1VzZXJD
-ZXJ0cyBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqBAMD4wHwYDVR0j
-BBgwFoAUWss3HtJGmFwTlfjfuDr/EUCtFfIwCgYDVR0UBAMCAQEwDwYDVR0cAQH/
-BAUwA4EB/zANBgkqhkiG9w0BAQUFAAOBgQBSY0BVkUqIIw1khLQ+UKIMujCBsoYv
-zg61t+DC1RBjgg6Iq5DWpN8RIpYV837NzguHVAs/YMdrpgSaJY1Rr7LE2vnVY1fy
-uPgH0b8Lo3en5uOHoJddSkEHuTaYvVSTlTLZfAeD5ddUd77k6+ED+ueD/XhFS6BC
-h1LBHBgGTznzCQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsTest11EE.pem
new file mode 100644
index 0000000000..c12b5a1934
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 88 56 67 0E 71 41 E6 F2 AA 69 74 97 F7 89 E4 5B B5 28 28 BB 
+    friendlyName: Invalid onlyContainsUserCerts Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlyContainsUserCerts EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=onlyContainsUserCerts CA
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApygAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYb25seUNv
+bnRhaW5zVXNlckNlcnRzIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowbDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExPDA6BgNVBAMTM0ludmFsaWQgb25seUNvbnRhaW5zVXNlckNlcnRzIEVFIENl
+cnRpZmljYXRlIFRlc3QxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AOaBsVf5mQNZERJjfa68546sUDPNfixGH/qzKOIBzlTFSfSuD7jIYTRkIr6qrbBo
+dPF2V2Rnsz+lJNYvNol8D1BfKkZgjpz5QPCqOQ1JBskqQfO6MXG8xl2DBb7FH6Ge
+jURHGJu7RS30qob03dvQTGEFc7aS7lAj/Ul2D2+IjMDJxIICb3/SwI1lOcWFmmJj
+wm2nBat41oGiUZ41C+lJZ8vbOs3e7BwsJIi7NdnDH2ke4AKTnavfO22CvSs1RVbB
+1kHMvi+Ux5/dQVZAqmv03oXkC4BgHjCra3vLv1O08jRg8f32fdxDCLAA2gQsOQIH
+1wcJaTWap7Ls5IxiaVEWt1cCAwEAAaN8MHowHwYDVR0jBBgwFoAUnbwAqdwBzf4d
+loh9tZ5Pmd4k0gUwHQYDVR0OBBYEFIeuKR8BSlP4kL3Yk3Y4khRKcv8MMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIB9jANBgkqhkiG9w0BAQsFAAOCAQEAdaRcEMmTAKhn8X7yDP1m5Rztq5pvbDbh
+C11BkkMph0iaaGqfv9+rLhoSUsSPMcI10R3mGb4lJnG0pRSWOg3ue8FaLTqSK7Eh
+QrdLjieU2w36bsp8yUg5XIXvhjYA0TLJ7SxqitUmoniOLHpERNd04nAP5bXJMNvo
+G45/n99z1jXUugbCs2DND84EMXSjKekhzN3cO73VFaT4b+BIlbnqVx89CvMNj+eJ
+O3xfgd4eBmMvPC6mrxGuXw3E83sUOOqlumIZsmf0zcWci8aJIPvgih3yEBa5Tihm
+BPnFS6XFB48CEs/iiPTVzSL8VbHudw0rxrT/ZAfi3C78mXEPzu/AZw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 88 56 67 0E 71 41 E6 F2 AA 69 74 97 F7 89 E4 5B B5 28 28 BB 
+    friendlyName: Invalid onlyContainsUserCerts Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AC64C592EFCB03CD
+
+nlYYtTW0DxFH9vpDyxm7PKRBLHiz8SrqsKUelN8D7C3uuynXtssBXf++0Y0zNHZj
+qcRd2yuIKhMnBrrIDOC3RzMcKRfAIxbW+AdUsV8sWuhvnTdXwEj7tmnDmtL5vuG+
+zqTe5/4l0oo7QQEUxNUWriPb1ZQyPFAsxdtzcihd30EgLOIUM8cfNl4FVikGPZ3X
+Qm8FDsEWnvPBaDV6pfd4Nh/YnrB1vfHsal2eJJ5Txkqc3gUjnoADwmith2/6ZTBd
+S6b5PiqiZSyqtDO7zxvueV1Qa5Dn7k4b6eG+lOnCo11FP2Tk4Ltz2/3QxIGCSv7F
+C1MpSkmNCZANcCHii8qZBQbB5Rm3tiR5mIY58EWBk2ZaX5086QCr9fzViQnLbCFd
+a0fjx1P/qb5ZbsSki6DI5es0+UrjkoTXyDSmvj+9NyClA99Wl2zCIyeFD4heie4J
+Cn512Js850qTCuE81tXg1HDOvbRz+jSBHrvj9KSMTZdS9e37Mqi4sZbNPBoQ+B7k
+Z8FBHnZKqJY2ojVbU01yeVUq3ztclRUbgsmUS3Cb65TACiOfwrUF5BL0M7THy/Tq
+0Ztdefmn1iwBF8qLySSt25d2yQGXTyRXu3sHtsiqVis7QCYwmMOVWeAzi/BwjaM0
+TLuMIm3lGJWs+Y0U/S4ZthjMR2CjpY+h07wlxjJiLOSczCYnhduo18D92OZ/r279
+OtaSOhlAbTYXPGufIeHAN3mANaq5jWezLQHGD6D5vdn6W25r80qbTOuFPxb87dsd
+tj8UBb6ybik3Ub2z0kUcuoL9kIzQp23HQeJn9D4jQor3vAT7A2JdpVcuAn21pWiq
+MO6rLla2eCJIUo5hn48jbjBbQxxt/PZApVZZiqKz3lCwhYRM1kilHrseGgv49p2i
+pULQoYZk2hfWn660H3T7Y/Y5hBX1HeCzJmvNsrqJSgsKRsYsgzoR2xRm89jdO1kh
+TUO4dbM7olL6ASECNAnLh37VHV4/KDp2wXUC9lZI4aXqH+GZrKvW1UUs4JD6Ste4
+lYTAklrnMVla79fI7PPfy1n+ihIlzdzelhI/CTyTzs8xxNh+2mPM9+CIHAmzyVOs
+gApir62xWFb2sid9qY4NyuKvkeDQ/cQIE9/ULfeL3GIkhtB7KoaRkBAtsZ5+lSQ/
+fjhczdDkPXg2ZqxsHYhNaw1PRMCRhE5l69D3nluxZpoCb+moJxtb+Pi2EAYzvC7S
+px6oGEZYYL4Hu8zJvVvoTeku0QK5nBXUXQg8A4mjUYoj9jCurOyQsqXrxnkz2MBZ
++mCjAq93lsfpy98+jEBByM8d173wzjmaMGnS0Ub6YoqJ/NVjKF58ZxGNDSmoJPk1
+LaR+/B/SdD3JbPO7QdUN2h3e+6QK+S21gz3KX7tRy2by2jKmJbtPKXkbdXEbX4O3
+ENm0xwJuh6qdllaVpBG3sPQYNy4M9R6WXoiYVW9KCCjIFry7JvGWc3LqZ6t21nNU
+G4tJzb51ysMda5NWZr5mRAcN+z1BE1drFxTS5Sdg55kVFnn5CrRcj0RHg5FppJCK
+/MrF3vDRuyu0Y5IjnBdrncP/vgjoJKeHVd3lq+y/lSprOQIPkHp5xw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15.pem
deleted file mode 100644
index 819cc4017f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15.pem
+++ /dev/null
@@ -1,156 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlySomeReasons CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTb25seVNvbWVS
-ZWFzb25zIENBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqY5YemfCgwOg
-IB+hdOlRZFTinhkf1OaHBpkEgH6r2jJPiuhXh30ZT2TwX9aBiEGnnKuHuZmwGUK/
-DCnAfvpZ621Oo7LXsNQFtGDYrh8Rfu93TxunsJNZQ9ZXWEcIjot4YGkbOO8Nu0il
-Z/zLKJKQUSKKBW/5glVtiynAaixm6k0CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFOBimt8FUL0fD1sYSf6+cB3M3Dlu
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCbnkFzDActclPpCRyu9PWbUrnQ
-ZU76d5EXV40N6ma0OBngkU+7TJgmUNS2anUuxF51tkeYvMlqADT7KijrN/rGSipZ
-yVR/ds2UaXdbfIfuFOs5TuVeClJ21BkYQgrmZ90/ti2fgIKn+cA1MQcnthtmtGJx
-1JuSgthIOVfbeMWdCQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test15
-issuer=/C=US/O=Test Certificates/CN=onlySomeReasons CA1
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVh
-c29ucyBDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu
-dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QxNTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlsynYvXyvl+q7eNnQ1pHRTzYR3jQt0ko
-GQ/U1Q9AsMdHihxgohDFbqyRbq2ODI6t3HGT/h8JPCPLT+dLhvwixeYhgms3m/TJ
-+mnXebr5bHI3PjF61Cw/mJe45Ab+arDxdumnvJRtw4EIB5lDwOrD9bHBE/WS1mem
-ndOkBLQNG8UCAwEAAaNrMGkwHwYDVR0jBBgwFoAU4GKa3wVQvR8PWxhJ/r5wHczc
-OW4wHQYDVR0OBBYEFKqEMbmbidNhzPioeu9tHpG1I305MA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAIIqO
-DY8YnDAv4BQddow4PTv5P8bnPkA2Ogs3Du04Lps9gxrBVYHDIT7UQVZ5hzZeXnmW
-rLwQeI2wDJNhjMhemXksv4rrf1pL65em4hQCuwlCsY0Nlc3z5hJjLslTd85fgQXk
-mDYbw0db0b1fRGsA+RkiIRM7ynpuT6753gVv4ho=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E0:62:9A:DF:05:50:BD:1F:0F:5B:18:49:FE:BE:70:1D:CC:DC:39:6E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....`
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        99:f8:e1:09:a8:5d:d4:4d:a9:18:5c:91:9c:2c:a2:51:7c:dd:
-        61:bd:4a:38:0c:5c:88:46:56:55:06:29:70:0f:cc:1d:cf:44:
-        d9:9a:b9:11:94:82:53:48:b5:08:4d:19:89:42:c0:ff:7d:42:
-        e0:39:98:43:6f:40:f3:e9:5e:8e:fe:56:3f:f4:4c:60:0e:22:
-        29:c3:90:7d:2d:ea:d2:96:f1:3d:ce:35:d4:30:72:f2:9b:fc:
-        86:44:fb:05:b7:3a:08:d2:bc:95:e8:d3:2b:18:a1:64:c9:25:
-        19:3f:6e:8a:a5:9b:99:e4:f4:ac:1f:f9:ea:72:9c:88:b8:8f:
-        ac:e9
------BEGIN X509 CRL-----
-MIIBdjCB4AIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEBFw0wMTA0MTkx
-NDU3MjBaMAwwCgYDVR0VBAMKAQGgQTA/MB8GA1UdIwQYMBaAFOBimt8FUL0fD1sY
-Sf6+cB3M3DluMAoGA1UdFAQDAgEBMBAGA1UdHAEB/wQGMASDAgVgMA0GCSqGSIb3
-DQEBBQUAA4GBAJn44QmoXdRNqRhckZwsolF83WG9SjgMXIhGVlUGKXAPzB3PRNma
-uRGUglNItQhNGYlCwP99QuA5mENvQPPpXo7+Vj/0TGAOIinDkH0t6tKW8T3ONdQw
-cvKb/IZE+wW3OgjSvJXo0ysYoWTJJRk/boqlm5nk9Kwf+epynIi4j6zp
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E0:62:9A:DF:05:50:BD:1F:0F:5B:18:49:FE:BE:70:1D:CC:DC:39:6E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0......
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        5a:9a:70:59:4f:6b:42:27:d8:2a:70:9e:91:bf:f5:09:c0:2c:
-        8e:21:5d:6a:76:0f:70:61:ee:f8:20:c3:00:cf:7b:40:78:c5:
-        25:5d:17:cf:c7:74:61:29:40:93:91:c1:52:68:4c:02:e3:b7:
-        c2:0c:e3:26:ab:fa:2f:e2:0e:70:60:d9:ed:34:ec:72:4b:98:
-        57:8c:5a:dd:1c:50:d2:6c:44:ee:4b:89:d6:f9:d4:79:64:9f:
-        e7:f2:4f:e9:10:0c:8b:12:c4:ef:e4:2d:f8:8a:c6:94:9a:59:
-        24:1b:f9:d4:6e:4c:19:4d:ed:4f:3f:e8:b1:29:f6:6e:2e:0c:
-        d1:ef
------BEGIN X509 CRL-----
-MIIBdzCB4QIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0MTkx
-NDU3MjBaMAwwCgYDVR0VBAMKAQagQjBAMB8GA1UdIwQYMBaAFOBimt8FUL0fD1sY
-Sf6+cB3M3DluMAoGA1UdFAQDAgEBMBEGA1UdHAEB/wQHMAWDAwefgDANBgkqhkiG
-9w0BAQUFAAOBgQBamnBZT2tCJ9gqcJ6Rv/UJwCyOIV1qdg9wYe74IMMAz3tAeMUl
-XRfPx3RhKUCTkcFSaEwC47fCDOMmq/ov4g5wYNntNOxyS5hXjFrdHFDSbETuS4nW
-+dR5ZJ/n8k/pEAyLEsTv5C34isaUmlkkG/nUbkwZTe1PP+ixKfZuLgzR7w==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15EE.pem
new file mode 100644
index 0000000000..26e7942db8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 91 3A 6A 9B 0C 86 1F ED 56 FB E5 1A FD F7 57 70 9E 4C ED 88 
+    friendlyName: Invalid onlySomeReasons Test15 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlySomeReasons EE Certificate Test15
+issuer=/C=US/O=Test Certificates 2011/CN=onlySomeReasons CA1
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UEAxMTb25seVNv
+bWVSZWFzb25zIENBMTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGYx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYw
+NAYDVQQDEy1JbnZhbGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MTUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMVrlEw9XZiZPi
+mepF7QiknCt+8ohKGyg8nAGV5rVbeT+oyOa3yqjcBBh8ON02JWnb8TD/TJMT3WwY
+UUc7AWPuKhK5tL8eaK9OvkN1R5adVRHW8P0XQ/DyObtxFP+bGHt+XvjBCGQWd0gP
+lrMo+24AgFgijyTRtbAVi5RDg2vG8PAVIPgO1kV5Ly7tIpp7ovQB4wpVbdjoD+Xy
+zmgm2kxbYy5j6TV1phFV0GNVr7Pb2+4FSOuvqCp54XSqO/qeXVSc0oUD/ZZznQzD
+23GQ3lIvdKhjfefhzlKExEGIbPEo1gYEZ4DI6M7+aERB1+1STbZRUE6o/wMOTJHQ
+75Fim7QPAgMBAAGjazBpMB8GA1UdIwQYMBaAFFBo0QlBJ4fnCk63eFb7F47uBAdx
+MB0GA1UdDgQWBBSmoXAX8YjFXLcBX1sI6Uhdu0kKQTAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAlWQIc
++Zh8/MirsIMTkslJm7tGZ/WLZlhRf0t0xqAc9gNvfh+tGkAe6jKWBrm3Le3wLsQl
+BfwAnI7gA58qqDvO7KQqaaQS2WJH9seZjG33Wtxwy92Ct+4koh5zNEXGVwmAtGQR
+hD7Fo7H0E/gRVXnpkv29ObPJBluGh/zYMCVAXfyCDUjHjDUyrLXAYHieNzBIUQgg
+GRuzrOy42lrO5PZl8Y+BANpKXzL0mmrWC0bjMdaQjWm6obqPOiSrK+/g2Q+k2Jjc
+I4GxzuuRKrDc4+q1w2R5OWe3yY2u4ecQWrGKL6t/TO7oB3F0JLYxqvwzE6Mr15et
++ygEE42T8tUSuz9G
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 91 3A 6A 9B 0C 86 1F ED 56 FB E5 1A FD F7 57 70 9E 4C ED 88 
+    friendlyName: Invalid onlySomeReasons Test15 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,90A5B5CF0638D715
+
+Y25oaoeE+pbdQJ3tN2fVM8ZLJvFDiLjeT5oThNrK/6yS08BfU88nIDsLrVebi2Aw
+IxHE+TbWDtmLdbg5Ql8/DO8VlRZKDAvsPKrGs3s3O8fv8BLEUnwPgXP1g0Ko7Exx
+NrnzD/+p4LlKOpHxiCyZwXckCitFY3uNwFiH7fHY2KyupFS7vM7AES0b8tl+vyma
+IfAdL+uiAMqKh7x7um9dywyJbuX2008qRIK6BF6HRLNQUyjPyV7qLjM6r4g6I6iN
+YD3QMqXimPdrdC5yrl/nBGuESczO5JEdIc21MKkyssz9kc17YbfAPv1OdP7+P2iL
+3hvqemLmfm2jRay5bu/OiofegXfoN6P4g7q9qQ3RoBTnamSSuI7UUWxrnnO5SlA5
+F9MmpLG40WAm34SYlkYxHsicntKrs+rRDKkntfxER8c3tOOMhyKHBDkDzHHvSHSe
+M6QUXsNimcU/vfcO1XeD8x7X+hYW8NGzwAO7nD8ViBm/d36Sud7gnfnmYv3ZkNiP
+JU2Xhf1ngZCbrFjniiOTltVJoGJfdlJkPjxAReEO9Uk8hshoVygfRM7syYVEbNaU
+SJmxh9AGg7Xma67yVVlPwQlFBcp+wKe6dCXq5aoFeYQxiOA3BPKkpKhir6IdjS/p
+Y22wBBUUrwhqhfxWLi4PwZwgX44oAXmjGyWbs5sVaRn8aXLbSs7+Y6I3B3eL+8Wg
+uBFfBEbugXtnt4Bb/SCzn6B1RqsFC/vNb1x1vqrA0l/y2+2hPVetEaiD1vlUIDC0
+kvxbWSH6EarH4k6eM1dI6ie+rZ87hM12LfFbKzjrJxoxdo8Rep4h7B0cStzz0Vc3
+I75ZnUmncB9gDrF+cbVi/5yQ6O5JKTpwFyFilV3kyWUJJpIdMg/UBlDXN3Xq8B9O
+T+k98F8cOzapFu7sBFj/euD27zubl2WQFvYjzsP/l9BB0GruMAFAxqNrvvpq6/Uo
+r2xVvBrmpXbqd8uXsaGg+cLCw5p8mlPaOcRVXeuveP6bvAy8u0PP9wlTOVj0f4vB
+Rz4VOg/0GderyudWgz5WqSTSmk/AuRVM7txtQwRoTKR0pNB62AM2/LBNymfoNcwn
+My/dfWqvUQXLqVwK/Rq8aln4W2GJhw9ABAzsfin4gOupIqFmOIsMx9DmKw++ETg6
+OE6a/Qrtp9I2gbxshEQkYDg5DMFXApSwC25dO9kpXmRQUWqMTyglRXeldmJLA/Yc
+m74FQrsaTznEm7ji1XPUEgkM6Es1fdXJiXj5WuUKZrcfsgMVeRHockanIAgO7svj
+hdNn7AAmcXhzWqF4m/992Sc3V4VIuZKsCskT5fxMHRUVNXh3nZYBNpMLKbU89p7k
+W9u3+tTdT9yXtaDHg6sXGK5Dz0HIMa1i929cAPggzinqY/fUAXoH5wIABCa6vHEz
+o74lnyMxcHvu62/KKvuv8ba7jdFmtW0pKPMUxjKLSAPNDOeZVt98+Yip0Hx2BeLM
+1mnNWFPVbQBOcswVFToqH6zPzrB+/p46JArv8PlIYbsnPLHDpmhFm16C6VDF0vvm
+/QKcsYWA6D+f2ghn1ggxz12b+kUDbP534MsxTSIpWvKUAR8D7BEDxQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16.pem
deleted file mode 100644
index 76ef3b7b53..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16.pem
+++ /dev/null
@@ -1,156 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlySomeReasons CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTb25seVNvbWVS
-ZWFzb25zIENBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqY5YemfCgwOg
-IB+hdOlRZFTinhkf1OaHBpkEgH6r2jJPiuhXh30ZT2TwX9aBiEGnnKuHuZmwGUK/
-DCnAfvpZ621Oo7LXsNQFtGDYrh8Rfu93TxunsJNZQ9ZXWEcIjot4YGkbOO8Nu0il
-Z/zLKJKQUSKKBW/5glVtiynAaixm6k0CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFOBimt8FUL0fD1sYSf6+cB3M3Dlu
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCbnkFzDActclPpCRyu9PWbUrnQ
-ZU76d5EXV40N6ma0OBngkU+7TJgmUNS2anUuxF51tkeYvMlqADT7KijrN/rGSipZ
-yVR/ds2UaXdbfIfuFOs5TuVeClJ21BkYQgrmZ90/ti2fgIKn+cA1MQcnthtmtGJx
-1JuSgthIOVfbeMWdCQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test16
-issuer=/C=US/O=Test Certificates/CN=onlySomeReasons CA1
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVh
-c29ucyBDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu
-dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QxNjCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlmAr5pfd8vA/RDJSfo8qPEDAbLwbxhVf
-lv1WYCncGfhiyC77BYzSvBHiEp+84tJW6lBUUEewGRBDKerNZAnqkirYwLYccwav
-76qQJnSFTKmjDS7BofPWH8/bVZXjwjGikKAChuVcBykwZt9zOhFCM4y5wUv1IEHe
-iiDpoHEIPqsCAwEAAaNrMGkwHwYDVR0jBBgwFoAU4GKa3wVQvR8PWxhJ/r5wHczc
-OW4wHQYDVR0OBBYEFJdQKB8LbKa2dsGgu3qroJY+rlmzMA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAG5qf
-f86xb10ogmC7H1f//9eykm6gAA0EWFwyXzjCkIlk9WPjGOTBU3WNURziN5LdblcZ
-Csf3gFtni07sN4ISdLTnJFzuW8Nk9vfmmhV74guH9wvMv4fCVInMBZEaak0bR2dY
-LxvWYJ8K2rgUN4E3A5nNFA81/1xxbwCq7c2koa8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E0:62:9A:DF:05:50:BD:1F:0F:5B:18:49:FE:BE:70:1D:CC:DC:39:6E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....`
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        99:f8:e1:09:a8:5d:d4:4d:a9:18:5c:91:9c:2c:a2:51:7c:dd:
-        61:bd:4a:38:0c:5c:88:46:56:55:06:29:70:0f:cc:1d:cf:44:
-        d9:9a:b9:11:94:82:53:48:b5:08:4d:19:89:42:c0:ff:7d:42:
-        e0:39:98:43:6f:40:f3:e9:5e:8e:fe:56:3f:f4:4c:60:0e:22:
-        29:c3:90:7d:2d:ea:d2:96:f1:3d:ce:35:d4:30:72:f2:9b:fc:
-        86:44:fb:05:b7:3a:08:d2:bc:95:e8:d3:2b:18:a1:64:c9:25:
-        19:3f:6e:8a:a5:9b:99:e4:f4:ac:1f:f9:ea:72:9c:88:b8:8f:
-        ac:e9
------BEGIN X509 CRL-----
-MIIBdjCB4AIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEBFw0wMTA0MTkx
-NDU3MjBaMAwwCgYDVR0VBAMKAQGgQTA/MB8GA1UdIwQYMBaAFOBimt8FUL0fD1sY
-Sf6+cB3M3DluMAoGA1UdFAQDAgEBMBAGA1UdHAEB/wQGMASDAgVgMA0GCSqGSIb3
-DQEBBQUAA4GBAJn44QmoXdRNqRhckZwsolF83WG9SjgMXIhGVlUGKXAPzB3PRNma
-uRGUglNItQhNGYlCwP99QuA5mENvQPPpXo7+Vj/0TGAOIinDkH0t6tKW8T3ONdQw
-cvKb/IZE+wW3OgjSvJXo0ysYoWTJJRk/boqlm5nk9Kwf+epynIi4j6zp
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E0:62:9A:DF:05:50:BD:1F:0F:5B:18:49:FE:BE:70:1D:CC:DC:39:6E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0......
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        5a:9a:70:59:4f:6b:42:27:d8:2a:70:9e:91:bf:f5:09:c0:2c:
-        8e:21:5d:6a:76:0f:70:61:ee:f8:20:c3:00:cf:7b:40:78:c5:
-        25:5d:17:cf:c7:74:61:29:40:93:91:c1:52:68:4c:02:e3:b7:
-        c2:0c:e3:26:ab:fa:2f:e2:0e:70:60:d9:ed:34:ec:72:4b:98:
-        57:8c:5a:dd:1c:50:d2:6c:44:ee:4b:89:d6:f9:d4:79:64:9f:
-        e7:f2:4f:e9:10:0c:8b:12:c4:ef:e4:2d:f8:8a:c6:94:9a:59:
-        24:1b:f9:d4:6e:4c:19:4d:ed:4f:3f:e8:b1:29:f6:6e:2e:0c:
-        d1:ef
------BEGIN X509 CRL-----
-MIIBdzCB4QIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0MTkx
-NDU3MjBaMAwwCgYDVR0VBAMKAQagQjBAMB8GA1UdIwQYMBaAFOBimt8FUL0fD1sY
-Sf6+cB3M3DluMAoGA1UdFAQDAgEBMBEGA1UdHAEB/wQHMAWDAwefgDANBgkqhkiG
-9w0BAQUFAAOBgQBamnBZT2tCJ9gqcJ6Rv/UJwCyOIV1qdg9wYe74IMMAz3tAeMUl
-XRfPx3RhKUCTkcFSaEwC47fCDOMmq/ov4g5wYNntNOxyS5hXjFrdHFDSbETuS4nW
-+dR5ZJ/n8k/pEAyLEsTv5C34isaUmlkkG/nUbkwZTe1PP+ixKfZuLgzR7w==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16EE.pem
new file mode 100644
index 0000000000..f4692f06c6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: FC 19 32 E3 5B 7A 6F 8D 2A 12 5C 1F 0E 6C 58 47 CD 38 02 B3 
+    friendlyName: Invalid onlySomeReasons Test16 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlySomeReasons EE Certificate Test16
+issuer=/C=US/O=Test Certificates 2011/CN=onlySomeReasons CA1
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UEAxMTb25seVNv
+bWVSZWFzb25zIENBMTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGYx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYw
+NAYDVQQDEy1JbnZhbGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MTYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq8KivhrS5GZix
+Tpa3ipGTij1/L7BsHNs4DNbMHldcc8b0clfqiS4/svyHh0VryHBWmHRdCgZbkQey
+6DjkzmCk4w3bCP1HtEiMGY5Wxr/XdDBuzCwb87pqKb1KFFqgzgxRfnIswCBPlmY/
+IE0+WL2hbMDCOcfswi0ErEjBAhLglYqzuCb8r4md8jbkn5G1slSeR81NEpBoB/RJ
+0pRFlAlToLm5rp3B19nOYg10J0xhUe+UvQ+4VA9waWVj+X0YrAPebjU68TGP09XO
+r4bmI8Wr+3evvbG5YoibP2xKxkaM3TIvkKKMwvAwXF9riZwIgH8jzr0gvPquRDWG
+d+/X9HdrAgMBAAGjazBpMB8GA1UdIwQYMBaAFFBo0QlBJ4fnCk63eFb7F47uBAdx
+MB0GA1UdDgQWBBSpmSNi0uf7AXBBlsBPTYcCUJ5jZDAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBxIJ/R
+TDz+JlEBsKmnazaVAZqhgitlJffJGlWgsWj/Upaw/3CcGtvfY0lOjD3+IFdloKNm
+gmoiDvovGFwx+a498KvDG+xiiAQ80sJfCWhSrobV+CfqH1zI5KIenbk0tziaUyX1
+BudL/+68UPc8gvuTy+nGZlF2TNx0ur9fQ0YTxHMQqInRzI1S8lRDGAWnXiE9j98a
+BUvTPgJIe9g4TUBJmzDg4A4WQjyLbyHgzk5nT5QAkwcejbw+eBlIR4fMAIcKFTp7
+7VMxuHNgLCeRq2kejdJ8sFoeInFVJg6+WDP/3KMiKZ1DnSVOsIKJpIiwBXR0hg2u
+7qYSQLZQDhrFf1CT
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FC 19 32 E3 5B 7A 6F 8D 2A 12 5C 1F 0E 6C 58 47 CD 38 02 B3 
+    friendlyName: Invalid onlySomeReasons Test16 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,401E21BDD2BD841A
+
+0atul2/gZlaBAQfxewjEVGTp5EG00HVEpV4Ll+94rY+pUyCz3QTOb2/kY1++6HY3
+M5a3BWCVONvlEhNJHhq3DDCmroo8sdt3prhUAIu36JNeguySL78FY+KYb07mtygY
+74dHdI1InXkEQYApCkcDL7umrRXh5Wb+wbYoXBjlom+yL4THQLYDhhfEJVpJKVO1
+oCLdCzD9Lt1A10siesKHvqiIokuaGz+iZitY6lIiIgtFp4W1u+L+bbZd3JRddpuQ
+xZFtwW5SCf7tb1zUx9bcFxQDlm64+dLtklxdTbN5uLc2HcF22YPyip2qmmhxnkX2
+VE16SALv++CqVhHL4a7q2ZoWbteddRvvu0KTdVXkzTJPni1GikR0UexaL9mxodLY
+ctNrxvi1vnv0bH54VKRwDFJD6cG6poMjrbmZvr/8q/33o62qU4+lSyKkl5iqwqXr
+CwW98+USoQ3Zh7jYNtou+/8HShpqiDEO8sR0Z/8DUscxs8e88ZXIE5q2jfglP2qx
+gshFKUEEF1dwP/0rzVDZIKBOqTG5fDvBeKM+38ZELt/EiD+FbIIkV7ZX3MlHa8np
+zQXYZqD15Ns3Sl5lbO5KgCgGLvHq9QAcFb2GenJWX+18j9nrT5A7kaZpk6/nRQn/
+rPCORm/Xz5Sd3rNlI3MrqtP+hqEECUYm9KrnYUrjtfeRGoftQrMTHLiL3ryDrowv
+XyPjVKjSlVBKAbFCvqYqeBq6VMDWaPtu/kRlBZ5NqKGXu+PcEcbzlHfp3KwTsvJY
+qxh+atDb68RMAooTkXRs9zDEJOcSsGeozSYpKuypBrJiQ4K7l3qxeo3flAjUbGYI
+zSCVY2PqvAktHoqe/tUzPiUfDoVJ/ohxKw8oAPjy0+1czV0k4vGBs3gEj6lfqBGY
+6oaMtOaTwcYJJWAklH1S55JC09pNvsy04wtRSH//AvVrAwbPrVKXyIfg7pborWX5
+AZw6/ccYszPbASmLlSFQRBkoF4JrxIXMsG/M0WqMHETjdFVT0rYJ6WVZcTlb9Rk9
+AfoNifeMS6cBJXszAAV8wCdA0gI2s6AuGEInFbuuIezNg8KqJ/hsiLYSxGJfSLs2
+4Mu+48vY1JrvbyBZ5fbs4A35jZ4RmrqjkaiVgArgWxcarJcrOiqgxzJPv22l2Xqc
+UntQ9MmeZrSGx2Zp83CdcYt63H5UX1pxt9annguYaVFyZ8P1S7/QtWWauUTHyxpn
+sdwQWXHTNKcn1D+xqtdRDZkTnkcbHLZYJxN38UfAUL+yG8TsSE4YL3i3zlmI+T+q
+Z7rRddx7jrZAXYpWOVQF62kpV5Uolw7ycYUawjKD3zzy/hn5O0ZxTrwlRH7ikHP2
+7OSUW4TIgoCDr16brTvxMWq9W/JuwC6atjQhOE7DcVKtl59lszihZTabrMbFV30f
+eaHvamBqZaEK65vRuVeJeG4diEysTam2PJA4905Ji/6oRj1VtvrnwoW19x5WH61J
+23+CvEj/cJDrzUtX5sEDuvj0U2drmlDjauuoR6OZJfrB/gzrq+s3pvT98g8loCML
+yMDrZBPtFm4o5UkgJMXCjUKQNtHVbq+t2wOJZWpLPRDoQnM4VsZn/Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17.pem
deleted file mode 100644
index c20945cd91..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17.pem
+++ /dev/null
@@ -1,146 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlySomeReasons CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTb25seVNvbWVS
-ZWFzb25zIENBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxjus5muZnJK+
-vbTiSr7l+wNZkm4bBceUnfDkXaEsbIwJRhzBb2TVPT0Do+y3R/r9DGfLYXxCHohP
-OsEkgaaxsJcVNb560ICl7I/WjFftw3D82YeCiqtUageZZbHBGBpb/utZyPdGLoc+
-F6OmUprS/F3KhP6SSVq5/tN8vYA7dqsCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFKqh79hc2DiyM4fnkx5FQRjQinuN
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAn3+Yq1ETHIYeBdtTuzCeQHWWo
-VC03XoW3PZMLAKJZof8WbYui9I0Mz8eF7Ae1tgk4luOkc+1VEuf9Yj1R3/DnrFYR
-Ws6bImkBgnSYYiUSo1GuqCC6L3FuD7KLs7vaCp+9EfS0igqOXxJwEESXgJixsOkz
-/lp/IH1QU84Vh6fKlw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test17
-issuer=/C=US/O=Test Certificates/CN=onlySomeReasons CA2
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVh
-c29ucyBDQTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu
-dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QxNzCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAr8VCnAdQKISRnLmjaXbkkMYcS02qC5Mj
-4f2jw/FDEJKBWKopXex3k9qR+Dvaz6yGEJoi2wj1sUo8xdChVd1XbjGEYxwkaqpe
-cOPYjHlvVF43YGWYhqWOtohBZfIT5uJi0rxZNApuHARfo6UGBaceSk/DUFbos1ag
-lCxoF4pf+5cCAwEAAaNrMGkwHwYDVR0jBBgwFoAUqqHv2FzYOLIzh+eTHkVBGNCK
-e40wHQYDVR0OBBYEFK5QFuk+bZ4HFuTJCRy2qPFS7YZ6MA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAOShO
-p8bEYTzkGWyiUXPs0fZAQzFbgCpN3Q+ky2VZblbIuJTOToG/UiyIQ2FNCq53oBYe
-ZYiuewxa/WWDunOwx7LwPtcksOo3M5BzFmZEqTKALQryiXj9X3ob3tZJFTpAs+X2
-joJ0q+U06GYvbXscfXdm8nvBNA+r5BczWTlAG/4=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:A1:EF:D8:5C:D8:38:B2:33:87:E7:93:1E:45:41:18:D0:8A:7B:8D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0.....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        38:01:7c:3a:47:fa:d7:7a:f9:a0:3c:17:f8:db:94:e7:1d:a0:
-        fa:47:07:6b:ae:03:68:f4:f8:b4:4c:7b:70:a5:0b:5f:92:8c:
-        b8:c3:32:e9:55:34:38:53:61:ba:d9:3d:dc:8f:39:45:dc:51:
-        5c:ab:7b:67:80:47:b8:60:6c:88:4b:1a:8a:57:fd:73:69:0a:
-        ff:2d:c3:23:8a:62:ea:31:c3:4a:07:3b:8b:89:a6:dd:4e:e8:
-        8b:99:67:71:62:92:db:40:1e:af:e0:b4:e1:09:62:1d:42:69:
-        b6:45:64:d8:94:4f:30:40:43:e9:38:3a:59:29:6d:0f:8d:72:
-        0d:8c
------BEGIN X509 CRL-----
-MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgQTA/MB8GA1UdIwQYMBaA
-FKqh79hc2DiyM4fnkx5FQRjQinuNMAoGA1UdFAQDAgEBMBAGA1UdHAEB/wQGMASD
-AgEGMA0GCSqGSIb3DQEBBQUAA4GBADgBfDpH+td6+aA8F/jblOcdoPpHB2uuA2j0
-+LRMe3ClC1+SjLjDMulVNDhTYbrZPdyPOUXcUVyre2eAR7hgbIhLGopX/XNpCv8t
-wyOKYuoxw0oHO4uJpt1O6IuZZ3FikttAHq/gtOEJYh1CabZFZNiUTzBAQ+k4Olkp
-bQ+Ncg2M
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:A1:EF:D8:5C:D8:38:B2:33:87:E7:93:1E:45:41:18:D0:8A:7B:8D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0.....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0e:a8:95:98:a1:9d:34:e4:fd:7f:b4:bf:94:48:d5:42:03:a5:
-        cc:e1:85:55:65:15:c2:e7:cb:33:a1:fd:d8:cd:12:04:92:50:
-        cb:bf:ea:6c:e2:ae:bc:55:48:cf:4a:29:61:6b:42:00:4c:08:
-        35:f6:49:30:e7:37:94:a7:38:bc:bb:3c:8c:c3:11:ea:11:f3:
-        0e:bd:9f:8f:a0:32:a2:b9:8a:03:cf:6c:eb:75:d7:5d:5f:f1:
-        fe:97:f7:d8:33:e8:9d:9e:21:b6:8e:ba:2a:63:c1:0c:57:64:
-        dd:90:98:34:4f:db:a1:d1:11:0e:77:13:87:f4:b0:61:c1:36:
-        1f:c8
------BEGIN X509 CRL-----
-MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgQTA/MB8GA1UdIwQYMBaA
-FKqh79hc2DiyM4fnkx5FQRjQinuNMAoGA1UdFAQDAgEBMBAGA1UdHAEB/wQGMASD
-AgMYMA0GCSqGSIb3DQEBBQUAA4GBAA6olZihnTTk/X+0v5RI1UIDpczhhVVlFcLn
-yzOh/djNEgSSUMu/6mzirrxVSM9KKWFrQgBMCDX2STDnN5SnOLy7PIzDEeoR8w69
-n4+gMqK5igPPbOt1111f8f6X99gz6J2eIbaOuipjwQxXZN2QmDRP26HREQ53E4f0
-sGHBNh/I
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17EE.pem
new file mode 100644
index 0000000000..c8452ff291
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 93 C2 7F 92 78 A5 D0 5C 78 50 72 A5 F6 62 FD 93 CA EF 6B D8 
+    friendlyName: Invalid onlySomeReasons Test17 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlySomeReasons EE Certificate Test17
+issuer=/C=US/O=Test Certificates 2011/CN=onlySomeReasons CA2
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UEAxMTb25seVNv
+bWVSZWFzb25zIENBMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGYx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYw
+NAYDVQQDEy1JbnZhbGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MTcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdyWxytNcj3eU+
+PWXaYyWOlUWPg260Q+7EygIhIMtLWwazFS1aJlH2AYPhjpz2u439OI1iijK/koDI
+oxH9CiCJPRWL+IwKA0YKgfxrcFy+g98ZcMiuIPvO8aYVIX61oaCWt2megEMv+iaT
+EiCd7FY7wtY2hFNYnsxaWzVnFw4uvWBJRtq01eyseDnbZwBkYprLZBruZ2NUuFmr
+Q3UGTZUyIDbJLGDcXI18oPcVRZCy/H0nZ74G2Tlp1lXedwmq+/bS/4dJ+mi/Pp1/
+oKJRmK68qws5/5CSrZdTTxij6Y4X71YjTAxT7nncv90Y74kp7r9kXBzE5AmRngCH
+JYeWOm+XAgMBAAGjazBpMB8GA1UdIwQYMBaAFGBj39IjpCnWQaSsyoZ5mKZlAUiu
+MB0GA1UdDgQWBBRzj0ftEusY+0fq1BL8qXXHBtuKYzAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAZ2lOz
+SmjaLWMxDGxzcQ4GFP3G6AmmmvZ1sVAnx4sOR+felUoU2Y5rSdP04zN5loCrY+gM
+vP4YIbgHGqvoapdvTLTwVCjxXKIt49fYBiT8u7KErvtgyFC4HMh98SlPjbVLPwFH
+NPfcx2CtdiVaMFpw4k0MFwhSWfLyEqHzYG9qVJUZ2FdlgJ7/fjM+Xw8+OyN6z5ey
+Z5HVIdS1aFHcR6Je08WL63GQGz4DmpASlMMtuQCgNz/kESJlXhD+4kwchA8v3xc7
+NtXeGL/qF/J7EQmH1JwGytg1n6WUWUmOakv3F7pL6Xj4Ivf9OOKFI4FpdeYBzuQw
+TTaBNhknlz9zwf1Q
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 93 C2 7F 92 78 A5 D0 5C 78 50 72 A5 F6 62 FD 93 CA EF 6B D8 
+    friendlyName: Invalid onlySomeReasons Test17 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,26B819BA3A805333
+
+e62CbjykF8e9NCDf3Zq9VJMGKdo6vwbHCy4HNfbIGUAzUbLkYw94cI1fEuD9BapB
+gaazv0Bss+FlieKLqqv4Euv+t8+dOjX5zorXZTIaHjz5ABLbPSpvPyBuThgQGLQH
+dzY45kBRU7S14lM27R5ZhSVVljb8c1afY24B8r9YAavWInPGMMCNs0/GRSzk/YLK
+Cx27HunJgnkssgvS8TMyQKjd4Hth+tjvb23JRCspAY/dP/cWDUUTBpRnc50aztQn
+4OXS8XE6inkpKhT/sg6B4jlOoW3xdLiis7lS/pRZKqT2Sqcum+FTeXtl4Li9/h9P
+93mg+7Fnv+YdFKjlZYgWkqRui920SRBWTZb7yynjCqRvA8GRRcz/MLMqc2xCyvXQ
+Y/pcCR/N+uFu5ZAon7f3qQ7ZZgKJ1zYRPg21WoWwWpPCbL5zI3+5m5+ERAGQIGHG
+wv4044esRpxbZRCzCWvWCwYObY42dXoDWuhHN/Pk47wc9dxu6118rrE9H1g4fqRy
+Hoi1mARNWWTcpSJWKaph9St5M7JLzkOA8Oen6oSMoXXBnN1CiFSofoI0ibymM1NI
+1MTVda9DabToMpV365yvR7Jb1CR74jhtHN8EzV66zdz2jQUJ+32OA+TKAxqZRPlR
+B/1NK0L4ZL/t18DpUf2l7aw7jaM25iviwJRkEZ0BWMNc70E43Qsza4I1YJrw9pk7
+njTYse901rURDB7++ptOntB7n85wi4wbgpEAXxnRlApzyRKwqdjkWamT5n7MSwAo
+eKO3XU8OJAZKlsQn7oraRY5yzsr188k0G6qoicXfOf8oGpQZZ+WE+3MNJk1QYxNX
+eTyu6xNiGfM9ZPBSM5tvstjd0vOl4USaPAYEpWOPT4oEHjVWrVX/RwmbHr8yFJZc
+9GgVjwAbE7eMo8+yd6mDmQND9QS7qkn7ciMt9FyW10U3eWj9zTGTl5xUx10ocFVn
+RcXvVEBvKZlWSVYXHZjN0F1X7e6HRzlaYt8LG0F0GFub++WBoDjYxATiTF+vH3wH
+9NWB8WPVgNwcoJHpg8vaUkf7LDB4HU2dqUwfzTGszd7PctTafbvAlR0OjW3tGUXr
+E3EdckoFmwsBepsWZ38oLId44n+jJEfYTL4/1AaQcvoIj1SAoqHkU98+vckhU9+1
+1vP3h7/UNGA5HJH/SvNlp0V2wrv8b5SYZmNYcjQZvScurMXLHNibSfTUWo4CZK2w
+cn9qLSCtgHWeLrI41Fb+GzgHZrhUYtkPDHUa3UkEKameaSuP8kq0Zw3Y/76OST4R
+fDqxsjEayJfJ18vEArTXj2+/lVKasMt9Sz3O7ZZzc/safPf2jimCp3D87x41v8YE
+X7LzfKrymF7sNayxG2QhXZITvE0Y1cVHcBBiVdLmWXtyJmOlQF+yxfwltKfETa2z
+6rbKTMHwl5N7oRDCVhASsfWHFHLXb25AZVzApqmSk+dsc4LSzPxnEudj0VrIR+pL
+OlIfv9UdUnTWYIU5f9pryJ9sP6jubJ4LhC9/0RlbYIv8JY8s/jLv3fS92VWIZMn0
+b8GNIIM/Z5IzP5dkfB06grHR2gqrmlH76/kuCkA9/a+VJRSwaTrGghTYJUDlwX0l
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20.pem
deleted file mode 100644
index 91c6b1fb56..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UECxMTb25seVNvbWVS
-ZWFzb25zIENBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApawx8YRMPlMQ
-024rS3sld90L6veeiaILQ6LHaLsGJq3VdzR86qrSqOOIC4riSla8gYRwgMxS4ex2
-wjXsRFQbvsG09PcFyRJKJ0NLsY8FiVdShUDwLEohR/cdfL4Z+iCgZdY4iMaILI8a
-MHiBRffd7isOjbgUd8JKQ6DM4ercJksCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFD++QPH3awL7sFnDAKRa4JdUCOkZ
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAzmsqTCqqsyknqgNHYbj4aH461
-hKTEkZRpMSUHjJwKJWFK4fzqdC8DDlCw9rfmNld7RwxcC3/o0J5v3T4KG3C4s9Rr
-eVSmm4Kwvgjmj0tsm0TQbG+B4uLqaFAAmlBTZPYl9ABodUKUP2eKcAL7f98INanN
-/veMciSwQ7N4Ku7Zjw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test20
-issuer=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
------BEGIN CERTIFICATE-----
-MIIDZDCCAs2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAsTE29ubHlTb21lUmVh
-c29ucyBDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu
-dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QyMDCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo/2deWn2P1temSytp9fRh3t+UZIp62k5
-iNe1RKLHz08HxSTMrPeCRNnJFp5opbLpQEsUk8xludZeIcWGyLtBTN5w46xk04gh
-1Px8Z2+/mnT/ngizwoMvKZf1dqA1/IYacDNHoZB8wlR7iMEa3scvBmFE/B/Ieudc
-hxnOxEhEprUCAwEAAaOCAUQwggFAMB8GA1UdIwQYMBaAFD++QPH3awL7sFnDAKRa
-4JdUCOkZMB0GA1UdDgQWBBT9Hi+HZ9Okq+jLk3TXM424X5IyqzAOBgNVHQ8BAf8E
-BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIHUBgNVHR8EgcwwgckwYqBc
-oFqkWDBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-HDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNVBAMTBENSTDGBAgVg
-MGOgXKBapFgwVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwy
-gQMHn4AwDQYJKoZIhvcNAQEFBQADgYEAEyLMappHZG7NaHTIJRCcyylzQD0od1Bi
-cIsRgkSX4W6BWas7pnbYsIaBtY7SX6PU8lcrIBdjUlKUmzZP+0f08ptO5a4ZPaY3
-mJ7GjPUXPN8T/P8cfpU5A3AlaLam894aWe2vJuwmNlrEs6I0mP20WbXkYjmg2qzP
-joyjMV62Zb4=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0b.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL1...`
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:c9:cf:ae:6b:51:3a:d8:ee:4f:85:3b:a7:18:30:00:6c:cd:
-        0f:1a:59:06:50:fd:75:49:44:9a:af:71:a5:74:ca:25:02:e1:
-        fe:c2:0b:15:f4:db:0a:8c:7f:ca:9b:de:cd:bf:1a:2d:3e:10:
-        1a:a9:4a:9b:a9:64:75:01:1c:dc:26:b2:f6:ab:2f:d2:7b:3d:
-        01:f6:fb:64:a4:c8:53:65:b2:80:5a:1d:22:e7:3b:9c:12:92:
-        96:01:0d:74:83:d2:72:c3:a6:34:cb:54:bc:75:c4:34:12:c1:
-        4e:40:2e:e1:28:d7:ea:6d:c1:9a:4b:80:dc:2d:7c:7c:a5:a7:
-        28:75
------BEGIN X509 CRL-----
-MIIB1zCCAUACAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIGgMIGdMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG4GA1UdHAEB/wRkMGKgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgwIFYDANBgkqhkiG
-9w0BAQUFAAOBgQAMyc+ua1E62O5PhTunGDAAbM0PGlkGUP11SUSar3GldMolAuH+
-wgsV9NsKjH/Km97NvxotPhAaqUqbqWR1ARzcJrL2qy/Sez0B9vtkpMhTZbKAWh0i
-5zucEpKWAQ10g9Jyw6Y0y1S8dcQ0EsFOQC7hKNfqbcGaS4DcLXx8pacodQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0c.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL2.....
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Affiliation Changed
-    Signature Algorithm: sha1WithRSAEncryption
-        3d:11:d9:b5:4a:98:2e:f6:01:84:ec:e5:d7:d5:20:45:06:18:
-        19:5e:18:1b:89:27:c3:fc:7a:ea:a7:3e:3d:bc:ff:26:f1:69:
-        90:73:a1:2f:d6:0e:82:36:1b:f7:98:7d:26:2f:07:86:05:58:
-        b4:5f:ce:84:6d:ef:4a:51:e8:40:4a:51:b2:57:46:b6:76:e1:
-        8f:0e:b8:03:16:88:72:c3:88:74:74:76:38:1d:44:87:88:c2:
-        a5:ce:34:cb:a9:bf:a1:6f:e9:96:e3:a7:ab:3f:be:a5:60:b2:
-        4b:e2:bb:f8:1b:84:4e:eb:69:ae:01:f2:5a:e9:78:9d:ac:38:
-        45:4d
------BEGIN X509 CRL-----
-MIIB2DCCAUECAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAxcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEDoIGhMIGeMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG8GA1UdHAEB/wRlMGOgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwygwMHn4AwDQYJKoZI
-hvcNAQEFBQADgYEAPRHZtUqYLvYBhOzl19UgRQYYGV4YG4knw/x66qc+Pbz/JvFp
-kHOhL9YOgjYb95h9Ji8HhgVYtF/OhG3vSlHoQEpRsldGtnbhjw64AxaIcsOIdHR2
-OB1Eh4jCpc40y6m/oW/pluOnqz++pWCyS+K7+BuETutprgHyWul4naw4RU0=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20EE.pem
new file mode 100644
index 0000000000..b290e103b2
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20EE.pem
@@ -0,0 +1,66 @@
+Bag Attributes
+    localKeyID: D3 C5 3E C8 EF 55 F3 CD 93 1A 83 A1 DA FA E6 40 04 A0 52 2B 
+    friendlyName: Invalid onlySomeReasons Test20 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlySomeReasons EE Certificate Test20
+issuer=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA4
+-----BEGIN CERTIFICATE-----
+MIIEfTCCA2WgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UECxMTb25seVNv
+bWVSZWFzb25zIENBNDAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGYx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYw
+NAYDVQQDEy1JbnZhbGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MjAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiRMsPRNlOugMy
+cCBZrkN/m6EPMxUK2+PNt+QSx4QWPS3OlSLxzUhhD6yc+zMeMyluGW0rTvlaiFeG
+/6zZKonarHmHwwqc142IFGSZU9WFT08sZ/w/j80GROqxD/Jtn1IREh62S8KeWJMg
+1zxPgJYXS4CzI+MGs0B0J9aSAngRlca6nGN2a8VoQP0vdw68Ndty5R6+/eTHjY0K
+av6WdqC2C6sJVTXuL/5gTewVfVsGd/jKWsVdS4l0gIMSyfB0XxuCUzOhLgiKJ8BL
+eWjanMWO5QhmFbfe3HhMzJAS6K3FL2uLc5V7cFElCoJpnXVqld+zqcVCoBsUcDx/
+NJOG7aT9AgMBAAGjggFOMIIBSjAfBgNVHSMEGDAWgBS+ZtweDAY79tOINJFTJoEN
+aBduyTAdBgNVHQ4EFgQUGACS0xeS/VfcsU8QUHe/mKls0JEwDgYDVR0PAQH/BAQD
+AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCB3gYDVR0fBIHWMIHTMGegYaBf
+pF0wWzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExHDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNVBAMTBENSTDGB
+AgVgMGigYaBfpF0wWzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExHDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNV
+BAMTBENSTDKBAwefgDANBgkqhkiG9w0BAQsFAAOCAQEAlo+iWYN5GvvLUmNv/OOK
+T5LL4QSHSsEsRdsq5ZJsM53pqDVm0/DtGncdiknY450Gf0194CTntp19YXmOOWWe
+FTr90lahPlXb60lRMngOFTpusFymkxhfwqVukhu6wGrq7B56lozEziFc4TB+HLX2
+z4I+n88inNtPN6diUh8ga4PGtqAJoHUYPRwPFRTw+wi4NlHSQZggGKEpNHHkj7yD
+hJtgv3QYSTHvolbYx9Yp4u1RpFX0qEK0koIHVgHGEFxNMLcMScPrmfA1R0zrcRAT
+PSu6f8jlT9RA+Z3InPSQg4FBrUzt5BLORt54CCpHWu/I6DDfoBHrsLiyRFvQiENm
+qA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D3 C5 3E C8 EF 55 F3 CD 93 1A 83 A1 DA FA E6 40 04 A0 52 2B 
+    friendlyName: Invalid onlySomeReasons Test20 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,936BF71DC9DBD730
+
+5tsLFC8puE+be9YJclRpByPGMUuvjdyd3zuCN63T6QCm9KH+ZVw0oaT1RVKg+Q1R
+w4ejiaqjxXJtsTu5cig5LMJvRzA1/9EB6b0Oa91SibME3AK3l1i0GoA274KQZ/J0
+FcEgMNTcFN2yyfL0uVW+aAZLYnQ36tLp6Z0pHQay6bfgpahDpRA/BpHoyYhxnqoU
+GeArspTdLdhy4f7+HBSVkMnEET9pBtOYXywOfjsj3aWKLy3Y9Tz+LVH7Ezi631Em
+x1/fauHxQxNXIP2eaV6Y3g+YaAIVGe83014V2KSH22YT2rHeO1OOyt/Vfss5dsfH
+D2wFvpB6/c4jBGHL3wGW0dIl6LJSSVSOXx+P4s1hi2otksacO851HNctZicv6s3O
+1b4V7KuTlSO85milbMl/XCjMvQ/lj0ZN41/FPwFLokcV5VDFLmRYRpM8X/FHa8na
+1AikczhWU0LlhH65JLYA4erQLsnehf2zyZS7L77MpZPZHRAoVYTAggHRUE0h9D7m
+qNNYqtdHvjxNyv090Iv+qs3HRhc+YWpLQGlBRDeCeiDSweSlKv2MIVXv9jRAQvtV
+IQuBfpzjrBlwU0OGnTR/LfRCZqEqoJxnnuVwuVuxgaO+zFY4HeEHAm3P6jPX5BHC
+Wbnhly5yne3lZQNcklLXu7W7lqW0SjT3lOiJmZoWqQsPmOBaWu77Q1DRr/NwnA7n
+lD+jZ4MioZcOkI/WKOkeKnFMwRfceEo8HaHYxfWPtm0MpC5TDD6CjSc34w3xLZ31
+83HfUlLeZdbkJ680SecLm2A918lob8sZjSOZAjx1ZoJQeaTVhm5mLTAhAAWE9K8Q
+KBo/exosNh9b8mjtxe5QG3puXd+p2almF1w+Xa0URiAzWFo5rDfHE4pURbYWUs6d
+m9telasFGEikjJkJBnvKz5wPRIjWGNbOzg2oTU42wyZpCwpqiKNAZ4hi1j/nUGlF
+nX4Ku7fKLebD/vvoJN5z/kFz9zpxa8/ygq4OR3IooOBHP75fcVYQeIDa8zRUYu2g
+M8v6vydKgSKBS53zC9hGVxSmg0EeI86XzJVGFaxMArkkybs2Qcm4VpaTtRsRWc//
+tjHePHUzEjgeI6eN7sDlTNY0euzRrrTEUXBPIrLbhUDrAQO0Agnt0ibqND0T/BGp
+8YN8v2fjgI0mvAlh82hn/oFC4b1d+NqEbZyUL+bcLuf8kPYSq8UYYpdE8npW0TZS
+sIA0eTGWLT0apKBcRIBT+fuhvn3F6sqagL2d4SQBLWelt5bImOf48PWBDocngY4U
+MdenQAGxGPc14yPBx9NigcLj7kfXywcnZYNum9NbUgTITIlkXsTS+Y9AI2TNGPvy
+/KCZSoXDX/aoNWuhIa5FCGjJ3tAnHBSCFOxwLYTpsVV3xu7aCB622strxP0XzYNf
+C05Fr6LAsZckRyp6lcrPNeWksh1TPIVxZuQgbTaiGfqbMa5WqsMezWkRWhd55R53
+EBl/g52D2v8DAucROQcja72O6GYq1QNRLFhUUR/IRn1ZhrkdosgKWt/wWvNEoflB
+edxk1kI4xNxRI7Xiabc0DC/V8wc1ot/daAeO+lMfBAXpgxMjwGjTLCBlLDgrsz05
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21.pem
deleted file mode 100644
index 07b5c9b27a..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UECxMTb25seVNvbWVS
-ZWFzb25zIENBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApawx8YRMPlMQ
-024rS3sld90L6veeiaILQ6LHaLsGJq3VdzR86qrSqOOIC4riSla8gYRwgMxS4ex2
-wjXsRFQbvsG09PcFyRJKJ0NLsY8FiVdShUDwLEohR/cdfL4Z+iCgZdY4iMaILI8a
-MHiBRffd7isOjbgUd8JKQ6DM4ercJksCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFD++QPH3awL7sFnDAKRa4JdUCOkZ
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAzmsqTCqqsyknqgNHYbj4aH461
-hKTEkZRpMSUHjJwKJWFK4fzqdC8DDlCw9rfmNld7RwxcC3/o0J5v3T4KG3C4s9Rr
-eVSmm4Kwvgjmj0tsm0TQbG+B4uLqaFAAmlBTZPYl9ABodUKUP2eKcAL7f98INanN
-/veMciSwQ7N4Ku7Zjw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test21
-issuer=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
------BEGIN CERTIFICATE-----
-MIIDZDCCAs2gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAsTE29ubHlTb21lUmVh
-c29ucyBDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu
-dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QyMTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzgd55Gu4oIU3A4rk6mO8UVYckksUPNUx
-c+r5iyehCTZg5HpsL0JSKVXAlRwGm5Q7YtHJE+teXB2BM0iMSAIZGNX8fktIN8nK
-Lrw3CHA+5ZySf38wiaNzTgw3V7UTBQ01sd50PWuvL+jOm+AcaCMvdcqFJBP0yhCS
-nkdd2MUeY1MCAwEAAaOCAUQwggFAMB8GA1UdIwQYMBaAFD++QPH3awL7sFnDAKRa
-4JdUCOkZMB0GA1UdDgQWBBT41fIkHaXWHPGTFvG2DPuOcjtPXDAOBgNVHQ8BAf8E
-BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIHUBgNVHR8EgcwwgckwYqBc
-oFqkWDBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-HDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNVBAMTBENSTDGBAgVg
-MGOgXKBapFgwVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwy
-gQMHn4AwDQYJKoZIhvcNAQEFBQADgYEANlJq9PF7a+NShO7uJTf788sIG++L3xeT
-OiO5bnuAe91jbQN8l4j+dHxDiT4CdVBdlUPwlENF5rtuKsjSn6baeKMwAo5A6ji0
-7YObkqeg6Be0P6fIKT29KyT17o0bXi7rRTK6PqODvOePJ/kf+x5pMpQrHEutym09
-VmHbVhUkHEA=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0b.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL1...`
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:c9:cf:ae:6b:51:3a:d8:ee:4f:85:3b:a7:18:30:00:6c:cd:
-        0f:1a:59:06:50:fd:75:49:44:9a:af:71:a5:74:ca:25:02:e1:
-        fe:c2:0b:15:f4:db:0a:8c:7f:ca:9b:de:cd:bf:1a:2d:3e:10:
-        1a:a9:4a:9b:a9:64:75:01:1c:dc:26:b2:f6:ab:2f:d2:7b:3d:
-        01:f6:fb:64:a4:c8:53:65:b2:80:5a:1d:22:e7:3b:9c:12:92:
-        96:01:0d:74:83:d2:72:c3:a6:34:cb:54:bc:75:c4:34:12:c1:
-        4e:40:2e:e1:28:d7:ea:6d:c1:9a:4b:80:dc:2d:7c:7c:a5:a7:
-        28:75
------BEGIN X509 CRL-----
-MIIB1zCCAUACAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIGgMIGdMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG4GA1UdHAEB/wRkMGKgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgwIFYDANBgkqhkiG
-9w0BAQUFAAOBgQAMyc+ua1E62O5PhTunGDAAbM0PGlkGUP11SUSar3GldMolAuH+
-wgsV9NsKjH/Km97NvxotPhAaqUqbqWR1ARzcJrL2qy/Sez0B9vtkpMhTZbKAWh0i
-5zucEpKWAQ10g9Jyw6Y0y1S8dcQ0EsFOQC7hKNfqbcGaS4DcLXx8pacodQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0c.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL2.....
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Affiliation Changed
-    Signature Algorithm: sha1WithRSAEncryption
-        3d:11:d9:b5:4a:98:2e:f6:01:84:ec:e5:d7:d5:20:45:06:18:
-        19:5e:18:1b:89:27:c3:fc:7a:ea:a7:3e:3d:bc:ff:26:f1:69:
-        90:73:a1:2f:d6:0e:82:36:1b:f7:98:7d:26:2f:07:86:05:58:
-        b4:5f:ce:84:6d:ef:4a:51:e8:40:4a:51:b2:57:46:b6:76:e1:
-        8f:0e:b8:03:16:88:72:c3:88:74:74:76:38:1d:44:87:88:c2:
-        a5:ce:34:cb:a9:bf:a1:6f:e9:96:e3:a7:ab:3f:be:a5:60:b2:
-        4b:e2:bb:f8:1b:84:4e:eb:69:ae:01:f2:5a:e9:78:9d:ac:38:
-        45:4d
------BEGIN X509 CRL-----
-MIIB2DCCAUECAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAxcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEDoIGhMIGeMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG8GA1UdHAEB/wRlMGOgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwygwMHn4AwDQYJKoZI
-hvcNAQEFBQADgYEAPRHZtUqYLvYBhOzl19UgRQYYGV4YG4knw/x66qc+Pbz/JvFp
-kHOhL9YOgjYb95h9Ji8HhgVYtF/OhG3vSlHoQEpRsldGtnbhjw64AxaIcsOIdHR2
-OB1Eh4jCpc40y6m/oW/pluOnqz++pWCyS+K7+BuETutprgHyWul4naw4RU0=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21EE.pem
new file mode 100644
index 0000000000..0e0fa5d206
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21EE.pem
@@ -0,0 +1,66 @@
+Bag Attributes
+    localKeyID: A4 66 39 01 86 64 7F DC CC F1 85 53 E8 29 9E 2A 83 BC 7E A9 
+    friendlyName: Invalid onlySomeReasons Test21 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlySomeReasons EE Certificate Test21
+issuer=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA4
+-----BEGIN CERTIFICATE-----
+MIIEfTCCA2WgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UECxMTb25seVNv
+bWVSZWFzb25zIENBNDAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGYx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYw
+NAYDVQQDEy1JbnZhbGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDorS+B8w/Omx4m
+EBUTz7QShkAsc2IODZ7s92lMmuyrwsunqvs4+eECVas4ESRfTfQ02x9wV8GnX51y
+ftm+/CZfpw3Ly7KGWKKy8+Hhb3vgoXM6GJLpkeI4GpipGl8bWrk3vJio0GbvQ+hD
+TxCoVolLgg3oCS6B0Wc8sc+90BQuPWEGYJrF9hoAICWifdEcUgFoYMYo26T2f9UT
+Mh2uipdxxgoTl6AMb4GlFYAIuzo4nnHL2C7q4DEnGX9eHCl9EJvyxhXMf/FDYMxz
+NxkE00KphWnRYnCczcnRb5kNfGD0VeEa6Qf/gLKpQ88zlaIpdGl1HeVuW2qRLJE7
+s2SetEYpAgMBAAGjggFOMIIBSjAfBgNVHSMEGDAWgBS+ZtweDAY79tOINJFTJoEN
+aBduyTAdBgNVHQ4EFgQUJzdl7+nc9pHBPeuaqXr8BGm6JRowDgYDVR0PAQH/BAQD
+AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCB3gYDVR0fBIHWMIHTMGegYaBf
+pF0wWzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExHDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNVBAMTBENSTDGB
+AgVgMGigYaBfpF0wWzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExHDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNV
+BAMTBENSTDKBAwefgDANBgkqhkiG9w0BAQsFAAOCAQEALZ6z/4QBq+fcjAsk42c4
+f/6/CitFWZY+db1jZuyjnhZcUyNqZXWczjEaIfwUeEcxPHIzthqyn+6Hw+QoY2Af
+bcvePuof71KqTwlyNvS95ggqzIDvB5JfUYYoqLX3uGsHIY8qRg91QIhwvHRv/Y7H
+EC10wckgUqUGPEvVfvX5h0FJVvedXM27SbhkfOhxufcLFnzO9a5+Hn+s/KDxPgBD
+QXxGz+uQk+h5dvanVXXVNjwQxwIKAz8SSnzob1XTiZShrhkKd0qBq3yYv/98/prM
+DH6Z4IWT5w3xpaHpmgtUNcteCXutoDAts1AMilmDV7cHLU3Pjp/zPdHAKAz0aeky
+4Q==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A4 66 39 01 86 64 7F DC CC F1 85 53 E8 29 9E 2A 83 BC 7E A9 
+    friendlyName: Invalid onlySomeReasons Test21 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0A28CE1427426524
+
+8v0WCIu3uMxm+zbaXC1cKoL4XunvJPSAed4XjMX9L1mHli9XxExo0xdaNuSAAfZq
+6B/twZt1FFO3uVfOBMjTupUFIXDRiJ4DMpWsliN1XXzotdsW9f/brWHbb6QZM34D
+LPYhxd7m2wzRyA7O8OWOAFKSnZMUeH69RdTFQD02EYxhhV+sHOr55K8Bf12rtySj
+09iwMCgOBOhCZ2/cyT2AyN4sPaVpgkPX9ndlcqzhAaH2ExIpeBzdRj63rWV8mZh/
+q2K4bWV1RXO79vuJRZuA6nsdynCP8j04wqEFXh5pKbbVnEOUBkeE9I9xih2YB6H2
+dZSnKqAPXRTyKu0QyiY9orM6bDtpGE8lp7f243zdIb9boYBy7yfOc7KI0J1Tt6jN
+zVM7SsltNUAS0MQ7NR4cyH+C+mDL0FGN8U9K6CUmb9fkDpFwfDTiFpJ4O4z3Q27M
+rNgE5393wU/DoWwNzi1Q43+46nrRBtD8x1az63xEvDzlRxd/JY1QXRKGVnpA6mPl
+JyjL6BdwOvySRNDwS+gvU8v50W8HDpTMPIWxrkL+hGFFBHKyK/EErVxpWb+a1pio
+hY28vhs2yk9TTI93gqNGDe+VBduLs0KnTxeWNI67/ML8ATftYN73A+TExGAs2Xis
+ahCV1vNv3kKWOq0tgeqGCmaL3umpsPAb8sPE51UULc0W5Kj9OJ+qTsOS6pRE0+KA
+RzhKfrLe3Fr/JBY2zONyroxcfzSW1qUamTgCh7EhbTHUq5INWTx3vaKOqeI9N49i
+wM24/ZGDULF6yckVHKbDVx8gOrame2DAOMivmglQ4ZiQ5Sr6cAfM1KZ5offji0td
+CyRS20Ou5dukqI3sbSMV+W5Vl5giAC0s6ICRjvZE8ECg3I02KZ2JvBBI14XEJbtH
+Dqb0cQsahHh0vxtkZA81J4b6hF5RjaWbwrJP7Jo9bEjhgS8335C3/kAqYkAgXEPO
+a3/esjyuzH6IM8OGjsieFbkto/WTl992ERDj885Gm1RTLAD+Jqnnv7y329cUfK0G
+BEiqDQd0nU/8qBwT0C/Tc4V2UoEuHp8mUULDawnjbIODFjbTuaO5g9Iv3+LCfbJ6
+i3GYrsQ3NF0B0/L87s96Cv2IcEhEcqc5PR4hwE6YQap4V/IWKgcZyw5WjZWY2maW
+YL2p7Pqc0VlR4SqRreg9HsvjUP5N7mNSG7YUHO7mjwTkXBnEHXddzuFPtFXg5G9Y
+Mv5M97Ix9rbNEeF+OmkZpxxZ0yE4HbxHzMwMdT08DfGL/b0A/666Q5ydsLggQ+4h
+kG8WJhEA+MaMFJft5t2po/Jqw3GLUT/NgPMpvrTY1wTjE/fQumz2xHGdPC7D0uGs
+TTzjKi8JZ9F0Il/gyxIf5YtiOnxH2uwvpx6yJW8+gIQy1deGmQrrO0txwju5vVIj
+2ogU7MEm4Rf54c/z6qruJJEd15qCt0L3oCqRxE3TQQV6iH5i2M0Rj91ov8nr+nT/
+OCtmKP56/WeqCMiGQZyaaa2V7MghQBX7U2OPZnHP3pYnLtTewsGbx0W2K4d0op0d
+PPLuQ+Uk3dyaWSzkZhq13QmMflfcTLM+Y1JRBdJXI8CySwdxxL2E7NuI9/huwNVu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10.pem
deleted file mode 100644
index 1ef60f3971..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10.pem
+++ /dev/null
@@ -1,211 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAt36UX+gq562CFiw9L16IZ/AjJhU0BB9ji/77uw3AfvBGggmikeDq79BD
-yzBFrHys/L5UeXepakX1v+XvlxFjwvc8c226jf6uKEop5KJZDI8aV4byQvc1C8Ol
-MdgZ4pd6ofTl28r1VDkdDt94c7+Gl0CqBo6LawwGmNfSHUWqf6UCAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFAJIeLnM
-AVExdH85KjfCRJN+mGmAMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOBgQCm
-Qa7i6335O64eyxJjXl3U2Bw5wN3JaK9t7f4dJAxfOlcblWbbes+Gk12UCYtxTZDj
-oZ70F4IoGU7JQt5CcdB2yQtctPK+X7A3/Vsxjknm11nCn4IhcU7LDkEiSovBGLR0
-KV3NAqQQhr1WQoY1Uf3Ncpl7b+SaZscZ3r35UJo4iw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTAwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTAwMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQC3rH58cOqP9U5iyQflKaVyYw+1LMhr3jDW9/Q3aedlH/TY
-iLmT71FUjHaJMWOCO6sAEYMphrRdIUy82rai3iJgrNtJ21uIFOlmjgwgl9amHX8B
-yT+qgiwLs8kzE6NgPYHgLgbKEIqgZ+AZplCt60tCbeGKLR/WtXrxAIgqU+ar1wID
-AQABo38wfTAfBgNVHSMEGDAWgBQCSHi5zAFRMXR/OSo3wkSTfphpgDAdBgNVHQ4E
-FgQUauYRxUFtrRo+gtywXa3yGfFQzgswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEB
-BQUAA4GBADnBidpEzasWbrLankXCoCaeizozu2dGAMMWpbs02cplC/vIlcr0myWK
-noFSuxUuQa7sMxp72p5r2ziJp5pk1gT2KX/kgOYlQqgbJ4UmARGP7er+zIPulXib
-suMShSCGO1xC+fXppdhPy+YQq8a7Mzi7XKqP5su+aTWw/B3a8ys9
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
------BEGIN CERTIFICATE-----
-MIICpjCCAg+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTAwMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowYzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgw
-NgYDVQQDEy9JbnZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVFIENlcnRpZmljYXRl
-IFRlc3QxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAr0SfgP3iREpEpoxL
-34yNQOjycTI5wM/Y9YXQ6E26DxRndEt8gy0Nt+w7/WcO0aJ/EA76704ckmtzahRW
-gH7YAntSVCkBwyB8EDt0eBxom9vWRhPmqJgF6PJtcuAZnkISqXfw7zurQN/p1HzT
-iBta6ocTlilBTPujtQ/X4O12W5kCAwEAAaN8MHowHwYDVR0jBBgwFoAUauYRxUFt
-rRo+gtywXa3yGfFQzgswHQYDVR0OBBYEFLsMSzv8dfhgJ3MxRW07FltMDKkGMA4G
-A1UdDwEB/wQEAwIB9jAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/
-BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAfOH+DXogRwi00dAkv43qzCo23eOg7
-uaaD7fgNVn7RrEYkyc0RZWf1P56IXe9aTM41eVmi1PyblkZ0aXH9e7ShaOW11Jk4
-OpIpx+vR7HqBjW0yqIXES3pbA6Vm26gj1WDuq0oSps0+BxKTL5cHxVlCT9+YES4B
-T1SmCaLl/UdsEA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:02:48:78:B9:CC:01:51:31:74:7F:39:2A:37:C2:44:93:7E:98:69:80
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        44:34:f6:c5:c0:16:f7:24:42:33:a8:e4:ca:74:71:94:76:93:
-        e7:4b:7c:a3:8b:ac:ae:11:ab:46:94:f6:0d:88:b6:e0:96:1f:
-        ab:04:6a:92:b7:6d:4b:aa:6a:b0:13:58:58:a7:7e:06:de:c1:
-        26:d4:09:e0:7b:a9:e4:dd:73:da:b0:cc:a0:61:ab:c4:c7:cb:
-        c2:e1:66:f9:f2:2a:c2:c9:59:5f:05:c6:74:f8:bd:bb:92:24:
-        77:12:34:23:7d:95:99:bf:35:e0:6f:cf:2a:b6:19:29:9e:59:
-        d2:0b:2f:07:44:25:66:6a:e9:5a:ed:7f:99:33:b5:3e:65:69:
-        57:95
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTAXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFAJIeLnMAVExdH85KjfCRJN+mGmAMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAEQ09sXAFvckQjOo5Mp0cZR2k+dLfKOLrK4Rq0aU9g2ItuCWH6sE
-apK3bUuqarATWFinfgbewSbUCeB7qeTdc9qwzKBhq8THy8LhZvnyKsLJWV8FxnT4
-vbuSJHcSNCN9lZm/NeBvzyq2GSmeWdILLwdEJWZq6Vrtf5kztT5laVeV
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:E6:11:C5:41:6D:AD:1A:3E:82:DC:B0:5D:AD:F2:19:F1:50:CE:0B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        42:5b:18:71:be:d6:f0:b4:80:f6:33:3c:cd:99:0d:26:f3:90:
-        70:42:44:f8:f9:61:72:1c:b3:91:02:0a:14:55:67:d0:1b:23:
-        06:f0:90:76:49:c6:82:23:70:da:3a:15:95:90:80:aa:8f:0e:
-        fb:4e:5b:9b:66:38:21:14:15:c1:65:71:1d:e5:b6:90:ae:b2:
-        7a:73:84:9a:1d:3c:f2:2f:65:0a:b4:7f:52:90:a1:1d:37:a6:
-        24:a8:7f:5e:72:e5:1a:8b:89:31:ac:dc:0a:3a:d2:15:7f:f5:
-        97:f3:1a:82:d6:fd:74:b5:92:0f:d5:d3:a5:74:1d:a3:7f:62:
-        1b:c4
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTAwFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBRq5hHFQW2tGj6C3LBdrfIZ8VDOCzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQBCWxhxvtbwtID2MzzNmQ0m85BwQkT4+WFyHLORAgoUVWfQ
-GyMG8JB2ScaCI3DaOhWVkICqjw77TlubZjghFBXBZXEd5baQrrJ6c4SaHTzyL2UK
-tH9SkKEdN6YkqH9ecuUai4kxrNwKOtIVf/WX8xqC1v10tZIP1dOldB2jf2IbxA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10EE.pem
new file mode 100644
index 0000000000..2d7bbd0916
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E5 50 22 A8 C1 4E 7B 5C CB 90 98 45 C4 A7 F0 0A E0 ED 2E 33 
+    friendlyName: Invalid pathLenConstraint Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA00
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YkNBMDAwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBoMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTE4MDYGA1UEAxMvSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCXqvJf0Sbty1YiHYZ7PHwNkMnllNAX+ilKxDm339jET5zegwNzwyTXh0nk05rc
+wLCqE0slxm6iWWfh3sK7DE+zWyj5RwiiwbT7K49hFLgnZ7/3x3wARVb0lLhN699d
+iRJm+Af3vNDVGkQ1FSpy4OBiUuc2XMiWktOV/smBAty8HvjZOBB4Zy0ijV1YZK+/
+ihX/Feqm0PjLsrASBqH5PAVYDzTXH406ayeUCK+daoxc9nO3jShm9bvTZwoc9tN5
+M/VzFHoG8S5lMWNBcnZd/8++FCEKb8H8FnLktCOYKGWahdYjiIMuGzwyM6XooCEJ
+rxfe03QfYtEknHXO5NZWF1oRAgMBAAGjfDB6MB8GA1UdIwQYMBaAFLq54oj31Fkl
+iuMp30+gBjjdcXSCMB0GA1UdDgQWBBTYF8STFBH7QOb0JnwVIxfQr6560zAXBgNV
+HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
+BAMCAfYwDQYJKoZIhvcNAQELBQADggEBAPWrCmLHcQdJfIVQpCQ6ZAWKOStZ3fqB
+G6hjLBxvA54p3+y2yq7p/0pRR3w22yHOBUNqVjiR6WWRaZBBzQTxt0hj3Dlbj+CH
+qyBc1bbBWk7m/tKziUfcxdPuo9CcG0u1nLTgIE32OHUgSzTmpWO8/JDICCQ4dd6q
+ugfxqWJnlJVGhQSyrSUk7ZcCFG3H2oHDMPYiv2spEv6g6lbno4YrYE/8vl/IbE4w
+BDAjtU3v+DUvI9vxWUa7pocGyb2dBE87ED/4HqmfUmj6cZnzIYRTKX1zoEueu3ei
+bf8l1natz4YwVbQItLU8STxkCRQiYH8d01JBMVlIRA4g8YhPc9Bwmao=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E5 50 22 A8 C1 4E 7B 5C CB 90 98 45 C4 A7 F0 0A E0 ED 2E 33 
+    friendlyName: Invalid pathLenConstraint Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,772EA7F9D57E3F11
+
+5Cj9j5qaOVLoai3GpY+FqYYvsjrAKoTHbLkjhIgjpRzrT1qGkdVe33DZ3mmw3td3
+gGVT8zN0sqvBW2nMAHkPMzpu93XZ0spQXuURePeletXPNTybPJRp5MFSFJynd/aq
+7ClQImECrXzKN4BR3bcSa5Dxld4K7ii4dOdlIQp2yhwOjpTk2o6EXj4eUy9EaKjI
+IOtwWNIXfOdMwc2+ABGSgZ4V1hinfuTm9h9UKMsg0U7AvUIIfk9jpl9AY0ZXT+Zl
+26fz9cM93p5afUFqHnKC1hUgzDY2RGGbipYXJhcFYyGMybXmR/9FpfdHBBbjTdDl
+KyVt7J0oKh8rknounW9or4M7MBdde74Gph2fCui+qh7ti75rgUuuxvjn7mW9+hbn
+RTyVudQ+Qde9NBi+FaQ1T3A7CdlnyfTcEVHtUoEaDUWz5QVuN4U7wwLfk3p8ifdy
+Ws2qoc4YINEXiv01LmQ1RXlYWBTqqQ+giMlS5pagttzppIvEZ/C7aalUEmJleIeV
+O8LHL8SXxfKbzayt0B4TA9B2A1JLQw9GNUzPSqRHTAdYF/oyQouHuij1N86gYub2
+tFIUCd8I2GGcKRgXM04NUslBc+aN0YWxKBqDCnJy9RlVF7SMcppnmyfvRmBPhcI4
+SCFNfKoZCywAVvjMc0rdAgWGG06bBg+8OUG5jfH07Rn0ydbp+StiURp4/xYUqc8U
+i3yDx+NljZdDt/JYM8z3sZKXNltfbypdK+1BCV4sxyfzWzjYqd6smmmtjR2A8AOD
+sMAAWMQPZSCJ6PtgNBEXNnDuQtdMNwrIpdHhUfTv9xB3ePdxpzfuKuZ7ncqfrTQ7
+De45pEt/eEWvlQuEABW7KKSPilRj7LKzFxk+qK/bwT5YB59q3veQ0ktpvo+KhUMB
+Ku7efDPV0TTbreNriUlM0ipUTdN8O30FHbxOX6ZzZ7YvpBQRZtKgG01OXpPsUOv9
+qi5JdkQuETK0YHKxy9Kg36VdPKS+pm58nxd7Vk1NL4Uw5Btb/6/96VdC/U4HTE4V
+dV/BsPV1SZQOONutjRIyMI2IPDlEfMcQgyojfHYRMG9VvHQvXfL9oRv+5eU6pxkE
+IILyicibk+tE2hNR1lZuCwHZ9qF3bcu7FvJVTiUeqrBMFtmyQYgQXrXNT7SwO0UC
+GECT4Jd2f+BnS4OgW4uKxJWqhwmTfxyevEGBQfAKGhL30J/foblBZDbc5yPIPiTv
+5PhyqHqlsYDEp/7phdyExgpMCnnqBO0NA2ET2yY576FpiWpaCVIlYODixK0xPNuE
+ziw6bZ2OOGUzj743b7CFVNUesd1S7CbPB1m4A3J+iimsuFUq1XGsesdM1ldOxZlA
+4MyBbkvweHtBP7YH86odh6nASA7n8I8RRVHOGa1dLAcwKHDs3qhjPd0EnZmrrrba
+t+SC2aunuXee2eyeM780obWfkSOmtJlXm2seq7bScNiAYzsCL+9Z3tOkCsH1LjNv
+mETaxgW+RRAklGMuVzRUzfprt+4pqeRdDrz5Uq/kJpYKx8d1Mi1YKuWN2JugPyOu
+qOEF0J+h+ydTBNL9d4DeME69PvD4JMq6Vny/lL4OVpS6ip+Tg75vpQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11.pem
deleted file mode 100644
index 259d24610f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11.pem
+++ /dev/null
@@ -1,262 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAmzChDurmjaO/gLW4mwfnkQwkFgDcZvpMdZEqpd4u4+RaoyI7I6LlTFQ+
-wkZ0cnLVA8C/F6+ZqpMXg4s9pb04PuHb0xsgBHFefpSASxTCIBWVOmLq462zY6o8
-Iun/AQo4JVGx175EcIUkcldAg19+3l1NV4fg7BN7waHWiVfIzS0CAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFEQ04VAm
-/zwjDK2/vU7Ge+AMSIqqMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQUFAAOBgQCK
-Fy4Zq2RJVwWE4qzs2QbzST7CRcwqzwlUwH2S53MA3J38uXAEjqjJLyLSG7k9xjYq
-Xwq0hQZIfdeOkSMfSEUl3XWgYfQFGfmHdsUPJ0NX79NXXoyxsfZPRH9LF+CPnv8d
-kwA/on1VypfAuAv4/M6L3p7jFDISJRRGcXRBRB13lA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTExMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDSXWC7L0WLN2ZeSCkEhh0EhpdojjOAr8wqSRoVWRnyzGMM
-swGD3i80PXaZFl1qIeaER7LF0udID27SF6sC5g+kklfiK3UAn0YscNa2U6r27vwO
-2pj95+SfvnAuFgQoO82T4VQtUJnUOB+NAwWHGZ0Y9WiAxus6qNqEVTbr3CcT4wID
-AQABo38wfTAfBgNVHSMEGDAWgBRENOFQJv88Iwytv71OxnvgDEiKqjAdBgNVHQ4E
-FgQUs8D3URQQ9lyaTiyHUFHlkdNYWyswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB
-BQUAA4GBADYFuhgJI8Nyw7Mhpcq5n2NHNEXkP8g5ibaa86O1I//NQRsXnQ42VQrQ
-UemJMwtYlYjXHCL3MaiZOOXv+jaJDAbAE8zDq1c11WuKYBQ/ABNR+jCYnOlnR4lH
-1Ibtl3Y4v7sEq5V6MyO6DugCihflJSVSOV8UFaYxZQ3cb/AgI41q
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowVTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSow
-KAYDVQQDEyFwYXRoTGVuQ29uc3RyYWludDYgc3Vic3Vic3ViQ0ExMVgwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBALXNtkOI9gcg1V1Ecg8VBS17NqL8yaeNOG8h
-VgH8Peay4GsCzxqYOSnPDeBKtlMJ+TAmMmz30FZ4XtEJScvx9yllHjEM85LdyvTM
-ZD6gy7yWApPgkhMipi9vww7JUtH6RrDQmKurTvtx5BhM/lYWlDVSnxX/CmWFm22r
-vwk/Rbz1AgMBAAGjfDB6MB8GA1UdIwQYMBaAFLPA91EUEPZcmk4sh1BR5ZHTWFsr
-MB0GA1UdDgQWBBRqNvBXdT9CFVC16QgdKDfFreIGvDAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQEFBQADgYEAXlaYIT0dDTF0GGAJ8H41hvUkovy3ge8i7YDWofVBhdt+rEeC
-v0tvUcc+7mPSj3i5flZgJnbXMwS7wNlLhttOpbBMqL5/vWyIcvrgXm3qmXowQF0H
-WuW/WllHgGzQ8tIbGUWcl2bvkFNA5nIeumCrK1vmIgNqYaRUdOH9xuPuvxw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJzdWJDQTExWDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMGMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czE4MDYGA1UEAxMvSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBDZXJ0aWZp
-Y2F0ZSBUZXN0MTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK/Kz6a5RrnL
-VxjtAz2f5jD2LFhGyAiWK8+D2zGdebUqwosPmO1bFaTy4UpTN1y2NDdhbZJ9u6q4
-UyBlEswNHWLbKw2eAhhlj4tL8W7qCcCTiIDusf+/it87dawc9FbLFDa6ZhPQn3zf
-fOKdROTtdR1GLihtxkPeVht0YCU0Y5jBAgMBAAGjazBpMB8GA1UdIwQYMBaAFGo2
-8Fd1P0IVULXpCB0oN8Wt4ga8MB0GA1UdDgQWBBSms0sRlWo2giuUP4b24hz3mOOT
-ZjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqG
-SIb3DQEBBQUAA4GBAGVBiyATRLrOnNHi80uCRg3a7ZWI4275SlflSYwZhFBkGkd2
-C4kyAGKsNrFGtuCpDNM7IgF4xbQweHBODNwwCOfsdc9OahGntqhxeKxUQpDkwc8a
-3Faqn6fs/BnZqkNzepiZdHCsTdiyiiB7LxL9LVo7575vfuB0yBsCk2lGgbkz
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:44:34:E1:50:26:FF:3C:23:0C:AD:BF:BD:4E:C6:7B:E0:0C:48:8A:AA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:23:83:69:3d:e9:a9:b9:0c:9f:fd:64:34:97:b1:1e:e3:c6:
-        25:62:c4:d5:cb:ee:87:98:04:d6:96:04:0e:7e:96:3b:22:7c:
-        3f:e7:f6:f8:a5:d4:14:a2:86:2c:10:d6:b6:08:a6:da:2a:3e:
-        7e:70:f1:d1:e6:a0:6e:55:1c:68:10:4f:65:d2:1f:51:d7:a0:
-        6b:d7:df:db:7e:2e:f6:8f:5e:64:5e:6a:ca:48:2b:8c:f0:85:
-        37:f3:70:67:c9:44:c4:8f:7f:ad:93:93:e6:d9:c0:7e:8d:0e:
-        01:16:01:82:e2:b9:a6:28:1f:3b:e9:0a:d0:ea:d6:23:a1:c4:
-        a5:1a
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFEQ04VAm/zwjDK2/vU7Ge+AMSIqqMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAI0jg2k96am5DJ/9ZDSXsR7jxiVixNXL7oeYBNaWBA5+ljsifD/n
-9vil1BSihiwQ1rYIptoqPn5w8dHmoG5VHGgQT2XSH1HXoGvX39t+LvaPXmReaspI
-K4zwhTfzcGfJRMSPf62Tk+bZwH6NDgEWAYLiuaYoHzvpCtDq1iOhxKUa
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:C0:F7:51:14:10:F6:5C:9A:4E:2C:87:50:51:E5:91:D3:58:5B:2B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        5f:3d:a5:ee:09:93:d8:4f:cf:28:3b:05:87:8e:8b:08:7e:2d:
-        36:0e:c2:f0:cd:54:94:05:54:07:2f:9d:e6:8d:1b:9c:f5:fe:
-        92:7e:3f:bc:94:d5:fd:82:c0:87:dc:93:32:c8:ab:01:59:3b:
-        6a:df:8e:af:cb:14:f7:f7:39:50:da:8c:ac:02:7c:97:24:27:
-        ce:11:a9:9b:38:72:6e:32:c4:a1:0a:f3:34:5d:62:9d:f8:ea:
-        21:1a:bc:0e:22:98:6f:80:25:1f:5c:c4:fe:1e:7b:ff:9c:4a:
-        83:ec:02:29:db:a0:6e:cb:9e:98:89:33:be:25:8c:2d:48:9d:
-        70:3d
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBSzwPdRFBD2XJpOLIdQUeWR01hbKzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQBfPaXuCZPYT88oOwWHjosIfi02DsLwzVSUBVQHL53mjRuc
-9f6Sfj+8lNX9gsCH3JMyyKsBWTtq346vyxT39zlQ2oysAnyXJCfOEambOHJuMsSh
-CvM0XWKd+OohGrwOIphvgCUfXMT+Hnv/nEqD7AIp26Buy56YiTO+JYwtSJ1wPQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:36:F0:57:75:3F:42:15:50:B5:E9:08:1D:28:37:C5:AD:E2:06:BC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c1:d4:9f:53:f4:86:55:66:46:ba:2f:82:df:c3:81:ad:52:
-        95:0f:cb:f0:c0:25:ca:b2:fa:80:c7:b4:50:a3:95:70:ea:01:
-        b1:30:fe:c9:da:a0:b4:fb:a6:9f:55:ec:3f:df:12:37:bb:44:
-        cf:6a:5c:7d:fa:34:93:7c:9d:5f:f0:d6:fc:dc:07:9f:1f:2d:
-        bc:02:3f:80:59:de:31:ba:19:c8:e8:a9:3c:e7:1d:28:e8:cb:
-        f7:4d:e2:f6:26:cd:45:2f:d4:70:77:68:ae:1e:5d:0f:55:c6:
-        fb:f4:5d:64:3c:e0:30:a7:2d:3a:ed:4e:7b:a1:e2:13:70:da:
-        30:e4
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJzdWJDQTExWBcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUajbwV3U/QhVQtekIHSg3xa3iBrwwCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEAk8HUn1P0hlVmRrovgt/Dga1SlQ/L8MAlyrL6gMe0
-UKOVcOoBsTD+ydqgtPumn1XsP98SN7tEz2pcffo0k3ydX/DW/NwHnx8tvAI/gFne
-MboZyOipPOcdKOjL903i9ibNRS/UcHdorh5dD1XG+/RdZDzgMKctOu1Oe6HiE3Da
-MOQ=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11EE.pem
new file mode 100644
index 0000000000..6c456d7ec8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E6 98 9F F1 E4 B5 04 FF 24 2E EC AB 3E 07 30 38 21 C7 01 FF 
+    friendlyName: Invalid pathLenConstraint Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA11X
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNBMTFYMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowaDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExODA2BgNVBAMTL0ludmFsaWQgcGF0aExlbkNvbnN0cmFpbnQg
+RUUgQ2VydGlmaWNhdGUgVGVzdDExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA1cl8/9ip/J/At2SsSX+IJEEVyheRfuATAjbGXo7Cxrc0hDSRHTovhpBn
+9bvr2U3tLle6PnM+04bGz+Xt4+XAwq3bYepL0Y9TKx6S9sFwdVSWM3tpfS15OfeB
+G0dIugOZMSm+o8VQUoFRkEazcWCOUdu+9KEHXBecAeWxRof3IM0R6i3cTprfjCs5
+yXgsCln5HUPLDw5twRYOEE5mnEWtraWEFUeYE8xVFwwk69N9b95gpTsEvzPnyc7Y
+vcEeVGDsezBQmPxDSOXA1pDOqBswDj90rFy/ZxQWPSOdV7dSk08Aa2KayXgL30gz
+mO6ENzNWfIZ0g6TN9Oq8K+lhRx/E6wIDAQABo2swaTAfBgNVHSMEGDAWgBSD2ri1
+xp3Iiwh8iz/tGnIl4q8b6jAdBgNVHQ4EFgQUOVf5EG2PkPu3WYGjOi+xdDjbuacw
+DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
+9w0BAQsFAAOCAQEApEdV59RrhEgGjn1V6YgmOZrmFoy7Vr1Ss36w+MY7OqJ5zdYj
+BJPk/cDWct/Fk/X+i735WzzY11K4KrLc1DVkfrTyRPLHChRFma5g0p5OUUDvofyj
+5gky5i8S3+3l8GthFqJyVgjqagILlj6+az/liTiCLrlKk3+MOeI3xZfqu0fhfWTL
+CMmxAhrG5hjMR/YAcoSLsM3Vu7cwWVn8zB7PA22EnEBspIxwjrH1diVSSix0Mr2U
+VIjrBMmLHIuYv2s4ZS29iPsKcikiXK6+GynT6QuNf0hXEB9a/H1NEBu69+AnXnNN
+8KDP6+hPJxVKCLApWqbmGqJE8b6swlhRomACaA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E6 98 9F F1 E4 B5 04 FF 24 2E EC AB 3E 07 30 38 21 C7 01 FF 
+    friendlyName: Invalid pathLenConstraint Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,686D0DE45DA2B6C2
+
+VaAU12sWq1Yg+V760zkDSlnQXjjyrXCaIhGOwTxTgbrD7+7ZxAnKlXuV4oNnJQm3
+bIn7RQlR7UiOVdNhgMLz0Mq4J2zpqgCJMTm+mkLIukiICn7a7f/e0VlMyBfFQeWH
+gsCUz0pIwJ/dT+hPTFkcBmnpN/2gPkZTb2roGFksUZ6Vk2rV2Ut4tg2rqG3SoYws
+BSNx3ZAl0updwkLjjwa+/YtGOOAfqqUfJHsLmhkYgaZ0l4gumy6oxz8wcc9YLOCC
+qX+5MHfV0cpgjw39N64RYY/vbEvUp1lVFT+LZW2PQF1IJTlw7JvRk2RDxpKTkAai
+QcqYmFoTnPQrcPQ6YtJn6lFTd+iHts7bA/zn+FXkd/a2wm0zwhGLFmYIVfxICC+d
+1zHZBg5BEYBEq4IYx9vbHGXyLnWbe6/jqBQZs+iWmLoia00CwtLy03JFIU+K0xAW
+bCNd7KHo+gtV3H0WREVl07/a1zsjUEx0hbfENQJL6I674WQpYR5+ca6RK6JFhchc
+OiuAOz5X0tYcV/0dZwdN4iu3ezTbnz/wjeTbxvkFyX5GMgJ2QN0IB4ZKedEbmdhC
++a1S8Q4DHMC7XE89R8jC4nIV0TsSbAmGhK8PwelKamBRG+WZrd9r+j+JQ4Sikn2g
+djGA6/7I3BdRppMScqwhRxc72tWPLguwU4oA9eLcatZ53MFiYd6ntVuTeRVjRpeL
+IhapZxZDSvNubE8+ObyvmKGTxUgedotSWHJXyv8+2GKGCwl30LSTBVrizsXry+Tf
+0H6gHC8OY4v6S6UdsLVauXojkdVI7xH1GBco9XDGibmvi9HxggBC9QMRdRE3PU90
+Xl2ur/CWEkMMrmjz0ZfXapQZgGSaLUy+PJShX5SxKifoNT9tLZmHPSTgYlIT8ijc
+pu/DUL/bkF7J8Pv0660T7Gj3RWnfIe+2MX0AUObKRBgP7heVJB2a9xmX7VbHLP+9
+0zp7Omk15r3DrWVEqZJQhnM7/0B77NWRXWtdyTlO7jA6fW6i9q0ZIsgcxAf+VqN3
+tpeKI42jby51SopRNwdbVwi8WmVonzpYnwuDeXlRScBMZpDaqbn5+fQjsMzt3Pjc
+Ly6Nqq1tngz9f1QAb2a2RLSM1RKuWoGvDzSQCgdcgH9C3XOXi/6WNI+9/oaIcvKg
+PACApYS6OfoHzb9o6pntUAXTWHV4djx71TX1tcpDRoR8OKlMbF4ZzWOVX+iOmnkz
+LUVyILMB9HWuns7l/Dr7oogP3sTua1GyVuywCZBgVIxrrMtVJJJfKH3B+rte9jDy
+lvKFAxlPOT3lwTcd/1Dx7FX7RVQM0l1uB8qWH3h+2N/H+4y+ETBg6yadKKrfzjro
+I+JDpQU2oGBNdORnNSBHBYXYSlYE5heqfeNz02GsT5uhPkhV4yWP1FOnxi5A/kcV
+iDkKYk7jAjVx/2dlZPa4oPHiGf9PNGE72cn3nMdlPNNcM+bjJogLAc1czNeU9B6u
+mWraqdYS56WRNkOIZmw/2JrSNAQOSGx+WM5UL6qaPqdlylVzPsHQEpTQ0mepbwfH
+Ftecmyrb9VyAkW5qmOnpFPhNVvPAGi3paxm1gFBKYSsynO4tkw9VUJMPEOOcyff6
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12.pem
deleted file mode 100644
index 3325707a9b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12.pem
+++ /dev/null
@@ -1,263 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAmzChDurmjaO/gLW4mwfnkQwkFgDcZvpMdZEqpd4u4+RaoyI7I6LlTFQ+
-wkZ0cnLVA8C/F6+ZqpMXg4s9pb04PuHb0xsgBHFefpSASxTCIBWVOmLq462zY6o8
-Iun/AQo4JVGx175EcIUkcldAg19+3l1NV4fg7BN7waHWiVfIzS0CAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFEQ04VAm
-/zwjDK2/vU7Ge+AMSIqqMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQUFAAOBgQCK
-Fy4Zq2RJVwWE4qzs2QbzST7CRcwqzwlUwH2S53MA3J38uXAEjqjJLyLSG7k9xjYq
-Xwq0hQZIfdeOkSMfSEUl3XWgYfQFGfmHdsUPJ0NX79NXXoyxsfZPRH9LF+CPnv8d
-kwA/on1VypfAuAv4/M6L3p7jFDISJRRGcXRBRB13lA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTExMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDSXWC7L0WLN2ZeSCkEhh0EhpdojjOAr8wqSRoVWRnyzGMM
-swGD3i80PXaZFl1qIeaER7LF0udID27SF6sC5g+kklfiK3UAn0YscNa2U6r27vwO
-2pj95+SfvnAuFgQoO82T4VQtUJnUOB+NAwWHGZ0Y9WiAxus6qNqEVTbr3CcT4wID
-AQABo38wfTAfBgNVHSMEGDAWgBRENOFQJv88Iwytv71OxnvgDEiKqjAdBgNVHQ4E
-FgQUs8D3URQQ9lyaTiyHUFHlkdNYWyswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB
-BQUAA4GBADYFuhgJI8Nyw7Mhpcq5n2NHNEXkP8g5ibaa86O1I//NQRsXnQ42VQrQ
-UemJMwtYlYjXHCL3MaiZOOXv+jaJDAbAE8zDq1c11WuKYBQ/ABNR+jCYnOlnR4lH
-1Ibtl3Y4v7sEq5V6MyO6DugCihflJSVSOV8UFaYxZQ3cb/AgI41q
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowVTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSow
-KAYDVQQDEyFwYXRoTGVuQ29uc3RyYWludDYgc3Vic3Vic3ViQ0ExMVgwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBALXNtkOI9gcg1V1Ecg8VBS17NqL8yaeNOG8h
-VgH8Peay4GsCzxqYOSnPDeBKtlMJ+TAmMmz30FZ4XtEJScvx9yllHjEM85LdyvTM
-ZD6gy7yWApPgkhMipi9vww7JUtH6RrDQmKurTvtx5BhM/lYWlDVSnxX/CmWFm22r
-vwk/Rbz1AgMBAAGjfDB6MB8GA1UdIwQYMBaAFLPA91EUEPZcmk4sh1BR5ZHTWFsr
-MB0GA1UdDgQWBBRqNvBXdT9CFVC16QgdKDfFreIGvDAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQEFBQADgYEAXlaYIT0dDTF0GGAJ8H41hvUkovy3ge8i7YDWofVBhdt+rEeC
-v0tvUcc+7mPSj3i5flZgJnbXMwS7wNlLhttOpbBMqL5/vWyIcvrgXm3qmXowQF0H
-WuW/WllHgGzQ8tIbGUWcl2bvkFNA5nIeumCrK1vmIgNqYaRUdOH9xuPuvxw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test12
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJzdWJDQTExWDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMGMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czE4MDYGA1UEAxMvSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBDZXJ0aWZp
-Y2F0ZSBUZXN0MTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKYWPPc7psjO
-loPqdJ0NVow1+jFLB3yaoLHoJ+72kbII2gHjDiiZqm3e1E8Bqo136BrJlUrf5ZBj
-5G7DoA0OWn12+0bHhTNOEucIAFe/M6DpdHEIRR3l9CA20h4VMN5dUnQlVRt5uzGb
-RWcxgL5F79IUTDI1M2JJz2z8Aj/WIsbRAgMBAAGjfDB6MB8GA1UdIwQYMBaAFGo2
-8Fd1P0IVULXpCB0oN8Wt4ga8MB0GA1UdDgQWBBQfCYLms5akqSyTnpkK+G20CC7J
-7zAOBgNVHQ8BAf8EBAMCAfYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
-EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEABeLBzaJ0fJ0vgFUpXxNodli4
-jWo3oP+YW75X3NsMhhl31MbHAyUVw7CCEspHiIIRtSfJCALAaH9Ug7kMFjFDrxTH
-2790IdTodWieyUn/sdU9WWVRXiR7d5M2SVIYwdc6NjmsSVg6m++W99Uv5pBzoTAA
-ClExK3cmR6k5T7cF58Y=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:44:34:E1:50:26:FF:3C:23:0C:AD:BF:BD:4E:C6:7B:E0:0C:48:8A:AA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:23:83:69:3d:e9:a9:b9:0c:9f:fd:64:34:97:b1:1e:e3:c6:
-        25:62:c4:d5:cb:ee:87:98:04:d6:96:04:0e:7e:96:3b:22:7c:
-        3f:e7:f6:f8:a5:d4:14:a2:86:2c:10:d6:b6:08:a6:da:2a:3e:
-        7e:70:f1:d1:e6:a0:6e:55:1c:68:10:4f:65:d2:1f:51:d7:a0:
-        6b:d7:df:db:7e:2e:f6:8f:5e:64:5e:6a:ca:48:2b:8c:f0:85:
-        37:f3:70:67:c9:44:c4:8f:7f:ad:93:93:e6:d9:c0:7e:8d:0e:
-        01:16:01:82:e2:b9:a6:28:1f:3b:e9:0a:d0:ea:d6:23:a1:c4:
-        a5:1a
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFEQ04VAm/zwjDK2/vU7Ge+AMSIqqMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAI0jg2k96am5DJ/9ZDSXsR7jxiVixNXL7oeYBNaWBA5+ljsifD/n
-9vil1BSihiwQ1rYIptoqPn5w8dHmoG5VHGgQT2XSH1HXoGvX39t+LvaPXmReaspI
-K4zwhTfzcGfJRMSPf62Tk+bZwH6NDgEWAYLiuaYoHzvpCtDq1iOhxKUa
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:C0:F7:51:14:10:F6:5C:9A:4E:2C:87:50:51:E5:91:D3:58:5B:2B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        5f:3d:a5:ee:09:93:d8:4f:cf:28:3b:05:87:8e:8b:08:7e:2d:
-        36:0e:c2:f0:cd:54:94:05:54:07:2f:9d:e6:8d:1b:9c:f5:fe:
-        92:7e:3f:bc:94:d5:fd:82:c0:87:dc:93:32:c8:ab:01:59:3b:
-        6a:df:8e:af:cb:14:f7:f7:39:50:da:8c:ac:02:7c:97:24:27:
-        ce:11:a9:9b:38:72:6e:32:c4:a1:0a:f3:34:5d:62:9d:f8:ea:
-        21:1a:bc:0e:22:98:6f:80:25:1f:5c:c4:fe:1e:7b:ff:9c:4a:
-        83:ec:02:29:db:a0:6e:cb:9e:98:89:33:be:25:8c:2d:48:9d:
-        70:3d
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBSzwPdRFBD2XJpOLIdQUeWR01hbKzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQBfPaXuCZPYT88oOwWHjosIfi02DsLwzVSUBVQHL53mjRuc
-9f6Sfj+8lNX9gsCH3JMyyKsBWTtq346vyxT39zlQ2oysAnyXJCfOEambOHJuMsSh
-CvM0XWKd+OohGrwOIphvgCUfXMT+Hnv/nEqD7AIp26Buy56YiTO+JYwtSJ1wPQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:36:F0:57:75:3F:42:15:50:B5:E9:08:1D:28:37:C5:AD:E2:06:BC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c1:d4:9f:53:f4:86:55:66:46:ba:2f:82:df:c3:81:ad:52:
-        95:0f:cb:f0:c0:25:ca:b2:fa:80:c7:b4:50:a3:95:70:ea:01:
-        b1:30:fe:c9:da:a0:b4:fb:a6:9f:55:ec:3f:df:12:37:bb:44:
-        cf:6a:5c:7d:fa:34:93:7c:9d:5f:f0:d6:fc:dc:07:9f:1f:2d:
-        bc:02:3f:80:59:de:31:ba:19:c8:e8:a9:3c:e7:1d:28:e8:cb:
-        f7:4d:e2:f6:26:cd:45:2f:d4:70:77:68:ae:1e:5d:0f:55:c6:
-        fb:f4:5d:64:3c:e0:30:a7:2d:3a:ed:4e:7b:a1:e2:13:70:da:
-        30:e4
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJzdWJDQTExWBcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUajbwV3U/QhVQtekIHSg3xa3iBrwwCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEAk8HUn1P0hlVmRrovgt/Dga1SlQ/L8MAlyrL6gMe0
-UKOVcOoBsTD+ydqgtPumn1XsP98SN7tEz2pcffo0k3ydX/DW/NwHnx8tvAI/gFne
-MboZyOipPOcdKOjL903i9ibNRS/UcHdorh5dD1XG+/RdZDzgMKctOu1Oe6HiE3Da
-MOQ=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12EE.pem
new file mode 100644
index 0000000000..0f42c6ad35
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B9 41 D4 07 1D 24 78 06 BC 38 DC A0 11 D0 45 7A 76 7E 26 78 
+    friendlyName: Invalid pathLenConstraint Test12 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA11X
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNBMTFYMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowaDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExODA2BgNVBAMTL0ludmFsaWQgcGF0aExlbkNvbnN0cmFpbnQg
+RUUgQ2VydGlmaWNhdGUgVGVzdDEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAmVlts3N4uHNv7lGOT4GLaF+tsPvd1uviRc+qIdHp7qZNONV0TCr2Kt9l
+K9MGtM0OSLUhrrKN/oooKo3oVgqfGBMEzbPERKF2oy96WHjhA7WoVcHpQyPKOuUP
+hUY8rhMXYoTFeRakKK5kFobrKE70mI8tsmfOBA4JJKMBLSlu8ivgMigK1CT+bhHl
+uazZCm58czJ5Lw+ol00v5xQUKg8eJnYu++BBftkFkDU9QHW/2WH6ceiAcwzL9IUV
+1wuCQYfKfUklUtzcqSCoOCWNE0Yp3GaOgmgR6ssn5p2lyqXxZiVtGx1KcDhy42AE
+fbd5Kp3/FSQRV6UEr/KoJ86sBpkBmwIDAQABo3wwejAfBgNVHSMEGDAWgBSD2ri1
+xp3Iiwh8iz/tGnIl4q8b6jAdBgNVHQ4EFgQUF5D2PD0NAiPAZIw+M6ZDoKxgu7Mw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgH2MA0GCSqGSIb3DQEBCwUAA4IBAQCSRSJrJvGXtMVNUy9eDgXRV2P3
+ujCOCX3LsZAqd1x99DQorAhKoq1Hjd47XDmZherCmEpkkz6uq71sAg8UilLHEcwB
+cJ+IXJSohUIme3G2iil7BIU7FhIw3gbr+jpDlroqKTsx/9BKzh1Ms0c+PwoQGfHs
+CsIsYBb1Op7JQuJrpgggdTWskDIfcWOKg0QIRaTn72e/jF6IBKSr1S6D2xtFAxGm
+Kda8HVzltawA/WKcSy0U5qvLrBv8FK8vjkWut4wjid+eAmmsMQwOuwZNcqaXR2ve
+tDg1aWhFKdhmcOAirsC4wsuS5V0hTObIZR3d1BriitU8VhUq3PvlgAzrTaiE
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B9 41 D4 07 1D 24 78 06 BC 38 DC A0 11 D0 45 7A 76 7E 26 78 
+    friendlyName: Invalid pathLenConstraint Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,16A8528E11F2A947
+
+5QYPlv/Y0/58FuOcUlQgeS5owcOToBQQwmhiQNhFREiB4KdIEL2E3mEmgwvw6kjs
+RfjAALCN6akHebaTinBAodceQlWBkxCdC+LaQZ9nlZOenliuKtIgrCsu2DOQYRNS
+Q9kzTH0uRD1uJopiO18ov0R30Vs+nBr/L+JYS/saFalMylMW92eZmxz+4/bJfIwl
+S9SPhu2KIkpfEu1OTnE7KHEXei63/aMA5sIv4hO1fLwQQnfkWypDSyAJb7Yvh+tu
+bziY7yWe9hJq2GZSLk3rvf5mNmfz4Op7c0CROH1Eq4+uMfKB4ud3+s/nItxxgMmg
+TrXUzbYLYR2Zz+pIalwd9Kbt5fnNEGuGQRNfyd2WWMKqLyHwG4EztoCl9fkhek10
+jySn5Mi2gdeHSOykYMo60By6So+fdTOh7DFP+zXd0f9jp/ihGgm/Zbtby2g65cy5
+rt6WXD7px321jxxubUkdtv+UhBZgj0zasyoj36gpZjuptwfxMp1pc+Gbw3NsCFOu
+IjxiW6pbdip3Endvy8tUD6nljA0TKNyRL4ynpU2vqCsx70KE+UFBkg2oO2VB6FP9
+LmSmGT8IHqZD5n4slyLXpu63aX71ez7kWEMoP7oxASDT65dMDz3prkCJ1OTAbpOp
+nL3PO541KHo/e7OLfCo1SSYTSeiEOVcaM2GeuewmmaC18d4Jp5K9FT3ymyu5/PvQ
+XGmpQLnByoBVaf2/845r/AiVcmXL+AoP0/wmQD+6Unvlqe+bjcyfe6PcOP8iR7jK
+8U05B1qBzQkS+4l1UnsR+5ykSRVvx5U4QBqAf8xd4HwT9qPOtnIee9j/ubQWYy3B
+Rri8q2XvsaCPPkKgvnL8GtltODOC8aCGuROpEUR40Y0hm0q5Hpl8fUtr19wbVbhm
+3IMJrN/QKTLHz+qvme54GIwC2hiNbRX0xnR00eKHPNwyhXJ8hlwFst0RX4uN/4lo
+ZfmRnbHIHXEsDwsu5fRiZNlC5gT8omyDTgFNFdWtBRm8otaLzAzopHh9WGHw8/Qs
+S17hqB5qgbkmFSGpqHGfMQ6l4hAk2bmXC+lyABNa1K0cxx5oRVW+hnhjM4FFS7SM
+qu1Q4izlpEXZ55lq+hRTASwvdLCxli7V+dqsKtmsB8RVCLDSxv8gQOS5haMjZZTR
+Ojd6ODvdWXFw2PVPEIKBEYszi5XWZDaHcPNnFKaV5swqgqIGJNnEaxr0/5I+xOVV
+GtxHp62u01+fiZfqXCh5a1NtZ1IsMKLQd+SQESyDkqBsmF8gzUyYFkYaq+3HAPu9
+3DBclVJLkmDLXTc6fIirQ3pVerNEljrLL/sG83VLtegqCJCl96i1oSABjKtpCJ09
+MPlEbd1kQPNN7VYnArGbh9MYqhbt4GhXAb0jOCpFhvUIG+MZ7ne9keOxW8iuFtV0
+7hv8KvjtZQsIIOcO5767vXcTkIpSOK8rwUIclCZBWF80E6u46L/tbJPD+1AA0jNk
+OybgVukzWJj87kajWtgnA7lMmnu1zhsMZMl/MCpL9IdAQ4xfXT4wRtditk77s0Ng
+Gqrd5xJPrSIVs8n+lgbZ1vSAepao96RNiZxfbl/mY5Sxn36TaAk9VxBnGOGa4j/P
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5.pem
deleted file mode 100644
index 6f28f19db3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5.pem
+++ /dev/null
@@ -1,159 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMY
-cGF0aExlbkNvbnN0cmFpbnQwIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQC9F8qrs0xS57Qn1kibsZC0kS6JQNJyITUgX+oGjw6Y9R6Jh9m5WVI7BwMI
-FsyIDhUK42ZsG9b6hMdQyp5NKHZbYOh53VhWzsEAk3veMZvsEyE6K2Ip6SZO1xDq
-ta7FYY4SF+2S3nw8tyJGqXqNEG4Aob2k+QW1L7UgcsPyrAE66QIDAQABo3wwejAf
-BgNVHSMEGDAWgBQhDLUBdnbTsyqsJvyqpk/y1qFvSzAdBgNVHQ4EFgQUjh+rRpwO
-S27n5VeIDCeT/ifW5xIwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI
-AWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADW1rIN2
-092d2UN+8PysNq18Cl0i7qsx9JbK7SUwreNTgbpyw9Uh7HFYzJwBW9ACs94rDhZo
-iqG0u0K4zLTijCS3ixy9sVKVha/+QTy6YxHFcjLmriX4bfiYUjXJPqmmZFExM3vO
-XMyum0wyXdEc+hbuAj1+6WBRec8clffFlRdv
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25z
-dHJhaW50MCBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UE
-AxMuSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0
-NTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsZWQnm88nqSXHt/QuMDuN373
-VZ5lU/JhChuvs6DBS9f9L9NFBKtTS7+iq0QmlWuc3qB1RDAUjwAF85QyXYlqujEL
-h22h7CWzEP26t43/megvHJFuT/wCuRBzbTm+fzKTlWI2v7u8YILgQcOxb9vbRKzc
-FpwTBBqlnT//Xqavj98CAwEAAaNrMGkwHwYDVR0jBBgwFoAUjh+rRpwOS27n5VeI
-DCeT/ifW5xIwHQYDVR0OBBYEFDsP7IkBHltfUoRf9AuD3aINP8pHMA4GA1UdDwEB
-/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQAD
-gYEAeuTAbPsAB5hEhGMN18ygmQ2hryyEu5o0OlbfiZbwgOSaNISSeYEUGr/+1uxV
-MHb6zNrauChrz4hTCgHMmhThDhfxHeIlh0bM/xKd1dOmlB9g/WMr59Uy8R6vvo/4
-HZC6bTc4Ukzj7n2maNkUNogPKghLEho3hlGx/dZoxOr59pI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8E:1F:AB:46:9C:0E:4B:6E:E7:E5:57:88:0C:27:93:FE:27:D6:E7:12
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8b:2d:ce:68:13:85:60:64:90:ea:5e:1d:ad:93:65:9c:93:9e:
-        a7:20:49:c9:bc:37:41:b6:05:bb:6e:b9:8e:c6:20:5b:d8:6b:
-        a5:76:f7:d1:40:f0:73:d7:19:68:a4:b0:68:ad:63:f0:b1:b5:
-        a0:52:b8:f6:ec:55:74:22:37:a5:2f:01:c0:af:a9:69:b8:54:
-        e3:0a:3c:06:10:23:3c:0b:7b:0d:e8:6d:ad:9c:36:b3:d3:54:
-        9c:6f:4d:c2:e6:35:e0:6b:0b:3b:a8:10:3a:86:78:76:1d:17:
-        08:b6:ec:1e:da:17:a1:3c:1b:ed:a7:e3:41:cf:45:cd:d2:b3:
-        b5:83
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50
-MCBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUjh+rRpwOS27n5VeIDCeT/ifW5xIwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAiy3OaBOFYGSQ6l4drZNlnJOepyBJybw3QbYFu265jsYgW9hrpXb3
-0UDwc9cZaKSwaK1j8LG1oFK49uxVdCI3pS8BwK+pabhU4wo8BhAjPAt7DehtrZw2
-s9NUnG9NwuY14GsLO6gQOoZ4dh0XCLbsHtoXoTwb7afjQc9FzdKztYM=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5EE.pem
new file mode 100644
index 0000000000..739d9ca02e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 0D DE 1F 6D 7B 18 6E DB 7A 45 1F 51 B6 34 BC C0 AB 06 CF 1C 
+    friendlyName: Invalid pathLenConstraint Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 subCA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYcGF0aExl
+bkNvbnN0cmFpbnQwIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExNzA1BgNVBAMTLkludmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlm
+aWNhdGUgVGVzdDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPgxp+
+Hpglfzp9XX1K1glTgljSpG1M9dGpAlVk7K39GMVwkmnAtSBhQVBdG8GDNnr3kqCC
+J7LPOrNTDcRRkO4T7xdBL1RqmzOAuHHgJCiFt51qziQe//kZcmyIOwY8pgHN4Cy1
+q0BeWybbU4B9ybMiIVzFImOoOPUzkaADKic1iW1OBj5NpGCZ91qFyZx0Itk/iBC3
+v7CN2B8Qaho3hypDTCSRmVHiBB1kD/AKFU8UohIiHXsyGxbCg1bBLuKmWRTZ43y7
+L1m4qHBOg2i3do13YLss2oZoknsoOHOBa0YLrFXPPMQTNrOU6Im4IYiUU+Ge7+1g
+2a05ooIRBTS+QhSTAgMBAAGjazBpMB8GA1UdIwQYMBaAFBRiZxB90jfFcgbQ3n+1
+Fh3Ko3NeMB0GA1UdDgQWBBQPpyPBesQ9pYPwqgwp6+Jq4890gDAOBgNVHQ8BAf8E
+BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IB
+AQB/58kEOCkIVV2FaRCkyOKRYGVC3KnDEBQjc6w3ZEm+f3vFHJyB8V63J+zf9MBi
+i2LvwwRTaUusfrrVteAcCYcoXOSHmRo82sY4vWJ0KBn0CDHuQw/WakD12geNfcjn
+yTu2LTe+0as0RhQ91krC5qJuzoN4FBVj8eKhVoD9YQFCzoD+Rq7WqabgUVVjowvL
+UzSm4adqK9x0pGxgwFwuBgdjuY6gKyAnLUpbC0E2mkLuuhQh0tAcYu9LIPpM/l+M
+6c2DlhKdQ/I3KvPxjCpaUxTVQ6iX8OyocQlszKp+LWb4NRBnHYmBpiO5vSC3aBPg
+Ga3ewshaPQBSsN7f29AEHSgh
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0D DE 1F 6D 7B 18 6E DB 7A 45 1F 51 B6 34 BC C0 AB 06 CF 1C 
+    friendlyName: Invalid pathLenConstraint Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AD8B97178BCB0120
+
+CWmHiiIThJdI8Ot9R8wU/LfTFZL6YYbu37opP6dAaC+LUrUFtZfwCZ/eP4arKCh4
++FsAL5A61YhoVhqW/nAm2I5W8+q0NjU552LANcVkpgTej0cqU4e/Gpgd9iArrI//
+RI6JeUyb367JARXbJUqtLVXfyEg7ijZrC63S6orqk//+CcZkrmcV25/rWp7AL3vZ
+z0qhEYV0r9jFqMP+u2/I75MATEYWz6VOFIxr+oieM7ulqkUgvMiUCWydXaU86YAc
+TclzwvjQNDXlSw+fGRWJ/qTu4cBy98jI6SHqdCB59o+DieNjEpK3Ywvz6ARjhFmX
+IJXoXCkl7Q3gqTrqrHLLKR0ed3V7x0Cfd98OxumzA8Cfvl/KhfORI5Pn5bWcK3Hz
+NXrjoagTAsmyBrejvLK3HVKqN1GdOzR+veRo/EYxuN2uEABmjj74Lfisrkq6gEeW
+/ZvireBbwWOScSlu/AV4N5gYCocSXU4lhffzpOTC7p9tcSxC8FFDooORrC9ccpZd
+4ucW75OMXaYym2mu+ImSkNS/SgIq/ZVnDT1k5V1WEF58WSqOvpuH5QguB5p7CeFw
+UQn/Yz8i+0bZG6gFp8Er2pfhGENX8Ca7KLwt7f7dw/33kb6MpBCWSc1NG4gEQ4zS
+dO1Ketts1nY6hmwls1aMU3fPmUOBQGvFzA5Di9Hjbqfbb2Llz7x7hRAurh8ci/sv
+pw1wNIb0Cjlw/3v5vTpvCMnK4rrPh/isfUKA/4NAW8TL1wF6ZXfVGqylIGx/DsG0
+AJ1pfPBv6W+CDWlbh2XDjGbuqTWDffM2sa+5D0ohTIaB5ZduFTJArqA+bb4/sLzF
+HVqOydvAdzNdEK8XaZJCqdZ2tfv1weZzrv33wyzwx7wz09kX6/2o5LWQ9r9mCwNR
+s5Lp8J/6sjV6zsUOJbiGIKba2rdvo7SPLygM+T75TCOSAUlNOGjSEDTVrIWqCSe7
+mXDZ5YPBnN/0GKG2UMMpgNobkZRSVeuSb5biNKa7jYFTCh4+gK4gPa4LUGvWXkLN
+u28IndKHZ81ZILg8WNgsgAMhjRc2sXWPsghXJ22xXGMPx+ILKnoLtzIiBEKLLvRU
+4oIuEuNIQYwBJo+DLWW2zxT2vngU7lipH/zTCT7ZTw3uI6TqHtu/PD42NJyeQBNC
+2zsX4jsRKlaEunbKs7uRgwxV/r+KjZHf9r6FCFGhvfnYn5IL9AHcB1xE6VR6qHd7
+9jiUMA60ATCocS7mGGLobf+bnPy7OQf4k8amqskyfmC3hP3q7WPWPEZEhR4wbUIJ
+sQtWjvTJc6D6G2414olgk9hhRi38rrCbWOEHbOW1cKKeWKPxoOUfa/5mozGAgBBh
+02xSMGupni6D5LNpYS2cWe0OBpWxcHCfH6KQU0bkmtgpMi6Q+nOoIcmxjOwCSUAk
+wF0g52PlQC5nEgpBxKa9KGYU/657NFUDC1ao4TVKnYwRkuYUT0QGLNVlpPxf6MpK
+SkDGGm+QM4GJnC7Ot0uI1+tjfARdtgXwzsPLLIP2dR4GO+m5ni/Sj8qObph0yW5p
+TMmJs6V7j+O9SHpPKJt0l8HDSuS10nW3Iu1k6E7KRNgA5iUWvme/p5IMwtxiDmK7
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6.pem
deleted file mode 100644
index c4fdb25d66..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6.pem
+++ /dev/null
@@ -1,160 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMY
-cGF0aExlbkNvbnN0cmFpbnQwIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQC9F8qrs0xS57Qn1kibsZC0kS6JQNJyITUgX+oGjw6Y9R6Jh9m5WVI7BwMI
-FsyIDhUK42ZsG9b6hMdQyp5NKHZbYOh53VhWzsEAk3veMZvsEyE6K2Ip6SZO1xDq
-ta7FYY4SF+2S3nw8tyJGqXqNEG4Aob2k+QW1L7UgcsPyrAE66QIDAQABo3wwejAf
-BgNVHSMEGDAWgBQhDLUBdnbTsyqsJvyqpk/y1qFvSzAdBgNVHQ4EFgQUjh+rRpwO
-S27n5VeIDCeT/ifW5xIwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI
-AWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADW1rIN2
-092d2UN+8PysNq18Cl0i7qsx9JbK7SUwreNTgbpyw9Uh7HFYzJwBW9ACs94rDhZo
-iqG0u0K4zLTijCS3ixy9sVKVha/+QTy6YxHFcjLmriX4bfiYUjXJPqmmZFExM3vO
-XMyum0wyXdEc+hbuAj1+6WBRec8clffFlRdv
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25z
-dHJhaW50MCBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UE
-AxMuSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0
-NjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqRnKex0cxpUb1ZFo+pXGEX8V
-39ndPC9BNFgD6o0pAqBpYd6zlYIIkQo+rpciQ1vHnizx6WP3ulT6unn4w5UhXCP7
-S9h+TKQt6KFwZNXaCASi/VTEgHt5XLrwqjrhCtIDamjCgEcR1L/VS6N+c+SARpEG
-aWQzmao86RmaEKBaI10CAwEAAaN8MHowHwYDVR0jBBgwFoAUjh+rRpwOS27n5VeI
-DCeT/ifW5xIwHQYDVR0OBBYEFCw8vCsEA7QX0lC4KFyI8IP18fO9MA4GA1UdDwEB
-/wQEAwIB9jAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
-/zANBgkqhkiG9w0BAQUFAAOBgQAUW32gQakGpEtbmPGP8WBo5wdAtIRXbRp/VGK0
-zZZzXsoEoME9XCHEOVvWO09Qcu1VP7hwwnaEqgYGWl1ooUih33plStn8ETtzLcQ6
-BhOfvj216EgmZINuLcozCAusomtXZJ9yRHO0uRveEebjOJYPWqqv3zD9NgKck6cm
-kq1Hlw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8E:1F:AB:46:9C:0E:4B:6E:E7:E5:57:88:0C:27:93:FE:27:D6:E7:12
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8b:2d:ce:68:13:85:60:64:90:ea:5e:1d:ad:93:65:9c:93:9e:
-        a7:20:49:c9:bc:37:41:b6:05:bb:6e:b9:8e:c6:20:5b:d8:6b:
-        a5:76:f7:d1:40:f0:73:d7:19:68:a4:b0:68:ad:63:f0:b1:b5:
-        a0:52:b8:f6:ec:55:74:22:37:a5:2f:01:c0:af:a9:69:b8:54:
-        e3:0a:3c:06:10:23:3c:0b:7b:0d:e8:6d:ad:9c:36:b3:d3:54:
-        9c:6f:4d:c2:e6:35:e0:6b:0b:3b:a8:10:3a:86:78:76:1d:17:
-        08:b6:ec:1e:da:17:a1:3c:1b:ed:a7:e3:41:cf:45:cd:d2:b3:
-        b5:83
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50
-MCBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUjh+rRpwOS27n5VeIDCeT/ifW5xIwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAiy3OaBOFYGSQ6l4drZNlnJOepyBJybw3QbYFu265jsYgW9hrpXb3
-0UDwc9cZaKSwaK1j8LG1oFK49uxVdCI3pS8BwK+pabhU4wo8BhAjPAt7DehtrZw2
-s9NUnG9NwuY14GsLO6gQOoZ4dh0XCLbsHtoXoTwb7afjQc9FzdKztYM=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6EE.pem
new file mode 100644
index 0000000000..4d8dd52863
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BC 5A 37 7B 3E BE BD 85 D6 14 A6 8F B1 6C 24 04 8A 7D E4 08 
+    friendlyName: Invalid pathLenConstraint Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 subCA
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBAjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYcGF0aExl
+bkNvbnN0cmFpbnQwIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExNzA1BgNVBAMTLkludmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlm
+aWNhdGUgVGVzdDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGDA3e
+m7k1Do5rvpYClVMdIDcvCU2SHLNNPewpFXamFNP7kZlxryeHmk+0HSg4iwu1Xtnd
+t3FQwV3EtxGfZGTtrQse5dozWQbtLh3sPvI9nEFOj6TuktbSkT01Bnb+HXxA13od
+QKj+Y2jJK8CfbzIQHh2JFfHY+rIjFL7hTgLT/IR8juMmaQxLTOtgBv7E07Vth4jA
+ry3Cs99c4F/NSIkLS8jphIbLXsmDHNeW4eqMl1DSRXJjygW48rdnmRLv88mp2HMI
+MNKoyiAyRogziAWD5bVcpnR2aSUgn1yt/hBRxjcKXOMfEDQEJIcMdgvq1oPmr53g
+TfwzCsWgTm0LV/KjAgMBAAGjfDB6MB8GA1UdIwQYMBaAFBRiZxB90jfFcgbQ3n+1
+Fh3Ko3NeMB0GA1UdDgQWBBT9iekRTg+hv4S/pIHUQuasw7wnATAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAfYw
+DQYJKoZIhvcNAQELBQADggEBAIiEa74JBZwpz1Y1MWdNpLE6YVBLeBfNDYLBLXgt
+t7pbeclKlY/28YLMWpACQysthnYfGOdXHOpHusbVbQBh1f1BiKHA8BfwqCC3oQu6
+9bugMmGSab2/UeNylWiIO4C3q2LCuFjNfE04V1Xl3XVMfFbMEPOqFkOhh4U0PuAe
+cYfCq23PRNyRtcYAWkQ0uPujg//EAyq5CVJKn2SZ4274stQVDeVHniaS4vYe+PJN
+lkqAicrYITjOlFmU7UerAN2F7rRcFWbuEF1xz4/vZItbidCdFl3I302/a94nQmzF
+BtoYYNVZPypEd0G2a8s47+mgAqG5leVPp7+GZb9igx2x7ig=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BC 5A 37 7B 3E BE BD 85 D6 14 A6 8F B1 6C 24 04 8A 7D E4 08 
+    friendlyName: Invalid pathLenConstraint Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,801664664B826479
+
+opViAlS7IYK44zekgL+iExW/Z6hZoZNylw89IwApslwn5EoKViqcLUu15ZaaWyk0
+pvhWm4yQVM7AL/GRpGADjTwZnIvmKvInsVTWXwnW2SVMpCUrtGjXonN3ijInwd3s
+v8vW6eeeg5jGTN/pS7OAVdQ2a63fIZD3eKPG21aWsPp7MhodpVbtW3tzlJsj/e0r
+VqiQ/O3J9wUij+nxolRhBRk39WvaotaYCOw0nNQuTf3/KEbunDPUgyJtorHiFZLN
+h8l7owjD/71KodEuYf37f2nosb1FphAlRsVKzNGbv4cUU0OuxjRhjNuZGxTeHk+r
+4kVO3PMhggubShSz53RSWtYuD9g+0ohBqHdvg2FMLyaRpjkPNN/vjmejuowGPc3F
+l+h4CdayR3MrHMK8Bjoizj3Xoz/FuyqxbyVnU/6td1m5GAFK3wfKju2ylZCwx+df
+pB4c1RJH79O4G6B3fUC+Z2uJ/7fWs0EbNoVgQFYf1FXqjW0IWyS15RqDDdvBKLFp
+a1yai9kCwd+zvHAwpIjtOfBF6w6QsneCKxP/AZzW44wQWh9b05cUNnU8b/07cO7b
+KM6KFOhUF6Zzw5O8BZtjzGSpvWB3w/aXCyrTqmaoc0zR+SqHsN+xuR3gKxVzgDpt
+AoP0/f6kLP6ig/roAWfKVDJEv/Hki6cxpWjEE6rYs2gaHdTWGdVamRaf0OvDF1UY
+U0AzN1AwEW7fSsOx4Ulu8PyiHIHg+EPkb61JgrUzvA8HKAvPyq4U+CettPUZLyzf
+W4ZSqRovjHSgGFnTkqhV5f8RLMveGeyP+4LM542WMSHkKmR7o/MiMOw/hsqpWiFI
+KeJYEiGkka5hh54K9vtkyTpQeNjv2IkXmreJUyZ54ylCCOdQVxhtINfZnhqDZNOu
+XQ9scCs0/Nh5dHDBC7lpFTda+0vCBdYljEE1tXCpHAr75jKONelW/EtijXuWw/Ji
+/57Je0zo+CJ5uxc97fEztbVj/Ie7gudXL2odo1I6FCDiHETdsWUdqxR3Q3qTgLKP
+vWE8hHR9xXRThAUh9wQpe8tHENs9rpuhocJUHxZu1zmXlFMPqpN2ht9w1Hlip0it
+PqwZN05TAa/fMSgkA6ENmAVU3vDLryTHtbyiwRaJ/Kx4u4Vy8qa20Ot/PI4P2feA
+9Y3nEKfrOMf0zwcd6rj6B+5SjHZMOP0F9fCvofmXsTYxF6b7y3PiesB7bPuJSixB
+k2Zbcgiyf9GJFpwG5o/TfQXWJ9f5gEJRBkSlYAgMywRTKWJtzSdddbNby+d6tgRt
+g2iHFMHzmjmcXzNOqIlXUl2QDKtXvVs+e5UNTXu+pXS62WW82gZoxG3Kc5ujlFvS
+yQnt3ArJA7KZIjHaO4jYKh4lfIvWxhvioHYb1x/DAfP+47PwXoAk0fn5NPVtVG+k
+hF4xakmkPBts6QT1GRWOg4gIXTB77i82c48zYLCozMbMsGfXpmidMprQhttkWobf
+A7EfK8NhOIl9mfnvo1ZzPWLLBBHQXPBsehpLaLwn2uiNKHSa4DotclkhRkfQQpbo
+JtXb+kk/KgBB5ZcHwLE5Tpn+KukxV7+tHesdu2MFiNlPZ9wzw+nFOA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9.pem
deleted file mode 100644
index 8b61201901..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9.pem
+++ /dev/null
@@ -1,210 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAt36UX+gq562CFiw9L16IZ/AjJhU0BB9ji/77uw3AfvBGggmikeDq79BD
-yzBFrHys/L5UeXepakX1v+XvlxFjwvc8c226jf6uKEop5KJZDI8aV4byQvc1C8Ol
-MdgZ4pd6ofTl28r1VDkdDt94c7+Gl0CqBo6LawwGmNfSHUWqf6UCAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFAJIeLnM
-AVExdH85KjfCRJN+mGmAMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOBgQCm
-Qa7i6335O64eyxJjXl3U2Bw5wN3JaK9t7f4dJAxfOlcblWbbes+Gk12UCYtxTZDj
-oZ70F4IoGU7JQt5CcdB2yQtctPK+X7A3/Vsxjknm11nCn4IhcU7LDkEiSovBGLR0
-KV3NAqQQhr1WQoY1Uf3Ncpl7b+SaZscZ3r35UJo4iw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTAwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTAwMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQC3rH58cOqP9U5iyQflKaVyYw+1LMhr3jDW9/Q3aedlH/TY
-iLmT71FUjHaJMWOCO6sAEYMphrRdIUy82rai3iJgrNtJ21uIFOlmjgwgl9amHX8B
-yT+qgiwLs8kzE6NgPYHgLgbKEIqgZ+AZplCt60tCbeGKLR/WtXrxAIgqU+ar1wID
-AQABo38wfTAfBgNVHSMEGDAWgBQCSHi5zAFRMXR/OSo3wkSTfphpgDAdBgNVHQ4E
-FgQUauYRxUFtrRo+gtywXa3yGfFQzgswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEB
-BQUAA4GBADnBidpEzasWbrLankXCoCaeizozu2dGAMMWpbs02cplC/vIlcr0myWK
-noFSuxUuQa7sMxp72p5r2ziJp5pk1gT2KX/kgOYlQqgbJ4UmARGP7er+zIPulXib
-suMShSCGO1xC+fXppdhPy+YQq8a7Mzi7XKqP5su+aTWw/B3a8ys9
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
------BEGIN CERTIFICATE-----
-MIIClDCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTAwMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowYjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTcw
-NQYDVQQDEy5JbnZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVFIENlcnRpZmljYXRl
-IFRlc3Q5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxOmk5mQAdlYGqq0qW
-czN6fmOoFbl/XRAhBs0fzOYu7b06yC5QFIdW3963nkjYahDg/x0F2buDbOSNRvG9
-DPmercWLmz3Sar1KgPxqTCQ5XiTZ0t+20u/oYEM+0anic4RKiQNtuF9Ro4U83wdW
-w8ljyEFY255kWP0HVLh8REn+dQIDAQABo2swaTAfBgNVHSMEGDAWgBRq5hHFQW2t
-Gj6C3LBdrfIZ8VDOCzAdBgNVHQ4EFgQU1Bk+MIR/ztV37I8S8/91EZ2nlYUwDgYD
-VR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0B
-AQUFAAOBgQCWb/JZpNi+GTLgqlUUktJuhFQzGNKwQLHtea991BN5v6GnXYtgGZhJ
-T9plUX42APML+l+b1J6DzyJYlrIw6EXf/1ZtBf0YzmNbJ7robzIjx0+3/EHFeOZ2
-B7X0aaJ6+tt/sgGcLueuSG2C/6j8cnWbKJpAzzocI8hklIO+EWdRWw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:02:48:78:B9:CC:01:51:31:74:7F:39:2A:37:C2:44:93:7E:98:69:80
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        44:34:f6:c5:c0:16:f7:24:42:33:a8:e4:ca:74:71:94:76:93:
-        e7:4b:7c:a3:8b:ac:ae:11:ab:46:94:f6:0d:88:b6:e0:96:1f:
-        ab:04:6a:92:b7:6d:4b:aa:6a:b0:13:58:58:a7:7e:06:de:c1:
-        26:d4:09:e0:7b:a9:e4:dd:73:da:b0:cc:a0:61:ab:c4:c7:cb:
-        c2:e1:66:f9:f2:2a:c2:c9:59:5f:05:c6:74:f8:bd:bb:92:24:
-        77:12:34:23:7d:95:99:bf:35:e0:6f:cf:2a:b6:19:29:9e:59:
-        d2:0b:2f:07:44:25:66:6a:e9:5a:ed:7f:99:33:b5:3e:65:69:
-        57:95
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTAXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFAJIeLnMAVExdH85KjfCRJN+mGmAMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAEQ09sXAFvckQjOo5Mp0cZR2k+dLfKOLrK4Rq0aU9g2ItuCWH6sE
-apK3bUuqarATWFinfgbewSbUCeB7qeTdc9qwzKBhq8THy8LhZvnyKsLJWV8FxnT4
-vbuSJHcSNCN9lZm/NeBvzyq2GSmeWdILLwdEJWZq6Vrtf5kztT5laVeV
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:E6:11:C5:41:6D:AD:1A:3E:82:DC:B0:5D:AD:F2:19:F1:50:CE:0B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        42:5b:18:71:be:d6:f0:b4:80:f6:33:3c:cd:99:0d:26:f3:90:
-        70:42:44:f8:f9:61:72:1c:b3:91:02:0a:14:55:67:d0:1b:23:
-        06:f0:90:76:49:c6:82:23:70:da:3a:15:95:90:80:aa:8f:0e:
-        fb:4e:5b:9b:66:38:21:14:15:c1:65:71:1d:e5:b6:90:ae:b2:
-        7a:73:84:9a:1d:3c:f2:2f:65:0a:b4:7f:52:90:a1:1d:37:a6:
-        24:a8:7f:5e:72:e5:1a:8b:89:31:ac:dc:0a:3a:d2:15:7f:f5:
-        97:f3:1a:82:d6:fd:74:b5:92:0f:d5:d3:a5:74:1d:a3:7f:62:
-        1b:c4
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTAwFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBRq5hHFQW2tGj6C3LBdrfIZ8VDOCzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQBCWxhxvtbwtID2MzzNmQ0m85BwQkT4+WFyHLORAgoUVWfQ
-GyMG8JB2ScaCI3DaOhWVkICqjw77TlubZjghFBXBZXEd5baQrrJ6c4SaHTzyL2UK
-tH9SkKEdN6YkqH9ecuUai4kxrNwKOtIVf/WX8xqC1v10tZIP1dOldB2jf2IbxA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9EE.pem
new file mode 100644
index 0000000000..6588452f7b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 55 2B 38 60 25 2F FD 5B 4C CC D5 AB 28 A9 1F 90 7D 80 0E 2B 
+    friendlyName: Invalid pathLenConstraint Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA00
+-----BEGIN CERTIFICATE-----
+MIIDozCCAougAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YkNBMDAwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBnMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTE3MDUGA1UEAxMuSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANLGB2+a1z3R1ROq3nfJr1wwDsswYFEnvsa/Wr3TmkHChPZaiqssCUawxeeCR1uu
+FS9X+Lt3CTROXKQ0G3GujkpNxTP+tLTjzSIRUOaxcyN8AipiKL3wwBGm36Mvy5Nh
+PGCOuQnvqpysvKtV4FOt+zlFZRpYnFR/Qom+v26vwECAPKmP86Uxs7o0umgUJtDd
+Sk5ihTMqD/aZ+ig+dCze8Ornxe3fS6NrnnvLWKSB9APN8CI3q2DWaiN5HtSU7la3
+m39Jzu/mPD2tEwrqJr9GZlj1Wgy3a0+zbHjiLYVQmXVcyfsH7LrQzXGuEMc1WKCo
+5KZMqejlnBPgeVTs1fNFa70CAwEAAaNrMGkwHwYDVR0jBBgwFoAUurniiPfUWSWK
+4ynfT6AGON1xdIIwHQYDVR0OBBYEFHkjxiIM9f+ESDif+mKJj9uEIvlSMA4GA1Ud
+DwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEL
+BQADggEBAFDUrcx9Aq6taCu2kipVTgU4GQ9gJ/lEwCW6LP7p+D5iRJZsmXpXHIw3
+YZDBgxGXJXHzUFzeBbySLu/lQfabnq0XcLViWhgi++Ikqr8MPxoqbUvQH412kdbe
+b2Rf90fk3Mu31VrIBLbEp6U/h0QWWWPKJGcY+Z1jgdA14m3b1LPK7/p1kfT1yb3/
+cTtmliG7wzcWsecmK5xz0irZrywun2yWQhcps5g+lhMcMghogHKEmN0XnFqgL7ta
+beXQ4GEHuyyRoRuXrh2QMyDkFgr+CyqCbEQO3UKbvTQD1Q+jPkYpApi58UXxaKfa
+JTfJg896LS1hDrZG1R2AOrhUFidhPXw=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 55 2B 38 60 25 2F FD 5B 4C CC D5 AB 28 A9 1F 90 7D 80 0E 2B 
+    friendlyName: Invalid pathLenConstraint Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6432CA2B85F30C35
+
+Mrp7JsvXVS28CIPmVV/xryGbHQaaYvpQD5Zir72ldbioSc05c1sI9lr9wADmtfUI
+clvXPryK4pDNdZnZD+3yhDotv1NYAYBOk5nVsDgzCPu10XSPKs1DmA5OHFOF6AP8
+r2rlSm/boRxnhVG1GupYpYRpPjDRU6ewL4ionfr1E6h5Dy3v+bBFmxynqmp8pbWI
+60YeRDYddcMurKQdfUul9uDnecFxemlJzSSWMX66gURg+T5iafEhG4mwM6mM381K
+TMnhKDqEaVggI61vHerdNc0L0P+tJ4fPsbu+2rIYYgHi8Qd0LKbRIOiGFuA51RrM
+MDSLi8ESPP380fhzm/YQ9BruKA+S8ZkWLnRH8Pgz/3pfIAbMWeetCBgoONJlwu/j
+8Rebetn+d44v/1Mw2Y2FMYjLyjjRrn5kJ669iswBqpo1yGW9TH99fIpHnK8UY/yj
+0amWiBEoLoRZ1/y3ipmnc8nXBHZS9Pz6Z1cfWVftZ5roSivqx5+BF1ijvyBoxGho
+wVZVyq2FkNEJ+27RdY4RyVUz+mhEIlHCelqd1MH61espsxKjX91QSjLPmqUIQTD9
+bemzzG/gK9yD5iXl8Pdo7tGddKSDCxTYMpo3Zb1/4aOw5NWrh4g22Pv4CAojuhx9
+7NIh09xB2XrNg1WrTU6t2uulh36rQCUysc5i8TrhmY0f/KcIKaUFI098fzM6WmjW
+x7K/qBuUmccvcCLPw+qc608Gh9IYLhuZXo1GV0tll506+mycqW4VWU9D7IHrUIz0
+nrp6Qx/zB1UzjFsSZkk10T5BshfsGbgWpsXNM01QsXPQV3VXyrrpvFfCrO10BDpL
+qxAxtLvvhIR7un50IhxlpYJuk2LS8W9yhdkk3WjIMWtKEHICOKl8suGMhQn/wtSo
+f+7S2BSkPc5hTBc/Ikijqxbz63RzF94D7mMHFiVQGYwXXS2pEiLmyeK7DRPoZYCA
+LzNOXt9j/fXU91ZVnrSIFrwk/QNklnIPN0MO8wAFZWEDr321GFghT1izNulkyLJT
+aaIwaFj+ZDXZJS8iu+SAcjggJPNYdobAhhj1pfq7MVoUuSSaTaSdZQtoXRgA3N58
+fjtV4g7evqF78GVfuNC/mI3bW+lzlkB8lunjpqLx/GzWIzugVWa4ypi9AAgl12BJ
+MYXMWyNGYY1xslYrxDwOs3Aqhk33JMS3lEKP3DpaytPAabPDjJlfEOpjb+WPZBgP
+OL3oDdxfrZqDf7vzDkVknAWuk1kvgEn5fgj0uYVbVLeYZ6KUtDbtejskB5KQ+UUG
+VTSvr8md2DZD/4aZfVLABCIuACgNuNjGOWiUSKH7nHrXAqGtMsffOw9JAUJty3V9
+djI3JnyIYeguktydV/VTyHDhDfG9eXv62ifx4QmRuDTVOW8WJmMN+zoFiHu5kdSR
+UaS8oknmc/7ltHdf2wjMaNdsLJKBC9MPBxxzDNWc+aXq/zaO/Ka5HqGXWsJlHDQi
+TJ0jelMY/4jCh03wUbt2/JHo9+SzDEGmaHwdlgon/vJ9SCzNZ+IL6limnAA5nPHr
+p3IP5Xu1iJXD70rJbIZdZCN/2iibX5mrTx9tcUT1ArqFGVPtaSBzvy59BI6oWHZH
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12.pem
deleted file mode 100644
index 2f78fa8423..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pre2000 CRL nextUpdate CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBDzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcHJlMjAwMCBD
-UkwgbmV4dFVwZGF0ZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlMZQ
-vRTxm+l3FRtimp7Exo1NygL3qQsF8cpvpQMmM4S+vWWIQcZPBAGfTi4eW4ubaKOh
-UqzxbVtY6R97mA0Ng6GHXIclN5ozja/xJdqdIOz9CsB38IvgyXTTQv3kF7nch9Ir
-xAN+7Bf5oWOdRbN6Y+i5iDHb3j7f3r8EFtXX+EcCAwEAAaN8MHowHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFL16NgTVXQmVv12uq+yk
-UWCNJq9WMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQB9/jemk5S7bYWeZC4Y
-bzwXzQEjfRTlrJ5xIj/cOAWG+BvCzeSkaoi3hw+Ltt/T571j6NoAQu84Mx/Jwbt/
-zNBwu4iMmeaeU5GM+9oTVU8JTOog2ZPGR2Yn1luPQv5LwbPE+mysPaEsM/mTl5cM
-OMB0yUOD5/jo/76IJhN/M48tvw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pre2000 CRL nextUpdate EE Certificate Test12
-issuer=/C=US/O=Test Certificates/CN=pre2000 CRL nextUpdate CA
------BEGIN CERTIFICATE-----
-MIICljCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXByZTIwMDAgQ1JM
-IG5leHRVcGRhdGUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBo
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPTA7BgNV
-BAMTNEludmFsaWQgcHJlMjAwMCBDUkwgbmV4dFVwZGF0ZSBFRSBDZXJ0aWZpY2F0
-ZSBUZXN0MTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANBocZCE1yNSbZiU
-rcH9R8bB0cZERzxNK6g7d9v0tUsmbo0Gk2JgSaKG9vBnOpxJhJ3hhSxNmpGpp61Q
-QlGo9louMi1AzibkrqOllW+FgXQImr89cxEicI9taSS9QRSIIKPW3kF4EhuZp4vR
-SksCSxXsghAsSWeDqx9CQG772BiRAgMBAAGjazBpMB8GA1UdIwQYMBaAFL16NgTV
-XQmVv12uq+ykUWCNJq9WMB0GA1UdDgQWBBRtKwIpcpf5JIosL9wN9VKKwAiAWzAO
-BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3
-DQEBBQUAA4GBAIk3Dg2P1RArTBrVZ/kPeRAld8oPoTdmer7YAloo1Zavmcm5Fcvn
-WmJfONAye0p7jsYSkv6HMK3DL2b4/KEnEDB/Ok9CLOdvoTtptk04CiSXOcQcP9uK
-NY3uZgZoTo2O/lBe6KwA2apKitWtaHf/2Ig9AGhPvMBWtiDmgvpWE4T7
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pre2000 CRL nextUpdate CA
-        Last Update: Jan  1 12:01:00 1998 GMT
-        Next Update: Jan  1 12:01:00 1999 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:BD:7A:36:04:D5:5D:09:95:BF:5D:AE:AB:EC:A4:51:60:8D:26:AF:56
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        3f:41:4b:5b:b5:47:1a:77:7e:2a:87:63:65:06:9e:f7:18:96:
-        8c:41:41:e6:9a:4f:45:91:ed:dd:8c:b1:d6:1f:e3:41:71:70:
-        ed:98:51:35:e2:24:bb:cd:26:8a:c9:43:f1:4c:58:43:2a:31:
-        5e:94:a5:5e:09:93:dd:a0:f9:d0:1a:c7:fd:d6:8b:4d:4c:6f:
-        3c:d7:43:6b:b9:87:8d:c0:fd:f6:5a:a7:4b:f0:74:01:23:fc:
-        61:24:fb:3d:32:5e:f7:fd:86:de:52:3f:09:2e:b2:f9:b5:99:
-        a2:2d:96:83:2e:b9:a9:99:58:fa:c0:e5:5b:8b:15:fc:0e:d0:
-        53:32
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXByZTIwMDAgQ1JMIG5leHRV
-cGRhdGUgQ0EXDTk4MDEwMTEyMDEwMFoXDTk5MDEwMTEyMDEwMFqgLzAtMB8GA1Ud
-IwQYMBaAFL16NgTVXQmVv12uq+ykUWCNJq9WMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAD9BS1u1Rxp3fiqHY2UGnvcYloxBQeaaT0WR7d2MsdYf40FxcO2Y
-UTXiJLvNJorJQ/FMWEMqMV6UpV4Jk92g+dAax/3Wi01MbzzXQ2u5h43A/fZap0vw
-dAEj/GEk+z0yXvf9ht5SPwkusvm1maItloMuuamZWPrA5VuLFfwO0FMy
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12EE.pem
new file mode 100644
index 0000000000..29dac9a077
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 8E 8B B7 54 59 56 74 8C 94 BD BC EF 08 63 B2 EB C3 32 D1 25 
+    friendlyName: Invalid pre2000 CRL nextUpdate Test12 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pre2000 CRL nextUpdate EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/CN=pre2000 CRL nextUpdate CA
+-----BEGIN CERTIFICATE-----
+MIIDpTCCAo2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcHJlMjAw
+MCBDUkwgbmV4dFVwZGF0ZSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMG0xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMT0wOwYDVQQDEzRJbnZhbGlkIHByZTIwMDAgQ1JMIG5leHRVcGRhdGUgRUUg
+Q2VydGlmaWNhdGUgVGVzdDEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAyYIKZ04nGTfv/cQgZYw9cORsRCow8lt4l2dL1MVPp50YW8e2yqrhPsjPSJUu
+7cYDAPjXJuBo4qSs1tIpRPU2nafDBsCNUFLRX7lpYXCMwj9yh+70SMmqlNION6Rd
+wLpfGWAH1I/TJ1P+dFctMBp4LOOMZ6nBTpfUfFN3heMmRYGj0XWn4uCBMzMMb0Vo
+HYCinO85FZ4lDAOhrz9hTgsR8GlzipckTmp8/xaTDCtRy4BJXz7gq1hTbGWJbgQZ
+eM5BKetvQsQLMnD5BUtv19lnuLpwt9OPggLQOG/oaMBpTjeri1pjh+jwQwJ7TW2z
+xgIw+ACnsLtZLNG2zNIbkX2u1QIDAQABo2swaTAfBgNVHSMEGDAWgBQeqEecYYBo
+KLFCmimM5igDKZIDzDAdBgNVHQ4EFgQUKCyOURD8t5yIKmvuLGs/+HtieYQwDgYD
+VR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0B
+AQsFAAOCAQEApdQg4JH6mV/wuIWWYaW5mPskzRye1Y4o2fpaX04xvMMnOjhEEOkY
+WmuwByb2dnjP1jYmqUxJJGEzDGuX3GEZuPmM9V2jicHv/SCn30vpQjA5dSo59Y3k
+7VOqInWTvmVX4YA8KO621BUZ0/5bZpjtXdqVLRDO/WEUIeS5YzMufnJTbhjb9Nov
+kmNOAkhOfyN0bTaInfm0p0RLfMOB0Remb+t3HUcQUNQh6dGDo1Q2EK8HnFvGMD7K
+3jXEyeiXeP1h7S+FX0MNmDdjlE9IQV7fbOJEdS/00fTxn2Z8aEGjklWusNfmd5Bu
+IuhmPZjMRN1yOspse7lJDPtVGCRpYlTruw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8E 8B B7 54 59 56 74 8C 94 BD BC EF 08 63 B2 EB C3 32 D1 25 
+    friendlyName: Invalid pre2000 CRL nextUpdate Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CAD3CE9838B0CA00
+
+pehCDyTDvbCXH3cQ1BMx4e7zOorF53pZeabAY9jzVzj++tnGRldIwbxecWmz/aLD
+XxLdRr68T0MUho+dcWIiA5OgXbYawu0HUt306xopcFooaXLcudFHBnpWHy7hHBGW
+Ayq63RkY7WpSVNY7vANMZCOy+CjcL8ruQQlvrn70gRlbsIsC3aDTFtk/9ClUFDF8
+HcUC49ie+oJblqL/PcgdUjid3nxLPfX2QWTdmCxCMdDX5SUNoqbnyrWsEdGh2qr2
+mqtJTOTTFou+qIffCiKFWqVIQIU8AcS06cPFXB7hDKynHNrEiAVruh3w8fsb3ks4
+RtWyHiT9aqZW7siubZO3MAviRobczeVEP5V1li6BTWXQI/QK2H25Fh8A6IwsMWkP
+TceuS8MAcwy1y8oSzEkpL7RtnFyDCctY4AygCUYcJsShIx3yoCxMqwEHJUcw02YM
+QqhZsAoIxQEuGHAhFEbFzpbfBeQLE4rL5qx22WQtbvldJwtwsAGZggrLJD2SJg6+
+iAOf4RYoFnNMyeh3j7ajvRr3CUIpTRwNhdkKcTlwNtZSm6V0H7CGtbkJsFcaKF1/
+TEnx2hIT0YUylK4z1zmgtWJOH0iJOXgEbEHdENOckak2MnXSK+x1KNBcyg2sRi0x
+aAMSZKWFNNXkjd4MUoCaqNUgaEeAvgzGGWSvcKaPWAypRxrxwVuWI5AgDbPiKLdm
+jGg+YNaWZiPMuJztgFOHTdI45pSxJghS1NioQpIZPbYtIxPstd7wMgPdPVMo5wLI
+GfMAxDHYBui+6CjYPl7/OCFfGFIdL/50zoM70LL1i07eOXMMuzWmexy0suUBzkrr
+qnLP9eG+EJzgsQdb3/1MtpNHUcRnHIkV7AcQiY1kXd2VKdjFMhqPvlc9vsT8dI+Y
+M8++Pzl7teyjAO+RMmtK/rt+rlmaFJxLc/qYIz/1aFI/OJ1neZfq2rQ7+srfB0Fa
+bcFRgHKcH2nRDOOwZn7Ov6phu0IdZxBDOtMLiETD1mUL8242vfGkwRdrvg8RfwSh
+0MtRGojyejeGKYzzojNxejex7tY+VC7OOZLmGj5GKCUQpsgsE60WaV14AHZ5K9Bv
+pRRul87VRoOIk+GUnK3u+taFu+6DyGiGemU4OUN2LO7KMgxdg1+Ib6Xjl+wKjCog
+5FzVs65TnPStwks7xR4vwr/ZfZ8xIRqoUGkpuXeGORwZu5OVtN2V9TejoXRO43Ip
+8BWteG8K5XHBmV8p7dkFrlM/p4kvYn3VEAibQpMJC6M7CkBhHGFf2qDuVY0xHxwL
+RBB56OkMb7vAnTzjuPgWPGOkBt9i5tS1DZdE8tcG/mtDi9rLuoER7PNbgOGZ9Mcl
+fST1OapCef5m/WVEirMbKwVq81XdbA/FJM5XBHPyU3WnEjZjwYwfmUDF5ifcRAnH
++MJGhr/ge68yJ5TwueyCMrtshNPAKsdW7QEBw3a4VuWNCqtETBTA0jcyaSIxH3ab
+BfhoMOaawdOz6XzCyr7UVRTtSplyPcVsl2ES5vuGXm3L4/zisiEbwJW3T9enE/oQ
+aVSxGpJPzqAmm4i8Rj+QFTgC1m6j9w5W+vx5cfwHGPWzUJAI2socqQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7.pem
deleted file mode 100644
index b36583cba8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pre2000 UTC EE notAfter Date EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBBzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwIBgP
-MTk5NzAxMDExMjAxMDBaFw05OTAxMDExMjAxMDBaMG0xCzAJBgNVBAYTAlVTMRow
-GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAGA1UEAxM5SW52YWxpZCBwcmUy
-MDAwIFVUQyBFRSBub3RBZnRlciBEYXRlIEVFIENlcnRpZmljYXRlIFRlc3Q3MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7fxx2WFOac683w9E/iwLeqyFtr0OO
-RdS+onLEY/+HO6DR2uuIPEkhZ8MwxAnnLs+6tichSMDs3WUijbbI0KTEulpVVGVz
-D1Y8zI7z7TEWD1B/oB1pSot67IosuyjfSIOMRr3UlQHRonE2nY04nyFUfb4yYE3F
-GlcCUdTLgIEgSwIDAQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPf
-mhWUxzAdBgNVHQ4EFgQU5KvHTN9wvcrF55wNiarbUUzd0tswDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAW
-bdxkjCg9Ra6xo4ngUHF/RWRpe2353pvN0p32EjVjMyKTe1p3xZuFzCM9oi/PvMT+
-DlqUJpiiJJa3pDXT3Kh330VeTOYLPaAgRqxqm85gUTM3K+/1aHYOKNzbZCy6180y
-8ARB/lNpi1PO1KeJN1DmmeBdDVuRGte4wUXH+NSjpw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7EE.pem
new file mode 100644
index 0000000000..3f996e944d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 58 24 DA 1E 4A 09 C5 56 FF CA 11 8B 62 00 BB 7A 00 91 93 90 
+    friendlyName: Invalid pre2000 UTC EE notAfter Date Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pre2000 UTC EE notAfter Date EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAgGA8xOTk3MDEwMTEyMDEwMFoXDTk5MDEwMTEyMDEwMFowcjELMAkGA1UEBhMC
+VVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExQjBABgNVBAMTOUlu
+dmFsaWQgcHJlMjAwMCBVVEMgRUUgbm90QWZ0ZXIgRGF0ZSBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ8k5yDE7wMf
+wlOhyZcxb9+PlGIC417Lq+G5CDDQQGbytGuZKYQR3+0AhiEUO7YwxfIeOtE4YOBl
+QsZsPUSOgSCb2l4s2rbH7V5QFfRcf8f3RQVDjMqhFXvIIWW5uys1poKMqXVDLw3x
+g3ysL2kVl/zORmqI3obmehIa2m1EUHR3jY++I43rJnFUsTvTNGKsE7HLTpkLDABH
+wptY+Ztt7J+sMc5w/pXweCkYLSdulazQ0EKwjDdmWS4BE/3CLIeQkTCB/CTkkseg
+dHPaD18xeV+4LLjAB2dsAmIwAnRiI+LouvCaF52pVBedX5cg6xMPTz1XfLzX3SkL
+3hj4LgUtuJMCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWv
+OskwHQYDVR0OBBYEFNUChZ5TMCZHiJZ+TyOTFmSU8xivMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBABiL
+KJrH+iYNkDzEmwMr9Iebl4gc2uzCObyDkbaQ/UeuxbCvfUm3x1vYbty3HNEKp+tY
+JBXAEDh2GbHU1cLzhP+tNTYQuqgWzE86ZOKWLYI7wUkezHwL00wtOYI8RQfAScGV
+OySp2qwKgeKjXUAd/BVa6FVOzXkHavXNy903ssmko4d9sD+yb9FFY9UrlmIhXewl
+lR2rcUDtHT0dH5PJf7arPoGTRoePSFWeY6D7IBNuXfuhB3WEj+UQzzoANelmavIL
+VwM88Eszmwmofr2sbWi16b6z7XAKbwQm7n4hrwOd3vYTO/zRM0KBB9Y27p/trFLL
+6CmNjRghrN1erPNL1Z0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 58 24 DA 1E 4A 09 C5 56 FF CA 11 8B 62 00 BB 7A 00 91 93 90 
+    friendlyName: Invalid pre2000 UTC EE notAfter Date Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,58E9AEEF18E0642F
+
+lAF8yCrsPn67Fka1CA1NSaky16Uh+B4zjRfG3n3kKiqTvKJvLsr5AiQ5jOUlqQMk
+udlOGVTmt+XcHhAn7FLBWhS36aKrx3KV+YuHDSYzfTBjXupj3Cuhc2mQ9EMLmPj0
+MkcV08eg+Pp6IjMDouzq3+pNQljkBQjA3zNxt4ZXJ8xBiCugYPcIojRBHq6xWX9E
+Lhi6JnkjZzpC9VW7FCbFM7xIcwWCfl2mbOZ/s8E9gkU+nZLqFC8dCf/ZZGuLJRaL
+a6hHfVUvUSiMDJSPvEkx0TnUGQ/BHnwUuol/ICnFYesRSJsJhjAyy/AtjiC8nH+0
+9wcas1x+R2mk9os+EgewtoY1RZ4gO8Ug7JODD6NkVAaRAlUXABdWV8tUEnpNfhVR
+87XydAEmHUaK6zHyjIGZOTAg4uFd3Fd7vRbPbBtMI95d80eUYIBq0ETBQ4P37Gxy
+BVU47cWMWNsVKbA0g9LkGLOrfuQZ0Pv9m0eDV8pG8sumOE2HuxPoPFNRnTmhElCw
++sWX/i9/vDuyE+ZaCYvsyGrjwRouenzqh0J+eqwfVFOy1KGIdTVR6/VP5+IwPrqY
+me6gmDsgqIn3JxJ2tTKXYgK7yeviRJII12qLNfxute0tpHnDuOq+LUeZJfZh9QGW
+hsKhprgmq1R7X2dkG+xshnoJIHN6fxB30ENOON4fk58KlQdzaZLwtL03vq9jixBA
+LmFbf2yJSUsbQDqFDcnty+yLFbHk5fyla/LV2SY0n03TA1HjcFHcdkhZRPo3ZVnL
+TO0nRM+IWHuCUNG47tR1GKuykxOxMZbRWOI6EOGUWxx27iIDzRWeqv+Aw8Q+zsf9
+gIO2oZwOM+6yPrMQCuZViVtDb77b2fMmxMd0CFTNdYVFJUjNrTuArbO7zBPydJQG
+3LfSLmHFNiuLpE/mR0KrHMiRTpeQCdYTj2cemXo/mG7sATWQyBD7Gb3P5UoG07nU
+S9yy9y5/p2Dw87wuHFBY7oMQMX/cx0SPq4U+8nPoVYaqF2qhk2IetAKosyZm8/94
+IoSAo5KTM4OOZmkzICCIRn5FJW36VtwIYJYQ7iMyJXTHYzj3aBe8Zt3lBfHs2sVq
+ULr3jh7gsybyJ6ZLDA5CZBA/nZbsEp9a+fLxpaxGNLskuMy5Q5qdQg+p73VxNT0Y
+56OzvezZkvxpJuLPtHjfiQ9HpHmRVHIFPQq9ivnpTdecqR2jusxs24irbJzK34Ku
+tuo5u7AgamCx5HuCnSiKl3Z7HiXmSaL9d150TlR1S1M1yzI5f2sdmgH+2HJEIY3b
+qvCN5bft1eBrpgA4bfsp7uG6M/B+9cWtPa20HSJhNgg7G5A68ZlkE4vuo+0XdxEn
+KVoOrTi/juPJgS4wgp+l9uoWUkVhZ0bbDo6fo8GFcySnFOP+Sb7S/28KRa6ycBCd
+H9i89IjSkbtkBuuHRZwsy0wNOkngjyNKR1PVgiqRTdJQlCS7VZlEwKqMJUVKU73z
+ndkJ3ONBcy6xAEQDacZsZ+TWTXaz8jsmwWXlmwsDUyFHNHmQmIBuyBCQNF1kcr3u
+qHnLtCYjzFrDWTmZfQiR3IiThQavp6Ke5sP1NkNAS2D/VaV5zVzeGw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest3EE.pem
new file mode 100644
index 0000000000..c562f99fcb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CE 60 90 80 75 16 2C F2 2F CE 0B 9F A6 C2 D5 98 11 63 61 44 
+    friendlyName: Invalid requireExplicitPolicy Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid requireExplicitPolicy EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subsubsubCA
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMicmVxdWly
+ZUV4cGxpY2l0UG9saWN5NCBzdWJzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTswOQYDVQQDEzJJbnZhbGlkIHJlcXVpcmVFeHBsaWNpdFBv
+bGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANHpR/YhLPt/LkhU/hxCFZA3Ug2vdqoc9/PCCQcOHh3ZIZUPP03T
+k023na21kRQ/hNBFJYm89nteKHb/f3RBBYsQtA1tHa0BfTWqesFZavNZF4PVwLpM
+xTkJcxr8sXS6xX+SVIsEGkXgZF7zEo/SJ8Nk3nnP29uQyckOLlqF9c16D95JjlVw
+7WAu+1B+mVJTIsztDkj5sPYzxYvvLLkRmE3noJgpoZ7HqMYB/mfocfqH70PsrXYh
+ldQtkCjistQbF3uem8OEW2l1V+cWat954VUO/YzT1c3yqBD2tsJ28bMOadbkUYQs
+RDEQYfXTpCmxAJa5GFtK0mn/N3k5CCjZ2/UCAwEAAaNSMFAwHwYDVR0jBBgwFoAU
+FLvRJvSegTyLDhLP2XsVsizcoyEwHQYDVR0OBBYEFLIISgVhaKmQrx9w+bAv/uKa
+AXJ+MA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQsFAAOCAQEAVz36vPv/Ucy2
+1a6sbkX49qaUfqge0g1K3YYOMRQy3WGfZlnXkbc82SkvgTOdzMBEIGmxGLrC7vkb
+123Rv+nc6u2G0bninYms1u7qcLaGffjbtwEQxnT160WUvfRFkQnIx12mgkGmRS/J
+GKcCKzQzLiiOwRwxjEJ1hJe8ZyrLlNa0BdqG1i9UrBzGzIlF8w1S/ObHBhH28wVz
+b6gbo1HMT+I09piqPOjDsZF8Zrzsa3fn+uGfGZarNHeK7oJlKoJDYWOG579cxNXF
+YDKFJ3UghQcXcZWidGIgFfwaW2/yFt6y5a76nb0/1l3CF0G/xkuRI2IROptfdsh8
+o5ZpO/ZJkg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CE 60 90 80 75 16 2C F2 2F CE 0B 9F A6 C2 D5 98 11 63 61 44 
+    friendlyName: Invalid requireExplicitPolicy Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0A7DDDBDFB3C29E8
+
+RXGJsD02CpUery7PuNN0bVaL9DHlNl12r1u/82Rr6sRHIFIVlgsK2Y4kWV+vsUgM
+HR8dDB5B0IB6Zh9PnVnc207OIRin6jaIule+TGaoSRzYtzXZ7F8IDHgQ9sTHJtRJ
+fKDNOhnZQg4w2LCjd+c5rN/z5CxGlvpZvTSBQCx6GoDz2EBufXzb5su+Jk93hF/9
+wP79J/blG39rwpGEiSs1pXhimDG7xp0HRcLtCLaUxBYpp2ap6WFCnWxgjg9fkbf4
+kYOW5h2fHOf+zbhMO+gd9KPsjimfLt2WJHYBfRKzCr7rr2mIf9NWbo3qFF/HfDdJ
+8SedRm38gpJhEMDiZfbXEV+SPkoX8988aI/3nSmfA8aF5MgemZFV3hzLtIAAPCOP
+/1l1ft0l137kbRZTT8AZVDu9VD4M0SUdGTLLB6mHu/XR/xsKoE6SEEAFPEZLMBmH
+ws7OXerisFualPwLjQ13W7Uer89fjfRX8/oPpLvHRLLFcvgVuAQDRNmQ+L1Hgpuq
+0QcGyMVHxFfsML6he9yyxB+pX1hUBGMwSv+BwJsdaNnklcWuUR53GfD+gBOZ/77e
+Fpq39ZozWTP7BFL0EwR2V0D3RaUuBJrW6cGdHjloHHGVMfuqsoycxw88vW5oVxDY
+bWjJPJipt0hi+ZuWwIvHq9CfbzKuCDoOoNZllrKMbAt3lkbpbwRXzmifod+ueVY3
+OODQL7waiyRuyfWfxD0vL8m4SMBoOYWQjFbsDRLedW8TI+CsINZ7kqzG5Nm3Rho7
+O6UDK2vdFHIvepnmlOMBhVD+/6KpJWzOzonp5DTBhxlsOgwebzRrbI2oxtasIzYP
+DNiZS6uuLm9uJ0ZcD/XFWfxygYVAgsH+AZtGIdGVhdEsncOQIEnO9dfSbcK+42o/
+nhmuoYEbNC/DzhtqPv0Jo8yH3tXtoLUCGQvqbVC7yheMYBfsBNHsL+v5Bi88H4kU
+Uwkb18o0NNvUhw0AYE3Myp1+Sfd0n8L2a4Z+jb5Doi8KTNtKa1nwJztJiUryjc0I
+zt+MX9+whCZPQtUM7OtGXZ1dlwOTjpYfQ754JdVxTYDb5AjzeA/Uf36qeRSJyTBw
+a6w23vS4br6rgqGoR1GNqpTe8QjcpA43tSlfx7Tg2MvHg54iSOMYo3lvqmmWiJOk
+qCcPZ5uj2B24BaRjDQxC9mIJrm2VnIB1/7Vj7rnXuNiKCc6L9dr3SxHAEFb0Qa1l
+8fUV4KmFBf4J/gDmviEbJz646xq1aN6RTzeqVEV4MpXdpndNu3vYfEnw7+houjGI
+alWNvIKidiz9/yovyN77F6i2DeIJ+EFnsc1xv+v96CASKXgFxPc4f8gGpdO5LIpX
+S72QE4Tw+jFi/o6VnPvVV/mhKllXksiqoiZr1X9ifl5hDbl+bMfqTko3S+pbk1Qy
+spEkr0ro+DpVsoKo12shFG5DV12Ic3dP3/mewj50TU/2VvmdIX3mMxNQgSd4P31+
+0T7ZoKq1RSBGeyMCiQLpSKWZNY8XipikKGkpO1vum5uOG+loO5KwDPSl/xRi8s6v
+Lqek+d/A5sixLs4R1EP/MvdEkQ8O95p9/noM3sgsIh/ulbvrrsWR5l7g9XU6moaB
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest5EE.pem
new file mode 100644
index 0000000000..86b197c22b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 10 D8 85 4A 0E B2 DE 50 07 79 D8 6E 26 09 C2 F3 C8 A8 D0 CE 
+    friendlyName: Invalid requireExplicitPolicy Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid requireExplicitPolicy EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subsubsubCARE2RE4
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTExMC8GA1UEAxMocmVxdWly
+ZUV4cGxpY2l0UG9saWN5NyBzdWJzdWJzdWJDQVJFMlJFNDAeFw0xMDAxMDEwODMw
+MDBaFw0zMDEyMzEwODMwMDBaMGsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMTswOQYDVQQDEzJJbnZhbGlkIHJlcXVpcmVFeHBs
+aWNpdFBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAOKog33tBMcvKLdCEtAS4Mehc0LTwRfbt/eJ49owA2W/
+KSzT9XiKoZ7t1s7MPh0NfAkOu2YOlqjt5BOSlzQbQ57h+/3lBdMXkNBT3YEAsrgo
+ADlhGA6CVOIxPuZs7z2x+ux8m8wB54ZXO8h7JFfj+YrIKkMoTvePMltatxlox76r
+TUK2LsXOZKbYZBkKZEqtIUudUcd50N/WTkxg5qE2Up9V4oXhdY369sF//7mMadZ5
+KDBqDmHC3q996y9CERPghc/sZQVaX6widPtlsI+SO74IBMwOX29eIroug7mbeE7L
+JFQc1KYaGyB+Po29y9l+l6C9mfWOHeMLKOCzBlexG58CAwEAAaNSMFAwHwYDVR0j
+BBgwFoAUeyxRYTEVrawsa6m+OzsYGpKqf0QwHQYDVR0OBBYEFLy7jwxuDW3P6K0Z
+wZCQ6vgkqxIEMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQsFAAOCAQEAjMJa
+DaSfZMbvgS2voQaA27koy3de4DX/dlI6a/QG0O2HHilgp3g1/G42thy90ewLvNse
+nkYf0tFM0Fhx3n6KwNTf1nItuwn2HwTIiw9jQ/ERwLqRzmnCor1fKf+maNGWqYg0
+vFmmrxVo897hX/0b9CFTpS+SP1RgMonaVnjkR4/sA79aJ49wUpdPkVZrmXOAaM8r
+MR8ryNohpRY8U2O5+S8MJZRKQEDyMFW0kXeC9Otngb2h4ORErh09DHI/xuGN15So
+90UadDApAMpCi3PijRNIKVcBpge8sAvXwR/iYX9ws8XNuJVkEGYQYJwLKU3t1NAA
+Ynvjy3YgibsBuUcfng==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 10 D8 85 4A 0E B2 DE 50 07 79 D8 6E 26 09 C2 F3 C8 A8 D0 CE 
+    friendlyName: Invalid requireExplicitPolicy Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9E632AC14FDE0912
+
+MZ7JO76n4gkNhZ/mbGaQ65kpwMvIaETRiu0Hv+ET579MVjVlGFccGFNNSYKVrISD
+c5xHwIYGp79eivhh6wFNdrTqgjVJMk0QGa35aNL5E528O9q4dT2awVoVgQm6huC8
+ajoQASr+lJttTVw+EFKiqlt5cVapnA/8bnx8I2vAZ3Jf7ZhmvlSD7rQgyRuDEid0
+otLv7u7TuBrBFOmjVSg6froikW9DwZxEMY1mjOyu1pSvOPZueAUN1KEsXMlCv9Uv
+k/U7mD04OqNJvbEZ5AF8viuqzfrDSwym9/XsjWIYhdH8fbFiDhYYaQhDfNwpxyCN
+JmWFUncY8qX2pG1ITr6hImn7xE91ZMK6WyUjQOgI4IvBMSD7OWQ9Ub5UqcO+8nx5
+tjij2bGB9crZ+CGrgpXeiYErVFsRSFayuC5sWGvyBHIbWsm24p7/DN8G9/VCuUbv
+0PQYbdmc0/HnpZHtlwtWGIn0RQXCSCefxl8y3OGFaL6QMPAq5rt3ZdidSFMvJ1QK
+iaZJsamlQdJjxHctGYr8ApLN0ZF3dyHB07aGXqektytsGx+1P5D6IfBPXhSD1u4U
+4rfyK8CBPXc9+hysiqcHVXRss/W/I+jC1mq1FvBSWCIXkZOrtzHMEfC9CiEO/pcg
+hG41fHZXdvBncGvnIcpJfG1NrlzbnVpGk3C63TeZH4U16956wgYoEFxc5GYVCIO3
+zcr/eL8STK9zNc4QuwZBuVKu66UjA5Jr/GKrGWB+2I5c06rfDc7qJO3Asgdm2BAX
+7J74WP+duNDMShd+l1IGeodhXsXZ1O4Ru05sUOVj/SmHG4Fxg8Alk/TuZI/OVqN8
+Rx4Zin/fbB+SAPNT6U0+LeLoHQizTPbzKpfp/0YnhExy7/tfTEMVvvG4CPNATjr6
+oeLjrrCPVSY0mABDO8sDFbcZhQUXvX8DTP61bJbSPgZ+oWtXSeihB0vUNn6aW3pr
+xl3+Nvo1Cs2PwbayJql2BEkarr2Fm4h+CM8s4FoaTErEVQlLVLTn8R9jRtQ9JQkR
+dR/S345k/GKtQajHzXz0YmzUveGsCp8TiEdIgkqf4uBS8ewCopsWtR7BJpyl70nF
+8m5ZfHljKTTpceRMD6kltQ4SM/TqqoTH5N3Nzm5GBdOR/R+wUS5XQiqoY4HqL3wa
+z62dZRfxed2GR/v5w1aX1rqHjpjXtMBdvrKbzeXtuajGd0L9FPEEBZ5Tj+ZdGjMg
+m3JvCz9bmHJEKzi72wUe+k3U+InbeaY3iHzOXDVrP7l7diQ78u4pHEge73QzsDVa
+nK5oXHe2bagyOlcbo8pBBb5WxtCmfHzSnwRthD1DeefP2MQ0pPuKiv5WACNQjTMc
+ATC8ll8X0rs7hICA6qU/4chWyE/qUUKvOf24p5geDLLH/ctO1gtawCWhq3pd56Hl
+gqw58zqhxtLktyMmhQ8VbCCeTCIoAcK/xpDbT8wpOpnHUg1KkoQacG0eAshzOliV
+TxmjLsVLdGIXEfrwrSzbyfOkIErWqfmknstkCtgRGCFhmd2/FwsOd89XyOEJwnbk
+E2vEyHbWiGT6I9rZpubfUUhEjiqLF+wpSVbHq+AUXS0Js6RM+yBljlkd8DEGXOoq
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/LongSerialNumberCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/LongSerialNumberCACert.pem
new file mode 100644
index 0000000000..ef687ce91e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/LongSerialNumberCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 10 2E BD 75 C4 D3 AF A1 57 B4 A1 7B 62 22 2C 50 8B 04 27 53 
+    friendlyName: Long Serial Number CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Long Serial Number CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBEjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FUxvbmcgU2VyaWFsIE51bWJlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMMaU0IdGR+wVMsv9u/acjIcUN1g1dlYOWamWDZgkiAuzZ2tQKzya2A4
+o5aK+otUElXuqmdqaid3NRyKkybkMdYEeFvK3Wi+CRgyeePBl8/SZNN3ZjPSsDXB
+bhHeCFu86s57lAbtlp/F5T//rHp1ZJeQBFm3YOQ9ffT35hX2qGST01hXhf0YCI8J
+fuCEQUj3SdUErJ9r5nntNi8r3pJfD2JBq1+fE8IO8jWImrxqNrF/3JEaQ3McJGLF
+aM+qIGz5MPUNBhdVxFBljfQrm/9A8N21SKeo6AnT0tRwuAysHgiXeItxd4Em5IW2
+4XJ+TzcC2CA3wy6zh+RrQCLPxeasDPECAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFAtjt0euwgcyG39v4zq46gv/12Sk
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAf1t2PGg+vHksl8WzT5PxQla3
+2E0dBOmg5QWahk7xffR2Uybkj1ZpIV4ljcMviVDXV2AUNpxbsp1gTYDKN9tuBcmX
+3YuHVbJDKlyp0ldFApGAfc85Yau02hoxTHQbuc2n2IC4BK7BHaklDivYUSML0kbj
+0+SF/RXCrCQnGJBiNl6uRtLTDWQLTu++9+RbDIloumrSZKG2IRdNSCMmKN/51Ogq
+BDr656aQEMq+770BJ7SOWKdErMniwoz2jF+8CPkftjvZDZh50ihhF3YciXpUMH1H
+dZ4uwQ2AZzoHtPElpilzQc1XeXUZJ8bEi3+xgRTdUHniOP6KeRjf/cFNN1FdfQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 10 2E BD 75 C4 D3 AF A1 57 B4 A1 7B 62 22 2C 50 8B 04 27 53 
+    friendlyName: Long Serial Number CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8B970C0D9EF0C68C
+
+NtlaPOCh6XgFj7iu0GphVsrjvOjyv44kO5ocxgpmnbUOgWBoPmIKdMqgydK5lgF+
+HRN/f9ZZZfSRE202wTZKfnxeIBNyUStlq0BzoMjhpDFnGGuwLVhhGDPjw9w5Yv14
+f6B3eAmloY7gwfItkDWIKY/PwTpYW+g7PJiLKfgfBE3kzx8/R1/Ifc4o5nYV8Bu+
+oGA0h0/ncUZrgnLuUuseCf1xvhwkIUTn1rO/uzJjE35FLKqrHCruPG1BroCQdn8b
+ZXidhDWfrVLGXih5V2zInWz33ejpZPxhtXcog4gX5k0MU60lStzhpIm/mY6z38Q2
+xywJMD3Mxq8vRWKW3nYvsfK8JZ/wLdE49s984tqE0RhP+mys/H6xAYLMTEmxjWt7
+3LvlO6QniNMytr/XZQm8yBUkRGhT2YwJf8wIESdZVfFKHA6YsmU5w+lt17UiS7X1
+hE6zA9543BrCrYYeI6sE0//+KbAPy5EUCAms8xaQhBequwUNteyvuEHofKgKJ4d0
+fzwsxRHJlPJrab504zOj2zLnJDX69pdMynQxhODQFsqBkUEDJae1E5ZzZhSLHdms
+Ul1uSew0/Z821vq9QiZ85oKss+3Up2adpk35DQmCrnlqTxGfDFubCQsAIta/T56h
+4tRfT6ySWz4HNprGeyhBLYGtabhKwxC2HmwolfgFzFvWMaKG7NfYT7f/5Qg6q1za
+zIWKUvNZyZw/Kz6BtFHRn2bR2uzgbC+nJg9YKl1FLETLJHOAUH67whNIU3Uy3Y4O
+idkGvIXH9HgLYnCoDx8SaLPUbmctyza6WABZAuHQMejRTKOe0so9xhBYLJMoDPKg
+TFiG+wGnLKtuqQYO3OePk+c2WDVTrV5toiNDIJXU+JqKZ/tF3JFthTPIE0Iz/leA
+8CC8zORjvKqbmHJwvS75yTuoQTZ0lSyx+o8Xd08b0QC6GkXE6tII/vco8TVgkmnk
+aBPDbDzFwl4vGQ5y7f/Ekmo1aW8NdLouiAGJsZL3aG4BVCuYre5KY04hGguzoqfD
+cHj4OfVrmCbEwxGjvTvUbWEK9OfZOzcvPC6eS6OfjRLXUZNsbFd/8DFLCim1Enyy
+rRuhdTDQjKdYxzXbpZxNXxp7Aua2RclUAPgbuZDo5B5QU1qjjyPXONeOBfltNJyC
+8LQFj0SSYCB2zMuv2lMfQdWC1Jm2MUgIzAoheke9nqO+AlT0aX5MABgpGwmrALAs
+evtEXaS3D48OvSoWZ7mCmEzgRBcIVqx+mCppHnVonYi/6wpIXI8YIsOLKjEJoghW
+P0dkHJk3ZGVRdb49c4nS8zT8hcQY5crFN4luTUcPyNlAXw0sLYrPqaJjE+JnYvCt
+EVTOAWvf1KNZGyU9/y6zquYcOCbs5gjjuG155t2xaLeoqYm5QgFV8GuC07vpj9yC
+DVNSST1PK1SZLhK9qENREHGf692wvq84rleBdxc9FQbV3uCOyo51Esat8yk2zsUF
+CdsjVmbdwNuVQk28cSSbztYfYjHigeyjRZcA9FPyXHXe9nG4SSurQt2Jbkz9nZ7t
+kDeg7Usr09wlYeoBeC2EaRuCgkiDTHWdcQeEl44S+gTX7ATO9bm2kg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Mapping1to2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Mapping1to2CACert.pem
new file mode 100644
index 0000000000..abf2cd6285
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Mapping1to2CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5A A1 7F 4B A2 41 76 28 19 72 F2 B7 8F 5D ED E9 67 77 8F 25 
+    friendlyName: Mapping 1to2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Mapping 1to2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIBMDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAMT
+D01hcHBpbmcgMXRvMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AOBrczl/53SePwB1Ub5qyWVoVLy1LCGwRkezm19LowdwFJkzJV0YgrlXpEd0TeBF
+Wn3ObRNqZmcPBkvF9rUrRCmuMIuT+164rh+U80zAXVVJgPoCIWwAHKFyskha0L5q
+3DjC+ZsIqZKajL/hQj4OmbKlvJuP0Ptd8Bjiy9bG7NgLohzt7BvI91rjKjFu98vC
+nFvXrpFbPMyeatLKJ/x0kgHfPRQLCOot4ojSkQmbD5MZNNplW4G/4iWFCAwwsk5y
+jA34AkwYIe6mcML4Te1wBGueM71iGaga0pPdLnzodPV5rr5+sjcKsW8yZ2C3jca1
+ui0v1oDcQ5BR0dlvomx/VHMCAwEAAaOBszCBsDAfBgNVHSMEGDAWgBTkfV/RXJWG
+CCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUmcV4acs9M3bCmaxE5bAO/rn028cwDgYD
+VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
+BTADAQH/MAwGA1UdJAQFMAOAAQAwJgYDVR0hAQH/BBwwGjAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMA0GCSqGSIb3DQEBCwUAA4IBAQCjpL09JCig5v+7S82FBPiu
+JTT1xgO/XBQqRIvDkfggs3F4HZCJR+XuQiloEGY/H86/laXVMy/dTj5t/Ojq+8cB
++T6jWzmNLTvjQkuIrLkzIQ15bce0+1EYnKEVVw+0BGMfsAObXsJGLDxmE1DYRUZi
+Bx+Ar5ZHwhTRXLNszYWSTXPR0oXfPly5YqFwnFWBAj4r0q6rUsIipcmIe1XuFMhY
+SFNJJNWzpTMS5ay817vhfMb0koA+fdM91hmONDOo8wbT8CDr5hWhss1FEbAqFheI
+RhYXLG7Mll5FWcfc7HbSU9+edq08W6aLsgXyupHF3SYrA0w0duk2l251GqwUgxx7
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5A A1 7F 4B A2 41 76 28 19 72 F2 B7 8F 5D ED E9 67 77 8F 25 
+    friendlyName: Mapping 1to2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A1DE75F64A796C44
+
+io90ydFJNbW1sRPZ/CFOPMxQpvArQVmRj71uG6GysSZD892WtIDO8O5+m8oekh31
+3cZJENDZiCGt9HwbN3+qTxTseghUcmYT/le0u5XJRVtKorFwX6HYHwJNutgZ0eL+
+B0U5mSXWK6DVrbuh/tne7K8ER0gr6sGiiArgPlXPWeHqnxa4J77jZWq6q61kBKOV
+jVbpu6uHHKSCLj/3NUNQcKNwSCf49JW2j+dXw0BrWh3WSoaNn8uUoZHCyEoDx62V
+qtRgJenl55dzu3MsrO2fRaThvYX9u6U/n4w+Q11KyboRfhlZ1c0hzq6egcsYJahn
+TSekKbyZtBdvcUbP0RkaP2z5mYxzOWlxgyxPHMaD1+DHzt3qXvdlVNelR5sXwXZy
+lIl4uz7/3LtVUe8Q1ksnyV+VZULxwzTKtJDocn+4Ha323HwWeQk4MwFkeW4V24Ts
+OtBsW0N+HHJMv5ceortjOafIBhMDeM+mWF/tKV/nOnjhzozweuoyOJDRca2LYJwe
+WGKbvp2pubirZl/u0dKR4MfzPJ2rAnQrJkeqG6H28z4JvUMgGzPPoyeL/9pvlk0u
+Juurr6DWX1WDp4ba1DyaqLV6xEU2txOV4ZjbGyTCrgoKOirRHKaLtF0DIA8AYB03
+xSPHEBgTrFodVOzAkfsTX9BMSQrYMWL1gy9V2u+lTpgszSKGaUnYnzv0ocwem7ew
+5A4B7ZziQmEEem4Gmo8Qed3hcPcdZYieAdw7ZddGgjBNqUSPlvR+4bgVT4oDc+Vi
+8o5zJG+itLP/c5ULLNeXM34hPYn/i//7jGBz4vrYd6T65vDo0wO6pUV8m/eFcM1j
+KAf/e8gM6J7TTp8UIvesX5PResiQ5vRr7CE0rPFPyjIRDV/lh+pgn6Z+hUseBvzV
+7n5HB2W4uRPjCnVPHQUDcFerElAZZUPqb7EEOWCbLDDsK7bfxKC0YGymhRSTPxPd
+5te10pFtV0N4JT4GTkebnOYHiHLeVOuhGszEL6FgT7XlM16E0ltMAzmfggEXpH01
+qcrxGUW1OJTIUiwfe3SWBw7Xf2+nrdfq4xH0id9NtNvEFJl/m6J5hgKyc1J02BVK
+KpvoJhg2jgO1FTrvKcAaERNHOxu1AEPWUdOS1zLvzAp9plSKY8wSFoviqiE0iQ8g
+DvcUr6uuhXPvFAYyvUI1YtCczZC4peg9fgqepFJhEYASD1Og3sLwKocq7wh2rb/6
+Gcgy4rX+gu7PUAlpTkEFN9GcNs/ZHW3/SCLeAFMTo4YzEDreBRi2TABCkY6ODy5B
+XD4PCNtnNPinvejnFzveG9I0k9djB3PpERBLAJ3NyIcmDspe0wG5qfrnU9F0DOwT
+uWDh8nzRETDkfBNmKbAPiP/DXI7ROnISoM5uvMH1bcNigmCk4/kbiXIfpQ/oXW6g
+OUnJfKwSjqTMcjH5QPpem8zowWfOYNAPWZZPI2i2UPPUx1D4u5eIybmKx9AkSfv0
+b4T+Awd5bj8G6AnayfrgCTsHJEomEkX/K77W5AZv6V/dIYYSJp2CDJx9LYuU5J38
+qX7PYlIKvvWrtLE6neylW9lPxXxWr2gOkUPUBwuRZqBbhN/5Ecvpnc57SDX57UKh
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingFromanyPolicyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingFromanyPolicyCACert.pem
new file mode 100644
index 0000000000..ccfbc36f75
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingFromanyPolicyCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 4F EF 0C 1F E1 01 8C D4 7E 71 BB CE 89 E1 6F C9 3D ED A9 F2 
+    friendlyName: Mapping From anyPolicy CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Mapping From anyPolicy CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDvTCCAqWgAwIBAgIBMzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GU1hcHBpbmcgRnJvbSBhbnlQb2xpY3kgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCrp6IDBPUKqlzfwBrwMM0/8mXKVyogMBl5xjRYIAzPCs0Mwv7R
+kEQbM1BIsYtbSJgsFJtldgS1u2yhYklqgcTsHZK7NrBL/QleugZcze2gunSlvAYW
+2qO6t9japmswZ5/8l2hTia0T7P7Nk9lcBbDi+HjNDRqZglalb/gXvfWnsWxOxAiS
+QY35dAnqxXl5KlkscU7uvsQubTBmNaQHsDrxoqSAXnMZG8dys1G3ET5Emp6FvYBZ
+LSYQqK2nWkL8xFIbbdureHpD1Af+HWFDTntlZzw1Vb2MXvmz0pYFdRGA75KD7SSp
+LEl5BiXwPLMF/UHmMZWhqVug0MlJ7mWl1UkzAgMBAAGjgaowgacwHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFGhzFOALNM9yQNqUltYV
+q3qkby6MMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MBEGA1UdIAQK
+MAgwBgYEVR0gADAgBgNVHSEBAf8EFjAUMBIGBFUdIAAGCmCGSAFlAwIBMAEwDwYD
+VR0kAQH/BAUwA4ABADANBgkqhkiG9w0BAQsFAAOCAQEACkuUlU5OLnBP9XTQLJdC
+4cZ2L1LbaCvAnUSD5ZU1UyDAPHcs+YsbjerZT1Alt/KqnVyD9pvkUuScevjjvLCy
+fSGq4slrV8mHUVBbMuumv5q+0Z4J2PFgNXIvdxHiIRFUq9A189ZiQkfUxSeRPUK4
+M3YmPO0iaeuS0SlAKIQ8a1dxNgm9ax8GOj+SQsx84FxED2wCR024sOajIHIPVvyh
+bWPQMQbdJVSuVULjsfuGDyMZyN6a0gR5uBQ1MXmsIVrnwAia0LTH7kjudgabGYa9
+MJkUVscZiu01jZBYfDqpaCN4MWkXCNvf9gksys7HoBvFlGyHm32/XiFrVKYufBkf
+iA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4F EF 0C 1F E1 01 8C D4 7E 71 BB CE 89 E1 6F C9 3D ED A9 F2 
+    friendlyName: Mapping From anyPolicy CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5C462AE8E9116220
+
+y+qcQ5rPSa/dw+OO+v0T3NcA/P8P29G7HJ0cOxdMp5gG8WsyH1eRcy7cxeQ+/qXG
+b0vOgpAOkrI5uVkZTHg4PkB4pP5bqOp5J4gvnDbQRpWFBTWzB/ojqzmBt+OQqSGy
+TeFD4ZyRTL0CLWFRX1EtLJKps+nb4qUaBGuIp1B1iBdo2S9r+saefCbDBM3MW3uG
+3Ji+Bb+ec7GfoW+C7OkU4+lD1AtT2lzFJer0kYH8idY3cYs7acgA9Ir2TVpBdAcV
+7RMk40w+kC8U7qJPauV3WwyoiTjy+ul95JSQWWaOEa4ZUbe3AO8y7tb7on6YQ0tO
+f73uAisqIV63+JsANtt3dWsRQI7WYKpKxZQwABz1jB1oLtpn3XrYsmeiyjW6YcOe
+pJBGRcwW5w/tMIrqtHqMDvN4y6gW29l/LLL7x6yDxDpqCSD8+7ojDwne3dA9lc6t
+wx7XoN5p2oEaGvhwtR2xXyC1rxownGC4LjVWmq/cgPbepZ1WGg1NgDHQTxoSdwmP
+jLQsXNRkNYYOkXZACG+q0aWeeqmqqYMacP1aUZnwF0E2R/isOGMprg5BNEpMM1AY
+rUhjiNPTaVkDkv4uSoGBVRuRYwKOv5pZB39ZsxywrDOuQgqAUzpfx+4FgZKTbQjG
+IqQoMCblsiDoywaqZjPMwFvV8gLYGgOg4MkF6Ba5uVkgWuyO2jSo9ZUmb/MoMeMN
+d/y7PszDQaQO3t4YtUprCD6eRuI5ni6U/jEWHzOirkQ6XZUekM0PEZuyEQNzQK3r
+qOl5hAfboXcQfrxmVL/tmri4R+022kkS5jylHuxg7vs6ADZalaAF238iybqlzAoL
+b24zqZXeKcM/w1F9FYHuVXThJn8ijJvKnWH59zT35sNjPqmnbc6rKxv0QKLoHkqd
+kP6Bzdwufq66PbEXXTZeVnc2gbWDmPywbEQY+WrnKuakdVNtdkczAm0C3tzS486U
+IQFQDG0ffs1AmyntosXmkePvjN4K5KHieMqFvy+tdYwboJBnsD/HnhcM01KaFv/0
+WULj2zQ3l9K4Wgt5p7nbo84CXL700mpadYbKNf0qVU0TBYaU6dnNDOCLs802B/R1
+9icOlaEBz/oGfqH5FLi3di+MAJOss/oXzfVlQ9zhrru864Mci8gKNN6WMuA9oAIy
+losEt512laXp+eAFtco/A51nH1RedJmj5EJV0RSgqhg29RiTDIE8UY1mWny/XM0T
+q3k4eSUHQFtIHUR3e9YvqbRIjqj0uM5J349uG4CirGStm3eCGUnTUL8ib/xi1PNJ
+sXDMOmdpZqbthOJQ2dWfaaMXhidUY4lAX+65wmFan+Jjd61nO5219mSqUZf5pF/I
+duLyTW/H6yC2AKYsnNWvlIfr/1vI4U0F4B3pVq0+xZDWoPxzQTZ6imU2KYgQDrOk
+cYw47YIe5iaos+Dnwk9L+zWVCG3nA3HKABakASOD6F9XfFKzlnmKhCB815aBNMq1
+54hlSzUQpYW4KJkFN2N0ujEkZpcfeR1CmaGwMmqMjm6MbEcU1hAKRf+H9FlxXFHb
+n5SophPEWRRVhjuYHePYIzBHkvBVGJvYT/0V3snUt5uUB7NSEoPpCwhsfzLUO27T
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingToanyPolicyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingToanyPolicyCACert.pem
new file mode 100644
index 0000000000..04b48d919e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingToanyPolicyCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 38 6C D7 9D 70 F8 85 14 A2 EB 28 F0 B1 C8 BC 6A 6A 7A 18 CF 
+    friendlyName: Mapping To anyPolicy CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Mapping To anyPolicy CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBNDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIDAeBgNVBAMT
+F01hcHBpbmcgVG8gYW55UG9saWN5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEA7l+P4Iahif8g4OYCYpPVwbmJqrG0fnDR/oNBlVnC10F/uJiYK6a1
+7tCVcPXTHeD3N1XtvviZzr4hPny+F8DoVAyYsBQPn5pQ9YchgrsnMfuTmp6NGGt+
+4kTW2K97AwgH+cRwm4/5xZgsKZS4dUVSySds2Vl1tLxK7DH1nrjSvieDO1k6h6Pi
+fHZ/nfVI0CrPP+jwrPdUllp9lNv6IyrwO4gAEWUzVhwuqnEErKDA7FDLCMS/MG5I
+3rWJ+1UMN32/IZlRj7b97Obe5vmXUtcnVOPTtmKPF7Crctq9EnAxOz7aZObY6qAY
+6OJvaNCLA1YhHxNvSACVm6UdXaMeyodR3QIDAQABo4GwMIGtMB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQULO2T8R4acBWUiy2TtJjS
+twUIrDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wIAYDVR0hAQH/BBYwFDASBgpghkgBZQMCATABBgRVHSAA
+MA8GA1UdJAEB/wQFMAOAAQAwDQYJKoZIhvcNAQELBQADggEBADHu2GnJgEBdzRt+
+PSfkyzvActmVetZktEWh3fysA8LTQI0lPBN4us1QKw61o9KtO+ssVs83d3OF5l3X
+vkO4ilHyvT6Hz8bH5pXskMmXqYubrJI3lQjn58GohHNyCUDS8bYRDLe1Twz/t8VG
+hLyiQwNQknc/8h6q/oQuilB794AHTDP84np7rsT24X93LOTxQoEdZXhB0gvBK8FE
+j37F12ObeB/3fKRCW0kYo4leBgcPw5G7jm6z6nljCgvn62LBosINe6f4Gy++CLHc
+TVW3OsNOIrgSBqrZr0JfAwykOWfqJGCfOQGcOIP+MyFkGHL6jrS8WnLoM/b4I5a6
+NOBfmzU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 38 6C D7 9D 70 F8 85 14 A2 EB 28 F0 B1 C8 BC 6A 6A 7A 18 CF 
+    friendlyName: Mapping To anyPolicy CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3BFE1C8E0764811D
+
+FbLyNuu6zBe/eE8YLhTU2LyHAk12hF/DcPR++oUr1y+YQkRES6ciZ+M2VROJ3oZ1
+9AaUZqvlXcFX1G+/p1YBmDXQzsepmxS4Ofuw44ZuxWzJZCFWFz8zHQRiWqgRMYAc
+k/WNEKvVjRBZHzsCf2mkyry8bdyVJqWjeh2j731ERus28W1LdZC01H6uHYIcdO6N
+/Fe/tTzi1uqCwsNqGjqKcBzVJdXiOgKKygn/4eZDZ+OhvaTLbqsE3WbrrZij1LKJ
+s7brfzBlHIBxR8FiB8h27QQrKjyU7uB08V0dijq3u4sckOd9TzCcGx3GQ+IFLj0R
+Cxu77Hgh6btFAZYUFvxx/eFLF5Z8KQUqDDADfHnreJvu+cVcqdvG9HtBTA1kb1In
+gSbjuGa10I3JxyTGRbjj7MCCKRIy7DVow8qO+0Rbq8bfjBOdUk+dz8hgMvW4wCS4
+toJI8+kAAuQlEjnwGR5YOITvIBjrN+gauOv0yNx9bQM+pdoSfjMb/1f1Y3b6WPbN
+yoWILudv8zFay7hPWk/8MOpEgHUWRyELwLSgTzSSITFDoBziJqcrI+fHgX2jK3+8
+MdTlpvc0G6xkxTdocvmH3+bhba1bJqDFqMiwrG66dqUcYRrVZN2ee6rjj98nNHMs
+tUyfYSpusV82gTjH9p7daoUYPRHwjCm2NUrbAxd3w3uZYEIinanY8GHJjD6PqEBs
+Lwf/Ciq3y5bpn11pg5OzaCUq60nugEjGqU+nN3D/1rntyME0/o7e7GBc3BzQvuLi
+9sW4rh07vq0acZWVi6msm82WYUfgNj37859rlBYGaIV8GnUkl4wC+MvAEO/Bctkd
+ztKiS1g45xLOx+BYTLfs7u+vrVRR9P8hENtq369c7FNayjeSb+FXrQCWNYuqox1m
+hyIhg2o85x35bV+i0DTFru0WoAi2Zj7Ors8gmD1jCx/kiLGHcxb3egNZlJFSDExV
+2N4DsqHrneydplgiVtSat+COB3vUoIvSkBacnDi56YxNWsS/YTryFY0gy6P2daAj
+2jiToALSwfCkcUnwzEsbxV7+NbKi5wt/H/zK5yK2IbJszepwLLqSycZTLPfm1yK3
+aZv+57kL8urATlsCxMKSEDgCuGGQymDA70nKomK+YgW9RQo0+ugNHL1HllA+mnEf
+u9XyYhFDK44caO1TiiWEN30SUJuAOBfsL5sos3Qnagf80Oq9ermxmGUIgzA4FljO
+oQShwiSMMHS0lvqXWG1Aj0WnyF1qTCXgzEV8TK1J6RUuhVp07KY9PsPQ9pK8Zgt6
+ixgxpIF6KVqsRagHe4NN98YBdvXMGdDaOHQ5Y74zJJ2vB6JJmk8KM19pAvcdSBBf
+DnVBq2AxYeT6L9Upzfn2inHT9DBpX2VrtmesJHu8AAvMwpdEqF4s0JFWUtINADML
+hP2YGzy7qWUGn7g8ljV+nBLPvn901TibOkurmAZEnafMl5WcirhEjgqdsyyOX6HZ
+F/eLPKgiDE10D8I1KiCvBblZxo9Fr30fRYBU8W9dqHKhOjxWiUeYYpSMASH8PMHk
++A9JmoZe3p2K8i5OiBmUG8Wp1qNqquwU3uJQerRHQWiF9F6um9gc4Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingCRLTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingCRLTest1.pem
deleted file mode 100644
index fcad66a5a3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingCRLTest1.pem
+++ /dev/null
@@ -1,76 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=No CRL CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbzCCAdigAwIBAgIBBzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMD0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczESMBAGA1UEAxMJTm8gQ1JMIENB
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvjr78zG/GobZnKabi/siuJQm7
-6k5APCdB3g3SJzzlYR3ivCQg+7i1pEFgHqLLPTEHOCHunC5EedZUGzUGQX0sXAxr
-KYeCqLS/s0+saOR0HBk/YsOaCwW7v6yBHA3s2XrtK8N4qJg6LdZaGEjUefMfUM7p
-iVQQPpw3uAQmZuYf7wIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA8
-6pq8h/9J6jAdBgNVHQ4EFgQUB6jzF5xOAmiWRcwRmAF9yHg/9SQwDgYDVR0PAQH/
-BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/
-MA0GCSqGSIb3DQEBBQUAA4GBAAWDjIUq/V6y1p4vxO+A1xdmmM8c6yRveH2Lq2CM
-OwmpClTYfhLpqkWwm3WSXd2VvjiPUTgTC5y7EquFuZCCZkgLDVvUW9VplIm3a6I6
-dgZiOZDqnXZ5rC+CHGSszfdDo8gwjJ+vA8AV/CNSGNkkbo/ZQ1n7Ppm8dW/bS+8k
-anSO
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Missing CRL EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=No CRL CA
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEjAQBgNVBAMTCU5vIENSTCBDQTAe
-Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFwxCzAJBgNVBAYTAlVTMRow
-GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczExMC8GA1UEAxMoSW52YWxpZCBNaXNz
-aW5nIENSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAz8OlGINaG0uEl2RAD7DtTn54qLrlCtUbCKs3O1dr9nEDDohfVU5x
-nLweQfR/m7b9F17BzhHcxFYjfRh26aj4eOQcxHrpBfNMj6U87coAeJ4ERn7okfqM
-lcGlHWS/Wh48iiZvnCvg4jeHhSktwMppTGKIBKmJ2S0L4yKNYCjZ32MCAwEAAaNr
-MGkwHwYDVR0jBBgwFoAUB6jzF5xOAmiWRcwRmAF9yHg/9SQwHQYDVR0OBBYEFJYM
-oy9aXt4kJDgRNj4KDS29NtDXMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAlNJLCSyrRZNUza9eL2Jc6eFS
-bjriRrz8ryND+rn0dnsceIVrXVApplWnVwUjfm8fjOZlNOLM4snxmzRJ+FyTR6z5
-u9nK9TAEkMrGo/NinCET2Y5v4mtxj0E6hJOIaFxfkZoj1mz8BvOYgiEIYxAK65lA
-BNDlWIYdh16AIUEZNAY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingbasicConstraintsCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingbasicConstraintsCACert.pem
new file mode 100644
index 0000000000..1988c209ec
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingbasicConstraintsCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 55 C5 ED 9E FA 09 D0 48 D5 76 97 A4 74 1F B7 33 BF ED AB F1 
+    friendlyName: Missing basicConstraints CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Missing basicConstraints CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDfzCCAmegAwIBAgIBFjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJDAiBgNVBAMT
+G01pc3NpbmcgYmFzaWNDb25zdHJhaW50cyBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALRWdlqDlLWqsR0om+sJgmRxE4QNnMkpzFQdkA65CXM2PzK9
++8cj6UqaHsEvMktB77yHztk2GhmEkrd/i6EAJNjxwBjAq1X0OhcFG4e0llZk1JaH
+50eCwZJ0OG92PZYAQ2l0d99/SvUTSEpZ6v/PmXDIiSS3vtGN+Kfbpw4S+3DMTduC
+vBjx6ibgsBYd68b4Oo0T+gYkKx2v+UZ8n8cV5WjVP0/Uy4tiQIU4MXUeNjZ4UKat
+zRadXVq5mGEK4tmP7RGn+5J+vukGq5TB/hg1+PvzY0QQ6TOLruuLhtGEwbTDZkz1
+uwiUqE7C4NALqABdICfwJonm3gjliEENTC8L9zMCAwEAAaNrMGkwHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFDBWvBURjU/GJsa1nKFw
+ktL5Tw15MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAOBgNVHQ8BAf8EBAMCAQYw
+DQYJKoZIhvcNAQELBQADggEBAFgnHD7Mz1Gz+3SEuPsr7PgtjvAo5hnRZHgvlAAE
+X+usbcykRvVsgwp+d2SZPgybcYQ6g1CwGtNS9/dEHvoLXe37lkBr3kmE2/kEdjZi
+IHEU1Oh9thXs0X+Eg9m3JJ8ZI0iLuWpQd7xHA+riTlJ46SLE1d1xGHPSwAxRi3fk
+US7X8DAxejxjGixWGF988Ib3NqMMwx2Jcs5pf3u8kUiulP/kyK/+jtiDfCIxIJLw
+IaoFs5osPraKaE5IvvDrSvM0k5yBs+9ZU2WMNoMSzzY3+jy5+OETQPszItgXQ40W
+Jt2Cxs8ZzBFnuym9UsD9m6IXe38eiJOoP2ruwmFn6uaNPak=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 55 C5 ED 9E FA 09 D0 48 D5 76 97 A4 74 1F B7 33 BF ED AB F1 
+    friendlyName: Missing basicConstraints CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CAD484F46827A5BA
+
+viFe9mUnjZ5hxyfbi5pxNHOaVC+aiCJ7Yn2fjmxZ+NcjLb2Ccv/cVdMpSO0Soe/o
+vVl2botOROQMXAwibrL30AUf1rsN29C2e3SD9DOB/FLQpq9jJ9ZS4cktDK3phCeh
+MPsxjxUdlE8Zmhos36bypL5mhIaG0wmF6Fuz66y8rhpAj8zl8yNGL6DqNw6JgpvS
+E2i+FZ+E3CB05W6WSjOQOFexPNnWBbkjyeXrFTB30DJ7BjcVhjfek1+tItF7hYIA
+qhUFXT2kur8WV/R5J0bzXlRaK1s4kj4m1VFcmINHYiSbUsExpPWccRmFv3Qbc1tu
+/NhVdjbsnc/BI4FyTdW/sio31VviXjewVWIXxhCeqr7QRqCCluM0HeAEqZFPS6jf
+3F7p1VIxqgz9ibeJ0JyyYtRgroK6iYkVfqCSiCoWh6aJ7/pBPLGmCIIEppbEQKGp
+NBQIRzpOoKTLrzuOlGypLyoTTqAASnNNofgStH5gy+tFTAWl/sKGc1KLFht6hn4z
+XvkMdDYi60zV43nxLlneq5JudABiuC1of7SJCdAbDqN9+oUr0H+3vjDpwgufLvfA
+QVdhT9WhJZg+KLY4drqbuBHEbYQGA+CNwQvXW4CddP85kC0gEBF2pl1FsXrKTA34
+GrRn7K4vJDsb8tRP0wuOAFj0wuKwbuY4y8lBBbaNhJtiosR9ZBacIwG9yh++6dVn
+6lLzJczCF9zQOaSTtNZAPrfQo0u7ldmhBPoR67QOkg0zI1YwRJF8Y5BOI/0dSdet
+CyNhM5bGaQgq/wdi0i4l1UM66I2SIO/agRYVFZdohE/3VzKFZZNvFtDXSTNqaGqo
+GHhp7Ke/rJKoAWx2TcdgKjPDAMBtmgINrWCaGrjt9LDDVsrhE8hIki8vEzKGgUCF
+nmlzPqUIcT6OkOhmBZhW2UqzZAyYmltMq23MpB+xn8UPoYVV3hKohT7batN/mvqg
+4CaLA2vfYomCXE1To+OjqeuqpbSxVljjywPT0N4Mii2yWq4B/f29qWL8cxMl2mWM
+/h5H2SoO8FOr3Hdc/IrSH1fsJ9CUNL8YUKHgBts5B+K653uUy0qubV33OeqXC2Cu
+NlYxiGqkDhO5mi9Tuw1YXLNgXipxqiANOLPZOoaeCP5spOQgnpQR3pxlrxTOw7qR
+wbH+VSRBhtABMDcJsadDLnGTWUnPR1q86ehqpo6XfipZMg1gGnbmN6PNthRWVmtk
+ZPUhekPCWFZnBS4obeFDw4ZRjnbFN8qPE7uHZ0VL+qO1rOoGX6p/2a97l9nJTACh
+anm3AOPE/vWURJsQ8Zc54LLhPJvTQtSoxt+49Xv0oitiz4AB5d23XlQ4IZ+avY7j
+Y5ZXuQpQKdnZeG9eS86aiHcBJ3Fvwt/gVVIu3i/jRrNU8Fk2WyyaJ3epwII8wgC+
+A58NcMf6HxHb8NXufZOGWwUePr/VQxcS5EXBXbFnp9tQynzKS4qUAV4QIhb2Pv4V
+OwL0p3VD5tGlLYj7IWAe7tJcf3u0q+hpzuc5DalbQ08NMZv2vuXjfvQ0ASaQ7nVq
+Sjm8fxoY1CIImWqq3Atuo3Mv8yyx2OvQgp9YWSm7fn0HcSg5Iy+eZg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NameOrderingCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NameOrderingCACert.pem
new file mode 100644
index 0000000000..224d33f30a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NameOrderingCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: D4 8E 43 5F 00 56 32 DA 2A 07 B9 D2 67 E4 66 E7 F2 5E 16 8B 
+    friendlyName: Name Ordering CA Cert
+subject=/C=US/O=Test Certificates 2011/OU=Organizational Unit Name 1/OU=Organizational Unit Name 2/CN=Name Ordering CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID0DCCArigAwIBAgIBBjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgZMxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSMwIQYDVQQL
+ExpPcmdhbml6YXRpb25hbCBVbml0IE5hbWUgMTEjMCEGA1UECxMaT3JnYW5pemF0
+aW9uYWwgVW5pdCBOYW1lIDIxGTAXBgNVBAMTEE5hbWUgT3JkZXJpbmcgQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4Izk2uos/TlxMQIzTb0CugRjW
+JZgTFHdIYxEN2K6eCpfTkU3yFaIIsqC84Jwc6sCT/uroouCtnBsDvoMw9ExsfX/0
+wBKiXYZ0WmpD+cqNCmXJObrxsw3qs7fb55J9b+4sKMyBPea4hwOwpSpdnk/d9oY/
+QqBac09/+bqQZi4gSM2MdNweomR8fzh8B1IgNwuObNH30EuuNpjjQfwdfPt53HDH
+DlHAVDQgT3/2wrj/kWCXYeairC/r4IZFmCGPfWpwdFBy3SXV14yqG3rzAnOYoTvQ
+qHIhOyj450InVnCJc3f2tP157JEejY3KxxtFT7JCb232thWZz0FduNKKx1IrAgMB
+AAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQW
+BBS/SouBm02MFDGMW+nM3S/oeRJRUDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBAB1RfNIX2NAP+HC88I5JhXw8wDo9r7T051XcB+KVhbUfK7sKE9WXOq8hxsyQ
+b6XaSwDMIlbxWNAeSl/8O7UGQ36IWepI047Y6wCLMGsOINtB5FGzPsg27mgS8txc
+80Y8yyxNrGrztJJOPEjyw0fyfW56Vyjee2z96/5ETtJJMFkr1JnbITqdrXL1+cxJ
+TH9KgJVXFNjr2vAzB4aV0lHcd1JRpfTCB7nRt+ALRqjfyUJze5NI8TN7DseNgGbx
+UBD42AlUMC6aHyTWNytAsUabonJefRatkLzY6BpJ0Ewe8d2ztqIhkYGezCb+IXJL
+m6bBRwtJ5KXTL3kz3toqdTJedcg=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D4 8E 43 5F 00 56 32 DA 2A 07 B9 D2 67 E4 66 E7 F2 5E 16 8B 
+    friendlyName: Name Ordering CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AB3687F56B28B052
+
+2iZ4LeDKI88jUnITK4gw5o/dan2J/GfMGlCirQz8rITqLgUMBGwGqPJhnnwIFfQU
+7r+0RkFP4a4ty5B40YPAIRPBkNQ1boeabw+JaQORugzpBBowS9Gfm/PiZz/7PeQ7
+gcKcoaUKRySd5dosqBh6+u7a4b8YhI5xNKthXU1tmteUr6lwvxmBnMDu6rZf4f2S
+cB17apju088XOPi1blqwXIjnD4Jm167TkAhF47pMjJLyHx/oseURjKglQBHCkMfE
+lV+hySV+0lAA2QK8v1eRSmr+OaQI0lYDKBhsUqKHcNq3qqzgxF4om/RMvCpS/CXJ
+U7VPhnqgSn4HEhv7o5xJ5I+Hlhdq01WahzRoa7793oK+SPPoJaGcrK3659nhBURO
+AKBw/3royll2lldWZM6Q9hiJnYCgaeSxgI2R90zjn9m2vpP0+Lx2QLcKHf1fZLZs
+Z4sH6L61DW/hGpRJxdtG4ZHaec/0+Wwm9RQ+yOXPiyPpBa5wjCogkdis1Uv9tbak
+PJkwsAEAagdBU8W9NbH++yxyW8EB/2FA9WaY+qNWuax4hIMs22E9G1WUJwBQs4S1
+SZRDmTEPjGG/oBfTVwu3huxO81zMB1E4Be4gIwYb0hfLyDsDVPEbceKh5BHpGeJZ
+2zQeQy9bKogl29NHz/eov3QomKYvztGGK+jQW0nz4tzcQa8xEPkhmLetuM8iDsHT
+RGN2aD4Qgch8dPhpjyvINDa+MkwlxhkYvqp2HN7yOqvrdGA0YVFcW4m5oxYqOoEH
+Z9Og6qRoqMU1Jet8t9ko8Q9PnlJoO/vi5+BF0vzgBw76W7r0uE5Bk3QZlasS8BRV
+AxQjp4TZKTGdLWkxs9ZUD+JfPxPve+yKerO8px2XsNpBVzGw3iaCS2AMglvjp0qw
+l/cKD6LjyGuvYGK8dtN0Iz430f4vno5V+kLoFJfpF0fo3Dn+l3yvcsmco6Xt9+wU
+fYzVJllK4YSLC7C/LnX8Kr8pg+TC/oTw44MBdau9WKBwzjr40LaKA2HDWznaBTlg
++6UCybDdKkeD7PvBaWBPgqd/VR/6xc7v0Ecl51vs/TyE483aN/9YToq5dqBahf4O
++eRDzAmIY6JJ/GN1thT04/6WTjV9NS5rXPvO1VoYD2uumeLRxK6GYXI86G5ji8sN
+wbXl5kEUydTKJ9xsjTaLGvuhdPaXI9PXaC0+Ki6SGua75fxZIMrlUWBeywpE01As
+XfFCfjg4CXIeUR04aZ4nByU5cEhNRmm/X002c+NjiuPjNnk1XCag/6n7YKwUHvmW
+eeRZPu8jss2gR0tlgkR5IRYwO8yXJ6eXyFO5kbkeDKz6NngLj2z/Vo9CVxMOZc2O
+vLkHFyNG65i4kYm8f21X1SIimE9T+gGcpCdaePgfcVWxbejm7gIXY9zJBhpDsh+2
+GNXtBP0AtPGhG8avfUNgZb6plFGLfwIJ9+4bNgJ6tZ1dY5jLhrPKVflDmMo7JYmU
+uXpasIL6VKuNESYUxWACkVkGoaJB5NQUWgYHpb2N+KMbGCk487WMljNDaWDinPOH
+m4MGCthMhcQBcuuS21TWknSZ39RRuhDdPCJjWuDgNf/a9Kog8EbmXUFNv2kdpQmw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NegativeSerialNumberCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NegativeSerialNumberCACert.pem
new file mode 100644
index 0000000000..bd925b26ee
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NegativeSerialNumberCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F8 03 7F 04 4F E2 C0 0C F3 2B AD 63 AC 0F F8 69 BD BA A9 57 
+    friendlyName: Negative Serial Number CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Negative Serial Number CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIBETANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GU5lZ2F0aXZlIFNlcmlhbCBOdW1iZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCWz7ZliC4aPKhAsBsy0znZfbesj2UveREHH7BiOb9L3Q0rUODt
+VnQSmWVBb3GPz4kXejT51ad01LDy75YHWFSlSWSAEQC79MaawyiUj4gEPxDLx+fY
+INJNmJb7hQpze4e6sQwgYOMm0Z2c16wCsAzu2P23KMEFWn6hVQWj9NzNjdYSqkBK
+L+nOnnEERNWfsTjNJHiU8TPY4tDxyw6N89LDr4ulAYq8NcZp97PCt7KyqXFQrjBZ
+7saXv1faM8FMvCZOuQg2+SIYghpsqceDQLxO/2iNlmMASaQFBftLI4dVpimRp859
+cdHNPA2o5q26AhV5ib7qjlt4qHx5H2xQ9wq3AgMBAAGjfDB6MB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRi5C41xg/F6JHQC8GN3rav
+2ojZPzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAJgEmVAdEqm2wNErb2/
+Xj9gaOMaWrHhj/4vxtssSnwO1B/T3eq6nDngatSbtjItO1M9UNPX/tgSrXzHmURo
+Zoiq2tURPwiwWsYaGuvNLcZNAY7aTxLWNP+x6B33CJF3TRZVPskQcb/Zm+M6kM43
+fCpOe7i0Lf0C6nz4Zdg+Ej6G2/95STC+vkMzH+LeHtPeMKL0tCzTQMljsYVd3hzg
+c6TNjzsuY1IiD2SQYBAJ/IITEFELXqhojiNjFEX4XaDuD43gVe8DjX5PbXXVHme6
+QkDj8QytkxKpnhaibzxmTjhpDIDlBtnAIbJ8mcet3LAFgeCa7/qbzB2iAaRfYoMm
+ejY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F8 03 7F 04 4F E2 C0 0C F3 2B AD 63 AC 0F F8 69 BD BA A9 57 
+    friendlyName: Negative Serial Number CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,96779EBEB0E22806
+
+EbKe+X6uUHMQYjFUN313rKUnO7IK8mf9gKaxIWDUK2qszyI4cbYMTFE+xsH76/3R
+GYf6czYV9ZQPKY6nUeP0jyPfHR6I/cB4P3e6hxIm5tuiUedsIwjiJbaCm37HgeLV
+VNV8gHgrSFoiX6hOfC/l7pzm3M48ht2gEqvdjaVljZG7B/NIP35t2kr/SOxTZtTD
+bVrL0UjnMOaLlslK+oakoCbvmo3J58IRq+IoTnjzWCYRr2bOZ4yrdbC2eYGEIWfi
+0Hm8vTIuRXuf+BCydgdP3Zpp1Zk0shY4kAQc9ublN7ZeDExHVX49klWrBGn12B+G
+e/DraPK6GY4u9s/GdY5WygSe60k75c83U3xidMrj7QCT2PA8B1Lh6mCc1Omb7ErS
+OhMWtAbAIyWIwTDK9AOieLm4e/QdD2PsE54QvZ8rYQC3S5fsYbAH8yGThJ6Ma64m
+sEYHxxAfD2koJYkt814ygDuGdtDiPtZ3WXU2Maa+8KvCx83q2G2gTahz8q9+yr+T
+YqY1SAt6W3isic+vrjVz4vjai+RdPVkHybhvHlTx0Xc9+fnBdBcNFq0lRKM4Onq5
+Ls1Xi+LXkYp8cX5iBt9LbENA4e1GxdfiGIjpHVa2Ogv8BLsHYv8nWteVjCzimJz5
+w1cWC/W8P162E+2wIdefq/+hJlsdzjFLvsOqG2x2koVvs4TxgiaGLnJ4HQ7FhhJx
+cpcpalc2pZUosyibuEI6EwazNV4WvyJiXdE5LLml2mAzOLntHDpx+I/eqH2DbTnS
+vNjzWUaUz83dhDKo5aoViXJIqxrAZO+0fkHL8o6MR/EamJfypHbioxTqWZaI/Avi
+eFeQXZOXvfNqMFAAW0Bjsn5KgOfPJfM2m7f7960mPlpWRrYfOso81UyJsXlbaChy
+fDyYLWyKnOEuQpSp1JU6Odu4Lk0pC/IrLyzVWpm4MvIF2XGr1LrY1GFCrqPUwy4S
+VF6fX6Uf1VX5jTiakQHRJdRiQTgjUSq7o8AIGFLVKEpVFhGc9EQ3gLXsmqxIleks
+vw694zpx1j2MVkUfOUMg7SYGrv2syQmZ6xvxi5pJ37j0JZsuws1WJKeb1CS0M4ut
+mW/g0/6lGjOIFuZ+JzaR1YyJ69rO398sFIcdfp0GqGFNaVkhsIfdw2tZFvaxRvoz
+7TQaQgZS41Ln49sll+29qqcE1rlLeW4XmPGCK/4tUsNuyo8XCcMTTbUS4xzeu15p
+p4WXfjt6vvZ7OXQJzUqtC9jIq00LxCvNph94XyXEROKbkxgAVs2YlL36DKtq3UI/
+Vat5D7ELfGB1FopELgcgsFbhjsAjPYQ+qb/ODK1iMfR7M2dRtHf2AiShMhAgAmCf
+YZ0vbs7m9f5ZYlAaYuzZQF4GpCEGS9iwWrZd6zHMHBPWfS8n44wTo+A/jWPfJ87l
+FA6NYFgd24XJ8hYZVptrRK1yuAZ43sQ7vuFvhH/TK7xmM8pCXpUn4Ec+0RbI4E0K
+p1sXCOZhTwYzP2oG7NrpHyCpDILgO0HzrP1pQA9Yh2GePVaUbq7DP4XVq87qvD2G
+UbUGx1W8S+1EIi3ODMssb3KVouRAYIXFddyeQuy256kBnzVZlEjLnQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoCRLCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoCRLCACert.pem
new file mode 100644
index 0000000000..fea0a3ece4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoCRLCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 6B 47 2A 56 0C E5 3E 2C E4 6E 52 8E 30 60 15 42 EC E3 73 67 
+    friendlyName: No CRL CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=No CRL CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDfjCCAmagAwIBAgIBBzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowQjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExEjAQBgNVBAMT
+CU5vIENSTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPK+0hcf
+DWQf4Y/xcch0tBEFy8majp1UWEluOQmlE8rVt2weoWdZfaBF1cN0+brVFt0Z4U/q
+XqdQBA/PvV1yBYBlsgbgCPcJ0+Q8eeWESeKlt/TXoUl35JeNhz1qc1YpQsce78O6
+Qm0F73tvYD6hD/EFwgYqu3uAl2S6pCRNTDkhCBrRXcsjKZ071/pN+Raoll8StUli
+SiIgn/YHeIs/C/fQKVdAH7ZEq6fLfj+HPQLlRSzWGOXAqyca3Nq3nf74dbxWH15X
+RuESMGcIwaduE+26VSZcmWYpEKdR92GOE/X+WSGiU0DmR98pXoiw1MSip8A/QQC5
+WjIwZDIqN5k2h3sCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+dbZl
+p9ldqGYwHQYDVR0OBBYEFG6uRdP5/cyueml//bgG0kwH7AIWMA4GA1UdDwEB/wQE
+AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
+BgkqhkiG9w0BAQsFAAOCAQEAZ9m1wxVMGI0gYbsb28QvULx/Djy/zn5HsopaKobl
+UPHmmEe0LNUvqb4+3kqrKv8uWF9u5os56WdochV6SXaz17Yr6tmB7JeM/IL6VyqV
+Mqd5UNliAPjnIbO5i/wFXMd7jZwmAuZU7l4Uj2IEKyNJcBbgfD4TJZxtFVVtTCo+
+dSVYAO1ZjWpS772MXKmWqVeUpF23OPzAOEa8e7IR8l9zfHMlmohBxKyGTUvuwprn
++TS4ZVXrjjAHNz41aRzX+RYAUuNDHpWtFkuCpcU6FzcuzL76F9l0gRGd7onaT8SX
+ny3QlPHZQLJkgOVbsvn+eIixTzbZAI61iRjySWWbUguOCw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6B 47 2A 56 0C E5 3E 2C E4 6E 52 8E 30 60 15 42 EC E3 73 67 
+    friendlyName: No CRL CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DC8376C0C95A435A
+
+n5BynILbtVbjzjbIfMjuMhFd06AsiRtmpmyp6bZSbu7vvGiIhiuUkxiYNZz14jJT
+QdfuD9hP2f85Td0mS5WVN4lXQpcrjQVpc3CiPF6slTQc7bv6EXfv8v0vV/5OV5Z6
+2YfmDkN273p4ytcRLJSYhMzntFKcIQ2F4wdPRsarcy1KqcJsSgneG0B920HXKi4p
+PoDdbSuJsCKVhNxJV/Lhf/53oVP0IEW/H0Q8NTXBBL9x/xLUVzuFM8gLMacoKISO
+MvOmWNv9J/TPp5kLWP6wtaZV4TKhYWB6gfn5x72L4QjHAOOPLtr/4oRUwXZq8enJ
+ixlZa7NczJrsopDvGUOWOSiYcqeRjgoUSOYC2hCGmzV7dBwxuAhETHXN2biXyBSb
+54Ruyswrzx9jTYbosVCng5I2tk+USx7dOiCaOD7PQ37uFycOFXpc9/i/X1brB26W
++176CGKu2JFxI8V/1ZQvAYUShF6YTD0pTnn8CYpuoHwiXVM2ofVES9BVGnt/JiRa
+jUEqr0d2tRICjU5w51I2H7cwEbOR7XEUONRthu3x1EJDxEF1ME3ziu3J0sF6gnzu
+kdzgUPv7WrjKe0mwtjPvEb+MN736hodRGrt6dROvq2GMDng0JHI+PBu4xpl0YSdS
+BjMDg2AFcpo4vKC+5qcHlvyhvNlTjjjackf4bw87KB4RV1XZaWBw5MyUhqdvKH58
+3yFXybTGN75fZKuAjkRYMXnFJvwm/DK0PmUcV4Fgt44lVGeYfbJJj4q9vjRWFZdJ
+WmBzAtLa02qEaRZfMIfIn+7/G/dPjb4lVb/YAfM0hWn+oXI1YnVLw+YIO9TLL8o4
+R65IgFBYsrr7YJ0JKjmnONsXrukoU2YvDEuZSffjIE373Go1kTKmPr8O/mJSqWq6
+q61jmjMt72lk785b4daESIICYeCR6fe5vm1uSDrC6AZCjNMirO0EZyd+Rk6+KEw3
+OD2eCvsMoqXfjgaEwPGeMt6gR5ipnDD8HuYJ0+Ntjas2clxWqjl1U58P/y86TwpA
+QsGo3ohWF7rPVj/hMUwiKphiNsNbiyvf2Ubh2xXS/Gnw+0i362M1Nh4JOeeVfOCC
+i3dNuDwonT2kbb7QS/OFN79jdsIwzjK+AUD7CNBy+mT1FKyH1UWqHydLVMhI6+Mu
+0Y14W5pHpWUnqqt+5gX7A/bNZ4Flfk+JS0lsaq2WZ47936goEpIjrt4bn8t0Mfie
+jdz1lZEV7LElUJ2akV4Mv9HMrakS1U7LySD/NGzyRW3ha+2nstu/JS7hFk+Jf9zk
+lr8SWV8L67SXxRdMekbXYVEJZ/1R9TWUnBSZEg4SKUGWygPMBgm802gKOjgzyOVK
+Hxa95RtEGdccKNGCcjoyHvpvYSLbZ5873zHYngNmWc3jV0k9mF6q8lwYaixgnaFa
+Bt79/zo7I92MtJMMSFsvAVJYlh/km1xPg2ZgzN6o2V7SvDcu2TAnLrxtDnBEeYB9
+8uUJxgdXxhg/hzV7lz8vz/agpQ238F9GjjafJpbyd+ZXyl/mUaXHVtd8uRsCsOHD
+BIVww4sQa1SX+/idOYzaeqMX/oyOokrOTwCHp75jrFU4ysqWF6Qv9mvLlHp8EfUY
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoPoliciesCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoPoliciesCACert.pem
new file mode 100644
index 0000000000..aa1bf01f04
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoPoliciesCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: E0 4C C3 A3 D3 2E B7 AA 3E 7D EF B8 5D 28 C0 A1 4C 10 B5 C3 
+    friendlyName: No Policies CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=No Policies CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDajCCAlKgAwIBAgIBIjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFzAVBgNVBAMT
+Dk5vIFBvbGljaWVzIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+1rGRRtklAdQBZAIICc8jB889UiuPhuz42qkRhIXsu7pLBvoK6CJRcKDODBkxmoUc
+qkmyf2+6WIPK706gZ6ICLlaZJtU9XTG4+VdVe1hA09jjKmYQ5/RUoFto2Qn/jfqt
+jAnEgoiJuTpGbhMNcIqmUB8e9U6xF0n8wKRuoO352ZNmKkslQMg9IDTD2CTeg8UB
+Q5FIlTX+6ePUKgw49//7q6hdsOOsun19/Hc7zGfjI+ntqFpHXEL50sckzKVMO05F
+9qwVg5+4a3bL13QHFDUf71SqIaXyh3S2UkvSphEbyVz/XU5oF5mMnoZWsXn+QbR0
+gNqQlHGoqA7q5s78WqUDDwIDAQABo2MwYTAfBgNVHSMEGDAWgBTkfV/RXJWGCCwF
+rr51tmWn2V2oZjAdBgNVHQ4EFgQUQiQD7aVLdpyXmFx06gU6G/w15JwwDgYDVR0P
+AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAB5U
+gIV++5zaqU8TC9lSIq4uTTo+6Q81DBD7Fa7PWhFLqF9cKoZ+VFDnIPQVVhz4laar
+9Gtiz3Ix8vqGP6gPo5p+wpspJ13VF2YQqe61ZsOg0Mh15FETqEjvl6WZeVjdIvfR
+p6xsD+h3T++Am1eYNaAwieBZVi8OGRJGaMSS4Q2RNXs0vzT5I4RnPcYwzLQsE1jT
+7xkAkoNMHPaSMPAiQtfYHX2TqMn42Bp2CFuIIiDoZeKntLuo/vqKe28UW/d/uoUl
+1wE635wC9nhd+YzvbO6vVVjT77sz0H7KWbMA8kn3nx4HNNhVGC5CAtqtZKpQ71MU
+MnIgZeKsGC348hVKpRI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E0 4C C3 A3 D3 2E B7 AA 3E 7D EF B8 5D 28 C0 A1 4C 10 B5 C3 
+    friendlyName: No Policies CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4D0B9931D6FCDB0B
+
+xwCEkfEtoqtmk8ThayVcASqeRPvbex5x7XdY71H8DaA2yx3xu9CPwRelu7X+wm9q
+vPl50Ym7nuva9Obnvk6ZYx3ox0YO4NZApg5YZDmQnlrg593vZf6BoiQft8DaqxMv
+KJ/0Ar8mDd97VRZNfd7Alqr33AGlLVdsq6FkXZu/GhcGMIibUgnzdU2bNT20MD53
+rlitHQIj4wp4nd4sv02tDeKWYii6xkxGaWNJWlGHwFBi3+pYJW9lY/6lHgx1LCrt
++pQV8t/0ORoCAokxAZ1O1UHFOlvryvDgfWYayUPJ4riZqLvCRJET44Pd1H0OnY2F
+9w123cxjeDF1IXXbpb4myQUeN+u2XBrQK4mjJbUKytdBhKLrx3ONkGDcAuPgcHHL
+PRcHxJSs0ESwKZ1YxJhMX4CqeaWIachLUIXZu1JZV1OkeU4tTv+JHbxnSqbjPj12
+E0v7oQtyAKVXILXPS19wvVejZWbJviQB37N7xTNe63di8bOg30UhD6/gn0/iSOfC
+3lUEuaXNptx8cmQhPrbVSTHcFlp8GghkLES5NIz8Dbjgq8HG0jQrNDnrlhwou0H4
+Lgvu3uqs70tlsa+ZNI7kTiRjQ8s3b0fKXN3h6UFMejW8bHvaMWakVlayyusF/lyS
+km3HGcu/rZx0IngvyrUvOVKdUy1qMuG+LO2eZCjB5a5Gjiz7FvxK00DQrGNArW7s
+Kw5HyHxL+Qz8auWbsCjsWC9l2lG+wvZwFHdjw2C5gEJuwSdrtnToQoDvqEVLq3xu
+kS+uT1MeF1NPRjyMORMKIWtPjhyJLyCBpjALAIFvrI8ENuGTqeaKjy6YE7WS03iM
+VF3pJbm9/iBquBZU2ZGKRCle4eJNtLVQIt4us5qT3qkz16n3WMATvXBMpxRutPHy
+1J38c7g0f6tbngQz2jEEq6d/wHMVQbOTu8m4JAMkBDChXWFeoh6DK6KNn0j1JOBU
+xxZhKDSMcLjQ5qTO8WHfC0YtnWwDyJH3pdGEq9u+Vur4Lo96/tKMoxSMWTa7HxT1
+qi+DxxYY+zcj+aBDhfRiQQrMXA5v7aYJz7rquQ1h5oJfsBz5pBAhPh531hM2N7Nu
+/dn81tYsX084W6z7dAdHYppM1Ovg96Gl+IkNA1MXKy8ZLMrMJtc4H63z+1MJHfxR
+AY0VOXlsm7iAB8IoZLYM2aeuY+Yu+Xm2yKs98a98SKzXsV8qQO8SLwk8sfJuHv30
+SIql4vepd6otd0iJZEFonDMAV/fnrUfxQS3gET4lkAg1bCEK6j1NZ0HwpRYgvHm8
+iXF4t2wmcnPncfn4HkMM6X60+v+VUZlhl0y+9nqDaWM0n52DjWseHvJu6m5qF0o6
+w7ABt8YzEO/fVNVVWPRMGjxCvJXXgxkGbd/5cYKP8BRx/N47WLTzaah3AqtUpZr/
+ZtazCnraXDAsGbvG3bSBYHOPLBrunjzKuemSSR/wvVPpWbdlcsGhLHp8T/qBsGwL
+EoqbmZY/bPQg4VGD7D8DH5OqibEn9yUdxzXtJ5kinteG0+r0onUVXS7onth441dE
+pwNbzPjBhR1syNQ2bKzZ/93hOvkxTLDjTyv60YISMSyQ9peWfpBW83M3aaSN/DKa
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoissuingDistributionPointCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoissuingDistributionPointCACert.pem
new file mode 100644
index 0000000000..9222c1873b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoissuingDistributionPointCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 7D 10 60 ED 0E E9 49 A2 C7 F7 2B 5F F1 3B 4E 43 13 36 C0 03 
+    friendlyName: No issuingDistributionPoint CA Cert
+subject=/C=US/O=Test Certificates 2011/OU=No issuingDistributionPoint CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBTDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJzAlBgNVBAsT
+Hk5vIGlzc3VpbmdEaXN0cmlidXRpb25Qb2ludCBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMCr+3UdavfOBl7iCrYG59vDPxixxgNXuhT4Qd2MRQty
+I9ncZ/36pjy08CrKmPWAfmVZqSeNOSSUdf+BFUfRhVlN7wNHa8UqQei+5WfVtBUb
+B+opVvaoswfaRZC5jRf6sPfP8j1WfaMgDTmaHenWZs2DolsuO2C6eGjvm2nYzQi9
+7km64+oqlTXI73rCKT6WWTqHXLn0oK2gBPf3sTSas2olu/WBu6Zp9M3CjbVV+VmM
+7lp8m2EJLNFrI0CMMLCdeeYyElJ2hFqmRObNqnhcWh4eUrp5IVm72Pmsi8/2EbGe
+BGFa/l8dwzgR6EvOLFgoVnGufXcsoR3oPiZey+JQ3iUCAwEAAaN8MHowHwYDVR0j
+BBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFLPLVL9qnfyfxzEO
+kgynR2uZAJ8xMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
+MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAINy+PfPJaZ5e
+hJYhM4p6aSvFXi02p8Jml91EVwGkZu3hwgreINpM+gL1N6sAGRPnIxx+vZyqMOoI
+X7q5TyjO4LjmEGb4yqWANzqUlsEd8nPE7n0jJyEk/fT3EJVnNgMP5tvnW+E/+IQk
+V8e1y345UWk0C7xw4eYUFqjE4jWRqxWLEzLIYOb5nLakI6k/aIfij5BXXQyYv8c1
+H67xMGr5dfy6zsy1+dJB5d8t0voJeYxhWRKE/YHxx81+1Y/Oum/5HrCsGIf07xFu
+AlXdSF2FDH+i/YMlZas1laFLoGxClpfIBKvCR490pQX+0tEihAsZuISUSo/SIp0R
+elkDzLq7nA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7D 10 60 ED 0E E9 49 A2 C7 F7 2B 5F F1 3B 4E 43 13 36 C0 03 
+    friendlyName: No issuingDistributionPoint CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8A63FBF19DC0800D
+
+QhG/rbdcof4QsGqihybqEK3EGzxyQu+zRHl3/3d2Jm0y1ByDUu5h//BzYvktwwfD
+YR+05f6rIAQf9l5Ghkl+nT8SuR+P6H+kr7ZXU4H6dYxo5EETL67gBDdqE6pT+DWE
+9H0ez/ZwOMYCYPPrU/c6AQ1N1YSVG3cBoEM7qqkUibOIVWsd8DT1nDSTg7ZW+sS+
+PEUiwLeYmu+qWVCoskKTpNSFUGRe1Xy6uO7qDK7bWaL6WuMMph7KZsudkXJ30d3+
+77VufR+nJ23OS+xrOHBqWHdBBPUBK+zT0u+ocD/imExNBxUKfXvN0+N8Elq7zZzj
+DtjA9LH4CpmEr1zVO+RZgB4DU+7SB14EnaAUZiNFdVfGCQEk//wMkmZw5FUdDBQz
+oOLRVDSuis6VvLFgQgDQCGeQdFVh69je625W9vQnry896v++HX1jSpzHpnrepqyL
+RsRgWsCpxyTC2dO5BxZi5V3OH2tpdgCiPvxAU7yG7gHSwq/ZFBoMYHmJdLH7EJqF
+MeuZ9QAX8BrGY6qOremH0dyXri3pj0jUUDqMBk5AIBSaPBonMBKGxVSWilN11dGb
+222RJCnupmLo6f9zqtEyZqKpCTzOzGXenHrG4Ncwbek30EkQ38NWzwBYucDg6w8w
+Nk51h+8pseLO2ZN72ZIv9WhL7sf0EXal/rcBJxLnVZBGo4X96cmSnIY/UW58Bj4m
+Xtcl/5tMYNgJMdlQhNip9bd+1XIpcVAiYXZ6UneBbIBsE/UGMSvMjqUV/DQEsVMe
+QsCOz0TfezvzJARpF+TQogD65mVRDpzSwoTLk3GJudRHxURxKb0vPBVc28v5G06P
+0yAFn8LWebnG6vXsOIPXnrchMFSDkYU/mnptIqXVBPnA+2EEnqvNrrwm7JkwznOK
+dgBqubSvvbue/Syzj0gA6eN8Zf3ez/yj+t3WyDG+FNkDjtIfiJStkSAwS5iyU5He
+pGmG+LtjVZrlwHhlv9gVQDU1RbLensJ3+cauasDdbs2UZhB99Fhka7kaaMfNonpW
+7Ft5/FvFFlomCosg1MuqJ4Av4H4DMvPKJXVToaMn5Zhl8++c+a78Vnjres0kdov6
+n9F8716q2L/xiBX90G7PdlUfTwTNbokzIowIaKkyz2LVEEYHQ3qIJG/YA2YCzVX3
+vkLKGWWA5y+z2sVr2JucAOKP+qwU8kGCB0BzsEvxjL8ADwZ0wmmWhxhJXIVzHVfM
+4cMKnW0Q2mcAEr9FxrccFSj/JNfo1EBqbKUEOyqeU+MkX+80yyorXsNiQsA6sK8X
+njrck2cwZOshKCe37n399spt8ZBByu4zmTw8Xvy/BiGvRlAoZEgld1KEilLWQtVB
+0rr/rKxCCJoWbaF/Oqr1SSl8yw5TGdoit3u/Bm0YA3ijruOtNjtYXeJRhj4pN9Df
+aFtCtLHpWvNkEYw4WpZD7CFy6dImbqkW7b0+Khg9xEPT8Rog1P97ltN+MqVRqJZ4
+8Dnomm/C5Ahsn6WAh2/WPyfxGXTULPia+jpDlpMZP+NpZNDDNPOHBIU7/I9F+n7U
+JqcDwyTBqGooGtm6z9Kz1ccUxj0cLl6B61AfKaY9OlR5sdqIUyPIJQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OldCRLnextUpdateCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OldCRLnextUpdateCACert.pem
new file mode 100644
index 0000000000..0ec4b21b6a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OldCRLnextUpdateCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 06 21 29 E2 38 20 83 13 82 97 68 45 39 02 F6 E1 06 EA B4 9F 
+    friendlyName: Old CRL nextUpdate CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Old CRL nextUpdate CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBDjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FU9sZCBDUkwgbmV4dFVwZGF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAL9dKBLjox+erXrb2q/rdAlXUWqvi4uRcldjKQjs+z/Egt/Vz3XSzOqE
+JVFUojykLto2tYO0C4ZM+FGnn6b438qsXkeIPU+WGv1eNqi7Mm0miU/+JKXnCDMG
++Aq+GQSK/1JoQbusbFR1rfhU+a2rH1eMbnclG0CuknK9jhXc+rhR3GcfW1ZC+0rl
+LAjH1CPM/uwyNB9th87sU4FJ1PpzKa46pgB0tCIZqDw5vAMWn3vllBvMRtvVQBOR
+GwmkewDGifBJlvI3IHsEwxvws+uBoGjni/0cM1Zf/LZkjZYdbEalLf+a0uAqzdyv
+VhPCKYwrJP1H85ubTpFRGajNw35h6NkCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFM7aH9pazI6X+iAVKU+slo0qzXgT
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAuSS2lcdw8wEVWsN7SEqN/PFY
+fYY1/sJLPGnE33ItquQhD4Ab9+4b7o0hq6VWkomiQCos0lgrBhQyJgjiBSB3zjAp
+PIYXQp7kzXx0wo3iVhxVITv0MfEOfNbPNP2etUs6ivcOXcO/uxhB1rJvgs/xSzwv
+C1waXG33zCQcABSSHu6Ylkw6xkI16W2nbqbySz1zoilVthP/ulrVB1IffCyrB5Lk
+LpY3pV7O1ibyHjmpOliTfyktarUbJBXt9X6m8oWIRk3p/7dl/08oXD7bAFk+19L9
+BaNzLinwKdp3GvvI3SzmNOtUiweQ83tNJig0eI7YDTeHlfPRZE+hccTfw5DdSg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 06 21 29 E2 38 20 83 13 82 97 68 45 39 02 F6 E1 06 EA B4 9F 
+    friendlyName: Old CRL nextUpdate CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C60F4F875B4AE07C
+
+r1mixPIe6yhRKt7pKXN2rL0IbT3xqH1GydMztUKrUSYezhqkuQsw114en6v/1WD9
+RlfiHQvWp1eProra/8t6nVDpRdnrKGwCm1ov6Bxm6mkBQ2e70Wusl0N6Gi8ACjEm
++uMv8WU7ofPAd3Zf7LSdhLwuOpL2/Z6St+NfLU8MMch9PmegwBZ57JcVCPuHT7d+
+1W/k7GSqTfbof7E/A20CajhrzWjkDB0/0+zCxnfZRgy/kF9JJ+J5O0/90/VZQelv
+FzqG5M9ReSxGi+6KHVShuNRke4vPRAFkH3/Uu9sRXHFNcb5GbdxAkxNfJ+3UVegO
+rCdf6bp676QKTCGd+7V/e7gFMc/w1TScYAzU1JDT0qt2hbQuO3Ecr+UY8u4WZGiy
+x/ICs9hI+1Q+bSDRz7t/ozCLmmiRDExw5zUi+xbjbaBSiX6AdcYP4ZpwQLp0Yy1C
+A3lvY9yJGwAB5A5SIrJGnfsqlqg2Tv0aobIANvLzDMcduHuv546mDaiBXPnm4d8v
+gwsDZAaGJmCVDoo1O7Vv8wVf1YYFBTyuSznhj1RQiZBLKG+kfcBzADnThWmxXCQb
+GoiionyRwtLueUuBQLdfa3dywn2SFnd37QFJ3/ditUvWwSs5NLPFSNYsAnw42B3P
+GVCaDXWB8RZ3qnAIrsByMWLox7bes5zndblMKHsveZBWpjQSclqXsvm9vTYH7FcO
+gqN6mhv13G2kP962VUDEu+I083DFBN1BwqWU8qEWCv/qUjRKRg7v4ySC1vz4QeMc
+IfoNqY/CmtgNVx6hWQL+1x9iYPbG6yTxwuu3ke+qmnHkCrAEtVtZNE8Es6iFdckr
+lYMSSl0CmKmU35Es8OoLVVBnY0F4G6+wM6nRCnkFP/9wQk07+bRszz0G3vdv2eX+
+khoD4fs5o6wn7qDuus8peD4z7F7TKiTUATZgF0xa6zKDkAIiokrlaXxOArU/D4ky
+g+IP3fbR6m+3VWt3IMZ6IEWU2ZlzsUBkpCsFvGKLTF/Jos2PeCoPQbVu4eaH5vEd
+RhHL2tyQEFDYA1mLz8H0NFqFw5n0la+3dzIBQBwGU8zTkF7Agaq4FHo+o6JykI1K
+FDLW5Kv0aqO21SyJ4fiTSl4nsD3i9FeL8d8LIQim89L7GzhuVfY9tdk5GUV7D8Vg
+1I4mkISYYTkOeNwo1Bq3yxpslnMaoU/+TrvfvIrtfoozutLNCZmhFCGUzlriHPQ5
+JAP7rBKdhQdG8iBYFyq6hCjnDuAE8BoeuQEhHLxb0nefwZxv1CdS8pr6hVDRiWLy
+C855LiwRZzMhWPQINUnqpfdzVUNOeN4dBsbyuEHgegjXlmg+5K2g29pLofnvQP21
+5uy2qS/e4nAKmMIEMf5BpHjl9cuZcgGlz2f8QeHBC2rsYesptL3SaOukGKNHxUyg
+hWUEY/kMz87FMSZUlIIeGKfH/PLnSqmY2Voevkf7Jq6yxOOZT9uHMYBRXsDa27Lw
+kzn90KqeSvvfbciV47a1X+UVklepdl8KzMM9yFJsapyP9Nc36c9b3Jv1X0i/kb/s
+eRcv1pYK2LrkID+G+WUJJKgEts2qiVwmNucWFh+0xwWmxsSsCr5DyQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6.pem
deleted file mode 100644
index 85f0b79c2c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6.pem
+++ /dev/null
@@ -1,214 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P1234 subsubCAP123P12
-issuer=/C=US/O=Test Certificates/CN=Policies P1234 subCAP123
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFBvbGljaWVzIFAx
-MjM0IHN1YkNBUDEyMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFIx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUGA1UE
-AxMeUG9saWNpZXMgUDEyMzQgc3Vic3ViQ0FQMTIzUDEyMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDSpQwaDoPydLNMC8zANHGCiwSSV/p+yyB92D3cy4OofA3o
-E/MneZrL0kkAoaM3sxpkniK7a37+ghg7ydyUw5n9CRxAyNMONSetp9uBB9X1+fZy
-9JVVK2W+5ycWBDxh2YOfyFE/wQBbJK7rIIrqtgUgNi7O+6ppcpbnguodB17MZQID
-AQABo4GLMIGIMB8GA1UdIwQYMBaAFLZ7gxmIHEmBIEPO8oJM80aGKITZMB0GA1Ud
-DgQWBBTMtOdc+dU31FBVf7Ixli7kkaTEaDAOBgNVHQ8BAf8EBAMCAQYwJQYDVR0g
-BB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwDwYDVR0TAQH/BAUwAwEB
-/zANBgkqhkiG9w0BAQUFAAOBgQB4KomH+VcsPxXsULBeuMVL7QtJMD6RoGaCHnL5
-NCdwpt7QE3TVRnWgL88gSXtmMudJ5QIb3ko7PYOsuUhA/6YZvoBvQIdJAnprjYbr
-kxDMfK3PoouD3cQncVSz4xqJ9VcIaH6/oAKGpDt36xSUY2uqOHb1DLO2qmKiStvW
-Cprikw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P1234 subCAP123
-issuer=/C=US/O=Test Certificates/CN=Policies P1234 CA
------BEGIN CERTIFICATE-----
-MIICoTCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAx
-MjM0IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkGA1UE
-BhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhQb2xp
-Y2llcyBQMTIzNCBzdWJDQVAxMjMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ALs/TklxdGqU1GnW9LkoRaacXCpRHoy8tYpTUbUhznd5fkjOW5Dyc9HK7DWs8q1q
-aAvU0KeqAEtguNCACjKFeXPyWtQuYKRB5o5G1WXcqy4pYK2CCHsyaa6hf8+kU1Y/
-3VcEuHoDX0WFJ5JFlaRERNagLbzDTjG6KtM4yhcEnTHfAgMBAAGjgZkwgZYwHwYD
-VR0jBBgwFoAUMLt5B08Db7IYg3poQ6v3TKFAcQowHQYDVR0OBBYEFLZ7gxmIHEmB
-IEPO8oJM80aGKITZMA4GA1UdDwEB/wQEAwIBBjAzBgNVHSAELDAqMAwGCmCGSAFl
-AwIBMAEwDAYKYIZIAWUDAgEwAjAMBgpghkgBZQMCATADMA8GA1UdEwEB/wQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADgYEAM38BPBwz3qjIhPI9byaqLmDkw3tA5mxae/P9
-N6WYYwW+Dm0KyjXs9SQZ3BlHDl/+D9dJYNScOXjKpc3hnrAUT31rGyhC2CwV52mt
-xGukdJIxKOQgucIylxyxF7N5x66TyC5sxJGUh3sjItg6NAOQGMwBwKOz/5zNTdK6
-qDuaEoI=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Overlapping Policies EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=Policies P1234 subsubCAP123P12
------BEGIN CERTIFICATE-----
-MIICoTCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHlBvbGljaWVzIFAx
-MjM0IHN1YnN1YkNBUDEyM1AxMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMF0xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEy
-MDAGA1UEAxMpT3ZlcmxhcHBpbmcgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALT4JJTriZO8+53ZvgYrbg9m
-azzLgmYzgvBJ8/IvzLaXsCv7sw/M2DU/CyOdIPy8g9XchC9QBJrAI65Muvlpf8a0
-CGqWH5AQElXjIkicPMgfC14xd1govVHxaRIrM/g6zNgGPnSivMXOrTm6fMNphEvC
-CnG+SqRQ6oKAkO1k7jWxAgMBAAGjfDB6MB8GA1UdIwQYMBaAFMy051z51TfUUFV/
-sjGWLuSRpMRoMB0GA1UdDgQWBBQLhzG1VDzXbIBJ1rnYkrn+iSfrCTAOBgNVHQ8B
-Af8EBAMCAfYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADgYEACuuacGsxw8Rq6HznT/dvzsw93OA250kOCJei
-8VJbyNw5x61+F9LxLZSBUtYgIfCOid3gUBe8MU0W1r8Qpg1PD4Vgq76l5IWyvH+K
-ACy4A7XpJB8a5zF7OUGexEkFC9RQ45PJ6i4JILtMeMLTR7c0pCkRthg2CW/vIc6a
-Cs1zrEk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P1234 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICsTCCAhqgAwIBAgIBIzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEUxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEaMBgGA1UEAxMRUG9saWNpZXMg
-UDEyMzQgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMUyBhDbDKsFVn2a
-KCxh5Y64ZiH8OTq134EGg3NL8l0mqcA01qEhLCasHMR98sd5xKPtNEQB0kN9jf3d
-Zmv4gop4bAAqPlhvkcJ/KUMPLpLdMBT+1xLAdu1yKh7eKpoIo9vfus0fjH0aOWhT
-Wa7rCSuf+9I6DoDk1gC1Q9k57jDFAgMBAAGjgbUwgbIwHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFDC7eQdPA2+yGIN6aEOr90yhQHEK
-MA4GA1UdDwEB/wQEAwIBBjBBBgNVHSAEOjA4MAwGCmCGSAFlAwIBMAEwDAYKYIZI
-AWUDAgEwAjAMBgpghkgBZQMCATADMAwGCmCGSAFlAwIBMAQwDwYDVR0TAQH/BAUw
-AwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAMoj83UxGqz/rAVr
-SXl/vP2tx92XqrJj7UYRHcHHcTodTHoJ3j+m3MUHwwsoZrqvnhS1HtIqPQsoD9DD
-8Qg+uHFd5EH+Js40QK7zU7mHBOI64Kl8T8xrpgcnlLgXpg2H88at02UvMTDj4Lix
-ANfajLNnQx1htjJhMY3zzIgPApd+
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P1234 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:30:BB:79:07:4F:03:6F:B2:18:83:7A:68:43:AB:F7:4C:A1:40:71:0A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        bb:b2:2e:86:63:50:7a:60:75:e3:ef:14:96:e2:19:21:90:ce:
-        61:fe:2a:1a:d1:37:59:b0:8f:3d:fe:c3:eb:b9:87:61:3a:7a:
-        f4:ef:3d:46:ce:ef:e4:a7:de:a6:7f:ff:25:1e:78:bd:df:4d:
-        8b:96:70:ac:47:8c:e4:77:1c:f2:94:3f:bb:36:18:21:35:0d:
-        10:d9:69:b9:80:42:d0:7e:81:15:55:df:6f:fc:50:b2:9c:b2:
-        53:0d:b5:0d:6c:69:55:b7:0b:65:84:7a:13:9f:74:8f:52:49:
-        58:2e:6c:bd:b7:19:b6:34:eb:d3:1d:cc:08:a9:3f:07:04:69:
-        75:e6
------BEGIN X509 CRL-----
-MIIBPjCBqAIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAxMjM0IENB
-Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBQw
-u3kHTwNvshiDemhDq/dMoUBxCjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOB
-gQC7si6GY1B6YHXj7xSW4hkhkM5h/ioa0TdZsI89/sPruYdhOnr07z1Gzu/kp96m
-f/8lHni9302LlnCsR4zkdxzylD+7NhghNQ0Q2Wm5gELQfoEVVd9v/FCynLJTDbUN
-bGlVtwtlhHoTn3SPUklYLmy9txm2NOvTHcwIqT8HBGl15g==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P1234 subCAP123
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:7B:83:19:88:1C:49:81:20:43:CE:F2:82:4C:F3:46:86:28:84:D9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        45:d4:de:34:51:48:6a:d1:4b:e0:d7:2d:55:52:e2:e5:8d:a5:
-        ee:bc:a1:c6:44:0c:9d:b7:61:cb:a2:1c:58:1d:03:a1:cd:8e:
-        e5:9c:28:00:4c:07:c4:0d:ae:a3:b1:c8:aa:8e:8a:59:12:41:
-        57:b6:fc:db:34:10:a8:e6:c9:cb:0e:5c:28:6f:b5:3a:00:70:
-        9a:a9:ac:35:83:47:7a:02:24:69:46:26:63:29:0c:c5:51:c3:
-        92:c6:c2:6d:cf:5e:b8:25:eb:d5:b6:d1:62:87:3b:9b:24:6a:
-        b1:9e:33:a2:96:bb:14:74:21:ad:b7:7f:98:ab:b2:6a:25:2b:
-        0b:ed
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFBvbGljaWVzIFAxMjM0IHN1
-YkNBUDEyMxcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUtnuDGYgcSYEgQ87ygkzzRoYohNkwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEARdTeNFFIatFL4NctVVLi5Y2l7ryhxkQMnbdhy6IcWB0Doc2O5Zwo
-AEwHxA2uo7HIqo6KWRJBV7b82zQQqObJyw5cKG+1OgBwmqmsNYNHegIkaUYmYykM
-xVHDksbCbc9euCXr1bbRYoc7myRqsZ4zopa7FHQhrbd/mKuyaiUrC+0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P1234 subsubCAP123P12
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:CC:B4:E7:5C:F9:D5:37:D4:50:55:7F:B2:31:96:2E:E4:91:A4:C4:68
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        5e:89:62:c5:3b:e0:10:f8:22:cd:fd:e2:44:73:c0:23:98:67:
-        89:29:67:ae:39:3b:53:4c:02:24:85:6a:37:16:1b:a0:c8:fa:
-        ae:0d:02:27:ed:3c:06:8d:e2:ed:35:53:a3:06:f4:a3:ce:6d:
-        63:d9:86:33:2c:95:ce:47:95:2d:7f:5a:f0:a0:68:79:5a:a8:
-        aa:12:5d:79:b9:4a:bb:a2:5a:85:af:39:1d:aa:b6:a0:18:da:
-        39:f6:0a:00:f1:0e:2e:fb:62:1f:6f:2d:d9:0e:b7:da:0e:a5:
-        92:1f:fd:1c:60:73:7d:48:f3:9a:73:2a:14:65:78:2a:9d:7c:
-        88:5a
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHlBvbGljaWVzIFAxMjM0IHN1
-YnN1YkNBUDEyM1AxMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUzLTnXPnVN9RQVX+yMZYu5JGkxGgwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAXolixTvgEPgizf3iRHPAI5hniSlnrjk7U0wCJIVqNxYb
-oMj6rg0CJ+08Bo3i7TVTowb0o85tY9mGMyyVzkeVLX9a8KBoeVqoqhJdeblKu6Ja
-ha85Haq2oBjaOfYKAPEOLvtiH28t2Q632g6lkh/9HGBzfUjzmnMqFGV4Kp18iFo=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6EE.pem
new file mode 100644
index 0000000000..3d5325d7fc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: ED 92 6F B3 30 66 FE 5D D6 12 7E 34 D2 4F C0 DD A7 7F C6 71 
+    friendlyName: Overlapping Policies Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Overlapping Policies EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P1234 subsubCAP123P12
+-----BEGIN CERTIFICATE-----
+MIIDsDCCApigAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeUG9saWNp
+ZXMgUDEyMzQgc3Vic3ViQ0FQMTIzUDEyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowYjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExMjAwBgNVBAMTKU92ZXJsYXBwaW5nIFBvbGljaWVzIEVFIENlcnRp
+ZmljYXRlIFRlc3Q2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9FQ
+t2aGcDvI7U42QCqMgObhOhdJlQWJSgI6EpQj0hEAvhPULpSpC3pqiRnBzmK86R7j
+zEk9TxnGNYFqDS7xM6Mdkj+0rOKmnzVIycEFrcQLHxglYGj8PwSgtvEq/fIuebJZ
+KEoS/jCrryVGnEUY4JWUNg4bqOGDSFTu0JBj9lSKOOH3gh+p9rJg5Hwc+Wbjb0Sy
+8pGRGuSXsumSugGqHKoxSWfErrnTQRcls7VqJ4y8MJwlw99q3+Xa0aVOwoi3ocPM
+mgArtDN0rHbP7+4tNcHsIjl/2WXUokGUn2/9GSW5gBIOJw3Nd6hvtOS2nlGf/qUO
+KM8j/wjWImLGF8MjkQIDAQABo3wwejAfBgNVHSMEGDAWgBRO9F6h+Qgwe2WsksAR
+CyzTtJYHHjAdBgNVHQ4EFgQUkrgz3HUFQnDN7aMnoK34budYbUEwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgH2
+MA0GCSqGSIb3DQEBCwUAA4IBAQBikCXaSOKIYSsx3TQPKgbpM0QMvbf2ios9BSNw
+uJv8LFXz+bxFq+7x5GyTxGZ3KLgB0hypILu6M6RfRpAuH6eRJJwuXfXM6w/y2uqC
+wqNIR5PwyWosBjqtBAUZZf6/VVU5Xd6BnpZ73jBNxxcgJ79svcw+6AFPXlcygLjY
+dhugLPhA7BNyKmA9kxRrnp6kCLh3dI1q7Qpl55Ytz6YuyCAHe3NMdC1Ee6c27RwJ
+GfCjDKhkCB/LSn3jbU+y/9lOSaMRSkAPKn+dkp73UpJnJzX57KJb/XE+q6R44m6h
+FNknITUZyD5S8UuF1g929cjBj+buejxo3P1jxH9Rb1+9/REV
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: ED 92 6F B3 30 66 FE 5D D6 12 7E 34 D2 4F C0 DD A7 7F C6 71 
+    friendlyName: Overlapping Policies Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DCC5536BE51EEBFA
+
+sTrmnRG3b+rHlW6MI5TX+ZyhauWPiSVXox1qksQP5vC2MH3pZm7DTmSxRLw01bWX
+ilEGhAyYxi5oX10rWVlEvuTOuR1zbHcke/omUGsyWodDaDI+sF27FvCwLIP9pEar
+OT5rKsYsSzXZePBW69uSyBacplqW53rw7StQ7fykOHufIxbUKmyl91RqlXCMEKjg
+HzOEKYpQu/5w/MJQ01KFdAjCgIewz5gCreBhnPlT+BIIb+sAxbqELXTsYY6dQy1a
+4XZr/lB4O3WshqEgrBmUN648iOgabEr8a6umGcQzn8nRNXUQ76pGD8SrYs5KXDMw
+zFZznVe5NM3pEQOuJB5f3XuKgDzsMmxmkGW7cSlETSLK9q/k0oP1FzPjYd3KxvVv
+wgqkXJeFW3lzqqqb1ppVQtH1GCcp1/HzKWyayulTxNF5xX7oA0hUdLirgUWzs3cp
+VAMn/vAtRFmdD4WZ1fSse48YbmpQr0D9PSwnHUYyMn2X7TPid1OcnQZ0wb46T/pP
+taZ0aNctyDFY1y7H533osK7YhUVHIPkIOOBAtvevPE8LB3VrZGGOf1TQlez+6P2Q
++l2EsguETB3lprKxy1jy0TUZp9R/GXqeGgf7p86o0C52VemiGWO/O19/nwd7lMzO
+Xcxz80nTENB/EdRwPVKtTWcER6EranArYgntW7t0WQOb6XOtmczwMS63K5Bfcf55
+Vm2bLLrjuuKAAMt+AIUM7xbkAKlpVqS6RcfldP8iD0mFxDHSjjT3KIcCF0PLtauf
+pc1q5c/za39VRiuNSQ8yJJtMEMINb+dgXSMY5UQTdVwWxvykRtOssVd2Spq6GSJP
+MnjugwasKNcgt+lzs7zRHbOIcox6rX3Ly4vgpqMYCrSpqQXoAC1WTBlRr12cWnsT
+IwbKvB2STGA/PKgIY1KkSQtfKhGIQr/qULm8NpAwwGcgHoaoRkNgXR2yZwtv0WDK
+E9x0LEQBtvhp5wIVPTwHlG8iCx5e35kGJNTNivzeITgw2wBhJr+xR2N2dL4B4dqi
+6Ee5nxlBLRk/oBM5xGOcLItj1CTsckNOiaBOWuI0CP/le7myMCiQqQtViASci2MN
+/aknFttZlf1yaDNfuSnVS3TZf7FzxD249ZCX0ZpKktRNkDnUsmw6MHzzIJdQEgUr
+QxaYyAIU12rR2E2LbzUASEIzSFdGx7SeC4oO++3qcrIOA6vsuzqHMoEyIqOhmpZ0
+WWjFOffW6ffVw4YMjavn4SIT95GeNNfftLoduWJZzBcfs1U3ziWlRIwcPWT7jlEK
+AvT2uQkKFhgcEtXbrDyWn6U1Hh4/a7eoSVpZtadB+KsbvoeS62OgNymUDdjQapIx
+dtZwo0dTzqlXKrYD3yIUcik50+sJsC6aInguWDs6xqZgE+aQd2p5FEoS8u+c+Ftq
+TAkuS/BK791eqcLduhmdAciut4pVc+xmc6WvD9piL8W00RrzayrwCvWzdVLAzdZ/
+bOiFUG9fzlacfT8tKYs7TD+BWLw8xT/yLAjiaQSjm7jz0qc3ExpkP1S3bBv1rxHK
+LiBN3mwDQ9SC+jRSRR/4v/0THHc058VaoRDecl9u5Q3ItPrVl76VvXuIu5m8jnx3
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3CACert.pem
new file mode 100644
index 0000000000..b368687f44
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3CACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 9D 3F ED 42 23 33 E9 57 BA F9 4B BC 08 49 B9 4E 65 3B 44 79 
+    friendlyName: P12 Mapping 1to3 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDzjCCAragAwIBAgIBMTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHDAaBgNVBAMT
+E1AxMiBNYXBwaW5nIDF0bzMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCybxVTY2ahevfz61NSr7Rud7Bmrim/64S25e221g2bswm3M+BTZ71urQ4s
+JsDgpAew9ULwmJPjMBLbSqkkhld/X7p0q9ffmO10Vbgv5BzOHw71pnxP7qQlb6Tf
+F1pDlYFDhxBYqpwxmvtgOuP5XgqlkYpCzcG0fziyhL/EmgOLR4FxaeiTejMvJEpo
+XnN9El0THTG01qtbT6ZwLgz93yo3bxonxLRtQZtvkR6pjSJ6XF84IsUPY1CDoFdA
+8v1Syir5cEHxYeSSkH5yJSf/KwZ+dt3NFPZDk1VAIyFqPk1UpgsG0P41UavWPetR
+jrCB+1aydTyuHovXCrPof65cAbs9AgMBAAGjgcEwgb4wHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFPz0jWEzMoB8fTWH3l9S+2nxHcES
+MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAw
+JQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwJgYDVR0hAQH/
+BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATADMA0GCSqGSIb3DQEBCwUAA4IB
+AQCQi4Yo6SjeCW1k/l7Txpz5pQjamJUDfBmgcr6v8n6RfCN+1NoMXbXX1hgti03O
+QsU+HAnZpB1B+2GNeNdtN7a8SSutKt0+ouswvZOK3w/3rC1AxJ/MIDMk5IvjBonu
+TBnSQIIvLIWsXcub6aEEG61GpG7cK9GnMeY4NxUH3YIIPDJs9nrrcHEaO78s+6+/
+rlt8+XuH4h2m+xv7xB+7GN8KKKSH3gZ03X1QpayGiw91rDX52O4EhfAQcxtNfX07
+9VvpjEcfn5Lpbe6p8BfkziM+TVf8zZmbfwR3mwinTdcLBB8AxENAbN3Oau965reL
+23HfMPn6+Rf8SYguskWt8K0W
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9D 3F ED 42 23 33 E9 57 BA F9 4B BC 08 49 B9 4E 65 3B 44 79 
+    friendlyName: P12 Mapping 1to3 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0E0CA028EA0BAC29
+
+Y2V44KvZbm7BLf1cweYyKkbNiQGtg4aDqH1TkMM0zzzCoc2Kc92wcFaEDywvs1GM
+wu7LI23hK9lUYkMHKT9lmTtclY3bwYT7//1M5Je3RgSF8h3vYXCl3u87imkIkuGx
+HwfdHUgFXmaLuppKFFZ7XYVsSDpYOkXDTzNKEymmSIfh2nldK+Ud0JIU4vrPAwjo
+Y1/R8q8XtrGInYLLeLxs/igDklJfD+QA+477w8lYJhbutuDcQnHG/1R3+GkbSekC
+K0sG4E/cIXy/IYJJRhTOgmRSEdbqbujBZHpyhqlNrsWCDZKiMuMUBrdZHS76y2/C
+8UfsYqDl1uZ6YhODiUh9agvRGW+w+ObqYG0JAhcg8TzwBoqXlZKKBnY7NuWUMtyo
+1bX80YvzjTR/wXLe1Wm1Vlqv1Zx+pF+fgiN5UcskzeK8YnqGwl1A0gl20+diykc7
+VlZBBcw3QRAFll4LPUavgNdZYpZbRzZz7dfq3rc3FdrOTMkdptOJoxCxwErYjCu4
+Mgh1yCzsAYgVnHUzPkv5p9iZtUaOknssq9kx1b52xa32wBoTskG7MNMVWGzYPoA/
+YMwrKsUXS+0kxPKjZITaU6KKNZ/WWzpmGlThXrFzrQotBoAXtrAz/WYLrnQhwA4d
+vvXZX9c5lGrvlMceXF7S8idEj/dhSh3F5f5H1jpPj8gLm8axxSpVzIzipe5rckwQ
+Uci/Dc6Wm/OZks8CTZJaj/GrT0ado0OWn6G3ZYt1YCZepcHhASAxTIJhzdjRqhC2
+GHyhj3C+eivoz2yojemiAV3FazATcWyTOvjA9LYPbtjCFzSTXAVf69NGZmpsKgpM
+xdRG9D987rZk9Gwju92v23zyPzTKFIE1DOkhkccOI4pht7zh1wlrBqn53Pbo3mA2
+yN7hT10+3sI95GDrq54ucPCyGBjersqFGrSvfgmZkcn6SQh86dw2Mpu3i9shyJpW
+F7/lMycuIW7PPueH340ca3SKkgLKMPAlaqimMke0S+JTEtGm9/1UWd+23eMBThsq
+EqwxapZoABAWcfg+n01urzcVXTDNVG8qNacQ4//eWjpTA1bTEcaHXzC73YdBSqSn
+TQkUVAaoQhUUVzelg2HvoTYwkRGpvSkrVOwNN+WbsWLa02k/k0r9GKW0ObSGPCCM
+1cZgU6xP3PRhlXlTiXcNC4cl8pj8AnZ+PEvLPi6wL+Exxq6bpKN41NAF7ZBbAj/W
+pRPOUQvj4adv3tdZumT7UBZThhFaz2LA8sKo1p1jtC4p8miq6B7UB5+o0w3sdX33
+Vk8zm7hDPHmpgzI351MrQkNpdqct0EoOG85r/LlFcPQLnQtCocVOmiPhXZ0x35ao
+YO3c7RyESU6RZ8O38aMbR7mpG2sL4lOwY3K1xlDGc+sLpailzjwO6KwP/zO8tWvE
+FqJ3f/+ADXw8XUc/FHKHPDg80TcyDL9gABIDjNl9PFoEOkrt+ZOWZsKk2DhxtN+A
+SfJd+Mz+GoOV6e4f1GX+ZFmaYBnCTFaH1KBgTiXGJtpQZG21fHNuroOsjUTPaeQ/
+PgU+XkSwTxsKTLo3VHHf/AAFTbDXojVO1BmpYkawDUqNBw3IlMahqg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subCACert.pem
new file mode 100644
index 0000000000..1197d44256
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 85 77 F3 95 01 38 A4 A2 F4 47 6F C9 40 01 4B 69 92 E4 63 7B 
+    friendlyName: P12 Mapping 1to3 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 CA
+-----BEGIN CERTIFICATE-----
+MIID5DCCAsygAwIBAgIBATANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UEAxMTUDEyIE1h
+cHBpbmcgMXRvMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaME8x
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMR8w
+HQYDVQQDExZQMTIgTWFwcGluZyAxdG8zIHN1YkNBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAxEQSYM/pUi02SbG3+5QFT/rPnGdsz7WTlK84lI0muKNE
+ZF3ZhSs25xj5+M6Kak1HkGxP0heWALuor0rEPzNX4W4zXbFfeZRzLtYef5vFix3J
+5hVTVeKJncghN+/Ik2RDIubrcm8+rQKHW9f01ufxS0P7bc1cAueQSX+fQx4WaGiP
+fwa3hI1PoWfDZGfZe6Yb/POwHIpwEI8gtmZ5++z42TxBeXktFk88+qmjDzFm3EL9
+aARqFtOvCVnu4kZHNbHatq6mBsYV5WeJMENmihJj0bbOsmwxqmcgyrN+jTCkhyRa
+lIywhZddOIyw5CqnB6ELwU4bEhgcQ3Srogm8sDJYAQIDAQABo4HNMIHKMB8GA1Ud
+IwQYMBaAFPz0jWEzMoB8fTWH3l9S+2nxHcESMB0GA1UdDgQWBBS+exOToeSbxSc8
+MFPXpcnmWpZ6NDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAlBgNV
+HSAEHjAcMAwGCmCGSAFlAwIBMAIwDAYKYIZIAWUDAgEwBTBABgNVHSEBAf8ENjA0
+MBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAQwGAYKYIZIAWUDAgEwBQYKYIZIAWUD
+AgEwBzANBgkqhkiG9w0BAQsFAAOCAQEAbH0Zzzdz7zKpAJHd0euOWLiP0Zs08+9+
+d+JG/wsVrUwaJIFl5D/lBW6tMMqqkMERQNLoXW1PMf0joAeooxapJAcyc80G+CEv
+Qjont75l9RswXOeOJDr6cjKgDfJ0Su488bJ22YAK4/ywiiZMXZ/kFbjFzN6VaUtS
+jLHyB1L/tmahUMD1fWr1R06VFlwtaB4MEyBHRdYd0kr8pPEKTtIpvMYvgbHfpRqe
+yCGfKTgRRCuAnP8T16Xajq9LPkJv2/QjHWpTgeRKA7ddWrmEH0VQcmpHYgoPMIkR
+3uEv8/k8zdsI14AHOj5zUn9muQgFK4znUjvNspmqx4+x4S/3FjEoAQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 85 77 F3 95 01 38 A4 A2 F4 47 6F C9 40 01 4B 69 92 E4 63 7B 
+    friendlyName: P12 Mapping 1to3 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,18BF239A1E00FC54
+
+4X2m+xhm6XNIGfVHSKHcXnzZhk7p0USieVlaWMH2TgX6oPy6oL5MTiufkYwoVder
+6MTHiGYW4QgWad3CcK+SFz63GBQjHjA8T95LpIWK19IcmGTiDshjPk41lu/lqNa9
+e4COgKXTFC6/p8u9kpz6+lNXhffgcAJdj29I8fAym431Y4cGC8JKoc3PMTH7cZCW
+/EV0sSdy51eaGUPAGkBr1wgX27L83BwCrb6tYq4pxmyuTgZ8qmOOwg1Zlc1duB8y
+hq8iF2xdvb//Ilep2MC+tuKKgC1V6YW7hpCLOpgUVPzeO2l0PL0y3e9rnnm+Z454
+0ezKIZebCffmTwOtlBSFBOANOsYuSA+zo5v1W9wQjoVOxiSwzLiwa110SZInoygL
+3+Qw28ct6ASDcol7AslYnmW5VNU7ZrqAMkE6YcKu6JoZL+u2ny0I1ET2o8ETXVai
+LyLrbOzGdZhXopIgYT6lb5zvq0SVAbOo+QKFwoGJT56K/k60mteqWPc1AdjKZDde
+e/Ff0TXISMxAa8u6yPJ18tGaOVEyMN1/KkEuxdIWTGvp/Y7ctD5xXaEHmhP8n4a5
++Mg8dlJcheYpOS1zr8mGkFwSZPmf/U5zBmsUH0lBwr4fvNvmRLMVHDE3XzaN2NXg
+Ztnf/DQk2ntmdVF2MJ/pJxorp8aIJZw0g/V8C03A+Skz7oHc72fPhP796usg/H2W
+mqVC40KOO5dCWXtaAcVy8GXfQS84TWPTpGMCpyHaK5y3YW2wPGDeNKBDicDqr/0j
+10xD2KOALKZ0N9osOlYD+5UfZ7J5D27FShuMBXXcUYphugtAKUP4nrCBZxEPoP6o
+7jdilf4ZPtHp4HdptZKkI0NqpQqGh0UMX2mNH9MmBHUibcrXaPaPnh5XwIGN9+iA
+9q+eFqP+/frPQDz9OMdiNHRV9bFvzy4E6X63jEl6CIwdPTR2aARyyVU4uiPZ5T9N
+LFrUzAz0AYbrAkxJ5mC2u3NUjFXpKXu53c/Z4ZYZr2qa52ULsM9heI2uI3NlnPsd
+08FHWVKUAcbXSJ7/5GW1683dgZl0JW9PI31bU+ifyRYSGDJRMZxGu4zAyIVvI0Rd
+hmc8cBzoQuGek4LjttsoQgy4OfBJUxTZwYsmkpvBx5f5ab3gRC74Eznr7GcfxK7R
+ikz4lZDIsv96TVnY2Zrb/UrlOfVcKvblpfmDvanw3hlaBf6OGQRCi5LFTesls6UG
+sejXtgpZpTbPX1roHP3QN2EW1ANRnCdOKOAyqprtDxkbc7UEu0yJ6s559gpZx7J0
+GtysuywbYZ3zT5DNzHJV2drN5bITtw9SjnolzbPmpY5Ousq35uVGmZwDX6uFcN89
+3/zox7p3O3Q1cEbR8lESNZenDcv1dS9hkI+X2HwE5Dksqyfx+zH8mceA8zIHDqE7
+2rz3sVE1r9ZyhrhbkjXQr3YvMcbG9iulFcUzzMABKxLvU0+AIijh+7oXZ77Cy209
+a2xlNATcVUIZ4Iixe/bx26o3kpd55ARlwO+MRPDSJwNbGFt1w+/oauU1Hbl4Zth6
+D83crY1gFDvMuQTTl0TgseUSRHNxDoKwIuFtJVD+GUwMErTKXnu1ZA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subsubCACert.pem
new file mode 100644
index 0000000000..dd468f794b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subsubCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 1B 6C 32 06 4A DF 9F F5 21 F8 5D 2D 85 DD 38 9B 88 D8 37 F2 
+    friendlyName: P12 Mapping 1to3 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 subCA
+-----BEGIN CERTIFICATE-----
+MIID0DCCArigAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWUDEyIE1h
+cHBpbmcgMXRvMyBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MFIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MSIwIAYDVQQDExlQMTIgTWFwcGluZyAxdG8zIHN1YnN1YkNBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSGFUwgaiWWF5fUjELwFR+ISQbeAbroekuEg
+LzcnZa41l5oBmVXW/YdwIa0lbI8TEYdbSJKMPmj/VBZi1qEWkZMG7AkeS6ZXV5IX
+NZr3z5+xyUgLWNlWVvF5FMOi9oysAe8G3Lykzb7aEULDmSEJF08ZO2BAKmwqwHb5
+YeM/Qpig2XRbR5sPebFXbCPHgtDC21KBFg1RB9mYvkvbyeqqKNivtfaPbDcs7l6L
+Q5V4jxemwubG0n/b147PjTv5atcFsMozbY8AwRXhUZSv80Q3TpclTwbWoaCqc9Jz
+dAlVN4YywNosJr1TuIOWuo5NFHvQZMrDE2UTd6wCsVX9e1hSKwIDAQABo4GzMIGw
+MB8GA1UdIwQYMBaAFL57E5Oh5JvFJzwwU9elyeZalno0MB0GA1UdDgQWBBQAXTk+
+D+WqKl4t9q5oKq0zmz2bczAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNVHSEB
+Af8EHDAaMBgGCmCGSAFlAwIBMAQGCmCGSAFlAwIBMAgwDQYJKoZIhvcNAQELBQAD
+ggEBACej7rCcrK7NKu8FFh2Rf3IUevcGIbr70Ussmb+ybpHCSgniO5b2qOHtRy4L
+UGgSu4DW8oJpwQNiDfS4uFICS2Xfw1LImpY6WzsooMaBQOLUmpDfSNcW3vp930db
+qWcqShq49BijeENbYGuJ5nJu6XctxdJq4CkfdLULItz057rcMPZ/v0r6WolizKb3
+aOowWWR5iWPCfgKsK/pjA4CRZFdWkQeRcFZtpY9s7T3XWsYgzQ+RVSLKP8tuy+bX
++bXzpj2/FQ51kahd1XSilZ0YIhWrR7odQ1LIdlABuNmIcBAcTONhlpjrzx9Ukkem
+CqvWf4hQHK7beuDqtx3JSiLMakk=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1B 6C 32 06 4A DF 9F F5 21 F8 5D 2D 85 DD 38 9B 88 D8 37 F2 
+    friendlyName: P12 Mapping 1to3 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C99FD623F1970FE0
+
+V8J2Tv5dI90kWWonlmglwquiB2aaI4VrjgwcQCkf2UT90Ik8WXNeVNCV4NUBXpYs
+aRizGDFFsyKp7u4p82gqh9K4xmgvLlQ8W2yldahj+jijjMXeTPzSDiQxVoI1DXSs
+TqbLG2mRcNlm9AHqnnSfUZu1MVBp/+BNMl0lmYNCHMSd48x2LSlMTVWdtDmhVPDu
+FjIfUivpcKKD7ja+wIeGF9rnXcQLlvRmcGLmNkIoMVi48Qmqx6mVA0L80D4cdG10
+IvEPV9azLnflZNkHbcMcybcgrATXYtsHqhQxPQmZlPsMsuPoY3+jrRDxlNm2EymZ
+4W8FOV++/bRXtEO0BMuBbluOPkgTjEfP2EcdeHPf8x79fIbO/nn8yzhMmYhnsq9j
+5SJXLmnxzRU57NuAv1kLaQVo5J2sE8F+D9ZU/ovBUKtPALwGyfqnzuJukLhuFeUx
+FSL1suo1HVv6SVf19xwpyQf+eTFco28XrrmCqlJV4I0M0geJDdWhSHSlKyaQdV1f
+gfqqNmeLAensQ6VSDdnCXtpyOyoy1JSegapbLb1GyUrZLYyfmgHMlSpmR2+BCoDx
+SGvhDeygDIRS1iA7czFTcBrrejNNINTJucbkPJszer1ZE3EeaKrCjsnCSV4gEOlu
+u2gMLTJL8sRXr9PZUfC3BqHP5PiaC4sfBmZDDUXMpfm4lvR55cB/MdQ3h0R940y8
+vvX5Kkm6T0WUi2reATjHLH9Lp6HC63rlI6845kgdWL5xCS5Lc3ULG3Mp7CzgAXUB
+hsWRWjKpgRrBpEFZmOIAdth2W28/eV/dcognxd97iDf+pfWmxwDiEj/q0T0rpFjz
+TEKR/z0mEMxBrZufH3j92gw+YXaDUQdzuVazKUoTPUwRqI81G/PrAskUG3DlLBvk
+iipb0ARCu8mNu6imv2g2IwwcrzWVYl/4+mMQKzXnbp9/tUXFAhbyhk1NclXSuIEg
+QQHaVgXYMqk4xvzyp3pc+xmCjEQRTIdzOiIQBuN9soQD4h1kLogheJuFRhzdL5Jr
+KpKpS8xmadt33c0zA+Sm+Pc9AxuLD0JH5zfTaWf7s0uDgOb1jFHozW5JIAjxFkxz
+bcRaACZ8oUtzLNnaA5n0QcDmskVIJmDIWqKS3067xwsu+wOxYY2RsG1+OY78D/ry
+Uj8XGDwKY0KP4zejsrAUZYlAsogQDBXb8gIKyiMVg3klhe5L+KF36iN/CyCUk8o2
+FRf4ER6wNrpDKy24G6TNp8jVyxvmB+vnHBLZH92Xe6Qqc2zpVIN/5jbNf9xTeCeV
+otJGIV/yj6kN+MP5aEYtZkXbQKt3ZyFjzzdbRVI4lppFIx5AS87WppnKTtJqnZUg
+U0+VsvSS7unrBk6qeCI/JufyWzBAO4IhGjuZPVsLOF6gXld89Z6XHh/6XB1wCFG4
+TxCjlj7caePMhPn3GZJ+BPXnhX8hVNmgHVS4UBbcbzpElWbauS5SUVmD12/Fd4ZO
+VCuXMcb8w3eMelsnzJq+zC1+snRicoyixxZdk9PgcdeVBIotarAYs4JWvZBglWw7
+V7W3oKSKREomYFGT0izQPY9BeNbYLoAOsn+FwXNawV1n3T6t+X/BpxNdL/9AvNvZ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234CACert.pem
new file mode 100644
index 0000000000..ae724b8103
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234CACert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: C1 0B 96 F1 D4 06 3C DC 5C 20 BC 4F 9C 97 BE A9 3E 8C 12 F1 
+    friendlyName: P1 Mapping 1to234 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P1 Mapping 1to234 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID9TCCAt2gAwIBAgIBMjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FFAxIE1hcHBpbmcgMXRvMjM0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA6EPLe37qOTEdD6xUQELy7WcT/725FAHRtk/O46EgnyRbLY1VTw/549tQ
+HEAeBnvBkfjD1c65JHMPFER6/LXHu1BT7EXfbaRPNvFFBrxO590dLZ7zkXggq+ZX
+/RDwCs8HMEsOrGa8g61yaYFICkTlMCwC+gWKK9SPQj3TS+YFfkmPFkF22ASIttqG
++QPyy5BHx4WV1k21sjw0dijh9V1Z+tZ6cGLGVp490Bov1syfcz8FTmiscacXTOwd
+hnlv/XFa+URTqDd7qvaiieYe3V7W7j1x0okIRENxZh1giKU0AcbAehfYgmXVT8Pg
+/FG4oxhZ4fflmfgIa+k6tGf1KmDelQIDAQABo4HnMIHkMB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBSVCwGpSXiqdtp/CQ2siBT59fdH
+kjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADBaBgNVHSEBAf8EUDBOMBgGCmCGSAFl
+AwIBMAEGCmCGSAFlAwIBMAIwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAzAYBgpg
+hkgBZQMCATABBgpghkgBZQMCATAEMA0GCSqGSIb3DQEBCwUAA4IBAQBFCspJbnGl
+9QA0VGqikE3JqvEe534hgJSjqUj3YXOdbHF3BzthYJxmCC8c8ZAQAj78LDctPO2E
+doS23rw94Hx23MOOMy92xoCYepjNWffZMdSgxUMBeGCVSw+I7TPG82c34h/nRung
+HcZ5OgG4p7j7DSiI6fbhdOxjvNPw1MTjYZd26QMcgqnsK4Ts0oCv2tiHsMWIX32I
+ZZZqMruUNHrapJZoayDbBSbx0ecusf9xxky2I3of8j/EDDWujCSTS+2+ld89U1Hm
+wLiGs4cGEHVkWT3bMpXC4vh6Ioh7MWcTGKGoH034mpOgMtG+Uixh8uWOmqvxlx22
+GWtLzZ8NDh2L
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C1 0B 96 F1 D4 06 3C DC 5C 20 BC 4F 9C 97 BE A9 3E 8C 12 F1 
+    friendlyName: P1 Mapping 1to234 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2F36EA26EC93C8FF
+
+d74PxY5ydPqm5kdwAnRDQLghqMnVsPYLnzMPEYQN6nmM7Nq6NPH/rNA5VKaHcMSj
+PGQaiWQq1R+oYzOmeeKyUE8accmmQ1ekGLgl5RM8B+3In9wJNP27G0NnVfYr+KkA
+5P9DlujsNFpUAXY1Iu1B7YC47B95PbaHl7oNYxfrG3h3uZqSHUdRKAYRoEUMtVXE
+jquLnRasDdf32Ykra2/pAZJy68aLrAIfUbp0rBmmfA+q57LjK7/OmprqMUiINXXJ
+/2CH901p0KYAit5YVO0IOPBPXse0TFrFU/w7NmT/jc5K7oIVUAJdIadI2Qv+govY
+oqvBdBtZfvMimbDRlgPBCyJhfx829D8OnIfDA2cMkOJQ72zaXwDkbjeeuCRLcnaF
+Ld6RUEf1BswsORBpnbD3SJyzUnPfxn1uceoul1y3wtjzvxYL8dRf1IsxzyviOjed
+jXOhTlN87LOIPmFs8JZJN0SR7ULvYPy561SH/HTKF+PILbIbD3XmvP0YHHLz2EeQ
+Y9XYp5SdcvoUzq8937eggRdzPD2+tIXNWJD38nWygLP7SBx+POr79UYsZPw+m7Gr
+rDgIg1Kfdi/YvIUqTZxjWdS/HlsCEZ/GrJd1jL2uXKmGIeDu8a0/hca3O83Kmh1v
+UiCrqPJkMT0BB2E0PTLkzl0k3yOBRs9GFpfM0ui30ajEwfnN7em5myL7BTAfqzek
+5Bldy54W0Y1gBPLj9VeokBCPnl3xRiB/Az8uSa7lZDe7GoZspdUmfsNfGfaS8cF5
+vVUzhNubzGTQB/W9mQOjUFEPFg80nSJ3nHf/gIWfR7FKFn3BeMROrY5EUw1vGy9x
+LQRfraio1SYdIYKeMzyHYzF+ILr1xUQDqSlOx2rLVOWuNvzALCnK+oUmOyAcpNrB
+701arwcyp2SAhgPoMD6EfvA48hVFwjvXfNJR+dCOSGkFDYnlOvnoB+3aDayiVG/a
+ACObQyB1yfpuDy5JRL+gd7eGdHHXhd3h2dpQxml8nRCrYuBePDkCM6Z5sKBvi9US
+e2lTIzTkd8aK/svLV4dO+r4VYEtOc1hLYFhNDd8OLLzbjJM2HiX25mY2y7XgTlFq
+lDhJjMeMOE5Qs+gpZKw+BntjUZVEaSIKfDWP8Mp5/bzsRD4dRjxMXs1K5KWwQIr2
+qRWUIt7ILwRSiUzL1XAjkM/vr4CLuM3f1K1nJmw7Fuc9LBzfH9HlOWc3FMW3pnxn
+2zFTeTQ/bKpBp0e0PhtrynriYvTqmVAFfnpkbKyAgE//A+uAaPqluzRZdVMe03BY
+h9a7MdnkRNrl8LetBg4mKGWqM9l2FPpE3JCRLj7i5YzKGhC+nbd+gMsZBPfCP6jf
+Xb794wmEb0y645XTp4F4TWJNiuXJ7TOJlmHUecqZE+BjEYRkDstyc8PjK8u/QwB4
+97Zx0R66NfdEcCa3v05g1aAN8kNAuWA4VjtHcOitcJo6Qu+TmziEadamkT/mEy//
+9HowWzLnSoHvnV1uwZozLfJorYIuzOS2+GYefp1x14HHQzp/3icnG5WkvhHOwvbm
+hFjbHxCeLNzTFyyFw42YyK+4x82aQPx7+5jGdNYoNFIVmfMAe7r3SA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234subCACert.pem
new file mode 100644
index 0000000000..846712d23e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234subCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: AA EF 0D 39 7E 1C B7 98 0C 76 3A 6D 21 0A B3 C6 87 31 77 96 
+    friendlyName: P1 Mapping 1to234 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P1 Mapping 1to234 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=P1 Mapping 1to234 CA
+-----BEGIN CERTIFICATE-----
+MIID5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUUDEgTWFw
+cGluZyAxdG8yMzQgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBQ
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEg
+MB4GA1UEAxMXUDEgTWFwcGluZyAxdG8yMzQgc3ViQ0EwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDCqo/fkI2CorkBLrk8+SW5B2Vf/V3rrujIfoLvDe7m
+xMzVUsj3fQgZUgeD7yG056J8OLaaV2X6AnYGSOR/IjkmxnmChoDBNZHgfxmjoIBB
+SrWaoYzucLOpPhxbRToBM68OV1YS7JuJyNZNOkpWCVDOnDUUGqZZJAOO9KKU2bW6
+/mWamcohebtrQQsSUAJqatKBd3DFgyJl9toV8bWgINwNHPJOG/zGmfXrM0XpTC6c
+cYqN3FnBO1BhuHvAmT7x9nKEP2d9+njVvSJijL5UefG2i3k73WD6FsK1NsD1TUiM
+W8R1uObBWDJSp7tMnpsRzpWYxN2UrB9DfejvhYwCW60lAgMBAAGjgc0wgcowHwYD
+VR0jBBgwFoAUlQsBqUl4qnbafwkNrIgU+fX3R5IwHQYDVR0OBBYEFAMX5ZUA/So5
+eK/LRvZAmGUKAu27MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MCUG
+A1UdIAQeMBwwDAYKYIZIAWUDAgEwAjAMBgpghkgBZQMCATAEMEAGA1UdIQEB/wQ2
+MDQwGAYKYIZIAWUDAgEwAgYKYIZIAWUDAgEwBTAYBgpghkgBZQMCATAEBgpghkgB
+ZQMCATAGMA0GCSqGSIb3DQEBCwUAA4IBAQABbF8fZ+aayNEPK6IYowHdDmpCNyiX
+ShlGuMbWbiSBilugkXB8z11tg/C+5D1wdeDk57vpcrmr63pjA/NVcJsp6nOFGsBT
+A0l2TQ6GA6Yqk8ptm8nzP3tD60KfDzu1+Ld0eGCkx4BWjwGrOBt7S5K/G/tTAXQa
++fZ0nNP+WGn30vRze055JcSScogmNcTJ0sYLBjnYbxyFjpbyOsdhiudG+FufGcIH
+P++VV//LWKA8t2DgMb4ejFdpihhWV8T8fLuvykmVJhD4QcV4Z+TTTW93QjCAa5oN
+XWhzyqOe4s4GLlO7jZw1LMEHhh8M7Q3SIrEGDA/1exOutvigUAQ8x0eE
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AA EF 0D 39 7E 1C B7 98 0C 76 3A 6D 21 0A B3 C6 87 31 77 96 
+    friendlyName: P1 Mapping 1to234 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E280D00090F07056
+
+Zs/1E8+cofljE9h57m3zNjcZ0Nbw3iFy2vWQb5DayLt5k37yV7SnZVNp1KAGieyI
+8Rzj9NTlc3nuSTW6VxjBDgVqsZ4RXMTivT9PXzcOZZrm17TckytFLUL4ai7g+pUE
+JcihIk/vfzeOeU8xx0UVqkpt+wXLqASx60hDz4d4E7mWcz8tC86xGH6ysk3WINfd
+fTnvq6Ztl2osMUvHhcsFlMNyMFOxrOcrKYisTO6f81V8Z22TdlqDdcddrYEBP+no
+pozv5aNzucptbNDAG2ty/Sn0MWU1UzlDdZtLcrvEQK9/21QZPKRKIfqzCWt7xCxo
+CZ8cD5tzNhP7IiLqDdDfwBzQ/V/uDVgfoJh54SvmYemCYLLkwMax2eviKuj+5WNT
+STvLPt0OryCXz5x2rLsoESb34zmgPELRY1YFDszNggwR75OnhFM1wTEwqrEoJcMB
+Nu3hd4eORZAk616ut04BpQqqIIp7esQbe8Ni3c51NIUXC2TVr6QfbM/V8Oy86guF
+ebhR6aRlrX6n5owVekaunAVrxve0JM61VX1cTBDmztj2dri3SFVRBEZ/kKcVSzxz
+A5p3vN3k5GmO6Nd19R+3NnjGaWEqUCTm1CjZBL1VMYmm3UXSaMlAzSEzfSIgx5VE
+WQqkltma0FI48nwyBzIcF819+dRg6PPi5fvCJj6WJkNJukM4vQUe/BVuR78J1Ii1
+JpIsziBcsPIzd3HRfbrHhz/cwKGY8JJzATdNbB5klI4lfF/SSDvC2/YCKngctFjr
+bL8EQ4gfhpMeOvjhO/52HjZBDk6Xu066NBf/dh5p+BWvGX+r0z3dtPtkhpFuPkrz
+06vL9RCtDKUKUo2TkIbEfjhgIu4/nW4YJdyRxBepz9Rn61RkTPhfeieW25MkKCe2
+vqAtIzEgeNm1YBHh9a3v5sPFgGXyRf5yhOplBJ6Zjemu3p6TF6FYbI+jDvyLRzJq
+rWYW2/c1sDVJykEZ7tvCHOycliB+BZQLxDQr3sM/mybxzWmYCkhbuRNwRPxmW30e
+/kzbc9nbhaI6eGdacoCmCK/T+KmQSCGepnf8Xhn94imESWUDmnbGav/2DvYjK4Ad
+aoOXFmsXhbD+svWQ+uGFx0ifxugnTrtbCbeAywEQPU1vZ6vt/HhhitBtBpBNglbZ
+dADKHRMDNILX1+F//M9H6tw0U0y0gpdsPAxJROJGW+MO0IlYz8EnUOY0dQC2lYbz
+fDbz4PdLWOUYXKUZBceTo1dAq2DXJbaJi7zumLcZY4yLus8rljz7FrPrx41Rf923
+teQP2NrX5PdfX8T9n9NV4KqNZF+/h+qwtKoJxqN7a1ICcxS92kJM//L0pg229nXk
+WJ/bNtzZxAGN6qsvX/vGvhSqDA0025N15mxsfTjTrq/zaU+Ko2cP/FBvMZUS1fST
+2Kb0bm+pipPGKslc3siG0GxsrbG5+UQrkI9tqEaq0C96gVIyZwSzsoH0y2KJ9NUY
+/f+b3sRY3MeMCkh0bSHg5rOi87bGjQk7m0KFNMj4lLqw+ViYzAXONocQ4sm8skm3
+/LZMCOnR7pISZL7miEsMQt8Hrw7hZx1n7SB6W7h9ioJKfgBwDDgkWg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1anyPolicyMapping1to2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1anyPolicyMapping1to2CACert.pem
new file mode 100644
index 0000000000..34c797976f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1anyPolicyMapping1to2CACert.pem
@@ -0,0 +1,69 @@
+Bag Attributes
+    localKeyID: 43 43 08 F9 CE 07 63 62 37 45 16 66 E9 B3 C1 63 15 23 19 7B 
+    friendlyName: P1anyPolicy Mapping 1to2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P1anyPolicy Mapping 1to2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIFLTCCBBWgAwIBAgIBNjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJDAiBgNVBAMT
+G1AxYW55UG9saWN5IE1hcHBpbmcgMXRvMiBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANzb/x7g9fYUZJHLawFd5dXdaTd5QI6b394FF+evA8+llsAl
+r9BqwYe139iY9+RgTrroi8KRFeZaXndYBYANU+fvhLqFWAz3TK0nW+otpf5bJiCZ
+27slpFJEINgrpLQpENt12YVkQ60alGIrvYIxjZkOrhbgwHqTxxMc98Nqdf9PXmaY
+5qai+dWQ7RMewnkoX6bx1TmgQXOT17qlbOfyuAnYM1oabX1+86XEw7W69i6Cb8/z
+/VkC6qeRbV1Pmu3lVRsoidYwGs2cwAyMOzz4MpTflSk3b56w0MbmHhyflr+/d5yp
+mNAkE5dTqu0f4GZEACFbA0AP1qSbtgmG6vc1g5ECAwEAAaOCAhcwggITMB8GA1Ud
+IwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQfAigoMo5KhPi4
+i0HxXXvoJVJrhjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBgNV
+HSQEBTADgAEAMIIBeAYDVR0gBIIBbzCCAWswgbkGCmCGSAFlAwIBMAEwgaowgacG
+CCsGAQUFBwICMIGaGoGXcTk6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9t
+IHF1YWxpZmllciA5IGFzc29jaWF0ZWQgd2l0aCBOSVNULXRlc3QtcG9saWN5LTEu
+ICBUaGlzIHVzZXIgbm90aWNlIHNob3VsZCBiZSBkaXNwbGF5ZWQgZm9yIFZhbGlk
+IFBvbGljeSBNYXBwaW5nIFRlc3QxMzCBrAYEVR0gADCBozCBoAYIKwYBBQUHAgIw
+gZMagZBxMTA6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9tIHF1YWxpZmll
+ciAxMCBhc3NvY2lhdGVkIHdpdGggYW55UG9saWN5LiAgVGhpcyB1c2VyIG5vdGlj
+ZSBzaG91bGQgYmUgZGlzcGxheWVkIGZvciBWYWxpZCBQb2xpY3kgTWFwcGluZyBU
+ZXN0MTQwJgYDVR0hAQH/BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMA0G
+CSqGSIb3DQEBCwUAA4IBAQAJ4zsy9qL10OJy/VRk1NA5w+0ncD1kOXO0I2cHSqA6
+wtQ6I23JPRgTutDfvR6ktvdBRfkeCwYHPVHHx9zrvfnk2MIAfdDeo93IVAqJEumo
+LIoi+XEUWpRH1MiJbl74CndIpdc7G8H4OOagqMz1p2XsZ4K8RpF/H0WUYGvWsX7g
+78EjEraD0D9PxWr1Na7kfnHoYxrqd/fmRYtnCwt26jO8A1DHXgrWerE/fnUlTxM5
+tHHN1OMOlggOimhGvJ2pn05BdXIhVtmWCdFo6+pTcyWYMm2IvOrzEaQtnGf3Zefp
+lObeComhN1QW5zDtLnzOhHUHc1t4deRAIN1zhE8vpYsG
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 43 43 08 F9 CE 07 63 62 37 45 16 66 E9 B3 C1 63 15 23 19 7B 
+    friendlyName: P1anyPolicy Mapping 1to2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,190493828C849E72
+
+3ADKpf4RaFWJNff1Jg2iB1PXZ4JLDWjTsZz4ksV5g9hAXGT7dAIkgGh15NY+A+ng
+pHr65nQ2XENo0MUh/7Zs2bgGGU58Xx9K+DWWTWZfJvSedJU7SKLSmQBHUt6NC/bQ
+NtGzYnL2zymdNwtAbBqeSH6wdvqQWciBMuhG4UGKT3fLeBKEjBHH7mty5Pz2PQ/6
+MjNtLA5aqwxh+R1RveDI0oMsbQ7BV987kLNOs6soy2F1Zkn+6KPRiewIwdBCcB3O
+xkp5Su76YdUZMMfm6Zm0z8/MNSTwe+LSDQmEh28m0bByDKiR8CvmsU5MW3MuPh4N
++4faLrcwFTPk0JizNnlFcdB8wsRCUOKDnWzih7kPXUjGEZXiJTbmNNalEEgQOahE
+ZgHoCNbpSMHF46DRIzp+MTJnLiJDe+YCLqmlIWSAEnivjmkN6Ouj/X3eivPICgkE
+SQ7DAkuGAZoza46qVs1+Dx49HyDM8l/AifK6Y87eQf4fMdPtHC1woAMg+/6hgLdt
+Bz4k2xGPZWLINtUKTrEBieMntL+p5ppOMSKP0dGqArlNYHNLw7e1zone7FTNV15i
+oGZpblu9Iq/7Z6S/1JEo5lo9npHUm69Yo0dzTarVYx8KvqnSn3FPWCNwiEhR38jV
+gELMghyG6vT8kM6bzGVk8PdF5EJRyr6m+JQ9ZVEwjisQFOMHvQp2ecNtpIWvgSu4
+SRK4oMJmxVXdiz4YXFsDKpkLaE+IkpHW0kDKBIUnBckRPWva5zPnOrRjibMvZmRf
+d6w/tjCUR9kMuOhBbXSHJLm2GZpJizNWqLySJE9WgJ/ufnSYlx07gKHi+XnEdI/V
+Bo+LjykYlvubud5RsIG8XUJFLxtinJJ0mks3dNQchFHzmsVldKWJQoLN4mBH20O+
+BgmKCjv2Dg6Irrh2ZcqC+tZYnPh7/hg6q6LXp3HZcZcEsM7uKEZIR3ETrGRuuuoW
+H7z0FzMs7kn4/R81XSM/wEdcqHQk/142VyA1l2bGM7rbDwnHRk5KiDgMipQ5azJe
+gWkR4iso6Zj7RKyrzJ5srfmnlPknx+UPA9H7WrjeyvO6pQ0Crh/0CeitYLKNz/+R
+tInp5BYAv87MY1yByEno9SB2jWa5OkG31gk/8P7AMLtTqTqHBlR5iWIiuQp6pGr2
+nxCtPkaJ71o+d3gxy9V2CIc3Mr91KbOnytiFc6RYc/WZiFNBxVJl/aZBtcXZpal/
+gcYzQJFidHa6zezoFojHJgKvl8NwWIkJPNttdD9bT1DrAh/S4GidhGG3gG6HaKKv
+B+KYRO5nPFH0NRP+dXVd39IHX8SkGzr5ZlOrVBTwMbACM2mB07bcIzUpZceuEMX1
+ZI2bGj2EWLMq1v6+x20tQmxYRHLqMDDiZ2ZEypwfSwSSqH1hqwfyCeAzUvfYrNBR
+KVkJ8V2IVUOBfo/CSbfAfvP5dktG/xxK9CIOsd+PyKbS7kgfkVudODLkx+TU+//I
+PqeSFd5sECKQuSYEHG2O0Q22doufmtJNoygaBkyTG1ckiPitxO4lKIDxiUlId/Yi
+IietXGgeZxNzSs0AjrU3TEpH8f7kc+RzbMj+cl8bSZZUKmGOM44bT6rdEuRRYDNv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PanyPolicyMapping1to2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PanyPolicyMapping1to2CACert.pem
new file mode 100644
index 0000000000..f0bb491133
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PanyPolicyMapping1to2CACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: EA AF 99 DE EB 5D E6 D0 27 6D B6 3F 8E 59 92 32 1D 51 AC 76 
+    friendlyName: PanyPolicy Mapping 1to2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=PanyPolicy Mapping 1to2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBNTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAMT
+GlBhbnlQb2xpY3kgTWFwcGluZyAxdG8yIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA7it5KgqlOm7kgx373idsdbNuWSP2si6O6lKKZSjz/B/ER+zK
+sbo30/ZnpGepghDagsI2z1pvXZPjFcaX5jThOtKnKiB00ColGZQL9OMl52BYfHV8
+ygtI6FLosSe6J8A5grqnNiFUqupOAMS1MjsLDJssMivMyz1Mmb0FBqXzJOB3pMCS
+nvgsLsM+rXXZYTJ69SJZfv4W31iGyRQer57qoIiKYTypLuBqO2S0baY7J//g040q
+Sav7szmAh+K+Alseyheko9BY6tDW4kFSe2DshTvovJD6dZukmjh1IVLoU8LBMYy3
+/23tKavxkEyXBYbrF5MjJdyfHDulSIw24P5kzQIDAQABo4GtMIGqMB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRHAycvQz3FL9mSrMfS
+dtAzxvl3uzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQE
+BTADgAEAMBEGA1UdIAQKMAgwBgYEVR0gADAmBgNVHSEBAf8EHDAaMBgGCmCGSAFl
+AwIBMAEGCmCGSAFlAwIBMAIwDQYJKoZIhvcNAQELBQADggEBAEzmc6/HFDjAm/BX
+XujVfL34xHXsQ6Hvo5BiQHACompgIWEya5NwZQODcH4pig04UBkUg14d9VayDUic
+gAnwUdsAvL3tHqwnTafckHMmsYJSig0xkxpOyWbqcq/RVHGnMy3pLXGTrX2jpI/0
+1fYdE8EB5pcoL8MmktyTf51FvGJGQhQk0pIaCHhO5cHUADHIBdowWt8G31z4Kv/P
+GqaZygDC2R1YG5btN8EJ4CSGp2bGX0oMJOt2F7knvVVrIFNGH4vYfuXSxuQ7yuma
+kfS42S44/ES8W+FnhTW97iIq13l7Wh4XTvgfhHiT44dxbX9uUHH7TJqJq/rijbF/
+0zDEus4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EA AF 99 DE EB 5D E6 D0 27 6D B6 3F 8E 59 92 32 1D 51 AC 76 
+    friendlyName: PanyPolicy Mapping 1to2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9EA299E542CF1FA9
+
+YezJFv2D7hxBVosplQvpAZsgejIrkEKxQUmTVVssLLPNZRmceZopLIsVKc1aXNrq
+6GILnOnDqxdudU97ZetUg4RH1uvbt5sdR2y2dcGHpJfgCXjqAJ8Tsm7fXKDsbnHl
+IRvnzVvzdnML2XkH1Ns77dSCz4eKV9XmFvqanOVNmTYsmYJW3bkTqfz+t39tz32/
+1YKZOblfAHuGl4T2+g9cmnD+nURTm5fKvvosx5H3FwrkGjmvJD9T2FrrmGRTzkoc
+Npc+Q9Oarr4L8/mWnNGHX6VmM6pASR5oeHHZk1gDfmj+8RX0SfVCtP4gNbh8GFhr
+deW7HhxEqb15ya9cbJoxC7C1plUTcYN1OB2dqC8TJIpd0Wk21DlKMyxBMpx5/CS7
+xFnWcG+QzTdXDBm6qXqS5ksbvgWNtMN9jJUbrglFN23Zt9U5XmpT0Sl/5+TWd+J3
+nRfS3JJO04o+vtCzcQK1Cf06omH7r8XEs2VpQXzBwtaQdYSdcDIynfTWQ3YGFKZx
+/ZiVkNVFIa7+6kskKziGl2DB7uhpaIX69sBZ+iBt5xq7Os85RlVJu0mGWw7hsUM5
+GuXmb13glbRxaGHRaYjXIT6Jh3MAn4GuS3jDWH6StgQgYCFEmlyaNk8X6OEF2XrO
+Uov8EOi09gpmo/LdJKZNw40E/FYSm2q9QJs53oovEGEC2THhWr4166oJVFgr72lB
+4qb7HcvQxyDm2n+d8whkGtk77aZ1/nVpUDSQ0QRglRy5WFf/rCDqk/X/I0bU3gH8
+KPwrCHmMggvibYVXnxhFcVOJ+5MU7hrkk1eJjxHLo0e5E8DDVcE9oi37fbELaR7m
+qf6TqAyHSURbRg7a9ynUtQR6Vw+ikREVMulJpnoLZwTS6VBGkH1A93TKnpaaSvm9
+eXYsIgVQQCvLrKj1PJfbb7HnyzZ8vt7uH/u7ZeMld3UWyfGkzM+yVoe4SahjAU5C
+oQhAyjY2VXF8tN+WygxAjLujGfql4uBbDvcrQRecoHEvkfugabFExEw5+9lwM053
+h2Fwbyd0V0QmVxfTmXbhfjUP0A+JG5uGsikknajbdkRHtE/TyDZ/sUyArpmDxuS6
+DOGUdz/S6hz5HAZrHRc6zKbk4cn82sjsAadpl7N53cnDrKA0LaEH+rZogBUt1B36
+PF193qqhLhZEKxo0tb8pN7h9Ib48vhcNvv/W7R3TRgGJMw5wGKDfhXuqfqkVfYtY
+o/YtZuepmOAFQuiRhzwy1zOyORJvoY62xmxXf9zNaRHU5aFMlmYVfaCxQqf5x9zU
+VY4Ma523VgdHuzhT61OOH+jaLd4TYE678oweL3xO6KoPUk2ZontyFXBJFIMiAYTH
+LS3BzagSBLAb44MrUMF6+DIYlsrPIYuF6gFUtJ8lhmSKQTaHOyHiNNVi++XaXn8J
+4djY6qN+n5j+XQ2kq7ckIFKQTxZPUV4uLBWE9MdqvoGGY/DO5KLajNKtc3k3oCPX
+j1olnFJ/91zEoQVE5E3NHEqsNiLqZ86bkKDiWSpxDjQJTN0BVMeZivh0YBGLj8vK
+Z189yusJ0VgByq55uXQhxs1N4+Nv7/INz4EfEuTZQAV9+8utqCuQ5rNh1PV3Wnxm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234CACert.pem
new file mode 100644
index 0000000000..2d198c343a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234CACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: B1 12 1B 20 2E 0C AD 94 92 A7 5C 4C 84 AF 13 0E EC E3 AF 6A 
+    friendlyName: Policies P1234 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P1234 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDwDCCAqigAwIBAgIBIzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGjAYBgNVBAMT
+EVBvbGljaWVzIFAxMjM0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA5Zswifhj2dT7WU826z9T4VZWyc4sgtEpEVLsV7AbMOMFR2ind4R/fSTyrw7e
+szphTfev/5eBa95JdOVqxfPC5M+Cri2NIZEtTSll0ybxk/uy1UJ4s1ZTwCI0QqJw
+m5jR4JnFsoIhfaU2xP5yGOEbh/JpKK8L4Dlm2W5AXs4BCYiqdSJsoDlG/Ay9xBzo
+dP+u8Zv+MlNZWMKExqOQxxxvcsSuVxziTjYZggMchaLTOgUua2PifFWPm7DSVswl
+cOKbtaIsd6ya9VLmiutIGoWEeLOcjpiM8lkx4lk0DGx8SDTzDsT1yfrj/ul76ujP
+Lwf/GABHoLjC0Gv9yLG5699VxQIDAQABo4G1MIGyMB8GA1UdIwQYMBaAFOR9X9Fc
+lYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBT2/amMJiy0z9bT69QerZJqHbskUDAO
+BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMEEG
+A1UdIAQ6MDgwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMAwGCmCGSAFlAwIB
+MAMwDAYKYIZIAWUDAgEwBDANBgkqhkiG9w0BAQsFAAOCAQEAPCzijaW/6TG6zZls
+SWF2RKrsRSG7qMXa1K7EWMqkCfHw/9QGe7xCtlhQRHC4ujJqwwHblOZx1t/07jLS
+pP2R7VjOfSoCER6a4e1ylKPsP3CrxxjxdngZ6c7JGN12MqO22d38yTuGfgYSiscJ
+ydBXzqygLGCO9ocBscvA1l49aDo7nkbStAc010/2nFiv6xdasBNxu+DLTRyHnDUq
+DaxJ06wsiWxRs+LpSov2m4cYPCG3/hy5LfQD9cRPPUBCSGVH77rk907LBpp5ZnAM
+NRxyldQ9z2EbjE6Kg5ZGIx1UbpvUw36YFX6yAWUj7wUcPT1mArZq7EWZByaVWa2J
+dNwGOg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B1 12 1B 20 2E 0C AD 94 92 A7 5C 4C 84 AF 13 0E EC E3 AF 6A 
+    friendlyName: Policies P1234 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,401B0181451A86B9
+
+Dtw0yEa+7EIZXS+q81Gmb1Osr7tYFnQQiRyFaMjkRGB8EGQiAvvt0ha2wZ9Im36E
+t9LcOiLHJbQWiG3g40rGSyJViEVYfaXpid5SzvoTCPYcTLnuun/S0pnZpoGO5ET8
+HfZ5+W4Zc79j1PSN6kzLCNee4rP5ieAcLOHdkimv4Obq19itZZ6r/Ca41cAYgjPP
+i4jsmlMAg20bjnfFJnDB+I6IZY9UkjSLysWE3eWWhCZMULNwYwTxZ8dJBU5zQ5vg
+ktFE1NO9NnYFwxyPp+xY3ALfrclwctskp7TxMzVuxdgcqaZ8jBgkj9EUaC8NmFuU
+Rw0UC06542RIDQC2xy5gmowbAETlG98jLMdIvAVcgLBDFGZDYmdWfaPPwFUBAkQ0
+pz163zON02lf8z1m0zuHy9DFeIMO2B/lmADC0HgY4g4ilk2dmnfdgBuBe/Fe4ba2
+VHxW1lVNelZcZ06PA1L9qSdjBn+8FwAqvd2I5xQjCzS1ELyYJjgS9NZ+QqielEKv
+HylSjAABdhhZ2JrViNWHYBdMbJk5cLn1npAR7rpo14b6YJg4hCh0J5FjvyUVPd9e
+SNf+T2zoZ4sK/WaewnDvIkU1s5Ap+AgsrSg5qfKXv+Tbb/Borhk1D/6NZiANme23
+oewu3r1Ycn3Y/fEs/pV9dHlkpsg/F+Oy65apQVZWfnzW7gmTx6ercFMnef51+wfN
+G5HZfWaJMYnzUDACF9HLmhMK3dGicv9n+8kJp/lK01tV4IXMeRPqVfkkqQGKxbU9
+IJhL0YLMa+Osp9SsPxmtR4XqsXCn/4bdP+uAe7fDOmT9f6F+LxG+rBmT3KlYNdS2
+0zj9lf//N9H7els/EC31Z8Jy7E7sMVQM5CypoTybvBweus6xFTbogiuI6/VhzDwQ
+oHMs0bkoYmJLIqAihmD4BqldfQeIRhjiqdl6jyYgZcrQSXj61t0DrKPhUFYmLdf8
+zbg3A60Dvs9fP+OmCyTCbMacd194UwAZHlgDecNgadyc1RQv9zspYUt5onFhD3vv
+Vqlx2b9A+WebWC+kegZHLrBlBb+g10OHfkSaBWU6wQ5LJmt74m2YKkPRux6dMseL
+lNJsmhL/Q/Vk1VPx1ASbQmc5ByhTIG409QHtmLTCiLVeH3vpToZXwR1l/fHtBRzP
+SFoOY0TKdWc8h1pjiDoDuvWsTa+i9WnH+/n2TtmBZTmPM17RijNRzIZV2WHvOZ1x
+6oNL+dLvBsQWQkQDKGrI+xYzLcRrM9XJeiO1XlLCngrAQ8F1tsjhhqojdZasDCmp
+4sdkv7wJ0d89zjHPlKxEsdT6zny2Q2NTGsba9FMsWBXMRSYvKhSLh4qt15cNpuul
+96hXl4oRaXtgtnR6bgmX3g9fQ6l71yxCTFzWmSR54T29Vo8E6hjKTTv+0E4Maa9h
++TmzCgCnEJOdVJzJ2NRfpH+BHl7524DBZtHCK+i67ACPmhe3g7sn4hbiGk1lU5uO
+9dyMnLryai9YCmL03NgJ7oZsua7/qSqotmlsZtNNbatjg3nl7r9vojk/B5znd56n
+9JB5SYIxZMuLl1zZuksuKCiHKvIFXdqhw4eC2gimsnyXVvlbGBT7RA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subCAP123Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subCAP123Cert.pem
new file mode 100644
index 0000000000..4ab0bd9ccf
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subCAP123Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 7A A7 95 0E 2D 5A 6A D1 66 6F 09 32 3C 35 A4 77 27 89 88 99 
+    friendlyName: Policies P1234 subCAP123 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P1234 subCAP123
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P1234 CA
+-----BEGIN CERTIFICATE-----
+MIIDsDCCApigAwIBAgIBATANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UEAxMRUG9saWNp
+ZXMgUDEyMzQgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBRMQsw
+CQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8G
+A1UEAxMYUG9saWNpZXMgUDEyMzQgc3ViQ0FQMTIzMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAxonRcataWmsQBYe9Vlc/Fw8CXsaN+DAnB1XBH2YXYyPI
+DAfebRTxQp21q6sz2LcepGnSvbnzkzsg0nfB84I+vWmI6q3L6ydRXjRtyppa5qjs
+Zfyknor/AdboEykbvx/b5zEBUBc7Ot2nIHb/8mxhw5WnO7EVxtgxTlx5lE0SZdVt
+uc7G6WVe7/+SXuVqYnIZkq460YcUA3GtoDCx2oYUDfb3rKK3gjOLI3nK/JslrmeN
+A5kujM57Tl5JwAXeni4XXCDLR0aYymGlaJqyeT/3/SvddqEJkByyL92IAvsbun00
+bjPiY5ZRBwsBSdqwtc8wNtPPsouo/HD9gsYuiec/IwIDAQABo4GZMIGWMB8GA1Ud
+IwQYMBaAFPb9qYwmLLTP1tPr1B6tkmoduyRQMB0GA1UdDgQWBBS5qlCBpjRmUWid
+Qu4piGrsHMh89zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAzBgNV
+HSAELDAqMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjAMBgpghkgBZQMCATAD
+MA0GCSqGSIb3DQEBCwUAA4IBAQAPH4fu2YUh72cgr2bFYSRtzSeoosntPN56/dcS
+GPRl8SXABmCu/sIYFZyfRnKyTUwKPObPm0kcokAnEkkMkCd40n0m9jjIJIaSuSvi
+NocDswcOdofQx4fK/w//iW8VevGjjhrDbNUattppOWcaHkOAA+UnycLCRPYZmNco
+eR31JgQ3GbFQD3A9GU5TvQjZkRUbiAyc3ETO/rCuF+zqZ6FMoBMJgJj/Q6pqVyIA
+HLCmwq9MTKuLDhSyUB8X7OBd3vHiuCR+opFSGvIYuFpsyA20Mdmni0cJSu+08BgZ
+xGsDyQtQ14ns++kCw7xSJR+DHvOKk8LojNH6an+IbJM5Wz67
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7A A7 95 0E 2D 5A 6A D1 66 6F 09 32 3C 35 A4 77 27 89 88 99 
+    friendlyName: Policies P1234 subCAP123 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E8BAB8F32EEEBDA1
+
+8iT5O9SjBr68ie7Ok+XKZX83jA0rNiVSCY+XzWW2Lkd1pNd0d05qvcBT6VmidQyU
+Sqq3MRX4DUsW2wpYeO5q00u0/hrbGJavdGc2R6VEkK7SLr08Fe/ajDEditrSf55/
+jAFj9VG8WS2TIygXZo9g29PQ6PcEiHbqyTlw7mru6UV024qoYIQBk0tBMfRKYs+T
+dD8/yVuZYLlb7Go2Hd+21w82l3prpm+EezT9+JTyPmzyHoy0898vMp+abY/M3Wt7
+XeVhB+AvxsyIiHXu9ao6V3W/icSFQV4XMWViTAPAw1YKVwie4M7Mods6Jt8qIgcX
+76TXWLEcdEwkOGyoIU60jJx0x0WCpFfS9oKY4WAG7Uy8ZRMco6n8l6flzF2+/MkM
+Fe9ldPjwtJIp9bOFT6DPaoD301sHQOlajFiKeK0Qa9yrp4VG+7hzac5EtvcL6r3o
+NLx1LxGnDno5tVhi5iPzpVw64v2dHgWNEhSzqvywvdhTLBpP3vbmJwRonYRiEvnY
+FSFbJ0kOSh3/wr1Ngu8nkui7OCh8wK6ABr1bXvasuumR6ehz7a98OTHUBM4ZCY6I
+HQHRubFwS+RyinuXseisvXfDctp+e28HP6NF8g1hmSs2gQYLXgqZW6Iv3Fz8FGhz
+hnB1yELUIOX92e2MI4hhrxPlXWHQ7EhuwYhCNraSosRzRUXdEx2LoXF/OalHDDCm
+/YZA3Mq2yukes3b55BeT97stTqFOp1fIo/HkmEtqsjlfqXuDvnqqsjFjVR/OD58S
+hEyL3TIm9XgfgGZ2k+RwBrbCr8GGbgNWTWTk7S9IJBo7LJpkmtExZwolB9AWbQ61
+oHJHvB/REdNVJpeUXD7X6h6z52TlOCoO04BLp/dmFt5s3Xfcoz1uZCNn2izmhOpL
+Ei1WnbrzHzpcVLuqdt8jlYzieM6fsg11SQjbz52DH/nC3rRNON0x2kPdieGkU3Km
+0pEH4Huh3CTky15ilJ48V4o/QDgawLHbuqfIYHNWaLDEMB4XUNFMhdUu/A1OP5Yc
+N6SYqkgT4aZDsKkQOGMmdr0RBR9A9xRIiFWZlF3ZRme1U7bESkcpRbkiTXIxn7uQ
+yC9mecUBWrXSjsFS584IqSgdUvMysHMif6zp8noDQGj+9vVj6eUnxwwFXzcr8XoC
+sDUFS8Ujf0/6F/B/W1yMmNck0dKesUnoCWX/SW8aQvnU0ikXhWb+BE31XM5yJoJ/
+FC9owo0sHhzOuOkaI0Jo0lhdubU992iBYAa/bnTnkA+UVqQO3hsilcKfrCQriGOA
+/s6UIjdq3t2EqqQtt0ckb/s8n9ljMXlWwx5mCtU+oUnNo4kKCiq88zHDcQ8oXYmf
+gsojfiUMGyM7AYHP6xm5gC2u/Me6QJlFQ/nvosaJ+w88pYZ7uJ9QIXa0mCYbr/jI
+MbJ0J50RVZ+8hT4Y2i3HY3IudQPWaWdRn2XgfYAwjtPTNwIN0CDiOBRvqU403u+i
+AkrT+cN6k/PYZnpFdKp/IBdX529ghMcHFrChq2mCgdF0SAEiLtZQZcHC0sKBNKrE
+jfZgBRH80Hr00SDzF+PzMTnDc4HY0d0s6yJ8H3eivRasK9T5DzgnyA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subsubCAP123P12Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subsubCAP123P12Cert.pem
new file mode 100644
index 0000000000..cf519d927c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subsubCAP123P12Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 53 79 7E DB F0 15 0B AF ED 22 CF B8 D8 1B A0 D2 9A 15 02 EA 
+    friendlyName: Policies P1234 subsubCAP123P12 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P1234 subsubCAP123P12
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P1234 subCAP123
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYUG9saWNp
+ZXMgUDEyMzQgc3ViQ0FQMTIzMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowVzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExJzAlBgNVBAMTHlBvbGljaWVzIFAxMjM0IHN1YnN1YkNBUDEyM1AxMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKLo3Ua2Xvxtv8WZdDdpkpPFPN/U
+Z2u0Tv18NRxpPcmDI2pHWeA1cHyYL477uK8uKTG4O2RjaJYV0qFuH1dHCPFVUCVC
+i6D77CObOpIBW5HiWykfHK4mpvjavEJ9t0rOOXjBTvloIpT/WaX6J6Qc+M0I3DZj
+D8NZzTztV8zE1VDHwcB24WASkAEIZ7+pI6yRrvJF/RJ+xFG1Bt+XmbT4N8t8Pm8n
+pdYEhOp0tHlMBwI30pe0jBB87UAuytxircSktrSPVl6KWb46zj4kTwIazBTlEQvF
+yXNm0eDWzqnACQo6mETSLB8GSAftaDLmKLnDvkgn3yj3lxBl/wTQ17Q8zdMCAwEA
+AaOBizCBiDAfBgNVHSMEGDAWgBS5qlCBpjRmUWidQu4piGrsHMh89zAdBgNVHQ4E
+FgQUTvReofkIMHtlrJLAEQss07SWBx4wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
+/wQFMAMBAf8wJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIw
+DQYJKoZIhvcNAQELBQADggEBALy8qNbHDuf2apnfU6p0pR2HZtWwv9CjY8NlmhEZ
+ezLvgB5yODJvjYkKNgvU6F8pCTLTDhzpnciZ95rbSmPuT6SgcVM3LA4wNhwesgnH
+70TMBv5ArkIaYoTgizJNujAcE/yRJ0nypglb0p7Fscuj6HUSjkOJFtt9hY6JhnYm
+sGlmy7/yB4K30tfCfwqUx+NprBFoh97jCvzFLXfC0BPVAtfl2Yzv+CjTAEL8RK+P
+wqa4jaQKtaotLSTRtc8+Dm4Y6FYnHLLRsPHf6sONiL1RZn7w3m4srmjf0yjCfoPK
+6WuwbFboowgs2XJXX4vtEvwuME49LwdlGo8fxbw1zt85bTI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 53 79 7E DB F0 15 0B AF ED 22 CF B8 D8 1B A0 D2 9A 15 02 EA 
+    friendlyName: Policies P1234 subsubCAP123P12 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FDCD4B8C852BEC2A
+
+CyNbcokXAIxoPuGCOOBU/hPlz52XIJnO4l1FugvWwelVVyPM2CzjI+uu6Azdb3SF
+UHem3ki6T4tBk0uPUjl8fWpRLK7OsuqReYcH3E66scc/e082a9m9A2fM7z7H8ay3
+cg2cFMtcZMvw1z11UEp41aFzF6PR+DuoEUN+inTIxWzXyVkLxDilJbwbbuj80+Qc
+fRA71TQZTEuXF135jtuSztpYH6BT2dcIfP/XcQ9QOIfSUK2ahyeyxOF9FMeywNA+
+NFF9kzGFaL2u3SKOgfHX2//vl4O1nFq0MhDimA4vNzMhM23h0dylHnf8vIgf0MEj
+FLnPC8i8ih01AEeQrRCCnH+e7RNmAdfV9aMvsINkHpRtHv2kHusBO61og3d2XzIY
+bVLLwIyAeIUvmkv/sZZnsE4kH9gW/CsJdvKta/IK0luwpdTNc1Ac//QkFpNu/D9J
+UpjMjWU/z6CkC372BJzmHXyuoyuhk8zLV58gdLvv57YfuytIYQpLRMmAgrYjDXte
+aMX4k8RTicU5ji0deAxCy++KJWN1AxpahZuwa2ngJhwRhR3sOFq7LKNowmYgWuwp
+/0fRgg+Z7AEY3Uc7/Ls6+Bao6cJdolKBXiOLAGnJHchSoJtA9dO7EAliCEA1yOtm
++smPGSAGRDPWUmCxFhUXK3YfAgVtxl6sw9h4BnrVFRLo/MrlelQ2QZ/9Qp1irXp9
+L1eyLIF0JICiQgBgXYYQorOVT6j4kvZ8y3l2wbAjXqz/6dykUQwbCMezbsV8rYt9
+KYugm8CvUml/pBjW9eVj5KxPJdPCQGfyWI2cpT8PQnfqzYTKWX4mpRp/3zW1+9HD
+ks6RNvc4D8Jc8kYCBmXFc4RMdeubCBgYwqvBqFvp8YGkRo2+uttyv5vNBQpDBtvj
+6tCq7iwG43tfnfPEwxcAjc2cz9z/2u1ZnSlhzY44l7p+08x3vP6npvMQZF60AgfE
+klEnXg3d3lIr3c+vG5qtFFyq/ryTBlOOygNFM4MDcdMMRR3Md9vxkiV4YR7LFSoC
+u2J1ynXOrJFQd7M669XMXsXYRE15uH/iCAvOpAaYjPnla6jC4wYwD6eACiOyDaZa
+Dtk4bP4AJn+oIdBbua2z5i79UYRbrYxG9rBnKoP86EuqKZHA9PMr9sfeh9Cc/Wqs
+RluoNVXCS77qM99c1S+BTpJg6anyCb5vU0kFqXPMST9YUwlPFjPy4aqmFbf3gj6r
+WO8Ba7XULOYb2KiP0b/lXC61ANbXTj/ot8YE1dyVAW9T8vP42PS8GOW+fB7eZvf9
+LZlFXyNaiJ9JukLZxxvUcjiHJJlGLhS4WoZYXr/OF3Bwzp2H1rWT8RoxJFpLHFaE
+KWZsPKGQxnOWWs4mmC1/5HEOuUZoavNikyVe2QTSphQKyhV8n1+ey9cpC8HUH2Xh
+qYdSTOO+3njCqWugAerkTHpe1Q4FIOH5nqkEbH0FTYxSqHW0NHOfeLNdpI0vHC/7
+z5dtSMaNR7W8TxvnLgilhGrtPbQbZywEwHQy891/uyI5DtcAkaMg7RjOvXOwla1S
++yGgFO0q4BqQHUE2nbwojnTnczk2sJnU8Adsr21mpxlDXMGR1dyy2g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123CACert.pem
new file mode 100644
index 0000000000..597fd7e53d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C8 3E D7 01 6D 13 E8 D2 98 73 69 3F C1 B5 20 DE 12 ED 21 75 
+    friendlyName: Policies P123 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P123 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDsTCCApmgAwIBAgIBJDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGTAXBgNVBAMT
+EFBvbGljaWVzIFAxMjMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCffODGihp4HxePe48+r7DuaPS/JNmLYWY1/38FcOJvrd8p1tZIEpi/bgjs6JdW
+n2T5FPfFbQaRiM5Do/3VH5oWxQIZuJi1Wwk1aENpSUZxyXhTDERdgWiMMxWi/4+j
+IX4xb2PX39awlmgArgJpBSHI3H0uqBYTOG9+zt4RUhd5aXXmq6boQA91euaSmXaG
+Y18WP4ehf55cJU7R138Ngbtne1QTE2DX0Z0ylBfS+dWSDnE22BMpcI2I3kFE12Wr
+1q2yyAtWIsN9ZH/DONL1nqUvqRw+boil1ELtr7QSlBFlYX/+mPwnDOJL8kfjRLlj
+RVZYzVZpPQBxkf1P5s/VWMuHAgMBAAGjgacwgaQwHwYDVR0jBBgwFoAU5H1f0VyV
+hggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFIwoCtoNCRRi7j09lrhxkxKJ6uhjMA4G
+A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAwMwYD
+VR0gBCwwKjAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwDAYKYIZIAWUDAgEw
+AzANBgkqhkiG9w0BAQsFAAOCAQEAK0X1I254izkWRa0Za2Ur/XYzrvZO+EF6AECL
+1EX1WCaVHxWawOIgZzfJpUHER7b52m9Tn6iTwRj+jJ40O1fjpW77TX+ooe62OgDr
+nxni6ZRq+aq6epkwe2YtdcIa+Qgb8PGKwW/WR0ucI6FnG38fuKa3YF6dzQUQKptH
+CWLoaAdo7Bb4R8nqdQeHFX1XHp8Pqw5mGBCuFAIr65gE0cqlefFs4fS7aAISF2rc
+ORHW9/7kUT2subzmmUmuzbiZHmO9cT4ozph7hrjVNjtN7STrU0PBEAHPw8E77usR
+KXb0M/xu8T5bHkVo347HGIsj5iyt/B564Swpv+BJ5ZlQwIuJDA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C8 3E D7 01 6D 13 E8 D2 98 73 69 3F C1 B5 20 DE 12 ED 21 75 
+    friendlyName: Policies P123 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A8B3D2D8BA3D1809
+
+zX4miwYVKvslNFPRqn9b62pmO+46k9RDeD0S4Wf3a7AF7oWdDJ6Wjpp9PYthCefF
+jiUCOFzR97YM/hRq/PXk4Avae1e6DETFo71Cdqa9DQA2j/HYIPizYIst4E/sIHoI
++xj+VmfFPT7ACK7oRYtS9OYwUoxm1epckuQD7xpUi3sLq3t7U62qj+Rz0MfPY+1D
+7m5PWLFB7XfsqMAhx+eEPttvFGCQBennS8LBdoso2sGvt1BVvDGmzC9IGWEbb0Da
+2GlO1b0hfoLgywPtMLdfguWKtaQrGktUafS45VOB7bqynq9a2SdBnKMh4cRBVXBb
+TSG1hMYPo2nRm9COkDx8FNt9zTWi8SwnG/mKHMtUc8z5Rtt7jR/hBDPTLKi9X2+x
+UEpApfnPLVLGlXlxzEDlj/QsU64c2YHZr/Ph3gCh0IIJ57BfcnQowY72gqRhM14A
+BRbiPYtMXu4AxZD4E29OJeD6lnqQikgcrU+yLKvkowoMmvBM77LnqweS/Sq92rP4
+PetuKkC/poHDIVdE3ZVuRozdEWz6pkV/skV/cjWVDyMPb6DrB+EkrBFjcWGsHFns
+6VEMSGA4GNc6DVILbkmDLvxbZbJ3db4uOiK7dT624ZAdZP5FICpcSM9j9dorijUN
+h4YJDhMEaJfAzDVKQyl2rStvTAOKVQBOAuFpr7tOyumc7o9Y5PrwcslAAXLVQhh3
+mnKYGjyK0lL/ubZcgukTDy3Xl34HCQmKqO1yBK0cs9d++mGEkhlDN+bFUO8+uO5x
+JMMwDeOI0s+zm2N8vposIvteVZ+Il/CbvDbqNXLRrsPMEdwIeRdvL2tbMzjSCWAH
+5JxTsUROQH+i8/+39/rJziJdZB2J3+uDzMEaVwO+vYoW3Cro//m/Ri26DaHaIfXb
+SIXK+oAUKaGoffr+NKLnIYewDkg87eiIgatr1X4qrlFjMF+8tvSyJtJ6JLlJWbwt
+9kv4iJohyL8YZ+iieLL9xr2iJ0Bi1WQtBcpfjXhqVPaQiNkY8sg2kWq5MdB1BWp2
+yzJm7KFfYWsOtGbgqtEMCPp6VqXZaM52cNqgb+bkkBsZNRO5WLA0GFhVow1vPUtA
+sJS0NnVr7LYqrsKdORAP6ZQ3jF8OVA3eO3RiNFwSZLPS5wNcFV+G+oT1DfqYwLnc
+S2gSzC7XX4LO5O4THH9Av/3i9eKIm3xIwLRwhjV1i3DRuStlB3wo/vpfP1IR1Qd0
+DVaOd8kLy6asWD4lWeZ9QZ+cFnJxVPZnSF6VoLIXApCr7QU2PfnKw5yQVjK7UfqY
+nUWhQrS8SnOyF2MDWSfR4TDP4Nuy3ijsvft2Lz9YmbJNWnph5eTyypNQ5Wqz7vsU
+tUXEPplGoTFyTujfNa419DJZcJ0CjXjAtTJDZG3RwBCTgtN+i4A8vxrt7z1JID9d
+JOq0Bylps0Dj/MYe87V9tXDyLAczt6l7YTlvwZEBDSUWvzFieAQwF90RsSb/Gojm
+SLy5cAUDxBJgDBGifcYFe6a8tMbo8cskL3CDGhVYIMyJx1zlJexYYybW6M227DaH
+0zfU3J5n2OiVhhqwJ+7HapaLS3hiY72s4NwJT5KZqdi0k+g7ZxW5OQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subCAP12Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subCAP12Cert.pem
new file mode 100644
index 0000000000..d055119eb0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subCAP12Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5C E9 47 35 0B 67 9B 93 0D F6 10 12 23 1B 71 FF 26 6E 32 22 
+    friendlyName: Policies P123 subCAP12 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P123 subCAP12
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 CA
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBATANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEZMBcGA1UEAxMQUG9saWNp
+ZXMgUDEyMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaME8xCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMR8wHQYD
+VQQDExZQb2xpY2llcyBQMTIzIHN1YkNBUDEyMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEArUStqR4b0h47BHbAWPMcIloYkfa4ASeY9bqzOejwnoJWbjR3
+80zGBLHB9BpGM658Nzr0hFJ8lgPAOnAoe3CzHSm7Inkgh+G0LfIFiRh8QpJagzmD
+Drz++lB+0iW9NwnfbxgQz6BlnddAWAY8Za+mvx1y09LE1r5mkfl4+cZh7pCSLekv
+eR2rw9nn9IbovnEg9Hn2f0JX586nNjL/3N/VB94OcnfZRe3Gn4UHlZBxwa6RplSs
+uDweO+g8oPN9QN9j20CP10Q22JYsZuvHPE03hjWylbbxcqrpUIDKOyehygI1K6K1
+7r9CWuSrRzPcQe4ccs6ef+1PN5WZbm91NAXWPwIDAQABo4GLMIGIMB8GA1UdIwQY
+MBaAFIwoCtoNCRRi7j09lrhxkxKJ6uhjMB0GA1UdDgQWBBTOANr9qpNA+MCgea3B
+eM4d1yf2njAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAlBgNVHSAE
+HjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOC
+AQEAV1edqpMmp2JfG73MOcPw3zffoQYGSf3UlbJf6rbmtcBwiKzjYvH2BqvdD0Pz
+wx+Ph6rRvTyuqF6XkAodMYU343ZnS7b62wtlx0XhoJTGSeinwsIFQsVuKdTfdQgS
+bSDGI4QHrSzjyjeFdk4sxyP9kGcKSqqwxTGJ2XWDPV24WWm6oeNkBOuQV0WmUigF
+vOBAohaCXhEyIhJrp3vYT/hmL9hE0BLgRO/mgYaZQq14GK8E/LfzRSA5eBQCCQTc
+iTPJ2rMVXMV3B79Hwa9dBuXpfVCNfafquNa87x//iBZ8kTREbBUc6mRQzpGNAnOE
+59OCcPtzlrEhGwmwAe14N3rCwQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5C E9 47 35 0B 67 9B 93 0D F6 10 12 23 1B 71 FF 26 6E 32 22 
+    friendlyName: Policies P123 subCAP12 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,395FD27DFED18F38
+
+3AYCS2UD9WpZLkte/nMex4XRtt8hjokNHYT7DBRmj8nKR883SWC2u3cWQS7smc4E
+lpxM2FAvOdmkKn89bYVM1WmD4Xw5/YyMIs+49k7jqXU0gT752wAPthGzaW2QSCHf
+p9QotZvXPAz4OTvCo6EU/roSoYw6745yLvMR35b6jkVJs5YIS6woRM/sTWUYsLj7
+gGjAFarbqXFM0a9sUAll8K5N0j9e5e7mtPLM+9QvaVdSKyjSvPQbNjuq/53KM8fj
+K73sELQvnKunoC0Asw7j2DKv0U5e/CKODfiY6mnYuYrPCZGkgCtNG/cco4/CKpwh
+If2fCUYAQggBol0CKMndFUr68NTm1lhxY4G3LdGsFM46xZuEvWOdubPQTbNer3C/
+yvhSPxkg46Ow5CHQIGxlJ87DTSkUjAKtsX9H86xjwswO+ddCis6yMEHDYg+4ur93
+XsfoHsly0V8EyEi2G0nvHMmQxtd5XvtI8rw4yMaFxz6EqGEDugUDodVUibtMGqDa
+9lnBqT8SdHqUSNyN2SrpxpPoAouGmZfCcpN6IzSAKolA/mojTAitmm2dveDdX3f+
+k259cz6X8b7ZFKSsDR+3gryUuE8WZd7GMJcU9fiw6+uBVAZscNh1MtO6ve26Jkdm
+lvHe4rtnk94K0Kl1D1AmXgZEB/n20kV6TT5w3YZf+vcf8nXjX1UB413bmH08sU5W
+oZIVsJSS+EB7xVteojpwauD5cO2OezeT2OTdY3byC22d6GO2OnJeKPoawxhES/hz
+kJJb7wS4BDVwSElUaLW2eWWua20wyHGjbXktzFAMkL64ANGg3UBKel3A/wXWBCnZ
+8anX7F3kplo6GNntTuE3ccWbvyVVBgLOKFwjEkFDaFzrttviCT6ClfVwLnIMBCR/
+D7V8Jj0QYcqgkWQG+N//xNXIUYER/HewIut6MAUjDT0iIVBbjtnrMbntSx/LyvSP
+1BVN3HxcUdalpSqLsONVQA4bfYcjXSzT1hqKbPISt0DfiAjNhDpggTo59JSSof9a
+nOE5mzarUlwNjlg2ajpjBmp9EfS/n+qeM4zS92o5JP6EdbpGwBR5pLpc6EDHn7SY
+YyZntBkdeFbaJz1t2ZtUUwO6/HbI7J33Aj0I2qSK/eu3aQJedKUql2/ke/YqyKxv
+GWmr8kfOr3upBvEwIe5Qv6sYPex/1ftWFyzj3+1BSf/QNr/NW5E5gxmy9UpAxfcL
+grJ5qHD1YOcoKmFC+oTFrTpdGGfhnXOTpvVS5gOyGrKkxWg8he+G3pGsy+paJv0t
+5dRo5SbA2T6Td8QL658aOPPeD292YNFiNbjckyiJV6t/vVDsqhp97rAsRh6sFiVz
+x9SoaHxAmAAy1itF7CLZsURN8RPyWREg7Egx8aHU3Oe/7VHmAc1pfMZFygfyw2TA
+ZUfc9UjQtBe3o3IkWzKxBWkNZWPwHm674iW0/NnyyVJDVtFWzxUgTS/ADwUEVHG/
++Y/0e+GhjxIMfiXrwXY3oJS8e26AfYhqJjwF+0t1FRydqg2FCAxswyIijixOYXgG
+s1UBAM6VfRq1+/OCVLRTJjVMwYp8Y/yzHD2haRkW8V+k3wcoOdPMYcSAMIuPZ+BJ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P1Cert.pem
new file mode 100644
index 0000000000..2fc07c16a0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P1Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 73 DB 79 6C 63 27 D1 8F E1 BF 95 2A E1 09 E2 9B C8 07 C6 68 
+    friendlyName: Policies P123 subsubCAP12P1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubCAP12P1
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 subCAP12
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWUG9saWNp
+ZXMgUDEyMyBzdWJDQVAxMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MFQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MSQwIgYDVQQDExtQb2xpY2llcyBQMTIzIHN1YnN1YkNBUDEyUDEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZCOQ4P6kmZd3Oyodn6YD0UBbvotH9OTHX
+5zHKc1eekUGMMH3CRQgj0ze8g+N44aG3T3gVc7QNXpWnywIKQ7kaBBdYUwbE2vYX
+v3vDPK0kkR3A1r5yPAxO3fdrGSiutntn6H3HtGesSVfwTzvVijwG3RT6SfozXeLp
+Od0+arrnmh9QJQS1xxECCul54P/LhJCJlrzqA44b1Aox41nNtQLN+ySjQxX71Wi2
+5cxfgX7M8ZJ1AmQrQbMG+oUD8XPihZ373hbnQIHJoo/evgHpoX31Bj1wgw/ERVT6
+dg9GWwCaV9NML0DFGPmFwvoRdMQtiGO+MLw5yRlSrspde+HLbAYJAgMBAAGjfDB6
+MB8GA1UdIwQYMBaAFM4A2v2qk0D4wKB5rcF4zh3XJ/aeMB0GA1UdDgQWBBTkGz5G
+t+bIqdjt0TN/BeHxXRIkwjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIly
+f4oOX9PIzpaazE/Fp6PRRFXhCQaiSpPoUU/ndYBiLKY+6q3lCeT1NUaeO1RApaHb
+vrV0ZSSoKMoGChHAQG5Ewdo7ypLnknAqzxcDVIkF/DtSFjtM6x7Dd1qqF+svR0ql
+PiMct4NtcOHqtBLgmxPl6hoN050aoZovYWwQ/ZBt28khebKejAfT3lmAcW33VyKw
+tN+J7roGNPDXfJjSSHJ8eYDkoJUGemFhDaC0dwcqE1VjW/1HC632Spx2G347p9/e
+k0VYMAzGxTYk2nsa9zaKrLb5u5a9kFn+0tuFOdUQkoAzoptWuP1YlsWNuy4I4F3f
+P1+O4qZj/ChYIwALJ2A=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 73 DB 79 6C 63 27 D1 8F E1 BF 95 2A E1 09 E2 9B C8 07 C6 68 
+    friendlyName: Policies P123 subsubCAP12P1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B17D0ABDD5AA93F6
+
+vooo/LY/GZ+/kkXY3ZFp8gXZwEIsDFmcLdEVy4bLO7hMatwv2vp0dtHjjg0Ls2Qg
++1zIjL8Z9xJ0hOGhkILrK8mSLAZiPg6CFDmm0DcK/OtMfB5W/Wu7ipDcKFoHSdlZ
+bIanNeODhiK8/nidSiBC7xhWzMpG7bzhccJ7hrpdKhc2z5D9ZSymLqTGQy7Nh61/
+TwDtVwugt5QDXV+naJcKIyGmeksmbvTPDHAjumBbk419s/1lJXj37M26cwAR2gDE
+ht5HNF/2ZiYobDKxKskhMfaqe0aricC4dsqzkO8BMnV8ZFFkjecQ1X5SQPtSn0Up
+mLoI7q5LN+3Y4u3CVTF/f7ZI1mlx5OCaJieQFegFKM9faVAPN8PONGPb3cf7qp7F
+sFVR7uw+nn1Eo96BwXXXbMA8/lFLNUwgS3gHCOxSsNvnuIvF79hiN2HIAtEm3BEB
+ynvJVRhForcEKWIk71Qi+4LEJR45TpJmX58ugfo5c9ZVAyWstE33qdSOq86inIqp
+OAxwvOApCwifualLWzwmL7NFis9TPFS8rNxQ4jhRi7W/OKcfNLLgJCL31tSsJb7W
+RxZu5E5ddzm+mdQI+TUN8kDYb4kxBvBE+NT+AusBi2yQYf4xKRLOdXlNSS1fSnj9
+fQAGXa9L7xccnBrcvMy2EXPhKq7EhH4dKp8r2SKB+2Dd9sO9cqEOPUc+ZqhArOPf
+x8VzV16Blx7P4PQ2PflpcT/QW66frdHo0tT2jmkdmH5N0kjdrEO9OV5ln11pWTsn
+Z6YlGYey2HQoRflKimMWM54Iw/3QTkhngCpb2RoIerclMMzLTddtbVQIN3Zv/KOi
+fIBofBUqIcuS/HXWA1KSlyOSd4giQX00KF5mtCK0h0aBTTDohjHjvXiCFVlTKz1u
+z/6qSTntwZEDrUn1iGNOlSbIq3o7QdGjIx8k6nNWIjPlmEvd5jfkFWm7XuTXYJ9V
++Of1e1Bj1fPNSzakrYcrKNd9Cwxd6Jm/uRxm0aVVZof0pN3S368pfXGm8sCUOXJ6
+ZQ/ohRnnB8rex/1wd8cASyJeVRissm848/IFKiL1C/56sPcYGiL860Gds6CpTbAo
+3RGPqEW0yVeaciKnuMZX9bpE/POrDF1BaLISWbfwHb4Hj9/8jEc4ni1gthgNmRYE
+bEhXsx+Cm8bFmcJ93wR9IYctdPIU75vb/Zzh47aeK4h6jJuV7fLRtJJSH0wmeoJz
+VxtdovojcZdtBCod/RjAI32JU/LKy0tyb+RZAtig9gv4OXWASSOGv5SJ7Z7cWoEg
+2XiDT5tgMqQ43YRB9ju2LC1X6daQ8UPV4iSNueJVMLv2OYE2JwQqNx+gPlhQ7HNS
+843ENYJ35MsMHsOzAtF5kh0HayPstuxXy69J72wsS7puljZM7KdlqG1EAZIvpI0g
+eEkAFocdakBQW/p3OaamqF8fyiTBKujRH13FeehzliQ+IlG1iiDEeb8nP3bvoxge
+U+4NGaxG3ePgpGMuc8Dv4ataxomuMCnbfHZOlsR45xq3s9tSUwnHB73Up8+KPORm
+IJvN0P6/m7rHRlIlwpL/jTfhU+bqMunkOhkaocXUwcZgBvY158MrWocIxQkV6ln0
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P2Cert.pem
new file mode 100644
index 0000000000..bb90437ad0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1C 49 34 7C 8B 44 C5 12 A9 C7 8F 64 2A AA 52 59 B9 69 B8 B9 
+    friendlyName: Policies P123 subsubCAP12P2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubCAP12P2
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 subCAP12
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWUG9saWNp
+ZXMgUDEyMyBzdWJDQVAxMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MFQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MSQwIgYDVQQDExtQb2xpY2llcyBQMTIzIHN1YnN1YkNBUDEyUDIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu2XI0p6/0X+8rTP8FMrqJKjFC2fDJHzer
+MYV5HGjBMbMVJS1+V+mjNrjefbErnD4OlZ6de+ckdTZBMwn7YYcNw0W2YAX8gnXZ
+GRZLEjGbqvVJFXpHsjrwNdftP3k4MnmnvgeMJ3T1bmUFiwStmf9BA/qWpmxblo1Q
+C73IKSRfvOQrKm2x1t9niuBiDFBsEGuGbW+oGMyV6dBgrAfEv5r4RIqbcybqBWWI
+1V2BVFPRQGpIw9IVo3nKY9JU0fPR+m3gB1RozpHVvuHBEyAFG+6QLztmWVcrPXZj
+PC0X+q3JMhE3O3N2CqeeqBRCzJCd2hsN86rJztJjJzhZiM4aXChFAgMBAAGjfDB6
+MB8GA1UdIwQYMBaAFM4A2v2qk0D4wKB5rcF4zh3XJ/aeMB0GA1UdDgQWBBTp/LZe
+VhROBh3RMv2IYGsQ+AUbaTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDQYJKoZIhvcNAQELBQADggEBAE2c
+iEnVpboWIBLYhAY+KzMng7Bo142+HWiVSgn+7nLEXXODv80Y0OgvVplxliiO1D/s
+vCBHuFb84tWG5aIo0tZwir7dGsmiXxUvDBVySLbfftJZWK+NpcpBif1s0E5NOaR0
+Tj0wutAl05tSoZIH8AjZrBVsLiUt0HfYKs4ntAvcJC7CbTPMG3/8NWmWvOcfWLle
+sJUomwPMw6990m4lPLAGiKnYEbb8sy8FTmLdzLuI/Pxgj4n04J9/KRJW57dz42ea
+MfJI9M2gG77kMk0UqmPp2U/6nJkhPfiw3OXDQ+pOvHHG6UFYw99dxgT7o0RDAJHQ
+vAf808JCcAlN+EN/7kU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1C 49 34 7C 8B 44 C5 12 A9 C7 8F 64 2A AA 52 59 B9 69 B8 B9 
+    friendlyName: Policies P123 subsubCAP12P2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E57103BBD873AD10
+
+7BEFF8bzxG9RxKtNqMuMrJx1c+9MZyXyWivnDXuMVUeCimHFdFYc28G/jNDJnLPj
+Cgv+0Sq0+pUJ1X8QX19a1onk4dMGdwbn/UsyDTFiZZ3CGKCx86LNEf+krJ4KWvSH
+CkrtPaHJGgFO3yEF4abyYJ8ebv9LIh5zIT1f8jqQv8lNX4ZCjCGD3mNHUucKl2Zl
+xLGPZciqDnVNjmtMn2N9AnwPO6BQsD+WZgjMYV/YRHEE3+Qk5R+QLqQMbFJfRHCf
+eft0u1eBiO7S3qkXRmtm0ny+WrFITZ07RWlbTyekU5gTG6oTIU4AxkBQeuZ4vk6j
+Bi+6JZRlDbC69ND8pFl874yPWM8RWwYqU7B20erIeHr/qI2qUkDtxyeDtNBLCYEh
++hSNh36fZSS3c+wpPv/k/Wy00J0KwvVf2iDGCwvD7bzZJ3E0sDsRcC0FUf/mZTCq
+HHXxj3SZeuPSyhvyNUhmZZaDvsS0LBYxKj7sB3KNQyZUlbOg2TFrUjZyR8U8Moh5
+AFYKwyjIsMbBusZUUwLonXtSuN6oMZPjGXtzHsSYP+Rgc0EKxx4pqpcz6+2hvYJT
+q5YMeuUeQwNG94A+EG0euhxUDjJpFQMmz+6m2YPFmIKD9a2ff5DhOgFFc5Vdn7Da
+J0IygiB1BYi4HCiQxW0+PVOx6Fgqm7JIX9FGvSdY1szLtOk8fpBb3AaBqrAUcwYS
+oseQ6GSJ3eFvuzK0Xrjfp3jcnz4wDNKYsndNR9MsKvdmIOlluZ3apYMg220FcTmg
+QVJgMXHuuBVyIYeDClyERfYph19APnkg7FSoS203UkwSQDVka+b2kpsB75huiL+U
+auAtHG5hbByH5v4B5VQm4UI10vy6zSCjAkomWk1Ld5NJNWqNmXGvEwzEzmz8KsU2
+Hp42y80X7SIeCzO7fdDQQrduDg4/GWtNtzCXCIoZQT1JQkHiKUr1lQASdI6krFhb
+vJQoE4/HaCuwZXAYurClp2cMpcpzNleGgw3C7MkdiYkiVTmg3OxEJLQPxibVVjI2
+GTbHdCib3Ya02lYkUPkbfdSdbRuc7x8bJWXBPuFWhFQTQNMJX1fmavqcNBJk7YoG
+ROz6c2cmt5J7Bss476p/dw/cfR04/PNUAgFH/lnFXzYAYhvYWNKlGqIJuZbcgyly
+rZMZkROnoYP+3vMA59u7TLbggLcco/iHa5dA6wUNA+Vru+vwNdwP5OLaAB5cSfES
+Yoorx/8mKekZYa0SFP8LL25heYB33iz+UxlIamH0VsjjDes/MFg7xzldYLaIKF42
+JpZGQDLi/MVWVQ3JW8j+fIaBJY9vpkIu73Fc1knv8JOQYY6AkbtcXQ+JCLrERK/O
+D9W9UajfhsuiR/m8RGySzKY87vCJ9/c0vrs5crJDO7AmMS5dbfwQqn9nqZekCU0C
+PZGwLY2NlxNB/OI3D8PVW68qVKLVhwc8xK8mNu3Jhu5zJA7Mig8b2xyYJv0aq2nx
+aONGptIRkAMsKeggPDKCE4y7MBgSnCFMdSQUmXcnztdSTKiLUWME5JDQyHQ2Z5CI
+SDTZZY6SBt1bb2DMI1EpP0xrVn9VJd0magit6V6gV83E3YuRr7bJTh60uCJ7h6nw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubsubCAP12P2P1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubsubCAP12P2P1Cert.pem
new file mode 100644
index 0000000000..12bd21cad4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubsubCAP12P2P1Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B7 EB CA 1B FC C3 8A 4A FC 54 77 73 A9 9E 4C A4 C4 56 E9 9D 
+    friendlyName: Policies P123 subsubsubCAP12P2P1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubsubCAP12P2P1
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubCAP12P2
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbUG9saWNp
+ZXMgUDEyMyBzdWJzdWJDQVAxMlAyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowWTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExKTAnBgNVBAMTIFBvbGljaWVzIFAxMjMgc3Vic3Vic3ViQ0FQMTJQMlAx
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9X8Ddrh9jmdsYRFm28y
+92U7sqI995aXi5l+dZtIFpZebhYISF1OlBVv830ZcKZgW/npnqbTX4irRR/Si26j
+w3Z9DECHDLWGnAee+O/5wRNuSlbJzfnJfe+rNCPuy0vcAJhAfz6RmueuwyEdy5Ss
+isw92sb0e/UfqKq1ReyTpHh3Q8VDXse5kph0A753UY/1ZBZbPD7/Q/LYrRRnDhLr
+SVUOg6Mlfu93+jsuwFgcB8VIkd9rdbFIkuxS196/VqtycM+KYRlfYz9N3dSUJhzQ
+pL+xYfC7FRySc63BVFRwWYXd8/vmyrwpoGd8657RRp2/e4gp1avZZ5A4mYoPQ3Pl
+kQIDAQABo3wwejAfBgNVHSMEGDAWgBTp/LZeVhROBh3RMv2IYGsQ+AUbaTAdBgNV
+HQ4EFgQUiSAXhPusuwnX3l5enmj2OVAfQIgwDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQBzP6juBoRYCOz8FzuCovzw5TK/XNmUtWAVYOH3mqjqpP0BECuSVbuZ
+BaSFm8IoFE26babq9OQ+W6YzZd2hcJOAQQA6yLHs20Es3sYk+sWpduSgLNDpf6CE
+7PFzgvQ1vwnuTANNlNLQcoNQrA5OYD1bNLnmZlvenAidbNbWDORDTiyL86Bc1JF7
+gKJFTet6SFKnVugZKWz0qcexhJtdTW6dPS7yZ1/HJlc66/KGPvD3Lxanz/qY5ZP1
+lg/32kPI1xOtoh+sL23f7iE/g/UHY6+yC4Ot4ufgH9j2wdAVhkclavvn4y9yd3b+
+nHGboqWnBZgQOPY33l7TvzvZC7bKpT5O
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B7 EB CA 1B FC C3 8A 4A FC 54 77 73 A9 9E 4C A4 C4 56 E9 9D 
+    friendlyName: Policies P123 subsubsubCAP12P2P1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,74ED1B9167B80CF9
+
+Vfojb2l8T+nyB0oBZ1ZOmouMar6/f/5RaKVL4YbrODk7vnZWW8aI3p/ROvlVj+nV
+vASmxrVVQAPe/NkY741eBEjDza7hL+WMUiXUVsMh+M3iYUrW1HOWqyPBWpuB893U
+OQShF2kFJr6uquJr0lCv9VfO7mj/PsvvCU0R7B7L8xICPX/4upR9oYqvXYTCEvml
+wwfEkYgcGUtgUkMZL0q5oRevrkcZZ7a7IUAiuHfLB9/6MFqfLp7tlaT71YIJuceC
+XOpIFfs5q3MLGwD0thK23+Nd8XbGZVk+da5eOQe2PNbQUo+Vqy+AQPirTMhY+sug
+N5VbFFeFJGp4kH1j5L8aiQTZDj5AnHVX4Ucxo6taP0GypjPrxkUHS44vhYWG1OkU
+O9zJEY/pBSgjqBcLo7yzz/Rb8Pwa3rxMKpr3lffx8MTiNSE+zDsjVHtSWR/8oBLV
+7zL+NugUKQ5wZfnoNeyR3I3WmOqqyTWdVtxxYUOm9+bvt3rITYYWnfjtsoEfGtUT
+q5ZCf6CpHvZqx/AlnlpPGO/gwSWAWBd68Kn3JZ8gGwRCFS5VyMqg5M1H5LhZhq0l
+4wh6D2EiVyDiNa5Nf7vIzV+CJQOLtVCLwXsqzOiEVCTEpf/5Q8JbZgrawnquUfFG
+yG9eMXgBOaIDdjkUhrPv5vkGk9wQXHdGb5dQ56LTBe7RXVkQnrbZGyFF/UXfmWnN
+YpVIR0S7/ben66DxcTWRIG7URRw0zHXQ2WEqs7g5ha73UJc8/iM3U4kN8NCHzH2K
+AnKEew037xju3MZCNvqkf8eJNKY4z10C2PsVouZV9LC0mmw1diJ5PVXrQ1c4bD4m
+K1U0XMr5qU/Z2sm3WmIZA8Z/IBDkB+lkhGalexT1HB4Y7uTG5NO4QJuCa2EV+uZ2
+trY9T0rOOJuqi2SH/e0q4emLjEZDinJNnkzE9H3vOX0xRDPz2JrEdwzfZZiEvjct
+ODQx37tiBPBSWYurkuGSAv466gjtqW3Ob4Q8XJ5R/f+e+nJN8T06RYMYkJfpCEGH
+bkO05LWKQHMf/Gm61aMBpVKtxXn5ESHLc4Y8DbMUYrmOvUEJmcwNslk+Yo7iQNEd
+ZfwAawTElj44YMhmPAdEWVmpKW1952oprbb1AvDqdnABKTIuzWk1pi+G0tTY4hMe
+o0a/IuocCE54Qb9Oy7zusnQFqDtSsF6gzaTwDl7KUb2ax7BSJmvJJ0tjfWLJYPov
+FSm2yyn58sK0V0p4yxtURGAGk7+otqlHbKLo/bCtSB+aWRqw3QPpqIY0Eo2UqQUe
+vtQ7zyNbX3ExBQqNv6ZxTWYfSZloVy+3Ydbtus0xIdai13YhnZi7egeifdYoXNAQ
+8dsqW0n93FayR24R8PPFzBGwHJOQ2evlYZq+bo4A/RThQ3wsuI/1RTHSTfYnuzjg
+ekj4Xd7Ly0EmfOLOd35WB8s4qSwJWGQxO0gKQHZZywJpk+VDZ/olOcwTHvNmiDJP
+/PSs4OUFNm8btfpOmlfqfbDxwpFrJt0RJHZCcrh8pgg3soKKqhw0goOAU+I2Di/n
+FurVfJv+rzmO92/dhdazwAAZr2a5S/FcwG7OaEmjBKt7NVuS4sDiJg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12CACert.pem
new file mode 100644
index 0000000000..90120378cd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 99 E2 CC 89 93 4E 48 80 0D 84 E9 EC EC B0 1E 67 0D 58 9F 68 
+    friendlyName: Policies P12 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P12 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBJTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAMT
+D1BvbGljaWVzIFAxMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANRtyEq+rl+FhO+NHVJOJN2OiDDWN2do70bXRgbSRM+hytvZmhVtCwdDvrc66wSo
+nq+/5yMnEMw2SXzpsk4beZflV5IWBVo2TF9jdoRa73FMzVcDIQigT6JZUIGJAmTc
+VpfXbAhGXLpGdzCYV9GrkdWneOLn2C0vtKA9pyBO/60o1J5o3TMGfD79qU/UhZm+
+Up0jlotpuFo/wi1dInTyTWLLwQTOLHl92GCON+jQ7myetjCy5OPSi/YetgO1ivmF
+H6pPE7GClTgS9wKHlsdAKD/NvhJHRXKvUBV/IRo0wmYSbpPmDICaIEAT3jr9HV73
+XN4PkOkI8byCf4uD5zjHA3UCAwEAAaOBmTCBljAfBgNVHSMEGDAWgBTkfV/RXJWG
+CCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQU2F814prBNyomzoPMcw5wFSo64jEwDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADAlBgNV
+HSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsF
+AAOCAQEAkmpY6Gpz8ttXcYTVjZJxtH5HBhZZ4MQjPYWb7Yoz1Fg64BUeuPum8KIH
++KoyJFYJPmQ46Gop3uqosBj2S3kZ9zmzOd8PIBYiCn5iNZ5GzNhKvyOICWWD4nzH
+mIh0MLjON9H5aOKRPYqQj2R2vqyzqr5/YPPsbCAIj31a3XrEVN71161aPOn6wVMk
+l8/NkC+xtLzqpFxNdRlaAdmf7eT5MRy6J4GC/lf+YKp6RaPcLQTjlzTjF4ABxDbj
+57GFiSn5lzz2/eWvN9i0Eg6+LhCa42wJj2Iviruh+gVOqRe4eLjIyVcN3BwcwFCY
+BlFoAnTVg0CnLeR4swMjKUmHU3n86g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 99 E2 CC 89 93 4E 48 80 0D 84 E9 EC EC B0 1E 67 0D 58 9F 68 
+    friendlyName: Policies P12 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,477909ADC8726F67
+
+estbwupPlOnz8dKiSRcBipIkO9RbXHOdsiocDzIIoSd9mSxcV7Q4LkWq5hBNkbe0
+bCZwOR8QFGfH/uNTGkohgl21Z/m5MR3lirxC29ucHS6F55Z8oqMxs92RIsaNF8bt
+9vwRRRtEVofwuJaUovh817XZZY0RqWcSmmaEA4kmRTdAIzmxzCRme1JndgBiLra+
+uhS7Z7cj78INoCGX4Hef1ctFw2WPhMU4tDcTugQqaWARAPFtMjI13vdGreQHkj/j
+oLrx/MtPGOiDb1UXXHJtLX95mX+6AX3gCI+x8A8lgtvzPgHi1H7bnutlSXNlbFLS
+KKUwJTFVH1DYooBfiho3+7GLqjHBvT2LgsLbiuzNdzle/4ZBnL36ey0eIcfk3hWj
+vdwD18Arqp9SfR4OYBx6RQcevCkDZbeXI1iUyCbGPJ3ii1AfYtve5fCU2jORSWEt
+oZ35/cBwyK7qAYHaobEoIQP/qiapCBACHZ04BdZCbOKmK9cxZDWQM2lQOA47rrYs
+zPxhwOA2syyJsOOETEB9ZK6NwGHQ7A4pw5lybKZWYxXV76sZp5k4DK5ohbaOPz55
+61JkPY76bJYFYdHt0hp1OJZQm9uN//gd5MTHRwhVgR8p50Vv/1F/JoHSfKkqF6Nk
+YQRJ6q2WY+0dDwPFcq6dcb0vQtheShnpuFO5qUluxTzR9BIzUHRdYNiXCbL8rUhj
+uxmTHe5XmCYExo0ZB3xr7RWd+f70qeWQegUdsPUeHJ/BGdGQM2wOM5+JhhhIEHXJ
+HlwbCbp5AjfNxhxv0S1xU5xSNbXWZkFL3YcCn5ecRnSnxYvgx7WPDxTiIx7WX7AK
+UxpwAp720V52rg2tPYfiru1Ew/agJdcFRKd8APSf8+9hZ7PvpAw7YPyBX+UbggBG
+br0SyzR6ERfcJTYQoq5jRT9Wh+dJMiQ9RZaBvz+PUBRwNhzEM88zyuKYI9TM2T9L
+3kadHiAl9KNNGngJj0FamFNBhhHGa1d3x6/5dLo+oND2zYmaOjEiN42vBR73cBlM
+cl1IwBV7zpj5RvLRrIXQeEGirzPYQqI4Sx+v9s9s7k+Y01qEKNlzY6hVJS8cDHaB
+wy8zM3BVocNGw2kQ+HEviO2QnfULqUsd4fS34FcYXkLX1socBhmf2tOqSkztn+Hp
++YpJs9lQb2ZvAXSSstUghAJ/yarsFDmTFFY29kwr/sloVc1T7YmUlWfgLGlPqByM
+sV7IJG9SExfCDTLAH9Xd0XzcNhSsXhDzRJL6OtL6dZsPNS7vxoMVNPPzitMDtfau
+Oo5ZC6EmQNc1JcxAhXghQCrKjKU28eAbX6a5cjeqzvatmVvnfGWZNENhPVlPu658
+wYO5pVGT8wISe0QZqyLLMN8DMSBYZd5LT8epY13MpfWFf3BcTdCMbqSxijZo9ll6
+eWrdc/6IDKPx9wpyadrmf36/I/QNzS2VakhQ71z9H1QntqUuSoWewi29HWpgStNL
+2SRnRGRKygqy7kyrsZTx0Gjz0lXnQEUhakHxcFjReN5pkwbTpkmnqurhuXbJQhDx
+8xaoP68lOAlS+IWBWsBiMu3OoSC20hwnCPcrmrEeUrywoE8oLGtfqPwuLT8xVY/4
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subCAP1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subCAP1Cert.pem
new file mode 100644
index 0000000000..17d257c76f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subCAP1Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 2A A7 81 DB 5B 2E C0 0B 4F 80 69 F3 74 65 99 7C 24 03 0C C2 
+    friendlyName: Policies P12 subCAP1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P12 subCAP1
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P12 CA
+-----BEGIN CERTIFICATE-----
+MIIDjDCCAnSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPUG9saWNp
+ZXMgUDEyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNV
+BAMTFFBvbGljaWVzIFAxMiBzdWJDQVAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAw442fdRTg6Jv+ElCoFqKteS7oejZSQ2gkdvxjcCLHsujyZxb1Uoy
+vAnay9r6w6qOTgsJ4I1YO0XSRJo69S84jF2Y1/M8CdYS/cCIFVLaB8dOFz+c54LM
+gVkNJQGCDJJYmGWWVIvs/yEPX8wIticxl6EVBq/UYhHHq1bvcHi8N2g/uzn1LHWY
+rW2kPkXNbPkA0yUR07+sN4yL+xdi4Lp7IWAYqFgtW9gsQDigqeiAS33gTs0njsdZ
+6omNaJpuKil5y7ml94/8QJ5iJ4V1MFynga6h7fObSMvW8xe+CQY3TPdUe27z4Jf1
+O+ndMFxWgv3rskq5nTsX7lTKjKmGOHB8lQIDAQABo3wwejAfBgNVHSMEGDAWgBTY
+XzXimsE3KibOg8xzDnAVKjriMTAdBgNVHQ4EFgQUIp7XDrhIzgkOOl2+1k1YI1aN
+y9YwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
+HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBQYlzL2nonRz75w9lngMPR
+kh+gIpr+MuOWEaWVYdYv61En2N4HIYxum4dXM/lobJlD3LtNfAwY5MLSld/7xpRG
+/KGJ5VEOg4f5J8cnBoBSCHKJfm+udg1wYz4nsIpsoCoUueLLnaIsJNSIVH/OrcGx
+wcWdKax5udzVGm7v+IKMyn3+S1By3VUACGY8XyGtzeQB4cR2QrhRhoxyUJ/Wthfr
+F5Ust1dUVtCNIZ8BJMEcSTvAsnjzNbmHudj0/DiAuXMF4C3uvUncoZsFoKw+VT3o
+FBsLX1QVPwaeXRvzkJu7vJyZBaWxvm5igkpqCni36UY+oa7OlKzLny7JNGg0ZJ5d
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2A A7 81 DB 5B 2E C0 0B 4F 80 69 F3 74 65 99 7C 24 03 0C C2 
+    friendlyName: Policies P12 subCAP1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3B926AC0E223F935
+
+RwLOUodurgoPZ10EUaUobg5vPB5zDoqYjDuRdrDuB6cxiChkZ8vxBPm9mcKpRSPH
+0pahHhjJn++OK1hQgCag0RB98U8KEXuix1lrt16yW/PuXaACx9XXOAgM45SYtXJu
+FlMrkdj16kJIFcM8Za3SMFPiBaxDT3q27+lNuPRmS9kwbZugfqil22GBQaeLhwn+
+Gbx1J0waeXLNFR3maPWcu7mzYajNkJPD93YaHp1/AQQgXEbHmZ05JG8UWpbHBsYO
+5E25H5W1lNi7BDd9OpIVQaOCAwBgyrqtbf8Tlt4F+HbSb+KOf00yS9zkkE9HBo/T
+a34S67e8IoTQwHsC8qabuq3sSK8iViHTFCVt0NCZjnGkXBAzN1pTbtsQE41fiklt
+bY5G09GkO1oiqnIgujGyMEw3Yzzv3uWSDnAQxvl6e+cdWuQku9z4UTcmYkkjRR2G
+CGGtF0+bY3UpknUMHu2AW53bFXgc999JXCCrJteMxA5DYkBXuMbo6AT9o2A2d+D6
+ZXaoRqrwzNr9WjYSIVBn4PW/7cuV/tt22A0EiV5HjDoqZoMPwZQ3V6TgsWojkZMb
+JB9il7iaGBvmkNfHRcTOOYYE61fEzv9rDAiKm5Az8wuYpAecYBPhUCAprrGqXOBk
+bpDVJ+X1bq9EMYpKl27Pexc0rIXCFLh266QVppDzuGBwITsjihP0V0ljishfX2H3
+Z5WSRhSG5chILWnMc9xj4fMsMvNR9+kbRjRFSMupO5pLyTSIJ8XSzUmBYZLNXnaF
+oX2dtDbyCVw8pftJaWDBjZfGntm4Di1U/ic0mmCIT5AGK9sAmSSG5Pb4u55VuUw3
+EyyZlduX7OMArSAHxMmTwA5i+7Fm5CHhXe5Og3Awl3jU8UVvocm3tAMIbiucI0oh
+jik3U/3ZcNJoogzTehTBHYsvLa6ZYkw9duRHvCWalWJO93cfDmlssdu0PceiCRl2
+p1QXkqe1XercJkaQWAEbW5i5Q1UXQNSRA4Ab6SRxRWa06agT++cVuQqeZJdKKzmL
+FxASyjYCi1BTVLcesIKtgyK3YKS1as/BXw4R8Y/XZa/o/KYx33Fg5IcWo64DoLrJ
+XZy9UgqIIfNBZlyqj1Lhf3nDY2jnQlCbz6jRnc3HTtOSWzB7Sf92JT6hThHFbksC
+IQFvMWvcOh+rr1M+kMmmpAv4pn0TbKZ+6XqyvRKpUc/6D3pb1XQ8jCoKSoYvnv1K
+0WkTA+BmP9uhqeQM/DPXxyNLnSxDXVM/prV/Zk6muO9J5/J3vqVwOSlX/d/qnaWZ
+aXPCz8S5u5g1T+l5mAhu6RlA/zQcC99cvocObFrTLcPcmGLvOJKrrpIJqUDxZvD8
+JTUNo5ztAnI64gCQmzbIkeEue9qMlM2iyS+ihgiaYbAS6adtfdpC78nqwcGg2cN/
+pSPbrJx95ydM7MdMiQbxcJXEpWc1iKZ8jBhzZtaKmkwnNNJu2mNDgWhlMILV+MLZ
+ZfWOyJvJegtBUJY0seTv92SR0on84hmpCvNf/ornBIEyeD9US/Px7lzgojV/ST0F
+vtcP1DBx0Rr6D0bu+uq/VxgU7Z5ZLrTM0uDpGh09s0jMqI8lYJouKQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subsubCAP1P2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subsubCAP1P2Cert.pem
new file mode 100644
index 0000000000..e7879f759e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subsubCAP1P2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 6B D9 E1 F2 73 99 FA C0 63 3E F1 B7 35 05 BD 8A C6 CA 41 B2 
+    friendlyName: Policies P12 subsubCAP1P2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P12 subsubCAP1P2
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P12 subCAP1
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUUG9saWNp
+ZXMgUDEyIHN1YkNBUDEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBS
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEi
+MCAGA1UEAxMZUG9saWNpZXMgUDEyIHN1YnN1YkNBUDFQMjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALcO073fv8c5JQbdcjDww0pNGK2g+usBAvTQmcWh
+Z3JhRdupod8gbYrEkMWebubmwz0qpdnMT9DN98KvBxnvzT1qUqAGv3XcUjLGg1mp
+AaTvkmSxHmABma74QKv9v/D8VfvHG5kzJU0HPlnJZy9yVTZs5pqdpKdE/8SkmtNj
+0fM96XXKpmprpuCzlhvujpi+3SQSbrXFK2cFgcXHsRp+chRmb3bLhg2W+cyU+Fl+
+YUMr24pljeGGZfPkTEmjXBxGsC8hYjwVWAp6Mpf0UavA9esKTJcsFHn3rMnbBZvx
+vgmV1YNRBo+CmUmH8QWceZ3AthN43SXUPsFDmTa5ThAXwskCAwEAAaN8MHowHwYD
+VR0jBBgwFoAUIp7XDrhIzgkOOl2+1k1YI1aNy9YwHQYDVR0OBBYEFMelN6fQ+iTl
+fN/b8l1p2+7K9pnuMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MBcG
+A1UdIAQQMA4wDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAS79LmgcD
+s1pCo0RLnthY6dTlCGa1z1TVOERBuf5VWC4mO6UdMZp1ahIegjocC5KJzypNyT6k
+IGSP6NeBN9rDF1smYx1M24mdV0xzQlEG1lcY6fetIvaC/U9i9nAIqRZStNMA59gW
+4LH1ctSlRIoErJFR/DsKkDO0LumnvCE79qs2PikXuJFPj/tD+KnSFNhZkCL4UJKm
+X7g0gXh0y0XQQUqzqwP/VoitGZJZ8ZeNvnQTfeMaS8z4+2bIMzdQN8AyVtSpWtnZ
+05VTmnYBCfFjx5z3f1srHvG84jzAedaN1Kpnebds3wvLW2ud8J/3t/mlLNmgHWFD
+jXYibav3P+Q6Dw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6B D9 E1 F2 73 99 FA C0 63 3E F1 B7 35 05 BD 8A C6 CA 41 B2 
+    friendlyName: Policies P12 subsubCAP1P2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5911C827AAE9BB36
+
+tNsN0h+pBaoaYxjnxOvt75qBDO7vz+EawZ91cOaiBqDFSkXBLNpX+6vlzNFRe2Js
+nooSRFh8snOZxZPRa8bPmVg327TsL4sxVq+fpxEKGdevoOnFlMjTbX7WLYQcz/Mq
+60mDQUyvO+Gp0jDjRxOduCUHvzdB9ZoNmkNFuQ41pxKgJ/HjQ6djXiCb4REhhjbL
+lPEJshawWWrzKs3WVkE4xsFM9qoK1lbQ298XGKtWRdx2aeKjkTNbY3ivDfbMbpry
+deP2eEbeSVoUk2JQyqQMbhgffguc0gklEs2x4ioiHFmzzY12zo+UEaJ/8lHKFMBB
+Lb9Y1Ty2FVlnF0nt3bOTRdOjOLS5iePU0/mxQ6VC8OxGo/E5xDjN1JNvD1l8Z/kn
+Wu6Y9dmU71RYCzX6mO+LkJ0C5F1IuZmQjm8yzVj+ySoTNftryb8H0j87q0Yv+K0k
+Jc8YU3ivqIhwKf6Y+UtlyIuGy4bWv6IdleHeEHLUntMPW8wT9mQVY+PvGioZNeQz
+Khm+d5xTV/F2/2OVFJRg8RFTHwvkt/yYeq/8DvkOVGgowptngoLWJsnFiQS/muL6
+99CTkY1Gbv76JovHtILsWnXETar7m6N0UjvDcDpoWWWsOKK/OjGcUU52UPveL5C2
+tHIu9uT2ZjjPXG/XZUj0kIWVnZCgj3ipBRAIVaMBwx26oQlJVSC4HBSblk69K1Ts
+TghKKVR3tZi0ivkULcvKJLQq/RBXpRqnZUUjgmrHG9STK4jtuHUdkkibJqiEd578
+7UYDtXdRll8U4HfeqVz0X/GEAlsRhHNRCHtJVm6zsp1TnkPGmRe0RCZH8KoLePNe
+2Zi9lHwtG58VX3/yk2z7yOejwanHyMdUqu+bcRv/J60PDIWrvB2uxAzhg9DYFEU2
+Al31tZ70OQRXdDxF6Ap/4KD8s+otpwbGPT6qVYY3FDHTr6wRAeLyxI1pvSzRIVKY
+Qm59iuDxA22q/i2YV2Fn9V2pxXKa0pgfl8yJjpq8bObVSgS+Rcb7VBqLJ2/nP5vc
+BkbVOUc5RL+NZRaSJoyf745XRK+GmEHGGjnT3b/0s47kpZcYWaJKX5EOk5JOgTK7
+acYyT2+HpwKom34EjtH+rhaSUycePW1/GWcBlD0nUZAld1+SEHpb/CZwyD8b635k
+g2rWen1zrJSXRxxyxDEGMfQeCKX9bW8PovbzyHjNc8CRTQiI9ekxgguTikmhFeM9
+y5pM1qRP8faCqsXoZohinGuN1SMAA+boWZf9KSMrDuO9EZWpDzLx3XBgf/CqahEe
+aWuIfUQ0GbBIarYaWzeH0YDXKsjTPChRKEEY5E0m8egB3E71CVMIsHf8Yg+pqpBi
+TpCnMF82ejSvFSueaaiASQRl/+FyOdOOPsxm7FdHjiKy8/WLDCzDymXOp/oy49lP
+FZYKEuJl5K3q4VI8o90KGvbl8RLt9MeLKYI68cT4RhcD1JdB+pzPbVDyf8BYsNFX
+K5cfXVbu1oLBpR0RYv9u8QR5OMFTYeMpoTtGaeqiwl+2812UgYw6dCtGThDHUysD
+ypUueOn7uiA6LqIne3BB3r7uI88ieC6N0pm3cDhBsnRy1rMx6NUWEg2dqzr7J1ti
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCA2Cert.pem
new file mode 100644
index 0000000000..e370d68fda
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 31 29 A9 E0 C8 DF 5A 0A FC 52 44 4C EB C9 1F EF 87 BF 5F C6 
+    friendlyName: Policies P2 subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P2 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIBEjANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMEsxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRswGQYDVQQDExJQb2xp
+Y2llcyBQMiBzdWJDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA
+1Xz0YVwI3XzROYh8YMIlBawvv7A2+T/y3AJJ4+yHFGsIYWOnM7LtEfERfkeGQlSA
+g9ad8IFH7vr1ZRl5SdgULBfmHAvEz20vdqFePL8ArM0mOuZU/pNNc7W+MgMV9SxL
+5dpwF84+dLuqHVXtm4HNgl6Ov2KxUcAac88mC5dH2cacGFGSgeCdTlmBioRNWCNe
+L9pTjpJ1VgopLB5ZytlScV5p+NgihrnCkRKZaxwKX292SXyTbKLCr6F6OTzbjzX+
+qOuFUPfrJjMISRlK2K1oa7d6FN8bI0mzc1RKiyLRVc28IS8QzXcyNKoS7wAE9mBQ
+8zTn3YfQE9ml7snMbH5PAgMBAAGjgYswgYgwHwYDVR0jBBgwFoAUWAGEJBu8K1KU
+Sj2lEHIUUfWvOskwHQYDVR0OBBYEFBcs6gO4B3eBPWWlvzMfzHrSmPy+MA4GA1Ud
+DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwAjAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEBCwUAA4IBAQBCi5qkuqZz+Vu+
+Up9cFMNPiH4wEsAkwBs/rDcvCv0yHjpooTNz1Ra91TjgKPnqfkFjO4j9bKQebLAo
+lc0V4O4BP33UgG+jl1zZZVV+vRtC8c3sXDLyQXB4OmR1D9DDol8zgb+NbXn0SHPe
+3a+qmtBultEnrDqIdKl4cgZPKDioiEyBNmORsg/qI3bmmgS4U5LG9QI1HMUmlEsU
+Ccb7UrMih68eQ7lvITV3FRn4x+J5Eq55+gkuWTa4rgbPrjuAoTCHuzt1QH+u6kTm
+F00F+dF0jKW90XMIXq8P7OcUvQwuNERJ0Kn1NXCpyRhNMwW3BzWLT6eRJrr9nU3v
+Prz6Og6z
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 31 29 A9 E0 C8 DF 5A 0A FC 52 44 4C EB C9 1F EF 87 BF 5F C6 
+    friendlyName: Policies P2 subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,697AD95373C83CCD
+
+sX+rlJImW26DSahjR8/AXFABLT4Sa9M+S8quVK+yGb/1ZlS6iw1BWE1OGOk8k+wz
+TyPZNHjTdbljCInaN+TNqxwkj7QdEdXvPlBdpp7zwnasKVXHfRubnIc2E2EYQf9W
+ydBpfH7r+vUbYNfoSJymA9XusFvIw6Gn7HizzyM4f6oZKxn6lTXRKo0rWYKCZJYl
+OSTTRDrTQlJyrGvBTUN7yoa4PPIY7UqTgqS17FRACIf6rRKlFGHAjVhtb1vpYEQH
+xMM6W+9ZXrn4U5iHfxYkhOXttCs7XQ2+4fAO8A4PihuiajYdITI8vyuKPUps2g7m
+SLSz6al5uVncaJcDeUpJ8Sic07ZXwvLjr3gar9bTMCd6DZtFcRbUq5BhAHTErWOK
+dV9qSlN2kH4AScN0c7T5Ex8dtR75I6geW293cdh54TRGcc9H+MCBIoc1cQa/ixzR
+eKbu1mQ7BDRyInMyLYQR/PU/LYieM4VhaJV8+MC0WWrWAARcEtUeaCbEQnL5vN5+
+vyz571ZbIkET9STEo1WF/+W8U3umO2Aaoi0hd/eE1F4UTpUUrJsWFUASMlHcDfa1
+ikcH1LOR4m2I1ljCXlxMT9oRJBlocyVYjLN+wO32rU8WGeoAgrQa4sRLS/emNYX3
+t96yeCkIZ8H1nAfQtyhioqoCg2fEBLhpewiUexu2o2IknJjyYRj38mV4SrtJSWYo
+whV3SndcmaSWrf4fNY1HuEdzWPq/YdKW4TWm2ptD2v3Eq8xLPCO59lQK9y7rvzk+
+B1qoSFYME5DIWYn+yId/dhEXqqprc3ax3ki5HM7TzNZxZbaYlnFZbZDHBpvGQKHH
+6TQFCJBIzPQ7UfLxFHasc0RkQgcCWKfMM0Twya7GRYqAIcPIhn2a6zQWy358orya
+8GYjKZkif8thbVfnrXw8KKlMrIpjgEhbawD7djNp89cfoEU9ZNTVMS+z73pGiiGt
+SOd+2TvsPI8l199GaxHHEh1tKcxvV4aL+s/D4cjoCZamWOVDQmZLwKWhA1yUbL/M
+h8Oqwn5+FDXXSU42ywOT3geipg3dMLefxHD53D8yYURwDOZq+f0svO65nFuNvxaa
+dTt734J/oySW3hloc6cx26mk2b1V7/Ne1q2WXnBit2698M0A9hBRq+cE8eAdBSO/
+l4JpGP8CNXt5Pr1WuYdSN50ZJBI1XppURb7O0h6CDQ/LA0zCFPBYOHC3wmg9cVIG
+en150Z4D10v7Zd3yM+Kj/chVuYTff19iiR+k567/XlZkUsK00bITAwF8gaFY3LJH
+k3mpmpyuqxDSLFuZDY4n6O9yPuJJIzPMwdbVHCxem7Cx4fknG4Xhaealcbu5c9zS
+sxwOkBKyy8aLxGHMba783VNOgBkIf8tVaffsXK0aUmWJiIr4ZPVBzTtP0v935t32
+XTj9B24T+N25HSdTwRL3HzWzNAjx5Ee0nRyoPltAmdQ5/82JrSniOf7MnawJfCXh
+mR1woS7qLblTx4FYtOOO5qMIhcOf2aF0Rf5N2TYgl0Uf3cSpV0JKFfM5yHNgJfXb
+3PThx6JrE0byyiyRxHiF7Bi58tWkxVIk9m7eyhgS+1xhOmlE4Rxta0AmXTkmW1J1
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCACert.pem
new file mode 100644
index 0000000000..4e4382abbb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 37 36 52 33 7A E8 77 97 E7 C4 84 96 23 ED 18 38 6E A3 FC 01 
+    friendlyName: Policies P2 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P2 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMEoxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQDExFQb2xp
+Y2llcyBQMiBzdWJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAONY
+pdHnfkkbKL2heQlsPDaTK3GP8UpxbIYB1XqtUGkKluuwcYbuk5IP8Epdq/PjxCzq
+jS+3tTzOFpNKRk1722cL9fszIEVupG0F69OvZ3LLiz7UxvtTQcPHYdBrOmuJGr/j
+R9Qie+7F9teXcKCdITo+5Zx65qrcR2GWoG0kqorbgEg5ckFeKoe+GnMJeR/HyzhX
+LQhi6BnJEwjFCmhcTNkdxUiIEOgNqV5A5mxYq8Q48bTaQTBkU+1UanUriLd0qcqN
+3uT+ZlvFU29GHZ503xNV0YMisbl4VERoBPZgJb5nIZoPyejMkpiVMTMYiIjCpzwe
+4BRFEJJNI+5NhUrReDkCAwEAAaN8MHowHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2l
+EHIUUfWvOskwHQYDVR0OBBYEFF48hHOeMHBycZiugTYZ2yIOfK8DMA4GA1UdDwEB
+/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+AjANBgkqhkiG9w0BAQsFAAOCAQEAdGtNBQ2x5Q2dsg3CvXxLjMO5Ij7kWTJ//BY9
+2QuZ/zZrVlYdCn4zquXXdGo96fSqJy4vK+ERQCVk9uHNs3jTSoQRN0vYGnKoKt85
+rEeMDvmahO44MQaOZlG13PwlleVy598Cu7Ylis1mnq5s3oDozMau6QZZIljdt6VE
+OernrHHcr4EmEmw1HuCIZZf8xcai4hqcrXw5GJPGr34uU6fedvmaKp1/1WWHPoEk
+O5CAiMmo8t/yeYWL1HmVkwvEwHJ79IXZFi8sIyO/8HCufS6DD1FthFlQfBuYHdjo
+fReXC5SMPIxbpHXMAUPJgTwm6HoO9/XW0WzLxCXvu9pMDDD1IA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 37 36 52 33 7A E8 77 97 E7 C4 84 96 23 ED 18 38 6E A3 FC 01 
+    friendlyName: Policies P2 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,203ADBD94D3004F7
+
+s28VgMsa5ofnjYv1TT+og1HmS7mZp/DahDg+fL1UdNhM638ec1lX/ArpfBiDXhW/
+KvdQk0I1bsRdpdDYeYnUAARhH3Lj45Hnn935CgpqKVrUiurhLdPUel7zVyW7UcyZ
+7CAAtFJKmCXKutlh73IdNP2g265gtzyupMsm1+rHKx8xxt2J3s49IltaDbpFgjPK
+tpQD2SlxlJbp6QY/hMktqd3jojCz8wh3WZLEC1Wj1zGPNgl5CNtebyb/8S2itoy8
+FbV0xti4shjNR2MQGAw7YYT0B+cyt2E9duv0zfRNLzp8rS6G9wHe9wPtnga+Qxnb
+ZPe7kvQrbxKBZEqKeZKmtI5pHqb1HXNnr07FvWDWIKt0H8iHTzd2hv5fA7lQLJEN
+iGdbl8GzJpANq086bNvnZW4maGaa62nMiCm2Ei/wLSRZ6Hv3HZ3ZluDDnOaW7OW3
+dHH9V5AwG3uDLvTgZDGmixcv77BKAdD2Arcafrw6Ii/XFcLHVn3FvV6xrVP6iY7y
+7XtIt0U22jXBZdcLMiw+f62EZo33K0HihkHEN3jfSMC76e/hgBhwh+XwxB06KvG/
+pqgHrwtQE4hY5s9Pv4kBucpl3CTYieD9VT3kQD6q9Od37q0HHWl3xqX7hvM7K/pe
+mkwpd/ellCR9nrAMuAs72xlAyJ9zVd/OMXA0NxzNxMplOiYG2WXOUAOqkTLt0tq+
+8ILg9pttE30zVHhjpVTZnGyTYrLKGnxU9Gu2QwGlKzBt6mTsT6PY2Rp0hR3RzMSG
+cj97CRBZP7l6TWBYahoZEXkL3AXGfGJd5EkTOnX0PVOe0JRPVd2Hn4AWc7uYtGr6
++1vXFtYngq76dSkErvXwKLbdBuvllFnj5xQbmcVv8/nvCzAmdhcIKDUDhBvZSYno
+kpcBE+1+Gkg74drj3ShYQ43z0y+uyKOb5g3IG5BsEhlEK7L7TZ7l8sFilRhY+oMJ
+g/Wo0aiLk6INFR7CgH8w/r8R+4uwwXIKoS7BvyrREfYJWaBicEld+AxiWNWS9Zbq
+jQoUPHup/cRrX4IpO6eMmWOT5t/anONjWuQ60ZzLVLi5pSFSKFYO2mMcZyH+zsNV
+G7xYMFkqeMr48xEjQTMuk+peXYAndmvy2l2Z4myFvjttNjqmMqffo2+iD0UX/jmh
+fzzHzxvptCdGd2uNGw4800M5oF14yI7GGAF6IqueoyNdnmRUujonThFvzKUe92W6
+GPNYtA9V+QN/ZJ4BoH40tb4L4MFdHWtS7ZQiIFdglbsHK+o1v8ULfz1amjI7XCXv
+H78Geg4CXX209lwW5ZXa9aDYWsuy1BnMhs0xqa3dHvUf5N3QvSuheljopo9nS7Il
+FU6XbKnpxUHOkJlJRggFK35z2FFe0lpJIbDBl8Zt1CoXXcSXL7VyCPxtQdVgrygI
+a+OPnMQ10ibIksGEbW67j5iADURrkN/STXToV9d90ffgsAZFH0isr4Dh7FBq/vn7
+djqLZk8s8uIjZD7iYreETwhdaS6zy9UWXkgblam195/AnA+qdUZUFyTXtRzII0j5
+UGIA0wo3HKiU/B2oZMvaErkV3sVgsz4bLN4Zs6JPIfYh8MEOBoSwIy5AN/ozB2b8
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP3CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP3CACert.pem
new file mode 100644
index 0000000000..9155c3f497
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP3CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C4 72 AB 1A AC 9D 3A DA 8C D7 3D F4 EA 8D 94 4A 8F 6E 61 CB 
+    friendlyName: Policies P3 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P3 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBJzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFzAVBgNVBAMT
+DlBvbGljaWVzIFAzIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+4HTZ2qzQpYWTz2Y6/AOG/uDqyc7uIc/bltDD0h+0g3c2Y1cK2couvrTwShS8gxcj
+2va9m9EdMuex5Qk0kiekGoKNmWokKAKxTmVeU8fAgcPz7NJxLjsF4YX7CVVeB4+J
+YeOwT9i+4D7qQ0JjZfmZCqxJIqWKpW/U1C43QwMh2TvJ3EIAFwLpHqQpZanugNJZ
+Ljf5Jpntjn1dLFAvk086cx37dNn1nsFzy4pOpzSfMYK20rHK0VGtyTHc3AMR4mjm
+q2SOv5Xrnx2uI41HNxk5BHvX745TwS3sUBMWRTw2G8DMXTy1HonZxVc84GWDW+04
+RSpgPoh99Inz8xPTTNOTgwIDAQABo4GLMIGIMB8GA1UdIwQYMBaAFOR9X9FclYYI
+LAWuvnW2ZafZXahmMB0GA1UdDgQWBBTYBassoIvDktzGrWo/v/PGmOXc/TAOBgNV
+HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwAzANBgkqhkiG9w0BAQsFAAOCAQEAXXC8Q5AzwLws
+Cynt11pa7Nl4I15DzEd661tWYavZj5o0OH+dKdu8kGRaH5fJi4th1oWdJ5V+y7OF
+XivnxP6fZMZy0CJhLZhoCm1O7y6BsM4PMOFRgZ7kPNgoKTaT9tMmGXTJDsG+x9ph
+/Ro4xL/ZAdREO+fN0r2LmyTZ8zud1D8mV4yrWA0+HLj6MoPe74w5JRnjI1bLp/pX
+6Rw5EwoYNKrKjMp1VutAEY2ZSdKgdzP1tVnMn0WsluxuzQbLMZ/Zzu8U+HEGsBPv
+nYWynisQlZsxqlz4dLqD1FuXv12GExxQSr1AbBJDGcZZg2D/QbDXT39lYKnjRl+U
+J9DHk++AHg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C4 72 AB 1A AC 9D 3A DA 8C D7 3D F4 EA 8D 94 4A 8F 6E 61 CB 
+    friendlyName: Policies P3 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1EED1D6BBF5F074C
+
+mL1q7sb93AsGkMS7OHU3oQ45uCR8jlqS4UQ1Vsrk7FIpmFdMrH64USyIOidqT+m9
+ZSJQbNcv01afMqam9oOfqeEcnWk6oniiNDUpl5RO4cfYXtzcvnqJvOwRqYpT/2i1
+KgpfERAM2CxDlvj57L1qa6znG8+cs1+Dht4gpZ15uOzeKg/NNhq+JLMQDOJQ6MIi
+BcO2OAEw5wWCZd+K1/8kvdFPZK3sSC8Cizy5ktHR/OONbH8BzL3RvGnFxZMfQ5Dr
+E8Z+KysFZaX9ZbNYowkT/IcYxb7mwLBtk8owDcBfSFb1bwJD77rEbydxETIjCLyF
+VcSMshOBu31D+3/VuxWFKhrwXW3o6VDnkmoK973ckcfpbJBq/xtFzT7CaNbxEkPN
+wGZzbsfqZhgOeXjBdxEmGwY9RVUt7JUQXj1R/5z3kFzwehWwfX5V/W8gkE07MFQW
+7IQGvkBhj67xpwh2eK1oLhaJRmU/Bdhvw3Sg2qskcdzX6u19FEryGd+WGkuHnV+u
+d3TKTXbUrcZqeHt/+Y2s/6czgDA+3NOUd1WN5CRSerUcCLdemC9KWB/zLruLoFb9
+6neH5V9rmROoMu3eJWdEQTUgYrBx5z38e77Ya/u4gJY3h+kqmsaDQxNLPLdJ0DoT
+qa/JGIXdXlscz6xH9DIw1fvpvq/oNASGk0ln8LFZ9CAE0bA1GxMbfdKgPj2h3IdV
+IrPwwByTurTZP1LLL2z9xI1sqB5l5eHqvkv/QbrG1NS1X+nbHRavQBLQD59ibwsU
+wJIyla5X28e1wI6Jd0zyQamu0UxAumIBz1Rlkp1WN6bE3QR1xwvNu+zEFKfn/x4r
+pzXo0nn8yxEP72/LwBxp31ohl3Km7p13nLwx8IRQMt7ifFZsSFHp5dLNourpOcmh
+ACYjKDwTtkaVx8Sq2UnCp/SWq8ueA8984zZuZ4NxTYkrVx4LWelGjArey+FCdODi
+f6iPz16azcS2/dl7SzwjBescepeUo7w76O2xW8fOjksJ0gVzzNtzH1wKgIb698N+
+WzNZBsxSmg1Oo/fW9zDIhTbCH+HmojlNgYc4wUDK79Vll0H/nizy7Dt3xkT+GWIL
+e3aZLJ12L+0db/xwlIf2s4uKNhuPLPsxWp/ecOt+NEeM6jIuS4Hn9eSQqv2C/M5D
+6VQ/ZKjZpB0vrh0bmDOJG5Ly9hzITDOW5Ryh0q4ahDfoQwP36rhfG6BAIHTV/olG
+KzQUaCvUk/154Nh+kIUtj6MlHKLa4kVYgHGR0AdwZ77QFtxr0Wk8vyhydOhxVbj3
+TjaZKpcgtW9RSIsIHTwR9Yl0Wx2o+/s117cXasubjkwmkofBXzIYpqvrws0feObT
+w+KXNvitg4LLsoRjRNHCKR/5iVVPe2bdST03SPhNr3SBc8RgWT2qEBHvgQrYASTc
+v+lP5Xz3vkcTVF3G9Dudc09eGU1OBeccXd8rdITTwUQLBg4s1z2B22TZm+ZcBdpo
+GeWR5oAKoAKBrY+XJyagywfQsw6PXWfWMkvL09aGOgK52jqGyU4tuI55IisKxfXj
+vRA3dYxyHN2rQXv052S3JRWHv1UVbHWmJSXkpGKQm36iJLWDI/p1GSHHxaBofcZr
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280MandatoryAttributeTypesCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280MandatoryAttributeTypesCACert.pem
new file mode 100644
index 0000000000..af9bb596d1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280MandatoryAttributeTypesCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 4D 87 16 00 23 A9 D1 66 F2 F8 4E C8 0A 4F 9F 45 FD 37 EB F1 
+    friendlyName: RFC3280 Mandatory Attribute Types CA Cert
+subject=/C=US/O=Test Certificates 2011/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID0DCCArigAwIBAgIBYDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgZMxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRMwEQYKCZIm
+iZPyLGQBGRYDZ292MSAwHgYKCZImiZPyLGQBGRYQdGVzdGNlcnRpZmljYXRlczER
+MA8GA1UECBMITWFyeWxhbmQxDDAKBgNVBAUTAzM0NTELMAkGA1UELhMCQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUNDElMAVhx/zv4YAsDhenHhRX
+LtmaEBOCTKqCQF+rRfQuf9huc18yfKyylxeh/InZ2lRIsWDl7CSEHmE+mlHNt0xw
+/oei9oPMSrR20+ZN+HqaJ5s4Ds3FNnIjmpgRlOPWokzqqCJ9Gtyu8yKL/cFhbiXS
+YaADGz/ed1FqeiWuvfDKyaxPtG3bYa0Jq5iMuadfBQ3rdwFyPLaM3q6rNkDMrFtE
+Whp34TooxaatF72fQKphvamcnf0QNhCpTQGTjxrdKtGOwI/zsuvSHmm2IsfP5uqT
+DimedyldMhnqVomyNDuxfIUzR8y2Da6/UyCEEU7MN7LEAXaRD2zhLzF+SQINAgMB
+AAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQW
+BBTwURhi785Bx7ewZ3RrArwyCjOZ6zAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBACdlWQg/dlqwHgvP2lBoyEnv/xsOOACG7wzdNrK/CZzYL7vQ3tWrdVaPIEh7
+B4nDconwjPuI61JiZv6kS3BsI50jVq0uIEYcYBPVTZIv334xnqZDyFa/Y65dUdhU
+1Q0wKBxFNNlVo2dJDhlEjHAtUlvTDGVkCTk8sz4qsrAmu4KXC2ypEi6n33EuxF5+
+D9+leUviMx88AEP7/8KwHTUtsHLqvzxCk3l2gt4oY+EuY7+hKGdvvkVev7LtX2My
+5UuWkQ6jroQjHZIplTyOUdM5ZfbjMhaUQjdmJC1A2zNzSzhtslNWWNjKEtcceYt1
+5lfxS/cBIzJv8qLSVwsd136Wa3g=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4D 87 16 00 23 A9 D1 66 F2 F8 4E C8 0A 4F 9F 45 FD 37 EB F1 
+    friendlyName: RFC3280 Mandatory Attribute Types CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7C59D422931F29FB
+
+pAfgaxWooTDOmfaFUIm/eDzARkqyXWZcw7AeuE/ZC0l9FYt2qfRsIhZq7FujM4Od
+b6WS16nVPIJsQUDRZ0zV2DePlpW4JJgbOpNMmXRHEXfEVTkaZ70oDJdMSDCovp5K
+JG0ajomEcA88vtSWp2hjbK4ShSXcuHcm1nEdVmmvOZOG+43GW8ornfUcvPH6kbc/
+gWOHNTnZDndTTE0qBPI88fafOputHhpSLZUjTRQEPBk1TsnKcynHo+XR7pxCV7qa
+LvHw8gEZ50hIaAa7Gj1cEl9ito5nLSEIECKyB4b1KN4kS/kDIOi2b/XiNwJeS5U9
+WCJIEakbrodLaY2YZW8aDDEsPKxYoS9YhnPlMyY0UzHy0175GVH6WVohKpHCQLC5
+qIXQBO0+too14txu5CbSWIDT9W1TN0yrXmTYIHhh60CREdjuVFq5pq3kZg0FDgza
+VTqPMlflzmChhTfQ1bxtGfPdKQd2fydzdR36l2C1qOfj32rzBVcN8NrO7/xc1O9w
+R0ZkYXqXIY/68zcGrIFIf/mEJ1Roi2FEa3AVV3MFmwpL8SAC9kHmj7qKJAGcXl23
+4XetVCMIc9YleV/CCWJ+0RCQLnFrXcljEOEHDSGyoGChGl0Uul9Fb2pfq5lOy+bT
+8uI9R5IXI1eTuDVO7t+muMSU+YHCtsOBLx9JJJGAphvgH3N4q+CWd4O9bHLrissu
+3BRTfGo98ndrj16q8vN/qy2eJEpwKGPLsFwGVDNBxbFZQ6kTJy9UjkXLCSH5pv0g
+fPdaFlMMiPyWU9Jf5YT47MyLG1Aiv7uwxtZ/t3Hp40h27EJXrkcbWLQcW4qtvjjS
+PzmvZSO7HHh9xKhqr/D9YJupoRJLjNM8VZ62R+lkmD1lcNdDH343M6XcY8or3Oru
+Q/JFISSt7IqUJUEVT4oj0W5cAsOj3EplZ892XxRWDjd+yeDogo4jiTrbjPQgG4bF
+LQIbWRZwlLK8K801Y7GGFUtJ8o/gwoYigxm9rfMVigL+vncR2vHf7osjXPXVKX5b
+mkc5/v4rgDR6Qv4TpHdmuiBFtzoITxwl24nKwh+HgMLzd1dqYA/TCv9NCvK8nco3
+9xIz8F22960phiE7dB60QoJSq16IeJT4A89fEIDbdpJUyJloZ0R1TzxBzhEzyxRa
+KO6126UDvdA6cJUDb8AnpZiEW+DnBp9EmNGZ8Aa5XuiKqyIISJ5Sj3BrsnFgdyvx
+hh3dhZxmZpJ//z9MYq7e+e93KYg9c6RPZqqPF66wcMiatk402ItJAgmGQYWiQPt0
+EriT44dQg6e2WMKcvVtoQtoG3AJL+qjr7bhjxIU0gH3ct2PdlTLVEE/8BrFVlFK2
+wVvawOfsrYeF7dV1qBUnSDUGuu8tore1MkOrgsxSkSW/VeNstY6bZ8pbY/HuxoGe
+ZU0BlHMVw6s7jXLjsXsXSyWvb/FREyIw3tgDfb8OpFYgntVF/jVq1wuCHzqu4OdK
+Eyk7GA6F4GJDeCjfANsf2IFG51hEknaDDrjcRq6mnf3Fx96BM/icoCVdxMOOAQtl
+BEUwcAfgljViXl5EDjEKVzlGD+KNTxRymTqNvB8+Est8xfXFx6VxKA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280OptionalAttributeTypesCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280OptionalAttributeTypesCACert.pem
new file mode 100644
index 0000000000..2f513ebe28
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280OptionalAttributeTypesCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: DA 68 43 8D 10 7C 82 D5 84 12 6F 02 DE 4B 7F 0A 58 CC 97 86 
+    friendlyName: RFC3280 Optional Attribute Types CA Cert
+subject=/C=US/O=Test Certificates 2011/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D.
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID3DCCAsSgAwIBAgIBYTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgZ8xCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQH
+EwxHYWl0aGVyc2J1cmcxDTALBgNVBCoTBEpvaG4xCjAIBgNVBCsTAVExEzARBgNV
+BEETCkZpY3RpdGlvdXMxCzAJBgNVBAQTAkNBMQwwCgYDVQQsEwNJSUkxDTALBgNV
+BAwTBE0uRC4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/fMlDz5JD
+/7MBJmlwT5o5VSaKNzR9atn91c7krfu5XtXr/o5sYmEj9KjxxFi6lj8aK2Cg/euN
++pnkVq+hDpPfGCpH61mSiEqTUl0IoNGe4OvOVzb4TSJdH/yK1MzWp/j+dsad/xk8
+nvkjKopwAnEDBysTXO6aBQOYFvnQjmCSGBI10Ol8y82eBRIbs6YJOUWNwcM1lbPv
+Xrv0xQjFHKTmUQI+FdL+GMS0bA9KyKUrNaJV+wjkUHLl4VJ6KqfXJHDdlljnyIuv
+I+aiCPLKSRlvyno5Y6TqiNEfSt/TZ5NgULmuRVN0Co3vGQ1SamZktsVMMOwezYfh
+HiI/iqJlgxPDAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZ
+XahmMB0GA1UdDgQWBBSbbm8/iqf057WMMVvOmUuRHHx8vTAOBgNVHQ8BAf8EBAMC
+AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBAAj6iDDC+RKlBUsSdZe8/5Equ2UzaVj2P8vP/zYIsxWS
+rJwFkWh4tzgjH73ebe2IgZ5J+C2TvQ1jyfAOR7QulIc6Sm3izVdPLviV4OYA8goi
+1dWKfxz4Aj6FATriooSFmH04ovaFUojUwdqlUkVJnWZTyLrIZJLMrIeP6BDHBjHH
+R3EivHM+Wrz3Jv8s3+wA63dVTfDRn/zC1ngjUvbaQc1XFZKl6nuRFB9EyCz2oAV5
+EyJqI8K12JJqeAwdOSg//FhTS8tQPrYe1XHT8a4yjKj8HXX2PXl9l1N9gXJ1+T6f
+Bmlx99K0UFrm5Ty7bfhLgjKoaBiFKjiLUDLzGkHaV6M=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DA 68 43 8D 10 7C 82 D5 84 12 6F 02 DE 4B 7F 0A 58 CC 97 86 
+    friendlyName: RFC3280 Optional Attribute Types CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,31CD9641338E51D2
+
+4LFuZYJt5eix2uTc9RfL2KQ52YS0Z0Vwo9I1BD+KECk2HxHNsaS4YaBmZGc0ddGZ
+bqVfCQx1Ri356spgyqhvmEBG4MvAsFO560/AXErLmABprYqokxxsRcJSTppfttW7
+ivjDcgAFItOkzDHnqigvKaKmJMcSHkzuJcxbvplMP5MoxuPaaq6sC6u525ZoJM2f
+B9hEqjpHcCb/WmPL0dHXt0N4Ev7kJb17/c255z9NlUiMuC1YQ6sd74QTofc5otsa
+su/NqmoRRGvE0bErU5ELiUOa7c+uqKSMr/Cff4BghTW8ZQRJ+2xOAejeqyUgmqdZ
+heyM6znc6kF93NJgJxxDIIUMTla7fjWWI25s7Y6F6NHO3BT1lGN3yresTY2BPKoh
+1+ahTdEqwEb/PWdYoJO6bZ9cfUCAA1UD1whQNwmGhaXMmts4FxTwVRVyjBCU+0JU
+TOabA6vfUURqzy/WFSxKSJ6CL84HAwzebkF0yZ9nXXMqGbi3GO9pAWxEap+ekEQ7
+gfYzhepUjAvIVS6eWQtv5cyNrvOtBkRgFAna9SvEktrp/t5njusiu1x2afVq6g0e
+ZfVvtEMpP9O2rpUhXyDyLmgxPss9fpaM+b44o7SeVF4RnzC95YK/QbX3KporPKp+
+e6FuVkGa3/H1+R1XoXTa/xdrnuPNxqxDpdAs3W001IIRp7ieZ3TI3MOIKVvHaQEE
+mVR2r5pFo5ZasWCZ14RiZGEbBSo201g31FZQJIyFtd7f8s/ThQolFz93gTnxIGxA
+wo4EsuVYEdjjUf8Wrbv2ARX+eMfZ3P+y425VXx3XGVwatKtiL/QJS9BQTGH3Qezg
+GU8g3t7YI4LKJ0RfYAG7s9yT0kxOQX12GFbYTnjF/X02pMYyMofEofwENJIIdWYb
+cuvMk2KFnFixjXGneu+sdfdsmwwoMu+D0Y6+eydHhdjFc1XnP3NKYjRVB6gHJZit
+BePcPvzmWDDvrehGkdY4erEjhaE4rl5w8wcMIkufb+g1b8szK6aqo+auiq4glDc6
+jlt0eXI+IiYEm5hC+BOpqPsrcnc7iP2tknNo/yATP2M7VvyKAffCyKMzEldCC+zM
+hu24bJ1Nc7420u/dbuL0s3RVTN3cR7vDiKc+kmoJjLSn+4t7OxX+bl+XYa4GZrZo
+8fn5l/dV3JIcQsV8RFgVJRHbQj06wfEgX7PdxYZwhCK9gdmqKqdZSMR3CXk/3ifn
+3guiGuwKgk3lVh4uk33r4XTl0vlTKS8vEBGOAA+poKoBJrlX35Eujm2L/E8u4BKM
+UObcSpXsMF1Tkj53dWy7SSUAUXWlaBwcfv/h1iE9xnbfdUwZy46TpTbqD5WhfHix
+1X/set9NxVjlWJhPGM1nvwsAtJt7Hhr7M5fDb+yc8nVGL6DKqMLBNErjVwMcLb4I
+nGX7IeOLX8aCxd/OMgsKeNyKipVSEOEibrCN0jOeg3xm+QbPCwqBeVJ7lLxlO6Kw
+riCD7+NFnOR/P650PIP4Q61/CqilpHZDSLY/SC48+iXeMLTE/ImAlETkvVyhk2Xb
+HWLHptJS6GgkVDoKllPcoPziHOctIuUG1oRxey+Bx33OWBJ9NU749By0b5EH8GDT
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RevokedsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RevokedsubCACert.pem
new file mode 100644
index 0000000000..32578b0876
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RevokedsubCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: E1 41 83 40 CC FB 1C 3A 07 07 8B C5 19 5D 89 0D F6 2D E0 65 
+    friendlyName: Revoked subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Revoked subCA
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDfTCCAmWgAwIBAgIBDjANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMEYxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRYwFAYDVQQDEw1SZXZv
+a2VkIHN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRilogkM
+H6zEvQ1U9XzZKWJeWbmtND2B6Lz5wY6wxo8EriHm7A3tZSrctmPwDwy5WBVvhG9e
+ySTRcoa3ufPTDvYzigh8x2pSUM3Vgp1GuW436kiTkWdM7kyxXSmgMJ7O6utUj2Lz
+nb3/X3XTA0j7AY3Fd9hLa9Jb6QrQYuzR6pAQkB4aiP8OUW6w/FBwcvR2wtDk57Li
+0Sx4eF6oebCkd3Ao5EIPlWhqqWeWRfx+Rl5nSuNSIUq7ac0czQBk+UzLCc7Wo/qd
+E8jc0v5IrxBEcXPtuSAPX5KvMYTpxoChlxOfBwLwAkmJXwvDV/KhREPhlFvegZ6Z
+kneDbUE1zigd+QIDAQABo3wwejAfBgNVHSMEGDAWgBRYAYQkG7wrUpRKPaUQchRR
+9a86yTAdBgNVHQ4EFgQUlm+SmaDpdnS7X9T4+xnZzx0FoO8wDgYDVR0PAQH/BAQD
+AgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQCHdQQiC/69bsibnkOyswShah4+Y1vm6sf70vQCnKcA
+Rdj6I3NEqVBO4/nFkDZIr8ItbU4QfbKGk52NgcQIvql9dWO9CpwTCCC2tgHFOz/U
+P5bjg2Y0iJaIBA/QX0xcwQs0cG5PXgcF9ywRbodQcKLnqdcInBA+fslFQVHuk3rp
+ZS6juDwJUs/AkB9RBjh3APvCelvjMOb1W54y/vUWP8DUJraHrZeoH6s51USu9cXm
+R5jRBIhrXD0Zgu2TDfmsYVY2gOGADox9Myx4LLjrfKkKcKTHGlNOkfwiEL0IH6To
+ASg23Vl7PA00Roz/tqC2LuVrnu1QVmnNGQgDiFqktcl8
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E1 41 83 40 CC FB 1C 3A 07 07 8B C5 19 5D 89 0D F6 2D E0 65 
+    friendlyName: Revoked subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7CC2FB6699EEC94E
+
+SSAqsCQcBeuyF0pejm4wQwIeMMgi0KxnE0XMlHu/9qfv/0ezDDdrswP//EvrFMh3
+ZtkaA0E+MFnUuhRa2Rhr2+ufK7xsgYPsKVwrWEu8XFE5QfCQ6VHa5VtwSjYp0/tM
+2VtFCsXkPT4JHr1IRfOwLzXR17/OVGOjwMZfrfFzUhkMUCUpVrAbWj1WNBgp8v4D
+4ngWedE/dsRmuQl2TDx/PY9ZOq0mFSikOTzOT4rRsztFzKFsAoF9smjz9+IOwvgr
+Da8HTxjWuk7WyJJrfB+qRWSks66+/QWEL51OqIsqpXLGFW/N5tL0sdhMqRTf1VhM
+G0zVZswQRenz7h7aAIex4TuDKviXEJhMUOycpjsYz3BzNtgc242+LMz0NDoO6hrU
+jzfWtvmrACv3aRWKLAvXBBRV9JB7FMEAc1J67X8rthpXI6Qdc/qU1skDBgLL6KFP
+IzW6zYKcW9+nfIU58a9fZXKgHL86zBRhXmQAVmMyRh5Tn2il8pefimgDupr7HA9K
+lgY5e68XxVeDEjbVtH7400DPlBL0uJUTfy50x3asSJJIA462egRJfP0rsxrQn7k3
+NyuzKYJr4Ga7ltXzPivw5fM+lRNYl4uMiFVmpaVptepS5NmdUhXTtXEO2pUkKFVQ
+P1UUc+pEmfywBLYn78h4LuOKsOein1Zg+QsfHqhoNMLErHs9X7eOI8cMCpvFYHaW
+0uri2IU1q2crBf4Q0NRooH6c7yjMAYq6Cgn82s4k5vAQ+qEae9X6Sebl+Fie/hk8
+eVhG1ki2DHtNTSBD0nodjh9OYApGnERh8SYSNpkmwtaR2n1Ht+N3Oq76iqkYGZda
+6meFubYq+qLzITdpqPppd9pbDQ2Qhvn07u/wStPAnrrTfTlpYf/AvsekRUXeWymE
++7gWv5X0QyVDHBIPR47Buj5bpoTzAgTMZdTypo05jCMgzGo7YcrYlrjEwXbTRi1H
+gfDChou+xksAPe3IOnwECIPeVF5cAtAuLaE9K1YpwZFjDJRr+1+Zi0zRqBhiFmau
+U3V5AKvqaWKhJgsfbqn3mbi1BWr5WN6SLjpDJiH50x9t0bQOxbs+I7SxyJ9GnNUW
+DMhLo4zw8kLPbMe+pcfgHvatGtpA0TJ/+aLAyDLKsKqvuXD/rQ575s5iVC0+BAVy
+MS8zbPf4PJbX/m+6MtaQTlyII+LGIK4UN8Hp/CRKPJJLDLUES+PifAm+56D1Mgpw
+V2a22kE9usvhQPQW4yO7AE0eSa1jdyP2PAdjcK1AjgboStHJLrvlIOOf14dKV1uD
+LzifkvZaei602VSxXNPeHzb2XP2QY9vaNkxqSmD9lzxURj64g+mCSPlO+aJ8m52a
+COLQTfZ5CEiBGgjlTdZKy8fFKgXSr9Zujd1oen+N/+mJANbPZIePHNhFYgJ3kMEt
+JiPw407COXeFlX8idmuuNqf7KceA9XghcC9wd2Ezrri5pwAtQjxpGU5RuzQrRMN1
+2khmYv5rdVjcnZQPwpbf+G1Sq3VWCmitJzgqKfJVlFBtwGL1dMDZbvlGb7jtSh8A
+rMDq1/wvncdzBW78t5oPUceCaKV1dAdfGImb4fLsoBYvEcsXS+h6atPKkDZC1bdf
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RolloverfromPrintableStringtoUTF8StringCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RolloverfromPrintableStringtoUTF8StringCACert.pem
new file mode 100644
index 0000000000..17e4e8259c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RolloverfromPrintableStringtoUTF8StringCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E0 D4 12 A0 DC 4B 51 3E 01 68 B3 B7 0B E0 32 00 08 50 CE D5 
+    friendlyName: Rollover from PrintableString to UTF8String CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Rollover from PrintableString to UTF8String CA
+issuer=/C=US/O=Test Certificates 2011/CN=Rollover from PrintableString to UTF8String CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBADANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJVUzEf
+MB0GA1UECgwWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE3MDUGA1UEAwwuUm9sbG92
+ZXIgZnJvbSBQcmludGFibGVTdHJpbmcgdG8gVVRGOFN0cmluZyBDQTAeFw0xMDAx
+MDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGcxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+DBZUZXN0IENlcnRpZmljYXRlcyAyMDExMTcwNQYDVQQDDC5Sb2xsb3ZlciBmcm9t
+IFByaW50YWJsZVN0cmluZyB0byBVVEY4U3RyaW5nIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuEETE+kVGfvnJPPJHUxpy7khkrkcBdQPlj2HTZ9i
+LbYRvpIAC+Qa2lAVwzAwshljKfoGD6ZuL0sHATtKDC0/+iyDTOG7UJCGesmbO90Y
+bgLR/j7fT9RNMND0BEycIOhBukZ4FkjKWU3+KFjQjMa9nUGECoNXyjYnKTAYj07X
+sR+rsMgmzRm2TzALDArS6D+toFAs8DbNbtT882ZsE1h8O9VmN5GkWzrEVBzDGiKo
+GUAt9P/ZmNVjx4gW5pB0MxacAvK+HxohxcF/y1gRZ3zp2dccZiirFK9GoCst0pDM
+qqEgDRyTTK2a7hZkLtmVRNp2VIh7x5+hk41UnOELKoRErwIDAQABo1UwUzAJBgNV
+HSMEAjAAMB0GA1UdDgQWBBS1bU8oP8e7sZikqaXQqFteSnSz5zAOBgNVHQ8BAf8E
+BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IB
+AQA4KPELZ6+9+ZDvahZzIrH+QTAWJg50Y4xbi9Zhs739Q4F0TGrzwvXIpCcTY5iC
+IrIBWHSqiE9cEEShxnY+sdGdAgtW7oJdRnVl3JfuNW9moIueVdvk5CbVGGdMzPIu
+FfhNwLUHfpSrUKek+nWpWPIoMpQCmMVbIXVMRbjL7yFJZB4kNxo1650+Er4Kdjzq
+TnedRp+n2+Lm1M4AxLUgJ/StrD6b1WkSjI3LgiqFLxdwOeH/Im99UEUyTulhSUCI
+ZeoOali6JrtcsuMwtE0su8xLuEuHgCuHV3rh54ekfiEFmgUOuviiUSoYU8WoFk0O
+ds/hkFuM1qLbRxFJU4h1AfKz
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E0 D4 12 A0 DC 4B 51 3E 01 68 B3 B7 0B E0 32 00 08 50 CE D5 
+    friendlyName: Rollover from PrintableString to UTF8String CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9DDA760B90D3F5F4
+
+odK0zz4yql9kRhptAZajKhjn8Z40phPXVyFw7Oa1H2W07aI8ebO7TFWG/woxEZC+
+AIx53YZA/Wqu4w+rSGokIXv7CMMmx0n1h3YGYE9nbS/Cvtqr02NF447J60Q8GGl1
+GRrOhSacfge3pKkdFZRZWgQwgcJgtZqLbPZI5rGkrqTc6h4AwRIhgNp9NdeSqKSn
+T7abY80UwouSMjaefqARTomvPihqKnVA3SZlKXkxB2Gz8elW5UP5MfWuZZV0yBqq
+NtegLaWeLKFKQOr99t21MUHFTD6vH5ELQr8XDHfYdDPTaMirhfySo+oUSa5ueE5M
+x454cqPbxPJznKoQrAXtfLjRdoFPSN5G6s4paVP327cvHmtIOD1YYgwEtG77H35j
+52lsSz4SOyBVWL0UfdnrlWmY3BaAg+HtfwkaacN+yFiPA/Eirgp8ImWn03GIbSwV
+3Lx6ztmIuDs+ma0n+miGAtJrC5rmAW9tJdwE38q4K/tG5UBASK7D63zm5/z28Jkj
+Wp8D6pmM4SnpTKJ4icARvIN2/BciEiuAUtlmqJel3YJhCDwcMbtdv1r2hyJSjwNx
+d8YwX0HHvQrWU0/yxUcC/aZ/yonRZq3cCujcQlZTILFFHm2uqkJGwHPi+C3TTctw
+Ct93ALYTDlq3YkIQwRY6jqluoDs4YgYlluE+cRv9a6+BnifwDeDnBikRFDhjEbqr
+SpOYNG80P0e4ifuKgngQUuR71GkezCJ633lyerqeG2RsXDRwVpbK9279uEL8IooN
+H8Ud4iQ4kXYUFDD7wRcUQy8Rz/4+DI6cixxhSmMR0/2ljEqDdtWpElnJQXoHgISP
+kY5vj3BT4WyH6xhWbImRI4BKLHriPT8s3zzE4a0UhRsy1YTvoKBp3//JQxx9drb0
+U10OFHOQsU9+dpdGOWmdUhBDdPpOA/iE0CBjwgar6Z+kVmRgiA3YkFI7ezbc4G77
+2Ep4ZD5PLEqK/Lh8MjXY8ysok5Ki6hcclq7R2XyHld2K4RxHIxidQybjH+Rn0NEB
+8RKF5ID5jTKaqe82ivCGpQ4NkbyqS5Vs9iml2yESOzQt8zKDbpoKO7WixBBWm0UJ
+FdRKek9xZj8gBTDLnDgDaXXLy2ZAmuYHo+NNbjbkSaYx21LJ37pGqL00OqMNhKVQ
+vLXaDHVrDVBqHKfnHlULNvR8tV1BH+BplyOebwawojgqSSwlIUCgkg54TC0TFBI+
+MpT71vFv9WzHQwGID5Lzxd0lC/I4osSCxERF2iZtyTdfWeSO8hbSKRea/jdt+DEc
+BPMe/DZuV/QcvrLJhcJKD4Twp6LYyLp7OxcJBaHoBajIznIN97d1VTn6PFYdSIHg
+exqDN/bULO6J/9gLrGlv3HgJzxmG9Zuk3xy81B3ua5Ke7/wkNIpmoInQxZuCH5ES
+x/BdQv4XlakRy3Jw+26sZQKAkAV26YAgj1IUTUUa8WeHfTgXMYKLzcekPimWyu5E
+JkeSjwaFBEf5978Tb3Fw9pM/OTB2dwt7XrZHbPVqdy9rZ3H38wUET42jTFX8QYpR
+/ni1glyQZ2EVGAfyLMNp9w8YB2AKPiZ5y36ePJS6cawoSFZ+yIE1ZQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CRLSigningCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CRLSigningCert.pem
new file mode 100644
index 0000000000..885034098f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CRLSigningCert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 15 14 A0 80 15 E2 88 6F 58 26 40 63 59 58 94 CD D7 81 E0 46 
+    friendlyName: Separate Certificate and CRL Keys CA2 CRL Signing Cert
+subject=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBaDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JVNlcGFyYXRlIENlcnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWmH0sVxVN7JSbzHWG1otmjl6HCXaQjmM+
+q3A7UZr2F/Cem94aL4tzAERsgT0VqpooRlGItI59uT3Ae9aYUHIRLCzs6tL28ZoA
+zqmYVtv9z+sDPfv9wddp/BcFzBh0ChfykqyH36+m+NjRePniF6AUJ7lJqgVKkHu9
+tRaW8BZTwk/BGbhr5d7GkpEiHsflSKlrPWf6GZa/FV/yA0P003s7sUwVOSLQR7l9
+GlE9/BQ1kH2ZmqB1U8Y3au1lvUY7AWSOSLO7RwDTPXjhgzY6DNLtMVFYThcbryrI
+StRZdpFjYoq4COILuJniUdmubgOPhrwD+aYSHsthHaiiFEf9PBsbAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQThD2E
+jx6qfIF3XzHdzWDzl5fZsTAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDgYDVR0P
+AQH/BAQDAgECMA0GCSqGSIb3DQEBCwUAA4IBAQCEm2lpy7GZwfeWqqR1AxiCsBBS
+iQQ7kQwgsqMx1RvP0YpT/Nb5t/Yk5TP0ofSyM42MNwhw/sMiZ9KEShiFy6ZPCG8M
+o2ZHdPLVV+SNcW/MI71ndc0crqhG772BNTkMN15DH0v7aGLcAKzPrE+t6Lb59cnG
+ec3M1+VQ1xNZZqSQuAX1d0OdlfIYkCcZooVcb6vqx/Ddmv/iV1fw6jgjxpY/dwze
+guYIEwugf/FRkIdymxfAiZ9B3AceD84BbOVoasJN1Vu0zj5AUd4murA+Evy9b/Is
+0uFesDDiT/HcOsySEOGlrfJo4TCQAmV/olVxK113cGVIgVP2RMaD1gXt1qnI
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 15 14 A0 80 15 E2 88 6F 58 26 40 63 59 58 94 CD D7 81 E0 46 
+    friendlyName: Separate Certificate and CRL Keys CA2 CRL Signing Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E1AD060693CB28B5
+
+XAFfOAUgjK17Ij6zmBZsVKwxp2vXtrlvHYiLHvfpEdWVXAYXrVuhfL/kdCkkhZ4J
+P3F6dkFzavQ0dZ3Qf8370FwxP7WJpJnj+6EgYs3Jg3omO8UL7hhm2kZLPo86/5UH
+atjmbe4imgCln0qPpeZNokbfa7EUEHC4UtGGPeJpeiODVtOkTKlrUDjkZ59Ywez0
+H/s1SclteJ62XFaQMKMLOImbi/PIyGCj/jm5xMJxZdj6eY6HjIpzA84yVofgDxMi
+sSc0sXKbPGqFNnUV9WnDDbI1rapWTuU3IMsGo3zjoIs2HhPW77YEUX4N57ntHn3I
+M39rXG6zFv3XJjCAM7qADfI6I2Pt5sbrVQBm3hszpZCdtxcxs1hC2xggX78vV6dd
+KIUa0zThsx/9hhaydNyysUx8z/Yy2Z2An5uEyIwWtgwO/lMfON2eQOeoP5ZX2zXe
+MjPyMgzog52yQcpJ1uvtuT2+FBrBs3kAczAU9uctauVMWOF0BLl3BTbg5b9pQlsk
++wZoMyn+RhHjWa8mdaOJB5SyOm4XSQsZNpgmcMjWYPSLgHErqcCQZgriaBV7kZVg
+ZFF65APt2a8bpa3bwFHl+EAgncn9MKi71AkJXJpwf/LWcp9WcH3mH32CuwYNaGYb
+vd/Z81XRSBLXU+XMMdAhywW4vTGzFG2RYiImb+GJIN6CSsodJhNyi44rgPt8ofKX
+a+SPps2Xj97DzVvJy8AzDX1C3HZESo3nQV5DBYtVaxAfkbBoSiyuXCx1kXOoaIHt
+FbXz7/O2p2Rw6I152/IqMw/3J4gzvqr3WSfUgpUepb44sT0yT11CQeZIu/ahsvy+
+V9ZW93P7AxYH4Xup8I5/YlxuNxFBRP3XRgI3nJzw0uUdNtY5QqQYJUJ/lL/INv3M
+8GzZh2U1PuZ70bb+nLa2L/XdNMcDGNonYE9H3Pd7/5rtk97sDS0Homnv1toYcqbD
+2oburjwDMTOWV1xDQcbLHnnMXLxYEwPzRYdH4ykSDxYo8QIrAjuX2O3gsQwzdDYF
+coNuNfAFXssWX420htjmNAZPm8vnHoEzWoye3v0mQTQ940pkn6Kr+FrBr18UZBgW
+DRE8WHqkA64xOUXaJJf6CbBQ18ZWyA9TCXbUD3YO7Lnr/K/LSXx4vfunQJRQa63q
+ZTGxQ1YPSMvgpnm4EIb+MIOZD0YLIXz4vUPP62gWhtk0g7yiw3ba9JO/54Vl2vJY
+XqUYTbxQOc3tqBXuFfq9M0675eNmFjplnqzzkLkLgGE43tK+ex6+uxjNmIuZHp3h
+Jxu/DSMJeeOe93eUEx52gBbMntGF+my6u6YDejyiI1rSiFf6+pbBvkC75VQ09vuj
+Jir6RTcWnr/TxJ+3bARFi92zw2pW37NyaQr9D730C1ipqPtxzMNHROGRi8czWpvI
+DbPLOes+e2tSttLSyBSqgX1EQwwwRV37zYH6GFdOCzCtJ2VQAo8/1xfE1SBKLnbb
+yz6Y1NcJBCm4Wgrxex8I2Mm5nBFhmZtpqCGBKYewvyDKAx92X+TIaIYyX2Yy79RL
+xrNKZCxGbPjuXTT8ntsYTldpYMHq/rpH2wfljtNuwzgXA2jH9d3EfskBRyNGus02
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.pem
new file mode 100644
index 0000000000..eadb947174
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A7 B6 16 A4 3B 15 81 93 4F B7 BA 41 DD 6F BD 0C 92 5D 23 4B 
+    friendlyName: Separate Certificate and CRL Keys CA2 Certificate Signing CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBZzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JVNlcGFyYXRlIENlcnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFYsYa9Wvs1smcULUHZqU/AJq1CmwzH168
+AzGaZnuLzIyYqct5aSydjaYh6pw8Qdo9YGpsGZdrdVIrorR2QXImqG2IdmMP+nyg
+/hEZKk1r2TqExjwextNIOJR40DCrpvtSjGj/zaP8QDGZKdi3cfY9BHIYUJVFHxiq
+dWkNEc0myPYSu+y+uV864I7WT+7w9aIlfwy70DF6o63YS+WYYXMwGKdUspcLg0GY
+7F+rqw8c72xOhAQZfSTUfOn9L8cB76kgvarYGT4zltGh38NrRoftXyMOGk0oRVsy
+1Qgae3u2PXm2H/BP4/JwN72xvv81clmAfhU3O6QD85CHGFrRCRlpAgMBAAGjfDB6
+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQ4oxaB
+OI4YTkV/B/YRouJAZ5t04DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADggEBAEBL
+58jRnzAPzJLFoI8KtE5sGyo7fTkftuUZlSUeQURg4VKGLGpKClldAzIXUJReOsMq
++79P8b4HnOTztmIw0ax/wM/mCcjQBDPcgNL6xi274neuVQl2d1ekmTE3j0IVsXyd
++ck4EdViI4YLs/m4lllj+o1nhoZBWoPheVJm6meQfIb6bhGJwVZOMGZfzVF5UfIX
+mvW5xJ/ItI9CI+gcxt+Xn+rBD0AQvUimSkxF7ToxcpjaziwL3gMAKK6UrtP+RzcI
+v9egONl1LBx7JcBfbbQEoxyzRad6t6ui9MajKFhHT8wQ5XnLahoXFcAJbII5TPkm
+C1H/b4W7FXQUbnxMCxE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A7 B6 16 A4 3B 15 81 93 4F B7 BA 41 DD 6F BD 0C 92 5D 23 4B 
+    friendlyName: Separate Certificate and CRL Keys CA2 Certificate Signing CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,849855E743148C79
+
+JSyzpxxzuTpP4rMHFriEzmS5Nj56E50L7dq3NkZ6mhlKdYSGHhNGU45rYVMY2D77
+1QagCtHIkuDPo0FlwHAuueq2W6lOMuaoUkVRtRXX15lAzkKjgSew/YPFZTljUeET
+5lIvxCLg/bOMXfmCjpN8deScogHIHb9HK7FHqVmoqzuXfoDmFQkrohBo7RaRnu3p
+Mgj67Zw/DqBhSLSN4Ug/AkqpelLYCuGU+hdTai4fMQNXtvDqzi2cp5glUbgNRoXM
+CCvkWGzcCls8bx/UVIlslPqUa9lzFoK8ija5tljhIKl9TSVJi6O+pLmgxI8GNpF8
+Rb7+aMOcxR/2k4O8/eYtRgmJv+TNYCeHxuuyWI5FauxGLfsRJoD4Q4Vat6xIvs/T
+C7itOaWKTnH54h7eUktkNzJwAvbrfNlhUgtlfeH9AHMm54/B8bE0Drv+rv3MJqt5
+GDYIjZcb6my7gZlrJ6RnXC85s2e9sa8tvN7JCDgSGFCK4vd62aPue6TMk29+k1QT
+Mzbfy1XDDQJgk9q9qc97XeKbNeZVYuMW/8PwDR8L/V0TLSWxlPmZt0p5S+Lb7KFt
+sNYBq4UuLRDrMpX4hZ1R3lY6rhlgxEOs44P0Zl+rzYjjoJr5II6QonrRv5BMVjqB
+2sR9cKvfOvFm9AVMvFylzCvEizLvtifDuEcRvYMjd7VBQleUWgOpnxCzydabhWVF
+nZ+BPVlmZZ3UpIENtP+7AGEt/uEZXU3aDiC/ryHY5X/eOHOU4GczVGBK793v4LmH
+qb25dLLhW6SLs5KobUlnRos6Pe2LrOCWo5/e+NSeI2WLQ3FqgGKlHAOENrw9sFSM
+ACcZ0ZuDNoXGj99c/f7uOE9Xryi0ITL1sRvm7qRruQ/goHDLYzJqJWW+uxugYMGR
+RmhLrkjRU8OSFOl1YprxY8JwzpHao/B2263PxUf0gQSbeIEuiH6kxWxABOX9ZkyE
+aBVKXwjtyAe3CJhfCNRZeTZTbeCaWmkY3vHPAcBCsdo1NU7YqgECWn21lXDNTslM
+kIPPvE1MF9GAXWV0EBC+1ihdk15Ml/QYP3R+a7KleRMvbBBdZhuh33z13qBt1WeI
+mThCtLNoTcx4nSdASeuwCa2Mz0hHcBTAaPMkEmZ5G083ehNVPYaxw37A2Ix49d+a
+y1B2qToCvj6N5t/BkQci+Jzfrtj6jOpianS24BLdO+VNIXtq3gX8QmftPNRyT9jI
+UMXAAuInIWlYP1HskPvHmghgemqEh5TuE2cClVM2YfNQKnysrLdaN9Yf30o/Keud
+bY2Eca8OLFQCMM05oC/TshkBaGy6CRvUuZJ4xVf39NeFPtJZimctHH0ChgXNCa/r
+MUMV6QSEYigI8qm7hgpsAyAWm+eeITqIhpdYYY5Wz9x1RfX1InqbHF+3UFKr0d8N
+pSde5byTb7AYRv1HC0IbKWcg1N0te5C+WKI5crvdTKgr4P7FsBbzkdQbUDoAtjOc
+3vq4BU78rqePm5Q36DKG2Ht/s2H6X3GR9PJuviKCRUf5nJyk6RWfzzD1nBWiNd3/
+z5ONNiFWnGLXh4AanZGUrm3J/FY3vxo6qMjxljpk2xZerCfgzrkhNvrTolAk/WH2
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCRLSigningCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCRLSigningCert.pem
new file mode 100644
index 0000000000..d82e527597
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCRLSigningCert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 7D 9A F8 FA A4 D2 DC D2 E8 CD C4 15 46 C3 04 51 78 C6 80 14 
+    friendlyName: Separate Certificate and CRL Keys CRL Signing Cert
+subject=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBZjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JVNlcGFyYXRlIENlcnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt3Ehzo3kwZuJWuTbmmbCrbv+6wWb0P+BH
+VCe7s6xJ3E9OxRqvxlshp4j5LDydNpnIIuBlUXcVdNMi9dIrm5ibgYly3H8/AWlk
+oVT3cDJQlv74oJ1F2vM++dx7xpfE7efybfEVbX6/5l7ouqZkGvtHUA1dylN2iwWb
+EgmGkF0XIC1pYChFv8If3Kd9I3eMqoDXJv6eDB5sSWjjXAZAdcuxwWm3ImjaQHDU
+q33ICEEbdCY6Qst4ocbkhi9TcGyYP0UqO500onu3yFXPdPx0YXftEw8biRTAYjnY
+Sk3DR5i2VZc7kOcvO4xuvon2xirQVv4OBY8l1w+m5BFlxavLti9hAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRyikML
+BFs9PcRV4YPGn9+Qyur3XjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDgYDVR0P
+AQH/BAQDAgECMA0GCSqGSIb3DQEBCwUAA4IBAQAh9MHideOQLdw0RnoaSAbA9i5d
+u2K3FdUw7X8o1Wk9VsJmTPHQ/lA3mmohF7sWChwC+YpSwxj/TYYUaT1MQC+t/sYn
+fiA9s4jlz4Xl36Si5ks7m3G2d35ApS/iaeWHWF8NHo6x04jEWaMNNtAwl4cSDzu7
+xljzpSiBpwr1KdEbW5STqnLogu1aSlN74NWVMo+fL5HJds007nO26v9wy2uzJVts
+6tx7C2LYkgu2ZaeenXmKxrSdj3dbpU11/lb5DsEt5xZj6h0qve3f03/Z+jTFcFZb
+hKp8MDt92jt476/yKQZUObKpWtvhekGbhaxeaArUqUXJEXyz63JqWf8+4zds
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7D 9A F8 FA A4 D2 DC D2 E8 CD C4 15 46 C3 04 51 78 C6 80 14 
+    friendlyName: Separate Certificate and CRL Keys CRL Signing Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2C08B269BEE274A6
+
+2nCMqz4Z9jAqZu3aJkQLe1ialqresIxKIiqamZwqTUAuRv6SLso0jkCcvDmRvtBb
+bc91dzoHIBdXRFDM/L0aMhTERo9qVIFXRB1hu2JqtNF/6IuATHxltsV11oJmW8F8
+UD6n9SCueAB3L1qVdopurS5/J/+wSwN7JVmJ4mF/yKpFXcmMIiAZ1uheyCflcqel
+3trlDc+/xKftrMIAGpIqLrJVAFRp+LLQQceoGVUSlBRLVtq8CebMz14LWtzof010
+PDJCVAl+hKwqF8KUaLwLqd14ev3NYSZFV0EAardOVmtErq/KpOclCSHOrxji1xXl
+lxdXL518Esj/2VJS36rZd4ex9GISmMcqY6Gj9ERy5dKDvMP0Wmb1tMBj0Zx+cFh+
+ErBAxfZLmD/xcMOZG3Id2Wk+62Z0RHd6cOQuF/hXdsDiMJ1wOqvovnjgu4JjSVur
+XVNzae91ppfMnIQDCjhvw0I4dSs+kV+x2h96oolMgADPg/tEGxqSvyNAtZFD/Bn9
+ISF3SVYEequMPeq/u4wRlm7gOPdzOzRm1Xc05T3bE/+Dpf2djRv6kc2BuDYALUbH
+u/6L9PETZxg7QIV9CrlOn7gA+8CPJ8kzLlOB93Tjr5vORUtCa0f5isVWjHarkSs/
+rySC98EIMwbBE5Gt2cBYkZE/6heTnkbJC6cY+D0136G5L+Z9S3R8MQSIm7fsb26F
+EeOfQj3ov2BZXrJdz/0TLKD9+u5ztSm6pI3Gz9ljztLZsq43JOjhlEdRU2KC7D91
+pFRelbFPyInpknG6OVpOiYLC4s3DthYXa3Iu+eNPCPAoAMRJyWV6L6DfY76PE+JX
+ZoYkHZxSGJ9ldsxY3HGOwPHSmO1H747wjvGvV5w1vyoVqDfsBrvOIYomydD5e8pI
+BLelkb7Cm5pFuO97RzBLfzfRt8m5HmVYx28vzZtQPYG2ES5YutvZIIahw77dhuX1
+Z36hs1EP16jPR83pMVIwRJMPq12lmb+jaHDgpDo8VksYXMItfmNyjSpTYjZrfQEx
+Kmccy4KFi28OJCIM6352kIIRNqbHDBB4b4KDQBQImszT7DkNYuKM+3wNab6xk/eF
+UaoT+4IdxIoB8ClRQdW6hvLkdKfHcITLSIAIhdf/XTKVGPoxUuEcSw0BCNAUHvSj
+nL+PGYUpUH4PmGn9SlQ0f5WrA+rw4qge1xOxaoUdDWpaaiq0Ouwy1QhBvIW/nXs/
+LiET+dRU6CG0LpH8Ia+lUAANfZQ3bX7zvNDpeiAoqxfaGjQw8lNJYgX8DUyPwKuU
+HSKKbi0JeaP31mRzESdvr6Lrcri763kFn/YZelID/NpfxPiDlQJEulw1MtvZBFSK
+tQlUb+5PCG80vC5m7usTfI3JCQDr9ayNEIMhntTWYUImK89VSNs9oNtEcRCY6kS/
+bK0Q+J3tNVqgAxiQEVnwpy1U+zuikNpRRhcx7jmqZ9sfMfPkfLAjgn7q1pL+SxyV
+KcQhi0/r/agn6Ub9AN22ybSBO5b4FMtnn7Emt5HwD58kP/vnXi+BSdqX40Sscycr
+51MWa7zYEv3u9I/+A+TiLxBpPji5i3MUwVydNEbb5LiljNar0ZS051+UGzHof+bU
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCertificateSigningCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCertificateSigningCACert.pem
new file mode 100644
index 0000000000..96b2e52495
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCertificateSigningCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 80 CA E3 C2 D0 55 9C 8D 74 57 6C 6E 6D 01 26 77 78 EF 0B B4 
+    friendlyName: Separate Certificate and CRL Keys Certificate Signing CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBZTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JVNlcGFyYXRlIENlcnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQDDtL08wy2lDqK70D2Rat++J9XUvMChIl
+EzlBcCgkephduAGsuC1OlEoXSwhy1ajQMJWoZgrWr+w4VecOHs1KS/3kt38LOCA9
+Bh7y/eRCfmn7uBcerIL7kgjP3C9qYVKzEVCNIV5SAt55VxraPdv3x+HcvvJWvYuy
+dwjcc16Ik/EET8h24TVmM+TLM9GQFsw6MxJVaPKRr7EPQwCrdZQ2dFQD82Mt5fMJ
+bi1Bt+0wYPtvP9n0h60mEbuYc8FmFPWdpRam9CNaEoh2JGtWoTKviVPzPiDNUCJ8
+y4I00mkos+oUerQSRD2ACwcKy4BZyzqmPis8zV+QQsv1DAXjQNjtAgMBAAGjfDB6
+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTwZdo/
+Ghda3tW2SJk7FxQQ10wUpDAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADggEBAEZK
+kUJKVqTUsc/16mk7xqEm9lSFPZ82+KI4Wc6R6Cii4kOv4V4dANxAzwKOGcuKIVkl
+Y+bTze7DmO8BCBQ6YW0mgswkiKn20hl8DrNbjQ8iijTGYFvoOp5CUBP+LPRKN1gn
+/4E5ZxArB2KhCSlAm5GY1eIs9gdfq1al4PDEBRLEK/m6+J0rbsIiJlwkqRgLy+8M
+rPUJYXSGBSsHYg6tuokTqgJ+YUFWahKufCgOduYjfKj+fx6hnMzB63IrGdeVE8xz
+IinTWR5N3cFMngryTH17o7Q0tfTI+Nwlbbk+fXP23HbUYHXK4HKDHMZUHw0qxMeP
+UZXUvPJPMlQvcQqSnQU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 80 CA E3 C2 D0 55 9C 8D 74 57 6C 6E 6D 01 26 77 78 EF 0B B4 
+    friendlyName: Separate Certificate and CRL Keys Certificate Signing CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C90A57E276098AC5
+
+OA/Py+SF4VJCx0ke2ZNdVdlQ+M45GGHp6v+XeLSFwQsr7d3UdrePCBuoGUkvYhBn
+CbZAF9WPugpIEzQN7G5ynpSZBbCcLc/SOgEm/A/vbsdbM6O9apaGk6IfYQWrIXig
+gIlezg5KIspbQkI4dcnc8D7KGdgftpTfd9FEU2xIZ5SPr7asUQ+nOT/E3EaLkYCH
+dYZ7ZRSVmhJfafkiYe/wdIp6tHWF2LL/z93iGfp/nm1fRdfa8bBA5N0RVKhBd97C
+GdTbYZj8rGt8ZWQK40xn3emhzLmmEG3NoN8sc1/l7zfX6Wa+4vPvQ/mUW7lWkgj3
+r4MX2pq+TbDSyVfzq5i8JdEVl+79aOMe7kU5r/FGCAf0KGrhUZl8LI3sD7I498tS
++QNmjyqnFucx/8Vgq6RAqPOB1VHFOTBc4e8xJnVIiZTkjhc7Z7g/4MFH77o2Gffj
+wHTHV3vsoTQr0BuwQ5hkbabWLD873rGvXn59meSnc1bHNrRswwBUsamFMpmsdtjC
+Z8wHjdMW7mFrQQqipsyt9xmzYRjo317Wi7LFwCVxGz7pv3F37LxpoHRW6A+pKdSK
+v4paTcBvqQIH0qhOa60reGBuQiqMz4NVoCxZIARd3NfVzOGis5XU7ps8bi3rPe3R
+W2PG/K7MMeyvOeyXxGyM+nDX4E0rlNTDLS03GINdmNLnRbT7geV12KDs8FS6Gy0e
+KSevEnGrO0d6xITwPhYWOhLOtPTxvdJkHx/2pxbh2RU9jTzByKkoNFTS2PGJ7GsY
+jx+zy4y1knrSfBvtPDW11xem5Urb4Jgebp3gHchijLixvjDbZNRZ4wC76LuU5jwD
+6TZbDkdmKYyXOT0vnIesh7qVUAPebP6NNRDwCBU4+dnct681sDU6CiWcBamsjnzL
+rXPSFnx6NDlkd7vW1t6eGGTDMJsqMfdI2EKD4Qm1xzvdIO3zHdJLJTy77uhS3mrm
+ZRn+Qdd4FEZm6OZDDDDwylrWHKifv4ioyiRMGol054/0AC/UZqPoDdTC/V99I0pi
+XjEnfBs/f5mmX2Vz0sgYpDVot10dmM080wzAO05u8WqhMSFCU9HXPuuvihtNtAEQ
+iIP6CncqNvOpI4PCFC3sr9r5iyRpdSNRXevCjYRPtT/jd6yo+wo1Edr2CgnK8nd9
+4A4T3x8LmZPJOIRDIBYWwkdXf9IUPNPWnXlEbhMlam6cexW01/CIXzf7joTEgcnp
+9P5diGkRECfLirQZs0jrAawDRzFNrfTMyCsYNLfAV5CJJAZI+XIyKkYU5Fm0nbK5
+Ij9t0dOTw4n0ChXWpLf6smJbk0yAKu4MJok9dpy/hSnQUMS7xJMU/EYB7oEW+S8J
+1ZbyHi7zn9Udnmozx2G5O8o9Tb0Cp6wbLXSFRZmOPTMBqJ0+1HwYYGpvaqQ4XO3y
+ItnAciO9PzeOrrwF/KttJPMCjYCxDl1LuDIAhGK0C2KrrgBFzdVi3Q7dJKiXyDS5
+xM3gNAxCN69HYYh71mMNYmUViaECAeByjmeyyMSqBqsbS2krdBX2q1sOLV/VP0tW
+dKyIEt/GDLOOP5n4rvmX3ELdxBbIfmCNoKsLAbYpWZJCcTwHUlgv6w==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TrustAnchorRootCertificate.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TrustAnchorRootCertificate.pem
new file mode 100644
index 0000000000..5dae6269c6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TrustAnchorRootCertificate.pem
@@ -0,0 +1,59 @@
+Bag Attributes
+    localKeyID: 9D 70 F8 16 6A 1A CC 2B 9F 0F 39 E9 89 C4 18 34 F2 C4 5C 06 
+    friendlyName: Trust Anchor Root Certificate
+subject=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAi+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DFRydXN0IEFuY2hvcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALmZ
+UYkRR+DNRbmEJ4ITAhbNRDmqrNsJw97iLE7bpFeflDUoNcJrZPZbC208bG+g5M0A
+TzV0vOqg88Ds1/FjFDK1oPItqsiDImJIq0xb/et5w72WNPxHVrcsr7Ap6DHfdwLp
+NMncqtzX92hU/iGVHLE/w/OCWwAIIbTHaxdrGMUG7DkJJ6iI7mzqpcyPvyAAo9O3
+SHjJr+uw5vSrHRretnV2un0bohvGslN64MY/UIiRnPFwd2gD76byDzoM1ioyLRCl
+lfBJ5sRDz9xrUHNigTAUdlblb6yrnNtNJmkrROYvkh6sLETUh9EYh0Ar+94fZVXf
+GVi57Sw7x1jyANTlA40CAwEAAaNCMEAwHQYDVR0OBBYEFOR9X9FclYYILAWuvnW2
+ZafZXahmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQCYoa9uR55KJTkpwyPihIgXHq7/Z8dx3qZlCJQwE5qQBZXIsf5e
+C8Va/QjnTHOC4Gt4MwpnqqmoDqyqSW8pBVQgAUFAXqO91nLCQb4+/yfjiiNjzprp
+xQlcqIZYjJSVtckH1IDWFLFeuGW+OgPPEFgN4hjU5YFIsE2r1i4+ixkeuorxxsK1
+D/jYbVwQMXLqn1pjJttOPJwuA8+ho1f2c8FrKlqjHgOwxuHhsiGN6MKgs1baalpR
+/lnNFCIpq+/+3cnhufDjvxMy5lg+cwgMCiGzCxn4n4dBMw41C+4KhNF7ZtKuKSZ1
+eczztXD9NUkGUGw3LzpLDJazz3JhlZ/9pXzF
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9D 70 F8 16 6A 1A CC 2B 9F 0F 39 E9 89 C4 18 34 F2 C4 5C 06 
+    friendlyName: Trust Anchor Root Certificate
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,589B438A6C375D73
+
+1Sqkes587j3AgZI7YAdtWcfZKBt6weCesfcJpZLA9jWYXune85Qs6QGZrjDHIQT2
+bDokTc2Icf8E40ayuBEvZ8IVhbxCBGmLv4aKOko0KZCr2/irqrRGc84nYrFQIlZm
+FI7GI+u5mStnM+KR1XaQasFt6wlYDf4sWwqxu5f8oF5D74TsdhuQ6DIjqhaxKdVc
+ju2wVsrrrZ8Aq5z2uy8lmMdsy7E+e1LRuqT1ZyB87Q9eC7LvKaAftFQDzbIu4Os+
+Xx+YxBVF6Rf8/Zzmj30s0GauRWwo8O8W9Iv3Idb0iRiIHlzrWYYLdUmx8TtYe8nE
+jwxovfs8V0BmmzyMSJIFnoYTuq9Mx+8eUUc2bdZvNyYCoNZtyzvdBDriqrMiI1J8
+anV7gXDno7YgpLPRnGB2XG7IU43bqWJPZO2etT0RQPemRA40wJRKcpwSJKn5EpO1
+mmaVnT+CLycq7Fdze/3WZTAPJ2F+i9aLqSCtst2Li6io5fMmhe5zKX8AB0sXNLAG
+28k+s6p6CmOszOs4ADznJQ+ckw7F3eU5671hH8NchQqp9/7OFF7ZTSO0vmgNHrV6
+ZoQGphvD6u29Qam8OfXVxrDU/fr+lJypygcz61WCPkFoOlWBnKOzIper6MJnBwtZ
+Q5Xnq5XaTybjw+9m42H8kKqx9RjbOriJ8O+NEgriGEn+2vKfkCRTMbwRVZAzszEp
+8/dOkueyR4Uvm87383Uxi0k38tQIfI+kHG565Wg65OW+d0i9paB11wUZZZrle+PJ
+/Dm7dskDNEtKh60GxUJV1oUr1dAqSqsicA0q2K1yQApIjH4jyMWr6jFo2lKHSd+4
+V/weG0j8jK+W02ohJ10Ei7cgtn85L+SAHcyiZhRH9eaHlzacZvKrbvEG+BaSTdh9
+Y1derGlf75ITaKmO98LtDVkBVPllxNcQXeYVLSJagcH8OGKDS8TZITAHW9m9BuKO
+T4UOgHAqEDSSWJTVzBLBPRSjLnwup1E48P17bUlg+mUx3B87zKdGrfXmywm0wPpx
+bsTQg8VfRy1B4uwsn4mmPfW1kuP8r1pKlkqDq7u/gQ9jf0R9RF5+ThKOAE7MZHfC
+r+LurSXn0XHZW/1b82vwA50e++xVH9saNv8lrcSmnnU15oWtqTEdQ7huEqbJFIoE
+7EtXQrat2UJixsEgH/xNtMow+k2E6a5cyZlq3Zp1EqoXH4Yz3Om6hSocSigSn9ua
++L+QsnE6RJx7e4ZMT2o4hQ4j/vVrUmWsQi8PV1LjZ7W1PIR7Hk7eTul7XgWidO+U
+3bPd3EG9byKcq86Lr6kUAlLuhIB010d+8RuynZ76RNnEwbSFEIR8fRLQKbhvXx26
+9vrCvjNoYnxr8I/LZcCdg6kVxq8JsHFwyFqzV2D/khu5DjiBAASjPtMt9bK2GY/0
+yrTmTeYr00Q1DNOhZB0xjCG1ncLsrlUbqNlED56lnwx1//UAQxlF221MUOOTGY+o
+n4UXC9mU4nniX7AGTUnRYy92uCOUjhJdmxYsREH8popLPU/GaaEI6SLcRLLYrmTt
+bUUV4KK7y3a85WIkqcdWzKTSxoCYxKKEfKZTIB+m6D+E/okaWWDLBw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TwoCRLsCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TwoCRLsCACert.pem
new file mode 100644
index 0000000000..ead53efabd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TwoCRLsCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 3E 8B 13 E3 DA A9 B1 FF F5 8E F8 E9 A1 D7 0D 9F 6C 7F CE 49 
+    friendlyName: Two CRLs CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Two CRLs CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgIBCzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFDASBgNVBAMT
+C1R3byBDUkxzIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVVw
+3mINvG9IC82MaVpCjNLN6vTS0MX35ka4XR9DiLjJnct3BjTPol5cSRkUGt4aD7/i
+yY4xH3KZaA1QIqHPrmha3xJq3KDwMOKgX85QpwEJQ79gRoxvh0PLInwOOOLEbgQK
+2m7cfRj8X38DEcLoetizt8bpefYqXg0cK5QQ930x1zdGobj2ZQY1dyfOgEOGbR6v
+b2H2tf4ADjjr5zCuGWgR4WIjeYg1nSKfGyFt1Te8kXYze3ps6JBsZwWbzZL0VzNc
+SyOs/0aSdqas2jeB15GbFx0mBYO7W7/Ruv5tKfQ1Bhndnhy1qOdqCHbjQm7JCW1U
++OQihBTPJua+WcoBEQIDAQABo3wwejAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51
+tmWn2V2oZjAdBgNVHQ4EFgQUEKEB1pmdgONt/efud0tf8UnZPFMwDgYDVR0PAQH/
+BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/
+MA0GCSqGSIb3DQEBCwUAA4IBAQCCV6uwBSTvSBXTOo/xsmUKJB7luilrOqM9S53y
+ZbAZDMR3CkQTgiofSi1AFmma6OKPSZb621YSc5eNkVIaV59TtMTW6birxp5fimet
+J0Gpccz4huD3mCHl19CyfiTRyHYrnv4KTLJNLISwATQ0kGV+H3UnOWwP/R6edMQx
+AdSlpO5Y7WeDLaO9RdcMSII22qn9Iy8dT2V2eOA3yHjnLozB56H9BV9TFFJaV66c
+rxhupQudk87bl5MvOWx5FSKevJKgIV359N2oVm9G04IRI6uxk7HTFOjXq9sSoNoh
+bWH7xSENkdiWaAwBXlZiL0O4M6AEfhCVrlt/vnklD4vLn0Fm
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3E 8B 13 E3 DA A9 B1 FF F5 8E F8 E9 A1 D7 0D 9F 6C 7F CE 49 
+    friendlyName: Two CRLs CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2D4935EC571A0129
+
+R1jy0YiS4UdfbW7dq07IosLgsvObjCKFkQP6taBMFazcJRFQEbpW9mYfGiu3WBWe
++CRslantZU4BLBCeRf2XDmMTmSlQcYQDEFKxrpQvChhpaSF1o2F+9nocQ2B9YEQP
+EXfsCaLKgIg9U3NVujHoG2YlRwJi5SWoe/CUwts1czHAHTxpO6l9ArGm6uKD+SBk
+osetLW0RIuhNust8i7sArQULRS0BmW/HkKMxWhreQGQjqkOF8EyW4sWbI6j4WJan
+OBQ0dK2cxDDDoydEj+JQ3EOC9Twe4D8FXEg2zHWonlRfRX0qf7L1EUZEvVFBu8ak
+ltJsAmkEMl1mrJ0HGlmTm6mQ8DObc+kdOepbFXAGP4/7h3sD+cDEu0+vVky5Cw6u
+0Qi1icscf3BVKFPpv6m1SHNsoygVAGdMSTQV0L6i97LmZOnY+XaQ2n34ePfz99nP
+F3sM5lydLRZl5nSB0kZW/VAdC9dUBL0j3qvY0SEjBa0BQH2qExtx2q/Yyd+T6GZ2
+xRS0dWAq3UXbJNG6UJvWYId3hicZMDEpWpgsPYVQ30LaTYjK+e3z+zaR/etZ/de+
+aY0rH71OGXxF76vAZNOHpMGQ+nvVqhDqjTXaaFlHQ9MFUdZmY7f6+K4BZklv8p+4
+xtZzLanvEDudGxMdNCnAWCTM4T8A56Sbfgss/5S/9/XjnHl8wGSw03WUkMzOrplA
+q4fRgu3nTOFrDILfXUuil5iqfVnKj/77j78P3wEda5Y/IX67aCBqlexXrRuHuz8D
+HZR5LyXbxaB6eJHmsL89/VM5q2PtajK8yqIpjT8npX1/PeWNKWAuuXRCR3yNHQzA
+U5zNE+gOZwb05cj3wfV0ni/R72Oy9SXZSAWjKWxF75X3AWBMekJ+ht1AhFK8ydDZ
+DY99wEMNvUHQbOIMdY+0gOULL+azKlV9Z0fhyvrCB3k5Ek4JuBL2F/f4T6dPaenB
+kp7Nc2xL8e5GS9lWEo15EJalkOn5hn9n/0Pk3OKYVWVZ8n/hWZkcp7NhcYMJr7wm
+LwbcZn0yC8dgH624xi4CKF3ouryHFp3ZunJjyzCXwLSUz+Yg7lSjvz5q7XOm+bjo
+Prf6fHD8L3+4/1gDlhX3K1S1m2U+IyZa9uEkaAdsNW0tmEzVxOw5ROaBLZ2+62vB
+H4W378z5Bwjfu3G/Tee9J/gWJfLE3MeO8ZfC8TuSHnkd512ibg2gp17+lk8Tde5I
+zIf2A9Ljo7TSnFcw6OF6aoZDqvuF8tdTlANeusNhlrQpQWTxeDJm0PJnVwJkZSes
+B8Bc2DuECaCRlSihU4Ex0QcOmaTmioSpz2JP/GVmpwkRpPQj7deXYgQF9SDJrWVu
+WJAoR9kg/m7oVsP6SYYXSxHYSIwj6Ul1nJ1985H8jWljElZACnTVYpCNw6LOe3bF
+YBBJGKDAKjLpAeYzt/v5LP5InO1ReSyiVMPrItNoJeQaCzmx6eXxa6qngNquvZiW
+PiN+HWQpO0DrHyahL4Mjkj/XMNQ9El/LEuCpysYe7cmUmlu1a7bDCYcRr0Cd91U9
+0H/TX8smHEiLc8pE6yQcBM/aGYWJj5YXWZp/lKJp90eqo+7HvbtN+yswMG/V6Ebp
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UIDCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UIDCACert.pem
new file mode 100644
index 0000000000..1100bc4d8b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UIDCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 55 ED E1 DB 35 27 4A 71 07 5F CC 53 2D 99 33 77 A9 D7 27 43 
+    friendlyName: UID CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=UID CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgICA+kwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDFRydXN0
+IEFuY2hvcjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMD8xCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMQ8wDQYDVQQD
+EwZVSUQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeFABwDBUn
+ApJRGeo/+64E11KZ3rpoF+VJIX9apBq3DmF5GxhYb5PiFTkOPLN34PwLf3qLez93
+SSgZv/lXeQhWnudJlYLTwyHleDYo6uzFzG97ud10DKLEL4qz6tsNmgOFN7DUsARW
+cniQeA+PlB7FOAq+Np3AU3thtysN9pj/7kfthiHSpnaolauqdQFug2QC/Tsuqlpb
+wdZmC+0jcjz6F7FPOSo/dkTb1gy04sjoA6QRuCAskjlkQvSuviU48CYZwlXJg87m
+R6t5yDk1kv1NSUcL0g7PNC/yIMZiNKzkP+hVOYc/EK8dJv2u8rmp74xCW7Zq6lhe
+jgZF27pmsTuLAgMBAAGCAgUgo3wwejAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51
+tmWn2V2oZjAdBgNVHQ4EFgQUED/FBDDx2EM2hXlcjI2Lne4vHKkwDgYDVR0PAQH/
+BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/
+MA0GCSqGSIb3DQEBCwUAA4IBAQALOuCe7LwozytIfL3W2cNZdLVrhfOXpE/spkte
+1wi3VLrPYFYX/WMaoL++FBP2Ct3vMRaAmBHeAScN+FYPXP5Nc4DUiDlDXIC7oHJa
+BFlZq50K9sUIfDUiH2acsdrNqwh6QRO5+tdah+kNRmSnq1x+b/gSVkruCyo/hgLe
+XuvjLlB9CHf7FcD2TjT6kVHwTztZVOyC3PD0itzmla8BiY+Bx27Mmhk9ivQLeM/l
+ZXScBDdjrKanYIqmcvdrHGVRjBzpMQE/Vq7wwb9pDsm0nUiaHcfJQxrzNOlIsov6
+jtBJCP2luvGQia/7gwP8r6Ft2SsgMqH59wBxSipXP3qpz6sS
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 55 ED E1 DB 35 27 4A 71 07 5F CC 53 2D 99 33 77 A9 D7 27 43 
+    friendlyName: UID CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,390F5B5463C07EF6
+
++b561AnTMFle7QTjksjB8FPxB8vnBF+TY5ruzWhIexa39ZBXY64FodVv5tiFbpHy
+r+zHzOkowBnFCgwn7TLyWrKg8cq9hR//07xDlGloK966SIRd+ZJ+pvVWUMZyyN4p
+D40ANS1sBBEhcT7P2ae9+Mz6Mv+cDRE0//qJ7/BEc3Hj/QxeGBIThSMKRReJ66jD
+HScThK8MyEUpfuz7PLd2dTFqxWjk2CuAz1LsseT7RD70zr9wiBmS0q3Fo6JVai3U
+DvTY7xViSPbPtZjkZ0NkiQRkXp2dh4r5yj5gCEbq+8wDDmC3qGhI8tVwF7rRSpUt
+IrWo+MSTgazPd67NsKVai2uFN4c5ZD/FrBOHaS63Boa8zX05VT5gYhfEohnlz/hG
+CptR5Oq1m7D/nSuKmo4YXz6BfkXYE4IWupylKkOs71tlNCyYTBfGUMHtDjqcaLU+
+3rEEFSeUwxlsA069OKubZ30a/A4AJGqhujFM/IQcgDXZnlBe9aSNxYSRFiGedOgD
+RM44jgKJviBx+wzdQ2FPUGPQLLbWd/9QeNyEZZqGVaSDXfaFvmkkKjhqKVKq9qrF
+1EEKFiABCuP8P8eIw6fS1SlPauYE/PRqF1vKZDvtUElsCpWR8uE9837rPmaY3dg1
+9plIDyxZQ8/JELqRu5suIAgZsfO9lCaTCvAtIjDcDVCxp6PcGRU2QX8BAQ5EMVmj
+3ZinX/AKCbiySnLXUOTt7Amo88rXqNRxtNPrcRZaRQGv1Lc+O492tYOZLwawLYAt
+OQPcZnHSfu6yfBK0p9xRroJklX086Q5FLdISb4AbuQlP0plzunXcB5aV45lyJmya
+VAcNh1edLl+WK6WG0/MDoYX7IAtpXuV6OQ6gmuAogPFvhD6Tku7gc6WVA5ADrxew
+H3t9ssfQ0vsWiQdDd7LjC+2ft1kfc0FxGOyA+A9Dbq19fXOjWrYi/oxuAe+RRauC
+zFfzUNvsZJkJFPOHFuMjLrZ5K8SYxkgiromqtgq8lZ8yULme/Ano0sm44wO0No1v
+fClibDyBAedvroSYqaQwHoPd9j1+3hIBBGQGF+t+qZRKkw8CfrSQYzfDYUUcLn3i
+v/GhxTgIOpGw+kxdOYjUQsS760/7Iw1ZuBy6kyz8J3RHntlTUC7bIvnlYTG4kQa1
+/tilt3cOmyZ0ONyIHfX/ErlSf7KBxyN0FHenD3cO888tbRav0fMmRT5EWe2LGg/a
+3a0anl6W70s5ypDPb9dhgfOwuuoTUzTjndF2IyQaPz51IoSoUWagIIjmOumB1lwv
+W/2b3Tw9EAXq+1TyLalAM7rRKLTGvjSEpDJwfvp2VIj8UnM2RZV9oxi60SY+Rc4s
+rqdSXMjnrc/SYZMVNp7J4pm/megIUAIh1k65vA+DdtyzELfXw8CY6reIHhCt5yG6
+/YKajR8Wad+9fV6Yu3fSKQLRtaWGtOJ7sP/Blxs36eGgWglvBx5sXWGvnx70HV6D
+8x07lawJaUv3LTzE8FiY7jmLgCXmaGrV7Liz7mQV9cQQ4qf133JtBZlAXH/9Jnan
+B8tfwvFPCPMUI+5t9fPq0APnfFHIowss70IehYQYqPWMiX7TyzY7mw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringCaseInsensitiveMatchCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringCaseInsensitiveMatchCACert.pem
new file mode 100644
index 0000000000..1fff9f5e40
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringCaseInsensitiveMatchCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 4C E2 7D 0D F8 76 93 B4 5B 55 34 7B 13 B4 B5 CD 6D 3E EB 9C 
+    friendlyName: UTF8String Case Insensitive Match CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=UTF8String Case Insensitive Match CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBZDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoMFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLTArBgNVBAMM
+JFVURjhTdHJpbmcgQ2FzZSBJbnNlbnNpdGl2ZSBNYXRjaCBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMG57Err72Y6WVucCLR9vA602ukJ6SGG/fkb
+m3MdFHFnIlwT4bTqW1vVDbWM6JGk6Ats6QdrCKHNepQUivKcTaOf+Z/AM0PF8Dm+
+/46w0H8slEycnjp9R9kVq3RxnfaCVUuoT1GUilrIl6lzYDbLmk586gIDHiKIB6G1
+EB1SbyGrTqUb4PbX6BqTP3DyMagsCXbB9mQtdub0TMopxgLPhx8c9J4dT4GT2zN0
+YhDhy1j2u/fe2IaKQ/cBYdli4UpwlJzvBQj9DChrTUeMU0bE8LUUot/+SgUnJzgM
+00LL1siFE9AwjpdtBp5TZWaGrGJGNWEzV/jiRtmiAKoU5qMr07ECAwEAAaN8MHow
+HwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFGDfGNHK
+qVCSERchRNJ39Wqtpr54MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAXDmk
+vYzphSsHCShEza+0eHMVa+8vfRkgzCtHfL9ch77919MmuIbJSuXxvmkV8bwBdIzV
+A9prai62c2AAPgDGlFpQZwUY+ead5JWxnqhdhSbQQ82GguuLbjmwV6nWeGuNwX7S
+bLSt7V2e3aiijWB6grarbdReY0c4r2gceiNA5QpPmFpnL1r10GnE+hCf69dLJGpp
+sAzcGVaokxKA8DZhgag+Jv54NOMZKH6o0L7p4peM0l/acVHkLNvHmZTgjrz9If44
+wHSFmxIjghuYD5gEKtvxUm7blklS1anKqrHHaqQfYWyJfBAwdgNjiASvlfypETzz
+801tbjXPclw1G82spQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4C E2 7D 0D F8 76 93 B4 5B 55 34 7B 13 B4 B5 CD 6D 3E EB 9C 
+    friendlyName: UTF8String Case Insensitive Match CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D5A849F04F091743
+
++Se5p0hI32zfLidURyAPBD/QOrv3xuIPNygZ5Pu1RlSfya+tMtQ6Cl1w9FfkjQ3N
+qxunN8Z9QvRgy9ygSzSb43/zdPPG35tQsiihMqW3em90ILyJ+ZnkT9x/FmmQ6xHW
+ixAQPtwkGmC++FqPxdn4CzS2JaKihRkY57fbphw2JbMcccpi3qltSmgnL82mYedP
+2qYmQcwIryLrjU7obwfseTCW/jikAfTRSqHUS7vmXgSObuIi1RLT+botTQj/aV8B
+Gxgkjycbs0iOC5/O8fpw/Izbw+HpdSD5Rm/pEkT466hkrjFZodx1Wv0rUt/Dy47o
+jK6RVf620veoSotzmb+Em9wlkBoow5Mi8dGGT8FxsuKFE/qnG74QmmISNPHqInP+
+gLLfimbJ8IlJr1xVZKBTy6VgzjIwIWC6StaP1W78VC6n4qicSos15G26wrjwW0aW
+U+BRDmM1jEUhn4X77WDwTmk83+ku8PeaKJHCW4smruFWtEetFG1toZC8zCa50/JO
+FZVxVnn3zVFUGpd4m8kNiVXt50yF9zJ0jm2FabOHDGHuFdyyxjXRL3/NRX5inAgM
+/b8oCkLMnrDGbX0DRGTzGYLSLkGijSknvXsCnGoHVTJ0aHfxyK1adHOZT4zcFXWY
+NVg1TrYXfAVI9eZehuTAzfiM0a8tygdF7FqzpI6vFmSjnbyEz65VeT8IlxvSQEfS
+ZxWYH0Il5Zndh77mX2BUlxNThFpE0BHISV3zJpdfKozmaUl74VCn+epaB9P3midf
+7Ku8cCCTr9MFxerQH98BLFrMgKUO8CJ0n8exggk1ozKNQ2KNkKKwDoIvqfFn/TEO
+oJVAQUliB93ioiOHyb0bhrm49tmo1FmMyV4hX4/lPJ4E5O5kQShTDdrDUhQAgQUa
+cma+8oN8apz57CWaBdmXKWGEGNx/tP4LnUnbftN8gXTGIVTt+Vc3ihrwVwhbmzEZ
+Kdsezyi9aPP7OIt+L2156WkC+Da1VnZUnGxvs5n/4NG0sALVmJYqMVsytpzkXuFI
+BgBTp4KJlAjjuqsWe4D8yRgLNQN3Tv8qp6eaFNhkpBZxrPB85B+QoLSog3EgE3tr
+zPx/1+yaM6LNcqyuGB7W7B/kxz0AQ9wekJ+qrtC3aN++l/fc8/wGLkbjro3vEDJX
+0TwlcLt40p7udXIHTukEHztSgD6LaAgEwtWDyfZUPPdZdw4mKofpVhuu4Yc+mXqa
+Ead5sDa/xGHC3H7d5T3Utmyospzs5dStsjUaocmLnC0Fpik1hlU2+I/2Qt31AEWt
+wMvylO8qNzbqtKyxLyBpPN+0LE5NWxUnBpr7pSfI+q4+VvY6BJgJNlgDAoE3Edv6
+9e3gdQ16jVBBfkUDbit8s6Ey0wam1kQwUq9561A1ezpa3HnzeKf4BdJctBa4CFip
+Mq+LjtHR2H76kFNpKjKbjuwsUcpjAug3hbNX/2H8NQdfrA3pjyZS4fQlqnhfVB13
+ZsWgaBOnjHOYm9gvmKijLAsSk5xPLjY3W/xrQDQCbN0LiUZRQrukMYxqE+Qe3w6B
+9f0uzZ4nCiLIOws2RUZgWYTq24R8VHAnEfLfUBVcCvLQeGNwPL2GgQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringEncodedNamesCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringEncodedNamesCACert.pem
new file mode 100644
index 0000000000..3f07a3a22a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringEncodedNamesCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 60 31 94 D1 83 3E 52 FF FC EE 93 39 04 04 7B 80 DF 3A D5 74 
+    friendlyName: UTF8String Encoded Names CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=UTF8String CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgjCCAmqgAwIBAgIBYjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoMFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFjAUBgNVBAMM
+DVVURjhTdHJpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp
+FMdocNgWHWbH/yYbXj7cmkTMmrDj9bXTRwJQZM2I/fcTefta90CFELGbDX2RdtAn
+jlSJqkydCKjhhkKXfMQFXJDlM6MQLf4rcQoxEP8UI2KmnbkfEjfsyGBxnSEFWe0w
+ZZ8z5eWrLyIFZYk4x2Zyc5da7szsOnu63qN15kAJRf5qLTQyBVbvG6pJrOQaDF9I
+SrgA1Sj7UW2puqZ40fbX20zywWxMEIeX3QO1Ho4onJXwi81/LMjZ3CvWqtEuGXo+
+D5YJHhMBx2Ok777u34ahScf3f6h5YBixNf69RCCIR41Hki/aJ8Uwir0Ylx9mdT0X
+fE42LskS6v/MsFLGUpCtAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWu
+vnW2ZafZXahmMB0GA1UdDgQWBBQ7Z1tE8g2nSH1zKYyTn9Uk4xJgJjAOBgNVHQ8B
+Af8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQELBQADggEBAAP+S9Kl9ocPuIY66PoFSDnkqzKGoqlaqslJ
+7f7oUQTUwVKGx6hxk18tUGCR4rof/JpLBj6fjYLcfAutev7e/ZZPf+X6X9QlJW3R
+pqLCIcGfa4k0LdLLDIYUGKu3YzeByWf+7AHjrFarwSxlZSHwooknYMokxMrgroLo
+Mkawy5gZSMyykCgLxWtJdCHq/lSxLnseGN7Xfpa4Yr4ST9GgF3oyvMVIgp7jJUAw
+15Yjtfpu0NJ0EkWbLp3k27UG12xDzC4XZUfco5ecXy0Iflj1USDPXUMJ+9etyJQo
+6ctOAf1vXD90OpTS9YynXwm4VCqRRISItnWSbLIvEK0zg+YrB1U=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 60 31 94 D1 83 3E 52 FF FC EE 93 39 04 04 7B 80 DF 3A D5 74 
+    friendlyName: UTF8String Encoded Names CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F85DDC9DE7660E27
+
+yaEWNpSej94SaNM/VCAqe163L0r9ncBBhhHlsfECuxJ9sq8eJ/UKfg+CVACGk8fT
+lzS4PDjrQ4Hb5fruvgM3FGMDFDmX/7FURmwKq4Y7yxqwoSzDiz9Fkj/mfHIPBvnV
+WR/LHseGpQsbk9l4fJnT/h9HDFH3edhMIgGZGn226QdvJb0GOOO+VcmnD1wVCu9i
+ljMGJ+x1RsihD2cpXPLsibtTpy37FgGBGsE2Q0yxILF6HpjUXf2GpJ3IKesJXCGv
+IqNj9+JlUs2gWb0sio7BBq5u2pM0xug0HfR96s0R3oKSr6rOUCeqggd2d4200mv7
+o80vbwA6/A76W6oeUV6hpZcGOyGrn1PY3Re0bMzPDOmXzesANaV4iLC9Blcs72b2
+Ip9Mlf9270wyAx87X2itSCrWV8Q2YKHIrKGwpfW+Ew9L8d7nVOn1XSvjZfKuERVf
+ssOcd53yapyM/jRCihvL2TeBUjq0hF0iLvzjfHhfptkbaxVQAGS2h2yVu/HRCfsL
+tYKwa3IoZkxZpv3MA2HAOWs6GQaAsIH9pCtq+PjPSEgSn0dlNv5Xq1F7tXI0/FB/
+16rQyrDh+GxkhKJhMSE7KEGdIWmkFqGAxibVMhGEF7+OvNRsbYKy0w9H4vRdU5p9
+TBRF57fsj2IbWk3f9BNfV5TJn61Wy+g63I1Au9zKBt44UH1MqfDdG8iV/0BcX3M0
+YFuZSE60oqKueZYgEIR0xJM66uQHXCuP8f6FiJ8Y8EnE5fTxrBDDpsnVTZGe4cu6
+7RVAVuPb50jsEerREKNuyzZcIphS+DSIXeMZKxdijP5gHRdCjzVcVcNyMuqJXyi+
+CgfsfcFLcLFhx8UCugp/2ymVVmXp4eZ/hRO/7uPpV5I0vzJtbwocaaavH+6uSZb1
+oznWLPu/EpfjCS9nGWwXiNfuiJxuyQNxmkGSbAOwxHHnk+kBj9XJdVtFRSEgolSU
+5FKkWJeJ90FEN/6XnnLFy62fwH+VdYOp/U7EBPza9jplrwj01EaH672Hx1ijUDyz
++FN+X6Ny/EX4w6+sSqnTBFA43R/iFfZnM0cW2vYCWPCyt3lbVqFxpwb87o1Aa153
+YLENm6i5oCNaCqkdmov95efxVpJCGmz7zRMt0+f6g/VvUHRFCy1aFS5al5l4gduf
+uNpC560+bKO48TZPZkUhrqZGWHZL0qmEN6VkKDTzFc7Fcp+twptI1+Xcr04L1gNq
+o//Rr9D4R8+bfpsQ0b3chB6AnsMrKp1A63JmCGxUfkDyiPPzAC7P6FCmfXUQeNOM
+yaP6RCrqIGKpfApJDiDBjouSZZX4FXXewdehG/yYZBT8Bb70M0MOdme1s/IYWcv2
+qPcQ0hkWBOTOhsV+q8bZiyVZ2Ab7WgqkXnDcZC6Mm8JT0CfydGaQarvpuA3ulYCZ
+3dqCbrXdaC/eyTISfWnmrWWf2yXSqyZxZoQ90CE//ll/+W6MMfQ0v/nQ+9in4xVO
+joJpnzDKCLzH0BDD1xFI6v+IX7OtBoYw1PqEdt9gQyoPL3bS5TwgJKWmU77u8FoT
+hYo19g3+GGFYfuTYb+SNsl5rSLiiWBMpdwAyfU7wiOpy/qOnkQJymbX6CakiX6sR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLEntryExtensionCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLEntryExtensionCACert.pem
new file mode 100644
index 0000000000..56a0860eea
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLEntryExtensionCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 45 65 43 CC 9B 34 B2 75 2A 14 F8 83 05 A4 1F 89 B3 73 7F 82 
+    friendlyName: Unknown CRL Entry Extension CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Unknown CRL Entry Extension CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBDDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJzAlBgNVBAMT
+HlVua25vd24gQ1JMIEVudHJ5IEV4dGVuc2lvbiBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAJq2TVjGIQMG94IR0AGNlX+dXBLDqMZwDIJxAQ1UbqD0
+HQs4NhG/NDXeV02qg40uMBG0p4b3s7inEy/NLdw+ttgTkQ7XZhf1Fh1BrDY2md9z
+kgigRRvTPKJjzbW/nxY32ySomL0ABlPyQQQg7Fy27cWeqLbGFGF7K6avwI1sdnGw
+/QzdLvkTGSEWYGRQrfTJgSf74f4YuOXsiHniQ7Ln7pTKcGlhgLDMxGJOSb9bnaJ+
+inxuz8eDlNiCTu71qN4iKwJgT3Ch4waqG7w8JdoIkxDmkKXpd7ETKdyfYk2kUt1c
+26hvv10iWxUPZ+FGjSx6vJzC/S5FGRl2DbBabA4BcKcCAwEAAaN8MHowHwYDVR0j
+BBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFACmGcuhLU0oLyLz
+0kw3z/9MMM3qMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
+MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAn+VVEQ6vEy68
+7EiskrOXl33w1rBT2/JUlSZnws4hRhBd0363UhXIGd0N/fBVGas0ufPXS4LtYQjs
+lFpO5UPj3aJGk8Bq9t+3DvPz5rOnTZCiiSZu+V17QmiDsKnNgS0YWr07ESK46nzM
+5mjXhARQPUkbFR7UEXsFVKU1GTvr/YwGHQ8wTvIryrIjgVI34tB37i1JOEK3j3FP
+lDUAGnaDIz8uAl+qFNX/W66/haHjDtwVa77j97HOA7rrhpfEkNaaOpjDxKPQLSOG
+nKitdrq2S6Q4TA4mHay0XpbaoDstAOHMDKOnZrD9XDo3szNWu3DVXhS/AwiI76Jt
+P15GKWEzOA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 45 65 43 CC 9B 34 B2 75 2A 14 F8 83 05 A4 1F 89 B3 73 7F 82 
+    friendlyName: Unknown CRL Entry Extension CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1F9F099D8BC977F9
+
+Pht6nyk49343UgIQNTZHJsR6hqAKFrHqQXCCcMqSU+cUfp9eBZlfY3kIDy1dLYrc
+3XRGZaD9hMqdy4Zb5JwTUiefw/KSs6GE18bz+eIvKz2iq34OZksNYrgF2V0c7IPN
+e94dTUvCL3fnSOh/UnSuJ7G3ySCU5AI0pi6k2J5x99HMIp+I9Hn67rXhOhlMTc47
+dt5HfArr2EaYYdD7NTttRwpr+37mx5EYbByYhN/3q3paC0AxRDMpktSPSniPfp0O
+n2Aj7kaRsOaagh5yi7V3cVJpbBTBKoqyQO+xUoFSZ99JcvOi3IXv9uMsUAcLtBG6
+6qNGVUHadISQ2m6XtVtzdE32az/Uj+AXYPZ7/OKfrU9rmw/LVtvxtvsX6cfxjZ/R
+6TMhwHzVpG6N35G+Pkq8FRpjMMkcdyOurTpUZINxgyeodUgPyKmOhrQwFMae1KMK
+aZgTf6RinXSlS4QOI03wl8+IvqdlWDZnN0AG2ZhsoI5dEKyB3oAG0wz8zlLH2T84
+Latr7ekgncqtXO9rJC/D2Po4rG4jTYrucUmKrRvXdN7hV8stLUSnhQHNjqrcR7+d
+HKKtglQWLiAPq8ytY372zGd1EIpC9qMFZNv/IQAMZqrCt6e+uMN+nXDJDPB0w7ws
+nbvl4t8pAOskfOY05ode2VH5R7QVr+S4FB0iH0ARUmyyVNe43QGPjxCEkocB5gLC
+/cnEs4u+1sKG4g2Jfm98xsDaD4mSJqXBsfz9A59jYMjcNZeuN3ZZ09OyyHmGAAHF
+O4xYOEMzU3RjQ4CAKqD0iaAhw0vxMRPBL6rR0ngTtrxRs3890revN0RwN+zomtTM
+wuyPL7b9KYJq0cFe+262AHIGi73DdgScEsyBLiXs/uwW3YM1WmR2gAy/F17CQLoS
+aRETP4pEcMHzX3vagkS1p8h/BO0cfUyob9ABybJiXaq8HzgUygOFjbRk/wRT558D
+bxzGVSNnTCvsGSoeIkmQuCjzZ7WqWmc4AVCq2yrYGqxhyzQlTjH0LZgfrz0YmliA
+PQINURKMvqPhsqsav0oKJ1LWwUkCYqNhFTAXsx7o3hdxf7mahQVvI+jhWUHhXIG7
+Qh80bLfTQsBy71R02FfBhh4jGJD0OOBxQJV09tkQf1XmeRTtTrt0AhOViZa3/KjS
+d9sGWWjJGeV1tBLJmEan/qNXOozM4josXaz8ot2c/2ERbIapp3lkNiHMh6tyPkRF
+ayaa6E6t2XBLaGl3nlawrXOozAdQbRbzMG8hZ7XjX9XAGQxHR7pOzEQXfJp+6BYN
+KnV3Sl5REI7L3/AuA/cABFA28WqPVOjzgBVAU5MfZNn5wgxqqkHbbpO6oIEw8awZ
+2e3/vpqkU5HNcD3S5fqcMVTx63Lu93Ry6RXzTmRBGoAHtZ3i447sTNTrO2DgckUf
+e6MWcysrUi2TkX6t2wKILhLUx4QboW7HH4WZjXUNVd+Jj/cojX9gXPDoTN5tF1l5
+oALvgZareTUYCW9F5sfqcIIZiGQYvhfFJeAXYbM8WI7ym+tIjzdEfUeP4RdtsE4C
+/xjA1sgGbZFF9FalzCuUmLLSHwsMo0tZZgU13N1/Qon2TdvT/u7BEnnaPPeSm7pB
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLExtensionCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLExtensionCACert.pem
new file mode 100644
index 0000000000..978a8f1192
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLExtensionCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E8 29 F0 F6 2E C4 7A 8D 77 56 2E 28 64 D1 A6 96 7F 3E 14 3B 
+    friendlyName: Unknown CRL Extension CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Unknown CRL Extension CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBDTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExITAfBgNVBAMT
+GFVua25vd24gQ1JMIEV4dGVuc2lvbiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAN3+bmlTsYBVkvHVXNA+SAx982qdi4yGQL2u0PlcbbsFaWN5Sl0U
+1ZF83NTAmeqJKesUvJKicpijbLSt4rh2VVlrwDEe2JL+D0R2mSomny8ViNAe2z1Q
+OSolQnAr0IlPE071WQ77b9kSWe0HOunRrORTQNEDmOS9YVBMW9hv2YtSSJP7RMht
+sV14x3JLmoZY25YlNo+nWxakLuabNERqfvK7+aZmlbtjGpkR9QsGouSHMJtH6nno
+tSyjg9R/RJZi5hUqzNz/0iRww7VUcIkr85rVAHLkHJNdOy4AiYOEMXpiq1gSapHO
+iqzo5WwU07AM6eG2pqUNurj/E4j9Q4K24lUCAwEAAaN8MHowHwYDVR0jBBgwFoAU
+5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFP3//hlN2wydxaLYglbrsNkQ
+YeMxMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
+VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAOMZEqelK1bLZqjY3Ap/i
+vt/zf0txQmVZooyCElcIZMGvUNrpBOUnAo1Pl9f/I0SZImszjOxY6gS7UJ4TYymN
+n6z968x42BiptCW560/djERAq1+15AGcTd6E6o+bAG1n35uVECkEj0VCovcBRJRf
+l8tDb4FMl9lTU0g4dQb5s2rjy8RWJrZ/DRGBTvniDUE/TYKO4LYKEWmu4uTTNnba
+1RCG8bGe8vheiIp4Pk58HklrLewClA2NiqSXmOgpl44FlGeWuzh7xlkf6cVVUuaH
+553QGvjiDd43pJKBx+ihsFfHzelGfrj1BrQWaRWFoR7lX1GdgUDsYvhOK4ybEKpb
+/A==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E8 29 F0 F6 2E C4 7A 8D 77 56 2E 28 64 D1 A6 96 7F 3E 14 3B 
+    friendlyName: Unknown CRL Extension CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BF8997AE3F28C957
+
+Yb3OfRlikZzGcSRuE9Q/nGEx5tpHFL9zZbku9ta9WZLz1NhJYUBIb/rUud7UA+EA
+GN6RcKMDRfXwa7LTQjU8miQFwyfE9QXGsVBKFeRQ/SSPhvyyg+XErYmszsRYIJ06
+6MND+TKTKgbOSi7aTsfLPjLBfsiI9w9dW3Xn+Sp6+ViFZJCN/yqAalVvHsaRR/Ex
+D5DoipwaYcIr9wUW/Is5+xWdJOU46c4ILxao7kGtBvpf8roRfbY/pHND6oBK1YUB
+yZrnI32gz3eUXWyFibAJSvkOqKqXLFw81sN7+WyHLJJmNR403GBBBD5OxPmN74Ng
+n3lRQJt1rG4W1ZlPRylaiOeRwxIATqKyZ89ByJSc8Q8787o070eMGWR6fsYaAiHl
+HmjI63HXyqvF5MZOMBFBrHXjSBPOLqvDLqrccw/sI7su/mA/gRg76ce9Qx/Zg1Pb
+oF7zSo59fmFG7AsROBvVHK8GhPjYLe7t/cTNMh9mpX6Wv1KpH7o11Zw7ldMLGoZX
+t1X89dcj6MX5rN0qOHM6h3nVT1PQMIVPZRGKnbGU+sAzsd1W8wgktWWdHL4H1ubI
+yPCl2NGOLObTBVcmrk1OzGhdiDaexBjpwl/G9oLp+VWCLZ1pIMhn9LLYmT/ii85C
+cI8C1oYRncjgl9nRvdnpFWnsXd/1bewuIa7GS8is/4Yd8+aPwoA7X1ngZVfbvVU7
+nMogbZMp13CKme5NfSLxANLRd0v9sSbsFybg9seXx3nUXBh/GmIOPdYv8ZzcWf9y
+gA7bXH8VQGVdaHEPWrwPUfN4XMFPP7YBZlH8WOjxBm4hQIW48odVOUn/DrxumLPi
+6TvhUuTFnQw8G6xdLRb7HSOq+AEa6Vk/jdjj3K0axopByIUzGkz+a44vl3VnJGO2
+0uMpxbtlWqogEMESI8TzKJiugZpHc1DS/g/vcCx7lXwOVBXVIuXTBMkHAPQosfbt
+4NtB5D080yuOr7XBjzTvxWsMdWAFbbsLq6pElLVUf1ZwCa/xkqPU1FMHqUAJ6cUk
+VMMgy11esel+7Fdjg63f4wCq77me4Cg7pQU20Et66WYpDvKANB8dq9kilUKpSUAk
+ocBoFW9H7ERN/5i+XSzNIDDR/yeB42nqcWyN3Y21Hi0DQtEPwiXC+ye5SQZ0lDqJ
+CwAOGh2ytkiMua8bnDi5j1x1V+AZJYDSYHWagCypCK5ZgpRcOxd/9wAQCLvUoM5z
+F+y8KPvDbjw0Ru74wZoZgNB5ZQQHYcfbHjvglmu94vmL+MfsydFbgLDUXPIQj3/5
+BGiFm04bNP7AdJ0UC6J9yZWt3vL/CKdwQrXVp63Ix/v39NQjOT7MlvN5dZOvwMg9
+ED+7iCvCm+DL2h4wSOaf0xxC/74d2gh/5DzP9iX1YcbIpi5KlapYBEAifHV89HiK
+X6U3PvNVepaeeQmPVKfBVxYDOCQvCyUDZRlqEXVnw5rQhJfPfNj+apuEFL6LwtHx
+lKiuBGHoZMRFXnHgeGw30Ih3clGPvOMJm/Vup2DKEGdpuoAUcpjxOWK9aB961wmR
+p3czkqBheX2IrzIXlITEOM1dL8iud4qYGzTAJudeBaNLaLmcTrHp3A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15.pem
deleted file mode 100644
index d22dbe7f91..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15.pem
+++ /dev/null
@@ -1,59 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test15
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC7zCCAligAwIBAgIBKDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE0MDIGA1UEAxMrVXNlciBOb3Rp
-Y2UgUXVhbGlmaWVyIEVFIENlcnRpZmljYXRlIFRlc3QxNTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEA0qDoX3O5t52G/m1yV6MSg0EJQQn8QFWgZUnEutHYAAdA
-GuRrFRXtkbdQkbyePIu4nzj2LCmMAfVM+QlOWLFCnc6/s38tfZDAir7WFHBFyUzB
-gkw+q1a9DIXfaq32yn22txxzus3dqRZJui+5J1DMNLbHPYS1WS7Hu/3dL5ZoR30C
-AwEAAaOB2TCB1jAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNV
-HQ4EFgQUHYqwkDHyipKBoBuH/YaAiORSh0owDgYDVR0PAQH/BAQDAgTwMIGDBgNV
-HSAEfDB6MHgGCmCGSAFlAwIBMAEwajBoBggrBgEFBQcCAjBcGlpxMTogIFRoaXMg
-aXMgdGhlIHVzZXIgbm90aWNlIGZyb20gcXVhbGlmaWVyIDEuICBUaGlzIGNlcnRp
-ZmljYXRlIGlzIGZvciB0ZXN0IHB1cnBvc2VzIG9ubHkwDQYJKoZIhvcNAQEFBQAD
-gYEASWwltYc1aGeHLYySbO4SCTVSgVrZAXfAoa/0RHmL0et8olJXCLdXTMq2/6rI
-gibDeTUDQ2N+5z23QN3hDG+Syz9rDBbj+m3MtvcsvyyXFK62g1NhZxyw1+dFrxwK
-Ci+jbMqXaXsdBG6a9cTYKw2geUpx9ig46FLMyn7idA7OrrY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15EE.pem
new file mode 100644
index 0000000000..27b2cb33d6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: D6 18 A4 68 95 87 7F 71 A3 B4 18 B7 4F EE 96 67 22 A1 C6 3A 
+    friendlyName: User Notice Qualifier Test15 EE
+subject=/C=US/O=Test Certificates 2011/CN=User Notice Qualifier EE Certificate Test15
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID/jCCAuagAwIBAgIBKDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowZDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExNDAyBgNVBAMT
+K1VzZXIgTm90aWNlIFF1YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkS8nR/CBLM63BPIASc/HIZLUW
+rQrETZeD+GSRfJD3dhns+yVXSruNS2NJIb9GJ9LWU759uH95jMGlAmFltbdAyd3a
+AZPqvAYmi8ZpCbS5z/Sg527s6XPHGFVjLWKuK9CN9GUyH0f9dJ2nuQTZESbELZRT
+2G9GOnaPKaNet9jlmu3ykU/av1UNoLOoJ//8hXRh3NaeI6c/3i+N2eTD26t4IpkF
++ez7xx9ULTjw3xAVBJDJK+iz0KdfZcVj65ahMEmhWZRBzn1qLhboVnK7cRzCNqWz
+XF+bIVRt04TaZ42laGLqPKv3cJK7KdRYxt9gRVNXnthIP0U8RODhAKlBeAALAgMB
+AAGjgdkwgdYwHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0O
+BBYEFI+sjau3vxyGncC/k0TJSTOkGg/HMA4GA1UdDwEB/wQEAwIE8DCBgwYDVR0g
+BHwwejB4BgpghkgBZQMCATABMGowaAYIKwYBBQUHAgIwXBpacTE6ICBUaGlzIGlz
+IHRoZSB1c2VyIG5vdGljZSBmcm9tIHF1YWxpZmllciAxLiAgVGhpcyBjZXJ0aWZp
+Y2F0ZSBpcyBmb3IgdGVzdCBwdXJwb3NlcyBvbmx5MA0GCSqGSIb3DQEBCwUAA4IB
+AQChryB49S/BVXmv59TlPzJpVgyW7PstcWfaKX7Qbf+Fg3ef50OA33+0qT3dQz+L
+jU0f8PMJWfrez15/izohc/YZPY2sSiJ5zxzvPGliVqDeHqnJTUc+nWT0yeghmBHZ
+NEoNVSVJvSZEesXLCmNQh9g3BVZ02jx3dRDfRFesaxtTIZt8pazRdmV70aXJlT5y
+f0AiFsHzrk818uk2bTipjZcMGExgV8umbnjbk0P3UQPnhRGmGGH/GNytL1xO0br9
+dtwq0BNDWMELT/Ba/LhebotG1YUCYdd430Z+BxKk7gkwhFADdkbil6yFDmgRsYSY
+wnOpVqmDrMivVvLaqUozgsX6
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D6 18 A4 68 95 87 7F 71 A3 B4 18 B7 4F EE 96 67 22 A1 C6 3A 
+    friendlyName: User Notice Qualifier Test15 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4B3BE0AF537F0D9C
+
+qJCpcjplG00+wJZIKUgQSCY4a4afYIbUB51eBwSfEPAOqD1DwB4Blhs8GI0YDPe3
+vgcUUqgMzOjzLNNzMp79X4dHJ2HAWMZ6n8e2nTkjMuRDyoky0OLtnJYQ+qIB66Pd
+UUUNQWz3SU174cjRBiiGy04/l6MDhiSsMAbEcf1qAJAF3/cyJmAefuUrBposYd5o
+1Os2ue3eU5K8bXjPGuo0ygwCM7M9tnK8tlk0ppH7hEuxdSq63yRhQ9zc/LZXtmpz
+zT+BV7QAce8et444v6HDAY5rxCL/guPNm6vqJwRwrQ2+9EbOzjciVEuiSWAIVZg5
+aLrFKjYU0863foC7ohaNDHKu2sBbDo7V7cFIsn/emr7bKs42eE5eS3ihWTjgcuCK
+Ew3jkbgWTFwW69+cb9VLzx5I1eaKBDU4sVwiCydOrF5pvTqC32CUwou5uF72WELv
+krm2b6dldjPn6TB3VfbXjwnKr0kdlnb1KxkK8n3DKuiHgkwSBBi/Tap0Stte5pHB
+c8ezNy4/WWT/lwzQQojWfVLi83m3DDz99uMG2JztxyJtN+PG4Dj+sqctCUf+dcDY
+EXicdcWIF2jvgb3+P4CIjJ8fQ3PammaSNhVTOOpmRb8Mz930E9ylrMxTL72RaY35
+/gkmVeEkTCb9T4+itQ2YJBs0TFlIAVmUkuJTkwunLF6h0N8N5CWVJV5yulmSghSB
+5NBsZKbxWBmx7qaH4ZT0tFBjelvV9isgbi0nuJjKNq6DDNV9ZemAKJC6K7J4m11x
+qUombB+njrrbfBmiXjOV/jnm3CRVcvd1gNFG706ywHm1SXvTUssmOB7t62ETKmNa
+i/4ti1O42ixjXsw8v/dydhFy2PeF3+STAD1+pkgb+2RBcHdSCOWmTMpEudScig70
+NVR6SMl52Knj5fuIvE/mJyCv+YMCJYOSMernEh5YW0YyUAUNz66u8n/I47GDR6gf
+pPu9ohQO16lbW+PIV96NUfChwgoAX5jf77AKAPYR0CQ5kWke4Z/tA/lLk3JLqYHy
+cx6LyMLGzeBgiB3Fh/PHdN582SrbwXxynBT9iBZvwyV2hN0Id6SlcRFEp7b133gA
+bz1J6Zd3zwaefUaI/8mNgFuzVNYy0zkpW1DzOs9ZxjFdijMQn8vpISzj10Z56uI7
+niBJDoWKXhg9aQIYtoyPy+qgSwYF5d1xwAHRnMV0wplGOqnIz55+uZH5FnNk5T9x
+DY5sN/GC9yPeAdTiFbZQ0xm2GGA9J/utE+H3iudyQjTDApTbvOr5eGJcDYAzbaFM
+7GzD0C5RAxXvBghi51i9zUCs/VflTGXt1aBa0Mm+8Z7/CH+WZyaW/fh0O09fPDOv
+x5VA8VX1Y9jCiCC/gBzxD1eJryuyQe2wXhIw+AMtH+Rrty4ttC/UG874PnS2PmkS
+rUhoSUDKloE83LQNCK5Oxp74l3eancMz2hMoWvaqU7K6fd6cs0EVUG8M8EGRc4LU
+VW9PGHRoY1xvvZodfrIU/UK1iJKx6/Ofb/bpaqn7gL4MMDpRdkmZ/I/+TPQJWhj6
+/OJHCka2VaeiiOnVclTFOJd0P94O0AjVb2nmIMYn0K8mjszI+mBPo4MKJX86fDxu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16.pem
deleted file mode 100644
index df2bc3c515..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16.pem
+++ /dev/null
@@ -1,124 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test16
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIIDZjCCAs+gAwIBAgIBEzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK1VzZXIgTm90aWNlIFF1
-YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTYwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAKCz6DLhyX/EGx3xwNiwBuBXrfpuLfLcaPz4q3aq3BiiJS+f2vwk
-WI3BqpDluVEq7FW5zE6ATQc/K7hIiuRCHCD5ErXMnYb70mtz8xeVjU97316FzK/z
-eQYQMIIpb2JJ4JEU/ZyVNX5NW3W8tjAhuvEp+4brMLxyCM+xmA+S751zAgMBAAGj
-ggFUMIIBUDAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4E
-FgQUQFe42RtzGbaxdkQ6QallbyGIuDAwDgYDVR0PAQH/BAQDAgTwMIH9BgNVHSAE
-gfUwgfIweAYKYIZIAWUDAgEwATBqMGgGCCsGAQUFBwICMFwaWnExOiAgVGhpcyBp
-cyB0aGUgdXNlciBub3RpY2UgZnJvbSBxdWFsaWZpZXIgMS4gIFRoaXMgY2VydGlm
-aWNhdGUgaXMgZm9yIHRlc3QgcHVycG9zZXMgb25seTB2BgpghkgBZQMCATACMGgw
-ZgYIKwYBBQUHAgIwWhpYcTI6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9t
-IHF1YWxpZmllciAyLiAgVGhpcyB1c2VyIG5vdGljZSBzaG91bGQgbm90IGJlIGRp
-c3BsYXllZDANBgkqhkiG9w0BAQUFAAOBgQCrY2KIowGX/5zlQBKmdhF8WiCRnHfd
-VuzeXhc6C3G4YPpYBWQrnhxO88VH8QbvJefBpvRKIYsxu/tyihlkw2Vy5eztflUq
-Jkj5YbDicL/7U3VKfjfp3sW6ZBgqKKLQY2eDHtYup9wBzB/qzny9xfuVIlQQ+ihR
-vMKO1iVYGVLxPg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16EE.pem
new file mode 100644
index 0000000000..73a6a65652
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 56 DB 55 2B B8 5D 42 93 15 32 4E D9 4C 09 91 F5 56 A1 05 EE 
+    friendlyName: User Notice Qualifier Test16 EE
+subject=/C=US/O=Test Certificates 2011/CN=User Notice Qualifier EE Certificate Test16
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIEdTCCA12gAwIBAgIBEzANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGQxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTQwMgYDVQQDEytVc2Vy
+IE5vdGljZSBRdWFsaWZpZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDE2MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulbeEb7O7vcRacycC6/ainA+gXxpoasZ
+XBUoU+G+eo5d5yCnsyZ9FSguMM3v3bqc2THkHxZq3/9c9/MCwBEai70AQwS6Etvz
+GGIGk7MAw5c8gWi8smIHMMPY1Zqc6nQjFr1qxk/Bj/nWUKeqMhCWs6S69Q1IsmKN
+uwLYO7/DjcKwc9jgiUXVTcNCnkbzUIdjBM47jsyXrpMwP47D3dMYTA9bzBjKj/fN
+IFS3gLv4JqTu755LxVBjjjpg7Kt8EMXDSrNci5ZyViGdfitwd+F3MU0Q1Q/fnadi
+QpoASYBVHDx0scpwHSt/imQQz02Rfoo5cQ6SS2RVvXhZ6B4YfMm99wIDAQABo4IB
+VDCCAVAwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWvOskwHQYDVR0OBBYE
+FAIO7iA6v+sW5S3aaqon7HTHzsOAMA4GA1UdDwEB/wQEAwIE8DCB/QYDVR0gBIH1
+MIHyMHgGCmCGSAFlAwIBMAEwajBoBggrBgEFBQcCAjBcGlpxMTogIFRoaXMgaXMg
+dGhlIHVzZXIgbm90aWNlIGZyb20gcXVhbGlmaWVyIDEuICBUaGlzIGNlcnRpZmlj
+YXRlIGlzIGZvciB0ZXN0IHB1cnBvc2VzIG9ubHkwdgYKYIZIAWUDAgEwAjBoMGYG
+CCsGAQUFBwICMFoaWHEyOiAgVGhpcyBpcyB0aGUgdXNlciBub3RpY2UgZnJvbSBx
+dWFsaWZpZXIgMi4gIFRoaXMgdXNlciBub3RpY2Ugc2hvdWxkIG5vdCBiZSBkaXNw
+bGF5ZWQwDQYJKoZIhvcNAQELBQADggEBAEgyglT7PF+xqOPfkWfZD+B87fSODdlO
+5HPCqZySlix3IrkJHL4/acMADY4mY4zP+W8dUawWs/6ud2ECVn2UJLQcpzo9n9yk
+XS96jwdihJG4cgOib7T2PUk0CiGU1kkPBHmUx8oCXqMKF3xSvK80fXZdByxg3o1Z
+2MG0xxqok7SNJ9YhFjMNl5KogfNEiY9tsTzM6zPTVqU0iSUSXCW7PQEPAuBhI+Le
+pWFaEPdjZBN7rRGzK8w8YDCBG5d/O/e91PTMO5NtjmliHkFu8XkGu/WBPHOx9qH+
+IyTErE6J6vUrWZ2ycgmrf8Apd62mBopcR48xY9X3acE7QcdtgEe5/Uk=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 56 DB 55 2B B8 5D 42 93 15 32 4E D9 4C 09 91 F5 56 A1 05 EE 
+    friendlyName: User Notice Qualifier Test16 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,52CC6EB1780167AC
+
+DfTgiDoKidNkLpLKZqI1RZv5ox0RsMlMzsbz6x9/7z4wFa11nTLHiUfgSSqT+t1d
+ZUOPtacc1tmR26Ix3BNxguSn/EOGldSaCzUcGRenWm0Negf7i5zPb74q7O4SsQgw
+8PzPAH9uB1wQgGNXXN1MoaZVs/8WU7a12D4NicAcXU5Bw+XR1AqDLz3/fzfGLzM8
+Csm8BXpq1A5JqM7HAfMUHb31+t4Sy026OzHvFVyn+r/sEbJ8pJ1bCbrvVvGorjUg
+Nm9+BcgmB9ani+EepglAS7HOSSZGzi5LSadxfBILVb4dEGkL2skzF6WEm7knZukQ
+Ti4zA8SkwYn/M+ltf06O5ZhL7PMdUA7hAr5YorBu+fbWlGXWyhJxNZcJq/jrkATV
+7pvKw6SfUa9IbIJQyZcbFcuzqPANONGBorpbZyW0u67stUkyTUXct+CEMxSxCRsH
+HAAVFGlK+RILNZ222gdblHappv30BVJstEEey9S+rL9He6tsWUKJ6So6iYeyYONR
+wbQkoBfOwxRm2Ga/7GpUo97dDix6ooFpxVuYatOn0PwJo/N5v/g1Q+dmaFY/BizB
+Couc1V6Dq8GiUwldUhcGEcuzVsTOlYmXqxY5WWFxexsydzyz53WIExsUz7wk+nY/
+jdBhNX3pbZxxxYjJ5HBLK/3lfEWRaK6MXpok+dagIBZJt6y9GnyfIhgzHA75VRi2
+TMI6O5nVyOHLOj32T4nJwe8wdBSW2RmpsZZR8BaUIbHFH75X092XpeQSnnr0QtsJ
+k++uGSSi2LteDB8qwBbAmjgbvWB9DaYD3jRrIEVMt7cDLlk34LEc1q9LX7Uvh8ip
+dNsmzZ7DtrVfToUAFn5HcIj6C2JLGbQ1NFMx0p/ElSfHYX1fXw/KCNzDGhPbBKr2
+/HM5EUeCR0mB9quHbUXiazZpaNys6rIDgNGI/ZY/XWCX0K3g3rvuzAMYbLBSaOIh
+kR0xqzUPOkoYWAeKI7flSJykq8CDh8ULSX4DhiKTZrHpOqFYNVoss5FbgyksmFxz
+1TpgQwzP0lvtu3Iz3xRNvcDAMJeczrRG47a7DcuPq3tMqV1x0XhS6KTyjNtoLCri
+w0m8delonjCInjKees3cIjOb/uiBxjuIzl+R+eFfeion1c0wtyyzu3+/JVV35JTv
+u7abnsrdQr474QcdDau1ghFdJGQK+dMC73a/CBC2Hxj/odTbMZ7pNkx8Td+bSe54
+VBCW2vGug5lDZG1r0y6gG+1kVj9hMgbGBgRUaNPVUjvh7VDJ51JAM3U3HBTtd0Y3
+wtgYcbV6pjleZ/Ym4YNHGWEPZp9aEjUMcsq6rKXrESI3bffvx51v0XBLua2c7lqA
+ApUNpRR2tm80XJQfoT2YVunD3Ccn/AveY6wConBcZyqv1N1YxtP7122/3CcduQic
+LPdEJHbkuRE3Kb8UQAgDahK82juPno5L5ZqhmJXIXC83Jtq+5AE/2d2ZsRS12JWN
+Cv8GUsAJbvwi9eYzD2PGEsgzL4Kx5uc+fOEX/hb+7c4hqK36RzPeMsPnJy6qg8iR
+jykMhKeQTeybGkNvKzrDfaHTAJdb0L7CmWasLY0OxtQd+HP/yYjVaw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17.pem
deleted file mode 100644
index de751b01b9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17.pem
+++ /dev/null
@@ -1,121 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test17
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIIC4zCCAkygAwIBAgIBFDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK1VzZXIgTm90aWNlIFF1
-YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTcwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALG5QbkrUYEf/BsUOmiq+gmSjIMtxbiVJ8G4i1XsVOAFNuJhfPyL
-nhsnhig2d+tp2aJHFnDfMbvmjdmCtwPwqrcuxVO5PhjkLyfFo9Pt7zNCF5xtCkLK
-P7LCEtvtBt5jXh7REsOPlQzQkxng4SxG6VdndW1ZiNAJIDAsONONmetRAgMBAAGj
-gdIwgc8wHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYE
-FM7tf43yWQflUjDL35BzbeLwWXDAMA4GA1UdDwEB/wQEAwIE8DB9BgNVHSAEdjB0
-MHIGBFUdIAAwajBoBggrBgEFBQcCAjBcGlpxMzogIFRoaXMgaXMgdGhlIHVzZXIg
-bm90aWNlIGZyb20gcXVhbGlmaWVyIDMuICBUaGlzIGNlcnRpZmljYXRlIGlzIGZv
-ciB0ZXN0IHB1cnBvc2VzIG9ubHkwDQYJKoZIhvcNAQEFBQADgYEAPium8qIa/cDO
-l7vNWoULaBGP7Z9XxxEyexzl2Y83xGab/xw+KGtbV+6+GiGhCw4qpn7XLidQQ6Xn
-t7D2vKo+KoLg3BAdbt/azb3wf5tYakf//0bv4xQZ7ANzWxxH0gP5VdHaRIcfKXXR
-3kHnu/lecCM8V+F9V8pEU8K3zREtp/8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17EE.pem
new file mode 100644
index 0000000000..922eb98ee6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 61 F7 C9 40 D2 DD ED DC 92 F4 8B CE 0C 2E D8 41 4E D3 D8 12 
+    friendlyName: User Notice Qualifier Test17 EE
+subject=/C=US/O=Test Certificates 2011/CN=User Notice Qualifier EE Certificate Test17
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIID8jCCAtqgAwIBAgIBFDANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGQxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTQwMgYDVQQDEytVc2Vy
+IE5vdGljZSBRdWFsaWZpZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDE3MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgx/GESPgx+f2iTkGzayiIzcQFdPHoke
+X5w5e985q9OYBAGQR8L3z1N5pzoNK7KdyuLfTH/5ymU9F/TAfMjzVejFuojT0kkM
+YKn0WhTpc7lL43DesIDLfpmVxNseL/AfP52wP5KWfzLPeS12xOwVkkYYk+rXBCsy
+4Wajt7CR/OgYVVZqr+l4eoMZXC8QkbRzpqYMRsPDLDDjWM8TrdJWOcm3fS33pgTA
+IYaihsgfIPRAMV6xbTi970Z5nqjWQuQ1KzdvUe9FUfGNeUDybmOJSIVzQjbNpTQs
+rWQYzW9BcSlCjiGCDi01O8tur062uk7V6vtxQU+LDl2vW+etQZx07QIDAQABo4HS
+MIHPMB8GA1UdIwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJMB0GA1UdDgQWBBT+
+LIExXNIznYNgktX0s3YpDGcmLTAOBgNVHQ8BAf8EBAMCBPAwfQYDVR0gBHYwdDBy
+BgRVHSAAMGowaAYIKwYBBQUHAgIwXBpacTM6ICBUaGlzIGlzIHRoZSB1c2VyIG5v
+dGljZSBmcm9tIHF1YWxpZmllciAzLiAgVGhpcyBjZXJ0aWZpY2F0ZSBpcyBmb3Ig
+dGVzdCBwdXJwb3NlcyBvbmx5MA0GCSqGSIb3DQEBCwUAA4IBAQBfBRO7j1sk6/+/
+03HPnqa/E694vMdtGy/K/d8K3mdRuPTcxNcT2gW9VnVyQ8rKwrtZn0oWjehifnvz
+5DJCIrE8Qf03kY1rbCkcDsQ981Lbg4t11pzBqGARFVrAfzzeiKY1Q9EA7QPbpYvB
+RANQsSXkCSjE3BPvHdz/1ZZeP+kvzNSb+vrXOs0MXA5eAmz6Or9bOak+XOUDZS8l
+CrmEI6GRG8Coe8zy4YAbPy7uO7Zdvd+uQSEGDlwCDCtqQP0H2uWmNCstdAZHoJbi
+RevpMviFe7MFOtYgpJhEwgmK3wNLDcaPgznv5qCuH378n6gXL5Kv0ehBd9LcWPv4
+jZua3QQF
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 61 F7 C9 40 D2 DD ED DC 92 F4 8B CE 0C 2E D8 41 4E D3 D8 12 
+    friendlyName: User Notice Qualifier Test17 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0A67EF457602F9DB
+
+YagNBodo9QwnNc4gfwb3EiAHA7kg0zFRJCM2wV4Xy4HGMW4BknPDqBaFCui/iSm0
+4W7Y+LXHRLIzwUWy7xZdu1LfEIG3AHnz1Ben7VBNDLSJtbslPR6N0XC1T2Jh/InA
+WAvmGCmFny4DUGWcILjYJ5lUEistzxoBOF3v1+/5FEN9WpgBRmdvwLLl3cjkxZIk
+fTUYFZdE9vvxdAKs+ErnlRC9xM5xoNw9IN+swqsaGLq+05iUuQFIWSGptmzKbIy9
+RdhShNpCkgfB1hoBsv7mm0ivnjmLP3hx3QoVkP6KaYHtk0R5O9HnV6sgtUmm2evV
+qzPUvTFHu1+Awaf2m/ZAtOxQnlG0jm+SARSywwllRpeZaCHTWlYMMytIgN1qAcrH
+N9XesNJLohjjcF8jJT9Y1TSMR/yBB5CaM24nGdZdod00+Jhmb3M1KRJ52+bopMqx
+CzMu8+yiIk9Jc0gIekOdVhZUaD1mgEovibqlcWIahBfGC2LCU8AC1oczEEB0+dD1
+G3IYIiQtyShDvwhbqSdArmSQ6W4XJLxTVuHut1e0bzbtkRy6IF9eHBv0bfOYoX4r
+OMQH1l5B+Q8XYbDUi1ZXUYqKHEdrowsB3GpyKpideq2LtYx3hJ2+U2DAfaY2BGGg
+2bInIS39NdPqI4d1rCgC85iRg6N2bAqgW0Ack4yjc8orDj0KXZ5ZAjaomWPTRvdp
+Qt34gumzSeoE9shupaYfY2Y9Qwgh2os56ucjkhqanjSAGtkym8jftNsCjouAXVSx
+5kM7xAADzLtti1IMXuh/QZKtkzMjGRg6QxD+kqDQNArEZAr3Lpx4owOqWFjcfuBG
+p49iKbe5kTWITCAjytUOLXjkCsUjEYg+qfBJBAF6kqNZddL5trp3Rp5PF2IGU58n
+YIjE6JUOlWbsM/n0NML8q0s6x2HFn70bq+XHkSZq9UxQxW1Jy/VX2hqoEBXenZgm
+HDXM/gu928PSw3enWdRfpP/V0vIYnrSsO82rFhQd+sob62+ZXUSsQ1IPYThQCKXP
+200mOAw3vgIRYElLB8QxdQX9zZTaUvck+onF/vsUhUjnpfwNHEZsBFTnFRXaxT1g
+pGw4aItY18x7z+m2uRrFdnWZx4JIcYVhO+bWa7GT5eFEwycgmHX6e0UNIB/UG1zq
+biKcKw5g79ONR3iouXvQBRR+GIdGuYQ932TX1leYu335rER+lZuuwKJM/ZFI2kjY
+bpCIWbS6cIPiowH+yp/VqYX2q5lG7vIRVYa4P3t0kE+ylxEjKbzI1EJLJuwdiMuy
+2GEv1RsubsD0uEmJ4nyOw70AGTrLSIyyZyp6if3ivIntUy0V+rSozgWsfe3P2hit
+l3ZR/qzemIiQLLRs8Hm688CC9C4n+MAv6C68/cy5GZjNAVVTJpjh6BoP/GjC227s
+RcPwKbH4qc4xgCZG5gfIC9hRNj+ZInYjzKOUZNjBqWqlAdGpNrb8DlJ+FVJv1P4A
+Crvp5JaVOelF5Vm5zhKae2/CQSgojrS7HAIAf+ERbfZu4v8EnGxNjQJTJ3G9nnbG
+Z6R5twYPiCFR8ec8qbVO4X4xRObYcX9nL7ORNWaS/dguJLShLlaHvw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18.pem
deleted file mode 100644
index 177e92ffad..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18.pem
+++ /dev/null
@@ -1,115 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBJTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPUG9saWNpZXMg
-UDEyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5unCMuN8PuVFWbqxO
-/wnIQsciPiEo1GoKWjM6+kb9l3h6wWyWYwmst2c158qcJLY9PxaUMhqQd/SY0Tt9
-WlHXVcE8rMoWSGmFxfK33UpeCtqwz9ugPSWwZkqx2lI/0ozQXgjYb0J9/EoKw1O0
-CxxrdQdPQkyLD4Uxe87/MlpzsQIDAQABo4GZMIGWMB8GA1UdIwQYMBaAFPts1C2B
-nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQA42XpgdSGuccd5/MzOQZeTBGl+TAO
-BgNVHQ8BAf8EBAMCAQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFl
-AwIBMAIwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEB
-BQUAA4GBABX9GMyAC90FH8BvpnNh6SDn2MIT7iINc4/9u64d1dxEhqogqcR58khK
-btHyx8YrgbCcqUNS4Xs7ckW5k2VNAd9dG0Chc0uk6rwkv+sD1/zJi8LIGd/3cFjk
-biIVYqPxb7WpKqo97V+43tMFsTqJNBSh+6W14vlP55+Ep5IlxcOm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test18
-issuer=/C=US/O=Test Certificates/CN=Policies P12 CA
------BEGIN CERTIFICATE-----
-MIIDxTCCAy6gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAx
-MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF8xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE0MDIGA1UEAxMrVXNlciBO
-b3RpY2UgUXVhbGlmaWVyIEVFIENlcnRpZmljYXRlIFRlc3QxODCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAxkN3itGxxUqfb6j8AgRX2jxaI/oIBzr2RuZsAfon
-x/XVoUmmiSxWDooZhr/PlfubyixNG5VJX2K/ukJ6gfIGMXCAqunKm8/9bXgzZB3T
-i2oIgAy6WnRwKE0cgbedH6fY003jwsQNDt/HilRB+atbEJ/engTxLOIpwBcsN1qj
-rg0CAwEAAaOCAaswggGnMB8GA1UdIwQYMBaAFADjZemB1Ia5xx3n8zM5Bl5MEaX5
-MB0GA1UdDgQWBBT8A5L4pL/8ywpme6U8lushm7qgwzAOBgNVHQ8BAf8EBAMCBPAw
-ggFTBgNVHSAEggFKMIIBRjCBnQYKYIZIAWUDAgEwATCBjjCBiwYIKwYBBQUHAgIw
-fxp9cTQ6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9tIHF1YWxpZmllciA0
-IGFzc29jaWF0ZWQgd2l0aCBOSVNULXRlc3QtcG9saWN5LTEuICBUaGlzIGNlcnRp
-ZmljYXRlIGlzIGZvciB0ZXN0IHB1cnBvc2VzIG9ubHkwgaMGBFUdIAAwgZowgZcG
-CCsGAQUFBwICMIGKGoGHcTU6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9t
-IHF1YWxpZmllciA1IGFzc29jaWF0ZWQgd2l0aCBhbnlQb2xpY3kuICBUaGlzIHVz
-ZXIgbm90aWNlIHNob3VsZCBiZSBhc3NvY2lhdGVkIHdpdGggTklTVC10ZXN0LXBv
-bGljeS0yMA0GCSqGSIb3DQEBBQUAA4GBAGFe+mIs7y5351adHxETDUI8/Oki9cBU
-9ShrYKlpGJn8K0ST8XCe3FhVI/EMMxPJ7a7cYnl/7VQjyrFH9ulMmB3zoFiwbijM
-hfv2DyMPMTMB1pN57MpoBl7NEV0ze1I/u0CKcemqthj2jynTljGeLyJOCAd2Oat/
-J0ohqgkjwhfW
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:00:E3:65:E9:81:D4:86:B9:C7:1D:E7:F3:33:39:06:5E:4C:11:A5:F9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a2:21:e6:6b:0b:99:66:79:2d:86:a7:9b:cd:37:9b:4d:73:1f:
-        df:91:63:c4:de:55:15:53:b0:32:ac:c8:3c:bd:96:aa:ae:c9:
-        4f:b2:7c:9d:40:d7:f4:5d:99:8e:fa:2b:44:2d:75:ef:01:38:
-        86:c8:59:ae:e4:62:e4:83:b4:73:03:34:d1:7f:52:bc:3d:bb:
-        77:7e:7c:c9:41:09:4c:08:4f:a9:7f:d9:d9:0f:bc:46:9d:05:
-        70:2f:66:0b:d4:0d:80:ec:11:83:4e:1b:90:95:ad:86:02:77:
-        e8:19:aa:a6:48:29:a3:9f:36:c3:ec:9a:f5:a4:9a:0b:f5:11:
-        1d:72
------BEGIN X509 CRL-----
-MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAxMiBDQRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUAONl
-6YHUhrnHHefzMzkGXkwRpfkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-oiHmawuZZnkthqebzTebTXMf35FjxN5VFVOwMqzIPL2Wqq7JT7J8nUDX9F2Zjvor
-RC117wE4hshZruRi5IO0cwM00X9SvD27d358yUEJTAhPqX/Z2Q+8Rp0FcC9mC9QN
-gOwRg04bkJWthgJ36Bmqpkgpo582w+ya9aSaC/URHXI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18EE.pem
new file mode 100644
index 0000000000..830f8256e8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18EE.pem
@@ -0,0 +1,67 @@
+Bag Attributes
+    localKeyID: 0A 9B 11 2B C6 B2 2D D5 47 CD 92 4C F1 22 3B 00 9F 2B 67 E2 
+    friendlyName: User Notice Qualifier Test18 EE
+subject=/C=US/O=Test Certificates 2011/CN=User Notice Qualifier EE Certificate Test18
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P12 CA
+-----BEGIN CERTIFICATE-----
+MIIE1DCCA7ygAwIBAgIBAzANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPUG9saWNp
+ZXMgUDEyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowZDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExNDAyBgNV
+BAMTK1VzZXIgTm90aWNlIFF1YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTgw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC88AhCshO70EgmfJ0LoJAP
+aEyUfJHUOk0+uSHgQxC+TXR4NZUZYKNeGwc97Cn80E3uoygIUKpOIoZLOmA4Xw5E
+ZA9fZNmmT7cIzAjDXUJv6Oy03LcQ+2KNFRUIQ5d5y2e/InkkZjJNVqVxcpt8DdJg
+VknMuYUk5kqD/uf+L8t4C57iEj0KlBQMgsXGa4vNVpc4dI9irDlTQVCPZofSchFk
+5Ek41YVy+wDxDHW59/Opqr7VfXJOmFN0BxZ6NTW3VmXS4wWMV7ZTdi/YMVJVb/b5
+0uCCk/JXtFGHlVz454T++Decj9xf6bFyCzNGJXzf0WMtSyuXVqT1jWsCo/hGzo8L
+AgMBAAGjggGrMIIBpzAfBgNVHSMEGDAWgBTYXzXimsE3KibOg8xzDnAVKjriMTAd
+BgNVHQ4EFgQU4DsI8hwak6jmjAEqCXZrCm8FaHEwDgYDVR0PAQH/BAQDAgTwMIIB
+UwYDVR0gBIIBSjCCAUYwgZ0GCmCGSAFlAwIBMAEwgY4wgYsGCCsGAQUFBwICMH8a
+fXE0OiAgVGhpcyBpcyB0aGUgdXNlciBub3RpY2UgZnJvbSBxdWFsaWZpZXIgNCBh
+c3NvY2lhdGVkIHdpdGggTklTVC10ZXN0LXBvbGljeS0xLiAgVGhpcyBjZXJ0aWZp
+Y2F0ZSBpcyBmb3IgdGVzdCBwdXJwb3NlcyBvbmx5MIGjBgRVHSAAMIGaMIGXBggr
+BgEFBQcCAjCBihqBh3E1OiAgVGhpcyBpcyB0aGUgdXNlciBub3RpY2UgZnJvbSBx
+dWFsaWZpZXIgNSBhc3NvY2lhdGVkIHdpdGggYW55UG9saWN5LiAgVGhpcyB1c2Vy
+IG5vdGljZSBzaG91bGQgYmUgYXNzb2NpYXRlZCB3aXRoIE5JU1QtdGVzdC1wb2xp
+Y3ktMjANBgkqhkiG9w0BAQsFAAOCAQEAfxyDNghdSbzgxj/mObFvvEknTx5cjRIo
+L+CbP8ccGGrcfwJcbNEcZwlkzOSomEjsoROw4XPq6deZDC+x9McnYKYHwt78coSv
+urgue6YqvDga1785BozPcJqN9iTK8babcOeWno7ZPRbUEqNFfpesSfUtRjBoFh4G
++YrgneWORnvSZFS3Cz4X0h3yei0ZMNdPK/Zkt35QymLrPxr9rAIzOewaXOH32+x7
+bPgue6FhSz4na9iJQozynEsP1HSKRQdvm2E12ZYrE59hG7p2bqV/pUQSR8hZNnJZ
+IUC2I3sFck92TKZsdnYQHv3NuCl758S7O3cXnF436gqP31KGAzgcVA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0A 9B 11 2B C6 B2 2D D5 47 CD 92 4C F1 22 3B 00 9F 2B 67 E2 
+    friendlyName: User Notice Qualifier Test18 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B169BC8A27090A09
+
+znObGOy88Wfiu93UwhsYd3AH+KGrQzgcBvYNPNOzfdEN9SppYTeU6xuQCAJBe1Y+
+7428CPV/WM0Uf9X/ryEypZ20LA9dabDi19DZzGX4CHqIJBO4EHLepdA/yLkIHXo1
+1n80VaCTiFjSUxorJiMWBLVN+vNhZkuj2bZTpigTHlsrxrvbsGpHJwPuXNJwFXGg
+YKUZ8zgSAUwduMTv9RP2q85zGz0G7jbINmxBP+tImdi1m/I6+du3N3D8OD9gm2ZM
+Wc7GuRYpIweH+grva5lTHqJ6ndwxWvr6L5PoqdyU2MPBMKmtdiEVZKx/jysglBmO
+hSXm4ZQPzQ9gzxzxJImAYAv69wR17Lyd+wvBUdiuq0JB1GNJVo11HxKDzrq5shmE
+BAAFf+cgTU4pK1jlyKPWQ5uphKDjHXZPGarIXoN+zpZl2UAHWH6EUis+Zex/boAA
+8/orX9GYbMzvL7rGv1qWDeh95iBEY9JmoHmBiIbr3f+pmA/Wmk1x647/ylSMAjGM
+GCy4ynca0+o6TKvKrhXe3iZXB19ngSTJLW4+1m7J2kliyl3D9Emqv66vlOyBgBya
+ZXtfM0qQeROjdqrvjLMcnQqScgEQc32D1yWgEAown8z1xstqrR8mvLAK0VNowKZB
++9VhTXfzdamNC+F82YuinJzV2rDM47gZYHdWMEo3v5wahuQMQe7gRCkiDhYA0Y6e
+NH2S0ZdArCCeSav2pBaECBg06ML6JJ9U1z6gZmFYsX1tCirzxelPHefHhMegYRpe
+36JbnYsICtfc0a3fDdfJfI8V1jNHpxM70Je2mIlpT04i+b7pEJZWM8CsbQ1Iqkro
+k05o4WqehI6hGako97XdlZwXLnGDHNqY8fD+LPtK2EznHzPwaV9gIxdFhzSrp3cH
+wdXfGb7wyZTfcg9hr57zN08GrkEpj7b4sOife/bq9y4Vpqpow9TOKaEOv33p54xx
+xfZDK84k+F0cInPwpoGGGUc3JYqnqCXsIsi4UWgG+cyGwFlyv0TOhFQJzFu+haSh
+d/xhhAn9uDbL2Y1QoX+ep43BUi6nGbPYytMxPpFvK/zeZnMVuDYFH+uaGa2yhlj+
+LsWLYFi8FLBElHaNxFKBV9KespbFj0c/rHlYb4W1Ai3yya9NdaEZC3dpNunVNBrD
+e1weVMs5rb8Evff50PjFIpIK4Uv1h9EtzA//APUtT99AKexVF+bDrIIUKjZd3ubF
+8mnOrxI4m9Sl+o6HQI94igfG1f2Y/TBhSrnIWNQ/IgLHm9dCT/QRNv2rkAQSrDbN
+JkJx7Rz22VYZMHqnwhoq7U6MdofOHUlPsaLm3yc7Kmq0Xpd7ntyjDJheo67QLeh9
+YkPwoFar/LQ8934StLWj5/ZseauC9xdNdjfALJiNm5CTZ5n9x65oB4SsT+UkQczR
+pQEiVTJITBCUBrcoBQEwyrx80LdmjO0lyYtm/kLo3+82FHNkjWKGGBK60npBcjmT
+70qB7qmiWITmxZqSUwdp27hF5g+izXOGZwB90dopk588owoz13T4FjxRbSeWKAvE
+JA9rATNY32V9uY8wsAxxzKF7AfKKN3B4akAgSvYlnFsOlW0kU3j2rw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19.pem
deleted file mode 100644
index cdfe8367ae..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19.pem
+++ /dev/null
@@ -1,64 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test19
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIID3DCCA0WgAwIBAgIBKTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE0MDIGA1UEAxMrVXNlciBOb3Rp
-Y2UgUXVhbGlmaWVyIEVFIENlcnRpZmljYXRlIFRlc3QxOTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAmkrJdJV6KkYpFv+9djQ5ybyWHKyjUB8Km9OL5bgATpab
-SN8gXK6Jd/EmkSQLM58dolce8oaizez9cBhO/myxYLK4WQGi/eR1zCWhOYz75f/o
-+MUwF1WFbuHvk7JcW6/0e7tI3sxdgtz2k8JDvyDZ6CH3Hb678ZfrlMMuCODEw1sC
-AwEAAaOCAcUwggHBMB8GA1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0G
-A1UdDgQWBBR2o4bo1PW8nDTv5jAQJQYPDPfgtTAOBgNVHQ8BAf8EBAMCBPAwggFt
-BgNVHSAEggFkMIIBYDCCAVwGCmCGSAFlAwIBMAEwggFMMIIBSAYIKwYBBQUHAgIw
-ggE6GoIBNnE2OiAgU2VjdGlvbiA0LjIuMS41IG9mIFJGQyAzMjgwIHN0YXRlcyB0
-aGUgbWF4aW11bSBzaXplIG9mIGV4cGxpY2l0VGV4dCBpcyAyMDAgY2hhcmFjdGVy
-cywgYnV0IHdhcm5zIHRoYXQgc29tZSBub24tY29uZm9ybWluZyBDQXMgZXhjZWVk
-IHRoaXMgbGltaXQuICBUaHVzIFJGQyAzMjgwIHN0YXRlcyB0aGF0IGNlcnRpZmlj
-YXRlIHVzZXJzIFNIT1VMRCBncmFjZWZ1bGx5IGhhbmRsZSBleHBsaWNpdFRleHQg
-d2l0aCBtb3JlIHRoYW4gMjAwIGNoYXJhY3RlcnMuICBUaGlzIGV4cGxpY2l0VGV4
-dCBpcyBvdmVyIDIwMCBjaGFyYWN0ZXJzIGxvbmcwDQYJKoZIhvcNAQEFBQADgYEA
-J8J9A+SBJzSCvCFxcnWEMXbjUkKjp4BAEhkrRH5llfYFIwM5+QAqZTFKTvP5mhTj
-eeMD/sF7Ej90V/1wRzadHnmhXe3WRwe09BUVM4Aa4b+/th9PihRNvI7x10+mAuMD
-39/vWkwe5e0DTYQwe0t+8fHohmDgmJ6JkOiccJl0auE=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19EE.pem
new file mode 100644
index 0000000000..b501dcb4b8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19EE.pem
@@ -0,0 +1,68 @@
+Bag Attributes
+    localKeyID: 39 AE 3C 3A 63 6D BC 12 05 93 3D 33 81 F4 02 28 5A 6E CE A9 
+    friendlyName: User Notice Qualifier Test19 EE
+subject=/C=US/O=Test Certificates 2011/CN=User Notice Qualifier EE Certificate Test19
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIE6zCCA9OgAwIBAgIBKTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowZDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExNDAyBgNVBAMT
+K1VzZXIgTm90aWNlIFF1YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3E/MPmQrWuB1FwiUdy39Yth3/
+GCiDQBK1HGlJRkREfH5qLLXoXoXkdTfKoKMz7jetlTwfqh61oQcAGrUxJ+1uXFFo
+Z7rx39ZJy5WHoqh+/0KVFwVHzZlDjx6hRdDAV2wSH3CQA66JeGm6C/Q6seIPhXcs
+5NiM/7x1f+gaA6OKQbFyPhErhvwt6T3MiJgdnATXneT285aE9ERxGxq6pMqLTwCH
+7vnlDNq+86cr7qXwRxqgnrSyKZnd02g2aVRbQQbDe8GYJvn7FeJUruq33nGjYoUu
+cq8taqkWaVEvlAc6rNHjXP9bFUC37Dt/q05ODc7g0vHQvkgVKkcLvIor8GFJAgMB
+AAGjggHFMIIBwTAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNV
+HQ4EFgQUDU0KkzuR4M/gJ9ceN1sBfgKd6ZswDgYDVR0PAQH/BAQDAgTwMIIBbQYD
+VR0gBIIBZDCCAWAwggFcBgpghkgBZQMCATABMIIBTDCCAUgGCCsGAQUFBwICMIIB
+OhqCATZxNjogIFNlY3Rpb24gNC4yLjEuNSBvZiBSRkMgMzI4MCBzdGF0ZXMgdGhl
+IG1heGltdW0gc2l6ZSBvZiBleHBsaWNpdFRleHQgaXMgMjAwIGNoYXJhY3RlcnMs
+IGJ1dCB3YXJucyB0aGF0IHNvbWUgbm9uLWNvbmZvcm1pbmcgQ0FzIGV4Y2VlZCB0
+aGlzIGxpbWl0LiAgVGh1cyBSRkMgMzI4MCBzdGF0ZXMgdGhhdCBjZXJ0aWZpY2F0
+ZSB1c2VycyBTSE9VTEQgZ3JhY2VmdWxseSBoYW5kbGUgZXhwbGljaXRUZXh0IHdp
+dGggbW9yZSB0aGFuIDIwMCBjaGFyYWN0ZXJzLiAgVGhpcyBleHBsaWNpdFRleHQg
+aXMgb3ZlciAyMDAgY2hhcmFjdGVycyBsb25nMA0GCSqGSIb3DQEBCwUAA4IBAQBr
+LA2+uQdk+39kZyVEG4nvYUgMB+UvSTIYiXq7j451qekOwMNV735tLSqtWCzrSGVY
+rZ1tGVgnTBTf5LqcDa+lPVLEGeV1hUx2DnchGWPz8WZLtJXK6jVkG4wZlTx/xRR5
+miliPtgwpdkYsUf9H9MVUmMpawPvf5s3ZNubE4dQxjwN5vN5xemuDrbcOyGYUkDs
++xLxGrkGvdikgVOUIRXP4u0Erh9uTXXwu/ZQK6ygsAYTSO6XmKIzTJUEjeBxzpaP
+C/nEmljPBlHb680hA2nneeW/2HN+hmPpm0S9uDvwcIMNQc0c3q18lDNrhALaJQ1Q
+8NBTUeL4fQnsCosYSygC
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 39 AE 3C 3A 63 6D BC 12 05 93 3D 33 81 F4 02 28 5A 6E CE A9 
+    friendlyName: User Notice Qualifier Test19 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,16DBFEB38621F5C9
+
+bVgYG5xc+ER90RYRsDzgsa6txA1tgWk9xDWRusQk+tXyX+N/YyM74LR8Ixi7QaOa
+6JDH0JT8Zk1/ce3DBF0nVyKO30DcZ4pR1xbMPDCGDzS8DRD6JvaT2Eqf/CcpWIU7
+auO5iDT9UG31l9BgzXY81dZIxoUok+keIa3iYaNIwQu6TlZHbig4tlrAg9mfOUSK
+ETWopUIl+uJ0XLc2IVU+AlwJstr8csTkJWsvCKbTo0wEDgogTujYBTo6jwb9giNv
+VziqTQVrzqKajetKvC6wgGsw8tlhYsC5m+O5mik6/dh5R9B/gyNYJhE4DUswY1Xz
+153YejisupKdLkXGGRXIgBlRQs3EhKWmjw+kZqZWcWEFmSl6tpO2IFXO0cCZO+Z6
+y82Vy9HKFewUvhPN47JW3Q4Bskk9AWKaY+A08lJgxSpp2DD6Uw1x734ln8MJHSeC
+0KoOpPjWXxPCtixmqujaYyjfC9IkG0WByXdLONkonnsnp7/L9kyNEOJKqQFms2h0
+St5CLRQfgJ3vQGFQbLbg6JhX6pTSWu5wTMMdyB27lW/n8vZrb8NZTDSQjSWGOWnL
+91dTxzF02aGy5qh03FfX0FMgR692Ne09COm2uE3kcDeC61qeSxgGvGtNWfAMmnt8
+MA+ysbtJr36RfWay0IVYRQ2y/obuFU3dDxEW2GgGztqaN4U1BKfB5E8cbfQXtZy9
+fhTKbP4swQwiy3tTZnUoy8mN5R1KXEvZGB85o4IBBn5oR9HLbLSs8XEeCUES0ea1
+Akb8mfyH3puOVKNY1Hq2CNFdLtdLQvtLuT22q//fbcc/h11TJ3FRBywchUf6eh/A
+hYaHbALcxDCCjiWD6wjfaS/7iwQckIplhOYI29yZoDAPuz5V/4Y2bgjAk2T5d7KL
+ldl4SDSuD/7Mbrt7ZnDECQtyy540fGQnTUZIz2xkvXzKOcs/xj3Gadfl7zaCmrp2
+hv6S2/Mh0rUFmJD3wWM9Karbe3otQvUFwaLQ0NU7IoSa2pOxiGb60lNO1TQo5IBB
+ArUfLXiNmNEhn3I0hO3gJ497KjlcERC1HYfRhCDT+x7GMu9QoH982c3Nt64beGZ2
+53tiiQGZ4Df7/RNKvVvEmzLXTjhajoOLuEcqUD5sH1bWdHBz6pCruA+B8p9+izc0
+fzn1wJNNWCm0hEQl+XCloQVLk9UEvIJFB1hGIjffrAln2BNWVYK/TjKaogns66OV
+QeRf4Hff/ir6cEVukN3Eey1fzQ3Zob+pfUuabnuCMeT+v7bjGpiPJSjGpWpbVwOL
+NOozlqKsIM2285BJ9CBnva63lOEpTmaiE1QU8gFbjbGfXIZyh1tZ18jVep1RD0zE
+aJT0l3Vj6bj/0a3zpeEXV78tlcykbFm8DoyBvXWbF+rpFIwxEAiDpYeflGYlxYl4
+iRNrhz/fEnUe1/B2P0+knQzNi6rBPbo2OOMA6+zj2hN0wB+c3zFpyAbc5xVRiD7k
+PZEOQ3WDHzowaS62Dsgj3hC/wvQbmZwFRL6VXIvKl1yEgdjFu/Q7Fh4w2ojgsZrF
+sZuTwYIUNh6aLCn4yIOQmet6tINdQk97DpmifjLHIz1Ji18aoTa3SckbgvZl4UUP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6.pem
deleted file mode 100644
index a97ce07ad0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBFTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEtMCsGA1UEAxMkQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCfjlwgIWm+Taynv+38GP1Yf2hDPMT5pcsPYlRaeFeg7Tsr/GhTZQKB
-qfO7h8J6JjoKD1m1BTcrdiHbRBnn183kxyhljulJLu87gOUt6LlTGTBFeaUhNNxv
-wpzF5uQ7xQcChTE7GF4kxt/oyehJFi9TGtnjdjlSi3LXG/xfQn81GwIDAQABo3ww
-ejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUScn8
-twM8Z20KAJOp5NalHpIftREwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABV8
-zJCN9czUhadFLy10H1usL1xGEcB8SRR3Row0a+Zmj8T9Se71hTgW7LfXQj3bCDJV
-3AyAd+WA4N0y0+eSRWRGNAcMrOeqNp1/Ki6iGNYceZ41Goudsc34StO7symFfatg
-hTr8/7eU6NXu2o9cDREBOJujBK/Uy52E4rx/Faxk
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Basic Self-Issued CRL Signing Key EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMHAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczFFMEMGA1UEAxM8VmFsaWQgQmFzaWMgU2VsZi1Jc3N1ZWQgQ1JMIFNpZ25p
-bmcgS2V5IEVFIENlcnRpZmljYXRlIFRlc3Q2MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQC99k/Db5BB/DrP9cxgHHm842L/I4al7GOXLq3eb2h8ego1QdJ9IsNb
-ExIULQIAAGVlTriZ118rlLqlVxj05ehWT5HaDh0ygcNDziiUc4NoLYqE7Vh+wK6V
-z29q5vKajywEjZ0mAsvkfQvi1aBL9DB28K87sCS7xIEAf3zu7znQGwIDAQABo2sw
-aTAfBgNVHSMEGDAWgBRJyfy3AzxnbQoAk6nk1qUekh+1ETAdBgNVHQ4EFgQUNe4s
-lmPDT3wyx9zkVIWEuwRUL10wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAtn7y8N9W/74qmny6jUyLJcq4P
-ni0IjpLLS1hl4RYbKPyeekw3t2Lbuk7jdg9LP2GTY68plnzvHyqcKa0IL+gWvk7j
-6g1SHNMi2utPONRFStefcOubKxjT4c/HZHcPjYVBrmnssH4wzOi8bd8MQ8ZfdQLO
-l3ADkB1F2GjjIofr1A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIIDGTCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczEtMCsGA1UEAxMkQmFzaWMgU2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXGyrLR0BviK/81C9C/igI
-9zh+808dGICz2wS1Oh2CWCeYia4J/65Y7XBDRBW1TJbQLdrxt2289Lc/gc9+PW9j
-gwVpGRuYkFf+AwbMgLa1Ro5zqoIbD7WjTu7vgGdDvJmrSVLfSXavpeUBzp37Dsw6
-KzSHcBjPwGes7q3pjfhOMwIDAQABo4HyMIHvMB8GA1UdIwQYMBaAFEnJ/LcDPGdt
-CgCTqeTWpR6SH7URMB0GA1UdDgQWBBQPcsozQ6nEEVGrY9pEhw9hpPS+RzAOBgNV
-HQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGDBgNVHR8EfDB6
-MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJKoZIhvcNAQEFBQADgYEAjoyS
-h7zhrGkL40stundacKPqIEZ3HyWW0NQhD0wBhWslGAOvlCaf44kuTKggRY6r96sy
-4kWEjvfGu/r/dBgrFaCCGNv0ui5FfXu8WeZ4jvHg7wZbx5ATx5Jpumqbm0PcEYCr
-YnA6WBCstG0lohNV2ohM/wqRFmBB0WL1K+9IdfQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0F:72:CA:33:43:A9:C4:11:51:AB:63:DA:44:87:0F:61:A4:F4:BE:47
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        5c:cd:8f:a3:3d:9e:64:f7:64:73:9c:2c:39:e2:e7:d7:0e:b8:
-        1c:3e:9b:1d:14:dc:98:c2:8e:5a:1f:e5:47:31:fd:7e:a7:d5:
-        9f:52:31:c8:10:f7:d0:a2:84:3f:77:c7:f1:ba:7e:24:62:ad:
-        05:ae:1c:7b:ff:f0:e2:ce:55:f5:27:d3:cc:24:7f:c8:1d:a6:
-        b8:ce:42:05:e1:06:ec:1f:87:4c:d5:69:8d:78:59:d2:33:94:
-        1c:3b:27:68:80:3d:6f:3d:a6:c7:9f:2b:39:9f:d7:c3:83:eb:
-        77:bd:cc:7f:96:b3:ad:24:68:99:d1:1a:bf:05:1c:8c:3e:2a:
-        02:f8
------BEGIN X509 CRL-----
-MIIBdTCB3wIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYtSXNzdWVk
-IENSTCBTaWduaW5nIEtleSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjAiMCACAQMXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0j
-BBgwFoAUD3LKM0OpxBFRq2PaRIcPYaT0vkcwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAXM2Poz2eZPdkc5wsOeLn1w64HD6bHRTcmMKOWh/lRzH9fqfVn1Ix
-yBD30KKEP3fH8bp+JGKtBa4ce//w4s5V9SfTzCR/yB2muM5CBeEG7B+HTNVpjXhZ
-0jOUHDsnaIA9bz2mx58rOZ/Xw4Prd73Mf5azrSRomdEavwUcjD4qAvg=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:49:C9:FC:B7:03:3C:67:6D:0A:00:93:A9:E4:D6:A5:1E:92:1F:B5:11
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0x.v.t.r0p1.0...U....US1.0...U.
-..Test Certificates1E0C..U...<Self-Issued Cert DP for Basic Self-Issued CRL Signing Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2e:12:1f:54:36:68:73:b2:5c:f6:11:48:f1:d6:7a:bf:ce:1d:
-        d9:21:7a:96:29:44:bc:83:26:d8:8c:f5:11:36:9a:f1:23:78:
-        57:00:8b:13:c6:74:57:4d:3d:ba:ee:d4:ac:d4:40:b1:d0:80:
-        91:f1:06:81:91:ba:a4:f8:1e:c7:6b:d6:20:3c:92:26:23:94:
-        80:33:df:c7:3b:ac:fc:94:ea:e8:3d:d0:37:c1:d5:e9:ba:53:
-        83:9e:26:ed:da:fb:10:0a:6e:d8:cd:d7:20:42:2c:d6:7d:18:
-        32:6b:75:2a:3c:51:03:dd:4d:a1:80:e6:d8:95:6a:2c:b0:b6:
-        72:31
------BEGIN X509 CRL-----
-MIIB2zCCAUQCAQEwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMS0wKwYDVQQDEyRCYXNpYyBTZWxmLUlzc3Vl
-ZCBDUkwgU2lnbmluZyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqggbcwgbQwHwYDVR0jBBgwFoAUScn8twM8Z20KAJOp5NalHpIftREwCgYDVR0U
-BAMCAQEwgYQGA1UdHAEB/wR6MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0
-IERQIGZvciBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJ
-KoZIhvcNAQEFBQADgYEALhIfVDZoc7Jc9hFI8dZ6v84d2SF6lilEvIMm2Iz1ETaa
-8SN4VwCLE8Z0V009uu7UrNRAsdCAkfEGgZG6pPgex2vWIDySJiOUgDPfxzus/JTq
-6D3QN8HV6bpTg54m7dr7EApu2M3XIEIs1n0YMmt1KjxRA91NoYDm2JVqLLC2cjE=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6EE.pem
new file mode 100644
index 0000000000..7fe42dcdd0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 34 20 4D 89 51 7B 54 0C 6B 1A 52 FD 0D 72 D3 21 9F 58 87 FF 
+    friendlyName: Valid Basic Self-Issued CRL Signing Key Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Basic Self-Issued CRL Signing Key EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEtMCsGA1UEAxMkQmFzaWMg
+U2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMB4XDTEwMDEwMTA4MzAwMFoX
+DTMwMTIzMTA4MzAwMFowdTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2Vy
+dGlmaWNhdGVzIDIwMTExRTBDBgNVBAMTPFZhbGlkIEJhc2ljIFNlbGYtSXNzdWVk
+IENSTCBTaWduaW5nIEtleSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAND3qOzfoU+xaDx00z/q4nNVyzqNAr1QNbHd
+2Vr3Ny+UIQiQMN6wUgDa5fYlxpAYH3HyHYFGqsJZYqAEi+QOnW55ed5U6fgkuMIT
+n/cmHWrhrWxpkGeg9taQHF7JLv7rOQ7hJFwCpAGMIO8AcI4RT6uLFw4oJWlSFUNT
+U/Nuz3tll9cnN+Yka58LJz7MH8JpKiyKnu5k8rKb1BD31rds5RQtUfj/GGGz771W
+JFuJjDKN1UcL/EOAllJIfw4vmtjG3KwiR0xszG6xoQygEVKwr3eUE4GF7f2KKear
+EXZl2NutzBQqdY8sKD9K4P204/U165InI066R+fyI5qUg/JGQvECAwEAAaNrMGkw
+HwYDVR0jBBgwFoAUKZpFLjaVnezyXlScE9XZ9kSRLBMwHQYDVR0OBBYEFDK9sG1g
+aWR2H3k1G4/tOHKlv+89MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBACfVwWYG76TXRNenzqpOIJ2KRon5
+yMuzHhx7VEYiqjshbtUhBPf5P0WaidDatxO7aRV5F+UW36ZN40ToCkhigxFOaXR6
+lIATMJfqZ0yAP7FDwYzFJGmUO9m+FrZD/rge5aowjbWOuwnKTsjlu6IEz6j/v+cU
+4yO9xT8GgIs4HMagJ/e9qTAI9BhGpQqrkQUmuk8lEdzifR+f7jXLT7uPN1+GWL8n
+sY4eYTT1Saw4mhUFj21AOPwYtr4Bzb6IEEgJ3rU8y0vu0oTU4+e0i9+u0RbQAPWr
+zCY76nRguTsIVvPx/NhrJc8HvBij15cNTdYnWsQLSLGRkZkWV0fE4LtZpVU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 34 20 4D 89 51 7B 54 0C 6B 1A 52 FD 0D 72 D3 21 9F 58 87 FF 
+    friendlyName: Valid Basic Self-Issued CRL Signing Key Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0494381DE63BBE79
+
+IudZ0o8BDzB7EEI1+uMk1VOVrcBmrKfMlt3ce2aPGA0l02hF/YsuV3PEs/+8yWqL
+ZBPy+WHS7wc35VWrC1RssivAei/Ie7W4UM0SAKrZRrKUDkCURB90+jT2iZfa2XzP
+nMNeBMcg/27buoq3BJu/zyVU1wRmy8/+vpzu2tbOdND0d3qPGZ399gAGpF8Q8dbG
+3jUCINKvdDIpYeWkN4eKvCSRrcH+POqEpY80pWIBucRPUXk6X8UPgvrGrv6DGrQ7
+V8a2/mz2NTYmUSNJVAn3vVwg78v6YMHvD1tbMx2tb1kKcb4CSCQEvPY+jpBkg1Ab
+YQ3xt300Kg/JMRFRqOFBem7wH0p6E5veL2u4JuR/L3fJAQEwlXYC6VmKQ1HR7foz
+qpmBxmE8/BTzhE0kBjy3nh6VDMW5Q0I0RBu9tRPV5jpPvbTBpF7hle1CT1oiUf3N
+dylp1Oy0oq75nijtLbstgJRoGp8tw+lTR0P9T5zQPU/nR2aFT8nv4H9KgmJdehEc
+sCDvDWWXg5R2pK2hsjGGa6RNomM0KjH4CTnrZXA2qK8v0LO8eVhcY8wsmEhJBzPm
+H/ZtOGzh6uYuTD4yWa3Dl9ZjpQEIPbXhOP4V9aBrtEtpJ4IAdHTz8xawZF0pucy8
+C49a5XJ8bvTC4Sa5PqOqGOSHm+ylrxtqPnHgStDvr3eRo1dxNMUJ4vuCx6x2s7wc
+Bsrj9fwpdiqWKbwcLphJU+9WfkMBrZdSRvo+d697ilJqwvvvjgihlXucinB4gj13
+mvS90wUhIr19cUrJHE2aErLJbFvcnGNITrtDbml5dPZj3FZ4khxTf/d3wQK1l+BI
+h+pci12QVsOiDYncM85H+dz/wSWfpcW2zOka5n6QwKA1BGIF6b4uf6MtwHQp0UOC
+Ih2gCYh7hnCYA0QnF0F1gz4Ty17bRTBvhiHIcZpNKqWUAwbqs7HI1w4WsFMLlpA1
+4Zi4FC/vzUO/AbWq460FqPXAZnzcvxpnQsuCx+kjt7oD351xPbn7XjyjibS1qeDb
+Df0XpuDliV2omg1B1wZN0bf/BvgXpM212oAm65hEEGMIACf5AsJ6v9HSHBKa4zZx
+OGxsgkp2J6l1zdcnuPGdmZrNrR8Go4xAuoa06Z9PlwUak+hh+hWjx3RSBcXde7Tn
+IkiXmT5TnwgJo5GzvZzNnCS9RLmByjISTHvo0G+mcJ2wq5JvMhxrfKBnIFvNebRg
+zGSFtzswIO8NPNhpJd1tFm0fZH71cppWMmaEnAIGK2Vj75/niZqldbCqGkwHMumc
+nS2+eOCDMvNzm63Cata2X5RLozuNJCcuRtPyrbPQ+tBzcruV3AfEoradNGg0Nk3q
+kMbH8lQUpNUehpVBUTi2JgYeczmK7tGzrpar2IuektktzVONkqdy5EsoumaoaP0F
+uAysrVQcX68a+E5IwN0TLz1T/UNLewz6AH95iC09yvpiHiME47ZzVLaOFX+p+V3b
+grd2fvx038AnJXp0McsvRqAp3Ee+oXMIexxiuopm16Jx0N0lg+9tFL84XqESpaRH
+DG+RhhG0qIySIhRc524DIXO//ep4lubujus86NCcb5JaSrp6WCpdNAhCyHDcjohF
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3.pem
deleted file mode 100644
index 1e0db3236e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBFDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgT2xkIEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-q8Gbt04t1VYDzow3lv3G+lNNQ/gCP0fz7/PBxNPzAwluA2Qzeix8gg74cXMpRe8u
-PosT3EZZ9iK1PyFmcNq+CjzCuvi8d+1gaGS36wkcQBB6g7HiKRQ8ERQ4cEE6CH21
-ntbFzVbn3d+NofzVo6e1AIdHDNPm7G0+F6f034Lo508CAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPqiarnu+k/Fcp11
-00t6bYzkXDkkMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBzQl++7X/MYd9h
-3E0XroNDuD8TflER0UTgWOwN5UO8BXz8j402hmhEPyw66u6R27V7U1/wf8wtCAli
-W7LnTcJKWFy9HKnpibiz50ike8zgsVmv1godVgDn/xvQPRAnWq+OX9Abc+6OTqiw
-aDNRQp2WD1ph+daLu1XQgeAoD4Gajw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Basic Self-Issued New With Old EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIICnjCCAgegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBtMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxQjBA
-BgNVBAMTOVZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBXaXRoIE9sZCBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAln5v
-UhL9o7sN5MyQTZEB3Fhj6lKfzTNHMBCsngHpQqTP8zlmPvaEGpR53N+RNthxaW8K
-XmN4WVFvyXl8eaVl8+U5cewY1K/m/6OqDIZ6kvjXugMkKLbjL7ptsAGx5VoyHs/F
-xy4n0cEOmAXTZ7dbzFqM4xfqJRLqi2CgQUHnb1kCAwEAAaNrMGkwHwYDVR0jBBgw
-FoAUG7qMIYdzBwWY+uu52W9BpEXVhuowHQYDVR0OBBYEFKVAiq/jp5QN4XgK0S+E
-OKaV0NBCMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DQYJKoZIhvcNAQEFBQADgYEAIgeBhcCa3jeEq1F6/+iNWMXRVgzyV3vsDielCRFy
-wKdpYGocHPJG59OSZEHCUsdDRF2n3hhGkEILL4huEgX+oiiOhyGM/Xrr+ACuEIaS
-qfs4gBQ/HrYydCxNN4OHOuLoFDmotodh/lvY9igeeaRZ1AFI7AicI0D4CAqXyLcU
-9WI=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIIDETCCAnqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBALQ4a61C9wpu5W0cACccONm+QLNESmbHtLwy498fByU6
-h5UnHkutUfy7DbIv3rELFXUd2yM5xQI/QuQZ20EjXOZiCSJEcvzfoAyFLrAPf1pN
-xQybX5HhLnJK+oGlwmD4ZatL7oDqV5IhlIS0So7g+SBOCh5lkKdzbH3l6D7nQXSD
-AgMBAAGjgfowgfcwHwYDVR0jBBgwFoAU+qJque76T8VynXXTS3ptjORcOSQwHQYD
-VR0OBBYEFBu6jCGHcwcFmPrrudlvQaRF1YbqMA4GA1UdDwEB/wQEAwIBBjAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDBy
-MHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAHDVnYLXKN//Mu1w
-BZS8DbfQ8p/DlXZ0n9EmdXRzoHXReDWeOaoiHU1H1HNJcLMe4YgEjsttTEBGfsZo
-OvyNNUZ7C/oQymaDykP9W/m1TX3ZVLmx96zj36gCkVPczoG78kQ5zVjoLl5G5BJQ
-4YX3NumsNd2WpHY34K21Cd/KJ5KJ
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:1B:BA:8C:21:87:73:07:05:98:FA:EB:B9:D9:6F:41:A4:45:D5:86:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        62:de:93:8c:36:dd:b2:71:56:bb:4e:e4:32:37:51:de:6e:19:
-        01:dd:3e:25:8c:d4:81:7e:fc:66:54:74:0d:32:30:d2:11:49:
-        dc:ad:6a:b4:fc:8f:ec:e6:56:fe:e6:ec:53:9e:41:66:31:2c:
-        ee:3a:be:bd:74:34:9b:71:c1:67:1d:3b:28:04:b9:85:e5:72:
-        cd:f0:2b:a7:d9:d5:e3:43:25:4a:52:2e:79:24:52:cf:75:e1:
-        3c:35:82:d1:5d:1e:f6:05:8b:45:24:67:ed:84:9f:c7:8d:c0:
-        19:55:5e:52:76:3e:2f:f4:af:13:ae:d8:24:a3:17:68:5d:b5:
-        45:74
------BEGIN X509 CRL-----
-MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk
-IE9sZCBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEE
-Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFBu6
-jCGHcwcFmPrrudlvQaRF1YbqMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AGLek4w23bJxVrtO5DI3Ud5uGQHdPiWM1IF+/GZUdA0yMNIRSdytarT8j+zmVv7m
-7FOeQWYxLO46vr10NJtxwWcdOygEuYXlcs3wK6fZ1eNDJUpSLnkkUs914Tw1gtFd
-HvYFi0UkZ+2En8eNwBlVXlJ2Pi/0rxOu2CSjF2hdtUV0
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FA:A2:6A:B9:EE:FA:4F:C5:72:9D:75:D3:4B:7A:6D:8C:E4:5C:39:24
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0p.n.l.j0h1.0...U....US1.0...U.
-..Test Certificates1=0;..U...4Self-Issued Cert DP for Basic Self-Issued Old Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:6b:ec:1f:5b:3d:31:1c:fe:c6:40:ca:e3:c5:52:30:a0:9a:
-        55:ee:f8:c3:bd:cd:b1:45:d0:7f:44:f6:42:1c:0f:b9:df:8f:
-        4d:25:0b:ba:5b:bd:0c:68:c2:ce:b0:c4:17:e7:be:81:de:73:
-        55:5c:6b:d6:3d:e5:e2:18:31:d7:5f:6e:1d:4b:0b:31:cd:44:
-        fe:29:d5:27:77:f5:83:bc:ee:3f:46:31:d5:66:5a:a1:9b:1f:
-        16:d0:8c:ef:ae:bb:36:75:a4:b3:62:be:16:cd:de:b8:90:bd:
-        5f:26:1f:a7:d8:1e:59:ce:27:af:ee:ab:de:9d:1d:66:ef:9e:
-        49:cb
------BEGIN X509 CRL-----
-MIIByjCCATMCAQEwDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3Vl
-ZCBPbGQgS2V5IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIGuMIGr
-MB8GA1UdIwQYMBaAFPqiarnu+k/Fcp1100t6bYzkXDkkMAoGA1UdFAQDAgEBMHwG
-A1UdHAEB/wRyMHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBC
-YXNpYyBTZWxmLUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAIxr
-7B9bPTEc/sZAyuPFUjCgmlXu+MO9zbFF0H9E9kIcD7nfj00lC7pbvQxows6wxBfn
-voHec1Vca9Y95eIYMddfbh1LCzHNRP4p1Sd39YO87j9GMdVmWqGbHxbQjO+uuzZ1
-pLNivhbN3riQvV8mH6fYHlnOJ6/uq96dHWbvnknL
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3EE.pem
new file mode 100644
index 0000000000..f07496000c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 0B 3F DC 89 46 44 62 27 7E D5 64 8E B1 B6 E3 B6 FF A3 1B EE 
+    friendlyName: Valid Basic Self-Issued New With Old Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Basic Self-Issued New With Old EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgT2xkIEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUIwQAYDVQQDEzlWYWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBOZXcgV2l0
+aCBPbGQgRUUgQ2VydGlmaWNhdGUgVGVzdDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCvB9Hx5fpvsmfyxZyAuxLiVbm5ZGySZNIbcBqQlZ4UZ35CG+zq
+H5ViyZ+id9ZDWkQB+RFQB1r93dvpCFiz0wYjRQ1cfxpudCCBQDiVgkTzt4/kD9pc
+iHk9w2ltb3fCqtjXTrLYl25PXXPq4boF10kWnxDvvEaoCl1jZBtEyta9VT3O20wt
+HeTLywU9Byql1qkkUp7fIBj/rgXDuMchFRfcN9C8xD3vSGp0Mn7w3dLkixVtk6fN
+mRgudZ1X4WtAzNJcWUZwzX1oBGMEoZ/p8l64lPuyX1SXtwHIbUkAtKDuUeqDpQa6
+CrtfqP/WfN6I3HCITRvw/K69sGjvXh3Ce9AfAgMBAAGjazBpMB8GA1UdIwQYMBaA
+FIhfvj81OWaa603CJhsmsSontQgqMB0GA1UdDgQWBBQm6qJntGK/v9TM/WTbiNJv
+J4vrFTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
+CSqGSIb3DQEBCwUAA4IBAQAz4udcgcZWr+2UzCvM8M9LWlJZIcpZTTDMgbIDKhAg
+WPcz7zI9T2gGVKy76yGTGisXSRuVPW/qUz6qSfP4OsKhkinToF2wDU8bYKB01AWe
+8JnTI13ZsOjlfunus1A6KXISn/OefW96YMTB9sloWS6YL2xYhs2tVbzAp7BDThNI
+x588Obo5IhjFuaq+v0J+iYl3guCHzfNMN08mbYomYCwZBYzoB6i/YSjrIhdVp+14
+Bfqb39ZLzdpxubzH2Oie/7PXibacCQo3h6IwxdWh/29vkt9p142MtnszMBUqrTOc
++yRvjXJbpv5rr9EmVaNhhIanrgVHHm7ehOcQZh+XDBFV
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0B 3F DC 89 46 44 62 27 7E D5 64 8E B1 B6 E3 B6 FF A3 1B EE 
+    friendlyName: Valid Basic Self-Issued New With Old Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A9052792081A4191
+
+QhIGxJGXZ5WORB7p/Sv0ohTZAtTuhVVcLmlwz3p81zuk2usweBDNN22OZiFVOUnW
+hJBfYLthgUz5rwmlb1h5rvyOjOqVVUtwE4CdiD4ZFBUWEX0gnMZhG82nDFHRohcT
+BIw7nE4rnXBdn+RuFrKn+fw4+9TcWPCWlKJsyc+M33DP8qzWWL1PRNl/EyhyGiuI
+/sRCpCFPfUI1wBDeWhXpiDIKB1N6OdZHj+gW5kwUMJsDJS1wPT5BpAPdgMi9yebs
+Jn2zW1osO+dYGeT6dHhyVrfd0ryFpSvVmdM4XwrAVysC9nP81woe1OldNtM9vPuM
+XevTzETwZ88U2IUYT514Zch+XGd5QpIfchDxdVlfxkrkrQ2M73UhAXnIDSQInjbg
+iQBmNQTqAbOTK2KlJdRji1iRfofMzWzHuDQcppDVn+5PgvI/bgqA14pZH2E76BGj
+6ev1vBrKS0U5dU3tUJm8lkDJqZF8JUsMnbiLkGv+7R0/iua+9kdwHEECKabTIaqQ
+jnNN1jb74wEjnKdCs2NPrn+I9mWGjwgPKDQdbYgmkliF9381uIDNs6hAi65pMmMQ
+/ubo609SY4JwMBwDdD0GXPbpoHPLKoPQcSqbP3exbU282ZU1RTrhN/xkaqMW26ew
+hb9A9RWskmJhi6QwLW+Yaw3ERyLWKTcv8yQpzynBy8qbPFKAv/0rJ/iQjbliQ9GT
+FxgvqVZ1TNvbKTLK/XB6+7rjtBbrr3FQU5y7tkfqSKi8FRLrTcTjWhn54tPDFHsG
+Hx+XAiE3+wrwx9pD4O9ZL1zMM3NY9paXsePvThxKt0TWCQJZT/dtQJxp574WxrK9
+NKMg3PmzVSja5TIyy0fiCrqHJ5hyusw9DtJuxQryi1G+S+J3jIzK5horevNMuu0Y
+zQmFyUiBpyiziLTVSJC++OkOqosP/6ikxkV6rXBRM5pSjFVsXVHnF5KfSya9XtTt
+kfiERcC3G2xk08ZMnKSPzYl+XDGcjcKzEBJlbjdeW8qMNhEDd1aL/mjlaJzdXYWN
+F24lh8zx8s9P4zPxxIJoq/+6+dP0SRypECTP79sR7ACv10c1FOS3FALaG2qu4gDU
+75ITWrAiHY5JS4IlTIeUoWuMNeV3EEpbAJdiXbY2lG5wvFcWT6DQ1mTD8nk64Uam
+Z01quDB0vKsbia0HwpuoqJT8q6urX2M/y9zwK1snzsXDJ7kP3EyYcJvI0UoKJD4i
+1kzo+dc9brliCNdVJKMEu2YaTB+gh+Bx9Bni/IleE5FkZ7C2gEMykvv7zlKTksSS
+e8d27GEJL6827JjZk4qqoxxzNU0wgxn8gWbQXcMn+X01PsHLUZTVKMPBDRXMNIZZ
+FshWPNbT+kS0t0O9IHWMZbBJP6H9YAKdo/7MyMHXDpoOdQnhGKeI2H5I5nyerqms
+zS7aXIqxNFuGx4Jg2f3+08XNW2bdHtbud7423k0zaPOMf2HDkaGIxtWzkdDBZjTP
+EyD6dXmO0IR/8Bov52Or/0bOuCz8SL0Kdi4mff+0mrb9oe0xbBOQtOx5dTTcZgOu
+Hq//gPWA5Bi8AZV7AHqZPiyht9P+wJWrwKEfr2+jL6PiOIY0DDuGDdKGAIVXtAjm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4.pem
deleted file mode 100644
index dc7432e631..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBFDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgT2xkIEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-q8Gbt04t1VYDzow3lv3G+lNNQ/gCP0fz7/PBxNPzAwluA2Qzeix8gg74cXMpRe8u
-PosT3EZZ9iK1PyFmcNq+CjzCuvi8d+1gaGS36wkcQBB6g7HiKRQ8ERQ4cEE6CH21
-ntbFzVbn3d+NofzVo6e1AIdHDNPm7G0+F6f034Lo508CAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPqiarnu+k/Fcp11
-00t6bYzkXDkkMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBzQl++7X/MYd9h
-3E0XroNDuD8TflER0UTgWOwN5UO8BXz8j402hmhEPyw66u6R27V7U1/wf8wtCAli
-W7LnTcJKWFy9HKnpibiz50ike8zgsVmv1godVgDn/xvQPRAnWq+OX9Abc+6OTqiw
-aDNRQp2WD1ph+daLu1XQgeAoD4Gajw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Basic Self-Issued New With Old EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIICnjCCAgegAwIBAgIBAzANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBtMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxQjBA
-BgNVBAMTOVZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBXaXRoIE9sZCBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAogdB
-BnysUr/KTFA61NvJ5idc2kOLUlr2Nyx1WK3KTTQwISpC6JWv5b2oERCJDCL7/3g1
-C3k8J0WWk7CG0T6ydQI7A90xJDYMPGdknO2Sc+8vm/JBnwo5Qgfz2X5Oeo0Bedbz
-IDJHs35fj6KCHCxExaw5BHTbxC2cIu9YU35+KTECAwEAAaNrMGkwHwYDVR0jBBgw
-FoAU+qJque76T8VynXXTS3ptjORcOSQwHQYDVR0OBBYEFHx6BhJiF7QEIUB6yCAl
-MoN5MbxqMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DQYJKoZIhvcNAQEFBQADgYEAkmGbvODeNeoPt8PMnRvdgOCxlnqA/pzPuD+JbKui
-VPa3xQM64kKjbdTsq8JU+BtYbgy1Ocx4Lmvv/wdJ5AuIosaWiAfwW/+VVni4f6pq
-lb08+5rRTA6k0Z5lhV2RSx+AomDcQnrwsxgi+LPj2aWfwxPL3RkpQ+gnBnoRdOwI
-Fak=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIIDETCCAnqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBALQ4a61C9wpu5W0cACccONm+QLNESmbHtLwy498fByU6
-h5UnHkutUfy7DbIv3rELFXUd2yM5xQI/QuQZ20EjXOZiCSJEcvzfoAyFLrAPf1pN
-xQybX5HhLnJK+oGlwmD4ZatL7oDqV5IhlIS0So7g+SBOCh5lkKdzbH3l6D7nQXSD
-AgMBAAGjgfowgfcwHwYDVR0jBBgwFoAU+qJque76T8VynXXTS3ptjORcOSQwHQYD
-VR0OBBYEFBu6jCGHcwcFmPrrudlvQaRF1YbqMA4GA1UdDwEB/wQEAwIBBjAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDBy
-MHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAHDVnYLXKN//Mu1w
-BZS8DbfQ8p/DlXZ0n9EmdXRzoHXReDWeOaoiHU1H1HNJcLMe4YgEjsttTEBGfsZo
-OvyNNUZ7C/oQymaDykP9W/m1TX3ZVLmx96zj36gCkVPczoG78kQ5zVjoLl5G5BJQ
-4YX3NumsNd2WpHY34K21Cd/KJ5KJ
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:1B:BA:8C:21:87:73:07:05:98:FA:EB:B9:D9:6F:41:A4:45:D5:86:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        62:de:93:8c:36:dd:b2:71:56:bb:4e:e4:32:37:51:de:6e:19:
-        01:dd:3e:25:8c:d4:81:7e:fc:66:54:74:0d:32:30:d2:11:49:
-        dc:ad:6a:b4:fc:8f:ec:e6:56:fe:e6:ec:53:9e:41:66:31:2c:
-        ee:3a:be:bd:74:34:9b:71:c1:67:1d:3b:28:04:b9:85:e5:72:
-        cd:f0:2b:a7:d9:d5:e3:43:25:4a:52:2e:79:24:52:cf:75:e1:
-        3c:35:82:d1:5d:1e:f6:05:8b:45:24:67:ed:84:9f:c7:8d:c0:
-        19:55:5e:52:76:3e:2f:f4:af:13:ae:d8:24:a3:17:68:5d:b5:
-        45:74
------BEGIN X509 CRL-----
-MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk
-IE9sZCBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEE
-Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFBu6
-jCGHcwcFmPrrudlvQaRF1YbqMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AGLek4w23bJxVrtO5DI3Ud5uGQHdPiWM1IF+/GZUdA0yMNIRSdytarT8j+zmVv7m
-7FOeQWYxLO46vr10NJtxwWcdOygEuYXlcs3wK6fZ1eNDJUpSLnkkUs914Tw1gtFd
-HvYFi0UkZ+2En8eNwBlVXlJ2Pi/0rxOu2CSjF2hdtUV0
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FA:A2:6A:B9:EE:FA:4F:C5:72:9D:75:D3:4B:7A:6D:8C:E4:5C:39:24
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0p.n.l.j0h1.0...U....US1.0...U.
-..Test Certificates1=0;..U...4Self-Issued Cert DP for Basic Self-Issued Old Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:6b:ec:1f:5b:3d:31:1c:fe:c6:40:ca:e3:c5:52:30:a0:9a:
-        55:ee:f8:c3:bd:cd:b1:45:d0:7f:44:f6:42:1c:0f:b9:df:8f:
-        4d:25:0b:ba:5b:bd:0c:68:c2:ce:b0:c4:17:e7:be:81:de:73:
-        55:5c:6b:d6:3d:e5:e2:18:31:d7:5f:6e:1d:4b:0b:31:cd:44:
-        fe:29:d5:27:77:f5:83:bc:ee:3f:46:31:d5:66:5a:a1:9b:1f:
-        16:d0:8c:ef:ae:bb:36:75:a4:b3:62:be:16:cd:de:b8:90:bd:
-        5f:26:1f:a7:d8:1e:59:ce:27:af:ee:ab:de:9d:1d:66:ef:9e:
-        49:cb
------BEGIN X509 CRL-----
-MIIByjCCATMCAQEwDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3Vl
-ZCBPbGQgS2V5IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIGuMIGr
-MB8GA1UdIwQYMBaAFPqiarnu+k/Fcp1100t6bYzkXDkkMAoGA1UdFAQDAgEBMHwG
-A1UdHAEB/wRyMHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBC
-YXNpYyBTZWxmLUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAIxr
-7B9bPTEc/sZAyuPFUjCgmlXu+MO9zbFF0H9E9kIcD7nfj00lC7pbvQxows6wxBfn
-voHec1Vca9Y95eIYMddfbh1LCzHNRP4p1Sd39YO87j9GMdVmWqGbHxbQjO+uuzZ1
-pLNivhbN3riQvV8mH6fYHlnOJ6/uq96dHWbvnknL
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4EE.pem
new file mode 100644
index 0000000000..3fb27269be
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2A F7 87 BE FB A5 B6 5A 03 1F 34 01 8A FC 21 34 0B C1 ED 93 
+    friendlyName: Valid Basic Self-Issued New With Old Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Basic Self-Issued New With Old EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgT2xkIEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUIwQAYDVQQDEzlWYWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBOZXcgV2l0
+aCBPbGQgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC1hupFJIR+fBLxx23/Kru9609/2Of2reiVqs0uGOuzXEzcBfwg
+9WdOmpHE1tgrgnPeg8KPjQEdi3E0FMZ17szaxuBzWaBD82++ZUGuOsyjG+1U5pp7
+nnbay91jYHRKTscjnRRaey8vSorDe4H7lhnTUjeShTXnz1YOZCMf8MLNXbD7Yt5j
+bnwSo9EdvJvh2Te7ZY1jTvS7jWGmFZOTyaeVRXXkwN9jtm4uc+oc5B5D948nRAML
+o8qspGTdP8jokf788nWZrbqc8eFYK9mQxZkmkULPb+wgt/M1aNcTixwXuorxmUGM
++5ZmBxemRqqNIk9OlSScZ3oOKNaFEZ90QQZpAgMBAAGjazBpMB8GA1UdIwQYMBaA
+FN0NdY1TaBLEyxVAwBSGFBYwob6vMB0GA1UdDgQWBBR0xH9Fw7Me7BU1MG+ThFGX
+FlOJSDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
+CSqGSIb3DQEBCwUAA4IBAQCJSpwZJZwrb6ql2kHDQmAuRxn30WNsAenJokeRhyL0
+GMvOWgt+IYyeL2DxoZL477cH5+zUG7JyefyZvXz2oAzfApgPK8MCeQC/opoU1gQY
+oCWuo5kQjFtqI68wosKxrQvGh+VJMhREKBfShcR0z+MQhRut52Snvb2vMpdj0+yX
+iLttI1yQExAATJR2LUBCG4lMIqwW29IgXLUkxDSH8yyMA4NsRKhkawlY6+rGV+8Y
+pqZr1e0rmZXNrkxe7X28c4a23f75cq/+oTAql+9IZVE1FqWE/z7Ae4iKudnZTxnw
+Vh989tNkrWJeVLTOxczANY8ULemtvO3b5192gj3WA0R8
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2A F7 87 BE FB A5 B6 5A 03 1F 34 01 8A FC 21 34 0B C1 ED 93 
+    friendlyName: Valid Basic Self-Issued New With Old Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DF2886BBB4A02584
+
+oUu71FFuDSTWIirwHAtUtRXTNC7IU1ZW+ORNKmQqHO356vmTvgT9DcWVWfWn9zgY
+z428amzxjkS2MnVMsM+EEKUY/PcMWBY3GF325nRgHdUylKirNFDXX0jpfA8ic0s6
+gMio4ELZJQzSgQE1Quizz23JkmkaEOWFR9d2lzi8N4N3i/XTogkmyLtX96ELm+C0
+yWBkRc0y73YljPgr5kh8R4iNSBhpdzC2LBDMa2kEUvM8Q4TDzxyY0evyP2V4QSaW
+v+1ovCiII+gwML11+0LiS8sdvpGguGGpop7aFceAmfDZ3BLCsXpfAweS1GQJU3aD
+ZTe8290oS198pmbvVGStlmrb9w75brS0eYFlTEZH8SsM6lA2a5Gf8PoaMxHxoxm+
+3BODRdpRLrpqzWaej+6JgZGv+uot6oOHDpNrRIT/381Vjt8tKQtepUG7ENvOg5y+
+AmquMjJ+3ynD+0GWgM263bcb6+QRX8O4fRY+drkfDR1sd3/tzwuHb1q9FSC0mZR0
+lSVAe4mRW6IiCdbSiqhrrP1KPygd6JGfheVlLN/7drJZaHpjFG/tHqEYVzLPIV4M
+FibSiwzOcuPbTbFTIRIfLFEHYkJqIMnCBeVytqQuIaDBoy6MixggSOLMCcwxkQXH
+BfLOecE2LSI07mMZbPMKbPCGrmsXidUAgqk5us+mSdeYcgUPhUlvJQj7GIfYr22Q
+eKRiyRpZw0C81LY/l35a2bw1Nzpt/Iv0TiY0UJPrnWf6OEZwQRnYJeM20mgrcois
+saP2yW1Vz+PHY3rcZE0zv1n8ZQEe6Cax2QbarUbm7Rwkn0pcAX6TraWfYltTNg+3
+9yMezsmWJuReJr8fr+aLXxFYtETcb7CuSSsEJF93MZW5XuH9rsB+prBACIyhXxSG
+RcVeuqIeFNM6jEzfCu1n9AOtiPuwk7s+gF0qrVnMGvf91eJ+hishC2aSEWfkFKCT
+EYBgAhZGJpVOYC+iI8QNFrbRVzQk9+8/TsQShMU5wWjA50uNbxB4pS9OSg5J1NqJ
+4Nu5y2nyyladU36EiFVuYW18iFLrJAvBf9lpaEL52JgW1UOWwWOorOOhIfSd0AE0
+FXKLyuuklU190vwe50OQaay5gHL14Y/MHlkgcJAwHgvogjtsi6I9NoVVgqeqLVlr
+rWVXLbOQ79J5RIw4A1DXyDJBFPBFsptCqHun0rlx2tj0glbJGU0Y975nGfo2GFSA
+mojl02Y0x07E8Hx2TmPZmirxepIlqUN+f2SRLb97rjZFP3NBVk2URY6iZ5bVW+iW
+JtKctGjyYD/tdtXoG11uPjiJd6Hlb3YEeoRvoUBKVr1ZSH96wVOtljiFKWVWPq8e
+XEeV6mhrvx1tqN08RKz/qZY0TzNmf/cRhztpUNPM6swpgW2pqkTFwGjJ+RF+Admc
+UBz/RqRH9fYQn9R753weJOyHJw2Md2TIW+wiD+PMOg5KoGZVSNKu0qsLhWDNfKCh
+X/CSWxyHQNHSKzip7RgzjEMrVR/dpoLAb4chz7JV8JCikgr8Ei7N0itZzfVJnpJ4
+IjEW4Th2ygeLmuzK9ofeuCtwogx4BCVZOv8QxJpcixZkpXUYLVdWVg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1.pem
deleted file mode 100644
index 8a896652d7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1.pem
+++ /dev/null
@@ -1,134 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBEzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgTmV3IEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-tCkygqcMEOy3i8p6ZV3685us1lOugSU4pUMRJNRH/lV2ykesk+JRcQy1s7WS12j9
-GCnSJ919/TgeKLmV3ps1fC1B8HziC0mzBAr+7f5LkJqSf0kS0kfpyLOoO8VSJCip
-/8uENkSkpvX+Lak96OKzhtyvi4KpUdQKfwpg6xUqakECAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFK+5+R3CRRjMuCHi
-p0e8Sb0ZtXgoMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCuRBfDy2gSPp2k
-ZR7OAvt+xDx4toJ9ImImUvJ94AOLd6Uxsi2dvQT5HLrIBrTYsSfQj1pA50XY2F7k
-3eM/+JhYCcyZD9XtAslpOkjwACPJnODFAY8PWC00CcOxGb6q+S/VkrCwvlBeMjev
-IH4bHvAymWsZndBZhcG8gBmDrZMwhQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE5ldyBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBLZXkgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBANa7RRhusOV0Ub10qBKMsUMG7QViaonYz0IcJLX0FKEI
-EpTq0SV6NeVjjzmcrSrzjHQfJpkywOHRiMw7XvYunmzlwGSoD6TW1ZUYVDaQbKUT
-oWooVoCzVstf6AsZiJiHQtBt4x4OHap7QRcJdlh7aPhp6TR+zq8gB1HsG8yUlG0x
-AgMBAAGjfDB6MB8GA1UdIwQYMBaAFK+5+R3CRRjMuCHip0e8Sb0ZtXgoMB0GA1Ud
-DgQWBBTJW9PRvwbxAcF5XLtzDY1MRsst2TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF
-BQADgYEAhIZ09WrNK3jX+b8HugQygNCBEVVfX7TOCCFkmRaxp4R/QBHWvcts0YQT
-6M5ZC6b877id6zRYegHadKekVVqwFbLKEO0MnpD2yGhGgDpbil2HlEaQ9yKQXpGF
-CBx05/e7jkNhk/zGDsBqmNzkozrJOYBohkwUOjVFkAuLyovPhTY=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Basic Self-Issued Old With New EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
------BEGIN CERTIFICATE-----
-MIICnjCCAgegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE5ldyBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBtMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxQjBA
-BgNVBAMTOVZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBXaXRoIE5ldyBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArImc
-Yf7s6ea0+dqzWPAcGg4gZE8CjbYlhP964Da56tk10sqLVKHCKxnRYgymvojftLHO
-4WYGhfOfDGxlEex3i/AvnxEqVlwzH0M1fCU7mvycYjZtMSObA4U1mr/MRoO7U2so
-ege9jkx/dSbZIRGY1huIipH8TjGnOmfa56IBLpECAwEAAaNrMGkwHwYDVR0jBBgw
-FoAUyVvT0b8G8QHBeVy7cw2NTEbLLdkwHQYDVR0OBBYEFLKHIZkLlnQV1U2SSzrY
-JQOcna7uMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DQYJKoZIhvcNAQEFBQADgYEAZu2t7x1PqFyZIdjnp2j/D37jnc5xmuhC2UOUuyt2
-WFggO+apFns8iYM3azA0uj819lQexXHqKAZi5tQnMzPcYJgDjb1ix0kUCwiW3v20
-LlHf39XU7HJjfXn5USPwqNvrHcWADkRfL10y0ve+F7tmkESFvb/yF3ZU+t/OBKb4
-Dgs=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AF:B9:F9:1D:C2:45:18:CC:B8:21:E2:A7:47:BC:49:BD:19:B5:78:28
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        73:fe:c5:db:86:ee:6b:0e:f8:68:85:d2:0d:c1:44:01:d1:33:
-        5d:9a:42:14:a7:a9:20:bd:38:30:c1:f1:3e:c1:b8:d9:4c:ba:
-        fd:3d:7c:a9:66:5f:94:fa:46:e8:23:94:4e:8d:09:1c:45:6b:
-        21:ce:b5:cf:3f:e6:18:33:d0:ac:a6:ea:c5:f9:32:6e:75:31:
-        79:6b:1a:8e:50:05:86:89:f9:f3:e9:8f:67:e7:93:b7:d3:05:
-        b0:9f:2c:97:9c:b7:7e:01:7e:c6:5e:f8:72:4d:11:6b:9d:30:
-        f2:69:df:68:5d:aa:a0:84:f1:07:68:15:fd:93:f6:14:a1:f9:
-        90:ce
------BEGIN X509 CRL-----
-MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk
-IE5ldyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgED
-Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFK+5
-+R3CRRjMuCHip0e8Sb0ZtXgoMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AHP+xduG7msO+GiF0g3BRAHRM12aQhSnqSC9ODDB8T7BuNlMuv09fKlmX5T6Rugj
-lE6NCRxFayHOtc8/5hgz0Kym6sX5Mm51MXlrGo5QBYaJ+fPpj2fnk7fTBbCfLJec
-t34BfsZe+HJNEWudMPJp32hdqqCE8QdoFf2T9hSh+ZDO
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1EE.pem
new file mode 100644
index 0000000000..b9dbf00b73
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 05 3F A6 27 06 55 4B 0C 69 50 D5 0F 5E FD BF 47 A1 9C 82 49 
+    friendlyName: Valid Basic Self-Issued Old With New Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Basic Self-Issued Old With New EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued New Key CA
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgTmV3IEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUIwQAYDVQQDEzlWYWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBPbGQgV2l0
+aCBOZXcgRUUgQ2VydGlmaWNhdGUgVGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDev0QtgDJfvPcfzwqGf7Xo6oBJMIEKObeQqeEor34N6RpT4gdw
+mhmz/6dR+r0xpAVnpH9peH3F07hanqFzlYmv3oabgCYMmDBAxEFy1cptkE4hDdsf
+UZqruxtd7v84c+hUd55DSPmRjzCZtvbm445wpUJyTcIxTIckpS4Z46TIuM5CCgcX
+CJBLa/UA7nAFJD634GMYzjcIjwqQftmgmyvQxlEkGxc3Y8el2jBt160yHTlbcPUF
+2cB5heUWRvSLHWoYt2nBhL8W75NzJZaKAtL+4zSYQ/uSlutIuV1cAnubaR9kfQJE
+A3tKagf2BP8yokA4aOkXEESnnWV4gh+ZtvoPAgMBAAGjazBpMB8GA1UdIwQYMBaA
+FHZ82GQENAlP33EhdA8MFps2qILXMB0GA1UdDgQWBBQD3ajkIvc9gpRLEUN3LsTP
+J+b/QzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
+CSqGSIb3DQEBCwUAA4IBAQAgcf52e984C7/uhGUkZ6oTOyFsCZy84Vy46uuiCRkv
+Zv4di4AA1XURzEKGEwR+F7ewE3mNbrfsfvwv11ZC//bZn/9nJUN8z/VvxHwnlNm+
+Z0iYclryFKrs5lvWjwzlNG3tZeNl77X8rpGlwpwU1SbFJH2N93JvUWfMBXd0QUcn
+Wor68nK8FUBd/1tAq4njU5OT+nBfII3Cv+Fdg902zrUTqrJXZmdD+jSBifd3S5/m
++nitrP1YAODnCqZGjAmgzDZTq4C33B8b88nhfIZssqK0rEsQoN1qyRZb5nTBHZ9L
+P3LirbQTLxJHYSAZl3GmRQ8sUEODnIN9hkYRSWoJZOtl
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 05 3F A6 27 06 55 4B 0C 69 50 D5 0F 5E FD BF 47 A1 9C 82 49 
+    friendlyName: Valid Basic Self-Issued Old With New Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,10B08039DFA4A58D
+
+g68Sb53Ixkr6ma6Vo+HWtS30kwevnOgRyE4CEBC8a5mc3dLcXo+N8igPZh794SLs
+8aVAS+JVZezz6uLoiXXE3kjDeP6ggZMmWaNq87vWkk7dcvSX+JI8fJ04ziZpfOBL
+TGQsgePImkW1sBejluwySCmYywt8Zb8pLDTjrT6aWF5UCO/CoDadNJVL+LQG8NwK
+zsVYicJc0hWmlMuoNzi/yJx4cy74QrHRiX7G6ZA/JdMC+jV+6zgHcRxb7dqAv//C
++8AM7zuhOJUtQxEzeLYVBqBT12BYWEY0FLV1Lz0Kyt5s4Wt4AZLyOnQpFiYhbChT
+7MLuswQIJyi067yarkAcPIqdDbewjDUKEhMjs2IT5BvshlF6dKDvYhlUr0zhgUbw
+O5AsJu8H97vp/jaSisVRu7ZtDcpGn4lXy4ph5Q2o9++diK5v9HbywocigjRdwDqI
+C/704gRJMBUoFPpujM7uI9XkcGGdcDT+ZQ2i8zXtwNYprF3MxhX4vxF9Gp//VKtu
+po7tLpQcucUrMyDywiIJeoTJtWj/hRzmuJsXoNst1caGwoCpqP7TYhL4eGqFEg90
+ubR9B6qbabMCfATgKAEUpQ5NKjvbaJ5QgSm1AAncu/MgPBmH1WxnqH7dA7Qa34oV
+3GSIsKcYFV7EYwjVSTFZpHZACOe9xkL2G+rzY7JVINGzv8mCdau6sr6kQCQAVcY5
+cHMOOQvne9GsxEt7iN8OBr1mBGwFhJFRnoAp7ECHe2vxrJmN1W5rkq9TZHFrwCJq
+F2zWEj3C1It4+1cvdo5kMdvcFvdiK+svhgJu00Vi+clN81MRmre8Xm3HaueJ9Xn5
+BsPYP7M2vLGfd2QOC3wMtgCOjmlCiRQ/r2nLOU3ydYQiaEFltV8CK5SXGiI5i9/b
+UxY5tcdLHACcwlpaFvUADs73yfw7OJfd3RnPOTdLksdI9q0hx65oS4CgIF/haP2X
+K9z8G4C/1OFCx7TYC05QQo5C/K7sALErFzrpMtbVwUFddCzoktKFsG5PB9jsoWw8
+lhmXrJqKCok/f2W8o3hZHVfUEaVddIcPgcXGgKtsedXlBkjfIgqUDdLdcwF5lV8/
+mKw5jL9ozlEkMZmCU8rUOuSGWo161n44W9zGHkgTSxLiVOaOiqxmzACWHfHy7G2V
+9fx0ncJCgTffmcGnTYRJi9S1AizgaQ0OC89CrVxR809DQxykWeSeNpK43u95Lexr
+tKJvVK8lOl0gihDW6rKvwS1bdF7LzvSE1q6544FDx390+SkXYAq47BVQ8dNybif9
+hR4EroJ+C1Q+LjVb0A9w/nqNRFhRo7hTkgWE7BoW43JhRK+mIoV9joY5sa0hCRvZ
+6+B/4hNVQLgYp/tnNRm3k9shpk6jGzQB6a0BLnatDySPS2+MRovYgQsZCrZqcpO1
+kQ4hHfLaJ3jTndN5yytEJ2ZWcCUbCyY5Q48EyNpDpGHZe88iDuniD+H8xbGixn01
+b3xmcvgJ63ZsXiN4I9kjLUql3YxraWqbcaq2Kvh2MD2I8Z+O5dhyJcwaFZcfDF0Z
+3mj2YiTCZJb1xGX5fRQhrjwoEQCb7QjbGVvV8L3DJiSCCnjr6v7QC/c2Du+VCIUw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidCertificatePathTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidCertificatePathTest1EE.pem
new file mode 100644
index 0000000000..c07567a658
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidCertificatePathTest1EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: E1 28 46 4B E7 34 D0 F8 4B D9 28 51 6C 50 F1 5A 18 B5 2B 96 
+    friendlyName: Valid Certificate Path Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDeTCCAmGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMFMxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSMwIQYDVQQDExpWYWxp
+ZCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBANncdxgQEBhgQfvneBAP+IR3cO8tblU7EaaZUj9t9L2hl/o2Hm5EQhHI
+U/51hpteNxKIon3ZcQjUSTVxzkbPW9BZjmUf60I9yg7cTJDYVGnPXjiyIGDdg1Eu
+39vVWziRWi3PmjO0b5aQ5XYUYkNphBDPVEH5Neqe1FqXnV4QWb3g5MNZidfe8nmw
+h2sCwFmhKgCCFW9rEREAUzR0PfThzFZiouRl6COxgx1YUwiyMy2WvuV9M54QWidz
+U91dmOJLEVNYkY/qchHsu5TyDQ9QrfIWtRoAJDHlFb0XBpCqJLGs3QxSHvCLaqu4
+9+3fY7TOlGi/XpbQRJbx+PR6Ogp5FVMCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGE
+JBu8K1KUSj2lEHIUUfWvOskwHQYDVR0OBBYEFKg8CZ1n9thHuqLQ/BhyVohAbZWV
+MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZI
+hvcNAQELBQADggEBAB5a2Q+vYqW5Ury87AxhiBMBqgoPDUejnqmyFxv4o9ks0o04
+vjuyz9QxiM/OafSOx7lwBVHABofGlbT2avoxni3EF7Pt5XoZYRhujNHkDtqbbWyN
+BpDuLNF5WNiEzZtB0xji/pHGXwAnFGV7Evovvai/NI4tzxdMWFswDy5pZkUmJiGY
+0/OQrimHWk7Gvegofg+glOb/XLVcT92KYVkOBdL/xWnA04lK0cLlyPTICMP9KiNP
+hABcLEQtg4rCPSLHPGDyinjjG0Zl2pmP+GPB1HqgcKZ6pxCbnax/vhTwRCOHWKwQ
+FejzoL8eJcs2qwJpWq7/wG6wQ54Inhk8pzBujcI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E1 28 46 4B E7 34 D0 F8 4B D9 28 51 6C 50 F1 5A 18 B5 2B 96 
+    friendlyName: Valid Certificate Path Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1FE7617D7FAC4636
+
+p0Mn+JrDNgEXb1a+jzTU9Y0tXlkry6sa7zqyl7Sl9Krk1/dIYgWppKRE19A91EeR
+Ksiwo92hb+nfSJETfAr4OTL7egtQJoOf/jWhfb9WpFM8+X04L7EgtZUvL9cJHBpM
+UNrEGnwKC6Z+bJOnaSydWH2D8E6OweMZKpt5am4qjGXRLOv/hW5+N6uL5sbbrgQO
+BEHkEVw6uHBd3IvB5n5vvMfoFbpVPERXwrDRNPgY/2qtMOvGg40PWzTRVsoGm1YQ
+2FiOKkoeKfvc46/2K396npTBY2oQqZBMUb0GWBnpV5cdKHC0HnWzROPk2WZPgz30
+ppJvCzWsNqolQgKKuYYFnjAXY+JrmCuqJqdFsv96b/GdepyOdWj8jQiJa/T9Wp8P
+to85l5HJ5MfeT7LzK3lyWvlMHrUUs/ZT9hfXAJe2ZQRIMtYpwJkIMmRktHJ8kmVd
+u2zGzQxjIA/Yf3iKeVQu3yLS1ODC7jvjIqLEEmBegx5sFWKtVChyFrPn3J0fk53n
+07xZ5D0m5bX2bctLUR1lFADNO3Zvl2mJlz46wpmToIrlQFsKq1gO1JFwo7P7MzQX
+KWQjXOYWEs939TdiDvIk86ZnaWnNwxcuRK3SqzathM7qubKMWGPlQmMd+Irmm1Le
+Y4Lv3stgUJpnil/vhqT+MfqrCxtugyVX3PONdsh5mKIzl7dMsqtwDyRWNrZS+eID
+qXgs71PxU8TT0F+FvXbCnZ7uLUrOgdfXbyP4CF5lQEwZ8HxMTmJ4IOz/QK89uDSO
+VdZHoc6qpnhCnmVPyI8+yxwAGH1C3Qt3ubU7+EUBto1jITqFNyV6q+o/kL8vsUVF
+fwIFJSyHpEahx+9ytQKHxXCy0vPHirle03uGqLZuO3PvxadxE8CniNK1dUzMwsEN
+a7qmDmMjJWeG3ICzHbdirJeUQePApdLBMNOeUrUKGGrAqhH2qHPGcWOW0GxZJgtE
+02eGX9WsxhewEXNP/ccQDl+MyIA/ao9ypfEs2OgU+Y/TOAi1xKwQp8zi4Q3J+gSD
+saZC3mm/HLsAeTk5TYdca5FLDtbiQ5OvT3P+fh5glmSdEgZkq3x84lYnS/nMIjD9
+t8UEmmIQgLUkLqvfSVxzIavZdiszpVaf1cUNVp/0iQrUeocc5wFRV6KbKMKW2mYJ
+taUJeSQSXuZ393mj7dpQxW4puRTZWOztANImpmUm0kgQ3FLnLMCwA3d9W13IXwjl
+J39BmFbyBAsl8rJvD2v/qziflv8HT2SjC2/GbfSZ6C11MmoKTMRW+7NEC/crDk0V
+hBcHjuz/szivPSLHQiTAjYS/Xl+/15AYPhKL7k5d2RmcInNCmN2So1ketSQfeBQI
+9t08lQu759EoZDRJ8dnR+mWBKSAI8zUYThGc7lTtW+cQMOsgDYV9eQO3QkkvzvnK
+7gmmfqCHReWY7xm6Q6SM6iBpPHnQ55000RKEaglCzABv77RgLlS+D1OGRwGGdMr2
+yJOQnygTmlVpJt3bh4Tuh77wh1J9BwWBf2k1wQMkndbelL+5i8Mkvm+33MVEKJYD
+I109GqlY9x8RdI87SlBth3Bv50up/by/seRVcqFpa/7HhCiXhcJqsw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30.pem
deleted file mode 100644
index cdaee8592d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBRjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIEROUzEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKF4cGWB
-eAaOHCGkAPlmkE9/9XtvEpanIGNf1g0ab0PBnZR8ffY+IK2+rwOeMVtfXmJbaxi/
-Z70teNn94XkPXH6Pmz/pL170Q96CasAsPU2uQC4AtNjkUSeFbSoY7Ul2NaBYqLrW
-yQ7O3jEXdX76KQWqYcihAq1Jw+AEruMq98WrAgMBAAGjgaUwgaIwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFHXnZ0cYCavxiIjbno3V
-F1KO/HN4MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoIUdGVzdGNlcnRpZmlj
-YXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAzUV5anoiOD8wQQnetIFcg5wLnNlr
-dPixWje4q2JQcPnqZk3TW9O0GDtWHmZwVoS3PixQlJPHZGvkliTKM9vO7a8J2FDl
-/ZFRNrm2rHFjZxygk+UTwj+SI4CO8kmtSesvV0ViWwNNyfOV/nmvBjqy6pEbTnCD
-pax2/2P2ruVALCk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid DNS nameConstraints EE Certificate Test30
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBETlMxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgwNgYDVQQD
-Ey9WYWxpZCBETlMgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Qz
-MDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA08C22ZtMqDmJQjt6hWE9rPJX
-rWB8T165lEh/iTleDZqyVWl5PRT8V1PTxkkp5aURAXm8BsNc1b7YFZfdsiMx1bjU
-iBSvqDWP8HtarPF6+J0wsXO8Zxp8OV8kCjU1gA4hLHUvVghURkKoVXwzB2cwhlqm
-iJcKkvv65JpzZPinbCsCAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBR152dHGAmr8YiI
-256N1RdSjvxzeDAdBgNVHQ4EFgQUYmleNHVLgQPdh5BhovyETaAgDeAwDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAqBgNVHREEIzAhgh90
-ZXN0c2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GB
-AJCvVAtnYWZDsmocwYuC7e6N0annLwnm6MvbUgS7+KHuXfm1ty9YuZRe3t1SFQxX
-yhuTKj9iERpNsz7ldpdAKftS6PasptiZLlqhi3Z6csOnVtmFErdgN56iJoZgkDlv
-YTSVuG8xVfNBvOTHve/LWxGMlTGPDLMLf0hamDdBTfCK
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:75:E7:67:47:18:09:AB:F1:88:88:DB:9E:8D:D5:17:52:8E:FC:73:78
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        90:61:77:a1:94:8e:c3:62:6b:dd:eb:ec:3f:0d:e0:dc:1f:b9:
-        04:fa:e1:74:e4:5d:d2:0a:cb:42:4f:41:9a:a5:91:d4:2d:57:
-        d2:6f:1d:5f:cd:9a:2c:24:5f:3d:21:9f:87:78:17:33:96:09:
-        1b:d1:bd:f9:50:b7:17:c1:e0:af:50:95:7a:9d:03:9e:2c:95:
-        ef:f2:c2:a2:74:93:d3:9c:c2:73:74:96:90:b0:78:15:69:e5:
-        eb:b4:5d:dd:19:4d:ea:9a:78:af:ae:a4:b5:69:78:58:aa:7d:
-        5d:9e:05:ee:a8:8d:2d:16:03:86:18:62:6b:cd:67:8c:5e:13:
-        1d:46
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE
-TlMxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBR152dHGAmr8YiI256N1RdSjvxzeDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQCQYXehlI7DYmvd6+w/DeDcH7kE+uF05F3SCstCT0GapZHULVfSbx1f
-zZosJF89IZ+HeBczlgkb0b35ULcXweCvUJV6nQOeLJXv8sKidJPTnMJzdJaQsHgV
-aeXrtF3dGU3qmnivrqS1aXhYqn1dngXuqI0tFgOGGGJrzWeMXhMdRg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30EE.pem
new file mode 100644
index 0000000000..cd8f0db851
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 02 C8 BA 4D 34 CD 09 12 AB D7 FF 9D 06 11 75 8B 9D A3 D2 54 
+    friendlyName: Valid DNS nameConstraints Test30 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid DNS nameConstraints EE Certificate Test30
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS1 CA
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIEROUzEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBoMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE4MDYGA1UEAxMvVmFsaWQgRE5TIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZp
+Y2F0ZSBUZXN0MzAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE3efE
+Ew9OTIYxe07PiuyT1xASI18+bk+gPhFo46a4GTv1BYJLzxKlWNQkeb2yHNhHamis
+09o2kHi8KxtgvEQpSItGO3orpoTNx/ag7GZ+uT7pPQX9NI8HDYaaHbU86E5Gf6l5
+xbFV+g5uVIJY1MKV6N/cJ2qAg3o1/aJOg87sXW0q7Xv3QKXbmzlRwVR38QrSRgdN
+r+BIcZ6r9plX8P3ghHH+/xHRfilCh7FWmrruGf0K3w7gudE0RjMTYm7zHOny4fs2
+W802lvgWW0Kls51YiqdjmT1V+AOoyR53SIzwfZR5jY+FsLqr2o0mPk6GbzwS5Pk5
+XBrbegxQ/UrfP4YNAgMBAAGjgZgwgZUwHwYDVR0jBBgwFoAUsaoX8OPPzNKniaaD
+B93/btoH40kwHQYDVR0OBBYEFEWSz28Tk7VuNoLpo6HEQTpxsHIgMA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwKgYDVR0RBCMwIYIfdGVz
+dHNlcnZlci50ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQsFAAOCAQEA
+pgUgjEi8b3mM4voUe2Wt14cuFOS0YImUvk/Pr53xJiZPLyJkBOVK821wqBKjmmD3
+29NaX9nshLc54lZfqvQBHTEWWBPeO1um94vimYyRNMVxoIuEA8c+a3RGGQndisFP
+2098JFQjdz55pW4NgG26CJNutjMmCW17GmVTEJCiQEpVrRYS0QEaYUZya1yp2Thr
+mQJGt3FyMi+LuoKqlhJsq1892cb10GO0E0Yhy/X33ihpbCXFMs7e5kqYa4oHRJIi
+cScs+CqFDO98FpiQaccUpWlgIbHIq/R2t6GcXgSsK9+JLrJqn2TMMpS5O2Qmy/bl
+AHzuGjGn+nomfAVFRuEZgw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 02 C8 BA 4D 34 CD 09 12 AB D7 FF 9D 06 11 75 8B 9D A3 D2 54 
+    friendlyName: Valid DNS nameConstraints Test30 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,577DCADE8158937E
+
+6IGI3x5K/D7d2IXqI/oa2gxu29K3UVhOrBxkBGoZMIxH+IPsN9xUautRc3j8qkxD
+Z84DO2EQd0f/JEYpJuJmwDP9T3UH9HkT5Gaypcwu/h0ZNpHN/9CyOU4wprh1X+AS
+pyFnr+dou8K6QZYnskttevV2rHEZVc8oHjI4fxYCqLOSD3dQYn0QVyvjMfygg9VS
+Gi4jJW6BAyNuEnoA+Fddo+Wu/BeqHMZyX+rKFwKxEVJnfeUcRE6uOiMw8Gv7ojDV
++n1oBdJ2Eo4JG2Jw1IcDBCSHQkCrMQ18HBw7menMEQQgwpIhOsa+vyK3cCI+wDhk
+MGrEOJPEiQOW8SR+JVEM8YTO0qZamveDGKSoPqWrVpMd+cHtvS2xf4cSOCZceDkd
+j8vPMA9CR93IecrKWDGqDuBSAwtFOW0qfX41JhDb3V6TxO2LNwNDsHpWjp+bKNk5
+VUWp4o6jGvu/YjrmUn3LskvNpZVxC54Z+3KShS0ev8BWHpOdFl6DIZ+3xR4coIcj
+AeyeP1wFqAXcw2VfPtZmQDH9f196jhfBGJqf/RYTzXd3uAMT9WRa69Xs/R2CrI00
+5YR6lu7kRVX56s/1WV04J3rY//wnzO+TWRurBgHqfp79eT0AVfdhWjp/VT10lbiR
+Q6UOcQ1IlSdpZGvx14ds7KAo5jTVh4uZhGomlR27sxxPHinS9mRoP8ka6deRI7ZA
+vDlUwkIjLF2JFK/yLVX9fWH0rL4WhoxiN0eMEu5XUnhlFe9oqWQC+hd9bIKwxfSj
+zMgXGg0N42FYbEygq1rNv+lAfqdZX9Y5VSkFyDeVB5+qYOmxCnk2MpFqQm6c6LX9
+9XWzZnLH20kWqBMxMXcEtEiwYZbrJwQs6DGVwWh80DykLuMU4Dm5L2N3gA3faEH6
+lUlBg8g4Z1pBRw8a9kE+6JQ9YOHEZveBQWgt2QxzoGOdo807kwBPkCzZRsMIr7Gz
+AdqbaeU+5XJJtf7MoCNuXzxWHdkbfDK55IRM57j/Smw9E7QE6BD1QEsZyFExWcm/
+z21b83nxae4QL8cCVGoIxCIWRconx0X6uHV/hmONVsuLqvdkJo6kQ1aRXpn9uTg3
+vaVpepV4stT3iKSZAXIbKQ4m3nzURH2Nca7gEJDwZa7T654ySnj9qLM0mLShUxxS
+m2lc0di6MWBEG9/6CdGCfIzoedyknL20cBXFXmNU1ioYyeyaym58dtvTtTqX6zDm
+547uFHvAOTzpuSNI6p4WfN/IC9K0UkxgOwynOtDmBisNR8q96ieVr4ICB64mFHqT
+Omi/qvy7vo9OaQUdEMRapkdOe/9Cu1X5VhjEgkOQA6Uss7yEJ0CBucLlicKGg8ji
+1pMRn+C0UsY3XWRLp0pzNkzdjiyZjr9Tn9+1gi6LMripWuBeMRd58nYriRXqrkpP
+86qNn3iA9VvvzT0QdOkjXeg6NvBghU7JjKYmbSenSNfMwCO94N2zbTieLUPJ7Vrp
+w0vg+lfk8ut/7yDv/BB7+6I/CXUaO9ane9qfs6vw3YNO1dAl5FtQubBPAV2q4Emv
+J9+OtZHp9pvAL+zMK6OHPX6aMiskglybah444IQs2nXbj4IVyyOvO2LsP8vY/pLR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32.pem
deleted file mode 100644
index 62413ef929..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIEROUzIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANmefIFU
-RUgrahNMyIfzibuPD5LXv1aF765kc/ROx4BQYuBUZehjaB0G3eHv0wGu5rSJbnoy
-Lpdv0XVvBKEai/K+9iIereljhcwZzKTbHHvAdhCtgImX/Zz/KZ7OU4GZJGkdcj9r
-e/szQBEqTWkWB7hT25WM4ghi5xAz1Tn3foOxAgMBAAGjgagwgaUwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFH6Q3Dvq3pzSm0JE73sa
-zW6PkuC0MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zApBgNVHR4BAf8EHzAdoRswGYIXaW52YWxpZGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAekwpteebcTHJ3RTTqNmNlRsw
-aSa2MtBlaOVNyWi/Qsgy/LO5We9Ahkq56VlKB4WTWCFBdrbbnZ4k1Dpgj+NA8YBD
-Ysuq9KofKqycs+alN4JOOMtKHzbm05wPqkhY1qbBFAUbrEm5felp5drbJys97mCX
-bm7XHTxTuImtWM4ESC4=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid DNS nameConstraints EE Certificate Test32
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBETlMyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgwNgYDVQQD
-Ey9WYWxpZCBETlMgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Qz
-MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA374o7AtX/s5zVHxqAws7oJ0X
-W9efE9ztupuhz0gxjrTuRbVoFj3Z98ikVL8RLG00VdWjgbKd9gWB+UI4GD01A7Wn
-M5bSXi2t5fcyVYPxPjzhrl2gW/DfUYO4U6LHtTqID+ARhddd3Xlz/6WXt+gOLARC
-4zuqAsvNuNpnFbI5yA8CAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBR+kNw76t6c0ptC
-RO97Gs1uj5LgtDAdBgNVHQ4EFgQUpTkqy96R+925D9dnz/clmePZZx0wDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAqBgNVHREEIzAhgh90
-ZXN0c2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GB
-ABBLDmNvZzxO6JM+lTiTscA+ikguaFV+BdfdORenOIJYUHV/j5MhzLCcOqh32U/B
-KZqQ9ataMvRSnqfnTHtRCWo19S5qT0QjVjVfYsDfX8QQy2jJ6bI9S5vn4bLO2HUK
-jLOabPS5lyHm10fdN+g59VKHjcBKmkBkngTkhVqVLOxL
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:7E:90:DC:3B:EA:DE:9C:D2:9B:42:44:EF:7B:1A:CD:6E:8F:92:E0:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        02:f1:3c:9c:25:d8:e5:f3:99:97:72:47:d1:94:a1:f0:11:0a:
-        8d:ef:9f:4c:c6:3e:93:23:1c:76:92:f7:68:f7:8f:9d:d0:ab:
-        7d:73:20:ba:f8:ea:1c:90:10:59:01:07:c3:11:36:15:70:b3:
-        e1:80:3f:38:65:42:77:78:95:79:6d:a9:88:c7:54:59:b2:52:
-        9d:da:5a:58:a1:73:1e:07:78:00:01:67:02:41:9e:82:b4:ab:
-        f3:d1:74:00:8f:ce:fa:78:8b:c5:ff:ca:40:ca:88:90:ac:74:
-        78:41:4b:60:85:3f:43:31:7e:1c:60:bb:3d:91:09:df:9d:f3:
-        6a:40
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE
-TlMyIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBR+kNw76t6c0ptCRO97Gs1uj5LgtDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQAC8TycJdjl85mXckfRlKHwEQqN759Mxj6TIxx2kvdo94+d0Kt9cyC6
-+OockBBZAQfDETYVcLPhgD84ZUJ3eJV5bamIx1RZslKd2lpYoXMeB3gAAWcCQZ6C
-tKvz0XQAj876eIvF/8pAyoiQrHR4QUtghT9DMX4cYLs9kQnfnfNqQA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32EE.pem
new file mode 100644
index 0000000000..b3becaf563
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 81 FE 9A 03 53 0D D4 4C C1 A6 2F 85 29 05 F6 9B 6E 1A AF 1F 
+    friendlyName: Valid DNS nameConstraints Test32 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid DNS nameConstraints EE Certificate Test32
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS2 CA
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIEROUzIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBoMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE4MDYGA1UEAxMvVmFsaWQgRE5TIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZp
+Y2F0ZSBUZXN0MzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjO31Q
+u1gnI8gYuBTTqe7O7qzK1fRNCHmFrxovthEckh/m2yz+SwSMCRV3tYWgOu4g/f68
+Gr0+3+0fhwI8ZNlkjvjZG6ZaaDLQejsfSwRDdB8OcB1V6p2EMSxRBGj6ZyTGObq2
+1XCUJhWE7aT4UDw0gZ9Gw5MsdzP9Mm0ZujF+nknrMx5IcktNwz4GrZ+PXDEd/7BU
+ZoosEtzX33b0toggo9LPTKRlu0c5GJqLbb7dCj9nuErxTaR2x9xGFdYdSuJxhlPK
+NwGCPV/RdbA+b5LmhxfBoCNRYsDHc9SGaxJxuzxJaRke7uqNc8E8xiEBb36uwN6B
++P7SaqaFMB02px9XAgMBAAGjgZgwgZUwHwYDVR0jBBgwFoAURkicQgmOXVNw2BYe
+4MHJGBU1CgYwHQYDVR0OBBYEFC+f+0RS6fd7DHdf1A7xDiGx5OcdMA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwKgYDVR0RBCMwIYIfdGVz
+dHNlcnZlci50ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQsFAAOCAQEA
+Afn8pFtzg5Eyk7U4Qz9iaw0+eaMiO4wX5iy8CP32AzJf7EJrykGk2G+/ZCJirXdB
+KJHPHqVa1SuIg/I5OOyku3VAl2nsVvR3FbouEDwrRQMMF9AaRAPHW0Gz6sb3DZWO
+gtoAdJgPQukkQ2t1Usl6DdsObESMNM+lE/O3qZBPvAS5FNuk8/GNt/l+7XUYub5M
+q9myI8bAITKwYNH45K/6uahjVM2Hzzw0cx1DINxfg9PxP4wmA6AbZkgLazgwGaZa
+Tv0xkbdy7RaP0nDXXRTlKpPYvplmmsfiYQiB1J9RedeHXsoShC2RPPcEWe9kAjcd
+ZVx3nY9LshmNiUS5XqpLhg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 81 FE 9A 03 53 0D D4 4C C1 A6 2F 85 29 05 F6 9B 6E 1A AF 1F 
+    friendlyName: Valid DNS nameConstraints Test32 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6F7A00D5B9CC3F0B
+
+VQl9PFCblPbDF+VKlw/ar0II/RjNtJlFeOvxArEr9OP58NYpTxVdLPzGV5iESA+k
+ZJUWpH09G7OylczvwVJYkuVCscsd26XrgRAsO7uc35hmwo4kuM6fzcitWdX5AWoP
+6k2Wnl0uT3ZrcUHYUU4TmVjqwG040ZO85zwU7NyG0Sr3rBInCYaOHoWPxYI+w0JM
+elxsMi+Vd/SIMrMdRz9bZe6OW7NnVEEF2dyM8v07zgVNEj2qdeky770urJ0ftIkl
+zFMjRa1O9E1uZfFZ+pMAh2MnB9ZLwHYn7k1jaekOzD3pxaM6L6ywCYULDQ6n4Kd/
+tnBHllU1pcJRgCyiuNSDcBRe1LvDSwY8R38afZVywSk7W3PFFOOb9E6OeWHE+cjG
+Gvz9I/Sm5Od5Ub27LHuqeRp58qExi5gTZvg8QrmSLOisCrWti3kEk4sNixSoTSoL
+DS/IiKie0SecB9rba8N3pyyIi/ExgZX2+z06/7Fxk1sY9WWK2WaQzG7oLyBPWM5R
+0AG9eWYRq9PiF3nVTyHfRR5p/XfrpOKl9i26Y0Ve3pjrr6BD9hA898/zuqqp3Z/F
+lQATWWmzdda8rCym3xH/PTlUfWFyX+eCR4sLlgHxga4TU8maMMImGocBMNvFa5vh
+amSpo+vzlBVtKXIQMUHtIEq9+vsiJgMMh8xbikz9/KCnB6QrR+gOFRaLsC1bVUsK
+DL11crzhbVDVLPwQSpbhut4gEuR85VDemQWKmn2jvQ7czdanVv5VlsfURF+A5IAa
+jspxKQs80+zZ5njoTrZog2peuMJZoh0vz7Rn9C9y0IE9KJu6Sd1eF1qgNT+jAFcs
+MBlTvQX+YZpiJp7kzXQAYdSFmDX3ohmttAGtKMrFDPErqUda47s3j6WBiDZpsRLD
+HB2yET1Tey+fyNq2kMWR63v18gAuW5CI6/8CDw/17kH72ro4Z6HpHEhPWF3lax/v
+AknUlI2vIw9YGCDwFgZnC6/FlhI7cURI5FvzPeeDBn6rZVAV5QDyAGGkI35yWOT0
+MOPmn2kwcAcfb2SFEy7hooSTo/PY2ExpS3gYKX53Zd2NyVDq66ccN99C41s29C8k
+1o31W47g55OLO7CRE8QZWZlgEuCcZqFIycqO/kyyCaY1SvZPG+gjhfzNe+smrm3J
+8asBn/If8czuqy81irL+oUYwW6+4q25zJNzgSHPdphFFuB5betA67+gsMOeTrKj5
+QrgRKyINQ1VDtHakoCxvAbdGDNYUseoZN3TR9935MMzjwZl9b+1C1PL8IvtRBwfU
+rN7sqB+EPP3RBMiXSUP9aDexx1ik0KYPLIZCxoj9EJUr87kI5UCfqgO+TAoSdo+e
+vfo5u8+vSr7yKVY0ldR/rJQ9Gp3csPJDM5vy9nsMg09SPTXZyXziMzsVlc57yqde
+qcl/p67YWULRGesh00UbiZCb0hnIIPBI1AmHwWSx8gVRZuI9IFVDJdXsIKT+b5Y4
+P99FharjpKMxkwXms3Jvrc1zd4F0WscmHJ8SHMkHn25PU1L4XuFdESBIoJ1CJlGt
+lDJ7W0CiP/ZuE3VpRzGJml82zHTIyLhKu5iwUVC6CXP0PUG6vv42ipGmOc9jhyWE
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27.pem
deleted file mode 100644
index 1da7bd70d8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIC0DCCAjmgAwIBAgIBCjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA37aIkV7sYy0JnIQ6
-oLcZr4T5fsXvU6SzOxBfPrtNDpq884ix+hP3zDxAwCSO5mU0znQe9s5im5Mf9yKK
-0FIXOAHFwMb5M5mAZNwn7Tx0XYxDfBx94lsMvJdBDCddmTB5akZgQF5Iir+Y52y7
-yiWRJM+ZmowFfoi5rp/PgkSOJxsCAwEAAaOBpTCBojAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQUV6v4nCfI0vTmz2+qIAs1ZwSDJGsw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MCYGA1UdHgEB/wQcMBqgGDAWgRR0ZXN0Y2VydGlmaWNhdGVzLmdv
-djANBgkqhkiG9w0BAQUFAAOBgQBlTO2ECGQPZsbXzVHd/rGejurHrD9MHfTQYJCn
-pFjAPq3wSo4qFVopG5gl9s4rdpNU+XvoY5zO8MVxTnfFi5G+y2CWZTG0iIWQmC8b
-ReqDdpVeAV3ictgaDyoU1ApdemyOS2pHV0mgm7vPYCx+17EXzFBphUICViSFv45n
-cu1nCg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN and RFC822 nameConstraints EE Certificate Test27
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
------BEGIN CERTIFICATE-----
-MIIDATCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMzAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGJMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
-ZWUxMUIwQAYDVQQDEzlWYWxpZCBETiBhbmQgUkZDODIyIG5hbWVDb25zdHJhaW50
-cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAL23wxEGImwm+05H4yzrxRQXdJBQp/RrfHB1tjFbPIUzr6hR7T+xNjC+3M8r
-Y//0sOjggeDwLkrbhDl5TK9qQUui3Oys3QORkLfvuBIKjHtzUYfyizTV86KvAybY
-dMOrY8sc5zivU0N9+FESFwg/Kv+meXt0vgL9DSe7PsFnaC8fAgMBAAGjgZYwgZMw
-HwYDVR0jBBgwFoAUV6v4nCfI0vTmz2+qIAs1ZwSDJGswHQYDVR0OBBYEFN3zmdIg
-RlRJJv9aNE/zRRJu9+n7MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwKAYDVR0RBCEwH4EdVGVzdDI3RUVAdGVzdGNlcnRpZmljYXRlcy5n
-b3YwDQYJKoZIhvcNAQEFBQADgYEAEiXPBPlFwaHGZ5TqIDXXTXn8ViKz9zfr1imR
-nhJlqZJTu2TlScmSN4vEg6++1wS0vVxiPiwNQkrH78lRNTH56MQOH92DxRyxF40M
-5YJc2GuFb6+ZkSKVWDG6UbkbMxjaZvqd+jnODcW1K2lBl1jHiv61hoNxe6VrNb4i
-m1dYiFQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:57:AB:F8:9C:27:C8:D2:F4:E6:CF:6F:AA:20:0B:35:67:04:83:24:6B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9a:01:ff:a2:5a:8d:4a:16:d9:8f:d1:7d:40:a2:bc:eb:6f:fc:
-        4d:58:3b:b2:03:77:79:60:99:5e:f7:f5:b0:39:62:10:15:8f:
-        67:ad:12:b7:a6:2c:ef:de:76:3b:90:26:79:b7:1b:7c:3c:25:
-        b7:bd:11:82:78:21:93:5b:11:66:15:e2:e3:d9:77:e6:a1:18:
-        6d:dc:46:88:f9:13:7f:28:5e:17:95:7b:a6:da:4a:00:c3:44:
-        8e:f4:00:50:a6:a0:52:86:90:cd:40:54:66:92:30:0a:64:0d:
-        09:19:17:64:41:33:08:5d:c3:11:b5:ab:d8:61:5e:a2:60:56:
-        a7:d5
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMxcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUV6v4nCfI0vTmz2+q
-IAs1ZwSDJGswCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAmgH/olqNShbZ
-j9F9QKK862/8TVg7sgN3eWCZXvf1sDliEBWPZ60St6Ys7952O5AmebcbfDwlt70R
-gnghk1sRZhXi49l35qEYbdxGiPkTfyheF5V7ptpKAMNEjvQAUKagUoaQzUBUZpIw
-CmQNCRkXZEEzCF3DEbWr2GFeomBWp9U=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27EE.pem
new file mode 100644
index 0000000000..4420519b07
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: E4 9F 6B 9C EC 2A 8E 46 DD 98 0B 0D 37 F5 6B 26 15 4C 2D 48 
+    friendlyName: Valid DN and RFC822 nameConstraints Test27 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN and RFC822 nameConstraints EE Certificate Test27
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
+-----BEGIN CERTIFICATE-----
+MIIEEDCCAvigAwIBAgIBATANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ez
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgY4xCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTFCMEAGA1UEAxM5VmFsaWQgRE4gYW5kIFJGQzgyMiBuYW1l
+Q29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDI3MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA4YwJBaWuiNbOXsrZHR50iYNo/KP34QUkqySEdyVQ
+XRYjgcVtLO5sRCeH16qBeglO26DxAouS1ofdzD48hjMWLKzNwAumWmrQhkhtUQhP
+EA2ABxV4rFW2fKm+jjWmPNxhLWceJED3XEnY04pHfy83gC8YDgPQeqRn7gEdQbaf
+tgUT5/yzBii6idSbJwWwNtMho6/6a6DabRtdXlz4h0hg4OCPU6aPUuIEa+wupnnZ
+ac1Rl+XSZI9gt0jEMh99WDpi15o6QpItW/aPxiZ6uokdAds0DEEik5JsbGRSzLNZ
+JbiLV5kOQgtzyj/GQ4HcigW0k54UQWx1kjj4YwsgYvpOTwIDAQABo4GWMIGTMB8G
+A1UdIwQYMBaAFCdJ5ATZRfpsmJRs/O0NwyRSbVVEMB0GA1UdDgQWBBTRTIBGyj3H
+PjdjTstrMzXkvcN4pDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMCgGA1UdEQQhMB+BHVRlc3QyN0VFQHRlc3RjZXJ0aWZpY2F0ZXMuZ292
+MA0GCSqGSIb3DQEBCwUAA4IBAQB5K5dCXwefGo7l2SB8szQesEoMosZISkK5QRIm
+xxHkPMc2snn61jVFDOVvL8muOL9hSNPBiOHBNnXC9mypo14FEfQRI5FjLm8MViWp
+doY5fn605DBnB5Cpn0gcwB/MlPe/TDbCVVON8/NNqWqyVZ0y24wF6LLjYaHR9QmV
+zdlMfljjO/gJVNxbhad0GL5IqMTjkUgAIC0z+ubj8M1BJb2qdIOk1v20syn8r9at
+iN/+SBwawEpSfVR7K+GIFL4xSjPCqHytmSMMCX4HkGlCw5rlJulusIvt2tc97Npc
+v2KJSeZ81jehHBt7sUVqV/DgO2XIrysN5qKcD3nZs59qx5YK
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E4 9F 6B 9C EC 2A 8E 46 DD 98 0B 0D 37 F5 6B 26 15 4C 2D 48 
+    friendlyName: Valid DN and RFC822 nameConstraints Test27 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,72CEB87CF5E919A0
+
+1kIqFRDkRsg9vR2Y140zuDWapk182kj2r9IZoE9dBx9TEOA19bs0GUqsZRE/DpVZ
+44bOzHVB913aL7wNEK4vEZD3tf6YDu5aduHPM5c3jmzNu4FjnGqby9kZP5DIiGRl
+7H13Esg+8a24sP8Uax1ypHUhhzzvwn07tpVrgpyf5xYyDcgJU/u5REaPq0xdpDH6
+A509+sAyqFm+Yq73NO7OE0czQlm2wyil8c+ngHvrNdD3AaJYhNz+tCy2tq5RXlrZ
+5OYSdPKz7P7y+av0JYki8L5HWp9QhD/qTjeUDn/v5JTD/QV0QtWKVrd9rJqdbAMR
+tGSAlB3PY11hhNq43M1/fgRYwzjqTsBPAjBjmtiWCu2kfqm7v59nOfljbsinbjiZ
+tziKJn7Ep2yWPOv5f5KqLywNU21IshuyuM2JWPWsnDkG+jldkS+PITCVZ1dkJooq
+po6xC4Yf2iY9JUy5zdXdUe/eTaLlpbM6e/R+rhHlfZo7MeyFxdiB5fJEA87T3txX
+hzuDjOIN4HUqND22mCcTwttRki8JJARcZdxPcZXWX65hPpoZh1qXCP7IC6YQ7Ck2
+gZycbr30JLPAMgXCNJvAwduDaU6R5wkI4KYWGTuGodfu+ELAbG1uYKHmf98++HFv
+o1ewQgshmK7fc/Jg1WgFISEu0aNMxy7u/llxzhsK1nWllVMULQ2RkjNkEfXcZB4H
+9m6KJrK8l7T8OSfhJCWr+d1JIso9Nypv98GpKKyq/rbbNizGqoXe7xPtvTjZF8gc
+zAy2ksJ38Kd8W2bxW+pzfsn2oHjyQAgEnyas87zzF1aYW0oVNwQ9LtCy9vgkJdY/
+KM5UPQIo4HT7kioz6RY+3ILug83cxblnM2Iy9ivwwMzvl49N/DIKSXtgntsbzNj5
+EaNMiQndpWTueD00hI3rSpzWDa43K30et9xVkqD5Ypg+pkwVg+OUeZl7jAfCtBFP
+6MOw8VADxerbKTFUSfJDafYA437Zs/34fst3FFCrp8WmNjKeFvjUrnQptv5epsq+
+BFp6dkz0w1VcHNJdVlp2WLtrXb0SRFHMlVsYduN4iwY7bXTewx0BDJXnIVADymsI
+OHykdXEnSxfxm4SephKBKEq3Ro71EOt+P/qLrnLxh6p+8RPbt7fr505QaKqSLO5s
+Znz0daEKhG4G2Fc9oo1YjSdqbTAZabI9o/TGIPF197A87fvjjwHbc+PLkldE++Gb
+x+nG2ufQAGmqepJkbzPNdkhDGtrr35lLqUXkPeX6MZNf+fdK6zCmAyXflyboSggN
+WX+5s4V9KhvMtsCEiiGDfR3ULzxRIdJgtK+In6YwfoXAdOdN6A4MIvnxSQnXy3Zn
+ttKsvEsCuFVnFA3axJuXYj9O+f6O9/I0GgQGyBNj28p8c+YZtNfW23Ct+In617z2
+d556AQI727H9vO9N2EwEeg7IuqVP3IuyrVXSj+jqss0LEkXOaaN4ZhqSkLybqCev
+xfpVV7z7u4dIrmX2GarKGJmwPalwpKLH3Ado1x77ZjxZ10y9RuvZrgVL65rP5qqf
+3E/ADVTPIdfw7CZIBfb2sSlgEKYZs5/iFHujqwEIl1rNiRPP7fJzvlcXpC/kixgH
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1.pem
deleted file mode 100644
index 45a7bb6036..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIICqDCCAhGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB9MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3Ry
-YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBALJBCTy1/LSNTMnBOuzrGV4EuZM/iXN4/m+w9j5uwlLzfyPGdceIOSA+
-vOAPdr/9ralb/4Wvr2H7ive/ruSrj338JwY50O9BMowjNWiBs+G30rUMo+lFNoHV
-eUfBE9TZF5MiZMRPH2UiH1QqCHSn8Myeb19XahMyIfCVqISqwIEPAgMBAAGjazBp
-MB8GA1UdIwQYMBaAFE4uo+fZ3YungjtBSsOefFkjV05TMB0GA1UdDgQWBBSa/kUI
-iD544eivJJmZZwWNNFasSDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
-hkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAGlp4H06BUnD5PHzz/2nv9PBE7Vc
-UFLCQzhBdC13Ml9hLy/5ZLFWjlxnMKCuL51OVW25ocoUaUubwgvi3crDc4O9p72W
-xYXIEa7PYpuPadAEOKbdZJNB0X1aKWORBpaj6yiK48WMG0UydqIZps0wcfAP3HwK
-yZa23hxUZyeu9lkv
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11.pem
deleted file mode 100644
index 921ee94669..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11.pem
+++ /dev/null
@@ -1,113 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/OU=permittedSubtree2/CN=Valid DN nameConstraints EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN5 CA
------BEGIN CERTIFICATE-----
-MIICxjCCAi+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjCBmjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQL
-ExFwZXJtaXR0ZWRTdWJ0cmVlMTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTIx
-NzA1BgNVBAMTLlZhbGlkIEROIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0
-ZSBUZXN0MTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJlfx3jHiQnBHgwQ
-XhHjF5QJIB+q+2Mc2w6gHDzym/PiEa5utF2eNcy1cskZiVaLmODreo/HtQpn8Iv+
-YBfTuMT3GDXVTpPFfhVvtm4c7xz+e8QcJhK5TapF4kA4ejKPY8/JzpEtMvIS1tbt
-w4ZQteFe2G55WqBlnMnwK3yQtphFAgMBAAGjazBpMB8GA1UdIwQYMBaAFBI1n6zB
-uaHjOv7xL7p3sghOTVntMB0GA1UdDgQWBBRiLDLb16WReucmARwbU+K2PP+CPjAO
-BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3
-DQEBBQUAA4GBAD8UOLijF/GmDv8mf/f0lhyLAbW8kylUTYgCUJpSlOL5pbtDoy/d
-9OGqYA3uzDmQJxeaW2dzPwxOjV1IVBVFjA1yBiOpxQrLhc4vDGnVBpYfcvVzy1Dh
-0jntUoxeVGCVSTd5DX1DWqzfQcOvEP3kiPGhodlCrY1udMFkLCuleB7B
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN5 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDRjCCAq+gAwIBAgIBQjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIERONSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxmMyGO18
-wxt7plFRZcGPd5GxKiCL+NJ+O/UB82qQ1+GhwlsBTSo86QNLh9KPIjs3rrARYIo0
-FqA86FPnpIiE/yWOfuQOeI3t6yvWf0XsXvcffhjW6n6sErOqhXX7voiJODZMseiM
-wQ2Md8CcE3j78i6crfbdO6xGp2xNX63VmkMCAwEAAaOCAUQwggFAMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQSNZ+swbmh4zr+8S+6
-d7IITk1Z7TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wgcMGA1UdHgEB/wSBuDCBtaBLMEmkRzBFMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBl
-cm1pdHRlZFN1YnRyZWUxoWYwZKRiMGAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExGTAX
-BgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTEwDQYJKoZIhvcNAQEFBQADgYEAp32j43pb
-BqBj+2V14kyvmo+pgQ9H/ag1zf7WG4ei+McEkF7yvHSC6nfXJA19r+q2fAnvIU4M
-TriscCGq9oE6qzd3VIQ5wx8eJp8v9SG62gxZe3n1A8gzG37TvTwBOeEgxOKBa/BS
-8MNUbMO2SJwuE2pi9fnMhCgx9JxUQvQLou0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN5 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:12:35:9F:AC:C1:B9:A1:E3:3A:FE:F1:2F:BA:77:B2:08:4E:4D:59:ED
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        74:3d:76:85:10:61:c5:e4:1e:19:16:23:27:99:ac:bf:2e:c9:
-        07:40:7b:fb:45:44:5d:c1:6e:d5:5a:e5:6d:35:d1:4e:9c:e1:
-        b7:21:0c:2a:7b:7f:27:ed:9f:f4:59:15:1c:67:1d:4b:8e:ca:
-        19:7c:a2:78:22:bf:28:67:31:5f:bf:f3:73:73:ed:c3:9c:fe:
-        2f:16:56:80:ea:ec:27:dd:7a:85:15:2c:e8:fd:c5:80:2d:ad:
-        36:ac:8f:39:5b:d9:79:ff:54:82:c6:61:37:e2:b6:07:46:8b:
-        df:2c:86:2b:69:ca:d1:c3:71:4f:3f:c7:e9:4c:c9:23:85:85:
-        19:9d
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjUgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFBI1n6zBuaHjOv7xL7p3sghOTVntMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAHQ9doUQYcXkHhkWIyeZrL8uyQdAe/tFRF3BbtVa5W010U6c4bchDCp7
-fyftn/RZFRxnHUuOyhl8ongivyhnMV+/83Nz7cOc/i8WVoDq7CfdeoUVLOj9xYAt
-rTasjzlb2Xn/VILGYTfitgdGi98shitpytHDcU8/x+lMySOFhRmd
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11EE.pem
new file mode 100644
index 0000000000..fce83db62e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 42 21 9B 4F 53 30 54 1E E6 BC 4C 2E 7E A6 DC 7E A7 74 74 3D 
+    friendlyName: Valid DN nameConstraints Test11 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/OU=permittedSubtree2/CN=Valid DN nameConstraints EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN5 CA
+-----BEGIN CERTIFICATE-----
+MIID1TCCAr2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIERONSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGfMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExGjAYBgNVBAsTEXBlcm1pdHRl
+ZFN1YnRyZWUyMTcwNQYDVQQDEy5WYWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUg
+Q2VydGlmaWNhdGUgVGVzdDExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA01aMPpsarfXTbYAgFvrguR7kpQFB2n1BkbdNNhOcH46ur17thybR4gMhgKVy
+ILcpweStTS146Ezc4LjdRqKH51Lr/6QMfRF78siZfrAjbG7PDHmyX1XS1nYpdwnD
+nkK4Ajzj/CSYEzsASZ0vUt9fjEWGSBjJy2G7GAD4CENSnK9pLStCJiRrOQBNljEp
+i4USasjteKMMsmObpi2UN6i3PaypjubH0quqEaTd1T1okLsLhgZSSFQG67toDyln
+YggwV9KYiQKlBgNkGESKaQ+5scY0yGmpL41HRdehDEyRDfyhGTld8TiOkDBWI0M4
+D0UgdKsEtl266bBheQ72ggr79wIDAQABo2swaTAfBgNVHSMEGDAWgBS6nwnKkDmc
+Tnda6/sQlazTp0pdJzAdBgNVHQ4EFgQUEctmOQ3qs8HYJEuov8tpKBE0oKQwDgYD
+VR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0B
+AQsFAAOCAQEAymcKvWtG7XwsLtRjAAyciN0MvZNaF7nyKiPuY6YjdB+N6DDUwGEt
+N6yPWHIsTGtQ2QbAGoYivFz0uS6bGAmepNcjay+oGsL5pEGV9hPcCqL51FvFt3eg
+w6m0VoEOS6tvmQ9Xd9eKSRtyBgBwVwTdvhbw8qhnh47+F40MThIUa69/Zec1Ihem
+LcGAbdvzLOw7vAdu76gNHoECHEtAx0DntWVJqhHHD68NOtFeWCz5/582KYaAhcK3
+XVPMI8dkSN9vFkUCYW4A+GfXflQFj3IT+qfhfLhu8Xvw8yfr535h0ollM6dN3OaS
+DTwwkN/wHr0evldYdBGOiU44oD0CBxYGUw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 42 21 9B 4F 53 30 54 1E E6 BC 4C 2E 7E A6 DC 7E A7 74 74 3D 
+    friendlyName: Valid DN nameConstraints Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B3836AB766A567F9
+
+CSm02WNdI3uzaWtp0BoPy7mdRqQSQwfKgfkYMUO/x8sO6UL82kbm1rHujYf4exqN
+ix8b9bsX7pm6jwL65t6rev7RYnobUlN7UevjKt6qgxTqSvRh2UEmngYcdChxxi5E
+7GBYiJsClbB+FIwIuTMkxjTqH2IiawKSjKaG8uMDYa93/qh/LrkvjlVVDvocdKwQ
+sTIsqlh0151Qib8LcWbNm2yxuGXyMIb29rDn5Kxua8CWrXyJJWOvT/DA6yCBpmK9
+l1uKGUnz0QFy1ut3exLjdvfreAffGAppb/Jax7SHQevMOGPZognQViZudRkq9ryV
+Q7pW4HkuzbHOrRaBSs/gE9mdA1skcFwxTcBQAt6lfcr8r+XFhv/1QYzu6pW3jJ46
+B00O6DWLlW2eKK/Zu4RUvXBCU1rO1feYMe6yp9JXsIresIgSnBfdsGVqBh1OPINQ
+vHgP3ZHjhgH7qGir3fFEuRyA3xo7oOhp5VjdFfKJcBpanzyYycYY9NiUAH6GZsWg
+mvXjCxI69yytzlJ3ueU9Bup6oxE50vFwqnIJ7oXnBgDsKz0irOUolixEPkwmCCeI
+vYM1YD9+6chtYXeWpoNIQvXlwpjYkJWd44FfTB7BJ9TzNIAKkm5GFooRfOcMxInb
+mGL0QVX+bfSv2RA9FzKREBoNhmQ3OFp00ZKy52EENq1YlQPuIxD0ZllmFZTd1aw/
+uMqT23JNznL3W1FWoZdUSSr0BnaHrLZqvxFk4OAha4UMtsjbhEsOEQNV3XyORYnd
+jjhTi9vMVIix+VttltI792klVHfrDVbCD0ZTxf5nW1ymCax2FxHLhe7lreKuFCUE
++lve+uUHxpU7JG1XI4hjeGOTGw6YhOA5z24PMnND/N7UqWPa2LQdIxaiXYW1vVkW
+iqxFAzdE7r5xCHIYzagD6kVY1MI0sDC3wSpXIfF57L18wlak3ELeYDcWhzyFtsJs
+yMn8ExnimlyYs/HBsXQgMm7EjB8qkYhMK5HhQiiM/xJTVcmYpLQcJqt6kCs+vlII
+l50YedYvD73x+CdQ5efYfnPce9L0vgWywLB2T6qSfp8NfdRHiOk6KUop8cSgcwio
+NFH5AwG9sbgjKK40D3cdlfO2rSLoCY99z0GNiNeIYw1U+VUp6vazdQe2kKGyuYHE
+1h61rHfyFqcPEgYRyWeK6figj947UVSEypnBFiSDrvMKLD4CFMShbcwvvyVlb4P8
+RU7+JrFNbGyQrF7RnLKLaty/JYTz5z2r9bb9g1lOK2PUmXctu39iCfBAycFHGrek
+kqyIXLEt2a/XMCealugdsD90SNgzP+BWIGzRRNW+7OR486BBfdgNHv0xL6+LEU0F
+qzLCUKVUulNJ+UIQf8mjhsBB8z9U+EpM48ETP+Rp1yO6JdGTPuzQl/b/7yDeoTRN
+o6asqYCx9+7/bDwJgyU10J3KXpi/tVtOs777pKxUIR6FC0UrqQtf6bEkbEdFw+yL
+R8y8rjca283yMsn6Lyefwx1dnFc83UGMKWuYm0Y3ptDHUu6y5n+C6zKhoPctPwBu
+wK5t+8ZOw6XpYgBadRAKKCx7slNxhS82eLRE0CPJaSz8B9dIAUSXjkVGGU8dMTRq
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14.pem
deleted file mode 100644
index 320f1d446b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14.pem
+++ /dev/null
@@ -1,165 +0,0 @@
-subject=
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMjAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMAAwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAK5n11EFLCX399YnLoDu+WMSsdD5RH6rHhn9p0cp2PAWiwDuXGka
-pOpn/ZgxpgF/Ydw7ASh9/R0rJD0EfAG7rADF6j3ECZntAJmdiO7euB16HhemfpVN
-ZRiCcehJVtTK+G3vptIsyPFsdWYusjaRHdEniqEv0+rI8ZdP2RBn/pn5AgMBAAGj
-ga8wgawwHwYDVR0jBBgwFoAU1a9rKA2drUhsDIIq/9JoCS8UbVcwHQYDVR0OBBYE
-FDv0z/QxqCSlpmLnB0ps7mSrkwUoMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
-MAwGCmCGSAFlAwIBMAEwQQYDVR0RAQH/BDcwNYEzVmFsaWRETm5hbWVDb25zdHJh
-aW50c1Rlc3QxNEVFQHRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUA
-A4GBAEfjsvrVypBwFe1Fa4RRq10LsqrrCLc1NPiFR0B2yliqIBq81FAJcdEDNmZq
-D8C5gctYTrk9OgXYKgTzUkO8UGNtOYhDPrz1LyBnpND5D1ggYJe+xur2EX0ilhDO
-iq9+08Vo59/dYFQlttOeyY+LJMNzWqQAxxtf3p89oTOgQfxW
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIDAzCCAmygAwIBAgIBBjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAteRgCqKcIeCHmYMc
-xyzmM+fCjW6MAEl+OFQ9Q7UJ1n9YE0TuaGiSxjTkrTXwDF2JoDwMtC6FoqnvEyEk
-kAxNlM0oiLhRxM9FcNCow3VK458jtPozrIgd/7PAP+FXsqPanD2DRYj4c1gNKSl4
-U/l6HyTj+yV6ax5EkPgQDLQlJksCAwEAAaOB2DCB1TAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU1a9rKA2drUhsDIIq/9JoCS8UbVcw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMCVVMxGjAY
-BgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0
-cmVlMjANBgkqhkiG9w0BAQUFAAOBgQANN5YtrqXFWfdpK19qY+rn50d/fYdLaOU5
-dSIAqmnB5woTCXdWF0LUADF4DkPfcWBxbE36lwBuGXBfiInH/5yLRy0Y9cZbtHSg
-QwTIf2a+38pR6QyBniftVBmBTuhO/PV+/kA8gKAZ6X4+vGMv69YjU9avYeS1o+XW
-liQdX8l7vg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D5:AF:6B:28:0D:9D:AD:48:6C:0C:82:2A:FF:D2:68:09:2F:14:6D:57
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        af:f5:73:47:0b:2b:ce:c1:5c:82:7a:07:ed:cd:ce:55:02:85:
-        34:07:7e:46:10:13:e0:94:7e:8c:27:9c:f5:52:89:55:5b:fc:
-        e9:08:32:b3:54:75:03:c0:ad:8a:b7:e3:fa:5e:73:10:90:5f:
-        26:ca:6e:1c:e2:68:e4:99:4c:06:38:3b:56:25:ce:82:a5:7a:
-        3f:0e:c5:a4:78:8b:19:d2:fc:a6:4f:f2:6d:d6:12:5f:69:03:
-        98:b8:00:c2:0d:4f:9e:47:fd:66:3e:ac:e4:fb:55:f3:4b:bf:
-        42:54:ce:46:a2:5c:fd:c4:5f:d8:61:5a:61:9b:a1:2c:af:0a:
-        a2:2e
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMhcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU1a9rKA2drUhsDIIq
-/9JoCS8UbVcwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAr/VzRwsrzsFc
-gnoH7c3OVQKFNAd+RhAT4JR+jCec9VKJVVv86Qgys1R1A8Ctirfj+l5zEJBfJspu
-HOJo5JlMBjg7ViXOgqV6Pw7FpHiLGdL8pk/ybdYSX2kDmLgAwg1Pnkf9Zj6s5PtV
-80u/QlTORqJc/cRf2GFaYZuhLK8Koi4=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14EE.pem
new file mode 100644
index 0000000000..a5b3563154
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 4A 58 B8 8B 2C 1E F0 A3 50 1D 80 57 5A B4 9D CE 6B 94 76 59 
+    friendlyName: Valid DN nameConstraints Test14 EE
+subject=
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ey
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowADCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANL44jTyFq7QAleicaquWUZlfqoETqCeRuZqGndG
+rpYU1yDVOmaEtITWmCQ22VaIIu7+IaIeFKNyoU0ELLvkWybmC4eI/uI4pFqQgrvS
+J+lJbD5jtlLcMNAUf78gd0j3bie97KHei9ipYaZtTUD9RD2CKSdSifI472U5ytsQ
+TytctM9miZpgin2XhaqgLIdV3KnrYzXCtYLoegjE8pOTrsYKOURylSDgtJsFwa1P
+HRwFQvPhhguTUGB6kkPGCgrqoyV5PfXWGSCvkaN+LrfNIqzL2x6xKoXeY9RaTXtq
+t8J5bkv2aI/SxH6x37wA1MiU3zuF+MIlMT2LAs2e+PixXx0CAwEAAaOBrzCBrDAf
+BgNVHSMEGDAWgBSiL1iDW0yVl7fu9oe0lw7gf+CXFTAdBgNVHQ4EFgQUXy6VFzDx
+TC6AfvMa6q1deaLwOLcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZI
+AWUDAgEwATBBBgNVHREBAf8ENzA1gTNWYWxpZERObmFtZUNvbnN0cmFpbnRzVGVz
+dDE0RUVAdGVzdGNlcnRpZmljYXRlcy5nb3YwDQYJKoZIhvcNAQELBQADggEBAM30
+T0niDNwc9oxJTmAHuLnIH4LSgOfNAqPC+KqoyjyGmZbsL4bOjpv3D/nvv3cOkuQk
+49bygt+lJsDonEKKYBz4L0jnGOZjC3d8UPu80v7nUkB1yzMaZO+A05rNtxA/iA6o
+t7N0RsDosn2Fu4q+77Dddx1JYp90XfglW1pXj1gdgrwAMwrweF/fDlAMPs5h2qGH
+K7EXhJ5sSToTsEIPVAoLiwDK6yFcCGyui+7koxE0ycDHsDJk0bqRhQVJDKrg7peh
+PBbUQT2g5kNNKu8gCB3UQcyn9K9twWAizjW9DNub8L0wsyttyaXJ9k4QMyO4x+OL
+E5sd13zm4Tfjnw24VUU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4A 58 B8 8B 2C 1E F0 A3 50 1D 80 57 5A B4 9D CE 6B 94 76 59 
+    friendlyName: Valid DN nameConstraints Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8EA248F19DC1F227
+
+7Wv/sIjaQUUCWAHs+it1XCJvgYdX0EpK1qXj66wXzUhTbmrHkax3xGe/VaYsmdd9
+o4lUAJUhIUrtTwayn/uZl5f6H4BY4q8baU0XonoFnPmSZ4q3QpzVMq8FV50+3hWq
+mmKD4yhcRchNRKB5tvjC2IZXW8gyQJtaeZgLKQuQSfjXMq5370lLjC1Ri9HAQzqR
+vTxJrI7ShudRoRhF7flg1tV4StDYRMxcK+38k/QoOCtkmwLJ9ASUPwCakg70dRCF
++upuRKLtVe0M/wujFU/tYAQI0+kNdCXc/1YeRUdUD4IrOk4TKi1f6pDoL9hL7Dnw
+Q6J5hh8CFKqzsIvPPNCm4Jo9D9oDktT3ERlKETWRIdvy37UE8lLXiA73JoQ1srkp
+NdLrOb3U7/IoIQSvcRbkg/KNJfgtQSCw2l4oj04ShXMRrCbmlUOEIOAVaCx74Box
+4ycUakWciuEJSIsQ1Mh/H2mh40dWZh4iZju3tk33N0YKzw9azhLUdpCPF+Y0H0sk
+rROyKWKpqxNsft/rCuZcl1I39CFzUXqxRNSbs7WlKOOuh/6qQv1Fpg1AvIT3v2Rh
+SO26RVc47oEQPEK1C2ktnNJRqhCCslm0qqoofnQolMKSfC+3eI27NuvESGkgafcW
+WFXbK5Mp6xGcjE63w5KmBZw/0DnUkmuJoj0hxawAbfxU7dackLn0z54VrnzyuDbu
+2CRzVQkVq6ptz+qQKSvOIYHIzmZaFlSr0MGXR8CJSBNhFG4By8azOmtlIKF7HGG9
+JrZSgBw0ep6I7h7MyxOUEsji4MUPn/+3S5h3UL9Wex/gqXYwboeN4Pm1Pbk03aUR
+1urrLNcmdBWMa6Sllbe+oJaneFM3Ci908cgUOQ218BgyZJYi/Dw5VJPicrcdmmbn
+LkbAW265R9VkDmemyqRSyFHdTwMnH4NBx1fkhzaTX5rli00pK4vd2AG6EUkBKKKe
+eJmoUCtWlXINj66Yl417QpuM4yPGF51Q31Bn30pZ97RZGEeJWNn7vcuIQxESM/4/
+BKsBA0CKqM1wdKz1Vi/Cjb87zTLGgeS90rHBOa+Opr06J6qzH1d7xeWTMBCMkUCs
+PpI10QWEdE/pR8/gXhtPb3Au5s2iWFmPeeAz0QlPtGNogeAMZGxOIJDCSqaXgtW2
+rTApmIF1fmLxrnSIA53YlCO0ZBq/y5LBWn635UjJ4gZtE1Ct2vzx1cCVAVreanoy
+Q/+u63XRe+cPDsNdpUpVhr1giRn9PzU92xRf/Qjh3dp80qvnYCyZrgy3Dxf2cxLh
+aSANrTIiZI416dHI/c4sszZAoqsO2uAavY0ll1q98PTIFx+gXo4Bz0pOW3xs6YA5
+eaWRFQbL/aiYzz8RepZJOv4g4LmFgX71OjSOA6zOW88yiIUfoPKLfJt7K7dGvNFR
+zl3DUieK0MoAnyfKtPLRPqtCfWjxSP0cyFYdiQp1W7Ao3QiP4sAs+bqncz/jXNcV
+iTxvp9WH8NJ6Kpf1h3AzZgXeDd9B4M/g1EHRJH/2uvbf8BzYKAMGOXYThsrdTbXp
+/cm5998qRWj0F7C9B9FFlJbK/bA5DIR8gLVusSbdLIG5kKI9oH2Aiw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18.pem
deleted file mode 100644
index a9762440d7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18.pem
+++ /dev/null
@@ -1,162 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid DN nameConstraints EE Certificate Test18
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
------BEGIN CERTIFICATE-----
-MIICkTCCAfqgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBETjMgc3ViQ0EyMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-YjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTcwNQYD
-VQQDEy5WYWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDE4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDB4Ppc8a/vNVYqFPhznRZF
-lo/ecz5fZXYIuGCaozBBsqZu+6JFjbrAbeA6FbCKH/w1WFNPPTTSvJqSqN4Lw1yG
-yeTCfJoFyUA1wbNUKONsJQgYoOLM+KIuBUpfhZKtHzLrk+NKoCz7pWo52Wy5aQ0A
-B8St+URVVzDNk8Z5+mtaYwIDAQABo2swaTAfBgNVHSMEGDAWgBQLSL4ocWpIJAo8
-4krUBSri1x417zAdBgNVHQ4EFgQUzsfJblSrNLQ6e4Gq3J4kw3O7LYQwDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUF
-AAOBgQC3FQqH6qw98Em37v12rhcPtdOIRWZPs2z9dGJpRJHDBzNoWr2t5pxwnBhZ
-L7Wy8uNRTy6iTNLgDPIPP4sXYlphcnG2SLe8APJUcTE80aikRwFcht0SO+lpiUhn
-FTrjSWJELeehius13WbzhA4NKTjleW5zkvh3mTYww5msepvgrA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIICyzCCAjSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMT
-Gm5hbWVDb25zdHJhaW50cyBETjMgc3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDCH3OWCAvPFZXpNTKMN3DoOML+FK32+icT19l0MQXIXBqoJyw8qF2z
-xcl4ahdLxfSFpf8OF3ttKbzN5fk2/Dxue6beAMs0L1r4VUilJaUhOmTMrlYXB6UI
-QX2nzlu6lZbNrI0VFt8qM2C9CdbG+2ZQuJQQO0BtHXWJC9el4t68/QIDAQABo4G8
-MIG5MB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBQL
-SL4ocWpIJAo84krUBSri1x417zAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wPQYDVR0eAQH/BDMwMaAvMC2k
-KzApMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMwDQYJ
-KoZIhvcNAQEFBQADgYEAV7W8Yarxgw2gPgl0gz1Vz7IdH6ZbzLBpsB0W+gyPTd+R
-toE/N42Efda3DIG5BoxqTj00uc9j2GF5LqBgKaEieenzkv5E6qbTrZ0F/FdX1c17
-DBpRvkchpd4FACNL+FhSq824LEKdBDOx669LmsH664nk6NSPtv04LjUxa+822aw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0B:48:BE:28:71:6A:48:24:0A:3C:E2:4A:D4:05:2A:E2:D7:1E:35:EF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c0:0c:a7:28:80:0d:2c:71:66:4d:67:82:ec:c7:30:4f:48:29:
-        fe:d4:20:82:f2:5c:e6:ef:24:8b:9f:f2:b8:c5:3b:e0:86:53:
-        f4:b5:fc:67:db:b2:1d:45:77:8a:78:47:eb:63:bb:43:b8:14:
-        c0:05:ff:ca:7b:d5:1f:fa:df:e7:7a:a5:39:e7:00:ed:4a:d9:
-        6d:fd:d1:78:a1:44:f0:71:f4:89:4c:52:d5:ef:99:5c:59:eb:
-        80:c4:5d:ed:48:2b:5a:55:0b:d1:df:4a:a5:49:69:f1:67:a2:
-        aa:ce:9d:99:9b:74:0f:ec:da:60:d9:3e:14:45:a3:6c:5b:47:
-        fa:d0
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBE
-TjMgc3ViQ0EyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBQLSL4ocWpIJAo84krUBSri1x417zAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQDADKcogA0scWZNZ4LsxzBPSCn+1CCC8lzm7ySLn/K4xTvghlP0
-tfxn27IdRXeKeEfrY7tDuBTABf/Ke9Uf+t/neqU55wDtStlt/dF4oUTwcfSJTFLV
-75lcWeuAxF3tSCtaVQvR30qlSWnxZ6Kqzp2Zm3QP7Npg2T4URaNsW0f60A==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18EE.pem
new file mode 100644
index 0000000000..86209f552f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A8 70 FA C4 0E 3C B5 0E 6F 88 EC 8B 32 73 C0 03 35 7A 32 65 
+    friendlyName: Valid DN nameConstraints Test18 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid DN nameConstraints EE Certificate Test18
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDoDCCAoigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIEROMyBzdWJDQTIwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBnMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE3MDUGA1UEAxMuVmFsaWQgRE4gbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QxODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCc
+FAieQeWV3r7La3dUczH3NGDXPJiaAR+Tqn6f8k320kCvHGdaBRcTKZXH4tX3ZmE6
+vFn8l8xfrX4ApA7+GPrM0MVIUJsMbw3CGjoz872d/Kgz+vS6idpGClTvihDBL3/5
+Nt3TSxejRtxyHVfrIv+zN7f4OH2dZVzdi7ygCv2Kd42XegPi0DKGCdC+ygKWxsta
+0Nti3GppDzGF8UElao99zalmEtdeLgD00v4w0kVGwmmFMn10JhKdwmT2Svu9DteY
+7jum4YaB+yK9IzA/j4Pr0I4FyOC6ZdJNdyrFAU7y5G/eTziM22YEujjzbe5P7X1G
+AUenUiC1R9eaFoHYH78CAwEAAaNrMGkwHwYDVR0jBBgwFoAUzATtaigdft5k6gCI
+Kux1Eb+lLmcwHQYDVR0OBBYEFLQCkqHPGqp0V/N8OEcO5zUqhdd4MA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQAD
+ggEBAFImhmXh6wbcMuY4ksQzwV9ci+PiOlD+x7nQddqIsuj2CtmLdphO0z+jhw/c
+AcLQiIUJEE2UT0Eow1wYT3IsGV52jV9Xv+4Po9KVIA1S8W87IFJlBhkXPvmzmSeY
+KwHVKq/4fUXpy30yvfxGEWxG3HUKHg7m895xfM2kiKb3RnmC0+FmZQayAi76WaLF
+8u17d9hZo/cLoNd66TyPuxisLiqbXe3Uzvorkbd1RYlwBZUtl+T076+XCluS5ZL4
+Fu5vN9C8+fQWjsJnB1/ifh/oiZqkSkR9K4s+0qAKGOTcrMsf7OfiybRIfkX5Mhc0
+KyfioCAyiP1/9+WcRhdt/NLYheg=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A8 70 FA C4 0E 3C B5 0E 6F 88 EC 8B 32 73 C0 03 35 7A 32 65 
+    friendlyName: Valid DN nameConstraints Test18 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1E542095939441FA
+
+cdJyyhnYzLpEmG9qF6WT2BN7QvChbUTEQE1WGGnu62oYRuA2j+dMwoPlqr5tpx8g
+KN7VMXggs9kv6s3QYfIdHlI04eAa8uBN0qXafrVThnJoBmQgfEVX39HmRv7FGf4M
+JVr2aO1y3BE8xTX32w6p1u08jsOt3WCDtw7QGhjHxhtCWYfFgXMTwn+me0y2g8yE
+wnd6Xp6M8SD5Im8bilrPn5saizdiee/JI/99u2u1pVYSz00/2UmIt//x9Q2DHTSu
+wWIv4nja1ZKwGErF/KdAohIGDolhfAYxUqvaA6d74JUB/k6Q9lgVCrkvjqqBGPJo
+W9s1hyNhqi23SbpNcRBDbMcgJENJYObVFzGXNqeFTMhqIvfS1DLJi+5qdBD/d6oD
+aFfWlQxy3lHysoyVEdAp040kbTLwpxgDOY05d23MBGVy6ZxGmfKXvdWMwRM/JedL
+kYtWLz9BzLcIlG2/5uIXc4g7Q6MWlzFtN4I0Y637scar+2tKKM7UEFiZArsGlMp/
+hqTcvNrHMNr/7MgdZe4JyaqKEcwqrNR7TCPTi0B7I/LNBd19dkhucu1oWH5uvToq
+eY+Or54f8pmxzMV6DUuDVWGrJplL1uUOP0CjbjG8yPp9u/a/AFJQb5pwnEJTsHsU
+f3HWV2ZcgAuX82O/HwRYC90E6XNBomUlvcFBFKQ63tc4eYeqoNmvXmFZkjY5xn1e
+A4DsFsk/acCs9islaUvhahm2x0CO4vNJwHoMs+JtJxmjXKFnfZCXYlAzGhqeDk+i
+rcr2cMRo4HCvEu4jQOj5RWsXgWiOTidztcFB0XnSnY51hzH+jOm7ocyQoyIwpXEh
+9Bl84THm/0qBGyjYzxU9W4rOismfuaPzxEHq8hpboxzHmD2VAuiG/KBV4jZYxpL2
+j9be2uU7TFUR/MskI2une5hSm+EJxhzmdkoZy32g5XV+jNhnP7VUhgJEuGXUJ5tC
+yR1TbdY2mCdYSW7EfHDlrbjUCxFQPldaeLn6yGzijQK0A8nHONLUH/EhObfvDHzc
+EQCA4V+ha0mzL8QTQ9jVy7+Y4JSsXl1JkxR0ZLkoCENHClLqSPadklxoyfUxVfSN
+Dlga05jr18QjRr8LqsROy6lcWwJUT5eFc9EBVUkPpvSz3il3cdQTME0Ea4QmMErB
+lDw/K6htlcLRvDOZVy/9Q/uIT4KrIcitxtQK14jhm39lFzd9bOfi5q6tqPOWDg5S
+cqa8HVj+P3oVKHk11F+eW2nsgfoEl/spelBMFb8QfaSuNcMPNwjruxcqcTut1FgL
+AMyQc+EU++OBELkdlXvSotQGbY3OIT6No8vrDhm61Vs18CT05qqu08oNq3B32+XD
+b6HfupCJFlEkaLw3c9u8kZxWtUo5DCrSuWfi1ta1gZNzqtawpP3clJEyt/hvz72k
+QyEpoaifA/y6HfFL8kleKvKTJLTFdjm9b37ttFt8lh1x2GSX6G5SCHYlW6joafu1
+T0dbeXJOWSHg+xmG6xPZ9Vcia7JCvNghyv4dHyth3bjWrOLPzJOpWP9WePcbk2Tx
+/0ScABKYNKvw3+MfhoVC5CpejEhU4BODzD3F+0gmv/5TNYtzfxWjiQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest19EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest19EE.pem
new file mode 100644
index 0000000000..7ad405fca5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest19EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 86 B9 A7 60 ED C4 32 C4 5E A0 3C 59 AC E8 D7 DA DD 2E 00 0E 
+    friendlyName: Valid DN nameConstraints Test19 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test19
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGDMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExNzA1BgNVBAMTLlZhbGlkIERO
+IG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZDEN42s2ft+DCcNTzYyJbruK++J4wlPXY
+3JUK4AuI7b55n28caZPvcvtanXRwoQBbvAp/ub04TWtx8o/8etTSciTIBQ6YN0qt
+sh2WW+zsppqt0C+c3Fc2wJJcHh9VQzdMo74pn/mqULaS2K2FQ6msHaplTXcBILHA
+g78xjSQG054NSxqV6z+AsNy1Syw57a92XbmPjeOIsA0oRaHDZfAG8QvQxvWdsh0U
+oyCAM+8IpsSuNOGBpCDViAM0pUuxzeG1WHrYxvyGnQsjjj4HqUqrCXUNWL2yHyD8
+gUv+sYtecxNG56/UowvUeK8eseqmn6BTLur8FC7JC7zeM9ROiEkFAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFEWdG+7F/+PExzA4TFvHXVSZcsC4MB0GA1UdDgQWBBRZQxHX
+4rWSiri1Ka3mWvM/NDr6GTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQCDwHY5/eYX9EpSxTjNmRXVJjje
+8HJ+wB+U9OsMSk7tQb3vsR/ZrgWJXdHuSdaFYUxWDFh6Ufr0kI+AG0nn6V8Kiwka
+73XcU5u9OURprhay2gw331HAcdM4v5Hlv2TQuhFs89MrdzXJ7DJlv//cVg+RTN/9
+OqonUDT/30LUPs90p3PhCBpR5rBqVPX8lzpv849lGQ+eSsdlYd/TG8MM536ImHIj
+xnVMqB+1VlLj77W9XgrxrcdQIBFvAME/oUs2tix9cAbe0+szHinaI46VWCRdkJ/q
+ONNx6C0yX7KwAv5ksINxW7Sy9ajkliArvuq8AfaaO+aupYabnhiqlhF72KF9
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 86 B9 A7 60 ED C4 32 C4 5E A0 3C 59 AC E8 D7 DA DD 2E 00 0E 
+    friendlyName: Valid DN nameConstraints Test19 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6EB929EC02FF13B7
+
+e+GE9EM2uqDn5QYh8nfYPqM8KhgU/2MalgZFOVQqpK6sLGBmacKGfS4YilvwSh4O
+UqSxgvLP0ew0/MDhsI+GQwBOK91GBMGIRCae75lewRxsokbAaoiGGCqJ15kWf+fj
+Xg7W66JdrmKDCJ0nm5qcZ4YB0KU8GjjF/H5BDXqrYxDc/yw4qQ8gPlh3vKQjjHdF
+4vbhH0kxFiencJ4OhQI7BN5Gz+/RsnlCULyxA8RjssMD1kY3GtxBf4ZVEiRSMujR
+0m80K/rTRaJla5s9pBnCzCNI06X5Usj+X4QAW/48O8g3qmz/uqTcQtEDGOenFwVg
+qMke6F6nTh4Ctqe4YZRyB+QB0ugKcbc2DBgRnZrTR6NNP7HkEYgdJQkFoCsc3DxZ
+pa+n8IfrSDAssDG5+ALG9YpRCrhosBmhJ0nLKPRb2Af8igyCsnFkZd8IC1Y0/zJ1
+xvx00J9CW/I9Ua93VPOgqiXZ4uJryZBAiorTpJuumYyFvrPYyz9YZkyYL8LOcFkq
+UK3OVcKLCgbTHKAEsTl/jIQgfWaPSGjwtSTwJQr+A5zJxpU5tTc1ZQ52k2qq1tOu
+eKBzTiJQh2YxQNVJruimchRCMYo1TMmo1Mvvdg04BLbyzPKpB6UCgDiaJFhwPqLb
+u/Ah+nGl0BtZ6YPRMcHvigRR4zfH6xFcZaz+DZHAh9A5FIj6T13p2o/TKzwsrgC5
+LQ+/7YU7qRtkjM4Z1gjlC6mWxWFcCCje7w9qlaSCOy7PZWGmIJ4JcGPNC5OocAos
+cK1o0cOdTop+NW3WVpJIDwvrPqgV4a0Ww4tXiKbKyrSvyarj/lK2qo+eRpi1ewDj
+vjTJWlR8j4Zjouw06qxd776TQV4ThPQKj8JgybNxTPmv4xe8SXLnG9sufwzdo+DK
+pSCJALvvrxJYgEW6nAAVkeWCMcZCoYZXSRgkPqcvOgDa1iAGgV4CsqWMmCN2PcYe
+JANcFx2fCwr8c9XLVqjjHRNHfkAir/7Q8tiInxWPF8JuREGhB5FW4oLPRN/ItRO6
+CamTiUfcsXLoMgO1EPHV06T4/R2RzDUQcloQpno7OEzJVgddvnZiqDTWGBeZ9Z7j
+H9Qx4o2LkymfPM16fZzAa4VNJsaE6jsQZol5BBuwzcrS1W+Kp9SMjG4LGCL1n5u5
+PdJuwcA3BxWl+o8q//OHYmqOtCfKSyV6UpBexs1e9+eb+dDt4Q/cx0IKqYfwoDTu
+rQIMVbZnKrNhSQ5u2kk+JWx6JZcQLGAW/5iCZJbeTGN1hKg1P+9moPsFBN8bp8Bm
+M1jY/o9qViP3RE8GsiQYfOyOFynVSw/KKG8vQf20bPvOb802MzdWbY9sNsk+f2xw
+neflXprMsA41TmnDoveszmjBhmFMj25MpeRF7bgpV3YTqxiNGW5GRywIPwFT/EKS
+5RYilsnainDh1tbBSsGA6OXqrxscqGhBIc55QXJB3NqfTkpCcmsDUsJIzVsx7rMy
+Qto2lr8JgStWolDp2Ft5CQSpT2npww3CD9JeusE4W4rq2dtQZrOQcTHrSTduaGig
+UqJv5XA1dFLfRsQILo6ofiIgQUYJFnbMbOYSC6SCCeL5LaAbFAx/4A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1EE.pem
new file mode 100644
index 0000000000..73090f5bdd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: AD 0C EF DF A8 08 5E 31 FB B7 63 F8 2D 53 14 21 B6 68 20 85 
+    friendlyName: Valid DN nameConstraints Test1 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGCMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExNjA0BgNVBAMTLVZhbGlkIERO
+IG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMRVH83Hm46JPU28u6W/BR3a95naRI7hTLko
+SOFjXkkjx8tjModC1M4QxWpoMZj2AF0Fd4Aykw75HS8W37wb8UjFS3SrXQ66qVwY
+h0CDz8mNOvtGSanquco3tZeMqoDe8/EXhotzwnf5F83cyp7XB7OiEQPzbplkD4jQ
+GZ5d/SF0lBUdhxilqRlXSemd1kfGop73BOGmgqkQhP+I+4ZZVwxUO5pXGzRpfGK+
+h8ZiOM/JAxpmhdaU1HC6Zf4YDqA2XpKZKQ232myfX4SObpXZ0DUOLNNDzYisj14W
+3ygeNgyIUFVp8hLPI6/BXTJqziW0TqoqCb5Joq+32zjYPwJNxcECAwEAAaNrMGkw
+HwYDVR0jBBgwFoAUQXhCRs1OqILn4Tnf96kWwAr874YwHQYDVR0OBBYEFF3+CfUG
+qPKNIJRROjk0yUUKmZ2SMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAEzeTUMhQZChACqQef2LLNvj+BfT
+VkDB0FVyPo3Yti8bRH8ZnItB8CWkS1iBvv4Bwgp7S8MpAGrgmyBCAO93VjySw5a2
+kEU/55B39tPKMQqWOAvi7DU31mWdWemMwD3u/SuK/8pnPOANjduViBKze8rUj4u0
+tbaYLor/qh4Lxgux9Xw1K+rwKlV9xDvoRLqNMsSReCLfMjMwXkUV7CL/6XjOGACM
+XMPQkJx1SnWLerNLLi2dzO1Ly9Ikr4jTEflJ/lxdw8Fa88eLXNte+JH0OcwwwLQM
+PiSkYK4B8y0A3Psl9309+kocX+YG1ppMoXg64Nt3YQ6kZqw/07gDFODEz3M=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AD 0C EF DF A8 08 5E 31 FB B7 63 F8 2D 53 14 21 B6 68 20 85 
+    friendlyName: Valid DN nameConstraints Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,06836DC2794B1725
+
+7jb9KmEbTz6f9Rml5H8XH3LtwowJdNaQ5jJmtmCsOPGA5F17QXqRbmkcmNGYVTuT
+KhM9CJLw+dT6Y9cpJj3Z9+Ze9OG7m3Ti82TOmzHeLKLzlz4KBUV0u896VhxiImvw
+JMXP+7MOqD/j4oz4U32HBeK7R1AoG/PlREzdZOzYcKEmZ/m/PvIInCHHzxm97rYn
+2q78PQLZVXqaFdp+Xkeli4MzjnyZ9fYN2o2EdoxwGdNgOJ0ZXdScAPLH5x3dcLF4
+MDLL4I/1FvKj4+k3mY+GekZzvdAzpet7no5FVaEjoBX/GkxzWhVN+2vUhhvHZfPu
+OT6upmrrMO/m4s/6IvbEtNbUFtyPfNHdyiethdjbCz8ROa1Yxc94DzsQ4naKynoz
+AY6J7vof5Y19uGdreA7PqeVnX0iQ17Vqc3a8EM1HkiST4g8Lgki9IGFEp3hhQ9dd
+JIi+xj7Nu1Oe8Sei33yJiqubRTLerc+2Xk/IM0+ZHF1YZk1oFODQrvZAx0C/+PvH
+9MvJwpa2KxCb+utf7UsY+5fNbhpMrG1Gudzo3UNxsFw3Wyx0fn8gWeiQH/EJuRnW
+Ek/rMG6U/m1lDodZKnoO9biW/hi6I6nxwd7i8k9jBSjPFgFFGzDY2CpLGBEohv9S
+JyjQbrdjLv3RjMGnkPiRWXs42i4j9IpLrZ1yOdQ7r+kaz3ZLxzzDONjQbqFFrOL0
+nUcpBJQo8caufzdtIg9olKp4O7krveT1REuVwvAsm522GHZ25cdyEHcPQIpcvJ2T
+WKzfQjP/mz2FMBgb6EUTAlZ/lqftiewp16JQWCW5ciGNr0amWR8rcGnVtGgH8G8Z
+GqBsfeqywD5VsoNa3aNqavcFfg+CntHYEPoI2hK8KKQoXtXiTvd41KPWMFAuk6Bh
+quZMLulhPSspe1RS/h5wtrLdm432cYJIUBxPQTerBnRfESEVLu81qJiRPz6K9ZCx
+FHLWSQqxHlKbutDHp3Xa+L76XSbxRUt7Behp+IbVgXZ0aLHfJF4DXsJPJXxvrSRx
+AGQwHxeiCx+y/HgdksnALWJe/j0apT2xfPJvS0zS7oCOSLAX5UigSSPn93kGrl0q
+H/qVU118v1n0oD/jcyuCAOu7ZMIekpQgPocJB854pRVbHl0UQWkGXhv5UdfWb09i
+JJ3gwrIhaS2h4heRbXZWyla9qydsHJdktvDO+dmC78OUJi5e8zxtYuzdVVmp5cfg
+/QUdK65GYAEem1rKPVD+4kQ8SOqzT4RvYtCRhV5iG4fzfNzWG7+9khulFdhoWJ8C
+Yr+uyL6ZvWIXyrvTCFx2MXBe8kWLm35ZZoECDnm54SwPA9nZiXqhqovUK1UmVH2B
+n/yAaWnz3Vj4URFxznv0d3RxXRullVlYJrglI7n4+zS8Lthi/P5tUZYlMjwnuwy8
+/JOOxbX5UR5LQQUqO3FU4veAhhaeiHxUxF/SGX8oL6uFqa7nsBebKb4Hb41voX8N
+y2vsVWUlfB88vZsqZaZQk/59SHvWgooHtJZl1yxO5VtVuSg7ZkVlwNKNBYeUXQLJ
+gZrl0e5fpKn4EsetpubQ+ewty+h7SOnL0ygZ5xTupGXEaUlJaWucoA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4.pem
deleted file mode 100644
index 4ac860600b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIC5DCCAk2gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB9MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3Ry
-YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBALhZkHcTNlH9LLnLK2xDvZYiDsOUcL9iZsUfTjpcENuDJ8rsXGriZDos
-g2p5cYPr4BQ4895UOQPYJo6M7/4aUnQoc/FwnGfeBNagpCJg+nD8GQNpETK9QR06
-nSxOR4/hBD6YqE8UwAIaHejrmpeTrXankCrcei9nFiquQ0Q+rwWbAgMBAAGjgaYw
-gaMwHwYDVR0jBBgwFoAUTi6j59ndi6eCO0FKw558WSNXTlMwHQYDVR0OBBYEFPG4
-BNfdQjQcDcDbjwsrIcrQPg3UMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwOAYDVR0RBDEwL4EtRE5uYW1lQ29uc3RyYWludHNUZXN0NEVF
-QHRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAF3XzP3FukeS
-uWBMveZeEBA64M3CPXE4MchDQhtqKcYGa6SlA/t5zpGyFINeThQQrLSuijVGBGr9
-39Hwl9/maACLW3hz5xtL0881tscL2+obZhmF/lGB/e0RrLyGN3Wqql0a+BhEcj/+
-sG0iaxWcpIKdJXNFCi8/rexF7NWS+onw
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4EE.pem
new file mode 100644
index 0000000000..d5ae41d666
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 62 F8 08 39 E8 97 3F B0 8D 36 4A 19 DE 99 43 64 EB 04 B5 9E 
+    friendlyName: Valid DN nameConstraints Test4 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIID9DCCAtygAwIBAgIBBDANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGCMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExNjA0BgNVBAMTLVZhbGlkIERO
+IG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMwAaxtQyCLrv/YYGDvG+VDVKwvJGevkTOK/
+nOJK5GsXCbEgAwofTRjPkMXBdn7oSucjXzlMKnmPvaKh+e/fQKaNVlicqKoSOomS
+4KpSguNxEIzWUxDuMqfDpOCSZYIVc9PdCcLwbEq8lnYttJrajQrZUTlDCoQoHENv
+W21JsXe0+fbC0zVw2MAHBVniFhssPtRso199CD/J7t0iCBI7phy2tjvWC5cfUUNv
+DObrRNF7si3GPXHPUpMe/GmcEIdvEcAE4H+rCqEWUxKkWlyVPxIoPPsiRzqG6+7l
+AiMFsssbSNQ44qe93TAr7vsm1/ZhZpL0r/LMsZmNGSidHhYSt4cCAwEAAaOBpjCB
+ozAfBgNVHSMEGDAWgBRBeEJGzU6ogufhOd/3qRbACvzvhjAdBgNVHQ4EFgQUCNad
+qrso0AGdiySHpj2VH7iF03AwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATA4BgNVHREEMTAvgS1ETm5hbWVDb25zdHJhaW50c1Rlc3Q0RUVA
+dGVzdGNlcnRpZmljYXRlcy5nb3YwDQYJKoZIhvcNAQELBQADggEBAMLtM5cSPVV5
+t6LSDRihYq2CRqQTpOYhfm6UB87/JqjdIdK1ANoDgNdHWw/CdzwcgbDkt8BhUNwU
+EWovi3i8MbcLbagA3/5OooQ9rvlItrRvrIYVSJ/VPWSIdV/tCeljFGeh0Azfq4O+
+qLQbvjLBJtjCrMUVjVR+sj3eb6TuobLmIXdk7rGziSNKw49nvBQfqtkCkehuesaI
+cr8NCCESNhPopoRBHWRMTilfo1WOeT9U7RAEdolH4fycsnXuq3cXTHpeu9xL0Eqf
+YCgGXJ2Y9KUktGRTzi6WJZrMkzvxsdSkVeuQ0nvJ4czWwNn12VbN//OWgek6lkhg
+QUvZYUxTdrM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 62 F8 08 39 E8 97 3F B0 8D 36 4A 19 DE 99 43 64 EB 04 B5 9E 
+    friendlyName: Valid DN nameConstraints Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,92831EC9AD2839F8
+
+9v5IipANmjPzZwsN78OanfxHiuVhNS+BKezMNg1QevK72A7GZ9qRobCRJdUvIMFw
+SxrSYyPAILjf6DnzjXzqIwuogGtshZtzr60oTJmvIge/yUzrl4SyHq7lxuuYcgsV
+9N99XJnwCU7RLH5gI+3OuziNZrMWBh3yDTonutz1qReu6qQvuHqqBzFVTe8XiM5y
+aKucgj5sfPfNESUFW9vZetT18/6ZPrHK2gZlT6IUmAGsj0URIjLaoje5ExYDQ9xi
+WmlEZMR7cPvDS/EBHcvPQzC89XQWpCGHdVj0B6OioVb0YvR/0Z3WGP9jRdZ6mWo1
+A5p+BJkqZVymexXa+TsGrvGkT+deMsJD3CA8Am6a33Xn5AU4tXasl0i1Dg0EdZQP
+VV5trbDEmkfYsoLqQqnHcM00eSWEyY6yzqs8blJAkc8jgKKd9xCbm+mM30JnhCB/
+q38vZ6w1yYsQhR0ykePFupy3jJuKKOiiZAB5mKzeMMPtZF5O8X3DNellirfxWz6b
+nhAxY/U/1W25IdZ66pTa5YGzD5LcRrZQgNWBHM3Pi97ppl/hRSuUOD9szP5oZpIA
+c/OgkZqnfX3EPrgCcbwCn93O1b8I2AWEZThHx0pJYlHTaoRCsfhChNnsSDwLPR0Y
+pq/Dm/G3AD2kHhBUuSWrEm5lNZl/2x09UfFErgBA0KiJRFvSVBfDEbIJ6FycQkWi
+qUyM1IRQe+0pZzYpbRpERH92eA674k3bIESPRyl0X707vcV8JD+xq/tAKIV8w8sQ
+IKuAY0PdJunQwwnOKpUrAYN/xQXLDBGg4Rn/YdI3o/W3eQ0Az1smF/HYIYMbSzl8
+e1IlDuhNPuUezrsFxEkwx4BmOTsyPe8sHFDBflEMI0NgyCzQrsicTy50oO6uLNUd
+n+r1XgzH/7NE1B2vpa5bJAP/qRD1ajxGjmqOtCOiLCZuCgk2igvM8TM88CB0hQ6k
+JQ8eFNoITjF5iOeESWXRVJLTc7DuforJ2DVlQS9hWhs2brg+8ha/vR0lqdAKi3+c
+fcVR62PFm0V4Vc86bJt8xiRHhWqt6Q0C2TFN6TrFGam8XOXg2hDHFShloQUV1765
+ik0x4XEzL9iAFMCaCXEckgAiL2MVkSbzGR3IjMyneVj0Ulw2f7PngodhCkXqh0qD
+zdLmlAtfLVr+G4cK6lHrP4ghoJVrqINUs9zq2SsAeTOwu6JZXKWMTLMJciduXkmx
+N8px7dTdmepHJx9DY9BTsz8l3/YDTGFmGfknXmHfPg+doF8srMGnp/0WodtCZqhi
+3svfenkv9skrrwppA86AEugJkjy24VY2T362o+pSQtMVJPO2Ezrtgs35w/ANnkW4
+0U/8H5S+FtlszRWEuAOzSfQmzWMZJrAWDgxWFiI1OMdfhjpL5Jsl71LaP913EaZQ
+NqEK8UY6WdPR0bwvkT8zS9VRNqxmfhtgEv6Jme5ukkOOqsSTPwfyooRYPZls18Ty
+u0xmL64kqPLeYn2Ij2ITzFkulfZqgzfua7MYhUNGjoI3De7v8kQqTBcYmUQfMpD8
+OXb629RFrcUZW3QYD8brGgCB+o/T0Jyh4PKm1WX/XTyc/RmC8KXWa3W7GNJxeqPh
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5.pem
deleted file mode 100644
index 7f9a94cce7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5.pem
+++ /dev/null
@@ -1,115 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDKjCCApOgAwIBAgIBPzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtF5CubXL
-7jLiEaC4u7BvRC1Z977doXE+03Y8hW6dFiuPJTcVnlMN2mSck2x6VylflhI7XVIB
-PNiZZeRcEzbCJk3AmJL2NDh/20nxHhEr3jxWLmVeyLg1SXhD6WfJKwuvd61cnQkt
-xvFXQEmlzIxBohRZv/YwermH858cZ4wH/9ECAwEAAaOCASgwggEkMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBShfMTSexMLJgKOUfag
-rNt28dFirTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wgacGA1UdHgEB/wSBnDCBmaCBljBJpEcwRTELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFw
-ZXJtaXR0ZWRTdWJ0cmVlMTBJpEcwRTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0cmVlMjANBgkq
-hkiG9w0BAQUFAAOBgQAw7If++YRGfq6fz1Wm8RpFEbKLi3110GORteylvI+G75Hu
-d6luoo/n/arIfKwWChanGI39YZQ4zYhx00qVeQRbUUuLMjkx14XQVntKAG8sI+KE
-mWmt2cip5+XbIJonQDFQAnQWrhAGpw+ilvfv7v2f+9Q87cYLEoIOPHWstobcug==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN2 CA
------BEGIN CERTIFICATE-----
-MIIDOTCCAqKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB9MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3Ry
-YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAMMSbKt/wrsfhfsOqi60ijsWABK1LY20O0SAKCNKW2LuoK3iYZRMPRMT
-2Oym1z29akHaZ5ftLz/WGQ5JuabuVkg4Gx1xRloNkS0RQlIuRMJfLM2mzlXWH5ud
-oXHeHmwbUiYvWFbmwrx4xZbeSaePIYctisexGIa20LJ67Pd8t6OvAgMBAAGjgfsw
-gfgwHwYDVR0jBBgwFoAUoXzE0nsTCyYCjlH2oKzbdvHRYq0wHQYDVR0OBBYEFMRD
-3dYx5+B/4AavhJ+9quSyY66XMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwgYwGA1UdEQSBhDCBgaR/MH0xCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJl
-ZTIxNjA0BgNVBAMTLVZhbGlkIEROIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZp
-Y2F0ZSBUZXN0NTANBgkqhkiG9w0BAQUFAAOBgQCfVuaBKnayPluCi5d9KyF783Oi
-JpQn0SY2yAfXdRAH3cugsfzlo0rsjHyRPj+g5QW5yabg7uJbj11/tnQ/En7u56cj
-mnDBuLqUFrqkJY3Md+k/bCXomEjddbEGKjV8d54oD8ngld0Oy4+fBPQbNo1apc7K
-LqdooapvnR5Nm8qsWQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A1:7C:C4:D2:7B:13:0B:26:02:8E:51:F6:A0:AC:DB:76:F1:D1:62:AD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        61:8f:48:c3:1c:a7:3f:ae:b4:6b:c3:99:b1:72:4c:ea:6a:b7:
-        e7:93:fc:d6:ef:4b:64:a2:cd:a8:45:04:4c:b5:14:5b:60:24:
-        83:f1:36:22:75:b9:96:22:2f:48:86:bd:a9:8d:f5:9b:f0:bb:
-        c8:f4:70:13:6d:71:a3:8b:0c:a5:ea:5f:8f:42:45:b7:e0:4d:
-        ee:47:1a:39:53:3a:5a:61:3a:6b:8b:39:26:ca:38:f8:b5:c7:
-        8d:44:d3:47:7d:68:29:b9:4d:86:af:fc:26:11:da:02:07:63:
-        ff:9a:19:51:33:84:bc:a6:ee:f2:12:61:24:92:86:ae:73:41:
-        1f:b6
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFKF8xNJ7EwsmAo5R9qCs23bx0WKtMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAGGPSMMcpz+utGvDmbFyTOpqt+eT/NbvS2SizahFBEy1FFtgJIPxNiJ1
-uZYiL0iGvamN9Zvwu8j0cBNtcaOLDKXqX49CRbfgTe5HGjlTOlphOmuLOSbKOPi1
-x41E00d9aCm5TYav/CYR2gIHY/+aGVEzhLym7vISYSSShq5zQR+2
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5EE.pem
new file mode 100644
index 0000000000..e3faeae182
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: D8 C4 14 98 00 CA 37 5A 1D CB 67 24 B3 56 08 D3 F2 30 00 A3 
+    friendlyName: Valid DN nameConstraints Test5 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN2 CA
+-----BEGIN CERTIFICATE-----
+MIIEUTCCAzmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGCMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExNjA0BgNVBAMTLVZhbGlkIERO
+IG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAOd9JgS6UfldtaDuyQBCIZeoLkR28/31qIXr
+Idzjq7FP/alv4nz8AofmEYROX26zxgu2e69X0RSGWNKW2bOTuA6V4jgNBKKg3Znz
+DjAViJ/V6NgEr6xl/uCW+71awSuiI11C6WJJ9ggxYevrUPHyt4OTM927cvjfnQhV
+raL+iKpz2t9/UUyV7xtK8T2rEThTqEeqDeKafwD3gnprACqJpndUR/OgNoUMjdzL
+dD+I2AImKlb510UTH9le4E4budK5qjDX5bX1d9txnXKsOClrQ6h5N6MNMUuMEQBQ
+soetsXWs+xg2EyRSQbsvfiGqdEdrsrKbvQcNSg2R5QUklQp69C0CAwEAAaOCAQIw
+gf8wHwYDVR0jBBgwFoAUo1fZW10Rs2D2AGuJUSuCwwlzqHswHQYDVR0OBBYEFMnZ
+gJavUispfiyQDQtHWo0RKMMEMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
+CmCGSAFlAwIBMAEwgZMGA1UdEQSBizCBiKSBhTCBgjELMAkGA1UEBhMCVVMxHzAd
+BgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGjAYBgNVBAsTEXBlcm1pdHRl
+ZFN1YnRyZWUyMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUg
+Q2VydGlmaWNhdGUgVGVzdDUwDQYJKoZIhvcNAQELBQADggEBAH6QvBXFcVa5nqff
+tPENGZ85VSShfRVZrlseVsXlJEgRR7NEQIiXOQrjj729QVKuvp6ClImPTblzIr3B
+uNEylzfqp90bUCDReuVmQo8MXIviG8IuZFRkMYkrSH5XbUgk+MGyMjdp3Wi4WCdL
+79plNgv6YErDmbDxy2MBf0iHgFRMzcYy/irtmzOhfa4wCim0Ju9sQaPjk8a995QF
+sBhnijwIFrjkJDPiI+JV5EyTPRoE62rshD382LcPmAUvRp4QEbNBHEIh9XmREHeL
+AzWS1mu1Ge37FaR1VKmB6aB2RCpN4cmrDf3DF/Kdd5HZuDv5WdowZwqO9Q5r7juv
+MFes7mw=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D8 C4 14 98 00 CA 37 5A 1D CB 67 24 B3 56 08 D3 F2 30 00 A3 
+    friendlyName: Valid DN nameConstraints Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9E196184353CA008
+
+BfNhaU6gpGjaXTdAJonv19FcMgf7QkwfyoVo1y2TGA27U4lYBvRPJMH2XYQq0J7H
+gKlWTNUnQbB9lApHFJ3fucTxgNAVG1+J11vCTiexibvJ/f4HZ3UQUU1lUrAb0SHO
+3vTcxw3UqBih7amYCuvbuDmClmhvP/ogZGv5ecvNDuSb0IwbTtcTDOagpnvgzuIW
+JUM3FXohCBVCY7t/ap1QY4MGhINeRVy1BffMLCuRtPBQb4lYn5jsTMlI1DLzXOdC
+7jWBU4RsoeeOfPhrnVQCcb1nlJl13aN0to2pCw4FKXotQqpR/Ci0etZRnOoIOuth
+vCcIDCyOE0RHFhV4YKr99Xr+TLp870XI+YKk9WLTaImlYBvKPcGVAgZPA6Le0ODX
+oMsbgYCbStQHqc3lJieQvEw7tqo2UYaCgPNArnRroIKSF7+9BuTaNQVqE01DZewN
+QBBEQBaH56QK9gDNOfsSIXP5/imnsTbh4eosxCsvb1OIOh9O+lMxBVJQRplOXSPc
+pfP2ox8COH/ZTeRs6w0cnHFgwXfYtH0F6ZaCA50bqaE7SF4QX2PtnIGOj9MLV2dc
+Qk5WSnt3sjghSN3xFOMZKRnhs/mNc9Vyq7c1/nct0ij5mCLSIUxGf5bS3TDl3hPU
++75QawQ0ynBqdvgvk6wM7v4CnliO9GwQip1mHYLH2yWfIgcc6A0nyhlOCECrANzn
+DW7VlDz7iWucPtXslsV7QEOT4SYg+DJQJ7KDIfw7pRc7ZwfmgJ45Nrpq7t6TEpLJ
+jRa9QqxUmpskm9KOjflxL8s720G31KH4bpjgO6b55yMLvqtb8DWeGgRG/EjFf9xW
+Ir7huGANFgHcscEa/EWhvsFFmuBnNxK0rfMBI6AGix2YPN2T8CDi4oks2ctflmYQ
+KIlf0e3mj7axcFNGBEymzSa6bDMr/sUWK1eUsKvnB8ig7FFlo8WYhYaAGEwWXwvc
+ZTsyAz62czfv53rblY9tdXhRksanrK2d5UVcOCjnsQyWvLO0Y5dnXSlXWsECD6/W
+ORRlHVqgGL0uViQDyQ8aAfRBTW96s9WMKG1QgR+w7NGL/JjBCRpOeQgI3EC4KVaP
+Zh66pYBDGq5MUCF5Mnr377/7QIah7FmcjAvBF7WXw9fvAcaxJJcw6gLQbYcEes2z
+bshbwPHcjTE8GRpCUxDh64ukAr+r2wrRT+32QLKMKJelpO0hi+yOHXA4FAJ9okEq
+Y4LNa0XjV9rY1zrk3mnugKi9PP6HdX09UdeJmV6jNp3yB8OOQg8izL0/myqEVofI
+rwk7FySMefSjbg+VdoaHCSg5lLoIhvkgquitmk4UIUoEDRLq/HVtMB3Cg130kxzw
+SwuBqCyFm7cPhVv8i5W6SH112mBMRRx7pz5GlAEvzwWUaSut4MH+xYLprx1X50j0
+IGbY+LG3Al972tv6UbAQBpsEXKOtr+lo+sAKf58ELZYjxVp3d6pze69oTj2O1iYo
+Kj5h9fNVloyLC0MVErstkDFTt62dqFhtEx9MJIbf5CqIDkOg5ofGfIt6AqJkFI1j
+wAj4dpWgCzUPHxwyWV6+yjX3sXDXaPFIT/IAsRNctj3th2TVoPUbxQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6.pem
deleted file mode 100644
index 35f40caf4b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIICqDCCAhGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB9MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3Ry
-YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDYwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAOdvJDDcPZf9hCISpQZ3vrpBXxzoFe0eBH7NUTsfOWAh2OGCfOak1DHU
-NApws4o7QUiHWATX1FGzJj9d32W9sROF6qqFJl94jJDinNYS2QeEMZ/T1W7u3+eP
-HZjrIYArjSRN19lgg2VuU5WpIKOXas+cOOQlh/I61dFQjHqyf1W1AgMBAAGjazBp
-MB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBTohZvb
-MzEoZLMs7htkuG2eUNmvlzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
-hkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBABmQhcYL+rwYvVrnWH1LIbYHFhUX
-X0kvvS6SmK7Y+Ea7uDLmhDe5F1QKYmcURJt/Gwhz0xOFOsBCo3Ab4MSIScm00WvI
-3TIXXjLYF4LufXUGle7mdbWcT7SXfd0QVGWbTHDgbVc8SPHmQh3E4r2KVTacFry7
-nbzganMh05d7MTny
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6EE.pem
new file mode 100644
index 0000000000..e9952d353e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1D 74 75 94 8E 7A 83 E9 8A F7 73 F7 6F 4D 5A 87 33 DD 9F 04 
+    friendlyName: Valid DN nameConstraints Test6 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 CA
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGCMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExNjA0BgNVBAMTLVZhbGlkIERO
+IG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAM/4iyH3zhj0pIS2GVWhozQpxO7h0Rc0VYwm
+qBRe3BCR0+gLN6FyWhGksoCInhWVgjCp83tO/AV0egq6mtvYVy4/YnzNvPFuU4Ij
+E913+ZktncyEfaJYkjJ8fms83OH/Pah7DpSNVRlxQkvuq8losTpL9l5V7YqLFF+d
+JwHKyXmPFJpujAHtnoqCe3f/WwjyAXeI0M0/2b53eAzqJUmiJ6i+qyygNpPp/OAi
+vunB8NnmVAcshvzRrCWiXF+XChx80fHQclCf0QblOEW7l4pelieJd6BByYfz7Dnq
+Ji3Ep4ULtF5CSVcXyJhtB8tf4XiFAxVh/ifDW3L0SkfuGEwA6VkCAwEAAaNrMGkw
+HwYDVR0jBBgwFoAUBtxbvscSN1mkikB0fAmdRTxKodswHQYDVR0OBBYEFJWht0b2
+Dg93oRjljC30sI++d9gXMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBADApYud9pWALlHw0vcQGRTQvhNRM
+nonPTNJZa2dzI76tcsjPw0BwP08OIKv60ciSIsEQIU/lxUruRSixe7xrxktGygPk
+aaOdXnF/WQHhucPx6HKl7cs/c8zInJQKWSG3DYa3rRCtsNSo9A9J3cwY1mAhsh+S
+JbZHXu9hbFdFoLPaCHNQRod9aqpiAd0ra7SpzrQGSZMTRaWbQi1mHJ93ay/bBQI/
+1PqHZ71szX/EIM9TsHLCV1Q9oJN12xAbDI5VdhuCFdiIDRytGZYu0en48+CDZIGZ
+Bi2sSMaG3zmUU7w9fh0NuuL2YlV7C5p96QljGRtmOZh4qoBgOSbrsa3k9zc=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1D 74 75 94 8E 7A 83 E9 8A F7 73 F7 6F 4D 5A 87 33 DD 9F 04 
+    friendlyName: Valid DN nameConstraints Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,997AF21B8BE5B4BA
+
+8yfzhn+GIwBC4tJMwDYhhX3ZaBFBzNQHBs1brCMjJzSQ+4yycS+AH048DHIlsx/A
+uAIme7AS2SBrfkOzAPcHTaVqj4thcbzFKWi2n5/W+XbivtYYQUJfSBFLtp2yGybU
+eizSJrPJV1afxJePlgxOdjh4JukKWTbK8GyOkC1JLEPh/sG141Y30jlExF3T8b0A
+E75yfwwRSHbK5nDwew1HtgzZMoJaP/JM2GUwxSoDDgNVBTYb/MwGmPDeZVgW8FHo
+8f2+AJk4IaoFeO6wp3/PsdPfm1kzHOrsJzK2GP+xaA94E8jwH7J3rlU2LzihJ48L
+mT3BUFxBIBhul91NKpzPhGzqlna604+Syg422PFWk80s3KruXel1ErZ8B5a8ToY0
+A6xOpEcGycWeCi7kvB+iaxtwwyE3ZbAp1HLBM6eU1RhP3lO0/bxeDRnSimOq8+vd
+bzuPznTh9SsBNsYNFxiyXW9Qhw0hHxiu+GVu/fCbg3CNzTcaPiGmMuuIXjqiQ5C+
++RsRrtEqVJBHjiSC+5uTXksB6JpstWxPWiTfStbYb35A1px0VOoMLoEZQoPorbSN
+Z0Q5KqpNmPXIgufE0HYxEvjk51hGMM2bKOuxZiNqnPuG/sbgpkRQvzSQnz2Kem+T
+g0so6vMU4BN0PBsGol+Ktomsj2ZcdOxemF/JtRyQ/wWgnNFQ2ZBAQSCBYOUvXjn7
+rHfzV+csRPs1vXgTy97cveaHDzLm93PEq4exzPXLiXK4JCRDfMyq/uJ3l5ZgJjO3
+8lcqzjWsYaKlYLr7uo/XWwst+zV+EWbPbO+XwEMXS+fkSnBbLxNXnVyJhXDf1ri0
+3RsAVBFlgBdeutl3K/VzqgHHz3JG845m8Dql9hu+zLGrhVLpZgY0CPwE5RzmNubV
+VMiIUPQpCwJ3JdhvocTrzf3PGhlh+dawE8SWqVQqGb6PKGJKCzjO7oMcTujbmDgo
+RG1i7YzRoVBJZ+p/pqtwiIeOX7K5qSgvhmvmhv9DPh+7PATAhfuQgCylt+nBhZjz
+e3TpI5MA6L1OcNQBayn6cgLzRDBcfrzGJ8ya6NaScZIUBazhGW62eCfmPcoUFN7W
+LqY2pIuqSXkdRY5HshGqiE/T1IVskwSLvdc80t190odSERZ+tg3DzhGGgYFysNp0
+URKBHKKeKOWJ7U/JPEYdfjmXwAsVPii1qpYOoQuwM8T6F4IhWfBvt7n77bc/sMEB
+m4Ax65kfJd5e3EIGRlOaPW3J764i78x25jqTHihXgSb/UoUOAoKYEifyB6aMeEb2
+0rYIC+NQ4oGzYXI/EuasyyPIrzGtcorlVFf66fDr6hc4bNlZZ7ZeKCXGVgXHXhOp
+S8snWNMeqiTXFvlE62sH3viS1DQvV4khKKeUlhjBms4/hQt4rlk/uCo2e4p6TWFP
+FFUg8ziw7kUlPf4p4n+evZuMEIROKudtvXQVsRsCWXsAo7zj40Gg47XkvDhsvINs
+T7adLxpEeKbZ5xjcvvjENWTei3vYHgEACfJ/1dayvdEaCJp+6273iipuiXDeCVNU
+yIutyGiKOGk+Qg+8hAfpcQFU7uaEI5cAesvPzOd3sbx9lxlyPu6dOw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5.pem
deleted file mode 100644
index 7b1c148861..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5.pem
+++ /dev/null
@@ -1,141 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid DSA Parameter Inheritance EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=DSA Parameters Inherited CA
------BEGIN CERTIFICATE-----
-MIICMjCCAfGgAwIBAgIBATAJBgcqhkjOOAQDME8xCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbRFNBIFBhcmFtZXRlcnMg
-SW5oZXJpdGVkIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowaDEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMT0wOwYDVQQD
-EzRWYWxpZCBEU0EgUGFyYW1ldGVyIEluaGVyaXRhbmNlIEVFIENlcnRpZmljYXRl
-IFRlc3Q1MIGTMAkGByqGSM44BAEDgYUAAoGBAM6LNthcREHH6pqw2JQ5RbNJtGxm
-vdadsOuJvn5b0NszIYMbSpJq13bSo8hLx5uVfEvkGdc0BpoYHdax/d+0xQcq1G2b
-yKxnK+bYJbJhXuvvfEtQJXVoNRneAuD+UX5sAKja0T80w8kTA1/2K0vJMVwExuZb
-OPhYbliV11/6bvxPo2swaTAdBgNVHQ4EFgQUAHhCMlJkgBTrJroWKe1llb8qHx8w
-HwYDVR0jBBgwFoAUXSTuilUa8sbJssK/ivCySU86sxswFwYDVR0gBBAwDjAMBgpg
-hkgBZQMCATABMA4GA1UdDwEB/wQEAwIGwDAJBgcqhkjOOAQDAzAAMC0CFA18iKub
-KQypNt8MvheJ9svsobpgAhUAzoneZ6mJuBahNft2JyeO/YD0xes=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=DSA CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDhjCCAu+gAwIBAgICB9EwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxUcnVzdCBBbmNo
-b3IwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA6MQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBkRTQSBDQTCC
-AbcwggEsBgcqhkjOOAQBMIIBHwKBgQDf5RE+2um2bhDW6p3inTqwR71EAMdWyMxu
-0DOEVkc1PfZUyOPCrbu6dfMvMwym+THsZ+PlmW38KW6qV4hyNOKOAJDgo6xkjsD2
-PB2PtMhKSDBef6qcdiYL2xNzM4OXwMWz5jf1Pv8VDdShLrox+KuH2AvMd5hCbqyT
-mMK9Lns0CwIVAM8GBNj/i+sA6fZcB5Zz/ZZlOi8HAoGBAMzhfLDOkl9j7Di7RLrd
-kjS2Xr5le9hxdwSd7GZ8OwTOtvNS/g+SVQLvThKrXZouL25W83Dsau2bIrioE8sM
-nBbqwQqOISZEpQz5oOxi4HAxzGj1C4WkShtuefTB+TZaOG9O74RT32f9zPdZYo+c
-nM0Qj1ykD5y3B+xg876vfjmYA4GEAAKBgBHyudi+QivFhL6RAhz8jDJyi6hsIdeI
-ihS6MGV1wBw9gmllp6yQehQdhXvlU8Jg/LHPZ6/B8i4IMmo4x5FOO7w8CdD5cW0I
-3ydJjQV02L1G0NtRpVO6h/P6XSWDT38KdeWp44mnQXdjQF8rLITSwXF4CttrVxnh
-5xQMnsT2MjkOo3wwejAdBgNVHQ4EFgQUdBXVJBy9XmWIH+GLCX5/6hlITmEwHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
-DQEBBQUAA4GBADo7ch93LLrc7PUdW0XOP3+kP+Sywfqf2ApcmOLufmM60siw4rzA
-1ssoITB2Rs3TPQKBiJzMdFKrq8tQ+8TcpXJ9M4SVfbAFB0P0vB4UC2Eg6iSnVJbB
-tsZFj12gpqv5Gawo3yUTw34h3opDGSX1pz6eZUIZBFKpAX5gyIpiEBI2
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=DSA Parameters Inherited CA
-issuer=/C=US/O=Test Certificates/CN=DSA CA
------BEGIN CERTIFICATE-----
-MIICFDCCAdOgAwIBAgIBAjAJBgcqhkjOOAQDMDoxCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEPMA0GA1UEAxMGRFNBIENBMB4XDTAxMDQx
-OTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTzELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMSQwIgYDVQQDExtEU0EgUGFyYW1ldGVycyBJbmhl
-cml0ZWQgQ0EwgZIwCQYHKoZIzjgEAQOBhAACgYBnjEfaDDaBZDn4GjcL8LvUE/1n
-PUDInJLhOolUsPKXpXDQZBekp3yp6ScJZd+gpRz8BNo+3WJr8AztgVdPXSnICFkZ
-DF+NiPD/jLbodQG+EApk31d7i2xW8FPOQ4i5CZkIPJCvAejZMl3tVgLPYNIBOuMK
-K56RQfbHfN5smWMADqN8MHowHQYDVR0OBBYEFF0k7opVGvLGybLCv4rwsklPOrMb
-MB8GA1UdIwQYMBaAFHQV1SQcvV5liB/hiwl+f+oZSE5hMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAJBgcq
-hkjOOAQDAzAAMC0CFQCoWW8xd7Yg7Dab60thCq9E7XK6KQIUbSLhvU0n9i47H9ed
-1lleyyWGItg=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c7:32:ea:21:ff:7d:01:d4:f3:d9:c5:a9:ea:04:35:21:81:d2:
-        13:f2:35:d3:e4:53:c5:03:93:de:a1:2d:25:56:64:bc:52:20:
-        81:53:69:6a:a6:90:26:38:bd:ed:31:7f:a9:7b:c1:e8:a9:e5:
-        07:97:82:bb:3e:8a:f9:79:ec:2e:bd:16:4c:31:6b:b6:80:ca:
-        ba:ba:0c:35:0a:d6:08:3c:31:78:fe:d3:3d:06:69:6c:3a:e4:
-        07:4d:6e:84:21:d3:c3:90:60:8f:99:90:62:a9:16:38:25:2f:
-        7e:08:5f:2f:cc:59:d7:7d:9b:2f:d8:0b:e7:70:d9:64:f7:01:
-        38:8d
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU+2zULYGe
-yid6ng2wPOqavIf/SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAxzLq
-If99AdTz2cWp6gQ1IYHSE/I10+RTxQOT3qEtJVZkvFIggVNpaqaQJji97TF/qXvB
-6KnlB5eCuz6K+XnsLr0WTDFrtoDKuroMNQrWCDwxeP7TPQZpbDrkB01uhCHTw5Bg
-j5mQYqkWOCUvfghfL8xZ132bL9gL53DZZPcBOI0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: dsaWithSHA1
-        Issuer: /C=US/O=Test Certificates/CN=DSA CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:74:15:D5:24:1C:BD:5E:65:88:1F:E1:8B:09:7E:7F:EA:19:48:4E:61
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: dsaWithSHA1
-        30:2c:02:14:46:20:d2:4b:f9:cd:91:09:e9:71:6a:bf:d2:3e:
-        88:5d:d0:47:ee:aa:02:14:25:ae:d3:6a:ca:3f:a4:54:41:d9:
-        a3:57:74:b3:48:ab:c5:9f:01:f9
------BEGIN X509 CRL-----
-MIHYMIGZAgEBMAkGByqGSM44BAMwOjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMQ8wDQYDVQQDEwZEU0EgQ0EXDTAxMDQxOTE0NTcyMFoX
-DTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHQV1SQcvV5liB/hiwl+f+oZ
-SE5hMAoGA1UdFAQDAgEBMAkGByqGSM44BAMDLwAwLAIURiDSS/nNkQnpcWq/0j6I
-XdBH7qoCFCWu02rKP6RUQdmjV3SzSKvFnwH5
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: dsaWithSHA1
-        Issuer: /C=US/O=Test Certificates/CN=DSA Parameters Inherited CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5D:24:EE:8A:55:1A:F2:C6:C9:B2:C2:BF:8A:F0:B2:49:4F:3A:B3:1B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: dsaWithSHA1
-        30:2d:02:15:00:89:33:c4:9a:67:b6:d1:05:d2:fa:c6:db:09:
-        a9:f0:01:9c:cb:db:00:02:14:5a:f9:93:bc:2c:9d:fb:be:01:
-        4b:f1:a2:fb:1d:93:dc:98:05:f4:ab
------BEGIN X509 CRL-----
-MIHuMIGuAgEBMAkGByqGSM44BAMwTzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMSQwIgYDVQQDExtEU0EgUGFyYW1ldGVycyBJbmhlcml0
-ZWQgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFF0k7opVGvLGybLCv4rwsklPOrMbMAoGA1UdFAQDAgEBMAkGByqGSM44BAMD
-MAAwLQIVAIkzxJpnttEF0vrG2wmp8AGcy9sAAhRa+ZO8LJ37vgFL8aL7HZPcmAX0
-qw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5EE.pem
new file mode 100644
index 0000000000..7e17e1dc6b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5EE.pem
@@ -0,0 +1,38 @@
+Bag Attributes
+    localKeyID: 59 F0 D4 26 E2 38 A1 F6 C1 D0 71 F1 06 FD 5C C9 1E 16 E9 6D 
+    friendlyName: Valid DSA Parameter Inheritance Test 5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid DSA Parameter Inheritance EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=DSA Parameters Inherited CA
+-----BEGIN CERTIFICATE-----
+MIICOjCCAfqgAwIBAgIBATAJBgcqhkjOOAQDMFQxCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSQwIgYDVQQDExtEU0EgUGFyYW1l
+dGVycyBJbmhlcml0ZWQgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBtMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE9MDsGA1UEAxM0VmFsaWQgRFNBIFBhcmFtZXRlciBJbmhlcml0YW5jZSBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0NTCBkjAJBgcqhkjOOAQBA4GEAAKBgGePd1BDyXeRQ1yb
+OLiczxes0cd6mp1vxtg8Pjtuw/VNgx6/q6dq15cXOXf+I1KDj5KpTr8RU5EqJzzs
+24Rkhd0YIpKnlS+r9YlUbGUqiYgFGxcZIFPWeXtd/HDUo6EtwM/4CKMJIoCj+RIP
+85dMZNOqY3m3VXmUrihAfGMSJ1zYo2swaTAfBgNVHSMEGDAWgBRlgZ9wOoyt9kMd
+yOePVY7oS9uH4jAdBgNVHQ4EFgQUBm+vcNPtCiTeORO8G9ZsstjM7x8wFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMA4GA1UdDwEB/wQEAwIGwDAJBgcqhkjOOAQDAy8A
+MCwCFF8V1SAET1xFJmUxuSyCcxKWdg1nAhRLvW4OnD/rkm/0u8mAPbkq84+rpg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 59 F0 D4 26 E2 38 A1 F6 C1 D0 71 F1 06 FD 5C C9 1E 16 E9 6D 
+    friendlyName: Valid DSA Parameter Inheritance Test 5 EE
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A1A1A940AE90B3FA
+
+X9H/rdRkmXxSAG8Jna6Ip4pqa2PUCyiEbMJU7exzzJ6tx/zP4zU7se6HLZE10YbF
+D+R/mIapOCVSaf1NkZ0xc3Oki2W2E/zQ6S2uX7scHQkBanuBqkjwjY+vDZAvdOmd
+FVsbb55ezxMendKK8Udrd3K5EibzReRbwSl4lLwwGZQzwRLv3LJBWC0m55s2D3QZ
+2wzpJI8WgCMXd9sJY6+453HT/NSUmoWYACIqhJhXxkNxWFmSuoh9IlqoKUkDtw52
+bf1gF2itR8YJ5Fbjg4u7PjVRbkLjCU0BXjAB2G0WasnJr9To6bwSCsGSfGLRTaBd
+XH1uS31MgymzgO5ftqLNiCPy3bxFa5H7LK/ETAlqfnDVC/w0Za3pI9ZGGeR4AIx4
+PXbvrVBrcadyfU/MuHSJzA8b9dWN2bOn9nogf+cMewQWBXnF7Znh3re1o+ElpF7L
+E8h+YgVzMlJVLrFR0HL+1Vs/ch0FrsYW0Y9v0/2VSUnOLL8omoZZrvEOZ7Q/MZj6
+b1cQoEuoEu3rQss8fHsKgSdNG5JeqRngTFnV5zCTqIn0Dyl/bkje4s3ryQ/sMyDI
+6wMdTVMTocYvdldlnRdGNw==
+-----END DSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4.pem
deleted file mode 100644
index 6482e31df3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4.pem
+++ /dev/null
@@ -1,104 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid DSA Signatures EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=DSA CA
------BEGIN CERTIFICATE-----
-MIIDNjCCAvWgAwIBAgIBATAJBgcqhkjOOAQDMDoxCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEPMA0GA1UEAxMGRFNBIENBMB4XDTAxMDQx
-OTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXTELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMTIwMAYDVQQDEylWYWxpZCBEU0EgU2lnbmF0dXJl
-cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQDk
-i69AjBXXPXzuA5YSaMEgBegXyp50ZUuaVJcqeDPapcVy6jSzlGhC1Rv9d/CoQp5k
-k5C2wgIxRhN6A2nMmC1WnV4jXyi/rX8P0GmVYlwaBypejHNJfv0SIo5V5VbprnIp
-locIJ9d3Q/CGuAkKGxSl5gPmRXlN6fpTX8EJvX7FwwIVAIA/5PzzTOU+yw8XCipU
-bNBnbA07AoGAZtQWiiCt/tEyn6V/p7PQ6nc/62yi5CnY2Lwh3Zr3zOW0d03f7Nqi
-jJx1Elof/mbTEcLvhEPsqYhuTLpMPzWWx2f8mb0PmSkTkU7YAq7+a69QVqovHrUq
-yO4iRyV4ayHdFD/O8BCB95YdnEG7XkSSXS7GHrjNaciPPzs+0E+iztkDgYQAAoGA
-D1MorDgvPfMRYUHDPafWevf2ATLTIXEQFNXDPk3rGaKMr54IPUEK/8yiR4J6VqGj
-/eyyi7c5tcqgGYWCm5ZoqLtrupCk4a1ltkQx0h4iL1NBT/qc+C/oLEMkFn4r2GT3
-ZPrweUgduQJtkDbM6zYP8jmrfSfs90dv3TPEfk3uJFejazBpMB0GA1UdDgQWBBSz
-M9dRogQNRPudQPESYnGwU/ZpDTAfBgNVHSMEGDAWgBR0FdUkHL1eZYgf4YsJfn/q
-GUhOYTAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDgYDVR0PAQH/BAQDAgbAMAkG
-ByqGSM44BAMDMAAwLQIVAIynyNKZ1ECb+SGSaPMnJglzolkYAhRM/h+AuzCA19hw
-xk52oNmdtPZA6g==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=DSA CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDhjCCAu+gAwIBAgICB9EwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxUcnVzdCBBbmNo
-b3IwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA6MQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBkRTQSBDQTCC
-AbcwggEsBgcqhkjOOAQBMIIBHwKBgQDf5RE+2um2bhDW6p3inTqwR71EAMdWyMxu
-0DOEVkc1PfZUyOPCrbu6dfMvMwym+THsZ+PlmW38KW6qV4hyNOKOAJDgo6xkjsD2
-PB2PtMhKSDBef6qcdiYL2xNzM4OXwMWz5jf1Pv8VDdShLrox+KuH2AvMd5hCbqyT
-mMK9Lns0CwIVAM8GBNj/i+sA6fZcB5Zz/ZZlOi8HAoGBAMzhfLDOkl9j7Di7RLrd
-kjS2Xr5le9hxdwSd7GZ8OwTOtvNS/g+SVQLvThKrXZouL25W83Dsau2bIrioE8sM
-nBbqwQqOISZEpQz5oOxi4HAxzGj1C4WkShtuefTB+TZaOG9O74RT32f9zPdZYo+c
-nM0Qj1ykD5y3B+xg876vfjmYA4GEAAKBgBHyudi+QivFhL6RAhz8jDJyi6hsIdeI
-ihS6MGV1wBw9gmllp6yQehQdhXvlU8Jg/LHPZ6/B8i4IMmo4x5FOO7w8CdD5cW0I
-3ydJjQV02L1G0NtRpVO6h/P6XSWDT38KdeWp44mnQXdjQF8rLITSwXF4CttrVxnh
-5xQMnsT2MjkOo3wwejAdBgNVHQ4EFgQUdBXVJBy9XmWIH+GLCX5/6hlITmEwHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
-DQEBBQUAA4GBADo7ch93LLrc7PUdW0XOP3+kP+Sywfqf2ApcmOLufmM60siw4rzA
-1ssoITB2Rs3TPQKBiJzMdFKrq8tQ+8TcpXJ9M4SVfbAFB0P0vB4UC2Eg6iSnVJbB
-tsZFj12gpqv5Gawo3yUTw34h3opDGSX1pz6eZUIZBFKpAX5gyIpiEBI2
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c7:32:ea:21:ff:7d:01:d4:f3:d9:c5:a9:ea:04:35:21:81:d2:
-        13:f2:35:d3:e4:53:c5:03:93:de:a1:2d:25:56:64:bc:52:20:
-        81:53:69:6a:a6:90:26:38:bd:ed:31:7f:a9:7b:c1:e8:a9:e5:
-        07:97:82:bb:3e:8a:f9:79:ec:2e:bd:16:4c:31:6b:b6:80:ca:
-        ba:ba:0c:35:0a:d6:08:3c:31:78:fe:d3:3d:06:69:6c:3a:e4:
-        07:4d:6e:84:21:d3:c3:90:60:8f:99:90:62:a9:16:38:25:2f:
-        7e:08:5f:2f:cc:59:d7:7d:9b:2f:d8:0b:e7:70:d9:64:f7:01:
-        38:8d
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU+2zULYGe
-yid6ng2wPOqavIf/SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAxzLq
-If99AdTz2cWp6gQ1IYHSE/I10+RTxQOT3qEtJVZkvFIggVNpaqaQJji97TF/qXvB
-6KnlB5eCuz6K+XnsLr0WTDFrtoDKuroMNQrWCDwxeP7TPQZpbDrkB01uhCHTw5Bg
-j5mQYqkWOCUvfghfL8xZ132bL9gL53DZZPcBOI0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: dsaWithSHA1
-        Issuer: /C=US/O=Test Certificates/CN=DSA CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:74:15:D5:24:1C:BD:5E:65:88:1F:E1:8B:09:7E:7F:EA:19:48:4E:61
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: dsaWithSHA1
-        30:2c:02:14:46:20:d2:4b:f9:cd:91:09:e9:71:6a:bf:d2:3e:
-        88:5d:d0:47:ee:aa:02:14:25:ae:d3:6a:ca:3f:a4:54:41:d9:
-        a3:57:74:b3:48:ab:c5:9f:01:f9
------BEGIN X509 CRL-----
-MIHYMIGZAgEBMAkGByqGSM44BAMwOjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMQ8wDQYDVQQDEwZEU0EgQ0EXDTAxMDQxOTE0NTcyMFoX
-DTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHQV1SQcvV5liB/hiwl+f+oZ
-SE5hMAoGA1UdFAQDAgEBMAkGByqGSM44BAMDLwAwLAIURiDSS/nNkQnpcWq/0j6I
-XdBH7qoCFCWu02rKP6RUQdmjV3SzSKvFnwH5
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4EE.pem
new file mode 100644
index 0000000000..2041c76807
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4EE.pem
@@ -0,0 +1,44 @@
+Bag Attributes
+    localKeyID: 65 80 CC 44 81 EE 42 CA 16 B2 6D 68 60 CE 80 83 F0 2D 6B DC 
+    friendlyName: Valid DSA Signatures Test 4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid DSA Signatures EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=DSA CA
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAv+gAwIBAgIBATAJBgcqhkjOOAQDMD8xCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMQ8wDQYDVQQDEwZEU0EgQ0EwHhcN
+MTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBiMQswCQYDVQQGEwJVUzEfMB0G
+A1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEyMDAGA1UEAxMpVmFsaWQgRFNB
+IFNpZ25hdHVyZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggG2MIIBKwYHKoZIzjgE
+ATCCAR4CgYEA5IuvQIwV1z187gOWEmjBIAXoF8qedGVLmlSXKngz2qXFcuo0s5Ro
+QtUb/XfwqEKeZJOQtsICMUYTegNpzJgtVp1eI18ov61/D9BplWJcGgcqXoxzSX79
+EiKOVeVW6a5yKZaHCCfXd0PwhrgJChsUpeYD5kV5Ten6U1/BCb1+xcMCFQCAP+T8
+80zlPssPFwoqVGzQZ2wNOwKBgGbUFoogrf7RMp+lf6ez0Op3P+tsouQp2Ni8Id2a
+98zltHdN3+zaooycdRJaH/5m0xHC74RD7KmIbky6TD81lsdn/Jm9D5kpE5FO2AKu
+/muvUFaqLx61KsjuIkcleGsh3RQ/zvAQgfeWHZxBu15Ekl0uxh64zWnIjz87PtBP
+os7ZA4GEAAKBgCwUuJ3sGoI0YbdjbhY97S8mJRwXyMJzPtX4GILw0J0vhFlgB1IQ
+RlMdNahTZDjWGvBNMV6VscdMD+PlfG1ZVyGwwc9qvny5X8RfYRb0AsmvSN6o3brj
+n5gFsnsHcRxE0fhzbHdbZFPImAVMjTaAIkKXfjIaUaiICOr3qqyhH2yBo2swaTAf
+BgNVHSMEGDAWgBSPkMaMdOh7DMhZx308W1RZYCULsTAdBgNVHQ4EFgQUnHvCTw9Y
+g/WGXCrgdm2oTR/cEDYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA4GA1UdDwEB
+/wQEAwIGwDAJBgcqhkjOOAQDAy8AMCwCFHm10vtlAd/b1cB5Yi/UsmQ8BtYEAhRL
+hwx1Txi7lIfyun0bpsh8km3ohA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 65 80 CC 44 81 EE 42 CA 16 B2 6D 68 60 CE 80 83 F0 2D 6B DC 
+    friendlyName: Valid DSA Signatures Test 4 EE
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,08DE82DDFA93E00B
+
+0fvn08EoMjSFM7RzWoIpU3wJRuMFftIvR7XSeytjH7LVbK5GJviWr1+V8LkgD28s
+tdSNeKVXUN+RwVNv48Ul/60hzarASPQNXvtVz7GFDUwBlm4LkywmJhvKlu0mnmxh
+d17JQ49ypkQrshQPp5k/bDLijhLQ5mY2i/a200g1qtsq7H6qcl5dcCAtQw2/Ei+v
+cYoZFCnF3MHExaq3l0BTEHJ33Z+rjSHjUXq3u4Ivx1qESK48nUMhQt/z6vxgyvvf
+y34qU2b8iytemifLlVP7N9ZUFCZMlQwKRdDKHAPlSAptG8KEsuxG+NFtM0GyugqR
+SoAEpq24sHT+xSk5nKT7UskJ6FYKwliWOf4U30eKKz+Yq0mswstJd3A4VE1a3acK
+kwPHztRlKlhhjcGlmUgB4oGERCOegc/ZklF2NgLAc1jJQCpPQg3N7m3kMJ3VsGS9
+8/In9c2VKT+9+BEKcrR3pQCb/2TTAg6rKvCCCo4MpcTa/Xek8IPCbH6K8tsWkVnz
+t19y7EDrqOjNFqksum5r/W1zn+zOfGpSN6Fb6lK4jY5E9RzkkpHz0foCj54VWDfg
+yUH7H70BtvKPW5KZ1mrtNw==
+-----END DSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13.pem
deleted file mode 100644
index f15bd0771a..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=GenerizedTime CRL nextUpdate CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIChTCCAe6gAwIBAgIBEDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEoMCYGA1UEAxMfR2VuZXJpemVk
-VGltZSBDUkwgbmV4dFVwZGF0ZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEA0XVL58x4St3rim3S8J3rxCFsMxohlbSezZsM8cVML4M8JqBA2RCpciqMXQ39
-ySW9Va2Mca/dkW/VCXATp9lG6hGPI9uvz5t42IPrYc/CdCMWnMZYPxolMOUJd8rD
-fRjX+PnPtbMonefHo0LclKZkSs5hLEty2zpam33MNLS4L+0CAwEAAaN8MHowHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFBSGFC5gYrSk
-iBLjiqt4F6Lu0TAaMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFl
-AwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAPS84jJFDI
-dH5hR/XPr96LgBMhK72+PiP/6pgrKYilpao6qSJAf9vIsaWuebDcHUWFO3HcaIwl
-Ku+ejli9fwEZmMcK1l4pj5vf5y4/wYBkWTvnpT65JUGdmuFic0n4c1jEPTkRZPl0
-FVsLl9iYRwWLJH9pq9gaOLZboV3w/HplDg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid GeneralizedTime CRL nextUpdate EE Certificate Test13
-issuer=/C=US/O=Test Certificates/CN=GenerizedTime CRL nextUpdate CA
------BEGIN CERTIFICATE-----
-MIICojCCAgugAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH0dlbmVyaXplZFRp
-bWUgQ1JMIG5leHRVcGRhdGUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBuMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-QzBBBgNVBAMTOlZhbGlkIEdlbmVyYWxpemVkVGltZSBDUkwgbmV4dFVwZGF0ZSBF
-RSBDZXJ0aWZpY2F0ZSBUZXN0MTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AJ/BW+Rh38aEJHLhyF2rFsHXLa//8UzBuAOpoiJSzFc4gk4FZMbUeMNc7JEG8d3C
-1iCI6ksf+VPWuZsGVLU8GB1Y01lFSaXPp5jmmDeILhOIhmh7/xGJOC0bftMHU2Ub
-STCDgX+yxmVEzoPNpyWc+NIOUxF4dGZcIVeFKPB6cYQlAgMBAAGjazBpMB8GA1Ud
-IwQYMBaAFBSGFC5gYrSkiBLjiqt4F6Lu0TAaMB0GA1UdDgQWBBRAXKg9gLMI1s2l
-71T3v0X4NAK8LzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA0GCSqGSIb3DQEBBQUAA4GBAJODcolMrKSSYYUM8i0NqwfexPIPQ6X+U/WU
-fh7Q4VMoPii7s2hU2MHjdWM/80GnDbNLmNqWBWqymgR+lkYvyvcMSsXr7SC7ZN7T
-PKpw3Hi2bnOFDJDKA/MGWsX+cehwuRKlxmwep3r23H0ctmF6bYpcVusN6NYXVHzt
-jU0bM66N
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=GenerizedTime CRL nextUpdate CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Jan  1 12:01:00 2050 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:14:86:14:2E:60:62:B4:A4:88:12:E3:8A:AB:78:17:A2:EE:D1:30:1A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        ca:4b:74:4e:30:1a:c3:6c:07:22:c9:4e:5b:2a:a1:2b:9c:7a:
-        82:20:53:df:a4:45:75:15:ab:eb:5a:c2:e8:f2:bf:57:f7:d0:
-        2e:b1:cc:10:56:0c:be:b2:15:72:e3:b4:c8:0f:90:fd:ce:57:
-        9c:1d:b6:cb:dc:4d:80:64:ae:49:4f:05:d8:96:1b:a7:ab:aa:
-        22:61:65:57:63:1b:7f:9c:81:f1:e5:cf:06:b1:6c:00:a1:36:
-        28:26:97:2f:ef:74:37:e1:89:7e:0f:c8:ec:df:ac:91:f2:e3:
-        f5:01:a5:27:87:dd:29:b9:35:d5:e1:99:91:a5:07:31:24:80:
-        0c:7d
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH0dlbmVyaXplZFRpbWUgQ1JM
-IG5leHRVcGRhdGUgQ0EXDTAxMDQxOTE0NTcyMFoYDzIwNTAwMTAxMTIwMTAwWqAv
-MC0wHwYDVR0jBBgwFoAUFIYULmBitKSIEuOKq3gXou7RMBowCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEAykt0TjAaw2wHIslOWyqhK5x6giBT36RFdRWr61rC
-6PK/V/fQLrHMEFYMvrIVcuO0yA+Q/c5XnB22y9xNgGSuSU8F2JYbp6uqImFlV2Mb
-f5yB8eXPBrFsAKE2KCaXL+90N+GJfg/I7N+skfLj9QGlJ4fdKbk11eGZkaUHMSSA
-DH0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13EE.pem
new file mode 100644
index 0000000000..921fc43d58
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F1 27 41 23 90 1D CF C0 11 84 D1 9D 51 63 3E FC FB 96 12 01 
+    friendlyName: Valid GeneralizedTime CRL nextUpdate Test13 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid GeneralizedTime CRL nextUpdate EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/CN=GenerizedTime CRL nextUpdate CA
+-----BEGIN CERTIFICATE-----
+MIIDsTCCApmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfR2VuZXJp
+emVkVGltZSBDUkwgbmV4dFVwZGF0ZSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMHMxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMUMwQQYDVQQDEzpWYWxpZCBHZW5lcmFsaXplZFRpbWUgQ1JMIG5l
+eHRVcGRhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDEzMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAud22oPPBDzylInEUq9CguXvnLa25adaw9FxosWhpznk+
+e4A8PL4ObpbKZ3BD4Rgw7l0ptJ9+EXx5JuJNkjjrqjhq92E0APwXSFl+ZBLLPfsC
++yPJoxRQ4NjiCNHrFl7ljDSPPKllzSJxIE0dUXpan546511kuDp5VYiLb3aJUFiZ
+qLh/1uTYqWCZ287zkgcG6rXllTbbBrhOoUhoIt7BCudz8kKr361aJ6CRpgHN/Vq8
+T5xW39XAAifUCiql6gcR/iGLekoP6Ea5xWlCejwA+a6k88boXm22LAx7QWiFUe1e
+zLHZ5Yh4rXtBamDYxOdAk1GYwYAnjBybuGWBxADWXwIDAQABo2swaTAfBgNVHSME
+GDAWgBR+KnXvDDbHS+cg2X9hSEeOEoMaLDAdBgNVHQ4EFgQU4997s71PDhzkuPqx
+jV3e2akJIdAwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+ATANBgkqhkiG9w0BAQsFAAOCAQEAOaHsLRHQVH5gJ+hxdHvna+IUoWjEE2F5MQbT
+bM998cWDHqN/OAggEpYV+Lihrz3l2zZ3efue0woBgBfcjr6LkPpLLR4jqn3cPtQV
+t9BgXO6fLFntkCvvnTDDFRbXRboCpivS+nS7J74tabTtbcxVjTnnRky9HQrgopz3
+hz+oGR7rFnB6fB1D/ic9BWKtwx+BODB0eK7WmUK7pLtQJaz/wimIhs8kD0X6AB9g
+XWVlBsXFMemvFglNQvtfH1uPPzQk6cZ/JDp+LvLWAMP6HK3ZVdvaAVU95DRm6gK8
+PoyWsA4vasObByzNgCtKQSxULkxjjRnbZRN5j0uRN3mjJ1fKEQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F1 27 41 23 90 1D CF C0 11 84 D1 9D 51 63 3E FC FB 96 12 01 
+    friendlyName: Valid GeneralizedTime CRL nextUpdate Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E6118688A1731D88
+
+Dd1EFLgiRKRMZTUclex4I2UHdo3uVBIINpHRPA9+uia/saAEb5j3PpvBxOKlbI9A
+akzemvAU2AQWIrMVw5+kIiSHtj/JLwEmXU3Hxn352sxA8hBHSfbO1RDV3+iXpHBy
+DXePvEo5DloF0z81dxB579mGhhlZm1jh1ILrOxJa4rLRCXbQDBbautETrp0kkVZ7
+uAzEG9PQGH/5y1mdgkcJ7g5s7Hjtj1aFbSJIY4wdBmXzps9RHHgG7is+AKPHDNA2
+hr0P1RYC4XPyRpd3Q6hXaxgS9T/UfZ11epoa81XeRwlc7JHshZw+BMeQA8sJkVZK
+tduaOOa3OpeSxfKeBEbFBRylPgP5SkmteWMmvbDsVBhgLqhDRi9M7L9e4Ty8en1L
+q6T+ffPOsESh7wEO1cHUIDT7alY/zWuqy4uKmSUOEGWjtEOUSRtDuIdZz1uy7xjz
+/iuLLZfoZg/iJCZo8Gvlw4MZwDRn7up4yi4crc5DTxlA6rF0t3GMrxdw5ofVcYhk
+tviu6dbBTAOMyMEKpUKxt6BVUzX24vqO9XuFNFD47sNz1zV4n9eleeC5xSdPpgBE
+jEDZdo17vUHg9kDzNn5mxEFWSBXk20dJCCFIgQbCubZFWj+CqYbaTCDNzBeCr0/4
+DuQqipAn0qat1PqZ9JkgaicK+i4tF9KxmOpWEOL1eWGKbSO/mmOWjjP5+8/OOQta
+jfEVNLmaeY8rdrftcTnOBBA09aP7dMX0habd73Pvhw9SGim5j5waSkLVR2G8pz51
+I0X0zHwGY/rq25EmDgqhwMTIbkrFGlruuweCXrsHAC8ZvFmD5ESplZ1fZri26ICj
+ZEkHuN1HSU/uhZ7Ln9u0cJs1htegtu3QFszdoyFKH9HRIDfZc+ia25drom+uDFgA
+f6ejKK7egCMVyME4qRKRlNOngO1OLBGgreP+VkQv985JhRcp/UgT3EV5I2qUabeS
+r+LFQg502lKogv/2cSfv8oXs5vKmSFQ1c0pGE4/m+O0FmyvlNWlJyWk4B1zu77fL
+/hp2Ovo2L5NCOsUWa2KayDJyDfUa9A777AvKEDSeqA/CLT2zuMnaGI6WiiuE8l1s
+ZoJxiPdErPFLG1axiaM5gMppwG2KG7sx68uPxImxNf3vmoQI0A6x38TJ/UM9uVKN
+Z/Ul2UCRvmX8WLMyGR2+3OJ4IcI1zHCXa3kRybqTLy9/MQc1ytclZtq7W25YomNS
+wJ7rFJB6XJmqsTgFGpvBxb/C5S0EU578m2ScQ2eYb/8rQh9cFPR09TQwzTgcKldc
+WUV/Ii3PGPqfU+YQbB1CW3oH2yd3KqO1ArE8Agwiy9Lcj1MZf1fib3NDcEW9CysV
+CU6mO5j477pEdhhh3YVex2oTy2J6sc854OpeRHjmtRmY5P1Lx8Um7zgru3aYlBiL
+9xIIvEOGYL3jJhzRk6FFEyvwd8jdzx759qFiwqpeEZig5hiki5nytjXoWc6YsRRW
+ktn+41fRoljfyoud/oudnz/R+htweMstFEakD332taJrLh54UiphVSccvZxLUKzW
+M1tSCjeKBdpcWAfZnofwMJ4EVb1HV/VNhp5Wb1ODJKJCOuMjKX+fFQKrQ7br0Q3f
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8.pem
deleted file mode 100644
index df9cce1587..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid GeneralizedTime notAfter Date EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBCDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwIBcN
-MDEwNDE5MTQ1NzIwWhgPMjA1MDAxMDExMjAxMDBaMGwxCzAJBgNVBAYTAlVTMRow
-GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFBMD8GA1UEAxM4VmFsaWQgR2VuZXJh
-bGl6ZWRUaW1lIG5vdEFmdGVyIERhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDgwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALuN3xhLcTamwSrg/7HDqFvodu01X/59
-oI6coV90K3bmWeFUWcw5ZNfns6jjgQE1kexWBJIFACT3kFzmEdQ0Diht+5/uEeSO
-PkOZPDfVFZRsZlKiP4F5JRag4K4+Wfrt8M1vzLcj/TRtui1jpwyXKD/Zjtsye3j8
-MayBGrcgQWbXAgMBAAGjazBpMB8GA1UdIwQYMBaAFLcupoLLwsi8qHsnRNc1M9+a
-FZTHMB0GA1UdDgQWBBSikE0CsoDg9dGVN7xsWnkXPID8kzAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBABG3
-77d7XM2ib5Bv0aVQKTDlDZr1fzLxv0CeJt/o6io7LL8Z9gC0ZdoeiB1nK+unnlu0
-GFMygOHAwKUkKMkkChIGFyYSEPrqQV5811YETya4JBE+Ou3GQ2oKNNL49+HP2yTm
-aWT5eiTEg86gF52K2nPXRNaNGYHgT1+Ez2HeI4pO
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8EE.pem
new file mode 100644
index 0000000000..82c7ff7d50
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C8 C7 13 ED DD 20 A4 BB 2E 92 00 DB 2B 34 A3 A1 63 97 26 0F 
+    friendlyName: Valid GeneralizedTime notAfter Date Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid GeneralizedTime notAfter Date EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAgFw0xMDAxMDEwODMwMDBaGA8yMDUwMDEwMTEyMDEwMFowcTELMAkGA1UEBhMC
+VVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExQTA/BgNVBAMTOFZh
+bGlkIEdlbmVyYWxpemVkVGltZSBub3RBZnRlciBEYXRlIEVFIENlcnRpZmljYXRl
+IFRlc3Q4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3JsqVzyLOC5n
+QkAT5iNLE/lsxf/3jU8ojrjoBbTYdgaUaun44lvZwesI/WEd7WbmIk4bnuLDk2pc
+VQY+UnqPJS3j4exQshmfKSwtJnfnqiCNDsujHAkHP0ETMQGbQCfz2sibFf9TFXrp
+mcIHRX8cXIFcQvcvGyKUzO6pkZXRQ5CH37tVWJCj1q8oACXaBqdC4VRKYFO0lhWs
+epDrq2xWlvF7pOEJr7MvyM2tqaYFEKVgCXomhY1qxY3tWUr9n2OIEOt71o5+671O
+Mqd4cZJREF8vpkelQxEGMMu7DR1+pGbkrxXqyYAmjDE5czfXQOLHrWKJlXsnv37L
+gSb0h6cWyQIDAQABo2swaTAfBgNVHSMEGDAWgBRYAYQkG7wrUpRKPaUQchRR9a86
+yTAdBgNVHQ4EFgQUMT3myQxH68BT3YDCOy2mohpE7iAwDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAcDEv
+K/j/gsTTaDIPxcb0iblmMtDBoM6sVI1hp/cpXz47WqedfVQxKpMAj+nyCepRHFw7
+tnjoWzlpDJTbzDX2RaQTyzzZ1hoef9po4LSjt+ukybp0D3bf4m47s6cat+f5XKME
+BqLI+2C9V17tBV6ZM2LbCncc/RnHXwaPCJQUdQV4QOP0+aw6/pmCfUJH0Bn/fM80
+gPxHN3yEds/Xes+JRf3dzFMcGso1IA4fx/S3DqkT+uJG75jl2cI/SUZCdw6G5Aze
+h/wfRrNGyqQYOsgKkNION7NjDmeZ5doj4Nk1MaaYZmm/Znn83fMtXuGchn26BmIO
+UNDDn9zsAsqcF4TkGQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C8 C7 13 ED DD 20 A4 BB 2E 92 00 DB 2B 34 A3 A1 63 97 26 0F 
+    friendlyName: Valid GeneralizedTime notAfter Date Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B452F5FA65D5D9EA
+
+pKSxE2vluN/rwAKlIlcx1ujNGmCSZcAUM2RCSJKtU5dfviE+5CrOI2QD5ggla6mb
+lVYfxKHwNl7g5gJ1TA4hDQZKrxW0y0g1wX/88b2sRtkHhNQVPuh3OLo7/bl2dzto
+ndLby7Cdys6NuLQNgVZsa1Ysl7yNr2cmhT5q8D+No4cHHGm51GBwj9FWOBQrFb2v
+EsmSoxOyCcunZ3Sl39M51CH/gaKtGMFfTvHs2N8dj5zdD8ncjylV0SMcO/64wH1o
+bRwfkC+zDfx6KFXd7ROuR4kEbW4tb1Je7zMEc8fz55p8rKP9dfzlEVkqGEeKLWG3
+Gqp5JkUghtvpeHr+PDS1w5RrIfNNIWjY4/AJvOh2EJCh32il0X7+eOrEGYeP8dL+
+f8JxuUBXUEAfkAxGkeqRNFTT0mpXSXcRfnNwiuHvT9fX5h5E//YKgTvRQxBQicPI
+enE3FXA+E6iv63cOGhYjbTvrLvt+GdfZVfUPX9ieUGLbg+cVhiGENub9PHrDD5n9
+v4w21qEuNDWw0EWWzuWybNY6DU0qeu6lbh8xEBxHSy3FsiDIwStqXGhs/nl+w7qx
+IaCo8aP1/zMRXGEAFH8oGYtE+EHDBvJZfuMRVlM3FqQLyomWUtX/9BHapen2/ZzY
+MlAtIlvYu6psP4WLzGaagfRPWMlrI9QIvbaDfdnvzZn4yu6wJ8Lqsc7iu+8bWB6u
+lbvvxTa/YlFuyQEizlf0UJvV9fh1Nb/Hl6GheN0BMqGYHPaAzi8bac1S48+RZya9
+8NPvbxHkrKYV0+RORm1iMaETMz5cgU4BOxBATQB6OC+zDKhf1BMaawp3C9eCm/+d
+9r+tTyfkGMpusuLzevhK5utcqRXjHbfpoazJgnNqUVQrurxG3svrZFY8WdrgRl+m
++nEpoy1Wf8kpX5iTsAdSzZTKdFSKSSLqkPEywmGGA5T/XRAWMQ5+bhkZuPegwFh+
+cc1xhNa83bSlAXhWKOj834WH/CZFa9VGc7q8FuvFXHYzwLwhgAP5h16T3ylV6l6a
+E0/GvNXkBMOK0U0vwXEgXgO7n51peg9KkQM+fMITGznk2QVFu5nB40hkmaN+QAJs
+eBt6hsTwSvL1BtYvS9EC5SqDp/8ot+yDL/HIx+aDon1KicQ1n2D8ZpKtHuRmtgD5
+gdGS5tREqiNTGnklBXsrBJPZodafcDMnwOYSa6ZCUQMo2PDMwfvyseCCI3QJHiyM
+6IuLT1ErXLc/qldNUyO41VwP5GPG6UtrxwS6XGOuK0keTF9oyVcekFjbm9qENqyL
+Yv8XV4hj92+880ZOhP9WkG2QF6X5GehzNuRP+OjDjKU3e28H+rnCkptZcsBIGX3x
+bTRA/g/8InsdGizRBzUFIoQEOKQgFwjsaqLhF0PewSBsfPZqJwyr8DlsrRKVy7Pz
+N7Q49srE3D+zxZsaF0gAKgFPTgqnqi89DPpIs+REidaEaeOTVaiRyJpwadrdLwas
+Fox66s4HpgSVH6ygWl//sK98O4ijqHX2Xbptqioc/8sWJRFqSkMGT8zpJIzREtAs
+TgEYD45Dm5L8wlZYt4oneFY50FOlJ8VEaa0n/5N/vowj0Y6Yw5tgOg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4.pem
deleted file mode 100644
index 8e57181bd2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid GeneralizedTime notBefore Date EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBBTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwIBgP
-MjAwMjAxMDExMjAxMDBaFw0xMTA0MTkxNDU3MjBaMG0xCzAJBgNVBAYTAlVTMRow
-GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAGA1UEAxM5VmFsaWQgR2VuZXJh
-bGl6ZWRUaW1lIG5vdEJlZm9yZSBEYXRlIEVFIENlcnRpZmljYXRlIFRlc3Q0MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC95eHxRXrYP2LBGJtgztiha9W1jRBa
-tkZEgkmukmElQlc+Nz/uh5pRNpJbg7b+3Mv6XKMr0qncHxRIaap0sD3MY8CQOeWi
-IHCEtT5XGFy6B6eGpqfdejjnvN4MHVdd9uBaxf0Rbo7JlxXLCT5ZrYMNbK128Toq
-qhp0MV1GpfZ1DwIDAQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPf
-mhWUxzAdBgNVHQ4EFgQUeJSUUvGhyTgLeYzfK/SqlRZsvacwDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAi
-TR2cFTtIDfG39B3eWiPgzxJebkwj3E1ZcxAxzGcYHoSScb79ueJ4ERjgskZWO7ag
-oNPHokDXVScVCIjeYTG540+aQNawBa6L+HhIMNIuzHw190nKXMOSqPmNk4vbYPwk
-32dtRrn1hIUDujUwTkW5daFxJ25HjyUfVZCMQuwXqA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4EE.pem
new file mode 100644
index 0000000000..c3329e12a3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D0 8D 9B 81 92 7E FD 77 C9 D1 4D CC 59 10 C2 41 BA C9 F2 F1 
+    friendlyName: Valid GeneralizedTime notBefore Date Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid GeneralizedTime notBefore Date EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAgGA8yMDAyMDEwMTEyMDEwMFoXDTMwMTIzMTA4MzAwMFowcjELMAkGA1UEBhMC
+VVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExQjBABgNVBAMTOVZh
+bGlkIEdlbmVyYWxpemVkVGltZSBub3RCZWZvcmUgRGF0ZSBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0TXsIKGzxY
+iX5lX1bWQb/MZ9pouA3EQT8bxiWbQe3iWrZE5xIU4jFopRL8RXASP+lQIROJWqjT
+GtZhEaNQyB9CmNSz5w3Q/dME6LPrdiUF63klD3lY/J1cJheLov0Ql9Rshvrcjluq
+xR0aMebihrCVAbGB9fjapEf4D8xtm/l5SMvO7olLyDZKkibHgmzgZ66/ebGPrc3o
+OmxjoqvkyyH+vlRQgfv4oAVFetdVyYB8i2eJp47d2aFGTsWmn6zIoM7fy4iuu0kK
+07KGV+RGIif3sHoWXv2Uahz56Y7MGr135s/S8e80jA4KrfQpzqpN07ncyEtFGEs5
+3WeTcZi5zLsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWv
+OskwHQYDVR0OBBYEFM3r3nHYztXgRqo9a88ywemUwz7vMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAHWf
+JSZe+DwVSi+fwy98C4I5bZrrkWUX5P3ffOQkO1NrPjVURAvXqyTXbzYcf+PM5W+k
+J6XD2jJvNCRNQ2R8AIdVbG1fIfAzBR3PhEZPL9qKhi2H1q2IloF1Kw26ghxS5cAF
+cfwkOyQgNUpyFp9kKT2OE+3GM6/zf8SVy0/bFL6Rf/5yrJ273Of0+ymy2CY/irTM
+/4X7WLSkSGyPz9RHiT+LoRSel59eclRDxQKXgyToiTgGTKXbEFcilTBT6+0WCgcJ
+3Lw5qc+s12lQDFF8T903ef6C77dPOYMcxnCD2WlBInOSoqsGhn8NDf6YQYsDFCbl
+Oj2T6kRdn8YUigjmrhM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D0 8D 9B 81 92 7E FD 77 C9 D1 4D CC 59 10 C2 41 BA C9 F2 F1 
+    friendlyName: Valid GeneralizedTime notBefore Date Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B9767531CE04E789
+
+YmTFYhbZiq2EbSicLy8vgHiI4r1QOxqwYVNXc6Uy/8Dakry0nY70j27xKuqmZVqX
+tY+e9L3mdvzlLLaLZ2B01uhBWtfxy16fqu87gjWfKCcQ3oJDMnjQHN/LmLOvpCfE
+bpC+xfvVZSuK+/gqfyVywcLqFYwyYG4LSnnSzIm95y6rCGGBxBvdFpsO5+QOASMF
+0e68jsWuj9CO1bUoweg4AWi/XA8mr7OCLAQimCBw6feqiU/lmTOrcVLa2ckSS4Lo
+Lp7K+6pck6prAbxwjJMT40QbniZYZ3a6zVCFY2dHo+BNv6Yr/0ud1zBBjK4gViIJ
+VhPjY1fQ686pYQTSgQAWQ5vwI4M5mN5zyyp2XISuN2vIAxJiaGaEorNArB+sEdft
+RgNNW3A51M06POwAKzfw/S7HYWj03BO7chfrCkdlJt37fFNrb84jO0HzHv3w9DpL
+evrFydUnObVKRLIKv8tJ/v5P1yeaJ5wKAT1tX69bp8fOjFKgh80JNNdPnK1t7IDu
+2dUssf5qzRoi8KGISUkLDnveg4l0+cVZFobTt4y8D01N+ks1lPqKj4PyCBuxIBKb
+XNXQXVnCPbQT+kKy5MBab9/CMpR5tHw8GNGCbFLnwB/ovbaEoov6fr/Jg0f0t4+F
+zVcpNjWlCNQxVm+Qo3Ov9yhkpI/2B1lzodFYHcUYFk+PZlPKUYZmEnyuiiL0i1YN
+R2Zj4RUvnn0m0OCP2NbWOXIzC87Euv4+3Nn91KpcRd0y9tzDtf37TW/gIEZcotLW
++7sHoqm4i39XRrsszRGIZ6qL8WrZZJhoTw4hMQ8qNJ84UfnEk9tq1LUpBQQ0uJzN
+U48Xvjyk3F+WLVcXDLyac1YOrURbD8LCixbhxXXgHHTjUEGjbuoTqLT5SjL/f3jR
+WynPTmMUxINx/Aat7EPRtjWMAKU041mciY9V4QhADEWHSzMB6B4o1VHpAA5I5x61
+y2AL/grN711ZW0OxqmO1iHVWlyZm6/g15gJP6wImCJ3EowXrTprKTrq5RBITilyp
+xOjBBdFRCdCx1foT7Br7SI3MubG9dBmxZOLbWgTfCDVcXHIu4B5dIVJ+jKkKBW9T
+LNsjzXWUkWvG568Kf/HmN1/1NmgC4/z6Kr27IvShfeygg8a+46aj2Ve0QYZOMN2o
+cGl6nVuNEWBsanFu7ysn3i+KSYvvzYgiMvtIA1Ct0yFE/p40kC/0sDdQPVTL2KNG
+skKRlEEyIBLgeS2B15NAkGyiMMOeKGPLOlEvNTcV15ylTH7ml3vCI0kVN7d0PMrF
+6W/I7MabfxcsghEWht7tHXKFKXNeqc0oukqLgRIOtVOjjdutyCQlMvsKfQ1HA4si
+1LqPOnNSLfVDWcgSxSaYPiCV51SVLQEM5jIEE8B0X716QIoIkurp/841cvu3fM6I
+wTAgwyghnaomWchW8mSxg0Du/Kk6f4De9vZevM5I8ssciB7+h7cAZGeOzIksrjkf
+oVSw5V6ZEpoZmJbqHuYvho9SD6wHud+rE3PKcsR6GMYFP71K/6hc4anDh3qmxM5J
+PBCdHMD7ZmdikNGZVGoqr59u6E+ZQIq7lqP9crLcnnt9SEKRK+2bFw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22.pem
deleted file mode 100644
index ca7dc27428..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22.pem
+++ /dev/null
@@ -1,116 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV
-EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t
-vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD
-ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki
-QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA
-tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc
-XHLxTJCox/SL
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid IDP with indirectCRL EE Certificate Test22
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA1
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMwVmFsaWQg
-SURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDIyMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2H58UKDg/MSuu2itx5AvPDHHk0lMX7Bu3
-X3Vok97lKf6HAIseNFrZecQGe7RtIm3ICK1WFaq9tKE3MutSXNCcZ+CrPj0H/pzt
-jlFAlRN1jpTCSj3rVVAUpL9BCHMWrZ9qf8FVWgWI3YMWw7cgqC45VZxRYN0zyyGm
-pz4tN6pyTwIDAQABo2swaTAfBgNVHSMEGDAWgBRswRRf2Kct4IaTGVwL8Em5JVvo
-HDAdBgNVHQ4EFgQU7rkQZsqGMoKvXfmcukPIoHnHBC0wDgYDVR0PAQH/BAQDAgTw
-MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQBqHSrq
-s+MMY0Cfl9rlm+QyuARye7sTvTM5fQkOs/K3US5mAMfA+ei6Prb+u7FqxUya+Y9s
-6Q0AeDutkLkdJWPbJd7B+HsQCT/fWFvYE74YOOu5DTmtII5zVS5bildOaE/xTw2z
-stQtRX9MHe2JVh7WK/CA+TghpnYDlW+IG/iXjw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5:
-        c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28:
-        a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2:
-        6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13:
-        25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e:
-        9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89:
-        a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e:
-        87:e8
------BEGIN X509 CRL-----
-MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy
-MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ
-uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF
-AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF
-lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b
-IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22EE.pem
new file mode 100644
index 0000000000..0b0792fda8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 54 4A C0 C4 81 72 39 D4 8A 4E 24 F4 0F 40 3E 74 F0 2E 17 1C 
+    friendlyName: Valid IDP with indirectCRL Test22 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid IDP with indirectCRL EE Certificate Test22
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowaTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOTA3BgNV
+BAMTMFZhbGlkIElEUCB3aXRoIGluZGlyZWN0Q1JMIEVFIENlcnRpZmljYXRlIFRl
+c3QyMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqJ2kFX3rhdZpTg
+Px6TrqsUoVkZnTV1VPB30WHjhSo8PxTV7IIrMS7+Yhe9EvjERdMFUG3bGYx0zDTf
+aUxhAq4zPlgrRpAd/sqGRjWFjuB++XEUhVHdxhUe/ZaPPqtfPlWDT1Qk+HqgMvvd
+o3F8Ajl08Rr1q6rTApSkSrpCsR6Wgqthi89kexDQblsnANxIdul2qW6rrb4Y+QRr
+pxOgBQx7qHUe/Xp/6uqCNUQKQK6Yio3bQGGD5bUnLUuUBNCxi8Y/7Phc32uSyz8C
+nz1wWjRtgUybln9BPvUbC4G5FwQN4t8J22o5dl3Z3HqCDfFuUnWqmvj6UYe7hYQH
+XaY0xm0CAwEAAaNrMGkwHwYDVR0jBBgwFoAUJfiv/K+2qRobeUvby2Qsi0uxFc0w
+HQYDVR0OBBYEFBoLIK5VtXkG9/HqwgoAXXFLiMNTMA4GA1UdDwEB/wQEAwIE8DAX
+BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAFLJoesb
+KHha5M62n9PMG3uVTq7B5c297IXuHyQ8YrB9AdMlAGnFutnGalFB/F7hZxEGc9bf
+wV8d5h5nQeHQm7UVFwe77JzW8OmG/s1w2sNVsQIA1KLww/p9QUxyOt5sJtNRpkD6
+PBTCEzB9AGyuBCOyFEJYwai4VzVemb6kKQwxhOve6zRpqDInhxLMAbfpZUh+ZqLz
+QteK/QT/55XEbVS1EX8G1cwK6hSY+PzRkapFMJhkqPuwEprDM8V+AtcZqTnh/jaa
+N7XkfPUZSx8Txf5qUcVilaaQJXzua2E8JsGofSpjzAgYYle+U4YkAdNN0AeeO3O2
+87DalX4w2xAbULc=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 54 4A C0 C4 81 72 39 D4 8A 4E 24 F4 0F 40 3E 74 F0 2E 17 1C 
+    friendlyName: Valid IDP with indirectCRL Test22 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FCFDAF609DC1BA80
+
+6F1Q05vjm3RZJ2xrIsWtkTUSHybgIdMkOmrSVn/WBbyluMoeCOgMoQRjkAHtvGB5
+HD4+MCchwd5HcxLscomcD7QCP05YNkf6aq2ItdFk6LlqeWKQ3EqF66Q8QK95N/CU
+iWhGmcZD2pS/3527McaHe1g8HRePpXEQWt2UR2DQpMgMc4TiHMPEVqrIP297EEkr
+uPrQuqCqsJh6d1h+MErI7ZRr1brMqtazPzGcD5y+XREgR53nUBE2Tgm9X/gIHHaD
+qVXLo3RiNL4fFfGmApgOrm79zRbbXd4XKemKGA+kbKicYKUMgfMSF3YMJn24qXSl
+AjoUZ8KK4MCgPLcvMgMD6eQ3n2BYeHf9b398cAy8DPIH/bLNhEds6B4Z6qFU/oPt
+VaCParF9FR0AaevuYnieNdKjmsQGGCe2+QdFCRsD5rqpJzsCAg1ZfUSdU5zq+636
+T7aizM/k3NoDf4OqkFfkjc9nOAioYjD8XWY3PwnxslXk9wS9AIMp0yloPjDZtnL8
+ewspHiOpgDHagQ4yE5ZZEivU/7K1CPxAsmtMZXs4QZx5ABiF1R8AQKdAPoL3m566
+7zDBOxUGQlUU7b6rZXeOFxr0iUMfLaR+FJ3/chS6dv2QwGrxQWSGNvcvN3J5coNX
+fCVlheskFBeBxynRAyWz8Akb5miTJks5yHR/e7WL59gLRCBaHUV3DRod2999x0Ym
+BVZ7o4mAN2a/hukaeApxlZKaAvSXyNoBGAmyRd70kKRB0ndvQQJmBAvMPYyCqYef
+rTt3l/I5Dttv4uIXtb+3lAlohVrEDHF26KrrPDmLRET80E452o3HVGLYCwUgb/Ea
+9avL/mXBiyg+4JdKsoMZ9sJ2heRja/zxyZ6Fe0eBEKt0HLQVJ2u3urfkETqPLVqQ
+ZRX/dgY96Y6OmV/3nLojs0DeZYiNoo9TbpSkcccfggkigRV+ZQRub1boGTBC9if+
+56V8EkNHfmgtL2L+S6jYP3keQBYyFeYrNzpukekB1J4Fvji+hpeJO7mn9VQMbPQB
+ow/bJLDfSmVovsii80seOztMK/By4h5N5BPkRkJxPqF/Tulq0IqhZ8Wj3XBDnGfo
+0PbBDHo1ZKwQ+DgLs8/HDMfikv+OxLtBaNUer8hXhJQAvNVGS2i7GyW8e+BulnIj
+QsiboBoFmIgy3GoCZb909VLGxQszl/g/KPskT90XuPLPlMg1FZA7I4SiN2MRp0AK
+fvao6q1ih9X1jcKinTMDzsuuzNIlN4hongKiZPc1c5gVQtoGDn56D72DS/LJ62ql
+AEXwxTl2CO0xQrIHBft5woA7uGKUOO5RCxXLcU9XK5AdgYMchrR3YROhFxR6HYid
+k6zmlUNrxRnJ2jCNnQTfMG3ghqEJaqkhmAtCkVeDzOJmI0M1RnTjs8Vk+sTT6+v1
+dIF5Qs4Ok0RoYti707GGcWFzVQCb+WkyTM/iPtnAL54fKJaegH5FQ6Bt4fq68ToG
+lqZOyp53JbCaekOIGOivpLs2KgqHQyjnJGsjhoULqIXtdryjChtaILDlCeGFdqAA
+H3NocCuJc9avDujeUgzmQ6UkuNPSJ+vQe+Dz7qmNaOOFA4CG221euA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24.pem
deleted file mode 100644
index d069a80b26..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24.pem
+++ /dev/null
@@ -1,137 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV
-EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t
-vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD
-ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki
-QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA
-tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc
-XHLxTJCox/SL
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDblDsGRxVahA98R7vE
-/DS4nbSbyoerDINPIyc8wkOtWcS+y+f9O5IIdDJOZm2I5px1PA840SXYHh15o3ZW
-Vn4gFU3AgKF/CWMJ1g79LAYAMnQN/T7kSfuz/0rqhLH9tjz3Qtjt+/zy45YIny80
-7JOBLH3eLX0H2aOmsJUenp5ExQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwa+CD9XTTxDwMWI8WIm5inS7nAEwDgYD
-VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEvc066az+E8sftMAgkECVeJVw0Mcr2y
-YlJ0SAbZUNaU7KbzXxm3j8Q5v8K8GDy7EB4H0Gyh0vgsbChTAdLip7xQf7V7SetA
-nE66H4ikF/UAhXlSz+E48Qe2+L3w2weGbU3zwmNMeYkI6dmGFMfEut7hL9ak0Ulc
-0meAGzOu5kHt
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid IDP with indirectCRL EE Certificate Test24
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA2
------BEGIN CERTIFICATE-----
-MIIC4DCCAkmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMwVmFsaWQg
-SURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDI0MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfPjamOqOBJ5I2GqRFerJm5J5EGXpY0CGA
-2i3yoxIxrL4B6vuDMX7x2Zh7+JRcggTd6xwFetZeJWWLahi51RWjfa3RKfwa3/wJ
-yxCvJJfDAdr0zZE2NjXSKDWBdtYxpqvOo/8TCYIvrzKF6kQG44bZ6biAIC30T9vj
-Kezab2UgwwIDAQABo4HCMIG/MB8GA1UdIwQYMBaAFMGvgg/V008Q8DFiPFiJuYp0
-u5wBMB0GA1UdDgQWBBTmjKLn116swFbGYjGlN4lIL3ZOzTAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMFQGA1UdHwRNMEswSaJHpEUwQzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQD
-Ew9pbmRpcmVjdENSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEAe+QvzalpHWA4qr6K
-kSqLzdboAOHGA4+9IYaqUm3rczXhCZrk9cJmWTX7l3grLw4NMMGYkpvy+K/ZRTo5
-7qatlnIg1IxOuR/FQjQUZa+qvhv261Dlk3dH+QlApPxEZyjwCmu9qlXuQaLRWPVM
-Q5FPPtw73O3MCtrfR0D6/mS5zoY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5:
-        c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28:
-        a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2:
-        6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13:
-        25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e:
-        9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89:
-        a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e:
-        87:e8
------BEGIN X509 CRL-----
-MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy
-MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ
-uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF
-AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF
-lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b
-IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24EE.pem
new file mode 100644
index 0000000000..158615fc6a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: FB 70 4B DE 3E 97 FF EE 22 28 24 7D A2 8E 92 7E 7F F7 4A 3A 
+    friendlyName: Valid IDP with indirectCRL Test24 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid IDP with indirectCRL EE Certificate Test24
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA2
+-----BEGIN CERTIFICATE-----
+MIID9DCCAtygAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowaTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOTA3BgNV
+BAMTMFZhbGlkIElEUCB3aXRoIGluZGlyZWN0Q1JMIEVFIENlcnRpZmljYXRlIFRl
+c3QyNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANaATLttW/ZFV2eW
+ylu7TX/3e1eXb0QwgbbI+sApv69RhLxQT0hwCVU4Dm2dAEgYo5i8oOi+rTOlnYXU
+4J+v+Jfpr0IzfX7MnyYh4xnkHb7+zZtPlbOJKR+F1+gNRAyWi9vMXNr5Yce5v7OW
+hvlJdJMbGTC+24xywS8PZ0EjTIlLnsgzqEY4y760mvmdzQpw22RHXZkqD8XYjw3W
+PmjJKJ+/YhMh3I+VVr4UKW7B2f3RglOyznk0XJUFM5Pw+6XuFbA26DG/Awm4AHmw
+fTVmV5j0Wr0T4zpqcZWC7mMRs4ggY1mNDfRdH6vOj4ShyZVPhHT1FGXykS3BGp+1
+6mgMC/0CAwEAAaOBxzCBxDAfBgNVHSMEGDAWgBSII+Gzs/Js/jGpvothqjuShwWk
+ozAdBgNVHQ4EFgQUY7Pl5pwRT2IfHI3sZo8MqlHb/kkwDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATBZBgNVHR8EUjBQME6iTKRKMEgxCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRgwFgYD
+VQQDEw9pbmRpcmVjdENSTCBDQTEwDQYJKoZIhvcNAQELBQADggEBACWXiBBJIk0S
+WXcaAbszXf9HPFRQ9ntKHreNu9ZjWlLv1gc3WVwZDyRa296+uDyAfetZrg2ViU6I
+VCpfmTRmvBfqJ6TO9qSLN9wtfkoAqUxgX4iWczOAnM7S9o3nQOHGRehAw87ub7o0
+4KbwoOENZxqTF4xNHGzw5ZtQIe6CWTMBUN4bnrQm2zt4kzXenxe68lcr3q7JrjhV
+RGh3e+jSJZsy4HuaB79OTFjHQWblxXGXzIPZfRZ/YUJbRhTPpD1ToQIdu/c8ag4h
+6ZFKeeB9pUPruCLakD0WSdCbWW/Fb1kVSLWHM9R7dAVCw7ccm6K3QfAzJK/FhwjY
+s4fPLXGaPrU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FB 70 4B DE 3E 97 FF EE 22 28 24 7D A2 8E 92 7E 7F F7 4A 3A 
+    friendlyName: Valid IDP with indirectCRL Test24 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,45333D253C999BCC
+
+enI4SCgHHLCMKR4XZhjcbC40sQHu2+JEmMmcAfXLxy9mxt8zGpzWDbTJw2j5LaA8
+3TV97t5HWKpfSdOG4Gfswp02EpdZeah5AdSE640TF5eoSv40OJUXxEpg2KhxdFGG
+iFwK9LBBiG0ppx02blIaRcBEnQI8Gweq2lGJy2xsT1IpqnpSqSltwd9GEKicG3mP
+rmdE+MClY1sOadzZeoaptABfftFtJtkKCR7M9ZDwgh0etnJr4sH2C+itxGxhmzkz
+GwT4hRlmCXMlL1n5YgKx4uHGTrwA9DOJAZ3egMmrvMvF0Ohe13D38kD7pjdbASrk
+RzsqnfvCAmZsyq97HsoL4iHO4l/s0u+xioM33ShyZawN7p+sBiZFmuKknl9NyzHx
+ZQ3ZjMiFTLm6dJ7cg7vwU0riwlY/yU0M+Rbbc0aIXkPog4YdZkeFrrrE0OnKe8qo
+eWJYd7VRsGzqQ4T3OSYaq/yJCbjtAJBZH8uaGRI+c79tg1yuIIG1kwd/8rg69+6v
+QPpcckMGcSbjliAydo6nPYABMoBuyTbF40MXS/hYTlOq39enxSqaEqO64YvDMA6w
+mDcicf3Ymasef4PFy0htwGPE5iLhLWoPpPpnuXCHZI0T4nnlwS31rTlV2CRyqwzw
+R5OWgJjYozYzJbg6IJTFohDvQzVdXvXYbt+P1Das/lJuOZ8uZE1JhL7Yurzil8BQ
+RfEXFrZWtwc9b9qfsk9THyYmPPrRt1tl+UGh65TCM09ar58T4DPbAkNsyflupYiy
+r7FILbd9GbF3dZOrvlnvr328iFaywCHG3ZtArYAz3PhypQGtZdMU15n8kL5X7Ndp
+RO7xWVG1iBywHHz3yg5EyG5WW8Ajtn6xVxP0Zj2rGBwJIbpntvHy4LOfdGpRY17P
+ScENZWiGg5qizI6SS1YYvuOenBL0VV7ciAxoWP+mJLY33XlTz5nuEbWUVw1jzka6
+GQlRJkgArBwtsaaZg98s9t9qiDIzvKvCbUbi5WLF5g9AoTlNmKC9hYRPDJhcQkNF
+CIM9YtLtjc7M7qxE1iVfn1S1S/WXxhc8KjCuAVknsRbZmrCeHVE5juyXhcUTBwNA
+hdeeQ/ofp/HoZBQontU8cljhHOp9gn/XmjuuaRCY8KPW0NrwQD12NdOzAt0cTQKY
+76+yYWup+4AOad4NaRUbc0yL68EQ6eBkof3yRWtpMTF7297C67yR2mPNTIu2Tqpn
+xRHFTt7VlOa1DzioBVqxBTY/QrPfDWqLn09llFo9UQgv8jyJiICUd0KuqBkfgzh4
+6em0H1l/Zrjj7wrzEA0ah1Gt+qo6HXTeF3Ji0P0XsRB76KWXxdvEHh3ERo8XeeL1
+RVeSQIwi3dp2Za27XPBjEqAdw36rjTnqw3S+MUiw2T8RZcXKLl70r5vOWgpxm3rS
+Br1pEJauMVQHAppg1nfkTHhFdOhHozMoiGjmqJTLa0WQDH/Es24Ai2QT/usVqiMS
+KDbFq4RrCdNPSghgl1+vK9+epdZKOh5rmHGr+XO/ir3ivPA91rMFb7PoPkrkSTpM
+XSzrD0g8Mu0EgJUKHHHa6HM09hSQYdJitUTOgKIGBGSYaRx400n8TQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25.pem
deleted file mode 100644
index 9861f0f70b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25.pem
+++ /dev/null
@@ -1,137 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV
-EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t
-vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD
-ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki
-QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA
-tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc
-XHLxTJCox/SL
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDblDsGRxVahA98R7vE
-/DS4nbSbyoerDINPIyc8wkOtWcS+y+f9O5IIdDJOZm2I5px1PA840SXYHh15o3ZW
-Vn4gFU3AgKF/CWMJ1g79LAYAMnQN/T7kSfuz/0rqhLH9tjz3Qtjt+/zy45YIny80
-7JOBLH3eLX0H2aOmsJUenp5ExQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwa+CD9XTTxDwMWI8WIm5inS7nAEwDgYD
-VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEvc066az+E8sftMAgkECVeJVw0Mcr2y
-YlJ0SAbZUNaU7KbzXxm3j8Q5v8K8GDy7EB4H0Gyh0vgsbChTAdLip7xQf7V7SetA
-nE66H4ikF/UAhXlSz+E48Qe2+L3w2weGbU3zwmNMeYkI6dmGFMfEut7hL9ak0Ulc
-0meAGzOu5kHt
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid IDP with indirectCRL EE Certificate Test25
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA2
------BEGIN CERTIFICATE-----
-MIIC4DCCAkmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMwVmFsaWQg
-SURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDI1MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDf0B2LJSDNBUNNk9cwJtpviFO4J0nIRbuc
-O6UsC4jXoQrcgUkZOOcYIT82Yz33dg4bv6K2EXqzJwIfBGq6JGvHrAl3djShH1wO
-qasa6FN6vCnmb2Wo1+7KpwCSlDAWAYhNTcb8tGMYGiOGd4FMhEdA/y4sRqmuJEOZ
-Uw7DglXVewIDAQABo4HCMIG/MB8GA1UdIwQYMBaAFMGvgg/V008Q8DFiPFiJuYp0
-u5wBMB0GA1UdDgQWBBSQlj00h5t1ic1A+gEB0E3NRYLbqjAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMFQGA1UdHwRNMEswSaJHpEUwQzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQD
-Ew9pbmRpcmVjdENSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEAHIf/ZJSSoUe0ahpi
-VXce88mnP2i2KJBuOPFVGyJHSY2wGKtm02kgghm1bSdwVzXOLwTLa223rjc+cZcD
-7lYleZJEOeEnibK+8EgTf0Z/D6VnmIsQD/HHhpkmvB69NWVETkG1VtkmEHkaNDdQ
-2WsP41gX0VujQE2K3UK1KDPPNsI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5:
-        c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28:
-        a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2:
-        6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13:
-        25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e:
-        9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89:
-        a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e:
-        87:e8
------BEGIN X509 CRL-----
-MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy
-MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ
-uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF
-AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF
-lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b
-IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25EE.pem
new file mode 100644
index 0000000000..a716c1a069
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: C7 60 3C 49 21 82 1C 54 08 8E 4E 04 25 0B 12 11 F2 FF 15 09 
+    friendlyName: Valid IDP with indirectCRL Test25 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid IDP with indirectCRL EE Certificate Test25
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA2
+-----BEGIN CERTIFICATE-----
+MIID9DCCAtygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowaTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOTA3BgNV
+BAMTMFZhbGlkIElEUCB3aXRoIGluZGlyZWN0Q1JMIEVFIENlcnRpZmljYXRlIFRl
+c3QyNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMp7IIM5L8j+PX0j
+W3jaOmFU0IZb/uqR7MK/+CPZSm3YN7HvAYvxTVC++HGP8PNZQIn6148vH+shf79U
+h9DYMPtvMpDBsDirZZYe79/9CCdO49n/1nLvt+6Q2RwtoysAT1pfXd359RPZvu78
+oGQvxnJwxH7SI8ZWhueOArm7aUTqUXbWq77bXsE47/zYBohwVNAL4lm1rNIw+nun
+Vj7og5FupDZhd6YTHlm2hMzLh1VXpX7RNGtVLouLEVLcdqQsuzbZWyTmMm7V0jk/
+ELBx2jdcrl3qpyJ8yaPw5mXbVef7YfvlCGRwOEPLY0FPU7ROfICoC9J2CFqq8Opm
+TYdehs0CAwEAAaOBxzCBxDAfBgNVHSMEGDAWgBSII+Gzs/Js/jGpvothqjuShwWk
+ozAdBgNVHQ4EFgQUtY5A4mYCw2O8gaOCAOp+ELpcBt0wDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATBZBgNVHR8EUjBQME6iTKRKMEgxCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRgwFgYD
+VQQDEw9pbmRpcmVjdENSTCBDQTEwDQYJKoZIhvcNAQELBQADggEBAE6t44yeRc39
+gkxrj/OJMlMhO5PM+NOQeDO9MB4TzbO2lNo08dlbz5bEmfnbFA77mthpoXcSTvkr
+HgVFncAs9qZ6V8zV8lccn5eXiuO/dFpmS42eKE0rhk4VkBSD7wSWPX3vuLXalYsU
+mtFOyExDNRqtKcGAEQMyQcvw0SuwDHWHuRXZ5uALB6WU8X/uNx/jmWjScyQFnooj
+oGhOakKKkLMciGBPF0+2VZUKbaknZmoGVI603yGRXxqlF+LdSaGsEcjfUwpqSiry
+53e6GfDspF2xH/2IQX6y2d7Jx6zH4oT46jDR/uPwVXWAdhQi4Z4S9xj4G9DpHC/F
+NeK7pE3pYSI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C7 60 3C 49 21 82 1C 54 08 8E 4E 04 25 0B 12 11 F2 FF 15 09 
+    friendlyName: Valid IDP with indirectCRL Test25 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1B559E6CBE8CBDB7
+
+lzuIKJjyltjw37fK8/bSCA8hm3s588px3Hqnf15Dr5982IuT0gOzDWy0NNodvkwh
+Z8TlM/LBopj8cd24FV9gqKQllGSnpMonIw+jqO8pAu2XI+WAvRUmVdLILD37ccE9
+3r5NRO0PTLoXTStn3K8BNqdNEMriTj7+8qSZ5d+RsUvnt9rD0r8mDY5RvsUcuDER
+63x6AkWEZYXdj7Dh+gLxEWZrBdZx9NDhJ4hGc0Oghh6valpbF0x8MFXFmRXfAwsJ
+0So5Nu6WpW64tfbeI1s7IQKDrT3mg+gPNTYY9P783ULstUEcLGtklFMNG7mnoTMH
+xDMSTICCFuM5I8waJdwj/pa2g9paFjG5H6gye0xRlzFSverVw7vro+IV3EPo6+1q
+33Gj5yPNM2lwSPnioOwsUeC56rQhI/gyKj8HB3yxB8TbF7NGctMfpeJIreXlehp9
+qPXPiCbBxrGRRjcerF9uvPlJAMNXxwwxBloRjVgKqDypbrGZJtpT5g/dG6HzYbUQ
+VruyoD/+Kb0MzQFajfCOLlyzVvYJleOqix9JOH5KKcgHjVH6FtHl+X24m66tCqKO
+7e+fd4NNFW4zOqN7TA5gPG4C7kGjRKs/pdRF/O45h3thhxsNpaEl5ekcLEcWaF5i
+lkUIKC2pNjU+VHHUmotWMYxbt64VGBlvaZxPZgj4HIabe3V5PBUw7UuozVh4IuIp
+4fcvqi5gxlBcuWGwii06IbcskSLPz0zKWx30IUyc2B9gSANpPxO4hv+qTace7kEj
+tImEMHpLsPwRc5wvPxodquJZInH7YcUfga832eyIG17HZsfUOkHSZpd53UIeiLgH
+U/4JziCBuT9r/Q173bXbzFSthooy/jsq9KIppNmA8w9Cn9xVPhCxdREErclMtAO1
+MCXRz2gj66tsihm0I0R4cQpuwHKDio+34pLYnis2nPlCn0gIJ6Paxddg1YBLIAmP
+TuaXfFZKFoB0qjR2by+SKcIevFdbAmYalxAknJupGMm4EMkb/Ho2r6horqKopqWK
+/DN++Om4ugAM+WELeSWZ6sP63Pvy/Twlnh1P9EZHtg/180ZgLqwbr/vGsHdRdGZW
+u0cvbOSSVMFhY5V7DC5K3Gnp6TLoteD+W7M8JHzerww79eOe17HsnIjUKsBwH/Pc
+xIpiXbzaXQsD8MEwB40E9ZwF8/35wn8ARSSiun316yhG+GNEtI8ddt0z8FbVTybF
+Sw4hbv4UC6qS4VkkarBmmUuDzLIbgm9VCisK360q3y1+M2Y9rv9ZVhHBU2/CGsuY
+0wmfXIMekp8iiiCLf/6VG1nrb7E19hxZAtBp98UHSB0Oa8gjwS1JQl+qdWSQXxQe
+uMBMCXehHiIjawp4Xg3+8c9GCt22d5op0w+CbqmR/t1/h4rYR+qf7uqCOmTyfIc6
+2MHY6ArzSRYVdg4xO8+AJFfmw0mn8uu+elsLPxtMYWuW7BFEiVTLw4HvbjOJsDWZ
+I18zW8lGQPIOzsxq2up6k14I4nhyxfWWAEAAol3HvfhDM6YYjt5zSVpspSFefYsO
+N/atLtmzNIeYfbbLaXKKwKALgcAX405wO75wDa7gw2roHXJMnATQcw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16.pem
deleted file mode 100644
index 58a9b915a7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16.pem
+++ /dev/null
@@ -1,115 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Long Serial Number CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVTG9uZyBTZXJp
-YWwgTnVtYmVyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1mCudsqPk
-irIFe3XQBPzhyyRQyreJH26B3Yg6kYq1Obd6I1j7Ber4BDVyCCAvnS6rNkzsbaJf
-+sWVf27Vug0uhasZx/3XGc0DbhZNr5iYknU1LEh8Ccq1Oymq0LPolAHqaJNOaYpb
-K5Fq0P0RDcBK/ENgmtdY0CJrR7MWUTttqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU3z1I++My57kmUova7PgJT7PH
-36YwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHJqd5P8eBN05uB3+fPCfVjO
-qX7csbAx6X1LNibOoWDlB9Y6fElHQS+i8HDPmIIdC7N/9xoCW/fhzZqb6VKDQXNM
-9pwf6jOJKnNQOaQISdoIvj2Jn1FoE4Bo1SGGQo6ZgCWfXPA1TE93BXTua9Oa+FZ5
-fhG3y3gMYLC6ciKePSDf
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Long Serial Number EE Certificate Test16
-issuer=/C=US/O=Test Certificates/CN=Long Serial Number CA
------BEGIN CERTIFICATE-----
-MIICnzCCAgigAwIBAgIUfwECAwQFBgcICQoLDA0ODxAREhIwDQYJKoZIhvcNAQEF
-BQAwSTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4w
-HAYDVQQDExVMb25nIFNlcmlhbCBOdW1iZXIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcN
-MTEwNDE5MTQ1NzIwWjBiMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0
-aWZpY2F0ZXMxNzA1BgNVBAMTLlZhbGlkIExvbmcgU2VyaWFsIE51bWJlciBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0MTYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKtO
-3auJrAWhozm7l0Z1T0lT1bIb6AWcsrX5hHI03QNjnAsiR6TwhLzknLevcqY1FMOd
-3CQ0YGisyl+jQn6u0vn8gQbPvlN+HaEM3KhBED8jqLLcnspGAS6f8oi1dpWNK0fL
-NrOz4DYCp7kQVDXIBmifayg87zrHaz6X4lMhxgxJAgMBAAGjazBpMB8GA1UdIwQY
-MBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMB0GA1UdDgQWBBTJunkp/mY4QxI0f3ob
-s65e11IvhjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA0GCSqGSIb3DQEBBQUAA4GBAENEAZeCPJoLGi9JOR7np7MvjQtU9NWutm2iMthF
-MYTKIG9CmYoDbDGl689tIyEHOSJO576cpCvOoORWfvPNFqUGaDKjTeZ5r43Uq4kM
-G2GcseomSZC95SvZhsH5ZrLkdJLSrOe1B4RiNQV6Dx/EgDr0t/CL0bTNhh5l72LJ
-8cNi
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Long Serial Number CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DF:3D:48:FB:E3:32:E7:B9:26:52:8B:DA:EC:F8:09:4F:B3:C7:DF:A6
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 7F0102030405060708090A0B0C0D0E0F10111213
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        7a:20:63:9e:55:8d:d1:c3:ab:3f:37:97:45:61:6c:a3:21:9f:
-        83:bd:ce:63:48:7c:a8:ca:36:15:02:3b:1b:51:66:e0:23:df:
-        de:ea:86:72:e6:92:9a:63:c7:0e:31:30:ee:62:83:1c:3e:23:
-        20:29:23:ec:aa:2e:f6:18:ba:94:45:e7:af:5e:44:0d:3c:2b:
-        13:6b:8c:7c:7a:6d:a2:f7:b5:9e:ea:d6:f9:9d:4d:31:91:8f:
-        ea:4d:b7:ef:5f:5a:2e:63:fc:37:02:5a:db:a6:3e:de:6b:a7:
-        84:83:d2:a7:5b:e2:07:85:9f:0a:03:f0:33:53:eb:a3:d1:d4:
-        16:02
------BEGIN X509 CRL-----
-MIIBeTCB4wIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJl
-ciBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA1MDMCFH8BAgMEBQYH
-CAkKCwwNDg8QERITFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8G
-A1UdIwQYMBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAHogY55VjdHDqz83l0VhbKMhn4O9zmNIfKjKNhUCOxtRZuAj
-397qhnLmkppjxw4xMO5igxw+IyApI+yqLvYYupRF569eRA08KxNrjHx6baL3tZ7q
-1vmdTTGRj+pNt+9fWi5j/DcCWtumPt5rp4SD0qdb4geFnwoD8DNT66PR1BYC
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16EE.pem
new file mode 100644
index 0000000000..6b5c09b394
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BE 0A D0 4C 5E 46 41 6E A9 35 8C 37 3C 87 7E 82 78 E3 80 C1 
+    friendlyName: Valid Long Serial Number Test16 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Long Serial Number EE Certificate Test16
+issuer=/C=US/O=Test Certificates 2011/CN=Long Serial Number CA
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgIUfwECAwQFBgcICQoLDA0ODxAREhIwDQYJKoZIhvcNAQEL
+BQAwTjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJlciBDQTAeFw0xMDAxMDEwODMw
+MDBaFw0zMDEyMzEwODMwMDBaMGcxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMTcwNQYDVQQDEy5WYWxpZCBMb25nIFNlcmlhbCBO
+dW1iZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDE2MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA60l+Uxo/EscQHc6uSZTNiff5wN6+vHrzNTO71TXex/ZZkPw6
+h60CNBdw5TPhvdRkYALq7mdMqTMzHntTBnHCc9BVlEOHvyo0FtrcpAplNKxSgMVB
+dlT9/9LfuToh8XtO9EoQXz0zY4857N8rol3bZb3DyG2BpIxbFwRyYYJ35DpKlach
+uJeEGxr/qyV0kb4O4WQtFUz5udNYiMc4HN8jIpFV8JkBkcJVLxbohL32Sz+k0uWD
+K+Nu5R+kPqCUxdI1q/xlexYtbeYqlfCb41mP06tpR8TF6IEFpFVEtAc4Xgf4dwXY
+EMit6jx0/vhWc2uHse2wETOElP/BPHkcQyxFVwIDAQABo2swaTAfBgNVHSMEGDAW
+gBQLY7dHrsIHMht/b+M6uOoL/9dkpDAdBgNVHQ4EFgQUfoW1hg1ZwEl3TiTkftke
+9bK/LLowDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAN
+BgkqhkiG9w0BAQsFAAOCAQEANAtNHPUyv/1huJvEABDV7HL7a4m5e9dwt05KChqm
+I2bNZ2euvr2tmQD4+jCYpD62IYboWhNGc7mOiMe5SqbDvfI+nddwjLg7vbr61LYy
+kmTD+koMayzBsvAMvsD3GnEFZV8mujcQAfvFu7+lT/KjhJTreNwmSsF8Q8jCeC4f
+oHaoT6hnYNgpdzjMrVtDLIwDjB8L/a3XHY1LnCk7Btle3ge7huFnkRkOdPDT9u8x
+HN0tMFXZWi0MbyIyj2RZjgxpxI2vvFNRviGQfd7gcpLzoinD6USFK9f7hUXZr44H
+bCQUme32AqlJ+megWOauS3WUaE/8YA0KDLRDeskZYiAspQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BE 0A D0 4C 5E 46 41 6E A9 35 8C 37 3C 87 7E 82 78 E3 80 C1 
+    friendlyName: Valid Long Serial Number Test16 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E6C9E4D61288FE11
+
+e+AmA7gdL7PjQ0RHgLFFf1j5Ol7nkQwTFTqP9BKrkhNN9YThLPv7AmCmhfNPqUWQ
+M78x+MUoYMr/Cj1OH2iyzER/gwXcX0smv0HQaQo8bydLXAZEpCPEo6HRvd//UPx9
+EdrRjvTwNqJwXaSsZKxj5E69gIbUANCKL/6itKRuxgJpCl9tVwC5rw4aC01rdojV
+QdF1NbNsZ+8e8dq/UHWbw/UGl4i/o+GnZ6257Q1E+enNF67EW0B01Zm4FUGI2lMa
+/LhZa3CxwWs3lTXA9pQumncClV7HjHMjOtPCOc9Pb2dhdhjBngc1wgk0ZRjnRgoS
+Us6pjQ8eMyP1U4tAR51S+cStfeL2SWiE/c33mBGwTjbrXh4HSdXGjxyfOtgVbTWt
+L0eLsDZb5kxfZ9M4UGspk/MLq9lnCbH2dYd+9PppVknhRahOpuPPuabYv+h7AjHG
+QsTdDkKbU0aXGvIVcA84rKn0rlWZbd1q4OwDPLoDSEkwuRmGqisOmOkv/BkjfLNy
+GYKBNJw+AmBX4Mv6Xx3hiX23ht+fBOqUJh1Ye5+l3DWlnpgF1tVaOKCraSeOurJV
+PxQwCbQ0JyTbyxduZ2CQznr8x3n/Gs2rbrFyEco/8YAZqFxdhs9RqMLacavfXI50
+UAY9tqHLT8M5w851ZLxpCHFKM+PMoDMZNVG3LhaH5n7NkRKQe5HdfQmmeqzbGWJS
+0Wx5KPNMbDykIjMFxYdHh6C0ftEERB0qinxQPSwPUDa16/eKqYT0EPdxCUi5QWEG
+77YoKFMLIKOSPEErLQQRlTjpVxtS+EuhGZhzxvIaaVyZf1BVEuSAdwLpixl3Avbb
+jN8p6Ww/aLfLvGkeRvHVaPPihHV5TAokkCbpdUn9ZWVRRgfwaEPrpMzZ9QXxRWsS
++yCkwrQ3sWO4UobJc0F7utfx7OdsLVG3t5LI8sLMACRvDkfkj7sIle3aSq99WYi4
+0H93dFlhlRYK5jK5bqLEeGIPFxFqAFAAxZiTLaQWrEWXPLF/J0PLDJLJd++OyNts
+r1tLJk8TM0KhV4ifFVDXiG6T2y7+hMtAYIn3vPvVzDLp5zsDYg/1OyElY2iEPbHp
+FvkfBRHJwHzBT7hE2P6kPi4tFy3MW7xCzl0jQL0aPR17qobVfre1nHPVFDmjg8RL
++kBbBtaCUTHIWUDM9Qmz3uEQwNdhsJ4T7IDYLvppAGdhblHJZjx2j9QMiQALf+Q1
+F/vSPV8ejSwHpQxXbP8qXIxYl3X8REpZJpBRSBy0HOxOVmpJvT0B8vLo1TWJ9MrK
+PA+72UtMfWlf0SzCfrF3PVR7zNhOkoZG8tkQCHazbgW+wGyPH2yLq7F4Ra+fk/OG
+T/Iyjj7GcW12Y0KJbaWTcl0UHzWnVmEiyp/2iOBdpXNRAzIWSWm4UbD+VX/SFtP4
+xbtv2PDKXi2DXQXU6QFgC1BSk1gGElN8f+JNrdwQkz4YPm4i2eS20jL5XdTGuxYw
+poqGuekkEHQvDfIX4vmQ8tZtdOx84BH/wipf/9VodeLatnrYTkt26rdUDIBqPeWE
+dkVTwIkIRPKjE8JcwInj1/uX73rPsRYMVAWbGoIsVhpbNlGzbQLCmKgBXnJa9iF2
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17.pem
deleted file mode 100644
index 16037a0097..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17.pem
+++ /dev/null
@@ -1,115 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Long Serial Number CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVTG9uZyBTZXJp
-YWwgTnVtYmVyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1mCudsqPk
-irIFe3XQBPzhyyRQyreJH26B3Yg6kYq1Obd6I1j7Ber4BDVyCCAvnS6rNkzsbaJf
-+sWVf27Vug0uhasZx/3XGc0DbhZNr5iYknU1LEh8Ccq1Oymq0LPolAHqaJNOaYpb
-K5Fq0P0RDcBK/ENgmtdY0CJrR7MWUTttqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU3z1I++My57kmUova7PgJT7PH
-36YwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHJqd5P8eBN05uB3+fPCfVjO
-qX7csbAx6X1LNibOoWDlB9Y6fElHQS+i8HDPmIIdC7N/9xoCW/fhzZqb6VKDQXNM
-9pwf6jOJKnNQOaQISdoIvj2Jn1FoE4Bo1SGGQo6ZgCWfXPA1TE93BXTua9Oa+FZ5
-fhG3y3gMYLC6ciKePSDf
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Long Serial Number EE Certificate Test17
-issuer=/C=US/O=Test Certificates/CN=Long Serial Number CA
------BEGIN CERTIFICATE-----
-MIICnzCCAgigAwIBAgIUfgECAwQFBgcICQoLDA0ODxAREhMwDQYJKoZIhvcNAQEF
-BQAwSTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4w
-HAYDVQQDExVMb25nIFNlcmlhbCBOdW1iZXIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcN
-MTEwNDE5MTQ1NzIwWjBiMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0
-aWZpY2F0ZXMxNzA1BgNVBAMTLlZhbGlkIExvbmcgU2VyaWFsIE51bWJlciBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0MTcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMmE
-I5A7RJ2dsFgrNGpTKPbTNkMlTeSA0APdg25ehg2jBXRX32Y18+LwdacaCcVFxWIK
-z16aAT/8U/rmoP3+dPkVosnTcbJamr5D5rE2D+QWqHI+4Q0saPg91CxVTkLhxU9R
-Ck1bLkVggnQngeaqCNLIAHuP8N44+V3Pytm+HddRAgMBAAGjazBpMB8GA1UdIwQY
-MBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMB0GA1UdDgQWBBR7xbA1RfoohD3hr0Lj
-5WUT+PO6hDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA0GCSqGSIb3DQEBBQUAA4GBAGGq1mqUIqGhHvuMEEdcLDESbvJ2tSMigxNjqvGi
-zWc/CpxqrWchwxA3zF1/M54g1Shi2IAxIp7lfBJbh6X8o/8Dzhc7Mff3HrrqTrC9
-NUuJEFGx13X8FRoEPgCKkn/kl8fDLfTvJt/Piww6fE8s+5iiXwqaFwGJjSgz0UqW
-re5l
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Long Serial Number CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DF:3D:48:FB:E3:32:E7:B9:26:52:8B:DA:EC:F8:09:4F:B3:C7:DF:A6
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 7F0102030405060708090A0B0C0D0E0F10111213
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        7a:20:63:9e:55:8d:d1:c3:ab:3f:37:97:45:61:6c:a3:21:9f:
-        83:bd:ce:63:48:7c:a8:ca:36:15:02:3b:1b:51:66:e0:23:df:
-        de:ea:86:72:e6:92:9a:63:c7:0e:31:30:ee:62:83:1c:3e:23:
-        20:29:23:ec:aa:2e:f6:18:ba:94:45:e7:af:5e:44:0d:3c:2b:
-        13:6b:8c:7c:7a:6d:a2:f7:b5:9e:ea:d6:f9:9d:4d:31:91:8f:
-        ea:4d:b7:ef:5f:5a:2e:63:fc:37:02:5a:db:a6:3e:de:6b:a7:
-        84:83:d2:a7:5b:e2:07:85:9f:0a:03:f0:33:53:eb:a3:d1:d4:
-        16:02
------BEGIN X509 CRL-----
-MIIBeTCB4wIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJl
-ciBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA1MDMCFH8BAgMEBQYH
-CAkKCwwNDg8QERITFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8G
-A1UdIwQYMBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAHogY55VjdHDqz83l0VhbKMhn4O9zmNIfKjKNhUCOxtRZuAj
-397qhnLmkppjxw4xMO5igxw+IyApI+yqLvYYupRF569eRA08KxNrjHx6baL3tZ7q
-1vmdTTGRj+pNt+9fWi5j/DcCWtumPt5rp4SD0qdb4geFnwoD8DNT66PR1BYC
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17EE.pem
new file mode 100644
index 0000000000..53afd0945e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B9 81 3E 90 D8 72 4A 1A 45 29 50 D0 DC 19 E1 1C 2E 29 C1 44 
+    friendlyName: Valid Long Serial Number Test17 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Long Serial Number EE Certificate Test17
+issuer=/C=US/O=Test Certificates 2011/CN=Long Serial Number CA
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgIUfgECAwQFBgcICQoLDA0ODxAREhMwDQYJKoZIhvcNAQEL
+BQAwTjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJlciBDQTAeFw0xMDAxMDEwODMw
+MDBaFw0zMDEyMzEwODMwMDBaMGcxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMTcwNQYDVQQDEy5WYWxpZCBMb25nIFNlcmlhbCBO
+dW1iZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDE3MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAvNWBkGHs4ey3i7wnEUSxL3bZ/wcxijWbLd45CdHlfcrVluMb
+reijfhtxX8DrcfzSzWjMuq+FbReq/XE9Lig3FABFCscvbqMRsbVJBuRxykVx9Xml
+xyMtUScxxhkVFsJdGS6YRyesOX/IQSdDLYt++jRQMZ9WwjCyf3rl0w+vAmwzX9kg
+bHAVJoE71zVHHz6GxlLLuJVrYawr/j6Ao9sjniUNWsR0r/JskIpfwAyOPktOopuZ
+AlsUhw/TagkfTn7PTxTGQsCYabh9NJejgMH67nFWAikqGSsObbkGYKpqf8qOtsk5
+hW8PMGBe4Ry4OBL2ITdSfuU1DZWbAsOBuSs7HwIDAQABo2swaTAfBgNVHSMEGDAW
+gBQLY7dHrsIHMht/b+M6uOoL/9dkpDAdBgNVHQ4EFgQUCkxTRT2mlM7HMRp0Z7qK
+tbsHoHcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAN
+BgkqhkiG9w0BAQsFAAOCAQEAqesLoIqzgv5k02gA0rW61rhlEnQcwQ3v7qcl0816
++Gn8Ozxefx/tN49JM7VlVIDDATsLynepfZzhyb/5Ag+Yq0FMaMp13QN4ZusGsNJ/
+LlbG/L7nQejig+BAYzD6MIdpPKozcaTRYGVZjZ30YYg8SVEN4nr1KTf4ExOvqAH+
+dHlw5JXln9w0GTQfHyhx0Y1rCMAyqlrffbktFJMqDuUnoWM+9YPtRfswATAAY2QO
++OfKOvuYUOvPECybeD2QDFKOHYe7gpXsjQsEuAmUpDAoxvpay6VIEeytVEh6VpYD
+3pYPFGmK/SHDFzLVMMIFyHOpwQaoCiAAgguMsVVS5Md97Q==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B9 81 3E 90 D8 72 4A 1A 45 29 50 D0 DC 19 E1 1C 2E 29 C1 44 
+    friendlyName: Valid Long Serial Number Test17 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,44A9DE28D5DB80A0
+
+qqGl9iO5jTbHmXHqEWGf7N4ADTdGCCTfYzjwsTpgw5lWTyoH5cAKkoX0zU95+Sy6
+jBmrxuRnexwbcKG/yAETafgBs8uT/cNfmviYuvrOXjMK/WphkXj4iUDpsKLNoT7W
+shW3WbwQYtPeK2vaF7nLig//b9UD80Iv9hoYO8joBgNqv12rUOiCqGJ6EQqr+gNU
+IxjPTKx6cfEqzbKu5pQEXkT2paD0G8Us6uWQOj9UyESUuYLCciivtGuEAPBsaIxN
+zI+7DDxXD/eFWAjI7Yc0ovGa+gV/AxeiHFNJi0q/bjm0+1PM44hgadbqiphZlcbd
+wyYNccsO8HIE4pepI8xD4/SYCL9BXo2ukdB1B7sBXoLM+a/Gu9p3ZVy94c0RfAST
+nsBe30h/tvomue8HoIXBWsTGZYDca7VOQAwLkObli0atxQOY3rAQW+eKc/WIyX2t
+UGf6qwWf/oHplLanqQchMV2aG905nFCNHhd2T+8fElhbgBYc4YpMQCnLtZVGvs7R
+JRAgSPekBVdj3JyN71xaMcwcuqtAcIiAzHNyFsv13CsxKPcVgBUnE6KUnkANG817
+SwidJ5tL/Lkb3iS8qaR5strMrLqZJdGHfhvZ0kuTvW6jFIPqT9qPpn3MbSW44WIi
+hOFVgSQdbsBxyEIIhlOpAW72qprgGAFHNWD77RqDmtbh1+OQadD3xDws74cObWBj
+Nb8n+9gKFeC1gErZ6EG9y5eHDQiAzB/lSHw//K+el7XDAh6UyR3o1Ob/pVmQaLqS
+VPIGMkmf+HtJUos5wETaqxJIlh9GypA09rVW5ZZSARxYdGh/evNVKRBPukGcQktq
+EUf0MCZcZGw2MH/+tdjtugnd5edGhmzesYRlDchnmSBGwiis0XYB4FuTzDSdKuD9
+S+vsb7e6x6rZFlEsA0KnAwlYNUkm7M2JzGjPs3tG4CLAKMY717wY/C3gsdo2ybR3
+bBESEa+0QHdN5ubeolPY2q4IVPes+Xg1HjPW79c2WoZ6CDGKOlC77aQ4AN4fnFNk
+AOmFFAdTNVVFsnQz5ewrd1fIr/r+rR1XbJBE8MkE8KaUAVxPpOJuwsIYa7IrBKAr
+sVaPC/LwBk+iFtUoN7dUmuu4Y6GCPTSYuxhd6B+75sv2ToK6nfIK9XDhzd5ua1s9
++7U9SjRXuSc81KfSwpy4Ct3zKcTmH2ggqjv5DbzLbI1G9Eodq2a012CDue4bie4H
+znuOAUUqM+7+un/pidIVpxCxxhCFxNShnotaP73LO6xgxkuBOCKVVphHcr4zV5k6
+z5D20cDGwk2vYdXVmI+fQ4CtwdMDm5mnc+P1GwDS5oiA8fCSq46GQDBtAyq++Lz+
+u7m+kLh7O9JNOre3iNeAGpZZrLacpd4sCaIZWi5QOmxcsbl3ojYte/c/r/J1/AT5
+ZAn6qi71xHjuuOdpMPCYOdBapbw12A9PU7VpjlY4f34B1Cdf3u1kz8D2ZVsaFlDj
+d99kDQOKFntH0XOTYMytoK1lsekRiLOsrUUMWkJO1ULtICPdjJtRk8Wl6lr5o7JG
+rA5/hsVnStNN8QDbRGPZgmFcKryroXGEAz/Kt7fPhYc7DKiK+OMmPdRIOEcM8zUP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5.pem
deleted file mode 100644
index 84006ae155..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Name Chaining Capitalization EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=GOOD CA
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dPT0QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBrMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxQDA+BgNVBAMTN1ZhbGlkIE5hbWUgQ2hh
-aW5pbmcgQ2FwaXRhbGl6YXRpb24gRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAKKjNiRlU/b/0kN4KqqM8GCc/XOogauyq9LV
-K5+grKdIS9Hyb8R/YDK9ilsjzU/nYKRdOvMfUs5NYR7H1UhBJ9GMfo5ZJE7zbV6X
-COFLvi5STvmS1FIA1COnOuW0gCI37YuvoILvExZV0MlgOP+maCzYWDsffOoGujMJ
-/tdFTmufAgMBAAGjazBpMB8GA1UdIwQYMBaAFLcupoLLwsi8qHsnRNc1M9+aFZTH
-MB0GA1UdDgQWBBRM7vD5b8j3gITFAx7LZDp4/fhR8DAOBgNVHQ8BAf8EBAMCBPAw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAFXVuDJL
-2xAKqFtse2QAF5GxQIa8VuJCdOuNF/KCTNQ65dWDvBRYuc1O2O0NaeN71B7vbBaR
-fLAM9acjYghtDQd22u/dErDTmKIS2IEY4Z3P1eGlLcNhpV1DsIAe6cQLgm+fY8jS
-1m63U2bt0Fs4nefPvxpkWCeLXOCr7ewDM2Uc
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5EE.pem
new file mode 100644
index 0000000000..c011252ed5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 66 4A 0D DB 28 1C AA 3E BB D7 DB CE 21 C6 B6 B9 5A 8F 35 EF 
+    friendlyName: Valid Name Chaining Capitalization Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Name Chaining Capitalization EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=GOOD CA
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIBDTANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR09PRCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMHAxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMUAwPgYDVQQDEzdWYWxp
+ZCBOYW1lIENoYWluaW5nIENhcGl0YWxpemF0aW9uIEVFIENlcnRpZmljYXRlIFRl
+c3Q1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7uBBbS4stI16Jp4v
+WGJ51twPti1iJLp+mNzQjyNaE/xC+J3w438fQvsKPEJBwl9iuTtIO8ijAGRJiCUA
+nnc7+PeJ7UvYBxE1tcggXXrE7pTJsw893bE6JHy6SxH+/yt/yRfwo+YqbZvtD+6U
+4bCsj/83FQvhWoLdh0ePfU3GiK0wkM13aD+pBNy/aMZHIOm7JjOuv4a2hbQtYWHo
+oYRYkhXfykCr37V3zwCbPsmGyVJ0MLtwLs/Q3Cqxzlp2uIoeFQR4e2H+ISfQg+Lp
+1eIqJCd2E3VJ8oKcIu2oW4soNL9mPNjKZdlwC3VLtRITcvfPH/otHuS2wcAdU+88
+DRMo5wIDAQABo2swaTAfBgNVHSMEGDAWgBRYAYQkG7wrUpRKPaUQchRR9a86yTAd
+BgNVHQ4EFgQUeN6aGkOrZ3hSrA3gtRojk+AnY8IwDgYDVR0PAQH/BAQDAgTwMBcG
+A1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAbqlb8g8M
+w5TaH8PXafNxxswC41xFgxZWx4vdQEytNeeAdFABrQf79V/CxoT+KuXr17wTstpT
+XqEF5zjsahruaSONLcUy1JetjUNW/Z7b6/p4s3NffYhf0TMqqLLatI63CCImH8Ap
+8ceCFU3m+fyIyTdIEHgsnQX67zZ1mpoFjlrTutSYXUHtfhsK9h7LCprkBOwjbjfd
+t2nf6nPx1H05oFKrFGpu2gAHHserXavCToQVsprK8jQ6r/8xHInJS76KK3fMT4Is
+iA6EiRrqGTWkPjh2hd6WaFz/zRhuLm9ODRuz3bgN9rcdxq8jYkDg8Fq6eqhnVLJe
+nwhTghrNhZqV4w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 66 4A 0D DB 28 1C AA 3E BB D7 DB CE 21 C6 B6 B9 5A 8F 35 EF 
+    friendlyName: Valid Name Chaining Capitalization Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8474ABEBEF2EE976
+
+5J1l4vly6GY042QtaorkypQYpT1DxoNh6VGLDt5ceK6iqKZKJc5AoXViAlB69xYd
+qusEHBs/WGdfXysIyThM/d4BVC91K+ZYeJZiknD/RhWLkxFfGeF36pC85Pm4ahxa
+e0Kq0VLCc6FNlPMnJV2clugdNaH3ZSr9A8luQJeU7NUHHAasfq/6DU56LUnBDPQB
+hsnnNlJZDeDF2vzZLYSKL7X0s2C8EHdB1PHWaDAnaDNLk4/3MQbopxoF8Eok50Gd
+jBUsHqo9/qEUP2Rf/W+oejs8ruW/WUBVEIeZ5Vfi+Df9obJB+r8KshRc/JH/8QRg
+9F9uAsUkNlzcCsbNTE+lUK2yY1JSYY3LAU1dUkI5W6rlJr7kASjlWsDb+ShVoBsZ
+HwXyHE0ACFSqgFVlAFCqXmoUXaGAxUsQ4bACE7sWlPtnCcCLp41JV3XobwGz6ZHm
+maY6CBPZXzc8Lcqs2uowAUxa2/jtZJdzpqAXTDks+ZHBgDOv61mvyByYWn+TT+zm
+qY8JGuTxDCUNGO5aGa2aoaZCExYo9HR8x0Pn1P7uJDtyDH1Gk4p0mHIYm4JADw3g
+x0ML+R6jROa1S+TaaYl0tpkmfX3BrZpa2RnARAxQhMuGQIS+KB7jfArgR+MofN3v
+Nq/hiRCZ6tOCuvNInKplDOzAAI9DJbVyMk5GL6KDkuqBEVWr3qhzwt6HnyRw0cVy
+AruMn7xRl3o5XXob/kAPK+WZDavj48LLMTIigObBbluOJMkVLkxqx71Hq3S+9NLA
+nIX0VSWKWjxh+wVczdYQDipX5uHppeaVP+fJSXIqEVVvcDSogPJ747F+Sxiw+KJF
+7DxL21lN4Oa2VFVPVWdYPrqnqSjw3qoVmONYB4Vb4TksHcj9wxo7DQrL4euPHtnJ
+bMWyaC2GMNJJUeW7yZN+Fr6LmhrUZiQKtjdSPNETJpZQEu9iFd9VLfZ/ukjG3MOb
+hHULOkls/rqwLgLG9gdChBf70d88xD2waZnQsTK1RSjQoyBkqvm1fJh7dgB6Lluv
+0On5y1hiRhleV7croW4T5UJxHhB210E/CrJIryaz8MbjVUrgdzlfh2aHH5c5kVJq
+E4HLoFjNIkURQnN0XcMbYJCT6HXhRtQa8vcODxrwtRLu4J/sylUv/3e5dfVeGuDd
+EBGyJ6j6qPdU8h4j8GhHtmjcT5900Mr2Fb+TOCnzQszo+SksndPQVFEmDmIBLUv7
+U62wBHpzl9NmfSGYwvYeVytHO5Ufa34U3pbxWi5IJOyopFMjIA974Hx4En5OAHgh
+qZxeB/A7yZ9PPWc2AkjNowpvCAnAYKtrJBQZMNF1WLajLWwk1CYJcbxUF4j4amGX
+NzNg3KaiBOd+usBFKLWbmaaMXPQVOijbkYkukanPxdk+hxtTykJSp7uMGhGgzQHP
+FQ2/5bfvpt3eSY1AT+NLZyaNAe30I31VSFOVBbYcGy89KTZUgay4oXGFZvpSa75l
+ro/9RNIe7cYOapB/yzgR9BtJB1r3rBpEOrs+FYV0QcaIgBwbBmJnU4Ew4kgT9kcz
+1CZ0mZTB2ysg9jXquvhFTY2n1clRUrD+IAd9Lkx7x2LGAd3ZGOPxS0l+gG1BoMSH
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingUIDsTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingUIDsTest6.pem
deleted file mode 100644
index 224a2cebb5..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingUIDsTest6.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=UID CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcTCCAdqgAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxUcnVzdCBBbmNo
-b3IwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA6MQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBlVJRCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyt5HBgA3udSw3/TzrG90sAN/8wyl
-eDWkGAUc1kYzyzCyNNRMYjTspi391pcr4incsgjvOY3Xc6YT8ajMzFw0R+ur6hbl
-oTYcbzdNNZGzr2w66IMDMntKTpZ2PpUH4XoCvJmNc4xIohL60RqPrGofttwpyfS+
-gxXCpVjsfywnR40CAwEAAYICBSCjfDB6MB8GA1UdIwQYMBaAFPts1C2Bnsonep4N
-sDzqmryH/0nqMB0GA1UdDgQWBBTSZXzCH9kXQYjs1VhEmgfiHMx4FTAOBgNVHQ8B
-Af8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADgYEAJZCA4IQ1YgY/8DcUafiLUKwirRsP5C7cCdMr
-0POcMDPmF5wyw0VuUGqHnAFEvc3VXjHv7KPJjlq0BPN6Zv/mWpumTOEMZNM8ik5u
-2NwuDmexmwkXHhK63MVV+iVsef6nWxx2Xf3ahbbLQgFnMIbLeNzXpIPzyFlQK0V/
-ABcwlzg=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid UIDs EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=UID CA
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBATANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBlVJRCBDQTAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFMxCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEoMCYGA1UEAxMfVmFsaWQgVUlEcyBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0NjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA61z4
-7chYRZr2FRLh+/4cPggLdSkDgQkdFCuflGzLsN21pmtZue3b7qADRSFwnmP5wQ9L
-dOEPzufTiCt3wcPEHCaBCCN0Rr+8iWwww76h7HE0jjU9o7IHje6qAOhc7THvZS3s
-kiVb9Nt1J1/KSPM3oltTENEyjuLaXbI9XIYY/p0CAwEAAYECBSCjazBpMB8GA1Ud
-IwQYMBaAFNJlfMIf2RdBiOzVWESaB+IczHgVMB0GA1UdDgQWBBRMlbVlFGZ1ahlQ
-H8QnvM3PBG+n+DAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA0GCSqGSIb3DQEBBQUAA4GBALXKf4ViSQp8LaI9MVvNFJ5b/YG4jXBpGXXp
-htEyinitf4scZy55fdtqANeG0Ph5y7633SFANNBWS+enHNQu3Nti8boG52chWIzf
-/8vANjunWkn/PVQrI6jXORTFNG+Ia/baFDbpKyjIta1g79QVXdqi7xQ9Neo6r81u
-uhx3rn/V
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=UID CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D2:65:7C:C2:1F:D9:17:41:88:EC:D5:58:44:9A:07:E2:1C:CC:78:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        69:bb:bb:27:78:93:70:70:bc:06:5b:eb:d0:3a:9e:78:3a:e3:
-        dc:8a:0f:8d:77:93:e1:6a:c9:83:f5:64:f8:0c:5f:27:0b:1f:
-        a9:83:a3:c4:f3:87:ea:24:f8:79:41:a4:44:56:1b:93:78:bd:
-        e5:83:d9:60:2f:2e:d0:92:1b:41:2a:90:0c:9f:5f:90:1c:07:
-        88:98:b4:6b:cb:78:98:da:30:d2:37:d2:44:19:c7:d3:fc:9e:
-        65:89:2e:f4:77:7d:f5:9f:4b:f7:72:3f:32:d9:90:d8:52:0a:
-        dc:ce:51:81:21:f5:25:59:02:11:34:8f:52:24:ad:0c:0d:69:
-        2f:2d
------BEGIN X509 CRL-----
-MIIBMzCBnQIBATANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBlVJRCBDQRcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU0mV8wh/ZF0GI7NVY
-RJoH4hzMeBUwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAabu7J3iTcHC8
-Blvr0DqeeDrj3IoPjXeT4WrJg/Vk+AxfJwsfqYOjxPOH6iT4eUGkRFYbk3i95YPZ
-YC8u0JIbQSqQDJ9fkBwHiJi0a8t4mNow0jfSRBnH0/yeZYku9Hd99Z9L93I/MtmQ
-2FIK3M5RgSH1JVkCETSPUiStDA1pLy0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3.pem
deleted file mode 100644
index a2b8d417c1..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Name Chaining Whitespace EE Certificate Test3
-issuer=/C=US/O=Test  Certificates/CN=Good     CA
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBCzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEb
-MBkGA1UEChMSVGVzdCAgQ2VydGlmaWNhdGVzMRQwEgYDVQQDEwtHb29kICAgICBD
-QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE8MDoGA1UEAxMzVmFsaWQgTmFt
-ZSBDaGFpbmluZyBXaGl0ZXNwYWNlIEVFIENlcnRpZmljYXRlIFRlc3QzMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnqTq65lI16x9K+4TSv4Kj5oTA79gcaQ1V
-o1Pov5lyumlF8AxDNIBczzkCmRw0G5yTUG0GK47M9jfAWj3nlYjtQY324wjwcRYX
-TqFCcPr4Aw4VdxQ58+hE/Dve+Q9KgH8XJ7KELJoiN9dCmYcTXnkW+ZNnPYGpAtf8
-2QXDyCwO5QIDAQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWU
-xzAdBgNVHQ4EFgQU7dgiWtJswE2iwyEUO2QMiVBSZGEwDgYDVR0PAQH/BAQDAgTw
-MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQBYEf4J
-9G7Vag3A4nNIKYSRK1FULS5V4XEpbh7h12s4NjEulFrxn9ZKwSbElwar9CYZIOJl
-sW77M3xjTub/6l2DwT+pBp8smD4WdcN8D9453M0nY3+0de6hU09COr7/AWVzbxzd
-UEHnXWDZu5PRgbj14UJKrqBzQiZAbMRx5b8sAw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3EE.pem
new file mode 100644
index 0000000000..dffeeb76b8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C5 EA CC 72 B7 CA 5D 4B 8A 21 2F E1 75 89 75 BD FF 49 9B D0 
+    friendlyName: Valid Name Chaining Whitespace Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Name Chaining Whitespace EE Certificate Test3
+issuer=/C=US/O=Test  Certificates 2011/CN=Good     CA
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBCzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEg
+MB4GA1UEChMXVGVzdCAgQ2VydGlmaWNhdGVzIDIwMTExFDASBgNVBAMTC0dvb2Qg
+ICAgIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowbDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExPDA6BgNVBAMT
+M1ZhbGlkIE5hbWUgQ2hhaW5pbmcgV2hpdGVzcGFjZSBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALHDyEmorSlP274u
+/18BUHzKkc9SIwgCP7PBHTOfjf6Zy5H5WVZ0iPjotyQpm8nhiZLodmJ7I14LyQaV
+gCQaZJR3gw5dKMYHotPXQcI4jptWTiiG+aNT7bZREbg5BA7jTswTLokWbcQHBSx6
+iN6QfHS1LJP0ah4ccVVpi3sqDvfzhzWsU9s/S2pFUOHM6/iHc6H9Zy/CxceTHrt9
+jw5A3KHRZ9ihMGuwZXZfZn7HHtDuVMUb23QRhBVoPo+QzCCGXb3Kxr1/qM1EiFgW
+mkieRIPGygUkFoGyH+ELQNclyI1bb9jsW4g+vr6PTYgEJofktbQB3WwCRH7ADIW6
+6fpSr/UCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWvOskw
+HQYDVR0OBBYEFM+4igHs3RwMuk/hDgGZXsfaFTxTMA4GA1UdDwEB/wQEAwIE8DAX
+BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAD5C0FF8
+5YCkCu/hOuIAlLhMSkjdlBKlpnFriNjiKtNNPm+lEXUCnN9Iug/QrqevX1wTN7zx
+glDipUTax7bo3/z4eT/eURz5shg4swHdnDofLxRDJybSEG0hEDUgu+lvww13FHFQ
+6ZgGvgC4O5wPE1UVCQmM2EcVkcdn6sMLozzH+sg40gj/VALvh2H6VhobkV7dzI82
+cGPZhPDNjO/w4MjGTfhQjPvMGVuLjazBZxNCyfZeYDjygmIDSDLmFAdum34Vk8OL
+/lGLKLp31rM7EBYhkpu48PhPy8iUXAvR+qPlcKfbQ+k/D8rbzDE3tX/Iw/6LdhU5
+3xt3vd6uvytI5dY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C5 EA CC 72 B7 CA 5D 4B 8A 21 2F E1 75 89 75 BD FF 49 9B D0 
+    friendlyName: Valid Name Chaining Whitespace Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D3BDEACC98B28A3E
+
+Nr7q4KiLPfumYbQawi1p1XmHeWRLufp83i14WwnfoIDJ/D592JH9a6e2g78ostDW
+F/S0VMtut7GMOd+e3rzS9vKEN1/KJHuatbgpvt6aMsCxeqsQjWq90cx3XxN9GDSj
+zQ/z7yNE8DbOu3Ohs8uZnAWId94sX6pbFndkjSys3pbdhgwQ86cxNIZvXBL2PHyL
+kP4VgOOolg2gE+1jYbZhzIZxpLv2bVoTtHWqr6NlhmPzWSTrlvLOUlsh31btmGD/
+9bHp/L7WCV++S8J6bDVlkcwVgo3k9m6hoKt7m2AbV7ljztvgpJM0isZ5CDNIQD4u
+sLpPGssVIrJ+90EsrhyEAqOzSmbaL6OEvbXkAilhaaPG8fGjPjJmlSiO/rV3acxc
+wuqt6dipGUBDGzVBTopOE97zLyHgmoRH1Zh2m9JM6IZrSZpx3oYaiwBEhwXpOSD+
+edbC2Jl8h2xJls0KJbP2SfhRvkXBoKHkwDLgEUuCGhD6vXqP0zeGn3oaCe7Bk75q
+l+qIlbNh8ytLTe/ZNaj0xZ9KzuryeiYM8bFoRANsI6iYrPeI6oBo6kv1EYEKPRef
+xhuoTYrtwoRJzou7+SiHPJCDtArWJ2EJAWLIsN3ymX1gaW+Lk1mESSXntT5pKDBL
+63FxoG9hTl4G2/HGMwGmbbxNO2o/IhE4bQRSlsedadQxMnXHKq4NAjB4Jz7Dhk8N
+PhuWB9T6RnZGajwXMPYGVCzJ2ms8pnN6DE9NreZmgCoDHDE203Zh5WQqLJ0fTxy4
+ZvF/Yx0OXe0ZAgoiNpmu8lpKXTuz4nReKrXIdeWDmzeWKdyCMV3z5/+Vh62/UbUE
+hsvCczwL5W+Cial+tIc0r3zX3hpohEqT+oTUAznTRqy5dqpL6vfubZephO/XU3gI
+BLcnyGMbjmXJiAGxotXYjZsYhf8f56yOfzY0EZmjehDxNJbLh/IWh3eWhWyciNRg
++aWL+95YIJnkR5dgNj2mnveS1BdqjZ34WIziYUTrGyIZXWvx4883Ilc15acB9Ul8
+89wGIhVEY0CNFl7mrGnRSuWL5EXNCBk0lhA0LtDivO1wSwqjQ7lji1lKG6MmWJob
+cQ2YBy01ERGt1G8rOzL3V0/Pbr2Bp0zwKkWeD4Y0ebtawmVCcqny+XtrEfz3I38K
+WMqbLwEsnj3YM8KI3rM6FjfPbp3vrlRj1hclaaE89aXy9SYtdfBypJi7am7xpkou
++8Q9LRuXucorLQEVpFT3ZevXvl+hSXEfjEZG8fQ3bsrnXsoP8hB0DII5jgVkvqh0
+rwKQYFmL9yfVHnimGUneNjpnEIaiFDK5cq8KEkR6g29wEof431kVXek9nSG/UkyG
+ylh9YlxwHmbJQKRiJeFYSILWEEz0KsTD1GhXu9qsucRUAlPp6cVdpl4kA7Z/3ERj
+/Zs1f6aEQZokhdOhSZz2QnUb4xMWY6TduM9FqPrFBbjII5/4o5mOJVAPTgpDzI71
+4Bz+C2riSODikKivmeIq5OE1fYpuN/WyL380wx6HkNqpjlNTy/Y1fM302GX+4JCS
+7iBZDndYgQawpPDXz+S4eoehksUP0y7IWaLkoD6SRqh7P3GtvqtHf6V4/aawhu9D
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4.pem
deleted file mode 100644
index 771472db84..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Name Chaining Whitespace EE Certificate Test4
-issuer=/C=US/O=Test Certificates   /CN=   Good CA
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBDDANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEd
-MBsGA1UEChMUVGVzdCBDZXJ0aWZpY2F0ZXMgICAxEzARBgNVBAMTCiAgIEdvb2Qg
-Q0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBnMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPDA6BgNVBAMTM1ZhbGlkIE5h
-bWUgQ2hhaW5pbmcgV2hpdGVzcGFjZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtFVzL02aRX103n0ddypzMXb4EZ6au9/l
-Cf7wLoF0u6IHixT05tw1feYoDt23vnfJKOjwqqcqnshCi0k949dyrQeTAnFQXsqp
-aPj1xjdYq3ohEKTObPeGRiyinhMAEZHxTLUyIW3hmjooktV827Bg1l9wIozE3pvw
-XyRbd3rAkFECAwEAAaNrMGkwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oV
-lMcwHQYDVR0OBBYEFHeQkes2kV9nbiKaIemSfMP1WNMPMA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAW5OD
-GSTMa2KPAQpLgH0nrncEH6jRAkyk6il7E2N0bz1KJP1itGDbzdrNTtMTs0rD9waM
-K3JrQGfALXvoj0+PD+Z/AbrpO3WKKuDkKOjIPt4Yyf59K36K0ZLKk6zID6ilR6Em
-0BaM9OimGTwDaij8MOU8FMuwXFgOu/wPciMU18s=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4EE.pem
new file mode 100644
index 0000000000..abc0b5bde9
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 3D 5A 26 7E 13 F6 36 79 3C 23 EA CD 54 62 D3 0B 6A 73 28 67 
+    friendlyName: Valid Name Chaining Whitespace Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Name Chaining Whitespace EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011   /CN=   Good CA
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBDDANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEi
+MCAGA1UEChMZVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMSAgIDETMBEGA1UEAxMKICAg
+R29vZCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGwxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTwwOgYDVQQD
+EzNWYWxpZCBOYW1lIENoYWluaW5nIFdoaXRlc3BhY2UgRUUgQ2VydGlmaWNhdGUg
+VGVzdDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4La/z52GYvBOP
+DFvAnfCjhivYpHlbMWtU7svc8tBER62tEOta4nC30i3dcKjgB4jKDM0F/u+OYl5Z
+4yFB30IiJm1OTj7IPf3ByvpExvPpHnVzsDHejQxAYSFIzrncOZbFmVbMy9cX7D4W
+hNQV4NAokTP6yocnUTxjyStNrQdvFvddslImXHlFUhLDSms8iW0DUbxkKoSajmBc
+tUMNb+fF8UXzCKZbrLX0Oe3Yb9DsjooJcbDWPosIx5f4JuoqBPZlAYzbfLY6n2mi
+zuITEX8Y92Frb8IHPV5BiGB6BH6zacuSPpL2wraRdgZ+RDp7LhWLEgeoEgVpKPJa
+9NkL8frjAgMBAAGjazBpMB8GA1UdIwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJ
+MB0GA1UdDgQWBBSbK6wW/RUIeRut/gCL5ZdIwM6pZjAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQCMYzO9
++8BMUK03i/AJRqCMqbqswHkkb9HeVjXHy+NzN7WK766jlSW/uTQ0GQSVdnU7Fsz6
+UH5gLW3U0xngEYRP29iXNVKvcowLt9QDnHFOSyIQDPby499+YulERS5kAOhjm7pt
+Yq75dLt/tNpEueSYzI9oUQzwIGpkyaVVlfmO/FJZdhpJ9MCZjzWoUhuLxXIQm+mD
+UAme2M514vtqwa8RG9xUQdO/CnXZKhAKNp+VK2zn5qt9FynWL5k1kMmxUkuqLapu
+duPbakDGRpP8vsj9QNWSmE2h0ZIZQ620VZ9121qhv9hvngL+RJcryL3aAbgQOmk3
+3eJOprz8zBsDGy4q
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3D 5A 26 7E 13 F6 36 79 3C 23 EA CD 54 62 D3 0B 6A 73 28 67 
+    friendlyName: Valid Name Chaining Whitespace Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4424FB8B710FB0B1
+
+s9Ot42C5xYET6pUlfi69SDT8WEn0dPhZlU8nYvNUpjhU4Oe70ZZ/oQXKrBfT+Lnl
+vV9z4M+4R5OaRNx6vZQ6fv37HodsZoAv6cCEtw+zN8l4FxCH55FbtDYgvCCqM7ek
+MOGzEK5cpKgeAk7ayU3PXC2zNKDGVNmUzZ2o4eFcxlG6ZlsqEOqddAQKA6pVlzep
+6hvycuHBaKYutrCgC2H8N5Go0Mxdg0cVi9QUUQQjtGgvpD6k99eicwk3BczNHPFa
+i+pv5exRDf1brZRlAGKiYMc6SjscRAyZmZQW09+IwFC/8+Nz9aA/Z4/hMt7hd0n4
+s4fWl/EnYVd25FH3cG0l1g0SYvi+tkHclftGMVHrkuy01oCi04Ak4qh0XTaDm2Qn
+TVLLrrBhAlRFnKWHxVqSTjT+8myfJII2W09tO/eVYS8n6lBYkT5FyN2SVy8SqV/s
+L6+cwi9ihmIXUjK0DQlDdo41g9fGTkx5SrhNje1Ztpoxymg4B3Y/OHtvnAZ6SskE
+ZqivMN3ugiszipW0akTdGx42auWkH+CZZU38UtwAz3FLUa7TaEGnA96OSBiVSn4F
+mfDg8xj3QtUTexqaQxT5ut3Eyd8s7dn/WbsItwJNRgHku9GyMmgEDNpTR0sAIXEm
+F7PDc6Qd5/7h0KGmQdA6hVMIqGBeND+2zgcyThcjF/JMdzehIC0Ga8lLdc5kYvUY
+cx/dFx4NVWvxQCmJzDvIueZl1YduE6fxugRXElTlSoVjpMNHnVOBW/ZEjVWThBkj
+asvAEBgv88lmPKC1s+scM3MNCWT8CWQyqXjtm3XLIJe3huFg2g7/NcrTicT9FvLs
+bKSOiJMsmTA4wwTyDXduaUv2PIs15fRPgjEOytm+LFb02c/5677cTfHeU2dQJctI
+Z6eSbJYk/B+2QApmyUs+yGh4El3xkEBEF04o6bkipnbceIm3LJxrPnjlSkWJURT+
+6yMB2TeJVG+DFparwjInS43EHTMstpGbf5DaW2se1ZQJPLH0w/ePtSzRI3ysPC71
+ycxIRCK3buGZG7oj+SZMcalA1IsMxxrEgM0bT+gmb1yVitrUbwCqn/o0NlK2uB2K
+TUQkElJnLyTULroBr6DjkmtbRmlogKsfOlU0IxdtEotOD7dFjw4tqXtQXmMOi7fK
+5QbCXl/ddP8PwibQUYxXtAyh9jaGfGKAo8dw0pLz9hg7XmHOfxjYtXkMEnTPKNk2
+LBBxRqLAKGeEQxErVjor7c7K3fYE2b3oRRwEyb6WDXFHdTH60gL5HpNr0YCjxb2Z
+oOeXmCjAZRm8Gyxvk5cCetjdDH94aHfk5t5HMp4roQOqnC1s1LfGloHUFiMgOX6R
+iQhbH1oYdIrhrOIUI6dwBsglmct92oiQySB5SyvLME+AZHZkVl51ckkSDfpJP30a
+iS2NxinNhmbSCuKDpwd/rqRHF0C1sZY+Xj0YC5yxa1gxOMmuJe7HYtbr8Ymlh3/L
+UkcMecNVV2VJyRBJ/2LC1gMbXRmHO6xt2hphjyf0LBO53ddh26VUWK5uSF2SNVzb
+oI5kZI0Rzhp+dmCk8mgyNqWDXkhb42kd0dfqe1AqQur92CrS9fpEzchXUL2ZwKTv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameUIDsTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameUIDsTest6EE.pem
new file mode 100644
index 0000000000..fc4d93467f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameUIDsTest6EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 48 C5 C3 96 59 8B 77 F9 C6 6C 80 92 B1 82 72 D7 DA B8 9D C0 
+    friendlyName: Valid Name UIDs Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid UIDs EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=UID CA
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBATANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEPMA0GA1UEAxMGVUlEIENB
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowWDELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExKDAmBgNVBAMTH1ZhbGlk
+IFVJRHMgRUUgQ2VydGlmaWNhdGUgVGVzdDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC+CDXTTtVJkN0JuysaGMhtKLPv9bAL5wjPaio74JOJd/yT6Ht6
+Wakzti6sGWJ+ZXZV/b06A0pjX42Ni28NhdQWVYdoePNde5WTbowdR2TOnxEAGJg0
+ztClAEBDgAI6xSk47UJ0Dw0Rfs0hJcbLNQnqAHU1UllAX9XanFDrAVMzucVxYIiA
+DF2dYc8k9qeWYp0iASwG8uNhOjV4yZK2qnP+Zbgvi7rfs9hRGFq41TcWmfgiEaPg
+olDsycWP9+3xN0VeUQWSI+a+m/WqXfn1YlID2fDdBfTAluGZo0XgLDCaFEBTykbz
+txF492qwzSjSDTRTFDOXeFtFrG7D7iw01GmFAgMBAAGBAgUgo2swaTAfBgNVHSME
+GDAWgBQQP8UEMPHYQzaFeVyMjYud7i8cqTAdBgNVHQ4EFgQUtSL+I/d8UPhnT9HV
+xez6eEtAmW0wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+ATANBgkqhkiG9w0BAQsFAAOCAQEAVZmul1o1onioRq7Mh7wUzGcIsXfNPryARrfO
+1+dn/QwbrfraBtW5LlUHgaqn0etd/7oy0YslTJ0eR0NvxyrJzTS+qENkN2DVlrUo
+qcwE/P+9iA0eL3oaZROmf5zqOJ6dw0DHYHiEZH6u3rAd6fG1X0gQysvaDIlxMcCt
+d6BaWAaWxn9GR/9Jwi/imjiVwgzZ5xlll2KuDBt5pv7Gl3o39KIGB/kJ4amgBA6l
+ucxz6BnG7Wp5NgTRQpGnSptptIDinQy+0deTYoi7+iCttzXf9mrETOcTJNOZA0PN
+86Y3oRXxtGlORZg9ikd6FpYqtYVw91S+v/r/yfYm10GHltaHbw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 48 C5 C3 96 59 8B 77 F9 C6 6C 80 92 B1 82 72 D7 DA B8 9D C0 
+    friendlyName: Valid Name UIDs Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,424E1AF928678900
+
+YwTAyp6DSje4XkbA6+7pLIXYEGioKDM/iFTS+W4bDgiGY9tGEI6Js4DC/lrmTYhQ
+By//w7eBBFF0ELFJBcCgJppFVhSEGslvCf+Uwf6IMPJ12MBCGmGrDoIQB7rlfOrQ
+yRB0QHq4tLBQBFHe6cMPxJck9hFZU1r18rwDpbZDIP/c6Gi+NBBp4jj1lWHhZ+Jr
+NogkD5lv1MLJuZKog8r84W76VdELoR9L6uWkxPC3R9EaafWW7DrMo84FqUgEAQ/l
+XcUng/IRTzXpfr60m4WcvJkbXcaE1R9SDSnt1kn2Y8MJku/s7wjT+iu2RMwEww9c
+XoLHECtPhmUBoDgTSHU98sL6tBlAaonsmrMkYsZTy8bmdmsQlCF3AdHH9sA17FOg
+mUqwyRyZzMk6A/Pnb4Y8/uLO5EaALNpxN0pEd7s6Aycuzzrj7lNgvC6lem+JHZyO
+fDcwCdgCLiIQol4xrYWyALc74fssBh1ZHxQrbAbZVC9jKk6E6akS6xxZpXcV/F9B
+R3aMxOz5oU+cZyhufHjuQelBTe+S6aPKzVfQwO9jJ7ClSD1zoRnwOkIqCMLLmK1q
+0XMSX8vX0AX7zIQfQCOpyelJ8W3lJBm2RHB6XEoDxziRJY13UaT+Vh1ToSvJgbWp
+P/gGP+0M67ZFhO5w6dvaBGEBwpJpB7TrQbpUN/X66bb9qdjPl5/V2NRe7M599LFW
+WaO+Hxyof4Y+fElpDENdxLPT06xRWYEpwsOHdgdCdFBFyy0Tpes3tm8BizQfTDbI
+13CCoCHEwoo53x8jE1IJb8LuvxzVa5Z+CldEqXzXkZY8/I784t8efJ7yeC+9kjgz
+hT/GB65rOT0+2yLJfZnaU0I6XYHvaHfuyBHy+Ah5Y+rzF8DG/aMIMo7GpEH5uCF+
+WyDouWECjzllp4+vOCEua/5+RsBjzS9R2ep63AoDlNBzieHc2FouSaBobUNXHZrz
+SuSziiuiFVLfV1iD68TRgZGclf3BUx5QaoEbyR2poH1BnY1Kf5SQVgctBjA0oROb
+a0ngVuAXnUDIAl9dVNb8CQZlXf563znQVE8QVeuPiCgboyQsN0hwDiYgxUPUAdH7
+0CUKlE44ZfTQtQLPUsvwBiPEmSkDaSg4LwstxMv0kQYjygfaAlCFxUANi1Bg15Zx
+06ns8ACHPhD+QSOCtLqrhK0CAFJqek54Oma+GmdhvBSN7L5SmZ1f3wwhge/zumE1
+OhwJD30Fcq2aoqYJG1Pa8B/dV7i8qpTthCfva/dd0LldmRfnUZRU61rr9eSJ1a63
+NNEnZBGGgMRSeIKGUX4qTi0IltuazgKZ+6JLGR74xTi5RIpQIVz8xpSO4qbE2/df
+B2woTgXGvEjiThx7lC0/elQf/Wsd6xAqF0JPFV4NfnsAYSVnUKKiuy8+Yxn34NIF
+OMd/CJw+CR/HoA7NmpWacdo2TFEnXHbiLDX7YTlU53G/KNvcao5yHhJJUJLabdhl
+9fwca4WDXb3B3rOVATjT4NI1SK2JALP3xaBfo4zmM+EZLqkaZMCZLqL9sA0C7msv
+Q6Z+PSFoHctZsyrpwnqE/uHhDb5iZSB75uLFDNVN+VUhvfCTIlG4hZNPYu0pJ5hY
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14.pem
deleted file mode 100644
index 9a22bdd53d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14.pem
+++ /dev/null
@@ -1,114 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Negative Serial Number CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBETANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZTmVnYXRpdmUg
-U2VyaWFsIE51bWJlciBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw5yD
-rVmP3dVETqSrKKVXvXWAnpc5K5Xh6mhHBvy/YpoERigE1MP8A/6eE3mY6OnMJVAh
-QJRWniYBrIDg5zR873cTAbn1O7MwSfs3LLxEO81iAf2k4nFFxAGtQp5AUwx0cQVK
-8oMVty8BEcAkazVA87HQgpycQySqDLmklHNqkncCAwEAAaN8MHowHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJCMpyNNS/fqobISh7nA
-0w4zWMuCMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBYz9xXPhMcniA6W0RG
-0A59JbhJJpAZmnLBusWQjWYIZsVit1M1OXc/zDGAP/ik3blednL+t+wbdJc1qg9m
-4bgoXS14lg+6IGMF2VWcoKkDJDIHpkVrdQc9WGNm0qqPyHGW0ggbi5VrBv1potkF
-xBtl1WkY3ZTLuI71pJ15ebGZ/A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Negative Serial Number EE Certificate Test14
-issuer=/C=US/O=Test Certificates/CN=Negative Serial Number CA
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgICAP8wDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQDExlOZWdhdGl2ZSBT
-ZXJpYWwgTnVtYmVyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-ZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTswOQYD
-VQQDEzJWYWxpZCBOZWdhdGl2ZSBTZXJpYWwgTnVtYmVyIEVFIENlcnRpZmljYXRl
-IFRlc3QxNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyaurbJH9ZU3CCKl1
-jedpYcQntOZVxoXqpoC11EXMnSgUPLtVfWuoClVqZaOYnkz2hX1aomA+hGT62UOh
-f1CSywco7QnAAlWwu42zT5iJabaCruBWz/PqdvWkSWzcrMfuyybPEsil8hgaN0yl
-VNXZvUwPUtfwUndR4UltFdPmJPUCAwEAAaNrMGkwHwYDVR0jBBgwFoAUkIynI01L
-9+qhshKHucDTDjNYy4IwHQYDVR0OBBYEFB28YeqZDPts27Viz5LcntslD4A4MA4G
-A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
-AQEFBQADgYEAJeShrxatt7S4H209vnaUvVpExfX57AGRT2t2QVz6ztEWMt+BGBQN
-FUeSeU03d2ot+fwxxvrmUcG9ofkKIP69tTUgObSRfwC39UjKModur68cBjYqscl8
-d5fI2pAS/xXHK/+OoBBAmHgAiuMMbWhQn7ZCI0qJT/t4eHAjQlh5/SI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Negative Serial Number CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:90:8C:A7:23:4D:4B:F7:EA:A1:B2:12:87:B9:C0:D3:0E:33:58:CB:82
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: -01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        7d:55:77:de:74:f8:ae:25:02:35:ad:53:74:92:6f:89:f9:ed:
-        b3:4c:bf:a7:70:b1:0e:20:4a:c3:03:7f:a9:99:01:5b:5a:a0:
-        67:df:cd:74:08:d6:80:2d:ca:f7:c0:be:9e:68:35:d3:79:89:
-        45:a7:6e:f2:75:86:e5:28:d0:00:2c:96:14:03:96:eb:75:d0:
-        fa:a7:78:f8:50:e7:70:6b:cc:1a:9d:8a:30:1e:c5:5d:22:a9:
-        ef:dd:07:48:85:87:d6:2f:15:02:d0:07:81:2c:bf:fa:c6:ce:
-        49:03:44:08:37:f3:f3:79:b1:61:ab:c7:f9:21:29:3f:4f:cb:
-        36:c0
------BEGIN X509 CRL-----
-MIIBajCB1AIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU5lZ2F0aXZlIFNlcmlhbCBO
-dW1iZXIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgH/Fw0w
-MTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFJCMpyNN
-S/fqobISh7nA0w4zWMuCMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAH1V
-d950+K4lAjWtU3SSb4n57bNMv6dwsQ4gSsMDf6mZAVtaoGffzXQI1oAtyvfAvp5o
-NdN5iUWnbvJ1huUo0AAslhQDlut10PqnePhQ53BrzBqdijAexV0iqe/dB0iFh9Yv
-FQLQB4Esv/rGzkkDRAg38/N5sWGrx/khKT9PyzbA
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14EE.pem
new file mode 100644
index 0000000000..d400051189
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D9 A6 ED 2D 15 8B 48 7E 54 27 B6 DD 2A C5 95 98 23 AE 96 57 
+    friendlyName: Valid Negative Serial Number Test14 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Negative Serial Number EE Certificate Test14
+issuer=/C=US/O=Test Certificates 2011/CN=Negative Serial Number CA
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgICAP8wDQYJKoZIhvcNAQELBQAwUjELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMTGU5lZ2F0
+aXZlIFNlcmlhbCBOdW1iZXIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBrMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE7MDkGA1UEAxMyVmFsaWQgTmVnYXRpdmUgU2VyaWFsIE51bWJlciBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDlITWnwc4a51AQx39bPSv3yXmoWwt893rOAT2TyUaW0JoL4V429nq2KK4eS73Y
+O9ANnW4wkiIFpwMs7qGErId3x9TpP4K3Fs+QP1lCQtwjYFWGJekb2QI2jYhWPd7w
+YvZbYMM+Op7pQqnH3xuL69qH8hplbGOmwO9DoU/cSmIhFNAz9s9drx4lisU8MZts
+twarz+68DGUJTDIJgbB8Tqkimc6QaZBUQvY68wa0DA6eccxqXYLT1tWTtaru9kY/
+cRvrGFxHIw8E3Tmle9/Nhd8swZOHtKa1OqE7NPPsJtF5ETYZst5vSmk5SaC3qb8b
+IONR+qfNnAi1ZuSxakz20UoFAgMBAAGjazBpMB8GA1UdIwQYMBaAFGLkLjXGD8Xo
+kdALwY3etq/aiNk/MB0GA1UdDgQWBBQAZI4d4yK6xlDmm5mNqCZUF3QxoTAOBgNV
+HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEB
+CwUAA4IBAQA6I7Nx7MJAujumcj5Bl3gfBGd4ALdiiuHCwiO1KoP9FTYYeDVaRHg8
+TjO6YFwmgBBQg+aSvmi2N2m+vbEvpEyWLqlLyWg9WUZCk7cyUIti2+fbrbsATEtr
+iZ4dmVu7xDOF29Imoc8hig99oHBY9UdefJtzjlBQP3Mg/jyih8XvuYPNGxVVT3dg
+WtckNTq2O6v4SG64mbkTJxhbUDdqIBnoYIZvUkOzflWkr77YV7+q5iQzNCLMnNBx
+XRrFF3wV8V8dmuCVzHblVoyoKGmQHHWHpPaDrWy25aSxTSwCLdaUMGK6KCXlHhJf
+FHcc/suYcVKUB6D78BDupzMxpauERnB5
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D9 A6 ED 2D 15 8B 48 7E 54 27 B6 DD 2A C5 95 98 23 AE 96 57 
+    friendlyName: Valid Negative Serial Number Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4B42B554B0E77C15
+
+SFJEBFQakKS7qSxbf/aksRqZ0y/tDavD0tnzn9yP6+/FswJs+d/ZXS8fHwW4Vg/M
+cCrouK4zNjbLwC0F/K6fGswfEWxjiXFP4xVOYKfx8+c10gmvaXENpBVXhWsaY3yu
+HIA6Q668DY9K3XCnjDQTuWQPi4725UHxL6/PQ04CFkndsQwJGqShGXTjSNpbAJ+U
+B+R59NW7PANP3S+CevBvHMgkKNCl5SXEJRb/HCzjzsDH/y2ScVkCpC/ImtE375US
+FerM146VBtWc76CBCNdQ19zzEvZnIz6EIdVM8oKVpzGlUd2UfCXh9R5Qu9fexpFC
+5jIpvUk3vTNQmvfyAvDlJ07vnedEgNgnrQn/cVgbcGYvNQncAFFG8N78CAivaSCy
+T1G+LSH+4zbnfWd68XXaC8NGNAMa+woMeta1ZOM+ThFFFM3Rb+8Sx7S8Mj/mNPSO
+wvDb+PIP6K67yQ3GXByHsMSfqeuIbSc2cLwBJ6lAZyqcSJhNoIJwKN0blPIkufBp
+RdJGUHjs1J/8hfp6fO9PsXdp/PzV6YJNHmHMHGlAI933kOYIPeaxPjeiu4RGsY4g
+5qR8wDK6sHr3iJ8Xb5U/vIxldDNWKp9TyGm36wagJ+qz7Q2Ro4/NYS0cmlPKUnod
+nDw7cLP7sxLDZ9/ZjaXOcXttqDiwQhV2sK30GF07Xps8lHvJ2jftwPyBVwp27jwG
+pPddZiO77Ft9numEnxSnVc0KsU4qdttIjxOkJjvgkwjiDFfu68WdHtT1UDj2arhX
+0JBAfo6l5cp7NoUVakDwhlY+/zSPU8iVFwHLl79t6Vdmrr7/6UDk2/gh6oez7ejR
+UAlnXRxQDN1jxT0jad55uZfzmk9u5WxTFRmaDDSH5zRH3PtQEl8AW5rTTmDhp3bh
+xgcqk9+FZ0fwUai85jssXX7iQiBkADe54VLoEukX6aKLZm+DVxayIduMKKDHj1Fa
+Trsz5rRarqcAc76jtC/YbSwFHzwYgAUmiJ36hpA9Lwfqv2au9TZroJzV21OY5hHl
+oki8OpywcIh5FO4rPPPgmcFMrnhEsvQTwMLAsDtqYYHLTpTM2Wv7yWz473Zsy00e
+fcHPhjdr6w1oLnbbHZJ4CBuakayrxA6snlvQ0Rke3ZjL+bystuxJHKBlGDn0ZHEb
+aqcg0razy+W6zudBiUic+PDOQCrDGZKb/adD1X14y5Xdew9hpE86zAaWzHTTN+2B
+H63PAib61sag+nFEgStFhele1iTV6sB5+jOMju/nQmRCmXbZ00Mzq5pho8f92r/l
+08YyD2mJJ7NJSnRmcURz7u9igAArY711McnpnHh8vDDmWDYvamYI65PYm9ZUm4TF
+Pmx/ym7gIn19Sxzxw37N4lF6UgMl/SHpMpSyTmH6EvwHwACRz30l3kbaAz0R11fJ
++tCNwPt7KqziDQmtDuaTB0fxo+XMZuIsuRT0uQYuXzL8rZLzqq5pwa+97Pmek4a5
+/UhW8NMSzWjeHMLUJSbScOwBegzAPsa7WC4HwxmKPX5dNBMD9ck8xdZIjm5NNWvJ
+SPyBScFhhsjcAX4BJ6D1rTpsp29TcC3AF8RPMk8sPs/ayLi+i7AU3xe7v0fcdcQx
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10.pem
deleted file mode 100644
index 88bd982c69..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=No issuingDistributionPoint CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBTDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUGA1UECxMeTm8gaXNzdWlu
-Z0Rpc3RyaWJ1dGlvblBvaW50IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQC+7yNDGaK8AFxVWkjA1JkTRG1Ze29lXbN/99oD+Gw2q2C9yJHbDB2tcVCeM2wJ
-8pbpFvzPv6TEGbmHVkvO32/pu/fhM5cGgzsZxXvEaQi6+Kb0nasof2lHEnO5T8BO
-HGaef+bGmAPcnJWU3QPU6Ni7kv0b9HLPi9BNFdaUGU+65wIDAQABo3wwejAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQULBOPxQ4nI9HR
-Qd/fYYS5T/Ey7DEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAItv1utyf+4Z
-3pR/ExgGC7oEyQ8VZYYdil+JMtcrqExHY/zVEbgu4Cq1JTu3uC2MGAYO7BD2aVGI
-0g9Ij/ikkEZ2G2mW3Lqar9JL/57BgPyEwIlp9czHYCx4M0tewGXoBeQdmeHK6O+9
-YJS+QJZz/98L8lfp6mHuGoZid1McgVLT
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid No issuingDistributionPoint EE Certificate Test10
-issuer=/C=US/O=Test Certificates/OU=No issuingDistributionPoint CA
------BEGIN CERTIFICATE-----
-MIIDFTCCAn6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAsTHk5vIGlzc3VpbmdE
-aXN0cmlidXRpb25Qb2ludCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMGsxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFA
-MD4GA1UEAxM3VmFsaWQgTm8gaXNzdWluZ0Rpc3RyaWJ1dGlvblBvaW50IEVFIENl
-cnRpZmljYXRlIFRlc3QxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuYMU
-46Qzp+krE4xNOAL0bJYv9lOdlPMvMyU1ObejWulK7jGlVjYtf+KtVV+/BCajxoDZ
-LTSqx7R2RSJMaVQ41OzI3aHD5rR0M/ktYNhTotwcy0tFJQ6nwub0fTsjBLPSZZ6M
-UjGg5tiHZ0c/lBKBJj7BTY61F7kTWO5M7Dgz6XkCAwEAAaOB4TCB3jAfBgNVHSME
-GDAWgBQsE4/FDicj0dFB399hhLlP8TLsMTAdBgNVHQ4EFgQUpv9aWeCQYlWo0eBZ
-Sr+FnrT5hmgwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATBzBgNVHR8EbDBqMGigZqBkpGIwYDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMScwJQYDVQQLEx5ObyBpc3N1aW5nRGlzdHJpYnV0aW9u
-UG9pbnQgQ0ExDDAKBgNVBAMTA0NSTDANBgkqhkiG9w0BAQUFAAOBgQAnygifO5CB
-a6drkb7+IIxC6kXu8iPf648/puVdI4z8+u6p7gNdiaLEFmOPTQ8UDz2ih5aIHHl0
-hC5DWNF5udEHFCzGgMarH2kgkM08thSsxhe0rfAAjGVbGEQWpFWDS0+CXTEYLu2S
-A0fgLzVvlU+60EmmSDdOwNMTeKmElbD6fw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=No issuingDistributionPoint CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:2C:13:8F:C5:0E:27:23:D1:D1:41:DF:DF:61:84:B9:4F:F1:32:EC:31
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:8e:a7:dd:16:a9:a6:c2:0d:1a:ba:ee:cc:e6:7a:59:dd:b1:
-        9b:f2:70:22:7e:c4:3a:eb:9c:95:0b:63:0c:39:df:67:b8:5e:
-        14:7c:b8:83:75:d8:de:35:fd:9d:bc:1f:2b:87:89:ae:82:85:
-        de:35:26:ab:f9:40:16:ae:6c:9e:9a:b0:b5:97:5f:c8:19:7e:
-        7e:de:96:79:0b:7d:df:5c:8d:05:a5:99:fa:b5:bc:ad:f8:af:
-        9d:7c:75:de:70:73:0e:ae:1e:08:e1:7b:36:8b:23:21:99:bc:
-        8b:6c:2d:de:90:f3:c5:df:7f:15:c1:69:89:15:a5:b5:09:21:
-        80:c4
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAsTHk5vIGlzc3VpbmdEaXN0cmli
-dXRpb25Qb2ludCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAULBOPxQ4nI9HRQd/fYYS5T/Ey7DEwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEADI6n3RappsINGrruzOZ6Wd2xm/JwIn7EOuuclQtjDDnf
-Z7heFHy4g3XY3jX9nbwfK4eJroKF3jUmq/lAFq5snpqwtZdfyBl+ft6WeQt931yN
-BaWZ+rW8rfivnXx13nBzDq4eCOF7NosjIZm8i2wt3pDzxd9/FcFpiRWltQkhgMQ=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10EE.pem
new file mode 100644
index 0000000000..bad89bfbb6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 15 05 6F 6C 5F D9 9A 75 E4 34 10 14 6D 59 81 D2 57 30 BD A4 
+    friendlyName: Valid No issuingDistributionPoint Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid No issuingDistributionPoint EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/OU=No issuingDistributionPoint CA
+-----BEGIN CERTIFICATE-----
+MIIEKTCCAxGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UECxMeTm8gaXNz
+dWluZ0Rpc3RyaWJ1dGlvblBvaW50IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowcDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExQDA+BgNVBAMTN1ZhbGlkIE5vIGlzc3VpbmdEaXN0cmlidXRpb25Q
+b2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDYnGAHOLgjYWYIB7Bwhy8gdYVPI3JzxjmJzIWNO4uPVoymvcGg
+8CbIcpBtwiMtUpGWzF6atiNmJZRBJNFbzdUnIrxPDNiNaye0dIkK84WQ6uZwM/DJ
+Uisv3AJfMbZn9F9Pla9oHg2M8jiihfcaynBmq217R02tl4fESdxKQ1Nik4PhP2ZC
+UmEFmQBOZ/uc96vO6GubmzgfliuC8sGr7Po+vPFbIMue7PWUO0RKhzy/s0ax1fsT
+wJ6MlTx5ooxGNH1oOzqK/GIILIDt5hLhaDOSNsMh04DYNn7zl8tVwoiytL6l7UCn
+frOaoHG7DiTMe+BQsxrlM6VahvL96yaNcYqVAgMBAAGjgeYwgeMwHwYDVR0jBBgw
+FoAUs8tUv2qd/J/HMQ6SDKdHa5kAnzEwHQYDVR0OBBYEFNyZy4jEXZpmtXy5hf9u
++nIIofF1MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+eAYDVR0fBHEwbzBtoGugaaRnMGUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMScwJQYDVQQLEx5ObyBpc3N1aW5nRGlzdHJpYnV0
+aW9uUG9pbnQgQ0ExDDAKBgNVBAMTA0NSTDANBgkqhkiG9w0BAQsFAAOCAQEAKeZa
+DkaStqGWn5oALrJNBu6TN3iP1I4SQzEzchWs8DgM4EcHqvbP7erNZIRN7YUWKSWy
+Aqo4AFPWQWpWiW8oLdN0lngVBmSDD5BcEZnyAW7sjWp2m9qbaFowRg7VS0IVJ4FY
+2OOsAPefbsOuQQDiF6TRSbpNbu4VmUMjh+dYB3GXpqu1NMjv/L6u22x0AbRhwX6K
+8+DVBNDVN5/8HtW2uCtBNJepBfD67nvnpTJe8a/z43DKhsAhO1gh+ZDgzJ+7ZV48
+Z9BgV9NLRj1klaAFYKvPNWfErmFv4CH0hmr9OvD76MXebJMEfnsAXdK+92syGZUm
+R5IhOaKuIKb8Nj5Haw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 15 05 6F 6C 5F D9 9A 75 E4 34 10 14 6D 59 81 D2 57 30 BD A4 
+    friendlyName: Valid No issuingDistributionPoint Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BA6BE07396142839
+
+jnrtJ2XYc6ifyh6GqoXQYNgizHjemzQf905NGFRl9vRyGLKaUtcVBrjxwniUM4PI
+LWt+clqZ6XJNUZk816nmXp4CYZlNiCOZ8m9RH3w2uGS+BpNbPNZMiAXswxOAmlw3
+8527XorK0Bic2r9AystjMF7iOLr2EWlJHMGgFrhdGJRsxKmmcRXLM9SRvUmzBCOe
+XURrQRRDOS1K6ahWunM06UsoNIaqFNsj8kNGetBkGBIaX0nZklMGRPorxUf7EIlk
+QK1mlCZ3IZya+sZnJJe2tp5F0QJMrJeJDJzBkfnLrHl3cgG6QL96HtetMlIXCRGS
+INieUZ+wcHmaoc7odMCcnhFimi3fWMmWdx5DadkmIOyHpDwf61a9ZSTYtMV7DDpn
+RPiKr2JUfkORyApKJkt7Hl8NdjJ6a+xO/wPSAvFcS4e8+vlEQka3Sdg1jqLL9Ujm
+byYgug8eJLz5kag5tWyDa8mDwjQfqLxt6vqGToXK+fqetC8gYF69Ap5fj06453Bd
+/nWb7IRYbctBwECaRie4EU33sl/A+z+0XeOHZEt6EEEa1NkEyKbl9fEx0dM7Hxjx
+mTdR7cVhDcKa2IFNft0JQL5Tz7WfxzNKK5w0DQKX2hemURH7pqXQuWWxzmMjjBuW
+xLw2LHqXe+9d6xNzfJCWRLOiFQ3vgQGsQIkInWg7LwjlFEhmgip4PPokj9oPJyoY
+jRuy70kFDfJm91OY+EFMByHpcTSClRbn0eGiVRJbXfoFCtJBjz3ylgO4eWnIqTe1
+gAVlVXyyED6kTRk2TNQaWrEfyKcW+EnxtfEv4nsMAxSqalr8ysvnp3aIrVYd+t92
+Z9fi2XE+Liuj6D+5jZJkmiIEOVI/ZwYq9TSti6vxh8BSeV6f8T5pzzQZZiJwK3HF
+I7p6est+U+YygiFHL2mKk8pvJGylCV06YaPCeZQYuTatHXCIRlHSKXLhVnk5OIKQ
+GsK6yX3YgFnKyprz6HwYhaP/U9vzcKieVFduUsEKZjTLTJLPHeOdOOEGguPqoqyC
+Ky7JAYFdP1LAQHzEB9EL5OwM6Bd6KRqcvh638AO+//E4pNh6E6ffzmNH9sbb2Kyc
+rcTHKe0VQgxCBpwtpVUmUEYEm9p35DzbgIeTxcGtD9F8FK3I3YNobpPD+LPTLowp
+DvAJCUN0f9ABDM975WQNLlg3rlDOd6zYPrKoF09SgwF9t51auW5VokFpb3tJ/HZy
+JeR9vmzaaxTEdniUNh5NIViATsOiU6GEB+res0jUp9LY1k3AGWQyXvOVfH0hNu+6
+8xdWMnrI5HL5aJPrdW1KbJc/CA2UJZlKBgvkvNlmaE2mMb+TDpf1yjGdnfa4PbgE
+pGVO7q3UMo0YwRQ7nrnnSKKYR/o+qFD3NaqH09aOIC4DBYWLGkpyQBrAIqqpqxWR
+f63qrqCKEr5x4eSlvi8BlTeE1wEmBNYdb31w3mb6abR25HOtBRgL3jwcY0kgbT7r
+KKlMSazk8EauLfjiN78KQQEOmFtAlaTzXDTyQdlc/x7YtBoRaUxW2pUy5gA3EMG6
+TB0eX5ypHp2bT1Z6oTudUskfdas7lSGjeoOtqHN1D+8faN20Yd/GoQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1.pem
deleted file mode 100644
index d149d03e72..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Mapping 1to2 CA
------BEGIN CERTIFICATE-----
-MIICgTCCAeqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD01hcHBpbmcgMXRv
-MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF0xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEyMDAGA1UEAxMpVmFsaWQg
-UG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDEwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBALgTGZf83aaKeqRSCQeN8oi48i9I5mqVX9efN9WkjfAK
-0nLfV0GeAH/Y/LTtj99jOSIb2O1g4ayQ2SHb1v1UzTznfAyhVci9Oo7WBv5b5MMj
-+YezniLhIS7ChaLLIXfseVOQx53crjUb+/hfbyPMF4tkeKwNTVkExpxhq3Yp1MLR
-AgMBAAGjazBpMB8GA1UdIwQYMBaAFDc7iqG6jad0m8Dr1jnLIQyNo1Z9MB0GA1Ud
-DgQWBBR4R7AhWkyFIZrXxZjG6W4kxTE3YjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATACMA0GCSqGSIb3DQEBBQUAA4GBAAqwYJLUYNcvDniG
-4QbRntW//ZZ/jickxsLRWl6odrI5ecwfekAm8+zhuhtPTNJE4DvDEpZQDtzyRxQF
-ajMjlWFIZ0TehZVSSLGCX+DXAMgp2YxiDjIH8KsbiFT723q1y02U1RPVFiU4Oik0
-+3Cc7V4svmKHw4Dw+GWM/WuMHwJK
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Mapping 1to2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICrTCCAhagAwIBAgIBMDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPTWFwcGluZyAx
-dG8yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXwTHRx8gVHWtSe1VX
-oLPFQmGX4Y0U4v535jowfMd9254hmwW4VbZzK7rrXGOAimFxGHKwa7mkPEo80MIW
-8YQC5HZs3jaXLh/xsmV1qlzwceCXooef+wu8W0pgoJ63MmY+ZJWiNK2ygRV/EVFF
-x2ii8ZGDW+SKEX2WIYI7JhmcTQIDAQABo4GzMIGwMB8GA1UdIwQYMBaAFPts1C2B
-nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ3O4qhuo2ndJvA69Y5yyEMjaNWfTAO
-BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB
-/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/
-MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEAphAVDZECciXjDiCta9HU
-ZubezLaRjcl0IaUmTlvuhUqkfGG2x1KhB6QTq7JGCmBrlxL93qhU+8sGW1k26/3p
-c3hc60bKZ5oBG96iN05oLWWF3udbqBESMO7gn1zX14s97qLtuqQAyuERy2L2uOkk
-n/emInqTFTixe284WjHR3XY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Mapping 1to2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:37:3B:8A:A1:BA:8D:A7:74:9B:C0:EB:D6:39:CB:21:0C:8D:A3:56:7D
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        29:63:8c:57:a4:35:bb:2c:2e:a0:1e:7e:c1:e2:0e:39:2c:83:
-        d6:5f:29:3a:03:70:63:aa:1f:42:e8:fd:3f:64:f6:8b:ad:86:
-        27:c3:a6:5d:48:9d:ef:6d:bc:be:7a:24:a9:6d:b0:4e:4d:58:
-        4f:52:c8:bf:dc:70:7c:ea:8d:5e:54:12:db:5d:62:c5:63:06:
-        2e:00:b4:d2:fa:51:6c:da:3f:41:04:36:14:ce:63:b5:46:e6:
-        7d:10:01:db:50:07:69:82:6a:34:45:0b:38:5e:f2:d5:8b:77:
-        e4:ea:6a:7f:9a:18:fa:74:ed:b4:5a:ba:68:f2:68:c4:d2:55:
-        17:9e
------BEGIN X509 CRL-----
-MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD01hcHBpbmcgMXRvMiBDQRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUNzuK
-obqNp3SbwOvWOcshDI2jVn0wCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-KWOMV6Q1uywuoB5+weIOOSyD1l8pOgNwY6ofQuj9P2T2i62GJ8OmXUid7228vnok
-qW2wTk1YT1LIv9xwfOqNXlQS211ixWMGLgC00vpRbNo/QQQ2FM5jtUbmfRAB21AH
-aYJqNEULOF7y1Yt35Opqf5oY+nTttFq6aPJoxNJVF54=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11.pem
deleted file mode 100644
index fb6f7653a8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11.pem
+++ /dev/null
@@ -1,172 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0Eg
-UGFueVBvbGljeSBNYXBwaW5nIDF0bzIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBeMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxMzAxBgNVBAMTKlZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmljYXRl
-IFRlc3QxMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqoi/6nU3Hb2K96/H
-+9K+tll1HEWk3nCTUyNxX51p/j2CU0KannQFFBA/eohAi2m9L5Yo8awWKb1S3Bya
-vEGNPsdIVYLlSJG9P1epb+In0KNB8zN+UZv9Zrahi/B/3SFS1qUgTV4yLI0/V2n1
-r3YmjyOxr4h+Zqs6X90lEEh4mmsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUkdfhtaSW
-CJHxonEvZtkne0qCk5owHQYDVR0OBBYEFD+Y+xstb3NLUv3ikgoUQ21QbUC7MA4G
-A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDQYJKoZIhvcN
-AQEFBQADgYEAI17tZ0uZ0tu3HpgcRcjJR6m4HmsRao6CJ+ew7HfvWfVRE3x86Deq
-VFDnp9mCv8VKw0ChV4tPFdkw+ceSsgThjSHvxZbghFC6YnG5Ymj9X/zjl4NCujCQ
-Cw37Mi1UZYryKZ7+qODmExTxKry4nIvSUvYei8wDynu54uzjbKv7Jc8=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICtTCCAh6gAwIBAgIBFjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0EgUGFu
-eVBvbGljeSBNYXBwaW5nIDF0bzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ANGY6UqVJ9oB3KneANaPiYS3vFaEAo7CVhPn358boVTv2/wQv8iwT9MvDcASa4Fi
-5kaob+B5k7T8qjNOtxaZJb69UDUDsAYww6r/NK5pkS1KNf7CJZW6/RQC06GsivKO
-kQoudXfGEjAMhmHNuEXS4biTlRuVUXJqLPq2yLwAJPZ1AgMBAAGjga0wgaowHwYD
-VR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYEFJHX4bWklgiR
-8aJxL2bZJ3tKgpOaMA4GA1UdDwEB/wQEAwIBBjARBgNVHSAECjAIMAYGBFUdIAAw
-JgYDVR0hAQH/BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMA8GA1UdEwEB
-/wQFMAMBAf8wDAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQBNuXYJvgOn
-wez9J/K4ZZhWpMPo/7Qso2S6BAoJh7QdTymJKxD6nDnPwetIpbQkbEtq+V30ZA+o
-6v+0cntT/I7cm9JKOXMOKn35BODzS8u5UJTDwWc/l5SA0scCSRfTT9LJambCyz+m
-C0/k+v5zw5VpFozVY4FoV4/KnwIhJPuDwg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:91:D7:E1:B5:A4:96:08:91:F1:A2:71:2F:66:D9:27:7B:4A:82:93:9A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        97:e7:b7:e3:46:cf:59:49:72:d2:0e:de:0e:f6:c3:1a:ca:34:
-        59:50:f1:2d:fb:11:31:f7:bb:b2:f7:dd:0e:fb:bd:6b:7a:7f:
-        e7:dd:02:be:6c:7b:36:1c:49:50:38:d9:85:67:97:a5:0f:84:
-        49:de:8a:d5:0b:d0:36:fc:6c:4a:82:cb:83:73:ed:1e:af:31:
-        dc:0f:6f:eb:69:18:67:b7:fb:1e:a8:1d:a5:36:84:dd:05:72:
-        52:f1:51:e1:93:6a:ff:2f:92:6b:7a:c1:67:90:0b:7f:66:0e:
-        f1:83:22:d9:52:5e:f7:58:5d:5c:7a:1b:69:84:91:da:b1:18:
-        11:c2
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0EgUGFueVBv
-bGljeSBNYXBwaW5nIDF0bzIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFJHX4bWklgiR8aJxL2bZJ3tKgpOaMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAJfnt+NGz1lJctIO3g72wxrKNFlQ8S37ETH3u7L3
-3Q77vWt6f+fdAr5sezYcSVA42YVnl6UPhEneitUL0Db8bEqCy4Nz7R6vMdwPb+tp
-GGe3+x6oHaU2hN0FclLxUeGTav8vkmt6wWeQC39mDvGDItlSXvdYXVx6G2mEkdqx
-GBHC
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11EE.pem
new file mode 100644
index 0000000000..1dfa4e8164
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BF 28 4B 8C CE 26 A8 81 42 DA 3B E4 E0 16 5B 68 08 A3 F0 9F 
+    friendlyName: Valid Policy Mapping Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=Good subCA PanyPolicy Mapping 1to2
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMiR29vZCBz
+dWJDQSBQYW55UG9saWN5IE1hcHBpbmcgMXRvMjAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGMxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTMwMQYDVQQDEypWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC+1d+dhBTDr0hkQGmjN35m1EjSSp6klcio007bUt1XEDFrmlcLqUaXwh7h2Llm
+uQls+Tg+dLpiJNkS+rFqhiMY/8juZ0cJ8kTzzD3tF2Nn6Cjt9643MAFgpJhS2m01
+/6jf4BSbLIy4bZCpes+3X63YPn7HkypNh/praDdnsBl6FVdMVFgSVF/IugL4OQHd
+sDGFTlxLbslcKPdGGKnMWRV1M7Socp1saxeNISc7O0PxN3HZcxthxcmQIw6yYCRQ
+sGM2nbm3kqvjVDKP4A0wxirsP44bIuO+XplnSIjflFDDYmwHdwHRQj3wY9bBBmp4
+cjCNkcCanyNupu7ervRfxQT3AgMBAAGjazBpMB8GA1UdIwQYMBaAFFtzeZnjrgbT
+iqYzThR45KAdseTJMB0GA1UdDgQWBBQ3/goQT3nXcdLj9bsgs0wszyJ9qjAOBgNV
+HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMA0GCSqGSIb3DQEB
+CwUAA4IBAQCqSXXia8C9CKK76G4gSKmXrWLRVJ/uE6oXYEKiGRWKny3sKj1sadSF
+M4k2OfXuYCYUUvs+kZAulOeUZ02oh6WOEY9o4YH508JI5jyFeCzObQYqL4G84NyQ
+Cz96Tedck64RUvcuPw6BqyrpMqVQslCrJGY/O+2jZ5kWi3pRd72r+z/6e7OvS/N8
+F5VRU797A3vTwbbM1tjBlz0nVyezE9rdo81xP68jeKRnveQXsn1RGUSMLnT6vJbT
+KGU80YD/l6dJgBS5qhgGYYk4ZxJuHBkoBfeHuM0NcwZHfqYowccNub7q8x1fiNoj
+lo2TLCGcjka1s6RCQnucPVgfxwq1D8lC
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BF 28 4B 8C CE 26 A8 81 42 DA 3B E4 E0 16 5B 68 08 A3 F0 9F 
+    friendlyName: Valid Policy Mapping Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F840D6C78D9E33DF
+
+lqRQHkeQ/Mysa/UqRSP6CZzr6zT4MUnBJFqXXcnadQaqJhTIN8Uf8pouaLIpskdW
+ddbPI6Tif+OjWPyaMuZSjKIz58XDqPXkIlAokYlZrl/KgdVMUns0H7tZt/ywCql/
+UnNEB5N4K3bDBTKE55qEubh6iwA2EGWpo8VzwZea5kfBBsKFJVtZgAhFuYqnJyO6
+lUnNGhdFLGgmpNed11cvQoA0UKGfQvBlFwsRZyDRTq8iBcZ5fMhp3uuFybK9IluG
+RaZsMai7Sm4hif1PvsTGor3JKFmawWckiOb4sGluvWVRDkEn/2C2LY1uETJZd2Cw
+nGiuhsDf5Feu0nYw+E3p5UIs1QfFYql/jE+1+xbGzDaj2V805l4e7iQmVgjbVYBy
+tzweGtTswnMGoPkppqdRBUH2p2nbtMPcnQyRlmvD61OUWPH7WAtZwg44H+KZ3zQ2
+WlB4ewMXGcvlVN6xhoRq+bQlRmHHlWR1Kx7Uyn6Fkuzx7RnTb9waEgoVXNwd1fWc
+uh/Z9NKb7blyKDsZyf0zMkrJzXSYLTWYD9JnMpi8Z7Z5nd2fd8oRTHSpeudauUE0
+r28vrjTMEFZg8kDHX0pnA7HenZXSBhL93VOR88d6y6e52uG7fb05bhk+xD0HZcg6
++5kEtq7kfAaP6OO10EGwOQJXIY4p1xantw9yDTR6hL5JkP/byG25a7i22onEW5Si
+51Kv6dJuIHG5x1dVxpA/DsDpD1raQknyI0ZS/R1K5GAtjJ9zukagARKBrlaQ4oTp
+zpg7EKQhN8NAE0O8JDlx0WpQ58UQznPrOTl+RLjA4QeI1xRektZygH0sf44mMu1T
+M87ZNfydc3/mjvopj8Ki+AO1Z/8XaxXFCdGwSC7UKHK4+3tAUrolsuYq1mE3TVHv
+GIEuSnojFg9cy5BX5bjdNH5QawWBot/5tbYzrD+OO09uhVPWRaHTW8N4ZW7G4OVp
+eROdhI4SlE2Zgg0vBRKZBL6LTAa46ozF8IM/2kXdXkFtQ4DCd8QAA3HwfCGW3G36
+TxvaWknmvqryn9SwXqv3tAYK///bhNh+5ZqXNkethdWIcGkHRC+DEjxe4XDN1zoy
+YIzkJHq2p1+vD4Iga2Age3IVCKrHBHCLLLk9UbMv+pUas5tK4yIyAG/ND00lUgoD
+ZMDHm3Z+9swm589tg0u+JpwCiCLSg1NIAE0Uj5AnGNil4fyzC8DhjeXJtsZfEMTu
+F6TH5qnPV005k2xTACe3uSavohAY40RwCKsG+RklAfh32muUWJy8tFRHKGkop4Np
+n1ezz15Eq0DsxQo5bLUNvx+1t/dCHxffPtb9xcXM42wEwNP/EOLwmBr8VUSOBNn+
+716CO3jvXQHc56RV+NSEz26kH9k0c9B6vrzeT5RDsrP+TtLPH1hxpyiRz/DtO7X5
+XwDIXZ3Kh3vti7/pwJVGkDJ5VwvF46HsbnClND/UDgnG514++33sBWP95xXEKpQH
+KnvFxgm/10u1AywBl1yq3hE7bulSrcaAcO0Po9EkQXxT7riCAn4eUPEO/x55Jrpn
+rLWP59Ex4GTo56fMXhEctw8DkYg7NDwrTkM42wmD1CqWEbG29x4wTq17mTvyGepy
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12.pem
deleted file mode 100644
index 2f35a62def..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICvzCCAiigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTUDEyIE1hcHBp
-bmcgMXRvMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmTEwLH6u6mb6
-kvz4ulbBVFC2Ea6WdEv2uH/vNi23mER2Nl+xAbeopiy3OLEiXavvD3uvVjX0bSOH
-BGk2j/ern/Urw6djfKt5V4O3NMYi6Grvfm346kdutjJuBcNlhLOE8mLXUguspocr
-AoAEjrQtuS4Bkb9A5wj3OYy4jr2JhtMCAwEAAaOBwTCBvjAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUreIKE61SbSWszamYogoEaK1y
-rrIwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpg
-hkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEw
-AzAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQAD
-gYEAEelnHhW6SAs3Zj4a5YMVTKDe7vCThen9bA1Awt3yFincViRt5/s2ZyzTN5fr
-Xi+2m42Gm+Anb3D7rpV9IJ/PahHq4yrKSrcAzhT3IcHbuHFNwiw8Z3T+31hhjJUx
-3atYpYOZZPYwuT0inFHJWRfBNA8NGBtqYlxI1C+/ucdy7ik=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test12
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
------BEGIN CERTIFICATE-----
-MIIEKDCCA5GgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5n
-IDF0bzMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBeMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMzAxBgNVBAMTKlZh
-bGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmljYXRlIFRlc3QxMjCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAiDGZx3j4WZj3UIYQBpID5IJr0ES7lhC5FAa2
-ErfScZEz3LrPW5r859dobtF5TBB1IGznyZmZBhwl2vmDMTOAJV827Mwn19ELd+Vx
-wAtFUtNszWAw1CQdx+kH+WJka6JxXPNQGWzgn/Q+Cbrq5BStqcZTHtF1NhVX4c+/
-9RdkUesCAwEAAaOCAgswggIHMB8GA1UdIwQYMBaAFK3iChOtUm0lrM2pmKIKBGit
-cq6yMB0GA1UdDgQWBBTkwpjC2Np+iZ8a8Y6b6DTyrLrvrzAOBgNVHQ8BAf8EBAMC
-BPAwggGzBgNVHSAEggGqMIIBpjCB2AYKYIZIAWUDAgEwAzCByTCBxgYIKwYBBQUH
-AgIwgbkagbZxNzogIFRoaXMgaXMgdGhlIHVzZXIgbm90aWNlIGZyb20gcXVhbGlm
-aWVyIDcgYXNzb2NpYXRlZCB3aXRoIE5JU1QtdGVzdC1wb2xpY3ktMy4gIFRoaXMg
-dXNlciBub3RpY2Ugc2hvdWxkIGJlIGRpc3BsYXllZCB3aGVuICBOSVNULXRlc3Qt
-cG9saWN5LTEgaXMgaW4gdGhlIHVzZXItY29uc3RyYWluZWQtcG9saWN5LXNldDCB
-yAYEVR0gADCBvzCBvAYIKwYBBQUHAgIwga8agaxxODogIFRoaXMgaXMgdGhlIHVz
-ZXIgbm90aWNlIGZyb20gcXVhbGlmaWVyIDggYXNzb2NpYXRlZCB3aXRoIGFueVBv
-bGljeS4gIFRoaXMgdXNlciBub3RpY2Ugc2hvdWxkIGJlIGRpc3BsYXllZCB3aGVu
-IE5JU1QtdGVzdC1wb2xpY3ktMiBpcyBpbiB0aGUgdXNlci1jb25zdHJhaW5lZC1w
-b2xpY3ktc2V0MA0GCSqGSIb3DQEBBQUAA4GBACzi00c5I7zzf41Ca5Ln8KYqgDts
-W6Jh0j2NzYtm2W1us5l1tx6UsE5uygoREiVScCXanYaKtiwW5QDqMZb/Uu+izmIW
-QRefqnHnyJqXxKQx8UwS+yNaIjT+ph7SJNF/DQrNwYWtNBD1vKhcNe8MDKWjAr9J
-P7k+rI8qg8ug3og+
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:E2:0A:13:AD:52:6D:25:AC:CD:A9:98:A2:0A:04:68:AD:72:AE:B2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        94:34:62:ba:34:51:b4:ad:dd:01:40:fe:3d:eb:bc:6c:7c:89:
-        cb:f0:7e:e5:38:03:50:93:5b:68:ba:d1:ca:14:39:ec:a8:9c:
-        37:24:c3:0f:01:eb:14:67:8c:07:fc:37:1f:bb:45:b9:4f:5f:
-        56:ad:f3:85:03:23:a8:bd:93:1c:ca:01:e8:b5:1c:c8:60:18:
-        13:95:bf:5a:11:11:b2:3c:3c:27:69:bf:97:08:c0:b7:4a:7a:
-        39:5e:03:2c:67:5a:11:a0:4f:6f:8d:70:4e:e2:b5:31:73:2a:
-        bf:5b:15:af:5b:4e:14:e0:73:5b:f1:2d:cd:bc:75:44:42:d4:
-        da:3b
------BEGIN X509 CRL-----
-MIIBQDCBqgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5nIDF0bzMg
-Q0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaA
-FK3iChOtUm0lrM2pmKIKBGitcq6yMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUA
-A4GBAJQ0Yro0UbSt3QFA/j3rvGx8icvwfuU4A1CTW2i60coUOeyonDckww8B6xRn
-jAf8Nx+7RblPX1at84UDI6i9kxzKAei1HMhgGBOVv1oREbI8PCdpv5cIwLdKejle
-AyxnWhGgT2+NcE7itTFzKr9bFa9bThTgc1vxLc28dURC1No7
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12EE.pem
new file mode 100644
index 0000000000..495ab4e8e8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12EE.pem
@@ -0,0 +1,69 @@
+Bag Attributes
+    localKeyID: 49 2F EB 88 FF FF A3 77 C3 69 8C 7E 41 1E 11 B1 62 70 EB 33 
+    friendlyName: Valid Policy Mapping Test12 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 CA
+-----BEGIN CERTIFICATE-----
+MIIFNzCCBB+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UEAxMTUDEyIE1h
+cHBpbmcgMXRvMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGMx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTMw
+MQYDVQQDEypWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0
+MTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsR+um2sZ2YQ1PJDMx
+PRcsr0/O2t34DJXXvPuOJwddAxPoy89/ARwwYTkA9PXt9KgKpui/y4zFKMEbA+8H
+bZLQDzwxIxLtL8sxEarXLfvaCnmRDlw/gW0onAhdfcfxfrmlX2c2IaPulEzU14xE
+DgnBF+c2XgmRDRZcBTVrrdcHf7/pvnYU+De32CTzBJLox3TAALRveoFaHEBI79/9
+BELaRR+ar6oiKByFa3WMM8vszIr60pC1S22V6kq9Mz1EEpZo6RyfqzzbInXQYG0f
+6PS0sz5lDPHxBkNJh1LmIubJ5T4/Wz+eDaHkUYVtj4o8b5Jvab2kbOiy89E5slOf
+xsGxAgMBAAGjggILMIICBzAfBgNVHSMEGDAWgBT89I1hMzKAfH01h95fUvtp8R3B
+EjAdBgNVHQ4EFgQUH9UDtvGnSGlr19U5qGCO40QW4Q8wDgYDVR0PAQH/BAQDAgTw
+MIIBswYDVR0gBIIBqjCCAaYwgdgGCmCGSAFlAwIBMAMwgckwgcYGCCsGAQUFBwIC
+MIG5GoG2cTc6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9tIHF1YWxpZmll
+ciA3IGFzc29jaWF0ZWQgd2l0aCBOSVNULXRlc3QtcG9saWN5LTMuICBUaGlzIHVz
+ZXIgbm90aWNlIHNob3VsZCBiZSBkaXNwbGF5ZWQgd2hlbiAgTklTVC10ZXN0LXBv
+bGljeS0xIGlzIGluIHRoZSB1c2VyLWNvbnN0cmFpbmVkLXBvbGljeS1zZXQwgcgG
+BFUdIAAwgb8wgbwGCCsGAQUFBwICMIGvGoGscTg6ICBUaGlzIGlzIHRoZSB1c2Vy
+IG5vdGljZSBmcm9tIHF1YWxpZmllciA4IGFzc29jaWF0ZWQgd2l0aCBhbnlQb2xp
+Y3kuICBUaGlzIHVzZXIgbm90aWNlIHNob3VsZCBiZSBkaXNwbGF5ZWQgd2hlbiBO
+SVNULXRlc3QtcG9saWN5LTIgaXMgaW4gdGhlIHVzZXItY29uc3RyYWluZWQtcG9s
+aWN5LXNldDANBgkqhkiG9w0BAQsFAAOCAQEAfgUmAvc8LV3+9l0DE8PptL9L43/o
+bdmYSWhMK8uW7yPnOAyuntZKIT/ssu9oSHFL9dBP5HAnJWslHJqimNZAGanekms0
+uXkiqBOIEP6aMcnRKd734CgiZwnpcFzjPcVFySmBmu9/MtPOGXd4t6n8RrOewe9m
+0HEi0c5/FzdmXz4KtIrTxRSeB1MGtle5kz9ks4Jv7YVyqg62vagxSxYIYIQahYTG
+e3ilDUmdh9ws0RmJgp7PTQ/gV5qUwfWfv/tMWhNUyA/9bdCql87yhNTxokTdkmiZ
+N4ZkwYg0No52Fiue+ymxwvF5R6P36fDEP0phyjh6qv6NYxsdXwd97AfS9g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 49 2F EB 88 FF FF A3 77 C3 69 8C 7E 41 1E 11 B1 62 70 EB 33 
+    friendlyName: Valid Policy Mapping Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B9E7A9E29418DE97
+
+pngogO5dyMFXmvYywn7YrUkWww8K5kDBvb5Qwg1Nzbqiw9uwhvLFzCnN5g4OzOtG
+0T1A4TvSLdcEiVfnF5ZMxbzG68dVZ+xFu5Gy77CenCwYP8WXsqkLvj0YSqlHvg0L
+Rwv32AfltHb+P/ZpiYktGDECxwW1EeGkmm4ZaJL59VHHxTY+aoSNbc8X0lGTsQ0n
+qVFJ4+T/al8f/gVy0wKek/YxykCW3BAigFjzTvFm4LIEZKpPZTJ2sfMJmS217gr/
+9voeF1CgxM/ZD7ZLqYLvADNgDfE9qY89y5lGd4QNUxi/AwIuat0smoS4O3+XXVk6
+XmBQAir/TMh2QnZh5njazYlmKJgQYVw+ePtLs32Sith0lGWBK2zltVR2JcfHaUmM
+j8sXdlSM3M80ttIIQLImJS46Pi9ncrqoRFMx44EIvR/Acd+931LvaCzXpxDO/NTc
+aO7M4t6o5Ru69rLOigRkzMMQNFRr4zk8cmkoFiQYBtYshB3SOMGkK8jUpuAIRrUc
+8q1hpc8jWFCFim90Q2cLA7O0jROIZcZ1tubXc+uEP38pynbveWgxU0rf/lm2p7j9
+ZL3xp7zrjuGddS13ayR6vTmC67dBqF4ErJYK/3sUGTUwMt4WTGqXrlbSbnoZtee2
+OfqMUtc7GKnQjDFCikP6V9b6lGLsbjB+cuGxNdMliE3pxDQ7k4pLMiQONkBCHOVp
+z2BMZNuiH0Ow7gbQKOvmzmnFtKLCvJ3PSL1EszbG9pIcL7mmGshae0Jk55xdfZrU
+yBuMrAKipKmsKJUEh9yRAD3ikx4XP6X7RSw0o/61EOQs9VLZgmd0DKAdWEvQNlWU
+AYiehEodiNOxxcoGHzdBj20U/J7EP5cxa0KkNGKwQsDhbAY5kBPpTAjtqAfs5yg0
+p/l39O3c7ueXczy9LgoQ0nzNY/pXtF8jvPhQ0wlzkGOecbZSTVAbmUAj0VT62Ntx
+oaUHZ0o4ybpiCV4ezi9zPv3jkKBWYeKYpCAWJmN4uA59BNLnoxaIYonoX7mmg2rO
+GFizGXIfGQfPnm7ZVCLbXnjcgRsrUKhStYWR1+/C+8Ailo9QKz2BPXYk33GgPVXj
+lxqvUGdWRiBGDRIVbBRhbOxFTHltU9JWhQ/i/OquOYs76s7oj8PWFH9UNtUymVyy
+OyBqUse9+HsveOc03EHbWJYOTpgTb4eggQJ7nY7nGl4m/Lr3e+hZWtC2J1AgV2Jp
+VVgNiq+OLek7V3J/xzmqbUDwLgNZLVUD0bD23AbinegemBn+UxyKd51EoXziqh3z
+a6/n9V1NS34O1WW4t9kxRwKhgToWD2D8wFmbnLjFQhBfRm8jSX0VxW/x5Nb1Zmqi
+9Ekjobs2AdF4EpSuz7OrJS8kj8vuSAicAPVfjGjIfUoUvN+qrS+b+S5WFggHoh3o
+8PeqZkVbRFlPqpJhTDjxf3eeuFAWbuWzv5YTa6f4JWbq6zbQBkSCfvxZq7cwGETX
+OOG1InOo7RhTIT43Ir2i4uLyUzx0Ah7C5SMDtzCpnDHEtxJRbxXMDijHJ2/m7M0w
+oC81X+tLMxpvh4UQ9fJubiqR3ON9UiAB88c5CEhr8iDKr7KYWqCP5qQ+OPOh9c3w
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13.pem
deleted file mode 100644
index 2399b4163c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13.pem
+++ /dev/null
@@ -1,117 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test13
-issuer=/C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
------BEGIN CERTIFICATE-----
-MIICjjCCAfegAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1AxYW55UG9saWN5
-IE1hcHBpbmcgMXRvMiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MF4xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEzMDEG
-A1UEAxMqVmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDEz
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr5cG4yqBgXjIPkt7dHP/MFNci
-pUHmbTfWoxKfaC+QY/7vElma6sMegYccM49fDN8CJSa7iF0vwS05cS1euHk2PfLF
-nJJamoTpf2iKxjqy6wemAmTH1cnEAtuhyArNadJXjvFmwV8bxyyaFW4GGnMj+yFe
-IJoTD65IuQMOLLg+xwIDAQABo2swaTAfBgNVHSMEGDAWgBQtN9I/nlnZ5r5Xovdr
-DxCCpq0D7jAdBgNVHQ4EFgQU3ZrqolFiawE0EWsHD7qUUa6V4pkwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQUFAAOB
-gQDgNwimYbq6g5crdMRHe8S69POQl1I4Qg6ZD511fwO2OUU/rmIbvqW5faGKHPMq
-Ubun6DrzamYGfx8HCa/vn46jaRVC2tTqXgiy6aWGMHv4MJl1bxS/yR8hqdTEWjG5
-GFkA7UWgU8A3MmmIUaBCs2QK5ZqTmsYuqX2inlGtBcvTrQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIEHjCCA4egAwIBAgIBNjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbUDFhbnlQb2xp
-Y3kgTWFwcGluZyAxdG8yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDs
-qiRQp8ZU1kWOS/tvtPAlHT9dGf17useanNh/sRHafDBRsOVVlS+kMA8Ti/8uecSP
-PEMznqfzcf7wvC64FNOt2P3rD/W3oZ7MShTLQF6C5mqsh8A4T+DDgdhNG5xtOAfg
-buRxp+A4KybQ7YMzRHnb5Z6UEKCAOv1NmaQpQU6lFQIDAQABo4ICFzCCAhMwHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFC030j+eWdnm
-vlei92sPEIKmrQPuMA4GA1UdDwEB/wQEAwIBBjCCAXgGA1UdIASCAW8wggFrMIG5
-BgpghkgBZQMCATABMIGqMIGnBggrBgEFBQcCAjCBmhqBl3E5OiAgVGhpcyBpcyB0
-aGUgdXNlciBub3RpY2UgZnJvbSBxdWFsaWZpZXIgOSBhc3NvY2lhdGVkIHdpdGgg
-TklTVC10ZXN0LXBvbGljeS0xLiAgVGhpcyB1c2VyIG5vdGljZSBzaG91bGQgYmUg
-ZGlzcGxheWVkIGZvciBWYWxpZCBQb2xpY3kgTWFwcGluZyBUZXN0MTMwgawGBFUd
-IAAwgaMwgaAGCCsGAQUFBwICMIGTGoGQcTEwOiAgVGhpcyBpcyB0aGUgdXNlciBu
-b3RpY2UgZnJvbSBxdWFsaWZpZXIgMTAgYXNzb2NpYXRlZCB3aXRoIGFueVBvbGlj
-eS4gIFRoaXMgdXNlciBub3RpY2Ugc2hvdWxkIGJlIGRpc3BsYXllZCBmb3IgVmFs
-aWQgUG9saWN5IE1hcHBpbmcgVGVzdDE0MCYGA1UdIQEB/wQcMBowGAYKYIZIAWUD
-AgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAw
-DQYJKoZIhvcNAQEFBQADgYEAqZ6Cif011+oMzp6bcMsfzt9sTBgpT4l35AbTC5sm
-zp3ur8X5X2G604yKkSXe1cf0F+fZSE6zjwizb1YG0owt1eGWSxCdAlkIFRang7OG
-Z93bEKBx3ysDYCKvemx0f3shGqJVVzMBo6JP6JX7Jnn385UdwdKO2dWzVhHXsP+P
-9sY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:2D:37:D2:3F:9E:59:D9:E6:BE:57:A2:F7:6B:0F:10:82:A6:AD:03:EE
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:52:84:5c:c6:67:e1:f5:70:94:c5:af:b8:de:1f:38:dc:b0:
-        65:8a:69:80:b5:9a:f9:2f:6c:13:8e:83:5a:5b:33:01:1c:d2:
-        a9:c6:c7:09:92:cd:17:9f:bc:f4:30:d8:bf:8e:05:c0:98:d4:
-        dc:be:b5:31:80:76:30:f8:35:48:45:a5:25:2a:92:df:1d:ae:
-        4c:88:5e:34:d5:ea:39:8c:f2:e4:c7:e4:c1:35:45:3b:6f:6f:
-        f3:81:e3:2f:43:ad:ae:e3:98:3a:7e:0e:48:51:cc:a8:15:38:
-        ce:38:31:9c:36:5e:a0:eb:f5:16:e9:43:a9:5f:77:a4:bc:44:
-        c4:0b
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1AxYW55UG9saWN5IE1hcHBp
-bmcgMXRvMiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAULTfSP55Z2ea+V6L3aw8QgqatA+4wCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAVlKEXMZn4fVwlMWvuN4fONywZYppgLWa+S9sE46DWlszARzS
-qcbHCZLNF5+89DDYv44FwJjU3L61MYB2MPg1SEWlJSqS3x2uTIheNNXqOYzy5Mfk
-wTVFO29v84HjL0OtruOYOn4OSFHMqBU4zjgxnDZeoOv1FulDqV93pLxExAs=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13EE.pem
new file mode 100644
index 0000000000..facfad2ce6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 01 42 F6 11 D7 E6 2A 0E C5 9E 1E 64 E1 9A 3A A8 E9 5E 83 8E 
+    friendlyName: Valid Policy Mapping Test13 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/CN=P1anyPolicy Mapping 1to2 CA
+-----BEGIN CERTIFICATE-----
+MIIDnTCCAoWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbUDFhbnlQ
+b2xpY3kgTWFwcGluZyAxdG8yIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowYzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExMzAxBgNVBAMTKlZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmlj
+YXRlIFRlc3QxMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALnps/1m
+3VaOuWJUszOp+AmWnTRIwJe3yRXQ/ysvNkLsbmpqhnmrpxIMjmcttViCxNj6BQ8y
+AjVAtnVSADQBiPP0ETES+3NEW8/VghqYzGJJ9H1Oxanks1Ef8mI58uQm9EWkqTJ/
+B+UjxgqCKkHhmkikpVT/SupdPALhgRw4cta4oouQ51jqoW4rDJrRhMdlPJ5Vaiu9
+m1N9vPK3FIKHMQGV3t1x8u/8T4xsed6ZynU+05zTwnzNl9mu3mX60lfRkLeSUeMa
+p31xBaivLBPyEB04dzzGQaXdhBN5PaJfw98+xLjtK18L26+jqSf2BPfUVDitbCQx
+HyLvSWWN6qntVaUCAwEAAaNrMGkwHwYDVR0jBBgwFoAUHwIoKDKOSoT4uItB8V17
+6CVSa4YwHQYDVR0OBBYEFDxAEkPP6QrslaJxGaIDcd2mbH1QMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDQYJKoZIhvcNAQELBQADggEB
+AErtqbfufFlEyw6M9vWlfiVDCONgimPxftB15iPZe0zL/kVsUk6URd1rcQItVKBa
+ORFqxKp+VRg3kYdzgMUeRJB242zed+QryQlZIoaLmp9JGN/rz4P1gBzIYNmTy/pw
+kKqzkUQbzIWlf/0A1wCpI9LAxgT1TRJ5gLF8r1DrAUzB8GwH/vTzNkvPi2VFng+4
+hXds41goc3F49m7lnsKD9bMVEKDwDugcHx3VfeTT4lICGLvILNLkp5noMxSHtnV6
+N/mZvnAHHf3uE/PkXDibuJkm3LscaG85A0fQtiB1UYzm/IFVFW4K0NTHeS0UzyzZ
+UHjkzxIW2sNziGzljpb8+As=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 01 42 F6 11 D7 E6 2A 0E C5 9E 1E 64 E1 9A 3A A8 E9 5E 83 8E 
+    friendlyName: Valid Policy Mapping Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,20959387204DF4AD
+
+DLyCmJEN31AHHkhdysWiXGs0yEAb6X9GIaKERbejhYuwjtVDQ4VxL2fE1h3CQ5Sf
+bZ4aGC2MQvCCqoWqyd4R+mVAnKHtNet7f4CSHMqKP+uSZ7xNYsd22KS51I1+n9mS
+2mPVFO3f6e9X/SW2IQkBrmklSYgSeiB+rT5Xcd+vKHOdegPkU/tXw6pz9ljDBeXn
+NauHimvP6431M45vP9AVePUnahDdirlJ0algSEEa1PbyrZRh12GjaHNwLkNBAYM1
+UUBHsJOX1v5fK3dQsZK3ajVKq+YiYdOnNsUOclO8B3cgecrNcRwOJw8sWrmsDmgI
+VmdxWsScQLlN7jXivJaBgp9ZLoPq7EYXjcm3kU2djT74UN+8yv06XaYkUj13tZXZ
+POj0DmlDjPpzQmZfuPbiGxzVPEynAKQiqsDeKLdRfWXLuVZaH8DBjkCPXsGbZVK0
+lvd3iVDrjAIHjWTgudbRjOoKuGiE99TaislJfPGBcKr6VlT+JsepYFst0FqhSA89
+gbbRB95BLRyLKdWuL7NdunipUPKvR6jj8LSOKcmQx5NwSwIkITBlhdnmwq+luLuN
+ySTfTp8u24Wb+mh6tU/x2tzRM3fFCYszN2yuUA65bWrj6KDr565419cKrfb6pmWt
+sCqHNNZbhOxD2X92tfNfrlq6i638Zbb3iLGP2MZ0qxvw6pAIh6SpC2GkqKdl6yM3
+z2V9yy1grmQbGdg7EpXDbQgaAMvHcwdCwVq4U4LYAG9tuUfDY826xK5RDuUqmPAp
+GMGriZSclEFOSSBgIZFX8n6NBzn1FiHGazyjXNG8X02VxPoAsiwS6lNpcGwciiwY
+2V/8Prc/1Zd7Pg2fz66DdIfPRbVLbMt8tpgsEKgx4isgpiF1oD2MHSLXRRt9ILFw
+gBTwI980UWxVMzmuwtsP6p+sVYSywX7RwDOiHr9HlArFM/SkDlv59fRgmHb/uuPp
+tFeB7RKDsIkJPKP22hAxccLAJiyhb9EjgztV1t3fKtbRol0YCe+zYH7drqbeI5vD
+xkp5M36b2FcZV0fxSFNmLJBo5Xgmoviqozs3sXbox86qg1EHcGtTs6J6J6SFu2sw
+PKAkGNLRC+ZdlZ/AWnZA+cGNgc/H3AZ9u11uXhqLx6/d6GSX6t7VIbq+MRnqYb7j
+6dy+iljT3HI2M6yi6DUU9IovVISVPLq3KGJvwMtv5VyO9EuB3fjmf6HpR5oiIl0G
+6T8R/SB5NKYRZ/bOu7ZUcGkgeMRdLlRk4o/V6xXL6ODFezl7rsgY9F/P7mItXSz2
+b0zTOLSQ62fQJIdmfTxFweh+xBX14o23buUGrp/gRVEEqXpmWMGmjx9tZ3Hpf9yu
+v+l0qA1pGCyq+8MM4Kkpn/sa+gQ2yo9IrDZEseejMTSQ9AGDY9cxWMjaeM6N89n8
+a/FNJIpiNAnqeIABdDfiyzbi9w6pp+8GNxYElF0almR3CfCbg6G3KzkjfkpRy3KD
+E2O5r6r6c7tzVwzCG1T9Q9smO6I+3EwacCAGda5hBPqYK7hv3ng5C+h1PvqNjfha
+8nbEkyRxVI8MqCubPc//0ck/8jRC69flpVaraxrc+72imo9eYIM05AhQEZDTTvj1
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14.pem
deleted file mode 100644
index 10b7912099..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14.pem
+++ /dev/null
@@ -1,117 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test14
-issuer=/C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
------BEGIN CERTIFICATE-----
-MIICjjCCAfegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1AxYW55UG9saWN5
-IE1hcHBpbmcgMXRvMiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MF4xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEzMDEG
-A1UEAxMqVmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDE0
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw0i1MxqkhMcbORFEu5k6Y4Q0R
-5QY60nT/GZQrbH5OZMueDjhFLTTPfxvN9VWue6NgkPLQ/NgPlm0+DDz0+4dyMi0F
-h93v/27ZAOtBk0eTVvvsCvAyD5EBqW1PWcZHX3oWyaY9AWM2JHrZv8M/toQ4CA2V
-yJOzEOf1bJBfj+SUcQIDAQABo2swaTAfBgNVHSMEGDAWgBQtN9I/nlnZ5r5Xovdr
-DxCCpq0D7jAdBgNVHQ4EFgQUBBCEgvxOOcAPi/H2IhqSJnWk9mgwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOB
-gQAg9tR9jL/eux79Ixd+MLGGfc6YC+FUqLyNErhpSQ7FiCc1jPwAFfyuPLiyBmJS
-k601bFn5fO2LKSSocHH9ezXT+x0XHajvaNlNd2w8YXKtrW5ogwty9q21c4VCuLrE
-ej5cBZPdSyp4RBkdBnjfPc2vRW6x0g3EMA03aYr0Sc712w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIEHjCCA4egAwIBAgIBNjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbUDFhbnlQb2xp
-Y3kgTWFwcGluZyAxdG8yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDs
-qiRQp8ZU1kWOS/tvtPAlHT9dGf17useanNh/sRHafDBRsOVVlS+kMA8Ti/8uecSP
-PEMznqfzcf7wvC64FNOt2P3rD/W3oZ7MShTLQF6C5mqsh8A4T+DDgdhNG5xtOAfg
-buRxp+A4KybQ7YMzRHnb5Z6UEKCAOv1NmaQpQU6lFQIDAQABo4ICFzCCAhMwHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFC030j+eWdnm
-vlei92sPEIKmrQPuMA4GA1UdDwEB/wQEAwIBBjCCAXgGA1UdIASCAW8wggFrMIG5
-BgpghkgBZQMCATABMIGqMIGnBggrBgEFBQcCAjCBmhqBl3E5OiAgVGhpcyBpcyB0
-aGUgdXNlciBub3RpY2UgZnJvbSBxdWFsaWZpZXIgOSBhc3NvY2lhdGVkIHdpdGgg
-TklTVC10ZXN0LXBvbGljeS0xLiAgVGhpcyB1c2VyIG5vdGljZSBzaG91bGQgYmUg
-ZGlzcGxheWVkIGZvciBWYWxpZCBQb2xpY3kgTWFwcGluZyBUZXN0MTMwgawGBFUd
-IAAwgaMwgaAGCCsGAQUFBwICMIGTGoGQcTEwOiAgVGhpcyBpcyB0aGUgdXNlciBu
-b3RpY2UgZnJvbSBxdWFsaWZpZXIgMTAgYXNzb2NpYXRlZCB3aXRoIGFueVBvbGlj
-eS4gIFRoaXMgdXNlciBub3RpY2Ugc2hvdWxkIGJlIGRpc3BsYXllZCBmb3IgVmFs
-aWQgUG9saWN5IE1hcHBpbmcgVGVzdDE0MCYGA1UdIQEB/wQcMBowGAYKYIZIAWUD
-AgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAw
-DQYJKoZIhvcNAQEFBQADgYEAqZ6Cif011+oMzp6bcMsfzt9sTBgpT4l35AbTC5sm
-zp3ur8X5X2G604yKkSXe1cf0F+fZSE6zjwizb1YG0owt1eGWSxCdAlkIFRang7OG
-Z93bEKBx3ysDYCKvemx0f3shGqJVVzMBo6JP6JX7Jnn385UdwdKO2dWzVhHXsP+P
-9sY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:2D:37:D2:3F:9E:59:D9:E6:BE:57:A2:F7:6B:0F:10:82:A6:AD:03:EE
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:52:84:5c:c6:67:e1:f5:70:94:c5:af:b8:de:1f:38:dc:b0:
-        65:8a:69:80:b5:9a:f9:2f:6c:13:8e:83:5a:5b:33:01:1c:d2:
-        a9:c6:c7:09:92:cd:17:9f:bc:f4:30:d8:bf:8e:05:c0:98:d4:
-        dc:be:b5:31:80:76:30:f8:35:48:45:a5:25:2a:92:df:1d:ae:
-        4c:88:5e:34:d5:ea:39:8c:f2:e4:c7:e4:c1:35:45:3b:6f:6f:
-        f3:81:e3:2f:43:ad:ae:e3:98:3a:7e:0e:48:51:cc:a8:15:38:
-        ce:38:31:9c:36:5e:a0:eb:f5:16:e9:43:a9:5f:77:a4:bc:44:
-        c4:0b
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1AxYW55UG9saWN5IE1hcHBp
-bmcgMXRvMiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAULTfSP55Z2ea+V6L3aw8QgqatA+4wCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAVlKEXMZn4fVwlMWvuN4fONywZYppgLWa+S9sE46DWlszARzS
-qcbHCZLNF5+89DDYv44FwJjU3L61MYB2MPg1SEWlJSqS3x2uTIheNNXqOYzy5Mfk
-wTVFO29v84HjL0OtruOYOn4OSFHMqBU4zjgxnDZeoOv1FulDqV93pLxExAs=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14EE.pem
new file mode 100644
index 0000000000..779f279635
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 94 4A 53 1F 7E 3A 7F 66 49 42 EB B2 E3 62 53 3C B1 5E 96 C6 
+    friendlyName: Valid Policy Mapping Test14 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test14
+issuer=/C=US/O=Test Certificates 2011/CN=P1anyPolicy Mapping 1to2 CA
+-----BEGIN CERTIFICATE-----
+MIIDnTCCAoWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbUDFhbnlQ
+b2xpY3kgTWFwcGluZyAxdG8yIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowYzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExMzAxBgNVBAMTKlZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmlj
+YXRlIFRlc3QxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJpXBTA
+3EjsCM9UAoN4IpqwMwiEiVinUgeyznx8NNMjAkrsfSYyMGuchz7Ty/nobcdnUdnZ
+50UodPrVCuy/Cyp/8vrseLEElc2iCsXifGYGSNqxw7906l2rVOvXPQocc0Oa6eTM
+PeHQ//CnC3V209gER16XJ2u/cQshC5Hc6y8lnGf5JsMfcSuPn9QuWnsJt68YElOG
+y9UKmK6fbYHUKH2lwKRGHvCU6UyXgTGnaf50Yu+X2RPe7F7tBWYangT+W6JsgBzu
+SINOiTKjoAD4KysSn+jgFMcKQ6wLhFlb6myIFOX5c93qJ2z0pNCdBiKswpBwkxQ1
+BM4Gu6OY0EE2hGkCAwEAAaNrMGkwHwYDVR0jBBgwFoAUHwIoKDKOSoT4uItB8V17
+6CVSa4YwHQYDVR0OBBYEFP7baMrCM949EDtAPOIY3Qz4oLGuMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEB
+AK347siub9i/zLVRrZkhB/xSOaOpN/ReyvDZsgfdj9oyMHsB1J6ToViVwrx8Af2+
+V4a+ajppbH3FK8jq38FQiUqVwNT2N9MBUuBEBIdq74bvtj7saVjpuBWyPuxV0MMq
+X1zLln5p7KA1M1PNT4uB+g5D1a0MP6I8oPCSiFY6s5cDyzR+vPOXvf7/RXwi8rnT
+7hXgSU1KS5gnDt4qRS+j/eQYDQFZnkH3WIdbyupTmpFLkqAIL4FuNfBOwEJWijY4
+lvwET2SIsHPLLgtlg6lzyY+LmlJ0ABeFLxgCjPINOKj7yafvQa2G6kaAp34XU1Ms
+C0bZ/GDrvAwewPgQM54j7lM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 94 4A 53 1F 7E 3A 7F 66 49 42 EB B2 E3 62 53 3C B1 5E 96 C6 
+    friendlyName: Valid Policy Mapping Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,704650279CABB0CB
+
+ej/Ec7hBM36U5YZxPRg8gj+A0lhQSeV7ETYlsSNseojvKfFNaRvTIalKKaS3Rkaa
+tiyNNcuufNvy6ddQzN/zX5UFlHAdlNoRyLY+QM4aiuGe/8RZBBRQYwb9jdRd6qDm
+lQI0sd+dB6Bu5Du74mHQe92IvGAXyW0g08HQs1afl1KWGdULH+ONSL3ay+vSzLHW
+7N0Q27c3vR0EFY76cjoA8N/8/AfJukQtlDxAIrysqGEVFP1EqOZrU26dcKFuRY24
+k6oT2VafpewKYaLwx2lHIQPCfMFBQX5qqQ2gvwrYDi5xmFNAgGJ2vpE6NUm9H+mr
+4JVFv/coQivFVIs4yqn5AJ2iZJ2PvG8oW/HMbv2tyrlf3zj+MtH2AjAyKN5Uy0Lk
+6wLEe+AV/Yh3jRzqzwwnYZia0z/hkvV2FC77F8NK8lwANJELoPC2lkHZwOK6da3m
+lWJ1VQoQPY5J2AouOThTCV3IFm4w+7aACx7R0apX26vndOTUSuup/U6PromxLg8J
+tM+xIQZBVKP7uY8Xbh6iBN0XCTTyINrQYByoMKoO7KjzP2lN75mofejFd1mopKZJ
+1UjdHXyGonF2BWupPv5OXuNRo5d8+6pRyqubGEijv8ttWqoW+uFU7679glE9W4or
+JFnvDF9ADclR2geMDc28H1C5rlcA983Qs2jUCo7jH9QqVvcxQcV4chIWTtOiHeyl
+4tk/BSiWJAY4Fa1FhitAXLHIiarj/MkmIA3sYCnOOU7hNvzUpmSu0vz5LRqCjrF8
+quqLhFqOVags5tEYAxH+CGuBNc+oSdL/c1u8mry4lfArs2jV8XQvuJrNEtUPcZau
+u63YuHU3G42O8DQJSboszH7/AB4U5Gp8tbvqmjCaWFarDn1q8fEqXEx9TlVtqNxP
+HtWhfcDuSccRP4JpGQXT5xFI5mF6LnlD+k/cbipn6BMrtRxd86fBU2QzZHUwyikI
+TSoab5MDiS9dpyIqzkO3jfr1PYhzpWyNBSaYJkbc4QFGIyx9FNoSQV+gBw8axO/7
+airaWgrToFsgPSwDAadGWr6rC+Jt8PVvFru7LjIGqcsHdPpWuBWJqn9Q8kqlb8Rg
+AUq3P8Jifg+YbMpukK98Le5pizyxsq0S4HFgB+0ddUvx68doHYl+5OaLSt23UrtQ
+DyF+QT0YbrF0NgkIa/PZd+I4NrxotPDN4G9Pa82jJ2hRJfBkennX3PaTJ6jHIP2K
+2SKD817l2k3Ds86qRCrqEIUm28y5ghNv3orSjY6BELzt5QLE3tuavUGaqXpu7OB4
+8OfxvBAeR4qoT+DvQetzOlIFiALlfjWWNBLXGcwRxIXVGUDOTfStBha8gtPIFZXW
+Pd4Ad6MYfiAn81R5NBrdEdsMF1Zb9yCLaaz8atv6+sWMSAjp5Xaa6arVP/LRg3d1
+ZYj1orrCK3BDlRTKAAycBcQBjwUe8n/0JHO8fS1IZridmbsC7x2HTaHdzXjouvA0
+p+xouoWQz7IVUFcFz0asqvpc9+bIlYN5en2O6gomSTKdOVT4fDOT9JQPWdnPogsd
+cmuLx0noBprZ9h6wHY3oTB7dMXKzBZnkwSm31BMXCpVQlAXAFZelAnElqtfGiqJi
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1EE.pem
new file mode 100644
index 0000000000..5ad8e63db7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1A 3E 81 47 B1 3B 3A 90 4D 6D 14 9C 50 FA B2 C5 E2 97 7A 9A 
+    friendlyName: Valid Policy Mapping Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Mapping 1to2 CA
+-----BEGIN CERTIFICATE-----
+MIIDkDCCAnigAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPTWFwcGlu
+ZyAxdG8yIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMjAwBgNV
+BAMTKVZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmljYXRlIFRlc3QxMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qw4n+hgG57EB2akKG9HJw0U
+1wJcwQKfWv52eTaKNomMg19NaikNJj/iPcP1wdIjZAATRynTDN07kpReiNXkE6Re
+5QdXFp8DzsOreH70CDBHDlPpvx10awKgAU24NiT2vEyGm3vee2V+gayPV4Afl+nt
+Oh9kWODmCIJyDRG6l9j0R0fYLR3/DQT+w0AGb1He2RS2N1i6dO8hTEDImxqMPLE1
+ezZmq+nq5MvWlTAlwbREnLXgB0i1GwZaL0RY1OogQbsxThAaGPqNJRW+qioH3A+U
+qgWEheSueXoz2AZsnhDsw0hL72MvzG28BOFhqtdeRpOW3gddnnJ+peluBdgM/QID
+AQABo2swaTAfBgNVHSMEGDAWgBSZxXhpyz0zdsKZrETlsA7+ufTbxzAdBgNVHQ4E
+FgQUlaI8n8HPjmgNunyqQD8HV1jeilUwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAq72hK/CqUQUKPp93
+JCSZAQGtUruzmdRkery177NaQm/EDlhkXR0uEp2HToxIF0MJY20IMwBGR818tVEq
+b/XfO8up2yg1T2gkKCAqU+JMEctVeTD1qzk1eDXKTi0pcfDJ6LPuTHNZ9AInFCmU
+mczg+kqEGSk9Fwn/71Trzlm5oVkIsOv0CgTnoaSyp+qdSiBWYprSmwlwgrBnFMNW
+tOA/ukHDQ7IdVq5iE8lfu0j2do9FV/a1W6uHuxb+ZiEWD9HJ1kJ8a/7c6g/e3Z96
+/PuBVVJUnn8wD5Aun8yexdPAQC3ngJxEmb3a2lLlEI+FA4jRsaCBQHjKlQlZpM99
+Dy3BwA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A 3E 81 47 B1 3B 3A 90 4D 6D 14 9C 50 FA B2 C5 E2 97 7A 9A 
+    friendlyName: Valid Policy Mapping Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C82746A5DC292BD1
+
+ez+wdH0Dut8Ngh7c1y1x2EJhVvIFHRbmZcVpQ9MNZHQSMIxO3qScxJc9/P8/4A1o
+iMLBBq8CLQGONQZa2W+eqf57/YqWGTIb2yNPK1yiF1K806KjHyi8oMGfB2pYX8KT
+x8p3IOH4lzFxarmiTNJze6HZzGUZp15hRcaVb4MAAlSC3Xmw2CEFWpYU4FDL8fg7
+NpdvPNOaGKgHKXQfsVqqD8MsB8jvRHINhpQ+0lUTuNbtDqlcPfvzVa+KKhoXcYGH
+lTajisATNn+Y66JpCcdkobOZ2qhAep39CigHDwltW6uUX6dKlU95Jokz91IsnnBz
+lHGfimrlMDGcN4OOLhSf0yBJrXmLLuWS3KPafF99ZXFlvklL6ophf/lhVi00T9fA
+jlCde7S/AwSlWvrXbFqAAah0EaoNs8/cX7s75Mp9iJ2J2r709F+ywxQXG/YYClf6
+Coiz7JyXm+mXWZtxfnL3JPoY1zLZp0Xq77dFfpyKfBrJUiMKUtJ0uTySYSvdLdau
+pqJWZY3TZO6718WAZOSzET5xe4mgfHrk4lGQDyCNRq3UBKYgRCcY6LqzcQLFODLr
+wHmGg/BZQ78kRow07jqL+fmKhTlWcKc/3uTuR5ZIBc9Y8P7Apnqalj7nvWrkydvQ
+JmtojF9guktjs2NLtzeCUtJkFNCLD8am8uawg79QpRFhyBzFFWVYjf65Dk6IowRf
+25qMaeUor6M9pX6i42lEsi0UgqvYMrGKSmrJ94nBbivvorHbSyXaC8RpAxEUVOhQ
+P1YlLvDx2sVsQ8UiTrKS/+KMfD/Hdj+pncTJvSpsYXHp023Tbw1JbFDZzI/aFj3a
+Z0VWQOyHe9L41NZsN8WsVtRFavlggSQSbXg2XMUKp1+x4y5LttwTx9n4uuCvVFJj
+/u2XO7zRGUezyoYxrobjoDmRNSk/tTPGG9I+TN6V0sW3m80oUQm200cmxrWSD0n2
+m8DUZmH7SRxMkqGFp5+UZA9H04efsZqSQeBu/MXweJaqrGHe+S6svdj+EusLJEj9
+6aYzzgCxw7K0gxvwKNdpR+r+IPLyuZo/rfqz6R/fiIsFFbmcn9QnLa1SiPAMJ03g
+Iuqqxj73alQxdcrSJL/V+etE8RHgK4TVO7bVrYSyGs3RvHlCLCOFuF5F+vI/IhCf
+1lefEU93G6dLnBBDCs7178CyNIkxj5OU7OdZQ2D49rUKpu5g/uEvGIPUFnO3x2HJ
+7GeoaSnv0dDXgc3HEapK8pHjPoLG4t636jkYiLwMuc5Msdg+W+wUdaLKqgbQW3CV
+HzU+E7mVA22nY3ar4iSlcjVtOxXq1A5tow7kOJzl+YErkz/6GpBtTYy5vOv5ohU0
+MbvMV0n7meFlKZlvZckkPyNmhq4PDwHi0IIxI5L+ZvZmfNLlscF1IYrF/nj0PEY9
+5KXCUNxuDbKJLcMORPZ7GYI7umwJ6YY741cqlVhBnPCVILr2YT/NsDMz2Xk8XGAQ
+gFggomds2hPgcLI2GolWaBaXXkgd9Hxfdz/t1EvrR62HK79dlqktNIIOLIx9ZO7K
+XcQbomjX3+yFeOA5Ix60GTNMRFy3U495lc6PMKTTey93/xnoOnY79T/rmKtGzH1p
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3.pem
deleted file mode 100644
index d5af222303..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3.pem
+++ /dev/null
@@ -1,214 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVAxMiBNYXBwaW5n
-IDF0bzMgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBd
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMjAwBgNV
-BAMTKVZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmljYXRlIFRlc3QzMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLjaVgcxBArg5ZjazYxWoHTBcfcT/5
-qsS4WoFj+0UELOPixTqQjmJofe3JKjHSI1h9yiTTiyrDVRkKB3DPYLo8zkv7HQeJ
-sleZKw3rgNtSOKuMY/9E5Pex3Q77pOCXZES31n/xZ1BRfCHAkhA6QxSoePkp7Au0
-6R9jYczfn3FZwwIDAQABo2swaTAfBgNVHSMEGDAWgBT2LLG3KbWulX+w+DlBUy0u
-DwTjxzAdBgNVHQ4EFgQUx21mI2aVCGSW1qLGljar1+6L7JUwDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwCDANBgkqhkiG9w0BAQUFAAOBgQAI
-oGNjmv/QvuGxJUK+dcyZqM4egLTHcIlgtNw5QURIbyQz+p0EkQqlEly1G1f6jZg7
-yi0vbf2ng8f39I50HeqyGHay1/H9Koq5m0K+a9GV2mi0huLFL96U7b64ELF0z371
-W/OSduqoyZhrzBnTSuNoiqmlAlV8Z+TXjVSp1HX3Ew==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICvzCCAiigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTUDEyIE1hcHBp
-bmcgMXRvMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmTEwLH6u6mb6
-kvz4ulbBVFC2Ea6WdEv2uH/vNi23mER2Nl+xAbeopiy3OLEiXavvD3uvVjX0bSOH
-BGk2j/ern/Urw6djfKt5V4O3NMYi6Grvfm346kdutjJuBcNlhLOE8mLXUguspocr
-AoAEjrQtuS4Bkb9A5wj3OYy4jr2JhtMCAwEAAaOBwTCBvjAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUreIKE61SbSWszamYogoEaK1y
-rrIwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpg
-hkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEw
-AzAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQAD
-gYEAEelnHhW6SAs3Zj4a5YMVTKDe7vCThen9bA1Awt3yFincViRt5/s2ZyzTN5fr
-Xi+2m42Gm+Anb3D7rpV9IJ/PahHq4yrKSrcAzhT3IcHbuHFNwiw8Z3T+31hhjJUx
-3atYpYOZZPYwuT0inFHJWRfBNA8NGBtqYlxI1C+/ucdy7ik=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
------BEGIN CERTIFICATE-----
-MIICwTCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAxMiBNYXBwaW5n
-IDF0bzMgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBNMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMT
-GVAxMiBNYXBwaW5nIDF0bzMgc3Vic3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAJjo4/4TekqllLI7gPzmE2OceB30SRuraEVWVdR/lmFpFTks5fKkqf96
-WjYpnJZwaqE1ZdUQxgeNsswPm4pUAhVmU9IHvqBaM+bNXFsrwBOYYhfZY3xnwcxp
-IZsvkLPuEq1vLwxpn+0zTDOpDGf9zhiTrswEUoGYBwOVqRDaToYdAgMBAAGjgbMw
-gbAwHwYDVR0jBBgwFoAUXcS6eHk0JsNyV9FZ9KPiVKcocdEwHQYDVR0OBBYEFPYs
-sbcpta6Vf7D4OUFTLS4PBOPHMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwG
-CmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNVHSEBAf8EHDAaMBgGCmCGSAFl
-AwIBMAQGCmCGSAFlAwIBMAgwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOBgQCass0kmtqSdWX5lffBs/tSTSvnGK38REo2IwTFLHduO4cvzAyS7ProbF/J
-al8FtT9mdnl+NpwrH4KlFNu+uti47wFj9xov/kbcmp21DvZ/m8ihmStk4FG2r6Ad
-0gdmVfBYem0mOu/1r/F8deNFP/Dpd8w3KFnv3Dd9wZd/Eb5hrg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
------BEGIN CERTIFICATE-----
-MIIC1TCCAj6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5n
-IDF0bzMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAx
-MiBNYXBwaW5nIDF0bzMgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AMsNrOgngQPHY/5QvmR5y8mHOJJ2T8Vjf+3/DPv5eMF+q11urxfCat4faDdtchBa
-QXOWQ2TEy6tqpR7u8UJ2wnI7phld51gAcT2I8V7swo/EM1Ga1i5bWa5G10vPmZw5
-l7QwqT/D6JkHdthcaJdQrBP9zesYPEp13RFQU9mP5451AgMBAAGjgc0wgcowHwYD
-VR0jBBgwFoAUreIKE61SbSWszamYogoEaK1yrrIwHQYDVR0OBBYEFF3Eunh5NCbD
-clfRWfSj4lSnKHHRMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFl
-AwIBMAIwDAYKYIZIAWUDAgEwBTBABgNVHSEBAf8ENjA0MBgGCmCGSAFlAwIBMAIG
-CmCGSAFlAwIBMAQwGAYKYIZIAWUDAgEwBQYKYIZIAWUDAgEwBzAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHwK+aOYJpXAoXSRQ1o82pqD++jA/uvr
-2eJoXbcch64CAdRNuCA7rQoRAx1nSUgjoLmHcTDrowQzodrVXVmCmYqXxB5XswG6
-z5Oj09NorxHxpAs7E/izElYwEXl5n0NMInD6S2r1SWOnRpGnCL8PYM3gW+xne8rJ
-CZMIMADOWvrc
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:E2:0A:13:AD:52:6D:25:AC:CD:A9:98:A2:0A:04:68:AD:72:AE:B2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        94:34:62:ba:34:51:b4:ad:dd:01:40:fe:3d:eb:bc:6c:7c:89:
-        cb:f0:7e:e5:38:03:50:93:5b:68:ba:d1:ca:14:39:ec:a8:9c:
-        37:24:c3:0f:01:eb:14:67:8c:07:fc:37:1f:bb:45:b9:4f:5f:
-        56:ad:f3:85:03:23:a8:bd:93:1c:ca:01:e8:b5:1c:c8:60:18:
-        13:95:bf:5a:11:11:b2:3c:3c:27:69:bf:97:08:c0:b7:4a:7a:
-        39:5e:03:2c:67:5a:11:a0:4f:6f:8d:70:4e:e2:b5:31:73:2a:
-        bf:5b:15:af:5b:4e:14:e0:73:5b:f1:2d:cd:bc:75:44:42:d4:
-        da:3b
------BEGIN X509 CRL-----
-MIIBQDCBqgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5nIDF0bzMg
-Q0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaA
-FK3iChOtUm0lrM2pmKIKBGitcq6yMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUA
-A4GBAJQ0Yro0UbSt3QFA/j3rvGx8icvwfuU4A1CTW2i60coUOeyonDckww8B6xRn
-jAf8Nx+7RblPX1at84UDI6i9kxzKAei1HMhgGBOVv1oREbI8PCdpv5cIwLdKejle
-AyxnWhGgT2+NcE7itTFzKr9bFa9bThTgc1vxLc28dURC1No7
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5D:C4:BA:78:79:34:26:C3:72:57:D1:59:F4:A3:E2:54:A7:28:71:D1
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        15:bb:13:8f:22:9e:5f:ae:7d:26:76:5b:6f:8d:8b:a4:37:1d:
-        fa:87:83:61:23:70:ca:f2:bd:ba:ae:72:04:3e:0a:21:70:4e:
-        01:97:4c:e3:16:d0:ef:d9:31:50:6f:5b:ff:51:10:40:73:82:
-        0f:f2:00:90:1a:bb:f8:93:68:b9:0c:15:9d:b2:c3:5b:56:73:
-        52:d3:1c:0f:75:2f:51:5b:40:3f:8b:71:42:54:33:af:55:20:
-        c8:ff:bf:ff:68:43:78:93:55:01:fb:7e:4d:db:a8:57:36:34:
-        df:a2:90:75:bb:fa:23:f3:9f:de:e4:4d:92:30:65:8c:f2:64:
-        e0:01
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAxMiBNYXBwaW5nIDF0bzMg
-c3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFF3Eunh5NCbDclfRWfSj4lSnKHHRMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBABW7E48inl+ufSZ2W2+Ni6Q3HfqHg2EjcMryvbqucgQ+CiFwTgGXTOMW
-0O/ZMVBvW/9REEBzgg/yAJAau/iTaLkMFZ2yw1tWc1LTHA91L1FbQD+LcUJUM69V
-IMj/v/9oQ3iTVQH7fk3bqFc2NN+ikHW7+iPzn97kTZIwZYzyZOAB
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F6:2C:B1:B7:29:B5:AE:95:7F:B0:F8:39:41:53:2D:2E:0F:04:E3:C7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        6f:b3:1a:29:36:35:76:c7:62:11:6e:e9:29:e6:83:8b:5e:bf:
-        25:ea:4d:71:56:16:50:25:92:68:a8:a2:e9:4d:09:a3:74:36:
-        e2:9b:c1:52:dd:87:0a:64:98:58:da:6a:96:e6:c4:02:90:d8:
-        cd:4c:10:71:4c:98:1d:bb:d4:8d:7d:74:f9:34:3f:98:f7:8a:
-        5e:eb:bf:7c:8f:90:2a:7b:c4:f3:29:cc:3c:62:a3:f8:08:c2:
-        0a:ae:35:92:8d:ed:c0:30:a3:f2:a1:c7:7c:a1:68:1d:b0:48:
-        4d:c1:4f:50:7f:1f:af:c6:f3:a1:d0:ad:8a:1a:78:05:84:6d:
-        d9:7e
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVAxMiBNYXBwaW5nIDF0bzMg
-c3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFPYssbcpta6Vf7D4OUFTLS4PBOPHMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAG+zGik2NXbHYhFu6Snmg4tevyXqTXFWFlAlkmiooulNCaN0NuKb
-wVLdhwpkmFjaapbmxAKQ2M1MEHFMmB271I19dPk0P5j3il7rv3yPkCp7xPMpzDxi
-o/gIwgquNZKN7cAwo/Khx3yhaB2wSE3BT1B/H6/G86HQrYoaeAWEbdl+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3EE.pem
new file mode 100644
index 0000000000..7793d24eb0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1A E6 3A EC 27 20 C7 C6 CC 83 BC A0 DE F1 89 9B C9 66 97 41 
+    friendlyName: Valid Policy Mapping Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZUDEyIE1h
+cHBpbmcgMXRvMyBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMGIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMTIwMAYDVQQDEylWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBofqJQybQy
+hloY6wTFGeWWDQq79xScjYNcGS3cgblO19DDYa+gw/1/6p2iVy7NxRnZRUCGSLXi
+f5dXWOaCE1oiyUWBbd0ToHI1MAlsDmXv4LsGceJzr659aeSRNn3aq2uQ4HgezAfn
+vPKL+OqnFTyaXD8VcPwoptkSoCVjG3qO/6O8X5xSI3UJZl+Pr0KeaQZpLJVznUcc
+dGROiHNUYzt/NgkxqPxusg1yfLlv1zKTl8ggf1j5uXbp305FLVAKWFENS0InNiZl
+gbSenXwg110BwtBQjE1cSRmD5xPqrmrCDuNBz1M11vB3TCFTlJLYBcjT/kn56e+P
+P0fixAdywAECAwEAAaNrMGkwHwYDVR0jBBgwFoAUAF05Pg/lqipeLfauaCqtM5s9
+m3MwHQYDVR0OBBYEFFdyv16sxo14G5DAn5RGpP4eU7xaMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAgwDQYJKoZIhvcNAQELBQADggEBAE0+
+Wkm1qVJobS6Lj4Au2vE32CuEL8H3Oi3jvfREIRH8wyFkYrEIDNnV1yKqMaYtvnxx
+62U1tMJKwXDHYENtgregZDVl9xtFYvNj3VXXBfeWyR/hZA9bsqf5KBmTopPCrADx
+BgZuGWnUhfcFFvUYVCgyCtrwCZXDgdoOab0oFq9gR6RyUJ/MbjSSsBzqILe7sPGy
+7bbKX7zeBN71c0lwfyUqXdqw2Ar/yyqtqY5xR0Y63hBhENwc0FOqlQRqzRdxieX0
+OdrRgGDiWUdPueXm6dE1ID6raiFgkbNjDS8P9w6JITApVYU2lf+FykcXUPJVbXeG
+4fQjsbxrjEFK9aUJduM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A E6 3A EC 27 20 C7 C6 CC 83 BC A0 DE F1 89 9B C9 66 97 41 
+    friendlyName: Valid Policy Mapping Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E8F9024A549F3FA1
+
+7ChMT1T/ZW+0zg91e36RwxSOGvgXXmWJLJBbzK1gFJrdwUJOl5InaNrMZLe2Jh3K
+FYtggzWl3/9XNSELQgQNhHwNI7nc15bugP8Plh6PimoSifls5VO3ZjnEJCa9CyKq
+yh3s/lM9iGy+MgzariSUZSx5nReAyHkNaqWFhVDLbaMcdBIOY9+PZSltz5q3jF7A
+awbb638S/9I2tbHuXeE2DsJJppayYjDsbI9W3wMNmgcYzfXd6m+TCqXep5WijkDk
++L85APUy+p4erB9rgLE7USMAIbvtw81cmpFY6J6rN4EmcniUfZj7tKB/C6JLiwHp
+Qe0S0f0s96LuPqE/ITEk/LynxarFq9wpgMJ/fpIivW7yru/iAuMMW6JHs7OkDSOK
+4jAPtA+7X+EC7jnjFuGSDl8k0KEaVKi5yt/FcAO8I/NPpHJqebFEbSKa+caWkJQT
+aDOICSgx9kRtshUJzyySS93wsHCACL+fx/9A5XfUtsBvKWeJ8Aez5ijEqsmrJ5wh
+qgii2nZQX19u+lur75MAMznUswcJ5Q3MhZoLwhBw9BOSKq0FIeTNxXC05Tm+/hPv
+7yJyVPJaDAdmNBmAX3D6wpkxCrEpNBqtW8dHzLBMuBnW2+7RXvypUpF36sYyRTaD
+jglx3b6nRgnmfeLI4U0UnD/f0vfmb7+NyGognyQVUbeZzToGNR2unnBs9bJVKDyx
+FODIylSi/Pt8FrYTpZ26w2ZgLNshqh2FncCBjsVPwhEKbhL2IYiuTuhuMB8BhzA5
+1yvmgzGN2c7xVeprp8OVYEeWUWmeIHbWKywsRWWD2P2wmV9S5u8qF3Ju3rX6ylWe
+A9S3we2wiu6EEvP9uCWrHbJ4NIIB4YcforIWX6MtLaThSbYpuZrNHd1DPSBLGRu6
+qZtG6JLZ4dk4PzN4htJvEDqZw4lHiBpgovTtvF0N0YDNWWB4FnY4ZuQDucZitvyB
+y0hvM6VWBsaKLXDLeH3DwFX1hiiRv2p+PBRghxGXbfw3dwSSgXwVKtxJhj/N4xty
+lJnx521+8A0vFazzTazZLyDl0Zgfhx920cDL0WjMiSbFqB4dg4enZplUEMaXdMcg
+LMvPGsYzWUEkSyAfZTVjexhWb3L/HLxL4hWSy+nCOFGsbfNr1E1aEZVlHaDgE8GG
+0FF8eC8BcaKVkPG8u4h6NVkXJPbkAL+r58LPLQH1s3O5XqevShJ562NQ7bd33zRx
+gktQavo4Gcf4bGgm5FvugGTVCLN24h//rWBP7s9T80CnU0bxaq+5npVmzNBzSq4+
+CxHX6IUeK3wyr5PSSotljctQENzh1t6C5I1XfAGIubpK1pQnOmxIxzKG6Q3f8o+V
+OlyScauwiGXF3TVbvEJNcdopPfpZOXTiFzjv9gR3H40fNINe8SYqTfpDNao1g57J
+N3E56PuSICjuOf5fvgHFe7ksrRtKNagMGw5y3iUxZTvUGuScce+NkrwFjb/Y+wTa
+61oo/gNXMlnUSRU87iKrA8acXNWrb08KEIbiDCcIl2jmckp+IONiSGBpxmUjDsvz
+BJz/odpDNTQ5FlUZ60yIQAl3pqs/oavurzmcvet39hCxCieM5OMrqsXgt1F/1TYw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5.pem
deleted file mode 100644
index d916bbbbbd..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5.pem
+++ /dev/null
@@ -1,163 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF1AxIE1hcHBpbmcg
-MXRvMjM0IHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTIwMAYDVQQD
-EylWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu7tA0m9E4vxbGx8d41Nw9YFiUAKWV/rI
-5MXmpuTVeWZr5ELloOLZG/UdWxsbxKWX+FmF+RLDfJ4aAfomI+J/gPjv01gXT0PD
-qXqflxdcvCR8kWU08UNs5Dbks3BtWaR+rF3Zrw/gz9cg6d/fGFn48gjtn8LeQz1w
-vqAP8w3woaECAwEAAaNrMGkwHwYDVR0jBBgwFoAUrQ/vHBeBV326g+8R/4doc9Km
-G5cwHQYDVR0OBBYEFJ/3EWzpeGSBUdimPN2Zptp/EZwFMA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAYwDQYJKoZIhvcNAQEFBQADgYEAmh2B
-OoSik/wvehYBZuSGtFC/NOP3yi9x6PCY/pzav9YZKgJZXeEJF78A5SVPFjP5BJcI
-c6ke+EApOv2lHbViBi7ll5xc+xSh1Ko77NOO4yrlFe8+ZiKz+kXizBsfbcKUYtKN
-KHby2pgphWXv93Xe0fIFKYeSWqoKvL3EHjc8Gtk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
-issuer=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
------BEGIN CERTIFICATE-----
-MIIC1zCCAkCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFAxIE1hcHBpbmcg
-MXRvMjM0IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSzELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSAwHgYDVQQDExdQ
-MSBNYXBwaW5nIDF0bzIzNCBzdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAuxzFRezTkAVZWZReelvBKELugXp5Eq7O4Ye839Rxl3p/kBRLWiFz+bsyeeMl
-YKC2+df3mBhUm5dDtrttv+oGaGL4bquZgb6X5TNxSHDe/D+3BAyxbFn8Qfq642fP
-QvmHsQYWtT+dP5NUxFpss8ElrWi0X2UEzb5ChUalSf2Vde8CAwEAAaOBzTCByjAf
-BgNVHSMEGDAWgBTMp9HShu8hYwWY780byv/gRLPUkDAdBgNVHQ4EFgQUrQ/vHBeB
-V326g+8R/4doc9KmG5cwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZI
-AWUDAgEwAjAMBgpghkgBZQMCATAEMEAGA1UdIQEB/wQ2MDQwGAYKYIZIAWUDAgEw
-AgYKYIZIAWUDAgEwBTAYBgpghkgBZQMCATAEBgpghkgBZQMCATAGMA8GA1UdEwEB
-/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACas+sr4fsuwRW8lWjQQH9NDBg4OC
-4/j/2+haNy4neNyKBSFPg7g/HTOvalwVvR2OoEiVIdh2cLH4ELt3GVucJkB9Nimr
-nV4trKBPR9Cy/UTVzDvDS9NW7FEyTWtlVbTEU4um4rvU+7HkmY4JjaEUbqrdFcRf
-ho4KQe/QkE0wYcU=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC5jCCAk+gAwIBAgIBMjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUUDEgTWFwcGlu
-ZyAxdG8yMzQgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALkWaQEgKSf0
-Z8Rv+4X37UP7SJyBJFbt6QzzxNxVnCwFX+0X5rL44rsZBya1cg8TN0BvQjpF7hKW
-Ch5A0nARNvvI6cOBqQ5T2UryrVgzPb/dXebSy5e8afDUs8QqRB9dHb/m0AVC+hTd
-mwlok2dgnsm+DdpTaKbgKWi/jjlr8H5BAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMyn0dKG7yFjBZjvzRvK/+BE
-s9SQMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwWgYD
-VR0hAQH/BFAwTjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMBgGCmCGSAFlAwIB
-MAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwBDAPBgNVHRMB
-Af8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEAXs0UPa8a
-gMe7mdH0Zuxlka5P2WW5U6NGJTaF88e0d2LNd0rKAIY54kVS6qWRSb4m3fD17BhB
-HYeJt1wRTxJo/oSdKxOYY/2k1BQLH6HyqsgQsOq5V1KTBJSPsCVZxvw7i0dDtw4A
-VH9jyKpEN4XcL3k1hYHJvBU1sH8g1sE6vLQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:CC:A7:D1:D2:86:EF:21:63:05:98:EF:CD:1B:CA:FF:E0:44:B3:D4:90
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        45:0b:74:18:70:b6:d8:66:8a:81:70:d0:a9:21:e0:0b:b5:9d:
-        71:45:a7:fd:df:50:ee:d6:38:4e:90:ea:eb:a8:84:6b:79:0c:
-        64:6d:0a:4d:e0:36:20:6b:ec:c6:46:8f:13:13:99:18:21:e7:
-        44:60:19:de:b4:f5:ea:7e:70:4b:b7:12:b8:4a:1f:5d:9b:b3:
-        1d:cf:e4:54:5a:a1:8c:6b:ad:fd:51:f3:0c:96:c8:a6:7a:83:
-        f2:a1:dc:3a:a9:84:f6:7f:8f:8e:3f:91:ee:ae:e3:85:9c:7f:
-        44:b7:92:89:15:77:f3:b3:dc:13:fc:7e:87:0f:e0:d6:55:96:
-        ee:83
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFAxIE1hcHBpbmcgMXRvMjM0
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBTMp9HShu8hYwWY780byv/gRLPUkDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBFC3QYcLbYZoqBcNCpIeALtZ1xRaf931Du1jhOkOrrqIRreQxkbQpN4DYg
-a+zGRo8TE5kYIedEYBnetPXqfnBLtxK4Sh9dm7Mdz+RUWqGMa639UfMMlsimeoPy
-odw6qYT2f4+OP5HuruOFnH9Et5KJFXfzs9wT/H6HD+DWVZbugw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:0F:EF:1C:17:81:57:7D:BA:83:EF:11:FF:87:68:73:D2:A6:1B:97
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        33:53:2c:ad:0e:6e:e9:49:14:44:7d:de:5c:dc:4b:0e:57:35:
-        35:18:f2:d9:4b:94:c6:38:1e:4e:33:a7:7e:6c:b4:b7:d2:72:
-        46:03:28:4b:d5:ef:a3:9a:ca:16:33:03:ec:bf:cf:e9:8f:a4:
-        4a:01:c5:e1:a6:0a:b7:4d:86:ee:08:93:ee:1b:da:ad:da:d7:
-        cd:6a:da:95:eb:62:1f:13:19:30:8f:f5:33:22:fa:7b:2a:c3:
-        7f:b8:ca:67:24:4e:f6:4e:0f:be:aa:31:23:42:eb:0d:76:9b:
-        f0:64:24:95:f4:b8:62:7b:5e:14:24:fd:6f:6c:8e:82:b3:60:
-        a9:c0
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF1AxIE1hcHBpbmcgMXRvMjM0
-IHN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBStD+8cF4FXfbqD7xH/h2hz0qYblzAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQAzUyytDm7pSRREfd5c3EsOVzU1GPLZS5TGOB5OM6d+bLS30nJGAyhL
-1e+jmsoWMwPsv8/pj6RKAcXhpgq3TYbuCJPuG9qt2tfNatqV62IfExkwj/UzIvp7
-KsN/uMpnJE72Tg++qjEjQusNdpvwZCSV9Lhie14UJP1vbI6Cs2CpwA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5EE.pem
new file mode 100644
index 0000000000..e559732c39
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 25 AA 50 77 49 C5 A1 C4 F0 D9 00 06 E9 3E 2A 34 06 06 02 BD 
+    friendlyName: Valid Policy Mapping Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=P1 Mapping 1to234 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXUDEgTWFw
+cGluZyAxdG8yMzQgc3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBiMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEyMDAGA1UEAxMpVmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUg
+VGVzdDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmiGMLjXA2ijC5
+itMpJVXTbHXhguDwZQ2mcSY5FmZ2nPuO2JBp2lA6yUG7fCuxTKeC1mGSOej41Pz8
+zTkOGiXC/UtDy73yQhJJPHFn/ka7HzC3UlIOzRbY3nXg89sqIrO4wFLKUvrM1VkW
+FqXJw5XbDwrL/0vIhqHh7jyK64snUiP0AAm6kgR1r3aufS1/QwjozIkRGmP4Cxm/
+8Gzz5is4kfB2NuaR8xE/i8BubAM8TnAyIXX6hy99TlyyXSD2tc8dlxTskD8lt6IY
+w0NwwNTi9Rqq41ZKkLtixase00o+s345noAcI5SfLdnTKXM6zUwooJzBW/av+8C7
+YyqmOjS1AgMBAAGjazBpMB8GA1UdIwQYMBaAFAMX5ZUA/So5eK/LRvZAmGUKAu27
+MB0GA1UdDgQWBBRLgjD1Mqn9+vaGwm3k1zO/qu1RFTAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATAGMA0GCSqGSIb3DQEBCwUAA4IBAQBSG/qP
+hRrenfviZJK/kxNaJzIM2ppVq3YbCxbjSApzL/tqPFEKtJuw2r7UlAY05rqzaZyE
+1sxWuvyenub6f/K9BCQRBXHO5cPOnWS142x9komCqDUP7I7F4pnptXAp8nyc8eoL
+zmsOJ8dlZv2aD//mISoFMZ69fvfIku/MAOZCTnSks1CPyT9omAfT6zdnMiDfk/kY
+lZAWFas9/pm16Z88QP8y0z/IMrri12dOLMnFyKNBy/9TXNZof/VPkkD2keJ6eQGn
+MUamXI/OIlBJXqu3AYiUDP9FQbxKxj4uTOtS1MhrZbAtTAI+3eqPKU92T8YFamCr
+A1Z483lYO5ntY6/Z
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 25 AA 50 77 49 C5 A1 C4 F0 D9 00 06 E9 3E 2A 34 06 06 02 BD 
+    friendlyName: Valid Policy Mapping Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0CE59FD1BDD6BE3F
+
+ZSsWK88M8cUm0Ar98cUKth20vjDFRCIKPWzlUnrVs+Lk7Kq5T+uRcX8BL1LEKwDj
+k81WTxyck/3tn40bzS2dIqRxDur4DWSWUzRvi7Fs6NdN+AtGL9BOvPO2vV0o4p1a
+LG9aHL4cClxgyVsBHho5tqv5CRlhFqj6Z/TBz9SqKoBMvw5qF5B4/NMDrzoZ7rxb
+NGJfJdKti3VPYE1/qfW40+j4rlqmAbtJVL+yeXQ+jdvOdZNO7vNjKMExkjkDQBFG
+tv46/TqcPToHfT8or6N6hk8Xpfz7a0Qxal7db4HwrqXyRMzzkrczucNieZTcep0c
+4hEhKj3WRxRXWhC2pdqn2xjXD9GZBGPmcDxVF1p2vQrhkTVOYRF6yAqvSPkLAlzB
+K4nK5NTQBErvy9r2Sr8KIElZjQIwpTmjOJEsCKCBXO+8GDcwViCl4px+oNGjUc3p
+oSje1Pe9BYbuIcwMuT7pE3N8ovEpra+b6wlc/WIpOLEiJwROAedubKjcg4FAM1uE
+POYIXLyCLo0a7a7cXxS2rv9dQwKfFxXIUvXFnY8K0jJqhr8WD3L9uOU0BNCsee8N
+DExbBCbPybSbo6E+BkWXPF9fhhhbmlRNY3zpF+HjN+YXUqfGoD+TjLjc5tZT8aZ3
+J/7f3j1aFKlu0mGZWqoHV6aQ2yKsShAWWt5g7Xiv0tdqCTSBxY+141wSD8K/0Lqi
+UPGOKJjbmU5rusT5S/VAxP2tsWxpaITMT/wuANu8d6Hfk9VvIggiGR4MXJMsVM6Q
+4me+GqfbNnXgqgYCiprwZRnAdhlAvyNMTJ5HkbXsLUlNKgunaLdf2fxRVevVlKOg
+4fnK0J/uLyaFfkHI7XjXhHWg8sJAkGKkeC2I8lnkyC4UcIqpI9hsJGl/1+WWPez7
+uojkeFYuURQ/jaeFb9p/SO5Zq7mqxGltPC1oE5Fvn5GlnbgYs9RqOF24yb7/30vs
+fjN0vFBiGtLM/uP1eVbdFOC6/iLgZNRUOxZTJSg3OIBoAmMY1fEUJt/h9ZcRFX+q
+ZK1HDjhhybk4SRafZZV3DuyycZf154w349NdzlrtIdUoXTIcJ0uLilYL8kJDE75s
+EZRRjnHEtJH3vrUkDEIUxWG96FXWo5Lf2r+18CW3ktGAAzGWu5JFiQ3Mny5uC++f
+rNqHPzPrD78c2huhG+TZAO3XyLf5SY3thldAneAtceknOinK6FCxifF5/ZPn2Vra
+YQyFzTbQgHctSSkccC4qHMhi8rGqxXEnCBbN+GpCSlbLWjnYLPBuW/wSVKNYpqii
+T58Ff4WK0PKIBXEu/nINzvNqaIzedpENweo+F0pkd07M8QVW2EoMKI6sfUBQcuBs
+aoHIdIR+9IEOpgLk5Q1TAAIFsuno+vkWAIFAfF8F+CSVXf5tFAdYVP15zhLL5JPm
+k3mNECnrcErMM4m5f1zNAaAwFEIPfuqcTmOGoPj+sl/YzI6ZJ/2QJ0KsAVVKugH6
+1NVWK1yzxSlOzWHZvDUV4Be0d5jmipIgWJYRW/qf6bIdYFBfE1pGohsAj5XXGheR
+wWzkUima13yr3onooRE01ArKNue68/kGZgkyVRrsm4+cflLusEPFCA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6.pem
deleted file mode 100644
index 665a6357fa..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6.pem
+++ /dev/null
@@ -1,163 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF1AxIE1hcHBpbmcg
-MXRvMjM0IHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTIwMAYDVQQD
-EylWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAg/jjf7HVRt6r4IitgA9kVxN6rVQy1OLQ
-Kelr3lLXIJbXs7XYoUx53Br5c1SDdSaaRfvhKyMl7m53baO33b+MEeB8VfWHt/on
-35CKtGtyDa/IbfzrrwwJqs0rF4H/t7Ngz1b5rrKaEjy4itjNylcyAzJC1Zjer8aJ
-iXyszL9uGc8CAwEAAaNrMGkwHwYDVR0jBBgwFoAUrQ/vHBeBV326g+8R/4doc9Km
-G5cwHQYDVR0OBBYEFOH+LaLyiRCW05OelA2Y/97NYu1gMA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAUwDQYJKoZIhvcNAQEFBQADgYEAZStF
-y/RNVE9ElY/wKLp8pdE/c4L9rucyOPSv/5zhGO4+GiiN39twvGjjMH3ziIauJpuM
-rCb8q+3s22lzkD6/BSLyRNCXM7Mx5CGWDCdHqnkdFf1Ck9ddAG3hF8FkeKjlZ2MA
-j1g2DpZezCE4srw5r+5mXw95piUHxvBxIXnBUJ0=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
-issuer=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
------BEGIN CERTIFICATE-----
-MIIC1zCCAkCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFAxIE1hcHBpbmcg
-MXRvMjM0IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSzELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSAwHgYDVQQDExdQ
-MSBNYXBwaW5nIDF0bzIzNCBzdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAuxzFRezTkAVZWZReelvBKELugXp5Eq7O4Ye839Rxl3p/kBRLWiFz+bsyeeMl
-YKC2+df3mBhUm5dDtrttv+oGaGL4bquZgb6X5TNxSHDe/D+3BAyxbFn8Qfq642fP
-QvmHsQYWtT+dP5NUxFpss8ElrWi0X2UEzb5ChUalSf2Vde8CAwEAAaOBzTCByjAf
-BgNVHSMEGDAWgBTMp9HShu8hYwWY780byv/gRLPUkDAdBgNVHQ4EFgQUrQ/vHBeB
-V326g+8R/4doc9KmG5cwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZI
-AWUDAgEwAjAMBgpghkgBZQMCATAEMEAGA1UdIQEB/wQ2MDQwGAYKYIZIAWUDAgEw
-AgYKYIZIAWUDAgEwBTAYBgpghkgBZQMCATAEBgpghkgBZQMCATAGMA8GA1UdEwEB
-/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACas+sr4fsuwRW8lWjQQH9NDBg4OC
-4/j/2+haNy4neNyKBSFPg7g/HTOvalwVvR2OoEiVIdh2cLH4ELt3GVucJkB9Nimr
-nV4trKBPR9Cy/UTVzDvDS9NW7FEyTWtlVbTEU4um4rvU+7HkmY4JjaEUbqrdFcRf
-ho4KQe/QkE0wYcU=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC5jCCAk+gAwIBAgIBMjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUUDEgTWFwcGlu
-ZyAxdG8yMzQgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALkWaQEgKSf0
-Z8Rv+4X37UP7SJyBJFbt6QzzxNxVnCwFX+0X5rL44rsZBya1cg8TN0BvQjpF7hKW
-Ch5A0nARNvvI6cOBqQ5T2UryrVgzPb/dXebSy5e8afDUs8QqRB9dHb/m0AVC+hTd
-mwlok2dgnsm+DdpTaKbgKWi/jjlr8H5BAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMyn0dKG7yFjBZjvzRvK/+BE
-s9SQMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwWgYD
-VR0hAQH/BFAwTjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMBgGCmCGSAFlAwIB
-MAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwBDAPBgNVHRMB
-Af8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEAXs0UPa8a
-gMe7mdH0Zuxlka5P2WW5U6NGJTaF88e0d2LNd0rKAIY54kVS6qWRSb4m3fD17BhB
-HYeJt1wRTxJo/oSdKxOYY/2k1BQLH6HyqsgQsOq5V1KTBJSPsCVZxvw7i0dDtw4A
-VH9jyKpEN4XcL3k1hYHJvBU1sH8g1sE6vLQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:CC:A7:D1:D2:86:EF:21:63:05:98:EF:CD:1B:CA:FF:E0:44:B3:D4:90
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        45:0b:74:18:70:b6:d8:66:8a:81:70:d0:a9:21:e0:0b:b5:9d:
-        71:45:a7:fd:df:50:ee:d6:38:4e:90:ea:eb:a8:84:6b:79:0c:
-        64:6d:0a:4d:e0:36:20:6b:ec:c6:46:8f:13:13:99:18:21:e7:
-        44:60:19:de:b4:f5:ea:7e:70:4b:b7:12:b8:4a:1f:5d:9b:b3:
-        1d:cf:e4:54:5a:a1:8c:6b:ad:fd:51:f3:0c:96:c8:a6:7a:83:
-        f2:a1:dc:3a:a9:84:f6:7f:8f:8e:3f:91:ee:ae:e3:85:9c:7f:
-        44:b7:92:89:15:77:f3:b3:dc:13:fc:7e:87:0f:e0:d6:55:96:
-        ee:83
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFAxIE1hcHBpbmcgMXRvMjM0
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBTMp9HShu8hYwWY780byv/gRLPUkDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBFC3QYcLbYZoqBcNCpIeALtZ1xRaf931Du1jhOkOrrqIRreQxkbQpN4DYg
-a+zGRo8TE5kYIedEYBnetPXqfnBLtxK4Sh9dm7Mdz+RUWqGMa639UfMMlsimeoPy
-odw6qYT2f4+OP5HuruOFnH9Et5KJFXfzs9wT/H6HD+DWVZbugw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:0F:EF:1C:17:81:57:7D:BA:83:EF:11:FF:87:68:73:D2:A6:1B:97
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        33:53:2c:ad:0e:6e:e9:49:14:44:7d:de:5c:dc:4b:0e:57:35:
-        35:18:f2:d9:4b:94:c6:38:1e:4e:33:a7:7e:6c:b4:b7:d2:72:
-        46:03:28:4b:d5:ef:a3:9a:ca:16:33:03:ec:bf:cf:e9:8f:a4:
-        4a:01:c5:e1:a6:0a:b7:4d:86:ee:08:93:ee:1b:da:ad:da:d7:
-        cd:6a:da:95:eb:62:1f:13:19:30:8f:f5:33:22:fa:7b:2a:c3:
-        7f:b8:ca:67:24:4e:f6:4e:0f:be:aa:31:23:42:eb:0d:76:9b:
-        f0:64:24:95:f4:b8:62:7b:5e:14:24:fd:6f:6c:8e:82:b3:60:
-        a9:c0
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF1AxIE1hcHBpbmcgMXRvMjM0
-IHN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBStD+8cF4FXfbqD7xH/h2hz0qYblzAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQAzUyytDm7pSRREfd5c3EsOVzU1GPLZS5TGOB5OM6d+bLS30nJGAyhL
-1e+jmsoWMwPsv8/pj6RKAcXhpgq3TYbuCJPuG9qt2tfNatqV62IfExkwj/UzIvp7
-KsN/uMpnJE72Tg++qjEjQusNdpvwZCSV9Lhie14UJP1vbI6Cs2CpwA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6EE.pem
new file mode 100644
index 0000000000..56e8e3d911
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: DD 2E 16 E1 97 7A C6 59 34 9C 5B 00 D2 4B B6 E1 22 2A 85 97 
+    friendlyName: Valid Policy Mapping Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=P1 Mapping 1to234 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXUDEgTWFw
+cGluZyAxdG8yMzQgc3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBiMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEyMDAGA1UEAxMpVmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUg
+VGVzdDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvhuKxV6OvBRjA
+hr758hKWi26IfFd2aGOgdDGd0/1i4wrW//nS3R8mVimchkGruRx1lB0KyEBYmAE0
+hmep3SPwapk2xbej0UL9WgLubmfHv5iesAqn+/gFGyNrHx9/uzp+Ua+25BUGYxBC
+bcMIIN06qMTU1dZF/nqNCPTO4uzdgH9VVnQHkI/TWLmrT8rrq44slyOebfCeXZeV
+G2LtDcubaYdJlo4NJPPE15zrXPBxL4m0pFWPHeTUcEyDwJulUjFmX/NIjUF7yyvn
+LlpLDHFFSzA4bVLOh0rI2VSy2ac1izMJx0gDnil7CykRofgkxJ9nmjclJ8pHtDVc
+TKRmps+dAgMBAAGjazBpMB8GA1UdIwQYMBaAFAMX5ZUA/So5eK/LRvZAmGUKAu27
+MB0GA1UdDgQWBBSzX9tBAp4J21F61Yw77Wz/CmsSAjAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATAFMA0GCSqGSIb3DQEBCwUAA4IBAQBpUnko
+RHAEZlhGumDpYCRzwa47JJqYthnJicarIhlRPpk6p+JkxZh1ISOfOtvfi9ApLNgf
+O+Vr2M1Pd7nWfczbWcmKaa2QqcMU7c/r+KZ/1u4kN12BMlW8TY1o0kk7bBsqjpNt
+6qAdQ+drFBIk7CxmaJuruJxSWZq6+EKy6MzeZiXUPOeujDaxqO3qixQK1iphIZMJ
+MpF8Ls+p9Y/KZ3M4HrUteKvYCY37QzApC32yZmuOojxJOm1+kEV3rzb79dA5epJL
+2nm2oLv8/C8gg7c1v4SpXUoR/d6hgLqu1jZCDFPMAN1Fv2eiWwU5sV2DcSY4bs7j
+yxy3p3hdJLiP6KQv
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DD 2E 16 E1 97 7A C6 59 34 9C 5B 00 D2 4B B6 E1 22 2A 85 97 
+    friendlyName: Valid Policy Mapping Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6089FA172B6A8809
+
+QKaY7/O5JCscfC7Cp3i5pjL+h+jdtqZZ6yX5zZAA6jAwtlVb3IQba+xfyB+nGq51
+yQaN4otb//j64mydf5RuAn7MUJ/2VGwKBSOYGwe1Fmsmd2Gdzv8lkwFrG8AU5Tq2
+K43+wgYZuz9bklxLf85aLZMvtTRcKM4FRIhhJSig0i3FshbhPzZ+EqjyPlHg2+Ji
+fkDR984Iww+WRYAkifZZPFmTpBNXn4WPRJZ/GwNoLA6MkriAhQUUS4AOQ54j6i4J
+jsgylIEa5Ld1j1WYxULXsnI3x9suxMbdUKHUrjLMavJlPHcYS7tZq47DwebO9yB4
+L5XKU8wUv6kl3hVKZtsOTTSQkj0fM9F6cqOOm1Sg0aqSCc3luAAPQuy/t3h9LwAg
+vnQNnfk8AWwqLErmIhzu0FJd4bYK6XDY7IbePHu2T9rEGZZ+XGMN2Eo33XdwdDtT
+uvBM8eQVt4rAkqNO6m0uPNzBmsX0K01fMYV7dpPrFolKl2gVe+bdZjUNQTsa7Onq
+3rsLlEpdO4RP3G5aDDPHfRYPygfJYQtTj1URj0CFLw3K00oGP/hN3BsGi8Ct5io9
+FlwwCugf9dzwhxEVC7iZb1lPREa45FIHih1eHAb5WmJf6SVqRcLh8KBbnvl5Jl64
+AWayZfb31p98TO5eNPfDsgud8dLZkt0Tcbylm1QqDZAL4Z4FbOmAwzlo3BFtQlG6
+jJN3MMFEegNNzkHxScPT5CYaDHFPvc+ndfL6SCFlDOOzWDTZCbYWuLIFZF6MCxLE
+pmEnh4pVmYXOEiIJ5uNFOX9Utg5s28LGr1KQvGHbSKbT+ohctKBq59lZE/sD5LYt
+j8qceGNc/H9omoYli3b/bqJ0FZobsPi1tjz9efPNPF8zz0brQgDxVP2icJH3gKd4
+3G5Ir71YZCVnTMaI4vwzh9FzXKSmIVUry2T2s3NyzKOwOf56a7FqO8s8S4LCZNVB
+9TerDx5FLW8m1W5d29zDfDHjIYtDOliBknP+4LT8CntcC9zGJ01hZt2z+gDMgOyW
+3g5juBfEuSljwcVqs0h5v3Rm+acci3Jkn/TuVeRtngBhIZ4XApF+Cwv/8GjsI8ad
+HjGJ1EnufggTyQONstqNQeMzujDYil0OVgbNyfnBRfeSJ5oB/1mzCGwgrVVh2NsW
+N1U5WpPFOg72jhb8SD2wCvEBcgC5DiPBVpUjhHISpLBbw9+0w/GBkSg3eBcAWAh4
+ukMvgsMpZAwRah21+q3owMILGZz5Yk9ipH8c/OwKznFVky1dJvKEtet8+S+8R+kO
+exTd1ar/mU1u+I9heI9CRz1kWMUHlwKM3cAcZ2k9BTj0UICweQ8+Vf9KUEteUtWQ
+LU8z9Ssn6WCNh08/FoMZNCt3+P1NVpz9c0o/9W92GGG/0AVPkSXXLvsutQqj+YPI
+nUmTM8aXl4eQdA+8NX+DrK+LCfOyDUTnDuoZyzbrKvYzm5TxAb7jzFbXebfYMa21
+hzs0Zwl1rVTtK3TKwYTn7i57sfJ2u6F0j2k8PSc+ovk9u6S8E/WvKquCOcabHPFE
+PAXKisbusrHRrObCNBIwSZhA6b3OxoiIIq0H3JlvMknwkXb9VOffAKMbe5DNHwUm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9.pem
deleted file mode 100644
index 252e920ac8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=PanyPolicy Mapping 1to2 CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlBhbnlQb2xpY3kg
-TWFwcGluZyAxdG8yIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-XTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTIwMAYD
-VQQDEylWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2FRrJurp4yzaLVdHeMS3IAQQvUjp
-lPkcXvLpEyQnWVTBYLsXJF9YdVxJJFES2XUxVFTumNnOjc2XcgCuUDwqoUYHPv8P
-UWZuoQ8B2sg8HPNU6G5BHBbtXkzC7lKCDLRshPSgnKngxdmoIDSVDPkz2KBUhbFm
-QZIqhVHE6UPCViUCAwEAAaNrMGkwHwYDVR0jBBgwFoAU0rpPGz5oOOaQ+MHqJa7a
-kq9DNm4wHQYDVR0OBBYEFEhKmk02sJFH9yFXTXKxqodRjaFoMA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEA
-PrcU9aDr57y1wekJ7k+ZJuhDlemNjGY7ggrZcarGL+LsRqkufpgkLpei7Cz13buA
-L/MqHFdc7H7d+GrbF4PAe2NXfcnlJJMLjS9Jw77qSb3aw9eSqYscBFhOxYWNL/Qh
-5GI9hJYugYGFzLxh1Cnl0/Pc8PoBgtaZg7H2hXmlUyQ=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=PanyPolicy Mapping 1to2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBNTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMaUGFueVBvbGlj
-eSBNYXBwaW5nIDF0bzIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPOw
-G+hWDRzfFMkg2CwlHhCBrp/3hveD/ESGWRnpEp1ATKX47bZDyerSn5/9+d2sCsja
-seeR04tpsBmS+o6bUTTy9W5G6gxE/McnS7oH1WJLYNW9e57ckYArd3i85wr+Ecoq
-IaTiDQmy4Ze+TBNA/7CaYTp8agquwDTl40VGqfs1AgMBAAGjga0wgaowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFNK6Txs+aDjmkPjB
-6iWu2pKvQzZuMA4GA1UdDwEB/wQEAwIBBjARBgNVHSAECjAIMAYGBFUdIAAwJgYD
-VR0hAQH/BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMA8GA1UdEwEB/wQF
-MAMBAf8wDAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQBL624FELsxdPKY
-tcreLc/Fz0uWZ7bc3BEIeVTarTWFu536wAOO2Pf4mJdJZ5WVVSYcOJb03Zso6U0G
-h0iYeHFGkXBCrqeOGe1h3zL4ED/C0HYJmPtLcTrtlAwvYq8dq4ABvsqMAUgFrsf4
-JGqkgLsMrbXRCAsLpFver5xKAuQ67A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=PanyPolicy Mapping 1to2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D2:BA:4F:1B:3E:68:38:E6:90:F8:C1:EA:25:AE:DA:92:AF:43:36:6E
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9d:f5:f9:0e:d5:1b:b9:cc:83:35:eb:00:3d:98:52:11:89:63:
-        79:17:97:0b:9a:f5:0c:35:72:44:ab:2b:97:85:0d:c1:3f:26:
-        10:15:81:e4:78:88:59:2d:4d:2b:4a:8b:5a:58:e4:2c:82:76:
-        0f:b0:c3:45:c6:46:34:cc:38:33:da:6b:a0:79:e2:65:2a:3a:
-        54:8d:69:54:6e:77:32:c1:45:8e:63:de:09:f4:3e:9f:a5:19:
-        37:25:92:40:f1:aa:57:f2:61:69:e3:3d:e4:05:85:94:ec:29:
-        51:dd:85:6c:65:c3:83:7a:c4:f9:37:7e:c0:a0:0d:6c:86:2b:
-        47:7b
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlBhbnlQb2xpY3kgTWFwcGlu
-ZyAxdG8yIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTSuk8bPmg45pD4weolrtqSr0M2bjAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQCd9fkO1Ru5zIM16wA9mFIRiWN5F5cLmvUMNXJEqyuXhQ3BPyYQ
-FYHkeIhZLU0rSotaWOQsgnYPsMNFxkY0zDgz2mugeeJlKjpUjWlUbncywUWOY94J
-9D6fpRk3JZJA8apX8mFp4z3kBYWU7ClR3YVsZcODesT5N37AoA1shitHew==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9EE.pem
new file mode 100644
index 0000000000..368e85a23f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 64 C9 0F D4 50 79 97 AF 08 D3 0E 95 4D C2 BD 47 50 08 57 1E 
+    friendlyName: Valid Policy Mapping Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=PanyPolicy Mapping 1to2 CA
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMaUGFueVBv
+bGljeSBNYXBwaW5nIDF0bzIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBiMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTEyMDAGA1UEAxMpVmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNh
+dGUgVGVzdDkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+P2NyLxKH
+FxAPjW+SjKAbIRefIhK1wrsTiAqxwAXyFdd7DGr1yZgRDI01vPYyYCRCx+N4L1S9
+rDC+mmh+zyDlsM9cQOaApF6Q8yoLW203kJIb2RWaxIL3kWhpQZsVVZ/feMaFM/3/
+TlpjJlCTXyG5rBEz9jorFf4gaLzqfqROlojVWNN7ozp0aSe0hb6PrTymHOxA76u8
+ahz41lNzczNv3UgfzijurhYx93GxKvM+uzSkcz6in1HaNVI9EYb/DgeqhnOW+eNX
+lRBVxIt8Bib7ATofuBQCnPRzvC7txybCPX1KN32Ey3enhlRnFNXeGcEdEcevSVLw
+CZ6KkeB+ft+BAgMBAAGjazBpMB8GA1UdIwQYMBaAFEcDJy9DPcUv2ZKsx9J20DPG
++Xe7MB0GA1UdDgQWBBQIZAJOoXdyajkMnsi9d3w/HMoLfDAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBM
+SaSdAKgMib7Hlpoooy+Du7GZe9IkYyp9XEhiugaOHtQzdD07PS4kUUjjtj/+RjAd
+JB72SZBy6TX0MZoWhz6E4Zn9XwGmxWPAs2RwIcV7ICLq9ZvnThoCk1rUNRJN2GUJ
+rKAaHnnJ8eplpFy7pe+XuSX3+BmuEsB8cY+UJML3DR3pfSP45I8hM4YP6a5C3HTd
+Lif+xigdnT5hBD7UIDXTMxfBFFufc4Ckr5ON3bRRgQKzkV3+FL57dWqBweZV8wIm
+WfW/8BXJVho3Tm7hj2m5Kl7GxuaicnVC9zjC02xSX2zWatlAC9qQ8PebqWHdNCt8
+a+IKJC+4NrcghSNUs/eR
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 64 C9 0F D4 50 79 97 AF 08 D3 0E 95 4D C2 BD 47 50 08 57 1E 
+    friendlyName: Valid Policy Mapping Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,875194FAA839BD5E
+
+TWaDWBhDnwciPVhYcNPoNJhJb/3AJQRnKtKsCwIcT456D+Ibf+ASOyC2h/TkC+tb
+ixNCg0qUSng9CUHqtBumy4hOQtxZqVjYni5+EtxBM+pAuc8j7gq1EAVQMNLh/JbT
+0gak/VmVhlKb3CxPWyszP5HTDezqlNZfkgUwxzryWkT/xv7abmv0kwSL5kx9WCaA
+7CvriwCr4/a+Fjey1J0QolUsf85SjwtgW2bjVC2bGdP+rG3GmM9upvLongxoDXbS
+uBjyvg3jMiM80pjXsAx7wrnd5mJxO0VGROkXjOCH0UWU9pEjSPeK8DyEr3xTfcRD
+CBJ4VHuCAR9xB37ibfx6SHSP6lqeFiT+mObiQDHhsFgx51gG2PjsUexOiRDHTYzS
+GqR81IfPVaNLKVyAxyO7Bdq/BlLJw3LKhLS6amGZJP8KLgMDC2EAnQduRcc7kxyQ
+uTGuAaxJRub2S9XXNpGmGT6JOOfdsILv+sKR/xCDetUstIX5HKcqyMG5QusWdtL0
+XD+ujNT25PRgbQ9YnvS1nKDcP/g60/xzWjR0NsPStHJTDO7TBjH6yvj69jH4XtEa
+4pKiYVeLPeOEtgq43tLM3kB3bXNZoXHXaiQBwIlokAa4JfijiltkH3jy4C9lccz2
+xV6HZQT8y8/4aCXEbxJouZ9EtoD36J+QUIrikQYFTZNZ8RAHPlzFFgrzDSb3vUlm
+DSMhWkk6AmlVCuOnKZHFXEFXHLsVov9phq4lvaBTPL3mARyaA7z2ELtTcI1Rq6rI
+/WKQVfq/q/vC1OYsRCubBFmGv7ou7yIeWtAFpFSl7mutJDiL18UIT6wBRuVyd//M
+75XeC7EVZfsl7R8cflFrYiX4FDK872wTnhPa7bFJRMq0pNBqWAnXcIJJN8ySgZ/c
+721NsMHtkFdSC2SLenMZTZw1AjClVLFoZ4Ke0LOvynxUerLP1HySYeEFpd0z1F4i
+jWOfEl52lq77Dlthn2Ax1i5Tgz35XYVjUImjCvbnafRuSzEIUfuoxITGciRSlatr
+r34layA/Ese7oHqfnDpmht0Snx3FKDNr2AOfLpEdTAqkWC2aceu9m9H5erbpu1hy
+gwbwZ4okeUc7rAzBJ3JZwVX5gou6erOsMvq3rrpM9MQut64LDe5UmiTbqk1nScNm
+25n4XJ98Za+ZJXD9S4AkaCjPiLJOVoBa3lwviBZMG8TCCJFqpf5TvRi65wQe186r
+mxP0EDsjDjvZga5tHEBXTVco4LlsQJifdvQzUlpDgH0KVfj7jt88fH4Rq8DthZ9X
+MBBwRRDQDM5xXq9mkV2s20o0OPUEVrCfxPNhavmA6IL/veIGyH/oLrNg3DrRlRpr
+LQr6vUwBdXr3IXFceKygFNHI5m6m70GwCgKEH7zVGLIhaCUwr44JVopCNWLs5LVJ
+8J2GWsRjr7VWXUF/bPhemVvml/DGysKpuDyJerCm1rQd5/Ba0mZcFi/q+uqmGbH/
+QpRje1m4JWP+UA2Mr7cLiGezv53s3iRp3ZXKDLWrKUIXEWMP6iuW30m6bHOD3n2U
+xhZh8opURdbI4cWF+7sSmRvcTUl/deNCMHBq+iolwppR9pz+wX3pLg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7.pem
deleted file mode 100644
index 6a94017c06..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7.pem
+++ /dev/null
@@ -1,113 +0,0 @@
-subject=/C=US/O=Test Certificates/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICwTCCAiqgAwIBAgIBYDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGOMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgoJkiaJk/IsZAEZFgNn
-b3YxIDAeBgoJkiaJk/IsZAEZFhB0ZXN0Y2VydGlmaWNhdGVzMREwDwYDVQQIEwhN
-YXJ5bGFuZDEMMAoGA1UEBRMDMzQ1MQswCQYDVQQuEwJDQTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAmPmvvNuLBaXi3cYQQzuNFOtq2aeNq1YZodT/+7SSfjl2
-uz1wsLHI7XjOGOuWrE9N0oNBrARmSYh6WrYCJj1cd8vcj+FTymvx5DWEeqPCDmxU
-EO4e+/R+utHsFmCRzrOOUEqKkiHNGoR3iyrYr5zszJRgRDwf1QiYInu0cLMsHr8C
-AwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0O
-BBYEFKAtjaBcqIIIYio2ok1SyOUsUH0rMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAE
-EDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOBgQCXoXCIH5TuCf84dVOweSMfOdb5MzKTudOw55mU7VgDzMk7vzQIEx3jCeP0
-7h8byDM0i/okjN0Ugm4DzOwxx5lAjs/uGGhGRGBVCJIPQ4QemsX3L24YpqSQKoJj
-K+YL+sz8pdoaqX69dDAyIcZNG2i9L/WEvmacw0AnJZ+Rd06jqw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid RFC3280 Mandatory Attribute Types EE Certificate Test7
-issuer=/C=US/O=Test Certificates/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA
------BEGIN CERTIFICATE-----
-MIIC4DCCAkmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRMwEQYKCZImiZPyLGQBGRYDZ292
-MSAwHgYKCZImiZPyLGQBGRYQdGVzdGNlcnRpZmljYXRlczERMA8GA1UECBMITWFy
-eWxhbmQxDDAKBgNVBAUTAzM0NTELMAkGA1UELhMCQ0EwHhcNMDEwNDE5MTQ1NzIw
-WhcNMTEwNDE5MTQ1NzIwWjBwMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxRTBDBgNVBAMTPFZhbGlkIFJGQzMyODAgTWFuZGF0b3J5IEF0
-dHJpYnV0ZSBUeXBlcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NzCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAn3sUmVtQ1OLPODq7WXtzygEZ0tKb60KjAITF+WQQwfYO
-katDsSHQU19m7Uxi3JX3wKeIZOJLDR14VB8aGUsN6pNaKKFCB1B2pgQsjDZsCLDz
-ckA7lYdIC40Smu+8Nb2IGgncTW1Dye6r36lxhEpAU0cqXdOKkhteDDOW42tuZlMC
-AwEAAaNrMGkwHwYDVR0jBBgwFoAUoC2NoFyogghiKjaiTVLI5SxQfSswHQYDVR0O
-BBYEFHv2CemcO4grJLwWGJqNhA9NXdicMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAE
-EDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAQAimtwbz7YQ8Pm8M
-Cg/LHjRpGXaJL82W85ioX8T7hsFsGlQbHp6uAq/Zkk44mG2ziuI5pJF/HnuAXPiF
-xHcnCfDDpHpNh7deC53/nPf9Co375lZRWlBT233KSL14GTyiBZPipzbsUvJ+7FOp
-alTeRK4fPr3lNDo9SEVo4e97i5w=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A0:2D:8D:A0:5C:A8:82:08:62:2A:36:A2:4D:52:C8:E5:2C:50:7D:2B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        52:d1:8a:cb:32:66:cf:87:3e:a9:ea:a2:35:90:42:18:74:4f:
-        9e:43:5d:6c:73:09:4e:ec:45:68:bf:3d:c3:1a:97:e5:83:66:
-        e0:2a:1c:84:97:8e:d2:29:2a:c6:f2:41:e8:fc:63:3c:8a:5a:
-        1a:8c:40:eb:c3:12:1d:ef:5e:70:a9:af:d9:dc:89:28:03:76:
-        ff:b6:cb:5e:e0:82:f7:ad:32:3c:60:58:3c:fe:24:3d:9f:68:
-        79:98:14:e4:0c:80:1a:f7:63:eb:5b:cd:ca:1c:69:80:93:8a:
-        26:55:e3:ac:b9:05:7e:83:64:d4:3b:11:26:bf:fd:df:5f:3f:
-        40:30
------BEGIN X509 CRL-----
-MIIBiDCB8gIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRMwEQYKCZImiZPyLGQBGRYDZ292MSAwHgYK
-CZImiZPyLGQBGRYQdGVzdGNlcnRpZmljYXRlczERMA8GA1UECBMITWFyeWxhbmQx
-DDAKBgNVBAUTAzM0NTELMAkGA1UELhMCQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQx
-OTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFKAtjaBcqIIIYio2ok1SyOUsUH0rMAoG
-A1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAFLRissyZs+HPqnqojWQQhh0T55D
-XWxzCU7sRWi/PcMal+WDZuAqHISXjtIpKsbyQej8YzyKWhqMQOvDEh3vXnCpr9nc
-iSgDdv+2y17ggvetMjxgWDz+JD2faHmYFOQMgBr3Y+tbzcocaYCTiiZV46y5BX6D
-ZNQ7ESa//d9fP0Aw
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7EE.pem
new file mode 100644
index 0000000000..7961ca1f03
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: E6 8E 14 0F 4F 28 27 45 1E 67 B7 AA A8 34 C2 84 FD DF E8 28 
+    friendlyName: Valid RFC3280 Mandatory Attribute Types Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid RFC3280 Mandatory Attribute Types EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBATANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExEzARBgoJkiaJk/IsZAEZ
+FgNnb3YxIDAeBgoJkiaJk/IsZAEZFhB0ZXN0Y2VydGlmaWNhdGVzMREwDwYDVQQI
+EwhNYXJ5bGFuZDEMMAoGA1UEBRMDMzQ1MQswCQYDVQQuEwJDQTAeFw0xMDAxMDEw
+ODMwMDBaFw0zMDEyMzEwODMwMDBaMHUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZU
+ZXN0IENlcnRpZmljYXRlcyAyMDExMUUwQwYDVQQDEzxWYWxpZCBSRkMzMjgwIE1h
+bmRhdG9yeSBBdHRyaWJ1dGUgVHlwZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDcwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdZjCEq8H9mVwzW0tJkvsOuE4j
++D3LoEUE2bh5sopUAfj/IOB3xwajLwL3VX4joJQkD/D4efvZKh4pzkHnbC9s82PW
+4HbKW95X1n2s85JFrMYuPGxzD4pDQcHWeptp6NM4iP2nxj/cc3kkxcov30hnk2lq
+mmr3FNXYIJ6/D4e1AgGgZjikNwKFHqiC5b70bZW6QbUTfQ7PtsqsCb2tsLvDreXS
+lBd8pLnB4b+czEFdcgXx9vVPEJf0tWik+k2dO5EbXhEFp9TB4/oOAPz/6J5sniSO
+IkrRfwidMyUAn4/iUj9nzJ1ITJ3ffHhhOpAmEBI9S5yg8ntzwh6zKuxwp/HNAgMB
+AAGjazBpMB8GA1UdIwQYMBaAFPBRGGLvzkHHt7BndGsCvDIKM5nrMB0GA1UdDgQW
+BBQiXTJuQyIRmwrQGxx/oAX3WiwjvTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAU+rnqd3Fx/GnRGW1S
+TkL+CqF8rRHHfVoi+TbwLpbcLltQPiJSm2OzYcPaxR4Q+qbVevA0aLTHFUrKb+dJ
+yX5HIC0Mw1NgEoyMmgqBtxk6qsxawpxtSuiIrqVwC8ZSJA4x5r5OsVwm3BTu4yIG
+BecgzQPToPTzkLpy+miylicd6zUotkx1/fk9H22Noi6CqTea0leemThYEf4UdiDN
+txAI2gGY0++Pg4xS166It6G4VnNsIPF/HV684iwAO3FPGgtxPpu6chf1Z/9D9EZ/
+bVHah6PIQS41hrUKp2dr9rTX4Jbaay8hg9FT4b0Uk4hSJxaDvEO/CcqLjK3HR2lc
+CE8y
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E6 8E 14 0F 4F 28 27 45 1E 67 B7 AA A8 34 C2 84 FD DF E8 28 
+    friendlyName: Valid RFC3280 Mandatory Attribute Types Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BFE9C73E2F4F2252
+
+WDp/+1YSU6aYrsDVTkgfP/7jdUE4vXcwtYb8J2Y+4ToItijuV2PLyC3+LDxgdKYV
+N20avLAeuruvWUYkMXpg2KkLfH14wQ716S77yzf5zXSMItZuQhOLAIbziAct68c0
+dCrZrJs8eZ6l7cttPAgui2/8QPF68//fEs7O8SWDVm7vgKfIhacQcpcmJEq/SqFv
+Y9DSlxrXl848ATroZPI6630f2VeBbM4U3+wyS3l8Y77+vhARPJlerQExJgPauzHG
+vur2jVe6CtLHo4bmQu3uVWiVFLVeaycAVkBJVO+PayhC1WZBecuOwuhk4EBMk0Dw
+Wm23QxVUMTveXAbBvoxl+8XCq5WvKK1MywODr0twPMsEs7QzudC4kyvhir0ZTfMQ
+mt5bRtkCyzdBJyOWPmoZ8cGIT3e8yXcVoqwiWwy/i+dQ4EWAUtTeP4F7Fu1n2CGN
+i7Iu9TvYZoeU/RvBH+p1kjdiQx1YsTSxxCMstLoH0+k7WuH6vyNcnPGs1/4/3M62
+3qCPUK+C6O01Pj+wa+hxs1P24SIEN+IbwmDPEFClWk5T9Hg5MYBH2ae1a4DG3DEs
+c4JcAScAjnSInZkBEtAAjpZ0f8D/hDxW8UZ6i+vfgITMIXYqZzWaO0t8RASkTj4x
+F8NC/eC6uWTnfFvEcABDdMQ7TkRzz8QVCHLVWsMBoPpb5XmGnm2maWyD600o+hSi
+03OIEYVsQh09qFTtbnxHpUOwrdjGCQZ/a+VFee3nW8BgUSrax+/7Nv1jX7eFchoY
+5Ma6pYrvPFlD7MQITj9zEhFNy7+DmQ2kWyw0fOaozRVqLpp59jGzYx3ERzmUSxXO
+h3EPTWOxgJ4ggQlKepeRfv9jzI36XMzVcA4kk+hlngNOWkWfFyBO6ZgzlmB8vwLg
+TvHXabA7CE12DzPc0Ydput4abongqJee6I33uZ4vAJSFAY63L8lqm/j34wRSjkzH
+uo7Pw4C/essovBEIAYjgiTS3ZkVps/fO+DTvCiRJAIx9BnebASHFxBmHUyo1nu5t
+DEg9xbK06d6+/m/0S9a/dpAl/nIgXroFUgS+wQAAZ8znJ+OMCzZfyvhFmtNqOwJ/
+OdzSJ9GYXp/qJ4mbFNAzmtMxPRli/kFScaAcKfcDGEmCJOkfglgr6RT+nvYHdwYK
+briRG4GVuSdnRf2BgwCjvpDEFIc8SkWstRydiUj3F0YtcMn/qqz3ee8EUYyaDFMh
+5tfxP7nuV7NlayDIa8eAj4uOMdXHhOpF7yROZbc5fgD9r5rjs18KEu1DJUKGyKaI
+HAbm5Jpwcidw2WLG9I106RcF0tKR+1Y3ZGkK0SwAIKEu77Fadoz6O3FGy7bvx0a7
+547ZOqZXuz8GmkbxXXXdqcI2BJtgxIyXwybfdyefLwRwsWbnQhlTrDQq5xuevWzi
+1NbAToJhf7iVoyqaklPV3wQ/VJTDly27Q7KJjaFdTuGlf8pj7IEDJG6LfX5YppcJ
+Cq4u5Lu+Zsvusn+7N1BBZbNSiNCj0tR83C/muSziuTWtOY23JZvvmHQpJEMKaTyN
+aU0obz9ocoPvipKvPwbWIP67kMHHbaomLxhNmSOwvZYAnppzXXINzwrtImlcu32L
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8.pem
deleted file mode 100644
index fe5bdf3e6d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8.pem
+++ /dev/null
@@ -1,114 +0,0 @@
-subject=/C=US/O=Test Certificates/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D.
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICzTCCAjagAwIBAgIBYTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGaMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAcTDEdhaXRoZXJz
-YnVyZzENMAsGA1UEKhMESm9objEKMAgGA1UEKxMBUTETMBEGA1UEQRMKRmljdGl0
-aW91czELMAkGA1UEBBMCQ0ExDDAKBgNVBCwTA0lJSTENMAsGA1UEDBMETS5ELjCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1rYVbBlFi+aAvBEyC1OHaw1KoNLA
-SbwWJQU2M2R18MJ60p/Et24lC5hPnI9+Iaqa0JSHYJ0hY4qWcweJOtNcTNjAgPe/
-jxsQPIOJeI5j0ZDI79wgvj0F7KLW5QKyDbc220ew+FMR2KptqAPxv4exgICooaiL
-M8sOLdN9u/AqLosCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFK+Bn8wZLBKkY0JXV9dXGmMHX3PRMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQBT6cZaPPoR2jyTsaiykedCd4fttTGC/7nzI5s6/riF
-5nxSRhoLM+h8ha+zN2df1xMZao1Ovp6RQGOPrbuPhz8qwnmYrjZ2fdvj47sj+BQY
-xIO6oUyd/DYYwI/nmq3o5bLBOxZDz3qC3AiNFfcfLPiZ2m0eotP0I78nTtDGGUDc
-Ew==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid RFC3280 Optional Attribute Types EE Certificate Test8
-issuer=/C=US/O=Test Certificates/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D.
------BEGIN CERTIFICATE-----
-MIIC6zCCAlSgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQHEwxHYWl0aGVyc2J1
-cmcxDTALBgNVBCoTBEpvaG4xCjAIBgNVBCsTAVExEzARBgNVBEETCkZpY3RpdGlv
-dXMxCzAJBgNVBAQTAkNBMQwwCgYDVQQsEwNJSUkxDTALBgNVBAwTBE0uRC4wHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBvMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRDBCBgNVBAMTO1ZhbGlkIFJGQzMyODAg
-T3B0aW9uYWwgQXR0cmlidXRlIFR5cGVzIEVFIENlcnRpZmljYXRlIFRlc3Q4MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBi40mcnzIqaCI8xmKk/hWOkKWbQLD
-++tbFk6jZC91dhYO3PZy1cPsNYJPSz+xSdp/EQz+8TEGRabX2QloXsHxgRZGersi
-xzDg2uh1LS0/k04o+YxsAwJljkd74tub9b0PRX6MzqsUQgy7SWnPvQ6qKJ1uZ8B3
-UJYb/Jr+Jb0BDQIDAQABo2swaTAfBgNVHSMEGDAWgBSvgZ/MGSwSpGNCV1fXVxpj
-B19z0TAdBgNVHQ4EFgQU1AdzbqWGvXGozwcQ3FLKcM0NhdQwDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCm
-53CaFal2YrwuX9JDOKgfEISGgoAdQjs+hoh0T9fTKMeyzfuEaajj4gKD7YViPd5Z
-SbbTywQKjzTDTP1PiLf7ti3TbOzHmPCT9sOcSMxn7ws9Q/KV4SvNjpYK8W6YPn6r
-WSMe+VuZypOlb/vWxOgHPP5IIY/4vqVjulA0tcqP5Q==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D.
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AF:81:9F:CC:19:2C:12:A4:63:42:57:57:D7:57:1A:63:07:5F:73:D1
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        92:2d:88:30:eb:90:92:74:63:32:0b:b7:99:52:78:83:ef:a8:
-        8f:33:89:b8:57:ff:06:f8:f0:41:20:77:9d:be:a9:98:10:12:
-        e3:80:bb:b0:48:d2:57:93:be:3b:b8:64:f6:9a:91:05:05:df:
-        d4:97:6a:a1:c7:29:04:d3:e6:ab:63:83:99:c1:58:87:8e:ee:
-        d7:85:1b:f7:d1:8d:2f:34:c4:a8:77:c3:5d:ff:15:2b:c5:14:
-        47:f8:04:f4:c0:a1:3a:84:07:0c:a4:97:0f:02:f8:ca:07:52:
-        fe:42:29:ff:e2:9a:01:e0:ac:1f:4f:e1:15:47:6c:71:d9:da:
-        dc:02
------BEGIN X509 CRL-----
-MIIBlDCB/gIBATANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQHEwxHYWl0aGVyc2J1cmcxDTAL
-BgNVBCoTBEpvaG4xCjAIBgNVBCsTAVExEzARBgNVBEETCkZpY3RpdGlvdXMxCzAJ
-BgNVBAQTAkNBMQwwCgYDVQQsEwNJSUkxDTALBgNVBAwTBE0uRC4XDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFK+Bn8wZLBKkY0JX
-V9dXGmMHX3PRMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAJItiDDrkJJ0
-YzILt5lSeIPvqI8zibhX/wb48EEgd52+qZgQEuOAu7BI0leTvju4ZPaakQUF39SX
-aqHHKQTT5qtjg5nBWIeO7teFG/fRjS80xKh3w13/FSvFFEf4BPTAoTqEBwyklw8C
-+MoHUv5CKf/imgHgrB9P4RVHbHHZ2twC
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8EE.pem
new file mode 100644
index 0000000000..fd69deb001
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 70 05 A8 EA DC D1 2B 2B 4F 88 9B CF 8A BF A5 7A B3 2F 23 06 
+    friendlyName: Valid RFC3280 Optional Attribute Types Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid RFC3280 Optional Attribute Types EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D.
+-----BEGIN CERTIFICATE-----
+MIID+jCCAuKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnzELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAcTDEdhaXRo
+ZXJzYnVyZzENMAsGA1UEKhMESm9objEKMAgGA1UEKxMBUTETMBEGA1UEQRMKRmlj
+dGl0aW91czELMAkGA1UEBBMCQ0ExDDAKBgNVBCwTA0lJSTENMAsGA1UEDBMETS5E
+LjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMHQxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMUQwQgYDVQQDEztWYWxp
+ZCBSRkMzMjgwIE9wdGlvbmFsIEF0dHJpYnV0ZSBUeXBlcyBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALnWd2qWpNr5
+EB4D/X04sWYwHk2O/sNfaCRnyPOdRa04rEwDbcqICC6y40U0nyDFc0EzBcCHVqts
+Cn36EI4hpnibj2BRybDIo2Ntb2PH6z0BbQUfPY/X34yJ+k9uFEBRRL9gNyQQH+DB
+mgN/HoQ2UOiGvmdNJY9Sc5f3srgi+0TLs4W0kaeW3l1/aFImKPBXIE6Dwhqr8x0I
+i2MY1piu/TN6llFXukOkz8cZihj8hetOPNTJPcSjQ/LB+WQpfyQ2RsVlpIhy0tf1
+PpBpWrc9Jljx11MT0uHCJ6Agq/cqO9NxBWR6NN2rCRq+8JwOgBNS+5qH2hex7taN
+QpedWsWMxk0CAwEAAaNrMGkwHwYDVR0jBBgwFoAUm25vP4qn9Oe1jDFbzplLkRx8
+fL0wHQYDVR0OBBYEFFo1tItlb/GOrVNgqo0jnqVlFChDMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBACLn
+LA2yu+fl/z6CAe91RJeh1g/9ffXA81W2NjqtgRF9p3ryT0M7ZVhVd8qmN4ZbTB+O
+lTTIgspdcgCFbX3SzH6MFOHmTmIug7hsuBkR6xhs4fGbGb9MqbAbcsUhqNSC+EQ7
+35+ti62crD1Ew83xhOn8rPqCfKj8cRlac15f5w05TItgB0v4/laFMQwGGvJcvGkQ
+j8iWgV2SRug22qujOb7ZH5rTJJLWvZ6oLNasiyB+Fe6ExidWRU1YKmFNWrP1OEe4
+Hll70oWjXGLo/Ilkw8dJDe2wxLgktazED5eBsqfS8wPCTHkaaM/YAcbDmlbXvDED
+Rk8uUmjfR/dHOtIdEb0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 70 05 A8 EA DC D1 2B 2B 4F 88 9B CF 8A BF A5 7A B3 2F 23 06 
+    friendlyName: Valid RFC3280 Optional Attribute Types Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FC39EB1A890FB19C
+
+mRBIoUlt0n541CPYW0DGxjQbisdR/qik0jn4WUzTQjFUhDqZCS3jox+lVj3+2L0O
+EogtwLej0FCZbv5Wl1+cGTSRnRWsTMcrZF1vUPxbh5AyGyAkHhvkL5VeN3KvQD8n
+GyRE92RwD+UiRcmSNTnN1tzcfUF5WP+ggGsyhqoMh+8A/a7q6fKtKTqA3a0PgMtC
+G+OxoAsZnQbmV2djG8aayd8C84mZtj29qSyzevg5ubYbU4zDFHEJ75tZivxTNWe4
+rgJtTDioizLuuiLZW4lgC8qIZIto49NZxW3NGI4uNf4S9YlH6pwg/WgfP8uDt5BU
+Ya9b7isJkgpkaaB3UaAignwvmxbcK/etmEI90NNYJAo+dNX9vSJgr3tPWD4ihnW5
+t2spd3+9kLHz002tGh8nNOUVSPp/7sBgJZAdCTDBaD3Hn53zcNxjzhHyI2KRi6pd
+X5iU8Ull5ymv7xX2a7hS2nhSvluknO3FrgQboEmZi68RQ2q6TLF3zurUPpWR85iP
+J3ISxm4Np3m1SpPXWyJDc0WldWvo2Y+dqPXhg37nkXw7bkwrCmBc98qzVLGh/iRf
+W92SADj6fLeQjSDF97ts4/Qt9VOCrRBOY8hrOWuFJ34kNbMRqxpruBfRFmizdGYZ
+CzSSSwr5aZCYAe4vMFU1fRO3If2oAzF52IGSpRKmXVvDTU6djW7JMieKAqWWGaQm
+rlIZ/061su9MzGXVH5VF5Fbeooavm7ir0FaMVYhTmtdggo4F61zBY6ubtCQg/9lX
+oQjKc9XADM58zIWk+M3WMTGquaEs4ACcrx34l3RolC+B6WicQAAqq7KcSULahufG
+J8xteOpQ185qRdOVfSBQ/DfRE7cD4CXJvt68uPXn1ts4i3KjU5k//KAr6uVfWOa1
+TNXO1G9zTDiVATXU4NK194ECyVTLUVJVxAGTc4RaVkJOtq9fTn9b+5e3a5kqx25w
+Vwf+bidlEM8U8QWEWrE+ro78v+NSjTAZADR+LfsAqbRLRhlBVyCRFn7VcYDXx9M2
+N32euCqAKZCP/lrKyvk7Ag271IMy6CkTKOVCnd07oR/1LJQFQzUzOrK0oePuUEdZ
+0fm6ErCioCEzPRpq22dEwsZ24axn1AQDeZ7UA0ZId4Ll8e8XALne0LJKr+ydyrjL
+vmNPFXp49+igvesj1K+uBIkp7RsROuh5A5Fj0gq1oAtKGq6ypu36KwJOSFPl8zNn
+8twsR1yRCbgGZreA6fO8lo3lv+q3FvRWWLX10p+6OaOSi8Wh59+R1q1b/BgC2Xxy
+cwdvLjOhf5lPn9kWHyZHaTnhBRn5AgwiMZIJS0u61b0nLBefglIKYDEdIXWVTSLa
+QoG6N6SkcCcmgwEsE+PA2c3ZVFXfjhCaxdBp455cPtPiJSbdBruoNoZrxM5LFyGi
+wG29/Dz1CegDwQkPXLdliDc70ycIOJLWCeArXAcnUJY/JsowtGxk30r6Wufg3n5X
+DSlWR3fPgiTuKXOU/AhTTzxc1QX+fPpU0dyXD0veDDJBD0LVWGxYj6RO3YB28YWv
+9DgQ8hYM8awbiDz2GKg5bp63PFtPHVx94OuQ/yLVDhs00emTM0fsMA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21.pem
deleted file mode 100644
index 0a271fcdc0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBQzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOYG
-d2HszTJIsVTazKriCUJ/ExxUo4U4HEZN9+/XVXsQVkZYIzWtyCTC3IFmSAyb9ZED
-Gu3jmF/evXpfNXmxiURUu6W0bLEpIkZiVpPpTKqoJx2EHj+wXOfe31AD0OmKidXP
-66+LVgIJLWGMr3Msbzb4T3gpKb2ynQc2/XnE3RkbAgMBAAGjgaYwgaMwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFON/hXqOojue7rgS
-HXkTqsS9LlmtMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAnBgNVHR4BAf8EHTAboBkwF4EVLnRlc3RjZXJ0
-aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAJjXEGmrQ1/Muud+NZwajR9x
-it/32SNVvHI+/O7bopout/RnhJudrmsdqGlcSk0KXfcXI22cJOkAYe1M39znxgba
-VitYYLxfsS+3O2pLpMgQMFCZuOJATfAQUlui+dVtPTaIam7jimms5Qam2K2SuZ/t
-eJ2J/rIDHCOrIGktQS8H
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid RFC822 nameConstraints EE Certificate Test21
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
------BEGIN CERTIFICATE-----
-MIICzDCCAjWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0ExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-ZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTswOQYD
-VQQDEzJWYWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRl
-IFRlc3QyMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmgblTsP6gle2uacP
-DDJPff0VnqgTN1VtCh/uqZINqMtzbfcADz7KNpqETX64spwhD8/3m9yEVpJStgPq
-o/mbcf/G2L3+zkx2t7mQLTy115q304S7KBauhK/aen56yKrHOuUv+qmOSYpqZKwi
-ZbobiLq/CMbUfYx6zaM8Bd59VBsCAwEAAaOBoTCBnjAfBgNVHSMEGDAWgBTjf4V6
-jqI7nu64Eh15E6rEvS5ZrTAdBgNVHQ4EFgQUtCANQs2V6ofUY9VPDtbRD+W3O/sw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAzBgNVHREE
-LDAqgShUZXN0MjFFRUBtYWlsc2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0G
-CSqGSIb3DQEBBQUAA4GBAB1qFEM9zKmqItkLPuorp06yLsoL0xL3X+c4ym7JP034
-2kYhJ7SoZFmFbIRB6z472KWbJc17oM9LK6GOt08QBEIHhQk1pZrueBJDrCv8WmR3
-7FHwbkNcRn8DFYiV3//yjYP+bgN142Lj3O9SpuUy/a32bsupo0ykWADqwwY1ntmi
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E3:7F:85:7A:8E:A2:3B:9E:EE:B8:12:1D:79:13:AA:C4:BD:2E:59:AD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        b4:77:73:f7:12:e7:d7:20:9a:bd:e1:00:a8:b1:6a:7a:65:1e:
-        8e:56:c9:ca:38:33:7e:d5:37:41:c1:e7:95:a4:81:ab:9b:40:
-        31:1d:aa:6c:14:f9:19:e4:3f:85:6b:24:ff:d6:bf:cb:fd:27:
-        a9:65:35:5c:b7:6b:82:87:b7:e1:c2:4d:34:ca:42:5c:46:66:
-        45:11:d2:c0:48:0f:08:8c:b0:a7:58:66:63:9d:ae:0a:68:0a:
-        5b:5b:ee:fe:12:93:77:03:90:6e:a4:8d:32:2e:56:56:cf:1f:
-        85:b8:95:52:f7:73:78:5e:d0:04:66:2c:8c:ca:78:36:da:43:
-        10:07
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0ExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTjf4V6jqI7nu64Eh15E6rEvS5ZrTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQC0d3P3EufXIJq94QCosWp6ZR6OVsnKODN+1TdBweeVpIGrm0Ax
-HapsFPkZ5D+FayT/1r/L/SepZTVct2uCh7fhwk00ykJcRmZFEdLASA8IjLCnWGZj
-na4KaApbW+7+EpN3A5BupI0yLlZWzx+FuJVS93N4XtAEZiyMyng22kMQBw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21EE.pem
new file mode 100644
index 0000000000..00a5e61442
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 23 43 2D D2 5E 36 CC 16 FD 86 12 BB D5 0E C8 08 99 18 ED 9A 
+    friendlyName: Valid RFC822 nameConstraints Test21 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid RFC822 nameConstraints EE Certificate Test21
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA1
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBrMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE7MDkGA1UEAxMyVmFsaWQgUkZDODIyIG5hbWVDb25zdHJhaW50cyBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC5yv2YRIEhQf1yjI/+8BH9zoj+WkwrpoJikq3h9IAR3QF1b73DUngYZizZoxi4
+zFK3hJIaln6yaq4VLKImcJzGwf2H80nYKD+cKEo5vFiG9qnm7m6so2sUDT5YYW1w
+rGHDO3qJNlzF3R9cM4Fm/hi7UpABHwWqJ4wApX/HkPg0DQ0JXsgnCS4vr+uIgCbY
+m762QCDH8YvxEDWjj/xy/BhCVb6Rzb4wzJE9DD0+8+Zr3UVKhoPQWsNT68JFLUd4
+t8lMndnhGqQj01atU4lrq1T4bXO4USw4WUYM1Eh/9KvTfRxBlIvrWkEe5UamC1nT
+HxlrUqXfSg+69bXgh89wKqCTAgMBAAGjgaEwgZ4wHwYDVR0jBBgwFoAUyGqOsQ9L
+qqWIuKePkdvqM0ro1eIwHQYDVR0OBBYEFGYJoy8FC+jXyi0Q7O4CokLJZ2PUMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwMwYDVR0RBCww
+KoEoVGVzdDIxRUVAbWFpbHNlcnZlci50ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkq
+hkiG9w0BAQsFAAOCAQEAPS+Re8+Y16TsC07sv0TLKtOFqh3WUaKg0drF7pmruJc3
+xmc9ACF5aBvAOGA/4cVaVQ6qEtA42TcqxRj4RJynb2p6Ay4DAVRYnWYeYH6rjFOH
+a3xE8zXCrUUGpnYYP27plJMDhaM/uR3NUo7Tp9MagVqv/Iv+RUUQi7Hj8vWg5J0q
+ggpJApU8GeqyPsU81Hh4ZXG9go1iQN/QH7p1uYpf4OImMTfsE6RvV1UXNX2fiANt
+1XrEyeYyCl0LEdoo/+vZmEj7XuBpVTHTdFtGDfnzzWyLg4K0J+1ZIsHXtivhnrSY
+aM5R0nE7+ziQV9S6U/zR62TrkQ66aMoxzN4SHgYD2Q==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 23 43 2D D2 5E 36 CC 16 FD 86 12 BB D5 0E C8 08 99 18 ED 9A 
+    friendlyName: Valid RFC822 nameConstraints Test21 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EB8AB9A7AEE01546
+
+UZAlaUbmYe/AhCF0Q2dNOjEozcyEB8Ehh/EZCOmsO8vgEbaUT06tbiqpnOJBHdVM
+O9ke33cg54p4g88LVCQWivkEopFW39r40Zya3R6GBP5ewbr/qIIxA7IbDpUhugMe
+FARBWk/521qovA3qcp4hB5PtRIR0+aVaQNe+iEISRMrBlr/87u2rw+shuQnP/K/V
+optX+6PVMQxTiJRMCaJ6EgAF7bgU0ti/3/1r8MBUqpkMEHUCbu/v9i2YdfGWKzpD
+DgL0dw1b43R9hPOR4vP+ytBp3hltSXvqeg4o8dNkbqqqG/Gb5+X5W8de09AsuBya
+rS3xhidIq/L+EclCKCM89zVcZlbuf+wCPGw9Ob8FPIDASw3hk9RCHg/rlXoBcHZw
+uzU2mrsMV4IAwK9ydSAit42DT3FH/s6WlePt64FRc7kMJCqA83h6pNa2f+kKKUGV
+SsIfc64I+6sJWp4qN+HGTQm4dIp0U6upBkMKogwrMtB4rPmGRCxyEK6TGrVj3NJw
+P2wwyKhm9CxsCF56lkDuBcOqUGu473Pqm9ylZ6HaNF3nMShYL0f2N//5w9OPbBUH
+lFWWXj/RVTBnHjeiFKAjJFGyB4kTihC2tzwbufT+o0TV+bq/MTYjsN+9+bm/vC4M
+kVrvvXlRMVOUoVKBqTSWeSD3pTnd4FQyYivNQdss8w/8LHXCv/VTA1IjQwiBEx6q
+KKAXXCXXrN3rjaEMrpov1tEztDHn9lBX/clH4whJ+AJ3Sdcgolcuw/9dhxRFfG67
+XK8QPDnUL3YGarueoOaQloneUHTJSEEsVFaMk97S1oAfOzW0cjizWGHYQU4RRBJk
+4c2J7opvGlpci2LeGb+4ZWvJ8/qLGmLPwtmqNgNWXvRRvs8L0I9KZqbgQ2bGTSWJ
+RSx+ErLDj7qw88xF54DJuivLaREKctKzkmWTSAJq4oWh3bbeSKO4B3HnrE3YRkEK
+SfkspCCJmEhrXT9qQ2wz5v4lqO6VO5PZ1NDGIKcxRhNatjFHQ5smCaN/ek2mWIFy
+0o8sLsVojXVAYqHiBaDwjJs30MEQIliS9sUQOqQb9DPg3Tjcjl0/yLYF/WA41KyA
+SWdNIZ9uRTJeBjoANDseUNoAnWXus3aYb+ZIhgugwqwVFX5FSp6vjxXBGQaiYuz7
+tg5u5oO6BZpVfb0ITuRWaZWbbkoN+nPKoHOgY4Zd0P5RnLfJMHCrbGotmSleOcj1
+zWgZEsi0yFU/GobJUYHDQshKIG9JIchLCHK8/gtXN/rat7JIFdGDcQlYHZn9UpQS
+iC+vFmfwCkhMmNBs2PRIt6aCAeYSBSuM/IXIVhCxyGt61NkppuKcx98/7s5DglBM
+AKSxyGwiyf8Z3pQTIczcDhsjJobD37ygmdGLuOlrVBbRRbttZiPTwq2t+lJby7Zt
+3+STA22gzy3LxCWenKg0laVanUfdsAZGF0Z02JiZFInA5FlkFee9rrjaaAdWtw5j
+A3Sc9/0r/rzrpkZqJKc9KHW3DeiJhh6cNfPyRAgv0GJw3N9S6Y0Zc/jO1n3rIk+5
+wGsXZEim6V/2ejC+As58ERaKI6y71v3Kj54yUKIpvaCJkT9TmLnnpw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23.pem
deleted file mode 100644
index a73a4af25d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMPZ
-S8+5+/2AgG2N8tsByPeKGxCC5bOrNXho0b3fSjvK452P3luNUPIf46KvIBU6UYAP
-4rGMqcUdmgFD+PdXq6TMW8bWNuYRICw6c6ni5uyre5bovptoJCsmBw/IqinDoqbO
-Qyoq0YDltds+lSROlTUCA/7qOBHOdwpcjhVfYJSJAgMBAAGjgaUwgaIwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFBQbKzZmdEuTqzFV
-h6QxqzZjbzXJMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoEUdGVzdGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAsOYxl05xGFDRHUO8Myp9EM/X
-ahfChzUabmgo1Tqpk+TLbxcZw+GfesxOp+jCd7jtTBJKhB0HeX1vaCVUpURbWEAt
-fuE35slQQr/c9dgwCw/JwBNdkFFT2z/73nDEN96rUK3GYs2OO8OJVMqdKb4iBUxH
-M/bZyCy4CB3+hthr4to=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid RFC822 nameConstraints EE Certificate Test23
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
------BEGIN CERTIFICATE-----
-MIICwTCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0EyMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-ZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTswOQYD
-VQQDEzJWYWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRl
-IFRlc3QyMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo+cdyq6LQoFUo5dS
-h+bsp1TvEaw5776yXg8bXkMcTO+fJGshnWYoTUk7mQwcFnYm5+dQzSLHZTh9dgR5
-5m9ZSKGfmbnSINvGuU7oo9cqEwKrCRzqj/X6MUoyaxQyDW/ft2mTXpPCGrzDaF/S
-52lsNu/rubHKKmmb4EaoVJaWHUMCAwEAAaOBljCBkzAfBgNVHSMEGDAWgBQUGys2
-ZnRLk6sxVYekMas2Y281yTAdBgNVHQ4EFgQUDEZstH+dSCRcJPrmvd6knN2jPfIw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAoBgNVHREE
-ITAfgR1UZXN0MjNFRUB0ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQUF
-AAOBgQB4NROaQv0DDKJDl5t44LQ0cosk4/w98WmDCkXF7RVxhFFMApnHJBOQlEPQ
-CnC/fGcChW/KnYKsDnCSAPJiq4D15SYa9EVMa1rw7wCotCVbvjfJezZrheKmMj0Z
-nxIJIutwJ6pOY3gjJRxCRNx18S1u0vhD93uN36wKM1cuWaA+8A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:14:1B:2B:36:66:74:4B:93:AB:31:55:87:A4:31:AB:36:63:6F:35:C9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        47:93:cd:d6:9b:31:b0:dd:6a:d8:c4:e2:5e:3a:73:cd:2b:69:
-        5c:47:1a:75:56:6b:56:1c:a4:2f:c2:66:4c:6b:a4:9a:86:53:
-        fb:26:39:3e:61:d2:14:1b:85:1e:9c:f0:1e:ac:c8:c1:73:a5:
-        c3:29:1c:c6:12:21:08:4c:4a:5a:d6:1d:21:4e:eb:7d:16:14:
-        a4:a8:18:07:2e:e9:31:ef:39:ce:f8:6e:2b:d7:09:c1:ad:be:
-        6a:c3:d8:46:24:95:12:ea:cf:2c:c6:84:50:bf:78:31:91:79:
-        35:8c:02:47:d1:11:0d:aa:55:34:22:d6:d4:a2:ac:be:b8:07:
-        60:3c
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0EyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBQUGys2ZnRLk6sxVYekMas2Y281yTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQBHk83WmzGw3WrYxOJeOnPNK2lcRxp1VmtWHKQvwmZMa6SahlP7
-Jjk+YdIUG4UenPAerMjBc6XDKRzGEiEITEpa1h0hTut9FhSkqBgHLukx7znO+G4r
-1wnBrb5qw9hGJJUS6s8sxoRQv3gxkXk1jAJH0RENqlU0ItbUoqy+uAdgPA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23EE.pem
new file mode 100644
index 0000000000..c15eda6bca
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 87 06 91 82 82 EA C8 C2 CF 2C 97 9F 19 BA D4 A5 3B 4A 4F 57 
+    friendlyName: Valid RFC822 nameConstraints Test23 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid RFC822 nameConstraints EE Certificate Test23
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA2
+-----BEGIN CERTIFICATE-----
+MIID0DCCArigAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTIwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBrMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE7MDkGA1UEAxMyVmFsaWQgUkZDODIyIG5hbWVDb25zdHJhaW50cyBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDH97Obgu2TXLwsB+kAldNq3ukQyHc30y36W7dtTniOxGsEMu0pAGqDCLjHvAcM
+NnebR8UQCYbwW5ooli8mhSBwbic2vrs4ox/Zm1wSePT4QlcIme4mru3mL4cDx9jK
+gaRBsa3pOtanpaT2pcK+9PK1RPJiivhLwdBdg5u8TQ50te+QJpbveTyNEP6fd2d4
+0B3ebPIGwxnAZ1OJw8V3nbH4yrGsxHebvPkTooDkTVOW3OkWG870k2m4UgQTs0bK
+Cr6nfMZLh9UHHHSqkhKPATYBUEC78qGG+dJCYmv2ufkdD5Y53WmcI7I0ox5MDBOi
+PProYl1M1eoY3Djq1G522kJpAgMBAAGjgZYwgZMwHwYDVR0jBBgwFoAUUYDN+kly
+SDztDk4Lzs4fQGUScKAwHQYDVR0OBBYEFBekOG7BL12uA/XHxR7u1gLCDUlLMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwKAYDVR0RBCEw
+H4EdVGVzdDIzRUVAdGVzdGNlcnRpZmljYXRlcy5nb3YwDQYJKoZIhvcNAQELBQAD
+ggEBANk0lkglDUSef6Hd7yu/Gqplwo8xx3HVg9x/+T2pIKeK+hd+K97gt0ZEzjjw
+5ul4LabIQFLS2hpT0F1jc4tjfh4pITMW6LAUzAae2LFbHguO3nb3X7/gSP5Bm+7x
+Ppk9eZHoIDFqKKnXbzezK/GOIjnK4zr1u9xVOqFpjwjVgXdvQ1EvjydJwrwcygEX
+u9OY5AUCZ2I+cT3K10Ms+bnupLizv7HCcQuQRLBd0B55z5MtiBhwiju8qJzxoX9V
+hUmOVgSzYdLKZRPlRHzNmZoE3wi5cg+8nIZXyk/+CrZGrbN51P54RvbdDGohocln
+egEMHQLtjaba5v5XxfpHPn+wqyE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 87 06 91 82 82 EA C8 C2 CF 2C 97 9F 19 BA D4 A5 3B 4A 4F 57 
+    friendlyName: Valid RFC822 nameConstraints Test23 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,82F1A219404E53A7
+
+R3BFruUHg/5j2+w+XN0/4SVJdWqtKM6U9AiTd8nmxoz99xNvQCxhyhGlcLU4Fhjn
+ED37DGduwuDNnD0xXk2KJuy5lCj0NMIbIiTTTg211ECGNet8/fYMjJ1xlnbAcdJV
+w11InQRl/hYPLkXrjQ7VJD8EiN/KdLkMRLTBVCzlHqIrwrkLWUJVXQzpMYfl9Idu
+StD0y/+dzqeGNnI2c37+bTzWwgpks3E0kor/3SxmYkl4p8bJb5TEro+24Rr/SrdW
+H08/WEtJObqdAcm6QKQXF5EQtmUk1j+2dAT6Cc5bhGpfzjE8nUbUmLzo20qv9VKs
+ff3c4f9mWBXPIF5Qvp1YYzXElHn/qiy1H0o19xSg1tiOIfqsSqnwYltyQBbrAFjZ
+WhZor+SWdUT61uwyuwOySEOS0VHKARCptex5lyPWsiyRs+pyCMd9uH64fLGg+w8U
+6qZ97C6XlfDHT19w04CrQkTSdYav8xqu2PJxKeFBmREszayXUQP33owh9bKVb3nd
+CZVPykBAZJgA5R6ajjvqHhUe3ilw2DZ+XB0QOgSf2XjK3gnpyVaygAh5nExUeCG8
+IDojFKEO7ZK6RodfWA09jeASttvwgFLhrWcNl+y5SGj+Bj3h9Ae7NrPxbDvXfID4
+JeAQ9bsAX2NdoUIJT4tt3ZLV16qoEDubDUbTeKBK/WFk7DeSBUM3TMsMpqZVhDIZ
+neKPt3W+wLQ/YywwaF/+nd2Y/g6iKFQUvK225WJBLqnww41O9EFgrJBGTJ8r2G43
+rMyjY9nHZG8Mt8gasR+0Gr60SG5ZSTv7WATFIjWacptwQYqNPG/aSivz+q+kypUV
+wq3jIJ1nD2Q6Z+JXmkJBdxrFs0OOfjpWxl6+YhPYBed4pUy2J+PtNQ5gfHcBfnZm
+1mutaMCAJeRLZ20YP7zjqUMbmPoHXqWrYOGH5fna5jjRj/ra2E+CULnlU1c6WES6
+qspypZeomFoDHA8LthhKPWQfyKZ+d3a4AbV/RWG85pEkN/Nq9dmk0We4orRi6sm9
+p87zabdO7+FacDYS8L2jLBpu7zZYUqLBIa4wkUEHKK9iuCzs4Ce6q0pX7JcQuEbX
+RkggqEXh9GpR1efuvZkr5c1CXZ9ib1mKO5fc4OctMNw0nea467biReXYXgZZ+2jZ
+Gx8zOGZS/r/DtCWu8BNdcM6flNMi/ZOcSODRGkuvQEwp/xVO8R6xAaGbR6LIzGRw
+nR7SZm/o4ua9by+Avs3A2gmfsgThOR51BOdV24y45h7JiEG8227ujkQs8RHORWu3
+gIoKZ+Q9HDfwH7v+3NaD/r9U3DzUKmcJVj/JLIIXpyMcQHUgW7o3ZzfUDqOd5igm
+dOipz8FDrjmIOz4ZvOKznC/TiPuFc4YMyjp4s3FNrhXegkHavA2OG/kIZ7IhSx0j
+ZJl9fJ+NiJwTK+OX9wQsdA3qlfV2MgvB3Sr4UFVQVeIPHcXhHSuRivzV+8cQYCNV
+PyTNVADRci2QJ7+IYZEv7gEwT2BCZTnriEEEkzxKNARlpQ/4UJY4mdP2aY+1MGaU
+YUaGIN3f80Yh2WVKR/H43lWTR2w5j5P5HU130JQ2npXCSDsSHoGz0rbGNyftAhuQ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25.pem
deleted file mode 100644
index 10308cf5ee..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMii
-1odFMCSlNLo+1reNBLAhQ3rkRllmPUUfznMkHE+tVOXNCuGNSPuCJPQNO5495PH/
-vsBZUVltMrhOpo00ibzoFrcLwaxj5Gmb8rNV/aPwDiRX8frLslhpw+QEjxMZKP8O
-bdOlItBR3dFauvxrwLz1DUUlG7aX/QoEtws/fE59AgMBAAGjgaUwgaIwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFOq3bporCYA2Z2m1
-jdo1pYY9KXgcMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoRgwFoEUdGVzdGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAcyB2R0h4mQZ671JhQ0r6cmPF
-iaEHtdJL+REJT8yGWiERgT/2wh65vHtCierHK8+0aJ8Wy/nJzUAWcKeGESTPVTey
-IxQg08VdFJIohXm1lvJ3hfzgHIcFPk2tXZvYSk3qYllYHt8tGCoyh4p3q4vpyTou
-HcOOTD0ogzE9KbjD3Dk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid RFC822 nameConstraints EE Certificate Test25
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
------BEGIN CERTIFICATE-----
-MIICzDCCAjWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0EzMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-ZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTswOQYD
-VQQDEzJWYWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRl
-IFRlc3QyNTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjlu9aIQ7cGou9j2L
-/SEtM4QWvsfK7siztqNkNsuSWFgr/pOI6y6+WOa6B1E+I7zZryvHOSmqtpBzPOeU
-RX19iAHjT3Rf8LeCHS75XCCtVUJJJ2+pJn8hON1vHSQGgHzD+kOPIOwj0ihYD1f9
-xUMHM6MiPsEODMVFGitWAPl6P88CAwEAAaOBoTCBnjAfBgNVHSMEGDAWgBTqt26a
-KwmANmdptY3aNaWGPSl4HDAdBgNVHQ4EFgQU/PF5qIYkniJoxi4J3d64bj3SNwUw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAzBgNVHREE
-LDAqgShUZXN0MjVFRUBtYWlsc2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0G
-CSqGSIb3DQEBBQUAA4GBAEwywYR5b8qm30lTjdBl+YvBheITfKcGdkhFRgdAZ/qg
-IfBhWHt3xf8SXXLMoEk9jhuyJ9JGSLY6psPYhDhkqswRkPhJgx5yOc2D05JI0CEU
-RSr9LZE439pCWHI/qFp5e0mvQEJthMvapGETXniDUlnihFlzS0Wv7pzlG9JbHmz+
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:EA:B7:6E:9A:2B:09:80:36:67:69:B5:8D:DA:35:A5:86:3D:29:78:1C
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:6d:0a:0a:c4:67:91:af:de:5d:89:9f:fc:df:e2:7a:7a:52:
-        3e:4d:ec:50:b9:46:83:3a:7d:2d:9b:5d:84:8b:6d:ba:bf:4b:
-        41:74:e3:3b:c1:90:73:a2:83:02:4f:e4:04:b8:b9:7a:70:7b:
-        0c:bc:59:f7:db:83:93:00:87:98:53:43:a2:71:d5:2f:d0:fe:
-        2f:c2:46:55:d5:64:54:01:90:72:4f:a2:37:dd:88:b8:3b:63:
-        24:df:d3:ed:7e:6d:da:2f:57:9b:cc:d7:96:67:48:7e:a5:b0:
-        6d:cb:c9:5e:e9:78:58:c6:be:f0:cc:b1:16:e3:4a:57:45:86:
-        90:12
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0EzFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTqt26aKwmANmdptY3aNaWGPSl4HDAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQCMbQoKxGeRr95diZ/83+J6elI+TexQuUaDOn0tm12Ei226v0tB
-dOM7wZBzooMCT+QEuLl6cHsMvFn324OTAIeYU0OicdUv0P4vwkZV1WRUAZByT6I3
-3Yi4O2Mk39Ptfm3aL1ebzNeWZ0h+pbBty8le6XhYxr7wzLEW40pXRYaQEg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25EE.pem
new file mode 100644
index 0000000000..cbd0c58a71
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 88 BB CB FD 18 80 A8 9D 52 3A 36 D5 FD A2 DF 9A 0C AF 02 29 
+    friendlyName: Valid RFC822 nameConstraints Test25 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid RFC822 nameConstraints EE Certificate Test25
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA3
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTMwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBrMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE7MDkGA1UEAxMyVmFsaWQgUkZDODIyIG5hbWVDb25zdHJhaW50cyBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MjUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQD14E0HjPDPTkFDMDJGgWqJtdxDgR9z+/bmgopcNwzghAjljVUrFEJ/WIiwcqty
+QonLqNdWtdXrI/0ZuAEhEohgCTIv6xqlhVmryx8w+J1N3Bg+fTlhymbihunTV7BG
+8iGjnecbPaMJ0H5Evgi1XBruq9ALU5UHsujvPcRnlJPToOe5K1RSdDK2trDPfxMV
+zapzN/pIPSnuZvjPiF1TaRI5fEd8yNYhyIoDYU+W4ZCbqOhTmBUGnKde1dNWtMhH
+fFLGWgbbTt94ZK1oHAHAojeWL/bC4WZn7xKYvf4loyiUUPvL9Z5LL7cFJfH/ww1/
+N7ZzlE2Uln8y2vJyg336IE5lAgMBAAGjgaEwgZ4wHwYDVR0jBBgwFoAUmro5Tdoh
+da/qQcM8bFHYqEWpf6MwHQYDVR0OBBYEFCSLs+Nanik16QFtO2bqOxm18KTbMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwMwYDVR0RBCww
+KoEoVGVzdDI1RUVAbWFpbHNlcnZlci50ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkq
+hkiG9w0BAQsFAAOCAQEAXCL3x2CoR+4+uBv3/rjM7X1cWiSc89+ydAsWHOVgHpI2
+nnxYPijuJTyiINCNQCZ2xReOMbd4IkhnaKt81hThsHlulDhBc7j9d29RfkA3KUDj
+QpIWZaBJHhe1668ETpOw/CHBPGfmPb7GhCfL9wZxeqqTytfgBhXHVd+W+ZOlGUPk
+8Ag1yGqnl0gmKXycSTR5uAAQvzwEz9QM2ZOMWF4N7WVEZMzm1mtZyWlI0MOzEEed
+A0j4FLWEkNh+6wf/wQNpDKNSipLnRXqE78IhKqBG9cR8+PDIjexXNCSZ/FvgU0k4
+PrbtJlt1IBitxYNFyXkq5W4p9jeG9li0wTktImmm3A==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 88 BB CB FD 18 80 A8 9D 52 3A 36 D5 FD A2 DF 9A 0C AF 02 29 
+    friendlyName: Valid RFC822 nameConstraints Test25 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E966F48CB3EA6A19
+
+qsOLayseOi+mrut/xPkTJnpBQxljMYMFBYwJyELQ9UcApYfUXk356Qurl75iUtf0
+zAX+fUA5o4E/Br7kuve26KiSdE/GfGHsaQM2PYgGMyp4paJ/Wzr5LX/9CFgRb19O
+/9+52zUGto9/QPxGXWsmVqveMLIEQaNkXzLOGtb9QANlzf+lM+IAC9UjYJFVVQQ+
+8ces3QEZ/WwjRWV6ViX+keFnhEQiYZ21rtkkP0Ofo5ddNzrySU/oF9DfvFeiuKv8
+dKLbsYmj2pP8Cw+R47k88dskVxmdv8QkfBqothHAuN7KmV1VUeVDO1FxzgWJVyYI
+WCdBzJcgNJCmNgcSMsDCZ9KG8lsjJ0Iw1CMih7WjqsxPk7UwnKiXjN/r8ac4xApi
+PckwSl6/HiBuwrQkYU56JHJTtjQ7qudIdsxrzquRmNS90Zu19H5WH1YlNLdUgxCE
+Y8lMACZTBm1NCcYlkKDXTflcskDj/+BssECjCQx8fSiH1Uao7jarbqWLRujw0yQX
+d7/qTp2B6q+ptgvNjPr3nThZiZ67Mm5SXrpMcnZmstIw/ZjKuvIA1Vap65u3YGR1
+c/wo3tY2Br3ZN+bSo/CZpwbo9r+PVdWXG1xnjMqbVhfX9ASzGMpL/vDhz7YH12az
+ER1MMAr2fj2O41mnfeFw2V50aUtj4v5CZCvdXv4+jNjkLV3VQPaNmVqT18Lvr4vg
+fC/oXKsa5FNm+5IN9Hdd+GDZgGDHuvavfVhF1BwUhlH96A/7ZUFFzIV/ztftLY4P
+tigYL2XhxIkdCLhgz+lEkK4lm6E95JXDSwsQkHw7USqm9C3ARktNLW+HdL/ccoV2
+wzoWr9WQ91TKvAToE8W0TlW2OCneQUyXxMLI06dp9OyB9e021B32prB3D2gNlc6m
+BBf6ZWGtUSts8ZfXStgwj9ZVUhHRA6Aax07EY7fiUNHsPEm1iTOsiNm9zaunL2N4
+yBiN85xoFxYqyuRJP87jXRghCr2z66gxY1ShqCWPKRm9rZxlQpjgCS0lfLl9u42W
+5Lie5fgQmIHDiXZsrV39QHisendf0MmazW7SCU0Qwb/ZMLipviDvkdzG3R4qmieY
+fEAkzhJQlG67ULT/NYWf4h06un+BywOipUYDTUBZE5M9HPhfMvso3eW40D9NhaSI
+2BG8shP1/LKn1tvUqTHsrIXCa+D0Ir5yKDxoYt8MTrowNCcF1JpOa9Not7PsSebM
+1VtvBj1rWmuSKlRxWxS26eEbhg8N9i5Wnt9i8GiysGgpxlYD3UsTFuZKpCJyt5P2
+h7y9MfXR7ePZssUwL6ioqT+m3G74ZxUD/aLx93pRweze0gkHd91qcsz5TkB4K5Hz
+l/yyGp61nDPsvBLa+1BH/a4jERlzDx6LA3BbPeciZXBPurhVx5AyRpNmwDFOx5+H
+D4sfInJEZvRKRQiz3JlonipdNic9+JTzxufcD4g3CdAOAB8R2hf4/uvTqYa0agqW
+GrNftdaPnzYt7WM5JdOUkNNwHFfE/PiziacuMz5PWdi2VNjj7VH3g3/2HVqWwRzp
+MQTGF3gePbYZdekHCSGWNe0fgaH+DYsOzR98qbK7Cr/BMurlXyQcKE59NGu2UIZA
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest1.pem
deleted file mode 100644
index 4ac8a81b17..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest1.pem
+++ /dev/null
@@ -1,264 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid requireExplicitPolicy EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubsubCA
------BEGIN CERTIFICATE-----
-MIICgzCCAeygAwIBAgIBATANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAqBgNVBAMTI3JlcXVpcmVFeHBs
-aWNpdFBvbGljeTEwIHN1YnN1YnN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQx
-OTE0NTcyMFowZDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMTkwNwYDVQQDEzBWYWxpZCByZXF1aXJlRXhwbGljaXRQb2xpY3kgRUUgQ2Vy
-dGlmaWNhdGUgVGVzdDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMtxfTwK
-0K+ya1KGbTjYgKKhZIQ/LGTa7Dspd7Z5tOgMptNRXcZxWTMotzRgl1ndDpQ6VREk
-JM/VBmbP67g0jwIe2n0QcTFkThPANsyPkdUBXahvmC0VEeIMHnflvqjN4vfK9guc
-6nG0XfBZ4/Jlx6SFvgoO6wm6XNtrMl32qwUjAgMBAAGjUjBQMB8GA1UdIwQYMBaA
-FJTXd8VxKtTTGW/0USC22qwIMuOvMB0GA1UdDgQWBBRUf4tLtvX7PjlUltzRvRgg
-phdo6DAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAnReGZHvu3NJz
-B3B+qMmyfqUmW5eMxNjHymhuRDw3NXTmT7SNUL8O/NC76haxw/5HDE7rVuvGSPl1
-qhciDJOmTF1o09zDDjDM3tlXUvqC2Natm/Xew1+Hy4hfzY90CmlUuUGpKpzQ7SYt
-mHl+zz1o+9Y1jZSK4yDs5xcPnisoUjQ=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 CA
------BEGIN CERTIFICATE-----
-MIICkTCCAfqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGnJlcXVpcmVFeHBs
-aWNpdFBvbGljeTEwIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-UTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSYwJAYD
-VQQDEx1yZXF1aXJlRXhwbGljaXRQb2xpY3kxMCBzdWJDQTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAvWfbIMg2LdPn/geH8Jo29/G6XSDCQm/MPINuucCdUSjA
-PBSponYKGMQNY//7KhwbVj2hQlgl8U6gw0rvIml4YaZmR3SPUXl2O0BXiiFQX0Qi
-bJ7NRaPcgrg04Fl+W19wk2Q2qGBrc1rMCDSG7ZBzwqtJssJpgkb4GSnoGr9FEKEC
-AwEAAaN8MHowHwYDVR0jBBgwFoAU8+kmmZYGhsTVonvsubClbjYNFUUwHQYDVR0O
-BBYEFKNDYb56GPOuZdF0vMDzMPzWBjqUMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAE
-EDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOBgQCX5vf2fqbgsOCFDqP5acUsKiSiuP31Oj/Fy1e0Y1LBph3ZtxRTkqZGIUI1
-imjbT64NLWvt2MMmfeHOlEU/fSRxevhRT+yRUmfaJuw9NBepK1oxpRtJ5tu5cr7E
-WyJMT/zv3wRloA23Feldchzxg6rqsM1LybyAtXXo67sc/EUxdQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBKjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMacmVxdWlyZUV4
-cGxpY2l0UG9saWN5MTAgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMyF
-/T/s9w6HU3LcURfJCjhjrP4PxbYbTP/c4wcq8vtx+8gb8P6jkdDvpJms19NcshfK
-DnR2b+cp6PfbAWx31AqcF2ynuU/C06PG/GQvNUhC69RziLxcHSMkThbnbN86ccr6
-d1WWb3Mxlkmtc7AhKHmORoz/Kd0b2Poi7L91o7+VAgMBAAGjgY4wgYswHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPPpJpmWBobE1aJ7
-7LmwpW42DRVFMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAEKMA0GCSqGSIb3DQEB
-BQUAA4GBAC0Pv/aS8/3mmgB+R0A7UTvUGedE/M+DOOM5G8+dwZHjApQbuHYZjwQo
-Yrf6759MH9wKAYOcaJTgFJWFJuwjBJuWQuiglk8tcKmufVqHgRlCsrKtz312inHV
-NfxuGrViA3gp1Tr1fiXjG0gcgyT4QEnripDTLKvpHbOtMWZB6hSS
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subCA
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTEwIHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowVDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSkw
-JwYDVQQDEyByZXF1aXJlRXhwbGljaXRQb2xpY3kxMCBzdWJzdWJDQTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAqwkZLQpMq2d0v1R/PA5wl+lyQlnehOszQk2U
-0zfHPGI4vJ1TIZZXYpOjVyfodG1wdwO3RCHLzguwsbk12RVNTls+kF2Wu3LtLtMi
-GSKx/imJiKw+ARw6sqBHmrNE9L/1C/e9rb+Su1kZ6WrtOfSAG8EpySytu9zTbGJF
-1YbZT3cCAwEAAaN8MHowHwYDVR0jBBgwFoAUo0NhvnoY865l0XS8wPMw/NYGOpQw
-HQYDVR0OBBYEFG1oMf35X1L5+y7aRMLPezaZ2P8pMA4GA1UdDwEB/wQEAwIBBjAX
-BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
-9w0BAQUFAAOBgQAbOLTRc1DEC+iOWixska5o4gEOfAPSHWymjRYit+VYE3JdjrP9
-2hbIGQSrLlK8QQ0+9VkNsfncjCydV7J6Q3c1rPNCvd6dlfAzy9DfnXADu/vZuxBs
-pJ3B4EuSv23hMHzjoNnv/iGUnzkrLGfMPPYlB9t8jrbySU1lYX8FcD6YCw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubCA
------BEGIN CERTIFICATE-----
-MIICnTCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTEwIHN1YnN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0
-NTcyMFowVzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVz
-MSwwKgYDVQQDEyNyZXF1aXJlRXhwbGljaXRQb2xpY3kxMCBzdWJzdWJzdWJDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuj3CUHlGX/JYo4Qsdmbzns192OxE
-IC1a8Yc7HhN9/IeStb9BATFCI4MyFiHofxoFG+oPzs4nRkOqmOju0VXYhfu+01j4
-LTKp2iwNleLbIe5CZ/PWasj9ixJfWeMe19fszNKvtnBmn+rCIqimOKmKPh7FIMgk
-IImKUwZ2gV41wHkCAwEAAaN8MHowHwYDVR0jBBgwFoAUbWgx/flfUvn7LtpEws97
-NpnY/ykwHQYDVR0OBBYEFJTXd8VxKtTTGW/0USC22qwIMuOvMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCQJ4CoH8d7JguvuXoxhetUWQz+kj/kW1kbW/vjxhHE
-Ux4rnRd8TUhpocdkzp9xRLF8BvZFw4HwwFbys4rENFq/VpPzIFqIW59j1bvSQzjN
-GWZp1MtaQuhSGtzwc4dfCl/1ozQVVkcjpT7n9iZ2JMYNGKLSmmuFMMLGoViVq0vo
-mw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy10 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F3:E9:26:99:96:06:86:C4:D5:A2:7B:EC:B9:B0:A5:6E:36:0D:15:45
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:82:73:e1:99:5d:9f:9c:27:57:43:f6:74:10:b4:76:e1:d6:
-        bf:9a:de:84:8f:9b:0e:a6:ba:9a:98:06:fa:ff:c2:a5:a4:cd:
-        5f:b9:8d:4b:e1:67:e6:b3:e3:2e:5b:ea:e4:d9:9c:06:42:c0:
-        96:81:40:e2:99:32:24:c2:7b:d1:47:2d:32:42:c9:7c:cd:09:
-        aa:c8:1b:bc:a4:d8:fe:6d:8c:52:79:d5:81:70:89:78:b1:1e:
-        11:2e:13:69:45:28:55:66:43:1d:61:40:fc:1a:78:ea:23:98:
-        44:66:df:15:8e:d1:d5:f9:82:7a:d2:2e:ad:36:8a:03:ff:04:
-        8e:09
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGnJlcXVpcmVFeHBsaWNpdFBv
-bGljeTEwIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTz6SaZlgaGxNWie+y5sKVuNg0VRTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQAMgnPhmV2fnCdXQ/Z0ELR24da/mt6Ej5sOprqamAb6/8KlpM1f
-uY1L4Wfms+MuW+rk2ZwGQsCWgUDimTIkwnvRRy0yQsl8zQmqyBu8pNj+bYxSedWB
-cIl4sR4RLhNpRShVZkMdYUD8GnjqI5hEZt8VjtHV+YJ60i6tNooD/wSOCQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy10 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A3:43:61:BE:7A:18:F3:AE:65:D1:74:BC:C0:F3:30:FC:D6:06:3A:94
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1e:e5:78:df:47:b6:e0:42:9d:78:6f:f5:38:37:a6:fb:e9:8b:
-        00:16:34:fe:da:ae:70:4c:b6:b2:3d:53:7c:ef:58:24:b8:87:
-        a5:c0:ca:7c:fd:aa:8d:ba:2e:76:fd:c0:9a:f3:b9:70:a8:43:
-        13:41:22:1b:51:ff:00:20:32:ae:ab:6d:44:ec:b8:7d:4e:4b:
-        d5:86:83:ea:98:64:cf:0f:dc:f5:2d:52:ee:20:98:a9:49:ad:
-        06:b6:39:4c:d5:1a:94:a5:22:4e:ad:b5:ad:14:64:49:e5:6e:
-        aa:63:9b:36:28:9f:5f:dc:c1:03:7e:7e:c2:ee:48:63:19:7a:
-        04:f4
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTEwIHN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBSjQ2G+ehjzrmXRdLzA8zD81gY6lDAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQAe5XjfR7bgQp14b/U4N6b76YsAFjT+2q5wTLayPVN871gk
-uIelwMp8/aqNui52/cCa87lwqEMTQSIbUf8AIDKuq21E7Lh9TkvVhoPqmGTPD9z1
-LVLuIJipSa0GtjlM1RqUpSJOrbWtFGRJ5W6qY5s2KJ9f3MEDfn7C7khjGXoE9A==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6D:68:31:FD:F9:5F:52:F9:FB:2E:DA:44:C2:CF:7B:36:99:D8:FF:29
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        58:cb:cd:7e:81:ea:55:5b:85:7d:b1:7b:ae:0c:70:90:82:81:
-        aa:5f:e4:5b:99:72:8c:22:bc:2a:ae:3f:d7:0f:94:cc:02:b6:
-        0f:c3:e9:ab:c2:8b:c1:68:0f:12:ca:f0:7c:1e:31:21:7d:38:
-        5e:2c:0e:9f:af:89:48:e1:2a:1f:12:e6:2a:b6:59:98:dd:d0:
-        ba:1e:06:b1:c9:85:b8:75:f8:a9:da:e9:25:6c:e4:9c:6a:92:
-        29:d7:59:fb:f1:80:c4:4c:43:f6:79:5b:60:a7:36:cc:64:22:
-        5f:f7:d8:8e:ba:1c:a3:59:d2:fe:1d:8d:5c:40:8f:0d:2d:ee:
-        11:4d
------BEGIN X509 CRL-----
-MIIBTTCBtwIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTEwIHN1YnN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8w
-LTAfBgNVHSMEGDAWgBRtaDH9+V9S+fsu2kTCz3s2mdj/KTAKBgNVHRQEAwIBATAN
-BgkqhkiG9w0BAQUFAAOBgQBYy81+gepVW4V9sXuuDHCQgoGqX+RbmXKMIrwqrj/X
-D5TMArYPw+mrwovBaA8SyvB8HjEhfTheLA6fr4lI4SofEuYqtlmY3dC6HgaxyYW4
-dfip2uklbOScapIp11n78YDETEP2eVtgpzbMZCJf99iOuhyjWdL+HY1cQI8NLe4R
-TQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:D7:77:C5:71:2A:D4:D3:19:6F:F4:51:20:B6:DA:AC:08:32:E3:AF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8e:42:22:a8:c7:94:5a:d3:72:4c:98:eb:58:30:58:63:41:cf:
-        da:f9:9e:f5:6f:3b:4e:30:17:92:8b:a8:30:bc:cb:ac:2d:94:
-        b1:62:ef:b9:69:3e:30:15:01:d4:32:ff:f4:86:c5:5d:8d:41:
-        46:39:52:a0:df:74:e5:35:c4:e6:08:06:58:94:ba:d1:7e:08:
-        e4:66:e1:65:8d:15:23:3c:e6:de:61:4e:71:5e:5d:24:03:bd:
-        52:ff:85:a9:ea:7a:63:37:e5:c0:e6:78:4a:71:45:32:18:c7:
-        7d:2b:90:16:bb:f9:35:cd:a2:ab:c3:8e:c9:db:6e:7e:62:94:
-        6b:ad
------BEGIN X509 CRL-----
-MIIBUDCBugIBATANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAqBgNVBAMTI3JlcXVpcmVFeHBsaWNpdFBv
-bGljeTEwIHN1YnN1YnN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-oC8wLTAfBgNVHSMEGDAWgBSU13fFcSrU0xlv9FEgttqsCDLjrzAKBgNVHRQEAwIB
-ATANBgkqhkiG9w0BAQUFAAOBgQCOQiKox5Ra03JMmOtYMFhjQc/a+Z71bztOMBeS
-i6gwvMusLZSxYu+5aT4wFQHUMv/0hsVdjUFGOVKg33TlNcTmCAZYlLrRfgjkZuFl
-jRUjPObeYU5xXl0kA71S/4Wp6npjN+XA5nhKcUUyGMd9K5AWu/k1zaKrw47J225+
-YpRrrQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest2.pem
deleted file mode 100644
index 40479f9470..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest2.pem
+++ /dev/null
@@ -1,262 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid requireExplicitPolicy EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubsubCA
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBs
-aWNpdFBvbGljeTUgc3Vic3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBkMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxOTA3BgNVBAMTMFZhbGlkIHJlcXVpcmVFeHBsaWNpdFBvbGljeSBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo5atW4GH
-rxxchJEUckmfckvxY4c4sEEgPZIouuIcHeQAIjEjMhCqHNWrA7WiQLldqLSridIm
-FWVRxn9/wlv3oMMbBlf6xFLjr24zYTePsIFWBk5ZPbMBKcl7XqfeuF4jJ/vh0lj/
-Bi9W9Imt5ZvJu0EHSkQzm+NNis/Tgd4aWRUCAwEAAaNSMFAwHwYDVR0jBBgwFoAU
-PqkwZi+ntCWIhGfJrZiTFfiWzsUwHQYDVR0OBBYEFDLXXehvdjv0hNKAOrzbFme1
-lGWtMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQUFAAOBgQBmbv/fgwsL3SAO
-6F4RmXOfTQTewhDfMQDEbwUJOfg7D09LIcIupI+cYY7iqjUq+gUeiAlMlL91ITlp
-oiKGUliex+bhygei8kSfmwT+l09yz3EPxCfdjY1k88ni+TedHBkoK0p7Q/uFG4DP
-Qk7DgGZ57nrx9maK4io59a/VTPM65A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV
-BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTUgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAKzDYQYB3gcpzJVllE1FhnwJXEpyKjubhg5P3MDpRW9YRYSs
-W1O2TYeX633IhRRS8rsJW22Yzp4tN9M6cXqBTHB2+nwHtREHSxeSei31AnAu+2n1
-Q+XNJ9W5DLbdahLtURESEnEQSyViFMMYQjm7rxvORc/D9OIa4u+tx1ESGOGDAgMB
-AAGjfDB6MB8GA1UdIwQYMBaAFNXihi3xK2gXnA9evyu4ZpmeQxu6MB0GA1UdDgQW
-BBSVhouRNrt6b+KEFZDvRY4BJxZruDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-gYEAB/OvefFEki9VuKt6EwjvNLjvjT1581w8qKpdHgDrYthrMm3JIULpn5zaRqyQ
-KIT8uu40HzKHagNpfdHQ1HNuEQ9qwIAQvtqmtJxqIR+kdeKXw78cN+TJzqaHuZu5
-VTidhmlVHaY/50quu7qqGiIQR4bcYrb4vY+adBBgrpcvUCM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBKzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5NSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlU17
-mwFm/6Yf08lbJU8q1FquMr1IaWlav4Qh1/UUFR3cRicBZZvQNTpxTcn1jmaSj8xK
-Gm9pUmbmbJBqiDYX5p1IwR1nmsyXxnaYD3SYadHlmb2emlzu1Dg3l6eKvaNh6h3a
-F0XDS/S+GtadjpVmuWdMIiWWrEVIFfGAL2VFaeUCAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU1eKGLfEraBecD16/
-K7hmmZ5DG7owDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQUwDQYJKoZIhvcNAQEF
-BQADgYEAjjGl1NeCLiMI9MFNgftmCe1ehHkE+Qr4TSJQfw9qZ5p0SRd2aOxq7km6
-ZwhF/E+wsS1CEwLRWaK7LqCmFx+XacoXjJi2XP5UjctH1tKyJx2YBhYrfzNkECJl
-u3KBUohmTd/aICG6oVE5ErcFFE/evv7LioMT94kub91V18EDgCw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subCA
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTUgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBvbGljeTUgc3Vic3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBANALzpI6Vb5grPqiSrzcOrNfPZ5pbbC4jjs89zo1
-RRGcMLQQt5wPHu1OKE6g2WXvikA0ompVqxKG7qeu/bTIcpm3CHowhRigOk/VJkCV
-Zyv9tdLzlWoiW2elI0uJ4BXsW8oU4sTxlx1/QlJbERwv1BwL5BQD3l02LP4vueE/
-U8HpAgMBAAGjfDB6MB8GA1UdIwQYMBaAFJWGi5E2u3pv4oQVkO9FjgEnFmu4MB0G
-A1UdDgQWBBQK52IWqA5PL7e4PyfIo6lfe0ZrpzAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
-AQEFBQADgYEAmbgnzwSut1UU/jNuzF9ZK+x79DmpTDAv12ASnAPUvZJ8RTQBxYlL
-C/B0gYZsqUnyaEoZAsrSYktMdA2qDedWGFB94d+LVbpHNoNvxQl+0qMTTLh+gO4V
-JIrQ5hj2npLdDHKNi6a91lO83NqsyuITezJ0Nuhbvf9KuApxz069EO8=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubCA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBs
-aWNpdFBvbGljeTUgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-KzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBvbGljeTUgc3Vic3Vic3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALw7Jg17lRmWU52pn7qaLPiV7eLBCvpx
-S7uekBx+WtzvAVxUF+iI8whshUqsC4XzNHTs6BvS4QRwpixRMMMWwH/67kGAEADq
-lVYewPK7aMHMdDfCggIukUpy1DVR3KOc7rnVZ2tGKBbCFhAxPMXBgkketIAVJ1V4
-+3nRS/QGSxF9AgMBAAGjfDB6MB8GA1UdIwQYMBaAFArnYhaoDk8vt7g/J8ijqV97
-RmunMB0GA1UdDgQWBBQ+qTBmL6e0JYiEZ8mtmJMV+JbOxTAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADgYEArpriBQ3ArOVFh+HujQ+8cIihYFG5ri+SairjawVwbUb4
-HatEUky9Nh9YAxGn1YGdBpintIpQU/0WljldKXxvH2yn6hMCNV5ql4hhorP2YfWL
-8+S80IboVToDPKsEdzeAxs5Xeh3BY9DgJPY9RmDgJcXqb6I+1P2+3GIxGDpF/jM=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy5 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D5:E2:86:2D:F1:2B:68:17:9C:0F:5E:BF:2B:B8:66:99:9E:43:1B:BA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        32:06:95:6e:49:2d:7e:9f:9f:7d:d6:0e:3c:b0:73:4d:2a:d8:
-        1d:86:f7:2f:61:f5:39:80:c7:b4:e6:3b:8c:90:1c:11:6c:0f:
-        fd:9b:c3:52:b9:aa:2e:bb:8e:25:b9:f6:75:b7:1a:2c:fc:45:
-        81:54:f6:49:69:e2:78:ef:25:d2:cb:1b:7e:f8:7b:96:d9:37:
-        ba:f4:66:8f:e1:e7:56:96:ef:76:bd:4c:94:0e:fd:a8:35:16:
-        d1:2a:69:28:29:96:18:8b:a5:af:04:00:bc:d9:42:ff:ea:32:
-        35:9b:3d:57:da:9e:a1:d5:e4:3e:e4:4f:4b:8f:5a:48:47:73:
-        38:5d
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTUgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFNXihi3xK2gXnA9evyu4ZpmeQxu6MAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBADIGlW5JLX6fn33WDjywc00q2B2G9y9h9TmAx7TmO4yQHBFsD/2b
-w1K5qi67jiW59nW3Giz8RYFU9klp4njvJdLLG374e5bZN7r0Zo/h51aW73a9TJQO
-/ag1FtEqaSgplhiLpa8EALzZQv/qMjWbPVfanqHV5D7kT0uPWkhHczhd
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy5 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:95:86:8B:91:36:BB:7A:6F:E2:84:15:90:EF:45:8E:01:27:16:6B:B8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        73:84:54:e4:77:a5:7d:03:3d:7c:d0:a6:ea:6b:70:82:11:10:
-        1b:9a:85:8c:ae:3d:8a:06:a3:2b:cc:a7:77:0c:be:7a:02:bc:
-        2f:13:07:ff:83:e6:f6:7a:99:1e:a1:af:12:06:c5:ce:1b:f3:
-        76:77:bc:ef:ef:a2:cb:96:36:3b:fd:b0:ce:5c:ae:30:af:9f:
-        ba:e7:16:e8:f2:66:74:82:6e:75:91:90:b1:59:a9:9e:8b:41:
-        37:42:0f:1b:a8:4e:73:31:e1:b1:53:fb:8a:3d:ee:d3:e4:77:
-        a8:f8:ea:ea:21:f5:c5:be:1d:b5:e3:79:27:de:c3:d5:45:b0:
-        87:24
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTUgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFJWGi5E2u3pv4oQVkO9FjgEnFmu4MAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAHOEVOR3pX0DPXzQpuprcIIREBuahYyuPYoGoyvMp3cMvnoC
-vC8TB/+D5vZ6mR6hrxIGxc4b83Z3vO/vosuWNjv9sM5crjCvn7rnFujyZnSCbnWR
-kLFZqZ6LQTdCDxuoTnMx4bFT+4o97tPkd6j46uoh9cW+HbXjeSfew9VFsIck
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0A:E7:62:16:A8:0E:4F:2F:B7:B8:3F:27:C8:A3:A9:5F:7B:46:6B:A7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        16:15:3e:47:cd:ae:b2:4b:8b:30:d4:ee:c4:1e:2a:d5:84:bc:
-        ca:b1:2b:a9:d3:37:be:f6:11:d1:1f:60:04:41:72:df:ca:d5:
-        0b:74:5a:e8:a7:bd:32:25:cb:e8:e4:6d:c7:be:25:c3:63:9c:
-        43:66:14:4a:0e:f7:ea:e1:83:a4:bf:5e:70:7b:a3:b7:12:c9:
-        36:fc:99:85:58:0e:66:d2:a0:41:6e:a8:07:2e:f7:45:36:fe:
-        71:3e:c4:7a:88:e2:0b:c2:c9:dd:30:81:b9:44:48:2a:1d:07:
-        5a:cc:e1:49:9a:04:a6:5b:c4:6c:2a:f0:3f:8f:3b:04:ea:5d:
-        ab:70
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBv
-bGljeTUgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFArnYhaoDk8vt7g/J8ijqV97RmunMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBABYVPkfNrrJLizDU7sQeKtWEvMqxK6nTN772EdEfYARB
-ct/K1Qt0WuinvTIly+jkbce+JcNjnENmFEoO9+rhg6S/XnB7o7cSyTb8mYVYDmbS
-oEFuqAcu90U2/nE+xHqI4gvCyd0wgblESCodB1rM4UmaBKZbxGwq8D+POwTqXatw
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3E:A9:30:66:2F:A7:B4:25:88:84:67:C9:AD:98:93:15:F8:96:CE:C5
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0a:d7:14:66:2d:1d:2e:49:9d:35:99:54:76:ee:50:80:e2:37:
-        c3:d5:6a:64:02:f2:b2:12:d6:97:8c:a5:75:e0:a9:9e:3b:46:
-        ca:ce:31:b9:53:fe:fb:99:15:9b:7b:35:68:5c:9a:60:a0:da:
-        a9:2d:d8:1e:b8:89:61:89:01:1b:e4:40:76:fa:b9:62:cf:fe:
-        87:6c:95:9e:da:19:db:4c:bd:3e:f1:25:57:3b:d3:ab:94:7b:
-        de:5a:ff:55:63:fe:49:ad:3b:45:92:c3:ba:49:79:45:89:3d:
-        70:75:a9:53:1f:95:d6:c2:11:46:43:76:41:c0:02:49:23:d0:
-        ef:bc
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBv
-bGljeTUgc3Vic3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFD6pMGYvp7QliIRnya2YkxX4ls7FMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAArXFGYtHS5JnTWZVHbuUIDiN8PVamQC8rIS1peM
-pXXgqZ47RsrOMblT/vuZFZt7NWhcmmCg2qkt2B64iWGJARvkQHb6uWLP/odslZ7a
-GdtMvT7xJVc706uUe95a/1Vj/kmtO0WSw7pJeUWJPXB1qVMfldbCEUZDdkHAAkkj
-0O+8
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest4.pem
deleted file mode 100644
index 96f230af53..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest4.pem
+++ /dev/null
@@ -1,262 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTAgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV
-BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTAgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBALoSt6pV4IRQVJ5TV99GOGi3yhBt0wvylEs6VYZL0D677yoV
-AIY3CQWXG27SKUYB8SQ1XC+a1sO4M5Q25mdWLXIN+TUmlNJW4BzLGh6B63bGDSnK
-FG+aVvh8ZvHloIu61d5gw3FokPmBeS0NF6XVBsbJMiLn7TdWeSFqYYTw+awhAgMB
-AAGjfDB6MB8GA1UdIwQYMBaAFHdqs2T1sexRei1lhv8CGH4LSo4nMB0GA1UdDgQW
-BBQHH/BwA0diipbRgYmqAFSJ+JxtKTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-gYEADvf91AyVaeC72JRsi71sKWf3f71NGoRSjxBnKh8VS/G0fIQElDmHHe01TZ3W
-t2zRBZROqLoG10YCxSheQdd0gE0yoqTdcc9l3kr0ZMhgfM4mRPYNL6kma3azT78F
-OqMJAUrnjjMYruGcLm7MLp3Lq2/7NjAN5q3ffuSrtwUwLHY=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5MCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvEVs
-LML3To+EEs99KIoLdE98+LzQkf1wQzrLhuqlF6UH8BJvupeClmchb4TFyXh3mkhT
-/DsdlWlScKGl1KiqKyXIrb5x0AebEDEHylhNhUgn7O/zU7WyuGDE4SU0QNR2T/C0
-mOEbjV9WR06GcmbMCp1GUY7zmfThFrZP2Cfj2PMCAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUd2qzZPWx7FF6LWWG
-/wIYfgtKjicwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQAwDQYJKoZIhvcNAQEF
-BQADgYEAWoBbngBiHa90n2Kdb0iXazi7wmnvtPZxJ2xLA/Ubv9qPzFUwoUM/Ikm8
-6o8sI8TYNuCwwni3ZrQwCfagtNsOeUXp0O86mLIVH7jr9YS2nBtuZdXAnL3lZW5r
-VHXxf0Fnmk+Nx3Frxf7tJfZVGGLCJCabwObF9o6Bgya4GP0FL20=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subCA
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTAgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBvbGljeTAgc3Vic3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAMJOPDBu3Iqmav4DjiTzIKi6FmFd6HGBsW+dDPbs
-l6jZbrkDavBUtuqC5RMVJKvOyWY7GYIsUdgoSOJ2YHl38HO6nXhq3OFO8v0r0kU3
-SRPPM7vpiPYf3eMZm5Z77GT5XuGNUPSkepAfxaN1IEAqFoePT7wsGa9Zg77WcLUd
-nEw3AgMBAAGjfDB6MB8GA1UdIwQYMBaAFAcf8HADR2KKltGBiaoAVIn4nG0pMB0G
-A1UdDgQWBBSwQkkzaPMCKs1UIV3mYuFwzqUjQDAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
-AQEFBQADgYEADXoLz5MBvHFKs5z47OgavmZKJQp+vIcDSOu4QUlIZgmIWcbcI7g9
-GKG0SIg5gXZhwoH3OXx3g5miGPzOi9iFtdkZXAZPX9JHsISpHfB9VcZYTfmW1T49
-ZrnCugvmdUnDLBitS9MKHkyU7zL/ACtlXB82SFbiCS1R8bEfU4Oozf4=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubCA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBs
-aWNpdFBvbGljeTAgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-KzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBvbGljeTAgc3Vic3Vic3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANk012Iq+sazBXGTgqICIE0GnFvathib
-YlOHsK/Iop6+DNGleJoAH6bqvS2ZWtkkIKE7WU3nfDUjMVp3IJyr8WDesDKvSJyg
-zy3y0e+XuMv3QtyFXxESXxHmY62UaILPgE9XMgcyAhOnVU4mQe7ScJDAcUeLgjcZ
-fQdBnGGCT/LVAgMBAAGjfDB6MB8GA1UdIwQYMBaAFLBCSTNo8wIqzVQhXeZi4XDO
-pSNAMB0GA1UdDgQWBBRZ1+jibtd5cIJhiBzPFFLktwdJKjAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADgYEArZnuuewqU0IgdJEU6osnzsuX6E6A4igNSK1ZYUKmhRvn
-eyfrU5kHavTwnM+h7SkVB73S2w+OqHUGin2xIu92RcWzN7NV+oLWldhnYtalSyh1
-KiuKC41mAZweQv1Mrz/+5lIQDOUOtV2JXOjaA+T/JR/qFLo0MoqC+mBxk/w5eDg=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid requireExplicitPolicy EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubsubCA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBs
-aWNpdFBvbGljeTAgc3Vic3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBkMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxOTA3BgNVBAMTMFZhbGlkIHJlcXVpcmVFeHBsaWNpdFBvbGljeSBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvs6xd2Lv
-4717eCUDGaJKN9HVbjqiBoJd9K18OP5hoJ/iyWNR7u1l+p4xbQNdi8iU8UV1hBrD
-RI2jahY2p/rgx+REkxcyhWXFc0qP5hMqbjUD9IuMyhUrwtSut0la+L/lbKuag7Ry
-pWlMe0FQUjnGev5zpdXCY4U9y2a+7jYuOOsCAwEAAaNrMGkwHwYDVR0jBBgwFoAU
-Wdfo4m7XeXCCYYgczxRS5LcHSSowHQYDVR0OBBYEFEEjHrhpuHHNWtHozi2HzhxK
-KgmLMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJ
-KoZIhvcNAQEFBQADgYEAVpfKjsWKyLdcOfar1+Ejc9eyGUzMXt7F1xXSqdnls/Z7
-RuG7jkY1lvUm1vHhVb2yP/OdC+rwwmx4cjxUAm0dNrE82qZNiRqgaaVO3llJD9zt
-AD5gAi0nJqUdJ7H1b3X6Jt9VGTNlc+0ZAEHnaSID1Ym2pa1433XgPPi1/YflkwE=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:77:6A:B3:64:F5:B1:EC:51:7A:2D:65:86:FF:02:18:7E:0B:4A:8E:27
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9d:78:0f:04:94:97:f9:ad:b6:17:8e:65:dd:6d:ec:65:bb:73:
-        37:9a:1d:66:51:d7:97:b6:31:fb:62:a4:4a:21:3b:20:97:7a:
-        4d:aa:ce:d2:95:f7:36:65:77:51:e8:d5:81:0a:b7:62:af:76:
-        38:b7:77:72:2c:90:0b:8a:7c:31:58:cf:c6:1d:da:24:65:ef:
-        06:7e:d7:21:96:a1:f2:62:dc:5d:fa:10:37:01:99:7b:14:34:
-        a8:cd:47:a4:cb:5e:ff:0e:b4:58:69:1f:70:f7:3b:2e:7c:77:
-        b4:33:82:7d:18:54:da:f3:5d:dc:5f:a1:1a:96:f6:d9:0b:ca:
-        9b:a0
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTAgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFHdqs2T1sexRei1lhv8CGH4LSo4nMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJ14DwSUl/mttheOZd1t7GW7czeaHWZR15e2MftipEohOyCXek2q
-ztKV9zZld1Ho1YEKt2Kvdji3d3IskAuKfDFYz8Yd2iRl7wZ+1yGWofJi3F36EDcB
-mXsUNKjNR6TLXv8OtFhpH3D3Oy58d7Qzgn0YVNrzXdxfoRqW9tkLypug
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy0 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:07:1F:F0:70:03:47:62:8A:96:D1:81:89:AA:00:54:89:F8:9C:6D:29
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        7d:a5:df:f8:70:c7:9c:d9:f2:4e:c9:42:63:48:cc:17:87:29:
-        fb:99:c0:2a:11:8b:ce:ce:45:31:58:41:32:1c:39:ff:53:bc:
-        dc:24:df:9a:b5:10:83:8b:a3:aa:cd:3a:23:92:a7:8d:c3:56:
-        83:19:c1:ed:d8:ad:c0:56:79:fd:c0:6b:bd:e9:bb:56:e6:18:
-        1d:02:28:91:77:90:15:f2:44:51:61:81:ea:1f:92:a6:89:84:
-        cf:36:c9:e4:f2:6e:a8:01:11:82:96:fa:94:1b:fc:d7:e6:8b:
-        c0:8f:bd:87:30:8c:84:eb:84:3a:e5:21:42:d1:60:82:08:82:
-        45:2b
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTAgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFAcf8HADR2KKltGBiaoAVIn4nG0pMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAH2l3/hwx5zZ8k7JQmNIzBeHKfuZwCoRi87ORTFYQTIcOf9T
-vNwk35q1EIOLo6rNOiOSp43DVoMZwe3YrcBWef3Aa73pu1bmGB0CKJF3kBXyRFFh
-geofkqaJhM82yeTybqgBEYKW+pQb/Nfmi8CPvYcwjITrhDrlIULRYIIIgkUr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B0:42:49:33:68:F3:02:2A:CD:54:21:5D:E6:62:E1:70:CE:A5:23:40
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        95:8d:6b:ad:bc:a7:38:7a:12:70:e4:e6:bf:06:91:0f:ac:72:
-        f0:da:aa:50:e1:51:a1:8c:d2:d2:00:73:2a:6f:54:04:77:ee:
-        83:aa:c1:d4:32:cd:70:ca:5c:98:62:3f:a1:6c:4a:af:53:8b:
-        f9:0d:7c:50:17:90:f3:e3:93:4d:c1:3f:2b:59:f0:12:3a:d9:
-        25:5b:15:3b:71:14:bc:29:b0:2f:b7:93:c6:93:b0:c1:fa:88:
-        c8:2d:ca:fd:03:c1:ec:dd:0b:95:af:8c:d5:7a:0f:41:48:ea:
-        03:07:6f:57:2e:b3:b8:c6:3e:54:a7:9c:57:4f:27:f4:c3:9c:
-        25:5d
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBv
-bGljeTAgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFLBCSTNo8wIqzVQhXeZi4XDOpSNAMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAJWNa628pzh6EnDk5r8GkQ+scvDaqlDhUaGM0tIAcypv
-VAR37oOqwdQyzXDKXJhiP6FsSq9Ti/kNfFAXkPPjk03BPytZ8BI62SVbFTtxFLwp
-sC+3k8aTsMH6iMgtyv0DwezdC5WvjNV6D0FI6gMHb1cus7jGPlSnnFdPJ/TDnCVd
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:59:D7:E8:E2:6E:D7:79:70:82:61:88:1C:CF:14:52:E4:B7:07:49:2A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        b0:23:c2:ec:e2:e9:c0:87:e9:75:d3:ee:a4:c5:3b:9c:27:c4:
-        ab:b2:67:74:79:f8:5b:cd:4b:20:0b:ee:19:32:8e:8b:d2:e7:
-        67:5f:da:83:a7:31:09:08:0f:b8:64:2a:08:96:1c:78:db:13:
-        af:77:26:0f:01:3a:e1:98:d7:41:b9:e5:86:9c:b1:36:a8:92:
-        bf:6f:cf:62:13:33:3e:1e:79:02:e5:a6:8f:11:69:fb:1e:86:
-        b9:12:18:67:cf:6e:c6:1e:d8:bb:2f:a0:86:dd:66:c8:0b:71:
-        a5:68:fb:91:9e:f5:ca:58:80:7e:27:18:e0:4e:3a:34:45:23:
-        cc:c1
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBv
-bGljeTAgc3Vic3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFFnX6OJu13lwgmGIHM8UUuS3B0kqMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBALAjwuzi6cCH6XXT7qTFO5wnxKuyZ3R5+FvNSyAL
-7hkyjovS52df2oOnMQkID7hkKgiWHHjbE693Jg8BOuGY10G55YacsTaokr9vz2IT
-Mz4eeQLlpo8RafsehrkSGGfPbsYe2LsvoIbdZsgLcaVo+5Ge9cpYgH4nGOBOOjRF
-I8zB
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10.pem
deleted file mode 100644
index 0f10912926..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Rollover from PrintableString to UTF8String CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClDCCAf2gAwIBAgIBYzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMuUm9sbG92ZXIg
-ZnJvbSBQcmludGFibGVTdHJpbmcgdG8gVVRGOFN0cmluZyBDQTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAoNL+uym7FlmTUpQwimiPNXt8IR0+KjdAFbDkTqLk
-zxHkpKBqAjTWzEPRqnhsBmjPfLrS8omVrcKIOBgIbOCoRU098SYWt4/2WRbHhAKF
-kauf7d7NsN4WEDXJmlqiZrJLHDihW686RcpL7luSLrlXVXT1h2dWI08VpDUNrz6P
-L/cCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYD
-VR0OBBYEFDeXpBvbNFU1D8m0TcZ+SxfopIk8MA4GA1UdDwEB/wQEAwIBBjAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
-AQUFAAOBgQDFX488L1PqURnQTZU0RgicEAHXUj3SLP3buSF/vMC1KHZd9JPnmf2e
-y1OGQ0S+B4lNX9VJEnS5f8w5bU0kcpGYQTPuFrTZvNZtN/4ZIZTLauFkEjM8sa13
-0CNwd0zMj/Dl1nQ2z8/wHLnfClEFmJHTZZ39W0jD/Lfg2hQvn43Tcg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Rollover PrintableString to UTF8String EE Cert Test10
-issuer=/C=US/O=Test Certificates/CN=Rollover from PrintableString to UTF8String CA
------BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBATANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzEa
-MBgGA1UECgwRVGVzdCBDZXJ0aWZpY2F0ZXMxNzA1BgNVBAMMLlJvbGxvdmVyIGZy
-b20gUHJpbnRhYmxlU3RyaW5nIHRvIFVURjhTdHJpbmcgQ0EwHhcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWjBvMQswCQYDVQQGEwJVUzEaMBgGA1UECgwRVGVz
-dCBDZXJ0aWZpY2F0ZXMxRDBCBgNVBAMMO1ZhbGlkIFJvbGxvdmVyIFByaW50YWJs
-ZVN0cmluZyB0byBVVEY4U3RyaW5nIEVFIENlcnQgVGVzdDEwMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDDncK1nAho7wt1siRGXkw0eRAeI3uztOfqSwGhT1ih
-XbW47ek9MiPqCRlX1RKOXve8quD7MM0ibzWjiroSxsaeM7gW91nwOZn8V+UfqmJF
-CikNAA17A/y9Nk+IVx8b2VB+Kjixg9HW2ZbqJiSq4Ci9Dkz2mH9sgjI0On0OSLDq
-2wIDAQABo2swaTAfBgNVHSMEGDAWgBQ3l6Qb2zRVNQ/JtE3GfksX6KSJPDAdBgNV
-HQ4EFgQUdLZDDyDir0HSFv0sejwUl8S6IxwwDgYDVR0PAQH/BAQDAgTwMBcGA1Ud
-IAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAcxCi0hkgCRB1w
-uurTKVDyZTQ5ttLsggNpE6uqL+mGyAk/uYcGTxNM1Wx38DDqb+yJnF6CkLRwBk2c
-mEtKFVYwX3s/h+RPe+MO4WBurdVGfxpE3df2wvyYS7WOnd7iRhRirmm8LMoGPLoY
-w40WU1JjVs4Mg8vHt4OpmiFXlrv7nQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Rollover from PrintableString to UTF8String CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:37:97:A4:1B:DB:34:55:35:0F:C9:B4:4D:C6:7E:4B:17:E8:A4:89:3C
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2a:72:92:90:cd:32:d0:c4:99:63:47:0a:9b:95:28:27:8e:04:
-        1e:49:38:bc:54:a7:da:f7:2b:58:34:d8:bc:ad:3e:a4:fa:0f:
-        85:84:fb:49:95:3f:7f:a0:c3:fb:94:07:2a:a9:66:44:e1:10:
-        04:55:4f:dd:ba:6c:bd:f8:f9:be:0c:de:28:54:fd:cd:f4:50:
-        ac:4c:9e:01:e6:92:bf:11:cd:b6:69:5d:10:f3:3d:25:f9:1e:
-        7f:2d:d4:04:5e:4e:9e:b4:f2:10:94:1f:30:0d:27:4d:2f:6d:
-        41:4e:31:ae:20:2a:d8:90:34:32:92:d6:1c:b1:21:99:57:2e:
-        63:04
------BEGIN X509 CRL-----
-MIIBWzCBxQIBATANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzEaMBgGA1UE
-CgwRVGVzdCBDZXJ0aWZpY2F0ZXMxNzA1BgNVBAMMLlJvbGxvdmVyIGZyb20gUHJp
-bnRhYmxlU3RyaW5nIHRvIFVURjhTdHJpbmcgQ0EXDTAxMDQxOTE0NTcyMFoXDTEx
-MDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFDeXpBvbNFU1D8m0TcZ+SxfopIk8
-MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBACpykpDNMtDEmWNHCpuVKCeO
-BB5JOLxUp9r3K1g02LytPqT6D4WE+0mVP3+gw/uUByqpZkThEARVT926bL34+b4M
-3ihU/c30UKxMngHmkr8RzbZpXRDzPSX5Hn8t1AReTp608hCUHzANJ00vbUFOMa4g
-KtiQNDKS1hyxIZlXLmME
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.pem
new file mode 100644
index 0000000000..6baf543712
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 22 94 87 7E BF F6 18 F9 43 13 D1 CF 41 52 7B 3A 8F E5 AF 8E 
+    friendlyName: Valid Rollover from PrintableString to UTF8String Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Rollover PrintableString to UTF8String EE Cert Test10
+issuer=/C=US/O=Test Certificates 2011/CN=Rollover from PrintableString to UTF8String CA
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJVUzEf
+MB0GA1UECgwWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE3MDUGA1UEAwwuUm9sbG92
+ZXIgZnJvbSBQcmludGFibGVTdHJpbmcgdG8gVVRGOFN0cmluZyBDQTAeFw0xMDAx
+MDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMHQxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+DBZUZXN0IENlcnRpZmljYXRlcyAyMDExMUQwQgYDVQQDDDtWYWxpZCBSb2xsb3Zl
+ciBQcmludGFibGVTdHJpbmcgdG8gVVRGOFN0cmluZyBFRSBDZXJ0IFRlc3QxMDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANP+zCkHFztNGKS2jaNu7j8g
+O86LJI1CRdWLEfDjiqoCvEr7LrXRQsQGW79/GqtxZN1fu9yt6eaUBvusLU25JLX2
+johJWagbI4YJdao06kQWtzxk0JRIo8uOjEhAB5cnykYAlGAaRPm5BvMSGlLuMcYw
+80TpK0MtBIoHIa0yqU2+/CWwwFsGf3OKQQGjxpYx3rqL6cC69ybFfREYm6eaC2Rj
+H3bpKBEN1P544WU1ZKsaO3bZXXXa5+ehX+eSalHdOh3KMJxRej+D4xgsi+E9oO8w
+4Rixi9Hb90oZwiO3i2zdgFCd/iwVxk9pUjVAKebqBI4Dv8wsIpF4Rq+/qd7LJxEC
+AwEAAaNrMGkwHwYDVR0jBBgwFoAUtW1PKD/Hu7GYpKml0KhbXkp0s+cwHQYDVR0O
+BBYEFCTnhF1EvGRoOoQ2I1s2vDsOw+E/MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAE
+EDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBADB62jvyJnKCkLza
+PWHwcjg5rGeRYTcD/XvxR3C9e7taMrg8JDied+IzbkItPOq80bqB+mScXHlWSk9B
+mz7fg/Af1Ip6ryhw/fISLxnvHXNWaM7hJcyGJjH1uCAmgm91EDfn7KKJXqi4CkH8
+cBJATJuohy+iUUlOru0ZoeiQGLWO0nkmw+GeIZiztXaKXKmoV+RGfLIAFEwuS33s
+GmrHob2DjHBIgAa9CcP03DOTtW0k/JH62NupGQDciY/dBj75I7eX6tjMGQn0h1vf
+up27UzRHUjBMh8NYpmnvK24LRYQMQC3TaUbaz6gsD9cNYMFiFBXa35AcDjr/Zanf
+H8YRcS0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 22 94 87 7E BF F6 18 F9 43 13 D1 CF 41 52 7B 3A 8F E5 AF 8E 
+    friendlyName: Valid Rollover from PrintableString to UTF8String Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,42F368462FD41A6E
+
+J6jl0z2Xi+k0qZhkOOe3pRwWRHtAwleFoK62+A33cMjUCoUdkMgp93wUJhbUHQ6r
+zJQnl45FJIM9liljaTOeFKbcQgZx6w9ROFeqsBbEjZfOmEV30PNA0ozdK4ojfepP
+PJb9TUCCGOTOaLIovgGf7+tjqK3HR9ofvPtqMfLHnFsGMyNnWhD3+DwK0OT02gnJ
+U7tkc0xxMVJEJpLImZIHf96lI9152SxNBZjDXZeA9439DKDCifE4aSy/hiNdB1qP
+2mXAZFAl5fkLVvm0VQqpPJRzhHRmMnFjp7ACzg+rl90yZEVhW0PXpc6sRC1lKNJz
+YKWJoWmhpNJmdp6ZEhf0FkrMIo/FhGB7ZBmi/45DRV+LxsuemqtW8iKRZL9uKKAb
+9OGdLp9lzLLP5YUwklerFvtCDRDG5VpwzlDKBl+3cn7f4zXGCsVinddDuJDcx7Zk
+KOdKJ84eguNBe0Kyv3cjQEJOLVe0L1XCD+468AlR46Skb1C//gzyHFOYQMUHWB6X
+8S7dHKc9eFvgiN2EAhWwts+7g58qH+FAqgJ+mUs/ewjfIODD0fLhlNDPMyLRlKcI
+8Jl+vVezS5li/83cdNN9irnlX9Bg6CQ2SCK1ajQSfZSWRukp0y2vgFKIDlh5Ipam
+b70eqlO3qEmUbvjV9n50O4h2rex5c3194ci07A87P1jq9KiUztKaa+zorohlkJN7
+0S4YTKmb7bmiO0JeaR5XpAMPu13l1VokOXNeUNVb+5kFD+gEsGkTrwlQP3e0+hpg
+KTTzkgahhRJ4JVq5KuF7MrsEr444nFneO+TqJSY8+h/nDFU+etIuBv5B09msKxbv
+UvnvLR5gKNbMMpICsOk53Z/Bx/q/n+C/qglKQgEYKDfbYaGrg5jC3rmIzWopi7un
+LFwmppV8rgM6tWBjwTL1AmEE6LeLDVGd+pdQutq0wSjw5LMeK2YQXRZYpDFBBvhP
+DpOoSX9YFDLP+DzuIhQir3kBFFMixTpTTp4r14slmwejLk8aRoSohX3F8PxbctEJ
+qaBa8fNBGJVcYRSKzkskimbWA7Y26H0Qdfj8DXYfKRnyXsV1HBIhUqDb1Lp+q5Xn
+TaJ5ZVhTh4CME3tdgAev9LkguC+ddsP4ZEe8FXWtBIa9EbUhzqJVvbL9yXC584XQ
+BRx0SwB5SaGogL/6XJJhdBpinoT1zjwZPd0dqRQc7fC22zpJ4vkQL2KvqNkpBrWG
+rMAOKwkCPphOYItWHNx4nyr0JCrxMzrbEkWSE8aMOpkW2w+xq7iVRcwSPcltYxPs
+pfmJE16qlRjzFCsnrgdP1pJ7gqfjtgaOeV1Bwo7iD1gLKqutHx8oxzAo0NZ7ZAxt
+FmAKN4e3sk85jmOmRrfslsgX2hs4goL3VmviqVHBgPWGsiWqHu/a6Wi1x/owtmS7
+sFkb05Z7ZYtd6G6IsSENo3fTsT+m/uM2Cozj+4SBHVmTW2XUfJMrEVmQ3Ttjq09L
++a5W869ClGXL7Q+OuHmILFfhy6SIlLq1zJo5897bviyp3WvIdGdHcGBgTxFDwNnn
+aQu3o5RtAnJ9OCQp51E4RRwy6vp/HYj+ye9G33zF2efEvn5bpa/u7w==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedDNnameConstraintsTest19.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedDNnameConstraintsTest19.pem
deleted file mode 100644
index 32e7d402c4..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedDNnameConstraintsTest19.pem
+++ /dev/null
@@ -1,130 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIChjCCAe+gAwIBAgIBBzANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMT
-Fm5hbWVDb25zdHJhaW50cyBETjEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAMqEGhcWtsw26V0XQSph1+hgHUlNVe4yFus4l56oS+MKdra/qys502m3Is9s
-KPNUyWAzPUBCaj37+cC/lnojJTpZw0lyfOSeqDAfbcDMzp39U2ujHbqQ41fGTeIJ
-haOs4hUUIapsmLZ/1iETEyHFfB9ib5oSCPAMvRtDEvNwITDvAgMBAAGjfDB6MB8G
-A1UdIwQYMBaAFE4uo+fZ3YungjtBSsOefFkjV05TMB0GA1UdDgQWBBS3rAnyZ9I5
-cWLbrRE1M5H8lPPz2jAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEALE7Y6U98
-nXWJYm65/DslSMoEgBrKSB8w4Z2y+sE41dhd99EFWOwUV3UFoVk+IPgmvwpdpXcf
-n1CZdWh9MvR7lZ4cBiSRoWLz8D5okZPX1HyarXNSQwJjZv91zs3/xi78DUrOfW5f
-nE5txAvRjHP7PrMcb/gatjC2p9oKDpW6+ro=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test19
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBCDANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTcwNQYDVQQDEy5WYWxpZCBETiBuYW1lQ29uc3Ry
-YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDE5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCtryyDuHNmy8nLnEcuJZ6bwOq0A+ka/Kj0Um0Xgd1sop3boX4Rjv1q
-EpvwNZoizR25z5Cw2J3wfdrtm/CtazuoF+2O9M5/g7STTtPUDAhwiR2uRWnRKpUc
-SEQaxHFmfdaPAJI14E5BhrlRRHxHu6kNuENcF5lwuGUcxuL68jhsbQIDAQABo2sw
-aTAfBgNVHSMEGDAWgBS3rAnyZ9I5cWLbrRE1M5H8lPPz2jAdBgNVHQ4EFgQU0BJ9
-iRt74wy57LStnAe8vRiy+8wwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQBX2LLxEBd+in5MEzdLeQNWFBzY
-B9CJ1quGFFe2AfYozACv7MzAiHJj1rU0ik2bjYw3r8mUIOEBuYyi+5syyK97cV8z
-e2FFWRCkUkcOWt2b7AizbFVt0M9IEFnhTsM2nVCeSD+f3wO1IYBzINkqwMqmnejZ
-zThT0HTy6hrX/maRAQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7.pem
deleted file mode 100644
index 4b8f08b93b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7.pem
+++ /dev/null
@@ -1,178 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAOJaxR70a7a1EjJOHlf9fG9BEsSto4MGr1bnQLMud29/o1aka1mDrcT4ehXL
-RT2j2lOFHI+7Cv5UrjI2iI/CWsH+z+PM+sB19pJmrqshzC5FwfeHDzFTUsn8D+5R
-WJAx3NZbB++nDKkIIPql/K61Z8VyKD+3k7nNSHvXV+dKCWd3AgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFKeFECzgAW7nVCNqd6KPFwSv++MSMB0GA1UdDgQWBBSryEEAJtDV
-TOYrVmfs74LEwt3yVTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcBSBfFavoevmu4Jr
-Fzz3LyHSA3rWhajms8ZL6AtVPDfyQaJsZizVZqKYejWLXv3jNCri/c5BBB2XTXdD
-zAQfwr2W2FfXMkNDUWt95C0NOF7NK5Z2XbmFMGaqn8y/rsYv+Zj7zl98yp0efRKw
-JEDyqFgkV/+0sLFjQvvcCdY9ucM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR0wGwYDVQQDExRp
-bmhpYml0QW55UG9saWN5MSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vcxz0dHrlH/i+DaS78z2Y0O98xlH0yo64kCvWxGo//3ZvMZl+wyQwcAOqDnIH20X
-Fi+G9BhwuyzlaqMenvEQFImtvvDspxYtq/xqmTHET1+9rkF0f8Ex8uV9VgGGMJFB
-Kjax2S+jexoGNro4EeLopi6cOXBgeqwkzcpdi0C3ugECAwEAAaN8MHowHwYDVR0j
-BBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFKeFECzgAW7nVCNq
-d6KPFwSv++MSMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGuWkVLrBfOy6K
-Y46FaTMnWYkjBWyjC9mgPrq97h90tejc8Z+5Q7u+WD+f//iSoC19Uy65lnk10g56
-UqaqA7zZQ25N28un3YqnKwS1pWrtUGNiAi3vYPUkmwq+6PJvWAcVl56td6OmQOIO
-hDwXMBUcDUYTCVAMRY5fiMx7ARRmeQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued inhibitAnyPolicy EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGsx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFAMD4GA1UE
-AxM3VmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZp
-Y2F0ZSBUZXN0NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6DBDhDh8Fq9l
-WtOenCnLV5XS52CTXaNqy6/fxR6xw6bm0s2p2D0Br1TeO6qn9oxXMMohGo1XU/wk
-hUbde93GnnMNVlPZqTvaGvcq5OjaE9Y7r/QE+P/dSV/mXJsmIbwbba/n4KqgF6yj
-XfJ5QXz2jEVWKIAESIUdsz8i73joVw8CAwEAAaNrMGkwHwYDVR0jBBgwFoAUq8hB
-ACbQ1UzmK1Zn7O+CxMLd8lUwHQYDVR0OBBYEFOlqW20Og/KffGodN27T80jZjAQu
-MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZI
-hvcNAQEFBQADgYEAaRukvyRgU3wxzMNx2864sByNAhV3ujEGeCMnBn3DLfeM5ioo
-PXYjuq2PEs6I+o55xSX1cGwCtcZHay0MGiz292T5DUrhDJoN8nhJ+yNjzsjB2kpv
-zJrDwMEv5liNVCtbsVNMDCBsje+ukkmbmVVVzpRlnmVmwrWsX58V/pX4crU=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AB:C8:41:00:26:D0:D5:4C:E6:2B:56:67:EC:EF:82:C4:C2:DD:F2:55
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:eb:03:68:bb:91:5d:9a:09:2a:f7:5c:73:90:8d:e8:4b:23:
-        92:c3:d6:b3:8b:81:ba:d2:b9:dc:a1:e4:48:29:a8:98:cf:59:
-        db:2b:1e:de:1a:ce:db:cd:5a:dd:de:f5:f3:91:13:9c:1e:a6:
-        c8:4c:d1:ee:24:10:7c:95:df:a0:ed:4d:f9:a5:16:43:89:af:
-        18:f6:1c:24:b0:70:9c:62:86:07:f8:0c:e1:61:d6:99:ed:7b:
-        88:58:9f:79:d6:3a:1e:ba:aa:52:97:13:5e:00:7d:00:ce:9a:
-        d2:34:9f:0d:bc:18:09:f8:10:2d:c5:d2:8f:d7:eb:a9:59:25:
-        45:1c
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUq8hBACbQ1UzmK1Zn7O+CxMLd8lUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAhesDaLuRXZoJKvdcc5CN6EsjksPWs4uButK53KHkSCmomM9Z2yse
-3hrO281a3d7185ETnB6myEzR7iQQfJXfoO1N+aUWQ4mvGPYcJLBwnGKGB/gM4WHW
-me17iFifedY6HrqqUpcTXgB9AM6a0jSfDbwYCfgQLcXSj9frqVklRRw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7EE.pem
new file mode 100644
index 0000000000..1a0b274eb0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D1 24 53 94 24 5B D0 43 A2 2E 0B AD E0 FA 9C C4 A9 60 7E 0E 
+    friendlyName: Valid Self-Issued inhibitAnyPolicy Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued inhibitAnyPolicy EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowcDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExQDA+BgNVBAMTN1ZhbGlkIFNlbGYtSXNzdWVkIGluaGliaXRBbnlQb2xpY3kg
+RUUgQ2VydGlmaWNhdGUgVGVzdDcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDZ9LivETDywp+a/tfvaf8DhVHn9pKQKbNwVl8fS/Dnb9gyV5pPIalWgCr8
+GoG0PFzmXvqA5eqdyEKzVNIJJyfF1ndYOaS+xs7DHBe4bszm56a+VXus9FdMOTSN
+4h4L+D6C0hG6+ock4Y+TmXhPl+RKa2/S/NSLrXjk1pGOjLgoUVey7USRLSr0IP6R
++6E0Bto5TBPayBPUMRBUnhmmjg45nxAyHYxSsz/K9fhgpYFRfKeRafgV6Ndz83oZ
+KJx/OywOV4e77PD1l9Cgzuc1s5OyWmb1tb440r+o9+FzF0eedHGD66qHmXpyCHJy
+77ojQsHrMacGyDGXF8+QeEox1iqFAgMBAAGjazBpMB8GA1UdIwQYMBaAFIwF3N9+
+ZNtivttLUWSMambYXKOjMB0GA1UdDgQWBBTZpaDF6bfRzvZDEtdOEJNc81hQATAO
+BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3
+DQEBCwUAA4IBAQAjl8+QP5Vo71I9RQDbigx5XlS6Anj0GJ/bVK/WQmZrfHs9JdHu
+FKt7x5LL9AZQ/h7mVmSd8nM2z9KUpK3INlaKV7kJSOvskw3D48KNkD673fJfMkWK
+rcznmtUVKMnkGqDKHBPfGSbXN2XEi2DsLY06Labo1mBEVigtLMxFGJ8OBIMuEtdK
+MlhTISGom3Vs6WjeOcuFwz25vv0AWAJFdv31sFXDcxVvK/vvKkVyAlLJuh0fxw58
+6avoUbtAFZW4gstzibCz+2aYvGoQSp4YatviYArYHYU0qQgYBXk4gF2UZCCJLrmz
+WHhLJIfV/K5UFty8b1PuX2PONdktVBWymOhG
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D1 24 53 94 24 5B D0 43 A2 2E 0B AD E0 FA 9C C4 A9 60 7E 0E 
+    friendlyName: Valid Self-Issued inhibitAnyPolicy Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EE86A044B76E661E
+
+PpQ0NzmkhhL7/s+PhSeiuTrZ00n1/Iqx/QU7W/mtKPiRvjq4MIWkemvB0eQWJt1O
+i/stTCta6axqIvM2Zidg7yLIC9ciT9hGf/adFuH9/o0NoartUQCBxfaHNIRo9GXa
+xjRE6W7RTqWCZbuTyqgZFiIehk7Gjm0lzvr0MBk9CN3lPKnfg5GId8W5b6yLWwcl
+10GsXFezVCVF1yQJN9n18/HwcUZYwqyMISGc8o9LIRGMJn5EU6Kii3YsuUwJnvOu
+1Bpp9L78/tmq8cXTwjT0p6dj6CshTacsjqeMgz6sYZgeAzC/Euf+O3mTv45Ah5Ti
+rD1MgvNfuRFazOKbEWyXqzGcEBnmLWI9hQa7yu3BFcYQFDYNgasiizIvMRQTfwjP
+eeG0r735DZzXf+otb80JIvTyZE77qjua6dGbrtaWON1BhV55O23flLXDTf2ov209
+j5X3G9ukMg1UopzLlxoGkevR8EBXwsNa0AT2BiC5oGdtFYDDL7EfbTkDcQIEx/Sh
+veI9CmC24OLPCsUQUJCmqiUiUx4OOubjFIYqXa0NmcwUnO16i1ry3aTa4aA0lS8F
+6zFbuXqFeSHgV4EeLzqu1eZdenl4/TlNzWl6ZGRfQUzyKVoMUUTfhmskTstLBDlK
+UJ7E/BhZ0Up1tbWfjzWjToVXluOg7Aiy5QVR1k6kl5HKkGxq1zB314loPVMjJspz
+cYYbazKOmhNLuSd2Fzg2Q1jRQGFwYtnym1Sjqr0qJ2reQrmEwsdw3kICt4uHrizX
+FKkUTrTT9+65AlVr4YvIGIf6YMC1zW7hrl8Yao0Os4np46hWZLAaCU/RxyZXtsG4
+/YGVUxT2hODR5zTDELQrWCZegx1d3BJveRWldDlU9QWJWbq+X3AzrK+ggjeoiXEp
+/ZY2hLCechvQVCSByt+8TPvge/2A7YHE0MpB9I0M72QAIGy9vAC6BrdzYkKGkR+q
+ypza4n/gS04YnMcLaa8nOo1mdXpEbPT0mCezhQek/eP6Jqzh4WX1ps8uMEk7b1tK
+NDocSlfMOLqarQaKtiwzwoDCdRSlI9/xgu2vMo58DdfV0mzZrIOmY0F0ysZ03SXB
+qRru66RpHXBB0pPkSwfHyVqBdMw7vN8+yXw4ZBXlUIHMAzmLkNMtwdNurdASPmRp
+SwDk9aVT14IryGSevPfZtnrrVMy702CwtxsBJaDfC6KPEsKpJA3qp87WEkQ12Q2s
+xhDNAr9G+v7Q1TIx0EWb8JQfplHdRIlpr54dpLYDNSm1kjCeGEP71CvqLUY69cFA
+aN2QU7+/bEbJOxMB/wG11UvPhRBw4tfH6eV4axLxO2zcVdPct7wlaTQCiUSwKFU9
+rWj4yTugF8zNfs4MVprNHtjF0dA7TEAkcq+6xMKB7elKvxyFt4FN8Ma71+HcPWjb
+pXuwQkbDbiaPuTprbA3UWs7QySRH4D9pjbVHdcSK+GTpVE4mP1lXY06dOvP6c9P+
+qitoYGCUZLVXXuqTzo7v697aV20+lz37na4bI5DcpJ5FsOWQQwIOruHVY/QJSN/Y
+YAF2a0Og5si5SWvjNQnbxr5gqEfNaiLPGnwbM05s6HPdT5crB655cA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9.pem
deleted file mode 100644
index 2ac5275855..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9.pem
+++ /dev/null
@@ -1,197 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAOJaxR70a7a1EjJOHlf9fG9BEsSto4MGr1bnQLMud29/o1aka1mDrcT4ehXL
-RT2j2lOFHI+7Cv5UrjI2iI/CWsH+z+PM+sB19pJmrqshzC5FwfeHDzFTUsn8D+5R
-WJAx3NZbB++nDKkIIPql/K61Z8VyKD+3k7nNSHvXV+dKCWd3AgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFKeFECzgAW7nVCNqd6KPFwSv++MSMB0GA1UdDgQWBBSryEEAJtDV
-TOYrVmfs74LEwt3yVTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcBSBfFavoevmu4Jr
-Fzz3LyHSA3rWhajms8ZL6AtVPDfyQaJsZizVZqKYejWLXv3jNCri/c5BBB2XTXdD
-zAQfwr2W2FfXMkNDUWt95C0NOF7NK5Z2XbmFMGaqn8y/rsYv+Zj7zl98yp0efRKw
-JEDyqFgkV/+0sLFjQvvcCdY9ucM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR0wGwYDVQQDExRp
-bmhpYml0QW55UG9saWN5MSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vcxz0dHrlH/i+DaS78z2Y0O98xlH0yo64kCvWxGo//3ZvMZl+wyQwcAOqDnIH20X
-Fi+G9BhwuyzlaqMenvEQFImtvvDspxYtq/xqmTHET1+9rkF0f8Ex8uV9VgGGMJFB
-Kjax2S+jexoGNro4EeLopi6cOXBgeqwkzcpdi0C3ugECAwEAAaN8MHowHwYDVR0j
-BBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFKeFECzgAW7nVCNq
-d6KPFwSv++MSMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGuWkVLrBfOy6K
-Y46FaTMnWYkjBWyjC9mgPrq97h90tejc8Z+5Q7u+WD+f//iSoC19Uy65lnk10g56
-UqaqA7zZQ25N28un3YqnKwS1pWrtUGNiAi3vYPUkmwq+6PJvWAcVl56td6OmQOIO
-hDwXMBUcDUYTCVAMRY5fiMx7ARRmeQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UE
-AxMYaW5oaWJpdEFueVBvbGljeTEgc3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCc2RpX4l2ip6DQkyPrZQ5fiP3xdhXT2e4QAznpwy2Z5q9TlYhF0sFw
-yiFNITCwI50K+JrcR/FtOMFTiGkDJdNSD6JJ9KXmV2Ub4/oFXhmdPkkW3+LyckWV
-cpDuhOBoI8E+ni0ZFTuduAa9E8yQX5PKazSSbeERNXFHIdMij7WuxwIDAQABo3Yw
-dDAfBgNVHSMEGDAWgBSryEEAJtDVTOYrVmfs74LEwt3yVTAdBgNVHQ4EFgQU3Ymd
-Zrnid46ozhWkgrKgpMameo8wDgYDVR0PAQH/BAQDAgEGMBEGA1UdIAQKMAgwBgYE
-VR0gADAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAM/wnG9l6jp+
-ViHhfrgGuXyp29iH1trRzZVkRtta2Htz5cEy+DfQ1bKtALeOj+3XycvDjFBK3XFX
-Fj5Kq26Wr29hb46xdtNHFdkYvsyfD9Nmh1OvcqEkW0rmMqtr/+z3bTX+qegUtJ4Z
-vjllBLFSy/60sopz/da7BfJiG3vBvoij
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued inhibitAnyPolicy EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGsx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFAMD4GA1UE
-AxM3VmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZp
-Y2F0ZSBUZXN0OTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqkkaVxrrWKva
-xC65OTtGWaNoO/KVt03UN4EW/fxbAwU79QI6lYLlcnTOpmNlAU9HVGEvunAZ/RBl
-AtZOKSiAGjuEZPkn37sS6SnhR1ANPyNA0KTI9uXIXDKde2sGXwNSbsiQbDko3vdV
-EIfKC00+2GBB7MxARHUpZZ7kGAP4XIkCAwEAAaNrMGkwHwYDVR0jBBgwFoAU3Ymd
-Zrnid46ozhWkgrKgpMameo8wHQYDVR0OBBYEFJf4i3/rlw5BfP8DOFHqMlOM+3vU
-MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZI
-hvcNAQEFBQADgYEAg9u+FJzES1LZQVxwLZwZZ+9Q7q68jcUqdvzV1I0kFxESgspa
-7a+fTUyYDbMr4qZ9zrMbJDDLkwS8a9vSwZJmfLSZYGECYAuTZFTe5p6CeQyToEfF
-l+MA+CUr5ogWe2dpQQ/OmurKn/idqncuvoIpaWH7fvnpOyKcqo27Q2hUhrA=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AB:C8:41:00:26:D0:D5:4C:E6:2B:56:67:EC:EF:82:C4:C2:DD:F2:55
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:eb:03:68:bb:91:5d:9a:09:2a:f7:5c:73:90:8d:e8:4b:23:
-        92:c3:d6:b3:8b:81:ba:d2:b9:dc:a1:e4:48:29:a8:98:cf:59:
-        db:2b:1e:de:1a:ce:db:cd:5a:dd:de:f5:f3:91:13:9c:1e:a6:
-        c8:4c:d1:ee:24:10:7c:95:df:a0:ed:4d:f9:a5:16:43:89:af:
-        18:f6:1c:24:b0:70:9c:62:86:07:f8:0c:e1:61:d6:99:ed:7b:
-        88:58:9f:79:d6:3a:1e:ba:aa:52:97:13:5e:00:7d:00:ce:9a:
-        d2:34:9f:0d:bc:18:09:f8:10:2d:c5:d2:8f:d7:eb:a9:59:25:
-        45:1c
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUq8hBACbQ1UzmK1Zn7O+CxMLd8lUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAhesDaLuRXZoJKvdcc5CN6EsjksPWs4uButK53KHkSCmomM9Z2yse
-3hrO281a3d7185ETnB6myEzR7iQQfJXfoO1N+aUWQ4mvGPYcJLBwnGKGB/gM4WHW
-me17iFifedY6HrqqUpcTXgB9AM6a0jSfDbwYCfgQLcXSj9frqVklRRw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9EE.pem
new file mode 100644
index 0000000000..afba6a5197
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B5 28 7F A8 5E C4 9B 0C 60 B8 88 80 70 72 A6 FF 8A 00 75 AB 
+    friendlyName: Valid Self-Issued inhibitAnyPolicy Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued inhibitAnyPolicy EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIBBDANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowcDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExQDA+BgNVBAMTN1ZhbGlkIFNlbGYtSXNzdWVkIGluaGliaXRBbnlQb2xpY3kg
+RUUgQ2VydGlmaWNhdGUgVGVzdDkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDSWk+BxVIg223wvs2weR2LSJ3WElVnaJjergY5PUJWIpvi3rhr36NcMtCi
+KTKwteK0gjEvuC1ViP8SDvC3F1jPx1mJUeCvLO+ykSWCHnoxo4jdtgUUFFazMkQo
+Emf8o2s8xuGab+Me1byMnlNceqPD3q7ncenZumYeleV50CBz4zrz68rdT1/iRd3C
+tSkQzXE15FBx6VVFimfY4b8Gsx/zrCOQtr7uuxwlKljVZIneyV3Oxtk8+9EuYXMk
+Yig9pZSMVMU1nscG/qoPj35p/fduse+KRpGM2N3EebJjMC4WKI731mkenI5rRSOP
+BIwiLPEi4lYgdX/DfqVBiYO2z3WXAgMBAAGjazBpMB8GA1UdIwQYMBaAFMnMP/pb
+8KHa1TcMm86YxnqJK9XrMB0GA1UdDgQWBBTlOtW6qZkT1fSqlvvdOHn/0HslbTAO
+BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3
+DQEBCwUAA4IBAQAw2XcoqDcFwz7cBnYxG7mEvhoTqnGLOrxF94XpTlAN49BUYfmN
+iQF/mmWo/fA12Y5BwOBcAws7dDB0H428uhtqYBGCxuhzDkIXy3X4zvNO5P5XdrOw
+oel1+zfi4hH3FEKLQmgEjJy2PN2s+JkqZNpxP670/tpp5wwB1DLN2bEc6AARlN5t
+y/pvSd7sVBSXo6FaYO6USn4Fk/m2toWZrCjGZAZCJITWwjwLjQKo19FARC/iUNMQ
+35sIs4EiP8bL/k5HcAZVXECK49Ogr6g9lU9wY9swx5Uudw8/2OstRe4vTQFw99Da
+q6T+4P1VCKTMkXqfc7kR3vey8S1z88l6GO5M
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B5 28 7F A8 5E C4 9B 0C 60 B8 88 80 70 72 A6 FF 8A 00 75 AB 
+    friendlyName: Valid Self-Issued inhibitAnyPolicy Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6585A527E4EBD184
+
+dlpKqskl1Pm3ZL7yW6TyxKoq7GkkWTdiIJrvpIVv/49VHbwbkyYuIKOcysl6Ap9x
+0PbPEWvo30f+03azLNfeh3iqGe802aVEiZLo32zVB8I/3ZBOiNEly4w7mWVlQ5ZT
+80QOz2ZvFG73xCh2Ul2/7LDwwaiaUHWo4oj8wsTCHCKMKIU3RK83Rw0P7LmJ7n+l
+qY9TOAiuX7KoWbsRr/wd1Jf4vKtZttp7ymIq72Az8k4K4HQo8JMAgAq8hkkp0/9p
+u41a5oTK1VyvLwKip8+3pdW/BK7I9iYeIKssoLQDduIDBrw9CuGHSJj2OEeA2wvZ
+M7qa/BOJkbVhxjYEpMh29Cga3heJPImY8vvwOwFPGvykTOB+EHujN/aYVv5yt02U
+2vBidukWnB5w2zbJcq6LsBzvYx93b2N+vrXre4YQU6vcxijHOsDdNGW7pZe/osyG
+UMhLGBofkENW0YOq0Q48haOyHLIMeGToKPD5GdOQZx/UXEdIDye7VHbOPJS1ccc+
+Rf931GDa22kzmue5G/Ee+1jh9z3RilMlfbtyVod+Yd1DrIKLFoxr69vtlTWzo1uw
+HkmjqdDeXzq/VEk2CXP6QtP4S3PQJ+FltnT3F0TBe5zX0FF+wKEbEOInYUZr6kH9
+CeZfpyUEp1JYh/4vgpoRxlruVpEBIJiRMXiRVnWwlWZjfmFSoA94SXx4PuknuwcL
+qb1EuvTYwfEMhZ7qyoiJwVPbHsmG8csGh0DtL6/jkq0xCCQ2oYdrTjsUJFPzmmgl
+fLstcU4dNDuwuJoEgfNXg+PqYrPWYZ1VLFlCN4ECH8CRzXhwbd76CDVJv4PAPbNE
+FprSz5G719+1eXcaNUSG+71KAHH14liTxNdW8LAIX9AwhZ1Z014P1Hd2oYWfBUnM
+mnSE33U9QjNdItDP39HZKpp28P4XS9NSwQgJetV/rVlyausQpjE0Puc18o7NzJ94
++bJUg+2oLpMh9399VBymYD/35kRcF1mhcZlcTvu8h9741bA1RQL0D/bdgQLju7Zw
+pb9dfbNiFgFhcjP3WrYy6L/xZ5ifrmnoKE9iu6hrs4omCebowkmlY20MohRa6Dur
+ZBxIsz/Ol2VTlXwHmr+bWTSLfMcrvy0+Fxs+tyhNfhL5Upo02ODEyei+tTE4dXTn
+if7khx2N4ymjWeUEI3W4PsWoTfZGEDXJWxfezD3CQqb8m/Av5pY7v/S1+1Ad2HzK
+2wJ71D3wQpkc4Gp8l6HOvDID52HV0TI2U4028LwhR818qMDOGgEVPtvFTeTLmtvd
+0r2a/WUXJzhB1WycQREadHF1YPYA/Ds/0RSUsBv1KxS8RSk9iTvegY+HcXMsWLCu
+aKKnd9nqhLkL4jnTB16LRJ2zDCKnchdRz4ZZd2R78/nezC4J4m8JmC7FbWZYKJO4
+yCw0wxrvUzbT0iQfOpbC3gbSxAvbQwQU/a9tyMmFE0WLZgOc0879OFIm0UabZoys
+FyR9iPscWcAN2bSCdXBqVeHyVYBfBiOTDmYnybJ8wZOy5u4FiLGDpah1dUbLXkHC
+ZBlI2wJU2PRe5q4kG1unJq9p6Hhl1SEP7fq5WJtAPz87iA9dKhh+8ouGPZ+szY0f
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7.pem
deleted file mode 100644
index 0a0596b259..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7.pem
+++ /dev/null
@@ -1,180 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG
-A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE
-99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y
-emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID
-AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E
-FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu
-YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD
-OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY
-Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk
-m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK
-oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG
-9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb
-IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99
-pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued inhibitPolicyMapping EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICojCCAgugAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMG8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFE
-MEIGA1UEAxM7VmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdFBvbGljeU1hcHBpbmcg
-RUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ALAZ39MGl31J7AeGVi+NMkr2Za9Sm9LwaUKnv+U+4kjo1pvbj8KegARFAYToj7LF
-KujtuYlkH9HC9PW9p0X0zlfGyLo+jYBaT28HaJodaa2AmpEz0ZxmLsEBnjVNlC/R
-+vUNa51CNV85Wv2V/FVkznQSlqdRP/89SCfIL/Rd/rLRAgMBAAGjazBpMB8GA1Ud
-IwQYMBaAFLamwerAUlPfhv1mSeS0Rr5jMwwVMB0GA1UdDgQWBBRFegfFmXt1cyLu
-vHj7WA8p2BokYTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATACMA0GCSqGSIb3DQEBBQUAA4GBAE1aoLRAB7FVyZHDy+jfyHRnvk2c/hNkhsYQ
-VuxpPqQnt8pCBUl9lUAwlb9W1JoR274/B4pIYmqM869ptHJJjbbNkOBdudX6462F
-v4rtoK+1egfyqLiEcmQNcGSqq7w6tBw1k9DV6t8D1BYvzh6JfN7z+BY4b8dOq5O4
-2eSGt5qS
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/
-EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP
-uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt
-iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G
-A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw
-AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD
-6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC
-WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25:
-        50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2:
-        09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56:
-        7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7:
-        2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e:
-        74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86:
-        f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db:
-        f7:a4
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y
-CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC
-VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee:
-        4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51:
-        0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9:
-        c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64:
-        ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb:
-        cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22:
-        d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9:
-        45:a0
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw
-v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh
-zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7EE.pem
new file mode 100644
index 0000000000..bf2a529743
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 61 B9 99 CD F8 EA F6 53 12 3A FD 97 C1 1C 23 66 63 10 97 6D 
+    friendlyName: Valid Self-Issued inhibitPolicyMapping Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued inhibitPolicyMapping EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDsTCCApmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowdDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExRDBCBgNVBAMTO1ZhbGlkIFNlbGYtSXNzdWVkIGluaGliaXRQb2xp
+Y3lNYXBwaW5nIEVFIENlcnRpZmljYXRlIFRlc3Q3MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAzlSgxeR9mZZ2DfvlsNsMlfrKR1y6GJY4fciG6sC9DoRB
+7sqa+3lG6pzDngc/9d/M9u85ukn4AMAsPZAgi5X6Q5dz9byxtr/ACLKumzRwWJ78
+7vVSNc1Fl02DimJqpaVgKtpvh74Z0Li2EUONNxVmM86vcI6+K1qVnLMWtdrSpQx5
+RcP0ak4XtVcxSFKBrTpZw7kplIenOiXBIVlO5f2yADWcpaJw299I0n++7v4vQrJt
+3HWs5aDA4if8w5UsQvfWPL6IbYhS5spCRAu2Ta8TAB+mY2k/sLyYo/1HV0khIG1Q
+5J1pFdw091TkMnOf0c+yG48BeXG230snsTTVpV8DKwIDAQABo2swaTAfBgNVHSME
+GDAWgBTzzQc/gzDTxwJi2ubKbAGlsbaAyzAdBgNVHQ4EFgQULYSE/2xcGw+CRD5T
+hkfTUDLk/bQwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+AjANBgkqhkiG9w0BAQsFAAOCAQEARKXDv0JsjAw+svbFFVLJWn3Fan9X4ilv2XPj
+c25T2Z8dd5ydw+a/fSuZ30rowmL2YFnWeX9D3i+y542eBEQbzHkj+1oc/JFJ/34M
+trqzj39TgmrQbM1D1SOb7Y2uLRXpZu2jPUuAld2jPJvFZxCHTf3LRb1dW8F6uAs2
+SrfZdeFCA7fXoGJRO4z4cCWyROOQY2PHSrMKNAh2yWFq56qlj4iNmdv86/My8MNf
+zlciq5ApLsPhTIZiRwuAiAnDkeVUjo0u1PciJ9oQUZc2TuEqcUudjtl16zTEw59Q
+Qk9v21HXboMBS4QUaQ8WhtwL0sGOMNKSw13LgqFeW5IPswaGsA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 61 B9 99 CD F8 EA F6 53 12 3A FD 97 C1 1C 23 66 63 10 97 6D 
+    friendlyName: Valid Self-Issued inhibitPolicyMapping Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5122396833385692
+
+rjnACDyh31Laaa/Y+Bhg7d73sCGPBKAmBkHDMgeWMZHftHStCvjZwQIs/0BKTZoG
+jm7dq2L/Dj6IwEMr0jAVF1eIVuxkJfwMfxGWPVjA8yyaFOdATPiTjkshRLBiTQVG
+7ev3SI9icZl+D5q1vFBuIz10ngHpuPFW+HnBW6VchmT+pJC62F/RfxzoUGqwHGns
+1Zse0tyLFt88yLfFBgm+w2lFBuZ3tzOK3NxacdB9/wOk2ktzgGKw6hjyRSZdDukk
+hZEc/mTMslZ3IApu5exn6x4RbLLBQfJdjGdG8vjOHzE9f5F1QS+feDwv0v8RiKZE
+zcPMF5gS5GjGGCaq8jBsbJBC7L3h9mQib2Q/QUpXp15wznTEpWHQ/QQRd8cRZVDw
+qBllDSLaacMvZZ/1B8vGWwpxdLqj0ABDZe48QD8df+TcXMD2VOXvguPEq5n279pX
+X+cdGcNeITQq4C8dZsVE8xUHrOfEB06mN5JjUcwPnxb08vnYhmEDKWt98qBvKoxJ
+znfAgmdD3/QH2YSgW+VsK1Cs1Xj548zE6wPa7GTbUsmfeEMuVAgLIZJBlaZe6wH6
+0af8RapkwRaPfSYvc4iJKTcs6OOVPIvrILYU2NmFIFEbrfIhc5ezCoHKUVmtkVg/
+PtLOnhdTnj9v0quMCXFJ3TKxe0C4S5QbhkWOTfmZWAntVAbpk1eJ4JPp8F/859O5
+98oA/5g5c2xR1c1jADqSw2KbFrpbyHTPEETAHSL/xqzInCofh7ErknB60Tf7I2gq
+sOLlcFKEqBU9kp1zuma4VKx5MMvJmLYyO7jnUezt05TeTACgeSy49pJ3/or5SHHf
+7kQAIh+oDbmE4jz+MmIBddW3Cfw+3hCCdCM5u3Rb81wvSq/Gs3eHBxqfpDi++fjK
+9H7XhhEcapvpVmKotP0D9iBeqG4PXUWiGgt5+861A1TZe3SFnFgIc8KBsPcgOKqT
+pls/JEd78JWxSCzeHceMwWb2Te9Ej0yVoPePX4b3QDsbdgcaGTtC6RdzBYBhiOZD
+33oFxB86IkTOLVwHechMTY0RRig/BqvZNSgzsTdyvnEa/m1OnkYOwqnvq4vAYfCM
+Uvfl/j74lViRii7fPeixt0Cd9R7PJe1g3hBPw7Q4eytOKRE7Lb/rv5dkCQo0to/Q
+E3B352q4sANo8XQD5v7EnRhv2JSGqL8qzY1t+ECQhT6llVDa8T3Jb2qjwtL4VKOl
+2wEuiT0rGVcGfDppFUgE58ms7ZjdviFKzbT4yL9nsiGQPfFaZ0VmmNem92NLEHuX
+FvOP6oYcrJu9a5dNmLwWPMH28F3cJMvw6JrRmI4/KPxy1QqEUYleTtW5wvp7lfhX
+KwN5vs8NfN3vidFIluh8ILE1/BuTeJl2i9PQt5wn6v5vIuYIlut0VTsMyNI4DUG0
+oYxnPR4L1s0AXn+ONSwQ8+AnUc7hHcS8rhX4yZyioXajLqXhFzhXiK9MfeAxPhge
+gVhylvKZYlO/BMlDejXxeE9JmWuCVBHwcGSLw92D0i0vPq2HpaZal9W5+3IQfACO
+YaRu5tDk13GiqKk7cY8LVjC9rK+BNhUjVvRvz5QI63mPpglQ/gVwkg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15.pem
deleted file mode 100644
index 8a81ff92ee..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15.pem
+++ /dev/null
@@ -1,127 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMV
-cGF0aExlbkNvbnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDDqMCqoLUxLw5wCcxhD3+5J80k2C5ESu+Co4n3V3Nu2SyzcfKET0wx5QvxYm5V
-bzsntf6IudJpfXgzxHIwJ4i5v+Ycc8NYiqmCNhsW5sFRzhjQDyTWu0fEYm+tmyBv
-FavwXAcp8ptUMElDMAv/bKSD+7MDC9uHZQOmVsY0ndcNUQIDAQABo3wwejAfBgNV
-HSMEGDAWgBQhDLUBdnbTsyqsJvyqpk/y1qFvSzAdBgNVHQ4EFgQUOK0lyEJa1w3p
-SvQY5iylU6RQ9EwwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAA9NjcDXXcF4
-FXkwZWIDYtowLXCpbshsU80nGx0/7QVNApSTnUq9pe0t8qAClcYZuaXgB/uYINl5
-qozAW6KR4wFaNUv6mnm+0ppWeiTnIn5O37IycPbAKVZRhauf3p/cTkZ6RZ3MJ5Q+
-fMTJscvSXtMhU+Q3Pp5PGRXlXhs1zFNp
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued pathLenConstraint EE Certificate Test15
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBBTANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMG0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAGA1UEAxM5
-VmFsaWQgU2VsZi1Jc3N1ZWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNh
-dGUgVGVzdDE1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCb61LTuxE1l5yJ
-QVfNdf8EYvZcAa0KaD4FMFo6vn3YTkLfUAgn2P0/LUtJQmmXciZPTEU9iKaYsV+/
-ZtyT/p8r/UHfo81aRT9dIzwK4sGKK+9KWFi/rPiRQwG5IB3XiQYW/JGTIPgcXg5Y
-dUXWrtqZVN+7ddhQD1d1ttatbEqajQIDAQABo2swaTAfBgNVHSMEGDAWgBQ4rSXI
-QlrXDelK9BjmLKVTpFD0TDAdBgNVHQ4EFgQUS4ujjGGj4+FAN/SRPltJJo/KxqAw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
-9w0BAQUFAAOBgQBh3iDLcsaywxCRTsUrSXJ+COkZOvwrPiAugkf2KeDXYcrIckKX
-n/+Q3FZeBn0qHNyvGUTLp7yei9kUto1sS0nrShwSV+dn/2zUsL6dr4F9Lfazzvsp
-rIIGkJCHbcJSnMc2b3dBhKr1Oe6MWWnV7OdTVCfjQXeDciB3MTcY1TqedA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15EE.pem
new file mode 100644
index 0000000000..edbb2acba9
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 0A 55 CA B7 29 D8 79 D7 91 E4 AA 93 F9 D3 AF 71 37 0A 67 D4 
+    friendlyName: Valid Self-Issued pathLenConstraint Test15 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued pathLenConstraint EE Certificate Test15
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBBTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+cjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+QjBABgNVBAMTOVZhbGlkIFNlbGYtSXNzdWVkIHBhdGhMZW5Db25zdHJhaW50IEVF
+IENlcnRpZmljYXRlIFRlc3QxNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALTPBtTph0kvovSb31pRYt9egyO+d7Eq9BtlSFiZ5UyYGh5UC2FGcDP4tzkO
+5si6Vn4yZ/rwqIMNyU5bkbfludraX1b/Uc1kObROQfOgEApaE3JuZSVjXEwJsojM
+yBYCf0FErkdYAgzDE5czPhH+NE5ENiI0+cox341aVJ17bK9wK48JP5ajt378Y7Uo
+sLUG8hY6d5fOJvE9Jg2IvqCXLuSfWzJtCunT5Qlf6qASV0rrUJWdmKaqstNbqq9H
+Cj+IpQJTrwkF/8rPkAnuJcjqRbCimdpVqYLqF6EPAv29rTBZyKd1qktm5n3wjcQ4
+hWu4kEHG/KPfSC+pvk3OLa3FD5kCAwEAAaNrMGkwHwYDVR0jBBgwFoAUgOtzvk2Z
+npS9F0ta989Xd3TDX3cwHQYDVR0OBBYEFMjr2VjA7usIwlcHbZp92KG3YZu4MA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
+AQELBQADggEBAIKqRjt2Z9NVFsBaFffuOhB65G9/ZP0VnAz3x+5EKuUn2MhbZEnK
+pMS6dDI51ot5gK7PtxyXH7DwI9Tq8BlkpU5UMspeKKwHuBe97IPsSeAFeQX2zkws
+yz7KW5QIezi7ijyNtWHilzKeK0uMh5pMAkNVoLH++8d1PYgG04EYxZlHZTedGSj2
+QjiBc2bJQ/hTQSoXjXlFK0auVmMOohKxYi6ZgWstGGDdoY+/1qe8vWBqn3e5NSLu
+oqd3L3jD6g1rjc15SEadJfdQO7xMTdgnJWqij0N4rcxo6EzqFVvt8FGUNwCdHJFT
+B1Qi4p0aWzKTaG/KcfnyuEyrAJB42RZI+LA=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0A 55 CA B7 29 D8 79 D7 91 E4 AA 93 F9 D3 AF 71 37 0A 67 D4 
+    friendlyName: Valid Self-Issued pathLenConstraint Test15 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4A1C2B404665D30D
+
+uWUUPeXKS8K8I/MHrcV2NhxxM6t454hkTYt5XcYl153J87tuHDi++fxw34rb7+f+
+Pb4o5pJh2COqxjAu8pl49JdZS/UNz2+C/F80K3JvdX1Vo0X1IplqcRSGb2gAa0bC
+1pCbtuyy4Nq9SAmGN6B34lROUOEC8/vIcee4SNCMnxLW1H+RDETzT2MAjMDI2lAy
+vibpRIAbtILZguDzrvIr7I+FGzm5Vc/0vHX4B3E2qGj1EnRotNLNNY5N6kg4vSZR
+E08+L8FBgC6iLAfEDk3jpYkInzSATLn7jgS4eWIbIbEFjuT3mhBPDN21Zqh7U1tX
+qOba61l5fgdxhvreWfRjwxSiuSOnArFxJU3KaaF5hoK/4QkZsLZ7jHUQLIsIzfMd
+ro1LggW03w/X0y/Ip1ArqFbND4YjlN+cDaSy2hKNLb9SqePSwLkdy9QQBv5UMhtl
+RC8l+RtKifQCw4hGHG1+EyznGd+1kh6E6zwmv74QrFOnJmvLI+4kiCLpXTi/4x+O
+RXGvtObalCEjaht7nkwpFZfFzVxmRWae5mHMHYN01fXGwFWwHUfC+Cjocm/8EvGi
+2nmJRfYzQFnrU76dluvAU4d8xYhSfDIkHTOJHF5AAg21UR1neuqj5UgHUm2LM/R/
+T8BZJjuevVj7Fg6uH8AxkHN7vkf7rcxEY5IXUZKvG/IN956QpBDm7VcobT4TFqwL
+UtwYrM/hGza597qIT1oJqy7ah8VIYbKZTE5gmA+fI2eZkjqm4ex/HOsZKW7BzkyW
+3GEiKmU6d7dFN5XewDqjMQzBNlzD9Y5gRhrHv85WeRA82rBm2qv7+20d5SdO2lIU
+VXfggBI+KYclR6JbE+z4qPPdJ1KYH7BQmMgtE4TOGSFhX52/nCfuR4jxT78unGyX
+FByYPuiJJCG5bCXIukwoh88Yyib+o9YbUjaqQ6sfRSgwiv9QocOtwRlxXOA+kZv2
+s0fUr06cK4BSDTZ5VlHFNQJp1Ub5nWxqlseVWXFcJ0JWddlzvGewKg4Unvtl2Q/x
+MbvFF/27VY0Uw/XTHbTazNeeCn5OFFeOigyMvpxE8hpu9Hbl7pWKs+LoE1NsJjaK
+RpGRIIQcX6O3VQbgWeY8NfYRtackF1FwtgkxE/PodNhUC8YV122htf2mzKsXjQ/P
+2z9xGZi5NW/95bTAX5FKPtP6KsdOQXRwpoJjxzVdPkCncbgn3B8PEK8Wzoc7Is5O
+xhjaf0QIkkC6UD2MeFFv5yaUAi45Ivwl2TOXqNaRp2Mjb/rLhSLNCDJ8Vh6P667n
+PrQ5oMcqq914DBqYM20Cg93Pt5ZZk8GZQLywCFTulzuf92oyoxMX3CWepNxXmUYh
+uELcCywkTnwT2kCClFj+cbhFTNuFILN3CnwPs8QpIJjOPcwdnvL7Si19EqGOhUFj
+ifavYAGGKwkUfIlXwf8IuRNkads9jOqZCpALgDH0owHai3afBgKlyx8AEvxYbEV7
+bF6il6oyy8bfo2sz1ikFwF4qFBBgDw4WtiA/Wdmo1j/NfVNvIiRjs/vtu+KzicEn
+/LKj7N4Y1rlJXxEffLYBnKNO7bPbw18o1Hp6IdcPAFFjK/Qy13JzP0p6yV/ivRen
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17.pem
deleted file mode 100644
index 86dae42c9b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17.pem
+++ /dev/null
@@ -1,197 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBHDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZDGq53SMD
-2pj9pTu5VRCJI+Vm8LxSBkYdxD0jc4IKrbJH1NRh5XCcfeAbJaQ46UJFGEPMa92B
-GOSF60SQg5oIXBDTA/ygWIPFFbfStUt//heg1BfHUHRf14z8JL0HzXDG6xnd+2yK
-FzLzKFu1zexVpeT6nFQr0rjeslXftjJO5wIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU2nOT4PBlmX3Dv7AfJg72Fi0x
-NVkwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBBQUAA4GBAFm1ZyLmtGk/Ml/36K/q
-S3bdDJ4PWyY0OsgJBm4jiiYU7QvQ5G7cyfPW4h8EBaPOg4HSUGJJdqQQdP89e9WS
-JTFOlLoPT910pCDXbuEjILFrPh54Gv0ydO31Yc8Un/Do/qEraDgWzjNU9s/BAJKx
-zeFg0ajkR1p+VLGzDM+n2aQI
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint1 CA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint1 CA
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMV
-cGF0aExlbkNvbnN0cmFpbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDEsgspeWC5HV95asByD3T2Xp92XyIayyvxljyNsuyivQG/zdHVuW0QqDbM9+ua
-rkOgDpqwN93uEtbRdQqq4u0MZ2GXR4k6ZduPsubfFKXBKdgvLBoSm1qhOdO1m7BC
-GYe/0e+uiTYZGfLbJCqUuDraLY/o58qeKUHln2Ex8G4wAQIDAQABo3wwejAfBgNV
-HSMEGDAWgBTac5Pg8GWZfcO/sB8mDvYWLTE1WTAdBgNVHQ4EFgQUC9dNxXZ6/vA1
-xTWKZjIu1jdIF2owDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADwD62Ebsv+1
-RcA3YIonWoTkrnKU9YGmmJf5S9ytmc6cT3phWRpY/sOl+Y0pNRvDsKJeew9ggQWD
-f77Pp+ACX2HvWwSHzclox2iCkxNyX0aNAxa9xun2zKGm2j1Ncb/D2mE9CQemmn0n
-1GxEkjg7psCUxl2FwuTTmRR9UquMxjg8
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint1 subCA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint1 CA
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMY
-cGF0aExlbkNvbnN0cmFpbnQxIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQCp1Y+dMUczZ1H6dsRs9hr8yLDsu+xA1vSG+vHgAEPkfkhzItj+7N02gtua
-ye1hSXd/x5xNHOTWUK0CDY2YnHBpqmVO3nMIYmX40BbsRl8eQiEYQS7ES+URwrbW
-LHC23HLYn/R42TA1lkwp3HUa4Nu4eUEXKRMbCVfpxAE0h6brIQIDAQABo3wwejAf
-BgNVHSMEGDAWgBQL103Fdnr+8DXFNYpmMi7WN0gXajAdBgNVHQ4EFgQUYXPbCWI1
-alu4YhJII+f4K948S9swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI
-AWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB0eGyRF
-KEbsyDnKd8pB+6YhJjQBcdZl9AGLASF4jPmFj2iXuF7gr5rT3UTvquUeEJamAZc1
-L3pHiaPZnxbVJ8hTSD4eUF0YMDd+PzboODwLeBS/5AmWQ0O5qiohjgFTMUq3uvkf
-RWemBcsCiI1KenbGIFTJaNEWKdPrsOrocVJw
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint1 subCA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint1 subCA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25z
-dHJhaW50MSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UE
-AxMYcGF0aExlbkNvbnN0cmFpbnQxIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCvkVm0hGNZvdPCElTss6nzgzq7tC28/UHHYKozUaenLdgSaARQnZyi
-w3O5hCVSCtOMmUog52Av5lbkjZxVhCTaWKfrBuPDE2FJSsz2RczG+89ho8676aQ9
-Y5tTt3/mECuV21fCVjRh3IU6O6gTGgPSOxmOyE/lMDXTYFYgsfF7kwIDAQABo3ww
-ejAfBgNVHSMEGDAWgBRhc9sJYjVqW7hiEkgj5/gr3jxL2zAdBgNVHQ4EFgQUVVEA
-f8ZkXgn1BiXGzZK3mreZsTgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAJNK
-lQDUQElDsFY24HDYmUDNg4Vg/CkEB2M9JfI5yZYlOKJrjzECJCY219NFeL9TcyD3
-bJY36GS1ZMz/MI9ocVTU0K5ssZqV4IkBI9hXCFlb+kw5jSgO30RoxXm+Nb0nvzUC
-s5kRJVI8Rdm4ONIstsOmX7w7LBMWrgCPBOZN6zkl
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued pathLenConstraint EE Certificate Test17
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint1 subCA
------BEGIN CERTIFICATE-----
-MIICmjCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25z
-dHJhaW50MSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMG0x
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAGA1UE
-AxM5VmFsaWQgU2VsZi1Jc3N1ZWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlm
-aWNhdGUgVGVzdDE3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNwtcQ87sc
-VaUKAcu3QxtBteOc29FtwvZtv86nDNlJ91gIoFTUq1jKdkWcExlR8lh+Ye0QfIRB
-NIDkDs7+2WB/BwJLNMpaEXDh0qETy/SW3uDN0sOX2H3ik97y0xD5ayXquEXTqgIs
-fNtXesmjTnBt3iitX1DkPwrjuJmQf+co7QIDAQABo2swaTAfBgNVHSMEGDAWgBRV
-UQB/xmReCfUGJcbNkreat5mxODAdBgNVHQ4EFgQUOloj8eT4jSRn3dhhzDfEX13r
-FrswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
-hkiG9w0BAQUFAAOBgQA8hwBcf4CCZAko0xnD1MoTNUBfjdvDcXZB+bTB3jnbDXE5
-zSid6bUVBNo+awlLpnQw3drsAgI1G9TcgFOEslX2n4nMP4FZAxsjpyDPSA7Wdj+t
-xb8/kI5UhKZTjNYIL/LXpfWMvzhiMhTzha8PFxoGFM5hGYMXqh0kK/0zhThOEQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DA:73:93:E0:F0:65:99:7D:C3:BF:B0:1F:26:0E:F6:16:2D:31:35:59
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        b4:8c:0a:8a:f7:34:0c:91:f2:7f:29:9a:e6:6f:dc:e6:a2:3d:
-        90:31:96:5b:53:0d:2b:cd:51:e4:d9:dc:b8:f2:4a:1d:b2:e8:
-        5e:93:60:85:16:53:48:ef:99:f5:13:20:34:84:95:88:1d:df:
-        30:94:e4:e7:71:fa:f2:eb:f8:e4:50:6c:fb:7c:e3:b7:29:e6:
-        91:b7:5e:70:f5:c0:29:ed:50:6c:4d:20:b7:79:e4:a5:63:8f:
-        ec:d7:1b:ac:9f:4a:4c:d9:44:3e:f3:17:fa:5a:f6:2f:b5:f2:
-        51:f3:b2:82:90:c7:4a:93:8b:27:7a:a8:a1:00:a8:26:3a:eb:
-        ef:4d
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAU2nOT4PBlmX3Dv7AfJg72Fi0xNVkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAtIwKivc0DJHyfyma5m/c5qI9kDGWW1MNK81R5NncuPJKHbLoXpNghRZT
-SO+Z9RMgNISViB3fMJTk53H68uv45FBs+3zjtynmkbdecPXAKe1QbE0gt3nkpWOP
-7NcbrJ9KTNlEPvMX+lr2L7XyUfOygpDHSpOLJ3qooQCoJjrr700=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:61:73:DB:09:62:35:6A:5B:B8:62:12:48:23:E7:F8:2B:DE:3C:4B:DB
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a7:22:08:25:d7:e6:5b:3e:63:fa:c3:8f:f2:bd:64:39:45:75:
-        ec:4c:5f:19:85:38:ca:9c:99:03:95:9b:4a:d1:93:62:04:28:
-        bd:18:a9:79:27:31:d8:41:38:7a:c8:ae:81:5a:42:25:e8:46:
-        84:31:cf:e8:38:ad:f3:a4:3e:a8:4d:71:cc:37:18:89:14:5a:
-        5b:7f:3e:a0:ad:6f:95:7d:34:1f:3b:6f:ff:a4:a3:58:14:d7:
-        c7:58:e2:d3:bf:33:3d:bd:59:f3:7b:63:fc:57:ab:62:f3:06:
-        27:72:a7:9c:6d:0f:b4:37:12:0b:8a:02:3b:e0:47:3b:23:a0:
-        6e:3a
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50
-MSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUYXPbCWI1alu4YhJII+f4K948S9swCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEApyIIJdfmWz5j+sOP8r1kOUV17ExfGYU4ypyZA5WbStGTYgQovRip
-eScx2EE4esiugVpCJehGhDHP6Dit86Q+qE1xzDcYiRRaW38+oK1vlX00Hztv/6Sj
-WBTXx1ji078zPb1Z83tj/FerYvMGJ3KnnG0PtDcSC4oCO+BHOyOgbjo=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17EE.pem
new file mode 100644
index 0000000000..0ea39a26fe
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E9 27 B9 05 48 33 63 E4 D4 5A C9 F7 BF E0 31 5F FC 3A 47 6F 
+    friendlyName: Valid Self-Issued pathLenConstraint Test17 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued pathLenConstraint EE Certificate Test17
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYcGF0aExl
+bkNvbnN0cmFpbnQxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowcjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExQjBABgNVBAMTOVZhbGlkIFNlbGYtSXNzdWVkIHBhdGhMZW5Db25zdHJhaW50
+IEVFIENlcnRpZmljYXRlIFRlc3QxNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKZ/110TQ4OpgLh88109wvt/7WJQ1YHMugQV99n4Pu3kdI1VQO4ckrNq
+m+LBgYBgZ4Z6EswBTKiEmP46zxnhjiM2j3NXU/qmWvrH/mr1z5gME2iJZgO9r9Lf
+96Bi18e+hA3D8TvaCvZWSJJRyRcGb6eMFPW2YVb4lTUetmaSlI/RW+4nUghXyww2
+SyWnugMA3lS2zg34mchaDWI1OGpDV7HlYI59pPPfdhuGmaZ++dWbtB7EcB8FtQX2
+y30Rajgn8P5J2I7/bl4Y7GLbQMZQoLlG7zjC/OCfew/EmJbzowST3P/SauI0j8xZ
+8ZLW7B6/EhdaiUBSyv1zv6WG+zl8/RcCAwEAAaNrMGkwHwYDVR0jBBgwFoAUeQOH
+Uyk6Hr7o1BjlBDSDK50Rx9YwHQYDVR0OBBYEFB7n3xAM8NB1qQnavi3TtjaSwfmT
+MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZI
+hvcNAQELBQADggEBABZWiiHlZ/a+B0lgBpqprSf/4g2EZOQDPmGOnIm+UhdD3ahy
+z4eVaeNlr+ksEkxeFW+VHOTsoQWEJm01WMgr3m4DJe/VJnyZP3/yKlEZ+IVj5IKD
+hfxsatOwWgETAH7vVlpjLjoH5z1PJsXWKP+Jxa1P1J0DQFA77osQHcWb6m9FUTkq
+EMSv6FYZgTULTfF0EILCP/ldsQvu6YMXeJr0R7QEQ8w1Oe7jujOq2E+kH+LA7t7b
+AxlFz9YFxyxw9ZFTvhCw7qjRijgaHSiT/V6L4uc1p3G5d6tFt6Az+rhsC/3lyYuY
+QDF9LwIhI979SrewoXdbX7LPMQJXRAxBr3eGLn8=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E9 27 B9 05 48 33 63 E4 D4 5A C9 F7 BF E0 31 5F FC 3A 47 6F 
+    friendlyName: Valid Self-Issued pathLenConstraint Test17 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4F9E55521636738A
+
+rHxtRgfl+mxRQFp2Shnwex6F1zvPQrZys8bdezcYipvnhPFKp95cQmsC4C0FV1l8
+XAHoENSowrqw+14f1WPVIEAD8kj7uGzu1K398uFUT5YAPZXRMBHVUfdQ5NJLSz4x
+NH5amRGk9ZxfQfvCxs2QxRsWRUPq2BulHbvnaI9JB5ExvyCz+XI5tK3OXNmijt8D
+qp4/byO7UP2wjKwOa/mxmb2xyKJqopq0LrL4oCPqwSJw9NMlByb6xSESBmVwX7gK
+ggVoNGoFbWVKEWKRffGzqvIVhOsOX8kGnuoJxKxyiRtblram4xz5tTK6n3+ZqfnW
+iwVpcEt4s0qwVvjUnSN3Mx4qtdc6tio0nIReBYSQVwmmF3bNYIcsrm7vf13qxN65
+zWXhGr+QHdNLXWqxrluYIGTbITUVgecOwYdt1rS1o7GWJbkqCkxvp+WrUEBNgHPa
+NG1C/ke3RPBNhxQbiZw20rxSuf6+/Gb+hZ6P7I49pRlmjudWTbowcQiGrKwIz3XJ
+j+c3e1vBKtvMJ/7h80g/Li1Rr4sVkxB4/GP/JsvlR2VsaHP3H+taXxR/L0KRuE1G
+RfWXmYig9q9wZS3MKwD+70ARWvyYYewErh/qs1hbsyUhg4ZZlJZzr1vmnwd3LTcT
+VkSd0c25Q4KZSRjb4SOtTORXBuOq26Vqk7n6aQTeckht8qyA1tT/m+iH0zhmOhCE
+7NVH69VWrU+FzJu6qBTMsKwG2st6qXOwWMKTUclybS6qZBpt8Nj6lkQMDcX1o5Lu
+wigm+ZbKmywiSIQfB6Fvy1cGB9ZWTo0z2HGY0mhZdLpdlM/NZ+5HzhQW/ISKTVdh
+mr7mnWoFmUSjjeEoUv8UVrJvpwjupnnY4VPBtgQfIDjxLii+u0K2fKwqiBzQhx8m
+5rJyFvrFtnZn7i5xqoO3rzcLlPWeSY7LPd6LuK7ucpUH1Qg2tJl+GkM64EJSQgaA
+dvIaSG3Miy8uUwKp8hHSpYZQ7fTU4afki76pkzXALVfqV6IGBtwiNF7VcHc1xl1z
+eZ4L39UrNO6DJWiHW0b/cZeL72/UxvA279pW22hV8Js+9LiGBNnIUwf+dseKhVHc
+taIM4UKQryBDM51T7d4bv+zCj7tGh7EmHjL9QciKshKoHGSmS2vxtgTNEKDfn1Yh
+cXSc5D3/ulLjn/0KylSCUPPiphZ1UfzRH7WOWKJWrBoim+zej9KApBd5RHI7mv2D
+XrbWSiaz1gb9fmjgbZf98UDn38JfG00n++QXOCvqcuAK1DW4DXX4nejXxCm4TEto
+OsekMGfIyF1nHh2Wk05JHHeO0KZyEKqJtd16BbjtLdKGg1lkK+oNVnyAW0n/sfEk
+t/B6Ibk64jQlPmij6rc9DkehMsUatXyYr7FI4ZIZ6Y6aAQlVciTXpAcLB/Anmvom
+WGKJQKMDyifu4VqjcINlv/uaQbaUWZqsZTgE/yTWzNDwodL1VnQnVeUm9Z6CT19H
+b+FgAfE9fPTCObTzigMpEqpdZK9R/0zpI5XTYUua8IrloCIcVeD7s1Jb6f6WQBol
+UmifyirkYx/hnGLkwr12fwKeCRYkp2k3oEPwKTu8l6X8zT6i8QDnYw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6.pem
deleted file mode 100644
index 6a4851e249..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6.pem
+++ /dev/null
@@ -1,127 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued requireExplicitPolicy EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIIChTCCAe6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBw
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRTBDBgNV
-BAMTPFZhbGlkIFNlbGYtSXNzdWVkIHJlcXVpcmVFeHBsaWNpdFBvbGljeSBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0NjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoQSf
-MbaUeJHJyhveLx+voUuSWxwNEG56mZ5evCeaSjObXqfeHXkjtfpbQd04wlsSw3CO
-OP2TR4ompdtrgHYGZeSsXW6VhkWz68SG78tn8laoXw3lTMhgrYqAdk+giv71qeBZ
-DYVr+mZTxBnmhrgRiiAQi8fhl9p+Bf89nbW03icCAwEAAaNSMFAwHwYDVR0jBBgw
-FoAUE+aMwSsPZ0tMeh0OtsAhWiSZUIQwHQYDVR0OBBYEFIGUYNMP2TtFxnkarnPH
-B1oeM5PXMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQUFAAOBgQAXMz/QAcFC
-0oNUODgnlOJdP3lcECIPpmtJbhAmc3UABEXUG9ak3/kkMNENOktNt62qe1/K1c+l
-uYkAMsmUn3oOGYV9Zu77IiiChOYDH6touQtxBGtVTG9Ki/gdaPWfqZdfBs0xkGRg
-7mzJCvRrEXDgQZW0kR3C2LJ9B4f2yt2GlA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBN
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNV
-BAMTGXJlcXVpcmVFeHBsaWNpdFBvbGljeTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALnxr9bA0oGlaihhiPR0d8F/y9ai99F6w8+DtAfGlFtJ4WU3GPih
-ftUTRqZelcu+u6hZgekMwVhjUHyo6sFt5SfbCzJEmjWxI1anTrGAAcH6pG7zF2Z0
-iae8kVE7C8GOgwm+F1Y1RHkw8Wz/UbZ4QGIhzA++KPDi2du40LEGD4BZAgMBAAGj
-fDB6MB8GA1UdIwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMB0GA1UdDgQWBBQT
-5ozBKw9nS0x6HQ62wCFaJJlQhDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-B6X+ALEMO8yG/lXfGuoX4XPyaZrb1A8oWFk2ZNCx9QIzI6CQ0vRfO47TF20iK5wr
-HN8y7yXpJGZcNTa5+697/kRziJ/zrNiL4b4BP6QRxYv+3Edq7FOb842JguqWw6nP
-SfsshPhMilo3C4X3PESiI67m18AlqgJcYcmemF1R6Ng=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5MiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnrdC
-9sroeA9MJlV1ukIu8XNT9cUF70XCDwxMm5vKZZc2+XVNwgxe4aGse4bPdZ9okZ7y
-2ZMuLyDLEBZaA7GsBzG6snQRgHkmMFS6v+pC3ep9ieqtpnrP3b1f743Y1jFp9zvX
-ZDoddeI/xvYF/73KgiYdTFPLa9ARaKiwpQPMXyECAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUccI8Tjs1Yvclh5+9
-owEeOOAldMgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQIwDQYJKoZIhvcNAQEF
-BQADgYEADGhYvyIjl02LK5PZdbH9TrAFF66SGgdk+7nl93vr3XB9UnpvJqUfyG55
-ljoX+kKaRd7Z2O+GLTMmH+tqjMQ6bW+7RawMpFVzfhE3EdAr9/K31K6Q6lft8NuP
-wgqhDrrVqYMPa3YM7n+ebATJ0DJ26evfQu5HfIL7Cs/w+CpXi2E=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:71:C2:3C:4E:3B:35:62:F7:25:87:9F:BD:A3:01:1E:38:E0:25:74:C8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        95:0a:96:af:24:83:ca:92:a2:7b:e7:d9:50:bb:49:ec:22:19:
-        7b:a3:b9:3d:5f:b4:8c:5b:76:25:27:88:6a:26:24:c1:e1:cd:
-        3e:b6:ef:b4:0f:ef:85:7c:0e:95:9b:13:fa:dd:c0:bf:7c:fe:
-        e1:d9:fc:2a:7a:2f:fd:48:0d:11:58:69:6d:5a:e8:37:26:30:
-        67:83:83:90:4c:b1:9e:6b:1b:04:d0:8d:60:42:88:13:25:91:
-        ae:42:24:ea:61:ba:5d:34:6a:7c:22:6b:be:cf:2c:e0:67:36:
-        db:28:0e:5c:be:bd:7a:75:3d:ac:cf:3c:9a:44:8e:ca:30:7a:
-        e9:97
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJUKlq8kg8qSonvn2VC7SewiGXujuT1ftIxbdiUniGomJMHhzT62
-77QP74V8DpWbE/rdwL98/uHZ/Cp6L/1IDRFYaW1a6DcmMGeDg5BMsZ5rGwTQjWBC
-iBMlka5CJOphul00anwia77PLOBnNtsoDly+vXp1PazPPJpEjsoweumX
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6EE.pem
new file mode 100644
index 0000000000..f7b088202e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E8 14 25 DF F7 E9 44 A4 76 C8 32 2F 31 E0 FF 93 D7 82 55 4E 
+    friendlyName: Valid Self-Issued requireExplicitPolicy Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued requireExplicitPolicy EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 CA
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMHUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMUUwQwYDVQQDEzxWYWxpZCBTZWxmLUlzc3VlZCByZXF1aXJlRXhwbGljaXRQ
+b2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVzdDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDbNiXBm0YtSk/Ghd0P94U5XcIcxuUottE08ezytyJXoHrNGEdQ
+qr8VdETgymFh8mzVUeMJkcid8m4WNoWCRgLJ+79DRInPxLrJr0iN/A+KFE4JmtKr
+cshTYXlFRZ2gNdgDtkQ/zS5ZbkssumE/R4Y8RQRUeSTu2VdnRMaAb/Hey6UWvv8j
+cm79m4y7ZJ1m7Q5nykQkzrerHkdSM+9a2d7gQzWxMqPYZr54VEoKHfsWCBpH6vPt
+DfahIBmc0wkScZm3Vty6ILpYqx1dCbRSC1jz0gU7wgCq0PLVwWksfs7uO4XSSIji
+U8tD6x7fkn/KiecfEJ9a8T08CvnBB8ZPPY/XAgMBAAGjazBpMB8GA1UdIwQYMBaA
+FO+r2tjhgDGnQxbuxHYNr+xt8mChMB0GA1UdDgQWBBS9gn/7u3AKjxkoylIClC3A
+ACjrnDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
+CSqGSIb3DQEBCwUAA4IBAQCgEHowL+jSGlcYfdQLxsHaH/Q5gbvXHZXE7VlyZfCZ
+bMB9SL6X1zZYr99nM440HkNQ8kvENLrjG9YzbDCj2ykFpfAmyHGXOa0U+LEXvXnK
+NCPXbm056EYJwHy8rE+LpFaSYD5Qcc7puf0ToqCfeAZbVaVnl18urIP5tTeTqbdg
+w84ha1R7A7vtDaJG0B+ZzhafN0ru0BBWU0POm5boPr5+s/Hm0ywIHhpAELDoQM/h
+gLyUbObTDv9w9m1d4GIREfaUMKt6vANCpxTMUSJI48JC+JyN1EqbyPncXRKWhl+l
+76t2DNnwcWV6R+firtZXTFvdWOPgCJO9JkC9uHBlXxM8
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E8 14 25 DF F7 E9 44 A4 76 C8 32 2F 31 E0 FF 93 D7 82 55 4E 
+    friendlyName: Valid Self-Issued requireExplicitPolicy Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,91C67D9C3260E50E
+
+4TaEdXpD/8t5Fppfj+ePTCD/BH+Gle6MObc8lIkh1J8lQK+DGhu4KLfFjDJEA8by
+QrsEk0IYk5wMMHwsBRx1yYY2KYekHNBEDD4SwAtcgx4GtoFWoCUdbQzrTBMNW0C/
+f1q4vV2znxSOYwYDKXNH1DWR6aRaSxW4kHUNejjq2jqs1j8Z1NFrhTrZ6HlKiKcL
+SiSvFC5OL8YqzQlVGL1ZfB/yUU8Y9LSJa0tpAfhnf+GjvXE++QeXO+l6s/xhHpZq
+bgbScTQqwgrAhuTxO2Te/AGTMqCK10LRj0XjqzBRr6rPWz2hXOJTuytXuPOVS+1M
+NwKMoPaElvgOIWZ/xPGyY1hI0lK/+hhK3hmSoPoEQLNxLLo1Re6mTrTfNX+ZQAdc
+RHFX4p67WrI35CUDBUfhOkmuBbGHlKzf9iEQ+Cxk0UDDHhMOtrwxwhT4c96kRSCy
+c8KLigv8w30dPTtdDWZxeRUuJpVly7iaGp5kc0O78HsSCnnduUIzHicXZcZXqHOC
+hydl3pOFjIDfpd8Unn5ATne1asUYDMFo/EdwcbEfssmxMgFfk1x9HrPX1GqmyDx1
+yAWeKzZcLv241yGIoV52Ox7YpGX+HR5gNX/Eyi38dMBNFHWSdHWrKBjluIw2KBUH
+kFW0NKjFJ3ukOel29T6U/6j3a5jNd2Lh3Inpn60PLPzvMn8e2feBKTKNBxSfaOAk
+av5hH0wUpBeuu+l8bpVTGE9/5ypt7Gqa4ncOiIyKeLO4fwFTYSmpyaydWxq7T2Ei
+qmGdIdzp8Mx0Yb8ahmbsImrjOK7JRS+lCvQHGif4Wrl30apkWCsoZMfmQx+qCbua
+Y5sJF+qrJsX27oRj/ud6M13xYl+um8RRTc1JfKO4Ja5bDJ1aCyG9i/aWaoCNydn1
+Nx4lylUCdKRoJLoGOC4WO0xNDMUuecoSEBOUQMYpJvlwgq22sj6dnAb11+y72LAh
+Sg44oavW5AzUhbPDmPdGdaCX5GxtpqNJQ4l4AaJEUfRlRvRDPOmV15FpjtM8VM+W
+Q82b64SV0EF9nOw8n6tfLqcEH2MGHtjbVoHRtqGToSAY135MbqVl+DknwW91en71
+MdBFtQo9Zxpekl89OTHQ0UerE1hkd1NgGgB9G7wp/I8CW6Na/S6/s3t2bc9tDUtk
+lAGVgQjgrq24EUq7Gp4XqmrDdhWstJaO803f/10b9TXHfVFF55nRufwFUZygv5z1
+csm6L9XEEkMDroeJRVghyzLmiVcb4/LCr2n5MkBDLwbbW52ZDsJoYxBID8mgGK8U
+McfcegF+AvJBlSEGYJ2EXOTfEs8r+DIc1IcOYRk9pISm+QFGJtHAHNLeA7HCo56X
+gvoVMAvYvpFwJ84EGgpl8Xa8PgY3xhXPf9YSc29DyR67v1y8x/EYvH2U25u9hUWf
+9aDGWPcKfW2TCRLK3OG3YEISBDLSH6p5FVWBAhUogDyiq7StzjIQn0J7qdHVnFyq
+hec7EOKh8Hvtm77TG4dzfWqAaxhHDbxNu+bFh9JTcweJftu/kvWVhsajYLwGqJud
+bptwGHUYoVtIY+Af2PCRyIxYIvRRxZCpgGBjUUEIRNlwwLh7SjQGhQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19.pem
deleted file mode 100644
index 1af71df043..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19.pem
+++ /dev/null
@@ -1,134 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBZjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAzpVbQYnufknoy1tKbCSY840pKcfP2S+jFm6OFC9hzkLFn9uiYzCV
-rCjczQI8lFfM/4p9rUApMIgp4IUAxCOEcgJuKPKmiuoTwPD9XxbmZ/uv+iaLXqF+
-QVcbDGouj0z6RMNz3KGtf0pbgg+/+/wIK4c0XOIM9wTSK0aJVqweAnECAwEAAaNr
-MGkwHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIr9
-Qil7WXhSSvdIHHG3xHGKplfbMA4GA1UdDwEB/wQEAwIBAjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAo0h6slmGQJsCsth+yeyOMK3j
-2CqJ9gEajx3fWs7x2JJ8LM4zfbFFYctGPKpXdGRBTO8Dj9lQJCr7i1IMMHTitTa/
-xpjn8E0SQgzvkB/0BnSt7DiwV0LXCdtBlLxOS2Fw9NdvbE7jsuBK2W4KDOPElhHJ
-TKQ0T3TjKv8gwxTq8mw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBZTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAtI4Yuumg8WznOojgeWHVZxG23imfdB9ntiQccDxAnvywEfQv6Vlq
-HNVQ5vsVQfvfUZCad2Nbf42DHRtpmVhlxIhKBjoNu/m6xdvz/A6/kvDvrEg+7M7N
-A2ZRVI0T3Z/mMaPuLHuCzKwU20TF6NonxgZXIbATrppAqRUfSY+UQCsCAwEAAaN8
-MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJtc
-UbwiJzEiQJQJJf/Pg3mto4EZMA4GA1UdDwEB/wQEAwICBDAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBs
-BZsxRaZk1qx3balE6qmVZd7jG6C9Gg/n+I5QfXR75ZIus+0Y6GAviBzywvJ8CDZ3
-kIOOrYolpnycedLS17Jnv4D/IDP6OwvmT6/0XvforKDQlmAk6ioJBRAwHRDYHBZg
-lj8FXyMNUS313Un0l2FXJBhfJNBqb1ZqYwWcmJ2t+w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Separate Certificate and CRL Keys EE Certificate Test19
-issuer=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENl
-cnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw
-NDE5MTQ1NzIwWjBxMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp
-Y2F0ZXMxRjBEBgNVBAMTPVZhbGlkIFNlcGFyYXRlIENlcnRpZmljYXRlIGFuZCBD
-UkwgS2V5cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAKj1Dg4L1T9e6MNcWCCvYvg+vk54WuF5s2Dxaa0lfcclqzahyLfN
-KqLCp0jCJyvA23IGF2C7I+P4dvjwW9kq0XD7H0Vt7LIjyQIpVyHObshN6gciyIXz
-iZjgaBqf8O+P6XhjAqsNyYSipygh3bX0Gqs/Kjb8qHbw8kdUG3Oq6xTFAgMBAAGj
-azBpMB8GA1UdIwQYMBaAFJtcUbwiJzEiQJQJJf/Pg3mto4EZMB0GA1UdDgQWBBSu
-h3HiE1+nBL/O/8Ce2FdoNLsWhzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAFL8c81C5Av+LkiNwZqrbjHV
-HFmRSvBpcRFa0WoFd8bNntXow2oh3ygbWRWt3FucJqTq6t4tys+3aNQClu/fcUSS
-IljPUyYAlgSxOTER4P9OYePEC/QtzjAGRH/5Kms56LVZa7lrOl2UpO8dkluoOADI
-hXabE5IQYEEjA26WpmmH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8A:FD:42:29:7B:59:78:52:4A:F7:48:1C:71:B7:C4:71:8A:A6:57:DB
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:7f:8e:79:fc:1e:57:0e:34:9e:bc:05:3c:28:df:90:bb:1f:
-        c7:f4:6a:a1:95:51:f1:d2:b4:1f:3a:64:41:35:b6:42:62:b7:
-        e7:14:1c:bf:0b:ed:6b:ca:f6:4c:c9:a7:48:ab:42:9e:04:9e:
-        0a:b5:f1:86:99:0f:b1:7e:6e:dd:d6:a6:b3:b1:3f:fc:79:6a:
-        bf:f0:39:3f:03:ac:69:15:b5:2f:5a:17:12:64:8b:e9:46:9f:
-        82:09:f2:09:91:90:b4:fd:56:a1:ab:04:79:a0:17:33:26:c6:
-        49:6a:96:d9:42:8b:44:a5:ed:ad:69:82:63:78:8e:e7:96:1d:
-        17:2d
------BEGIN X509 CRL-----
-MIIBdjCB4AIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENlcnRpZmlj
-YXRlIGFuZCBDUkwgS2V5cyBDQTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowIjAgAgECFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1Ud
-IwQYMBaAFIr9Qil7WXhSSvdIHHG3xHGKplfbMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAAV/jnn8HlcONJ68BTwo35C7H8f0aqGVUfHStB86ZEE1tkJit+cU
-HL8L7WvK9kzJp0irQp4Engq18YaZD7F+bt3WprOxP/x5ar/wOT8DrGkVtS9aFxJk
-i+lGn4IJ8gmRkLT9VqGrBHmgFzMmxklqltlCi0Sl7a1pgmN4jueWHRct
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19EE.pem
new file mode 100644
index 0000000000..fa610b23e4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: DB CD 6B E8 FD 50 E3 22 68 C0 32 BE CA F5 E8 11 AF 45 79 10 
+    friendlyName: Valid Separate Certificate and CRL Keys Test19 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Separate Certificate and CRL Keys EE Certificate Test19
+issuer=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA1
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlU2VwYXJh
+dGUgQ2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTAeFw0xMDAxMDEwODMwMDBa
+Fw0zMDEyMzEwODMwMDBaMHYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENl
+cnRpZmljYXRlcyAyMDExMUYwRAYDVQQDEz1WYWxpZCBTZXBhcmF0ZSBDZXJ0aWZp
+Y2F0ZSBhbmQgQ1JMIEtleXMgRUUgQ2VydGlmaWNhdGUgVGVzdDE5MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6A/taBe34m/ksKOwmzFEXaF1fuBIoQM3
+AGF9NWtZ5qH16J4v/zCqL2LJz1lSeWeHcff8ScbPAgsqrdU9miaWhmdPBRATsnMc
+Y+rg45i4a4yt+phGqrG3DeGlbRW10evsqvYp+wnRKQQVh/qwa8LQqJ9ravqDdda4
+EQIuCN611MApwKbXQEPU50zGoqpTznRlmb18QV7amVwZnU3mJ0mZRjigZo9ptB4n
++msdHllGFVfaql8rqyoJ7cRONEwVdzysDWmn+Ql0dioZqMCBWK294jfeErYsU1qw
+QdXrnff0cek4mQlledqYACJtbzgapOmpy8LRlpMA4DpgcGhv2JtomQIDAQABo2sw
+aTAfBgNVHSMEGDAWgBTwZdo/Ghda3tW2SJk7FxQQ10wUpDAdBgNVHQ4EFgQU603H
+KTKwnexXe6+XcA3kjeBBjeMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEACphhULftasvd9sThocYbTMs1
+BzSI0B1HQZLU0FGd2kYg7IEfrwYBc896RhLrSdbWl80bbeqomdED1KmG9eUl56ql
+6+qPKT4RB0eBEa06mBI8mYuLMGJ4N9mMV4w/P14cTnDVnXyIymUD1de+6kuQQ9n+
+KVtoMO8wyuu9OMETMd7QMH7KbOJZTBiBkhgJmZw8VaF5kYmVVmtryhTJnBszo1z5
+WcEbbSjX00Z4dQpzkIV5jlow5bmYuMrfb1NU8/uD8B27c3Ga/NGb4q2FrmFtsQiq
+Pb8XoXSJG2bL85SPhKP4j7GwPrTM4/xRmzbWOcookD+7SZzPmxzQBQ5wa+KQKg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DB CD 6B E8 FD 50 E3 22 68 C0 32 BE CA F5 E8 11 AF 45 79 10 
+    friendlyName: Valid Separate Certificate and CRL Keys Test19 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3959557A2AA91B03
+
+yyDCYFHN71ZDE/VtMk1lScldcqAXuESWPTDIV9jVCdmcgoKjLXh9RNx17NoAih1x
+RskbCvbUbceXQhc15g5owlAPI+O8nCsBKLOSYMZNLgHM+5hzKJOCP/as4uizSBwm
+JDVjrqZeKwKa2yzCipq3VYK4CyedDjwXytaM8k9YjFUnsroKmOyPevFlDPynm4Su
++gpnn2kHN/mmCwOslptpcCbZZHutGtqfN4I/wlsjY7vfDazsZ3VwY+QDQDqNHMoC
+myrH8ntUg1HzTAK3A/3io/xNpNDoX5OPqLJ+rofBJUMUU2iRxp97aYiU/yDEx5re
+aj+bdmmteLfWePCY8dDafo45KPCNcseiO+joYFKaqhOQMql6k1RJlTCosvF3OdSI
+5h+1ysCwgPvQ2V5NSyZwaxMjq+b7mbgE9zNsJ79eTwcfMEQA2ZbtSIr0ZOFkHMIT
+mwsdN3tz1g2YR3Nnc0Dt5n/sy7IQAVzEMZgGeRfkbuP6K/dAWnTZh/DddPSk+OOE
+03Z+8v2VtSGgnD6oP6z4Ue2+ED81jTBzK82s2qkyQjvIW8q2mMohDK8o0+IR80Ac
+WRUUL6ua5Z5NEPiY2bNfua9r8siD/x4tGvpMMHcsmPKdPvfpmpzgBxlmp5Ie1PKD
+m3ntBAVuRIs5FtxyrK/qygM9LmCspnFpttPE3VebP6QGQZmB6qIw9FyZjGDPzz8M
+dhtphJwU0/sz1DQqiK74qw8Vyfp8obLfC0Dhax1Lj9SokQCZM32Ms4C78jLB8b3n
+uT3I/bZE5UOuEowggYTAUqcj3QaL0OsNauxxYJsj0vVDpgRD+GgGG54iQDMgdKKo
+6Clav4m31pKV1D1XEOYP7pZBsJkEQPfgV8Yfj+LTR7SxrdgHoJBlly75dT+eQqQ9
+PHut2xfCjyES1dtWDS8SejXlDphuueVoyJxGXGiMeqH0QlAnSQST8cTGeGV42W15
+imlgnN88x+teNooZ8jMPnk5jHr6UO2i17UbIaIY/rIeQExSJ2KZ7MNmU/bZkrMyf
+a+Lh1Sw5GXNyRLp41hgdzI38tFaaLnQ9HvHWpJzNIUG0xuz49nJcBGJIzNR80HRh
+lBOypWLsA09M1xCqzPLT7YLv7wUGuxMl4XwQkw+buzJIZWBQwYYjUgka7PdfNtfV
+STsBaS1zx0BU0KmjacVvWoOYIgzYJJQ+WTnDcXk/dJ9VCaApxdRJKlUqBKsI8jjg
+5VvCkp1kOwYkT1gfz8dl+LwuJZJDHPLdYFM75oevECkOMJmD2gcviEdt7jXykIF5
+BNE2ZxyBJRY/mgulAEFJ9r3C8D4UArni3RRyNOwXp84Qqi4vbxta3TMAAAzoewQy
+L6Pa3JtblN+vr9zUz4DIsr4B1WXU0t7q//Vmxgu5+5Cuy0jVc5wYDMswPAHZWvbt
+Ae6txUoySmdxFfhyzpB9tatlYL8g1mzo6k86GhA+yfOJI8csRimFplk9abBoyZb/
+kh302I/4+qmrDdYJhD0+4Xyhy9BbUZA168UeW03FCx+O5PiBz+Fk4gBSJyJvjCi7
+QlHNwblChH+2rYSZp6GAV6JNwx+3RuS9kKz3EWF6eaCORRmpRTOK2yS/oCHDJ1kv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSignaturesTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSignaturesTest1.pem
deleted file mode 100644
index de409f5895..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSignaturesTest1.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICajCCAdOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlZhbGlkIEVFIENlcnRp
-ZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtpKu/a6Co
-7KcKOymboEA+MmgoryXHT1dxExmQ1lO7yah2L8j8RG6ox5Tr37TV8Y21ti3MopcF
-H+iXDSX31fixsYCZkcpjMI4kbjXmjGOeFKu1vnbBmcb5JBISiUeg22tIRFoJ4zTh
-i3GLVecGijyOVReA5LiPymEKG7fAB3241wIDAQABo2swaTAfBgNVHSMEGDAWgBS3
-LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUOsyUZQyFqTzB4K9RMyoUSI+e
-kVswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
-hkiG9w0BAQUFAAOBgQCkaGfCqYi0681n9Dit36lg3U/9gTZoNqPMaAaLUQV3Crzx
-x2MGInhTyKchYydbV8HD89N2jzzYq7J2KM/ZEAfjskCdsj1SiMNkbYZe3rZZOldr
-PCGFgzUGTNakQxkpxU5j7plivQic/OZ7+mMTi0fnjGRi9M+aa744VmH6FgCt1w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7.pem
deleted file mode 100644
index c2940bb425..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7.pem
+++ /dev/null
@@ -1,146 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Two CRLs CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcTCCAdqgAwIBAgIBCzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMD8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEUMBIGA1UEAxMLVHdvIENSTHMg
-Q0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANF1dMq4ulaNZm1L3KlBM9wi
-a4eu7sCry3O20zzWCttHHqG1W9UYLqqivx3HTyKvc/acTndqBtaz9HcdrETCRreu
-UjKFAa19JAnjF88BluoZ7A7TjdhsGfsa8gcLUZCN6ZkJJok2wENNh0xdsVhVlmnV
-p9rqIgYFPbZd0tvUp44xAgMBAAGjfDB6MB8GA1UdIwQYMBaAFPts1C2Bnsonep4N
-sDzqmryH/0nqMB0GA1UdDgQWBBQwyOlKAd5DJkEjjFNTjLNHFheOyjAOBgNVHQ8B
-Af8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADgYEAW8JONjczN4V2xpuIs064NZkR/ZEqwuPDedoS
-bQMZtQfK7+587JhXzGM3Hv2INUge/GRWUS6Y0Ra74Z4EU0UjKIM0PfCkokiU9cMg
-APFxIwTaaIfmrFY5FOAr0tvJXX1fwvLB2EEzFoD3m3FT5dKH3fV0l07W+rAzXGXd
-Mhqyx5o=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Two CRLs EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=Two CRLs CA
------BEGIN CERTIFICATE-----
-MIICdzCCAeCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFDASBgNVBAMTC1R3byBDUkxzIENB
-MB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowVzELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSwwKgYDVQQDEyNWYWxpZCBUd28g
-Q1JMcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAiWTa6oG+nNhsn3jFI0IU5eab51kPtxwKr8QO22md2ezjZi0Si3bkH+nL
-d969Tfp3AtKQbsaNJVgYIP+GLylF1YmawBW39kLy8yuACUb9k0OlG02sW8u9SsTJ
-ifK2hvRv/2dGMe6eOR0Rpknk/8CHUgPJHyU3wSewsookv22AcdsCAwEAAaNrMGkw
-HwYDVR0jBBgwFoAUMMjpSgHeQyZBI4xTU4yzRxYXjsowHQYDVR0OBBYEFBVyE7Sc
-ZE9qRg0qsIBnbUWvDEhPMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAb3ltD/JZHS9eilXbrUwx4XAfOxMl
-l62TnSCbUwvD3VvSBp6CSL9/GAcOIQvGvsbyaFCCtCfPwSDw+Ub4vONlBK5+8uGE
-ceErncuILRQcNTwK8U3olehAt6Smh7aEcGBpdeMkSSZhoBSMe0GaIzCeDKELtG5d
-3yyDUN+RlEGX0tE=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Two CRLs CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:30:C8:E9:4A:01:DE:43:26:41:23:8C:53:53:8C:B3:47:16:17:8E:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        af:97:f6:38:91:3b:72:79:fe:fe:8c:3e:65:dc:61:a8:72:ef:
-        9f:73:2e:dc:16:db:92:3e:2a:dc:ba:32:f9:97:0c:6b:52:32:
-        0c:7c:8b:89:a2:82:f2:81:6f:30:10:dd:5f:e9:ec:26:c6:35:
-        c1:fa:94:79:ec:4c:9a:9a:82:ab:3f:be:9d:2a:3e:af:d8:e4:
-        8e:c3:c1:c5:08:81:25:c7:11:83:98:6e:42:89:5e:6f:d6:c7:
-        f8:d2:39:63:34:22:95:56:7f:f2:24:a1:62:18:b6:9e:ff:d4:
-        0e:30:e1:b7:2c:03:90:70:81:51:bf:74:13:3c:dc:a9:28:55:
-        98:d5
------BEGIN X509 CRL-----
-MIIBODCBogIBATANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFDASBgNVBAMTC1R3byBDUkxzIENBFw0wMTA0
-MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBQwyOlKAd5D
-JkEjjFNTjLNHFheOyjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQCvl/Y4
-kTtyef7+jD5l3GGocu+fcy7cFtuSPircujL5lwxrUjIMfIuJooLygW8wEN1f6ewm
-xjXB+pR57EyamoKrP76dKj6v2OSOw8HFCIElxxGDmG5CiV5v1sf40jljNCKVVn/y
-JKFiGLae/9QOMOG3LAOQcIFRv3QTPNypKFWY1Q==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Bad CRL for Two CRLs CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:30:C8:E9:4A:01:DE:43:26:41:23:8C:53:53:8C:B3:47:16:17:8E:CA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        02:fb:a8:69:0a:aa:8c:4d:f2:07:f4:6a:6b:38:ae:da:15:1a:
-        b8:c0:8b:d2:23:96:1d:3a:fd:d4:82:0f:c5:de:56:ba:c2:59:
-        8f:9e:97:67:06:1a:d1:4b:d6:24:40:98:4b:b1:c2:85:3c:be:
-        e3:be:28:9a:3e:56:1f:98:4c:9d:68:36:a8:eb:e6:1c:d5:52:
-        de:30:49:e0:76:0b:bf:be:3e:9a:b2:18:f8:de:51:f0:f4:da:
-        59:48:c5:00:9f:47:21:32:29:d9:f0:1b:75:18:a6:6f:d1:3c:
-        56:b1:5a:e8:6f:06:ce:ce:5a:4e:97:c2:91:cf:6d:40:63:8f:
-        d5:71
------BEGIN X509 CRL-----
-MIIBaDCB0gIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF0JhZCBDUkwgZm9yIFR3byBD
-UkxzIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBARcNMDEw
-NDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAfBgNVHSMEGDAWgBQwyOlKAd5D
-JkEjjFNTjLNHFheOyjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQAC+6hp
-CqqMTfIH9GprOK7aFRq4wIvSI5YdOv3Ugg/F3la6wlmPnpdnBhrRS9YkQJhLscKF
-PL7jviiaPlYfmEydaDao6+Yc1VLeMEngdgu/vj6ashj43lHw9NpZSMUAn0chMinZ
-8Bt1GKZv0TxWsVrobwbOzlpOl8KRz21AY4/VcQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7EE.pem
new file mode 100644
index 0000000000..78ea3689e4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: EF A7 9B F6 FC B6 01 A8 09 0E E1 C9 45 3F B5 81 87 4D AD E2 
+    friendlyName: Valid Two CRLs Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Two CRLs EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=Two CRLs CA
+-----BEGIN CERTIFICATE-----
+MIIDhjCCAm6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEUMBIGA1UEAxMLVHdvIENS
+THMgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBcMQswCQYDVQQG
+EwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEsMCoGA1UEAxMj
+VmFsaWQgVHdvIENSTHMgRUUgQ2VydGlmaWNhdGUgVGVzdDcwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC5JuoqCjmcfSVCDJ8pt6rU7wGuVd2jgjVKPpZR
+P7KiYOnVr1ZicDHgZKNP9eXgEG2Dlf0ajdV1AI+elrtWRMwMwVJ40UoWrgMSJUQ6
+15hdMLfJn/3Faxn8pRsxA2JaVL3l5HVJhhvIfS9sIDFKrGuVZdHkiAoCyVfyzpTz
+3k1YzPzCkhvObpROsrsiWvMiiUCPwgdO7KYNHooSJIPffcndBuJ9m6eAsO0WOHV8
+Sim9InCMhos0/P2hQODI93sMhQ0j1I9lpzyX0niZwLMITNHGpsyhpziXUw7Z9ivj
+tccFv2AdqdU9IP1u/VRenLXWcOYf2cF+ptqPPNZdbEp9AzwJAgMBAAGjazBpMB8G
+A1UdIwQYMBaAFBChAdaZnYDjbf3n7ndLX/FJ2TxTMB0GA1UdDgQWBBRNPB25WV8Y
+wN3ySuDwAKYpN5htvzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQCZZ/gPznl6z2bhDPfAXbW3c8gv0H/B
+xe1FmlkVfbdnBecT5Sapg1d+MBZG7vvChdROJPf/5wpLlBb4VWiTEFD88LGppkXM
++ba1w6oWyNdW3GjLAb1mso5JJi/rdSmJHXYOURmFACXhsMfp4HQo4xkorqetqV4E
+Ei4suAY62RiEjFRFPx85JmfGWRkN28hYcgY9BH8MNXkTolNDVhs3YWiD1L3WgNfx
+mQcIleaVRmBpxGcpNsggwO3igVmwLUMAFauMZZMrygJxixpvlRS04jJWCO++XQTN
+zy0jT7le65xMrIY4JXS+yV2wdoQlfFmrxTY1cvOaZp/C8owx1paNfpKa
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EF A7 9B F6 FC B6 01 A8 09 0E E1 C9 45 3F B5 81 87 4D AD E2 
+    friendlyName: Valid Two CRLs Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,859B11CA69F6FEC0
+
+sQDMkeFGX2SxHHzSZ+Gztmmzn9hP+4zMq805hqIDnMtAiqU3r6ZBHZBH8wp8YXdc
+iIs9+Zdx06ympfTpoPfXHy6zsgizfKXMp/GBwYa7FC6xEBCy/Q89sfW7XDAdFcCJ
+WhhNP3DOdVbWZ2tN/9IfDD8Q1XRmO4l5j/ZflcoC5TY+dnnezYnQoVvahMBAUZre
+vUZ6afp/fOOAQhkhEFRZXrLMRv8Gjc/Vkh4eG7ecBHM1UKUrTXqxGewrXQ8qH3uX
+gs+LKU1Z4e0BfH58mHxBFF4JzPCFkj5ILV8iNMpFU/ukrt3+KuhgULPF1gxft27R
+oll5gQKf8AvTttwuPMqgByKZxDZCAWSb1xKo50XA1BH+ktauk2n8cUp7cKy1Cxt1
+oWqp0TCganu7238KWuo9YSm1Jc5CDbc0m0JTxGUI1GepHQzdQYjgEq/oSn86LgOE
+fg9hMTnFyT7fTk1SqtUvcRumjMxvZftrmp12tUET4wMMH1NT7hdpZlpWnEyScrsR
+LOfuN73X309TIk17gKkCPYg2yJoB5yfRAkYVftcKJEb2a8rzmLabldO82bHhMzUc
+HPriigU/IaBfwl0H+SxHkr0ynAjqsfH73A/W1573BVkTm3EEi6pkKiL58n9vr/GL
+Jx8RvFZdUGhKHGC70jgQ5xmL3R4VZgjgKC48eacdNdRLzuappJSphGhf5nDdgzOV
+v5hChh49uAGzn+9zJdF0EeA3gWXrhwTbW8q43YjQeKXvZWq4+F0swAcu3BQtEmtg
+CWsl03GTkEIMFOcby+V6oLETMhNZovQR8Ri79pZdDJb7isLiphBmnZyzdEMtTsP4
+upJnBBJ6BTkGrpmXjXkAc3W0LlAyOGs3AvZmKwLzRlJ3lh6nW27CsZj2Km8282bq
+xVZsVo93gCXsONQcFhEnkxPxH663tYoMg1w14ZAGGvU/WCdih+toCACKRw0IjBY2
+4heKVA7DXTFU1iB1Z+q6fBpnfcJ2BwNNky4GafAT1sEP6w8wBPdRpZlrLy33DpmU
+2t/PsHalLTCIFqAj7LOGmqWW9CIaCghLXhMaCAYAOfyU5b+xdlmZ2wmNFWQigzG0
+6GkBw7ZmxEQ0+B+8NP0ZcUVm6nx4+ZUA4BMMpmTrXThyxO8bOqa92FgjNpxvMq/x
++VdLt9tsMxoeiWHmSvyZycxsP4cwwuA5c/V6Jo1ASHYlq4jDs+SVgujLHNCxbsXc
+hmCb6Sh1vEoXXaqluBgBV4BQO7hF+pqXs2L2d6MXl4ZrJrbiLH3No2MniDwYtGJv
+GL4e7sLXkry5B536EU2zorNM7EzbRNWbGE23WbuKah7Z7yPYue2eERs/mtKJJumI
+Z0CwpkAPRUAIjkNgRuUqAJOCB2z5XWtGCwn1M0pq67As1iIySNZGr02ccmaRZJJN
+xMBWm0WWGV+HewjPOA/yAYrGQWbLj7rsjVk7zJgYnhlwwEZtLgO9TwkwOQIBM9eM
+lP+GMyaGIM3hh1jL2JFwG6NyFv0e2sLWnK/I006/vPMejk+C9XgL+8c5zicppUSC
+FqVHPGbdK/Uaoflih5bsDlpes5BXYilbniZmz8Hyk4F8/zrbW7cvtA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34.pem
deleted file mode 100644
index b7c8ae1749..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints URI1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqDCCAhGgAwIBAgIBSDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIFVSSTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKxL9gyE
-2WbKCoEEU+RviucDsSOeDHQfoVxci7AD0RhpGDZkMaDQhM+DUHywwIo9zUpLVeGi
-xQNu1+1bQ4SzVBT6k7vcf8ZxPOUI+8WQzMNO5H2/PGz3XGpfIw/RJrRH79ICwZlC
-6QzvSbLJhOtJTQS9kFTECA4AeBzHEN3f0igTAgMBAAGjgaYwgaMwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFKwdFrpLHgtf4rxhruHZ
-ZFp5vkXWMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zAnBgNVHR4BAf8EHTAboBkwF4YVLnRlc3RjZXJ0aWZp
-Y2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAHbVqbpvjgN0GV8abRGms01xVNHT
-PtqMarG3/zQImm9xDzqUqv81kX/8DOy9I/lo3Mvp83M9B74mEEiTTnxkYEpaSouE
-fE3/VAW8dTJb35NeZcOCNWDQv3eA7bufOVO+4KjEHERlxBfEYlPEkJGSLD98SF62
-OYmmR3Cda8cKBk6p
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid URI nameConstraints EE Certificate Test34
-issuer=/C=US/O=Test Certificates/CN=nameConstraints URI1 CA
------BEGIN CERTIFICATE-----
-MIICzzCCAjigAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBVUkkxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgwNgYDVQQD
-Ey9WYWxpZCBVUkkgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Qz
-NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6FGlp6Xjgc5M7qIkjpaJW/ie
-OIVcl5Qn+CIdaNq7obRCyoLrqT/lyrQKTifbp29aWeS20Q9OnvNHYe0AoQulxnhx
-tId1+3BJ657gMf8FIwZ6y7C1vKus4TE6lYhBXJZtTF5lE1znoTDmaO9u+Ix2/RY4
-lH5oTdCUCHiEdcoOBvsCAwEAAaOBqjCBpzAfBgNVHSMEGDAWgBSsHRa6Sx4LX+K8
-Ya7h2WRaeb5F1jAdBgNVHQ4EFgQUnBltKBL7MT2/JrE+lLcnIG0SKgEwDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATA8BgNVHREENTAzhjFo
-dHRwOi8vdGVzdHNlcnZlci50ZXN0Y2VydGlmaWNhdGVzLmdvdi9pbmRleC5odG1s
-MA0GCSqGSIb3DQEBBQUAA4GBABEni3LRvD7bB0FXjsIor6I+OaDVBV6uWcVuwtmS
-gtVMwBhrnKGi/nw+7E+wJs0Sa7INnkylGFlUzOLEFV1Sa6RYjmo61i4AE32uqzlc
-lNvE/bXQh6ah0Hj/sw2u9bXRn6zgPcf+9yQRsJ+wNYuB3rP2dsxckGRMylL5bDZq
-CfQz
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints URI1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AC:1D:16:BA:4B:1E:0B:5F:E2:BC:61:AE:E1:D9:64:5A:79:BE:45:D6
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        48:8d:62:fe:d7:4c:f3:06:9a:78:4d:e0:96:d6:4b:12:b3:93:
-        23:96:6d:00:b6:6b:7f:35:25:e3:94:20:1b:fe:c8:cb:3d:5c:
-        7b:e8:f3:cf:c3:db:96:d3:62:4e:b7:5b:93:05:11:c3:7f:41:
-        94:e8:75:d2:8a:67:bf:f3:b0:81:25:22:99:a3:4c:02:9f:1c:
-        87:1d:b1:20:a6:0f:b7:c8:f2:2b:e5:b2:4d:b4:e1:bc:c3:85:
-        b7:54:29:13:e8:7e:53:ed:d2:cc:a7:95:3f:71:32:5d:3a:09:
-        a1:fe:af:ba:45:14:41:1a:67:fb:8f:46:03:6a:fb:78:26:71:
-        02:1b
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBV
-UkkxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBSsHRa6Sx4LX+K8Ya7h2WRaeb5F1jAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBIjWL+10zzBpp4TeCW1ksSs5Mjlm0Atmt/NSXjlCAb/sjLPVx76PPP
-w9uW02JOt1uTBRHDf0GU6HXSime/87CBJSKZo0wCnxyHHbEgpg+3yPIr5bJNtOG8
-w4W3VCkT6H5T7dLMp5U/cTJdOgmh/q+6RRRBGmf7j0YDavt4JnECGw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34EE.pem
new file mode 100644
index 0000000000..83475b7d41
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 64 28 A1 C6 BB 67 6E 3E AE 4E 08 E2 AA 3E 62 53 85 52 03 F7 
+    friendlyName: Valid URI nameConstraints Test34 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid URI nameConstraints EE Certificate Test34
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints URI1 CA
+-----BEGIN CERTIFICATE-----
+MIID3jCCAsagAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIFVSSTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBoMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE4MDYGA1UEAxMvVmFsaWQgVVJJIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZp
+Y2F0ZSBUZXN0MzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO5F/3
+wWBzxesA5Y/T/BL4plearIiSXCj2/J6WAYteqn0mrUwJ1r2apfS0ZjNREqqiKj1c
+nPIi2mIfqanPTTIYJTfvnR4fAYYpgU+b8jGCmF1qU/G7gRuvhfAV67/NqzkvmiRl
+Nq2qWN0xS+r24fotIAtBhh/kkzmRlgK9rJceRDX0gatRtUkZwNCDA8f132Ghsznb
+REzEzxlWWp1sTi6g9PgL/rvGH2h1RrhUby291O0fUQ0uplSXPgodYZxkS52o66pZ
+3pBTdqvCc7evLZfRaxz1uuFl2IYrYXUos0iOMoTqPzo5jX29Z6A4N78G6tB0Uksq
+nzGTPg6iPwrHxVNvAgMBAAGjgaowgacwHwYDVR0jBBgwFoAU+iitQRbeKmgXyA8c
+Iz8mA94CFAIwHQYDVR0OBBYEFNZ67DHSA5qsuP96390yL1+UdqlGMA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwPAYDVR0RBDUwM4YxaHR0
+cDovL3Rlc3RzZXJ2ZXIudGVzdGNlcnRpZmljYXRlcy5nb3YvaW5kZXguaHRtbDAN
+BgkqhkiG9w0BAQsFAAOCAQEAUAfALBN64JUbbsGzkZBy5SAIDD8HJCpcxlMgJ6UU
+4RkR59QygGzwquDniZQvhDJ+ZqzgkBFY/k/UFXdpPJD6baREO1H+wTz/TPhtxMv0
+5n5Ycbno9qhlIr4JFj5gTU0DcDcYke7AztSOxyT3D7/Y0cpUOipTay0BmZA9ndB9
+yGnIIALUzQ5pDttKZso5TX4Tf8c3Y8V5VqhiN/dOQnXnsanyBSsRhn6jaPTowi9s
+SjNXIw3GgiWod26Ld9eRLMljkNgA1h2nIwkqIfStvJMzWVEd/tPUj5+lF3L2EqL8
+8E9ziMi7XGb1hpCr9oBN+9TaDQF58lRFiwZO4c92bCqmJg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 64 28 A1 C6 BB 67 6E 3E AE 4E 08 E2 AA 3E 62 53 85 52 03 F7 
+    friendlyName: Valid URI nameConstraints Test34 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,50160F6A2AB4C12B
+
+kohSQm0k1WKhPHAE0UjYK6HN/4aIK2XHNrgcB/0imbi2nIsENeR2BAu3c3VTXTm8
+rNPxawXFu6SrqM4Q0QUvY5Iwntas8y8jPvXibLKWIR8PdtQBn0LV/xUTG3DWOUW/
+YoTHB8TrDYYLqNmIlzazOjlCU3GGanFuywep0UDSRSqPja7mFrLxmQfNySan1ucl
+5oKHvZISFQoiq35ujPdtSR9oXAkrApsI3g3EzLCXhf1o3OEToUleXdLsnIP3oO+j
+Sa2VrkhWhTrrJaud5RJYIBfrtZURg26OQhJuTjOI3FfThliHkfBqx8zP4PlDDmyK
+S+hE7IqDD2ANWqazKaAReG910vX2FdlFo82YsFF8ultSbt+WNwZHY1/76YNCSL/5
+OwVbbOdG+iaD+k9uWbln4HalwB3eS9HlSVgUQLieXluVbRUtsjevJQSWT4mvYI2z
+ut4SLttuxPL0+QvKoSfZ1I7cfCQgLo1Wxw3gHu7hhyIdSqey4HPr6YYTyvjngLmp
+j2AxQLCyfMRJFod7louYs20qnvOAxL+0UAgRSMtkRSj9s/sXw+At5Dy3W0LDjx/P
+qq08eXYImXTbG7D1SvWln0xwJlM7bItEIgdRbnXmnAThxLshAi9bKVC2OTLRj7HM
+b4rx8EvgQViQ6HQEZQAPLKHDEfLUhgk0US7Tg78AfPuY/IMY9MquXmvBMi3+ngkR
+RUeuUes0puPy4q3xSrc/Uf6nLpPYdfqN7hFOXWH8yfVs2vsM0/iVHqCM/XWm0zMc
+4Vf5qhZFaoR1XLSH5/D1jr4lDhB4r1Mh2N0y5Sps8SbH2hiSAKPrI9jTlrmH2nUt
+zlzu9kUp5KORPjV5/cf59rU4KeJb1S6deG1uBAB7vwtJhQdzr1HNURM2L66XybAZ
++orb4HCPxKPsHCUFMbOWPyhc/mOSHJAcjylAFosu/C0xqNl/gmoKzbbp7VxV9hZf
+SIJUgNu6NZLhrjFBcekEfiZDIyDLFYpJ1vTcAebJn5b+/9n9xkRjF0IbPfbDUX3t
+gvcrKcr2puANr8ZrgqjFGJJ0B7AEMZa1x3NCiMXioQXMVupvTtL4b8zmsWqD3ZYZ
+yeFYnRHlXC2M9cZNm9yTqIDtEOc6zB+dqYK0VThKP7YfDoACuFsei6EBGsY3A3n3
+V0csq9RMm8Svo3qrhR3ygDiWWyxWIwxrmoRIZgv/bUhScwfsccf1oahlvueRxfDA
+8ytIQw3SwXhLflmmqdd3AA1Ks0QZAU32JiUhKfpzzHxjad+xVLElrBMjWMoUvy/U
+rEjvQCasrTCOvf9cxt1pla1X23USVcr4q4mq+amFYXdpn67mDemqeI4bnJmOcSC9
+yic2OuWgBhU0zRytkn2oBAyg0r4RTx2Pr64BjPuuHCQ500EMFOiuTfJJiPvgb0F3
+IgLmJoHr3lwD4/bF1UPLldHkmLdVPYBgYU+Fc721zIUJJQvEi4AedOPcRzyJ+tlD
+v7FhWudV+Lt+sQl5kZ6oz7u8BzOVfcTApJUu+7dSfiTujbSnmip3gB07mvUE6kQa
+sntlWQbLfnOM+uxH+cpT7f1vmpXkv/CcJCIfd+fX+yoYk5B/0q8KKA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36.pem
deleted file mode 100644
index c13af8a307..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints URI2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBSTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIFVSSTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANCu/tVS
-XB6TUXM4bU2lQ7EKvQrGMy49TSnHlIwEVZ9UNvbSA/ChnCxPIKWiVWlqdqr0evlL
-xdLPxQe6xHuVjkvgFleY6RjA9LqD7YFFvf8AnDD6BV0kIr3itChNI2abON8Dh6IG
-+o48bCPAt9bqxCepQbrSn4mYSlcKjyn66Ev7AgMBAAGjgagwgaUwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIakVWPxjKAjp6e8y2yq
-bdBaxg9aMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zApBgNVHR4BAf8EHzAdoRswGYYXaW52YWxpZGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAXeaQUlCHmmhg1rKHYxVfKaCq
-S574GPbDh1QtQoNmVqFF+yGHse9s4hcYcv7VZB74kYKCFUShbBWl1VcmgPbJLDnc
-MDjP1B35WdH4IGAxCBLHOiuv/1AWL9EfHUdhX2ZoFpJqNty9lFkahCZ6MARJwtS2
-fBh60OItInetzMDECnE=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid URI nameConstraints EE Certificate Test36
-issuer=/C=US/O=Test Certificates/CN=nameConstraints URI2 CA
------BEGIN CERTIFICATE-----
-MIIC0jCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBVUkkyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgwNgYDVQQD
-Ey9WYWxpZCBVUkkgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Qz
-NjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvE7GKi9cq2LoR4nDK2rqmEIH
-MsJ3m6EeWMUWwoRidb2gH7E45Oumq5skRGihWVu15Lokjua+3arteyn8MbuDj+lF
-KcEEP4VLE84+SFaA5KNgDJspoT7+UiBZRELwTxiTK9vPR5VQyTQnc/M9PkfC5rvV
-WbctYK/HJ/r68nmGAQ8CAwEAAaOBrTCBqjAfBgNVHSMEGDAWgBSGpFVj8YygI6en
-vMtsqm3QWsYPWjAdBgNVHQ4EFgQU2X6Y6CoZbpdRkA80xPGNWG1aeZ0wDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATA/BgNVHREEODA2hjRo
-dHRwOi8vdGVzdHNlcnZlci5pbnZhbGlkY2VydGlmaWNhdGVzLmdvdi9pbmRleC5o
-dG1sMA0GCSqGSIb3DQEBBQUAA4GBAG2N3tYbTsRh2FgGR/eAxNmVerY5ooWKrZE/
-MkikG9U+XWgHChNL4eR92wDJVi1h5uVvSyUIF1vEFXVfVxyqG1kz1dqWcFrZHp1I
-w3WD/3qKE0ilWL+AnW7LOOTbTUDevmIwcUAvl9/QiYpexJyeQhzWJ13gh5vwkfiG
-coWXP3GU
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints URI2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:86:A4:55:63:F1:8C:A0:23:A7:A7:BC:CB:6C:AA:6D:D0:5A:C6:0F:5A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        73:1d:ee:ad:1d:21:24:88:c7:70:27:82:cf:68:1d:fa:61:18:
-        da:2c:a9:9e:05:0d:b4:7e:e3:ac:49:fc:82:76:d0:6c:80:1c:
-        b3:b0:36:4c:44:da:e9:0e:aa:9a:df:66:1e:0a:80:f4:f0:0c:
-        84:02:2f:57:47:96:e1:f7:ae:e6:be:85:9e:53:e0:97:1e:9a:
-        68:7e:f2:32:8c:d7:89:1e:63:dd:3f:47:06:30:44:e3:42:ee:
-        30:c2:d6:ce:3a:46:4f:6c:8c:e2:43:c3:7e:5a:51:ce:5e:73:
-        7a:ed:f7:5a:04:a8:0d:f2:f0:67:af:e1:0e:b8:eb:9f:cd:2b:
-        24:62
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBV
-UkkyIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBSGpFVj8YygI6envMtsqm3QWsYPWjAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBzHe6tHSEkiMdwJ4LPaB36YRjaLKmeBQ20fuOsSfyCdtBsgByzsDZM
-RNrpDqqa32YeCoD08AyEAi9XR5bh967mvoWeU+CXHppofvIyjNeJHmPdP0cGMETj
-Qu4wwtbOOkZPbIziQ8N+WlHOXnN67fdaBKgN8vBnr+EOuOufzSskYg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36EE.pem
new file mode 100644
index 0000000000..c54a940b53
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 90 C8 1E B2 98 13 4E 66 81 CC A0 66 8C DC 14 EA 92 3A 08 CB 
+    friendlyName: Valid URI nameConstraints Test36 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid URI nameConstraints EE Certificate Test36
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints URI2 CA
+-----BEGIN CERTIFICATE-----
+MIID4TCCAsmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIFVSSTIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBoMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE4MDYGA1UEAxMvVmFsaWQgVVJJIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZp
+Y2F0ZSBUZXN0MzYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMbB0+
+65ySk6fi6dtExfV1zX4fF6wQUg0um9bpkU7sssBLoEI3fNMzQTM1iwjpbQqILiRP
+0zqi/pEy8LTZZN0H3/Bvign4sGWhf45iMB5gIVR788WqOKz+vnTHjzjve8a3y2BG
+0obtbCGD03k3a1zu3EH6X6ZXQHN5AXFgwQgOkwWf0azdHUb7JO4fSFMH2hNEgOJx
+2ip+HuWZfzUzIa+as9ysh7OCjJYySAp6jxzvrQAsRcUQPd0XLuJKUM/tWXAzfqgy
+Rk5RsfcnLiBw/Z4fB1UzhN5RSGyBxqwiibLl5zeEQxDETmW7kVDN0V0khIpX7mD3
+frmvHfx1nzaSU4IdAgMBAAGjga0wgaowHwYDVR0jBBgwFoAUTeuJcd/wBAGy+nY6
+WLG6YN2M08MwHQYDVR0OBBYEFF3cy5MzmrQiP79DwPPCIj7VxjfFMA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwPwYDVR0RBDgwNoY0aHR0
+cDovL3Rlc3RzZXJ2ZXIuaW52YWxpZGNlcnRpZmljYXRlcy5nb3YvaW5kZXguaHRt
+bDANBgkqhkiG9w0BAQsFAAOCAQEAXHV9C9XnmJqFiGQvsQv+Mtb3wU/lbRlv7P4+
+dVItASgqIPJwjrGAEkFjykCDUd/ozD4lIo+UxKwXAEmH53wyXLnnupluCnPYarTM
+KgWfQlBj/eO6GNEQLujg05EK7VxfFnr1jPXEaVBIacwwXNlEGVFK/j5GaOKh9kbT
+SwdMgzGI8R+k8mYoLbVcE3Q3v3zsZPjsME8OBW3d+AytEb2gWScJv/iDfCSgk3rQ
+F7NENzPMDreitDNAhxvmQL0/KGewkCStOjFHaBLQKR+ELq8TruIEuypNl8BNFQf/
+HSf5MCFAlkXUNaff+m/vEvm6j6l4WlcuY3cYA0BLG+OTnSnTCA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 90 C8 1E B2 98 13 4E 66 81 CC A0 66 8C DC 14 EA 92 3A 08 CB 
+    friendlyName: Valid URI nameConstraints Test36 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,099C68B6A471A08E
+
+nyQYist/gy/S0F8Dbw3KXCcHMxzhAM2TlY8lecSS2d+Q3hrFWrqQ7tIrwZYGzznv
+ypq6Wp8Jxkq357ceY7F9yz8UA/TDK4xQdFITeM4toUknwscbkSNHgYbMAFwpaSAC
+1dd/VyVIEUC6q7gbBYoUxCXS3tEcoIzmwSO1unB/c75ks78uY1ygyrjPu6VrnOMz
+wQDrOAdRJQhwAvw8DBqHUejxThr60UMi7OMbNlzlzud9crBdlUzAluxkgTagpihe
+9KBvPUGMAtnGmchmCQEZcNoQ4mqCLAQqcylaQl9h9bUnMrAllVteiBpePHCBTO5e
+EmfSa82yQJI32NyJMI1a3soP7fZMQzitHgGKo9Kcw2g0qAMjtV4vgB+PeavW5zpV
+uNCQ/cYbkie9NbccrkHR/iiLtOggws/Sm8ZQv3WaAtamDM0TK5uLilWWthvcD/3X
+h0RPOaBkzH+APUbTk2b4sLFqMJDmKEO0C1o0yGDsvo/0AarZCUXaw7LE0VmAV4aw
+ux68ttmqIshamV7rj4UZ/V94M1KLnxRcvGui4XdNx0sKA+so01+4XgIZEXWRR0mM
+RKGwO+zlTuSRtCgo5rDwx6rATxjq65PawAMZ48QGKXZWhfvEtGwsmCweQvH/G241
+LZKBXrl0wO5jEeGHvd5LGRjZQqP5AEnlUV7fKWb19j4HidOtDixZyhWxXDt6x5k9
+BEEKrDp3K8Uhu/+cYLtziCa/ItzGMPiBUd/m5C1zYcUqrh1eMaPh9YBbRdXR/GYh
+1g6dEXcCwjyLrYsaAjIydKwES0Q8lnbwVtC9VyQwVId/X+dp9ayU+IWPBweOFZ+Z
+bHp0oAbn5fPRzx/BwjhpHUYbmqgs3knenQDYofRiPCaV9oTvEt33iU6tm+tsOOt1
+d4Jqa8kgbX05+jxDIjwjY/v2pVqaKllJzpKWFPGlXXj74aKRrVr0kEXb2pklYp/G
+3HzPbEG0OegIFAj3qBYZujbJ9P0Fys6/Qz7p0gELWRRvAsXsKntRDBE9n2QrzGzI
+iT/r9u23pjmNv1mIT8bIArzTmlckJO7QeF776Ti27hQeZcYa4wS9m8vqAljI0LWX
+g4HvChsaS1Q4SBS1Fi1WaREDOfeuJyDBaLqa+Xc+n9StuN3bJlsx7PX5Y3fIQBD+
+ixmyMZQHaopuue/LH9BICaDHvU9h0qD1jTAs4oDr7OLzaH7bILDPsooVKMmb+EOT
+NIT85QC4sbrpVTK1UR0Mnw1D5QOCRyuQyetdG6T/bpKb2V4AjWFX5BSexhp5YAdx
+qfRkib3DKF0s//evkn92phwVoZP4lTv+phVRIU4DSSxxZST7XNsr0QzlE2lUkYTT
+AOCOeB519BHdugmAT3WwCqbOEcmnqef+WHnWWH8IplTU355MWN6odfsFDhCr/Sf/
+/7XajGPw0dq7w1M7gUpEJcQC2r29s814L3UGstU55+rfnf3tevs9ar6HcuTM2Nhm
+IjP0hHeFYaD9AN9AvyPyhYwn1sEibpz9y4UUOyK2yCe9BGVzFXl0MJn5VSX+qWSX
+7cS2hhm+v0zRqGA7u+fMaqWMnMWMl3+3Pxh/8CIhC6J/ioGHtOjz/AkWR1e0Qaii
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11.pem
deleted file mode 100644
index f91b6dfd97..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=UTF8String Case Insensitive Match CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBZDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKDBFUZXN0IENlcnRpZmljYXRlczEtMCsGA1UEAwwkVVRGOFN0cmlu
-ZyBDYXNlIEluc2Vuc2l0aXZlIE1hdGNoIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCaogvEpeDhTyOkM06wjnLD1JeNedm9VZ+FpIvkkhrhGKskIHcfsNfJ
-EsrLnoSQIj5ocFyxY/76uaSgJcEhTpIj695mSBtyZThgQr07wSGTByiAmO3fR3if
-tMzWdzP9j19QXSUZjQCBNySjtuabFoqgR9OHEmVjly+67Al3yaZDEwIDAQABo3ww
-ejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUNmIV
-KXylwtCEEMdeoxYn36lEE2IwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKnn
-dr5r22s30krLGaZ6Ava5zeA3jRRsq/ewoyaGn39VO/MYpqRxPdqlVqLO41PCjwTY
-VjndPhVSfFsQHxANRG4TUD7MBKeNsr3eclIvzCtIb8U9dwHngXeYNlih1ufYUDZ5
-z5oTq4R9mHUGu1Jz/uW9sisBRMbS+2wj+E/3yezC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid UTF8String Case Insensitive Match EE Certificate Test11
-issuer=/C=US/O=  test certificates  /CN=utf8string case  insensitive match CA
------BEGIN CERTIFICATE-----
-MIICrzCCAhigAwIBAgIBATANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJVUzEe
-MBwGA1UECgwVICB0ZXN0IGNlcnRpZmljYXRlcyAgMS4wLAYDVQQDDCV1dGY4c3Ry
-aW5nIGNhc2UgIGluc2Vuc2l0aXZlIG1hdGNoIENBMB4XDTAxMDQxOTE0NTcyMFoX
-DTExMDQxOTE0NTcyMFowcTELMAkGA1UEBhMCVVMxGjAYBgNVBAoMEVRlc3QgQ2Vy
-dGlmaWNhdGVzMUYwRAYDVQQDDD1WYWxpZCBVVEY4U3RyaW5nIENhc2UgSW5zZW5z
-aXRpdmUgTWF0Y2ggRUUgQ2VydGlmaWNhdGUgVGVzdDExMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDsol6bNoNnlNAy2lkPsdVM02fDVB5vmtUbTN2DiXfYxICd
-NtMW9orODpZLBLuhHD9L/N+amY5njVAJUpvbdU2cjFMwgn/YfQ/eDXrCDPG2FLaJ
-WA0nRqHFrhBVz6MgJFtpJUz3e1Owsy3U03aq9SthFb/BBFFOtAH6mXnuBjYVTQID
-AQABo2swaTAfBgNVHSMEGDAWgBQ2YhUpfKXC0IQQx16jFiffqUQTYjAdBgNVHQ4E
-FgQUxMF/9KLvn9+5ABPGIN0ZEfq0S6cwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCLnWS00RFXZcbBCM15
-7+vQE5xrZp4AH8MhcC5CCS7C5F6JkHPcXT5OnCCN+d0cmCCTgolBi+AndeXwen9O
-y/2uq63SVqP/H67rcyoxaGeqSxxZqbowZqboUMBLinSyMq/coqnGbiNjK+K7xXqR
-borsQCmKGqvst1rn2LPNKfKRCA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=UTF8String Case Insensitive Match CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:36:62:15:29:7C:A5:C2:D0:84:10:C7:5E:A3:16:27:DF:A9:44:13:62
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        32:f5:46:0f:c0:5a:10:87:86:95:df:18:69:d7:c8:99:4c:84:
-        5f:f7:1a:e8:c7:66:27:41:73:a4:72:f6:09:66:a9:f7:cd:62:
-        22:87:dd:24:94:77:c1:38:e3:9c:cc:70:64:29:b7:d9:76:94:
-        59:d7:26:43:86:35:63:6b:0b:81:a4:1d:d4:4f:7d:87:6a:b6:
-        bc:68:34:9b:ad:d0:1c:34:3b:72:7c:7f:25:b2:19:03:a1:24:
-        ee:ef:d3:3c:a6:21:cd:79:11:70:d4:6d:5d:c6:67:14:39:17:
-        e2:23:30:76:5b:f7:b5:4e:ce:ed:3e:57:2e:58:1d:cc:ec:ed:
-        b5:52
------BEGIN X509 CRL-----
-MIIBUTCBuwIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEaMBgGA1UE
-CgwRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMMJFVURjhTdHJpbmcgQ2FzZSBJ
-bnNlbnNpdGl2ZSBNYXRjaCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WqAvMC0wHwYDVR0jBBgwFoAUNmIVKXylwtCEEMdeoxYn36lEE2IwCgYDVR0UBAMC
-AQEwDQYJKoZIhvcNAQEFBQADgYEAMvVGD8BaEIeGld8YadfImUyEX/ca6MdmJ0Fz
-pHL2CWap981iIofdJJR3wTjjnMxwZCm32XaUWdcmQ4Y1Y2sLgaQd1E99h2q2vGg0
-m63QHDQ7cnx/JbIZA6Ek7u/TPKYhzXkRcNRtXcZnFDkX4iMwdlv3tU7O7T5XLlgd
-zOzttVI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11EE.pem
new file mode 100644
index 0000000000..55689d442b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: D7 D0 63 11 F3 B5 B2 43 11 C6 86 8F D5 31 5F 7E 92 4D 7B 10 
+    friendlyName: Valid UTF8String Case Insensitive Match Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid UTF8String Case Insensitive Match EE Certificate Test11
+issuer=/C=US/O=  test certificates 2011  /CN=utf8string case  insensitive match CA
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBATANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEj
+MCEGA1UECgwaICB0ZXN0IGNlcnRpZmljYXRlcyAyMDExICAxLjAsBgNVBAMMJXV0
+ZjhzdHJpbmcgY2FzZSAgaW5zZW5zaXRpdmUgbWF0Y2ggQ0EwHhcNMTAwMTAxMDgz
+MDAwWhcNMzAxMjMxMDgzMDAwWjB2MQswCQYDVQQGEwJVUzEfMB0GA1UECgwWVGVz
+dCBDZXJ0aWZpY2F0ZXMgMjAxMTFGMEQGA1UEAww9VmFsaWQgVVRGOFN0cmluZyBD
+YXNlIEluc2Vuc2l0aXZlIE1hdGNoIEVFIENlcnRpZmljYXRlIFRlc3QxMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN29zJK6hFJG5nAuyoIXSLM7XSRW
+O5FCiwm1id6V5ELZnaiQN5PtY7ZzOdQ5Rymo60UCnsnp2Ylg1OYh82GfvKG7gZS0
+xRwA/3Z5veLZsYhuqm/yixO3lfbmQRb1axDgfudVwUnwdQlvXjXPf4EsIB5WIAIv
+JYryutqJNIn3VX5BeI8luQX2ynlkc1StTCeUMnXYT26X2GW71m0hn5RsSlwHayo2
+HXVULIt5ojyGoatCESTbN0kmPXKJQTwV/KmER9Ual9Zb4BKvdy0Kbs/SImNzmA3a
+VITJ/YMs6BA0OshD39ZkqvDF86aCConG69VXWF9ASOmClC/asa9AyHvDAKUCAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUYN8Y0cqpUJIRFyFE0nf1aq2mvngwHQYDVR0OBBYE
+FKzudXSiTCM93NKYuEBr9McOizZqMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAEv6NJ3Kqb+fORfTmqBp
+z/UIu+rdVqUmqVOc6VEG8hrOWOUjNHxb+DQHwWSM52s4ednWj4iOrERBtqI6I9+L
+Ja1yCa1i84KLowhew/iH8fgFqLnuoqiQ6SXvY/z6hBIHgOSZ5LI0yF7Zsw7R7JKc
+S4rpOI9lrXRPHPFv51Up7Z9BUNv1QOU7dlLAIwXXKvEETuYD4rM25w2Jz6ogfdXD
+Rs/B2OAm5lKTf/ZNeLtF30oyNPHPol0DvAQO25oRtrguOShdluY++kWqDXlVMetI
+y5xJ4/n3p2W3V+S56jwwok+627UoDYUqS4ulQtix30lcWi2O+UqYgFnNWJxwa+Gj
+zp0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D7 D0 63 11 F3 B5 B2 43 11 C6 86 8F D5 31 5F 7E 92 4D 7B 10 
+    friendlyName: Valid UTF8String Case Insensitive Match Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,58848D19CF96577A
+
+mvFg38AyE/2G/aVUlNhvdTka5AvgOAknAWqk4lP9m4oGx4V/QH39TjFGG9HHF25k
+UXLMXj/e4qbN7uwU5T+z+A/FiPBBuhjCjcK2Bm0zH9O88yh/Qklop2XQQEM9oIXI
+AJrYXoKfin8Q+AgSvZ92CfAYqIm7j5jEdQaf3o9yih2aRQTcYiM429fGM5gSY+mv
+vS/4MNJFWyME0D5aRJrwBK2lMmiQI/zSQfmZRiNOYE7z2htmkEECeGarO074gO2z
+He5RKtGc15x09AP7GzzDZOYMX7tC9PyxE0dQ0sif28Dw7bp/mZeG31geznW7kpQt
+p3scKoZ8TKOVmxnxbrHUMhXQ1nd0hVRTAr1VGtp994Na85sYe1SKpcF3WMxCJ7pq
+ttZ0g50S0zLlgjJjOPcnybDRMoNwnzZsEW6RiQdlNZY3TRoeLkNfJgtTV93jxJ+c
+8l6TO8Us5E7GjChUnN8/Oo9U89XXVKJW7MOnbxCkqlAyHxl1prOvpBecHhuuN6or
+0e/RwMxrkObCN4MPpa4+axzhTBPLDnqGJSCkF78VoQEF55QF3ZFDWztwhusM+bWL
+U7wfFjLbIZZw3vlJOu9/7Owva9Od0es1+X8+V/RVjbMFS0VxnOTjjeLEG2q3Cqll
+byesMZ2csF2BAHoCtP9mlQ2NXalDi4hSwf1RpT47KqAnaX4y1lI0lHB8Bv12UHDy
+foKLxTrZcDpHKvpxgkQRBClR2ZIUQzwpNiOtIo5c8BCyNn6FLCmXnasdZSG2ow6M
+gXlzpLoDL8g+aTI6U3Ruo0NiRmWFTljRcJOKoCf/H24F1eOCRLQOTwJs97YUD3/h
+dK2XGkGKgS9dEOon6CnCGVti8NNKBMDpiOt/PwtLB/IZf6PCUunVKlzqnyaT4twL
+dUImUev+ybVpBGQADYxQ0qWjtpGee1kUjBPOMI+UbzYogCVbAJlutQJmqYX8gvQn
+vLmo4kh2NkoS7nHyCAQb1d7qryoMYq8ODSIW78yj9il4YblajBT0N+x7KuU+K3f4
+hWIosco1WnejXmMDBYXyhzI+mEE0B5nxzio8zSFYXOe06FNiWeY6G7j2UybfA6zk
+7OLT8tEK7xk/Q23ih4wHTndaMYzPMDepEM/hdSXgGHc7O7oXEVfprHLVxVZPy+Ju
+KcLIu1t6BEEpXbrE+Ar4gcJmYQePkMs7UtOxBdTNijcN/egmGY++6V+Pg+vDjqzn
+Evr+rjq9MxtSqMntrtZJ8fLd8Dufs7O/PCAfDAj2lISrYcjx6Zbf/wOaU/+VzCu0
+tGO+ZuxTMWLxnGj4VhFdy2Mm8maayva+qMDP4SBlYsChDMjgMdXBkq+nyXdFNQyf
+a+8owuaXhRd+wpMmPy+4WKkJ35B7rlgOw2uYcKei1IkqMS0Nvl/yH5RMPjeLWxgA
++ubuZm6zXpM75sbQ9dEgwDCHadjRYktEDfVhT1Fm1FRjVGU+12FSMa9wGv/OVWN0
+xW1g3dqvXQyHQ/MuWGRfU0OHa92bu1cJ5vUPVtPOdNXwKxx8AdFlqZyJWsCd2OCb
+ST/BEi1+SBIPeV73M6movs6zFP2/e2VKvDArHThf8dVQROqPGO9Nyg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9.pem
deleted file mode 100644
index 2857bd3c74..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=UTF8String CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICczCCAdygAwIBAgIBYjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEExCzAJBgNVBAYTAlVT
-MRowGAYDVQQKDBFUZXN0IENlcnRpZmljYXRlczEWMBQGA1UEAwwNVVRGOFN0cmlu
-ZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwNymUjXTPLYfQm1sbyf8
-QSDxshobqw4r+yna0i1Rj3o7Lu/5vt/vqIPKH2r52EYvuFWBMNKCglyCcqidFgVx
-Z+hsUqJi79uj1DhGgqeSG1/gmyduba9sGud4J6rNhVuz1E/dX5gu81Gi8AgFQj/D
-tC+HMSrP6GKAXVbXsnWBPGkCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6
-ng2wPOqavIf/SeowHQYDVR0OBBYEFNMoQWQMXH4Okw1WMKge9ihlAMr7MA4GA1Ud
-DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
-AwEB/zANBgkqhkiG9w0BAQUFAAOBgQAYI8NaUKFwf+db04baEtgElpS8AhzYiCP9
-H+4pn+6Bp7ZK+3WMdR5HVmHkn0wx3+eRrAO+4sViEZYS7+yJfJvQVqgeVgRWZeuE
-dzIXVT0OLIloElDfgpdZgkkM2Ucdg5Nn52Of3AnZagaFiaNqFRZmC+QYnKif09vj
-8jaUJTJbuw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid UTF8String Encoded Names EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=UTF8String CA
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEa
-MBgGA1UECgwRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMMDVVURjhTdHJpbmcg
-Q0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBnMQswCQYDVQQGEwJV
-UzEaMBgGA1UECgwRVGVzdCBDZXJ0aWZpY2F0ZXMxPDA6BgNVBAMMM1ZhbGlkIFVU
-RjhTdHJpbmcgRW5jb2RlZCBOYW1lcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoxNfkgSuZUKuoTrCTE46w8pIE47j18Ul
-+ZyQJGplDws8AeUtIXBGxaYs6He2jxJXV6geeAi/DlFhUnNSK1Gavbey2DUkn8Av
-3U5y2+p6S4HtU1FMypUCKcboGqHME6y3rqDQSl7YY03v3wd4PPaKPqvhZtDSG7b/
-QnejyG55zHkCAwEAAaNrMGkwHwYDVR0jBBgwFoAU0yhBZAxcfg6TDVYwqB72KGUA
-yvswHQYDVR0OBBYEFFNv7Je2o4j/89zS0tw/sI8eM4dZMA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAT2NW
-DkK184Mva0VGnLCXsyNVUYV9/6cBxVncmML7X/XlT3c4M7ZjSoL/J+hVyavU+1pN
-SAKfgfyZE6mVa6BOYzL5sBRcvpgJPjZMAEGZ+dwfJUsh2KQvFmEXu8xSBIss4Rgh
-o7OsvrTpSFiidbLgLQW6FeMEivGfw8AZZ2W9+s0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=UTF8String CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D3:28:41:64:0C:5C:7E:0E:93:0D:56:30:A8:1E:F6:28:65:00:CA:FB
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        97:9a:cb:dd:e8:9a:f3:02:96:35:53:29:74:69:84:1f:c9:47:
-        f5:14:71:8a:f0:32:42:64:ae:06:9a:ec:f1:2a:e1:4a:70:d7:
-        1e:11:fc:b8:f2:9b:6b:38:d6:18:37:5b:74:d7:bc:78:c7:9c:
-        b1:34:c1:76:87:4f:31:43:25:ce:95:52:23:cd:d0:38:c5:f0:
-        26:b1:13:d1:ca:2b:f1:e1:df:e1:e7:3e:6a:3e:d9:51:60:5f:
-        6a:78:b2:50:03:45:39:95:40:3d:2d:39:7b:af:97:e3:32:5f:
-        14:f8:aa:70:ac:49:6d:44:1d:ac:2c:d2:fb:a4:5c:d5:f1:d7:
-        23:5f
------BEGIN X509 CRL-----
-MIIBOjCBpAIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEaMBgGA1UE
-CgwRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMMDVVURjhTdHJpbmcgQ0EXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNMoQWQM
-XH4Okw1WMKge9ihlAMr7MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAJea
-y93omvMCljVTKXRphB/JR/UUcYrwMkJkrgaa7PEq4Upw1x4R/Ljym2s41hg3W3TX
-vHjHnLE0wXaHTzFDJc6VUiPN0DjF8CaxE9HKK/Hh3+HnPmo+2VFgX2p4slADRTmV
-QD0tOXuvl+MyXxT4qnCsSW1EHaws0vukXNXx1yNf
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9EE.pem
new file mode 100644
index 0000000000..eeb1e3371a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 3E CC 69 23 02 AA 68 46 BE EA 0B 63 31 0C 9F 56 C6 FC 3F 84 
+    friendlyName: Valid UTF8String Encoded Names Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid UTF8String Encoded Names EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=UTF8String CA
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEf
+MB0GA1UECgwWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEWMBQGA1UEAwwNVVRGOFN0
+cmluZyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGwxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKDBZUZXN0IENlcnRpZmljYXRlcyAyMDExMTwwOgYDVQQD
+DDNWYWxpZCBVVEY4U3RyaW5nIEVuY29kZWQgTmFtZXMgRUUgQ2VydGlmaWNhdGUg
+VGVzdDkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiQyHe+Qlww7JG
+F56OLnXVa6/PwDW5nMyghTVjB/9SVbOF2cOOtFS/pGw9Qbc42wajSZuKP0tEBph0
+SkZlyhpyHwcGn2UMrWolAnAGDugxr83ijb/AElL+Orzm5lxPcuVG8+D1w9EW7JOq
+I4iwhHe70XKdM5RaGRzQpQmfvGMuj6VsMUJaIv+9/5RLycevwNEZl3yiLTV6APui
+hoI8LQQc9C+YQfAzRqz+e9adZIBayMhshpAJtgZ9pdNRPiUXt/NDw4jSbHp+fABs
+3x0i5GMDGBQMI44rUVY4odIM7GcIFZ14HyLY0stkp2PsHCvmd2DBS9QbCA7rWhHu
+8gcdQ021AgMBAAGjazBpMB8GA1UdIwQYMBaAFDtnW0TyDadIfXMpjJOf1STjEmAm
+MB0GA1UdDgQWBBS4qOG97iGSGhivTSqPnNsjcsGavzAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAeayIn
+ZVW7XoaTBtQWUmvNBO3bMOq/FsCioTns6lSZp3JeTMG0yj6HmxJGNLuDNMzcfN88
+piQ7sfvNf+lcWb0gwdB2HXWTU4TcpAHUkn83Fid9og3gZv4YDh+fIQtcaL4/Yja0
+cSDiy/OYHvV3ehEuTAnMPh8Utd5UI72eFwznL+7lFdJMp6IMTa0GD5iVjkYDSOE8
+CBFv1vyFZOpiM3US56Kuo93VQdDUSXZdbHphgddospcnlW1fQ4wvMUTZpXeqcbu0
+kDqNIM10ooUbnkpa8Zsf1aOdna1p3GcFyJTdpKiellXrtc52azNxwHgPwvchG4k9
+RqHAGNJlDwsEHMB2
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3E CC 69 23 02 AA 68 46 BE EA 0B 63 31 0C 9F 56 C6 FC 3F 84 
+    friendlyName: Valid UTF8String Encoded Names Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0348A1ADC6843B58
+
+CIUrRDnJzviIO4bKwrC4z7P78xkD3j0qb4EcLeCJnuPgRioje5DcQ6mc0EpsbDrB
+r9HT1B2TtIK8VjOn0Ij35TKPMCKXNWajJALwcrN/h7TwR31X9m0DGvnhxBi5oZSc
+JWdBsePDApcIxfxJ70pI69gY/yOW1I8iKUXxGtmdOJBOupTQtmEbiDw4jlPIlImc
+AJErDVFhtnLEQgczv/+/J8QeW20NyrxGxkcZjBBAQkwn9A00MuxeQ31KYYEBe+xN
+MXOmVz1JFJhQTdIooH8bEPRBOgW2PF0ZXYbL70Mj5X/QRnFnw5IL59vn7G/RylMz
+uORlOPzuldVxwnNk3eff2LK/S5KdG2f0G41T09Y3j9BmtuVCfqX50bUvneYVfVsL
+a3a5/zZc1JYGlYrSy0wqilV/5dPBR8JcEz/jXqV/BkqBOZgoySm3iBbeo8jy7Zb4
+N6uamLwmyu/ED/EFNyIqJ77ITs/AK4aOVepAcITyreRpkuxmlzJhdrKzkukfZokq
+Qy+MAXyva+gXbP7gwLeWAl1BN3GgekvhWd+DTMrAbK/9E4y3A6poNe9xS/JNUqfu
+E7bMSvzawrxk4vh1t5evsrms7SYR3JnI0nFoZfVynwifAG1ci5xafQe96Wd7XII+
+M1z+Ifm24UodrIBOB9pMzlx2hENo3f7f9DSzbLKJUHkc8voBQm+Pn+MGwNH42Aux
+TGmsNjekaboeY3kQK84KmsPzoTQ/LIKAEs51T6bss4cJxUlMK1ZqW4+lUt2hDAmz
+WXqmdaq6gRFwQxZbEH69yEul6HIYIluTVQKFR9qYZ3cipIMcjPdOq+6MZfMcNOD5
+knsGLmGa9IbLFF99ORvT/8Ul+eyCrGdJ3G0Q+4HL2Tbf9eacL56vQC2JZiN1uUR6
+R9LDOrGfy5OlCSgk+gLTm0p8BQOAiUuzRSO0uuhufa/VnP+se0Fqi+5Z/b+J+CVA
+brdbRQnadvUilAj091EjBP3meXY6OrKNmUOW3ZUfUSOLyfY6WffxxEDL3+g6zY6F
+XqprdfcL8iP18DXm+bQSCq9SCu2PWnqH1heknCvZ/rmleqty0rdtheJjzLMTaZZZ
+FEOTkaYO/enFVPJBghO0aoK1nSfIU72XKqYdI0Fs79wXGpyteZ5eedbMf5XzcJWp
+7dF3jSgfDyKAgZ9kULGBNUGRlbyQPwfZEwXxqG7BtnO0fDuu1OmAJcGvmhYaUitq
+R2bYN60a2+hWa7CLX5jLlwI6yhAKHI9B3Kav5tAma8Paj/WoOem2uCMSxMx6ZCzA
+IZ2WJSDsY9pkRLf1nCOBl0+Ym1XWIcr6k1cGFeAw8YEiUUn+N+Veek1dWrMh5bu9
+RBndLWrvlu+lWnCdaVUHHgoNt2nz+SlaHux8ODTL/TFUeLl0b/d780hVms43T+jf
+k0M78bCKpK0MYOukRkjedQfgH/WIegpFq7KK9MY+oT8iGzTjDXMLyzPqt8ha9EMK
+sm5QkYWPjrYguS70tSDxjO2rWYAvtiz0f1uTujaRSNmFxNrl8FdY0uoKh6Xtbzvb
+fnwB9bjxpPySbDK2mV8cK+8kUL4ZW+4b5dSOl+PWh7e4NCFBm4JpwQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1.pem
deleted file mode 100644
index 7d19088eda..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1.pem
+++ /dev/null
@@ -1,58 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Unknown Not Critical Certificate Extension EE Cert Test1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpTCCAg6gAwIBAgIBXjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMHIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFHMEUGA1UEAxM+VmFsaWQgVW5r
-bm93biBOb3QgQ3JpdGljYWwgQ2VydGlmaWNhdGUgRXh0ZW5zaW9uIEVFIENlcnQg
-VGVzdDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKhu9MiazK4MZfZxFp8b
-EqQNtc72SyzLI8gVU6uacEHKLpo7auSD72gD77oJKNLO0wW/lJmBZrr8N6Vb10xG
-UDpyNayjEHhIQ9YGjQ0iFAzwBZdxSba417KwGoZEtWDwXDgHFcJkpdeO0cmvN/WY
-T3hTDuDubTGzkT/z3o7HLBXVAgMBAAGjfTB7MB8GA1UdIwQYMBaAFPts1C2Bnson
-ep4NsDzqmryH/0nqMB0GA1UdDgQWBBT2UVRewjWmpJzpb1mXbOTeaXT6qjAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBAGCWCGSAFlAgEM
-AgQDAgEAMA0GCSqGSIb3DQEBBQUAA4GBABs3aiPSbahf2RsQXVpA2945ngkKbfef
-RWOSqb+RmLmR3zburW1DXXzu3XSEOB8Ud75OdMvg9MIeKss1EqhEp3Bp4ltMa4+V
-xORBZ1hlK47mQAPiGsshFriTYp1nVfzHfByAFuwYZFLhjJnk2w/nyq5kyQ3AjfpQ
-XaezK4Qnje4K
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1EE.pem
new file mode 100644
index 0000000000..7799da859f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: EC AE 20 8D 62 05 B1 DA 8B A5 41 80 4D EE CF 8E 2B 7D 30 BF 
+    friendlyName: Valid Unknown Not Critical Certificate Extension Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Unknown Not Critical Certificate Extension EE Cert Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApygAwIBAgIBXjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowdzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExRzBFBgNVBAMT
+PlZhbGlkIFVua25vd24gTm90IENyaXRpY2FsIENlcnRpZmljYXRlIEV4dGVuc2lv
+biBFRSBDZXJ0IFRlc3QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+xR67LyBnthZAMPhZkzpYoGxHaIbC/er8Fj5AlXd619zdvMCaWmXE+d6pHByEo6+R
+VZRovpOEhiapfjZX3ZYtR0zzFXFqGZXNTlP0caKIjOGgqrSP5ZVLbPOk1j38hOHW
+BVRBUigp/ADaBQ43c+EKf761jIrgHHG2MtE9zmj1HgIa4Hbq+K5ejoangiGNPZXC
+VFeTSReh9DxC3gilregD6KPR/AQzeV2/BPBse3afXlR/i+2R256tZy0HhzMLSntU
+JyEsA2I9jqw7kfRQw749ZT6uhNi/KqFWYqtj/iIqaPF82JidKkQmevqZT0WdtIfB
++MtYDIWABmwx/bBohbsfYQIDAQABo30wezAfBgNVHSMEGDAWgBTkfV/RXJWGCCwF
+rr51tmWn2V2oZjAdBgNVHQ4EFgQUTqAIoK4LHZBaMv/WHFi0k/KurlQwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAQBglghkgBZQIBDAIE
+AwIBADANBgkqhkiG9w0BAQsFAAOCAQEAEjAmvYQDnZ9h9tK0SPGVI57LiptQxKz0
+caPfRivaSLTlNQ3umZJkDSVe1+QKt9x7QchbZSK0v563XUmnGLj+9w6OWJUXsatf
+DMXgoasef6Y9HNKx8JiqUwbtJrDEXjvpqsdXE6ZMyQ4ij4C/VTAf7QD6bLpMLRmd
+lBl1NQzcr6F7fz9exV2PyWJL7E28ujxwcTauXmANKkQ9hKgrCuWuVx6o7qpqKpf/
+X1ldl9VwVLg9sO39+2J4Q+vxssFjlkggUfbz6bE78DLwMIruCIvgxbuCrMqy4cbp
+tqHqzvth5CjRBEhGBwGPqjvampYA2+ZofTyq13bMqp5Q6aCzCvjR6g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EC AE 20 8D 62 05 B1 DA 8B A5 41 80 4D EE CF 8E 2B 7D 30 BF 
+    friendlyName: Valid Unknown Not Critical Certificate Extension Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4DF79075B2123655
+
+dul293n8fUdEHnuzI/oNHAfx+1qGPCJ3SDu+sZkktfOJ0FZXYtXPhc3QcA5/P8Qg
+FyitRbAWpS8+AYZxnOYyzPNyi6eT2a35VYmamkPwQMi/6ClqXpbfDsSL2ee3cihD
+h46A2/NbYYsh/SWqVR4kIBP9Nxl0ziiRiNFMdNJg859WFvi5W6GkeMxcexfFH/Dv
+ot32/PVbbA34X/al2GY7Uk79r7Gjr3o6eDVnM2u2Vst0ZcluYqWL63C6pXeA+LDP
+XpGdI9q5vTWAIaS5Z+ANeappx9yIhJ7t8MSP1gFwZ+sw3yZITVs7ojzypvn577UW
+CfqjIV7kPJ8j+85CVi2SZAoY2yf7/kjCDZJg9HV+tclMQOxY1A/eDnh6QQ4dCV/A
+c6vxAFzLGHOvSOUJHk6V+64CI/9tkCKZdXjWA4N3KK9msremwpMOl8Ruvdgm1Rwc
+gvbltkodoeztAYhGK6wXqDACbX0IaFELNbnC4H/WOr9CRrYvMCUOy6sdZtQj6dwE
+ea0x9FK7SJ/yYxWZ8TdQJhXcCKe/s0e15Pb9rUhD+xkLXfY1D7F41Csuauqvtns0
+0iQuXmJB3/v0/aYqCZvCIy8HXxga4XssLvPeZo1VQAAXOI7tB3zurunebpY1iyJN
+v11JEZbeWSIFL1kD8Faimz5k+WxoyFdVoe3Glp0yRNbINPYsy6l62qKqokRN9OEd
+kniqBTUnKbqvipyIjTiUn8Blk3M3o/0xOyIO7FmDmhnQeeRxOXX1R5cm2UFKHF5b
+WA/NTfnv61712IJDUZWLPEPqMkP+rMA9XXAcFB6LZldaIdFTi5pTB2UTWLYpdI3S
+H+N94C2FtVC4xcCZ6ZhIrw1GV0kMyrjr5V+h3bG1Kehmd4icyqQxgs5XcXuQ2JZl
+uTL3/9pEwHzW+2+Nl5LBxqNmUfwdC1ax/HXeG1iz7mT9rJEWPStzNNjHMa/+Ci1H
+K47T1Tz3xzsxPtDcpTwqep+jl00k6SL6rbxywWeyORfTUHypkqZ0iEo1CeiO3A8e
+Jjol9lW77O7S29X0P9raHNtV6lxPN5kFAOFDXf58foJ3uGBUGccD2NdCEluRSE7x
+kNM4AywtSNNKQliwuWPnGd3BoEoS/jHM97d9CwC8l5lMeMoTDIRBKeIPwiGPvxVv
+JqqgSMV9kvXhRkGhU3i+YryoaF2BdnBftZQAA5sYRdP4EorL0rO6YcmOTtgcuQ93
+VcPlK4qdv4pdl3q1Kqjwwi92kN9VNYcfY2rQTA09YScjika9sff8LM41jH60aCXR
+VoJrxcOh7mO6zBzdE55glYpvRLFChBAivY5hh5Dl9w0tyY1p0A+HpOxZUSSKPXAh
+kGpvDmjXSU/o3BzttOwoNtUPptxy5h7I/MTvvpYA4JO0hSItuxHpP5pmVYW4r+zc
+vuYZkBt3Vm9fAJzlwSZnRRLhEASGPQxepfWqlEXopcq2NX6vaRDUUrpAq9QFISDC
+eatXdD6DJ/6QhD1yf0u6cxYQU1K4yXBfgl+mq8rNCIMBvuZdJMOD52OmB5MPjK3n
+uoksn/TKZiIkZ4TNsq2IUtpkbzvpHGTrxWVpBfPNG26JLv9jAjW7OFp4qaoTtTgs
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4.pem
deleted file mode 100644
index 8a9c75ecf4..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=basicConstraints Not Critical CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgzCCAeygAwIBAgIBGTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFQxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEpMCcGA1UEAxMgYmFzaWNDb25z
-dHJhaW50cyBOb3QgQ3JpdGljYWwgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBANLhA0OA9wRfp95Q7/HTBd7PlWljTlLaWClrNNQ1jWPhuQJN3ww9dy42U/na
-HvOcy9yz2ANw44VJKqLn68rVvypadYoWUNUGPHgHSrhj37Dj/mNkFmw18BcEgpED
-4OIp2vJW00ZLeMt7ItsFh1pxpaHZl4WDHIWKh0BAuw7VBWhpAgMBAAGjeTB3MB8G
-A1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBTYuN8r/BQM
-rtcTVstcPg56jM+RCDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACqRpg4KhHWSs
-qfP23ZQX2hAOVVT/0AqaTcnNCQVLGE4sE16rMPQMZQ4qpb1WAPZIq6gs+P43deDu
-5M4evZgQVheRR7RqQm7/7ZXAiJ4uzAvJjWP5eYg23OyHqPvaK76reyPgde/gegWq
-Lj/0XhyySYlWDr4i138LYLsfUDy2rWw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid basicConstraints Not Critical EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=basicConstraints Not Critical CA
------BEGIN CERTIFICATE-----
-MIICoTCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIGJhc2ljQ29uc3Ry
-YWludHMgTm90IENyaXRpY2FsIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0
-NTcyMFowbDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVz
-MUEwPwYDVQQDEzhWYWxpZCBiYXNpY0NvbnN0cmFpbnRzIE5vdCBDcml0aWNhbCBF
-RSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-ztwCM4KjCZAusrt0pqJODe24QkEVIKHLb4UAlOxeSbZZ4Ye5BtR5NylouUsMu8Ja
-XKoU+BxIWXmUrP7HSt2+D8HI33xczpxfXCUyYmY/ht58WkhRSur9n3XUBErcVOe1
-xoV/2CNceuS97TvupEAYDKkcK+Uv+gBZpuLyY2jF4ccCAwEAAaNrMGkwHwYDVR0j
-BBgwFoAU2LjfK/wUDK7XE1bLXD4OeozPkQgwHQYDVR0OBBYEFAL9NE678Dg8eh16
-3hZvX02XaVPoMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDQYJKoZIhvcNAQEFBQADgYEAxH3RpgHseEdMz+tdowijXMxxOgAvJ+bDmb4W
-VmA6BBlPljNwDeOJ5mu/qq2HaTbeYYkqxfGw/V0Nv5GoG4Ak0xnSFaVz8+dVEzDN
-Avks85QOwYREyw/sxlpU7uOjlWBOwfkglUJM8UU2ZpBMlJf6sn7bEf5W9w35ZUo8
-Vlf2alk=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=basicConstraints Not Critical CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D8:B8:DF:2B:FC:14:0C:AE:D7:13:56:CB:5C:3E:0E:7A:8C:CF:91:08
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9d:dc:8e:45:7e:1c:6d:56:eb:08:bd:04:5c:c7:9d:21:a0:ae:
-        69:b7:35:a2:b5:31:34:85:f0:0a:92:7d:20:36:2e:32:dc:b9:
-        8c:cb:ad:39:97:35:3a:9c:d1:68:37:f0:9a:06:ad:da:42:67:
-        92:30:82:b8:52:db:c5:d5:39:d4:2f:cd:7b:ec:18:43:56:6d:
-        d7:2f:31:9c:59:48:fa:07:af:f9:fd:3a:b7:e0:b2:4b:0a:7c:
-        e9:7b:04:81:75:1f:58:a2:70:bb:30:bb:e2:14:21:0e:34:74:
-        ea:e3:41:e5:d0:c0:b4:7d:51:52:f6:7f:51:13:be:78:96:25:
-        a5:8a
------BEGIN X509 CRL-----
-MIIBTTCBtwIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIGJhc2ljQ29uc3RyYWludHMg
-Tm90IENyaXRpY2FsIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8w
-LTAfBgNVHSMEGDAWgBTYuN8r/BQMrtcTVstcPg56jM+RCDAKBgNVHRQEAwIBATAN
-BgkqhkiG9w0BAQUFAAOBgQCd3I5FfhxtVusIvQRcx50hoK5ptzWitTE0hfAKkn0g
-Ni4y3LmMy605lzU6nNFoN/CaBq3aQmeSMIK4UtvF1TnUL8177BhDVm3XLzGcWUj6
-B6/5/Tq34LJLCnzpewSBdR9YonC7MLviFCEONHTq40Hl0MC0fVFS9n9RE754liWl
-ig==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4EE.pem
new file mode 100644
index 0000000000..ff5bcaa6d9
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A1 9B 91 68 9D 3A 8F B4 87 03 A5 A4 FA C9 28 88 91 62 36 E3 
+    friendlyName: Valid basicConstraints Not Critical Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid basicConstraints Not Critical EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=basicConstraints Not Critical CA
+-----BEGIN CERTIFICATE-----
+MIIDsDCCApigAwIBAgIBATANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEpMCcGA1UEAxMgYmFzaWND
+b25zdHJhaW50cyBOb3QgQ3JpdGljYWwgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAx
+MjMxMDgzMDAwWjBxMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZp
+Y2F0ZXMgMjAxMTFBMD8GA1UEAxM4VmFsaWQgYmFzaWNDb25zdHJhaW50cyBOb3Qg
+Q3JpdGljYWwgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC+lPXP5KQEuLh1WekcPzNwCFWuM7cmi/FG3qRPojFw+46s
+DOSAtp94IFLaSYBGyblsOrYA97PExGbctAmt1W38kUO2MIsk272mfINEJPrdGaAL
+JjgGYcpmdOK0TgMCmVGKbUpNkPxGqeAUyWvfZbg6Cdd3QDBy9Q5ad1UxNd+EDkTc
+2vwH2C2VyqssOWfn93Rr2+klQo0F3KGClsQjwSmqvOR0gOv2f9snj0ldwPsovrZ8
+U9GxQOSYTowkGrV9o2H2+1jQYATvjAxqaanPAjXgVW3vR2gcq1VoVvN1fGYJETQa
+ZMa+JgX3AVLS97p2Ff9W4DTv7DNmH/bURXjo58gNAgMBAAGjazBpMB8GA1UdIwQY
+MBaAFAqkuTBDrEPINAITz+9V6L9wn0avMB0GA1UdDgQWBBQlrmGYIdS4j+kjLBG0
+7x6UOiFEMTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA0GCSqGSIb3DQEBCwUAA4IBAQASHVtzeHQAZSeSrZIJOSNHbe2hiGUeR3vWeod1
+aXrs8PRmqYyNdQ77ZYSfh0wVLEH9AtDPZXLBWEFcHQhJzO/hmtNsn/NYK4jGyzr6
+c/bF4sDJ1zPwkYZDJws3p9lmU55jhZrRYDd/fCYqpwo8IgWg7xR/glMMaAfMUKze
+eKttcTD50JUTlXehKX8hbMk2M+HgfQRRh9YuXFJEAJLscldY61riMQJ51/CLPZIG
+62jXV1vi2zixDY4Q4vuq2fN0alQVbx5g/yAisKi2TUWPe9+H9N04m8Xyq4FE+OsT
+YZsUiT/MiWoI8zXMqRnC5TErkFSxGq8cNqx+HBj+Lad8266A
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A1 9B 91 68 9D 3A 8F B4 87 03 A5 A4 FA C9 28 88 91 62 36 E3 
+    friendlyName: Valid basicConstraints Not Critical Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6D557D0EF72B7F65
+
+jRjR5uPELeAf9XrkOa1X1bMqKH8P9oZXbRrF4apOXvCzv6vd/mGaR5divIbAbY6c
+qh4ByJt6Kd7JTWTQpVm+518WqKCi0R2lHXLFRkvEnaCxkAiPZllnhyoNQ0mkq2ms
+ci03g97UpyZajB1uCbULbZv/kIHE4K4ma9jVLaR7mReJ72/kQ5A13YNTy9XCE+gh
+3O+21SoWzT+KRjzZX7otnuj8uLo5Vp/Wc4EJF5VxmG3XMb3p9e/LOiP/bUzrh1iS
+t9V73qZDXSm4r+KQbNYbxR/yIEgfkrjjyBENsXxgvXfdQKTTakEe6jRv474g8jHN
+JIlzjVvh7yD9aHZrbG5yMo9CSt7W5yyfzzHKpM11lgYvpJlPy03hp/DoBjXo1Hg6
+WuhlAwbk8FB9XhVWrCkqn21P7DXB5pqrFS66OCshWYP1ngNPKcEHr5wkn1xDs4mG
+EaVCio089f7MxOhXYG34TrPZWxDbWr+oWdt446IPkMmU16Sz5DxYxRW5gdJkwHRO
+T5be8cnaE+KmNVfOw3dH9aoxZL8kbIn3Vjz/73JS8nemtHA8ykLbB644U7cWqK4c
+xHxy8u5RIbrIp3DS6EaJkyTPxrPGPrHsYq5RqKoElkyjMswNUmq5VZKkGHGsYg2U
+7LY5LrZnDft3/9PCoAO6W1AOoqQT4/kOaRTJoH9PVs40yy3KOj2mlIVdPXmLIQB4
+pME71G/Uo01CWb6dlLIMRugwy5NBrnlIJaTIicK8jhh2rKd94t4TeMc4F+R2tbea
+rGflh/mlqQ+UYy/3oqBgQjZmAlJIOJMjEO43xBaSr9J0IqFKSkN7kzNpZH/CbcP/
+AVRwGGsoS50y//2XoQY1xO13nzBrN2wXjpenb9HijVSg+yqk4S3C+pN+rMD3UT3Z
+gFzbhuXxk+AaNVrURgwqwzi0UCXxTaNmMCCJsiRupZj8FvrBVQJaAOGi5HrPxoV7
+Uj7G48C5ykkFr9bBKhFyD6aP8xQp02wTXDx/l1wY8xmJnE5QZnNqGKgqfdoMoa05
+ufa4Ze5D5HvM7WZcediooYtc7a2CA1+R0bRuZ0BXtvU5gkHXvK2oSq5hcKQgDLkC
+6Xvq4TxhezhdCmbuKy8G+eHnpy7k/Y1j5ZAwN/F1jiKbqVoxJP/Q+3xskJBluwK1
+gjQ+SPMAKnDtLbhb9AlRPkl5stZeAo//OdooHepMFcrWmua+mUIrNIOzPy5KKcXs
+uQjdn7sw1a+QV6IDfVA1+Z/3KbQ7O2ULV+UrGqh7R3SYGjCXsDFoUQcMLLNYbfnm
+k3SnGM9KTGFthBeEpr7Q5QZWigKycZ+Q2VpQ4dcMcaHjQi+i934SKMw8ZsReZuRk
+IEMzQbHod7//jVM/aTkb/lFqRJ/V+IRhuLLFgPCAP8tZ6mJocsvxaMHX4kQv+f7t
+gBU6H0A0yPnhQGNkhl07pYiL/YDq8X8+wz6S5K3W6cqgURmkMrnuwd62n8lXEyZr
+5MFLLJKNj0cZPis/3zLJNXzTlKzZDPUWKoLOp9zsFoEESh5yA5Jv+21JKidULudn
+zs/fPzObcSFWjHoH49vk+qIca71IJ6cMOu2kzDYWgFLL3qBbW24t2u/AkbTo3AVe
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28.pem
deleted file mode 100644
index e788cc4242..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28.pem
+++ /dev/null
@@ -1,178 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA3
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0EzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCb2axnNI56WnvGeocp
-atKwDsPjuFVSHeTtyX3KVU/1U+ST/Jtv0u5WPp4iitAz/ddFiiBj4cwgr9hZYd0Y
-tUyBvGAP8UjJVp55qo1hjMDYyxFRqotx6gH4F7wyfu7s08ERFrtOoT91EwbaTFwG
-go0sbSeXio43GfBdAxDi3INGdwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlii8KaatWJ9nLsfCwZc63+6I6ygwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAM8E4GsQT3eKZHuyNOUIn/7ZFw/9gFX3
-QfyYv5/Qozv19LTpdKCuIJuZAO900NFkfI4m4kjaYB8CGf9Z2P2B3ctXzgdI9uJM
-KmRUnMfzzXGKx+jh+/xkwYi5kduJ2RECX0mqAcOS38OFX3ej7LQWTQ9y3oeqevcS
-aUfi6VDmnLr8
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA3 cRLIssuer
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA3
------BEGIN CERTIFICATE-----
-MIIC2jCCAkOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UECxMZaW5kaXJl
-Y3RDUkwgQ0EzIGNSTElzc3VlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-mHdETkTcRztCRHzlSZJg4afLgOPz/cqZQIIoA4riJ/kHT00t3kf5mRx0Gz8/GWBH
-wYjUk5NlqDoDlmTby3SFHnZac7Ba/+rkiu4Jzdivp+BKAkiTKzIk9eM5KNv+rpUc
-cy3XKWPbz/ox5+OEvn2NhUfVWTe/RbJx1Nq0Mvybh2cCAwEAAaOB0zCB0DAfBgNV
-HSMEGDAWgBSWKLwppq1Yn2cux8LBlzrf7ojrKDAdBgNVHQ4EFgQUsQ4hS7IckqgK
-M04rBolnT6FPHZ8wDgYDVR0PAQH/BAQDAgECMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATBlBgNVHR8EXjBcMFqgWKBWpFQwUjELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMxDTAL
-BgNVBAMTBENSTDEwDQYJKoZIhvcNAQEFBQADgYEAbIFuFqULVZjrhsyragErXnS8
-R/sgqnP5GJcPHn7p87dEkExtxEYL5N4XnDQXhWdnpc9UtAzh7qR3xnE9EvjeaU1r
-lnsdkbJNO7DxTaM5EqLxiy/Rpf+b2rBprv10A0HvPloU9JvnVNHxT/2XA6hMnCsI
-6gImM5yk9Sc/rTitZ6s=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid cRLIssuer EE Certificate Test28
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA3
------BEGIN CERTIFICATE-----
-MIIDZTCCAs6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlVmFsaWQg
-Y1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QyODCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAuwCMHRZqCorqgWJ/3RJzqiuHtyGbyYxGxHWcVZTbw4GSmQtI
-F07KmEPqaz7I/wyMS0+u70yDrhQkfH1Esjmx7/srC+p4oBzZMa3/LiyDo0D63NjA
-3JjOdLwf3YRWGE+4XcPbjHsd486hkCCXw4EF7ZfnscRWgNCe6FEzHy131MkCAwEA
-AaOCAVEwggFNMB8GA1UdIwQYMBaAFJYovCmmrVifZy7HwsGXOt/uiOsoMB0GA1Ud
-DgQWBBT6Yyl3V/7WremGwNkDahqsIxegJjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMIHhBgNVHR8EgdkwgdYwgdOgfqB8pHoweDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlp
-bmRpcmVjdENSTCBDQTMgY1JMSXNzdWVyMSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwg
-Zm9yIGluZGlyZWN0Q1JMIENBM6JRpE8wTTELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMgY1JM
-SXNzdWVyMA0GCSqGSIb3DQEBBQUAA4GBAIk5myvkEmHvyOOh3ygeeWzpz2aV6o8D
-ojAK/KS84CYsP7f64D8FU/H3JFrTXBNOoRiXpqrV5bzrHcmXgodQWTwOSL2KLzi9
-inTs+pRDbTw1oevK3GAjN5BedRZlgIyJr8d05Knp0YGYoItGYQTQXd22Dlzuoz2P
-L5I8AvoFHSAL
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:96:28:BC:29:A6:AD:58:9F:67:2E:C7:C2:C1:97:3A:DF:EE:88:EB:28
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0Z.X.V.T0R1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA31
0...U....CRL1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        15:65:bb:88:f2:fd:8c:76:6d:92:ae:f5:06:d5:bf:c8:ba:bb:
-        d4:98:de:83:a5:e1:7a:e9:92:96:f7:c2:ce:0c:de:7b:81:7f:
-        a0:32:c8:a4:15:a6:16:e6:51:b1:b2:e5:92:62:ef:46:d3:7c:
-        5f:37:56:47:5d:3c:12:94:a6:3e:18:59:6b:2c:9e:ac:f0:90:
-        03:23:84:b1:cd:0f:49:ff:1a:8e:67:62:35:32:68:ed:24:a2:
-        76:93:5c:b2:80:5d:bc:81:26:ab:02:c0:f4:a1:de:3a:6d:0d:
-        ae:02:66:fb:6e:72:49:59:fe:f1:2f:87:d2:bc:98:10:3e:33:
-        3d:d5
------BEGIN X509 CRL-----
-MIIBpzCCARACAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqggZgwgZUwHwYDVR0jBBgwFoAU
-lii8KaatWJ9nLsfCwZc63+6I6ygwCgYDVR0UBAMCAQEwZgYDVR0cAQH/BFwwWqBY
-oFakVDBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-GDAWBgNVBAsTD2luZGlyZWN0Q1JMIENBMzENMAsGA1UEAxMEQ1JMMTANBgkqhkiG
-9w0BAQUFAAOBgQAVZbuI8v2Mdm2SrvUG1b/IurvUmN6DpeF66ZKW98LODN57gX+g
-MsikFaYW5lGxsuWSYu9G03xfN1ZHXTwSlKY+GFlrLJ6s8JADI4SxzQ9J/xqOZ2I1
-MmjtJKJ2k1yygF28gSarAsD0od46bQ2uAmb7bnJJWf7xL4fSvJgQPjM91Q==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA3 cRLIssuer
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B1:0E:21:4B:B2:1C:92:A8:0A:33:4E:2B:06:89:67:4F:A1:4F:1D:9F
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0...~.|.z0x1.0...U....US1.0...U.
-..Test Certificates1"0 ..U....indirectCRL CA3 cRLIssuer1)0'..U... indirect CRL for indirectCRL CA3...
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        68:34:87:64:55:65:a9:87:47:54:c2:2d:14:48:91:1e:ee:59:
-        f5:ed:d9:06:6d:78:b9:ff:81:8c:5c:02:f5:08:b5:22:90:75:
-        02:f2:63:62:78:25:4d:6c:2f:1f:a3:58:e2:1f:57:2b:3f:49:
-        0d:0b:bd:85:02:c5:ac:ad:9d:38:0b:13:46:2c:34:f2:9b:e5:
-        22:f5:55:cc:63:fb:c2:69:94:14:d7:e5:78:4f:17:4e:16:98:
-        65:81:cf:9d:72:20:32:78:15:0e:22:af:22:2c:21:c5:7c:db:
-        8c:31:be:ad:59:c4:81:24:e4:ec:e0:0c:40:4c:2b:95:98:dd:
-        8f:f4
------BEGIN X509 CRL-----
-MIIB3TCCAUYCAQEwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMg
-Y1JMSXNzdWVyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIHEMIHBMB8G
-A1UdIwQYMBaAFLEOIUuyHJKoCjNOKwaJZ0+hTx2fMAoGA1UdFAQDAgEBMIGRBgNV
-HRwBAf8EgYYwgYOgfqB8pHoweDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMgY1JMSXNzdWVy
-MSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwgZm9yIGluZGlyZWN0Q1JMIENBM4QB/zAN
-BgkqhkiG9w0BAQUFAAOBgQBoNIdkVWWph0dUwi0USJEe7ln17dkGbXi5/4GMXAL1
-CLUikHUC8mNieCVNbC8fo1jiH1crP0kNC72FAsWsrZ04CxNGLDTym+Ui9VXMY/vC
-aZQU1+V4TxdOFphlgc+dciAyeBUOIq8iLCHFfNuMMb6tWcSBJOTs4AxATCuVmN2P
-9A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28EE.pem
new file mode 100644
index 0000000000..2d774c09bb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28EE.pem
@@ -0,0 +1,66 @@
+Bag Attributes
+    localKeyID: 95 E2 B6 92 51 B8 EE 8C BC FC 22 3A E1 9A 20 48 77 9B 53 76 
+    friendlyName: Valid cRLIssuer Test28 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid cRLIssuer EE Certificate Test28
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA3
+-----BEGIN CERTIFICATE-----
+MIIEgDCCA2igAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0EzMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNV
+BAMTJVZhbGlkIGNSTElzc3VlciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjgwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAcgXZlxz1vsqbr5dbfy/fgYWOCvNO
+Zm22LtUSHyeXR1vIpqI+W9/GpT/YipI/yDJuxCklM3GwmgJrQlm7LK57UuiWY27e
+oHKVNGEabtFfyjjOKwRD+yq+0bxdXCR8eFKLr++w5vgHaoeFrTOdV87YGPpzEW/Q
+9L9/xL1fkAo+6h+lIKkWF6oXA/SQMrbE5Svlcc4jE8I5QJiZytL7Or7KH4Szs3FQ
+ZQktcin7oYKrovcKkxBzvAAfr8uxFwPrngHGFd5Ti+hDKVUZyUwRxt1MAbebWIb1
+LpWiQI5w3wx5SEBSQRhDCuW/CqS587vBOQSGuRBcwKA2lAaRJ8wi7q6XAgMBAAGj
+ggFdMIIBWTAfBgNVHSMEGDAWgBRIk1R9xG0w/y1XRXEk30wFn0oALTAdBgNVHQ4E
+FgQUg3uZU2ZksblpyuyaAZ3YIDhwGcswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATCB7QYDVR0fBIHlMIHiMIHfoIGEoIGBpH8wfTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNV
+BAsTGWluZGlyZWN0Q1JMIENBMyBjUkxJc3N1ZXIxKTAnBgNVBAMTIGluZGlyZWN0
+IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0EzolakVDBSMQswCQYDVQQGEwJVUzEfMB0G
+A1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UECxMZaW5kaXJlY3RD
+UkwgQ0EzIGNSTElzc3VlcjANBgkqhkiG9w0BAQsFAAOCAQEAbai0gBNwrPSxSlGN
+My40YqFlMpSuj0pV0mcRc42WWUX4L4JvXkjLQQoN8kZyguCCcOBkDl/vclb86G/y
+Ar+2wWbtwa2lZQ3VHi4X9ss/g5cXUXX7eDhsNiQmD6KMIIBn+j9GDvHqdaooDSpc
+94b/EsfCCTIoT98Ayng4ScGsezzbiDBFt+kVOZrNwwZIthISbj5H8rTrhJkFcinR
+l1i2qiKugubIptFAnGeUu4mDCvxzWSEJwK3diKK0Dq0DB5siNpUhi3KQsaYkJRKa
+qkxvm1q3H+n50eYDtDTtuEWoIUEciYOS73p1Oums5dLUZL8FiRea9ODY4T+5g6XC
+3yQwXg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 95 E2 B6 92 51 B8 EE 8C BC FC 22 3A E1 9A 20 48 77 9B 53 76 
+    friendlyName: Valid cRLIssuer Test28 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0AD86CD7DA0ECF30
+
+kK8ErkJFMMQTRPKQD3zzPgVZSIYadshEsxCXpYU26SadxrnWoCwG72vqjbZEv7ux
+9jgkhlzH5yLd++Qu9RuB7Dj8/leuBRhvh12KwxR+Ct63BVDk5+JdeUgdRXhXzNMo
+YBL7ym3HTrw+eD3Jv075tw8MoCEm2wL/Wle+mn9YZX1h40KoumKL5ESrUZAiAx8f
+orYmGySVqUfM8X7OOS+xk046YMso4tQLWGp10f1MDZcHt3X6RebgV3fdfhuMTPbe
+d0ywYfvjGV8N7M+vRHR2hwJxBkRfWawfqT9se6czEUzOt86htvviu4HMbCD0g9qy
+lLsq2lKe2s8Z9GXW+AjU1Je9yz5fNTmzJ93OB8fIod+iUD0FhriLW+ZalbKNWGQq
+n5yQBlXdxlhd06L6YlHyQLqZvav0dpm5zS94a4gGX/76DLfrL04VLgdhDrfeV8VB
+DWFdoFlGONubIuQCxolKMVTcldU2h7GI7+69u6uBe0kxHdGx20q91x7G1yA0STSi
+YFEeHR3rMR5bUtys0dR7ANeH82DHVIOBo7JV9fg3yRCZlmko99+Yw9zbFvxVn1GJ
+rk5rMZ1tl5fukWDKGHgxKD+BSHll3MpZ49u9laQ+owsBPEqoOQYzHccUrRfKcm9u
+YwT6fQBRteXCiBbvPt+MT5V2C6R+SI2CMtd6V3AQ/E1rjgq6gI8+kI5Ro0WaVsGt
+8ZWd+uAzhVLdDafVsPGmUT9SQGvC2bmPhaUHy1Hur8zm9RMKpsXkrELFHydjJoaZ
+IReLor1mpLE7WkGrUGF1hW+JmdpnYSI+OK24i52Fj5BqGUn596DyTxZLbfruMluX
+sX6AEQ85l2wQzMeyLYMigvJTokI+XX6MxbUP9iCWZjm8/Jjbghyizn7JsaLJP1y7
+oQBndyfq9BkPAdY7wSNCwj4vd5GscCtqBLR+NuJKdlCbcdRwQYTD0FgA9+4JQ+Dh
+6lBxf8ynffsiUKK1viuspfiZR38kTFUYvGKHjVnUV9+zes61qvZll/zV/NEz1zoj
+z0F405gUNExUGBsOAQMQ8oCE2KsK25QMmPJezHa5qHob4EnSRf53AQEQh67YZnFD
+NG7jAAuK3NPeQ2AMzZsWTiHiu9SBTeSsEBnYn0L5VfuAhMKHfsiTLmUODmuKxFOt
+oNSWrTegQQnkVMHeAfiq7xbCRiTAsmQAR5tUH8rBGGDtQVdUxe2RYxKdL+FXL6aX
+tY73dYWsSIltuQkHDAKgi8wrLVqyBkkSvCWYGAfjiNC3aoB2iCVazwwz9sjYi4oT
+vKE5W/+rwkE+CB8NgkJHfE8O5cJb1mbhCwG+AqAdoAlYdgBJUzdU+uzr8wzr9f/5
+DAZ3WzfFqvGTcXBaIjlPkJPgT9Gno1P3twfAh9/RCnwbl9AmySS3FJMZLp+JnQ+3
+DRcpiLVpxR+zyw7QVEPUbQKv82fV6wIv3XCUMqFDY6U2mD5JtoHFeE3bcaxXAVCk
+vSedEEHJPKPIOFTvLy964pLPvNfiWJSnupYO5bjI7SIj+9KZ9jF1cwbMIJKjtCZ2
+3n8JxVSn9pWaYVZZG+EjcXRKh7X6Ax2CfBRw9guMwm6FF6qu5p9kUUan7KumMCVh
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29.pem
deleted file mode 100644
index 4eba759d4e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29.pem
+++ /dev/null
@@ -1,176 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA3
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0EzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCb2axnNI56WnvGeocp
-atKwDsPjuFVSHeTtyX3KVU/1U+ST/Jtv0u5WPp4iitAz/ddFiiBj4cwgr9hZYd0Y
-tUyBvGAP8UjJVp55qo1hjMDYyxFRqotx6gH4F7wyfu7s08ERFrtOoT91EwbaTFwG
-go0sbSeXio43GfBdAxDi3INGdwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlii8KaatWJ9nLsfCwZc63+6I6ygwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAM8E4GsQT3eKZHuyNOUIn/7ZFw/9gFX3
-QfyYv5/Qozv19LTpdKCuIJuZAO900NFkfI4m4kjaYB8CGf9Z2P2B3ctXzgdI9uJM
-KmRUnMfzzXGKx+jh+/xkwYi5kduJ2RECX0mqAcOS38OFX3ej7LQWTQ9y3oeqevcS
-aUfi6VDmnLr8
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA3 cRLIssuer
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA3
------BEGIN CERTIFICATE-----
-MIIC2jCCAkOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UECxMZaW5kaXJl
-Y3RDUkwgQ0EzIGNSTElzc3VlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-mHdETkTcRztCRHzlSZJg4afLgOPz/cqZQIIoA4riJ/kHT00t3kf5mRx0Gz8/GWBH
-wYjUk5NlqDoDlmTby3SFHnZac7Ba/+rkiu4Jzdivp+BKAkiTKzIk9eM5KNv+rpUc
-cy3XKWPbz/ox5+OEvn2NhUfVWTe/RbJx1Nq0Mvybh2cCAwEAAaOB0zCB0DAfBgNV
-HSMEGDAWgBSWKLwppq1Yn2cux8LBlzrf7ojrKDAdBgNVHQ4EFgQUsQ4hS7IckqgK
-M04rBolnT6FPHZ8wDgYDVR0PAQH/BAQDAgECMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATBlBgNVHR8EXjBcMFqgWKBWpFQwUjELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMxDTAL
-BgNVBAMTBENSTDEwDQYJKoZIhvcNAQEFBQADgYEAbIFuFqULVZjrhsyragErXnS8
-R/sgqnP5GJcPHn7p87dEkExtxEYL5N4XnDQXhWdnpc9UtAzh7qR3xnE9EvjeaU1r
-lnsdkbJNO7DxTaM5EqLxiy/Rpf+b2rBprv10A0HvPloU9JvnVNHxT/2XA6hMnCsI
-6gImM5yk9Sc/rTitZ6s=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid cRLIssuer EE Certificate Test29
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA3
------BEGIN CERTIFICATE-----
-MIIDEDCCAnmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlVmFsaWQg
-Y1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QyOTCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEA3icTqNDmsima/TbMUuvjBhV59GC8zfX3Z3bbHAEH/kipg5Gu
-rREsznRezB5sZVZG9SH3vfWMkugzVFLlYsAsp5Zjon3+ZM7t/JtZJ0pg6XzqsEfZ
-/FCux1F10rMBIsaPzcLtc1At1aWoaqU4ydyam/kDzOEt7f/7WGqGY/ljZVUCAwEA
-AaOB/TCB+jAfBgNVHSMEGDAWgBSWKLwppq1Yn2cux8LBlzrf7ojrKDAdBgNVHQ4E
-FgQU3ZhtNWI1qdWfBti5WKsMkC0xclMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATCBjgYDVR0fBIGGMIGDMIGAoCuhKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0EzolGkTzBNMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAsTGWluZGlyZWN0
-Q1JMIENBMyBjUkxJc3N1ZXIwDQYJKoZIhvcNAQEFBQADgYEAAJ+7QrDsVr4IL5DF
-k4CE+XFTE1pd3zqHZCCUSiXp4rY5FEPlsErMT9xcEUB3CiHNFLdKRdaxMxeJ0Of4
-oJV5cnM/0QdVM0HkieFFasr9Ad5CdV7ltfgzgV3fgjDr/hsBAIfcD516l2s3oN7L
-PvlIa7CLUa5f5TGAyvyKF9d1sRo=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:96:28:BC:29:A6:AD:58:9F:67:2E:C7:C2:C1:97:3A:DF:EE:88:EB:28
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0Z.X.V.T0R1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA31
0...U....CRL1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        15:65:bb:88:f2:fd:8c:76:6d:92:ae:f5:06:d5:bf:c8:ba:bb:
-        d4:98:de:83:a5:e1:7a:e9:92:96:f7:c2:ce:0c:de:7b:81:7f:
-        a0:32:c8:a4:15:a6:16:e6:51:b1:b2:e5:92:62:ef:46:d3:7c:
-        5f:37:56:47:5d:3c:12:94:a6:3e:18:59:6b:2c:9e:ac:f0:90:
-        03:23:84:b1:cd:0f:49:ff:1a:8e:67:62:35:32:68:ed:24:a2:
-        76:93:5c:b2:80:5d:bc:81:26:ab:02:c0:f4:a1:de:3a:6d:0d:
-        ae:02:66:fb:6e:72:49:59:fe:f1:2f:87:d2:bc:98:10:3e:33:
-        3d:d5
------BEGIN X509 CRL-----
-MIIBpzCCARACAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqggZgwgZUwHwYDVR0jBBgwFoAU
-lii8KaatWJ9nLsfCwZc63+6I6ygwCgYDVR0UBAMCAQEwZgYDVR0cAQH/BFwwWqBY
-oFakVDBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-GDAWBgNVBAsTD2luZGlyZWN0Q1JMIENBMzENMAsGA1UEAxMEQ1JMMTANBgkqhkiG
-9w0BAQUFAAOBgQAVZbuI8v2Mdm2SrvUG1b/IurvUmN6DpeF66ZKW98LODN57gX+g
-MsikFaYW5lGxsuWSYu9G03xfN1ZHXTwSlKY+GFlrLJ6s8JADI4SxzQ9J/xqOZ2I1
-MmjtJKJ2k1yygF28gSarAsD0od46bQ2uAmb7bnJJWf7xL4fSvJgQPjM91Q==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA3 cRLIssuer
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B1:0E:21:4B:B2:1C:92:A8:0A:33:4E:2B:06:89:67:4F:A1:4F:1D:9F
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0...~.|.z0x1.0...U....US1.0...U.
-..Test Certificates1"0 ..U....indirectCRL CA3 cRLIssuer1)0'..U... indirect CRL for indirectCRL CA3...
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        68:34:87:64:55:65:a9:87:47:54:c2:2d:14:48:91:1e:ee:59:
-        f5:ed:d9:06:6d:78:b9:ff:81:8c:5c:02:f5:08:b5:22:90:75:
-        02:f2:63:62:78:25:4d:6c:2f:1f:a3:58:e2:1f:57:2b:3f:49:
-        0d:0b:bd:85:02:c5:ac:ad:9d:38:0b:13:46:2c:34:f2:9b:e5:
-        22:f5:55:cc:63:fb:c2:69:94:14:d7:e5:78:4f:17:4e:16:98:
-        65:81:cf:9d:72:20:32:78:15:0e:22:af:22:2c:21:c5:7c:db:
-        8c:31:be:ad:59:c4:81:24:e4:ec:e0:0c:40:4c:2b:95:98:dd:
-        8f:f4
------BEGIN X509 CRL-----
-MIIB3TCCAUYCAQEwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMg
-Y1JMSXNzdWVyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIHEMIHBMB8G
-A1UdIwQYMBaAFLEOIUuyHJKoCjNOKwaJZ0+hTx2fMAoGA1UdFAQDAgEBMIGRBgNV
-HRwBAf8EgYYwgYOgfqB8pHoweDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMgY1JMSXNzdWVy
-MSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwgZm9yIGluZGlyZWN0Q1JMIENBM4QB/zAN
-BgkqhkiG9w0BAQUFAAOBgQBoNIdkVWWph0dUwi0USJEe7ln17dkGbXi5/4GMXAL1
-CLUikHUC8mNieCVNbC8fo1jiH1crP0kNC72FAsWsrZ04CxNGLDTym+Ui9VXMY/vC
-aZQU1+V4TxdOFphlgc+dciAyeBUOIq8iLCHFfNuMMb6tWcSBJOTs4AxATCuVmN2P
-9A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29EE.pem
new file mode 100644
index 0000000000..a361c3ee96
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 66 79 78 DF B6 14 66 FC FA 2B B1 94 E2 E6 9E 44 45 B3 13 89 
+    friendlyName: Valid cRLIssuer Test29 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid cRLIssuer EE Certificate Test29
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA3
+-----BEGIN CERTIFICATE-----
+MIIEJTCCAw2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0EzMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNV
+BAMTJVZhbGlkIGNSTElzc3VlciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjkwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr3eGR+sBYL85UTAHpOdf45y4rELYl
+wkiGSqJB0cDybDToAMVL08FJKdEfFC7fyOiTCRd18R/tV9iAopb0sLGPvcHDkeDP
+Nr6IBJq3rpnYOhA/iKb9+zwTNJqxAmAac43HTADC9FCaY6A5HxVO/OwfXux92WDg
+obFuNFj/axWUnERbzU6u4r4rl02Cn+nWtXqYRUn8WHRNIggdZjxNbl0ns1Ynygkv
+X7Uld32VzdSiS4h6xF0mf+IhgVBsP1yiiQLuY5xMqw70i2fSpj93Bm2w/xilKiL+
+odvCDINZiInokTGNzf67hxM01LkLlIZDNDZadNY9/TN50RpprPckGIajAgMBAAGj
+ggECMIH/MB8GA1UdIwQYMBaAFEiTVH3EbTD/LVdFcSTfTAWfSgAtMB0GA1UdDgQW
+BBT/vJxlImx2fXxtPpgGHfvzrNORyjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMIGTBgNVHR8EgYswgYgwgYWgK6EpMCcGA1UEAxMgaW5k
+aXJlY3QgQ1JMIGZvciBpbmRpcmVjdENSTCBDQTOiVqRUMFIxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSIwIAYDVQQLExlpbmRp
+cmVjdENSTCBDQTMgY1JMSXNzdWVyMA0GCSqGSIb3DQEBCwUAA4IBAQAbMog7F0ck
+BMnOTiITw0tI6o2ZuPQHvTqPIN37xQRzo2nkDAKsP3Z0bYp9l5LMhwvXB/ngYF//
+mgbfuZvM7VGhmvOAXKxRJSP/pgcMIXYmD6wxNnbd8+RSXGMV3sY3qxkgvpk4OWek
+kXrZOjJvsvEFihZpaaK+tE09+A0yjDSIws/8a9KQ8tlLRlfhOnthoUfKYuxgZVpw
+78j1wbj3hFl2q0Zbk1iIBi8gHFHiVhbpEE7a7ui1c8cNCUZmMPvm/ojEkefFRMIv
+3KX8NENvjgRlqowMz2oMQQrEtMswy7ofQ2qso0oH417rhglOY9YQPjnCKEWdYQuw
+7j1p8nTrvKa+
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 66 79 78 DF B6 14 66 FC FA 2B B1 94 E2 E6 9E 44 45 B3 13 89 
+    friendlyName: Valid cRLIssuer Test29 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8EE0D1DD985FBC8A
+
+Et6YIfjyHfadq7IW2VA8RHjauA0LFzaerIAdya8gGkq2NHxRSXUaAdaQzxK2kHJE
+P1fZvyVUlrdsm/ANhWMp8aSnRhVh0+M4EjcjBvEiui/adNzTorJROOBxcuiwdoo+
+7UerJl1jqnwU5wBRzew829uxbySILsDkhymURrCMqveq4G9AT8Izekg754zVBowq
+oblsyHLin/PIMKWOiwGBJWsdGKLlpcIp1Oi3CeCq0TrIDWaId3/iL8H1g3Rytib8
+AzmRlmUATwACWrvRo945GYD+x3taUB0Bl35l6+3K3SMHddqtRlOR/iF1JRsTHDq6
+8sYZBaiI0RtuAVTleh0gLI+zLxf/kNVNX/3eWd9RcxydMlV+w/+c2og+jiS3VNpd
+3YdgghJ+QLRQ65nq4yCwLLe9pbKgxHsKYA+0fZX8nDzj2TREcsimNyOPW8ZNt7kL
+wMJPnA6AMMcDQfDDsijxZo4vQaWRoAknd+KXZP+EeYXWJP3c6UDLXfmXMC81oG7c
+QMLvXz90OzPegb+2YbBQYE0RoyVBwq3KjmUHg/SGOOnhngEIQSXqdDsf0+khGkzw
+VlRr4cstFXmlcUoa/DIoMQKyVZh51tY919k+dhbyYok01cqIzgD9WzNKpD+Me1HN
+CE1EG9Cd8iZ7if0+LXcHui2YzYrjZOTG4WsEA0ZPzTIVSiXw2jQ4X12Trwbb95EO
+1ye0eSbh7+RGs33IkK4D5nHymEghqTh9P0c0fNq6jqv4+R5A9SLpoQ2f3RfTyg8h
+1/UpfFPdJqviOYabqenbFGbSGy/md4wHvqh2m7lqRUe0gUJrJ5FrR+oSuYFOJrZk
+wVA5Ce5bAI7ZOdtgt2s4+/p93d61JJVrk+dmBqjLsDEPbA4AZqNJf/2EUpaAVV0v
++ycWwFnsnfmbZE4NakWCP19MY/ZYzTMJgQgyKOHO8iy5GRXkU0e5Y7n19f2c136H
+hxRdP6b4Vzx+lemLcKPdFjeV2dRAebhdMr8wB4FZ1go+aYxMmlWYuhH7tKE8qbDY
+D0aoRU8r6d3DyHzai9I+gXW/yKgbs0RiVWZ1fXq1pPhYMXrqecTnxcu3mONrkDGI
+Hckutom+EshGpbRPDCN7lTJoaUZQoY8uXeCyaPiXdHLSsdXZjIWAF+9LoJsQ5/9v
+L0rhVkt+P6EMjshpvnVLpM9iqOzTJdfmJMCFZscoPcAodjDdMHvD1ZvUPkWWEmRH
+TOtSRFqhbPALKYg4f/ujqKmb9oMFrOlWQtLsGr9di4KH0WiqMMZTj3Lh+S0eb4kE
+mXB9Esu28FFBUnM1kWnAJXoyALp9Ah1HTdbEGBNgTzHS4k3+MX8fSNUm0awRrbA7
+z6equPhnEnrDpljoGlcmwTfmnHqTd+BSV74yND9dUoKZldd1LBBuOzzPvrwD7UtN
+7l1m6s5cI5DyIjI1uzDYmb8kEVwL3gd2ts/upTEZ1dBH2zEsrleSYXSoWcLYM6+d
+0Wa60QHYkRQ3/Q6a2qIEBeizYpm/APEWmN0OFVVvHIi2qvj5Mp0f4YlnZFeY8Nv0
+YrkixNgPEarGTXwAzTdYqhNQlOR1VSxWDKlxU+T9L5jHkbU1oTswPt0WuJF1A/y0
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30.pem
deleted file mode 100644
index 5fa8620800..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30.pem
+++ /dev/null
@@ -1,143 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA4
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOomKt58EC5ZhZuQ5l
-1sHzwQGlV0aO6IxFJcWNzxERgALimki0sMEmrMvIg7vymvt/sQE/n4ivjA4Zmi7J
-AvHlOsvgWiM6Kv2pvPkoBbRuOLQz1jrvOXIQlapQc6bsv3Cp8tIpxtNdjHEagqpc
-+yL8WWtTTB89P2WOaDjUevZPSQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUrbJDVL6XeFCXxQvyNJPFyECwuScwDgYD
-VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFWfQvCC6bO3TFmioOAPr4LLUDYbz8Za
-z26H0RgIrFnUEmrPZF7i4/iQpq6cJmWcOb3M3wI/3IlaUmydTEOBpGGazIlk7NF6
-28v19V7KsugitbLcZJXOtaqbseyfwWgFT3LLvxV8qJqKBhNR3NUJvjdBYU6KlbeE
-rZoFX9Ru0Z0G
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA4 cRLIssuer
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA4
------BEGIN CERTIFICATE-----
-MIIDWTCCAsKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBNDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UECxMZaW5kaXJl
-Y3RDUkwgQ0E0IGNSTElzc3VlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vVQzOttxelJEVuWmMiwdG3GTEejfYhWdQmYtsSPFQ64V3B1F/SYYykFOPCVAbkZh
-PvFOhkUY0iQCBXi95lpCsWt31O2l5oIhKuzqBU6q86Ymk32qDQBvwtaHAlHRSdfn
-nPsCxWlDQdl5El4WL4/bT60xL1SdwWePNDldrtN7hf8CAwEAAaOCAVEwggFNMB8G
-A1UdIwQYMBaAFK2yQ1S+l3hQl8UL8jSTxchAsLknMB0GA1UdDgQWBBQF35wWai5Z
-gbV2xnj1OQvb/oVaYzAOBgNVHQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMIHhBgNVHR8EgdkwgdYwgdOgfqB8pHoweDELMAkGA1UEBhMCVVMxGjAY
-BgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBD
-QTQgY1JMSXNzdWVyMSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwgZm9yIGluZGlyZWN0
-Q1JMIENBNKJRpE8wTTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTQgY1JMSXNzdWVyMA0GCSqG
-SIb3DQEBBQUAA4GBAFKBu5yoQtqwA+MA/6AboLUyFrryUbT8gm6n5zVA7H5ezmO3
-apxKCgdHPEshKAN+SgO2kto0eE/4s2MF++66pMA+r8TDDmCrOfYVwMHyPVOrBKGM
-n7C+rt0ozZ32wA3d7k57IIsPT/H56TdX07oV5URZKAJ0k5iaPCBBLmF9w6BE
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid cRLIssuer EE Certificate Test30
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA4
------BEGIN CERTIFICATE-----
-MIIDZTCCAs6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBNDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlVmFsaWQg
-Y1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzMDCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEArCi7o+0oIpxvpPUN8G1Ys04I2kgIPVMldcU0tM/QiAGdPEXG
-j/Hcn9YQZVOGFuuPKge/kZ7wheOIpI91lKkeGqegSWssN1BzgiAJupENTtDlex3I
-FqatuDIln6nXgUp984F42mLPqLcXqSiAzCkJiPz24slUDhJiLWkEE0fWFrkCAwEA
-AaOCAVEwggFNMB8GA1UdIwQYMBaAFK2yQ1S+l3hQl8UL8jSTxchAsLknMB0GA1Ud
-DgQWBBQ4JkHeuoJrm1VjW/qWHf72m1Xm5TAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMIHhBgNVHR8EgdkwgdYwgdOgfqB8pHoweDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlp
-bmRpcmVjdENSTCBDQTQgY1JMSXNzdWVyMSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwg
-Zm9yIGluZGlyZWN0Q1JMIENBNKJRpE8wTTELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTQgY1JM
-SXNzdWVyMA0GCSqGSIb3DQEBBQUAA4GBAEGbnAJ6dpMVdHCjEMoVtyK7az1Sxcea
-28kAl/5TcdMNyP/DUgoweDRVQcm7sbJ3se3M0ac/+I9ce78YpS2e+83drRFYDRTg
-4DRD5RJUr6SS0F4tAwyncyaCsTn577sLWSmnkF3SKBiz6QNr83tetioIeXhAUcoI
-0tg5RoGSJkFD
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA4 cRLIssuer
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:05:DF:9C:16:6A:2E:59:81:B5:76:C6:78:F5:39:0B:DB:FE:85:5A:63
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0...~.|.z0x1.0...U....US1.0...U.
-..Test Certificates1"0 ..U....indirectCRL CA4 cRLIssuer1)0'..U... indirect CRL for indirectCRL CA4...
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8f:7e:a7:21:7b:8e:70:00:d3:23:a8:d7:d5:ce:87:34:44:e0:
-        ad:e2:89:f6:7e:9d:5b:2a:b7:af:57:bf:95:bf:5e:6b:f9:1c:
-        40:77:87:ea:eb:b1:ad:0c:e1:55:82:93:f0:bb:f6:e5:4c:33:
-        69:e5:41:c1:c9:6e:ae:b4:98:38:a0:1e:38:e1:20:84:d9:2d:
-        9f:2f:07:90:7e:30:7c:a1:c5:0d:c3:04:39:aa:97:b5:30:6f:
-        d9:e9:dd:78:d4:f9:49:01:69:93:da:e9:30:2e:ce:5b:89:cd:
-        5b:c7:48:31:69:bc:06:9a:6a:cc:02:2f:bd:5b:78:b4:c4:ad:
-        8b:ef
------BEGIN X509 CRL-----
-MIIB3TCCAUYCAQEwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTQg
-Y1JMSXNzdWVyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIHEMIHBMB8G
-A1UdIwQYMBaAFAXfnBZqLlmBtXbGePU5C9v+hVpjMAoGA1UdFAQDAgEBMIGRBgNV
-HRwBAf8EgYYwgYOgfqB8pHoweDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTQgY1JMSXNzdWVy
-MSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwgZm9yIGluZGlyZWN0Q1JMIENBNIQB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCPfqche45wANMjqNfVzoc0ROCt4on2fp1bKrevV7+V
-v15r+RxAd4fq67GtDOFVgpPwu/blTDNp5UHByW6utJg4oB444SCE2S2fLweQfjB8
-ocUNwwQ5qpe1MG/Z6d141PlJAWmT2ukwLs5bic1bx0gxabwGmmrMAi+9W3i0xK2L
-7w==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30EE.pem
new file mode 100644
index 0000000000..8a24f94274
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30EE.pem
@@ -0,0 +1,66 @@
+Bag Attributes
+    localKeyID: 26 4C 20 BC 2B EA 8F A8 43 6D AD 2E BB 94 60 45 BD C7 20 AA 
+    friendlyName: Valid cRLIssuer Test30 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid cRLIssuer EE Certificate Test30
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA4
+-----BEGIN CERTIFICATE-----
+MIIEgDCCA2igAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0E0MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNV
+BAMTJVZhbGlkIGNSTElzc3VlciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzAwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSzooJ7m4luutdu9QJQDkbY0Il8noU
+TgbKk5RKvCLiBOKpw2OWhUQC6REPPxCUPPlt6Nesrr7HJrAMI6V7ri6BadHXO/3J
+lReya5BgAqkPlHPIUzRgf+GLV4noXkhZu7n1HuC3WIrKLlQ7DxDfOaMtCmM2uXhs
+Htou/zroTG7ed7I6git8dmcYlJb7GwerHzJWXkCN+tdamuzpP/lQjFNAkSpBUkNY
+B3NDRSppsaf3xnwKDw8IHGoprM8Jc1X4bi6Gj1RJ/kPcJZ+Wzfv7xsPvZ06Y/TE+
+vFrs3KAXFYM+F+4Mcxl0cZe97w7kU0YUXJyrG4p1dyx7y1XoMyQkc1hxAgMBAAGj
+ggFdMIIBWTAfBgNVHSMEGDAWgBQMWjLqlAEgC6iqL8kS4y5BAoLotzAdBgNVHQ4E
+FgQUpLFFtgmq4YtGXlXl0x18qEhkLMswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATCB7QYDVR0fBIHlMIHiMIHfoIGEoIGBpH8wfTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNV
+BAsTGWluZGlyZWN0Q1JMIENBNCBjUkxJc3N1ZXIxKTAnBgNVBAMTIGluZGlyZWN0
+IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E0olakVDBSMQswCQYDVQQGEwJVUzEfMB0G
+A1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UECxMZaW5kaXJlY3RD
+UkwgQ0E0IGNSTElzc3VlcjANBgkqhkiG9w0BAQsFAAOCAQEAPkueBBT1p9JCkPfO
+5YxsM3b6bqPQ6dK4hBSqdX6+lgAkey0kGUH5kp0wyK+g7GO8GHrk+2N0S9mjSFEK
+bxdMuxho41sZp0+A12ZAw68Pwqgg0XtqY2MOSMsPOpwJSq6Fv/DC/uJVFRaD2moa
+avWgugALr2dbJ7jIsZhPmA68101nXSegz4qBeT+AZi5m4jiT75GR/qnbJV0aFDYU
+062FzWBAvrB3a7WT/0/vw8+eYmFeXi8cPouGvUttL/GHGDcVazALLK9GpRAx/2+g
+dtkvLdq5Je3HxRdIJVH8TiTZM8EHdlJ/3cDlN0qNMog9PN5q184xi2nrFzunFdhB
+4nPQoQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 26 4C 20 BC 2B EA 8F A8 43 6D AD 2E BB 94 60 45 BD C7 20 AA 
+    friendlyName: Valid cRLIssuer Test30 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FE5270AE65D3B000
+
+kgUcvK3apSU+Wzb/ZnTaqVfuh2oBFN/lKVGl1LJkNNMvZXvACYqYVyriddieT00M
+WGRjmKvN1pFRM4w4WjCwr1aVZSst7AcXTjfobjVPXqoQ84e0kT3hGuqyXXkoNDei
+IgOEwRMQ9gGQpz7OrOaSm3vnRJlkkwLzN6iN3PwkDt7Bd0uVQkIcd7GhZj2nclZw
+JT0rkEn65xPhIik9djCRzWOjfQM956g7PiVUabQOWjts/HeYwkS4l9amBu3WoohD
+tEovDOM3UOg3IuX/bYoTzpOK6WHviDlDP4Qb8yqUcyxO5NUgFgCs3waU4jGn3ykD
++1pf1mmxsY+QhIAdRnnYp/UhZlxk1LDYCgy0YBvJ3U17jhGLQ8iYn6t5TigvjE+c
+I78xd8jf3RxUtzvCGy/ZJz7jeqPmHOUU0sop5VoVZrSBkVQygISMz242PLaptqja
+3Q1UqlmwPCt7xI0+PEoQXs5sjQ1eKJIlM+hWL9RXH4uu3WXECcMJKyesWBQAYW1v
+qbES8bSPAi86Po970FdbAFwgUBJGkE/U1k0bYEuZ4VIef/pxwHAzfde7zAzlUJrb
+Cm/beSNh3lFVRCj2NTpb7YToXQr90zLB9kyJGTleUzd6sX7CBlkGVrw+nje0jKxw
+IeDSEtR18FEOfzY3bKbv2aj3h9amAB9/hYEeE9I9Q5LxKFyw8b+pB75kUi0kuwx4
+u+tW/PjELoshJujhOZtXFveqenV5PYxPyE6KP88Zst/5QHWOuG1+FlTLEQy9a7Oi
+D4vq/65n9sgaH/L9miy+CpubfXXrAawvFNQJ/QDymjAp0FDsU/PxlaE0dzsAQmcH
+HV/gJEVK0EWJ85Myt/L6mdJszeOCoM0vttA8wxejia6joIs0kMX/AccEzgC1tSDu
+F6WJ6sTV0FNi6p/b7I01phRRDUY44TFa5qeiB18ZmWf5JYT3QpFcZ6Dd60OIA/+m
+Z80QDdMHZbBlMux/ZLQygD9q58QRc0uv2vP+6HXZLyEUbv9NNkz1v46hIoixT75H
+iuqOscTdsyfR9xbe7szTrDLSnjq6iN3lHL5bEtdCsBDg6GDcqt6V9iG1uE5zdzNG
+bJo+8Lvm8TBn47No6gdFyn3+DHAdrrb2HgcmxRUxGsOBScdZr6bXNkZe4iz+OvHw
+hCzAD0XCp38a2xiR2dWj8ZnyT8/TEwgOvuKLSXuY0BHZyGSJo9OCwzV+F6jgzjnE
+I9CG7O6E9vGJ54N3LPUmAEB9uHixGwuLjRTlzjyapIcHlKeW/srr/ICVnUi8c5yB
+qbU6uo+fkBEicaJC7foK3vGLye9T6qAc9S8vmOE2CTi9SeLCoSBLTaeYFURuKzSx
+EJ+c8PXcjLKkAYBgHDNKvdJf/tx/hfU2ZZIRPktvwSr/blqgyreIvdExdmCFyEwZ
+jHrrDc73mg/V+kVWbDOJmG7VG/XigY1XmyWFJG2E9eGzyhTsh0AINEGJRg84O8fM
+lGEDLJZSXAkT+LhAMF9RqK0znrnCbTH07mlf8BTDJgPlWCZVqTVqe6mRyEsAfXgX
+DEIejVs3Z9uE3uoLBSQbmBFc7G8g8BluxzeHtLgRtpXRz3FY6Z6Sl7bixHLVk+2Q
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33.pem
deleted file mode 100644
index a1d4ca6ebd..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33.pem
+++ /dev/null
@@ -1,226 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA5
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI
-iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok
-km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM
-6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn
-6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J
-7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H
-sN+wLRApTQTr
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA6
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0E2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5/raWoeX0Fp14qkKY
-Ypdts+gzpB6uEBcK8SpAa5FzydBYcIJajJ7MbWLlH1o1nzd27E2YQQPaVuRvB9vS
-4Tih5plnbOXvkaUVh/iohILhb0Q49JWe4JU2yQsphppmzXgUH7C0Zygn3N/fd8JF
-MUxK0kDYmuerHsZ7DDIJsAOTpQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwhs+qhpOwTOKGqpZSQOxZqIc8H0wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACMudfomzqT284TDQDAaT8SdUGpP0bH0
-ofTP/6WODMD3M2+AYgM5ES2McuNKWBx/iifIy42icqmtiP4EjbwjK5JKPJzSSyIF
-/BL1+/TdNfvGBuDBG7qoVzqALx4QeAdCh9tjM9eZQbwVuIIUiI94VPU3hT1OcJRE
-ZCkFIjgPYCPR
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid cRLIssuer EE Certificate Test33
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA6
------BEGIN CERTIFICATE-----
-MIIDUTCCArqgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBNjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlVmFsaWQg
-Y1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzMzCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEA01gBYBQnJrrihQ7wxqFilR6zjimXk5ZbQs9BCX1n/zpBfmwn
-ezaal6qZo9BPsXH+zjp8eicI+kPZSXMUd5JgwwuHYH9+gL7EvKobEJc9WBuhBU5i
-GRSeBq9M0UltbXo5c6hbxl22rmTpqTaehigZ94dujqsPPl5g334rdtPU2IcCAwEA
-AaOCAT0wggE5MB8GA1UdIwQYMBaAFMIbPqoaTsEzihqqWUkDsWaiHPB9MB0GA1Ud
-DgQWBBR8QXrBPNUgzCMGCs9z7zs4nferRzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMIHNBgNVHR8EgcUwgcIwgb+gdKBypHAwbjELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9p
-bmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJl
-Y3RDUkwgQ0E2okekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0
-aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JMIENBNTANBgkqhkiG9w0BAQUF
-AAOBgQCTqqePZ3xWbeWlGEO5gbYfjxlqTrTOYOFZoSMlApx3fDkAo2o89IvoGN9N
-hXQDCVtd7MS5g1v2bCGF9TjVKgPMGIJSFGp0QIRRsNdsxRi631JxUFvVz7yE3RgI
-Qjll0EqM4nEceTJaNz6SnQhSjdcOJspkqKXUA1ga7Za2rC8SSA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0..Y...R...N.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA7
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 07
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 08
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 09
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0A
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA5
-    Serial Number: 0B
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c:
-        d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c:
-        f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e:
-        44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce:
-        51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53:
-        79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab:
-        7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c:
-        c7:af
------BEGIN X509 CRL-----
-MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0
-NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V
-BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX
-DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB
-MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG
-A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV
-HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1
-NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE
-AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN
-MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU
-lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd
-MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS
-TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3
-pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw
-FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly
-ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb
-uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu
-TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq
-xL1FzpoJ1fesDYN8YjzHrw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33EE.pem
new file mode 100644
index 0000000000..830d206e9e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 0F 7D A1 ED F6 2D E3 B1 55 23 86 96 A5 E3 C4 CF 05 60 F9 7C 
+    friendlyName: Valid cRLIssuer Test33 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid cRLIssuer EE Certificate Test33
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA6
+-----BEGIN CERTIFICATE-----
+MIIEajCCA1KgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0E2MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNV
+BAMTJVZhbGlkIGNSTElzc3VlciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzMwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9GPPNteHIdTdRRszbD/h/b+eGaWAD
+NrTjWgzTuZeXV6/D6sW9I+f6S0jcJGSvRB6kcM50+BnXqVV9fnuMgULlmpRAaGqw
+B6NqjlySxkrbuMQPOoHqp426I42grxN4OPf+qzujMMjMGAVImdnDt9MYfM2j1Sr8
+opCYbZFI5R9HXN4pmTCPkp5fox3Vp/ATCoXNtE6tux4iLzlEi+oyK0LjWYWvUHJ9
+cAAqbtzZEN5d0y41a+DFQSkckfCdR/M4lmLG2vzomt5Sft1KyYYL8OA7zxBJVcqx
+H0DcEW0kUPgcaxrBCHNyDuHMvGqe4sl4lOaXamQN5rzzgkFxmGTxeeUrAgMBAAGj
+ggFHMIIBQzAfBgNVHSMEGDAWgBQfySCNC6NsLXdPE95C9Au23ip2MTAdBgNVHQ4E
+FgQUluhzy9F5Af6JjyGhLMUYmAjLgycwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATCB1wYDVR0fBIHPMIHMMIHJoHmgd6R1MHMxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRgwFgYDVQQL
+Ew9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5k
+aXJlY3RDUkwgQ0E2okykSjBIMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBD
+ZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJlY3RDUkwgQ0E1MA0GCSqG
+SIb3DQEBCwUAA4IBAQB+9q8Ik0Z2KfZHsQDFdbZDL+EZUxMrzEj59fHD0X2KsHml
+8ZEj2YOEvnsGi5Y29B4NzVSqEnIJ7JHh9oWrCguHtLhw/x6VEy9ghE4Uhw8F36it
+KqCn9a8Djhxrj0riagy9ww/QRFV50rXuV0TuhiVBR1/A9869dx3onqOZiaVljzgr
+dk+Cxtze9rcyMrmaGvgboLlpPF9/s9JLFNc6FH3tH5PY6xGcEGfWtQeEedhJCWz8
+WPRL+kUf0aT5qX0PD7PHT9UDMzP0338QgAjI5rsjhPScQs7oSRSbKV1jkgdRMLoM
+TsUpUhQRYx5XVz36f7j9x94IWsz5PfkBqD2vH+AX
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0F 7D A1 ED F6 2D E3 B1 55 23 86 96 A5 E3 C4 CF 05 60 F9 7C 
+    friendlyName: Valid cRLIssuer Test33 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1CB3D75D493E7769
+
+WBhqGT+RJWLGu+ESdchE6u4yA2jPGhK2rK94zXxv2OK3ZgzRdjKJszQmWS6WHXUW
+T2BnHRp2oD2JUl6uNuUeIl+NteuHCaBVjCHJiY/zd03YbiS13x9q0TwnGJzD3YjR
+C5+zw+NJiTLikVY5etDNibaf56NykaHownrqQu+LlIfLu3yL5bY1x8nkEeWnL/cY
+zBAYa64S+Vh7Wd6Q5dXEMtbpUYmAfHFG1XkjiaBL3FDtMnJOLRRBtq7z9Td3CGxe
+Za2lTFhHFRHw6KbgDmvYz6lDnP/mdP4cNIw8jMaaB3tRUPaoAoHxYr8lY9RdxQt9
+wT4AxDkCC7KAiea+im2BhX5LhdrOCoWjcTrBNJRTp7mypXwezE3Uw4/uzD/bi5CN
+UcSJ+RwWIYfLNvJid6QkmKDg81cvEP2MlxHnL9nVycO0Wx/E7eDlnpgSq6CDdTx5
+3hvUSbTvapTXN2CM6KQlbu7hbvvfkEI+hXUpQ2lpkigJQCyR4uMRsqwuoDsKgKZJ
+92s2/0KATnCrmeUIOBR7JF3H9cvJf5Rxtr6QYi9IagyYl2HhWMzYgD93RViqJ2yw
+vkDG5I1SDvusQEO6dca6FaCb24UzJKFgu+zk7+ma8cmZaYMmZs/9FZzHAQ+PgrtU
+iXDqJqen+5mWyozancFuc6wJBxksI2vmHx/1BI3Uh6i+J7iQPXvPQ/p4Ti1IS4nW
+bm3uxohjMf7KdptHVjjr7KZxDyV+i4hmyke2Sl/oCnFfSdUo44VafBJRJmEHB9W0
+ECLt8s1D96d7uDU8ib917rM4YscmH1uB+i0K+cEVpAL6/HyABQmzSVGjFRjeyTxC
+KZ/5a/dlw9Tpgh1Hp0vDWOFFS/r2zpbPqmADOxSBle7QShRGvSFz83a1/vEs1Y40
+GNl34T/0cVGyupqpFxwTkxJCamUF2A/yqDfCNJJUeLHTMljJrMPo+YaJQhBzGMuA
+EA+jxzenFkyAjo3H5DJ/6gvYch0xHv4xp/OMEeJh2T0dv4kQN0Ia9uKgZXySgMID
++Kp//xLgxUSNt62LYJSmmoQ1i8w//1y7wX/0RfgQVKZhE0lSmZukqvndOWh/Z+tj
+HorxR6YWCLvBIaME5VDMjO+GnRULTjkzC5AHqe4oR8bBhwmD1/JqfNaGp9WEd6YM
+PSzwftuf3/WF5wwhDusTPr76sItEAOuA1fBcu3zSVYCLrFyS1XBrBdnl9Vj2rNIM
+vyXF7BvX4mALaLL64L2W4YXqmw/GG8RqKyQudQXET3hDDFqIEqIA7Yx2I3mA3LDu
+EtcSEoL4II9rx91Z9+30gnexGhNbJR6sajtOEYdMGSIpNaPifhsVk5b3OP9+E6xg
+RAKU9nyb5Ta79rg4FEyk4Mj1bYNFHWacbD9NRlhHRbKkEatoLahUjSufSwrVoioK
+d00ywK6abby9YLHyBzr4wEkJhDk5Gs4VTcrD5jK8MX+WVGqfVvgKjwlbPd2D0Mgs
+Zo9maIWsYEpnm1H9kblXfdvDBbw6TfUs32vwX+7assnr0ytiUlayZWmVGxL2QOlp
+vSTqZtfArBsdQuPSOYBQO9TV20G8f1qQ9CvpR21MbSIAs2Uir4aIlg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2.pem
deleted file mode 100644
index abd16aaee7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid deltaCRL EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDJjCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEsMCoGA1UEAxMjVmFsaWQgZGVs
-dGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBANRKVxWvFldCkmzvNTs41NjJct7Jt2VltlefYPwBuwPuHZveA3TbXj88
-nvKICCqBLZwlhGlAyfZTqFd4gElplVEKvfn/GSNyGGnsAHfZJOqwzyvpIPx/yg61
-ALFj1gsGSesibsgaXOhUVO0N6EVpse2azO8I7qSpXf6f6b+qpSkLAgMBAAGjggEX
-MIIBEzAfBgNVHSMEGDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAdBgNVHQ4EFgQU
-zo7j3tkIY9+L33KkkCzx7XzdaOcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBD
-QTEwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0ExMA0GCSqGSIb3
-DQEBBQUAA4GBABBiIdpyc6pIhhnujMn4FXCBcoJtkC5Am8NB/cgPKyhVlUTnp62b
-dbt1zoUI9KJPSlwBuJduPL/Q9hJr1vKHdcFC98iANtf3s7fzzhGF22Nel/qKtlWr
-fldw2WVkIjTSeQV9gmBf3cHAV31JP5/q1rMljeZD448J9Cd46UR05jM2
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2EE.pem
new file mode 100644
index 0000000000..6d14a5b19d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: F6 29 DB 96 07 D3 3A 5E E1 03 C0 AC 2B 81 C4 CD 0D E2 6B E8 
+    friendlyName: Valid deltaCRL Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid deltaCRL EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLDAqBgNVBAMT
+I1ZhbGlkIGRlbHRhQ1JMIEVFIENlcnRpZmljYXRlIFRlc3QyMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwd1BQ7/wKjBDcP9D5j5bCNy9FutJREznSiHS
+P1ZWdbmMUNZgzwgmA9oXqX9wqbQmq/KdQj1UNao69Ih3TDu6pIhWs9tZFDXQJ5Aw
+QBTS8rxdxcTzvcWYh61gG35ZS+obi85nDBtcMH6uJ3CVzLOe1S/cneeaIlvME1dR
+qEYUizVvc827K/POXYD89i+Cv56PTvkngHaX4s9acF2Nfu+wI8mgt0VCuCt+/FUq
+9WkUEzWFwWZ9l9wtYPijG+8mD5RK8UKhVYAnLLXHh1vY6a2g7fNg0nVE2yFMGMQi
+VWK+Goj0oPwfQbbWhdyLwEdoqbilnNVdVvorTqUYNDYVL2feQQIDAQABo4IBITCC
+AR0wHwYDVR0jBBgwFoAUdxgj5XaEyBSUP4LQgep0seCkLzMwHQYDVR0OBBYEFPof
+pRoOE0DZ7urfHC/l3cmHSCQLMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
+CmCGSAFlAwIBMAEwWAYDVR0fBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8w
+HQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNS
+TCBDQTEwWAYDVR0uBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+ExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEw
+DQYJKoZIhvcNAQELBQADggEBAKPvo7tsUNQ5bI0XnuZU+EZuqi0EXzLAT1ybFYVQ
+dR8uDdi9l+HdRsKioPOoQF2wzjQ5WvvfVMQ0032aXqQ2mKZP5n3NaMYon5l4ZMZD
+tmFSBsNpKmVL5TfQNhujuuiAg3/iTviwTK3tApgdUhEioZomFv8GT1P/W4DnDpjU
+Khns6ZZS1SwE+UP5ckJBFN75J3ptYyUrialBjCitoou5dH7hUmpKL6/jwr/zTmXm
+QT+jNsNg2OaKe9BZUuE3T3vMS/ecQPkgUvosTeqVbg3Q3g53Kq9noiPrDOF0RKrp
+JHoYsWHK1AkMy0o3uYUifeVdRcYxXQvaScLwwzsp/bv6FxM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F6 29 DB 96 07 D3 3A 5E E1 03 C0 AC 2B 81 C4 CD 0D E2 6B E8 
+    friendlyName: Valid deltaCRL Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EE2887BC9A995025
+
+1HjPKjN/H2UbwdN8notTrNk82KvHmYTDztz6me+cZo1iMW2K/W8go5Y8xgtQ38Nh
+Jwj+xw/+lgAjUQ8kuk5PoW+KUnbCwBS9rbQyBXZPwSlApxalnCd2cLxWYBdzHT1g
+4x45pkNw86CYpxwGijOEX+Ml6M1FY2y/X3KG27GCAOH9YW7BPvAt8zTg29cq1+Qc
+O42FSJK+06qeGrV5ElvQKK4iCi/UiGFsAHpREfiDLdD+Z/YZMa9ERPYp0eTLr/A4
+AXCSv1tABz9hJg6QT/q0FtOK0ub0498V5L/ZIYSbHxZ1Y/3ACqHQNeV5kua/80DO
+YnYyhouoiXEHAFJW0BSClK1WgNQM9Uoccvag38iM+KrymnlhQH8eJnG5rM3QI2yg
+Cm6IKuyP2fFx1Kd0qCMiaoEwkh+zWysq1yITFJhvS4NMiW3QVC17jzS5zq9Cht3D
+lQChON5wDh5fxAyb/nnfrV3T4ZbI1uz9hmJwEhoCMUp1qAUZYhQfDrBsRLA5OPdq
+8xnNx/1ol2MUlhp3bN1FpsgA9WjY/5rCD9RyXGctm/k0uz3or/C7SGZHy12e3EPa
+/2pBth17y1S2dxyoTQjN37ulolA1PIixkKgEhHqqflt1d6H+7w6g3897XzApsvi5
+QfOxS9dd2mEfoycfCIkvk/A/ovkWbV8USHFvZT3tkzVyxG58RdBsbPspWXnS52Up
+EJci07kVoihq/wQAY8j8Cd2xJ8NYuH4fL5RUGJPHBMBIQwQ/W1h6HrXvhnFbDNnk
+/6OAJfnVnHKVEyHw+wG0McybPM1KWk00BSFkRbwxMQdwunACjUEmC3Mzdktrffpc
+o3moOY6aTNF3que/YZD9B7yWhu1bhmO3t3cRw04To9dMUSdO+RLqp5vS907B0fpa
+d5J/qNafSjdWTnkzBAQzMX9yHXMuAUIgPKqM+DFyZ98JBIyDjrmhccc2Lnvy00XH
+baC6d6FoGtwaGwzEeKIEJVV0UBEBxXA+V5JML7cqFsm2Fr+6sTmpTzoOb/1SnORL
+1t0tdMSEAkOGT8DTD3LvF3jaIuxdQttwWx3h7bJpH0UD4Lkc8CUUmO8MwskOvy1y
+sgU2FEFTh9WEeQhu6AftdL7PBCHIdlbDU+p2GLOidIq/UcODVLi6+uIXyJheAnNZ
+63xyQXRYF/t9JgbkNv8pMBU5VZ36jjzweHp9cXcZEi5Kr7Wrjh5luKQJhiRHyh7P
+b8nBzJmZt+Rvkn0JJmgnO+03RFgWla6tySMQwgciHpewjVOjv8UnbNs4cvhdZE0Q
+5e/swhuc7mMHOeAiui77eyzFclBeRVKzJ01gr8c+lpHNSGb9oDDL+1hVZ6ITfE6U
+wTE+PijTDNOSaAvYfS5LFc42zIxhssj4pbSaETN0G7ANSSbBLnxb5NDmNMzoj0zL
+s2Q/mRSOcnlkagZz2C9LEr6Rf68ZhGJk6PLESfUlJJXazsm2Er7JntlIi2orEpVq
+IBZB322iKfErIg1w9M/N+Iq5OUAe/xF30U+I/WXT8NBjajYD1Pasf2gr27Q1uk8p
+Zgp2+3EGgb/AS4g5tqzVY3vMmYcKjTMv+kMq5I8ssjibMZS6d4Bp2huXpx1VJ8SM
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5.pem
deleted file mode 100644
index 57390f882d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid deltaCRL EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDJjCCAo+gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEsMCoGA1UEAxMjVmFsaWQgZGVs
-dGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBALJoiZyA4CHBqHesCHEPO2Me3gceR6LJTUtoEOGP877OjigufADkFCsN
-m6lEz1zn0JfUOvERm70QxsfYSjpbc3OiPi8v/hbsB0whYBVGe017Qluvyf6ZV2v/
-ItpeUd3v3rw3g3Z+pXGAgLTeDBl6RhbybuoORo2hbpq1hPkhrep7AgMBAAGjggEX
-MIIBEzAfBgNVHSMEGDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAdBgNVHQ4EFgQU
-FouAPbKkYNJGEKJU0p5tKX2BhpEwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBD
-QTEwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0ExMA0GCSqGSIb3
-DQEBBQUAA4GBAGu61lJXt+1uZ8FoGyPdKeHvT8YKDijsbNtC8azjbqKRIz7ETsfQ
-9nax423fRWHnphLHzSUdbuIdBvWL8aDN0T9ZvNt4A+73SndqlIw7y3ULlw+r+CRs
-UBmBJJSEvo8Bh+4OJCjGoZXDzdGbQ+7TYzZn+asNvDVZE5MN8o8Tcq8r
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5EE.pem
new file mode 100644
index 0000000000..b20e3975c4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 93 22 59 7C 8F 4E E0 09 A4 B6 5F 3A 9A 85 15 F6 8A B5 FD 2B 
+    friendlyName: Valid deltaCRL Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid deltaCRL EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEPzCCAyegAwIBAgIBBDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLDAqBgNVBAMT
+I1ZhbGlkIGRlbHRhQ1JMIEVFIENlcnRpZmljYXRlIFRlc3Q1MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJFECVVjrL4M7nLTi4W1pAi2nrpcoUfvyqYD
+PRN8qfpzIE2sdD8F+TFkPACLkiLO/ZxHg/SMlLxViLS14Psx2wsNVz8FKD3B2M4l
+7BqdRL9kb5n7AWYajmT1iBJhbiFqr6j+4wPljpRifp6mEF+Y66kqvcVOJZYo9mxK
+wtFfQ8Bfq80QXqADKzs14Zcr2WMwI6e+qxvvIEBoG9AiAXwcEaQQZaNuxBMAEWYj
+J4QKZb1ThRQvwHR+OF2WDQnFJU/igyo6r7JlC6Oole3TDeXAL+HLLc7PrAFYuKAC
+Q5V9uIAuBVsk9ZqTv3hxWlwM8UcIniTbCdaJzMk9PUnSLiIWDwIDAQABo4IBITCC
+AR0wHwYDVR0jBBgwFoAUdxgj5XaEyBSUP4LQgep0seCkLzMwHQYDVR0OBBYEFEll
++YhvWUeTjLvr+5XokIkUWsJaMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
+CmCGSAFlAwIBMAEwWAYDVR0fBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8w
+HQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNS
+TCBDQTEwWAYDVR0uBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+ExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEw
+DQYJKoZIhvcNAQELBQADggEBAHzp3LR2KfAWREjO8RVbzdP43ggy2Qi7oYZ3NsTp
+99KuQ4Z5agn0v97GgFfCq1Aym/dcoilxYT9BWD7QofsVUdHF5uUhVZ6oW63CR+rM
+6YC8WYneCzZc8MZl09I00mJCeMqWhRpQcaLGKhTLeJ5B580BSd+w+VkjiqHZr7SW
+Nft16xyOsw/jzMZQZ/bsjDcb+M/O2Gy4xUqpxp+sJNHeeY7N+/FX3OG8Z53IML3J
+SfD2Y+NUZ6UOMsTq4c7TxMFFUSmBrpg7xkiAWJl5HIwsX5dtFK33AxAbxOkXbmfC
+ESxVMsWyt1eXn/ndaiwAqyq5GXfcVyXCJJHcvdYjl8jGFrM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 93 22 59 7C 8F 4E E0 09 A4 B6 5F 3A 9A 85 15 F6 8A B5 FD 2B 
+    friendlyName: Valid deltaCRL Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,517C8F7B45662A8C
+
+QdbF4c6aeSXFoCFctsIsul7/4O7/znzpz6XNcnLnqZqbKPsdiWjNhtriapJyUPs6
+1VYXFHi3y1G9ySFZ1FWIbWoFkp62As8EaE7D/o3xQMBRGC3OQpAntZWdUfLmIQBI
+ImhKFY3dhJ9pmKKQ6lbfyXb2LhURTLhEeyqyhpNllppMS5Mv/iF3s/CP0BsUENwe
+5mBc1GQVhH0UC72fbIhsP741UidXoPLQKDNWQ3G5sX9X37YlmwkvzAFqFupUsZrq
+JKRYNxx1izYCzmlhWGf+3jlxtfhR0N+ULl/1RxE+cpLelPlUn82G+ct7i0mXyW8L
+nBLqEHq3IhbKa+baEJMbWM/vrQCwnJYux4NWtdTCdjqyHFcpnOSkosM3VJSi1N5A
+LePDEUhKHMfZigarxyuKLTYyVj/V4EmD3IOWbqxNOX1KUw4sb60aPEjxiPMG11q3
+x4VgIyC1v9l+oGeJflAiY/7hVoOtuyfDXO7Af6an688S/O6m7gkQ+eOs2PQSVTCl
+Nw5+eAAbaUjt53Fpy0WSS7sWQjnAHIaL0tGYwxI5wkmvorsilGWE8SJ7UXT0uUkx
+s9Oh+QVcj5oLeVexyui7ican+0Ok/mXmtMh6svET671aAmzef9VTW2yvGEsG2A0A
+c4//cd8jnfYBVkl/kdzPyGZLkbzWgMs+Ynjbco7eoO9lSX3wj2YIlPe3FRMbPRLg
+Ue69MiIKWZdiqcdYmQGO7/mqZUg5EUcFM+c93COl4tqyjaCNO7jqAsdhr8oa35H/
+Giml77rH86J/dUFL6Aw+5u7RCJQM0nKPHN6AgIedZZbw7Qgjph01S8h22Ot9DeR+
+ZSVDSi/xPfneJu7SbcUvhifdRYi1ytbMsl0saBKCesHRt0OtimqZHbazD5bKjJR+
+ceNVT6vR1E24LMvtiFLARt2c94XpzJ9iWsmHoXZ4bimPAFlAvVSKccYa9mTXjYvK
+ognt/cXnIpekOHbLt8XPRcxl/lUDT6UUtPAph0tn4/G3CkcJvGq1iAZ5TUbyzvTZ
+pE5GwCsLrFpDd5phc8yMzbQVcuFbeTyRUA3tupMJHXE5UjNtm26Fob2R3tvbZBju
+N41tv1AHl3QZSctjWM9kivZbYliZyNTuBwEQEJiL37XIsxCuDHUUGEKsAOQRPOio
+uLui6tML/ydeKYHJfj4bV/3RWbeuIEHxS24qNV3a2Qcfax+rGQZzdk5v2ijLcGzB
+U1biH5fP6A/JnYpyP0/eeqRnJE3HqP1ntRAcHWgWAiqoRD45zYm/efDr1w46N8ZO
+XN7b3R+zmpDv66spLC417jmT4E5//azPcAs5dknlxALTpSSTY5DqtEXM42nyRn0+
+LzehGCrj7NUeZkSo+FUB1bbD4UjW5jFCsLGcC2y7vo79r5uH/AV1vgGG8ugF6Iip
+dN0r4hM2EtOVMDaN1RuP3+iyslbE46T//gICRLFm2plG3nGko8BgYpGnUsNCB3b2
+pgMnkkWjpYpxpCs0SAos08KXr/LbaZcR4RwuhMK3hWHboHPPZGd1+tapzSrxNIOe
+SA25jedrzE6hDdLfJJUDH/+CmgS3X/Sc7B1hq0bngdxuNqw2XZnbRPNnYBlQ9OLl
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7.pem
deleted file mode 100644
index 9b046d77ae..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid deltaCRL EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDJjCCAo+gAwIBAgIBBjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEsMCoGA1UEAxMjVmFsaWQgZGVs
-dGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBALU8oom56GYl7ggs8WAyhZeZmMxxsN6Ikht0t6Iydxic3xNbotaUS0iz
-H0tYBYwzuCTMpM8RMBSrU4UlqIE/9V5PuY2dWiHDXVGRawMdE3i4UNzrMS0BlYDz
-zvAw77ifKwmObOm8R1CWg2VCY9xzFWqER3YRDKQTcK5LzjtxP6PZAgMBAAGjggEX
-MIIBEzAfBgNVHSMEGDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAdBgNVHQ4EFgQU
-unt4uPVRHtIAndMWGuDH66dedOcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBD
-QTEwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0ExMA0GCSqGSIb3
-DQEBBQUAA4GBAFwV555uqsNA+ZtS8QnVH+RRp5jhYTymacP8yc7G87Hyue8xaNzA
-yj4g3Rxfthlo52FFH0ZiuOKJP4YSvX4jr/BqZyrO5eMNs+ln4gMHn+RVxBdeh4xT
-LgXbQGX8wnks92CCGWUW1vbXUSbpBW43SaT767qDIo7yTASQVQ4jtWHJ
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7EE.pem
new file mode 100644
index 0000000000..3d0d5a7c95
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: E1 24 61 D4 80 26 C6 06 DB E3 20 10 B4 4E 3D C1 4C A6 CC 7F 
+    friendlyName: Valid deltaCRL Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid deltaCRL EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEPzCCAyegAwIBAgIBBjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLDAqBgNVBAMT
+I1ZhbGlkIGRlbHRhQ1JMIEVFIENlcnRpZmljYXRlIFRlc3Q3MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzciKUI1wBFK9EwAbsgpdXjusVk7/1h6YVvqN
++ZUJbsgq/3yxRU4jeSZDcZjMXJPXsrR1hLXn1yRpVo6S9ZobQuaefENp/RiASNOf
+YBYATNAGQmWFZEX9QCogEJpWeb2dFF32sCRzYwNy3DQaBFeDcTEXVzsdvXyfS3YA
+hXdQi5gefeuZjX/7OKl9pRBdaVntD+uE/wAo2Ez8aHIFpPtaqQWocHVZBX9zvFFI
+9V6hrZWECE6ncTeZnE5zEhRsgvEQH9yP/aS/B2VsQ9lp/vLgmUJNlGM+GJGVHt2c
+3GuwDOnGf2X37P3MhtVikr3n5Kdesz6/uifl/hEUTUYuVWJNQQIDAQABo4IBITCC
+AR0wHwYDVR0jBBgwFoAUdxgj5XaEyBSUP4LQgep0seCkLzMwHQYDVR0OBBYEFOW2
+9kwsl3yikB+EDuhYr3oLXkCRMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
+CmCGSAFlAwIBMAEwWAYDVR0fBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8w
+HQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNS
+TCBDQTEwWAYDVR0uBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+ExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEw
+DQYJKoZIhvcNAQELBQADggEBAAs0oXbA8TuPF+tMxNXgkOguLJikBkt/frKilUTA
+9DmJ+F/9vjHr72Q9bpjsqKp/KHwJKctL7wYuPsAkXBEMBAXVyKksD85/1Eka6YU3
+puJJeA+Bq0bsDESrJJL8XEXD3VuOLMbOq4Ot7DA6PH7P2F6VkfYrKXJEtabhBkVV
+0KWRI5aCR94pPJKoz2up29fJawUKLXdceIVKN9rWj2+mMv2aEV8f2WX2gbNyqZUE
+35RVGyExTLdt3AIeJ0W9RvxccyIkAk3T5rdeofjhjgyI7Y9/WMBT94BhBQv3SAXN
+3hmax5SnAGqm4/Fh6jl1LZcG5Ldln7tj2DMzewoSysPbTiA=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E1 24 61 D4 80 26 C6 06 DB E3 20 10 B4 4E 3D C1 4C A6 CC 7F 
+    friendlyName: Valid deltaCRL Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DEA4934DBEE6AE93
+
+fdN9TkpMM8GT1odOJXa8TnsKePIaitXGooKLqmvKooIQ84BcTzK1jnOKea5XoqGT
+MlnNHtbl8fO3/S6n0vwUQp3+4EfKw7eWvNVpv+i/L+I3ibWlOvq5YF6ke9b2JQHK
+tVpKguGDiyqVZN8nzN5TUQgz/35tSkuMnkZa9AKqIfHjq91r2ZNtk/GX3st+k1GQ
+IJLsQpjDIToC1QVdZDFzbvRxZLVezs0+jyXgedXagiCyUoKfRAVSmcP8PPibIFrH
+3QPE1D2KmLKcJbcSAR/qJ27ajGEyNjDpUJo6xDUFiKRDYgyxD5Ect26UNI5BIxa/
+/wIcxSDMB2GS5Q6rMkWQXbhjE11/s0C6kE9FDbonrA414PdQkrHCHBj1WtyrOhFt
+1taJPjc3BU0aurMQXFpFaN5NOJciQMu8JK7zR/AeCTkXAFLNyZjZac+qfk8OY+5t
+XoSH5uuhhwZBqPPjOtWh4KqHtjitAUbZ+FLJIENFQhINQiECpSIzABc+4R7tZDDv
+m+mKj6VMo4ZxSGs0ViUNm716dqJqP2bpPi4gF7Y/Ivb6c0tuPtbY2e889WlgxHbK
+2fEXPPW/DX+cFH+gHTCSLFLR06fTENm4pDJ4K6ClEhnQP4qV//udB2PQ1PKyUZ2B
+aC8T9HgvqOszDQbDQ1DQ7HgBlwKd0Y8qqjSQWrr16dsEzbTilH9odqjsOQCpdE4o
+jk9g8O2F+85LsmrBmPn+tuBmIwnbs+M/F19wYoZpLrT9Nh0ux8c8RQvvyIOZ1cPt
+HhfTBeMEmmz/ItkWtGlcAoaMh0Bmq6X+c9n/ZF49LKEztGEhcKpdQu8R0YoFX6yb
+PNqJFXBpWOj5vJrRA2/PVcobtJE55KyOExwDKbS1b188tKJNSJwZbqRG/2ZkX5NK
+z6j+OdQkdoLkq0z0FxATy3tEjlRsqNWHC3352yg6aG8ejvtvucnnf7eSrflPSt2C
+ADYY2uw1NLJjlv8T3xqJk15erT/lRu6ycCBHi8/Pi0Uo2KAoMuh1LIQYD01ZP+nS
+3Sgl15GSwb32Ldmb2ZOkq87/zgIT9/K+Dlb3LGN4v0yzJCb6dZCqPeK0zv0QBPsa
+6VrAVOB+mSszbuDXcT9Fjt7OCT+Pq4Pk4OjVs4tCaY42dfZTBHhBw6dUHmJ/aZ1i
+axmzijm+c32uxxVdt2p7kqt64qdZ58AqgCAGzglyMcIGIQzWo6uAoir8kG2/6clh
+YYPT+5J6VSPC5UdXcSvH15SLaWDfLX7/KMetUbof1KW+/CrPM+L8CNNqdpCinVJs
+iVEY8isQPIIM6WuCANSIyvV7XkjHVqxgohmcmjuDJMdPFm8ftEcZTjCfvy1kF/yQ
+JNz+XsLDjmyRGBQ1bcIQWZR7eLXeNPERe5pPAOpLbWM1IZefGZS1PiuBAOIxK9yP
+AfsbvvVf4kKYy+Ea1XUZfMwLdOeqmAgW1WyP7oB9zlQPT5thQKyMm3Tut+ad8OqK
+cXtMRhi+U827gs/lSbwluA+2pv9dacA5vebmiaku8b5fnOpzo0AH6CcQZGvWMW9x
+kv/jqMId9ppUYu5gzs31/prBo6R9dZ7pdHQrk1XT7tyklkjklXIYHg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8.pem
deleted file mode 100644
index 2db6c9c39f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8.pem
+++ /dev/null
@@ -1,162 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBXDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr2MUpxzH8HIqzmAylEvng
-qJvVIxI4xzM8NSpC7P7T2R1dmFXK/19W+m5yqOagB9VxgxP9IYbI2VJ/FrbQSD/+
-afpuHA8++piSAs2e/1BoRagiln3PnQTLemPsmVy00eSLnsw6QRdC0MIZjme0/SHv
-Z6XuWPNvicDyA/Uml2pCqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUo5OrV2YmbXI6bLyDZaOa/I4MQwswDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAFnKbCQCHJI6HhnaoKJkHKk3dBK/E1DNHc3a
-u9yx3wYdmqwkoG5iKJjssQDLcbLfpjuF7jU9nKbk2gcmOIa5//lgCmUaok4WZSUA
-u8bzMnpiZyzIjjoW78RyuntCMXbZzcs7umsOKfOlDXj4wwsev4E7m5nvP2Qv7hEX
-ECR/9DaG
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid deltaCRL EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA2
------BEGIN CERTIFICATE-----
-MIIDJjCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEsMCoGA1UEAxMjVmFsaWQgZGVs
-dGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDgwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBANNXQWv/s3VtlajbHeAAaJZ+taow3YYnDMLz9tXUqMSOOKnoHR59ec/A
-1XsEc02zK6rj6cC8db6LqebYOUJ1kpBl3t2oEH25mVFiBhgdYiLGeezrLNiAm2vF
-dBdoOCER9Y5PshspgHG45kPR88sRxRuN+NtvOBQ+rS3ZagNzOydDAgMBAAGjggEX
-MIIBEzAfBgNVHSMEGDAWgBSjk6tXZiZtcjpsvINlo5r8jgxDCzAdBgNVHQ4EFgQU
-rDZIHgyRpXqIY0zNvpsz15jbVrcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBD
-QTIwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0EyMA0GCSqGSIb3
-DQEBBQUAA4GBACi9fCMcVs6WjeEeE35GgRLIbCVWQ1PbtOFwwJiaM7f/c4i1F3Kt
-A2BcHex6T21Ea9eSra37uvPdAUSc0Dc3klZS96pU6v0oZtXl07daAhbR8mKRmoPq
-tVcto5YqOd/STL2egFKzNVhfR5UZo1wycobU3FZtmFyr9DFIEKb/mFt0
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA2
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A3:93:AB:57:66:26:6D:72:3A:6C:BC:83:65:A3:9A:FC:8E:0C:43:0B
-
-            X509v3 CRL Number: 
-                3
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        25:e0:e6:a0:65:11:f0:81:2b:f1:ed:47:8c:1c:a4:dd:79:26:
-        78:05:22:84:96:35:60:de:7b:13:ec:70:ee:50:3d:ac:d4:9a:
-        22:fe:e3:9a:77:a4:fb:bb:86:98:21:80:3e:d3:20:85:57:b2:
-        0f:2e:bd:53:d4:7a:ac:96:02:3e:17:00:67:67:6d:16:01:9d:
-        93:cb:fc:b6:f1:c2:23:0b:e2:de:c2:02:5a:70:05:34:35:8a:
-        72:8c:cb:78:ad:62:96:86:50:5d:6c:ba:1a:bb:e5:b8:e8:5f:
-        b6:7c:33:8f:8b:aa:c6:b1:78:a7:e4:56:12:76:09:7a:db:ae:
-        f5:ff
------BEGIN X509 CRL-----
-MIIBbDCB1gIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENBMhcNMDMw
-MTAxMTIwMDAwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaA+MDwwHwYDVR0jBBgwFoAUo5OrV2YmbXI6bLyDZaOa/I4M
-QwswCgYDVR0UBAMCAQMwDQYDVR0bAQH/BAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-JeDmoGUR8IEr8e1HjByk3XkmeAUihJY1YN57E+xw7lA9rNSaIv7jmnek+7uGmCGA
-PtMghVeyDy69U9R6rJYCPhcAZ2dtFgGdk8v8tvHCIwvi3sICWnAFNDWKcozLeK1i
-loZQXWy6GrvluOhftnwzj4uqxrF4p+RWEnYJetuu9f8=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A3:93:AB:57:66:26:6D:72:3A:6C:BC:83:65:A3:9A:FC:8E:0C:43:0B
-
-            X509v3 CRL Number: 
-                2
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA2
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6a:af:6c:a0:70:12:90:02:5b:70:fd:d4:b6:8d:28:9a:51:5c:
-        fd:04:ed:47:e1:a0:5a:60:e7:41:83:23:ff:a3:e0:c6:b1:fc:
-        71:db:cb:8e:a7:20:0e:f6:9a:ae:e3:fd:61:33:a6:21:69:4f:
-        7f:7f:23:cc:33:47:45:23:bc:fc:a1:79:02:31:3f:8d:77:e7:
-        c0:9c:8d:90:ef:6a:9d:38:fe:13:b7:03:dd:ac:36:72:b5:94:
-        e5:7b:43:a8:7a:96:ce:16:bc:55:00:bd:cc:1b:a7:81:93:40:
-        f7:f6:11:bf:c6:dd:7a:ab:32:e5:be:fb:88:32:e2:06:41:9f:
-        5f:d5
------BEGIN X509 CRL-----
-MIIBtTCCAR4CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTIXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQGggYUwgYIwHwYDVR0jBBgwFoAUo5OrV2YmbXI6bLyDZaOa
-/I4MQwswCgYDVR0UBAMCAQIwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFD
-UkwgQ0EyMA0GCSqGSIb3DQEBBQUAA4GBAGqvbKBwEpACW3D91LaNKJpRXP0E7Ufh
-oFpg50GDI/+j4Max/HHby46nIA72mq7j/WEzpiFpT39/I8wzR0UjvPyheQIxP413
-58CcjZDvap04/hO3A92sNnK1lOV7Q6h6ls4WvFUAvcwbp4GTQPf2Eb/G3XqrMuW+
-+4gy4gZBn1/V
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8EE.pem
new file mode 100644
index 0000000000..a16e256c7f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 04 A5 97 42 73 3F 37 86 6D 23 09 D9 09 F6 C8 C8 E6 14 A2 57 
+    friendlyName: Valid deltaCRL Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid deltaCRL EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA2
+-----BEGIN CERTIFICATE-----
+MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLDAqBgNVBAMT
+I1ZhbGlkIGRlbHRhQ1JMIEVFIENlcnRpZmljYXRlIFRlc3Q4MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8cN2sWESGC6fNXCLygPwdhQv9FHYDd+cFpxm
+kheAY2g4ijWFyF6OUiiGE3pgKsWnK6ggR/TGGJywRZGNHHSXxQXFE2yb9K0H9SqV
+UTMAcnj+Bfn/EwTh/TH6MZ1qK521o2sHnLclVwMmsPcXOlvStj146Qy4bJeYxfrx
+4+ElWzjxrFdYq2Bl8Dg3ttC3VN2qHBt/cgJSOYSFV0NRq9AWahuBvaZLabpwThpd
+GdgYYJoS8xbTc1CbQ2Ae3SnzPzRoDgDIa3qq/dvsvid14x19l5iikXutlOc+vP83
+h030hWFY22BcV0KpJ6JPl1G66jE8bqr1OJpiCsMaIUqS6vk2MwIDAQABo4IBITCC
+AR0wHwYDVR0jBBgwFoAUfNj2vgNMzs+3P6EZuzOrtdeN+8QwHQYDVR0OBBYEFDVt
+isYS30aB8pp8CZs3el96Hk63MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
+CmCGSAFlAwIBMAEwWAYDVR0fBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8w
+HQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNS
+TCBDQTIwWAYDVR0uBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+ExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTIw
+DQYJKoZIhvcNAQELBQADggEBAHWaKCfflZoi95Z/yp1yP6w4LEJL3H529WDI2UvD
+1Fm2gkj/+VcJhv3e8jAIppl99nAv96wQSyZ+fK3MyC0z0imcgBGWDuG2R9y8CBD0
+/eEoDNuR/ohHoZep5g6tFTdyCEOiOTfw2KlQUHC5QDrGueQYSe+paIUB3U2mi0Zx
+3wKur48JUckLnnqZM5ZsuGbGJq0jndUEPsbRIEkUTD8wPSrlmGa3FZw3/Tv/o6QJ
+Dn3TRvjVTCGiCqDhvlaB3hdhOl9cxqOgC9Q8JHitr17FUcFUnZdZ8BoiyQE5/ASK
+Pu7QbuDtqRlByongR9EinSmc8KZpZOXA2WZmweq6H2sM8JE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 04 A5 97 42 73 3F 37 86 6D 23 09 D9 09 F6 C8 C8 E6 14 A2 57 
+    friendlyName: Valid deltaCRL Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C9E871E8056A9637
+
+TQBadg+aGhsk4Qn8qCDGGGWmW3z/Xfon1sWhWu/6mKFUmZt7ohtSIM0MIEOZ/Y8b
+8+y4xLYoMR4sj36VErleauBNy3dheara0dmqNeNLY7JdpTQKUBe2Sy/sR5r7bAEX
+qPVng+1RDHDyGHDgdY9wX42pwspeS3Cm5QL2mejc4lVGf59YK/zM8bD99PN4sbK6
+IugUVz14UvkTEghrW8c3jryUlcBRx6lbMyzUCHSQEQ2EJ1e9XdDSNvLiNAv0Fgao
+rvnlL0/9S8JHUie+W9hS33lhABf3/bjCQqBbH6PmH8lGoyRtA6J3/bA39I7pIlfA
+XeGgxbMIzrNRQDFMTcSCRJKbFoVLPLgn0uD/ugMAaWgAfuAJs6gPjc6tHe5fu1WK
+sw8xH3yO1p+I4jPeMmBLB1hUHJMo593iQSTRNKcovBHumP6G4aLHd7rNSiucUj7M
+C/RuTFMNP1xkU1o7eqbLFFAf5EjLPKH0LOiORMYKQfRALz+zhzKI72x1Wv6sFofQ
+RYea7MAsMua/4YIjzGOZ1DeYFkKEopb5kLS0/s5tFLRx9joOzl5MGm0MlIn3cNCu
+5iEc/bPGgA9Sx7Ch1T4x8EabbrNWTbpI3Ru58homQKAUJ/BZWtItEqDq1TuMPgQy
+gAQ7pEcKRHRE2sHGtLkJGmcH67ZIk8ArowMPhQHxslCsnqPEqXu45SwleJi0NIzC
+ceIr4jIhooCVXPtIUSdkdVKtM7/SJ2L1za3/sOB02FCqHRwj+hlTZ6cEg3hWd1Gr
+uJnyhriNrNyMhQY52kTJaPtLNW+3jT26yXIrUWAcsDNVCEHDBMqPzpKNQPVfazMw
+4w+o7e1M2znPICq5r8nbQMT4YLLG2K1JaZmdq7zqLRK2BWo5WQot9Vm0kOlPXTbD
+JTO2V3t3cCqErF2A5gcKj+DuOi/YJN7E2vqZrrw5xFJLZZuiqrVp/gZUWvL9qYMg
+xrGRNta1J/mpiksaosJ71vqnwC4OCpr/dFUkA3WVV+UxaoA0Zt2YIri8wRQPBCoy
+35HZg8rCynP7sckhFLHAqQI96x9djGmFFPzWWol62BVnLAWZ+904Soxs5UTPbQmh
+egm03rYTfU5Zp6ktLb3NdPeixu30i/sBzDG5CvNuchEfHI600kUV7lfzPacBtWZJ
+25C5TpbB1SxBX5tYR/H5kv8M+1dWV+GXOQ68yF20rYNydzzfrd0vYnRzZ+EhDPCK
+2YhzajyVjYeAUdJAJIhaIHAUabHCedlVkWEkDSdm1OzUSvMr9OqyLcEWwHnjYt26
+JXI+GWG0Q/mVJIeyBzbniEzFWVyYqDRYqTiYkKj10BpPF8CBwD7H5jzFlVUu8HpG
+lgLkXUY5iGfhPl3ufNBHhp6NUj4AugJ8X+lBZWFFqdCQ18QL6wPeNfGAhr48oWvz
+97EgBFZaihhesw2eSIUdzXcqZPMfRPt52kBt3J+/TLEE0z/CUpxSpyEDJs9olhSY
+7hoss5HAWV8jbmSwjHMxdEOX6hY5hGk3MnUH5vYKRAfrj8Sh+UAf1B4O5RY2h/tw
+wzoDhzpaggqOExQx3mTzQZKfP5oh4fBpsa9tzoFJ5oa6769qRrV3070BXl4izs57
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1.pem
deleted file mode 100644
index 4d1155f29e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1.pem
+++ /dev/null
@@ -1,123 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVIDlX8Ue
-jptTAccp199par4Wi+6zdvpzdmUXj6UICGge/S5OJUY6nmBMligfESDLwjhbFB9V
-wm194odW9eAiWfUenAN7i4xIyorZwf5dPqHZVOcv9M3jRBce9j/ZuO8ard6c8Dp+
-UQ7gGH0Avyz4IM9x52TNBjYLthRcxwRPywIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnh8dUFdqhW8b+OZBXut6ujB+
-uvQwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMM6gfNW7Hs8z/E7U5NW/M1Y
-eT2VxqvZaq+HqK/GnxQeJUalPUbLk66F3XU5QmU/gQ/F6wP5yEV8UZALVj7OuJ56
-Vz21USzCSPGXPazeDdBQSx0otXHbKVtamBKYMn+jFqYPuPmNxUWzu4iczvEsBZFK
-0dm+b6846EQQbmI8jNru
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid distributionPoint EE Certificate Test1
-issuer=/C=US/O=Test Certificates/OU=distributionPoint1 CA
------BEGIN CERTIFICATE-----
-MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDEwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN6guztNoD71JstXwHeM6i0zxnyPdZOx
-ZTcQsR+TD2lCqIvhOECxI8GdbfxgHJlvh/2nKd7LKSelitE+3fWW/qKMZ/0YuVru
-PaJZ++CaJDZQma26yjruW5AcBQ0L+V9VYKLoFnGDjtlJrHGbvrv4XZByL19ikrKd
-nt241DXaNxsnAgMBAAGjgfMwgfAwHwYDVR0jBBgwFoAUnh8dUFdqhW8b+OZBXut6
-ujB+uvQwHQYDVR0OBBYEFGrgSYUMuxW8YuQDkUuM8pXH+fGIMA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwgYQGA1UdHwR9MHsweaB3oHWk
-czBxMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAc
-BgNVBAsTFWRpc3RyaWJ1dGlvblBvaW50MSBDQTEmMCQGA1UEAxMdQ1JMMSBvZiBk
-aXN0cmlidXRpb25Qb2ludDEgQ0EwDQYJKoZIhvcNAQEFBQADgYEAaNonr89NlCOf
-B4CPoPAy+I/+jv8FamQoB55nhirAu/W5oZunV0iWLyajzQxSVgMpmrKaIC0cgCwx
-i6XUWy7aAkam0kQMmWzHNSrGEAvMjtYU9+jQj3ZO94LFUlSKsN6Ut1dxXNheb7ML
-YFgoWyPNz0rcb+iy6fjoyxr8fpA5H9Q=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9E:1F:1D:50:57:6A:85:6F:1B:F8:E6:41:5E:EB:7A:BA:30:7E:BA:F4
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0y.w.u.s0q1.0...U....US1.0...U.
-..Test Certificates1.0...U....distributionPoint1 CA1&0$..U....CRL1 of distributionPoint1 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        bb:36:57:87:39:3f:49:50:07:42:5f:a4:2b:3e:b2:04:52:a9:
-        1b:dc:5e:8b:c1:6c:47:19:83:1d:5f:81:da:ae:bf:ba:1d:57:
-        8d:a7:f0:41:bf:d1:40:e3:f8:7f:bf:80:ac:8d:2d:97:15:88:
-        6c:91:39:87:3d:0d:45:79:a3:b8:41:a2:17:b6:a3:24:cd:a9:
-        7b:f2:f9:57:b5:98:a0:a7:07:2b:3e:5a:2a:d8:5b:84:7d:25:
-        75:25:51:9f:58:1e:6f:ea:f9:3a:62:59:e6:54:01:d7:76:91:
-        2d:0f:b9:f5:2a:ce:0c:46:e4:dd:b1:3c:23:92:a8:67:d2:39:
-        6a:49
------BEGIN X509 CRL-----
-MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGggbgwgbUwHwYDVR0jBBgwFoAUnh8dUFdq
-hW8b+OZBXut6ujB+uvQwCgYDVR0UBAMCAQEwgYUGA1UdHAEB/wR7MHmgd6B1pHMw
-cTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYD
-VQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNSTDEgb2YgZGlz
-dHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBBQUAA4GBALs2V4c5P0lQB0Jf
-pCs+sgRSqRvcXovBbEcZgx1fgdquv7odV42n8EG/0UDj+H+/gKyNLZcViGyROYc9
-DUV5o7hBohe2oyTNqXvy+Ve1mKCnBys+WirYW4R9JXUlUZ9YHm/q+TpiWeZUAdd2
-kS0PufUqzgxG5N2xPCOSqGfSOWpJ
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1EE.pem
new file mode 100644
index 0000000000..68449061eb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: D3 79 25 D9 3C 99 E3 68 09 68 E2 8A 42 EF 15 F4 9F DF FA 09 
+    friendlyName: Valid distributionPoint Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid distributionPoint EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint1 CA
+-----BEGIN CERTIFICATE-----
+MIIEKTCCAxGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIGRpc3RyaWJ1dGlvblBvaW50IEVFIENlcnRpZmljYXRl
+IFRlc3QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0sPTk1SoTy03
+5AcGZcmP71y5DQKUR59LVALZKFRoNPExjKDu/1iA4xbhQF7sQPExUpOp1hmCn0Ln
+FXCS+Cal+tKFOZ2+jLs2QCWk96czfVQ2fKipq7C5CwZXMYfhiUL+RZ+cXt7KEYdH
+TTfaWbHKIBW+7DCJ/AwEqbRa7b7ozLnrprQXvjbgJTsEbWZCD3oQVHg9r+5sWgwB
+/JhcTyr3+t63ZRMT8TjXqElnu2n9cGesJgy3/KEyBJ7nV50pQQVdbVPHf/QximZd
+wCSnlnMubmC0dqCZFJQcJQhKToarEkdyNNZwaci58pJ0heZ3XDwAGhLLXrUc6MCy
+h59WPhNpkQIDAQABo4H6MIH3MB8GA1UdIwQYMBaAFBEwc72NcCiC0m/P0jftzesj
+kdvvMB0GA1UdDgQWBBSy6JFibzXDGWwqeeIz3gyphnF+vDAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGLBgNVHR8EgYMwgYAwfqB8oHqk
+eDB2MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEeMBwGA1UECxMVZGlzdHJpYnV0aW9uUG9pbnQxIENBMSYwJAYDVQQDEx1DUkwx
+IG9mIGRpc3RyaWJ1dGlvblBvaW50MSBDQTANBgkqhkiG9w0BAQsFAAOCAQEAN4Nk
+5AglIPqk6oGm0F3kRKsgBJfkUR8Cm97MqjqzUzNHN9nWnQd4yihkGd00gKMVqHqw
+Cs/hm61VlHa+Y6l+cXprG+aKOQlTzircOjv8kzJRTglu72dnSeUtHZEw2Lb06B/0
+4dO/WUQcvyMzB7bQCeUFYA+JGZJbGhq6irtI9aXgfJK6vOQkOp0M8UNohCYJWVnD
+rJ1ve3lDEYm+TP+oOvGJPI6+eLgugaSQs7x+nCu1GGa7Ur1lmzLBkDpBU7/bb4zD
+58x+mEJzcnWFp62PxUnBIOVjxvHOC5hfvhL1pMwb2hJTCUz5Cll+9Ql0cimey6N5
+qyh2uI5l4i8HykXVSQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D3 79 25 D9 3C 99 E3 68 09 68 E2 8A 42 EF 15 F4 9F DF FA 09 
+    friendlyName: Valid distributionPoint Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B1814F2B9424DBDE
+
+C7PqZvJSPgKj6ZgWexy/L4+LvKtgmY08HSfMfhnJASIcNGuzYlHeNFx0m33jLU4a
+94hkgZkGwrRyvW8yxEnIxgnEpJAH7bmMY53k5mYRp3yWae84FL1EOjFaWPYQF9T8
+8wqfLCT1Mc4CNSo8/mINq7PRXkRckBL31fMk5vbDDOD0N5/VFySu+r2D6+qIVmBV
+rIl8Pxeox6ZTc423JuBJNOlplcFNNxOVxYkez0kpiAIWQaHHnD/ib0TNRFwCqdqm
+LM2ep6qFhQLxJXdGv+b/uKxYRQneHmUfCICsZsESAI68yuV7gINUSoG5gvuemyVN
+fi2nkG5MhQ5bAu5L8T0VhhRi3E/g1ND7QLkBt8pNIOqfUrYdT7QHZODYe+7MBBQr
+HAZ3whqebuzXsK4r5ZNphZOFOql2pebB/F6EyGExbSZ6bkmjmGqVCSZIfpOgJ0n7
+1xEXo5qOZz6PPyBAszL1vi97t82TQO1aqOcq/rXzA80sjFQopaDhAXeWd/on6O/s
+DDQYz+d+QjgTmFWeUQ+UvvpNXsq1E5WxWqsyiDzNF0ebhCzdyDDxDaYFFy2kUcAO
+Y7StHphBn5KB3ja2xf84R9eV6NN6B3jaoUnZyNTpaSdqSLjxU3Yl363NJ/O+hOgn
+c4iCsEATcq7A2881DSyRr7r8hVxv9rQu9z/D7mz7y8VuRGtABesKVsBU65Zj83aH
+JBKnBthU0FGCC9XTx+IOVATk0gDiFImub6N33KEtzEGBWNKh7Nc1DypjnOI08kBp
+PNw9bWtjRlJ4caBqfB99LLju5KGQa6wJSIzkmhBqrykoJ85RB8UEb49TZxWm8Mim
+Qm/3kZ0aiTTBkWtlZM6zy8/5oHAO8oeqC8SvKrOJ+CE0lWjBAQ0Zyp0uy6TJDeAf
+ea+yjoqvsnXH/DxfUkbTkILZVJP2pKwj38/mYfpatiHyUGDg4v7V6Rxnl1NP4gw0
+Ew6yRe0HeonLkTcEmjqlBsDCqlhU98h/nplTwCcTMWfYnFUVYqGsLDXrJajXL3Nt
+Zi/TbNAWQibB6bCedurPgauHNoRaqvsRnVJZ1DTqFuc+hBL3sWPVweHBjxBbwxs3
+K2GZmE7uL8jHUUoDcvjNrieh0ESfHxDGWwEVKckokQsUKuwdPqgNuCbGeZapce2P
+BSh8dlZkWHvoITUgTwpUU2736xR5iCEcfwTpkLN4eJtFWaTaMBiPNd6/8RKXFAt9
+cs+CK+6O2i4JV3J+hZCT3hqeNAt86lumKlm4sgn2HyecH5Xkg4EuO1Sw6LYUS7El
+XfpT2Jo+vM2hfMp/ebvTsFAOOfoD7V1o4vYfzHcD/rvqnPMyLSnM3sceKZXt70E8
+s2iQ/VxZY8GXrFlXTJa5CRof+CvkWDDjfqlZo48i2amH4qn03Eylapp2ma3MIiuD
+5KhielEG5PBYkOxonpfj8erbLU7unCtNVKFiXT1hDS/o5YDWHJSuCR8A1/7bOzuh
+OYR/DcBGhe6Es7NLWBgIwSYMLTGCv1/sukMqVERVWATgvn3SbuZ2mSxesJjN2/kk
+uvceA1UtkI59duulDW5mIv+zY+0DuYlXTnZCdNR6o4VoVZDQb7vNxzBcDDn02Wzp
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4.pem
deleted file mode 100644
index b910bfa5b8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4.pem
+++ /dev/null
@@ -1,121 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVIDlX8Ue
-jptTAccp199par4Wi+6zdvpzdmUXj6UICGge/S5OJUY6nmBMligfESDLwjhbFB9V
-wm194odW9eAiWfUenAN7i4xIyorZwf5dPqHZVOcv9M3jRBce9j/ZuO8ard6c8Dp+
-UQ7gGH0Avyz4IM9x52TNBjYLthRcxwRPywIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnh8dUFdqhW8b+OZBXut6ujB+
-uvQwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMM6gfNW7Hs8z/E7U5NW/M1Y
-eT2VxqvZaq+HqK/GnxQeJUalPUbLk66F3XU5QmU/gQ/F6wP5yEV8UZALVj7OuJ56
-Vz21USzCSPGXPazeDdBQSx0otXHbKVtamBKYMn+jFqYPuPmNxUWzu4iczvEsBZFK
-0dm+b6846EQQbmI8jNru
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid distributionPoint EE Certificate Test4
-issuer=/C=US/O=Test Certificates/OU=distributionPoint1 CA
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDQwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANJIkOdZRwN8UTl55iM8yHPn50dQHIq8
-HfyujAk6Jv6J99xOf9TR0MdxFPy0pQ+sqafVe30jTmqUVekQqyzewTZvJ3Q2tRoc
-POnbHancXe29FlXNO2PXHA+L7RPpFglcXQjTQTzccRCzmpv2bRO4oGEICTWg7twt
-MiPAc4q4jZbfAgMBAAGjgaMwgaAwHwYDVR0jBBgwFoAUnh8dUFdqhW8b+OZBXut6
-ujB+uvQwHQYDVR0OBBYEFNbqujjf+uaNLMffRr8p+XZZJNN/MA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwNQYDVR0fBC4wLDAqoCihJjAk
-BgNVBAMTHUNSTDEgb2YgZGlzdHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEB
-BQUAA4GBAKzWCbFK6I9YapazUsu+6hrCf5Eafd14GQqQOhxwUQNvHdD8IxcTeQoX
-7u5YapjezA6GSz14DxHIZQRtE/cAzSIjRJjDvn3rQdrlwdNXRgjFia9Jknth311/
-GXxAPrAwlxOAuTBFplNC9mG9japtT3qz2BkM/q+MdedGRWtS++30
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9E:1F:1D:50:57:6A:85:6F:1B:F8:E6:41:5E:EB:7A:BA:30:7E:BA:F4
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0y.w.u.s0q1.0...U....US1.0...U.
-..Test Certificates1.0...U....distributionPoint1 CA1&0$..U....CRL1 of distributionPoint1 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        bb:36:57:87:39:3f:49:50:07:42:5f:a4:2b:3e:b2:04:52:a9:
-        1b:dc:5e:8b:c1:6c:47:19:83:1d:5f:81:da:ae:bf:ba:1d:57:
-        8d:a7:f0:41:bf:d1:40:e3:f8:7f:bf:80:ac:8d:2d:97:15:88:
-        6c:91:39:87:3d:0d:45:79:a3:b8:41:a2:17:b6:a3:24:cd:a9:
-        7b:f2:f9:57:b5:98:a0:a7:07:2b:3e:5a:2a:d8:5b:84:7d:25:
-        75:25:51:9f:58:1e:6f:ea:f9:3a:62:59:e6:54:01:d7:76:91:
-        2d:0f:b9:f5:2a:ce:0c:46:e4:dd:b1:3c:23:92:a8:67:d2:39:
-        6a:49
------BEGIN X509 CRL-----
-MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGggbgwgbUwHwYDVR0jBBgwFoAUnh8dUFdq
-hW8b+OZBXut6ujB+uvQwCgYDVR0UBAMCAQEwgYUGA1UdHAEB/wR7MHmgd6B1pHMw
-cTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYD
-VQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNSTDEgb2YgZGlz
-dHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBBQUAA4GBALs2V4c5P0lQB0Jf
-pCs+sgRSqRvcXovBbEcZgx1fgdquv7odV42n8EG/0UDj+H+/gKyNLZcViGyROYc9
-DUV5o7hBohe2oyTNqXvy+Ve1mKCnBys+WirYW4R9JXUlUZ9YHm/q+TpiWeZUAdd2
-kS0PufUqzgxG5N2xPCOSqGfSOWpJ
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4EE.pem
new file mode 100644
index 0000000000..9c24c93c57
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 0F 9E 09 91 9F 0F 27 AB AD C8 5D 0D 95 BF 42 64 0F 13 D1 F4 
+    friendlyName: Valid distributionPoint Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid distributionPoint EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint1 CA
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIGRpc3RyaWJ1dGlvblBvaW50IEVFIENlcnRpZmljYXRl
+IFRlc3Q0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyr8rZVD36q04
+FE0+YBnLiq3ad6FjrlscY2OK0okCydYweqD0c4RT+Pzsx4zOFl+89xzFMN4JRgzz
+W7+vnHR/rjnZMytEjN2k2ogy69ngXOgM3HzQGKCdqki9avl/Nn2vyE8+9pi8GCVj
+TRfEG2HMArmx3PP3QiRjrRmelJxSY/FLlZvTVHj2gAWYAzmBiCeYCl+qR9HxSnss
+JXA/TQb5aNgMb5L339Lk7Y7YT5mxVQ8xKMutTTpVtz3GfxEHQgo6agYxgiIa8bMV
+IkE8p0fG2ZRfYwLhwYy87F9JEIj2ym+Z/0Ooepew2niiFMqxVtQIVslUVLtL/xod
+uiktM6x3vQIDAQABo4GjMIGgMB8GA1UdIwQYMBaAFBEwc72NcCiC0m/P0jftzesj
+kdvvMB0GA1UdDgQWBBStvK477w0iNyKZRRE+EwqQgnHVjjAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDUGA1UdHwQuMCwwKqAooSYwJAYD
+VQQDEx1DUkwxIG9mIGRpc3RyaWJ1dGlvblBvaW50MSBDQTANBgkqhkiG9w0BAQsF
+AAOCAQEAlivKj2rplK0uUXRMFJD9MHMBLpL35+UHCR37N0oX9VFLiTff3cCoMfkE
+0Dt/8uJk/N6dQI8n3vIYRH9CKiOIvfHudpFNSAM6LD9rGbIsmYADib3mXE2vVhcB
++edYLI7Qcd0IWXiQYsXAmwJuZfWn/KZTwFlkUVfMDUDOwFBSDIDTmISGZwoh0EUN
+t0ZTUYFUSCliBzQcS54tJOY1gnV4P0eAr946u3Wx2sMTKbZ8wGeKNzkuMYeGYp8l
+3JNoV6p2Oa6zVi+tHf3tckTToZhykiR6LtRcpGGiOGbTIIcdcmPZaf/LUfKgIqyP
+dsaeo0Fk2JlJ6/biR2C0pYMtN/hIfg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0F 9E 09 91 9F 0F 27 AB AD C8 5D 0D 95 BF 42 64 0F 13 D1 F4 
+    friendlyName: Valid distributionPoint Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,02924E6CEF2362C8
+
+iZyvq7fQJC1gqwi+TzhvSaaAp7cahIAGNyaN3BK2qsuorwMELmLp5vci1FocVpqC
+nJcNKQYvDWGooz4PMDU6GihwexEWMlAoVDGTO+obq4aAjahK68CzqGzROPobnMxs
+SNL2E5geSuF1dU1pE89hadMY35n1sOQtvWqrgaUqmPDcwaCPWGEV1xMH09lJ9/WM
+mV6L6KZPX9be+pXDkhrsZ1E6VwIV/cHkdmDpnhzXuErGHMQlPJqg5j0nI7wXliuU
+XSPiDsladyNIaJAkNHKzjDON9+rsRcAYvQytZ1ANiBAGmY6QXyxlOiro3rHeS6vl
+JVYK8pM5+EhOLJci1BAAc0se2Tvl7OXZIJuBwecvEiTnwCZsgNkJxNvbms3jdbf6
+58GETQCcJO1QJGUdnylELNjZIf1+PP5xCkP/2dAGdYZoN44P5tPstSAAv4uk7a8Z
+NfRgQubt0vovK+EDAh7szn5sMysNgsYYw137qFctYzDy7Go7jDizdZzGV+2/3F/Z
+Pwh0FsLaMjsApxJo5JtuHDOvADf0D66hpzb2HlOOmZ1t6HIxAjbsb4TwV7ATLHc7
+kyo+YLvSXOMN5Ma+4FwBPcMIf8PFtUQDT0KO16JlDtA1GXrbMkRmhvHd2oqU/bYZ
+9Yd21RFaoDOHtaWTXdriMYNcuzdU4E4x7vryqNU7lgxsqLZzShjpHLscTv1mPDMw
+SEe7qQAXfZO8h/qDaPw3PqLInaSeC7QbrBBwtHKsS8kzwgCassuVtLHHGVlRz1ee
+WGuY2MIGMmuHi0bN3IAWffYaAcf9/SEe7y4e+huHepU9HWg8bMZVy/mJS6LuRSEk
+kP/FNlJlMXujsed6NFToB3nNrWF/OZhq+9BrAl6KTMQ3isfGvDmYqw1MfGs+NAwX
+TYsV7F485MHc6dHc1ekJKp1K9n9SrWeT6yL1FNt3radujiWysy4giIsCs33kIqyt
+gyX7oYeprTvqVI0ajwJbVAWI8s7vR/LzR1kwK5El94e8tmpFiuQafBkap3EPs0qE
+/NyMIyneB4Znkn8mAexcMwxQZJrwFd0nmySjUqOl1t0bwX688eW0+EnRuohS83fT
+w48gKgZNEgDdwsOgq3TG8Co03OZbQVwf/lKBFaeFYQ5ml2ZwwuZ+shocufSMQDEW
+DsbD97FodlJeEAdXRDTg7BoCDtrntMnzfXnDButUT94+gTCr30ymyyaGajVE4LNh
+6h/rgdE8qVrsl8JX+8WNsOnCFrOBBV7IoqoUn2+g8eFJrxrjzB//R5Bmk8Wp9NiC
+Er3eBcInY9ySEKaWfaDzUjSoTKm+PRz+q0Zlh5+7RSWZWqpJMX5pKRmXM26f1YCK
+KmGDhg8sCSrqBa4MMteFun3E2Q4PwRODHuprrHg7EzcAm14C4W9R096HDGr2vEV7
+X9LqEKkF42FHLVumGLmOOtHnfx091XDD7v+1zCSbJH7HfNcKfzZNgNXztwRRdT4W
+6i7b6+omPIDSUMaC+UDFI/DEGL9yzql2JKcaYPO/tKkD6Pl1+QOxjOi032W93CYn
+v+Rs1ewQxvnAXEhPTdLploM6w0GgelUvbJiYCYgc5LrLuAygaRUQSS6KhEg9rC5E
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5.pem
deleted file mode 100644
index ef20fec499..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z
-XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna
-SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK
-u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd
-uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i
-8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA
-p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF
-nhKgwK6jkVuYAf9HHtVh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid distributionPoint EE Certificate Test5
-issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALIdJpgRzxOKTnCCaASeNoi7icWn2JXA
-bBhMylWHT4WIl7sKHk5BkXh5iSMq81bPtotaxeZ+Ws8HGeZfJkZi3Ea/lo6bRPIp
-XLWXT9bEppiXcWEsQjM1OYGfiqAsPqHLQYmx3QlNndM4/lkMpXScaPwVUH5y1dbF
-oPNUrRztB7TpAgMBAAGjgaMwgaAwHwYDVR0jBBgwFoAUOjSLBeN2WFjEhwSYfX4d
-jKxduU4wHQYDVR0OBBYEFPcg5CWLrv8FdA/4HseZ3PWB0ri3MA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwNQYDVR0fBC4wLDAqoCihJjAk
-BgNVBAMTHUNSTDEgb2YgZGlzdHJpYnV0aW9uUG9pbnQyIENBMA0GCSqGSIb3DQEB
-BQUAA4GBABOac3w495YGcjA+gy3vEom/LJkN4/GNBM/n4qqPQSBLDfO9llCa+Ocg
-MeRH/D/CyKU7r767Zx5WsPTRtu8hysZQF/B2QMg7wrt4iJxD2VLl1gDrWSgIFEYL
-gmkFWj4cnUEWa3yxc+WoAYbFMCp10pGsfIpttb0KqIUYHGBSBNdX
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0*.(.&0$..U....CRL1 of distributionPoint2 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f:
-        e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0:
-        1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e:
-        ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06:
-        bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3:
-        fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95:
-        a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad:
-        d9:03
------BEGIN X509 CRL-----
-MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY
-xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE
-AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD
-gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis
-MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6
-OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5EE.pem
new file mode 100644
index 0000000000..2ce99c5cbf
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: E9 C5 29 E5 92 23 E7 76 AD F6 A8 06 0B 02 C1 A1 7D B3 D0 6E 
+    friendlyName: Valid distributionPoint Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid distributionPoint EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIGRpc3RyaWJ1dGlvblBvaW50IEVFIENlcnRpZmljYXRl
+IFRlc3Q1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocgvAWF32zRU
+CqGI+DvQpWf+IU/MzpIJw0N2yTC9n5RQqepLfHbOu+s9ZEbxs+42KxsbXktapPgO
+yd6z/2M2gxyK4lKH3a1+iAf5hoPMyiYM3/Fp+GttKrlbWyXnFMx+0l2v5U5NIFl9
+sSoS9SxpVMtCHp8n67+fwKLHmZuvqIwezeqDGs/NWsWyq169Q3IIZ+W8mXIsQr94
+1Gs7NgbQ1wItpyHsfGQlcqT93WCloAQvdLikIISCCJhH1/SGZ2sYxWw9cjxP7Qh1
+VNobUSTq45voboe/Q1ccqnpfnFCnnEdepHPSM1an91U3w5PJXSarMloiyXUFsxhq
+HZfbIcK19QIDAQABo4GjMIGgMB8GA1UdIwQYMBaAFERs7ttvf+tOSX94/s3lGKDs
+u2BrMB0GA1UdDgQWBBRKg0dQhxSRE2yTyIuHCUD6gvgVITAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDUGA1UdHwQuMCwwKqAooSYwJAYD
+VQQDEx1DUkwxIG9mIGRpc3RyaWJ1dGlvblBvaW50MiBDQTANBgkqhkiG9w0BAQsF
+AAOCAQEAfBLVqAitbExsjyJN00xcHbpcOUeLsGlcqODdse3hqUWBCGYVSbldGMsb
+X92XvNJuxg9eIXGRFywfr7WaWMhmUE9suOOF4amhS6PySHI+3nRTjiSuSpr6Flsm
+QBy6V8E0GhicUd7gQKjnmX/bngtuLrxDmT0J3KR90K35EDUBHMWj6xtgofMVUKGK
+DtPWB0pLklYStJgEJnbKaaOjO25yE58hxHxMwLRzs+yLJORA9m4eZa4PiGQ876oc
+hWlb5rgAhkEpCva3aQL4bU7LfHWteWHlOcL8YJxPQWReBizEk9G9A1jjRoMzHNGc
++RPY8p7JErINu/F/bY8WhuulVYdYrQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E9 C5 29 E5 92 23 E7 76 AD F6 A8 06 0B 02 C1 A1 7D B3 D0 6E 
+    friendlyName: Valid distributionPoint Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EC0796A18C4A9208
+
+cRBX4eAQ1ocSls58fvv7ns7yXjuLx027m2P5E4VUodsjirJnMrz08Rl7NvpqP3bF
+uRNmrLEHh51rzxof2/Xz70n+gsjvH18AJEprTI2jWwdGU5CRKuFndaWreR6Utnt/
+O0yGfYeYU6n8OUllg+iatMqXignwUtssC8kwmHkr0JL9u2UVWlJtTXAN3ZQcAn1n
+c/iEd/q8CsT1D66zKiNsXa6HtAtLb9KzA3w746cJCv0867BTym65VdIU7Z0dfzyE
+V6TLeKpU9u+p3D34ukjtn2APVeOMI+L8zSgs3/nbL1/jXWG7Wig30HvnEiwf+bHk
+uvu3YFZ57+U+yV2QwUx0H0PgIR0AIgqo5jyWyHsw1Y9kVWS9JdTf9CDJcdYM3Smo
+7lCZy+hemLXYODpmDGdtmeafKiCcBnkj8MMwUyE0fQdK+HhK9S1rIWv4SpVLgRjl
+62+e24ruvNm/GWtwTitLiFkuCaInIY0PmAEXKy0COGmuK12doGfvFEnCqjhSAkF2
+xdD5u1y3iIZPoD1ffUBzO9wzrC+0HnXH7lIkefKg5tQ6a6mkJYwsbPkb3v3q1jga
+uTIG1oSCng/IHJsMIvZqB0/ZXLwqiLRaNxyr6Nvoi0pQfRaEsgK39D0MyGupTPqF
+ouRJBovbzUp/Iz7duxM3gsQ/sr/qXy7pxZbDOfP6R6k0LE1pPqN5X7CJ0PJlIVam
+w7wcFN5TVBqLsdKie4JaR6w9VFK5129ZTSH52FZIRWhCTdwFBXBPahpa30NYVlXm
+vMe4912HPlK7+/yLSrrmofYaBo0esF4VD7dXtKRotGb4pBnw/aDkbtDo/NVI6Yp0
+/LMrYIdm9JQCmC0YrzobxABVYE3rjJKScjFL7uZDpoa1eiI+AMAUmapQphWnR5Bj
+GAVeURKYBqexzeXYhULGkmbMT0uqEiRPq5ciW3NjLCoNdGZD+1hXvQfACUbCpTd2
+anXjNZCOVVsQE5LC2Tq1VntW1AQ2FcHRUrXQtR9tf59AkoR/wWkK67AbjbHfrPxI
+KxTfhjYK6ENq/UuNc2PpFT6RJbM/ByVdeQZMmpsgkJRwYR4btVrmb1yHcU2dEf1g
+xdM7fGo09GALgferFuadvfq9iyNs40yjIbPD9qpq4tfNSpcaRH9gKphwtjpWUm1L
+PCRslk/LdejYd45dW8tBu0MY4NkthyNQCe+4b3cjQyBR/9WRwanoz0hzrMX321uF
+ya0bj+8wjK0aCcavT+gJIBwN/mP1FT0+UsWy0fN1u+sA4BkPtzOHfqLya6YA/gzP
+SXYZM4PhZb+643ujmkJP1SYqw10rDUq1pADP9xdpT8pkmBkCzfi35PQENzcvUngg
+sEeIY54VMr8pFfTyTUjuMNyR3lw0tVMdxMg3eIv4DvVhJ1/R2XS4O8d4xllt5X8N
+6gQGU3f7NZDlZTyIHwCxRFjRlEnTcUCaspu6N2LRqRYAS1VquoUXWQBKZQxGLsIV
+weL/ZdGTZ8Marrw/+QW0QhJaU4wO0WtQxylftd+vkyan0VAYJ/wRDZ2RS6WIVKYP
+ojVhkaeqxbJ2S9vmbMn4SrYDvAMUxbuRUP7XjXcMqpQ7Fg3R+a9vU8xIiCPWs53r
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7.pem
deleted file mode 100644
index 47a6d35e13..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7.pem
+++ /dev/null
@@ -1,120 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z
-XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna
-SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK
-u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd
-uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i
-8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA
-p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF
-nhKgwK6jkVuYAf9HHtVh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid distributionPoint EE Certificate Test7
-issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA
------BEGIN CERTIFICATE-----
-MIIDEzCCAnygAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALJkqBgeil9P1aDGKnKT8h4pjVxykFCh
-VM/tAU8+60Q16CRQ9Bt/7EPt0Qt/mRgxeP51SDX2Sw37dE2Y6aTbGufnxaQbYQIr
-Xt4tEbUHKCx5cTIkR+rQh14970HAccLfsu8j21u+852qqsnXm1liCdwTw20NwfO/
-avIK1efcgtyvAgMBAAGjgfMwgfAwHwYDVR0jBBgwFoAUOjSLBeN2WFjEhwSYfX4d
-jKxduU4wHQYDVR0OBBYEFJFcO0xfyRIlKoio1BzAWLtkBu01MA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwgYQGA1UdHwR9MHsweaB3oHWk
-czBxMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAc
-BgNVBAsTFWRpc3RyaWJ1dGlvblBvaW50MiBDQTEmMCQGA1UEAxMdQ1JMMSBvZiBk
-aXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQADgYEAOPu/fA1dLP+t
-SF2JNufkHRN+2SvhsqtuOTvh/uFByRS+H2bLFMaB2IJQwkCidQ53kf8LNb6iNRtj
-hjVosG5KpEvqx70cRcUSp15fcdMDrjz2tAgiq58Eq/8DgYa+ml+CVRBx1Y6KHsyn
-eeXXuCv+DmdYkhXefbSyXe2lUsCiuR0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0*.(.&0$..U....CRL1 of distributionPoint2 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f:
-        e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0:
-        1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e:
-        ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06:
-        bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3:
-        fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95:
-        a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad:
-        d9:03
------BEGIN X509 CRL-----
-MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY
-xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE
-AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD
-gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis
-MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6
-OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7EE.pem
new file mode 100644
index 0000000000..ba308d9054
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 25 9F FC 85 A2 6D 0E 82 9F 26 F7 21 2E 2A 5E CC 14 A9 F8 58 
+    friendlyName: Valid distributionPoint Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid distributionPoint EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+-----BEGIN CERTIFICATE-----
+MIIEKTCCAxGgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIGRpc3RyaWJ1dGlvblBvaW50IEVFIENlcnRpZmljYXRl
+IFRlc3Q3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhy1vplMFbpz
+ccU9FYtMZkobOoPsE4uf0s8UoML/tgHDsnzk0hsZPzrgkDwd5a5U5rXrt83S0ZZB
+hfcr4a2vgc5n8xtUB3hBI4++M4t6W6pu4YuHdxNZxLJNxzD6JXXzs42t5dTH+Ryo
+wgcfIsTkrMgaIw7gYV9cEoIVxVnqd5AY7qBmM2vN/DsgTaV4uju+XRhXiPcdpf0B
+j6+nDFoP2jrwHvrC5t4BcPfMMUfz316kt1DWnxcRlYp1mec6D2FHnGvVmpBXKU4O
+JzsjSXirlBrpS945LYxHLPwdRDvblL2JahjUKgKHWEZYOGp/UCdK09s+ikIb6P+R
+iJpz0t9/EQIDAQABo4H6MIH3MB8GA1UdIwQYMBaAFERs7ttvf+tOSX94/s3lGKDs
+u2BrMB0GA1UdDgQWBBQgeJBnu2Gwake3G5H9oG+TMcj37DAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGLBgNVHR8EgYMwgYAwfqB8oHqk
+eDB2MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEeMBwGA1UECxMVZGlzdHJpYnV0aW9uUG9pbnQyIENBMSYwJAYDVQQDEx1DUkwx
+IG9mIGRpc3RyaWJ1dGlvblBvaW50MiBDQTANBgkqhkiG9w0BAQsFAAOCAQEAWi8g
+5HeE4pN40JTyl1xf2WD2d0Rp+EGRPBRT6JsA0Z2ajrVWJg/Dpqj12PgQqbCY6fd6
+e3DSzJgezXAOFIdaXNRWtt6bOYVEoZT80/Uszv5inEmYBWJYoJHaHClDR+I8Jxy7
+lVsuR5qsD6QPiqJYXSQMOdQapZdAZvXA8ZH67mhY6AFP+1E79WBcEwWuqY0CxH4l
+QAPiIGH0hHYiwkU2AIAQt9X6DzpgvpFQwbgrtM1LSlQAYPftilG3KV0RMV9PEBiV
+z+ojLzhK21j7upjcgJn5HKGUUTOSQ+e1FjxLYAURF1Q8+BvOPOjpYbzQlA0b0FON
+3hjOfuXfei/6htb8bg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 25 9F FC 85 A2 6D 0E 82 9F 26 F7 21 2E 2A 5E CC 14 A9 F8 58 
+    friendlyName: Valid distributionPoint Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,12D6324C6E746FA4
+
+rj3/7o3RRUBDRfJnS4bVr3DSNqpBvjuWo00w0UAAAwrs51AkZSjy31TsZ3NOclBq
+ztXMvKZfLBQ39EZFOYL0riCx+QR1/UPbS52QfypDgq2RggTPAiKIxVMgw73S3pnT
+EH6RfYv3AegwIFXpu7VCPSxe/w1t5gJZgWQD/VVZy2SYhfDniZ4d6B5IOQUd4UVi
+1Ltd9YbJfOPfBMbEmv4q8TZtTTNOgSY/K3WfAGq6M2IeyNqKTQCANUs+wuJz6+Tq
+sw/7cVt2/sm+gUrpdP+dbCdM+T21MJBHFKhIG+P0V6OPHwtq14up1k98Ls+Ax7dA
+I1o5KOXbLwDUx5PooKlI4AYYVWIoFc8CQRsMUxmOQ0b8pplIxcgDg1Fgx6s85pug
+QQ206UbqzzwewMrvD6rqEI8RaHju82b7FzyQ9xdLsXyTdxoYMwyTMNino8JLwqOI
+wrwibtbNIP7q+WPaBIFoZuPAnqrCOYBn7yf5qnmWnLM9dpVabofFvE8ZcbDfFJ+s
+gGJ1A01+rOginQSRK7qW8x/23E6DKOk/4hUASzmKK49XhLnJtt+lCt3KZ8W0NhQF
+AIuwTY/BPvAdJ3J8EB7RVC2E/8a8FuqzvDUBmDknl6iSW2clSN4QnuyRyO6hLZ+W
+zlrf8IUV04RbPPUH/QLeasnMNAjvzEgk617ShEzUZLkXTXWJD2vDLV9EYQ9IENSk
+PKjhgZ4pvlFIjVc0aR4jDG388sgMDDkw2aAEss48u3E4fatNtQHEHG0yBS6VpIPr
+GyVjuzpSkHONpGcDEjmIpcycP58kn1AFKxoPjA0PvRTPlGc/0Vfx0Kz0g39+XDTY
+bI+kbFEpwdzKKXnZ8svBmbX+y7IxYjt+iWFoiGLQBK3PsE8jXn2DfD/KNnNJECLb
+mYNnrvm/DptGtqqgMIPW1npFj3pYBlULuMPR+nXTAKkmpKMjM38X0zOuZHgGDeaU
+tWly7gfT1y1vJQRScVT0yFXGIUS+kCfI7eGN080CIbNIT/fUVZkUeVj+M8W6kdbC
+6aL3FWaxHjSQ76Il39szxq1s3EjCYltzXpEUdNTF5QHj3C4VqxM1fH+p9BmETUE0
+38NVtBPLpJ9/mKIVU5PRdsclPKTX9nVd9aijA373hWGxYY8+ZlCoLt0ICShqTGU5
+1OKfuMIenONKAl1yyMNSLWNtd5cjnUtrWUUv/MO8kN7lcvhAtF+UOGPI4Ou3+gVN
+j6hGjB0crzDtfkZvhYfnw7V31M6DAcEaJ2uIOFYCekaDQSpY9UTemAgWZroU7Ljr
+472d9hnILmAHMk5a7WQH7d7nBIoRdwaM6xV/Kek8xMR84aB8SxSe/viURAsRuAwm
+fqA4NY2ZWCzDsr8uyf3HnoGsEzU3hein3VyfCJ4JkE3XxrxQbAH08aBAuhPYezVb
+Uj0yD+X6WjxMO5HXF/MrES8Bw5ziC+Mc+SN3KyThQ7KOiBYWJsqd9UIJa/vZQAyG
+tS9jGifuG1XpbdTlrr/ZBwxrPLgEVXjm3jQaWxSm4qI+hoRGhia+pjinc4ctvyFT
+rt93DRX7l9BLKjl1XsKF1gkwR+kFRGg46gc2cA5JGVlGrrfEMjJt0wIvSzFQyWyI
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2.pem
deleted file mode 100644
index eff7ceaf28..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid inhibitAnyPolicy EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kwIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXzELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTQwMgYDVQQDEytW
-YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRlc3QyMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8K1Na64KAEx4DG90CIYdXjn9QXftZ/JmM
-hJ7HZotijcxTLAJ3Sz0718AcEoSXtaXQlkw/PDRF6WOd0BjcLM6qzWEkQTWBWyW2
-EOBRbJ8UY8XRijBsOG7ay1rZEV4bomd/6xnNG6TznXujwmBXQZDp2Voyil8OgJiv
-uf+gY0BrnQIDAQABo3MwcTAfBgNVHSMEGDAWgBSdQJhgCObI/VzR2C8L6gDsGkUG
-zzAdBgNVHQ4EFgQUutY+X7TkU+FzLalrhov3rioWEiYwDgYDVR0PAQH/BAQDAgTw
-MB8GA1UdIAQYMBYwBgYEVR0gADAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUA
-A4GBAK2mBSjdik46DSR2Cn9O53Wk3uL54jZEHmH1jLi8eD7zxOU8eE23HWch+P9w
-swVaUJ4SqZfrgpV4+IJ72AMPGXKnAEn633uoNXbe8KFErSzMe3p+fFI4iKt2tMdG
-yPprehhYqGlG4KK5IHzgqcsfYZc989GcPE+Z679GnioPK8Mk
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBOzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTAgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALXCzoaXAEbX
-pgMPDk3SCu2nzrt+I18MsI4lg/0oLjQAgPsD0np8LOGHMzo3UBtfJtpV0BXCc+E+
-+Ni+ehXFWfA4BXjFc3GdUdJmn7y3F9X7XSIauTE1GSYR2+bMW/IRbmjpMDzldmRs
-WNb40N+jWAxw1h+YN61Pv0MD7Ef2ds0NAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJ1AmGAI5sj9XNHYLwvqAOwa
-RQbPMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEAMA0GCSqG
-SIb3DQEBBQUAA4GBALhhUDb9VolIM2bKpbpat4dNjGrkOmVT/HvGBl+FGwSXa7Mj
-cLgZ3WygZ9gil3l7X+wL7lM9zKpXljV5WNpX+58RclQ2kK7Yk4qcY0tpPEUn8R4/
-9yg64Nferl/2gn9W79ODU3BiBFF/GiAJJ4SiwvLWl/JnPDoQuJv67IS24+Oa
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:40:98:60:08:E6:C8:FD:5C:D1:D8:2F:0B:EA:00:EC:1A:45:06:CF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        60:ab:a2:8a:e3:22:04:cb:95:4a:c5:ca:68:46:70:0a:d0:31:
-        b0:98:cc:ad:4b:23:8c:3e:fc:b4:c7:7a:93:0d:6a:31:68:c4:
-        ff:30:37:7b:5c:48:01:6d:e1:85:f7:d0:9b:73:53:ca:62:36:
-        00:5c:29:c8:af:a6:40:62:d5:f5:af:32:a9:4a:b6:a2:a7:0b:
-        cb:bb:72:2e:3e:0b:77:64:17:8d:2d:59:2f:fc:cf:2f:1f:a6:
-        77:83:9a:7c:68:b0:15:f6:5a:63:67:74:b2:3a:fa:74:b8:d3:
-        a9:70:e6:87:04:bc:4c:79:ef:c8:b4:31:70:17:ae:f3:ef:ae:
-        7a:3b
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kw
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBSdQJhgCObI/VzR2C8L6gDsGkUGzzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBgq6KK4yIEy5VKxcpoRnAK0DGwmMytSyOMPvy0x3qTDWoxaMT/MDd7XEgB
-beGF99Cbc1PKYjYAXCnIr6ZAYtX1rzKpSraipwvLu3IuPgt3ZBeNLVkv/M8vH6Z3
-g5p8aLAV9lpjZ3SyOvp0uNOpcOaHBLxMee/ItDFwF67z7656Ow==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2EE.pem
new file mode 100644
index 0000000000..9f14a19756
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: FF 5C 76 C5 E6 D7 F8 0E C8 19 F0 BA BB F8 A1 69 CC EA 4F 11 
+    friendlyName: Valid inhibitAnyPolicy Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid inhibitAnyPolicy EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy0 CA
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTAgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBk
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE0
+MDIGA1UEAxMrVmFsaWQgaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvWJ2NltVcIqG8R
+Gd6aAaTkV74OHh22qqq5VisygSWOraY+e/kZzgnHexceST9oUvWxJ210DYysc8E8
+NQsMEQRhJiy0vK2Pweb2q2Uv/DPpelT9Gzx3CuEuxvUvOY7EMYqsTkWkcvCbxJ0i
+/fYxmUJgsb+tdWuggcp1DV6UR1YVZFwFuzwFR6U3NxhkSKh1Aqpeg3rvO9igxaIe
+1KWuNKXb8GsQREEKOxXdRK21wrm7TSq4uhpyTbHb2GjhtAAKb/fiOtfWjibEhANg
+Xd9kxjSYI4npbisd+yYo45gXEDoqFTtxz6YPtR7+dzgVKxOE/Xc+PtXIl/0AT60Q
+Rdqsz/MCAwEAAaNzMHEwHwYDVR0jBBgwFoAUGKCgemr/ap2FgiTNwyaF+L+KNwYw
+HQYDVR0OBBYEFM7BJgyfyIp3q6sZiSd0E+VdkSzKMA4GA1UdDwEB/wQEAwIE8DAf
+BgNVHSAEGDAWMAYGBFUdIAAwDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOC
+AQEAn87EWhrmPNMFRrFS2VTSXUb/3OPnx1eLB918Vo+KY5fwcDGO8WuhxFsszju0
+BShfZnrwj7/Hrc/UdmPbk6RrPq5BMsmpLMwiqpxjqqN7J5C81cXvK2f7V4UX8sVc
+OriHWK8Vt6dEk0CN6Rt2AkkUE+7LrOS92hhLU5Opzyue3ZW6JPLfuk0uER2hKt3r
+POm96ZMVxNH0QAmZUQK03IqzGr+UigLgQA78Kc7qOYqTVc9JGuwu0F+e25h0L83W
+xRYW+BjGWRUfL7Y0uwylS772ZWLNBRac2mrniZJZNIzzr92Bwt5R4w0ZR6cB+C/S
+qN7XKYDdE6V9nwrJt5Wum031lw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FF 5C 76 C5 E6 D7 F8 0E C8 19 F0 BA BB F8 A1 69 CC EA 4F 11 
+    friendlyName: Valid inhibitAnyPolicy Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1A41BC0974CE034B
+
+gj9OGMPqVjkXcx6+XB9wKtnrs6R0hPYfYyncPTCzWCD4Y8e6yw2TKIEg7nXNQZOB
+hJZyH/I1Dat1LY/lVcF4kauf7546QEwL9m0IW6chsfRJZVt/AQN85zeM6bjidDBX
+H9fK1a0zs+x9btpbqdTRpIsOakUOnB9W0FCAdc6uYxrQ+yyoUXuqvuIMa4H08h19
+qGc3q+3mIpVwvJNO55k9lv2mUxaqSTIyTxm51TtXesKBmTVRUQB+zwsLA4IQPybO
+lGmxFkUzDJo/Sj/1taeDD+Fi0lr5Tz/VssgLJpEQ+CQzENbqpinS7DHFM7GwTwQy
+BhW3Fc2Uof3SU5FSuluJxAdUZuCN2nHZws+sQ7yfqG1M3UndJI67SOE949hP+tg2
+RA5jCQwMYbmkZKiBm9c+fwpHPVglN3KUjkE9wquqJg//VDPkDLVLnTooleNQ5Trb
+5dfM1ZJQA8Yar+yXNUOygiqi6wXwYuxceiFNMlLdi7I8UF/qFo2KiLvUC2lAQ5uU
+YuhI6X2iuuIhZiJqdX4B9Yc6Ha+MojIyfrYHF1haeZogk1GFmVqZdcoIqw/k6cqy
+lkOsRNdTYCaBJYdd0BuJp5wkhsRaAY+TccKa5HFyr+iPG7uif3LlhUWyxEF29/2I
+OdcK9orPTeQIS8mydbdlyo3x3dLs8bF2Ve6O2sXjovXhYAa/Ls5zH2SyjffWhr8w
+OuvzTaeK4ZLVuB/mK67V1giyfRgsj6tJymdxydqMGbunepzK664KDXp04lgnnkfQ
+THZpcVC+/bQeH+tPSEYk5/sQZS5SzABF4ILWiropxdxf5hNnDuiKMu/PaHYO026n
+yIuasY6H5Cl7JG8494ZG43H1D9WEu7ZQkLgLALduCoHVmx/746e+Y93XDvpnzjcm
+BlWslVdKL6SoqRlgz4QuzvZIeH1z8E01wJAGMjzb3nN9UgJ6pJtcR5FZZJ2rDUX/
+/CwE0bPiJHYwClggxHlPMUCCL2fzIOS/UBO1GVa00KEE5e5mJQlAV08uEDIeIsVX
+y4yXsae/fwsQ+lwxf2jKWdePI6pJ60BLm3ees+wb/UidegKfa7Eb1MFDHQDw6Kl0
+zSui/xU1RKpI7fsmpoqDSP7rAyIyMdJCgi8vK+Hx7vYHZPMh4vBKyHX3d2rsMvvX
+vskZsm033TXG3Jm/9umq6nG83YwBKWojxO1d/PFWJgwjVh+zV3KnJuDI5yojsBfY
+hC7VCGBfH0dE+ICRU9lo+xmgtKGnphYp+DyOAgdld4/d5OJxxdY+dfIkUDgdSA8O
+yAfn0Y8UQ1gWIvyaDPA69FkmFDSnhefejj4IsMVNa8daYlMS2wzKqvMNBkD5eaxY
+yHphFOhHLU1nYN0d1msrPqc6nfXkvMZiPxs5G2Y46px4ZZQ3HUEg9RY+YfHtOyZC
+jYWxwNYr30YfzqSZjn3LWAEox9f2FEu6tjv/Wv2xkukNQTy2FwUPa1dxU3uk82tZ
+AdqQhR7JZ7o9AeHn6YimUMMf2XxAfJNZm9p6bASUzmddodqE40D5+tvcqb0ySg5o
+qIAg1/BbFcXPhdGaGrH2WfkH4WcToCo5D4diL4c6jDmbZnYDesWDB00omwMhwfl3
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2.pem
deleted file mode 100644
index c9e23ce0b8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2.pem
+++ /dev/null
@@ -1,162 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid inhibitPolicyMapping EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBjMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-ODA2BgNVBAMTL1ZhbGlkIGluaGliaXRQb2xpY3lNYXBwaW5nIEVFIENlcnRpZmlj
-YXRlIFRlc3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZweShwVjs1qka
-nqPGQOLGlctQ3TXgy/mxMNF5iCtHOwRF1KCW1OU9KloQ3r6+OfgzcZN+flBVpI3e
-jyjOMjfcTTb30YkOQneX5WBmDbG0hNh6eMeguoRuUhkdFGqXR/vCRpMZm54bw85o
-6PrFmUwLluXwBGGzX7qaD0h2mpzycQIDAQABo2swaTAfBgNVHSMEGDAWgBQXeoow
-BvbqXDZADa7Yn7+5vYLMUjAdBgNVHQ4EFgQUGa+XGGh0cFuvb54Rblg0NuJV0T4w
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAzANBgkqhkiG
-9w0BAQUFAAOBgQCtpBN+M2QdihGfroUS+K93c6X4n5STm0IwsSvGEpOHX2tjLKqr
-WGurbAH8XvIJEsO4wlA6NOHbFEYmSYX1otlMNDKu3vQVTDEB7RJWA04YsUuS4BNA
-B+scXAJEWbvQdkoGh5U+aOmX8yST+HWIbW6XgKQmA3qiO4LsJgdmEDB8xw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpjCCAg+gAwIBAgIBODANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-s4T6CQeTrbqUSlSczfx8iMSRK4ip9F4liS7giqCrZeZYEuP+/XoRZKzqmT3G+io6
-zcenL7cegP9DJnTNuZ1nHEoeJTlhQZq00PD1n33OMK0zhMIirByYBpabztuw1dJ0
-MKKcRzJ1AswgccI8seh2W1FXdFo/vGkDOkcD21Se0XUCAwEAAaOBnzCBnDAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUj3Ywg1+jhUuQ
-FB4GBHs3AQUgJmYwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUD
-AgEwATAMBgpghkgBZQMCATACMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgw
-BoABAIEBATANBgkqhkiG9w0BAQUFAAOBgQCXSeQ5mEkpmqCHstAZJbAGVSNrj3ka
-eA0k2v+n7vDeZ+9F8bByDiBBz3RMTqmdZxQ6zroOPsw66HLxv5D7oJImbhyvFrnN
-uxPGh8hvvP67N7UT9cM0RAoIQHmoI+3+o9cqOnTIJWXXPyq5q08yTrUt1lzFyrcK
-wGB7PyQXRRDWjA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
------BEGIN CERTIFICATE-----
-MIIC5zCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAMX6LszkJcSryGVxfI4egJDv3zFztB0M+jGHKEc8
-uPkbpVlPSjM2LWqUOks/C1q34lfaC6J5O+V3/DmN7GjLpJmdjBDn7k/aqGeE7XHR
-Wns707M/rcEWxPP/ErMQNIsqSkvy92GtwuaG7wsY4a+KyB0YCdqikJr6oK2Cvhwf
-LmC1AgMBAAGjgc0wgcowHwYDVR0jBBgwFoAUj3Ywg1+jhUuQFB4GBHs3AQUgJmYw
-HQYDVR0OBBYEFBd6ijAG9upcNkANrtifv7m9gsxSMA4GA1UdDwEB/wQEAwIBBjAl
-BgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBABgNVHSEBAf8E
-NjA0MBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAgYKYIZI
-AWUDAgEwBDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAE3ZflJR
-6b/Pwip7bO1ZIkiym+8uTzlT5nx3CF4P5Yyhje4VKVqoAOdljbZoaL5x1Zdd733W
-MxbQk/QP+wziLjZJlnqX+lSxg4wUiSU6mGtDJ1rPwMsbiiVBld7iP5JhFAWoTg0b
-XJ0ZSTHABPtNeMg2desSHwfh2I5WtX3hpXwE
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8F:76:30:83:5F:A3:85:4B:90:14:1E:06:04:7B:37:01:05:20:26:66
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1f:20:b6:9f:f6:68:a0:22:5f:24:73:c0:ac:bc:8b:05:86:58:
-        7b:97:ad:38:8e:70:61:7c:17:9d:38:21:06:0a:72:b5:41:3c:
-        b6:9a:93:77:6f:e3:15:e6:06:74:67:90:b1:95:56:f2:be:52:
-        21:6a:de:f7:bf:d9:2c:12:11:9d:dc:f9:ba:46:f9:92:24:75:
-        ef:83:af:a2:8b:3a:79:da:ca:c5:72:a4:7b:19:e1:a2:f7:02:
-        18:92:eb:a6:1b:74:bc:ba:62:51:d6:9f:69:af:20:34:3d:43:
-        08:e7:15:da:75:79:b7:81:6e:ae:95:08:cb:7d:e0:3a:50:7e:
-        c1:7e
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEFICZmMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAB8gtp/2aKAiXyRzwKy8iwWGWHuXrTiOcGF8F504IQYKcrVB
-PLaak3dv4xXmBnRnkLGVVvK+UiFq3ve/2SwSEZ3c+bpG+ZIkde+Dr6KLOnnaysVy
-pHsZ4aL3AhiS66YbdLy6YlHWn2mvIDQ9QwjnFdp1ebeBbq6VCMt94DpQfsF+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:17:7A:8A:30:06:F6:EA:5C:36:40:0D:AE:D8:9F:BF:B9:BD:82:CC:52
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        01:73:17:d4:24:e8:3a:79:6d:9c:a4:96:74:fd:60:fa:65:82:
-        c6:0a:26:9c:64:d6:f8:c5:01:8e:ce:70:b2:a4:1a:a0:1c:41:
-        df:1e:a2:36:1b:4f:2d:56:6f:ef:e2:fb:e7:84:d3:aa:0c:08:
-        04:44:67:57:88:8b:34:b1:74:8c:57:96:9b:e2:b7:dc:2e:d4:
-        a3:05:41:bb:24:fa:be:2c:a4:cf:be:0a:aa:8d:64:ff:6f:ee:
-        e1:24:c8:06:8e:15:fb:fd:19:fe:92:d6:55:84:ae:71:58:2c:
-        6a:65:53:34:39:20:43:1a:5b:20:41:81:00:6c:5c:10:25:b0:
-        3f:f3
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFBd6ijAG9upcNkANrtifv7m9gsxSMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAAFzF9Qk6Dp5bZyklnT9YPplgsYKJpxk1vjFAY7OcLKk
-GqAcQd8eojYbTy1Wb+/i++eE06oMCAREZ1eIizSxdIxXlpvit9wu1KMFQbsk+r4s
-pM++CqqNZP9v7uEkyAaOFfv9Gf6S1lWErnFYLGplUzQ5IEMaWyBBgQBsXBAlsD/z
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2EE.pem
new file mode 100644
index 0000000000..e6fcd20b60
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1A 71 70 3E F1 A6 1A 85 BD 72 DC 16 16 EE 1A 80 92 61 64 36 
+    friendlyName: Valid inhibitPolicyMapping Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid inhibitPolicyMapping EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subCA
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMGgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMTgwNgYDVQQDEy9WYWxpZCBpbmhpYml0UG9saWN5TWFwcGluZyBF
+RSBDZXJ0aWZpY2F0ZSBUZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAPDRNocjMpqJS8XXEn2KeY/S7iXL8tNa1sS8X1umBKBSotfKudBZlQFXSesE
+FC0og1Zs0syETNkUA1Wi+0cs+q2B0dNQS3oEzuMhMHRWjj56QtBiTFGwUs6qRliH
+JJ+AAmcwOoMjsD64MFxOPtwAo71i1LAPbDXj9fZSPmQirI9ntOafT0RrZDVQwh0g
+Sh6aCSAh/Bht8BgTaZW4MN/bi/cqv5v8bnFuV0BOgCE3O0frFuwinSG1d69ZOHHK
+qVZ/fRfKNlxflSU0XcbtybYVgsyAoRL9Wq4m3RKsbtDeyqLa5SFTKRCMRw4ZCEIx
+F1OMaeFh7etefe+7zDRW27l+2jkCAwEAAaNrMGkwHwYDVR0jBBgwFoAUqiaUHWQP
+fgW8XWCNB1f8cJVmbOcwHQYDVR0OBBYEFP9zakNg0xu0uUYWu6rUrwVyxJTZMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAMwDQYJKoZIhvcN
+AQELBQADggEBADaelkwjWQrtrmyosROq1o2cNB2pldWpI3chT/c3cn8IpAQMMNHJ
+Ch94idy6x/bzO7R2ZXlL5VCHPJlzDpClEOv8ZGebupN3+AE73Czaxqxrxj1xiOVl
+g5imlIUt7oIjJibpLDVSH7Z2PcY9YK+/A6uaX1kll4oMtCLmoF8obFVp7alj0Hzp
+uVpVfEq3I0dRLGLJCuOg0wCoyLtjV+YGp+uXXxYWBZc3CbxE1sVJ0g8D1JYLj5eq
+uyj3Nmplo6T1c6i02z4LDtl81umgQyeH1JPijLH094G12i5L50QevtqQ6ifmFHjP
+24mHZ/b0BatgDap0gy+JOYrPj0op5HrnU7A=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A 71 70 3E F1 A6 1A 85 BD 72 DC 16 16 EE 1A 80 92 61 64 36 
+    friendlyName: Valid inhibitPolicyMapping Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,345A2F34C9598F64
+
+XfvNEKO6RJq11Po3l3MB8Iv0E0gzRwfLPEJOIiKq0Dl2emB4Myp4dlFMdX6HgmSB
+Nec+QWQHsV+t2koSF2SlwNFMzMhHX8lUDjYN1pGDqodXhaqUb2lbvtmAud/O9Nth
+40jd4kXq+OGgjKmmXIOlLdjVf4DoM6k3u1TVdtL+6lEEKojO+EWxl2TWd4/0+4GU
+LS/qK802foNZk1FS+FSxMrEkoZshUWmK8qWFID5WUdM8Afi5l9LX4s1edNIzFEq4
+8f/btdMrEpYI7q/MmuMNotiH5DVDGXKd3Lj+mHeDuzjtmjC+KbDBX/SPyqJN5nav
+P+3TtTDhKvKnSdMF4+Zn1t3DzAE4gDZcHwqTOraDTAS4Pvqrc+U9AMG4STrcQ4Hs
+BCWPwX5AakSNhChcpILJOMKu/Y6MNHUXMboE/lJPCF39sM0aqUUvg/9oCjqcOHVa
+OdLhIiSJesXCjXvYszQocaSLexiIbEqszqQ/2zyjCPNFEILycRTOhQo1059+8BcH
+F2toqctHo8AdfbLFmns7xrTiV03r1tbUV1RYd5qIvqoR4IWlNobmu/xzBRyrz5A/
+otiGuTzM27FzO2Igc1IdMgN5WFM2znywlWFf2IY7vKZ+UlNCeNqHnkQ3YiokdrmH
+thKTiOTsC7CkBD67jFBFkHYBatPE0Po43K8ZFjMzLkmKcay7Pq74+N20TivWpgqW
+dxQgBWkibe/bO6UNf1va81Z2z4MtlNOkagajWaLNBTYTdRrpAUKTqgV2WejMaMti
+KULXKiEKhJ/M+74q7Med+OHkIQpQEpCuuSc7VfWsrcSIXqNj/aCxgSByci9k06c0
+K8aGxAYSFP+mr9EzoHeTo1kb79grgilaSSuwopwNoE9jfg/yMtU7oIvrnH7biqwb
+4aaLSaSqrN1HT/6ACBOIHlnmvwzQh7rSxiuWO5A+6COUDvOmyaiadifUlXMo9fcv
+M7mn6yOFzjSZ1uKXGgyh9+uATmu8Wf/zeEoJtJIrE3Fv2Ibd9FiqmRwdVyilHrYk
+8Mmdsrf1AZ5qNXYEYRSZYSX7+HRLniO9kXbbGtIrNB7bRkTdX33vQy5EQ3xKatb5
+X/6diAv0Rn56LoyNWmmj/khZnrTUbWrykzaTLvV5Hsq+ZMD+huxLCfLN/Hu8RDDk
+K2YUUGiJocv8mv2AtH5U7KNPE+tzEAB2dHTT978k+eS2Sv6wXZj+alsPOWXvKF+4
+BdWatrC8wi14KhZafV4AoRa6VMbe/e60gZ5b2DvDtJ3znYHv/UMoOOToV1OkiSDy
+n86YnswIwCNL7SEaMXlr1R9RX8Lk3GJY4Dt9btKfsFCu8esjh1FVfMQaWLaTe3fq
+9Pzmf9/Jp1/5bPby5rw2hcEmRj360Pc5J+CeloLyb5PUhjjtiEUM0/EsLBSROnVx
+AkdZRCqVvxK9vVQanxvvWeQ6ROWffSLzcPdIfyV4tP/7+Awwj8OZBgUlqPeCrTlW
+qu/3kjSo1slpe9TXGGqQKT2j4+0CvNqWtAmSUg0s807KTSq1Hn8HxPo/ETgYaMUi
+dF46SXGfZ6b/wIcroki51SDDyTKRcZujP0kwmkv2prL+TUMe/kVYHTn8h/xB5gpR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4.pem
deleted file mode 100644
index 21d384e81c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4.pem
+++ /dev/null
@@ -1,216 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid inhibitPolicyMapping EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
------BEGIN CERTIFICATE-----
-MIICmjCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBjMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxODA2BgNVBAMTL1ZhbGlkIGluaGliaXRQb2xpY3lNYXBwaW5nIEVFIENlcnRp
-ZmljYXRlIFRlc3Q0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMMwNGdAJ0
-vncWniYOninmdOvqbWTU+G3jPbZ4uJULmhWBvap0Hpq8RSJZ8wprenFgK2/epICj
-uFtJZyEtG/3A8PZ3IHYNkWv7srclGdUlotObulycoDHBn9LXI+i/CvUNGvFJldlm
-kQOxqy1Qhto5Gj7cVWa4HiEYfx+7HJPR2QIDAQABo2swaTAfBgNVHSMEGDAWgBRa
-k0vvlp6uPkMWJqQYHnmLouabITAdBgNVHQ4EFgQUFgpn09iEBzTYWYmTqi0RWeEt
-CfYwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwBDANBgkq
-hkiG9w0BAQUFAAOBgQCCP6oScMpFs5Ak3jAfJkXhwpzciLdF1Mtq/SO8auu0mZ6a
-CfrKh6JL5kshzKbZFbRYqkIidQNW42Iv4et3yLhWZvSVoYkP+EAg0dMs9/Arw2C1
-pqRc5a2mgi1G182TWgEh9rMZDvYPdD+FrzZU55bLtSlt9L8o9y9vz6+dE2MrLQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpjCCAg+gAwIBAgIBODANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-s4T6CQeTrbqUSlSczfx8iMSRK4ip9F4liS7giqCrZeZYEuP+/XoRZKzqmT3G+io6
-zcenL7cegP9DJnTNuZ1nHEoeJTlhQZq00PD1n33OMK0zhMIirByYBpabztuw1dJ0
-MKKcRzJ1AswgccI8seh2W1FXdFo/vGkDOkcD21Se0XUCAwEAAaOBnzCBnDAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUj3Ywg1+jhUuQ
-FB4GBHs3AQUgJmYwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUD
-AgEwATAMBgpghkgBZQMCATACMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgw
-BoABAIEBATANBgkqhkiG9w0BAQUFAAOBgQCXSeQ5mEkpmqCHstAZJbAGVSNrj3ka
-eA0k2v+n7vDeZ+9F8bByDiBBz3RMTqmdZxQ6zroOPsw66HLxv5D7oJImbhyvFrnN
-uxPGh8hvvP67N7UT9cM0RAoIQHmoI+3+o9cqOnTIJWXXPyq5q08yTrUt1lzFyrcK
-wGB7PyQXRRDWjA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
------BEGIN CERTIFICATE-----
-MIIC0zCCAjygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-KzApBgNVBAMTImluaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJiRgbTlXD7Tr33rE8bkM1fLhA/0RcC0
-n6UIcVb6xSELqRqVIpXK2C038i/3Ta6+eoiCdjT6kvQwsM9uMBJnB7uePzDzpkSE
-G3Php6MSbnAO+6LPrGFBJ0LNo6yXvsV3HQ1Uwh8iND8Yt37obPJ05PzfU6hSnMgV
-47YDMrmE5h+5AgMBAAGjgbMwgbAwHwYDVR0jBBgwFoAUF3qKMAb26lw2QA2u2J+/
-ub2CzFIwHQYDVR0OBBYEFFqTS++Wnq4+QxYmpBgeeYui5pshMA4GA1UdDwEB/wQE
-AwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNV
-HSEBAf8EHDAaMBgGCmCGSAFlAwIBMAMGCmCGSAFlAwIBMAUwDwYDVR0TAQH/BAUw
-AwEB/zANBgkqhkiG9w0BAQUFAAOBgQCh/ZM7m2L0OxzF6RXxeVUhY5xlTjRO0HGd
-0xOnDkOesSYfCI4gUflMo6/T9Ot67Vnb9mgzwWSEXB6g2R22/3DVR1ord/UgZFKe
-w4llbMnwRS5e3zjqLGsLeWk2ZdyjoD2vmKiFBiX+rlHvaLk+5xYcGEfOupTVqWMO
-OHuz9iinWQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
------BEGIN CERTIFICATE-----
-MIIC5zCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAMX6LszkJcSryGVxfI4egJDv3zFztB0M+jGHKEc8
-uPkbpVlPSjM2LWqUOks/C1q34lfaC6J5O+V3/DmN7GjLpJmdjBDn7k/aqGeE7XHR
-Wns707M/rcEWxPP/ErMQNIsqSkvy92GtwuaG7wsY4a+KyB0YCdqikJr6oK2Cvhwf
-LmC1AgMBAAGjgc0wgcowHwYDVR0jBBgwFoAUj3Ywg1+jhUuQFB4GBHs3AQUgJmYw
-HQYDVR0OBBYEFBd6ijAG9upcNkANrtifv7m9gsxSMA4GA1UdDwEB/wQEAwIBBjAl
-BgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBABgNVHSEBAf8E
-NjA0MBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAgYKYIZI
-AWUDAgEwBDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAE3ZflJR
-6b/Pwip7bO1ZIkiym+8uTzlT5nx3CF4P5Yyhje4VKVqoAOdljbZoaL5x1Zdd733W
-MxbQk/QP+wziLjZJlnqX+lSxg4wUiSU6mGtDJ1rPwMsbiiVBld7iP5JhFAWoTg0b
-XJ0ZSTHABPtNeMg2desSHwfh2I5WtX3hpXwE
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8F:76:30:83:5F:A3:85:4B:90:14:1E:06:04:7B:37:01:05:20:26:66
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1f:20:b6:9f:f6:68:a0:22:5f:24:73:c0:ac:bc:8b:05:86:58:
-        7b:97:ad:38:8e:70:61:7c:17:9d:38:21:06:0a:72:b5:41:3c:
-        b6:9a:93:77:6f:e3:15:e6:06:74:67:90:b1:95:56:f2:be:52:
-        21:6a:de:f7:bf:d9:2c:12:11:9d:dc:f9:ba:46:f9:92:24:75:
-        ef:83:af:a2:8b:3a:79:da:ca:c5:72:a4:7b:19:e1:a2:f7:02:
-        18:92:eb:a6:1b:74:bc:ba:62:51:d6:9f:69:af:20:34:3d:43:
-        08:e7:15:da:75:79:b7:81:6e:ae:95:08:cb:7d:e0:3a:50:7e:
-        c1:7e
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEFICZmMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAB8gtp/2aKAiXyRzwKy8iwWGWHuXrTiOcGF8F504IQYKcrVB
-PLaak3dv4xXmBnRnkLGVVvK+UiFq3ve/2SwSEZ3c+bpG+ZIkde+Dr6KLOnnaysVy
-pHsZ4aL3AhiS66YbdLy6YlHWn2mvIDQ9QwjnFdp1ebeBbq6VCMt94DpQfsF+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:17:7A:8A:30:06:F6:EA:5C:36:40:0D:AE:D8:9F:BF:B9:BD:82:CC:52
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        01:73:17:d4:24:e8:3a:79:6d:9c:a4:96:74:fd:60:fa:65:82:
-        c6:0a:26:9c:64:d6:f8:c5:01:8e:ce:70:b2:a4:1a:a0:1c:41:
-        df:1e:a2:36:1b:4f:2d:56:6f:ef:e2:fb:e7:84:d3:aa:0c:08:
-        04:44:67:57:88:8b:34:b1:74:8c:57:96:9b:e2:b7:dc:2e:d4:
-        a3:05:41:bb:24:fa:be:2c:a4:cf:be:0a:aa:8d:64:ff:6f:ee:
-        e1:24:c8:06:8e:15:fb:fd:19:fe:92:d6:55:84:ae:71:58:2c:
-        6a:65:53:34:39:20:43:1a:5b:20:41:81:00:6c:5c:10:25:b0:
-        3f:f3
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFBd6ijAG9upcNkANrtifv7m9gsxSMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAAFzF9Qk6Dp5bZyklnT9YPplgsYKJpxk1vjFAY7OcLKk
-GqAcQd8eojYbTy1Wb+/i++eE06oMCAREZ1eIizSxdIxXlpvit9wu1KMFQbsk+r4s
-pM++CqqNZP9v7uEkyAaOFfv9Gf6S1lWErnFYLGplUzQ5IEMaWyBBgQBsXBAlsD/z
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5A:93:4B:EF:96:9E:AE:3E:43:16:26:A4:18:1E:79:8B:A2:E6:9B:21
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        64:90:80:33:7a:e3:e8:e4:66:09:4e:4d:1d:ae:cb:f4:f5:b2:
-        ea:4d:48:24:be:04:8f:39:9e:c1:da:6c:14:fa:0a:a5:be:47:
-        84:19:27:c0:3e:15:ab:18:78:71:0e:93:e7:6e:c8:05:ea:f2:
-        bd:c3:7b:fc:52:04:be:fc:b2:22:80:81:35:b3:ab:57:7b:23:
-        ca:39:66:ed:47:19:cd:1f:2c:ab:14:4a:28:5d:23:ab:24:7b:
-        e3:51:bb:78:79:05:20:25:ff:13:4f:c5:d1:2c:e1:67:b3:e4:
-        29:35:2b:1c:5e:aa:01:17:aa:49:bb:04:66:52:a3:1a:7c:0b:
-        f5:57
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFFqTS++Wnq4+QxYmpBgeeYui5pshMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAGSQgDN64+jkZglOTR2uy/T1supNSCS+BI85nsHa
-bBT6CqW+R4QZJ8A+FasYeHEOk+duyAXq8r3De/xSBL78siKAgTWzq1d7I8o5Zu1H
-Gc0fLKsUSihdI6ske+NRu3h5BSAl/xNPxdEs4Wez5Ck1KxxeqgEXqkm7BGZSoxp8
-C/VX
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4EE.pem
new file mode 100644
index 0000000000..6e38b01882
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 6D AB DC E6 32 A2 D1 1C CF 1D D4 69 DD AE 5C 0B 5D 14 96 94 
+    friendlyName: Valid inhibitPolicyMapping Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid inhibitPolicyMapping EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMiaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTgwNgYDVQQDEy9WYWxpZCBpbmhpYml0UG9saWN5TWFwcGlu
+ZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKYL62yu7+fSYzmj0n3w6uGjjzv62IQV/CL9BECVjokjFNxU+tfm3Mk7
+Db7JxnHMEKR8jY4KvRmsaNSUe/3lK1VG4AFNzciYw4eDhOOLr5Kkx6EE3nbiWLiH
+eE7CDRe68kwiRf71K4sUuRtHFKzYq78O1LY2fbYQoudnVbMs7JGj02nVqBA7M9iR
+JKu6V6R/9EdSQEI7SFQEOJcnlIOkdL3Y5zYQLmXvoQ21RACpbPTrt4VFLQ9kUgdV
+IwrIdD1qunbkbNTiaIjLcy8duhKBVx1m20MFY3h1uQc7SsOedEtCX/XA6a4GUZnA
+TwBBiNePmhJUcN3P+35i8GBfin0K47kCAwEAAaNrMGkwHwYDVR0jBBgwFoAU14Bc
+E4uOQXa6CrVzceijQIB0DtEwHQYDVR0OBBYEFHcvegxzhgIyUXHqaXOrOMLRpwmi
+MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAQwDQYJKoZI
+hvcNAQELBQADggEBALkd6aOI5LOFb4xsYP6dSJe1DNfieEU6gmjHjphXiz1VXbau
+0j1lqcxNj7GiOEThH6C9rgQ1DQmEt1DQrj4byYgnoMOa5fUwK5r3Mw+r+2SIGbyy
+wvu6Sy1zdJ3OGymchuIfVXeaXgku/Uhf/68xSn8yw0HW9SEKe8ZDVZKTCXPPqnLW
+FbD4xjBHXywSXlRlohLRuk9Rparq2Q18Qat4TOf/M1FjdxrToK+HRSfNw3e7cHQp
+gxIvCK6mshrc9ojJ0aJRxvZEiM1W4/Twn8R+1sdWxKxeSfdz0Sl0jBHBVY/CqWKc
+5Xh4d7lLxwItJ60kyVbsrsGeRJHtY1jyMQ9T+1U=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6D AB DC E6 32 A2 D1 1C CF 1D D4 69 DD AE 5C 0B 5D 14 96 94 
+    friendlyName: Valid inhibitPolicyMapping Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F3E31AEC3D5768E3
+
+9UUHfnUhE5QAbpko68+WMXCmLsSpLQ9yYiXhguUwoxnoHWxtKo55PaVJnaHlod9e
+2iy8dSot3h+LNM+GZ8I/OmpzGrEa/GMCO4QhXhwRnRcyifFy3MKFPpO4MJUf6sJ/
+1+Qj2j79kQ738etkvc7qFmJlp81/cvIOybSMoAvFwGfkABqVRXBGSM12UkL5vBg5
+n//GvEP8vJj0P/luK2OS8TSVH/pNeRN2k7u7eA4cYssb7zWyD+xUKFXlNSKoiStt
+506bbXuPDv7EjBDi0VU2Xdh8oPU0guLOh3G06Y60WbfA+rrM/fbw3J+hVply8vCx
+lI5J8YHhsReSsl76dpnocfjaXMj+K9vZX3fgDDEu+1Xwo11X1ztHXPPNPVRFgb5Q
+iY+ERzFwJykapOmOSuHAK7trCnNhGwvOgmLuBe2iNl/c3nom4hQrwIP5fxavOdjC
+6fuXN0od1V6agr22OZOM2dp0YcCVlptNIicSNHxB2YyngEmaAICtB4IdwfeTmcGD
+FS3sdRQi/BdqgiSaZtrexYDu0d7//Mujk4W8MCK9m4Z2BZDyYBEYLGcr3c7lWRyV
+cvWOz++X3Kwe3ENpZEHA6dYFgXWnBEyqAajjGamfVTi1eool6WoAYQ4ngPAX54LU
+Fm9FiQueCnWgrBIWt8BJBKThikOk9fy5gvKWSx7Lz3BipsBYf2k2jvG7tCFopIdj
+HNSfq9nEiWQ/d6W7vEdImu9geJxFBbNhmL/NQS943OL/GEESKzz/UCcJ79XhSqL9
+YO5xJe1KYwnrDstkuwTsxJfXyOCQaOCTkELTwzxz3B8gP0I7gaF/I4g98NND3Ldu
+prGNzXUkbxr/OS3jbk30wn7ro7KlEWwsN5E1Eac8Xeqxrp+2g6S+8ysSCVcmnTg/
+JZoNNCJI4my6wN39Vo4070m1hyj4JTVz/V6SFGFn6ssSgkrfNPLz+6+2lGsP/k2S
+2FByK20cjGTVktsXSm54lujU5Sb4Matlomam/hWRwgMC2emrLnkApE0XpKobBHg1
+5D0S4qBccKGaz0/zcCFvt9wCyVn2bx7GhGSNZtggw8lJmjYV6bXVF/G4hm3RLl1Y
+6XD9RvjEZxLgfPHcxYbm7hTvlw1j6kE76rAqFJMXQpQvuw+Ze37PQK/ABBo418I4
+zNDQeMw7iDlxdiLg0ylWI+6vua45cRUW1Hu2JbLfWs6/7pOLMSswrYz5I5N6gZJk
+c//BtzkJwe78Bft1bYDv4M8WpbUg3x5KvzU2K4qXPmlpcVw4L/L0VS5ADQeU1Ubh
+joUHTk4sedh0ge+lYaTI8Pj3gjsL0Ynxl9WIlDvr7ggL2kxuCZbDpyHojaPDu0cH
+4Qxp1AJos6vGAYDBH5l7Pe04as+BswfEPOeCW8YykTCT6pM16UUY9mR+ZIdZMiMU
+dMt8UbeF0qB3jyjER6ALP3K5v2Jx8GPWV52GbD9oBoFkguK2scM88EWcIEWa1sAC
+2khDcVRBsA27sVWGu+QgdEYQQFEH6oPMG0/NBE42T5FSrnFXtRH5061uEt5w3ROg
+bgT42rD4G4bP6Wsa6JCNDwTNXhIWujiTVkchvSuOGXV70y8cI+E6Hw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3.pem
deleted file mode 100644
index 3183499812..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=keyUsage Not Critical CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBHzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYa2V5VXNhZ2Ug
-Tm90IENyaXRpY2FsIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYlAJy
-nnvLn2glPjCkqnWzCC/bxT/ypoeW3spfvzi+AQuwM+d/bNL1ZouAnps7JPpf4VHp
-ZvSGjeCgLpCvDjnUP6tG/hkQBm8CS9vaqg/65FoI/MpSMHXmVJ9CgUjOkjHp1g47
-2AYniw5lRztaH2tCN25WqZFzar+vdhQG2ZkJNQIDAQABo3kwdzAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUzyqhpf1C4jO8MypNmHOz
-2PtVvNgwCwYDVR0PBAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKS4oBKhFhU5vxr4Z547N5er
-YrYR5JU75QnGUZjv7JYCXydlJVuvIhZptrzG/wevhz2VgNSbk/wp8Uw+ra3eqqlq
-QjVFQukh0F4GKMBaiFZ1HUEGILLIpeEq0Pn70Q8EE0H1RsweW1P30qaXZE9050m4
-7h+is62/EaaT31RpTb+G
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid keyUsage Not Critical EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=keyUsage Not Critical CA
------BEGIN CERTIFICATE-----
-MIICkTCCAfqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGtleVVzYWdlIE5v
-dCBDcml0aWNhbCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UE
-AxMwVmFsaWQga2V5VXNhZ2UgTm90IENyaXRpY2FsIEVFIENlcnRpZmljYXRlIFRl
-c3QzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQifnsA6fOmILXLNZeSJEf
-D8ON1YDI4FjDmGqG8Ob1ITgAWPfxJcWgQXqRwzn/1NXj0faYKeVA5j6VZxSCP7Dz
-D6ZCeGxjgcF1lNF2dqZh268sSsW3ZiesNQ+wG9zaF8YNWvL8iqICgMrjVqdiFbiD
-X8N15gROcCA0lPuKiqlJlwIDAQABo2swaTAfBgNVHSMEGDAWgBTPKqGl/ULiM7wz
-Kk2Yc7PY+1W82DAdBgNVHQ4EFgQUHw6xfNRi0j5jpx9vVSQlS+45UuUwDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUF
-AAOBgQADtx2GVXZR3dxm4aGGrvmtdkDkj/20o+75/jzMHss7prirQQdShNtqL02F
-TL2y/PWCf6QbDQgcakwPDez60a7reZ02JKUtwKCa4VJf86gy3BDKKhm+msihYgCj
-ZzkYwS9CoF3dRup5ySq6dvAU6gVzPRJZKOf3MIM/3Vo9hUtmVg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=keyUsage Not Critical CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:CF:2A:A1:A5:FD:42:E2:33:BC:33:2A:4D:98:73:B3:D8:FB:55:BC:D8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        3a:4d:11:cb:3c:14:7e:17:ec:4f:14:72:47:1e:98:fe:ba:02:
-        2c:79:4d:2f:5d:e8:71:fa:35:d3:7f:26:b5:27:1b:23:c0:12:
-        8d:c5:9c:f7:e1:96:71:d5:7c:6a:e4:40:ed:7d:46:28:a1:91:
-        99:ab:75:2b:61:a5:c5:4b:d1:63:10:bb:95:bb:4c:ee:a0:8a:
-        8e:d6:65:14:3c:86:f2:11:8b:0c:4d:6a:3d:e1:a9:e6:12:28:
-        69:87:1b:eb:e4:9e:d1:45:5c:dd:2b:2f:6e:55:72:e2:69:cd:
-        88:84:b1:c5:5e:86:44:10:4f:ce:ab:a4:b3:ed:c7:03:58:84:
-        84:cc
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGtleVVzYWdlIE5vdCBDcml0
-aWNhbCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUzyqhpf1C4jO8MypNmHOz2PtVvNgwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAOk0RyzwUfhfsTxRyRx6Y/roCLHlNL13ocfo1038mtScbI8ASjcWc
-9+GWcdV8auRA7X1GKKGRmat1K2GlxUvRYxC7lbtM7qCKjtZlFDyG8hGLDE1qPeGp
-5hIoaYcb6+Se0UVc3SsvblVy4mnNiISxxV6GRBBPzquks+3HA1iEhMw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3EE.pem
new file mode 100644
index 0000000000..6a4f159be3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 19 E9 F8 16 84 3B B1 8B 16 F5 45 FC D0 35 AA A6 0C 8E E4 E9 
+    friendlyName: Valid keyUsage Not Critical Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid keyUsage Not Critical EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical CA
+-----BEGIN CERTIFICATE-----
+MIIDoDCCAoigAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYa2V5VXNh
+Z2UgTm90IENyaXRpY2FsIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowaTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExOTA3BgNVBAMTMFZhbGlkIGtleVVzYWdlIE5vdCBDcml0aWNhbCBFRSBDZXJ0
+aWZpY2F0ZSBUZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALez
+B7zAQcz+cwTNzcRbXADc2II98d2UkCim1OerlAh4XSPePFqkPmCcuijOF1vTFsxc
+eUBcnBHO3iH6Dw6LBoJF8f4slPhGVzTtmXjD/0N1/x70ypCbNHeCv1Lxfn/M6Ufi
+bYEYqZnL4D9i6pRWU6UcjRRWfoX8zEyTdShPLhxIUovvEwStmd3ISQvgJKLEbAJc
++EEPA1k/bcXJEf3VVhmx0kjNTqWXJP+X+JfG4i1AmyhwRDbXdwND2lzPOizThff+
+4gBaxJB0cdW7wHwqrnSTQmFOB4vSkgQYFHxgBplJ2Eh1t/AyokjI9imz06VmfhFk
+kyuRvGqaxBD1W6zY+bsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUwZARStm0K8Vwfs6M
+O2JY5buXK3MwHQYDVR0OBBYEFJ46eWPPLst3JdrmpRlWguBUS9GrMA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQAD
+ggEBADfZpIsEnc5hM5JwyXKi3HdQMCwHRQvGadMNqh/3A6SSIWJwU5+8WeorwD1Z
+SikyE+AXC/cOfSEksVjrCWY3ezWVF99+jaQFqgE8lcws1LlytaN6sRY7AdEoQUhQ
+r+YawAvNZgbkRRB8LvhWUWK/66N8rkVFJVahJCcfEGzQdNBryag9SQrcqYigfV+D
+Ysob5iuSOJAoGlnAtHVtOwogjfZ1ZQy//P4yJ+IbzE3u0kHMTTqUrIeB1RWqy1YQ
+QTpnFVcmuI0utFmhEDYz7w5ktTQor7cwojxc+NpA8qzvRn6hiIeqemqrYIFAzhc6
+EI38iiO0ZAhjvDBgsERMLmKUTR0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 19 E9 F8 16 84 3B B1 8B 16 F5 45 FC D0 35 AA A6 0C 8E E4 E9 
+    friendlyName: Valid keyUsage Not Critical Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5BF897CB9FF0385B
+
+P7aeEOOsC7LxvND9OuJqHbesUzf/CpLspAdxh+2XwRPZxLxbATA5FIQX7o75EyBT
+JoLMh1eBm4n7nMW9o8O0YX6u/1LpK7+T/yEl4S65xJNw/gcdXTvzYY1VSN9gCY9d
+MI2XZuLpXGNcSTnAIqE1RRGJ0aPoejR8/fIR1++qcSYUtPwKn5dzMo3JkT4NFU9J
+Ux+YuBrHLo+hk9ymZ/MBSb13Vz8sxpNJo2W/zidhrvDJRa1qmfAtSXsdu60n7O6y
+7gspxrOsFeORgJUrW9ITM5QdKBZNEgBED5IoB+fdRI0FwF5HGziEJwYujPYcldeo
+8T/1yNzo5fZ8HdINL3KJYMpFzo2EnE7ZCxhGEjtUC4UUSfPsdTi2mlNRVK2hQ+UN
+Qc30hicM57tne1Zth5ArQCYHV9wM6bOIzdERJnBD8bDlyXW2iDhTbW5BMn6wvjGi
+7zdot+zxlsed1hHdyHLkiZHxTlKHI7hoMjuwROaTNRcnARl3aiStMLYoBvk9Y9Bw
+ZFivyK/b73C+jXAs8TmBLfJYqGkgGwB/CKbSYNYpm/F1j6nP20zvwetwr5TqlNze
+v5pV2jN+ZdDlqicjmHcLspqJJrtstD/PiOOWyxT/5jUmFZsK0tgnDUysDhwdoRjO
+tdMBqf73SZ7HVFVYmY2dajBhsuieOg5aNts5vWlp9ENxkCnC+lSxPamXBQ12EDtd
+Z8QTEwPndaXoS/NZ4O+LFyuCRaB9D0V643jAaVmEb+MHii5oihPk83a/ZcH8aoLh
+GMkyn1UwVoKwERGcGvYBXZt8Tb4FtOkOwM61hVs3S0lokQ/kaLl83rygJvdsiiRu
+mah/PKWVsKujJ4P2YyXwDmDTNO7KNYZU/O5E2fRsLxFP+qAwB4GpuDDcbKuIUQyz
+gu4vFCxrWLRZC4VW8B5oYhs6JiErVhg9bwbKsToUvyC+FeoyJvxnKiE/jJ1KeH1X
+hEPhPTu54YNaE+ccHTXDp5fDJboSdz0nZ2Ktjecg3UEBVayaaw/zJzUE0oOF1fxG
+Iu01RTEH+0Qx+QPrKHfkwSiD9ZXWOY3bebstjNrWF5sm5rtHILiTU4q830dyKFxl
+KltqXgKzRHBkMFbJNVQHQ6FdZ5e56KFUw96YymDWspTklrP90xbesOPPpTKPxFeV
+XPwN44tVN5j8CZIIhf0lNVRJDGBMNuT0ffr6q7poqb48nGfkoge1g26h8Bj1L/1x
+yc0ceL2yWXiEeFoUz8XU3NEyLSJlBwTFW1lHz687CiqkwGaliNon+N7Il0wSgbRc
+iVKom2OBQAih5aJId98xVg7/jpHq2Z1I3mrwq3cTtlXy4j9eViXKSwgsDSK+G0mJ
+HPRDF4Omw3fIf65M7BcuiAs352AQnlu5wG/+10YL31l1OW3NN8TOKhor2RX8+JXP
+sMiEsJhwyBy0X3LKIlKwaQuQQwcwvvMzBY54hMocqUJtSkr0+pX5TniAIbf6/pcS
+jDdbz9dakfMNVB+TFnWd0jh6bAYLLf6jhH9034PDc2vJCThAZor6Kw04uccpktya
+3O3dOVeQpjhKfQ9nOiqVoF9XXPAHIUEuDXRFpuSAPVwbSKPr2AnOng==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsCRLTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsCRLTest13.pem
deleted file mode 100644
index fc640e8409..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsCRLTest13.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlyContainsCACerts CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfDCCAeWgAwIBAgIBTjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWb25seUNvbnRh
-aW5zQ0FDZXJ0cyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqP8z3Y0v
-UCVXIVXCpbr+dcdoZFi0UZQPvl77hqqVORSs9FefV5mTeuoDDfhtUYa+O6Wzh2v/
-Yzv1MzPQzePG3eho/6CLs4pzqVWZDzYTG6OXubjPvYT10WykqfaWuivcn5YxbHuA
-cRitNsBAvY1Nq/kPDtsPJz1t5+PDRVO64gsCAwEAAaN8MHowHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPOhB0Zne+mPWavrVYaTyKzk
-VbcYMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGkMUjQFfto4SQpRJ2fAeU
-qXp2dn4kt+s/ITPOIykUFaybQ6eaGRcWN4kTi7IufbSeI7lmaa4SC+bq14tfSf/w
-gJSpwu58pIbPHKN0IgB+9S8eRS8wmB4HcBflmNZz/NX6wJzwJt15ZC+gek+eZGUw
-Qck6L9wt5i1wMFyRwBmAHQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid onlyContainsCACerts EE Certificate Test13
-issuer=/C=US/O=Test Certificates/CN=onlyContainsCACerts CA
------BEGIN CERTIFICATE-----
-MIICnzCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm9ubHlDb250YWlu
-c0NBQ2VydHMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBjMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxODA2BgNVBAMT
-L1ZhbGlkIG9ubHlDb250YWluc0NBQ2VydHMgRUUgQ2VydGlmaWNhdGUgVGVzdDEz
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCleZwZx1DWjtQUI6sccnzSSv3J
-scTabLlHXVLbXj57OzT/9XuVVLkRe6ZB95/CCO8YM/bYdtmJEwtT3S7J7jaSI1XM
-NBi9E5Uc2y6RXOEZ4dL8LFJjZYIQNbRUgg2o5rtJ55N7Hp/uA5zJYKH9wtNBXAlj
-i0eULWMWi42zHc/w1wIDAQABo3wwejAfBgNVHSMEGDAWgBTzoQdGZ3vpj1mr61WG
-k8is5FW3GDAdBgNVHQ4EFgQUQrE9JN7MpRBHp0VYS792Fg2IxOMwDgYDVR0PAQH/
-BAQDAgH2MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/
-MA0GCSqGSIb3DQEBBQUAA4GBAI7d4izaGul72X3r0YD8tjwHlxMMBg7/4nO6PrJd
-+blNKJwn/eqMJdekiTWjl2E+PKS4nBCBSeFeoboUHLnQ/AHevzxnJiEUK7otOXim
-UFRLlktEMASIbfUjiJrkwmL6JxvDXlbmhJNVlXZI6bRfAxi2XXt6o+ZO0VAFlebG
-iga9
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlyContainsCACerts CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F3:A1:07:46:67:7B:E9:8F:59:AB:EB:55:86:93:C8:AC:E4:55:B7:18
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        54:27:ac:fc:b5:7a:93:93:e7:f2:e9:63:f7:52:ad:20:08:4c:
-        52:08:62:e6:f6:81:71:1d:72:f4:1d:bf:db:06:52:d6:4f:8b:
-        86:68:4a:ca:01:4a:fd:b9:7e:5d:7a:df:48:67:36:9b:31:12:
-        dd:13:29:b2:8e:b6:ba:c4:20:31:57:4f:7e:c6:d1:3c:0b:e5:
-        1c:a0:c2:15:c6:09:5b:77:ca:95:37:31:7d:a8:08:4d:ae:60:
-        4f:3c:b4:ef:92:9d:f1:11:5f:a1:1b:2d:ff:e6:2e:07:88:4e:
-        2c:88:54:b8:e1:be:4e:6c:22:90:0e:37:0d:b2:8d:61:21:46:
-        36:29
------BEGIN X509 CRL-----
-MIIBVDCBvgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm9ubHlDb250YWluc0NBQ2Vy
-dHMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgQDA+MB8GA1UdIwQY
-MBaAFPOhB0Zne+mPWavrVYaTyKzkVbcYMAoGA1UdFAQDAgEBMA8GA1UdHAEB/wQF
-MAOCAf8wDQYJKoZIhvcNAQEFBQADgYEAVCes/LV6k5Pn8ulj91KtIAhMUghi5vaB
-cR1y9B2/2wZS1k+LhmhKygFK/bl+XXrfSGc2mzES3RMpso62usQgMVdPfsbRPAvl
-HKDCFcYJW3fKlTcxfagITa5gTzy075Kd8RFfoRst/+YuB4hOLIhUuOG+TmwikA43
-DbKNYSFGNik=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsTest13EE.pem
new file mode 100644
index 0000000000..30fec0a7c4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsTest13EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 9C 29 A1 97 81 CF FA AA C3 77 FB C8 F9 3F 64 D4 2C DC C1 7D 
+    friendlyName: Valid onlyContainsCACerts Test13 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid onlyContainsCACerts EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/CN=onlyContainsCACerts CA
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWb25seUNv
+bnRhaW5zQ0FDZXJ0cyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MGgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MTgwNgYDVQQDEy9WYWxpZCBvbmx5Q29udGFpbnNDQUNlcnRzIEVFIENlcnRpZmlj
+YXRlIFRlc3QxMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANX15GuX
+OGqR1Az5/3Eya+5k/mszVGRtEA4BxsovHQrt4IIP1MjoRrB6sL2Gxjps4vzA4Aw9
+S6LxUJRaw1L59qRWJcdrTMnI9Jzqc0t9WanMqb7CTvlTQN86FO9KEbmc3HO8YKnw
+OySx6uXgAA/X9+AsuJhlwXH05K0sTlqzP39PiXupl3S3pqVAPHVKpjY1hizfABQQ
+ugfMk0szqm5ZqUbtRoRsTI5pWxe12UDVN8eclHUJVPng220tUQY9vaHesjIpcrEg
+p7KBxmLsbAdnoVs3JNYGPTI4wgvAOAlFxIpTc83l8T214BD5w65oQdDYVcRo37+3
+bqRyWAuLy3qYeX8CAwEAAaN8MHowHwYDVR0jBBgwFoAUJTjDrsotdXpbTdTAA5KI
+EyLHbFQwHQYDVR0OBBYEFDtDT7cTpkfkonYlzo4kLdOETiNvMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB9jAN
+BgkqhkiG9w0BAQsFAAOCAQEAfmMUoBvJy5nZ5eICleksT7UiUJ9gyi/uxAYn1NN4
+o61FMj0lyattfHD6gyFFVHW6BrEF2vbDXKug9BWuJI+3xLOIxUsDQ+IP/0juxu9O
+iggb6f9zg1IqmX0YEC05+4MPEidRKLsZh+OYlpCtjCMj94XOFWeM8gHJIhhR17oz
+7VG68tKWMvoo8Tfo4nuYkjQ4nFwAcMKIctL641sxVzMEmDgv9x6oJs/irSqKSLSZ
+pFJrYBYiOU8/GTOL4rlOBEYL4gXW4PJs1HXft761W7Bpwd9SVJA6fogM28XuWr8c
+Gslx+k60FDk0HfYsxw3pTlSubTKp+oYiV7xQgcgtHWLkZA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9C 29 A1 97 81 CF FA AA C3 77 FB C8 F9 3F 64 D4 2C DC C1 7D 
+    friendlyName: Valid onlyContainsCACerts Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EEC5957D68BA54BA
+
+qrY9d5ZVIowhv+2U9J1l+oI/xmuDX1I/6K8ba3cDGtFuYRHp5CHen3LwiqNecqz5
+Q+b03EEk/cKfIFIRBv/iuH27N1yUEQO/zWc2ShxRpcjO6vynx0vBFp+e+2f3PAs4
+1Bqb9mfP3lct0ZznaU/nIXqfTSpFp1cYAQvHVYOr4syFVMFr0hGlXWeliQqaEdlr
+GamfWs9NkieMQCmS6OXJxTQBgu9CKE50K9J1OeVGy+qR9heSWfx0q10vR+Ic29K9
+LHYVWGtLAbgIS8NL9ugwQNnJrRVd7WNnnwTlR1R2+vhAvPiTo16FKIK5pjCVxdFi
+xuBplIVwUPksqoL4uzuQupGHwBpY/6L9SfulBfBmpc+JEARvhj18sSSuYOxBE/5k
+0u1AFc5ltaO3LggseB3yQJAlBGPzqn1t8AQjoXnvo/T0hocYApwlWwXfDI5NE0T+
+T7oyDMed+EyPfegs5Ld1HDS7B5MMsKsTeooxdomAvPjnJHK1tQsVIYRdJ53XsFo+
+0aX7ClDc3G8oK0m97gogQghYdCHAFD4ts1gewHozUUjpxig8SmJ7FPqHvcwXA74f
+iXkXUiPPENhVE4fuydzrfB7SQ+5Esbk6bPb88GHWFod9HnRVA0n5yVg47/pTB8DL
+9wz5DkN/sMYyyE0+3rmsvT5/z0+4GOinV0vWpnMAz6t9huMg2943kLQhEIRXszIp
+PQhA9ljwCFqjv7xl3nbQUP2l6nQeHN6YMzk/0tWAsLR8sbp4NLKvGWYBG4EVrxzQ
+/Oee5ubzznx0loO5QOvfheElAuyRZrWZPxeFajgT1h4UZNwORfTSWWZ4RYk+6GPB
++p8BV3GTpM80CF3O5syUik3zw1TxRgMvr/5mzGmw95Jlr941cGWTyf7OuJjCpL65
+jt7rv8uacSCbu7UQrh4gqBlP/dCUAs2QZaO4dW55eJBDOzDsxgnTqon8loaJlRQc
+mZj+BZ/H+s8N9hazexRF5RLhbcB+p4ef4+5YznMXRphTnhbNLmQh0HXxdliKHmTO
+D72PkEIFJMkkAKY3iONyRCUaYJCajlBo2TiRLMspRsmTszzqDYM5t1MixbHeXLBv
+tPNSdrjgR/jwqMKaFNAjI2EiSkkZpSX6yHwHpSj9WjSRcLPhVJwFpR+wmLDG2tHU
+aC++rFQCDU/blZCkasHZNwB23HEZuF5oVTj59V/L2z/JqptrzxpWzTMfx8xOOLJd
+cQud70en29/mfzXYAe0M2YpIoSokkMOliE0W3DblFcivo6U6oZEbC9nI3otIazZL
+brbcANPIgSPzCtvoQj0ibtqcyZ7QzabzGG2Uemraqmt5HjVbAcPncDm78TB3xdfb
+W0O0MQ8I1lj/o31pvO5Lzd4c4ae57V+gkIy285CTEKwk/BYzujQYbzRuPWjWQxqS
+tZKnRtEfQzqQmqgLeZWwg1yLns+Cl8Zikv5vixQ5V/R9jASohRFyU5DFyj0fR1rI
+EvBO5bRHUU/35ExppmVuY8eUsSwBNR/XG2dFQwLvy+Q29e1TTXsaw4wTmRCJOViL
++eAyUGnv4XKUTr7nKIF4G8tCulMLV9DWChagc1ZJVdFKhQTwN1sicQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18.pem
deleted file mode 100644
index 580d919aa2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UECxMTb25seVNvbWVS
-ZWFzb25zIENBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApawx8YRMPlMQ
-024rS3sld90L6veeiaILQ6LHaLsGJq3VdzR86qrSqOOIC4riSla8gYRwgMxS4ex2
-wjXsRFQbvsG09PcFyRJKJ0NLsY8FiVdShUDwLEohR/cdfL4Z+iCgZdY4iMaILI8a
-MHiBRffd7isOjbgUd8JKQ6DM4ercJksCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFD++QPH3awL7sFnDAKRa4JdUCOkZ
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAzmsqTCqqsyknqgNHYbj4aH461
-hKTEkZRpMSUHjJwKJWFK4fzqdC8DDlCw9rfmNld7RwxcC3/o0J5v3T4KG3C4s9Rr
-eVSmm4Kwvgjmj0tsm0TQbG+B4uLqaFAAmlBTZPYl9ABodUKUP2eKcAL7f98INanN
-/veMciSwQ7N4Ku7Zjw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid onlySomeReasons EE Certificate Test19
-issuer=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
------BEGIN CERTIFICATE-----
-MIIDYjCCAsugAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAsTE29ubHlTb21lUmVh
-c29ucyBDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK1Zh
-bGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBANbeMMLH+IhNKpE0W5mNqU1YnGXZjAhFNF7V
-hMVHkKyGO+6oluHVdrzxL4CoonF40mpNZdCyVA39nKEW2HV1KB2OQ2cjjOpS+n6l
-1eds3MeBCa3z1kzPbsqkkTH+hdmkHnn7gsQNElk+mALZXM/UC+kIRlHIWSmR+FvK
-+gqFZw3ZAgMBAAGjggFEMIIBQDAfBgNVHSMEGDAWgBQ/vkDx92sC+7BZwwCkWuCX
-VAjpGTAdBgNVHQ4EFgQU31n0/apTtgdLpf3g030Om2i0nuswDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCB1AYDVR0fBIHMMIHJMGKgXKBa
-pFgwVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRww
-GgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgQIFYDBj
-oFygWqRYMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czEcMBoGA1UECxMTb25seVNvbWVSZWFzb25zIENBNDENMAsGA1UEAxMEQ1JMMoED
-B5+AMA0GCSqGSIb3DQEBBQUAA4GBACKZfydulpOlfYkHfr+kYAFm8mWYkFty5+82
-g7UQ34pUUcNlmXy2LAvyOnFBy9LJGLpfyqbaZYLyspSseZrYTfdEYRdba4FWLwEp
-iCqeyzac+D1Hr7uRFVocXyd1ZUKWhdA0gfkORdmeNO4HjY3D1+y75qjNutoqK9et
-6C9d+9jH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0b.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL1...`
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:c9:cf:ae:6b:51:3a:d8:ee:4f:85:3b:a7:18:30:00:6c:cd:
-        0f:1a:59:06:50:fd:75:49:44:9a:af:71:a5:74:ca:25:02:e1:
-        fe:c2:0b:15:f4:db:0a:8c:7f:ca:9b:de:cd:bf:1a:2d:3e:10:
-        1a:a9:4a:9b:a9:64:75:01:1c:dc:26:b2:f6:ab:2f:d2:7b:3d:
-        01:f6:fb:64:a4:c8:53:65:b2:80:5a:1d:22:e7:3b:9c:12:92:
-        96:01:0d:74:83:d2:72:c3:a6:34:cb:54:bc:75:c4:34:12:c1:
-        4e:40:2e:e1:28:d7:ea:6d:c1:9a:4b:80:dc:2d:7c:7c:a5:a7:
-        28:75
------BEGIN X509 CRL-----
-MIIB1zCCAUACAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIGgMIGdMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG4GA1UdHAEB/wRkMGKgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgwIFYDANBgkqhkiG
-9w0BAQUFAAOBgQAMyc+ua1E62O5PhTunGDAAbM0PGlkGUP11SUSar3GldMolAuH+
-wgsV9NsKjH/Km97NvxotPhAaqUqbqWR1ARzcJrL2qy/Sez0B9vtkpMhTZbKAWh0i
-5zucEpKWAQ10g9Jyw6Y0y1S8dcQ0EsFOQC7hKNfqbcGaS4DcLXx8pacodQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0c.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL2.....
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Affiliation Changed
-    Signature Algorithm: sha1WithRSAEncryption
-        3d:11:d9:b5:4a:98:2e:f6:01:84:ec:e5:d7:d5:20:45:06:18:
-        19:5e:18:1b:89:27:c3:fc:7a:ea:a7:3e:3d:bc:ff:26:f1:69:
-        90:73:a1:2f:d6:0e:82:36:1b:f7:98:7d:26:2f:07:86:05:58:
-        b4:5f:ce:84:6d:ef:4a:51:e8:40:4a:51:b2:57:46:b6:76:e1:
-        8f:0e:b8:03:16:88:72:c3:88:74:74:76:38:1d:44:87:88:c2:
-        a5:ce:34:cb:a9:bf:a1:6f:e9:96:e3:a7:ab:3f:be:a5:60:b2:
-        4b:e2:bb:f8:1b:84:4e:eb:69:ae:01:f2:5a:e9:78:9d:ac:38:
-        45:4d
------BEGIN X509 CRL-----
-MIIB2DCCAUECAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAxcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEDoIGhMIGeMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG8GA1UdHAEB/wRlMGOgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwygwMHn4AwDQYJKoZI
-hvcNAQEFBQADgYEAPRHZtUqYLvYBhOzl19UgRQYYGV4YG4knw/x66qc+Pbz/JvFp
-kHOhL9YOgjYb95h9Ji8HhgVYtF/OhG3vSlHoQEpRsldGtnbhjw64AxaIcsOIdHR2
-OB1Eh4jCpc40y6m/oW/pluOnqz++pWCyS+K7+BuETutprgHyWul4naw4RU0=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18EE.pem
new file mode 100644
index 0000000000..c0ee2e1cda
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 42 A7 D1 D9 39 66 A1 A3 50 5D 99 15 05 9A 61 3D 4C 09 43 CC 
+    friendlyName: Valid onlySomeReasons Test18 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid onlySomeReasons EE Certificate Test18
+issuer=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA3
+-----BEGIN CERTIFICATE-----
+MIIEBzCCAu+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UECxMTb25seVNv
+bWVSZWFzb25zIENBMzAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGQx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTQw
+MgYDVQQDEytWYWxpZCBvbmx5U29tZVJlYXNvbnMgRUUgQ2VydGlmaWNhdGUgVGVz
+dDE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4x8zxpPGgnBqlIWH
+sva5Yg5I7d0lcKVlJv4pTMjnEXaGboFcTOBu+ZI/ECdX1hLTA+9JLEivrZU996SW
+gWD7JCjq5ULOzD3a+fgDColZY81TP+EfcwWOP84qQHZzBj1LrNczk/nyla4s4aoA
+z3//CHmz6DEEKNlIDk80MLSagvUZo/LJ6QyKx1BecsP8pf6mDxIXpHgf9LrJ4aWz
+xRPFy+Zmoizo3BRQghRGnCTo+fWNwPOJ8nSRTEu926xMiyu2qExL75Ng2dsaMSd9
+dFlJgU86pp8oYfMsFKJal70ofB1QeqpszkAgW+FOEp6R2iabHTWxrYW5aJ7DTyjc
+0SkD4wIDAQABo4HbMIHYMB8GA1UdIwQYMBaAFC0kt5eHLO7aHL7el4Qbr6AVFr5r
+MB0GA1UdDgQWBBSCHuiLoRbi7SpBZu52PliT2MdEUTAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMG0GA1UdHwRmMGQwYqBgoF6kXDBaMQsw
+CQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoG
+A1UECxMTb25seVNvbWVSZWFzb25zIENBMzEMMAoGA1UEAxMDQ1JMMA0GCSqGSIb3
+DQEBCwUAA4IBAQBMDyLf+YjZxO+aN7TIp70Wm8qKs5gEfZQEzKBODxprp9iImKb4
+4PYrLPt3hjUFa9dIZeH/ewoeXdqjIfLwqFZfHBWsNMWXiKOa+N7k/XcTclX1LSPT
+h5HkvbhomN2rvwpUgbnUQKD4PddOfTABJtVzJJwLvY92cgu5/qxwkreeI0FwlFx4
+bnMB6AoCV8jNGlEAVMTrL4YKGVGFYSdWthfbMRvtR6OGfQ1/SLQZeD+7Tzq6dtdV
+qAuRUb9BXemkK85LIcBhvVSHJEmcGocOjKAs+VqxBJlNVcoVUoFDX17/PwInbQmO
+C35YSeFdBh6FNwbalsWkzKl5PmjH2XJCP4Zi
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 42 A7 D1 D9 39 66 A1 A3 50 5D 99 15 05 9A 61 3D 4C 09 43 CC 
+    friendlyName: Valid onlySomeReasons Test18 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DC1A964E9CB7CB53
+
+XWgNPVxoNKAvoa9qvAqymT5p8IVNC09tbQVnV3TTf4ZBX/3qa/apfmQ8u/T0Vibr
+vgYMBwt9L+j4Oujyw9+o83ziUlom9Reor7KmFSO0vYJOIgxPIkHTG5+IXiRSO8N9
+W0jhMRWuHFlpQFXF8AR4+dPAa0KVCzfBGuEwksmmHTYhVboYwN1FrQwxL5Mua89N
+PCUucOWRXrARA0LqA5tTeFGHU3Ou1SIdvaGDxRYoRQjAV2uTQuiILxIPUUOCZR0j
+qE3vZNRW781EgnHF2lVrXaTIgKJXmu0owHS0e/HNTpno4r1JLEBKOdjwgbnilZOI
+c4CWnXi+6CLmLP4rw1QaV/gV+c0uVrPjCCy/1kD2dEF/D7rOfSc/Il6aR5wD6Vsk
+sl3pMpKuhX3YxDShDg6rHp3n2YPRh7x6/bPNbGB1WuXOGFC0SptulTzY1gKW45Nn
+wFHYkjmPDadLhU+5HwpzXeXhJdMHCW+z8TsTGjNIQVRFlbX4PRxWwK8n1FPl5+k6
+1pCZZjdcFXUXNzNXqMXSxd8/7ilnVqXXi1unaoqFW8Zfp8e7FR8ltAUuJL3jOjV0
+Tw7K63B5KmtcpRn/O0J/me+d15343F0QaglJpn3iakNyutyu5zzAzZS4KvBRIXJg
+QyYfm16D9p1AkNOHq7g99N7wnA15JLxqOuE+YB26LSpcRZIker5cGsAfQDWliqOB
+vX86jMET4qPcOmApPaSuRolXlBm7kWjxv9iltr/nPJi1RJOZkfBuGHJ5V+vuNpWJ
+y87y5sgCkGakoG7NASAQQYKHhdKie+//3AWaaxWqr5H3jzUEtaZ2yyqvMmMOle/K
+ePna6WyHQ8a/CQBypPGp9adWO6oUNyDIYbNbq86bw5Eor0JvSQIBWany1Xlzt3Qg
+J6cPxBe4nEktHzv9+bM0fRb6R6mHbu21MQ7JEPoF316E++PM8gC0Mt0R37dRSEvv
+Q+Yy3FNArDeqRdP3BcVsbl93zPz1Su2uyJo8h+o+YCEao48NcttOcMkU/wkSyT0y
+OXvi2YotIsAkryR0ZvXcfWkKl1kt2qBR7qOvVedWiwgeIjyytgHi9PAPqAYw+Aia
+ZlGRPaiqCIEmwu2HiJ1A5+lrW5vK6UWtwrWM3XJKjcPSW493auFURyAKdA3jvhCu
++7PEV4m7AksM+N+rjObGFbonEIqTov1cIj+S4DqnOpOvc0LEvNumIY5iZtIZrkDT
+93JQODsyGgs4mnlV7BFhWiGaEIhOV2nSANz2VQc7mN2RyUdajg4nTgCsTK0j7OVb
++aFYXlJ9KB4484n4BRJ8LOjjGpsUegvVqt2QP56YyI02Du13YPCkzIjOUA4lMWRk
+q52k69X55d8kI+EE7Sn18Veo80Idq6vA9wlYzk16hg3cyI0uEpwtbTNF5j/PG1yf
+IsMpj+KJPDx+P9PNZC7fnb5J9ok6yxy/G/GOTvLuqHUZtoYhSW4UL3aRwzs8hgTP
+n/1Yg4GETmNRQu06tgrwOIa6iyXV6ulsFnn1J3jgZlbbAXqyP2lZR5M9lQn4oPuy
+8AdX/QtJJzqjgWD0GUYWCg7l+rJa+Hqqwr2U0kz8t6mS2HTPVtutUQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19.pem
deleted file mode 100644
index 580d919aa2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UECxMTb25seVNvbWVS
-ZWFzb25zIENBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApawx8YRMPlMQ
-024rS3sld90L6veeiaILQ6LHaLsGJq3VdzR86qrSqOOIC4riSla8gYRwgMxS4ex2
-wjXsRFQbvsG09PcFyRJKJ0NLsY8FiVdShUDwLEohR/cdfL4Z+iCgZdY4iMaILI8a
-MHiBRffd7isOjbgUd8JKQ6DM4ercJksCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFD++QPH3awL7sFnDAKRa4JdUCOkZ
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAzmsqTCqqsyknqgNHYbj4aH461
-hKTEkZRpMSUHjJwKJWFK4fzqdC8DDlCw9rfmNld7RwxcC3/o0J5v3T4KG3C4s9Rr
-eVSmm4Kwvgjmj0tsm0TQbG+B4uLqaFAAmlBTZPYl9ABodUKUP2eKcAL7f98INanN
-/veMciSwQ7N4Ku7Zjw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid onlySomeReasons EE Certificate Test19
-issuer=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
------BEGIN CERTIFICATE-----
-MIIDYjCCAsugAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAsTE29ubHlTb21lUmVh
-c29ucyBDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK1Zh
-bGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBANbeMMLH+IhNKpE0W5mNqU1YnGXZjAhFNF7V
-hMVHkKyGO+6oluHVdrzxL4CoonF40mpNZdCyVA39nKEW2HV1KB2OQ2cjjOpS+n6l
-1eds3MeBCa3z1kzPbsqkkTH+hdmkHnn7gsQNElk+mALZXM/UC+kIRlHIWSmR+FvK
-+gqFZw3ZAgMBAAGjggFEMIIBQDAfBgNVHSMEGDAWgBQ/vkDx92sC+7BZwwCkWuCX
-VAjpGTAdBgNVHQ4EFgQU31n0/apTtgdLpf3g030Om2i0nuswDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCB1AYDVR0fBIHMMIHJMGKgXKBa
-pFgwVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRww
-GgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgQIFYDBj
-oFygWqRYMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czEcMBoGA1UECxMTb25seVNvbWVSZWFzb25zIENBNDENMAsGA1UEAxMEQ1JMMoED
-B5+AMA0GCSqGSIb3DQEBBQUAA4GBACKZfydulpOlfYkHfr+kYAFm8mWYkFty5+82
-g7UQ34pUUcNlmXy2LAvyOnFBy9LJGLpfyqbaZYLyspSseZrYTfdEYRdba4FWLwEp
-iCqeyzac+D1Hr7uRFVocXyd1ZUKWhdA0gfkORdmeNO4HjY3D1+y75qjNutoqK9et
-6C9d+9jH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0b.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL1...`
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:c9:cf:ae:6b:51:3a:d8:ee:4f:85:3b:a7:18:30:00:6c:cd:
-        0f:1a:59:06:50:fd:75:49:44:9a:af:71:a5:74:ca:25:02:e1:
-        fe:c2:0b:15:f4:db:0a:8c:7f:ca:9b:de:cd:bf:1a:2d:3e:10:
-        1a:a9:4a:9b:a9:64:75:01:1c:dc:26:b2:f6:ab:2f:d2:7b:3d:
-        01:f6:fb:64:a4:c8:53:65:b2:80:5a:1d:22:e7:3b:9c:12:92:
-        96:01:0d:74:83:d2:72:c3:a6:34:cb:54:bc:75:c4:34:12:c1:
-        4e:40:2e:e1:28:d7:ea:6d:c1:9a:4b:80:dc:2d:7c:7c:a5:a7:
-        28:75
------BEGIN X509 CRL-----
-MIIB1zCCAUACAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIGgMIGdMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG4GA1UdHAEB/wRkMGKgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgwIFYDANBgkqhkiG
-9w0BAQUFAAOBgQAMyc+ua1E62O5PhTunGDAAbM0PGlkGUP11SUSar3GldMolAuH+
-wgsV9NsKjH/Km97NvxotPhAaqUqbqWR1ARzcJrL2qy/Sez0B9vtkpMhTZbKAWh0i
-5zucEpKWAQ10g9Jyw6Y0y1S8dcQ0EsFOQC7hKNfqbcGaS4DcLXx8pacodQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0c.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL2.....
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Affiliation Changed
-    Signature Algorithm: sha1WithRSAEncryption
-        3d:11:d9:b5:4a:98:2e:f6:01:84:ec:e5:d7:d5:20:45:06:18:
-        19:5e:18:1b:89:27:c3:fc:7a:ea:a7:3e:3d:bc:ff:26:f1:69:
-        90:73:a1:2f:d6:0e:82:36:1b:f7:98:7d:26:2f:07:86:05:58:
-        b4:5f:ce:84:6d:ef:4a:51:e8:40:4a:51:b2:57:46:b6:76:e1:
-        8f:0e:b8:03:16:88:72:c3:88:74:74:76:38:1d:44:87:88:c2:
-        a5:ce:34:cb:a9:bf:a1:6f:e9:96:e3:a7:ab:3f:be:a5:60:b2:
-        4b:e2:bb:f8:1b:84:4e:eb:69:ae:01:f2:5a:e9:78:9d:ac:38:
-        45:4d
------BEGIN X509 CRL-----
-MIIB2DCCAUECAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAxcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEDoIGhMIGeMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG8GA1UdHAEB/wRlMGOgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwygwMHn4AwDQYJKoZI
-hvcNAQEFBQADgYEAPRHZtUqYLvYBhOzl19UgRQYYGV4YG4knw/x66qc+Pbz/JvFp
-kHOhL9YOgjYb95h9Ji8HhgVYtF/OhG3vSlHoQEpRsldGtnbhjw64AxaIcsOIdHR2
-OB1Eh4jCpc40y6m/oW/pluOnqz++pWCyS+K7+BuETutprgHyWul4naw4RU0=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19EE.pem
new file mode 100644
index 0000000000..ce783f6d22
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 23 3F AC 65 5C BD B4 11 55 FA 12 15 B8 BD F4 B7 AA 63 89 68 
+    friendlyName: Valid onlySomeReasons Test19 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid onlySomeReasons EE Certificate Test19
+issuer=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA4
+-----BEGIN CERTIFICATE-----
+MIIEezCCA2OgAwIBAgIBATANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UECxMTb25seVNv
+bWVSZWFzb25zIENBNDAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGQx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTQw
+MgYDVQQDEytWYWxpZCBvbmx5U29tZVJlYXNvbnMgRUUgQ2VydGlmaWNhdGUgVGVz
+dDE5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYaYmevtVXzOSYqg
+VGMWu24TJ5L1gx1O3gTuPBCkQE5QZVa23vo3dDpL2m3SpMJ3kWJuPkIAA4eobyIk
+IYqZCsSO9y6zKfhCFOG/ynddUbglmcigcjzA4uZ8wNTXgV2shFYtxCcU/3Tbr8IT
+Q/bbX9/eMw+8vNtIZdM6MieX9/fwa5WkQJqhOYyPJJ9NfeJmwSnjd6WC5mkA9hBa
+0RqL34l8mhiARM9sO8p7uv2cTm7hKTQ133RhnWX5wwbiRB3H18pG/Ikw+2Fel0u2
+PuI4qXbevmzjL/83sf/unZt8++MeiyUVYSJf/V4yRuRW/kFAOPExJJyCoaZeNp1i
+SGa9pQIDAQABo4IBTjCCAUowHwYDVR0jBBgwFoAUvmbcHgwGO/bTiDSRUyaBDWgX
+bskwHQYDVR0OBBYEFORDdLxa0SqQZuQsnjKT0Gwdhm7KMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwgd4GA1UdHwSB1jCB0zBnoGGgX6Rd
+MFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgQIF
+YDBooGGgX6RdMFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQD
+EwRDUkwygQMHn4AwDQYJKoZIhvcNAQELBQADggEBAEp1pHXjSGjq1N6Oe2KCTqvs
+TW/SpD8ezjGgyAUwU15I2sTCRhIUeRMZPFVkNqSmDfSp+xNWa8WwXgTaUpcbN3/+
+SC7WefRmx82NMFGZ7lshpwd/LdcagG8oK8jyC8Lec73qpDeObhwo2VTWUs2KfcgE
+Q9QP0QL8xO5v2VbQovLHIu1H4vqqYYCgZ/dZ7ctiatxFEHo36PP57+gRbBGPkubg
+c7TC0UWF2z+m+LeBtSQBXyifUIhqcbWkXz0fqpf12/6BVrKsRnpICJhKjYBhpS9z
+mORlC3jZn479qEASq+HfY/T5aaWJvIhZbsRd50GZerNg6DhQfNj8bJvnBx77CSI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 23 3F AC 65 5C BD B4 11 55 FA 12 15 B8 BD F4 B7 AA 63 89 68 
+    friendlyName: Valid onlySomeReasons Test19 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F770B6331EB6E985
+
+00hiEinPPF507CjG5k30QFMeFtpvVoaSvIV3gwKZs1fxsHhMU58Aw8ir9muU7mOI
+KoFHC2JYytoX+BQWmkvSFtqiQEuWmQNcdQmuWXz0HqbmtTSqxC7kI+rDhseetO1f
+Varfou/gU07P29NHTVArxr4cG9GxeArnsV1xT6/hChXuKFHk3Rlb1mkVDR5hojtc
+70z+t6Fpr2csBiu+s8JbI0GdUspsLTCNSJAZDhXaPbrVA2mb/F5m1+soUb8filGJ
+a7YfR6EOAL5BlO4AKJsmW9DuDz+ZUp/NbaCQMIOUUcFqhTQlez3vWp9RH6yvzbUR
+NZe7wEoj5U2JPPj8MKPJRkFVIYv/VL5BsJgjMKz1CAx/ev4SNchBjctph/WlJ/Yh
+DEhdqQv3cS6n3cwY5UVkKjBIMLT0rFDcCrPUC1PttwMv+/qj67jaLjqSkHH37m6b
+RzLgUP7iZCWT/4kzRTQ/PZ3loErNYXqgINLmk3uAQYMMGWXK2I0/O6Ib0YiAg91n
+8NbD7ii8Xi2tvBUgqmUNA4HPBxDaadeuMF9cyZgNRghgM1pFXHCMx+jY9NTFfkQz
+hEQwGmw5FlDIlJzuckUVrwKp2D+ewkThuCPl4xIEq0UG6L7ZDVhZ3dNlZzaXuhk7
+zJpcNLIbTkZEw+xaO4vYkKa7XwmGZ6L6Q0rf1DPyYscLp7P6Ym4AIlzFepb8sdjT
+NrkjDy/OpU/W9HzIT08WQv31uPtaxqthMrRyAQiqcSRqrye80/hXu3YFGjRh1QfV
+AT4gMdC/SZUrWb2YSBieE8uHW5/5PtJC8WKQFWg7Rth8noeRb/f5jU8UiqLN1YSO
+pXXPo1MA1UBNc5aXYHtsg+4uDz1osvOrKgrU3D1JRi6NNcVg6VNYwy/E4etYvDJX
+sTYvnoU1XNPMFpEFzjPNhllYZ43V7C45LgZadsdG6JMY/6/QBysiv3uvP6ckxOUq
+WHM4Q0ifWtAgAPKLLgZiol6r0R4WUihsZHawn/Dwwcj97/zxPFTroN81l393sGQJ
+oESU/RMR/ZzGBJFaV/Hn15MdNGSp2SRGCi0xaOrEfx+kOHDWJbMe9Kl9KMQMngPL
+2qLKLl0Me4fBq5xhxq4t6F21/c3a5dwpAU/mK1UKKQtQSQ0AXcZSSXlvrk0x02jf
+sOoR5+mKYCky4dxBq1DkLmpOSk/G5GxDQ6MU+UVi+6/9KQ/CEgCu/TafYtgjwGfL
+He7d7NnduXYcdLXuxFZBDRJoLNIXGzTbJWF2wIXdxLx30OV9X7HvRV4DfBSX0Yq0
+o5ohzToT3QSY60JHDnhqsvpp95FlZgfuIqdC75Nz9gK6hD5OakQ/dyGEDFrWGyuh
+5Lf3t/YC7yd8E9c6SicH/ijOnuXwdm+Xqefs5VFPNfC+PBwTjVUHFdG9peFFyjq2
+mW5T+BBCwumWvlyudUDGRWisNP/xa/ooKieP4sQgGFQADwRD+bb7V0eHP92dC4i/
+jHnRq1u8wE+ce+usn2CzZIuzOzpPdKAbG9LMJeCdGQU7L3VJ4YkEB6IqOrrfHRdD
+aO9DnZLtH6kVi0vM4UJAYt9rCw+GjQOlO//fb/rFOe/JpFBD2kPQf5VPxsNl/xIY
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13.pem
deleted file mode 100644
index b183ea4aec..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13.pem
+++ /dev/null
@@ -1,262 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAvfifKseM6a2SLDsRFhGp/REqaFlx95O6qTUy4GtxendIFOtyadcv+Krt
-MtbMq5gpTipTi88pg9PZJgu5WNbNCBTw9a4LVmuK7vW7+qc4vKAiHMx1C36i+M/u
-xAyxABnaB/+3GuTXBVh2UaFyc0y742BlOGiJQec4j12Ympn+/D8CAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFEg0CFSm
-7E/ZmBQh7NRjsSNv7Xk+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBBDANBgkqhkiG9w0BAQUFAAOBgQBH
-GNn47Kmou/bb4DJqEWK0rYy18Luf89VyfaGcLrRx55hJopWTol/7VNHK/PcEcYZR
-FvrRx3+j/FmPw7KdZhr7vswlOw+Al6Izo2NpTdI71n9v0mWk0aMnagaU1/HhVCo0
-MFmjWB6hXagaUlj7PMUGxJhJDLGVxim5OsTKsDyQsA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTQxMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDEkec8+m6bpWo+4WFbIZq5Ex3/ooPS1Ag0V67MSbWUopjA
-ZSFFn1jMVuyJwvVJcWhm60beqAFCWAgdUw39yw1AH1ZjF80S0i7gOs1ecJOgcJlH
-l12ROKtYyawcnvh97Riu5uNhddo7GNP8imgxuTm+KCMgA2Yje/3+s+kkJGrmmQID
-AQABo38wfTAfBgNVHSMEGDAWgBRINAhUpuxP2ZgUIezUY7Ejb+15PjAdBgNVHQ4E
-FgQUxsXdPdf7dENAydCq5aEK1oE0ihEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAHXkSFfYx3eChLIW3r9jR5s+WkJP7zC2MDwTim6sqK9EEdF8u7jpSM7A
-injU005gD9O+daXiOhdTWtO6tHG5lU4F0pz1/gf6NabgsIZcCY5ihmO0sg9yFw2x
-m9ZtI0lrFDJVVMb2TTzSg2BCk/4WrjCu8lyZKeHb3/MPXrhVI6QI
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid pathLenConstraint EE Certificate Test13
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJzdWJDQTQxWDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMGExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czE2MDQGA1UEAxMtVmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNh
-dGUgVGVzdDEzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt+goZGlfBA+Us
-3gYzg2H1q9xTS0jsUbdAWR+UyFhwlPTu9s29bJOQlgYCeMoZsW60iIbUbQjcq5Uz
-cVH3GuHEdnVZi+2PuExwKCPfJd5AlZLlHF2/rXEitua/1jfZeCG2APIo6Fo6MyRm
-DjXSMXVDa+34SxTNsxmRL5mRkAU14wIDAQABo2swaTAfBgNVHSMEGDAWgBQQleeK
-lnT5PPSbBqlJ88GaP85wHzAdBgNVHQ4EFgQUKiHe+m/ll4aKUr4X5q6GcSIkJkEw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
-9w0BAQUFAAOBgQBg1xu2EY6shLYeKkVPx8VQMKHQwihQdDRH5Ehqsrgw5t3hALFO
-PjKZ7qdAOOWJA0Y8HmswJswQ9hYMEPkUdGLcE6ssQLySaRecEK5uW5/fWrs451uq
-5hyC55DEHEaJBbvzzBy4eftZcJrQv+QQTxhBH82+/LT02FkYqfjuUPIYSA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTQxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowVTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSow
-KAYDVQQDEyFwYXRoTGVuQ29uc3RyYWludDYgc3Vic3Vic3ViQ0E0MVgwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBALlp+FnExwi/Gj0ZI91kqo4pmnqqOhGFj1B7
-BwwpwPKi9bTS4V7SoF/789+rQvetsKPMvlFqlJxAJDAucVf9IcHun+JONgiIUcLB
-o1x/hhXffJx5AKaTGK3lCSkXqT2ivI8QJNTTjDgv3gvwGg97WVPlbOeZEPbwMzlx
-i4oq4uHXAgMBAAGjfDB6MB8GA1UdIwQYMBaAFMbF3T3X+3RDQMnQquWhCtaBNIoR
-MB0GA1UdDgQWBBQQleeKlnT5PPSbBqlJ88GaP85wHzAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQEFBQADgYEAuzFHa2SgbDIRvfbqmMe+p2l0M4gJMEc3r2caaovmKgfuVyBl
-n0JdZN2rzlYFV4jZbJ0wa89PzLIDtmptUctcO0DO/P+ofx8uAATdFhL4yMmHkK9L
-XVBrdANbZSBZ+8WXKrnvsJArX0vtQax8znEaTUskMtDe6gjzZsb957dYCCU=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:48:34:08:54:A6:EC:4F:D9:98:14:21:EC:D4:63:B1:23:6F:ED:79:3E
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        7a:5e:e4:e2:af:00:5c:48:3a:c2:36:d1:97:10:66:06:b0:04:
-        8c:37:8b:96:01:b2:c1:bc:b5:3a:8f:b5:44:05:db:84:2a:85:
-        c1:7c:96:fd:b3:6c:1d:47:69:63:e6:a2:d5:6b:29:76:e2:72:
-        e1:4b:6a:d4:06:22:80:cb:58:0a:39:aa:47:45:a0:84:d0:9d:
-        d4:e5:00:13:71:ef:bb:3b:27:b0:e5:93:cf:b2:05:87:43:8d:
-        bc:a5:7a:50:8f:22:43:48:df:9a:e7:cc:8c:3e:54:fd:16:85:
-        3e:e9:a2:47:4f:f8:ae:94:85:32:4a:88:94:b7:c4:13:62:11:
-        6c:b8
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTQXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFEg0CFSm7E/ZmBQh7NRjsSNv7Xk+MAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAHpe5OKvAFxIOsI20ZcQZgawBIw3i5YBssG8tTqPtUQF24QqhcF8
-lv2zbB1HaWPmotVrKXbicuFLatQGIoDLWAo5qkdFoITQndTlABNx77s7J7Dlk8+y
-BYdDjbylelCPIkNI35rnzIw+VP0WhT7pokdP+K6UhTJKiJS3xBNiEWy4
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C6:C5:DD:3D:D7:FB:74:43:40:C9:D0:AA:E5:A1:0A:D6:81:34:8A:11
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0e:71:9b:f6:ad:39:6e:d8:be:f8:b2:87:85:75:4b:35:16:3c:
-        e7:52:48:af:e3:b1:7b:6d:1f:2e:59:59:81:af:cc:88:37:3b:
-        78:f8:4d:7a:81:e6:6e:23:50:4c:80:f2:e9:d5:cf:79:ce:e8:
-        9e:f8:c4:82:2b:6f:4a:ab:29:bd:5b:34:57:5f:31:5d:3b:a6:
-        b5:da:8f:57:4b:07:e2:5f:e3:f1:b0:8f:25:92:f2:c6:57:26:
-        9a:4e:36:d9:c9:6b:37:f3:0f:7d:81:b6:2d:6c:f7:c7:76:d7:
-        3e:29:67:8b:2e:01:9a:f8:90:2c:53:da:a6:c7:6c:b6:56:09:
-        fb:df
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTQxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBTGxd091/t0Q0DJ0KrloQrWgTSKETAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQAOcZv2rTlu2L74soeFdUs1FjznUkiv47F7bR8uWVmBr8yI
-Nzt4+E16geZuI1BMgPLp1c95zuie+MSCK29Kqym9WzRXXzFdO6a12o9XSwfiX+Px
-sI8lkvLGVyaaTjbZyWs38w99gbYtbPfHdtc+KWeLLgGa+JAsU9qmx2y2Vgn73w==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:10:95:E7:8A:96:74:F9:3C:F4:9B:06:A9:49:F3:C1:9A:3F:CE:70:1F
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        06:af:3f:80:68:02:24:ee:c0:3f:33:5b:62:49:01:cf:ee:87:
-        f7:92:49:33:a2:b1:b0:6c:e7:23:7f:4a:8d:2a:1b:e9:31:fc:
-        04:49:76:f2:f6:92:d2:b3:32:70:50:71:9f:12:ab:03:6c:2d:
-        a7:0f:81:ef:fb:01:3e:3f:09:b8:df:e8:4e:28:c9:5d:fa:a3:
-        ef:64:db:b9:cb:8f:66:a2:b5:ba:17:f3:05:62:5c:8c:5b:75:
-        f6:7e:54:aa:30:59:0d:50:c1:23:90:c9:91:06:49:1e:bf:23:
-        de:88:c6:7a:39:0e:6e:11:cc:44:44:40:2e:08:82:65:e8:74:
-        9d:60
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJzdWJDQTQxWBcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUEJXnipZ0+Tz0mwapSfPBmj/OcB8wCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEABq8/gGgCJO7APzNbYkkBz+6H95JJM6KxsGznI39K
-jSob6TH8BEl28vaS0rMycFBxnxKrA2wtpw+B7/sBPj8JuN/oTijJXfqj72TbucuP
-ZqK1uhfzBWJcjFt19n5UqjBZDVDBI5DJkQZJHr8j3ojGejkObhHMRERALgiCZeh0
-nWA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13EE.pem
new file mode 100644
index 0000000000..79507de0d1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2D FA 1C 30 3E E6 37 A1 12 BE 07 77 3B 17 6E F8 9F 00 3A 06 
+    friendlyName: Valid pathLenConstraint Test13 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid pathLenConstraint EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA41X
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNBNDFYMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowZjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExNjA0BgNVBAMTLVZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVF
+IENlcnRpZmljYXRlIFRlc3QxMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBANGvSnWvqPuuQwnBzwyPeG9cwJSQU/bvAAFK1V8D6Yb5dGmKu++FJuY3+qmG
+uzN3K1HFo1C/84fQ0UFNp/6H9r+9yUZ3RRSvr8A4JA0CUUv+mXfbd7+HzCqqyj0i
+RSreaFuiXaM4QAH56nrfg31qQGb1QC14tpEXlBp8YnGh2PRbbdJQf8JbxMOlhWB9
+A8+Dk0gwSVqUZ0nPDFy2OLQ3cEQTgjnihXBJqHztLtj4rQkwWbQCNIThrZ+XszkW
+6rcGygZ7ZACnuuHOG5UK6qxakReo8ZuW079tnFJCPSyPk54dHLlTrsz6LyyBQBKv
+2PzZAQcnzZWHJLoACwhOWUQ9dz8CAwEAAaNrMGkwHwYDVR0jBBgwFoAUoe2i8zVU
+pZ+8Y+ZHalMkbEoMciwwHQYDVR0OBBYEFLdJcbHtcyweaP/yNyrJR7L7kfqpMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
+AQELBQADggEBAJTElUFCT4pcCXUHleZsjeg3hPXNJIWYLr3/MACyrDpD7M4kb1J/
+v03VUo6r9wFgd2LE8Q9kghkRsQ1BvdGX9FijaPDMZ31kPpU1EelGutxkjU21mz6x
+lXLb4ql8QBCLDZ+N2mEQ8y/KCYpSkKJK2X5XHQ8LRn0b/QKK64UmF4uZFxKA5Ez8
+q1bescEhdWiAZBrFv5t+OhSHbRkRtLNB2fHkzkovVrhSgrG/qcsGInWTvF1RnV40
+iP7VcosKbEynP8p5LQMIjt7d4f+PocFcSIVwgcVfZdwx9MS+nAj29Ynu9vQENFHI
+xwRm/XT3hYzGswzrl5RhHyyjgAvjxwSaxfU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2D FA 1C 30 3E E6 37 A1 12 BE 07 77 3B 17 6E F8 9F 00 3A 06 
+    friendlyName: Valid pathLenConstraint Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C045A0179BFD32F2
+
+0PhVbeIHszH6dY1ZI4AbD2whyIF4mwSnK0v+/EzbQixapqiVpM5mjsogGfNjH0xA
+/LUFFI75lMUJDQSstlUiDAVLBhLadSx2K7EQe7Yh+biVi/xlqObKauYzF8IUGl76
+CNU1DNvrf3HDU4GE/7nxrYWYjBZt6upNHjaek4UoyfiJT8T3hmOhhAFYxb0lxs8Z
+SnrGzb5eFWNSvlr4gTvvbb48PLrWzKk8DeuirhV23c4n6sj7pEcY1+rNVPxNm9oU
+43sOY4IEfr+CFXxQBFUTseVkLWpLLDdkPFiIgcmVSV8vaSwnsIQ3ciBxge/wZJMU
+78OyHkkUquZV+cCKrgpgChMin1u2wn08QyPwETdpMobc+g7Ydb+eyU39kMSIPP3t
+UrFsmTTPygF11iwkSbPzToQ163O0TOmqD0BcJsWxTVjbHSTnNJ4hVie8xIAShjAa
+9U04QPBp7gb7npf4dIEIh6Yyf9AQyLqwDgSZv2VO+M9G1EMxpNflsYLU6s3V1efM
+kXk9EPA0j0piq5xMdSf+AqRLieSkIm53fFENvfz0CcauOwSQ0Trm2S6vLzIp/IYA
+ZaCqwba9QqusemG/CfKKc4oCKeF+hFk5D21d+s5XGhmWjrkaWn7PQLxNnIiuZ+5s
+CIabBUjQHWreoBPw9QOQwbJMfTJYmfldZll9KnlLlo296Qb+uWLZTbtk3/ZEQ5go
+1iJp35jEs82nI9NVazSS98CXHBUCUOlHM0caxq3irssQlLz9nbnUODlrZ3CSaW8V
+wOsYkAnN6lFImq+1LqrSVtVqtESY6aPBt8GWS9UHx2n9MfRlPBKQLUJGnOG9+ktW
+tuayerk2V86x1R8c1YEbhqU+g//l1UoAOAEOfndkb4JNAgVXAxIhU2WpJUs9EGZR
+43nYgJ+IwiHWpWmB1TMgTMU+qFo+QjVYyZkGVyO2FUY2CaD5oq1MUGS0uDkfXq34
+8yBjCCskYG+eTnktrbJ86844oAObQiour2zVcQz3oI+uivn7XJBuLP/np2RLwQow
+yyXMzJIY+WO/WkZDPmXRLNToHaK6NG9/JVP6Z5WaZSHf1qrIHzH1optKT4YVJmmQ
+ZKbkVg1vsDmvaDMEaETzw6W8UUlrEc81HIlC03qKbmWVQKj/B6vvWefhXl8HCeWA
+OIeLhLVqJL5ZSQdnMdF33uhGOvhAWkUUmCEplixC+bRWdEhFoorZLHmuoML1WQ1X
+O8P9EkAuHxNzTv/FuPl+GHC3dkQrxFi0BNBKfUXhpK3E+/UAztcDlX4FNytLv7Q7
+FLP1yJ7Em2S87yeX4dRtG2OvNR8/gRWfNoZBxd3CU4mMg1IwXCZnpk5Odz1i/obJ
+yLUdymiAjHMZ3EyAhTxofDSwmakWjP8tzcXppcMJC6ghMHDd22KtYJztt/qG691G
+k77Ygq693ub+2usd/6aBmzOQMDAzj1aqAPUzd0yM36Cm7OmgJV3ZJ5C26XBOLP00
+oAa4UklbL5erfU6qMimMMdqbmKUd4whyvx9fKSdhGhFZ0VoOrT80CyGzVnnxC3fY
+Uw7NB+13ZruVC6SYCD1R7rRUUZgu9GbYdUx0Te12rrQozXMajPFy6psTUqEFusv5
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14.pem
deleted file mode 100644
index fb615f5434..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14.pem
+++ /dev/null
@@ -1,263 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAvfifKseM6a2SLDsRFhGp/REqaFlx95O6qTUy4GtxendIFOtyadcv+Krt
-MtbMq5gpTipTi88pg9PZJgu5WNbNCBTw9a4LVmuK7vW7+qc4vKAiHMx1C36i+M/u
-xAyxABnaB/+3GuTXBVh2UaFyc0y742BlOGiJQec4j12Ympn+/D8CAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFEg0CFSm
-7E/ZmBQh7NRjsSNv7Xk+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBBDANBgkqhkiG9w0BAQUFAAOBgQBH
-GNn47Kmou/bb4DJqEWK0rYy18Luf89VyfaGcLrRx55hJopWTol/7VNHK/PcEcYZR
-FvrRx3+j/FmPw7KdZhr7vswlOw+Al6Izo2NpTdI71n9v0mWk0aMnagaU1/HhVCo0
-MFmjWB6hXagaUlj7PMUGxJhJDLGVxim5OsTKsDyQsA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTQxMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDEkec8+m6bpWo+4WFbIZq5Ex3/ooPS1Ag0V67MSbWUopjA
-ZSFFn1jMVuyJwvVJcWhm60beqAFCWAgdUw39yw1AH1ZjF80S0i7gOs1ecJOgcJlH
-l12ROKtYyawcnvh97Riu5uNhddo7GNP8imgxuTm+KCMgA2Yje/3+s+kkJGrmmQID
-AQABo38wfTAfBgNVHSMEGDAWgBRINAhUpuxP2ZgUIezUY7Ejb+15PjAdBgNVHQ4E
-FgQUxsXdPdf7dENAydCq5aEK1oE0ihEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAHXkSFfYx3eChLIW3r9jR5s+WkJP7zC2MDwTim6sqK9EEdF8u7jpSM7A
-injU005gD9O+daXiOhdTWtO6tHG5lU4F0pz1/gf6NabgsIZcCY5ihmO0sg9yFw2x
-m9ZtI0lrFDJVVMb2TTzSg2BCk/4WrjCu8lyZKeHb3/MPXrhVI6QI
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTQxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowVTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSow
-KAYDVQQDEyFwYXRoTGVuQ29uc3RyYWludDYgc3Vic3Vic3ViQ0E0MVgwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBALlp+FnExwi/Gj0ZI91kqo4pmnqqOhGFj1B7
-BwwpwPKi9bTS4V7SoF/789+rQvetsKPMvlFqlJxAJDAucVf9IcHun+JONgiIUcLB
-o1x/hhXffJx5AKaTGK3lCSkXqT2ivI8QJNTTjDgv3gvwGg97WVPlbOeZEPbwMzlx
-i4oq4uHXAgMBAAGjfDB6MB8GA1UdIwQYMBaAFMbF3T3X+3RDQMnQquWhCtaBNIoR
-MB0GA1UdDgQWBBQQleeKlnT5PPSbBqlJ88GaP85wHzAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQEFBQADgYEAuzFHa2SgbDIRvfbqmMe+p2l0M4gJMEc3r2caaovmKgfuVyBl
-n0JdZN2rzlYFV4jZbJ0wa89PzLIDtmptUctcO0DO/P+ofx8uAATdFhL4yMmHkK9L
-XVBrdANbZSBZ+8WXKrnvsJArX0vtQax8znEaTUskMtDe6gjzZsb957dYCCU=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid pathLenConstraint EE Certificate Test14
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
------BEGIN CERTIFICATE-----
-MIICqDCCAhGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJzdWJDQTQxWDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMGExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czE2MDQGA1UEAxMtVmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNh
-dGUgVGVzdDE0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTcyx/sZXkB7EZ
-X9U9aJCVucbvSK3QXJ38Ej+ZM7agOIkJnMypA0BzQ43FvxbDlx67ynhH3au4nFw9
-niBIPF0hg9LKJBYQDlFhdCPd441gpnEOtT5abklFPScEoi115OUSsoA94VZwjdmz
-rxb5Scji7OZYKtBZumvQ+YxbZGKi9QIDAQABo3wwejAfBgNVHSMEGDAWgBQQleeK
-lnT5PPSbBqlJ88GaP85wHzAdBgNVHQ4EFgQUSa5vCfYgmh0xBcsnTTGEttOhtX0w
-DgYDVR0PAQH/BAQDAgH2MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABdfALk3+cW2GpEztpvr/6wgOkaJ
-ev+/WwDgW5YTiVGbLZRr+5qrxz8Log4b4Y/OYyrwh+J/gmQFP34wHEm4ReZHcfyD
-4k6Ji2dWxqLaocQVROOZ9n+vqSFC63nNE/ZDNnsUErkEQJdX7f7HMDZoDI0wryrp
-3fLY+NJlyePm6r1M
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:48:34:08:54:A6:EC:4F:D9:98:14:21:EC:D4:63:B1:23:6F:ED:79:3E
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        7a:5e:e4:e2:af:00:5c:48:3a:c2:36:d1:97:10:66:06:b0:04:
-        8c:37:8b:96:01:b2:c1:bc:b5:3a:8f:b5:44:05:db:84:2a:85:
-        c1:7c:96:fd:b3:6c:1d:47:69:63:e6:a2:d5:6b:29:76:e2:72:
-        e1:4b:6a:d4:06:22:80:cb:58:0a:39:aa:47:45:a0:84:d0:9d:
-        d4:e5:00:13:71:ef:bb:3b:27:b0:e5:93:cf:b2:05:87:43:8d:
-        bc:a5:7a:50:8f:22:43:48:df:9a:e7:cc:8c:3e:54:fd:16:85:
-        3e:e9:a2:47:4f:f8:ae:94:85:32:4a:88:94:b7:c4:13:62:11:
-        6c:b8
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTQXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFEg0CFSm7E/ZmBQh7NRjsSNv7Xk+MAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAHpe5OKvAFxIOsI20ZcQZgawBIw3i5YBssG8tTqPtUQF24QqhcF8
-lv2zbB1HaWPmotVrKXbicuFLatQGIoDLWAo5qkdFoITQndTlABNx77s7J7Dlk8+y
-BYdDjbylelCPIkNI35rnzIw+VP0WhT7pokdP+K6UhTJKiJS3xBNiEWy4
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C6:C5:DD:3D:D7:FB:74:43:40:C9:D0:AA:E5:A1:0A:D6:81:34:8A:11
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0e:71:9b:f6:ad:39:6e:d8:be:f8:b2:87:85:75:4b:35:16:3c:
-        e7:52:48:af:e3:b1:7b:6d:1f:2e:59:59:81:af:cc:88:37:3b:
-        78:f8:4d:7a:81:e6:6e:23:50:4c:80:f2:e9:d5:cf:79:ce:e8:
-        9e:f8:c4:82:2b:6f:4a:ab:29:bd:5b:34:57:5f:31:5d:3b:a6:
-        b5:da:8f:57:4b:07:e2:5f:e3:f1:b0:8f:25:92:f2:c6:57:26:
-        9a:4e:36:d9:c9:6b:37:f3:0f:7d:81:b6:2d:6c:f7:c7:76:d7:
-        3e:29:67:8b:2e:01:9a:f8:90:2c:53:da:a6:c7:6c:b6:56:09:
-        fb:df
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTQxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBTGxd091/t0Q0DJ0KrloQrWgTSKETAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQAOcZv2rTlu2L74soeFdUs1FjznUkiv47F7bR8uWVmBr8yI
-Nzt4+E16geZuI1BMgPLp1c95zuie+MSCK29Kqym9WzRXXzFdO6a12o9XSwfiX+Px
-sI8lkvLGVyaaTjbZyWs38w99gbYtbPfHdtc+KWeLLgGa+JAsU9qmx2y2Vgn73w==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:10:95:E7:8A:96:74:F9:3C:F4:9B:06:A9:49:F3:C1:9A:3F:CE:70:1F
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        06:af:3f:80:68:02:24:ee:c0:3f:33:5b:62:49:01:cf:ee:87:
-        f7:92:49:33:a2:b1:b0:6c:e7:23:7f:4a:8d:2a:1b:e9:31:fc:
-        04:49:76:f2:f6:92:d2:b3:32:70:50:71:9f:12:ab:03:6c:2d:
-        a7:0f:81:ef:fb:01:3e:3f:09:b8:df:e8:4e:28:c9:5d:fa:a3:
-        ef:64:db:b9:cb:8f:66:a2:b5:ba:17:f3:05:62:5c:8c:5b:75:
-        f6:7e:54:aa:30:59:0d:50:c1:23:90:c9:91:06:49:1e:bf:23:
-        de:88:c6:7a:39:0e:6e:11:cc:44:44:40:2e:08:82:65:e8:74:
-        9d:60
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJzdWJDQTQxWBcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUEJXnipZ0+Tz0mwapSfPBmj/OcB8wCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEABq8/gGgCJO7APzNbYkkBz+6H95JJM6KxsGznI39K
-jSob6TH8BEl28vaS0rMycFBxnxKrA2wtpw+B7/sBPj8JuN/oTijJXfqj72TbucuP
-ZqK1uhfzBWJcjFt19n5UqjBZDVDBI5DJkQZJHr8j3ojGejkObhHMRERALgiCZeh0
-nWA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14EE.pem
new file mode 100644
index 0000000000..7271932e27
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 04 A0 3D CB C0 33 CA B4 2C C2 0F CC CD 23 1F 52 D0 88 A6 34 
+    friendlyName: Valid pathLenConstraint Test14 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid pathLenConstraint EE Certificate Test14
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA41X
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNBNDFYMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowZjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExNjA0BgNVBAMTLVZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVF
+IENlcnRpZmljYXRlIFRlc3QxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALwvb5kYb8ZGePgV8mVn9WJWyg0Wbw6tmwPBtLDhu1M+yVu5u+mZ30leAT07
+idW26yPnA75uFMjgKbbzoccKeI9e68lm5fwUFbflcVywdvcXIRszUoqwZvZJnnqp
+FO+wjw1YDVmfbqHJ68eKUUwebgNNnMz7LS1Qf6I811JYPJLGq8dLRruoN46Uxfnr
+dtWwu09ovP1N6lkvtPRE8DZFweTE4CYr6OAzcX9EnjDxCy/E0BVhXSbUCYq1zQht
+nfHihV/+K3JLyCiOU6UmYxI9sP/A8H0L1ymMKBnV5a7dj1wKWPsonUYwEMLZqUXw
+/p2VSrJyseyovwtD5sDXlor2xT8CAwEAAaN8MHowHwYDVR0jBBgwFoAUoe2i8zVU
+pZ+8Y+ZHalMkbEoMciwwHQYDVR0OBBYEFBIalgWSiLc2La4mJ6CGCUvwDtB8MBcG
+A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIB9jANBgkqhkiG9w0BAQsFAAOCAQEAVhkHa+bENPN+3xIaFGBp9icw3gtg
+wx34h2kqls0SzTxl48bBGFoDR9YGzUH0Z/ZEfrnMPKF7Q/RMU0AnUftz3aAifsms
+P6mI7pYpDnSby4nk7nlaEohfL8qozpbr8ZGX3pPmR+7/6YmdP/hcLZusaWznnxuk
+pGpMGnVdZNaoNgzlkGzUP2+02IaDYVJ+Fb1GxuyofrZZU37b8FXgm0aaEPMJzGHD
+QCpc62yTxVU/NoWHPtx0zJnDzaeooVTlJxM+bIyjksW2fdaFfpoxGkJVkSNBxiXY
+Kntn/0GBOWHqKM349yIt+KU2fkJuG19jmKdP1tgDAPTtTlpTDaqNoXqfQg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 04 A0 3D CB C0 33 CA B4 2C C2 0F CC CD 23 1F 52 D0 88 A6 34 
+    friendlyName: Valid pathLenConstraint Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,606028537BDECB08
+
+PiwJB9Kp7heayAFM3DNRNa7HEyB2ZzhqLkb220AWZzf74xcebBuIeDpFvd7DM/Ch
+gq7P8pnfmlfxslJj1bG9kPz2ruZ/p0ltCYIShztmVBZ4v6v6ADZy0nmaT1vdjOar
+ElxeJ3YPn+I2oFDTWNmrDHJcwR053a86XwxFYHQWXWDEfGaianVMvm6n7YOs+BmG
+oSr2qS28ddeWnmtsifbCI1jZNjcUDr4w+6cMq/SFsOXh/m063dB23JoekdSVwDt6
+k0MdmU/5ir414ek2ZWRmP2ILe/vbCReyukabxyMweUbrROQJEHF5QDQunhJ3mbQT
+XSo0IDt8nRQJP8Fq8za2xUIXo+VZZlykSvsJOeuNLgtyY/5MYBsSgIsO0IG3TxMo
+E+8bRHGy0XJhvvIJaezSiN/F+xp3ugm9133vvM51WfY6+yHw5g91JzaiIbYHx/hP
+u1TE7MlfsbXYvB2duN3Jqx0Jja306XQv2ZX8TRWvcazreYcqfQsUuTaVQt6I9enb
+6R6weCdSdpSnNdwpemZN0y7+xT48zgpm928gsoU5ioNoxdAwzV6xiecTWtZM4dAe
+u3520Mk7hdzhTx601y2GRfMH4jAU04ENhk0u1/485u7D3oT9T/QGpncSIeKJKqG0
+iQziHiaSifEHcbopsrcBUhh5bGjtvXtdjZbPYpFqNLc49sAGsWEGDK7CikYgr6dQ
+EhFkZjIFcEpqdKLC+hBzVl3xczlQ1E/Dnjst8EIvBkX0d9Du66PYp1F85LYwP3XI
+QBqJqn0TpcWVQIHeJtbbSY5yuWgYLbVHW2DL+OyA2Rxx8jlnbtDZc1RDi0BN8LGO
+E8xTI9wwFkPp3Z6fr/gFCatAdjVEj2YNM1WyLfDQO8sKHbdGpZnwqPRYNn8uvlJ0
+lNOJW3n4FkFfMP+GJBRtF4Foy0htW/88oxG5MVl10a/6JgZa/cAwQl72wpWhJY/o
+VRCoPyPiAEK/psTmcSwxpRLUE0XRNlWsSOm2KoGvnVvUiHYJZSezN9Cs/wuyPxhr
+XJeBsqwntDIpV0dhplLoAsGDpr/F4qfYp3ba4vXxFbL+WIiMWSMVeuv6pbHs0Y30
+M8288+VnuWLLRmjuEe4jVuw+RUu76CtePvXXYUd1YGLRqx0ckMIptpu9wUvLtZbr
+7THSoKuA8ImLcbA7z6zjztuPbpaj9p89NAVU0H8CV0u1coZ0pncadTNQD5tgKmeV
+TgeDKuGyyP+tz4ML73chkdCwabJMVlFxf3n6XI3ZlKtd1apJGMllcJo6SprdSgnv
+5NnPsCoaRa8No1IZVxVGfdHxOSXydogCrRVx/D3PYWrodEXdnnU+AC2Rqk80veVS
+zEkuXPISsFP445tU0SSDnligmMwEmIGeokyYZuxSsbfdbE3e2tOv5WPtRtg2DqSl
+PVn3UwBbC9otf3jO2zQCZCrp49n8c0ZJzxFmLZ1ytZa3GEKS1RlB8mdLpy4adlB5
+uHzYy9cwfwSV6R/fS0I4M9BwhimezGLEvWSIQXrXP77pvjeHC1b2RlCKm/dj+1pL
+Dx+T8CcmVM8ox4iSBCpbzTCNw6mrUysDdIJPIWLhnvtBox9Gh1PDeg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7.pem
deleted file mode 100644
index d2ac20b505..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid pathLenConstraint EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDow4Z8Uorsifrji6RyscEE5DKo3WRY
-S01OJEDMgd8P75udI5umL9+vwJBIoObEUAx5I5UMDxkto9pDvHrRH72cNywar2n2
-4oat6X0JzKOaEzlx0N5E8Tp7LRkF7dcVCIZUGN0qVAJvfMtVQpcbRbLhK96jqOV1
-5uh5OetDHHufAgMBAAGjazBpMB8GA1UdIwQYMBaAFCEMtQF2dtOzKqwm/KqmT/LW
-oW9LMB0GA1UdDgQWBBRscpI4Rhz3vkPw7mtg+y+hic1p2DAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBACeo
-UDJXue1qGUe8Qxos7w6eQsbzHSXsmNI+t2Hyq+CARypTIgbueoWHfe1HyPsbOrEr
-3U2waZZ8AQzwklkyFUiL4D5Jo/+0coA9hPwmyhF6J/Wa5nOmLex1ZGg3c7J+MVAL
-1qx70Ft4WEm/EWBWCqse0wlEZXsvg5WocxF/xXKC
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7EE.pem
new file mode 100644
index 0000000000..1a2c275658
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 35 20 C7 01 33 EA 16 11 B0 87 DE 1A 48 93 90 F1 6C 92 0D E6 
+    friendlyName: Valid pathLenConstraint Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid pathLenConstraint EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVFIENlcnRpZmljYXRl
+IFRlc3Q3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Fz+73nLTNQk
+5wB39QOcOINSEMhrucw1kGkaAWyS8zQp4+EuqHs7Atb0XqZdnKldzOa4UYYbHIdv
+72IZdyL2VVo3SKrPHZNm8CTcOvYUfLDJkieF8Jq3zlubKGfAxoVg6Nxs6XUs1TXC
+zWZddqgaNi4s+NApxUFCEenTlv+LcoA4sEj4G3E1ElrqiP/iTGsMCfslVhWwXhGl
+PN7BHLICNYVW9HyKdNnDKb2kbTg3sGs0lD7BvjVBq+sXXBsjRBgNq7YlpLaVu5JE
+vnuTSUFRIUZsY/gKQr+xdS3oQegHLuej606PNbpXdngBHTQV7MYuOqf5uUGLa9/m
+VdDJsXw4nwIDAQABo2swaTAfBgNVHSMEGDAWgBSbK7JKPJDFblABySK9Y84J8Yw9
++jAdBgNVHQ4EFgQUeVtfJzYHp65HDuqh3SrnkjIrRTUwDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAbrtr
+dAQUuu4yakUr42oGarOU8nJ2rEwFUelHSVXUmMN+rswPb4OrmBojrunFZs++xAkn
+L5VVoGDgyuefaquBFvXYB911Dz+1O+7McLXgRCj22fJHgEDMnUFKah3I5bFuZHnP
+RX+n12Up/9oxAHsafaTIQNhylkNbTO1N9dvnB9lqFGqNoyww45G5aFOVE55IeBhi
+KZJ8U13zQ6lcxpbUcW/SSGrfDrQfJeJmWHf1nBSeQZgSKWMBlfbWTeuyscqSBBSN
+3eZSFmyW/Ks0zj3qHGRtYi0/nFc1XpUWuzReS8DXKc6+YaAshT2jhzZctY5Ctmrv
+sCRlwOfchMmn1w7FyQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 35 20 C7 01 33 EA 16 11 B0 87 DE 1A 48 93 90 F1 6C 92 0D E6 
+    friendlyName: Valid pathLenConstraint Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,774AD27661212217
+
+H5pQ9/Z+mDBytoFA+PeB+lBy0p5bGjQhRvzT8LOME8QpFrMm01XF8u6wHy+KNQpv
+HB9F9ggWTnNayrIj2y4ei0/hRf/Q2lqbLn7D6D9JJZToQE/j2E7F1c7MZHgR9kJv
+1Aefeohu09PYYacXVAb22ksmV4TJy24+5pHtFWSZlv+W0g2MG85dCiuYqquq3dFJ
+pOiXESa/C9JjkYN/UCmeWrNdCsXBPWFrvi1XWSyluAE+TAVxvRBMEqUbEt31aWQt
+UWyyE6Onk8tciIm+Uzrb7zg75NTo/S7SfBlHm0gE6/TroPo+igiex4S7vXe1ig0n
+0w6vO0tXZCGIfd5yglkSNeYZD9VUhpLvZuIrIunlvOi1bJECnmqa/JPlVJbFht7i
+0nIAZEMDyngToFiOo3gdMgvZC4/B4J+IIsZ7k6OlrXhl27p6pdQ4oXkK0ivvx6E+
+kW7iATMALxcygaZJkAOjv4c3vvrz5YGyAXnDIwbeY+KyxOHVZGHvIlgRt+hoahxn
+MlzdCLAXB6Nw2Z91pF6jaw0D4EbU8NSRrORvhyItKzLdZ60CkHSyNw/MFhvTvdEZ
+cGCky3pdEdZhkZHxPFIUQkR2GsiuIy3kFJHxQAO/Z/npXUYZ6u1eD3Fat3hiqFS4
+AlrNmI0/8BKkaW1s+EFt+cucQMntL0xsTsZLaGl+TUFKbSGbJJmFkt6kRbQWKv77
+97jBlChSscWwr2UNIt5guLrT337/4/afq4Fh2LvL7pvn16Q5mRz21ajawd1wzvb+
+Zu7PtH08ZgRw/RtKGVK4hIOPXyRRegWPWIJoPfwGDUY4ApuThe7JY6yNhvn/JNVe
+w+wh49nfKgJ284DmbpLqXMn53z2dhg+tLiEwkufCcItqsy0Z10r+y3IuOnHnQawq
+yaW6rF6ZALVsZVshjzRx4b3mWs3gWcbNtn/IkR6ne0vDnXbfklpmsdNvoLy7hlgs
+f+hDQ+5gAk7FwWlH86UFAQF0KPYLRnNsaTNDCkAu7fod5PpifKS3q496kgb/L07V
+8/ZWhrKOz0DCSxo4pcuOLho4Ji8DFjOvrAB/k66caNPA9C/axnPgMU9GpIlve7G1
+68+nbbmlJn08D1qq5nzIOEnfwvB4hB6hAEochf24Hpw5Fcs1b89HnX8zf21++V0M
+yNRE7sE6VTHTaOnmDUmzuN8NtmMM79fHd5lkLkW6MAo78fj/lagnu233DZydDYGS
+KoGZXxsfZNHcDeLYiYJdQ+aV1H+vFq3nMQ2t6oAbmRYljNQd8PpNbcR2AQpeYbzp
+37D74ffjVbHlWQSI3JvxNUR2PXisT9aNG7rPooUUZMENhBf8VVDQniblEE2nW7ZU
+OYF5vAsFXhWNA9YSmcOK86V+pFwj+bcqaBnlCzNZBS4tVbN1KhCQj5y6jthkSMMP
+Aje1i/Ww61wvebKmB/XqxcvR7OfLUohYxMgIuE1goXiOltGbpJWv6YorrqWDN+mG
+PgfdGj+Kj43o2ktFNY4BTtW7KbiupromJ+7b3F/rTgo63TXMCOSoQLZv/Q53AWlF
+RSDNvA0nMB9kMv80yb8vhQevQJCdtWfLv8kFPM88AX7sQ0zspHqHD6u8y8vmCO6W
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8.pem
deleted file mode 100644
index 4dc31c0a1d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid pathLenConstraint EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDgwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ+d2dQ2by4x3S9c+qiAbIuZy8fID08F
-m7aovaa12yHhqJ3IzwCS1+98Gu23ZZS65gN/dW1buemmT4JpkyJ5eUPiw5HuxN2n
-2pvbRTUJWmEKu1CL4ZdhDaWZJrzu1Nh33imr4KOz+JmYCK+GoYPtgBbWVfCA92B7
-DSHq36MTczl/AgMBAAGjfDB6MB8GA1UdIwQYMBaAFCEMtQF2dtOzKqwm/KqmT/LW
-oW9LMB0GA1UdDgQWBBQOVClwok24sW5DcWf/ad9B25zw3TAOBgNVHQ8BAf8EBAMC
-AfYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADgYEAIy48NtD42z00ZliJ+YZXUEU/rjppUQ19EdKy5ECwUPNl
-/2VPgN43d5eaOB3e4YxFHG8E0PHYy8dNTZo8dlIRRUZzSswCzuJuDYpVi16vVkeO
-N6+gI9xXcd4AMBcbjpyCDuJsSlV5xyIVfgocdocT6kasvJThBiOYDfH7QOWuSfw=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8EE.pem
new file mode 100644
index 0000000000..def574ea90
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 9D B5 8D C4 AB C7 8A 47 ED 0B 8E 26 75 6B 5B 87 3E 5A C1 38 
+    friendlyName: Valid pathLenConstraint Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid pathLenConstraint EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVFIENlcnRpZmljYXRl
+IFRlc3Q4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveE/VqvYMxSY
+iJYipDWVtsy+LSoYmzW01w7agtChJFU8nyyGfXETdXJXUhqOSQ3KHMNvheRWUChQ
+LUApGvj+ZDYL+ABokDzyYxMpFmPs4GtaTWrVpSKNo+3e/hgYdm6/YpV4cr3whrrS
+XAXSKoohKwcnJaXZEWFp8bCsyfo6Llp68moO4pXxey396KyGyiTHdU2AnHjx8Uvw
+EsHFM2JRG4cQPGiDyEkteKtmliJcMI/q+o79TwXCEYzXNppTAiQ6imIDSySH3iZf
+RtRMLrTtF3SbEl5tfTAji9nQd3H2kHbxbnT+4r85UGhRdkeJgvfbTcbNhbpGjnA9
+WUbG+CWdPwIDAQABo3wwejAfBgNVHSMEGDAWgBSbK7JKPJDFblABySK9Y84J8Yw9
++jAdBgNVHQ4EFgQU+6vUASuM8lSGUTbsCFGmxWglc0wwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgH2MA0GCSqG
+SIb3DQEBCwUAA4IBAQDDBgsAr0bbdHP9DpawET8C9+cNstGtLgnhqosVaNxheg4m
+8xLOfbXJG9Y6l7Kuphw8TTCOgV4bto8eQM8tyZSr6lLZ7C3ER6Jwjw8GlrNNliFP
+yPyyIGPTT/NG888eO9ALyGkCFNych1QKrIgCaTTkjCnDZ4AfUmOLBB5DPA/Ryhu7
+VLxbwE/zIKLrRb+qRozC6mgZM/om459sQcvgQUQpjCrjZYD33ZLoGVhcs8Rb0TU9
+/BA/pbqF9/0qsW5iwCq7tEm6Kz7vtVkJnLqOt7zlh14HY9QP4ddfQFbZxg0okyns
+VADqsOn9RFxkZZdFSXKvYVRnndOtJplE/WBSg46l
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9D B5 8D C4 AB C7 8A 47 ED 0B 8E 26 75 6B 5B 87 3E 5A C1 38 
+    friendlyName: Valid pathLenConstraint Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DED4F5AFDB5C4F37
+
+hyQrmK1RuvLrLmXo6ZpzrGzbkHKLFmXnpt6NBBdQ/Sc38erd7XPw81AeUdnHMkPB
+ZcvtdKDLEaI1ppBTcbE9lA41PaT2eKS8wZ3V0KA1KkeJ209nxM/YGNoqSxxSuAMU
+rucC6iFp63VvMlGIGNBV+U+oBPpwB/0uz4yJ5pRhbG4JC70k4crOcGscUoVjBU6X
+v+iowvyV8LqkqOdVBpBgII/Z1QKXyukA0z4sq8sJOKbPlMzOKfLSs1IMGd1FHaxH
+FM+V0zV3IU+KBpspDgJH7wNAdIy4OLu8eGaAGlWYwvzZskzWvmY1EP6p3yZawv4b
+k56ctK2daF1p3NuVAyltAOGccDTjJv6L84O/szpgU0AlddwirDP0FsIKScSeZ2jo
+0sqcCgd245YchiAaDxb99W5XTB3ekld4Nz8q3iA6Wab0piyuyVg5+sn3E4JdVj0J
+/i/8WRIuXeuxx5m8oc4mFT5bnOkzVqCG0hL444R3gmrJbgkpk5O9YTtbPztdugPG
+wDBKaysIRa7gHLdhqO7Gg5u4w22Mn/DGDfPgmJUVIT/ibCWBK87IMv3MkORKVOjs
+0p33cv5pjQGw1ZIYjSZv2FegUqtApfglZXzjrSZ4hpPpaadb4xS0I67C3zhki2m3
+R8xQWgYlTGnLtQWOE7ZDZ5XwBd+VATpYDewNqaRTc3CMRb3NsE8biBaG/CXv3mBy
+HYmXOeR3zUeIxIK59VcPwKk9igZpda2Vev9+NX6w6EDTXWnqRsrEUWUtDb3U2oCW
+W4j5aqJMeB/fhNZmVHArtT14lRN18GwzyZT0gtNzGqPACiwMBwb0NGwONCvJkmdI
+SZXevRKYJT5ZEB0k1sq+Z/mr2wsZF0tUyqgSd6qJP9jhWqPsJdPQAUkgwPnn5QlN
+4dGc5WL/qsuUKpzogBrzb0eij5i9Sgv2APMah4+t7lDKEDphY2KTmBeHAvpvWtoa
+HkUoeWjoGKZ39ajPkiKZnYoV92KjZt0c6uNU+mvecBaM+vWqdzbr4vRoTJNEvrOH
+Y3HJejQ/0JWVMa7t39iuI97oLp2V+y7mvMIYYs+brarpHwSwxBjdzO1R5Hv7R6PJ
+VOR+g7hn+RaiLXcfmRqJ8A4M5sq5NAEHCf3Ceoir9SWIlMH61oh/vJynVqsLc4zV
+l1oZNrDdVp8+12yJluOCXXCDru59ItB1cPVLxPr2EB0oQbdzdmxiM0+B3TpnJIDk
+bLh1TETbKqAt7oVbbZK/Fn+FaATYsGyIbflCGFZ73Oi978eU2XsjrQ+GeH+nBTT1
+hOh475CVmQtdBGnHIggEgRGTUQnRuXLRJk5G3F1a7OgCdUT5+e8gsWbICDHKlDP7
+RAJvo5YA4nBP3ajxZeb/XZWgGyMC6WnspuzWqro9HZJ7YeIGsiitpa3xYNdMO8L2
++oMqcV02jsIthO8yviN8gdBhMRAXBlNEdx9kp5uN2hV5NlWHJG8WdT65lQMWl31q
+c969D7oFXo2I90zJix9UfpAxSZDeGzRy4FkNf+W7MSqY/MnOTUmvFyZCXhlk0QTX
+Kc9AEHwGAfwqgh8vz0rAfNm+Hy5lfkWHCqHs66G6EoeUYYSzt13B/A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3.pem
deleted file mode 100644
index 3f2ffa9bf5..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid pre2000 UTC notBefore Date EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIIChTCCAe6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-NTAwMTAxMTIwMTAwWhcNMTEwNDE5MTQ1NzIwWjBpMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPjA8BgNVBAMTNVZhbGlkIHByZTIwMDAg
-VVRDIG5vdEJlZm9yZSBEYXRlIEVFIENlcnRpZmljYXRlIFRlc3QzMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQC1uwQ7EgYKGk7IBOZd3vdARgrWUKCEqjpfYUEG
-ZGlsC48omvxCrzR+eJj1q8TeHAsH3dAcpkbNNWCWRHblq9LbqkhpBaMquzvg541B
-TNerg9dj4vjwV0/QYdbvyLVcKBv9iLE0MCJeSLcaseO2vYmNXObSXMTf74BXNR4D
-k7uI9wIDAQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAd
-BgNVHQ4EFgQU9EsyhAynLAz6iwskm+iASoGKdMowDgYDVR0PAQH/BAQDAgTwMBcG
-A1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCTLQM+0YBT
-3vure42KCvGYSQpheOtLtv1bLa9TT4kbo18aNRVQwTOnZLtKqKa6etoxJ70rhfO5
-x2uCELzyIkUrAbjyqMYg/0nckc4HTEys4xmbHjiyWPie/lS757sA1trwNRntBn9J
-pdkDmwEqALaRBRH6YH3ybrNMZh5h2CVqFw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3EE.pem
new file mode 100644
index 0000000000..6e9f5c98f7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B7 DD F1 4D EF 58 4D BE 7E 18 5D 84 77 1A 83 8D 78 3C E6 26 
+    friendlyName: Valid pre2000 UTC notBefore Date Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid pre2000 UTC notBefore Date EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAnygAwIBAgIBBDANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw01MDAxMDExMjAxMDBaFw0zMDEyMzEwODMwMDBaMG4xCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMT4wPAYDVQQDEzVWYWxp
+ZCBwcmUyMDAwIFVUQyBub3RCZWZvcmUgRGF0ZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0
+MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALOY1i2dfQm7MR3F7FEB
+eUvqhyz0RVOJ5W9ffzQpg8puuROsdevN68qfhN/GTIHMLmeQeEv56Zsl1hRIKMqB
+hDpOvSNoaAeZUGJpAaMBzEdEE0KyVlh70u2IaKk3JYDzsWhmbN4ESXFGpmDccsfZ
+8kFZo+XTapSeFEc5ETbyVIV7HHPE54zPX9Ce67kJI0e41R5hsXUKFBA7ORycbcFh
+8c8sN3mDYhFFX8m7a2qTN6oHQ6I1fReKKOCfYDs671bbiyFCQWNl+7Ok19qUVOgQ
+L/g2HyA1YNvueh8ivNNRRwfv6RTPwhuOWF5FyOXRCTzDaS309Lb3TN9d3a3kAoEf
+HdMCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWvOskwHQYD
+VR0OBBYEFEBvkKgDjazQ6vxQ2V37VnUlYMSbMA4GA1UdDwEB/wQEAwIE8DAXBgNV
+HSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBABDntMraC1zS
+kjUQmdbhI+l1j8Is7ApNjb03/Hgq8pjDxP2VNPEy9XgXYDOHaAmt7p7jDYMwBxzV
+7TSnFIvR3kYjb5k7YhCMIQXkJJgM2QvZ8m0B5c9YJI6qktAp2sxPfzLuBg7fm4Oe
+BqQ6f2NlmLorDqhXG3QSJmXWRXMxti4rWz4mJfuWuzPdZERE9bJ118ijfksQjGfu
+pjoWizxTCt8kRMP9+RSD8Hzipuxfc2JPn16fNrXMkyBtek82L7tNo1raLueyPcEg
+Z5RpwEX/C4nlsQV3JS2viDxhcdtgcmn/A/ho7Ta4QazDqWjQywXExpEpgrp7ExFn
+hiss7AFKddQ=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B7 DD F1 4D EF 58 4D BE 7E 18 5D 84 77 1A 83 8D 78 3C E6 26 
+    friendlyName: Valid pre2000 UTC notBefore Date Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F9DDFF4CF96218FB
+
+sVadNk/UvBQDZbxN2NFbq9WxOo9kYW2VX4+k84wYn46Nrt7as5qaRylbQT+Bm6SY
+q0iqyirdbIHjwlAn7AxHY5fJ1aofnZntGDWZBgMWiZTIjeQ1syx1UhPu48R9kLrL
+i1fqiwMD7h+qa45uG5Z5orx2+m+fBjwIP7kAQ5z/KMqq/1e64C2yrnYIohoww9xF
+BFBPS1t+0diJ5ZqVD5p9wKMAyPI2X6fxa1J4Ra2sF7v6MVyfRWAobwOxNuyjLj+s
+miewEizU15fQRCaavhBTh1fAmo5LZjkoW+LPyOyCNp2GGLG+NmK4CVNKoiQ9NFSh
+oPKOKeDvbo6U9rLTFdSEK/NkHT0J5g62BkVLyu3JfozAViJS4vGA4hzCOtRdkvB2
+ZQpEkQTWlC8fAA3z7CeHjLi+Tedu7dzyGAU+E3WBrRC38pFkTKHATer9nuXwggxl
+myZXt6U2YoOEeH34Di0+TOaBezIyBaHDe16hg71A8zv8cqohkrHK0RUyUgz5vDqZ
+YBBKJWXNWfIPLEHwwgwjrT86VQgdywgcl4/CyxhpLntj5D04/Igwr3ITGU3mANrm
+wxU9Zo+/DaqjgcSsE2lggewkYL2/44LNpK3IT3GXpOIyljY2mIVEzFKLYFqmtXEJ
+UzKvxFptkuewmICKyguKkPbZZI85ZMpli8i/jekktjR+mHwZeuJ9XYzQ5UZF/zwD
+yMUKdUs4UVDmeLOIywmSZCK7hWnBVv2+uz9xSi8o7M//tht303QXKoIbNjDgarpv
+xp33Vnw1+cDE4mWQs6plfNtZjrSKqWGq5WqnbNgqkaVtEK+FHcxySYE2MhCyBEQL
+Hyewk31/awnzaxGWIsJnGB88S/n/K0MGsqsOJx6bokXRAVGAI0cqGOQR3Ka/ejhm
+DL0lsD2XTbGX4Yb/BU2bXdRail/CHl5+bHNdWLiiZdKWqZSgtsYk9O+sjcsAHky2
+VOuHY7qfra4koiGZraMkSJ842O+ci9Ng1kUhfFhfrnqdTgFWlss/vgNoZ2lcKAUz
+8uJO2+yQbVEENv88HcCihF8DgSv8s04MYmlzHWOQ0WKiniPd9BwjNeNiQfFaEUyv
+oWWEP84f7jh6yldRCT2UocSEpwvL+A0vnWmG0pJOWjQj+CPYym06KBSyjgI9ECez
+lYPl0oZ2yI8g9+gd9aS2yKJl6kR+Ms3sYCufXQmgJU4NV5lENA4Q6IL5Tx5KuHwm
+T2mUkLMC4qI24WqIrjzzcno/Y6jGF2PZg5W5l6bR0ZpyTzpTVntJrL02+5wCQo5V
+4pVnu3Z4ObshGRAkvVMyBBTLYo6tyFs0PwC7MiP/Y0FB4uBRxDKmTWMMhilKiH1l
+IGood9SKQnqDGf5ZmzIKzvpa9cqNXu2JzPpThjikbJFQwccakHEfV19gxwvK1Df4
+jdzRLhMd5/EUpo9Wn0iW5SMIM3PYx9fb+CSfBgM4e8S1xE7Q3tfzw6MkNFIYRTGy
+nvTcqRdsLmpmbEAq2V2foqwmAcKeMZErF9YL24LTJoXeyjkU0GtOdOA5jZQYyffw
+ZkMvxcl0LJaoensvn3IgNDaf8cqYYyBU2ABnFY43iXMtveEaazsycg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest1EE.pem
new file mode 100644
index 0000000000..f7981cae35
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 8F 26 DA BF 2E 12 89 D5 EC 6B BD EE 9F 35 1F 66 78 EA DD 3E 
+    friendlyName: Valid requireExplicitPolicy Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid requireExplicitPolicy EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subsubsubCA
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEsMCoGA1UEAxMjcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MTAgc3Vic3Vic3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcN
+MzAxMjMxMDgzMDAwWjBpMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0
+aWZpY2F0ZXMgMjAxMTE5MDcGA1UEAxMwVmFsaWQgcmVxdWlyZUV4cGxpY2l0UG9s
+aWN5IEVFIENlcnRpZmljYXRlIFRlc3QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAsIqrLD1lrY+10wadJZYPQPQ2cChNLXuM+Aa4S1hCl3t3UlSsh5DF
+8w5S0pJXjCYhsbzJu9jWxg6twBoHfan8aSE8/syGc0jyA3ySWxNszCvYzL00PGkb
++r76G/q7F9M9owZYrfu9tgjJWM2RG/9YvDH5ymvz2fcTgeP2mLr8fdqkZ2FyGLvT
+GQFz2yu6P0+ZJ0PrL/jp6KPXAqMbAQUE8buAPVDliHyPN2gVQW74ox0IRLNnJZY6
+o4YamrGp+RmadFyJoPGeTXrHHBo7VBl78m6bEeadNBBP8J6l3hYpEvREuu6/cbLA
+hqKfCDwdhDzA/QzEhRNAGqiGBlRcvoM4oQIDAQABo1IwUDAfBgNVHSMEGDAWgBSW
+jHH8Fag7ztnE+MPQX2lxfOgASzAdBgNVHQ4EFgQUjAmT8zwTrGYzjB1+ZnT6CY6n
+OF0wDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBCwUAA4IBAQBHABhR2hGz0n3X
+3P5bDWSNmMpf4R9/4Rn38thteSd+mOukGv0Mw/cXccH1squBXYbBDqlHPobbhRWn
+cfxVicf16NvVWj0vxEAfhDXpZ5Tfw+ufUCRs+ECjpZA1Gocc/uxz503iTzFFXSFM
+CE7a7Qq8vDA+MnVJgdalnVegdmu6u4dQXtmNcX7sGi/FqrbGGVmolmuo6K7LCjF4
+Fgk8IgR7G+Ks7Dd5hZg1ISu+whMonRCV4zhoSX+A4tc5UQqVlRbeJN80Xtzznl9G
+XtuZuBvpeM/VSMucSwd2RRr4r803wVsYIGBTv9KoyyPy8oF6vqlxiJOe4Iwbxf9i
+la8pgfuH
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8F 26 DA BF 2E 12 89 D5 EC 6B BD EE 9F 35 1F 66 78 EA DD 3E 
+    friendlyName: Valid requireExplicitPolicy Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8FF5F62B80CAAC69
+
+YF4ufMIHioRNMyadtg4RaIYhMfzpnA8erLIlaL0v8PWq/t0Eow0ZT66Kn9v2TWnZ
+pVmbhn+noiiT+smgpzzhUkzzxnwrPpZgS6bax3/TwZIy1i2HwUJ2a6pE9W5Z6QIC
+kDZanGGfgF2y54apDc7odbeWEeYgXDThaAKozd9dJgIaFgeisNB0kLTViZMgZVkz
+4MXCMocaYShe1TBqfwgBvDEWyeiKRgV39e1JTtgGN5iPH+biExQqw1qG7+vQKY4t
+tfPgAfgtPPog82uwD9W0KGbGhBmX5mBmfsLhZ22bkcMCfAi2kbzy2HIvt8mPx/gN
+KWgZ/JmanFzvb9ajZ/DDsH39odBIAwqF6jOmU71ujfmWgyNTjYA3Xy2eduBKLVxR
+nWIGSA+fJLqmNcKRudq9rcwZ1V7gid1c2P2W2F/NCU1Vnt2d0cOcoTh2Dgb1Il6M
+IlT/f9Wm/xEoAHKQpoC7kIgHDpTY7H879BtKKPoXn79U1ZREH3LkbkLbmo4ALLu1
+++YnvafMIogNE6ODKkPu7T6fMfmLfIRoOuPIPKbDLec+RkJaXIl0XJU6ioWm+vQ/
+QWxmyGdEpSCCp78+iBMWSuAFi4rQFvfJirYgekwFlsiLKHxZfqaOtiV7x8bI5ztt
+E2sTeOh3NtMoIbYFBjalvaElmoG2/9MHTppJc1A8cSpPqX1Bng8Nwv605PX3oNxR
+/R0N6tx7H9/8r/gdHUhuc8iV246pTwKATpGbZFfWc7fNXoLELWUtlGf8faYlA4xP
+XgVSyFCspolQNiBtR1iQ1OlIS6z5zx3fGTd3akkSB2IV8mOLtTh+8cZ+VdC/oeB8
+XDqDAg8biM/1GYfpt0YsKNZcKeYkmpTQfes4bPrPnhUCyvYJjSNc6S6+dA/MgkYB
+y7JHZ4meQA9aje0a/iWi3lh4oGvLZio4BGpiZwCF7ll06Rttmu7jD+zvDMrlA6as
+C2NeHjMPo1/l1bj6X79SM8wIHVaUCFkur/7iiVBNQn1BMDsqNtvIkUSyCI2no20W
+hdnY98NaCg9R3Enex7POxBGPFh/vzmXUYsX47nwCO/+StaG0r/1iKGA7/XwX3ptO
+i7GR1opOcBSPYK72TSzmqE3GDMxlP2ZInewvTvBAow4foSoe82yUvGu5MX7q2qnm
+/PvklKq8OJ44zVg3pXYlzBFPkWkDZG8VeiIJn9nybVKS4+7XWlCb0U3dlDP34OhA
+y0HTdwISE7oiX8XA/ku84lJebc/sSYCtLS3Z9HHOXoGSsb0wvUkFgjhBZS1Z9eZK
+7DyRAGNVS8Sm0rdvzipQAEJ8ox16zPo+jaYaeY8wZAlUWyCec4fGl0Z+EnIqd6uD
+1Df61nlUhHlovyb71hmQ+2scGrmsaQ97yWMB8hyhycRqgcVUqVNbayZaLmsPlqlp
+uero065thgat1yOkPy9jTjH0+5kkhWZqCcWhsmvi6jlzGedtYXi45iE+RQEYFFjy
++WHcxBeHaw7LdIys8gAJ1QhcQ07dHelpn+E7QXhajMSGl9FzrkwiFaQdZoEzX4xm
+19JeNXvTzqarBBZrsixr46aYtyxgqMi9MDuUWjTH4hLNW4jbvZbAxA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest2EE.pem
new file mode 100644
index 0000000000..bd5a6f0a6b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2B FD 3D 65 0C 9A A4 81 DA BE 36 FC 7E E3 86 9A BD E8 ED B6 
+    friendlyName: Valid requireExplicitPolicy Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid requireExplicitPolicy EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subsubsubCA
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMicmVxdWly
+ZUV4cGxpY2l0UG9saWN5NSBzdWJzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGkxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTkwNwYDVQQDEzBWYWxpZCByZXF1aXJlRXhwbGljaXRQb2xp
+Y3kgRUUgQ2VydGlmaWNhdGUgVGVzdDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDOcG4aw+WhAULnqHANEFgfOkbpQKUodW9QaY4fNaZozY/QB3qGOa1+
+W6Mv3KoV3rEmzL7n/biP6RpjhY6MMoqD7S3sz0sbAxqeQeeY7/m0ScKlhtoiTcxy
+ArrGpsOa4clVs8F7/8y+j+H3HiawKQ6nwYzh34INcUytlLd+G6kIT2y9J7B83a0p
+HvxGVXAlVFUeUIZ1Nf75n/L0IEz91jBGHsrvvN89pGzLUPWCxh94EUeQ4uIawO4A
+JMiGozWpVrF5YU3jztG77okNVxnxAPRRs8KLOhUROkmptAAF10oBR4Jw3kQNNF2q
+eXwtCKv4naFajjV9yFoPN/wZTKDA/dhvAgMBAAGjUjBQMB8GA1UdIwQYMBaAFPpi
+ur1+Xl/fH7oHvh95N4Lc/BMoMB0GA1UdDgQWBBTT/G30XBRLcdlm6LXjOmIn6MQu
+ezAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQELBQADggEBACnxWF0ZZslNWBFt
+vPGw7c4Ui3YQRuxEk85yOkTLO9HvymgskvkQezYTGQkYThzE+8T+VoW+XcGKtqzB
+aWHeVu/S6Kq7zc7MbeHqC0vtyc3ViMFXk7Wk3gve6NBxwh92rITdtJFJ3+IAlmJe
+RHgRan6mMujqLEZFns7fs/kIOiHdhB0W+Q/33X1AKieulxOlhilH8yM6dDBn5JaC
+xVckbqTMMbeWzJU00zIz4oSNx3WvYQqyqrPVzCpVjqVFYJfFMs1FxBPNuPDovb+y
+2Y8awekxYALnFyXfToV2owUFmK2BFQ62BiG9fghvsXWYjCSdcSdkaIBNTxbCITTZ
+KFfbXh4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2B FD 3D 65 0C 9A A4 81 DA BE 36 FC 7E E3 86 9A BD E8 ED B6 
+    friendlyName: Valid requireExplicitPolicy Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,54FD30C4F1C4B89B
+
+4K/32g+JPsQ6CsA/MdKiJTgbVFKOuI4nbS5Vtvn4wwWZmAzXmExwJVINJ726d9qU
+kiMkBuIThNg95Ze/Yb5zD6qxjDjWL3PMRpOp+wHIhs1xiJgeSJ9p+vxwHZfU7uFB
+lP8hHvxrD5KmaKVk4TSGPhpIm2FuKj6XazuHjKlJH8RO5VLkYfX665Rou8tIyZKx
++yn6zKNDCIwPnwodkZFXqF330Qj1d5nvBqUmSTu0qhcuyIiMcMrgcWa3UQkBnbdK
+2hoeZDevhfU6vqJSuVE/zVsHBcLDFCOXDsx02fk0D4ivookTptEqwTaIdfxdkpj5
+Ptx0+dmQz4SpS1PABzk9I3+bgpcH4O164v6IGLtoreDDWjDCZy0PGJjHGjpiVjYK
+qH/51GHnqXFCG2b/Ra1RXTVY2MfL/QGcg12+p+ck2tjqZwOJVR1bK3B7pU2U206/
+g3KUcZH51w8HqnDJQln+/zNMr3X5kqKYoBckPgjswW5BjCOKGHj8wCFJjTGssNPE
+++iYx97uY7dQGU3tzP+hD8ERXaUovZalz01xEbXzIGfhbvYwbeqbMdqYfvzipTpe
+862Cvulp1lilH1EHCYFPTgGT712d/WEe3CLcVAlapBODPLOhtSLBu2ogLfebjHsG
+CWl7oQF4huoWU1ux0cba+gndivUIOsvILQbJrK0vXlSWH0hOME2UBWfWtQUusy3Z
+uoq0grWfrxZw6XM9wRjVtiyG+gK9fPdm75lqp1PX6TdV1bJ95OQFu7rUbT/TdU7u
+mcmas3hEsPkxgykJRJizi1cQqGPrV7FoqGbfp7uYcrIODQZvZD+24eerB9IpZkpS
+43VNK2XZxcSzs/V5GEsI36wO2dYxuo+AvqR+hfsPuRwMn06PCpdYk5n3sc0wHuXH
+39zGbNf0CuZZzzqrU5/bD3/bLQVNCqkUpBCMoarLGJASZNPUSxV+Ii/E8NLMXP/p
+LHUMx2SKXABcUNGvTsWqJsx1snwv9s0jPTI3YG9cWaYlJtJGtFT5fF+webRmkkOE
+SUx+8nK+KL8Ee4ni0Ty2wuve0o1nIjMqADXfuMjlLZs1F5L42qONMu7buBFm2EKa
+ryMYGDbuq7NrZ2fiYUnmRtuZYOXHJf66ixwqDBLGiUPvpmPd+rj6cS8rUqQpM/oT
+FPePDPV1t1jHY3YZK+36ExG/o2U8hoL+3FVqJSC9XaFSFHpEj/B1uvV7W9XBHbSI
+CWZ8vp27oGOFaXdd/6B+5aNENLuFNcA3OtWECGXmZuY6wpXKtlPKU3jpB8ByHcH0
+DFHNYoiukWdilRAfxr+1R8M8akguJc2JwYWKJm+YzTSh96GkLANnfhvFBYXf25av
+LH78qgYOSSD54CK+HBNjrD22iNcQKeX/WjZohiJvES8ok5mgslLdHguiSUpHJQwv
+N6LCWvDutfbYfM9ctlaLBvnyz0LqZaKEMFcWUKK1ZcHlF9d8bkaRLUZS2QC3Kcda
+B+pbo14k7RTqVS0e0CaWOQYtw7LuI8/81rg/Du7NubqlMOuhybiVx1hPiz74uUyY
+g0vMrGT0qlmlhfkQhj4tIyzaLmTu1giZ0QPG4QlfkL6EyWf0vbbPr1acyf6HRSyx
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest4EE.pem
new file mode 100644
index 0000000000..e2b855de2f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 06 40 C2 10 8F 7F 28 EA F7 59 3E 00 0E 09 7E CE D3 1D 41 BC 
+    friendlyName: Valid requireExplicitPolicy Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid requireExplicitPolicy EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subsubsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMicmVxdWly
+ZUV4cGxpY2l0UG9saWN5MCBzdWJzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGkxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTkwNwYDVQQDEzBWYWxpZCByZXF1aXJlRXhwbGljaXRQb2xp
+Y3kgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDeDxXcQyw8uZzj9sUOQ/0sZRELT3exJGteTsgMGmazqaA7z6mdqc+Z
+IN/6xj0Ub61biiNXdOfGAGwd+l3mdx94E33ik+1zylEWJqyr2Ovc+JcjR/z6IbcN
+Wv6FPdMPsDTaJgERvuPm2dPYViKpRDiV4BTQ5DsrGhstJGsT/K04UiIB6ahZKN6/
+ToL9OTp+Sj+Y4DAyxl8MdmQWgJpzmo4yeDroGyA4Ui6nTMgVcK2vPDti7o3yjZVe
+rkAqf59Qf6PUtsUXl+eprAQ6gfV87Z8/3K0d/n7QnYg6KcAIUxAnwocuJOp+TqFV
+W2+G9ArW8qdpsLmZqUtj/h+STuUj30mxAgMBAAGjazBpMB8GA1UdIwQYMBaAFLXb
+BNbIIAgvWkHHeKNEidrOLmu6MB0GA1UdDgQWBBTSKJ6JK4Bv9B3Im8QAxcOiq9ML
+DTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqG
+SIb3DQEBCwUAA4IBAQCTBUOuvyS5e9eevtUKsjCPLpfP/Daf+43KMxHIvLUboO4B
+8KWd/245AIioGgK0vr1AoL0cvOyyYvKuSbi/j/M9WOzCCmgrzrA3mWi9IHq3gv8X
+zWag7VWx4fVbQVQrqseyAKouMZDqWp/rl++IbittXlhcHi54qZ2LgO9gydA7pXN1
+9LOpUOi0mP0wFDfDoOpiNOGJHg5SLuwQWFtEzcXrqJsjtoNigtpXeY1S0nt9u5Dt
+FQVk5FOD7S7SKIuy9QVuCDelDxFYU7zOGNq229S2yTa9dJVym24aGsrJU++XVKle
+FM2quSZqdJ90IpQS3FMQu5XIa3iLaiMNkHUZStnL
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 06 40 C2 10 8F 7F 28 EA F7 59 3E 00 0E 09 7E CE D3 1D 41 BC 
+    friendlyName: Valid requireExplicitPolicy Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F3FA35040C7C371D
+
+dQsQbeCFwSq7SCUPBso/WtMmHv6wYyZZb/qav/OXAfwMY0QGT4PYagzG1wtNottx
+U7+5VJr8eXxiOWXOxQ2biq0zmOKYZ2OaTw9NbQn+ug256qLvFFvA3oMHLw8TmrNJ
+L7IvX8R/qrq4C9vAMx28gwrfSykAhpr2Aam2Q3FtwtZi1X7OaaMj41rX1aqWAtJF
+ju22hiYtY9NteCBmw+S4hlXfmX6MbRT6AWS4jV4hQ0x8O7EMOEGoltCqpmnpn+fD
+Bt9Igui0To54xBinjOM0M4Y3L02V967AUP6rxm5sgZQk3rDvYOlmSTVESfFGjCjn
+nYrK2VwH6wasc4vLuNqhjKg1A3m+QyWjdbPX5xG6YGizYQFBhn/0t7uikMSoEJpO
+GSD9r0C7pbRtOLB/GkMKYADpjeUe14Ri/HXiXmcuoinT3pFuml+eT33RtiiWpw61
+YpAbmr9TxHOewyWwdbkIZXE45RH+MxXNXDyKOzWrDd9GobaLJfuoHYo3cllVvYyz
+YetuCr7/DhQ8aLhhQ0HpF6/3ojS57XZUW0Nk/2uJXCg/6cXeq9NbsCnfpGGrwTUd
+TptQjQfkKx6I3046c+zNHgy5oJSC3av0jQ8wLfioPTdgK3ZIy+AOsPTdSDTZNGXt
+Fbg5pgSBDyemqb+JWq8BWRo1MXliYDFmNvS/LTV74MpC7VRtuadM1kLW9y3RDynb
+2TMmCqi3e9+w6D/kIrRrFWz3jUD8iXt/sV2WZdVClZ/qF8BCaLO6NiIGTFRDshaZ
+Ti/7ZIZvcWLRtLIWah/ZNrApuR5hvbiGV64dTUYs5ql7Zp3qq+Ohv5zf57c+dLM8
+X1AVRJdX+H8Hwvpv5aJsvqF5bCsqCF2mz66WDRyOiKyn95YJ6dh+NdnR/0S7cx7U
+ciPzpxRrLAnwheEDy5qItTHg88Cf/GYbtTBYJjbbl+xPIMtGeoyb2iEC5FrSHCEb
+D9wei6HYZaGferXGISiUyDDsSSr+71i5JDfL4td5DxQiDvoE848tY3ab6LTBKWdz
+HBTDGLvYoeTQhBVsGOfy0AFclLxNzlFF6kwyC8HuAhEQ90Yesd5cXJ6PWsFI/SHG
+WEbmKosAf4CBvzhLcoaiMrTpN1owztxlk3KE4QcYtvbWb5MFHuRBYFrc80Elti2y
+xsJIZjzwa9dRBIHP/RbM6V/qkYX2kSb4yUd6aUhEw0D8apK3fJxq1lZ/2K4KMtTD
+mmmRu/MFiAiZGgTpLcTcH0wi/FykdLDY/9rtAh3dpRP0IxRZrwJvXj85UzvoL2b4
+//aoEXaPz+Rq2Ts2/c9pZY0jOtTi1v6uk+nSedzb6qfwjPMVnDq32xh+Q500Ep/N
+hCtnoVTWt4tz+MfIcN9ieOkd0jjAHvWfFhiEEpuQTicjqhbUGdPrUJ8dgY83FVfH
+oLA2s9aA0caxBGZj3DhOzqi2X7SHsHnXL+FNW1JDfeTSWYNaPMgxPLJslH9mu205
+Owe1O57zF9FCJ7DKrMeEAF60IIVEpdQWmCPJDdsGoq70Ivbzuuix6XbFpLyA82uD
+uaFCcy9B9pb4NKvJDCKGcCofScSQmzpa09KC6FR5y5QlpfdyIEcnWllSBWNO0tXo
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/WrongCRLCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/WrongCRLCACert.pem
new file mode 100644
index 0000000000..3c2359e85a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/WrongCRLCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: D8 B9 FB D0 30 49 8A 19 FD C0 74 0F 90 8A 3A 60 3D 35 AD D4 
+    friendlyName: Wrong CRL CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Wrong CRL CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DFdyb25nIENSTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALfS
+dqU+ffbeIUKH8y141HuCwtV0pFXbQWA8l4ulBKNt/V+03/OOkoFXFId5tyu9TvZr
+ouQruhiOrWW18bWOipWJnlr/S4n0JbIdIYduhMCD/i7JIoOgtW/3bN4T+PfvL12C
+B7tvyGTi4Rl7y6LoDMMXse1VaTzS6M9MJZrpmGa/yVR3WVKzLWScqK5gqMDXzcAH
+mEo0cRnGdLmp7hHzkAiWZEZ9X0bV5K/awcjUercRC1xJpnfJXzUgOaQJp740k2rQ
+D9QPGSM4eQIUC0JvqLjINz3OmuQtkyQTqLkU+79WskiRlM7yMNbKdlvpZ5E+iqRY
+BJaqLQH5jVTW7fvWwAMCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+
+dbZlp9ldqGYwHQYDVR0OBBYEFAwlRuCJelEHSq81r82QxHIOt6gGMA4GA1UdDwEB
+/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAN0iMkt88kC3W/eLpsMRtDNYwmtMUZI6TtFND
+oLdXlwhOjRjNOX0q8g6veHRiZTtdXI83P4KQYb3YYrc+L4/BpiGNV8LM3KDG4fpO
+Uqfj8zq8jxZNae+rblwXMgs1cI0DpxEdJXtFv4q74ILvWt+Wp5H2St7nJPobeOn1
+STGZoe4HGIQ62XdHfPCacLYIqejpZJD3QYBPHQlTKJKF2ifMAF0QaoWtjvOENBRQ
+r8sfmDqWlixChZpMDZMRhLHULiAS22Aoqql+yueh/G+HgVOaA/rB8iD8Csxot23M
+QM3koijndOFgzDGMhTJfwEQ96NXL+JptuocPwzKWOzLieMYYww==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D8 B9 FB D0 30 49 8A 19 FD C0 74 0F 90 8A 3A 60 3D 35 AD D4 
+    friendlyName: Wrong CRL CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2EDBF1518A102CDD
+
+w2sVwSRe6zlBOSZmEUVzHezqJTV6IJt9cr6psogywNect7wLX8eae53NkOFA0aji
+iECUqiuL+ae9HCCDtegAKW6zq6dGjBbvFJdMhix353Q1vDF/UD2TAOvAaXp5phOF
+Yf12f2Za+aiohtobOAvnG55ddHe4+ClxxKThiCfrZeUlX0QaAsljXIqh92IR44B1
+5OCrFq+qvMoy+/lw3MTODERXWkPJN/PIO7xU4kWc3SBSgxmmT8vw3FnDLOFfISHZ
+O1hZDna9/fI6PeLfglNq9GxtehKiRxM9V6HhqPQztDLdqCrrv5aVCb3MKEev5BZ0
+kVrDtXP1GzhpL40opYeZNq03crBBOUpRSaHRDzVv8MC7L7dI15HmPiRErsAXkxIC
+u/SmB/PX2g5MD3oxTBVm0i9ezMXB4Zlan1bko+22XHmc2RyGd9+Afef7umWvd9Gj
+k2f1i43HU7c66BqN/XJUOgqCd+ngP6OdOE2LLeUc1mkgBmpqk0FWCe5mYmPnlm50
+8E7gE/z8Gjj9hJ3pJwhgcxRhdzgl14u3kjCqjHdYWsiK1kER0mTtYk3BPAOLVJ2M
+2uYqWnJqmblA6aels7mFAI3kxw93rEFlg3nNYtbIVyfY1Z7FGensqdanF04zxQlf
+rPkmWGUJKWlZex1m67N848ywLbbL+soxbnN7UpEszA5jpdBxswjGqwwBXxcHDjYE
+g38s0MlDaIpOGyqc6XxkcKgcoTedSh+pudR4FCdWEEhnAbZhp39ctzrMe99sohq9
+qs+l6P57qm5M3sTCOpPv6erbNQzi/TkGgNM7h5ti7Vq+k3VUBBS6kY1SM6szuoJB
+ZAgzuDanR7U7L5QmallaHCQurGLOhP1R8Hf0gb00xZSUwBrpa3palPCcMysKQe9B
+nCgnfWUE7V9AKwik7IpxUzCXN4Tcsl1f/M0uRU6/b4HL6aHicbhAueZdpmOcw+9u
+fbFhE2QWlPTqwgv9W+G9nLOhAxuIe6Xu3MEe163lwYe6M35F5h9ddyDWAi+CM0kB
+yVf+CE4KVI2HY1nIpxISsKAGebSSqoOhbFr30q+RMH3lCo8Uu660fZWbswgagzh0
+NgX8fyndBgGv7sF+8fi3LXt3/71zbGX96pzdCofGsXOGG5waDeW6ZTtybjPdMciP
+qEJ72iTsVF9ToQs9ycPAg9QDv/bTpeBlRlM1dcmaJE+RtM/7ajOCeGotJ3o/Kk05
+fNAFQ/dUwUDFCncFqQC3HC6zL+iGTG/ytdJ+c1kQSR716jjsaUQ9472k7EJLL8RD
+Y4C7le3vTsqvzpNHlMVuIjSt2tZNvIMBYGV8XipwNO/OGWiDXVCq8MUy8ZiXvAMu
+nlY2lKAEz/D0OVDjdQFyUQoNmffyHMQCaGjZM0yxnKzuIXJHfJGNbW98xjW4+w4S
+3YawDimZXFGpICsqSpk2pL3G0ipEg9bzatYHCy4ynlNE51A2TMmwOAkSsgDinQf2
+Dmsf4vRCAkhpzUC5vBtvA/FvJ1B+lNS0boW5Lq0E+9xBk1x9xQqXkhBwWKWzR8Ke
+b77ZC2KfAiDb8uyp2kkjtGLg9sRlBFPUCn59ZoI04tCEOTAwdq6H8pDIOhQbcZ/L
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/anyPolicyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/anyPolicyCACert.pem
new file mode 100644
index 0000000000..9795ea31e3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/anyPolicyCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: E2 88 AA BB AF BC F2 89 B6 55 3A 08 28 EC 18 CA C4 6F 22 46 
+    friendlyName: anyPolicy CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=anyPolicy CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDizCCAnOgAwIBAgIBJjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DGFueVBvbGljeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL7o
+J91PNM3AvPFePimzLAnnv+BRwQSrqafBm/nheXXLVtOtfNSoTqBWoo5uF4rGyYHF
+MRHPORNZjZRBoxHho/SWM2J7r7hOOL+JJjMYwZhCPkxXjATXNIXIolacHxARaT9a
+XjfnPAtmAotI+91ZMaHiRup87ygHHtuD3Atpe0NNbnqbQzmpA2+bwqv8Ojou+40i
+1NHVTgVDk2mH3HQbPzh2C3p2CIrhPv8IDpxZcdkEkAaMUK+czXt3OEMnqzerKSOZ
+8UVxdjYtJoOeDg2Pq0qNqbwW3lXL6+PNH/zU63fr3Nqz5befHyTS421OlEIK8FtU
+lEQ3V2/JBQENdlugwXsCAwEAAaOBhTCBgjAfBgNVHSMEGDAWgBTkfV/RXJWGCCwF
+rr51tmWn2V2oZjAdBgNVHQ4EFgQUu8neyByV50LikKKOrgNcqyRgfoUwDgYDVR0P
+AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADARBgNVHSAE
+CjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAD11IPBOgXaljMw5AvmAXBLG
+LPx4zhX/UmT57NlW3Y/jbDb6MxglZr/YsXyUo8Nu3PkdqbO9mwfzfcmLrnuHrdSj
+ud2jlR1VEZz+7uzPDPzP89u+wjA0UYlKahHvgFTRedUZ5FhN6Y7iyP5b6Iq4Gb6A
+bhJLq59d0RXRsVOhgAWBo0xTO5s4e7vhzKHCQLHkTbD1g/HLW0ae7aFfCT30PpFP
+UhBHfwkD5tdW/8qcejbs0fpegaiVtOzwE6/Rwkuh4wDoszXQJo7yOsFyGtn7+ord
+M3PS80suV01q67BmW2M6F6oAU3agb4guzMCw/3d7F+Ow9d7Qq5CjabaW38Gb/OA=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E2 88 AA BB AF BC F2 89 B6 55 3A 08 28 EC 18 CA C4 6F 22 46 
+    friendlyName: anyPolicy CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B1AD402C798B02CA
+
+q6/m5cQWmyel+SPbSfJcjN9tmEv9wASz4zF3aJ8nxVlNKWkeJK7AjsG9TgvMLS+j
+ZoeaQBKsTz2m1ieSfW4kyBLIc/moBFr1Et5iVwjX6Nz2kx+TPobRbzsKwj/bOorj
+QSZruWVnbSVO4FOpcl4IbiSfVHqI20zpCoLN8IIngZDUv0AmAK+KBgH8U5fDP7vQ
+oU3THgkh96ab7gt6LGvZ5HM/zZNCYgeEQsz84Ku+r/eWpWoTdqpKlZDIEcXHjO9M
+JyOMq/DylB120OVabGzKnau1S5p0EiuDlvBzWsr5ybpMJc8AbW+p7/Xu/9/dWNv5
+ZLGw7pS98h0b16MxVU/NpgF4BqRyPWo1p3o7jeApjqSBMJePzjrWseLLnZdQxVkA
+Y56NiEZjCFVVFHhmuLny2RDwFh/buFps68UahrlbBP/H0nDIQi9x6P5QYcrxP3Iz
+z6/MKNeX7IT6GiQIvhWd0LZkFG8qdtiH+S02e3+0XNCEKGprdph/dq9QU2l8dWfu
+Gf880UC03QzRVabHDe+AuTSqXRf0lOG8APGvqUqHwaaH53hcjnVD5Hb5soHmh7X6
+JAQ2u4a5IfP9EX90UJ7UJKTypIpVsK2G7HZDQap0vm0FmXQc7dMChb5qLaGpBILu
+8m6Hq0lU0fHSl3Mu/UHD+2RDvpo44B0q9tDorIKN7/FKbF9MwzkRjBLXPvg5HzAN
+A+G3K3ccnpOf5puT/wqPiDQt+oQelKZlNsENfB4lQB1Io5lE8imGSo6Keka0qxzK
+D4fLSVnKKSnpotpNV7A3QEzmB/f+glBFzvIUP7+l9dW01X/Oq9YXcOAGJpbTrJ+b
+OeBWmWeXgf1HyAAb6uHUFoaDCCQMHd3RXWqkfm3Taj0/SqC1Iz60FeVAtBITVjbj
+SzS9KGvOuZ+0PjIDQj3ufa7v1f2MjzNAml4JSihtqy2rlQo6pljD56+iXS3k9Yx/
+lC9VfHlAxOiSVGU6vKWZJMEtD/nWLOVGak+36SBcM0w5OUFfOV6dY2Z3YHwB4pBh
+HjN11pB9BjsP0vGKEkV2x7x9k685n1crRferq6BSjsbNQ46ZqPQNABAnPAYZ6eJ1
+Uo1LuyWU/tjtrdJMV9TudVHRgjljuxiADDPytPka8H3/oAG5IYPEHiaXmHnkM5ZR
+LJRPcvh93KAV/zfwcNX5V4pTYdDR5C6GnDQocsw7crawd/egicbJ7y48HjoKBwJe
+CeuTljhc4GTmuFFzN7Qpk/NryBuAcKBIxdKtkrPzq/bi+ekPGhn8AobLa025W5Me
+sJKSEgW5AGbYHTYOOEde0QhnuFK/nOTdL1LK+lhbxxFVXpdgjON36W0uMH50k0sj
+zHxTPYe3zbVmGDTKl70CabELn2X0bU1VGoO3J42b17GQMAEeeAwtBkdsnh+y8JLH
+bfbbAqq+K2Jq9h3PqSwFzBagcnS7fwyAvVu3qSwK4j6WRjwBUySpYHOxZOWdcJL9
+HQk/QAH+Dkt2Sia1A0nfX9Uu+JNE5m2wUCNEfg/Ikfr31AlyjCimwfIsMCTxXuqs
+9SVMX7yWaYZRJchF2mi0GXar6R85PYXmcMYSotQvCkkwzJDJkiV6RNvXC/yYbCwp
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsCriticalcAFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsCriticalcAFalseCACert.pem
new file mode 100644
index 0000000000..2964eb58f0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsCriticalcAFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 46 67 82 1C F9 18 B7 EE 5F 55 A4 59 54 20 0F EF 45 5B 86 F9 
+    friendlyName: basicConstraints Critical cA False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=basicConstraints Critical cA False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JWJhc2ljQ29uc3RyYWludHMgQ3JpdGljYWwgY0EgRmFsc2UgQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK0TuX7lUycbAgxfZnKcg+Rx2r61nSTPYw
+1lgfYLDJALaWLUioE7qIrkbpO713AYSExS2mbm+lahJiFznGgpZreL+cY6se844t
+2TG9ZU7Z/gap/UCKGu/Zllq30Mx5nuX2yQJbH9oLp8aaxIFJrE1l2bzw5oJNITf3
+h5D0ZE1s4j/cvDQ1AeIn56HSsU+FFJ+WZ9tlpOG5C8WbaRUJBDg68FEStgq63Dtd
+7zje4jykLw9FE6ecksEZ87TeoOVbxsM68jr03/wByZKDkiwM4LGgHHFyfQRgHWbd
+kMpTDhyrk0CNv7F3kQ2LOfbZP3Xt2KTXYoORYMC/kSf+rfKaAORnAgMBAAGjeTB3
+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRw30Qv
+A5kcF3MY8jY8FDTQCdHy7TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAEvnbglu
+cVBQ9vbuv8jUUzxvxBLqBbvwfsY6QmZGVgNKQOIkARLkguDt6PpVuB/w2uRFBRFv
+zcV1ooleAKis9t42aNamzgdDLxSQ060Z98yGeU33La7uqRX6PVzvYncwVKOPl1mu
+Hr9CEPc9EHYJF9mWYGGYXhNkrvlFpow1Jgg6zWtmWtoYfl27XoGBnuLGPqmd9Qn8
+aDWfNe4k8XgVwemq+n+r/tYGXW8P91DXk/YZCFS4x8hbx+0VvCcOXWZ2ApWGkX8j
+KHGzhl3jFqhQOSy66QljjW1qVxPjkL33l2TaGrOQXv/Ykf6r2K2bCxKGvahSAH1A
+tA53saU+pZ94JrU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 46 67 82 1C F9 18 B7 EE 5F 55 A4 59 54 20 0F EF 45 5B 86 F9 
+    friendlyName: basicConstraints Critical cA False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A907CD5776049645
+
+BlcYGd6sAmCbJz23X7IvcehLqjkzE4Z8eMNK6q0ll+nw4vD68iu7id8ErvfxwsF/
+daVJQkPCKQSQqJCq1Z98SqxxNPtxrWKhvnOd8wfHyvMX4d/8wZphEm72mZfyMylz
+uHkHMj7FpBWTgzR4S8bsEOP8asM/9gdWsAYoABXn5QnracH0aR3hbcNfyRFnFcpB
+MMpZdWL8Mk5KUVTiQWWb3ZefuZIsi2uWzJMNw77jqx+ri4MWMVCpY9GI0pFZgWRr
+Nkd3gyS/8QvKrcIszbNOliT8V8/1qbLhV9oeCdj34kuRub9JspCWhNcTe4ny9nxW
+0/0nHEzT2BAjnZbGAyzCTGkSZkJTAxpZi/mwWq+gaj4eD2aa+2UNtiazAltF7SVH
+LcZE8JjePDGMpob51RKqzxtntyP98BAgsnAS/Wsn+WRqnV2afAvFwY1bsP2tCNUB
+WP1FXwR9Ryzp8diG7VBET8kfi7npbXv9FICUYo+NMnXjApI+yXY7YXIQq6YawOhd
+tO/2bytPjHnvdnYZURPQ3dsINZWjrd5xXXI/boTXH76QUp8lgg1jx6nPBO1pjPZ8
+CELjvL3YDFLChS6DiOanOPPVTsKzDHrmlNwBkEQBG/tsCbRhQl0ZmLMd2EPdNbbQ
+EoWIqo7P4E3FlVzdwN42pug+nSD/GhPl5bzBH6F9MLMkqT3ff64RaonFu2Gi3TJv
+XMOY//4EDNrFLHnB//lALAQISmUFHgMbyU1uc48QtZ5rHPcHw9T+z71pP3I2Iy+V
+KrQwYq3BaknVpxL1YX2xUuojXSGot7vGFCbj6WS4ooeQjwDPyiFUJq6SrfFw4YmY
+HCS1pfhu5YMFtNxLmzMyn4h4CQweVkStrKtexTZHbmEKexhLZlD28YatZTZw5YdK
+qxoA+qNAx3mGISIlbl0Y1P7Vh43KkOaka36OCQFZd6tPsOK7/PCD0sk6IqScyYqz
+ZvmfDl4NrBnuYfPFtuZBdmN/fKvSlIOro30/mok8mWjhZbnsJKp6i+xqNdsSZKwX
+Q1gGXAtja33T6ZwLuZTcFkX5mb3XMfMEIiAm8xhMqYSgL+sJxDt8g/BHyryDScOm
+7Sgh62ZjlxXm6ge5YW1imS5Xroqp3pnZOQrmHZC7XJesXM1it/fSAkL3RLmShvUf
+u2jZC6ULAg6eo7PvONaidtSlHx/O8RiBMvJrOXFUcShn2CKsbc7M/u4tnRLZVVHZ
+pblGs0ID7wCUxCL3j4N3ipFaNvo3XMlfifQ8YBlInlEXp8YYlGjQX11rtC3Minf/
+vMU0qfR0ObvjgjhJ8E+jJ/kJhC1sTIVpPIdgIiVsLhoDyAauwxawz3ONlHrB491X
+5wH74clArihNz3Pj2pL6FvqRZzXtym5YbCHRcFtNs/K2HAGAyj26MiQRQ5+yPqhO
+olWZHohZTQhA7fKWh3AmhMdCiwaqmx7xRmRTwfICHKIUka6qu91Y3jQ+cMr4n7IZ
+8yrOCZjlkHww51I89agqBfCB+56v2lWwed6Sbs447Xtu4G3k7MR1PjCYt7FxccRK
+ajpKhQDxoMpig41GQ9dy6yuNTYmPCwlZSVrhpv92jMfbAE4sfh95wDGdgKu4061c
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalCACert.pem
new file mode 100644
index 0000000000..36d5718399
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 48 03 2A 70 2D 08 91 22 69 59 D8 1F DA F3 ED 06 D2 09 FF 7F 
+    friendlyName: basicConstraints Not Critical CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=basicConstraints Not Critical CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIBGTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowWTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExKTAnBgNVBAMT
+IGJhc2ljQ29uc3RyYWludHMgTm90IENyaXRpY2FsIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEArsQn8oF6pcm/kFywrnN3jMacD0/pU5QPugEQTz1z
+SH4R8VN/SBlsC4kBk2ue+IDyhJDXUhhq4d3Rs4hUNVv70U9GbwUw92OEie1/JFyt
+h3E6W2AJd+akHJ269MIFZ00e7MTXdRdtX1QpESnqpBL7YuvTkZhXYLRnvgy+gZtm
+lelEmXgMT2Ww8leKWmGJr0VkhYH+sGZLZKgxmFX4FeMXVcWA0k3uHIXeQT0h8gJU
+VsrdzBC1A8pvbThtIj2ZfQ4CClmDZZW4vplTC9oJJldenl5jI1s2DYzcXrn2eIH7
+edFuiwGqeUpWv/KONSHVvzHytw/CjS+3L9Wn302y/IijGwIDAQABo3kwdzAfBgNV
+HSMEGDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUCqS5MEOsQ8g0
+AhPP71Xov3CfRq8wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBSpmk+5lnnJCmJ
+CQ074FYF+IHNPqc/ZztWuOGGsY0O4ST3vIHfbpJwjCvvY7QC0glG3klEDvhOVRVB
+MYzkTscePuEI9xUSht4MoEsN9AIL0ONZ5Hi4OfKwdjm6AatSmvTyj9EWpmUzmxqP
+Uo5GkfcIty+84ExeTE1azxTi/XbJ5vzpvnhTQQCp2yp9T/+BSCovr73OlmahQWur
+tS332QG5XAPYV54uJpYPYxSfoouf2YoVfw8HJRA3qfQYoomKWQSfNVQtk2pklxIe
+zNVFpjHbIef/AZOGRYVAePoQAx3SqtA5faHlYHcy8fCr0uklwvQkitS4a8ghc6Xq
+o4g/ilaN
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 48 03 2A 70 2D 08 91 22 69 59 D8 1F DA F3 ED 06 D2 09 FF 7F 
+    friendlyName: basicConstraints Not Critical CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2B8F6C672C9D1209
+
+UciDWxzXIHzVsJcr9SCpIsfAYutmhoJaU6oykTzH+9YgNLuvkMo3xzvFTbD/0lG7
+rRsIV9BZchKs9PjkD5AkXaR/8BfW6rNQR166Nvyhd2Yn88xy4ng/b3vWmwmIp580
+VNKfg4uwepjQaot97RYkS7dgGp/6HAoy/LvLPz8+Vv2NZr0Ocj+2kUt6KT5LlSEC
+8HZs6SR/O4lnJfAZf9B5FwFOrDqx31wUtKADMmtn9AeJwM0LpLRhyDOkUzmBP08L
+kJAiKJ0qfKvf/eJFvJKbyeckqGhmqqGSFvHO1xHHw7xUDvTB0lskAdy+MVZd8XA+
+QA3duCYZaTcpRDqm+fcNqGZB604zlbKxscY7MvZ5RVsA7Vw5ATHhLmvOMS4H4wDt
+hq3s9hBQIAM9VOeuoGIk+BP+pKss6X57R/5XvnIaVTLsSbn6VpxbJ6migsOAq9fa
+cSqT/13w6Nlf9rzo6AfskOfBzmSgxOHCrwEkR67xuSWsVepRSCu43Ctm41UsWWLZ
+peY8WGMZdsqv88cnwgGQObPfAjKW94aaVfizhoj78gppfghvC95nw8IaViDAWTE6
+QGptRf0M2zsGtKp536IRT9tUCaGIbewc1diNovY+tNB0YINGeiQcu7Lgyu5MbzHm
+evglA4U9hmHnMyt7fWaxyauw0HHz830Bhh5qocj5CsrRMNPSXma9+g2wxV9Sjz29
+P2y0Msk+ppYkNEzVeNHfz6oXW45KXXGT6IOcgpwMKNncKaMW6ZtECE84AYeFzNcP
+YYhFylF5z1qBhYXHPJcmwjIsf4GSVzU8YuM8hlrKix1YEBqqtTDYifRIM74lmdaD
+7IyJZ/wK8yqYsze8hHt0E0poCJ9WC2vkkZvmu4zZHr80L0ARpqQ8b2UX4UIMwar0
+L/q3625fUXi+OijtpGqjM+iAAZgsg0Dv5744lZwAdn1fdMUsDnkPPtyOaP8C4id+
+JUozCXlQ5QWWAVGpwltyTUI2cSw1z3GBL/ofQVbqXznsTIie3xBAiHZKBB/QpgP2
+PNLuYhV93JVYxBUO3BgZXlwy8jbgGk5NU+EZ6yTWPF+q0o7hF7wQAIb1yfz/zGQl
+6sohXVRhZAJWzbnDQIWfZMVXsPpHDXoIXMdeufmKy6MGAbO634upVxZfpbErUg3R
+zw7kzSQ0nLkW7viUYpCPz6waXtxCMP3DZynlXmVbYrr+be53PFpg9PhgCI88VQ+g
+At9CHTMdocCZELJkEem4/VV0bjYCYv22DeALTSM6SlrSmOFWU5QLXV7Z8zs6nOwd
+f5W0kom93FolMmz6iFn09FEiRnGWGVE3n4m/9IQz2jTbHgAFsust3uKuWMeTmzy8
+iAYVv02CRt8odMFCBi/ld6vzD3mxiLucxC7RfYr+b5fhkYxqJkPW6WnfHtwlUV2w
+SSEfJlhThZG7t/ZSbMNPo/kemV8Y9jByZvbl57kpSji7ft5BbJ5J0jFblnX6aJcd
+UoXJm6t1BitRzhS/bYT0gBWp7V1UISlwflZKwZwF/P0LYAdOdJM5IgYyLFl2G/Nw
+E8ElkZwApmHGyYpDCABQsudLK9hEuItlEqNKdfsE1TB+rgCZF6xoy8ci2GR5+BNm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalcAFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalcAFalseCACert.pem
new file mode 100644
index 0000000000..668159e530
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalcAFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 67 88 25 B9 3A 83 74 48 FC C0 EA AF 2C 59 06 A2 D8 7C B5 4D 
+    friendlyName: basicConstraints Not Critical cA False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=basicConstraints Not Critical cA False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBGDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMjAwBgNVBAMT
+KWJhc2ljQ29uc3RyYWludHMgTm90IENyaXRpY2FsIGNBIEZhbHNlIENBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0EwqHs6AKdSF6fQyFQ9KzZMLoAg
+o3Vjz4MudMtI8xe5SGdgQiGK1w7acKOWzVg/xRG+7Lv8osjGB9+m6MsYgXACOVt+
+2VSmsuHQ5F9UZIoaXfsCFV8J4KJYuqWYJt84PIzUoIEKHHloghRQvI4qv8SPJUSI
+LbaeRckJAzsLhRVOTGIOCPTtj/rosKpdBdHofuzdtVkSJvMu3NcN1oL6haAaDtS+
+MYAizyLnTbNYBS/NW+6hImyNLYvmXYCh4rVq0PTTEJvm9b7SQHyHyFroN3a9vxof
+2+bQq6Lpim0QBKi4rBRDeJn+zc5EZnBkEDtZXEQ808JddIboTOi4JDkKbwIDAQAB
+o3YwdDAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQU
+OdCbt08pN77TsIp26mqeze9GvlgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQB1uT+Y
+KoMDcmuoxjk4KoBNTWPmR8eXegKa3WfyOJxYRTqlDhmDd/N+3Ifk/QzDqXitKUEI
+BWL13NTh6ngG9AIBrRGpk5XmixKTxCP5FxGjsd5dM/So079U0+K9s90xzwOwolJi
+4Fkih0eeRu2ntqwCvLsIEOSJMH7uSOISuRjYqMAnzlP4FFXYeLOGQLtUFln/lseC
+KfD0roxZZ7W8KVWLICwGAFrw5rBnZuyoNIcCJUtH9uJ4ugid0BmYrICWLFwEU3af
+W7GJZmRfegol/5TJy14XSb6vxyp2kAPmgdDZTmLiB36xaixjsS/7AIhejzDJ3gHU
+SIxm4tAlyWAjCBXh
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 67 88 25 B9 3A 83 74 48 FC C0 EA AF 2C 59 06 A2 D8 7C B5 4D 
+    friendlyName: basicConstraints Not Critical cA False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1E7A841BD9890B31
+
+7pXy++DsDBBVp7eFGwKvmWMCzl73VTqnwp2Zt+OlEshNqcbjC/t8TCWS4+zbot8J
+q4bVOdu7VieNl+MWdDK08PbZPi1rNeOY4hB0R7JftfRc7iNZJa/DPGjReFloTsxx
+Dkhdo4VBEpqQdQRq+BkCIe4IXc449f95jBIFp7blvTYixjqpUcuTDCkq90JQl/a1
+SvG73oZVLjkneF3e2km0nCQiLIrvEEwCva804ZvohyyN64C3WwRd6CXtFqKed4MO
+ju1TExPVg3sCnEF48rhHPQbqac6kSmWq100XrDyzJpvXc0idh8uq16N9zB8ESCtu
+H933fK9695cJL436LpaXBN1grXuZNL0if5wXqfUEXcTfQmrAkuD8O3abtyCxyc92
++6k3kMkzY/W5BvE4hWCboBYc5VkKd+FwxTD6hdGZ5iTN7kol1obzccxFRRRkL5tV
+0gDdWjAz84vbQYbJNrePXPSnN/xLKD+vnOl5HA1Eu11Z75XfiouiW2J4WK12HZUG
+UYI1jPKibCcoXaYZZPBI8pVyfwc2T+/CRGxp9v8gqYInh5TTbur4QB9wnhCFrNZp
+lSkUOW6I40UC/20MpNqIIipw7Jf6nKMWvN7zFojVz31bni0OySZ7np2deZfStAuM
+xXfC1plLgEXyquhXfCcnV4Od/xCbLb7e/l0NqWGGWGu3EKZnfBDrBoPmwxJ4toOB
+3ExqVP1M/gxY4TMc+YVIICYdWIhntF+hiGkmAsdGXslfLQuxXxq0E2j6xQCFfBdY
+iMehq9IyO8debl523hcP/3nAx1PMrdMXk+tRAhpbtPJmaN75YyEQlSHAJEZDA8YK
+id5jAx7pmneAzRPs2mU7XSSTysyjx5hV0g/AXIGlIHrZcjpwsvuFlwJJQZ+GEUxG
+OTLZEqFOIA+tg63Jze0rxOnegT7AZx1Nzz8YX7/WrDiGuYdM/sfHbyz8AF0cAsI6
+Uuqzydz4W2U4shwwop5/Rwh01PSiEWI6x0K9L7htFKerVvEoLzUjFldmAqmqlGIH
+GBUl2WYDLxkhMRdT7/9YZu82X1TcFoU6LsP0Iup1tRrUv6vbeqtaZDGoZ5ebHZZ7
+vSDSMInRSzbdv6nd6Yoilkd57pbEVbtqblAY2tBQ/R0Kc/FMddm6gheEh9Sd7qqv
+fbWgp0Z8gRE1R3sD8cl79DIcUBxI2XiHGideO1flAAlPogv9IGeqqH4e1DsjPewj
+s/4/9ofVx//4/TjQP/aWzFTemGzlozPWM28FfrGBtReNUQ7zUSJKzzJJ0HC0GQLN
+zhXJOklxg/wyhmD15H1xy0bqxXM38/LR7PfaJCvlIlJ5lbUaCDJqxa3LM2+2qhOm
+JKq5Bmdk8zlbQi314JuBfOy0PEyLHxpZrEn3orYqtK2MjgoOwE4IDfCWkLL2bF2+
+sYfCFZ+ApD0Ki3uL/9AhTzsPkYLAp+vH9+3FQ9NOe/hCwF99Ak4+Qo2sShSwGJQl
+IdEiKtVmN+3q+gZweTyHQeoWgSVcJY2A8BquR+Q39yYbhilgQxRt/Ivws9oeSUx8
+ga72sXk08SEIdmlkpwpvev+FIixCbk3EdmUSVOQtX3AiK06TNUTYlg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/certs.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/certs.pem
deleted file mode 100644
index de409f5895..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/certs.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICajCCAdOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlZhbGlkIEVFIENlcnRp
-ZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtpKu/a6Co
-7KcKOymboEA+MmgoryXHT1dxExmQ1lO7yah2L8j8RG6ox5Tr37TV8Y21ti3MopcF
-H+iXDSX31fixsYCZkcpjMI4kbjXmjGOeFKu1vnbBmcb5JBISiUeg22tIRFoJ4zTh
-i3GLVecGijyOVReA5LiPymEKG7fAB3241wIDAQABo2swaTAfBgNVHSMEGDAWgBS3
-LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUOsyUZQyFqTzB4K9RMyoUSI+e
-kVswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
-hkiG9w0BAQUFAAOBgQCkaGfCqYi0681n9Dit36lg3U/9gTZoNqPMaAaLUQV3Crzx
-x2MGInhTyKchYydbV8HD89N2jzzYq7J2KM/ZEAfjskCdsj1SiMNkbYZe3rZZOldr
-PCGFgzUGTNakQxkpxU5j7plivQic/OZ7+mMTi0fnjGRi9M+aa744VmH6FgCt1w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA1Cert.pem
new file mode 100644
index 0000000000..7afdeee299
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA1Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: F0 C9 87 CA 32 71 3A 6C 01 BB 33 39 C8 4F 65 31 40 08 8E D9 
+    friendlyName: deltaCRL CA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBWzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DGRlbHRhQ1JMIENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM1D
+K0cQkUNtDBARI1ttcSMWbaqm4Rx+gncCY62Ilp1eHN9tBFyJXN/kxEe8mxh/nl2j
+WEundquIwtjnMKXV4hU7ynC+Vg7taRu6Mu558dvGbBzkJ9LYCEFs3DgOphyY38zh
+PYa/0o7DoRoIAYopaEmCpa/fyqfUDGWps4S6FATb8rlEAK6zQHO2zirGsp5gq9F8
+mJon67WM0iJpIPSuCIkbaTRfY4glRFyokHWXQwXV63XkgNUAxQjLGwAqH1iZIOBy
+fl3t716yIcCnnimcaVrJu69GBxYrkeYTGD8w74rzGKJIHSCEZy7hOtS10G+N1zx+
+RqCKnCh3OHyc5qTyhYkCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+
+dbZlp9ldqGYwHQYDVR0OBBYEFHcYI+V2hMgUlD+C0IHqdLHgpC8zMA4GA1UdDwEB
+/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAjgJJapgvD6p5DPB8zpQ/ol3xmi4YS0g2ephG
+7IX/vh0H1AF7wYJz7zeYBbRUVeObLVzUgBq1iN4Gk+UxTFDFZxzIg6kfPyP+MBDB
+VIcSfQoWWWl7bKEm7R/eIlxRm1ZyvnCDc+7QYMwdH50m8KNSF9UOuJOQHGIgqJpA
+gRm1t7INMr4OP0hxeVkzw77P4hShwi9Wj3O4eDD+0xVPvxweDQdoo4oo3rx1ubWB
+CvJAFv/Iz0qZaV+2RJNFD5Seg/z/G9wtBPXaOsbaushHEejw9rsQCvj7GMuzzKVH
+qWhXC94zdUfGOz7+euMLgnJUmfEYyvQY9NgZ57+7SmTit98wEg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F0 C9 87 CA 32 71 3A 6C 01 BB 33 39 C8 4F 65 31 40 08 8E D9 
+    friendlyName: deltaCRL CA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,722A4E713C2A9002
+
+BguAZJfr1dO6b5dtwQQG7QdiD2cK+57DcU8qycGo/4y0ZB3iy97keTWLx9O92LhM
+lzUeL5AM34sT+m1w2ciaKdR1GiKXA2OTC3M/3kOm75eirSAMEkUptbwuPW/0iJZA
+Oc+EsaKC4FipWi0EB1aTaeTwApM7X8WNgywUYSCMz1kL+QCRedgjSTyqRcf1xUs5
+zvKcaC5q4ofVNDppkLZMAnufFWep41hQ4pHobkh6zbcVXeF8ozy3iGcyJWVgbYOv
+f2LumH8uoPoBwk2Pi8z3PKHGx0ZwKV6+huHCMATuLLlSO2N7CwCatz7c2DUPbU+e
+26IOpykXmqxvBzyo9vlrr2yvuP4zmNod1D+JnRVtHpfBdju+0K3qHZ0ihbnHnS8D
+zdOkO6TjLVHw9OvNbZEx3oTabOiHYFIFMKyAhjUIDQHEVVZ12fhdnBNvKduCnSJz
+7ckwYBPerFkfXjYKMaXKEGPfeuI85yT60FT7LInPqcjWC+LqkfTpyrgh+qciV7X1
+IfumvbfIFAUTlHPxUu7evdGVqbl1nhXCpKA8DTyjA1QO8nl4zkaRKtoijLANXZ1I
+SXj+UL4EwTmT7nzTm5/XmcioZlJpVPC4uz6ZUaACuNXHi6172FdS3WLmlp9ZtaBs
+eYjHqzQHfFWo4l1CF6JI/Z54nr8BsUZ1m9gb7PYRiM8ylrEQiJTGLf4a0ypUyG4R
+SoC72kAzihd6iEuJRKWTymHnz5IBK8PrgnkAk7TLWoKNb/PS5ifs2wtUGvBXa0os
+FzrahyPCGF5afZ0pGhw+01aJeHHaEhfVHI9ix33OUz5vy4oM5xYNDKCLtDXzhZ6Z
+Dc7c/9GiHUgW1u7eQbV5i6igRvEqwItitPah/zbfrsNwd34swv8YyyPovihYY3GL
+w6tk+8CYb4qRkyhXRg37vBUUuPa7GjElwE5cZsqUaVpB47wSjIZVFOC9g+/C4/Ps
+SI6y+A6QatTqgZ4OmQ7JKUtYHFkESnKPl7IzRFrw054oUWVQKvdvQgY8R0yhd/2E
+qbLSyk2Db0wLmcPt59NV8nyHa7twNPMVApQigXAszEhbSxJWGIFjSN1X41654WG4
+/2FO8TYl5+mn32BdbCgYGn3kFyAeCd+aHNfa1uM93coSoupCVRA/ROTxAx8gohzO
+TM3GctWfQh3uxOakDqv8I8GG5BMvJZmAoNTrMr+kUNt3hrCr9YRKGRD922J91vL3
+yBWrgkudn09y27zjxXZBmYDF0rtXmmtJqw2GebKFdw55OLj5cETy3X5HjarVrVmG
+SBF0toq03Mpc5i8AlduIaQp8ZLFmHLpHfX2mgbuyb3EMDC2RgdfzhxdKUzirVFqc
+DaVfZ+KNVQu8gyMdvljeRJN5vnf8jUEPzNZhyJtBV/CqzJxtUa+Cl3t6JRlWToOB
+U5oNF3d0BfWAlJCWzsjqcRk2C8zP9ZXBii+AErDkUtq/ifPpea7PYUKGqszLXtE3
+vEi6QoArjHCaDwpVdXi8IHpJUl363LTqOrfg7u4BrXMi+haoQPEyK5UPqilECzwC
+lShfMH9t9sHbqIN9CW/7RfO4+frEbHEYc6fm293IClTfSE9zS638Jg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA2Cert.pem
new file mode 100644
index 0000000000..8099fd391d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA2Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 76 86 80 FC 15 9B A5 CC CD 2F A4 CB 1A FD 4D C4 3D 88 A4 6F 
+    friendlyName: deltaCRL CA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=deltaCRL CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBXDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DGRlbHRhQ1JMIENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPmG
+eyqKnZwJFXM5DgR2BT3pqqs+DhJwQrNm13bDDmo5YRZtwkP04BF+AovdaABYrzG8
+SPiAnj7XrldFqIt/UJh8j87qqMvLcUU3bHIfB08mVHs+IRA1tXR6hle1gKNTvr6s
+tBeVyre3yGYJzu95wM0dENMlUfol/gB0hswUrbzfCWL4bLf86I/k6dhHcRpAanLf
+Ns/zOgR4ZjlgWfV6LV0VEYCNzPQ3d1jzgAUtHNtME6KoHeP0cn4EooDlFpwwjRCJ
+ijNmnZfyML2BZXmjKeye+vNXZ2kSRGaAOZPG1tDmdjVy6OwcxsCkv2oOXwZ7WwRA
+HOiLygA4cXym8HDOgL8CAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+
+dbZlp9ldqGYwHQYDVR0OBBYEFHzY9r4DTM7Ptz+hGbszq7XXjfvEMA4GA1UdDwEB
+/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAnot97/Kk3staK5cRrXT3IdCNVOvFTJgMt9oM
+Ngm/cId+NkEFpjPzpJU5H0RXabe5mqpM25W4ybfTTWgYqWvuCxTzwjhDmtDfhUwg
++U7prkEz9LgaJBa2ZZioNsrBEjSj+f/mO1e4ByruCBsY+uEpwU5eGKzySoaXX2wP
+7fWC81H6fX4/QNRnOsajadNSLbyVjOmiwz/c8rSt0ocaNTxkpe3xBh9MLSQbqJEi
+gQTB08URkciHRGBsrBk6HolAjMcghra2Z/Knry1wCcEzQkknOxzgS+IME7ehF9gP
+XmkFC8jp05ZGOfZeyKInxsivefg9QvdGOAu5IXHZvCUrFV//Sw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 76 86 80 FC 15 9B A5 CC CD 2F A4 CB 1A FD 4D C4 3D 88 A4 6F 
+    friendlyName: deltaCRL CA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DD8F6C30E6C01617
+
+7F8RxBk5h9wR1Ib1nxlGHOH6jj5UnG02dtUGJimXtFvAzNz+E5+LbHsol7G4hRXS
+xEa/p3LbqApBKKwskJNwh8vPD/ue7hbo6Hr57jMIE+9LQRanZwg6CMIcaw4eRD8Z
+/nKpIWZgLS5ohLAlLp868ZiSohFgLGPOvgW5IvuoS4LlDyVIn30wViwJZZDxibht
+VWmxQP5BQUaUBSDsZFjwgMJC5Nl+nNBhGcrIlerkaAPXihf1MJ5bMwudjsJfzFsa
+qQILIBy0iQzlwifR/gc5TmePwEOa36GSiLdCaQAihjbhTH2Mht0EEApEYWrr1C99
+fGzIyAcLUBKOQ9Moi2pC0VlGMcB7pT1EhQAcgYfinxBbQlZcieVB8u1dVfbRdeAQ
+ipIZvD2i8fOjDSXp117eoBjH3oiOWzTXCuy5iEyE+IDBxr+FPNCJgc48CX+MfbAM
+sgxsSfVAcClo167mYYbA8O6ORr9QvZ72KWvPJZEO/pDfVTMyZZJPhNyuJR3KxYYl
+iShZfWo/rUow4I4UCRPoobBqEitIPAL/+Uwsd/AEihN76dMXjY87zqm8rRdRsrHH
+YL3Q7g0Owrs2idJahta+2sjsgx4y+4DKX6U5ttDsnOSO/pXJhKCUzFufARoMO/Xj
+mZ7SoEPP+NxGmyHPSb0OK087TyJf/E1JZOUG2GOVXj6QN4yIn951WIfYRyntj33Q
+KUR1rVljlATKkVqwWETnsTGaoSZPmZ1c0VIwA1z/MrXEYtl7Q/cTlUrr7TxCpmw7
+7Dwes0uiiLbYfWXyJ+coGq9V0r5lkkWky9SOE5c4KL185G4DYKvjldPmmDy71hPy
+Tsdj3u7XIOLb/hbrRLFV/6ufs+bY+D6hkZWz1HI5ukuwxSTTjHSkEFGNVEUFtHLO
+E0M60YjRXR7VTE0z5hzNS0Q/9bcIH7jn1z8PRmwBAR7VcgC9oq7PFc+eTWkns6FV
+48m9a3BkAimJ2rsdaBYBXn6+qizeoDeTKhSs1sN1Z02Xu6jPcYX5aTrIsLESF2ya
+SpAVaE4QZpAP+k2jl98N3oZQIZd8L/tOEPRfxuzuVNpxfu/U05W6zQnHHE7Whce4
+miTwc1VvDCwKVlnzGyYm0x/so0Nvzl3FvKVRnDm6NueOS3+BVwnZGB5gGOKMpXt9
+2Rgr/mg77Df0SltFHJf32v0iLH91ozk85pyGIgI+LHqIcYXM6IdCRqqpRHJ7cMIc
+OoAff5sxzolmfrVt/14ba4wtLiiyKAcnS8k1YvjA06tp1201Y1hv0B8v+rSsnzBn
+LsTYErElmwCSu8H7dVLiXvskOXJrlC0mMKKaT9/F0Hw6O8aQwGer8IVGnb2jB52v
+czZoYoWjze3JGEGheKOLh70dMPM8geEDeFIBtR/Z+BFsKPxOwR7O9el7GLwp5wxg
+YpBNumQoGDEGc3v3MjJ6NuDrIDJd9E0pSMfF5wAK135tDEw/briw9qa1eR6opnqX
+8PD+8Dwa0vNfbiEHu9NZWASVBHo0XkZRkQuk9h63odb2Ce8jMvdSb04Sj5hqdxtU
+vwai+mWjeOZeNlMBRsi7QIR3/EcXZqIWr2mnx+sp6+AUeSxbZqqC7g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA3Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA3Cert.pem
new file mode 100644
index 0000000000..2b5a8de8f5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA3Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: D8 F3 A4 B6 51 CC 05 39 FC 58 CE 6B 1B BF 4F 01 A8 DF F9 7A 
+    friendlyName: deltaCRL CA3 Cert
+subject=/C=US/O=Test Certificates 2011/CN=deltaCRL CA3
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBXTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DGRlbHRhQ1JMIENBMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANWk
+V4v0ntSi9RGfISHPgdqTaJJOhlOC/mr9w4/zI03WxMARD6dFCOiJDP+D1O43FEnG
+UoeoxVIwnTYlN1rvJEyjXXZCdrLJQGqV4FVNQ/EpllubGkfc2mvemabpkmYIEW6L
+FlF20TrhiHowPffKj+7y/aXAMMiEfX+kplSkI8nN2wDGfOmZzhHptIKClExnDdJ3
+09sYRAqU8sdK17gthqOUa7Q6YIcTKJD5KP4nN1HHfhZT0Yl5tXnoppjPDMtVun90
+pF7wst8Nr7nO7tiDenpKvlYRNdP57Sg7SKzFhJt5wDEzZVLEh0BQ7iqw/IJRDTXH
+tmz8QVU2hBF/6vQGu7UCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+
+dbZlp9ldqGYwHQYDVR0OBBYEFO9j06hOsfnfYeINwwWjmBjSk5nnMA4GA1UdDwEB
+/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAZ3Ll6ZNSuII0b61IuWxMGImVPqF9M5u7q1W7
+dZqmMMzQCull5LmgeprRJA3jSvCBC3/kmdHsA+KNh5qtln7pOkdewhvz2kyDq/GH
+8boxSNEIi7yqPGVIRLHyp6jDrwkMrbhZOnwr06K/NwUuPMTsN7eITW/wVZSm8yUH
+TR0pDDTwCjrzYiszzbGNsJ/qTtmtroYJ2LJliKXYOhN2dP+47I0AKx5clhhofDz1
+vve9wuHgkZ17fvl1r19VXVw5r2XPSL7qNQxHECGzHNXKzJnSAaYN44py9VQ0JLgA
+gxZJZBZfmW1XzWMfusb8BxGbfy6WFx+698V9G/yas36Uv9bAJQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D8 F3 A4 B6 51 CC 05 39 FC 58 CE 6B 1B BF 4F 01 A8 DF F9 7A 
+    friendlyName: deltaCRL CA3 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6732CAD4054FA1E3
+
+/iiFt7tBHNGhLMtdgr1HYBP5tXrMDI4RoC++7n3PYuKnHf5+qomyoAZwZXWashAr
+AzeB7iXoMIrMLfjKK7Ka4+syXElaZTg4gcy8A4EZjzdw9uZY/8/5fxsP6CwhVRPk
+hAAK3RWdeqnjHpDpsPNQqUxRevHHwtLLPTEOnlSjn+mmLqPW230/q0MCWpGoSk3U
+6V2EX9AY2DR1pARVCUE20F99PQs6WBov71vnLRbjg/NxtN02jw3cvRHog/lX4gJ6
+LtVU8i13I201TCJftrlz8srHOW30UGdJSI+ngcK720wzqhhsB64dtKMaYn32GQGL
+EcG4esC8J1yZ3JAp4Mw5QCgcQzLrPcLQ1S5Nn5zAhyT5KRxVqbVHQW1Mq3GZJEcW
+aISGgZYIcP3g2o4Pj+hPgLCYsrzaTur9uUCgilCHWpGD03PJ/GAqh157CxKNH7aJ
+PkjbnTwXiFm9D1tBcsL1ebkXwvto0tONG58+VII7mT+8TISIw4AyAEZkdk2MBTes
+rYinh6hiyRX39Y1sqjW+j6j/oiZdSEnT903bZ3O3WjH7ocVkUKc9wXCCt8M3j+b+
+rVSEsa0KRTc5h6sosQSx11iiH6DfzhAoHG1DqPxhlwX4HkQzYWolW9NMF1wSO/b6
+3MOTBmbkdXFDLXMcJkikUvSf4DMxAV2WUEINbPq0opKjJtoHiwWiiCBrS+luSbk8
+0iwGkynIq9+d5Ntvqo2XrQbRgrXgE/RX7q3rIloNwHWhQu/F/SoFy8VTd5u4NMes
+hRoVfW8vhDMm7K/BUy8lunNHnBUaan1XOaUZmTFD8IWWR239evo7Arolhq9nbfXi
+PZO4xIRNMJXDyEntnw3eyVZvAm5OiIqzc/wU2aoM907Kes+6N6+XSqRhdCPSAgC3
+GnL43NQIu6Drl0tHFFEv3igQF7QtzVqkemzPCufFqreuYUoLh4pitHpNHTgBY5QJ
+/pnEzzna4hVFKGFqAGw+XINqOaFgnEMQ2KD34LHXUVNJ8cy8srWUYnrl91mZm12m
+9e29Q8qucA9+edRgdBcmkA4iiNamrykzPYi8qG3/SED9GyBKBgBVWcuzEyFcYeCm
+1zCqmj64l1asn4/mxV/f8jL1Jlr8Lfbzaz+rr2ECxK82WnEgrGP3HvmoMHf2GmPv
+k+6zRYbMBqaO6EF2swDqlSVkjAykezpQ8Jiela04K85m5gP7Y8rq1ps1fU6o7bJP
+rDhjI4uUnuC084mufCLxjxyR8gcyWkloc0wcD5yQK07QFg+Lao7SqLgOwFoOTNU4
+uKbH1yj4IO+2OiBiOW1rUN05ydQ7htdmVDras3NWUQsKFZRielWxKEZ8TCKgl+Vk
+t7uybtKrShyCqLNGxniDkhQHqwD4qgJ9bPxjK+I1TdLqZggR27fPx7lGSNFNPXzQ
+lAWS4rO35hldQ3Z3ieRBwvUfGHdvZKOqgft63BslryH+ugSgpU8Be8YVK3P5QH1J
+T1uv43qkwOY+dmFi+/Sn1FXcuhUgcA6XlQLbIPIgWqiSaTH20rnYA5D71oiw1CFR
+Uq7Ls+Kgw72matjq6VTgz05KlJR3uWl+n62sogheiBfB/nSUU/LKUB7oj3qgaeBI
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLIndicatorNoBaseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLIndicatorNoBaseCACert.pem
new file mode 100644
index 0000000000..2913748c22
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLIndicatorNoBaseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E1 81 B3 0B 3C 20 FC 64 51 F0 57 E7 B4 DE 8B 34 2D 4C 78 9F 
+    friendlyName: deltaCRLIndicator No Base CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=deltaCRLIndicator No Base CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBWjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJTAjBgNVBAMT
+HGRlbHRhQ1JMSW5kaWNhdG9yIE5vIEJhc2UgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDD2MDEBGlnaP19Dx4CgvQTIRIJi6rw8OvaAZgntS/WWFZt
+0BYKwbZnyXxJCbGO0HBbul9rFVv2dFZdRWMHd17HEIyv+Xma7/0w7L1CemeJQQ2j
+mpTjEkHef/G+p+Y1iBEn2vomiQV3WtyRoe1FVuOI0TNyg2JFR7SJoZU4P138Devf
+UW8po0fBAl7M/4gjXz61Q72QsM4V8vgeanQMvFaB0Qu43RYADtLMBTLuxkH0jA2m
+xodtfbpQzEnslEbkemYMw3fmuKkhbLPfqV22XaoRAohF4I5lKKpLj6alWTJjeTSb
+KvuQi3whU3rZYru06g8xCot4hK6daBJ4ibOPFZYFAgMBAAGjfDB6MB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBT0OHYlq6TjHMDIdYyN
+E2tjI7aKgTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACnnfaS3g5fltnq9
+bGIa6RsE9OlAFAXNxPVEdvXV4Tyj77hKexYBMwpf0NZ/pAHfsOtNJwU/5HY+vR7E
+VxPnIQsHnImP+LF/rr4I2RZCv4Y98DC/a6nSfZEqLNonxDQRlBls+jKsMbRRDxum
+YPIO7V1O6d2j6sDKW4rHal4llx/cezldhiK/6S9qEJ/+cjozQNICSA4voR0h1L5u
+ZvbGp5d+gaGQ+v6E88CcMTKDupavpvsZ6rQW6Yq6so2p5WgKU3+KdBs3MPKoDyk3
+RCCFHS4LxXLF5I4HYt3LU2SXarj26Xpo/6FhhLuzGaJ1r6jNuTGV6RUEZHSaMl4d
+anTwgW8=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E1 81 B3 0B 3C 20 FC 64 51 F0 57 E7 B4 DE 8B 34 2D 4C 78 9F 
+    friendlyName: deltaCRLIndicator No Base CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8272274058A2EDF0
+
+S3vB0SvIHneL0yWIiPOHWfK97IA/z5l2nkIo42y8IMeG5QL18o2b842vEmSq7DC1
+D3mSg65aa9ShAwtQcftH3+Fnp4my8oEy1dJ7LkGsPQKRrgyfWN6b/AvsB3TUEAGJ
+wC8wuVy/ASLKk3zfQKJtrCNTG6aEVfcx0yD83mE2LvsBl8HmTO2OxldvcKd/hze8
+xlVk3nNPDcwwy6r6FyJzQmqd2NEIOHTeUOHiKJD7PHhjpvJhlDHuzfivuGoxVcOF
+FReOaT+psFm6V5lNNqvvQxLfxv+O6h2+nb3D0gZ6bxTvpCaS0k8plAsdySs3b3LC
+avPddOf2F2qEY/vZRwVrdjVafSXFRydTWufuEDRrhRgf5JhxiJFN8ALPb4DWmYLi
+fmYsgcFVR+GC7tafQYppZJbxcYbItVgPmCXOqq0ndoOrVZObPZlz0rrNk4VExMIG
+ewViu8cv3hreBQFWT0JvCwVXbVTdxDlzBXHluHFjdhD4ZK6Ya+j8k9X4dkhgo+CV
+QU3wUox95YQbGqcg6SWKVEffJ1p5mqsJl2KR2NHohpDA0idGUPsj/FZ0s4yFetmW
+qQfvlhxLCMLIt+AFoJp8WgXtrv6AICDAjMBUulidFjuZy1fhdsBmLyXI+gcOAM6U
+ouoqvOVd8aCnJNhXtaxi2lKeXybLPrq0mNj+jAr10/ZKxaYpHi0x+sRkA0EJ2lmI
+5GagmktdipkOA2CQk6kWeKpxO0DLCdW8VA9TPixxtvZ82WfGsNlgrNlbMdjx5yWj
+w+1xmtHM/rkU1ueTq7Xt3BW8Xc+pHOOKEvjbeEE5GpJCLik/oqUpQ9LfDl5a2AZN
+OnCY591HEFQ8Bqgom7YpOiWtz/kaCOu3KlbOhiZ+zLrFoblwBRMFUgqraMfLT4dr
+yFsLEF8G80fQ3BCtOO5oORbeUYpPijhpO3RyjNiFk7yDjetXZewbwRwE7Qce7Cwg
+nM5bwPCc+UD4ha6B8UOxG86bdY+rk1D8mhAZN7mMQpEVJStIKC/91XZjyWJT7ZLZ
+jWAATAMPKQkColoCJILlFO1Hah0Zh1JhVcn09BDyudQXIm2m4+SceD+Jtlak4+Iv
+6xsvTsiLBgCPKMcy5s+B8cIyeLOUwVLqSd3b+uv3TJF54ANxIjTfpY7isiT1IyLW
+YbFuV14X0NuVs19MoYq+yzpFpz3z4ERtDMlDPQUXqZTr27TeNeF4ALb6fr++o2ja
+/+EoPsr9D1QRWBIy3FxRCGjCX5Bd2iS+mMDyplCJ5d5RhxIFDZSbeYVPC9VuyHUt
+IHHq030V9N5SjIXOR+rKLbxbi9xyDOQJwq7Q0encqn688SOr9PqsevSFnM5Zr3BP
+vWBl1U0ChwQD40pEc8Thteg7BDoeomeD670iG/ik8xW4XMbBT2sMmzLt3JYeZAjR
+Ef9bvZHjXShnWCqgPMcYpmT5ayi6V645PncNj0z+7Dl1il7JYuSo5lz+xo6QRNSq
++kESksnEcvRgnxL3bFUHHLKCs2Q+BAeJbm2tRDU1UtGXny7k952ULVIF7D4voNIc
+i5dNyyQUXfIE31Kdw2GewjUjkXtFSUF/RrK/j9OBPR+VcdYKtt/siA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint1CACert.pem
new file mode 100644
index 0000000000..0317457845
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint1CACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: FE 53 4D 03 9D A4 5F 00 E8 DF CB 39 B4 6E 8A 0B 9F D1 D5 1F 
+    friendlyName: distributionPoint1 CA Cert
+subject=/C=US/O=Test Certificates 2011/OU=distributionPoint1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBSjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAsT
+FWRpc3RyaWJ1dGlvblBvaW50MSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMENYynQ66E+JgY1xOwEnmlpX+QdSNkLIStriNPb9+e04Yj6oIIIDPIO
+/nrtm7JkX/INHfmkYCwATYLWuSPRljutttRqCaja62DccwRV2ihZkBNV5Ptut6Ow
+Ec4Xeokk9704E2oFyZz77RFGZj2B9IY4zgJhDsFBUoNLW5f35PFFZnw7OBYug4u/
+yUAFhJD+T+nX5ULtCEKcDNelpEMqb13w79Vq6x5ppkwu/JVTeBdMqNnIFxNvt1/9
+tiyd6P7ZCRuFDKoW+qpV3jq+NhJSnfSxLeaa9AVqsZN56Ipl6JzYl2mKCUN2yGf7
+PTSiOP7a+T5vuk1fprwWvgqE2up63q0CAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFBEwc72NcCiC0m/P0jftzesjkdvv
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAqvE2hwsQx+hGq3knMpgC7a7u
+k3Efu3rqhzjT2cWDfNagFGwSp29BEKVlOayp+CZdUVZsqs2Ciiv9/+3aNaYMvVoa
+kSX65EJ4+f5ypA3kjEVQQjRp/2caWfoAsuyO1uI9T5bqhregHFplqvPYhLU46ZXk
+Bl+WrrqkfJX8lnGK3bLN8aPd1WvD9P/We/Rq790RGm44zZ2QtKZKL+wegrSVSOdS
+0vUV9quRfvEVIu/JzzRnxkTj7f03/Gn77RKeJux1jHlm69FKz6gWtuZ+gK6gO56t
+Fi2DvQhVBGXVU7pDDBbT+tIWZptLYGLhtDU32CDB/WmuyjPxVehmtWCdIP4/NQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FE 53 4D 03 9D A4 5F 00 E8 DF CB 39 B4 6E 8A 0B 9F D1 D5 1F 
+    friendlyName: distributionPoint1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4256DD02A40FB24D
+
+551dFf1TMYbIL2bCT/LHxhp//bPnIKHjBt8FQjSq4uhPrjfEFeAxLdPFqd1WMuPc
+0kBvaKVexP0KtLd+owsMwb3bgw5BLKDt8xOm7c5auzjJ0EDRFxBl1WyoXJTnu9wK
+uSVS2NLv4XNgRAThfOvVYXKnkNCxiL8/7RCAGrGsvsPpoGTFotdv0NZ6yWkHO6GA
+FoNb5uM+xj3hcLd9rt9sljSFrXiqWc1a6ciE6eK23Ncol4zCMW/CuWTtBrppBNy1
++toc5GRfbxi3T5uKP4UyWV6n104cvGBQzk7Gn8FSa5/dvU3bXtJLiUXQujLyeVTH
+xF+Wc+NMXNe7vF225rxiI1DTHlECiH+AvzC02jCGzFKjw46I4r7vsyRzPY/SYHmg
+4XbVIdws+0Hd4wrkHAhIc08gKJ8pAZt9ZmmUAlQAP65924Vk5TkmatHtn72LDlGW
+d4PHXKq/o2cK3KW+yFFzVkUepnEU0/hsqSQMq0504ip5dAlnn5TDft1kbNA8LojO
+W0kWVXdgrzgPvXhe8zdRXD2wRzhGc1LKOUknmAkJV7EDJSJEm4dLYIX/D4iH8NEF
+1An6Mj/FM/i42c7SNsd55IT2dJS7kxT/GgKSj4RaAZVtXItKEWbpxv9YyNOpNM33
+9uGqmW7yBfH/d+xmeN8dAWifWKjJFobwK6uJW3U4FxomcN6Y7gfbXyj4qBNt5Ja2
++fcT5A/OsiVIXFCb1qpMdoUKGnYJvbDSqFnB5OE0WvD/0DcQNKnV/maid29MkJSk
+vZJUcjw6SYT9h5tIuAXFP9DFMjaI91RLW75JWVkSOApTptdzpmsRkJHOGRBaAIKb
+6ph2VPEr6wDNy+c4nA6/b8Di7JT3bbsPUHOlNnPxpV+4bGBpzZQ1hZjAl0WqNCS9
+eZJ3Wyu4py84hTbgM8Ayewi89bUFGSBS/tM5JzVRSeZYa6PbUtm4y/+YC4PC1Lfm
+pzykFji8j7w37vv8okwnAm9mXUAkHe4Yq3wzv/vx92ad9O9+OQCwmL5VpRtPUCQ4
+IkZrveFk38Jbl7Yqg9I0zd2QRCRSZcV0tKymMknBRb7zWOFIx5asd5B4/YgSG1OU
+c+zWt0gj7aLNwcY+Li5lbkLQf+juJRl9YKR8rdIEVsLZG8HzSzxd6g1nRGWjmfS7
+oLEkb1fjb5EOEMygnJ+YR8/zWoFxJrv7fhEKgkov2GSynFAK1n136/bjVOwDHJZ7
+40FL0YjWcyXngeK6CeC2yGz+FFDt5gaYhEKKqg8w7QwIOqEE2L8GEi15LYCd5wHd
+ZDjeBlR/AxF7OIZKuR36TfyWj0uY9TiqLFhLBREe40mIE782FXO98p4NizOQOM/W
+wkTHg3Vt70bTr83vzjapsyxsbPJc1lDQ9VjJ9h9Wx4OWwG/HauhfglnFXSZJ7qjO
+KhZW+LrULpX1KtsIg4oKO2NG624VzvlAEtCpklRNpmU1DV+82BHiA8vCXsKR2Yhx
+92shJ+5fOGtic1snUYvRfvTudGaixymnXA9QYYPDTogb2CiCK43cuxVdm2MhEI2P
+hDPQGNkBc+VZpHmDXQf4Z/k7SG0WMAwEGnrmWori3iRcKxq1SyssUdNi5Z2dPZ+M
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint2CACert.pem
new file mode 100644
index 0000000000..ee5c443897
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint2CACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 63 F7 CE 8C 7E 44 8F 60 34 BE 14 C9 CB 2C 2D 6B B1 08 30 6E 
+    friendlyName: distributionPoint2 CA Cert
+subject=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBSzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAsT
+FWRpc3RyaWJ1dGlvblBvaW50MiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALQ2LB7oID8p5wb57NwdfJ315YHnRlQWCCGgLmKHKDbxN15m/f0LKYgN
+kNuV3rddlwHkRwY0fsKw8o+scrykcTtFQ2bu8RKVJnkDNayoPASbNnlvFXqQKTJs
+atfy7VLN0nriHjM4GNuQ1kGsOmGi0raZK7P9VZhLEEBcKnoFamInZPX9XxyvLE6Z
+FPVKGZbUiwEdytR6TBhKkw3teOWC7NOF48pyPYT7kqmbqSiiIOziuidtwvPEiA8Z
+OtIYtrf1BC/ERRJ4Q3ar0R1Q5vamzNCCe7MKo8/vYUXD5KlJiGHWRs+ntjoQMelm
+gPjSY0piwTnvfggPhvzK4tfhmUgD0XsCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFERs7ttvf+tOSX94/s3lGKDsu2Br
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAUjZ9l+vtdY4SEDuKVEXz8N5B
+p2vDWBOSoKmPSIAiz/38OoQsX5I3NWb5VTIe9MUg9+Bov6G/7Pxi79qZkSHEnCwi
+Yk5dQDzKR7B/60ImIDydTuBjv9a9H3JUH+sxjViZeGkNBoqMEBbfeKerz5MilHRl
+fWJ2ZX/Tsg36YrCHmrFcU2BoSoTJ94q1+DXlGH/UhmtrD/OzCpS/ltCSIlp5kpUL
+KDx1MnA895+Q93XWU53JBDw7ZrPWEGWvLhHPXhr7FUX0gORQO7+gbJnmelHZdpb+
+69l2hOq3mGx/55qLnyJsyblw9w3UQ3uaBBcY/kZ9KaJsgMpNBzwNmHzD9I5gSg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 63 F7 CE 8C 7E 44 8F 60 34 BE 14 C9 CB 2C 2D 6B B1 08 30 6E 
+    friendlyName: distributionPoint2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,37721919A22903DA
+
+ExdsXEgw7tph+8XnTmAsVxrgBuWl/9P80m6gO9/x4wd3DNgcLxHOHim28B3ISLOA
++oZmjuUnJyglLwFxLCndy6UB7A3+0i+lmmY1nc189NJD1khO9XLcj620RRc0hyZ8
+ozdEuqGhtpvcYUiTrBqWSDdfM0WQIPu7AjlJPXJUn16z4gsRewN6Xg3T1Wz/nHwr
+KSSBowCpz8PsBUl2nCIFhgeWezDJLeCQVpK8Pn8Sgx8JY/kQliQRnVcEi+KTQhcl
+ssxjYokbgbKWkuhYaJx5eTeRl0XfhNL9Co9fKObfPsOFmsCydZ2zgkfiPEtMVpPQ
+NyjdtAlpKQFV/JnuXIfrPGed9S4DUGh0f6zqzdLXgXzQiisF9N9e62bV/dJYRlKR
+DEeQ/swqYHLgbOff11xe46jllQwS5D2QzUX5730uLrWKd4wMC0rep2ZOc8o8R1uL
+CqgyjXuSfhDtlXnMQ++vVky05V6uqiMwugYFhy+hUI2J6snvc6Bo905mjxUNQ6Ns
+lKRDWg2s+UZDWZ9vZORnlCCuw63BQaQ2ynjAyWZHD1NpWoAk9EU3qxCrfHynBnRp
+eM17njVtmW6ostxcKwmQfGlCNWOOoNSL7BZ1z3O6/UQOr/Nc+FehcYRxobJ3+u1e
+TaiBy1Sn4u1fOWPFApz/qMDAwfytdUY2sd39alxOnPcd/Q5/yc/H8HENJ7yhLfkP
+m3iy+xX3yeJ4JA7x+3STgV5pMXutUpt/YYfAow4FfNYbSAzG7bgZLk1ZYJ3cJvH7
+4UY7cipdtkc2fCI8xv4aroLuC1Cniyrt2lwtKjLgmpUS55liZ8PW5f1QhF1G7n7z
+H1wEu1JAN62gCP4Is4d7gMrG3oHIO76iFan0SvbodV1e/PQwAH26EHG/cm0jW2xw
+bSauJiOhd9mC3sHp3fs70jarXXxS6TvbRrsJDu8AUlrNiuKj7rH8CVRZCLZKJ8xw
+gxiexhvZWFXIOVI8tAdj6KXcn1fNzMXXaBiuXvX4YJr5DqBVLAuiGhOhe9HUsxoh
+TUbKaiD3MzYALA5Kd0vSTPRJfEMQNBCCXfpDmrRCWXC/M7XyZBXPC70vLO6+wm6k
+LjoapyFSManlyoQcZxYU89TNhoTq533l4Emx25IO8CU31wjU+RrZx8waYuaL+U6r
+TBY3MFV5UTPOxRNyn8QrPoFgk76Mx3wq7urGqLbr/QZVsoSf/EsmiW6k0xEGtCO3
+HInok44uBDlxomNrQ97QXRxFxz0XRySPkfFlOtF7ANciuNw/bl2Z2VhdxcpCdyTq
+P7X9zpTZJdlC1CNmmpty0z/x9IBd5bxarhuDPAd6/Lx9q07pzRU87FrxsiapiQRi
+j4GbCRgQZXTf3hsG0LCTko/DHuICWXoPGtMHX+cL0ivJfPKFEBH532uRQDetS6ca
+dZokky+lG2abugJQuUEuNh3w4fDX2Lw1KvxYaJWAFLcohqwzdqehVxhRbWolLvaO
+KAMKGkIBFZCfi+2kLLdl/HIQPeBQK7qnhYE0ZsCJLJsjUgsO9Iglwltkk44M9lM9
+iQzzyUexzGOjjUXg4BAtNOlhRk2lCW2U9jtu3qC9kgVb6AUMCSfrfA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA1Cert.pem
new file mode 100644
index 0000000000..aab1211b54
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA1Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: B5 F5 8F 3D 5B 86 16 0C DC 95 C5 E9 12 C7 07 36 ED B5 17 39 
+    friendlyName: indirectCRL CA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=indirectCRL CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBVDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAMT
+D2luZGlyZWN0Q1JMIENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALuf5et3e5r6UGUkLBSZ8GWvlLJMbqav8v5qvzCH8/BkfrIBQkxZJzlFmXUmlBaj
+MssFOzcuaBsXQRi1rB+/A/0eBc7n9q/eZJAujc7us0ZxFSR3wM31dMop2Sj3GUcY
+X9D+CtastUIePibzwSvnyWpmhwATVakSmFQGw1dWY9+mJ61JMHvtI/0TAcCNxMF+
+pL2DffQB3t3s/jzu2wLK37/QGRVReH9CoOJ+EQc3VFPPuZDSj9lVEdIyUnSAZb5R
+1pYzyJgq81rFZyGjQRKyThZVM4dvWkFAMjhxBtTon5EwidSMVFSyCJEe9udmXHzp
+8BEUr/ZTitxRviBr1vOUE90CAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFCX4r/yvtqkaG3lL28tkLItLsRXNMA4GA1Ud
+DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
+AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHLWWL8D7Drl5QC41ZedYyXBDctYlWUsr
+F9S64SNyF4DQQF+H7zBFsfpmjqGEQcQ0RRQ5MX109HqA0Xj24zp5uyPTCR/0ZU7G
+DFfYtkNbLMRf0zuMY6LnYuTa89JcHYDsX62Km52Gke2j5Uv5dhuyU4HMbgnvCYrm
+iCBtdXR8+EPyTKRIpryRwBx7fveMECFNkPYOxeOO8VOpN7s9SBJW9XlMlHJgCgWC
+t0AyKSlOXfGxZOVc+CQ8Db20+66prvugWPxNh/YhDVlCq0MiqN5VeVF9dX46TthJ
+r0/md2iiQ27rUueExcJOdfBVlH0+1h+eMh5PDKpQbhxJOL9F7ozQcg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B5 F5 8F 3D 5B 86 16 0C DC 95 C5 E9 12 C7 07 36 ED B5 17 39 
+    friendlyName: indirectCRL CA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7CE6392CC967C94E
+
+mXH2KbKPjlzKd67R2q/xXneWCfc6awdN0vIHgJaeGUPx1HR3pbx1sfnCIgK9dYF8
+nf5W0MMtI0+5vB4airkiy21oE4yRiPr6ijm6/UbAc7Zbepk0Gjfhf62Cqc6mgWq4
+53U1VvNSl1fbaG5Lt/syyJ3XOo1Oi1cc8/4LSUl9o3MLPVx8rRmS26x/LqlXrArO
+COpk6++5uM7oG7g31ctPdpHrNU3CVly5xYbFyUZViexu55ret+rX8MMEWgfD+Ncx
+BobCdFAkpa+DMUbvf6xHm/a6DvmkrcBM0vZDwtfTK379qMoCZp+UrJtmaXIfBszt
+nWybwYpLIreNY1aWt3oSn1DQZkx5el/jrOMeOfScVMxbKfiyHZFvgNMDum/fy7mH
+NOIqLWQsl1CwC19qcmzqntvc7RpVVCmVfTybnrtlgbdjA2CMExDmAVD0WaES3qzw
+MhgjOsCe5KPGtnTeV9YvMJf9dVW6dR7Vb6F5STrD4pCPl25upESgDdfMB9hsKhAg
+q8uc6tlsZRuwIHreG7KdVMkhYMJPUFDTIrks2cpgLZUq8S/Zq7QrrMDUwhZ+ARAz
+hPeoQLmm6OZ2AZBfOab0/V9l5B7k1yqDw8lm2Oh9BPl0RXpcpPlrQvsZRCMQd28I
+8EH22LCNF6eB6OCRHz5Ob5y0drG5IDmG4iWWFiqcxF8BtDfN1wHgs75G9D45GUJ4
+ZCEJxl/UWOxmJtqU4NzwoZ7WTZs47TpVLKecd/a0gF0h2Jc8NFQbXuKoj8la0IGT
+DfplxWd5JVZp598/yMWP2JV7Fvx4HyqGPG3oK4hZyDCm4+BAWXcWw+jcYilwmxva
+RSScp0xtPriLecBSQaZsO+Pz0XzOrncMyPfNIZXqhOXjOY67c7fChPwDF9UV279x
+PpZififIK3R4xZHKKuOIqnxRBqKP0MxF2EI68yjdfmqDJFMZCPjgfUtEoJAC5gSI
+f9nIia/A0AWaDqtYx8XvBRS7W0OlMR2OcR/U92SLobKna8roviNhDpm4SciYRvLl
+kj5XXWFpszcrUsJ3a5sF3cvFjklJkeuyLGZIQxoMa2RQSSd3xNDKc0kn0v3w7fuP
+Cp2io3ipIEeAIQFnRg2Hszyb9cWgfXL7excsfjfIay5Mm1jRFDcopxF7xn1F5VCl
+CUnAB5wiVQtyFwtRzGfQcLkvxUmKkmrEgAVO4Co+4WE4zWhukNnVZbOxDbMAftCU
+7srkC9va6qQ7AvaRO4Q8zCi8K0k+UhSGp1qj5kutxqnZycEQ3RKGwxm0xDC35Km8
+WUX7Dx5NSEsrbaoyWxEp5RLkXnnM3oO36vIQFUpFdfzzqAV8UZYR4eHQIZmyiyXV
+nImH7N3JKJ30bcWjvqURTUEHTk//0gzjKPrCGUqVPdUPf8Sy+eXmmvWOei4gWvVH
+hlyvr1XAjHKU2LAxvCIMj41T7q/EjFVOQkBKVWAU2eciaWF2/f9M+XET1r6ijQvw
+ISORmGph2rbnydxPDolytXYn9Hjn+hqoPS2N7EvUPOPYGVn5lL5RvK668AeQRd0v
+C3zqDX64o1SQlv+5x7z+bLAkod97c9XIgBpjeZhEV25ud1gqkdkH7qT5oS9Rx1Kb
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA2Cert.pem
new file mode 100644
index 0000000000..0e958cc03a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA2Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: AC 34 1A 99 52 64 41 C6 43 25 78 27 60 BC AE E3 D4 45 34 7C 
+    friendlyName: indirectCRL CA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=indirectCRL CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBVTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAMT
+D2luZGlyZWN0Q1JMIENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALbG+vkISj7NavKshMiFDWeY8m/KGblFRI+iNIivcrXR7KoyDka+l1GySD/v8g/m
+SPVWLySa30YPq7lQzK7Z1ZiIFTK4oX//86C9A739Ix1EpE5wy6N17TcN9/84VvzQ
+4F8XgfWArHxkx6iGwaKAewjqbWXrIlJAN/AEKIVdGRDKYJ8WjBsbjqOKW3gdqeXC
+NQArz2RoVW/HPAQ9UBuHm/HA6pucChQg0Etr5rgWXwVOwBz3i6SutniOau5f3LCt
+R572MrldRdQ1PyNlWu+DvYmeHkn7x8TfRdSzfqJcdZHxiaaD0rDAHL4P/VnPqoQL
+wNAkaumLXxYAobs3/eacM0ECAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFIgj4bOz8mz+Mam+i2GqO5KHBaSjMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwICBDANBgkqhkiG9w0BAQsFAAOCAQEAOXdtPXpoRCu4kV9TYCqJbWIdroe9/iJE
+frHjG4IB7WvGNZG7X8frDJ6jpPPa99WsVTsARpcgIwR0dgsPzbfKi60/M0UIlIVc
+qAsqFCkxomILSXzSHgcjry5Uj4K5fKWPJYxjiFtBkL+aBu4K6/xuzFOXNokj3EA9
+dehWOrXS7rqxcs+bTEQnmg29kHrChbekChIOlD1v2dCwP65VM7G1RiqVUCeUu1uF
+JgSePo2t89Q6JupwgNmsR7rmnctEX+RmA0j2wLmEcyMEyuk5NaBDViSzmA6uKwxf
+1lrs9TRq9bHA/K7Nb0sUIxE0O+dMsXwjLDZjCLCcyJvE5ykw3okgLg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AC 34 1A 99 52 64 41 C6 43 25 78 27 60 BC AE E3 D4 45 34 7C 
+    friendlyName: indirectCRL CA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D14DB604D7D17BF7
+
+hKKgFggsf49lZ9+bD89dr9Rdr59yV5eF0lBS7X1pqBL89UFMwl9FSVaQnyqcWREw
+sab3toOiYRvEHUCGM4Tu9ly121y7/KSkkEyDaDQSrW8RPrVJZ21pz+Gmr5Ryrtzp
+OfiYdCIqgxBb1mSkC9RperIEE0/42uN340sO4qDIGFZlgs8wFFq/7Ohm5XktJ7au
+iBpxEMmjG7JbAYTOdVQDnOIo/IqUzTd3DymI6YiEk/oxE9Lk3m0daHBlYWdHc8e1
+2e4rm6WUTpyuAs+XlJSi8n2x8bC432WIcH/D9w81nxqNNEsKd8glMzGUKnTb0UGD
+0+9+E9nV3i8cx+mqjgF9if+ZDGjN2Yj+u9O6mQ5BIP8BxpcpfusCGb6asv5zzK7O
+G3QvpHAK1NLF7Z73YhTjl1LHViPwrndHRtGbzK79s/d/tHFrc3i+8QaGklkwCJo1
+IijRyCqtrkTDIOzI+7iqmbZvUnecT4pL1l8JATRCOyDhV8StaimA3KU8NTEpYcJ2
+TCAOJgC5S2Q1bygCa64Rd+9+E/B+VbSMtHkaRmY9haXBbCpf1UA2Ylkxk/Wsp1zi
+k0z/W+4WeBdbEltpTBig7ofs1QpfbFAP/eItGlr8/dovLj4VRFIVFkAza+vZYbAz
+O9tikQ4ha7uxbHqFRIPo4MIy8ocwbzaNSTF8VJgo3ertjaWCM7SNkm44ERD7Ftly
+CObzXqvhltcvf1Pdeq1uISRvaekhBWe3vmEMx7mFrqucctLLkiF68YjvtzeQIszT
+Z923kYRuTE4ds/9YU7zyWAk6bTNQ0ThPZGcmnooxcCx0guNtXdXdZz+j9lmazyww
+INmSqoxtWUgnq8Yic5mgcu19pYC1aHLCgouT781T9p38Y8oBCSPBZEfV9n31xPz+
+dkv+YR9U6lR+kQAi3J2HWOaqYM/hs6SPXlGqCLCesANhlsiJoqeGvxYD9uSEqTzn
+/CvHcc/7IP2WIHZGTx7v5OPIdYB0XC41gqqBCSVadPjjwaY5ydmgPbuMgt6lVt57
+BjiGciVHJVfThITQ0rBsXZUoIWOtujqNB9rQ/Vtf9oPLjL84Tf3wPPtVlPtaLJAi
+s95rt+QkHsDil1sKky+eiq6n+dS4qI8HYvFrxDb66Dl59pWmrXxM7AMyBlKdBYB8
+Srk/LkCyRrHQYOItem/YWXAmKsvP/y3XNVAVJ4tsmrRgWomJegWizJyxlSFK7zZT
+7F76D3bPv9ss8/qZOd+z0brwWG2DIqZfofrIqPUACLIyaawDDoCoBZNHKvOTd08h
+8ANDHZbpSRG5P4U7pAGcb3fTiNYwRUq5Uui9B+VyU9Hkc3UPS0NbcDxRO7jyAeo8
+GUfuPswQDTZdCpvGfv2QfzxvEqhBMZhi6uSrxVk9cgAeW0ZIxb8Lyu4Y/wWB54iY
++nILagoiTll/ReaoMGA7ZcZriGlQi7eiUnjFtnSyKSojMuej86BNmBFjBNcbFo+N
+FFsF1MVyUN3W4AeZJvpyOpwgGylGh50F+yMDPufTfV/zeM2GcP+SncPcTN+MK1we
+lHMEzW0Qz0rgn3Aur36ZeA3O0YUl2HYG8OHXmLahNNF3FjgDdVcH2Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3Cert.pem
new file mode 100644
index 0000000000..a9fa78436f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 4B D8 D0 37 3B 66 F3 24 85 06 9B 66 77 2F 4E F4 EB 09 75 75 
+    friendlyName: indirectCRL CA3 Cert
+subject=/C=US/O=Test Certificates 2011/OU=indirectCRL CA3
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBVjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAsT
+D2luZGlyZWN0Q1JMIENBMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANiNK3lOKMs7e3En7Due5lbLp0+mhgqNt/CrFwdoc29BZ3O8NyXPeTN9giRZL+xI
+0af/FZVSa9cX7aYkDIfW1xBCENAqWharbOU6ChJEVVlbyRJnrRrsUfEKOkvg5rDA
+8/7x9Ow9/oLPBmCsBimTY3FnITv9WElB0qO2vws0rlpZve1LeNlO0Iby+w/oWwPb
+yz/v65+Ih0482EHo9Dk7Hyy7SFK03cC2shMGq7YYerpZ+HQDrmQ98J0UllLgbLoW
+0J2X7fX29IKbt3HHfITzrG5qBVmGAhvPLuRvOhTgNWX2v+cu24VlS1I054vojpzY
+l2emDjSX6dAXHJECDomk6dUCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFEiTVH3EbTD/LVdFcSTfTAWfSgAtMA4GA1Ud
+DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
+AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEABQ//a1C5EPLrPnVaIBZbc9JORtSqVNdd
+NhR2GhwFFPihKof9CvOu7F5bhBjFggPPfKzlKvHa0/V3RVMm5wpkMgNDP+sJJJbU
+CNGotpJGzxz0Qcy7oamq12rQZLLfF6+9Bhfl6v4/G+WdctDR9LBztruHFomj6WXh
+9ExtH6IVxv+byA8SDazPaVGegDHB7RB5mfScblzLYMiCE53zzA/vcaad9MsxndR+
+zPVLlvMHeCM+6+nv9u66dUqDChYO7hf6eKjbfXMLYqZkD/ODuwt1eGmNaw+JNgK7
+uR2OBjnbTpFsxlRWvr9a8LLdRv3WouHeLXPnZZNXonemz8UJxY8/bA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4B D8 D0 37 3B 66 F3 24 85 06 9B 66 77 2F 4E F4 EB 09 75 75 
+    friendlyName: indirectCRL CA3 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,70DC1F7E38F226A1
+
+wcAcDokOxThmTTO/Lkg7H+uovoXaR9vgWtSdwk0HADNerrcXuXUJ2l1uP6avTDSb
+4Ecw/lWOb0WDZQj6CxaXZ1ZqxO74z2F7Ta3ho/oca7qJYoix6qxuzDdk04hlL6hl
+YiUMCPCP90O1FMoqR0iN/4j9sWaUv5cAtq3nYEqqI1UwcULeyPeASqCSA2Yuw7El
+44p2YEya+6GWfBz2jemDDNl5ofqZB6/McABgDxAQ39awXg+d3ClTb0tt+5Rvw1qh
+9jq4VOTEWOw3QtMq11/VmpxO1jur2ltlAU3L1Kww4lUwoR1TKndTGmrQW50cx0vW
+gEAgX6bLjbxTNJjNqORl62W70V9Wxc4tV43mKUq6IeYMQmJM5AdaDfZlSN8GyMIc
+VtpRcGCvUwfAjgby9VP6UCEOaTQhuRyGb8jsOitiImW9C7x/KgsTj9aOSvVjqd5M
+KMPfvcNPiO7uGPKtYFMt+iFdG3sm4FQ2oNUWd2nsnG/IEHrZZGmzXBJS8M1u0kEt
+6sHbs9b2j8yoCzv1tJfHMHWL71vxJ7zMgY84cxUyllFA2RZH2QEnwdUrR2r/aLP8
+hIstF6Aqd2dlEWfJ6/+EWPyiZngtneVDMY9GgqARb0+bOIe7CwusxtXrNGFV8Nu/
+Wjq3G1Xm85kXovPlb/2w+Jo1qgetPSIIV6nu5Jy3B+Qr0Iq04kwthBkusYqezdF5
+qE5D4ez1o5Kojy6NS9Gv98XXM41+qA3mK58v0PAkSMe+hmCwQPVjdLrejWcLKUte
++wFINCQGavl1KvVqHwrDyKr2OeH46FZYHy4kxK7gpUYaITwRuAhfxqoaJRegDW8X
+JILdphexoF5UtXuNba78j/EP4fBOCW4qLirh27mUBqPN/mjvwWcBxCnkkNl+nqy6
++bPk2uZV1vjC/g5lDTJHpXSsK2hjGhX14q92PmcTCSPJS8CU3vhYB+RfZdWiHaGm
+ro8+iESwTKleXQtQb23003kez7k/x/kaqDz2zRTM6QejbH/BCEw3lX/dCZqHXsO9
+B7PtuQ/vlXZKr+1OPmuAMDxC3uz3FK70WndWAc/Iz4u6MC5JUBLBRUbCKWt9qpiN
+1IqUCPK+duGy4t5zm3eR40F4gzNhQik4Fswtif3SLhH/+k2tZvdBlD+pW7wsHf1P
+UG9aVeF8nrRSOGxxm1QvUG29QE/CPmlr2dFIl7cJXUQlAGOkxyRqav57YKTgvTWq
+Bzsb+Rn2g9guN6h1eikF+LbvH3jDjOWCv5UQmQ2oWmeJMzCZ1BA9Zh29qbpgQhBm
+fcn5ymsh6LhLoOie+4YbAH1NgL4BN8GSty058VWpG4TuZ+HLaTi0N968zYWCE4nQ
+EYW1lOR8mHb7Nt/m7vLGoUsyJ4UcUeGRj0Ni/B1Do0EBkMkrL0aWZd/SkKS67TEU
+RNDUte2UXVTdUNG9O8cp3hosxeFxe+JkrH0jIMCokklGywPmRA6M3j7EmXB0bBx5
+1s5/ST2zSclDPWsogQ+WKhMsM1dyKuRPFHaKZZQd/4mvP/UZvgx89yORfTv/6HPO
+h/O5UkPJBEV9PQGWiTITDbZA7qwJXLoMm9T9iY/1xA9IFgPxyc00fYaa4/NQnKzw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3cRLIssuerCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3cRLIssuerCert.pem
new file mode 100644
index 0000000000..e860a06fd5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3cRLIssuerCert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: D7 67 E3 9B 4F BC FC D2 0B 68 1D B3 C0 0E 0C 8E 33 B9 11 5F 
+    friendlyName: indirectCRL CA3 cRLIssuer Cert
+subject=/C=US/O=Test Certificates 2011/OU=indirectCRL CA3 cRLIssuer
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA3
+-----BEGIN CERTIFICATE-----
+MIID7jCCAtagAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0EzMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNV
+BAsTGWluZGlyZWN0Q1JMIENBMyBjUkxJc3N1ZXIwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDEEg/m18OkpbFmgcDm2jrpdH5AIAb02lmRStIbYZZu7kJ7
+WPJGEMbGezYr9zg40ALP2a8GIygEDNuw17xm6vAr0ivCYd0mPcZxZ342EsQHLvG7
+u2zsDqw5cfb7BTyn0r7yEiIV02EnKfQYWDqpdV6BoSKnDzVGBafwos3dBk+ogr1c
+2s7iDW5oHM8cypqsOD8Aa/LbMvu5S/qaGYJUF0HvDavQTKKgSq3hg7bwcGL1iI0X
+znMWbMz75XM0ZB7G1Hj+0F4yAMB5NsFw3nfSNYTks9XU2l0O+qS5uhsn8//5odLp
+84nTd6FxGMYXLIhxOE3OTlbszkGNKE7CyXpbVVDzAgMBAAGjgdgwgdUwHwYDVR0j
+BBgwFoAUSJNUfcRtMP8tV0VxJN9MBZ9KAC0wHQYDVR0OBBYEFJHROZjJ709UZYoY
+Ui18EhIKbHeNMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAOBgNVHQ8BAf8EBAMC
+AQIwagYDVR0fBGMwYTBfoF2gW6RZMFcxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZU
+ZXN0IENlcnRpZmljYXRlcyAyMDExMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMx
+DTALBgNVBAMTBENSTDEwDQYJKoZIhvcNAQELBQADggEBAD7jPyov+IMOSYaort2s
+i2Hn/Y+wxXnqcLw9sTsxCMQYSQTgvXLN9aG7wT0gCNGR8Xdg9GhsMDAqUjwiBto/
+RUcsA4a/8H94SmGpO5v/s9Ow1MNicSAZxn57nKIDhj2Mb4sHIxzEgEp8iclBKpYm
+Hi/J8IOQoSR5e2nZSDoEGZxadq+qZx9BQYlNCMIZ/w0YPU+Xj8Yhoz+RB6my11m5
+cCTmcrMThRIsq8m9NKeRokZnhjjrPFSAaopbVaIlI3d7vTfZ6xbqozxG3qs4fk0Y
+g/vMAD1kSMt+C/wj9SyzJfzqumVilpRozTvMunD/k8mb1kWbyij6/V9fm6gdL6eK
+nko=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D7 67 E3 9B 4F BC FC D2 0B 68 1D B3 C0 0E 0C 8E 33 B9 11 5F 
+    friendlyName: indirectCRL CA3 cRLIssuer Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,91F8DAFD91445923
+
+y0GoU9Up1IcqCWyZ+ELfoH4ov1/IoOK0XRRgjI2kOX0+KtCS/kEZa6mFZ0hS60sv
+ArAnokuFRr9lbbyvm/R7Fik8kQBz6BmMCuSNOL/UMPqhhjErvU+lgUqDQMVbEWTQ
+l7AYQNBtXWEm17HT1No9vCy5VpBipphr7x9OCc2Nan9ZHWV6Hzx3kTxBInnyfwYd
+uBwkoLkYXDqvrwkJiPokikc/DQBl2ksKNeWjBUbskwZ55g91qAVg8oWSUAT/picV
+aP9ZXnwYEFcWheooLRLVDyaUIRGlwiRV7KfBrIDE3ClySGdMTMmjzfRWdxk7tH/5
+qCL+pzWz5RGM+Uhvnt2sf5hWYE3aCfIQT2sLhkoiqG/j2FB3MVRl23JSnH5nqwPE
+093Suiaf3qUwCZZpgP/7+ZBftOBnvi8zRZy5RdhFotSXRQ16MNGPxRvI4eKdXcDs
+9rtn0b6NMPlDym7JjscfVgQa5bCFJeaV8gh4cEWYtFIjgN6o7n7RZIJ7ZZBi2v1W
+eMVLB50Nai+EsQr4h3plJnFu2Lh48MgAxIiy3k+xLTGTQyYxJOJa+Ms+jWSnjb47
+XzQLfrZ6NTCKpTVNaUNmbPeKPZ1cDV4RPzkZbd2Hq2gohr34NfBOBp3d0oQFCd6/
+BvD1ZTWCPe088jw+tL5QClXouBPrLTuCUKwDjCfXQLj3HWJixJR37Al2meicz4jx
+seKoygO6orVJubJPzAPF0zIDGS1m2Q5f8eT07Gmgv7XlxWlcxOtzP7epjjhlbumv
+tgRu+I4qBvLVuzVihKduISI9M9Epzxy/OxQMYkNxKt2xBgZucz5htOlH7r+HTHwT
+Xs9jBO3Vc0qsjSRuOBfIP6z4oe8OMfZmIZidYDqXqtcoHai4YYMNyUaeVqSLcfku
+QnlpGGitPFpu+7/Hp32krTd+3B1NljedRB2KWRb9fB8u7uQRoP+oxt8cO87G1XS/
+c5B4j33pvB90FSk4ljvXXWkqwKojn6d4w8URgHDsWsMJRuwrBRnguItgNL657JKx
+qjcTdOPZvFBhCPeR7zYAC1Sph+ik7qqdk9CAOMbFX8BbyFfE2GGdqNxHAiTzV8PA
+4A1Tv6dP5pAzTTf9ID/QugzKglCm3Dvib1fGr5C3aCc/CSdE0X1ba6/4X58IFI9r
+0rWwyMlPShStT9cFks3JeOPIQL/a2ShdeQCjGhdj4muSSdziUEGMikKnSEaKvk+7
+qLvoyIQVmGMx/zG00xbw3lB89sJq7o4KJUXEom2hTtf/wwhO4FYaFLwmBXup37Ob
+P8tsmWERiy2X6aWAtquFawRimb11xCWxWvBmjPVf7g+aXdxwUoevj4UZNEPuKhTL
+hIePovajLDFj2jvtbo2WBU/GHyC2jBs6C7hMCZBhpb0C12I7c28jqHwTdPtB+/ld
+fxudITxmsNQXW+/g90RQp2TuqllKjltjFmtgXT8XQR7SSsivaYhSvyUq+/qGB3Xm
+5MM75YDJjV5WNuFJtTNp2IyKb4gZ5/XDLxBJnuNJT9IFatLe9WkvdldSwJRhEyUn
+PTH5mD0oCCRr5E1Q7FpMsMSavbfN1c5zNZcMXT1Zy7OtEtyH5jAPHw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4Cert.pem
new file mode 100644
index 0000000000..df33028904
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 43 DB 38 3F 81 52 93 48 5F 32 F8 14 3F C8 B5 4E A4 5F C6 33 
+    friendlyName: indirectCRL CA4 Cert
+subject=/C=US/O=Test Certificates 2011/OU=indirectCRL CA4
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBVzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAsT
+D2luZGlyZWN0Q1JMIENBNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AMIccFW/U1iXfJpLneZ/qS8p7kcRZMEOAl4wEwPcQNFqcceBINzwzkHMnKOsdbXI
+h/9p2I8+uzRA1zNLL7Z5jJdCskLR6KcyeK/PatB606UOKASrJssK498OHhI2GAY0
+/htTk+Gh9mKEXzh0TwpT5RMeAQmz+0rAG+InatLWzSo0js87MhMcgiBPCm8nVMw1
+31Ju6DOhGJ17zsjWCQgq4cjvniJe0oBmiZJI70c3BjfSyETOLENCkp2iV7v1VjiG
+Aqo4K4iWBlhE2tTeK4gcRdom0I+RMsUefz2TawxslTKBT75jbT0zLc6KcKuawqQi
+UTSeJ1pId5NkBsd3I4iV76kCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFAxaMuqUASALqKovyRLjLkECgui3MBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwICBDANBgkqhkiG9w0BAQsFAAOCAQEApuBvFvvvzaEhVXrF4iklYuwhN3XOAIYl
+iXtVgh7+eB3hLj0yI3vlIRe7FaiYQJyd4WXQgfFtXNnjqCbQsmHu+Z2La2INu1Z+
+GmKryMZPSlceyYlovW2LBATRf4XxzusrkKZ1ovW45wpad3w9x2Wmnyd/+xzcPCAv
+0E1GS/pstkszz46E7S2dtEab9mSHADwesx+rese6zbdqT1wLNgxVu7BIYylgCmfb
+TV2CyQCeatdtAziyLaHtqK1NFWBLDp6KnlRXyjOYg1kVUNX/qQVYcb2S+OaEFQQk
+M7c+30FSksP/pWcQ+MqpLoTpVT9dlwYX6fWxGGc2hqNW42A+7HkJXw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 43 DB 38 3F 81 52 93 48 5F 32 F8 14 3F C8 B5 4E A4 5F C6 33 
+    friendlyName: indirectCRL CA4 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1F861942A743C6CF
+
+wK0oBQc+fOeGBEjxMYsOZfrZgHK6lfs84YIlAm62Dm68RErR/Vb8EBc/0nxjv/hv
+VAgCQGTOqLootoFYunij2AYWZj+rUWlbl4CzmupOIpF4RU58iRZ/StQM3qBGiB4B
+xywYmjCt6A4/9x2fRRpc8mAZ1eAAkPuR/GPlxvZBjwueHkbeOw+U3ff66vLN9mpR
+ut7JmvTP13clfQsTrvyo2Ru0xJEOKhEVRm7lfV8EKviFK63jyZAIuHj3b244kgvp
+9XiI7wvn9mTkl50fAV2q+lnKbxBcSqRMM/YhDQ7uRI3vP+5SRZjyOtZEJ/lcWsOk
++15ZvXHLy5N0n8NgsmL/rNpxsyEAUZnzW3jJe22UAG/VxXldm1U5+Ks060KkWw2I
+57ZbPAUQFt9Q2IvmNmYzU6jIsOsfHILJF2PfEiu03P6OQOW7c4H6BiRtj4/nTZ02
+HLg2GYKXIRFlyoSSmla7xA6c05QKgbXkARPLNrQeF7gRs6Sbm1MBznXXieGxlR2s
+Jq5+9OlaJ0TuhUqYbZxcytx7PfSVMHt0D9n1oAc65J1ik8KcBpdmSi1B7brxUH4w
+r4yQvGDuui/uCSLzfW1RNkug1jSUI/2mBRqvJOTzqFblLXi29NEb7TzDXJ6q3qe9
+sFD7ZbbrphLCl4iawJ7tmB6+Uz3+K3w+mkLa3muZPDt5UZ6Y93qLyeQNUk2NL+x0
+7FopkCh7Tp79g4oKWZ7MFcslyWb3rrd7GuPwFC5c4+W1k1PsEtLnpaAxbNLg82Z4
+tXeDnp8HqNk8G3M++193LD4syc9GUBYFc9ToP4oaDVjyHc7RYy+SjfKyh8Ij6U34
+1Ff2uctSh5x93xEhYwh0URdwnX7OrOR8Lo8OPqmTe8qnTJ4Z5uRoMVXxhZN90bp5
+IyHmaJvw/gpNFvTT/PTXzjQYawqQQvDAVXTzOyUPgijHivH107JjT20eVGKdIuLG
+Ty59T+MPf9wamIarR2/RiMLdk266QJaKlR24p1/LSZmgu5jmP5O9S5W3k5Z4VBJU
+ZSv7Z+fw9YuN7vwNWxFf3djLV2zzp/AGc+CdTWf7hUVTs56aSqO/AYmPpq77LEMl
+HjyqNK8dh0VLJHBBlECNx15LCabpmBO2WwpH93BIogC/NE39U//MmiP989+EVZK9
+tplu+EEYVPQKJiKgaeSyAOcf+PUJJGBKggAQrqjxmoWjnN6+++p5koZGwwYQyhUj
+eT8VfphlFlE44d84ZymVsqrJirNrriDOfc8C9MDi+jKrcI4utHThXFNdDMZrNmE4
+dNjibaSn1Wi+YA6fNjvTfGRUl8taHUj75F6Nj7C/ugCKp6AWnYMEAvDBlmsgUN2J
+Eyw0eIkqM7nAqQhnxf5bgikKA3IZ6EjYoDeH6MgigtPEUg/pOEbRrfF2Lnc7F5mD
+7BqdMu/aLY/z5fELT2jADaQNaexoboslnhBUHKcVx1NwYB0nAECGKUf8b7cd4I4q
+2Cvz+j5p2GW5g8hbu+rdMvdueanM8j6j42LV2eBp5tTLyTB6a0wnlLxawqKYbcc4
+Lpbe9ngqZHoz/x+cNyCx/3YX6QeHWQobACVe6fRYtW2sumwi/Wt7Pw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4cRLIssuerCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4cRLIssuerCert.pem
new file mode 100644
index 0000000000..68c5c76a27
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4cRLIssuerCert.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 8C CF 5B 50 6A 15 7B 2A 06 9A E0 FB 03 9D C2 ED 71 5A 7D FE 
+    friendlyName: indirectCRL CA4 cRLIssuer Cert
+subject=/C=US/O=Test Certificates 2011/OU=indirectCRL CA4 cRLIssuer
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA4
+-----BEGIN CERTIFICATE-----
+MIIEdDCCA1ygAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0E0MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNV
+BAsTGWluZGlyZWN0Q1JMIENBNCBjUkxJc3N1ZXIwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC9xeOutJme+85JOGzcNASVfrEKrSri/RMChEdBr6Fh8V03
+G3j8wKFbvoubSRpFn14/pqk8VyWURjeqj2knSeYd/WJI4f5k7GTo9oD9ysOIDw3u
+giAY2IqQAUhwTyP6UhpQhXNPnmHpS52lUGIe7Naq5s1UXaTc9ofg/qKRSHTOFZ6O
+xO/QwPC5upcZ26ooEV46qz4Qe0tFO9vGD0XTsSgBKwguXPlxd4Jkyd1IYh7QfBqw
+5sKmJTbn7zvbPJ5cnpkJvTyQmiriu/GnmgBmYE5WgHd9LE4iSTfFuLv3ssaT41rM
+yq5OJzi1J2/xS0g++9Za2Tzxqp/0gWVYUYfM/MUbAgMBAAGjggFdMIIBWTAfBgNV
+HSMEGDAWgBQMWjLqlAEgC6iqL8kS4y5BAoLotzAdBgNVHQ4EFgQU8wjrbbnFoBCk
+2gRF/696R68RwLkwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA4GA1UdDwEB/wQE
+AwIBAjCB7QYDVR0fBIHlMIHiMIHfoIGEoIGBpH8wfTELMAkGA1UEBhMCVVMxHzAd
+BgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAsTGWluZGlyZWN0
+Q1JMIENBNCBjUkxJc3N1ZXIxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5k
+aXJlY3RDUkwgQ0E0olakVDBSMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBD
+ZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UECxMZaW5kaXJlY3RDUkwgQ0E0IGNSTElz
+c3VlcjANBgkqhkiG9w0BAQsFAAOCAQEAnk525PYwE6GN0KVKCE4B9NFybrWSSmt8
+Eh7bG1bLDfd7aBW2yjHSR0fr2KpYMW1OCB0aS7H9kOOrMYoJIW+fDWmw94oUhML/
+nvrOGmkaIuoPFKY1rI+s2NdG7taUndMw2KFGprToowQtWTs42f33NCi8PVmppXKQ
+HbAaPFl3TBJ0fk1d0dmnpqYGHJqgRSbt/qg0pUisYPhMqD4kT/4iJihkfovfeccy
+rptvHA6XoTVKREP97eCKGpK3SZ5eDoVSlT84nwlqDlRzvBgCnyRyR1eWo3lmWjox
+EmqYwJAXHfPRumgNMuC6ccAEzUMvPacD8z6fCWjR9uKUE5opGo5ffA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8C CF 5B 50 6A 15 7B 2A 06 9A E0 FB 03 9D C2 ED 71 5A 7D FE 
+    friendlyName: indirectCRL CA4 cRLIssuer Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,95D33CFA36DD53E6
+
+ygCly9uXoWW4ISD+WxAepT9rBjaL7KcFLxrxD5s+xmWh5seZeVlmXsVOdebdkbdV
+AZWNWTkw8Jz+hXmRfHEkvJLZZwCUL7s05hyWgxJ9UjT0iaUQIlwJErcm6JyaFkD9
+W6g61L57oLq0rrcv1KMBjD52lwjtGN67RvesHxLeAVIndqlhl00MhbCe7cOi5oVc
+hsRjqoHQ1xVdNQkIdFzK+4nqF+Bz7Nr4oFWBk+CbjWHGL6MTf0mNtOZnrxh+O5d1
+aEomxqHtW+JyLoYLWlLtfJj9kWMJomaO/c0xX6FZ/teUk3zXRxtHcDocrCgvFiFh
+TPHkCvivcH6bTqr/WTN566pZfodJKsqZmV8/Y8BYx2ZfxWN6JxuxysELP7hPX2Jj
+1Uub5gXEw3GGpXd1OfKm42vvONd6usVbfe6gtUuH8WcBArZkNkIjGrtNA/HVUenx
+jv3HQyfOHufcBrEAUqwANXjVY11sW6ANPSBeEjnjSzFZ3BlPTdDJs0DTibbwLjAv
+IR4Jto9xra00Wo2vRNpr0yPXV168xL7pHa3opU7jlQCg0qUV+JTS/YeBfRJRzM9Z
+Le9uGl2xYZBg4IgoMLl/4czn6NmLxp1//vvC9r23e7/mqCZ2mHLtyBCcUgLkBlFl
+hkI9gR2QEI0cn7ESY9Q3cMOxb71kpXYRzbW7qKUagOkFzgQTftbxPfPQmUfLMxqP
+m9cqn5PyL5QQlDfBkm5NGsHz1Nx01bH7buBSh8HLEr912UCZ9wWfK7VMjxu2hObv
+UE/B5EMudav1PT0pj84HZBWnmEHFkbZZMGTCiC3+H5rQQIQwC5Jbk8dAGIur+yn6
+j0iNybXdtYFyzV179h+FcIYRFMVIbGhVGd5/5kBeAqDjuk3WKhwC/0rGRyTNNbki
++HdjRF51rZ5E7ZnkDCW1asgUeu/mWyyqbg/Sf/CI2SHFM2BTO4QnmBhuqUOZemgW
+1CS5Os9rKpMXh7g7xRr+H21tN6MqCUoVQi2cQfpV22VGF3OTFbayw0bMQjQO7cmO
+4ij3Q0MTG1BeAUDiFxs5ler43HmhxxMW3psyHzG4mos/IGkL2Uie54JwVjsXw9Bt
+jBIeIkeqSDCANC8s/Vs2oq8yZnFFNrHokUdO1FvJ/3ADrwpizhvzbqe1T0U84qH8
+7eJKgQbzcoZzPmlgBQmeHkb1CGsKxxTZ+Z8VoOnvOh8AgoWcan3DaShv8OJMIEaK
+++QiCN9AMVefZvWniru4ehw+hq8aFM5uCVTDIrfjsEPJ7DGmVtl64+0i+30ab06R
+LEN2O8T1dkWWmzb6Wow7srTk+seyliAvfKXWoKwpYXivK1ULls6fEXaA/stfcZ87
+ZmlokqTlqDRBYxuujuPlOMIp755FmX7AUIAVFp/HKQCS8hb72wy+ETlLhhfrO1f8
+qFi5q+DmE7WwBKm9LnSGutSrnEXYad711Dd+aFa2elXUKXBy4GSHMDDAZTMMK4vB
+f32ql1j1D/CicVB5ubg8Z+gAu3QbOe7lvTzS/9TYltb1m78zwljjQcT5W8chCuV+
+uex0J9KInh9PwHfDylm5vpNp5gdiTPpktlcGan5t7fRXaJ2qmmUSfQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA5Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA5Cert.pem
new file mode 100644
index 0000000000..b2f82c1a97
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA5Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 27 4F 1B 00 78 11 92 48 98 B9 DD 80 D3 52 B9 CE 73 4D 3A 67 
+    friendlyName: indirectCRL CA5 Cert
+subject=/C=US/O=Test Certificates 2011/OU=indirectCRL CA5
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBWDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAsT
+D2luZGlyZWN0Q1JMIENBNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANCnFJyRRuG+54pazi6+E/5j7N/GM+HyV8HeSNEtF4lXdOxwaU3SnKYCmJNMM7MT
+lg+dkilaufu3TV0Xqb8jgXXP+GbTVHLk6bzTozhDhh842cF5nFfLZvpp63yEDFFa
+bAmlV7pJxK5mv+/SQHIchckJOOZCgrcxRulUDF4SZVhXiyowX2p55Ipuyb/Hxbea
+i03e+SKptH+WltSwtuRuI06SLx9sjJXDQ6xdkrZMogDNTicjz8A+dbHMLBoxqHDv
+rsCzTWTPVOR0y+AXu/5Skfc/qsBzsgSSR0s8TOBflnKFVQhXncKQnlUtzxWAE5Bu
+rjKEgo9Ubvuv3oHQhHDkh6UCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFIH3qr1IdVmAsM/fIxid2JNGghazMA4GA1Ud
+DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
+AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAic63G/b+yfTHBtYeNKkZwT9RWSs30IP6
+oSNm8yx7R8kbpKGtfUxhvct0V/0Mn88yPf2vh+Q1ILHYltgyflOO4TiskFy+82Ug
++IBibEqBafQqGEF0jfzw8ziNjFxLIZbO4KKdgbCu8lpK1hE4DJZSO1Qmb2VWu1cM
+obQxILQpT70UtUThwzILRMDeOn4suF/cMLzhyry69UXwv5E7y4pe4/jJRkwFYPpW
+MOqCTs6jI9y/0fao95iwi0FQVVoAzu9T4qvAageeUcaEIM9MhI7d/lJxJhdI8UxU
+HaxFfVvarYxJ6Y566RKfhMS60QX5Y0HT1IbDPTiLNkvBJNlOMuz1rw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 27 4F 1B 00 78 11 92 48 98 B9 DD 80 D3 52 B9 CE 73 4D 3A 67 
+    friendlyName: indirectCRL CA5 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DEFF90C14C4E25A8
+
+/Uq3XhQHgdnCIUFfwm0F4VHwNuiLV46nWrchtUiDA9gtGOZWuDZWBw0Qma0b/AFK
+uzQOeXDiDL44WwntmcR/tqHT7A0Np1wk1HA+XZg1MkLPap2W10fn+R8PAguzboMX
+yjGUhhpbJ5lzdGNZ8qQd70t+K1oHdY0e7CEWkqG6/6jCzRTMn4WGez4Y0tz/TAjZ
+aV13WHuhlokWL72tGkkVvWFIW3u7ecO3Lq++zc1M67e1v3zMTy+LuKjejmQDttXn
+hvel5/F919/Kd7Pxf9e0cjNJSBeymokEiHvnckgDB/CAe+sALVMM+9neDu41kskc
+8JoZ6xN3oP55/JCcOl/oUnr4zMuZ5h812BQLl7QnBpjbwiurtrNQwnD7iYmb7RB9
+lrBjYfs+OgLIQfqVYbVAKL9DxqGil0HzYDKolNX6PSewl6KNsIvvDZDI8ylpb6iD
+nche61yNB66CR2dGDUZtn3xelGo8AqKkH8itBXssYvhC/38FYV3uLtE0NucAz+IB
+WheyC6p/6EQYg1z0Oxcn3LxS2revY8W8HC2SrhClTxrSIs5B3yTTUgzKEc/fAOtI
+GYEy0YPpBjEOxBhnicBYFfSqVk1Ky4JyOOBIGfhEm67n2UVKM9lvuGmB5o9Q5/bb
+kQv8DEWCtf3L1RZN/iR1Avm5c8gVy4aggYiuJncI7ZACmhuFbZdEgVUMg/aDzKqt
+phcL8Jjms7x9ZYZr4xSQcsJOtqt4WYySPFqk0xukytvWJEH7pa0xp35ycSo4g/U/
+1EAq9jBRzSVAe/+ufsE01Yu+S/xjPwmwS9C50ArYx5sFzk6YKYnYZ93j4DST05pA
+7nCoLDFLSKqRscLMsjEppPcudv/TJhJQmceTtLfzgat0zTkfUCALNuAhfCdai7yl
+l/HN4pUQj2JXPiXHIOneybH3Z4P/MyxNCDmncI1ha6ZYuNLqcSmIZUJz7cfovr19
+Z0lWl0OHSVPkav7m+UIYvppI5f+PFHsuz7+R/im19VEZMQ4sseswvFUYAZ98YLMO
+bgtsvo2iqUPSka7ejFo/pmwQQlFyQEd1zNXCUF1wEVqDH4kejz2TjgKCtDGvNu5V
+hQ4eeh5m2XkX3IlUMJiFle8Y5W422ekk6OzPLmVl5/iPrCVjshlekcLO/sPPvSeG
+4FT2DPk/twcEmCJ/Wg0OcGk215mspNwF6Chk/5i9BPcmdsLjT6NFygeTQYtVAOrA
+3dqoNekvGdH8FmgA6pCCbBUOBboKbNzyhE2pOsAbkbKPzrrmKbMO0516cNI4nfq1
+92S0owEUqH6++ua6Rp85ngnjm4ZFMa/CCw3lnHJN3EpeQTQ2EIDwnrJ1WAroLZ0G
+u5fBXJrl4Jj7QdKZpayd8vzrxFkOnT+PzHJYTQVWhk3bHFaPWBDheRVILa3uzFEj
+DCkGKOJwTzc40QclIeexMu1UVOjPtZZu6hdrIQqI5HEMLLXPbfZqlqQ/5YCr68FI
+XEweTp5HiZGWSd6d5o6u4lmRsRVoMCuZ41AAhMCLyCUnXUBhu/cXIi1SaySdpss6
+YdQ7GkuvZ+ZceWyVh6RaCba3eIrxo8lh1ZlJIRsX4stvwH9MkSNPSw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA6Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA6Cert.pem
new file mode 100644
index 0000000000..6779e6d5cf
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA6Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: DF 60 70 22 FD D8 66 5A D6 48 71 B5 FC 7D 66 DA 67 7E 5E 0F 
+    friendlyName: indirectCRL CA6 Cert
+subject=/C=US/O=Test Certificates 2011/CN=indirectCRL CA6
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBWTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAMT
+D2luZGlyZWN0Q1JMIENBNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANr4SdBfmvVoe7FX9vAiUwmvImwVjK+B8t83+7CNGq63EWeLcQztgu2PU0p8z3Y4
+txQrhxgEbAc8WvNnLVbPRwqsf4EXvugsVh8O7jVzLy9BTrmlGPRwk+dI5LFlCZzJ
+VzdkAUcK+Q7kjK4OfkYEBo6TVYDxgjm14NbXNVVKahJQwTllUTITtQ68dwd/IUTt
+Y1Tpnb2DorIwyTDtesMzGD4118RxyKmBwXICic5Da8Gh+laHXxiz66voVvzmed2w
+umTngY27j/VgoHkc4ZMV5S5wFfFnpZeqMCi72Przwjyq7KCkB1LYjJHcfkVBQLDd
+2LjbqvzP6CB9P0cyzZXtfHECAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFB/JII0Lo2wtd08T3kL0C7beKnYxMA4GA1Ud
+DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
+AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWH/AphxOKQid6uERppifz0XnqpaHMW45
+GKgeywO560Uxfw3qZQesXDRUigcMh4XKXtysK/ILWLiRzIGhzJ3qR+uo1g5Paymv
+76azYg5TQbKRBnqTq9w0JcrS3s82kKfVqQcR5PbmADorGFMlxaGdVMFv2ImkPKO6
+8nm+S0X/xmjdLkVu8Kvbw8za8+FQ7IoCsBNlel4NVf3Pzg2wpexF/j4ZFEhbv8D+
+1VtoLohdbsQAb42KrT87x/xTTWqN8+zbj0+b8As6LGDmjZbuIeKK9NCbh90edTQC
+o89lhuALG0+Zk5sFhoYZ9aHjLyOEUjkm2kq+SD0ipCpb+/sCRyy/MQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DF 60 70 22 FD D8 66 5A D6 48 71 B5 FC 7D 66 DA 67 7E 5E 0F 
+    friendlyName: indirectCRL CA6 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DADDB1A0700F3513
+
+zQhH+108kzz6dq73i5aD1o/KmXUZmMAn+7JDTpSPl2q2uOWD1PoOAqaAJFsB1BxQ
+QpqG5Cnl+9ogcC+rsMx1RctN4sIFd4nVi7pUzb+GIzOkLeiwfBEKkIfOCjKc3dBs
+slVvww7VECcTP64hMpumIP4805QfAm+YBVra4dvLTqXretUT/38tiEF1pax1lZPu
+SQBzE9nIRtCkmbHJS4cd/x3GecOMlUIVJeGwqkLhtwk9KasjbSDUEoj+TNJbtQh2
+amnAfXEu22q36bGyZy8sBr7inA2QIJHtzcXbkpbVjn6tIoyrvDQ6kYhtvFmWkqde
+NVWg/ef8c43bskiWxQ6+vmQvGNo9k6XUmjiv7fo+sVWxvmmS3aq2EhD4CUPozXMC
+7OqT4ZW8dZys4YGe4vYqIoaZXj2CupZlOAKxr7XC4eaN8P1ZBhgXeKBUvddAvCyy
+CeUxAfJ9paCLYyNw/MBlMbvzbz475wDSAj/qWr3YDgJCBWXYCZv11oTE6H9Au9om
+WBwjgjUzcZTXdFTOfxDNwo4qs8zbpCpASqgs2/ofsSIcIsshkZsmndg+oJsdJp/+
+G+rDaHGa4gfbGNyd4onmTMmIAUMi+BifyHTM1nfOj31ogJUKF79Wk1Wm3JWZ8P7W
+vN0a9FTC0RGdOhE/yv+uwzKwulYoAjUQdqoQQ/pYzRiNB8wwp1yqlVakBO9IGOWo
+xb+PHF9HPxbEgbhb3k6GQIQDCV4PkHOu8EW2L0CKO3arCvLpT3gVn7hcVp6fVq0o
+bRUcrtkZsZaVamF4+1LIJjHki8/X1XHsi5LRmuFMQn/NX12KHi1eYyvPHg6hnnR3
+HwIoYzXJolUmnMDxo9ql8B2J5Vtp0sgI2sz4b9cI11ozg+PUdwGL9/4V4s1Kv404
+L8vP98YE3tlrvTtUYP7YV7kZxlmXJ5PonSd2gvzOogLMMxnRNlhTUq/zX4lTmx60
+y9YnA034/L2MWAgk6rCg9lvC0NEtXQgHzIZV1TyrKMpdX2BsOU/li9P5JoFOkD3d
+jdaI9af/8+XMkePh+AVHTs7NVhvb7Dyoy5BPgCL0XwDt6RkmcKSLAoXNutXb6jLp
+K3ROyKtu/C4nkCDedNerxdrQvrKiS7FUO2+xwdhsU6vhaWw+87P9GFoI3Dr0jKvO
+ADmV4H0JKbk687DB7NVAqq8BibxdD1d4rUZvio5KOal06Tu2f/1CewA2a4mMVj9E
+GxqHDOrymDaNg5YLu/H3XDCWwC+qszsD1/2fzwGLGgZl3mJX9AJx8c/T6axbqyyP
+GIaLkxwrN9JtKO8+e97cCKUylt6riLa/0tiAPUG5RJizBi4ey677xr1L2ICExFqU
+lDY22m+ezGwrfZhi4yVIHS45KG9+pF+om1XYo4cqmAHg2QqEZeiEOsHgvNAbyQh7
+1uhPhSCUVsAlFqWZr4sJLt32Kih7KN2UqAZBGCxox+l/h8Vyy4DZwAvygMU+yYwp
+miEUhtB47LBHTFegYLdbGnPm5WYHppECneaIsqjgXC3TXqAXpEQEi5rCBIRtpqUz
+7rwjlNmY/k4TQhyY9ielim/ouA7FISvCPC1voCZYHtZf29EVvFFzf+C9uLzA/31n
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy0CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy0CACert.pem
new file mode 100644
index 0000000000..bc04fb9c3c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy0CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 9B CA 08 2F 8D 70 30 97 45 EC 2D 50 73 B4 8B A2 ED B2 53 11 
+    friendlyName: inhibitAnyPolicy0 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy0 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIBOzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FGluaGliaXRBbnlQb2xpY3kwIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAwm7RmKNqzNVB1upuD/XDkNQZe330VuJCvAN9qtUbmOwBCQ2Imy3G22tO
+o0g0sd0FlDusckPU2bfVW59Ya5SQXlfQq3Qu7dmr4SznXyLwjEFkJex3YFi/0RiL
+dkzC/2ZK8ikQtU3HHznh8qImo5sb+STz5esh+nqtJy8+eWf+PzIRzVtGxxThnqCX
+fwCOYcgALxcvZEyfGmZpKGjyVGNTmmLXYUHPOaMN84+sTueys3R4WaidErJQihOJ
+I0D8k2zNiP44crr8QaBPDYujleFp99ZoL0p0t9rb/i91Oha1YR4AriZOkSdZ+12f
+l4oYmUVSpiSr64wKFCFYOTybXDHr+wIDAQABo4GaMIGXMB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQYoKB6av9qnYWCJM3DJoX4v4o3
+BjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADANBgNVHTYBAf8EAwIBADANBgkqhkiG
+9w0BAQsFAAOCAQEAYACyQ2xi2/hapopt7cI+wPFzJtn2eSzNP+lkyRkp8VbtFW6k
+35IPAUnuS+bcB92Cn0LwwSXIzMJ6Cs2su9UmKox/psMXH8UMeebjL4WtpuzqtGLX
+eFVo3Cmfdih0JICYo952u0Ugzw5LQzMMNDgtcSjlo+OP7ksOyvP9o1hKfk580cLV
+X+PiJDmqGbnP+0ERDbN4pRQvYNGNFyzBgqGpiIENgWIJwc42HTHpaG63Y/tVc30M
+3Gh3//ZomjVlWg12PLoYefV3xv2TT/uK4zb3ppeznSGso8sCYh+/p6/T6brIyqUh
+a2yA6ge9SUPKy8EVgqo96s7ofQwobF5DOJ9UBA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9B CA 08 2F 8D 70 30 97 45 EC 2D 50 73 B4 8B A2 ED B2 53 11 
+    friendlyName: inhibitAnyPolicy0 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9EFEE878D3C13B53
+
+COl6N0BIwOOAKEUyflxLC9tGHBUEeuxCMytbs6J1DBteOSWocL81iJlPHCcDsgo6
+cHS0sTXbvbxC2le816uo1q0gE1OTKZtfL6HOCOYzK0lMFKAFP1aS05rccR8r+CdF
+F5vcIJ1yyAhdiqsr6LN3m2Px4COz9SoepzKxevjGoQBkU1LsAlql1cg+xUCwVapv
+nRoq++fAzF16YOLER16QSMMJm6gRRDstuu8ugrV3h4bTy46hsHmywkDxhAdaYHft
+Ao+I39Bq6+F7VoYTKq8rogA51ML3mmva0sQd+4aLFH6nm/k2QkKwxawAimy7zoKk
+6jdu0r+kCN+jXGqFtg5lRTdM2WpuHL2Hustq1t4mGQSEOWgOqW98VIKV8O5Yb6be
+xz1HaAPEYaCOOydkCQW7Gzk8nyzRmPI4zh1453kF62p3O69IKh9TkEp/Q1Op9hdn
+iA8W3BSPm8Bm+yEjFu4PDQCS7N/FjWhH4nfb0/VCZAX6KS+lAxtYTLDf5klgS8pJ
+zhYGqAH32sycSzjuvxWHxpHRs4vL2izRQzKWMYpoLaldElFAY19eKiVWND2Xma0O
+KDjdLRF4XYXoqiWAAPR4amdPiI+5uRmHcmvE/kPm3lYwBEzTt9Hg9NCsL/oJBKld
+Tann2JtXa5vzvKXlRNRoFNlcu3CRXfxsVbwh51tiN9S1DlQOMH3VO8/odhk9Ei3b
+4t+/xhKTEpz8O4i6n61Rww23+gkevgXpMOZq6pugngJQB0gDSzaGHQ4j/P84B+m2
+WrqLaqmDOgS3d1K4jzhMmPLnYCUXtXRKKVQ3sbgMsWSp5aXsHgXd9NDLXntZ1Lpa
+359MJCWMirfV+NTOPtHzfIsxsFxmahqQjB3PrkFHnlVS0zWsYR7ATSYfaSatzY3h
+B7GiJDA2B7YAmO3TTCIECCOTpOUAugA+WhxGKIH5L8y6+/ae4fgpkk+vhWcVOPyv
+ZiWfqZL9+Z6dTYTsz9uCjeA+XizCFI91XwRpBUcdW3ldxnoXIX8QJDJ2SNApkK9h
+KPeAIztz6v81ylSkSY1fYfmy7QwWqmCw6tndo2/GuGD/jz0lYfGYSYSbJ8FAXL/+
+Sxshv5E2Oqdth84tmCb275Fut8y4KrH4t2WzW8J27WzvcWHDv8jx/OaWJr8eSdQr
+Qw1o6Bd/CgcOKtY0sSk4cRM4u7llKDZ9UDS3KrVyST9Z1cHIG2kXbeKoLLOpLm5I
+x5P6TU9/t9QDaChtwKjxTs22oWiRu2ZPSggvwHfAU8zxOyDI+PTZdIdpzESWV/7S
+pi6S8y3C0ey/8l9HC6qd7khq/4jt4dtCkIcsZpN/xcNfoe2OItCb0fwGd3xQh0cg
+d7HOEEg4ZIbM4Rw+t4qy4hXj54P/++SN0h1s7PPx8oUBJsOOTDJdmRCE+vxpeAMY
+NkFlpIQd+btxiSpIpa/21qoqHbAL+LiuBph4grHHbuTXqpFyrJl9SMkQSccufHI+
+GZl1Sax8ggS7JVRbP6DlyPAJf0T89mKMnONCtn8FcEJu67SaSd6gO0AKmER4LVmf
+Ydeb6zEwdxIbgbbFfFo8vsTF9Fp1AQnKKhbqW94kKhIPB1Zbe+f9/keNS0E8OaNv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1CACert.pem
new file mode 100644
index 0000000000..703bf6857a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 21 4B E9 2E 8E 14 78 20 89 D8 37 06 15 99 28 E7 62 26 69 C5 
+    friendlyName: inhibitAnyPolicy1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIBPDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FGluaGliaXRBbnlQb2xpY3kxIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA6zBvGZdcVEAf/5tkGFfFnBVSmugm+C88xlCv9nv6QizfRFE9unEgMgC0
+XzUOeYBfsVDD+s8vjLW6l1oYd/8dB8nj7yPL+Zp8tjANb0Pm5Q5IH7tN+a/o81Jh
+sb2bJky9jSiKxaFNhGHZ0uKsGYZn1im5XTmqAshVWF129drcizb7//FSTeAnkjpP
+Qtb0UqQljSTeuXIdDUnWSuUvJHOzlK+wJBBBlxQQU9AFXyPSejLDLHEyVEgweQ2g
+/PrEkxBpCl84BSeXw7hOyeqy8W8DCRlNH4vbi4UESM5nydgHbpi1WJg7XayRsv4L
+YtSa424ueI3H2OG/lfY+6NlBJl1PewIDAQABo4GaMIGXMB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTYpp4nlxHDjtQZIdcgvJztoXvy
+0zAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADANBgNVHTYBAf8EAwIBATANBgkqhkiG
+9w0BAQsFAAOCAQEANF4unXV7d2qUpPtdqy72XTM8e4g9dJGOS9XA1xRPjh4flZE/
+7DPh86LuhfQALvGqlwUcjTY0ZTRq47YKUqj840+y2qyii4QYq/USs3TRqlBZVWYL
+2gKOFDCGWl3MLtlFR4kgRmMpcHRxuE5fDHNdSBR/o9Ri7/9EIOjUA5UWjCYk7ccI
+oHQ3vVkKspFSObgq23zJTsahW7s+mmxbwxDFQVyQ6K4jXOnemBodAIin7KQXSaPq
+SPUOcOFTf0430xU+HZFahy8Oqe9PdAf1yrBiMMG4W59Bly0cJsFdvEgQVDu+h1S4
+gfrQDgV76wl1nblJHH8uFYRFdYG99/Z45bjIVg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 21 4B E9 2E 8E 14 78 20 89 D8 37 06 15 99 28 E7 62 26 69 C5 
+    friendlyName: inhibitAnyPolicy1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DB75938147E4A4F2
+
+Z3WFBDKFyqbgqjWLohTujouVk1bgiFIZ7hzfwstNzrrsWOsP3ECfKkvGCwEDZjHD
+EJRKtsxjq1PSsfnF0N4z3xZtVSySPlVBh0sdfps2M4okn5Pbn3KRNk1WXJIbPmLo
+DAzBce+CT3GuMoWcaL+9NONZg1Y2T1vXrss3qOQLh9xrG+r3MGIv6MswlA6YHgdC
+gzSeWKE1KfH3YWSj4N5tPc0DoTiwyr99SuPzQLUm5jSe8a+vQavYWlKjubk7r8Hc
+fQ10jqTZBO5HeSTXgvJtzwSTPuuca4sDuIk1oHtIH4FDuj9IfcPnXiQXeko9PJ97
+NVZYpOVdM/t9GY2ueZcu3sa0UNcLuL5gHMvfufgE7g57kWHmmHBaHbHTB19ah1B+
+drjpT8k4pUnAKhzqnWh9RsfKBlTxhG+cWkJ2orK7dan9U5ksG7pWOv+u907+nsQs
+bzCCkz7a4QDJQMK4LXxMfXWA2cILlQW3ZgEz3i5PZOhfk49Q4SMeZAUIgWKhqRDt
+36Dr6H99S5kQ7ruDtlewCUTJIAwrxefBbs5+3S2IWQJs9U3/AP63+Cf0dkHDWO0P
+yvCE2eN9eOb9rDU/OxaZtBz2vpFmBLNsyArMdQJE/NDQVKiFgmCj7YSY5eGLgmNs
+vKfZ45bcex8XxOPhwvanfymzUqItCx/FJqwgsmllXSQGqAoQ0xl4dVZiBy7vpWCf
+6GbVAUgAqNE07utLyBhzHlB18/FcaK4Q7ruzNl6OdwwEbGaQbanA/eYD9SF9Ih8c
+zD2dFT7i3fWfcr7+7r/49neG4YN2A4b1pAv4m7owKGUSQQstETrVkXCdWL+ll2Fi
+IfSVgm2ymdIYn2bB2C7qYbisF90Jh21lIITufdZCn5iSV5W64rbU9OVZpflpBHUO
+aS7jalgKC+qx0pUskBs/2+PL97kYlYqof/VGOAS/6t8Ub7ux9/ZiAxSJIvwlv7Hs
+GXNtr5XKb7QeEPlWoAxlASXXtZC7X8Ftg/FWO0mnrMEXbiMLbEZNnjBDLIM/4+XC
+BW0d9JuXi1C8wgR5q2gv9Jqj3Gayp289UJq4/AgkoqD6Lg/jA59SomOcqDIMbw2t
+8v4ccuHLG4bswm0QewhLhWujNtHggOfAXI48T/eeL+S63lS1cu21tvt1QTWu6W8f
+T1HX0c1YCjEUTjYMYFWOanbJv8QijdlvavtTpryfj2ZTScggt3ec/R1J9XqcaWwT
+q0Ha7wvb/b1D0UThOfvTbGL7Cp3PUxEQNqx6g/4OjhDJ9Rv2WafBXYtGfns8bf92
+46J64XbcBO9dfraOa089cdTG0S0IUk5QlcJpAOH83bfcCv9ANFUOeCKxG5r2ra7W
+hAJW5f8zCooh/U6n3AC+TV+b09F97O9PZhyyXabHFWKlrHVU9/kXAPOvF75ASi0R
+nD8SZ6m9S4UIGl3TRPl3v/qY6Qp/0r5y3Nr9Q5puk45HwZNO7AWDutGEjWT8+QCx
+N/UbMSuP8jnAyuu1YMRBl7LFcGf6381RN1vN7VpyBJQrcrpg9o7iC0GKQKJ/Qn5H
+Vw7pjZC5h5OnCI2cCPYs+rME8OK1o2yqiHv9i+25IagJ0/Mq1dMz/4ASIeyTH1br
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedCACert.pem
new file mode 100644
index 0000000000..c62b540462
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 37 FF 72 28 A4 A4 54 C6 7C C4 ED 25 4E E0 46 75 40 3A 4C 2D 
+    friendlyName: inhibitAnyPolicy1 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBN
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEd
+MBsGA1UEAxMUaW5oaWJpdEFueVBvbGljeTEgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDCFu0fJxTpvoal9t+mW/X3OsIz61KWZdMukGwyZ2qGnOVp
+JtzZowwep2J/vOZyyAS3eCLJ+DE5rtrCUFnlkYbD0aRM5Ov3LQv6/wVeASJ2peE1
+ktUPdTn+O2smk0gkTqrE0wQCB3VqkpoeU6MGkfVRi5cmuuX9yH9DrfNDqBt0v0qN
+k6RV1Qatllw9vMcmzPSFw5QtF+siYKvh0Y9ZxR4LpleoNgNu0WDEiGSObwOcWaqn
+kdtki0sDY2Rrh7l7P7AmNILg2SPd/U/999Eq4U9s0qDbWRm6JieFQk56kSTqzSFs
+VqNknWKkDddew/YGC3HgkMGDlZqGXjqCOdYNjylZAgMBAAGjfDB6MB8GA1UdIwQY
+MBaAFNimnieXEcOO1Bkh1yC8nO2he/LTMB0GA1UdDgQWBBRAqcjvsmE0lURsYYYC
+qQ/mQa5fxjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHYPM2xLE6+X6y4j
+OiVLbySiZbkfMcMa+/9NQGIq0PAn88BGxaX13t5xfcGnUSkRJ5cBJN8HIEOnSXi0
+8SzRDMOIlMsBfsOLWPrrw3WAmRI6kAbqAjgwYyfvVJaAXD3UotQHsBSbuE9wOo5D
+HCZmSB7GAscnCMZwjz0ZVfu9Efpldi4PmoTC0Z6URop6n4N7w4IviZlSfadQP0O+
+CTZQHt/D0HRiGgF+DiQ/4mSWgP5wBlhhUJE0pwVLCd92PfMIqsK5cSgN+ILMjlX/
+rKeu95Jro38CL9eXpEPnkECq30jAMZcBqAigQ4GN5sAw0nT9Oly+GjV1P8Bu06zg
+hTJyzDE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 37 FF 72 28 A4 A4 54 C6 7C C4 ED 25 4E E0 46 75 40 3A 4C 2D 
+    friendlyName: inhibitAnyPolicy1 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,918EEB1F8B4EFAC7
+
+oGaJS8rWm37/xZ17HHrKZ5LitHkYuoxGmrHu0a+rruw02od9ZJcHZgC1BS0jV/Gl
+ne4SVHOa2rCyPiM1G4PKwXzK7rxRbXMuNoIv7cCS9lRUy4Nr8AiH0YkUL7+n5m1C
+ExgEe6DhLmtGoJx/M8ZHf/pDRmRuhPBu9HLrgyX251U8dCj44o9l0OJpsVQVGqvb
+Vz1yQrLyLbtB1NH86N1Y6+SVc7e1AeuOndKJ+Gt6R+G70IcYW2klwnnK6JECsaZU
+iy/SR3bT5oC78E748znrgYsFvO3BzJwr5W8qtpM0zkhOemdzUh9Dt2NfyLvOBft6
+n/IkGSvapYFz5eVU5nCSRfGBVO4+tHwUCYbt6wUD/JsJ2njfKaQyZaHhy7xxQTM8
+N0f79GCqKkBLhUNDrNc3VQYiyeYou5PXGiDOm7vkxVXR8mbroK2hBhbV1IxFUJ08
++g4pmfVhPjxFSakz5t4hkukjR+3ihaTRSqveSbRJlDIDBiBreHWphrJN5DVccN2S
+TU+TrHsFFCvuUSgKwhNWuTv0WDoIs6S0XmhL03bB76Dhvqi/9QOQAB+7Ybhw5D0J
+nxzul5/K3nM73TuEz8aRZ74u9+RWVyb66MF0Ou0iFcKvs8UDyz6TDAlRw+1UJ5n9
+o0kBi9e3OUtInP74xxSyhG3hN3lspXwaMvnY3rbEMh0RSHyY0GskA4IBY7+oeyBD
+Yvu0LLkiTE3KOySs/6t62rDIHxXLD+5VB3MiMIWvhwpqtEJNdgn/+Z7p5yEmkqFg
+ijdVdBXm+oiBIEowp7XEiQENQlt+iUhoumeLtDwFwENryAe4tKUG60ILtXpmrftW
+JFtpShfsm/PHaTLIBSgjNn/u+ZYZ16phL80NLOuhl9hO5qJi+dKVqsfInZ1qjtiz
+MmaimZHZMCNvhzTugAofPV/kO2LAA5vQBsqfi+uz9WVaQgYPCGPKnYpwewtc6yRH
+0L0s+0JHCaXxWG7w4wWEky4r080D3dyCwymkXDdfSOBoBL2vC2JvjAnpuZ5GAjw1
+66/vNVzWoRs/AsuPsi70iSMCTuvB4u4fsVBQjjNNQq5sAiN0XrrCOCDr45AW7MQB
+O1UiAnuJEDSYl0HophsHa99f5aTRQrAlfOUXMl6GpNK24IRY5JOW6fGsfe00DCLx
+lIeQIjG2ittUvZWxOBZtDg5x3fDZd6z6EV0sMqpzXnupikNUIRtu+COjeGqFJXTj
+4UDLE6+iYM4iZjL47Q0JbDrdE3FB640U14iznX1l01Z6W6pZP3XA4cYQTNniUZnn
+9/brVg7ACOrjmy1lCpUPiwR3/zdkEi4eF5VogIPrr1YL490WTamUajo+pOgOgBPo
+pXlMt2EJiABERHi4/RP73TNsCHqxnJ+ojTzzEL8Ykjc9tEdL5AXF88fE5NcWQAOH
+Rk4W7bAb22jXmSlRGzz36jaHGumCw8/0oUUp2qLm33Y3j9sJuSakPS/OdjYk+xcZ
++3GtDmW4QrskO97aS0rUFPUp2wxrnRVQQ2PzZK9EusTF+f6nq8u++JHYuoRd9ehG
+Ivpa7IOCQ6ZHSbN4lb3B6L033j1JAeaWHYeleS5jlfyJikt6f9R8Cg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedsubCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedsubCA2Cert.pem
new file mode 100644
index 0000000000..6eaff0ca8e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedsubCA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 4A EE B1 77 48 F2 22 52 86 52 94 58 C1 A5 3C 27 74 F7 A4 38 
+    friendlyName: inhibitAnyPolicy1 Self-Issued subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBAzANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowUTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kxIHN1YkNBMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJJAVofrVfHs45uXKz4PgJkRHsgL1Z4e2sxf
+Y2DoqXS9SaYI6WIGl8UaUaWu2GdEw8ogTo3JUrJI3fbDBRJs+aGFvBTaTjH9QuL8
+EKXDHoMMTUpRy183wS6wbZKKHS42CxjBHR4zMmLhnCkFo7IEC2CsgxCTzUO9F8Dn
+aWQ2LuoTTjD6O8POnTLawoqcioqQzvpGY/kYItrYGq43lSA4zaxToHFWrRSqmMhT
+kjqGhAPpjemoUtPKhBfcMw5HSTP1ZWJUUZfXlH3OCuKzi7+dk//7JVzmPGSIP0RZ
+KYY1bj3XjSS0/0VlbJBG8tOhAZT2DKvzMIPpvCMDJeEW45bBNYsCAwEAAaN2MHQw
+HwYDVR0jBBgwFoAUjAXc335k22K+20tRZIxqZthco6MwHQYDVR0OBBYEFMnMP/pb
+8KHa1TcMm86YxnqJK9XrMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
+MBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEA1S7dJczr1Qzl
+zL9tXuePIeWIEW+U0V7V3IAMJEy4eo1B7v5uHSdxCf+4syTypdB6rbNUmoK1cRp1
+ChDyuQ4Yeiqj15HVD/anZ1Jo3zKnfr8KklVPEgiotUTSAV78aYJ1liCaZOBPK2n8
+voSX0antIGJLILX/FxJWijpjOERnYpD+wQSWBcSifo2XYXplE/gD/HqyaVjGl1ec
+Kh2j4bf4WS6P/QsW1h95SfOK9j7atKevgqWKY0lGePS89NoIyQHfhrXY25v4nwRM
+iGB8d1zjzlpOVskFlrvlJu9TW+qQPsA3ZLiRBQZj1CEhU1n5x0e94K7LzEKL0759
+xhV1ZzxcqA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4A EE B1 77 48 F2 22 52 86 52 94 58 C1 A5 3C 27 74 F7 A4 38 
+    friendlyName: inhibitAnyPolicy1 Self-Issued subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8122364D328014CA
+
+LQtuX+3U/P3IUUgPuyr2SuBmTlllXHGcMt1y714GJXUyeyeOpyiRP9le4UcLZ5SB
+5BS4X2exCL7dFEFQ+3eE11lJe4wkXq9NVErAV0zkhBwrDt4Azs+8iyqB6b/g5HHI
+keZRFyUsCs1Iyd0hRLnlgL5klY/MznhVQTwIHA1808xOMVn4vAdM00Iz5eKXSkf0
+d9iq1l1VUHhQo0dwe125ATBRJnCrGlFJGl+gsMMYcvi2SIaH4WFtYC/CKxhNi4Fm
+gKUrie6ar7pEZm8SUbHrP8HJTWIbGxY2F3T9gkzbQGqnS0I8derDtSIHxN7hzB/u
+vZmYU6p0Z8Q/mMKby8m/yDp3i9uej19PtyGc+Ao9fpe5QnAW5CaSNluSYNxU9Ob2
+3hIIvrXtKH/Su0UyX5iwuLymKEwHAaVRUU4dTdXLp7qQ9MZJ/uazYzQb3XMxX43o
+1oWrsaksAufYgvAzIIqNyGwyYfpwQCt4ejoTL5WNcp+2m0HTXGaKmvrUmKl3gARK
+gVsOFtx9aR0LIHTaDlFZ9GFseznNahcTR5abbaMO2VaXt29Z0ZuhdVUUstw7M7PC
+OLCClRYVNYjORkML3Xot7xFcmkhYoeoodZNXU9mX7P4YcHS0HDzBFRvahDzNqc/C
+XPTS7IBgMB6qeks9+p97IzsULZcLfa2947CYnlLSRDl+MDxak16Z0b+abYoLLv9p
+qcmTZvkYZs5PjOXL1cKc8cCRcZtn6s0prCCB5vtgvFBKzr6165jjlZDF7uwUXI6W
+zmLFGepTLtUU1ew1GLjr8kdlUmGgqGMwhJzphwRVk90CXKV+yiIGe20Jq3GLhG7P
+5ABuL0GMcKD8/Wa8kcZaUAeI8KXLMHFc5QBHmlRI1lLJr+/qOgTgItijAuvuNO3G
+dBavsTIKDQxfiMuTNeLq4UUbBdSGr27DhnXl6HycBNyVuPcFNsq66ez1aX3fFKOg
+AFMGd5GTE7+eqLfRwFbM0hp2feFV49BLX3ZH4bEnRsMCF2bbZd5DQcnMvjZJjNor
+sMx9M139lg15V2SKUcXPPQu5bLP0dH8b9OyFL/UZlLtRFkftsmAlvyIxdNTnbCdH
+xwWYyY4bVyvp6pMB5jXvFeAigBdMPTSAdRp3k/yfTvsSSoucV66eJYbNI9OGrEdS
+Zff/6pvh1aC0BxOzfNn2/aR5wo85aNqgHyQ/mY0KzNikfCMXtuCCYs8+Epz/D+PS
+Jc9kUwAP5e7B9UcfL6pcE35TJrE1v3wObSEx6gVwwDhuUNg+5hHCBjHYc1T8qNaV
+B98EaeBJy0qPcLMQCidJ9E9QOq4KRj+wt2jwP2APs6befH7JIEh2udsBK9tpbE4+
+HnkdqKCvzJSgxQ2UuitYWLFJRwA+md8hvgQLDLzHShAf7k2CRAxJDkp+ZFhIhO7L
+pz7epbwqsKcU98I7DTOwBEdnnjkDByLlDnW43HruJjLmFDjnJoklSFcDXTsj6P8l
+/ydsm4wjnVXLESpWWWRwQycBoU+Y+NINIpyYvGXgPZXQd1qYdTk+9+Z4NlWrMPNV
+VnfCkJ3JMLzxH3VIN3sKYti3CxLa0ef+8l2OpoG4HPVOJcd421ggJA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA1Cert.pem
new file mode 100644
index 0000000000..fe94f13218
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA1Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E0 F0 D8 A3 FD CF D9 7E 99 72 58 2B B2 4F 3A 52 1D 75 05 AE 
+    friendlyName: inhibitAnyPolicy1 subCA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA1
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+-----BEGIN CERTIFICATE-----
+MIIDjzCCAnegAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBR
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEh
+MB8GA1UEAxMYaW5oaWJpdEFueVBvbGljeTEgc3ViQ0ExMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAyVwAGmULZXHVZpOzaNmYz6rXZSAplQb+QtuN41pU
+qvxd3RpiryOIZXMfSyamdM0tvo5Vfngen/IjnrYpWfPGBh8oZtUI26TXLYpaGTGv
+9bXynCNNRcLzlmufhCFvgipDcQlCB9KFBgBFX0MXSOgf4MviSOncnVm3vIvrUR9/
+xUGRmxLMb3FJyiY7MBoGAUxbsyEVA/sjn2RquDHLBu83hCnkCX0WuSwyz1rQ1KT0
+kOauGVz0Zxj+wFwpSz4jTdazBXgDEjFwqptRoivzyXz4jwldMEB75XyjIMV5yObu
+Lvore59mbwDtqsSaOsTqjXXlqW0F17DORMSaYT/CHRugGQIDAQABo3YwdDAfBgNV
+HSMEGDAWgBTYpp4nlxHDjtQZIdcgvJztoXvy0zAdBgNVHQ4EFgQUdKDVWNkrU9Ir
+sM1dccahv0OnyBUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wEQYD
+VR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBCwUAA4IBAQBnzM+7R73vitIVn6v1
+RdMLwiGv+PRyshDNyrzeAIGRmQxSto06y93imt4X1l0WuwymoO3pkRJP34x7hqwB
+PZfufX56zLc/TndMmLNRrjUgmQZV5MdADqMQwMWM8TjxLlqhKD9CAb7Su6PlsJFx
+eosv8QTJti2dBLAGrmMoqnf8om/yqBE1Ix31rwhB8WhSvYd7LkMdlJWW5Eu3IqOj
+OGbIa4lm24r/g7mSktFTrZMa9uCjaFhdMl91qmHjuMVm/8Ze0STx18SyUse0qBre
+Hizk6JC/+JHciyBn/+ioqYagRGyfCcIlqw0hSH4ebejtEt+tZHvUWN5lmjkzSVnR
+6kIb
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E0 F0 D8 A3 FD CF D9 7E 99 72 58 2B B2 4F 3A 52 1D 75 05 AE 
+    friendlyName: inhibitAnyPolicy1 subCA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E4FB2A364F203A2F
+
+95C99Fi2QIM2E8JetfoTzl+R7ZX1JIjfkd3pWbBXPzXOEySE+iocCjhW1zlHeoxP
+51diy38WCmY6n0LAOwTNMVZ+819Icx3+FsTS7hbutnDrK7KyqWWG7eYNHJwQJWi8
+/iJPPU7O4gnhNjaejdFfeMvAy27WnSjXH5289l8TsCwcOMbT2sVxo9ldkMKQQr0x
+CYjaz02SFIBUPMFkBelw5kcS6GJPBPpNaK8pbeENM7dZ9R4UCtdvlkENuFwybDjW
+XMm61NmMO5yclB4hYCOBVkXmB6rzmzUTPbGiaKJER73Pkq8RqaEr8+h7erdVF9PI
+NtHgbRldyGPmS3bqDkHydEjshMw6RQo9xTrRZNDjC1eO0lUtpHB+HzBW2NBWaHpD
+E9g/4SSjiuPpnWSdJ3ChGrurHbeYcfyy9GRLSyrdaZLTj+wIMnzadCSRrfgMvPE6
++yncM3ykAsx9i5rmyU/P9qkCOCFXg0HIHDXMqJH8aKRcW7+niFcPgy2ZK+yf0nG+
+szboU3RlNjY/SIT3RhXchH9C3lq5GlDbxB6RozdmA3ddWZ6Lqhanr69MgFS75rzP
+YrjaDGOCs5rlebCOXN9TNjRYLqQNuXidEGjkrcsSPhCdRCacybSCnYM1j9hrh5EX
+m2f+6cq3OLPMeX/NzMwd3OGWyI69EIJTVuW0cP8vQ2iSTaX+0PQKb5XIegUprxQm
+ruvlHxYC3bhy4QEHXaUGrBLFCaK7xlzbQlu8tObPeLRhNi2i8F2F8n3naAAZbHVZ
+e+ryrERooWyfpciISPHWLycZI5ClJkVmyVlX6d8SR5yYqProCQeJuTAWWKZz4nm3
+aAwPkx6QjqnXQVUUESqgdDfP3PuMfJIHwvAXS4TaGL6h3C3KWdKE7HlAg7CysmLW
+joxgx5Sc/7uvH9MO1W7Si8UilCtXuFn0mMuENtIGcqVPnjiW8lpsaNQZTcM7KDHi
+f+t/WqGQvdr+PIFxofZhG2UzWgA5G9mS7oTw9HfUbz5x7kyl0GiBJYBPBkrRxNQ+
+i8glrtJMm0yzIFiOxuib9FdQukSLQfoE64uor+y93enIUTt7mHnIE6kDxYM/aZCI
+QldpT3XkvSc+gGYvkTKANjnKryLYphAIsbo5pN1dBPktXWV5qZobJZQU4W2z1nwi
+adOcL5bFE70LQMiIbnqUrIgWtTNq/8cfRD72uNXMv2f6zeiIlZxqF4VBVax228Kn
+vPxBseT3/a/K3vJid6vTFeKEiQg72TzAG/JAWDjb2THNeHk7WttfVtr+8KI/cedr
+0hchRq862PkeHwkAD0ULP7fc5SmFvn6qWpREVaaaETl/g1UlKbNA17YGm9q8o3N9
+ZW9kRGXRFMa0cJKuflwUEKJxQO7LtHVurzpfE4Zca3dG9zBpbNBek8moTWeW7SEK
+ZeDd1JmPMjGGB+X4lhtMyIgyf3g2uKpotpkwqEJ+hR8Uvk5MbX8vRFhomoQLCa2f
+H2IahW8nWJTMKcaiLwruAXfMmLx649+P592cjN6LscUcCCLeAz8CEkkWh/3mxILG
+hE8EFhQuT02s8zXAzOfxrphDKV8z5NCzdKDUJooxx8PB4DXyKz9QjSYQxtlQ4lai
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA2Cert.pem
new file mode 100644
index 0000000000..74a91c3f79
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5B 48 A7 D1 4B 42 C2 55 95 98 67 40 A0 09 D7 6F 04 57 C4 2B 
+    friendlyName: inhibitAnyPolicy1 subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+-----BEGIN CERTIFICATE-----
+MIIDjzCCAnegAwIBAgIBBDANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBR
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEh
+MB8GA1UEAxMYaW5oaWJpdEFueVBvbGljeTEgc3ViQ0EyMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA1wKZbiE/ysToa9HAVzFhiFhUj8zx2fLR4Sx+Yk5p
+0N2lfDWP91hTtP6CamBOzUIRH8s14bRvcAJfwdepbzDw/SzH2gi9D3qlGA5H6Sba
+29u5CHN1fvHcHkBh2uaA0r1tGUgI5B9OG3/kGvzWN4kU5AY3zsZrsxASmbyzUtbb
+GPQGf+UFrzFVnTzSTo5bfhJI+J3KQOe6TpusxlnUsKbEMEAItF1IqIKl/9LskeD4
+Nb5Rr9BjPe73Q5mGqtd9wV0gZNMa2wpnN2mJtdpJc9E4c459Svdr0ud/Lx9CMm2t
+4TvBjaDnhemVQ5PnjTUtIWsX+bvLmLMyUpPSPmJJNfx0EQIDAQABo3YwdDAfBgNV
+HSMEGDAWgBRAqcjvsmE0lURsYYYCqQ/mQa5fxjAdBgNVHQ4EFgQUjAXc335k22K+
+20tRZIxqZthco6MwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wEQYD
+VR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBCwUAA4IBAQBVZuMq6323Ai0EJicg
+9wk4pPvFWNdG8kkAEr6jA6lrr/h/iKt1WbQnRRMHNMjfQa11Du0EiQpdrb+lHmb5
+PwXAcBBXJf5L6Kb59tR/bvnEbXWi4GwQeVlPMmyytl2Ry5h0GahTtCPdFL0VBD8L
+4w7GUL3KTjJp4/rOm42Dnk8/RlpYwia6Ynoup7xOKOYJR0f4ooIYmQs4eA9eMSdj
+VVVViwHZqTzshR2D9peuGRj18go3tVJj0j2rrsC4WJ1fVhlpO4UGmZZvh2MO8UJI
+U8NSOizyKZu+RvVHr0vXJJCkmShqYKTpbg4mrRGY5VjvEwSZU4wN00zZ7gNd5O/v
+vKwW
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5B 48 A7 D1 4B 42 C2 55 95 98 67 40 A0 09 D7 6F 04 57 C4 2B 
+    friendlyName: inhibitAnyPolicy1 subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2FAD26B357CA72C5
+
+cDt9ugky/xNhuX7W8o9Fila+e7LFBGDp+9fwWvyK9vQClwEXPBYh/uA54gML9jXl
+jF7pyn7UKQTts4nt3ziHRAdaihLTfYgdvYGc4++a2fiA8oKEuOpNGnzr0YRRat4Q
+eKiwR3fGdcRnf3+YF/CasA2n7wUGXWJK3r7GvQTQP5WhcehUqOd7eI/k9cTJuzN3
+WlVCoPh9aBwfa7Njtja8RuR4iBYf5mSPjHaJqWkvPEedAvi//W33npr2HJQ3n2nS
+HfWnahsyjhiBgIInAEpaIE8C8z2icXKsz6zR8HxuxEwMeg4ewKpQRYFosOSkYosD
+cLiMtoYXzZl6c6/az2fmjzeSBOBPAcYuOXaaXu7ySiirf2tbVKmADQEZFhqjx9Ag
+ZimsIp1FYYKWSJBAhn4doteyVsabVJocDBuR0feHHg6woUZ8cKlU4NzQjrc7ywQh
+nPrNCg9R+eC96ckJCAVHXYpnmcPzcdZE8ETobw1eC4yIvD8qNaUWRK164MiA3i0B
+u+vEz47ryQ0AkYdhKQ/9Kfcc5IWXsnBvK06XKsIEqXPgShrU7nGdM9FhySsofv7c
+e4yyqem6pT3h2Qq6KyAWmZeFPVTQibo0XzFkIS9zLtD2Qa+zpZNGPtoswLX8300H
+wfYGD3NnejCDMmTpV9iZgJYpVSYeXPTF+Xc0tsYTLN1HZDu1jen7L3+L4yIqEAce
+c/PILr8e4jTRRZzreFFb3tf9bPOY7+7a6iQ+MH0LLYzjHGNyegPeYEtup7y4fVDS
+VOlVRDGRR17a+m2whys0Z7m0OAFcl8/t/anxOgzSD5Cxr2a+DDcdNsh8tGzZGXao
+WXAyqHhulk2VdhN9JZKY585xAW1aEhGksDt0Y7whn1s9XUItFgjcfahYkbV1eflm
+r+tSoZhVfJTibUm3wdDLRS1UhjInD8fuhCXtU8+1x/0l4Z5yI/4d5f3y5DQwtt4B
+JjXYVjkHLFHJqUojPlwKYFHIJCom5U/LvAtsIVZTbmcRhSKtqwQ4sfRy6jrJuNsA
+U9ww9OYxuc68t1CY6d7isazh34zLFb9r3Sgn7NLE5xAykPJAXhoJHtb7QxG2Xr9I
+AmL9hPKDsiXVy7h3drX5f6ItYzgg7xeGjrPeZbaGJeiTzfII1E0z9TIHzgjg67QW
+fjnkEnaB9+/H7OE15ddmzexcA5CEEIdNfaQhqac6TsMsZjZySyW78/3t+UabqTpJ
+0r2mps+zySOE8Zt3NZHepP8hTKfnKyikW/NX1oG5Sec+vvVbxSACzyhts2b+AjHE
+bNGbC9qa4XMIFMqU3u0qNTR/8Qp+BMMs7DTy2aSCvln0nVdH/VCu2B5FSliHX2rg
+OsYIfkKoJlzcRx6SktcWOZWzLW3EmbxyYbC7XY2O++9u9BrrXQc7Ny3m8ThCR2Al
+eli3faY6lHbApqbO8luxAAyvaG1rqRFlxL6HyreAGQaEM7SJUAEldARzKBvpzfFu
++pdVy2NMzZLhGaB3Ij2zVezNAzuXw6rlp4tN9wSINwjkMAqaYpZYQaDBicVi/h7b
+7IYKM/cBJmP2j6miyioIFtwrVaKASeiXJ8k3kSkXpJaEbGY657dHaQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCAIAP5Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCAIAP5Cert.pem
new file mode 100644
index 0000000000..74681c18c7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCAIAP5Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5D B6 24 15 CA F1 97 28 65 ED 33 7F 27 F8 44 EF FB 75 51 86 
+    friendlyName: inhibitAnyPolicy1 subCAIAP5 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCAIAP5
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBU
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEk
+MCIGA1UEAxMbaW5oaWJpdEFueVBvbGljeTEgc3ViQ0FJQVA1MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu10Q/7dllIbdDlDoQXjb6LbdUZq9K1NJUZUZ
+KxTwF+JnWroxFkmUtCYP/6sxI/yLWrD4uDuVWDx2bYZ1lGqdrBucimlvpUWAqJmu
+jrChxpNXfzSBs/9uSsp9S5Y9ZCU7+lSVoQ0FPM1i1qaVC23crOxcKyVDwnotJHPi
+eL4fU9zLnw2LZr3gcF5wn9cH1qXGYc4HKXm6MaL2P+RdtZORjBX4/zzbidsar91N
+z18nDm8ittPS5oMPDGA7Et3pSp+6IrDn/r6kuGaLYrJ89BZ2rV/jQ4krDZiSPtE+
+sjcZacvGu2P9WXv3ZY6tqo+125T1NzHPDNLiBcdnT/bLW24C9QIDAQABo4GMMIGJ
+MB8GA1UdIwQYMBaAFNimnieXEcOO1Bkh1yC8nO2he/LTMB0GA1UdDgQWBBSJBFR0
+BmCz9wBuoGGOFfu+UgIGJjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYDVR02AQH/BAMCAQUwDQYJKoZI
+hvcNAQELBQADggEBACLLLvFs4MAJ9pQg70MPbjrrz/lZnHWNu6ew1q6O7/Nug+wP
+UdwFdbKnSAkX4rXjLyu4tvqH4akkwsn4QKSIpOQlaghbHLK+WL8ITUHzQv+m2Iv4
+F02wWIIxaGYdD3bEIm3qMHRHoO4cfQz6GY2an4vjvik1a0sKM56es9XM8M+U6y3v
+qKVudZb7p9xbGMjNwnPaBIpXwXS2XJaT2X3YZBpTBlhXrpAFc886TwvS5LqEzdLX
+6WTi5NhJN0Y2yjoffRgrkQr5C+2Nd9pkcVHR+T5yQ9NTzJa3lgKfDY1ZJXTAQZjP
+vXG5L02klQs1z5rrMPmQwXhZqgi2HelFaleZXrI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5D B6 24 15 CA F1 97 28 65 ED 33 7F 27 F8 44 EF FB 75 51 86 
+    friendlyName: inhibitAnyPolicy1 subCAIAP5 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2C62EF1BEE692234
+
+1pKDUi+tgaTyTBuYMwYHv4ZPmXS0i0HADwI3gEnNNkFu4Xi33MZ0fmWp0fZgoAMd
+7OjUMbFaDw30qxjxMR9iBwyieXWslpJ575lw0SgH1LBvOYhHXbfa5YmHyjMdKZsh
+SZLp4iEf6Wc0oaHmD7ZQjeSD7H3JWSdAntOrYcm183f8FIrjBWUPkgCEtntrZcFV
+Li053M6GgGFSndfl2a745iKlX65ioscCL8MhWB71yWlvqBm0p+56Im4TM8DI6pC1
+WpkqAc7rbWVQSy6NjCsk6u3m2E2Lc25vobTe3gMi4I3XSTA6MCVhLhZG6MnpaxFh
+yNW31iztQM6My1eJqiTmFjXrGSFHGG2T5E590eEmEzjfNfcYmc9Qvy9g4+awMPqU
+hOnZiocMOFfz4Wly66xqBqL7UwruOjSjSwU5VhTKjbxNsZ2umaiYFzGj8Zl1oLDu
+sKz9VJDI2oeOGBRF2aAc+8WTimis69EvQDdXyapoa2tg4x0QIzQm2e/Wa/egCwsX
+jQmnnKAbs+vEzRd68JtmzWQpwl9vXomAwQShIaWdEwfbJrXXGWRtwNvhM1N75cu8
+wM5EFkYa2787zNPWopK6eRn+FfddY9a+yrNGpke+yyn5lKTTLTT9LeGxRruexuuo
+Xg7izOryaFTAozdZF7PsghC8DnqJ8nqc85Qg6ynQD9noF5o9uiD6XIYGCGYTHAp5
+MpakmnEBMI4XnOTAOrOBUeBG4neAW5ZIDbh6wSdmQVomv4STunSBajlCX2RkaeaB
+1coGMdqLnjijz5o/1FRr2TdXemmmczEZkNLlj5SSBOADPENPJ2c01+nRf+HHCx8N
+avej9VfhulWHSCTIN3ZWMjnw+OwBPyAvpUybxfnDk453+ztV6+8JasGwqSGMc6gZ
+OwqNlpkA5gSY9Anf/DVhftG2AZ0PBTzXySyP/6qp2aWXQF7m/GHsY1/eApAS92cr
+FY5W84Yhb9QRNxfd6fMYJuoJz47Hyo4PyC50YoccjNd59M1i2myp7FVMrHW5cVVI
+7RY8kdKkKMvuLm/gv70O2yDn95PS4KzRR3Y0ldDW4SUuQm8b+AlnV8ypm3rCQWvK
+wRT/h1DrBL3pg796rcMrkgcf+ETYL6RNKPYnV/lzAxmSUlmjtltV510KUnsjxiG8
+4T/eSBx44DI/sr/ZfVUD/L7NZzJ5KFwr9UwfVW77ECh4j6sNjX3WzVdclGI/3GTz
+qE9qDUO2Y6RCo6LqXS0MNRDNzOBxEqCR1vZoxkYPdLZK4oggljvmhGDmzzXxewQ3
+CAd/BkRNzrjOZw/b/UQIy9cPSjvE53lHjHLfxn1z/EW3J2pFVcx0Zmp6kNQe5ppz
+3fZRtGnfSvb2boge2bhthzk83W3A9V3qoxdP7N43fKgwC9H6lG0f2OLVKcrHt3Bk
+dyCriKSVz5e05mp17hapYL8VMyhgirzvFNknnL2+1b+VbZnjNLHGyeUgCqpl+cuA
+jAHv0JnYa9vSGR/CQvl/V+fhMAtzp5Fnd6ja0i9uteMN2RYcIbczio08vVW6Jyf7
+J1xEDjHVywFltxb1zd4lz6rKJuKFaWtFbeThzgWHsFDKVkB5CBD7zlmfDgfGuSGJ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subsubCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subsubCA2Cert.pem
new file mode 100644
index 0000000000..cda31665aa
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subsubCA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 49 FA 41 24 8C 26 A8 F6 EC 22 DB 2C FB 19 9E FA 0A C7 E1 01 
+    friendlyName: inhibitAnyPolicy1 subsubCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subsubCA2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowVDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExJDAiBgNVBAMTG2luaGliaXRBbnlQb2xpY3kxIHN1YnN1YkNBMjCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALAa5di9sE6N1APDJcqBi166iOEyhdim
+UOR8WmLQQF+zANUCiwfgGLuTDU5DASaua8OodRLbdULKgYFqfOfFFaf1PXckA2OG
+sCJx2W9LiMihDPFke5F36LTsoQ3FQ0D+ivyr6MhzyeaKnMIQ5+lZnzd5KLTYm8UM
+FTMc3KeKwqj99doaZ2bkCF4YtdjacJwV88+7Qx2BHFYX/KKmM0V5ATMv2TAT7Hqh
+2zA316mUcmMBXau3bYheXZMxvZsgUYic+FB1RUgWIu+lRUqFw5l0RnpbUvJR5dBq
+78wtY39pQnROCm0q+/sOOWDGsaDxye4inrH6i5FX/kjJcgKDvX1GsHMCAwEAAaN2
+MHQwHwYDVR0jBBgwFoAUjAXc335k22K+20tRZIxqZthco6MwHQYDVR0OBBYEFBF9
+wJyKdvlJM/ekgUuOMHWVO+iIMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD
+AQH/MBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEAs63PsCAJ
+QfGsdCQ8SSViQpUxIIHmogbN4xTMfYk880Kjepk6FEXM2q3L89XKpi2oZiNxjfvN
+YAZDSuLSVtfli9auc7RTtF+RXz5Pjs5U4htAHFz2JAf8nrAQ4sRBc7q8wwINGjRB
+FSRHQUD275u4CYLsXf7dMy/m5Pe5FjQ8EdzuStshwoCTe2cSKv4r/YGqkBiatt4i
+lsjfcs+sQDyZcQd2G9U2hGe+/uF4VXXOYq87ARie8osBUiVfDnRSdeTfTdLq8MB3
+WYR7gQlA/OiTjvgyeKPYnM7RmKKCcYy3ZdXmsMnT9s1Zaqvw2Zh6xan4sWGbQRs0
+mBDueMYtypQa3g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 49 FA 41 24 8C 26 A8 F6 EC 22 DB 2C FB 19 9E FA 0A C7 E1 01 
+    friendlyName: inhibitAnyPolicy1 subsubCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2D7D9604BF088637
+
+L5POqQ6HbRXYgvSKp7SaVLs/tX7tzoXcZjON4dq2tMZFtExF4gNdEduC7k5bRQPz
+sJKQ1iQivuSgDR9uyXODE8xpTRE0HBp2P1QahiO5XTdL/UNEsTfgsbrU0fI9yK4s
+wf79PNe/nu52sy7oiDTZGdycmqZdVfOs5i+KS/xfFHA4wkdpsQazzEK9fhINypou
+lZnhZp1hMO6bzlKhvY/XyW0YM4kj3Sr3cByeIka5NgvzLPw1u5AGpt/XxG/ApoZ5
+YLH17xVzk5tf5OhjyeFzh2fKaYeeHd4hBI8z+NvtSj6HhzMY/PUxxN60jLpgPxCi
+jxEwG+sGlWdr6oTCguXIyEbl5IFqGnRnazyLxpmZ3Y3T3jODLUqy9+qBh3THQKp3
+hUoH+XZikz/cvFTcJi4jKEj8roqUB2q2A1o/nz0Yw/nkwK1JmNedVPaRPvw6QJst
+Gg6+nNCwift+LFVTYFW97n8KOq7IfA7pPWkghW0uIhLHZNu5RoS7KLS3W2zWd+E8
+1oSfXaFwalJn+958OPxjcgdREMPVx629UhN5OqCWE2b5jIslOp0+AXV17tb0gBnW
+fjz3oDC32f9aY2Ljef0cJzEGazujrLsGlQM4ZAXmyQHflnVbJXqhld4XacCiCo7G
+lqtXirsLFLq72bK/3qXOX+6OpPmBcQOwDJbv0lLB37cbChzXVIjwixrb1w0XfqAh
+tLwxIEPAgWLi6dU/+A3QPtgVukHD1Jl22dgbFtrVEoCdK+IwyZIX14dOQUF7u2mQ
+90V7HtDrg9xx4Tk980yeWPfFCFEFt98B0HuPEDlY8hyhC4f61oZ8qnXS52Dnomjp
+2068Y06NDpoyAgSqZKt2O6+rX4+G3USWA2vjVDKZM4P45s0r7oMcKEGneFXT6rLs
+PENq2u5ATjWi7cQO9zdoEBw3gCeMHKACraX/8F2h/lXJhWrA3PmvBqgREYHqhpZ5
+7ozLfA83DRlNb1cEZEPdIKWCZ0Bmq/GSkcCYzWF3h+zs6Jc5J3t/KNTBZGeHGnSw
+WoiONiqKvDDFw2sK0djBfgYuHEmuabnB15jjjTGGH/LKZHA1XNrXuEYA+C6wZEiO
+5Ugu1/gmUD6LvjOwkPjp0OhOG0+KFZ859RDDKtw9grHWq02oxn19/INQqq/FnX2S
+gZpjkvCkmVzeqPhV7DBhaW9qTNDh12L6Wo0/rDzhPvERcnHcneesrudrUkpkguMr
+XJ/ILHvBEHbKEIliy+ZCrqtIunMGWmrVO/dkT8luyfag55oUMF4dlXbtGszhlU7T
+yZdN/t4fx1F9rJKw0lN47iwmLPqnFlqByb71sp19Yf3UILhFfQnW+INPv9TC5Of3
+QEof3kRTcGeVo5OMn9BjRbGtzCbQ3bgCJfpqIBQvx3+cYAbTqAdVxjtk/OCYFttt
+OKhQfB1ZZ2WTtmZ5LwFBvc20L6U7jyTVJGXOUq1RTgUcNzG/Tyd2jfOq0pYFPeyX
+9d0nuy80P8d2f9iDef+LabP5VKNTfLc270f5T1XoyFDVzeAe5EAwiTMufgvUg1XU
+l5NS6byh5faGxD0JdCEGG+s0AfUhZdGHOK6w/4aOqBpkOSUchCmEEw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5CACert.pem
new file mode 100644
index 0000000000..1c39167ebf
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 96 DD 41 7F 4E 2D C5 8B BF 51 25 F9 03 64 06 31 E4 15 AC 7A 
+    friendlyName: inhibitAnyPolicy5 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIBPTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FGluaGliaXRBbnlQb2xpY3k1IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA3UgNJ6YbK+6YWKAVLudNC4/A9551Bu01IOogUe+0F9LIv7bQPx7ovDiZ
+HA5j7bO3vR1i/VHFgMxrurBmyWXZIK5fYUIqZd5m5ZCZCXPeExOgIL9XrZw0rt6x
+4eZHWN2ygIALlicLJvLXNIymuypS01Pca90e0yumWg3yV4HXrK484mV4xAXvkKNb
+gD6wdSQ76tsMG+XnE7doGfAIXPZS8jwkwPhxNCcgmmUoHVl1aeWlJJmtTkPx6Dpq
+iysJMyA/pfWGb4f6PRMI8Mv6cN+2rfwV2Ec0v7W7KV/moSLJ7u1zqtHEceTE5F0V
+wbIsnv3b3kLV8Ey3yMQihZcLx795ZQIDAQABo4GaMIGXMB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTAJoHnadadfPC91Z2qUw5l+ZzL
+CjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADANBgNVHTYBAf8EAwIBBTANBgkqhkiG
+9w0BAQsFAAOCAQEAhs7mMDiz1F1wTXNxIBHbOCsg3foXn4M6jK6pOzfDLo/VQG0G
+fvIexIWEJllgQ4WDg9egg+MKKbHRNjDnSZG/nDfxJzWf+uvZ/AtaU/d7CuFb6ykB
+2kYoowmyRZY8cOLFHIMgIyXlOtaelVyvrgmz5deKSBO/Tp5/ss+84UUtbwHv6RL0
+jhgau96YAShZiwvDMCDDnjszHCH0Rl+qY9SHGcuQgrAzj8wYyCcJ4PZDahDxZoxc
+gB/0yUMXG1XgLFK49LH9e18ya3aZ3St9SHa9kkm7l6zqymyR8q4EBgK5jZEXy2m/
+thrfDzQan/S/tIrqzJHovMR3/AXkI21iCTSQKQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 96 DD 41 7F 4E 2D C5 8B BF 51 25 F9 03 64 06 31 E4 15 AC 7A 
+    friendlyName: inhibitAnyPolicy5 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,ECF26E92DF31CA59
+
+adpAekT6JeKZGiJqT7MeaI9XW8E1QAFJZ+vo7muRnCHc1lkZSOQeMc0hiywp7UPg
+Itof3x4CeN3ArulZk4Q2Bv2LQ2h9NMWmEF8T2F54CUPlrI6mXDukCj+o7fT3v87m
+ABnS2T7KnAtY+t/K7qYUwW3k7Q/iLsFrIgPWIKpH/dLYeqxGAk2oJn/iB3Nb0Y+W
+1+Q2LkTsVILQt/wNp/bLfLUPmGi27ec8DedAHv5cJUmWGmreIO0nd23dQmZg6kxe
+1VwHH+Y496CUbnNSo2M0vdf0q7DDOGAkzJnnG18VJ90bfsjE9q5jtYGWG75+IODe
+UEoGxW3MrCEo2ZVYY6Sr292WF9+kv8HjRSGwHxvWl2cxM8qmtlbAKQklDRctHfsS
+4CjGUrZh3dHbnRAVu9uJozMoFF0ojlUB/jsLeOsN0A+i9wjJ7PF+BsABm+ccLtuK
+8omjcxMhmRfYHKgTy125ZpXcbrXSt83ocGoj6rLK+ship/R743UIsuecLMrfY6Ml
+xpZmXP/sLdRH/j0Tswi0LPrvWrI+KKJuvgrSkDTUI8Rx9Um7pDaSulsQp9dXRXqH
++WmZjmlT7pjHzC5kronaW06nHMngNl9+zF9YDr1OqL7QmgLqDK3mKmtR5QOdSRfj
+Jjf2ITz863NU8zwm2h8eh1T6r30VD48UOzuiTHUcBrXc0SLH+UAvi0NzAydYmrYa
+jJlrm1QQC3XopPfhIoSx33dEIpI6Tfw69Z3Rjo6L0H/8sseZ/t36mE5905YMHCot
+fe8krSwaT3EbYrahnFk3zWgNb1ENS+7E0PnVrrPhLCz0bPiv6vI6KGDHHhXPIr8g
+G0Ouya09rmX9s4HmDyXuvvbL20kbAKOSTFaYTp08YQCdwdWLabARAGCSAjQiCMYp
+wcUXK9CpvyFcTvXv/ZJ6E9Mlsu430mO3bJFLA2Ot9TOw1BcrKSSsUBeV6joIorGU
+qn8D9nLTxarWNc6fztlzFAA/6KdWNC/yGRbNyjHBUYd0IvIpkLcsqZN4wN8W1g44
+yMgWDJwZgMsI5yXkuYCw7/nvAA1TTsNx1Vq0K/RX6sEve63YTOx4dcKmfC9MFwXm
+vZYfn+RZ0nmrdvf4IjYa64WlpCpZSUaIgCTNUOa64AqXDCYO1s7xTbxBQpogL2T/
+mdCErGgTIbP4Tt2xRPIJ9ayQynPE2+ntUoJ8iYfipBlRKW8plYSY3hrQh4Lsczrs
+/r8V5cjim1/Rb6ZVoTlUF+7uUTvNc0WGbkXgMyLQD3KP6u/AE3zNdYnmYN/Ia46D
+Ls+26jYEIY9+M/LnKUqPR7kxE7tIq2XZtxMbHQHhJQ12EOwfkPTn95X7dO3qdgzQ
+DXNkZgGfc/uMehlUkvCHKBJuiXvyTqZueaGIXjNwODdhcIbv/kRiSzI/UxswUPAm
+w4Xfu3X2HzE1/4g0UhdZFzPYexejSVvlf/NRQNcV2PBwZw7DVuIxSWgqcz9yuF5t
+QAndD1o31X6xhB6IYKBdAl0UCScvx9TcIFYYlbKuHCRbGLYkQiHRRUbtiVjkrWCS
+4edrTa8jNhG/N/nJsuS1wuzBTHahsEFc1gNEzz1Q1gsYVGbIsYuK6Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subCACert.pem
new file mode 100644
index 0000000000..8289750405
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 06 FA BF 4F 88 83 CF C9 20 30 63 1A 83 9D B8 58 77 2C 1F 8A 
+    friendlyName: inhibitAnyPolicy5 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 CA
+-----BEGIN CERTIFICATE-----
+MIIDpTCCAo2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTUgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBQ
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEg
+MB4GA1UEAxMXaW5oaWJpdEFueVBvbGljeTUgc3ViQ0EwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC5561W3C1C2WjmuY6Gs3Vb32L4i2f87Awffxn7zLAm
+8k85fRXHKT2gR2DKwSM/mNt4q/22qcjAKAuEhv7GZ2glmOt6m4xeYUq+6Y96Qi7Q
+Vq7jwBxT+yIuo0GdCsnSVJ9ZwS4pFlLMeL0zMZQniHRYg28fcEp/DJZpjxMu55DN
+rNm7+nEwphnSxLcuNvq5WO40rKBDLKVEOOopp3Ok+bsamuVWDkucqrkTRmEis3Wq
+XXv0Jgsh64h9SCI+0bjewjlQppunKfj0upZCNTZGodWKf5qNuEcJcVQPJdT2/vfk
+m/GaTflkY7yGkc2Vr0tAJXkiS6wk1lrGKMLIzQzSbVzbAgMBAAGjgYwwgYkwHwYD
+VR0jBBgwFoAUwCaB52nWnXzwvdWdqlMOZfmcywowHQYDVR0OBBYEFGyZqbYF675w
+STZMWJoi6BSIhS/bMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFl
+AwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgNVHTYBAf8EAwIBATANBgkqhkiG9w0B
+AQsFAAOCAQEAd5CGkdrpbMYK6NXgbS03kQFxAhmgnpY6aU2j7d4RatvkkSVHp5Nf
+DzooyQ9oyz3cmfX5c73vN+Ugxqst+lc4/wjnNmiCm/bLj1pQ89wdORHKgiLU2HnL
+aTkQQOwSczl8xqhK7ATk0ZgICmMwxMxhcen90u4SJwRPp0dIGfIiBUEvnnst5Lpu
+9EaPAHYvrsXn1kYKylWEFRoGEI20TJ360COTYF6TwFR+hsfkcIYL2CewtkhqW0vc
+k83ZgqIlbI7mTScbLLjVjFbldjJ3OGspaXlWcVPAEP9T41Xj+vOKagDwBxM1gaOJ
+h8Y4uEIFS2eAY5+qzzXEnbTG4gVCEJzyTA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 06 FA BF 4F 88 83 CF C9 20 30 63 1A 83 9D B8 58 77 2C 1F 8A 
+    friendlyName: inhibitAnyPolicy5 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8A5B334DBC670404
+
+rGsieRSVG2XvI7e4FiZ1Uglu4V6ZBCQnZQ6d69jIgX8yqtE9z0H5/DRcoAIQ3mQs
+ZhX3Qd3sElxByCnpqrKifmDpPu9u/rsau6Wxi/wmYuiq/BlLpiILCOfEQTxULbFt
+jsd6wtk+LIZCYKWLv5w6pDD61Hsv0K490eyS3sQF4wiLNkhtgj8QZE2YSF1zizwm
+747fqsHlwoTkQES7fFhJEtGDbZcUq9ntyw3HSupMYyiBnp+Mq7itCmXt9V5LCrOv
+CJqHam4kZwS8kkGIK/J4L5xKqKGJlMRQ6oDgpVa4XCWd7rgXknMYQzKgdKwR4cy5
+IkDU39b8kYmpJIfXooZxSAJSkjF03mIpVHQBbWlnjip/CrUhmxuSPFAP6c4TRDMz
+O+vzyjId6G/mdlLXVlSa8QiyCrDW4YyC8aT6Blxy18p47/1F2L0yDit1o+sGHxMg
+4PwOM976wSb7xZGBdooPlq4lpt44GQSyG/AZWoUjo2+5p9+VXZ6FMCeN46Btv5dS
+TMbBIkdJmRGosW0q2wVPX8TrIHFnGWNXNOA5uwkqIE2tNqCqgH02iDNaNG5hFOtP
+lNhJv5vJ/kDLc72qETEQMqviK7zAyos9VQCouioXH71vVxX79v8525DN+2hCQy5P
+hXol41S4YG2/gM8/R5pymndqo2Aig7XncRMqZUWtVam0uuUoQa0WnIYxcyfLEKGY
+nqixJwFqgFu0Iv2FdEwIaGo6zjNneQiRr56a1TTKd9MYvm/ZWXtQL1zuuTtD+QOD
+he+CHCZXnEJoTXSvNOc5Ieo/qoIbbXbaf33znX1ljph79N2MVd2O/auv3sU+o3CC
+GWcc1Sj/pZe23x6G5XZTOX072MMZZdIBO4W6V+qupnIIhK9MecYERA7soL1pGO9X
+8QM3iiH3qd5s3gfcS6MSq7IuOKDkHneJW3yQzFZnsopa+MPxe3O9/pEiksWH7bw7
+x6Qw0+DOXYeSrrVXbjYHJ4Qb/nTBE225zAZVdqqgnRiijE5+BLU8re7d+J9SR440
+t0c0/vp2UjkiNzq+W/uzrdaF+U2xwRbzH6SQqNCoSmWqdvtX8qLBf00SskYpILbV
+qgmdqiWROBWoefkYRHAdpysw/4hJUNsvfVkVwv5bMvirE18NpM75bzZqzQKlHNBK
+d2Cr+fsG6QyBGoIijoixMXOSDw9lO4jNwSHCNkqheLOUcEWkWIII7lNoUwCXib7M
+W40OtSkTUggMZTXDddYZ9fgBNsc9g0n0XtF5QBPEhoW/BJBisuRcL4gj+qLC/U0I
+DgzFM2cwGE18OcI7q2u/OwqvKzGXIIVGY6guy6S1tubL8QivHnfEBHEGZu20EQlr
+PGOqd5jClUngTjT6dVlRSgriTVXQXeEfMUbs9jtFHSCe9nFQONhdIeRD2Iu5SwZm
+jguWaeTkkLtKwMfeW+fE8uI/xqNN6YWQI6UHxmhPmkQIIHdkbWGu0d6s03BnSIux
+CwKXpBULLMSkd1dEkVgDERGq61TnMNvwjxkEJGY1YyxjM3YuAgl8CYHr4wrwDDUP
+oYjlx+6WRauSfFANwGAey7KhxJKNUqvIQyxm9ZWiJRmKuJ0x3oIwb1LTrh9A4Jq3
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subsubCACert.pem
new file mode 100644
index 0000000000..e2da15a120
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 80 1E 9D 41 62 69 96 11 26 7F 72 85 64 AF F5 28 1F D2 26 27 
+    friendlyName: inhibitAnyPolicy5 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXaW5oaWJp
+dEFueVBvbGljeTUgc3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBTMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEjMCEGA1UEAxMaaW5oaWJpdEFueVBvbGljeTUgc3Vic3ViQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCRGX+IdLeXlu6WOO1XhgOgGqd9vt8vGh9
+kaeJkJvY+1hpPPj5UzXz125tovx5oIsnxll0/M76mJUpNz67W/qeg+FkBHa7q+ct
+oZefLzysWBF6v1SkRZckKujdjCLHw6qoxSbuOKRC3+Y/o33dkB9wCcAjxWC1SZAh
+AK7E2PkfSh5pPE9waAUQTO3CjJuUPPwffh3WFV52ahhR18RfEMJPsIFQc9b40hEl
+kz4vuZLkT4BP/HIuFIMF5uzehcUGs4DUXQ0wxQesr+0AVCcDM5R1CR9S3WaGJURM
+uCkiQ7WWefgvk2dYkAoE0f0mwMo7nXHpj0D0LFXCFSXlNS8uV0XlAgMBAAGjfDB6
+MB8GA1UdIwQYMBaAFGyZqbYF675wSTZMWJoi6BSIhS/bMB0GA1UdDgQWBBQx4T/8
+Ym6AZc2peRAAK26JWugFwzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFxP
+sWa61v5gPCuZjV4CP5aoR9c3RwnXgwb1gigoeakbWE0hKy6HdZhrcpht+pSoeHOt
+saYnIEm2lM7MOC4vzvtVMTe3vj/PTwx44yGK3IxSRYs3tWesciRAJdfJrIBxUpgO
+vabTNdI2/7gi8KckWRLCpo0aiRriU8W0TDwMD9lEEMRJ2UGgbIsmExsy8h6ylWxN
+7BAyMWoOx8EQe7Fh9b+j5t3A8XZ0Oe7LdT7NDS+UfFKFqoP21v6h7iXzusoHA3Uv
+YQjEIwuZ7dYzDIXETb7jzQvdsY2mIFIwHtqP6csVtMQVu2WugApFjwGoNV5d1DMn
+XpjK0TofQMZYNOxBEZY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 80 1E 9D 41 62 69 96 11 26 7F 72 85 64 AF F5 28 1F D2 26 27 
+    friendlyName: inhibitAnyPolicy5 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,18D6086D08530D26
+
+0piNmvVEM3en9DlJy6As62VsIKsH6IaGNrjEkd256Ql5UWClirgZdydhz2bs4ctI
+49fCVejnqWU6hZXZN01zKiP/h9bJNTF8336sQQHLw3RpvLJJgO5PY2ukj3ZvpN94
+t6csUEqRdy+QuR1BTMZrvDocCCSCWqBSRZmyShV2fL2eos/2hIeY0u4BtqF4fzWe
+mY6FXjI4P36Nla6G5KFIyNMzxFxp+XVZYdelglrgB9p6VLzvSSdk+K6LZHcXtopH
+JpuHf7H91npaix4L2K0GQzze0HgSg/3Ue/8ozipnNv82rhwFEViExa/88E3ddSEh
+FkaM/LNKF2mqT9m0/jm6O+682LqhJd7uh8y3u9n9t5UuCR5UhhumRvAZidpBF71q
+uPseB/ikypJQ/oJRt4jP/lJI3aPT89Oy80CxMCKAKvaV4+e5nob4bcyc51q27Fku
+WszWcOJWMvM6os9JgaCN5BYpqt7zpa148qZx0rq+ZcqC4l/n/DTEvQxVyNQNWkpp
+cualkUiz74A7hX098eQRI2Sseo6KWrV2fEcuQLIkzo/BxnsTRziiehEJYa2khhUW
+qwapQ5ulM8vU+e6vyrfJW0z/kuEoLWFkq9o6wA34eRta7hxihoUcjSmvCbJ238/i
+mg75biBtsoB/KNJsX9eLLmxbaccPH64ETuNLH8Yj9faWeOGxotv1HCPOqTL4wrQG
+Czpd67DGSspl9PVG3TXFEW8Xf0fl0NqVqx0MM8X7Suq+3svX11VXFiqUiXiMvvhi
+g+WjtmjBQ5HWbu/LuG58PIBkSzah58vmFB+XrvWRb2HyrBT8hvZRCIgUqLzr8Ufx
+vOkHtlVn091XtWqhLZBrCjoCI/U3K+TmbbePxzAB/ju47vjF9YPQRD6IKW+Z38rb
+j05timFYKLPDyOu3gaWNI865LkOxx5JgWR2rIoSALv7pln0GfGtpAHvRPdrUGoze
+Vu2jqqPCPlddQ8Pm58BSYj+GRRKANfJi5LdPnRwTnbFceHAmk71mph/DnEgHfF5O
+mBfKXdPAUr5/Fj9sMCkpH9ihl4qylXAd19NzW1oM4puD/L22d9VhXD1wTdAWu9ew
+9kdrRiPl+Ohm/ktOkjLYkDoCol4sfxuetF8pXswRi4laqPvz+kw6KMgyp61gcGBC
+M5cbpAZhH6zfDLSnYPaC+GTQdSjBWp51LZYe2ChPocOs2HPVWZ49NLVd8VCJo48e
+xFCG32GW87sGMAV6INPAQ0CQBTAE2iWWZZRk5xrqehBmcjkl1WJBBF5DJN2UeZ1+
+6buBu5Fdtc3TM9PyIoDsBjKA1ma925bARz4OGhU39YbdgJDfSEuy6ahKxwr+JgEC
+C4xINh5BjQLpXewzA6F0O3sh4V9d5/FdMIc5jCeIGVfRkRRkQQwfZbg+gKhEg1PL
+CEy7SOPuahAHFjWSK26ZF86heHB608IO/GcljN+p1fe+I8z671fp15XxlKDOW0YS
+/hkbgwvzp5XYDz6/vkjRxUACuWd9s1emp5dv5wUBg9Ly+A1ObjFK6k9Q1judD4XS
+5BC9jrNUNdlXBGvy5iTTcoio0Kq6hHp7VrSi5ujgUVCiBTKWsWk+LYaIFLxh8OMk
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3.pem
deleted file mode 100644
index 05c743e5b5..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3.pem
+++ /dev/null
@@ -1,159 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAMvuM5rrG+hunxSZwR8TVsLND7teVaTAzIxbnJv0xpVvawDeQiN1A+CIdJH8
-TUXrgcfdU+E04StBCqDRBr1+DBMt/PuBDS/I2PcKqBuP6sfkSDr/lPYkbRBI8wZ9
-87H/ke7seqh7cSVORfqg4KupdEE3i2gxONHlTT/7XV0C5aOlAgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFGbbtZTHBcSzPiuRud/IqNBNKzREMB0GA1UdDgQWBBQpIHiUjoSQ
-KUJLfKsOgyq+NVs8FTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAuKZUyh6gvU8Ab5pl
-P79yddRQcx4G1navwUD3YSS7q2rnmqY2ucmHX8H1JsOhQUqvLL81fIqAkWPANAmQ
-K4NU/ZSkkjtfTcJy5oYsVXjz0MyLKOwrt52j8MLZsUW/TIf5e57kPbORC7RQhEr+
-yMDT6AY3En8iF4h8mqMhwnQnO3U=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
------BEGIN CERTIFICATE-----
-MIIChjCCAe+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UE
-AxMlaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEA5paTjQbj3puhDjZ2oS+VWmYpkB1j3pR42xS6
-DZJFysWv18MFWj06Gcb3VAc4DowyPEHzYQuzdaTQASCQLSX9JskU/ohcioVwGiK5
-S80dAfcGLSVJsvMROXvlapFvgkhM/qqtvyL0ft/bTTMPPkQMqayQPNiS1j1NIOaj
-nLReO+sCAwEAAaNrMGkwHwYDVR0jBBgwFoAUKSB4lI6EkClCS3yrDoMqvjVbPBUw
-HQYDVR0OBBYEFFXoqY9k25OSv29Bm8cxsKCX5ASxMA4GA1UdDwEB/wQEAwIE8DAX
-BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEARqFA8zrZ
-Fv0+U+IKZbMlVa9p1ILSXSsNk+KlwRjgJRk1l3UQtw6G6NfVhKkgNvqgrj7zcfg6
-zZuuMCad33y5ysIFZ4ohuBtD19Rq5TEp+UqAqMwaewF7AajpU0h+XnLg8v1uPY0j
-a6MimyCJtGwBH9LcptLn/+La3+6ap7ji+nM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:29:20:78:94:8E:84:90:29:42:4B:7C:AB:0E:83:2A:BE:35:5B:3C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        75:3b:42:7f:44:c5:fa:ab:b2:c4:63:ac:10:89:84:e0:50:32:
-        4b:96:80:48:15:1d:19:1c:b8:49:6d:42:c3:4c:b4:bd:a0:29:
-        e0:14:56:1a:1d:df:92:90:19:27:a0:b7:f3:1b:7a:32:32:2d:
-        cd:ee:29:38:d0:75:8e:8c:51:9d:02:7f:92:a6:af:08:ef:23:
-        8e:bc:b2:a6:47:36:d1:9c:e6:dd:4b:05:55:1c:56:47:1a:40:
-        67:4b:01:bd:b4:d0:74:12:5a:97:83:20:d5:4e:a7:d2:bb:ad:
-        52:a5:ac:13:44:fc:95:1f:d9:70:fa:a2:05:fb:73:e2:9d:15:
-        61:ac
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUKSB4lI6EkClCS3yrDoMqvjVbPBUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAdTtCf0TF+quyxGOsEImE4FAyS5aASBUdGRy4SW1Cw0y0vaAp4BRW
-Gh3fkpAZJ6C38xt6MjItze4pONB1joxRnQJ/kqavCO8jjryypkc20Zzm3UsFVRxW
-RxpAZ0sBvbTQdBJal4Mg1U6n0rutUqWsE0T8lR/ZcPqiBftz4p0VYaw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3EE.pem
new file mode 100644
index 0000000000..9f5f766248
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F8 C8 CC 60 FF 6A F8 EA DA 16 34 3D 23 A3 8E FE 01 4F CA B5 
+    friendlyName: inhibitAnyPolicy Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA1
+-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowXjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExLjAsBgNVBAMTJWluaGliaXRBbnlQb2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVz
+dDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXXPnjv8RRkKcKkZOV
+yGORDonJuI1SMrxuX02bYLRAC/XwvLOJpDsf/xA8JLffgaFLY6qfYmBeyVrpPvTk
+wyLD5LwI3MK6sc/lTCIBidoDBodfodpzBTQIa4MJLElXJRCkwyuEVMAFNng8N4Uj
+6ZGlBUw5t0wX2dudQQaILmmKKq01ChpP0DCujvs2vcadAm/sM3mpOoVrmc5onF94
+szwB1QrNrLrPN+WlaX67dl/m/uuK4Bbvj1cWOdyAtpskVKl4uZoyTE4gyuOSRbFX
+H2jC1XMd2yhtePKFYkHjEQEITpSKy/FPeQMyw9rzFI7t2+nAqP090pB4YsLNPYgN
+cG2HAgMBAAGjazBpMB8GA1UdIwQYMBaAFHSg1VjZK1PSK7DNXXHGob9Dp8gVMB0G
+A1UdDgQWBBSgPl5tKwvtC+NPQQGd8WO1AN3BkjAOBgNVHQ8BAf8EBAMCBPAwFwYD
+VR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQDFsWjMxFvi
+8SyiT+A6KlMhtL6UINksICnrb2ozC7mouE1uge+XdzRhk6ub/x3Yrc83OxZbtZzA
+f36G5OSyKn42LPAtsqW+X98xJJR4ADEsAxUTiodITJ0O7rolRFurlCrITR/AEswp
+bGyspXbSZVpCMqr87BCRlJxklpk8Vx4JevroJBrbvqtm0s7W1RsaazNzZyA30WIA
+SYISAcXhLlJhA+XTVZVMp7U/8RQ7K8lftW17ZJ1AQGc1KTSHhzOeZeoAJCYaqBLz
+BTRFRv04CGjhGq3UCBDazX2XfBQRg4TIoTo2GE2/cpv5oOMFZuxJLESCZbbev2Df
+8JFIDAsJaKox
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F8 C8 CC 60 FF 6A F8 EA DA 16 34 3D 23 A3 8E FE 01 4F CA B5 
+    friendlyName: inhibitAnyPolicy Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BD2FB17770635FCC
+
+Q8wUO/8aCWrsdP73HdUypS9Qbr1TBRDIeN4SrhnumHAP+uWgvZsb6ijnu9i1rG5i
+N9VguWwUkR+b0evo7AzS94hJt89CRtWICxF9AfX/ruMUrLjPuI0OY4N96WdBSAEN
+612yy65jJfTATSXoZ7xX7he5ZZ69yX/qehTKjBJUZyybhHEcsGSjnlbOOtGL+cTy
+7Rp2NWsGK+EjdqB1JGeoZkTeA+P06f9KNdofSzqtq4Ku8+6SQMJ5mxKYK3Q3pZl6
+OKfTYBu13cS/JcvMZ3CiCIqgAfztt9mMufpfRI8CSw/vBdsp485n/g4Qcq1kWouj
+m4XWIE1zJ2D8D21KamP0zIHJrNkvaqvK/kxld8H5nKmPRd6i7yiqNJ0vDe/+zQN0
+Xts8qoszNXjGvKbt5ee63TkSVCHPLQW9FlSUK/n/jIDb9FLy36jT/JgYlT6Gq/kG
+AdPJM4855S6J1sfiIzSd+IMydFY7nHea6wbNvNDJu+8g9BYA9xP8YAWVTJU91d/P
+gtTfR2APC8oAFafVK9zumI81hR+6weED9MsYdNDSSpyx4/vfDMfjuTxqlEF1Jp0F
+57LMGViy97uQrnjn00zyBZ4RWIyFDrkmD2MAkhSkxKT6RDdMazF/nflbzEeleblb
+kNA/cSUsGt7yNaaWKxKPuOKAP0fVcvDaFnkIpajVIOIw/FTs9RtlHGt+9u0ClAki
+2r7YUDGef4qWC0N0OT0/vY4FGxOm5Z8iFfrEjsOeqR9ffXS91aZVjX6JLanLBz8y
+grY8p8QJNx0rG47XRscXPjqprslzUzkL1UPE1UfrbHz6SvCtNxXIDs9qNbmT1LqN
+ICLxp9B8Gz+PXNWquVFBSiJ/wCdy1EINS9Uga5SflTikoWbxCiUuivNgQbAq3f32
+qSwr/3DfyF4srZ9L+pt9XLhC3rF2pcYsg+msA/kY6GteB0b8tmF1SqBctjzG4bL7
+OIaT+H4WYTD3R9Pl80y8ZBd885x9xNa6hWPvoiMsjEDzJnl0PhS9XwkFKTUe+b3x
+F3Sw60idyYXqHcVDmBd7Q/U4epMIjrmhJJDd9tiYGM2cUNNSw1O7qDNwap3cD/tn
+Gy62+bCO1hXsDPq7M0Ae+8BaXO8L7FBEbuaItFDKcrwdGonqO1ypWnkN+518hyXh
+FA35sFzrSVQJuttG2Yn8qdaEmoo6E+c1WAOTzaX8ISKZ74kSa+4orhscAqlxB4wh
+o179/V5iK1lDKY8xr6i9NMD9nb1hfFfgUGmYKgP4jtihXOogplUdif9wOe6DAD1j
+h2hyWSiokPDOZK2oGyjzpJjXmG4SWI1MGCwu0FpH/Uqs+RSCu01bAvjrjyCpiK6T
+ykw4josSQ/E64cNJuhB6A/FTChR46nFHGv2PHLeI8FVj32N22pqiwC297bod57jE
++savZ4nVt5BjYdQM3iy1UMuZq5XPmFYpiIyvUWwAvPLa/N5ukxcRR5vWwB+q4oUZ
+PMW2qeM6Eg9GLsMwSvDwdaz5E3shK9FL6xzkdzkwiSdnnIQkrRLNVvLxm+UvE53U
+bOZ7n2G/I4mIspwxc2qES5SDzkegQdqVYHr6/d+lkUsX6eEZjScr7WHla5a51Eim
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0CACert.pem
new file mode 100644
index 0000000000..3c95cac707
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1F 48 9F 19 D8 64 D7 71 C2 59 81 7B 56 6E 72 AB 7B B2 05 E6 
+    friendlyName: inhibitPolicyMapping0 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping0 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDozCCAougAwIBAgIBNzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExITAfBgNVBAMT
+GGluaGliaXRQb2xpY3lNYXBwaW5nMCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANt7nMME0N3fefF9kFthzAI8C4Y0Ul3e4aGamPxfGzSoKVgKIEXl
+yKbwGaBplcjaOjQxl6MO74pTzEcOUDHshkf1uLJh8K52pJDew36C3KrZ3cMACKrz
+LgvwigxcHTWFv7Rey0n76TupvA8HGAl663ah2QIt8I1rCqmp/7raxqQxbBJFC2Ti
+pJ8XZrHzIPnzkP/RjVgHH+2vgxypQh+/Izw9E9MOLnkXKUUE5x6rCHvbz2CHJ3L2
+QXlqaZJz7hqKIFASnaY3FPKwP+cU/bmIIImXCTjzYx5hiT0rixD/bUb+pXkcZkF5
+WTZZ0MU4VyLYTAEnBeiiX288aaDV4vUli/MCAwEAAaOBkTCBjjAfBgNVHSMEGDAW
+gBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUWDcmB5GEYKzu9kA+pSv8
+/5cdndswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MBIGA1UdJAEB/wQIMAaAAQCBAQAwDQYJKoZIhvcNAQEL
+BQADggEBAFzEkzKG6Ig8FbZ5qGL/3Ua5qibD6Ky88jtku7s2ZG6vQ/GC/5QAcWsW
+Qtz7ajxzTqZ8ffXSFsmynLiUjmtPbpvuKmgZpklXi/8dWmy2DMxxBqObnOkASL0U
+wbpv0hMTRNQZkYaNRKd3G0mSJdLCR1ZumDQfxYtSSB5I700rLZNqxLgF+XemTNqK
+NQxcVvAFOjJ3fu6a1lRPr1ahvyPgPfUGugETMoMQ95cqM0Aj5Zo0ZRUQsXS0XCtV
+D5ZD4THlPWdUcUKaF1H2vVvidJX8dGV5eA1GkJ3VFb2yAmbEHxgzfr6YgD4jjgAc
+ksRGDC7jO4eEsZYanmTqnXdR7xBFN6w=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1F 48 9F 19 D8 64 D7 71 C2 59 81 7B 56 6E 72 AB 7B B2 05 E6 
+    friendlyName: inhibitPolicyMapping0 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CBB29B0088B46234
+
+V0UB4zlADJOccBOu4p4x8UvJgQxqW0WabhdIPT0Gpi5k3ou6TTVXT4pj5mb33Ov8
+n5VrB0kDC0q+oopZtZDWI+ZxgYPxQex2Skijcc60zGxNljF0UHYV3X8xAQ4os30R
+0xEE30tYCVqTJ/EA/QMZ4jl8xQFCBoUzpIeUcUXGmcf2uK2I69di0s80fX5uzvUm
+yxTsgnWuOucKm6J9bjs5Bb3LbfFq3uUGf2lVWizQj7ZKLTAVvRCO1pnc/OOo8zdG
+5h7jYDVvfHJZOv9Q3RAS4K5h56Oe7ebmR0ucNwNN0iWw6QZvuabUppCNJooZfA9d
+4y8eZ+Ocd8PNgy2VJpmy/NMsj74a7oXO1cZrmqJuajn1HBO/xYksH0334xLemaxD
+OnZNL9aNyTmyboTnmn712skBUgIWC76kdb/M/MSwFFUjElVO+i2xI0c91T+VYP5n
+3YsfMWSS1n1386lTUCYlb3YqW6SE6dLUTjB4j9UF/kLHNKjVcYFfYK2I99aXX5yg
+Kg1Ye+hgaeMB4BUKp5f2YGhpqnfTzfG/wQjCrn3ev2sJlvEYFQvRakrHVyAaELzu
+BadiEQLVfb7yV+DcFwdK9zSZf6JnBEL8HpMSTLCvgiXgB+m+j57Cly1Xcl1qbUkn
++yvyJOar9zANlqmBOD+cn8HqmJXOb51whNi9GZJCa5E0992nR5PiTYgW4/aP3ArD
+MGz+4gF1MfWLJCNaL8RoyVTCdD4ZaexAYt8MkKqirviv2mQFLYm2i5mzDCd1ZUR1
+rGVzSBwnG5v0/zFiIWF23hi4HxzhTu3H67EU9yUNhikVCNb+7JRyD78QqwGYlqIC
+oPXCEOyU2iGr5zIe+N80C88vGkq/5C+16VAq1Pp/FBuEFrcl4HM2O0FcsWvhofWK
+aKlmAY0V2Q71MRN3Pc9OrBAvKoc6U0F7ggw60GupImNORhxGbOgnoGJpNA5BO3RB
+lerEWyuOmrRhQvmpMAMKIRGmzBTos/T9h4FvM153AmJThNRdMOsgFCvREd7WN41/
+QiAXJ4F4kP3ibx3t8NeQcYgMw6Kh6PthO1mP6GVaxQLh0EBAHtubTXPOXcKfESHJ
+HxcP/UMGmwiFgQm3RNxtl7wRqfdVDwXIWdMRFjbSDJtRx1EQaMgqRSYIu7xG+5QT
+HNcH87GUBwDiGEggK4aZ7bHS/VAbnIeTJRbe59uIfdEx/Wmc/04CQ/kOranx5ER+
+7VfSn1njQ0x4JyBwwxy4zt83eaMZYHk+XJZMnkvNaxv3bdb727Lt+SQdPX3iYtO+
+4oMMsHjVR1yJ7ty85zzE6KkxavFGj5Oxy4O76bnuvx2aU6wGE0k50um3iFOkPidy
+a+PmhwFuOcvNPP/y2OM32J5nv5K9QqY+IQ/V8fZXMK2rLLYnxF0emDrlqmBwqBeB
+VM23mKyd+fFCfl0V8u6PkyrKX3emXD3GXIX12vC3gk3LGDehJl55KJTz9CG/JDGh
+pDMxymRAWaI+hyyZ7caCQ+wY5ut1h1g0a7H5gB9uoqLTTx7N6jm0jkXcoV43r3VU
+M9GxJPDmUgPzvxFi8R+ue67sTb1PshxvzJJlBKazn0kxspaR7a4TAr1gXPYspsrT
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0subCACert.pem
new file mode 100644
index 0000000000..93ca7870f9
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0subCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: F5 46 C6 A0 F5 9C 18 B7 19 19 29 45 97 68 C3 F9 C2 98 5A E7 
+    friendlyName: inhibitPolicyMapping0 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping0 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping0 CA
+-----BEGIN CERTIFICATE-----
+MIIDxjCCAq6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dFBvbGljeU1hcHBpbmcwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowVDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBwaW5nMCBzdWJDQTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOxx/fK0GiaWvaebSvC+tR/65oOxtOB0
+i2rlCHg++AGW0iPfXroJpby/vqElvVGZ9/L4ZC4ESfkKlcP99E5jqxNFqxNmjXbp
+ySBDusJ7cGIK+Qqd2tkfXPkE0Ov/XqQYa2hXqvZGbwPyXTjkjtaL7k/xJ42vJ4vY
+VyB3TKHWnm7VK307P6R74SvlLeTqcbNY8UtjZ7y88mfufWAKczbDq+0BCMpjFaUz
+h2gJbp7XZXrsDq3NdQ6KSsiU4YKDk2JKtPZuLxlHXl3DELKzcdTuipGtbxvTheOB
+VUfJKo24hBDWSry7ejCKwNbxMwXGovRY9FH8iHNKjEefc7W5d443rQUCAwEAAaOB
+pTCBojAfBgNVHSMEGDAWgBRYNyYHkYRgrO72QD6lK/z/lx2d2zAdBgNVHQ4EFgQU
+/7RzYlKNXJY6WpCuGry4PHmBYx4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MCYGA1UdIQEB/wQcMBowGAYK
+YIZIAWUDAgEwAQYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAvmTHRMpF
+Xgn5rrscWjGbzojCzy8p6s2fH1D02ULqEJtJXFbs/UIVByZaMU+s9g1yRz6NsrBY
+YJeUKc0l4OZeOmM6rHeXVD3KUBTb1dvZbc22Y4LzzRacv8p6XF+jtiTI7hnkv+7I
+AmK1y9IOIMWB0mKT/uRwzFn5GG8kYyIQuLGt/xB446nHL5M0k6kstz/aApkA5A62
+LUZs83AcF/p+NK2bY2rGFrbfoRtxFyOKrf8bwc1GmHdj/KeQT3iwJo9ilYOECY+0
+DmL8SbReR2oE6KM3Y2FTcVu2aBh2kqiFRU/DUu3Qso9hQ69920KdysFj2I4mTRWB
+Sn0cA3GqJO54Wg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F5 46 C6 A0 F5 9C 18 B7 19 19 29 45 97 68 C3 F9 C2 98 5A E7 
+    friendlyName: inhibitPolicyMapping0 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,82D2B7D8553AE8DD
+
+CT72MgD6SJk7vHWHJ2AwPkvAuujP2V/jX/2061eholo92cfOwARYretMFnqxKqBV
+1veZdKKekq5okX03iMOdOg+MJo1dKARzFeQ7e4nqUvFLRKrfjbJpd0rrga7MoRC7
+qScAxuZ5fBFkk7RpzxL/ejeaFDEII95tmS3PpoYBMRUS2NGHmDWF94onX7yzj/Qx
+ztz1v8FkGdus72gDv7ezpnED+3ENNFhLm9QXnaN56xIIxc7l2ads4QQu4M9s1nwI
+RNqn1hR0BxABF92pRoXgkrXnYMv7bLW+/5mowCb87VUddWHqM91AygUxkXtVto6Z
+jX9TXCbcTS3fv0bHdxQqNr7bna0zY6ym9z8yWRAJ/Hkf1CqNYFVFLvm05pGOtRb9
+Hk5LR+o7ZzYzK+V4e5+VfvYj5cKAARmvW51+we+p7XOO4x8iOuYGAzFHEkjrFOrI
+o8idKIfmoe2oy1JI8WCh/IddhPUM725YaGc+iOW+FtX3laAoOml1TZC0LJJZWWzT
+uP9CftRStoUxx6I+IgHUe80rTasjj4KQ23UsW42IGs5M9DlP/mHYoSlUf1nxjpGb
+rl6emEXB1SK7Dc/5DYYqn1zqWpVtZBqp3jlHTy+XpSM8HXhY9YhvCKy1BSNx0dhG
+nBzBECLJ11gvzU1r5279S+V+myOE619C83dn2CA+4bmVfddWsw+i0Y9cRIyGyyBf
+P3vzm++UOcWjiaORD65TQWGPjvUFKrE1TkZBZ0uThILEfnpUyYaH9X1l3R2Ky3yp
+p6nHQAMBGt2F7fPZDdtlB+SP2VXd/WJdvU25L8xUWmIQ/uFN7RHVemFznwJGzAYr
+ixghJ3QEG7Wj0ie6y8SVXMILUKfBYjKnMsluLi4f62jg7cePEh+u2xpdyVHBgbZT
+p8PN7Y1D1uJUb98ZekFoLq28fIKptCOSHmwyn4uM/g2DfutmONMJEWGP1HqBTcR7
+bGwlyqZYpQw2C4CJ9F/ubDHMYNhQSEZWqh6FRF2DJxveTl6fYOre3PYDAc7XCXyQ
+QZ2QIdZ2138C1PewlmP6duM7Oz2+NhxRB44B7PNc7B+F2e1oekur6mgZD25U/5pS
+y4WPdRxO55kJjFzS9LCrRWbnwMpUPE+ISqBGJ4dhjpSGAHVHEBM0JZIenpJEFVFF
+DbbWqboDKo0fvnREPbSJqKz9HQ/4SoxOPdlRxQtYGkb0wdZoygYttkVnaqaKsCIG
+Rgqh7sWlPCzIh8/HkTI2YlX9yXETINvx2QVBeMZspTwSRy22SbbuIdPgWspVMCZu
+J8z32IxMgxZvpx1prS0jcJGh69GLbnGMXg0u4jo/ruhuY0MNflWbCHX/YOVbylSW
+a9cWCplrb/SwmDDJ1HOgx/UylRGQ9HDvxnNRIW5ic+Wdehd2dSoya2SZLSGw6BXf
+5RRIBk2Cxac/ooi6rYU65S+ZC3iMBEa2L+KIPEEgjxOdBfZwJ+N6pSWZ/nZ+jzO9
+Qv6DvFZhs7sD2cI/M69TmaUBM++l0cofj3WUdMWLevgVc0AAnQL/83bZ62fpBnGt
+MDOEMDBQrCRxlCuV3yxHu7zivWx2DuUBqfQMy4dyG0ieMlKLLjx1W/K9fVcfFCJd
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12CACert.pem
new file mode 100644
index 0000000000..77eeeee458
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CE D9 A8 C3 E5 4D 04 D4 32 B4 01 5B 7B 14 D1 B1 01 05 C0 8B 
+    friendlyName: inhibitPolicyMapping1 P12 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIBODANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJTAjBgNVBAMT
+HGluaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQD1I5zxceMZorGyjg1wIoa8bfGeT1qfHYrEVfYDrHwug5k4
+S1cwzlE+S2+1a4izALDGq9AwRgmnu3e+sD0D+D0jN2dKQN9xChH+u/IAI5Mtbw7h
+ds2yHU90cqNFbkEk5JyvBdGLvJZ4BVc/VuJaxdDIh3xUADnpk2wXjPGJSol4Sjdc
+pb7m4/YaDl0dAc+r3r5U1Wz5BNqI0A3JvezPJxTYnBQN0JvEkuSOg0TfmAUFqEqB
+o/mCz1/h9Lycz0qwqOWgyVQvvfIpD5YtZF1Bek9JISleu2pEaiRkulVCK9TP26Wh
+ZSE/vJAhnbX52Unpz/Kp3jlUwU/DDbM7KW9bRCgNAgMBAAGjgZ8wgZwwHwYDVR0j
+BBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFE1nfo3dORmv6Cbe
+DgE0eLF1ENqkMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MBIGA1Ud
+JAEB/wQIMAaAAQCBAQEwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFl
+AwIBMAIwDQYJKoZIhvcNAQELBQADggEBACsyNZjgHZskZHR1CLfKK/Ny/xYRo8ln
+NaSzPGFEcmltgkUFAEKmjnzITOIg1kyPeOh9BVLbtjzuXVJ83+2Y1MBzqDTmrGFg
+F62PRAXKkH54QyT00xP0TbmMQ7DEIRAf4Dam+mT8tezBbJgr9zjSTQdh2R0JxeI9
+J4GgBMuASTMF7NDDtl72adRo9xzJu9FFucSKUsTkYjm2muUStfZH0ULJoDEm0MlJ
+CEZWukj49JOznvVgWtUaHv50/oRB2Cgl94NIcs9lAsctA/cw4i2pQhede94SUjFK
+pa5ZeQWQ8rV9MpXFEZ9qRhekJ+ckfqSvPWUcZIW4wve16E/hR83Fre4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CE D9 A8 C3 E5 4D 04 D4 32 B4 01 5B 7B 14 D1 B1 01 05 C0 8B 
+    friendlyName: inhibitPolicyMapping1 P12 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0F886ED54A0FC007
+
+ytyfPeZDySSt3olbkPdTmNLg+X1d7aEmZGh3LYg3lVGnYCZOc9sx8F7ArZWZM8wZ
+2CEV/As9Dfkzr9+hzdc5he1sW/9X1tEQu2E66kdNLlrMwOwaOqNRBXB6NMszOuHM
+HSzmqps45w3YUZZivfQEO6QN7wNuYOSLFEs/Yl9KujHIu8V3UHwb+ZK4Sfcj/uu/
+uOyy9Nkbinue+VDnKK8u8apU5njiPFreIBz1FPII/GiQuF4SmOiSuMiuWRPacGUE
+LCvXs1AdRWUjayEeiLDRg2l8gIbtazT7Fd0zWS9rat/x/UlrwGNzAyDNmHklGguP
+oz8chgm+CVgIRbf+XXPLbvBuKDVflJFJnoTtwBu1AaqeviAej0ETGe0tqMKZJjZF
+oMM0HVZkuhbf8y4uxQIX1J+yF7DyYZWkWYADVWi1uyve1G5yXRlDaEw0hdUjUeAe
+H1UBHjrKIfIHlWdpbrwa7o848zi8Fx+eR0QKnyPLFrsawIUjXJu8K2fWmQ4RCXyG
+6+NDPOH5m8ywH7CtQoFTAK4C6tctT7FxNiqbWIP6MUM2g3GwmZy/EoVA2AHKxySf
+b5NIqZE7SoGJHRdoBZCZG7WGQtXXWK53IyQ5BuNiPy7vsylzevM8grWNmrBcDzi8
+u53mEvgPthWtkdxD5Ap4e8SFMhI9k6ypcSc3TmBj7WMj60nP86xBGQq4hApnBHZE
+kQAbNlNgzPFfw5Ap1tx1BifqJmb0r5hMnziPVkEEBpmOuuwXsDnxG7bmAomOz89K
+3DHe2WdIselXkNzJZJHV1z7z4eIGrlT915t9C4Yf7RE6xS9xi5flJ5BtBKIk8DcS
+GfHgO950E0nwQIX97cAbcNOQsi0dHUwr7Hm2958q+uBpVc1hDFAeO1mBrZdXLBpO
+uLh9/k5i+IpqHq04DSBGQUDyaXIsWbTzio+Xi1QnJ3CP612pp3XD7XcOML12WQEg
+zGm2VJbs3jQ8DQT0J2hQBKD6qFA30ERtoLE+yEGV6PzuXqaEk33sirBNPGk2qK5O
+LqfxpwBQ5+75dZxe9oGY3porG31yNiFMcTOWYbXw9Xa7+HcjEPJULSetXH3aqIcM
+P4kat+UriWyV60UuvUO+dRa/g0Nu50wISgxC46qbNn1c3M3FTLNwj8CkK+abs2YQ
+0cDmqJ07Lewrt4GtQCA3xij6dpzZOZmiASdFKP0bJqiL7cbtd+GDgg2ssLt9I7wl
+DcsIZH8AfY7M2eUc/ukF1UnJa1g00N/WbPAvlgl4kXHmtnuFUeOk8g4FHSmfphZc
+/8OI9iGk/djAhqrp210DAstsYK5K+d7Ua1sthh4kOX9vNfVsuLI7KmFvQYcabmL1
+oWPTIP1zr64UpVD3LD2lzzYoH55zRSmF9rlY99JZTkDGWxT2d4fD+yWUwQK05hXj
+XnNZW+gPyKXvR44lMYIwoAVJdOzZfDqSiIpJKfw9VbAmB9e1vNxAgigTJlvoxH+u
+UXIR2DCBN2JwDfwJyBsNkfz0OIKuqW4xUszOiT/zH0Z34Vbxecym3HR08VqdFyU0
+IXYJ7XazX37vkh0AKeD+AyhCyek2HBFKBzDfWwknofj/UtyWyUM+NVBUuf5Qp0mS
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCACert.pem
new file mode 100644
index 0000000000..ac4e8e3abb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCACert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: C1 5C 04 71 D0 64 37 F9 10 8C 2B D4 F4 F0 91 B5 51 B9 B4 54 
+    friendlyName: inhibitPolicyMapping1 P12 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 CA
+-----BEGIN CERTIFICATE-----
+MIID9jCCAt6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSgwJgYDVQQDEx9pbmhpYml0UG9saWN5TWFwcGluZzEgUDEyIHN1YkNB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7/QrlXBwBH0gps8hquY5
+TPS3Pl3nIpIi+sth4IelwQSoZHaegDK1qWdnTQjv/lJ596J3TXGnzqNuvGddznYj
+/GR71RLDV78euoXdw2VKFfE6UwC8R7qPvA+1VmkGwY4t93AvlWMvZNoevz9bnWvC
+coByRgFDino7JTHz9rqxeAumf1hU4XnwMXqbr/am/INJrbGSLqWFawaF2YZwnvCb
+4/ykemKyYf7CSaQ85WsuAMwUU2UdSVqsW2n4ATqYQWs1KUOOYFMVVHBZu4v44Q4L
+BYk8fBa15ly4LoiJeqjKpttt8oyNktCEhxN/j+5zHKgIVYKYzd0lz6u0isRrifee
+bQIDAQABo4HNMIHKMB8GA1UdIwQYMBaAFE1nfo3dORmv6CbeDgE0eLF1ENqkMB0G
+A1UdDgQWBBSqJpQdZA9+BbxdYI0HV/xwlWZs5zAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUD
+AgEwAjBABgNVHSEBAf8ENjA0MBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAMwGAYK
+YIZIAWUDAgEwAgYKYIZIAWUDAgEwBDANBgkqhkiG9w0BAQsFAAOCAQEAaYLtBvHj
+nfmFJ0JXZk9449d+fjF+N+jz0xgBn+8jeIDUJwYd1KBIjhMd3/ILnnRWwt8pNwXF
+HeBs7GEoFuqFmycVd+aP+1KO6noitwU2os8h1yFzvTgJYN/MUaTYUqQRiwYIy3Ol
+ZXQhYHCf1+7qjfNkQ3yqY9YCh3rRDMliVtfACkV844ijTOyUXP/RXvpYkIzMW0jb
+rFtIo5pJ68EfpJV4DA6yA9raBAyuxTXxStnkfzwte4pTwXivLzp/5mDe+myBXAzv
+7WThsPpxuc4yL+KItZPS7HebwOSqDRuOMyGi5Cqn7zquvphTfi/poJQimamBCrfS
+DJ62v3/CviEAZA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C1 5C 04 71 D0 64 37 F9 10 8C 2B D4 F4 F0 91 B5 51 B9 B4 54 
+    friendlyName: inhibitPolicyMapping1 P12 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1DB575107DC6C9D8
+
+yEB2NyCU+noUIZfPaBM7XYczCsK9oAh3RcSRXRX0Krt0Mc4MvQFKDNA+RsnAKDkf
+Nl7FdltTfIfNp3OtOLwqakOagMJBBUqIeDm1+MZtQRcP4OYHV1UKF6Z7bdl9RjfL
+21eeM+hJIJ7avSfUbuhzAFDLoGGAfBJT+n0rsDXIV72EFdeyGmPSXsispSQcHjcF
+GCn9T324r6rnbaTlP2a7tPAsbMSyeq485DTAsKA0TVn/JLXMiNOY2ihEpOFc80TF
+g5LGJhm4klLc+QQykYb5jxBXSmw6T4Z6fqqt5ry+v+JClWg3ohRJGrXpsH8mnGtt
+x5Fqmp0NI2dxHbfYMzq7L5TERirgGcMfH4/DtYUKv/ntBWECckHp+HrJWGCf6T6L
+f6dU8qv/HPRDND1X20SIRPt9kUksfGnr3tA4AtCHtRaJh18bOqYI7BFzMJBMU3Hf
+gQQkRk1xzrF6EgTsN6q6utyNJ+dkP6jLzYKDhajSYnvViJvi/UED6vx7kfPyMo/A
+AZSG7G1ptJ5sTeY/c6gBD5BQ8XhW9BII7aVIPHMJJUFt72/G/NtClpR06AhIs9pt
+z7yL9UzPf8px3KBkqCQGrvJmbTn+KFxQlguLUyUxzhz6QyVF/QRysBsL5SdkbEnm
+G6eVHRdRjIUD8hGujH4YWu6B2U8yYfbmLAmJoRY2qNyrVaSDEUJ9alo5Nx9t/lXU
+PyVXHTmHh+Fbh7+ASGUd28j29xvnFAq4GNxcJghIqI3DwJLvvDCNt9NATYQDidzR
+8uPSuVEwM1C8OHX9pry/wcmlgf8Y/LOBEkESKKlRDzhmMtQOeuhaviLL49WkC/9O
+g5LmnMim6kRd+Pzk5JmypbbYKOmwIBPEqV8IMSYvO4KhgY2Y7dYDUJEgSbToOvGl
++TLJmS+hK+PsnEVmVlWMu+2d8biw3LZBzOudw1jHj/2Xp9SASBC4vLkap5VM/2qr
+z2p8EnlziMEdLFqwfCjtRM+xd3sCwXXr3HiztyblPJqs/HlVHK3amkKkSfSSDMP/
+7KO+kNewL7TkVO7nl0UeYIMGGtxPwcjFchn6FZq34IyzT+hOB5opACFaajZRY426
+vAgP4Dkahwr3u60n0nCcazVROD5FS0ccooopyiUEZwnB4V++nRsKgToe6WyndoVv
+oWkeaJtr6wGvLb/P+mwShdDvAm52jBQ4Sp5gEH7/b/sGRXaH7uJd/BChD8dY0JAY
+2E+lVni8d+PteKCSbjItFC4vD2eOsCIaYEO1SuxOjfIRAfVAiLa7or4FMRgv084b
+FOQyF5jrh4OL0al9osB90wAdJHWYZgNImJJLw9GiWqGWNf1RKrTgnL5mEcpLJY0l
+JXpIPJh52/H1FJpC9AQ9IDsW3ewjkGQR1k/uXdNmNePRHC2bCJFIJuA6e/J5hypu
+qanrlcQe5kUyFl7C9Tb3yT3g5yJWEloKGjkaTH5zBECi4/jqT3pWWxm9Fj2g4iTS
+5iz80saAAcF8Nj1TnFjiCoW7ZegIvM1pRaB+ISpXaUp3+zxYm+1RTJ+Novqz8UqJ
+ff4QNdQ5/vtY6WEs8e5LDhbPG5zbQo2hEONTeq8tn3pvh0xlDSoBSy91m0Jd3Q6F
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCAIPM5Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCAIPM5Cert.pem
new file mode 100644
index 0000000000..012f19d8c8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCAIPM5Cert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: F9 BE CB 0D B5 0B 0D 95 48 69 CB B0 2C 42 85 20 A1 0B 67 09 
+    friendlyName: inhibitPolicyMapping1 P12 subCAIPM5 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subCAIPM5
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 CA
+-----BEGIN CERTIFICATE-----
+MIIDyTCCArGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFwxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSwwKgYDVQQDEyNpbmhpYml0UG9saWN5TWFwcGluZzEgUDEyIHN1YkNB
+SVBNNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL0cg66AzOSJwdQr
+Hj5jFNh8E1lyBSK6cIPyB102DVKLKmj4C4QpzcXk8/15iEOEVks/j397JUsyqlEp
+ayfdGo1BNHq1oi/o0BfHcsybXcHmhRYieL3xUGcl4+9dNs2086nT5ZuOVR4grVlp
+S429Rmdtny6k/mpAc/alvPmsgahUsSFFh8LoOgqPriVgFV/ifGBk9ig8CQwxccWB
+JIvv8tFImPOxtaTE9a1bPV6hZbDzTIRxIz8c2FHtjPnI5eWsmhBpQ5/TFC+I7RJ+
+2nJbgS9jo1J39J6Ll04WQVWREQ5nH/XwdmorkPJbURNL7XosTV9WaDhodZOkcPbk
+Czvf0X8CAwEAAaOBnDCBmTAfBgNVHSMEGDAWgBRNZ36N3TkZr+gm3g4BNHixdRDa
+pDAdBgNVHQ4EFgQUHQTPdicHjyI7wvSCLu7m3ROAe1MwDgYDVR0PAQH/BAQDAgEG
+MA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0kAQH/BAUwA4EBBTAlBgNVHSAEHjAcMAwG
+CmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAPh/d
+V6FSzVZTO6s0ttZjFxM+5Yyi8gU+O74rUPUwoCo1zHQHS/ElM7nzk2SMUyW6/aoG
+W3xNGijWrYMEBb/LosEjPbB9Hqct4pt6ahT0oE62FUI1J1LBkxa0CfCouLzoN/dr
+SBLlsMtrYuDriGmr4GIF4MZAp0DgSFP9QcHuIWhfQRMJxNBmNT/nFbhJ6uxJiLoY
+qaklau2l2aeEIa63d1PSwlVeyPYOdDFivB7i705e3mPL+har6GNQxpKVoeoljJv3
+SJjAzw3TfDezPKALmsHtk7qD6O23r4+j8q/8cQqfB83/aL262oSN4Ov8vNvlHV1B
+0BXgLEcrIP1K4LpS+w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F9 BE CB 0D B5 0B 0D 95 48 69 CB B0 2C 42 85 20 A1 0B 67 09 
+    friendlyName: inhibitPolicyMapping1 P12 subCAIPM5 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7C82229E00AE2D0F
+
+3DC2eXeyxL9Jevjc7678BxcxtMRxaQS28VRbbDZm22mudJsNIiavCQ6X1qkw1S7J
+OH5t5lTKqq6mJIsiHipkHcjwJYZZzQ+ZtYCwQuXx5UB6DZ61OLCDDNXHx4y5Id4a
+Nnb5O2CtoxKAzKKft37xIBwDMmQT6ZL2X+WTjvznJVxOSAH2uMF/SnOUcDBiIpDK
+eUnlie6mfs5CY14o1J0bETX+/XTq/05P27VkGFOFp4E0Kp/fnHhRWtGmLollEmut
+JcPh8ckEwKmljdydbklYDSv47gpW3Sd9dgwYZkqqprlPizlAXJT34Fp9X9+xOr4e
+1QM1/ZLQl4vMNWEXwtMaBtXTqMk2Na61pt5AAyDwRibGCnPrCIS2bd28L8R5689O
+SlIdzdW0SqIFul6MEfNgi7Rxv3ZXyeQ8rgN2fII32N5agRws87rl0IDDqUFD6KDS
+Pz/5AG2h/ypBcdcy6AowwqzyHxVOLvMt0A0kQPMjYkF3P3DZ2SVhrThqmD4o/MZr
+XPbRF+L9syVaggRkED98il18mZCPzIoVE3ZMW9B5pAnzkju7X5qcuKDfka8p+i4a
+vOOyNnMt02Ci+bTmqWGIQ4nICHuf6YzNZmn1EtKxyyrY2xlIA9hZWL3Gn0qbqNMf
+okGXR0Xk6PyOXjyOt92do1ikS/N+MvTCghLzhz2QD+jSteQwrAoHarAcDZlC+nqu
+Owode5ybICY+n80FoSLw7TjtBsyso25K+hMgyzUiLrU+hEniDrhitPDpKK9tEQJJ
+HyISS5kWqZR7Ec/qKzhTqj2gb6upSQyx23kQWslI46/YJB3gF0Z+1GUjjgLLxwVo
+HPjbyyV71B7dMTyB93JXggaltwm3SOr0KqUg4+FFmgJfOFIANDX7oZEhcA4kyvaL
+q3Edqsq1G46Wi6U9i49iNCliAeM7N9LI3sQsDPQafTO1pjJ49UmvNdgUQxORZPD+
+ZYJt3I1w4ZDlWNl7F6xADOKtIjbz47bkJhuFNFnbyqXMQcq2JvC9qO+RaB3Hoe9U
+d8A5gtvHcFxTVqC51KzMRdhH/XV8iNh2snWrAEqHeiDrRfGQdth7wXO0FXEmaFk9
+LVXiaUYkQcWfaMV7/vI1WiTmAcbCXLqolIykhQaZXECUWzj/kqyf1nhMo2jY4plr
+G7YN8r4RFeHiyV4V490bxf95kyY72Xs70x8YDc0NPPgaO+ayPab6DJ7G32PaDsks
+A4XR/Rm/f+IwsgJk0EwsaJ48Q8nlSad/aFGmLGDGa8blbA/1bzHUAetglBtRlsN7
+5B+Cpc/J8BPU991a3OOafJ/Izknw23OSlX4yPuruH/S4h07vI52GWNXXkRYj3+x2
+qNjg6sXLbTopHeEVGhTrEzfrQnmm+E/fFLyeqCicqAHV72IKlpjwFqjiW6Rpv/Yi
+8NCN5cho7dQPAQKbUzSTj75cK++IL+4gre3U+7sXMOFQhUxNQElzZNR1g8R33Rz2
+XYnmYQk8d9sFJyQCcURZEn1lI+nfOtDXSb69z++VzYd9VpCdq8nnCmjQIRwoEtH0
+USRzbDmU5OuAnM/cL+2kCl4+NDRcHraXZeKNQG6jnXettVattRyOag==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCACert.pem
new file mode 100644
index 0000000000..cad13d9146
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: EF 94 73 18 7D A3 06 B3 51 5D F9 7E 0F 97 5A 1F 10 20 44 7A 
+    friendlyName: inhibitPolicyMapping1 P12 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subCA
+-----BEGIN CERTIFICATE-----
+MIID4jCCAsqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMSswKQYDVQQDEyJpbmhpYml0UG9saWN5TWFwcGluZzEgUDEyIHN1
+YnN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41RBZsVSZtw5
+b13HlMhvwmwd6KG/vDnbeZnxFMOvUE8T75Dz/1P0SCSkix1T+G1FdanOupx+Nv2X
++qo0xHV/tdme0V1AEbx3Rbt4fFJM8OZed/YpoRiHrl/yojesRZv0hk0GO4lOBgxH
+ouKj0vXbTIOFj/3oD1q89GVUpkShTUMRQzL64NKhqiPP2hkQIP0O3heR89nqggM1
+/1oyC9Eu3ShvcUtdNLD1MVdPxIQJ3ytC9x6i5wFJVyFF/H7YuREKDzeXt4Tb0ESr
+Lq79pDFTOiU64au28ClxKNgOZMTn+vKKuKdxOdqkbQn8jQyws1YjPPoilWxoC0aB
+Ev32rnqHXQIDAQABo4GzMIGwMB8GA1UdIwQYMBaAFKomlB1kD34FvF1gjQdX/HCV
+ZmznMB0GA1UdDgQWBBTXgFwTi45BdroKtXNx6KNAgHQO0TAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAMwDAYK
+YIZIAWUDAgEwBDAmBgNVHSEBAf8EHDAaMBgGCmCGSAFlAwIBMAMGCmCGSAFlAwIB
+MAUwDQYJKoZIhvcNAQELBQADggEBAFMmz8KB5cr40DimQ006k+qjMH3kjROwVMfG
+CFQ6dBQawNlZDTw+1QTFc8AYH7kBFGY0UpjFZOVBcraW+FmVFEekGN7a4EQ9Gqxf
+/+xgUSbQF4PpH6G7jqCPPJhmZX7i1ByEx0/FD++2QAd6aOETOGshp5o7dy5SHSvC
+BWwmb6XTcP1+gJggvVdQFpRSdt6l+7+3YveSOhhfw+z+LvLWwjqAhuBdvvON9qqc
+uWTkj7U1wszl5QqbPJcbvDRLEkIccnDnVDBRm8rY5lN5S8G2nODVQXG+58/0nytL
+6yiE26xchmmFEWVzIwWfCUbBtOM4bYtGgj2Os3O8RRBzNprZEtE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EF 94 73 18 7D A3 06 B3 51 5D F9 7E 0F 97 5A 1F 10 20 44 7A 
+    friendlyName: inhibitPolicyMapping1 P12 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,17F51FE552D7C4D2
+
+0ZrGdJuzBt1+mvHSivLi3QA7Hc0rDIbrLOlqI7LmAfw/zSDEl/dB8Xa4ebaGmhqn
+t2MJoOz4sbqO5nKRJxKDgcipk6aSvWgIIjfc2yWlWCyFcSoGSdWm/uovfQiyWQg1
+uk4jOJrhM6DaaOq/x0HXxaHa1Y9Yw6DHdAZUXG/5Dh+SGIoz/yzKW3J1kRgM49Qy
+4zamlPa62lXvkyXGLCzxGV+9gPOq0TbDh9y98a3v9rGpu6GaNQv/GXvvqT3dIQJm
+VJ6KFt8IS02GR1jbOm1zdt0PITJTBqlutnXCySN6dPYrPVPAR7PR4Nh0CjTQLuam
+kwBk59Nkujau/srfVYLZW4sMM3PGAinHKysSvEKCdqp1qovpoEqTsE57Dh1bg/F0
+A8lDXHErmoPbDTKJdQTLhI6NQ3MQ3hpzUw85Qi2qz2QLtBfYk1PvYK31/SmbqW6Q
+bs6aW6eyxEJFEj/z5Drd+ctLkMeifpKXuoS2eci3BLBJkBMHCSNDTwJXBLCt6uK0
+yAcsDhzIV54iKeTI6fCSo5sGKr56x2GsQa/q9M2+2O8Vj8aUcsivezWdWo3Y7xqc
+cfUZqrqql9Wa9RqpEk6ZK+zG2M7y+sob8S6DYxqfWGsCl26gedxphYbO5gbDUko/
+fuigh+G4z2rryKAHznTYo57vcNgUeDVxMxHMbD4ZG4aumg6810ZmPNz3YQuzJ943
+CZflKcb4GTgGZMTGuv6eDPgeorGyrd1Vs8Z76m6bRzOk/ZOPISFpwG/MIC0XgGcG
+GYRoEwBVyZBnHMxvPbgfKJ2ua9u1ap6+RMOq9S4G/bjzlPkBH96PTR6oUk39RpMr
+Gk11HPtzxT9Pi1M48sb/tf/pQzNAMG5bTszzcxJPadX9tJXHKHToWJUN4nv4apea
+vNLzT+cGRIKs68ebhHGQJR06QG2KS4l73BSy+VvsaLGcBGqcFMu5ikajJ40hDCQv
+pGDrcaPUyuc2TR8jcIqTIIGpoi6/mny4r3zh2a4WeEWvzXL8WQkpe8N1TmzK/CLc
+iKGJs/Y3gfmpSsEHcthAnXsSoHRQZ1lYfFpjKsaS7aoqTDCS2zPKfiwQSFY6K4fS
++EXk6vDFxuhUzFYSw7os7PPQ5rXIjLakiE6uW1R9duQQl4amjzQy40YUzCoLD2RF
+K2UztPhZriiCmwEGW+e9V6o7x0mhnCGrlZILjb/An8XrGVBkBsgR5ZGab5vTdDuP
+40qIyUMwQZqiET28TnD4+3sv6zmbwp4+J7RSCvBuFsCfiVOmjzBqQeff/GUj4fYn
+vQVej3QET2g/xgmdU8tuRiV7dxBrNMkql4Si6ZKMhrVzphQyvzqNajj24L8IuBSr
+SiIA/U8H1V4kEzgQT0cbIFuRCIlpOWJbLTunKF22U2gHyHGTqtNdmRk9Bv+f87Bw
+0rvUQmBTkgQhbAHFc6Tlujd9Xfc+c9Lgo6iWeC35CIAPw1oL7aRiiyMt5TQk98rN
+qluKybCi6vD9GXWhiNXgRNux/k/3b2zAdS5Hdw6J0ZokLbEMwoEKo1lv30VTXI2M
+UXm91dkANflEU+NPIf6IJWVdgmjmFmYjG3RAUpfva/kAiQoi/jqGTO2Csr9WUsia
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCAIPM5Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCAIPM5Cert.pem
new file mode 100644
index 0000000000..c7f4852e9c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCAIPM5Cert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 29 F8 58 E9 54 9C 19 A2 91 CA 1A 99 99 62 A8 45 12 30 F0 BF 
+    friendlyName: inhibitPolicyMapping1 P12 subsubCAIPM5 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subsubCAIPM5
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subCAIPM5
+-----BEGIN CERTIFICATE-----
+MIID6jCCAtKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEsMCoGA1UEAxMjaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJDQUlQTTUwHhcNMTAwMTAxMDgzMDAwWhcN
+MzAxMjMxMDgzMDAwWjBfMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0
+aWZpY2F0ZXMgMjAxMTEvMC0GA1UEAxMmaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAx
+MiBzdWJzdWJDQUlQTTUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM
+GmJ2x7yrfem6iySdHRgqYcT8hBb6YP7cMPaItRkU4vE1//h9uAPociee8y44Jb48
+/sLrI+JP6fMT1HkxaKMix9R7PfZyh0wGB2QAfEHcpm9nMLuMamcHLi0O7Mk7vsml
+Hxuc5mO9lt2XQ8f87NgZ8hpke8uCdGUvhydGR6q0GBfJd301D50GxUjbgxtuKAO4
+KNF24bW/sXBGEFG/ryOVZjrdkKSMl20HCID7pj8Sc1rHPjX5o9ykRW1XlhsMvQIA
+a4RzOh0BXm+zYKZbtJCtZrgCOEW6pdqEdoSU+ZybrE6jtn4Hl4FBLb68J+FjfiZa
+pRXmT/r6vGKQGx7zVMFJAgMBAAGjgbMwgbAwHwYDVR0jBBgwFoAUHQTPdicHjyI7
+wvSCLu7m3ROAe1MwHQYDVR0OBBYEFBKHGzVn8LyhoDa6FagpGe0am1twMA4GA1Ud
+DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MCUGA1UdIAQeMBwwDAYKYIZIAWUD
+AgEwATAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYK
+YIZIAWUDAgEwAzANBgkqhkiG9w0BAQsFAAOCAQEAJEtvIEyehDWiKJvojD656dbF
+3VkkvFiovYk9B0du4rrq1+fHr5KW5uhKO5G+0gnQAmb2s2DQMWDooC/w9UOzuagw
+kD6Y2GswGG749QOEEOoYBcuU4AgmBQjp8jZ8b5WznQHKDlk0ZtBtO61Urmd5GJ3u
+Nv690xew+zeYqXRWtR7Mjr+vOUU911TgfTF2zkUoY6UGw43qCz9krpJmoQ8Ky9Bt
+cOYXgSHBOm3EtA+KMIo/mmmiu0zxhvBJTKWhAsRpejosqargDUpmbOzj8pw2tcJC
+4K8mBvz6OFo0TEqoDx5LOZkBD4u8EGjSU3gc2Ou6RUL453iKyMN5ID0bRYFn/w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 29 F8 58 E9 54 9C 19 A2 91 CA 1A 99 99 62 A8 45 12 30 F0 BF 
+    friendlyName: inhibitPolicyMapping1 P12 subsubCAIPM5 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1E8743AD5173FBF7
+
+uGt4kG3TLNuXx7oW+Ytfnfn3K2K4Hl4GjgtqiUbrjv2v4S5/j0p3keJi7OC5O+06
+J2QGG1vrdvvPZVOEtejv2fmEIClvxmTLJWWbQMIx6VxzhI69Qp0gNDvFbMS0T4W5
+C0aPO+tDSFT6HYl0kZA5hNRcCm1+ls5peps8yScgYQVUx5IUoFEYXaPMqD/0nNBD
+4sid+aKL2AsTStQ+9Yht3BNtN38JSFe6oabPNrUU6dJ4JzU7Zu0U11FB3HmdwiO6
+GP3G+vx9YT2bXtbBZAKx2aCnHtv6JWyWQCr7XtpsId9BEmjQdurqQmUoylgzQoFY
+VA/WR4efK9SaTt44FXjLwHdnyMwGX68uf/kQNKUxh/iQhjTNY1uB57VImpCkseu3
+CIJ3+/eL3gQ3UnwvXgLe4+z7oCnvuS7fttmgn3ryCyvXx8oe9jNckUnuVOf/6+T/
+yyxyVA6N6feLux7wBcyrzkFCbEUuLAVI+6XsQ33ctHyBXjhyUZJYW8N/4kOdzX78
+PDEIHQNUtKAUFX1EPRcXeyleCvS+mO6yPQOdVaxqb66wLr2iBoIgZ2WGt+KAmA/K
+wzNZTjIWexl7A+yO/GcCIz1ZK67kwghgCUwFSwCXLzhcy05rj5NTcW5qhXiKkTac
+Q7hIaJuHm/4cQG0XeyaqAkfRjjhsJFVBR0Eto32s9qOMTf0SFRrzGR5UNQgXM4df
+T5w9qEPp/emthhgyrc7gll9asT8sY4jW2nO2kNXIXRZhkwbe3mqdfmeBOauFtH4D
+cmsw3lx88thcfLe8gpYvwHUjfnZ6dVeZTPQfuiSfdffEJkBILVR4VZGanJYpwH4z
+yBM2tsmESHBC9VcDi6SNYQXDJctSFJ6m1XokUTH7DQgFLLqDZ1+XyJZEPvSWCdkO
+QNQttez0xH72eohaq7E+q2oFtAIGEmrF29q+mzcTQwna8sTN6I5M6J7q9yE6AHgd
+y9sVbllmj+pwDZHJfqsjf8xZsKIgxB17DAwfVk7t+1emJHL1V1QWXw12hgjx752+
+4R92j2euAHCX3gt/Ua9Xzr+la5agV6axb1PnzWrMbqluYygtQ17yg8qo1g2x8ByS
+f0Rhmq7dX3ekT1jkbE7+JMYeUHejlQufss9im/SKHYJpDAJSXdH60qD5YNPIof9+
+HSEdS9qUAUmDTz/v9RrjvOjBYOrqMfyBrmDJkJ/Cj7A0jxo6thJ1Ojqequtdc+Eb
+Xui8wl6pPbPLnYRUbduzLPOh1G1drzJLkzLpHPsK6RQ7SQ1zrZ/H1GqN29q6H8bW
+Hig2GWmBxAsq1DkHS7EHmshdYPEQzV0875VBG26dtIuob1lNLrYC/UkCieDS29GS
+cpQmcSiCZpI0YsJge4dZsuHQrdSMd7n4GRxHxycpbeVeJOCvlbdmZv/A+nesjFHz
+7/5tUxFa4fAC2lXc1JFPlPHTYcnj/otz3XxfMfBb8YJfrypVGjbkolHTTRQ47kSW
+gATt+rys1HckOsgUOe1+PrvlkhHFpvTlyTppZNPo+Jt5/ofMKgttoFN87xqwf4Eq
+D+KCBH1oHeZf8/bJqIzqLpUomgyJ0jM6le1Qsgpe3TOR11ekjf6m5Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1CACert.pem
new file mode 100644
index 0000000000..01c7e6c429
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F5 3E 9F AA 0C 16 6F 7B FF 9B 61 7C EA 2E ED 6E E8 2F 01 AA 
+    friendlyName: inhibitPolicyMapping1 P1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBOjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJDAiBgNVBAMT
+G2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANNzchiVXFu3PN6VHXl37Lfl6CWd/nzabFywiheAyXJQhKpR
+ijrhHUNfWUFZpy0s9LcXQCibTwAXHTvNm7bEsIxP7bZzBIxyJXkrNMO/OAm1xGo9
+JeMfADrtJWXuLzLyLs4OZsmcjMConJwClu5OoHRu5PzFM5UPg+dLdl8P832Ug9ol
+Cmp+R1Dh2euZgbuiLkdLNdy8COfNFYDHAm8GoqueauaPUMWMH4G4GVTkKsvB6zoB
+yV5HN37kek/vaLbtm3RjCu4Wp5/kmjbHMZZqq3/8m8FGZykna9s3vVEcTPDS1A5h
+hkzKi7qaqirbvBFzU8LLtf8kgSGo+aABvGTU3OECAwEAAaOBkTCBjjAfBgNVHSME
+GDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUvradvSl/GqHZi+Gk
+gGiDKK1K8AEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+ATAPBgNVHRMBAf8EBTADAQH/MBIGA1UdJAEB/wQIMAaAAQCBAQEwDQYJKoZIhvcN
+AQELBQADggEBABSJW2Z9XMCKoB6BKyAvE0tkrFt8XNnIHpUZDJPUKA75KgTSXXk0
+Z+/4YjCsbY3N4V2vYWIBRbQDzVt+ux0E/flUUiD7cXdutJ9/EJgzZurplxbtwX6A
+dauSywWwlpMrk/l60ICN3yTfQSauljnrsTcKe9TqYptyGgSxxrEPXXvQ/gx8mKhI
+Y3PERCuZb2WYzbYQ8cyJe7Q3HYLFuEWgTN6g2ZfCRcu4XMBsmu8sT6rNL0U4OOU6
+ZFXZC0EejThj5NvNPYzmn1ROfgZvPYrNAHJjQXcCaMBN6odbLkAKYmGaKRMkCUPQ
+BS+EhzDfuGxj2JFbH5mkVGfpoLeXvS34kfM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F5 3E 9F AA 0C 16 6F 7B FF 9B 61 7C EA 2E ED 6E E8 2F 01 AA 
+    friendlyName: inhibitPolicyMapping1 P1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,02F3C17E34F9B24E
+
+SG8hQk9fVXTK4pfHRIV1+txw6uiHgpCzu21ObNqKL+mJlQh6qDsZKRcAGMlCBZH2
+k7lZkvPLBQNU9k0DZWPVy395+vmg72Iz5J2YuPa8S6DoC41CLgcIsAtZmFEOz/4d
+/VkaE+kUWVEFCgEu1gd6+dziqEp8nVdiRxAzjDSzvxn+gS8p8XT11vQDw1izKbvg
+Q6r/qre3c0FERgJHoHz6+T6Up3+YQ+ZuDIeYXGuhSsnM2EbF7twB6zzWxZM9OOWs
+EbE7V9IgWTrpImtJfrWqZXZjVSAH/pxQ/zI/23y9cpRr9qiNhmv02yqKSUJHYIys
+oPfmG557/fas7N8/2kqrm9BSd83IeQQVgL1GEYhU8Ji1RYm9aftDed6O+HTVzree
+SDWrggUjQrFisgBasXlLanakJm4ALN4hQJiFGbixZ8eN71ZKh4+J5QzMn5QSUgkY
+8e6rW/Udjq7+vgPVcX0++UziJgQV4YZMd1Z5WCUy5SXdcqM0flK/0l2nF0VGFywz
+ShT2PJltiX/b6iZlu5HKd2hti5R2VVgl5RneL1QxENmdploSk5aPCgvd1iX/ZUOv
+l2LmFEiwFStXI8oRk95wCOmmTvvWl91PzYw6SwurMQZF2SRr4CMeIwxaZRJRPImi
+TPbYPicxkJ1p3wKWMs/Ph+rxAupWiYBkCR1qlpMt6dndc9ZT5+yj1G2KWIrkw3nq
+/LS+YpO0ZRKfZSSQlY9cwlc580Vm/aVPmhL1gc/I5puQHIcvQ6Z/1JY8SQTN+t2I
+7IjhwohoismKcp2kddPxDo/mbFakSnIJ+XC/fkPeE19Z+R1zM00i6YyjOLIHbybg
+l9qlDjRRrKSKjiMJacFo+X49HHmX6A+OX5Kr032GQDDSawpkPHGZk+Qx7Jvm5rMN
+Jjr7EgbKO8ejJOXVHNkCMEsX1QAKC2ltYjMK5pkSoAL9otXGwnuvHi/9UvzWhd6l
+yj3b4REJ+fXpNW96QbfLZAFUY2bi30Ov+yDWPLXkcR2LZaEkJrTPuliBDAMCOGk1
+w+SvnJozmiEfOf9FSD3vnjN6y2goQ9FRhA+6NyaUpp2QrOzbaWvGH2MIH4ESHkvZ
+t+5IedePPbMynKdS4CXVVBX6aT/SRwDPuF0RIxOmcEl9ZB1zLT1D86Od/24UPlRI
+HkWslMjNZEQoNfGJBczu9AZqZ+rS3zStlewxl1drwcDg4FuInySgMsdyM9CQInDI
+j2ehA/i8O//LsJPRfVBT2GwGtl2m288If04hTUg3oLHse9p6C2ZWejN+U4/8xz/r
+Sb6ckHVZ8Tl7gelC1/CRYxbvyO9ac3+LJ+IZSHvPDHfImvIa9AEcACFDWGyPxmgE
+90xK7NkZRyKRKGzfB53n0jcYL5oReezNggtHVwrhDmTUHJurR8R6cB9jAmQiTQG1
+uBxR2HoLpRGovkEy7/kNAzo+3YCUVeRx+qfeVV14SYU+957KF1PZ9hLkPN+G9MY3
+6EnaGyU+w5Z5tUc6u/eT9eGlUXz6nlvSXXZJeT8FmAsiIpwI0GR9DvbU9LCBm9+Q
+QSiKrsRG3exdQwj5NLEpdkv0tasTH5hI5euev5inA1+umbfcd2kW0A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedCACert.pem
new file mode 100644
index 0000000000..4c966d02aa
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 08 C8 4E C2 6E DA D1 4E 27 3A 4F 14 21 DD 04 D6 FC A4 4E EF 
+    friendlyName: inhibitPolicyMapping1 P1 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 CA
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowVDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMSBDQTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL4hFAK6xYrGnE8mqLy4jasyD6TX
+qUwILdx9MxRmFng2VFoARl8eHjGWt48XdOqiGyALQ68aW6WIk+AZV4YAFWXlSdBy
+QWTCTE0tM0b2kJmxNIqbzNMBdzRcP4yPHaLXSPt3AYZgeHuG/zGBDSiCsOwXZiFB
+sl0o8u5wTeqzpSMEPa5Zs0cN4f77npYpcOsAo3r5WezL6r/nx+oj6BaA/qI/M90Q
+xGzA0RkG9p7uJUjemkx1g7aQaUMvsnXDyXOdpzAslQBy191evT+sQ4D5pabR8yFq
+vtIfkeQItwj49zXso9CZppXohWRC/HlNw98aq1bcVWhMwLkm28lR9Fn+KesCAwEA
+AaN8MHowHwYDVR0jBBgwFoAUvradvSl/GqHZi+GkgGiDKK1K8AEwHQYDVR0OBBYE
+FJfMQl7X+BVEi7OXUZLdbAE7IRjYMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+AQEAKPe/EX44EHfBWAevfNDVzkd1uf4IuCyftrKHY18e+ikOZOw8KXzz4SzcHus9
+d/TB0z9iPL04fREfVICqExRqoH0rcMxxJ8td4eohoEKVeUc/1WrnH8KvdeOTj1vW
+npG3Fm3M0FHoLZFWQpbFKEUowu5FY5GgGPnnudUzxCP2A+6oXxDAhFVkzZVAailF
+tDrPT0BSk9O1/v5DCmfVsAlFYwzXRzddRmjiiLh5Tb6Acd2uJgi1bjQCYiNbZx5E
+gcgDjHuYzL2JBihShFLtFzdz9OtyRwOrsgMvuKR1erW7G9OvXjDpLfXXnFsXeH5r
+5D3Y/TMQa7VJlW08+WlEYc0wcg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 08 C8 4E C2 6E DA D1 4E 27 3A 4F 14 21 DD 04 D6 FC A4 4E EF 
+    friendlyName: inhibitPolicyMapping1 P1 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BC6242706B8E877B
+
+ln7ielJePx49yvzKHZOgOTsJd6dUPCs8qtjyKZCyuHD5sjdJOwkekNrKj1+K2Kcu
+dv1MdFeUyu9VjApXC9P3BXcnloAvMcHWauwyRxi84fD5MmxNeWUWN/JfD2EG8gw5
+Cnm3NdY0eXVOHtXfrCb+eUEoWdaJ7rulGwIxsBejZwUFabHEyqfbygk6laslXZqa
+95dWydtTC3cv1YKYG1xFP7O4B7lv9QMD0/+Xmxye2Gzok1yZFDkc64PxVZZybvvZ
+G3e7ExI3/Zwe1wqkEk8S5C/B87pijHUio1C6dQ8vGQjrXBTyO2n18g+L9lBJQKZf
+gmCt+ojycntWhSa5e8o3sAD2q6EN4brEBOLvK2SIhLmGOYzGTR4vOnBkrGqtux6w
+u/am+SPBvemRwsAcCIj3cAZeOwZUYtXhOKs/ArGsnnCAIaRgL8T79g++Ur5BwC1z
+547BEij0VSDY3RJChpuG1U2NoTqMNTOLZqa1/n6ti1qpZL2VLZgW/By4MHNPv7TZ
+6WsLQREyOkM2PNaxtBQ8sXTbPKcRg4hUJ+rO+65DeNPGtugfQh68MPHMj+uBp93+
+4MqtVbBS3XLS+XH+f+O3YIFAXkYybYUjxHxWAahARtWGBAHHE54ImgiCw+c8NOc/
+uXDGFGxXGA/LUf+2/QKUv/qtEzc4x0JzNpKbUCq1pFCcWMSm/LeK1QOs4QB8WKcS
+7ELBeywrQtM8TT/lfgN61KKCAwknjUPutrJGZxH0snTHOUCopc1lVOQeJr+w4NdU
+ahM6Md3pJCu8G904oiNN+2Xm3EHKFnfv+gR9J2FWnB20hVL8dZ3sgqexQ6WAVnc2
+1Zx8IFVEw0XO2AW6AZC/Msjyqw7JISIC8v9j73qoN9bSy4aE22gpcg/IA/WPaPOp
+XA14+xjxBL6A5UcrDFukCp1QeKYrJ4AXeNq/UvDhdQW7BlHOBrg5tWxFArqWA4DN
+DV0nnXDArggg0aZbChbLW/YGD4R+6vjqGoI14TA3rnND+r9gZmSbYB+GiNpYO8j4
+dXWNwI/SJAv4SNsir7AXlXwpjVtTjUN4o+sh2X2IhV+3K7jhwHoM+A3ygLYCaAA7
+sM8EiLkvkKzFzDftnAcnW5Mj3PPRbZ3Acsh8e1/yiqwkO9Ovz37kOFN4RHRJzs5l
+opYMn8zSk/qkJs2vzYcAgDbWKrX4LwBpAlNGjWE8MbAmxUAAgbXts3lclIVGVa3h
+1UKR0ty6x/qKZt2u7vlBU4Hf3civBxDR9+H3qU46yD546UGLg9XNNtr/IpwBaJzL
+1WxD60Hx74KUnfeyLDGSLADyF7lPsFGVrDFKJfDMolVHxn3is048VH61hrAmPLBr
+IASbeiv29ULIEEHLg3hmpctcNlWvMy/BwKFy98NUZ6Zz7w4qvh7amjnpC/A1jXi6
+KGKXIygZLt4UbVnVgrc2nfxJ6r9U8g0CsK/Ddb6v3LBfkmjbSEnBCbJlZxmLNmXF
+f23oNRN8LXmNwUnB/OlXsujC1KVsWxigE5kMAGIrHK9Y0lpGaIZpML9hyCb/2P43
+iDRxEpPct/0im+mueQCfWb5gGSmO3hlORawuAM5RKcZquHWQuptzNiR3JgJUkyRw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedsubCACert.pem
new file mode 100644
index 0000000000..184d03f9ec
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedsubCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 09 CA 0D FF 17 A8 97 A3 CE 61 0D 28 9A F7 B2 3A DC DE B0 CD 
+    friendlyName: inhibitPolicyMapping1 P1 Self-Issued subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAregAwIBAgIBAzANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowVzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBwaW5nMSBQMSBzdWJD
+QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKu1zv/j9hUO9KsCMtIO
+6fmdTyGxvmTo1iBnDYkOMkunYTqq5hxL6QRQbAdpgTYLDF6TpPEl8WwYd4icjMH2
+jv/Ddrf1U4ep7S3cHeXJv0i40BR8f+UOGHv9XCQCZPWV9Czw3tlLsDBPq6epG1Mx
+U+/LOdd74z79dTHmNqCKLjO6fGogYqSin2H34OVAABxTSjdoWYFe+myN0RDgsO4v
+y8UZb+ciM1aPw4Q0pkPI1tBkJVQlFdVbVawrOkzSLUisQtfbJObFMTwKaFS2JYr0
+GWbBBhH1IS4dVh4vktIQLNMCpjkTLvoFVO9KH9VKnZzW4UrBcvqbW7zrkKfr2eD4
+pB0CAwEAAaOBpTCBojAfBgNVHSMEGDAWgBTzzQc/gzDTxwJi2ubKbAGlsbaAyzAd
+BgNVHQ4EFgQUWblsZOrzrpbqtlFcJY87z+31kw4wDgYDVR0PAQH/BAQDAgEGMA8G
+A1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB
+/wQcMBowGAYKYIZIAWUDAgEwAgYKYIZIAWUDAgEwAzANBgkqhkiG9w0BAQsFAAOC
+AQEATJR8hHpUS/Em9JJ75jdfOIOlmBAgjtQjqMjH0rZm/h/X0whS/3ElXS9qS/3s
+OuhFKeYAaSa+2nvKvqHVmeHRSAOAKZHz5AZ7vCSikh+KR2FxMp5WM2cqrwj7q+cq
+d6fHaRrSbZfPQDMu/rBm6j2wYLb3RvzuuMFpEkSgbbqSNFVAmZrLfBsP20yy8NLz
+HXwInqwU4lI/02ekuywzm+ZRdvDPQWt7RxomC8KWHR94tCsFtltZsM6r+20WKD94
+7+XJP6fp8KeLFQkDlSI3EEaBGjVJwGFrrJ3GH0AkB2u9iw0+G1IwGdTwn4P7tu8L
+UYwi7y/iSXXcEQaIQAdXEPHVnw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 09 CA 0D FF 17 A8 97 A3 CE 61 0D 28 9A F7 B2 3A DC DE B0 CD 
+    friendlyName: inhibitPolicyMapping1 P1 Self-Issued subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4FB634241EBDE81A
+
+KKVyMfvbouesNkPhg2EiIhzc3jKkvZ+wiW8qoggxoO2k4Ec6ojnWI6KU8oIrFSqH
+tFN9d1EwQ9xe/U4JSDJNEKcABDZVITx9a0RvB8KGBy+c9Ffnk6gjbNWu8f/msB+e
+2GDqjNt4cE+Yn7Md80AJ6HVO/iHbrSJAaQvggZJMKbjuPqQSUbcX6kbWA0DylCED
+14Eoju8yYkgza0LM/TZqlW/1i2qXRfQeGWIJ2hns/9OD2diNjxRoXtzTd8P/VV+h
+2RAIdqj+ePWcZxrzSARa0aH/owkc/z3Tucw8IoUOHB9+ONrbHKGGz/8gggAP1uMS
+Mbdb+xCsESEUn5fIsSKglrzLmZTlLtn36MdIrrg4DVQOzqFgr7PeJLvsFk8LMA2k
+xWo6c5RyUlaKI/+iyVX+OIUVW5gONFQzmitQ90tKbcqiMhaXP25vjWnLZH+Y997D
+kc1myhBVNb9mQVL4E0D9MvDYMb3AqzwY6262gDDomV7QkHcVZk3cwjmCAy/zbKVF
+mWQ/VGlhX4bGTWVjBwIEmUqCh6mNfsG7rnel8VciQPM/aS6vR59X53x7feYCgXh/
+AJ2Sp7OMXEYVn073G5S+nYuyeipYka+HxjE3l+4H5G9XGs2VSVU7kW0AegzpwB6o
+XE8aZilMv5d66BGL6tLaHT00qPd97FqmmAwCaEBWIHS5RtnD9OSaOWmPxhS9DZw+
+uoDqxpmfLa8uoubZ0InqaRVS2sdYwnxyXc3dHaZgb6wvCpb/leqYKLYSUXn1unfO
+Duut4K2US/LTdaQo4Ezw9PFv7BwnllBcYJ77NsM4t7PAfyl0Swa+xwyLD4fzVr4c
+M/CVi8r4+DjIS46kbTWt0cbVB568FKaoekvixo3bhwNDx0i6RKZLy2SqNWaFM713
+xS6JgHV9BNPaSvtDszQViKglfqBDZgX5gyv18bnLgFmGbP2r9YxbiakcxZYiGrv1
+qqJx27671hc2QR5Alaysk8LImwXSYKe8NFqP4Dz39ZcvnAMrHtpeJQaby0VZpAJ4
+u0dNtO5hXv6D0aIl7cETYtDi02hp2oeIA9yfXDv64Cdw0hgS0YmPKleu1BlT+6+F
+lsTdq8Z+xCXji+45Dioz9wApozpJBrSEQ/qcrVykbNxxEml3dfVyptOsVZ7A+3xi
+kZ4zer3GR+ZZLxD1tW7UCzqrkQg40+F93Nj0kKRGT8DcixHgv64IWXtUB7U6O50W
+x5DnmkR96YMC3Vn9MQrICferdTrvpMTo+umjxDwxgXKh8+2G/2/eXbER8wTb8PZZ
+CECT9ahjVrUz4uCrl1fnZeYB4WVGlprgCkHWADw5KwQeyMbBma15jj8lV81vRnlZ
+Qk7DT/2kIURXa1R9JswyWD1UII2GlHkiE4qjLAz/koBNRpZwdwiHBbJixlwIm4t8
+C9UTC7VwFASKmmqIfLf0dm8MMg0AgswCLIf6WayS5PexHdQWlRfHYlSUnGsxkj2K
+3UfsycwJmgDHjt/8xCOBbsFoPAER4LR8A00UdTkJhvM393ziMjT0YBEkDa/7e15X
+JiEvN0KKCLya53NGtTfBQrwPRSId0dzsBu93lX1GwKvFd6VPQuiNxQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subCACert.pem
new file mode 100644
index 0000000000..13b4d54815
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 32 E2 73 0D 8C B7 F4 8B 84 42 B1 A2 EE AA F6 00 7B 9B 98 56 
+    friendlyName: inhibitPolicyMapping1 P1 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 CA
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowVzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBwaW5nMSBQMSBzdWJDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO2x9/hMwh7GCDcxZx8y0j/4
+Ls1Qow36ywaMPWliQ8ql4neUmZciT5WfoY2u27nmkFA5HiBDGt8NMEd1dJAaEHFn
+luDroslPlbh+1dEhl744TWroaGCXETaFHFNY3jPzo3XVU/Q+Yiy2ftK0ZzSVaHz3
+Oqv52scuXm5hgFHSrt39qoJXGErlZ9S+x7t2fFnfAeO6q7evYgJQsF7yJdbNQCfs
+YnBfz2vFvnPwIXGEmf8aNrO7qgcPg1J7AlKZ6+3pYEL4bLuwUmtxcZyfT5kKKxbD
+Gwg/iHov9K/5X28xnuBHpTmuRWVoDgB3kgBxLF/ZxXXO9Y1Iv6k+e3uAsZpVLfEC
+AwEAAaOBpTCBojAfBgNVHSMEGDAWgBSXzEJe1/gVRIuzl1GS3WwBOyEY2DAdBgNV
+HQ4EFgQU880HP4Mw08cCYtrmymwBpbG2gMswDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MCYGA1UdIQEB/wQc
+MBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEA
+WYy0yUE7kUeVqhHdNJdc55+y5LP9BKcz/sa8l3aqo7RjKOmj2cygt9B7E4DRJT2S
+uot9Gp/rHVPv0cknQ/3SDBwYtHCSKV3bB4eQp5nCiMpWaAWXamUTNqpY9qEOJImA
+Ctg7bNL/t46eGOWhixz1wUMDMGGkS+rIzf+UJqHOBAUdkEjP8ouUWBTlNsQrwFxc
+x1u1GiuxWPzIAIjOV1xtUPSLig7Sv5uQccmf0vHh2KkMtO+1dCoTbV30QLWvbVwz
+wzi1DzPMvAWqTVXwFQrYev5mUh4XJ7wMXHp5WW49qmdamQeIKImxzIsgHaVlKl2K
+eFX6REWaJ3Sv+U7KJ1eaqw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 32 E2 73 0D 8C B7 F4 8B 84 42 B1 A2 EE AA F6 00 7B 9B 98 56 
+    friendlyName: inhibitPolicyMapping1 P1 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A94BA885B97FE142
+
+S1SX/VDCk4XNa9nge/MhmELKwJVJVtvawCipA0EfJ1mAgTlP8uyazqM8M2h/5WsX
+Elc/V1NoepmdEHr7xbj6SpeEZXEyVlNWeC/OZEohSDK5us4U0BxrYFWe2d6jlXTl
+8vLtT+N4PAZ7OazRk2QRZASxaLMWbVU8vLSKGSjKYbKVTuuVv6mz+6GkIj5/4Ys0
+7Vmhvx4ujwY0dwRdps9SgAPTp3E+VIn8Eu3D27A92pBCvD17wFjSTg1YosF4KVDH
+SEiqWfCfoXtcxbCXHl/6PIcK8/GTFQoeOD3uJiU0f9+2KcDT8zAV43IpodANHF5k
+FAewzywN3svc5TYfaXipQ0L8eAerQ6qRH+naWkVqNrZN5xFCWfhnpQOboKz52EWq
+lCIbQlpIiOqi6os/TotmCYbhyOrpt69VMKu0LzlWcq8Ohv8ZJdulfiTB5yCT3q+d
+1pT3wS0vZRbb8lw3Mf+hpa/L64KWX2heRX/m2mX8b6y194/oCXUX9FT9VZBFsFip
+w3sO1AyuwNmAPkivzAq7C4BhJ2lJT/cGbXi4L6DV8+JFIp/+DBUoZg+GzYk+Rdeq
+2p3x0M325ZkY4XGSuj2t9irpZ5wyh5gQKC0xqyr57QuzvEGoG+/hYVUInJGBu0BC
+YUdN0wX7HViHp2YkiF8btWLGx/6OXdVK78ZqQ+w1bGlB3ikP+bSAkDLMCBDY3GQ2
+x+rLoKmkr0ULnfYPRZ/CrvqO3bg/9Rn8rEfaeMgUpCWCX2mNfs7I2sFoKiqrw58B
+eMn3SceY9uB7ZOeH2s4nL4NoD1Od9e/oPylbceZZQUbcVRCOh6vmGbU6jCxT965a
+DEBsaIr0SnszSIEyUWU5+1W3jqeoNHwoNtiVvV7roiylebdfzoZjXUcpwpbcuiug
+/RnyAF5AVYnQrZnHEmuEoZrJWxjArUCGMxBqvVU6uk/O2DarYCheEohOB/J8FnV4
+bZoBo5+ftiP727oohqWyZQVH4rOCTy+EEeoZJ/FqeiOFAyj27/EBFvSdauG8p9+t
+mubRCfZmZ3qb0JQgKwGZNE+siGwqAP3a2vwwuSNGxoV9arF+rdlPd83zhf5fI000
+yWwtibohYrfPNzl/Zjlt3NoFJO07i0Lk/n4zp555eKHLw23NLz7WrPrA2L9Te0P2
+YQl5K5afFPek689IawcqEEpYCxhPwSukjAeUB+mdgCadkons5Ks4/bErEH6UVwGd
+S60zF4w6C3hzS2xYg3s7eJ+ek3QK5c+8AORW1T2xXi9xGzLnYbwdEZEorbElRcxr
+EbtTtf7Kf/r57Is3sr8Rgyatw2LBOjSOJKKhaYE1jMpJjqYz4xhGkwv/EG6+Xiac
+eSC+ZvfDEGgdr3hFBJfgGnWfEAUtuc2viglGMEQqkQYenV2Dk40hCrJoT5FIFcIm
+lw4LXHTj/T/eZ6c9Ki6YDLvChNTQ8hbIDe730u9tBcPk956sz1wElXFmAlpX/0tU
+ZKrsugFmJxQLSkU2aZk6kTXTI/55Yi5bmKiW64ew1h6E158AlweWSXeOaByOxYGc
+VcEmetuUsth/gAA8n3xk9mKEEGUex6tz/WFp0Ykuaiy/KZwFFcuPzg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subsubCACert.pem
new file mode 100644
index 0000000000..8f89619aad
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subsubCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: D6 93 BB E0 99 D1 0C 29 79 23 51 46 9B C8 BB DB CD 5E B0 88 
+    friendlyName: inhibitPolicyMapping1 P1 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowWjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBwaW5nMSBQMSBzdWJz
+dWJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJJrQ5z0bfU+HR+h
+7+Rok9J7y4aPRd50OEgl+SGnwBLodQ1xgyZUhJgSbIeaLCw5uYUWJedxh1TQM4Fg
+RZD5VIMFpFjIu4xg0mRXm+YomjBkF2eGCtpgjRjbO9rbjVxj01oQmtE+595P4OFb
+zXKXkb9ilbFvz2zVKJ+1aTENKJd9jB9STsNz5NTKVRUSr6WF+gn8HJofrpsQdZVO
+qQOk6GAB4FK1/0TyNmywGXWkEbM1WJeejSnHuNX1gBRjlCorwOKP5M/T5mT1KZUP
+x4Fhk826XPKMxGvC4xKNfpjlmgHGH7LpsSbLv+4UE0aGVPcKbkwx9b7W5Ot5x2c9
+urn9WnsCAwEAAaOBpTCBojAfBgNVHSMEGDAWgBTzzQc/gzDTxwJi2ubKbAGlsbaA
+yzAdBgNVHQ4EFgQUPkV0oovS8VaMRgFmeHAkxiLBA54wDgYDVR0PAQH/BAQDAgEG
+MA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1Ud
+IQEB/wQcMBowGAYKYIZIAWUDAgEwAgYKYIZIAWUDAgEwAzANBgkqhkiG9w0BAQsF
+AAOCAQEAdfivFridTE3XIZBYeomP2Heqj4tX3TiDbCSCOiIs/608QnZS7a0e1/yl
+yPWexV2WMAOv9HvdaQ3HtejZpBPvc0Gmu1M45vCdjQC/4/MWbtKVl3buBecRcWZi
+z9sfajKhlZzXISyOp9GjWfH6OYtPypj1xMvqIj4NSEu+RWyavJzcVIZtVWiUBGQc
+zR3jxgTs6CzWMbXFe/dHrDzdBbtLk6Z647Co19Cg07I4OP21gQB7nombxlv/EHbb
+BajVkd+APg6NNDCV+JgSU3XXQpTGiSx0J6P+39FrRPfTJcdUIIfSUoxuTDVy4Uzj
++66fxMiAaaII4phA6fBlCj2mWvBr/g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D6 93 BB E0 99 D1 0C 29 79 23 51 46 9B C8 BB DB CD 5E B0 88 
+    friendlyName: inhibitPolicyMapping1 P1 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E84DEAA45F984BE5
+
+GSWxcCybzSiHHOwi5aT1pJBsDZd0IebePQLoR+4gFHov2csP2F0zMjhrDx24Clcp
+8s/byesoyeSWgn7yr6liCI3iNzs9r6fq3soV9tQNJgomToj8wj+oUX9DHHaE5db0
+Q9hLUCTZR9PxdSCu6vgk9U1+VnsGTpv4uWSOUFWI24ldTyTn7zoGSki7LvUvZViQ
+hc1vtILHMTFjSQKri+G2ivUn9TA6igrCn314jSLJwhoO2N/7JCDEng0rqZ8ny8pp
+JqwAphYo8HMR9St6sYsL+78Yk9fb6d38XaVtxUYLTyzdeHIRAuK40ww3DqckjVB8
+5JZ9yq2d0F52QUZNO0Xdt3MCjFi4V7ihl+g324gQeopgyQVd11h6AO7TvCpadb7g
+E9/zn87b4JOwaTzLN6JGMVguuuN6k7u1MWqKzfbZXV7NKDUjK7yZFPghHuWBPieM
+n6zEVOIFHW9LyuU44Q/RTpJNoLyAjs5DNB+DG6O4zq8TZvIi4M1tikgGUDsSowXm
+5Dsm3n5+KkMFj7Y7rG2ldncLOUkr4XdNzXB3S95NC2Hp4vAfcwFnz158fO28gPHm
+jPdupJw0BqpRILLXbVmt1smeZT3Btb1QhCqVt+gZqhrNgpxf8RZZ1DCAKs8/l6MH
+jpoX8LKIrOrZowH9ToHN/8nt6ZVrGVsDG4QNP6Z6fUNV0NKz5X4w6swB5ma2Hw7v
+PADh8ZaPRDi68dmvDbvlvj1xJWanE3BD9UM2GhY4fZXGiyRgLsK32jgjWcY/nm67
+z9IYK8pkN/hQYXz6WkFD3UfxYDnVL6JJ2K3RJW1Mt1pJFfaoBGi8pnWA0cnz4Dgk
+lUypqvrp1TaXtu5F6nz5DPA9sP9OfBLr8y6A3mAJTWxyeknSmFkWeIH5BIwzMo3P
+F/Zycxtj7bGUxOyC5jn1z0BFYYxOFs7WxQusQj84slRPu+3GYhIR8EQ2nf2lGIMR
+NnkzwbsxeFTkyfGzA8cmASIsn9EqDeK9h4DbtB3l1zCQzXsTQPi7mqlsOxu3doxl
+UKbMHAM0B4TodOSIKZCyQ0UXau/jr4ruZ9Usz6fknYg0ELSOxACK0Gnhk0UmJH0N
+uUOWCz97o6e3NFdbOwMIChD++T7uGlIK5zKKi0Ti8/Tyc7KIzI9zlYmilypyuDHE
+geTgP1A4mulJBRYRjHV03Fge5RQr7wjuK9u+tUWSadiR5D+qSmHh35+slaiHEsnn
+kDKisnWI60GSHhxx18bUoRFMIUfPqLwQZOL5uD3ruMSCf33ynQYws7icAlI17IFN
+53aevB9sSuLPp48+3YOlR5kd2BD/bARvOudGKCaDVwLKhe1n7opjysG7S6xduIBe
++6DQwte1SaKp+rAjRDErEl3sg0mLXAvpf1WYqyTO6BQbrRiTUaUzepSiIgYJ0SEE
+U3de2hcTzqPM75Iw+7mhWB2TY1M/zYzIHkh0WwvcDTj+x5oT5NEtCtEUxDe6Yuz1
+1qRVcw35whQsHW22Gs0mdQ4/L+1obmfTVgRM2U+VsqHfpccklrwgHl70aTbG1ozO
+v9SXcBVZqPvBdrWmtRXq4SnFH4a2gyq1LArJw0hbUADFAa56pze1QN/fN67mtjyQ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5CACert.pem
new file mode 100644
index 0000000000..92576c4e23
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 3B 9F D2 7B CA D1 78 89 5D A9 07 5B 66 0E 1D AC 61 F9 27 A7 
+    friendlyName: inhibitPolicyMapping5 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDozCCAougAwIBAgIBOTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExITAfBgNVBAMT
+GGluaGliaXRQb2xpY3lNYXBwaW5nNSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANZnJDHPYGmDlhnjbX2Wd8iDOcwP3hJI6nYposXyUdQsXnA2DQ/c
+hTL5jI1smsPgXdS1H+s53Ii5n5PoaaaXR3uRpgyf+T82oDL2NcWlUhvPwPee/Oba
+mum7VeXYik1Itp3qDV5GJQlRLgpu8JN1Zx8v8CjvPUbgQxgcXpHh3tfSR+YEywzd
+N+CbKRqflBhroXmwZQS0YMU+lF+qbfcVna0PoNjisg+LVT/uOvrskOVibfa746r4
+HouY3g/mCBVJVb8+4YobezK7ixryFmUpiO1p9F8onRuB7a00ZBhtIHnT68+QU50v
+iPWAzoBcsLPflYLR4BTClJ69xaFlNbGh+EcCAwEAAaOBkTCBjjAfBgNVHSMEGDAW
+gBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQU24AHuWIsxcP980PiZlEl
+u9v0HM0wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MBIGA1UdJAEB/wQIMAaAAQCBAQUwDQYJKoZIhvcNAQEL
+BQADggEBACAu1zkxR7sFDb4Yd7WMY2PuHviiAZVkYql/+rS9nTHFxSstRbaCaiUO
+NhjeAVbZVGNqlbvW58W6OU+qXtv8+5U5rzJjAAMbLMklsrJnjyyntaxXZerbdh0P
+RpIv4DP2mAmSCDH9qR6sJ43iHpvFO14CQNUofbfS1TYIw8u+NQGz3UwCfmMrQAqY
+/teK8hMdEd7D1QUwRKBSi8icsPQiAdlVB7JCzSASaqIn/sB1nCwe/sYCAUdydfmO
+AMQGyFymSavQq8WH9QnLn49/0yKnrJxgVexq2a56XDDiQnxPsVuXYr8uuNGPH5j+
+XlwnsW2fsDoZawTjXr5DCStBmx0tnQI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3B 9F D2 7B CA D1 78 89 5D A9 07 5B 66 0E 1D AC 61 F9 27 A7 
+    friendlyName: inhibitPolicyMapping5 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,681F6DA8CA9F5D21
+
+5kiDnMKFXJy+I106E5Qn3QOH9eFCaaYnlqNwRt1ijG26AfhzhTlvt8xaJhH3f+AL
+mQCKwrndrXbfFMAYkyX5sinWOtMrVEgOi4WrUu1ScKWhChe5V/GvdOA3zNmImG88
+jPat/pQ5lTHcSkX/NhQFwdt6IVBm9kL2gg9hR0aP7hC0t+XQP7s5IgZXvvTCk2q+
+CAE63hV/FwVexXoCmGxS3DBMEjAl1aUOXw3nmMvF+I4FPQShXUXTiRbtmPzdFSu8
+d8MojxGYBs1Yv3yDTTdtdA9G7YwNCwvqHCivMK0+Iuv7nHfB10ObKKQRw7IGSL04
+7A6mv9fBhWa4jarUpottoXwBe3NYjyEgqAshC3TPrbVJClnBGt1GRQ/m4B7oGh7v
+2DzLz6grkvcMjnEfTs9E4qawhwgMQBoP/NJ8YwXgqsGcBeDd4PDIWxSaNqkhtQdV
+j1NNZm2d0QoBc6mvFdDCYFWX7ch4r5NEZ6mryntZ5+pR+/Aw0YxXqiVtjIM4n6YA
+KZ5H50iikxwViZn4wnKOgoil7Xc3EwWvcJt+LBAhUGWgJB141UY/TKx14QFDh9co
+MPXrxkcpogVNCgYLXnmubicm0HPPR0ORYU3zG+dDaEPad23cWAwh6NNegModbEHS
+GFlDLHjLxQHAWY7XpLsLti90wBauyhE4zNUQzXTZc+0JrSYm5HE+pOBb9EWjjBJ5
+a0Wk2hHpRvz25Mk41g12qWg4RnmnW86u/6LjhXKy8kCbil2A3JXTRJE/JmjPWTzk
+2t5FpUq/Bcbl0WT076ROvMpk/n3SI7s1kW6tlw8olCzKBiDaN07PXcN5YtYzmZ8y
+W5ySTvj2W8O1VseYYDPt9B7V5xM3YtsqF59VZMmBQgDpoiniVb6rCxanEE5uJdMW
+aAextRiZE4wqzTbqh0Gjip94RADi7om1enxtu+X0mxfAC3JdVSYdI49+f2n57RvA
+sxzFMDEe4jSkFctAy8pjY/6fZN7m0Bpkpzy8g417rm2zFexND1bZONb/y6avXluL
+r426EEbORglcCaGjiakh9XHMQcjwlPhDPFjvI4JRLEheEu32KbNT6d8DGbYDK5K2
+934PMAkGr7Lw4C7ofdTbWGZRy6IWe8S2RjD90C/nPgNcLTPIkLAT6qVL6NvMHck5
+v3hivjsRaJp1lXUJn05+Goj9CVRwarg2JGU6jGAhkeyFrLLIMh9MWqI8rpuuP58d
+YIUCp99iSszr2gEIs+RPUavpbSJQknMI+ZtDv9vWv8cgk7ldJxNHvEFUldx8OKNO
+9e+lwy3ub0gLx7FNtcb33Do7ZN+NYLP3UwKXNmUADCuBeBmf0XBQEypzu9vPxPEx
+2CBm0Knii5ZdPS+hZ75uxkfktoQvC+z+pSuQqopYCd4Tk9ryrn7h2FdUm3nB7HYx
+bEdZpfhZiBXPkFZLAmLXuvQQbkS4eJ0Pq+y19hU6nSNOM+6plu6pcm9C6nb1HP6J
+m6KrTbH+mP5DUtsUvvdXOHu1IZ/8MRc5kvh/2VQdTPXyfJ9X5HtJHxna4YtKqBRW
+rrLEawQXeBcsuO7W1D4uYTtxGmsLWFf8OWLmMgCv0j/cLxm4tEpj8tJ20E6cyXLs
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subCACert.pem
new file mode 100644
index 0000000000..c989d48344
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 11 16 78 91 AC BD FD 5D AC 0D 8E BD 30 FE F9 C8 AB BF CA 4E 
+    friendlyName: inhibitPolicyMapping5 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 CA
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dFBvbGljeU1hcHBpbmc1IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowVDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBwaW5nNSBzdWJDQTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALWNoV9OB/sGpzCATKUhLi110SMZVvGR
+btEnF/hkxaUlmi0foAiK1RMgUSmdHLYhKLogfjVJZhvSLut+OECEtKZTYV2RkNVm
+4igcfjs8aVhuo2z9lHZgqIkRpb/TPWkL6IgHVfLle352+zTscC6SVksC9J/o347y
+WE46efxyYYSGqUg8eXqodBd9ReFqYUKMZG/6Zrk1YbSYWOkdhTLEbvtmgN1ZsRvZ
+ImIZEAHaA2fKQKhwWeZax75qOeKRnzi0ZJCK4BFUkY5tviNclyNxbDCdOEyyrY74
+5wTjSkImxYEArgn41i++i05U/Fo6c5BAtiEQJZwoOfFPUXZ6ri5kZ+sCAwEAAaOB
+jjCBizAfBgNVHSMEGDAWgBTbgAe5YizFw/3zQ+JmUSW72/QczTAdBgNVHQ4EFgQU
+2OxtvrdvyhNjyifMnFuiaTa28mgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOBAQEw
+DQYJKoZIhvcNAQELBQADggEBAEGWmRimtoryrWPMHFnL2kvI/vwMcVxQno5UzWGQ
+FnqgqRgKpgNeeNJmzTugZVPWfK36cPehUYPAZJjtcUB2zBaEEoFghvtZgQPWR/M5
+/amPSIHzt+mW3sXdJZ/lgkeA6nNanW/9AV3bWlYCfWgOdHiHym7hpKsk7UwHQYob
+ynVgkL4oxSV+KglhXYGab20YiWNW6KPC0C9PCyu3PEG21WYsrFGNi5aOOlnTTW8z
+A39i8vqZ023pgOkShxYBOvUdisg15xmSq+SzJZf5s1QyWd3kX5FRAsAOHWJzglvQ
+yqeQX3fItsth1c7iJojcVhz8A0yuXICe1knhgg72TEqj/3Q=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 11 16 78 91 AC BD FD 5D AC 0D 8E BD 30 FE F9 C8 AB BF CA 4E 
+    friendlyName: inhibitPolicyMapping5 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5C3B5407440E3D9A
+
+g9QcHW7o0MyolWOLsAc2kQawYPcI/YOzbWz77ax4i2OTc7F0bA8iCDy8WLMakxzl
+b2lxhhXcKJxAcqKO8bEcZjYhUIWO5F/651/BSHtCfuq3ojyRvc1vq5f2mMDE9bhz
+odKNUFbcF14i8gpjLP8RloC4BkQDKEubAsyaZD43gu3t/2V3KCOP0ARAWcuDKhUZ
+6HXkcevegjsxpzoKg6w0Bj1+f2clJ8iE4gRdJ9Szkbg0YsgJYrR0DCk1xMMHZRPU
+RbLcehx1Gt4WjwqCl40NF/cylMlda/6OpS152ht9N44NAWRIP34MdXFJXNmQFcNr
+pIPRi+uyEbYBJ2YWXPMmv8oJyl7wnIpa9sCILNbi8aJwgCvck1ALNmo9GiDqZNC8
+L6+gedGdxB2qIwPiPTgX2KO9dgBLNDQftfa+TR4nJi2T2NUdatSnufU+HzMAvyEI
+DZFt07zfxaEHoF5pNvKsHC3P9Y1hdme5GJlKzORvy0ssH2cCuiCrKHrYlGYgvXQC
+UpSvho46u60+qsvP9Q4af0Ys3bIM1BD9/soCMGFZSkIHENXr8y8nzLUmQmwrJypB
+GEXtbJiGtpG95SATza5/rE98UaUSJdG9EbngQlxAagP7HZySNrnoMgTobGplxFAo
+fMHv1oKlBGvnk2J3vHItI3GSODuvEEJPNVDYVyw8fS9tqFk2H+fhV8KoN57W0Job
+cGqxJ3m8IKp8yF3i341gRhJSbynNK8qz5YBwVBreVw2kWz/mZuUIRDyWRxZOwZlG
+OaJ7F6xFkt/fZK0+6RUQDWW8/Vk7HiKC7Okcvq5qkBqIne9+JIXhJr+MXMF2K/wb
+aEypoO2E0Vu+F7ivu9j/iGOTj4K/U+5YaZI8rPSql84UInPdCnK2QfgsWHOEbsGj
+D0bNfejcUfcqT+LcUPiwm+jBlPwcT34dv+58+vd+/I8pOlNOsq4TEW9UVHcHPgHX
+BSW7Ntu4B2/s8nNYwxcfmpx7me0EhZhHBoaazi5+J/3dRSdC33tf604tuwjjzVOG
+FSy4SFNGEvh/lp94KA3rfsr/hBzBBNJ5FvpYSH4/Q+fCyN/MVeSo7m145yXBnwS+
+P1C85coy4cT0M2/kw8svJgeW9Z930No/RDmUbBN7UmgzLJt4bsXRv+f/WQvNp3Wo
+PVo0i8fLrKP79bv7Nf8L6GUAIf9DeQ4mPHnKPr2Qq0Uvyjxbnj+DFT6w62+o2q0t
+QUNH2ScJwxNUKWyvqvdOkEk0IxzZSjPZefPmdtfmfezZ8avOCaF1GbrZBLYrIqZq
+Tovw48Lit4f5dSrvDH1HXKyBiq3Wgmn1drUpgHYWJOlQB+yBy1E5RFa5aU1OLyeo
+3xvnZjgS+A/o5HV4O5OVDQ6HCGiAekKwiNlVkQLIJLjFWO4kXWM4nyIONPKiY6B8
+YHGdfOL05k63aHYOqomikXv+uldYKI5eqJzjqHfbn1Z7dugsFZRNV2jAtd9L+w9S
+kGc+mtS9Utt9vh/rL49gviDkXXl+mjQ+RCrFZVgGRsNY/O78bBei3sfGdnMc7sUj
+hEsxMy8tQZIeJAnHn3tFd+QXbqdhIoaJ8aH0rvZajVKXLRS6u4JTfD6gQgHccyTp
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubCACert.pem
new file mode 100644
index 0000000000..2e129523c4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5E 5D 55 A4 B6 8E A0 01 78 DF EA 47 3A 67 B4 15 B6 6D 37 76 
+    friendlyName: inhibitPolicyMapping5 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subCA
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dFBvbGljeU1hcHBpbmc1IHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowVzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBwaW5nNSBzdWJzdWJDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAORACl2TAi2vRGNZ0z25HHDq
+63G0jwwUOBpMU1tGZM3EA6E6CZ1Od8tAsWfeW9sUj8K2m+t5ncmshD0xjUeLl9JV
+CkJ7XsYI384YKQPdN96Wh+eNlbWRGi/DfmSiKwebVWOKVio7zMfv4rLdFEDYSUO2
+62AJ9tOBc8lUEfqZiN+VD/AAfKXWfoyW2J8pJ0AhX77P9DAuzMiZKvE63yI0lodh
+u9RKMVUPzLXq7FBY9xHexBFYGvGAtmuVfCfqNMR9Fu+loYqwb6KAAXnXh/DRq2TA
+VveMGaMxuoCk4TPlkrraHiFitJgXnFuIsD19YQ1iyX28c6W3pfFjca1/MQUOAGsC
+AwEAAaN8MHowHwYDVR0jBBgwFoAU2OxtvrdvyhNjyifMnFuiaTa28mgwHQYDVR0O
+BBYEFDWn1OFLdE5VqHG0Qn8y/gQayQG4MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAE
+EDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsF
+AAOCAQEArfD53rmonDxsB7VLzP6pscDyvmqoQGKb8BgjxfuNC5AJflfBbbtlCeMP
+cBIfFtyc0nECkfaO/tS6ZbzHyU7Oe69+jVOufQ0gdPJBITLCD3uhGXUgmTQdckXd
+a2YU7ua8NZI040Vr7inevt8DjgBwfXEtUlObMCGO4OYtUBOXhQ9yW5KRkOBoYMks
+PSwthYFiw92gkagk/jHwfB16VNIs9u/n0/848m4BzF7wNp7S5iG7yq/+fFT0WfoJ
+rI/TZJTmIyWTJfhGwaV59ira0PrzzJuji4w62TpBAC/iKbeUqtLdRHBFgur8ccBK
+VzdvksHDozhB+yWvQZNwqjIGoKb6Ow==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5E 5D 55 A4 B6 8E A0 01 78 DF EA 47 3A 67 B4 15 B6 6D 37 76 
+    friendlyName: inhibitPolicyMapping5 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4FF971D4AA6603EF
+
+he4gc1l86KKIErt8Ps3L1JurH41LCz1bBIPjK+eCvpCAD0ClyHveZ6Xt2kWFaBX3
+dMLH7sFDO/MMLqpn70L6BopBF5fD3edX/Uc3/L4BR79x9LGT0QE1WS9V4djt8Bqk
+INPEZaESnQTdckGsg9riICTuF9vujUTmrGieaUzxJLIdrAhmtU/VjjcduSzb7vMq
+DVl2aPtY+/iWDhO5HtGIAPMvB8zZnEsU8UbMvW+ST4CafjudAw28fYT+bMUzr+Y0
+3evVK+Lya3dc3Pd82LNDo+Vp3KSEGwsX9H077nBBR1LWz4HvYblTojYyd0U9Hz1w
+ReIbjJ6GzRH1Ro+FmWnMQPbRfUqmfbNwLY5keRzDHijiUmBTIyFepY8LfCfviaHz
+W0morw8u3s0HmsH8apVXsye8l4to30O0pwscGXT6G1pzdbB6EplYSZHP3VRuRVHq
+0rfAnmnbG1pNKc3ooLPoEFqfHVxzIazbe0D8a4q6iGvQGRUjFz9rlWefbazNeyPr
+caA27WSVy3bzqNB1MfIQo4BQcAEo1mOyBZW7vZCQ/GTPzEaDi56F4PatLskaX8vq
+nfCF+JUJj78+mTddZnV6Dc6AnW78ISJvS37i9FEkCg+PqTyUMlCwjkSh0fmi1vWm
+MYV0TOz31juOhowNZo67IDpVJJhsX08zFUdSbz/xDC8WUMmOANPYJGP2kAbQU7XV
+lC26rtO9XBPEc2TR6qpiU6HdUNmnT4tBdN5rvYy5QhQvwzcYhVGeAy8gsKhpbzJ8
+OdMz5e5c+V+dvkVlEWOniXmTZKKqXF2MBnTw/lI+uGijgwfTkHX+YlGpgU8cKNIC
+KOnilFBINIfa2+AmwntSBgUqmYsPQCJGvt/AS8tBezDewkzOneDtP9qfh1nbNNJM
+Mj5UGgVnWSqff7kf78lQZJbltM89KZI4Xi5ffHwMTqi//NKUFTyNx0GjMp0P0iIC
+XJGT8TX/QtL0lsRubvghNfYF/HJRxl8QchpK37bVqUs8v6fB3i7gzwkUdDRiK6Ai
+1nUXpH0I2KAhRkfw25uh+r7AQF2JTxnihbSkkxUqM1DkPBvVUa4QpciurGGp76ZX
+9Cg81hYcUPyv0PnIKfJaLIULMStvcFZ2qCgPn0LL+Nfbi+hxI2qFTLmZCCXXTM3g
+ZC1m/jkhocea3U/EHVtCBM3FtsmaoZ1jwbG8lg7sMYelGDo1hLHVxSg27v32yGim
+ULM4bVqYf3LTIrJ/iC3E19F+5aGuzyhqL95Yl0nA9s6oeG/SY7dB/Obb/ImvYE8H
+GiQ89sYM2Ykp6UzUH9cKjNnJZnfbYlhwBMwEFKNLSYNmob0iPBax5yFTiNukjRpu
+nZxb+840bYvogExlP4eUM1j3O2gvGlPUpH5lAf1015gY4SbJexkXGBW4hEDLxt/8
+DK/usv88NUYbuJMDn6QPslJWk6cv1knMRyLpM8m8bBqs3nUAkUtdiINU+eMqQknl
+GEMkCY57d9DY0OQuOQjH9ATvu4+e2Dbnr9EsBWxqgJK7EVWD6MRck28H9YybOZCx
+7Rh9EsJU72T7x+bWSMcXBqu+EMTlqlkIv0lP3jNxSYiX8OnoF6lLJhsRC8QxPaWj
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubsubCACert.pem
new file mode 100644
index 0000000000..68ca7de65b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubsubCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: B5 80 27 32 7A 83 85 E2 00 12 C2 75 75 1E 49 05 85 C4 A6 F1 
+    friendlyName: inhibitPolicyMapping5 subsubsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subsubsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subsubCA
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmc1IHN1YnN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowWjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBwaW5nNSBzdWJzdWJz
+dWJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMOUe51QDDF4LIT8
+dNI7U7D9/Co97Ayr2DWC3r1XLTRuFPRFy87WgdMLZKMwQFFyUlExeXtmH3k3hiBf
+xQxkMe/RpmMzJsg2tR5ATvPvatP2yPAp9mdMCqn4KyWkMM7t7hKubm8n3V2FV+eZ
+VCM6Q+wCrxjzLpx/BnALMkk/+tNg0mCF5xQoTi20AKZZVapwN/jUM8bEn4LDP9bg
+jfvpZcP/J/IWRvQSRDBN7+62JT5DsnjJaXOD2a3ZgI/7shdoCOJJSBI1qJrSPkca
+IwozCjheu1icHr+34/uLXkYFuIAs0my0IJx7y43RrWNA0JTJ/WNYB+humZHP30eR
+bguXAbECAwEAAaOBpTCBojAfBgNVHSMEGDAWgBQ1p9ThS3ROVahxtEJ/Mv4EGskB
+uDAdBgNVHQ4EFgQUrmPL1+LDceP0zm78NfSb0k0+3BcwDgYDVR0PAQH/BAQDAgEG
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MCYGA1Ud
+IQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsF
+AAOCAQEAhxkEhZca1jstqu4SQv4NukDbw8Z3DdN15kwxZzgNfij8622UR4YqHu6/
+dv+c0ANrgLR99MpRbvjimg4SnYj1Dlok4QJZN04jvvv0q6N3Tyvwf+S4LmaOyrXr
+N542+uqYrOAS5UNAPF4ZxkT5L9OdxKQ5qqRNN5GxyxbPszvVA89/rFy3fHC+2OHz
+eLgaSl/i0MIUhx+iCop1C+Svvt11DE3pBqRQly6A+MEtL9NjHVuJ/I6RxySHpbj2
+46+yJv6k/OuWjVrAlhiDuUjwFHPVVnvHk1plcXLv77EnhxL8Yb2tNF7tM/0aG7s8
+w5Idxl3AuA/XWMrmoLvQFlcYLm42Zg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B5 80 27 32 7A 83 85 E2 00 12 C2 75 75 1E 49 05 85 C4 A6 F1 
+    friendlyName: inhibitPolicyMapping5 subsubsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,218DC09D15ADE49B
+
+WuH8KvV+CZLuBDAte4hOz4eQwjEmyt40Lb0OrP3fCY9E8TC/BzMl/nkg9VgqHnH4
+n1Xa+DGyGHZVLoW41u/Z9WB0AEC3+4pcvKnBt13uKMBRgBS/X3PGLTA3alTxxxqm
+6fZ0EQrEiz1idvhNfsYzRDXbtMYGK7Lmqltpm9i4tl3elakClIPPNEQqFyB8sfdj
+rx3ahk3nf9cUhXS4Ch3mnPfJyj20WCUboXqToX7OmsozE+hlhmIwSrpCj57MaDGc
+bcKUgMG0xzPnCiouFuqD8G2I0PxE1/5xx5DKcfqDJ3QFmBYBCXpv4AfFLDWtTOmh
+ZdNNU7irbB2e2/NL439unk2DfrTjcQtEXKOgs8JhOQtaKWBU8HsI4HcCWr69l0NP
+3O/7muG0o/Kr/4YAUaPkHce7BFMYnPQEqTTWxOpjQxGbVHYdjaYxEBfRC9iebU7/
+XLNUoKZMWDk69i1qPnT0GEDgZD1y4wGoKebJ77jRQQ7INtB3h/jQW8Ps9mLzHm3x
+u396hVNxrJ0C2chftRQ7HgmiEJqdI0hz5o0WAm9ojSDMeTLRiRk4a1Zmx6NsmoSF
+gfbcrMnOLr3oIeehD4Zq+HKy3sRsF45u9qvMtyh8tT6bNiml76ocKP3bvDgBwCMy
+PG1m4j1XesyuxkGsCC50zJDEdxRq6uFikuH/yJBRK1EX+qtkuavKQKnP1bWebhaU
+wsPvhfsa9h+rwNhOZ1ec8P6TfEXCqufoMIYWGhmFbzsHOpTyMZ+BQRorJkFkQ8Y0
+gJU3Lv8fCow/nJVlcV6oZKXoFhbPcETa5fVYmEFkX3sMcK9i+a0TpSorE7MnMAd1
+f/bGlcDy2tgOg7yqPK8OL3G4oNyzZWyPgRo6OsKU3Fnq8s0GI/JMMovcYt+mU6Qc
+bkIKNo4NbDQKGhujSTSjl6JpcTkC3mzCW0l5yLp/ke0Qoc55co+i2cPDBCOCQx2p
+0CcwsOAgfy9sgRA111zSiH2aTjH/S4hYiK5jshs3DAg60fTjg6l4zkB4fK0kS4F5
+dqr0xrXbGnL+ILSBuCwU3IABFc6gkD6qPzKB9nrFv0dEzXtcXYLOs2sNREGwgxre
+BfQhVA7msHQ+2YaiaQnE9HlvqWRntkJzBi0cND6slN5gnVEqX0vV5lQz6orTwtdM
+vv/CQCIXhbKj6P3RQmIP0s3/foTLXOQBmJoQE4Yo2Nynzb5gXMJCpInAA7lOMOqT
+ZGmMVKqB3n17VaBcrRyb48UobibzXUCWhharDCLznN6cYQuryh05Go5ugMMadxbS
+5I8TKpaivEbhNjUkbU/4HF0RgGdquxVEJSHMGSpyPnNTXqnG4U/tceRGkemsm+Dd
+oFmk2HHH2esUFuMWFXAcevGZznOtgzCz9utLr6Xb6RWZMEHf0aHItCZfkTtVEfVm
+YlyZG+xBL57cKbXZDXIlBNxldTEoKjUdQ8ICCusW64bLe4fHRKoJfOm9NSv2fZDh
+YpUKEkhaYuU3nhOJBil8wMPS8PgyoG7nDXxR7YHwNdePzUMXD5TJX9rRISuww/KT
+kGRVn8hewI/ihNvvtxVfFDGuKFfRz491jWbM78ZjT4r7hXlfVBC9u16zIbp+8+Sq
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalcRLSignFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalcRLSignFalseCACert.pem
new file mode 100644
index 0000000000..dc15ee8ff0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalcRLSignFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C0 3D 50 4D 1A 36 70 FC C3 00 C9 60 6E DF 9E CA ED 35 E4 08 
+    friendlyName: keyUsage Critical cRLSign False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=keyUsage Critical cRLSign False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowWzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExKzApBgNVBAMT
+ImtleVVzYWdlIENyaXRpY2FsIGNSTFNpZ24gRmFsc2UgQ0EwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDVXFpJZrrfE3RhnognaEW5+Af+QIHZD5UHsNHJ
+5+52dskADZ27OVATF0lxfJFCsvqg+xF0CwUnPGAAvicTqbn5s6VfivsitBKgJtYv
+7mQHmnA/atFcsstwIM4a0ElZktPr3uBoVxfxJPve11Pkzn54JOO7iWMMqvbCnUM2
+rL+CDR+0mVStkYCxLbUDYIBHvjBua2K2h6zffk+UDf1cBiOJjBKLdQN3gJDKvgBz
+P4icVr3SOKy7CeZssY9qDvfs1VIXbFdHDNqAQJqIDrmdYFaWQ9Frg9SYdJ4nCNyN
+7eQs78izC8jF9EjR7NAIHD9l+PeznskhJ8hfHOQ/gIiccfPrAgMBAAGjfDB6MB8G
+A1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTCymn1tK8T
+LfSc8hFVyyows9JaSTAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/
+BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADggEBADmfRFtG
+DU7X1eSxvzMRLpmjMY7rtbEUvSMJXB4kTt9/QsKPucJhG90897xCca8i8R2nBjl6
+Wt9YorVQIXg1usooaLj0d1/MWgRl51Tf6rWRlpbaG3sYuU9lfu/b1TPHLdh+iihD
+OrJRrv2VhNyurI61IbwgOUfnc/185PdIhWMyFMiIg+S7k+U6MM0b0m8tfAwQMS7W
+qVKV/DZdutJFDNPqWUNW9KsVPQreAs0BHfeH1U3Sj5y3678pOOW/oWeQECv3hptF
+xIeE8gCSz8ckM75AJnqa3bI4Qfc8Z7h2KYbqg4uh5Lvy5sjT6EmzOFhZfxPkkYuZ
+v7kVKEHrXEIv20Q=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C0 3D 50 4D 1A 36 70 FC C3 00 C9 60 6E DF 9E CA ED 35 E4 08 
+    friendlyName: keyUsage Critical cRLSign False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,68D6DA85EB17E2DD
+
+jED0gB+zQ9Xhyoqoj23i4u/lRZGmWxP1UhmzX2uP0dW4TknSr1V4SlNrAR+WSiTl
+7sHP5JUNIt/l8GM+xXQ7fbOdoOLsbkpOauHh0ftQKbVmEJvRojwTlBrlvfVESYIP
+iWhfAbI1Dsz35dzX6czqFq8K8OReA8BGpd95Ix/FGBWKcoAnjKISQy2N1hMea6RF
+zGXFUWtccI2jfB5QIuIwrHIsWCqPKT1iwEw1TzMt4zhppRGv4svN+176Lx81g40o
+M6Dg8qNpLx+OfKzY962zMB7kCXAxHbnZITKlx8U1cF+60QujGwBg6arROgEwOKSU
+PU2m112MuHckdEhI+7VbcQKjwskggYgP9UsqOrBt4WJxGNWm9uMFM1XkEyxmU3ut
+NiyCX4mjPUpqfY4Z2JkOlVu0TgrP+f041a1V5MxCD8UtdN62hV9V2fYjKRNaGt8E
+wZpc6/GRv9ZK6pVPDML8B3OrrCCMLjg84L7OCfuduxV1oK1YXok/Z3nralfIVdNu
+O6ORaXhXPCwNx3mj+MbNCCzMQmmLPBX/g/p6z5kVC+67HVzAp/tMiQ9p8RiLqPoS
+W1fEBnpDMgtqzwlSnGtCMKCIkto8jHi7zdk3eCjwX+dt/eaq6oYzQYHjEv5LatZM
+UD/UUtKG8MYyuVt3niiV7C4LFO861gPgydr9R7ZffnLKKre2mTzFOcpD95b2jbvz
+GrjrU5MNvZIBnet6kYVFyElB34eEO33emV/2z8L5pp3QpFtx7WldhhAH03cUUZsJ
+B8t3Jhz9KabKDl9mcFH0x98VgNN8ZPNsIMYtz1tQ+J3J1JAbh5X3R88bXJRonYiW
++itRoTtrJ8xDWgV79LzhJTo5AqE8h2C/AvIsFynUhiJk9eMioX4BHaqj+RroS8x7
+VrqyQHQf0fOg33f3xy+xWPDablqGohj/e/YMwHXZmovp1Wbwrg0J0sfsyDPwGeVS
+5Jy38ohdFLawlXm4WT5a9VVKEJkRVrAfDbFpYOMwLnJJHNp9b1WyWHDlfP751yYa
++wFC6idLnYy2r4STVOiawg+HaDH0syWvatcfRj7LRi1rG+eUBY1jALjRoSCKIDxX
+yQhjCBRIXk7Cuq72a07fwRj3WJ24E+nzp8L3E+YkuraMUmTsgI5+NIpYItNv9gNd
+Bcgu7L13BR/jyG/WdZwg2JIgkOnyHAVNPXC7oYmsSpuCOGFrYpG7jI/NtZB4NL/o
+IEmbHrw62lbE6vPxcwf3KPkzOLJurxyZ5IuFhzKX3A2HjoOrlYuKXUs6qhioSzly
+B4QSdUNuUbhOBGRNqaneWLjQBGSoijLpGNdzWjz0EOjDqSrTSvCc6Q4OoFByiK9O
+YSLjgOOhJ2lHj3TIEYkvVlN28Dna9L25VVsE0i+Yq8xvZG8wzlqg6QqWnLZnE6OY
+zrYX1CCGUnMSSpkqPVvWhqtMJQWcNBxeHIfQ7ixjMwmJn5f/mJ/mQ3Pjm6sjHNig
+nwmD4dWSGVbZxmturc3Q81oLt/f3M6os2/9Ds9oAHGrLslubcfbVnicLGwdRAAj0
+hH3oG5sFsR1E5z/F6YQUun0czkaQb5caUYiVIskia5ibA0WRkg72dmj827xrVtLy
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalkeyCertSignFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalkeyCertSignFalseCACert.pem
new file mode 100644
index 0000000000..e98f314654
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalkeyCertSignFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 54 DD F3 A2 70 30 02 61 F3 F7 32 AA 21 08 32 1D A2 C4 14 F5 
+    friendlyName: keyUsage Critical keyCertSign False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=keyUsage Critical keyCertSign False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLzAtBgNVBAMT
+JmtleVVzYWdlIENyaXRpY2FsIGtleUNlcnRTaWduIEZhbHNlIENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshkDAkc1NgsehY25cyVzSEjWwYU6t95G
+/bdkWf9DwvSkBxz42UAB0DfeBaHlbsgyVPjecL2N2bBpu4Jn9T03xEaMfcZXsyI+
+Be6psiAHVoVI9yTqESpjDgwWC6qE+g6PcQq1pYxsGzWlcBm+nxxpb0biMg0pTgcD
+KUtkK3UeoUJ15K3nDEekwLkLFwuBBFGzfOFCp9PImJh432RT/zzy47GGF9GNNDPa
+7iAZDmKadTAQ2RFy91qvUWsMxTdQ5wR7mzYRQwjzJG/3QBUKaSl5jEX+U7wzI20b
+OAHMdiEfsDNKXlvbIWloxcmVHLrVnzyFXgoB4ZYUydsAZoqW4RUaIQIDAQABo3ww
+ejAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUNFUL
+Z/wcsdzCcgoU8GPp1JvwY/kwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgECMA0GCSqGSIb3DQEBCwUAA4IBAQBe
+d4ZoblyGZ2/KmDlPWpOb1UDgc8l4fTwKDuDOch2en3qqX22Lbfpc3XWB+cOvcneu
+TvU3GCC2udrSk867vxd6LsiUPdfieO58b0au8+myabu+ICeOeWtug/++HvHiZYPg
+dJI39eSmMC5iaiSUkcdyNdH6IwkB3WTlfFwQo62T+zC044ajD/1nH1F8yNx6bJPb
+nCcphNbufW7lN/3B7bpiz4EKajIkvBk5ZP8b6amkDO4fGQvEgbZGhNo2TwDPJh+i
+97WnDFkCgOETr6GTgfXj+BfABCKduqpl4H/cUG0zt4QI4SMsuUvqTVoHTUc+XNMW
+kaLapuUYQMDC/P0XLwPk
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 54 DD F3 A2 70 30 02 61 F3 F7 32 AA 21 08 32 1D A2 C4 14 F5 
+    friendlyName: keyUsage Critical keyCertSign False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D4AC773554F54CB8
+
+wx/O0W+iaLKhCpmZrFqQGu1feMI1jBRW6etpY9miXcSUorYfyiSYplNgTKNmcBF4
+MQTC7zLeAx+0HUWrPKETjYxPz8m0W0wBHBr64+CPo+DU/xxalgxpb4v0faz+Imuj
+Mm4gIHKikWHIHdonnFWpAAYAibIKg2suXJ8xDrMzHERzRKX5BdyJIHcpt6c7CLaQ
+6VgPQ/07N+ooNHis5ZrXtOink7DAAFS4EvY2fb7Fqm09eBRVe/vVtQQYSINpruWq
+W7SO6GJihr+hVtKo0PoHYvlsrlxZgYegxtiI+UjmJssLWj0p0fGvmgnQlf8UtuLL
+lV5kMSxGBqcJREWNWfYnrz6rACYoxmnG0DkUpGFTVeNfgF12WRZr1AQxSXo+xPeQ
+99zwXTYQ4hr6mB3ur6o+wAQXIRhuahfMNdVUvCL6Lnuaon70opw/8u0CffAwxCsC
+dFRXIe1Kmp2Ms637fLimoQCuOJ9OHM/wNf5MUyPBA9V9K7tidvqH4kCrgdm7P1vy
++ZLtvJ96V0uWqniKBRdqekzCN46v07Ss6GFL6fBDnbGCCCHPZo/nMtHWnXc0TM0h
+3AzYtsFtpaaEUBXmY/fuVOLEm8JELkByV0+08U4lktu+PcAg0rWDn+x/dNrSYcNz
+HWHpet/Jbsxk3JV6p9Be45wug4IEiouGHVUVE+q0wv/jbEebQlYk8qNATCvl8oo1
+xgpluvYW8+mrDTVskuuewb5Mj1AiwINUdLS4ZCDO1zwi6qyCGPvGSovUylBLI1m+
+wlD1yCBBfgwJUi7DpKh1K3ut0/bmU0CWRq76U/eWdLP76hsLIyuSZoMpeezaplwA
+AjoLme7da8yYjwzvXN5D5p4JigIhau+yOydpB+1EZyQAf//ROiHQ4mn3sofFPryp
+WPOY9B1j7vEQQcCowH7t33BbVMnacoYApYs3fJJrKBdfdcjFK2nkVbEUDg1BuWtw
+qfFpvS1ElW7C75lEOxx/r5ZJVI9v/r5sDB8zgszyhj9DEcpSbq5EApDW9AWJiH9y
+JKNBgh7KhotLPi3ADnp3Gzd4vA+h+ylCyGxZMEaY4gt5QrXViw3ndXe7BIzffT+g
+wOLyYY0hFIl4XPdD2iuho8iUov2MwX95SoWo+WZMH5NcPvbG9Z5Qf4/DMvcpQILZ
+hW1H5rDikiZ9kBLpIfXrWktDyvgP1p4Ng8LbZshK4Jw6rtLF6Bo1bB27gF98+lCo
+cORPVMi5eSL6IF8ZkkxS7Qos4CC9SpFS+8DIHbM1PibOwD1C6A2KoIS55c/kYUye
+XZwjqmHO1g7DBP6/qVRaSw4Dkcr0NqDbt1cp8+w+yKQnmqzgf2zKx09fbufdjnDL
+/hU+FAm10YKGozDbWA5oTZ57sy9K8rA38p9ECrz4OeEVnaG/MeCnqfpsWUyvpHUo
+XA9/mzjaUAfktQP+wGgRdv6Ir2stOIEgkkYo57T54sCDnELyzECo+6FadHUxqNL0
+pQ8zSuIH+Wb8PdVlkFtKXE0cL0laahBzMFSZQVj27UQCnVNBdFFy/Kv4aoCyWL+K
+FVRMY3kJ40sTh8SWeFwO0aLd8ycV28AapkWqyKJau3zbNQNWQkR43A8KeTsNf28Z
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalCACert.pem
new file mode 100644
index 0000000000..b2b35d95ba
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: FD 63 0E 7B 2B E9 83 FA A2 27 54 7A B1 AB 67 0F C4 76 56 D6 
+    friendlyName: keyUsage Not Critical CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBHzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExITAfBgNVBAMT
+GGtleVVzYWdlIE5vdCBDcml0aWNhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAK/akbKDSU+jyQyKaVyIOSz1eF/8IBeTVffB6t4DDAzrnRLvfKPO
+QaKZb2v5iqF1M2bBoKaIdSfcI5At/JXFHJD7H4EGHkT9sWMV3Qyhw9peIr7We90R
+S30KHCOsXU4UYx0Cqgg9A1coxkMo+lopBwaQMXdxSRSLshfGuNKrjCcttOxF/GXm
+hpz8kMPBLUKj9OFFudTylI2DD46FxcwgJ0JnBPOll+fpLPYVhBAM9Y5uHjcanl6x
+5U3Vu2ENZ+v8wAXqFFkl/ySMO8oXidy+2ifYjxPJsvAC/A7BID2NG7y6F90+tHOS
+7I4pUA2dwp3ju6p5yj3o4zSX/cQDvuHj99ECAwEAAaN5MHcwHwYDVR0jBBgwFoAU
+5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFMGQEUrZtCvFcH7OjDtiWOW7
+lytzMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MAsG
+A1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAHJthW7o9tlSkPicbKxW3xOHN
+vcod5xj4RNcMFpz3AZe1KDPm8vSO0P20uzUo94BcwKGOhf1Ecp+8r9Y7O/dpyIz0
+FZRa5JKW4NA0LlAuhsD5f4gLpRbY4Nr0SS0w3k8ycSU3uxpPCiD92tvih3GAPne+
+d79uPxmFSOVwgiPa6uLz0nnlAwgbMl9NiLpdzsLnbIi1saapuoEwMNWF4VXd4DDO
+MfOh1tHOwbyfmJuQF7rl7dGkhQN0e6AHJUsNigI3i4wHf1GvfnpXrzUoz8QzmUWf
+QQCza3OcdC2UUN905ztpH/+1bgtUJE/alfclVJZEHaWIhIPg+5//Op74d3oK4Q==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FD 63 0E 7B 2B E9 83 FA A2 27 54 7A B1 AB 67 0F C4 76 56 D6 
+    friendlyName: keyUsage Not Critical CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D9768CAB2007E4A2
+
+1izcemhgrYgp7NpmBfYrToOfortvPJIK3wSduRy+LeP1g3o4vgRXKzX4i4k9LBbL
+2OFdtFGAvON/btC4oSlTeNVIdDHv8/Oakf66HHUlw9tu1LhFwWcFXDQ9Jyf/Pb9K
+H9vk53fBoDl7PZUNPDsGigMAI2cfo7GClbAEMzIFhaCbvjApDW4YhtoMDPy4P7gI
+hOsymmIvP7TttV5vfO6raFHPLzem3M6+XubToouHRUlc1m1nX3DMiotXRMEO4ioW
+uX1QqNb9xEngnKA4ADTrYvM7R6QoQ9claXHqieLzgc8iNzpMj5vSkVbOCOCVMxoj
+Sk5oJMGI/jE4jsX1VHKFbBfEMntF6aeuoCrGsuZWPidopuxZ9nBGgLQVCzs9QOaq
+z6f06Udjg0C/nM5/iE9DfL3RAylTrRrXV+tL/N6AZde/7KxJByUo8SndvcqIgrIh
++1NZsVdFhp/xybqfalUXz2WxzDkrj9B4+GRZn7/Ci+cVRRXBuifnZwm6FlLBMsKq
+rz1EgMSkX/0JmE9C2qe7ls/Gpx3W/ahNLbDLiiqhUXFIvTUqpnww9Ozrwwq0OcIx
+5qjT2LyZvxZ6BP8hm2ux/CQtteyyAvLlMF6b4GqEyjJWXav46oDcmmvobe97Wa3V
+JHVw+TCpLWypYZlUPHyW661s33ewWs167lIlCWlFkKCUtzW4Bp/E1xZ1Et+/xzdm
+PhVqWWyoWVIQXwi3K/OWojc9ZGyIFHybROl+sqeWIpUXnsN0pa3vCigWMTxqeA7V
+EHyQ28rC5EF+IreW3RE6vI0ZGtmSeKxf7UonX2HBiOYPHxfgHFRpcIqJmE/p2Mi+
+IIx3q/q3+N1mGtLrk2QBzJNUyGWD118Y3XrWv8gsj9GF+9J9NBTBfNgyxaxrdPcH
+6tmSrOF6Buz34jlQdxsn7wN/kjTtNVwBxHtaVc6KzrP1e6IY+5m9FfpLY6z0kLtY
+ZczKMr/fjubH3RoC/dR9H0v7vFyd8syzfIXLW92SMqdwh+LLRBfHUZa6tfe8cVf9
+E9dybAbTVS+Gctq5mS5pYHSWyZDq5t7JrvBVBjh2Dt6D/0BnQhIqnQRwNpbSoeNc
+dgcKs+HhptRG8Mtr8VA4JgZTTYf7h2rVJHp5ilYvvIj9K29ftgRHj+iAKlKCpdzJ
+K82kWNI++/nT/xX9lbtSEp9Z2slB7j5FPseHNvaDoFh/dIDGbuYsteVu/pBnPX/O
+jtcOd6Tu9lzjrHSx9AANpxDui+VQRfdGJBg/nCof6RQ6JJI0KD73gOJFYEPcrU+i
+zoZR/3m8Rb6maz8xL8qwJerOefYaMGvBidqcBPxl4TVs17JzEfyCyLwUM9gOXuBb
+VNiI1tFxs/Sai4U3dhv5y/DrMSJ52/viPzz5UHh/38Og1b3pQWc4xCJgAesSvbCi
+McxKCksGErozuzopNPJXv59s3wxkHcGY7SQ8S7HqUz+nR715Ho92mWuvDitPm09g
+DEUFgD1ZHB1CYjJ6jOiq4hEGFKBUyP56Zwz1060/JHsEjnYMhUJ9FQkhZJOaPEa6
+7DNbXkish0R+ClDkI1CIWfe/t/m+Po4c3WJASPs5F1ivDGvCXDN5/g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalcRLSignFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalcRLSignFalseCACert.pem
new file mode 100644
index 0000000000..59924e049e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalcRLSignFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: FA 8E E9 9B FF 45 C8 61 CF 71 C0 90 04 96 CE 07 1A 60 C0 ED 
+    friendlyName: keyUsage Not Critical cRLSign False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical cRLSign False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLzAtBgNVBAMT
+JmtleVVzYWdlIE5vdCBDcml0aWNhbCBjUkxTaWduIEZhbHNlIENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ajkrGWOSxFEG9vuWGeWpRVcosWQyfZP
+JV13VfTNb+3Q6Ke5L218dww1FtrmP99ZBbbX8VTaLT9Hl36zdCNhXfNDjpj92N4F
+rM93HPFrMLewZnfq1d3zWvtPN6UYNKyRozFsys72YmIswHZb83uAltVNKZNaoIhx
+9oDLf6BudU9MYynVUnOskvWbJbbi2SqjNW7dHP7boiDi5Uy+IdyiKvkyTHnaH3OC
+gjmQ3lWXpg+2unulTZabYaR4twj1hFh2XgZF946GAg2sy8ux4g9lKR7+HL1BNC5Z
+PBzKHqMPZu8+RCUA+gHUeh5xwRFBg7wq1Gs5FXY0BB86bDdjJrDrLQIDAQABo3kw
+dzAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQU+X5S
+oHlmBAhECGV5EA7dkOZD8dgwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IBAQBXNr7R
+CtJ7NH6ne9HBNzkCWsG3bwfaR3tD9hQNR5w5fyX0LKwBhnX8oH6dAHe+YHZ5oRlF
+yOeAZ5tjD3XR1WGFJCEHWQ3VmHOVtHLoc5YNgUZcn9xO7KLWiLsRPm6Nyd7AETZd
+/2EQUcHecRR6tnTKZJLeZzddzGnb9ThWvdYO8VaY7ipNp/fL+odZx98P8yiwni9f
+gspeW+GDi8xD6U16qXGYLJ76y1gkSYs4IZCx1Pqn/MJTsx42cHfrRLaomVzOGraa
+tjeiql/jUOb6IWX84tabge5xp3nMD1xfCFaGTaLMPiWtEhgFqZEzONP8R7d+15gr
+tWm1TYtrpHu3POhY
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FA 8E E9 9B FF 45 C8 61 CF 71 C0 90 04 96 CE 07 1A 60 C0 ED 
+    friendlyName: keyUsage Not Critical cRLSign False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,275F2E3AD2EEA049
+
+7YvBHx8+E+Vhw/nPOVU0cqQG86t08FlQJoYzqbih+EMvmOnuARkLo85UqgsMhPLR
+KFIgv3WiVIUc+DYSaP0PbC85Zkq3Lctl0hNDyUbtozMh8bCXVqNnVLIdPlmN4FDx
+JofVamca1/TAAhZrVymSk9XRCQg3tt+7LwgRS2fCtTmFIPkyVMrgo1vV64x2Y+1y
+hBJyXfSvXI/v0aAZbqz+Fho4TlaxPtuBpT8HiBhcIEIk6Abx1Jsgl5/PD2fsnrK1
+zzTKw7vMLKsvfUpt7aapVmjv3CpZEEgJtYlGxYyTGD1HbBSR0XXdU9YTSQAGXDL1
+sc2pXRuMKS/mMAP8CtLYyBQTmCk6w6ySceiIDx01QYrOWANwX2upsnyR65NBDSj2
+EQH2Z9Os+Uslbd/MMLZT67VgCLXkrNBKWSklrt63YdRivCUNtMM8N92+7boSxExx
+vo/ngvhO1vULPN6y231dS7X/wqMgJyyBBVCjtlaVSqD1pDiF9u1KUJze+olqvEdQ
+9alOna/FisedtjE8HuntfIiH0TGujtcC6bbVLYs6Lhuk/tiq3ud4j47UuArGovD0
+qV5JqIcxMxyh9cI7CGx3TWUTMrllCfKT8DuxFlWV6eOER1gtk8AFOhwNgCX12iUt
+ZXleKaBgi6ckVip/lvkBQjg8UZuy2aYK7MFCn0jKo1anaSOZ/VcT9nnv62z6jzZn
+heG8IUUKvLotuTEO8+2fgb/Gw2v/ZYCviqAmI+GLuVCHd3b+g8j4wylNV0jFq1Gq
+sLswif5RHUgAW+UaYm+UJkWA4uKGEWf2LEsMk1qJ+Gbiv3nWB0r8e+qYqWZtdJvd
+5U3wOjgH76BQgQewqRPRQ44WXXY+Mz+RntPmq2i3oBfoFCRAP3mSjQJK1z6e+xl2
+h91yAn0vhp9QdwUb5f01kYH7Wz12IuhCxVApMRal1PKq7afNxHUMaG67XyfTsvCr
+GhBFmO5uFV6s2S+cAve8vdG9f11Iq4X2zX8GwPY2rtjjg013gsnyhcQcfDbGIf3D
+21l9Wln1aqQa6ryUM5Q7cjrOJTB0S2xb9ItP/Ma7bufNmeiqo36U5pe2m55XHTG0
+KvQVjW3y9LiEFlISWsKjLIwYOHFcWRhBJlzFHhf4iuHolufqZMmg696MqauCEF6q
+RtKDFAbkT6pDE8OuuvYh6vPjwDsse5nYBGezjXGWHHI9cSXQE8RGI8QAAwHidpUK
+mIp7xCpmMcCOKEp89eErF+5DW41fqg1QVnZ0Y6AJcQcpkO6iAgb/ci8dfD+t0s6N
+GycmWKe/SiWPlfBwFNuzw7A6HxsUS48Mxq7CEYfYv990SAQrLWwIgUxELcEd8ftT
+YOtdwnji3VgbGEvMmtNVr0Ve3+ilK4h/AjidZ+YzAuFEdwYjtAHuVr0fREoX4q2T
+gj79ZlaEnNXWaDcVX8LiqTAlWBCd9nFDv/EEgheptEkfY2/M7jvlMSokRXWibZZ1
+48xPg4duUcChEGssmnzebdzNrTvLPgjNeRfQfc5XcgSzJecCrBBpLobMGyjrMeH7
+oV7vV96ll3wpvAqvP/GGkcgBX0TNRTntH1L0u0AQMiCvXL7jMxNr35c3la8elJfc
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalkeyCertSignFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalkeyCertSignFalseCACert.pem
new file mode 100644
index 0000000000..7ebcb97e2b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalkeyCertSignFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 27 CC 92 74 D5 0F 97 23 CA 48 E6 84 97 53 DF 65 EF 38 B1 CF 
+    friendlyName: keyUsage Not Critical keyCertSign False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical keyCertSign False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDnDCCAoSgAwIBAgIBHjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMzAxBgNVBAMT
+KmtleVVzYWdlIE5vdCBDcml0aWNhbCBrZXlDZXJ0U2lnbiBGYWxzZSBDQTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALuW25Rdl1a11hIRQCfJWGwgZNpJ
+8Bxjnvmd+5HmQB2uTgWTPpIs9xfWCuOqqCD/jVSS97nyBQQtp6I3dQvU7Ssmkz80
+7y25FvrdcklcYjFKeKra/Di2suavIb3nlf5H1hRIzIejKqFxIDjT4QOi+kNdArr/
+cJM1nrZEhnNErXJ8qDpcb8k4fzbmodDbV/g1zvqY/vmh4iYv5qiw3PFRR94e613H
+gatzeOgFdu7EpTGAbNp0cGnsjvSuFb/XjY9EAtQoQiRmiiXbBnmoDIqOM7lktYJ4
+6Aly5kGXqXS3ZkkWERHRepN4B9rA8C2bppjGxQ13TKHFqeQfOgkvpGi7rVECAwEA
+AaN5MHcwHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYE
+FLIl0igw0FVobky1wkjzypsV8kBFMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBAjANBgkqhkiG9w0BAQsFAAOCAQEA
+LFhwyCZWomHkwIVAZ8k+3AqH8bVC/JcN/8St1fY/0BCt6pLeFOWLLXpflPlvvNA5
+SZbJLDfE3VOOYrYqwJEnmy979I1527wPGcj5O+jcDg2AWBpMt1qPPafftSGQxx7t
+UEWw8ZQvsEAab3Cof4p1/DXCJKOpx4zsXrz/OFBkSx+Gq6v7n+Pb+4g+IojVaxnx
+UO8xUAaQzjxv4yVfQQw3fzfrY6a99UBUOwuIPcQ+AKv80uU3aqgtvkoOWqs7R96h
+rnEWe9qZj2hCg9Fpwz1hyg2cXpkBfL5Kki5zUTaNhad+6iv6p+tXxx7W8qs7Fti7
+ziEwUI8u1HYLbCGCGFsuhw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 27 CC 92 74 D5 0F 97 23 CA 48 E6 84 97 53 DF 65 EF 38 B1 CF 
+    friendlyName: keyUsage Not Critical keyCertSign False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E1F05EEEC619010F
+
+74pwj8kKEJA3mS8C+eIEtuVZs2lGNc9hKvK/LXlUSnQuYgtfmOIch2rXgNZMtQE8
+LhPfxUrNGG+30b0kkrhdwTBiM2+I/OsoPG9qXZMEHtDhqpGAZhnj+FKRB7VQnt5m
+jP81Y/dgWTHct4TsJPdSIRVOm5rbParIijUmnQ5nAH8HUEExbbd3fzLEEnZVZDus
+rulTbJaSiUhKHBU+oQtZ9AGl1uCzr+uU4o5ihltA31vMjRfqxdnpET7+31WI/1M+
+8hUjXCb3kE/zxexffXiIlujiQBrPomd61L48rZiEvN+kKHbp0DJvaxyNvupzbFii
+wNCkOxfQzRUTvGDKuvFsLjAnwoKkBDX3Mn2qbUELK0l6q0598srvnO03NEZoLm5a
+Saz/qvF0M3jAChxzjd8qqmJ8JffWmO9DLCPpYDVT2NG68QSu5hbREle/VZtwVMqD
+IYw4iqyfTwwP6HN/20VsQPxId0Dy+Pjo46bmF9NUHDtSIYIQngkE3EHyzfLI5Fm1
+YHQy5uZNclrhu5mQaYgqfQLmeTpx6BqcIq+pmw92hHzxFslHIv/wFSeEd0zkTPPv
+DL8LIp7kairNy4TBO0/LjLZJOutBZ3afiKWD3HjU0MwDhvgiFUtmdA3Ok5t0c+Og
+vF3y1pM3oMEF3QJg28eiyX6ZtoMYh+fKjSNN2PjKfQ2H3z67FcsgaAg5Suxa8SCi
+Px0d8O130D5uBlwsRkq8kBY/bohC2d/2rjVRedGyGsNAJqER8Kyez+3OmnOnOBV0
+l67hw1rbzOO2MEz8dh6yfrqo7rHSuJFD5yl8G/u91ljkH3STgJaZSx0XzS9mdIpw
+z03lIgymSCRJEOiTeAVgHpBqJtCT6/efKbU0jkeJHozXgCD0QY7xK1MRgTr69ojW
+Tpb0OibL6NyDm5gMq6Hwq/ISjsi0FsGHBg2q0yBY+tepErZH+XMxav7Hb9hcuYU9
+YzhzCTK9HHwk6xGZWvXcpTpxyeSkDjw3+IPV9Zc6bfOHNJg/znebpoEosbrnHQAt
+k1xHvqTfnA4MJZWqhaM9okrP3LK+9V3fJKPQ161aFjBbM9suO25unR+cuBfWV/R4
+FV/fyrA2zpXZcG5gC3HP/Y8Nt2DbIkZ7aTcSKTky3p2puMlxDiBkD6fgHgjj808t
+SYepDYGqaVmJKX8dxGKHyjKfYsdwYuspSKLNl9oFSYmgdUfygeeDGXmqOuGmSovD
+q6iONPyKOH6p+oSazEJ2ZuP6nIAcSoaz6ueGlTATdDYm075K/fmNhEvqNds3CE7A
+XOn2wDlrxv4VMdDFpTazNpTGEo8O9rYUtgVTy5LPWmENFtCvI8CL63qcjAQon2jM
+yFcTgT9YqJpcabBFb87HunyG16Zbb/30PWh2c5UECDLzEkKSZVTg1D2cEcuD7IDV
+8Fu0GZPotOFDM84x/4dQPD4+wjHxqfPXmUNXIpt5sWSj/55uyS1uhEik6pznotoc
+ge+Yps3psIFb6AVr+vTBFx5FvRvILIb4iCyL/kgAs5bfSnlMdmSFN39wLUBZOaR+
+JLprx8Bo9qH25Wc6mmNPQjReGTgQOVIdsIkBaTpqqXEfZj6O+KJXIQ0gTGmAs/sv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1CACert.pem
new file mode 100644
index 0000000000..433445f937
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1CACert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 2D 55 C2 E9 01 A6 15 D3 50 78 02 A6 EE F4 DC C3 F6 64 CE 86 
+    friendlyName: nameConstraints DN1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID7TCCAtWgAwIBAgIBPjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm5hbWVDb25zdHJhaW50cyBETjEgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDIFZChS4W10eHwp3smMrXyTluiMJTrq0f8LEx4D63qlvrjNngGxCHt
+BOlFbIH3uKwK24yKHywpFK38bHLyDf+2LoaEYox32sfyeqneYurTGJ4sZ1T/fsZk
+lG/n5fkMlvIU0iu4eOkshyEEtvUGpvdSEg4a7TiadjmsAZkJkgBHV0h9VYaRYvgY
+BnDsTd8MrzKo0bNnpMgiUGtGJB9lB0DmhO51IelaxiyaJUVIsKUZfpA1NPjSboLi
+NLgKhP8El/AlBY3BG190xJ3a5xDIhDq5SRTJ16554PIIwzfE7nvY+9TpwfkYvVKL
+zCOTyrA6VnFwTLKc8sLYKFfmKNEboLafAgMBAAGjgd0wgdowHwYDVR0jBBgwFoAU
+5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFEF4QkbNTqiC5+E53/epFsAK
+/O+GMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
+VR0TAQH/BAUwAwEB/zBeBgNVHR4BAf8EVDBSoFAwTqRMMEoxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQsFAAOCAQEAaRFMK70B7a7bqMhucX7K
+3AnChP1D8T/CFQUnOWeC/yKAcHbplQf3uWzL52ZJIoKLJaT7dnCuLxx9St/m5aCI
+MKZuIda+85I2WisV4brJJWyZlgLauA0WLZuEswqB0viCZG0vgtWTm9uN6O8Lqua3
+fnM/0WQtcmMMNs3NWN+FTX6SHIu5Z/DuUZWSF0H76jjheSJG2wXn0TJk8RRJ7mn5
+dnDEoDFUpePO0qaOjl1KGov28zz2QGIr7Nq+S0Z3Gk1Z2O3DlgYMeYtqkiMPKZ4Y
+sPDZIABuaSYI1o0ZoFnpLgiWVWbBJDO3w5x6eIS/CueS8hKfX0h7+dIcgQhABleo
+2w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2D 55 C2 E9 01 A6 15 D3 50 78 02 A6 EE F4 DC C3 F6 64 CE 86 
+    friendlyName: nameConstraints DN1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,898DAD8985686C96
+
+QaviycojHWt2k7YjmdYJV70orCk2E8JuW1arD99JAJ5AsLFVi4NjaOuB6HVp9NmV
+ye44weLxzeeU5ngFz6cyJKSeEP5nGdAbcA0ROYPHBcj9oEfXOiVV7cf7LeGyDtaT
+hrl9+fOgepJm0CyQy0cuV8UqYwrd1ebjSNtq+Em2HWs6e0mYxhNJw04xR0zlPNAU
+XYHLzKQuad8bdQsylfk1/+bYVHHtPh3gdXhz9g+lvpJ7zl5Zo9i0kS9X1ov2EriH
+BwrF7owBLgf5J3LJ0xxoIiYFmartTg3JncO6V72hBtDWLQv1sDdsOmBW6kM+x2Xh
+TgRHjvFk5LgHEpRoz8ureAGMOCELGMmYYF4qdnvgq9YM69LEooX1YMmSpLBpa91+
+ZaZJbHrJqLFUU6kBV6aKyEmhSnP19zQCJln3b6R/+PZFRVuagoO0Ybk1byBPegF7
+mxZXhnD+mO9d/H4+YEnuOZC5npuHo5UnLcm6h8eyKvs8c/dceF1fsVZQfm8n7Drj
+/Oid1cjLVPvkN+absGqPkFzWQybVuNOpA1BjBVUUx/jc7EBmEPs8FDqGNJi7hMqT
+Gj1rDU8m+JvkBskfVmEFJeIa38jzooKkcGONl/HeTldgpN0Hn598kvwAqgT5tOaJ
+L/sm1L67ETCtw3SXWO3XJdT7EnQZ4E3Te/Khq9Hu25eTX1pgKt4hRnTZGmuNY3PM
+oS7hwJY7YuLJtDX6R4f5+6E9v9pYGXPZpcMA0UKpXwcMtCHm7UYE92UyOlzkNxUs
+bLzmUbqkoX+/hYvoIZlmXeCZSaL9rO75anyjFZ5AZqj7lUCZGD04NHcJUlmmRzfV
+PozdDQLb/8xwrnCamRFAgJ4G4l4RqlAr7oBxuJOAqOn/aTz+5pzQG8BlSf5NYL9s
+8wRIFNY/YDw533+ZJMb+62j+BXzRM4uSiwZiAM5Wgea6E/wJhDu7vjmrZZOw5QXg
+pdab6gfFiZ6T5DKGDHVkJRsjqwIo3aINelzPT4PROAWft+UNH2jMiyMc4vk69JC4
+Gx0fX6DcXeSLZUEo+h3Df8GgJM8sUMu5uQllRhagjEgbjj9kZefhbf8HCM9msfd0
+ytju6wODE2laIjDYPaYnSqOoqJVDKhdxBrHTfQTUJ3yWUoxEByr1X3UrfAJqxd2U
+CZhe1vnA6QzNN1TfxgpU8zqsPZtblyCbhw4QOHjVhbfzljwHV2usgEdqyw9gH8Y6
+z0v0cg8SqVBJo9uE2uPsZzdAS2OrHyf6EPAjSCi5cjzihb5zzSeD56nhaTzFbs5f
+qXD5LEVAJzkjntNLBarTa5pEaOw75jrGn0YOBnYhlTEGNXzFxayidG70axn259lx
+Fz9KGBStShdoybnnW2++OOmX/SbafNQJYKrLtndQK6uaR7r2EWsORkP+HHJOPTE6
+m+h2BIuk8ow4BfjgtQ9/nrgOB73kdE0ajMwu6W+eaq99AkZLb5ms3B8HU/mjZiuS
+3RMdcqrG7GDUy91iYAFjKgh9yNxkx/imLFm329cQbRPaf2wV90784fKkAOYD27UA
+DZzx+qKCCiN6qB5h4ZVzqg7YxJyfOyVkDeKCeDkncZpqyaG59I4PopolUAaNABGi
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1SelfIssuedCACert.pem
new file mode 100644
index 0000000000..a7940386f2
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CB 29 94 11 6F 10 9A A5 D1 7E 8D 1A EB 0A C6 82 D6 C3 B9 DE 
+    friendlyName: nameConstraints DN1 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+ME8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MR8wHQYDVQQDExZuYW1lQ29uc3RyYWludHMgRE4xIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAyiKAFzYtdvEdciQ58kyp4foxdHez0Ho0jlCiy8aV
+7EdOkOe6I+BAIve44XQywvh4JqZ2xEkYhAFuVhZTpe419Fojtut1pS5p1MiP87y2
+eJ8jRJFMJ/O+UwCRwgt4G0whBAO10BT8ETwD7wkl5XbF5Q9cj3oB3ESyQC4klN5y
+L5lcnyMUqZ8e/fmiJD/M4siYIAUqJzfYpPgExDfxCc8Y5GolybvhVlngHn3mqa/l
+qjfkIjqVbB9qSEbS+vyrZp4+HFKeTxCNMri1UeRYIhm30XIEFVD/c8Z/e8FqykQH
+ZyBeEpwb5caoS8+sPcQ9DN2afMEHfVCZfXyL4P3Gj3MANQIDAQABo3wwejAfBgNV
+HSMEGDAWgBRBeEJGzU6ogufhOd/3qRbACvzvhjAdBgNVHQ4EFgQURZ0b7sX/48TH
+MDhMW8ddVJlywLgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC0BCN3q3RD
+IGoq2eKsryXDduFqAJca6+jKE4re+Kmy7PK4f0C57r6za/KQTw3fDgAKPi6DctN7
+BoXiEL4nDtNE29OuuMPMQmpyZZ5MF7H8ZgRrzYW3OMbu48lzwcBIZ3eCPY4rL6uM
+OaBRw7TXMmFVnxsusN+SB0o/FXIslyKijV5ZACP1Bf0OotzZnsiWEkGKP2H/iDxs
++rxLVYTyowtKi4EmA7M2a+2LmGvndpB7u0KghWDL+sKjVa4PK2r/9AiulLL+FJbY
+x0Tal47siI1yC2P4XXj/8z5o8jrYqJFY8QNAl7PO2vNzo6CqXF1QypNAVeDYYCcG
+ysMMqgXsj7XQ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CB 29 94 11 6F 10 9A A5 D1 7E 8D 1A EB 0A C6 82 D6 C3 B9 DE 
+    friendlyName: nameConstraints DN1 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7CD8C7B701770883
+
+8mw1OmIgu9bYNpdKlNOkfCqyRaTWDwE8zFYM2nzVrvKLVDEnmbQCCQdPWHa0Ny4d
+6DLcYN6Pu4TGFYUN8Xfql/BfagEfKlMD9zen3AAMhRO+hfP/CP1GoadjI0pG0Qnc
+whn6th06VS6PR1mlKhsR915J07m6+IjJUdA2KsmK6yxC3iY/liZiIZaeosOsYR8h
+ROrJ8kGOBPUVhhPbMC2t4QHO5xM6bon3T1Ng+b7UUCH/N7tkvI89wXyrR9nJmkU9
+T5Xb53cf1XC+WU5OmnjuZXGBmnlPTHu55zUNBsFVuiD2F1QLBLUNelGox/MS5BQt
+Nh9ca7140ntp4cU7NFl7CI2hjqRPyMCmwCgpcoCZmqo6G3hXk/3uF7H+/nYEK+bV
+0+lhRuitBdktjwhY82GXnSu4SUUtjsQv+6gXaT5qu2jaJ+i6MNbJie9myqh1Yqid
+bZ4pbO5VEyIcd2eVpAvTohbXYT4iBO656nOhQwzNxvEPAkILFGSwQlETReJlI1eL
+QEBb7xld6v0e/EMH7U7eLQaf3YXK7c3dtAwlEanE6whS7CQVajZD1BeecQ+rQI5n
+UNcm8TZnNm8koJiplSVC7GvTUEJHPV2L9AkIvnG8zEtvuLlUWlCRZnaxGfkwsreP
+U8BS5y9CBSlBtAdYMaLV3kWtDXIx+pXdY3m38T29F0A0+kSCc2vEakZ/XTPWVkQt
+hPz0EU6OAdvEppwsgmQGzAOiz/tLeNg38MBvhZI+gOIKa7tMV42egmm+nlK2xeWU
+j0OmcIBaws1u+x5DT/8NhuoycWJFxH6zjCBupa29HBc34+irHXzs4rYYK8eUZbrJ
+vdUiPMOvmXEfsEyOU6tDeJvpWRjmUAcqmdlx1ccZu/7i9vRxbq0v+X00T/W8iujJ
+yGNbhbPeGoB4cKUSdXpnQznjnajyUSI4GUNkT4He9Fzt2PpgJQn4jLj5r9crlp2i
+f/U+ldZ3vWuqVhZf9XDTPyG+0/xuWq3LcoPxvOkn5kx9N4KXoiGciJiDuaJSdKLu
+sv2Z+qGOyMydYlOr4O47jX9/rKdO2MyayMLg1WbPi1/d8dFDDfmEJEu2b9AeAm+N
+ONudAw8ZJdgfTVGvTiu/O629V95UgJ3iMZu0hNetai/Ned6og/ixxoh/AILDyVSk
+EMEGHcanWMbQ4YlYbsabhnBZaKJMkoTp2DomzN4n/DiP3QMiAnKfUtcytSQngW04
+IT5S9mupP5UVsv7Kg/AWVUXnBdCWJLl48GUnCCPUH4IlMyoz34AOne8K1TvEZ4SM
+qB6FdY+ixm4jfevDEzj6ldu9tpWlxBL49w8l5Tbnzh0IjakdZG9K24nDYf+2uhWc
+6h/3XS+xs+Hf/8bXO0cb2jVldf7178j/cx6MwA86/cBU6N4YTjc9WnPPixceiDG1
+SXbqEavWw9LUo99hb8FeLg1yYOQ0ElVJMCQO73Z2Jfx9QOwjQoepNvQ3CGHpUmym
+NpRPfQ/uFhvfuGWktgAtz9f++LKqCadSGKYw9QDGYyysXfFcSw6GLF+GLoVOQGpU
+F9H+/6jMZrKik1zd6Lq3YVTXpM1to0tUzV2mZj+aAg2A6trIGkiNFEWbkrAAQ6Qi
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA1Cert.pem
new file mode 100644
index 0000000000..fe77c2244b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA1Cert.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: C6 87 C7 50 18 D4 BB 30 CF 04 B7 F6 50 45 7B 61 30 41 E4 B3 
+    friendlyName: nameConstraints DN1 subCA1 Cert
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIEMzCCAxugAwIBAgIBBTANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MG8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0cmVlMTEjMCEGA1UEAxMabmFtZUNvbnN0
+cmFpbnRzIEROMSBzdWJDQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCnk6DcIUFQfwdRiYfWRy4EZs8bttqWQv2K4Jtx+hcVARrTeyf3hXCnRZBclltV
+x7k2TZQcO6kekgMsxEZJikWB22yP4V+DPt/84pZJa9w+KIcunpXz1ssAfAGav2V8
+XgJHzxhd7UPLi3TAhlRR7n6WfeALE3al9cITYH8FPUDYOREbhLGMKpedvZN6sZPd
+gPVHztiKu9uOODKJAC/uuaz6/arV+3i/tBTEIDCSUWT55Hru7lbuWURShmLgzwCn
+rhnnH/j/5JzPX2/TQtIJFAPVJW6zf2AAPLBf2KgwfHRb6f6FqVDjH2KZUa1Vxt6b
+TUq2xWzJ+sZIqqNU67w5RirpAgMBAAGjgfkwgfYwHwYDVR0jBBgwFoAUQXhCRs1O
+qILn4Tnf96kWwAr874YwHQYDVR0OBBYEFOE4DhQYFENczudLYscawZL2ZoLqMA4G
+A1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/
+BAUwAwEB/zB6BgNVHR4BAf8EcDBuoGwwaqRoMGYxCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJtaXR0ZWRT
+dWJ0cmVlMTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTIwDQYJKoZIhvcNAQEL
+BQADggEBABBmPe0Z8HrHPHka4JG5rGDs26rfKj2lIb74k3MJsuytdIUeqbFdCrH7
+dEjwAs+UvRgDDRFVWpWpHG32lk4hacMLHTV1zcl6gcdsOubVXfgodDLaZnTMtV93
+NV+cGJohowpkmbERLZDtM0/LXJWFbl+BAALPuJ91QwKdEKkImTBY63U1A4BKbmTd
+WtHnLgJjYC0Z53N761u7cwfpvxL2IQDKmFNHQI6dMkdTxSv5TOzPrN8A0jr63hg4
+D/QBm1Am0fddg+SNx34qbGpGgBorp5pPzowDCQWTJU3qbaJ7wTYmcWIE9uoDmaJq
+TaS/SCkPfhwzOPyKNt7KnKIn/acNHOw=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C6 87 C7 50 18 D4 BB 30 CF 04 B7 F6 50 45 7B 61 30 41 E4 B3 
+    friendlyName: nameConstraints DN1 subCA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,878F62637E80B8C2
+
+SV/ST1+kWuzYixZC8kPSiVyzK1EkiPKBCf2L4QZfVVwIKTyP28lr9axgdCAwe6Kj
+R3HvZNoXePm8ksVi+Y/PyiU7cqwROMw7AW5RBdw+ujh4m/5OD1ZS1OyR3JpbnR8j
+ggYzIvwuTXr3tiVS/4ZroMYCMoBqrm1ODkm+qdXap22HZLpK3MBsCHTJ034iRdlU
+ZJK/p3aDS7ZrMJfn8u/PEYd9UiH2JuOx3hlrsJ+8yWayQ14X7FrC8bbPQ22OK5k1
+lYh4WHqyBe4aYu+cicgLax3Q+yLgWe6k3L1i2gfjQE0YVy2rU7YfXDIQNd6E32pE
+zVqeTIiQc1wmGrcCx8kTJTWKw5nIOyDDTq8BxDd6tLZwVEgczhtxF6l2y1Rck8QF
+KLlysLKd3DD9sIf8b25wxQ23QJlf5xKlP5qpkQYFqr6ygh95TFvs5MAVegA/Vh3m
+siRB1KwzaZnwnQKAmh9Nyti/Aa1xzFEqAge2JH4F/XukFiUfsGPsOBaH2DjsU1I2
+Ovc0brxyYfTxMrNjC2D2r7ukkvpryGAxRMgt0Jk9Hc1VFoqhpxvHc7Tf3KK5h7K1
+pG4u4T6lrAIpJKqLW+NgVXTeDNrWUs6ut2yoYang6wPSunudN/nAKwFJTNBnE1Oa
+pfzmmqsuYUowLY3NPfLBW1mltbE8WrL3M7SbugD3/Z6z9dwuICljwRcZlRKlzf8G
+swX6ZlVB2DJ6JSf+Uyr33tofCewgAGF8g/nFK/tDG2r1PdPavDGf7lA9BWUUD0MA
+WujLOa9+xn5IF+xu/9SNz1mAyptLRWmeimPzYvx0v7Yq14VcfFxNV2roH1hLH89l
+y0AFkZdKZzIzQ8Hgz3xzRAJKJCyeUVH0PRm76Uijxcw/7ZwjRTuEkuISmz+BlNEc
+sIgHnuAi4zZFp5blGglMpxCzx7dSngvXV4bcoA+iP3sCADo/no4/wG5ZNbBpRqd8
+BmQwpaQgpcFceV0EIvkG7p1zUZg/AD42Acu8lCSY16V06yiaGUMLNIYfdicCr1/K
+7jm9yhpsIvMQEmUmKA980rR0PjoQ35KKf2BUYDU5cBTNwWiZe/1CG3IRXkzDNwN0
+nPyj2/LW0bGhnzTvUGmcy5VfXIbDMKLr9FeKaEJ6696hkq7meEzbVHcN/SqdbaZ/
+dpXc5f6pP+Zu96c7hMt2w1P1J0tEqI1qa5nhFXJm04h6RlNSOesQEbSGIklnRSfx
+/z1jeUjVD9QKqaHQ8qKJcnj5i2GSOmmgZenxd4cjfG3sNwUU/W+6XUhmZBZKSg9e
+G0u9jeAeHGcuno3z+dayE5A1p0w7RpEloDp+401lTtDmbmqTqCQYuc4fhMjrfsqJ
+anro3XJC3G5R9mAcTxqVE4E6po0/JSYmoielNfmygL3pRa1BUtvjIkFubDnt/XAh
+9qExwWUiRZMaTYhoaSksrvIV+C87ZMwDr2XQwb8LU/CrwNsfOrAKdpQxVb+IxFRd
+7NGKnaGcW6UkbKzW75UeeK2AvDyF4eDWWbVsQxfll4AgzWKXVWeVY7O4GXaBgo4s
+Xby/2ufPFX9DBac+g9uSLHlKlba67C3ZVtfblRy99wcYOXjcR/lUcjlZ5ON24S4a
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA2Cert.pem
new file mode 100644
index 0000000000..64ebdc93dd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA2Cert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 1A 1A 6D 42 92 3A B9 8C 84 27 B9 AD F9 B3 53 39 28 3C 4E 3A 
+    friendlyName: nameConstraints DN1 subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgIBBjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MG8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0cmVlMTEjMCEGA1UEAxMabmFtZUNvbnN0
+cmFpbnRzIEROMSBzdWJDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDYfm94+1UckIWrnwOecmHcjFD/KNLTJI62cn3LBu7L+B1RsbKRqB/a8NDKnSjd
+8LaqxYztPgbS9ll+67sq/Y9DTSGTep0wFJwJS2n+wBTu88BhOMwMX6JjyCFSM9a6
+1nzfk7X+mRGpcSyeqVABl173PxPFfyV2HSagyqLtwc/8uouKrdhcTFgTzsyqOBzp
+f4+OTB7XuXt8hYdgCfNlPbX2g8kH2Db4Lx7OcrJgP9Ybb2pQZQ7TiBRiK0EJa/WH
+hA96xmvR9Sq7lXnsk09f3lnP3KPeoPfd1wN2rRJ3aMl63dAbfBEdzX7T7Z3RJz6N
+bdndTYyo4SKwmO8kknp28pfFAgMBAAGjgd0wgdowHwYDVR0jBBgwFoAUQXhCRs1O
+qILn4Tnf96kWwAr874YwHQYDVR0OBBYEFKIvWINbTJWXt+72h7SXDuB/4JcVMA4G
+A1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/
+BAUwAwEB/zBeBgNVHR4BAf8EVDBSoFAwTqRMMEoxCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJtaXR0ZWRT
+dWJ0cmVlMjANBgkqhkiG9w0BAQsFAAOCAQEAwEwa9JZVYlDzDjZFQxuAlxD/pw1x
+by1ylmOBJnq4eUoS2fwEm75O7lQKQmgvLnWtvy3vnrocTKFTv4jSYldVGqT/Un5N
+aopCuIiH44Lr7z/daBQuSPsWPvtRK04DrNXG7BRj6bubn+DdjTsNT+V7HaFwBm9O
+8QFm7V2T7NmeElnxcasfNrk96eHgqMyOt/nEuvklmA5pJbcmqOootaIkaPfLlvlC
+eE4BlzmDApxSsQzHGHX7W3l8Ulow9BjylZtRRPZ2uM91kGattzhMF6t2dZr+ey2C
+BHze/rS2PoFqCFYyRyTWchqXnifv5dqV775zO8AadT36bE3vsRzKogXLfQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A 1A 6D 42 92 3A B9 8C 84 27 B9 AD F9 B3 53 39 28 3C 4E 3A 
+    friendlyName: nameConstraints DN1 subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4269A2ECDCE2090C
+
++Qhp38Vagkg2P/lTyPzuTW/h59JEkrNByCVkqduIDtNYw4buUpCfJFM5HE51KH5J
+VeznQs/fFq8CHfCwNCNWuNzxORfdChC3B/yzAZ8/orcc64FCFu3+b2FTmnylZmL9
+aDSITryOjY65OC2g50LsZDmFIGEIDgh+z8s66/1wa1MtIJNHHPZK2ZQeXLsHbG4D
+n5ppN895s7tpvnSTiAB9UacY1lVw0Lni1COPWJo0I+83r+T48bCZ0S0Fl1nGyiiW
+/RveZURedIGL9j0bmsFeS/Ytj8begiSOCCvch2ASkWiH8FCPWoU8mWSYG8AzhVJs
+wqApVKZlLywEXrBzdMKY+8VCYXluvLV574I+sQXe9+C2Lz/MsL3i+4mNzKld/NFq
+SZCKFBiLAGcc10sN1j488eIWubUokR1FyYnRRnh2R6XYzrfHNOiO+EVvPHIVISJi
+MmytIIR0H6gQwgm9BcWTORI7P1ZFUawghBcyuD+/YnwZw+zt8iaoITvJH668d8o7
+r1v9VmJMB9UqKkiG/CmtMtV3mn68QzuTR/DEEBmDM/OI99Cc+2o3h36fvJe+szsX
+LPknnU1vaE/5KA+skvdHL36gFZ7b8nM//UZGtcMSkPxa6utv1azrLBgYjuc6wOtu
+nDr2tzovOIDVNj0zdl8+OvSy6yNXnRiq4cQMZQwMT2X8nmeBAUPmapZYW+4nhyc/
+SZr8G4dV8YBySbM8a4KIpLC8ziyDL7LGdOdCteUudB2RmFRSy9FL0ZJZgqWfDYxR
+CbZ3DMk3QI7vl09iAiOJKhwCvk+iycBI5Oa59UNs/YlQWI1I0U58Mgp3NQa6Ug++
+9+GgTM34nFn/VBBdH3VkHh4UL3QFhjGvMgTFmgt5f5tDsXV0oFbOEjBUS7hozXvZ
+sTMKJgcrxxKT8vRvBkjlaF2ypP5jiZwkx/7mrbe2trlJb1et0Azg55/B9wxcsYXD
+RKgADxISTvWykWIr28PMdWaDCGLfqx+RXNc+vEPXZiIKMWL5VGJ7m4gWXtoNOXFO
+nGGos3gbk0wNWhEENsSia9Gs6MQVngjz+6O8wirpVGBWm2oWazDf9M/nTZ10cfIB
+SVgMJpt9IUWVZHHyXwrp/vV5cyv9xoScWifMrAuVhhUYjEpuJhUgJeZwlfk/BULs
+iPCxdonnsT0GndyE/BvPNrIxzKOoLH0SIyjnw1shomGVtaf6yNMwSXJ9vCoSos8F
+X1zkIFPCCTW09lJZaa649XE5oDyWyhNh5qb3PQXkFGLy041lWhdMI7yHPcIL4qfv
+GuKbUsfv6u+PQ/PN94dHh4zO/V4WJCsEul1BpGlWPWQCcFE+e1k4j2pLhH38N+QH
+o9nUmSR6oM+Xy9erc/VXzwdwa595q4EgrUhBdcAsUzIS9NeyT6r+VrJgs+ZHFpT1
+QxTZXtizI12BJ+rsMgvVTEnp52/ve2R89NEFQ5arJWd8oOlG2LY9WO12QrmMqB+U
+odRqoXsHqBMJzd9rONGNgqYKnDWAKH6yjMWgYBlR6o4/8g2LaECt8F+tptPjTogu
+smXuFPCz9LAawfCVdJQojHp0ZkFwYZ8g9MgInrwQ1DPXKe6yeXS0ztYepn4Slgf4
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA3Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA3Cert.pem
new file mode 100644
index 0000000000..7e7e3070f1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA3Cert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: EA 66 BC 04 84 6C 50 5E 6E 12 E6 29 D7 74 24 BD CB AB F9 41 
+    friendlyName: nameConstraints DN1 subCA3 Cert
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIID3zCCAsegAwIBAgIBCjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MG8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0cmVlMTEjMCEGA1UEAxMabmFtZUNvbnN0
+cmFpbnRzIEROMSBzdWJDQTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDELVS/5i1Vg6yF6gHTSfiiT9ULjd1sFFXz2fXI53H0P6d4KAs6CS1swI52BA/X
+H2sg3RRnFq6bkwYtkGdUBBLEoIjduP2ntNzeUH5Z+Wma9XiGXSmpG4W9rkpxYB80
+6B0H6sJ0wkSqWjcCLxsAO0E3xDlkSZIxLkSTeXv0KuHwKC/iqQk1yrjIrw05qhWQ
+JcCQRWHyovQsIomY3TXKrCzZGdlVzX0wBiu/p4uzgo41Fg5OCElt0ic6D7Ds8dsN
+DHANWBy8Soo6OMdgtH37U35HS7r/YQRKuxqRrmrv5yRuVnEYHz2oBA2Qdzemb8or
+KeV89jjvkZOqhw4RYQBDlKyXAgMBAAGjgaUwgaIwHwYDVR0jBBgwFoAUQXhCRs1O
+qILn4Tnf96kWwAr874YwHQYDVR0OBBYEFCdJ5ATZRfpsmJRs/O0NwyRSbVVEMA4G
+A1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/
+BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoEUdGVzdGNlcnRpZmljYXRlcy5nb3Yw
+DQYJKoZIhvcNAQELBQADggEBABeREf5wmcEhE5n7e3p8axLkSf8m+dzgp4ibNJz3
+L/AHhHQOSWVpz6w/4qerFs+ZpQPkt6SdPYmsyGSQaw3hEYZ4mKP1wYIRoBNN9iy2
+TaZsjZKMPdqoDUoQnBBXdYOOaLgOFfYaCD2AJRGbZlOqTwPZHHFrATZJrOfaXfqf
+Op+6XMfwflnRs9wt+2E6URRam/o9/i95MCysxE8FIUcFAzxr81UzOyWXysKCN2aw
+QxbWkWOlrjnA4+oTghMtR3ajzL8F9ryk5PYwDxpXinoGuTNbAfA/y2At09Y8v773
+CwAw83sKoZfejzc0m/+7+fNhJuaG4J4C02v2XlafWYAvY3k=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EA 66 BC 04 84 6C 50 5E 6E 12 E6 29 D7 74 24 BD CB AB F9 41 
+    friendlyName: nameConstraints DN1 subCA3 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F8DB07284B0B15D9
+
+cX38pViubeCOwGjRlyZQuL7cMJNmDlNuxonZF0Em1JtKZI8u6wHOBd1fU9Auo4vt
+vfdQ2H0Nzn9zOt5bQ9ZNlAGyYKbyZStriCo/Zf7gxL1mvXQyOZoGHKYSG86HxAuC
+qtQPYyeAvwzOlXgAtHF3x4drhFJto0Zk5jwvYmT/Oe6wOQ/UCFhxBomFnHNz75tR
+yOky54EhM9dX0JFcnECnkJhzJDUmVfAA5fHKtYFgbBXMeTIXe2KScTofsWuPGn5m
+MfAOaOpb0L+mUlFnRQEKFtawADyAjEAu7hvS/8twCF7vofBwfrl3+l2BB1f1NNde
+XTWEFLSpMCGMUaHat9tVQumyjEzh6THPq+Th1NJ0ZfsH2JY511aRcXrJH9GMD9QS
+iHlc54H9Zp7gqYSbC56Zj1kV5Fq4DeSMNbDlYAOFjQriRq6j6gv63jlim/taMA4f
+pamugPEn13SW3TtN8UkFO41jZ4G8LUKDnsA1PJOVe3uzTd/4HVNBurXuqU6667C+
+E/+4OqonJGggY1W8FC1Y/P5qw4KcrlVFKZ+tnhoAJ7zMXFUvZkru+Es6/zsIIuHZ
+BTW/Ki5sBLG0BjgxBGfFiYvXOHyA12GFSEKnZJ79dLsianlQW6PXLdaMRMoAQtUl
+ojO/WUXzTfwfcT9X+HmBByKVXVbgFDQOLmI0kCO8jQ5p9KRDnKAQwaYGFnza0/Kl
+J7SGMMXruPzjkuAFt6GJY3Bght8Oft/sAM1mRxu6hpNVlonoKMxR6h3/vLqlQ98I
+HsglCKhJsUUwoKNSFfeYmUBDoHKD+n73V/WZAwIBC4uOdKy5RqRKmmddK2boEu4a
+7l0z5DEgpsKQiM9d78h1juE/obZAc/VKetGmE9aYTuWXLVwHbsmarkC7osY0Kft5
+Kk4BZoJWzf35yd+vlMKOaRrI1+XyHMXKpPDlOTwXwkLQ/mLPKbLfJZ/UjSiQv+aK
+dfMgcb+Gf06RjZxG8WM9mLApTF8xgna/G7UlZ2o/oggl2FFmDgtiwvK6pcNfbR5C
+hOKnDLFsFM36RhIow7jWE2OaJ6BF086O/o8iuhY5t7+Bdle35TrviqE3P726r3+C
+Q83JWKpNT2rP/BlPqyi8mBF7BuLttCgJ/xU4s5EW6a8hfB0M2kQMhFkSqw0oOeZa
+fJgdWL2jGS4O0+sK2Mb1/s26AC7ZFYKEpjzkeRl71/iNXB+vNlPoZoLvcYs7g4EP
+0ruDraCADs1+3rgmXeTzUPj3KAIUQwMk64YEosnj+oAF8ub7BNV0wtg0lUj1LIIf
+wc134En4br1fZkB6OsOWUgHwiwTajkUs1oA4ZnnJo1xqpnx20145L5val9CMluus
+stJlbZPZEAWVZezN6nKYeCD2EelGPMd9TYTy7DA/yH9qtEUb4z+FrMZVH8kPBSzV
+b5wyq1UDxDugGwUASVtueVUwnRB32gWoNAYLtO5sSdD0IPh/769yDKLQh3dw4wt/
+vufSZ6+dfaCsBGwir06luI0wA9DJRqSML4Sd5p0RKtxsZWzFo9uFPmLjQ0/w0AFk
+wIBOx9lcG+9MYWrz4T1Pizk5oMkr4xeD9W1iqL54NGJcohEEOPHvr2ng4UF81t9Z
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN2CACert.pem
new file mode 100644
index 0000000000..4cfd25d98e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN2CACert.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 19 EF D6 CB D3 A7 5E 0C 9F 01 8D 1F 2F 91 09 CF 97 82 BC A0 
+    friendlyName: nameConstraints DN2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIEQzCCAyugAwIBAgIBPzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm5hbWVDb25zdHJhaW50cyBETjIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC+uNFCmZxvCnJAo+o7l2d8518z7l5vjF/XBRG+Tdve0kCfVGy5A60A
+SlhV9UvADeYGeYaUdz3Rz9XFRYWClMFY320x0AFalq4154wBCqF4TkQnYBjyNqa0
+vLgVgSDidP2GaO8m/sNLn1fGgEjXJ4Dia+MzTgYPJJrD9nuAbEJdrfaQhGutvPAi
+MY8kOGUxQuVipV2OoY0N1mcdrJSHDD6nLeDF+U7Sac+dGFv5ip6Di8n5cLliSXjF
+cBlLx9LepOF0qYI7iUsHyjql/Zk1SQ6tQziobs/So3sXQOAI4tOfQFfNCoo3XVjh
+GU8ya1aLaJ2m1nWIw2bLXcMigGGF4EUxAgMBAAGjggEyMIIBLjAfBgNVHSMEGDAW
+gBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUo1fZW10Rs2D2AGuJUSuC
+wwlzqHswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MIGxBgNVHR4BAf8EgaYwgaOggaAwTqRMMEoxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQL
+ExFwZXJtaXR0ZWRTdWJ0cmVlMTBOpEwwSjELMAkGA1UEBhMCVVMxHzAdBgNVBAoT
+FlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
+ZWUyMA0GCSqGSIb3DQEBCwUAA4IBAQCXLrE60g7rdRWgaKYMWCgs6s0i25R+9SIl
+U4UNeepOEONu8pSbj6uUrtGdqPNTZ7HIXzYQ1mPAvz2gGM/KIfumIcZn+A6ZEwEi
+9UdHPF29GwEv4hU3BZ/QTxORGe5JxgJY5be7PCVyIr5vMf7RQFKX0W72Se+SK2MI
+vPosq6Iufv9L0rdURTq5QKfPXwq8WbnDlDzwar0puc4yYrqsmxvBfDN+9Z/z7gM2
+5uoL6hd0D1U/Vo07NNky2i7giYKrUkOBEW/kVXWIgM86ydsQAOsyiIepJTW3b1Hm
+gxUGkn20eEftf/QXo6gFD/o0l5dRXSu72Kh8UdkcJO4alD93qB04
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 19 EF D6 CB D3 A7 5E 0C 9F 01 8D 1F 2F 91 09 CF 97 82 BC A0 
+    friendlyName: nameConstraints DN2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,16772D615E954514
+
+JOX8UzOOHGy8yxYErM12TGYDaSXLNt5LzZ6s2avjGWygxrEFG0ffQIwpLFpUy0iN
+ytHlkT9b95kizmN8egDUFKPfnkNJgbZ+8x9bfSWMp2MWnIypcxRdeijPj4Sfhcdt
++oHEQ4XPxlRgvh97yu8mNg48BMvPC5nSsd8oasjIxKra5y/U5B65H6knfKqqkCjn
+ylOoagitE2XZE4ScZ6EoXHsGTgPwHjQT/k76WDibP72i+0I2lcBUHZkyBU71iqRR
+q3KLydGQKKl72J7ATCY/jPVCojhRjaW6Mlg/UGJZCJWQC8NI5CRUWt+8y4d7i+rp
+98yJVogfVlVqIC7DIdst3w9MjNVMGIcEn4T2grg19NrHZs2LaespWP0IsB4Z/BZ6
+4GHFg6wRkEBY1b79wZX9ykO34CbPr0jIfHC21p8/Iyy1NuGHIhS0EhkBffDl8qgj
+HJch+e+XolU62jZmo1cwUSkZjGEH3v+Ev6dxw+sVug16x1H7bccE0bREqEIrB3nR
+r5UDUu9GQNI4Yr1C7yJ1WLYetUOga4n4Vbky1pk+31xgjzOgT2xztgfNMN+WMMMG
+rbsFXxLLGblgd4YEaqpSyCJnkjdWjFLL5tOVa8BxWMyKCl/ulum+SZjHWH1zZtSP
+q8A9l9nuJ9xhDfrvbQiX8MJOkvMhaAFCqeULZszpIk9pe6ym5ULGKBCVycFcsByX
++wWrsOt49fOrs2SrwMCh4R+5tNJmBwrOZCqQKCtv2BL0T+14dJ7BIwCgFlx5y5n7
+gC7IyHS6olm+MSsFFtv9q70CmeUC6FEnoNxjD/HW19XPsYUAMJ57a+DMrZDQfo/w
+0zC6DgzNk9saC8rauIxA9o7pII+ap44tkwrrT1nJ3GCYBsjmB8kvWCwwBmWpVc1J
+kjbu4xP2JBFv8Eb1OFL0tz3unduddqDHVUC3QFEBZGxAjGDdspnSUA5/FUo0or9v
+f4QeDyuQ6npppqmkA0N6d/cKkR0EmACo7siD7JSxOJ/XwIqrKurDf32MOxlOZUlj
+EuXx3PJGH9CrUQGaAAIeRBxNePsUr+lu5Hdg4eFWLU1JFy59OGLplzZo/mwd+2Tp
+gJ7LYFAyTUQd2XDGtVt+1eKWHVNTs5RUx9bysVu7A9d7lrKlk5AnklryQoLrsrKW
+RN8ne3JL/ZAE+CZE63QuRr7bigx58msb9qcoqnJHlEl6tdygHn5k9iOBLelO0Pur
+uNwYl+oUeyGaXOPck8ijIJ+arTZDVcVJ18/ArcmE8EMyh3wzZswxDem+XY744we8
+8MquD8vzL8c9HUidDlCD2rhefmkorLf9S0hH7xOu2ESfUNFJ6ubEeSeQ14L8/YfA
+omNkTlALanYMird55b5/RnEPRYsTFSqh1+rJBdEFUCSDKnlq2GoIR+UcoKzy1X87
+CLc9rKYCXHAQ1WiHKa2/56fq2ltge9VA6PRAqCtJ0tI2tRtfu8FLzNos+OK+plAf
+ZxPkqYd2FzZNqeff2nkNm8FHPRVDqKeRmsMpitFUV80L/yv4n749uiSjgJylDliL
+v7ANl0pAvWzifi5f9qwm6GiQi4m9CM2Mwiy9d8NKiIkvqStHm/nJYCfiYLY40tqV
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3CACert.pem
new file mode 100644
index 0000000000..c6f95236a1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3CACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 18 16 77 27 41 21 D7 CA 9D 33 9F BF A6 19 A4 01 81 35 09 B4 
+    friendlyName: nameConstraints DN3 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID7DCCAtSgAwIBAgIBQDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm5hbWVDb25zdHJhaW50cyBETjMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDGcxuyIPM2Ih2s0FbK8O1gDt0zWIuExMS6mU7Sy+BgUCD9qstR/BNv
+8YYUtepUZyztqonXiNY1STW4FjumzN3+izaIH+9Ji6sLrc3F7U+G/N0mzungENbI
+HzE8xMOzNiChVZOXQuU8S6OhYn9gQBRm/xCJlwPSaymBQz2b6j/hwQJjzQG/pwWb
+hYhDU64Lf4kDJ0MENkc8wlcyUj2dHEfc9jq49W/5FcG7Gyhb8XUGQAasV8mnc+Aj
+hKwliqg8HA6Um8yXpRuKBv1pSvq5ZwnE0oWSntnHKjcQHvRkn8JCIE0JYaLwwx7Y
+ZSCWux3o/bGAEE7uZdS354a4MUzK6PqbAgMBAAGjgdwwgdkwHwYDVR0jBBgwFoAU
+5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFAbcW77HEjdZpIpAdHwJnUU8
+SqHbMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
+VR0TAQH/BAUwAwEB/zBdBgNVHR4BAf8EUzBRoU8wTaRLMEkxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRkwFwYDVQQLExBleGNs
+dWRlZFN1YnRyZWUxMA0GCSqGSIb3DQEBCwUAA4IBAQCATlxJGDbeYJueWqOhiixA
+PfOIc2ZXmtoWkeJv2l8Eyoy3LubjUgrpZA62jOvj+0irrrC+Vd32gO8pQ7NYBwpm
+gBqRgbCKhPH7U1Igblj2twEZozkMC0BO8YLfzXngKOIb7BJuuhG8KCMVPVtu9/Xd
+Abov5aS8tJh0cKfi3d/eu8XpYsPtPQkwodpKSHHXFZTJlYocJkVGdDIO7cb/WfPj
+pVDkpZdRiX37Rlk7CBH+YddypFZhEnGm9e1bgKmF2xgB0MXMfWndev7XSO7m+KkP
+h4yxFJk8XE+erQQQGxWc1RMEsXTppijRrrpqirF5vDFseW9U8C+VE0VtFxFkxlqn
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 18 16 77 27 41 21 D7 CA 9D 33 9F BF A6 19 A4 01 81 35 09 B4 
+    friendlyName: nameConstraints DN3 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6542BAA527CA1F84
+
+VnqjOjWVB6/8sl4/GjdA4vPe5EjTlxeppx2VkllUZHklNGNqpKbgrKSKKceNOngj
+GotRlpezuNh7kC2LlJgxf7pHimRGAMBEvbk5v/BkYjINVzHN82CUYfxswJclu8uY
+Sqw+5qBWEkfpHYfXLM9SK5DIgIcWzXGWs1ZHeriBF7LzqDUbcNC+V2OmN+tTGTt1
+1W1rPHhVsPqKn9iAHMhzqPAOtZafOKNZKcT6wNXjMhstmNARsv/z8o1kFTTjJdVI
+hnM2ve0XYcZVGW0oaoKGcv0IFsYTtay/2KMA4pr2deC8L5d8pPgXbihw6DWzSnD4
++VT2ehJ2vGAdZp0wfZyjFhoIeaeM1QMuoFdcHqzNJZHm34PSzHsuV4D7xiPZ789M
+ArnY1lVuNrwSRvSb4vnbc32Me/MqzCoYCcvt88uZC3Pymr9TbhcvbJRCGUsrA/EC
+nJjTJaVOhtnurdA6peIPN4yyXVBlG4sq8r/tdDPOMODmTT5UWo8lI0fuI1RtSnT6
+OfFGGgMlwMgn0jMhxN7M2rjX+14ieVlNI+fI7wqoPMpP9x1clj8fZxL0RZZSToZ+
+0RKIFGPh6LqC0P6rUwImPAas3GAKiSH1WibfQELcht41qapYQrlcWtwVbe6c72A2
+9L6vINSHTkeRjSLa2M4u2rm6CJOzCCtz6t6v3AQpkdFa5MlmpFTyDN7hn5VmAXMX
+HTiq4Wp9uhQ3Y6w3XEX9ubVriEzBQEch/gx1gYcOkHGF2KB/uyu1rwk62KaxUNcZ
+fx9/uD2scPQq3qseo7XM3+9LMXsUxxnEeoWnLKHWO+fBbloVYduhHNZEi/r9QZ+U
+1HX6cd3LeiCrS5gVZ/GJZ7g7qJzKoEk9C7qt5Yon6+AXsE1l1GETlfg45Jg70lyN
+lJXGuAjFmRTdW4ijf/CPmqZQe9WWUe+3VowhwmBL1Yv5xiph8kfvy3KxpIdN6qOM
+05bQ+hSOSVQad9SWXr9fYi3o0JXMfAyptrydnG6W5KHitvHNx3rnY5PW+G+3qPdF
+fCiaPOioPwfVSKTs+pcrUqq98C/7wL7m8PJ5I+MmNegajlo43j7n9CKLlbl1NdnH
+RlNUI18+J4bVH0xX839jo9hil6ZIJjvs8BEElLzy3yxLN3+vBNdX9zuvu4TL5+7h
+zU9HNceug4VDq+25AoqTWFHbD4Mi56EAD4JIt+ShGvVoJAo25vZo14pasRmbINzt
+Pm0HvxYQcoDNdtif0sSxNZTQbUdCaojyve207XgRVGFkOyJeOsJbwxCWehOxN77f
+aPJgTDeB4sqEX8//12AGRlAUTHG1VsXzvHgmLJjQsZFAZD3mlqB3BnYzwRmH1x0/
+K48OtW2N6W+Nh3UhIy/FMXngLBbZk65wBFmXqoSwjC/Jk/Jyok9EVRkoaqTb/zgR
+ev2llY82U9J+hcmUoMN2Adylt7Ts4b3m1XJiO+vW432L8s1jjPaHLWnw+OolqAel
+iGRQ5rBJaD9Y4W02P1erYIRgOeIBvKaii212yGKMMTTwU35c0o/cKaXrr93tHgph
+YL1BEknREHg3KkmRSd8U8YKe8eAOzHHidQ9G4pmUSbo1hgds+t+yMgVMWzcXKvVP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA1Cert.pem
new file mode 100644
index 0000000000..ecb84d4733
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA1Cert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 75 A5 AD 55 D0 4F DA A7 4F BE 76 2D EC 06 C0 2B 78 4C 04 91 
+    friendlyName: nameConstraints DN3 subCA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA1
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 CA
+-----BEGIN CERTIFICATE-----
+MIID+jCCAuKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MFMxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4zIHN1YkNBMTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAPnsQIGHFaqj7j4q4DsZNAUSd/1bjxVoJE+G
+wqa4MeAzBStBHuQAiUJ5PzxiTWtiUklQWrTqssx5qEAjUh3xE/muB4b3N/+v/A++
+oeolkUcbaCGqRUr8pQA6aYQNZJr3XON/6VOrLVwkKiOMAO6Ur8BZ2S08I2r+38aG
+b23AUyGQB3sFkn4TmC5eMSsY6SXBvr9bqsXJiT2DuORbB9sk8Cy07nOI37rO13el
+/51naQOf6/3S7HYYBemL6pIVynu8fdhmzZ9l6CHy787KDMOs+QJINoa1qW754QwB
+wLIINtubz1wMrgs/DWpx4BwSidD+L1bGOmTaFrT63lHb25NswAsCAwEAAaOB3DCB
+2TAfBgNVHSMEGDAWgBQG3Fu+xxI3WaSKQHR8CZ1FPEqh2zAdBgNVHQ4EFgQUgLzH
+LveOGn/xOHv0Nevd6VjGPFAwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MF0GA1UdHgEB/wRTMFGhTzBNpEsw
+STELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+GTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZIhvcNAQELBQADggEBAHCI
+IAnj/BU0M/5JGSoDrSkxi44+RGnAKP/18kgU9hGMgm7GBqJ8rb1azbS8l6u6GW3d
+qPyisyXvr2ZBL3L08mgkHEJgRh81KQ4pGID6RGghB/DYWfpyxetMuGjQnkD4eHJQ
+RriILKNU1JIUEdF/uQSucYCnR9tF2SKvRhSMvQipNKTpHfQ+utig7wIYvFkmc9Rn
+4kyoAxjoj6IwdqiFBtMoePG5R9xk3nQZsjTP5WFS+OyNc/xYLMXh/eQ15C+BC4og
+1FGFlcLSCI7tvgKYXk/kpWwv4F2pxsvjBLgZq6IsNbCTBNxxNp+QOID61Xkb1U73
+cjSJjvAqxW/yqlz97bY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 75 A5 AD 55 D0 4F DA A7 4F BE 76 2D EC 06 C0 2B 78 4C 04 91 
+    friendlyName: nameConstraints DN3 subCA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E34ADD6471D8898A
+
+7sPFSxXBOmlBeDtJ1BQOCt+i8p/KMgAfLm2Tc5EFeRYNfZgZ2xZ64v2rb43aa/BG
+4HQgzPhHcnfrTb3nS+HAzq4Kl6Mczsp6HKlH5i3MFncAjBIbQbaRBaSOhSX+lw3L
+AV0t0CV9vsUlolls4ahGQbwx6JrsQI16+2O6WZnjnerWx3oOdVoNVudc79LJvj9U
+n6t3+1LO2VBwg0sO7tTzO22h9ugLtDccdtF1XGog80mrUXxGQH+ccMwE61h4By8q
+5+XBnZ7h8trq1hmgp2c/QHuGGzbk0m6txz9B1gtO+X/hCI67uYB/P7meg3OTyeRQ
+ppCrbRiU9xUb0r/umlCFGOwKP7YN/V8LAMNDuOYb06z2SSypkoD9op4twtQhXkur
+1BIbSdmfmSJmBQljEVZop9XMMfwIeZMwRL4C3qUH8iO71rFTotbhdapqTc+4htPZ
+0M2ebzFCF67H/PXtTkk2g6tb4o5qmnc7oaYGtuKgds75kJlxvgxJtzvMiy5xu5iE
+zKzM5qmLb3kScb7gdte6mOuyrFW5Hm5KHmCsD1mpkoEJckxM+TEmPspcfn4n26es
+uIj6FAVL7qxNTgunjbl6amWv0V4fFyL+d7Fc9uQTJ6nms2pKxzSIym1R2aZnCZ0x
+EfkMDlmp3ebv8gnWG5svqtt1BT5laTuQEFK3CXtizWwJLHGbTAdZqngR/EmamnP2
+d6XXEbNp1ZmgHDFv+2aWhv2djy0dqZkLAQnwseYR8SD/LF9A5NfhRePExqwDBWPL
+De/Lm8U5PjgjfAWlYnIA9Wnt4p6Sc85/q+agl6UKYvMdcgvfPr8R5fVJNStleMd+
+2IOwbc4nqpgATB5jziwhryxqiZ58DjlnLVc+0sZeJq4ptGTVIEzF65UHF7zU84yZ
+NSMyaa5NJkAW4Uzwv5a6VrQvigBIlBg1BYfSxqhFdLrbaHADFmcqMJQ7mvIME+qh
+sWHLrreFAZCs/IbuWl6WtdBfVl9AAu0z4mtZQAvg2v0XesPKuqN9KWFTnK02qa/8
+gs7j1ojjrSvPTyzYXPJmZk8HP+wbYBrTmDFJtPqLEJVv7GUg39rgiP2mnvwptmBy
+Wk85arNyHpqR4H/Q7X7kC5KB2APuUwQOGXr2TR4vgHzYf6O8pQt9bEMlwshEYm2S
+LXYKPodDQQtMvK0oarZS/FgnFGr4p87u/+ojhd7oB1WsEjVR33hQnC4W3QWSbDSC
+d+ftoHr18A16f0VFdPWfIZbT8cA/CM9u0a03FGL96tNKFPs3irhuLDxmld73Ai45
+5Xvs5xQxF17471ipPc0fW3esbEatNECqAZr8RkoGzmsWNR4w25LNR3D7KhGRYJ7h
+DA18eKlK8jtxhKc1+kb59DgbaN2LpRS+lpNS2BqrAWKCkQT1RMGlPl0ODJZYHut5
+fiDXY5LCEHBE31I5LbqlrRsyRJ31cW2r/O6GlX1XPnaiOZCRi/WtOyRfzkOnjdm9
+Zf3IZV8t5IMSp9x7cYHSzh62pveR0XF8RV31VylB7QXhcwtGRHlgYncryXZs/2yi
+oXxYDTCQcN4OIhX03OpzINOW3VKkT5XXhwxYCfgALCNid3+Q0qPjVmlMUQFNvxyB
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA2Cert.pem
new file mode 100644
index 0000000000..89021b4c0b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA2Cert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 39 9B 1B 2E 69 1E D8 FD 4E 2F 56 36 CC 48 46 B9 A9 28 E2 45 
+    friendlyName: nameConstraints DN3 subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 CA
+-----BEGIN CERTIFICATE-----
+MIID3zCCAsegAwIBAgIBBDANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MFMxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4zIHN1YkNBMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMTpZN/9lfu5qnSxBzxNYREzs0oW+EkQC6dV
+6lTASGBtvdK2rJyFeuhlKeGsmRrF/f/oLbGHodn8POv/vhGA5MFUty6gyOQ86oEh
+p/J5XbjMtVd/MGk+oc+d0gvrvN/SdqLpSE1u0hTkavMfEd44PlnNVmnT5ksN1Lcz
+yA8QLBuG6hsxEQygs5m8lFLgftMdFRUI0/OKOVp0MVwCB+LqWqUKRsv3jgH5DAcP
+ZyQ5Auf6gkH74uxQKDsSTIuz0PRmeNDTaNExT7DXysaafv3Xat8/dvARlcqlICdb
+UrCgJ8ccpEqlcdelfwEqts7i1oWDOj2F2qct28YSpmi+4eWmacMCAwEAAaOBwTCB
+vjAfBgNVHSMEGDAWgBQG3Fu+xxI3WaSKQHR8CZ1FPEqh2zAdBgNVHQ4EFgQUzATt
+aigdft5k6gCIKux1Eb+lLmcwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MEIGA1UdHgEB/wQ4MDagNDAypDAw
+LjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEw
+DQYJKoZIhvcNAQELBQADggEBAJLF4j1s6nKBt1jK6gDyUmQurPyPtSxoGKv4Ji2G
+ChM5qgFvkqj14oEhcGA0I3mjl0uCmGbUkMtrzDbTwmTAzs1CE0NmpMkAbsde/6Vk
+L5biHGP0HlnZwJ+79ol5ljpCLKnRETUnrh/t6Wwmkxar4K5bfDFG55jF8WFEG05y
+k1B69jPLilyHaepHYd1rw+eqE9x1me2ESMJ40bv2mX5Yx0QgSaeKsr1RbuqiNwhs
+LQ0HrQkQ9TsUfVL4g4KmAd+HaSV3lupWX8v9lhUJkajtVwf/cjRmQCOCb8vUHhoH
+6KvWIoq7MiyydVHykCp4rL8NRhwCFoHGdGIMdRQhvXlMtR4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 39 9B 1B 2E 69 1E D8 FD 4E 2F 56 36 CC 48 46 B9 A9 28 E2 45 
+    friendlyName: nameConstraints DN3 subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C709F657F16DDFAE
+
+18YCCI5fJ4xN2TQNJMyjsBslG2Dsx7ImeNdQ0STmo4wuz0KwnLuVUrmUNayFm18H
+GJHdq3CP32bfubTBz6rYYNd3bFOQCzrOZAOI10GkgXnJ6nBw/VtL3yt2bDew0nV+
+FBxnkcUIH+ur2IAGhvqNO6P/QOyKkmkBksGGWIHNM304AimG1Xf03zoQNUVjX09F
+syvCqPNGncJ9rWHkk1ayOF8MzW/hNbAyJq6Ny5yssx7coJHluVsqm7763++d8UwN
+AmdmUJKSQvr23vUMd6yG/Es7T88VmE6DP7a2cL1yPpT8tHWmWAot+cxKMYXWMkof
+cZCirDHo4z6r5DLBrnPjxJ46JT+wc5i4fFMyV4eFJEOZVJRxgvrIrb6wjV3BvQVw
+lXml2H7j1p+NG5GeVw2IW9VNkQOY4yjuwaC0wNuujWBZ5LHqZqyOm4Cg6i3tROfE
+1j58h7Xau4X0FIkWaVpsVhmrrs8wL9ukLbib81QbQDqggNGh2p9/oNdm++8egH2W
+odPLm7BPVX4Ch3ZqZycrE0DfLbOrSj6w+xywziRfEspk62fsWW6TtobGP6Kgp4zK
+uZvCOqwOcWe7qN6tgPcTIb3lroFyD4TqliSHWYdSE7y6S54T4qQ9YYs674Mxxgwt
+sY0FATKPv/gCeTnc+UoYjLNFVGlXrRVGNvTGRl/G8j9TKc/YaA0IQnuynxPB23b+
+Nq+exmYLJcQefdSgZufN7BXPRT5J1TDzeGIyFGx3MpflrXaisMMGwpR1gtq8lz8U
+ve+LQzcZgYjjUIv4gHnttzBkujWb8YVIs+fz7+nyTZee7dWgfizng8atdyRK1MvC
+aRf2cWczBsljeFuJ9MXqjFMxr3tVsSXhvC1K71gAu61VY3IcUSje5nqIyiOV/Ltk
+so/+fEjuz0AW0Ooz9+a01LtfYJ1cZXmZg/c/MPYB/iAatOpBzwXLMw219hsKDWRn
+FOzC52TixrBwAI4OIL8PIFUm4LgaT2yTyaUWmiVLqRckRP9CCjdvldzLb+4MpOdN
+Id80/uRUqti6+BsYUO3YM1rqDU6mJqB57iOCD7wLOwm7nhIufEIxxsbpTIVt2cn2
+8gqEol3HdbEDV+F8aAH20LmMwLVDAabG2CfwuP11zr34QrfrmgvIGNGC1nA5gVt6
+0NGJ27WNFRdalQIsNomS9tcSZMaibxGavpIL+IGzprB0b9sTbKnQv5vF86OzZcZ/
+yN196/A+8lC5/BY5Tg4L0VPj1skcUDKCWEBBvmeCtJHRaI0dsvYHsQTSz1upS6qG
+aE13waI3Zy4fWXYSw3bTSKSDFYBsn+g6l4d6lwipP1/fIzzj5sRM1sGF3/g4kVld
+AvR8eUB6cgB1a31Kg8wSfXoYEtw17+vO3rM8ilfcUWwjkJ2gs52Fzt0Dpv5/rwpx
+IlsjRiDYDfiMTwq+svo07GHTrkkehM5YkXplbfNeCPDdLQAAH8SWnki3TsjXkgGq
+Zz/lVyOUwOGQDJ65LTuGrq29LiRBlvSjbTGRGruM+Mzp04Z3lIeJ26CJHW4YSopM
+oGye70jk6SeM1SrMAR5CIjwq/6Eh0lYAiowu+/couAvE4tscUvhEpp/lm9ODzYEj
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN4CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN4CACert.pem
new file mode 100644
index 0000000000..ff079ae27c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN4CACert.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: DC C8 39 E9 6C 68 80 7D B3 B1 0E 2F DC 53 7F 33 42 1F 94 2A 
+    friendlyName: nameConstraints DN4 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN4 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAymgAwIBAgIBQTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm5hbWVDb25zdHJhaW50cyBETjQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDErlH+siiNuSte+3eQGs7cT2LBjfndbDv/SSKvazHDGHl3jg/m8OF5
+650gFQ/vi4HVN8IXfICMNpWL7XKTvpwyFydsPi5DiabbrdL5lQqugKDxVt4o0AJ0
+IcEzji7w0syAaJoCXmX8inM4NVwDKuwk+3PYFBygOPn3C690tVHVq6Y8eesqsPam
+d33HZNpq26KLEkIFvGQPHO7q2jPGgvXH6X2njhewKzy1iorJgH8fYA3b6XtdqLZF
+OstCkz8l/iNTBab+jQSB4bdwuaA03QaCaUp6VB8nvZT1Bleh+4I1j86wGw74W132
+A5iGpedSFqOV1vFhVKg3bCz9ZkJZVtorAgMBAAGjggEwMIIBLDAfBgNVHSMEGDAW
+gBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUbEk2rS5YiRI2UUE7VFIm
+JADTynUwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MIGvBgNVHR4BAf8EgaQwgaGhgZ4wTaRLMEkxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRkwFwYDVQQL
+ExBleGNsdWRlZFN1YnRyZWUxME2kSzBJMQswCQYDVQQGEwJVUzEfMB0GA1UEChMW
+VGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVl
+MjANBgkqhkiG9w0BAQsFAAOCAQEAbbKErwqLymnsshF9fWoJ7Q34GSpXkfvnqLsM
+pak8iy/VCfntv9pPMFhpvAT6F4wuoGN4wXhyQed2ZuSNZlu18fSIiU9aymr0eyJR
+XuNHHGjVe+5NDfNkHWVX6sQoH+fLUTQy7SmXK5zFrXynE4GJRTzq3oFTTdnI8HGS
+f3YE3wpv0miYrKV/YUz/Sn3v/FV9jqhUU+uMqeOE6o03FX+6wXuZ4FWD6vhbLBpg
+2GG3bjZ+ZQAShn10yvZmkWFyvwGinzcqKwI2aotX4eKGTfE1Mx8eFoRVO/1Iiu53
+HvrXVQtKgyQkEqYm8py+fJbg7PZ2z+2bn4b+5F0TPI2sJJ2ihw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DC C8 39 E9 6C 68 80 7D B3 B1 0E 2F DC 53 7F 33 42 1F 94 2A 
+    friendlyName: nameConstraints DN4 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3A4F6CA0E0C61E15
+
+cAWOiLGDU9eGOBuNBTTGZfIHH0FPppsWGrGXqNdf3z8RmbG0+Rl+gBsravN5abeI
+q/zaRtr0juFIexQinQKNtTQepVgwOiphhpwq/J7qFnssszz2ozZCZlDmz6nT5msz
+upbgor44Kby6RgUlIul7ZTAX5vlxT+yCtkA0ojB9UCpAct6Vx5afTTdRdfeoeuEX
+d2//Pv+UvM2GVRU/Ov8O6yofSkVCM2cE9VR+LKj24aA7D9l9qD1BeA0t//S/Kt+k
+u2VxH5db4e+Ayld8tC/LapNmS/Aucw1SrJ715Z8HHlA0hgFqZnRSJEk/e6x03EJn
+Qud1lnVJcp3S1EOZ164zftcairA6224YseKhXZ2Hk/iuczFgMMIxbTJ5gqLSaLmv
+yx7JbX6HjLZ0NtfG0//KKdFnKpBPhs3HrdYPROBp73gkXnNn5Cl0YQEILeSVUpLf
+xc9GNY9OikSITV9ELWPgAmlbS+6/HI/9ep/CmlL9b96wcCjLHM2UUwYzqSnUnn1J
+wNpNWIKBWZepHpIJTLLKVmv0B5SMgdkVyvpG3YL7OetDG0GiAlbZae134jfvRq7p
+yj0i8nboCeKVLVxwvSKku47zQWi25cO1gaAyfnCJ3ODPuVXndrnfT9rb6g94qPF5
+7jCfffTOAEL9qPKUrqXI0B7WU39SwYsYaH9GJpuMVsl98JVxbxyX3AlDmoECHYrI
+TbbmePE7iojxNj9JpJhuJSJwdK3HhGlA9mVQt8alx6M+G474f+cmdcxtu6AmV3en
+cKlYFke4/be5BgTq1zga0o4N/pom1b8nBhX1tvMqhaEA4hAf+GzYJ6gFJ3SbMbgQ
+mCEvjtzx8zmjBtiaJX2xXfMYJ2lyWUrdv04EUQmU/hEoAFLE9tUt/YrDD4DLAOE5
+1L9QlWi5Su/2HwHbA5sSstDsbn/WSvuGYTpFU1pa3ugoWiG47+lzc4DZTsUC3yBY
++A+v1yxRKmtb8B4+vE4Du1umzPmLdEVtVFs1csjT4dHTLt2ky/bRmRCD/YReJKSf
+s656ZBMF9cqViVeCNIiMICorENMMw0nSb78m6kOt+pVhaHJ2Eq5VIY4emRIsIgpM
+FbBDEl1NXY32de3rki1tbLTwcsZK/ffLcyWB5pHFRSahQYVbcVYG1jeLX+Ecyo3/
+lNgFOY3xp9as81NfGztiCG0bs90LxJNIF6r4MxWmjLZb1SQvtv8YIuC9Yt08EjO0
+S7EwT5EzHqnmSnWeYZS8jKUbEmC3qHSDTqVWG6++2FA0M9ZQ4GKvKglwZde9MhEN
+6W8B8Y7PZeNKaY51l8zAAvqQJuQVVnAOx4NTsPMS55oRd20tNOgOy0DrEpC4eqVH
+gwKU4WWftri/ys9C9gLZNxA7GFNTmJn7X1R8EANO79PLi9wteal+surNbHpeofQ9
+4tr+04p019LjZLeuEwRq9BvVoIOZ30X0lkURts3azLpyOQx83DJqFb3chS8OV0d7
+SsahxX1+dngcrtaS1kyP5X9AQ8qYLRAKP4ObMeBV7+5X0IVxnUjpQIvuEPiXibFT
+pm4AVXB5qxnuXiJ4fUXAOW1tmJTYwwthygNQvE4nVEDVfafT8fyauQLWhK+tQvNu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN5CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN5CACert.pem
new file mode 100644
index 0000000000..7e1053a5dd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN5CACert.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: C1 C8 31 03 AE BC F1 B4 A9 00 C7 99 75 9F 42 89 9F 96 C9 2A 
+    friendlyName: nameConstraints DN5 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN5 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIEXzCCA0egAwIBAgIBQjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm5hbWVDb25zdHJhaW50cyBETjUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDuAvtcHk5Gye8SvdckoKSvZLwTjNb95iDOOSpUaijVx5NcCubuosIX
+n6Hcxc4FI+z3vjoMQr0SdSiATv2QUFvYDkvAXKuZGrWE80oB693w6ljI1iVsT9BK
+O8VBdSRFtUaH5fZWUds8Ed6G8TEcybyp/Fi301rGBtcS3Ci4s2eooruWt1EbZUjx
+XhxebXGD6xeGgifVtVvZTUySNJNMLxlBAKw4zYX4ZbB0SO0sSMB1fq/OaDvRvBZu
+mxJOBCzC7TUl4rhfi8PWaC9gdrsAgIl3pMt0A9nLVE76HL1L5kJnoZDfwFav+/ix
+3Rc/PIQ7hqTe+LK4MJ/QW0lZRYesXHrdAgMBAAGjggFOMIIBSjAfBgNVHSMEGDAW
+gBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUup8JypA5nE53Wuv7EJWs
+06dKXScwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MIHNBgNVHR4BAf8EgcIwgb+gUDBOpEwwSjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGjAYBgNVBAsT
+EXBlcm1pdHRlZFN1YnRyZWUxoWswaaRnMGUxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+ExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0
+cmVlMTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQsFAAOC
+AQEAAPGe7Q+EIK4mWtMfDbJlcdLNvAPB8lvaDyM5Tb8cnsDALQfDywVfxhFgNcP9
+yPE/NPEo6icOToJKE5wv6/jA3eEs1CPK1HdadnKLMzp2xwcUo6ztMHiPeyGe0amO
+HbqUj5dfo8CeNkFsbOcSaCgN9FQl8cQ8/nld3pvX+/tacajBrKWBvLocVTnVSGWx
+1TGsB9JkuQtm2Tvr45+7FwzViuu8roIBtFpNMoWLSDU+SG5BB+BaKPT1bA+N79sk
+EPGld961zpkq4+53ZsUaaC+WVoXSRaafXitou4cFojEglrhqW5MkmaPDpmBVZ+ke
+w786OZvGQ3aNK/RAKRQ7fl4y6w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C1 C8 31 03 AE BC F1 B4 A9 00 C7 99 75 9F 42 89 9F 96 C9 2A 
+    friendlyName: nameConstraints DN5 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5ED7185F5A78AF01
+
+CmjYjyReYVctbc3Ag8DVeaTnHIWk/GAWikjYoyNjtSwt/4mya32qr7nsjoQbXORG
+ETInKRBRp8XI/i6laLA9pjBHrRCdnLQK074TNqaaOahvIe5NtjutwMpwO15W1FJn
+2oUqyoIqAOcljLz69S1VijEVIOB6e0Jh8ocY8DKBWwYgscmLlGXaHS4VeAGpRpZs
+XRjv14N5OpzctaUoJKNyCvbbXrQYf4hBfxxDfYmIoiau4jigS9oPKfvtge82TmpS
+kphZMEGJ6NtRvQS50ug69y1thWhwHGZZw4gBqyspvgwiYIpg/ABWFqUBzoybBqm4
+EoV/3vJf9Ivig8yarlUCIc0Wf5PYq/T/NdYIk2LRdsL3Cw9coMi23rqwDp1AYjUB
+POzs2+LJXduckqb4yRwICMSrGkIc0R0DhjlLKRru8ca7DdA+qOw0vMCw1F+zYJBb
+6Nggy00egJWwnkvBEvPZfQSsD7kyElrDchsAkgzLsVI0Lbr72z0b+zuNmpyTTynB
+II3oV2u5Wlo4MiCGzqeEZLTWv/HYtuD5603r+EgAgBm+sjkKKVahkBYlmX4BiPoD
+VWet31kqCpgfrriN4I64OD6fqFoxooc7JbYVwNeZY6+OQZBuL3o3jC4bOFXpjEJe
+VaOGQNd2yHq3K6MaiJemmcuQtUt59RNCxWEav0yhHYvltXkyjtSdWhCy2g73MJ6H
+y20lbiRlykliQbxFqtXDUBauHVddNblIByjdNziHCVbQskaX6nUv5nMHCBzc0REo
+/Y1F3gPernpRUYPI1SbUa8oTwU1qpAq86TZtAL8/ceQfyZfytUya1uUtDoSlbo9T
+BnjgA5H+aG3/BaPw/eacTFr7KPmxM81wDhkTzbxnRWLxKPDWuR/ofoeJIt2pCME3
+oACdANURd5uJy3sxUrEe14n7uJ5DN1O93m47vaVSCXaYfhpW/H6GvBaUbu5ghHqp
+zfbmTm7kNbWuL/lag9PjU56MazmJAx9XozsCZKDQgHvYAkYZmc7sU9xDcokfRtNp
+EAKfwMIQt36DYXzkgho75DpIggKYIKCqPgCYwWsEBVO3ci8iwW8/3OkFM5k493FA
+KRtEX2go9oZW0uBWLmVjhVOPJ2ZxGzoy0rzPFt4znyPKa4aSIrGhCf+xequgXeV0
+1G5TGcEV/MurHCItd2WNXIo5NvRq0vDqH9Ufgxjj6lzhLY77Ld7L2HSTudjgC2jA
+iKauatpfcdwKz9wAZFLDsL1TY6nFPh36fR5wgEfvpeM3q+Y682gtLCYKsmhSSMo2
+s3j61X0Q4rOBE6u+0k5dXmNyHI/BbuDf46Li3tahW/tcyZFx9y4JCgzB4+1uN6DJ
+qndgMC/wtakkDHv35mYtNnoWSOKxryvOA7ElJMtXX1ucUDHetBEvqN5I3cH9q2HA
+SbB3Bqw+40qcTbj3p7nfhYZs1kJQohcd0IPanyhuNVobaUFAePk1JjyFtZ7OLVL2
+7e9pH5jNrZypp/BIMJcGE+edSu2yQxdLAn3iZ0qWXz5y2zXwcm6V2rw3W57427oS
+LsyEiN2L3H8iuQWJMVBcSpYv3050ezySpPoqqkmpGE/EmqI7vjm0wA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS1CACert.pem
new file mode 100644
index 0000000000..7497d63215
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS1CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 8C 78 65 B4 6C 7F 97 CF B2 14 61 5B BC D6 BD 30 33 90 B5 0E 
+    friendlyName: nameConstraints DNS1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBRjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIDAeBgNVBAMT
+F25hbWVDb25zdHJhaW50cyBETlMxIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAxyZIOtzAZ9n+6Fp6UAqnUpZYqyvCKSvTt0W1Ww2idbDJFczQcqX9
+lQDy/v+NoGkpQbjqZdrATmomnujiL4AQVpl01V1XJPLySeVOqToqhbzifoy+RBYq
+sXewuEDBpy2FGMaFz3JIK8mbK/qQOBFOG8fzzv9gNIH02AQpdC+J6Df3TB0utyiK
+PjHHGFWifSswFqCHGG7geXeE+Ep+iqIm4MKKtRIG5DeHiqugcHii+HpaXFASVkIr
+Eo1FmWLDE6Ww8m62Si8WQSkPfkcEMGn8s9MXI8L0DT5OlkIVvSs6Fdd24gJJlPC4
+lrF5g4P6/UPHFvyphDptCkqpbkBKQEBXUQIDAQABo4GlMIGiMB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBSxqhfw48/M0qeJpoMH3f9u
+2gfjSTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wJgYDVR0eAQH/BBwwGqAYMBaCFHRlc3RjZXJ0aWZpY2F0
+ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQA2cwKSvsy7ORVz5Al8eYcC1Y81FdYA
+ioDGnr+x+6/I+pskqBFox+5QHN/ccd/xOeFjK1tQCq7WTaEiFWme4DmatuFAMtcD
+LG3Xng+yfEeXswsT2L+e79o/Cg1G1D86V+YArRRTGBvIpzNu0owpW8AhJ3us9P31
+e6ZRcL3kwuyx/nKODVoTupVE+YJwzLqtMKtF7EOfp9zQK+jSfTUbrmq0y2gqfv5V
+5wVjI3Wj/7N1T5cKfPTnRyAoSZRSmZTVVRZgz7wEZSalMLlrCKv9UrTP00WX2n/J
+33mL/1KX/Tf0EwaOMfjWj2otCksNZTU5QoMmtVxBhYd01nTV/bKejbUE
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8C 78 65 B4 6C 7F 97 CF B2 14 61 5B BC D6 BD 30 33 90 B5 0E 
+    friendlyName: nameConstraints DNS1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DEAB6091DBB1685F
+
+tFtb22ury3hDBFcRIRlEJcVLvemmfIIoQqRMmVNJnlYUFMFi+Nl+PEPpr01S8BGc
+1qLYMgpFBp83bTkr1qsGbBG2O1G0vHAdqMWdxXJDsXGRIq5pi438eEknryrOQRjC
+D+81ZHY6H0seg9JzrBFoQZtGZfjZ3icTQRR7sXC88DNPr9YLiDdRUQB/NICr+UP/
+e2xlabFAEi2NmdoosbV2qKrd2DBlz+Ko1DCnEl/H0/lwZhP5AkYDcCYpnAM4PPu7
+XbT8rNwx/ioD/WaM4zdFTs7eFaSOY6nvWGNvE3B05ChQ1GGUd/poZUwty44kVvKA
+puUpNpuxLDH5TvhTQyHuwo8cLix41g2EDWMkMJCZGXP4yufk0SFpRwmZb0HZasyB
+hwAq9lF0bphdE51InIbxFjhFhsBLfR5x1eOjr0hFXbZ6mSywHcriyDs2FhYVi9Kj
+taTM9Z/z6JbgX3lAQ3JKvx19URBQatcwrHxCRYt2M5jxHgLx2FCF1NmVjIuNSYMJ
+c8aZX4j3yL+/ccNT26+7W02XFTrgCSp9I6tOlMmVlwEhdmlYh7zhxiqB0p4SMQNY
+yrGBjEm/24m+rxw0usJwuvRGSBNXEIPAB2Zj2ndiIdUuht1u4+vEJ+juaFigxISb
+wKPbPEdZ8dG65FFSBbRLVilFpnfk8uhCZ4LsV7HZBWQHryuLqj+XuEbZVc8skv5a
+yvHzN1anzLC6ucHBCtW449Hh8N8wL34VY0BJrtoTr5Zf09MToYZsdoDT8l66Y0/a
+ahoW0pWYNiksntlh2pyme4FNMtr06bmaVjRavphtkWygi3y+yCpJS3D0yrqcDymn
+mljhP/9oxAqNhOzgPV905XSqVCkJ9jIbQy9Cix5smdhGs4h9xajUC81XtfOZcXF/
+WFFe0Wf1Hh+HgHTQzcILui27NeN+PBzHmcOyYpvTzQQgLtAuhXLQDGp07sTzKzvm
+u2Rl9wNBw14V96hkuCUGtiZxrYzQra7Jxyvry0yJ7iCe4awCbnw6G83EPmvEJzg+
+HjjTJYhxnvJLNnYEte3bXLiDlU+8I6Q5MsDEenfueAj5bpHCbGGA686r0n8ds0in
+9IQ58pwKnjTjZGh2M2QtUcH/Azz7rQL/drYAazISbnRhTB54/MDomxwmnTiLg9p7
+de+VU6bu8m9GXgQV2pfkdpIOO0j5dmHcRHL6G0v7vAkiSa0lD8jMc21MmloVhTrH
+w9KdTLCq2Bf3xehjxQAJaVzwZf1B4/TOnMa6cakBSMxoEyFekgfIld3wbrNRxbo3
+1jfzMkFKMM+SGpjjLZJUDtXzCzTcOurMl1R9APZXT20Udegm4obiBs7+TIDc0PyB
+e3MqdfqAEtinY6dzPodB9t3mFzjY4rV5Grks+twpWBA0GSe8P6qe+TEwW/Sbh3rx
+QD/mTnLWpol/CxLYxs/ibHudO5W0WTY3yRZj53OMM/5ZRlODbRBjUEIbgy4Nz6sY
+7sjTDRNexYfr2OhsvEDQi8/9AbSpttbQM4ATrd7ZvRNQiBpkSUtGpQPYVE2HAw6d
+tgZ6oV/HYpkkw5Re0wRc6pdJWWa1p9TpxHoGkW546C0eUIEGy+ZvLQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS2CACert.pem
new file mode 100644
index 0000000000..fd19a35879
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS2CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 6B D4 F0 64 35 65 71 B0 A8 FE 96 51 2C 71 66 B1 4A A0 60 4B 
+    friendlyName: nameConstraints DNS2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBRzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIDAeBgNVBAMT
+F25hbWVDb25zdHJhaW50cyBETlMyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAvfi8NX1OP0jd2b3bSoIyMixV6E+/kY/Uax1VRBts6UW2lx2CYk5e
+aF9/9jR3lx24bit3RHNHk7LcaX5Wkr1YE5ROpyxEwhEOGWnK7GcM1MlFvpO9Bj6n
+39wr3aB9MOHSOS1ihfY99mY7UINyWNoXzkUD//ivf3Guwuf7lVfvjXwotgcs1ig5
+2wSTK0sFONYdCtZMcrslFgBOhm9qZ8fGlOSVAoxKq5Fhpx0omn3DYInXNjHPHwJc
+wj7D+8FBY71FHDG7oaeyhaU/kYiQTMAxoUd7XDibLf7KUQ38EiVpLshCNNFTZb9A
+56l+03RieJzxNd3OmIULd6AFLNZ1aMOjVQIDAQABo4GoMIGlMB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRGSJxCCY5dU3DYFh7gwckY
+FTUKBjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wKQYDVR0eAQH/BB8wHaEbMBmCF2ludmFsaWRjZXJ0aWZp
+Y2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQCGjj236wEfbWpLjM5irGBHsc0w
+RdmtOLh4Wht2TlaaJOErYwY4HWankOeTjQdJh2fxlOwWewcjplngI24XuY1i52GC
+HL3H3CbiXJJKiyNZQyTfUtWaaP9Avp9psb4J9WcqfKBMMl+j3M3Fw2vLFXSRvC7u
+bXnaLNAnsMdJoLYdqcuqfG36aGOlouxf5+ATj8nS/EoOjIDS1LjPCCLVMSSURNYP
+2royVDt7AH2TzxOT5c0+5nvrx5bs2GOO/77oiLXqu0FJfXsJSOSOrFZ0EvwTOPg6
+5jH4zO0aOlP/p1bkpYpVyHh3syyeKTxqdn+TTZl/SoiSLpk5CxK+eFBlQ7ad
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6B D4 F0 64 35 65 71 B0 A8 FE 96 51 2C 71 66 B1 4A A0 60 4B 
+    friendlyName: nameConstraints DNS2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A15577E096374231
+
+jIAioNMYij8iqXwg0fQl2sfAXBkwiLnCOc8mh2szeTBwkaF0EQku5ZKkBUu3dTAH
+yZ0LyB3/t1ZwZ4qUsOfatq5neI86FXw10Khf9JfFl3XI9Cynp6PdJjYIgZaP2S9G
+n0kVB8q7nXhBIsRWvH/0mvKWUSAaQYAkiPYNtlvo4LXjb9Y2m5QdaIY4Vo6WtD4d
+nwn6HNhR4TGhEMkI2MpeHq+tqhKx7PTjvFqKmon5x9i9lDI2XxvaHvQ6j9WNq4Yf
+Kjtn0UVxmkNEadQ0mfXChYY7cxK8mWNk1yj4OvxZNX8vHhtWxJlXKOL2E+xaVXfm
+N3lrSAH2n8u1biTjVqlpaMEgc1yBLc7wYYlmZv3n0y1lnb/HBTAoudJn4q2kVZtG
+5h9/aEuY1F/b0eJGu4E2zqAY2UMUX5Trjn6pKHbKfSrwxrIGGEbgy0COeJ2R6zfa
+WH5hQLk70p+8Xb8fkVc0oiAu3Vk0M9INVPF1ICirsPJGpRoz3XmNRhbqKxaSwAxd
+4lM8yiHcM3m4Mkymek5D+xPiOuq6JjJ3+WZS/TidXfDkoa7AILgj3N8Ns0KOba1L
+D2woUPRJVDXvYcXsT+KWQdr02JJilJajEB+8RzPZFVAzUDqbwmyDDu0oNrhBqeou
+ej/Q1O5q8AkIF9cqFJLDdI/7DqFVehb+4mAsTOg24CF78K6g6QUUHZDnDYUBx6fy
+GMJX2eXXp3MzvDH1cYpXqOPwbL+dOTzCyRrNMjWbuMozdG0fErjyk78abozUYe2v
+SUMnoUKyPCwYia7dFl0/mJggrbbe/pnhLt3wOSYPcQMD7yt2TKSjIgMlP4zAfZZd
+iJZymqxvBJm3Ce55EuKapWKxtFZbk/uehT8NelmpJZrnIQOSfXLjG+bcRM0BZ1s5
+spb8HK9ZdyjR/3C8lSYbho/uufPntlpcVAYGyn1onvV2+NH9fHMgakynyJJpCFwl
+KQhkkAkpJil0TBPdfUHuFIUBdfjbD53CWoUxiHIfcKR+GcWF4sArJmviHfhyxGxI
+sM5Lu7e5xzfJkrpgHj5raRsi/b1y9PAOXwRv7HM7lP50VA1ZuCaP8NU8gyarvF2V
+DDGkiO4CnUBFY6xFs2VdFRj1dm+chKQW96iRCwuC/WiUTVX0FTtkmldvSOJ1k4/i
+kvjpqNSwFDs1jDkn/jyk11gAEr8Mg1VQS960NJmDB6P/viJBuAFcGJVgF9F/AESz
+xGLisvRZ/OJsng8j7qrTecYcwTRj5/7/QMoBy2Cj31GvzxsUC/dHUXFzjfWeqdAz
+Xw7teLHqzrPYU7VD76rGWTD5HJPuaiCaioSslewcrfx3wC+aEBfywvr4zQkPHPIh
+tplHJPdJoxme7FwUTXu3LgpkPp7EiggpqS31vecKy7YmnLq3smpNtBpHGjQC0XeQ
+x55nuXEz5RWmLql7nfYq/D7zWNk7OFa1iZ33cWNTB72HoLKR6FSPZvKOfX03GbwL
+QwOQQRIJqDwgTH8pC8gqJdfxrvSd1E6UsvUeXU0bhP6zbtFDBdOA+ZEDqg0VXtWX
+9eDgZ6zFwQz7l0PZtUABd2FmPFtEXonDvg/QVOBXs6vdXefi/vAnLAKL5TjuyyPI
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA1Cert.pem
new file mode 100644
index 0000000000..ae4b69b5da
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA1Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1B F5 F5 63 8A A0 64 77 D3 A3 99 D9 D7 4B 03 39 AA 14 80 E1 
+    friendlyName: nameConstraints RFC822 CA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIBQzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAMT
+Gm5hbWVDb25zdHJhaW50cyBSRkM4MjIgQ0ExMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAq9vbr9mMpG3/bg2XQGmxlZSEqeJpOnQUuEoS4cicFxpCaKMK
+OrGLlpwTrGhR/NGHOEzUO7qLWyTaA2wthe0ohZIsxjvGKK3yMvmnFNriMBt+md8i
+PAR0ysFhBmMyIpwdJs1N2jBnOANPW0KFOtrFgncHnEOajo8l0jpGBaLA3ryhdwB6
+h/L/A8bNbqJL4E3foEk2AsOzdt1LoRUaA9gcXCo9EqQ29a+598f7NvRME09teL9n
+iJEzHy9Dwxy//II6FnlmjnvGdUmm/2Z71UbzkpiqjD0w0/jBXcDAlwTF9EfL71rF
+wDCRfZppGRUKLqMNTohHKYI4ilkD/oP75a1EKwIDAQABo4GmMIGjMB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTIao6xD0uqpYi4p4+R
+2+ozSujV4jAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wJwYDVR0eAQH/BB0wG6AZMBeBFS50ZXN0Y2VydGlm
+aWNhdGVzLmdvdjANBgkqhkiG9w0BAQsFAAOCAQEAcAR6YeKZpZPVB0ICn2GTD2Q1
+FlSS7paAINYzC59z6h8ynJFGp40/67SrFz7IBzBp5E2InzQ35dBXINNsxcG+xzgE
+2PmPZXzInzI5MCJS4XpX6bY94yUTslpoAiVJxwISZ4Gbfd9M73evvcxymSVNAPEO
+AX/6eO2ilazokSR9D3zQVOe5lxPshorlX/WlF9LvCOrS0UcEhHoDrfAM6KhojUN9
+K5l6Fv1NXwb/8cAbFyC2BMmwmec6OL2oBDJCxoLrAWVaPh7+YZadnLw/w930IIdT
+U4C90QPUgdFJWZv13TePZ2WEMtxsev82AU4PjeUS+l7c2FLW0zavMoaPhjPnaQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1B F5 F5 63 8A A0 64 77 D3 A3 99 D9 D7 4B 03 39 AA 14 80 E1 
+    friendlyName: nameConstraints RFC822 CA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4562102D253EBFD9
+
+j6TVJONwSX4g9azgAS6muR8BK+257UC91asDs9mFLvVUlCLTQH1ZTwDuyPXTdIHz
+/3tPysrfI/1Bq/IwNkFHEEbDEVSmK32PfrXN4E9dEjaI+jgmSap4ZPTXnVyzpO1x
+LyKAglqacYYv5HX0S38mnCHAKKeTvJ00POvwTqrPb+lxQAFf3LcBpopL8BtD5Wma
+qmJO1EcqCVFU9ceo1FoOhWNsPDrpf2qZPpfQ6v6fkpqZWedQUC6mfDdIhThjQTD/
+tOIKuo1s6zHz2ZLKmpYKDAYJ6zeeIsrn+j1/3KyMfW/DTuPmdDDeCmGwOuQdja5e
+sSL2Ij+Qk5IlgLX0OkkXJizuYdIqs13Isk8rK9oZqPhqWeoIvBcXYt9GpYo5CnJ7
+1Vov39567Ycc2xKtdv9d+VayHUWhwtvRT6Cmm0HQj+ktcQJsAM4H978ptMhlxV4c
+FoyAn5q01CMg1uRMZRPiXGHSLwy7bOYUamwIpomzhmRzeUl1GTRI98atsIMvhGPc
+SEt5mmTvYfaTQXcFBF0MWc3h5MUOGRYs8O1jjeLd6rg/pZUFWDZUqzmElq9Kc9TG
+m/0r0DqFI4FxvyTI+1830DUt0H7BzbjOO/lJS8lu4XUoVcz9sSoAc3U1n8yyXzMV
+vHNHcHSGNsabfE7ouRwWn0ttjOseicZDsu5RVAcw/1XehRScdfZxNNyVhU7BGrgS
+UqEnPxqQYPb0fqpiiRVn+RqD6wDdaaroirU54HPPq0OAxhosGlE5PVc9ZIYcBrFI
+fO0anVuQYwK4HnWVDbp0+0jfv6GHKiskFRmQ31MWZ7CrIEfyAoG7+JusdttDTf6o
+BBDR1EVfBGGRX2J30hMqbRXwvuJ4TpWDsGiH3dnkdjA3txhnYTV1C0p6dIbiBRdN
+3ncwNaLRbjjnv03+taiZuFrY/JYetsrpht4woE/W/s0fQ0uBUq+xeCNqqNlrcvNg
+j22o6JKyitDWbCAeu4SnULN5RHAZPALYITeAhU4o7SLWNzFlzIen+JpbzKzOnRBw
+cXa1DuJxkj9BXMapjGoFkFrIkfgLPjO8I37wFgk4REWpBMlMfZ2PYPJZkl3v/uLZ
+nLOWoEWqclPMjuA6Dtb4rti09+pMGN11j7oKRC5W15LcIjrSdj1NKl8mJIivlEHg
+646IoS4yPsNI2kthdx3YaMfRUYXqGOxom0KYXcj8hlVVofN7/3kGN/xhC0+QA58/
+CQ3XahUOpemqcMTEUbDA/8S56MruzlhD0Nq/oxYR3Pm9J8NnJ6jH0b6RZ2zmDp9s
+YZuOIoiTRBfkdljrsK5Nw7ixnsTVuNi94wBnxWjHsSjzpx9sIZhhi7NUheVN4WaJ
+CyK0j3qqOIZgbp0y4cLyZCKBZ2fTvDuqQznnyiPIT7Nf4zeD91i0b0J0gcq/y8Ff
+Vo/HkyQOIkwGdkE80G/eu8dYJ8IOnO8ty2DwLzihfQHYHZHLFcbJkUBcNsE1jcTj
+vYw496/wQjpsW635mUKmKkXMQakO7oJ1L5AaoyCLbs7Qn1NqELqsehbhtrv6vPhd
+AGNWK+KPBuC75HyAczdAiEkiUlofaNSHzzENaeaix9L74/oLJseU3A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA2Cert.pem
new file mode 100644
index 0000000000..23e4ec0233
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 79 01 06 78 95 60 C3 39 42 82 32 7F 03 4F 38 6E 44 48 BE 0E 
+    friendlyName: nameConstraints RFC822 CA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBRDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAMT
+Gm5hbWVDb25zdHJhaW50cyBSRkM4MjIgQ0EyMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA5WbcU+FNFY3n/eJc1k45UKjs2clgZI0HMujImijlExY8DG9c
+FZQuOX7g1eCaHXFeS7HSVMrfKLO9tOSUfYUCido4TA7xhl7Y5l5BrKkn1ZgEgGFf
+Z6lZqqb5C6+qd3cUzNPbOXd1HzZJNcV47uZ1NusoqMyXKEpRQUW3t+V6dp3E8JFz
+VCLmRPXtqY5JpZemmJD5VWe5tj89OnPk6S/HLKUeNcYiA7rcpZR83TJHmO6tjF47
+Bb/hgxLNRYToTn+Z69e9VJ3WZM/t9fJxRUWwEgyBGW48kQjYmGvBNzrlMdCq1ncy
+Z6JoBk7UY6qky21uhaO5sknZajTFPTj+M4YNeQIDAQABo4GlMIGiMB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRRgM36SXJIPO0OTgvO
+zh9AZRJwoDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wJgYDVR0eAQH/BBwwGqAYMBaBFHRlc3RjZXJ0aWZp
+Y2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQAk9GOd+egKHy41DnTObsmqsc3w
+KSvj1SVn17Hda1gq3tLXUcNqp0g7kP/YNXRx8XXxU9heUCOTR7JLVO5AMVS32Qid
+J5u3q2D7dBgHN5Nyv7YsUOI+AcVysLMTlUu6iGnwCSsdtL5aJtSq8gAKZE+HJZwl
+iR73kSPGr4J1MKBiZvcVa6L5LKg88FQiSdOPJwyPurvn4t/K27u9jW0/SYg1qeM2
+/iKSyzsf9bM97aYqqE3P7DPHRZeXTZKLCaMNKAmZ2iWtsyc3aNTn2RyXg6RBUoY3
+d8um+8xE71cKdDjNwdJrsPwFhbripzJ+eE7bWV8v5e5E1dN3AzJU31wG1+vn
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 79 01 06 78 95 60 C3 39 42 82 32 7F 03 4F 38 6E 44 48 BE 0E 
+    friendlyName: nameConstraints RFC822 CA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1EE3FCFC2932F1DA
+
+Nwl6UqvLB41/40EviSaPBJ8mdUgi923wEyqY3hmfKVBnM7M8gt7ULVKOj59+TAe7
+dTZh0Wx9JUIWJ3fEVInkvMWWFMteB/B+KkwjmVWL81Gfe8CqqyssYk61GJI7M7kR
+gCD3DLKia6VlbuB5UM040fpuNMsgqe4oLnonRFY0i5ruqOjrDkctRpweZGT99RSn
+PIeu4/qnAwkcxsBwGh/GjahmUfAA6neemCeb0hxVTrpYQSGkyAwxuI9/D49ok7DB
+5QoW0ZzJhS3EUv4sbILLNOZsY5b+7RRVzMUeXXWRbgyNo4BeYK9by53hbZhtVUZi
+i3+NHdMBJLlP/nujcycu1ETsgwU6BUoZncguhUdymtdErQgw/8AUKQ+K6TsrbBco
+47nHuDRF6mEwHbI/r/BPW+CxvtjG39TG8jMgO2BQYChP4jYklchfd0zU1fTIEzvh
+YmUxIyEB9uY1xYgtrn+lgTQY6+5fs5L+Rp7HBu/bITW/QQ0XFdn+z7Q4BTm9hXUy
+23yPH9XofEcsj3UlFI+PCeSTqu4lRf28iip9xf+AsOq6U8fzrj1LNI6x+VpRmYpc
+WxKoIEvNUwNFRgsVxxW/d7La+URmF7cwLcgoUDH8Xc/Ytc0TsL0fcWJFKW/NJYTI
+YZqnDLY/pe3q6tw1ZM+x+y+L3dHuF8Fs14VxEklzhJabP+M9/p28F+N7Nh2dl9h6
+X6mES3LU9g3T72Fr9MEuD3+SVMz85kFAgiVsmulZ0NPrL0MG6QMxGoy2BOCAqzb1
+WpRmLeC4A5jWKPZT2Eu7spKMgQTQytItn4EwByZcUx3RkGIkUf659Mz6ABALWLN+
+Fppu9S9yZtaBY3C02eVO6idMvYoGVYo/spKFMYErRllXSlyoMPMPNbwginUcrAyX
+tSiWSRCFopdzfFsyO7C2rKb7PU+KauCERlEVGY9tq24w+zckElTWJuZhN57dlaRd
+6zPu6wC+OgHdYvYqeWOsh0gipFV4lpPQz96IfQuVIGfOoBlYfxQTCkwh/W8GFvoi
+L6kwGEj9zgHTMy6JQstvdFHjEKppFfaE9gkSrB+Q0oQsUX9UQJ40CVKvDKV0Di0/
+CHiZ6G5C3Y3Kq6I2na9GdYxVWXSIDY9CWtq7Sh8i3x9wllG2dzQYHx+C87+WkL1S
+Xyrsq8dF0UO8dJbdocZ9udbEYdUatoz8Zz07xLKY/DInK12YRIKW1r6/5xjlIndI
+FMvHhG+pRTAtc3Pt777aSF5JVGvci0nlZU1EzEF/LEl+Osvr8zMk+SXXJXnr0DHW
+cc58wbVttJQm6sXbTiqDeDif9JUdNKMpGosSt+8NB8Hw0YUoaQo35jNgcdG4/0IH
+kbS1wQCRhrxa0388ksok9HwwSIKKWikE/p7Rfu4abWM1pmVNh5OP7y6pW7hxKmxE
+rQcrlJYWssNkYX43xOvjM4vfPmY8cEftUukIgj/kltDSh5n8gh//dETcaAEPmOG9
+o/uO0cOnOxcOm8f3mciYra6EhI+3Rd4a4tvnw60ahf60a0QAxKGIjzuU3XNCZDfO
+GwmAxEYS0jGyWgHGUusS24mpOnF+Czzk5vJohVV2ask4E3gjwnhLeA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA3Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA3Cert.pem
new file mode 100644
index 0000000000..9f11d4a80f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA3Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1E 15 21 B2 0B A6 60 0A EC AA 86 B2 28 08 08 72 A3 5E 03 C7 
+    friendlyName: nameConstraints RFC822 CA3 Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA3
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBRTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAMT
+Gm5hbWVDb25zdHJhaW50cyBSRkM4MjIgQ0EzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEArHS+/nwL4IEPwwXe4efteEWKpq1uL3iDHm61D3Jb/GQKFWoJ
+lNz1VElMoVCqYG++hdGHbQB7teD/59MXxojFdcisSIAA3pTBBDj8c0GFzucAzagw
+1IPN3NDjoHJcY1eRg+bKpwrROXxWHsIPnkULSJ++BkMarinmfuN1TjdtKT+Bv6yH
+vaCgPxck63Uz+lVHuVyA5feLp6NEn9ocaATeo9JanbiZEPLm3NVYMqt2yzSMy2UR
+MJ4dyD14P2L8dTgjaDD22BwpjiLc7gSCrLgTOut25JtYIqreqMn0HWQTbkg3MAg0
+S6UTRnFVUR1vfHRleGrqMU1BU4VQRFan8T7HHQIDAQABo4GlMIGiMB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBSaujlN2iF1r+pBwzxs
+UdioRal/ozAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wJgYDVR0eAQH/BBwwGqEYMBaBFHRlc3RjZXJ0aWZp
+Y2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQBhd8WP6gnAMqbdGdka9QLQ9t2x
+Xx9zp6vdHGl4oJVmDw2opfpAXwhRc3mQ2MsY7KDfmCNvw3ry6EFEndGdinzfWNE3
+4arjKO+uVFiZCD5O4smVklvpI4xFUZOOxClcJFa/tqicdLNF6tA+reP46djPfuUB
+W9c2XDBNipVjX4w3f1i4LKTH+imhmF0L3hoHfvwyM26RW/j503HvUHPmX6MeSBjP
+HqPfDUgwxtaKbcG/FC7IgCnaKQmcawjIgkWVVz77aue9UW01mJum1dW+7vuZ1gE7
+S3waoAlURTU97IgWymX6FtYnHrX/MiQhexsapFHxXxs06l/up/7k/2m89vKX
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1E 15 21 B2 0B A6 60 0A EC AA 86 B2 28 08 08 72 A3 5E 03 C7 
+    friendlyName: nameConstraints RFC822 CA3 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DF5454DFFEE3D139
+
+fgaLOif4JvdvfGzmaGKV+JlZcgSGCD3R3Mbif9uhcUdACJmocBGRAviF8aafiPIZ
+D9eLMdv7OQ5VgoYLrEmVYakElfHySpthi3bvC+W8rKRSJO3rxA6pGDfrotjm/Uor
+0Rghx/0jlsl/MmELEQd8Oj2RFPezRqLN60Tu9Dp/WfMCcdZOjZ0QEb7TUUmpsInr
+vtrVoD5hZjL6ViG70pz5r7sRcuTVJiRMgF2d5E3xD1tl3tfJEYXrX7btJ1pbVolY
+/YxCOm0nCLPe2eoqIhI+n3Rw+6hz6n6Onhfql99C4vHGh+uVeim4xh46GjQAEDIw
+/GLHXOz6r6qmOOnH+ekNteSi63e+VB8w6KqcwW1Zm58OC5jMGbr7tVxQ6CmaUxkH
+Oh2RVfE02+1PbCGYFFv5fZK6WfTuAofsCmLd4ii4iLsBWw8V/ZOV/UFj1e43v8hY
+VJq1RXOolElBKhsBW98D0pfLhdOJgNeVY5NcpA7Rx9+KkEZbXzcxQk1pCOSKp84L
+g+T71aH3IPgLWy8ZiZPwObns6YuA+hj/JXFAQFF1c3KGp1rZYh/vqml/EI+M9BLp
+BT4nuVzVPSRsBakAo2fYy74W6doXTvGYRpBYliwPTkQaL/0Ldowi9oV6R/+jGNc3
+fZEdmn53dEvtieeDstrhH3TJFJdNTAgN54gJB/vpsHX+rKqqS+iY7YH+C5S376PR
+NvqI+nkSrFsKpNkY71zYPKEkOOgUHCuKOzRAIo3kabJQ72lJm+v4e9kQLoK8J3zb
+D70snDXeDJpep4pxD56DylV1lZrk9lI3KXaERTFfrbkUfpwo1+Ksicgw14kYRTwu
+WrEUzDNAJ/O8laWnyhIremZEyCbRsyx3MsMmsI3hxat4/CT09lZGTshGGjrw7wXc
+PW0Nnb1XyS/lHyEm9ajL/wpe+wjdWky4FDG4qCJRFZebdX+l3aqRvVF9t0Wo0eL0
+cFk4fmhh19hxVnrmwma5sXFjmP/vIMziESzh1ZIjTPYBj6DxRdYcsWBTzUf+d0iQ
+eLy7n8UDTHHdHJxzz3mKMDYz+ZlA5ypnxFauCPVJUqYepg8iZFRNq+TzFXs05DTf
+zx3rJpoK2xlZVjG3LTb29kltjur+eBUSfaj9UTKV176VPxBTkczV3X/37y2Tbomh
+JLcsNhKGQaBRm7SnRC4yj65TLenqUM9/CbQi4VM1zGBrFl87tVzEkutklqFdSthM
+RyttFYevmLni624DUPemwad/r1K3O4QiJt130SC1gyb9egQZvrnlpqD4cdPjUU6G
+ExMkZ/SfU0m0k9U6ry62OFwbysdXAQE+BtQAgkd1ud34jtFg4faWTD0N34zs9H2H
+88pVFq+xt/fTy7eOGd2PgtwsJMdAMoipLvXTj4823bxu+TXVpFQGmhC9WxTNzk6L
+K+9M5GlEgVU7D9A9k7etFm+DDb5+1KXl/bzoZ+Rofm9q3JpH8L0oljhC8iFupWcw
+y0vT9Pj3D3HtaQbTj8B+mYygbXtpWyIdmN5M6JOuau6QzY8KrPq4qwP850Uvr8rL
+DN1srseTKVJp/5OveRKvJB90KS9kO9A4pXibLwzZvz2Uo5LFbCa1ZQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI1CACert.pem
new file mode 100644
index 0000000000..7e45b075d6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI1CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 8C 4C 2D 13 2B 41 D1 D9 6B 6B 8F 83 97 64 93 DA 30 BC 1F 39 
+    friendlyName: nameConstraints URI1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints URI1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIBSDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIDAeBgNVBAMT
+F25hbWVDb25zdHJhaW50cyBVUkkxIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAp+cs3as6ObnbAg5IEkmXsD/XLGICGl6qVcEKB6eMA0ILAsGdMHRq
+ybgY25GUQ+o6RfvTHdD40N6Cqjk5vu9+7aAVjrJ0pdUyqHmK6u6TVcRt+xjonlEp
+o8bpkqqgV4i7m51qfLP6+KEh2SKUDBwOZ8/jlYIZeKzVXqk2GZx8+VmWWncDz/D7
+v262km2IiYoZM+1VAUixGhoi6ImPeDBE1u7qoxvvBEDKJJ4sj/5+i4yAgr+JNIUL
+vr8DaT17SkwRZquWT18yu2qP2KycneKysWm30A6AmAALhFBNX1ljDeLT5U1wBCST
+DRP5U4zH+XvAUUEeMyDYMc92a0hjYwE4swIDAQABo4GmMIGjMB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBT6KK1BFt4qaBfIDxwjPyYD
+3gIUAjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wJwYDVR0eAQH/BB0wG6AZMBeGFS50ZXN0Y2VydGlmaWNh
+dGVzLmdvdjANBgkqhkiG9w0BAQsFAAOCAQEAW+m6tH95z9aBJUxdo/dsjRTdVgxP
+LGVODxeqpW8IvEEjoYBWgHT5M+g4WYnzeSjiPvrq1NerYU0DOI2/hb7aoBBq+7MJ
+2q6BK06ddUTawRhLh4Rfnc36epefkZLKtQuFBKA7xaqWLlRQa/jMoZ27hKI5b1qr
+aKR+iP1rKPd1epIL4nwqQgAd6z1bJrV8c2V8py7TWE7/b6wuZVR4aKtFMp2fIN0e
+o8U1K35YVtmuVw3TJsTlFn/DuZ4R4Tl6GqkdUUvlKXNuY/nMobgfruTG6nvmaLyy
+FHtDoamjegjbIx/N1dibXZLf5n32iBXyHHDk7L3ubrarUrutmaHgEEiFZg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8C 4C 2D 13 2B 41 D1 D9 6B 6B 8F 83 97 64 93 DA 30 BC 1F 39 
+    friendlyName: nameConstraints URI1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EAA221B768070C24
+
+AcR2xSZpFUEn4OVUqagNlFl1w3gYszI5vzBwRIlRqUGD3fXehH3TJMOky0qQvTiG
+g4Yh2hWxJsTSRs59w8UIXbZo2Qv7bYpbqudtuSmF+L2c4uip4M2Rliquol9ydIp1
+ulueKTatotnG25t8Tc1Nu9+udbR8znKvCwzBhrPx6hQ7CO/QXrvYML31UZvBNVkh
+Sj24mTYe2f+glY+1YZAM5LANA14qu0CLXGm00ImKKGs8FspriRENtfQRglxdZ5kk
+7cigX3lNPJOKVnjiAxwGC6FUTDkvTAYxkKaMVbF6bKpnPG5jiTpys41shKi5+oXl
+3VXpSYVRwAiKHikmkEPC9dCKkHAh3PBw/SQeAtY7TZgkH2+yoIiqDkXIA8k4fsBe
+fRZGJyty4RgtfQ0E880klW6H2j/E9g/Gv/aS1PVluassyZwP3UoWXBsAe1DsRP/O
+6XrTvWvpGkrinsYFZVGzw/778gkF4stMUcefHqt0HF9FDbHrtZI8fnAqTHiCxfHq
+9cpfj2WXTxYqIIB+il6r69fJX2RWzJsJ3Nny5mK1h5rx7qib7ReicWV4VZh8Sn+r
+FErwsp9yoPoPj3PUaP00kh+BcP2k0er52cwrTTRV6jiyMdXqGl9uT+HV1feE7o6O
+utZxwYaMo4a1nGDpVtszihym0p3aBEqlYoucUDpzpbV6x1dYrE2irmizIn9z1iEx
+JZbB5Sxl2s8BGic6GkvjsmC4EJbI1pxO2kPqL61zdFAsmPtdwt0fcM9ZJCStpWBP
+cb2j5JCDjgIJbwHd9dafXq/iavGJ2bE/rXr8ivY6Zp9OdbZUoXh28/2CX+dIBHaO
++F68q+PjhEdqBEC6488+xBv2c99cUjIslAfq1iZVJw8wBMo3OcxVZSRcSjCASjIA
+YlmMl1PAOgYCHQxv43oQqwp8ibN8UrvV/2QPS5PEUOG+sBaNrMnV34zGqH0DvCvS
+V/ILflsKx1e3sRgI94Sj79OMtYPJeyhZjKI09zoNNU4qV94LFrpixo58KXpUESl+
+rsmiIY8Xp2tL95t05mXxG7AZWkvlkwkiPrDnxp0N0cBSGItb0YeZT1LuYzjhVh7f
+en8XoBJYbDmCuRfQzQIsXJ39Z2VYdRBO+mVdooPJIsFMCAaIEHKmRlsTjvIEMHDE
+mmT+KY4CKilnbiyrMxPuL/ayV0xDAzpQgR+uGboo0baN3ly5RF9VgckVCX3k8r3B
+/F7/zPCOSF8t+MsL/loq5n+g6BQp3csU6kySXcOlg2JQMkR91lsBXlm5npurd4Hx
+e9cfwlqYFYdTxZvh8Mnft+o1djE+76hAeGzos3H7qtalbxYgEK/Xm2i/U4hjg0uM
+Gx2VfPlEjqs+Pk5oicOy+GoB4sWz+f/bjQaSsscWPGfolIL9ZFKw5/nU50rJeUYp
+8APSX7qc/1JfIz/sZMOGCBwv6R3MgAG4JU7E7Wrbgyt1ha/8BTsGDZvYcKA87Ap/
+w7Z6S8KgVGtYbGkr2o0okRmv0XTmjbG6+hs5ki8GAtv4BMLIBNZWgeNWG34f5cov
+ZCJuJD5DzRWbijW+2k88nCqNd4hLaadtBxdMmha4PxNx7uREdyaG9Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI2CACert.pem
new file mode 100644
index 0000000000..9551a095cc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI2CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 34 6A 77 38 F8 A9 89 7D 1E 91 15 51 CE F5 FD 08 26 79 5F 2C 
+    friendlyName: nameConstraints URI2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints URI2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBSTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIDAeBgNVBAMT
+F25hbWVDb25zdHJhaW50cyBVUkkyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAvl+AJxWs1WMO+mjRtv79nQQIKiD4ZerSA3/ELaH8hFiF7zjMQ5iE
+LbNmILHWH5vqaHVmiDRbxuoe5fcWO5B0YB1A/dFY88kGTjB/TSgt+CBGdF7Lmy+O
++JwL5EGiIerDfte2+OpsUDXmwvSa5pP69kS88il7WuZcbJZgcAJ2dH7s4c0oQ4RZ
+pKZitazyeruYlq8ISw0tMyWUhQyIBtnpaRn4FGRpZhwdn3MzpBsMXEBfETqDaIT/
+Js/NHI9p0BldLlXxjTci5DO3JD+5eEwzjmXepIER/xKNuTEgK2ZpULY8JyJxG8Ep
+lenySFLq129D/VbDVJjp5PAj1wJKLL6OLwIDAQABo4GoMIGlMB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRN64lx3/AEAbL6djpYsbpg
+3YzTwzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wKQYDVR0eAQH/BB8wHaEbMBmGF2ludmFsaWRjZXJ0aWZp
+Y2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQBmrQhlvkrzTPT4BYr4agHBUoLL
+n444+NPFOwy4rQOIOY0k++Fpvn+jjpIzrHMor9afu2rMHJDhlcNia+a03Ov1cLwe
+9fmf3gR1V5AuSjTJiLEN7IWADuIVcAPbAgg34e9Qb27pfVOnZ2JmPHkxiVMlGtA4
+1AZXwDD70gZU3iaIQKVPmMbLyBZHv8c3XtMkZ0JstPgr1WJ/Vl/Xu2fmQgJOc5tC
+z5fPPQteE5Uas/6COzeAL/VRAqfysO9jh7T7xfs62bbqxGcQise6bLxqKnpd5KWW
+BX1dDMZrBsEziR4j6wczx0fhfEPH0VPileMDN1o/V9YO9RFo1Y4+0YUi8C6P
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 34 6A 77 38 F8 A9 89 7D 1E 91 15 51 CE F5 FD 08 26 79 5F 2C 
+    friendlyName: nameConstraints URI2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,25879DBF4FEEFEB1
+
+eHanMm5BAI/xfO6HNob2KxFkcHyofBJ6fc7p8IsUbs8SEG9DYxT08dnwASuTWdlf
+gwukEKujaIY5O6nyx1zQOLsg/0XT4HMCvkpGJ80DfJWg69q2mYnwOaC9IiQgsA/q
+nxwuoN8rrfFpaOlUEFStuUAnc/FynEPZ92IHYuBxMebGhQgrkTtygMiRuqln3QhV
+a3HrpSsUkNxSi3olwAZqGBX176AhCkPt8ufE2PwV2uwgDUrfgouAq6HOeXqjNLBg
+Nz5TJ5EC+tAD0wRf4xVW0D34BOZaH3YkIcTXhmkMTl8uNnug8fkw7SqIM1FyI3hf
+NAXSluu7uOCnmMEeKOop0DFE0j/Bx7yBOYIdYVE6b2ZHEs44NIknMlkadhUogZfi
+7m/K2gqDXhfSYI93PTvJnRsz2C2v/F60V+KFRjo0eGEPEQ3n1al2q8Uk2k+vNOb1
+MVNb9NhIhTnkDnOBLtdvJso0qPCqAiWqhTlDYaVdyfI/j0wTArlLwKth/UPCTY9J
+PbOrErNib4k9q8fCj108AvfBIMrjdzGKsY8xR2CMLZTcqIwa4ISliEIH40RXix/K
+UFuA4O7RIVlCdRpVEBsTRebvTIzFfCQEj15VETu0eEI6A6g4i9AIm7chM1FXuf4n
+VBQWM5ftK5DOWBORtib2mFnLEfma7nYwsWRJXvkVdr7p5WXUZ9fYyleCu4Zxt003
+rTLWKA2o3Lud1WDsy3VabIjrLgyU/RxqlRkAG/QHfIud1D4Y9Ed14GWe12gr5+oU
+/2PwwDMgNp3NG4+9SgJeD0RBu6fcjui2GBc/AdTw7Ax6wnNzG2kmlFPwU/cPrQb3
+f6zWJeYIXM2ST1kq2VGnBglNZ/cAxMRfLGwTzECW/16FLCI7ej2R1+CDYzd+jTNb
+9NJcSJ3om0ojHnbQgeqOl4UQI3uJsOs+Vy/aL5kqISCibg5RrWGXZ8bAoijDVFk9
+jskfgzIQpM6RnH5KnUUlh6mXC/Yn2ju9lTKpfFqp0yIWM24U5dpCXJVmIrN8PMaH
+bZ4z1boHN/rB9GU0A7qdF6D/oj4XttRYpytDiGPPi+6lLXgu2MYy9kFrvxUp3xZY
+QfQ8d4ScJA6PXGOC3mA1PWoeF9SWedJgIsEwXYakbVaEOjahcoosTKFYoy0SFErG
+E7N4iJ20PvwTzKP3otMT3KtTem3hQlBxJxoZ4+w1dL7u4wgtSiGC//7C8QYipxK2
+Ch+HT6yvjkBdrH6L4xY/wOTsxRHUO0NuEsWruLHv/UjJHyaYbBRnBHiUC2jtDzlg
+hRWHI2NQNb/l508z8OO8bTqrKoGJnl/rUUAzCVCdv4tP4yRaIRUwmmYRJnDETaBW
+03XP1os4JfMuGr4nHzHePKSbd+FFa/QntVyYcRO26x97k+QCaQrzTB6ae7LHtfvU
+Kbtlme3iCkp3yccsKWwKTcYoZr6QvfCotfGeu4pjZ5vMGUq+bFR4xBCBb9twv2UI
+FN9qAKHEllpeo8OVyn7fFamswkHbVhPOSkUyDe6QKfFeP1u5omjiO+tUmQTVsM0x
+eMXJnxNAy5cUQNYBHOlmmSgVq79/itkUXdgaTDgnDkVt5f7OCw2a4w==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsAttributeCertsCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsAttributeCertsCACert.pem
new file mode 100644
index 0000000000..e388968e95
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsAttributeCertsCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C7 C7 6E 53 32 81 C8 66 3A 1B 7C F5 61 20 4D 39 22 A0 57 6C 
+    friendlyName: onlyContainsAttributeCerts CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=onlyContainsAttributeCerts CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIBTzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJjAkBgNVBAMT
+HW9ubHlDb250YWluc0F0dHJpYnV0ZUNlcnRzIENBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA2E6R2OJ/GnvIKN2P902pDmSDe39PiEWDdyTU0wZaUg7f
+3B+NWwz6zfuPP1VS+w3ZIpzMQN+KfsTQUUKvK98jvHRRUAZbwoM8RToVFkjoAsG8
+vpdnzPS9rSTKOkeaJRg2XqR5Yvh21aqfxi0EPszcBn2B80UugX32bLv3znE9Asoh
+jbP6HSonsmWBlAAz7XNlb1C/Q2Zp54fCeXyAbCy436TudkQ6z5gcUOlvqYvt3QUW
+xX1SKU08YDM4dkQD1w59iGiI9T4PUyiDxAVoJrGlv81nUYchOdClRuCjV8a8/aSr
+dnrEnxUxX0jZ3trXidjsPhzo9rYIPe/lZ9HUQzJwcQIDAQABo3wwejAfBgNVHSME
+GDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUTQf+9i28tRkaUE3f
+mQR6bTNwkE4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+ATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAXvMeOuZFCENp0
+hdymDJLOWK5FAjdilDU8h8K8Eu6kDQ/rKGEZKd39i8hDmz0/utfFge7VHSwh4LVt
+VAM1tJrdAQDu1aApKTkIZyb+ShFX427DjFcDMBZjZ0Rvz9/qiGdFd59moGIqao/c
+P7wKwLp9DCZBAa3ydLzYe71cX+7u11vbzvKNFfjy4PQ7VkjE9Hu9w4O2d18mD4Av
+KwEotwc7loNCrE6JEjTURcmrvJhuOgEIsLzVzMEuwaWeqiIPeIYHl/q1TMixRfkc
+UWDab7wLgb2TPZMtnVGFCp+cClK7R76iEXIMoofiuQb/uR/Qpm2ODQTlbQQFH+xf
+y7cXNz+M
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C7 C7 6E 53 32 81 C8 66 3A 1B 7C F5 61 20 4D 39 22 A0 57 6C 
+    friendlyName: onlyContainsAttributeCerts CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,18B964FED0F9EE04
+
+r/nlBrK0lqS6TYiBdSIkthWXfj14ZE+eh/2ojzM5aopppXI0SjeuiKX47dyNNCR4
+cVGE+4wYkptAhQb855I5JIin0I+VTSYAcFev5b5HH/3P9HxMxyAWBemVzpTQ9ZUU
+0icFn/0baLg168yZXLMlEBzC7RmqHzlsY23VyrTdr6LsQBlyx4G+gf3tql4i9nn7
+rgnc/5O03VkwCzWLkBAKlb6vsWD4tdQ4umAGSvW1bWXixjWH/6rh4kA27bMBc3bZ
+Sd6nDnDUgfBkNsU35GcjUu+7XB/YkD94mIkWvfjOyY0IYduoiA++dW1PcJwvk9pA
+JgGf13uQGpsMEl96T2LajrN2HraghZBJ1kUmpJrSUjYrpRBhAqbBq73FQD+zLqy/
+sT4sHeiRldz1ciCAb2i6znTNIlcNXPmYHVD/bQCi6HbQgY7Cus/kEjim/UCoTwZe
+wmU1ZwfAL0d4AHTIwsa2cysBQ8bh2VUOestRkO+O6Nd7bArJC0VRJTm+D7gQ3M9w
+9WqRgDYnxxN+ADYTmuMjf9Va9J3G1Fw0NF7RDh2VoF9rIy3evex9noqVCJ3JDRf6
+fYNryHfxlunIPTyiwA15tMU8Aoe7JNwEw+kwIDLQWJIz/7rHK1FvrgYBQZpwY/9n
+ytzEa56G0jwmYu2away2R/mulTbg35jlbY+NEj6FhmtJEGvm9doItm1XM3ON8wAI
+FGParpoLWYEye0GrSDP+odREDQs4QhOyexzeV8A2H97gnA4iqWaFSPBty5wrxGBc
+f3W9xT4Q7ljpSMjSZDS6mW+XLwqJEaBx+T51ktY9d9sRG44aaWNsV33L4yNBty84
+H8XpJ8NAizP0nh/lBroXT1TgYCSnB1v5glZI3cN+jcj6mBG5n8wF+pjmQRx1ionJ
+lkI2Qojo/VOJc2tBmxzKKK9URB/h3xX6t89t8NXP+NEJg45iD9i/ydp3Ir7UIuIN
+HEt88tlPEDTUSTDI/eKGmPzx1OYTOea0Bd1CbhB8buoPk4bRB6hnpyQgCNNOSoDP
+NEWQoOpb5qS83RGH6iYjxIK5IMrNL+Bny5gH3D6cAaxNv4vR3kB3UAgInMYO9CHs
+acSwr09cpj3nezQeOE3eGBpNyfjD/mQ9Qnhc9Z8uL4gm1QewWEe4C3TqkH3wQvTr
+A/OjOMNSjLYuf10fXFoLM030T5K9kZMv5gAz8lw6GDrt06plRwmWGzrSKbEj+tg0
+o/B+H/83wtqJeMCqozcHzfuW6lbhkq9DsSgIYIhRf2bI4Ez5j3zQyyF4RWkyKkwn
+BcXbu0aEE09Eh2fU+cGqJ9GhhEMa1gSyiu+g12SF2ptQQE3pw67UCoe9ebQcjcfC
+jggwIwqHJHOBpnnkBoekFxgOtOhfcHf/hxHCk478t6mEEgMa4BIFTgy1MgwKhxYC
+Ohi4SDbnQze4jGwj57DYRklS137TgpE5yQUg0IfW2aQWzvGsPA90bD6QtcDE7MoX
+QLUf9fwQ1ldHLG2VPdvxQpGvwH7fAb+I69WrW+j7pWhGwe7yQM1zsS9ybK3URE6a
+yNjOhaKokZlqKdTpavZL/0G4Ot/plQXQORse/9eFBHRjdz0UwswvWj0dtMi+HuWV
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsCACertsCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsCACertsCACert.pem
new file mode 100644
index 0000000000..db908bd78b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsCACertsCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 4D 54 91 D4 15 C9 D3 01 C0 7E BF A5 79 11 88 F6 DD AE AC 35 
+    friendlyName: onlyContainsCACerts CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=onlyContainsCACerts CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDizCCAnOgAwIBAgIBTjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm9ubHlDb250YWluc0NBQ2VydHMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDIrJf/IZIHMiENvbg/xopK+2CNAY1l42W2B4uRzfJzk31C8sQYmVG5
+RFSJ70xt6k7QeuJ63lAO5vVdtAZkZ5W0WfXQHUPtS+TjWYphpRKbuiFUGg2sDgrm
+Ij8ZbID4BS0vogcN6pGMnbgm8wScYcPbp4MPs5cDWGVjAFfLt3Vn30WfjEofHkjF
+1duATD/nlruAO9OpFJngrA11/YmrAnKd92qj4cDkKBeyUGBkOXVEgNTcJEMz179v
+MzNjyZv/piWMwImQ0BscPG91lEx5tCPaUiXx0zO1EEaCiHNK1MQVx2rhUKiA+pQ3
+XS+M5GNRe8S+P0CnQT1SxQHRRidk7B7fAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQlOMOuyi11eltN1MADkogTIsds
+VDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEIiy9eAyhl49VpASQAeX4i4
++gNwgDWHolSxkb6bovr2YBxB/PTLWE4c3zMadsxC4REO3ojaE3bP7dfwvnXXFPUG
+UBZef9rieo3ie0z6SqZxEUieJb2PgKAF6vya3aAnx2WLx2TmMb7iACmLZOFXdDp5
+V+WC+vaNDPtRSu+MX2ttvELFXgLBNoeTmRhWc1kcbR5biO7UB8e+IddvBTiUVy/4
+v6N8QxK9AmqV1apq6Gsx7qeyp5I3biO44ikMMvA+xjz4iFwikphlYEupmauD8mjF
+Pc5rK2DtI+n/lI891EoeW7eyq1pO1vmHTZxkOxwy+E226Yz4FB884EQpsb6cf9k=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4D 54 91 D4 15 C9 D3 01 C0 7E BF A5 79 11 88 F6 DD AE AC 35 
+    friendlyName: onlyContainsCACerts CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CD4982F558369A72
+
+yZvCqPFld3fSUveakYCsMgQXmpcS/+wqjWD5GQTtpyjSPLIQHFbd4Pig6eo+5JwK
+l4M01evK1t4ho4OlmtnnKfdcv7GCZFW/89DbrGBa4t5EiFKiPC1RGUt+Jp5R9HOT
+a2JjT4tB/10OFDm3zHbVRCzmrPJDWmuz/QkWrHOSSUx15tAPFiADpcIudYd+Hp9z
+T+o/Ee0LeyjF5f7tEkkcOcuwPV2IZoTCPbOHbf1K9YChDg5ZymFK3Ow/KOeraUCZ
+Jgiw9a58DsGqH+Bf/HTwBXkI56iQOD7Ttsld0dle3BhKNhpP5UxP7bS5LTlpDuwN
+0Jt7G2CtxG9rJaegKWtjh/0LWLrfQ0wiFk8Xcj4WX8nBk4ROeBAhUguTxGJhGR6R
+U6ILFw6ugCGuVqNY4hrLZ78qi75M0v30B3f3k0V+Zz8VtnxrbjCsHL8DAIrl5myM
+AnnfazkHAG90QGgMjVtb2A7g7GM/ZfTHjlXrFJlV/dx8JD5++3qzY7Tm9Xs/vnOC
+RUYy9OalBv8j6fUe5Q20w/HThw0TmoWVBHZ8TQE8uOA6lKbR7R9i/VNjLdZg018R
+7mejo4izqlvYDDH9o8h4Td1mBz+2eqS0aZ/RXAl1KpWPy8vkuDyxOJYYqbbJFhWl
++sCa5Z+v2A+tTGilDZx8qvEEq7ydcn7spOiKe7PNxMtH8YgWGIn5Y4Vi5sLQCQwy
+7h40dDz1GFxLXB4fRJ1GNSMl4TqdJs40esGBqR7xtXLjUFqni3JqFPLCzST532F3
+MkcshUQDPh7ZrfGkwj7MFCTrzXVzAVU5e/Rc4lHdw1xkIiNQkmTOv6aqzAqKMiOa
+sevdM1s594nF9kFp9Pkj7yWTFMosjWtQ2LlUL1X5d4NEeazn1d3sTz9fX5y5R6Ro
+07igIvPu3HnB4M/4KV6hNb630meufYFCD/pL1BZsFF3GkJakMMgtTYVH8ORkUZIj
+fk70vIt+T5u56QVcvMacamdjgFOyQ/UslEMa/1mjTZtDbxNQLMnLBGkIvCYUyPaM
+c/SSpGQ5+aGqpNzoj73whUW5TW6s2SmBuanVOHTuF0UJYb6A+h5zUuqT1U2OH80U
+8Q5a3Iwquz0f68zCFAedD+rymuTk6TKaew4SY3HFHcynifJlv0HJEtbIWgMF6ziR
+1DcQE1KMGywLvUfl6NAKmtXas/JBB1LyGVmZTfRVvBQ56Yvx5+EesUtBGN2sz6y+
+NsWXoJ76jTi+2xdapEevLG40OE/vW5P1kJuWhMJOftA8qCcpYVa68RkmLXIyONJK
+IKbaIKMJUmkx2GJt22UFvMz95Xi9GTq98p2Q2jcW+vRpWx9LiuA0CSQFauJ5J9CA
+P9Mg5b+PpZXm5v0cPlVhKH4b6oHgbwxPW7Z6wPsMwk73gkGupNSXcYrZvUOuKFHA
+yeWGSeh/oHv6X4XdFhn0GGNzwAWVfg1efRx1l3NNFucOTLz1Oyxnz81UQXs/O+I7
+FFfXpuj6vUXfC1KV/fm7KeIERLzOl2T8J3+iG+KIFzOUBajk0N2Hnor9pKBSNCPh
+fO8CjSwvQfARkk8DyuP2pTKIXS+p9+1cvtwvEPxb4WoO5G725mjbTg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsUserCertsCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsUserCertsCACert.pem
new file mode 100644
index 0000000000..d85ce17b3b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsUserCertsCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5B EC 82 0D F3 65 F7 4C 10 0A B7 E2 2D 35 79 98 E0 75 52 C4 
+    friendlyName: onlyContainsUserCerts CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=onlyContainsUserCerts CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBTTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExITAfBgNVBAMT
+GG9ubHlDb250YWluc1VzZXJDZXJ0cyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKlNvTBCtZzuTltV3uYU3mQnxuNHBt+V6caK4kDpfW55LCuWYynT
+DuRhO3QyFs07Kwmp9x7wPJKscsFPWMdskNhF35bGpe+rofIo2vmNEGzC+uFXKEnf
+D/1Uz2c02Q7TKua9YwP56F7b9kOAYHB74K9RfWZZ41HdFRNLrY+uS3imHnkKHqNN
+Ad7V7eAUB06hNgpDpt1AMyAfJ/T8u9r1Rnq0NY4myhHOWFJ/Igl6aSzHDQPE8zeM
+5piM3am2Je4sO96a3SsDL7kgMICtt6DOjXCnewKgzt/k8YUMS6//SsDg3px/8XqX
+SN/qA0dFmrRI4iwn20sg3bKAQbNKQroHguUCAwEAAaN8MHowHwYDVR0jBBgwFoAU
+5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFJ28AKncAc3+HZaIfbWeT5ne
+JNIFMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
+VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkPJByrONlwIFohW4Gmj2
+QZqLaHtT7vUb6sW4pd04EXBy4/8OmAz6giT3NEyMlnSaTlqSRHRLEXZb7RyuNBRy
+ixm1bvDI4nnHpVFhC2CU+5yORzXkXlfDiDl6KAK31CLxxuBeguHbelZJ8u8ERtpA
+9qn/FKm343FlUHVIje/7a2uo8KV3EZT+4V1oPVi3CpkyDIpMypnY6UmQPyuqstxn
+BVgfijZAx68HFb09yMAlL/cOONQfWHFp1igINJEiqE6j8fIlJBiqo1tZpmh6UHEx
+Zky3pmHgczfIlBlaQetjITOxignJAEbU1Wd3mBFgiJIAbNeJtqZNNNKM88zokJoj
+Gw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5B EC 82 0D F3 65 F7 4C 10 0A B7 E2 2D 35 79 98 E0 75 52 C4 
+    friendlyName: onlyContainsUserCerts CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,05240ECEEDFAB262
+
+CIcl1VuzngTwNxm/PxWb+EnUj6m6zKj4SDkKR31SKSRPg8GY+uG82CKI9TqyZoNg
+pcAkXBt/hTOs1WyoqXrH8F+DsL4HVayMtT4qvXOz9x/8Dl2/phiNcBo9a1eMHHiL
+d3XV/pD0lDhp4OKrfovaQyINBZnjSTBIka4zMaEaiBIuiZJwrDK8m7K1Wy9qy/xM
+lHRWyTzuoMqoF8NERwDYSlK9P4/Kn4FmwjV+mcsGcXvivhOkCMmKxyOo8ryt+bSv
+gy/4USC3InOKCj7REA1MTAudUkPaG746f8irStL2BTLqJx7mjy3uNQ1l5QNcIHQo
+49jkxBr8E38Pwe982OcziEUAjuiRA2dzp+qz7P935G/pkvaf2htqCPj9ZoZj5Cce
+tL75XITV63gsklIJABxEzednnaa3qMTd4hZWrx+LW+c2+h8vj/w+ScxYsGLDFEvU
+Yw3lZixspWZfnqCltUX+p4/ZcK1RgD8jvQWLhGUGAuzxg3c3mGa5vyh4ZM6YP2Nt
+cuaClNBSuqU2utEFwf875GlEJnOIFbUZDg3dchZAsF9DjhC7x5jp7XfRjRsLZjPu
+tYqtJD5GCsmevLCL6VNO4fGYc/AH724QU8LeYsvFcqupAIs34cLa6JRRDn+tU+j2
+SBICRzfF36+jLPUTPEckXnfXrkTNheEfOscB3UisoR9h9LH5AjpAkMZofGPt+rO4
+0OhfeVUNTQVu8qLbInIehWbi68uOGvEDSFqqDwvpYG8a93o3ovXLFwzpbb9fFnaN
+2M1R6TN1h1ApFPNqcNApm0Mo3QTXhpkMoIM6Ik4FU9/4qQZ2rEMjB1yom3VImp13
+UPpxDo1OKcI/oyRwV1+MYUhpV5tXnVw/REUY9aQ/9+Xgm2wQ9xA9iqUh3nLt59HQ
+2Iu6TYzs8EFC5pmMPXhZ+K9vRNq9aeXVnhZp1Y0t3BkWE25Axu3vNiyLKkLIIwwr
+882S6qHcEsqYhvzR6FFmu0f7Hn1B/IkZ2ytIWNilRhtHgyHRIoucr5Lj1l2u/NO1
+jdlb1Xqyq6V4APCtL8h84DmMUv20aLTnYVjGWRsnNwpKs2GAiDyEr3DeiNg2fPyk
+XDDZcLOEKmXLLoAJoPPyH3eK52IrDeqV1NT/SR384+ri2r7NM+wMmI9QZbVBO4cS
+iQjU0IUrjlnxmmPRQB1eccbtZnnzzujmc0JHEfmWK7VUmd4VSjsN5EJyGxN3G8rc
+ccOYYasV9XeDxOf4yAHsSIXWeIIgz0gqj+CrPcOwj0er8pSl6ya+V/ajBRPZ5XKb
+Q7gBTwoktm4fKo8MRT+BNnAcOf0llh2Wtyu3Etji32hU3DsoNN0i7TaQo+nwhAY5
+UGUp6V/bAGmiyC6ZL2d6jfJJtQIXEN0RPfKXxm6Wog+/IepJh8NSZY+6DHTrXJOC
+aGM8WYdnWskbw1xWCf+jRRqpwPzitlcqB7yG9Ut6Pu45WUAUsRsgKnX/QzAzRXa+
+8VhCsYppYDmGjD4o9T37IiNOKyKQ1Nazy80yBmhqMPCCvxSGd9/grNnTzUkcMYHH
+X6QdSRCa2SOTyUl7Vwg3eCJPqugZWgoLG+k05bNWKZfljjbit95ZFQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA1Cert.pem
new file mode 100644
index 0000000000..acc2db9ec7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA1Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 21 E8 8C AC 8D F8 F3 96 78 B3 9B 03 AD 1A B9 BC C4 27 68 AB 
+    friendlyName: onlySomeReasons CA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=onlySomeReasons CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiDCCAnCgAwIBAgIBUDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHDAaBgNVBAMT
+E29ubHlTb21lUmVhc29ucyBDQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDNCh+UU1u7RaINmvHQNlENRQ4u0my6Kk5jTprQKZym5xXcNnnlCdv/1h+J
+1ZRhcgkRl70/RucD7c7q+WLV1N7sDTOk7a6d6ICoXLak9piG4OBC5y+IR+L5vO/k
+qCewR3ORPup7RrjsrEPuqlJa9yi1H55BhzLRRqPvcsumsIzHdXN6BwT7a0eCHqCM
+5a2mh0NT6CKEbQrMMEtDiKdItUYDPsIPcquxIrP5uoF2uuERI3U1p5UXE3owxecC
+kvQz+dMGz7QQACKT2cNYhZiuZVtYfUrAvdQ/E6LOhlV3eRqdPYsFZHU5ijz75blc
+VYMUBFPpqp5o9tddcGPFs5YS2oyXAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9Fc
+lYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRQaNEJQSeH5wpOt3hW+xeO7gQHcTAO
+BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAqealoCILXGegRsrAUZ+zTqnaVC
+6DXA11OnQhUkpMvCWG3HLfNjEUxMUohu73U4akR8ByHKgZlY79YaZEpViC4ipDFu
+w/Xs+NW3L6g5p6sCCaqAa3YODnZLET6SOWjxxgBhmoydDr9V1J/DfQyBV3NNypS0
+UN0njf9GXMrkJ05eA7F1JXpAbnhHxWL9iqmj32jaXj/WEbiRriOq/puGvLDnLYw5
+1/DwmKYrIfXI1erTIjVvMz8XOrqvsfbTdaHtbQjGRoL8dT56/2OX7cfp6lP+Yeup
+Nwt/eHp3sUXspAWHgJWy7faNJPYyNJriNuYDqJ7Hwa3mT29ymBK5nPOBmNQ=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 21 E8 8C AC 8D F8 F3 96 78 B3 9B 03 AD 1A B9 BC C4 27 68 AB 
+    friendlyName: onlySomeReasons CA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3304EF028C8F37CF
+
+NHfxWzbgnnGAfj7B+tA4sHmQz1GYEAMeQGti7fyiIKAfQnihapXoQGld0qD6J7YI
+ASbY2A8j4z15TEtlYgNoqdPOOfsTqIJofXuYTnmWkKHhALUbMR3tnN6jNXNwEgen
+t12yv4tVjG7Qv2LVH0FZgAAMpa72HsvnK1keiO1e4th/QUIeLAnm2zyABfgRTSnt
+HumfEfeuMquGvSG8zQjAnLLqhrTngeMxm2so0eVn+WcohUb45HTGa/dhPsUJmFWS
+fyGyXiQ2faOb0AMkC3IYZGHymBiJU7ZVkvim2uft92ZDwl5NylpOGVbbbgSZ4rmy
+g+ABrIvOpr27QyxXMx9bBCGff1VyHTZt0B32pNuUjpnxpbq5SYJrUqPgvCYk+OYu
+YQlnzlrQyDTrYsvdWukZvEGNFrxsqlwJecdj5OOYkmNvOnu24xfFLjh26PYdUrJc
+/LM0S/qFLaffF2koWN2vv7Bt1Mhl8xnCMd+vjMR7NYO6VYcBH5Fr52P+KViiQXuj
+iz7ej0OyR6MsKEDqFokSS9r3k9VI2fHNFvAGie3paEaMFcZrZc5gIraOcZHcAsei
+pjf4IDFAs3cfzo3QJ4AxPYKdp3CwlizAgvAferGd1JmihtgJenJwsw6ODd2wat7X
+a5ae+Ax8mS5M7r5GZYFMtq1gc5sLG2zOkuSBMCxrmUdr+Bn8vDR2o8YaGE7TsBg3
+K/CpiTV6JThEWLaZOwUoE2njT68IgcS3FhkHWL0hMBhTROuAB+xwzg7paBtMbpya
+4UjP71tiAGnpKI+ICr+h1ZDCd/nxnlCVlYR8Iw3wIHzpUB64v+8vN7WifK21sJXV
+sh78kbAPYHatOAOhApEY83Zg9jWfwLmOIF87uLA6CLZ13DC5F5i01pELEqNaIDkk
+kgXOOCaDXzakDiedJa4PXc35cRLD7svTCY2S7F2e6sd9zdM2cvqNp2t9coS/v3LR
+nxcC4YFkinvH6kxhy+gClucw5DIKp/YZAiz6nxqqzyww8tFITAYew2BQMxLkfThS
+1qcONAvcNffr5v9vpz8eSDNEfsBnBnUZmTJgcFEOimeixkclEQsJmSSpHYN1242K
++8fLfTY4WwkmwAMVAW/rY0AdIZvUgjimQlX81qOxn5lqc7UdaxkcBwkT7SxuZzMg
+X0ee+Je3+Jewh0zlrmz9fkQPfEzzb6AEiw6VSQHRDwDz5HTH/YaaEdor9WkCE6eA
+uwjeu3KVMOY/AiLLoBrCacpYUVpi6ZeQwFENHY5JBs2GQ+aTT/Xp8CoChx6K3eyS
+QbVJA1dL2CzAZyO65hU3KRqYQli+XScj7RSNoI2OrmP7v7Eaxvp+6dK6g2e7C8XS
+HR9Z/hyWPBTKs58rHKU/jxOM+hn2XQGgbvzg4msuh8IaI3K30WDcKyg6FIS6pDw7
+HjWeh2AcnaoMosYTdrNA+czzk/LrMbRZl1Mc5PMPKgAGhy9jvH/7iM4nisQEQ9pP
+BTklbVQAycz5xJb5fPowoHgi2uba1PwxT3ITdoAOxebqHyqa4RFjSZ3q/71oCv/e
+sn819PGt3yVT5etC0lcoXDhQ0cUCpoZypLuHBm1aY4ePwMUKWKDh1w==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA2Cert.pem
new file mode 100644
index 0000000000..75bdd78cde
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA2Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 62 D0 F0 21 17 A2 D8 EA 5D 5C 7C 5A FC 05 E1 98 F1 2C E2 4E 
+    friendlyName: onlySomeReasons CA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=onlySomeReasons CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiDCCAnCgAwIBAgIBUTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHDAaBgNVBAMT
+E29ubHlTb21lUmVhc29ucyBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDGAUE6VKx4EWe/9m53te/ZpcBa1Ipmkzzo7oqB0EQo+XV2rtBbKo+aCclV
+3Wz9fZ174ydCxbIuOWkIOHfy09Xn9mBOy8u5xehgFRv58p28VIaHjsLqW1rKimdj
+4VYIlXggNjWaRv+RU8fthz2N08yC/0qEYKGl/n4JGax7/T/EGBIUXGWMLhJsNuBA
+77fpt6kzo/CIbm3Ad4y1P7CvKIQpDRERlgz46qtBi0vI7X2pu2L0URYArkUYXwkH
+pmszmcovcpgZYEkszrk1qwoF3Mr2ETJoTQpyeYVDV5hj/5KcN1D5z5tN0pCabJS2
+NH0W+WDo9j7eVthnD6mTeWY3fQEFAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9Fc
+lYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRgY9/SI6Qp1kGkrMqGeZimZQFIrjAO
+BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHGDsZYn3ZAIZ2H7xe+cnSisch5E
+jFuol+JqPT9CW/cTbC/HKcUBN5KEq7gIvTm/r7+Rc7kK+9I1dxxf9ZLxSBgfuNfw
+xUj1sn1h2/HLiQj/4kFB8wtFCTWhur28AELLqiNuMKyGKtJUXqKy6LGcfKaiUVEZ
+g1MH+DfVpST2FBGyoI/vdPyTt9wUABwUkPH20j7ff+u17V3BR3TwCs1tAkY89PNO
+YAcc51fMDEDl/9smo38DoiCl/SKWxYaDXuDvTdDcDsitsOKrolL+9dIToBes5l7B
+vl+soT0Xw+IQ+xptAUfchKxsuGL1DkWOsluGdSDdGhTOA7Hfm+szyR6HlS4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 62 D0 F0 21 17 A2 D8 EA 5D 5C 7C 5A FC 05 E1 98 F1 2C E2 4E 
+    friendlyName: onlySomeReasons CA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FDA79368BE51B572
+
+oKekLSBkqx6Uyjl8yElaf4zGCrOxoudKNxYh06k0k/lA1UWK9sAxF7/3oZidtS3h
+yS7UK8LOo4YPKkX1v4huKryx18H/TynyMP9fzVxtekkVrunzT2L922LhLvvxdXPg
+QgNUHyjZp/SYijbJCOgBRRwnuBonMfFQOgrOKTyVvW6h1Grd6kvgEVAYl6F6AQxG
+lEbDT0i0GwPO50qUciJJYTz+rGq0KsRW1b3PmOz7t38jOlRGXWZynSJ/SeHWKDDz
+oAAn3Xb+ct7aUXgA5saSTiCrfhbx9L96t6d6oARtHu7ewfq4vWbPlArir1iqwCkG
+p5xmPrduODLyYLEyN4+uHs++xGXkigRObRsVRPgH2H94h4Fhqg87qqOMD6+Q+yN6
+caU0fWywK9Ac5A5wuxJ7IdtGx05L6RmVGSIE5o5PMRLz4380+5cyJcAmKnTmjZbo
+7iRIz2Lkp+Axq0WyOt5sDraXEvgbs2BH3sA72JClj6YVC0IPJVFaTgwT7WLwSrSS
+KeXREsTm3mLOM++egUA8GNBGDDWvtsuHTYcmNH8m4kodWWocycvRm6mGU/Y7rq+S
+23n4hvMcxqpLk/yratJe76ij86rua1a05bxNJ92ITBpLAPVS4WBMEmv0UmllURDZ
+zShSIbQBbcEcWJ6AFkJ3E+oIIns1Ml17X4u+TzM/nCF56zGgVLz2zKRCtyTfMQ65
+Fv8xzHZ5h1Nu829er53WGSR27FIB+nFFghiZ7eQvm7tb7ggUrw8JxZoUXi2oRSWk
+btc6jC7iOA+8AMi/yR8p0HN8KliCL7PrKbyJOuspotxC7jIhzwcGRlKqfZ+RtaPs
+HXH1kM8vI0kCByL++HCNw5DQZZcwscQN0RsDxmN4AY7tnOTBwhTEGRjtG0eYw2Nm
+6Q6qveTg2pQeIlRcpqj5Gsp6T+OJ0OXO0qPM9YmOI3/934OizU0ZZfLQ6/2JM8Pg
+nEDuOyxI6vrIVjP1nxm22mC6dHU0Dc50bpw72omR/oMmLV/GzhSl/0quLqEvwG1u
+BgHLstIv820Cu2PCD3UGxiiczZeIYB9ERKDtRAywlBnqnqze1+6ZMPhGcYFyaW2w
+VI3e6XshIfztVX8vIyqxDKlahMFuBvplwPQuhnE+ELZi6maO3s6/wgoLdSQ+IiAP
+6xk6Iuk3K6SMG2kW/hs3RBumT2VrYBssiVwQIO0zcF5cExlt43iAu+duels7sgek
+AilygrSHgIb+ieEvsbwJrRkG5insPtcLF9R84KX0AZwLx3T8j/yeSupJ+3LaDHrZ
+bMCKr2sa02MWcpS6aa8YZOkQkGNn1Cm98/5ImFLSZ/DxYH20Ul/k1FqC/wMfGe/Q
+lNXpIS56L1owxpSsEPFrHJ3N4ihdGMkxO/kZeJvwyNehKa1pLvAtlChveYz6uqiH
+pZ5iy2frX2bAOT2U2fNEn0Wn1Lioa7My+OMawFlxWk2SQRmLxOs+I3jaXeMymzV7
+/ihD1ara71iekkG+NI/zpcQYmrDT+3DZcqG5m+r4gQ0wjf2blVuzBIx2JIO8abYu
++drPop9nCT9WkSjoGSMIrUYxxDQrMCp35T3EidPy4agVNBgP5xRb1g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA3Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA3Cert.pem
new file mode 100644
index 0000000000..a5308f022e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA3Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 05 95 13 A5 8C 32 3F 73 16 26 CF B6 25 46 FA 14 26 76 29 AE 
+    friendlyName: onlySomeReasons CA3 Cert
+subject=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA3
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiDCCAnCgAwIBAgIBUjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHDAaBgNVBAsT
+E29ubHlTb21lUmVhc29ucyBDQTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDW7KN86+AxdC+M9zUVhx3zrIzYb14p5bROLn0oVLrX2CrAzM0BJwy9Eyfs
+Kjz+C+hNSom6zZauHScCcW7Dq2pwYodhJYGccs+iFTppwtqOodXhiDEs7XiLM2tz
+Y4HTqJMH1XRgDZQemCedZaeQvqjj5kwycktkiVKfyHVsGIKYbt8Fz9QGNebCGhvx
+iwQ6pvMfOynEhCObgwyCU6FQxEn2ZHo3uZooJbxYnMiThFjdKzUyvBfsXaeawmDc
+vXwCBHYy7VFs8NikWYcek78Jt+6uoQ726NA0QgXz2PXL8Tsh3TJ6JqLXU27rxJOR
+Ih4lDtnYuZAuiWGi6T8hB3f8+DFNAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9Fc
+lYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQtJLeXhyzu2hy+3peEG6+gFRa+azAO
+BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFZ01abRiJllD1coQl+tPkFpIrX2
+/6vIvljOU6K15UFRovO3Hct4Z3hGszZxUtyI4ipGq/aLVHbjvW6Jd/CgCnZ76kSD
+px55iLVFepfaxksJjWWbE1Oe72foLiHztJ6tOzXT9E0NxXPxrZFlhP9gCN8tUak8
+wS7URFOorHCxznZMxZ+ADM6g77D3zBf5BxH5iNdxD6Caaz7ez6yPaA6APMY9tsiA
+jF7pW6F9ETMZVug9be6PpzNHxsWBjE6wkpl7qSCF13o2zvcsXzs5TkCjPQWk16sq
+f9Uvt+oEl/4OoyIQ3kS47aedWc3mL855YqCz5S7fwRWyhKSTIC0mFCaWyeA=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 05 95 13 A5 8C 32 3F 73 16 26 CF B6 25 46 FA 14 26 76 29 AE 
+    friendlyName: onlySomeReasons CA3 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B40F3C8577730807
+
+eISBvf614CKAGf9IwjMT68YoFuH4XXc2DV6P0M8yFhaKfZMZpIE0aEt15buADWk3
+PSTOMOiJ/V8Zi1EKHDl4XOnua4WfDwVX+Tia75uSwOjka5UxE0bqLOqekCw0hUXt
+HTV7YRuOd+uln1wnSxuGeRxyhOjPJ5rcdBrULgtPNqAJU/LGrGXIc7S9Cb+i4/tk
+oVPRjNl3NWr3RKMSRebw0P4Fw6q/kVUqLAfPg1aC0kAvLCkV6NjpiSD7xuaHuWOm
+qIvfezo4PtAZciNs6Fco0OEv0PTrfKrLV2l+tP6tDYitbxneaqWRKEzxFaX02jIQ
+q5sTF4if2ybg3cOAus89G9ihAZUIpQLWe5GLIMmw6TeaDUlUSRejhOmuetww9IGM
+vkgbtogQ4FylYt7RJyj5WeGH/7Q0GqTDxBzAlOLJTkq8jknN/HU2gW0PZS+CMzyd
+e7vgOhF2jNRw20JzLyuDAIWh0crmCKohhmeHbJ5MxvURiTLFEZaHCVCgdSYfaOvs
+lSmehPn2YVsHi03o1ERkcCkkNVI9R1WueGJnbbRCgcNdViWfxcqw+kle9Hq8AcHF
+gkuG2DzK7nPCFFUyQfJkjXSdkjnWTt/dG1U644/aslAubENl+zS3QabYmYpfQPc8
+9IIRW/+n2Mo43HNk0erF56Jsg/Av42gCaYeMIJhf4j6HEimjI4jaZvzSObkK+FAH
+kkt4XAvUaS76qNXpHFvtW3NiiVQDrfOIhyYcMFHjVtlMPDp8ttKozAMrc9tdVUZj
+gB4Pj+cO1T4QYGNIwyRwwOGm4XWsBD0qFVcxtgx+JyCsSPRXTYlw8GisaXqK8J9u
+TWDKYm1RBydNp4weVnJAPjLF4c2D2VXxnqXkwkhL37iehj3ZHFKKhiCL+w3ennjD
+sqr333ak/So853kAk+VV8EazMzxIB3bdr8Ok3lDy3mXBOkPhOR2nc7oDPPV2K4m4
+ECebBMUN/4FZu1zLU2nWizLVcIP7sfV85zCqWh5EzmB03w+4+zg2e0zXk7wKo+wr
+/Fwm1cO152aRe++B2VQaPdRL8bAFy+zqguwwJFJqDkK99xdL6NQAe71F+3r3MM6C
+RdV6b8GS1axdHgQz8FrnaUDhBeMjq2fTqaM+xHwaprmdGN9nYbnCYNFi0zdxoGSE
+7OtVGwT/ZczfUKiiWxBL8dXbdL9erFpEJanlIA/4oYXurB99wsjvrXArTfgYJc9v
+lF9DI/z/JYjM60MCLhaFYH/3WxQFD84/wQam1QHgOpZN5IZj1jOH8AXunJejYWnM
+6DCmfsWr4yODxjSg47+TAr3DnWHPjl29bQ52/DAM4qoVQKzLr8OWIlKo2djTMXr4
+IZOqFPb63gHo5zGKav5cRrSwT42k7OZf/UuBJNiqN/eJPrIC0wqWrH26TAr/8sw/
+leI1tGWFUH44CBhtOeRz8fcnXqAWJdPjtYsCXf713HirRs4W2WpNgraV+WL3aIg9
+zx20bPGaqd8zPE4rJ0vWqXyio9lVJrNcVB+93RD6Znyi+0VGZZKA25lmY+VdvW+/
+JpB2t/8kBzWFnyIR1XJ6A72PSZh4YrUm4QLYvHYenVbNH4aHCstJMnKHWJ7MzwLh
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA4Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA4Cert.pem
new file mode 100644
index 0000000000..c9936c65e3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA4Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 64 DB F5 91 85 C6 DB AC 2F DA D8 B6 1C 80 69 1B E3 95 A0 9E 
+    friendlyName: onlySomeReasons CA4 Cert
+subject=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA4
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiDCCAnCgAwIBAgIBUzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHDAaBgNVBAsT
+E29ubHlTb21lUmVhc29ucyBDQTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCcUg1THz/u9oqguGuyVJRqpN2fztvDrzvEDldGjzRN+M27cnJSU+AkGwYI
+/orIzQOrI585VB/WEuofYlKna3bw2ARokg+swgs/hK9w030zgx2idKC3mNghUgJG
+EjBfzLDS4j46eFJX2pTginCtrriiga0tvuLDrJG0+deeAT6eBEbxEYNEsc2cPE39
+1yUhT6Q3kX/kF480jStykRMxKlms4y3SlyBKkbQ/DVYyY9/TLyDc4l1QpUQ+f22L
+R+dYJ9SRQoO/xFG9Vukpo2Yl6D13di9JgdKdNj1LPc6yG0zwneOgVwliS515MUQ/
+BKOwnnh4/0oboM6wXw/TtxoVy3uNAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9Fc
+lYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBS+ZtweDAY79tOINJFTJoENaBduyTAO
+BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAuptMQ+7SNcCu0O5GBSXdrWUsKH
+lRusRE/IVoNjuhfjJthO4WLtAs9HEzz1OOqcksxTEm1XNG4CqTAoubmFQJ3eNm1n
+jAZTPqO1GZtrkd7CTtdJqDcM9OYF9Qp1HYTXxcz4Sm/ySPiJV9tj19ZKG/phx1Ib
+bLxtrN7i+Sn2Ym3yI+G4JeJoaVCcuhLawEaxj8oCoqNPpt0/gNvizwEmt/5yssmX
+qguxcvQvSW73Cs3nrTG7/vqRQz1gKMwBwGfZh8gR8ce+2gZguwAvykE2E4b/AL3G
+5nrfM4sMmlnxIVTbuyvO4MdefvBM/Q5wARuwkSXg64eWfefbvhQgx0TBQ+4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 64 DB F5 91 85 C6 DB AC 2F DA D8 B6 1C 80 69 1B E3 95 A0 9E 
+    friendlyName: onlySomeReasons CA4 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3877C7AFF63F6D80
+
+y2SpiSz0QuZ0CzWgn9UD/m2tAiQ4UYh29P/VdmsLrL7zy8bbG6CaTDbbzV7e51ny
+xVPqSNKD9hrRv2Lsv6FFTHuU7IWxzSuz2alDWDUnXP1KFrgS85+PvBkLaJKTb39p
+KavK3TaQWCIYqYXU1APK7nLhpeem9nIeEv5GoToyD7v0FZR6JuLAPXtk9aJfTy0m
+cChwCRw2CzjHu2h4IqACpO8Kkhk+zH2pOd23OhERiTXOqMYhVmbmU4B2cpOjHIf4
+3HjGhIQjz3UWTBX3Jq++5VOkZJT2RrFaTwVGwd5nl8LlgkDEeKQyfGWzRykfvTn/
+oOAjANYNDur3ONBmy9o6sMsfOt/76n8gLbkXshhf/obSoD6hw4thSs5++fPANaf9
+/q+FDfx8eOsP0nVvV6mEDOFL6DYf40BnSkegdnfnbs5VRZGm0wb8y+JPWCy9Zs/4
+eEhJbRQZ1BncIIfSDcUchxdGaJMxh9zETjhLHvIQKdFgm8s/UNZv8wExng0DOV3W
+m+Ptv4ZvBqtjj4l56wAf669HQHpZEUNhgC4mQjfvWsYU66NRYPYlZNFs4Ys7QAwq
+/a5rCbpv0Gcjxum4wo2CFmuroFEXYecWndmoeV8EK5q28xS6pfFW3XSbAJXRsu3n
+IKdnmvywoyKZ/RQGpDffSLGXvTbwdiogHQ3PWtQQfkruJJKuBKw3U5Oh+6hkEdU8
+kJpXDAZRYU3gYEpCkIDPfR8VTZfiaHaw0yToba28gZhhM2h3BQqE7Nhh3c5kH5Xl
+ZzKmL3JfGMjrYwQ+iUpNdgBCrSIdQUAta38g38payjra8YbGX3DqPDi5CSkHXG3H
+zFvWS/MN3oGJoNKXQmUrAcWg3Nu2xzZN29gCPkx/+2eK+KZIZ6CzGuOul151k3hs
+2Fps7jDPfZejwpKKKLV3mhRp6lnSAqL7rTS1Z5y0mnzJpkqwLeGtytm24cgd37Y2
+6vtxFOKsqA3YHc6rNgk+sZlupT0f5/oyxE3Hy1qbnK4THXsCEEmOQFNY5lD5A6vc
+Jyl6g8Tlf22NAGL5QU9/aIrWIIV55FBVDBnk162gS2XFExLurgolcG0R9dEa82sF
+urX86Nio4m/QGELxIEqDReJ6QeCidE+yFQnm/gGDAjnT73aaN0oxTX+zA75MECqE
+iOYBdC87jBIJE/33LwxuOLDIOk7IPL/JJsQg6ZWJ6rTAlPYiqGldn97/+zFXOqC/
+H7HS/aWMnU4kWDbClKTWB4THUfNdrfuBhf64sAEvQpqW2d0AgeZyHFS1Esc3m276
+n3wDmJdQLSoiUEtlQ008n7uREl1aJhS1Yp3DxzqFrcqFytINvaXPgt8RU16HPyqB
+huYY9K4t83QQJ41GaEYLCOYfgdMTjWEavTWozlak3GF+APWK3e+hWf7+5NmIO5rr
+E2hic8Mjc8rODbhCddsbPdWZXPnE0h+LpSgG1Km4flT3Z8bNPbd2TWaGKCrYtGwo
+8PiC/86+aVLVaviT1lDegnNmUMVAhXI6tDAfJiUnqYToelS3KnNYRt/itRBp2EQl
+iaACuUMPxYH7u/VLVDp9kenwPJNWQCvl13a9vUKjEp959xGBTB7PeA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0CACert.pem
new file mode 100644
index 0000000000..9ad542d1a6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 03 50 A1 43 9B A2 1C D2 AC 84 CC 7B BF D3 C5 45 18 93 E7 68 
+    friendlyName: pathLenConstraint0 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBGjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FXBhdGhMZW5Db25zdHJhaW50MCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMi803q1skF3rlRLLe9UJy2uHFEYjwqmpOnvDT+3GAFrYFYjS4u7307M
+pOxI7vPwlpRMURsQY4k8IGlNmXgHJLTphFdARhmPWskpfAfC/7mnNrYqvOCixnG4
+1EYhnCrKN7Uhni/l6AHT0cLp3HmnNXFq0YSWVpWOZ5yx7KpUld75+MqUQixEieXc
+PunjGC6MjHJQFrko5igrcGu/PcETu9ao2CQZdqnYb17ftxSiSPRUtwilTLEikINo
+tzklWM6HEO+aQyXi+Ib5UVfmYuUYZCEA5xZk5c1Q8oYd3EAvbP2EHQL1cPo+etR8
+K5IZ3zpu7rt1sD8Lw4JSFVNejDoZrl0CAwEAAaN/MH0wHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFJsrsko8kMVuUAHJIr1jzgnxjD36
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEgYDVR0T
+AQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEAQMor5mePNE4lGLLT0vop
+fvEOCEJSav9+ufqqnH7BrMWQ7QzXH1pHdA/IgPAXXTRVWv2U83srUxERw6aAyuSW
+DJ2g9iW1ti3fqLM0X+jDLrCkjIpyeG+9R+uvEG48FTVEYrWr0yeI73K235XmZh+0
+vht6STnnrNNX+ZUS12wEPOes/TskflyZXcOcodC97gr+veazS8ghL5RPXKyIkBLn
+jRsarcwDyN8KQbSlsUtvv9nowqVzptishiTXHZRnKMWMr91gqVnRkhjoXPsRGsq1
+ytueK4tqUCRnBwrBp+nfg3UyWHfh+Nj6XG+VYkjAXUVytqZdX2rMFTh7qwGMH/zz
+jA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 03 50 A1 43 9B A2 1C D2 AC 84 CC 7B BF D3 C5 45 18 93 E7 68 
+    friendlyName: pathLenConstraint0 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7CD6E26377E7D236
+
+aqLPrf3wLKBxZiScg0dbhdX3K6sZ0ydp8rKlEonxU1efiG7eVWAmvgUTbXGt7yuU
+eqd2XvnN/voC3vAxlZbo/RrYRvpWG00MYaYBn7Saus+huZpmozXzjnMuVFwSYARf
+ZmYRsHuNANm6fzulndJZuPwu80p0H/bjKd5jKOrluHd2cap1LuiqYqpnjvcjxZaC
+Vpqnc4jrvprb46ygz0w+9Tpgc3XodIYjpG+DFNN7IDuh/cMZ5d0tz7NaYqWDIDzr
+b08A6+vR6Z23LNV6LNUhjQCefR7VVMjMDt6MxW57KZ8BWMIXikJ0ThmM2eL2nDd6
+a9ARzkATU7/nOiJoux2cRSjJ1H/faTVrMvhwhbVYCwTVSpRt41UO7Xxh0njzgxH/
+BMpCzSlsGFRivgCS/ok4udMWOPJwO71RW6ORCtdt7ZePw7hQS4dq0OYER9EHD1++
+wR1VVdHXu4FIyB96tPp0WLlSIA1uFkffGpOWp17b6NFR9X8KxPyf8G/mdAy3dp5s
+7dFEsbPFPw11eJliOSmasASxI1HpFN9Aw++lVaG+fl+hzBMRYhsYPpheysQz6IY6
+nMy3B8C25dw76ax2wcWM76BvhAw+ty1WbnjPKly2ScS8j8WFwWVNC1jEDDAJCV8x
+XDK4ci/1ijJ3QmxHQaqbi1vWhB8q+6lrM2OOr4eVgei1CKfSmoo2BAYeh6aw7MdN
+JiMTaI8xrp43urbKWwIwXxf+YkL2x8LElutZ9lPONmmtGPjYLUvpM8AIkLnCdQEc
+4hbhtuApw9K5idWxkD4Sn+wYlJubRrPluFLFkXhhnqPYn5ieHGbca+LrZeyjoaad
+HJ7KNjzqJnD2fqiLnIziu9oOYTUULZxHhoiXRvGo0r0S+46qLoKjxDuNzy0XL/tB
+uVr0yPQk5AGBSHa4HdOov881kzgyyTdYDd4JTHXnfOCwmdhqxkd2hx5F67yPEZb4
+nCOrUrU09MVwnlYpuPzgSSCefv0eGZP2ZXLA5j+OnRAODBxxRQe0rneowRInAIQ2
+a809IvmOX/4+vGSQ9jaOhogvRi6Mlpm2acrPlsZqizDlnGH2DAtk/OED36Hpo1xW
+gBE8gynqzEVXkc+23R/wF1ks0vgVkye2qtA7yBPCLDdYMKvjpWE8XEOtTLss5YX4
+mBQPdpJ38lCTRTojk63MtX3sQCaD2M5Kvr6bCgauEErIcxif40e5Qr7Re02eoWtb
+DnfsxNObcshEOzDoJQFcdYwQFiwPOZAZyeVUtxTauKWcR/vJ3kDr/GImixfqpaMG
+oCJEGN3dWY5L2tCb4D5QI7OdPQEDd+TfTcMGa1k+jYMv4c60TY15EQSk9m/0WXlz
+/s5TG2ZfVRUbUaBFEMQFJxgGRiYVEdoxVmUWSjNfLNFQd9x2rJ/gmxuTgaXed5U1
+tQcF+YygxikpPcoz9Ou5Ghkq2YxIkNVGW6nsySdEC2BXk/iZTlss59xrCJ72UkoV
+fMkex7R6Tv7vLJhwNdqIy+N6p8MU3TOQcsHAQRFR8/hdNznIGPlJWKtAjpWfbNso
+HiMygoAYBZ08af/78SJWzw/9Kv70oAWj+uXR5G32Uv+59g1jeorU+cYZzXNaXVDa
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0SelfIssuedCACert.pem
new file mode 100644
index 0000000000..0f11d26320
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E8 FA A1 FD BB D0 38 25 D5 CE 7E 25 2F 1A 24 FA EA 0E 44 1C 
+    friendlyName: pathLenConstraint0 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBBDANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+TjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+HjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50MCBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAK6/MMP+APou9dhuFL2cxOt7900Egk7KHnsv5qHiDiRd
+yxJk39iF3O2SK7dy1ChKhZtlI7sMznTFD6NrnR9/wAdj8sabFleXM7RMXGCNbKD9
+q0fDqn2pTxJ7oCk7BLjcdvR/coWmAWZo+oC6F/cdZuHAvNI5HILlOF/EbAw1UeNo
+XXfeay8Mjf54mnKGbZLeAMqwpy1Dq0KwnLhMpd54eAPaWeipqPhlAQ/Uc43sVlLK
+xAR+DD1dGh64vr84GTqtF5vWJ2vW3dC8bMiXqVsOyXHJQyFRNBO1f4QedlYiBby+
+MpxTjvjnRZle19hecvhW3ZxBKspQoOc2NveKAdKEPNkCAwEAAaN8MHowHwYDVR0j
+BBgwFoAUmyuySjyQxW5QAckivWPOCfGMPfowHQYDVR0OBBYEFIDrc75NmZ6UvRdL
+WvfPV3d0w193MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
+MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAFT0uTP1wQtXV
+2vfQ7uNjYgTZOtIy6yAKUZKbDssGtwZodj4sAMOqIK4Cc0unzCifaPFPfPS1qDUW
+d7PGUrKDp81rISzOr2XqNZGaMXrdskfDzghTXdwPfpFtxmEPg+ewamuI8zcRTfOj
+sxUB/afnqSBUqkRu5BB7iBE6Vd8Ig97SScxXpudBB/jsm2zf9Hhr4U+cUUQGJpUM
+tVi+MpRRhF5F5Ak9gf/FG6u9D5tawpY7y8nekPGbJqpFV0xJnCp/C0qaJbbTwU/L
+lL5QLVBpLCfdEevwI/CTEUXmLJC46mLDhN3mcCBK0fL1Vjj3k9NRpS67i3/m9ZzT
+ggRxSu4nuA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E8 FA A1 FD BB D0 38 25 D5 CE 7E 25 2F 1A 24 FA EA 0E 44 1C 
+    friendlyName: pathLenConstraint0 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1421CCDA5CA29971
+
+VWBNKnl2soYLiPxDTW4GmlkAyLjZvpqYCq7grCWlVY0xPUiwuZVuQ2xArH1S01pA
+a1IY4ehUoUPrDxWxHo5MkdwyJqzmzpepR4/PebL1+/ZjwKZiyTATToIxylMxkl8/
+SWqdVOdfu7H7BriS6M2+nkpgJzndq9/LqHFj6DATy6jjg3Q+D4uaShLYTP6vXSA2
+j8eHHdLeT9E22ELwyVG3uXvS9T1Foyh6Kzgd2QIYhoQ/XCzcyuKH5kRrWNGWgWcA
+EgDFnZJu1ZrnNmC6vziAUqteNbo7FbUQi65G/X3JcHVBcCdGP3co1rD1uTOAKfBk
+R2bu78wlfOe1W0JripVuT8DdcPuyYZs/qrLep3NzpQUI//4Cdroc7pAlDRp9e9Ib
+D5+Y5BeJQ4TA9ViElixpfn6UIgsx8Lo/0P1sWEysEKQLHIQk3NuhZbhfcZ9ZmVq+
+/fQzbZUp18n7IhbmLRMet6LMb6ogBC4fh61xETxJtk7yIz0incApyD9yixB8KIAY
+dCcCdtqMdbnJRQ7IX4SsGBXkEuCLcpSg6zvrXQ4SQTlWgFETh6d1gziPo9YvYjDd
+Cp6lxtsmDCUV5PzgZTPZ+9O+FmJVhhgRENwFKr+Yh/ieS7YG6yuq0KmZbODthK/e
+guFNm+0UGOdPHhpe/V512JozwZcWBP3hQaXXlWW0QBms8rYUsxyNLUrAM03PlcOA
+KuF0S/6HpIpMvljeEdbPXcGRXY/d9yxZnUtJrc8IBdUVX9BnDOpLGpc8Qpx0stQa
+hvdOH1zOjQdmexDdDcWt7rpyW5Z89cRzHX4gMeeMKPuw+EjaMwUHFH+9m9CSytDD
+oG9xpo3Z8K+TGOIdYpGelGvceP/sUVVKOlfDCoNbBbdFXWLl87ZXP0a4iUmrUqz2
+4UOpFcN0Th2awG09f4Wwbzh0vNs0JK7SBWuTfBcphb2j0FZQ5S9WdUK6qzu76GIP
+XzLCymwCN9a1XyqGrESgiPpRHHLGaMBmMmSVaY2TKoQnsziiuxgh3dlWl53teXFC
+2fY3VI9CyK8zxfUs+0+INdwl52SXzoEyv5CmCDEH0EDoJKxiGVI/qp3sdRknpkxf
+MEsQazANA9sO1rfQbFQnHZuTGyiQunpXlZc+t4hjExdsgWF/RX6122je9BjGoy4Z
+O9s6gx8iJWvqoFaah+04s8b1cYjlCrHHInoXBJzH2wNDZ8HQpqz5XVHTJ9TAkHrm
+6Ocrl5QqKQf7KCuDmQWUMvkt3EioY03Rbbls8hLrF4N23YZqEWpBbPKeAM/TqdeM
+PhUraFZ2aBFxqrA62rEwWFEDBk9f4TuGMRFHPMP4JbL864ZsbyFDhXKJ5I+AIjva
+PWOwohY1PTs2POcNHrmY60MyhqSf1dpU5WCw6YSdiv//MNo57Tzbb7NBQsE6pwAQ
+HjOsNVDz2mz+xtZ1XFv92JjJwJ/f2BwuVQUs3tp8h2LoXxBlr4h6o13/e2rQ8P/j
+yF058yj/1hZp/KrgCEXtdGozT9yTP6Nnn2yXiyZHq5hq5pB8lNbLe2tBIj38bu72
+5Fi3nOks0UiE5o62V5lsZfwa3rMZT8ycm4Cvsd3qnk6iL/bXefNkQC0pAgHwSV/G
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCA2Cert.pem
new file mode 100644
index 0000000000..72edd2a808
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 44 1A 7D C3 32 FD A5 01 4A DA 78 67 8F 3F CA 59 F1 0A 63 4C 
+    friendlyName: pathLenConstraint0 subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBBjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+IjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50MCBzdWJDQTIwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDDwju2MX5clm28dBSlbJqozQEyqSyU2XEBKhVc
+YhHCnnW4Mhqtx3HEFzG72XX5tAuLhjtpQjwYhoz1Q/vHdZrzG5/rtbthbeWrVbFa
+pr+NS1CJqJWMFYfCITCOkWn4BoAzga7reEAsMGZzOsczR3RhtckeYQTfFj21H+pe
+zCcJ0DESZpBW8QAPvRm9fryCl81O3aYAV+bhz5ssnL3hhNtn5Ll1ZDVALkOXtOqC
+sJEkDQNJTaXROuRqUCs4dr/uLHVlOVbhlv+oND5n2ASTcgeyOra4PO24ZqKnmGUJ
+8QSDeMVZ+pauI6mF3MRWouEGQfQVdvXE4jJFueTa/EvvOsG5AgMBAAGjfDB6MB8G
+A1UdIwQYMBaAFIDrc75NmZ6UvRdLWvfPV3d0w193MB0GA1UdDgQWBBTGCSob+7jp
+PmhgeseXzrNYUXt23jAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJZghcKY
+Ek73C7WdWGwfUEVjvhM0L/R5LGNzvHur2Oo3Z3Yw3/J68QNKqtge2W9gMl3xQ3iv
+T2wu8Llxq3rDtMAuVKM29n9UK+rxL6GTb9/n5tgdE9UVQhzKaNvvR1pzTGmqne3V
+xHMi7bf3aC/1GVs051DMqPi99tFUCe761r+gvwQShcDVXRHKtK0bidx7BSKdiG3n
+1b+EbF6w0/xmPpIpP5L1XFJBfnpclNr57zopBNjsr5yuZ8FM17L7jynSlvbJozlS
+EXMUORtLZr9e49iI0vRU8+FqwMEpMsFdHY8fTnBkO1x/01O3x5RRBeYf3Jekmoq7
+q0KsUdvxjpd/KeE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 44 1A 7D C3 32 FD A5 01 4A DA 78 67 8F 3F CA 59 F1 0A 63 4C 
+    friendlyName: pathLenConstraint0 subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,87AF19A419801435
+
+sHg4lcYFIK6ljU4K8tQmlG33G88gpy57yfEjbmWdg5SuiM/1LzjaQHHxHsFxBRP/
+8U6tYoAIGKaMLFRbu09YozlQDaqBNilJe3cqcdgM6Hk64vNQqoqnHqC+fEmSxTMh
+SYKPOXHbLOrNg21kBtZQih49UN4NbwJUtrEEvhI7nT1VCyFER5d+eYuDuEzg/n83
+3FTeasFmgSDQ5bBq/oajGi6RY8UCRKs1M3Dtz1mcy+vrM0drj3KCAvHcuAU3iHEp
+eqSC0ZREJc2U7Cx/jChkjLaqggLCXjlYTkB3Ejpgb1wa1syEfraQNwbp8Ru2RnL1
+rR9MTzme0mZouDfs2AVRvqjWTMIcled98P3CZ6m0+r8n4YHfYWY4BZxKmKqVERua
+4eO6bP8cQKX008B5AKl6REnODiWSeXFmZNpenvjriZoAncCozwjXbDWg4x7GFO5H
+UFT6aGLat/pX+BhdjzRFFWikAMRjL+cuYCfhkWCCKRW3hbgeT0K/W6+e3h9IRONi
+bJ5gp2hyW3T+OgzBsldZgnVSMfDoc7dOVzH7Sdo5S/MMb5RCe6EX/oVcUwO4E5eA
+b2s24kOech8QpvDSgVVqt889RqyYeALlzjHKKshSMs+ydSx0ukv1rG3Oisjgfqj+
+liDZCfwaDZy1V1FZvBdqZsQEs1cWxb39JwzoShC+W1DQwLOoQyesXz4xFbgSMK9J
+vYue3oj1wMxiGyUhf8KYIu3UYCKuOqnFBoLCxOmhI8GABloGfa5/aLMjd5JWBIn7
+JB4l+NbD+Umj0ZGISH4/et4P1x/j6wpljzAzIb6QaDHjqMOe09owdH5m1hZ4/ybQ
+T84P1qsUKKw2GDR/+e5CVcoYioSkJsmQDYNT9Q2s+gGBQg55G4JgK7CCEYsBCrNr
+sFYg3dJJIOqqRucwB9Ghf2UijPbj0O1SH0z7tpCuw2QQmjk3UMkWxslJQE7oi1Nf
+ApEhiNhGxNbr6TRYXBd8Ao8O4ZZcbgWnHVRWW9IXNYBX4VWsJMDjRnC9rWnyLakd
+xSoH2Au0/F14hrTm9uELPOwm4sshm/tpoGj1UfK/eG9WPFN6aHOJMqNmmOyH9Oj+
+YziswpuHRa6s3fAsawCjBfAZ8K51QLIXWmjMMWLpoYjaiP2kSwJmvvidRb50DKUN
+gMH9ssDZTLSNf2gKFgt7AClZv/u509VX7DBrC9aXecLzfOekLJraFpxw4tUioszG
+Xp5+ePIvD0PCw/poO9e0IJmzncvvBYmFIJM2m0GsD3QitwPF4aqWnViLiMfFE4Sw
+UP7vY9gOD/mv0qnpfUx5aBl5ZXlMsOJjOq0MKpp22OtpEAO+2UtKPHdhHAm6e1mm
+jy9fvzyFUtOwHL2T6m1bcAMKJ8cpow+y3S8/tyl3rFSE0H2NTdb4NIVqbqsVoHxS
+J7VS/6QY6Pw/8sEcuAXa6U23LFeJKNgVlzXU+46gs1DEOJBhtxmOjTSoAugmhWk1
+q58AUccS401V5a+LkjE/+ZguKw+v4YkfuNPh5upXVC1CEwTlEWRY7COIClftb3mU
+qci5/P5LSl9lI5hY8SZzUD+Oiur8QfYKTGdhqnwHVVz2ZWOSNh1YyQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCACert.pem
new file mode 100644
index 0000000000..af09d14be4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 6D 4C B5 58 FC DB 0B 9C 62 4A B0 DE 51 50 5B AF B5 3D 69 46 
+    friendlyName: pathLenConstraint0 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+ITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50MCBzdWJDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAK30/E10HSTUTxTe/EMYjXq+P+oyGA3ZxAEz6OhM
+uPKZnp0OGu7/kIPVhWkfbEa9J4wKrbbMmk3gqx/fvbo6/ZhWDkFq/fjLvjkCC8F7
+CFwXrLxGAoGd4EvdGIUyZ5zUeIRZYWYjlC8J32dDAQvbGx9/8j9lOG/3Vm0cHXz7
+kF6B9mHp7OHEm4URyAKM1Bn2QCbsRCqkOFxWLh6XbREdKFYWFRExN9dL9rwOZ3u1
+psGCpvAjXq9dw7vvmrSqJAPku2N+qx9NUysonIUNKLf3q3ynLLK91S5C8KeXoGWS
+ujGRF1gnvTNlPcEf8ESRg53XokYZ7FIrxPCmhtNwnAAV0a0CAwEAAaN8MHowHwYD
+VR0jBBgwFoAUmyuySjyQxW5QAckivWPOCfGMPfowHQYDVR0OBBYEFBRiZxB90jfF
+cgbQ3n+1Fh3Ko3NeMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFl
+AwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEALpjmzN+R
+TIzv5jQAMokgflELINf1b8eTeG3Fz9CvOZ68dGJIMr0Qigr2epEQ4/KW9mHXUgGn
+8GwXvnraoLiq6/LyFEW6PE9yl4lpotlxLmMnoEDDno5rfLWgKC2uygKXJrwCMAxE
+6pNO66V6Qi4nWwXpHBwnbeAVp137LuKp+Fw+SwmcqSFFIScifwSCS5kFokqPUM9l
+sYJZg2bUDj8cMGKYx/erl/LEZOT56lIcZBg0v5ablxB8XrDA1nx3QDONqd6qBjzU
+FFUqgJpu2CwiZLZ77VRfjuF889mp8SHnwi5tPglVZFBJ4t+72LfjXgM32a7rCwrE
+O1uFD6QiGDQAQw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6D 4C B5 58 FC DB 0B 9C 62 4A B0 DE 51 50 5B AF B5 3D 69 46 
+    friendlyName: pathLenConstraint0 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,15EE4B43B0C84AC2
+
+nTud/GUep/vRr505cfJlU526WLJu6J37DfIdlQF8X6jpVWfjSxLh9GHtQtgSRFHQ
+hKqyI9CLiDVCZnJc26doAWBtbH3ZD43gp9vXb1cUzapt+fUQqUD1FyLweerMZlvJ
+1bMNQRMMPIw3YExnGgVFPMiFMzjZVs1frihsma9VrdOtx6F5VV+77RQjVM3Aqrjm
+TBAPpnPV+P9DsSkgb35dlqAePDnyRnQqHXnldoNdHFkTUVdlCp/uDtz4pKGgxlLu
+6H96vTu5yVgKGZBB7/kpqWNo7r9D1xVIo/V1RUzmf2KlIlSu8NYAb3r0Yw+A+CvI
+svrCYbs042YrN43tjx6/MnCarsERrExDlyeHTi2+0KAT8mrFlMIzsQ4IUGiWm9aa
+tbhgc3QUEMbfgxwQk4t7pGd5fi8+ylAsklnw9d3o7hlsCMEfhTEThB+6o6ICO0OI
+yOEQyvB+hDgs5eOekGx4xB21qzbGUc6JmjauWeQ4KOMO/YUceE57jNakoqCRkNZ3
++KCghHuNeUAkM8Z4DKpO5Xkh3PtJ8sg6Cy5qRUq6iMuhcjrqpRAsuI8QuNmSmgW/
+lSQZTqfR80iA6HJTtEYsQnTe1HVSAKvv6WYBAzU96ubCuD2MqZYP7kN+ObeoCbbD
+Peoz7yM3TKoM1KRUW13QslczXjIkecVgZlzWBRdTZMBdttMzvTsIp8TTRHEjc3zu
+qqwyMcWkkmHXko86NpStuSbiZV85/urDaAAOL/chWf9XLCo9CSo6XHsVtLC8W8js
+dFxURzelKqFg3pXYvhTE+6oHd1oTVPDy5DJyfkhf4thMrF+egAq+efdPTTRB17dQ
+eQiO7gxWeKLuKwg8jUQH1hTTKxHnjraAW8hhi9Qg3wM/5EbzFoVKjTvOoI2rlhyt
+FbJaZPD+gnr8uDjYouVxb+3lBnh3wiBlFmWtElG33kWup0MLJc/j1bgGsjOQkZY2
+smfzEJh0m9i5zrZXe6xX3copT6ZfeTB0Q3rHt8MEwMqTWO45i9HQVpmm/t2u7tcN
++hsyncQgWKN6N8r8De0wZD6PK3BDmau8nhoRnJS5MKsVZasFWK8+uRxYZiLtr+jS
+H8NNnahUEzovQtJzRh7B7XzvRrsbnH8UxmJmilHosg6L8hIouu3/Sb8X2zKmdsVQ
+hVq9+Hu8KsNQtJde5GccM07oJhRlkT1a/fJLgh+pV6eFLHCqt1Gww7VFoIVShpoF
+rGVIohlWG/CDlAWZZ8MNmjjr0K/T9P2Ya91PdL8Xvj5rctW0/qMsNJa4jlazn0cm
+Cg2DMccqrpJiQ9wirQBAiCouA7KugS7zNoXVKkKnCNEuJoRQqNjU9yOcaczk35sd
+lsh8IqeJ5BHVyyrpK/th0KQJMeNGMBLz4N5H/dXlsIe8nRcKWPUPmKL5Cf0saomI
+CKn8V3Q1nl12y0dV9RvHSnmu8BEWPEJYNZ0oGXeJgi4sA8iCRuxv/wpbFUiRQPuO
+kWrpmmN9HpoX2kl2eNaf6kotG0AWxefGf7y9xLSyC1UTBJa43D3zeC6fghmj+sAm
+//PCJ5yIJUgDHRoElFOXwq1B6gDuuzNODQCqBmiMSDycW42xyUsWWQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1CACert.pem
new file mode 100644
index 0000000000..a64bf26029
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C7 30 CB A8 FA DC B7 67 60 53 20 1F 28 36 2B E7 04 95 C3 6D 
+    friendlyName: pathLenConstraint1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBHDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FXBhdGhMZW5Db25zdHJhaW50MSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMPMeBPiR7BFGHpvlxWNf9ogcUB61rzOlXR3ZzeDZsb+hslxASASvWVB
+nCbMGwoQyYVuCOLiWkTaZRxg+Xf7ZrdZUqu1MBNISS6xpjNsgk8SoDwRJtN/TZFo
+E2LpE90VAJRv0KBFrwT0CTAD24xCLF3y2zBLPX+lcjySi5HPshDckNHnARdxZ1B9
+m05bm4mDIqicBxFLqz33UZv9zNQ9E7UPike4HEdJ4vcio5eUtx0WPdeLXVw/zXfG
+qgDdRpSsEZPrSC7WkWigblGL+/5v3XpjuUL52ecX4egBKY18lL/Mi/7IGOrWE1/q
+4ucPM5lj2DVmGJ2PC8vWXyMdqjy27lMCAwEAAaN/MH0wHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFPPkcWD/FxTejSaFM34c/MFHZ/rB
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEgYDVR0T
+AQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQsFAAOCAQEANk4qiCIoQEqCO3v/6FaO
+StfIEVgimKiuVHCxSdRdvU/53ullYEWRonqoGRGh4LLj+oJO+JgWYmstphMNPgQ6
+edML21rMH8HYOsj/VuT1akNeyuXT9vwIusPP1UMSkmYu2YehIFzJijxZ0jitX8Xh
+qfkip9xpgQi/R9e8Ad1prvQyhZvFvxkNTXwU/V2oZvvAcBZhsH3dZteTLc5dl18K
+4wRO2kcU6NBww3W6JtvHIFHKvwihyUpZckc5CrmvAkNopP6DCF3nUW8V3OBrN0gr
+7g8Vrt7Tx0OkWNUyJ/uInPrpCYh4IrXAyd94UT5L3H1lj+tNYY+NdWeOhkYafjSr
+2A==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C7 30 CB A8 FA DC B7 67 60 53 20 1F 28 36 2B E7 04 95 C3 6D 
+    friendlyName: pathLenConstraint1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D09272A74C47A74F
+
+DU7n1+ZEMoTsX/iwSlvxElwPwswXLovRkKzF4XsqmkL7bIsFrDARDmCHOUhV6dJ4
+xl1hG0q4szx5kMnuJclVJNvwkBQxUwGMknNZM7oQxWkEj5xCeet8zhgdU0xuWQ6S
+rIfJ1H6QeNoLNSkEucwT+GCrhXrDtghzb5SZ5t7u6ozjJlUP+h+bKGGCA2J9Qr1S
+AfOqreZRFKxacvxoX4WFtLl4TGYdEi4Gb1Ou1BhT/OCEf8spfABJGZ+fmJq75TA6
+Gb97t204J5zdNOIxCVX+61K2l5YLyTLsj3yqehVoIkGd4CAAYy6Ua7wKARFdSIrR
+r/J0/32wQMG01/u/bz65CSiXWXWGLW0o8EPxZs18dYT7jk3KuLKkD5qDLYFnfL+e
+cnMDLt769aLZY8W/3sZkmuLLpE28ZN43+mtXKNl7APFkeIjsAmUt26zXKPTPGc1Y
+bAU85TKL5okI5opfNWAB4B36RkBBvB5RXv95KfkhTNj56w+su25l65vUwMouzOud
+Rw1csly0gLtOhovlo8r6Wd+qumhPFPDjTycttLKPsn5fJLtepKBOKe0XjS21AKjH
+8R2RMnSXyLSqlNr2UZaz3yPrtAmpW5L6o45Z2fRb/UKvez520EiH1+WEn/coLtdv
+70/+2npE4FDQBrYzSfjAYMTxfOJNV0BVLIl3TIKq4jeoyQC/ie9iFw8WKsvj325X
+cbl+4/W/K4KkqAYwt1BYcWL8UQiAZH33Ku0vxRNFKHodnx6ftby3p70IHB82fR9w
+wWvtaqYC5um+yrZsgFoGn+bqEGWuPuZAKkpITjKz270iPRLf4/HK1josL7fvuj3L
+3sP+SUrrLWcW+ZIFiISEz9i0SzAoRGefpom9XOEdssRNktq7nJj2fD1iTlOFGjF5
+AgaODEOFGFVD7DeIcdwqWo1axy3OMdjFl1gqzh6tZQIf4/0XyvHyrVHRSRJ3yTFP
+C1VyuunQOHaoYD60/ywFs65hTE1J46+/0RptUhyja8d4z8noquN0RCMX0gruFy0j
+tvB+FhWRAOiNLc0R3pwP3cDdc+mF3qIaJuRBIHIOirMrUGms44pDs7qAbeJ3QTiI
+o5v+vHbJbUFj0XoJIyuz9EhCs62j3NLz596XRQGUuX+lwM1duYxyz5ZA1/rrbHqs
+PF7OonEbFXeLwv3rr21iIEtA+jBYFoArDHtLolVamKDiHjJAP0HyzZ4ic+yqOLLy
+Yp2YfGRA619qm24MV5dwqxw17aVufAI144prkxo4Mxzr9Xluv+OLwQqfJ11weOh5
+Jm+IzH631NcSfiLNbrNTs8hr03p3fY6idAAM7fFha3zrfu6Pwx2OKOjn++G4uEM2
+zDjHsqx4pLoY1qYnPLyu2S0cTmXijsx8ce7T543EuPv3dify0aiN10Wm0FRB3wiV
+/m78qUydrkm6HQ4pp9OwxiAE0Z6xS7I9dxHhrkfpofyyqQWzvfjW96CMHXWHCJb2
+ME9TrGw4iYdvs6V9bfeA73nZfrGT1mY677wfBx7oKDjXD/pDu6zxfVpz87+UJQDm
+Y3I5KEi+6dnvq6CqbJ1F2S8w9JrWlmnSghv+T2oIIquvc9vBEuQBemYA8Wqwe2+M
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedCACert.pem
new file mode 100644
index 0000000000..fbda7aaa06
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 82 3B 7A 08 18 4D A2 78 C9 62 2B A1 FC D8 D9 6E 6D D1 F5 2C 
+    friendlyName: pathLenConstraint1 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 CA
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+TjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+HjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50MSBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALt/+8RsBtPmiqfzvoksZfA2tnzXWqaI9We0vP+zCNAn
+g3iq7xtccZB1wczjSs90P07TGNAo0kgzvRW4Cr1H66e8lpd7pj4TJtkW1lnaKQAF
+DGvF3fhGFgfDUPhTeHfEpaeJ2IPB8WfuDfaCvUkmSXkLo18Q0CTzW6GHr6Cc35iH
+3njaGcppyCgxRI4Dxn8I3civKNhjV0I/x5A/KXBh+Zz6eDRZaQABZqHaPwo8Y6hm
+KaXyAp8HhiEphaGS709jloFQAbS82FZEtUVD9Arrd3a2+cSXfhCgBV79sOX0tTYK
+Wzmk9kRWiRD9TZFSepIKlwsployk2rD+V48YyQ2wg1ECAwEAAaN8MHowHwYDVR0j
+BBgwFoAU8+RxYP8XFN6NJoUzfhz8wUdn+sEwHQYDVR0OBBYEFDS9ZOOfjm6YJQDb
+ZTauNAiV650HMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
+MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEATw49Gv/qJNHn
+DrsMkLN8NPb3Yk99ATawO+03jybiYqsrr2w+r2aJdRHC2dRoAZEpkQRceaSI1LpX
+gESU9z5kNpVYCC/kRtqmWPPGd7/zYfzRG5shGVtPkqDjyhc7J0PJdTqWKafDosVq
+rOhNJmpRr/u7wrD/oQHxHcjqXpcKW1BoZdJyCd74jQG/89gG7PoUcz1WYFSwnOh5
+uU2zMFbp5w1b7eXBRBZ5604dFrbCATLbdqSXDTYvCuoRGknWHbM2eSFcwlddEvKu
+Q26ZnAEbSmtoGCZhC1tQ9ymT0IxgFr/kEA+TbE8PwPbeVExckBmYVYSZ0YbOaDbv
+KzHycDsvVQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 82 3B 7A 08 18 4D A2 78 C9 62 2B A1 FC D8 D9 6E 6D D1 F5 2C 
+    friendlyName: pathLenConstraint1 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CDF89CDD9EF4A5FC
+
+OVoq/PNs0UiHCs9KO5YOv3dquxzP6vCfMGDWmwAjvSIIOqmFipriTd4TNwPzr0m5
+GpxIOAGwWCrehvOfURdf+54joX8MnEeBWT4RgR4qvX/whNU4Z1NRm8+lNd/YIy81
+IqKDgdIW3r3x0HqIY+edk/90zvGo8a11T525oefzpcKnvm3D0KJYfXhAms7PAfPt
+zPQ1tZoNTMVX7oee+k+MSmISCKY/ohumJafQ0TjFzH0bq8nZx1YdncyS5mpY7TOp
+By1zh7VaVpAXXGRLK5Sl0YLcOTgobr/dR1G9Mqqma5e7rauZxq928ZDWJ7rsoDr/
+Q63vB3YQBio8sODpBXo18Kehk7lmhUlCeLIOQAefar9gxY+sV/ZD9HeLzdb45RVJ
+qxu5F83LGbdn0Vq/vrxMbEB7C13qT3GShUrxUz7VsVfVeNevMlb11Q93+5mnfv70
+gHH9Q8OfmvRBqLuiWdxtDKJoOIZ2sM7sCoFRf6kisNybNChZDP/vNGdM+L+ErJHD
+ftMCiQTy87xDdP11C8lQN27Bu6rRAZG9qUFbmhyUhiE7CUftjmsXGquCGnSHD38p
+yPrazytt43xF4sq8JMZBYspY0rkbzagaM52p1eOWFDHK1vOpC8ZuQJKHQG0ev/PQ
+f5fYa5BqRLPm9KbZfYKFUYEmHtMUTe7Pki8SKxjX8YVw5atl5aoudYmd03Egkr0a
+7BflAySllNviGoR5qn6lKNRdvNwL+TlKAh7UjQBmHMOBsllsSJETdqLQ03v1T619
++Fv5qMjqiNTEktG3jNYwgXKg4asuu6xHYSQJQHmIHb1qJhhgnelFFg9+cAEA6JxC
+7cv8Odybhol0gOV8oQjGY2yLeuYLHPYkPDXXyj9MUC/iAHxJk8cvUwZDQ1dK416+
+sN1kwnX5Hcxge+EWyTgCt3Da0+VIJo9bI2t2UB0T/Q5Z46ZR5y4dMnMYErZkTdGo
+MXUPL6BOY3SdhF/ppkZkteExWytpSOnHSugi1GspgaJMX+23v/hqMJLT3IBlITRT
+1atH1NEqFFvctTqKsOgK8gG7VDVlDnmoE3GElL/qeoGFYB5SOltprQpoH08P/jw/
+1dUxoEEzr5jzRONL5uGf1bVnckCdouTyf+auaZ+ugZOXG75xHfHn15PspuTG4DuU
+Qz9jRVoZt0BIfpdlcANVNZr+eiTToAsfkfrfc/hF7JSnMAtU7kwRVIGPaS7p0Yb+
+PPTroeukMU0jvY6Xxcwhb3QKIlOq4HCIb+awL7A32fCxT9D4t6+fpM3dUbPKV/PI
+o9PoKPMX/UC/xCNQ+1AeSEXVQBGdMMJReDW+bpmZX4Lcpd3DZ6ejtOTND1KH7AYn
+lGx265A6sPN+nTAtfcJVhNiTv+6VyO/j3vePvANhY4wImCHVxeLS44UYvO63lpsw
+l54B/OlU6ip/gz25ZtYI22IEyDWKPBMIhytC+cnKQ2VSGi4QAR1+0D/G58WTU9qt
+SD/GkJQY2LzntMTdDyfKpx3FzlInI2yb6fjV/pvDOetza+lrD1CaDMOh3DBBMrZv
+Hvm3dC1znnwalxZsjArQrvFEcFVMif/NLtwVcJ2xOCRSay2U3gv6Y3qUgogVMXZx
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedsubCACert.pem
new file mode 100644
index 0000000000..1e7b38fc27
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A3 3E 09 15 BB 01 BE 01 A8 8C 89 EC 20 3F E6 4A 66 E1 D4 82 
+    friendlyName: pathLenConstraint1 Self-Issued subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYcGF0aExl
+bkNvbnN0cmFpbnQxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowUTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50MSBzdWJDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKZG3pTPn+SJPMjCLTMtG2fYzkP+dDAXVAVI
+l3fw5wsUeCwNjyYOa0sWOGp2q6QrBgGhVUMi/IAw0y7YzE1BWOyf0zAxVKSjTNvi
+zm2sYeC7eH5J+Yf7c179F0SLa3GwuDf9z18z8gSa/mtqszclsDK7SqRQ+wC3cer/
+XHZ0KfiAhON7XLkhuFoInS1SlvYmy+KCSJ6898kqWLhx4KG5kty77HvnB4uUeCCK
+zhaIaTTK91r/R1LCGpeU6L6TB7O4wi+SI+tkmyIqy6MUOG7wEEgza8ACGOT6cEVF
+GcJyX7dzo0BJ9J+WcSdsK/Ugh9WIqyCSNA20sHFVOYq+qOWuanECAwEAAaN8MHow
+HwYDVR0jBBgwFoAU5ZmWtcd9VUKtgY7HJfYYzaydkHkwHQYDVR0OBBYEFHkDh1Mp
+Oh6+6NQY5QQ0gyudEcfWMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEACZ+k
+jPBCnY1vtT62m30fHrzOBlIhF7BxGFRLElq+cz1caazoP1UwvI2U/NKzjtdjYIQU
+5KI1G99HmxQE1P3Lao0GK7SMi7PrfZke+ULWCa1/NviZgj1wZIecK+o930xlXemo
+xLYT5kyDEQTaKXLEmwWVZA4YZZybcrDrGYzjcYmhVVRId10zAHqos+Md2E8OHa1Y
+q1i0lpS/3DjkHhWmOOv99c4Bs5TwmW6IRNjYYdnPpL69XyeIaVheU2KXIxVxrdhp
+hLn4CRDQ6SeZl4zb3WzrBKLWcLJm4JM/OTGRb0LsV6Qba0StWp0995lGi+tqySuU
+slTcCndmiCcZady6vw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A3 3E 09 15 BB 01 BE 01 A8 8C 89 EC 20 3F E6 4A 66 E1 D4 82 
+    friendlyName: pathLenConstraint1 Self-Issued subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,50330B0885B8FD2D
+
+8Np7zgICHrdZR90w/givtroizFxRrkLepi5D6HGrPNhkl4sqTmwLLhgl0pQO7Y8P
+3XboKQhlKzmKT43bjxoVtY9IxDRgJvMvAc0Tt4Uw/16iYK2mv5M//8VxiKbwRbqy
+NeVYYPG7O8pGWO6FRAmjZ/J1pLxfRHzFbNZipFyl/Kt2/MhNL9JTrPETodC30/Nx
+Lxx7Hz1gBGXfOBXEUVq1ON7kBoIHeAEgG8jVrfgF1sH7APB9SLwNDEO7TMtGM33B
+0D3s3umJN4fWoSE73bQp+9o2L3wkPYGRjxInWEYrrkClWINvRwIiLsueIuzbdn8Y
+TqSsllbJyZ+VbjoVOiwrG4Ax0p00HLfYhibuXJqWAlV3WvCBTe3zTiuLiMqnf62u
+QeJhrRQ+3enJA0lTeFMX6fUm8T5nkvFcSulBhFAm3Q7JjYbg0fDmA7uXpDKQIIZv
+XDBxzX3QMH5KGHm2uAHx+1eLEpOJ5Tj5vCB3h91s0mMFpOyCAkBatiaKYgDo3AVr
+F2e78b2N9NQoDxMZUSN2310Pd2tIiCQJFdWwBZRS/LBv5sbgtsU45YYITRKH5Wxk
+sY5WqiCmijHHtVZq9rmbJJNbst9TV452bMsUKk9gbDvPOX/OeycXrlrDzEz/wlTi
+Y1t2X5ZbZTbfofMm+bw660Hrl/f3QvH2QLcL7FAu9bLcw8ToeSRcuNK/1HTKbmuP
+BW+gWRdiAlVUFUH3DnjMw2KvUVMDSqx5Z2i2YuoG7uLxY9E1PLMhA1eM8bzvFKCz
+elwyJg6/EsGioURgxdRg34PGTADUEIUxgtEbr0P8LjCQzYOxNtFV/8VbhbIJAqqy
+I5eKqkfIeRisoP7D/zCpcr5zUtzaMBr3XwrgNVzwgiedX4ytMidAJau2DGtDcqFK
+8khO235lVEf/1E0g35it+o/cVo1JCpAFQXvTjaGfN+9OCkSh9CIlF4X3Kq9njydv
+5Gt5uHkIOxnJ5v4n0HILLVmriO5hP7IG3LuhL+T3CRc7FhIfi24aZSj//kIUQxcO
+DDE0fyaGsaemmH85kkIkhVZx+TDBT3cROKG7CPc+tyzqhrZdga/O0+9hSKczs+K8
+KqAcbSTsp5PNCvxHEqWyBqUOnGdsZHb2qbnfOULa0908SKyBT7Kus76qATNY7DcA
+M5G5/dOQkD2oMkl0kHOl5LO+ByTZbOGikkyKvn4/B8GEOmj+5NIr4fs8T8e/8VH8
+Tker6YzzpLNoNvaok3WTkeQR8CnO1mzhqh3kgejOttaa1Tfv9+Ho28veIIXxJOYM
+WPdRbYVWUuZCuncl1wcn0ZZN2N+a1T9a+0d+OTZ/Fw+g5pED0YgZk/9NP6Lek3WZ
+y+HWHrrLBOPPUI6jddMQfUgk4j0OmIhgf0edgRkiTze/ZlRsi7a9JzYug/Q3BD8S
+jlyb1SzItMP1JVnqFFuBxChbUGgWFvEB0Bljq3o0n62ADNkk3VEYzmV57O1h6iFO
+SS5veeD/e5/IUq5v7VeLRa70MJ3HxygAQAvzWtimWlBiyR0navwXrdJsDNP8+To6
+CnYiJxqPh20m2lO18bES+b555yUPzgO2xvyZ9ZIjynvYelFg0CxXmjyHoidVV96v
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1subCACert.pem
new file mode 100644
index 0000000000..8c4fee3e5e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 45 C2 92 B2 42 06 35 4F A2 74 24 F4 E2 ED ED 1C 35 42 2B AD 
+    friendlyName: pathLenConstraint1 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 CA
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+ITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50MSBzdWJDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAL4T7DpvoO/ymsui7e6SJaKtxNET+dImelMFK7Ao
+PzGGaXiDHKbPPV82MQVEICaeDZ+CWe8+tCRGEttlf3xFplzOg7glM0itFpGWhe88
+OtUwj4hLG6TBqu1W2dJU3B+JghpHO67brDoO+AQxt2juJIknR2AwYwgr0MoylA8h
+TjSVd6aLsQfaRLdjGLEzbev7Ktj1LkRbykGx0FeoGiEbj/fW1Nl3RJGS9aeiQnPL
+FoxjNAQ9vDOMB+xEzLEVYZAHvXVvtYGxAHywrPYZbAvrmm2fty3sLN0g//uJvbOZ
+2EbL601Qu1MAp7yFhDFl7YcsQxQORkfx3gO/noeud5np1KsCAwEAAaN8MHowHwYD
+VR0jBBgwFoAUNL1k45+ObpglANtlNq40CJXrnQcwHQYDVR0OBBYEFOWZlrXHfVVC
+rYGOxyX2GM2snZB5MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFl
+AwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAS0A82n0i
+4CFz8P1KHyyPaO4QK8v834S0An0Nx2G/zEcQM2SVYDjVKbls7mNN3KxtaMmv1fS0
+kfdPzYAvu7asEHTRaM2854OI+zBIOZw0l90/4cCxdf2eUCphmgKehy9CZ3BHEqVE
+iPJM3+/XAxlU2WuGWblNiHOFHKl5rXlkGSBscu4OV5NHay75q5nC/LVaMdugWSAe
+xOOHiLnV+H3Z+rx95aa5/uMn1TL+N+QY++cC/ug/vxlfOEeFhCWc8VhuqzGNtFlW
+Z1FR01Q6Rxs8xRnyOzZs57dTdSA1bDu1TnZYelrn7N5x+RlYixJA6M9fM/kweeDa
+WlQQJJGrznvK8g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 45 C2 92 B2 42 06 35 4F A2 74 24 F4 E2 ED ED 1C 35 42 2B AD 
+    friendlyName: pathLenConstraint1 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,720A13E00C693308
+
+iDD+bcmeaPqbuEEMzH04sORtTsOUqI+Khjd33vJEZxmP9yClJfYf9nmM1dOuUNCm
+Xtb854TzIsssbKbWdGfE6OrRjS+ivHRH6c+5SOYL1lVwbT9Nr30NNf1fUJYF6Ogq
+c+yeE5utte7a2xB3mhy0/VqsNogsiLqDte7auh0MIGFg0dACe7227UEDqLqKUPGW
+oLfc02cCdMDxuo7m5AxyDQIokcNRE7wiaX9cR1ReeyyY9oy7F5qWUYqA6jkhQNJZ
+sW3mscZWkWWtCuhiVY+r/tKqIGf0T/+s1PdBUlcK7cTVgECJygoC+LrYYSQuJ+Lp
+A4vtaXegDxgzNtXX2wCMESRIipTdXHhUJboKT/Z5O3y7WsLCb4YL8RZ/61y1qNAa
+a/177gG+iz/Cb3jOxYHZt16O4qvhQu1RVs1N7oexIcF9TIkZs5Z5IotwLRQb5aLH
+23lZ6TUkHBgyOLNvkGwmJBJQfFWL/dfST92ak02jnKTtkXm5ypEpg/Gn+ZpNSauP
+IIzBPoUgyWn3RCq4F9zYl7yU9tkOh8+JVq2pJSJ75RMd3hhoH2ivSS1zDsc5cPBg
+IFbq1Dg2T1BlzWQ1VhVePsEf8Al49lVcRTMa5TzrTH9wzpWZypxrmjr9PM9vKWvL
+9ukZrz/KgBGo9uLvo/sDMD9GdRjAJ4t8ACUHGdtC0ZGvnZjKAGNxyxNkEt5BqgQr
+3MkltlVZyQDIvr8XFMwlmbFzQI7H7XW8QQljkdRhYOHrcsbxlvo1o+PrSkb4XeUJ
+Mbu9NnS7ale2a2+YYDQfhoGuaaw1IrtQnsiW7Y1i2Pm8vDEtyRWFg9QvUD8mzLkR
+STL3thk5P2+q1/NlBI524aJ0A6vqpSCYFy677gbSkDaD+golnd8PZJe6s4bY8NnI
+wggSN71/7hWoAIvb+IW+zHQQ/i7KEg7NZ6y2DZfVTqCK81QJn5a2CNesGqEsxyD/
+6KkQ2mbZFoN92eAqwaqL40oNbrkp4BRqFKYhE0mEJHgjhlDQbglSrm8r4+HC2Cla
+oSQqlzGWSEvNHdY1lmhCd5qwcFB0T0dAbw0c3kr7tGwrnG53rdbvV9KrkpHfn+VO
+T+GpllfqWqlgsVSxv912c80rmGtTi4kTbQmF31hEgmIjVhtT+0Af1Ajf8vi5zrA1
+rWUAEfxmCPEgCkzBZKM5hZdOybAT1vMiLR7jft3MUxVPNmjnVOxBhFX0vo4t4bq0
+hXLRPdOVh84NfjXMu+hRf3XX81ltQHPBPNxoOtDWcPJwvGpyxucQYIYVbEpNW7AI
+MMR5AeMZkRzk9U0JYt9H8GMJhXSK3N3+Ijwul0cqS6b8nuWKpUjMWOiJkC7MiOdf
+UTJVN32LRfIz/LvYC7iI4lzSdBzSRWa3Tlxf2IGGEYWTPEnyAcH7/2E2nM0c80UT
+ElvBbX/KFyPow8yVG2JP6uS7P+hSWE6NRBlbet7x7+uG34mI/jIdNK7gYhKOAt7o
+XMNh7YizvwwKTYNs6cYZnUSYEvGySAm1NUZCTD6tc6N9UGIvF5QhsGYEmzacNqdw
+NMMf/Kbeko+TJUG0K+a8UJRGDOo7XhOq/fQTOqbYqKB9roxDBfp1GA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6CACert.pem
new file mode 100644
index 0000000000..e5e01a2385
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C3 6D BC BC AA 5F C1 9C E6 3E 47 A9 CD E7 BF 45 52 1E 95 35 
+    friendlyName: pathLenConstraint6 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBGzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FXBhdGhMZW5Db25zdHJhaW50NiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMhrG5ilLNK2JnW0V+GiT392lCKM4vUjPjAOxrg0mdIfK2AI1D9pgYUN
+h5jXFarP18NT65fkskd/NPPSbEePcEzi0ZjOBqnaUFS+tA425QiWkqdld/q+r4H/
+1ZF/f6Cz6CrguSUDNPT1a0cmv1t7dlLnae1UTP9HiVBLNCTfabBaTN95vzM3dyVR
+mcGYkT+ahiEgXDLYXuoWjqHjkz5Y8yd3+3TQ2IsyrmSN0NJCj4P/fC5sdpzFRDoB
+FYCXsCL0gXVUsvfzn/ds1BUqxcHw6O4UUadhBj+Khuleq0forX+77bxFhUnZkGo5
+iO+EZhvr6t32d7IG/MKfXt5nb25jypMCAwEAAaN/MH0wHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFK+8ha7+TK7hjZcjiMilsWALuk7Y
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEgYDVR0T
+AQH/BAgwBgEB/wIBBjANBgkqhkiG9w0BAQsFAAOCAQEAMJCr70MBeik9uEqE4f27
+dR2O/kNaoqIOtzn+Y4PIzJGRspeGRjhkl4E+wafiPgHeyYCWIlO/R2E4BmI/ZNeD
+xQCHbIVzPDHeSI7DD6F9N/atZ/b3L3J4VnfU8gFdNq1wsGqf1hxHcvdpLXLTU0LX
+2j+th4jY/ogHv4kz3SHT7un1ktxQk2Rhb1u4PSBbQ6lI9oP4Jnda0jtakb1ZqhdZ
+8N/sJvsfEQuqxss/jp+j70dmIGH/bDJfxU1oG0xdyi1xP2qjqdrWHI/mEVlygfXi
+oxJ8JTfEcEHVsTffYR9fDUn0NylqCLdqFaDwLKqWl+C2inODNMpNusqleDAViw6B
+CA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C3 6D BC BC AA 5F C1 9C E6 3E 47 A9 CD E7 BF 45 52 1E 95 35 
+    friendlyName: pathLenConstraint6 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EB5F15F1B77A7EC6
+
+7I6S5ZvKPebxjsls94StH/51kmz2SIlFmdbnTSupmGJW+PpIWv6zZ7+TOXNp10+h
+YJsKVf8w33aezcZpoK48S96gL79Ws9rrk/dvbOIYOJedyVOrXNoAtKUO9SUH3wvo
+OVxNVVCMNoEtQRbv3IGGR+gM4zD6RCiIrYmjOAdI/yGh21iF8Ztd7TC0kG7vGdU/
+86H0rySvmouByxGiOY2ri5D6DZh+oU0KPVgc//efbA6ntDSQuhCTeTSYB9frRz6q
+H97ZEUNCcQdXMETx7KTpbrd6+OaQo1CpMOkfm7ve5ILSyAjIqmq3QBBTyyCKIlQy
+OAb7DCLF3X8zg3tv8wlmtogAEswE90KsSTXJTNSnkjH0X6/5jG0IJnqh9SMSWubo
+AKzuJq/xuW1hBupwdsPZG7sGTIYLWSDST7IGkDwV3mKFr0LzwB3ytTfl3M1fmu+n
+VxWv9WqojPhC2qHcV4R1Wbr/ZymlG/rtocfQWOsLEmp3kJizyWsFtNClym4lpi1k
+t7PKSWTrOFnhCjM1KLIkmH5uUl9mompsBL0ex7ztfgFSad6M0rQDNuaM7MEcDLd0
+eCM5qPoTcLwVJ0Mz65v4bntjv+NjTJIkCjxJiGJ5qjDikcEdqe/Ii9dy7EvCS1na
+juXXU/WmVr9+XFWKaUrV6yq1ZvuQSbNhttyXB4Y4ywZNUTaXVoeNseg2RHc2M/h7
+tmHxyrAZNCd7hP1OFZ8wGVUfCa6r6206Ifa281NMaaGKcjma3x1GYBubuhujrXFC
+Gn9PRDRlYDfkGQ47j2SxDQMoFHuq34vs46HpvITyg1v7WO9N0rRj1iWlk7fUr6jQ
+VCxO1x7HkfrEBcea8eRiwkxHnb0uPawemuDjei6axlkQkbefNgzSBeJR69XmiY6h
+vDeMHzsfCwL8wUVPowXOHCTsZ1l2GrJxClBWDMperBclmFS6GSnumamG6cSCV68f
+Fq6PR3jIRjeaZ6DsSTrMNawnWSFYgfiPbPaEmLJWjwiI+w3m9xUAlCquswVGcmbp
+L0vxByLO7onm8ZgzlsYtGI6zttmbOo1okiMrCQbNrcf6gJ+ujrh9phpOHezrhs7t
+Qut5bWCWlwMXvXhtGfZAZP0r53CVEtjVvRocOc5vQFbQlQgtyd89zpvKFmYfSsgC
+XPb0KTIBJuR/Y5ZcK1I7AVXmtomg5Zls36V+eUylWG0DPGqysYABKxfl6XP8qG+B
+jZ28rpEt2NF26wcN/fBpSK0fPQaPZwU95C531jsXxPbrF+eqt742aaXQFG/Vk7O+
+iHdm/wo1uK4tm6JlOMU7qv0UtuqBzTKnr9TBVcaBwSQiPI9xIOlKmmarfbdZ7uFE
+4E4r0qhVH5Q8tNBmUN2O+0zUlfj0jyz4AWYOF5JjLPecBMWJOq4dAAnm8xBBx8ED
+6b9vIgl7t0T1zQplTUO0r9VyUZQuIT0bP4mPu6cnbkaVUP+LgaaemK/3cj0fFf+W
+i8G5CgcRLzGk4B6VF92veMYk3Fhci+ASUjQaT4yAOSx+heSUQeiYBfG0vCa/f/E8
+IUfkTdYNY/todp9wNRzaDh4Wn1F3CiJR9CMzLiccNSe9uZ5TPszMcg+pFMQXVyIt
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA0Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA0Cert.pem
new file mode 100644
index 0000000000..5c2b861a06
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA0Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C0 70 34 C0 9A 8D 1D 2E 2D D7 48 F4 47 47 6E 89 FC 22 A0 28 
+    friendlyName: pathLenConstraint6 subCA0 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA0
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQ2IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+IjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50NiBzdWJDQTAwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDpgGQKv6ZtxqisbQnblDFKz1kj4LQRZTaRi6ly
+jkFMlb1h8OE3Q2m2uQd/HnayH57gKKvjvo5mdYe9AxjZtQKlnfvLvnEckt/2jx8f
+PnD1owh9WnFxPfKk5KXFe07v2S6PnDJB9KeD5gGrGGDBPFtnN81rJ6CgFuDmO1TY
+WPJVlZm+xK1OCPP5iPUT5DiyE6ouVLlHO6IONz4XgeMfjEa9J4Y3n5V2J0w4pUzV
+P/YZ+afXQY8r/Gh3Vyx0oKqdlYjDd60Ui8iw0SMd8DDyTaa9wW4LGDolYOjB7yna
+gW//Sxd/MZVwmcKmq03ZAlEIs4ew/+fBPYqMox4SFI7AWwzXAgMBAAGjfzB9MB8G
+A1UdIwQYMBaAFK+8ha7+TK7hjZcjiMilsWALuk7YMB0GA1UdDgQWBBTPdnaDc5Ak
+x42jbWd861LA1NTtSDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMBIGA1UdEwEB/wQIMAYBAf8CAQAwDQYJKoZIhvcNAQELBQADggEBAEB/
+WsEKvQHARpddOd3k4ozzpgZ882UmNgb+9ILrMLhXnJUn6JWfSj2jSSmhDmiNqu3b
+lmzVVDBvVQqufpSIUK7/GB35AELTgoeOtepDANoRA1LJDJWc0gUbtKvgtfvAPPVu
+19CzmZrYLalyS+DMF6MWB8WfSrhtqdCKH7ndwNqBhW47mwO8OHAmpnGfCcvAbvMi
+UzrW7IoONO8dyPmUyLiscuiYzceI5S/ht3LbS/xHQeqFPslESirnsMrLKIFewqVv
+TG7ODfcxBGAT40Sa02WABO3qPzcVnDPqBuzWHXM7Z02JXOkzZqcjH9bYpmRhz1vU
+ZmqzIuGDS7/JLvKJekw=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C0 70 34 C0 9A 8D 1D 2E 2D D7 48 F4 47 47 6E 89 FC 22 A0 28 
+    friendlyName: pathLenConstraint6 subCA0 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FCFFF93C60567CEF
+
+jrP4Qz7OJDNU/aoROu+niRWYXpZyOPiye9vSxV8i4mTdagBX+O5ZG8Q+R24W3zkJ
+yKL1JVawZfxBbc0XgUhgan4TkI8664PxUIknFLvN86GT3O29USdOBHzCcrHVY8p+
+rzmc7gcZP5+jiSbQVHUhFfU9iqR2V/yN3xOX/mbTEsKT7/6lxgpdSiVaPxy3uWpU
+Sbj8FBGNPrgIotykbO0/itKLiJXiJchX6pFwzBXteqaouSqJ889u684/eW7rT2fC
+Z7r0ELGAVrc8TjbxPBzrH0eE8uXB3tNwYUz5ClLjJNJikyuZ6ZOKHaSSGCcGoVsA
+aghgsi9xiOMHjd/+jsOF+ZUvqLMfRc628e8ZGN8d6xuI6DwtKrXwTM2URZG4dFPJ
+Iy/2es+y3GaLFZZq006h1U7Ch7qmXdadNZXyrM/UzWDk0ZjfkfeBSswbpdjQkTnO
+pUFaWTRo29/BBZdyPk51OsGorv2P1AJxSwieMHUDbV7lV9gfwQtZWWQL2Axx+1TX
+CSYa8/fCdiODwt1lZZO7SW6nOvz/izTfTNixBhdiePNZcUPh0YwedBZ4A8Pt1LML
+WdPplOFc+IIzEhywJ2E3qJDfPEpX6URdzho4fultjyF/pDCIOO3KMSNVwQ8JOSsj
+AHRenjepoKMoHtCiIt5y4Uy01FbAHOMc8y7SGjhb76rEhv0Tnkm7NamnV7n7jG77
+Pl+2DDMpVLBIvMEddUTtZOihP1HJ1m3cWiy4fbM7M/t1sUO4sM58bz2iHVXnPRCc
+V93UP8A6XnTgB06SMeih+nYBkXZ5xoOYwH5u5dznr5+nOiAPXE6y6Cd4kOFKVSW/
+74jQTurdT1locsjLHbiEEDziy+0ECZXHeOv776bnffDVSREa2xtywhV/fXDQFdxr
+QxXMlx9OSz0MqDeXEwXXRbaWTWnYbhygPWHoAx/dTHJVOWEpj1SkjBAZXcZRC42i
+/AMLDjTw2/o1BssojTvEiedCdNx/Nw8lCQlog+NM4cu76ROgkZMN5od5KzIZMIr0
+TJQFvcNuLmW+Io2b3t0pzhtarMtfR76ThPILyec98ngWy4ckqydDVaKq1eeidh9Y
+UjYw9ZMJGghKQ0Y8xxOKR74pVOcmiiYM8lrsfLE3S2xCIpy49tL4W2S0JxaE6YUa
+Bt1OZLwZleQtA0Ppj2Zw2P2NR7LAyhGE0wAUxI6mGxhllpHaRfG8zX35g4a4TotO
+PeFoD1pAwjkIMSl/3365Uj7+imYRAmkliWtDfpQr6kd2RIjyA+rGire3AswsS0Z9
+a5fDpAPUtRwnrGa25b6cl/FejkBzD6/61bxoKzaiKWjKJmcgIGw8pqaW/AqHSxNI
+cHQk3pyTrmRJFnaIgX7oYIOd3N6fehNtX63uGNGK+n8Dnftht6ap+SbEzx3pWAz4
+c4tHllQiE1AH9IWKgq1VHn4/vtzjZldBqHq3MPb4XOQotK1ukhnX1aacPQaOYVHH
+x+Xle3A3Pa+TgSjav/jxJ/EqWt08AGU6/R/gKoUS51gwVY5KM3/1xMCHJBU6tGqn
+gwfrIMYybRxJQCTZpsRbMQLS2SXYS4eHF+g37wOBao5lBqQxfBs9pYK3bzhP40PT
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA1Cert.pem
new file mode 100644
index 0000000000..07cb933bfa
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA1Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 46 BC E8 E1 06 A9 4F FD C8 F5 F2 A0 EC E7 60 57 02 F9 A1 07 
+    friendlyName: pathLenConstraint6 subCA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA1
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQ2IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+IjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50NiBzdWJDQTEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDbl//xWkNw59SbDnUPP4oLjGtR0lPZ9ro0Y6WB
++VU5bQttT1STRTs4rE0dsO7uxCe4rgElYiE3RWkOX3NpjDoCjhAsZQw+qTR+RYBq
+rXSoNY80g6yKD+hw8Og99RL00sf0/vYlP0VYG38+cMILpZerHyIjyn04miEb3KA/
+VDh3iacw0W38bDi4vWkKM+vyzTu1bmwTK3e74GaeDQKoZFEP5dGFleHaEjf3TobK
+mXvEVAl2OmJcm64caInLsn5ZorVxYYizcsnwtIaAVP03UFq00tHIRzthDUe/Q+qP
+FXYesalAOV+65HnlVk3xVuhxc1/MtoUtMuaK13E0nl2h0CeBAgMBAAGjfzB9MB8G
+A1UdIwQYMBaAFK+8ha7+TK7hjZcjiMilsWALuk7YMB0GA1UdDgQWBBQ8mpWek15W
+YulbOJBsmjpuktv3CzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMBIGA1UdEwEB/wQIMAYBAf8CAQEwDQYJKoZIhvcNAQELBQADggEBAAEB
+tPnuRM2E44XP0QrA5YQhDrvV7pzhdEmo+7ZeaAlb4I6r5jAHpCcBjuI39tihVxqF
+ERPPrK1ZLjIt3q9ZIeih02rmWde/qqDgIGQJATl9pY2VpWX6kTu6vuZKw8eA9in2
+PB6y5lHGnMcb8oSyvAA2gH81HxQtS0SmILOPDr8LFJ+cmw3Wv6E8T8lDYCQyb/oN
+KCHGIY+Je3W9e+BPVyRLk9B7SbQC8dFC0zC/tkL6EImHXCP4vH5B0B2WysD7Yjav
+6KKJgWLa7l15/ZxcxuX17E5GZG3Vl9fIZf0qfaR6nZAMXPNLOQTSR2tS8ponmk3K
+7xxdRXaFL4msvMY7iP8=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 46 BC E8 E1 06 A9 4F FD C8 F5 F2 A0 EC E7 60 57 02 F9 A1 07 
+    friendlyName: pathLenConstraint6 subCA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E3277D8DC8428604
+
+1KOZwzQYMSXVc4ZjSJQMkMqAYHNDlWmkrbChYpOwoiTKHo656wCmfUmj21fJVylW
+ntsQic7srUpTZ8JJEmZBwEnBsZs/bSITXjlzXCFR+nkxwlXi5FXiF+ujDLzRZqhk
+udKZZZskmo7v47u6Su1qDyYHM6SK5+jbxr92fUL+PngbUSpmQn5wYzn/Hwoc4CKF
+2DBXUBNUDN/xxsV/PhvArgEXNGpEnjIs0hC02OiElTHdvG+Fix59RM2Z8qQhTCYg
+HgaVBNhlASh2PFMMiwTzuREoXJgq6GA/kUtU+1cf4jUyENoXRzObx++3ON+BQQ+w
+iNMOcFnVQ+LjwDZKzPDGaq7bGzVFPZT8c1hiqFQ0MutWUqkcxeQp+L4wUF4ysVZA
+4Yx/f2M3fr+4K33qW6w3Y/PKMxPU+32m9bJLKaV/d1a2gixNys7pCKj7kx+STFO7
+J7E/Qptcmth90p1tTZtJ+DId7Hl+SMJDsKRR073Cv4qsu/gQsBeHicOpb13k/1Sa
+pPZLcswriUEG2apABluHBWiOQiU4eWcyqshSTd8XkZs2GyBDXHJrjpFG9KuGQo9/
+n3lmp93p7wWuJjW3JZhvL9bTDsMXFvdV+80OeL+5cKvX8BHmSmeJC4nwV3P5mJeM
+tO8jxYb/6dnq5SKikWK05UzvYvgoYWex/IWfucY5qTEjBkDYWKjbQjJC1mc6iyXO
+L/UUQ+v4A+ukxSjpcZ9oX5j+z3YPm1E/7Fy3gvljRM+QRNuYkfZeqZpxBkx1GDKZ
+lSBkRBG2seXugWyyX0mpuqA1piN4dNik5IoXk2I7RzwrE/b8RBlSWsREtQbNON3Z
+Ab2X/qc+TRpHYLcTHaeQxlCoIXx+3JFcuhug/XViWTN+EG9qfFwy3Fn2wtuhYdqT
+GJO+1Ffuv5FxBFJovHSCHw6nB0qDAYYNEEgm+12IY6zptZ0QA6WhKsLIkbvwAwJV
+wJ0MJ2AWxh+AOg/E8Vqktowo+s/mAmuZHW+CR1OWT/HTJqPXhm5UI07lOmlErjaD
+sr79iX4aPdF5rNAO54FWXt5MHXKzI5shefZc2Av2qJUsVBs/yLES7LS9zwtiEeBn
+7d8pr1GaU8zEWOUJpr5IobmkXU/gNOutBpAhgxrfdyn67WMsaNvXazBMQB1QPkzx
+hME5TOzSNHoqaJXH1PdbrR4a+1Cu47SBn9/orFjhV1YK+R3A7psN0McyaSFO6AgP
+1TOsJ8m0p9VxO0Ld5Io0e6FaG5pZKf2mnJqiC3n6F3fIyX7vjSab4D7eV4q6SGZx
+6AvhXzmhk9y38QqI+EwVXvF9L7qWOKmiCFaUnLa4PrXb4gvTml+I3mljB8y1frUI
+82D0hHwXxmcgV/PWkKUv4HnP5vXE1wpCjkSruHgBius9/ukXARUW1UgPsjMEMpHB
+0Hr6mcJ8KYtNvvnGEIwkNRepTEINuS9ZkUdE9d7Y9C5lgPSQ+hrnZ0WzpUmKKSuc
+QDRpPpGGSTOnvsuaDrJJVlSkvuo0gIkqLABF828UBwiWkQyRR7QuhvHgaK0qNTeZ
+Z8t6jxxaL1cX+Y2mDOC/3yioad+tHhCKczHNCMox2QB4/fgtzFaqZ9YqP1Dc7uju
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA4Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA4Cert.pem
new file mode 100644
index 0000000000..eca3bf0452
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA4Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 20 3F 1E 27 F5 D5 D8 B2 21 57 38 DA 36 07 E2 57 F8 6F 10 1F 
+    friendlyName: pathLenConstraint6 subCA4 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA4
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQ2IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+IjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50NiBzdWJDQTQwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDRaciiXPE9CRnZszi4MJScusSJJBpnJRox4Dpn
+VJKE86q6HuEUtOzhllVlfQtaSGxhyWD8q8HpeGW7F2lqcblT0VbPyTPDF2DiPt6B
+yGYw2J9IMmkmdJ3RiXxouq336e1FTJoPCsgwHiK1bne2i4d6L5TFen8p6IFL2XR/
+lQyug93gOPysThsY14A2JJTNAISkJFtfEiHABPlsMtzST5OkazCJiIkGZw7+pId+
+jkWMoOc1C4nVTUEJJbyUVYTLEetaJVxU+3tVDr1vmTHXdYu4v6rWpX3IcmEMTM9m
+4HOqO1c92SWna0WvJLsPRm1y2/H+hhaGgvp83VrdXh/fdHrDAgMBAAGjfzB9MB8G
+A1UdIwQYMBaAFK+8ha7+TK7hjZcjiMilsWALuk7YMB0GA1UdDgQWBBRJhdtL+xFj
+2ZkCKLQLep4TF1oVdzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMBIGA1UdEwEB/wQIMAYBAf8CAQQwDQYJKoZIhvcNAQELBQADggEBAJBm
+SQWFZgiXsoHVxU/Di8Vz/JG2sTHLr58iyp38gcp+7oM/SrRqdtFe3KoaRb1LBHhK
+Kwssx+5ukA/ZYIrKRTwv7IFUgdeQgsQDbNtAyxMkKwv2QFrtx1zaS0397wqZRGL2
+c4ph2EI7F0IzOmzuXuj3leZTiAA1z7m+WopfmN7RxPmFT/8ZouNCUnMxryjqEzm0
+k2vUuGzd7MLEGHlW2UVR4R/hfSOUTUBcUgC/F/aB07nCJ3Gon8ztvzRIAo7IQ1Vt
+okYWRHbFapAq5NsEn/Z/AxDGh9kJuSIx8/mz4hcdiKvfbQTztUPBVrq1RmF++rHR
+fwzHkZ48GGyTH5QbV8Y=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 20 3F 1E 27 F5 D5 D8 B2 21 57 38 DA 36 07 E2 57 F8 6F 10 1F 
+    friendlyName: pathLenConstraint6 subCA4 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C5B1DBE38CC5F027
+
+xmAK7t4VqSNBgcZrMibK2lTme0BW6e65ASOjylAXAH4yMvgJGjEHRxj62gMZHHCp
+Cn/w4/PE2MfyZg4Ac9d0W+t3+8o0fJsa5rjfdSHWjZvK0hjx/0PgUplV9hqMYQ1K
+pOEZzAFPDiLb8t383RTUCKhsE0EyIxjcKdqFackk0s3RulEN5O9ehj/70IYbO9XA
+726FgHA3S1dZsxekTkrpTmC1T6Nxw4tWYWR+2x5Vx2BesQIsBvQF41nB55y+l0MG
+tYA4lFJ/qSlMqT0nYBEOghRHt7hyT4Rz4DOC5AZXwlZ5JUsjgzAHEr3FE0cT/4kT
+rISxP7L7pL8L9Vusnm39bxrCiKNLFcqGrBhEi/lLzHQ9WMXc/i1GQicaqDLKlLkA
+gDZ4rBUMFuJThvfAteSLLPsYVWcGN4NMq/CRXj6+EgaGGuUy22rt9H4/n7O/xPsU
+kTleCyIGrgJozT01/OqSCisOXb362Ho+BcC4cxXI5mL9y2qzhlsO6KBjl76v6QK1
+Q2KH9qzvNwWXAWlQ93MLwAZ92W+z9vXr27qc/EPzrFObPrIjHVLJFs94FsgVXCSv
++Gf/vXQRWURnH95hmhIibseKJ5l/yyhIeUB9zyB+cg0ZZdkKJnNavNeSGWHm6TP3
+jnT4761Pg1DjyJN2Ce5Gh86P1KyaGhmxP3+RwZqGo1vRMqk9qEebAfmC5WqDBMVn
+pbQ2XT6dQUXmr7vsW8XCBi8ojlf4pS41Oq2ZMY/l+6FYYFw5KSz3IW7Rcjyj+FmE
+P0lOCIskE6UrcXrX/AtvJKWjgfDu9NUVENDV0ZXJ9xKqrWRD9PRIDEUeXc5YiZjJ
+v/i3iWcHeFK5Y35daW9T7QkTOivTmEsuE/ncR8ZrM76nYhcvb/Euo+CZ1kW42sUT
+c6Q+cVBm0BY2I8VTvxEAWTbytTvIV39xPg9eOqqNWomvDkocvZ5D9pe16YRMYhy/
+XIl+jdJ9qnmzGmLmVP1xWzN6CJx9i61JSBTdm6HZqr1EaTcVY0xz/6R1PsBJ/veP
+3vDMimT2Z0UkcmwrlWFsIzc/2JNNrmAgzLqUz8aED8EI5DsH2ixoWBxIyu8OY5I6
+o5Xk+AtaGFH79ktdVmCk9Bx8JlH3ngi3QvkV3pnLsFt7xm5NL8f983eMIEcW3xTG
+3MFpLXRMfIrX9IZJFeEEBiJQufxgkbeIblulY6Il8YFKvUyBK2rTjF/RV2NWL89X
+zx0pBV7IMk+eav0T4dIKHyCEn719lRawJujBdqfHIFR9XqQeriLNmvl1fwIAq9aV
+E4xKR9BlvkXd4MyFQWWGomI8aIHyHfb0DDQtlD8DTL3EZx11P1ihAiXWgtHjJv2t
+WQqxSsJrT7K4ZsuzZxvC3RBzCx1+w7rzoBjr+shgoKQa+DgQCIvYqx9yHenTfLJU
+b0mLn/NCc6V+NRvA8ismPZbXOFGi5edxmBRm9/AlLJwPrYv3nL+F5k74qWkhLDrG
+863JD1YNIvue1voJGK+RRXetZHPTK2BQW+N5dTn1ZQIGPM/pGMCXYiLjwABv4riQ
+Q+ayr702yMuJiDGDywb4PsNkpeiEvZWdEefGwbRj56EHzIhwqd/GB4goGWo+v0ve
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA00Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA00Cert.pem
new file mode 100644
index 0000000000..062578b2b8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA00Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2F BE 8A 79 66 E8 F2 34 7F 81 93 45 80 67 28 47 99 3C 8D 41 
+    friendlyName: pathLenConstraint6 subsubCA00 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA00
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA0
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YkNBMDAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSYwJAYDVQQDEx1wYXRoTGVuQ29uc3RyYWludDYgc3Vic3ViQ0EwMDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPzK+3Yt88gKSZVYm3rqWATIKudK
+erzo6+8OfKXCeLhqdyl7YQSXA49uFUCP3j41d6D51ntK6ngrxNY0HzGIO76aGbqB
+u1XCDdNUQGdL6j2IKBL1b3wWfbkFP7jQ4t57SKbtRVrJQUclQnPngCglKy9VSVME
+xpO9FfmPMJi9UV+zZ2VXD/6wfe6WG+bwkGDh935dJXi/pRJEYcT9ldL38He+fTmu
+pFatw7Z/qroGStY03BhsbNs5hGPk84ttMgf+HUcNWEKPrLmRzY0nmfAL3oRtfjNY
++V8N5BhcBHIXoiReaSUi68mkt7K//FzIOMa5F4tsyuiiElFMYebEV5M1pGcCAwEA
+AaN/MH0wHwYDVR0jBBgwFoAUz3Z2g3OQJMeNo21nfOtSwNTU7UgwHQYDVR0OBBYE
+FLq54oj31FkliuMp30+gBjjdcXSCMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsF
+AAOCAQEAQoo7imYucTJXFumY1aMqG9EQSloP/zLPTdL6XFi1tUFCebI/pNhDIHOO
+svVDSnenCEL2pf5V7obvFKBCb+IyaOQLC1JqV66Cti25xcyyVDKm0Bewd+ZydXYS
+YxhGkPEzqPCPJ0z3Z46vI2ObJU/+s37+u6EUSfX+V7uKcrQhR+9DwfL+x/5b+TKg
+l1kKIxaAw8hZGwOaAUdUTayCHPaxpGUFXqgfR52D2+fqIDFd59CwksvCUXx76qqW
+5JOBQu7UMyTMZsv+ZWg++JcSjKd9/FMBGtmPRnu+HB4+XQ+I5f6lSi62FUQQQ3JX
+MWTHU+R74FntihrR4lAAl5Qwh3N9pg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2F BE 8A 79 66 E8 F2 34 7F 81 93 45 80 67 28 47 99 3C 8D 41 
+    friendlyName: pathLenConstraint6 subsubCA00 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4CF27B968169FE88
+
+1iw0oCkMr96HSqViN8KaY6SHsCNqFr/nlf7hWf9vRZ8pZPvxPaNyadQ9WPvJPFXa
+06rCaV9RV2cMMpejdkMYL+E8odYSBjYHE3u310YQWJdJLt72AO16TxTyjV/ZsFxD
+aCxGh5vW/kWIa1BD6mgWAUXPJQWihGmxqWitxXvNYb4RlltH5nCoSHHWR6lqD347
+aRANohrFqFp4488o7NbvzupGF6bPTK0CrRSFTpShq/Jmd3exwXOcJ9u9hL3/CPvt
+ybShcNvvSLO0m5uoP6j6ijP8AeQKivIdxt119AksjByDr9mclOdJM+B9Gia35iDN
+H7GcCbOeNYCacDDRJuSdJn22M+TXXVbpeexKV8hFUqLEpXmd+7kX7c/6zXqzIPLV
+T8Ko5nvxQ90POPWoIcNWGHq8CJEtA5ty8jiUorFze4hghtomdEPyG5HaLWEchLnV
+/FS8n8z8EABqpnXbDEp4Q2hMY+Nco9L6L+5cxI/pcylsMG5c5wpquf81Ff6IKEo8
+syTkdj07zsvih3gwxvDzlGff3s3cUi1L1BlBvl6n9mdhjbVH9P/TVJNhgXxTmjAH
+8eTi9rzVzzzGUOttMhjwsSinwd+qHIklT66tamIFlWqFPJLUUjw42uz5MxnpJkOS
+1AuJKVQo7XTljpVK4BnA4h/xIaoWH0gM0f+qhHLaqSe9rbU2dNNCciyDDi20AUBQ
+Y4Otk4mq45R77A2zYwZdsljahxeaRp6xZHboQ5W+sosHecAZ2+UDe19slmddn9rC
+eQLJt9Jf7uGLhimWep+X1Bn4vCdvdZeRZW8dKhu9NvlWOj79OzQjbxNLOQ3CiRZz
+fMtDnnKreXe2bYe42zop8FR9Kfri4dQVsTkkVtK+vtz3PVWHctJHQP59otqhDCK0
+pDp5XGKMcyDQ5pTXGJ6H6DAO5RqO6v/ZK0YD56cr6W1XGZHfibF5UI1AgXO6dfIj
+c9Al6gWaoLXdxDXjT36e/EJQydMyNBKRlFJ8uC87F8binvPwYkOzu8PxQ3DSMZ/V
+e45x7II+wmxyAvthLXPWBwbTZUUK1pnPxR8VKWdjuzvxqvZSfchsXTjyxhBwANtr
+gRIMiQofwbQFPosUu+3MGYJ3tjdH923RXY51/OJClnirerCk8LVX8aECWFbMtc82
+E7I4KrqZmex1ja3xzwfTn5bHoy5RssAQDCzvk0M7ia+C3IObK1j8WbXlJBwj0BL0
+lpWZOnYcvLQWXkvxg2D3DuQYUQKDGon79rrsOyXgWuaDSIXDzjE2BiM0VRXskHst
+vpGm9JwEpVpe/0kRvxiLpeG4cHwSWtA4U8cHkuucWuxrxZ85OMu5fnIJ+v29KcmK
+AGn1hEas0hBDIevBLEPtT+Z7NsCwUQn4sgE7foPwrcPHSWu6NlsSarAxAJReJZhi
+ktVGbV7QtSCm9QQeql0BpoCaWHaP5yeljfcIqQNX5ndzVOf4f2eMtl2G3lZXR5Wb
+v+OoxHZZxYwiSkBlmCffXgYTEeuzM2sDdEIuz4YtDyAN8SVc2ZpF7jwGFzY3uKQW
+Eobo7WjIsJ8RUKHp2nUNbi4pWgPmawaPIZW+KXsEKl5b2yATVZ1vWhRaOdqXyvOa
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA11Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA11Cert.pem
new file mode 100644
index 0000000000..c0453fc232
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA11Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D8 2E E7 D9 03 4B 28 64 6A 5F 09 89 7D E4 9B 4D F6 2C E9 4C 
+    friendlyName: pathLenConstraint6 subsubCA11 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA11
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA1
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YkNBMTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSYwJAYDVQQDEx1wYXRoTGVuQ29uc3RyYWludDYgc3Vic3ViQ0ExMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALuN/uaJp/PshJKQyBN2TWolI/yk
+GtUvS8cQoBUZUR7ahtG31S8sD48vf3s5ggkb3JfkLOQuwxwzfiYRZxVLxHyNbQEY
+TUrZIoPj0+SqdDb9JCXkuCU94akI1d0xqf7M7MO0CHVZ3fcOp9qNTwm/gBdnep+x
+pMh+g6nn73ufozCGzrnLaQp3wzWK/D4V6WjuDQMgnEjlAhxs2euUsg13HbElCSqf
+r8Mx8bbhHdvzV5yMPVTH8mXYt/xv8YCN/ek78q+i1VI4yUw2AdB1IMwvXDnYNQJb
+fi5ucRIthUmBwPlf7zaEHjAsNieSQL8+SdI6vOA4WUH2tNHIIvTHn5GqItECAwEA
+AaN/MH0wHwYDVR0jBBgwFoAUPJqVnpNeVmLpWziQbJo6bpLb9wswHQYDVR0OBBYE
+FNOmRV4CnWcWfZSAD3O5hMZbtTG+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQsF
+AAOCAQEAT4bn1Lcr9UM45OpPECn9R4qREuYB4mAdo/NHNvnXQWoe/g3ao5y1R0OZ
+t5aAw5Ri3ghemIraBIadgiWEpbYR1MVoR6Vx+yTLH1nq5yGKoLJ+fsEPmNwTc94O
+Lhdu94B/gB/sy1vfq+/lnmScXMqWjE5+0kEE6BhNEJm5ep4r31/nv0oijTwLEWXn
+VnAF/NmOWgm7+hOMVkzXTqJVY/Ep1r7QJHa65hB2+UhkzuNryOK/57CBZQbO8+qM
+GVEymCQ858dkmH8JSpScryYdXQZb74Owx0z+zB/yiy2arubmocOwtBJIVpAv9DeV
+HyK/COG7N0jwe98VneVl/KstdYTrDQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D8 2E E7 D9 03 4B 28 64 6A 5F 09 89 7D E4 9B 4D F6 2C E9 4C 
+    friendlyName: pathLenConstraint6 subsubCA11 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5DA38B49F7680467
+
+vCNi7mFrSPZxDYmL8Qfjvy7bxyx0TkWqZO0nWdNAxKnSDjsXS5+D8awQ/ZNmj74N
++SLBFJE2pB7fp6uT4Z2WXHIbG61bARd3qmkXkXBtMhFU1nOy7rJ4iALsvJAqbKJg
+VBosdvZDMlHT64eOqfucVJVpPtJoKKGim3d496c8iUgWsYQVLpu5h+ifTfuRO+/l
+ARIbpprGsjjhKkUiAe44AuG3z7WZqe4jy7iVTqew2GBULUUkkYOAtYGRnDf5/SjY
+dfxTHAh/uvNSg82aacIqD8JO6eKX3c0uFSyAA4Oty/4Hr39R4F5cfXQMgnPmhAQg
+UdMBIlsa79eWU/2D6AxlkgmfmnF0VgGJRSkfiBvQ7nJX+AlQ8amZ+oCt7mGRyOEk
+BjwzwLufkj6xof6V/o/ZM1McqOTGhLNL9zz9+Qq6WNJhIznniNEUKNOxCJZnHk9D
++k3eoIACfXXCjMVSxndpjZ3l+xM+nY3ei8jXdLp7vYoaWs1UtXT7U+L6qyE+LVhx
+mh7DyCkkX9IfKQqcZWgTN4Bm6KHN8OLu8l8hv4McTfylwK2JB7S3YZrrx9Kc0R0y
+itw+l1zwAUvck9aZ4AOO2vqA+HErBQBKtpNBoB7DMjrwc/22tJd5HmKDPAqqtuqb
+NZhkYD2dnFvb07fV3t7DfpIs4cdewtoebvikGX8oHJTx0tv40BkAPRPtf3VcnShh
+gRRatGDcRrs+TFVHdY7r0JFh+TWkHStVrv4UyzlGAwQ7lVnt0r6zaGRZSB2CZ3jA
+u30RVtvnu2aEMg824rdHpEtfW+dKgE8l0L0jjRMEb8UYsUjYxKT+10C52RN2FpwW
+PjSI8VZeJHK2LlFNbtDO7cUNK4hrRY1Ic3qU3jkm+bBVutrbe+SQjswH0F2435j/
+slO8LTxRqY8VZ4ueEa8Ofp3TdWLG7CTq0NF2UlEqBldB+Hg5GP5JzAX3IjSoTgyn
+aUO+rcygsfWKh4cBaHo8Le7aJjFlLLcvXMIsOqGvnIzG3tMlmvK58qDIlo/2ilLR
+3DwC/nXBKTfelDyO4wgNiQvc4gCsLQ6a1CizT2ulTmBmQUbFk5m6mYJF0tkyZAX9
+mMMxKrCYjU6PvY+OEiAN1W4UpVJE8Pr6MFBD11Z/H7NCGATJS71xWqYR8LVuaF1g
+YZvf9vZL3YleBNmrlLxr68v2Z/Inco0lrMpyFws4JDYOHjuD1TJQKpjAmxxQXj/W
+MtjeDffrEKHudhA5jRrOP8ZB8hdWlox/iuu087mnJW8yWtIRvyNEusE2wvNtiMYk
+QBUuqaHSIagr3QtkQ+o3EesfzkDFl5oz8Z7ZWZ9n2vF510HwJKmqb40lgsEyywjT
+qbaVyHhySxHikPcO8cxHlpQKiBCHHdAZprq32qnk46q/n9rb3p+nMjZSWIF9/YwS
+QD38G1NyFgm0q269P9oQ2BGbILhCpblwYAflavrDqDdE4KvZGKaR00RJpC6diDeM
+h1xCBBz5Fwp6NOZ/e0jGHns71pZ/NboGSHkieQle30nw2o06brwrDTTXW5shIKaR
+jcmzH0wgsMNVORkM4p3Taq42UVugMjkTuXCMI3AygOYNn8a9Ib8sXLpivkLW8UCF
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA41Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA41Cert.pem
new file mode 100644
index 0000000000..dee3db33b0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA41Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2A 6A 29 59 4D 9D 4D C2 33 FD DB 17 CD 49 47 F8 72 2C 92 CC 
+    friendlyName: pathLenConstraint6 subsubCA41 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA41
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA4
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YkNBNDAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSYwJAYDVQQDEx1wYXRoTGVuQ29uc3RyYWludDYgc3Vic3ViQ0E0MTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANhwD2w1qEqflNfYtpGLRSNwCAoE
+N7//EbgaFJKP4OGaerEZ41IHT4G8x0QOsx2RMRd6gXL9zNMmKhjoCL4Nv2mXksGt
+crt9dSJE2MaUIQFj/cdJv+WNwoQW8amBjeMSNL7BgB8y71fnO8srWabp6vkIgDr9
+tY0qmHZ1CLxB848d8C14NbaNGMeWJzI8ri2rXD/0sC/0LtWgg624DjmZWgxb7B8J
+w1ERSKznjFQ4vv9imV7vJ1GZ2r5V6nBPFnmtK2r2yqAeNReHE3U2syb9lpFyOsjh
+qTjVQdKUk5N+NAZpCipVuymCdvWcJY3C8FVmjxefqv/cJBu3Kxi7Bf6f1iMCAwEA
+AaN/MH0wHwYDVR0jBBgwFoAUSYXbS/sRY9mZAii0C3qeExdaFXcwHQYDVR0OBBYE
+FERapgfP9vPIx0bvZKH1W8E/grxXMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQsF
+AAOCAQEAtz+rkTNDpvnMjCDzmvVltiLfHURT3X/GipGokbedY89ANtS1dRmNFyDS
+I1Dh17v8HsW2GR40FCIP4ImbxvPrUAQIASOVUR7iLKwSj99RwK8+Tfd9cUBx5cdA
+nXm+KGqJ04sBKilEM6kGhA+vxZU8OJ7hck3rFVxNiIvGTZmYPlSLLQqv0X3LcWG9
+XArnZEKfNH6Ph0LCOzlPsLI3iQ5rHluq3liWMD21LBEftUdpJ0DqzEiWEFHL8PuD
+AtiGA+cOA0DTakpwjLnd2q1wM0S7HLVaYGSv6HErM594IUZQfWAyyyTpl3CERtH+
+mlou5h4IgFeitqocNlVfoAX5CzZsvQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2A 6A 29 59 4D 9D 4D C2 33 FD DB 17 CD 49 47 F8 72 2C 92 CC 
+    friendlyName: pathLenConstraint6 subsubCA41 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3E4218EFB3A645FB
+
+SlNl29wyvuhel9ar2aDtOEG+incCnQscatPX8whutk0o0/uhViDsxZqw1VrZPGYU
+VuYuplolpGLts9Ac42qpFO9C6TAMzBuuqvfkVVESrHrULSDooUaMmahSu2aptfEC
+7d1QFSh57X8UsnHmhpcyGHdVeu3ZU3gbRwg0ThIpMPTeA0Z/yjmXrBbe15o3d5hP
+y16cbMPfMQJ25lfmmLoe/belsqWBEVRcfcW1ZlUxEYcvocNgrN4sEI6XfWZw5CYc
+5005r3onPF01xPYDqhmGvDShwIpI1b2Xxd5RbAkTCS0e/QrDUDUt+jlYfWZN/osd
+QdMj6lFRGGoJkEhMjAOGza+ixuGjf4WlqjtWPItCrqtz8f0rixqQWFsU/xuqaqRR
++q0Bgw6H2sSGennKeyPuv6ONnKWbPZgOEdqNMmLp3rWY23g3RhHonHeB267YVCOX
+8FoPOJlBq2EpTefwUe9pwm94awWRMPhGeDDhpKubVkVPe0E9ghFkf264X1pkxAsy
+0LTatlTsXh4Hv8MexaaNZ87EQDat8Ehw6Z/LMNQVkrmQNyYa/LE9mEBMs7PEIvBp
+mGjlCo3aLzS7JSUB7QJwYS4KlkxyTIA36AS+YYEsTEvclYvdEVY8r/4NNHOV0Y+q
+eZLfm+KdseMBdfphUOjUj4dOM7vnqsgprwbLOD4lLQn104GCHt3FebphJ6Sd0PqV
+czd6ZPETM6U1/TFkxqqe1dhsHUA03hKCGFyKg8/mUjJyPajUtJmAOG0BYgJB58ZS
+QMNiQu+3qIJyimlGoUAKStS8zlfV4u1ZXx9Qd7eds1SGNX7ekgeL9XqN57lV9g93
+YKYx+s1izCMltq/IgLiBCow1PTcEcQhgqHADKaL44603I5cDKFp7DEeQ9Csq/4K8
+Vd57EAV8a/UEKLGpKnYTTBtG4StCbtpfZM1Z9YFrsXwLNslkPDIpeizkE/Es8IR3
+komhXk1qp0rH+0sZyohArLmdNrONyDAGOT1N3EVzeMKylKDsLZ3MSIneWx2CUQm1
+nB3yU0JFuiCrszmvP3ToBQLn6b8w0Hz7OIvgmRVUj/KiRoiS3QdgR696ijHjrVxA
+03HJER2tkGfxPG09va/cAzEGnotBOf7njyagxtMLho9UcNKRphHB8IXZE4KjO1Ci
+a1WKU0DVO0BxB0xyvaxBTa7DZe4nUNcABUB1NiHBda7V+44gpQ6QNjciCtEAaVPR
+YL4txJHYkQW3QoV5HY5B1O6XDODW9TNg+D5NLio326JU9rpOZuHQSgvHnrHKSN+q
+iAuE3Kv4TZL5uq35Z0HnhZSNaps12iGmtNJggCPe6cXvak5G+Gbww74L6/Pbx/RF
+Tzyo+q5Q6C4lrAZPwxc0uFFR40HdAvG8FI3eSP2AvDMjb9BjNKFGV6POnErNZjwP
+2IO8hmiEPZqD5X2W39KZmf9p9BT/mby4VtMTNHXCa2lDLVbQStaTTAS7JvTZK9sj
+h60ij3HmDnrn/oNb+Tj27RPP6WwfRwEG9Q6ckQUR4IxcTQtZJueY2NhAYzZECVsP
+fkqROcAMAgsglc+qIhmK+GRcXT8SH1RVC1MMOiIzYiamZI+I82Fonw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA11XCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA11XCert.pem
new file mode 100644
index 0000000000..d03f8732ea
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA11XCert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 88 94 18 7E AC 6F 72 8F FA 6B 91 D7 BB 94 C4 27 3B 68 12 30 
+    friendlyName: pathLenConstraint6 subsubsubCA11X Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA11X
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA11
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YkNBMTEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBaMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExlbkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNB
+MTFYMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzo0UoNFGT352ywLD
+aKdwbykOrdmbb2i9KA1jFcqybAsbFggHUWmqEbSwqgepPtbWwmQBcMXHr5jGwgpl
+WL+3XK+e37NR3CwhhHu+ab/wQ+YQhzx2X9OmDiUqEd8trpLst7xhB2MbBDmh6F8P
+uKqc5bYgweh2rG9btTF3pNZCpAoB++xBfmWFgZ4smWnNh56Q8StmJRUbNyxSb48V
+NT+HD0WolgMTJiGy95UzAJreX7+vD93LtqgV7qQfB5IEo7QUe0L6bKBDnl0mKubv
+wFWMBjMBvkj8Vn+MBPpPbmt5K2xQcNNBoCCwziXkutnpt1bpOiBX3vfxaNQj5M0S
+rkdlwQIDAQABo3wwejAfBgNVHSMEGDAWgBTTpkVeAp1nFn2UgA9zuYTGW7UxvjAd
+BgNVHQ4EFgQUg9q4tcadyIsIfIs/7RpyJeKvG+owDgYDVR0PAQH/BAQDAgEGMBcG
+A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQBNi63ktdmqOjJ86RiHJKt46kPz3m6rDrPF3cVUh+gYeW6bYTKa
+2PbBbdPF90ENIZosUsg3dD1J7C+HR9oKqnG1YnghfKwhMej9z/PH+/GfepK+RADi
+b6Op6J1+zC1JCP2oLLMPcD/KKqptle5URd4u0tWM+tKodVijSkeKq6CfHtHErBcX
+uh0L8Q8PR3SWWmvYqfqDr0LGzl1D8hQp6EPUaQdxYFyNgiwcOz8p5pF70+ExnPMO
+Zw7nlBHN7QqtIegieCdwl/DJQCtfvxXYVGs2CW4af9p0ttM5lIDNXuoMRUd1rWTR
+vE63/I9pL52qh/9aX8GhBGuj4kP4E8OxgFo6
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 88 94 18 7E AC 6F 72 8F FA 6B 91 D7 BB 94 C4 27 3B 68 12 30 
+    friendlyName: pathLenConstraint6 subsubsubCA11X Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,29E796E9158D0510
+
+rDtlnUNJqhCzyBZzrrQewQV/EZsv1x+tz86nXJDeXXBd3S2RqS2q9geIgsYerXZZ
+tWoMBgt5AKVOpkfFmfbTmVxYz6IlFDsi/hnjgwgucKwFCmc7V5M6endSuPO856/Y
+xA09QeKqcEAzgopW7mnavPoScfIpk4NYOpeiRDTvHTX2nMQbA69WMBka+FGqYV2l
+nW2bhEGSggl5A35R+iAj2AXXsDBy6x52ySYZ5VehnRq6T4lNxd4Wzk7TeHyYCpsr
+EpA6Ao451LawmLhbQS//H0D4L7b3Pn7XsA/d15UlMfqkvhuMLTcd7k3xH0MOxGZm
+0d9toet8DwrQ/v2WzIwsX++/e6jfKlZGa2RPZXvr5icF5JI/LSl3lNtI/GPQQNpy
+ZMOw5G21n9+2jUoOxDH+jA215JUDIwdRWf3KxsGMsMz1ROWG3QZWFYO/F7xb5FH1
+w4V7oqoJP0N6K84mShIzi3mm8e39BUGjLPGMoRGTeD37RRuQCmHv7avZ8SEKJh2R
+btaJhe0wD++34DTHFbz3Ea4qu2jgdf0VQF5TV/cIAVIlEbzBVvTWBBxdo7luypBe
+yTt0BG9+tE7A/UAy/Q7IXnobwZ4PfR52RVWLOTy/EpRSfbxC2TmXWFfrEs91Evb1
+b1rHIxWKRfK0wvdte0C6Wsy9WcFlqxDhwsYXMfAs0/Wa6/P3yLloRxUL/eus8N8W
+2pvF4hHTjq2VlytC6JW3heKY4SFtu87HgWw/5tnP28jRQPmpuvYsukoFFOjsq30I
+z9lmP5iRKHhMSnXOzBxW+XkW4J0gUeJ67zWJQK4QK4w4fgRm4DmO/GNGvltg9870
+HzkHrHx7j1EqUG3mxKB0A7cH55YfE/MO+4mTANnFjajTKoOBT8soI/9UZ9zy2C2C
+66c5a/L8nY1/D7rqSGLmAFaXiY5V6JrhqNG7Dslmj1gtS3TKian9JJ9OS5dvNrxF
+9Of1YAbea5dagQAfbAfG/FbStcdJiy0H1UEdQGynQLbLWOVFIoTztvehgLrOqssY
+vr4lds/EQK1rW5yaj7hIgDiFAAs0vmXC0kXmf4KtFHrESsEcKHh1dQOwpA70FsaC
+fa4eAKt+Uk6SP+WrbAuZNF101tmI++kbp9oYKR3xRjnMaSQEoAUv5xgtZmyIRHoK
+UtbBeoMhQRyuwmr52lv8f0Ztp6OKJBnk+lc+BZ+w/ydYm/s2UyAUMHdjQiAa4l6D
+ga0E1I634UvkrV3MpLvGt6Q2N8wffbAunMtlzZ8Mlp0mOlR1r0Nywplostseph/l
+QXp2GvZ3yvvPJ3wXbseXr9IGQiZEVi2j6qLECT1IJKMB/IUBAApLdbYA/wTRkVL1
+uV2PATkHIp7rVllX8mUtl5SO3tvqe9hzLZpI8Q8fUzOPRXGpNzYqW/HBPMLuEyhw
+fgZb1/wkchOd0d20CL9iQVkEyuJvNhjO6gbsm7dB0marreyQHP7Ho0TXMedBtByf
+oJRe7Did6d17H8d0/RYfm++nCeqlNMvS2nt+4T3trCC5T3m8jTrNGSamp3MgH7qc
+5L0OFqoDnBOYvZMnUFkPkjPy0XPRH9qXTxwEHSzaVMXmychMr5odvq1dQDBnKMub
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA41XCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA41XCert.pem
new file mode 100644
index 0000000000..2e2402c8bc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA41XCert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 84 F0 F2 97 13 11 CE 64 6E 27 A4 E0 AD A4 7C 01 48 5C CC 1C 
+    friendlyName: pathLenConstraint6 subsubsubCA41X Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA41X
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA41
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YkNBNDEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBaMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExlbkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNB
+NDFYMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6hM3qC08TT0qiiB1
+AXVRGB8La1zcPFASpIZ0T1pRmbvQVay8/l8gAcVytv6KVDgpjXjXXMjjJMuAZQm6
+ilT+eC3WrLSzBWUQDzAXTARzERVE3u4woJnBdpcyo4ZlTRGijwzYfbVlrdTNRnX1
+ET0R9BLIK4qxRYdJvlDXoCQQFb1/58RMs9jK7lxHetuVt1ieeWF/fLRPZ2Qbf/qm
+MpepaATXRf4Nue57jA3FyUAbvgVg2XnhRRdAEnsM90YRZHOD+XbB4Lhz2Pk6hNDM
+xfl70rGpDXIOh9UmIYZZ2yegRx/rKDI+3wFAtcGYek4trQGg/1HoTbaKszhIgb1s
+uJ0EUQIDAQABo3wwejAfBgNVHSMEGDAWgBREWqYHz/bzyMdG72Sh9VvBP4K8VzAd
+BgNVHQ4EFgQUoe2i8zVUpZ+8Y+ZHalMkbEoMciwwDgYDVR0PAQH/BAQDAgEGMBcG
+A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQBM/xztTxc6ooWAmhUfwjeTeHYxZFBCB81yMwM/agD4C3gTf+vl
+P1CnTaXFV2aoOYDiXCkA3oL4DViFQKHcuIh6ag5pKlxB38KCH5l87W+xb4NuuyhC
+/sYzP6PsQr43jiWtzbGRgQ8SFwN/+jX4MQnJE660ab09hgm3LmIkWCa3202nbwvR
+rL0ILpgkzQs+IgbJY9EAE2cGiapoZ8mjKBq4EwZG6xqjqp8LO2Al8Koa1ofFwnoz
+sYCgl+oyiP2lTkdMpg9p3gmmqWRnv0qWvfjwxnpH470rFWxL1u5nG1MM/Y2GLi5o
++poL/laW4KNTZOgEnijxlvBJiLfhb/mymaMZ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 84 F0 F2 97 13 11 CE 64 6E 27 A4 E0 AD A4 7C 01 48 5C CC 1C 
+    friendlyName: pathLenConstraint6 subsubsubCA41X Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2FE4FAA573336C14
+
+GLa99+FOa9l+sPDWoFbyBrbX/TtHNYIleUwj/cWNxb7jQU07+yk7mBUld0Bz5Rsf
+VuANrtMFAKMVIP6G4U7lDO33F89oDESmpm/NBcXorVklfaRoYAEpGmpFmPpYinUH
+L4zhMODI04VO6RbDLAUIKDrnjObW3Kz+u4It+0qE6cPWF6a2C0w2Qtnl+TX9yd4g
+vHrQUcXbNJ7FJIxPCVM6oVtEFA/YCaTxp2YIjls+6mM8raJAAeXr7mgTSRcMf0xl
+GHhq94Srx2LEN4U7x4vAzeGVcgt4Fc6Wl7S3GejQCJVCSlaqh1n5LObFL24hHW+W
+MNo4BF4Ie5+GvT8bNryXTfz6WS1/I5WpRBjncoJglKXLhKFkOyS+l+4hmh+RRN4H
+4GEgBQ0UjlNxRmycU9kS63A4rs2EJCpeaQkZbubrOyWQ21NmBmeGPAno+J8TfSUb
+UsHvS0DIbsQVc629/ROE+Mp+qkzNIITzgogT/GXbJMLj/ECJM6gZ46SXbUpoH/Zn
+F8QoqMm/nzY8jiF8HS/CmVi0fwd2zyqH5I8Igz5JN1i2Toq1AKJ1dhpJTij5vm2C
+m3EpwATFkjPD2WDrDlcCfvVwlGY2GJG3VHTvlF6E3+bkpZoqQ/LY4+xBj2DvxuQ6
+bQiSL0rcw7xvibsjdxTj0VRg1RBkGnZoUqEpA1uAbehFTLI1EkttvIDPWjtflfwY
+5d6c9HsAo4Ikcwwb897sPQ7SMK9OaXjg7v3D4QFMIMQVCN81xA149l8++SS2Az9T
+nxMswJ+pZp/+Gvs0D9bfAbN9dICVCkAlE4PUAPbvwt3Tb49hG7prCgs7pwedBa3b
+20f7PMEJ99WaOvZ+Dc0aFttyuS7hc2vuYdlG2Ah0QK8INk6cJI385ghp8mthdl7N
+nwGmMKux5y1rmB0JTRiKjYbVILiL0LwvU+leK2kiJSwjdBgmg1ucDDL69D+4/P76
+T+pmxcyyNqfqy2no1p5aELuOU1XMbeC5AnISqsBa9Gjuw6ApaapHZ0Q/KEXxPeRY
+lgJ307CUK9EGQOviLnFB5htGLMVYBbqPT8kp5m4gmTTD20baM4bjnHoR0vdTfzv4
+IgkMPGgsdEtyEcvAcEKK5uH6gWHcAe9DeOtBe6w2FMRNdsTytqa3oABb9wVK8/ZG
+wpP4EHh3NDm3NPHt5K2DSD8aUrXYnt0Yvt4KTSrytZ4ayFLz14WNXnKIGD1WqSJC
+8/3Gs5vs1m86sKo6qLyybI5Jxm04DZ4KiNxj4t9XN102D6wnJVEzDWXPLUqc3bio
+Ln2pncIaCX+5ACS/ETYiTHoxNzGXM1QdyCkBBeDKk31x1A2HF1KehYzAXltxvkzt
+1BzTEYx/lXSu+UJpoNw0l9c1dO+qQrEdCqVEEGc1MCmgY/aQgtX6Z0EguFvz8VwR
+UyWkXxwvndy/iFMhSSDc9ZbsBKGpXE5wdn6VcnSfhziOOB7/vtSgzaXSoWM7UZED
+xfbAp0/k0Sqwwk65cN4E2PUXKNuKtaMfh94QXnrhn/eYRjFmzZhfkiDkuBLN7f56
+MdevaFdEL6rFfOlFGI5LIISK1Nv+rWC/x1rZwVvRjcftRiKjD0tAdQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pre2000CRLnextUpdateCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pre2000CRLnextUpdateCACert.pem
new file mode 100644
index 0000000000..71c924fa42
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pre2000CRLnextUpdateCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 6C D5 39 2E C2 D9 A8 61 5A 18 1A 13 BD D1 E2 C2 E7 60 8F 88 
+    friendlyName: pre2000 CRL nextUpdate CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pre2000 CRL nextUpdate CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIBDzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXByZTIwMDAgQ1JMIG5leHRVcGRhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDJaKW914d9ICbgb9i5WTu9xNEgITtuLfHFOh1uuDHXbo48416O
+1x7Bcws68LzNGyZiWIvs9kokWB0vVNdKt76kJvMTOMZcPFH0o4dfYo5JUaBeSU8Y
++Nfjxlql6PKOYiTruu4reYLgxf1BaGCtH+GjYqYOYC3He8gqiD0xuAEFb2a2Fdo8
+m5eryPTYEHC81LjmDZPDRksJmsUXsCa63AKQaqEvnrXxT9MLGflkFilXCL66yFhJ
+19k0lucJo8oZQt4PIMS7TF3fPFYdk58c5eQc3TUwjm93ZYgvSNEOeISC6EE7avb7
+0DASh70CX1iy+uNX+gcGp6aoZ799UaqAFv0hAgMBAAGjfDB6MB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQeqEecYYBoKLFCmimM5igD
+KZIDzDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJCSqna4iaOkoMr5x0YW
+TxgORJXV2/YMYG+loli/0m7bCp2A5WLp6YGifWXvdcxjcNwVnXZsT6RYJ3eGp7RJ
+oKiRncTMjrAhAVsVjgdy5U7uP7lEfAQfZ2nzMOzT8TVk7sjGmWXmm8OaiWxLoQll
+4eOdKsBLIJLweWdV7AZ0cpGCPwnXRq8mh4mabsAEl0cB85ZGydb3D+q9zv92HIHi
+LJm/mVEbn6EQV6f+XW7JKYjTJJ0nFeZb5j/0JFPy5+4lo+KXHXV+DkEIdMMPG66U
+99Co7Xtye7IkjOzXFLbRYbQJ+lALkq0BqAPCC2RCbZz8ZLaVoIjJU0XyuQ3O0YMY
+5Qo=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6C D5 39 2E C2 D9 A8 61 5A 18 1A 13 BD D1 E2 C2 E7 60 8F 88 
+    friendlyName: pre2000 CRL nextUpdate CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,48E785EC915176B0
+
+DvAWSul3RAjkEh00T/mI2uZoXGmFZ8KMSIpciqidBfizZNHtVCWpelmHH2bdq5c3
+LAyWePUZzeWglaag/cWzykPwgH0sPgeXPLwr/BtoAOPRgITVr1k1vHhShI7gjWuk
+Ya+3bMVvOF67fyeYNz19YjoSQ+fGMMCo/KyxYNPfth/w6F/kVoqqXrSt1k3na6AP
+HM7sELceaQzGl6JYZs4Q+1IRsA4sXpMO1FvxSem08vfjsrpHBhQvjcXPBP2GQpy4
+TANNZVVeed7uimomklEdJrsjqRtmvjGB4maaARVBBvLywouZqWPQXqjUr71kDTM0
+z6OfunsRH11DabCjwFaOkb1n5WYaVGETz+8BygIdHbhzzlkdtxIkKc9fUUlvcK+p
+YBxPbfn6u4tuOkhzauUTMMCzJXe3FWn0Q+3Ff7WAfnK44xD1eImGr39zjfDA1KVA
+YVpg6geqCZCX3pHRiygMWRVRiTu14fnlbvw2Tx25Irx6cJd/XvFVMOtAJzhKCEr4
+mPKENqhW734k45qISYegeeuL12sJGLyemHHPSrRLZxD1sbrFwJ6jO6rP2ph4At9b
+DmDaVPRZpHJUxW/XHN0UOIsbycDVdsxWz+QGYDaBbwNGyWBGj3Fe5CkeeQdIn4VK
+IJ5pixAvnBz8paPcN17u0jLf8gw4VkVxV9dQxKREFg+1A51M1ywWoPoj+FcLnx5X
+5LlCpw7r4j00dsEP/86VjhAffMP7j+DiIofRsrHiJKoHjY/tw+5JAzeD/mkiFEcy
+klr0N5nMdqq1EeoczljpNcS67eUx1s0VlVca4PSdkFI4Y/6AH0sHY3q8Alsnm7II
+zNqur3/XuwZgKcI6pYJrKrr076bU5GjSrjFDjkRcZODpTwfHMoWScOsof+15eLz2
+WbecSJE2l3pbB12x2UY/p9w73TAs+DO8DbHe9ARZ3P8TijFqm7M1olrbXwjmTMRY
+m2QLJ39muPsRNP3GpiXCuuCmb+tiq1zuhdUwVmckRf5uJCxqKIriKnqtPxL6qCS7
+1XGxSC98NthFXkQFxIiZHEs/TzrCqzhxE3kPR0k2A6AfgvHAcSOGGxGN87dtQbW9
+BnIJTwpmiT9CNJMeNGMFTKdEP3paZL21EFiwtu45TFWrlsOf1WVd4KoWmBmiIstp
+sb6KhWUx2konms1RoC0wtWv/JxXSptymCmqDyB7NhHe9YHz3YpCrfsqKw4JrOatO
+nkFVr2oyK0nC/2mbsugRJ2TjEv2ctXEKmPJ0tCVH3ZlK/qxsd8wu+AKdpThZtb7/
+deHf+LSgfimjzBk9/MnUYU61Y4InMv/cChfQwQdooJPT/sxPLcQYl5SEolNzaK4z
+rDa/HpTk0bbaK13RiZ1OR0tP2KfgKrIxKWdsH3WGSarxF7HTKsDQzdgZusIVuJDi
+NtQPhrOLIr1N181jF8Wj/dLr5FY8fGWwomQCgkIF0OAfnN/bzWHufifdb6nc0F+u
+UH/ah86lrkgoUxFiQjbyK1QKyW2gNJFmV0Uuk5aQWvnlK8Yn0Gg8cJ/EFTzl89pS
+LrofVKQT1YJJaH45PapT1E+DP9z42TZscvIivLwxjIJLZXdZJxMqat1mMYzXaIqU
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0CACert.pem
new file mode 100644
index 0000000000..4aaf206169
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 27 CD 61 20 C9 48 37 C4 8E 4B 48 31 C5 51 74 67 43 00 1E D3 
+    friendlyName: requireExplicitPolicy0 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBLTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXJlcXVpcmVFeHBsaWNpdFBvbGljeTAgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC9H7tvssdc/wduqx16T+W82qMWJRF190U8Ojp8YtO11D+dXuos
+YwW1s2g6HC9GuoMCVkS7H3VOx4D0T+oY/Gdt2vVKWFALPXlPkXYvcetrZeBucc+8
+oQHdgUeMKpFwagazoOeBZRbEKuz32amMQajto6RsdOKn8G/tCfvPWSiu+e9Wpr1A
+F8/F49mxKRrHo/8sLnHZEBYA4NIVy/KuXThzkYmfU1nfVejYjNPDC8rV67MtDvJX
+Q4KkbASnlX9zzaQuJbT8AeUeDMnYKbss9VcWTuukIk45PMAJvF9tnK3vlzPZcoI1
+wL8Xznd7XpwGDCjt9sjcfFG+P9gnnpe+oH3RAgMBAAGjgY4wgYswHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFLns37pSIri4vmr3ohLV
+JyDWZwQ1MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAEAMA0GCSqGSIb3DQEBCwUA
+A4IBAQBW5W0it/x9piqf4Ontkmv47v7kAheDZ3zVTavuaSyTR3X8zZjq2MRZ/GP1
+ukAIbYmtVA8ButPfrz98zK+JvgWhijro0lulYoB1weRwEVCCskRw1puGCwLcO5HH
+esqtSf25opakP+8orfdJ5oz3MNgIbV2eLrV8UBoIwqUlh9nJur1dLYY0EVWaLtl0
+vG3ZCzoJUdoQfidcBukQ1vs94fSeo86PUSmc3ly9R7e9bqmlYx3W8+UWWnNzj45c
+7kho7OxSoyZhcIP30Brq567uvhWftpHTThNdgsXLEMZ0sAtYz3RRTwJR926fij54
+sXrppFJp8OTTFV9u++k/u3qmGQJq
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 27 CD 61 20 C9 48 37 C4 8E 4B 48 31 C5 51 74 67 43 00 1E D3 
+    friendlyName: requireExplicitPolicy0 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B129C23003C7DEB1
+
+DLhdq7VdbAjB0rZaaal3iA/ic6EcNiB3hXhnWinigTmeRLec8mtYZqiOkTDs3kSP
+g81WHfr+06hC8T3112FjVg4XhMjQIL6TnyP8WExWOZlbfNgaQtn1O/6/uPVPywi9
+gx0hipVnTLhfiTjD2HdvKs7nNxvwcGvHSMp1DQIZj4JVPA39RNVW5KncOCybA5tu
+1Up7+3lPfpO6it0+i/eib1QOU5hIIN+O0zPy7eiyxMWKFv0brqGKWeExB5gIc2BH
+Zlad8DWnYscxGOMUqM0OELBIDqH5Mgpsml689VzUae5AqfGLTHW60H0HY6owpiKF
+Kq2e8SfKWuGf+4hwnaMlHH31JQwO1vIJrF3tLdpcgZSicCC4sTKl45oc1lZXgYHA
+WdH8LhsHIZdcA68eEDJxHFxtD3Jvh2mtOyWwxTCv1PK6X69q+orzf6qjhbX1k1sl
+gNYudB3rJZLgQOkOX8jlyrFf88VFUgrE4Ti6Lr5JBG/nbrs3mpEkvgx4/cq6RVJP
+pi7gFY8+E+HXa0vn9qMSTgMq1uIWixHxRhTs4PPH2cn8D6qCnz5a1WFmlCWlznw9
+2wsGyhgjsUcUjjJEhXNBvdPDaqu3pon5wyT5wPng5UdX9eDhwi5ZMSjIeSbybdWh
+MXPPla0lsYS5/edG+rU8A/LS0dRuAM55b4qZ2uKMXA5H4pzMuIp9i70BPHiTtlTo
+QMzaK3xpfHWZOfbONyWN70tdyhDJI4YrtO1mpknBOJuHjxMhe67NYaxpS3FMwXuK
+sXfPmbCy5N5NxKuJG0rwFaHmqUDu/u1UQlr+6OQggZQ4mwKUENGGR72c1onFa6j9
+X90NTKsx1XnH9ho7wXLPp8q5I+wyfRkcGTREw6t0X7ZNE6wtUv983lZ+KK7I+8XF
+ggQkh/wZphlm01qx4XTnOSvjexgxDHHfFDO0APaonZsZ99pnfLadMhO5GN9YKMcY
+4jTQ8B9pty58CvJuSXxNRwnOwDpJSxQA6Z+SS5rn5GZELvXFea1h6dzVy6LNcYnn
+DqQayNbw94GF2YLTchYKCM50/BiT90wcR2qRJYgwKshWK2YrVyxgn4PDme5CST5p
+CfUiKfGlL77pojauzjeAttytFYhwocN9Ubc/X9FVVycrqUQjsviC4pZigGt5eeQq
+us7QaBsdcUStGa+rJnhAZ3uu3cWflYi5X/i3Rct/BlJBcTWTYLzKznZphStEn4OI
+Z5kObIqCLZEq52TZ7Bho90dX7c6efB+J81GyVY56D8LKJqI1IDcXAnrdHLrgv+eH
+BmyOBx9iS7XdNqUUfW//zvDd7OkbPclOntmU162JEBWXVPhODjg2uI9tAAnd+Fd6
+zIPqXFA4iD4yfawNGvucY5R9xuGiwV263GfDZg6ZYomSjfRXhyix/n9y5tDSIyeY
+IcyhHqK3ceu6LK0c1p/ChE+O3tyV/l9zLKjKC8/rD9ISbsGoMYm5dmHwsxRFi8aG
+ZxhXrMVzJuB5yqHLyLoVZ+JV0vXmQwh0amT//fpY13ymo9QUNl3aWVdV921QsI3J
+0dO1LjL4NVhysOaGu+IwJqk6EbDGMg9OAHlM1ZbNAunJfNKOEQCnbTd34p0ot8fp
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subCACert.pem
new file mode 100644
index 0000000000..5758443d07
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 98 9F E7 16 BC 53 67 43 9F 00 66 8E 0C 12 67 DC D8 B6 BC 91 
+    friendlyName: requireExplicitPolicy0 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSUwIwYDVQQDExxyZXF1aXJlRXhwbGljaXRQb2xpY3kwIHN1YkNBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1kJr6U09z+r8aR+1RvhIAo+D0AF2
+do7gCMyAhzT3z+LRHAdHqeOwpsUaTBcREVV2MsCoWAk2gsG6mkXzrpKWWboFM+0x
+V2HmWjDSb44HNYEwcnSQ8uW2eIZ/B2ZUEdnkODBvIToPEbvfubccCBz+zerRuShN
+yB/m6m/Hgx65/ZmLLlja62OdP8/Txk+q+NudnkgkWIFaoqF6PxPyZDf5rS6wFybi
+B2E3xETVhRSAVuKqJXiTIl+xQnc68/HaF00Oj6Ul2v3Xmy8pLdA+z+BMBLEgso88
+4CQCCw9DKWExeWOGTOGcsXGF2Ccxo+HjIpDtuy+NiyKBrCySjJWTMebUAwIDAQAB
+o3wwejAfBgNVHSMEGDAWgBS57N+6UiK4uL5q96IS1Scg1mcENTAdBgNVHQ4EFgQU
+vmJ4/Tu9bpwLM/I7MqpBCPPliVowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
+AQC1SY78Ivlxwfun6e4Ru6ZfZbq41Jdn9WDMSO2BpepubxaXSDmGv0lGuvTDKAJK
+qNLUZ5GfGJP6inTx6iOxSPsn94vVT3YnlQNB3m2BW80MAL4G1Y+2IGid+DziABjl
+uuihKKe9gSbu5alh39RolvCP/PuUmXX53SJvn6rcM2ImnP80F73lccJno+on/zX8
+SvLqoGBA7jUO6XUJRN9ZweY7jpjQmJkRbArIHf8XUaEHDzFnn9job0siFYBfSbyE
+zDGOqpesAx/2enD3AHGdCQAfN6j68bojseeY+o2R/qKAyW6Q3tgloj33bo9xq4ku
+qNvqfPmXIIdT6aO4zpTrjJgy
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 98 9F E7 16 BC 53 67 43 9F 00 66 8E 0C 12 67 DC D8 B6 BC 91 
+    friendlyName: requireExplicitPolicy0 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E7F5CD2A1E296188
+
+KCkDHzpCNib6KzyDil7+gKgxF4KnWDa3lOxEe+4gG5IFZ/Fl/agCSqAKg0efdIM8
+kCJrR5968l03QXhdk/WHMymOgpwVTope+eYpx9093fXQRfy4p15q5YDxH2Sufwbg
+kIbE5HR0RlWnOjHHG413ihmEMSxPM9uQK3UhrTHAss4Z3mDDgRMYjip04o9fCmiG
+ib9bJmp9uqCHraygD//Hnk2juKOI+/mjWLaEmOu8L6CCCjNdrk3bfwBxtgfgZOa2
+MBumLB7uSSA1tirzo5yulo/l6n2sCtdrL5AqYAhxIgPITGKTNwp31fcUScWYP6uO
+cbDYKzIbU0Z2GhVhCeQ4bP72uUYxPHDEVzwLKCUTL7QhddT4tmf1ZWqz9PGvjX48
+1C+9Hr7tdeqevewhbwn2nj/i7WhCBFFQCAcQJhMufro3PbM8SOxilCnl7ggp0WPH
+W3KJ+u55+mO8m0GsfaYmwpJW5bPliTlWhY+4XLDdYtK7bF5NfOng0sPmi/IjFo+0
+QauvRVgK7mZWGXjSVzsy0x6AYQqC7PfST6auoA3llSx6iteqwHnJBAgaJ6m4GyGW
+p1KMiyo41WCPS8EftRdD5sOQLNY3j7hGXZQV6XQRRBUeonpjwYdm8dtRlE9GNT8A
+B/Hjlm+qOdPRahMKT/vgRggFEXKwxRPYVrE5fJZvNxZ0pDTDJqIAN1yizduYrVbA
+PUUvAQzuYeAkZuYpTs4iZkfOy/fO4ZQLIWIs/OS9AW9EZU3y5qR0sK8hEimwgTPu
+karhYKs7PGy9Ni4n9Q2yFio/+RGgPGauH7FZZQiveuWG3tXLSMczNjEdOqgs+LPR
+ATwbbLuqA+btrqLt3Zru9ZPMsDEEUz88x6kvJ26IoArVelPOGBKeJoIIZZrDVdJv
+UUhJeXyRWhdD9duRY4z1JPKVYte2zsU8OQZZ7U60L3zVNXJict3BKtljSnzotqRc
+27ICOQWdrs0KVox3seJJte98xuzJ3KqBYFS9d9wO5oA2mcJYG4iG7v23XQvtnBnz
+EFNa8RdjsIzKqimqECedUfOAnU2EfYFx0YgGUTC9XnPkv++tAPuOgEql6cgleg4S
+qzaQYzEuaXp6PBjHkFfd/b9xMrXD/JeLBLlPY/qaxtJIZsIC1BFpeT0qz1uy8wBQ
+XwrerC/xM8pMJ0J+EOmf0B8XXeWZdM+3LMzlxRG79LXFjlCQEQak75ViWx6wXftK
+ZpCaG9q9oQq0Qnd7f7k40wT4Qou8B2QSVqwYKdxra/PVAUdR4xBnZ9jD0LYNpcAM
+9EN1Uo8G4tQl2nn0u/s2Sk4QpeCKgtz7R9q3pxRFNsQYgQTtVim+Eq0AhIjRz7Pe
+g2R30Kb0Yl3PhDS4Gpn8dlQZ0CP6nq4YDYb9APLbAK6vU7McsQbXDIr3MfuPReMc
+Ayfov+WSeGWy+XnMrLmWRpyuoJB7+89U79crqfMdC6T4alanOyB6Rqxprg9tuGUF
+cyHh+FOgRlRbXfdiAhPeBOVAdHAb22hC28PNMQKh6RBZhW3ygijuUQA0d7iEpwuQ
+woZOLc9S3/8B3kkc+wOxkWYNGVwSLzTu3VgbUm1LBG2LQSu5w5c70SBQee5Rbpd9
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubCACert.pem
new file mode 100644
index 0000000000..29620a143b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 86 5E 78 BF 57 E4 3C A7 B5 99 E0 8E 3F E6 8C 6F AC B8 55 E9 
+    friendlyName: requireExplicitPolicy0 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subCA
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5MCBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSgwJgYDVQQDEx9yZXF1aXJlRXhwbGljaXRQb2xpY3kwIHN1YnN1YkNB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2JoTDyKgPYRFw7WI1x0
+qDLxFwPdMWrqDNPO3IXgWvoxaJs9TTJ0Du0yU4WBqNRR6waqPeRLtXi95RVg60CG
+EEbY4j8nTVNGj0VUnDfF/ey1ZrIPpLh2HWE0UGAfYPX26sZ2Z+gN4A9KE7kRBgf0
+GfwwebdVRJq4yCncvmMqAevllCUonA45cn3W+wC9n5Ono4ooD4PJFJ8KRALImUXc
+xHFtvL4GEsCEHHXFrEGle18aQiApb1aFVl1USk59ILLs/IuFdf1J/pztbA9HGEsa
+w0yrlN2fXK/ZPZhyD/Bs5Wy8uH85iduCRgmRa/XENqccN7AxVp1NeE8OxW3rjEQ6
+VQIDAQABo3wwejAfBgNVHSMEGDAWgBS+Ynj9O71unAsz8jsyqkEI8+WJWjAdBgNV
+HQ4EFgQU69iXen96IzUZ5M+XJCcizGenVkkwDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQCVCnP34O7DI0X1maCMTT7+hJ1cLO2LvC5MlQK8q/V/BjKFc6G8VcCy
+SMRFEwgoMIctfF9lWLqFFGlAJPB1U6T1w80eFb3GCB9vLILx5rAZ0Zib963MzFZB
+/hxhpnmwAQLc08zmjtHQQKNiTOWKCriBfPvAMGbdWNej/rwnDSj9YpBBEYE9Z4AV
+EFUS6DTBCj4QHP4Sej0y3V/MJot1F18U7Q3UCGicrrTnQrtP9g+r2dfRruaNeoxc
+T6YmhEvBrdCwoAlBFpBZr0HAI4+iTMB4Qt007Tc9WG/zH3cdkKH5YsqRGIr37Ruq
+DG/m3mjqG+3WkRuj1ExY0LYkxxiMdCVR
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 86 5E 78 BF 57 E4 3C A7 B5 99 E0 8E 3F E6 8C 6F AC B8 55 E9 
+    friendlyName: requireExplicitPolicy0 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,88080B693CA4CBCB
+
+eWTD85vvMoWI33pUfTY+58uSpi+fs7jkDxVrKD7mOW3rzPCep8h/lVv0neP0RNoh
+5lvzFkT/2V4HTzDneJfmE1ZUqThAQaqtZxWqkpPgzrVbD+bZvcCzzOb81ib3ERo2
+Zb79MoEPcvzNhSnX4K3A49/4qivghfBbp9NB8OGHJ/FKbjsWYPkQiqYU4JmxYL0d
+OrpfwAdWX1S5r/monH0E1Uv6ip5NHpr0kHzwfQxsD+pgubqnH200+wY3bRyrnDhv
+J4R5IjqzEup5xXGTBhN9rYoVF95cLn94YRkHxfE8kSmLew84IkG9REL8fiqbwr/S
+LD9+SK1DJpp5CBYVevA6lVQrW7bvFclbvOPQhJjxTTNBnOoUbaX96JMDNTH4mB3c
+C8blqAIqo5En//ZRD/PsjhTqQ4eUj437h9z5ePO7Itvqh+7HY80zHb4ShlhQxc0l
+PSxGk1aGtD8WscSfV+8EaEHiDF0DHyYVC5ZW8iBgmXHVuuVk40//ha7VSbH9SlJM
+lb4ZrhwHjAOvbiuNxp2O1iX7n1IVP2NycgUcO0YM33tQ4/ejsZd1QEjxeliTIUhC
+V+7bdXggH0KzJdvpDPyleKSELSwZMpd0fz1bNq4abDmwDlKlpoaBrO7+03VsVv+a
+HZYe96W7MNK/AnQm5ylm1wAP4NHkJjWARWENDS/24lGvUbVzYcdxttnxf0SLUiAO
+nvMCv8cnibQ4wXeY+CLivELdvtsusIKZ++d2MgWp4aNJgIdJygpNZQW69/xqQLre
+ldlkxQio8hYtTCY1MUifMag4uBUzxW9iiJuV2PD7Gu1TVV4xd/bGChZVMa9P+nHo
+u2eiY4pVtNhe9wr5I7nM+SwF6ivtBEH5KwC8H4tDT3nX5fH0+AuvlsfbWeRg7W1k
+cxs6ZMOR9bd9B2J7zUHptQNGP1suly0tMb/KbhM6igjSgnovVGBcdzpK6i6JrLzc
+TlQKg61SQMinRXZgkNYazV+vnkUIYv/rLUoQDlFMAlaijIyN6w5ksaE7KfonjAmx
+OHh2vonCSy2W4gErFY7zNeBVH/fE+JddAWJeoAr1+EzS580V4PhZ9R4LydRfv9o5
+eihAWj1aLUCeCdBNB1MazghBFNt38PbOy+hpzvFC6bG+PGPQAnxisHplO6q+P6co
+xknLYNqA6iFw7mUeCii9hHtj+FAF/cNmNClrK7SAmgA0W8TehLeoOKGoo0dA6/Xu
+DXZV0TDlbt2A8avuYP65daX+b9ghys8m2ETU6x+avlmuPZ5YSq269+y3/ePSwpQ7
+jBfVBRN5+aEM3cR7W4Mn/20PVVpt4gAIYrEAIPiz7sISsWZSLSu8IzCK8jcY8DlY
+L5O/QPZ2LFBJ1EliR32EXl7ubtwqa4VnEf9uoWnyooznyO7qydjPHJU1vTh1wz4T
+gUd4RNCGd7FW/pxS/F8RlItZvvQk5uVKvX6LjrxuHese3dW9JGSe9EUqxozhKRz1
+yudyxVG1rynKxPndL8bSkDikAfPrB/7tg5bzOrF2sAwxS61mkKc3Zd8TBoeOt34F
+L7GgwbWU9mWs/bw8l53HDVuAn2Fsf85xrPdyBRLXzNpMRfAmqs/zgutKLupZJtUP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubsubCACert.pem
new file mode 100644
index 0000000000..9360d1dc11
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D2 01 8C 12 28 A9 C4 AC A2 4B A9 B5 EF DE C4 07 DC AB 48 2F 
+    friendlyName: requireExplicitPolicy0 subsubsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subsubsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MCBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMSswKQYDVQQDEyJyZXF1aXJlRXhwbGljaXRQb2xpY3kwIHN1YnN1
+YnN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4d8UvN3QmBtB
+KQJSFClF134Wrv+NsPbS8dsXxeWIPKizD+8yDP53Rwdwr8k7q+Q2f3jZdXWovp/Z
+RILL+woH9SRbSNRpyDPtbrukl3hPaUO9UCtpeCqPETb5/zfJuw8JIqSG9Ab+atqa
+97bG7XzBTThsSNkfckHoDAc8i0U1HngPuLx9elndglmKtlfgKGqTagXLaWJbo0WM
+phT8BOBrmBohhIr7K+t08MyC72vCLZXD4dTkV/+fFuhHdKOP7XHNejLOdy8QVbC7
+kuSTPuCjI7a5EjtpSVwpXvpaooHdFIeOCiPjJg4xBP1NNJuqKG9Bkc+P+dMjdz+i
+JH4ybXFsIwIDAQABo3wwejAfBgNVHSMEGDAWgBTr2Jd6f3ojNRnkz5ckJyLMZ6dW
+STAdBgNVHQ4EFgQUtdsE1sggCC9aQcd4o0SJ2s4ua7owDgYDVR0PAQH/BAQDAgEG
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQA7RXTh5JOGumpqPXnJxJTJ0T99+mGke4EtCkyzmb1KvyKD
+gId0UwrUjENlGX20Jqt7/PhBcYS4xgx1kpQcRf/WJ8pzQbSH7SD7EFxySJ4d4zaj
+Zu9ITjJCEWw8qlWRP9lbQ5Hucs+X+W1kFSlWM3GgV3qcysDnNlcBoJfpNC6wehFy
+aSIBDY+SgT51bDZp/ANdKUSIjX1HUV6uRzCPQZYKkNAD4hS3X6as37Ap5WerP8Lf
+rZKkEtbFFB5TSJif31LTsxb5sYc2AtBjOBKvemBGzdmtjOs6MNRXvRdi/wwK3wJ5
+Y/y6tuaxlJtlUngvx7HLQxlZOvySQrq84uKZ3F7C
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D2 01 8C 12 28 A9 C4 AC A2 4B A9 B5 EF DE C4 07 DC AB 48 2F 
+    friendlyName: requireExplicitPolicy0 subsubsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F15CFEF31278A507
+
+aSZOe2dyS84zymKL3agADP47XYRnv5CrbiUhwyzE3k/blUEkzTp0VTOwulg8G6pK
+m6Ol1rgp8BpvnIcfvo9u+YhKYd2ziHhNjnOSzaGTAPRq+6s1cdRiH4dhrtzZpOR2
+AKcbk7XiH/uWSR4GLZUjWqGPU6nAd5OvrfVrBF9OiBpz1j/qx1Fy9O6J77DIy6/x
+jeJiH57KLV/RMJzyFELfLF/y1PfjPfxq2ojSAimn1XZKR44McELtn+KBdFEJo/5Q
+K5bPJy2lPdFfLyArqGmvOMyKUpirb04hTEEt20yoTJpIZhBcstyWNszwkiF9vso6
+Zxz6eTchgsiqaIHfKe0ezRDMX8cW1pdB5+2pW9QxUsUn3izIbIq5+KEl5oj+qZcV
+wNN2aX1NKs8eoT1lr4bOTAUaikJyoU4Z0wnUH7AjvW8ynA8jXvi2BC7921JM+6d/
+yzh3nblCQSKsuz6iJv6oWI0CHycc/69bjhsKt1aBdC2t5WFLwWdvhaPlUEBmJm22
+b1Ftez4eQ4w8531g/JA4oWK+Jgyb+Ys8ZJKJHe3NpjjOmCj95oWr7L7ZyUjrIh/I
+Q0Mq9NNrHb5XQSB/by82gNjaE4pBiOOxWBy+CaHgvh8THkZ1UGrPMTUKyY/BPNCT
+tlxj8E88z3kkQzfxqf95JE7JocUEmVou2x3RGKmooOg6KydAxqQFquGeFeb0eigY
+q7Asce2+XB+ilUTOaa8gQXXHDWyzhcDdfWlgmaAC9kZ/uzhEqonuoG0nyfE8V3ZL
+Zzn3j0cc2/LUA0CO4y+01zXxoakIAWBfsI514BH0Atg9l7CDFCPgy5moZmpopDD0
+6EKlAUF15KZiW4x4kLyVm7U8Yjkg+Q86HBqCb2rgas6YJiRbDMv2aQQl/33j/4cS
+TWPaDMmdmHMc4jZjGqmEVlkXQUgBdRoeC0SUVX+fIWrnKpZURJZfb9V7i8Q6VeFF
+TJfaAYz2ML5vQ782ZIKA3HfckgAxX7KaesfH05Q6VlahDv1mpJFNN4ZOmiZ7+0vw
+g+8AYmENCKS7MVuX+YFpIbZXDvYFpX7gYIpNa4ADE8VZLtngQyfOtIzBdgPOXUoJ
+M3JXJDkxWVHEfOLjnOklQK8HrfHOQFxU9Hd+KvYDRbIzsph/LPhYf9LcQ7cj8Mq0
+05nyb0DyNG+ZHe8wHBjiuevUxlG+LMJgqF37XucZmtocixcsl18aHq7Gifqto1iY
+dLPnmDezdlmVvz+Hoasj6qodEmN/A39fa2uDeG+9jTDddpbc+Cjz5ZNLLFQKEKAU
+LW08Ya0ZNV8njHdlB+3MmDzfDwBG4lBEj3Jm3Q9OMV9zoH2HNaUqnTOEXGz1EMGP
+4lGIVt+CKaX0SydSN2jVONPeLOq4R1F4DB8W7mcydJC2EvgUxdtd5m8yst+f8D1/
+46031OVwuLWP0KgIPX0Kmz2Jmm/V69grXG9J4OkZQYv/KfsWjdczalw1IzWU2nae
+Yqdl2fgz1jb7mJaeE7PtG8Oc50ewlzMbCQS0dCXqKv00mntEcc3pjIiYmIl+oVBq
+t+uzCkILkO35WQIEX9oebIQYS4CYyPZrx2IVr+VDVGUBFAF+fyT5tA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10CACert.pem
new file mode 100644
index 0000000000..20f0472cb5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CD 39 F6 C7 73 B2 91 15 EA 44 84 98 D5 1B 56 9F 77 1F 34 73 
+    friendlyName: requireExplicitPolicy10 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBKjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAMT
+GnJlcXVpcmVFeHBsaWNpdFBvbGljeTEwIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA89pNhXn+jUxGpeJ1/h+iAlDoB5GdV8Do9wWsj8xwV6wx8QAi
+7MLPxjS9/zzCmmdvv9sa/tPZFYObbUaY8VDtQoksQKtW57OZgyAJTbUj1vV6VPDB
+U55xFOWaI/pesiO1+q1Xzxs5mZKVqChXQMIxzEYbN1opf+48tvsK4cOPLx/QQuEL
+E0q8nnoL8ePohm+8rTEtsWevzHz+PEywncSG+xu3SXC62gBm0Ij6v4178/CyTOho
+m2wXU7KAowokvvRx8ZqI2WS9Arir278fHzCsdjYeBCnybJyES+ldKZ5tvANLh8am
+C8loUhtoBW/HvAWFzOyEgucWqMmH0dUSiDLe1QIDAQABo4GOMIGLMB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQZ80wE0V/VgEfz+DQs
+EYHkmM9rnzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0kAQH/BAUwA4ABCjANBgkqhkiG9w0BAQsF
+AAOCAQEAi0krrdtrtcdh6y64lMi0WeCP4QILh7uXhceEtxyafJAKi0D/t2vQ55oN
+rAP+ZnIT0jOBBOE0cE6kyIcSa82rvNvjLR6fPqEhyXtE2i5dZbJBw847jP91UyBZ
+4QaA4jzJh/cz41U0GRv1dPf0SF/9WcsWKZnqumbZZ/NG7Zu1QJrF1+GU17rOWFUy
+CndBlxka3QVJSTzLxhXwbw52YiXvLJQm7mwF9OTuDU2ffZ5WKuOSA7rXumKNUAqD
+d/U6lvBwChFlr8sAqbXHcxh4ZqboOaTDxvBQ9rLrjKtcuA9N7udGFjZr/nEwqH+t
+vJgmuFX0Tkh9gH9AZax/zOWZivL0nQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CD 39 F6 C7 73 B2 91 15 EA 44 84 98 D5 1B 56 9F 77 1F 34 73 
+    friendlyName: requireExplicitPolicy10 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,64795C6B19211323
+
+27uUJ0FOOfIALApWq8b2aNDRoTK8tCfjZSpwRDwoeHpZZNFUw7ckVRtatn09aXu+
+oGWnIkC+WmCIlJH8CxN4VID99OVp95xVk8o2sutEfMO5chpNlaIZ+G0RBltQWWzQ
+sB3up5YEQMBMNYyqD5IdtakFjfa6MSB1LW0tGDmIPu15TBP9ZhxFxDLSfUzvCBco
+Mx4WKP6Cp+sTS5Vw914guOWQTl3nFVAmkv0QbGPjuhw0sR3mXAQw2H9iqf7nlW/l
+D0UTo/vRyIyqy6ri9gkLPGEFIVuOtT3gzZNv1n1mUX3JKtgBan3bvpiCuATbDke3
++p6ZSkkX219fNW6AtezPSBn+YNs796XGLOR7Z4ZwgqigekjBiNZ0T46NOqUr8XsE
++dHW9I67PnaJasb33muOfS7wNIB/RfPTkoCHgUaXqkp3BvQFivadNcOz2oNRGddo
+voRlDfrKrkbcsZTtvStn1nXz7211X31DiQr/Cct2RDeziy6m1DGMH0m6vF9TYmCV
+vH1Fvb3xbViLR1khQeJPiWUrAQG5nHPcm66RKwL1IdKdtTq8WzJyhu+FFGLncn/z
+yIm29dDg6XsLhyEAQMLj6GyVBsR6obMsSovYHP06uNGIpmIeBr/qlO7RZXZTJpn4
+kHJc2/aESWLzqJPQtV1RSgRlp1XJl8+8s9n8VuvcNBpVIoAGXf39mL3ysYQZGjuu
+Tk4I+WhI3XgcHm9mFf1D6ySjjT3TdDtRZucKAUv7RjpyINaJ2y8Qu6rOEuczx+ql
+hdW2cC06zlM/OmFgQaLxcrTyOLetZMLqPVbuf/ZXAKMRsjaIm9NUUA5+QQIYIu+Q
+MgRQ4l78Z9xWSdDiU1+FNsgzwCxSsZYe3mbLXQSxdGUG4WcElpMXL2w9m1DZNSp2
++3cl83yhI34OxzHgKLzP4vh2NliN7TBKGa7rCEgZbR6pjayZ4GCibDReqn/48Upg
+WR0amOzV7ZO4YemHgkL2LDLcNKW031F7DsOHubXql7j/G4gUcbRYrA+k6oX/rLa/
+YOv50xHKzFE9l7nqsbZXCt9jOmTudlTtDda64XSUN1J8dudgOcuQMa0QbVAoQVIY
+9P1wChyUXmcZNpyioRN0/Rk6JsCaCkFapokbG1b1ICy+y817rRlXOqJ3veNlwOmC
+axVUv0smGvxmTlLirfju3/sFFzdqNE44FNwU2pTFcZdekLLeuIXGvtg1gm8kXwIo
+UElpPiUSNDpGYLWW/P7qPYLIejh/sOtPbczL90+lf2YIZcD2QiYdCNWNc5xdFczi
+4ymcYtDrGT9kNjE+Um3vB8Km0aiEAQ6YTRli30dBSNJY/6TUh/EoZyA2rKFkRfuL
+XoKGpkG4PXs1byNppR7QkbTJ8VDCI63pfNBclvmjLQGqcdMkXXTJPJxWxGovMqDI
+fBncN2+x1q2HdmyqdP10PjOdA/C6Eps8c7nNzTxFON8gBNOKIDaFVFyQlfPIim0/
+dI9Xic5lC39LhCtobtUZsmx52O7guVGTLKwUL/NBE09lF0Sn3DEfiok9xFbuDpU7
+sFGe9FVHjxb4Bn/nv7S3HruEVVormpsDvAU12Z42Co0ubvVlWaDxyEl7G5+0WzCA
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subCACert.pem
new file mode 100644
index 0000000000..e8ff4b5f51
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 7F 03 2F 98 50 19 5C A8 C7 F2 F2 19 50 D2 16 FE DF E0 33 E2 
+    friendlyName: requireExplicitPolicy10 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 CA
+-----BEGIN CERTIFICATE-----
+MIIDoDCCAoigAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMacmVxdWly
+ZUV4cGxpY2l0UG9saWN5MTAgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBWMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTEmMCQGA1UEAxMdcmVxdWlyZUV4cGxpY2l0UG9saWN5MTAgc3ViQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVX0CKln4yztxPjF30FSL1KXKy
+G+0mCyGvYaITtuY6wIxSEY5/gx5llypjWstkFJK6Y5K+2aeHzPzcrsxd2jg3mG54
+WOEpdDgnOyx9CPA8BjWVmZxcnzLzikSF66IoniwImkpBSpK+vzouO/aiC2kEDvLH
+5ywmwtHhW5fYUT8maw7pzJEbE1ZcQivDNxrXL0feO6neRGhNds53tC8WDFSgtZNK
+kNsPT+S6FLMzs0dfLFbg21WHjJ9MaG2kjH1yuKI0KmXJ+RbM3/vngJPmIzILx8pL
++o4mRCSmIYDW24WREsYahWvismJ+Yn+xYxUSjYrAqw8XTTWFy+pBDJooCFYpAgMB
+AAGjfDB6MB8GA1UdIwQYMBaAFBnzTATRX9WAR/P4NCwRgeSYz2ufMB0GA1UdDgQW
+BBRuGKZhJA9o2y4GEZYmN6/JeClWBjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBAOkcAeSy758gjhUGHr83+uAMg7509xvYFSmyTvic9b4TEjUTddYplwZ4zHK+
+jRSLsOzh83ZD76uVcGn12a3FbFj7GmYC3o3409ciWWefaSZ0zxFsNmvHB4Y3kt8e
+Emjzkck/LLNri5SGKVlPdYEBWQiCvxdK/jN6YAWpbIASPSbNNiSDUYLXNFWhaRVs
+8+RgaEHwyYW71IHOZ+qWhnjmtYQUL6uglCLcIGmMzkxXIgUo70utC5DbTtUYVDZ6
+glLca7VUQnES1G0oA85/nokRVd1TxbKOeBJoyxRf5IjRbW6OIgLxUYjFmxF5MB0p
+7LHjIkT/5vZy/lERobzh44QI0/s=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7F 03 2F 98 50 19 5C A8 C7 F2 F2 19 50 D2 16 FE DF E0 33 E2 
+    friendlyName: requireExplicitPolicy10 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FF976BA627CFB6F9
+
+0UQf1na5hpAkAVpjFPiBq2fUfi5cEFRrrVtGslQSCfbP6S71v5rxbS3cuwXqIdM9
++au606Cs3NweNOeHIBe3npnk5kXrkP8NBDb9AaC3k5H+aHZ9GKYPFY1EaNya9LnO
+VHko7h7pgn4QaGrHC3BmqjyJIKFaTesLWzNhb9G9MUlIIZs++PufrnHNPB9mWhI6
+Fvs1l5vrZhVdi0sWSplqoE34Hth5Vng3ArDAaQKOa94WNI5F95eEokq7SUQIF+s+
+udHW/VsS4WEnPAVyPhsUdpb9+ofSh6FND7Lr0+vbd7tFzxHuksWZazbK57n1x9oA
+BrC1CN/1XfN+pliNCLF2jEE+gBktUaEBVjCNHpCv6K9fRySCKVrPTKhMr4/fMYEJ
+Pm2HuLtq9umiqJ/Y/ix/OeEllCDrmRlg6l+nniWnC1RlUb433hnpP1l/wBf6zPPj
+qbMYZBzK3mRDhZlcAtOhm23OyUN4WiSslBGIn/auSe+Z1K5J+zYfVyZ9/yMzS2US
+unCOxCMHCQ92vAakzpZmNTNn/8S/orXuHottrHhSHMv9zMoP0hieJZHy9AkoFEeJ
+WGH/CioyY3NImdO3RxiOhIkM0zQpVUXYpgrzl32cJOGkINIs9GxRApqDo3pGH4R7
+gW+5/kfxX9EPDKfZYHOoeV7+tqiatzjPrMJ8ZsGk9OL3xtU+cQ2EbQtIJCoMXc/g
+m4pRPmjiD64FOfcE1UHnSh/Sfvq9Wb13mn1Y/niC1q9SSnwWw9glJVLpJNPlC8SE
+OOAkhnoOzlHqbChpWtiFzls6ExJFmFdZuZdrICJp1812lgwcxlvLO/9MLrV5edE0
+vB3SRDfh8W9DR4yZ98ZFd/QpRI/Yb2QzORKzpoSXQ+U/n/uFuL+OhRBiyW9TZ2vg
+dnJ+9wy6JnITNdFTuL7m5iv7tXRV650bJ/sMXsIzyhz7WAoNL5BxpJO5g1Vdwoft
+A4vBPRlvkFurspLWwEcyLrIM7Foj3hXV1eQbp4W7fKGDSFlvESVF5tLtURoVWN05
+HHXX1tbwJel7zNmCrjNIxw0QIZsG8SyFGtOHgTzK+oeR8KJ3B5hTBgnOd10RVJZE
+M8Uj1IU43RwaTnpQttw4DP/rMeQe/yXTTw6SdvrQW50YDMO6MGGK1C92OqiTBPRV
+qtvlsROpUEITUCbNP22QeYQw145t5pYu96JE7S7EHvFpr+m+KmAO17lpbUIBX40u
+Pkh9sOdKBWkm5skIQi36qx5lPDLkcYvBosadJs0z83qNlfnEJtEm6g0MYmU1rcwy
+X8UJMBmQZAOIAaX7y0EX3eBFAqs77FE7dnIiJDKXAxVbErzC+4JEHTYvdw4VIMor
+yMJDtVDJuVk9MG5lWkIX+942TVWJc297USYQpr9fxvgEPlgrOzeOyCOIfx1hJ7JV
+HJmlHSqxat+2WQPBQPh4sMX8OcndsJjkejKgY2Igdix5K48TFlD683lZPVeIOgAD
+ILaJbcO0/9j+q0EjjT8MItt4tQiN3pHvfqAy8nGXaXeolZyo4TANVfAUXswLSO0Q
+9YY1BO1wAI5LT5mWtF8+4u/oyYlqSnIo09hgVjBfdN0JedACD3l16Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubCACert.pem
new file mode 100644
index 0000000000..33f695db43
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 90 84 34 25 35 EA 8F 80 07 75 7D 36 0E 18 D0 93 C2 5B 9C 12 
+    friendlyName: requireExplicitPolicy10 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subCA
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MTAgc3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBZMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTEpMCcGA1UEAxMgcmVxdWlyZUV4cGxpY2l0UG9saWN5MTAgc3Vic3Vi
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3Q6OlKYYO7GHk++9w
+xG8Uaa1vROnO94XkBCXxGvbcoEk9vLTPMrU5LDNeb2b5jsqFUnyr2VspNrqVjsft
+SWn35sbByY9KvOvxtVe9CKKbQsnr/xdn8eAbWz160y1yzfTgKgug36awApr+Br3v
+LKAr4+pRyFoFA/rOODTgCvAAw7kWqSo1u41x3tr2trxhX5LysQQu4ZAmuUgK0FW/
+GVElVC3XqkJEj7f87CAJ1UJvJbkmX3fwg2ZLbH2v4UihwVj1rwOmRUz5mrxVM6Qv
+CkcBmP+gxXStOpWpb+xJbrB8ja6XEZ9E1mZvn7z0tVd/MMp2j/FvPAvIX5eK0jE/
+rVixAgMBAAGjfDB6MB8GA1UdIwQYMBaAFG4YpmEkD2jbLgYRliY3r8l4KVYGMB0G
+A1UdDgQWBBRYUE8O8v5yJKTQdz+glix3tSToITAOBgNVHQ8BAf8EBAMCAQYwFwYD
+VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
+AQELBQADggEBAM5UH8wRhIjUneCRQvs9o+G2dyjZ2vTOe2Fh7KyY48tnVB0WBn+l
+Z+oSat2PcoEqGLeHb0xeiOdTStG+CIMBsKtEURm+6wm/O9McFDyu/zWAENdgqZfY
+wQa91xLPw/mZ+p73SGqrRpFiOcmStaIax7ip6yB9smU9eIWvqJnRvWN69UvhIhjy
+xarGYM3vUNC4uuhoZuzerUoZ+X4S1l84a0erkbGmH3bLLG/6xtS9jyIrfTN0kkPu
+631e1/HICHgVyGzFxhzKU2wDlkLtWqGk71ZqxJB/hZ0GS9BaFk2k5LS/Jc/r1vjo
+UBK1VkO0Un06qiXfa0JDsXFrWiMtycqBFzE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 90 84 34 25 35 EA 8F 80 07 75 7D 36 0E 18 D0 93 C2 5B 9C 12 
+    friendlyName: requireExplicitPolicy10 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6C56B0A995D09FC8
+
+kNCwDBBX24zs8XyFyKqns0+HqPKcmOUOwb5Eckka6gqCUpI5q1bp+STZaPYBahb+
+q+H9DChmRG9O4eV+T3pmCfY8lSFqv/5X0tBm1KG/7UQHCeK93PJ/+OudrI+9xqsJ
+L46yjdnNHPxRJUflnUmxSf6RAVoxcZ5B8aCW0arXcJpbKPG7vg8noBAGLL9L+Dz3
+RoxF7h/6Uie28oH5sk5KAueItE6lF1kHfBo6gE5G3Y2UDapYbSmXU2Af2lFnZ7zN
+GIlTyapnH0arnWUzMB1QgVWof5sbi4cmt+std8kSpR1olfFEV9+BopVNvspHwDhI
+GdUhN78Oxd3FjHI+RK0oo3rVwfvfN5Zz5/wsL8P6QmCzSS4BWTbL5nMRqUT1ZxhW
+kGRmSn7K43ybGuViWrzZRHxdkx4Uf3/u235dOz9cZqL7UbE6Uz30TWBtDlJNUhkY
+t9iZnlmoz+uQPJVcXoFGQycV49MRddF3dFCQ15Mr4C8xSbU66HBSF8CcO5p8ne30
+k78BPgCTeLeUkO9P0j2W6rYxrAwt4Dcse5bfPlaYZsPsdj2TdludOMJedbLm9ppb
+27UgLmu/IGety7KVbn9zFQKjzoN0acsA0ENdP9wdfpyplhfZ3F0J22RJV/pmrYug
+mmUqPqkmKmN6KWl4N+ZBdOsfwMmMdou+YJ9+kZBOk1uC/3cL9LwL/X33ILanM5pn
+nvJr8cy/lMhcadLM3wiHqtiroKf+Ui+nHrZQ6v7ZAtqQEvTOvLC8G7tYPTdUz1yE
+jKsqs6JrwKHq/cQruumxXj8+xipJ+IncB0AxrAtI1zMcbXosT+tuyXmK76SLX42j
+MDsLysr3N1mkfVm/kiaRVmcRijyaUf9lHM/tLHVhbO0GIuPyYsAKjTJmUIXnx20H
+Zqe/T22MV51ptzZZcr5CRjihJITQpVUjAw8pQKijktT7OEIPSvbvq/fnZX/foruL
+9rXVrACb4LSf8sdJTn7eP3xZVElfbCBosJpm1etjLwKdiIzmcPfuVXsnsfKiuyS1
+PchTcVE7duodcQnUAOhWkpZtlrX+4ZuPFUCWrsebNWgBavEuhKhfdjKsfjXS6Pr6
+u+qTgPa3xVPAhKW1cxiW+smBBnJNPApZ1bqmN5u5dfrUOhoL/sjuuc3bUVA0BkTg
+H6uatshkBRXXaRtx6AvnJ8aECOBvbK90Wl1EbszszVpAEsU2MNhbX3eQiRz1TBtE
+shKnGphVNCbtbS7Ll6xwL74gwxDSOIIGs7ggdpPNmMKfo9SmQPWw137Q4EjpNyAV
+NZXTMmF8P4PJ3K8OCNZ7v9PqnEQ3rJjp7TADD4j2KX63Mnv8fIlE/okm1Wt5Tdvo
+zX6uCkLCb79M3atbpVRZocR1SddJmpLQ8hKKPrPK3lq8MLzTpp6xjnWVK17Hsgub
+UGvsfca+VlDbYmqKvdj1lyIroSaBxN7WLh5QzMILt+IeAF4ihl4Q1xEeRE1NVdN+
+CGB4pC6J+aWpZC20c6lG7O7OcOQGAM6HK/aiAgaaSmxLhu/NjGle4uKhTfGuodgH
+8ytggkks3SzupnDRSWCmaQ0rSFWPSL2rPJbBwoWjRIMTurgQRmFkNg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubsubCACert.pem
new file mode 100644
index 0000000000..21160f2bac
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 3D B0 50 D7 39 16 46 7D 10 06 9A 1A A0 D1 28 D0 03 48 F2 CD 
+    friendlyName: requireExplicitPolicy10 subsubsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subsubsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEpMCcGA1UEAxMgcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MTAgc3Vic3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAx
+MjMxMDgzMDAwWjBcMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZp
+Y2F0ZXMgMjAxMTEsMCoGA1UEAxMjcmVxdWlyZUV4cGxpY2l0UG9saWN5MTAgc3Vi
+c3Vic3ViQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2DO8cedU6
+MF/8P1YnCcHKe47mA/BD/ZjRJFTpgEelXmhIk/9qcx5i+jYsQFPOIWPo/V1WacZA
+4Z3WIdP57sw21CZTPX1JfaoygAlcaueoi2UPH2LlvnHGpOGfZpqtI/6y1Kfs77Rc
+bsIMkW8zRPXY2DOhRaYEOzf7ueXiNFx9SDLolxyZPEJiGeFX3+WrDXjZVH5wnCgV
+6t3l+88ZsLQ0WRgbi1gocOBxOtrR50JkNHoOFwUNlqPibJvBkLYrlIOvJiPlqXXj
+y5lgxMCyeSH79AJ9Q/UdMbJdC8HNmXgWxXuK+vInnaOJkjmQFY9MVMq35jIdSaZD
+69D5hOWuBO0RAgMBAAGjfDB6MB8GA1UdIwQYMBaAFFhQTw7y/nIkpNB3P6CWLHe1
+JOghMB0GA1UdDgQWBBSWjHH8Fag7ztnE+MPQX2lxfOgASzAOBgNVHQ8BAf8EBAMC
+AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBACl0/KFW/P2mCzjLyGB/zUARmsAFdR0zvWjnKfdDAjg9
+5Tf6At3kqcgTWt7qiKf58NK1S4BqcOQvYnYP3YeSmBEirMgtgJQ0FGR7R0FgoYhy
+DY3tWak94nuM+tuucWqtQuyB6zGOh8Stc7uYkspb2tCCyQQ+pc/V2S6ggC0QuAE0
++yfuJEGlCyoR83ASr3aImoGcZdZ61aqK7bz0+DTDGJdbteBbSJ6WJsH6z8AFQ+yA
+vmEXwQisnsufWYDtwuskwxoAGL+iTVYj1gtveU9O4zzh03hqOT6owGdjryX6VH9L
+dJFtQ7bn8rR5fuuT9Oui1EgnwoKAtDEIpVQGvCEtLuU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3D B0 50 D7 39 16 46 7D 10 06 9A 1A A0 D1 28 D0 03 48 F2 CD 
+    friendlyName: requireExplicitPolicy10 subsubsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2693B4FF0C23B6DC
+
+oT4nC1SPE3hkJ36qls3FUIwwT4t8CIQm+If2oVjwqUWPk0nOCtoDdsI/0D4bwA5p
+oqeE8cm2qpBSeM+1LLxMvSKgDPavwnaIQ0slnQTIWlFZQcviUAby/wbvZf56UkeM
+AqoFsa3rk2KEhxlmlJ9yp/hi2OFz0yIWEeaH5AAKkoTxDAu68+xVI1ofZb81umY5
+7RMogXmKSN1/Ztl1lCtfhP1HYyJo07SluO4EiK0H7zfJR6Tj40npOzAhFWMI7ZN1
+7QlshDkoMBha6nLUuLlgapwIfzW1aaBohAVPrbT8e5+5KbZYa7jyU95YXbWjEDkS
+j5KSUsOCUw0Pfr5c8hCTzYTrpiQQdQsp5+kIUYIAfGM4M7h7gmYL5qbmS45ND/mr
+zivlJs64hRZpuiHrdoW7IC7SVSh13DOM8QW/j9Mod321fV8TMZLTRDUfDmFJcPA0
+bXc6Y+i3izPA6DtDfHuKhv/uVIUjNOkY3OtenVi382qY6svpiDk8zFZfffdFao0F
+edB16GPNI1UpxD9UgE723g9KNA5239HUJhf+vAXEZcUHog7FYkjGPVgAVObinrjP
+iVuk4lBN44K2bhK+adDjn7SkmxpmlzmY3E+4ZBLQl1w4yZqjsKGQeBE4FfIu5g3H
+Doo57oUAX8l/5UGETFpSXdrXdxfwRb6B802ApcDqs/mbgTXfdK2B+kM61mUbquBf
+wO5gbf4YR1MTpRJg2mnwSPRDUlnZzl5BmzjzlZEy+37NOXI8VnD0SROLbOGh8XoK
+9Aq3QTaLJVAzR93Mav08oFVH/FszP+hoec44YAOHZnyq0sbUzeOwi8+T2A75BHYV
+QZRYxb2PNU0J52IjTygI0RRFiY4/0qZF2t3OMJJt8+Vhk0oVQ357YpqrNZBam+iW
+AXjis54A65AsZYwP8oqi0yYhrmqIYUcJYm4fFbW2gB/QAzUu0tifgqQCE+xruBc0
+cYj7BJUJy2i4Sv6paN0/vvj5U5GnyGEBCsIOBsThOsVKRdeyOZZX988AtjUWR+Xr
+4qty4xwpd/AcJFadTILLMLujigIoeW72qvlkl8DxgJi7mJc9C+0yLvMsRQNFAlAK
+NBYyDUm6wE+BrjA1nTmTYYQJxVuGdo7ESUQx836jMnptXIPpuuPQCyHi+T691msU
+IjrEq1Dn6VT3oMnNLuT/Lfq2QRatrSDWAPPjfp9hDH5FvbqyJD+GoVc5r8M2/MF4
+WV/vhSiaQpwZD1ZgG/XNRhutHb1LSGIGPYbQFbDqZ+1tpa3UXzU1zPJDAirumFZs
+/CsyXmpnXJgdgd5E1CxqCq3yfYpz8a/YgRlGNMDtf9cMQI6qLhiKDarVpdlhhVjI
+lbHINMEakBsgO3+L2CyJRhpDYvoq+BuFYtTL01hcHeoBDGTLQF4eM571FE5Eoxc2
+KJwBtzUIU/tIfEBVO5qxBbK2vad+s7fz0/lLWX8mkkg9SNHuaNYImt2uoBBQVJ31
++agpG+th4eB9t5uL6h54Ivbgishld/zc7mKrzwX4cYYYWkBZZtFTBKCPF4AKzvY8
+in+tAV3EKlz5mXB1ztJ/ezbR6ALAOdyDSO9EhTdaOmpTuT6NjCtFTzF3QYwnRDMz
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2CACert.pem
new file mode 100644
index 0000000000..c49f2da69f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 35 D9 76 B0 0C BF 65 C0 63 6B 78 35 10 9A 4F 3E DF E4 75 7A 
+    friendlyName: requireExplicitPolicy2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBLzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXJlcXVpcmVFeHBsaWNpdFBvbGljeTIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCzxfi584eF82tOhWkMbV/3OVpGrWH1czuMyaq0z0aPeRgBRrIB
+EIvQpq+7Bn9NttfyrXjsyJOt47rtyV0yBGkEyBt/UmCehaLuEROLemMB4uzcKLLS
+fo/dcHd8MZV4MUn6ESPWny0PJADb4akSbhWS6H5LA9j6qeMc211nfgy5LBjJiqNL
+6pEdyFfiW59UjL3E180/pm5ktxiUbQAjqs39vr5TEUrcnXIGEwD1wNyia7HovdoL
+2dvSb7CbOw26Gv5EKLPKfBTBGM79JUnMFG7kWXLUAhGbosCI0bLsZO4ox7q0hy3M
+NMOkxv/4yOqu4g4lg4ldmfxj5xSV4QooFSrzAgMBAAGjgY4wgYswHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFDap2fuqOC+g90w72YWd
+mhWjLanHMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAECMA0GCSqGSIb3DQEBCwUA
+A4IBAQAe0P0wi2luJkXyOChUK4ruG45cD6IIep+GwGXYtnsq2fAXIWe1c8XCQTyi
+1TrQBK+AiM/AREdH2ZVSA+V44zgmPIXIiVa1teBPXbuvM7GQzOaUU5Dv8SMCjRzH
+ThsV5bkvTw5V29Pk8vbIFNMzSFeWfoatv4RB0a5ahW153q4CgDOUyJoMOcRGRi9L
+xDToUwTICmz4eNcMA04n0U94wnqZiNhcLEdfyX95ZspOAs3E2YGBr/Wi0slN9+6Y
+CpdaYY6UzK9azt1q4t9p4PTfbYDxi6hPksgMEoFfUtskikrdD5dPYcG42IzCTOks
+Jx1qxicm25mJ7TuNhtQKBeQ3FeXT
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 35 D9 76 B0 0C BF 65 C0 63 6B 78 35 10 9A 4F 3E DF E4 75 7A 
+    friendlyName: requireExplicitPolicy2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E86F4CFC334DAFA5
+
+V9wxv4XRXhnFgR/nCrVP+HQGB2ZpnxDLDRCCi1wCGQT4HevR1zx1lhmckqN1q5SK
+en/+8HITNNLpC60zczhO2l3aAnR4WzIGn+VSPAP1kAx03DvconRyX/ZTenSs5Vti
+1CApBPJZb8+bQdbX7GEtLxVeZ7OCKPdHBYfXFVB/0jcQgUJSxhO60/YJk/q+/WO0
+gjq5geu7h+gUi1XcVN1YaHkwhDndtlDfRSoYp7ZhnfUfODqnfzapw7zEmmcXLZt7
+xii7UpeERZ5BE73mEn0yEEyLsnDVOvfokVAwu0zkTsKrJMqLZ5k2spHYSU8LJi3s
+Jw/Jfrw9GiCQm8GSqD46SsBdl9DqBjucBqhKDZv9sUUANc8a+y/e2kNINAtezwrV
+dCVaXptVYiaAfl9oJKtAiBDQRJ1Mp/4aFpguEttX847RyXjusUpQXrjtnph6byvp
+33QDP2Dgvg2juft4/qxYm2dDN9jXUxAMy0Ym0ZjG/Uv0Z9EUx0BAzF3j9u9ztAcJ
+TA4bNSvI6xA3hgoQsd9rGZQUFgP5nNAXLQUCSPaFUY1OdZUNsnzFMvQvKG22uOyd
+DhMSAlXfpaxQ8KmqX9ekgzYSBWwlCLCMHUTCAKQFybg5bFvsQQNjTkqAAgRt9lLF
+zlb5Z0+bsSjlNyHNQ2QumI4gnL29b2Ep60/tPH2hWBuiFXOnnJUfvCDrrZl+2JLi
+mVtz7qucLGiEtLdX8wXoJDKh+AgidbyhQ9H+G98sDx6GN2z6bUKZbeIIXOSoiWbY
+iOMusN8/rTjpW1p7tNMZd/NZ7iJWcVlz8HAEkxGmqZVePkZe4diWsGy4mx7WDDZG
+5XPuDHVu+4jwFBU8OFqc9qhQzox7OdCEFfNxzo8TCjJ6zLePS98esVwbKjJy8F6y
+Znm2bilT7PVNN53N6gHeV4jZ213/KxuD6r2IamqOo0itst16DSvGxZ+nf0kJzJuL
+I7c9rME0OvBr8KgFP00ad4ZIO65ss0SEJH3+qSGgMsAdWemZ592uF09GeE2/WqcK
+n/tza3e5Yckeudopu5U9Icl+wvFwC6Wy2cgrXLdb/PB/txLGqlLShGocSTtNPRJ5
+Bi/MmYET9kJoKyyKuD/vW6C71KyXRj6KpD3f8wiVQUGRU5TPkLn+8m4AwcRldM8v
+4pKw4Lr44jJum/jg1ELHzaK8vCYr2E6JSgPOWxar7+KOPqi8VnfaoTdsEhpbpcJn
+yhWQ3z3vanG0dmJ5ROVde6X93bJVPMmvFIyW05fxpUSA/7/de19UZ/HoAEkq4wik
+VRwaJ8JOgTpp2Z8W9Ma1lbPEXtaHvbA/MH/83blD7Y87BLJhxgTcMPdU2edRX/HG
+W27yIRsJ3F8YFeb8iKTmO8BKgx9vfT8MlY7aPJr2pE1FrVdT6tnj6c+BU9hogXlD
+Gg8V5wNq7baQuVsHbIlv8QRTlDf+mxajj/BJO0P/HmM6VHezcYfpXtC1ozvOZ82b
+bsbpA+5t/BWgxOXgV66GX4Nf40K2u+kIUQapdDJgG1VdB5KfLKzu3GAlJBbdXK2o
+YQR+srJaV3OSpcEeam5JJ3ydZcZt21IqO3J8tPF9EnOcrA4pHfIn8Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedCACert.pem
new file mode 100644
index 0000000000..e0a2b37a9e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 50 09 24 5A 39 5F AF 37 8A E1 C8 59 95 20 B7 99 FA 59 1A 2F 
+    friendlyName: requireExplicitPolicy2 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 CA
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSIwIAYDVQQDExlyZXF1aXJlRXhwbGljaXRQb2xpY3kyIENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ByQjiOjxE+oZnilZmG+qagOo289Fp+X
+R9raC3r0WvOV/DiAIO2m+PMkq71mXXR3jc/gIL8QqIzS75W0XToccyVOnY6uQSlN
+avFElfBmhxMnYNC/kcP/cpne4iABELM3csuIRUz06nFXTsSkQSHa9sfc3jin75dB
+5JFHF+WzVBbZLa0mUMweVJ0g6ukWYoyEqrRSME19jw3X+VKkQxqOBR4BEiKLLVHZ
+0DWzomRmvC/YOa6QxlHGlXO6myPBCVt6xqpzBNsBLhjKb9aTsxgRir8Wyo46FGpi
+OBGfB8ebefFEQuwx/Y3TLZEUyaAvd7MO85ftuvp8weAVUIw0Ks+d2wIDAQABo3ww
+ejAfBgNVHSMEGDAWgBQ2qdn7qjgvoPdMO9mFnZoVoy2pxzAdBgNVHQ4EFgQU76va
+2OGAMadDFu7Edg2v7G3yYKEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAM
+H2gKVmtNkx9bL0dvtkEPs+89dAzNW36hrK3NTIIDfe1JjA/u5W2mMHORYJIDgvWS
+viva+NsPYDNsLiF/okUX/B+d+zUYBweRDG2t1QQzQGuwArb/y07eKTm2VZfHuvR8
+UJhP/BeqW8ftZ4NU2P1nGwvTRaENGvih7aPxJWZAyqlcQrE0Je0iFM8V3tJfC9DH
+9xRDUTADrgsaWMajbEea+cFAhcY7E4YuZM94DKEvXIVjIMM5ifOGm9ySnf5LAsVd
+3ER6jg90zfW1wjqC68nPWpHOfglWoJ7QzCxp6IqGkVE3tFoVIJKz8d34bKBoyh9R
+xPdQHkHs3XLydaxFC8kf
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 50 09 24 5A 39 5F AF 37 8A E1 C8 59 95 20 B7 99 FA 59 1A 2F 
+    friendlyName: requireExplicitPolicy2 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5F6F0A015308F197
+
+R+0cQyPBxUuYCKNFCmE/mdgtm8g2QoIr2dFN5WwmwjVkmrL5IG9BLMzedJ21/O5/
+KiMwKshJ3o39CmU0KSC7rMgmrCB1jV0CYz04i9/j4Zn9o3cvZxgILOLEvRY25JUB
+Ak/lcb1hWTuBP0Jlpq33KYjupkR6Ss13kgOc893SFFWJPRvMjyjulwzY+wC+fsHW
+OrK1SeMioG9SpxQayF8Y3o3KitoBfomozW1PTGZn+xtoFvIUSpToiPu7/3rKdAMc
+OmNjbAaPOmEyhJmPvwTb1SIP5UHrNwkzeN/WknZWUjPbGonvsu49dlvLwWhvsRM+
+rEadTY8XTxMQ123QJMmd8CkYzyvAbkTTySDrlH+7px0rxZ359e5FqBqMG1KtfWXo
+HshiEf3ok1DxDdTdbTyfKxc/7DpFjmC83+3aL7Yba1PwgNvpeJCEmGkSaNN/mBlV
+0K+zBva/l25ftLpdm4FJbU5heB3l8Js11sxhiik9XKQUrLEdVQznG8a8t+yaZpHI
+XHqia2c3GsFcilESXgcKhRunyuutzRh6VASgLO82u3oaMhdPXqAuUHO9ZjNTlS5i
+IQJJBU4QmhB8rtu4lsSgB9Y1OhK7Ijza+fvJJ6/KMcBP19IMuK7uhMtdk+1q0qRW
+HAhCx5iiVB3JKikPOzQHeJFbdIa+0YOBVWh+ttxpQZD34KZxIdqJe5NOQPuVRZyn
+HBN8U2ibEsbKgI62a1nI6hOC/OFOsxiXqc2BO+p4ySw1KO4hoGNupvYMe3lmVSki
+ki1pDo5esrf+XzXYQeAQ047Ml6wnzddmeG24FMoOhZsVKhpKezds3Jclf1LbemS8
+hR8b92HL6UncI7NmSIOFV/HlVTxjxAP9ZdEGImUoDTuF5eT0V6Wf0uMqVGPdiFLH
+NJ8929bAaFL2m4rbkkjjEPZPotvjsSYj6T41m4VwFqhwIHbKCVWf2Zxd4/pTjVAD
+xSsrfQnNVvfn+Prixkn8qZmLNeK6CS0fkBVSYikHm+m4eqOeWXsMw5KTHsUW3XVq
+R9pbFpQXKqxFjCsToQFMKdYjRAFxsQ2JHs99dyeB4GstmAsDgOY+QCViRgT3IQEJ
+jgbRTr7DuDPbBa6nkGuEsSV5D0MSG1DehbT0GrCL4UrrE3B6BJKB3uLTEpg4i+1M
+g2et4bSkuzCgT31IRpm9iNGhjqWospJJ7o7DYsRD/b49vax3J3Mv7CsdWWnrSt4m
+AQbWmZg6TJkG0yJ2dt3AFdY4stAiL4MKRBMsVETTI2cyIuNMZlo9zX4T/yv6xFeR
+rzqddvh7NY6AQQcqn1aRSA3OJqs6cD+CV07QJEjoi9g3XQ9f1gkGMivdTz5I470U
+LW8R9LR9dbeCYuTHHGweKvecz5+Tj9EOXXOw2uRedZrbxgh6jA68PGzzP3E3ZgZT
+XiLtOSwa9xSWCDE39OUX1DJ9RqBjW6Q0SxZ53fYhvAiWGin2U3WZZyqh8kH+Ef+0
+KU9/YcQ2EpexC0wXe41CUVSugVf1vwlz6RJtWjL9+f/V2TH/v5K9NtgVn3BPiEB0
+z+xeDbM+yGS0Z9X1AuTdDgFw2R2L2iq2S+DgImr+eruI+stbSIJONQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedsubCACert.pem
new file mode 100644
index 0000000000..fec9b57fa7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 30 5D 56 DB 11 7A D6 A5 0F F5 EB 7B 4E DA 45 A6 4C C7 57 B9 
+    friendlyName: requireExplicitPolicy2 Self-Issued subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 subCA
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSUwIwYDVQQDExxyZXF1aXJlRXhwbGljaXRQb2xpY3kyIHN1YkNBMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnzSUphT/R8NNpeCrM75XZbe
+zrzFry7FcZWWHSFkNKZPyzKJiHyA4uWR2tIz4HaoNR31abyitlqnK8raWcRobhY/
+v1YcatsWBl84DXeUijt7Lo8FsgFYgJtXdQMTTZM09lrY3YA1daUUxjEVWxogoFVK
+mfAz1lLiAlMEeyzWCGpKS/RGY3f0AKZNLFFqcaK7bvWOcg8MJezmWGd++937utjZ
+tQDLzQ6m4I9pkrOQgwyIL0BTetwyLG3wMZRP7nhU4p4BRoSDfMiVQ8Q+wWKWIl1+
+EvRdNnM9L8TJYtBYvFDxPNIHlqi2OKi8burXeGaHD8MkuQ3/XvaCCoFLz465LQID
+AQABo3wwejAfBgNVHSMEGDAWgBQgd/5MMI3is1Edj7D3HH8dg5gORzAdBgNVHQ4E
+FgQUSQpnYVZHjdJZl68iZjBRd1Cq3KIwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQB0287v2B91j3aqGz6VvjWX9dV1aXfrJ/agTXML2eCFfDpdZHSJBfF1eEWp
+EyRV5B4drAJJUOFQk2A576yH2wY26c2CatdTtepyvfiNa9j5KlxF0eJDuU7RjIpS
+X9aV0yLZVWj+zDxNZcWnTZiw5UmEURQWm1UvNe4n/DZqP+Pl90VhHmQujpDNRzsb
+zKmGbTwGtJ1T9oEIsP++cRW+cp3MXY+31gYghwsEgIL974tnuHSSL/NTM1lEu6VF
+A/45TkZKj1ZlQPYZmG1AoT1JeAoXoWDEoqYpXNZoQAD5fveEtunwPb3Ndy9GRvuV
+r2lfVmqh7AmOZMnyQvkxHohQ3cY3
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 30 5D 56 DB 11 7A D6 A5 0F F5 EB 7B 4E DA 45 A6 4C C7 57 B9 
+    friendlyName: requireExplicitPolicy2 Self-Issued subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9583C403C5D25EFD
+
+EREj7CrK6SseZexovZgTkHUnzLQSOpZDOFjRjEpWDDHiyVUM/qimEuynGfTKWJHA
+EfcKL8nYgOeaIbGijpyf/B4DDPxiKSiizgqLLLpxxNN+uFfLixDmRkAw8wI480MM
+kZWYLgFdBAl1DOzrUVu2IfGpNnt/mX+je+Ku7iYpK5rNwuZnISr0rAHW/PNu+YOS
+wPrRb5l/eZ4E18cx+UhLBjnMq4qbFAEFXz3PEchTswPCeC/tyojmFo84Y9/zCRxa
+NRfgTmIsehRy25/L3bmlaES6z4ijIbXDfiv4dLIFN1tMGY/0b9HLS6RCyZcKHCA0
+DHqY3RySA5JJCXdrD+jKBYv5sfiqUg/26VtpbXUlluZltBeDKGx2/vmf5oHow1cg
+QgazwqAINUKVLeuLEslShbJCHWnnNnbBpSwG2sOaZYx4v6GiJR8WhMW4CM/oiEye
+Z7DF92bAEvNtOIGsn8TzoSBRZecsPverv72i8eVq0HWYJ0kLR9VNqCuqOuHQL87Z
+e6SlNBf7LqiN2dQeszSWKOb5szPwk3U4nzo5X1vAt+v3ebQV9uFyQ4uTNSGe5hno
+0vn8LXbaFOLakBDUmMNdCqhyWFq7vioApSI6TDCToNgByaf4v/biljb/l+L6af7u
+MU3CVc8De43gpM9G/g1czfNDG1glXLYhXjfNmuXnPsBDWvjq1XEBIAsjbq8hyHk9
+AQNej5fRipr0hRbojxc2AO0dGNdZ9jtzsYI6MeIAaSsE6I6jP/7tNYTpjCAtfnGL
+BH1AZseIpID0D97ZCbZK+p14a8LyhW8ncoYgB6zWrVP30mJ2Vbn+ACUCRRgAKQ3w
+t0u9suM0CuJeYnUKhyIGZVXzuxgafDdXn4j6gscyz+JVlxjbuRD49xX2Ser3DKex
+D2xcH9UG2gLxZKWPsuSuXTbIh54dWEYpNBauamKKXhE6vKCwzn6Kr11lQwbmnpmB
+1ZV4McCg9NVg+5kQEL0iVdYX42KivG6PZxlyVm6dAmcPG/QgZzBA+ujQpJ6QnSR2
+oP6URm6GE4NKqf9tbV69tY4mrmnemwCS2sugNe4ZFM3O7FwiMnWG0XcKYwIHKdjx
+iLLCboJo6gObaDLEqU73PSalhzcjzxRjG8p0vDwLNfX7nUy6rqzqxzMxhkksv7tH
+d+4O3R70DxBpHGJnHnRyRfOKoKr2Rvm3gCNizRr5TP+zbnJ13nZrVcTg4V6K0jhC
+BSnlwcpKgHwnvnKBnPYOsBNBSWKrID2yPMercwtnwGvpWQutCpg+TXlmeXZY9iON
+W05GHDuSekNpiI033MYdXVP6WvH56mdQ35B2FemcDiBevmsQkfwT3r1BF3fWx3/h
+0sddZe/mDm7Z/HZF5QLe5iqg49hRH2Z2MypjDMdjb//o7VqbcvFuwS0VL+s3m4Vd
+lV/iUWiBXheIMLkavxBRk5I80C/DZzKc6prYPXE0GW0bNLnAbTxAd8zPd1k9xF9q
+iLn9LZ/o7b0U7+HjzB/vs2SwAstYWsD48S53XixyJXUwfwOtb5ozct8sFt1L/G2W
+jAiQjrCDiwmxGHiiEU97A/tFn1x/u/bpE7Z+5ThE35r9qN0js5HNKw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2subCACert.pem
new file mode 100644
index 0000000000..a1e3a855d4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: EC 05 DA CE C4 05 55 DA 18 AF ED 65 5B AD 27 AD F3 70 32 48 
+    friendlyName: requireExplicitPolicy2 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBAzANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSUwIwYDVQQDExxyZXF1aXJlRXhwbGljaXRQb2xpY3kyIHN1YkNBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsi+sFt/pVAsHLB0tfOfQJAKTDdVo
+krxRAE9Ykhw2mJympAhm/yEB/Yokq/oDim+KjRlJ9LQpem0qOjCTM+ApZ4ClsvcC
+apqvHDKpU2kBXlLyAFPRz0WaKGUlvNUheBkiQOJEUMulXF4VtsNFZloCc5fTKLOK
+62UIdnPMWPEsU0/T6Wp03yT4mKF4mV7cxcBRDwYOhb73wCwP9sE/5DshU4uaX0vr
+Zv7MKr5DLkq+TxCDrOGi4nRdplw1TOog46OIc7XuE2nd/Oez4tgbE44tACRfvdZz
+oQToxX6mw09d50dlIy7Sg+5U8U1M3T74tQ91LPH9WUQ3qfR/0BGVXMOAXQIDAQAB
+o3wwejAfBgNVHSMEGDAWgBTvq9rY4YAxp0MW7sR2Da/sbfJgoTAdBgNVHQ4EFgQU
+IHf+TDCN4rNRHY+w9xx/HYOYDkcwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
+AQCqda8jpBRM00PZxYoWbSe1nLb62jNqZ1D2b/wMEKgBqueQhV/AsqCsqSKoGpKy
+9J1ZYcUfRH941kdMAf9zRq/jtuECva0ZkblFq33mx3a+5/7PNesOU9YglAtEL0lJ
+mXtpzaO3tPO4gyODSU2eWdjBgbmndDugp/m/t51SdcR8fhiRkaLIERnybXt4S/FH
+7CdzrJjoLGmVZzigQa1de/6MIyumAXxJfxPmlqxomS+uDzGys+CGMVJf/hJnZJ4m
+QH1THJUNfJFyx2VvNqQqj6bllO79tcWwAIwizPr46qO7ZmwRAVs2HhQgEQn9uIti
+fR/NRcbd6E2c2L+TYxNYfZ9r
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EC 05 DA CE C4 05 55 DA 18 AF ED 65 5B AD 27 AD F3 70 32 48 
+    friendlyName: requireExplicitPolicy2 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1130C927FC646156
+
+XqOtLmXfDRiiFtiBAzARvlaAekMHrJTlP+xc/AhfhYcnvfF4SC3fhVH0L7XKWojM
+NOxsPM02iSFHL6mB9uP4QuWjuSvlMnfXyN3REcvo4XyFEhsqwaiAfR3dGQP7f+cK
+vBKC7ZG2MxIB8oekMmW0j5nuthru1W1PeqMSiGY5OMx/FT8JA8GOZop0+PZM3IgH
+aUpScMbAocXHRRjXFyhGPWLQ9eQlOucaF+QRXS6ULRej38Jxfo97dxQiQPQ2ZjYQ
+NL1XMwA50fQOo6UTHFSNNcnP3tr70hyIUtzXCHiIyLPhUxp93v3dYYgUgZCgZgfk
+NcM8xdI3NPsACYstUa9Mezp6cfpsr6yYS/7Pwvo8F9Rf1yHiTRiMjQDfEQgNatl5
+xm2lSiiLaVdGRAv7Gwt4Ie2R5X50cUJfnNL4ILWgPCVEMQGMLp8FTiBEIgngMY32
++VOfCV0f+ObQTOQDyvVr7R4zk9PMg+N1I9d7JqGWjEJpghpelXstPWkDzwqADI/9
+V4UUQf5e6oBuVTxlANgHU5lRJzgNyr9lAc0FQrGFm+3bGMQKHUWXHUcx/BpYpLYB
+99YhlZz2nUyuHxOOikHJN/1FpPx7Gz1REAAtDItjjKqrrDKE7Q03srN3w14BuIFf
+uTv6uO7sGzNpUPNrTUt7OBaRFColXu1d4HPNG0Js14uB3zttiUumt1ENC8OHC8JL
+O6+shmmKQkzRTiIq0r3gf9GL+MyHAb+fMiphiZKBai/OyT14ACy6wUD2fsKciP5a
+mscAYUVBp8w1ZR4dSDfEkAhlQmHWGzD/KtN3ZrqqzOGmThkg/Spoou7PtaWhROI9
+mxk7R5JJ18LvDoTsttzmPQf62t3BPR05ZBb0YtSG50vvDVqPyg9vM+Z77CvjO2ux
+pC2QhAxWLrjuX3I5V52Pp83ZDi18XU7FDlmRYzNTyADrk2fXlD//IT3xhTyXnxKg
+UgP7JqJemHR1rc+aB27bmDq/NmpOX+J/C1WfSaxTS8OgN5RXSFGqoNyFLZLEFooJ
+Er99nQma8rAbVNfFQdoJ1XVJNlyZNczGpYeB8OqShNvu3xkSKW6LgaB335fSKeq1
+W83us0s43j37HrcwDgCgZgTvEoJb2l/Y8fp7lLFxDMbUIPSKTRCeshhzGq0abN59
+iPRtzZk3MmIC3gJoEhPwlstA3hsWCrkZ+lAgNCMONW5eWOpiRV9pWU813u+B10b7
+7XSwIdAwCa3jVcSm67KlaRvYT9DMfEMvA865+piw7S96yrcibfuBg9LhSAThvNkX
+TBpBwqLmNiPW1oxYDTGBpAcX7Vf6ddbF6MXAkQaxdls4LaU9C315MYCfg3eBG3P4
+poU4hO1ID1821jm5Br4f/rD8n7bhMDak87cicVj5aEaSpSQJl1Tgn1EUcxuyxLRA
+XArZCO/StfNYWfkfoFx5p8sJatVYJd7DepYfnxfscjzgvLPe+3+d4o6dHDgGjCoC
+aGGea+4EG5WTpFCTf1MyAtCIp0uJXuM82M2ngKoTzKI/GfpEHlvhIRRNGSZ2aD1q
+hrEb68K4WIUNAwirrSi4lD9VV58HRzWkRTiumlCOl/nObKnHKKxkGg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4CACert.pem
new file mode 100644
index 0000000000..205fccc01b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 76 13 15 FE 85 60 E8 F3 40 70 45 EE 9F 1B D3 30 EE AE D0 B6 
+    friendlyName: requireExplicitPolicy4 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBLDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXJlcXVpcmVFeHBsaWNpdFBvbGljeTQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDa+CVdJxQ/ByNBR6ZlsIM3/EsZlaS2iCQA2SxIP6w0Tc+v/+Ug
+BcDBblSufESFEfbhmqzWITxUx4mourvl8nTWSvcUBXZITg/+9RKUNUAVvzCEEY6L
+Yk1bCGInOwFe1QRA6q9bGfufN6mwbvwAYML1I6Cp9El/zpNWO5F3XTaIpJ6hWyXo
+/FZ09MLMHhrAZKi5diInbH6pm8PYPtbAxA1GqjFmFQkp/idJ11sz0yL3Owbt3NRC
+UwvYXdwGnpBkuXuDUEx6ImGT66AI9gSgVqXm1+hc78sElrlFR7JTNaaeulEAcIrO
+XaijURKvc95snwvOI6Fcm3rMPq++hBB/P8uvAgMBAAGjgY4wgYswHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFM3R3MzUMWMHLF02sQ+N
+nnW+S15jMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAEEMA0GCSqGSIb3DQEBCwUA
+A4IBAQAZdX7f0d/4NVR4jF1aslqeBmT4OLiV8GNLZjho/mBmhHqP97LU2aRMaAgs
+xwbdMyffJY5yEGe/x+LEOD/+j1Zf5FOqwKXO3AesQqcrOVf94oAxc9qkMnbU5T3Y
+S8DFSbvUqcPncCQ09UmdL+kcFg4t42WYige5MybEf6rI8bYaQuCn3R/Bj9QyKtvI
+UOKYgJZS3aIEnwnU46I6Fi6c48r0KsFswpq1XLs2g9qnGYAQ0QTy3bZRoJHGUEWm
+q3IlUK4FjgTfMWhicKyfm9HHc5mlM1TCLLAndyzhI7NSOS4SfRGUiSgrGydwkC9s
+4MNoiNImgrIYopZynkesWA5z8HPy
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 76 13 15 FE 85 60 E8 F3 40 70 45 EE 9F 1B D3 30 EE AE D0 B6 
+    friendlyName: requireExplicitPolicy4 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0C15598C80817A5F
+
+NpAhMhqmAOIWvRGz2mYGfKhdfOFuVqXgkySM4ZqcgB2OqmWm6JrWtZck4xAeATHj
+h2zxjtFKP4cMtNN/nVR3vFhZmNjUl0rvG3FJHgj7tl2RIKM8SlzLzu8zqO6/pViy
+n/qPBR4aLI0zJGfGy3JEvBhlFFFCE1tFnGBMJ88gEH2L/YxTwM2UVoYmhMpvDLb9
+c1NluB64jzipvAAQqiN+kIcMf8wizkHeomOCqRXnlcxnjvkg1121ShQrNaSYMLDv
+BRiXEJGu0PjuUO7F1zse3YDQQV4D72tcse3PCIyno/WEzbbtWzKvkfUSqSiv+Iu7
+ixeCjkP4zVa88k0dK8NwtqykyP19HYmX+e5hZpRT/reAv+1F49NcA8fhpCpfBje/
+7f+VyRdDKJBjy+OirubY0qUtrrelDLm+AAAsv8d1GUcmxKXOwb7Jua4UoS/L4Ke9
+LUTQpLm2NVrTSwmu3FGsJn8vI2fDtNXcecjXrPLzJzb1kZjkpCbOeYt9JkVCKDpS
+VKLexAd26B3PHVZZEOnxO+uSiUW+WbTx/RNSXB0AmUnMlMfCZeE+S6utLawi5eZ1
+uxMQ3T0cTuVajpX0d4bGbp68XaAJEd4Nf5vFyR1H8lLQX+Yu4KUKHG9EVxLFdOK9
+ivJQocoUDN2M2y9HkYe8hhEwHHYkNTw9/SfvCCaTQdhTt8gA3IhvtSsOQkdS4eYw
+dW3gqeIPIPlto+J61ytQCXRXc8AdUibQttBRLuHZ96T3sy8/6H+gCtAMvsRgnOgz
+Zs5XeryV/Ytvicpg8L4KwV4tQh6nqGdr+NlvgICU76I89Hb3O9T/cuSdxrclUEM2
+G1ZOIBENj/N1CKxy4VorUJk7VKz8NPimX+/8q+BIz+I7c+GQQGh5tXRXpSBp9TeZ
+erWCMMyiT7vEkhhD55UHqyM1ixHbGTgWJ4lW2X8Do7hhAkl6/HRF9/VnjGp4V4yP
+N/qHw5V6FvQuiXnfD6nj+QbdjcE2WiShELa97qlgcEC3X8d6OAkOhDxI3hKrg8EW
+s943TTEZ0nig82W0BQQZHyN8vm6JXT3wr3aiyyRAHHxsBftsVl3rnHK1lGPHr8du
+r95hDIKZVBSpCoYLXmESKhZLtSRo4c8LwHIPOS5rpqylCU2K1tODTAeZiu2bORr9
+430oyeaXepYO2KyMxopc4PUnGbJPFVagwzAIFw9myCKspEWqajgK5kzAwSwZnRGZ
+P4S+vTRuPdnDLFfjDI0hgcFrmRvY6eziE0gZSCTpVzxejkhTskxbJ5mj//v7zU5f
+pLPId7bF1MzG8PiKJD+24SWB3+fNxKXiydrFwg/tE9cGnz1zfnPl8vtuZrzs3icW
+q79e35TAMjCaO+ESabG6jO+ij3flbAL/8Sfe4WnwOSEGA1qaMWvxg/BZy/beq9tv
+XhMEPZ41Mf7YEQ05znBzmQbfAweahZvVDOgX2g2Fdaeh3XN67rUdbTY3my8IM9u5
+klEpRpIlezBI4hr+Dz9pbCAjdhge/2TlGwEFgDW6GhYsVuxIAxqW9Pa6tMyrDSMP
+Squ9KjE5fwCB3SWAZ3fT/aHBS5bRqSvmBxVRQ9R0jbwtze3arZQlXsti4uEI6QdC
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subCACert.pem
new file mode 100644
index 0000000000..c2b269e675
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 4E 1F 7B 4B BA AE 8B 49 80 2C 39 93 E1 8F 5B AF 2D 62 FF 72 
+    friendlyName: requireExplicitPolicy4 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSUwIwYDVQQDExxyZXF1aXJlRXhwbGljaXRQb2xpY3k0IHN1YkNBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjxAmVGJK/Tf1KXchcBFfOGvTNaC
+PIrRtPoMudTQVaWVULbVkDlQlNs7U0HIhB5ojybvUweKYpmqMExSMVei4/KJwiYO
+kvtLLlKL35LF0+lgv33qbmlhhE7GDg6XGc1edcu+Lfnn53F2/bpldSSwv040roH7
+82NN5xqk8hP2iyChsb9eKFJolXo1opl/J7123xcUEgOQ1DEDTe1EKRGpcwguMk9w
+OWz5X3fkZ7fd0WccqjaxX/e6mkNhTnnjHil7N/33FSOpO8gWeLBdy3hbidPWuBVj
+Z6zQ3R4M308V8my5PpPjhkLuPoU6hRgqPXEQZa5CZTXWCnEvAGYmJsV4ewIDAQAB
+o3wwejAfBgNVHSMEGDAWgBTN0dzM1DFjByxdNrEPjZ51vkteYzAdBgNVHQ4EFgQU
+fe8OlBe79qeX5tgiSENIrLPuuo0wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
+AQBo1F5VotF+zBRk3lISLB+TwDbHkOnTeZP1CANWsThk/l5sx48F8cdhp4oqyzKc
+aP/SjDt8a46clnd+jHN+WpaQComRwFNZFjytb4HRciU2QgC9ic4+L/xMG95pOQk2
+ZAdzpa7SF5Nf8aR07Th3Z6gfSrMsN3KRurRTMWozjLaGXiOrrKEKARVf/AbytnKG
+SVjB06e95i4k4/ge9lGKGPH1VajbpyZ96ujzVk3AB/hAY6q93nlOiSNATWa1HV6m
+j29A6upj7f5E+SVd86Ms9TRT63Br/a6595avK+At2T57FaiuSHoPC+hMfq8hkLfQ
+a3itQvRuWRzIOtSe6ei7vY7Q
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4E 1F 7B 4B BA AE 8B 49 80 2C 39 93 E1 8F 5B AF 2D 62 FF 72 
+    friendlyName: requireExplicitPolicy4 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,441A86E99DA66C24
+
+3DOENkQtTbWRVz0EvGti2L5itNsvLfjAHh0FVmh7w24U+QHFre1aIagAGa3ciN1+
+yUgTyvtYRZ9haynn+o2vPLLD2I67PNDHpdODhOEP6+PN6PhN8oCy64ENyr8wEukf
+vBKOFLWKoe/3Dg1aR0po1dtbCFTZ2QajMfac8D+VJdkpXNS/5SOlkDFHVe9HKXXt
+t51zqKrIUHEsaUtq9dPjlddSQ7KWoPQhhhiMeRmP4u3mxPOs/287nQawKtFRdOcd
+mH+CuPTEnaCMcEQU/xBXEt4jpVk8mpuA9o8xs3aq2K47EqRiQ1ZYNfqVkIkxcFDz
+1rhtSuHobTo3vjn+poduD/e0kKBv+SBvUxS8s3Kr12+5P1Ye+Z5FtODxERxQDml5
+e9/IbtX/YRWZLqBpWwx6VNrvumXOC0YMf8lnCPSOegh2R2mhLXlMMVcYIbZplB+Q
+581eClEcNEurPEXgsK8NVtgfRsIBOxvZsE7xBpvnFP3MkuLpuUaHIHAoKrrlXxJE
+Th5AbnI4Ql7+ElRmtk0UTWp7aeH2y+4c50g7Pd4E7eKMxjg68bW+02WWxo1I9kEc
+6ZXgZPmZqKe/2pTmiFTSbCLIa1xiOXvpo4/abNi3o5QegdJadQ1v+GBIZ/cn+cIV
+gDiLpvKn8WzMQ5qircV7ZxPs76fZ8ABP55iNLkKolczemKG9ZuTJ4/uPiNfis82J
+geMdvEUPSd9atxb3pLb3UgU3ugCr46v/7lS4qpHpDwe9NVQbiHSG7sEttvnsjbb6
+r6J54tb7IbbErin8nqwjBTGq0YH02iFBUGViobE7m/F2aFhaQe6DsNXC661lkuda
+G1EG4zOEbFICnyAIXC7fkRakWIO5pzEjI+ycEciCGb2WDWYX4amjJBuoM+0lEVRt
+hcc0zIigiUiKpqQvn98WtiolKqhsLzny3qx/+jMF20Hf9cDXwSDA6y+MNzq961C9
+ivBuLHTIYM7c+qZQRbH6FZfG4qmqu4/ezl1eEFmyJ2rRZYFKJaC/zWYOb0o7K4Mn
+EfzmUsgLgrZ1NRLDyvdEkVdUtoR2Gbc/tUN44M25c0EzkHwWZ7DelSYlgvOcG2vP
+p2mvmp4F9Pdj4q4pdylGrf0cMIKPSVzaenk5dOeAQvADN2zfs9lPW7ilGTe/Cj8g
+b6g/88A2KDl/M2N3Zyre/IYkd3n4KHNMto9vJa1DHMKd8Mm6QaQohuWrCGPe/tMr
+nNivL6F48dZeVspGfUS07005Gl9T6OEmcysYpOGvRPSNNWjz7t2jr1xmfmvaP5xo
+zX8Hu0n6QmJswj8Z9B4Ziu1k4CEhK9rzHT5b4pdYs2vatB9dwM6WeF9uLQkdrrHt
++sJ1YY4nZVLGrxgWkyayNrqRwX5m1WHSQnFIoEy0vcFHOU6O+awtgVGNGAy3G1dK
+7jJTAEGZL4wnTDD/TujFbBxQlR7wP/wG6fGzNLpioXlvuYtgNvYFJjZnk4Ra+zUT
+it5GeAEZFPq75wILOf4kPw5ZUyYDfpqGZwc02OIDm5l/Y6dY/XNmc3MW8fjvZBEk
+ydvxuIPdLSifOFrp2wptM2ylb+qAiWXTT/SJErwlQoH/ioEloZdG5erkes9gjWxf
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubCACert.pem
new file mode 100644
index 0000000000..2c73cf5845
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 12 49 30 42 4B 01 FF B3 CB E8 D7 13 77 9B 35 75 9B DD E4 63 
+    friendlyName: requireExplicitPolicy4 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subCA
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5NCBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSgwJgYDVQQDEx9yZXF1aXJlRXhwbGljaXRQb2xpY3k0IHN1YnN1YkNB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAym9lfJRPXHcjzvJ5Yn3L
+WJQBzdL3kReoVmfz0fUk92PgyUtnYRyQZhOA4M3yd2/gui4ZSN/OdmhrCCmIzxE7
+lqjxZk9wSZhdrNCC1dJRuZ8b/nu4Mu/zKUyj4OtbvsB2kxHLgDDVvD610+rqgpRX
+INlRP03qpClgCRku72wF/cuxMYqtW8Ev5KJB5SV6PTCMe3IWkHb0H9Lc3Ux/fVgG
+HW91o6bUrLbrqLkECrlz0l2pZ7DOuZgVQA2YRovfkajqmHJRzJpDa2dqgtXmIugL
+lMdyeLG+Tv2mefGxnCotgiJoFJRg0rcooSt8sWYDOvyaFTZY/EIh4QbT+5i3bg78
+JwIDAQABo3wwejAfBgNVHSMEGDAWgBR97w6UF7v2p5fm2CJIQ0iss+66jTAdBgNV
+HQ4EFgQUqerm056wCZev5/4eLhAyoRBnTIYwDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQCqlr/tZaeY+Dfdr/JgHFg18fXEloYEoGqI8wbh5Uft00CMiLHIzQGl
+sfDKHup2ZXSTC9IIbEHIw7ZVdztkvHEuuPBSny9GQv4KaB0adliyVaa3q8oYmqBJ
+lgBoNi9Jz236otqmfuIuB/hjogNOnJJMzn+HYYgGdIWKiJj4pJ8CSesb/yx17Vf7
+XgnyPxMeD9IZeoPfdGn/7tBM4Mp8TgnEFlaOujydYEj04+EjO9wQ5jompT+Z4xlJ
+X5/mFZ1qhkxNzG2i4+aaRW13RW52bOzn29mYVBQ0YA8KIsWPZKqbTFDG9jEmdHZN
+as/9IXJP7bOcwuGUljRq8n9O/M11poPx
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 12 49 30 42 4B 01 FF B3 CB E8 D7 13 77 9B 35 75 9B DD E4 63 
+    friendlyName: requireExplicitPolicy4 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,97027569E6B790BD
+
+Bq+FJaPlWoIvgpF9FW8QuzakNqq7a6RN4MNuGrH18o0kF4ZCx4kDaWnb9ipdwGYc
+R/nq6JpfJoOApizstVbizEax4XO0tAXiVtcLF5t0oCpXM0d36Z7RYuaCsl1am+MM
+eH/wvc052q6w3hembPUrjRXjSsXg2WLlObiand85Ej4VMro1es1Som5ZYpKNfmqB
+oBHcaLu/OsKu0bbQUdB1xCt8D3PyaMvkrYsHhyUvZwZY0xveQ2iu/QD43clI6xWI
+wXR1PnNswoEEyeyg8b0IewcWOwlwicTijJDvg4HWXaVrNQbkipu/H6BDiBvVYD/+
+9E7+vX4O8NDlw8KensBBPkcquIJSgKntiZW7BUaChCPi9EarHqXx0xV+6FTdzEVI
+35OGJLGPpQuXRqoldgBIG4aq9VckX9FX9qIJ31UibLxqqiNUrw5CPY5MrXalVF4n
+Yn2jpoi+OfIZhyuq23yAXF0br3d9nRsmEyo+8RdyravS8O13JIC+LlHSsRWfTYCi
+JKVWRJdpFtyiz79IpjYihZydMp10YWKH1HzqFsBXH6GZnK8LDtl/tdaHehrEZ73T
+1xiF3xgiMiobcHneavULTMqcCN3PJnVPyikVUO1esr7QSgM5DzwboX1ZlXTkEto/
+wE2XyeoUH2ASAouc/13v1q+7VzMYCvEGs5I/tZo6zH1YXh8nhpQzEBNpik0tnbub
+SGRmg4OVs/JyRXpXCW0ssklgGzn8iZOxxH8L/MO49q8i0ldtGN80i0UM1H5zgSTh
+nJmHCOf81gbZ+W9imu3fiDeNlIjp4XNRg87og/tR2ayOQv0C+j9GIcettK+oIjQC
+4BTRwLZ90+eqnpNUwMVilVqfmlXziqzeu5R0JUMG5bxg9SEjWA4nKa/7c5L9vXL/
+oSIWjc1xYR3TYT7hOg66RUYXsY1kM5jci0qoJc4doavOZlsxO9M25a1GcNuydqXd
+D7I3fxd6mqXvjhCrNFayMTjueTY0MP5ofqHEhqjBfjbE/jAyLj4u7zZGcK4o5BD0
+ML5VuEhnEQZeQBGH3HupNNj3RxXscVgPbqxpQ4o/c4NBRSpsZGFcKEwVREdvSeQM
+2MaEzuIkXOwv411Z1XlMoPetcvVxJS/JM2qqo85TVi4ysT9zKp/oj2mapZI+Ub/C
+B6l10Pjfg/eJExdqQiJoGK3imaim7hmQ0fLP7D9EM9e2pA1pltKTUBygltrOR4ju
+u5jHhwE3AINBfqeeKXCzyFWIH6j84a+51FhTVbHOe4KDoWZ0NdrcqNwHAQ5J1JvI
+ngDjBP16mVC5DsRBTJakywmAscfmWDvtiIXEzRv+ECB5MbX2fIaOhT9Is5HMkdM5
+NcurxeEmrENZaqfOGJRvsKu8UkAyATTA6TPUadlWgr/k37LffqBaUCfmAzlme+aE
+I4E5e50aWRzDdLY2de59aDTKVEGPh0IExSC8yIPVkkS39AwIzh4wrF7PNsBPvIh9
+W2RjUT0vjeKz3ZTMK6/zN7mVYbJbRUkE44qcxcxzqywnDfxybSxL93YFa25BXpPf
+/3IiBBCJOaRhK8IPodjWFqYvgDc+zGnIKdHN2ghJsXJa4iDpJt7vUA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubsubCACert.pem
new file mode 100644
index 0000000000..c550e7b521
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 60 B7 89 A6 42 4A 53 8A 9A 48 EB 64 61 75 5A E3 F8 A9 C3 C6 
+    friendlyName: requireExplicitPolicy4 subsubsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subsubsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NCBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMSswKQYDVQQDEyJyZXF1aXJlRXhwbGljaXRQb2xpY3k0IHN1YnN1
+YnN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2QXTxL+owEKq
+PE3XYLeNLP6gbjf+741GuoCI9gb39kj0UpkLpXi1lrJ7gupEhUX7E9eo7HCCJ8ox
+xuxAa/SgsU3DMLy4pEo1H4PuuhItPyqBzJxmj2urreCjMmU1WI3HiAjIIW1wrj19
+Po50djXz6fMFhOZhohpg5EPK6XP8KqjEkKQS+bcXM49z/LtTQabfZTOYiwtZn7fc
+dUjyGtLSCM+jnYqRgFRLjlDJw5SnVDc6X32DdskN53VPZDwEZEZZ+48gFr7kbj2A
+TZ9Z32MGBt2iLEWCsxuZ5cntdFlECaCtgUiyibp5FpjJv+WyXsudJrDMP5ef0duP
+tLn2sVw0awIDAQABo3wwejAfBgNVHSMEGDAWgBSp6ubTnrAJl6/n/h4uEDKhEGdM
+hjAdBgNVHQ4EFgQUFLvRJvSegTyLDhLP2XsVsizcoyEwDgYDVR0PAQH/BAQDAgEG
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQB4TRzPo/4HW8xacmWqsKY1hsa0yI99p9BoMHCdomXGM1Cf
+6lU+wBWpRbwS2Vldrk6CqHpSUQ0iw1q/+WB4dc3qpTL46HzxhpahZ6t34fWUFB6g
+04fL2oaRc8MNj0+dYG9FXo3X9ViBPJAP1A9o2XbuvBGAFjIIIL6TUxp66wfKv3c3
+DxF6IThaOB0Xi/eHNGwKnyYAvdoJvx382YwOJP+0vADzr1a2kcCJdqh5fmYbyKUW
+a57SRGJU2eAmHcoZbF4d6ypMuT6J/wzDyJ+0bB6AAugoffI/bsTcBbQwLaYMXbPz
+Dhd0Xl7qLcwA8aVcrK2oBmacpLhjThEizNRm7y0s
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 60 B7 89 A6 42 4A 53 8A 9A 48 EB 64 61 75 5A E3 F8 A9 C3 C6 
+    friendlyName: requireExplicitPolicy4 subsubsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,315A515BD08456D9
+
+vRPKQr7EMWKvcFnl6KxRsQ3CX70buoRNpRxqnMmKucStq/cB0XJV3ECd81C5bIuR
+d80Pt0aL7b2vFzfRI9F2chU28l7Vazb0DGvdObiIII6RZ88oachBgu/bvoaxnp7a
+SBDf2uQyC/dTb31hDBwWDHTKcMVzUeBmfAwUvbV+pgrspcF5mCl3Lxo8QjkD7pcL
+h9GrQIizDmdfjzVlBG80lpBy4Km1K6F2CfrwnsLJRnthn2Eu0BlBrfnvgcp8FayU
+ThiLrGwh/dYiA1KQ+Z+YeuQdSx/Y6VbEFVENSBINfFKHkfshGvAMhHPo/9LqNOKX
+n8GNm4kexNoLW5H2g1zdUrJiROBWsja5Cn04Huxs4qlS5w+f1XD+GlyC5yxIEz7A
+H6WGhr2lh/dSXWFdf20FMzsPPCis7WXzf9H9gFnCmBuUC+WNOAQBNQgyuvJvqT5H
+ets4FchES3/L//5rXTJIdfZVKYukDzQ1HJmRfwXAML3gbiLZ1iWlFrbJ9BbTWen2
+ePhcsA/SAJd9V23lELjNNvGF+EFGX4ZOXutpCSnL1kQHu22qvuk3v4/gCMxsFhhU
+7rY1UnYMNarRIy+xFMGZFy1MLZVa0Hp4oTh52QWX1SJFeqO/nPafDxVgWRy03FNp
+3G4eu+zlNCR/TvasfjvN/OS/+Tj/d0DszkXU+Ts4Y4bG23s2tB16zFheuGc4NZFq
+u9V7h5xJjnsV6QG5Q6yFKIEFuQPTejtuA5S4R34Qb9AnWNwOnSW70+edcBtuu+um
+FT0Sd756TzcjNu9MducD9wH/85K66JvVtAlk1K4+lwgrLefh58W0P6wBxRCqZYgk
+y91a25Qbm0CNK75HD9Mzyobh/qKtI6G1ndalDkV/Ywt97NOpM11w1glTaDndxKzI
+2ztnDilVNuU3XNqvyQy5LR8i9MY9LXMvykrX/OBaBUMDcZgvl2IUoLInp72Q0UXj
+sEN7mYJUHo1oHtn23PTHyxkxvBeM6YXK2/MS+XwFtYMy/q9Aa1G7tnI+rzg0l2V9
+kSo0uYcY10ouVtJ/K4aXieXHBZAsIMvaWAJcUyPuiu4HOLlOGV5ts2T1TfLJtae6
+A6TRr88tz2NSNxY56gmGRFsA03Ohsur4c4oIULGAqlXVxdJOQ9bK5j1AsptBIgma
+QTEcEa8bU/92PFLrvJJR395QJUNWHPftJv5qRUNZKfAxFztnOeES2CIIg3XKaGFB
+6Xl5fblxAG1rxyempFXsMG2hqPLGLDDYdhQl9+VeMw/60rktW0xAq3Npj9RGLyF9
+PxWs+8u0KleoPwOJ2RHW1DH5L4pdctxJjWbgZbmKGs90IFVJgo3Uq21BG3wJrDG2
+174ao+cRB49X14E1EOvn8hP0g40issb5RtSGXQc72EMEGBHSoXEIv2Yr+F2kPNoa
+KY2aPjx+7IexAVrzzFxQf+kJdEact2M5WvAUJS+MOqFy7AMrh370R/nbXLvQPhi+
+qRpkrDrPsbumucq2KL3KgHJiCkN/aidtxXsHIzPA94R6PZtZBYYkJn6/tLPYJCT7
+WSy1Gi3yucjVQ6bU9VdomKOdpUsSkqmEwruZCXLxJnGgXDug9SYOktrKjsgh6xCX
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5CACert.pem
new file mode 100644
index 0000000000..d88c3d3458
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 72 C1 9A 00 CA 10 4A 11 5E BB 32 35 93 46 DC FD 06 0D 91 2D 
+    friendlyName: requireExplicitPolicy5 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBKzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXJlcXVpcmVFeHBsaWNpdFBvbGljeTUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDX64Yh0H261J0Gvd60y3m9dHEszgHONN7g8YYFETXH88aiScj9
+G2p07n7WfwfAh0Mziuz0j0fibq4vSjAgGbxS9G3WY0+oxJAAIo4wfIAkP8BTG94A
+qU1vFvGtl+Njol97tA3gxaaryyxwzzGIucLSCpH1pJwrVSuvh9FxxfCi8FMJ2P1E
+cQHZoXTXuZQCzmY/uKODbDN2uDzokbG1eIitBuAx0936wxKzz6Yjd6IaVnR94AJR
+gyL+QDk5Qly1I5blX99HL9svBtNRmUgeNZxMjnLfuXBkIKnSqrj9yJnKisQR0ci7
+ZxDtbJ3FEXfuDo9vehdmevDyAmG/qWJ63MkFAgMBAAGjgY4wgYswHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFLuRg6uurt5c2ODykDxc
++p8u4TloMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAEFMA0GCSqGSIb3DQEBCwUA
+A4IBAQB4lgz3iN00AQ0XVL/Erti7xs7ENs/mzyiw3GLJgLVXpmVIgJe1hVSFNuEU
+QV5WpTfTn+pxLW2ydjkj/mkbgyoVGpAMZlGYGgN2WzE2vcDBJVOlayZK95245k9p
+ZZhdRhraZtaOS12+T3k+JVCxqGrKgLbVwl7Njs/WkXv01ApW0zzNi31sgnxHBNH4
+i/uB0OYmf47PwuUAv3DJQbVZhetCgbZ5xZ0cSCqh6IKjvAJw//A3/r01kurrYVdP
+aXRe6FAlZdZ+gWeWofmS1kL770TveBE34vKyFI6CIz2nC8gbEmisNmelNJz77/Tm
+v33K8gJxQbwn+0htOdqICEIfMz7p
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 72 C1 9A 00 CA 10 4A 11 5E BB 32 35 93 46 DC FD 06 0D 91 2D 
+    friendlyName: requireExplicitPolicy5 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0A16FBB865455B80
+
+3tq2f75lU9TDEotyu0EMMvOmSPwb3vh70ZmqjMsfbXTfVovU3Bdz6IvTy1prmfKj
+moQ1akOTCg/hhxXf6XN+4Ik7rG9KJrH+40AfbGBCE01MHHaDplbepCp/iWq8Lo/j
+PlsJgoEmS5x/WUfae20Rh89WCCk2MFK4q4rEkimwo3sywuqsVuW/OEsAr5S/XVFO
+bJs8sUoOR89jl69wp0ZS7gI7G0kzYGpgi7UDPG5yziAfZLM8+vya2QTXFBK0QXDB
+SmPSRI2xlPE6L612YfXAADFQ/FQQfyB5FySzyCTVv3tFv+YMPrH7pEB5ZJdVQSIk
+fZSf13f9kXA0Nr4iESTW6BzdSeF7QzjPHOGtE7tye5YfPgV429BlU2iJgGzjmD+O
+E7j3987Ds0IuIcMbyMxbKZuSIa9E85G6NRZvBmUzhG9JxXz417/bBA4ULSyHzXUh
+j+hIvpIM9hX5MT00kaUcYpy+3W9ENw38ydK+Qy1AxQFHwoPDnBOaGkt44F1PXEPE
+RVFZAqRxtP6NNP961lDy5CHSh5WzO/PtMIxVYqHL+/OqpqBbz84Y5gPET6XMRhPc
+h8tCiMv6aoWiO2sWxzHMLx7sLx6nnNTBHSSKfJGkIyfiCUZKAayz8q/OAgYKZnI9
+dnQjC/PkXsqspamFkjsXClSjGuntQbQ4UpnKS8bxBIJG2b0qwu2rTVlqvXNLbyZg
+5tcJDJHazc1IycFZPYNr0IttDfKxFgyHZhdEQS+l6svlOTrj44NXrJWl0RuavoaC
++Gs3uffcsbflwd9w9cxeHSuYBNhO2LLIk9cBf0DAlM5pUNqJysFy8tCGSjqSHwIo
+oPRjltHsOUy8sGPQl84SU/Rd26ANbpWHox/y+3ZuUpm620BVmuGbS4c+PT2F15K2
+xZr3POVB4Trt3zPYeY6NQRiXnqcYzzOj0Br1XWwb34P/O9toyAh8CM46pjE3Blaj
+UvGxINMRy2YjJ6X+1i2DOeKUZZWILk1MPVYli7u8WNzQV8CJYHxH1s+Zg/L10sAf
+y7fMQ4a9V1FRY1xLM7H3JwchrZivzI9IZIhcybG948BLSN45nBFH4SskK38KKW1j
+qj2r1feNLcI04OyhAU2OxGIPkooszQfKZyu20u+OJY7YaqMKwQ33BjkIjBMq7YL5
+1wA+pRjGqr3jEzVhWbCQdhnhk5YQkL2FAG0SGfMh2XzVHj0Nt9OKEI/a4Ufrq85D
+ssR4Q3VyRAvw/0bhnEsBLqeEieXB17EkuNB43g2kanjwRWDYA2dBu1YDeQ5svvJQ
+fpId9pzXY5Zg+5upmRW+uRwtLRIdHkjdHGJUYzyceligAiXPHk/lWykiV+/yf93c
+PecHKjBVdDuPJROaZmazkag5amv1PP6/0MYpmVdwfMfSuHieToY2/csEpkkN1qX9
+xVFtL+2VZw36GLugmCY2uah8SYS94E5BbeBOqRbMsrgyT1sA3fGLgH8kF9b/B3E+
+G8caclyITJV/1Bu7y7ZpM6Se0RpJjl2EMBvriUhz9XjrxVnUcYSVFz9w6GIeE+z6
+fil5fwP716grZagpEa6Aby2AniEoezd40crCPkcaaD3T+6XrgaOxahsZJ/BQoCM/
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subCACert.pem
new file mode 100644
index 0000000000..eadabaf0e4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A0 0E 9B 7F 7D 52 91 00 EA B2 0F CB 6A 42 50 0B 6B 0E 30 A0 
+    friendlyName: requireExplicitPolicy5 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSUwIwYDVQQDExxyZXF1aXJlRXhwbGljaXRQb2xpY3k1IHN1YkNBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yRFiPxcDa4VcjEIMjPxx2RaYWn2
+HDOXqGxX6L5+pD8PLaXGLExhaTdwWNy+/yDaUUHij4pdFl/SQsmwtpEvfBD1vXis
+2MZIsIGy4DWYqni8J6H2M7ofoafKyS4J5xkBh/Z9eBH85BmlPfJBSVVrR4zjlDQ1
+B74tQTVWvznfpaZQomyr4Z4pzITkLANvEGvunIXckuIerkxjsjx0XzXt4W7h5aIt
+b9Ow3W5wDh3qRwWgPgA9JkUQR+F5ZAZaqeZESGe72rTPir748IOqRKaoZPPh3IpH
+IZLbh3hdAknoGNUg39s1EzAG6CR6S4rOFYqJIBmpnreR0AIm7XmziOwu7QIDAQAB
+o3wwejAfBgNVHSMEGDAWgBS7kYOrrq7eXNjg8pA8XPqfLuE5aDAdBgNVHQ4EFgQU
+N9O/3txQx6/IiuiSsMRIYfA6BAEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
+AQDGFqeMi0qNekHCj90wnNUgVkw3kwGyufgAbqV4VvFswdL8UwRZ+FAD32d4Hvqc
+UYvrjN5TeoL3zW8p7czvq2bB8gDVgxxGT41v+OXd0uT+T34kArsJbi1nxA8GiZ9n
+xU+XLWNp3up5wZB92F2I9J1W6psSxdPH4aBNrW/mgpckhimz5gWAOHIXiU2pB9R7
+JsnRJ0VxcAtCXRWqeHqgcpeDl5cA0ImOVupvLOiF4o7JJ/+KfAlMD11Wvp8dcebi
+S+1+mH9eod7daIN/fB39tMi+aTELILUvN8rmOz1COjN+lyVpZCbmSCo8wncNcT0B
+NEdgddMknERZ9SRajlmnbyTv
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A0 0E 9B 7F 7D 52 91 00 EA B2 0F CB 6A 42 50 0B 6B 0E 30 A0 
+    friendlyName: requireExplicitPolicy5 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4386478E7A1A6DF0
+
+w8wdVsuYUFkdjd3NS19wckCjlmHS4FtkNbzN8g54ryAPmjtE65HMDb7bIWV97L2A
+iYlIUIAjKQBb1Bya6cqzOkNUNWtxzvWEjlzM0m4ErAW1rCLTZmqguuqk4Hf0N1yl
+veR8mqfHk9EN/LN+j+68N2oXz5E7kcdiylkwGKImbNaZCGLJPiK+SWK/akBkl7HA
+QblxnSpuxSJ2iAr8Y/nYfplPOJBGM7APYjh3aCD0YcNyO6t1F5BDHP1DXsKmdkRJ
+y7PpMMy+qYIk+4XosI/TSl1ikTuQvU1cnAfyQgrYiKAyFXO6M3e5dzBVuq/dz9MQ
+CDQCvHM70D8QB7GrUdj7XsHQwPGWUGN1kFpUyHmwlqAxArX/sOode1DJnX/qOFTt
+rltOQ7bAJIly2EvMGmiSie2Xhm0sBeatu+jyPZ+HfFRi6CwO4mkL5cjzXX2esfFU
+/LXmXNcCNxby4jpqlJRdhwN2dpLueqj4md1y7UM/pPTH7sXz3cKM5lDkVRpRuqm3
+zPN3ttgJ2R3hzjbASdzk2HECSmhTCbwjw4qUFEM2O6XOmVLvwtsHB7u3IFYQE6S7
+5F9K9tBiyU/J6FMncJERJOtfkT7fZa1LUUSJWUqAYGY8KONsWs7tE6LZ6CX6dxjq
+oXr/B64pMHnEPGhk/44bK5qDv1zi4r2vP3YOyV/owN3hEZNCUU9PRK21MIBXs1hb
++XynsWhRWUU8W1CF60fyWl4ZNvmJTocdKsPNOIM/KDUfzfFRFF9FgyPi9BsuxB1L
+2VRLcwhPVm9+SfDOarPgu4Uhfb7MdqH1cIitrUve4EHZHBZbQzwfuOhiMa8ADStU
+uaijfAVczRjp9ZOJIK295Rc191SzNifbaFsIrDIKG+z3B8JVmgM3jVZR4ypZXYe+
+znvMNSOTCDKvnHUztUXX6/ZSY3fBYQZrBhblQ8Y8wT15vFs/M7+Bqv1v5YNT+rit
+nd9wZvyx+6fIdAPd/ejpBNzdDLSuLRBs79CIpLxOtxUn2WBtN/FsQPIqLUNdYWJZ
+vNgJvpFJx1aMlEzV8OIjt8acWDSdcy/nAVGuLX9Pw3BP9wuyIfo6c0RcYMWKBI4h
+ANIrEFEg7FVhxzNJOuJWrJEM772gpPp+SOdvDMd5czWpyx9ENozb1KpRiL+9oqKf
+IoSOHEfGzcrpFSY/RhkqGgaNVVcurDtHjAJmxiYxOCqW9jj//54HlQKNkJBN1y/w
+1ZCBPPGF0jDagJduq/4QnCRPAfQwowPd5DrKLnNphyQAd76115WLQxjRyk0IA58+
+i+6Cg676+kuwAJNmafijoho0cx2Q8jq6H0jFKJHX8aijQp8htE84YwnJKPWGz9kz
+go2LOkRzQ4YtVBAGJPFbAm59PKMBAMoqPXcUVFX7fcYiuikUOzksMLSfA1OMQuad
+385aOMHWLRZYu0GhBoxffzJo5nXWiYJuK+FO47ArP25bC8bx2Qp6nhgCtc9hXHlB
+WOvJO4RdFzOivlHCs4jcsNpK9l10D3INCGTFVLFokV53S3QtEGqCrwBoEJwiE9zd
+8kvwplXC1h1zgGlqZ2bzu0/ttMaZjJrfI+AyWi50viVJIaTbHKkn1F7m4WF9fC2T
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubCACert.pem
new file mode 100644
index 0000000000..6446c7c306
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F8 F5 E6 7A C7 14 1F EC 35 0F 9E 6D 11 C4 79 E0 67 E7 CB 2C 
+    friendlyName: requireExplicitPolicy5 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subCA
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5NSBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSgwJgYDVQQDEx9yZXF1aXJlRXhwbGljaXRQb2xpY3k1IHN1YnN1YkNB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5osj0pPsQd7VtPH2r3xk
+y+cCCrZpVCpWv79iVHsYL+FvNRoJcoAp4YRn5TVxL0tcaQ9GVUEG+mh8JPyr222D
+PGnPiPKTNYyurrIouh70B1C6uCdQ5tYQiE9HS7WEvu9mPti4qVWcIurhfKHsvYAu
+qzY+4UNrno9Qz9kjr4tYr+RXxHcby2TLXlvEKzgG79XmtvDW70tfiQhkQBEHSw04
+j+dnUlhPRBtyYrXoAkDETKYK+CIso8/0PyDlZNqu8fJib6P1UVlCnsQ556r7cY4L
+bjU4T49L36Y24wb6/5gKFBQxhvt9gsGUtNM6IUPtSh8MbiRXgHXmZFf/1niMiVXW
+VQIDAQABo3wwejAfBgNVHSMEGDAWgBQ307/e3FDHr8iK6JKwxEhh8DoEATAdBgNV
+HQ4EFgQU+IIvef+0fggC21uvMp3kNWG1bBswDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQA3toFMuFLrY/uxv2tTf2qtmCp5JJPfPdZYDmGVMEYlRJqX4IUSq4Ua
+/YxDTGvdP74edOEmxgi4cDDY6Y1l0lgPT5qZ4J/uXhuVAull3UPnZYe+TIFf+VEA
+ZKoC3JOf8A8+gFE+/0Fso7eLvI7C3YlL8BIQjWkfVylfXcf6wTk136XlMv9tKt23
+lrVqqs3WHBu7jBHYw6+hUF8iv+1DRbLD3zVmrr3MJb2+Cm32DFvxujt6vAVuo0wP
+bYUV3vF0QIGBgGbUmB4inAgmHYSiUmYzvkg7g8MF2pAthk20eK9lvLPo7PS468l2
+kguCoyCmqySucoSul6rNQ/qiDhOu9ucf
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F8 F5 E6 7A C7 14 1F EC 35 0F 9E 6D 11 C4 79 E0 67 E7 CB 2C 
+    friendlyName: requireExplicitPolicy5 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C03C65F9F917F617
+
+BhZR+T0kYvoZX7Vc6PetT5t9L+RQuJhBBIBR8DNT1nLfR9kO8QewffwyLukoUaPP
+PQzf2BS+V9k0NHHDq8j68uLg7S89+hgwULvRsmAFIgjWAHDwheF7chbbjY/BQzjW
+S1SH9zcJ9TnvlCrfROFxGuRCuiVsr6WIVQ27r6U0egm9FcIh1pR2NEtVG0vFahch
+UIAgNW/0hS2Jp0XfTtGrmduQCPGlVtp13XcR6mM1MVl3j2nczRtjnR7xZFwnEO4J
+J1QvXcyL15Y+MmUuUSLTylWMH8oijZvf0iN6mlhYcG2LiKt1c3PMHziaRlwQuyhM
+lj+iT7ujeGfDgsslklCKRjlWtC5a+5Wb5FM0NAeg7gCzC8eUUwULv9N75IzNJ5CU
+fc9tQ0aZh0BI0BeqPiCm6llxAgtPzEPSunx5atvPm3zG+2V71ic3MdGSKExutPqn
+jLzTdchCXff5lVcq/GeV8P8z3d0YUHQwZk4bpPkJlalHf+85TV0Ta/pdBNPng4b6
+MmLVdhVz2I3nurmt3Ogq7r36fqDoZxA9F3eacCePu52xtcQEizK322HJ9H/gP9zM
+qr25/idjWnrMJ+UP+BI44/AsXa9ohQ6Uv2+nenfsn2Eqyneb3nEHe67AED8dj/Lr
+lKdjV2Tz26Goe6aGuJueybGzSy6v1nt03vpHQmnQituCcZOQHiKYXDu5xfTQA29S
++G5BFjRCtlK/YWUredYe2rJRA3xPMAoFYZHB2VF+8rkDA9VyFCJ5yJVPaqtD/5gl
+Dk0OQ9dUEkuNQcs0PlmMc9ioB5jGjedgmfKxOt82RVhrui2qR888hrilpG+hTqBF
+YwcUqXBAmuJF8uOHTSYq5OUOGJwXpjjnpKDAHNFzC+MROTqqMb2azY4Nbgts3b1p
+xaXEIhBkZGlxwJBPrgQA0LBTDUL15s4bVBchwzvLxCQzoGlRrrR1AoV1VjLV95XO
+L8ADI9pShQuMbLj8LlK8X9edhgqzz41GgICXFodOlhbRs7kO6uHgPRwfIE8jEtgW
+B0sxXp0jUwgou8X3OOUcRw1T1oIbYemPLPRYR2lEE5OF0k8Auep3HUVOKcXBj1Sg
+AC9kUhoAtToU8l+MyrLGTVvC3sZzLUGJXl34PJ4SeKdddZGu3TmoOwZxk3u4jAT4
+dmz/bR/airM8W/zt2pkfBvRuA9Gfmi6+FzvatKSF8TlpxfuH3lcq9fLMZnJwvhMv
+kYFP25oWIZYQ9zcCUtjXKVdNRmc99cG4y6htXthVZayLfqDEg7I2MeS9s+JLIYtt
+uzzQRerb2O8sGcYPJxpprNLlU/WGH6ia0qhycB7vop62OyL/DhGiX4nA58bTyS5V
+GSzMAN1AUapVZVG0Ew2nhUlV45kN8iINKJl3o0PE7bcdBw3uyiOei0E6PLesu9ps
+G/bzx+5by8J+RppS2ZmEGFhBQNi2Ck41Rgf4W0dOdQMCy3m5euiq5v54XLaE4r0M
++vR3WSrMEgqo+8kTa8Jp8V+cru5s6meMc5v0M7OXG5iFy7aGgsomUlgUqeic3M8s
+0OLyeR7Q/NKfDrR8fOfd9t40SjPGbZIYjikT22gVa7WRXJsXqzICB2gX8b5qvx/+
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubsubCACert.pem
new file mode 100644
index 0000000000..fb8f1310a8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 61 DC 13 73 F6 5F 7B DB 78 16 A5 9C 55 36 83 A9 75 58 01 C9 
+    friendlyName: requireExplicitPolicy5 subsubsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subsubsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NSBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMSswKQYDVQQDEyJyZXF1aXJlRXhwbGljaXRQb2xpY3k1IHN1YnN1
+YnN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTf1ewQJZhIh
+4PmJ+VD3TwcCt2e4mPpSH4n3WMFIhLPk4cLQr67l4TjzZChg5ok1rhb8RrOXjf6L
+bL21MMx9nppk2WFfysWeYCz0qvuYH0UAUi2xze716rwNDotvndDSV9bykKjGOws4
+PTDvwBNKdIcPwqFxPdbqtGOSVNxOMwvQ0HIjIekLxizD549oZnT0SX7YX7aeagCb
+DJQ2U8MPbUltLSdyu/efhftZcE9PwhG9ubvu1Vo8J9kJkzN1BxXW7Ea9OLvYl9Ce
+157zMYPTgetX3HBUUyrKmhoymSOoSeq9rRBZaORbO2Xhaf8txOk6yQuBatNMfdNv
+R9umR8B+MwIDAQABo3wwejAfBgNVHSMEGDAWgBT4gi95/7R+CALbW68yneQ1YbVs
+GzAdBgNVHQ4EFgQU+mK6vX5eX98fuge+H3k3gtz8EygwDgYDVR0PAQH/BAQDAgEG
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQCPwnR8ERgKeZGYVBAdVSA3u8LTaxB1TTGBFNoTM2IzFMI5
+xxmGkXSBnQUPLiGNAOSYuiz4TqzSZYkQvOYQVCowClplOKfi7jZfIBsU+EJOaX6u
+ofcsrBmdY3hkA3MohlkWTwJY6J9O4OloQqBKwdFDTGnbeCk+ec8NVpBR2He9Nn97
+XT3XrmDvRJUYH4Fi5mM27HIIo434Ncjm27KkEy8t4Ks+SXSMHBOtS4BgKivdgSBM
+TWJbYv8vHbWBnQhFGbz6WD9yenm5ho4ejZFcIYGq9fJugU7j1NNo1CB7KIfCZW/E
+Xog1n/lLdDgziJj3sYx6l2zR95MtzcdRRKlnyE3j
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 61 DC 13 73 F6 5F 7B DB 78 16 A5 9C 55 36 83 A9 75 58 01 C9 
+    friendlyName: requireExplicitPolicy5 subsubsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DA968D2A17EE20BF
+
+D0KUSvUxhPDCKA4G4wCv6FeOhZkwjMrxzYFpszxFEAlst7NmouwjIN3OPfHmt0IV
+G9e8/urZwBffHkHTVT/VYDur2dGoq5UF0/qbAcBq62p0RsSkyIOcGBf9TZfO6aRR
+VtVYdt1wyBTxLOLoqZxH2oP6KilW2dI8+Ca1DCQRJ1taeISCyvwIOG3eKf+DvNmp
+c5/jc+gq/lVQxGBLoeJrttJ6mydwmjOeMzG2f6OOpTwWladjkZaIdoFFnOGPk4Ms
+jyWtDa5GFhIOAqBqtg38Uy719NEZKDDuJXC1IXFwPBRg7+gXY27GLgAdqgw5yunG
+Jsl/zPYkxUFECVaQ/ZbHbw1DzVTMUqRuwPrFMeSu4/ejHefLNbNdH56e4coovolw
+vE/92QRYa3VDILfNpLYMFeLW2LwmM5AtUNAfnc0MJetpbtWaqDR8gkZ6RXQMLUlg
+t9js5ByTtYnjVK4jEdYWDTKlZEfK3wzhet5jSxJ0vpN4N4xoQtedeEyUvLTf9WX3
+O7p55GM4hlt+9istCVR8b1MGrEYD/89y8cG0Vw7+RYet3THk4yukiffkmL0ymsWp
+EAnXiDtJf4dCVUe9j0DL7Vr3blk4oefrkgaEb0V3TiptJQDKtZqOGwOtEozcxMkX
+x8ep5Sx7xBVCOSqX0bo+5J8MbSib1UmMC9d4ifi/BN4PuJSQ548nSPzlXQDaxKl/
+QoJakS0ZrVyzz9YNQ+LCorAx7V9JqqjhDDYIAZF66lGB1AYy5gMTGmpw/hM2Bzsy
+DUt61k30JTnWS4KeWCES+w/BawXVlk/1EK0D7iWVjnqd9NZBtdjKrHLxm8o84QFK
+Z2xkJ6o8hunJ5JaF8wuSmacCb4757W92vt0Qoo9ShTYAIAq3Oj1LCF4zNl0lQOzl
+yCX+3uv7B/VU66S7HAd9JgyiGXBgNCyFVCP3TerpOZjX1ErhkYlE46NAWzhTyYed
+E99Oka4lN5yJuq7uTiZR2dh18HkseQMmj1mnXYEIQSrDmKDmJI3Yfim3XFmj6sZC
+3i754W+LJLkBEqUSxLtRix/FWR+N5/MkQtTl7VP/Q6tPOj1MYhpV6I/v7glwKQjh
+hbkVPA+BdkVbiDWO856JPXmOAyXns2ZYbhZD3JPGrXP0+dLB59Qz4fYr7aO6cHm/
+jJOFOMkccee18HVyvJp2JUy9ji/VneV3Co40mjAfQcrFfb/4nBgKhaX8igZCpFtj
+q61bpizO560T8++zdAwUY6jdvdF6XT+t7dLHF4NB37RsfwfBxTSNQucJDrcysYxD
+svZn54Bhm0ictsuKMvXNj3hzfUWDlhI7kN/bInbeml3Q+wEwvcUvLjA8bWsS8W7G
+rmBnqj37zelEDUPf3ir3U321nOfNxNoyGTvuRbIlstno7kARlq42hnOaSVHOpynX
+/u1cxQhj8aChKf67nF2dVORVjNduTq+wy+dpT3nEp+CFtOrHpRKm6s41g6Fgkg0d
+9Ssanah1cxfEB3u1eUGQ1/fOiv7EJYTHNP84ukKlbHGMC9MU5hjD14zfrl2cs1Lz
+4E6CUePJvHXC2AF6aqfereUuzPyNFZG7crpMZqvv8QEL+817TPHCCg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7CACert.pem
new file mode 100644
index 0000000000..fbc3e78c67
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E3 D0 9E DA 0A 42 63 D5 D0 EE D9 43 E9 1B 60 4B F0 4C B4 C4 
+    friendlyName: requireExplicitPolicy7 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBLjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXJlcXVpcmVFeHBsaWNpdFBvbGljeTcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCpVKpHFxYwg5kq0aETF4qFIYC1k132i1tnGPJFaE8s4vgtocrS
+wVS8gZ+IUAcAobfNjTFJqLkg+Dir5O+DrUmbd6+DIrw0EJL/O57bC94jTI01Cl6w
+O1sVnY9ni5yFDZGQiE9iMBaJQ3UBrGMSu3pT4lgV0FzEet70qnE2T8irAWid+7+W
+9cK/RatZKF7F/QjgfYO1giZs0S0bFt+j4jK7ZQPbYbnLR93hZziy0di4qnr9U2vs
+ekYlvwNcsjL7H1SqtCo6bwxL7jXn0GTpZz2O5Pv7J5xe69nW+9uULcCmYgASUJ2u
+exqWd2b15Eb/6qnnoPYPojIwmyuCjG6hVhj3AgMBAAGjgY4wgYswHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFGwxlwE1IN7bNeUKaVhZ
+iGTMIc5KMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAEHMA0GCSqGSIb3DQEBCwUA
+A4IBAQB0FCmLk1xVqT7ECIhn+PfIXXQ312OWKRKqZurBCs8fMa8zq67GVBFi2HEo
++TwXaN0u3G5q3esDk+20ontt7cxaTx416Lnd1i+6+daK3ieIbvsX2yE/f6zxmRwg
+J4B5UTFm9yrhJHHn8JSyNKNFe33fFHWcUM0MuRfRNK5O7tawg6HlILr/hbPvO0Ls
+FbbJZyAzCHBqL0x9GS7pyFNJub3Y6BjYMLIvUNKbSaciw/rYLWEuV1uVyD3mC++4
+a2MeiCdQfFDki/xaHElme7qkiQeEDaUXCjCQ5m2Bhl3SMo5g/8SVDs1l/012UfsH
+uT4wf2kqJcmh8a5OSvuczLgsCqFm
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E3 D0 9E DA 0A 42 63 D5 D0 EE D9 43 E9 1B 60 4B F0 4C B4 C4 
+    friendlyName: requireExplicitPolicy7 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8DCB8DA039F9C4A8
+
+5gssmzUJAH5iKUaEWRw5pmlzaGZcN8Y3QLoTNDmiylmnRI5djN+PTc7R4vULMK0u
+9apffAlkJYqJPaAHeBcn6KkhJs/GYzT8GKn6tvMIKdLoC44Rs5YLz97wy6QGwnqK
+ws9rg6m9qvOHi2VQjVD9c+fox/9loZBaNBXF81XyvPeQ/rghSNrQTM7OXEeL1bto
+7EKBeX9CR7Q5X/DGq3+JGLpX4sFXdZBuIko7jli8eXGfl3nms1P9O62Wm/1bW28y
+f8Ku4MHm4a5yQg+foK3lKiuYQOCleyGu/0KC8f7h00jv7vGKRQKD2/vtBMbCCDmR
+tXKU6dE29q9gZxCsw/EUOJWDk4wsn3UOV9OMBwTa0zd7JtDDiLUyMyo05u8rSzHL
+FdVQr2URgCHZpoWdLx6Fiyw9OY5LKyuGunlC5PJBuzHKzCTgBTArfvpckoJRx5Ly
+fXhpL5I3wiURk6han4kiezf0oih9quxwK1hxy3jESuH8dpOXzzrH0uMbnn/BL7Rp
+hqgbuyFYluRHcLcaz0q3pzrkp/FFzDUXhqx8om7pny85U/U7JFU+kYAWWKb0LA+z
+or60GZ7YRl/P5cxkC4x18w9ltpbmweggKZmtc9oqTz9DvtTPjDhHvNYubdqJ8uZt
+NBqxLPciXzBZDfaw0zFCzZgShbqPQfTtUHSZ7ab6v/V5eFCzajGqQ9YE1MsMGZQX
+fIOt2XtllXuBkbMhwtYDNIo2quKpD63rhlXcmH+XBuMJdCa965lYaB4BxCFmpTmu
+tfF4RK/PCuuJYZIuZ0/gxH3PMQAF6agDdsT7r6eXb4IXgTJlVzb93Lt2/hR65ivg
+aliJOsyMkMZb2lbgGuGp/kZFMSdE1dpzeIDG3LiJjZ3GdFfCZA1rQ4HmppCQg/UK
+Z5j00OjagCElQnmVf3h4NDO5ipacVGBr1F0V4qegVbd76fi2i7vtCrMbK+bvrE9a
+FvzJMN7Gts+pWpHv395nk4lZYu0Uok09B6P0xe7ep777T9ckJCzg8KCkDPNCkgBZ
+1+WEVg9eKaPsM4tzWJ6h3cZOpuIMOqznyp/TzthKI3RqLmacEQiEr3PeAWRHemck
+0S6TvoT046ePKDdcmb5EEc4FrDsGG99+LquEzKZtumhxhB2mUHANl9YIf6iuqWpC
+eb5JJKJIz29cz1pPc3hpZ0XjQJsraqewbli0z7M4WOnDBktvGDz3x74qs+n5nOpq
+CQ1I/T6OQ6wj1h+31C4bUQfIuWH3oYQELGGNjLT4nZ5RXL4Ym2LSsSoKclYYatl8
+9wGTJFRxcotR9RK4yDfYfEwLECYgapPIrvX6NfZb0D2e78lV4/kyBi9xn93Qvr8v
+gOpEDiZOiA3legMirlfGVaVCtDu1jZ/bwPXjV89r4akjjV01IL2ysqDpHW1WvKph
+beOg2R+2OlsNas9+9b1nKWrcsvwHFsmuvD93C6BAjIc8Tn/St4DVLd4O1fRZ5b4x
+NiE96G2cJUm1lRwIQjNENV1U9BoxZji1sPDlyKKykuhkoL/c73M8bhl66foyNkWB
+TLrtUA+9pCsRt+8hpx5DtNCKWege6jzV10Iimbi53UmptUBuauqJWg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subCARE2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subCARE2Cert.pem
new file mode 100644
index 0000000000..5e563a8c22
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subCARE2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 88 72 F0 52 A1 91 20 D4 08 52 B6 2D 98 EF F0 34 51 2B 4C 33 
+    friendlyName: requireExplicitPolicy7 subCARE2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subCARE2
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 CA
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApygAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSgwJgYDVQQDEx9yZXF1aXJlRXhwbGljaXRQb2xpY3k3IHN1YkNBUkUyMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNCCh87bZLO+YSdMLvfXHSR9
+pno7RfOAsEKaiPo2ievBaYHZUI1eXBOi10V3Klm+WZ7kGRKXr3ZjCxBJ0eAbUav9
+htXPdQprkjHS6+PfehpUiZvoe8JM1SaEIk6ZJ6hZbWQ9fL7xsCy7M2t1mPnFuN2i
+23TbHRIOmkxCD9NJgDqejNCN9O3lqjr+na978Irf3ZrSK9GZ9LnopXBcg70DcTMg
+TcuCHfPuvRyciClvMAFUaUvMH8POVFa6yDriD/ArHXfc4FLTFaLMN57lah8ft0uN
++Ec1tvqnSg7mDcHN8jdyj8Tu3sjh23QHCyvlKJUjk2FwLzmaDvhn8KIS9pPVBwID
+AQABo4GOMIGLMB8GA1UdIwQYMBaAFGwxlwE1IN7bNeUKaVhZiGTMIc5KMB0GA1Ud
+DgQWBBTnXCWOfqpMd4N7w+pp1seiNOE0WTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0kAQH/BAUw
+A4ABAjANBgkqhkiG9w0BAQsFAAOCAQEAohBJ68sra6KMs8u+uyx1e8HRXv4rsIM9
+vc4H+OfqE3OxVBT/xX9QFx3QtBAKr6x0BKRZAxQwYi4bCZilSUDbuE/WF/fv21k4
+fVF4R2W9uvo8pKwizRr5/cPEq/N7tWtv1YhilcD1ET/k2RoEIUtgsOres7iQ1DLo
+O1t3u69jgi0UCEymRrzr/JPW9nLSkNYvr+M3noFfsYxeNb81l2Ma89tOdZ4dixNc
+tsYCgQ7DP6IEDdCpUxY9iEjnZHYGW84jIvGNQ+ASlx9R3WNuQm8QThxbdkAJhDLG
+PhoYnJE7zsZXFhvQGh8KWxPCN5F04yl6mEAGE09OU9fv3qOqzLlgQg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 88 72 F0 52 A1 91 20 D4 08 52 B6 2D 98 EF F0 34 51 2B 4C 33 
+    friendlyName: requireExplicitPolicy7 subCARE2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F19325DAABEC41E8
+
+92uaRXF4JM9Xmi4dnmlD1QuJMcjLvnIm8xAtEko1OhxzgQ6VL0gwSSr/iMPXBlai
+4+TQdxxeFdIuuqpQMLbgn5VRUDwdN6SzkOHUniprKg+y6w5y0bRewWt/X3uUGIOa
++snj54weqp4mBHG1xAA+2+gtMUvflPwdeY65oDDk1meMYQosY1hM5P9CdgAI59RC
+Hgnc7DuC9PLmaYRQiRTx9BczFmNGXgXfMS5p0rRHD6S/U1S+T1IgRZ6nTo7rt1b4
+JqJefEGntINg4nAClAkf1HtBRVU0diZeJr7DbPfqesLtjSDJRBujd8E07W7DQkZ3
+ZcYOqcchArUpvW6zZsu4hdQbe/jdn8GqIZsdhVL2/Gx0q7VJvtkE6yzlq0/LqBj3
+bJ/0zqG4Kplbkt2p6Sc+QrzjtLU+qOtC0fvSPJF4L2Vjoxw0MNPR9Xa+BgC9T7oY
+2VH8NYnAKpUe5Jqnr1tGi+9IxXs5kBKIi2IdOzfAgiG9BwdMi/PMkk2ciyvGqxaZ
+w1lrGyKWI1hHUWPz6dnEUIoJdTyykqAgVtiMzy6bn0lUID0Y/bOySjz1D5sTBUd4
+sW/MHiu6rX108EDv2Aeu+vOGWWzIehu6t0CWLu35C2AsXnCF+Eswyz18hL7PGo55
+NmO60l8GcWW/ToKyPqaD9O5sOt8KO6yPnOWC3JMFzac44xfAHOD5YXJaW57y0QsT
+59wGEsSnYUEROmRgTGPHfjVpqiQTS6BWcaI8a0SRZedGl4sSLv9np9iTP7KeC6hc
+hhNnnZj2RHK2miYbn0RX6ent/F1k32F5Fqk4vVIBeECaiesh5O+K965H5ai0eGzg
+E5kj3j7J7vi+42eJeib8eKMtvrwl/FUeH6H6g9rTWfeuCHoj1s8khxDGHKBeek53
+cTS+uKdeE1MagCJMYWINu3DKGDHBqqjKZUW9SdqmpXag+xUlG5Jr/Ka1mQJZw6Zq
+Al6tczN3uKzEtEd+yKCAvdxco+kwzcM6mlfIgmidlb0Yzm9kYPhNGCYjr7+daeUm
+fzkBmTsVOsRUqBiZf6NCI944cFsXw04r6i3zXVmv8qtYLaWN3kc3FvjxPne3AGeO
+E2fHK8HFHBvtaChebJ1SoW2gIlxY7goRJdLz9Cq2LoYt/eMNZhlCv7ma/vG1/Ri6
+WdLo/rO8Sw45b2yblskNzVJM9Qkk1IYhPLa4rT+l/DYDpxteAiU9SaruXRdNT6An
+/xipbwF75qscet72Z3c0QA0wGZC7kEz8zCVqtVHSlj9LTyZPWcEIjbQ2ExYYffIo
+jrkBXk3w8ip4aX6iPti5RTIk0CdTQLxbizL/UWtqv58LzChwh5Ee5jPh4CUkkRGm
+feWL6E1dOTpSAbG/tcPczfDg/TQWpsvPi58IwXHIYhTeEDOmuhJBTwtZTfxcRYDg
+AfYH0lAdtF+pYITwueyZyGKFYUQs6qocX9tLcLl+LL4XvJcXibYjytCE1lqJewCT
+f2IfCzfv3h6QxwDKLs/vgjT1tceU6S1Awu6gS7agHekhU44yfF4+LUT8uVE9nFp4
+VUnVMnoe2x/Ps0skruwXaBusvPkZCUQDmzIJFV3NlnxVZ8vHbFkWeQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubCARE2RE4Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubCARE2RE4Cert.pem
new file mode 100644
index 0000000000..107aa9cf80
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubCARE2RE4Cert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: E2 B0 02 FB 6C B9 1C 13 89 78 2F 51 A9 ED 16 BE A4 B3 6A 0E 
+    friendlyName: requireExplicitPolicy7 subsubCARE2RE4 Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subsubCARE2RE4
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subCARE2
+-----BEGIN CERTIFICATE-----
+MIIDwDCCAqigAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NyBzdWJDQVJFMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMF4xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMS4wLAYDVQQDEyVyZXF1aXJlRXhwbGljaXRQb2xpY3k3IHN1YnN1
+YkNBUkUyUkU0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKLzquG1
+Wxpg7dOJrrPXsuwroWJcJ9q4XcofFyo8PWBu3Yt4H4H8rEtQATDnOcorYd93IcJx
+ycuxyZwa+PQEGZOBZYAtxyicombbYGR70wJ1Njxsa1oHKe7wFGd6YdMB1xbFjNqx
+w1umyI4zvGR8WpfA0sEUilIF/sZCcErVTk7fDNi/KT3BLyyDmQ8sHFhQqxL9i9FA
+tHLHaZ4zyH0HgXGgUEqblgw+wsWWRQVP5AW12UaALGLn4ZijThUihW5H4Khx7pcv
+Xq8oZsLjbWa8wR1NNfeZxyd5qAyEYKf69/53vKjDlcDCaZSuM+Av3r1x56+VpuTo
+37CuXylUcS/vewIDAQABo4GOMIGLMB8GA1UdIwQYMBaAFOdcJY5+qkx3g3vD6mnW
+x6I04TRZMB0GA1UdDgQWBBRu/40Ii2b+m6V7+2QzZeoDlUiUmDAOBgNVHQ8BAf8E
+BAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8w
+DwYDVR0kAQH/BAUwA4ABBDANBgkqhkiG9w0BAQsFAAOCAQEABhL0Q/1K3/hsd6Od
+6TGkaumY47BYBh86RHtxAoGKXecsotYO1kdJXLQsQOkEpLp/g5Tj0WL2YqX5tgS1
+r8fkcfAL1+Mm7vq6UEBd0S/wLZndMJ/Xjvzpal/o6iujqIEkWZZa70hYRcN+Q/OQ
+azhPsDKAm4I48xaRKOorCVq0PAjBwRia8MucOcoymmiQW8/wQWS3fMRj1gh3DERE
+Y/6TLeib5pyH1KYXE7W7dA76K9SzX7TlDOFd3xybch1UxTrz2I9cqbjQdDjJMEYU
+W8tFdCcIk1/dr2faOuWvKkOw+AQRKciVrPTRcb/GKKlnNhc+YRx3KBBs6D2kjM/O
+hsObrg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E2 B0 02 FB 6C B9 1C 13 89 78 2F 51 A9 ED 16 BE A4 B3 6A 0E 
+    friendlyName: requireExplicitPolicy7 subsubCARE2RE4 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7F1D317ACFCCFD84
+
+ys8urfxzgQMfQRVnSzGp7480kJ6DI5PMZTdtIKUnX7l6KG2KUmRfvoAfSI1sMA49
+bPqMSxaS9OrC2BTRsVGsi8oQxbnFm32v9IeaTNQCYQ4ntMoMV/xbGYhIEH4H3Hg4
+9Krnc0upc0ktHWMyaRct6RGzvn3hwXdkb+yaw6mB7hHy5/6uMNgs65ZWhiXY+gHR
+UAQjYv6tgvjwHXR0TlzOWM30Veh5Zz2BY4xBT+wFxFBCSfy+6tZLOa0dnxkPhbMS
+QYFfUq7JemrCQiDpMsNRrTBJFsUb4YN7JVPtvPhi/mHFHiA1g6kEnsvaTRoHkuoQ
+9TQeVyUVuK1JU0aHO2Wur2KatczZOqcSfDQQz57/i4OHNGEfZGqGEZ6YXZlrQSEd
+iMGP+vKPBOgJiYZQH6CItZ2ziFtJYNjAZJszaa+1asNWZCQJrBWdZ5ZQ9Gm9gnV6
+22tSZfqkRKFXCsknjWl6NOywldf4cRwq+zqr4EeVlj4eNm3NoIJvjpCKHGYYJ8mi
+HJl49utHBBrZtSWAFYjV4Xfl6/kCH1Nkl87ijBwHFiqNdJYxj9y2Q5edJBJ5U6dZ
+K2zBdZY0vF5OJeWo451ztXVi4JmX9/LlDiekY/28XlQd1gIANweYYrDciIeODFdJ
+yASNxZD6yOSIegmQ3c8xJxzHKivG9VPJCYSsKGhAxZcwHR2fw/UnDZA5lkRfLyDA
+iMurrYmZhvcpBpZS8fHVqGFzSV7RTnf/bU6M2Z+9Nv65tSwwyTJ/P2QP3hrYKqje
+w6qSLeqoZvExnHvaLIvGLii/Sq46euX8bcVFi4d8KDv8iKzKGIl/uPp0ktgjWLuR
+zdGpEn6PcNeoUOqTpiepyYd3sIZSn4GKDSccJ/xNUlpEjim9+5Lg8dHdCadDAzGJ
+QrCzXFlWg+rNWe4kdM3P4SA1OjF3+kISDcSRRZjTBaNQm6p/pcxKnueMiGegpfAH
+8JGGkT8MVodWO6I/fh18QgtJO+aVfPFFWLz8i6PHsqO+9sZUhSur8wrWtN2xbyC4
+cUWn6RUkhtg0U8Ys5fyxnOUpSFuBxkOU3F5HWzE1kaId8E/6ry4V6oaOMdQLmduM
+Ms5XIZ8r4/jQH+vN+4BTIkSQqR01tPTQm7pWv6t1c4hMWLP68GOVywFqtuSFXJKj
+i7AFnk91X72fSa5qxp7ZsgvuDIXeOxnw+QviC8/5Ha3r2GQhAjew3+6VEa4yZqmM
+yHu+qleFKw/6pARSNBl9+QZusN9R+cTZgYr9Bg5F4dEhlsfAoyVlzq3Ev/euGNOW
+XdI1vwv6Bi4ocH5+3i//kOUXjxke2WpA3Z/svjvWfIJwkEFoF8cxK3iKmuqXawyG
+MgM86gwVX1YohPVda2vAzAe54W4hpypDhDCkjdjLjXSJvhX/ysEiW1hjSK6ZJ6+o
+HAKkCTrF1R336WbmUvwYw7bglaYP7qyw3F8m9l2kQJYmr8TFYZOmN8NyKbofu+AN
+Xl4tVZbN5uLSDaFWQzTpzWv+QCxGAscGMCRH1TpcS+BI8OLX1pj425CFVD80tX3D
+zMSkgX+FyT/weVFd0KGvPYflZJBzayq9RvCrOj5cMYkNoKUNnlP5TA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubsubCARE2RE4Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubsubCARE2RE4Cert.pem
new file mode 100644
index 0000000000..3066bd2314
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubsubCARE2RE4Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 76 13 A6 B2 AF 61 63 68 21 A1 77 C6 7D D8 5F 8A ED C7 E4 2E 
+    friendlyName: requireExplicitPolicy7 subsubsubCARE2RE4 Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subsubsubCARE2RE4
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subsubCARE2RE4
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NyBzdWJzdWJDQVJFMlJFNDAeFw0xMDAxMDEwODMwMDBa
+Fw0zMDEyMzEwODMwMDBaMGExCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENl
+cnRpZmljYXRlcyAyMDExMTEwLwYDVQQDEyhyZXF1aXJlRXhwbGljaXRQb2xpY3k3
+IHN1YnN1YnN1YkNBUkUyUkU0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAu6hakMgtlNCA+rCJWAL8vGJ9le47WEg+7fAOpHBMAZvLGYiufTGL9z082H6l
+XMYJZl9vt/04HghPEbFeWfF/S8ahz6A7kpuSB/i4trfzkyCYqi+5YDozDw3+JzVS
+C9h77p59euEO4LVxlJwxLeDIXh2idbYmMs6hBqyktdRv4qZbqgtAyascshbclgs7
+5YJWYtkDp59/MWooX/Af8VNTnCUGrgCtk7dagQd1eGilyo0NpM6XDQ6eYdkqQJhI
+zyvGo5SWSAmkIrX0fRoyocwD3ibn+OUN5pVDZplzYA/PPL4kq0BBFt8C8RddSZIs
+1YM+hnhSdB8mRfs/Yl/xWpIwhwIDAQABo3wwejAfBgNVHSMEGDAWgBRu/40Ii2b+
+m6V7+2QzZeoDlUiUmDAdBgNVHQ4EFgQUeyxRYTEVrawsa6m+OzsYGpKqf0QwDgYD
+VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCcmQxvc23zsZ5WsaG6itcxVmsRDeKF
+WjkeTATCwuac7OTFciIJ2ts2sMDnT5yupQFxNn03VhBejR+caA2RlIKkV31tQDu+
+34kvGxD6fLcjAf9tfUbzjfEyZEPAfrlSiXVDLVPa0BFw/mO3gjCNNlLs8/RoFhsZ
+alMVnfklprdGkaGldVuqDDHPbiX2xy2WE4XoWKSqD/PXBifml/K8Ktfz6FezN8fH
+DIz0zc7JXnu8mI3TeWFSvcK+lIBVfmm3sarVDGVR83/RY+ev2kPP2PzKL2vJpBqD
+cRKPCxQiGmMw7IaDw8o/mGzapGd+W+zIgL0G/cvtbIKayoe7fwk9iHOm
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 76 13 A6 B2 AF 61 63 68 21 A1 77 C6 7D D8 5F 8A ED C7 E4 2E 
+    friendlyName: requireExplicitPolicy7 subsubsubCARE2RE4 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1735F91368816CAC
+
+0mzm+tlczyDGO8QkYpl3YWMMMLYz4/Om3I+rNNgb4u4g/M67gew0RaNd6+jIXQ+d
+MFRV3Vd2pRjH8IsHXIO0Y9pS2A2cBqOEPOlNX/vAk4HO+bHIHbx757gznY1S8op1
+hmMx9RE+5yAOra1naPr2vrH+/b25qRFYvgClGbD2xSct9+N3nltNLvMxkS/mh0Mj
+nxb23GRGXuD2tldzeJ2ufqPj0OqJzjpqzx+LJikLwsjHDTzZ9TTX5x071eIWr9TO
+HNC4Rj72OaLoYSsODONoTzX++lB+RFiqccyzl4sFlh2a6v4LDV1FCpGLoYzm+OxH
+zUu0z3B6nOSXoVWSIpHKrTE7f/ffeVPfjQRy6SNb9KRh6OXqjundOJAY9RQ850LN
+u2LcJQzyxvAkkhTPQUcRHqib+xwoxZSc2PZGpdBG6+UmXCjHcTpYS1FzHM5WnN2W
+JrMsOworZjAAvyopPIdv9ByM2AS9oMSTglv6jcujXkUpeDFnfs9Knt0ATMXaHhpi
+EXKP4b6I7JeSdTGk9suH60FUY2y13DjZFFT16tcQ7SIHilh8pQMxLrSToOGCfsAa
+R/dlyj3gQYMgf8qyvGSdpchiGdAuNtg6akhoFKnXmzEupoq5kY0ZKLZwulofDLfx
+IwQVwDz5RXBhDJUmr/TLZrhyLUIkC7E1ZoCocQDlmojrw2Q0mfOCJkenxja8YA3I
+IVvnakET52T8oXwDl94bhLN85/1Dtvj9CJkIrUKF37Eyidy3/SoCsL+ufI6e7Fnk
+jeaupw4oTsYlr1CtHUVAHRnfncc9BIducVqG1QomACmschc1Ivkd+8Ok61lIxXRt
+/7xiPV3+HeUKSZs7R4kDrRWa6LiLfXfXC9Vf/FxBzPVMnPOd9e1L634SZ8OcHIbS
+Q7JAaX+jXBs1+Rf1n0LKTYKVFKsWgAtkB0dug7mpEz7lqqKQi4LYEr9KMXZIbSif
+NEtdDs3eXUtZjLLnMQgioEqWCZLE5YHkZD1KJj9XQ6g6XRHWYVMpZWy3/480YTsH
+Vaw7UPJ3s0yCF7OUVxgjOdBQr4J90G+WOncTEPXknQDjS9/5FYYE5kOpeIpOsm05
+D73aLiHei+MWDO2WWOU9w1jzwusPEDU+wL3E9nmz1zS3io0esp3daVW8G1sBQiCm
+F7aodgrb6EWIzmWOEPP42pWsJoZtogNbjo2u41H2mCfoeVpRj6YOvc1OiG/gVS9B
+1GmJmZGkGh/y7Hos0bSab+ZZNx16NDEHE5j3JI8ziFzo1zBELHPMYEZK8tRTFS3z
+gHWm8s5ib94xykonXG6jDU1fRLi8ZZHPpLg7yfiFHs9yBLlecfCnh9f9mmEKRpgj
+PHFnWdbZZZfRZC+TSQDIDhCvjbBj+jB3We3nLluSjEUmWrAJN/sGRcJ6+rK55ErA
+jMq4ApfYmx6z6Gw8vONatiwDqZE7BKxlR5k69BazG+aB54vugMusggdAeBO2het1
+orUaD36pfIf3jCXgzn9ycVuQaTq4KECZStGqhfOhj1DB33/1Tnmf9ZX3m0mwx3VW
+79QavvERR/m4iHiudSeJgP7IDZCO2VLtPQH6aKDfyaIfmWYkE9bp6g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/reltool/doc/src/notes.xml b/lib/reltool/doc/src/notes.xml
index 5304b996a4..cf2cf7f7bc 100644
--- a/lib/reltool/doc/src/notes.xml
+++ b/lib/reltool/doc/src/notes.xml
@@ -37,7 +37,23 @@
     thus constitutes one section in this document. The title of each
     section is the version number of Reltool.</p>
 
-  <section><title>Reltool 0.5.7</title>
+  <section><title>Reltool 0.5.7.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Added recommendation about <c>RootDir</c> parameter to
+	    <c>reltool:eval_target_spec/3</c>.</p>
+          <p>
+	    Own Id: OTP-9742</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Reltool 0.5.7</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/reltool/doc/src/reltool.xml b/lib/reltool/doc/src/reltool.xml
index 31e15e34e7..60e886e8f5 100644
--- a/lib/reltool/doc/src/reltool.xml
+++ b/lib/reltool/doc/src/reltool.xml
@@ -558,7 +558,17 @@ target_spec()       = [target_spec()]
       <c>true</c> there is no need to install the target system with
       <c>reltool:install/2</c> before it can be started. In that case
       the file tree containing the target system can be moved without
-      re-installation.</p></desc>
+      re-installation.</p>
+
+      <p>In most cases, the <c>RootDir</c> parameter should be set to
+      the same as the <c>root_dir</c> configuration parameter used in
+      the call to <c>reltool:get_target_spec/1</c>
+      (or <c>code:root_dir()</c> if the configuration parameter is not
+      set). In some cases it might be useful to evaluate the same
+      target specification towards different root directories. This
+      should, however, be used with great care as it requires
+      equivalent file structures under all roots.</p>
+      </desc>
     </func>
 
     <func>
@@ -640,7 +650,7 @@ target_spec()       = [target_spec()]
     </func>
 
     <func>
-      <name>get_target_spec(Server) -> {ok, targetSpec} | {error, Reason}</name>
+      <name>get_target_spec(Server) -> {ok, TargetSpec} | {error, Reason}</name>
       <fsummary>Return a specification of the target system</fsummary>
       <type>
         <v>Server     = server()</v>
diff --git a/lib/reltool/vsn.mk b/lib/reltool/vsn.mk
index 751f9bb6db..3869284ee7 100644
--- a/lib/reltool/vsn.mk
+++ b/lib/reltool/vsn.mk
@@ -1 +1 @@
-RELTOOL_VSN = 0.5.7
+RELTOOL_VSN = 0.5.7.1
diff --git a/lib/runtime_tools/c_src/Makefile.in b/lib/runtime_tools/c_src/Makefile.in
index 73ab6cdc11..3d9a7ed69d 100644
--- a/lib/runtime_tools/c_src/Makefile.in
+++ b/lib/runtime_tools/c_src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1999-2010. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/runtime_tools/c_src/trace_file_drv.c b/lib/runtime_tools/c_src/trace_file_drv.c
index 668f6f4af3..08bace80ef 100644
--- a/lib/runtime_tools/c_src/trace_file_drv.c
+++ b/lib/runtime_tools/c_src/trace_file_drv.c
@@ -21,6 +21,9 @@
  * Purpose: Send trace messages to a file.
  */
 
+#ifdef __WIN32__
+#include <windows.h>
+#endif
 #ifdef HAVE_CONFIG_H
 #  include "config.h"
 #endif
@@ -31,7 +34,6 @@
 #ifdef __WIN32__
 #  include <io.h>
 #  define write _write
-#  define open _open
 #  define close _close
 #  define unlink _unlink
 #else
@@ -40,11 +42,6 @@
 #include <errno.h>
 #include <sys/types.h>
 #include <fcntl.h>
-#ifdef VXWORKS
-#  include "reclaim.h"
-#endif
-
-
 
 /*
  * Deduce MAXPATHLEN, which is the one to use in this file, 
@@ -176,11 +173,13 @@ static TraceFileData *first_data;
 */
 static ErlDrvData trace_file_start(ErlDrvPort port, char *buff);
 static void trace_file_stop(ErlDrvData handle);
-static void trace_file_output(ErlDrvData handle, char *buff, int bufflen);
+static void trace_file_output(ErlDrvData handle, char *buff,
+			      ErlDrvSizeT bufflen);
 static void trace_file_finish(void);
-static int trace_file_control(ErlDrvData handle, unsigned int command, 
-			      char* buff, int count, 
-			      char** res, int res_size);
+static ErlDrvSSizeT trace_file_control(ErlDrvData handle,
+				      unsigned int command, 
+				      char* buff, ErlDrvSizeT count, 
+				      char** res, ErlDrvSizeT res_size);
 static void trace_file_timeout(ErlDrvData handle);
 
 /*
@@ -194,6 +193,12 @@ static int my_flush(TraceFileData *data);
 static void put_be(unsigned n, unsigned char *s);
 static void close_unlink_port(TraceFileData *data); 
 static int wrap_file(TraceFileData *data);
+#ifdef __WIN32__
+static int win_open(char *path, int flags, int mask);
+#define open win_open
+#else
+ErlDrvEntry *driver_init(void);
+#endif
 
 /*
 ** The driver struct
@@ -212,7 +217,18 @@ ErlDrvEntry trace_file_driver_entry = {
     NULL,                  /* void * that is not used (BC) */
     trace_file_control,    /* F_PTR control, port_control callback */
     trace_file_timeout,    /* F_PTR timeout, driver_set_timer callback */
-    NULL                   /* F_PTR outputv, reserved */
+    NULL,                  /* F_PTR outputv, reserved */
+    NULL, /* ready_async */
+    NULL, /* flush */
+    NULL, /* call */
+    NULL, /* event */
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL,
 };
 
 /*
@@ -241,6 +257,7 @@ static ErlDrvData trace_file_start(ErlDrvPort port, char *buff)
     int n, w;
     static const char name[] = "trace_file_drv";
 
+
 #ifdef HARDDEBUG
     fprintf(stderr,"hello (%s)\r\n", buff);
 #endif
@@ -347,17 +364,18 @@ static void trace_file_stop(ErlDrvData handle)
 /*
 ** Data sent from erlang to port.
 */
-static void trace_file_output(ErlDrvData handle, char *buff, int bufflen)
+static void trace_file_output(ErlDrvData handle, char *buff,
+			      ErlDrvSizeT bufflen)
 {
     int heavy = 0;
     TraceFileData *data = (TraceFileData *) handle;
     unsigned char b[5] = "";
     put_be((unsigned) bufflen, b + 1);
-    switch (my_write(data, b, sizeof(b))) {
+    switch (my_write(data, (unsigned char *) b, sizeof(b))) {
     case 1:
 	heavy = !0;
     case 0:
-	switch (my_write(data, buff, bufflen)) {
+	switch (my_write(data, (unsigned char *) buff, bufflen)) {
 	case 1:
 	    heavy = !0;
 	case 0:
@@ -391,9 +409,10 @@ static void trace_file_output(ErlDrvData handle, char *buff, int bufflen)
 /*
 ** Control message from erlang, we handle $f, which is flush.
 */
-static int trace_file_control(ErlDrvData handle, unsigned int command, 
-			      char* buff, int count, 
-			      char** res, int res_size)
+static ErlDrvSSizeT trace_file_control(ErlDrvData handle,
+				       unsigned int command, 
+				       char* buff, ErlDrvSizeT count, 
+				       char** res, ErlDrvSizeT res_size)
 {
     if (command == 'f') {
 	TraceFileData *data = (TraceFileData *) handle;
@@ -636,3 +655,40 @@ static int wrap_file(TraceFileData *data) {
     return 0;
 }
 
+#ifdef __WIN32__
+static int win_open(char *path, int flags, int mask)
+{
+  DWORD access = 0;
+  DWORD creation = 0;
+  HANDLE fd;
+  int ret;
+  if (flags & O_WRONLY) {
+    access =  GENERIC_WRITE;
+  } else if (flags & O_RDONLY) {
+    access = GENERIC_READ;
+  } else {
+    access = (GENERIC_READ | GENERIC_WRITE);
+  } 
+  
+  if (flags & O_CREAT) {
+    creation |= CREATE_ALWAYS;
+  }  else {
+     creation |= OPEN_ALWAYS;
+  }
+
+  fd = CreateFileA(path, access,  
+		   FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 
+		   NULL, creation, FILE_ATTRIBUTE_NORMAL, NULL);
+  if (fd == INVALID_HANDLE_VALUE) {
+    
+    return -1;
+  }
+  
+  if ((ret = _open_osfhandle((intptr_t)fd, (flags & O_RDONLY) ? O_RDONLY : 0))
+      < 0) {
+    CloseHandle(fd);
+  }
+
+  return ret;
+}
+#endif
diff --git a/lib/runtime_tools/c_src/trace_ip_drv.c b/lib/runtime_tools/c_src/trace_ip_drv.c
index d2ed1a294b..7ae6c1b329 100644
--- a/lib/runtime_tools/c_src/trace_ip_drv.c
+++ b/lib/runtime_tools/c_src/trace_ip_drv.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 1999-2009. All Rights Reserved.
+ * Copyright Ericsson AB 1999-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -185,7 +185,8 @@ static TraceIpData *first_data;
 */
 static ErlDrvData trace_ip_start(ErlDrvPort port, char *buff);
 static void trace_ip_stop(ErlDrvData handle);
-static void trace_ip_output(ErlDrvData handle, char *buff, int bufflen);
+static void trace_ip_output(ErlDrvData handle, char *buff,
+			    ErlDrvSizeT bufflen);
 #ifdef __WIN32__
 static void trace_ip_event(ErlDrvData handle, ErlDrvEvent event);
 #endif
@@ -193,9 +194,10 @@ static void trace_ip_ready_input(ErlDrvData handle, ErlDrvEvent fd);
 static void trace_ip_ready_output(ErlDrvData handle, ErlDrvEvent fd);
 static void trace_ip_finish(void); /* No arguments, despite what might be stated
 				     in any documentation */
-static int trace_ip_control(ErlDrvData handle, unsigned int command, 
-			    char* buff, int count, 
-			    char** res, int res_size);
+static ErlDrvSSizeT trace_ip_control(ErlDrvData handle,
+				     unsigned int command, 
+				     char* buff, ErlDrvSizeT count, 
+				     char** res, ErlDrvSizeT res_size);
 
 /*
 ** Internal routines
@@ -210,11 +212,11 @@ static TraceIpData *lookup_data_by_port(int portno);
 static int set_nonblocking(SOCKET sock);
 static TraceIpMessage *make_buffer(int datasiz, unsigned char op, 
 				   unsigned number);
-static void enque_message(TraceIpData *data, unsigned char *buff, int bufflen,
+static void enque_message(TraceIpData *data, char *buff, int bufflen,
 			  int byteswritten);
 static void clean_que(TraceIpData *data);
 static void close_client(TraceIpData *data);
-static int trywrite(TraceIpData *data, unsigned char *buff, int bufflen);
+static int trywrite(TraceIpData *data, char *buff, int bufflen);
 static SOCKET my_accept(SOCKET sock);
 static void close_unlink_port(TraceIpData *data);
 enum MySelectOp { SELECT_ON, SELECT_OFF, SELECT_CLOSE };
@@ -382,7 +384,7 @@ static void trace_ip_stop(ErlDrvData handle)
 /*
 ** Data sent from erlang to port.
 */
-static void trace_ip_output(ErlDrvData handle, char *buff, int bufflen)
+static void trace_ip_output(ErlDrvData handle, char *buff, ErlDrvSizeT bufflen)
 {
     TraceIpData *data = (TraceIpData *) handle;
     if (data->flags & FLAG_LISTEN_PORT) {
@@ -516,7 +518,7 @@ static void trace_ip_ready_output(ErlDrvData handle, ErlDrvEvent fd)
     tim = data->que[data->questart];
     towrite = tim->siz - tim->written;
     while((res = write_until_done(data->fd, 
-				  tim->bin + tim->written, towrite)) 
+				  (char *)tim->bin + tim->written, towrite))
 	  == towrite) {
 	driver_free(tim);
 	data->que[data->questart] = NULL;
@@ -548,9 +550,10 @@ static void trace_ip_ready_output(ErlDrvData handle, ErlDrvEvent fd)
 /*
 ** Control message from erlang, we handle $p, which is get_listen_port.
 */
-static int trace_ip_control(ErlDrvData handle, unsigned int command, 
-			      char* buff, int count, 
-			      char** res, int res_size)
+static ErlDrvSSizeT trace_ip_control(ErlDrvData handle,
+				     unsigned int command, 
+				     char* buff, ErlDrvSizeT count, 
+				     char** res, ErlDrvSizeT res_size)
 {
     register void *void_ptr; /* Soft type cast */
 
@@ -558,7 +561,7 @@ static int trace_ip_control(ErlDrvData handle, unsigned int command,
 	TraceIpData *data = (TraceIpData *) handle;
 	ErlDrvBinary *b = my_alloc_binary(3);
 	b->orig_bytes[0] = '\0'; /* OK */
-	put_be16(data->listen_portno, &(b->orig_bytes[1]));
+	put_be16(data->listen_portno, (unsigned char *)&(b->orig_bytes[1]));
 	*res = void_ptr = b;
 	return 0;
     } 
@@ -693,7 +696,7 @@ static TraceIpMessage *make_buffer(int datasiz, unsigned char op,
 ** Add message to que, discarding in a politically correct way...
 ** The FLAG_DROP_OLDEST is currently ingored...
 */
-static void enque_message(TraceIpData *data, unsigned char *buff, int bufflen,
+static void enque_message(TraceIpData *data, char *buff, int bufflen,
 			  int byteswritten)
 {
     int diff = data->questop - data->questart;
@@ -760,13 +763,13 @@ static void close_client(TraceIpData *data)
 ** Try to write a message from erlang directly (only called when que is empty 
 ** and client is connected)
 */
-static int trywrite(TraceIpData *data, unsigned char *buff, int bufflen)
+static int trywrite(TraceIpData *data, char *buff, int bufflen)
 {
-    unsigned char op[5];
+    char op[5];
     int res;
 
     op[0] = OP_BINARY;
-    put_be32(bufflen, op + 1);
+    put_be32(bufflen, (unsigned char *)op + 1);
 
     if ((res = write_until_done(data->fd, op, 5)) < 0) {
 	close_client(data);
@@ -790,7 +793,11 @@ static int trywrite(TraceIpData *data, unsigned char *buff, int bufflen)
 static SOCKET my_accept(SOCKET sock)
 {
     struct sockaddr_in sin;
-    int sin_size = sizeof(sin);
+#ifdef HAVE_SOCKLEN_T
+    socklen_t sin_size = sizeof(sin);
+#else
+    int sin_size = (int) sizeof(sin);
+#endif
 
     return accept(sock, (struct sockaddr *) &sin, &sin_size);
 }
diff --git a/lib/runtime_tools/doc/src/notes.xml b/lib/runtime_tools/doc/src/notes.xml
index 0bb76e1ea4..ccf11bf0fe 100644
--- a/lib/runtime_tools/doc/src/notes.xml
+++ b/lib/runtime_tools/doc/src/notes.xml
@@ -31,6 +31,56 @@
   <p>This document describes the changes made to the Runtime_Tools
     application.</p>
 
+<section><title>Runtime_Tools 1.8.7</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Earlier dbg:stop only did erlang:trace_delivered and did
+	    not flush the trace file driver. Therefore there could
+	    still be trace messages that were delivered to the driver
+	    (guaranteed by erlang:trace_delivered) but not yet
+	    written to the file when dbg:stop returned. Flushing is
+	    now added on each node before the dbg process terminates.</p>
+          <p>
+	    Own Id: OTP-9651</p>
+        </item>
+        <item>
+          <p>
+	    File handles created by the trace_file_drv driver was
+	    inherited to child processes. This is now corrected.</p>
+          <p>
+	    Own Id: OTP-9658</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Two new built-in trace pattern aliases have been added:
+	    caller_trace (c) and caller_exception_trace (cx). See the
+	    dbg:ltp/0 documentation for more info.</p>
+          <p>
+	    Own Id: OTP-9458</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Runtime_Tools 1.8.6</title>
 
     <section><title>Improvements and New Features</title>
diff --git a/lib/runtime_tools/src/Makefile b/lib/runtime_tools/src/Makefile
index 46b570210a..946409b262 100644
--- a/lib/runtime_tools/src/Makefile
+++ b/lib/runtime_tools/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/runtime_tools/src/erts_alloc_config.erl b/lib/runtime_tools/src/erts_alloc_config.erl
index 1a57c94443..284e88d4a7 100644
--- a/lib/runtime_tools/src/erts_alloc_config.erl
+++ b/lib/runtime_tools/src/erts_alloc_config.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -472,7 +472,7 @@ au_conf_alloc(#conf{format_to = FTO} = Conf,
 	_ ->
 	    fc(FTO, "~p instances used.",
 	       [Insts]),
-	    format(FTO, " +M~ct ~p~n", [alloc_char(A), Insts])
+	    format(FTO, " +M~ct true~n", [alloc_char(A)])
     end,	    
     mmbcs(Conf, Alc),
     smbcs_lmbcs_mmmbc(Conf, Alc),
diff --git a/lib/runtime_tools/src/inviso_rt_lib.erl b/lib/runtime_tools/src/inviso_rt_lib.erl
index ee6a72ae0c..5dfe14068a 100644
--- a/lib/runtime_tools/src/inviso_rt_lib.erl
+++ b/lib/runtime_tools/src/inviso_rt_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2005-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/runtime_tools/src/observer_backend.erl b/lib/runtime_tools/src/observer_backend.erl
index 9c1f9da5b1..2f8ffbcdb6 100644
--- a/lib/runtime_tools/src/observer_backend.erl
+++ b/lib/runtime_tools/src/observer_backend.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,6 +21,9 @@
 %% General
 -export([vsn/0]).
 
+%% observer stuff
+-export([sys_info/0, get_table/3, get_table_list/2]).
+
 %% etop stuff
 -export([etop_collect/1]).
 -include("observer_backend.hrl").
@@ -42,7 +45,158 @@ vsn() ->
 	Error -> Error
     end.
 
+%%
+%% observer backend
+%%
+sys_info() ->
+    {{_,Input},{_,Output}} = erlang:statistics(io),
+    [{process_count, erlang:system_info(process_count)},
+     {process_limit, erlang:system_info(process_limit)},
+     {uptime, element(1, erlang:statistics(wall_clock))},
+     {run_queue, erlang:statistics(run_queue)},
+     {io_input, Input},
+     {io_output,  Output},
+     {logical_processors, erlang:system_info(logical_processors)},
+     {logical_processors_available, erlang:system_info(logical_processors_available)},
+     {logical_processors_online, erlang:system_info(logical_processors_online)},
+
+     {otp_release, erlang:system_info(otp_release)},
+     {version, erlang:system_info(version)},
+     {system_architecture, erlang:system_info(system_architecture)},
+     {kernel_poll, erlang:system_info(kernel_poll)},
+     {smp_support, erlang:system_info(smp_support)},
+     {threads, erlang:system_info(threads)},
+     {thread_pool_size, erlang:system_info(thread_pool_size)},
+     {wordsize_internal, erlang:system_info({wordsize, internal})},
+     {wordsize_external, erlang:system_info({wordsize, external})} |
+     erlang:memory()
+    ].
+
+get_table(Parent, Table, Module) ->
+    spawn(fun() ->
+		  link(Parent),
+		  get_table2(Parent, Table, Module)
+	  end).
+
+get_table2(Parent, Table, Type) ->
+    Size = case Type of
+	       ets -> ets:info(Table, size);
+	       mnesia -> mnesia:table_info(Table, size)
+	   end,
+    case Size > 0 of
+	false ->
+	    Parent ! {self(), '$end_of_table'},
+	    normal;
+	true when Type =:= ets ->
+	    Mem = ets:info(Table, memory),
+	    Average = Mem div Size,
+	    NoElements = max(10, 20000 div Average),
+	    get_ets_loop(Parent, ets:match(Table, '$1', NoElements));
+	true ->
+	    Mem = mnesia:table_info(Table, memory),
+	    Average = Mem div Size,
+	    NoElements = max(10, 20000 div Average),
+	    Ms = [{'$1', [], ['$1']}],
+	    Get = fun() ->
+			  get_mnesia_loop(Parent, mnesia:select(Table, Ms, NoElements, read))
+		  end,
+	    %% Not a transaction, we don't want to grab locks when inspecting the table
+	    mnesia:async_dirty(Get)
+    end.
 
+get_ets_loop(Parent, '$end_of_table') ->
+    Parent ! {self(), '$end_of_table'};
+get_ets_loop(Parent, {Match, Cont}) ->
+    Parent ! {self(), Match},
+    get_ets_loop(Parent, ets:match(Cont)).
+
+get_mnesia_loop(Parent, '$end_of_table') ->
+    Parent ! {self(), '$end_of_table'};
+get_mnesia_loop(Parent, {Match, Cont}) ->
+    Parent ! {self(), Match},
+    get_mnesia_loop(Parent, mnesia:select(Cont)).
+
+get_table_list(ets, Opts) ->
+    HideUnread = proplists:get_value(unread_hidden, Opts, true),
+    HideSys = proplists:get_value(sys_hidden, Opts, true),
+    Info = fun(Id, Acc) ->
+		   try
+		       TabId = case ets:info(Id, named_table) of
+				   true -> ignore;
+				   false -> Id
+			       end,
+		       Name = ets:info(Id, name),
+		       Protection = ets:info(Id, protection),
+		       ignore(HideUnread andalso Protection == private, unreadable),
+		       Owner = ets:info(Id, owner),
+		       RegName = case catch process_info(Owner, registered_name) of
+				     [] -> ignore;
+				     {registered_name, ProcName} -> ProcName
+				 end,
+		       ignore(HideSys andalso ordsets:is_element(RegName, sys_processes()), system_tab),
+		       ignore(HideSys andalso ordsets:is_element(Name, sys_tables()), system_tab),
+		       ignore((RegName == mnesia_monitor)
+			      andalso Name /= schema
+			      andalso is_atom((catch mnesia:table_info(Name, where_to_read))), mnesia_tab),
+		       Memory = ets:info(Id, memory) * erlang:system_info(wordsize),
+		       Tab = [{name,Name},
+			      {id,TabId},
+			      {protection,Protection},
+			      {owner,Owner},
+			      {size,ets:info(Id, size)},
+			      {reg_name,RegName},
+			      {type,ets:info(Id, type)},
+			      {keypos,ets:info(Id, keypos)},
+			      {heir,ets:info(Id, heir)},
+			      {memory,Memory},
+			      {compressed,ets:info(Id, compressed)},
+			      {fixed,ets:info(Id, fixed)}
+			     ],
+		       [Tab|Acc]
+		   catch _:_What ->
+			   %% io:format("Skipped ~p: ~p ~n",[Id, _What]),
+			   Acc
+		   end
+	   end,
+    lists:foldl(Info, [], ets:all());
+
+get_table_list(mnesia, Opts) ->
+    HideSys = proplists:get_value(sys_hidden, Opts, true),
+    Owner = ets:info(schema, owner),
+    Owner /= undefined orelse
+	throw({error, "Mnesia is not running on: " ++ atom_to_list(node())}),
+    {registered_name, RegName} = process_info(Owner, registered_name),
+    Info = fun(Id, Acc) ->
+		   try
+		       Name = Id,
+		       ignore(HideSys andalso ordsets:is_element(Name, mnesia_tables()), system_tab),
+		       ignore(Name =:= schema, mnesia_tab),
+		       Storage = mnesia:table_info(Id, storage_type),
+		       Tab0 = [{name,Name},
+			       {owner,Owner},
+			       {size,mnesia:table_info(Id, size)},
+			       {reg_name,RegName},
+			       {type,mnesia:table_info(Id, type)},
+			       {keypos,2},
+			       {memory,mnesia:table_info(Id, memory) * erlang:system_info(wordsize)},
+			       {storage,Storage},
+			       {index,mnesia:table_info(Id, index)}
+			      ],
+		       Tab = if Storage == disc_only_copies ->
+				     [{fixed, dets:info(Id, safe_fixed)}|Tab0];
+				(Storage == ram_copies) orelse
+				(Storage == disc_copies) ->
+				     [{fixed, ets:info(Id, fixed)},
+				      {compressed, ets:info(Id, compressed)}|Tab0];
+				true -> Tab0
+			     end,
+		       [Tab|Acc]
+		   catch _:_What ->
+			   %% io:format("Skipped ~p: ~p ~p ~n",[Id, _What, erlang:get_stacktrace()]),
+			   Acc
+		   end
+	   end,
+    lists:foldl(Info, [], mnesia:system_info(tables)).
 
 %%
 %% etop backend
@@ -395,3 +549,62 @@ match_filenames(Dir,MetaFile,[H|T],Files) ->
     end;
 match_filenames(_Dir,_MetaFile,[],Files) ->
     Files.
+
+
+%%%%%%%%%%%%%%%%%
+
+sys_tables() ->
+    [ac_tab,  asn1,
+     cdv_dump_index_table,  cdv_menu_table,  cdv_decode_heap_table,
+     cell_id,  cell_pos,  clist,
+     cover_internal_data_table,   cover_collected_remote_data_table, cover_binary_code_table,
+     code, code_names,  cookies,
+     corba_policy,  corba_policy_associations,
+     dets, dets_owners, dets_registry,
+     disk_log_names, disk_log_pids,
+     eprof,  erl_atom_cache, erl_epmd_nodes,
+     etop_accum_tab,  etop_tr,
+     ets_coverage_data,
+     file_io_servers,
+     gs_mapping, gs_names,  gstk_db,
+     gstk_grid_cellid, gstk_grid_cellpos, gstk_grid_id,
+     httpd,
+     id,
+     ign_req_index, ign_requests,
+     index,
+     inet_cache, inet_db, inet_hosts,
+     'InitialReferences',
+     int_db,
+     interpreter_includedirs_macros,
+     ir_WstringDef,
+     lmcounter,  locks,
+						%     mnesia_decision,
+     mnesia_gvar, mnesia_stats,
+						%     mnesia_transient_decision,
+     pg2_table,
+     queue,
+     schema,
+     shell_records,
+     snmp_agent_table, snmp_local_db2, snmp_mib_data, snmp_note_store, snmp_symbolic_ets,
+     tkFun, tkLink, tkPriv,
+     ttb, ttb_history_table,
+     udp_fds, udp_pids
+    ].
+
+sys_processes() ->
+    [auth, code_server, global_name_server, inet_db,
+     mnesia_recover, net_kernel, timer_server, wxe_master].
+
+mnesia_tables() ->
+    [ir_AliasDef, ir_ArrayDef, ir_AttributeDef, ir_ConstantDef,
+     ir_Contained, ir_Container, ir_EnumDef, ir_ExceptionDef,
+     ir_IDLType, ir_IRObject, ir_InterfaceDef, ir_ModuleDef,
+     ir_ORB, ir_OperationDef, ir_PrimitiveDef, ir_Repository,
+     ir_SequenceDef, ir_StringDef, ir_StructDef, ir_TypedefDef,
+     ir_UnionDef, logTable, logTransferTable, mesh_meas,
+     mesh_type, mnesia_clist, orber_CosNaming,
+     orber_objkeys, user
+    ].
+
+ignore(true, Reason) -> throw(Reason);
+ignore(_,_ ) -> ok.
diff --git a/lib/runtime_tools/src/runtime_tools.app.src b/lib/runtime_tools/src/runtime_tools.app.src
index 095567b165..76fd998530 100644
--- a/lib/runtime_tools/src/runtime_tools.app.src
+++ b/lib/runtime_tools/src/runtime_tools.app.src
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/runtime_tools/src/runtime_tools_sup.erl b/lib/runtime_tools/src/runtime_tools_sup.erl
index 4fcb2292d0..913719c449 100644
--- a/lib/runtime_tools/src/runtime_tools_sup.erl
+++ b/lib/runtime_tools/src/runtime_tools_sup.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2006-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2006-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/runtime_tools/test/inviso_SUITE.erl b/lib/runtime_tools/test/inviso_SUITE.erl
index 758867cf45..33626ffd9e 100644
--- a/lib/runtime_tools/test/inviso_SUITE.erl
+++ b/lib/runtime_tools/test/inviso_SUITE.erl
@@ -66,13 +66,18 @@ end_per_group(_GroupName, Config) ->
 
 
 init_per_suite(Config) ->
-    %% No never know who skrewed up this node before this suite! :-)
-    erlang:trace_pattern({'_','_','_'},[],[local]),
-    erlang:trace_pattern({'_','_','_'},[],[global]),
-    erlang:trace(all,false,[all]),
+    case test_server:is_native(lists) of
+	true ->
+	    {skip,"Native libs -- tracing doesn't work"};
+	false ->
+	    %% We never know who messed up this node before this suite! :-)
+	    erlang:trace_pattern({'_','_','_'},[],[local]),
+	    erlang:trace_pattern({'_','_','_'},[],[global]),
+	    erlang:trace(all,false,[all]),
 
-    ?l ok=application:start(runtime_tools),
-    Config.
+	    ok=application:start(runtime_tools),
+	    Config
+    end.
 
 end_per_suite(_Config) ->
     ?l ok=application:stop(runtime_tools).
diff --git a/lib/runtime_tools/vsn.mk b/lib/runtime_tools/vsn.mk
index 0bcd261861..3fbc1b3379 100644
--- a/lib/runtime_tools/vsn.mk
+++ b/lib/runtime_tools/vsn.mk
@@ -1 +1 @@
-RUNTIME_TOOLS_VSN = 1.8.6
+RUNTIME_TOOLS_VSN = 1.8.7
diff --git a/lib/sasl/doc/src/appup.xml b/lib/sasl/doc/src/appup.xml
index 195f9fe1d3..770b7c2492 100644
--- a/lib/sasl/doc/src/appup.xml
+++ b/lib/sasl/doc/src/appup.xml
@@ -332,7 +332,7 @@ restart_new_emulator
     <p>An info report will be written when the upgrade is
       completed. To programatically find out if the upgrade is
       complete,
-      call <seealso marker="release_handler#which_release/0">
+      call <seealso marker="release_handler#which_releases/0">
       release_handler:which_releases</seealso> and check if the
       expected release has status <c>current</c>.</p>
     <p>The new release must still be made permanent after the upgrade
diff --git a/lib/sasl/doc/src/notes.xml b/lib/sasl/doc/src/notes.xml
index 01cdc4b29e..2f22a8ec43 100644
--- a/lib/sasl/doc/src/notes.xml
+++ b/lib/sasl/doc/src/notes.xml
@@ -30,6 +30,71 @@
   </header>
   <p>This document describes the changes made to the SASL application.</p>
 
+<section><title>SASL 2.2</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fix the mechanism for upgrading emulator.</p>
+          <p>
+	    The appup files for kernel, stdlib and sasl do now
+	    recognize two major releases back and include a
+	    'restart_new_emulator' instruction. </p>
+          <p>
+	    Appup files can include regular expressions for matching
+	    earlier releases.</p>
+          <p>
+	    The mechanism for upgrading the emulator is changed so
+	    'restart_new_emulator' will be the first instruction
+	    executed. The rest of the upgrade instruction will be
+	    executed after the emulator restart.</p>
+          <p>
+	    A new upgrade instruction 'restart_emulator' is added for
+	    the case where the emulator shall be restarted after all
+	    other upgrade instructions.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9438</p>
+        </item>
+        <item>
+          <p>
+	    Add release_handler:which_releases/1</p>
+          <p>
+	    This is an extension to which_releases that allows a user
+	    to specify the status of the releases they wish to be
+	    returned. For instance it allows for quickly determining
+	    which release is 'permanent' without the need of parsing
+	    the entire release list. (Thanks to Joe Williams)</p>
+          <p>
+	    Own Id: OTP-9717</p>
+        </item>
+        <item>
+          <p>
+	    Add copy of rel file in releases/Vsn in release tar file</p>
+          <p>
+	    systool:make_tar stores the rel file in the releases
+	    directory. When unpacking with
+	    release_handler:unpack_release, the file is automatically
+	    moved to releases/Vsn/. If, however, the tar file is
+	    unpacked manually, the rel file might not be moved, and
+	    the next release unpacked might overwrite the rel file.
+	    To overcome this, systools:make_tar now stores a copy of
+	    the rel file in releases/Vsn/ directly and it is not
+	    longer necessary to move the file after unpacking.</p>
+          <p>
+	    The reason for keeping the file in the releases directory
+	    also is that is needs to be extracted separately before
+	    the release version (Vsn) is known.</p>
+          <p>
+	    Own Id: OTP-9746</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>SASL 2.1.10</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/sasl/doc/src/rb.xml b/lib/sasl/doc/src/rb.xml
index f35ceb5777..3da825878e 100644
--- a/lib/sasl/doc/src/rb.xml
+++ b/lib/sasl/doc/src/rb.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1996</year><year>2010</year>
+      <year>1996</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -123,7 +123,9 @@
       <fsummary>List all reports</fsummary>
       <type>
         <v>Type = type()</v>
-        <v>type() = crash_report | supervisor_report | error | progress</v>
+        <v>type() = error | error_report | info_msg | info_report |
+        warning_msg | warning_report | crash_report |
+        supervisor_report | progress</v>
       </type>
       <desc>
         <p>This function lists all reports loaded in the
diff --git a/lib/sasl/doc/src/release_handler.xml b/lib/sasl/doc/src/release_handler.xml
index 7f32100d4b..e3438ede41 100644
--- a/lib/sasl/doc/src/release_handler.xml
+++ b/lib/sasl/doc/src/release_handler.xml
@@ -64,10 +64,10 @@
       downgraded to the specified version by evaluating the instructions
       in <c>relup</c>. An installed release can be made
       <em>permanent</em>. There can only be one permanent release in
-      the system, and this is the release that is used if the system is
-      restarted. An installed release, except the permanent one, can be
-      <em>removed</em>. When a release is removed, all files that
-      belong to that release only are deleted.</p>
+      the system, and this is the release that is used if the system
+      is restarted. An installed release, except the permanent one,
+      can be <em>removed</em>. When a release is removed, all files
+      that belong to that release only are deleted.</p>
     <p>Each version of the release has a status. The status can be
       <c>unpacked</c>, <c>current</c>, <c>permanent</c>, or <c>old</c>.
       There is always one latest release which either has status
@@ -107,16 +107,17 @@ old        reboot_old            permanent
       restarted. This is taken care of automatically if Erlang is
       started as an embedded system. Read about this in <em>Embedded System</em>. In this case, the system configuration file
       <c>sys.config</c> is mandatory.</p>
-    <p>A new release may restart the system. Which program to use is
-      specified by the SASL configuration parameter <c>start_prg</c>
-      which defaults to <c>$ROOT/bin/start</c>.</p>
+    <p>The installation of a new release may restart the system. Which
+      program to use is specified by the SASL configuration
+      parameter <c>start_prg</c> which defaults
+      to <c>$ROOT/bin/start</c>.</p>
     <p>The emulator restart on Windows NT expects that the system is
       started using the <c>erlsrv</c> program (as a service).
       Furthermore the release handler expects that the service is named 
       <em>NodeName</em>_<em>Release</em>, where <em>NodeName</em> is
       the first part of the Erlang nodename (up to, but not including
-      the "@") and <em>Release</em> is the current release of
-      the application. The release handler furthermore expects that a
+      the "@") and <em>Release</em> is the current version of
+      the release. The release handler furthermore expects that a
       program like <c>start_erl.exe</c> is specified as "machine" to
       <c>erlsrv</c>. During upgrading with restart, a new service will
       be registered and started. The new service will be set to
@@ -484,7 +485,7 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
         <c>release_handler</c> to end up in an inconsistent state.</p>
       <p>No persistent information is updated, why these functions can
         be used on any Erlang node, embedded or not. Also, using these
-        functions does not effect which code will be loaded in case of
+        functions does not affect which code will be loaded in case of
         a reboot.</p>
       <p>If the upgrade or downgrade fails, the application may end up
         in an inconsistent state.</p>
@@ -492,7 +493,7 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
   </section>
   <funcs>
     <func>
-      <name>upgrade_app(App, Dir) -> {ok, Unpurged} | restart_new_emulator | {error, Reason}</name>
+      <name>upgrade_app(App, Dir) -> {ok, Unpurged} | restart_emulator | {error, Reason}</name>
       <fsummary>Upgrade to a new application version</fsummary>
       <type>
         <v>App = atom()</v>
@@ -521,14 +522,21 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
           does.</p>
         <p>Returns <c>{ok, Unpurged}</c> if evaluating the script is
           successful, where <c>Unpurged</c> is a list of unpurged
-          modules, or <c>restart_new_emulator</c> if this instruction is
+          modules, or <c>restart_emulator</c> if this instruction is
           encountered in the script, or <c>{error, Reason}</c> if
           an error occurred when finding or evaluating the script.</p>
+	<p>If the <c>restart_new_emulator</c> instruction is found in
+	  the script, <c>upgrade_app/2</c> will return
+	  <c>{error,restart_new_emulator}</c>. The reason for this is
+	  that this instruction requires that a new version of the
+	  emulator is started before the rest of the upgrade
+	  instructions can be executed, and this can only be done by
+          <c>install_release/1,2</c>.</p>
       </desc>
     </func>
     <func>
       <name>downgrade_app(App, Dir) -></name>
-      <name>downgrade_app(App, OldVsn, Dir) -> {ok, Unpurged} | restart_new_emulator | {error, Reason}</name>
+      <name>downgrade_app(App, OldVsn, Dir) -> {ok, Unpurged} | restart_emulator | {error, Reason}</name>
       <fsummary>Downgrade to a previous application version</fsummary>
       <type>
         <v>App = atom()</v>
@@ -562,7 +570,7 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
           does.</p>
         <p>Returns <c>{ok, Unpurged}</c> if evaluating the script is
           successful, where <c>Unpurged</c> is a list of unpurged
-          modules, or <c>restart_new_emulator</c> if this instruction is
+          modules, or <c>restart_emulator</c> if this instruction is
           encountered in the script, or <c>{error, Reason}</c> if
           an error occurred when finding or evaluating the script.</p>
       </desc>
@@ -638,7 +646,7 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
       </desc>
     </func>
     <func>
-      <name>eval_appup_script(App, ToVsn, ToDir, Script) -> {ok, Unpurged} | restart_new_emulator | {error, Reason}</name>
+      <name>eval_appup_script(App, ToVsn, ToDir, Script) -> {ok, Unpurged} | restart_emulator | {error, Reason}</name>
       <fsummary>Evaluate an application upgrade or downgrade script</fsummary>
       <type>
         <v>App = atom()</v>
@@ -651,8 +659,8 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
       <desc>
         <p>Evaluates an application upgrade or downgrade script
           <c>Script</c>, the result from calling
-          <seealso marker="#upgrade_app/2">upgrade_app/2</seealso> or
-          <seealso marker="#downgrade_app/3">downgrade_app/2,3</seealso>,
+          <seealso marker="#upgrade_app/2">upgrade_script/2</seealso> or
+          <seealso marker="#downgrade_app/3">downgrade_script/3</seealso>,
           exactly in the same way as
           <seealso marker="#install_release/1">install_release/1,2</seealso>
           does.</p>
@@ -663,9 +671,16 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
           <c>.appup</c> files should be located under <c>Dir/ebin</c>.</p>
         <p>Returns <c>{ok, Unpurged}</c> if evaluating the script is
           successful, where <c>Unpurged</c> is a list of unpurged
-          modules, or <c>restart_new_emulator</c> if this instruction is
+          modules, or <c>restart_emulator</c> if this instruction is
           encountered in the script, or <c>{error, Reason}</c> if
           an error occurred when evaluating the script.</p>
+	<p>If the <c>restart_new_emulator</c> instruction is found in
+	  the script, <c>eval_appup_script/4</c> will return
+	  <c>{error,restart_new_emulator}</c>. The reason for this is
+	  that this instruction requires that a new version of the
+	  emulator is started before the rest of the upgrade
+	  instructions can be executed, and this can only be done by
+          <c>install_release/1,2</c>.</p>
       </desc>
     </func>
   </funcs>
diff --git a/lib/sasl/doc/src/systools.xml b/lib/sasl/doc/src/systools.xml
index fa2fcbf534..84fed0a25f 100644
--- a/lib/sasl/doc/src/systools.xml
+++ b/lib/sasl/doc/src/systools.xml
@@ -138,8 +138,9 @@
       <fsummary>Generate a boot script <c>.script/.boot</c>.</fsummary>
       <type>
         <v>Name = string()</v>
-        <v>Opt = src_tests | {path,[Dir]} | local | {variables,[Var]} | exref | {exref,[App]}]
-	| silent | {outdir,Dir} | warnings_as_errors</v>
+        <v>Opt = src_tests | {path,[Dir]} | local | {variables,[Var]} | exref |
+	  {exref,[App]}] | silent | {outdir,Dir} | no_warn_sasl |
+	  warnings_as_errors</v>
         <v>&nbsp;Dir = string()</v>
         <v>&nbsp;Var = {VarName,Prefix}</v>
         <v>&nbsp;&nbsp;VarName = Prefix = string()</v>
@@ -195,6 +196,14 @@
         <p>The applications are sorted according to the dependencies
           between the applications. Where there are no dependencies,
           the order in the <c>.rel</c> file is kept.</p>
+	<p>The function will fail if the mandatory
+	  applications <c>kernel</c> and <c>stdlib</c> are not
+	  included in the <c>.rel</c> file and have start
+	  type <c>permanent</c> (default).</p>
+	<p>If <c>sasl</c> is not included as an application in
+	  the <c>.rel</c> file, a warning is emitted because such a
+	  release can not be used in an upgrade. To turn off this
+	  warning, add the option <c>no_warn_sasl</c>.</p>
         <p>All files are searched for in the current path. It is
           assumed that the <c>.app</c> and <c>.beam</c> files for an
           application is located in the same directory. The <c>.erl</c>
@@ -225,7 +234,7 @@
         <p>Example: If the option <c>{variables,[{"TEST","lib"}]}</c> is
           supplied, and <c>myapp.app</c> is found in
           <c>lib/myapp/ebin</c>, then the path to this application in
-          the boot script will be <c>$TEST/myapp-1/ebin"</c>. If
+          the boot script will be <c>"$TEST/myapp-1/ebin"</c>. If
           <c>myapp.app</c> is found in <c>lib/test</c>, then the path
           will be <c>$TEST/test/myapp-1/ebin</c>.</p>
         <p>The checks performed before the boot script is generated can
diff --git a/lib/sasl/examples/src/target_system.erl b/lib/sasl/examples/src/target_system.erl
index 0e1e0b2324..ffc0fcf443 100644
--- a/lib/sasl/examples/src/target_system.erl
+++ b/lib/sasl/examples/src/target_system.erl
@@ -16,6 +16,7 @@
 %%
 %% %CopyrightEnd%
 %%
+%module
 -module(target_system).
 -export([create/1, create/2, install/2]).
 
@@ -130,14 +131,14 @@ install(RelFileName, RootDir) ->
     [ErlVsn, _RelVsn| _] = string:tokens(StartErlData, " \n"),
     ErtsBinDir = filename:join([RootDir, "erts-" ++ ErlVsn, "bin"]),
     BinDir = filename:join([RootDir, "bin"]),
-    io:fwrite("Substituting in erl.src, start.src and start_erl.src to\n"
+    io:fwrite("Substituting in erl.src, start.src and start_erl.src to "
               "form erl, start and start_erl ...\n"),
     subst_src_scripts(["erl", "start", "start_erl"], ErtsBinDir, BinDir, 
                       [{"FINAL_ROOTDIR", RootDir}, {"EMU", "beam"}],
                       [preserve]),
     io:fwrite("Creating the RELEASES file ...\n"),
-    create_RELEASES(RootDir, 
-                    filename:join([RootDir, "releases", RelFileName])).
+    create_RELEASES(RootDir, filename:join([RootDir, "releases",
+					    filename:basename(RelFileName)])).
 
 %% LOCALS 
 
@@ -257,3 +258,4 @@ remove_all_files(Dir, Files) ->
                                   file:delete(FilePath)
                           end
                   end, Files).
+%module
diff --git a/lib/sasl/src/release_handler.erl b/lib/sasl/src/release_handler.erl
index 4e8cb4628c..8d2b9c35d3 100644
--- a/lib/sasl/src/release_handler.erl
+++ b/lib/sasl/src/release_handler.erl
@@ -842,8 +842,13 @@ do_unpack_release(Root, RelDir, ReleaseName, Releases) ->
     extract_tar(Root, Tar),
     NewReleases = [Release#release{status = unpacked} | Releases],
     write_releases(RelDir, NewReleases, false),
+
+    %% Keeping this for backwards compatibility reasons with older
+    %% systools:make_tar, where there is no copy of the .rel file in
+    %% the releases/<vsn> dir. See OTP-9746.
     Dir = filename:join([RelDir, Vsn]),
     copy_file(RelFile, Dir, false),
+
     {ok, NewReleases, Vsn}.
 
 %% Note that this function is not executed by a client
@@ -1050,38 +1055,50 @@ new_emulator_make_tmp_release(CurrentRelease,ToRelease,RelDir,Opts,Masters) ->
     CurrentVsn = CurrentRelease#release.vsn,
     ToVsn = ToRelease#release.vsn,
     TmpVsn = ?tmp_vsn(CurrentVsn),
-    BaseApps = [kernel,stdlib,sasl],
-    BaseLibs = [{App,Vsn,Lib} || {App,Vsn,Lib} <- ToRelease#release.libs,
-				 lists:member(App,BaseApps)],
-    check_base_libs(BaseLibs,ToVsn),
-    OldBaseLibs = [{App,Vsn,Lib} || {App,Vsn,Lib} <- CurrentRelease#release.libs,
-				    lists:member(App,BaseApps)],
-    check_base_libs(OldBaseLibs,CurrentVsn),
-    RestLibs = [{App,Vsn,Lib} || {App,Vsn,Lib} <- CurrentRelease#release.libs,
-				 not lists:member(App,BaseApps)],
-    TmpRelease = CurrentRelease#release{vsn=TmpVsn,
-					erts_vsn=ToRelease#release.erts_vsn,
-					libs = BaseLibs ++ RestLibs,
-					status = unpacked},
-    new_emulator_make_hybrid_boot(CurrentVsn,ToVsn,TmpVsn,BaseLibs,
-				  RelDir,Opts,Masters),
-    new_emulator_make_hybrid_config(CurrentVsn,ToVsn,TmpVsn,RelDir,Masters),
-    {TmpVsn,TmpRelease}.
-
-check_base_libs([_,_,_]=BaseLibs,_Vsn) ->
-    [Kernel,Sasl,Stdlib] = lists:keysort(1,BaseLibs),
-    [Kernel,Stdlib,Sasl];
-check_base_libs(SomeMissing,Vsn) ->
-    find_missing(SomeMissing,[kernel,stdlib,sasl],Vsn).
-
-find_missing(SomeMissing,[H|T],Vsn) ->
-    case lists:keymember(H,1,SomeMissing) of
-	true ->
-	    find_missing(SomeMissing,T,Vsn);
-	false ->
-	    throw({error,{missing_base_app,Vsn,H}})
+    case get_base_libs(ToRelease#release.libs) of
+	{ok,{Kernel,Stdlib,Sasl}=BaseLibs,_} ->
+	    case get_base_libs(ToRelease#release.libs) of
+		{ok,_,RestLibs} ->
+		    TmpErtsVsn = ToRelease#release.erts_vsn,
+		    TmpLibs = [Kernel,Stdlib,Sasl|RestLibs],
+		    TmpRelease = CurrentRelease#release{vsn=TmpVsn,
+							erts_vsn=TmpErtsVsn,
+							libs = TmpLibs,
+							status = unpacked},
+		    new_emulator_make_hybrid_boot(CurrentVsn,ToVsn,TmpVsn,
+						  BaseLibs,RelDir,Opts,Masters),
+		    new_emulator_make_hybrid_config(CurrentVsn,ToVsn,TmpVsn,
+						    RelDir,Masters),
+		    {TmpVsn,TmpRelease};
+		{error,{missing,Missing}} ->
+		    throw({error,{missing_base_app,CurrentVsn,Missing}})
+	    end;
+	{error,{missing,Missing}} ->
+	    throw({error,{missing_base_app,ToVsn,Missing}})
     end.
 
+%% Get kernel, stdlib and sasl libs,
+%% and also return the rest of the libs as a list.
+%% Return error if any of kernel, stdlib or sasl does not exist.
+get_base_libs(Libs) ->
+    get_base_libs(Libs,undefined,undefined,undefined,[]).
+get_base_libs([{kernel,_,_}=Kernel|Libs],undefined,Stdlib,Sasl,Rest) ->
+    get_base_libs(Libs,Kernel,Stdlib,Sasl,Rest);
+get_base_libs([{stdlib,_,_}=Stdlib|Libs],Kernel,undefined,Sasl,Rest) ->
+    get_base_libs(Libs,Kernel,Stdlib,Sasl,Rest);
+get_base_libs([{sasl,_,_}=Sasl|Libs],Kernel,Stdlib,undefined,Rest) ->
+    get_base_libs(Libs,Kernel,Stdlib,Sasl,Rest);
+get_base_libs([Lib|Libs],Kernel,Stdlib,Sasl,Rest) ->
+    get_base_libs(Libs,Kernel,Stdlib,Sasl,[Lib|Rest]);
+get_base_libs([],undefined,_Stdlib,_Sasl,_Rest) ->
+    {error,{missing,kernel}};
+get_base_libs([],_Kernel,undefined,_Sasl,_Rest) ->
+    {error,{missing,stdlib}};
+get_base_libs([],_Kernel,_Stdlib,undefined,_Rest) ->
+    {error,{missing,sasl}};
+get_base_libs([],Kernel,Stdlib,Sasl,Rest) ->
+    {ok,{Kernel,Stdlib,Sasl},lists:reverse(Rest)}.
+
 new_emulator_make_hybrid_boot(CurrentVsn,ToVsn,TmpVsn,BaseLibs,RelDir,Opts,Masters) ->
     FromBootFile = filename:join([RelDir,CurrentVsn,"start.boot"]),
     ToBootFile = filename:join([RelDir,ToVsn,"start.boot"]),
@@ -1090,9 +1107,10 @@ new_emulator_make_hybrid_boot(CurrentVsn,ToVsn,TmpVsn,BaseLibs,RelDir,Opts,Maste
     Args = [ToVsn,Opts],
     {ok,FromBoot} = read_file(FromBootFile,Masters),
     {ok,ToBoot} = read_file(ToBootFile,Masters),
-    [KernelPath,SaslPath,StdlibPath] =
-	[filename:join(Path,ebin) || {_,_,Path} <- lists:keysort(1,BaseLibs)],
-    Paths = {KernelPath,StdlibPath,SaslPath},
+    {{_,_,KernelPath},{_,_,SaslPath},{_,_,StdlibPath}} = BaseLibs,
+    Paths = {filename:join(KernelPath,"ebin"),
+	     filename:join(StdlibPath,"ebin"),
+	     filename:join(SaslPath,"ebin")},
     case systools_make:make_hybrid_boot(TmpVsn,FromBoot,ToBoot,Paths,Args) of
 	{ok,TmpBoot} ->
 	    write_file(TmpBootFile,TmpBoot,Masters);
@@ -1554,7 +1572,7 @@ memlib(_Lib, []) -> false.
 			 
 %% recursively remove file or directory
 remove_file(File) ->
-    case file:read_file_info(File) of
+    case file:read_link_info(File) of
 	{ok, Info} when Info#file_info.type==directory ->
 	    case file:list_dir(File) of
 		{ok, Files} ->
diff --git a/lib/sasl/src/release_handler_1.erl b/lib/sasl/src/release_handler_1.erl
index b4b288646f..93d12cf609 100644
--- a/lib/sasl/src/release_handler_1.erl
+++ b/lib/sasl/src/release_handler_1.erl
@@ -459,7 +459,9 @@ eval({apply, {M, F, A}}, EvalState) ->
     apply(M, F, A),
     EvalState;
 eval(restart_emulator, _EvalState) ->
-    throw(restart_emulator).
+    throw(restart_emulator);
+eval(restart_new_emulator, _EvalState) ->
+    throw(restart_new_emulator).
 
 get_opt(Tag, EvalState, Default) ->
     case lists:keysearch(Tag, 1, EvalState#eval_state.opts) of
@@ -503,15 +505,20 @@ resume(Pids) ->
 
 change_code(Pids, Mod, Vsn, Extra, Timeout) ->
     Fun = fun(Pid) -> 
-		  case Timeout of
-		      default ->
-			  ok = sys:change_code(Pid, Mod, Vsn, Extra);
-		      _Else ->
-			  ok = sys:change_code(Pid, Mod, Vsn, Extra, Timeout)
+		  case sys_change_code(Pid, Mod, Vsn, Extra, Timeout) of
+		      ok ->
+			  ok;
+		      {error,Reason} ->
+			  throw({code_change_failed,Pid,Mod,Vsn,Reason})
 		  end
 	  end,
     lists:foreach(Fun, Pids).
 
+sys_change_code(Pid, Mod, Vsn, Extra, default) ->
+    sys:change_code(Pid, Mod, Vsn, Extra);
+sys_change_code(Pid, Mod, Vsn, Extra, Timeout) ->
+    sys:change_code(Pid, Mod, Vsn, Extra, Timeout).
+
 stop(Mod, Procs) ->
     lists:zf(fun({undefined, _Name, _Pid, _Mods}) ->
 		     false;
diff --git a/lib/sasl/src/systools_make.erl b/lib/sasl/src/systools_make.erl
index ce37f3c2ce..12ba2a5476 100644
--- a/lib/sasl/src/systools_make.erl
+++ b/lib/sasl/src/systools_make.erl
@@ -58,6 +58,7 @@
 %%              {variables,[{Name,AbsString}]}
 %%              {machine, jam | beam | vee}
 %%              exref | {exref, [AppName]}
+%%              no_warn_sasl
 %%-----------------------------------------------------------------
 
 make_script(RelName) when is_list(RelName) ->
@@ -88,7 +89,8 @@ make_script(RelName, Output, Flags) when is_list(RelName),
 	    Path  = make_set(Path1 ++ code:get_path()),
 	    ModTestP = {member(src_tests, Flags),xref_p(Flags)},
 	    case get_release(RelName, Path, ModTestP, machine(Flags)) of
-		{ok, Release, Appls, Warnings} ->
+		{ok, Release, Appls, Warnings0} ->
+		    Warnings = wsasl(Flags, Warnings0),
 		    case systools_lib:werror(Flags, Warnings) of
 			true ->
 			    return(ok,Warnings,Flags);
@@ -112,7 +114,13 @@ make_script(RelName, _Output, Flags) when is_list(Flags) ->
 make_script(RelName, _Output, Flags) ->
     badarg(Flags,[RelName, Flags]).
 
-%% Inlined.
+
+wsasl(Options, Warnings) ->
+    case lists:member(no_warn_sasl,Options) of
+	true -> lists:delete({warning,missing_sasl},Warnings);
+	false -> Warnings
+    end.
+
 badarg(BadArg, Args) ->
     erlang:error({badarg,BadArg}, Args).
 
@@ -455,30 +463,35 @@ check_appl(Appl) ->
 		end,
 		Appl) of
 	[] ->
-	    {ok,Ws} = mandatory_applications(Appl),
-	    {split_app_incl(Appl),Ws};
+	    {ApplsNoIncls,Incls} = split_app_incl(Appl),
+	    {ok,Ws} = mandatory_applications(ApplsNoIncls,undefined,
+					     undefined,undefined),
+	    {{ApplsNoIncls,Incls},Ws};
 	Illegal ->
 	    throw({error, {illegal_applications,Illegal}})
     end.
 
-mandatory_applications(Appl) ->
-    AppNames = map(fun(AppT) -> element(1, AppT) end,
-		   Appl),
-    Mand = mandatory_applications(),
-    case filter(fun(X) -> member(X, AppNames) end, Mand) of
-	Mand ->
-	    case member(sasl,AppNames) of
-		true ->
-		    {ok,[]};
-		_ ->
-		    {ok, [{warning,missing_sasl}]}
-	    end;
-	_ ->
-	    throw({error, {missing_mandatory_app, Mand}})
-    end.
-
-mandatory_applications() ->
-    [kernel, stdlib].
+mandatory_applications([{kernel,_,Type}|Apps],undefined,Stdlib,Sasl) ->
+    mandatory_applications(Apps,Type,Stdlib,Sasl);
+mandatory_applications([{stdlib,_,Type}|Apps],Kernel,undefined,Sasl) ->
+    mandatory_applications(Apps,Kernel,Type,Sasl);
+mandatory_applications([{sasl,_,Type}|Apps],Kernel,Stdlib,undefined) ->
+    mandatory_applications(Apps,Kernel,Stdlib,Type);
+mandatory_applications([_|Apps],Kernel,Stdlib,Sasl) ->
+    mandatory_applications(Apps,Kernel,Stdlib,Sasl);
+mandatory_applications([],Type,_,_) when Type=/=permanent ->
+    error_mandatory_application(kernel,Type);
+mandatory_applications([],_,Type,_) when Type=/=permanent ->
+    error_mandatory_application(sasl,Type);
+mandatory_applications([],_,_,undefined) ->
+    {ok, [{warning,missing_sasl}]};
+mandatory_applications([],_,_,_) ->
+    {ok,[]}.
+
+error_mandatory_application(App,undefined) ->
+    throw({error, {missing_mandatory_app, App}});
+error_mandatory_application(App,Type) ->
+    throw({error, {mandatory_app, App, Type}}).
 
 split_app_incl(Appl) -> split_app_incl(Appl, [], []).
 
@@ -1630,8 +1643,19 @@ add_system_files(Tar, RelName, Release, Path1) ->
     SVsn = Release#release.vsn,
     RelName0 = filename:basename(RelName),
 
+    RelVsnDir = filename:join("releases", SVsn),
+
+    %% OTP-9746: store rel file in releases/<vsn>
+    %% Adding rel file to
+    %% 1) releases directory - so it can be easily extracted
+    %%    separately (see release_handler:unpack_release)
+    %% 2) releases/<vsn> - so the file must not be explicitly moved
+    %%    after unpack.
     add_to_tar(Tar, RelName ++ ".rel",
 	       filename:join("releases", RelName0 ++ ".rel")),
+    add_to_tar(Tar, RelName ++ ".rel",
+	       filename:join(RelVsnDir, RelName0 ++ ".rel")),
+
 
     %% OTP-6226 Look for the system files not only in cwd
     %% --
@@ -1647,26 +1671,27 @@ add_system_files(Tar, RelName, Release, Path1) ->
 		   [RelDir, "."|Path1]
 	   end,
 
-    ToDir = filename:join("releases", SVsn),
     case lookup_file(RelName0 ++ ".boot", Path) of
 	false ->
 	    throw({error, {tar_error,{add, RelName0++".boot",enoent}}});
 	Boot ->
-	    add_to_tar(Tar, Boot, filename:join(ToDir, "start.boot"))
+	    add_to_tar(Tar, Boot, filename:join(RelVsnDir, "start.boot"))
     end,
 
     case lookup_file("relup", Path) of
 	false ->
 	    ignore;
 	Relup ->
-	    add_to_tar(Tar, Relup, filename:join(ToDir, "relup"))
+	    check_relup(Relup),
+	    add_to_tar(Tar, Relup, filename:join(RelVsnDir, "relup"))
     end,
 
     case lookup_file("sys.config", Path) of
 	false ->
 	    ignore;
 	Sys ->
-	    add_to_tar(Tar, Sys, filename:join(ToDir, "sys.config"))
+	    check_sys_config(Sys),
+	    add_to_tar(Tar, Sys, filename:join(RelVsnDir, "sys.config"))
     end,
     
     ok.
@@ -1682,6 +1707,44 @@ lookup_file(Name, [Dir|Path]) ->
 lookup_file(_Name, []) ->
     false.
 
+%% Check that relup can be parsed and has expected format
+check_relup(File) ->
+    case file:consult(File) of
+	{ok,[{Vsn,UpFrom,DownTo}]} when is_list(Vsn), is_integer(hd(Vsn)),
+					is_list(UpFrom), is_list(DownTo) ->
+	    ok;
+	{ok,_} ->
+	    throw({error,{tar_error,{add,"relup",[invalid_format]}}});
+	Other ->
+	    throw({error,{tar_error,{add,"relup",[Other]}}})
+    end.
+
+%% Check that sys.config can be parsed and has expected format
+check_sys_config(File) ->
+    case file:consult(File) of
+	{ok,[SysConfig]} ->
+	    case lists:all(fun({App,KeyVals}) when is_atom(App),
+						   is_list(KeyVals)->
+				   true;
+			      (OtherConfig) when is_list(OtherConfig),
+						 is_integer(hd(OtherConfig)) ->
+				   true;
+			      (_) ->
+				   false
+			   end,
+			   SysConfig) of
+		true ->
+		    ok;
+		false ->
+		    throw({error,{tar_error,
+				  {add,"sys.config",[invalid_format]}}})
+	    end;
+	{ok,_} ->
+	    throw({error,{tar_error,{add,"sys.config",[invalid_format]}}});
+	Other ->
+	    throw({error,{tar_error,{add,"sys.config",[Other]}}})
+    end.
+
 %%______________________________________________________________________
 %% Add either a application located under a variable dir or all other
 %% applications to a tar file.
@@ -1970,90 +2033,67 @@ get_flag(_,_)         -> false.
 
 %% Check Options for make_script
 check_args_script(Args) ->
-    cas(Args,
-	{undef, undef, undef, undef, undef, undef, undef, undef,
-	 undef, []}).
+    cas(Args, []).
 
-cas([], {_Path,_Sil,_Loc,_Test,_Var,_Mach,_Xref,_XrefApps,_Werror, X}) ->
+cas([], X) ->
     X;
 %%% path ---------------------------------------------------------------
-cas([{path, P} | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			 XrefApps, Werror, X}) when is_list(P) ->
+cas([{path, P} | Args], X) when is_list(P) ->
     case check_path(P) of
 	ok ->
-	    cas(Args, {P, Sil, Loc, Test, Var, Mach, Xref, XrefApps,
-		       Werror, X});
+	    cas(Args, X);
 	error ->
-	    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps,
-		       Werror, X++[{path,P}]})
+	    cas(Args, X++[{path,P}])
     end;
 %%% silent -------------------------------------------------------------
-cas([silent | Args], {Path, _Sil, Loc, Test, Var, Mach, Xref,
-		      XrefApps, Werror, X}) ->
-    cas(Args, {Path, silent, Loc, Test, Var, Mach, Xref, XrefApps,
-	       Werror, X});
+cas([silent | Args], X) ->
+    cas(Args, X);
 %%% local --------------------------------------------------------------
-cas([local | Args], {Path, Sil, _Loc, Test, Var, Mach, Xref,
-		     XrefApps, Werror, X}) ->
-    cas(Args, {Path, Sil, local, Test, Var, Mach, Xref, XrefApps,
-	       Werror, X});
+cas([local | Args], X) ->
+    cas(Args, X);
 %%% src_tests -------------------------------------------------------
-cas([src_tests | Args], {Path, Sil, Loc, _Test, Var, Mach, Xref,
-			 XrefApps, Werror, X}) ->
-    cas(Args,
-	{Path, Sil, Loc, src_tests, Var, Mach, Xref, Werror, XrefApps,X});
+cas([src_tests | Args], X) ->
+    cas(Args, X);
 %%% variables ----------------------------------------------------------
-cas([{variables, V} | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			      XrefApps, Werror, X}) when is_list(V) ->
+cas([{variables, V} | Args], X) when is_list(V) ->
     case check_vars(V) of
 	ok ->
-	    cas(Args,
-		{Path, Sil, Loc, Test, V, Mach, Xref, XrefApps, Werror, X});
+	    cas(Args, X);
 	error ->
-	    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps,
-		       Werror, X++[{variables, V}]})
+	    cas(Args, X++[{variables, V}])
     end;
 %%% machine ------------------------------------------------------------
-cas([{machine, M} | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			    XrefApps, Werror, X}) when is_atom(M) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps, Werror, X});
+cas([{machine, M} | Args], X) when is_atom(M) ->
+    cas(Args, X);
 %%% exref --------------------------------------------------------------
-cas([exref | Args], {Path, Sil, Loc, Test, Var, Mach, _Xref,
-		     XrefApps, Werror, X})  ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, exref, XrefApps, Werror, X});
+cas([exref | Args], X)  ->
+    cas(Args, X);
 %%% exref Apps ---------------------------------------------------------
-cas([{exref, Apps} | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			     XrefApps, Werror, X}) when is_list(Apps) ->
+cas([{exref, Apps} | Args], X) when is_list(Apps) ->
     case check_apps(Apps) of 
 	ok ->
-	    cas(Args, {Path, Sil, Loc, Test, Var, Mach, 
-		       Xref, Apps, Werror, X});
+	    cas(Args, X);
 	error ->
-	    cas(Args, {Path, Sil, Loc, Test, Var, Mach, 
-		       Xref, XrefApps, Werror, X++[{exref, Apps}]})
+	    cas(Args, X++[{exref, Apps}])
     end;
 %%% outdir Dir ---------------------------------------------------------
-cas([{outdir, Dir} | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			     XrefApps, Werror, X}) when is_list(Dir) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps, Werror, X});
+cas([{outdir, Dir} | Args], X) when is_list(Dir) ->
+    cas(Args, X);
 %%% otp_build (secret, not documented) ---------------------------------
-cas([otp_build | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			 XrefApps, Werror, X}) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps, Werror, X});
+cas([otp_build | Args], X) ->
+    cas(Args, X);
+%%% warnings_as_errors -------------------------------------------------
+cas([warnings_as_errors | Args], X) ->
+    cas(Args, X);
+%%% no_warn_sasl -------------------------------------------------------
+cas([no_warn_sasl | Args], X) ->
+    cas(Args, X);
 %%% no_module_tests (kept for backwards compatibility, but ignored) ----
-cas([no_module_tests | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			       XrefApps, Werror, X}) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps, Werror, X});
-%%% warnings_as_errors (kept for backwards compatibility, but ignored) ----
-cas([warnings_as_errors | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-				  XrefApps, _Werror, X}) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps,
-	       warnings_as_errors, X});
+cas([no_module_tests | Args], X) ->
+    cas(Args, X);
 %%% ERROR --------------------------------------------------------------
-cas([Y | Args], {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps,
-		 Werror, X}) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps, Werror,
-	       X++[Y]}).
+cas([Y | Args], X) ->
+    cas(Args, X++[Y]).
 
 
 
@@ -2192,9 +2232,12 @@ format_error({missing_parameter,Par}) ->
 format_error({illegal_applications,Names}) ->
     io_lib:format("Illegal applications in the release file: ~p~n",
 		  [Names]);
-format_error({missing_mandatory_app,Names}) ->
-    io_lib:format("Mandatory applications (~p) must be specified in the release file~n",
-		  [Names]);
+format_error({missing_mandatory_app,Name}) ->
+    io_lib:format("Mandatory application ~p must be specified in the release file~n",
+		  [Name]);
+format_error({mandatory_app,Name,Type}) ->
+    io_lib:format("Mandatory application ~p must be of type 'permanent' in the release file. Is '~p'.~n",
+		  [Name,Type]);
 format_error({duplicate_register,Dups}) ->
     io_lib:format("Duplicated register names: ~n~s",
 		  [map(fun({{Reg,App1,_,_},{Reg,App2,_,_}}) ->
diff --git a/lib/sasl/test/alarm_handler_SUITE.erl b/lib/sasl/test/alarm_handler_SUITE.erl
index a98e8c9c67..a4064ef27a 100644
--- a/lib/sasl/test/alarm_handler_SUITE.erl
+++ b/lib/sasl/test/alarm_handler_SUITE.erl
@@ -18,7 +18,7 @@
 %%
 -module(alarm_handler_SUITE).
 
--include_lib("test_server/include/test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
 
 %%-----------------------------------------------------------------
 %% We will add an own alarm handler in order to verify that the
@@ -56,34 +56,32 @@ end_per_group(_GroupName, Config) ->
 
 %%-----------------------------------------------------------------
 
-set_alarm(suite) -> [];
 set_alarm(Config) when is_list(Config) ->
-    ?line gen_event:add_handler(alarm_handler, ?MODULE, self()),
+    gen_event:add_handler(alarm_handler, ?MODULE, self()),
     Alarm1 = {alarm1, "this is the alarm"},
     Alarm2 = {"alarm2", this_is_the_alarm},
     Alarm3 = {{alarm3}, {this_is,"the_alarm"}},
-    ?line ok = alarm_handler:set_alarm(Alarm1),
+    ok = alarm_handler:set_alarm(Alarm1),
     reported(set_alarm, Alarm1),
-    ?line ok = alarm_handler:set_alarm(Alarm2),
+    ok = alarm_handler:set_alarm(Alarm2),
     reported(set_alarm, Alarm2),
-    ?line ok = alarm_handler:set_alarm(Alarm3),
+    ok = alarm_handler:set_alarm(Alarm3),
     reported(set_alarm, Alarm3),
 
-    ?line [Alarm3,Alarm2,Alarm1] = alarm_handler:get_alarms(),
+    [Alarm3,Alarm2,Alarm1] = alarm_handler:get_alarms(),
     alarm_handler:clear_alarm(alarm1),
     alarm_handler:clear_alarm("alarm2"),
     alarm_handler:clear_alarm({alarm3}),
-    ?line [] = alarm_handler:get_alarms(),
+    [] = alarm_handler:get_alarms(),
 
     test_server:messages_get(),
-    ?line my_yes = gen_event:delete_handler(alarm_handler, ?MODULE, []),
+    my_yes = gen_event:delete_handler(alarm_handler, ?MODULE, []),
     ok.
 
 %%-----------------------------------------------------------------
 
-clear_alarm(suite) -> [];
 clear_alarm(Config) when is_list(Config) ->
-    ?line gen_event:add_handler(alarm_handler, ?MODULE, self()),
+    gen_event:add_handler(alarm_handler, ?MODULE, self()),
     Alarm1 = {alarm1, "this is the alarm"},
     Alarm2 = {"alarm2", this_is_the_alarm},
     Alarm3 = {{alarm3}, {this_is,"the_alarm"}},
@@ -92,44 +90,42 @@ clear_alarm(Config) when is_list(Config) ->
     alarm_handler:set_alarm(Alarm3),
     test_server:messages_get(),
 
-    ?line ok = alarm_handler:clear_alarm(alarm1),
+    ok = alarm_handler:clear_alarm(alarm1),
     reported(clear_alarm, alarm1),
-    ?line ok = alarm_handler:clear_alarm("alarm2"),
+    ok = alarm_handler:clear_alarm("alarm2"),
     reported(clear_alarm, "alarm2"),
-    ?line ok = alarm_handler:clear_alarm({alarm3}),
+    ok = alarm_handler:clear_alarm({alarm3}),
     reported(clear_alarm, {alarm3}),
-    ?line [] = alarm_handler:get_alarms(),
+    [] = alarm_handler:get_alarms(),
 
-    ?line my_yes = gen_event:delete_handler(alarm_handler, ?MODULE, []),
+    my_yes = gen_event:delete_handler(alarm_handler, ?MODULE, []),
     ok.
 
 %%-----------------------------------------------------------------
 
-swap(suite) -> [];
 swap(Config) when is_list(Config) ->
-    ?line Alarm1 = {alarm1, "this is the alarm"},
-    ?line Alarm2 = {"alarm2", this_is_the_alarm},
-    ?line Alarm3 = {{alarm3}, {this_is,"the_alarm"}},
-    ?line alarm_handler:set_alarm(Alarm1),
-    ?line alarm_handler:set_alarm(Alarm2),
-    ?line alarm_handler:set_alarm(Alarm3),
-
-    ?line foo,
+    Alarm1 = {alarm1, "this is the alarm"},
+    Alarm2 = {"alarm2", this_is_the_alarm},
+    Alarm3 = {{alarm3}, {this_is,"the_alarm"}},
+    alarm_handler:set_alarm(Alarm1),
+    alarm_handler:set_alarm(Alarm2),
+    alarm_handler:set_alarm(Alarm3),
+
     case gen_event:which_handlers(alarm_handler) of
 	[alarm_handler] ->
-	    ?line ok = gen_event:swap_handler(alarm_handler,
-					      {alarm_handler, swap},
-					      {?MODULE, self()}),
-	    ?line [?MODULE] = gen_event:which_handlers(alarm_handler),
+	    ok = gen_event:swap_handler(alarm_handler,
+					{alarm_handler, swap},
+					{?MODULE, self()}),
+	    [?MODULE] = gen_event:which_handlers(alarm_handler),
 	    Alarms = [Alarm3, Alarm2, Alarm1],
 	    reported(swap_alarms, Alarms),
 
 	    %% get_alarms is only valid with the default handler installed.
-	    ?line {error, _} = alarm_handler:get_alarms(),
+	    {error, _} = alarm_handler:get_alarms(),
 
-	    ?line my_yes = gen_event:delete_handler(alarm_handler,
-						    ?MODULE, []),
-	    ?line gen_event:add_handler(alarm_handler, alarm_handler, []),
+	    my_yes = gen_event:delete_handler(alarm_handler,
+					      ?MODULE, []),
+	    gen_event:add_handler(alarm_handler, alarm_handler, []),
 	    ok;
 	_ ->
 	    alarm_handler:clear_alarm(alarm1),
diff --git a/lib/sasl/test/overload_SUITE.erl b/lib/sasl/test/overload_SUITE.erl
index 92b1aaed6e..e7f180b2ea 100644
--- a/lib/sasl/test/overload_SUITE.erl
+++ b/lib/sasl/test/overload_SUITE.erl
@@ -18,14 +18,13 @@
 %%
 
 -module(overload_SUITE).
--include("test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
 
 -compile(export_all).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 all() -> [info, set_config_data, set_env_vars, request, timeout].
-all(suite) -> all().
 
 init_per_testcase(_Case,Config) ->
     restart_sasl(),
@@ -38,37 +37,34 @@ end_per_testcase(Case,Config) ->
     ok.
 
 %%%-----------------------------------------------------------------
-info(suite) -> [];
 info(_Config) ->
-    ?line Info = overload:get_overload_info(),
-    ?line [{total_intensity,0.0},
-	   {accept_intensity,0.0},
-	   {max_intensity,0.8},
-	   {weight,0.1},
-	   {total_requests,0},
-	   {accepted_requests,0}] = Info.
+    Info = overload:get_overload_info(),
+    [{total_intensity,0.0},
+     {accept_intensity,0.0},
+     {max_intensity,0.8},
+     {weight,0.1},
+     {total_requests,0},
+     {accepted_requests,0}] = Info.
 
 %%%-----------------------------------------------------------------
-set_config_data(suite) -> [];
 set_config_data(_Config) ->
-    ?line InfoDefault = overload:get_overload_info(),
-    ?line ok = check_info(0.8,0.1,InfoDefault),
-    ?line ok = overload:set_config_data(0.5,0.4),
-    ?line Info1 = overload:get_overload_info(),
-    ?line ok = check_info(0.5,0.4,Info1),
+    InfoDefault = overload:get_overload_info(),
+    ok = check_info(0.8,0.1,InfoDefault),
+    ok = overload:set_config_data(0.5,0.4),
+    Info1 = overload:get_overload_info(),
+    ok = check_info(0.5,0.4,Info1),
     ok.
 
 %%%-----------------------------------------------------------------
-set_env_vars(suite) -> [];
 set_env_vars(_Config) ->
-    ?line InfoDefault = overload:get_overload_info(),
-    ?line ok = check_info(0.8,0.1,InfoDefault),
-    ?line ok = application:set_env(sasl,overload_max_intensity,0.5),
-    ?line ok = application:set_env(sasl,overload_weight,0.4),
-    ?line ok = application:stop(sasl),
-    ?line ok = application:start(sasl),
-    ?line Info1 = overload:get_overload_info(),
-    ?line ok = check_info(0.5,0.4,Info1),
+    InfoDefault = overload:get_overload_info(),
+    ok = check_info(0.8,0.1,InfoDefault),
+    ok = application:set_env(sasl,overload_max_intensity,0.5),
+    ok = application:set_env(sasl,overload_weight,0.4),
+    ok = application:stop(sasl),
+    ok = application:start(sasl),
+    Info1 = overload:get_overload_info(),
+    ok = check_info(0.5,0.4,Info1),
     ok.
 set_env_vars(cleanup,_Config) ->
     application:unset_env(sasl,overload_max_intensity),
@@ -76,63 +72,61 @@ set_env_vars(cleanup,_Config) ->
     ok.
 
 %%%-----------------------------------------------------------------
-request(suite) -> [];
 request(_Config) ->
     %% Find number of request that can be done with default settings
     %% and no delay
-    ?line overload:set_config_data(0.8, 0.1),
-    ?line NDefault = do_many_requests(0),
-    ?line restart_sasl(),
-    ?line ?t:format("NDefault: ~p",[NDefault]),
- 
+    overload:set_config_data(0.8, 0.1),
+    NDefault = do_many_requests(0),
+    restart_sasl(),
+    ?t:format("NDefault: ~p",[NDefault]),
+
     %% Check that the number of requests increases when max_intensity
     %% increases
-    ?line overload:set_config_data(2, 0.1),
-    ?line NLargeMI = do_many_requests(0),
-    ?line restart_sasl(),
-    ?line ?t:format("NLargeMI: ~p",[NLargeMI]),
-    ?line true = NLargeMI > NDefault,
+    overload:set_config_data(2, 0.1),
+    NLargeMI = do_many_requests(0),
+    restart_sasl(),
+    ?t:format("NLargeMI: ~p",[NLargeMI]),
+    true = NLargeMI > NDefault,
 
     %% Check that the number of requests decreases when weight
     %% increases
-    ?line overload:set_config_data(0.8, 1),
-    ?line NLargeWeight = do_many_requests(0),
-    ?line restart_sasl(),
-    ?line ?t:format("NLargeWeight: ~p",[NLargeWeight]),
-    ?line true = NLargeWeight < NDefault,
+    overload:set_config_data(0.8, 1),
+    NLargeWeight = do_many_requests(0),
+    restart_sasl(),
+    ?t:format("NLargeWeight: ~p",[NLargeWeight]),
+    true = NLargeWeight < NDefault,
 
     %% Check that number of requests increases when delay between
     %% requests increases.
     %% (Keeping same config and comparing to large weight in order to
     %% minimize the time needed for this case.)
-    ?line overload:set_config_data(0.8, 1),
-    ?line NLargeTime = do_many_requests(500),
-    ?line restart_sasl(),
-    ?line ?t:format("NLargeTime: ~p",[NLargeTime]),
-    ?line true = NLargeTime > NLargeWeight,
+    overload:set_config_data(0.8, 1),
+    NLargeTime = do_many_requests(500),
+    restart_sasl(),
+    ?t:format("NLargeTime: ~p",[NLargeTime]),
+    true = NLargeTime > NLargeWeight,
     ok.
 
 %%%-----------------------------------------------------------------
-timeout(suite) -> [];
 timeout(_Config) ->
-    ?line overload:set_config_data(0.8, 1),
-    ?line _N = do_many_requests(0),
-    
+    overload:set_config_data(0.8, 1),
+    _N = do_many_requests(0),
+
     %% Check that the overload alarm is raised
-    ?line [{overload,_}] = alarm_handler:get_alarms(),
+    [{overload,_}] = alarm_handler:get_alarms(),
 
     %% Fake a clear timeout in overload.erl and check that, since it
     %% came very soon after the overload situation, the alarm is not
     %% cleared
-    ?line overload ! timeout,
-    ?line timer:sleep(1000),
-    ?line [{overload,_}] = alarm_handler:get_alarms(),
+    overload ! timeout,
+    timer:sleep(1000),
+    [{overload,_}] = alarm_handler:get_alarms(),
 
     %% A bit later, try again and check that this time the alarm is
     %% cleared
-    ?line overload ! timeout,
-    ?line timer:sleep(1000),
-    ?line [] = alarm_handler:get_alarms(),
+    overload ! timeout,
+    timer:sleep(1000),
+    [] = alarm_handler:get_alarms(),
 
     ok.
 
@@ -171,5 +165,3 @@ check_info(MI,W,Info) ->
 	{{_,MI},{_,W}} -> ok;
 	_ -> ?t:fail({unexpected_info,MI,W,Info})
     end.
-    
-
diff --git a/lib/sasl/test/rb_SUITE.erl b/lib/sasl/test/rb_SUITE.erl
index b53c382609..35a4eb7e7b 100644
--- a/lib/sasl/test/rb_SUITE.erl
+++ b/lib/sasl/test/rb_SUITE.erl
@@ -18,7 +18,8 @@
 %%
 
 -module(rb_SUITE).
--include("test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
+
 
 -compile(export_all).
 
@@ -45,19 +46,10 @@ groups() ->
 				     ]}].
 
 
-all(suite) -> 
-    no_group_cases() ++
-	[{conf, 
-	  install_mf_h, 
-	  element(3,lists:keyfind(running_error_logger,1,groups())), 
-	  remove_mf_h}
-	].
-
-
 init_per_suite(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line RbDir = filename:join(PrivDir,rb),
-    ?line ok = file:make_dir(RbDir),
+    PrivDir = ?config(priv_dir,Config),
+    RbDir = filename:join(PrivDir,rb),
+    ok = file:make_dir(RbDir),
     NewConfig = [{rb_dir,RbDir}|Config],
     reset_sasl(NewConfig),
     NewConfig.
@@ -66,10 +58,18 @@ end_per_suite(_Config) ->
     ok.
 
 init_per_group(running_error_logger,Config) ->
-    install_mf_h(Config).
+    %% Install log_mf_h
+    RbDir = ?config(rb_dir,Config),
+    ok = application:set_env(sasl,error_logger_mf_dir,RbDir),
+    ok = application:set_env(sasl,error_logger_mf_maxbytes,5000),
+    ok = application:set_env(sasl,error_logger_mf_maxfiles,2),
+    restart_sasl(),
+    Config.
 
 end_per_group(running_error_logger,Config) ->
-    remove_mf_h(Config).
+    %% Remove log_mf_h???
+    ok.
+
 
 init_per_testcase(_Case,Config) ->
     case whereis(?SUP) of
@@ -92,187 +92,152 @@ end_per_testcase(Case,Config) ->
 
 
 %%%-----------------------------------------------------------------
+%%% Test cases
 
-help() -> help(suite).
-help(suite) -> [];
 help(_Config) ->
-    ?line Help = capture(fun() -> rb:h() end),
-    ?line "Report Browser Tool - usage" = hd(Help),
-    ?line "rb:stop            - stop the rb_server" = lists:last(Help),
+    Help = capture(fun() -> rb:h() end),
+    "Report Browser Tool - usage" = hd(Help),
+    "rb:stop            - stop the rb_server" = lists:last(Help),
     ok.
 
-
-start_error_stop() -> start_error_stop(suite).
-start_error_stop(suite) -> [];
+%% Test that all three sasl env vars must be set for a successful start of rb
+%% Then stop rb.
 start_error_stop(Config) ->
-    ?line RbDir = ?config(rb_dir,Config),
-
-    ?line {error,{"cannot locate report directory",_}} = rb:start(),
-
-
-    ?line ok = application:set_env(sasl,error_logger_mf_dir,"invaliddir"),
-    ?line ok = application:set_env(sasl,error_logger_mf_maxbytes,1000),
-    ?line ok = application:set_env(sasl,error_logger_mf_maxfiles,2),
-    ?line restart_sasl(),
-    ?line {error,{"cannot read the index file",_}} = rb:start(),
-    ?line ok = application:set_env(sasl,error_logger_mf_dir,RbDir),
-    ?line restart_sasl(),
-    ?line {ok,_} = rb:start(),
-
-    ?line ok = rb:stop(),
-    ok.
+    RbDir = ?config(rb_dir,Config),
 
+    {error,{"cannot locate report directory",_}} = rb:start(),
 
-%% start_opts(suite) -> [];
-%% start_opts(Config) ->
-%%     PrivDir = ?config(priv_dir,Config),
-%%     RbDir = filename:join(PrivDir,rb_opts),
-%%     ok = file:make_dir(RbDir),
-       
 
-install_mf_h(Config) ->
-    ?line RbDir = ?config(rb_dir,Config),
-    ?line ok = application:set_env(sasl,error_logger_mf_dir,RbDir),
-    ?line ok = application:set_env(sasl,error_logger_mf_maxbytes,5000),
-    ?line ok = application:set_env(sasl,error_logger_mf_maxfiles,2),
-    ?line restart_sasl(),
-    Config.
+    ok = application:set_env(sasl,error_logger_mf_dir,"invaliddir"),
+    ok = application:set_env(sasl,error_logger_mf_maxbytes,1000),
+    ok = application:set_env(sasl,error_logger_mf_maxfiles,2),
+    restart_sasl(),
+    {error,{"cannot read the index file",_}} = rb:start(),
+    ok = application:set_env(sasl,error_logger_mf_dir,RbDir),
+    restart_sasl(),
+    {ok,_} = rb:start(),
 
-remove_mf_h(_Config) ->
+    ok = rb:stop(),
     ok.
 
-
-
-show() -> show(suite).
-show(suite) -> [];
 show(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
-    
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+
     %% Insert some reports in the error log and start rb
     init_error_logs(),
-    ?line ok = start_rb(OutFile),
+    ok = start_rb(OutFile),
 
     %% Show all reports
-    ?line All = check_report(fun() -> rb:show() end,OutFile),
+    All = check_report(fun() -> rb:show() end,OutFile),
 
     %% Show by number
-    ?line [{_,First}] = check_report(fun() -> rb:show(1) end,OutFile),
-    ?line {1,First} = lists:keyfind(1,1,All),    
+    [{_,First}] = check_report(fun() -> rb:show(1) end,OutFile),
+    {1,First} = lists:keyfind(1,1,All),
 
     %% Show by type
-    ?line [{_,CR}] = check_report(fun() -> rb:show(crash_report) end,OutFile),
-    ?line true = contains(CR,"rb_test_crash"),
-    ?line [{_,EC},{_,EM}] = check_report(fun() -> rb:show(error) end,OutFile),
-    ?line true = contains(EC,"rb_test_crash"),
-    ?line true = contains(EM,"rb_test_error_msg"),
-    ?line [{_,ER}] = check_report(fun() -> rb:show(error_report) end,OutFile),
-    ?line true = contains(ER,"rb_test_error"),
-    ?line [{_,IR}] = check_report(fun() -> rb:show(info_report) end,OutFile),
-    ?line true = contains(IR,"rb_test_info"),
-    ?line [{_,IM}] = check_report(fun() -> rb:show(info_msg) end,OutFile),
-    ?line true = contains(IM,"rb_test_info_msg"),
-    ?line [_|_] = check_report(fun() -> rb:show(progress) end,OutFile),
-    ?line [{_,SR}] = check_report(fun() -> rb:show(supervisor_report) end,
-				   OutFile),
-    ?line true = contains(SR,"child_terminated"),
-    ?line true = contains(SR,"{rb_SUITE,rb_test_crash}"),
+    [{_,CR}] = check_report(fun() -> rb:show(crash_report) end,OutFile),
+    true = contains(CR,"rb_test_crash"),
+    [{_,EC},{_,EM}] = check_report(fun() -> rb:show(error) end,OutFile),
+    true = contains(EC,"rb_test_crash"),
+    true = contains(EM,"rb_test_error_msg"),
+    [{_,ER}] = check_report(fun() -> rb:show(error_report) end,OutFile),
+    true = contains(ER,"rb_test_error"),
+    [{_,IR}] = check_report(fun() -> rb:show(info_report) end,OutFile),
+    true = contains(IR,"rb_test_info"),
+    [{_,IM}] = check_report(fun() -> rb:show(info_msg) end,OutFile),
+    true = contains(IM,"rb_test_info_msg"),
+    [_|_] = check_report(fun() -> rb:show(progress) end,OutFile),
+    [{_,SR}] = check_report(fun() -> rb:show(supervisor_report) end,
+			    OutFile),
+    true = contains(SR,"child_terminated"),
+    true = contains(SR,"{rb_SUITE,rb_test_crash}"),
 
     ok.
 
-list() -> list(suite).
-list(suite) -> [];
 list(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
     %% Insert some reports in the error log and start rb
     init_error_logs(),
-    ?line ok = start_rb(OutFile),
-
-    ?line All = capture(fun() -> rb:list() end),
-    ?line [{crash_report,[_]=CR},
-	   {error,[_,_]=EM},
-	   {error_report,[_]=ER},
-	   {info_msg,[_]=IM},
-	   {info_report,[_]=IR},
-	   {progress,[_|_]=P},
-	   {supervisor_report,[_]=SR}] = sort_list(All),
-
-    ?line [{crash_report,CR}] = 
+    ok = start_rb(OutFile),
+
+    All = capture(fun() -> rb:list() end),
+    [{crash_report,[_]=CR},
+     {error,[_,_]=EM},
+     {error_report,[_]=ER},
+     {info_msg,[_]=IM},
+     {info_report,[_]=IR},
+     {progress,[_|_]=P},
+     {supervisor_report,[_]=SR}] = sort_list(All),
+
+    [{crash_report,CR}] =
 	sort_list(capture(fun() -> rb:list(crash_report) end)),
-    ?line [{error,EM}] = 
+    [{error,EM}] =
 	sort_list(capture(fun() -> rb:list(error) end)),
-    ?line [{error_report,ER}] = 
+    [{error_report,ER}] =
 	sort_list(capture(fun() -> rb:list(error_report) end)),
-    ?line [{info_msg,IM}] = 
+    [{info_msg,IM}] =
 	sort_list(capture(fun() -> rb:list(info_msg) end)),
-    ?line [{info_report,IR}] = 
+    [{info_report,IR}] =
 	sort_list(capture(fun() -> rb:list(info_report) end)),
-    ?line [{progress,P}] = 
+    [{progress,P}] =
 	sort_list(capture(fun() -> rb:list(progress) end)),
-    ?line [{supervisor_report,SR}] = 
+    [{supervisor_report,SR}] =
 	sort_list(capture(fun() -> rb:list(supervisor_report) end)),
-    
-    ok.
 
+    ok.
 
-grep() -> grep(suite).
-grep(suite) -> [];
 grep(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
     %% Insert some reports in the error log and start rb
     init_error_logs(),
-    ?line ok = start_rb(OutFile),
-
-    ?line [{_,S},
-	   {_,CR},
-	   {_,EC},
-	   {_,IM},
-	   {_,IR},
-	   {_,EM},
-	   {_,ER}]= check_report(fun() -> rb:grep("rb_test_") end,OutFile),
-    ?line true = contains(S, "rb_test_crash"),
-    ?line true = contains(CR, "rb_test_crash"),
-    ?line true = contains(EC, "rb_test_crash"),
-    ?line true = contains(IM, "rb_test_info_msg"),
-    ?line true = contains(IR, "rb_test_info"),
-    ?line true = contains(EM, "rb_test_error_msg"),
-    ?line true = contains(ER, "rb_test_error"),
+    ok = start_rb(OutFile),
+
+    [{_,S},
+     {_,CR},
+     {_,EC},
+     {_,IM},
+     {_,IR},
+     {_,EM},
+     {_,ER}]= check_report(fun() -> rb:grep("rb_test_") end,OutFile),
+    true = contains(S, "rb_test_crash"),
+    true = contains(CR, "rb_test_crash"),
+    true = contains(EC, "rb_test_crash"),
+    true = contains(IM, "rb_test_info_msg"),
+    true = contains(IR, "rb_test_info"),
+    true = contains(EM, "rb_test_error_msg"),
+    true = contains(ER, "rb_test_error"),
     ok.
 
-
-filter_filter() -> filter_filter(suite).
-filter_filter(suite) -> [];
 filter_filter(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
     %% Insert some reports in the error log and start rb
     init_error_logs(),
-    ?line ok = start_rb(OutFile),
+    ok = start_rb(OutFile),
 
-    ?line All = check_report(fun() -> rb:show() end,OutFile),
+    All = check_report(fun() -> rb:show() end,OutFile),
 
-    ?line ER = [_] = rb_filter([{rb_SUITE,rb_test_error}],OutFile),
-    ?line [] = rb_filter([{rb_SUITE,rb_test}],OutFile),
-    ?line _E = [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],OutFile),
-    ?line AllButER = rb_filter([{rb_SUITE,rb_test_error,no}],OutFile),
+    ER = [_] = rb_filter([{rb_SUITE,rb_test_error}],OutFile),
+    [] = rb_filter([{rb_SUITE,rb_test}],OutFile),
+    _E = [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],OutFile),
+    AllButER = rb_filter([{rb_SUITE,rb_test_error,no}],OutFile),
 
     {_,AllRep} = lists:unzip(All),
     {_,ERRep} = lists:unzip(ER),
     {_,AllButERRep} = lists:unzip(AllButER),
-    ?line AllButERRep = AllRep -- ERRep,
+    AllButERRep = AllRep -- ERRep,
 
     ok.
 
-filter_date() -> filter_date(suite).
-filter_date(suite) -> [];
 filter_date(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
 
     %% Insert some reports in the error log and start rb
@@ -280,35 +245,33 @@ filter_date(Config) ->
     Between1 = calendar:local_time(),
     timer:sleep(1000),
     Between2 = calendar:local_time(),
-    ?line ok = start_rb(OutFile),
+    ok = start_rb(OutFile),
 
-    ?line All = check_report(fun() -> rb:show() end,OutFile),
+    All = check_report(fun() -> rb:show() end,OutFile),
 
     Before = calendar:gregorian_seconds_to_datetime(
-	      calendar:datetime_to_gregorian_seconds(calendar:local_time()) - 10),
+	       calendar:datetime_to_gregorian_seconds(calendar:local_time()) - 10),
     After = calendar:gregorian_seconds_to_datetime(
 	      calendar:datetime_to_gregorian_seconds(calendar:local_time()) + 1),
 
-    ?line All = rb_filter([],{Before,from},OutFile),
-    ?line All = rb_filter([],{After,to},OutFile),
-    ?line [] = rb_filter([],{Before,to},OutFile),
-    ?line [] = rb_filter([],{After,from},OutFile),
-    ?line All = rb_filter([],{Before,After},OutFile),
+    All = rb_filter([],{Before,from},OutFile),
+    All = rb_filter([],{After,to},OutFile),
+    [] = rb_filter([],{Before,to},OutFile),
+    [] = rb_filter([],{After,from},OutFile),
+    All = rb_filter([],{Before,After},OutFile),
 
     %%?t:format("~p~n",[All]),
-    ?line AllButLast = [{N-1,R} || {N,R} <- tl(All)],
-    ?line AllButLast = rb_filter([],{Before,Between1},OutFile),
+    AllButLast = [{N-1,R} || {N,R} <- tl(All)],
+    AllButLast = rb_filter([],{Before,Between1},OutFile),
 
-    ?line Last = hd(All),
-    ?line [Last] = rb_filter([],{Between2,After},OutFile),
+    Last = hd(All),
+    [Last] = rb_filter([],{Between2,After},OutFile),
 
     ok.
 
-filter_filter_and_date() -> filter_filter_and_date(suite).
-filter_filter_and_date(suite) -> [];
 filter_filter_and_date(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
 
     %% Insert some reports in the error log and start rb
@@ -316,102 +279,96 @@ filter_filter_and_date(Config) ->
     Between1 = calendar:local_time(),
     timer:sleep(1000),
     Between2 = calendar:local_time(),
-    ?line error_logger:error_report([{rb_SUITE,rb_test_filter}]),    
-    ?line ok = start_rb(OutFile),
+    error_logger:error_report([{rb_SUITE,rb_test_filter}]),
+    ok = start_rb(OutFile),
 
     Before = calendar:gregorian_seconds_to_datetime(
-	      calendar:datetime_to_gregorian_seconds(calendar:local_time()) - 10),
+	       calendar:datetime_to_gregorian_seconds(calendar:local_time()) - 10),
     After = calendar:gregorian_seconds_to_datetime(
 	      calendar:datetime_to_gregorian_seconds(calendar:local_time()) + 1),
 
-    ?line All = check_report(fun() -> rb:show() end,OutFile),
-    ?line Last = hd(All),
+    All = check_report(fun() -> rb:show() end,OutFile),
+    Last = hd(All),
 
-    ?line [_,_,_] = rb_filter([{rb_SUITE,"rb_test",re}],{Before,After},OutFile),
-    ?line [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],{Before,Between1},OutFile),
-    ?line [_] = rb_filter([{rb_SUITE,"rb_test",re}],{Between2,After},OutFile),
-    ?line [_] = rb_filter([{rb_SUITE,rb_test_filter}],{Before,After},OutFile),
-    ?line [] = rb_filter([{rb_SUITE,rb_test_filter}],{Before,Between1},OutFile),
-    ?line [Last] = rb_filter([{rb_SUITE,rb_test_filter,no}],{Between2,After},OutFile),
-    ?line {_,Str} = Last,
-    ?line false = contains(Str,"rb_test_filter"),
+    [_,_,_] = rb_filter([{rb_SUITE,"rb_test",re}],{Before,After},OutFile),
+    [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],{Before,Between1},OutFile),
+    [_] = rb_filter([{rb_SUITE,"rb_test",re}],{Between2,After},OutFile),
+    [_] = rb_filter([{rb_SUITE,rb_test_filter}],{Before,After},OutFile),
+    [] = rb_filter([{rb_SUITE,rb_test_filter}],{Before,Between1},OutFile),
+    [Last] = rb_filter([{rb_SUITE,rb_test_filter,no}],{Between2,After},OutFile),
+    {_,Str} = Last,
+    false = contains(Str,"rb_test_filter"),
 
     ok.
 
 
-filter_re_no() -> filter_re_no(suite).
-filter_re_no(suite) -> [];
 filter_re_no(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
     %% Insert some reports in the error log and start rb
     init_error_logs(),
-    ?line ok = start_rb(OutFile),
+    ok = start_rb(OutFile),
 
-    ?line All = check_report(fun() -> rb:show() end,OutFile),
+    All = check_report(fun() -> rb:show() end,OutFile),
 
-    ?line E = [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],OutFile),
-    ?line AllButE = rb_filter([{rb_SUITE,"rb_test",re,no}],OutFile),
+    E = [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],OutFile),
+    AllButE = rb_filter([{rb_SUITE,"rb_test",re,no}],OutFile),
 
     {_,AllRep} = lists:unzip(All),
     {_,ERep} = lists:unzip(E),
     {_,AllButERep} = lists:unzip(AllButE),
-    ?line AllButERep = AllRep -- ERep,
+    AllButERep = AllRep -- ERep,
 
     ok.
 
 
-rescan() -> rescan(suite).
-rescan(suite) -> [];
 rescan(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
-    
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+
     %% Start rb
-    ?line ok = start_rb(OutFile),
+    ok = start_rb(OutFile),
 
     %% Insert one more report and check that the list is longer. Note
     %% that there might be two more reports, since the progress report
     %% from starting rb_server might not be included before the rescan.
-    ?line AllBefore = capture(fun() -> rb:list() end),
-    ?line error_logger:error_report([{rb_SUITE,rb_test_rescan}]),
-    ?line ok = rb:rescan(),
-    ?line AllAfter = capture(fun() -> rb:list() end),
-    ?line Diff = length(AllAfter) - length(AllBefore),
-    ?line true = (Diff >= 1),
+    AllBefore = capture(fun() -> rb:list() end),
+    error_logger:error_report([{rb_SUITE,rb_test_rescan}]),
+    ok = rb:rescan(),
+    AllAfter = capture(fun() -> rb:list() end),
+    Diff = length(AllAfter) - length(AllBefore),
+    true = (Diff >= 1),
 
     ok.
 
 
-start_stop_log() -> start_stop_log(suite).
-start_stop_log(suite) -> [];
 start_stop_log(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
-    ?line ok = file:write_file(OutFile,[]),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    ok = file:write_file(OutFile,[]),
 
     %% Start rb and check that show is printed to standard_io
-    ?line ok = start_rb(),
-    ?line StdioResult = [_|_] = capture(fun() -> rb:show(1) end),
-    ?line {ok,<<>>} = file:read_file(OutFile),
-    
+    ok = start_rb(),
+    StdioResult = [_|_] = capture(fun() -> rb:show(1) end),
+    {ok,<<>>} = file:read_file(OutFile),
+
     %% Start log and check that show is printed to log and not to standad_io
-    ?line ok = rb:start_log(OutFile),
-    ?line [] = capture(fun() -> rb:show(1) end),
-    ?line {ok,Bin} = file:read_file(OutFile),
-    ?line true = (Bin =/= <<>>),
+    ok = rb:start_log(OutFile),
+    [] = capture(fun() -> rb:show(1) end),
+    {ok,Bin} = file:read_file(OutFile),
+    true = (Bin =/= <<>>),
 
     %% Stop log and check that show is printed to standard_io and not to log
-    ?line ok = rb:stop_log(),
-    ?line ok = file:write_file(OutFile,[]),
-    ?line StdioResult = capture(fun() -> rb:show(1) end),
-    ?line {ok,<<>>} = file:read_file(OutFile),
+    ok = rb:stop_log(),
+    ok = file:write_file(OutFile,[]),
+    StdioResult = capture(fun() -> rb:show(1) end),
+    {ok,<<>>} = file:read_file(OutFile),
 
     %% Test that standard_io is used if log file can not be opened
-    ?line ok = rb:start_log(filename:join(nonexistingdir,"newfile.txt")),
-    ?line StdioResult = capture(fun() -> rb:show(1) end),
-    ?line {ok,<<>>} = file:read_file(OutFile),    
+    ok = rb:start_log(filename:join(nonexistingdir,"newfile.txt")),
+    StdioResult = capture(fun() -> rb:show(1) end),
+    {ok,<<>>} = file:read_file(OutFile),
 
     ok.
 
@@ -435,7 +392,7 @@ empty_error_logs(Config) ->
     catch delete_content(?config(rb_dir, Config)),
     ok = application:start(sasl),
     wait_for_sasl().
-    
+
 wait_for_sasl() ->
     wait_for_sasl(50).
 wait_for_sasl(0) ->
@@ -448,7 +405,7 @@ wait_for_sasl(N) ->
 	    timer:sleep(100),
 	    wait_for_sasl(N-1)
     end.
-    
+
 start_rb(OutFile) ->
     do_start_rb([{start_log,OutFile}]).
 start_rb() ->
@@ -482,20 +439,20 @@ delete_content(Dir) ->
 		  Files).
 
 init_error_logs() ->        
-    ?line error_logger:error_report([{rb_SUITE,rb_test_error}]),
-    ?line error_logger:error_msg("rb_test_error_msg"),
-    ?line error_logger:info_report([{rb_SUITE,rb_test_info}]),
-    ?line error_logger:info_msg("rb_test_info_msg"),
-    ?line _Pid = start(),
-    ?line Ref = erlang:monitor(process,?MODULE),
-    ?line gen_server:cast(?MODULE,crash),
-    ?line receive {'DOWN',Ref,process,_,{rb_SUITE,rb_test_crash}} -> ok 
-	  after 2000 -> 
-		  ?t:format("Got: ~p~n",[process_info(self(),messages)]),
-		  ?t:fail("rb_SUITE server never died")
-	  end,
-    ?line erlang:demonitor(Ref),
-    ?line wait_for_server(),
+    error_logger:error_report([{rb_SUITE,rb_test_error}]),
+    error_logger:error_msg("rb_test_error_msg"),
+    error_logger:info_report([{rb_SUITE,rb_test_info}]),
+    error_logger:info_msg("rb_test_info_msg"),
+    _Pid = start(),
+    Ref = erlang:monitor(process,?MODULE),
+    gen_server:cast(?MODULE,crash),
+    receive {'DOWN',Ref,process,_,{rb_SUITE,rb_test_crash}} -> ok
+    after 2000 ->
+	    ?t:format("Got: ~p~n",[process_info(self(),messages)]),
+	    ?t:fail("rb_SUITE server never died")
+    end,
+    erlang:demonitor(Ref),
+    wait_for_server(),
     ok.
 
 wait_for_server() ->
diff --git a/lib/sasl/test/release_handler_SUITE.erl b/lib/sasl/test/release_handler_SUITE.erl
index 11f8bbe4fe..467d1226b3 100644
--- a/lib/sasl/test/release_handler_SUITE.erl
+++ b/lib/sasl/test/release_handler_SUITE.erl
@@ -59,9 +59,11 @@ win32_cases() ->
 cases() ->
     [otp_2740, otp_2760, otp_5761, otp_9402, otp_9417,
      otp_9395_check_old_code, otp_9395_check_and_purge,
-     otp_9395_update_many_mods, otp_9395_rm_many_mods,
-     instructions, eval_appup, supervisor_which_children_timeout,
-     release_handler_which_releases, install_release_syntax_check].
+     otp_9395_update_many_mods, otp_9395_rm_many_mods, otp_9864,
+     instructions, eval_appup, eval_appup_with_restart,
+     supervisor_which_children_timeout,
+     release_handler_which_releases, install_release_syntax_check,
+     upgrade_supervisor, upgrade_supervisor_fail].
 
 groups() ->
     [{release,[],
@@ -1203,6 +1205,163 @@ otp_9395_rm_many_mods(Conf) when is_list(Conf) ->
 otp_9395_rm_many_mods(cleanup,_Conf) ->
     stop_node(node_name(otp_9395_rm_many_mods)).
 
+otp_9864(Conf) ->
+    %% Set some paths
+    PrivDir = priv_dir(Conf),
+    Dir = filename:join(PrivDir,"otp_9864"),
+    RelDir = filename:join(?config(data_dir, Conf), "app1_app2"),
+    LibDir1 = filename:join(RelDir, "lib1"),
+    LibDir2 = filename:join(RelDir, "lib2"),
+
+    %% Create the releases
+    Rel1 = create_and_install_fake_first_release(Dir,
+						 [{app1,"1.0",LibDir1},
+						  {app2,"1.0",LibDir1}]),
+    Rel2 = create_fake_upgrade_release(Dir,
+				       "2",
+				       [{app1,"2.0",LibDir2},
+					{app2,"1.0",LibDir2}],
+				       {[Rel1],[Rel1],[LibDir1]}),
+    Rel1Dir = filename:dirname(Rel1),
+    Rel2Dir = filename:dirname(Rel2),
+
+    %% Start a slave node
+    {ok, Node} = t_start_node(otp_9864, Rel1, filename:join(Rel1Dir,"sys.config")),
+    
+    %% Unpack rel2 (make sure it does not work if an AppDir is bad)
+    LibDir3 = filename:join(RelDir, "lib3"),
+    {error, {no_such_directory, _}} =
+	rpc:call(Node, release_handler, set_unpacked,
+		 [Rel2++".rel", [{app1,"2.0",LibDir2}, {app2,"1.0",LibDir3}]]),
+    {ok, RelVsn2} =
+	rpc:call(Node, release_handler, set_unpacked,
+		 [Rel2++".rel", [{app1,"2.0",LibDir2}, {app2,"1.0",LibDir2}]]),
+    ok = rpc:call(Node, release_handler, install_file,
+			[RelVsn2, filename:join(Rel2Dir, "relup")]),
+    ok = rpc:call(Node, release_handler, install_file,
+			[RelVsn2, filename:join(Rel2Dir, "start.boot")]),
+    ok = rpc:call(Node, release_handler, install_file,
+			[RelVsn2, filename:join(Rel2Dir, "sys.config")]),
+
+    %% Install RelVsn2 without {update_paths, true} option
+    {ok, RelVsn1, []} =
+	rpc:call(Node, release_handler, install_release, [RelVsn2]),
+
+    %% Install RelVsn1 again
+    {ok, RelVsn1, []} =
+	rpc:call(Node, release_handler, install_release, [RelVsn1]),
+
+    TempRel2Dir = filename:join(Dir,"releases/2"),
+    file:make_symlink(TempRel2Dir, filename:join(TempRel2Dir, "foo_symlink_dir")),
+
+    %% This will fail if symlinks are not handled
+    ok = rpc:call(Node, release_handler, remove_release, [RelVsn2]),
+
+    ok.
+
+
+upgrade_supervisor(Conf) when is_list(Conf) ->
+    %% Set some paths
+    PrivDir = priv_dir(Conf),
+    Dir = filename:join(PrivDir,"upgrade_supervisor"),
+    LibDir = filename:join(?config(data_dir, Conf), "lib"),
+
+    %% Create the releases
+    Lib1 = [{a,"1.0",LibDir}],
+    Lib2 = [{a,"9.0",LibDir}],
+    Rel1 = create_and_install_fake_first_release(Dir,Lib1),
+    Rel2 = create_fake_upgrade_release(Dir,"2",Lib2,{[Rel1],[Rel1],[LibDir]}),
+    Rel1Dir = filename:dirname(Rel1),
+    Rel2Dir = filename:dirname(Rel2),
+
+    %% Start a slave node
+    {ok, Node} = t_start_node(upgrade_supervisor, Rel1,
+			      filename:join(Rel1Dir,"sys.config")),
+
+    %% Check path
+    Dir1 = filename:join([LibDir, "a-1.0"]),
+    Dir1 = rpc:call(Node, code, lib_dir, [a]),
+    ASupBeam1 = filename:join([Dir1,ebin,"a_sup.beam"]),
+    ASupBeam1 = rpc:call(Node, code, which, [a_sup]),
+
+    %% Install second release, with no changed modules
+    {ok, RelVsn2} = rpc:call(Node, release_handler, set_unpacked,
+			     [Rel2++".rel", Lib2]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "relup")]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "start.boot")]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "sys.config")]),
+
+    {ok, _RelVsn1, []} =
+	rpc:call(Node, release_handler, install_release, [RelVsn2]),
+
+    %% Check that libdir is changed
+    Dir2 = filename:join([LibDir, "a-9.0"]),
+    Dir2 = rpc:call(Node, code, lib_dir, [a]),
+    ASupBeam2 = filename:join([Dir2,ebin,"a_sup.beam"]),
+    ASupBeam2 = rpc:call(Node, code, which, [a_sup]),
+
+    %% Check that the restart strategy and child spec is updated
+    {status, _, {module, _}, [_, _, _, _, [_,_,{data,[{"State",State}]}]]} =
+	rpc:call(Node,sys,get_status,[a_sup]),
+    {state,_,RestartStrategy,[Child],_,_,_,_,_,_} = State,
+    one_for_all = RestartStrategy, % changed from one_for_one
+    {child,_,_,_,_,brutal_kill,_,_} = Child, % changed from timeout 2000
+
+    ok.
+
+%% Check that if the supervisor fails, then the upgrade is rolled back
+%% and an ok error message is returned
+upgrade_supervisor_fail(Conf) when is_list(Conf) ->
+    %% Set some paths
+    PrivDir = priv_dir(Conf),
+    Dir = filename:join(PrivDir,"upgrade_supervisor_fail"),
+    LibDir = filename:join(?config(data_dir, Conf), "lib"),
+
+    %% Create the releases
+    Lib1 = [{a,"1.0",LibDir}],
+    Lib2 = [{a,"9.1",LibDir}],
+    Rel1 = create_and_install_fake_first_release(Dir,Lib1),
+    Rel2 = create_fake_upgrade_release(Dir,"2",Lib2,{[Rel1],[Rel1],[LibDir]}),
+    Rel1Dir = filename:dirname(Rel1),
+    Rel2Dir = filename:dirname(Rel2),
+
+    %% Start a slave node
+    {ok, Node} = t_start_node(upgrade_supervisor_fail, Rel1,
+			      filename:join(Rel1Dir,"sys.config")),
+
+    %% Check path
+    Dir1 = filename:join([LibDir, "a-1.0"]),
+    Dir1 = rpc:call(Node, code, lib_dir, [a]),
+    ASupBeam1 = filename:join([Dir1,ebin,"a_sup.beam"]),
+    ASupBeam1 = rpc:call(Node, code, which, [a_sup]),
+
+    %% Install second release, with no changed modules
+    {ok, RelVsn2} = rpc:call(Node, release_handler, set_unpacked,
+			     [Rel2++".rel", Lib2]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "relup")]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "start.boot")]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "sys.config")]),
+    ok = net_kernel:monitor_nodes(true),
+
+    {error,{code_change_failed,_Pid,a_sup,_Vsn,
+	    {error,{invalid_shutdown,brutal_kil}}}} =
+	rpc:call(Node, release_handler, install_release, [RelVsn2]),
+
+    %% Check that the upgrade is terminated - normally this would mean
+    %% rollback, but since this testcase is very simplified the node
+    %% is not started with heart supervision and will therefore not be
+    %% restarted. So we just check that the node goes down.
+    receive {nodedown,Node} -> ok
+    after 10000 -> ct:fail(failed_upgrade_never_restarted_node)
+    end,
+
+    ok.
 
 
 %% Test upgrade and downgrade of applications
@@ -1226,6 +1385,12 @@ eval_appup(Conf) when is_list(Conf) ->
     App11Dir = code:lib_dir(app1),
     ok = gen_server:call(harry, error),
 
+    %% Read appup script
+    {ok,"2.0",UpScript} = release_handler:upgrade_script(app1,App12Dir),
+    [{load_object_code,_},
+     point_of_no_return,
+     {load,_}] = UpScript,
+
     %% Upgrade to app1-2.0
     {ok, []} = release_handler:upgrade_app(app1, App12Dir),
     App12Dir = code:lib_dir(app1),
@@ -1236,6 +1401,12 @@ eval_appup(Conf) when is_list(Conf) ->
     %% (see myrel/lib2/app1-2.0/ebin/app1.app)
     [{var,val2}] = ets:lookup(otp_6162, var),
 
+    %% Read appup script
+    {ok,DnScript} = release_handler:downgrade_script(app1,"1.0",App11Dir),
+    [{load_object_code,_},
+     point_of_no_return,
+     {load,_}] = DnScript,
+
     %% Downgrade to app1-1.0
     {ok, []} = release_handler:downgrade_app(app1,"1.0",App11Dir),
     App11Dir = code:lib_dir(app1),
@@ -1253,6 +1424,85 @@ eval_appup(Conf) when is_list(Conf) ->
     ok.
 
 
+%% Test upgrade and downgrade of applications when appup contains
+%% restart_emulator and restart_new_emulator instructions
+eval_appup_with_restart(Conf) when is_list(Conf) ->
+
+    %% Set some paths
+    RelDir = filename:join(?config(data_dir, Conf), "app1_app2"),
+    App11Dir = filename:join([RelDir, "lib1", "app1-1.0"]),
+    App13Dir = filename:join([RelDir, "lib3", "app1-3.0"]), %restart_emulator
+    App14Dir = filename:join([RelDir, "lib4", "app1-4.0"]), %restart_new_emulator
+    EbinDir1 = filename:join(App11Dir, "ebin"),
+    EbinDir3 = filename:join(App13Dir, "ebin"),
+    EbinDir4 = filename:join(App14Dir, "ebin"),
+
+    %% Start app1-1.0
+    code:add_patha(EbinDir1),
+    ok = application:start(app1),
+    App11Dir = code:lib_dir(app1),
+
+    %% Read appup script
+    {ok,"3.0",UpScript3} = release_handler:upgrade_script(app1,App13Dir),
+    [{load_object_code,_},
+     point_of_no_return,
+     {load,_},
+     restart_emulator] = UpScript3,
+
+    %% Upgrade to app1-3.0 - restart_emulator
+    restart_emulator = release_handler:upgrade_app(app1, App13Dir),
+    App13Dir = code:lib_dir(app1),
+
+    %% Fake full upgrade to 3.0
+    {ok,AppSpec} = file:consult(filename:join([App13Dir,"ebin","app1.app"])),
+    application_controller:change_application_data(AppSpec,[]),
+
+    %% Read appup script
+    {ok,"4.0",UpScript4} = release_handler:upgrade_script(app1,App14Dir),
+    [restart_new_emulator,point_of_no_return] = UpScript4,
+
+    %% Try pgrade to app1-4.0 - restart_new_emulator
+    {error,restart_new_emulator} = release_handler:upgrade_app(app1, App14Dir),
+    App13Dir = code:lib_dir(app1),
+
+    %% Read appup script
+    {ok,DnScript1} = release_handler:downgrade_script(app1,"1.0",App11Dir),
+    [{load_object_code,_},
+     point_of_no_return,
+     {load,_},
+     restart_emulator] = DnScript1,
+
+    %% Still running 3.0 - downgrade to app1-1.0 - restart_emulator
+    restart_emulator = release_handler:downgrade_app(app1,"1.0",App11Dir),
+    App11Dir = code:lib_dir(app1),
+
+    ok = application:stop(app1),
+    ok = application:unload(app1),
+    true = code:del_path(EbinDir1),
+
+    %% Start again as version 4.0
+    code:add_patha(EbinDir4),
+    ok = application:start(app1),
+    App14Dir = code:lib_dir(app1),
+
+    %% Read appup script
+    {ok,DnScript3} = release_handler:downgrade_script(app1,"3.0",App13Dir),
+    [point_of_no_return,restart_emulator] = DnScript3,
+
+    %% Downgrade to app1-3.0 - restart_new_emulator
+    restart_emulator = release_handler:downgrade_app(app1,"3.0",App13Dir),
+    App13Dir = code:lib_dir(app1),
+
+    ok = application:stop(app1),
+    ok = application:unload(app1),
+
+    true = code:del_path(EbinDir3),
+    false = code:del_path(EbinDir1),
+    false = code:del_path(EbinDir4),
+
+    ok.
+
+
 %% Test the example/target_system.erl module
 target_system(Conf) when is_list(Conf) ->
     PrivDir = priv_dir(Conf),
@@ -1303,6 +1553,7 @@ target_system(Conf) when is_list(Conf) ->
     KernelVsn = vsn(kernel,current),
     StdlibVsn = vsn(stdlib,current),
     SaslVsn = vsn(sasl,current),
+    RelFileBasename = filename:basename(RelFile),
     true = filelib:is_dir(filename:join(LibDir,"kernel-"++KernelVsn)),
     true = filelib:is_dir(filename:join(LibDir,"stdlib-"++StdlibVsn)),
     true = filelib:is_dir(filename:join(LibDir,"sasl-"++SaslVsn)),
@@ -1310,10 +1561,10 @@ target_system(Conf) when is_list(Conf) ->
     RelDir = filename:join(TargetInstallDir,releases),
     true = filelib:is_regular(filename:join(RelDir,"RELEASES")),
     true = filelib:is_regular(filename:join(RelDir,"start_erl.data")),
-    true = filelib:is_regular(filename:join(RelDir,
-						  filename:basename(RelFile))),
+    true = filelib:is_regular(filename:join(RelDir,RelFileBasename)),
     true = filelib:is_dir(filename:join(RelDir,RelVsn)),
     true = filelib:is_regular(filename:join([RelDir,RelVsn,"start.boot"])),
+    true = filelib:is_regular(filename:join([RelDir,RelVsn,RelFileBasename])),
     BinDir = filename:join(TargetInstallDir,bin),
     true = filelib:is_regular(filename:join(BinDir,"start.boot")),
     true = filelib:is_regular(filename:join(BinDir,erl)),
diff --git a/lib/sasl/test/release_handler_SUITE_data/Makefile.src b/lib/sasl/test/release_handler_SUITE_data/Makefile.src
index edb446413d..55d20aa8b6 100644
--- a/lib/sasl/test/release_handler_SUITE_data/Makefile.src
+++ b/lib/sasl/test/release_handler_SUITE_data/Makefile.src
@@ -5,6 +5,10 @@ P2B= \
      P2B/a-2.0/ebin/a_sup.@EMULATOR@
 
 LIB= \
+     lib/a-9.1/ebin/a.@EMULATOR@ \
+     lib/a-9.1/ebin/a_sup.@EMULATOR@ \
+     lib/a-9.0/ebin/a.@EMULATOR@ \
+     lib/a-9.0/ebin/a_sup.@EMULATOR@ \
      lib/a-1.2/ebin/a.@EMULATOR@ \
      lib/a-1.2/ebin/a_sup.@EMULATOR@ \
      lib/a-1.1/ebin/a.@EMULATOR@ \
@@ -50,7 +54,13 @@ APP= \
      app1_app2/lib2/app1-2.0/ebin/app1.@EMULATOR@ \
      app1_app2/lib2/app2-1.0/ebin/app2_sup.@EMULATOR@ \
      app1_app2/lib2/app2-1.0/ebin/app2_server.@EMULATOR@ \
-     app1_app2/lib2/app2-1.0/ebin/app2.@EMULATOR@
+     app1_app2/lib2/app2-1.0/ebin/app2.@EMULATOR@ \
+     app1_app2/lib3/app1-3.0/ebin/app1_sup.@EMULATOR@ \
+     app1_app2/lib3/app1-3.0/ebin/app1_server.@EMULATOR@ \
+     app1_app2/lib3/app1-3.0/ebin/app1.@EMULATOR@ \
+     app1_app2/lib4/app1-4.0/ebin/app1_sup.@EMULATOR@ \
+     app1_app2/lib4/app1-4.0/ebin/app1_server.@EMULATOR@ \
+     app1_app2/lib4/app1-4.0/ebin/app1.@EMULATOR@
 
 OTP2740=  \
      otp_2740/vsn_atom.@EMULATOR@ \
@@ -95,6 +105,17 @@ lib/a-1.2/ebin/a.@EMULATOR@: lib/a-1.2/src/a.erl
 lib/a-1.2/ebin/a_sup.@EMULATOR@: lib/a-1.2/src/a_sup.erl
 	erlc $(EFLAGS) -olib/a-1.2/ebin lib/a-1.2/src/a_sup.erl
 
+lib/a-9.0/ebin/a.@EMULATOR@: lib/a-9.0/src/a.erl
+	erlc $(EFLAGS) -olib/a-9.0/ebin lib/a-9.0/src/a.erl
+lib/a-9.0/ebin/a_sup.@EMULATOR@: lib/a-9.0/src/a_sup.erl
+	erlc $(EFLAGS) -olib/a-9.0/ebin lib/a-9.0/src/a_sup.erl
+
+lib/a-9.1/ebin/a.@EMULATOR@: lib/a-9.1/src/a.erl
+	erlc $(EFLAGS) -olib/a-9.1/ebin lib/a-9.1/src/a.erl
+lib/a-9.1/ebin/a_sup.@EMULATOR@: lib/a-9.1/src/a_sup.erl
+	erlc $(EFLAGS) -olib/a-9.1/ebin lib/a-9.1/src/a_sup.erl
+
+
 lib/b-1.0/ebin/b_server.@EMULATOR@: lib/b-1.0/src/b_server.erl
 	erlc $(EFLAGS) -olib/b-1.0/ebin lib/b-1.0/src/b_server.erl
 lib/b-1.0/ebin/b_lib.@EMULATOR@: lib/b-1.0/src/b_lib.erl
@@ -183,6 +204,22 @@ app1_app2/lib2/app2-1.0/ebin/app2.@EMULATOR@: app1_app2/lib2/app2-1.0/src/app2.e
 	erlc $(EFLAGS) -oapp1_app2/lib2/app2-1.0/ebin app1_app2/lib2/app2-1.0/src/app2.erl
 
 
+app1_app2/lib3/app1-3.0/ebin/app1_sup.@EMULATOR@: app1_app2/lib3/app1-3.0/src/app1_sup.erl
+	erlc $(EFLAGS) -oapp1_app2/lib3/app1-3.0/ebin app1_app2/lib3/app1-3.0/src/app1_sup.erl
+app1_app2/lib3/app1-3.0/ebin/app1_server.@EMULATOR@: app1_app2/lib3/app1-3.0/src/app1_server.erl
+	erlc $(EFLAGS) -oapp1_app2/lib3/app1-3.0/ebin app1_app2/lib3/app1-3.0/src/app1_server.erl
+app1_app2/lib3/app1-3.0/ebin/app1.@EMULATOR@: app1_app2/lib3/app1-3.0/src/app1.erl
+	erlc $(EFLAGS) -oapp1_app2/lib3/app1-3.0/ebin app1_app2/lib3/app1-3.0/src/app1.erl
+
+
+app1_app2/lib4/app1-4.0/ebin/app1_sup.@EMULATOR@: app1_app2/lib4/app1-4.0/src/app1_sup.erl
+	erlc $(EFLAGS) -oapp1_app2/lib4/app1-4.0/ebin app1_app2/lib4/app1-4.0/src/app1_sup.erl
+app1_app2/lib4/app1-4.0/ebin/app1_server.@EMULATOR@: app1_app2/lib4/app1-4.0/src/app1_server.erl
+	erlc $(EFLAGS) -oapp1_app2/lib4/app1-4.0/ebin app1_app2/lib4/app1-4.0/src/app1_server.erl
+app1_app2/lib4/app1-4.0/ebin/app1.@EMULATOR@: app1_app2/lib4/app1-4.0/src/app1.erl
+	erlc $(EFLAGS) -oapp1_app2/lib4/app1-4.0/ebin app1_app2/lib4/app1-4.0/src/app1.erl
+
+
 otp_2740/vsn_atom.@EMULATOR@: otp_2740/vsn_atom.erl
 	erlc $(EFLAGS) -ootp_2740 otp_2740/vsn_atom.erl
 otp_2740/vsn_list.@EMULATOR@: otp_2740/vsn_list.erl
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.app b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.app
new file mode 100644
index 0000000000..4adc0540c4
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.app
@@ -0,0 +1,9 @@
+{application, app1,
+ [{description, "very simple example application"},
+  {id, "app1"},
+  {vsn, "3.0"},
+  {modules, [app1, app1_sup, app1_server]},
+  {registered, [harry]},
+  {applications, [kernel, stdlib, sasl]},
+  {env, [{var,val2}]},
+  {mod, {app1, []}}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.appup b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.appup
new file mode 100644
index 0000000000..a5cdfe9fcc
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.appup
@@ -0,0 +1,4 @@
+{"3.0",
+ [{"1.0", [{load_module, app1_server},restart_emulator]}],
+ [{"1.0", [{load_module, app1_server},restart_emulator]}]
+}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1.erl
new file mode 100644
index 0000000000..f123c8f470
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1.erl
@@ -0,0 +1,22 @@
+-module(app1).
+
+-behaviour(application).
+
+%% Application callbacks
+-export([start/2, stop/1]).
+-export([config_change/3]).
+
+start(_Type, _StartArgs) ->
+    case app1_sup:start_link() of
+	{ok, Pid} ->
+	    {ok, Pid};
+	Error ->
+	    Error
+    end.
+
+stop(_State) ->
+    ok.
+
+config_change(Changed, _New, _Removed) ->
+    catch ets:insert(otp_6162, hd(Changed)),
+    ok.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_server.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_server.erl
new file mode 100644
index 0000000000..660d095ebf
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_server.erl
@@ -0,0 +1,35 @@
+-module(app1_server).
+
+-behaviour(gen_server).
+
+%% API
+-export([start_link/0]).
+
+%% gen_server callbacks
+-export([init/1, handle_call/3, handle_cast/2, handle_info/2,
+	 terminate/2, code_change/3]).
+
+start_link() ->
+    gen_server:start_link({local, harry}, ?MODULE, [], []).
+
+init([]) ->
+    {ok, []}.
+
+handle_call(error, _From, State) ->
+    Reply = error,
+    {reply, Reply, State};
+handle_call(_Request, _From, State) ->
+    Reply = ok,
+    {reply, Reply, State}.
+
+handle_cast(_Msg, State) ->
+    {noreply, State}.
+
+handle_info(_Info, State) ->
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_sup.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_sup.erl
new file mode 100644
index 0000000000..e6ad9b6967
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_sup.erl
@@ -0,0 +1,17 @@
+-module(app1_sup).
+
+-behaviour(supervisor).
+
+%% API
+-export([start_link/0]).
+
+%% Supervisor callbacks
+-export([init/1]).
+
+start_link() ->
+    supervisor:start_link(?MODULE, []).
+
+init([]) ->
+    AChild = {harry,{app1_server,start_link,[]},
+	      permanent,2000,worker,[app1_server]},
+    {ok,{{one_for_all,0,1}, [AChild]}}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.app b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.app
new file mode 100644
index 0000000000..243bc21f02
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.app
@@ -0,0 +1,9 @@
+{application, app1,
+ [{description, "very simple example application"},
+  {id, "app1"},
+  {vsn, "4.0"},
+  {modules, [app1, app1_sup, app1_server]},
+  {registered, [harry]},
+  {applications, [kernel, stdlib, sasl]},
+  {env, [{var,val2}]},
+  {mod, {app1, []}}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.appup b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.appup
new file mode 100644
index 0000000000..72535c8b34
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.appup
@@ -0,0 +1,4 @@
+{"4.0",
+ [{"3.0", [restart_new_emulator]}],
+ [{"3.0", [restart_new_emulator]}]
+}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1.erl
new file mode 100644
index 0000000000..f123c8f470
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1.erl
@@ -0,0 +1,22 @@
+-module(app1).
+
+-behaviour(application).
+
+%% Application callbacks
+-export([start/2, stop/1]).
+-export([config_change/3]).
+
+start(_Type, _StartArgs) ->
+    case app1_sup:start_link() of
+	{ok, Pid} ->
+	    {ok, Pid};
+	Error ->
+	    Error
+    end.
+
+stop(_State) ->
+    ok.
+
+config_change(Changed, _New, _Removed) ->
+    catch ets:insert(otp_6162, hd(Changed)),
+    ok.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_server.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_server.erl
new file mode 100644
index 0000000000..660d095ebf
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_server.erl
@@ -0,0 +1,35 @@
+-module(app1_server).
+
+-behaviour(gen_server).
+
+%% API
+-export([start_link/0]).
+
+%% gen_server callbacks
+-export([init/1, handle_call/3, handle_cast/2, handle_info/2,
+	 terminate/2, code_change/3]).
+
+start_link() ->
+    gen_server:start_link({local, harry}, ?MODULE, [], []).
+
+init([]) ->
+    {ok, []}.
+
+handle_call(error, _From, State) ->
+    Reply = error,
+    {reply, Reply, State};
+handle_call(_Request, _From, State) ->
+    Reply = ok,
+    {reply, Reply, State}.
+
+handle_cast(_Msg, State) ->
+    {noreply, State}.
+
+handle_info(_Info, State) ->
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_sup.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_sup.erl
new file mode 100644
index 0000000000..e6ad9b6967
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_sup.erl
@@ -0,0 +1,17 @@
+-module(app1_sup).
+
+-behaviour(supervisor).
+
+%% API
+-export([start_link/0]).
+
+%% Supervisor callbacks
+-export([init/1]).
+
+start_link() ->
+    supervisor:start_link(?MODULE, []).
+
+init([]) ->
+    AChild = {harry,{app1_server,start_link,[]},
+	      permanent,2000,worker,[app1_server]},
+    {ok,{{one_for_all,0,1}, [AChild]}}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/README b/lib/sasl/test/release_handler_SUITE_data/lib/README
index 639a4ca0fb..ffb8c5120b 100644
--- a/lib/sasl/test/release_handler_SUITE_data/lib/README
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/README
@@ -8,6 +8,14 @@ a-1.2:
 can be upgraded to from a-1.1.
 No module have changed, but priv dir is added including one 'file'
 
+a-9.0:
+can be upgrade to from a-1.0
+Changes a_sup correctly - to test successful upgrade of supervisor
+
+a-9.1:
+can be upgrade to from a-1.0
+Changes a_sup faulty - to test failing upgrade of supervisor
+
 b-1.0:
 start version, includes b_lib and b_server
 
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.app b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.app
new file mode 100644
index 0000000000..aa436d3e8c
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.app
@@ -0,0 +1,8 @@
+{application, a,
+	     [{description, "A  CXC 138 11"},
+              {vsn, "9.0"},
+	      {modules, [a, a_sup]},
+	      {registered, [a_sup]},
+	      {applications, [kernel, stdlib]},
+	      {env, [{key1, val1}]},
+	      {mod, {a_sup, []}}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.appup b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.appup
new file mode 100644
index 0000000000..c4071d57a3
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.appup
@@ -0,0 +1,3 @@
+{"9.0",
+ [{"1.0",[{update,a_sup,{advanced,update_supervisor}}]}],
+ [{"1.0",[{update,a_sup,{advanced,update_supervisor}}]}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a.erl b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a.erl
new file mode 100644
index 0000000000..1050e53f35
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a.erl
@@ -0,0 +1,56 @@
+%% ``The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved via the world wide web at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
+%% Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
+%% AB. All Rights Reserved.''
+%%
+%%     $Id$
+%%
+-module(a).
+
+
+-behaviour(gen_server).
+
+%% External exports
+-export([start_link/0, a/0, b/0]).
+%% Internal exports
+-export([init/1, handle_call/3, handle_info/2, terminate/2, code_change/3]).
+
+start_link() -> gen_server:start_link({local, aa}, a, [], []).
+
+a() -> gen_server:call(aa, a).
+b() -> gen_server:call(aa, b).
+
+%%-----------------------------------------------------------------
+%% Callback functions from gen_server
+%%-----------------------------------------------------------------
+init([]) ->
+    process_flag(trap_exit, true),
+    {ok, {state, bval}}.
+
+handle_call(a, _From, State) ->
+    X = application:get_all_env(a),
+    {reply, X, State};
+
+handle_call(b, _From, State) ->
+    {reply, {ok, element(2, State)}, State}.
+
+handle_info(_, State) ->
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(1, Extra, State) ->
+    {ok, {state, bval}};
+code_change({down,1},Extra,State) ->
+    {ok, state}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a_sup.erl b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a_sup.erl
new file mode 100644
index 0000000000..ae1d080f58
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a_sup.erl
@@ -0,0 +1,37 @@
+%% ``The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved via the world wide web at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
+%% Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
+%% AB. All Rights Reserved.''
+%%
+%%     $Id$
+%%
+-module(a_sup).
+
+
+-behaviour(supervisor).
+
+%% External exports
+-export([start/2]).
+
+%% Internal exports
+-export([init/1]).
+
+start(_, _) ->
+    supervisor:start_link({local, a_sup}, a_sup, []).
+
+init([]) ->
+    SupFlags = {one_for_all, 4, 3600},
+    Config = {a,
+	      {a, start_link, []},
+	      permanent, brutal_kill, worker, [a]},
+    {ok, {SupFlags, [Config]}}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.app b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.app
new file mode 100644
index 0000000000..5b467ec4e8
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.app
@@ -0,0 +1,8 @@
+{application, a,
+	     [{description, "A  CXC 138 11"},
+              {vsn, "9.1"},
+	      {modules, [a, a_sup]},
+	      {registered, [a_sup]},
+	      {applications, [kernel, stdlib]},
+	      {env, [{key1, val1}]},
+	      {mod, {a_sup, []}}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.appup b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.appup
new file mode 100644
index 0000000000..efeb7f1fe3
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.appup
@@ -0,0 +1,3 @@
+{"9.1",
+ [{"1.0",[{update,a_sup,{advanced,update_supervisor}}]}],
+ [{"1.0",[{update,a_sup,{advanced,update_supervisor}}]}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a.erl b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a.erl
new file mode 100644
index 0000000000..1050e53f35
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a.erl
@@ -0,0 +1,56 @@
+%% ``The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved via the world wide web at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
+%% Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
+%% AB. All Rights Reserved.''
+%%
+%%     $Id$
+%%
+-module(a).
+
+
+-behaviour(gen_server).
+
+%% External exports
+-export([start_link/0, a/0, b/0]).
+%% Internal exports
+-export([init/1, handle_call/3, handle_info/2, terminate/2, code_change/3]).
+
+start_link() -> gen_server:start_link({local, aa}, a, [], []).
+
+a() -> gen_server:call(aa, a).
+b() -> gen_server:call(aa, b).
+
+%%-----------------------------------------------------------------
+%% Callback functions from gen_server
+%%-----------------------------------------------------------------
+init([]) ->
+    process_flag(trap_exit, true),
+    {ok, {state, bval}}.
+
+handle_call(a, _From, State) ->
+    X = application:get_all_env(a),
+    {reply, X, State};
+
+handle_call(b, _From, State) ->
+    {reply, {ok, element(2, State)}, State}.
+
+handle_info(_, State) ->
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(1, Extra, State) ->
+    {ok, {state, bval}};
+code_change({down,1},Extra,State) ->
+    {ok, state}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a_sup.erl b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a_sup.erl
new file mode 100644
index 0000000000..b0597dc5c3
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a_sup.erl
@@ -0,0 +1,37 @@
+%% ``The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved via the world wide web at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
+%% Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
+%% AB. All Rights Reserved.''
+%%
+%%     $Id$
+%%
+-module(a_sup).
+
+
+-behaviour(supervisor).
+
+%% External exports
+-export([start/2]).
+
+%% Internal exports
+-export([init/1]).
+
+start(_, _) ->
+    supervisor:start_link({local, a_sup}, a_sup, []).
+
+init([]) ->
+    SupFlags = {one_for_all, 4, 3600},
+    Config = {a,
+	      {a, start_link, []},
+	      permanent, brutal_kil, worker, [a]},
+    {ok, {SupFlags, [Config]}}.
diff --git a/lib/sasl/test/sasl_SUITE.erl b/lib/sasl/test/sasl_SUITE.erl
index 195324daa0..b6eaf41323 100644
--- a/lib/sasl/test/sasl_SUITE.erl
+++ b/lib/sasl/test/sasl_SUITE.erl
@@ -20,15 +20,15 @@
 -include_lib("common_test/include/ct.hrl").
 
 
-% Default timetrap timeout (set in init_per_testcase).
+%% Default timetrap timeout (set in init_per_testcase).
 -define(default_timeout, ?t:minutes(1)).
 -define(application, sasl).
 
-% Test server specific exports
+%% Test server specific exports
 -export([all/0,groups/0,init_per_group/2,end_per_group/2]).
 -export([init_per_testcase/2, end_per_testcase/2]).
 
-% Test cases must be exported.
+%% Test cases must be exported.
 -export([app_test/1,
 	 appup_test/1,
 	 log_mf_h_env/1]).
@@ -47,7 +47,7 @@ end_per_group(_GroupName, Config) ->
 
 
 init_per_testcase(_Case, Config) ->
-    ?line Dog=test_server:timetrap(?default_timeout),
+    Dog=test_server:timetrap(?default_timeout),
     [{watchdog, Dog}|Config].
 end_per_testcase(_Case, Config) ->
     Dog=?config(watchdog, Config),
@@ -55,7 +55,7 @@ end_per_testcase(_Case, Config) ->
     ok.
 
 app_test(Config) when is_list(Config) ->
-    ?line ?t:app_test(sasl, allow),
+    ?t:app_test(sasl, allow),
     ok.
 
 %% Test that appup allows upgrade from/downgrade to a maximum of two
@@ -67,11 +67,11 @@ appup_test(_Config) ->
     {ok,[{SaslVsn,UpFrom,DownTo}=Appup]} =
 	file:consult(filename:join(Ebin,"sasl.appup")),
     ct:log("~p~n",[Appup]),
-    ?line {OkVsns,NokVsns} = create_test_vsns(SaslVsn),
-    ?line check_appup(OkVsns,UpFrom,{ok,[restart_new_emulator]}),
-    ?line check_appup(OkVsns,DownTo,{ok,[restart_new_emulator]}),
-    ?line check_appup(NokVsns,UpFrom,error),
-    ?line check_appup(NokVsns,DownTo,error),
+    {OkVsns,NokVsns} = create_test_vsns(SaslVsn),
+    check_appup(OkVsns,UpFrom,{ok,[restart_new_emulator]}),
+    check_appup(OkVsns,DownTo,{ok,[restart_new_emulator]}),
+    check_appup(NokVsns,UpFrom,error),
+    check_appup(NokVsns,DownTo,error),
     ok.
 
 
diff --git a/lib/sasl/test/systools_SUITE.erl b/lib/sasl/test/systools_SUITE.erl
index 892c4994e8..4cf7364d74 100644
--- a/lib/sasl/test/systools_SUITE.erl
+++ b/lib/sasl/test/systools_SUITE.erl
@@ -28,9 +28,9 @@
 
 -module(systools_SUITE).
 
-%-define(debug, true).
+%%-define(debug, true).
 
--include_lib("test_server/include/test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
 -define(format(S, A), ok).
 -define(datadir, ?config(data_dir, Config)).
 -define(privdir, ?config(priv_dir, Config)).
@@ -40,20 +40,22 @@
 
 -export([all/0,suite/0,groups/0,init_per_group/2,end_per_group/2]).
 
--export([ script_options/1, normal_script/1, no_mod_vsn_script/1,
-	  wildcard_script/1, variable_script/1, no_sasl_script/1,
-	  abnormal_script/1, src_tests_script/1, crazy_script/1,
-	  warn_shadow_script/1,
-	  included_script/1, included_override_script/1,
-	  included_fail_script/1, included_bug_script/1, exref_script/1]).
--export([ tar_options/1, normal_tar/1, no_mod_vsn_tar/1, variable_tar/1,
-	  src_tests_tar/1, shadow_tar/1, var_tar/1,
-	  exref_tar/1, link_tar/1, otp_9507/1]).
--export([ normal_relup/1, restart_relup/1, abnormal_relup/1, no_sasl_relup/1,
-	  no_appup_relup/1, bad_appup_relup/1, app_start_type_relup/1,
-	  regexp_relup/1, otp_3065/1]).
--export([otp_6226/1]).
+-export([script_options/1, normal_script/1, no_mod_vsn_script/1,
+	 wildcard_script/1, variable_script/1, no_sasl_script/1,
+	 abnormal_script/1, src_tests_script/1, crazy_script/1,
+	 included_script/1, included_override_script/1,
+	 included_fail_script/1, included_bug_script/1, exref_script/1,
+	 otp_3065_circular_dependenies/1]).
+-export([tar_options/1, normal_tar/1, no_mod_vsn_tar/1, system_files_tar/1,
+	 system_files_tar/2, invalid_system_files_tar/1,
+	 invalid_system_files_tar/2, variable_tar/1,
+	 src_tests_tar/1, var_tar/1, exref_tar/1, link_tar/1,
+	 otp_9507_path_ebin/1]).
+-export([normal_relup/1, restart_relup/1, abnormal_relup/1, no_sasl_relup/1,
+	 no_appup_relup/1, bad_appup_relup/1, app_start_type_relup/1,
+	 regexp_relup/1]).
 -export([normal_hybrid/1,hybrid_no_old_sasl/1,hybrid_no_new_sasl/1]).
+-export([otp_6226_outdir/1]).
 -export([init_per_suite/1, end_per_suite/1, 
 	 init_per_testcase/2, end_per_testcase/2]).
 
@@ -69,26 +71,26 @@ suite() ->
 
 all() -> 
     [{group, script}, {group, tar}, {group, relup}, {group, hybrid},
-     {group, tickets}].
+     {group, options}].
 
 groups() -> 
     [{script, [],
       [script_options, normal_script, no_mod_vsn_script,
        wildcard_script, variable_script, abnormal_script,
        no_sasl_script, src_tests_script, crazy_script,
-       warn_shadow_script, included_script, included_override_script,
+       included_script, included_override_script,
        included_fail_script, included_bug_script, exref_script,
-       otp_3065]},
+       otp_3065_circular_dependenies]},
      {tar, [],
-      [tar_options, normal_tar, no_mod_vsn_tar, variable_tar,
-       src_tests_tar, shadow_tar, var_tar,
-       exref_tar, link_tar, otp_9507]},
+      [tar_options, normal_tar, no_mod_vsn_tar, system_files_tar,
+       invalid_system_files_tar, variable_tar,
+       src_tests_tar, var_tar, exref_tar, link_tar, otp_9507_path_ebin]},
      {relup, [],
       [normal_relup, restart_relup, abnormal_relup, no_sasl_relup,
        no_appup_relup, bad_appup_relup, app_start_type_relup, regexp_relup
       ]},
      {hybrid, [], [normal_hybrid,hybrid_no_old_sasl,hybrid_no_new_sasl]},
-     {tickets, [], [otp_6226]}].
+     {options, [], [otp_6226_outdir]}].
 
 init_per_group(_GroupName, Config) ->
     Config.
@@ -103,17 +105,17 @@ init_per_suite(Config) when is_list(Config) ->
     %% Make of copy of the data directory.
     DataDir = ?datadir,
     PrivDir = ?privdir,
-    ?line CopyDir = fname(PrivDir, "datacopy"),
-    ?line TarFile = fname(PrivDir, "datacopy.tgz"),
-    ?line {ok, Tar} = erl_tar:open(TarFile, [write, compressed]),
-    ?line ok = erl_tar:add(Tar, DataDir, CopyDir, [compressed]),
-    ?line ok = erl_tar:close(Tar),
-    ?line ok = erl_tar:extract(TarFile, [compressed]),
-    ?line ok = file:delete(TarFile),
+    CopyDir = fname(PrivDir, "datacopy"),
+    TarFile = fname(PrivDir, "datacopy.tgz"),
+    {ok, Tar} = erl_tar:open(TarFile, [write, compressed]),
+    ok = erl_tar:add(Tar, DataDir, CopyDir, [compressed]),
+    ok = erl_tar:close(Tar),
+    ok = erl_tar:extract(TarFile, [compressed]),
+    ok = file:delete(TarFile),
 
     %% Compile source files in the copy directory.
-    ?line Sources = filelib:wildcard(fname([CopyDir,'*','*','*','*','*.erl'])),
-    ?line lists:foreach(fun compile_source/1, Sources),
+    Sources = filelib:wildcard(fname([CopyDir,'*','*','*','*','*.erl'])),
+    lists:foreach(fun compile_source/1, Sources),
 
     %% To use in end_per_testcase
     Path = code:get_path(),
@@ -144,10 +146,13 @@ init_per_testcase(link_tar, Config) ->
 	{win32, _} -> {skip, "Skip on windows"}
     end;
 init_per_testcase(_Case, Config) ->
-    ?line Dog = test_server:timetrap(?default_timeout),
+    Dog = test_server:timetrap(?default_timeout),
     [{watchdog, Dog}|Config].
 
-end_per_testcase(_Case, Config) ->
+end_per_testcase(Case, Config) ->
+    try apply(?MODULE,Case,[cleanup,Config])
+    catch error:undef -> ok
+    end,
     Dog=?config(watchdog, Config),
     test_server:timetrap_cancel(Dog),
     case {?config(path,Config),?config(cwd,Config)} of
@@ -175,528 +180,468 @@ end_per_testcase(_Case, Config) ->
 %%
 
 
-%% make_script
-%%
-script_options(suite) -> [];
-script_options(doc) ->
-    ["Check illegal script options."];
+%% make_script: Check illegal script options
 script_options(Config) when is_list(Config) ->
-    ?line {'EXIT',{{badarg,[{path,["Path",12,"Another"]}]}, _}} =
-       (catch systools:make_script("release", [{path,["Path",12,"Another"]}])),
-    ?line {'EXIT',{{badarg,[sillent]}, _}} =
+    {'EXIT',{{badarg,[{path,["Path",12,"Another"]}]}, _}} =
+	(catch systools:make_script("release", [{path,["Path",12,"Another"]}])),
+    {'EXIT',{{badarg,[sillent]}, _}} =
 	(catch systools:make_script("release",
 				    [{path,["Path","Another"]},sillent])),
-    ?line {'EXIT',{{badarg,[locall]}, _}} =
+    {'EXIT',{{badarg,[locall]}, _}} =
 	(catch systools:make_script("release",
 				    [{path,["Path","Another"]},locall])),
-    ?line {'EXIT',{{badarg,[src_testsxx]}, _}} =
+    {'EXIT',{{badarg,[src_testsxx]}, _}} =
 	(catch systools:make_script("release",
 				    [{path,["Path"]},src_testsxx])),
-    ?line {'EXIT',{{badarg,[{variables, {"TEST", "/home/lib"}}]}, _}} =
+    {'EXIT',{{badarg,[{variables, {"TEST", "/home/lib"}}]}, _}} =
 	(catch systools:make_script("release",
 				    [{variables, {"TEST", "/home/lib"}}])),
-    ?line {'EXIT',{{badarg,[{variables, [{a, b}, {"a", "b"}]}]}, _}} =
+    {'EXIT',{{badarg,[{variables, [{a, b}, {"a", "b"}]}]}, _}} =
 	(catch systools:make_script("release",
 				    [{variables, [{a, b}, {"a", "b"}]}])),
-    ?line {'EXIT',{{badarg,[exreff]}, _}} =
+    {'EXIT',{{badarg,[exreff]}, _}} =
 	(catch systools:make_script("release",
 				    [{path,["Path","Another"]},exreff])),
-    ?line {'EXIT',{{badarg,[{exref,["appl"]}]}, _}} =
+    {'EXIT',{{badarg,[{exref,["appl"]}]}, _}} =
 	(catch systools:make_script("release", [{exref,["appl"]}])),
-    ?line {'EXIT',{{badarg,[{machine, "appl"}]}, _}} =
+    {'EXIT',{{badarg,[{machine, "appl"}]}, _}} =
 	(catch systools:make_script("release", [{machine,"appl"}])),
     ok.
 
 
-%% make_script
-%%
-normal_script(suite) -> [];
-normal_script(doc) ->
-    ["Check that make_script handles normal case."];
+%% make_script: Check that normal case
 normal_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
+    {ok, OldDir} = file:get_cwd(),
+    PSAVE = code:get_path(),		% Save path
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P1 = fname([LibDir, 'db-2.1', ebin]),
-    ?line P2 = fname([LibDir, 'fe-3.1', ebin]),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P1 = fname([LibDir, 'db-2.1', ebin]),
+    P2 = fname([LibDir, 'fe-3.1', ebin]),
 
-    ?line true = code:add_patha(P1),
-    ?line true = code:add_patha(P2),
+    true = code:add_patha(P1),
+    true = code:add_patha(P2),
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line ok = systools:make_script(filename:basename(LatestName)),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    ok = systools:make_script(filename:basename(LatestName)),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
     %% Check the same but w. silent flag
-    ?line {ok, _, []} = systools:make_script(LatestName, [silent]),
+    {ok, _, []} = systools:make_script(LatestName, [silent]),
 
     %% Use the local option
-    ?line ok = systools:make_script(LatestName, [local]),
-    ?line ok = check_script_path(LatestName),
+    ok = systools:make_script(LatestName, [local]),
+    ok = check_script_path(LatestName),
 
     %% use the path option
-    ?line code:set_path(PSAVE),			% Restore path
+    code:set_path(PSAVE),			% Restore path
     %% Mess up std path:
-    ?line true = code:add_patha(fname([LibDir, 'db-1.0', ebin])),
-    ?line true = code:add_patha(fname([LibDir, 'fe-2.1', ebin])),
+    true = code:add_patha(fname([LibDir, 'db-1.0', ebin])),
+    true = code:add_patha(fname([LibDir, 'fe-2.1', ebin])),
 
-    ?line error = systools:make_script(LatestName),	%should fail
-    ?line ok = systools:make_script(LatestName,[{path, [P1, P2]}]),
+    error = systools:make_script(LatestName),	%should fail
+    ok = systools:make_script(LatestName,[{path, [P1, P2]}]),
 
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),			% Restore path
+    ok = file:set_cwd(OldDir),
+    code:set_path(PSAVE),			% Restore path
     ok.
 
 
-%% make_script
-%%
-no_mod_vsn_script(suite) -> [];
-no_mod_vsn_script(doc) ->
-    ["Check that make_script handles normal case.",
-     "Modules specified without version in .app file (db-3.1)."
-     "Note that this is now the normal way - i.e. systools now "
-     "ignores the module versions in the .app file."];
+%% make_script:
+%% Modules specified without version in .app file (db-3.1).
+%% Note that this is now the normal way - i.e. systools now ignores
+%% the module versions in the .app file.
 no_mod_vsn_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
+    {ok, OldDir} = file:get_cwd(),
+    PSAVE = code:get_path(),		% Save path
 
-    ?line {LatestDir, LatestName} = create_script(latest_no_mod_vsn,Config),
+    {LatestDir, LatestName} = create_script(latest_no_mod_vsn,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P1 = fname([LibDir, 'db-3.1', ebin]),
-    ?line P2 = fname([LibDir, 'fe-3.1', ebin]),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P1 = fname([LibDir, 'db-3.1', ebin]),
+    P2 = fname([LibDir, 'fe-3.1', ebin]),
 
-    ?line true = code:add_patha(P1),
-    ?line true = code:add_patha(P2),
+    true = code:add_patha(P1),
+    true = code:add_patha(P2),
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line ok = systools:make_script(filename:basename(LatestName)),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    ok = systools:make_script(filename:basename(LatestName)),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
     %% Check the same but w. silent flag
-    ?line {ok, _, []} = systools:make_script(LatestName, [silent]),
+    {ok, _, []} = systools:make_script(LatestName, [silent]),
 
     %% Use the local option
-    ?line ok = systools:make_script(LatestName, [local]),
-    ?line ok = check_script_path(LatestName),
+    ok = systools:make_script(LatestName, [local]),
+    ok = check_script_path(LatestName),
 
     %% use the path option
-    ?line code:set_path(PSAVE),			% Restore path
+    code:set_path(PSAVE),			% Restore path
     %% Mess up std path:
-    ?line true = code:add_patha(fname([LibDir, 'db-1.0', ebin])),
-    ?line true = code:add_patha(fname([LibDir, 'fe-2.1', ebin])),
+    true = code:add_patha(fname([LibDir, 'db-1.0', ebin])),
+    true = code:add_patha(fname([LibDir, 'fe-2.1', ebin])),
 
-    ?line error = systools:make_script(LatestName),	%should fail
-    ?line ok = systools:make_script(LatestName,
-				    [{path, [P1, P2]}]),
+    error = systools:make_script(LatestName),	%should fail
+    ok = systools:make_script(LatestName,
+			      [{path, [P1, P2]}]),
 
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),			% Restore path
+    ok = file:set_cwd(OldDir),
+    code:set_path(PSAVE),			% Restore path
     ok.
 
 
-%% make_script
-%%
-wildcard_script(suite) -> [];
-wildcard_script(doc) ->
-    ["Check that make_script handles wildcards in path."];
+%% make_script: Check that make_script handles wildcards in path.
 wildcard_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line WildDir = fname([LibDir, '*', ebin]),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    WildDir = fname([LibDir, '*', ebin]),
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line error = systools:make_script(filename:basename(LatestName)),
+    error = systools:make_script(filename:basename(LatestName)),
 
-    ?line ok = systools:make_script(LatestName,
-				    [{path, [WildDir]}]),
+    ok = systools:make_script(LatestName,
+			      [{path, [WildDir]}]),
 
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% make_script
-%%
-variable_script(suite) -> [];
-variable_script(doc) ->
-    ["Add own installation dependent variable in script."];
+%% make_script: Add own installation dependent variable in script.
 variable_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line ok = systools:make_script(LatestName,
-				    [{path, P},
-				     {variables, [{"TEST", LibDir}]}]),
+    ok = systools:make_script(LatestName,
+			      [{path, P},
+			       {variables, [{"TEST", LibDir}]}]),
 
     %% Check variables
-    ?line ok = check_var_script_file([fname(['$TEST', 'db-2.1', ebin]),
-				      fname(['$TEST', 'fe-3.1', ebin])],
-				     P,
-				     LatestName),
+    ok = check_var_script_file([fname(['$TEST', 'db-2.1', ebin]),
+				fname(['$TEST', 'fe-3.1', ebin])],
+			       P,
+			       LatestName),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_script
-%%
-abnormal_script(suite) -> [];
-abnormal_script(doc) ->
-    ["Abnormal cases."];
+%% make_script: Abnormal cases.
 abnormal_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
+    DataDir = filename:absname(?copydir),
 
-    ?line ok = file:set_cwd(LatestDir),
-    ?line LibDir = fname([DataDir, d_bad_app_vsn, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    ok = file:set_cwd(LatestDir),
+    LibDir = fname([DataDir, d_bad_app_vsn, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
     %% Check wrong app vsn
-    ?line error = systools:make_script(LatestName, [{path, P}]),
-    ?line {error,
-	   systools_make,
-	   [{error_reading, {db, {no_valid_version,
-				  {{"should be","2.1"},
-				   {"found file", _, "2.0"}}}}}]} =
+    error = systools:make_script(LatestName, [{path, P}]),
+    {error,
+     systools_make,
+     [{error_reading, {db, {no_valid_version,
+			    {{"should be","2.1"},
+			     {"found file", _, "2.0"}}}}}]} =
 	systools:make_script(LatestName, [silent, {path, P}]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% make_script
-%%
-no_sasl_script(suite) -> [];
-no_sasl_script(doc) ->
-    ["Create script without sasl appl. Check warning."];
+%% make_script: Create script without sasl appl. Check warning.
 no_sasl_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest1_no_sasl,Config),
+    {LatestDir, LatestName} = create_script(latest1_no_sasl,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = [fname([DataDir, d_normal, lib])],
-    ?line P = [fname([LibDir, '*', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _ , [{warning,missing_sasl}]} =
+    {ok, _ , [{warning,missing_sasl}]} =
 	systools:make_script(LatestName,[{path, P},silent]),
 
-    ?line ok = file:set_cwd(OldDir),
+    {ok, _ , []} =
+	systools:make_script(LatestName,[{path, P},silent, no_warn_sasl]),
+
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% make_script
-%%
-src_tests_script(suite) -> [];
-src_tests_script(doc) ->
-    ["Do not check date of object file or that source code can be found."];
+%% make_script: Do not check date of object file or that source code
+%% can be found.
 src_tests_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
+    {ok, OldDir} = file:get_cwd(),
+    PSAVE = code:get_path(),		% Save path
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
-    ?line BootFile = LatestName ++ ".boot",
+    {LatestDir, LatestName} = create_script(latest,Config),
+    BootFile = LatestName ++ ".boot",
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_missing_src, lib]),
-    ?line P1 = fname([LibDir, 'db-2.1', ebin]),
-    ?line P2 = fname([LibDir, 'fe-3.1', ebin]),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_missing_src, lib]),
+    P1 = fname([LibDir, 'db-2.1', ebin]),
+    P2 = fname([LibDir, 'fe-3.1', ebin]),
     N = [P1, P2],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% Manipulate the modification date of a beam file so it seems
     %% older than its .erl file
-    ?line Erl = filename:join([P1,"..","src","db1.erl"]),
-    ?line {ok, FileInfo=#file_info{mtime={{Y,M,D},T}}} = file:read_file_info(Erl),
-    ?line Beam = filename:join(P1,"db1.beam"),
-    ?line ok=file:write_file_info(Beam, FileInfo#file_info{mtime={{Y-1,M,D},T}}),
+    Erl = filename:join([P1,"..","src","db1.erl"]),
+    {ok, FileInfo=#file_info{mtime={{Y,M,D},T}}} = file:read_file_info(Erl),
+    Beam = filename:join(P1,"db1.beam"),
+    ok=file:write_file_info(Beam, FileInfo#file_info{mtime={{Y-1,M,D},T}}),
 
     %% Remove a .erl file
-    ?line Erl2 = filename:join([P1,"..","src","db2.erl"]),
-    ?line file:delete(Erl2),
+    Erl2 = filename:join([P1,"..","src","db2.erl"]),
+    file:delete(Erl2),
 
     %% Then make script
 
     %% .boot file should not exist
-    ?line ok = file:delete(BootFile),
-    ?line false = filelib:is_regular(BootFile),
+    ok = file:delete(BootFile),
+    false = filelib:is_regular(BootFile),
     %% With warnings_as_errors and src_tests option, an error should be issued
-    ?line error =
+    error =
 	systools:make_script(LatestName, [silent, {path, N}, src_tests,
 					  warnings_as_errors]),
-    ?line error =
+    error =
 	systools:make_script(LatestName, [{path, N}, src_tests,
 					  warnings_as_errors]),
 
     %% due to warnings_as_errors .boot file should still not exist
-    ?line false = filelib:is_regular(BootFile),
+    false = filelib:is_regular(BootFile),
 
     %% Two warnings should be issued when src_tests is given
     %% 1. old object code for db1.beam
     %% 2. missing source code for db2.beam
-    ?line {ok, _, [{warning,{obj_out_of_date,_}},
-		   {warning,{source_not_found,_}}]} =
+    {ok, _, [{warning,{obj_out_of_date,_}},
+	     {warning,{source_not_found,_}}]} =
 	systools:make_script(LatestName, [silent, {path, N}, src_tests]),
 
     %% .boot file should exist now
-    ?line true = filelib:is_regular(BootFile),
+    true = filelib:is_regular(BootFile),
 
     %% Without the src_tests option, no warning should be issued
-    ?line {ok, _, []} =
+    {ok, _, []} =
 	systools:make_script(LatestName, [silent, {path, N}]),
 
     %% Check that the old no_module_tests option (from the time when
     %% it was default to do the src_test) is ignored
-    ?line {ok, _, [{warning,{obj_out_of_date,_}},
-		   {warning,{source_not_found,_}}]} =
+    {ok, _, [{warning,{obj_out_of_date,_}},
+	     {warning,{source_not_found,_}}]} =
 	systools:make_script(LatestName, [silent,
 					  {path, N},
 					  no_module_tests,
 					  src_tests]),
 
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),
+    ok = file:set_cwd(OldDir),
+    code:set_path(PSAVE),
     ok.
 
-%% make_script
-%%
-warn_shadow_script(suite) -> [];
-warn_shadow_script(doc) ->
-    ["Check that jam file out of date warning doesn't",
-     "shadow bad module version error."];
-warn_shadow_script(Config) when is_list(Config) ->
-    %% This test has been removed since the 'vsn' attribute is
-    %% not used any more, starting with R6. No warning
-    %% 'obj_out_of_date' seemed to be generated.
-    true.
-
-
-%% make_script
-%%
-crazy_script(suite) -> [];
-crazy_script(doc) ->
-    ["Do the crazy cases."];
+%% make_script: Do the crazy cases.
 crazy_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest, Config),
+    {LatestDir, LatestName} = create_script(latest, Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% Run with bad path
-    ?line error = systools:make_script(LatestName),
-    ?line {error, _, [{error_reading, _}, {error_reading, _}]} =
+    error = systools:make_script(LatestName),
+    {error, _, [{error_reading, _}, {error_reading, _}]} =
 	systools:make_script(LatestName, [silent]),
 
     %% Run with .rel file lacking kernel
-    ?line {LatestDir2, LatestName2} = create_script(latest_nokernel, Config),
-    ?line ok = file:set_cwd(LatestDir2),
+    {LatestDir2, LatestName2} = create_script(latest_nokernel, Config),
+    ok = file:set_cwd(LatestDir2),
 
-    ?line error = systools:make_script(LatestName2),
-    ?line {error, _, {missing_mandatory_app,[kernel,stdlib]}} =
+    error = systools:make_script(LatestName2),
+    {error, _, {missing_mandatory_app,kernel}} =
 	systools:make_script(LatestName2, [silent,{path,P}]),
 
-    ?line ok = file:set_cwd(OldDir),
+    %% Run with .rel file with non-permanent kernel
+    {LatestDir3, LatestName3} = create_script(latest_kernel_start_type, Config),
+    ok = file:set_cwd(LatestDir3),
+
+    error = systools:make_script(LatestName3),
+    {error, _, {mandatory_app,kernel,load}} =
+	systools:make_script(LatestName3, [silent,{path,P}]),
+
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_script
-%%
-included_script(suite) -> [];
-included_script(doc) ->
-    ["Check that make_script handles generation of script",
-     "for applications with included applications."];
+%% make_script: Check that make_script handles generation of script
+%% for applications with included applications.
 included_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {LatestDir, LatestName} = create_include_files(inc1, Config),
-    ?line ok = file:set_cwd(LatestDir),
-    ?line ok = systools:make_script(LatestName),
-    ?line ok = check_include_script(LatestName,
-				    [t1, t2, t3, t5, t4, t6],
-				    [t1, t3, t6]),
-    ?line ok = file:set_cwd(OldDir),
+    {ok, OldDir} = file:get_cwd(),
+    {LatestDir, LatestName} = create_include_files(inc1, Config),
+    ok = file:set_cwd(LatestDir),
+    ok = systools:make_script(LatestName),
+    ok = check_include_script(LatestName,
+			      [t1, t2, t3, t5, t4, t6],
+			      [t1, t3, t6]),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_script
-%%
-included_override_script(suite) -> [];
-included_override_script(doc) ->
-    ["Check that make_script handles generation of script",
-     "for applications with included applications which are override by",
-     "the .rel file."];
+%% make_script: Check that make_script handles generation of script
+%% for applications with included applications which are override by
+%% the .rel file.
 included_override_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {LatestDir, LatestName} = create_include_files(inc2, Config),
-    ?line ok = file:set_cwd(LatestDir),
-    ?line ok = systools:make_script(LatestName),
-    ?line ok = check_include_script(LatestName,
-				    [t1, t2, t3, t4, t6, t5],
-				    [t1, t3, t6, t5]),
-
-    ?line {_, LatestName1} = create_include_files(inc3, Config),
-    ?line ok = systools:make_script(LatestName1),
-    ?line ok = check_include_script(LatestName1,
-				    [t3, t5, t4, t6, t1, t2],
-				    [t3, t6, t1, t2]),
-
-    ?line {_, LatestName2} = create_include_files(inc4, Config),
-    ?line ok = systools:make_script(LatestName2),
-    ?line ok = check_include_script(LatestName2,
-				    [t3, t4, t6, t5, t1, t2],
-				    [t3, t6, t5, t1, t2]),
-
-    ?line {_, LatestName3} = create_include_files(inc5, Config),
-    ?line ok = systools:make_script(LatestName3),
-    ?line ok = check_include_script(LatestName3,
-				    [t3, t4, t6, t1, t2],
-				    [t3, t6, t1, t2]),
-
-    ?line ok = file:set_cwd(OldDir),
+    {ok, OldDir} = file:get_cwd(),
+    {LatestDir, LatestName} = create_include_files(inc2, Config),
+    ok = file:set_cwd(LatestDir),
+    ok = systools:make_script(LatestName),
+    ok = check_include_script(LatestName,
+			      [t1, t2, t3, t4, t6, t5],
+			      [t1, t3, t6, t5]),
+
+    {_, LatestName1} = create_include_files(inc3, Config),
+    ok = systools:make_script(LatestName1),
+    ok = check_include_script(LatestName1,
+			      [t3, t5, t4, t6, t1, t2],
+			      [t3, t6, t1, t2]),
+
+    {_, LatestName2} = create_include_files(inc4, Config),
+    ok = systools:make_script(LatestName2),
+    ok = check_include_script(LatestName2,
+			      [t3, t4, t6, t5, t1, t2],
+			      [t3, t6, t5, t1, t2]),
+
+    {_, LatestName3} = create_include_files(inc5, Config),
+    ok = systools:make_script(LatestName3),
+    ok = check_include_script(LatestName3,
+			      [t3, t4, t6, t1, t2],
+			      [t3, t6, t1, t2]),
+
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_script
-%%
-included_fail_script(suite) -> [];
-included_fail_script(doc) ->
-    ["Check that make_script handles errors then generating",
-     "script with included applications."];
+%% make_script: Check that make_script handles errors then generating
+%% script with included applications.
 included_fail_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {LatestDir, LatestName} = create_include_files(inc6, Config),
-    ?line ok = file:set_cwd(LatestDir),
-    ?line {error, _, {undefined_applications,[t2]}} =
+    {ok, OldDir} = file:get_cwd(),
+    {LatestDir, LatestName} = create_include_files(inc6, Config),
+    ok = file:set_cwd(LatestDir),
+    {error, _, {undefined_applications,[t2]}} =
 	systools:make_script(LatestName, [silent]),
 
-    ?line {_, LatestName1} = create_include_files(inc7, Config),
-    ?line {error, _, {duplicate_include,[{{t5,t7,_,_},{t5,t6,_,_}}]}} =
+    {_, LatestName1} = create_include_files(inc7, Config),
+    {error, _, {duplicate_include,[{{t5,t7,_,_},{t5,t6,_,_}}]}} =
 	systools:make_script(LatestName1, [silent]),
 
-    ?line {_, LatestName3} = create_include_files(inc9, Config),
-    ?line {error, _, {circular_dependencies,[{t10,_},{t8,_}]}} =
+    {_, LatestName3} = create_include_files(inc9, Config),
+    {error, _, {circular_dependencies,[{t10,_},{t8,_}]}} =
 	systools:make_script(LatestName3, [silent]),
 
-    ?line {_, LatestName4} = create_include_files(inc10, Config),
-    ?line {error, _, [{error_reading,{t9,{override_include,[t7]}}}]} =
+    {_, LatestName4} = create_include_files(inc10, Config),
+    {error, _, [{error_reading,{t9,{override_include,[t7]}}}]} =
 	systools:make_script(LatestName4, [silent]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_script
-%%
-included_bug_script(suite) -> [];
-included_bug_script(doc) ->
-    ["Check that make_script handles generation of script",
-     "with difficult dependency for included applications."];
+%% make_script: Check that make_script handles generation of script
+%% with difficult dependency for included applications.
 included_bug_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {LatestDir, LatestName} = create_include_files(inc11, Config),
-    ?line ok = file:set_cwd(LatestDir),
-    ?line ok = systools:make_script(LatestName),
-    ?line ok = check_include_script(LatestName,
-				    [t13, t11, t12],
-				    [t11, t12]),
-    ?line ok = file:set_cwd(OldDir),
+    {ok, OldDir} = file:get_cwd(),
+    {LatestDir, LatestName} = create_include_files(inc11, Config),
+    ok = file:set_cwd(LatestDir),
+    ok = systools:make_script(LatestName),
+    ok = check_include_script(LatestName,
+			      [t13, t11, t12],
+			      [t11, t12]),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% make_script
-%%
-otp_3065(suite) -> [];
-otp_3065(doc) ->
-    ["Circular dependencies in systools:make_script()."];
-otp_3065(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {LatestDir, LatestName} = create_include_files(otp_3065, Config),
-    ?line ok = file:set_cwd(LatestDir),
-    ?line ok = systools:make_script(LatestName),
-    ?line ok = check_include_script(LatestName,
-				    [aa12, chAts, chTraffic],
-				    [chTraffic]),
-    ?line ok = file:set_cwd(OldDir),
+%% make_script: Circular dependencies in systools:make_script().
+otp_3065_circular_dependenies(Config) when is_list(Config) ->
+    {ok, OldDir} = file:get_cwd(),
+    {LatestDir, LatestName} =
+	create_include_files(otp_3065_circular_dependenies, Config),
+    ok = file:set_cwd(LatestDir),
+    ok = systools:make_script(LatestName),
+    ok = check_include_script(LatestName,
+			      [aa12, chAts, chTraffic],
+			      [chTraffic]),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% make_script
-%%
-exref_script(suite) -> [];
-exref_script(doc) ->
-    ["Check that make_script exref option works."];
+%% make_script: Check that make_script exref option works.
 exref_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
+    {ok, OldDir} = file:get_cwd(),
+    PSAVE = code:get_path(),		% Save path
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName, [{path,P}, silent]),
+    {ok, _, _} = systools:make_script(LatestName, [{path,P}, silent]),
 
     %% Complete exref
-    ?line {ok, _, W1} = 
+    {ok, _, W1} =
 	systools:make_script(LatestName, [exref, {path,P}, silent]),
-    ?line check_exref_warnings(with_db1, W1),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    check_exref_warnings(with_db1, W1),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
     %% Only exref the db application.
-    ?line {ok, _, W2} =
+    {ok, _, W2} =
 	systools:make_script(LatestName, [{exref,[db]}, {path,P}, silent]),
-    ?line check_exref_warnings(with_db1, W2),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    check_exref_warnings(with_db1, W2),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
     %% Only exref the fe application.
-    ?line {ok, _, W3} =
+    {ok, _, W3} =
 	systools:make_script(LatestName, [{exref,[fe]}, {path,P}, silent]),
-    ?line check_exref_warnings(without_db1, W3),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    check_exref_warnings(without_db1, W3),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
     %% exref the db and stdlib applications.
-    ?line {ok, _, W4} =
+    {ok, _, W4} =
 	systools:make_script(LatestName, [{exref,[db,stdlib]}, {path,P}, silent]),
-    ?line check_exref_warnings(with_db1, W4),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),			% Restore path
+    check_exref_warnings(with_db1, W4),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
+    ok = file:set_cwd(OldDir),
+    code:set_path(PSAVE),			% Restore path
     ok.
 
 check_exref_warnings(with_db1, W) ->
@@ -726,11 +671,11 @@ filter({ok, W}) ->
     {ok, filter(W)};
 filter(L) ->
     lists:filter(fun%({hipe_consttab,_,_}) -> false;
-		    ({int,_,_}) -> false;
-		    ({i,_,_}) -> false;
-		    ({crypto,_,_}) -> false;
-		    (_) -> true
-		 end,
+		     ({int,_,_}) -> false;
+		     ({i,_,_}) -> false;
+		     ({crypto,_,_}) -> false;
+		     (_) -> true
+		end,
 		 L).
 
 get_exref1(T, [{warning, {T, Value}}|_]) -> {ok, Value};
@@ -750,197 +695,268 @@ no_hipe({ok, Value}) ->
 	    {ok, Value}
     end.
 
-%% tar_options
-%%
-tar_options(suite) -> [];
-tar_options(doc) ->
-    ["Check illegal tar options."];
+%% tar_options: Check illegal tar options.
 tar_options(Config) when is_list(Config) ->
-    ?line {'EXIT',{{badarg,[{path,["Path",12,"Another"]}]}, _}} =
+    {'EXIT',{{badarg,[{path,["Path",12,"Another"]}]}, _}} =
 	(catch systools:make_tar("release", [{path,["Path",12,"Another"]}])),
-    ?line {'EXIT',{{badarg,[sillent]}, _}} =
+    {'EXIT',{{badarg,[sillent]}, _}} =
 	(catch systools:make_tar("release",
 				 [{path,["Path","Another"]},sillent])),
-    ?line {'EXIT',{{badarg,[{dirs,["dirs"]}]}, _}} =
+    {'EXIT',{{badarg,[{dirs,["dirs"]}]}, _}} =
 	(catch systools:make_tar("release", [{dirs, ["dirs"]}])),
-    ?line {'EXIT',{{badarg,[{erts, illegal}]}, _}} =
+    {'EXIT',{{badarg,[{erts, illegal}]}, _}} =
 	(catch systools:make_tar("release", [{erts, illegal}])),
-    ?line {'EXIT',{{badarg,[src_testsxx]}, _}} =
+    {'EXIT',{{badarg,[src_testsxx]}, _}} =
 	(catch systools:make_tar("release",
 				 [{path,["Path"]},src_testsxx])),
-    ?line {'EXIT',{{badarg,[{variables, [{a, b}, {"a", "b"}]}]}, _}} =
+    {'EXIT',{{badarg,[{variables, [{a, b}, {"a", "b"}]}]}, _}} =
 	(catch systools:make_tar("release",
 				 [{variables, [{a, b}, {"a", "b"}]}])),
-    ?line {'EXIT',{{badarg,[{var_tar, illegal}]}, _}} =
+    {'EXIT',{{badarg,[{var_tar, illegal}]}, _}} =
 	(catch systools:make_tar("release", [{var_tar, illegal}])),
-    ?line {'EXIT',{{badarg,[exreff]}, _}} =
+    {'EXIT',{{badarg,[exreff]}, _}} =
 	(catch systools:make_tar("release",
 				 [{path,["Path","Another"]},exreff])),
-    ?line {'EXIT',{{badarg,[{exref,["appl"]}]}, _}} =
+    {'EXIT',{{badarg,[{exref,["appl"]}]}, _}} =
 	(catch systools:make_tar("release", [{exref,["appl"]}])),
-    ?line {'EXIT',{{badarg,[{machine, "appl"}]}, _}} =
+    {'EXIT',{{badarg,[{machine, "appl"}]}, _}} =
 	(catch systools:make_tar("release", [{machine,"appl"}])),
     ok.
 
 
-%% normal_tar
-%%
-normal_tar(suite) -> [];
-normal_tar(doc) ->
-    ["Check normal case"];
+%% make_tar: Check normal case
 normal_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
-    ?line ok = systools:make_tar(LatestName, [{path, P}]),
-    ?line ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
-    ?line {ok, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
-    ?line ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
+    {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
+    ok = systools:make_tar(LatestName, [{path, P}]),
+    ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
+    {ok, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
+    ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% no_mod_vsn_tar
-%%
-no_mod_vsn_tar(suite) -> [];
-no_mod_vsn_tar(doc) ->
-    ["Check normal case",
-     "Modules specified without version in .app file (db-3.1)."
-     "Note that this is now the normal way - i.e. systools now "
-     "ignores the module versions in the .app file."];
+%% make_tar: Modules specified without version in .app file (db-3.1).
+%% Note that this is now the normal way - i.e. systools now ignores
+%% the module versions in the .app file.
 no_mod_vsn_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest_no_mod_vsn,Config),
+    {LatestDir, LatestName} = create_script(latest_no_mod_vsn,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-3.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-3.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
-    ?line ok = systools:make_tar(LatestName, [{path, P}]),
-    ?line ok = check_tar(fname([lib,'db-3.1',ebin,'db.app']), LatestName),
-    ?line {ok, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
-    ?line ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
+    {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
+    ok = systools:make_tar(LatestName, [{path, P}]),
+    ok = check_tar(fname([lib,'db-3.1',ebin,'db.app']), LatestName),
+    {ok, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
+    ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% variable_tar
-%%
-variable_tar(suite) -> [];
-variable_tar(doc) ->
-    ["Use variable and create separate tar (included in generated tar)."];
+
+%% make_tar: Check that relup or sys.config are included if they exist
+system_files_tar(Config) ->
+    {ok, OldDir} = file:get_cwd(),
+
+    {LatestDir, LatestName} = create_script(latest,Config),
+
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
+
+    ok = file:set_cwd(LatestDir),
+
+    %% Add dummy relup and sys.config
+    ok = file:write_file("sys.config","[].\n"),
+    ok = file:write_file("relup","{\"LATEST\",[],[]}.\n"),
+
+    {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
+    ok = systools:make_tar(LatestName, [{path, P}]),
+    ok = check_tar(fname(["releases","LATEST","sys.config"]), LatestName),
+    ok = check_tar(fname(["releases","LATEST","relup"]), LatestName),
+    {ok, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
+    ok = check_tar(fname(["releases","LATEST","sys.config"]), LatestName),
+    ok = check_tar(fname(["releases","LATEST","relup"]), LatestName),
+
+    ok = file:set_cwd(OldDir),
+
+    ok.
+
+system_files_tar(cleanup,Config) ->
+    Dir = ?privdir,
+    file:delete(filename:join(Dir,"sys.config")),
+    file:delete(filename:join(Dir,"relup")),
+    ok.
+
+
+%% make_tar: Check that make_tar fails if relup or sys.config exist
+%% but do not have valid content
+invalid_system_files_tar(Config) ->
+    {ok, OldDir} = file:get_cwd(),
+
+    {LatestDir, LatestName} = create_script(latest,Config),
+
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
+
+    ok = file:set_cwd(LatestDir),
+
+    {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
+
+    %% Add dummy relup and sys.config - faulty sys.config
+    ok = file:write_file("sys.config","[]\n"), %!!! syntax error - missing '.'
+    ok = file:write_file("relup","{\"LATEST\",[],[]}.\n"),
+
+    error = systools:make_tar(LatestName, [{path, P}]),
+    {error,_,{tar_error,{add,"sys.config",[{error,_}]}}} =
+	systools:make_tar(LatestName, [{path, P}, silent]),
+
+    %% Add dummy relup and sys.config - faulty sys.config
+    ok = file:write_file("sys.config","[x,y].\n"), %!!! faulty format
+    ok = file:write_file("relup","{\"LATEST\",[],[]}.\n"),
+
+    error = systools:make_tar(LatestName, [{path, P}]),
+    {error,_,{tar_error,{add,"sys.config",[invalid_format]}}} =
+	systools:make_tar(LatestName, [{path, P}, silent]),
+
+    %% Add dummy relup and sys.config - faulty relup
+    ok = file:write_file("sys.config","[]\n"),
+    ok = file:write_file("relup","{\"LATEST\"\n"), %!!! syntax error - truncated
+
+    error = systools:make_tar(LatestName, [{path, P}]),
+    {error,_,{tar_error,{add,"relup",[{error,_}]}}} =
+	systools:make_tar(LatestName, [{path, P}, silent]),
+
+    %% Add dummy relup and sys.config - faulty relup
+    ok = file:write_file("sys.config","[]\n"),
+    ok = file:write_file("relup","[].\n"), %!!! faulty format
+
+    error = systools:make_tar(LatestName, [{path, P}]),
+    {error,_,{tar_error,{add,"relup",[invalid_format]}}} =
+	systools:make_tar(LatestName, [{path, P}, silent]),
+
+    ok = file:set_cwd(OldDir),
+
+    ok.
+
+invalid_system_files_tar(cleanup,Config) ->
+    Dir = ?privdir,
+    file:delete(filename:join(Dir,"sys.config")),
+    file:delete(filename:join(Dir,"relup")),
+    ok.
+
+
+%% make_tar: Use variable and create separate tar (included in generated tar).
 variable_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName,
-					    [silent,
-					     {path, P},
-					     {variables,[{"TEST", LibDir}]}]),
+    {ok, _, _} = systools:make_script(LatestName,
+				      [silent,
+				       {path, P},
+				       {variables,[{"TEST", LibDir}]}]),
 
-    ?line ok = systools:make_tar(LatestName, [{path, P},
-					      {variables,[{"TEST", LibDir}]}]),
-    ?line ok = check_var_tar("TEST", LatestName),
+    ok = systools:make_tar(LatestName, [{path, P},
+					{variables,[{"TEST", LibDir}]}]),
+    ok = check_var_tar("TEST", LatestName),
 
-    ?line {ok, _, _} = systools:make_tar(LatestName,
-					 [{path, P}, silent,
-					  {variables,[{"TEST", LibDir}]}]),
-    ?line ok = check_var_tar("TEST", LatestName),
+    {ok, _, _} = systools:make_tar(LatestName,
+				   [{path, P}, silent,
+				    {variables,[{"TEST", LibDir}]}]),
+    ok = check_var_tar("TEST", LatestName),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% link_tar
-%%
-link_tar(suite) -> [];
-link_tar(doc) ->
-    ["Check that symlinks in applications are handled correctly"];
+%% make_tar: Check that symlinks in applications are handled correctly.
 link_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_links, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_links, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
     %% Make some links
-    ?line Db1Erl = fname(['db-2.1',src,'db1.erl']),
-    ?line NormalDb1Erl = fname([DataDir,d_normal,lib,Db1Erl]),
-    ?line LinkDb1Erl = fname([LibDir, Db1Erl]),
-    ?line ok = file:make_symlink(NormalDb1Erl, LinkDb1Erl),
-    ?line Db1Beam = fname(['db-2.1',ebin,'db1.beam']),
-    ?line NormalDb1Beam = fname([DataDir,d_normal,lib,Db1Beam]),
-    ?line LinkDb1Beam = fname([LibDir, Db1Beam]),
-    ?line ok = file:make_symlink(NormalDb1Beam, LinkDb1Beam),
-    ?line FeApp = fname(['fe-3.1',ebin,'fe.app']),
-    ?line NormalFeApp = fname([DataDir,d_normal,lib,FeApp]),
-    ?line LinkFeApp = fname([LibDir, FeApp]),
-    ?line ok = file:make_symlink(NormalFeApp, LinkFeApp),
-    
+    Db1Erl = fname(['db-2.1',src,'db1.erl']),
+    NormalDb1Erl = fname([DataDir,d_normal,lib,Db1Erl]),
+    LinkDb1Erl = fname([LibDir, Db1Erl]),
+    ok = file:make_symlink(NormalDb1Erl, LinkDb1Erl),
+    Db1Beam = fname(['db-2.1',ebin,'db1.beam']),
+    NormalDb1Beam = fname([DataDir,d_normal,lib,Db1Beam]),
+    LinkDb1Beam = fname([LibDir, Db1Beam]),
+    ok = file:make_symlink(NormalDb1Beam, LinkDb1Beam),
+    FeApp = fname(['fe-3.1',ebin,'fe.app']),
+    NormalFeApp = fname([DataDir,d_normal,lib,FeApp]),
+    LinkFeApp = fname([LibDir, FeApp]),
+    ok = file:make_symlink(NormalFeApp, LinkFeApp),
+
     %% Create the tar and check that the linked files are included as
     %% regular files
-    ?line ok = file:set_cwd(LatestDir),
-
-    ?line {ok,_,[]} = systools:make_script(LatestName, [{path, P},silent]),
-
-    ?line {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent]),
-    ?line ok = check_tar_regular(?privdir,
-				 [fname([lib,FeApp]),
-				  fname([lib,Db1Beam])],
-				 LatestName),
-    
-    ?line {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent,
-						       {dirs, [src]}]),
-    ?line ok = check_tar_regular(?privdir,
-				 [fname([lib,FeApp]),
-				  fname([lib,Db1Beam]),
-				  fname([lib,Db1Erl])],
-				 LatestName),
-
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(LatestDir),
+
+    {ok,_,[]} = systools:make_script(LatestName, [{path, P},silent]),
+
+    {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent]),
+    ok = check_tar_regular(?privdir,
+			   [fname([lib,FeApp]),
+			    fname([lib,Db1Beam])],
+			   LatestName),
+
+    {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent,
+						 {dirs, [src]}]),
+    ok = check_tar_regular(?privdir,
+			   [fname([lib,FeApp]),
+			    fname([lib,Db1Beam]),
+			    fname([lib,Db1Erl])],
+			   LatestName),
+
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% src_tests_tar
-%%
-src_tests_tar(suite) -> [];
-src_tests_tar(doc) ->
-    ["Do not check date of object file or that source code can be found."];
+%% make_tar: Do not check date of object file or that source code can be found.
 src_tests_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_missing_src, lib]),
-    ?line P1 = fname([LibDir, 'db-2.1', ebin]),
-    ?line P2 = fname([LibDir, 'fe-3.1', ebin]),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_missing_src, lib]),
+    P1 = fname([LibDir, 'db-2.1', ebin]),
+    P2 = fname([LibDir, 'fe-3.1', ebin]),
     P = [P1, P2],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% Manipulate the modification date of a beam file so it seems
     %% older than the .erl file
@@ -950,362 +966,308 @@ src_tests_tar(Config) when is_list(Config) ->
     ok = file:write_file_info(Beam, FileInfo#file_info{mtime={{Y-1,M,D},T}}),
 
     %% Remove a .erl file
-    ?line Erl2 = filename:join([P1,"..","src","db2.erl"]),
-    ?line file:delete(Erl2),
+    Erl2 = filename:join([P1,"..","src","db2.erl"]),
+    file:delete(Erl2),
 
-    ?line ok = systools:make_script(LatestName, [{path, P}]),
+    ok = systools:make_script(LatestName, [{path, P}]),
 
     %% Then make tar - two warnings should be issued when
     %% src_tests is given
     %% 1. old object code for db1.beam
     %% 2. missing source code for db2.beam
-    ?line {ok, _, [{warning,{obj_out_of_date,_}},
-    		   {warning,{source_not_found,_}}]} =
+    {ok, _, [{warning,{obj_out_of_date,_}},
+	     {warning,{source_not_found,_}}]} =
 	systools:make_tar(LatestName, [{path, P}, silent,
 				       {dirs, [src]},
 				       src_tests]),
-    ?line ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
+    ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
 
     %% Without the src_tests option, no warning should be issued
-    ?line {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent,
-						       {dirs, [src]}]),
-    ?line ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
+    {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent,
+						 {dirs, [src]}]),
+    ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
 
     %% Check that the old no_module_tests option (from the time when
     %% it was default to do the src_test) is ignored
-    ?line {ok, _, [{warning,{obj_out_of_date,_}},
-    		   {warning,{source_not_found,_}}]} =
+    {ok, _, [{warning,{obj_out_of_date,_}},
+	     {warning,{source_not_found,_}}]} =
 	systools:make_tar(LatestName, [{path, P}, silent,
 				       {dirs, [src]},
 				       no_module_tests,
 				       src_tests]),
-    ?line ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
+    ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% shadow_tar
-%%
-shadow_tar(suite) -> [];
-shadow_tar(doc) ->
-    ["Check that jam file out of date warning doesn't",
-     "shadow bad module version error."];
-shadow_tar(Config) when is_list(Config) ->
-    % This test has been commented out since the 'vsn' attribute is not used
-    % any more, starting with R6. No warning 'obj_out_of_date' seemed to be
-    % generated.
-    true;
-shadow_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
-
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
-
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, 'd_bad_mod+warn', lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
-
-    ?line ok = file:set_cwd(LatestDir),
-
-    ?line {error, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
-    ?line {error, _, _} = systools:make_tar(LatestName, [{path, P}, silent,
-							 {dirs, [src]}]),
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),
-    ok.
 
-
-%% var_tar
-%%
-var_tar(suite) -> [];
-var_tar(doc) ->
-    ["Check that make_tar handles generation and placement of tar",
-     "files for variables outside the main tar file.",
-     "Test the {var_tar, include | ownfile | omit} option."];
+%% make_tar: Check that make_tar handles generation and placement of
+%% tar files for variables outside the main tar file.
+%% Test the {var_tar, include | ownfile | omit} optio.
 var_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
+    {ok, OldDir} = file:get_cwd(),
+    PSAVE = code:get_path(),		% Save path
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName,
-					    [silent,
-					     {path, P},
-					     {variables,[{"TEST", LibDir}]}]),
+    {ok, _, _} = systools:make_script(LatestName,
+				      [silent,
+				       {path, P},
+				       {variables,[{"TEST", LibDir}]}]),
 
-    ?line ok = systools:make_tar(LatestName, [{path, P},
-					      {var_tar, ownfile},
-					      {variables,[{"TEST", LibDir}]}]),
+    ok = systools:make_tar(LatestName, [{path, P},
+					{var_tar, ownfile},
+					{variables,[{"TEST", LibDir}]}]),
 
-    ?line true = exists_tar_file("TEST"), %% Also removes the file !
-    ?line {error, {not_generated, _}} = check_var_tar("TEST", LatestName),
+    true = exists_tar_file("TEST"), %% Also removes the file !
+    {error, {not_generated, _}} = check_var_tar("TEST", LatestName),
 
-    ?line ok = systools:make_tar(LatestName, [{path, P},
-					      {var_tar, omit},
-					      {variables,[{"TEST", LibDir}]}]),
+    ok = systools:make_tar(LatestName, [{path, P},
+					{var_tar, omit},
+					{variables,[{"TEST", LibDir}]}]),
 
-    ?line {error, {not_generated, _}} = check_var_tar("TEST", LatestName),
-    ?line false = exists_tar_file("TEST"),
+    {error, {not_generated, _}} = check_var_tar("TEST", LatestName),
+    false = exists_tar_file("TEST"),
 
-    ?line ok = systools:make_tar(LatestName, [{path, P},
-					      {var_tar, include},
-					      {variables,[{"TEST", LibDir}]}]),
+    ok = systools:make_tar(LatestName, [{path, P},
+					{var_tar, include},
+					{variables,[{"TEST", LibDir}]}]),
 
-    ?line ok = check_var_tar("TEST", LatestName),
-    ?line false = exists_tar_file("TEST"),
+    ok = check_var_tar("TEST", LatestName),
+    false = exists_tar_file("TEST"),
 
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),
+    ok = file:set_cwd(OldDir),
+    code:set_path(PSAVE),
     ok.
 
 
-%% exref_tar
-%%
-exref_tar(suite) -> [];
-exref_tar(doc) ->
-    ["Check exref option."];
+%% make_tar: Check exref option.
 exref_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
+    {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
 
     %% Complete exref
-    ?line {ok, _, W1} =
+    {ok, _, W1} =
 	systools:make_tar(LatestName, [exref, {path, P}, silent]),
-    ?line check_exref_warnings(with_db1, W1),
-    ?line ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
+    check_exref_warnings(with_db1, W1),
+    ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
 
     %% Only exref the db application.
-    ?line {ok, _, W2} =
+    {ok, _, W2} =
 	systools:make_tar(LatestName, [{exref, [db]}, {path, P}, silent]),
-    ?line check_exref_warnings(with_db1, W2),
-    ?line ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
+    check_exref_warnings(with_db1, W2),
+    ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
 
     %% Only exref the fe application.
-    ?line {ok, _, W3} =
+    {ok, _, W3} =
 	systools:make_tar(LatestName, [{exref, [fe]}, {path, P}, silent]),
-    ?line check_exref_warnings(without_db1, W3),
-    ?line ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
+    check_exref_warnings(without_db1, W3),
+    ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
 
     %% exref the db and stdlib applications.
-    ?line {ok, _, W4} =
+    {ok, _, W4} =
 	systools:make_tar(LatestName, [{exref, [db, stdlib]},
 				       {path, P}, silent]),
-    ?line check_exref_warnings(with_db1, W4),
-    ?line ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
+    check_exref_warnings(with_db1, W4),
+    ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
 
-%% otp_9507
-%%
-otp_9507(suite) -> [];
-otp_9507(doc) ->
-    ["make_tar failed when path given as just 'ebin'."];
-otp_9507(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+%% make_tar: OTP-9507 - make_tar failed when path given as just 'ebin'.
+otp_9507_path_ebin(Config) when is_list(Config) ->
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest_small,Config),
+    {LatestDir, LatestName} = create_script(latest_small,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line FeDir = fname([LibDir, 'fe-3.1']),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    FeDir = fname([LibDir, 'fe-3.1']),
 
-    ?line ok = file:set_cwd(FeDir),
+    ok = file:set_cwd(FeDir),
 
     RelName = fname([LatestDir,LatestName]),
 
-    ?line P1 = ["./ebin",
-		fname([DataDir, lib, kernel, ebin]),
-		fname([DataDir, lib, stdlib, ebin]),
-		fname([DataDir, lib, sasl, ebin])],
-    ?line {ok, _, _} = systools:make_script(RelName, [silent, {path, P1}]),
-    ?line ok = systools:make_tar(RelName, [{path, P1}]),
-    ?line Content1 = tar_contents(RelName),
+    P1 = ["./ebin",
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
+    {ok, _, _} = systools:make_script(RelName, [silent, {path, P1}]),
+    ok = systools:make_tar(RelName, [{path, P1}]),
+    Content1 = tar_contents(RelName),
 
-    ?line P2 = ["ebin",
-		fname([DataDir, lib, kernel, ebin]),
-		fname([DataDir, lib, stdlib, ebin]),
-		fname([DataDir, lib, sasl, ebin])],
+    P2 = ["ebin",
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
 
     %% Tickets solves the following line - it used to fail with
     %% {function_clause,[{filename,join,[[]]},...}
-    ?line ok = systools:make_tar(RelName, [{path, P2}]),
-    ?line Content2 = tar_contents(RelName),
+    ok = systools:make_tar(RelName, [{path, P2}]),
+    Content2 = tar_contents(RelName),
     true = (Content1 == Content2),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
 
     ok.
 
 
-%% The relup stuff.
-%%
-%%
-
-
-%% make_relup
-%%
-normal_relup(suite) -> [];
-normal_relup(doc) ->
-    ["Check normal case"];
+%% make_relup: Check normal case
 normal_relup(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir,LatestName}   = create_script(latest0,Config),
-    ?line {_LatestDir1,LatestName1} = create_script(latest1,Config),
-    ?line {_LatestDir2,LatestName2} = create_script(latest2,Config),
+    {LatestDir,LatestName}   = create_script(latest0,Config),
+    {_LatestDir1,LatestName1} = create_script(latest1,Config),
+    {_LatestDir2,LatestName2} = create_script(latest2,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = [fname([DataDir, d_normal, lib])],
-    ?line P = [fname([LibDir, '*', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% This is the ultra normal case
-    ?line ok = systools:make_relup(LatestName, [LatestName1], [LatestName1],
-				   [{path, P}]),
-    ?line ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
-    ?line {ok, _, _, []} =
+    ok = systools:make_relup(LatestName, [LatestName1], [LatestName1],
+			     [{path, P}]),
+    ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
+    {ok, _, _, []} =
 	systools:make_relup(LatestName, [LatestName1], [LatestName1],
 			    [{path, P}, silent]),
-    ?line ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
+    ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
 
     %% file should not be written if warnings_as_errors is enabled.
     %% delete before running tests.
-    ?line ok = file:delete("relup"),
+    ok = file:delete("relup"),
 
     %% Check that warnings are treated as errors
-    ?line error =
+    error =
 	systools:make_relup(LatestName, [LatestName2], [LatestName1],
 			    [{path, P}, warnings_as_errors]),
-    ?line error =
+    error =
 	systools:make_relup(LatestName, [LatestName2], [LatestName1],
 			    [{path, P}, silent, warnings_as_errors]),
 
     %% relup file should not exist
-    ?line false = filelib:is_regular("relup"),
+    false = filelib:is_regular("relup"),
 
     %% Check that warnings get through
-    ?line ok = systools:make_relup(LatestName, [LatestName2], [LatestName1],
-				   [{path, P}]),
-    ?line ok = check_relup([{fe, "3.1"}, {db, "2.1"}], [{db, "1.0"}]),
-    ?line {ok, _, _, [pre_R15_emulator_upgrade,{erts_vsn_changed, _}]} =
+    ok = systools:make_relup(LatestName, [LatestName2], [LatestName1],
+			     [{path, P}]),
+    ok = check_relup([{fe, "3.1"}, {db, "2.1"}], [{db, "1.0"}]),
+    {ok, _, _, [pre_R15_emulator_upgrade,{erts_vsn_changed, _}]} =
 	systools:make_relup(LatestName, [LatestName2], [LatestName1],
 			    [{path, P}, silent]),
-    ?line ok = check_relup([{fe, "3.1"}, {db, "2.1"}], [{db, "1.0"}]),
+    ok = check_relup([{fe, "3.1"}, {db, "2.1"}], [{db, "1.0"}]),
 
     %% relup file should exist now
-    ?line true = filelib:is_regular("relup"),
+    true = filelib:is_regular("relup"),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-restart_relup(suite) -> [];
-restart_relup(doc) ->
-    ["Test relup which includes emulator restart"];
+%% make_relup: Test relup which includes emulator restart.
 restart_relup(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir,LatestName}   = create_script(latest0,Config),
-    ?line {_LatestDir1,LatestName1} = create_script(latest1,Config),
-    ?line {_LatestDir0CurrErts,LatestName0CurrErts} =
+    {LatestDir,LatestName}   = create_script(latest0,Config),
+    {_LatestDir1,LatestName1} = create_script(latest1,Config),
+    {_LatestDir0CurrErts,LatestName0CurrErts} =
 	create_script(latest0_current_erts,Config),
-    ?line {_CurrentAllDir,CurrentAllName} = create_script(current_all,Config),
-    ?line {_CurrentAllFutErtsDir,CurrentAllFutErtsName} =
+    {_CurrentAllDir,CurrentAllName} = create_script(current_all,Config),
+    {_CurrentAllFutErtsDir,CurrentAllFutErtsName} =
 	create_script(current_all_future_erts,Config),
-    ?line {_CurrentAllFutSaslDir,CurrentAllFutSaslName} =
+    {_CurrentAllFutSaslDir,CurrentAllFutSaslName} =
 	create_script(current_all_future_sasl,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = [fname([DataDir, d_normal, lib])],
-    ?line P = [fname([LibDir, '*', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin]),
-	       fname([DataDir, lib, 'sasl-9.9', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin]),
+	 fname([DataDir, lib, 'sasl-9.9', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% OTP-2561: Check that the option 'restart_emulator' generates a
     %% "restart_emulator" instruction.
-    ?line {ok, _ , _, []} =
-         systools:make_relup(LatestName, [LatestName1], [LatestName1],
-			     [{path, P},restart_emulator,silent]),
-    ?line ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
-    ?line ok = check_restart_emulator(),
+    {ok, _ , _, []} =
+	systools:make_relup(LatestName, [LatestName1], [LatestName1],
+			    [{path, P},restart_emulator,silent]),
+    ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
+    ok = check_restart_emulator(),
 
 
     %% Pre-R15 to Post-R15 upgrade
-    ?line {ok, _ , _, Ws} =
-         systools:make_relup(LatestName0CurrErts,
-			     [LatestName1],
-			     [LatestName1],
-			     [{path, P},silent]),
-    ?line ok = check_relup([{db,"2.1"}], [{db, "1.0"}]),
-    ?line ok = check_pre_to_post_r15_restart_emulator(),
-    ?line ok = check_pre_to_post_r15_warnings(Ws),
+    {ok, _ , _, Ws} =
+	systools:make_relup(LatestName0CurrErts,
+			    [LatestName1],
+			    [LatestName1],
+			    [{path, P},silent]),
+    ok = check_relup([{db,"2.1"}], [{db, "1.0"}]),
+    ok = check_pre_to_post_r15_restart_emulator(),
+    ok = check_pre_to_post_r15_warnings(Ws),
 
 
     %% Check that new sasl version generates a restart_new_emulator
     %% instruction
-    ?line {ok, _ , _, []} =
-         systools:make_relup(CurrentAllFutSaslName,
-			     [CurrentAllName],
-			     [CurrentAllName],
-			     [{path, P},silent]),
-    ?line ok = check_relup([{fe, "3.1"}], []),
-    ?line ok = check_restart_emulator_diff_coreapp(),
+    {ok, _ , _, []} =
+	systools:make_relup(CurrentAllFutSaslName,
+			    [CurrentAllName],
+			    [CurrentAllName],
+			    [{path, P},silent]),
+    ok = check_relup([{fe, "3.1"}], []),
+    ok = check_restart_emulator_diff_coreapp(),
 
 
     %% Check that new erts version generates a restart_new_emulator
     %% instruction, if FromSaslVsn >= R15SaslVsn
     %% (One erts_vsn_changed warning for upgrade and one for downgrade)
-    ?line {ok, _ , _, [{erts_vsn_changed,_},{erts_vsn_changed,_}]} =
-         systools:make_relup(CurrentAllFutErtsName,
-			     [CurrentAllName],
-			     [CurrentAllName],
-			     [{path, P},silent]),
-    ?line ok = check_relup([{fe, "3.1"}], []),
-    ?line ok = check_restart_emulator_diff_coreapp(),
+    {ok, _ , _, [{erts_vsn_changed,_},{erts_vsn_changed,_}]} =
+	systools:make_relup(CurrentAllFutErtsName,
+			    [CurrentAllName],
+			    [CurrentAllName],
+			    [{path, P},silent]),
+    ok = check_relup([{fe, "3.1"}], []),
+    ok = check_restart_emulator_diff_coreapp(),
 
 
     %% Check that new erts version generates a restart_new_emulator
     %% instruction, and can be combined with restart_emulator opt.
     %% (One erts_vsn_changed warning for upgrade and one for downgrade)
-    ?line {ok, _ , _, [{erts_vsn_changed,_},{erts_vsn_changed,_}]} =
-         systools:make_relup(CurrentAllFutErtsName,
-			     [CurrentAllName],
-			     [CurrentAllName],
-			     [{path, P},restart_emulator,silent]),
-    ?line ok = check_relup([{fe, "3.1"}], []),
-    ?line ok = check_restart_emulator(),
-    ?line ok = check_restart_emulator_diff_coreapp(),
-
-    ?line ok = file:set_cwd(OldDir),
+    {ok, _ , _, [{erts_vsn_changed,_},{erts_vsn_changed,_}]} =
+	systools:make_relup(CurrentAllFutErtsName,
+			    [CurrentAllName],
+			    [CurrentAllName],
+			    [{path, P},restart_emulator,silent]),
+    ok = check_relup([{fe, "3.1"}], []),
+    ok = check_restart_emulator(),
+    ok = check_restart_emulator_diff_coreapp(),
+
+    ok = file:set_cwd(OldDir),
     ok.
 
 
@@ -1361,293 +1323,276 @@ check_pre_to_post_r15_warnings(Ws) ->
     true = lists:member(pre_R15_emulator_upgrade,Ws),
     ok.
 
-%% make_relup
-%%
-no_appup_relup(suite) -> [];
-no_appup_relup(doc) ->
-    ["Check that appup files may be missing, but only if we don't need them."];
+%% make_relup: Check that appup files may be missing, but only if we
+%% don't need them.
 no_appup_relup(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir,LatestName}   = create_script(latest_small,Config),
-    ?line {_LatestDir0,LatestName0} = create_script(latest_small0,Config),
-    ?line {_LatestDir1,LatestName1} = create_script(latest_small1,Config),
+    {LatestDir,LatestName}   = create_script(latest_small,Config),
+    {_LatestDir0,LatestName0} = create_script(latest_small0,Config),
+    {_LatestDir1,LatestName1} = create_script(latest_small1,Config),
 
-    ?line DataDir = filename:absname(?copydir),
+    DataDir = filename:absname(?copydir),
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% Check that appup might be missing
-    ?line P1 = [fname([DataDir, d_no_appup, lib, 'fe-3.1', ebin]),
-		fname([DataDir, lib, kernel, ebin]),
-		fname([DataDir, lib, stdlib, ebin]),
-		fname([DataDir, lib, sasl, ebin])],
-    ?line ok =
+    P1 = [fname([DataDir, d_no_appup, lib, 'fe-3.1', ebin]),
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
+    ok =
 	systools:make_relup(LatestName, [LatestName], [], [{path, P1}]),
-    ?line {ok,_, _, []} =
+    {ok,_, _, []} =
 	systools:make_relup(LatestName, [LatestName], [],
 			    [silent, {path, P1}]),
 
     %% Check that appup might NOT be missing when we need it
-    ?line P2 = [fname([DataDir, d_no_appup, lib, 'fe-3.1', ebin]),
-		fname([DataDir, d_no_appup, lib, 'fe-2.1', ebin]),
-		fname([DataDir, lib, kernel, ebin]),
-		fname([DataDir, lib, stdlib, ebin]),
-		fname([DataDir, lib, sasl, ebin])],
-    ?line error =
+    P2 = [fname([DataDir, d_no_appup, lib, 'fe-3.1', ebin]),
+	  fname([DataDir, d_no_appup, lib, 'fe-2.1', ebin]),
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
+    error =
 	systools:make_relup(LatestName, [LatestName0], [], [{path, P2}]),
-    ?line {error,_,{file_problem, {_,{error,{open,_,_}}}}} =
+    {error,_,{file_problem, {_,{error,{open,_,_}}}}} =
 	systools:make_relup(LatestName, [], [LatestName0],
 			    [silent, {path, P2}]),
 
     %% Check that appups missing vsn traps
-    ?line P3 = [fname([DataDir, d_no_appup, lib, 'fe-2.1', ebin]),
-		fname([DataDir, d_no_appup, lib, 'fe-500.18.7', ebin]),
-		fname([DataDir, lib, kernel, ebin]),
-		fname([DataDir, lib, stdlib, ebin]),
-		fname([DataDir, lib, sasl, ebin])],
+    P3 = [fname([DataDir, d_no_appup, lib, 'fe-2.1', ebin]),
+	  fname([DataDir, d_no_appup, lib, 'fe-500.18.7', ebin]),
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
 
-    ?line error =
+    error =
 	systools:make_relup(LatestName0, [LatestName1], [], [{path, P3}]),
-    ?line {error,_,{no_relup, _, _, _}} =
+    {error,_,{no_relup, _, _, _}} =
 	systools:make_relup(LatestName0, [], [LatestName1],
 			    [silent, {path, P3}]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_relup
-%%
-bad_appup_relup(suite) -> [];
-bad_appup_relup(doc) ->
-    ["Check that badly written appup files are detected"];
+%% make_relup: Check that badly written appup files are detected.
 bad_appup_relup(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir,LatestName}   = create_script(latest_small,Config),
-    ?line {_LatestDir0,LatestName0} = create_script(latest_small0,Config),
+    {LatestDir,LatestName}   = create_script(latest_small,Config),
+    {_LatestDir0,LatestName0} = create_script(latest_small0,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line N2 = [fname([DataDir, d_bad_appup, lib, 'fe-3.1', ebin]),
-		fname([DataDir, d_bad_appup, lib, 'fe-2.1', ebin]),
-		fname([DataDir, lib, kernel, ebin]),
-		fname([DataDir, lib, stdlib, ebin]),
-		fname([DataDir, lib, sasl, ebin])],
+    DataDir = filename:absname(?copydir),
+    N2 = [fname([DataDir, d_bad_appup, lib, 'fe-3.1', ebin]),
+	  fname([DataDir, d_bad_appup, lib, 'fe-2.1', ebin]),
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% Check that bad appup is trapped
-    ?line error =
+    error =
 	systools:make_relup(LatestName, [LatestName0], [], [{path, N2}]),
-    ?line {error,_,{file_problem, {_, {error, {parse,_, _}}}}} =
+    {error,_,{file_problem, {_, {error, {parse,_, _}}}}} =
 	systools:make_relup(LatestName, [], [LatestName0],
 			    [silent, {path, N2}]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_relup
-%%
-abnormal_relup(suite) -> [];
-abnormal_relup(doc) ->
-    ["Check some abnormal cases"];
+%% make_relup: Check some abnormal cases.
 abnormal_relup(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir,LatestName}   = create_script(latest0,Config),
-    ?line {_LatestDir1,LatestName1} = create_script(latest1,Config),
+    {LatestDir,LatestName}   = create_script(latest0,Config),
+    {_LatestDir1,LatestName1} = create_script(latest1,Config),
 
     %% Check wrong app vsn
-    ?line DataDir = filename:absname(?copydir),
-    ?line P = [fname([DataDir, d_bad_app_vsn, lib, 'db-2.1', ebin]),
-	       fname([DataDir, d_bad_app_vsn, lib, 'fe-3.1', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
-    
-    ?line ok = file:set_cwd(LatestDir),
-
-    ?line error = systools:make_relup(LatestName, [LatestName1], [LatestName1],
-				      [{path, P}]),
-    ?line R0 = systools:make_relup(LatestName, [LatestName1], [LatestName1],
-			      [silent, {path, P}]),
-    ?line {error,systools_make,
-	     [{error_reading,{db,{no_valid_version,
-				  {{"should be","2.1"},
-				   {"found file", _, "2.0"}}}}}]} = R0,
-    ?line ok = file:set_cwd(OldDir),
+    DataDir = filename:absname(?copydir),
+    P = [fname([DataDir, d_bad_app_vsn, lib, 'db-2.1', ebin]),
+	 fname([DataDir, d_bad_app_vsn, lib, 'fe-3.1', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
+
+    ok = file:set_cwd(LatestDir),
+
+    error = systools:make_relup(LatestName, [LatestName1], [LatestName1],
+				[{path, P}]),
+    R0 = systools:make_relup(LatestName, [LatestName1], [LatestName1],
+			     [silent, {path, P}]),
+    {error,systools_make,
+     [{error_reading,{db,{no_valid_version,
+			  {{"should be","2.1"},
+			   {"found file", _, "2.0"}}}}}]} = R0,
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% make_relup
-%%
-no_sasl_relup(suite) -> [];
-no_sasl_relup(doc) ->
-    ["Check relup can not be created is sasl is not in rel file"];
+%% make_relup: Check relup can not be created is sasl is not in rel file.
 no_sasl_relup(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {Dir1,Name1} = create_script(latest1_no_sasl,Config),
-    ?line {_Dir2,Name2} = create_script(latest1,Config),
+    {ok, OldDir} = file:get_cwd(),
+    {Dir1,Name1} = create_script(latest1_no_sasl,Config),
+    {_Dir2,Name2} = create_script(latest1,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = [fname([DataDir, d_normal, lib])],
-    ?line P = [fname([LibDir, '*', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(Dir1),
+    ok = file:set_cwd(Dir1),
 
-    ?line error = systools:make_relup(Name2, [Name1], [Name1], [{path, P}]),
-    ?line R1 = systools:make_relup(Name2, [Name1], [Name1],[silent, {path, P}]),
-    ?line {error,systools_relup,{missing_sasl,_}} = R1,
+    error = systools:make_relup(Name2, [Name1], [Name1], [{path, P}]),
+    R1 = systools:make_relup(Name2, [Name1], [Name1],[silent, {path, P}]),
+    {error,systools_relup,{missing_sasl,_}} = R1,
 
-    ?line error = systools:make_relup(Name1, [Name2], [Name2], [{path, P}]),
-    ?line R2 = systools:make_relup(Name1, [Name2], [Name2],[silent, {path, P}]),
-    ?line {error,systools_relup,{missing_sasl,_}} = R2,
+    error = systools:make_relup(Name1, [Name2], [Name2], [{path, P}]),
+    R2 = systools:make_relup(Name1, [Name2], [Name2],[silent, {path, P}]),
+    {error,systools_relup,{missing_sasl,_}} = R2,
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% Check that application start type is used in relup
-app_start_type_relup(suite) ->
-    [];
-app_start_type_relup(doc) ->
-    ["Release upgrade file with various application start types"];
+%% make_relup: Check that application start type is used in relup
 app_start_type_relup(Config) when is_list(Config) ->
-    ?line PrivDir = ?config(priv_dir, Config),
-    ?line {Dir1,Name1} = create_script(latest_app_start_type1,Config),
-    ?line {Dir2,Name2} = create_script(latest_app_start_type2,Config),
-    ?line Release1 = filename:join(Dir1,Name1),
-    ?line Release2 = filename:join(Dir2,Name2),
-
-    ?line {ok, Release2Relup, systools_relup, []} = systools:make_relup(Release2, [Release1], [Release1], [{outdir, PrivDir}, silent]),
-    ?line {"LATEST_APP_START_TYPE2",
-	   [{"LATEST_APP_START_TYPE1",[], UpInstructions}],
-	   [{"LATEST_APP_START_TYPE1",[], DownInstructions}]} = Release2Relup,
+    PrivDir = ?config(priv_dir, Config),
+    {Dir1,Name1} = create_script(latest_app_start_type1,Config),
+    {Dir2,Name2} = create_script(latest_app_start_type2,Config),
+    Release1 = filename:join(Dir1,Name1),
+    Release2 = filename:join(Dir2,Name2),
+
+    {ok, Release2Relup, systools_relup, []} = systools:make_relup(Release2, [Release1], [Release1], [{outdir, PrivDir}, silent]),
+    {"LATEST_APP_START_TYPE2",
+     [{"LATEST_APP_START_TYPE1",[], UpInstructions}],
+     [{"LATEST_APP_START_TYPE1",[], DownInstructions}]} = Release2Relup,
     %% ?t:format("Up: ~p",[UpInstructions]),
     %% ?t:format("Dn: ~p",[DownInstructions]),
-    ?line [{load_object_code, {mnesia, _, _}},
-           {load_object_code, {runtime_tools, _, _}},
-           {load_object_code, {webtool, _, _}},
-           {load_object_code, {snmp, _, _}},
-           {load_object_code, {xmerl, _, _}},
-           point_of_no_return
-           | UpInstructionsT] = UpInstructions,
-    ?line true = lists:member({apply,{application,start,[mnesia,permanent]}}, UpInstructionsT),
-    ?line true = lists:member({apply,{application,start,[runtime_tools,transient]}}, UpInstructionsT),
-    ?line true = lists:member({apply,{application,start,[webtool,temporary]}}, UpInstructionsT),
-    ?line true = lists:member({apply,{application,load,[snmp]}}, UpInstructionsT),
-    ?line false = lists:any(fun({apply,{application,_,[xmerl|_]}}) -> true; (_) -> false end, UpInstructionsT),
-    ?line [point_of_no_return | DownInstructionsT] = DownInstructions,
-    ?line true = lists:member({apply,{application,stop,[mnesia]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,stop,[runtime_tools]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,stop,[webtool]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,stop,[snmp]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,stop,[xmerl]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,unload,[mnesia]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,unload,[runtime_tools]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,unload,[webtool]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,unload,[snmp]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,unload,[xmerl]}}, DownInstructionsT),
+    [{load_object_code, {mnesia, _, _}},
+     {load_object_code, {runtime_tools, _, _}},
+     {load_object_code, {webtool, _, _}},
+     {load_object_code, {snmp, _, _}},
+     {load_object_code, {xmerl, _, _}},
+     point_of_no_return
+     | UpInstructionsT] = UpInstructions,
+    true = lists:member({apply,{application,start,[mnesia,permanent]}}, UpInstructionsT),
+    true = lists:member({apply,{application,start,[runtime_tools,transient]}}, UpInstructionsT),
+    true = lists:member({apply,{application,start,[webtool,temporary]}}, UpInstructionsT),
+    true = lists:member({apply,{application,load,[snmp]}}, UpInstructionsT),
+    false = lists:any(fun({apply,{application,_,[xmerl|_]}}) -> true; (_) -> false end, UpInstructionsT),
+    [point_of_no_return | DownInstructionsT] = DownInstructions,
+    true = lists:member({apply,{application,stop,[mnesia]}}, DownInstructionsT),
+    true = lists:member({apply,{application,stop,[runtime_tools]}}, DownInstructionsT),
+    true = lists:member({apply,{application,stop,[webtool]}}, DownInstructionsT),
+    true = lists:member({apply,{application,stop,[snmp]}}, DownInstructionsT),
+    true = lists:member({apply,{application,stop,[xmerl]}}, DownInstructionsT),
+    true = lists:member({apply,{application,unload,[mnesia]}}, DownInstructionsT),
+    true = lists:member({apply,{application,unload,[runtime_tools]}}, DownInstructionsT),
+    true = lists:member({apply,{application,unload,[webtool]}}, DownInstructionsT),
+    true = lists:member({apply,{application,unload,[snmp]}}, DownInstructionsT),
+    true = lists:member({apply,{application,unload,[xmerl]}}, DownInstructionsT),
     ok.
 
 
-%% regexp_relup
+%% make_relup: Check that regexp can be used in .appup for UpFromVsn
+%% and DownToVsn.
 regexp_relup(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir,LatestName}   = create_script(latest_small,Config),
-    ?line {_LatestDir0,LatestName0} = create_script(latest_small0,Config),
-    ?line {_LatestDir1,LatestName1} = create_script(latest_small2,Config),
+    {LatestDir,LatestName}   = create_script(latest_small,Config),
+    {_LatestDir0,LatestName0} = create_script(latest_small0,Config),
+    {_LatestDir1,LatestName1} = create_script(latest_small2,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line P = [fname([DataDir, d_regexp_appup, lib, '*', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
+    DataDir = filename:absname(?copydir),
+    P = [fname([DataDir, d_regexp_appup, lib, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% Upgrade fe 2.1 -> 3.1, and downgrade 2.1 -> 3.1
     %% Shall match the first entry if fe-3.1 appup.
-    ?line {ok, _, _, []} =
+    {ok, _, _, []} =
 	systools:make_relup(LatestName, [LatestName0], [LatestName0],
 			    [{path, P}, silent]),
-    ?line ok = check_relup([{fe, "3.1"}], [{fe, "2.1"}]),
+    ok = check_relup([{fe, "3.1"}], [{fe, "2.1"}]),
 
     %% Upgrade fe 2.1.1 -> 3.1
     %% Shall match the second entry in fe-3.1 appup. Have added a
     %% restart_emulator instruction there to distinguish it from
     %% the first entry...
-    ?line {ok, _, _, []} =
+    {ok, _, _, []} =
 	systools:make_relup(LatestName, [LatestName1], [], [{path, P}, silent]),
-    ?line ok = check_relup_up_only([{fe, "3.1"}]),
-    ?line ok = check_restart_emulator_up_only(),
+    ok = check_relup_up_only([{fe, "3.1"}]),
+    ok = check_restart_emulator_up_only(),
 
     %% Attempt downgrade fe 3.1 -> 2.1.1
     %% Shall not match any entry!!
-    ?line {error,systools_relup,{no_relup,_,_,_}} =
+    {error,systools_relup,{no_relup,_,_,_}} =
 	systools:make_relup(LatestName, [], [LatestName1], [{path, P}, silent]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
 
     ok.
 
 
+%% make_hybrid_boot: Normal case.
 %% For upgrade of erts - create a boot file which is a hybrid between
 %% old and new release - i.e. starts erts, kernel, stdlib, sasl from
 %% new release, all other apps from old release.
 normal_hybrid(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {Dir1,Name1} = create_script(latest1,Config),
-    ?line {_Dir2,Name2} = create_script(current_all,Config),
+    {ok, OldDir} = file:get_cwd(),
+    {Dir1,Name1} = create_script(latest1,Config),
+    {_Dir2,Name2} = create_script(current_all,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = [fname([DataDir, d_normal, lib])],
-    ?line P = [fname([LibDir, '*', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(Dir1),
+    ok = file:set_cwd(Dir1),
 
-    ?line {ok, _ , []} = systools:make_script(Name1,[{path, P},silent]),
-    ?line {ok, _ , []} = systools:make_script(Name2,[{path, P},silent]),
-    ?line {ok,Boot1} = file:read_file(Name1 ++ ".boot"),
-    ?line {ok,Boot2} = file:read_file(Name2 ++ ".boot"),
+    {ok, _ , []} = systools:make_script(Name1,[{path, P},silent]),
+    {ok, _ , []} = systools:make_script(Name2,[{path, P},silent]),
+    {ok,Boot1} = file:read_file(Name1 ++ ".boot"),
+    {ok,Boot2} = file:read_file(Name2 ++ ".boot"),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
 
-    ?line BasePaths = {"testkernelpath","teststdlibpath","testsaslpath"},
-    ?line {ok,Hybrid} = systools_make:make_hybrid_boot("tmp_vsn",Boot1,Boot2,
-						       BasePaths, [dummy,args]),
+    BasePaths = {"testkernelpath","teststdlibpath","testsaslpath"},
+    {ok,Hybrid} = systools_make:make_hybrid_boot("tmp_vsn",Boot1,Boot2,
+						 BasePaths, [dummy,args]),
 
-    ?line {script,{"Test release","tmp_vsn"},Script} = binary_to_term(Hybrid),
+    {script,{"Test release","tmp_vsn"},Script} = binary_to_term(Hybrid),
     ct:log("~p.~n",[Script]),
 
     %% Check that all paths to base apps are replaced by paths from BaseLib
     Boot1Str = io_lib:format("~p~n",[binary_to_term(Boot1)]),
     HybridStr = io_lib:format("~p~n",[binary_to_term(Hybrid)]),
     ReOpts = [global,{capture,first,list},unicode],
-    ?line {match,OldKernelMatch} = re:run(Boot1Str,"kernel-[0-9\.]+",ReOpts),
-    ?line {match,OldStdlibMatch} = re:run(Boot1Str,"stdlib-[0-9\.]+",ReOpts),
-    ?line {match,OldSaslMatch} = re:run(Boot1Str,"sasl-[0-9\.]+",ReOpts),
+    {match,OldKernelMatch} = re:run(Boot1Str,"kernel-[0-9\.]+",ReOpts),
+    {match,OldStdlibMatch} = re:run(Boot1Str,"stdlib-[0-9\.]+",ReOpts),
+    {match,OldSaslMatch} = re:run(Boot1Str,"sasl-[0-9\.]+",ReOpts),
 
-    ?line nomatch = re:run(HybridStr,"kernel-[0-9\.]+",ReOpts),
-    ?line nomatch = re:run(HybridStr,"stdlib-[0-9\.]+",ReOpts),
-    ?line nomatch = re:run(HybridStr,"sasl-[0-9\.]+",ReOpts),
-    ?line {match,NewKernelMatch} = re:run(HybridStr,"testkernelpath",ReOpts),
-    ?line {match,NewStdlibMatch} = re:run(HybridStr,"teststdlibpath",ReOpts),
-    ?line {match,NewSaslMatch} = re:run(HybridStr,"testsaslpath",ReOpts),
+    nomatch = re:run(HybridStr,"kernel-[0-9\.]+",ReOpts),
+    nomatch = re:run(HybridStr,"stdlib-[0-9\.]+",ReOpts),
+    nomatch = re:run(HybridStr,"sasl-[0-9\.]+",ReOpts),
+    {match,NewKernelMatch} = re:run(HybridStr,"testkernelpath",ReOpts),
+    {match,NewStdlibMatch} = re:run(HybridStr,"teststdlibpath",ReOpts),
+    {match,NewSaslMatch} = re:run(HybridStr,"testsaslpath",ReOpts),
 
     NewKernelN = length(NewKernelMatch),
-    ?line NewKernelN = length(OldKernelMatch),
+    NewKernelN = length(OldKernelMatch),
     NewStdlibN = length(NewStdlibMatch),
-    ?line NewStdlibN = length(OldStdlibMatch),
+    NewStdlibN = length(OldStdlibMatch),
     NewSaslN = length(NewSaslMatch),
-    ?line NewSaslN = length(OldSaslMatch),
+    NewSaslN = length(OldSaslMatch),
 
     %% Check that application load instruction has correct versions
     Apps = application:loaded_applications(),
@@ -1655,33 +1600,33 @@ normal_hybrid(Config) ->
     {_,_,StdlibVsn} = lists:keyfind(stdlib,1,Apps),
     {_,_,SaslVsn} = lists:keyfind(sasl,1,Apps),
 
-    ?line [KernelInfo] = [I || {kernelProcess,application_controller,
+    [KernelInfo] = [I || {kernelProcess,application_controller,
 			  {application_controller,start,
 			   [{application,kernel,I}]}} <- Script],
-    ?line [StdlibInfo] = [I || {apply,
+    [StdlibInfo] = [I || {apply,
 			  {application,load,
 			   [{application,stdlib,I}]}} <- Script],
-    ?line [SaslInfo] = [I || {apply,
+    [SaslInfo] = [I || {apply,
 			{application,load,
 			 [{application,sasl,I}]}} <- Script],
 
-    ?line {vsn,KernelVsn} = lists:keyfind(vsn,1,KernelInfo),
-    ?line {vsn,StdlibVsn} = lists:keyfind(vsn,1,StdlibInfo),
-    ?line {vsn,SaslVsn} = lists:keyfind(vsn,1,SaslInfo),
+    {vsn,KernelVsn} = lists:keyfind(vsn,1,KernelInfo),
+    {vsn,StdlibVsn} = lists:keyfind(vsn,1,StdlibInfo),
+    {vsn,SaslVsn} = lists:keyfind(vsn,1,SaslInfo),
 
     %% Check that new_emulator_upgrade call is added
-    ?line [_,{apply,{release_handler,new_emulator_upgrade,[dummy,args]}}|_] =
+    [_,{apply,{release_handler,new_emulator_upgrade,[dummy,args]}}|_] =
 	lists:reverse(Script),
 
     %% Check that db-1.0 and fe-3.1 are used (i.e. vsns from old release)
     %% And that fe is in there (it exists in old rel but not in new)
-    ?line {match,DbMatch} = re:run(HybridStr,"db-[0-9\.]+",ReOpts),
-    ?line {match,[_|_]=FeMatch} = re:run(HybridStr,"fe-[0-9\.]+",ReOpts),
-    ?line true = lists:all(fun(["db-1.0"]) -> true;
+    {match,DbMatch} = re:run(HybridStr,"db-[0-9\.]+",ReOpts),
+    {match,[_|_]=FeMatch} = re:run(HybridStr,"fe-[0-9\.]+",ReOpts),
+    true = lists:all(fun(["db-1.0"]) -> true;
 			(_)  -> false
 		     end,
 		     DbMatch),
-    ?line true = lists:all(fun(["fe-3.1"]) -> true;
+    true = lists:all(fun(["fe-3.1"]) -> true;
 			(_)  -> false
 		     end,
 		     FeMatch),
@@ -1691,210 +1636,209 @@ normal_hybrid(Config) ->
     {_,_,Old} = binary_to_term(Boot1),
     OldLength = length(Old),
     NewLength = length(Script),
-    ?line NewLength = OldLength + 1,
+    NewLength = OldLength + 1,
 
     ok.
 
+%% make_hybrid_boot: No sasl in from-release.
 %% Check that systools_make:make_hybrid_boot fails with a meaningful
 %% error message if the FromBoot does not include the sasl
 %% application.
 hybrid_no_old_sasl(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {Dir1,Name1} = create_script(latest1_no_sasl,Config),
-    ?line {_Dir2,Name2} = create_script(current_all,Config),
+    {ok, OldDir} = file:get_cwd(),
+    {Dir1,Name1} = create_script(latest1_no_sasl,Config),
+    {_Dir2,Name2} = create_script(current_all,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = [fname([DataDir, d_normal, lib])],
-    ?line P = [fname([LibDir, '*', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(Dir1),
+    ok = file:set_cwd(Dir1),
 
-    ?line {ok, _ , [{warning,missing_sasl}]} =
+    {ok, _ , [{warning,missing_sasl}]} =
 	systools:make_script(Name1,[{path, P},silent]),
-    ?line {ok, _ , []} = systools:make_script(Name2,[{path, P},silent]),
-    ?line {ok,Boot1} = file:read_file(Name1 ++ ".boot"),
-    ?line {ok,Boot2} = file:read_file(Name2 ++ ".boot"),
+    {ok, _ , []} = systools:make_script(Name2,[{path, P},silent]),
+    {ok,Boot1} = file:read_file(Name1 ++ ".boot"),
+    {ok,Boot2} = file:read_file(Name2 ++ ".boot"),
 
-    ?line BasePaths = {"testkernelpath","teststdlibpath","testsaslpath"},
-    ?line {error,{app_not_replaced,sasl}} =
+    BasePaths = {"testkernelpath","teststdlibpath","testsaslpath"},
+    {error,{app_not_replaced,sasl}} =
 	systools_make:make_hybrid_boot("tmp_vsn",Boot1,Boot2,
 				       BasePaths,[dummy,args]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
+%% make_hybrid_boot: No sasl in to-release.
 %% Check that systools_make:make_hybrid_boot fails with a meaningful
 %% error message if the ToBoot does not include the sasl
 %% application.
 hybrid_no_new_sasl(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {Dir1,Name1} = create_script(latest1,Config),
-    ?line {_Dir2,Name2} = create_script(current_all_no_sasl,Config),
+    {ok, OldDir} = file:get_cwd(),
+    {Dir1,Name1} = create_script(latest1,Config),
+    {_Dir2,Name2} = create_script(current_all_no_sasl,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = [fname([DataDir, d_normal, lib])],
-    ?line P = [fname([LibDir, '*', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(Dir1),
+    ok = file:set_cwd(Dir1),
 
-    ?line {ok, _ , []} = systools:make_script(Name1,[{path, P},silent]),
-    ?line {ok, _ , [{warning,missing_sasl}]} =
+    {ok, _ , []} = systools:make_script(Name1,[{path, P},silent]),
+    {ok, _ , [{warning,missing_sasl}]} =
 	systools:make_script(Name2,[{path, P},silent]),
-    ?line {ok,Boot1} = file:read_file(Name1 ++ ".boot"),
-    ?line {ok,Boot2} = file:read_file(Name2 ++ ".boot"),
+    {ok,Boot1} = file:read_file(Name1 ++ ".boot"),
+    {ok,Boot2} = file:read_file(Name2 ++ ".boot"),
 
-    ?line BasePaths = {"testkernelpath","teststdlibpath","testsaslpath"},
-    ?line {error,{app_not_found,sasl}} =
+    BasePaths = {"testkernelpath","teststdlibpath","testsaslpath"},
+    {error,{app_not_found,sasl}} =
 	systools_make:make_hybrid_boot("tmp_vsn",Boot1,Boot2,
 				       BasePaths,[dummy,args]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
 
-otp_6226(suite) ->
-    [];
-otp_6226(doc) ->
-    ["{outdir,Dir} option for systools:make_script()"];
-otp_6226(Config) when is_list(Config) ->
+%% options: {outdir,Dir} option
+otp_6226_outdir(Config) when is_list(Config) ->
     PrivDir = ?privdir,
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
+
+    {LatestDir, LatestName} = create_script(latest0,Config),
+    {_LatestDir, LatestName1} = create_script(latest1,Config),
 
-    ?line {LatestDir, LatestName} = create_script(latest0,Config),
-    ?line {_LatestDir, LatestName1} = create_script(latest1,Config),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'db-1.0', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'db-1.0', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
+    ok = file:set_cwd(LatestDir),
 
-    ?line ok = file:set_cwd(LatestDir),
 
- 
     %% Create an outdir1 directory
-    ?line ok = file:make_dir("outdir1"),
+    ok = file:make_dir("outdir1"),
 
     %% ==== Now test systools:make_script ====
     %% a) badarg
-    ?line {'EXIT', {{badarg,[{outdir,outdir1}]}, _}} =
+    {'EXIT', {{badarg,[{outdir,outdir1}]}, _}} =
 	(catch systools:make_script(LatestName, [{outdir,outdir1},
 						 {path,P},silent])),
 
     %% b) absolute path
     Outdir1 = filename:join(PrivDir, "outdir1"),
-    ?line {ok,_,[]} = systools:make_script(LatestName, [{outdir,Outdir1},
-							{path,P},silent]),
-    ?line Script1 = filename:join(Outdir1, LatestName ++ ".script"),
-    ?line Boot1 = filename:join(Outdir1, LatestName ++ ".boot"),
-    ?line true = filelib:is_file(Script1),
-    ?line true = filelib:is_file(Boot1),
-    ?line ok = file:delete(Script1),
-    ?line ok = file:delete(Boot1),
+    {ok,_,[]} = systools:make_script(LatestName, [{outdir,Outdir1},
+						  {path,P},silent]),
+    Script1 = filename:join(Outdir1, LatestName ++ ".script"),
+    Boot1 = filename:join(Outdir1, LatestName ++ ".boot"),
+    true = filelib:is_file(Script1),
+    true = filelib:is_file(Boot1),
+    ok = file:delete(Script1),
+    ok = file:delete(Boot1),
 
     %% c) relative path
-    ?line {ok,_,[]} = systools:make_script(LatestName, [{outdir,"./outdir1"},
-							{path,P},silent]),
-    ?line true = filelib:is_file(Script1),
-    ?line true = filelib:is_file(Boot1),
-    ?line ok = file:delete(Script1),
-    ?line ok = file:delete(Boot1),
+    {ok,_,[]} = systools:make_script(LatestName, [{outdir,"./outdir1"},
+						  {path,P},silent]),
+    true = filelib:is_file(Script1),
+    true = filelib:is_file(Boot1),
+    ok = file:delete(Script1),
+    ok = file:delete(Boot1),
 
     %% d) absolute but incorrect path
-    ?line Outdir2 = filename:join(PrivDir, "outdir2"),
-    ?line Script2 = filename:join(Outdir2, LatestName ++ ".script"),
-    ?line {error,_,{open,Script2,_}} = 
+    Outdir2 = filename:join(PrivDir, "outdir2"),
+    Script2 = filename:join(Outdir2, LatestName ++ ".script"),
+    {error,_,{open,Script2,_}} =
 	systools:make_script(LatestName, [{outdir,Outdir2},{path,P},silent]),
 
     %% e) relative but incorrect path
-    ?line {error,_,{open,_,_}} = 
+    {error,_,{open,_,_}} =
 	systools:make_script(LatestName, [{outdir,"./outdir2"},{path,P},silent]),
 
     %% f) with .rel in another directory than cwd
-    ?line ok = file:set_cwd(Outdir1),
-    ?line {ok,_,[]} = systools:make_script(filename:join(PrivDir, LatestName),
-					   [{outdir,"."},{path,P},silent]),
-    ?line true = filelib:is_file(LatestName ++ ".script"),
-    ?line true = filelib:is_file(LatestName ++ ".boot"),
-    ?line ok = file:delete(LatestName ++ ".script"),
-    ?line ok = file:delete(LatestName ++ ".boot"),
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(Outdir1),
+    {ok,_,[]} = systools:make_script(filename:join(PrivDir, LatestName),
+				     [{outdir,"."},{path,P},silent]),
+    true = filelib:is_file(LatestName ++ ".script"),
+    true = filelib:is_file(LatestName ++ ".boot"),
+    ok = file:delete(LatestName ++ ".script"),
+    ok = file:delete(LatestName ++ ".boot"),
+    ok = file:set_cwd(LatestDir),
 
     %% ==== Now test systools:make_tar =====
-    ?line {ok,_,[]} = systools:make_script(LatestName, [{path,P},silent]),
+    {ok,_,[]} = systools:make_script(LatestName, [{path,P},silent]),
     %% a) badarg
-    ?line {'EXIT', {{badarg, [{outdir,outdir1}]}, _}} =
+    {'EXIT', {{badarg, [{outdir,outdir1}]}, _}} =
     	(catch systools:make_tar(LatestName,[{outdir,outdir1},{path,P},silent])),
 
     %% b) absolute path
-    ?line {ok,_,[]} = systools:make_tar(LatestName, [{outdir,Outdir1}, 
-						     {path,P},silent]),
-    ?line Tar1 = filename:join(Outdir1,LatestName++".tar.gz"),
-    ?line true = filelib:is_file(Tar1),
-    ?line ok = file:delete(Tar1),
+    {ok,_,[]} = systools:make_tar(LatestName, [{outdir,Outdir1},
+					       {path,P},silent]),
+    Tar1 = filename:join(Outdir1,LatestName++".tar.gz"),
+    true = filelib:is_file(Tar1),
+    ok = file:delete(Tar1),
 
     %% c) relative path
-    ?line {ok,_,[]} = systools:make_tar(LatestName, [{outdir,"./outdir1"},
-						     {path,P},silent]),
-    ?line true = filelib:is_file(Tar1),
-    ?line ok = file:delete(Tar1),
+    {ok,_,[]} = systools:make_tar(LatestName, [{outdir,"./outdir1"},
+					       {path,P},silent]),
+    true = filelib:is_file(Tar1),
+    ok = file:delete(Tar1),
 
     %% d) absolute but incorrect path
-    ?line Tar2 = filename:join(Outdir2,LatestName++".tar.gz"),
-    ?line {error,_,{tar_error,{open,Tar2,{Tar2,enoent}}}} = 
+    Tar2 = filename:join(Outdir2,LatestName++".tar.gz"),
+    {error,_,{tar_error,{open,Tar2,{Tar2,enoent}}}} =
 	systools:make_tar(LatestName, [{outdir,Outdir2},{path,P},silent]),
-    
+
     %% e) relative but incorrect path
-    ?line {error,_,{tar_error,{open,_,_}}} = 
-	   systools:make_tar(LatestName, [{outdir,"./outdir2"},{path,P},silent]),
+    {error,_,{tar_error,{open,_,_}}} =
+	systools:make_tar(LatestName, [{outdir,"./outdir2"},{path,P},silent]),
 
     %% f) with .rel in another directory than cwd
-    ?line ok = file:set_cwd(Outdir1),
-    ?line {ok,_,[]} = systools:make_tar(filename:join(PrivDir, LatestName),
-					[{outdir,"."},{path,P},silent]),
-    ?line true = filelib:is_file(Tar1),
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(Outdir1),
+    {ok,_,[]} = systools:make_tar(filename:join(PrivDir, LatestName),
+				  [{outdir,"."},{path,P},silent]),
+    true = filelib:is_file(Tar1),
+    ok = file:set_cwd(LatestDir),
 
     %% ===== Now test systools:make_relup =====
     %% a) badarg
-    ?line {'EXIT', {{badarg, [{outdir,outdir1}]}, _}} =
+    {'EXIT', {{badarg, [{outdir,outdir1}]}, _}} =
     	(catch systools:make_relup(LatestName,[LatestName1],[LatestName1],
     				   [{outdir,outdir1}, 
 				    {path,P},silent])),
 
     %% b) absolute path
     Relup = filename:join(Outdir1, "relup"),
-    ?line {ok,_,_,[]} = systools:make_relup(LatestName,[LatestName1],[LatestName1],
-					    [{outdir,Outdir1},
-					     {path,P},silent]),
-    ?line true = filelib:is_file(Relup),
-    ?line ok = file:delete(Relup),
-    
+    {ok,_,_,[]} = systools:make_relup(LatestName,[LatestName1],[LatestName1],
+				      [{outdir,Outdir1},
+				       {path,P},silent]),
+    true = filelib:is_file(Relup),
+    ok = file:delete(Relup),
+
     %% c) relative path
-    ?line {ok,_,_,[]} = systools:make_relup(LatestName,[LatestName1],[LatestName1],
-					    [{outdir,"./outdir1"},
-					     {path,P},silent]),
-    ?line true = filelib:is_file(Relup),
-    ?line ok = file:delete(Relup),
-    
+    {ok,_,_,[]} = systools:make_relup(LatestName,[LatestName1],[LatestName1],
+				      [{outdir,"./outdir1"},
+				       {path,P},silent]),
+    true = filelib:is_file(Relup),
+    ok = file:delete(Relup),
+
     %% d) absolute but incorrect path
-    ?line {error,_,{file_problem,{"relup",enoent}}} = 
+    {error,_,{file_problem,{"relup",enoent}}} =
 	systools:make_relup(LatestName,[LatestName1],[LatestName1],
 			    [{outdir,Outdir2},{path,P},silent]),
-    
+
     %% e) relative but incorrect path
-    ?line {error,_,{file_problem,{"relup",enoent}}} = 
+    {error,_,{file_problem,{"relup",enoent}}} =
 	systools:make_relup(LatestName,[LatestName1],[LatestName1],
 			    [{outdir,"./outdir2"},{path,P},silent]),
 
@@ -1903,7 +1847,7 @@ otp_6226(Config) when is_list(Config) ->
     %%    cwd, not in the same directory as the .rel file --
 
     %% Change back to previous working directory
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
@@ -1926,7 +1870,7 @@ check_var_script_file(VarDirs, NoExistDirs, RelName) ->
     AllPaths = lists:append(lists:map(fun({path, P}) -> P;
 					 (_)         -> []
 				      end,
-				  ListOfThings)),
+				      ListOfThings)),
     case lists:filter(fun(VarDir) -> lists:member(VarDir, AllPaths) end,
 		      VarDirs) of
 	VarDirs ->
@@ -1951,7 +1895,7 @@ check_include_script(RelName, ExpectedLoad, ExpectedStart) ->
 	[App || {apply,{application,load,[{application,App,_}]}} <- ListOfThings,
 		App=/=kernel,
 		App=/=stdlib],
-    
+
     if ActualLoad =:= ExpectedLoad -> ok;
        true -> test_server:fail({bad_load_order, ActualLoad, ExpectedLoad})
     end,
@@ -2026,7 +1970,7 @@ check_tar_regular(PrivDir, Files, RelName) ->
 	NotThere ->
 	    {error,{erroneous_tar_file,tar_name(RelName),NotThere}}
     end.
-	    
+
 delete_tree(Dir) ->
     case filelib:is_dir(Dir) of
 	true ->
@@ -2081,6 +2025,9 @@ create_script(latest_small2,Config) ->
 create_script(latest_nokernel,Config) ->
     Apps = [{db,"2.1"},{fe,"3.1"}],
     do_create_script(latest_nokernel,Config,"4.4",Apps);
+create_script(latest_kernel_start_type,Config) ->
+    Apps = [{kernel,"1.0",load},{db,"2.1"},{fe,"3.1"}],
+    do_create_script(latest_kernel_start_type,Config,"4.4",Apps);
 create_script(latest_app_start_type1,Config) ->
     Apps = core_apps(current),
     do_create_script(latest_app_start_type1,Config,current,Apps);
@@ -2107,15 +2054,15 @@ create_script(current_all_future_sasl,Config) ->
 
 
 do_create_script(Id,Config,ErtsVsn,AppVsns) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, Id),
-    ?line {ok,Fd} = file:open(Name++".rel",write),
-    ?line RelfileContent =
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, Id),
+    {ok,Fd} = file:open(Name++".rel",write),
+    RelfileContent =
 	{release,{"Test release", string:to_upper(atom_to_list(Id))},
 	 {erts,erts_vsn(ErtsVsn)},
 	 app_vsns(AppVsns)},
-    ?line io:format(Fd,"~p.~n",[RelfileContent]),
-    ?line ok = file:close(Fd),
+    io:format(Fd,"~p.~n",[RelfileContent]),
+    ok = file:close(Fd),
     {filename:dirname(Name), filename:basename(Name)}.
 
 core_apps(Vsn) ->
@@ -2136,372 +2083,372 @@ erts_vsn(Vsn) -> Vsn.
 
 
 create_include_files(inc1, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc1),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc1),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc2, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc2),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc2),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t6 does not include t5 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\", [t4]}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\", [t4]}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc3, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc3),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc3),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t3 does not include t2 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc4, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc4),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc4),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t3 does not include t2 !
     %% t6 does not include t5 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\", [t4]}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\", [t4]}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc5, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc5),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc5),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t6 does not include t5 !
     %% exclude t5.
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\", [t4]}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\", [t4]}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc6, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc6),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc6),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t3 does include non existing t2 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc7, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc7),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc7),
     create_apps(PrivDir),
     create_app(t7, PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t7 and t6 does include t5 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t7, \"1.0\"}, {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t7, \"1.0\"}, {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc8, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc8),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc8),
     create_circular_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t8 uses t9 and t10 includes t9 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t8, \"1.0\"}, {t9, \"1.0\"}, {t10, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t8, \"1.0\"}, {t9, \"1.0\"}, {t10, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc9, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc9),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc9),
     create_circular_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t8 uses t9, t9 uses t10 and t10 includes t8 ==> circular !!
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t8, \"1.0\"}, {t9, \"1.0\"}, {t10, \"1.0\", [t8]}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t8, \"1.0\"}, {t9, \"1.0\"}, {t10, \"1.0\", [t8]}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc10, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc10),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc10),
     create_circular_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t9 tries to include not specified (in .app file) application !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t8, \"1.0\"}, {t9, \"1.0\", [t7]}, {t10, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t8, \"1.0\"}, {t9, \"1.0\", [t7]}, {t10, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc11, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc11),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc11),
     create_apps2(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t11, \"1.0\"}, \n"
-          "  {t12, \"1.0\"}, \n"
-          "  {t13, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t11, \"1.0\"}, \n"
+	"  {t12, \"1.0\"}, \n"
+	"  {t13, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
-create_include_files(otp_3065, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, otp_3065),
+create_include_files(otp_3065_circular_dependenies, Config) ->
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, otp_3065_circular_dependenies),
     create_apps_3065(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {chAts, \"1.0\"}, {aa12, \"1.0\"}, \n"
-          "  {chTraffic, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {chAts, \"1.0\"}, {aa12, \"1.0\"}, \n"
+	"  {chTraffic, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)}.
 
 create_apps(Dir) ->
     T1 = "{application, t1,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [kernel, stdlib]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [kernel, stdlib]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't1.app'), list_to_binary(T1)),
 
     T2 = "{application, t2,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t1]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t1]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't2.app'), list_to_binary(T2)),
 
     T3 = "{application, t3,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [t2]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [t2]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't3.app'), list_to_binary(T3)),
 
     T4 = "{application, t4,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t3]},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t3]},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't4.app'), list_to_binary(T4)),
 
     T5 = "{application, t5,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t3]},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t3]},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't5.app'), list_to_binary(T5)),
 
     T6 = "{application, t6,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [t4, t5]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [t4, t5]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't6.app'), list_to_binary(T6)).
 
 create_app(t7, Dir) ->
     T7 = "{application, t7,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [t5]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [t5]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't7.app'), list_to_binary(T7)).
 
 create_circular_apps(Dir) ->
     T8 = "{application, t8,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t9]},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t9]},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't8.app'), list_to_binary(T8)),
 
     T9 = "{application, t9,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t10]},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t10]},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't9.app'), list_to_binary(T9)),
 
     T10 = "{application, t10,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [t8, t9]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [t8, t9]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't10.app'), list_to_binary(T10)).
 
 create_apps2(Dir) ->
     T11 = "{application, t11,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [t13]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [t13]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't11.app'), list_to_binary(T11)),
 
     T12 = "{application, t12,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t11]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t11]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't12.app'), list_to_binary(T12)),
 
     T13 = "{application, t13,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't13.app'), list_to_binary(T13)).
 
 
 
 create_apps_3065(Dir) ->
     T11 = "{application, chTraffic,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [chAts]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [chAts]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 'chTraffic.app'), list_to_binary(T11)),
 
     T12 = "{application, chAts,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [aa12]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [aa12]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 'chAts.app'), list_to_binary(T12)),
 
     T13 = "{application, aa12,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [chAts]},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [chAts]},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 'aa12.app'), list_to_binary(T13)).
 
 fname(N) ->
diff --git a/lib/sasl/test/systools_rc_SUITE.erl b/lib/sasl/test/systools_rc_SUITE.erl
index 2ab9e269f9..bd4aa9e7a7 100644
--- a/lib/sasl/test/systools_rc_SUITE.erl
+++ b/lib/sasl/test/systools_rc_SUITE.erl
@@ -18,7 +18,7 @@
 %%
 -module(systools_rc_SUITE).
 
--include_lib("test_server/include/test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
 -include_lib("sasl/src/systools.hrl").
 -export([all/0,groups/0,init_per_group/2,end_per_group/2, 
 	 syntax_check/1, translate/1, translate_app/1,
@@ -41,7 +41,6 @@ end_per_group(_GroupName, Config) ->
     Config.
 
 
-syntax_check(suite) -> [];
 syntax_check(Config) when is_list(Config) ->
     PreApps =
 	[#application{name = test,
@@ -69,8 +68,8 @@ syntax_check(Config) when is_list(Config) ->
 	  {update, baz, 5000, soft, brutal_purge, brutal_purge, []},
 	  {add_module, new_mod},
 	  {remove_application, snmp}
-	  ],
-    ?line {ok, _} = systools_rc:translate_scripts([S1], Apps, PreApps),
+	 ],
+    {ok, _} = systools_rc:translate_scripts([S1], Apps, PreApps),
     S2 = [
 	  {apply, {m, f, [a]}},
 	  {load_object_code, {tst, "1.0", [new_mod]}},
@@ -90,41 +89,40 @@ syntax_check(Config) when is_list(Config) ->
 	  {apply, {m,f,[a]}},
 	  restart_new_emulator,
 	  restart_emulator
-	  ],
-    ?line {ok, _} = systools_rc:translate_scripts([S2], Apps, []),
+	 ],
+    {ok, _} = systools_rc:translate_scripts([S2], Apps, []),
     S3 = [{apply, {m, f, a}}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S3], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S3], Apps, []),
     S3_1 = [{apply, {m, 3, a}}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S3_1], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S3_1], Apps, []),
     S4 = [{apply, {m, f}}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S4], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S4], Apps, []),
     S5 = [{load_object_code, hej}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S5], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S5], Apps, []),
     S6 = [{load_object_code, {342, "1.0", [foo]}}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S6], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S6], Apps, []),
     S7 = [{load_object_code, {tets, "1.0", foo}}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S7], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S7], Apps, []),
     S8 = [{suspend, [m1]}, point_of_no_return],
-    ?line {error, _, _} = systools_rc:translate_scripts([S8], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S8], Apps, []),
     S9 = [{update, ba, {advanced, extra}, brutal_purge, brutal_purge, []}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S9], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S9], Apps, []),
     S10 = [{update, bar, {advanced, extra}, brutal_purge, brutal_purge, [baz]}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S10], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S10], Apps, []),
     S11 = [{update, bar, {advanced, extra}, brutal_purge, brutal_purge, [ba]}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S11], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S11], Apps, []),
     S12 = [{update, bar, advanced, brutal_purge, brutal_purge, []}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S12], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S12], Apps, []),
     S13 = [{update, bar, {advanced, extra}, rutal_purge, brutal_purge, [ba]}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S13], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S13], Apps, []),
     S14 = [{update, bar, {advanced, extra}, brutal_purge, rutal_purge, [ba]}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S14], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S14], Apps, []),
     S15 = [{update, bar, {advanced, extra}, brutal_purge, brutal_purge, ba}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S15], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S15], Apps, []),
     S16 = [{code_change, [module]}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S16], Apps, []),
-    ?line ok.
+    {error, _, _} = systools_rc:translate_scripts([S16], Apps, []),
+    ok.
 
-translate(suite) -> [];
 translate(Config) when is_list(Config) ->
     Apps =
 	[#application{name = test,
@@ -136,170 +134,170 @@ translate(Config) when is_list(Config) ->
 		      mod = {sasl, []}}],
     %% Simple translation (1)
     Up1 = [{update, foo, soft, soft_purge, soft_purge, []}],
-    ?line {ok, X1} = systools_rc:translate_scripts([Up1], Apps, []),
-    ?line [{load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[foo]}] = X1,
+    {ok, X1} = systools_rc:translate_scripts([Up1], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]}] = X1,
 
     %% Simple translation (2)
     Up2 = [{update, foo, {advanced, extra}, soft_purge, soft_purge, []}],
-    ?line {ok, X2} = systools_rc:translate_scripts([Up2], Apps, []),
-    ?line [{load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change, up, [{foo, extra}]},
-	   {resume,[foo]}] = X2,
-
-    ?line {ok, X22} = systools_rc:translate_scripts(dn,[Up2], Apps, []),
-    ?line [{load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {code_change, down, [{foo, extra}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[foo]}] = X22,
+    {ok, X2} = systools_rc:translate_scripts([Up2], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change, up, [{foo, extra}]},
+     {resume,[foo]}] = X2,
+
+    {ok, X22} = systools_rc:translate_scripts(dn,[Up2], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {code_change, down, [{foo, extra}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]}] = X22,
 
     Up2a = [{update, foo, static, default, {advanced,extra},
 	     soft_purge, soft_purge, []}],
-    ?line {ok, X2a} = systools_rc:translate_scripts([Up2a], Apps, []),
-    ?line [{load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change, up, [{foo, extra}]},
-	   {resume,[foo]}] = X2a,
-
-    ?line {ok, X22a} = systools_rc:translate_scripts(dn,[Up2a], Apps, []),
-    ?line [{load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change, down, [{foo, extra}]},
-	   {resume,[foo]}] = X22a,
+    {ok, X2a} = systools_rc:translate_scripts([Up2a], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change, up, [{foo, extra}]},
+     {resume,[foo]}] = X2a,
+
+    {ok, X22a} = systools_rc:translate_scripts(dn,[Up2a], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change, down, [{foo, extra}]},
+     {resume,[foo]}] = X22a,
 
     %% Simple dependency (1)
     Up3 = [{update, foo, soft, soft_purge, soft_purge, [bar]},
 	   {update, bar, soft, soft_purge, soft_purge, []}],
-    ?line {ok, X31} = systools_rc:translate_scripts([Up3], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X31,
-    ?line {ok, X32} = systools_rc:translate_scripts(dn,[Up3], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X32,
+    {ok, X31} = systools_rc:translate_scripts([Up3], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X31,
+    {ok, X32} = systools_rc:translate_scripts(dn,[Up3], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X32,
 
     Up3a = [{update, foo, static, default, soft, soft_purge, soft_purge, [bar]},
 	    {update, bar, static, default, soft, soft_purge, soft_purge, []}],
-    ?line {ok, X3a1} = systools_rc:translate_scripts([Up3a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo, bar]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X3a1,
-    ?line {ok, X3a2} = systools_rc:translate_scripts(dn,[Up3a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X3a2,
+    {ok, X3a1} = systools_rc:translate_scripts([Up3a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo, bar]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X3a1,
+    {ok, X3a2} = systools_rc:translate_scripts(dn,[Up3a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X3a2,
 
     %%  Simple dependency (2)
     Up4 = [{update, foo, soft, soft_purge, soft_purge, [bar]},
 	   {update, bar, {advanced, []}, soft_purge, soft_purge, []}],
-    ?line {ok, X4} = systools_rc:translate_scripts(up,[Up4], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{bar,[]}]},
-	   {resume,[bar,foo]}] = X4,
-
-    ?line {ok, X42} = systools_rc:translate_scripts(dn,[Up4], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {code_change,down,[{bar,[]}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X42,
+    {ok, X4} = systools_rc:translate_scripts(up,[Up4], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{bar,[]}]},
+     {resume,[bar,foo]}] = X4,
+
+    {ok, X42} = systools_rc:translate_scripts(dn,[Up4], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {code_change,down,[{bar,[]}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X42,
 
     Up4a = [{update, foo, soft, soft_purge, soft_purge, [bar]},
 	    {update, bar, static, infinity, {advanced, []},
 	     soft_purge, soft_purge, []}],
-    ?line {ok, X4a} = systools_rc:translate_scripts(up,[Up4a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,{bar,infinity}]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{bar,[]}]},
-	   {resume,[bar,foo]}] = X4a,
-
-    ?line {ok, X42a} = systools_rc:translate_scripts(dn,[Up4a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,{bar,infinity}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {code_change,down,[{bar,[]}]},
-	   {resume,[bar,foo]}] = X42a,
+    {ok, X4a} = systools_rc:translate_scripts(up,[Up4a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,{bar,infinity}]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{bar,[]}]},
+     {resume,[bar,foo]}] = X4a,
+
+    {ok, X42a} = systools_rc:translate_scripts(dn,[Up4a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,{bar,infinity}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {code_change,down,[{bar,[]}]},
+     {resume,[bar,foo]}] = X42a,
 
     Up4b = [{update, foo, soft, soft_purge, soft_purge, [bar]},
 	    {update, bar, dynamic, infinity, {advanced, []},
 	     soft_purge, soft_purge, []}],
-    ?line {ok, X4b} = systools_rc:translate_scripts(up,[Up4b], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,{bar,infinity}]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{bar,[]}]},
-	   {resume,[bar,foo]}] = X4b,
-
-    ?line {ok, X42b} = systools_rc:translate_scripts(dn,[Up4b], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,{bar,infinity}]},
-	   {code_change,down,[{bar,[]}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X42b,
+    {ok, X4b} = systools_rc:translate_scripts(up,[Up4b], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,{bar,infinity}]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{bar,[]}]},
+     {resume,[bar,foo]}] = X4b,
+
+    {ok, X42b} = systools_rc:translate_scripts(dn,[Up4b], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,{bar,infinity}]},
+     {code_change,down,[{bar,[]}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X42b,
 
     %% More complex dependency
     Up5 = [{update, foo, soft, soft_purge, soft_purge, [bar, baz]},
 	   {update, bar, {advanced, []}, soft_purge, soft_purge, []},
 	   {update, baz, {advanced, baz}, soft_purge, soft_purge, [bar]}],
-    ?line {ok, X5} = systools_rc:translate_scripts([Up5], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,baz,bar]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{baz,baz},{bar,[]}]},
-	   {resume,[bar,baz,foo]}] = X5,
-
-    ?line {ok, X52} = systools_rc:translate_scripts(dn,[Up5], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,baz,bar]},
-	   {code_change,down,[{baz,baz},{bar,[]}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,baz,foo]}] = X52,
+    {ok, X5} = systools_rc:translate_scripts([Up5], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[foo,baz,bar]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{baz,baz},{bar,[]}]},
+     {resume,[bar,baz,foo]}] = X5,
+
+    {ok, X52} = systools_rc:translate_scripts(dn,[Up5], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[foo,baz,bar]},
+     {code_change,down,[{baz,baz},{bar,[]}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,baz,foo]}] = X52,
 
     Up5a = [{update, foo, dynamic, infinity, soft, soft_purge,
 	     soft_purge, [bar, baz]},
@@ -307,26 +305,26 @@ translate(Config) when is_list(Config) ->
 	     soft_purge, []},
 	    {update, baz, dynamic, default, {advanced, baz}, soft_purge,
 	     soft_purge, [bar]}],
-    ?line {ok, X5a} = systools_rc:translate_scripts([Up5a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[{foo,infinity},baz,{bar,7000}]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{baz,baz}, {bar,[]}]},
-	   {resume,[bar,baz,foo]}] = X5a,
-
-    ?line {ok, X52a} = systools_rc:translate_scripts(dn,[Up5a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[{foo,infinity},baz,{bar,7000}]},
-	   {code_change,down,[{baz,baz}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {code_change,down,[{bar,[]}]},
-	   {resume,[bar,baz,foo]}] = X52a,
+    {ok, X5a} = systools_rc:translate_scripts([Up5a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[{foo,infinity},baz,{bar,7000}]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{baz,baz}, {bar,[]}]},
+     {resume,[bar,baz,foo]}] = X5a,
+
+    {ok, X52a} = systools_rc:translate_scripts(dn,[Up5a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[{foo,infinity},baz,{bar,7000}]},
+     {code_change,down,[{baz,baz}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {code_change,down,[{bar,[]}]},
+     {resume,[bar,baz,foo]}] = X52a,
 
     Up5b = [{update, foo, dynamic, infinity, soft, soft_purge,
 	     soft_purge, [bar, baz]},
@@ -334,65 +332,65 @@ translate(Config) when is_list(Config) ->
 	     soft_purge, []},
 	    {update, baz, static, default, {advanced, baz}, soft_purge,
 	     soft_purge, [bar]}],
-    ?line {ok, X5b} = systools_rc:translate_scripts([Up5b], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[{foo,infinity},baz,{bar,7000}]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{baz,baz},{bar,[]}]},
-	   {resume,[bar,baz,foo]}] = X5b,
-
-    ?line {ok, X52b} = systools_rc:translate_scripts(dn,[Up5b], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[{foo,infinity},baz,{bar,7000}]},
-	   {code_change,down,[{bar,[]}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {code_change,down,[{baz,baz}]},
-	   {resume,[bar,baz,foo]}] = X52b,
+    {ok, X5b} = systools_rc:translate_scripts([Up5b], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[{foo,infinity},baz,{bar,7000}]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{baz,baz},{bar,[]}]},
+     {resume,[bar,baz,foo]}] = X5b,
+
+    {ok, X52b} = systools_rc:translate_scripts(dn,[Up5b], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[{foo,infinity},baz,{bar,7000}]},
+     {code_change,down,[{bar,[]}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {code_change,down,[{baz,baz}]},
+     {resume,[bar,baz,foo]}] = X52b,
 
     %% Simple circular dependency (1)
     Up6 = [{update, foo, soft, soft_purge, soft_purge, [bar]},
 	   {update, bar, soft, soft_purge, soft_purge, [foo]}],
-    ?line {ok, X61} = systools_rc:translate_scripts([Up6], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X61,
-    ?line {ok, X62} = systools_rc:translate_scripts(dn,[Up6], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X62,
+    {ok, X61} = systools_rc:translate_scripts([Up6], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X61,
+    {ok, X62} = systools_rc:translate_scripts(dn,[Up6], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X62,
 
     %% Simple circular dependency (2)
     Up7 = [{update, foo, soft, soft_purge, soft_purge, [bar, baz]},
 	   {update, bar, soft, soft_purge, soft_purge, [foo]},
 	   {update, baz, soft, soft_purge, soft_purge, [bar]}],
-    ?line {ok, X71} = systools_rc:translate_scripts([Up7], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar,baz]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar,baz]},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[baz, bar, foo]}] = X71,
-    ?line {ok, X72} = systools_rc:translate_scripts(dn,[Up7], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar,baz]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar,baz]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {resume,[baz,bar,foo]}] = X72,
+    {ok, X71} = systools_rc:translate_scripts([Up7], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar,baz]}},
+     point_of_no_return,
+     {suspend,[foo,bar,baz]},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[baz, bar, foo]}] = X71,
+    {ok, X72} = systools_rc:translate_scripts(dn,[Up7], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar,baz]}},
+     point_of_no_return,
+     {suspend,[foo,bar,baz]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {resume,[baz,bar,foo]}] = X72,
 
     %% Complex circular dependencies, check only order
     %%
@@ -402,20 +400,20 @@ translate(Config) when is_list(Config) ->
 	   {update, z, soft, soft_purge, soft_purge, [x]},
 	   {update, bar, soft, soft_purge, soft_purge, [baz]},
 	   {update, baz, soft, soft_purge, soft_purge, [bar]}],
-    ?line {ok, X8} = systools_rc:translate_scripts([Up8], Apps, []),
-    ?line {value, {suspend, Order}} = lists:keysearch(suspend, 1, X8),
-    ?line Rest = case lists:reverse(Order) of
-		     [bar, baz | R] -> R;
-		     [baz, bar | R] -> R
-		 end,
-    ?line case Rest of
-	      [y, z, x, foo] -> ok;
-	      [y, x, z, foo] -> ok;
-	      [foo, y, z, x] -> ok;
-	      [foo, y, x, z] -> ok;
-	      [y, foo, z, x] -> ok;
-	      [y, foo, x, z] -> ok
-	  end,
+    {ok, X8} = systools_rc:translate_scripts([Up8], Apps, []),
+    {value, {suspend, Order}} = lists:keysearch(suspend, 1, X8),
+    Rest = case lists:reverse(Order) of
+	       [bar, baz | R] -> R;
+	       [baz, bar | R] -> R
+	   end,
+    case Rest of
+	[y, z, x, foo] -> ok;
+	[y, x, z, foo] -> ok;
+	[foo, y, z, x] -> ok;
+	[foo, y, x, z] -> ok;
+	[y, foo, z, x] -> ok;
+	[y, foo, x, z] -> ok
+    end,
 
     %% Check that order among other instructions isn't changed
     Up9 = [{update, foo, soft, soft_purge, soft_purge, [baz]},
@@ -430,13 +428,12 @@ translate(Config) when is_list(Config) ->
 	   {apply, {m, f, [5]}},
 	   {update, baz, soft, soft_purge, soft_purge, [bar]},
 	   {apply, {m, f, [6]}}],
-    ?line {ok, X9} = systools_rc:translate_scripts([Up9], Apps, []),
+    {ok, X9} = systools_rc:translate_scripts([Up9], Apps, []),
     Other2 = [X || {apply, {m, f, [X]}} <- X9],
-    ?line [1,2,3,4,5,6] = lists:sort(Other2),
-    ?line ok.
+    [1,2,3,4,5,6] = lists:sort(Other2),
+    ok.
 
 
-translate_app(suite) -> [];
 translate_app(Config) when is_list(Config) ->
     PreApps =
 	[#application{name = test,
@@ -461,33 +458,33 @@ translate_app(Config) when is_list(Config) ->
     %% Simple translation (1)
     Up1 = [{add_module, foo},
 	   {add_module, bar}],
-    ?line {ok, X1} = systools_rc:translate_scripts([Up1], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {load,{foo,brutal_purge,brutal_purge}},
-	   {load,{bar,brutal_purge,brutal_purge}}] = X1,
+    {ok, X1} = systools_rc:translate_scripts([Up1], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {load,{foo,brutal_purge,brutal_purge}},
+     {load,{bar,brutal_purge,brutal_purge}}] = X1,
 
     %% Simple translation (2)
     Up2 = [{add_application, test}],
-    ?line {ok, X2} = systools_rc:translate_scripts([Up2], Apps, []),
-io:format("X2=~p~n", [X2]),
-    ?line [{load_object_code,{test,"1.0",[foo,bar,baz]}},
-	   point_of_no_return,
-	   {load,{foo,brutal_purge,brutal_purge}},
-	   {load,{bar,brutal_purge,brutal_purge}},
-	   {load,{baz,brutal_purge,brutal_purge}},
-	   {apply,{application,start,[test,permanent]}}] = X2,
+    {ok, X2} = systools_rc:translate_scripts([Up2], Apps, []),
+    io:format("X2=~p~n", [X2]),
+    [{load_object_code,{test,"1.0",[foo,bar,baz]}},
+     point_of_no_return,
+     {load,{foo,brutal_purge,brutal_purge}},
+     {load,{bar,brutal_purge,brutal_purge}},
+     {load,{baz,brutal_purge,brutal_purge}},
+     {apply,{application,start,[test,permanent]}}] = X2,
 
     %% Simple translation (3)
     Up3 = [{remove_application, pelle}],
-    ?line {ok, X3} = systools_rc:translate_scripts([Up3], Apps, PreApps),
-    ?line [point_of_no_return,
-	   {apply,{application,stop,[pelle]}},
-	   {remove,{pelle,brutal_purge,brutal_purge}},
-	   {remove,{kalle,brutal_purge,brutal_purge}},
-	   {purge,[pelle,kalle]},
-	   {apply,{application,unload,[pelle]}}] = X3,
-    ?line ok.
+    {ok, X3} = systools_rc:translate_scripts([Up3], Apps, PreApps),
+    [point_of_no_return,
+     {apply,{application,stop,[pelle]}},
+     {remove,{pelle,brutal_purge,brutal_purge}},
+     {remove,{kalle,brutal_purge,brutal_purge}},
+     {purge,[pelle,kalle]},
+     {apply,{application,unload,[pelle]}}] = X3,
+    ok.
 
 
 translate_emulator_restarts(_Config) ->
@@ -506,36 +503,36 @@ translate_emulator_restarts(_Config) ->
 		      mod = {sasl, []}}],
     %% restart_new_emulator
     Up1 = [{update, foo, soft, soft_purge, soft_purge, []},restart_new_emulator],
-    ?line {ok, X1} = systools_rc:translate_scripts([Up1], Apps, []),
-    ?line [restart_new_emulator,
-	   {load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[foo]}] = X1,
+    {ok, X1} = systools_rc:translate_scripts([Up1], Apps, []),
+    [restart_new_emulator,
+     {load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]}] = X1,
 
     %% restart_emulator
     Up2 = [{update, foo, soft, soft_purge, soft_purge, []},restart_emulator],
-    ?line {ok, X2} = systools_rc:translate_scripts([Up2], Apps, []),
-    ?line [{load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[foo]},
-	   restart_emulator] = X2,
+    {ok, X2} = systools_rc:translate_scripts([Up2], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]},
+     restart_emulator] = X2,
 
     %% restart_emulator + restart_new_emulator
     Up3 = [{update, foo, soft, soft_purge, soft_purge, []},
 	   restart_emulator,
 	   restart_new_emulator],
-    ?line {ok, X3} = systools_rc:translate_scripts([Up3], Apps, []),
-    ?line [restart_new_emulator,
-	   {load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[foo]},
-	   restart_emulator] = X3,
+    {ok, X3} = systools_rc:translate_scripts([Up3], Apps, []),
+    [restart_new_emulator,
+     {load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]},
+     restart_emulator] = X3,
 
     %% restart_emulator + restart_new_emulator
     Up4a = [{update, foo, soft, soft_purge, soft_purge, []},
@@ -545,28 +542,28 @@ translate_emulator_restarts(_Config) ->
 	    {update, x, soft, soft_purge, soft_purge, []},
 	    restart_emulator,
 	    restart_emulator],
-    ?line {ok, X4} = systools_rc:translate_scripts([Up4a,Up4b], Apps, []),
-    ?line [restart_new_emulator,
-	   {load_object_code, {test,"1.0",[foo,x]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[foo]},
-	   {suspend,[x]},
-	   {load,{x,soft_purge,soft_purge}},
-	   {resume,[x]},
-	   restart_emulator] = X4,
+    {ok, X4} = systools_rc:translate_scripts([Up4a,Up4b], Apps, []),
+    [restart_new_emulator,
+     {load_object_code, {test,"1.0",[foo,x]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]},
+     {suspend,[x]},
+     {load,{x,soft_purge,soft_purge}},
+     {resume,[x]},
+     restart_emulator] = X4,
 
     %% only restart_new_emulator
     Up5 = [restart_new_emulator],
-    ?line {ok, X5} = systools_rc:translate_scripts([Up5], Apps, []),
-    ?line [restart_new_emulator,
-	   point_of_no_return] = X5,
+    {ok, X5} = systools_rc:translate_scripts([Up5], Apps, []),
+    [restart_new_emulator,
+     point_of_no_return] = X5,
 
     %% only restart_emulator
     Up6 = [restart_emulator],
-    ?line {ok, X6} = systools_rc:translate_scripts([Up6], Apps, []),
-    ?line [point_of_no_return,
-	   restart_emulator] = X6,
+    {ok, X6} = systools_rc:translate_scripts([Up6], Apps, []),
+    [point_of_no_return,
+     restart_emulator] = X6,
 
     ok.
diff --git a/lib/snmp/Makefile b/lib/snmp/Makefile
index 4264531112..ff6fad8ddc 100644
--- a/lib/snmp/Makefile
+++ b/lib/snmp/Makefile
@@ -54,6 +54,9 @@ else
 endif
 
 
+DIA_PLT      = ./priv/plt/$(APPLICATION).plt
+DIA_ANALYSIS = $(basename $(DIA_PLT)).dialyzer_analysis
+
 # ----------------------------------------------------
 # Default Subdir Targets
 # ----------------------------------------------------
@@ -75,6 +78,11 @@ info:
 	@echo ""
 	@echo "SNMP_VSN: $(SNMP_VSN)"
 	@echo "APP_VSN:  $(APP_VSN)"
+	@echo ""
+	@echo "DIA_PLT:      $(DIA_PLT)"
+	@echo "DIA_ANALYSIS: $(DIA_ANALYSIS)"
+	@echo ""
+
 
 gclean: 
 	git clean -fXd
@@ -120,3 +128,23 @@ tar: $(APP_TAR_FILE)
 
 $(APP_TAR_FILE): $(APP_DIR)
 	(cd $(APP_RELEASE_DIR); gtar zcf $(APP_TAR_FILE) $(DIR_NAME))
+
+dclean:
+	rm -f $(DIA_PLT)
+	rm -f $(DIA_ANALYSIS)
+
+dialyzer_plt: $(DIA_PLT)
+
+$(DIA_PLT): 
+	@echo "Building $(APPLICATION) plt file"
+	@dialyzer --build_plt \
+                  --output_plt $@ \
+                  -r ../$(APPLICATION)/ebin \
+                  --output $(DIA_ANALYSIS) \
+                  --verbose
+
+dialyzer: $(DIA_PLT)
+	@echo "Running dialyzer on $(APPLICATION)"
+	@dialyzer --plt $< \
+                  ../$(APPLICATION)/ebin \
+                  --verbose
\ No newline at end of file
diff --git a/lib/snmp/doc/src/Makefile b/lib/snmp/doc/src/Makefile
index df597c8ba7..8645886590 100644
--- a/lib/snmp/doc/src/Makefile
+++ b/lib/snmp/doc/src/Makefile
@@ -165,7 +165,7 @@ $(MAN7DIR)/%.7: $(MIBSDIR)/%.mib
 
 $(MAN1DIR)/snmpc.1: snmpc_cmd.xml
 	date=`date +"%B %e %Y"`; \
-        xsltproc --output "$@" --stringparam company "Ericsson AB" --stringparam docgen "$(DOCGEN)" --stringparam gendate "$$date" --stringparam appname "$(APPLICATION)" --stringparam appver "$(VSN)" --xinclude -path $(DOCGEN)/priv/docbuilder_dtd  -path $(DOCGEN)/priv/dtd_man_entities $(DOCGEN)/priv/xsl/db_man.xsl $<
+        xsltproc --output "$@" --stringparam company "Ericsson AB" --stringparam docgen "$(DOCGEN)" --stringparam gendate "$$date" --stringparam appname "$(APPLICATION)" --stringparam appver "$(VSN)" --xinclude -path $(DOCGEN)/priv/dtd  -path $(DOCGEN)/priv/dtd_man_entities $(DOCGEN)/priv/xsl/db_man.xsl $<
 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
diff --git a/lib/snmp/doc/src/notes.xml b/lib/snmp/doc/src/notes.xml
index fd5a548b16..704ff0a20f 100644
--- a/lib/snmp/doc/src/notes.xml
+++ b/lib/snmp/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1996</year><year>2011</year>
+      <year>1996</year><year>2012</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -34,23 +34,262 @@
 
 
   <section>
+    <title>SNMP Development Toolkit 4.21.7</title>
+    <p>Version 4.21.7 supports code replacement in runtime from/to
+    version 4.21.6, 4.21.5, 4.21.4, 4.21.3, 4.21.2, 4.21.1, 4.21, 4.20.1 and 
+    4.20. </p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <p>-</p>
+
+      <!--
+      <list type="bulleted">
+        <item>
+          <p>[agent] DoS attack using GET-BULK with large value of 
+	  MaxRepetitions.
+	  A preventive method has been implementing by simply 
+	  limit the number of varbinds that can be included in 
+	  a Get-BULK response message. This is specified by the 
+	  new config option, 
+	  <seealso marker="snmp_app#agent_gb_max_vbs">gb_max_vbs</seealso>. 
+	  </p>
+	  <p>Own Id: OTP-9700</p>
+        </item>
+
+      </list>
+      -->
+
+    </section>
+
+    <section>
+      <title>Reported Fixed Bugs and Malfunctions</title>
+      <!--
+      <p>-</p>
+      -->
+
+      <list type="bulleted">
+        <item>
+          <p>[agent] Simultaneous 
+	  <seealso marker="snmpa#backup">snmpa:backup/1,2</seealso> 
+	  calls can interfere.
+	  The master agent did not check if a backup was already in 
+	  progress when a backup request was accepted. </p>
+          <p>Own Id: OTP-9884</p>
+          <p>Aux Id: Seq 11995</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+    </section>
+
+  </section> <!-- 4.21.7 -->
+
+
+  <section>
+    <title>SNMP Development Toolkit 4.21.6</title>
+    <p>Version 4.21.6 supports code replacement in runtime from/to
+    version 4.21.5, 4.21.4, 4.21.3, 4.21.2, 4.21.1, 4.21, 4.20.1 and 
+    4.20. </p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <!--
+      <p>-</p>
+      -->
+
+      <list type="bulleted">
+        <item>
+          <p>[agent] DoS attack using GET-BULK with large value of 
+	  MaxRepetitions.
+	  A preventive method has been implementing by simply 
+	  limit the number of varbinds that can be included in 
+	  a Get-BULK response message. This is specified by the 
+	  new config option, 
+	  <seealso marker="snmp_app#agent_gb_max_vbs">gb_max_vbs</seealso>. 
+	  </p>
+	  <p>Own Id: OTP-9700</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Reported Fixed Bugs and Malfunctions</title>
+      <!--
+      <p>-</p>
+      -->
+
+      <list type="bulleted">
+        <item>
+          <p>[agent] Mib server cache gclimit update function incorrectly calls 
+	  age update function. 
+	  The gclimit update function, 
+	  <seealso marker="snmpa#update_mibs_cache_gclimit">update_mibs_cache_gclimit/1</seealso>, 
+	  <em>incorrectly</em> called the age update function, 
+	  <seealso marker="snmpa#update_mibs_cache_age">update_mibs_cache_age/2</seealso>. </p>
+	  <p>Johan Claesson</p>
+          <p>Own Id: OTP-9868</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+    </section>
+
+  </section> <!-- 4.21.6 -->
+
+
+  <section>
+    <title>SNMP Development Toolkit 4.21.5</title>
+    <p>Version 4.21.5 supports code replacement in runtime from/to
+      version 4.21.4, 4.21.3, 4.21.2, 4.21.1, 4.21, 4.20.1 and 4.20. </p>
+
+    <section>
+      <title>Improvements and new features</title>
+<!--
+      <p>-</p>
+-->
+
+      <list type="bulleted">
+        <item>
+          <p>[agent] Removed (more) use of old style tuple funs. </p>
+          <p>Own Id: OTP-9783</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Fixed Bugs and Malfunctions</title>
+<!--
+      <p>-</p> 
+-->
+
+      <list type="bulleted">
+        <item>
+          <p>[agent] Repeated vacm table dumping fails due to file name 
+          conflict. When dumping the vacm table to disk, a temoporary 
+          file with a fixed name was used. If the table dumping 
+          (snmpa_vacm:dump_table/0) was initiated from several different 
+          processes in rapid succesion, the dumping could fail because the 
+          different processes was simultaniously trying to write to the 
+          same file. This problem has been eliminated by creating a unique 
+          name for the temporary file. </p>
+          <p>Own Id: OTP-9851</p>
+          <p>Aux Id: Seq 11980</p>
+        </item>
+
+      </list>
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+
+<!--
+      <list type="bulleted">
+        <item>
+          <p>foo. </p>
+          <p>Own Id: OTP-9718</p>
+        </item>
+
+      </list>
+-->
+
+    </section>
+
+  </section> <!-- 4.21.5 -->
+
+
+  <section>
+    <title>SNMP Development Toolkit 4.21.4</title>
+    <p>This version has never been released for R14B.</p>
+    <p>Version 4.21.4 supports code replacement in runtime from/to
+      version 4.21.3, 4.21.2, 4.21.1, 4.21, 4.20.1, 4.20 and 4.19. </p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <p>-</p>
+
+<!--
+      <list type="bulleted">
+        <item>
+          <p>[compiler] Improved version info printout from the 
+          <seealso marker="snmpc(command)#">MIB compiler frontend escript</seealso>. </p>
+          <p>Own Id: OTP-9618</p>
+        </item>
+
+      </list>
+-->
+
+    </section>
+
+    <section>
+      <title>Fixed Bugs and Malfunctions</title>
+<!--
+      <p>-</p> 
+-->
+
+      <list type="bulleted">
+        <item>
+          <p>[agent] Removed use of old style tuple funs. </p>
+          <p>Own Id: OTP-9779</p>
+        </item>
+
+      </list>
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+
+<!--
+      <list type="bulleted">
+        <item>
+          <p>foo. </p>
+          <p>Own Id: OTP-9718</p>
+        </item>
+
+      </list>
+-->
+
+    </section>
+
+  </section> <!-- 4.21.4 -->
+
+
+  <section>
     <title>SNMP Development Toolkit 4.21.3</title>
     <p>Version 4.21.3 supports code replacement in runtime from/to
-    version 4.21.2, 4.21.1, 4.21 and 4.20.1. </p>
-    
+      version 4.21.2, 4.21.1, 4.21, 4.20.1, 4.20 and 4.19. </p>
+
     <section>
       <title>Improvements and new features</title>
 <!--
       <p>-</p>
 -->
-      
+
       <list type="bulleted">
         <item>
-          <p>[compiler] Improved version info printout. </p>
+          <p>[compiler] Improved version info printout from the 
+	  <seealso marker="snmpc(command)#">MIB compiler frontend escript</seealso>. </p>
           <p>Own Id: OTP-9618</p>
         </item>
 
       </list>
+
     </section>
 
     <section>
@@ -61,35 +300,46 @@
 
       <list type="bulleted">
         <item>
+          <p>[agent] Version 4.20 introduced a change that broke trap 
+	  sending from subagents. Due to a bug in the test code, 
+	  this was not discovered, until that bug was fixed. </p>
+          <p>Own Id: OTP-9745</p>
+        </item>
+
+        <item>
+          <p>[agent] When sending an error message (reply) regarding 
+	  <c>snmpUnknownPDUHandlers</c>, the agent used the wrong OID. </p>
+          <p>Own Id: OTP-9747</p>
+        </item>
+
+        <item>
           <p>[compiler] Fix the <c>--warnings/--W</c> option parsing in the 
-	  <seealso marker="snmpc(command)#option_warnings">snmpc</seealso>
-	  wrapper (e)script. 
-	  The short warning option was incorrectly <c>--w</c>, instead
-	  of as documented <c>--W</c>. This has now been corrected. </p>
-	  <p>*** POTENTIAL INCOMPATIBILITY ***</p>
+          <seealso marker="snmpc(command)#option_warnings">snmpc</seealso>
+          wrapper (e)script. 
+          The short warning option was incorrectly <c>--w</c>, instead
+          of as documented <c>--W</c>. This has now been corrected. </p>
+          <p>*** POTENTIAL INCOMPATIBILITY ***</p>
           <p>Tuncer Ayaz</p>
           <p>Own Id: OTP-9718</p>
         </item>
 
       </list>
-
     </section>
 
 
     <section>
       <title>Incompatibilities</title>
 <!--
-      <p>-</p> 
+      <p>-</p>
 -->
 
       <list type="bulleted">
         <item>
           <p>[compiler] The short warning option has been changed from 
-	  <c>--w</c> to <c>--W</c> to comply with the documentation. </p>
+          <c>--w</c> to <c>--W</c> to comply with the documentation. </p>
           <p>Tuncer Ayaz</p>
           <p>Own Id: OTP-9718</p>
-	</item>
-
+        </item>
 
       </list>
     </section>
@@ -571,355 +821,6 @@ snmp_view_basec_acm_mib:vacmAccessTable(set, RowIndex, Cols).
   </section> <!-- 4.18 -->
 
 
-  <section>
-    <title>SNMP Development Toolkit 4.17.1</title>
-    <p>Version 4.17.1 supports code replacement in runtime from/to
-      version 4.17, 4.16.2, 4.16.1, 4.16, 4.15, 4.14 and 4.13.5.</p>
-
-    <section>
-      <title>Improvements and new features</title>
-      <p>-</p> 
-    </section>
-
-    <section>
-      <title>Reported Fixed Bugs and Malfunctions</title>
-      <list type="bulleted">
-        <item>
-          <p>When the function FilterMod:accept_recv/2
-	  returned false the SNMP agent stopped collecting 
-	  messages from UDP.</p>
-          <p>Own Id: OTP-8761</p>
-        </item>
-      </list>
-    </section>
-
-    <section>
-      <title>Incompatibilities</title>
-      <p>-</p>
-    </section>
-  </section> <!-- 4.17.1 -->
-
-
-  <section>
-    <title>SNMP Development Toolkit 4.17</title>
-    <p>Version 4.17 supports code replacement in runtime from/to
-      version 4.16.2, 4.16.1, 4.16, 4.15, 4.14 and 4.13.5.</p>
-
-    <section>
-      <title>Improvements and new features</title>
-      <!-- 
-      <p>-</p> 
-      -->
-      <list type="bulleted">
-        <item>
-          <p>[agent] Added very basic support for multiple SNMPv3 
-            EngineIDs in a single agent. See 
-            <seealso marker="snmpa#send_notification">send_notification/7</seealso>, 
-            <seealso marker="snmpa_mpd#process_packet">process_packet/7</seealso>, 
-            <seealso marker="snmpa_mpd#generate_response_msg">generate_response_msg/6</seealso> or 
-            <seealso marker="snmpa_mpd#generate_msg">generate_msg/6</seealso> 
-            for more info. </p> 
-
-          <p>Own Id: OTP-8478</p>
-        </item>
-
-      </list>
-
-    </section>
-
-    <section>
-      <title>Reported Fixed Bugs and Malfunctions</title>
-      <p>-</p>
-
-      <!-- 
-      <list type="bulleted">
-        <item>
-          <p>The config utility 
-            (<seealso marker="snmp#config">snmp:config/0</seealso>)
-            generated a default notify.conf 
-            with a bad name for the standard trap entry (was "stadard trap", 
-            but should have been "standard trap"). This has been corrected. </p>
-          <p>Kenji Rikitake</p>
-          <p>Own Id: OTP-8433</p>
-        </item>
-
-      </list>
-      -->
-
-    </section>
-
-    <section>
-      <title>Incompatibilities</title>
-      <p>-</p>
-    </section>
-  </section> <!-- 4.17 -->
-
-
-  <section>
-    <title>SNMP Development Toolkit 4.16.2</title>
-    <p>Version 4.16.2 supports code replacement in runtime from/to
-      version 4.16.1, 4.16, 4.15, 4.14 and 4.13.5.</p>
-
-    <section>
-      <title>Improvements and new features</title>
-      <!-- 
-      <p>-</p> 
-      -->
-      <list type="bulleted">
-        <item>
-          <p>[compiler] The SMI specifies that a table row OID should be 
-            named: { &lt;tableIdentifier&gt; "1" }. </p>
-	  <p>A new option has been introduced, 
-            <seealso marker="snmpc#compiler_opts">relaxed_row_name_assign_check</seealso>, 
-            that allows for a more liberal numbering scheme</p>
-          <p>Own Id: OTP-8574</p>
-        </item>
-
-        <item>
-          <p>[agent|manager] Changes to make snmp (forward) compatible with 
-            the new version of the crypto application (released in R14).
-            As of R14, crypto is implemented using NIFs. Also,
-            the API is more strict. </p> 
-          <p>Own Id: OTP-8594</p>
-        </item>
-
-        <item>
-          <p>Auto [agent] Changed default value for the MIB server cache. 
-            GC is now on by default. </p>
-          <p>Own Id: OTP-8648</p>
-        </item>
-
-      </list>
-
-    </section>
-
-    <section>
-      <title>Reported Fixed Bugs and Malfunctions</title>
-      <!-- 
-      <p>-</p>
-      -->
-
-      <list type="bulleted">
-        <item>
-          <p>Encode/decode of Counter64 values larger than 
-	    16#7fffffffffffffff (9223372036854775807) failed. </p>
-          <p>Own Id: OTP-8563</p>
-        </item>
-
-        <item>
-          <p>[compiler] Fails to compile non-contiguous BITS. </p>
-	  <p>Per Hedeland</p>
-          <p>Own Id: OTP-8595</p>
-        </item>
-
-        <item>
-          <p>[manager] Raise condition causing the manager server process to 
-            crash. Unregistering an agent while traffic (set/get-operations) 
-            is ongoing could cause a crash in the manager server process 
-            (raise condition). </p>
-          <p>Own Id: OTP-8646</p>
-	  <p>Aux Id: Seq 11585</p>
-        </item>
-
-      </list>
-
-    </section>
-
-    <section>
-      <title>Incompatibilities</title>
-      <p>-</p>
-    </section>
-  </section> <!-- 4.16.2 -->
-
-
-  <section>
-    <title>SNMP Development Toolkit 4.16.1</title>
-    <p>Version 4.16.1 supports code replacement in runtime from/to
-      version 4.16, 4.15, 4.14 and 4.13.5.</p>
-
-    <section>
-      <title>Improvements and new features</title>
-      <p>-</p> 
-      <!-- 
-      <list type="bulleted">
-        <item>
-          <p>[agent|manager] Entries in the audit trail log can now be 
-            augmented by a sequence number. </p>
-          <p>This is enabled by the <c>seqno</c> option, which is part of the 
-            <seealso marker="snmp_config#audit_trail_log">Audit Trail Log</seealso> 
-            config option. </p>
-          <p>See the 
-            <seealso marker="snmp_app#configuration_params">reference manual</seealso> 
-            or the 
-            <seealso marker="snmp_config#configuration_params">Configuring the application</seealso> 
-            chapter of the User's Guide for further info. </p> 
-
-          <p>Own Id: OTP-8395</p>
-        </item>
-
-      </list>
-      -->
-
-    </section>
-
-    <section>
-      <title>Reported Fixed Bugs and Malfunctions</title>
-      <!-- 
-      <p>-</p>
-      -->
-
-      <list type="bulleted">
-        <item>
-          <p>[manager] Fixed an upgrade/downgrade problem. </p>
-          <p>Upgrade/downgrade from/to 4.13.5 did not work for the net-if 
-            process. This has now been fixed. </p>
-          <p>Own Id: OTP-8481</p>
-        </item>
-
-        <item>
-          <p>[agent] A minor mnesia related performance improvement. </p>
-          <p>Own Id: OTP-8480</p>
-        </item>
-
-      </list>
-
-    </section>
-
-    <section>
-      <title>Incompatibilities</title>
-      <p>-</p>
-    </section>
-  </section> <!-- 4.16.1 -->
-
-
-  <section>
-    <title>SNMP Development Toolkit 4.16</title>
-    <p>Version 4.16 supports code replacement in runtime from/to
-      version 4.15, 4.14 and 4.13.5.</p>
-
-    <section>
-      <title>Improvements and new features</title>
-      <!-- 
-      <p>-</p> 
-      -->
-      <list type="bulleted">
-        <item>
-          <p>[agent|manager] Entries in the audit trail log can now be 
-            augmented by a sequence number. </p>
-          <p>This is enabled by the <c>seqno</c> option, which is part of the 
-            <seealso marker="snmp_config#audit_trail_log">Audit Trail Log</seealso> 
-            config option. </p>
-          <p>See the 
-            <seealso marker="snmp_app#configuration_params">reference manual</seealso> 
-            or the 
-            <seealso marker="snmp_config#configuration_params">Configuring the application</seealso> 
-            chapter of the User's Guide for further info. </p> 
-
-          <p>Own Id: OTP-8395</p>
-        </item>
-
-      </list>
-
-    </section>
-
-    <section>
-      <title>Reported Fixed Bugs and Malfunctions</title>
-      <!-- 
-      <p>-</p>
-      -->
-
-      <list type="bulleted">
-        <item>
-          <p>[manager] Registration of agents using the config file, 
-            <seealso marker="snmp_manager_config_files#agents">agents.conf</seealso>, 
-            does not work. This has now been corrected. </p>
-          <p>Per Hedeland</p>
-          <p>Own Id: OTP-8442</p>
-        </item>
-
-        <item>
-          <p>The config utility 
-            (<seealso marker="snmp#config">snmp:config/0</seealso>)
-            generated a default notify.conf 
-            with a bad name for the standard trap entry (was "stadard trap", 
-            but should have been "standard trap"). This has been corrected. </p>
-          <p>Kenji Rikitake</p>
-          <p>Own Id: OTP-8433</p>
-        </item>
-
-      </list>
-
-    </section>
-
-    <section>
-      <title>Incompatibilities</title>
-      <p>-</p>
-    </section>
-  </section> <!-- 4.16 -->
-
-
-  <section>
-    <title>SNMP Development Toolkit 4.15</title>
-
-    <p>Version 4.15 supports code replacement in runtime from/to
-      version 4.14 and 4.13.5.</p>
-
-    <section>
-      <title>Improvements and new features</title>
-      <!-- 
-      <p>-</p> 
-      -->
-
-      <list type="bulleted">
-        <item>
-          <p>The documentation is now built with open source tools 
-            (<em>xsltproc</em> and <em>fop</em>) that exists on most 
-            platforms. One visible change is that the frames are removed.</p>
-          <p>Own Id: OTP-8249</p>
-        </item>
-
-      </list>
-
-    </section>
-
-    <section>
-      <title>Reported Fixed Bugs and Malfunctions</title>
-      <!-- 
-      <p>-</p>
-      -->
-      <list type="bulleted">
-        <item>
-          <p>[manager] When information from an unknown agent is received,
-            it was previously delivered to the default user via calls to all
-            the functions of the callback API depending on the info type
-            (<c>pdu</c>, <c>trap</c>, <c>report</c> or <c>inform</c>). 
-            The problem was that the <c>TargetName</c> argument was useless 
-            in this case (only an already known agent has a known/valid 
-            <c>TargetName</c>, but the <c>TargetName</c> used in these calls
-            was generated "on the fly"). </p>
-          <p>This has now been changed so that when a message is received 
-            from an unknown agent, then only 
-            <seealso marker="snmpm_user#handle_agent">handle_agent</seealso>
-            (for the default user) is called, but now this call also has a 
-            <c>Type</c> argument, which is 
-            <c>pdu | trap | report | inform</c>, depending on what kind of 
-            message was actually received, thus making it possible for the 
-            user to properly analyze the data received. </p>
-	  <p>To handle this, the 
-            <seealso marker="snmpm_user">snmpm_user</seealso> behaviour has 
-            been updated. </p>
-	  <p>*** POTENTIAL INCOMPATIBILITY ***</p>
-          <p>Own Id: OTP-8229</p>
-	  <!-- <p>Aux Id: Seq 11312</p> -->
-        </item>
-
-      </list>
-
-    </section>
-
-  </section> <!-- 4.15 -->
-
-
   <!-- section>
     <title>Release notes history</title>
     <p>For information about older versions see
diff --git a/lib/snmp/doc/src/notes_history.xml b/lib/snmp/doc/src/notes_history.xml
index 722d02afbd..023717cd7c 100644
--- a/lib/snmp/doc/src/notes_history.xml
+++ b/lib/snmp/doc/src/notes_history.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2004</year><year>2010</year>
+      <year>2004</year><year>2012</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -33,6 +33,355 @@
   </header>
 
   <section>
+    <title>SNMP Development Toolkit 4.17.1</title>
+    <p>Version 4.17.1 supports code replacement in runtime from/to
+      version 4.17, 4.16.2, 4.16.1, 4.16, 4.15, 4.14 and 4.13.5.</p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <p>-</p> 
+    </section>
+
+    <section>
+      <title>Reported Fixed Bugs and Malfunctions</title>
+      <list type="bulleted">
+        <item>
+          <p>When the function FilterMod:accept_recv/2
+	  returned false the SNMP agent stopped collecting 
+	  messages from UDP.</p>
+          <p>Own Id: OTP-8761</p>
+        </item>
+      </list>
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+    </section>
+  </section> <!-- 4.17.1 -->
+
+
+  <section>
+    <title>SNMP Development Toolkit 4.17</title>
+    <p>Version 4.17 supports code replacement in runtime from/to
+      version 4.16.2, 4.16.1, 4.16, 4.15, 4.14 and 4.13.5.</p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <!-- 
+      <p>-</p> 
+      -->
+      <list type="bulleted">
+        <item>
+          <p>[agent] Added very basic support for multiple SNMPv3 
+            EngineIDs in a single agent. See 
+            <seealso marker="snmpa#send_notification">send_notification/7</seealso>, 
+            <seealso marker="snmpa_mpd#process_packet">process_packet/7</seealso>, 
+            <seealso marker="snmpa_mpd#generate_response_msg">generate_response_msg/6</seealso> or 
+            <seealso marker="snmpa_mpd#generate_msg">generate_msg/6</seealso> 
+            for more info. </p> 
+
+          <p>Own Id: OTP-8478</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Reported Fixed Bugs and Malfunctions</title>
+      <p>-</p>
+
+      <!-- 
+      <list type="bulleted">
+        <item>
+          <p>The config utility 
+            (<seealso marker="snmp#config">snmp:config/0</seealso>)
+            generated a default notify.conf 
+            with a bad name for the standard trap entry (was "stadard trap", 
+            but should have been "standard trap"). This has been corrected. </p>
+          <p>Kenji Rikitake</p>
+          <p>Own Id: OTP-8433</p>
+        </item>
+
+      </list>
+      -->
+
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+    </section>
+  </section> <!-- 4.17 -->
+
+
+  <section>
+    <title>SNMP Development Toolkit 4.16.2</title>
+    <p>Version 4.16.2 supports code replacement in runtime from/to
+      version 4.16.1, 4.16, 4.15, 4.14 and 4.13.5.</p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <!-- 
+      <p>-</p> 
+      -->
+      <list type="bulleted">
+        <item>
+          <p>[compiler] The SMI specifies that a table row OID should be 
+            named: { &lt;tableIdentifier&gt; "1" }. </p>
+	  <p>A new option has been introduced, 
+            <seealso marker="snmpc#compiler_opts">relaxed_row_name_assign_check</seealso>, 
+            that allows for a more liberal numbering scheme</p>
+          <p>Own Id: OTP-8574</p>
+        </item>
+
+        <item>
+          <p>[agent|manager] Changes to make snmp (forward) compatible with 
+            the new version of the crypto application (released in R14).
+            As of R14, crypto is implemented using NIFs. Also,
+            the API is more strict. </p> 
+          <p>Own Id: OTP-8594</p>
+        </item>
+
+        <item>
+          <p>Auto [agent] Changed default value for the MIB server cache. 
+            GC is now on by default. </p>
+          <p>Own Id: OTP-8648</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Reported Fixed Bugs and Malfunctions</title>
+      <!-- 
+      <p>-</p>
+      -->
+
+      <list type="bulleted">
+        <item>
+          <p>Encode/decode of Counter64 values larger than 
+	    16#7fffffffffffffff (9223372036854775807) failed. </p>
+          <p>Own Id: OTP-8563</p>
+        </item>
+
+        <item>
+          <p>[compiler] Fails to compile non-contiguous BITS. </p>
+	  <p>Per Hedeland</p>
+          <p>Own Id: OTP-8595</p>
+        </item>
+
+        <item>
+          <p>[manager] Raise condition causing the manager server process to 
+            crash. Unregistering an agent while traffic (set/get-operations) 
+            is ongoing could cause a crash in the manager server process 
+            (raise condition). </p>
+          <p>Own Id: OTP-8646</p>
+	  <p>Aux Id: Seq 11585</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+    </section>
+  </section> <!-- 4.16.2 -->
+
+
+  <section>
+    <title>SNMP Development Toolkit 4.16.1</title>
+    <p>Version 4.16.1 supports code replacement in runtime from/to
+      version 4.16, 4.15, 4.14 and 4.13.5.</p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <p>-</p> 
+      <!-- 
+      <list type="bulleted">
+        <item>
+          <p>[agent|manager] Entries in the audit trail log can now be 
+            augmented by a sequence number. </p>
+          <p>This is enabled by the <c>seqno</c> option, which is part of the 
+            <seealso marker="snmp_config#audit_trail_log">Audit Trail Log</seealso> 
+            config option. </p>
+          <p>See the 
+            <seealso marker="snmp_app#configuration_params">reference manual</seealso> 
+            or the 
+            <seealso marker="snmp_config#configuration_params">Configuring the application</seealso> 
+            chapter of the User's Guide for further info. </p> 
+
+          <p>Own Id: OTP-8395</p>
+        </item>
+
+      </list>
+      -->
+
+    </section>
+
+    <section>
+      <title>Reported Fixed Bugs and Malfunctions</title>
+      <!-- 
+      <p>-</p>
+      -->
+
+      <list type="bulleted">
+        <item>
+          <p>[manager] Fixed an upgrade/downgrade problem. </p>
+          <p>Upgrade/downgrade from/to 4.13.5 did not work for the net-if 
+            process. This has now been fixed. </p>
+          <p>Own Id: OTP-8481</p>
+        </item>
+
+        <item>
+          <p>[agent] A minor mnesia related performance improvement. </p>
+          <p>Own Id: OTP-8480</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+    </section>
+  </section> <!-- 4.16.1 -->
+
+
+  <section>
+    <title>SNMP Development Toolkit 4.16</title>
+    <p>Version 4.16 supports code replacement in runtime from/to
+      version 4.15, 4.14 and 4.13.5.</p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <!-- 
+      <p>-</p> 
+      -->
+      <list type="bulleted">
+        <item>
+          <p>[agent|manager] Entries in the audit trail log can now be 
+            augmented by a sequence number. </p>
+          <p>This is enabled by the <c>seqno</c> option, which is part of the 
+            <seealso marker="snmp_config#audit_trail_log">Audit Trail Log</seealso> 
+            config option. </p>
+          <p>See the 
+            <seealso marker="snmp_app#configuration_params">reference manual</seealso> 
+            or the 
+            <seealso marker="snmp_config#configuration_params">Configuring the application</seealso> 
+            chapter of the User's Guide for further info. </p> 
+
+          <p>Own Id: OTP-8395</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Reported Fixed Bugs and Malfunctions</title>
+      <!-- 
+      <p>-</p>
+      -->
+
+      <list type="bulleted">
+        <item>
+          <p>[manager] Registration of agents using the config file, 
+            <seealso marker="snmp_manager_config_files#agents">agents.conf</seealso>, 
+            does not work. This has now been corrected. </p>
+          <p>Per Hedeland</p>
+          <p>Own Id: OTP-8442</p>
+        </item>
+
+        <item>
+          <p>The config utility 
+            (<seealso marker="snmp#config">snmp:config/0</seealso>)
+            generated a default notify.conf 
+            with a bad name for the standard trap entry (was "stadard trap", 
+            but should have been "standard trap"). This has been corrected. </p>
+          <p>Kenji Rikitake</p>
+          <p>Own Id: OTP-8433</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+    </section>
+  </section> <!-- 4.16 -->
+
+
+  <section>
+    <title>SNMP Development Toolkit 4.15</title>
+
+    <p>Version 4.15 supports code replacement in runtime from/to
+      version 4.14 and 4.13.5.</p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <!-- 
+      <p>-</p> 
+      -->
+
+      <list type="bulleted">
+        <item>
+          <p>The documentation is now built with open source tools 
+            (<em>xsltproc</em> and <em>fop</em>) that exists on most 
+            platforms. One visible change is that the frames are removed.</p>
+          <p>Own Id: OTP-8249</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Reported Fixed Bugs and Malfunctions</title>
+      <!-- 
+      <p>-</p>
+      -->
+      <list type="bulleted">
+        <item>
+          <p>[manager] When information from an unknown agent is received,
+            it was previously delivered to the default user via calls to all
+            the functions of the callback API depending on the info type
+            (<c>pdu</c>, <c>trap</c>, <c>report</c> or <c>inform</c>). 
+            The problem was that the <c>TargetName</c> argument was useless 
+            in this case (only an already known agent has a known/valid 
+            <c>TargetName</c>, but the <c>TargetName</c> used in these calls
+            was generated "on the fly"). </p>
+          <p>This has now been changed so that when a message is received 
+            from an unknown agent, then only 
+            <seealso marker="snmpm_user#handle_agent">handle_agent</seealso>
+            (for the default user) is called, but now this call also has a 
+            <c>Type</c> argument, which is 
+            <c>pdu | trap | report | inform</c>, depending on what kind of 
+            message was actually received, thus making it possible for the 
+            user to properly analyze the data received. </p>
+	  <p>To handle this, the 
+            <seealso marker="snmpm_user">snmpm_user</seealso> behaviour has 
+            been updated. </p>
+	  <p>*** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>Own Id: OTP-8229</p>
+	  <!-- <p>Aux Id: Seq 11312</p> -->
+        </item>
+
+      </list>
+
+    </section>
+
+  </section> <!-- 4.15 -->
+
+
+  <section>
     <title>SNMP Development Toolkit 4.14</title>
 
     <p>Version 4.14 supports code replacement in runtime from/to
diff --git a/lib/snmp/doc/src/snmp_app.xml b/lib/snmp/doc/src/snmp_app.xml
index 694e619da1..f6abe783b3 100644
--- a/lib/snmp/doc/src/snmp_app.xml
+++ b/lib/snmp/doc/src/snmp_app.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE appref SYSTEM "appref.dtd">
 
 <appref>
   <header>
     <copyright>
-      <year>1997</year><year>2010</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -78,7 +78,15 @@
       ].
     </pre>
 
-    <!-- The info below is also found in the snmp_config.xml file -->
+
+    <!-- 
+	 ********************************************************
+
+	 The info below is also found in the snmp_config.xml file 
+
+	 ********************************************************
+    -->
+
 
     <p>Each snmp component has its own set of configuration parameters,
       even though some of the types are common to both components. </p>
@@ -92,6 +100,7 @@
                        {agent_verbosity,  verbosity()}        |  
                        {discovery,        agent_discovery()}  |  
                        {versions,         versions()}         |  
+                       {gb_max_vbs,       gb_max_vbs()}       |  
                        {priority,         priority()}         |  
                        {multi_threaded,   multi_threaded()}   |  
                        {db_dir,           db_dir()}           |  
@@ -122,8 +131,10 @@
                          {def_user_data,            def_user_data()}
     </pre>
 
+    <marker id="agent_opts_and_types"></marker>
     <p>Agent specific config options and types:</p>
     <taglist>
+      <marker id="agent_type"></marker>
       <tag><c><![CDATA[agent_type() = master | sub <optional>]]></c></tag>
       <item>
         <p>If <c>master</c>, one master agent is
@@ -131,6 +142,7 @@
         <p>Default is <c>master</c>.</p>
       </item>
 
+      <marker id="agent_disco"></marker>
       <tag><c><![CDATA[agent_discovery() = [agent_discovery_opt()] <optional>]]></c></tag>
       <item>
         <p><c>agent_discovery_opt() = 
@@ -143,6 +155,7 @@
         <p>For defaults see the options in <c>agent_discovery_opt()</c>.</p>
       </item>
 
+      <marker id="agent_term_disco_opts"></marker>
       <tag><c><![CDATA[agent_terminating_discovery_opts() = [agent_terminating_discovery_opt()] <optional>]]></c></tag>
       <item>
         <p><c>agent_terminating_discovery_opt() = 
@@ -160,6 +173,7 @@
         </list>
       </item>
 
+      <marker id="agent_orig_disco_opts"></marker>
       <tag><c><![CDATA[agent_originating_discovery_opts() = [agent_originating_discovery_opt()] <optional>]]></c></tag>
       <item>
         <p><c>agent_originating_discovery_opt() = 
@@ -173,6 +187,7 @@
         </list>
       </item>
 
+      <marker id="agent_mt"></marker>
       <tag><c><![CDATA[multi_threaded() = bool() <optional>]]></c></tag>
       <item>
         <p>If <c>true</c>, the agent is multi-threaded, with one
@@ -180,11 +195,21 @@
         <p>Default is <c>false</c>.</p>
       </item>
 
+      <marker id="agent_data_dir"></marker>
       <tag><c><![CDATA[db_dir() = string() <mandatory>]]></c></tag>
       <item>
         <p>Defines where the SNMP agent internal db files are stored.</p>
       </item>
 
+      <marker id="agent_gb_max_vbs"></marker>
+      <tag><c><![CDATA[gb_max_vbs() = pos_integer() | infinity <optional>]]></c></tag>
+      <item>
+        <p>Defines the maximum number of varbinds allowed 
+	in a Get-BULK response.</p>
+        <p>Default is <c>1000</c>.</p>
+      </item>
+
+      <marker id="agent_local_db"></marker>
       <tag><c><![CDATA[local_db() = [local_db_opt()] <optional>]]></c></tag>
       <item>
         <p><c>local_db_opt() = {repair, agent_repair()} | {auto_save, agent_auto_save()} |   {verbosity, verbosity()}</c></p>
@@ -192,6 +217,7 @@
         <p>For defaults see the options in <c>local_db_opt()</c>.</p>
       </item>
 
+      <marker id="agent_ldb_repair"></marker>
       <tag><c><![CDATA[agent_repair() = false | true | force <optional>]]></c></tag>
       <item>
         <p>When starting snmpa_local_db it always tries to open an
@@ -202,6 +228,7 @@
         <p>Default is <c>true</c>.</p>
       </item>
 
+      <marker id="agent_ldb_auto_save"></marker>
       <tag><c><![CDATA[agent_auto_save() = integer() | infinity <optional>]]></c></tag>
       <item>
         <p>The auto save interval. The table is flushed to disk
@@ -209,6 +236,7 @@
         <p>Default is <c>5000</c>.</p>
       </item>
 
+      <marker id="agent_net_if"></marker>
       <tag><c><![CDATA[agent_net_if() = [agent_net_if_opt()] <optional>]]></c></tag>
       <item>
         <p><c>agent_net_if_opt() = {module, agent_net_if_module()} |  {verbosity, verbosity()} |  {options, agent_net_if_options()}</c></p>
@@ -217,6 +245,7 @@
         <p>For defaults see the options in <c>agent_net_if_opt()</c>.</p>
       </item>
 
+      <marker id="agent_ni_module"></marker>
       <tag><c><![CDATA[agent_net_if_module() = atom() <optional>]]></c></tag>
       <item>
         <p>Module which handles the network interface part for the
@@ -225,6 +254,7 @@
         <p>Default is <c>snmpa_net_if</c>.</p>
       </item>
 
+      <marker id="agent_ni_opts"></marker>
       <tag><c><![CDATA[agent_net_if_options() = [agent_net_if_option()] <optional>]]></c></tag>
       <item>
         <p><c>agent_net_if_option() = {bind_to, bind_to()} |  
@@ -239,12 +269,14 @@
         <p>For defaults see the options in <c>agent_net_if_option()</c>.</p>
       </item>
 
+      <marker id="agent_ni_req_limit"></marker>
       <tag><c><![CDATA[req_limit() = integer() | infinity <optional>]]></c></tag>
       <item>
         <p>Max number of simultaneous requests handled by the agent.</p>
         <p>Default is <c>infinity</c>.</p>
       </item>
 
+      <marker id="agent_ni_filter_opts"></marker>
       <tag><c><![CDATA[agent_net_if_filter_options() = [agent_net_if_filter_option()] <optional>]]></c></tag>
       <item>
 	<p><c>agent_net_if_filter_option() = {module, agent_net_if_filter_module()}</c></p>
@@ -255,6 +287,7 @@
           <c>agent_net_if_filter_option()</c>.</p>
       </item>
 
+      <marker id="agent_ni_filter_module"></marker>
       <tag><c><![CDATA[agent_net_if_filter_module() = atom() <optional>]]></c></tag>
       <item>
 	<p>Module which handles the network interface filter part for the
@@ -263,6 +296,7 @@
 	<p>Default is <c>snmpa_net_if_filter</c>.</p>
       </item>
 
+      <marker id="agent_mibs"></marker>
       <tag><c><![CDATA[agent_mibs() = [string()] <optional>]]></c></tag>
       <item>
         <p>Specifies a list of MIBs (including path) that defines which MIBs
@@ -277,6 +311,7 @@
         <p>Default is <c>[]</c>.</p>
       </item>
 
+      <marker id="agent_mib_storage"></marker>
       <tag><c><![CDATA[mib_storage() = ets | {ets, Dir} | {ets, Dir, Action} | dets | {dets, Dir} | {dets, Dir, Action} | mnesia | {mnesia, Nodes} | {mnesia, Nodes, Action} <optional>]]></c></tag>
       <item>
         <p>Specifies how info retrieved from the mibs will be stored.</p>
@@ -302,6 +337,7 @@
           mnesia/dets table already exist.</p>
       </item>
 
+      <marker id="agent_mib_server"></marker>
       <tag><c><![CDATA[mib_server() = [mib_server_opt()] <optional>]]></c></tag>
       <item>
         <p><c>mib_server_opt() = {mibentry_override, mibentry_override()} |  {trapentry_override, trapentry_override()} |  {verbosity, verbosity()} | {cache, mibs_cache()}</c></p>
@@ -309,6 +345,7 @@
         <p>For defaults see the options in <c>mib_server_opt()</c>.</p>
       </item>
 
+      <marker id="agent_ms_meo"></marker>
       <tag><c><![CDATA[mibentry_override() = bool() <optional>]]></c></tag>
       <item>
         <p>If this value is false, then when loading a mib each mib-
@@ -318,6 +355,7 @@
         <p>Default is <c>false</c>.</p>
       </item>
 
+      <marker id="agent_ms_teo"></marker>
       <tag><c><![CDATA[trapentry_override() = bool() <optional>]]></c></tag>
       <item>
         <p>If this value is false, then when loading a mib each trap
@@ -327,6 +365,7 @@
         <p>Default is <c>false</c>.</p>
       </item>
 
+      <marker id="agent_ms_cache"></marker>
       <tag><c><![CDATA[mibs_cache() = bool() | mibs_cache_opts() <optional>]]></c></tag>
       <item>
         <p>Shall the agent utilize the mib server lookup cache or not.</p>
@@ -334,6 +373,7 @@
           default values apply).</p>
       </item>
 
+      <marker id="agent_ms_cache_opts"></marker>
       <tag><c><![CDATA[mibs_cache_opts() = [mibs_cache_opt()] <optional>]]></c></tag>
       <item>
         <p><c>mibs_cache_opt() = {autogc, mibs_cache_autogc()} | {gclimit, mibs_cache_gclimit()} | {age, mibs_cache_age()}</c></p>
@@ -341,6 +381,7 @@
         <p>For defaults see the options in <c>mibs_cache_opt()</c>.</p>
       </item>
 
+      <marker id="agent_ms_cache_autogc"></marker>
       <tag><c><![CDATA[mibs_cache_autogc() = bool() <optional>]]></c></tag>
       <item>
         <p>Defines if the mib server shall perform cache gc automatically or 
@@ -349,6 +390,7 @@
         <p>Default is <c>true</c>.</p>
       </item>
 
+      <marker id="agent_ms_cache_age"></marker>
       <tag><c><![CDATA[mibs_cache_age() = integer() > 0 <optional>]]></c></tag>
       <item>
         <p>Defines how old the entries in the cache will be allowed before 
@@ -358,6 +400,7 @@
         <p>Default is <c>10 timutes</c>.</p>
       </item>
 
+      <marker id="agent_ms_cache_gclimit"></marker>
       <tag><c><![CDATA[mibs_cache_gclimit() = integer() > 0 | infinity <optional>]]></c></tag>
       <item>
         <p>When performing a GC, this is the max number of cache entries 
@@ -368,6 +411,7 @@
         <p>Default is <c>100</c>.</p>
       </item>
 
+      <marker id="agent_error_report_mod"></marker>
       <tag><c><![CDATA[error_report_mod() = atom() <optional>]]></c></tag>
       <item>
         <p>Defines an error report module, implementing the 
@@ -377,6 +421,7 @@
         <p>Default is <c>snmpa_error_logger</c>.</p>
       </item>
 
+      <marker id="agent_symbolic_store"></marker>
       <tag><c>symbolic_store() = [symbolic_store_opt()]</c></tag>
       <item>
         <p><c>symbolic_store_opt() = {verbosity, verbosity()}</c></p>
@@ -384,23 +429,29 @@
         <p>For defaults see the options in <c>symbolic_store_opt()</c>.</p>
       </item>
 
+      <marker id="agent_target_cache"></marker>
       <tag><c>target_cache() = [target_cache_opt()]</c></tag>
       <item>
         <p><c>target_cache_opt() = {verbosity, verbosity()}</c></p>
         <p>Defines options specific for the SNMP agent target cache. </p>
         <p>For defaults see the options in <c>target_cache_opt()</c>.</p>
       </item>
+
+      <marker id="agent_config"></marker>
       <tag><c><![CDATA[agent_config() = [agent_config_opt()] <mandatory>]]></c></tag>
       <item>
         <p><c>agent_config_opt() = {dir, agent_config_dir()} |  {force_load, force_load()} | {verbosity, verbosity()}</c></p>
         <p>Defines specific config related options for the SNMP agent. </p>
         <p>For defaults see the options in <c>agent_config_opt()</c>.</p>
       </item>
+
+      <marker id="agent_config_dir"></marker>
       <tag><c><![CDATA[agent_config_dir = dir() <mandatory>]]></c></tag>
       <item>
         <p>Defines where the SNMP agent configuration files are stored.</p>
       </item>
 
+      <marker id="agent_force_load"></marker>
       <tag><c><![CDATA[force_load() = bool() <optional>]]></c></tag>
       <item>
         <p>If <c>true</c> the configuration files are re-read
@@ -412,14 +463,18 @@
       </item>
     </taglist>
 
+    <marker id="manager_opts_and_types"></marker>
     <p>Manager specific config options and types:</p>
     <taglist>
+      <marker id="manager_server"></marker>
       <tag><c><![CDATA[server() = [server_opt()] <optional>]]></c></tag>
       <item>
         <p><c>server_opt() = {timeout, server_timeout()} |  {verbosity, verbosity()}</c></p>
         <p>Specifies the options for the manager server process.</p>
         <p>Default is <c>silence</c>.</p>
       </item>
+
+      <marker id="manager_server_timeout"></marker>
       <tag><c><![CDATA[server_timeout() = integer() <optional>]]></c></tag>
       <item>
         <p>Asynchroneous request cleanup time. For every requests, 
@@ -440,6 +495,7 @@
         <p>Default is <c>30000</c>.</p>
       </item>
 
+      <marker id="manager_config"></marker>
       <tag><c><![CDATA[manager_config() = [manager_config_opt()] <mandatory>]]></c></tag>
       <item>
         <p><c>manager_config_opt() = {dir, manager_config_dir()} |  {db_dir, manager_db_dir()} |  {db_init_error, db_init_error()} |  {repair, manager_repair()} |  {auto_save, manager_auto_save()} |  {verbosity, verbosity()}</c></p>
@@ -447,16 +503,19 @@
         <p>For defaults see the options in <c>manager_config_opt()</c>.</p>
       </item>
 
+      <marker id="manager_config_dir"></marker>
       <tag><c><![CDATA[manager_config_dir = dir() <mandatory>]]></c></tag>
       <item>
         <p>Defines where the SNMP manager configuration files are stored.</p>
       </item>
 
+      <marker id="manager_config_db_dir"></marker>
       <tag><c><![CDATA[manager_db_dir = dir() <mandatory>]]></c></tag>
       <item>
         <p>Defines where the SNMP manager store persistent data.</p>
       </item>
 
+      <marker id="manager_config_repair"></marker>
       <tag><c><![CDATA[manager_repair() = false | true | force <optional>]]></c></tag>
       <item>
         <p>Defines the repair option for the persistent database (if 
@@ -464,6 +523,7 @@
         <p>Default is <c>true</c>.</p>
       </item>
 
+      <marker id="manager_config_auto_save"></marker>
       <tag><c><![CDATA[manager_auto_save() = integer() | infinity <optional>]]></c></tag>
       <item>
         <p>The auto save interval. The table is flushed to disk
@@ -471,6 +531,7 @@
         <p>Default is <c>5000</c>.</p>
       </item>
 
+      <marker id="manager_irb"></marker>
       <tag><c><![CDATA[manager_irb() = auto | user | {user, integer()} <optional>]]></c></tag>
       <item>
         <p>This option defines how the manager will handle the sending of 
@@ -500,6 +561,7 @@
         <p>Default is <c>auto</c>.</p>
       </item>
 
+      <marker id="manager_mibs"></marker>
       <tag><c><![CDATA[manager_mibs() = [string()] <optional>]]></c></tag>
       <item>
         <p>Specifies a list of MIBs (including path) and defines which MIBs
@@ -507,6 +569,7 @@
         <p>Default is <c>[]</c>.</p>
       </item>
 
+      <marker id="manager_net_if"></marker>
       <tag><c><![CDATA[manager_net_if() = [manager_net_if_opt()] <optional>]]></c></tag>
       <item>
         <p><c>manager_net_if_opt() = {module, manager_net_if_module()} | 
@@ -517,6 +580,7 @@
         <p>For defaults see the options in <c>manager_net_if_opt()</c>.</p>
       </item>
 
+      <marker id="manager_ni_opts"></marker>
       <tag><c><![CDATA[manager_net_if_options() = [manager_net_if_option()] <optional>]]></c></tag>
       <item>
         <p><c>manager_net_if_option() = {bind_to, bind_to()} | 
@@ -530,6 +594,7 @@
         <p>For defaults see the options in <c>manager_net_if_option()</c>.</p>
       </item>
 
+      <marker id="manager_ni_module"></marker>
       <tag><c><![CDATA[manager_net_if_module() = atom() <optional>]]></c></tag>
       <item>
         <p>Module which handles the network interface part for the
@@ -538,6 +603,7 @@
         <p>Default is <c>snmpm_net_if</c>.</p>
       </item>
 
+      <marker id="manager_ni_filter_opts"></marker>
       <tag><c><![CDATA[manager_net_if_filter_options() = [manager_net_if_filter_option()] <optional>]]></c></tag>
       <item>
 	<p><c>manager_net_if_filter_option() = {module, manager_net_if_filter_module()}</c></p>
@@ -548,6 +614,7 @@
           <c>manager_net_if_filter_option()</c>.</p>
       </item>
 
+      <marker id="manager_ni_filter_module"></marker>
       <tag><c><![CDATA[manager_net_if_filter_module() = atom() <optional>]]></c></tag>
       <item>
 	<p>Module which handles the network interface filter part for the
@@ -556,6 +623,7 @@
 	<p>Default is <c>snmpm_net_if_filter</c>.</p>
       </item>
 
+      <marker id="manager_def_user_module"></marker>
       <tag><c><![CDATA[def_user_module() = atom() <optional>]]></c></tag>
       <item>
         <p>The module implementing the default user. See the 
@@ -563,6 +631,7 @@
         <p>Default is <c>snmpm_user_default</c>.</p>
       </item>
 
+      <marker id="manager_def_user_data"></marker>
       <tag><c><![CDATA[def_user_data() = term() <optional>]]></c></tag>
       <item>
         <p>Data for the default user. Passed to the user module when 
@@ -571,8 +640,10 @@
       </item>
     </taglist>
 
+    <marker id="common_types"></marker>
     <p>Common config types:</p>
     <taglist>
+      <marker id="restart_type"></marker>
       <tag><c>restart_type() = permanent | transient | temporary</c></tag>
       <item>
         <p>See <seealso marker="stdlib:supervisor#child_spec">supervisor</seealso> 
@@ -580,6 +651,8 @@
         <p>Default is <c>permanent</c> for the agent and <c>transient</c>
           for the manager.</p>
       </item>
+
+      <marker id="db_init_error"></marker>
       <tag><c>db_init_error() = terminate | create</c></tag>
       <item>
         <p>Defines what to do if the agent or manager is unable to open an
@@ -588,23 +661,31 @@
           agent/manager will remove the faulty file(s) and create new ones.</p>
         <p>Default is <c>terminate</c>.</p>
       </item>
+
+      <marker id="prio"></marker>
       <tag><c><![CDATA[priority() = atom() <optional>]]></c></tag>
       <item>
         <p>Defines the Erlang priority for all SNMP processes.</p>
         <p>Default is <c>normal</c>.</p>
       </item>
+
+      <marker id="versions"></marker>
       <tag><c><![CDATA[versions() = [version()] <optional>]]></c></tag>
       <item>
         <p><c>version() = v1 | v2 | v3</c></p>
         <p>Which SNMP versions shall be accepted/used.</p>
         <p>Default is <c>[v1,v2,v3]</c>.</p>
       </item>
+
+      <marker id="verbosity"></marker>
       <tag><c><![CDATA[verbosity() = silence | info | log | debug | trace <optional>]]></c></tag>
       <item>
         <p>Verbosity for a SNMP process. This specifies now much debug info
           is printed.</p>
         <p>Default is <c>silence</c>.</p>
       </item>
+
+      <marker id="bind_to"></marker>
       <tag><c><![CDATA[bind_to() = bool() <optional>]]></c></tag>
       <item>
         <p>If <c>true</c>, net_if binds to the IP address.
@@ -612,6 +693,8 @@
           where it is running. </p>
         <p>Default is <c>false</c>.</p>
       </item>
+
+      <marker id="no_reuse"></marker>
       <tag><c><![CDATA[no_reuse() = bool() <optional>]]></c></tag>
       <item>
         <p>If <c>true</c>, net_if does not specify that the IP
@@ -619,22 +702,30 @@
           the address is set to reusable. </p>
         <p>Default is <c>false</c>.</p>
       </item>
+
+      <marker id="recbuf"></marker>
       <tag><c><![CDATA[recbuf() = integer() <optional>]]></c></tag>
       <item>
         <p>Receive buffer size. </p>
         <p>Default value is defined by <c>gen_udp</c>.</p>
       </item>
+
+      <marker id="sndbuf"></marker>
       <tag><c><![CDATA[sndbuf() = integer() <optional>]]></c></tag>
       <item>
         <p>Send buffer size. </p>
         <p>Default value is defined by <c>gen_udp</c>.</p>
       </item>
+
+      <marker id="note_store"></marker>
       <tag><c><![CDATA[note_store() = [note_store_opt()] <optional>]]></c></tag>
       <item>
         <p><c>note_store_opt() = {timeout, note_store_timeout()} |  {verbosity, verbosity()}</c></p>
         <p>Specifies the start-up verbosity for the SNMP note store.</p>
         <p>For defaults see the options in <c>note_store_opt()</c>.</p>
       </item>
+
+      <marker id="ns_timeout"></marker>
       <tag><c><![CDATA[note_store_timeout() = integer() <optional>]]></c></tag>
       <item>
         <p>Note cleanup time. When storing a note in the note store,
@@ -643,9 +734,9 @@
           milli-seconds.</p>
         <p>Default is <c>30000</c>.</p>
 
-      <marker id="audit_trail_log"></marker>
       </item>
 
+      <marker id="audit_trail_log"></marker>
       <tag><c><![CDATA[audit_trail_log() = [audit_trail_log_opt()] <optional>]]></c></tag>
       <item>
         <p><c>audit_trail_log_opt() = {type, atl_type()} | {dir, atl_dir()} |  {size, atl_size()} |  {repair, atl_repair()} | {seqno, atl_seqno()}</c></p>
@@ -655,6 +746,8 @@
           <c>size</c> options are mandatory.</p>
         <p>If not present, audit trail logging is not used.</p>
       </item>
+
+      <marker id="atl_type"></marker>
       <tag><c><![CDATA[atl_type() = read | write | read_write <optional>]]></c></tag>
       <item>
         <p>Specifies what type of an audit trail log should be used. 
@@ -675,12 +768,16 @@
         </list>
         <p>Default is <c>read_write</c>.</p>
       </item>
+
+      <marker id="atl_dir"></marker>
       <tag><c><![CDATA[atl_dir = dir() <mandatory>]]></c></tag>
       <item>
         <p>Specifies where the audit trail log should be stored.</p>
         <p>If <c>audit_trail_log</c> specifies that logging should take
           place, this parameter <em>must</em> be defined.</p>
       </item>
+
+      <marker id="atl_size"></marker>
       <tag><c><![CDATA[atl_size() = {integer(), integer()} <mandatory>]]></c></tag>
       <item>
         <p>Specifies the size of the audit
@@ -688,6 +785,8 @@
         <p>If <c>audit_trail_log</c> specifies that logging should 
           take place, this parameter <em>must</em> be defined.</p>
       </item>
+
+      <marker id="atl_repair"></marker>
       <tag><c><![CDATA[atl_repair() = true | false | truncate | snmp_repair <optional>]]></c></tag>
       <item>
         <p>Specifies if and how the audit trail log shall be repaired
@@ -699,6 +798,8 @@
           analysis.</p>
         <p>Default is <c>true</c>.</p>
       </item>
+
+      <marker id="atl_seqno"></marker>
       <tag><c><![CDATA[atl_seqno() = true | false <optional>]]></c></tag>
       <item>
         <p>Specifies if the audit trail log entries will be (sequence)
diff --git a/lib/snmp/doc/src/snmp_config.xml b/lib/snmp/doc/src/snmp_config.xml
index fc8562b638..0a49b7a62e 100644
--- a/lib/snmp/doc/src/snmp_config.xml
+++ b/lib/snmp/doc/src/snmp_config.xml
@@ -40,6 +40,7 @@
     <item>starting the application (agent and/or manager)</item>
     <item>debugging the application (agent and/or manager)</item>
   </list>
+
   <p>Refer also to the chapter(s) 
     <seealso marker="snmp_agent_config_files">Definition of Agent  Configuration Files</seealso> and  
     <seealso marker="snmp_manager_config_files">Definition of Manager  Configuration Files</seealso> which contains more detailed information 
@@ -73,7 +74,14 @@
       </item>
     </list>
 
-    <!-- The info below is also found in the snmp_app.xml file -->
+
+    <!-- 
+	 *****************************************************
+
+	 The info below is also found in the snmp_app.xml file 
+
+	 *****************************************************
+    -->
 
     <p>The agent and manager uses (application) configuration parameters to 
       find out where these directories are located. The parameters should be
@@ -87,6 +95,7 @@
                        {agent_verbosity,  verbosity()}        |  
                        {versions,         versions()}         |  
                        {discovery,        agent_discovery()}  |  
+                       {gb_max_vbs,       gb_max_vbs()}       |  
                        {priority,         priority()}         |  
                        {multi_threaded,   multi_threaded()}   |  
                        {db_dir,           db_dir()}           |  
@@ -117,8 +126,10 @@
                          {def_user_data,            def_user_data()}
     </pre>
 
+    <marker id="agent_opts_and_types"></marker>
     <p>Agent specific config options and types:</p>
     <taglist>
+      <marker id="agent_type"></marker>
       <tag><c><![CDATA[agent_type() = master | sub <optional>]]></c></tag>
       <item>
         <p>If <c>master</c>, one master agent is
@@ -126,6 +137,7 @@
         <p>Default is <c>master</c>.</p>
       </item>
 
+      <marker id="agent_disco"></marker>
       <tag><c><![CDATA[agent_discovery() = [agent_discovery_opt()] <optional>]]></c></tag>
       <item>
         <p><c>agent_discovery_opt() = 
@@ -138,6 +150,7 @@
         <p>For defaults see the options in <c>agent_discovery_opt()</c>.</p>
       </item>
 
+      <marker id="agent_term_disco_opts"></marker>
       <tag><c><![CDATA[agent_terminating_discovery_opts() = [agent_terminating_discovery_opt()] <optional>]]></c></tag>
       <item>
         <p><c>agent_terminating_discovery_opt() = 
@@ -155,6 +168,7 @@
         </list>
       </item>
 
+      <marker id="agent_orig_disco_opts"></marker>
       <tag><c><![CDATA[agent_originating_discovery_opts() = [agent_originating_discovery_opt()] <optional>]]></c></tag>
       <item>
         <p><c>agent_originating_discovery_opt() = 
@@ -168,6 +182,7 @@
         </list>
       </item>
 
+      <marker id="agent_mt"></marker>
       <tag><c><![CDATA[multi_threaded() = bool() <optional>]]></c></tag>
       <item>
         <p>If <c>true</c>, the agent is multi-threaded, with one
@@ -175,11 +190,21 @@
         <p>Default is <c>false</c>.</p>
       </item>
 
+      <marker id="agent_data_dir"></marker>
       <tag><c><![CDATA[db_dir() = string() <mandatory>]]></c></tag>
       <item>
         <p>Defines where the SNMP agent internal db files are stored.</p>
       </item>
 
+      <marker id="agent_gb_max_vbs"></marker>
+      <tag><c><![CDATA[gb_max_vbs() = pos_integer() | infinity <optional>]]></c></tag>
+      <item>
+        <p>Defines the maximum number of varbinds allowed 
+	in a Get-BULK response.</p>
+        <p>Default is <c>1000</c>.</p>
+      </item>
+
+      <marker id="agent_local_db"></marker>
       <tag><c><![CDATA[local_db() = [local_db_opt()] <optional>]]></c></tag>
       <item>
         <p><c>local_db_opt() = {repair, agent_repair()} | {auto_save, agent_auto_save()} |   {verbosity, verbosity()}</c></p>
@@ -187,6 +212,7 @@
         <p>For defaults see the options in <c>local_db_opt()</c>.</p>
       </item>
 
+      <marker id="agent_ldb_repair"></marker>
       <tag><c><![CDATA[agent_repair() = false | true | force <optional>]]></c></tag>
       <item>
         <p>When starting snmpa_local_db it always tries to open an
@@ -197,6 +223,7 @@
         <p>Default is <c>true</c>.</p>
       </item>
 
+      <marker id="agent_ldb_auto_save"></marker>
       <tag><c><![CDATA[agent_auto_save() = integer() | infinity <optional>]]></c></tag>
       <item>
         <p>The auto save interval. The table is flushed to disk
@@ -204,6 +231,7 @@
         <p>Default is <c>5000</c>.</p>
       </item>
 
+      <marker id="agent_net_if"></marker>
       <tag><c><![CDATA[agent_net_if() = [agent_net_if_opt()] <optional>]]></c></tag>
       <item>
         <p><c>agent_net_if_option() = {module, agent_net_if_module()} | 
@@ -214,6 +242,7 @@
         <p>For defaults see the options in <c>agent_net_if_opt()</c>.</p>
       </item>
 
+      <marker id="agent_ni_module"></marker>
       <tag><c><![CDATA[agent_net_if_module() = atom() <optional>]]></c></tag>
       <item>
         <p>Module which handles the network interface part for the
@@ -222,6 +251,7 @@
         <p>Default is <c>snmpa_net_if</c>.</p>
       </item>
 
+      <marker id="agent_ni_opts"></marker>
       <tag><c><![CDATA[agent_net_if_options() = [agent_net_if_option()] <optional>]]></c></tag>
       <item>
         <p><c>agent_net_if_option() = {bind_to, bind_to()} |  
@@ -236,6 +266,14 @@
         <p>For defaults see the options in <c>agent_net_if_option()</c>.</p>
       </item>
 
+      <marker id="agent_ni_req_limit"></marker>
+      <tag><c><![CDATA[req_limit() = integer() | infinity <optional>]]></c></tag>
+      <item>
+        <p>Max number of simultaneous requests handled by the agent.</p>
+        <p>Default is <c>infinity</c>.</p>
+      </item>
+
+      <marker id="agent_ni_filter_opts"></marker>
       <tag><c><![CDATA[agent_net_if_filter_options() = [agent_net_if_filter_option()] <optional>]]></c></tag>
       <item>
 	<p><c><![CDATA[agent_net_if_filter_option() = {module, agent_net_if_filter_module()}]]></c></p>
@@ -245,6 +283,7 @@
 	<p>For defaults see the options in <c>agent_net_if_filter_option()</c>.</p>
       </item>
 
+      <marker id="agent_ni_filter_module"></marker>
       <tag><c><![CDATA[agent_net_if_filter_module() = atom() <optional>]]></c></tag>
       <item>
 	<p>Module which handles the network interface filter part for the
@@ -254,12 +293,7 @@
 	<p>Default is <c>snmpa_net_if_filter</c>.</p>
       </item>
 
-      <tag><c><![CDATA[req_limit() = integer() | infinity <optional>]]></c></tag>
-      <item>
-        <p>Max number of simultaneous requests handled by the agent.</p>
-        <p>Default is <c>infinity</c>.</p>
-      </item>
-
+      <marker id="agent_mibs"></marker>
       <tag><c><![CDATA[agent_mibs() = [string()] <optional>]]></c></tag>
       <item>
         <p>Specifies a list of MIBs (including path) that defines which MIBs
@@ -274,6 +308,7 @@
         <p>Default is <c>[]</c>.</p>
       </item>
 
+      <marker id="agent_mib_storage"></marker>
       <tag><c><![CDATA[mib_storage() = ets | {ets, Dir} | {ets, Dir, Action} | dets | {dets, Dir} | {dets, Dir, Action} | mnesia | {mnesia, Nodes} | {mnesia, Nodes, Action} <optional>]]></c></tag>
       <item>
         <p>Specifies how info retrieved from the mibs will be stored.</p>
@@ -299,6 +334,7 @@
           mnesia/dets table already exist.</p>
       </item>
 
+      <marker id="agent_mib_server"></marker>
       <tag><c><![CDATA[mib_server() = [mib_server_opt()] <optional>]]></c></tag>
       <item>
         <p><c>mib_server_opt() = {mibentry_override, mibentry_override()} |  {trapentry_override, trapentry_override()} |  {verbosity, verbosity()} | {cache, mibs_cache()}</c></p>
@@ -306,6 +342,7 @@
         <p>For defaults see the options in <c>mib_server_opt()</c>.</p>
       </item>
 
+      <marker id="agent_ms_meo"></marker>
       <tag><c><![CDATA[mibentry_override() = bool() <optional>]]></c></tag>
       <item>
         <p>If this value is false, then when loading a mib each mib-
@@ -315,6 +352,7 @@
         <p>Default is <c>false</c>.</p>
       </item>
 
+      <marker id="agent_ms_teo"></marker>
       <tag><c><![CDATA[trapentry_override() = bool() <optional>]]></c></tag>
       <item>
         <p>If this value is false, then when loading a mib each trap
@@ -324,6 +362,7 @@
         <p>Default is <c>false</c>.</p>
       </item>
 
+      <marker id="agent_ms_cache"></marker>
       <tag><c><![CDATA[mibs_cache() = bool() | mibs_cache_opts() <optional>]]></c></tag>
       <item>
         <p>Shall the agent utilize the mib server lookup cache or not.</p>
@@ -331,6 +370,7 @@
           default values apply).</p>
       </item>
 
+      <marker id="agent_ms_cache_opts"></marker>
       <tag><c><![CDATA[mibs_cache_opts() = [mibs_cache_opt()] <optional>]]></c></tag>
       <item>
         <p><c>mibs_cache_opt() = {autogc, mibs_cache_autogc()} | {gclimit, mibs_cache_gclimit()} | {age, mibs_cache_age()}</c></p>
@@ -338,6 +378,7 @@
         <p>For defaults see the options in <c>mibs_cache_opt()</c>.</p>
       </item>
 
+      <marker id="agent_ms_cache_autogc"></marker>
       <tag><c><![CDATA[mibs_cache_autogc() = bool() <optional>]]></c></tag>
       <item>
         <p>Defines if the mib server shall perform cache gc automatically or 
@@ -346,6 +387,7 @@
         <p>Default is <c>true</c>.</p>
       </item>
 
+      <marker id="agent_ms_cache_age"></marker>
       <tag><c><![CDATA[mibs_cache_age() = integer() > 0 <optional>]]></c></tag>
       <item>
         <p>Defines how old the entries in the cache will be allowed before 
@@ -355,6 +397,7 @@
         <p>Default is <c>10 timutes</c>.</p>
       </item>
 
+      <marker id="agent_ms_cache_gclimit"></marker>
       <tag><c><![CDATA[mibs_cache_gclimit() = integer() > 0 | infinity <optional>]]></c></tag>
       <item>
         <p>When performing a GC, this is the max number of cache entries 
@@ -365,6 +408,7 @@
         <p>Default is <c>100</c>.</p>
       </item>
 
+      <marker id="agent_error_report_mod"></marker>
       <tag><c><![CDATA[error_report_mod() = atom() <optional>]]></c></tag>
       <item>
         <p>Defines an error report module, implementing the 
@@ -374,6 +418,7 @@
         <p>Default is <c>snmpa_error_logger</c>.</p>
       </item>
 
+      <marker id="agent_symbolic_store"></marker>
       <tag><c>symbolic_store() = [symbolic_store_opt()]</c></tag>
       <item>
         <p><c>symbolic_store_opt() = {verbosity, verbosity()}</c></p>
@@ -381,12 +426,15 @@
         <p>For defaults see the options in <c>symbolic_store_opt()</c>.</p>
       </item>
 
+      <marker id="agent_target_cache"></marker>
       <tag><c>target_cache() = [target_cache_opt()]</c></tag>
       <item>
         <p><c>target_cache_opt() = {verbosity, verbosity()}</c></p>
         <p>Defines options specific for the SNMP agent target cache. </p>
         <p>For defaults see the options in <c>target_cache_opt()</c>.</p>
       </item>
+
+      <marker id="agent_config"></marker>
       <tag><c><![CDATA[agent_config() = [agent_config_opt()] <mandatory>]]></c></tag>
       <item>
         <p><c>agent_config_opt() = {dir, agent_config_dir()} |  {force_load, force_load()} | {verbosity, verbosity()}</c></p>
@@ -394,11 +442,13 @@
         <p>For defaults see the options in <c>agent_config_opt()</c>.</p>
       </item>
 
+      <marker id="agent_config_dir"></marker>
       <tag><c><![CDATA[agent_config_dir = dir() <mandatory>]]></c></tag>
       <item>
         <p>Defines where the SNMP agent configuration files are stored.</p>
       </item>
 
+      <marker id="agent_force_load"></marker>
       <tag><c><![CDATA[force_load() = bool() <optional>]]></c></tag>
       <item>
         <p>If <c>true</c> the configuration files are re-read
@@ -410,14 +460,18 @@
       </item>
     </taglist>
 
+    <marker id="manager_opts_and_types"></marker>
     <p>Manager specific config options and types:</p>
     <taglist>
+      <marker id="manager_server"></marker>
       <tag><c><![CDATA[server() = [server_opt()] <optional>]]></c></tag>
       <item>
         <p><c>server_opt() = {timeout, server_timeout()} |  {verbosity, verbosity()}</c></p>
         <p>Specifies the options for the manager server process.</p>
         <p>Default is <c>silence</c>.</p>
       </item>
+
+      <marker id="manager_server_timeout"></marker>
       <tag><c><![CDATA[server_timeout() = integer() <optional>]]></c></tag>
       <item>
         <p>Asynchroneous request cleanup time. For every requests, 
@@ -438,6 +492,7 @@
         <p>Default is <c>30000</c>.</p>
       </item>
 
+      <marker id="manager_config"></marker>
       <tag><c><![CDATA[manager_config() = [manager_config_opt()] <mandatory>]]></c></tag>
       <item>
         <p><c>manager_config_opt() = {dir, manager_config_dir()} |  {db_dir, manager_db_dir()} |  {db_init_error, db_init_error()} |  {repair, manager_repair()} |  {auto_save, manager_auto_save()} |  {verbosity, verbosity()}</c></p>
@@ -445,16 +500,19 @@
         <p>For defaults see the options in <c>manager_config_opt()</c>.</p>
       </item>
 
+      <marker id="manager_config_dir"></marker>
       <tag><c><![CDATA[manager_config_dir = dir() <mandatory>]]></c></tag>
       <item>
         <p>Defines where the SNMP manager configuration files are stored.</p>
       </item>
 
+      <marker id="manager_config_db_dir"></marker>
       <tag><c><![CDATA[manager_db_dir = dir() <mandatory>]]></c></tag>
       <item>
         <p>Defines where the SNMP manager store persistent data.</p>
       </item>
 
+      <marker id="manager_config_repair"></marker>
       <tag><c><![CDATA[manager_repair() = false | true | force <optional>]]></c></tag>
       <item>
         <p>Defines the repair option for the persistent database (if 
@@ -462,6 +520,7 @@
         <p>Default is <c>true</c>.</p>
       </item>
 
+      <marker id="manager_config_auto_save"></marker>
       <tag><c><![CDATA[manager_auto_save() = integer() | infinity <optional>]]></c></tag>
       <item>
         <p>The auto save interval. The table is flushed to disk
@@ -469,6 +528,7 @@
         <p>Default is <c>5000</c>.</p>
       </item>
 
+      <marker id="manager_irb"></marker>
       <tag><c><![CDATA[manager_irb() = auto | user | {user, integer()} <optional>]]></c></tag>
       <item>
         <p>This option defines how the manager will handle the sending of 
@@ -498,6 +558,7 @@
         <p>Default is <c>auto</c>.</p>
       </item>
 
+      <marker id="manager_mibs"></marker>
       <tag><c><![CDATA[manager_mibs() = [string()] <optional>]]></c></tag>
       <item>
         <p>Specifies a list of MIBs (including path) and defines which MIBs
@@ -505,6 +566,7 @@
         <p>Default is <c>[]</c>.</p>
       </item>
 
+      <marker id="manager_net_if"></marker>
       <tag><c><![CDATA[manager_net_if() = [manager_net_if_opt()] <optional>]]></c></tag>
       <item>
         <p><c>manager_net_if_opt() = {module, manager_net_if_module()} | 
@@ -515,6 +577,7 @@
         <p>For defaults see the options in <c>manager_net_if_opt()</c>.</p>
       </item>
 
+      <marker id="manager_ni_opts"></marker>
       <tag><c><![CDATA[manager_net_if_options() = [manager_net_if_option()] <optional>]]></c></tag>
       <item>
         <p><c>manager_net_if_option() = {bind_to, bind_to()} | 
@@ -528,6 +591,7 @@
         <p>For defaults see the options in <c>manager_net_if_option()</c>.</p>
       </item>
 
+      <marker id="manager_ni_module"></marker>
       <tag><c><![CDATA[manager_net_if_module() = atom() <optional>]]></c></tag>
       <item>
         <p>Module which handles the network interface part for the
@@ -536,6 +600,7 @@
         <p>Default is <c>snmpm_net_if</c>.</p>
       </item>
 
+      <marker id="manager_ni_filter_opts"></marker>
       <tag><c><![CDATA[manager_net_if_filter_options() = [manager_net_if_filter_option()] <optional>]]></c></tag>
       <item>
 	<p><c>manager_net_if_filter_option() = {module, manager_net_if_filter_module()}</c></p>
@@ -546,6 +611,7 @@
           <c>manager_net_if_filter_option()</c>.</p>
       </item>
 
+      <marker id="manager_ni_filter_module"></marker>
       <tag><c><![CDATA[manager_net_if_filter_module() = atom() <optional>]]></c></tag>
       <item>
 	<p>Module which handles the network interface filter part for the
@@ -554,6 +620,7 @@
 	<p>Default is <c>snmpm_net_if_filter</c>.</p>
       </item>
 
+      <marker id="manager_def_user_module"></marker>
       <tag><c><![CDATA[def_user_module() = atom() <optional>]]></c></tag>
       <item>
         <p>The module implementing the default user. See the 
@@ -561,6 +628,7 @@
         <p>Default is <c>snmpm_user_default</c>.</p>
       </item>
 
+      <marker id="manager_def_user_data"></marker>
       <tag><c><![CDATA[def_user_data() = term() <optional>]]></c></tag>
       <item>
         <p>Data for the default user. Passed to the user when calling 
@@ -569,8 +637,10 @@
       </item>
     </taglist>
 
+    <marker id="common_types"></marker>
     <p>Common config types:</p>
     <taglist>
+      <marker id="restart_type"></marker>
       <tag><c>restart_type() = permanent | transient | temporary</c></tag>
       <item>
         <p>See <seealso marker="stdlib:supervisor#child_spec">supervisor</seealso> 
@@ -579,6 +649,7 @@
           for the manager.</p>
       </item>
 
+      <marker id="db_init_error"></marker>
       <tag><c>db_init_error() = terminate | create</c></tag>
       <item>
         <p>Defines what to do if the agent is unable to open an
@@ -588,12 +659,14 @@
         <p>Default is <c>terminate</c>.</p>
       </item>
 
+      <marker id="prio"></marker>
       <tag><c><![CDATA[priority() = atom() <optional>]]></c></tag>
       <item>
         <p>Defines the Erlang priority for all SNMP processes.</p>
         <p>Default is <c>normal</c>.</p>
       </item>
 
+      <marker id="versions"></marker>
       <tag><c><![CDATA[versions() = [version()] <optional>]]></c></tag>
       <item>
         <p><c>version() = v1 | v2 | v3</c></p>
@@ -601,6 +674,7 @@
         <p>Default is <c>[v1,v2,v3]</c>.</p>
       </item>
 
+      <marker id="verbosity"></marker>
       <tag><c><![CDATA[verbosity() = silence | info | log | debug | trace <optional>]]></c></tag>
       <item>
         <p>Verbosity for a SNMP process. This specifies now much debug info
@@ -608,6 +682,7 @@
         <p>Default is <c>silence</c>.</p>
       </item>
 
+      <marker id="bind_to"></marker>
       <tag><c><![CDATA[bind_to() = bool() <optional>]]></c></tag>
       <item>
         <p>If <c>true</c>, net_if binds to the IP address.
@@ -616,6 +691,7 @@
         <p>Default is <c>false</c>.</p>
       </item>
 
+      <marker id="no_reuse"></marker>
       <tag><c><![CDATA[no_reuse() = bool() <optional>]]></c></tag>
       <item>
         <p>If <c>true</c>, net_if does not specify that the IP
@@ -624,17 +700,21 @@
         <p>Default is <c>false</c>.</p>
       </item>
 
+      <marker id="recbuf"></marker>
       <tag><c><![CDATA[recbuf() = integer() <optional>]]></c></tag>
       <item>
         <p>Receive buffer size. </p>
         <p>Default value is defined by <c>gen_udp</c>.</p>
       </item>
+
+      <marker id="sndbuf"></marker>
       <tag><c><![CDATA[sndbuf() = integer() <optional>]]></c></tag>
       <item>
         <p>Send buffer size. </p>
         <p>Default value is defined by <c>gen_udp</c>.</p>
       </item>
 
+      <marker id="note_store"></marker>
       <tag><c><![CDATA[note_store() = [note_store_opt()] <optional>]]></c></tag>
       <item>
         <p><c>note_store_opt() = {timeout, note_store_timeout()} |  {verbosity, verbosity()}</c></p>
@@ -642,6 +722,7 @@
         <p>For defaults see the options in <c>note_store_opt()</c>.</p>
       </item>
 
+      <marker id="ns_timeout"></marker>
       <tag><c><![CDATA[note_store_timeout() = integer() <optional>]]></c></tag>
       <item>
         <p>Note cleanup time. When storing a note in the note store,
@@ -649,10 +730,9 @@
           process performs a GC to remove the expired note's. Time in
           milli-seconds.</p>
         <p>Default is <c>30000</c>.</p>
-
-      <marker id="audit_trail_log"></marker>
       </item>
 
+      <marker id="audit_trail_log"></marker>
       <tag><c><![CDATA[audit_trail_log() [audit_trail_log_opt()] <optional>]]></c></tag>
       <item>
         <p><c>audit_trail_log_opt() = {type, atl_type()} | {dir, atl_dir()} |  {size, atl_size()} |  {repair, atl_repair()} | {seqno, atl_seqno()}</c></p>
@@ -663,6 +743,7 @@
         <p>If not present, audit trail logging is not used.</p>
       </item>
 
+      <marker id="atl_type"></marker>
       <tag><c><![CDATA[atl_type() = read | write | read_write <optional>]]></c></tag>
       <item>
         <p>Specifies what type of an audit trail log should be used. 
@@ -684,6 +765,7 @@
         <p>Default is <c>read_write</c>.</p>
       </item>
 
+      <marker id="atl_dir"></marker>
       <tag><c><![CDATA[atl_dir = dir() <mandatory>]]></c></tag>
       <item>
         <p>Specifies where the audit trail log should be stored.</p>
@@ -691,6 +773,7 @@
           place, this parameter <em>must</em> be defined.</p>
       </item>
 
+      <marker id="atl_size"></marker>
       <tag><c><![CDATA[atl_size() = {integer(), integer()} <mandatory>]]></c></tag>
       <item>
         <p>Specifies the size of the audit
@@ -699,6 +782,7 @@
           take place, this parameter <em>must</em> be defined.</p>
       </item>
 
+      <marker id="atl_repair"></marker>
       <tag><c><![CDATA[atl_repair() = true | false | truncate | snmp_repair <optional>]]></c></tag>
       <item>
         <p>Specifies if and how the audit trail log shall be repaired
@@ -710,6 +794,8 @@
           analysis.</p>
         <p>Default is <c>true</c>.</p>
       </item>
+
+      <marker id="atl_seqno"></marker>
       <tag><c><![CDATA[atl_seqno() = true | false <optional>]]></c></tag>
       <item>
         <p>Specifies if the audit trail log entries will be (sequence)
diff --git a/lib/snmp/doc/src/snmpa.xml b/lib/snmp/doc/src/snmpa.xml
index 27d89ea4e3..2322af28cc 100644
--- a/lib/snmp/doc/src/snmpa.xml
+++ b/lib/snmp/doc/src/snmpa.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>2004</year><year>2011</year>
+      <year>2004</year><year>2012</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -198,12 +198,18 @@ notification_delivery_info() = #snmpa_notification_delivery_info{}
       <type>
         <v>BackupDir = string()</v>
         <v>Agent = pid() | atom()</v>
+        <v>Reason = backup_in_progress | term()</v>
       </type>
       <desc>
         <p>Backup persistent/permanent data handled by the agent
           (such as local-db, mib-data and vacm). </p>
         <p>Data stored by mnesia is not handled. </p>
         <p>BackupDir cannot be identical to DbDir. </p>
+        <p>Simultaneous backup calls are <em>not</em> allowed. 
+	That is, two different processes cannot simultaneously 
+	successfully call this function. One of them will be first, 
+	and succeed. The second will fail with the error reason
+	<c>backup_in_progress</c>. </p>
 
         <marker id="info"></marker>
       </desc>
@@ -217,13 +223,13 @@ notification_delivery_info() = #snmpa_notification_delivery_info{}
       </type>
       <desc>
         <p>Returns a list (a dictionary) containing information about
-          the agent. Information includes loaded MIBs, registered
-          sub-agents, some information about the memory allocation. </p>
-        <p>As of version 4.4 the format of the info has been changed. 
-          To convert the info to the old format, call the 
-          <seealso marker="#old_info_format">old_info_format</seealso> 
-          function. </p>
-
+	the agent. Information includes loaded MIBs, registered
+	sub-agents, some information about the memory allocation. </p>
+	<p>As of version 4.4 the format of the info has been changed. 
+	To convert the info to the old format, call the 
+	<seealso marker="#old_info_format">old_info_format</seealso> 
+	function. </p>
+	
         <marker id="old_info_format"></marker>
       </desc>
     </func>
diff --git a/lib/snmp/priv/plt/.gitignore b/lib/snmp/priv/plt/.gitignore
new file mode 100644
index 0000000000..174481f561
--- /dev/null
+++ b/lib/snmp/priv/plt/.gitignore
@@ -0,0 +1,3 @@
+/*.plt
+/*.dialyzer_analysis
+
diff --git a/lib/snmp/src/agent/depend.mk b/lib/snmp/src/agent/depend.mk
index bc39e1fa35..078ef15821 100644
--- a/lib/snmp/src/agent/depend.mk
+++ b/lib/snmp/src/agent/depend.mk
@@ -52,6 +52,7 @@ $(EBIN)/snmpa_acm.$(EMULATOR): \
 
 $(EBIN)/snmpa_agent.$(EMULATOR): \
 	snmpa_agent.erl \
+	snmpa_internal.hrl \
 	../misc/snmp_debug.hrl \
 	../misc/snmp_verbosity.hrl \
 	../../include/snmp_types.hrl
@@ -136,6 +137,7 @@ $(EBIN)/snmpa_set_lib.$(EMULATOR): \
 
 $(EBIN)/snmpa_supervisor.$(EMULATOR): \
 	snmpa_supervisor.erl \
+	snmpa_internal.hrl \
 	../misc/snmp_debug.hrl \
 	../misc/snmp_verbosity.hrl
 
diff --git a/lib/snmp/src/agent/snmp_generic_mnesia.erl b/lib/snmp/src/agent/snmp_generic_mnesia.erl
index a73aad5b33..ce42af404b 100644
--- a/lib/snmp/src/agent/snmp_generic_mnesia.erl
+++ b/lib/snmp/src/agent/snmp_generic_mnesia.erl
@@ -121,7 +121,7 @@ table_func(set, RowIndex, Cols, Name) ->
 	   fun() ->
 		   snmp_generic:table_set_row(
 		     {Name, mnesia}, nofunc,
-		     {snmp_generic_mnesia, table_try_make_consistent},
+		     fun table_try_make_consistent/2,
 		     RowIndex, Cols)
 	   end) of
 	{atomic, Value} ->
@@ -368,7 +368,8 @@ table_set_elements(Name, RowIndex, Cols) ->
 	_ -> false
     end.
 table_set_elements(Name, RowIndex, Cols, ConsFunc) ->
-    #table_info{index_types = Indexes, first_own_index = FirstOwnIndex} =
+    #table_info{index_types     = Indexes, 
+		first_own_index = FirstOwnIndex} = 
 	snmp_generic:table_info(Name),
     AddCol = if
 		 FirstOwnIndex == 0 -> 2;
diff --git a/lib/snmp/src/agent/snmp_target_mib.erl b/lib/snmp/src/agent/snmp_target_mib.erl
index 60bd3e0912..a45db89c09 100644
--- a/lib/snmp/src/agent/snmp_target_mib.erl
+++ b/lib/snmp/src/agent/snmp_target_mib.erl
@@ -46,8 +46,14 @@
 %% Column not accessible via SNMP - needed when the agent sends informs
 -define(snmpTargetAddrEngineId, 10).
 %% Extra comlumns for the augmented table snmpTargetAddrExtTable
--define(snmpTargetAddrTMask, 11).
--define(snmpTargetAddrMMS, 12).
+-define(snmpTargetAddrTMask,    11).
+-define(snmpTargetAddrMMS,      12).
+
+-ifdef(snmp_extended_verbosity).
+-define(vt(F,A), ?vtrace(F, A)).
+-else.
+-define(vt(_F, _A), ok).
+-endif.
 
 
 %%-----------------------------------------------------------------
@@ -459,10 +465,16 @@ get_target_addrs() ->
 
 
 get_target_addrs(Key, {Tab, _} = TabDb, Acc) ->
+    ?vt("get_target_addrs -> entry with"
+	"~n   Key: ~p", [Key]),
     case table_next(Tab, Key) of
 	endOfTable -> 
+	    ?vt("get_target_addrs -> endOfTable when"
+		"~n   Acc: ~p", [Acc]),
 	    Acc;
 	NextKey ->
+	    ?vt("get_target_addrs -> next ok: "
+		"~n   NextKey: ~p", [NextKey]),
 	    case get_target_addr(TabDb, NextKey) of
 		{ok, Targ} ->
 		    get_target_addrs(NextKey, TabDb, [Targ| Acc]);
diff --git a/lib/snmp/src/agent/snmp_view_based_acm_mib.erl b/lib/snmp/src/agent/snmp_view_based_acm_mib.erl
index 37f6dd3f26..2cee91b081 100644
--- a/lib/snmp/src/agent/snmp_view_based_acm_mib.erl
+++ b/lib/snmp/src/agent/snmp_view_based_acm_mib.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2012. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -203,18 +203,16 @@ init_sec2group_table([Row | T]) ->
     init_sec2group_table(T);
 init_sec2group_table([]) -> true.
 
-init_access_table([{GN, Prefix, Model, Level, Row} | T]) ->
-%%     ?vtrace("init access table: "
-%%  	    "~n   GN:     ~p"
-%%  	    "~n   Prefix: ~p"
-%%  	    "~n   Model:  ~p"
-%%  	    "~n   Level:  ~p"
-%%  	    "~n   Row:    ~p",[GN, Prefix, Model, Level, Row]),    
-    Key = [length(GN) | GN] ++ [length(Prefix) | Prefix] ++ [Model, Level],
-    snmpa_vacm:insert([{Key, Row}], false),
-    init_access_table(T);
-init_access_table([]) ->
-    snmpa_vacm:dump_table().
+make_access_key(GN, Prefix, Model, Level) ->
+    [length(GN) | GN] ++ [length(Prefix) | Prefix] ++ [Model, Level].
+
+make_access_entry({GN, Prefix, Model, Level, Row}) ->
+    Key = make_access_key(GN, Prefix, Model, Level),
+    {Key, Row}.
+       
+init_access_table(TableData) ->
+    TableData2 = [make_access_entry(E) || E <- TableData],
+    snmpa_vacm:insert(TableData2, true).
 
 init_view_table([Row | T]) ->
 %%     ?vtrace("init view table: "
@@ -276,10 +274,7 @@ add_access(GroupName, Prefix, SecModel, SecLevel, Match, RV, WV, NV) ->
 	      Match, RV, WV, NV},
     case (catch check_vacm(Access)) of
 	{ok, {vacmAccess, {GN, Pref, SM, SL, Row}}} ->
-	    Key1 = [length(GN) | GN],
-	    Key2 = [length(Pref) | Pref],
-	    Key3 = [SM, SL],
-	    Key  = Key1 ++ Key2 ++ Key3, 
+	    Key = make_access_key(GN, Pref, SM, SL),
 	    snmpa_vacm:insert([{Key, Row}], false),
             snmpa_agent:invalidate_ca_cache(),
 	    {ok, Key};
diff --git a/lib/snmp/src/agent/snmpa.erl b/lib/snmp/src/agent/snmpa.erl
index 50b169e4e7..c400aaddf7 100644
--- a/lib/snmp/src/agent/snmpa.erl
+++ b/lib/snmp/src/agent/snmpa.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -547,7 +547,7 @@ update_mibs_cache_age(Agent, Age) ->
 
 
 update_mibs_cache_gclimit(GcLimit) ->
-    update_mibs_cache_age(snmp_master_agent, GcLimit).
+    update_mibs_cache_gclimit(snmp_master_agent, GcLimit).
 
 update_mibs_cache_gclimit(Agent, GcLimit) ->
     snmpa_agent:update_mibs_cache_gclimit(Agent, GcLimit).
diff --git a/lib/snmp/src/agent/snmpa_agent.erl b/lib/snmp/src/agent/snmpa_agent.erl
index 6322f0f21d..9cc986cf47 100644
--- a/lib/snmp/src/agent/snmpa_agent.erl
+++ b/lib/snmp/src/agent/snmpa_agent.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -68,8 +68,11 @@
 %% Internal exports
 -export([init/1, handle_call/3, handle_cast/2, handle_info/2,
 	 terminate/2, code_change/3, tr_var/2, tr_varbind/1,
-	 handle_pdu/7, worker/2, worker_loop/1, 
+	 handle_pdu/8, worker/2, worker_loop/1, 
 	 do_send_trap/7, do_send_trap/8]).
+%% <BACKWARD-COMPAT>
+-export([handle_pdu/7]).
+%% </BACKWARD-COMPAT>
 
 -include("snmpa_internal.hrl").
 
@@ -87,7 +90,6 @@
 
 -define(DISCO_TERMINATING_TRIGGER_USERNAME, "").
 
-
 -ifdef(snmp_debug).
 -define(GS_START_LINK3(Prio, Parent, Ref, Opts),
         gen_server:start_link(?MODULE, [Prio, Parent, Ref, Opts],
@@ -103,13 +105,49 @@
         gen_server:start_link({local, Name}, ?MODULE, 
 			      [Prio, Parent, Ref, Opts],[])).
 -endif.
- 
+
+%% Increment this whenever a change is made to the worker interface 
+-define(WORKER_INTERFACE_VERSION, 1).
+
+%% -- Utility macros for creating worker commands --
+-define(mk_pdu_wreq(Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra),
+	#wrequest{cmd  = handle_pdu, 
+		  info = [{vsn,        Vsn}, 
+			  {pdu,        Pdu}, 
+			  {pdu_ms,     PduMS}, 
+			  {acm_data,   ACMData}, 
+			  {addr,       Address}, 
+			  {gb_max_vbs, GbMaxVBs}, 
+			  {extra,      Extra}]}).
+-define(mk_send_trap_wreq(TrapRec, NotifyName, ContextName, 
+			  Recv, Vbs, LocalEngineID, Extra),
+	#wrequest{cmd  = send_trap, 
+		  info = [{trap_rec,        TrapRec}, 
+			  {notify_name,     NotifyName}, 
+			  {context_name,    ContextName}, 
+			  {receiver,        Recv}, 
+			  {varbinds,        Vbs}, 
+			  {local_engine_id, LocalEngineID},
+			  {extra,           Extra}]}).
+-define(mk_terminate_wreq(), #wrequest{cmd = terminate, info = []}).
+-define(mk_verbosity_wreq(V), #wrequest{cmd  = verbosity, 
+					info = [{verbosity, V}]}).
+
 
 -record(notification_filter, {id, mod, data}).
 -record(disco, 
 	{from, rec, sender, target, engine_id, 
 	 sec_level, ctx, ivbs, stage, handler, extra}).
 
+%% This record is used when sending requests to the worker processes
+-record(wrequest, 
+	{
+	  version = ?WORKER_INTERFACE_VERSION, 
+	  cmd, 
+	  info
+	 }
+       ).
+
 
 %%-----------------------------------------------------------------
 %% The agent is multi-threaded, i.e. each request is handled
@@ -142,7 +180,8 @@
 		net_if_mod,   
 		backup,
 		disco,
-		mibs_cache_request}).
+		mibs_cache_request,
+		gb_max_vbs}).
 
 
 %%%-----------------------------------------------------------------
@@ -330,6 +369,8 @@ do_init(Prio, Parent, Ref, Options) ->
     MultiT  = get_multi_threaded(Options),
     Vsns    = get_versions(Options),
 
+    GbMaxVbs = get_gb_max_vbs(Options), 
+
     NS = start_note_store(Prio, Ref, Options),
     {Type, NetIfPid, NetIfMod} = 
 	start_net_if(Parent, Prio, Ref, Vsns, NS, Options),
@@ -348,7 +389,8 @@ do_init(Prio, Parent, Ref, Options) ->
 		ref            = Ref,
 		vsns           = Vsns,
 		note_store     = NS,
-		net_if_mod     = NetIfMod}}.
+		net_if_mod     = NetIfMod,
+		gb_max_vbs     = GbMaxVbs}}.
 
 
 start_note_store(Prio, Ref, Options) ->
@@ -410,7 +452,8 @@ start_net_if(Parent, _Prio, _Ref, _Vsns, _NoteStore, _Options)
 start_mib_server(Prio, Ref, Mibs, Options) ->
     ?vdebug("start_mib_server -> with Prio: ~p", [Prio]),
     MibStorage = get_mib_storage(Options),
-    MibsOpts = [{mib_storage, MibStorage}|get_option(mib_server, Options, [])],
+    MibsOpts   = [{mib_storage, MibStorage} | 
+		  get_option(mib_server, Options, [])],
 
     ?vtrace("start_mib_server -> "
 	    "~n   Mibs:     ~p"
@@ -558,25 +601,6 @@ send_trap(Agent, Trap, NotifyName, CtxName, Recv, Varbinds) ->
 	       ],
     send_notification(Agent, Trap, SendOpts).
     
-%% send_trap(Agent, Trap, NotifyName, CtxName, Recv, Varbinds) ->
-%%     ?d("send_trap -> entry with"
-%%        "~n   self():        ~p"
-%%        "~n   Agent:         ~p [~p]"
-%%        "~n   Trap:          ~p"
-%%        "~n   NotifyName:    ~p"
-%%        "~n   CtxName:       ~p"
-%%        "~n   Recv:          ~p"
-%%        "~n   Varbinds:      ~p", 
-%%        [self(), Agent, wis(Agent), 
-%% 	Trap, NotifyName, CtxName, Recv, Varbinds]),
-%%     Msg = {send_trap, Trap, NotifyName, CtxName, Recv, Varbinds}, 
-%%     case (wis(Agent) =:= self()) of
-%% 	false ->
-%% 	    call(Agent, Msg);
-%% 	true ->
-%% 	    Agent ! Msg
-%%     end.
-
 send_trap(Agent, Trap, NotifyName, CtxName, Recv, Varbinds, LocalEngineID) ->
     ?d("send_trap -> entry with"
        "~n   self():        ~p"
@@ -599,27 +623,6 @@ send_trap(Agent, Trap, NotifyName, CtxName, Recv, Varbinds, LocalEngineID) ->
 	       ],
     send_notification(Agent, Trap, SendOpts).
     
-%% send_trap(Agent, Trap, NotifyName, CtxName, Recv, Varbinds, LocalEngineID) ->
-%%     ?d("send_trap -> entry with"
-%%        "~n   self():        ~p"
-%%        "~n   Agent:         ~p [~p]"
-%%        "~n   Trap:          ~p"
-%%        "~n   NotifyName:    ~p"
-%%        "~n   CtxName:       ~p"
-%%        "~n   Recv:          ~p"
-%%        "~n   Varbinds:      ~p" 
-%%        "~n   LocalEngineID: ~p", 
-%%        [self(), Agent, wis(Agent), 
-%% 	Trap, NotifyName, CtxName, Recv, Varbinds, LocalEngineID]),
-%%     Msg = 
-%% 	{send_trap, Trap, NotifyName, CtxName, Recv, Varbinds, LocalEngineID}, 
-%%     case (wis(Agent) =:= self()) of
-%% 	false ->
-%% 	    call(Agent, Msg);
-%% 	true ->
-%% 	    Agent ! Msg
-%%     end.
-
 %% </BACKWARD-COMPAT>
 
 
@@ -709,11 +712,6 @@ wis(Atom) when is_atom(Atom) ->
     whereis(Atom).
 
 
-forward_trap(Agent, TrapRecord, NotifyName, CtxName, Recv, Varbinds) ->
-    ExtraInfo = ?DEFAULT_NOTIF_EXTRA_INFO, 
-    forward_trap(Agent, TrapRecord, NotifyName, CtxName, Recv, Varbinds, 
-		 ExtraInfo).
-
 forward_trap(Agent, TrapRecord, NotifyName, CtxName, Recv, Varbinds, 
 	     ExtraInfo) ->
     Agent ! {forward_trap, TrapRecord, NotifyName, CtxName, Recv, Varbinds, 
@@ -796,7 +794,8 @@ handle_info({snmp_pdu, Vsn, Pdu, PduMS, ACMData, Address, Extra}, S) ->
     ?vdebug("handle_info(snmp_pdu) -> entry with"
 	    "~n   Vsn:     ~p"
 	    "~n   Pdu:     ~p"
-	    "~n   Address: ~p", [Vsn, Pdu, Address]),
+	    "~n   Address: ~p"
+	    "~n   Extra:   ~p", [Vsn, Pdu, Address, Extra]),
     
     NewS = handle_snmp_pdu(is_valid_pdu_type(Pdu#pdu.type),
 			   Vsn, Pdu, PduMS, ACMData, Address, Extra, S),
@@ -808,11 +807,11 @@ handle_info(worker_available, S) ->
     {noreply, S#state{worker_state = ready}};
 
 handle_info({send_notif, Notification, SendOpts}, S) ->
-    ?vlog("[handle_info] send trap request:"
+    ?vlog("[handle_info] send notif request:"
 	  "~n   Notification:  ~p"
 	  "~n   SendOpts:      ~p", 
 	  [Notification, SendOpts]),
-    case (catch handle_send_trap(cast, S, Notification, SendOpts)) of
+    case (catch handle_send_trap(S, Notification, SendOpts)) of
 	{ok, NewS} ->
 	    {noreply, NewS};
 	{'EXIT', R} ->
@@ -832,7 +831,7 @@ handle_info({send_trap, Trap, NotifyName, ContextName, Recv, Varbinds}, S) ->
 	  "~n   Varbinds:      ~p", 
 	  [Trap, NotifyName, ContextName, Recv, Varbinds]),
     ExtraInfo     = ?DEFAULT_NOTIF_EXTRA_INFO, 
-    LocalEngineID = ?DEFAULT_LOCAL_ENGINE_ID, 
+    LocalEngineID = local_engine_id(S),
     case (catch handle_send_trap(S, Trap, NotifyName, ContextName,
 				 Recv, Varbinds, LocalEngineID, ExtraInfo)) of
 	{ok, NewS} ->
@@ -979,6 +978,7 @@ handle_info({'EXIT', Pid, Reason}, S) ->
 	    end,
 	    {noreply, S}
     end;
+
 handle_info({'DOWN', Ref, process, Pid, {mibs_cache_reply, Reply}}, 
 	    #state{mibs_cache_request = {Pid, Ref, From}} = S) ->
     ?vlog("reply from the mibs cache request handler (~p): ~n~p", 
@@ -1014,11 +1014,11 @@ handle_call(restart_set_worker, _From, #state{set_worker = Pid} = S) ->
     {reply, ok, S};
 
 handle_call({send_notif, Notification, SendOpts}, _From, S) ->
-    ?vlog("[handle_info] send trap request:"
+    ?vlog("[handle_call] send notif request:"
 	  "~n   Notification:  ~p"
 	  "~n   SendOpts:      ~p", 
 	  [Notification, SendOpts]),
-    case (catch handle_send_trap(call, S, Notification, SendOpts)) of
+    case (catch handle_send_trap(S, Notification, SendOpts)) of
 	{ok, NewS} ->
 	    {reply, ok, NewS};
 	{'EXIT', Reason} ->
@@ -1039,18 +1039,8 @@ handle_call({send_trap, Trap, NotifyName, ContextName, Recv, Varbinds},
 	  "~n   Recv:          ~p" 
 	  "~n   Varbinds:      ~p", 
 	  [Trap, NotifyName, ContextName, Recv, Varbinds]),
-    ExtraInfo = ?DEFAULT_NOTIF_EXTRA_INFO, 
-    LocalEngineID = 
-	case S#state.type of
-	    master_agent ->
-		?DEFAULT_LOCAL_ENGINE_ID;
-	    _ -> 
-		%% subagent - 
-		%% we don't need this now, eventually the trap send 
-		%% request will reach the master-agent and then it 
-		%% will look up the proper engine id.
-		ignore
-	end,
+    ExtraInfo     = ?DEFAULT_NOTIF_EXTRA_INFO, 
+    LocalEngineID = local_engine_id(S),
     case (catch handle_send_trap(S, Trap, NotifyName, ContextName,
 				 Recv, Varbinds, LocalEngineID, ExtraInfo)) of
 	{ok, NewS} ->
@@ -1130,7 +1120,7 @@ handle_call({subagent_get_next, MibView, Varbinds, PduData}, _From, S) ->
 	  "~n   PduData:  ~p", 
 	  [MibView,Varbinds,PduData]),
     put_pdu_data(PduData),
-    {reply, do_get_next(MibView, Varbinds), S};
+    {reply, do_get_next(MibView, Varbinds, infinity), S};
 handle_call({subagent_set, Arguments, PduData}, _From, S) ->
     ?vlog("[handle_call] subagent set:"
 	  "~n   Arguments: ~p"
@@ -1171,7 +1161,7 @@ handle_call({get_next, Vars, Context}, _From, S) ->
             ?vdebug("Varbinds: ~p",[Varbinds]),
             MibView = snmpa_acm:get_root_mib_view(),
             Reply =
-                case do_get_next(MibView, Varbinds) of
+                case do_get_next(MibView, Varbinds, infinity) of
                     {noError, 0, NewVarbinds} ->
                         Vbs = lists:keysort(#varbind.org_index, NewVarbinds),
 			[{Oid,Val} || #varbind{oid = Oid, value = Val} <- Vbs];
@@ -1272,7 +1262,8 @@ handle_call(info, _From, S) ->
 handle_call(get_net_if, _From, S) ->
     {reply, get(net_if), S};
 
-handle_call({backup, BackupDir}, From, S) ->
+%% Only accept a backup request if there is none already in progress
+handle_call({backup, BackupDir}, From, #state{backup = undefined} = S) ->
     ?vlog("backup: ~p", [BackupDir]),
     Pid = self(),
     V   = get(verbosity),
@@ -1289,7 +1280,11 @@ handle_call({backup, BackupDir}, From, S) ->
 	  end),
     ?vtrace("backup server: ~p", [BackupServer]),
     {noreply, S#state{backup = {BackupServer, From}}};
-    
+
+handle_call({backup, _BackupDir}, From, #state{backup = Backup} = S) ->
+    ?vinfo("backup already in progress: ~p", [Backup]),
+    {reply, {error, backup_in_progress}, S};
+
 handle_call(dump_mibs, _From, S) ->
     Reply = snmpa_mib:dump(get(mibserver)),
     {reply, Reply, S};
@@ -1338,27 +1333,27 @@ handle_call({me_of, Oid}, _From, S) ->
     {reply, Reply, S};
 
 handle_call(get_log_type, _From, S) ->
-    ?vlog("get_log_type", []),
+    ?vlog("handle_call(get_log_type) -> entry with", []),
     Reply = handle_get_log_type(S), 
     {reply, Reply, S};
     
 handle_call({set_log_type, NewType}, _From, S) ->
-    ?vlog("set_log_type -> "
+    ?vlog("handle_call(set_log_type) -> entry with"
 	  "~n   NewType: ~p", [NewType]),
     Reply = handle_set_log_type(S, NewType), 
     {reply, Reply, S};
     
 handle_call(get_request_limit, _From, S) ->
-    ?vlog("get_request_limit", []),
+    ?vlog("handle_call(get_request_limit) -> entry with", []),
     Reply = handle_get_request_limit(S), 
     {reply, Reply, S};
     
 handle_call({set_request_limit, NewLimit}, _From, S) ->
-    ?vlog("set_request_limit -> "
+    ?vlog("handle_call(set_request_limit) -> entry with"
 	  "~n   NewLimit: ~p", [NewLimit]),
     Reply = handle_set_request_limit(S, NewLimit), 
     {reply, Reply, S};
-    
+
 handle_call(stop, _From, S) ->
     {stop, normal, ok, S};
 
@@ -1367,15 +1362,15 @@ handle_call(Req, _From, S) ->
     Reply = {error, {unknown, Req}}, 
     {reply, Reply, S}.
     
-handle_cast({verbosity,Verbosity}, S) ->
-    ?vlog("verbosity: ~p -> ~p",[get(verbosity),Verbosity]),
+handle_cast({verbosity, Verbosity}, S) ->
+    ?vlog("verbosity: ~p -> ~p",[get(verbosity), Verbosity]),
     put(verbosity,snmp_verbosity:validate(Verbosity)),
     case S#state.worker of
-	Pid when is_pid(Pid) -> Pid ! {verbosity,Verbosity};
+	Pid when is_pid(Pid) -> Pid ! ?mk_verbosity_wreq(Verbosity);
 	_ -> ok
     end,
     case S#state.set_worker of
-	Pid2 when is_pid(Pid2) -> Pid2 ! {verbosity,Verbosity};
+	Pid2 when is_pid(Pid2) -> Pid2 ! ?mk_verbosity_wreq(Verbosity);
 	_ -> ok
     end,
     {noreply, S};
@@ -1462,13 +1457,80 @@ handle_mibs_cache_request(MibServer, Req) ->
 
 %% Downgrade
 %%
-%% code_change({down, _Vsn}, S, downgrade_to_pre_4_13) ->
-%%     {ok, S2};
+code_change({down, _Vsn}, S1, downgrade_to_pre_4_17_3) ->
+    #state{type               = Type, 
+	   parent             = Parent, 
+	   worker             = Worker, 
+	   worker_state       = WorkerState,
+	   set_worker         = SetWorker, 
+	   multi_threaded     = MT, 
+	   ref                = Ref, 
+	   vsns               = Vsns,
+	   nfilters           = NF,
+	   note_store         = NoteStore,
+	   mib_server         = MS, 
+	   net_if             = NetIf, 
+	   net_if_mod         = NetIfMod, 
+	   backup             = Backup,
+	   disco              = Disco,
+	   mibs_cache_request = MCR} = S1, 
+    S2 = {state, 
+	  type               = Type, 
+	  parent             = Parent, 
+	  worker             = Worker, 
+	  worker_state       = WorkerState,
+	  set_worker         = SetWorker, 
+	  multi_threaded     = MT, 
+	  ref                = Ref, 
+	  vsns               = Vsns,
+	  nfilters           = NF,
+	  note_store         = NoteStore,
+	  mib_server         = MS, 
+	  net_if             = NetIf, 
+	  net_if_mod         = NetIfMod, 
+	  backup             = Backup,
+	  disco              = Disco,
+	  mibs_cache_request = MCR}, 
+    {ok, S2};
 
 %% Upgrade
 %%
-%% code_change(_Vsn, S, upgrade_from_pre_4_13) ->
-%%     {ok, S2};
+code_change(_Vsn, S1, upgrade_from_pre_4_17_3) ->
+    {state, 
+     type               = Type, 
+     parent             = Parent, 
+     worker             = Worker, 
+     worker_state       = WorkerState,
+     set_worker         = SetWorker, 
+     multi_threaded     = MT, 
+     ref                = Ref, 
+     vsns               = Vsns,
+     nfilters           = NF,
+     note_store         = NoteStore,
+     mib_server         = MS, 
+     net_if             = NetIf, 
+     net_if_mod         = NetIfMod, 
+     backup             = Backup,
+     disco              = Disco,
+     mibs_cache_request = MCR} = S1,
+    S2 = #state{type               = Type, 
+		parent             = Parent, 
+		worker             = Worker, 
+		worker_state       = WorkerState,
+		set_worker         = SetWorker, 
+		multi_threaded     = MT, 
+		ref                = Ref, 
+		vsns               = Vsns,
+		nfilters           = NF,
+		note_store         = NoteStore,
+		mib_server         = MS, 
+		net_if             = NetIf, 
+		net_if_mod         = NetIfMod, 
+		backup             = Backup,
+		disco              = Disco,
+		mibs_cache_request = MCR,
+		gb_max_vbs         = ?DEFAULT_GB_MAX_VBS}, 
+    {ok, S2};
 
 code_change(_Vsn, S, _Extra) ->
     {ok, S}.
@@ -1508,7 +1570,7 @@ worker_start(Dict) ->
 %%     worker_stop(Pid, infinity).
 
 worker_stop(Pid, Timeout) when is_pid(Pid) ->
-    Pid ! terminate, 
+    Pid ! ?mk_terminate_wreq(), 
     receive 
 	{'EXIT', Pid, normal} ->
 	    ok
@@ -1595,7 +1657,7 @@ handle_backup_res([{Who, Crap}|Results], Acc) ->
 %% because we (for some reason) support the function
 %% snmpa:current_community().
 %%-----------------------------------------------------------------
-cheat({community, SecModel, Community, _TAddress}, Address, ContextName) ->
+cheat({community, _SecModel, Community, _TAddress}, Address, ContextName) ->
     {Community, Address, ContextName};
 cheat({community, _SecModel, Community, _TDomain, _TAddress}, 
       Address, ContextName) ->
@@ -1645,9 +1707,11 @@ invalidate_ca_cache() ->
 %% 
 %%-----------------------------------------------------------------
 
-spawn_thread(Vsn, Pdu, PduMS, ACMData, Address, Extra) ->
+%% This functions spawns a temporary worker process, 
+%% that evaluates one request and then silently exits. 
+spawn_thread(Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra) ->
     Dict = get(),
-    Args = [Vsn, Pdu, PduMS, ACMData, Address, Extra, Dict], 
+    Args = [Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra, Dict], 
     proc_lib:spawn_link(?MODULE, handle_pdu, Args).
 
 spawn_trap_thread(TrapRec, NotifyName, ContextName, Recv, Vbs, 
@@ -1665,7 +1729,7 @@ do_send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs,
 do_send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs, 
 	     LocalEngineID, ExtraInfo, Dict) ->
     lists:foreach(fun({Key, Val}) -> put(Key, Val) end, Dict),
-    put(sname,trap_sender_short_name(get(sname))),
+    put(sname, trap_sender_short_name(get(sname))),
     ?vlog("starting",[]),
     snmpa_trap:send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs, 
 			 LocalEngineID, ExtraInfo, get(net_if)).
@@ -1677,58 +1741,122 @@ worker(Master, Dict) ->
     worker_loop(Master).
 
 worker_loop(Master) ->
-    receive
-	{Vsn, Pdu, PduMS, ACMData, Address, Extra} ->
-	    ?vtrace("worker_loop -> received request", []),
-	    handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, Extra),
-	    Master ! worker_available;
-
-	%% We don't trap EXITs!
-	{TrapRec, NotifyName, ContextName, Recv, Vbs} -> 
-	    ?vtrace("worker_loop -> send trap:"
-		    "~n   ~p", [TrapRec]),
-	    snmpa_trap:send_trap(TrapRec, NotifyName, 
-				 ContextName, Recv, Vbs, 
-				 ?DEFAULT_NOTIF_EXTRA_INFO, 
-				 get(net_if)),
-	    Master ! worker_available;
-
-	%% We don't trap EXITs!
-	{send_trap, 
-	 TrapRec, NotifyName, ContextName, Recv, Vbs, LocalEngineID} -> 
-	    ?vtrace("worker_loop -> send trap:"
-		    "~n   ~p", [TrapRec]),
-	    snmpa_trap:send_trap(TrapRec, NotifyName, 
-				 ContextName, Recv, Vbs, 
-				 LocalEngineID, ?DEFAULT_NOTIF_EXTRA_INFO, 
-				 get(net_if)),
-	    Master ! worker_available;
-
-	{send_trap, 
-	 TrapRec, NotifyName, ContextName, Recv, Vbs, LocalEngineID, ExtraInfo} -> 
-	    ?vtrace("worker_loop -> send trap:"
-		    "~n   ~p", [TrapRec]),
-	    snmpa_trap:send_trap(TrapRec, NotifyName, 
-				 ContextName, Recv, Vbs, 
-				 LocalEngineID, ExtraInfo, 
-				 get(net_if)),
-	    Master ! worker_available;
-
-	{verbosity, Verbosity} ->
-	    put(verbosity,snmp_verbosity:validate(Verbosity));
-
-	terminate ->
-	    exit(normal);
-
-	_X ->
-	    %% ignore
-	    ok
-
-    after 30000 ->
-	    %% This is to assure that the worker process leaves a
-	    %% possibly old version of this module.
-	    ok
-    end,
+    Res = 
+	receive
+	    #wrequest{cmd  = handle_pdu, 
+		      info = Info} = Req ->
+		?vtrace("worker_loop -> received handle_pdu request with"
+			"~n   Info: ~p", [Info]),
+		Vsn      = proplists:get_value(vsn,        Info),
+		Pdu      = proplists:get_value(pdu,        Info),
+		PduMS    = proplists:get_value(pdu_ms,     Info),
+		ACMData  = proplists:get_value(acm_data,   Info),
+		Address  = proplists:get_value(addr,       Info),
+		GbMaxVBs = proplists:get_value(gb_max_vbs, Info),
+		Extra    = proplists:get_value(extra,      Info),
+		HandlePduRes = 
+		    try 
+			begin
+			    handle_pdu2(Vsn, Pdu, PduMS, ACMData, Address, 
+					GbMaxVBs, Extra)
+			end
+		    catch 
+			T:E ->
+			    exit({worker_crash, Req, T, E, 
+				  erlang:get_stacktrace()})
+		    end,
+		Master ! worker_available,
+		HandlePduRes; % For debugging...
+	    
+	    
+	    #wrequest{cmd  = send_trap, 
+		      info = Info} = Req ->
+		?vtrace("worker_loop -> received send_trap request with"
+			"~n   Info: ~p", [Info]),
+		TrapRec       = proplists:get_value(trap_rec,        Info),
+		NotifyName    = proplists:get_value(notify_name,     Info),
+		ContextName   = proplists:get_value(context_name,    Info),
+		Recv          = proplists:get_value(receiver,        Info),
+		Vbs           = proplists:get_value(varbinds,        Info),
+		LocalEngineID = proplists:get_value(local_engine_id, Info),
+		Extra         = proplists:get_value(extra,           Info),
+		SendTrapRes = 
+		    try
+			begin
+			    snmpa_trap:send_trap(TrapRec, NotifyName, 
+						 ContextName, Recv, Vbs, 
+						 LocalEngineID, Extra, 
+						 get(net_if))
+			end
+		    catch 
+			T:E ->
+			    exit({worker_crash, Req, T, E, 
+				  erlang:get_stacktrace()})
+		    end,
+		Master ! worker_available, 
+		SendTrapRes; % For debugging...
+	    
+	    
+	    #wrequest{cmd  = verbosity, 
+		      info = Info} ->
+		Verbosity = proplists:get_value(verbosity, Info),
+		put(verbosity, snmp_verbosity:validate(Verbosity));
+	    
+	    
+	    #wrequest{cmd  = terminate} ->
+		?vtrace("worker_loop -> received terminate request", []),
+		exit(normal);
+	    
+	    
+	    %% *************************************************************
+	    %% 
+	    %%         Kept for backward compatibillity reasons
+	    %% 
+	    %% *************************************************************
+	    
+	    {Vsn, Pdu, PduMS, ACMData, Address, Extra} ->
+		?vtrace("worker_loop -> received request", []),
+		handle_pdu2(Vsn, Pdu, PduMS, ACMData, Address, 
+			    ?DEFAULT_GB_MAX_VBS, Extra),
+		Master ! worker_available;
+	    
+	    %% We don't trap exits!
+	    {TrapRec, NotifyName, ContextName, Recv, Vbs} -> 
+		?vtrace("worker_loop -> send trap:"
+			"~n   ~p", [TrapRec]),
+		snmpa_trap:send_trap(TrapRec, NotifyName, 
+				     ContextName, Recv, Vbs, get(net_if)),
+		Master ! worker_available;
+	    
+	    %% We don't trap exits!
+	    {send_trap, 
+	     TrapRec, NotifyName, ContextName, Recv, Vbs, LocalEngineID,
+	     ExtraInfo} -> 
+		?vtrace("worker_loop -> send trap:"
+			"~n   ~p", [TrapRec]),
+		snmpa_trap:send_trap(TrapRec, NotifyName, 
+				     ContextName, Recv, Vbs, 
+				     LocalEngineID, ExtraInfo, 
+				     get(net_if)),
+		Master ! worker_available;
+	    
+	    {verbosity, Verbosity} ->
+		put(verbosity, snmp_verbosity:validate(Verbosity));
+	    
+	    terminate ->
+		exit(normal);
+	    
+	    _X ->
+		%% ignore
+		ignore_unknown
+	
+	after 30000 ->
+		%% This is to assure that the worker process leaves a
+		%% possibly old version of this module.
+		ok
+	end,
+    ?vtrace("worker_loop -> wrap with"
+	    "~n   ~p", [Res]),
     ?MODULE:worker_loop(Master).
 
 
@@ -1736,42 +1864,52 @@ worker_loop(Master) ->
 %%-----------------------------------------------------------------
 
 handle_snmp_pdu(true, Vsn, Pdu, PduMS, ACMData, Address, Extra, 
-		#state{multi_threaded = false} = S) ->
+		#state{multi_threaded = false, 
+		       gb_max_vbs     = GbMaxVBs} = S) ->
     ?vtrace("handle_snmp_pdu -> single-thread agent",[]),
-    handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, Extra),
+    handle_pdu2(Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra),
     S;
 handle_snmp_pdu(true, Vsn, #pdu{type = 'set-request'} = Pdu, PduMS, 
 		ACMData, Address, Extra, 
 		#state{set_worker = Worker} = S) ->
     ?vtrace("handle_snmp_pdu -> multi-thread agent: "
 	    "send set-request to main worker",[]),
-    Worker ! {Vsn, Pdu, PduMS, ACMData, Address, Extra}, 
+    WRequest = ?mk_pdu_wreq(Vsn, Pdu, PduMS, ACMData, Address, infinity, Extra),
+    Worker ! WRequest, 
     S#state{worker_state = busy};
 handle_snmp_pdu(true, Vsn, Pdu, PduMS, 
 		ACMData, Address, Extra, 
-		#state{worker_state = busy} = S) ->
+		#state{worker_state = busy, 
+		       gb_max_vbs   = GbMaxVBs} = S) ->
     ?vtrace("handle_snmp_pdu -> multi-thread agent: "
 	    "main worker busy - create new worker",[]),
-    spawn_thread(Vsn, Pdu, PduMS, ACMData, Address, Extra),
+    spawn_thread(Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra),
     S;
 handle_snmp_pdu(true, Vsn, Pdu, PduMS, ACMData, Address, Extra, 
-		#state{worker = Worker} = S) ->
+		#state{worker     = Worker, 
+		       gb_max_vbs = GbMaxVBs} = S) ->
     ?vtrace("handle_snmp_pdu -> multi-thread agent: "
 	    "send to main worker",[]),
-    Worker ! {Vsn, Pdu, PduMS, ACMData, Address, Extra}, 
+    WRequest = ?mk_pdu_wreq(Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra),
+    Worker ! WRequest, 
     S#state{worker_state = busy};
 handle_snmp_pdu(_, _Vsn, _Pdu, _PduMS, _ACMData, _Address, _Extra, S) ->
     S.
 
 
 %% Called via the spawn_thread function
+%% <BACKWARD-COMPAT>
 handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, Extra, Dict) ->
+    handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, ?DEFAULT_GB_MAX_VBS, Extra, 
+	       Dict).
+%% </BACKWARD-COMPAT>
+handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra, Dict) ->
     lists:foreach(fun({Key, Val}) -> put(Key, Val) end, Dict),
     put(sname, pdu_handler_short_name(get(sname))),
     ?vlog("new worker starting",[]),
-    handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, Extra).
+    handle_pdu2(Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra).
 
-handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, Extra) ->
+handle_pdu2(Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra) ->
     %% OTP-3324
     AuthMod = get(auth_module),
     case AuthMod:init_check_access(Pdu, ACMData) of
@@ -1780,7 +1918,8 @@ handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, Extra) ->
 		  "~n   MibView:     ~p"
 		  "~n   ContextName: ~p", [MibView, ContextName]),
 	    AgentData = cheat(ACMData, Address, ContextName),
-	    do_handle_pdu(MibView, Vsn, Pdu, PduMS, ACMData, AgentData, Extra);
+	    do_handle_pdu(MibView, Vsn, Pdu, PduMS, ACMData, AgentData, 
+			  GbMaxVBs, Extra);
 	{error, Reason} ->
 	    ?vlog("handle_pdu -> error:"
 		  "~n   Reason: ~p", [Reason]),
@@ -1794,16 +1933,19 @@ handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, Extra) ->
     end.
 
 do_handle_pdu(MibView, Vsn, Pdu, PduMS, 
-	      ACMData, {Community, Address, ContextName}, Extra) ->
+	      ACMData, {Community, Address, ContextName}, 
+	      GbMaxVBs, Extra) ->
     
     put(net_if_data, Extra),
+
     RePdu = process_msg(MibView, Vsn, Pdu, PduMS, Community, 
-			Address, ContextName),
+			Address, ContextName, GbMaxVBs),
 
     ?vtrace("do_handle_pdu -> processed:"
 	    "~n   RePdu: ~p", [RePdu]),
-    get(net_if) ! {snmp_response, Vsn, RePdu, 
-		   RePdu#pdu.type, ACMData, Address, Extra}.
+    NetIf = get(net_if), 
+    NetIf ! {snmp_response, Vsn, RePdu, 
+	     RePdu#pdu.type, ACMData, Address, Extra}.
 
 
 handle_acm_error(Vsn, Reason, Pdu, ACMData, Address, Extra) ->
@@ -1859,7 +2001,7 @@ handle_acm_error(Vsn, Reason, Pdu, ACMData, Address, Extra) ->
 	    ok
     end.
 
-get_opt(Key, Default, SendOpts) ->
+get_send_opt(Key, Default, SendOpts) ->
     case lists:keysearch(Key, 1, SendOpts) of
 	{value, {Key, Value}} ->
 	    Value;
@@ -1867,40 +2009,19 @@ get_opt(Key, Default, SendOpts) ->
 	    Default
     end.
 
-handle_send_trap(call, #state{type = master_agent} = S, 
-		 Notification, SendOpts) ->
-    SendOpts2 = 
-	case lists:keymember(local_engine_id, 1, SendOpts) of
-	    true ->
-		SendOpts;
-	    false ->
-		[{local_engine_id, ?DEFAULT_LOCAL_ENGINE_ID}|SendOpts]
-	end,
-    handle_send_trap(S, Notification, SendOpts2);
-handle_send_trap(call, S, Notification, SendOpts) ->
-    SendOpts2 = 
-	case lists:keymember(local_engine_id, 1, SendOpts) of
-	    true ->
-		SendOpts;
-	    false ->
-		%% subagent - 
-		%% we don't need this now, eventually the trap send 
-		%% request will reach the master-agent and then it 
-		%% will look up the proper engine id.
-		[{local_engine_id, ignore}|SendOpts]
-	end,
-    handle_send_trap(S, Notification, SendOpts2);
-handle_send_trap(_, S, Notification, SendOpts) ->
-    handle_send_trap(S, Notification, SendOpts).
-
 handle_send_trap(S, Notification, SendOpts) ->
-    NotifyName    = get_opt(name,     "",                        SendOpts),
-    ContextName   = get_opt(context,  "",                        SendOpts),
-    Recv          = get_opt(receiver, no_receiver,               SendOpts),
-    Varbinds      = get_opt(varbinds, [],                        SendOpts),
-    ExtraInfo     = get_opt(extra,    ?DEFAULT_NOTIF_EXTRA_INFO, SendOpts),
+    NotifyName    = get_send_opt(name,     "",                        SendOpts),
+    ContextName   = get_send_opt(context,  "",                        SendOpts),
+    Recv          = get_send_opt(receiver, no_receiver,               SendOpts),
+    Varbinds      = get_send_opt(varbinds, [],                        SendOpts),
+    ExtraInfo     = get_send_opt(extra,    ?DEFAULT_NOTIF_EXTRA_INFO, SendOpts),
     LocalEngineID = 
-	get_opt(local_engine_id, ?DEFAULT_LOCAL_ENGINE_ID, SendOpts),
+	case lists:keysearch(local_engine_id, 1, SendOpts) of
+	    {value, {local_engine_id, Value}} ->
+		Value;
+	    false ->
+		local_engine_id(S)
+	end,
     handle_send_trap(S, Notification, NotifyName, ContextName, Recv, Varbinds, 
 		     LocalEngineID, ExtraInfo).
 
@@ -1908,11 +2029,11 @@ handle_send_trap(#state{type = Type} = S,
 		 Notification, NotifyName, ContextName, Recv, Varbinds, 
 		 LocalEngineID, ExtraInfo) ->
     ?vtrace("handle_send_trap -> entry with"
-	"~n   Agent type:    ~p"
-	"~n   TrapName:      ~p"
-	"~n   NotifyName:    ~p"
-	"~n   ContextName:   ~p"
-	"~n   LocalEngineID: ~p", 
+	    "~n   Agent type:    ~p"
+	    "~n   TrapName:      ~p"
+	    "~n   NotifyName:    ~p"
+	    "~n   ContextName:   ~p"
+	    "~n   LocalEngineID: ~p", 
 	    [Type, Notification, NotifyName, ContextName, LocalEngineID]),
     case snmpa_trap:construct_trap(Notification, Varbinds) of
 	{ok, TrapRecord, VarList} ->
@@ -2025,9 +2146,9 @@ do_handle_send_trap(S, TrapRec, NotifyName, ContextName, Recv, Varbinds,
 	master_agent ->
 	    %% Send to main worker
 	    ?vtrace("do_handle_send_trap -> send to main worker",[]),
-	    S#state.worker ! {send_trap, 
-			      TrapRec, NotifyName, ContextName, Recv, Vbs,
-			      LocalEngineID, ExtraInfo},
+	    S#state.worker ! ?mk_send_trap_wreq(TrapRec, NotifyName, 
+						ContextName, Recv, Vbs,
+						LocalEngineID, ExtraInfo),
 	    {ok, S#state{worker_state = busy}}
     end.
     
@@ -2367,17 +2488,18 @@ handle_mib_of(MibServer, Oid) ->
 %% Func: process_msg/7
 %% Returns: RePdu
 %%-----------------------------------------------------------------
-process_msg(MibView, Vsn, Pdu, PduMS, Community, {Ip, Udp}, ContextName) ->
+process_msg(MibView, Vsn, Pdu, PduMS, Community, {Ip, Udp}, ContextName, 
+	    GbMaxVBs) ->
     #pdu{request_id = ReqId} = Pdu,
     put(snmp_address, {tuple_to_list(Ip), Udp}),
     put(snmp_request_id, ReqId),
     put(snmp_community, Community),
     put(snmp_context, ContextName),
     ?vtrace("process ~p",[Pdu#pdu.type]),
-    process_pdu(Pdu, PduMS, Vsn, MibView).
+    process_pdu(Pdu, PduMS, Vsn, MibView, GbMaxVBs).
 
 process_pdu(#pdu{type='get-request', request_id = ReqId, varbinds=Vbs},
-	    _PduMS, Vsn, MibView) ->
+	    _PduMS, Vsn, MibView, _GbMaxVBs) ->
     ?vtrace("get ~p",[ReqId]),
     Res = get_err(do_get(MibView, Vbs, false)),
     ?vtrace("get result: "
@@ -2398,12 +2520,12 @@ process_pdu(#pdu{type='get-request', request_id = ReqId, varbinds=Vbs},
     make_response_pdu(ReqId, ErrStatus, ErrIndex, Vbs, ResponseVarbinds);
 
 process_pdu(#pdu{type = 'get-next-request', request_id = ReqId, varbinds = Vbs},
-	    _PduMS, Vsn, MibView) ->
+	    _PduMS, Vsn, MibView, _GbMaxVBs) ->
     ?vtrace("process get-next-request -> entry with"
 	    "~n   ReqId:   ~p"
 	    "~n   Vbs:     ~p"
 	    "~n   MibView: ~p",[ReqId, Vbs, MibView]),
-    Res = get_err(do_get_next(MibView, Vbs)),
+    Res = get_err(do_get_next(MibView, Vbs, infinity)),
     ?vtrace("get-next result: "
 	    "~n   ~p",[Res]),
     {ErrStatus, ErrIndex, ResVarbinds} = 
@@ -2420,11 +2542,15 @@ process_pdu(#pdu{type = 'get-next-request', request_id = ReqId, varbinds = Vbs},
 	    "~n   ~p",[ResponseVarbinds]),
     make_response_pdu(ReqId, ErrStatus, ErrIndex, Vbs, ResponseVarbinds);
 
-process_pdu(#pdu{type = 'get-bulk-request',request_id = ReqId,varbinds = Vbs,
-		 error_status = NonRepeaters, error_index = MaxRepetitions},
-	    PduMS, _Vsn, MibView)->
+process_pdu(#pdu{type         = 'get-bulk-request',
+		 request_id   = ReqId,
+		 varbinds     = Vbs,
+		 error_status = NonRepeaters, 
+		 error_index  = MaxRepetitions},
+	    PduMS, _Vsn, MibView, GbMaxVBs) ->
     {ErrStatus, ErrIndex, ResponseVarbinds} = 
-	get_err(do_get_bulk(MibView,NonRepeaters,MaxRepetitions,PduMS,Vbs)),
+	get_err(do_get_bulk(MibView, NonRepeaters, MaxRepetitions, PduMS, Vbs, 
+			    GbMaxVBs)),
     ?vtrace("get-bulk final result: "
 	    "~n   Error status:     ~p"
 	    "~n   Error index:      ~p"
@@ -2433,7 +2559,7 @@ process_pdu(#pdu{type = 'get-bulk-request',request_id = ReqId,varbinds = Vbs,
     make_response_pdu(ReqId, ErrStatus, ErrIndex, Vbs, ResponseVarbinds);
 
 process_pdu(#pdu{type = 'set-request', request_id = ReqId, varbinds = Vbs},
-	    _PduMS, Vsn, MibView)->
+	    _PduMS, Vsn, MibView, _GbMaxVbs)->
     Res = do_set(MibView, Vbs),
     ?vtrace("set result: "
 	    "~n   ~p",[Res]),
@@ -2490,7 +2616,8 @@ validate_next_v1_2([Vb | _Vbs], _MibView, _Res)
     {noSuchName, Vb#varbind.org_index};
 validate_next_v1_2([Vb | Vbs], MibView, Res)
   when Vb#varbind.variabletype =:= 'Counter64' ->
-    case validate_next_v1(do_get_next(MibView, [mk_next_oid(Vb)]), MibView) of
+    case validate_next_v1(
+	   do_get_next(MibView, [mk_next_oid(Vb)], infinity), MibView) of
 	{noError, 0, [NVb]} ->
 	    validate_next_v1_2(Vbs, MibView, [NVb | Res]);
 	{Error, Index, _OrgVb} ->
@@ -2963,59 +3090,97 @@ validate_tab_res(_TooMany, [], Mfa, _Res, I) ->
 %%      that this really matters, since many nexts across the same
 %%      subagent must be considered to be very rare.
 %%-----------------------------------------------------------------
-do_get_next(MibView, UnsortedVarbinds) ->
-    SortedVarbinds = oid_sort_varbindlist(UnsortedVarbinds),
-    next_loop_varbinds([], SortedVarbinds, MibView, [], []).
 
-oid_sort_varbindlist(Vbs) ->
+%% It may be a bit agressive to check this already, 
+%% but since it is a security measure, it makes sense.
+do_get_next(_MibView, UnsortedVarbinds, GbMaxVBs) 
+  when (is_integer(GbMaxVBs) andalso (length(UnsortedVarbinds) > GbMaxVBs)) ->
+    {tooBig, 0, []}; % What is the correct index in this case?
+do_get_next(MibView, UnsortedVBs, GbMaxVBs) ->
+    ?vt("do_get_next -> entry when"
+ 	"~n   MibView:          ~p"
+ 	"~n   UnsortedVBs: ~p", [MibView, UnsortedVBs]),
+    SortedVBs = oid_sort_vbs(UnsortedVBs),
+    ?vt("do_get_next -> "
+ 	"~n   SortedVBs: ~p", [SortedVBs]),
+    next_loop_varbinds([], SortedVBs, MibView, [], [], GbMaxVBs).
+
+oid_sort_vbs(Vbs) ->
     lists:keysort(#varbind.oid, Vbs).
 
+next_loop_varbinds(_, Vbs, _MibView, Res, _LAVb, GbMaxVBs) 
+  when (is_integer(GbMaxVBs) andalso 
+	((length(Vbs) + length(Res)) > GbMaxVBs)) ->
+    {tooBig, 0, []}; % What is the correct index in this case?
+
 %% LAVb is Last Accessible Vb
-next_loop_varbinds([], [Vb | Vbs], MibView, Res, LAVb) ->
+next_loop_varbinds([], [Vb | Vbs], MibView, Res, LAVb, GbMaxVBs) ->
     ?vt("next_loop_varbinds -> entry when"
  	"~n   Vb:      ~p"
  	"~n   MibView: ~p", [Vb, MibView]),
     case varbind_next(Vb, MibView) of
 	endOfMibView ->
+	    ?vt("next_loop_varbind -> endOfMibView", []),
 	    RVb = if LAVb =:= [] -> Vb;
 		     true -> LAVb
 		  end,
 	    NewVb = RVb#varbind{variabletype = 'NULL', value = endOfMibView},
-	    next_loop_varbinds([], Vbs, MibView, [NewVb | Res], []);
+	    next_loop_varbinds([], Vbs, MibView, [NewVb | Res], [], GbMaxVBs);
+
 	{variable, ME, VarOid} when ((ME#me.access =/= 'not-accessible') andalso 
 				     (ME#me.access =/= 'write-only') andalso 
 				     (ME#me.access =/= 'accessible-for-notify')) -> 
+	    ?vt("next_loop_varbind -> variable: "
+		"~n   ME:     ~p"
+		"~n   VarOid: ~p", [ME, VarOid]),
 	    case try_get_instance(Vb, ME) of
 		{value, noValue, _NoSuchSomething} ->
+		    ?vt("next_loop_varbind -> noValue", []),
 		    %% Try next one
-		    NewVb = Vb#varbind{oid = VarOid, value = 'NULL'},
-		    next_loop_varbinds([], [NewVb | Vbs], MibView, Res, []);
+		    NewVb = Vb#varbind{oid   = VarOid, 
+				       value = 'NULL'},
+		    next_loop_varbinds([], [NewVb | Vbs], MibView, Res, [], 
+				       GbMaxVBs);
 		{value, Type, Value} ->
-		    NewVb = Vb#varbind{oid = VarOid, variabletype = Type,
-				       value = Value},
-		    next_loop_varbinds([], Vbs, MibView, [NewVb | Res], []);
+		    ?vt("next_loop_varbind -> value"
+			"~n   Type:  ~p"
+			"~n   Value: ~p", [Type, Value]),
+		    NewVb = Vb#varbind{oid          = VarOid, 
+				       variabletype = Type,
+				       value        = Value},
+		    next_loop_varbinds([], Vbs, MibView, [NewVb | Res], [],
+				       GbMaxVBs);
 		{error, ErrorStatus} ->
 		    ?vdebug("next loop varbinds:"
 			    "~n   ErrorStatus: ~p",[ErrorStatus]),
 		    {ErrorStatus, Vb#varbind.org_index, []}
 	    end;
 	{variable, _ME, VarOid} -> 
+	    ?vt("next_loop_varbind -> variable: "
+		"~n   VarOid: ~p", [VarOid]),
 	    RVb = if LAVb =:= [] -> Vb;
 		     true -> LAVb
 		  end,
 	    NewVb = Vb#varbind{oid = VarOid, value = 'NULL'},
-	    next_loop_varbinds([], [NewVb | Vbs], MibView, Res, RVb);
+	    next_loop_varbinds([], [NewVb | Vbs], MibView, Res, RVb, GbMaxVBs);
 	{table, TableOid, TableRestOid, ME} ->
+	    ?vt("next_loop_varbind -> table: "
+		"~n   TableOid:     ~p"
+		"~n   TableRestOid: ~p"
+		"~n   ME:           ~p", [TableOid, TableRestOid, ME]),
 	    next_loop_varbinds({table, TableOid, ME,
 				[{tab_oid(TableRestOid), Vb}]},
-			       Vbs, MibView, Res, []);
+			       Vbs, MibView, Res, [], GbMaxVBs);
 	{subagent, SubAgentPid, SAOid} ->
+	    ?vt("next_loop_varbind -> subagent: "
+		"~n   SubAgentPid: ~p"
+		"~n   SAOid:       ~p", [SubAgentPid, SAOid]),
 	    NewVb = Vb#varbind{variabletype = 'NULL', value = 'NULL'},
 	    next_loop_varbinds({subagent, SubAgentPid, SAOid, [NewVb]},
-			       Vbs, MibView, Res, [])
+			       Vbs, MibView, Res, [], GbMaxVBs)
     end;
 next_loop_varbinds({table, TableOid, ME, TabOids},
-		   [Vb | Vbs], MibView, Res, _LAVb) ->
+		   [Vb | Vbs], MibView, Res, _LAVb, GbMaxVBs) ->
     ?vt("next_loop_varbinds(table) -> entry with"
  	"~n   TableOid: ~p"
  	"~n   Vb:       ~p", [TableOid, Vb]),
@@ -3023,13 +3188,14 @@ next_loop_varbinds({table, TableOid, ME, TabOids},
 	{table, TableOid, TableRestOid, _ME} ->
 	    next_loop_varbinds({table, TableOid, ME,
 				[{tab_oid(TableRestOid), Vb} | TabOids]},
-			       Vbs, MibView, Res, []);
+			       Vbs, MibView, Res, [], GbMaxVBs);
 	_ ->
 	    case get_next_table(ME, TableOid, TabOids, MibView) of
 		{ok, TabRes, TabEndOfTabVbs} ->
 		    NewVbs = lists:append(TabEndOfTabVbs, [Vb | Vbs]),
 		    NewRes = lists:append(TabRes, Res),
-		    next_loop_varbinds([], NewVbs, MibView, NewRes, []);
+		    next_loop_varbinds([], NewVbs, MibView, NewRes, [], 
+				       GbMaxVBs);
 		{ErrorStatus, OrgIndex} ->
 		    ?vdebug("next loop varbinds: next varbind"
 			    "~n   ErrorStatus: ~p"
@@ -3039,7 +3205,7 @@ next_loop_varbinds({table, TableOid, ME, TabOids},
 	    end
     end;
 next_loop_varbinds({table, TableOid, ME, TabOids},
-		   [], MibView, Res, _LAVb) ->
+		   [], MibView, Res, _LAVb, GbMaxVBs) ->
     ?vt("next_loop_varbinds(table) -> entry with"
 	"~n   TableOid: ~p", [TableOid]),
     case get_next_table(ME, TableOid, TabOids, MibView) of
@@ -3048,7 +3214,8 @@ next_loop_varbinds({table, TableOid, ME, TabOids},
 		"~n   TabRes:         ~p"
 		"~n   TabEndOfTabVbs: ~p", [TabRes, TabEndOfTabVbs]),
 	    NewRes = lists:append(TabRes, Res),
-	    next_loop_varbinds([], TabEndOfTabVbs, MibView, NewRes, []);
+	    next_loop_varbinds([], TabEndOfTabVbs, MibView, NewRes, [], 
+			       GbMaxVBs);
 	{ErrorStatus, OrgIndex} ->
 	    ?vdebug("next loop varbinds: next table"
 		    "~n   ErrorStatus: ~p"
@@ -3057,7 +3224,7 @@ next_loop_varbinds({table, TableOid, ME, TabOids},
 	    {ErrorStatus, OrgIndex, []}
     end;
 next_loop_varbinds({subagent, SAPid, SAOid, SAVbs},
-		   [Vb | Vbs], MibView, Res, _LAVb) ->
+		   [Vb | Vbs], MibView, Res, _LAVb, GbMaxVBs) ->
     ?vt("next_loop_varbinds(subagent) -> entry with"
 	"~n   SAPid: ~p"
 	"~n   SAOid: ~p"
@@ -3066,13 +3233,14 @@ next_loop_varbinds({subagent, SAPid, SAOid, SAVbs},
 	{subagent, _SubAgentPid, SAOid} ->
 	    next_loop_varbinds({subagent, SAPid, SAOid,
 				[Vb | SAVbs]},
-			       Vbs, MibView, Res, []);
+			       Vbs, MibView, Res, [], GbMaxVBs);
 	_ ->
 	    case get_next_sa(SAPid, SAOid, SAVbs, MibView) of
 		{ok, SARes, SAEndOfMibViewVbs} ->
 		    NewVbs = lists:append(SAEndOfMibViewVbs, [Vb | Vbs]),
 		    NewRes = lists:append(SARes, Res),
-		    next_loop_varbinds([], NewVbs, MibView, NewRes, []);
+		    next_loop_varbinds([], NewVbs, MibView, NewRes, [], 
+				       GbMaxVBs);
 		{noSuchName, OrgIndex} ->
 		    %% v1 reply, treat this Vb as endOfMibView, and try again
 		    %% for the others.
@@ -3085,12 +3253,14 @@ next_loop_varbinds({subagent, SAPid, SAOid, SAVbs},
 			    case lists:delete(EVb, SAVbs) of
 				[] ->
 				    next_loop_varbinds([], [EndOfVb, Vb | Vbs],
-						       MibView, Res, []);
+						       MibView, Res, [],
+						       GbMaxVBs);
 				TryAgainVbs ->
 				    next_loop_varbinds({subagent, SAPid, SAOid,
 							TryAgainVbs},
 						       [EndOfVb, Vb | Vbs],
-						       MibView, Res, [])
+						       MibView, Res, [],
+						       GbMaxVBs)
 			    end;
 			false ->
 			    %% bad index from subagent
@@ -3106,14 +3276,15 @@ next_loop_varbinds({subagent, SAPid, SAOid, SAVbs},
 	    end
     end;
 next_loop_varbinds({subagent, SAPid, SAOid, SAVbs},
-		   [], MibView, Res, _LAVb) ->
+		   [], MibView, Res, _LAVb, GbMaxVBs) ->
      ?vt("next_loop_varbinds(subagent) -> entry with"
 	 "~n   SAPid: ~p"
 	 "~n   SAOid: ~p", [SAPid, SAOid]),
     case get_next_sa(SAPid, SAOid, SAVbs, MibView) of
 	{ok, SARes, SAEndOfMibViewVbs} ->
 	    NewRes = lists:append(SARes, Res),
-	    next_loop_varbinds([], SAEndOfMibViewVbs, MibView, NewRes, []);
+	    next_loop_varbinds([], SAEndOfMibViewVbs, MibView, NewRes, [],
+			       GbMaxVBs);
 	{noSuchName, OrgIndex} ->
 	    %% v1 reply, treat this Vb as endOfMibView, and try again for
 	    %% the others.
@@ -3124,11 +3295,13 @@ next_loop_varbinds({subagent, SAPid, SAOid, SAVbs},
 					  value = {endOfMibView, NextOid}},
 		    case lists:delete(EVb, SAVbs) of
 			[] ->
-			    next_loop_varbinds([], [EndOfVb], MibView, Res, []);
+			    next_loop_varbinds([], [EndOfVb], MibView, Res, [],
+					       GbMaxVBs);
 			TryAgainVbs ->
 			    next_loop_varbinds({subagent, SAPid, SAOid,
 						TryAgainVbs},
-					       [EndOfVb], MibView, Res, [])
+					       [EndOfVb], MibView, Res, [],
+					       GbMaxVBs)
 		    end;
 		false ->
 		    %% bad index from subagent
@@ -3141,12 +3314,15 @@ next_loop_varbinds({subagent, SAPid, SAOid, SAVbs},
  		    [ErrorStatus,OrgIndex]),
  	    {ErrorStatus, OrgIndex, []}
     end;
-next_loop_varbinds([], [], _MibView, Res, _LAVb) ->
+next_loop_varbinds([], [], _MibView, Res, _LAVb, _GbMaxVBs) ->
     ?vt("next_loop_varbinds -> entry when done", []),
     {noError, 0, Res}.
 
 try_get_instance(_Vb, #me{mfa = {M, F, A}, asn1_type = ASN1Type}) ->
-    ?vtrace("try get instance from <~p,~p,~p>",[M,F,A]),
+    ?vtrace("try_get_instance -> entry with"
+	    "~n   M: ~p"
+	    "~n   F: ~p"
+	    "~n   A: ~p", [M,F,A]),
     Result = (catch dbg_apply(M, F, [get | A])),
     % mib shall return {value, <a-nice-value-within-range>} |
     % {noValue, noSuchName} (v1) | 
@@ -3157,6 +3333,7 @@ try_get_instance(_Vb, #me{mfa = {M, F, A}, asn1_type = ASN1Type}) ->
 tab_oid([]) -> [0];
 tab_oid(X) -> X.
 
+
 %%-----------------------------------------------------------------
 %% Perform a next, using the varbinds Oid if value is simple
 %% value. If value is {endOf<something>, NextOid}, use NextOid.
@@ -3403,22 +3580,30 @@ next_oid(Oid) ->
 
 %%%-----------------------------------------------------------------
 %%% 5. GET-BULK REQUEST
+%%% 
+%%% In order to prevent excesses in reply sizes there are two 
+%%% preventive methods in place. One is to check that the encode
+%%% size does not exceed Max PDU size (this is mentioned in the
+%%% standard). The other is a simple VBs limit. That is, the 
+%%% resulting response cannot contain more then this number of VBs.
 %%%-----------------------------------------------------------------
-do_get_bulk(MibView, NonRepeaters, MaxRepetitions, PduMS, Varbinds) ->
-    ?vtrace("do get bulk: start with"
+
+do_get_bulk(MibView, NonRepeaters, MaxRepetitions, PduMS, Varbinds, GbMaxVBs) ->
+    ?vtrace("do_get_bulk -> entry with"
 	    "~n   MibView:        ~p"
 	    "~n   NonRepeaters:   ~p"
 	    "~n   MaxRepetitions: ~p"
 	    "~n   PduMS:          ~p"
-	    "~n   Varbinds:       ~p",
-	    [MibView, NonRepeaters, MaxRepetitions, PduMS, Varbinds]),
+	    "~n   Varbinds:       ~p"
+	    "~n   GbMaxVBs:       ~p",
+	    [MibView, NonRepeaters, MaxRepetitions, PduMS, Varbinds, GbMaxVBs]),
     {NonRepVbs, RestVbs} = split_vbs(NonRepeaters, Varbinds, []),
-    ?vt("do get bulk -> split: "
+    ?vt("do_get_bulk -> split: "
 	"~n   NonRepVbs: ~p"
 	"~n   RestVbs:   ~p", [NonRepVbs, RestVbs]),
-    case do_get_next(MibView, NonRepVbs) of
-	{noError, 0, UResNonRepVbs} -> 
-	    ?vt("do get bulk -> next: "
+    case do_get_next(MibView, NonRepVbs, GbMaxVBs) of
+	{noError, 0, UResNonRepVbs} ->
+	    ?vt("do_get_bulk -> next noError: "
 		"~n   UResNonRepVbs: ~p", [UResNonRepVbs]),
 	    ResNonRepVbs = lists:keysort(#varbind.org_index, UResNonRepVbs),
 	    %% Decode the first varbinds, produce a reversed list of
@@ -3428,11 +3613,12 @@ do_get_bulk(MibView, NonRepeaters, MaxRepetitions, PduMS, Varbinds) ->
 		    user_err("failed encoding varbind ~w:~n~p", [Idx, Reason]),
                     {genErr, Idx, []};
                 {SizeLeft, Res} when is_integer(SizeLeft) and is_list(Res) ->
- 		    ?vtrace("do get bulk -> encoded: "
+ 		    ?vtrace("do_get_bulk -> encoded: "
 			    "~n   SizeLeft: ~p"
 			    "~n   Res:      ~w", [SizeLeft, Res]),
 		    case (catch do_get_rep(SizeLeft, MibView, MaxRepetitions,
-					   RestVbs, Res)) of
+					   RestVbs, Res, 
+					   length(UResNonRepVbs), GbMaxVBs)) of
 			{error, Idx, Reason} ->
 			    user_err("failed encoding varbind ~w:~n~p", 
 				     [Idx, Reason]),
@@ -3441,6 +3627,10 @@ do_get_bulk(MibView, NonRepeaters, MaxRepetitions, PduMS, Varbinds) ->
 			    ?vtrace("do get bulk -> Res: "
 				    "~n   ~w", [Res]),
 			    {noError, 0, conv_res(Res)};
+			{noError, 0, Data} = OK ->
+			    ?vtrace("do get bulk -> OK: "
+				    "~n   length(Data): ~w", [length(Data)]),
+			    OK;
 			Else ->
 			    ?vtrace("do get bulk -> Else: "
 				    "~n   ~w", [Else]),
@@ -3449,6 +3639,7 @@ do_get_bulk(MibView, NonRepeaters, MaxRepetitions, PduMS, Varbinds) ->
 		Res when is_list(Res) ->
 		    {noError, 0, conv_res(Res)}
 	    end;
+
 	{ErrorStatus, Index, _} ->
 	    ?vdebug("do get bulk: "
 		    "~n   ErrorStatus: ~p"
@@ -3498,11 +3689,12 @@ enc_vbs(SizeLeft, Vbs) ->
 	  end,
     lists:foldl(Fun, {SizeLeft, []}, Vbs).
 
-do_get_rep(Sz, MibView, MaxRepetitions, Varbinds, Res) 
+do_get_rep(Sz, MibView, MaxRepetitions, Varbinds, Res, GbNumVBs, GbMaxVBs) 
   when MaxRepetitions >= 0 ->
-    do_get_rep(Sz, MibView, 0, MaxRepetitions, Varbinds, Res);
-do_get_rep(Sz, MibView, _MaxRepetitions, Varbinds, Res) ->
-    do_get_rep(Sz, MibView, 0, 0, Varbinds, Res).
+    do_get_rep(Sz, MibView, 0, MaxRepetitions, Varbinds, Res, 
+	       GbNumVBs, GbMaxVBs);
+do_get_rep(Sz, MibView, _MaxRepetitions, Varbinds, Res, GbNumVBs, GbMaxVBs) ->
+    do_get_rep(Sz, MibView, 0, 0, Varbinds, Res, GbNumVBs, GbMaxVBs).
 
 conv_res(ResVarbinds) ->
     conv_res(ResVarbinds, []).
@@ -3511,22 +3703,30 @@ conv_res([VbListOfBytes | T], Bytes) ->
 conv_res([], Bytes) ->
     Bytes.
 
-do_get_rep(_Sz, _MibView, Max, Max, _, Res) ->
+%% The only other value, then a positive integer, is infinity.
+do_get_rep(_Sz, _MibView, Count, Max, _, _Res, GbNumVBs, GbMaxVBs) 
+  when (is_integer(GbMaxVBs) andalso (GbNumVBs > GbMaxVBs)) ->
+    ?vinfo("Max Get-BULK VBs limit (~w) exceeded (~w) when:"
+	   "~n   Count: ~p"
+	   "~n   Max:   ~p", [GbMaxVBs, GbNumVBs, Count, Max]),
+    {tooBig, 0, []};
+do_get_rep(_Sz, _MibView, Max, Max, _, Res, _GbNumVBs, _GbMaxVBs) ->
     ?vt("do_get_rep -> done when: "
 	"~n   Res: ~p", [Res]),
     {noError, 0, conv_res(Res)};
-do_get_rep(Sz, MibView, Count, Max, Varbinds, Res) -> 
+do_get_rep(Sz, MibView, Count, Max, Varbinds, Res, GbNumVBs, GbMaxVBs) -> 
     ?vt("do_get_rep -> entry when: "
 	"~n   Sz:    ~p"
 	"~n   Count: ~p"
 	"~n   Res:   ~w", [Sz, Count, Res]),
-    case try_get_bulk(Sz, MibView, Varbinds) of
+    case try_get_bulk(Sz, MibView, Varbinds, GbMaxVBs) of
 	{noError, NextVarbinds, SizeLeft, Res2} -> 
 	    ?vt("do_get_rep -> noError: "
 		"~n   SizeLeft: ~p"
 		"~n   Res2:     ~p", [SizeLeft, Res2]),
 	    do_get_rep(SizeLeft, MibView, Count+1, Max, NextVarbinds,
-		       Res2 ++ Res);
+		       Res2 ++ Res, 
+		       GbNumVBs + length(Varbinds), GbMaxVBs);
 	{endOfMibView, _NextVarbinds, _SizeLeft, Res2} -> 
 	    ?vt("do_get_rep -> endOfMibView: "
 		"~n   Res2: ~p", [Res2]),
@@ -3538,22 +3738,29 @@ do_get_rep(Sz, MibView, Count, Max, Varbinds, Res) ->
 	    {ErrorStatus, Index, []}
     end.
 
-try_get_bulk(Sz, MibView, Varbinds) -> 
+org_index_sort_vbs(Vbs) ->
+    lists:keysort(#varbind.org_index, Vbs).
+
+try_get_bulk(Sz, MibView, Varbinds, GbMaxVBs) -> 
     ?vt("try_get_bulk -> entry with"
-	"~n   Sz: ~w", [Sz]),
-    case do_get_next(MibView, Varbinds) of
+	"~n   Sz:       ~w"
+	"~n   MibView:  ~w"
+	"~n   Varbinds: ~w", [Sz, MibView, Varbinds]),
+    case do_get_next(MibView, Varbinds, GbMaxVBs) of
 	{noError, 0, UNextVarbinds} -> 
-	    ?vt("try_get_bulk -> noError", []),
-	    NextVarbinds = lists:keysort(#varbind.org_index, UNextVarbinds),
+	    ?vt("try_get_bulk -> noError: "
+		"~n   UNextVarbinds: ~p", [UNextVarbinds]),
+	    NextVarbinds = org_index_sort_vbs(UNextVarbinds),
 	    case (catch enc_vbs(Sz, NextVarbinds)) of
 		{error, Idx, Reason} ->
 		    user_err("failed encoding varbind ~w:~n~p", [Idx, Reason]),
-		    ?vtrace("try_get_bulk -> error: "
+		    ?vtrace("try_get_bulk -> encode error: "
 			    "~n   Idx:    ~p"
 			    "~n   Reason: ~p", [Idx, Reason]),
 		    {genErr, Idx};
-		{SizeLeft, Res} when is_integer(SizeLeft) andalso is_list(Res) ->
-		    ?vt("try get bulk -> "
+		{SizeLeft, Res} when is_integer(SizeLeft) andalso 
+				     is_list(Res) ->
+		    ?vt("try get bulk -> encode ok: "
 			"~n   SizeLeft: ~w"
 			"~n   Res:      ~w", [SizeLeft, Res]),
 		    {check_end_of_mibview(NextVarbinds),
@@ -3564,9 +3771,9 @@ try_get_bulk(Sz, MibView, Varbinds) ->
 		    {endOfMibView, [], 0, Res}
 	    end;
 	{ErrorStatus, Index, _} ->
-	    ?vt("try get bulk: "
+	    ?vt("try_get_bulk -> error: "
 		"~n   ErrorStatus: ~p"
-		"~n   Index:       ~p",[ErrorStatus, Index]),
+		"~n   Index:       ~p", [ErrorStatus, Index]),
 	    {ErrorStatus, Index}
     end.
 
@@ -3707,9 +3914,8 @@ get_err({ErrC, ErrI, Vbs}) ->
     {get_err_i(ErrC), ErrI, Vbs}.
 
 get_err_i(noError) -> noError;
-get_err_i(S) -> 
-    ?vtrace("convert '~p' to 'genErr'",[S]),
-    genErr.
+get_err_i(tooBig) -> tooBig;    % OTP-9700 
+get_err_i(ES) -> ?vtrace("convert ErrorStatus '~p' to 'genErr'", [ES]), genErr.
 
 v2err_to_v1err(noError) ->            noError;
 v2err_to_v1err(noAccess) ->           noSuchName;
@@ -3935,6 +4141,7 @@ mapfoldl(F, Eas, Accu0, [Hd|Tail]) ->
     {Accu2,[R|Rs]};
 mapfoldl(_F, _Eas, Accu, []) -> {Accu,[]}.
 
+
 %%-----------------------------------------------------------------
 %% Runtime debugging of the agent.
 %%-----------------------------------------------------------------
@@ -4001,6 +4208,18 @@ subagents_verbosity(_,_V) ->
 
 %% ---------------------------------------------------------------------
 
+local_engine_id(#state{type = master_agent}) ->
+    ?DEFAULT_LOCAL_ENGINE_ID;
+local_engine_id(_) ->
+    %% subagent - 
+    %% we don't need this now, eventually the trap send 
+    %% request will reach the master-agent and then it 
+    %% will look up the proper engine id.
+    ignore.
+
+
+%% ---------------------------------------------------------------------
+
 handle_get_log_type(#state{net_if_mod = Mod}) 
   when Mod =/= undefined ->
     case (catch Mod:get_log_type(get(net_if))) of
@@ -4047,7 +4266,7 @@ handle_set_request_limit(_, _) ->
     {error, not_supported}.
 
 
-agent_info(#state{worker = W, set_worker = SW}) ->	 
+agent_info(#state{worker = W, set_worker = SW}) -> 
     case (catch get_agent_info(W, SW)) of
 	Info when is_list(Info) ->
 	    Info;
@@ -4206,6 +4425,9 @@ get_multi_threaded(Opts) ->
 get_versions(Opts) ->
     get_option(versions, Opts, [v1,v2,v3]).
 
+get_gb_max_vbs(Opts) ->
+    get_option(gb_max_vbs, Opts, infinity).
+
 get_note_store_opt(Opts) ->
     get_option(note_store, Opts, []).
 
diff --git a/lib/snmp/src/agent/snmpa_internal.hrl b/lib/snmp/src/agent/snmpa_internal.hrl
index a490a78f84..c435b519d9 100644
--- a/lib/snmp/src/agent/snmpa_internal.hrl
+++ b/lib/snmp/src/agent/snmpa_internal.hrl
@@ -22,9 +22,19 @@
 
 -include_lib("snmp/src/app/snmp_internal.hrl").
 
--define(DEFAULT_LOCAL_ENGINE_ID, snmp_framework_mib:get_engine_id()).
+%% The DEFAULT_LOCAL_ENGINE_ID macro can only be used by the master_agent!!
+-define(DEFAULT_LOCAL_ENGINE_ID,  snmp_framework_mib:get_engine_id()). 
 -define(DEFAULT_NOTIF_EXTRA_INFO, {snmpa_default_notification_extra_info}).
 
+%% -- Max number of VBs in a Get-BULK response --
+%% (( The default value, 1000, is *way* more   ))
+%% (( then there is room for in a normal pdu   ))
+%% (( (unless the max pdu size has been        ))
+%% (( cranked way up), so this value should    ))
+%% (( suffice as "infinity" without actually   ))
+%% (( causing memory issues for the VM ...     ))
+-define(DEFAULT_GB_MAX_VBS, 1000).
+
 -define(snmpa_info(F, A),    ?snmp_info("agent",    F, A)).
 -define(snmpa_warning(F, A), ?snmp_warning("agent", F, A)).
 -define(snmpa_error(F, A),   ?snmp_error("agent",   F, A)).
diff --git a/lib/snmp/src/agent/snmpa_local_db.erl b/lib/snmp/src/agent/snmpa_local_db.erl
index d9d6e633de..1ec8dd3874 100644
--- a/lib/snmp/src/agent/snmpa_local_db.erl
+++ b/lib/snmp/src/agent/snmpa_local_db.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -486,7 +486,11 @@ handle_call({match, Name, Db, Pattern}, _From, State) ->
     L1 = match(Db, Name, Pattern, State),
     {reply, lists:delete([undef], L1), State};
 
-handle_call({backup, BackupDir}, From, #state{dets = Dets} = State) ->
+%% This check (that there is no backup already in progress) is also 
+%% done in the master agent process, but just in case a user issues 
+%% a backup call to this process directly, we add a similar check here. 
+handle_call({backup, BackupDir}, From, 
+	    #state{backup = undefined, dets = Dets} = State) ->
     ?vlog("backup: ~p",[BackupDir]),
     Pid = self(),
     V   = get(verbosity),
@@ -511,6 +515,10 @@ handle_call({backup, BackupDir}, From, #state{dets = Dets} = State) ->
 	    {reply, Error, State}
     end;
 
+handle_call({backup, _BackupDir}, From, #state{backup = Backup} = S) ->
+    ?vinfo("backup already in progress: ~p", [Backup]),
+    {reply, {error, backup_in_progress}, S};
+
 handle_call(dump, _From, #state{dets = Dets} = State) ->
     ?vlog("dump",[]),
     dets_sync(Dets),
@@ -1110,7 +1118,7 @@ table_func(is_set_ok, RowIndex, Cols, NameDb) ->
 table_func(set, RowIndex, Cols, NameDb) ->
     snmp_generic:table_set_row(NameDb,
 			       nofunc,
-			       {snmp_generic, table_try_make_consistent},
+			       fun snmp_generic:table_try_make_consistent/3,
 			       RowIndex,
 			       Cols);
 
diff --git a/lib/snmp/src/agent/snmpa_mib.erl b/lib/snmp/src/agent/snmpa_mib.erl
index ce90db18b3..574467d38f 100644
--- a/lib/snmp/src/agent/snmpa_mib.erl
+++ b/lib/snmp/src/agent/snmpa_mib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -552,8 +552,12 @@ handle_call({dump, File}, _From, #state{data = Data} = State) ->
     Reply = snmpa_mib_data:dump(Data, File),
     {reply, Reply, State};
     
-handle_call({backup, BackupDir}, From, #state{data = Data} = State) ->
-    ?vlog("backup to ~s",[BackupDir]),
+%% This check (that there is no backup already in progress) is also 
+%% done in the master agent process, but just in case a user issues 
+%% a backup call to this process directly, we add a similar check here. 
+handle_call({backup, BackupDir}, From, 
+	    #state{backup = undefined, data = Data} = State) ->
+    ?vlog("backup to ~s", [BackupDir]),
     Pid = self(),
     V   = get(verbosity),
     case file:read_file_info(BackupDir) of
@@ -576,6 +580,10 @@ handle_call({backup, BackupDir}, From, #state{data = Data} = State) ->
 	    {reply, Error, State}
     end;
     
+handle_call({backup, _BackupDir}, From, #state{backup = Backup} = S) ->
+    ?vinfo("backup already in progress: ~p", [Backup]),
+    {reply, {error, backup_in_progress}, S};
+
 handle_call(stop, _From, State) ->
     ?vlog("stop",[]),    
     {stop, normal, ok, State};
diff --git a/lib/snmp/src/agent/snmpa_mib_lib.erl b/lib/snmp/src/agent/snmpa_mib_lib.erl
index 078e681945..3c94cc8095 100644
--- a/lib/snmp/src/agent/snmpa_mib_lib.erl
+++ b/lib/snmp/src/agent/snmpa_mib_lib.erl
@@ -61,23 +61,23 @@ table_del_row({Tab, Db} = TabDb, Key) ->
 get_table(NameDb, FOI) ->
     (catch get_table(NameDb, FOI, [], [])).
 
-get_table(NameDb, FOI, Oid, Acc) ->
-    case table_next(NameDb, Oid) of
+get_table(NameDb, FOI, Key, Acc) ->
+    case table_next(NameDb, Key) of
         endOfTable ->
             ?vdebug("end of table",[]),
             {ok, lists:reverse(Acc)};
-        Oid ->
+        Key ->
             %% Crap, circular ref
-            ?vinfo("cyclic reference: ~w -> ~w", [Oid,Oid]),
-            throw({error, {cyclic_db_reference, Oid, Acc}});
-        NextOid ->
-            ?vtrace("get row for oid ~w", [NextOid]),
-            case table_get_row(NameDb, NextOid, FOI) of
+            ?vinfo("cyclic reference: ~w -> ~w", [Key, Key]),
+            throw({error, {cyclic_db_reference, Key, Acc}});
+        NextKey ->
+            ?vtrace("get row for key ~w", [NextKey]),
+            case table_get_row(NameDb, NextKey, FOI) of
                 undefined -> 
-		    throw({error, {invalid_rowindex, NextOid, Acc}});
+		    throw({error, {invalid_rowindex, NextKey, Acc}});
                 Row ->
                     ?vtrace("row: ~w", [Row]),
-		    get_table(NameDb, FOI, NextOid, [{NextOid, Row}|Acc])
+		    get_table(NameDb, FOI, NextKey, [{NextKey, Row}|Acc])
             end
     end.
     
diff --git a/lib/snmp/src/agent/snmpa_mpd.erl b/lib/snmp/src/agent/snmpa_mpd.erl
index 4f50b1a674..2d37ea56f0 100644
--- a/lib/snmp/src/agent/snmpa_mpd.erl
+++ b/lib/snmp/src/agent/snmpa_mpd.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -468,15 +468,10 @@ v3_proc(NoteStore, Packet, LocalEngineID, V3Hdr, Data, Log) ->
 			_ ->
 			    %% 4.2.2.1.2
 			    NIsReportable = snmp_misc:is_reportable_pdu(Type),
-			    Val = inc(snmpUnknownPDUHandlers),
 			    ErrorInfo = 
-				{#varbind{oid = ?snmpUnknownPDUHandlers,
-					  variabletype = 'Counter32',
-					  value = Val},
-				 SecName,
-				 [{securityLevel,   SecLevel},
-				  {contextEngineID, ContextEngineID},
-				  {contextName,     ContextName}]},
+				snmpUnknownPDUHandlers_ei(SecName, SecLevel, 
+							  ContextEngineID, 
+							  ContextName),
 			    case generate_v3_report_msg(MsgID, 
 							MsgSecurityModel,
 							Data, LocalEngineID, 
@@ -507,6 +502,21 @@ v3_proc(NoteStore, Packet, LocalEngineID, V3Hdr, Data, Log) ->
 	    end
     end.
 
+make_error_info(Variable, Oid, SecName, Opts) ->
+    Val = inc(Variable),
+    VB  = #varbind{oid          = Oid, 
+		   variabletype = 'Counter32',
+		   value        = Val},
+    {VB, SecName, Opts}.
+
+snmpUnknownPDUHandlers_ei(SecName, SecLevel, 
+			  ContextEngineID, ContextName) ->
+    Opts = [{securityLevel,   SecLevel},
+	    {contextEngineID, ContextEngineID},
+	    {contextName,     ContextName}], 
+    make_error_info(snmpUnknownPDUHandlers, 
+		    ?snmpUnknownPDUHandlers_instance,
+		    SecName, Opts).
 
 get_security_module(?SEC_USM) ->
     snmpa_usm;
diff --git a/lib/snmp/src/agent/snmpa_set_lib.erl b/lib/snmp/src/agent/snmpa_set_lib.erl
index 00c77a0cdb..f5218d5409 100644
--- a/lib/snmp/src/agent/snmpa_set_lib.erl
+++ b/lib/snmp/src/agent/snmpa_set_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -143,8 +143,8 @@ consistency_check(Varbinds) ->
     consistency_check(Varbinds, []).
 consistency_check([{TableOid, TableVbs} | Varbinds], Done) ->
     ?vtrace("consistency_check -> entry with"
-	"~n   TableOid: ~p"
-	"~n   TableVbs: ~p",[TableOid,TableVbs]),
+	    "~n   TableOid: ~p"
+	    "~n   TableVbs: ~p", [TableOid, TableVbs]),
     TableOpsWithShortOids = deletePrefixes(TableOid, TableVbs),
     [#ivarbind{mibentry = MibEntry}|_] = TableVbs,
     case is_set_ok_table(MibEntry, TableOpsWithShortOids) of
@@ -158,7 +158,7 @@ consistency_check([{TableOid, TableVbs} | Varbinds], Done) ->
     end;
 consistency_check([IVarbind | Varbinds], Done) ->
     ?vtrace("consistency_check -> entry with"
-	"~n   IVarbind: ~p",[IVarbind]),
+	    "~n   IVarbind: ~p", [IVarbind]),
     #ivarbind{varbind = Varbind, mibentry = MibEntry} = IVarbind,
     #varbind{value = Value, org_index = OrgIndex} = Varbind,
     case is_set_ok_variable(MibEntry, Value) of
@@ -358,38 +358,54 @@ make_value_a_correct_value(Value, ASN1Type, Mfa) ->
 %% Runtime debug support
 %%-----------------------------------------------------------------
 
-% XXX: This function match on the exakt return codes from EXIT
-% messages. As of this writing it was not decided if this is
-% the right way so don't blindly do things this way.
-%
-% We fake a real EXIT signal as the return value because the
-% result is passed to the function snmpa_agent:validate_err()
-% that expect it.
+%% XYZ: This function match on the exakt return codes from EXIT
+%% messages. As of this writing it was not decided if this is
+%% the right way so don't blindly do things this way.
+%%
+%% We fake a real EXIT signal as the return value because the
+%% result is passed to the function snmpa_agent:validate_err()
+%% that expect it.
   
 dbg_apply(M,F,A) ->
-    Result =
-	case get(verbosity) of
-	    false ->
-		(catch apply(M,F,A));
-	    _ ->
-		?vlog("~n   apply: ~w,~w,~p~n", [M,F,A]),
-		Res = (catch apply(M,F,A)),
-		?vlog("~n   returned: ~p", [Res]),
-		Res
-	end,
-    case Result of
-	{'EXIT', {undef, [{M, F, A, _} | _]}} ->
-	    {'EXIT', {hook_undef, {M, F, A}}};
-	{'EXIT', {function_clause, [{M, F, A, _} | _]}} ->
-	    {'EXIT', {hook_function_clause, {M, F, A}}};
-
-	% XXX: Old format for compatibility
-	{'EXIT', {undef, {M, F, A, _}}} ->
-	    {'EXIT', {hook_undef, {M, F, A}}};
-	{'EXIT', {function_clause, {M, F, A, _}}} ->
-	    {'EXIT', {hook_function_clause, {M, F, A}}};
-
-	Result ->
-	    Result
+    case maybe_verbose_apply(M, F, A) of
+        %% <Future proofing>
+        %% As of R15 we get extra info containing, 
+        %% among other things, line numbers.
+        {'EXIT', {undef, [{M, F, A, _} | _]}} ->
+            {'EXIT', {hook_undef, {M, F, A}}};
+        {'EXIT', {function_clause, [{M, F, A, _} | _]}} ->
+            {'EXIT', {hook_function_clause, {M, F, A}}};
+
+        %% This is really overkill, but just to be on the safe side...
+        {'EXIT', {undef, {M, F, A, _}}} ->
+            {'EXIT', {hook_undef, {M, F, A}}};
+        {'EXIT', {function_clause, {M, F, A, _}}} ->
+            {'EXIT', {hook_function_clause, {M, F, A}}};
+        %% </Future proofing>
+
+        %% Old format format for compatibility
+        {'EXIT', {undef, [{M, F, A} | _]}} ->
+            {'EXIT', {hook_undef, {M, F, A}}};
+        {'EXIT', {function_clause, [{M, F, A} | _]}} ->
+            {'EXIT', {hook_function_clause, {M, F, A}}};
+
+						% XYZ: Older format for compatibility
+        {'EXIT', {undef, {M, F, A}}} ->
+            {'EXIT', {hook_undef, {M, F, A}}};
+        {'EXIT', {function_clause, {M, F, A}}} ->
+            {'EXIT', {hook_function_clause, {M, F, A}}};
+
+        Result ->
+            Result
     end.
 
+maybe_verbose_apply(M, F, A) ->
+    case get(verbosity) of
+        false ->
+            (catch apply(M,F,A));
+        _ ->
+            ?vlog("~n   apply: ~w,~w,~p~n", [M,F,A]),
+            Res = (catch apply(M,F,A)),
+            ?vlog("~n   returned: ~p", [Res]),
+            Res
+    end.
diff --git a/lib/snmp/src/agent/snmpa_supervisor.erl b/lib/snmp/src/agent/snmpa_supervisor.erl
index 5ef5914e18..7a9c214e0d 100644
--- a/lib/snmp/src/agent/snmpa_supervisor.erl
+++ b/lib/snmp/src/agent/snmpa_supervisor.erl
@@ -176,8 +176,8 @@ init([AgentType, Opts]) ->
       "~n   AgentType: ~p"
       "~n   Opts:      ~p", [AgentType, Opts]),
 
-    put(sname, asup),
-    put(verbosity,get_verbosity(Opts)),
+    put(sname,     asup),
+    put(verbosity, get_verbosity(Opts)),
 
     ?vlog("starting",[]),
 
@@ -203,7 +203,12 @@ init([AgentType, Opts]) ->
     Vsns = get_opt(versions, Opts, [v1,v2,v3]),
     ?vdebug("[agent table] store versions: ~p",[Vsns]),
     ets:insert(snmp_agent_table, {versions, Vsns}),
-    
+
+    %% -- Max number of VBs in a Get-BULK response --
+    GbMaxVBs = get_gb_max_vbs(Opts),
+    ?vdebug("[agent table] Get-BULK max VBs: ~p", [GbMaxVBs]),
+    ets:insert(snmp_agent_table, {gb_max_vbs, GbMaxVBs}),
+
     %% -- DB-directory --
     DbDir = get_opt(db_dir, Opts),
     ?vdebug("[agent table] store db_dir: ~n   ~p",[DbDir]),
@@ -377,7 +382,8 @@ init([AgentType, Opts]) ->
 		     {versions,               Vsns},
 		     {net_if,                 NiOpts},
 		     {mib_server,             MibsOpts},
-		     {note_store,             NsOpts}|
+		     {note_store,             NsOpts},
+		     {gb_max_vbs,             GbMaxVBs} |
 		     get_opt(master_agent_options, Opts, [])],
 		     
 		AgentSpec =
@@ -542,6 +548,32 @@ get_verbosity(Opts) ->
 get_agent_type(Opts) ->
     get_opt(agent_type, Opts, master).
 
+
+%% We validate this option! This should really be done for all
+%% options, but it is beyond the scope of this ticket, OTP-9700.
+
+get_gb_max_vbs(Opts) ->
+    Validate = 
+	fun(GbMaxVBs) 
+	   when ((is_integer(GbMaxVBs) andalso (GbMaxVBs > 0)) orelse
+		 (GbMaxVBs =:= infinity)) ->
+		ok;
+	   (_) ->
+		error
+	end,
+    get_option(gb_max_vbs, ?DEFAULT_GB_MAX_VBS, Validate, Opts).
+
+get_option(Key, Default, Validate, Opts) 
+  when is_list(Opts) andalso is_function(Validate) ->
+    Value = get_opt(Key, Opts, Default),
+    case Validate(Value) of
+	ok ->
+	    Value;
+	error ->
+	    exit({bad_option, Key, Value})
+    end.
+    
+
 get_opt(Key, Opts) ->
     snmp_misc:get_option(Key, Opts).
 
diff --git a/lib/snmp/src/agent/snmpa_trap.erl b/lib/snmp/src/agent/snmpa_trap.erl
index 567de020c0..994d926224 100644
--- a/lib/snmp/src/agent/snmpa_trap.erl
+++ b/lib/snmp/src/agent/snmpa_trap.erl
@@ -352,11 +352,26 @@ send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs, ExtraInfo, NetIf) ->
     send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs, 
 	      LocalEngineID, ExtraInfo, NetIf).
 
+%% The agent normally does not care about the result, 
+%% but since it can be usefull when debugging, add 
+%% some info when we fail to send the trap(s).
 send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs, LocalEngineID, 
 	  ExtraInfo, NetIf) ->
-    (catch do_send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs, 
-			LocalEngineID, ExtraInfo, NetIf)).
-
+    try 
+	begin
+	    do_send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs, 
+			 LocalEngineID, ExtraInfo, NetIf)
+	end
+    catch
+	T:E ->
+	    Info = [{args, [TrapRec, NotifyName, ContextName, 
+			    Recv, Vbs, LocalEngineID, ExtraInfo, NetIf]},
+		    {tag,  T},
+		    {err,  E},
+		    {stacktrace, erlang:get_stacktrace()}],
+	    {error, {failed_sending_trap, Info}}
+    end.
+     
 do_send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs, 
 	     LocalEngineID, ExtraInfo, NetIf) ->
     VarbindList = make_varbind_list(Vbs),
@@ -379,8 +394,13 @@ send_discovery(TargetName, Record, ContextName, Vbs, NetIf, ExtraInfo) ->
 
 get_values(VariablesWithType) ->
     {Order, Varbinds} = extract_order(VariablesWithType, 1),
+    ?vtrace("get_values -> "
+	    "~n   Order:    ~p"
+	    "~n   Varbinds: ~p", [Order, Varbinds]),
     case snmpa_agent:do_get(snmpa_acm:get_root_mib_view(), Varbinds, true) of
 	{noError, _, NewVarbinds} ->
+	    ?vtrace("get_values -> values retrieved"
+		    "~n   NewVarbinds: ~p", [NewVarbinds]),
 	    %% NewVarbinds is the result of:
 	    %% first a reverse, then a sort on the oid field and finally 
 	    %% a reverse during the get-processing so we need to re-sort 
diff --git a/lib/snmp/src/agent/snmpa_vacm.erl b/lib/snmp/src/agent/snmpa_vacm.erl
index 892dc265f1..dadcf32543 100644
--- a/lib/snmp/src/agent/snmpa_vacm.erl
+++ b/lib/snmp/src/agent/snmpa_vacm.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2012. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -62,6 +62,13 @@ get_mib_view(ViewType, SecModel, SecName, SecLevel, ContextName) ->
 
 %% Follows the procedure in rfc2275
 auth(ViewType, SecModel, SecName, SecLevel, ContextName) ->
+    ?vtrace("auth -> entry with"
+	    "~n   ViewType:    ~p"
+	    "~n   SecModel:    ~p"
+	    "~n   SecName:     ~p"
+	    "~n   SecLevel:    ~p"
+	    "~n   ContextName: ~p", 
+	    [ViewType, SecModel, SecName, SecLevel, ContextName]),
     % 3.2.1 - Check that the context is known to us
     ?vdebug("check that the context (~p) is known to us",[ContextName]),
     case snmp_view_based_acm_mib:vacmContextTable(get, ContextName,
@@ -74,7 +81,7 @@ auth(ViewType, SecModel, SecName, SecLevel, ContextName) ->
     end,
     % 3.2.2 - Check that the SecModel and SecName is valid
     ?vdebug("check that SecModel (~p) and SecName (~p) is valid",
-	    [SecModel,SecName]),
+	    [SecModel, SecName]),
     GroupName = 
 	case snmp_view_based_acm_mib:get(vacmSecurityToGroupTable, 
 					 [SecModel, length(SecName) | SecName],
@@ -111,6 +118,8 @@ check_auth(Res)                 -> {ok, Res}.
 %% key in the table >= ViewIndex.
 %%-----------------------------------------------------------------
 get_mib_view(ViewName) ->
+    ?vtrace("get_mib_view -> entry with"
+	    "~n   ViewName: ~p", [ViewName]),
     ViewKey = [length(ViewName) | ViewName],
     case snmp_view_based_acm_mib:table_next(vacmViewTreeFamilyTable,
 					    ViewKey) of
@@ -202,6 +211,13 @@ backup(BackupDir) ->
 
 %% Ret: {ok, ViewName} | {error, Reason}
 get_view_name(ViewType, GroupName, ContextName, SecModel, SecLevel) ->
+    ?vtrace("get_view_name -> entry with"
+	    "~n   ViewType:    ~p"
+	    "~n   GroupName:   ~p"
+	    "~n   ContextName: ~p"
+	    "~n   SecModel:    ~p"
+	    "~n   SecLevel:    ~p", 
+	    [ViewType, GroupName, ContextName, SecModel, SecLevel]),
     GroupKey = [length(GroupName) | GroupName],
     case get_access_row(GroupKey, ContextName, SecModel, SecLevel) of
 	undefined ->
@@ -266,9 +282,10 @@ dump_table(true) ->
 dump_table(_) ->
     ok.
 
+
 dump_table() ->
     [{_, FName}] = ets:lookup(snmp_agent_table, snmpa_vacm_file),
-    TmpName = FName ++ ".tmp",
+    TmpName = unique_table_name(FName), 
     case ets:tab2file(snmpa_vacm, TmpName) of
 	ok ->
 	    case file:rename(TmpName, FName) of
@@ -283,6 +300,35 @@ dump_table() ->
 		     [FName, Reason])
     end.
 
+%% This little thing is an attempt to create a "unique" filename
+%% in order to minimize the risk of two processes at the same 
+%% time dumping the table.
+unique_table_name(Pre) ->
+    %% We want something that is guaranteed to be unique, 
+    %% therefor we use erlang:now() instead of os:timestamp()
+    unique_table_name(Pre, erlang:now()).
+
+unique_table_name(Pre, {_A, _B, C} = Now) ->
+    {Date, Time}     = calendar:now_to_datetime(Now),
+    {YYYY, MM, DD}   = Date,
+    {Hour, Min, Sec} = Time,
+    FormatDate =
+        io_lib:format("~.4w~.2.0w~.2.0w_~.2.0w~.2.0w~.2.0w_~w",
+                      [YYYY, MM, DD, Hour, Min, Sec, round(C/1000)]), 
+    unique_table_name2(Pre, FormatDate).
+
+unique_table_name2(Pre, FormatedDate) ->
+    PidPart = unique_table_name_pid(), 
+    lists:flatten(io_lib:format("~s.~s~s.tmp", [Pre, PidPart, FormatedDate])).
+
+unique_table_name_pid() ->
+    case string:tokens(pid_to_list(self()), [$<,$.,$>]) of
+	[A, B, C] ->
+	    A ++ B ++ C ++ ".";
+	_ ->
+	    ""
+    end.
+
 
 %%-----------------------------------------------------------------
 %% Alg.
diff --git a/lib/snmp/src/app/snmp.appup.src b/lib/snmp/src/app/snmp.appup.src
index af988fda26..c8e5eec6db 100644
--- a/lib/snmp/src/app/snmp.appup.src
+++ b/lib/snmp/src/app/snmp.appup.src
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2012. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -22,24 +22,124 @@
 %% ----- U p g r a d e -------------------------------------------------------
 
  [
+  {"4.21.6",
+   [
+    {update, snmpa_local_db, soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,    soft, soft_purge, soft_purge, []}
+   ]
+  },
+  {"4.21.5",
+   [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib,   soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib,     soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap,        soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm,        soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db,   soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_mib,        soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent,      soft, soft_purge, soft_purge, []}
+   ]
+  },
+  {"4.21.4", 
+   [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db, soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent,    soft, soft_purge, soft_purge, []}
+   ]
+  }, 
+  {"4.21.3", 
+   [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db, soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent,    soft, soft_purge, soft_purge, []}
+   ]
+  }, 
   {"4.21.2", 
    [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mpd, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db, soft, soft_purge, soft_purge, []},
+    {update,      snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent,    soft, soft_purge, soft_purge, []}
    ]
   }, 
   {"4.21.1", 
    [
-    {update, snmp_note_store, soft, soft_purge, soft_purge, []}
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mpd, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db,  soft, soft_purge, soft_purge, []},
+    {update,      snmpa_mib,       soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent,     soft, soft_purge, soft_purge, []}, 
+    {update,      snmp_note_store, soft, soft_purge, soft_purge, []}
    ]
   }, 
   {"4.21", 
    [
-    {update, snmp_note_store, soft, soft_purge, soft_purge, []}, 
-    {load_module, snmp_target_mib, soft_purge, soft_purge, []}
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mpd, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]},
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db,  soft, soft_purge, soft_purge, []},
+    {update,      snmpa_mib,       soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent,     soft, soft_purge, soft_purge, []}, 
+    {update,      snmp_note_store, soft, soft_purge, soft_purge, []}
    ]
   }, 
   {"4.20.1", 
    [
-    {load_module, snmp_target_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
     {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
     {load_module, snmpm, soft_purge, soft_purge, 
      [snmpm_server, snmpm_config, snmp_config]}, 
@@ -51,36 +151,172 @@
      [snmp_conf, snmp_config]}, 
     {load_module, snmpa_conf, soft_purge, soft_purge, [snmp_config]}, 
     {update, snmp_note_store, soft, soft_purge, soft_purge, []}, 
-    {update, snmpa_agent, soft, soft_purge, soft_purge, [snmpa_mpd]}, 
-    {update, snmpm_config, soft, soft_purge, soft_purge, [snmp_conf]}, 
-    {update, snmpm_server, soft, soft_purge, soft_purge, 
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db, soft, soft_purge, soft_purge, []},
+    {update,      snmpa_mib,    soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent,  soft, soft_purge, soft_purge, [snmpa_mpd]}, 
+    {update,      snmpm_config, soft, soft_purge, soft_purge, [snmp_conf]}, 
+    {update,      snmpm_server, soft, soft_purge, soft_purge, 
      [snmpm_net_if, snmpm_mpd, snmpm_config]}, 
-    {update, snmpm_net_if, soft, soft_purge, soft_purge, 
+    {update,      snmpm_net_if, soft, soft_purge, soft_purge, 
+     [snmp_conf, snmpm_mpd, snmpm_config]}
+   ]
+  }, 
+  {"4.20", 
+   [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, 
+     [snmpa_mib_lib, snmp_conf]}, 
+    {load_module, snmpm, soft_purge, soft_purge, 
+     [snmpm_server, snmpm_config, snmp_config]}, 
+    {load_module, snmp_conf, soft_purge, soft_purge, []}, 
+    {load_module, snmp_config, soft_purge, soft_purge, []}, 
+    {load_module, snmpm_mpd, soft_purge, soft_purge, 
+     [snmp_conf, snmp_config, snmpm_config]}, 
+    {load_module, snmpa_mpd, soft_purge, soft_purge, 
+     [snmp_conf, snmp_config]}, 
+    {load_module, snmpa_conf, soft_purge, soft_purge, [snmp_config]}, 
+    {update, snmp_note_store, soft, soft_purge, soft_purge, []}, 
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db, soft, soft_purge, soft_purge, []},
+    {update,      snmpa_mib,    soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent, soft, soft_purge, soft_purge, [snmpa_mpd]}, 
+    {update,      snmpm_config, soft, soft_purge, soft_purge, [snmp_conf]}, 
+    {update,      snmpm_server, soft, soft_purge, soft_purge, 
+     [snmpm_net_if, snmpm_mpd, snmpm_config]}, 
+    {update,      snmpm_net_if, soft, soft_purge, soft_purge, 
      [snmp_conf, snmpm_mpd, snmpm_config]}
    ]
-  } 
+  }
  ], 
 
 %% ------D o w n g r a d e ---------------------------------------------------
 
  [
+  {"4.21.6",
+   [
+    {update, snmpa_local_db, soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,    soft, soft_purge, soft_purge, []}
+   ]
+  },
+  {"4.21.5",
+   [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib,   soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib,     soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap,        soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm,        soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db,   soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_mib,        soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent,      soft, soft_purge, soft_purge, []}
+   ]
+  },
+  {"4.21.4", 
+   [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {update, snmpa_local_db, soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,    soft, soft_purge, soft_purge, []}
+   ]
+  }, 
+  {"4.21.3", 
+   [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {update, snmpa_local_db, soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,    soft, soft_purge, soft_purge, []}
+   ]
+  }, 
   {"4.21.2", 
    [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mpd, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update, snmpa_local_db, soft, soft_purge, soft_purge, []},
+    {update, snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,    soft, soft_purge, soft_purge, []}
    ]
   }, 
   {"4.21.1", 
    [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mpd, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update, snmpa_local_db,  soft, soft_purge, soft_purge, []},
+    {update, snmpa_mib,       soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,     soft, soft_purge, soft_purge, []}, 
     {update, snmp_note_store, soft, soft_purge, soft_purge, []}
    ]
   }, 
   {"4.21", 
    [
-    {update, snmp_note_store, soft, soft_purge, soft_purge, []}, 
-    {load_module, snmp_target_mib, soft_purge, soft_purge, []}
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mpd, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, []},
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update, snmpa_local_db,  soft, soft_purge, soft_purge, []},
+    {update, snmpa_mib,       soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,     soft, soft_purge, soft_purge, []}, 
+    {update, snmp_note_store, soft, soft_purge, soft_purge, []}
    ]
   }, 
   {"4.20.1", 
    [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
     {load_module, snmp_target_mib, soft_purge, soft_purge, []}, 
     {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
     {load_module, snmpm, soft_purge, soft_purge, 
@@ -93,7 +329,42 @@
      [snmp_conf, snmp_config]}, 
     {load_module, snmpa_conf, soft_purge, soft_purge, [snmp_config]}, 
     {update, snmp_note_store, soft, soft_purge, soft_purge, []}, 
-    {update, snmpa_agent, soft, soft_purge, soft_purge, [snmpa_mpd]}, 
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update, snmpa_local_db, soft, soft_purge, soft_purge, []},
+    {update, snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,    soft, soft_purge, soft_purge, [snmpa_mpd]}, 
+    {update, snmpm_config, soft, soft_purge, soft_purge, [snmp_conf]}, 
+    {update, snmpm_server, soft, soft_purge, soft_purge, 
+     [snmpm_net_if, snmpm_mpd, snmpm_config]}, 
+    {update, snmpm_net_if, soft, soft_purge, soft_purge, 
+     [snmp_conf, snmpm_mpd, snmpm_config]}
+   ]
+  }, 
+  {"4.20", 
+   [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmp_conf]}, 
+    {load_module, snmpm, soft_purge, soft_purge, 
+     [snmpm_server, snmpm_config, snmp_config]}, 
+    {load_module, snmp_conf, soft_purge, soft_purge, []}, 
+    {load_module, snmp_config, soft_purge, soft_purge, []}, 
+    {load_module, snmpm_mpd, soft_purge, soft_purge, 
+     [snmp_conf, snmp_config, snmpm_config]}, 
+    {load_module, snmpa_mpd, soft_purge, soft_purge, 
+     [snmp_conf, snmp_config]}, 
+    {load_module, snmpa_conf, soft_purge, soft_purge, [snmp_config]}, 
+    {update, snmp_note_store, soft, soft_purge, soft_purge, []}, 
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update, snmpa_local_db, soft, soft_purge, soft_purge, []},
+    {update, snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,    soft, soft_purge, soft_purge, [snmpa_mpd]}, 
     {update, snmpm_config, soft, soft_purge, soft_purge, [snmp_conf]}, 
     {update, snmpm_server, soft, soft_purge, soft_purge, 
      [snmpm_net_if, snmpm_mpd, snmpm_config]}, 
diff --git a/lib/snmp/src/compile/snmpc.src b/lib/snmp/src/compile/snmpc.src
index 868e0929b4..6eb95be35e 100644
--- a/lib/snmp/src/compile/snmpc.src
+++ b/lib/snmp/src/compile/snmpc.src
@@ -401,7 +401,6 @@ usage() ->
 e(Reason) ->
     throw({error, Reason}).
 
-
 otp_release() ->
     system_info(otp_release, string).
 
@@ -414,4 +413,3 @@ system_info(Tag, Type) ->
         Info ->
             lists:flatten(io_lib:format("~w", [Info]))
     end.
-
diff --git a/lib/snmp/src/misc/snmp_note_store.erl b/lib/snmp/src/misc/snmp_note_store.erl
index 23fccf8a5f..608fdcd9ca 100644
--- a/lib/snmp/src/misc/snmp_note_store.erl
+++ b/lib/snmp/src/misc/snmp_note_store.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/snmp/test/snmp_agent_test.erl b/lib/snmp/test/snmp_agent_test.erl
index 468280db02..e968bc65b1 100644
--- a/lib/snmp/test/snmp_agent_test.erl
+++ b/lib/snmp/test/snmp_agent_test.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -92,7 +92,8 @@ all() ->
     Conf1 ++ Conf2.
 
 groups() -> 
-    [{all_tcs, [], cases()},
+    [
+     {all_tcs, [], cases()},
      {mib_storage, [],
       [
        {group, mib_storage_ets}, 
@@ -221,7 +222,7 @@ groups() ->
        {group, otp_7157}
       ]
      },
-     {tickets2, [], [otp8395]},
+     {tickets2, [], [otp8395, otp9884]},
      {otp_4394, [], [otp_4394_test]},
      {otp_7157, [], [otp_7157_test]
      }
@@ -321,6 +322,12 @@ init_per_testcase(otp8395 = Case, Config) when is_list(Config) ->
 	 "~n   Config: ~p", [Case, Config]),
     Config2 = init_per_testcase2(Case, init_per_suite(Config)), 
     otp8395({init, Config2});
+init_per_testcase(otp9884 = Case, Config) when is_list(Config) ->
+    ?DBG("init_per_testcase -> entry with"
+	 "~n   Case:   ~p"
+	 "~n   Config: ~p", [Case, Config]),
+    Config2 = init_per_testcase2(Case, init_per_suite(Config)), 
+    otp9884({init, Config2});
 init_per_testcase(otp_7157_test = _Case, Config) when is_list(Config) ->
     ?DBG("init_per_testcase -> entry with"
 	 "~n   Case:   ~p"
@@ -348,6 +355,8 @@ init_per_testcase(_Case, Config) when is_list(Config) ->
 
 end_per_testcase(otp8395, Config) when is_list(Config) ->
     otp8395({fin, Config});
+end_per_testcase(otp9884, Config) when is_list(Config) ->
+    otp9884({fin, Config});
 end_per_testcase(_Case, Config) when is_list(Config) ->
     ?DBG("end_per_testcase -> entry with"
 	 "~n   Case:   ~p"
@@ -1320,8 +1329,11 @@ finish_v3(Config) when is_list(Config) ->
     lists:keydelete(vsn, 1, C1).
 
 
-mt_cases() -> 
-[multi_threaded, mt_trap].
+mt_cases() ->
+    [
+     multi_threaded, 
+     mt_trap
+    ].
 
 init_mt(Config) when is_list(Config) ->
     SaNode = ?config(snmp_sa, Config),
@@ -1498,7 +1510,8 @@ mt_trap(Config) when is_list(Config) ->
     ?line load_master("TestTrapv2"),
     try_test(mt_trap_test, [MA]),
     ?line unload_master("TestTrapv2"),
-    ?line unload_master("Test1").
+    ?line unload_master("Test1"),
+    ok.
 
 v2_types(suite) -> [];
 v2_types(Config) when is_list(Config) ->
@@ -3134,8 +3147,9 @@ mt_trap_test(MA) ->
     ?DBG("mt_trap_test(01) -> issue testTrapv22 (standard trap)", []),
     snmpa:send_trap(MA, testTrapv22, "standard trap"),
     ?DBG("mt_trap_test(02) -> await v2trap", []),
-    ?line expect(1, v2trap, [{[sysUpTime, 0], any},
-			     {[snmpTrapOID, 0], ?system ++ [0,1]}]),
+    ?line expect(mt_trap_test_1, v2trap, 
+		 [{[sysUpTime, 0],   any},
+		  {[snmpTrapOID, 0], ?system ++ [0,1]}]),
 
     ?DBG("mt_trap_test(03) -> issue mtTrap (standard trap)", []),
     snmpa:send_trap(MA, mtTrap, "standard trap"),
@@ -3143,28 +3157,22 @@ mt_trap_test(MA) ->
     ?DBG("mt_trap_test(04) -> multi pid: ~p. Now request sysUpTime...", [Pid]),
     g([[sysUpTime,0]]),
 
-    %% Previously (before OTP-6784) this was done at 09 below 
-    %% when the test1:multiStr was actually executed by the 
-    %% worker-process, but as of 4.9.4, this is now executed
-    %% my the master_agent-process...
-    ?DBG("mt_trap_test(05) -> send continue to multi-pid", []),
-    Pid ! continue,
-
     ?DBG("mt_trap_test(06) -> await sysUpTime", []),
-    ?line expect(2, [{[sysUpTime,0], any}]),
+    ?line expect(mt_trap_test_2, [{[sysUpTime,0], any}]),
     ?DBG("mt_trap_test(07) -> issue testTrapv22 (standard trap)", []),
     snmpa:send_trap(MA, testTrapv22, "standard trap"),
     ?DBG("mt_trap_test(08) -> await v2trap", []),
-    ?line expect(3, v2trap, [{[sysUpTime, 0], any},
-			     {[snmpTrapOID, 0], ?system ++ [0,1]}]),
+    ?line expect(mt_trap_test_3, v2trap, 
+		 [{[sysUpTime, 0],   any}, 
+		  {[snmpTrapOID, 0], ?system ++ [0,1]}]),
 
-    %% ?DBG("mt_trap_test(09) -> send continue to multi-pid", []),
-    %% Pid ! continue,
+    ?DBG("mt_trap_test(09) -> send continue to multi-pid", []),
+    Pid ! continue,
 
     ?DBG("mt_trap_test(10) -> await v2trap", []),
-    ?line expect(4, v2trap, [{[sysUpTime, 0], any},
-			     {[snmpTrapOID, 0], ?testTrap ++ [2]},
-			     {[multiStr,0], "ok"}]),
+    ?line expect(mt_trap_test_4, v2trap, [{[sysUpTime, 0], any},
+					  {[snmpTrapOID, 0], ?testTrap ++ [2]},
+					  {[multiStr,0], "ok"}]),
     ?DBG("mt_trap_test(11) -> done", []),
     ok.
 
@@ -3563,53 +3571,82 @@ do_mul_set_err() ->
 %% Req. SA-MIB
 sa_mib() ->
     g([[sa, [2,0]]]),
-    ?line expect(1, [{[sa, [2,0]], 3}]),
+    ?line expect(sa_mib_1, [{[sa, [2,0]], 3}]),
     s([{[sa, [1,0]], s, "sa_test"}]),
-    ?line expect(2, [{[sa, [1,0]], "sa_test"}]).
+    ?line expect(sa_mib_2, [{[sa, [1,0]], "sa_test"}]),
+    ok.
 
 ma_trap1(MA) ->
     ok = snmpa:send_trap(MA, testTrap2, "standard trap"), 
-    ?line expect(1, trap, [system], 6, 1, [{[system, [4,0]],
-				    "{mbj,eklas}@erlang.ericsson.se"}]),
+    ?line expect(ma_trap1_1, 
+		 trap, [system], 6, 1, [{[system, [4,0]],
+					 "{mbj,eklas}@erlang.ericsson.se"}]),
     ok = snmpa:send_trap(MA, testTrap1, "standard trap"),
-    ?line expect(2, trap, [1,2,3] , 1, 0, [{[system, [4,0]],
-				      "{mbj,eklas}@erlang.ericsson.se"}]).
+    ?line expect(ma_trap1_2, 
+		 trap, [1,2,3] , 1, 0, [{[system, [4,0]],
+					 "{mbj,eklas}@erlang.ericsson.se"}]),
+    ok.
 
 ma_trap2(MA) ->
     snmpa:send_trap(MA,testTrap2,"standard trap",[{sysContact,"pelle"}]),
-    ?line expect(3, trap, [system], 6, 1, [{[system, [4,0]], "pelle"}]).
+    ?line expect(ma_trap2_3, 
+		 trap, [system], 6, 1, [{[system, [4,0]], "pelle"}]),
+    ok.
 
 ma_v2_2_v1_trap(MA) ->
     snmpa:send_trap(MA,testTrapv22,"standard trap",[{sysContact,"pelle"}]),
-    ?line expect(3, trap, [system], 6, 1, [{[system, [4,0]], "pelle"}]).    
+    ?line expect(ma_v2_2_v1_trap_3, 
+		 trap, [system], 6, 1, [{[system, [4,0]], "pelle"}]),
+    ok.    
 
 ma_v2_2_v1_trap2(MA) ->
     snmpa:send_trap(MA,linkUp,"standard trap",[{ifIndex, [1], 1},
 					      {ifAdminStatus, [1], 1},
 					      {ifOperStatus, [1], 2}]),
-    ?line expect(3, trap, [1,2,3], 3, 0, [{[ifIndex, 1], 1},
-					 {[ifAdminStatus, 1], 1},
-					 {[ifOperStatus, 1], 2}]).    
+    ?line expect(ma_v2_2_v1_trap2_3, 
+		 trap, [1,2,3], 3, 0, [{[ifIndex, 1], 1},
+				       {[ifAdminStatus, 1], 1},
+				       {[ifOperStatus, 1], 2}]),
+    ok.
 
 sa_trap1(SA) ->
-    snmpa:send_trap(SA, saTrap, "standard trap"),
-    ?line expect(4, trap, [ericsson], 6, 1, [{[system, [4,0]],
-				      "{mbj,eklas}@erlang.ericsson.se"},
-				     {[sa, [1,0]], "sa_test"}]).
+    %% io:format("sa_trap1 -> entry with"
+    %% 	      "~n   SA:       ~p"
+    %% 	      "~n   node(SA): ~p"
+    %% 	      "~n   self():   ~p"
+    %% 	      "~n   node():   ~p"
+    %% 	      "~n", [SA, node(SA), self(), node()]),
+    _VRes  = (catch snmpa:verbosity(SA, {subagents, trace})),
+    %% io:format("sa_trap1 -> SA verbosity set: "
+    %% 	      "~n   VRes: ~p"
+    %% 	      "~n", [VRes]),
+    _TSRes = (catch snmpa:send_trap(SA, saTrap, "standard trap")),
+    %% io:format("sa_trap1 -> SA trap send: "
+    %% 	      "~n   TSRes: ~p"
+    %% 	      "~n", [TSRes]),
+    ?line expect(sa_trap1_4, 
+		 trap, [ericsson], 6, 1, [{[system, [4,0]],
+					   "{mbj,eklas}@erlang.ericsson.se"},
+					  {[sa, [1,0]], "sa_test"}]),
+    snmpa:verbosity(SA, {subagents, silence}),
+    ok.
 
 sa_trap2(SA) ->
     snmpa:send_trap(SA, saTrap, "standard trap",[{sysContact,"pelle"}]),
-    ?line expect(5, trap, [ericsson], 6, 1, [{[system, [4,0]],
-				      "pelle"},
-				     {[sa, [1,0]], "sa_test"}]).
+    ?line expect(sa_trap2_5, 
+		 trap, [ericsson], 6, 1, [{[system, [4,0]], "pelle"},
+					  {[sa, [1,0]], "sa_test"}]),
+    ok.
 
 sa_trap3(SA) ->
     snmpa:send_trap(SA, saTrap2, "standard trap",
 			 [{intViewSubtree, [4], [1,2,3,4]}]),
-    ?line expect(6, trap, [ericsson], 6, 2, [{[system, [4,0]],
-				      "{mbj,eklas}@erlang.ericsson.se"},
-				     {[sa, [1,0]], "sa_test"},
-				     {[intViewSubtree,4],[1,2,3,4]}]).
+    ?line expect(sa_trap3_6, 
+		 trap, [ericsson], 6, 2, [{[system, [4,0]],
+					   "{mbj,eklas}@erlang.ericsson.se"},
+					  {[sa, [1,0]], "sa_test"},
+					  {[intViewSubtree,4],[1,2,3,4]}]),
+    ok.
 
 ma_v2_trap1(MA) ->
     ?DBG("ma_v2_traps -> entry with MA = ~p => "
@@ -4029,33 +4066,42 @@ ma_v1_2_v2_trap2(MA) ->
     
 
 sa_v1_2_v2_trap1(SA) ->
+    snmpa:verbosity(SA, {subagents, trace}),
     snmpa:send_trap(SA, saTrap, "standard trap"),
-    ?line expect(4, v2trap, [{[sysUpTime, 0], any},
-			     {[snmpTrapOID, 0], ?ericsson ++ [0, 1]},
-			     {[system, [4,0]],
-			      "{mbj,eklas}@erlang.ericsson.se"},
-			     {[sa, [1,0]], "sa_test"},
-			     {[snmpTrapEnterprise, 0], ?ericsson}]).
+    ?line expect(trap1_4, v2trap, [{[sysUpTime, 0], any},
+				   {[snmpTrapOID, 0], ?ericsson ++ [0, 1]},
+				   {[system, [4,0]],
+				    "{mbj,eklas}@erlang.ericsson.se"},
+				   {[sa, [1,0]], "sa_test"},
+				   {[snmpTrapEnterprise, 0], ?ericsson}]),
+    snmpa:verbosity(SA, {subagents, silence}),
+    ok.
 
 sa_v1_2_v2_trap2(SA) ->
+    snmpa:verbosity(SA, {subagents, trace}),
     snmpa:send_trap(SA, saTrap, "standard trap",[{sysContact,"pelle"}]),
-    ?line expect(4, v2trap, [{[sysUpTime, 0], any},
-			     {[snmpTrapOID, 0], ?ericsson ++ [0, 1]},
-			     {[system, [4,0]], "pelle"},
-			     {[sa, [1,0]], "sa_test"},
-			     {[snmpTrapEnterprise, 0], ?ericsson}]).
-			     
+    ?line expect(trap2_4, v2trap, [{[sysUpTime, 0], any},
+				   {[snmpTrapOID, 0], ?ericsson ++ [0, 1]},
+				   {[system, [4,0]], "pelle"},
+				   {[sa, [1,0]], "sa_test"},
+				   {[snmpTrapEnterprise, 0], ?ericsson}]),
+    snmpa:verbosity(SA, {subagents, silence}),
+    ok.
+
 
 sa_v1_2_v2_trap3(SA) ->
+    snmpa:verbosity(SA, {subagents, trace}),
     snmpa:send_trap(SA, saTrap2, "standard trap",
 			 [{intViewSubtree, [4], [1,2,3,4]}]),
-    ?line expect(4, v2trap, [{[sysUpTime, 0], any},
-			     {[snmpTrapOID, 0], ?ericsson ++ [0, 2]},
-			     {[system, [4,0]],
-			      "{mbj,eklas}@erlang.ericsson.se"},
-			     {[sa, [1,0]], "sa_test"},
-			     {[intViewSubtree,4],[1,2,3,4]},
-			     {[snmpTrapEnterprise, 0], ?ericsson}]).
+    ?line expect(trap3_4, v2trap, [{[sysUpTime, 0], any},
+				   {[snmpTrapOID, 0], ?ericsson ++ [0, 2]},
+				   {[system, [4,0]],
+				    "{mbj,eklas}@erlang.ericsson.se"},
+				   {[sa, [1,0]], "sa_test"},
+				   {[intViewSubtree,4],[1,2,3,4]},
+				   {[snmpTrapEnterprise, 0], ?ericsson}]),
+    snmpa:verbosity(SA, {subagents, silence}),
+    ok.
 			     
 
 %% Req. SA-MIB, OLD-SNMPEA-MIB
@@ -4195,9 +4241,9 @@ snmp_standard_mib(Config) when is_list(Config) ->
 
 %% Req. SNMP-STANDARD-MIB
 standard_mib_a() ->
-    ?line [OutPkts] = get_req(2, [[snmpOutPkts,0]]),
+    ?line [OutPkts]  = get_req(2, [[snmpOutPkts,0]]),
     ?line [OutPkts2] = get_req(3, [[snmpOutPkts,0]]),
-    ?line OutPkts2 = OutPkts + 1,
+    ?line OutPkts2   = OutPkts + 1,
     %% There are some more counters we could test here, but it's not that
     %% important, since they are removed from SNMPv2-MIB.
     ok.
@@ -4207,27 +4253,27 @@ std_mib_init() ->
     %% disable authentication failure traps.  (otherwise w'd get many of
     %% them - this is also a test to see that it works).
     s([{[snmpEnableAuthenTraps,0], 2}]),
-    ?line expect(1, [{[snmpEnableAuthenTraps, 0], 2}]).
+    ?line expect(std_mib_init_1, [{[snmpEnableAuthenTraps, 0], 2}]).
 
 %% Req. SNMP-STANDARD-MIB | SNMPv2-MIB
 std_mib_finish() ->
     %% enable again
     s([{[snmpEnableAuthenTraps,0], 1}]),
-    ?line expect(1, [{[snmpEnableAuthenTraps, 0], 1}]).
+    ?line expect(std_mib_finish_1, [{[snmpEnableAuthenTraps, 0], 1}]).
 
 %% Req. SNMP-STANDARD-MIB
 standard_mib_test_finish() ->
-    %% force a authenticationFailure
+    %% force a authenticationFailure (should result in a trap)
     std_mib_write(),
     %% check that we got a trap
-    ?line expect(2, trap, [1,2,3], 4, 0, []).
+    ?line expect(standard_mib_test_finish_2, trap, [1,2,3], 4, 0, []).
 
 %% Req. SNMP-STANDARD-MIB | SNMPv2-MIB
 std_mib_read() ->
     ?DBG("std_mib_read -> entry", []),
     g([[sysUpTime,0]]), % try a bad <something>; msg dropped, no reply
     ?DBG("std_mib_read -> await timeout (i.e. no reply)", []),
-    ?line expect(1, timeout). % make sure we don't get a trap!
+    ?line expect(std_mib_read_1, timeout). % make sure we don't get a trap!
 
 
 %% Req. SNMP-STANDARD-MIB | SNMPv2-MIB
@@ -4362,10 +4408,10 @@ std_mib_c({InBadCommunityNames, InBadCommunityUses, InASNErrs}) ->
 snmpv2_mib_a() ->
     ?line [SetSerial] = get_req(2, [[snmpSetSerialNo,0]]),
     s([{[snmpSetSerialNo,0], SetSerial}, {[sysLocation, 0], "val2"}]),
-    ?line expect(3, [{[snmpSetSerialNo,0], SetSerial},
-		     {[sysLocation, 0], "val2"}]),
+    ?line expect(snmpv2_mib_a_3, [{[snmpSetSerialNo,0], SetSerial},
+				  {[sysLocation, 0], "val2"}]),
     s([{[sysLocation, 0], "val3"}, {[snmpSetSerialNo,0], SetSerial}]),
-    ?line expect(4, inconsistentValue, 2,
+    ?line expect(snmpv2_mib_a_4, inconsistentValue, 2,
 		 [{[sysLocation, 0], "val3"},
 		  {[snmpSetSerialNo,0], SetSerial}]),
     ?line ["val2"] = get_req(5, [[sysLocation,0]]).
@@ -4688,46 +4734,46 @@ snmp_view_based_acm_mib() ->
 
 do_set(Row) ->
     s(Row),
-    expect(1, Row).
+    expect(do_set_1, Row).
     
 add_row(RowStatus) ->
     s([{RowStatus, ?createAndGo}]),
-    expect(1, [{RowStatus, ?createAndGo}]).
+    expect(add_row_1, [{RowStatus, ?createAndGo}]).
 
 del_row(RowStatus) ->
     s([{RowStatus, ?destroy}]),
-    expect(1, [{RowStatus, ?destroy}]).
+    expect(del_row_1, [{RowStatus, ?destroy}]).
     
     
 
 use_no_rights() ->
     g([[xDescr,0]]),
-    ?v1_2_3(expect(11, noSuchName, 1, any),
-	    expect(12, [{[xDescr,0], noSuchObject}]),
-	    expect(13, authorizationError, 1, any)),
+    ?v1_2_3(expect(use_no_rights_11, noSuchName, 1, any),
+	    expect(use_no_rights_12, [{[xDescr,0], noSuchObject}]),
+	    expect(use_no_rights_13, authorizationError, 1, any)),
     g([[xDescr2,0]]),
-    ?v1_2_3(expect(21, noSuchName, 1, any),
-	    expect(22, [{[xDescr2,0], noSuchObject}]),
-	    expect(23, authorizationError, 1, any)),
+    ?v1_2_3(expect(use_no_rights_21, noSuchName, 1, any),
+	    expect(use_no_rights_22, [{[xDescr2,0], noSuchObject}]),
+	    expect(use_no_rights_23, authorizationError, 1, any)),
     gn([[xDescr]]),
-    ?v1_2_3(expect(31, noSuchName, 1, any),
-	    expect(32, [{[xDescr], endOfMibView}]),
-	    expect(33, authorizationError, 1, any)),
+    ?v1_2_3(expect(use_no_rights_31, noSuchName, 1, any),
+	    expect(use_no_rights_32, [{[xDescr], endOfMibView}]),
+	    expect(use_no_rights_33, authorizationError, 1, any)),
     s([{[xDescr,0], "tryit"}]),
-    ?v1_2_3(expect(41, noSuchName, 1, any),
-	    expect(42, noAccess, 1, any),
-	    expect(43, authorizationError, 1, any)).
+    ?v1_2_3(expect(use_no_rights_41, noSuchName, 1, any),
+	    expect(use_no_rights_42, noAccess, 1, any),
+	    expect(use_no_rights_43, authorizationError, 1, any)).
 
 
 use_rights() ->
     g([[xDescr,0]]),
-    expect(1, [{[xDescr,0], any}]),
+    expect(use_rights_1, [{[xDescr,0], any}]),
     g([[xDescr2,0]]),
-    expect(2, [{[xDescr2,0], any}]),
+    expect(use_rights_2, [{[xDescr2,0], any}]),
     s([{[xDescr,0], "tryit"}]),
-    expect(3, noError, 0, any),
+    expect(use_rights_3, noError, 0, any),
     g([[xDescr,0]]),
-    expect(4, [{[xDescr,0], "tryit"}]).
+    expect(use_rights_4, [{[xDescr,0], "tryit"}]).
 
 mk_ln(X) ->
     [length(X) | X].
@@ -5200,16 +5246,6 @@ loop_it_2(Oid, N) ->
 %%%-----------------------------------------------------------------
 
 
-
-
-
-%% These are (ticket) test cases where the initiation has to be done
-%% individually.
-
-
-
-
-
 %%-----------------------------------------------------------------
 %% Ticket: OTP-1128
 %% Slogan: Bug in handling of createAndWait set-requests.
@@ -5850,7 +5886,7 @@ otp_7157_test1(MA) ->
 otp8395({init, Config}) when is_list(Config) ->
     ?DBG("otp8395(init) -> entry with"
 	 "~n   Config: ~p", [Config]),
-    
+
     %% -- 
     %% Start nodes
     %% 
@@ -5858,7 +5894,7 @@ otp8395({init, Config}) when is_list(Config) ->
     {ok, AgentNode}    = start_node(agent),
     %% {ok, SubAgentNode} = start_node(sub_agent),
     {ok, ManagerNode}  = start_node(manager),
-    
+
     %% -- 
     %% Mnesia init
     %% 
@@ -5866,10 +5902,10 @@ otp8395({init, Config}) when is_list(Config) ->
     AgentDbDir = ?config(agent_db_dir, Config),
     AgentMnesiaDir = filename:join([AgentDbDir, "mnesia"]),
     mnesia_init(AgentNode, AgentMnesiaDir),
-    
-%%     SubAgentDir = ?config(sub_agent_dir, Config),
-%%     SubAgentMnesiaDir = filename:join([SubAgentDir, "mnesia"]),
-%%     mnesia_init(SubAgentNode, SubAgentMnesiaDir),
+
+    %% SubAgentDir = ?config(sub_agent_dir, Config),
+    %% SubAgentMnesiaDir = filename:join([SubAgentDir, "mnesia"]),
+    %% mnesia_init(SubAgentNode, SubAgentMnesiaDir),
 
     %% ok = mnesia_create_schema(AgentNode, [AgentNode, SubAgentNode]), 
     %% ok = mnesia:create_schema([AgentNode, SubAgentNode]),
@@ -5894,12 +5930,12 @@ otp8395({init, Config}) when is_list(Config) ->
     %% SubAgentIP        = tuple_to_list(SubAgentIP0), 
     {ok, ManagerIP0}  = snmp_misc:ip(ManagerHost),
     ManagerIP         = tuple_to_list(ManagerIP0),
-    
+
 
     %% --
     %% Write agent config
     %% 
-    
+
     Vsns           = [v1], 
     AgentConfDir   = ?config(agent_conf_dir, Config),
     ManagerConfDir = ?config(manager_top_dir, Config),
@@ -5923,7 +5959,7 @@ otp8395({init, Config}) when is_list(Config) ->
 			   {manager_node,  ManagerNode},
 			   {manager_host,  ManagerHost}, 
 			   {manager_ip,    ManagerIP}|Config]),
-    
+
     %% -- 
     %% Create watchdog 
     %% 
@@ -5935,7 +5971,7 @@ otp8395({init, Config}) when is_list(Config) ->
 otp8395({fin, Config}) when is_list(Config) ->
     ?DBG("otp8395(fin) -> entry with"
 	 "~n   Config: ~p", [Config]),
-    
+
     AgentNode   = ?config(agent_node, Config),
     ManagerNode = ?config(manager_node, Config),
 
@@ -5943,11 +5979,11 @@ otp8395({fin, Config}) when is_list(Config) ->
     %% Stop agent (this is the nice way to do it, 
     %% so logs and files can be closed in the proper way).
     %% 
-    
+
     AgentSup = ?config(agent_sup, Config),
     ?DBG("otp8395(fin) -> stop (stand-alone) agent: ~p", [AgentSup]),
     stop_stdalone_agent(AgentSup), 
-    
+
     %% - 
     %% Stop mnesia
     %% 
@@ -5963,8 +5999,8 @@ otp8395({fin, Config}) when is_list(Config) ->
     stop_node(AgentNode),
 
 
-%%     SubAgentNode = ?config(sub_agent_node, Config),
-%%     stop_node(SubAgentNode),
+    %% SubAgentNode = ?config(sub_agent_node, Config),
+    %% stop_node(SubAgentNode),
 
 
     %% - 
@@ -5984,7 +6020,7 @@ otp8395(doc) ->
 otp8395(Config) when is_list(Config) ->
     ?DBG("otp8395 -> entry with"
 	 "~n   Config: ~p", [Config]),
-    
+
     ?SLEEP(1000),
 
     %% This is just to dirty trick for the ***old*** test-code
@@ -6002,8 +6038,8 @@ otp8395(Config) when is_list(Config) ->
     {ok, LogInfo} = rpc:call(AgentNode, snmpa, log_info, []),
     ?DBG("otp8395 -> LogInfo: ~p", [LogInfo]), 
 
-%%     SyncRes = rpc:call(AgentNode, snmp, log_sync, [?audit_trail_log_name]),
-%%     ?DBG("otp8395 -> SyncRes: ~p", [SyncRes]), 
+    %% SyncRes = rpc:call(AgentNode, snmp, log_sync, [?audit_trail_log_name]),
+    %% ?DBG("otp8395 -> SyncRes: ~p", [SyncRes]), 
 
     ok = agent_log_validation(AgentNode),
     LTTRes = 
@@ -6013,7 +6049,195 @@ otp8395(Config) when is_list(Config) ->
     ?SLEEP(1000),
     ?DBG("otp8395 -> done", []),
     ok.
-		    
+
+
+%%-----------------------------------------------------------------
+
+otp9884({init, Config}) when is_list(Config) ->
+    ?DBG("otp9884(init) -> entry with"
+	 "~n   Config: ~p", [Config]),
+
+    %% -- 
+    %% Start nodes
+    %% 
+
+    {ok, AgentNode}   = start_node(agent),
+
+    %% We don't use a manager in this test but the (common) config 
+    %% function takes an argument that is derived from this
+    {ok, ManagerNode} = start_node(manager), 
+
+    %% -- 
+    %% Mnesia init
+    %% 
+
+    AgentDbDir = ?config(agent_db_dir, Config),
+    AgentMnesiaDir = filename:join([AgentDbDir, "mnesia"]),
+    mnesia_init(AgentNode, AgentMnesiaDir),
+
+    mnesia_create_schema(AgentNode, [AgentNode]),
+
+    mnesia_start(AgentNode),
+
+    %% --
+    %% Host & IP
+    %% 
+
+    AgentHost   = ?HOSTNAME(AgentNode),
+    ManagerHost = ?HOSTNAME(ManagerNode),
+
+    Host              = snmp_test_lib:hostname(), 
+    Ip                = ?LOCALHOST(),
+    {ok, AgentIP0}    = snmp_misc:ip(AgentHost),
+    AgentIP           = tuple_to_list(AgentIP0), 
+    {ok, ManagerIP0}  = snmp_misc:ip(ManagerHost),
+    ManagerIP         = tuple_to_list(ManagerIP0),
+
+
+    %% --
+    %% Write agent config
+    %% 
+
+    Vsns           = [v1], 
+    ManagerConfDir = ?config(manager_top_dir, Config),
+    AgentConfDir   = ?config(agent_conf_dir, Config),
+    AgentTopDir    = ?config(agent_top_dir, Config),
+    AgentBkpDir1   = filename:join([AgentTopDir, backup1]),
+    AgentBkpDir2   = filename:join([AgentTopDir, backup2]),
+    ok = file:make_dir(AgentBkpDir1),
+    ok = file:make_dir(AgentBkpDir2),
+    AgentBkpDirs = [AgentBkpDir1, AgentBkpDir2], 
+    snmp_agent_test_lib:config(Vsns, 
+			       ManagerConfDir, AgentConfDir, 
+			       ManagerIP, AgentIP),
+
+
+    %% --
+    %% Start the agent
+    %% 
+
+    Config2 = start_agent([{host,              Host}, 
+			   {ip,                Ip}, 
+			   {agent_node,        AgentNode}, 
+			   {agent_host,        AgentHost}, 
+			   {agent_ip,          AgentIP}, 
+			   {agent_backup_dirs, AgentBkpDirs}|Config]),
+
+    %% -- 
+    %% Create watchdog 
+    %% 
+
+    Dog = ?WD_START(?MINS(1)),
+
+    [{watchdog, Dog} | Config2];
+
+otp9884({fin, Config}) when is_list(Config) ->
+    ?DBG("otp9884(fin) -> entry with"
+	 "~n   Config: ~p", [Config]),
+
+    AgentNode   = ?config(agent_node, Config),
+    ManagerNode = ?config(manager_node, Config),
+
+    %% -
+    %% Stop agent (this is the nice way to do it, 
+    %% so logs and files can be closed in the proper way).
+    %% 
+
+    AgentSup = ?config(agent_sup, Config),
+    ?DBG("otp9884(fin) -> stop (stand-alone) agent: ~p", [AgentSup]),
+    stop_stdalone_agent(AgentSup), 
+
+    %% - 
+    %% Stop mnesia
+    %% 
+    ?DBG("otp9884(fin) -> stop mnesia", []),
+    mnesia_stop(AgentNode),
+
+
+    %% - 
+    %% Stop the agent node
+    %% 
+
+    ?DBG("otp9884(fin) -> stop agent node", []),
+    stop_node(AgentNode),
+
+
+    %%     SubAgentNode = ?config(sub_agent_node, Config),
+    %%     stop_node(SubAgentNode),
+
+
+    %% - 
+    %% Stop the manager node
+    %% 
+
+    ?DBG("otp9884(fin) -> stop manager node", []),
+    stop_node(ManagerNode),
+
+    Dog = ?config(watchdog, Config),
+    ?WD_STOP(Dog),
+    lists:keydelete(watchdog, 1, Config);
+
+otp9884(doc) ->
+    "OTP-9884 - Simlutaneous backup call should not work. ";
+
+otp9884(Config) when is_list(Config) ->
+    ?DBG("otp9884 -> entry with"
+	 "~n   Config: ~p", [Config]),
+
+    AgentNode = ?config(agent_node, Config),
+    [AgentBkpDir1, AgentBkpDir2] = ?config(agent_backup_dirs, Config),
+    Self = self(), 
+    timer:apply_after(1000, 
+		      ?MODULE, otp9884_backup, [AgentNode, Self, first,  AgentBkpDir1]), 
+    timer:apply_after(1000, 
+		      ?MODULE, otp9884_backup, [AgentNode, Self, second, AgentBkpDir2]),
+    otp9884_await_backup_completion(undefined, undefined),
+
+    ?DBG("otp9884 -> done", []),
+    ok.
+
+
+otp9884_backup(Node, Pid, Tag, Dir) ->
+    io:format("[~w] call backup function~n", [Tag]),
+    Res = rpc:call(Node, snmpa, backup, [Dir]),
+    io:format("[~w] backup result: ~p~n", [Tag, Res]),
+    Pid ! {otp9884_backup_complete, Tag, Res}.
+
+otp9884_await_backup_completion(ok, Second) 
+  when ((Second =/= ok) andalso (Second =/= undefined)) ->
+    io:format("otp9884_await_backup_completion -> "
+	      "first backup succeed and second failed (~p)~n", [Second]),
+    ok;
+otp9884_await_backup_completion(First, ok) 
+  when ((First =/= ok) andalso (First =/= undefined)) ->
+    io:format("otp9884_await_backup_completion -> "
+	      "second backup succeed and first failed (~p)~n", [First]),
+    ok;
+otp9884_await_backup_completion(First, Second) 
+  when (((First =:= undefined) andalso (Second =:= undefined)) 
+	orelse 
+	((First =:= undefined) andalso (Second =/= undefined)) 
+	orelse 
+	((First =/= undefined) andalso (Second =:= undefined))) ->
+    io:format("otp9884_await_backup_completion -> await complete messages~n", []),
+    receive
+	{otp9884_backup_complete, first, Res} ->
+	    io:format("otp9884_await_backup_completion -> "
+		      "received complete message for first: ~p~n", [Res]),
+	    otp9884_await_backup_completion(Res, Second);
+	{otp9884_backup_complete, second, Res} ->
+	    io:format("otp9884_await_backup_completion -> "
+		      "received complete message for second: ~p~n", [Res]),
+	    otp9884_await_backup_completion(First, Res)
+    after 10000 ->
+	    %% we have waited long enough
+	    throw({error, {timeout, First, Second}})
+    end;
+otp9884_await_backup_completion(First, Second) ->
+    throw({error, {bad_completion, First, Second}}).
+
+
+%%-----------------------------------------------------------------
 
 agent_log_validation(Node) ->
     rpc:call(Node, ?MODULE, agent_log_validation, []).
diff --git a/lib/snmp/test/snmp_agent_test_lib.erl b/lib/snmp/test/snmp_agent_test_lib.erl
index a18d9f3201..084b3ee8da 100644
--- a/lib/snmp/test/snmp_agent_test_lib.erl
+++ b/lib/snmp/test/snmp_agent_test_lib.erl
@@ -296,7 +296,12 @@ call(N,M,F,A) ->
 	    ?DBG("call -> done:"
 		 "~n   Ret: ~p"
 		 "~n   Zed: ~p", [Ret, Zed]),
-	    Ret
+	    case Ret of
+		{error, Reason} ->
+		    exit(Reason);
+		OK ->
+		    OK
+	    end
     end.
 
 wait(From, Env, M, F, A) ->
@@ -724,17 +729,13 @@ expect(Id, A, B, C, D, E) ->
     expect2(Id, Fun).
 
 expect2(Id, F) ->
-    io:format("~w:expect2 -> entry with"
-	      "~n   Id:   ~w"
-	      "~n", [?MODULE, Id]),
+    io:format("EXPECT for ~w~n", [Id]),
     case F() of
 	{error, Reason} ->
-	    {error, Id, Reason};
+	    io:format("EXPECT failed for ~w: ~n~p~n", [Id, Reason]),
+	    throw({error, {expect, Id, Reason}});
 	Else ->
-	    io:format("~w:expect2 -> "
-		      "~n   Id:   ~w"
-		      "~n   Else: ~p"
-		      "~n", [?MODULE, Id, Else]),
+	    io:format("EXPECT result for ~w: ~n~p~n", [Id, Else]),
 	    Else
     end.
 
@@ -769,21 +770,15 @@ do_expect(Expect) when is_atom(Expect) ->
 
 do_expect({any_pdu, To}) 
   when is_integer(To) orelse (To =:= infinity) ->
-    io:format("~w:do_expect(any_pdu) -> entry with"
-	      "~n   To:   ~w"
-	      "~n", [?MODULE, To]),
+    io:format("EXPECT any PDU~n", []),
     receive_pdu(To);
 
 do_expect({any_trap, To}) ->
-    io:format("~w:do_expect(any_trap) -> entry with"
-	      "~n   To:   ~w"
-	      "~n", [?MODULE, To]),
+    io:format("EXPECT any TRAP within ~w~n", [To]),
     receive_trap(To);
 
 do_expect({timeout, To}) ->
-    io:format("~w:do_expect(timeout) -> entry with"
-	      "~n   To:   ~w"
-	      "~n", [?MODULE, To]),
+    io:format("EXPECT nothing within ~w~n", [To]),
     receive
 	X ->
 	    {error, {unexpected, X}}
@@ -794,13 +789,16 @@ do_expect({timeout, To}) ->
 
 do_expect({Err, To}) 
   when is_atom(Err) andalso (is_integer(To) orelse (To =:= infinity)) ->
+    io:format("EXPECT error ~w within ~w~n", [Err, To]),
     do_expect({{error, Err}, To});
 
 do_expect({error, Err}) when is_atom(Err) ->
     Check = fun(_, R) -> R end,
+    io:format("EXPECT error ~w~n", [Err]),
     do_expect2(Check, any, Err, any, any, get_timeout());
 do_expect({{error, Err}, To}) ->
     Check = fun(_, R) -> R end,
+    io:format("EXPECT error ~w within ~w~n", [Err, To]),
     do_expect2(Check, any, Err, any, any, To);
 
 %% exp_varbinds() -> [exp_varbind()]
@@ -810,16 +808,25 @@ do_expect({{error, Err}, To}) ->
 %% ExpVBs         -> exp_varbinds() | {VbsCondition, exp_varbinds()}
 do_expect(ExpVBs) ->
     Check = fun(_, R) -> R end,
+    io:format("EXPECT 'get-response'"
+	      "~n   with"
+	      "~n      Varbinds: ~p~n", [ExpVBs]),
     do_expect2(Check, 'get-response', noError, 0, ExpVBs, get_timeout()).
 
 
 do_expect(v2trap, ExpVBs) ->
     Check = fun(_, R) -> R end,
+    io:format("EXPECT 'snmpv2-trap'"
+	      "~n   with"
+	      "~n      Varbinds: ~p~n", [ExpVBs]),
     do_expect2(Check, 'snmpv2-trap', noError, 0, ExpVBs, get_timeout());
 
 
 do_expect(report, ExpVBs) ->
     Check = fun(_, R) -> R end,
+    io:format("EXPECT 'report'"
+	      "~n   with"
+	      "~n      Varbinds: ~p~n", [ExpVBs]),
     do_expect2(Check, 'report', noError, 0, ExpVBs, get_timeout());
 
 
@@ -827,16 +834,13 @@ do_expect(inform, ExpVBs) ->
     do_expect({inform, true}, ExpVBs);
 
 do_expect({inform, false}, ExpVBs) ->
-    io:format("~w:do_expect(inform, false) -> entry with"
-	      "~n   ExpVBs: ~p"
-	      "~n", [?MODULE, ExpVBs]),
     Check = fun(_, R) -> R end,
+    io:format("EXPECT 'inform-request' (false)"
+	      "~n   with"
+	      "~n      Varbinds: ~p~n", [ExpVBs]),
     do_expect2(Check, 'inform-request', noError, 0, ExpVBs, get_timeout());
 
 do_expect({inform, true}, ExpVBs) ->
-    io:format("~w:do_expect(inform, true) -> entry with"
-	      "~n   ExpVBs: ~p"
-	      "~n", [?MODULE, ExpVBs]),
     Check = 
 	fun(PDU, ok) ->
 		RespPDU = PDU#pdu{type         = 'get-response',
@@ -847,6 +851,9 @@ do_expect({inform, true}, ExpVBs) ->
 	   (_, Err) ->
 		Err
 	end,
+    io:format("EXPECT 'inform-request' (true)"
+	      "~n   with"
+	      "~n      Varbinds: ~p~n", [ExpVBs]),
     do_expect2(Check, 'inform-request', noError, 0, ExpVBs, get_timeout());
 
 do_expect({inform, {error, EStat, EIdx}}, ExpVBs) 
@@ -861,6 +868,11 @@ do_expect({inform, {error, EStat, EIdx}}, ExpVBs)
 	   (_, Err) ->
 		Err
 	end,
+    io:format("EXPECT 'inform-request' (error)"
+	      "~n   with"
+	      "~n      Error Status: ~p"
+	      "~n      Error Index:  ~p"
+	      "~n      Varbinds:     ~p~n", [EStat, EIdx, ExpVBs]),
     do_expect2(Check, 'inform-request', noError, 0, ExpVBs, get_timeout()).
 
 
@@ -871,6 +883,12 @@ do_expect(Err, Idx, ExpVBs, To)
   when is_atom(Err) andalso 
        (is_integer(Idx) orelse is_list(Idx) orelse (Idx == any)) ->
     Check = fun(_, R) -> R end,
+    io:format("EXPECT 'get-response'"
+	      "~n   with"
+	      "~n      Error:    ~p"
+	      "~n      Index:    ~p"
+	      "~n      Varbinds: ~p"
+	      "~n   within ~w~n", [Err, Idx, ExpVBs, To]),
     do_expect2(Check, 'get-response', Err, Idx, ExpVBs, To).
 
 
@@ -878,15 +896,13 @@ do_expect(Type, Enterp, Generic, Specific, ExpVBs) ->
     do_expect(Type, Enterp, Generic, Specific, ExpVBs, 3500).
 
 do_expect(trap, Enterp, Generic, Specific, ExpVBs, To) ->
-    io:format("~w:do_expect(trap) -> entry with"
-	      "~n   Enterp:   ~w"
-	      "~n   Generic:  ~w"
-	      "~n   Specific: ~w"
-	      "~n   ExpVBs:   ~w"
-	      "~n   To:       ~w"
-	      "~nwhen"
-	      "~n   Time:   ~w"
-	      "~n", [?MODULE, Enterp, Generic, Specific, ExpVBs, To, t()]),
+    io:format("EXPECT trap"
+	      "~n   with"
+	      "~n      Enterp:   ~w"
+	      "~n      Generic:  ~w"
+	      "~n      Specific: ~w"
+	      "~n      Varbinds: ~w"
+	      "~n   within ~w~n", [Enterp, Generic, Specific, ExpVBs, To]),
     PureE = purify_oid(Enterp),
     case receive_trap(To) of
 	#trappdu{enterprise    = PureE, 
@@ -916,49 +932,51 @@ do_expect2(Check, Type, Err, Idx, ExpVBs, To)
        (is_list(ExpVBs) orelse (ExpVBs =:= any)) andalso
        (is_integer(To) orelse (To =:= infinity)) ->
 
-    io:format("~w:do_expect2 -> entry with"
-	      "~n   Type:   ~w"
-	      "~n   Err:    ~w"
-	      "~n   Idx:    ~w"
-	      "~n   ExpVBs: ~w"
-	      "~n   To:     ~w"
-	      "~nwhen"
-	      "~n   Time:   ~w"
-	      "~n", [?MODULE, Type, Err, Idx, ExpVBs, To, t()]),
-
     case receive_pdu(To) of
 
 	#pdu{type         = Type, 
 	     error_status = Err,
 	     error_index  = Idx} when ExpVBs =:= any -> 
+	    io:format("EXPECT received expected pdu (1)~n", []),
 	    ok;
 
 	#pdu{type         = Type, 
 	     request_id   = ReqId, 
 	     error_status = Err2,
 	     error_index  = Idx} when ExpVBs =:= any -> 
+	    io:format("EXPECT received expected pdu with "
+		      "unexpected error status (2): "
+		      "~n   Error Status: ~p~n", [Err2]),
 	    {error, {unexpected_error_status, Err, Err2, ReqId}};
 
 	#pdu{error_status = Err} when (Type   =:= any) andalso 
 				      (Idx    =:= any) andalso 
 				      (ExpVBs =:= any) -> 
+	    io:format("EXPECT received expected pdu (3)~n", []),
 	    ok;
 
 	#pdu{request_id   = ReqId, 
 	     error_status = Err2} when (Type   =:= any) andalso 
 				       (Idx    =:= any) andalso 
 				       (ExpVBs =:= any) -> 
+	    io:format("EXPECT received expected pdu with "
+		      "unexpected error status (4): "
+		      "~n   Error Status: ~p~n", [Err2]),
 	    {error, {unexpected_error_status, Err, Err2, ReqId}};
 
 	#pdu{type         = Type, 
 	     error_status = Err} when (Idx =:= any) andalso 
 				      (ExpVBs =:= any) -> 
+	    io:format("EXPECT received expected pdu (5)~n", []),
 	    ok;
 
 	#pdu{type         = Type, 
 	     request_id   = ReqId, 
 	     error_status = Err2} when (Idx =:= any) andalso 
 				       (ExpVBs =:= any) -> 
+	    io:format("EXPECT received expected pdu with "
+		      "unexpected error status (6): "
+		      "~n   Error Status: ~p~n", [Err2]),
 	    {error, {unexpected_error_status, Err, Err2, ReqId}};
 
 	#pdu{type         = Type, 
@@ -967,8 +985,13 @@ do_expect2(Check, Type, Err, Idx, ExpVBs, To)
 	     error_index  = EI} when is_list(Idx) andalso (ExpVBs =:= any) -> 
 	    case lists:member(EI, Idx) of
 		true ->
+		    io:format("EXPECT received expected pdu with "
+			      "expected error index (7)~n", []),
 		    ok;
 		false ->
+		    io:format("EXPECT received expected pdu with "
+			      "unexpected error index (8): "
+			      "~n   Error Index: ~p~n", [EI]),
 		    {error, {unexpected_error_index, EI, Idx, ReqId}}
 	    end;
 
@@ -978,8 +1001,15 @@ do_expect2(Check, Type, Err, Idx, ExpVBs, To)
 	     error_index  = EI} when is_list(Idx) andalso (ExpVBs =:= any) -> 
 	    case lists:member(EI, Idx) of
 		true ->
+		    io:format("EXPECT received expected pdu with "
+			      "unexpected error status (9): "
+			      "~n   Error Status: ~p~n", [Err2]),
 		    {error, {unexpected_error_status, Err, Err2, ReqId}};
 		false ->
+		    io:format("EXPECT received expected pdu with "
+			      "unexpected error (10): "
+			      "~n   Error Status: ~p"
+			      "~n   Error index:  ~p~n", [Err2, EI]),
 		    {error, {unexpected_error, {Err, Idx}, {Err2, EI}, ReqId}}
 	    end;
 
@@ -987,6 +1017,12 @@ do_expect2(Check, Type, Err, Idx, ExpVBs, To)
 	     request_id   = ReqId, 
 	     error_status = Err2, 
 	     error_index  = Idx2} when ExpVBs =:= any ->
+	    io:format("EXPECT received unexpected pdu with (11) "
+		      "~n   Type:         ~p"
+		      "~n   ReqId:        ~p"
+		      "~n   Errot status: ~p"
+		      "~n   Error index:  ~p"
+		      "~n", [Type2, ReqId, Err2, Idx2]),
 	    {error, 
 	     {unexpected_pdu, 
 	      {Type, Err, Idx}, {Type2, Err2, Idx2}, ReqId}};
@@ -995,11 +1031,26 @@ do_expect2(Check, Type, Err, Idx, ExpVBs, To)
 	     error_status = Err, 
 	     error_index  = Idx,
 	     varbinds     = VBs} = PDU ->
+	    io:format("EXPECT received pdu (12): "
+		      "~n   [exp] Type:         ~p"
+		      "~n   [exp] Error Status: ~p"
+		      "~n   [exp] Error Index:  ~p"
+		      "~n   VBs:                ~p"
+		      "~nwhen"
+		      "~n   ExpVBs:             ~p"
+		      "~n", [Type, Err, Idx, VBs, ExpVBs]),
 	    Check(PDU, check_vbs(purify_oids(ExpVBs), VBs));
 
 	#pdu{type         = Type, 
 	     error_status = Err, 
 	     varbinds     = VBs} = PDU when Idx =:= any ->
+	    io:format("EXPECT received pdu (13): "
+		      "~n   [exp] Type:         ~p"
+		      "~n   [exp] Error Status: ~p"
+		      "~n   VBs:                ~p"
+		      "~nwhen"
+		      "~n   ExpVBs:             ~p"
+		      "~n", [Type, Err, VBs, ExpVBs]),
 	    Check(PDU, check_vbs(purify_oids(ExpVBs), VBs));
 
 	#pdu{type         = Type, 
@@ -1007,6 +1058,15 @@ do_expect2(Check, Type, Err, Idx, ExpVBs, To)
 	     error_status = Err, 
 	     error_index  = EI,
 	     varbinds     = VBs} = PDU when is_list(Idx) ->
+	    io:format("EXPECT received pdu (14): "
+		      "~n   [exp] Type:         ~p"
+		      "~n   ReqId:              ~p"
+		      "~n   [exp] Error Status: ~p"
+		      "~n   [exp] Error Index:  ~p"
+		      "~n   VBs:                ~p"
+		      "~nwhen"
+		      "~n   ExpVBs:             ~p"
+		      "~n", [Type, ReqId, Err, EI, VBs, ExpVBs]),
 	    PureVBs = purify_oids(ExpVBs), 
 	    case lists:member(EI, Idx) of
 		true ->
@@ -1020,6 +1080,13 @@ do_expect2(Check, Type, Err, Idx, ExpVBs, To)
 	     error_status = Err2, 
 	     error_index  = Idx2,
 	     varbinds     = VBs2} ->
+	    io:format("EXPECT received unexpected pdu with (15) "
+		      "~n   Type:         ~p"
+		      "~n   ReqId:        ~p"
+		      "~n   Errot status: ~p"
+		      "~n   Error index:  ~p"
+		      "~n   Varbinds:     ~p"
+		      "~n", [Type2, ReqId, Err2, Idx2, VBs2]),
 	    {error, 
 	     {unexpected_pdu, 
 	      {Type,  Err,  Idx, purify_oids(ExpVBs)}, 
@@ -1027,6 +1094,9 @@ do_expect2(Check, Type, Err, Idx, ExpVBs, To)
 	      ReqId}};
 	
 	Error ->
+	    io:format("EXPECT received error (16):  "
+		      "~n   Error: ~p"
+		      "~n", [Error]),
 	    Error
     end.
 
@@ -1466,7 +1536,7 @@ rpc(Node, F, A) ->
 %% 
 %% 
 %% t() ->
-%%     {A,B,C} = erlang:now(),
+%%     {A,B,C} = os:timestamp(),
 %%     A*1000000000+B*1000+(C div 1000).
 %% 
 %% 
@@ -1478,6 +1548,6 @@ rpc(Node, F, A) ->
     
 
 %% Time in milli seconds
-t() ->
-    {A,B,C} = erlang:now(),
-    A*1000000000+B*1000+(C div 1000).
+%% t() ->
+%%     {A,B,C} = os:timestamp(),
+%%     A*1000000000+B*1000+(C div 1000).
diff --git a/lib/snmp/test/snmp_compiler_test.erl b/lib/snmp/test/snmp_compiler_test.erl
index c964b08168..0a147130b0 100644
--- a/lib/snmp/test/snmp_compiler_test.erl
+++ b/lib/snmp/test/snmp_compiler_test.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -566,14 +566,7 @@ p(F, A) ->
 
 p(TName, F, A) ->
     io:format("*** [~w][~s] ***"
-              "~n" ++ F ++ "~n", [TName,format_timestamp(now())|A]).
-
-format_timestamp({_N1, _N2, N3}   = Now) ->
-    {Date, Time}   = calendar:now_to_datetime(Now),
-    {YYYY,MM,DD}   = Date,
-    {Hour,Min,Sec} = Time,
-    FormatDate =
-        io_lib:format("~.4w:~.2.0w:~.2.0w ~.2.0w:~.2.0w:~.2.0w 4~w",
-                      [YYYY,MM,DD,Hour,Min,Sec,round(N3/1000)]),
-    lists:flatten(FormatDate).
+              "~n" ++ F ++ "~n", [TName, formated_timestamp()|A]).
 
+formated_timestamp() ->
+    snmp_test_lib:formated_timestamp().
diff --git a/lib/snmp/test/snmp_manager_config_test.erl b/lib/snmp/test/snmp_manager_config_test.erl
index 4498d506f3..3192fe1b40 100644
--- a/lib/snmp/test/snmp_manager_config_test.erl
+++ b/lib/snmp/test/snmp_manager_config_test.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -2726,14 +2726,7 @@ p(F, A) ->
 
 p(TName, F, A) ->
     io:format("*** [~s] ***"
-              " ~w -> " ++ F ++ "~n", [format_timestamp(now()),TName|A]).
-
-format_timestamp({_N1, _N2, N3}   = Now) ->
-    {Date, Time}   = calendar:now_to_datetime(Now),
-    {YYYY,MM,DD}   = Date,
-    {Hour,Min,Sec} = Time,
-    FormatDate =
-        io_lib:format("~.4w:~.2.0w:~.2.0w ~.2.0w:~.2.0w:~.2.0w 4~w",
-                      [YYYY,MM,DD,Hour,Min,Sec,round(N3/1000)]),
-    lists:flatten(FormatDate).
+              " ~w -> " ++ F ++ "~n", [formated_timestamp(),TName|A]).
 
+formated_timestamp() ->
+    snmp_test_lib:formated_timestamp().
diff --git a/lib/snmp/test/snmp_manager_test.erl b/lib/snmp/test/snmp_manager_test.erl
index d18f20d359..75c9f7b277 100644
--- a/lib/snmp/test/snmp_manager_test.erl
+++ b/lib/snmp/test/snmp_manager_test.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -6064,7 +6064,7 @@ rcall(Node, Mod, Func, Args) ->
 
 %% Time in milli sec
 %% t() ->
-%%     {A,B,C} = erlang:now(),
+%%     {A,B,C} = os:timestamp(),
 %%     A*1000000000+B*1000+(C div 1000).
 
 
@@ -6078,16 +6078,10 @@ p(F, A) ->
  
 p(TName, F, A) ->
     io:format("*** [~w][~s] ***"
-              "~n" ++ F ++ "~n", [TName,format_timestamp(now())|A]).
-
-format_timestamp({_N1, _N2, N3}   = Now) ->
-    {Date, Time}   = calendar:now_to_datetime(Now),
-    {YYYY,MM,DD}   = Date,
-    {Hour,Min,Sec} = Time,
-    FormatDate =
-        io_lib:format("~.4w:~.2.0w:~.2.0w ~.2.0w:~.2.0w:~.2.0w 4~w",
-                      [YYYY,MM,DD,Hour,Min,Sec,round(N3/1000)]),
-    lists:flatten(FormatDate).
+              "~n" ++ F ++ "~n", [TName, formated_timestamp()|A]).
+
+formated_timestamp() ->
+    snmp_test_lib:formated_timestamp().
 
 %% p(TName, F, A) ->
 %%     io:format("~w -> " ++ F ++ "~n", [TName|A]).
diff --git a/lib/snmp/test/snmp_manager_user_old.erl b/lib/snmp/test/snmp_manager_user_old.erl
index edffc80dd4..6280cef51f 100644
--- a/lib/snmp/test/snmp_manager_user_old.erl
+++ b/lib/snmp/test/snmp_manager_user_old.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/snmp/test/snmp_test_lib.erl b/lib/snmp/test/snmp_test_lib.erl
index 54839d989b..e4d58a1253 100644
--- a/lib/snmp/test/snmp_test_lib.erl
+++ b/lib/snmp/test/snmp_test_lib.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2002-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -37,7 +37,7 @@
 -export([watchdog/3, watchdog_start/1, watchdog_start/2, watchdog_stop/1]).
 -export([del_dir/1]).
 -export([cover/1]).
--export([p/2, print/5]).
+-export([p/2, print/5, formated_timestamp/0]).
 
 
 %% ----------------------------------------------------------------------
@@ -521,15 +521,18 @@ p(F, A) when is_list(F) andalso is_list(A) ->
 
 print(Prefix, Module, Line, Format, Args) ->
     io:format("*** [~s] ~s ~p ~p ~p:~p *** " ++ Format ++ "~n", 
-	      [format_timestamp(now()), 
+	      [formated_timestamp(), 
 	       Prefix, node(), self(), Module, Line|Args]).
 
+formated_timestamp() ->
+    format_timestamp(os:timestamp()).
+
 format_timestamp({_N1, _N2, N3} = Now) ->
     {Date, Time}   = calendar:now_to_datetime(Now),
     {YYYY,MM,DD}   = Date,
     {Hour,Min,Sec} = Time,
     FormatDate =
-        io_lib:format("~.4w:~.2.0w:~.2.0w ~.2.0w:~.2.0w:~.2.0w 4~w",
+        io_lib:format("~.4w:~.2.0w:~.2.0w ~.2.0w:~.2.0w:~.2.0w ~w",
                       [YYYY,MM,DD,Hour,Min,Sec,round(N3/1000)]),
     lists:flatten(FormatDate).
 
diff --git a/lib/snmp/test/snmp_test_mgr.erl b/lib/snmp/test/snmp_test_mgr.erl
index 84bdc6b04f..499cf7abcf 100644
--- a/lib/snmp/test/snmp_test_mgr.erl
+++ b/lib/snmp/test/snmp_test_mgr.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -1124,16 +1124,11 @@ d(F,A) -> d(get(debug),F,A).
 
 d(true,F,A) ->
     io:format("*** [~s] MGR_DBG *** " ++ F ++ "~n",
-	      [format_timestamp(now())|A]);
+	      [formated_timestamp()|A]);
 d(_,_F,_A) -> 
     ok.
 
-format_timestamp({_N1, _N2, N3} = Now) ->
-    {Date, Time}   = calendar:now_to_datetime(Now),
-    {YYYY,MM,DD}   = Date,
-    {Hour,Min,Sec} = Time,
-    FormatDate =
-        io_lib:format("~.4w:~.2.0w:~.2.0w ~.2.0w:~.2.0w:~.2.0w 4~w",
-                      [YYYY,MM,DD,Hour,Min,Sec,round(N3/1000)]),
-    lists:flatten(FormatDate).
+
+formated_timestamp() ->
+    snmp_test_lib:formated_timestamp().
 
diff --git a/lib/snmp/test/snmp_test_mgr_misc.erl b/lib/snmp/test/snmp_test_mgr_misc.erl
index fc6dedd96d..5525c5c3ec 100644
--- a/lib/snmp/test/snmp_test_mgr_misc.erl
+++ b/lib/snmp/test/snmp_test_mgr_misc.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -779,16 +779,9 @@ d(F,A) -> d(get(debug),F,A).
 
 d(true,F,A) ->
     io:format("*** [~s] MGR_PS_DBG *** " ++ F ++ "~n",
-	      [format_timestamp(now())|A]);
+	      [formated_timestamp()|A]);
 d(_,_F,_A) -> 
     ok.
 
-format_timestamp({_N1, _N2, N3} = Now) ->
-    {Date, Time}   = calendar:now_to_datetime(Now),
-    {YYYY,MM,DD}   = Date,
-    {Hour,Min,Sec} = Time,
-    FormatDate =
-        io_lib:format("~.4w:~.2.0w:~.2.0w ~.2.0w:~.2.0w:~.2.0w 4~w",
-                      [YYYY,MM,DD,Hour,Min,Sec,round(N3/1000)]),
-    lists:flatten(FormatDate).
-
+formated_timestamp() ->
+    snmp_test_lib:formated_timestamp().
diff --git a/lib/snmp/vsn.mk b/lib/snmp/vsn.mk
index 25e3a9470b..fb1dcb6c41 100644
--- a/lib/snmp/vsn.mk
+++ b/lib/snmp/vsn.mk
@@ -2,7 +2,7 @@
 
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1997-2011. All Rights Reserved.
+# Copyright Ericsson AB 1997-2012. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -17,6 +17,7 @@
 #
 # %CopyrightEnd%
 
-SNMP_VSN = 4.21.3
-PRE_VSN  =
-APP_VSN  = "snmp-$(SNMP_VSN)$(PRE_VSN)"
+APPLICATION = snmp
+SNMP_VSN    = 4.21.7
+PRE_VSN     =
+APP_VSN     = "$(APPLICATION)-$(SNMP_VSN)$(PRE_VSN)"
diff --git a/lib/ssh/doc/src/Makefile b/lib/ssh/doc/src/Makefile
index c97c99cf52..125dcf8775 100644
--- a/lib/ssh/doc/src/Makefile
+++ b/lib/ssh/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2004-2010. All Rights Reserved.
+# Copyright Ericsson AB 2004-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml
index 6fc4fdc43d..c6c634212f 100644
--- a/lib/ssh/doc/src/notes.xml
+++ b/lib/ssh/doc/src/notes.xml
@@ -29,6 +29,32 @@
     <file>notes.xml</file>
   </header>
 
+<section><title>Ssh 2.0.9</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Ssh behaviours now use the new directive "-callback".
+	    Parameters will be further specified in a later version
+	    of ssh.</p>
+          <p>
+	    Own Id: OTP-9796</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Ssh 2.0.8</title>
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml
index 2c5096a25f..ed88b3a1af 100644
--- a/lib/ssh/doc/src/ssh.xml
+++ b/lib/ssh/doc/src/ssh.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE erlref SYSTEM "erlref.dtd">
 
 <erlref>
   <header>
     <copyright>
-      <year>2004</year><year>2010</year>
+      <year>2004</year><year>2012</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -86,7 +86,7 @@
 	by calling ssh_connect:session_channel/2.</p>
 	<p>Options are:</p>
 	<taglist>
-          <tag><c><![CDATA[{user_dir, String}]]></c></tag>
+          <tag><c><![CDATA[{user_dir, string()}]]></c></tag>
 	  <item>
 	    <p>Sets the user directory e.i. the directory containing
 	    ssh configuration files for the user such as
@@ -94,6 +94,18 @@
 	    <c><![CDATA[authorized_key]]></c>. Defaults to the directory normally
 	    referred to as <c><![CDATA[~/.ssh]]></c> </p>
 	  </item>
+	  <tag><c><![CDATA[{dsa_pass_phrase, string()}]]></c></tag>
+	  <item>
+	    <p>If the user dsa key is protected by a pass phrase it can be
+	    supplied with this option.
+	    </p>
+	  </item>
+	  <tag><c><![CDATA[{rsa_pass_phrase, string()}]]></c></tag>
+	  <item>
+	    <p>If the user rsa key is protected by a pass phrase it can be
+	    supplied with this option.
+	    </p>
+	  </item>
           <tag><c><![CDATA[{silently_accept_hosts, boolean()}]]></c></tag>
 	  <item>
 	    <p>When true hosts are added to the
@@ -222,6 +234,14 @@
 	    option <c>shell</c> which is much less work than implementing
 	    your own cli channel.
 	  </item>
+	  <tag><c><![CDATA[{user_dir, String}]]></c></tag>
+	  <item>
+	    <p>Sets the user directory e.i. the directory containing
+	    ssh configuration files for the user such as
+	    <c><![CDATA[known_hosts]]></c>, <c><![CDATA[id_rsa, id_dsa]]></c> and
+	    <c><![CDATA[authorized_key]]></c>. Defaults to the directory normally
+	    referred to as <c><![CDATA[~/.ssh]]></c> </p>
+	  </item>
           <tag><c><![CDATA[{system_dir, string()}]]></c></tag>
           <item>
             <p>Sets the system directory, containing the host files
@@ -283,22 +303,6 @@
     </func>
 
     <func>
-      <name>sign_data(Data, Algorithm) -> Signature | {error, Reason}</name>
-      <fsummary> </fsummary>
-      <type>
-        <v> Data = binary()</v>
-	<v> Algorithm = "ssh-rsa"</v>
-	<v> Signature = binary()</v>
-	<v> Reason = term()</v>
-      </type>
-      <desc>
-        <p>Signs the supplied binary using the SSH key.
-	</p>
-      </desc>
-    </func>
-
-
-    <func>
       <name>start() -> </name>
       <name>start(Type) -> ok | {error, Reason}</name>
       <fsummary>Starts the Ssh application. </fsummary>
@@ -356,21 +360,6 @@
       </desc>
     </func>
 
-    <func>
-      <name>verify_data(Data, Signature, Algorithm) -> ok | {error, Reason}</name>
-      <fsummary> </fsummary>
-      <type>
-        <v> Data = binary()</v>
-	<v> Algorithm = "ssh-rsa"</v>
-	<v> Signature = binary()</v>
-	<v> Reason = term()</v>
-      </type>
-      <desc>
-        <p>Verifies the supplied binary against the binary signature.
-	</p>
-      </desc>
-    </func>
-
   </funcs>
   
 </erlref>
diff --git a/lib/ssh/src/DSS.asn1 b/lib/ssh/src/DSS.asn1
deleted file mode 100644
index 77aca3808b..0000000000
--- a/lib/ssh/src/DSS.asn1
+++ /dev/null
@@ -1,20 +0,0 @@
-DSS DEFINITIONS EXPLICIT TAGS ::=
-
-BEGIN
-
--- EXPORTS ALL
--- All types and values defined in this module are exported for use
--- in other ASN.1 modules.
-
-DSAPrivateKey ::= SEQUENCE {
-    version           INTEGER,
-    p                 INTEGER,  -- p
-    q                 INTEGER,  -- q
-    g                 INTEGER,  -- q
-    y                 INTEGER,  -- y
-    x                 INTEGER   -- x
-}
-
-END
-
-
diff --git a/lib/ssh/src/Makefile b/lib/ssh/src/Makefile
index e7cf2c6723..7be97abf66 100644
--- a/lib/ssh/src/Makefile
+++ b/lib/ssh/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2004-2010. All Rights Reserved.
+# Copyright Ericsson AB 2004-2012. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -36,7 +36,11 @@ RELSYSDIR = $(RELEASE_PATH)/lib/ssh-$(VSN)
 # Common Macros
 # ----------------------------------------------------
 
+# Behaviour (api) modules are first so they are compiled when
+# the compiler reaches a callback module using them.
 MODULES= \
+	ssh_sftpd_file_api \
+	ssh_key_api \
 	ssh \
 	ssh_sup \
 	sshc_sup \
@@ -56,25 +60,22 @@ MODULES= \
 	ssh_auth\
 	ssh_bits \
 	ssh_cli \
-	ssh_dsa \
 	ssh_file \
 	ssh_io \
 	ssh_math \
 	ssh_no_io \
-	ssh_rsa \
 	ssh_sftp \
 	ssh_sftpd \
 	ssh_sftpd_file\
-	ssh_sftpd_file_api \
 	ssh_transport \
 	ssh_userreg \
 	ssh_xfer
 
 PUBLIC_HRL_FILES= ssh.hrl ssh_userauth.hrl ssh_xfer.hrl
 
-ERL_FILES= $(MODULES:%=%.erl) $(ASN_ERLS)
+ERL_FILES= $(MODULES:%=%.erl)
 
-ALL_MODULES= $(MODULES) $(ASN_MODULES)
+ALL_MODULES= $(MODULES)
 
 TARGET_FILES= $(ALL_MODULES:%=$(EBIN)/%.$(EMULATOR)) $(APP_TARGET) $(APPUP_TARGET)
 
@@ -87,22 +88,13 @@ APP_TARGET= $(EBIN)/$(APP_FILE)
 APPUP_SRC= $(APPUP_FILE).src
 APPUP_TARGET= $(EBIN)/$(APPUP_FILE)
 
-ASN_MODULES = PKCS-1 DSS
-ASN_ASNS = $(ASN_MODULES:%=%.asn1)
-ASN_ERLS = $(ASN_MODULES:%=%.erl)
-ASN_HRLS = $(ASN_MODULES:%=%.hrl)
-ASN_DBS = $(ASN_MODULES:%=%.asn1db)
-ASN_TABLES = $(ASN_MODULES:%=%.table)
-
-ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj +inline
-
-INTERNAL_HRL_FILES = $(ASN_HRLS) ssh_auth.hrl ssh_connect.hrl ssh_transport.hrl
+INTERNAL_HRL_FILES = ssh_auth.hrl ssh_connect.hrl ssh_transport.hrl
 
 # ----------------------------------------------------
 # FLAGS
 # ----------------------------------------------------
-ERL_COMPILE_FLAGS += -pa$(EBIN) 
-
+ERL_COMPILE_FLAGS += -pa$(EBIN)\
+	-pz $(ERL_TOP)/lib/public_key/ebin
 # ----------------------------------------------------
 # Targets
 # ----------------------------------------------------
@@ -114,7 +106,6 @@ debug: ERLC_FLAGS += -Ddebug
 clean:
 	rm -f $(TARGET_FILES)
 	rm -f errs core *~
-	rm -f $(ASN_ERLS) $(ASN_HRLS) $(ASN_DBS)
 
 $(TARGET_FILES): ssh.hrl
 
@@ -127,10 +118,6 @@ $(APP_TARGET): $(APP_SRC) ../vsn.mk
 $(APPUP_TARGET): $(APPUP_SRC) ../vsn.mk
 	sed -e 's;%VSN%;$(VSN);' $< > $@
 
-%.erl %.hrl: %.asn1
-	$(ERLC) $(ASN_FLAGS) $<
-
-$(EBIN)/ssh_file.$(EMULATOR) $(EBIN)/ssh_rsa.$(EMULATOR): $(ASN_HRLS)
 
 docs:
 
diff --git a/lib/ssh/src/PKCS-1.asn1 b/lib/ssh/src/PKCS-1.asn1
deleted file mode 100644
index e7d6b18c63..0000000000
--- a/lib/ssh/src/PKCS-1.asn1
+++ /dev/null
@@ -1,116 +0,0 @@
-PKCS-1 {
-    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)
-    modules(0) pkcs-1(1)
-}
-
--- $Revision: 1.1 $
-
-DEFINITIONS EXPLICIT TAGS ::=
-
-BEGIN
-
--- IMPORTS id-sha256, id-sha384, id-sha512
---     FROM NIST-SHA2 {
---         joint-iso-itu-t(2) country(16) us(840) organization(1)
---         gov(101) csor(3) nistalgorithm(4) modules(0) sha2(1)
---     };
-
-pkcs-1    OBJECT IDENTIFIER ::= {
-    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1
-}
-
-rsaEncryption    OBJECT IDENTIFIER ::= { pkcs-1 1 }
-
-id-RSAES-OAEP    OBJECT IDENTIFIER ::= { pkcs-1 7 }
-
-id-pSpecified    OBJECT IDENTIFIER ::= { pkcs-1 9 }
-
-id-RSASSA-PSS    OBJECT IDENTIFIER ::= { pkcs-1 10 }
-
-md2WithRSAEncryption       OBJECT IDENTIFIER ::= { pkcs-1 2 }
-md5WithRSAEncryption       OBJECT IDENTIFIER ::= { pkcs-1 4 }
-sha1WithRSAEncryption      OBJECT IDENTIFIER ::= { pkcs-1 5 }
-sha256WithRSAEncryption    OBJECT IDENTIFIER ::= { pkcs-1 11 }
-sha384WithRSAEncryption    OBJECT IDENTIFIER ::= { pkcs-1 12 }
-sha512WithRSAEncryption    OBJECT IDENTIFIER ::= { pkcs-1 13 }
-
-id-sha1    OBJECT IDENTIFIER ::= {
-    iso(1) identified-organization(3) oiw(14) secsig(3)
-    algorithms(2) 26
-}
-
-id-md2 OBJECT IDENTIFIER ::= {
-    iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2
-}
-
-id-md5 OBJECT IDENTIFIER ::= {
-    iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5
-}
-
-id-mgf1    OBJECT IDENTIFIER ::= { pkcs-1 8 }
-
-
-RSAPublicKey ::= SEQUENCE {
-    modulus           INTEGER,  -- n
-    publicExponent    INTEGER   -- e
-}
-
-RSAPrivateKey ::= SEQUENCE {
-    version           Version,
-    modulus           INTEGER,  -- n
-    publicExponent    INTEGER,  -- e
-    privateExponent   INTEGER,  -- d
-    prime1            INTEGER,  -- p
-    prime2            INTEGER,  -- q
-    exponent1         INTEGER,  -- d mod (p-1)
-    exponent2         INTEGER,  -- d mod (q-1)
-    coefficient       INTEGER,  -- (inverse of q) mod p
-    otherPrimeInfos   OtherPrimeInfos OPTIONAL
-}
-
-Version ::= INTEGER { two-prime(0), multi(1) }
-    (CONSTRAINED BY {
-        -- version must be multi if otherPrimeInfos present --
-    })
-
-OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo
-
-OtherPrimeInfo ::= SEQUENCE {
-    prime             INTEGER,  -- ri
-    exponent          INTEGER,  -- di
-    coefficient       INTEGER   -- ti
-}
-
-Algorithm ::= SEQUENCE {
-	algorithm OBJECT IDENTIFIER,
-	parameters ANY DEFINED BY algorithm OPTIONAL
-}
-
-AlgorithmNull ::= SEQUENCE {
-	algorithm OBJECT IDENTIFIER,
-	parameters NULL
-}
-
-
-RSASSA-PSS-params ::= SEQUENCE {
-    hashAlgorithm      [0] Algorithm,     --  DEFAULT sha1,
-    maskGenAlgorithm   [1] Algorithm,     --  DEFAULT mgf1SHA1,
-    saltLength         [2] INTEGER            DEFAULT 20,
-    trailerField       [3] TrailerField       DEFAULT trailerFieldBC
-}
-
-TrailerField ::= INTEGER { trailerFieldBC(1) }
-
-DigestInfo ::= SEQUENCE {
-	digestAlgorithm Algorithm,
-	digest OCTET STRING
-}
-
-DigestInfoNull ::= SEQUENCE {
-	digestAlgorithm AlgorithmNull,
-	digest OCTET STRING
-}
-
-
-END  -- PKCS1Definitions
-
diff --git a/lib/ssh/src/prebuild.skip b/lib/ssh/src/prebuild.skip
deleted file mode 100644
index 1d7552d98d..0000000000
--- a/lib/ssh/src/prebuild.skip
+++ /dev/null
@@ -1,2 +0,0 @@
-DSS.asn1db
-PKCS-1.asn1db
diff --git a/lib/ssh/src/ssh.app.src b/lib/ssh/src/ssh.app.src
index 8a3e15841f..7a58dbe54f 100644
--- a/lib/ssh/src/ssh.app.src
+++ b/lib/ssh/src/ssh.app.src
@@ -3,9 +3,7 @@
 {application, ssh,
  [{description, "SSH-2 for Erlang/OTP"},
   {vsn, "%VSN%"},
-  {modules, ['DSS',
-	     'PKCS-1',
-	     ssh,
+  {modules, [ssh,
 	     ssh_app,
 	     ssh_acceptor,
 	     ssh_acceptor_sup,
@@ -21,12 +19,11 @@
 	     ssh_shell,
 	     sshc_sup,
 	     sshd_sup,
-	     ssh_dsa,
 	     ssh_file,
 	     ssh_io,
+             ssh_key_api,
 	     ssh_math,
 	     ssh_no_io,
-	     ssh_rsa,
 	     ssh_sftp,
 	     ssh_sftpd,
 	     ssh_sftpd_file,
diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src
index 150b7d86dd..21a0582c06 100644
--- a/lib/ssh/src/ssh.appup.src
+++ b/lib/ssh/src/ssh.appup.src
@@ -18,7 +18,9 @@
 %%
 
 {"%VSN%",	
- [
+ [		
+  {"2.0.8", [{load_module, ssh_sftpd_file_api, soft_purge, soft_purge, []},
+             {load_module, ssh_channel, soft_purge, soft_purge, []}]},
   {"2.0.7", [{load_module, ssh_sftp, soft_purge, soft_purge, []}]},
   {"2.0.6", [{load_module, ssh_userreg, soft_purge, soft_purge, []},
              {load_module, ssh_sftp, soft_purge, soft_purge, []}]},
@@ -27,6 +29,8 @@
              {load_module, ssh_connection_handler, soft_purge, soft_purge, [ssh_userreg]}]}
  ],
  [
+  {"2.0.8", [{load_module, ssh_sftpd_file_api, soft_purge, soft_purge, []},
+             {load_module, ssh_channel, soft_purge, soft_purge, []}]},	
   {"2.0.7", [{load_module, ssh_sftp, soft_purge, soft_purge, []}]},
   {"2.0.6", [{load_module, ssh_userreg, soft_purge, soft_purge, []},
              {load_module, ssh_sftp, soft_purge, soft_purge, []}]},
diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl
index cada109df0..5751f2eaa0 100644
--- a/lib/ssh/src/ssh.erl
+++ b/lib/ssh/src/ssh.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,6 +23,7 @@
 
 -include("ssh.hrl").
 -include("ssh_connect.hrl").
+-include_lib("public_key/include/public_key.hrl").
 
 -export([start/0, start/1, stop/0, connect/3, connect/4, close/1, connection_info/2,
 	 channel_info/3,
@@ -30,6 +31,9 @@
 	 stop_listener/1, stop_listener/2, stop_daemon/1, stop_daemon/2,
 	 shell/1, shell/2, shell/3]).
 
+-deprecated({sign_data, 2, next_major_release}).
+-deprecated({verify_data, 3, next_major_release}).
+
 -export([sign_data/2, verify_data/3]).
 
 %%--------------------------------------------------------------------
@@ -89,6 +93,9 @@ connect(Host, Port, Options, Timeout) ->
 		%% might return undefined as the connection manager
 		%% could allready have terminated, so we will not
 		%% match the Manager in this case
+		{_, not_connected, {error, econnrefused}} when DisableIpv6 == false ->
+		    do_demonitor(MRef, Manager),
+		    connect(Host, Port, [{ip_v6_disabled, true} | Options], Timeout);
 		{_, not_connected, {error, Reason}} ->
 		    do_demonitor(MRef, Manager),
 		    {error, Reason};
@@ -247,43 +254,6 @@ shell(Host, Port, Options) ->
 	    Error
     end.
 
-
-%%--------------------------------------------------------------------
-%% Function: sign_data(Data, Algorithm) -> binary() | 
-%%                                         {error, Reason}
-%%
-%%   Data = binary()
-%%   Algorithm = "ssh-rsa"
-%%
-%% Description: Use SSH key to sign data.
-%%--------------------------------------------------------------------
-sign_data(Data, Algorithm) when is_binary(Data) ->
-    case ssh_file:private_identity_key(Algorithm,[]) of
-	{ok, Key} when Algorithm == "ssh-rsa" ->
-	    ssh_rsa:sign(Key, Data);
-	Error ->
-	    Error
-    end.
-
-%%--------------------------------------------------------------------
-%% Function: verify_data(Data, Signature, Algorithm) -> ok | 
-%%                                                      {error, Reason}
-%%
-%%   Data = binary()
-%%   Signature = binary()
-%%   Algorithm = "ssh-rsa"
-%%
-%% Description: Use SSH signature to verify data.
-%%--------------------------------------------------------------------
-verify_data(Data, Signature, Algorithm) when is_binary(Data), is_binary(Signature) ->
-    case ssh_file:public_identity_key(Algorithm, []) of
-	{ok, Key} when Algorithm == "ssh-rsa" ->
-	    ssh_rsa:verify(Key, Data, Signature);
-	Error ->
-	    Error
-    end.
-
-
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
@@ -336,6 +306,10 @@ handle_options([{connect_timeout, _} = Opt | Rest], SockOpts, Opts) ->
     handle_options(Rest, SockOpts, [Opt | Opts]);
 handle_options([{user, _} = Opt | Rest], SockOpts, Opts) -> 
     handle_options(Rest, SockOpts, [Opt | Opts]);
+handle_options([{dsa_pass_phrase, _} = Opt | Rest], SockOpts, Opts) ->
+    handle_options(Rest, SockOpts, [Opt | Opts]);
+handle_options([{rsa_pass_phrase, _} = Opt | Rest], SockOpts, Opts) ->
+    handle_options(Rest, SockOpts, [Opt | Opts]);
 handle_options([{password, _} = Opt | Rest], SockOpts, Opts) -> 
     handle_options(Rest, SockOpts, [Opt | Opts]);
 handle_options([{user_passwords, _} = Opt | Rest], SockOpts, Opts) -> 
@@ -379,6 +353,50 @@ handle_options([Opt | Rest], SockOpts, Opts) ->
 inetopt(true) ->
     inet;
 inetopt(false) ->
-    inet6.
+    case gen_tcp:listen(0, [inet6, {ip, loopback}]) of
+	{ok, Dummyport} ->
+	    gen_tcp:close(Dummyport),
+	    inet6;
+	_ ->
+	    inet
+    end.
+
+%%%
+%% Deprecated
+%%%
+
+%%--------------------------------------------------------------------
+%% Function: sign_data(Data, Algorithm) -> binary() |
+%%                                         {error, Reason}
+%%
+%%   Data = binary()
+%%   Algorithm = "ssh-rsa"
+%%
+%% Description: Use SSH key to sign data.
+%%--------------------------------------------------------------------
+sign_data(Data, Algorithm) when is_binary(Data) ->
+    case ssh_file:user_key(Algorithm,[]) of
+	{ok, Key} when Algorithm == "ssh-rsa" ->
+	    public_key:sign(Data, sha, Key);
+	Error ->
+	    Error
+    end.
 
+%%--------------------------------------------------------------------
+%% Function: verify_data(Data, Signature, Algorithm) -> ok |
+%%                                                      {error, Reason}
+%%
+%%   Data = binary()
+%%   Signature = binary()
+%%   Algorithm = "ssh-rsa"
+%%
+%% Description: Use SSH signature to verify data.
+%%--------------------------------------------------------------------
+verify_data(Data, Signature, Algorithm) when is_binary(Data), is_binary(Signature) ->
+    case ssh_file:user_key(Algorithm, []) of
+	{ok, #'RSAPrivateKey'{publicExponent = E, modulus = N}} when Algorithm == "ssh-rsa" ->
+	    public_key:verify(Data, sha, Signature, #'RSAPublicKey'{publicExponent = E, modulus = N});
+	Error ->
+	    Error
+    end.
 
diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl
index ac249b05e3..da5750b6c3 100644
--- a/lib/ssh/src/ssh.hrl
+++ b/lib/ssh/src/ssh.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -54,18 +54,6 @@
 -define(string(X), << ?STRING(list_to_binary(X)) >> ).
 -define(binary(X), << ?STRING(X) >>).
 
--ifdef(debug).
--define(dbg(Debug, Fmt, As),
-	case (Debug) of
-	    true ->
-		io:format([$# | (Fmt)], (As));
-	    _ ->
-		ok
-	end).
--else.
--define(dbg(Debug, Fmt, As), ok).
--endif.
-
 -define(SSH_CIPHER_NONE, 0).
 -define(SSH_CIPHER_3DES, 3).
 -define(SSH_CIPHER_AUTHFILE, ?SSH_CIPHER_3DES).
@@ -138,7 +126,8 @@
 	  userauth_quiet_mode,              %  boolean()
 	  userauth_supported_methods , %  
 	  userauth_methods,
-	  userauth_preference	  
+	  userauth_preference,
+	  available_host_keys
 	 }).
 
 -record(alg,
diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl
index 9dbd95886e..62d684f4dc 100644
--- a/lib/ssh/src/ssh_auth.erl
+++ b/lib/ssh/src/ssh_auth.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,8 +21,9 @@
 
 -module(ssh_auth).
 
--include("ssh.hrl").
+-include_lib("public_key/include/public_key.hrl").
 
+-include("ssh.hrl").
 -include("ssh_auth.hrl").
 -include("ssh_transport.hrl").
 
@@ -36,18 +37,21 @@
 %%--------------------------------------------------------------------
 %%% Internal application API
 %%--------------------------------------------------------------------
-publickey_msg([Cb, #ssh{user = User,
+publickey_msg([Alg, #ssh{user = User,
 		       session_id = SessionId,
 		       service = Service,
 		       opts = Opts} = Ssh]) ->
+
+    Hash = sha, %% Maybe option?!
     ssh_bits:install_messages(userauth_pk_messages()),
-    Alg = Cb:alg_name(),
-    case ssh_file:private_identity_key(Alg, Opts) of
-	{ok, PrivKey} ->
-	    PubKeyBlob = ssh_file:encode_public_key(PrivKey),
+    KeyCb = proplists:get_value(key_cb, Opts, ssh_file),
+
+    case KeyCb:user_key(Alg, Opts) of
+	{ok, Key} ->
+	    PubKeyBlob = encode_public_key(Key),
 	    SigData = build_sig_data(SessionId, 
-				     User, Service, Alg, PubKeyBlob),
-	    Sig = Cb:sign(PrivKey, SigData),
+				     User, Service, PubKeyBlob, Alg),
+	    Sig = ssh_transport:sign(SigData, Hash, Key),
 	    SigBlob = list_to_binary([?string(Alg), ?binary(Sig)]),
 	    ssh_transport:ssh_packet(
 	      #ssh_msg_userauth_request{user = User,
@@ -58,8 +62,8 @@ publickey_msg([Cb, #ssh{user = User,
 						?binary(PubKeyBlob),
 						?binary(SigBlob)]},
 	      Ssh);
-	_Error ->
-	  not_ok
+     	_Error ->
+	    not_ok
     end.
 
 password_msg([#ssh{opts = Opts, io_cb = IoCb,
@@ -67,29 +71,43 @@ password_msg([#ssh{opts = Opts, io_cb = IoCb,
     ssh_bits:install_messages(userauth_passwd_messages()),
     Password = case proplists:get_value(password, Opts) of
 		   undefined -> 
-		       IoCb:read_password("ssh password: ");
+		       user_interaction(Opts, IoCb);
 		   PW -> 
 		       PW
 	       end,
-    ssh_transport:ssh_packet(
-      #ssh_msg_userauth_request{user = User,
-				service = Service,
-				method = "password",
-				data =
-				<<?BOOLEAN(?FALSE),
-				 ?STRING(list_to_binary(Password))>>},
-      Ssh).
+    case Password of
+	not_ok ->
+	    not_ok;
+	_  ->
+	    ssh_transport:ssh_packet(
+	      #ssh_msg_userauth_request{user = User,
+					service = Service,
+					method = "password",
+					data =
+					    <<?BOOLEAN(?FALSE),
+					      ?STRING(list_to_binary(Password))>>},
+	      Ssh)
+    end.
+
+user_interaction(Opts, IoCb) ->
+    case proplists:get_value(allow_user_interaction, Opts, true) of
+	true ->
+	    IoCb:read_password("ssh password: ");
+	false ->
+	    not_ok
+    end.
+
 
 %% See RFC 4256 for info on keyboard-interactive
 keyboard_interactive_msg([#ssh{user = User,
-			      service = Service} = Ssh]) ->
+			       service = Service} = Ssh]) ->
     ssh_bits:install_messages(userauth_keyboard_interactive_messages()),
     ssh_transport:ssh_packet(
       #ssh_msg_userauth_request{user = User,
 				service = Service,
 				method = "keyboard-interactive",
 				data = << ?STRING(<<"">>),
-					?STRING(<<>>) >> }, 
+					  ?STRING(<<>>) >> },
       Ssh).
 
 service_request_msg(Ssh) ->
@@ -103,12 +121,12 @@ init_userauth_request_msg(#ssh{opts = Opts} = Ssh) ->
 					    service = "ssh-connection",
 					    method = "none",
 					    data = <<>>},
-	    CbFirst = proplists:get_value(public_key_alg, Opts, 
-					  ?PREFERRED_PK_ALG),
-	    CbSecond = other_cb(CbFirst),
+	    FirstAlg = algorithm(proplists:get_value(public_key_alg, Opts,
+					  ?PREFERRED_PK_ALG)),
+	    SecondAlg = other_alg(FirstAlg),
 	    AllowUserInt =  proplists:get_value(allow_user_interaction, Opts,
 						true),
-	    Prefs = method_preference(CbFirst, CbSecond, AllowUserInt),
+	    Prefs = method_preference(FirstAlg, SecondAlg, AllowUserInt),
 	    ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User,
 					    userauth_preference = Prefs,
 					    userauth_methods = none,
@@ -192,12 +210,12 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User,
 	?TRUE ->
 	    case verify_sig(SessionId, User, "ssh-connection", Alg,
 			    KeyBlob, SigWLen, Opts) of
-		ok ->
+		true ->
 		    {authorized, User, 
 		     ssh_transport:ssh_packet(
 		       #ssh_msg_userauth_success{}, Ssh)};
-		{error, Reason} ->
-		    {not_authorized, {User, {error, Reason}}, 
+		false ->
+		    {not_authorized, {User, {error, "Invalid signature"}}, 
 		     ssh_transport:ssh_packet(#ssh_msg_userauth_failure{
 			     authentications="publickey,password",
 			     partial_success = false}, Ssh)}
@@ -228,7 +246,6 @@ handle_userauth_info_request(
     PromptInfos = decode_keyboard_interactive_prompts(NumPrompts,Data),
     Resps = keyboard_interact_get_responses(IoCb, Opts,
 					    Name, Instr, PromptInfos),
-    %%?dbg(true, "keyboard_interactive_reply: resps=~n#~p ~n", [Resps]),
     RespBin = list_to_binary(
 		lists:map(fun(S) -> <<?STRING(list_to_binary(S))>> end,
 			  Resps)),
@@ -263,15 +280,15 @@ userauth_messages() ->
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
-method_preference(Callback1, Callback2, true) ->
-    [{"publickey", ?MODULE, publickey_msg, [Callback1]},
-     {"publickey", ?MODULE, publickey_msg,[Callback2]},
+method_preference(Alg1, Alg2, true) ->
+    [{"publickey", ?MODULE, publickey_msg, [Alg1]},
+     {"publickey", ?MODULE, publickey_msg,[Alg2]},
      {"password", ?MODULE, password_msg, []},
      {"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []}
     ];
-method_preference(Callback1, Callback2, false) ->
-    [{"publickey", ?MODULE, publickey_msg, [Callback1]},
-     {"publickey", ?MODULE, publickey_msg,[Callback2]},
+method_preference(Alg1, Alg2, false) ->
+    [{"publickey", ?MODULE, publickey_msg, [Alg1]},
+     {"publickey", ?MODULE, publickey_msg,[Alg2]},
      {"password", ?MODULE, password_msg, []}
     ].
 
@@ -295,7 +312,6 @@ user_name(Opts) ->
     end.
 
 check_password(User, Password, Opts) ->
-    %%?dbg(true, " ~p ~p ~p ~n", [User, Password, Opts]),
     case proplists:get_value(pwdfun, Opts) of
 	undefined ->
 	    Static = get_password_option(Opts, User),
@@ -312,25 +328,22 @@ get_password_option(Opts, User) ->
     end.
 	    
 verify_sig(SessionId, User, Service, Alg, KeyBlob, SigWLen, Opts) ->
-    case ssh_file:lookup_user_key(User, Alg, Opts) of
-	{ok, OurKey} ->
-	    {ok, Key} = ssh_file:decode_public_key_v2(KeyBlob, Alg),
-	    case OurKey of
-		Key ->
-		    NewSig = build_sig_data(SessionId, 
-					    User, Service, Alg, KeyBlob),
-		    <<?UINT32(AlgSigLen), AlgSig:AlgSigLen/binary>> = SigWLen,
-		    <<?UINT32(AlgLen), _Alg:AlgLen/binary,
-		     ?UINT32(SigLen), Sig:SigLen/binary>> = AlgSig,
-		    M = alg_to_module(Alg),
-		    M:verify(OurKey, NewSig, Sig);
-		_ ->
-		    {error, key_unacceptable}
-	    end;
-	Error -> Error
+    {ok, Key} = decode_public_key_v2(KeyBlob, Alg),
+    KeyCb =  proplists:get_value(key_cb, Opts, ssh_file),
+
+    case KeyCb:is_auth_key(Key, User, Alg, Opts) of
+	true ->
+	    PlainText = build_sig_data(SessionId, User,
+				       Service, KeyBlob, Alg),
+	    <<?UINT32(AlgSigLen), AlgSig:AlgSigLen/binary>> = SigWLen,
+	    <<?UINT32(AlgLen), _Alg:AlgLen/binary,
+	      ?UINT32(SigLen), Sig:SigLen/binary>> = AlgSig,
+	    ssh_transport:verify(PlainText, sha, Sig, Key);
+	false ->
+	    {error, key_unacceptable}
     end.
 
-build_sig_data(SessionId, User, Service, Alg, KeyBlob) ->
+build_sig_data(SessionId, User, Service, KeyBlob, Alg) ->
     Sig = [?binary(SessionId),
 	   ?SSH_MSG_USERAUTH_REQUEST,
 	   ?string(User),
@@ -341,6 +354,11 @@ build_sig_data(SessionId, User, Service, Alg, KeyBlob) ->
 	   ?binary(KeyBlob)],
     list_to_binary(Sig).
 
+algorithm(ssh_rsa) ->
+    "ssh-rsa";
+algorithm(ssh_dsa) ->
+     "ssh-dss".
+
 decode_keyboard_interactive_prompts(NumPrompts, Data) ->
     Types = lists:append(lists:duplicate(NumPrompts, [string, boolean])),
     pairwise_tuplify(ssh_bits:decode(Data, Types)).
@@ -412,12 +430,28 @@ userauth_pk_messages() ->
 	binary]} % key blob
      ].
 
-alg_to_module("ssh-dss") ->
-    ssh_dsa;
-alg_to_module("ssh-rsa") ->
-    ssh_rsa.
-
-other_cb(ssh_rsa) -> 
-    ssh_dsa;
-other_cb(ssh_dsa) -> 
-    ssh_rsa.
+other_alg("ssh-rsa") ->
+    "ssh-dss";
+other_alg("ssh-dss") ->
+    "ssh-rsa".
+decode_public_key_v2(K_S, "ssh-rsa") ->
+    case ssh_bits:decode(K_S,[string,mpint,mpint]) of
+	["ssh-rsa", E, N] ->
+	    {ok, #'RSAPublicKey'{publicExponent = E, modulus = N}};
+	_ ->
+	    {error, bad_format}
+    end;
+decode_public_key_v2(K_S, "ssh-dss") ->
+     case ssh_bits:decode(K_S,[string,mpint,mpint,mpint,mpint]) of
+	 ["ssh-dss",P,Q,G,Y] ->
+	     {ok, {Y, #'Dss-Parms'{p = P, q = Q, g = G}}};
+	 _ ->
+	     {error, bad_format}
+     end;
+decode_public_key_v2(_, _) ->
+    {error, bad_format}.
+
+encode_public_key(#'RSAPrivateKey'{publicExponent = E, modulus = N}) ->
+    ssh_bits:encode(["ssh-rsa",E,N], [string,mpint,mpint]);
+encode_public_key(#'DSAPrivateKey'{p = P, q = Q, g = G, y = Y}) ->
+    ssh_bits:encode(["ssh-dss",P,Q,G,Y], [string,mpint,mpint,mpint,mpint]).
diff --git a/lib/ssh/src/ssh_bits.erl b/lib/ssh/src/ssh_bits.erl
index 3f0a06575c..5841f06d70 100644
--- a/lib/ssh/src/ssh_bits.erl
+++ b/lib/ssh/src/ssh_bits.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -105,16 +105,12 @@ bignum(X) ->
 
 install_messages(Codes) ->
     foreach(fun({Name, Code, Ts}) ->
-		   %%  ?dbg(true, "install msg: ~s = ~w ~w~n", 
-%% 			 [Name,Code,Ts]),
 		    put({msg_name,Code}, {Name,Ts}),
 		    put({msg_code,Name}, {Code,Ts})
 	    end, Codes).
 
 uninstall_messages(Codes) ->
     foreach(fun({Name, Code, _Ts}) ->
-		  %%   ?dbg(true, "uninstall msg: ~s = ~w ~w~n", 
-%% 			 [Name,Code,_Ts]),
 		    erase({msg_name,Code}),
 		    erase({msg_code,Name})
 	    end, Codes).
diff --git a/lib/ssh/src/ssh_channel.erl b/lib/ssh/src/ssh_channel.erl
index dcb2d69290..7b600ed8b2 100644
--- a/lib/ssh/src/ssh_channel.erl
+++ b/lib/ssh/src/ssh_channel.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,10 +23,23 @@
 
 -include("ssh_connect.hrl").
 
+%%% Optional callbacks handle_call/3, handle_cast/2, handle_msg/2,
+%%% code_change/3
+%% Should be further specified later
+-callback init(Options::list()) ->
+    {ok, State::term()} | {ok, State::term(), Timeout::timeout()} | 
+    {stop, Reason ::term()}. 
+
+-callback terminate(term(), term()) -> term().
+
+-callback handle_ssh_msg({ssh_cm, ConnectionRef::term(), SshMsg::term()}, 
+ 			 State::term()) -> {ok, State::term()} | 
+ 					   {stop, ChannelId::integer(), 
+ 					    State::term()}.
 -behaviour(gen_server).
 
 %%% API
--export([behaviour_info/1, start/4, start/5, start_link/4, start_link/5, call/2, call/3,
+-export([start/4, start/5, start_link/4, start_link/5, call/2, call/3,
 	 cast/2, reply/2, enter_loop/1]).
 
 %% gen_server callbacks
@@ -50,17 +63,6 @@
 %% API
 %%====================================================================
 
-%%% Optionel callbacks handle_call/3, handle_cast/2, handle_msg/2,
-%%% code_change/3
-behaviour_info(callbacks) ->
-    [
-     {init, 1}, 
-     {terminate, 2}, 
-     {handle_ssh_msg, 2},
-     {handle_msg, 2}
-     ].
-
-
 call(ChannelPid, Msg) ->
     call(ChannelPid, Msg, infinity).
 
diff --git a/lib/ssh/src/ssh_connect.hrl b/lib/ssh/src/ssh_connect.hrl
index 34d4ff8fc1..e06c9ea211 100644
--- a/lib/ssh/src/ssh_connect.hrl
+++ b/lib/ssh/src/ssh_connect.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl
index 7b9e9185bf..cb02d7b824 100644
--- a/lib/ssh/src/ssh_connection.erl
+++ b/lib/ssh/src/ssh_connection.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -722,8 +722,6 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId,
 				    request_type = _Other,
 				    want_reply = WantReply}, Connection,
 	   ConnectionPid, _) ->
-    ?dbg(true, "ssh_msg ssh_msg_channel_request: Other=~p\n",
-	 [_Other]),
     if WantReply == true ->
 	    FailMsg = channel_failure_msg(ChannelId),
 	    {{replies, [{connection_reply, ConnectionPid, FailMsg}]}, 
diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl
index 00b30e5434..9079089d5d 100644
--- a/lib/ssh/src/ssh_connection_handler.erl
+++ b/lib/ssh/src/ssh_connection_handler.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -637,16 +637,18 @@ init_ssh(client = Role, Vsn, Version, Options, Socket) ->
     {ok, PeerAddr} = inet:peername(Socket),
     
     PeerName =  proplists:get_value(host, Options),
+    KeyCb =  proplists:get_value(key_cb, Options, ssh_file),
 
     #ssh{role = Role,
 	 c_vsn = Vsn,
 	 c_version = Version,
-	 key_cb = proplists:get_value(key_cb, Options, ssh_file),
+	 key_cb = KeyCb,
 	 io_cb = IOCb,
 	 userauth_quiet_mode = proplists:get_value(quiet_mode, Options, false),
 	 opts = Options,
 	 userauth_supported_methods = AuthMethods,
-	 peer = {PeerName, PeerAddr}
+	 peer = {PeerName, PeerAddr},
+	 available_host_keys = supported_host_keys(Role, KeyCb, Options)
 	};
 
 init_ssh(server = Role, Vsn, Version, Options, Socket) ->
@@ -654,17 +656,48 @@ init_ssh(server = Role, Vsn, Version, Options, Socket) ->
     AuthMethods = proplists:get_value(auth_methods, Options, 
 				      ?SUPPORTED_AUTH_METHODS),
     {ok, PeerAddr} = inet:peername(Socket),
-    
+    KeyCb =  proplists:get_value(key_cb, Options, ssh_file),
+
     #ssh{role = Role,
 	 s_vsn = Vsn,
 	 s_version = Version,
-	 key_cb = proplists:get_value(key_cb, Options, ssh_file),
+	 key_cb = KeyCb,
 	 io_cb = proplists:get_value(io_cb, Options, ssh_io),
 	 opts = Options,
 	 userauth_supported_methods = AuthMethods,
-	 peer = {undefined, PeerAddr}
+	 peer = {undefined, PeerAddr},
+	 available_host_keys = supported_host_keys(Role, KeyCb, Options)
 	 }.
 
+supported_host_keys(client, _, _) ->
+    ["ssh-rsa", "ssh-dss"];
+supported_host_keys(server, KeyCb, Options) ->
+    lists:foldl(fun(Type, Acc) ->
+			case available_host_key(KeyCb, Type, Options) of
+			    {error, _} ->
+				Acc;
+			    Alg ->
+				[Alg | Acc]
+			end
+		end, [],
+		%% Prefered alg last so no need to reverse
+		["ssh-dss", "ssh-rsa"]).
+
+available_host_key(KeyCb, "ssh-dss"= Alg, Opts) ->
+    case KeyCb:host_key('ssh-dss', Opts) of
+	{ok, _} ->
+	    Alg;
+	Other ->
+	    Other
+    end;
+available_host_key(KeyCb, "ssh-rsa" = Alg, Opts) ->
+    case KeyCb:host_key('ssh-rsa', Opts) of
+	{ok, _} ->
+	    Alg;
+	Other ->
+	    Other
+    end.
+
 send_msg(Msg, #state{socket = Socket, transport_cb = Transport}) ->
     Transport:send(Socket, Msg).
 
diff --git a/lib/ssh/src/ssh_connection_manager.erl b/lib/ssh/src/ssh_connection_manager.erl
index 9bfd5270da..f729276e65 100644
--- a/lib/ssh/src/ssh_connection_manager.erl
+++ b/lib/ssh/src/ssh_connection_manager.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -144,7 +144,7 @@ adjust_window(ConnectionManager, Channel, Bytes) ->
     cast(ConnectionManager, {adjust_window, Channel, Bytes}).
 
 close(ConnectionManager, ChannelId) ->
-    try   call(ConnectionManager, {close, ChannelId}) of
+    try call(ConnectionManager, {close, ChannelId}) of
 	  ok ->
 	    ok;
 	  {error, channel_closed} ->
@@ -604,6 +604,8 @@ call(Pid, Msg, Timeout) ->
 	exit:{timeout, _} ->
 	    {error, timeout};
 	exit:{normal, _} ->
+	    {error, channel_closed};
+	exit:{noproc,_} ->
 	    {error, channel_closed}
     end.
 
diff --git a/lib/ssh/src/ssh_dsa.erl b/lib/ssh/src/ssh_dsa.erl
deleted file mode 100644
index 1b9a396f0c..0000000000
--- a/lib/ssh/src/ssh_dsa.erl
+++ /dev/null
@@ -1,95 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-
-%%% Description: dsa public-key sign and verify
-
--module(ssh_dsa).
-
--export([verify/3]).
--export([sign/2]).
--export([alg_name/0]).
-
--include("ssh.hrl").
-
-%% start() ->
-%%     crypto:start().
-
-%% sign_file(File, Opts) ->
-%%     start(),
-%%     {ok,Bin} = file:read_file(File),
-%%     {ok,Key} = ssh_file:private_host_dsa_key(user, Opts),
-%%     sign(Key, Bin).
-
-%% verify_file(File, Sig) ->
-%%     start(),
-%%     {ok,Bin} = file:read_file(File),
-%%     {ok,Key} = ssh_file:public_host_key(user, dsa),
-%%     verify(Key, Bin, Sig).
-
-sign(_Private=#ssh_key { private={P,Q,G,X} },Mb) ->
-    K = ssh_bits:irandom(160) rem Q,
-    R = ssh_math:ipow(G, K, P) rem Q,
-    Ki = ssh_math:invert(K, Q),
-    <<M:160/big-unsigned-integer>> = crypto:sha(Mb),
-    S = (Ki * (M + X*R)) rem Q,
-    <<R:160/big-unsigned-integer, S:160/big-unsigned-integer>>.
-
-
-%% the paramiko client sends a bad sig sometimes, 
-%% instead of crashing, we nicely return error, the
-%% typcally manifests itself as Sb being 39 bytes
-%% instead of 40.
-
-verify(Public, Mb, Sb) ->
-    case catch xverify(Public, Mb, Sb) of
-	{'EXIT', _Reason} ->
-            %store({Public, Mb, Sb, _Reason}),
-	    {error, inconsistent_key};
-	ok ->
-  	    %store({Public, Mb, Sb, ok})
-	    ok
-    end.
-
-%% store(Term) ->
-%%     {ok, Fd} = file:open("/tmp/dsa", [append]),
-%%     io:format(Fd, "~p~n~n~n", [Term]),
-%%     file:close(Fd).
-
-
-xverify(_Public=#ssh_key { public={P,Q,G,Y} },Mb,Sb) ->
-    <<R0:160/big-unsigned-integer, S0:160/big-unsigned-integer>> = Sb,
-    ?ssh_assert(R0 >= 0 andalso R0 < Q andalso
-		S0 >= 0 andalso S0 < Q, out_of_range),
-    W = ssh_math:invert(S0,Q),
-    <<M0:160/big-unsigned-integer>> = crypto:sha(Mb),
-    U1 = (M0*W) rem Q,
-    U2 = (R0*W) rem Q,
-    T1 = ssh_math:ipow(G,U1,P),
-    T2 = ssh_math:ipow(Y,U2,P),
-    V = ((T1*T2) rem P) rem Q,
-    if V == R0 ->
-	    ok;
-       true ->
-	    {error, inconsistent_key}
-    end.
-
-alg_name() ->
-    "ssh-dss".
diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl
index 12180f56bb..d05fa8e09a 100644
--- a/lib/ssh/src/ssh_file.erl
+++ b/lib/ssh/src/ssh_file.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,80 +23,98 @@
 
 -module(ssh_file).
 
--include("ssh.hrl").
--include("PKCS-1.hrl").
--include("DSS.hrl").
+-behaviour(ssh_key_api).
 
+-include_lib("public_key/include/public_key.hrl").
 -include_lib("kernel/include/file.hrl").
 
--export([public_host_dsa_key/2,private_host_dsa_key/2,
-	 public_host_rsa_key/2,private_host_rsa_key/2,
-	 public_host_key/2,private_host_key/2,
-	 lookup_host_key/3, add_host_key/3, % del_host_key/2,
-	 lookup_user_key/3, ssh_dir/2, file_name/3]).
-
--export([private_identity_key/2, 
-	 public_identity_key/2]).
-%% 	 identity_keys/2]).
-
--export([encode_public_key/1, decode_public_key_v2/2]).
+-include("ssh.hrl").
 
--import(lists, [reverse/1, append/1]).
+-export([host_key/2,
+	 user_key/2,
+	 is_host_key/4,
+	 add_host_key/3,
+	 is_auth_key/4]).
 
--define(DBG_PATHS, true).
 
 -define(PERM_700, 8#700).
 -define(PERM_644, 8#644).
 
+
 %% API
-public_host_dsa_key(Type, Opts) ->
-    File = file_name(Type, "ssh_host_dsa_key.pub", Opts),
-    read_public_key_v2(File, "ssh-dss").
-
-private_host_dsa_key(Type, Opts) ->
-    File = file_name(Type, "ssh_host_dsa_key", Opts),
-    read_private_key_v2(File, "ssh-dss").
-
-public_host_rsa_key(Type, Opts) ->
-    File = file_name(Type, "ssh_host_rsa_key.pub", Opts),
-    read_public_key_v2(File, "ssh-rsa").
-
-private_host_rsa_key(Type, Opts) ->
-    File = file_name(Type, "ssh_host_rsa_key", Opts),
-    read_private_key_v2(File, "ssh-rsa").
-
-public_host_key(Type, Opts) ->
-    File = file_name(Type, "ssh_host_key", Opts),
-    case read_private_key_v1(File,public) of
-	{error, enoent} ->	
-	    read_public_key_v1(File++".pub");
-	Result ->
-	    Result
-    end.
-	    
 
-private_host_key(Type, Opts) ->
-    File = file_name(Type, "ssh_host_key", Opts),
-    read_private_key_v1(File,private).
+%% Used by server
+host_key(Algorithm, Opts) ->
+    File = file_name(system, file_base_name(Algorithm), Opts),
+    %% We do not expect host keys to have pass phrases
+    %% so probably we could hardcod Password = ignore, but
+    %% we keep it as an undocumented option for now.
+    Password = proplists:get_value(identity_pass_phrase(Algorithm), Opts, ignore),
+    decode(File, Password).
 
 
+is_auth_key(Key, User, Alg, Opts) ->
+    case lookup_user_key(Key, User, Alg, Opts) of
+	{ok, Key} ->
+	    true;
+	_ ->
+	    false
+    end.
 
-%% in: "host" out: "host,1.2.3.4.
-add_ip(Host)                                                             ->
-    case inet:getaddr(Host, inet) of
-	{ok, Addr} ->
-	    case ssh_connection:encode_ip(Addr) of
-		false -> Host;
-		IPString -> Host ++ "," ++ IPString
-	    end;
-	_ -> Host
-    end.    
 
-replace_localhost("localhost") ->
-    {ok, Hostname} = inet:gethostname(),
-    Hostname;
-replace_localhost(Host) ->
-    Host.
+%% Used by client
+is_host_key(Key, PeerName, Algorithm, Opts) ->
+    case lookup_host_key(PeerName, Algorithm, Opts) of
+	{ok, Key} ->
+	    true;
+	_ ->
+	    false
+    end.
+
+user_key(Algorithm, Opts) ->
+    File = file_name(user, identity_key_filename(Algorithm), Opts),
+    Password = proplists:get_value(identity_pass_phrase(Algorithm), Opts, ignore),
+    decode(File, Password).
+
+
+%% Internal functions %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+file_base_name('ssh-rsa') ->
+    "ssh_host_rsa_key";
+file_base_name('ssh-dss') ->
+    "ssh_host_dsa_key";
+file_base_name(_) ->
+    "ssh_host_key".
+
+decode(File, Password) ->
+    try 
+	{ok, decode_ssh_file(read_ssh_file(File), Password)}
+    catch 
+	throw:Reason ->
+	    {error, Reason};
+	error:Reason ->
+	    {error, Reason}
+    end.      
+
+read_ssh_file(File) ->
+    {ok, Bin} = file:read_file(File),
+    Bin.
+
+%% Public key
+decode_ssh_file(SshBin, public_key) ->
+    public_key:ssh_decode(SshBin, public_key);
+
+%% Private Key
+decode_ssh_file(Pem, Password) ->
+    case public_key:pem_decode(Pem) of
+	[{_, _, not_encrypted} = Entry]  -> 
+	    public_key:pem_entry_decode(Entry);
+	[Entry] when Password =/= ignore ->
+	    public_key:pem_entry_decode(Entry, Password);
+	 _ ->
+	    throw("No pass phrase provided for private key file")
+    end.
+    
 
 %% lookup_host_key
 %% return {ok, Key(s)} or {error, not_found}
@@ -106,15 +124,6 @@ lookup_host_key(Host, Alg, Opts) ->
     Host1 = replace_localhost(Host),
     do_lookup_host_key(Host1, Alg, Opts).
 	    
-do_lookup_host_key(Host, Alg, Opts) ->
-    case file:open(file_name(user, "known_hosts", Opts), [read]) of
-	{ok, Fd} ->
-	    Res = lookup_host_key_fd(Fd, Host, Alg),
-	    file:close(Fd),
-	    Res;
-	{error, enoent} -> {error, not_found};
-	Error -> Error
-    end.
 
 add_host_key(Host, Key, Opts) ->
     Host1 = add_ip(replace_localhost(Host)),
@@ -129,383 +138,16 @@ add_host_key(Host, Key, Opts) ->
    	    Error
     end.
 
-%% del_host_key(Host, Opts) ->
-%%     Host1 = replace_localhost(Host),
-%%     case file:open(file_name(user, "known_hosts", Opts),[write,read]) of
-%% 	{ok, Fd} ->
-%% 	    Res = del_key_fd(Fd, Host1),
-%% 	    file:close(Fd),
-%% 	    Res;
-%% 	Error ->
-%% 	    Error
-%%     end.
-
-identity_key_filename("ssh-dss") -> "id_dsa";
-identity_key_filename("ssh-rsa") -> "id_rsa".
-
-private_identity_key(Alg, Opts) ->
-    Path = file_name(user, identity_key_filename(Alg), Opts),
-    read_private_key_v2(Path, Alg).
-
-public_identity_key(Alg, Opts) ->
-    Path = file_name(user, identity_key_filename(Alg) ++ ".pub", Opts),
-    read_public_key_v2(Path, Alg).
-
-
-read_public_key_v2(File, Type) ->
-    case file:read_file(File) of
-	{ok,Bin} ->
-	    List = binary_to_list(Bin),
-	    case lists:prefix(Type, List) of
-		true ->
-		    List1 = lists:nthtail(length(Type), List),
-		    K_S = ssh_bits:b64_decode(List1),
-		    decode_public_key_v2(K_S, Type);
-		false ->
-		    {error, bad_format}
-	    end;
-	Error ->
-	    Error
-    end.
-
-decode_public_key_v2(K_S, "ssh-rsa") ->
-    case ssh_bits:decode(K_S,[string,mpint,mpint]) of
-	["ssh-rsa", E, N] ->
-	    {ok, #ssh_key { type = rsa,
-			    public = {N,E},
-			    comment=""}};
-	_ ->
-	    {error, bad_format}
-    end;
-decode_public_key_v2(K_S, "ssh-dss") ->
-    case ssh_bits:decode(K_S,[string,mpint,mpint,mpint,mpint]) of
-	["ssh-dss",P,Q,G,Y] ->
-	    {ok,#ssh_key { type = dsa,
-			   public = {P,Q,G,Y}
-			  }};
-	_A ->
-	    {error, bad_format}
-    end;
-decode_public_key_v2(_, _) ->
-    {error, bad_format}.
-    
-
-read_public_key_v1(File) ->
-    case file:read_file(File) of
-	{ok,Bin} ->
-	    List = binary_to_list(Bin),
-	    case io_lib:fread("~d ~d ~d ~s", List) of
-		{ok,[_Sz,E,N,Comment],_} ->
-		    {ok,#ssh_key { type = rsa,
-				   public ={N,E},
-				   comment = Comment }};
-		_Error ->
-		    {error, bad_format}
-	    end;
-	Error ->
-	    Error
-    end.
-
-%% pem_type("ssh-dss") -> "DSA";
-%% pem_type("ssh-rsa") -> "RSA".
-
-read_private_key_v2(File, Type) ->
-    case file:read_file(File) of
-        {ok, PemBin} ->
-            case catch (public_key:pem_decode(PemBin)) of
-                [{_, Bin, not_encrypted}] ->
-                    decode_private_key_v2(Bin, Type);
-                Error -> %% Note we do not handle password encrypted keys at the moment
-                    {error, Error}
-            end;
-        {error, Reason} ->
-            {error, Reason}
-    end.
-%%  case file:read_file(File) of
-%% 	{ok,Bin} ->
-%% 	    case read_pem(binary_to_list(Bin), pem_type(Type)) of
-%% 		{ok,Bin1} ->
-%% 		    decode_private_key_v2(Bin1, Type);
-%% 		Error ->
-%% 		    Error
-%% 	    end;
-%% 	Error ->
-%% 	    Error
-%%     end.
-
-decode_private_key_v2(Private,"ssh-rsa") ->
-    case 'PKCS-1':decode( 'RSAPrivateKey', Private) of
-	{ok,RSA} -> %% FIXME Check for two-prime version
-	    {ok, #ssh_key { type = rsa,
-			    public = {RSA#'RSAPrivateKey'.modulus,
-				      RSA#'RSAPrivateKey'.publicExponent},
-			    private = {RSA#'RSAPrivateKey'.modulus,
-				       RSA#'RSAPrivateKey'.privateExponent}
-			    }};
-	Error ->
-	    Error
-    end;
-decode_private_key_v2(Private, "ssh-dss") ->
-    case 'DSS':decode('DSAPrivateKey', Private) of
-	{ok,DSA} -> %% FIXME Check for two-prime version
-	    {ok, #ssh_key { type = dsa,
-			    public = {DSA#'DSAPrivateKey'.p,
-				      DSA#'DSAPrivateKey'.q,
-				      DSA#'DSAPrivateKey'.g,
-				      DSA#'DSAPrivateKey'.y},
-			    private= {DSA#'DSAPrivateKey'.p,
-				      DSA#'DSAPrivateKey'.q,
-				      DSA#'DSAPrivateKey'.g,
-				      DSA#'DSAPrivateKey'.x}
-			   }};
-	_ ->
-	    {error,bad_format}
-    end.
-
-%% SSH1 private key format
-%%  <<"SSH PRIVATE KEY FILE FORMATE 1.1\n" 0:8 
-%%    CipherNum:8, Reserved:32,
-%%    NSz/uint32, N/bignum, E/bignum, Comment/string,
-%%
-%% [ R0:8 R1:8 R0:8 R1:8, D/bignum, IQMP/bignum, Q/bignum, P/bignum, Pad(8)]>>
-%%
-%% where [ ] is encrypted using des3 (ssh1 version) and
-%% a posssibly empty pass phrase using md5(passphase) as key
-%% 
-
-read_private_key_v1(File, Type) ->
-    case file:read_file(File) of
-	{ok,<<"SSH PRIVATE KEY FILE FORMAT 1.1\n",0,
-	     CipherNum,_Resereved:32,Bin/binary>>} ->
-	    decode_private_key_v1(Bin, CipherNum,Type);
-	{ok,_} ->
-	    {error, bad_format};
-	Error ->
-	    Error
-    end.
-
-decode_private_key_v1(Bin, CipherNum, Type) ->
-    case ssh_bits:decode(Bin,0,[uint32, bignum, bignum, string]) of
-	{Offset,[_NSz,N,E,Comment]} ->
-	    if Type == public ->
-		    {ok,#ssh_key { type=rsa,
-				   public={N,E},
-				   comment=Comment}};
-	       Type == private ->
-		    <<_:Offset/binary, Encrypted/binary>> = Bin,
-		    case ssh_bits:decode(decrypt1(Encrypted, CipherNum),0,
-					 [uint32, bignum, bignum, 
-					  bignum, bignum,{pad,8}]) of
-			{_,[_,D,IQMP,Q,P]} ->
-			    {ok,#ssh_key { type=rsa,
-					   public={N,E},
-					   private={D,IQMP,Q,P},
-					   comment=Comment}};
-			_ ->
-			    {error,bad_format}
-		    end
-	    end;
-	_ ->
-	    {error,bad_format}
-    end.
-
-
-decrypt1(Bin, CipherNum) ->
-    decrypt1(Bin, CipherNum,"").
-
-decrypt1(Bin, CipherNum, Phrase) ->
-    if CipherNum == ?SSH_CIPHER_NONE; Phrase == "" ->
-	    Bin;
-       CipherNum == ?SSH_CIPHER_3DES ->
-	    <<K1:8/binary, K2:8/binary>> = erlang:md5(Phrase),
-	    K3 = K1,
-	    IV = <<0,0,0,0,0,0,0,0>>,
-	    Bin1 = crypto:des_cbc_decrypt(K3,IV,Bin),
-	    Bin2 = crypto:des_cbc_encrypt(K2,IV,Bin1),
-	    crypto:des_cbc_decrypt(K1,IV,Bin2)
-    end.
-
-%% encrypt1(Bin, CipherNum) ->
-%%     encrypt1(Bin, CipherNum,"").
-
-%% encrypt1(Bin, CipherNum, Phrase) ->
-%%     if CipherNum == ?SSH_CIPHER_NONE; Phrase == "" ->
-%% 	    Bin;
-%%        CipherNum == ?SSH_CIPHER_3DES ->
-%% 	    <<K1:8/binary, K2:8/binary>> = erlang:md5(Phrase),
-%% 	    K3 = K1,
-%% 	    IV = <<0,0,0,0,0,0,0,0>>,
-%% 	    Bin1 = crypto:des_cbc_encrypt(K1,IV,Bin),
-%% 	    Bin2 = crypto:des_cbc_decrypt(K2,IV,Bin1),
-%% 	    crypto:des_cbc_encrypt(K3,IV,Bin2)
-%%     end.
-
-lookup_host_key_fd(Fd, Host, Alg) ->
-    case io:get_line(Fd, '') of
-	eof ->
-	    {error, not_found};
-	Line ->
-	    case string:tokens(Line, " ") of
-		[HostList, Alg, KeyData] ->
-%% 		    io:format(" ~p lookup_host_key_fd: HostList ~p Alg ~p KeyData ~p\n",
-%%			      [Host, HostList, Alg, KeyData]),
-		    case lists:member(Host, string:tokens(HostList, ",")) of
-			true ->
-			    decode_public_key_v2(ssh_bits:b64_decode(KeyData), Alg);
-			false ->
-			    lookup_host_key_fd(Fd, Host, Alg)
-		    end;
-		_ ->
-		    lookup_host_key_fd(Fd, Host, Alg)
-	    end
-    end.
-
-
-
-%% del_key_fd(Fd, Host) ->
-%%     del_key_fd(Fd, Host, 0, 0).
-
-%% del_key_fd(Fd, Host, ReadPos0, WritePos0) ->
-%%     case io:get_line(Fd, '') of
-%% 	eof ->
-%% 	    if ReadPos0 == WritePos0 ->
-%% 		    ok;
-%% 	       true ->
-%% 		    file:truncate(Fd)
-%% 	    end;
-%% 	Line ->
-%% 	    {ok,ReadPos1} = file:position(Fd, cur),
-%% 	    case string:tokens(Line, " ") of
-%% 		[HostList, _Type, _KeyData] ->
-%% 		    case lists:member(Host, string:tokens(HostList, ",")) of
-%% 			true ->
-%% 			    del_key_fd(Fd, Host, ReadPos1, WritePos0);
-%% 			false ->
-%% 			    if ReadPos0 == WritePos0 ->
-%% 				    del_key_fd(Fd, Host, ReadPos1, ReadPos1);
-%% 			       true ->
-%% 				    file:position(Fd, WritePos0),
-%% 				    file:write(Fd, Line),
-%% 				    {ok,WritePos1} = file:position(Fd,cur),
-%% 				    del_key_fd(Fd, Host, ReadPos1, WritePos1)
-%% 			    end
-%% 		    end;
-%% 		_ ->
-%% 		    if ReadPos0 == WritePos0 ->
-%% 			    del_key_fd(Fd, Host, ReadPos1, ReadPos1);
-%% 		       true ->
-%% 			    file:position(Fd, WritePos0),
-%% 			    file:write(Fd, Line),
-%% 			    {ok,WritePos1} = file:position(Fd,cur),
-%% 			    del_key_fd(Fd, Host, ReadPos1, WritePos1)
-%% 		    end		    
-%% 	    end
-%%     end.
-
-
-add_key_fd(Fd, Host, Key) ->
-    case Key#ssh_key.type of
-	rsa ->
-	    {N,E} = Key#ssh_key.public,
-	    DK = ssh_bits:b64_encode(
-		   ssh_bits:encode(["ssh-rsa",E,N],
-				   [string,mpint,mpint])),
-	    file:write(Fd, [Host, " ssh-rsa ", DK, "\n"]);
-	dsa ->
-	    {P,Q,G,Y} = Key#ssh_key.public,
-	    DK = ssh_bits:b64_encode(
-		   ssh_bits:encode(["ssh-dss",P,Q,G,Y],
-				   [string,mpint,mpint,mpint,mpint])),
-	    file:write(Fd, [Host, " ssh-dss ", DK, "\n"])
-    end.
-
-
-%% read_pem(Cs, Type) ->
-%%     case read_line(Cs) of
-%% 	{"-----BEGIN "++Rest,Cs1} ->
-%% 	    case string:tokens(Rest, " ") of
-%% 		[Type, "PRIVATE", "KEY-----"] ->
-%% 		    read_pem64(Cs1, [], Type);
-%% 		_ ->
-%% 		    {error, bad_format}
-%% 	    end;
-%% 	{"",Cs1} when Cs1 =/= "" ->
-%% 	    read_pem(Cs1,Type);
-%% 	{_,""} ->
-%% 	    {error, bad_format}
-%%     end.
-
-%% read_pem64(Cs, Acc, Type) ->
-%%     case read_line(Cs) of
-%% 	{"-----END "++Rest,_Cs1} ->
-%% 	    case string:tokens(Rest, " ") of
-%% 		[Type, "PRIVATE", "KEY-----"] ->
-%% 		    {ok,ssh_bits:b64_decode(append(reverse(Acc)))};
-%% 		Toks ->
-%% 		    error_logger:format("ssh: TOKENS=~p\n", [Toks]),
-%% 		    {error, bad_format}
-%% 	    end;
-%% 	{B64, Cs1} when Cs1 =/= "" ->
-%% 	    read_pem64(Cs1, [B64|Acc], Type);
-%% 	_What ->
-%% 	    {error, bad_format}
-%%     end.
-
-
-%% read_line(Cs) -> read_line(Cs,[]).
-%% read_line([$\r,$\n|T], Acc) -> {reverse(Acc), T};
-%% read_line([$\n|T], Acc) -> {reverse(Acc), T};
-%% read_line([C|T], Acc) -> read_line(T,[C|Acc]);
-%% read_line([], Acc) -> {reverse(Acc),[]}.
-
-lookup_user_key(User, Alg, Opts) ->
+lookup_user_key(Key, User, Alg, Opts) ->
     SshDir = ssh_dir({remoteuser,User}, Opts),
-    case lookup_user_key_f(User, SshDir, Alg, "authorized_keys", Opts) of
+    case lookup_user_key_f(Key, User, SshDir, Alg, "authorized_keys", Opts) of
 	{ok, Key} ->
 	    {ok, Key};
 	_ ->
-	    lookup_user_key_f(User, SshDir, Alg,  "authorized_keys2", Opts)
-    end.
-
-lookup_user_key_f(_User, [], _Alg, _F, _Opts) ->
-    {error, nouserdir};
-lookup_user_key_f(_User, nouserdir, _Alg, _F, _Opts) ->
-    {error, nouserdir};
-lookup_user_key_f(_User, Dir, Alg, F, _Opts) ->
-    FileName = filename:join(Dir, F),
-    case file:open(FileName, [read]) of
-	{ok, Fd} ->
-	    Res = lookup_user_key_fd(Fd, Alg),
-	    file:close(Fd),
-	    Res;
-	{error, Reason} ->
-	    {error, {{openerr, Reason}, {file, FileName}}}
-    end.
-
-lookup_user_key_fd(Fd, Alg) ->
-    case io:get_line(Fd, '') of
-	eof ->
-	    {error, not_found};
-	Line ->
-	    case string:tokens(Line, " ") of
-		[Alg, KeyData, _] ->
-		    %% 		    io:format("lookup_user_key_fd: HostList ~p Alg ~p KeyData ~p\n",
-		    %% 			      [HostList, Alg, KeyData]),
-		    decode_public_key_v2(ssh_bits:b64_decode(KeyData), Alg);
-		_Other ->
-		    %%?dbg(false, "key_fd Other: ~w ~w\n", [Alg, _Other]),
-		    lookup_user_key_fd(Fd, Alg)
-	    end
+	    lookup_user_key_f(Key, User, SshDir, Alg,  "authorized_keys2", Opts)
     end.
 
 
-encode_public_key(#ssh_key{type = rsa, public = {N, E}}) ->
-    ssh_bits:encode(["ssh-rsa",E,N],
-		    [string,mpint,mpint]);
-encode_public_key(#ssh_key{type = dsa, public = {P,Q,G,Y}}) ->
-    ssh_bits:encode(["ssh-dss",P,Q,G,Y],
-		    [string,mpint,mpint,mpint,mpint]).
-
 %%
 %% Utils
 %%
@@ -537,11 +179,130 @@ ssh_dir(user, Opts) ->
 ssh_dir(system, Opts) ->
     proplists:get_value(system_dir, Opts, "/etc/ssh").
 
+
 file_name(Type, Name, Opts) ->
     FN = filename:join(ssh_dir(Type, Opts), Name),
-    %%?dbg(?DBG_PATHS, "file_name: ~p\n", [FN]),
     FN.
 
+
+
+%% in: "host" out: "host,1.2.3.4.
+add_ip(Host)                                                             ->
+    case inet:getaddr(Host, inet) of
+	{ok, Addr} ->
+	    case ssh_connection:encode_ip(Addr) of
+		false -> Host;
+		IPString -> Host ++ "," ++ IPString
+	    end;
+	_ -> Host
+    end.    
+
+replace_localhost("localhost") ->
+    {ok, Hostname} = inet:gethostname(),
+    Hostname;
+replace_localhost(Host) ->
+    Host.
+
+do_lookup_host_key(Host, Alg, Opts) ->
+    case file:open(file_name(user, "known_hosts", Opts), [read, binary]) of
+	{ok, Fd} ->
+	    Res = lookup_host_key_fd(Fd, Host, Alg),
+	    file:close(Fd),
+	    {ok, Res};
+	{error, enoent} -> {error, not_found};
+	Error -> Error
+    end.
+
+identity_key_filename("ssh-dss") ->
+    "id_dsa";
+identity_key_filename("ssh-rsa") ->
+    "id_rsa".
+
+identity_pass_phrase("ssh-dss") ->
+    dsa_pass_phrase;
+identity_pass_phrase('ssh-dss') ->
+    dsa_pass_phrase;
+identity_pass_phrase('ssh-rsa') ->
+    rsa_pass_phrase;
+identity_pass_phrase("ssh-rsa") ->
+    rsa_pass_phrase.
+
+lookup_host_key_fd(Fd, Host, KeyType) ->
+    case io:get_line(Fd, '') of
+	eof ->
+	    {error, not_found};
+	Line ->
+	    case public_key:ssh_decode(Line, known_hosts) of
+		[{Key, Attributes}] ->
+		    handle_host(Fd, Host, proplists:get_value(hostnames, Attributes), Key, KeyType);
+		[] ->
+		    lookup_host_key_fd(Fd, Host, KeyType)
+	    end
+    end.
+
+handle_host(Fd, Host, HostList, Key, KeyType) ->
+    Host1 = host_name(Host),
+    case lists:member(Host1, HostList) and key_match(Key, KeyType) of
+	true ->
+	    Key;
+	false ->
+	    lookup_host_key_fd(Fd, Host, KeyType)
+    end.
+
+host_name(Atom) when is_atom(Atom) ->
+    atom_to_list(Atom);
+host_name(List) ->
+    List.
+
+key_match(#'RSAPublicKey'{}, "ssh-rsa") ->
+    true;
+key_match({_, #'Dss-Parms'{}}, "ssh-dss") ->
+    true;
+key_match(_, _) ->
+    false.
+
+add_key_fd(Fd, Host,Key) ->
+    SshBin = public_key:ssh_encode([{Key, [{hostnames, [Host]}]}], known_hosts),
+    file:write(Fd, SshBin).
+
+lookup_user_key_f(_, _User, [], _Alg, _F, _Opts) ->
+    {error, nouserdir};
+lookup_user_key_f(_, _User, nouserdir, _Alg, _F, _Opts) ->
+    {error, nouserdir};
+lookup_user_key_f(Key, _User, Dir, _Alg, F, _Opts) ->
+    FileName = filename:join(Dir, F),
+    case file:open(FileName, [read, binary]) of
+	{ok, Fd} ->
+	    Res = lookup_user_key_fd(Fd, Key),
+	    file:close(Fd),
+	    Res;
+	{error, Reason} ->
+	    {error, {{openerr, Reason}, {file, FileName}}}
+    end.
+
+lookup_user_key_fd(Fd, Key) ->
+    case io:get_line(Fd, '') of
+	eof ->
+	    {error, not_found};
+	Line ->
+	    case public_key:ssh_decode(Line, auth_keys) of
+		[{AuthKey, _}] ->
+		    case is_auth_key(Key, AuthKey) of
+			true ->
+			    {ok, Key};
+			false ->
+			    lookup_user_key_fd(Fd, Key)
+		    end;
+		[] ->
+		    lookup_user_key_fd(Fd, Key)
+	    end
+    end.
+
+is_auth_key(Key, Key) -> 
+    true;
+is_auth_key(_,_) -> 
+    false.
+
 default_user_dir()->
     {ok,[[Home|_]]} = init:get_argument(home),
     UserDir = filename:join(Home, ".ssh"),
diff --git a/lib/ssh/src/ssh_io.erl b/lib/ssh/src/ssh_io.erl
index 915fd63e4f..1dbd097423 100644
--- a/lib/ssh/src/ssh_io.erl
+++ b/lib/ssh/src/ssh_io.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/src/ssh_key_api.erl b/lib/ssh/src/ssh_key_api.erl
new file mode 100644
index 0000000000..8085c12e21
--- /dev/null
+++ b/lib/ssh/src/ssh_key_api.erl
@@ -0,0 +1,45 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(ssh_key_api).
+
+-include_lib("public_key/include/public_key.hrl"). 
+-include("ssh.hrl").
+
+-type ssh_algorithm() :: string().
+-type file_error()    :: file:posix() | badarg | system_limit | terminated.
+
+-callback host_key(Algorithm :: ssh_algorithm(), Options :: list()) -> 
+                      {ok, [{public_key(), Attributes::list()}]} | public_key()
+                          | {error, string()}.
+
+-callback user_key(Algorithm :: ssh_algorithm(), Options :: list()) -> 
+                     {ok, [{public_key(), Attributes::list()}]} | public_key()
+                          | {error, string()}.
+
+-callback is_host_key(Key :: public_key(), PeerName :: string(), 
+                  Algorithm :: ssh_algorithm(), Options :: list()) ->
+                         boolean().
+
+-callback add_host_key(Host :: string(), Key :: public_key(), Options :: list()) ->
+                          ok | {error, file_error()}.
+
+-callback is_auth_key(Key :: public_key(), User :: string(),
+                  Algorithm :: ssh_algorithm(), Options :: list()) ->
+                         boolean().
diff --git a/lib/ssh/src/ssh_math.erl b/lib/ssh/src/ssh_math.erl
index 510eb16aa6..4aa385b18d 100644
--- a/lib/ssh/src/ssh_math.erl
+++ b/lib/ssh/src/ssh_math.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/src/ssh_rsa.erl b/lib/ssh/src/ssh_rsa.erl
deleted file mode 100644
index 91b8285b2e..0000000000
--- a/lib/ssh/src/ssh_rsa.erl
+++ /dev/null
@@ -1,298 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-
-%%% Description: rsa public-key sign and verify
-
--module(ssh_rsa).
-
--export([verify/3, sign/2]).
--export([alg_name/0]).
-
--include("ssh.hrl").
--include("PKCS-1.hrl").
-
-
--define(MGF(Seed,Len), mgf1((Seed),(Len))).
--define(HASH(X), crypto:sha((X))).
--define(HLen, 20).
-
-%% start() ->
-%%     crypto:start().
-
-%% sign_file(File) ->
-%%     start(),
-%%     {ok,Bin} = file:read_file(File),
-%%     {ok,Key} = ssh_file:private_host_rsa_key(user),
-%%     sign(Key, Bin).
-
-%% verify_file(File, Sig) ->
-%%     start(),
-%%     {ok,Bin} = file:read_file(File),
-%%     {ok,Key} = ssh_file:public_host_rsa_key(user),
-%%     verify(Key, Bin, Sig).
-
-sign(Private,Mb) ->
-    rsassa_pkcs1_v1_5_sign(Private,Mb).
-
-verify(Public,Mb,Sb) ->
-    rsassa_pkcs1_v1_5_verify(Public,Mb,Sb).
-
-
-
-%% Integer to octet string
-i2osp(X, XLen) ->
-    ssh_bits:i2bin(X, XLen).
-
-%% Octet string to Integer
-os2ip(X) ->
-    ssh_bits:bin2i(X).
-
-%% decrypt1, M = message representative
-%% rsaep(#ssh_key { public={N,E}}, M) ->
-%%     ?ssh_assert(M >= 0 andalso M =< N-1, out_of_range),
-%%     ssh_math:ipow(M, E, N).
-
-%% encrypt1, C = cipher representative
-%% rsadp(#ssh_key { public={N,_}, private={_,D}}, C) ->
-%%     ?ssh_assert(C >= 0 andalso C =< N-1, out_of_range),
-%%     ssh_math:ipow(C, D, N).
-
-%% sign1, M = message representative
-rsasp1(#ssh_key { public={N,_}, private={_,D}}, M) ->
-    ?ssh_assert((M >= 0 andalso M =< N-1), out_of_range),
-    ssh_math:ipow(M, D, N).
-
-%% verify1,  S =signature representative
-rsavp1(#ssh_key { public={N,E}}, S)  ->
-    ?ssh_assert(S >= 0 andalso S =< N-1, out_of_range),
-    ssh_math:ipow(S, E, N).
-
-
-%% M messaage
-%% rsaes_oaep_encrypt(Public, M) ->
-%%     rsaes_oaep_encrypt(Public, M, <<>>).
-
-%% rsaes_oaep_encrypt(Public=#ssh_key { public={N,_E}}, M, L) ->
-%%     ?ssh_assert(size(L) =< 16#ffffffffffffffff, label_to_long),
-%%     K = (ssh_bits:isize(N)+7) div 8,
-%%     MLen = size(M),
-%%     %% LLen  = size(L),
-%%     ?ssh_assert(MLen =< K - 2*?HLen - 2, message_to_long),
-%%     LHash = ?HASH(L),
-%%     PS = ssh_bits:fill_bits(K - MLen - 2*?HLen - 2, 0),
-%%     DB = <<LHash/binary, PS/binary, 16#01, M/binary>>,
-%%     Seed = ssh_bits:random(?HLen),
-%%     DbMask = ?MGF(Seed, K - ?HLen - 1),
-%%     MaskedDB = ssh_bits:xor_bits(DB, DbMask),
-%%     SeedMask = ?MGF(MaskedDB, ?HLen),
-%%     MaskedSeed = ssh_bits:xor_bits(Seed, SeedMask),
-%%     EM = <<16#00, MaskedSeed/binary, MaskedDB/binary>>,
-%%     Mc = os2ip(EM),
-%%     C = rsaep(Public, Mc),
-%%     i2osp(C, K).
-
-%% rsaes_oaep_decrypt(Key, C) ->
-%%     rsaes_oaep_decrypt(Key, C, <<>>).
-
-%% rsaes_oaep_decrypt(Private=#ssh_key { public={N,_},private={_,_}},Cb,L) ->
-%%     ?ssh_assert(size(L) =< 16#ffffffffffffffff, label_to_long),
-%%     K = (ssh_bits:isize(N)+7) div 8,
-%%     ?ssh_assert(K == 2*?HLen + 2, decryption_error),
-%%     C = os2ip(Cb),
-%%     M = rsadp(Private, C),
-%%     EM = i2osp(M, K),
-%%     LHash = ?HASH(L),
-%%     MLen = K - ?HLen -1,
-%%     case EM of
-%% 	<<16#00, MaskedSeed:?HLen/binary, MaskedDB:MLen>> ->
-%% 	    SeedMask = ?MGF(MaskedDB, ?HLen),
-%% 	    Seed = ssh_bits:xor_bits(MaskedSeed, SeedMask),
-%% 	    DbMask = ?MGF(Seed, K - ?HLen - 1),
-%% 	    DB = ssh_bits:xor_bits(MaskedDB, DbMask),
-%% 	    PSLen = K - MLen - 2*?HLen - 2,
-%% 	    case DB of
-%% 		<<LHash:?HLen, _PS:PSLen/binary, 16#01, M/binary>> ->
-%% 		    M;
-%% 		_ ->
-%% 		    exit(decryption_error)
-%% 	    end;
-%% 	_ ->
-%% 	    exit(decryption_error)
-%%     end.
-
-
-%% rsaes_pkcs1_v1_5_encrypt(Public=#ssh_key { public={N,_}}, M) ->    
-%%     K = (ssh_bits:isize(N)+7) div 8,
-%%     MLen = size(M),
-%%     ?ssh_assert(MLen =< K - 11, message_to_long),
-%%     PS = ssh_bits:random(K - MLen - 3),
-%%     EM = <<16#00,16#02,PS/binary,16#00,M/binary>>,
-%%     Mc = os2ip(EM),
-%%     C = rsaep(Public, Mc),
-%%     i2osp(C, K).
-
-
-%% rsaes_pkcs1_v1_5_decrypt(Private=#ssh_key { public={N,_},private={_,_}},
-%% 			 Cb) ->
-%%     K = (ssh_bits:isize(N)+7) div 8,
-%%     CLen = size(Cb),
-%%     ?ssh_assert(CLen == K andalso K >= 11, decryption_error),
-%%     C = os2ip(Cb),
-%%     M = rsadp(Private, C),
-%%     EM = i2osp(M, K),
-%%     PSLen = K - CLen - 3,
-%%     case EM of
-%% 	<<16#00, 16#02, _PS:PSLen/binary, 16#00, M>> ->
-%% 	    M;
-%% 	_ ->
-%% 	    exit(decryption_error)
-%%     end.
-
-%% rsassa_pss_sign(Private=#ssh_key { public={N,_},private={_,_}},Mb) ->
-%%     ModBits = ssh_bits:isize(N),
-%%     K = (ModBits+7) div 8,
-%%     EM = emsa_pss_encode(Mb, ModBits - 1),
-%%     M = os2ip(EM),
-%%     S = rsasp1(Private, M),
-%%     i2osp(S, K).
-
-%% rsassa_pss_verify(Public=#ssh_key { public={N,_E}},Mb,Sb) ->
-%%     ModBits = ssh_bits:isize(N),
-%%     K = (ModBits+7) div 8,
-%%     ?ssh_assert(size(Sb) == K, invalid_signature),
-%%     S = os2ip(Sb),
-%%     M = rsavp1(Public,S),
-%%     EMLen = (ModBits-1+7) div 8,
-%%     EM = i2osp(M, EMLen),
-%%     emsa_pss_verify(Mb, EM, ModBits-1).
-
-
-rsassa_pkcs1_v1_5_sign(Private=#ssh_key { public={N,_},private={_,_D}},Mb) ->
-    K = (ssh_bits:isize(N)+7) div 8,    
-    EM = emsa_pkcs1_v1_5_encode(Mb, K),
-    M = os2ip(EM),
-    S = rsasp1(Private, M),
-    i2osp(S, K).
-
-rsassa_pkcs1_v1_5_verify(Public=#ssh_key { public={N,_E}}, Mb, Sb) ->
-    K = (ssh_bits:isize(N)+7) div 8,
-    ?ssh_assert(size(Sb) == K, invalid_signature),
-    S = os2ip(Sb),
-    M = rsavp1(Public, S),
-    EM = i2osp(M, K),
-    %?dbg(true, "verify K=~p S=~w ~n#M=~w~n#EM=~w~n", [K, S, M, EM]),
-    case emsa_pkcs1_v1_5_encode(Mb, K) of
-	EM -> ok;
-	_S ->
-	    {error, invalid_signature}
-    end.
-
-
-emsa_pkcs1_v1_5_encode(M, EMLen) ->
-    H = ?HASH(M),
-    %% Must use speical xxNull types here!
-    Alg = #'AlgorithmNull' { algorithm = ?'id-sha1',
-			     parameters = <<>> },
-    {ok,TCode} = 'PKCS-1':encode('DigestInfoNull',
-				#'DigestInfoNull'{ digestAlgorithm = Alg,
-						   digest = H }),
-    T = list_to_binary(TCode),
-    TLen = size(T),
-    ?ssh_assert(EMLen >= TLen + 11, message_to_short),
-    PS = ssh_bits:fill_bits(EMLen - TLen - 3, 16#ff),
-    <<16#00, 16#01, PS/binary, 16#00, T/binary>>.
-
-
-%% emsa_pss_encode(M, EMBits) ->
-%%     emsa_pss_encode(M, EMBits, 0).
-
-%% emsa_pss_encode(M, EMBits, SLen) ->
-%%     ?ssh_assert(size(M) =< 16#ffffffffffffffff, message_to_long),
-%%     EMLen = (EMBits + 7) div 8,
-%%     MHash = ?HASH(M),
-%%     ?ssh_assert(EMLen >= ?HLen + SLen + 2, encoding_error),
-%%     Salt = ssh_bits:random(SLen),
-%%     M1 = [16#00,16#00,16#00,16#00,16#00,16#00,16#00,16#00,
-%% 	  MHash, Salt],
-%%     H = ?HASH(M1),
-%%     PS = ssh_bits:fill_bits(EMLen-SLen-?HLen-2, 0),
-%%     DB = <<PS/binary, 16#01, Salt/binary>>,
-%%     DbMask = ?MGF(H, EMLen - ?HLen -1),
-%%     MaskedDB = ssh_bits:xor_bits(DB, DbMask),
-%%     ZLen = 8*EMLen - EMBits,
-%%     NZLen = (8 - (ZLen rem 8)) rem 8,
-%%     <<_:ZLen, NZ:NZLen, MaskedDB1/binary>> = MaskedDB,
-%%     MaskedDB2 = <<0:ZLen, NZ:NZLen, MaskedDB1/binary>>,
-%%     <<MaskedDB2/binary, H/binary, 16#BC>>.
-
-
-%% emsa_pss_verify(M, EM, EMBits) ->
-%%     emsa_pss_verify(M, EM, EMBits, 0).
-
-%% emsa_pss_verify(M, EM, EMBits, SLen) ->
-%%     ?ssh_assert(size(M) =< 16#ffffffffffffffff, message_to_long),
-%%     EMLen = (EMBits + 7) div 8,
-%%     MHash = ?HASH(M),
-%%     ?ssh_assert(EMLen >= ?HLen + SLen + 2, inconsistent),
-%%     MaskLen = (EMLen - ?HLen - 1)-1,
-%%     ZLen = 8*EMLen - EMBits,
-%%     NZLen = (8 - (ZLen rem 8)) rem 8,
-%%     case EM of
-%% 	<<0:ZLen,Nz:NZLen,MaskedDB1:MaskLen/binary, H:?HLen/binary, 16#BC>> ->
-%% 	    MaskedDB = <<0:ZLen,Nz:NZLen,MaskedDB1/binary>>,
-%% 	    DbMask = ?MGF(H, EMLen - ?HLen - 1),
-%% 	    DB = ssh_bits:xor_bits(MaskedDB, DbMask),
-%% 	    PSLen1 = (EMLen - SLen - ?HLen - 2) - 1,
-%% 	    PS = ssh_bits:fill_bits(PSLen1, 0),
-%% 	    case DB of
-%% 		<<_:ZLen,0:NZLen,PS:PSLen1/binary,16#01,Salt:SLen/binary>> ->
-%% 		    M1 = [16#00,16#00,16#00,16#00,16#00,16#00,16#00,16#00,
-%% 			  MHash, Salt],
-%% 		    case ?HASH(M1) of
-%% 			H -> ok;
-%% 			_ -> exit(inconsistent)
-%% 		    end;
-%% 		_ ->
-%% 		    exit(inconsistent)
-%% 	    end;
-%% 	_ ->
-%% 	    exit(inconsistent)
-%%     end.
-
-    
-
-%% Mask generating function MGF1
-%% mgf1(MGFSeed, MaskLen) ->
-%%     T = mgf1_loop(0, ((MaskLen + ?HLen -1) div ?HLen) - 1, MGFSeed, ""),
-%%     <<R:MaskLen/binary, _/binary>> = T,
-%%     R.
-
-%% mgf1_loop(Counter, N, _, T) when Counter > N ->
-%%     list_to_binary(T);
-%% mgf1_loop(Counter, N, MGFSeed, T) ->
-%%     C = i2osp(Counter, 4),
-%%     mgf1_loop(Counter+1, N, MGFSeed, [T, ?HASH([MGFSeed, C])]).
-
-
-
-
-alg_name() ->
-    "ssh-rsa".
diff --git a/lib/ssh/src/ssh_sftpd.erl b/lib/ssh/src/ssh_sftpd.erl
index da91817fd7..8cc414f83a 100644
--- a/lib/ssh/src/ssh_sftpd.erl
+++ b/lib/ssh/src/ssh_sftpd.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -231,8 +231,6 @@ handle_op(?SSH_FXP_REALPATH, ReqId,
     case Res of
 	{ok, AbsPath} ->
 	    NewAbsPath = chroot_filename(AbsPath, State),
-	    ?dbg(true, "handle_op ?SSH_FXP_REALPATH: RelPath=~p AbsPath=~p\n",
-		 [RelPath, NewAbsPath]),
 	    XF = State#state.xf,
 	    Attr = #ssh_xfer_attr{type=directory},
 	    ssh_xfer:xf_send_name(XF, ReqId, NewAbsPath, Attr),
@@ -463,7 +461,6 @@ get_handle(Handles, BinHandle) ->
 read_dir(State0 = #state{file_handler = FileMod, max_files = MaxLength, file_state = FS0},
 	 XF, ReqId, Handle, RelPath, {cache, Files}) ->
     AbsPath = relate_file_name(RelPath, State0),
-    ?dbg(true, "read_dir: AbsPath=~p\n", [AbsPath]),
     if
 	length(Files) > MaxLength ->
 	    {ToSend, NewCache} = lists:split(MaxLength, Files),
@@ -484,7 +481,6 @@ read_dir(State0 = #state{file_handler = FileMod, max_files = MaxLength, file_sta
 read_dir(State0 = #state{file_handler = FileMod, max_files = MaxLength, file_state = FS0},
 	 XF, ReqId, Handle, RelPath, _Status) ->
     AbsPath = relate_file_name(RelPath, State0),
-    ?dbg(true, "read_dir: AbsPath=~p\n", [AbsPath]),
     {Res, FS1} = FileMod:list_dir(AbsPath, FS0),
     case Res of
 	{ok, Files} when MaxLength == 0 orelse MaxLength > length(Files) ->
@@ -516,7 +512,6 @@ get_attrs(_RelPath, [], _FileMod, FS, Acc) ->
     {lists:reverse(Acc), FS};
 get_attrs(RelPath, [F | Rest], FileMod, FS0, Acc) ->
     Path = filename:absname(F, RelPath),
-    ?dbg(true, "get_attrs fun: F=~p\n", [F]),
     case FileMod:read_link_info(Path, FS0) of
 	{{ok, Info}, FS1} ->
 	    Attrs = ssh_sftp:info_to_attr(Info),
@@ -560,7 +555,6 @@ stat(ReqId, RelPath, State0=#state{file_handler=FileMod,
 				   file_state=FS0}, F) ->
     AbsPath = relate_file_name(RelPath, State0),
     XF = State0#state.xf,
-    ?dbg(false, "stat: AbsPath=~p\n", [AbsPath]),
     {Res, FS1} = FileMod:F(AbsPath, FS0),
     State1 = State0#state{file_state = FS1},
     case Res of
@@ -605,6 +599,8 @@ decode_4_access_flag(add_subdirectory) ->
     [read];
 decode_4_access_flag(append_data) ->
     [append];
+decode_4_access_flag(write_attributes) ->
+    [write];
 decode_4_access_flag(_) ->
     [read].
 
@@ -619,8 +615,7 @@ open(Vsn, ReqId, Data, State) when Vsn =< 3 ->
     <<?UINT32(BLen), BPath:BLen/binary, ?UINT32(PFlags),
      _Attrs/binary>> = Data,
     Path = binary_to_list(BPath),
-    Flags = ssh_xfer:decode_open_flags(Vsn, PFlags) -- [creat, excl, trunc],
-    ?dbg(true, "open: Flags=~p\n", [Flags]),
+    Flags = ssh_xfer:decode_open_flags(Vsn, PFlags),
     do_open(ReqId, State, Path, Flags);
 open(Vsn, ReqId, Data, State) when Vsn >= 4 ->
     <<?UINT32(BLen), BPath:BLen/binary, ?UINT32(Access),
@@ -628,7 +623,6 @@ open(Vsn, ReqId, Data, State) when Vsn >= 4 ->
     Path = binary_to_list(BPath),
     FlagBits = ssh_xfer:decode_open_flags(Vsn, PFlags),
     AcessBits = ssh_xfer:decode_ace_mask(Access),
-    ?dbg(true, "open: Fl=~p\n", [FlagBits]),
     %% TODO: This is to make sure the Access flags are not ignored
     %% but this should be thought through better. This solution should
     %% be considered a hack in order to buy some time. At least
@@ -638,15 +632,12 @@ open(Vsn, ReqId, Data, State) when Vsn >= 4 ->
     AcessFlags = decode_4_acess(AcessBits),
     Flags = lists:append(lists:umerge(
 			   [[decode_4_flags(FlagBits)] | AcessFlags])),
-
-    ?dbg(true, "open: Flags=~p\n", [Flags]),
-    
     do_open(ReqId, State, Path, Flags).
 
 do_open(ReqId, State0, Path, Flags) ->
     #state{file_handler = FileMod, file_state = FS0, root = Root} = State0,
     XF = State0#state.xf,
-    F = [raw, binary | Flags],
+    F = [binary | Flags],
     %%   case FileMod:is_dir(Path) of %% This is version 6 we still have 5
     %% 	true ->
     %% 	    ssh_xfer:xf_send_status(State#state.xf, ReqId,
@@ -895,14 +886,11 @@ set_stat(Attr, Path,
 	 State0 = #state{file_handler=FileMod, file_state=FS0}) ->
     {DecodedAttr, _Rest} = 
 	ssh_xfer:decode_ATTR((State0#state.xf)#ssh_xfer.vsn, Attr),
-    ?dbg(true, "set_stat DecodedAttr=~p\n", [DecodedAttr]),
     Info = ssh_sftp:attr_to_info(DecodedAttr),
     {Res1, FS1} = FileMod:read_link_info(Path, FS0),
     case Res1 of
 	{ok, OldInfo} ->
 	    NewInfo = set_file_info(Info, OldInfo),
-	    ?dbg(true, "set_stat Path=~p\nInfo=~p\nOldInfo=~p\nNewInfo=~p\n",
-		 [Path, Info, OldInfo, NewInfo]),
 	    {Res2, FS2} = FileMod:write_file_info(Path, NewInfo, FS1),
 	    State1 = State0#state{file_state = FS2},
 	    {Res2, State1};
diff --git a/lib/ssh/src/ssh_sftpd_file_api.erl b/lib/ssh/src/ssh_sftpd_file_api.erl
index 176aa98194..38371f809d 100644
--- a/lib/ssh/src/ssh_sftpd_file_api.erl
+++ b/lib/ssh/src/ssh_sftpd_file_api.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,27 +21,41 @@
 
 -module(ssh_sftpd_file_api).
 
--export([behaviour_info/1]).
+%% To be further specified later
+-callback close(IoDevice::term(), State::term()) -> 
+    ok | {error, Reason::term()}.
+-callback delete(Path::term(), State::term()) ->
+     ok | {error, Reason::term()}.
+-callback del_dir(Path::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+-callback get_cwd(State::term()) ->
+    {ok, Dir::term()} | {error, Reason::term()}.
+-callback is_dir(AbsPath::term(), State::term()) ->
+    boolean().
+-callback list_dir(AbsPath::term(), State::term()) ->
+    {ok, Filenames::term()} | {error, Reason::term()}.
+-callback make_dir(Dir::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+-callback make_symlink(Path2::term(), Path::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+-callback open(Path::term(), Flags::term(), State::term()) ->
+    {ok, IoDevice::term()} | {error, Reason::term()}.
+-callback position(IoDevice::term(), Offs::term(), State::term()) ->
+    {ok, NewPosition::term()} | {error, Reason::term()}.
+-callback read(IoDevice::term(), Len::term(), State::term()) ->
+    {ok, Data::term()} | eof | {error, Reason::term()}.
+-callback read_link(Path::term(), State::term()) ->
+    {ok, FileName::term()} | {error, Reason::term()}.
+-callback read_link_info(Path::term(), State::term()) ->
+    {ok, FileInfo::term()} | {error, Reason::term()}.
+-callback read_file_info(Path::term(), State::term()) ->
+    {ok, FileInfo::term()} | {error, Reason::term()}.
+-callback rename(Path::term(), Path2::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+-callback write(IoDevice::term(), Data::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+-callback write_file_info(Path::term(),Info::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+
+
 
-behaviour_info(callbacks) ->
-    [
-     {close, 2}, 
-     {delete, 2}, 
-     {del_dir, 2}, 
-     {get_cwd, 1}, 
-     {is_dir, 2}, 
-     {list_dir, 2}, 
-     {make_dir, 2}, 
-     {make_symlink, 3}, 
-     {open, 3}, 
-     {position, 3}, 
-     {read, 3},
-     {read_file_info, 2}, 
-     {read_link, 2}, 
-     {read_link_info, 2}, 
-     {rename, 3},
-     {write, 3}, 
-     {write_file_info, 3}
-    ];
-behaviour_info(_) ->
-    undefined.
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index de3e29e2f1..6140c87f6e 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,10 +23,11 @@
 
 -module(ssh_transport).
 
--include("ssh_transport.hrl").
+-include_lib("public_key/include/public_key.hrl").
+-include_lib("kernel/include/inet.hrl").
 
+-include("ssh_transport.hrl").
 -include("ssh.hrl").
--include_lib("kernel/include/inet.hrl").
 
 -export([connect/5, accept/4]). 
 -export([versions/2, hello_version_msg/1]).
@@ -38,17 +39,8 @@
 	 handle_kex_dh_gex_group/2, handle_kex_dh_gex_reply/2,
 	 handle_new_keys/2, handle_kex_dh_gex_request/2,
 	 handle_kexdh_reply/2, 
-	 unpack/3, decompress/2, ssh_packet/2, pack/2, msg_data/1]).
-
-%% debug flagso
--define(DBG_ALG,     true).
--define(DBG_KEX,     true).
--define(DBG_CRYPTO,  false).
--define(DBG_PACKET,  false).
--define(DBG_MESSAGE, true).
--define(DBG_BIN_MESSAGE, true).
--define(DBG_MAC,     false).
--define(DBG_ZLIB,    true).
+	 unpack/3, decompress/2, ssh_packet/2, pack/2, msg_data/1,
+	 sign/3, verify/4]).
 
 versions(client, Options)->
     Vsn = proplists:get_value(vsn, Options, ?DEFAULT_CLIENT_VERSION),
@@ -212,24 +204,24 @@ key_exchange_init_msg(Ssh0) ->
     {SshPacket, Ssh} = ssh_packet(Msg, Ssh0),
     {Msg, SshPacket, Ssh}.
 
-kex_init(#ssh{role = Role, opts = Opts}) ->
+kex_init(#ssh{role = Role, opts = Opts, available_host_keys = HostKeyAlgs}) ->
     Random = ssh_bits:random(16),
     Compression = case proplists:get_value(compression, Opts, none) of
 		      zlib -> ["zlib", "none"];
 		      none -> ["none", "zlib"]
 		  end,
-    kexinit_messsage(Role, Random, Compression).
+    kexinit_messsage(Role, Random, Compression, HostKeyAlgs).
 
 key_init(client, Ssh, Value) ->
     Ssh#ssh{c_keyinit = Value};
 key_init(server, Ssh, Value) ->
     Ssh#ssh{s_keyinit = Value}.
 
-kexinit_messsage(client, Random, Compression) ->
+kexinit_messsage(client, Random, Compression, HostKeyAlgs) ->
     #ssh_msg_kexinit{ 
 		  cookie = Random,
 		  kex_algorithms = ["diffie-hellman-group1-sha1"],
-		  server_host_key_algorithms = ["ssh-rsa", "ssh-dss"],
+		  server_host_key_algorithms = HostKeyAlgs,
 		  encryption_algorithms_client_to_server = ["aes128-cbc","3des-cbc"],
 		  encryption_algorithms_server_to_client = ["aes128-cbc","3des-cbc"],
 		  mac_algorithms_client_to_server = ["hmac-sha1"],
@@ -240,11 +232,11 @@ kexinit_messsage(client, Random, Compression) ->
 		  languages_server_to_client = []
 		 };
 
-kexinit_messsage(server, Random, Compression) ->
+kexinit_messsage(server, Random, Compression, HostKeyAlgs) ->
     #ssh_msg_kexinit{
 		  cookie = Random,
 		  kex_algorithms = ["diffie-hellman-group1-sha1"],
-		  server_host_key_algorithms = ["ssh-dss"],
+		  server_host_key_algorithms = HostKeyAlgs,
 		  encryption_algorithms_client_to_server = ["aes128-cbc","3des-cbc"],
 		  encryption_algorithms_server_to_client = ["aes128-cbc","3des-cbc"],
 		  mac_algorithms_client_to_server = ["hmac-sha1"],
@@ -300,7 +292,6 @@ install_messages('diffie-hellman-group-exchange-sha1') ->
 key_exchange_first_msg('diffie-hellman-group1-sha1', Ssh0) ->
     {G, P} = dh_group1(),
     {Private, Public} = dh_gen_key(G, P, 1024),
-    %%?dbg(?DBG_KEX, "public: ~p~n", [Public]),
     {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kexdh_init{e = Public}, Ssh0),
     {ok, SshPacket, 
      Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}}}};
@@ -320,7 +311,6 @@ key_exchange_first_msg('diffie-hellman-group-exchange-sha1', Ssh0) ->
 handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, Ssh0) ->
     {G, P} = dh_group1(),
     {Private, Public} = dh_gen_key(G, P, 1024),
-    %%?dbg(?DBG_KEX, "public: ~p~n", [Public]),
     K = ssh_math:ipow(E, Private, P),
     {Key, K_S} = get_host_key(Ssh0),
     H = kex_h(Ssh0, K_S, E, Public, K),
@@ -329,8 +319,7 @@ handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, Ssh0) ->
 							f = Public,
 							h_sig = H_SIG
 						       }, Ssh0),
-    %%?dbg(?DBG_KEX, "shared_secret: ~s ~n", [fmt_binary(K, 16, 4)]),
-    %%?dbg(?DBG_KEX, "hash: ~s ~n", [fmt_binary(H, 16, 4)]),
+
     {ok, SshPacket, Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}},
 			     shared_secret = K,
 			     exchanged_hash = H,
@@ -338,7 +327,6 @@ handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, Ssh0) ->
 
 handle_kex_dh_gex_group(#ssh_msg_kex_dh_gex_group{p = P, g = G}, Ssh0) ->
     {Private, Public} = dh_gen_key(G,P,1024),
-    %%?dbg(?DBG_KEX, "public: ~p ~n", [Public]),
     {SshPacket, Ssh1} = 
 	ssh_packet(#ssh_msg_kex_dh_gex_init{e = Public}, Ssh0),
     {ok, SshPacket, 
@@ -362,8 +350,7 @@ handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = HostKey, f = F,
 		   #ssh{keyex_key = {{Private, Public}, {_G, P}}} = Ssh0) ->
     K = ssh_math:ipow(F, Private, P),
     H = kex_h(Ssh0, HostKey, Public, F, K),
-    %%?dbg(?DBG_KEX, "shared_secret: ~s ~n", [fmt_binary(K, 16, 4)]),
-    %%?dbg(?DBG_KEX, "hash: ~s ~n", [fmt_binary(H, 16, 4)]),
+
     case verify_host_key(Ssh0, HostKey, H, H_SIG) of
 	ok ->
 	    {SshPacket, Ssh} = ssh_packet(#ssh_msg_newkeys{}, Ssh0),
@@ -396,8 +383,7 @@ handle_kex_dh_gex_reply(#ssh_msg_kex_dh_gex_reply{public_host_key = HostKey,
 		 	Ssh0) ->
     K = ssh_math:ipow(F, Private, P),
     H = kex_h(Ssh0, HostKey, Min, NBits, Max, P, G, Public, F, K),
-    %%?dbg(?DBG_KEX, "shared_secret: ~s ~n", [fmt_binary(K, 16, 4)]),
-    %%?dbg(?DBG_KEX, "hash: ~s ~n", [fmt_binary(H, 16, 4)]),
+
     case verify_host_key(Ssh0, HostKey, H, H_SIG) of
 	ok ->
 	    {SshPacket, Ssh} = ssh_packet(#ssh_msg_newkeys{}, Ssh0),
@@ -423,83 +409,68 @@ sid(#ssh{session_id = Id}, _) ->
 %%
 get_host_key(SSH) ->
     #ssh{key_cb = Mod, opts = Opts, algorithms = ALG} = SSH,
-    Scope = proplists:get_value(key_scope, Opts, system),
-    case ALG#alg.hkey of
-	'ssh-rsa' ->
-	    case Mod:private_host_rsa_key(Scope, Opts) of
-		{ok,Key=#ssh_key { public={N,E}} } ->
-		    %%?dbg(true, "x~n", []),
-		    {Key,
-		     ssh_bits:encode(["ssh-rsa",E,N],[string,mpint,mpint])};
-		Error ->
-		    %%?dbg(true, "y~n", []),
-		    exit(Error)
-	    end;
-	'ssh-dss' ->
-	    case Mod:private_host_dsa_key(Scope, Opts) of
-		{ok,Key=#ssh_key { public={P,Q,G,Y}}} ->
-		    {Key, ssh_bits:encode(["ssh-dss",P,Q,G,Y],
-					  [string,mpint,mpint,mpint,mpint])};
-		Error ->
-		    exit(Error)
-	    end;
-	_ ->
-	    exit({error, bad_key_type})
+
+    case Mod:host_key(ALG#alg.hkey, Opts) of
+	{ok, #'RSAPrivateKey'{modulus = N, publicExponent = E} = Key} ->
+	    {Key,
+	     ssh_bits:encode(["ssh-rsa",E,N],[string,mpint,mpint])};
+	{ok, #'DSAPrivateKey'{y = Y, p = P, q = Q, g = G} = Key} ->
+	    {Key, ssh_bits:encode(["ssh-dss",P,Q,G,Y],
+				  [string,mpint,mpint,mpint,mpint])};
+	Result ->
+	    exit({error, {Result, unsupported_key_type}})
     end.
 
-sign_host_key(Ssh, Private, H) ->
-    ALG = Ssh#ssh.algorithms,
-    Module = case ALG#alg.hkey of
-		 'ssh-rsa' -> 
-		     ssh_rsa;
-		 'ssh-dss' -> 
-		     ssh_dsa
-	     end,
-    case catch Module:sign(Private, H) of
-	{'EXIT', Reason} ->
-	    error_logger:format("SIGN FAILED: ~p\n", [Reason]),
-	    {error, Reason};
-	SIG ->
-	    ssh_bits:encode([Module:alg_name() ,SIG],[string,binary])
-    end.    
+sign_host_key(_Ssh, #'RSAPrivateKey'{} = Private, H) ->
+    Hash = sha, %% Option ?!
+    Signature = sign(H, Hash, Private),
+    ssh_bits:encode(["ssh-rsa", Signature],[string, binary]);
+sign_host_key(_Ssh, #'DSAPrivateKey'{} = Private, H) ->
+    Hash = sha, %% Option ?!
+    RawSignature = sign(H, Hash, Private),
+    ssh_bits:encode(["ssh-dss", RawSignature],[string, binary]).
 
 verify_host_key(SSH, K_S, H, H_SIG) ->
     ALG = SSH#ssh.algorithms,
     case ALG#alg.hkey of
 	'ssh-rsa' ->
-	    case ssh_bits:decode(K_S,[string,mpint,mpint]) of
-		["ssh-rsa", E, N] ->
-		    ["ssh-rsa",SIG] = ssh_bits:decode(H_SIG,[string,binary]),
-		    Public = #ssh_key { type=rsa, public={N,E} },
-		    case catch ssh_rsa:verify(Public, H, SIG) of
-			{'EXIT', Reason} ->
-			    error_logger:format("VERIFY FAILED: ~p\n", [Reason]),
-			    {error, bad_signature};
-			ok ->
-			    known_host_key(SSH, Public, "ssh-rsa")
-		    end;
-		_ ->
-		    {error, bad_format}
-	    end;
+	    verify_host_key_rsa(SSH, K_S, H, H_SIG);
 	'ssh-dss' ->
-	    case ssh_bits:decode(K_S,[string,mpint,mpint,mpint,mpint]) of
-		["ssh-dss",P,Q,G,Y] ->
-		    ["ssh-dss",SIG] = ssh_bits:decode(H_SIG,[string,binary]),
-		    Public = #ssh_key { type=dsa, public={P,Q,G,Y} },
-		    case catch ssh_dsa:verify(Public, H, SIG) of
-			{'EXIT', Reason} ->
-			    error_logger:format("VERIFY FAILED: ~p\n", [Reason]),
-			    {error, bad_signature};
-			ok ->
-			    known_host_key(SSH, Public, "ssh-dss")
-		    end;
-		_ ->
-		    {error, bad_host_key_format}
-	    end;
+	    verify_host_key_dss(SSH, K_S, H, H_SIG);
 	_ ->
 	    {error, bad_host_key_algorithm}
     end.
 
+verify_host_key_rsa(SSH, K_S, H, H_SIG) ->
+    case ssh_bits:decode(K_S,[string,mpint,mpint]) of
+	["ssh-rsa", E, N] ->
+	    ["ssh-rsa",SIG] = ssh_bits:decode(H_SIG,[string,binary]),
+	    Public = #'RSAPublicKey'{publicExponent = E, modulus = N},
+	    case verify(H, sha, SIG, Public) of
+		false ->
+		    {error, bad_signature};
+		true ->
+		    known_host_key(SSH, Public, "ssh-rsa")
+	    end;
+	_ ->
+	    {error, bad_format}
+    end.
+
+verify_host_key_dss(SSH, K_S, H, H_SIG) ->
+    case ssh_bits:decode(K_S,[string,mpint,mpint,mpint,mpint]) of
+	["ssh-dss",P,Q,G,Y] ->
+	    ["ssh-dss",SIG] = ssh_bits:decode(H_SIG,[string,binary]),
+	    Public = {Y,  #'Dss-Parms'{p = P, q = Q, g = G}},
+	    case verify(H, sha, SIG, Public) of
+		false ->
+		    {error, bad_signature};
+		true ->
+		    known_host_key(SSH, Public, "ssh-dss")
+	    end;
+	_ ->
+	    {error, bad_host_key_format}
+    end.
+
 accepted_host(Ssh, PeerName, Opts) ->
     case proplists:get_value(silently_accept_hosts, Opts, false) of
 	true ->
@@ -511,14 +482,10 @@ accepted_host(Ssh, PeerName, Opts) ->
 known_host_key(#ssh{opts = Opts, key_cb = Mod, peer = Peer} = Ssh, 
 	       Public, Alg) ->
     PeerName = peer_name(Peer),
-    case Mod:lookup_host_key(PeerName, Alg, Opts) of
-	{ok, Public} ->
+    case Mod:is_host_key(Public, PeerName, Alg, Opts) of
+	true ->
 	    ok;
-	{ok, BadPublic} ->
-	    error_logger:format("known_host_key: Public ~p BadPublic ~p\n", 
-				[Public, BadPublic]),
-	    {error, bad_public_key};
-	{error, not_found} ->
+	false ->
 	    case accepted_host(Ssh, PeerName, Opts) of
 		yes ->
 		    Mod:add_host_key(PeerName, Public, Opts);
@@ -621,7 +588,6 @@ install_alg(SSH) ->
 
 alg_setup(SSH) ->
     ALG = SSH#ssh.algorithms,
-    %%?dbg(?DBG_ALG, "ALG: setup ~p ~n", [ALG]),
     SSH#ssh{kex = ALG#alg.kex,
 	    hkey = ALG#alg.hkey,
 	    encrypt = ALG#alg.encrypt,
@@ -638,7 +604,6 @@ alg_setup(SSH) ->
 	   }.
 
 alg_init(SSH0) ->
-    %%?dbg(?DBG_ALG, "ALG: init~n", []),    
     {ok,SSH1} = send_mac_init(SSH0),
     {ok,SSH2} = recv_mac_init(SSH1),
     {ok,SSH3} = encrypt_init(SSH2),
@@ -648,7 +613,6 @@ alg_init(SSH0) ->
     SSH6.
 
 alg_final(SSH0) ->
-    %%?dbg(?DBG_ALG, "ALG: final ~n", []),
     {ok,SSH1} = send_mac_final(SSH0),
     {ok,SSH2} = recv_mac_final(SSH1),
     {ok,SSH3} = encrypt_final(SSH2),
@@ -669,19 +633,15 @@ select(CL, SL) ->
 	    [] -> undefined;
 	    [ALG|_] -> ALG
 	end,
-    %%?dbg(?DBG_ALG, "ALG: select: ~p ~p = ~p~n", [CL, SL, C]),
     C.
 	    
 ssh_packet(#ssh_msg_kexinit{} = Msg, Ssh0) ->
     BinMsg = ssh_bits:encode(Msg),
     Ssh = key_init(Ssh0#ssh.role, Ssh0, BinMsg),
-    %%?dbg(?DBG_MESSAGE, "SEND_MSG: ~p~n", [Msg]),
     pack(BinMsg, Ssh);
 
 ssh_packet(Msg, Ssh) ->
     BinMsg = ssh_bits:encode(Msg),
-    %%?dbg(?DBG_MESSAGE, "SEND_MSG: ~p~n", [Msg]),
-    %%?dbg(?DBG_BIN_MESSAGE, "Encoded: ~p~n", [BinMsg]),
     pack(BinMsg, Ssh).
 
 pack(Data0, #ssh{encrypt_block_size = BlockSize, 
@@ -732,17 +692,20 @@ msg_data(PacketData) ->
      _:PaddingLen/binary>> = PacketData,
     Data.
 
+sign(SigData, Hash,  #'DSAPrivateKey'{} = Key) ->
+    DerSignature = public_key:sign(SigData, Hash, Key),
+    #'Dss-Sig-Value'{r = R, s = S} = public_key:der_decode('Dss-Sig-Value', DerSignature),
+    <<R:160/big-unsigned-integer, S:160/big-unsigned-integer>>;
+sign(SigData, Hash, Key) ->
+    public_key:sign(SigData, Hash, Key).
 
-%% Send a disconnect message
-%% terminate(S, SSH, Code, Message) ->
-%%     M = #ssh_msg_disconnect{code=Code, 
-%% 			    description = Message,
-%% 			    language = "en"},
-%%     send_msg(S, SSH, M),
-%%     gen_tcp:close(S),
-%%     {error, M}.
+verify(PlainText, Hash, Sig, {_,  #'Dss-Parms'{}} = Key) ->
+    <<R:160/big-unsigned-integer, S:160/big-unsigned-integer>> = Sig,
+    Signature = public_key:der_encode('Dss-Sig-Value', #'Dss-Sig-Value'{r = R, s = S}),
+    public_key:verify(PlainText, Hash, Signature, Key);
+verify(PlainText, Hash, Sig, Key) ->
+    public_key:verify(PlainText, Hash, Sig, Key).
 
-   
 %% public key algorithms
 %%
 %%   ssh-dss              REQUIRED     sign    Raw DSS Key
@@ -761,9 +724,6 @@ msg_data(PacketData) ->
 %%
 %%
 
-    
-
-
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Encryption
 %%
@@ -833,19 +793,13 @@ encrypt(#ssh{encrypt = none} = Ssh, Data) ->
 encrypt(#ssh{encrypt = '3des-cbc',
 	     encrypt_keys = {K1,K2,K3},
 	     encrypt_ctx = IV0} = Ssh, Data) ->
-    %%?dbg(?DBG_CRYPTO, "encrypt: IV=~p K1=~p, K2=~p, K3=~p ~n",
-    %%	 [IV0,K1,K2,K3]),
     Enc = crypto:des3_cbc_encrypt(K1,K2,K3,IV0,Data),
-    %%?dbg(?DBG_CRYPTO, "encrypt: ~p -> ~p ~n", [Data, Enc]),
     IV = crypto:des_cbc_ivec(Enc),
     {Ssh#ssh{encrypt_ctx = IV}, Enc};
 encrypt(#ssh{encrypt = 'aes128-cbc',
             encrypt_keys = K,
             encrypt_ctx = IV0} = Ssh, Data) ->
-    %%?dbg(?DBG_CRYPTO, "encrypt: IV=~p K=~p ~n",
-    %%     [IV0,K]),
     Enc = crypto:aes_cbc_128_encrypt(K,IV0,Data),
-    %%?dbg(?DBG_CRYPTO, "encrypt: ~p -> ~p ~n", [Data, Enc]),
     IV = crypto:aes_cbc_ivec(Enc),
     {Ssh#ssh{encrypt_ctx = IV}, Enc}.
   
@@ -893,18 +847,12 @@ decrypt(#ssh{decrypt = none} = Ssh, Data) ->
 decrypt(#ssh{decrypt = '3des-cbc', decrypt_keys = Keys,
 	     decrypt_ctx = IV0} = Ssh, Data) ->
     {K1, K2, K3} = Keys,
-    %%?dbg(?DBG_CRYPTO, "decrypt: IV=~p K1=~p, K2=~p, K3=~p ~n",
-    %%[IV0,K1,K2,K3]),
     Dec = crypto:des3_cbc_decrypt(K1,K2,K3,IV0,Data),
-    %%?dbg(?DBG_CRYPTO, "decrypt: ~p -> ~p ~n", [Data, Dec]),
     IV = crypto:des_cbc_ivec(Data),
     {Ssh#ssh{decrypt_ctx = IV}, Dec};
 decrypt(#ssh{decrypt = 'aes128-cbc', decrypt_keys = Key,
 	     decrypt_ctx = IV0} = Ssh, Data) ->
-    %%?dbg(?DBG_CRYPTO, "decrypt: IV=~p Key=~p ~n",
-    %%     [IV0,Key]),
     Dec = crypto:aes_cbc_128_decrypt(Key,IV0,Data),
-    %%?dbg(?DBG_CRYPTO, "decrypt: ~p -> ~p ~n", [Data, Dec]),
     IV = crypto:aes_cbc_ivec(Data),
     {Ssh#ssh{decrypt_ctx = IV}, Dec}.
 
@@ -936,7 +884,6 @@ compress(#ssh{compress = none} = Ssh, Data) ->
     {Ssh, Data};
 compress(#ssh{compress = zlib, compress_ctx = Context} = Ssh, Data) ->
     Compressed = zlib:deflate(Context, Data, sync),
-    %%?dbg(?DBG_ZLIB, "deflate: ~p -> ~p ~n", [Data, Compressed]),
     {Ssh, list_to_binary(Compressed)}.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -960,7 +907,6 @@ decompress(#ssh{decompress = none} = Ssh, Data) ->
     {Ssh, Data};
 decompress(#ssh{decompress = zlib, decompress_ctx = Context} = Ssh, Data) ->
     Decompressed = zlib:inflate(Context, Data),
-    %%?dbg(?DBG_ZLIB, "inflate: ~p -> ~p ~n", [Data, Decompressed]),
     {Ssh, list_to_binary(Decompressed)}.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -1039,7 +985,6 @@ hash(SSH, Char, N, HASH) ->
     K1 = HASH([K, H, Char, SessionID]),
     Sz = N div 8,
     <<Key:Sz/binary, _/binary>> = hash(K, H, K1, N-128, HASH),
-    %%?dbg(?DBG_KEX, "Key ~s: ~s ~n", [Char, fmt_binary(Key, 16, 4)]),
     Key.
 
 hash(_K, _H, Ki, N, _HASH) when N =< 0 ->
@@ -1055,6 +1000,7 @@ kex_h(SSH, K_S, E, F, K) ->
 			[string,string,binary,binary,binary,
 			 mpint,mpint,mpint]),
     crypto:sha(L).
+ 
 
 kex_h(SSH, K_S, Min, NBits, Max, Prime, Gen, E, F, K) ->
     L = if Min==-1; Max==-1 ->
@@ -1075,7 +1021,7 @@ kex_h(SSH, K_S, Min, NBits, Max, Prime, Gen, E, F, K) ->
 				 Prime, Gen, E,F,K], Ts)
 	end,
     crypto:sha(L).
-    
+  
 mac_key_size('hmac-sha1')    -> 20*8;
 mac_key_size('hmac-sha1-96') -> 20*8;
 mac_key_size('hmac-md5')     -> 16*8;
@@ -1105,9 +1051,6 @@ dh_gen_key(G, P, _Bits) ->
     Public = ssh_math:ipow(G, Private, P),
     {Private,Public}.
 
-%% trim(Str) ->
-%%     lists:reverse(trim_head(lists:reverse(trim_head(Str)))).
-
 trim_tail(Str) ->
     lists:reverse(trim_head(lists:reverse(Str))).
 
@@ -1116,48 +1059,3 @@ trim_head([$\t|Cs]) -> trim_head(Cs);
 trim_head([$\n|Cs]) -> trim_head(Cs);
 trim_head([$\r|Cs]) -> trim_head(Cs);
 trim_head(Cs) -> Cs.
-
-%% Retrieve session_id from ssh, needed by public-key auth
-%get_session_id(SSH) ->
-%    {ok, SessionID} = call(SSH, get_session_id),
-    
-%% DEBUG utils
-%% Format integers and binaries as hex blocks
-%%
-%% -ifdef(debug).
-%% fmt_binary(B, BlockSize, GroupSize) ->
-%%     fmt_block(fmt_bin(B), BlockSize, GroupSize).
-
-%% fmt_block(Bin, BlockSize, GroupSize) ->
-%%     fmt_block(Bin, BlockSize, 0, GroupSize).
-    
-
-%% fmt_block(Bin, 0, _I, _G) ->
-%%     binary_to_list(Bin);
-%% fmt_block(Bin, Sz, G, G) when G =/= 0 ->
-%%     ["~n#" | fmt_block(Bin, Sz, 0, G)];
-%% fmt_block(Bin, Sz, I, G) ->
-%%     case Bin of
-%% 	<<Block:Sz/binary, Tail/binary>> ->
-%% 	    if Tail == <<>> ->
-%% 		    [binary_to_list(Block)];
-%% 	       true ->
-%% 		    [binary_to_list(Block), " " | fmt_block(Tail, Sz, I+1, G)]
-%% 	    end;
-%% 	<<>> ->
-%% 	    [];
-%% 	_ -> 
-%% 	    [binary_to_list(Bin)]
-%%     end.
-
-%% %% Format integer or binary as hex
-%% fmt_bin(X) when integer(X) ->
-%%     list_to_binary(io_lib:format("~p", [X]));
-%% fmt_bin(X) when binary(X) ->
-%%     Sz = size(X)*8,
-%%     <<Y:Sz/unsigned-big>> = X,
-%%     %%Fmt = "~"++integer_to_list(size(X)*2)++"~p",
-%%     list_to_binary(io_lib:format("~p", [Y])).
-
-%% -endif.
-
diff --git a/lib/ssh/src/ssh_userauth.hrl b/lib/ssh/src/ssh_userauth.hrl
index 8eb2d46ed1..7c38719d92 100644
--- a/lib/ssh/src/ssh_userauth.hrl
+++ b/lib/ssh/src/ssh_userauth.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/src/ssh_xfer.erl b/lib/ssh/src/ssh_xfer.erl
index c9631a73b1..d5b6dd03d1 100644
--- a/lib/ssh/src/ssh_xfer.erl
+++ b/lib/ssh/src/ssh_xfer.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -298,8 +298,6 @@ xf_send_names(#ssh_xfer{cm = CM, channel = Channel, vsn = Vsn},
     Size = 1 + 4 + 4 + Len,
     ToSend = [<<?UINT32(Size), ?SSH_FXP_NAME, ?UINT32(ReqId), ?UINT32(Count)>>,
 	      Data],
-    %%?dbg(true, "xf_send_names: Size=~p size(ToSend)=~p\n",
-	%% [Size, size(list_to_binary(ToSend))]),
     ssh_connection:send(CM, Channel, ToSend).
 
 xf_send_status(XF, ReqId, ErrorCode) ->
@@ -353,7 +351,6 @@ xf_reply(_XF, <<?SSH_FXP_DATA, ?UINT32(ReqID),
     {data, ReqID, Data};
 xf_reply(XF, <<?SSH_FXP_NAME, ?UINT32(ReqID),
 	      ?UINT32(Count), AData/binary>>) ->
-    %%?dbg(true, "xf_reply ?SSH_FXP_NAME: AData=~p\n", [AData]),
     {name, ReqID, decode_names(XF#ssh_xfer.vsn, Count, AData)};
 xf_reply(XF, <<?SSH_FXP_ATTRS, ?UINT32(ReqID),
 	      AData/binary>>) ->
@@ -579,7 +576,6 @@ encode_attr_flags(Vsn, Flags) ->
       end, Flags).
 
 encode_file_type(Type) ->
-    %%?dbg(true, "encode_file_type(~p)\n", [Type]),
     case Type of
 	regular -> ?SSH_FILEXFER_TYPE_REGULAR;
 	directory -> ?SSH_FILEXFER_TYPE_DIRECTORY;
@@ -660,15 +656,12 @@ encode_ATTR(Vsn, A) ->
 		   {extended, A#ssh_xfer_attr.extensions}],
 		  0, []),
     Type = encode_file_type(A#ssh_xfer_attr.type),
-    %%?dbg(true, "encode_ATTR: Vsn=~p A=~p As=~p Flags=~p Type=~p",
-    %% 	 [Vsn, A, As, Flags, Type]),
     Result = list_to_binary([?uint32(Flags),
 			     if Vsn >= 5 ->
 				     ?byte(Type);
 				true ->
 				     (<<>>)
 			     end, As]),
-    %% ?dbg(true, " Result=~p\n", [Result]),
     Result.
 
 
@@ -722,7 +715,6 @@ encode_As(_Vsn, [], Flags, Acc) ->
 
 
 decode_ATTR(Vsn, <<?UINT32(Flags), Tail/binary>>) ->
-    %%?dbg(true, "decode_ATTR: Vsn=~p Flags=~p Tail=~p\n", [Vsn, Flags, Tail]),
     {Type,Tail2} =
 	if Vsn =< 3 ->
 		{?SSH_FILEXFER_TYPE_UNKNOWN, Tail};
@@ -751,7 +743,6 @@ decode_ATTR(Vsn, <<?UINT32(Flags), Tail/binary>>) ->
 	      Tail2).
 
 decode_As(Vsn, [{AName, AField}|As], R, Flags, Tail) ->
-    %%?dbg(false, "decode_As: Vsn=~p AName=~p AField=~p Flags=~p Tail=~p\n", [Vsn, AName, AField, Flags, Tail]),
     case AName of
 	size when ?is_set(?SSH_FILEXFER_ATTR_SIZE, Flags) ->
 	    <<?UINT64(X), Tail2/binary>> = Tail,
@@ -762,7 +753,6 @@ decode_As(Vsn, [{AName, AField}|As], R, Flags, Tail) ->
 	ownergroup when ?is_set(?SSH_FILEXFER_ATTR_OWNERGROUP, Flags),Vsn>=5 ->
 	    <<?UINT32(Len), Bin:Len/binary, Tail2/binary>> = Tail,
 	    X = binary_to_list(Bin),
-	    %%?dbg(true, "ownergroup X=~p\n", [X]),
 	    decode_As(Vsn, As, setelement(AField, R, X), Flags, Tail2);
 
 	permissions when ?is_set(?SSH_FILEXFER_ATTR_PERMISSIONS,Flags),Vsn>=5->
@@ -824,13 +814,11 @@ decode_names(Vsn, I, <<?UINT32(Len), FileName:Len/binary,
 		      ?UINT32(LLen), _LongName:LLen/binary,
 		      Tail/binary>>) when Vsn =< 3 ->
     Name = binary_to_list(FileName),
-    %%?dbg(true, "decode_names: ~p\n", [Name]),
     {A, Tail2} = decode_ATTR(Vsn, Tail),
     [{Name, A} | decode_names(Vsn, I-1, Tail2)];
 decode_names(Vsn, I, <<?UINT32(Len), FileName:Len/binary, 
 		      Tail/binary>>) when Vsn >= 4 ->
     Name = binary_to_list(FileName),
-    %%?dbg(true, "decode_names: ~p\n", [Name]),
     {A, Tail2} = decode_ATTR(Vsn, Tail),
     [{Name, A} | decode_names(Vsn, I-1, Tail2)].
 
@@ -839,8 +827,6 @@ encode_names(Vsn, NamesAndAttrs) ->
 
 encode_name(Vsn, {Name,Attr}, Len) when Vsn =< 3 ->
     NLen = length(Name),
-    %%?dbg(true, "encode_name: Vsn=~p Name=~p Attr=~p\n",
-    %% 	 [Vsn, Name, Attr]),
     EncAttr = encode_ATTR(Vsn, Attr),
     ALen = size(EncAttr),
     NewLen = Len + NLen*2 + 4 + 4 + ALen,
diff --git a/lib/ssh/src/ssh_xfer.hrl b/lib/ssh/src/ssh_xfer.hrl
index 4a4f1a4291..c13950eb6e 100644
--- a/lib/ssh/src/ssh_xfer.hrl
+++ b/lib/ssh/src/ssh_xfer.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/test/Makefile b/lib/ssh/test/Makefile
index 1820924ed6..145d5d2ad6 100644
--- a/lib/ssh/test/Makefile
+++ b/lib/ssh/test/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2004-2011. All Rights Reserved.
+# Copyright Ericsson AB 2004-2012. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -32,7 +32,6 @@ VSN=$(GS_VSN)
 
 MODULES= \
 	ssh_test_lib \
-	ssh_SUITE \
 	ssh_basic_SUITE \
 	ssh_to_openssh_SUITE \
 	ssh_sftp_SUITE \
diff --git a/lib/ssh/test/ssh_SUITE.erl b/lib/ssh/test/ssh_SUITE.erl
deleted file mode 100644
index 953c9080f9..0000000000
--- a/lib/ssh/test/ssh_SUITE.erl
+++ /dev/null
@@ -1,72 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-%%%----------------------------------------------------------------
-%%% Purpose:ssh application test suite.
-%%%-----------------------------------------------------------------
--module(ssh_SUITE).
--include_lib("common_test/include/ct.hrl").
--include("test_server_line.hrl").
-
-% Default timetrap timeout (set in init_per_testcase).
--define(default_timeout, ?t:minutes(1)).
--define(application, ssh).
-
-% Test server specific exports
--export([all/0,groups/0,init_per_group/2,end_per_group/2]).
--export([init_per_testcase/2, end_per_testcase/2]).
-
-% Test cases must be exported.
--export([app_test/1]).
--define(cases, [app_test]).
-
-%%
-%% all/1
-%%
-all() -> 
-    [app_test].
-
-groups() -> 
-    [].
-
-init_per_group(_GroupName, Config) ->
-	Config.
-
-end_per_group(_GroupName, Config) ->
-	Config.
-
-
-init_per_testcase(_Case, Config) ->
-    Dog=test_server:timetrap(?default_timeout),
-    [{watchdog, Dog}|Config].
-end_per_testcase(_Case, Config) ->
-    Dog=?config(watchdog, Config),
-    test_server:timetrap_cancel(Dog),
-    ok.
-%
-% Test cases starts here.
-%
-app_test(suite) ->
-    [];
-app_test(doc) ->
-    ["Application consistency test."];
-app_test(Config) when is_list(Config) ->
-    ?t:app_test(?application),
-    ok.
diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl
index 5ea0d98980..9c13180159 100644
--- a/lib/ssh/test/ssh_basic_SUITE.erl
+++ b/lib/ssh/test/ssh_basic_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -41,9 +41,6 @@
 init_per_suite(Config) ->
     case catch crypto:start() of
 	ok ->
-	    Dir = ?config(priv_dir, Config),
-	    {ok, _} =  ssh_test_lib:get_id_keys(Dir),
-	    ssh_test_lib:make_dsa_files(Config),
 	    Config;
 	_Else ->
 	    {skip, "Crypto could not be started!"}
@@ -55,10 +52,9 @@ init_per_suite(Config) ->
 %%   A list of key/value pairs, holding the test case configuration.
 %% Description: Cleanup after the whole suite
 %%--------------------------------------------------------------------
-end_per_suite(Config) ->
-    Dir = ?config(priv_dir, Config),
+end_per_suite(_Config) ->
+    ssh:stop(),
     crypto:stop(),
-    ssh_test_lib:remove_id_keys(Dir),
     ok.
 
 %%--------------------------------------------------------------------
@@ -75,7 +71,6 @@ end_per_suite(Config) ->
 %% Description: Initialization before each test case
 %%--------------------------------------------------------------------
 init_per_testcase(_TestCase, Config) ->
-    ssh_test_lib:known_hosts(backup),
     ssh:start(),
     Config.
 
@@ -87,9 +82,16 @@ init_per_testcase(_TestCase, Config) ->
 %%   A list of key/value pairs, holding the test case configuration.
 %% Description: Cleanup after each test case
 %%--------------------------------------------------------------------
-end_per_testcase(_TestCase, _Config) ->
+
+end_per_testcase(TestCase, Config) when TestCase == server_password_option;
+					TestCase == server_userpassword_option ->
+    UserDir = filename:join(?config(priv_dir, Config), nopubkey),
+    ssh_test_lib:del_dirs(UserDir),
+    end_per_testcase(Config);
+end_per_testcase(TestCase, Config) ->
+    end_per_testcase(Config).
+end_per_testcase(_Config) ->    
     ssh:stop(),
-    ssh_test_lib:known_hosts(restore),
     ok.
 
 %%--------------------------------------------------------------------
@@ -101,31 +103,72 @@ end_per_testcase(_TestCase, _Config) ->
 %% Description: Returns a list of all test cases in this test suite
 %%--------------------------------------------------------------------
 all() -> 
-    [exec, exec_compressed, shell, daemon_already_started,
-     server_password_option, server_userpassword_option,
-     known_hosts].
+    [app_test,
+     {group, dsa_key},
+     {group, rsa_key},
+     {group, dsa_pass_key},
+     {group, rsa_pass_key},
+     daemon_already_started,
+     server_password_option, server_userpassword_option].
 
 groups() -> 
-    [].
-
-init_per_group(_GroupName, Config) ->
-	Config.
+    [{dsa_key, [], [exec, exec_compressed, shell, known_hosts]},
+     {rsa_key, [], [exec, exec_compressed, shell, known_hosts]},
+     {dsa_pass_key, [], [pass_phrase]},
+     {rsa_pass_key, [], [pass_phrase]}
+    ].
+
+init_per_group(dsa_key, Config) ->
+    DataDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    ssh_test_lib:setup_dsa(DataDir, PrivDir),
+    Config;
+init_per_group(rsa_key, Config) ->
+    DataDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    ssh_test_lib:setup_rsa(DataDir, PrivDir),
+    Config;
+init_per_group(rsa_pass_key, Config) ->
+    DataDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    ssh_test_lib:setup_rsa_pass_pharse(DataDir, PrivDir, "Password"),
+    [{pass_phrase, {rsa_pass_phrase, "Password"}}| Config];
+init_per_group(dsa_pass_key, Config) ->
+    DataDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    ssh_test_lib:setup_dsa_pass_pharse(DataDir, PrivDir, "Password"),
+    [{pass_phrase, {dsa_pass_phrase, "Password"}}| Config];
+init_per_group(_, Config) ->
+    Config.
 
-end_per_group(_GroupName, Config) ->
-	Config.
+end_per_group(dsa_key, Config) ->
+    PrivDir = ?config(priv_dir, Config),
+    ssh_test_lib:clean_dsa(PrivDir),
+    Config;
+end_per_group(rsa_key, Config) ->
+    PrivDir = ?config(priv_dir, Config),
+    ssh_test_lib:clean_rsa(PrivDir),
+    Config;
+end_per_group(dsa_pass_key, Config) ->
+    PrivDir = ?config(priv_dir, Config),
+    ssh_test_lib:clean_dsa(PrivDir),
+    Config;
+end_per_group(rsa_pass_key, Config) ->
+    PrivDir = ?config(priv_dir, Config),
+    ssh_test_lib:clean_rsa(PrivDir),
+    Config;
+end_per_group(_, Config) ->
+    Config.
 
 %% Test cases starts here.
 %%--------------------------------------------------------------------
-sign_and_verify_rsa(doc) ->
-    ["Test api function ssh:sign_data and ssh:verify_data"];
-
-sign_and_verify_rsa(suite) ->
+app_test(suite) ->
     [];
-sign_and_verify_rsa(Config) when is_list(Config) ->
-    Data = ssh:sign_data(<<"correct data">>, "ssh-rsa"),
-    ok = ssh:verify_data(<<"correct data">>, Data, "ssh-rsa"),
-    {error,invalid_signature} = ssh:verify_data(<<"incorrect data">>, Data,"ssh-rsa").
-
+app_test(doc) ->
+    ["Application consistency test."];
+app_test(Config) when is_list(Config) ->
+    ?t:app_test(ssh),
+    ok.
 
 exec(doc) ->
     ["Test api function ssh_connection:exec"];
@@ -135,11 +178,15 @@ exec(suite) ->
 
 exec(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
-    SystemDir = ?config(data_dir, Config),
+    SystemDir = filename:join(?config(priv_dir, Config), system),
+    UserDir = ?config(priv_dir, Config),
+    
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+					     {user_dir, UserDir},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
     ConnectionRef =
 	ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true},
+					  {user_dir, UserDir},
 					  {user_interaction, false}]),
     {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity),
     success = ssh_connection:exec(ConnectionRef, ChannelId0,
@@ -177,13 +224,16 @@ exec_compressed(suite) ->
 
 exec_compressed(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
-    SystemDir = ?config(data_dir, Config),
-    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+    SystemDir = filename:join(?config(priv_dir, Config), system),
+    UserDir = ?config(priv_dir, Config), 
+
+    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir},
 					     {compression, zlib},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
     
     ConnectionRef =
 	ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true},
+					  {user_dir, UserDir},
 					  {user_interaction, false}]),
     {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity),
     success = ssh_connection:exec(ConnectionRef, ChannelId,
@@ -208,13 +258,15 @@ shell(suite) ->
 
 shell(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
-    SystemDir = ?config(data_dir, Config),
-    {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+    SystemDir = filename:join(?config(priv_dir, Config), system),
+    UserDir = ?config(priv_dir, Config),
+   
+    {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir},
 					       {failfun, fun ssh_test_lib:failfun/2}]),
     test_server:sleep(500),
 
     IO = ssh_test_lib:start_io_server(),
-    Shell = ssh_test_lib:start_shell(Port, IO),
+    Shell = ssh_test_lib:start_shell(Port, IO, UserDir),
     receive
 	ErlShellStart ->
 	    test_server:format("Erlang shell start: ~p~n", [ErlShellStart])
@@ -278,9 +330,13 @@ daemon_already_started(suite) ->
 
 daemon_already_started(Config) when is_list(Config) ->
     SystemDir = ?config(data_dir, Config),
+    UserDir = ?config(priv_dir, Config),
+
     {Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+					      {user_dir, UserDir},
 					      {failfun, fun ssh_test_lib:failfun/2}]),
     {error, eaddrinuse} = ssh_test_lib:daemon(Port, [{system_dir, SystemDir},
+						     {user_dir, UserDir},
 						     {failfun,
 						      fun ssh_test_lib:failfun/2}]),
     ssh:stop_daemon(Pid).
@@ -291,9 +347,12 @@ server_password_option(doc) ->
 server_password_option(suite) ->
     [];
 server_password_option(Config) when is_list(Config) ->
-    UserDir = ?config(data_dir, Config), % to make sure we don't use
-    SysDir = ?config(data_dir, Config),	 % public-key-auth
+    PrivDir = ?config(priv_dir, Config),
+    UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth
+    file:make_dir(UserDir),
+    SysDir = ?config(data_dir, Config),
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir},
+					     {user_dir, UserDir},
 					     {password, "morot"}]),
 
     ConnectionRef =
@@ -321,9 +380,12 @@ server_userpassword_option(doc) ->
 server_userpassword_option(suite) ->
     [];
 server_userpassword_option(Config) when is_list(Config) ->
-    UserDir = ?config(data_dir, Config),  % to make sure we don't use
-    SysDir = ?config(data_dir, Config),	  % public-key-auth
+    PrivDir = ?config(priv_dir, Config),
+    UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth
+    file:make_dir(UserDir),
+    SysDir = ?config(data_dir, Config),	  
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir},
+					     {user_dir, PrivDir},
 					     {user_passwords, [{"vego", "morot"}]}]),
 
     ConnectionRef =
@@ -362,16 +424,16 @@ known_hosts(suite) ->
     [];
 known_hosts(Config) when is_list(Config) ->
     SystemDir = ?config(data_dir, Config),
-    UserDir = ?config(priv_dir, Config),
-
-    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+    PrivDir = ?config(priv_dir, Config), 
+    
+    {Pid, Host, Port} = ssh_test_lib:daemon([{user_dir, PrivDir},{system_dir, SystemDir},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
 
-    KnownHosts = filename:join(UserDir, "known_hosts"),
+    KnownHosts = filename:join(PrivDir, "known_hosts"),
     file:delete(KnownHosts),
     {error, enoent} = file:read_file(KnownHosts),
     ConnectionRef =
-	ssh_test_lib:connect(Host, Port, [{user_dir, UserDir},
+	ssh_test_lib:connect(Host, Port, [{user_dir, PrivDir},
 					  {user_interaction, false},
 					  silently_accept_hosts]),
     {ok, _Channel} = ssh_connection:session_channel(ConnectionRef, infinity),
@@ -382,7 +444,30 @@ known_hosts(Config) when is_list(Config) ->
     [HostAndIp, Alg, _KeyData] = string:tokens(Line, " "),
     [Host, _Ip] = string:tokens(HostAndIp, ","),
     "ssh-" ++ _ = Alg,
-     ssh:stop_daemon(Pid).
+    ssh:stop_daemon(Pid).
+
+pass_phrase(doc) ->
+    ["Test that we can use keyes protected by pass phrases"];
+
+pass_phrase(suite) ->
+    [];
+
+pass_phrase(Config) when is_list(Config) ->
+    process_flag(trap_exit, true),
+    SystemDir = filename:join(?config(priv_dir, Config), system),
+    UserDir = ?config(priv_dir, Config),
+    PhraseArg = ?config(pass_phrase, Config),
+
+    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+					     {user_dir, UserDir},
+					     {failfun, fun ssh_test_lib:failfun/2}]),
+    ConnectionRef =
+	ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true},
+					  PhraseArg,
+					  {user_dir, UserDir},
+					  {user_interaction, false}]),
+    {ok, _ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity),
+    ssh:stop_daemon(Pid).
 
 %%--------------------------------------------------------------------
 %% Internal functions
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/id_dsa b/lib/ssh/test/ssh_basic_SUITE_data/id_dsa
new file mode 100644
index 0000000000..d306f8b26e
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/id_dsa
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQDfi2flSTZZofwT4yQT0NikX/LGNT7UPeB/XEWe/xovEYCElfaQ
+APFixXvEgXwoojmZ5kiQRKzLM39wBP0jPERLbnZXfOOD0PDnw0haMh7dD7XKVMod
+/EigVgHf/qBdM2M8yz1s/rRF7n1UpLSypziKjkzCm7JoSQ2zbWIPdmBIXwIVAMgP
+kpr7Sq3O7sHdb8D601DRjoExAoGAMOQxDfB2Fd8ouz6G96f/UOzRMI/Kdv8kYYKW
+JIGY+pRYrLPyYzUeJznwZreOJgrczAX+luHnKFWJ2Dnk5CyeXk67Wsr7pJ/4MBMD
+OKeIS0S8qoSBN8+Krp79fgA+yS3IfqbkJLtLu4EBaCX4mKQIX4++k44d4U5lc8pt
++9hlEI8CgYEAznKxx9kyC6bVo7LUYKaGhofRFt0SYFc5PVmT2VUGRs1R6+6DPD+e
+uEO6IhFct7JFSRbP9p0JD4Uk+3zlZF+XX6b2PsZkeV8f/02xlNGUSmEzCSiNg1AX
+Cy/WusYhul0MncWCHMcOZB5rIvU/aP5EJJtn3xrRaz6u0SThF6AnT34CFQC63czE
+ZU8w8Q+H7z0j+a+70x2iAw==
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/id_rsa b/lib/ssh/test/ssh_basic_SUITE_data/id_rsa
new file mode 100644
index 0000000000..9d7e0dd5fb
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/id_rsa
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQD1OET+3O/Bvj/dtjxDTXmj1oiJt4sIph5kGy0RfjoPrZfaS+CU
+DhakCmS6t2ivxWFgtpKWaoGMZMJqWj6F6ZsumyFl3FPBtujwY/35cgifrI9Ns4Tl
+zR1uuengNBmV+WRQ5cd9F2qS6Z8aDQihzt0r8JUqLcK+VQbrmNzboCCQQwIDAQAB
+AoGAPQEyqPTt8JUT7mRXuaacjFXiweAXhp9NEDpyi9eLOjtFe9lElZCrsUOkq47V
+TGUeRKEm9qSodfTbKPoqc8YaBJGJPhUaTAcha+7QcDdfHBvIsgxvU7ePVnlpXRp3
+CCUEMPhlnx6xBoTYP+fRU0e3+xJIPVyVCqX1jAdUMkzfRoECQQD6ux7B1QJAIWyK
+SGkbDUbBilNmzCFNgIpOP6PA+bwfi5d16diTpra5AX09keQABAo/KaP1PdV8Vg0p
+z4P3A7G3AkEA+l+AKG6m0kQTTBMJDqOdVPYwe+5GxunMaqmhokpEbuGsrZBl5Dvd
+WpcBjR7jmenrhKZRIuA+Fz5HPo/UQJPl1QJBAKxstDkeED8j/S2XoFhPKAJ+6t39
+sUVICVTIZQeXdmzHJXCcUSkw8+WEhakqw/3SyW0oaK2FSWQJFWJUZ+8eJj8CQEh3
+xeduB5kKnS9CvzdeghZqX6QvVosSdtlUmfUYW/BgH5PpHKTP8wTaeld3XldZTpMJ
+dKiMkUw2+XYROVUrubUCQD+Na1LhULlpn4ISEtIEfqpdlUhxDgO15Wg8USmsng+x
+ICliVOSQtwaZjm8kwaFt0W7XnpnDxbRs37vIEbIMWak=
+-----END RSA PRIVATE KEY-----
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_dsa_key
new file mode 100644
index 0000000000..51ab6fbd88
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_dsa_key
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK
+wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q
+diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA
+l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X
+skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF
+Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP
+ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah
+/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U
+ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W
+Lv62jKcdskxNyz2NQoBx
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_dsa_key.pub
new file mode 100644
index 0000000000..4dbb1305b0
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_dsa_key.pub
@@ -0,0 +1,11 @@
+---- BEGIN SSH2 PUBLIC KEY ----
+AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j
+YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2
+KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU
+aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI
+fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT
+MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh
+DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48
+wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2
+/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg==
+---- END SSH2 PUBLIC KEY ----
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_rsa_key b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_rsa_key
new file mode 100644
index 0000000000..79968bdd7d
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_rsa_key
@@ -0,0 +1,16 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8semM4q843337
+zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RWRWzjaxSB
+6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4QIDAQAB
+AoGANmvJzJO5hkLuvyDZHKfAnGTtpifcR1wtSa9DjdKUyn8vhKF0mIimnbnYQEmW
+NUUb3gXCZLi9PvkpRSVRrASDOZwcjoU/Kvww163vBUVb2cOZfFhyn6o2Sk88Tt++
+udH3hdjpf9i7jTtUkUe+QYPsia+wgvvrmn4QrahLAH86+kECQQDx5gFeXTME3cnW
+WMpFz3PPumduzjqgqMMWEccX4FtQkMX/gyGa5UC7OHFyh0N/gSWvPbRHa8A6YgIt
+n8DO+fh5AkEAzbqX4DOn8NY6xJIi42q7l/2jIA0RkB6P7YugW5NblhqBZ0XDnpA5
+sMt+rz+K07u9XZtxgh1xi7mNfwY6lEAMqQJBAJBEauCKmRj35Z6OyeQku59SPsnY
++SJEREVvSNw2lH9SOKQQ4wPsYlTGbvKtNVZgAcen91L5MmYfeckYE/fdIZECQQCt
+64zxsTnM1I8iFxj/gP/OYlJBikrKt8udWmjaghzvLMEw+T2DExJyb9ZNeT53+UMB
+m6O+B/4xzU/djvp+0hbhAkAemIt+rA5kTmYlFndhpvzkSSM8a2EXsO4XIPgGWCTT
+tQKS/tTly0ADMjN/TVy11+9d6zcqadNVuHXHGtR4W0GR
+-----END RSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_rsa_key.pub b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_rsa_key.pub
new file mode 100644
index 0000000000..75d2025c71
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_rsa_key.pub
@@ -0,0 +1,5 @@
+---- BEGIN SSH2 PUBLIC KEY ----
+AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8
+semM4q843337zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RW
+RWzjaxSB6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4Q==
+---- END SSH2 PUBLIC KEY ----
diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl
index c96b6de3ea..7644db155d 100644
--- a/lib/ssh/test/ssh_sftp_SUITE.erl
+++ b/lib/ssh/test/ssh_sftp_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -24,14 +24,12 @@
 -compile(export_all).
 
 -include_lib("common_test/include/ct.hrl").
--include("test_server_line.hrl").
 
 -include_lib("kernel/include/file.hrl").
 
 % Default timetrap timeout
 -define(default_timeout, ?t:minutes(1)).
 
--define(SFPD_PORT, 9999).
 -define(USER, "Alladin").
 -define(PASSWD, "Sesame").
 
@@ -46,18 +44,12 @@
 %% variable, but should NOT alter/remove any existing entries.
 %%--------------------------------------------------------------------
 init_per_suite(Config) ->
-    case {catch crypto:start(),catch ssh:start()} of
-	{ok,ok} ->
-	    Dir = ?config(priv_dir, Config),
-	    {ok, _} = ssh_test_lib:get_id_keys(Dir),
-	    ssh_test_lib:make_dsa_files(Config),
+    case (catch crypto:start()) of
+	ok ->
+	    ssh:start(),
 	    Config;
-	{ok,_} ->
-	    {skip,"Could not start ssh!"};
-	{_,ok} ->
-	    {skip,"Could not start crypto!"};
-	{_,_} ->
-	    {skip,"Could not start crypto and ssh!"}
+	_ ->
+	    {skip,"Could not start crypto!"}
     end.
 
 %%--------------------------------------------------------------------
@@ -67,9 +59,8 @@ init_per_suite(Config) ->
 %% Description: Cleanup after the whole suite
 %%--------------------------------------------------------------------
 end_per_suite(Config) ->
+    ssh:stop(),
     crypto:stop(),
-    Dir = ?config(priv_dir, Config),
-    ssh_test_lib:remove_id_keys(Dir),
     Config.
 
 %%--------------------------------------------------------------------
@@ -90,27 +81,30 @@ init_per_testcase(_Case, Config) ->
     TmpConfig0 = lists:keydelete(watchdog, 1, Config),
     TmpConfig = lists:keydelete(sftp, 1, TmpConfig0),
     Dog = test_server:timetrap(?default_timeout),
-    Dir = ?config(priv_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
     SysDir =  ?config(data_dir, Config),
     Host = ssh_test_lib:hostname(),
 
-    Sftp = case (catch ssh_sftp:start_channel(Host,
-					      [{user_dir, Dir},
-					       {user_interaction, false},
+    %% Run test against openssh server if available
+    Sftp = case (catch ssh_sftp:start_channel(Host,					      
+					      [{user_interaction, false},
 					       {silently_accept_hosts, true}])) of
 	       {ok, ChannelPid, Connection} ->
+		   test_server:format("Running against openssh"),
 		   {ChannelPid, Connection};
-	       _Error ->
-		   {_Sftpd, _Host, _Port} = 
-		       ssh_test_lib:daemon(Host, ?SFPD_PORT,
-					   [{system_dir, SysDir},
+	       _Error -> %% Start own sftp
+		   test_server:format("Running against erlang ssh"),
+		   {_Sftpd, Host1, Port} = 		       
+		       ssh_test_lib:daemon([{system_dir, SysDir},
+					    {user_dir, PrivDir},
 					    {user_passwords,
 					     [{?USER, ?PASSWD}]},
 					    {failfun,
 					     fun ssh_test_lib:failfun/2}]),
-		   Result = (catch ssh_sftp:start_channel(Host, ?SFPD_PORT,
+		   Result = (catch ssh_sftp:start_channel(Host1, Port,
 							  [{user, ?USER},
 							   {password, ?PASSWD},
+							   {user_dir, PrivDir},
 							   {user_interaction, false},
 							   {silently_accept_hosts, true}])),
 		   {ok, ChannelPid, Connection} = Result,
diff --git a/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa b/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa
deleted file mode 100644
index 7e3f885f5d..0000000000
--- a/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQDLKYTdRnGzphcN+pF8UuI3sYB7rxZUHbOT87K3vh8XOLkDOsS3
-8VREtNS8Wb3uYXsRtyDoUvrLIDnyllOfJSDupWLr4ibckUZd/nhFAaC6WryVmH6k
-GlQLLp9KU+vcn2DwYeo14gbwHYDB3pmv4CWAlnO1m/BkX4aLz1zC314OkQIBIwKB
-gD/Z2UzboBPjvhpWEHeHw3CW3zzQoJ4X9pw2peH57IOkHOPCA0/A3/hWFvleCH4e
-owWRU3w3ViKVGYbBh/7RJ5rllN+ENUmVn536srJTxLKUtvb5jRGj3W6EWgAGHSUB
-hm83Kt9Lb5hprL7dPrNGvSseBm/LQSfBQ4vUUyiVRKGPAkEA/rPxWoLdBBP+FZtE
-fGzz9izPM6Fe6o8ZGNZIlRBProOhgEvvIqdgzQWObgLVVrw+M/YApPpiYS3PEmWj
-b2b+jwJBAMwyYeL6coKTl8swDu8HvLnshgUFJFTtHhOTXsKtXQNI1b24xhUrB3Sb
-X8fmoByyRNRpOfvg4Jdqi3Z6KfIcsN8CQQDEfC83McBw3DkJWoVKCugVrYnmACSm
-USH9N5cT6AL0VupNB2C0VTwL37cEaJXyc/V4ipLIaWHV8CNl9qKmZWVJAkEAurG4
-lQI8zyfbPW3EgsU+1d+QeZ5NGnJkpC73jWtNudwxIn0M4CdXRgpmMxwAGjyWs5No
-Nr75OfsDKn5SPHIAywJAKrtONlOizgDiG3EvAXZlwFtOb+HkQ7lrFwczrQu9m7yi
-brSAcnTrLKI6CrR33b/QJLvb9C/HTEZojFABGq8M7A==
------END RSA PRIVATE KEY-----
diff --git a/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa.pub b/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa.pub
deleted file mode 100644
index 77f57de4af..0000000000
--- a/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAyymE3UZxs6YXDfqRfFLiN7GAe68WVB2zk/Oyt74fFzi5AzrEt/FURLTUvFm97mF7Ebcg6FL6yyA58pZTnyUg7qVi6+Im3JFGXf54RQGgulq8lZh+pBpUCy6fSlPr3J9g8GHqNeIG8B2Awd6Zr+AlgJZztZvwZF+Gi89cwt9eDpE= jakob@balin
diff --git a/lib/ssh/test/ssh_sftp_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_sftp_SUITE_data/ssh_host_dsa_key
new file mode 100644
index 0000000000..51ab6fbd88
--- /dev/null
+++ b/lib/ssh/test/ssh_sftp_SUITE_data/ssh_host_dsa_key
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK
+wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q
+diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA
+l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X
+skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF
+Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP
+ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah
+/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U
+ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W
+Lv62jKcdskxNyz2NQoBx
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_sftp_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_sftp_SUITE_data/ssh_host_dsa_key.pub
new file mode 100644
index 0000000000..4dbb1305b0
--- /dev/null
+++ b/lib/ssh/test/ssh_sftp_SUITE_data/ssh_host_dsa_key.pub
@@ -0,0 +1,11 @@
+---- BEGIN SSH2 PUBLIC KEY ----
+AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j
+YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2
+KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU
+aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI
+fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT
+MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh
+DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48
+wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2
+/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg==
+---- END SSH2 PUBLIC KEY ----
diff --git a/lib/ssh/test/ssh_sftpd_SUITE.erl b/lib/ssh/test/ssh_sftpd_SUITE.erl
index bfe54a3e75..6e4480ee9d 100644
--- a/lib/ssh/test/ssh_sftpd_SUITE.erl
+++ b/lib/ssh/test/ssh_sftpd_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2006-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2006-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -53,16 +53,18 @@
 %% variable, but should NOT alter/remove any existing entries.
 %%--------------------------------------------------------------------
 init_per_suite(Config) ->
-    case {catch ssh:stop(),catch crypto:start()} of
-	{ok,ok} ->
-	    ssh_test_lib:make_dsa_files(Config),
+    case (catch crypto:start()) of
+	ok ->
+	    DataDir = ?config(data_dir, Config),	    
+	    PrivDir = ?config(priv_dir, Config),
+	    ssh_test_lib:setup_dsa(DataDir, PrivDir),
+	    %% to make sure we don't use public-key-auth
+	    %% this should be tested by other test suites
+	    UserDir = filename:join(?config(priv_dir, Config), nopubkey), 
+	    file:make_dir(UserDir),  
 	    Config;
-	{ok,_} ->
-	    {skip,"Could not start ssh!"};
-	{_,ok} ->
-	    {skip,"Could not start crypto!"};
-	{_,_} ->
-	    {skip,"Could not start crypto and ssh!"}
+	_ ->
+	    {skip,"Could not start crypto!"}
     end.
 
 %%--------------------------------------------------------------------
@@ -71,7 +73,12 @@ init_per_suite(Config) ->
 %%   A list of key/value pairs, holding the test case configuration.
 %% Description: Cleanup after the whole suite
 %%--------------------------------------------------------------------
-end_per_suite(_Config) ->
+end_per_suite(Config) ->
+    SysDir = ?config(priv_dir, Config),
+    ssh_test_lib:clean_dsa(SysDir),
+    UserDir = filename:join(?config(priv_dir, Config), nopubkey),
+    file:del_dir(UserDir),
+    ssh:stop(),
     crypto:stop(),
     ok.
 
@@ -91,15 +98,18 @@ end_per_suite(_Config) ->
 init_per_testcase(TestCase, Config) ->
     ssh:start(),
     prep(Config),
-    SysDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    ClientUserDir = filename:join(PrivDir, nopubkey),
+    SystemDir = filename:join(?config(priv_dir, Config), system),
+
     {ok, Sftpd} =
-	ssh_sftpd:listen(?SFPD_PORT, [{system_dir, SysDir},
+	ssh_sftpd:listen(?SFPD_PORT, [{system_dir, SystemDir},
+				      {user_dir, PrivDir},
 				      {user_passwords,[{?USER, ?PASSWD}]},
 				      {pwdfun, fun(_,_) -> true end}]),
     
     Cm = ssh_test_lib:connect(?SFPD_PORT,
-			      [{system_dir, SysDir},
-			       {user_dir, SysDir},
+			      [{user_dir, ClientUserDir},
 			       {user, ?USER}, {password, ?PASSWD},
 			       {user_interaction, false},
 			       {silently_accept_hosts, true},
@@ -542,7 +552,7 @@ set_attributes(Config) when is_list(Config) ->
     {ok, FileInfo} = file:read_file_info(FileName),
 
     OrigPermissions = FileInfo#file_info.mode,
-    Permissions = 8#400, %% User read-only
+    Permissions = 8#600, %% User read-write-only
 
     Flags = ?SSH_FILEXFER_ATTR_PERMISSIONS,
 
diff --git a/lib/ssh/test/ssh_sftpd_SUITE_data/id_dsa b/lib/ssh/test/ssh_sftpd_SUITE_data/id_dsa
new file mode 100644
index 0000000000..d306f8b26e
--- /dev/null
+++ b/lib/ssh/test/ssh_sftpd_SUITE_data/id_dsa
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQDfi2flSTZZofwT4yQT0NikX/LGNT7UPeB/XEWe/xovEYCElfaQ
+APFixXvEgXwoojmZ5kiQRKzLM39wBP0jPERLbnZXfOOD0PDnw0haMh7dD7XKVMod
+/EigVgHf/qBdM2M8yz1s/rRF7n1UpLSypziKjkzCm7JoSQ2zbWIPdmBIXwIVAMgP
+kpr7Sq3O7sHdb8D601DRjoExAoGAMOQxDfB2Fd8ouz6G96f/UOzRMI/Kdv8kYYKW
+JIGY+pRYrLPyYzUeJznwZreOJgrczAX+luHnKFWJ2Dnk5CyeXk67Wsr7pJ/4MBMD
+OKeIS0S8qoSBN8+Krp79fgA+yS3IfqbkJLtLu4EBaCX4mKQIX4++k44d4U5lc8pt
++9hlEI8CgYEAznKxx9kyC6bVo7LUYKaGhofRFt0SYFc5PVmT2VUGRs1R6+6DPD+e
+uEO6IhFct7JFSRbP9p0JD4Uk+3zlZF+XX6b2PsZkeV8f/02xlNGUSmEzCSiNg1AX
+Cy/WusYhul0MncWCHMcOZB5rIvU/aP5EJJtn3xrRaz6u0SThF6AnT34CFQC63czE
+ZU8w8Q+H7z0j+a+70x2iAw==
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key
new file mode 100644
index 0000000000..51ab6fbd88
--- /dev/null
+++ b/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK
+wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q
+diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA
+l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X
+skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF
+Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP
+ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah
+/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U
+ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W
+Lv62jKcdskxNyz2NQoBx
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key.pub
new file mode 100644
index 0000000000..4dbb1305b0
--- /dev/null
+++ b/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key.pub
@@ -0,0 +1,11 @@
+---- BEGIN SSH2 PUBLIC KEY ----
+AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j
+YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2
+KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU
+aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI
+fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT
+MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh
+DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48
+wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2
+/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg==
+---- END SSH2 PUBLIC KEY ----
diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl
index 2209af05d5..4c469ed5f7 100644
--- a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl
+++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -28,7 +28,6 @@
 
 -include_lib("kernel/include/file.hrl").
 
--define(SSHD_PORT, 9999).
 -define(USER, "Alladin").
 -define(PASSWD, "Sesame").
 -define(SSH_MAX_PACKET_SIZE, 32768).
@@ -48,13 +47,14 @@ init_per_suite(Config) ->
     case catch crypto:start() of
 	ok ->
 	    DataDir = ?config(data_dir, Config),
+	    PrivDir = ?config(priv_dir, Config),
 	    FileAlt = filename:join(DataDir, "ssh_sftpd_file_alt.erl"),
 	    c:c(FileAlt),
 	    FileName = filename:join(DataDir, "test.txt"),
 	    {ok, FileInfo} = file:read_file_info(FileName),
 	    ok = file:write_file_info(FileName,
 				      FileInfo#file_info{mode = 8#400}),
-	    ssh_test_lib:make_dsa_files(Config),
+	    ssh_test_lib:setup_dsa(DataDir, PrivDir),
 	    Config;
 	_Else ->
 	    {skip,"Could not start ssh!"}
@@ -66,7 +66,11 @@ init_per_suite(Config) ->
 %%   A list of key/value pairs, holding the test case configuration.
 %% Description: Cleanup after the whole suite
 %%--------------------------------------------------------------------
-end_per_suite(_Config) ->
+end_per_suite(Config) -> 
+    UserDir = filename:join(?config(priv_dir, Config), nopubkey),
+    file:del_dir(UserDir),
+    SysDir = ?config(priv_dir, Config),
+    ssh_test_lib:clean_dsa(SysDir),
     crypto:stop(),
     ok.
 
@@ -85,7 +89,8 @@ end_per_suite(_Config) ->
 %%--------------------------------------------------------------------
 init_per_testcase(TestCase, Config) ->
     ssh:start(),
-    DataDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    SystemDir = filename:join(PrivDir, system),
 
     Options =
 	case atom_to_list(TestCase) of
@@ -93,50 +98,39 @@ init_per_testcase(TestCase, Config) ->
 		Spec =
 		    ssh_sftpd:subsystem_spec([{file_handler,
 					       ssh_sftpd_file_alt}]),
-		[{user_passwords,[{?USER, ?PASSWD}]},
-		 {pwdfun, fun(_,_) -> true end},
-		 {system_dir, DataDir},
-		 {user_dir, DataDir},
+		[{system_dir, SystemDir},
+		 {user_dir, PrivDir},
 		 {subsystems, [Spec]}];
 	    "root_dir" ->
 		Privdir = ?config(priv_dir, Config),
 		Root = filename:join(Privdir, root),
 		file:make_dir(Root),
 		Spec = ssh_sftpd:subsystem_spec([{root,Root}]),
-		[{user_passwords,[{?USER, ?PASSWD}]},
-		 {pwdfun, fun(_,_) -> true end},
-		 {system_dir, DataDir},
-		 {user_dir, DataDir},
+		[{system_dir, SystemDir},
+		 {user_dir, PrivDir},
 		 {subsystems, [Spec]}];
 	    "list_dir_limited" ->
 		Spec =
 		    ssh_sftpd:subsystem_spec([{max_files,1}]),
-		[{user_passwords,[{?USER, ?PASSWD}]},
-		 {pwdfun, fun(_,_) -> true end},
-		 {system_dir, DataDir},
-		 {user_dir, DataDir},
+		[{system_dir, SystemDir},
+		 {user_dir, PrivDir},
 		 {subsystems, [Spec]}];
 
 	    _ ->
-		[{user_passwords,[{?USER, ?PASSWD}]},
-		 {pwdfun, fun(_,_) -> true end},
-		 {user_dir, DataDir},
-		 {system_dir, DataDir}]
+		[{user_dir, PrivDir},
+		 {system_dir, SystemDir}]
 	end,
 
-    {Sftpd, Host, _Port} = ssh_test_lib:daemon(any, ?SSHD_PORT, Options),
+    {Sftpd, Host, Port} = ssh_test_lib:daemon(Options),
 
     {ok, ChannelPid, Connection} =
-	ssh_sftp:start_channel(Host, ?SSHD_PORT,
+	ssh_sftp:start_channel(Host, Port,
 			       [{silently_accept_hosts, true},
-				{user, ?USER}, {password, ?PASSWD}, 
-				{pwdfun, fun(_,_) -> true end},
-				{system_dir, DataDir},
-				{user_dir, DataDir},
+				{user_dir, PrivDir},
 				{timeout, 30000}]),
     TmpConfig = lists:keydelete(sftp, 1, Config),
     NewConfig = lists:keydelete(sftpd, 1, TmpConfig),
-    [{sftp, {ChannelPid, Connection}}, {sftpd, Sftpd} | NewConfig].
+    [{port, Port}, {sftp, {ChannelPid, Connection}}, {sftpd, Sftpd} | NewConfig].
 
 %%--------------------------------------------------------------------
 %% Function: end_per_testcase(TestCase, Config) -> _
@@ -216,6 +210,8 @@ quit_OTP_6349(suite) ->
 quit_OTP_6349(Config) when is_list(Config) ->
     DataDir = ?config(data_dir, Config),
     FileName = filename:join(DataDir, "test.txt"),
+    UserDir = ?config(priv_dir, Config), 
+    Port = ?config(port, Config),
 
     {Sftp, _} = ?config(sftp, Config),
 
@@ -226,11 +222,10 @@ quit_OTP_6349(Config) when is_list(Config) ->
     Host = ssh_test_lib:hostname(),
 
     timer:sleep(5000),
-    {ok, NewSftp, _Conn} = ssh_sftp:start_channel(Host, ?SSHD_PORT,
+    {ok, NewSftp, _Conn} = ssh_sftp:start_channel(Host, Port,
 						 [{silently_accept_hosts, true},
 						  {pwdfun, fun(_,_) -> true end},
-						  {system_dir, DataDir},
-						  {user_dir, DataDir},
+						  {user_dir, UserDir},
 						  {user, ?USER}, {password, ?PASSWD}]),
 
     {ok, <<_/binary>>} = ssh_sftp:read_file(NewSftp, FileName),
diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/id_dsa b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/id_dsa
new file mode 100644
index 0000000000..d306f8b26e
--- /dev/null
+++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/id_dsa
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQDfi2flSTZZofwT4yQT0NikX/LGNT7UPeB/XEWe/xovEYCElfaQ
+APFixXvEgXwoojmZ5kiQRKzLM39wBP0jPERLbnZXfOOD0PDnw0haMh7dD7XKVMod
+/EigVgHf/qBdM2M8yz1s/rRF7n1UpLSypziKjkzCm7JoSQ2zbWIPdmBIXwIVAMgP
+kpr7Sq3O7sHdb8D601DRjoExAoGAMOQxDfB2Fd8ouz6G96f/UOzRMI/Kdv8kYYKW
+JIGY+pRYrLPyYzUeJznwZreOJgrczAX+luHnKFWJ2Dnk5CyeXk67Wsr7pJ/4MBMD
+OKeIS0S8qoSBN8+Krp79fgA+yS3IfqbkJLtLu4EBaCX4mKQIX4++k44d4U5lc8pt
++9hlEI8CgYEAznKxx9kyC6bVo7LUYKaGhofRFt0SYFc5PVmT2VUGRs1R6+6DPD+e
+uEO6IhFct7JFSRbP9p0JD4Uk+3zlZF+XX6b2PsZkeV8f/02xlNGUSmEzCSiNg1AX
+Cy/WusYhul0MncWCHMcOZB5rIvU/aP5EJJtn3xrRaz6u0SThF6AnT34CFQC63czE
+ZU8w8Q+H7z0j+a+70x2iAw==
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key
new file mode 100644
index 0000000000..51ab6fbd88
--- /dev/null
+++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK
+wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q
+diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA
+l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X
+skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF
+Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP
+ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah
+/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U
+ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W
+Lv62jKcdskxNyz2NQoBx
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key.pub
new file mode 100644
index 0000000000..4dbb1305b0
--- /dev/null
+++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key.pub
@@ -0,0 +1,11 @@
+---- BEGIN SSH2 PUBLIC KEY ----
+AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j
+YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2
+KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU
+aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI
+fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT
+MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh
+DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48
+wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2
+/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg==
+---- END SSH2 PUBLIC KEY ----
diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl
index 425fae22c1..26bbdf5c5c 100644
--- a/lib/ssh/test/ssh_test_lib.erl
+++ b/lib/ssh/test/ssh_test_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -68,15 +68,14 @@ daemon(Host, Port, Options) ->
 	    Error
     end.
 
-
-
+start_shell(Port, IOServer, UserDir) ->
+    spawn_link(?MODULE, init_shell, [Port, IOServer, [{user_dir, UserDir}]]).
 
 start_shell(Port, IOServer) ->
-    spawn_link(?MODULE, init_shell, [Port, IOServer]).
+    spawn_link(?MODULE, init_shell, [Port, IOServer, []]).
 
-init_shell(Port, IOServer) ->
+init_shell(Port, IOServer, UserDir) ->
     Host = hostname(),
-    UserDir = get_user_dir(),
     Options = [{user_interaction, false}, {silently_accept_hosts,
 					   true}] ++ UserDir,
     group_leader(IOServer, self()),
@@ -95,13 +94,10 @@ init_io_server(TestCase) ->
 loop_io_server(TestCase, Buff0) ->
      receive
 	 {input, TestCase, Line} ->
-	     %io:format("~p~n",[{input, TestCase, Line}]),
 	     loop_io_server(TestCase, Buff0 ++ [Line]);
 	 {io_request, From, ReplyAs, Request} ->
-	     %io:format("request -> ~p~n",[Request]),
 	     {ok, Reply, Buff} = io_request(Request, TestCase, From,
 					    ReplyAs, Buff0),
-	     %io:format("reply -> ~p~n",[Reply]),
 	     io_reply(From, ReplyAs, Reply),
 	     loop_io_server(TestCase, Buff);
 	 {'EXIT',_, _} ->
@@ -139,12 +135,18 @@ reply(TestCase, Result) ->
 receive_exec_result(Msg) ->
     test_server:format("Expect data! ~p", [Msg]),
     receive
+	{ssh_cm,_,{data,_,1, Data}} ->
+	    test_server:format("StdErr: ~p~n", [Data]),
+	    receive_exec_result(Msg);
 	Msg ->
 	    test_server:format("1: Collected data ~p", [Msg]),
 	    expected;
 	Other ->
+	    test_server:format("Other ~p", [Other]),
 	    {unexpected_msg, Other}
     end.
+
+
 receive_exec_end(ConnectionRef, ChannelId) ->
     Eof = {ssh_cm, ConnectionRef, {eof, ChannelId}},
     ExitStatus = {ssh_cm, ConnectionRef, {exit_status, ChannelId, 0}},
@@ -181,27 +183,21 @@ inet_port()->
     gen_tcp:close(Socket),
     Port.
 
-
-%% copy private keys to given dir from ~/.ssh
-get_id_keys(DstDir) ->
-    SrcDir = filename:join(os:getenv("HOME"), ".ssh"),
-    RsaOk = copyfile(SrcDir, DstDir, "id_rsa"),
-    DsaOk = copyfile(SrcDir, DstDir, "id_dsa"),
-    case {RsaOk, DsaOk} of
-	{{ok, _}, {ok, _}} -> {ok, both};
-	{{ok, _}, _} -> {ok, rsa};
-	{_, {ok, _}} -> {ok, dsa};
-	{Error, _} -> Error
-    end.
-
-remove_id_keys(Dir) ->
-    file:delete(filename:join(Dir, "id_rsa")),
-    file:delete(filename:join(Dir, "id_dsa")).
-
-copyfile(SrcDir, DstDir, Fn) ->
-    file:copy(filename:join(SrcDir, Fn),
-	      filename:join(DstDir, Fn)).
-
+setup_ssh_auth_keys(RSAFile, DSAFile, Dir) ->
+    Entries = ssh_file_entry(RSAFile) ++ ssh_file_entry(DSAFile),
+    AuthKeys = public_key:ssh_encode(Entries , auth_keys),
+    AuthKeysFile = filename:join(Dir, "authorized_keys"),
+    file:write_file(AuthKeysFile, AuthKeys).
+
+ssh_file_entry(PubFile) ->
+    case file:read_file(PubFile) of
+	{ok, Ssh} ->
+	    [{Key, _}] = public_key:ssh_decode(Ssh, public_key), 
+	    [{Key, [{comment, "Test"}]}];
+	_ ->
+	    []
+    end. 
+	    
 failfun(_User, {authmethod,none}) ->
     ok;
 failfun(User, Reason) ->
@@ -222,463 +218,123 @@ known_hosts(BR) ->
 	    file:rename(B, KnownHosts)
     end.
 
-
-get_user_dir() ->
-    case os:type() of
-	{win32, _} ->
-	    [{user_dir, filename:join([os:getenv("HOME"), ".ssh"])}];
-	_ ->
-	    []
-    end.
-
-
-make_dsa_cert_files(Config) ->    
-    make_dsa_cert_files("", Config).
-
-make_dsa_cert_files(RoleStr, Config) ->    
-    
-    CaInfo = {CaCert, _} = make_cert([{key, dsa}]),
-    {Cert, CertKey} = make_cert([{key, dsa}, {issuer, CaInfo}]),
-    CaCertFile = filename:join([?config(data_dir, Config), 
- 				RoleStr, "dsa_cacerts.pem"]),
-    CertFile = filename:join([?config(data_dir, Config), 
- 			      RoleStr, "dsa_cert.pem"]),
-    KeyFile = filename:join([?config(data_dir, Config), 
-			     RoleStr, "dsa_key.pem"]),
+setup_dsa(DataDir, UserDir) ->
+    file:copy(filename:join(DataDir, "id_dsa"), filename:join(UserDir, "id_dsa")),
+    System = filename:join(UserDir, "system"),
+    file:make_dir(System),
+    file:copy(filename:join(DataDir, "ssh_host_dsa_key"), filename:join(System, "ssh_host_dsa_key")),
+    file:copy(filename:join(DataDir, "ssh_host_dsa_key.pub"), filename:join(System, "ssh_host_dsa_key.pub")),
+    setup_dsa_known_host(DataDir, UserDir),
+    setup_dsa_auth_keys(DataDir, UserDir).
     
-    der_to_pem(CaCertFile, [{'Certificate', CaCert, not_encrypted}]),
-    der_to_pem(CertFile, [{'Certificate', Cert, not_encrypted}]),
-    der_to_pem(KeyFile, [CertKey]),
-    {CaCertFile, CertFile, KeyFile}.
-
-make_dsa_files(Config) ->
-    make_dsa_files(Config, rfc4716_public_key).
-make_dsa_files(Config, Type) ->
-    {DSA, EncodedKey} = ssh_test_lib:gen_dsa(128, 20),
-    PKey = DSA#'DSAPrivateKey'.y,
-    P = DSA#'DSAPrivateKey'.p,
-    Q = DSA#'DSAPrivateKey'.q,
-    G = DSA#'DSAPrivateKey'.g,
-    Dss = #'Dss-Parms'{p=P, q=Q, g=G},
+setup_rsa(DataDir, UserDir) ->
+    file:copy(filename:join(DataDir, "id_rsa"), filename:join(UserDir, "id_rsa")),
+    System = filename:join(UserDir, "system"),
+    file:make_dir(System),
+    file:copy(filename:join(DataDir, "ssh_host_rsa_key"), filename:join(System, "ssh_host_rsa_key")),
+    file:copy(filename:join(DataDir, "ssh_host_rsa_key"), filename:join(System, "ssh_host_rsa_key.pub")),
+    setup_rsa_known_host(DataDir, UserDir),
+    setup_rsa_auth_keys(DataDir, UserDir).
+
+clean_dsa(UserDir) ->
+    del_dirs(filename:join(UserDir, "system")),
+    file:delete(filename:join(UserDir,"id_dsa")),
+    file:delete(filename:join(UserDir,"known_hosts")),
+    file:delete(filename:join(UserDir,"authorized_keys")).
+
+clean_rsa(UserDir) ->
+    del_dirs(filename:join(UserDir, "system")),
+    file:delete(filename:join(UserDir,"id_rsa")),
+    file:delete(filename:join(UserDir,"known_hosts")),
+    file:delete(filename:join(UserDir,"authorized_keys")).
+
+setup_dsa_pass_pharse(DataDir, UserDir, Phrase) ->
+    {ok, KeyBin} = file:read_file(filename:join(DataDir, "id_dsa")),
+    setup_pass_pharse(KeyBin, filename:join(UserDir, "id_dsa"), Phrase),
+    System = filename:join(UserDir, "system"),
+    file:make_dir(System),
+    file:copy(filename:join(DataDir, "ssh_host_dsa_key"), filename:join(System, "ssh_host_dsa_key")),
+    file:copy(filename:join(DataDir, "ssh_host_dsa_key.pub"), filename:join(System, "ssh_host_dsa_key.pub")),
+    setup_dsa_known_host(DataDir, UserDir),
+    setup_dsa_auth_keys(DataDir, UserDir).
+
+setup_rsa_pass_pharse(DataDir, UserDir, Phrase) ->
+    {ok, KeyBin} = file:read_file(filename:join(DataDir, "id_rsa")),
+    setup_pass_pharse(KeyBin, filename:join(UserDir, "id_rsa"), Phrase),
+    System = filename:join(UserDir, "system"),
+    file:make_dir(System),
+    file:copy(filename:join(DataDir, "ssh_host_rsa_key"), filename:join(System, "ssh_host_rsa_key")),
+    file:copy(filename:join(DataDir, "ssh_host_rsa_key.pub"), filename:join(System, "ssh_host_rsa_key.pub")),
+    setup_rsa_known_host(DataDir, UserDir),
+    setup_rsa_auth_keys(DataDir, UserDir).
+
+setup_pass_pharse(KeyBin, OutFile, Phrase) ->
+    [{KeyType, _,_} = Entry0] = public_key:pem_decode(KeyBin),
+    Key =  public_key:pem_entry_decode(Entry0),
+    Salt = crypto:rand_bytes(8),
+    Entry = public_key:pem_entry_encode(KeyType, Key,
+					{{"DES-CBC", Salt}, Phrase}),
+    Pem = public_key:pem_encode([Entry]),
+    file:write_file(OutFile, Pem).
+
+setup_dsa_known_host(SystemDir, UserDir) ->
+    {ok, SshBin} = file:read_file(filename:join(SystemDir, "ssh_host_dsa_key.pub")),
+    [{Key, _}] = public_key:ssh_decode(SshBin, public_key),
+    setup_known_hosts(Key, UserDir).
+
+setup_rsa_known_host(SystemDir, UserDir) ->
+    {ok, SshBin} = file:read_file(filename:join(SystemDir, "ssh_host_rsa_key.pub")),
+    [{Key, _}] = public_key:ssh_decode(SshBin, public_key),
+    setup_known_hosts(Key, UserDir).
+
+setup_known_hosts(Key, UserDir) ->
     {ok, Hostname} = inet:gethostname(),
     {ok, {A, B, C, D}} = inet:getaddr(Hostname, inet),
     IP = lists:concat([A, ".", B, ".", C, ".", D]),
-    Attributes = [], % Could be [{comment,"user@" ++ Hostname}],
-    HostNames = [{hostnames,[IP, IP]}],
-    PublicKey = [{{PKey, Dss}, Attributes}],
-    KnownHosts = [{{PKey, Dss}, HostNames}],
-
+    HostNames = [{hostnames,[Hostname, IP]}],
+    KnownHosts = [{Key, HostNames}],
     KnownHostsEnc = public_key:ssh_encode(KnownHosts, known_hosts),
-    KnownHosts = public_key:ssh_decode(KnownHostsEnc, known_hosts),
-
-    PublicKeyEnc = public_key:ssh_encode(PublicKey, Type),
-%    PublicKey = public_key:ssh_decode(PublicKeyEnc, Type),
-
-    SystemTmpDir = ?config(data_dir, Config),
-    filelib:ensure_dir(SystemTmpDir),
-    file:make_dir(SystemTmpDir),
-    
-    DSAFile = filename:join(SystemTmpDir, "ssh_host_dsa_key.pub"),
-    file:delete(DSAFile),
-    
-    DSAPrivateFile  = filename:join(SystemTmpDir, "ssh_host_dsa_key"),
-    file:delete(DSAPrivateFile),
+    KHFile = filename:join(UserDir, "known_hosts"),
+    file:write_file(KHFile, KnownHostsEnc).
 
-    KHFile = filename:join(SystemTmpDir, "known_hosts"),
-    file:delete(KHFile),
-    
-    PemBin = public_key:pem_encode([EncodedKey]),
-
-    file:write_file(DSAFile, PublicKeyEnc),
-    file:write_file(KHFile, KnownHostsEnc),
-    file:write_file(DSAPrivateFile, PemBin),
-    ok.
-
-%%--------------------------------------------------------------------
-%% Create and return a der encoded certificate
-%%   Option                                         Default
-%%   -------------------------------------------------------
-%%   digest                                         sha1
-%%   validity                                       {date(), date() + week()}
-%%   version                                        3
-%%   subject                                        [] list of the following content
-%%      {name,  Name}
-%%      {email, Email} 
-%%      {city,  City}
-%%      {state, State}
-%%      {org, Org}
-%%      {org_unit, OrgUnit}
-%%      {country, Country} 
-%%      {serial, Serial}
-%%      {title, Title}
-%%      {dnQualifer, DnQ}
-%%   issuer = {Issuer, IssuerKey}                   true (i.e. a ca cert is created) 
-%%                                                  (obs IssuerKey migth be {Key, Password}
-%%   key = KeyFile|KeyBin|rsa|dsa                   Subject PublicKey rsa or dsa generates key
-%%   
-%%
-%%   (OBS: The generated keys are for testing only)
-%% make_cert([{::atom(), ::term()}]) -> {Cert::binary(), Key::binary()}
-%%--------------------------------------------------------------------
-make_cert(Opts) ->
-    SubjectPrivateKey = get_key(Opts),
-    {TBSCert, IssuerKey} = make_tbs(SubjectPrivateKey, Opts),
-    Cert = public_key:pkix_sign(TBSCert, IssuerKey),
-    true = verify_signature(Cert, IssuerKey, undef), %% verify that the keys where ok
-    {Cert, encode_key(SubjectPrivateKey)}.
-
-%%--------------------------------------------------------------------
-%% Writes cert files in Dir with FileName and FileName ++ Suffix
-%% write_cert(::string(), ::string(), {Cert,Key}) -> ok
-%%--------------------------------------------------------------------
-write_cert(Dir, FileName, Suffix, {Cert, Key = {_,_,not_encrypted}}) when is_binary(Cert) ->
-    ok = der_to_pem(filename:join(Dir, FileName),
-			       [{'Certificate', Cert, not_encrypted}]),
-    ok = der_to_pem(filename:join(Dir, FileName ++ Suffix), [Key]).
-
-%%--------------------------------------------------------------------
-%% Creates a rsa key (OBS: for testing only)
-%%   the size are in bytes
-%% gen_rsa(::integer()) -> {::atom(), ::binary(), ::opaque()}
-%%--------------------------------------------------------------------
-gen_rsa(Size) when is_integer(Size) ->
-    Key = gen_rsa2(Size),
-    {Key, encode_key(Key)}.
-
-%%--------------------------------------------------------------------
-%% Creates a dsa key (OBS: for testing only)
-%%   the sizes are in bytes
-%% gen_dsa(::integer()) -> {::atom(), ::binary(), ::opaque()}
-%%--------------------------------------------------------------------
-gen_dsa(LSize,NSize) when is_integer(LSize), is_integer(NSize) ->
-    Key = gen_dsa2(LSize, NSize),
-    {Key, encode_key(Key)}.
-
-%%--------------------------------------------------------------------
-%% Verifies cert signatures
-%% verify_signature(::binary(), ::tuple()) -> ::boolean()
-%%--------------------------------------------------------------------
-verify_signature(DerEncodedCert, DerKey, _KeyParams) ->
-    Key = decode_key(DerKey),
-    case Key of 
-	#'RSAPrivateKey'{modulus=Mod, publicExponent=Exp} ->
-	    public_key:pkix_verify(DerEncodedCert, 
-				   #'RSAPublicKey'{modulus=Mod, publicExponent=Exp});
-	#'DSAPrivateKey'{p=P, q=Q, g=G, y=Y} ->
-	    public_key:pkix_verify(DerEncodedCert, {Y, #'Dss-Parms'{p=P, q=Q, g=G}})
-    end.
-
-%%%%%%%%%%%%%%%%%%%%%%%%% Implementation %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-get_key(Opts) ->
-    case proplists:get_value(key, Opts) of
-	undefined -> make_key(rsa, Opts);
-	rsa ->       make_key(rsa, Opts);
-	dsa ->       make_key(dsa, Opts);
-	Key ->
-	    Password = proplists:get_value(password, Opts, no_passwd),
-	    decode_key(Key, Password)
-    end.
-
-decode_key({Key, Pw}) ->
-    decode_key(Key, Pw);
-decode_key(Key) ->
-    decode_key(Key, no_passwd).
-    
-
-decode_key(#'RSAPublicKey'{} = Key,_) ->
-    Key;
-decode_key(#'RSAPrivateKey'{} = Key,_) ->
-    Key;
-decode_key(#'DSAPrivateKey'{} = Key,_) ->
-    Key;
-decode_key(PemEntry = {_,_,_}, Pw) ->
-    public_key:pem_entry_decode(PemEntry, Pw);
-decode_key(PemBin, Pw) ->
-    [KeyInfo] = public_key:pem_decode(PemBin),
-    decode_key(KeyInfo, Pw).
-
-encode_key(Key = #'RSAPrivateKey'{}) ->
-    {ok, Der} = 'OTP-PUB-KEY':encode('RSAPrivateKey', Key),
-    {'RSAPrivateKey', list_to_binary(Der), not_encrypted};   
-encode_key(Key = #'DSAPrivateKey'{}) ->
-    {ok, Der} = 'OTP-PUB-KEY':encode('DSAPrivateKey', Key),
-    {'DSAPrivateKey', list_to_binary(Der), not_encrypted}.
-
-make_tbs(SubjectKey, Opts) ->    
-    Version = list_to_atom("v"++integer_to_list(proplists:get_value(version, Opts, 3))),
-
-    IssuerProp = proplists:get_value(issuer, Opts, true),
-    {Issuer, IssuerKey}  = issuer(IssuerProp, Opts, SubjectKey),
-
-    {Algo, Parameters} = sign_algorithm(IssuerKey, Opts),
-    
-    SignAlgo = #'SignatureAlgorithm'{algorithm  = Algo,
-				     parameters = Parameters},    
-    Subject = case IssuerProp of
-		  true -> %% Is a Root Ca
-		      Issuer;
-		  _ ->
-		      subject(proplists:get_value(subject, Opts),false)
-	      end,
-
-    {#'OTPTBSCertificate'{serialNumber = trunc(random:uniform()*100000000)*10000 + 1,
-			  signature    = SignAlgo,
-			  issuer       = Issuer,
-			  validity     = validity(Opts),
-			  subject      = Subject,
-			  subjectPublicKeyInfo = publickey(SubjectKey),
-			  version      = Version,
-			  extensions   = extensions(Opts)
-			 }, IssuerKey}.
-
-issuer(true, Opts, SubjectKey) ->
-    %% Self signed
-    {subject(proplists:get_value(subject, Opts), true), SubjectKey};
-issuer({Issuer, IssuerKey}, _Opts, _SubjectKey) when is_binary(Issuer) ->
-    {issuer_der(Issuer), decode_key(IssuerKey)};
-issuer({File, IssuerKey}, _Opts, _SubjectKey) when is_list(File) ->
-    {ok, [{cert, Cert, _}|_]} = pem_to_der(File),
-    {issuer_der(Cert), decode_key(IssuerKey)}.
-
-issuer_der(Issuer) ->
-    Decoded = public_key:pkix_decode_cert(Issuer, otp),
-    #'OTPCertificate'{tbsCertificate=Tbs} = Decoded,
-    #'OTPTBSCertificate'{subject=Subject} = Tbs,
-    Subject.
-
-subject(undefined, IsRootCA) ->
-    User = if IsRootCA -> "RootCA"; true -> os:getenv("USER") end,
-    Opts = [{email, User ++ "@erlang.org"},
-	    {name, User},
-	    {city, "Stockholm"},
-	    {country, "SE"},
-	    {org, "erlang"},
-	    {org_unit, "testing dep"}],
-    subject(Opts);
-subject(Opts, _) ->
-    subject(Opts).
-
-subject(SubjectOpts) when is_list(SubjectOpts) ->
-    Encode = fun(Opt) ->
-		     {Type,Value} = subject_enc(Opt),
-		     [#'AttributeTypeAndValue'{type=Type, value=Value}]
-	     end,
-    {rdnSequence, [Encode(Opt) || Opt <- SubjectOpts]}.
-
-%% Fill in the blanks
-subject_enc({name,  Name}) ->       {?'id-at-commonName', {printableString, Name}};
-subject_enc({email, Email}) ->      {?'id-emailAddress', Email};
-subject_enc({city,  City}) ->       {?'id-at-localityName', {printableString, City}};
-subject_enc({state, State}) ->      {?'id-at-stateOrProvinceName', {printableString, State}};
-subject_enc({org, Org}) ->          {?'id-at-organizationName', {printableString, Org}};
-subject_enc({org_unit, OrgUnit}) -> {?'id-at-organizationalUnitName', {printableString, OrgUnit}};
-subject_enc({country, Country}) ->  {?'id-at-countryName', Country};
-subject_enc({serial, Serial}) ->    {?'id-at-serialNumber', Serial};
-subject_enc({title, Title}) ->      {?'id-at-title', {printableString, Title}};
-subject_enc({dnQualifer, DnQ}) ->   {?'id-at-dnQualifier', DnQ};
-subject_enc(Other) ->               Other.
-
-
-extensions(Opts) ->
-    case proplists:get_value(extensions, Opts, []) of
-	false -> 
-	    asn1_NOVALUE;
-	Exts  -> 
-	    lists:flatten([extension(Ext) || Ext <- default_extensions(Exts)])
-    end.
-
-default_extensions(Exts) ->
-    Def = [{key_usage,undefined}, 
-	   {subject_altname, undefined},
-	   {issuer_altname, undefined},
-	   {basic_constraints, default},
-	   {name_constraints, undefined},
-	   {policy_constraints, undefined},
-	   {ext_key_usage, undefined},
-	   {inhibit_any, undefined},
-	   {auth_key_id, undefined},
-	   {subject_key_id, undefined},
-	   {policy_mapping, undefined}],
-    Filter = fun({Key, _}, D) -> lists:keydelete(Key, 1, D) end,
-    Exts ++ lists:foldl(Filter, Def, Exts).
-       	
-extension({_, undefined}) -> [];
-extension({basic_constraints, Data}) ->
-    case Data of
-	default ->
-	    #'Extension'{extnID = ?'id-ce-basicConstraints',
-			 extnValue = #'BasicConstraints'{cA=true},
-			 critical=true};
-	false -> 
-	    [];
-	Len when is_integer(Len) ->
-	    #'Extension'{extnID = ?'id-ce-basicConstraints',
-			 extnValue = #'BasicConstraints'{cA=true, pathLenConstraint=Len},
-			 critical=true};
+setup_dsa_auth_keys(Dir, UserDir) ->
+    {ok, Pem} = file:read_file(filename:join(Dir, "id_dsa")),
+    DSA = public_key:pem_entry_decode(hd(public_key:pem_decode(Pem))),
+    PKey = DSA#'DSAPrivateKey'.y,
+    P = DSA#'DSAPrivateKey'.p,
+    Q = DSA#'DSAPrivateKey'.q,
+    G = DSA#'DSAPrivateKey'.g,
+    Dss = #'Dss-Parms'{p=P, q=Q, g=G},
+    setup_auth_keys([{{PKey, Dss}, [{comment, "Test"}]}], UserDir).
+
+setup_rsa_auth_keys(Dir, UserDir) ->
+    {ok, Pem} = file:read_file(filename:join(Dir, "id_rsa")),
+    RSA = public_key:pem_entry_decode(hd(public_key:pem_decode(Pem))),
+    #'RSAPrivateKey'{publicExponent = E, modulus = N} = RSA,
+    PKey = #'RSAPublicKey'{publicExponent = E, modulus = N},
+    setup_auth_keys([{ PKey, [{comment, "Test"}]}], UserDir).
+
+setup_auth_keys(Keys, Dir) ->
+    AuthKeys = public_key:ssh_encode(Keys, auth_keys),
+    AuthKeysFile = filename:join(Dir, "authorized_keys"),
+    file:write_file(AuthKeysFile, AuthKeys).
+
+
+del_dirs(Dir) ->
+    case file:list_dir(Dir) of
+	{ok, []} ->
+	    file:del_dir(Dir);
+	{ok, Files} ->
+	    lists:foreach(fun(File) ->
+				  FullPath = filename:join(Dir,File),
+				  case filelib:is_dir(FullPath) of
+				      true ->
+					  del_dirs(FullPath),
+					  file:del_dir(FullPath);
+				      false ->
+					  file:delete(FullPath)
+				  end
+			  end, Files);
 	_ ->
-	    #'Extension'{extnID = ?'id-ce-basicConstraints',
-			 extnValue = Data}
-    end;
-extension({Id, Data, Critical}) ->
-    #'Extension'{extnID = Id, extnValue = Data, critical = Critical}.
-
-
-publickey(#'RSAPrivateKey'{modulus=N, publicExponent=E}) ->
-    Public = #'RSAPublicKey'{modulus=N, publicExponent=E},
-    Algo = #'PublicKeyAlgorithm'{algorithm= ?rsaEncryption, parameters='NULL'},
-    #'OTPSubjectPublicKeyInfo'{algorithm = Algo,
-			       subjectPublicKey = Public};
-publickey(#'DSAPrivateKey'{p=P, q=Q, g=G, y=Y}) ->
-    Algo = #'PublicKeyAlgorithm'{algorithm= ?'id-dsa', 
-				 parameters={params, #'Dss-Parms'{p=P, q=Q, g=G}}},
-    #'OTPSubjectPublicKeyInfo'{algorithm = Algo, subjectPublicKey = Y}.
-
-validity(Opts) ->
-    DefFrom0 = calendar:gregorian_days_to_date(calendar:date_to_gregorian_days(date())-1),
-    DefTo0   = calendar:gregorian_days_to_date(calendar:date_to_gregorian_days(date())+7),
-    {DefFrom, DefTo} = proplists:get_value(validity, Opts, {DefFrom0, DefTo0}),
-    Format = fun({Y,M,D}) -> lists:flatten(io_lib:format("~w~2..0w~2..0w000000Z",[Y,M,D])) end,
-    #'Validity'{notBefore={generalTime, Format(DefFrom)},
-		notAfter ={generalTime, Format(DefTo)}}.
-
-sign_algorithm(#'RSAPrivateKey'{}, Opts) ->
-    Type = case proplists:get_value(digest, Opts, sha1) of
-	       sha1 ->   ?'sha1WithRSAEncryption';
-	       sha512 -> ?'sha512WithRSAEncryption';
-	       sha384 -> ?'sha384WithRSAEncryption';
-	       sha256 -> ?'sha256WithRSAEncryption';
-	       md5    -> ?'md5WithRSAEncryption';
-	       md2    -> ?'md2WithRSAEncryption'
-	   end,
-    {Type, 'NULL'};
-sign_algorithm(#'DSAPrivateKey'{p=P, q=Q, g=G}, _Opts) ->
-    {?'id-dsa-with-sha1', {params,#'Dss-Parms'{p=P, q=Q, g=G}}}.
-
-make_key(rsa, _Opts) ->
-    %% (OBS: for testing only)
-    gen_rsa2(64);
-make_key(dsa, _Opts) ->
-    gen_dsa2(128, 20).  %% Bytes i.e. {1024, 160} 
-    
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% RSA key generation  (OBS: for testing only)
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
--define(SMALL_PRIMES, [65537,97,89,83,79,73,71,67,61,59,53,
-		       47,43,41,37,31,29,23,19,17,13,11,7,5,3]).
-
-gen_rsa2(Size) ->
-    P = prime(Size),
-    Q = prime(Size),
-    N = P*Q,
-    Tot = (P - 1) * (Q - 1),
-    [E|_] = lists:dropwhile(fun(Candidate) -> (Tot rem Candidate) == 0 end, ?SMALL_PRIMES),
-    {D1,D2} = extended_gcd(E, Tot),
-    D = erlang:max(D1,D2),
-    case D < E of
-	true ->
-	    gen_rsa2(Size);
-	false ->
-	    {Co1,Co2} = extended_gcd(Q, P),
-	    Co = erlang:max(Co1,Co2),
-	    #'RSAPrivateKey'{version = 'two-prime',
-			     modulus = N,
-			     publicExponent  = E,
-			     privateExponent = D, 
-			     prime1 = P, 
-			     prime2 = Q, 
-			     exponent1 = D rem (P-1), 
-			     exponent2 = D rem (Q-1), 
-			     coefficient = Co
-			    }
+	    ok
     end.
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% DSA key generation  (OBS: for testing only)
-%% See http://en.wikipedia.org/wiki/Digital_Signature_Algorithm
-%% and the fips_186-3.pdf
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-gen_dsa2(LSize, NSize) ->
-    Q  = prime(NSize),  %% Choose N-bit prime Q
-    X0 = prime(LSize),
-    P0 = prime((LSize div 2) +1),
-    
-    %% Choose L-bit prime modulus P such that p-1 is a multiple of q.
-    case dsa_search(X0 div (2*Q*P0), P0, Q, 1000) of
-	error -> 
-	    gen_dsa2(LSize, NSize);
-	P ->	    
-	    G = crypto:mod_exp(2, (P-1) div Q, P), % Choose G a number whose multiplicative order modulo p is q.
-	    %%                 such that This may be done by setting g = h^(p-1)/q mod p, commonly h=2 is used.
-	    
-	    X = prime(20),               %% Choose x by some random method, where 0 < x < q.
-	    Y = crypto:mod_exp(G, X, P), %% Calculate y = g^x mod p.
-	    
-	    #'DSAPrivateKey'{version=0, p=P, q=Q, g=G, y=Y, x=X}
-    end.
-    
-%% See fips_186-3.pdf
-dsa_search(T, P0, Q, Iter) when Iter > 0 ->
-    P = 2*T*Q*P0 + 1,
-    case is_prime(crypto:mpint(P), 50) of
-	true -> P;
-	false -> dsa_search(T+1, P0, Q, Iter-1)
-    end;
-dsa_search(_,_,_,_) -> 
-    error.
-
-
-%%%%%%% Crypto Math %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-prime(ByteSize) ->
-    Rand = odd_rand(ByteSize),
-    crypto:erlint(prime_odd(Rand, 0)).
-
-prime_odd(Rand, N) ->
-    case is_prime(Rand, 50) of
-	true -> 
-	    Rand;
-	false -> 
-	    NotPrime = crypto:erlint(Rand),
-	    prime_odd(crypto:mpint(NotPrime+2), N+1)
-    end.
-
-%% see http://en.wikipedia.org/wiki/Fermat_primality_test
-is_prime(_, 0) -> true;
-is_prime(Candidate, Test) -> 
-    CoPrime = odd_rand(<<0,0,0,4, 10000:32>>, Candidate),
-    case crypto:mod_exp(CoPrime, Candidate, Candidate) of
-	CoPrime -> is_prime(Candidate, Test-1);
-	_       -> false
-    end.
-
-odd_rand(Size) ->
-    Min = 1 bsl (Size*8-1),
-    Max = (1 bsl (Size*8))-1,
-    odd_rand(crypto:mpint(Min), crypto:mpint(Max)).
-
-odd_rand(Min,Max) ->
-    Rand = <<Sz:32, _/binary>> = crypto:rand_uniform(Min,Max),
-    BitSkip = (Sz+4)*8-1,
-    case Rand of
-	Odd  = <<_:BitSkip,  1:1>> -> Odd;
-	Even = <<_:BitSkip,  0:1>> -> 
-	    crypto:mpint(crypto:erlint(Even)+1)
-    end.
-
-extended_gcd(A, B) ->
-    case A rem B of
-	0 ->
-	    {0, 1};
-	N ->
-	    {X, Y} = extended_gcd(B, N),
-	    {Y, X-Y*(A div B)}
-    end.
-
-pem_to_der(File) ->
-    {ok, PemBin} = file:read_file(File),
-    public_key:pem_decode(PemBin).
-
-der_to_pem(File, Entries) ->
-    PemBin = public_key:pem_encode(Entries),
-    file:write_file(File, PemBin).
diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl
index f959d50484..dfe526564d 100644
--- a/lib/ssh/test/ssh_to_openssh_SUITE.erl
+++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -42,8 +42,12 @@
 init_per_suite(Config) ->
     case catch crypto:start() of
 	ok ->
-	    ssh_test_lib:make_dsa_files(Config),
-	    Config;
+	    case gen_tcp:connect("localhost", 22, []) of
+		{error,econnrefused} ->
+		    {skip,"No openssh deamon"};
+		_ ->
+		    Config
+	    end;
 	_Else ->
 	    {skip,"Could not start crypto!"}
     end.
@@ -100,26 +104,38 @@ all() ->
 	false -> 
 	    {skip, "openSSH not installed on host"};
 	_ ->
-	    [erlang_shell_client_openssh_server,
-	     erlang_client_openssh_server_exec,
-	     erlang_client_openssh_server_exec_compressed,
-	     erlang_server_openssh_client_exec,
-	     erlang_server_openssh_client_exec_compressed,
-	     erlang_client_openssh_server_setenv,
-	     erlang_client_openssh_server_publickey_rsa,
-	     erlang_client_openssh_server_publickey_dsa,
-	     erlang_server_openssh_client_pulic_key_dsa,
-	     erlang_client_openssh_server_password]
+	    [{group, erlang_client},
+	     {group, erlang_server}
+	     ]
     end.
 
 groups() -> 
-    [].
-
-init_per_group(_GroupName, Config) ->
-	Config.
+    [{erlang_client, [], [erlang_shell_client_openssh_server,
+			  erlang_client_openssh_server_exec,
+			  erlang_client_openssh_server_exec_compressed,
+			  erlang_client_openssh_server_setenv,
+			  erlang_client_openssh_server_publickey_rsa,
+			  erlang_client_openssh_server_publickey_dsa,
+			  erlang_client_openssh_server_password]},
+     {erlang_server, [], [erlang_server_openssh_client_exec,
+			  erlang_server_openssh_client_exec_compressed,
+			  erlang_server_openssh_client_pulic_key_dsa]}
+    ].
+
+init_per_group(erlang_server, Config) ->
+    DataDir = ?config(data_dir, Config),
+    UserDir = ?config(priv_dir, Config),
+    ssh_test_lib:setup_dsa_known_host(DataDir, UserDir),
+    Config;
+init_per_group(_, Config) ->
+    Config.
 
-end_per_group(_GroupName, Config) ->
-	Config.
+end_per_group(erlang_server, Config) ->
+    UserDir = ?config(priv_dir, Config),
+    ssh_test_lib:clean_dsa(UserDir),
+    Config;
+end_per_group(_, Config) ->
+    Config.
 
 %% TEST cases starts here.
 %%--------------------------------------------------------------------
@@ -229,7 +245,9 @@ erlang_server_openssh_client_exec(suite) ->
 
 erlang_server_openssh_client_exec(Config) when is_list(Config) ->
     SystemDir = ?config(data_dir, Config),
-    
+    PrivDir = ?config(priv_dir, Config),
+    KnownHosts = filename:join(PrivDir, "known_hosts"),
+
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
     
@@ -237,7 +255,10 @@ erlang_server_openssh_client_exec(Config) when is_list(Config) ->
     test_server:sleep(500),
 
     Cmd = "ssh -p " ++ integer_to_list(Port) ++
-	" -o StrictHostKeyChecking=no "++ Host ++ " 1+1.",
+	" -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " 1+1.",
+
+    test_server:format("Cmd: ~p~n", [Cmd]),
+
     SshPort = open_port({spawn, Cmd}, [binary]),
 
     receive
@@ -258,6 +279,9 @@ erlang_server_openssh_client_exec_compressed(suite) ->
 
 erlang_server_openssh_client_exec_compressed(Config) when is_list(Config) ->
     SystemDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    KnownHosts = filename:join(PrivDir, "known_hosts"),
+
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
 					     {compression, zlib},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
@@ -265,7 +289,7 @@ erlang_server_openssh_client_exec_compressed(Config) when is_list(Config) ->
     test_server:sleep(500),
 
     Cmd = "ssh -p " ++ integer_to_list(Port) ++
-	" -o StrictHostKeyChecking=no -C "++ Host ++ " 1+1.",
+	" -o UserKnownHostsFile=" ++ KnownHosts ++ " -C "++ Host ++ " 1+1.",
     SshPort = open_port({spawn, Cmd}, [binary]),
 
     receive
@@ -330,24 +354,27 @@ erlang_client_openssh_server_publickey_rsa(suite) ->
     [];
 erlang_client_openssh_server_publickey_rsa(Config) when is_list(Config) ->
     {ok,[[Home]]} = init:get_argument(home),
-    SrcDir =  filename:join(Home, ".ssh"),
-    UserDir = ?config(priv_dir, Config),
-    case ssh_test_lib:copyfile(SrcDir, UserDir, "id_rsa") of
-	{ok, _} ->
-	    ConnectionRef =
-		ssh_test_lib:connect(?SSH_DEFAULT_PORT,
-				     [{user_dir, UserDir},
-				      {public_key_alg, ssh_rsa},
-				      {user_interaction, false},
-				      silently_accept_hosts]),
-	    {ok, Channel} =
-		ssh_connection:session_channel(ConnectionRef, infinity),
-	    ok = ssh_connection:close(ConnectionRef, Channel),
-	    ok = ssh:close(ConnectionRef),
-	    ok = file:delete(filename:join(UserDir, "id_rsa"));
-	{error, enoent} ->
-	    {skip, "no ~/.ssh/id_rsa"}
+    KeyFile =  filename:join(Home, ".ssh/id_rsa"),
+    case file:read_file(KeyFile) of
+	{ok, Pem} ->
+	    case public_key:pem_decode(Pem) of
+		[{_,_, not_encrypted}] ->
+		    ConnectionRef =
+			ssh_test_lib:connect(?SSH_DEFAULT_PORT,
+					     [{public_key_alg, ssh_rsa},
+					      {user_interaction, false},
+					      silently_accept_hosts]),
+		    {ok, Channel} =
+			ssh_connection:session_channel(ConnectionRef, infinity),
+		    ok = ssh_connection:close(ConnectionRef, Channel),
+		    ok = ssh:close(ConnectionRef);
+		_ ->
+		    {skip, {error, "Has pass phrase can not be used by automated test case"}} 
+	    end;
+	_ ->
+	    {skip, "no ~/.ssh/id_rsa"}  
     end.
+	
 
 %%--------------------------------------------------------------------
 erlang_client_openssh_server_publickey_dsa(doc) ->
@@ -356,25 +383,26 @@ erlang_client_openssh_server_publickey_dsa(suite) ->
     [];
 erlang_client_openssh_server_publickey_dsa(Config) when is_list(Config) ->
     {ok,[[Home]]} = init:get_argument(home),
-    SrcDir =  filename:join(Home, ".ssh"),
-    UserDir = ?config(priv_dir, Config),
-    case ssh_test_lib:copyfile(SrcDir, UserDir, "id_dsa") of
-	{ok, _} ->
-	    ConnectionRef =
-		ssh_test_lib:connect(?SSH_DEFAULT_PORT,
-				     [{user_dir, UserDir},
-				      {public_key_alg, ssh_dsa},
-				      {user_interaction, false},
-				      silently_accept_hosts]),
-	    {ok, Channel} =
-		ssh_connection:session_channel(ConnectionRef, infinity),
-	    ok = ssh_connection:close(ConnectionRef, Channel),
-	    ok = ssh:close(ConnectionRef),
-	    ok = file:delete(filename:join(UserDir, "id_dsa"));
-	{error, enoent} ->
-	    {skip, "no ~/.ssh/id_dsa"}
+    KeyFile =  filename:join(Home, ".ssh/id_dsa"),
+    case file:read_file(KeyFile) of
+	{ok, Pem} ->
+	    case public_key:pem_decode(Pem) of
+		[{_,_, not_encrypted}] ->
+		    ConnectionRef =
+			ssh_test_lib:connect(?SSH_DEFAULT_PORT,
+					     [{public_key_alg, ssh_dsa},
+					      {user_interaction, false},
+					      silently_accept_hosts]),
+		    {ok, Channel} =
+			ssh_connection:session_channel(ConnectionRef, infinity),
+		    ok = ssh_connection:close(ConnectionRef, Channel),
+		    ok = ssh:close(ConnectionRef);
+		_ ->
+		    {skip, {error, "Has pass phrase can not be used by automated test case"}} 
+	    end;
+	_ ->
+	    {skip, "no ~/.ssh/id_dsa"}  
     end.
-
 %%--------------------------------------------------------------------
 erlang_server_openssh_client_pulic_key_dsa(doc) ->
     ["Validate using dsa publickey."];
@@ -384,6 +412,9 @@ erlang_server_openssh_client_pulic_key_dsa(suite) ->
 
 erlang_server_openssh_client_pulic_key_dsa(Config) when is_list(Config) ->
     SystemDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    KnownHosts = filename:join(PrivDir, "known_hosts"),
+
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
 					     {public_key_alg, ssh_dsa},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
@@ -391,7 +422,8 @@ erlang_server_openssh_client_pulic_key_dsa(Config) when is_list(Config) ->
     test_server:sleep(500),
 
     Cmd = "ssh -p " ++ integer_to_list(Port) ++
-	" -o StrictHostKeyChecking=no "++ Host ++ " 1+1.",
+	" -o UserKnownHostsFile=" ++ KnownHosts ++
+	" " ++ Host ++ " 1+1.",
     SshPort = open_port({spawn, Cmd}, [binary]),
 
     receive
@@ -399,7 +431,6 @@ erlang_server_openssh_client_pulic_key_dsa(Config) when is_list(Config) ->
 	    ok
     after ?TIMEOUT ->
 	    test_server:fail("Did not receive answer")
-
     end,
      ssh:stop_daemon(Pid).
 
diff --git a/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key
new file mode 100644
index 0000000000..51ab6fbd88
--- /dev/null
+++ b/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK
+wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q
+diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA
+l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X
+skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF
+Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP
+ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah
+/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U
+ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W
+Lv62jKcdskxNyz2NQoBx
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key.pub
new file mode 100644
index 0000000000..4dbb1305b0
--- /dev/null
+++ b/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key.pub
@@ -0,0 +1,11 @@
+---- BEGIN SSH2 PUBLIC KEY ----
+AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j
+YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2
+KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU
+aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI
+fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT
+MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh
+DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48
+wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2
+/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg==
+---- END SSH2 PUBLIC KEY ----
diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk
index fe2b915d17..42f860d6ae 100644
--- a/lib/ssh/vsn.mk
+++ b/lib/ssh/vsn.mk
@@ -1,5 +1,5 @@
 #-*-makefile-*-   ; force emacs to enter makefile-mode
 
-SSH_VSN = 2.0.8
+SSH_VSN = 2.0.9
 APP_VSN    = "ssh-$(SSH_VSN)"
 
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 5df2632149..1e1fe0d119 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -30,7 +30,101 @@
   </header>
   <p>This document describes the changes made to the SSL application.</p>
   
-  <section><title>SSL 4.1.6</title>
+  <section><title>SSL 5.0</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Invalidation handling of sessions could cause the
+	    time_stamp field in the session record to be set to
+	    undefined crashing the session clean up process. This did
+	    not affect the connections but would result in that the
+	    session table would grow.</p>
+          <p>
+	    Own Id: OTP-9696 Aux Id: seq11947 </p>
+        </item>
+        <item>
+          <p>
+	    Changed code to use ets:foldl and throw instead of
+	    ets:next traversal, avoiding the need to explicitly call
+	    ets:safe_fixtable. It was possible to get a badarg-crash
+	    under special circumstances.</p>
+          <p>
+	    Own Id: OTP-9703 Aux Id: seq11947 </p>
+        </item>
+        <item>
+          <p>
+	    Send ssl_closed notification to active ssl user when a
+	    tcp error occurs.</p>
+          <p>
+	    Own Id: OTP-9734 Aux Id: seq11946 </p>
+        </item>
+        <item>
+          <p>
+	    If a passive receive was ongoing during a renegotiation
+	    the process evaluating ssl:recv could be left hanging for
+	    ever.</p>
+          <p>
+	    Own Id: OTP-9744</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Support for the old ssl implementation is dropped and the
+	    code is removed.</p>
+          <p>
+	    Own Id: OTP-7048</p>
+        </item>
+        <item>
+          <p>
+	    The erlang distribution can now be run over the new ssl
+	    implementation. All options can currently not be set but
+	    it is enough to replace to old ssl implementation.</p>
+          <p>
+	    Own Id: OTP-7053</p>
+        </item>
+        <item>
+          <p>
+	    public_key, ssl and crypto now supports PKCS-8</p>
+          <p>
+	    Own Id: OTP-9312</p>
+        </item>
+        <item>
+          <p>
+	    Implements a CBC timing attack counter measure. Thanks to
+	    Andreas Schultz for providing the patch.</p>
+          <p>
+	    Own Id: OTP-9683</p>
+        </item>
+        <item>
+          <p>
+	    Mitigates an SSL/TLS Computational DoS attack by
+	    disallowing the client to renegotiate many times in a row
+	    in a short time interval, thanks to Tuncer Ayaz for
+	    alerting us about this.</p>
+          <p>
+	    Own Id: OTP-9739</p>
+        </item>
+        <item>
+          <p>
+	    Implements the 1/n-1 splitting countermeasure to the
+	    Rizzo Duong BEAST attack, affects SSL 3.0 and TLS 1.0.
+	    Thanks to Tuncer Ayaz for alerting us about this.</p>
+          <p>
+	    Own Id: OTP-9750</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 4.1.6</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/ssl/src/inet_tls_dist.erl b/lib/ssl/src/inet_tls_dist.erl
index 115527aae0..bc395cb6d5 100644
--- a/lib/ssl/src/inet_tls_dist.erl
+++ b/lib/ssl/src/inet_tls_dist.erl
@@ -57,7 +57,7 @@ accept_connection(AcceptPid, Socket, MyNode, Allowed, SetupTime) ->
 
 setup(Node, Type, MyNode, LongOrShortNames,SetupTime) ->
     Kernel = self(),
-    spawn(fun() -> do_setup(Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) end).
+    spawn_opt(fun() -> do_setup(Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) end, [link, {priority, max}]).
 		   
 do_setup(Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) ->
     [Name, Address] = splitnode(Node, LongOrShortNames),
@@ -229,9 +229,7 @@ connect_hs_data(Kernel, Node, MyNode, Socket, Timer, Version, Ip, TcpPort, Addre
 accept_hs_data(Kernel, MyNode, Socket, Timer, Allowed) ->
     common_hs_data(Kernel, MyNode, Socket, Timer, #hs_data{
 					     allowed = Allowed,
-					     f_address = fun(S, N) -> 
-								 ssl_tls_dist_proxy:get_remote_id(S, N)
-							 end
+					     f_address = fun get_remote_id/2
 					    }).
 
 common_hs_data(Kernel, MyNode, Socket, Timer, HsData) ->
@@ -273,3 +271,11 @@ common_hs_data(Kernel, MyNode, Socket, Timer, HsData) ->
 		  P = proplists:get_value(send_pend, Stats, 0),
 		  {ok, R,W,P}
 	  end}.
+
+get_remote_id(Socket, _Node) ->
+    case ssl_tls_dist_proxy:get_tcp_address(Socket) of
+        {ok, Address} ->
+	    Address;
+	{error, _Reason} ->
+	    ?shutdown(no_node)
+    end.
diff --git a/lib/ssl/src/ssl_app.erl b/lib/ssl/src/ssl_app.erl
index c9f81726b9..0c475a6d01 100644
--- a/lib/ssl/src/ssl_app.erl
+++ b/lib/ssl/src/ssl_app.erl
@@ -27,16 +27,9 @@
 
 -export([start/2, stop/1]).
 
-%%--------------------------------------------------------------------
--spec start(normal | {takeover, node()} | {failover, node()}, list()) -> 
-		   ignore | {ok, pid()} | {error, term()}.
-%%--------------------------------------------------------------------
 start(_Type, _StartArgs) ->
     ssl_sup:start_link().
 
-%--------------------------------------------------------------------
--spec stop(term())-> ok.
-%%-------------------------------------------------------------------- 
 stop(_State) ->
     ok.
 
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 95a5efd6d0..d43d312be8 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -166,7 +166,7 @@ block_decipher(Fun, #cipher_state{key=Key, iv=IV} = CipherState0,
 	    false ->
 		%% decryption failed or invalid padding,
 		%% intentionally break Content to make
-		%% sure a packet with a an invalid padding
+		%% sure a packet with invalid padding
 		%% but otherwise correct data will fail
 		%% the MAC test later
 		{<<16#F0, Content/binary>>, Mac, CipherState1}
@@ -523,7 +523,7 @@ hash_size(sha) ->
 %%
 %% implementation note:
 %%   We return the original (possibly invalid) PadLength in any case.
-%%   A invalid PadLength will be cought by is_correct_padding/2
+%%   An invalid PadLength will be caught by is_correct_padding/2
 %%
 generic_block_cipher_from_bin(T, HashSize) ->
     Sz1 = byte_size(T) - 1,
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index dda0c27d0c..28dd0c85d0 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -87,10 +87,10 @@
           bytes_to_read,       % integer(), # bytes to read in passive mode
           user_data_buffer,    % binary()
 	  log_alert,           % boolean() 
-	  renegotiation,        % {boolean(), From | internal | peer}
-	  recv_during_renegotiation,  %boolean() 
-	  send_queue,           % queue()
-	  terminated = false,   %
+	  renegotiation,       % {boolean(), From | internal | peer}
+	  recv_from,           %
+	  send_queue,          % queue()
+	  terminated = false,  %
 	  allow_renegotiate = true
 	 }).
 
@@ -293,10 +293,6 @@ start_link(Role, Host, Port, Socket, Options, User, CbInfo) ->
 %% gen_fsm callbacks
 %%====================================================================
 %%--------------------------------------------------------------------
--spec init(list()) -> {ok, state_name(), #state{}, timeout()} | {stop, term()}.
-%% Possible return values not used now.
-%%			  | {ok, state_name(), #state{}} |
-%%			  ignore  
 %% Description:Whenever a gen_fsm is started using gen_fsm:start/[3,4] or
 %% gen_fsm:start_link/3,4, this function is called by the new process to 
 %% initialize. 
@@ -324,8 +320,6 @@ init([Role, Host, Port, Socket, {SSLOpts0, _} = Options,
     end.
    
 %%--------------------------------------------------------------------
-%% -spec state_name(event(), #state{}) -> gen_fsm_state_return()
-%%
 %% Description:There should be one instance of this function for each
 %% possible state name. Whenever a gen_fsm receives an event sent
 %% using gen_fsm:send_event/2, the instance of this function with the
@@ -357,15 +351,15 @@ hello(start, #state{host = Host, port = Port, role = client,
 			      Session0#session{session_id = Hello#client_hello.session_id},
 			  tls_handshake_hashes = Hashes1},
     {Record, State} = next_record(State1),
-    next_state(hello, Record, State);
+    next_state(hello, hello, Record, State);
 
 hello(start, #state{role = server} = State0) ->
     {Record, State} = next_record(State0),
-    next_state(hello, Record, State);
+    next_state(hello, hello, Record, State);
 
 hello(#hello_request{}, #state{role = client} = State0) ->
     {Record, State} = next_record(State0),
-    next_state(hello, Record, State);
+    next_state(hello, hello, Record, State);
 
 hello(#server_hello{cipher_suite = CipherSuite,
 		    compression_method = Compression} = Hello,
@@ -428,7 +422,7 @@ hello(Msg, State) ->
 %%--------------------------------------------------------------------
 abbreviated(#hello_request{}, State0) ->
     {Record, State} = next_record(State0),
-    next_state(hello, Record, State);
+    next_state(abbreviated, hello, Record, State);
 
 abbreviated(#finished{verify_data = Data} = Finished,
 	    #state{role = server,
@@ -481,7 +475,7 @@ abbreviated(Msg, State) ->
 %%--------------------------------------------------------------------
 certify(#hello_request{}, State0) ->
     {Record, State} = next_record(State0),
-    next_state(hello, Record, State);
+    next_state(certify, hello, Record, State);
 
 certify(#certificate{asn1_certificates = []}, 
 	#state{role = server, negotiated_version = Version,
@@ -489,7 +483,7 @@ certify(#certificate{asn1_certificates = []},
 					  fail_if_no_peer_cert = true}} = 
 	State) ->
     Alert =  ?ALERT_REC(?FATAL,?HANDSHAKE_FAILURE),
-    handle_own_alert(Alert, Version, certify_certificate, State),
+    handle_own_alert(Alert, Version, certify, State),
     {stop, normal, State};
 
 certify(#certificate{asn1_certificates = []}, 
@@ -498,7 +492,7 @@ certify(#certificate{asn1_certificates = []},
 					  fail_if_no_peer_cert = false}} = 
 	State0) ->
     {Record, State} = next_record(State0#state{client_certificate_requested = false}),
-    next_state(certify, Record, State);
+    next_state(certify, certify, Record, State);
 
 certify(#certificate{} = Cert, 
         #state{negotiated_version = Version,
@@ -513,7 +507,7 @@ certify(#certificate{} = Cert,
 	    handle_peer_cert(PeerCert, PublicKeyInfo, 
 			     State#state{client_certificate_requested = false});
 	#alert{} = Alert ->
-            handle_own_alert(Alert, Version, certify_certificate, State),
+            handle_own_alert(Alert, Version, certify, State),
             {stop, normal, State}
     end;
 
@@ -524,10 +518,9 @@ certify(#server_key_exchange{} = KeyExchangeMsg,
     case handle_server_key(KeyExchangeMsg, State0) of
 	#state{} = State1 ->
 	    {Record, State} = next_record(State1),
-	    next_state(certify, Record, State);
+	    next_state(certify, certify, Record, State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, certify_server_keyexchange, 
-			     State0),
+	    handle_own_alert(Alert, Version, certify, State0),
 	    {stop, normal, State0}
     end;
 
@@ -537,7 +530,7 @@ certify(#server_key_exchange{} = Msg,
 
 certify(#certificate_request{}, State0) ->
     {Record, State} = next_record(State0#state{client_certificate_requested = true}),
-    next_state(certify, Record, State);
+    next_state(certify, certify, Record, State);
 
 %% Master secret was determined with help of server-key exchange msg
 certify(#server_hello_done{},
@@ -552,8 +545,7 @@ certify(#server_hello_done{},
 	    State = State0#state{connection_states = ConnectionStates1},
 	    client_certify_and_key_exchange(State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, 
-			     certify_server_hello_done, State0),
+	    handle_own_alert(Alert, Version, certify, State0),
 	    {stop, normal, State0} 
     end;
 
@@ -572,8 +564,7 @@ certify(#server_hello_done{},
 				  session = Session},
 	    client_certify_and_key_exchange(State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, 
-			     certify_server_hello_done, State0),
+	    handle_own_alert(Alert, Version, certify, State0),
 	    {stop, normal, State0} 
     end;
 
@@ -590,7 +581,7 @@ certify(#client_key_exchange{exchange_keys = Keys},
 	certify_client_key_exchange(ssl_handshake:decode_client_key(Keys, KeyAlg, Version), State)
     catch 
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, certify_client_key_exchange, State),
+	    handle_own_alert(Alert, Version, certify, State),
 	    {stop, normal, State}
     end;
 
@@ -613,10 +604,9 @@ certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS
 	    State1 = State0#state{connection_states = ConnectionStates,
 				  session = Session},
 	    {Record, State} = next_record(State1),
-	    next_state(cipher, Record, State);
+	    next_state(certify, cipher, Record, State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version,
-			     certify_client_key_exchange, State0),
+	    handle_own_alert(Alert, Version, certify, State0),
 	    {stop, normal, State0} 
     end;
 
@@ -628,10 +618,9 @@ certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPubl
     case dh_master_secret(crypto:mpint(P), crypto:mpint(G), ClientPublicDhKey, ServerDhPrivateKey, State0) of
 	#state{} = State1 ->
 	    {Record, State} = next_record(State1),
-	    next_state(cipher, Record, State);
+	    next_state(certify, cipher, Record, State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, 
-			     certify_client_key_exchange, State0),
+	    handle_own_alert(Alert, Version, certify, State0),
 	    {stop, normal, State0} 
     end.
 
@@ -641,7 +630,7 @@ certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPubl
 %%--------------------------------------------------------------------
 cipher(#hello_request{}, State0) ->
     {Record, State} = next_record(State0),
-    next_state(hello, Record, State);
+    next_state(cipher, hello, Record, State);
 
 cipher(#certificate_verify{signature = Signature}, 
        #state{role = server, 
@@ -654,7 +643,7 @@ cipher(#certificate_verify{signature = Signature},
 					  Version, MasterSecret, Hashes) of
 	valid ->
 	    {Record, State} = next_record(State0),
-	    next_state(cipher, Record, State);
+	    next_state(cipher, cipher, Record, State);
 	#alert{} = Alert ->
 	    handle_own_alert(Alert, Version, cipher, State0), 
 	    {stop, normal, State0}
@@ -707,11 +696,13 @@ connection(#hello_request{}, #state{host = Host, port = Port,
     {Record, State} = next_record(State0#state{connection_states =  
 					       ConnectionStates1,
 					       tls_handshake_hashes = Hashes1}),
-    next_state(hello, Record, State);
+    next_state(connection, hello, Record, State);
 connection(#client_hello{} = Hello, #state{role = server, allow_renegotiate = true} = State) ->
-    %% Mitigate Computational DoS attack http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html
-    %% http://www.thc.org/thc-ssl-dos/ Rather than disabling client initiated renegotiation
-    %% we will disallow many client initiated renegotiations immediately after each other.
+    %% Mitigate Computational DoS attack
+    %% http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html
+    %% http://www.thc.org/thc-ssl-dos/ Rather than disabling client
+    %% initiated renegotiation we will disallow many client initiated
+    %% renegotiations immediately after each other.
     erlang:send_after(?WAIT_TO_ALLOW_RENEGOTIATION, self(), allow_renegotiate),
     hello(Hello, State#state{allow_renegotiate = false});
 
@@ -723,9 +714,7 @@ connection(#client_hello{}, #state{role = server, allow_renegotiate = false,
     {BinMsg, ConnectionStates} =
 	encode_alert(Alert, Version, ConnectionStates0),
     Transport:send(Socket, BinMsg),
-    {Record, State} = next_record(State0#state{connection_states = 
-     						   ConnectionStates}),
-    next_state(connection, Record, State);
+    next_state_connection(connection, State0#state{connection_states = ConnectionStates});
   
 connection(timeout, State) ->
     {next_state, connection, State, hibernate};
@@ -733,10 +722,6 @@ connection(timeout, State) ->
 connection(Msg, State) ->
     handle_unexpected_message(Msg, connection, State).
 %%--------------------------------------------------------------------
--spec handle_event(term(), state_name(), #state{}) -> term().
-%% As it is not currently used gen_fsm_state_return() makes
-%% dialyzer unhappy!
-%%
 %% Description: Whenever a gen_fsm receives an event sent using
 %% gen_fsm:send_all_state_event/2, this function is called to handle
 %% the event. Not currently used!
@@ -745,47 +730,16 @@ handle_event(_Event, StateName, State) ->
     {next_state, StateName, State, get_timeout(State)}.
 
 %%--------------------------------------------------------------------
--spec handle_sync_event(term(), from(), state_name(), #state{}) -> 
-			       gen_fsm_state_return() |  
-			       {reply, reply(), state_name(), #state{}} |
-			       {reply, reply(), state_name(), #state{}, timeout()} |
-			       {stop, reason(), reply(), #state{}}.
-%%
 %% Description: Whenever a gen_fsm receives an event sent using
 %% gen_fsm:sync_send_all_state_event/2,3, this function is called to handle
 %% the event.
 %%--------------------------------------------------------------------
-handle_sync_event({application_data, Data0}, From, connection, 
-		  #state{socket = Socket,
-			 negotiated_version = Version,
-			 transport_cb = Transport,
-			 connection_states = ConnectionStates0,
-			 send_queue = SendQueue,
-			 socket_options = SockOpts,
-			 ssl_options = #ssl_options{renegotiate_at = RenegotiateAt}} 
-		  = State) ->
+handle_sync_event({application_data, Data}, From, connection, State) ->
     %% We should look into having a worker process to do this to 
     %% parallize send and receive decoding and not block the receiver
     %% if sending is overloading the socket.
     try
-	Data = encode_packet(Data0, SockOpts),
-	case encode_data(Data, Version, ConnectionStates0, RenegotiateAt) of
-	    {Msgs, [], ConnectionStates} ->
-		Result = Transport:send(Socket, Msgs),
-		{reply, Result,
-		 connection, State#state{connection_states = ConnectionStates},
-                 get_timeout(State)};
-	    {Msgs, RestData, ConnectionStates} ->
-		if 
-		    Msgs =/= [] ->
-			Transport:send(Socket, Msgs);
-		    true ->
-			ok
-		end,
-		renegotiate(State#state{connection_states = ConnectionStates,
-					send_queue = queue:in_r({From, RestData}, SendQueue),
-					renegotiation = {true, internal}})
-	end
+	write_application_data(Data, From, State)
     catch throw:Error ->
 	    {reply, Error, connection, State, get_timeout(State)}
     end;
@@ -842,14 +796,12 @@ handle_sync_event({shutdown, How0}, _, StateName,
     end;
     
 handle_sync_event({recv, N}, From, connection = StateName, State0) ->
-    passive_receive(State0#state{bytes_to_read = N, from = From}, StateName);
+    passive_receive(State0#state{bytes_to_read = N, recv_from = From}, StateName);
 
 %% Doing renegotiate wait with handling request until renegotiate is
-%% finished. Will be handled by next_state_connection/2.
+%% finished. Will be handled by next_state_is_connection/2.
 handle_sync_event({recv, N}, From, StateName, State) ->
-    {next_state, StateName,
-     State#state{bytes_to_read = N, from = From,
-                 recv_during_renegotiation = true},
+    {next_state, StateName, State#state{bytes_to_read = N, recv_from = From},
      get_timeout(State)};
 
 handle_sync_event({new_user, User}, _From, StateName, 
@@ -887,7 +839,7 @@ handle_sync_event({set_opts, Opts0}, _From, StateName,
 	Buffer =:= <<>>, Opts1#socket_options.active =:= false ->
             %% Need data, set active once
 	    {Record, State2} = next_record_if_active(State1),
-	    case next_state(StateName, Record, State2) of
+	    case next_state(StateName, StateName, Record, State2) of
 		{next_state, StateName, State, Timeout} ->
 		    {reply, Reply, StateName, State, Timeout};
 		{stop, Reason, State} ->
@@ -897,11 +849,11 @@ handle_sync_event({set_opts, Opts0}, _From, StateName,
             %% Active once already set 
 	    {reply, Reply, StateName, State1, get_timeout(State1)};
 	true ->
-	    case application_data(<<>>, State1) of
+	    case read_application_data(<<>>, State1) of
 		Stop = {stop,_,_} ->
 		    Stop;
 		{Record, State2} ->
-		    case next_state(StateName, Record, State2) of
+		    case next_state(StateName, StateName, Record, State2) of
 			{next_state, StateName, State, Timeout} ->
 			    {reply, Reply, StateName, State, Timeout};
 			{stop, Reason, State} ->
@@ -937,11 +889,6 @@ handle_sync_event(peer_certificate, _, StateName,
     {reply, {ok, Cert}, StateName, State, get_timeout(State)}.
 
 %%--------------------------------------------------------------------
--spec handle_info(msg(),state_name(), #state{}) -> 
-			 {next_state, state_name(), #state{}}|
-			 {next_state, state_name(), #state{}, timeout()} |
-			 {stop, reason(), #state{}}.
-%%
 %% Description: This function is called by a gen_fsm when it receives any
 %% other message than a synchronous or asynchronous event
 %% (or a system message).
@@ -949,22 +896,18 @@ handle_sync_event(peer_certificate, _, StateName,
 
 %% raw data from TCP, unpack records
 handle_info({Protocol, _, Data}, StateName,
-            #state{data_tag = Protocol,
-		   negotiated_version = Version} = State0) ->
+            #state{data_tag = Protocol} = State0) ->
     case next_tls_record(Data, State0) of
 	{Record, State} ->
-	    next_state(StateName, Record, State);
+	    next_state(StateName, StateName, Record, State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, StateName, State0), 
+	    handle_normal_shutdown(Alert, StateName, State0), 
 	    {stop, normal, State0}
     end;
 
-handle_info({CloseTag, Socket}, _StateName,
+handle_info({CloseTag, Socket}, StateName,
             #state{socket = Socket, close_tag = CloseTag,
-		   negotiated_version = Version,
-		   socket_options = Opts,
-		   user_application = {_Mon,Pid}, from = From, 
-		   role = Role} = State) ->
+		   negotiated_version = Version} = State) ->
     %% Note that as of TLS 1.1,
     %% failure to properly close a connection no longer requires that a
     %% session not be resumed.  This is a change from TLS 1.0 to conform
@@ -979,8 +922,7 @@ handle_info({CloseTag, Socket}, _StateName,
 	    %%invalidate_session(Role, Host, Port, Session)
 	    ok
     end,
-    alert_user(Opts#socket_options.active, Pid, From,
-	       ?ALERT_REC(?WARNING, ?CLOSE_NOTIFY), Role),
+    handle_normal_shutdown(?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), StateName, State),
     {stop, normal, State};
 
 handle_info({ErrorTag, Socket, econnaborted}, StateName,  
@@ -989,12 +931,11 @@ handle_info({ErrorTag, Socket, econnaborted}, StateName,
     alert_user(User, ?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE), Role),
     {stop, normal, State};
 
-handle_info({ErrorTag, Socket, Reason}, _,  
-	    #state{socket = Socket, from = User, 
-		   role = Role, error_tag = ErrorTag} = State)  ->
+handle_info({ErrorTag, Socket, Reason}, StateName, #state{socket = Socket,
+							  error_tag = ErrorTag} = State)  ->
     Report = io_lib:format("SSL: Socket error: ~p ~n", [Reason]),
     error_logger:info_report(Report),
-    alert_user(User,  ?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), Role),
+    handle_normal_shutdown(?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), StateName, State),
     {stop, normal, State};
 
 handle_info({'DOWN', MonitorRef, _, _, _}, _, 
@@ -1010,8 +951,6 @@ handle_info(Msg, StateName, State) ->
     {next_state, StateName, State, get_timeout(State)}.
 
 %%--------------------------------------------------------------------
--spec terminate(reason(), state_name(), #state{}) -> term().
-%%
 %% Description:This function is called by a gen_fsm when it is about
 %% to terminate. It should be the opposite of Module:init/1 and do any
 %% necessary cleaning up. When it returns, the gen_fsm terminates with
@@ -1042,8 +981,6 @@ terminate(Reason, _StateName, #state{transport_cb = Transport,
     Transport:close(Socket).
 
 %%--------------------------------------------------------------------
--spec code_change(term(), state_name(), #state{}, list()) -> {ok, state_name(), #state{}}.
-%%			 
 %% code_change(OldVsn, StateName, State, Extra) -> {ok, StateName, NewState}
 %% Description: Convert process state when code is changed
 %%--------------------------------------------------------------------
@@ -1239,7 +1176,7 @@ handle_peer_cert(PeerCert, PublicKeyInfo,
 			 Session#session{peer_certificate = PeerCert},
 			 public_key_info = PublicKeyInfo},
     {Record, State} = next_record(State1),
-    next_state(certify, Record, State).
+    next_state(certify, certify, Record, State).
 
 certify_client(#state{client_certificate_requested = true, role = client,
                       connection_states = ConnectionStates0,
@@ -1281,8 +1218,7 @@ verify_client_cert(#state{client_certificate_requested = true, role = client,
 	ignore ->
 	    State;
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, certify, State)
-	    
+	    throw(Alert)	    
     end;
 verify_client_cert(#state{client_certificate_requested = false} = State) ->
     State.
@@ -1314,7 +1250,7 @@ do_server_hello(Type, #state{negotiated_version = Version,
 					  ConnectionStates,
 					  tls_handshake_hashes = Hashes},
 		    {Record, State} = next_record(State3),
-		    next_state(abbreviated, Record, State);
+		    next_state(hello, abbreviated, Record, State);
 		#alert{} = Alert ->
 		    handle_own_alert(Alert, Version, hello, State1), 
 		    {stop, normal, State1}
@@ -1334,7 +1270,7 @@ new_server_hello(#server_hello{cipher_suite = CipherSuite,
 				 cipher_suite = CipherSuite,
 				 compression_method = Compression},
 	    {Record, State} = next_record(State2#state{session = Session}),
-	    next_state(certify, Record, State)
+	    next_state(hello, certify, Record, State)
     catch        
         #alert{} = Alert ->  
 	    handle_own_alert(Alert, Version, hello, State0),
@@ -1346,7 +1282,7 @@ handle_new_session(NewId, CipherSuite, Compression, #state{session = Session0} =
 			       cipher_suite = CipherSuite,
 			       compression_method = Compression}, 
     {Record, State} = next_record(State0#state{session = Session}),
-    next_state(certify, Record, State).
+    next_state(hello, certify, Record, State).
 
 handle_resumed_session(SessId, #state{connection_states = ConnectionStates0,
 				      negotiated_version = Version,
@@ -1361,7 +1297,7 @@ handle_resumed_session(SessId, #state{connection_states = ConnectionStates0,
 		next_record(State0#state{
 			      connection_states = ConnectionStates1,
 			      session = Session}),
-	    next_state(abbreviated, Record, State);
+	    next_state(hello, abbreviated, Record, State);
 	#alert{} = Alert ->
 	    handle_own_alert(Alert, Version, hello, State0), 
 	    {stop, normal, State0}
@@ -1378,10 +1314,10 @@ client_certify_and_key_exchange(#state{negotiated_version = Version} =
 				 client_certificate_requested = false,
 				 tls_handshake_hashes = Hashes},
 	    {Record, State} = next_record(State2),
-	    next_state(cipher, Record, State)
+	    next_state(certify, cipher, Record, State)
     catch        
-        #alert{} = Alert ->  
-	    handle_own_alert(Alert, Version, client_certify_and_key_exchange, State0),
+        throw:#alert{} = Alert ->  
+	    handle_own_alert(Alert, Version, certify, State0),
             {stop, normal, State0}
     end.
 
@@ -1692,15 +1628,12 @@ encode_packet(Data, #socket_options{packet=Packet}) ->
     end.
 
 encode_size_packet(Bin, Size, Max) ->
-    Len = byte_size(Bin),
+    Len = erlang:byte_size(Bin),
     case Len > Max of
 	true  -> throw({error, {badarg, {packet_to_large, Len, Max}}});
 	false -> <<Len:Size, Bin/binary>>
     end.
 
-encode_data(Data, Version, ConnectionStates, RenegotiateAt) ->
-    ssl_record:encode_data(Data, Version, ConnectionStates, RenegotiateAt).
-
 decode_alerts(Bin) ->
     decode_alerts(Bin, []).
 
@@ -1714,20 +1647,20 @@ passive_receive(State0 = #state{user_data_buffer = Buffer}, StateName) ->
     case Buffer of
 	<<>> ->
 	    {Record, State} = next_record(State0),
-	    next_state(StateName, Record, State);
+	    next_state(StateName, StateName, Record, State);
 	_ ->
-	    case application_data(<<>>, State0) of
+	    case read_application_data(<<>>, State0) of
 		Stop = {stop, _, _} ->
 		    Stop;
 		{Record, State} ->
-		    next_state(StateName, Record, State)
+		    next_state(StateName, StateName, Record, State)
 	    end
     end.
 
-application_data(Data, #state{user_application = {_Mon, Pid},
+read_application_data(Data, #state{user_application = {_Mon, Pid},
                               socket_options = SOpts,
                               bytes_to_read = BytesToRead,
-                              from = From,
+                              recv_from = From,
                               user_data_buffer = Buffer0} = State0) ->
     Buffer1 = if 
 		  Buffer0 =:= <<>> -> Data;
@@ -1738,7 +1671,7 @@ application_data(Data, #state{user_application = {_Mon, Pid},
 	{ok, ClientData, Buffer} -> % Send data
 	    SocketOpt = deliver_app_data(SOpts, ClientData, Pid, From),
 	    State = State0#state{user_data_buffer = Buffer,
-				 from = undefined,
+				 recv_from = undefined,
 				 bytes_to_read = 0,
 				 socket_options = SocketOpt 
 				},
@@ -1748,7 +1681,7 @@ application_data(Data, #state{user_application = {_Mon, Pid},
 		    %% Active and empty, get more data
 		    next_record_if_active(State);
 	 	true -> %% We have more data
- 		    application_data(<<>>, State)
+ 		    read_application_data(<<>>, State)
 	    end;
 	{more, Buffer} -> % no reply, we need more data
 	    next_record(State0#state{user_data_buffer = Buffer});
@@ -1757,6 +1690,39 @@ application_data(Data, #state{user_application = {_Mon, Pid},
 	    {stop, normal, State0}
     end.
 
+write_application_data(Data0, From, #state{socket = Socket,
+					   negotiated_version = Version,
+					   transport_cb = Transport,
+					   connection_states = ConnectionStates0,
+					   send_queue = SendQueue,
+					   socket_options = SockOpts,
+					   ssl_options = #ssl_options{renegotiate_at = RenegotiateAt}} = State) ->
+    Data = encode_packet(Data0, SockOpts),
+    
+    case time_to_renegotiate(Data, ConnectionStates0, RenegotiateAt) of
+	true ->
+	    renegotiate(State#state{send_queue = queue:in_r({From, Data}, SendQueue),
+				    renegotiation = {true, internal}});
+	false ->
+	    {Msgs, ConnectionStates} = ssl_record:encode_data(Data, Version, ConnectionStates0),
+	    Result = Transport:send(Socket, Msgs),
+	    {reply, Result,
+	     connection, State#state{connection_states = ConnectionStates}, get_timeout(State)}
+    end.
+
+time_to_renegotiate(_Data, #connection_states{current_write = 
+						    #connection_state{sequence_number = Num}}, RenegotiateAt) ->
+    
+    %% We could do test:
+    %% is_time_to_renegotiate((erlang:byte_size(_Data) div ?MAX_PLAIN_TEXT_LENGTH) + 1, RenegotiateAt),
+    %% but we chose to have a some what lower renegotiateAt and a much cheaper test 
+    is_time_to_renegotiate(Num, RenegotiateAt).
+
+is_time_to_renegotiate(N, M) when N < M->
+    false;
+is_time_to_renegotiate(_,_) ->
+    true.
+
 %% Picks ClientData 
 get_data(_, _, <<>>) ->
     {more, <<>>};
@@ -1858,6 +1824,10 @@ header(N, Binary) ->
 
 send_or_reply(false, _Pid, From, Data) when From =/= undefined ->
     gen_fsm:reply(From, Data);
+%% Can happen when handling own alert or tcp error/close and there is
+%% no outstanding gen_fsm sync events
+send_or_reply(false, no_pid, _, _) ->
+    ok;
 send_or_reply(_, Pid, _From, Data) ->
     send_user(Pid, Data).
 
@@ -1882,18 +1852,18 @@ handle_tls_handshake(Handle, StateName, #state{tls_packets = [Packet | Packets]}
 	    Stop
     end.
 
-next_state(_, #alert{} = Alert, #state{negotiated_version = Version} = State) ->
-    handle_own_alert(Alert, Version, decipher_error, State),
+next_state(Current,_, #alert{} = Alert, #state{negotiated_version = Version} = State) ->
+    handle_own_alert(Alert, Version, Current, State),
     {stop, normal, State};
 
-next_state(Next, no_record, State) ->
+next_state(_,Next, no_record, State) ->
     {next_state, Next, State, get_timeout(State)};
 
-next_state(Next, #ssl_tls{type = ?ALERT, fragment = EncAlerts}, State) ->
+next_state(_,Next, #ssl_tls{type = ?ALERT, fragment = EncAlerts}, State) ->
     Alerts = decode_alerts(EncAlerts),
     handle_alerts(Alerts,  {next_state, Next, State, get_timeout(State)});
 
-next_state(StateName, #ssl_tls{type = ?HANDSHAKE, fragment = Data},
+next_state(Current, Next, #ssl_tls{type = ?HANDSHAKE, fragment = Data},
 	   State0 = #state{tls_handshake_buffer = Buf0, negotiated_version = Version}) ->
     Handle = 
    	fun({#hello_request{} = Packet, _}, {next_state, connection = SName, State}) ->
@@ -1919,30 +1889,30 @@ next_state(StateName, #ssl_tls{type = ?HANDSHAKE, fragment = Data},
     try
 	{Packets, Buf} = ssl_handshake:get_tls_handshake(Data,Buf0),
 	State = State0#state{tls_packets = Packets, tls_handshake_buffer = Buf},
-	handle_tls_handshake(Handle, StateName, State)
+	handle_tls_handshake(Handle, Next, State)
     catch throw:#alert{} = Alert ->
-   	    handle_own_alert(Alert, Version, StateName, State0), 
+   	    handle_own_alert(Alert, Version, Current, State0), 
    	    {stop, normal, State0}
     end;
 
-next_state(StateName, #ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, State0) ->
-    case application_data(Data, State0) of
+next_state(_, StateName, #ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, State0) ->
+    case read_application_data(Data, State0) of
 	Stop = {stop,_,_} ->
    	    Stop;
 	{Record, State} ->
-   	    next_state(StateName, Record, State)
+   	    next_state(StateName, StateName, Record, State)
     end;
-next_state(StateName, #ssl_tls{type = ?CHANGE_CIPHER_SPEC, fragment = <<1>>} = 
+next_state(Current, Next, #ssl_tls{type = ?CHANGE_CIPHER_SPEC, fragment = <<1>>} = 
  	   _ChangeCipher, 
  	   #state{connection_states = ConnectionStates0} = State0) ->
     ConnectionStates1 =
  	ssl_record:activate_pending_connection_state(ConnectionStates0, read),
     {Record, State} = next_record(State0#state{connection_states = ConnectionStates1}),
-    next_state(StateName, Record, State);
-next_state(StateName, #ssl_tls{type = _Unknown}, State0) ->
+    next_state(Current, Next, Record, State);
+next_state(Current, Next, #ssl_tls{type = _Unknown}, State0) ->
     %% Ignore unknown type 
     {Record, State} = next_record(State0),
-    next_state(StateName, Record, State).
+    next_state(Current, Next, Record, State).
 
 next_tls_record(Data, #state{tls_record_buffer = Buf0,
 		       tls_cipher_texts = CT0} = State0) ->
@@ -1981,50 +1951,36 @@ next_state_connection(StateName, #state{send_queue = Queue0,
 					negotiated_version = Version,
 					socket = Socket,
 					transport_cb = Transport,
-					connection_states = ConnectionStates0,
-					ssl_options = #ssl_options{renegotiate_at = RenegotiateAt}
+					connection_states = ConnectionStates0
 				       } = State) ->     
-    %% Send queued up data
+    %% Send queued up data that was queued while renegotiating
     case queue:out(Queue0) of
 	{{value, {From, Data}}, Queue} ->
-	    case encode_data(Data, Version, ConnectionStates0, RenegotiateAt) of
-		{Msgs, [], ConnectionStates} ->
-		    Result = Transport:send(Socket, Msgs),
-		    gen_fsm:reply(From, Result),
-		    next_state_connection(StateName,
-					  State#state{connection_states = ConnectionStates,
-						      send_queue = Queue});
-		%% This is unlikely to happen. User configuration of the 
-		%% undocumented test option renegotiation_at can make it more likely.
-		{Msgs, RestData, ConnectionStates} ->
-		    if 
-			Msgs =/= [] -> 
-			    Transport:send(Socket, Msgs);
-			true ->
-			    ok
-		    end,
-		    renegotiate(State#state{connection_states = ConnectionStates,
-					    send_queue = queue:in_r({From, RestData}, Queue),
-					    renegotiation = {true, internal}})
-	    end;
+	    {Msgs, ConnectionStates} = 
+		ssl_record:encode_data(Data, Version, ConnectionStates0),
+	    Result = Transport:send(Socket, Msgs),
+	    gen_fsm:reply(From, Result),
+	    next_state_connection(StateName,
+				  State#state{connection_states = ConnectionStates,
+						      send_queue = Queue});		
 	{empty, Queue0} ->
-	    next_state_is_connection(State)
+	    next_state_is_connection(StateName, State)
     end.
 
 %% In next_state_is_connection/1: clear tls_handshake_hashes,
 %% premaster_secret and public_key_info (only needed during handshake)
 %% to reduce memory foot print of a connection.
-next_state_is_connection(State = 
-		      #state{recv_during_renegotiation = true, socket_options = 
-			     #socket_options{active = false}})  -> 
-    passive_receive(State#state{recv_during_renegotiation = false,
-				premaster_secret = undefined,
+next_state_is_connection(_, State = 
+		      #state{recv_from = From,
+			     socket_options =
+			     #socket_options{active = false}}) when From =/= undefined ->
+    passive_receive(State#state{premaster_secret = undefined,
 				public_key_info = undefined,
 				tls_handshake_hashes = {<<>>, <<>>}}, connection);
 
-next_state_is_connection(State0) ->
+next_state_is_connection(StateName, State0) ->
     {Record, State} = next_record_if_active(State0),
-    next_state(connection, Record, State#state{premaster_secret = undefined,
+    next_state(StateName, connection, Record, State#state{premaster_secret = undefined,
 					       public_key_info = undefined,
 					       tls_handshake_hashes = {<<>>, <<>>}}).
 
@@ -2080,7 +2036,7 @@ initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions}, User,
 	   log_alert = true,
 	   session_cache_cb = SessionCacheCb,
 	   renegotiation = {false, first},
-	   recv_during_renegotiation = false,
+	   recv_from = undefined,
 	   send_queue = queue:new()
 	  }.
 
@@ -2193,16 +2149,14 @@ handle_alert(#alert{level = ?FATAL} = Alert, StateName,
     {stop, normal, State};
 
 handle_alert(#alert{level = ?WARNING, description = ?CLOSE_NOTIFY} = Alert, 
-	     StateName, #state{from = From, role = Role,  
-			       user_application = {_Mon, Pid}, socket_options = Opts} = State) -> 
-    alert_user(StateName, Opts, Pid, From, Alert, Role),
+	     StateName, State) -> 
+    handle_normal_shutdown(Alert, StateName, State),
     {stop, normal, State};
 
 handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert, StateName, 
-	     #state{log_alert = Log, renegotiation = {true, internal}, from = From,
-		    role = Role} = State) ->
+	     #state{log_alert = Log, renegotiation = {true, internal}} = State) ->
     log_alert(Log, StateName, Alert),
-    alert_user(From, Alert, Role),
+    handle_normal_shutdown(Alert, StateName, State),
     {stop, normal, State};
 
 handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert, StateName, 
@@ -2210,13 +2164,13 @@ handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert,
     log_alert(Log, StateName, Alert),
     gen_fsm:reply(From, {error, renegotiation_rejected}),
     {Record, State} = next_record(State0),
-    next_state(connection, Record, State);
+    next_state(StateName, connection, Record, State);
 
 handle_alert(#alert{level = ?WARNING, description = ?USER_CANCELED} = Alert, StateName, 
 	     #state{log_alert = Log} = State0) ->
     log_alert(Log, StateName, Alert),
     {Record, State} = next_record(State0),
-    next_state(StateName, Record, State).
+    next_state(StateName, StateName, Record, State).
 
 alert_user(connection, Opts, Pid, From, Alert, Role) ->
     alert_user(Opts#socket_options.active, Pid, From, Alert, Role);
@@ -2248,13 +2202,11 @@ log_alert(true, Info, Alert) ->
 log_alert(false, _, _) ->
     ok.
 
-handle_own_alert(Alert, Version, Info, 
+handle_own_alert(Alert, Version, StateName, 
 		 #state{transport_cb = Transport,
 			socket = Socket,
-			from = User,
-			role = Role,
 			connection_states = ConnectionStates,
-			log_alert = Log}) ->
+			log_alert = Log} = State) ->
     try %% Try to tell the other side
 	{BinMsg, _} =
 	encode_alert(Alert, Version, ConnectionStates),
@@ -2264,12 +2216,20 @@ handle_own_alert(Alert, Version, Info,
 	    ignore
     end,
     try %% Try to tell the local user
-	log_alert(Log, Info, Alert),
-	alert_user(User, Alert, Role)
+	log_alert(Log, StateName, Alert),
+	handle_normal_shutdown(Alert,StateName, State)
     catch _:_ ->
 	    ok
     end.
 
+handle_normal_shutdown(Alert, _, #state{from = User, role = Role, renegotiation = {false, first}}) ->
+    alert_user(User, Alert, Role);
+
+handle_normal_shutdown(Alert, StateName, #state{socket_options = Opts,
+						user_application = {_Mon, Pid},
+						from = User, role = Role}) ->
+    alert_user(StateName, Opts, Pid, User, Alert, Role).
+
 handle_unexpected_message(Msg, Info, #state{negotiated_version = Version} = State) ->
     Alert =  ?ALERT_REC(?FATAL,?UNEXPECTED_MESSAGE),
     handle_own_alert(Alert, Version, {Info, Msg}, State),
@@ -2282,7 +2242,7 @@ make_premaster_secret(_, _) ->
     undefined.
 
 mpint_binary(Binary)  ->
-    Size = byte_size(Binary),
+    Size = erlang:byte_size(Binary),
     <<?UINT32(Size), Binary/binary>>.
 
 
@@ -2319,7 +2279,7 @@ renegotiate(#state{role = server,
     {Record, State} = next_record(State0#state{connection_states = 
 					       ConnectionStates,
 					       tls_handshake_hashes = Hs0}),
-    next_state(hello, Record, State#state{allow_renegotiate = true}).
+    next_state(connection, hello, Record, State#state{allow_renegotiate = true}).
 
 notify_senders(SendQueue) -> 
     lists:foreach(fun({From, _}) ->
diff --git a/lib/ssl/src/ssl_dist_sup.erl b/lib/ssl/src/ssl_dist_sup.erl
index c1912401d7..9d9afb7707 100644
--- a/lib/ssl/src/ssl_dist_sup.erl
+++ b/lib/ssl/src/ssl_dist_sup.erl
@@ -41,7 +41,6 @@ start_link() ->
 %%%=========================================================================
 %%%  Supervisor callback
 %%%=========================================================================
--spec init([]) -> {ok,  {SupFlags :: tuple(),  [ChildSpec :: tuple()]}}.
 
 init([]) ->    
     SessionCertManager = session_and_cert_manager_child_spec(),
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 7eb7f44df6..542033e6ce 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -188,14 +188,14 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbHandle, CertDbRef,
     ValidationFunAndState =
 	case VerifyFunAndState of
 	    undefined ->
-		{fun(OtpCert, ExtensionOrError, SslState) ->
+		{fun(OtpCert, ExtensionOrVerifyResult, SslState) ->
 			 ssl_certificate:validate_extension(OtpCert,
-							    ExtensionOrError, SslState)
+							    ExtensionOrVerifyResult, SslState)
 		 end, Role};
 	    {Fun, UserState0} ->
-		{fun(OtpCert, ExtensionOrError, {SslState, UserState}) ->
+		{fun(OtpCert, {extension, _} = Extension, {SslState, UserState}) ->
 			 case ssl_certificate:validate_extension(OtpCert,
-								 ExtensionOrError,
+								 Extension,
 								 SslState) of
 			     {valid, NewSslState} ->
 				 {valid, {NewSslState, UserState}};
@@ -204,8 +204,11 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbHandle, CertDbRef,
 						SslState);
 			     {unknown, _} ->
 				 apply_user_fun(Fun, OtpCert,
-						ExtensionOrError, UserState, SslState)
-			 end
+						Extension, UserState, SslState)
+			 end;
+		    (OtpCert, VerifyResult, {SslState, UserState}) ->
+			 apply_user_fun(Fun, OtpCert, VerifyResult, UserState,
+					SslState)
 		 end, {Role, UserState0}}
 	end,
 
@@ -447,7 +450,7 @@ server_hello_done() ->
 -spec encode_handshake(tls_handshake(), tls_version()) -> iolist().
 %%     
 %% Description: Encode a handshake packet to binary
-%%--------------------------------------------------------------------
+%%--------------------------------------------------------------------x
 encode_handshake(Package, Version) ->
     {MsgType, Bin} = enc_hs(Package, Version),
     Len = byte_size(Bin),
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl
index 6a44ef8c3e..6389ff03f5 100644
--- a/lib/ssl/src/ssl_manager.erl
+++ b/lib/ssl/src/ssl_manager.erl
@@ -51,7 +51,7 @@
 	  session_lifetime,
 	  certificate_db,
 	  session_validation_timer,
-	  last_delay_timer %% Keep for testing purposes
+	  last_delay_timer  = {undefined, undefined}%% Keep for testing purposes
 	 }).
 
 -define('24H_in_msec', 8640000).
@@ -427,7 +427,7 @@ delay_time() ->
 	   ?CLEAN_SESSION_DB
     end.
 
-invalidate_session(Cache, CacheCb, Key, Session, State) ->
+invalidate_session(Cache, CacheCb, Key, Session, #state{last_delay_timer = LastTimer} = State) ->
     case CacheCb:lookup(Cache, Key) of
 	undefined -> %% Session is already invalidated
 	    {noreply, State};
@@ -441,5 +441,10 @@ invalidate_session(Cache, CacheCb, Key, Session, State) ->
 	    CacheCb:update(Cache, Key, Session#session{is_resumable = false}),
 	    TRef =
 		erlang:send_after(delay_time(), self(), {delayed_clean_session, Key}),
-	    {noreply, State#state{last_delay_timer = TRef}}
+	    {noreply, State#state{last_delay_timer = last_delay_timer(Key, TRef, LastTimer)}}
     end.
+
+last_delay_timer({{_,_},_}, TRef, {LastServer, _}) ->
+    {LastServer, TRef};
+last_delay_timer({_,_}, TRef, {_, LastClient}) ->
+    {TRef, LastClient}.
diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl
index 72091fdd5f..830026c825 100644
--- a/lib/ssl/src/ssl_record.erl
+++ b/lib/ssl/src/ssl_record.erl
@@ -48,7 +48,7 @@
 
 %% Encoding records
 -export([encode_handshake/3, encode_alert_record/3,
-	 encode_change_cipher_spec/2, encode_data/4]).
+	 encode_change_cipher_spec/2, encode_data/3]).
 
 %% Decoding
 -export([decode_cipher_text/2]).
@@ -503,36 +503,18 @@ decode_cipher_text(CipherText, ConnnectionStates0) ->
 	   Alert
    end.
 %%--------------------------------------------------------------------
--spec encode_data(iolist(), tls_version(), #connection_states{}, integer()) ->
-			 {iolist(), iolist(), #connection_states{}}.
+-spec encode_data(binary(), tls_version(), #connection_states{}) ->
+			 {iolist(), #connection_states{}}.
 %%
 %% Description: Encodes data to send on the ssl-socket.
 %%--------------------------------------------------------------------
-encode_data(Frag, Version, ConnectionStates, RenegotiateAt)
-  when byte_size(Frag) < (?MAX_PLAIN_TEXT_LENGTH - 2048) ->
-    case encode_plain_text(?APPLICATION_DATA,Version,Frag,ConnectionStates, RenegotiateAt) of
-	{renegotiate, Data} ->
-	    {[], Data, ConnectionStates};
-	{Msg, CS} ->
-	    {Msg, [], CS}
-    end;
-
-encode_data(Frag, Version, ConnectionStates, RenegotiateAt) when is_binary(Frag) ->
-    Data = split_bin(Frag, ?MAX_PLAIN_TEXT_LENGTH - 2048),
-    encode_data(Data, Version, ConnectionStates, RenegotiateAt);
-
-encode_data(Data, Version, ConnectionStates0, RenegotiateAt) when is_list(Data) ->
-    {ConnectionStates, EncodedMsg, NotEncdedData} =
-        lists:foldl(fun(B, {CS0, Encoded, Rest}) ->
-			    case encode_plain_text(?APPLICATION_DATA,
-						   Version, B, CS0, RenegotiateAt) of
-				{renegotiate, NotEnc} ->
-				    {CS0, Encoded, [NotEnc | Rest]};
-				{Enc, CS1} ->
-				    {CS1, [Enc | Encoded], Rest}
-			    end
-		    end, {ConnectionStates0, [], []}, Data),
-    {lists:reverse(EncodedMsg), lists:reverse(NotEncdedData), ConnectionStates}.
+encode_data(Frag, Version,
+	    #connection_states{current_write = #connection_state{
+				 security_parameters =
+				     #security_parameters{bulk_cipher_algorithm = BCA}}} =
+		ConnectionStates) ->
+    Data = split_bin(Frag, ?MAX_PLAIN_TEXT_LENGTH, Version, BCA),
+    encode_iolist(?APPLICATION_DATA, Data, Version, ConnectionStates).
 
 %%--------------------------------------------------------------------
 -spec encode_handshake(iolist(), tls_version(), #connection_states{}) ->
@@ -566,6 +548,14 @@ encode_change_cipher_spec(Version, ConnectionStates) ->
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
+encode_iolist(Type, Data, Version, ConnectionStates0) ->
+    {ConnectionStates, EncodedMsg} =
+        lists:foldl(fun(Text, {CS0, Encoded}) ->
+			    {Enc, CS1} = encode_plain_text(Type, Version, Text, CS0),
+			    {CS1, [Enc | Encoded]}
+		    end, {ConnectionStates0, []}, Data),
+    {lists:reverse(EncodedMsg), ConnectionStates}.
+
 highest_protocol_version() ->
     highest_protocol_version(supported_protocol_versions()).
 
@@ -602,29 +592,23 @@ record_protocol_role(client) ->
 record_protocol_role(server) ->
     ?SERVER.
 
-split_bin(Bin, ChunkSize) ->
-    split_bin(Bin, ChunkSize, []).
+%% 1/n-1 splitting countermeasure Rizzo/Duong-Beast, RC4 chiphers are not vulnerable to this attack.
+split_bin(<<FirstByte:8, Rest/binary>>, ChunkSize, Version, BCA) when BCA =/= ?RC4 andalso ({3, 1} == Version orelse
+											    {3, 0} == Version) ->
+    do_split_bin(Rest, ChunkSize, [[FirstByte]]);
+split_bin(Bin, ChunkSize, _, _) ->
+    do_split_bin(Bin, ChunkSize, []).
 
-split_bin(<<>>, _, Acc) ->
+do_split_bin(<<>>, _, Acc) ->
     lists:reverse(Acc);
-split_bin(Bin, ChunkSize, Acc) ->
+do_split_bin(Bin, ChunkSize, Acc) ->
     case Bin of
         <<Chunk:ChunkSize/binary, Rest/binary>> ->
-            split_bin(Rest, ChunkSize, [Chunk | Acc]);
+            do_split_bin(Rest, ChunkSize, [Chunk | Acc]);
         _ ->
             lists:reverse(Acc, [Bin])
     end.
 
-encode_plain_text(Type, Version, Data, ConnectionStates, RenegotiateAt) ->
-    #connection_states{current_write = 
-		       #connection_state{sequence_number = Num}} = ConnectionStates,
-    case renegotiate(Num, RenegotiateAt) of
-	false ->
-	    encode_plain_text(Type, Version, Data, ConnectionStates);
-	true ->
-	    {renegotiate, Data}
-    end.
-
 encode_plain_text(Type, Version, Data, ConnectionStates) ->
     #connection_states{current_write=#connection_state{
 			 compression_state=CompS0,
@@ -637,11 +621,6 @@ encode_plain_text(Type, Version, Data, ConnectionStates) ->
     CTBin = encode_tls_cipher_text(Type, Version, CipherText),
     {CTBin, ConnectionStates#connection_states{current_write = CS2}}.
 
-renegotiate(N, M) when N < M->
-    false;
-renegotiate(_,_) ->
-    true.
-
 encode_tls_cipher_text(Type, {MajVer, MinVer}, Fragment) ->
     Length = erlang:iolist_size(Fragment),
     [<<?BYTE(Type), ?BYTE(MajVer), ?BYTE(MinVer), ?UINT16(Length)>>, Fragment].
diff --git a/lib/ssl/src/ssl_record.hrl b/lib/ssl/src/ssl_record.hrl
index 5fb0070b91..282d642138 100644
--- a/lib/ssl/src/ssl_record.hrl
+++ b/lib/ssl/src/ssl_record.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -70,9 +70,10 @@
 -define(MAX_SEQENCE_NUMBER, 18446744073709552000). %% math:pow(2, 64) - 1 = 1.8446744073709552e19
 %% Sequence numbers can not wrap so when max is about to be reached we should renegotiate.
 %% We will renegotiate a little before so that there will be sequence numbers left
-%% for the rehandshake and a little data. 
--define(MARGIN, 100).
--define(DEFAULT_RENEGOTIATE_AT, ?MAX_SEQENCE_NUMBER - ?MARGIN).
+%% for the rehandshake and a little data. Currently we decided to renegotiate a little more
+%% often as we can have a cheaper test to check if it is time to renegotiate. It will still
+%% be fairly seldom. 
+-define(DEFAULT_RENEGOTIATE_AT, 268435456). %% math:pow(2, 28) 
 
 %% ConnectionEnd
 -define(SERVER, 0).
diff --git a/lib/ssl/src/ssl_session_cache.erl b/lib/ssl/src/ssl_session_cache.erl
index 93969f628f..f9bbf905e1 100644
--- a/lib/ssl/src/ssl_session_cache.erl
+++ b/lib/ssl/src/ssl_session_cache.erl
@@ -28,27 +28,19 @@
 -export([init/1, terminate/1, lookup/2, update/3, delete/2, foldl/3, 
 	 select_session/2]). 
 
--type key() :: {{host(), inet:port_number()}, session_id()} |  {inet:port_number(), session_id()}.
-
 %%--------------------------------------------------------------------
--spec init(list()) -> db_handle(). %% Returns reference to the cache (opaque)
-%%
 %% Description: Return table reference. Called by ssl_manager process. 
 %%--------------------------------------------------------------------
 init(_) ->
     ets:new(cache_name(), [set, protected]).
 
 %%--------------------------------------------------------------------
--spec terminate(db_handle()) -> any().
-%%
 %% Description: Handles cache table at termination of ssl manager. 
 %%--------------------------------------------------------------------
 terminate(Cache) ->
     ets:delete(Cache).
 
 %%--------------------------------------------------------------------
--spec lookup(db_handle(), key()) -> #session{} | undefined.
-%%
 %% Description: Looks up a cach entry. Should be callable from any
 %% process.
 %%--------------------------------------------------------------------
@@ -61,8 +53,6 @@ lookup(Cache, Key) ->
     end.
 
 %%--------------------------------------------------------------------
--spec update(db_handle(), key(), #session{}) -> any().
-%%
 %% Description: Caches a new session or updates a already cached one.
 %% Will only be called from the ssl_manager process.
 %%--------------------------------------------------------------------
@@ -70,8 +60,6 @@ update(Cache, Key, Session) ->
     ets:insert(Cache, {Key, Session}).
 
 %%--------------------------------------------------------------------
--spec delete(db_handle(), key()) -> any().
-%%
 %% Description: Delets a cache entry.
 %% Will only be called from the ssl_manager process.
 %%--------------------------------------------------------------------
@@ -79,8 +67,6 @@ delete(Cache, Key) ->
     ets:delete(Cache, Key).
 
 %%--------------------------------------------------------------------
--spec foldl(fun(), term(), db_handle()) -> term().
-%%
 %% Description: Calls Fun(Elem, AccIn) on successive elements of the
 %% cache, starting with AccIn == Acc0. Fun/2 must return a new
 %% accumulator which is passed to the next call. The function returns
@@ -91,8 +77,6 @@ foldl(Fun, Acc0, Cache) ->
     ets:foldl(Fun, Acc0, Cache).
   
 %%--------------------------------------------------------------------
--spec select_session(db_handle(), {host(), inet:port_number()} | inet:port_number()) -> [#session{}].
-%%
 %% Description: Selects a session that could be reused. Should be callable
 %% from any process.
 %%--------------------------------------------------------------------
diff --git a/lib/ssl/src/ssl_session_cache_api.erl b/lib/ssl/src/ssl_session_cache_api.erl
index f8416bf327..f2b22b0f1b 100644
--- a/lib/ssl/src/ssl_session_cache_api.erl
+++ b/lib/ssl/src/ssl_session_cache_api.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -20,18 +20,15 @@
 %%
 
 -module(ssl_session_cache_api).
+-include("ssl_handshake.hrl").
+-include("ssl_internal.hrl").
 
--export([behaviour_info/1]).
+-type key() :: {{host(), inet:port_number()}, session_id()} |  {inet:port_number(), session_id()}.
 
-behaviour_info(callbacks) ->
-    [
-     {init, 1}, 
-     {terminate, 1}, 
-     {lookup, 2}, 
-     {update, 3}, 
-     {delete, 2}, 
-     {foldl, 3},
-     {select_session, 2}
-    ];
-behaviour_info(_) ->
-    undefined.
+-callback init(list()) -> db_handle().
+-callback terminate(db_handle()) -> any().
+-callback lookup(db_handle(), key()) -> #session{} | undefined.
+-callback update(db_handle(), key(), #session{}) -> any().
+-callback delete(db_handle(), key()) -> any().
+-callback foldl(fun(), term(), db_handle()) -> term().
+-callback select_session(db_handle(), {host(), inet:port_number()} | inet:port_number()) -> [#session{}].
diff --git a/lib/ssl/src/ssl_sup.erl b/lib/ssl/src/ssl_sup.erl
index cb10b1362a..59039a6e0a 100644
--- a/lib/ssl/src/ssl_sup.erl
+++ b/lib/ssl/src/ssl_sup.erl
@@ -41,7 +41,6 @@ start_link() ->
 %%%=========================================================================
 %%%  Supervisor callback
 %%%=========================================================================
--spec init([]) -> {ok,  {SupFlags :: tuple(),  [ChildSpec :: tuple()]}}.
 
 init([]) ->    
     %% OLD ssl - moved start to ssl.erl only if old
diff --git a/lib/ssl/src/ssl_tls_dist_proxy.erl b/lib/ssl/src/ssl_tls_dist_proxy.erl
index d63eada571..1c61eb7ccc 100644
--- a/lib/ssl/src/ssl_tls_dist_proxy.erl
+++ b/lib/ssl/src/ssl_tls_dist_proxy.erl
@@ -19,7 +19,7 @@
 -module(ssl_tls_dist_proxy).
 
 
--export([listen/1, accept/1, connect/2, get_remote_id/2]).
+-export([listen/1, accept/1, connect/2, get_tcp_address/1]).
 -export([init/1, start_link/0, handle_call/3, handle_cast/2, handle_info/2, 
 	 terminate/2, code_change/3, ssl_options/2]).
 
@@ -47,9 +47,6 @@ accept(Listen) ->
 connect(Ip, Port) ->
     gen_server:call(?MODULE, {connect, Ip, Port}, infinity).
 
-get_remote_id(Socket, Node) ->
-    gen_server:call(?MODULE, {get_remote_id, {Socket,Node}}, infinity).
-
 %%====================================================================
 %% gen_server callbacks
 %%====================================================================
@@ -65,8 +62,8 @@ handle_call({listen, Name}, _From, State) ->
     case gen_tcp:listen(0, [{active, false}, {packet,?PPRE}]) of
 	{ok, Socket} ->
 	    {ok, World} = gen_tcp:listen(0, [{active, false}, binary, {packet,?PPRE}]),
-	    TcpAddress = get_tcp_address(Socket),
-	    WorldTcpAddress = get_tcp_address(World),
+	    {ok, TcpAddress} = get_tcp_address(Socket),
+	    {ok, WorldTcpAddress} = get_tcp_address(World),
 	    {_,Port} = WorldTcpAddress#net_address.address,
 	    {ok, Creation} = erl_epmd:register_node(Name, Port),
 	    {reply, {ok, {Socket, TcpAddress, Creation}},
@@ -87,17 +84,16 @@ handle_call({connect, Ip, Port}, {From, _}, State) ->
     receive 
 	{Pid, go_ahead, LPort} -> 
 	    Res = {ok, Socket} = try_connect(LPort),
-	    ok = gen_tcp:controlling_process(Socket, From),
-	    flush_old_controller(From, Socket),
-	    {reply, Res, State};
+	    case gen_tcp:controlling_process(Socket, From) of
+		{error, badarg} = Error -> {reply, Error, State};   % From is dead anyway.
+		ok ->
+		    flush_old_controller(From, Socket),
+		    {reply, Res, State}
+        end;
 	{Pid, Error} ->
 	    {reply, Error, State}
     end;
 
-handle_call({get_remote_id, {Socket,_Node}}, _From, State) ->
-    Address = get_tcp_address(Socket),
-    {reply, Address, State};
-
 handle_call(_What, _From, State) ->
     {reply, ok, State}.
 
@@ -117,14 +113,18 @@ code_change(_OldVsn, St, _Extra) ->
 %%% Internal functions
 %%--------------------------------------------------------------------
 get_tcp_address(Socket) ->
-    {ok, Address} = inet:sockname(Socket),
-    {ok, Host} = inet:gethostname(),
-    #net_address{
+    case inet:sockname(Socket) of
+	{ok, Address} ->
+	{ok, Host} = inet:gethostname(),
+	    NetAddress = #net_address{
 		  address = Address,
 		  host = Host,
 		  protocol = proxy,
 		  family = inet
-		}.
+		},
+	    {ok, NetAddress};
+	{error, _} = Error -> Error
+    end.
 
 accept_loop(Proxy, erts = Type, Listen, Extra) ->
     process_flag(priority, max),
@@ -178,8 +178,8 @@ setup_proxy(Ip, Port, Parent) ->
     Opts = get_ssl_options(client),
     case ssl:connect(Ip, Port, [{active, true}, binary, {packet,?PPRE}] ++ Opts) of
 	{ok, World} ->
-	    {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, binary, {packet,?PPRE}]),
-	    #net_address{address={_,LPort}} = get_tcp_address(ErtsL),
+	    {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, {ip, {127,0,0,1}}, binary, {packet,?PPRE}]),
+	    {ok, #net_address{address={_,LPort}}} = get_tcp_address(ErtsL),
 	    Parent ! {self(), go_ahead, LPort},
 	    case gen_tcp:accept(ErtsL) of
 		{ok, Erts} ->
@@ -194,7 +194,7 @@ setup_proxy(Ip, Port, Parent) ->
 
 setup_connection(World, ErtsListen) ->
     process_flag(trap_exit, true),
-    TcpAddress = get_tcp_address(ErtsListen),
+    {ok, TcpAddress} = get_tcp_address(ErtsListen),
     {_Addr,Port} = TcpAddress#net_address.address,
     {ok, Erts} = gen_tcp:connect({127,0,0,1}, Port, [{active, true}, binary, {packet,?PPRE}]),
     ssl:setopts(World, [{active,true}, {packet,?PPRE}]),
@@ -223,7 +223,11 @@ loop_conn_setup(World, Erts) ->
 	    loop_conn_setup(World, Erts);
 	{tcp, Erts, Data} ->
 	    ssl:send(World, Data),
-	    loop_conn_setup(World, Erts)
+	    loop_conn_setup(World, Erts);
+	{tcp_closed, Erts} ->
+	    ssl:close(World);
+	{ssl_closed,  World} ->
+	    gen_tcp:close(Erts)
     end.
 
 loop_conn(World, Erts) ->
diff --git a/lib/ssl/test/erl_make_certs.erl b/lib/ssl/test/erl_make_certs.erl
index 8b01ca3ad4..254aa6d2f9 100644
--- a/lib/ssl/test/erl_make_certs.erl
+++ b/lib/ssl/test/erl_make_certs.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -175,7 +175,7 @@ issuer(true, Opts, SubjectKey) ->
 issuer({Issuer, IssuerKey}, _Opts, _SubjectKey) when is_binary(Issuer) ->
     {issuer_der(Issuer), decode_key(IssuerKey)};
 issuer({File, IssuerKey}, _Opts, _SubjectKey) when is_list(File) ->
-    {ok, [{cert, Cert, _}|_]} = public_key:pem_to_der(File),
+    {ok, [{cert, Cert, _}|_]} = pem_to_der(File),
     {issuer_der(Cert), decode_key(IssuerKey)}.
 
 issuer_der(Issuer) ->
@@ -185,7 +185,7 @@ issuer_der(Issuer) ->
     Subject.
 
 subject(undefined, IsRootCA) ->
-    User = if IsRootCA -> "RootCA"; true -> os:getenv("USER") end,
+    User = if IsRootCA -> "RootCA"; true -> user() end,
     Opts = [{email, User ++ "@erlang.org"},
 	    {name, User},
 	    {city, "Stockholm"},
@@ -196,6 +196,14 @@ subject(undefined, IsRootCA) ->
 subject(Opts, _) ->
     subject(Opts).
 
+user() ->
+    case os:getenv("USER") of
+	false ->
+	    "test_user";
+	User ->
+	    User
+    end.
+
 subject(SubjectOpts) when is_list(SubjectOpts) ->
     Encode = fun(Opt) ->
 		     {Type,Value} = subject_enc(Opt),
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index fc8aafa426..590ecf33ca 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -250,6 +250,8 @@ all() ->
      no_authority_key_identifier, invalid_signature_client,
      invalid_signature_server, cert_expired,
      client_with_cert_cipher_suites_handshake,
+     verify_fun_always_run_client,
+     verify_fun_always_run_server,
      unknown_server_ca_fail, der_input,
      unknown_server_ca_accept_verify_none,
      unknown_server_ca_accept_verify_peer,
@@ -257,7 +259,9 @@ all() ->
      %%different_ca_peer_sign,
      no_reuses_session_server_restart_new_cert,
      no_reuses_session_server_restart_new_cert_file, reuseaddr,
-     hibernate, connect_twice, renegotiate_dos_mitigate
+     hibernate, connect_twice, renegotiate_dos_mitigate_active,
+     renegotiate_dos_mitigate_passive,
+     tcp_error_propagation_in_active_mode, rizzo, no_rizzo_rc4
     ].
 
 groups() -> 
@@ -394,8 +398,8 @@ controlling_process(Config) when is_list(Config) ->
     ClientOpts = ?config(client_opts, Config),
     ServerOpts = ?config(server_opts, Config),
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
-    ClientMsg = "Hello server",
-    ServerMsg = "Hello client",
+    ClientMsg = "Server hello",
+    ServerMsg = "Client hello",
    
     Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
 					{from, self()}, 
@@ -416,11 +420,15 @@ controlling_process(Config) when is_list(Config) ->
 		       [self(), Client, Server]),
     
     receive 
+	{ssl, _, "S"} ->
+	    receive_s_rizzo_duong_beast();
 	{ssl, _, ServerMsg} ->
 	    receive 
 		{ssl, _, ClientMsg} ->
 		    ok
 	    end;
+	{ssl, _, "C"} ->
+	    receive_c_rizzo_duong_beast();
 	{ssl, _, ClientMsg} ->
 	      receive 
 		  {ssl, _, ServerMsg} ->
@@ -441,6 +449,28 @@ controlling_process_result(Socket, Pid, Msg) ->
     ssl:send(Socket, Msg),
     no_result_msg.
 
+receive_s_rizzo_duong_beast() ->
+    receive 
+	{ssl, _, "erver hello"} ->
+	    receive 
+		{ssl, _, "C"} ->
+		    receive
+			{ssl, _, "lient hello"} ->
+			    ok
+		    end
+	    end
+    end.
+receive_c_rizzo_duong_beast() ->
+    receive 
+	{ssl, _, "lient hello"} ->
+	    receive
+		{ssl, _, "S"} ->
+		    receive
+			{ssl, _, "erver hello"} ->
+			    ok
+		    end
+	    end
+    end.
 %%--------------------------------------------------------------------
 controller_dies(doc) -> 
     ["Test that the socket is closed after controlling process dies"];
@@ -1232,6 +1262,11 @@ upgrade_result(Socket) ->
     %% Make sure binary is inherited from tcp socket and that we do
     %% not get the list default!
     receive 
+	{ssl, _, <<"H">>} ->
+	    receive 
+		{ssl, _, <<"ello world">>} ->
+		    ok
+	    end;
 	{ssl, _, <<"Hello world">>}  ->
 	    ok
     end.
@@ -1533,14 +1568,14 @@ eoptions(Config) when is_list(Config) ->
 		{cacertfile, ""}, 
 		{dhfile,'dh.pem' },
 		{ciphers, [{foo, bar, sha, ignore}]},
-		{reuse_session, foo}, 
-		{reuse_sessions, 0}, 
+		{reuse_session, foo},
+		{reuse_sessions, 0},
 		{renegotiate_at, "10"},
-		{debug, 1}, 
+		{debug, 1},
 		{mode, depech},
-		{packet, 8.0}, 
-		{packet_size, "2"}, 
-		{header, a}, 
+		{packet, 8.0},
+		{packet_size, "2"},
+		{header, a},
 		{active, trice},
 		{key, 'key.pem' }],
 
@@ -2314,8 +2349,8 @@ server_verify_client_once_passive(Config) when is_list(Config) ->
 					{options, [{active, false} | ClientOpts]}]),
     
     ssl_test_lib:check_result(Server, ok, Client0, ok),
-    ssl_test_lib:close(Client0),
     Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
+    ssl_test_lib:close(Client0),
     Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 					{host, Hostname},
 					{from, self()}, 
@@ -2341,7 +2376,7 @@ server_verify_client_once_active(Config) when is_list(Config) ->
     Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
 					{from, self()}, 
 					{mfa, {?MODULE, send_recv_result_active, []}},
-					{options, [{active, once}, {verify, verify_peer},
+					{options, [{active, true}, {verify, verify_peer},
 						   {verify_client_once, true}
 						   | ServerOpts]}]),
     Port  = ssl_test_lib:inet_port(Server),
@@ -2352,8 +2387,8 @@ server_verify_client_once_active(Config) when is_list(Config) ->
 					 {options, [{active, true} | ClientOpts]}]),
     
     ssl_test_lib:check_result(Server, ok, Client0, ok),
-    ssl_test_lib:close(Client0),
     Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
+    ssl_test_lib:close(Client0),
     Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 					{host, Hostname},
 					{from, self()}, 
@@ -2390,8 +2425,8 @@ server_verify_client_once_active_once(Config) when is_list(Config) ->
 					{options, [{active, once} | ClientOpts]}]),
     
     ssl_test_lib:check_result(Server, ok, Client0, ok),
-    ssl_test_lib:close(Client0),
     Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
+    ssl_test_lib:close(Client0),
     Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 					 {host, Hostname},
 					 {from, self()},
@@ -2725,17 +2760,28 @@ client_no_wrap_sequence_number(Config) when is_list(Config) ->
 				   {options, ServerOpts}]),
     Port = ssl_test_lib:inet_port(Server),
  
+    Version = ssl_record:highest_protocol_version(ssl_record:supported_protocol_versions()),
+
     Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 					{host, Hostname},
 					{from, self()}, 
 					{mfa, {ssl_test_lib, 
-					       trigger_renegotiate, [[ErlData, N+2]]}},
+					       trigger_renegotiate, [[ErlData, treashold(N, Version)]]}},
 					{options, [{reuse_sessions, false},
 						   {renegotiate_at, N} | ClientOpts]}]),
     
     ssl_test_lib:check_result(Client, ok), 
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
+
+ %% First two clauses handles 1/n-1 splitting countermeasure Rizzo/Duong-Beast
+treashold(N, {3,0}) ->
+    (N div 2) + 1;
+treashold(N, {3,1}) ->
+    (N div 2) + 1;
+treashold(N, _) ->
+    N + 1.
+    
 %%--------------------------------------------------------------------
 server_no_wrap_sequence_number(doc) -> 
     ["Test that erlang server will renegotiate session when",  
@@ -2989,8 +3035,8 @@ invalid_signature_server(Config) when is_list(Config) ->
 					      {from, self()}, 
 					      {options, [{verify, verify_peer} | ClientOpts]}]),
     
-    ssl_test_lib:check_result(Server, {error, "bad certificate"}, 
-			      Client, {error,"bad certificate"}).
+    tcp_delivery_workaround(Server, {error, "bad certificate"},
+			    Client, {error,"bad certificate"}).
     
 %%--------------------------------------------------------------------
 
@@ -3035,42 +3081,47 @@ invalid_signature_client(Config) when is_list(Config) ->
 tcp_delivery_workaround(Server, ServerMsg, Client, ClientMsg) ->
     receive 
 	{Server, ServerMsg} ->
-	    receive 
-		{Client, ClientMsg} ->
-		    ok;
-		{Client, {error,closed}} ->
-		    test_server:format("client got close"),
-		    ok;
-		Unexpected ->
-		    test_server:fail(Unexpected) 
-	    end;
+	    client_msg(Client, ClientMsg);
 	{Client, ClientMsg} ->
-	    receive 
-		{Server, ServerMsg} ->
-		    ok;
-		Unexpected ->
-		    test_server:fail(Unexpected) 
-	    end;
+	    server_msg(Server, ServerMsg);
        	{Client, {error,closed}} ->
-	    receive 
-		{Server, ServerMsg} ->
-		    ok;
-		Unexpected ->
-		    test_server:fail(Unexpected) 
-	    end;
+	    server_msg(Server, ServerMsg);
 	{Server, {error,closed}} ->
-	    receive 
-		{Client, ClientMsg} ->
-		    ok;
-		{Client, {error,closed}} ->
-		    test_server:format("client got close"),
-		    ok;
-		Unexpected ->
-		    test_server:fail(Unexpected) 
-	    end;
+	    client_msg(Client, ClientMsg);
+	{Client, {error, esslconnect}} ->
+	    server_msg(Server, ServerMsg);
+	{Server, {error, esslaccept}} ->
+	    client_msg(Client, ClientMsg)
+    end.
+
+client_msg(Client, ClientMsg) ->
+    receive
+	{Client, ClientMsg} ->
+	    ok;
+	{Client, {error,closed}} ->
+	    test_server:format("client got close"),
+	    ok;
+	{Client, {error, esslconnect}} ->
+	    test_server:format("client got econnaborted"),
+	    ok;
 	Unexpected ->
 	    test_server:fail(Unexpected)
     end.
+
+server_msg(Server, ServerMsg) ->
+    receive
+	{Server, ServerMsg} ->
+	    ok;
+	{Server, {error,closed}} ->
+	    test_server:format("server got close"),
+	    ok;
+	{Server, {error, esslaccept}} ->
+	    test_server:format("server got econnaborted"),
+	    ok;
+	Unexpected ->
+	    test_server:fail(Unexpected)
+    end.
+
 %%--------------------------------------------------------------------
 cert_expired(doc) -> 
     ["Test server with invalid signature"];
@@ -3168,6 +3219,105 @@ client_with_cert_cipher_suites_handshake(Config) when is_list(Config) ->
     ssl_test_lib:check_result(Server, ok, Client, ok),
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
+
+%%--------------------------------------------------------------------
+verify_fun_always_run_client(doc) ->
+    ["Verify that user verify_fun is always run (for valid and valid_peer not only unknown_extension)"];
+verify_fun_always_run_client(suite) ->
+    [];
+verify_fun_always_run_client(Config) when is_list(Config) ->
+    ClientOpts =  ?config(client_verification_opts, Config),
+    ServerOpts =  ?config(server_verification_opts, Config),
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+    Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
+					      {from, self()},
+					      {mfa, {ssl_test_lib,
+						     no_result, []}},
+					      {options, ServerOpts}]),
+    Port  = ssl_test_lib:inet_port(Server),
+
+    %% If user verify fun is called correctly we fail the connection.
+    %% otherwise we can not tell this case apart form where we miss
+    %% to call users verify fun
+    FunAndState =  {fun(_,{extension, _}, UserState) ->
+			    {unknown, UserState};
+		       (_, valid, [ChainLen]) ->
+			    {valid, [ChainLen + 1]};
+		       (_, valid_peer, [2]) ->
+			    {fail, "verify_fun_was_always_run"};
+		       (_, valid_peer, UserState) ->
+			    {valid, UserState}
+		    end, [0]},
+
+    Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port},
+					      {host, Hostname},
+					      {from, self()},
+					      {mfa, {ssl_test_lib,
+						     no_result, []}},
+					      {options,
+					       [{verify, verify_peer},
+						{verify_fun, FunAndState}
+						| ClientOpts]}]),
+    %% Server error may be esslaccept or closed depending on timing
+    %% this is not a bug it is a circumstance of how tcp works!
+    receive
+	{Server, ServerError} ->
+	    test_server:format("Server Error ~p~n", [ServerError])
+    end,
+
+    ssl_test_lib:check_result(Client, {error, esslconnect}).
+
+%%--------------------------------------------------------------------
+verify_fun_always_run_server(doc) ->
+    ["Verify that user verify_fun is always run (for valid and valid_peer not only unknown_extension)"];
+verify_fun_always_run_server(suite) ->
+    [];
+verify_fun_always_run_server(Config) when is_list(Config) ->
+    ClientOpts =  ?config(client_verification_opts, Config),
+    ServerOpts =  ?config(server_verification_opts, Config),
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+    %% If user verify fun is called correctly we fail the connection.
+    %% otherwise we can not tell this case apart form where we miss
+    %% to call users verify fun
+    FunAndState =  {fun(_,{extension, _}, UserState) ->
+			    {unknown, UserState};
+		       (_, valid, [ChainLen]) ->
+			    {valid, [ChainLen + 1]};
+		       (_, valid_peer, [2]) ->
+			    {fail, "verify_fun_was_always_run"};
+		       (_, valid_peer, UserState) ->
+			    {valid, UserState}
+		    end, [0]},
+
+    Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
+					      {from, self()},
+					      {mfa, {ssl_test_lib,
+						     no_result, []}},
+					      {options,
+					       [{verify, verify_peer},
+						{verify_fun, FunAndState} |
+						ServerOpts]}]),
+    Port  = ssl_test_lib:inet_port(Server),
+
+    Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port},
+					      {host, Hostname},
+					      {from, self()},
+					      {mfa, {ssl_test_lib,
+						     no_result, []}},
+					      {options,
+					       [{verify, verify_peer}
+						| ClientOpts]}]),
+
+    %% Client error may be esslconnect or closed depending on timing
+    %% this is not a bug it is a circumstance of how tcp works!
+    receive
+	{Client, ClientError} ->
+	    test_server:format("Client Error ~p~n", [ClientError])
+    end,
+
+    ssl_test_lib:check_result(Server, {error, esslaccept}).
+
 %%--------------------------------------------------------------------
 unknown_server_ca_fail(doc) ->
     ["Test that the client fails if the ca is unknown in verify_peer mode"];
@@ -3649,25 +3799,57 @@ connect_twice(Config) when is_list(Config) ->
     ssl_test_lib:close(Client1).
 
 %%--------------------------------------------------------------------
-renegotiate_dos_mitigate(doc) -> 
+renegotiate_dos_mitigate_active(doc) ->
     ["Mitigate DOS computational attack by not allowing client to renegotiate many times in a row",
     "immediately after each other"];
 
-renegotiate_dos_mitigate(suite) -> 
+renegotiate_dos_mitigate_active(suite) ->
     [];
 
-renegotiate_dos_mitigate(Config) when is_list(Config) -> 
-    ServerOpts = ?config(server_opts, Config),  
-    ClientOpts = ?config(client_opts, Config),  
+renegotiate_dos_mitigate_active(Config) when is_list(Config) ->
+    ServerOpts = ?config(server_opts, Config),
+    ClientOpts = ?config(client_opts, Config),
 
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
-    
-    Server = 
-	ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
+
+    Server =
+	ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 				   {from, self()},
 				   {mfa, {?MODULE, send_recv_result_active, []}},
 				   {options, [ServerOpts]}]),
     Port = ssl_test_lib:inet_port(Server),
+
+    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+					{host, Hostname},
+					{from, self()},
+					{mfa, {?MODULE,
+					       renegotiate_immediately, []}},
+					{options, ClientOpts}]),
+
+    ssl_test_lib:check_result(Client, ok, Server, ok),
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close(Client).
+
+%%--------------------------------------------------------------------
+renegotiate_dos_mitigate_passive(doc) ->
+    ["Mitigate DOS computational attack by not allowing client to renegotiate many times in a row",
+    "immediately after each other"];
+
+renegotiate_dos_mitigate_passive(suite) ->
+    [];
+
+renegotiate_dos_mitigate_passive(Config) when is_list(Config) ->
+    ServerOpts = ?config(server_opts, Config),
+    ClientOpts = ?config(client_opts, Config),
+
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+    Server =
+	ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+				   {from, self()},
+				   {mfa, {?MODULE, send_recv_result, []}},
+				   {options, [{active, false} | ServerOpts]}]),
+    Port = ssl_test_lib:inet_port(Server),
  
     Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
 					{host, Hostname},
@@ -3680,8 +3862,103 @@ renegotiate_dos_mitigate(Config) when is_list(Config) ->
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
 
-  
+%%--------------------------------------------------------------------
+tcp_error_propagation_in_active_mode(doc) ->
+    ["Test that process recives {ssl_error, Socket, closed} when tcp error ocurres"];
+tcp_error_propagation_in_active_mode(Config) when is_list(Config) ->
+    ClientOpts = ?config(client_opts, Config),
+    ServerOpts = ?config(server_opts, Config),
+
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+    Server  = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+					  {from, self()},
+					  {mfa, {ssl_test_lib, no_result, []}},
+					  {options, ServerOpts}]),
+    Port = ssl_test_lib:inet_port(Server),
+    {Client, #sslsocket{pid=Pid} = SslSocket} = ssl_test_lib:start_client([return_socket,
+							       {node, ClientNode}, {port, Port},
+							       {host, Hostname},
+							       {from, self()},
+							       {mfa, {?MODULE, receive_msg, []}},
+							       {options, ClientOpts}]),
+
+    {status, _, _, StatusInfo} = sys:get_status(Pid),
+    [_, _,_, _, Prop] = StatusInfo,
+    State = ssl_test_lib:state(Prop),
+    Socket = element(10, State),
+
+    %% Fake tcp error
+    Pid ! {tcp_error, Socket, etimedout},
+
+    ssl_test_lib:check_result(Client, {ssl_closed, SslSocket}).
+%%--------------------------------------------------------------------
+
+rizzo(doc) -> ["Test that there is a 1/n-1-split for non RC4 in 'TLS < 1.1' as it is
+    vunrable to Rizzo/Dungon attack"];
+
+rizzo(Config) when is_list(Config) ->
+    Ciphers  = [X || X ={_,Y,_} <- ssl:cipher_suites(), Y  =/= rc4_128],
+    run_send_recv_rizzo(Ciphers, Config, sslv3,
+			 {?MODULE, send_recv_result_active_rizzo, []}),
+    run_send_recv_rizzo(Ciphers, Config, tlsv1,
+			 {?MODULE, send_recv_result_active_rizzo, []}).
+
+no_rizzo_rc4(doc) -> 
+    ["Test that there is no 1/n-1-split for RC4 as it is not vunrable to Rizzo/Dungon attack"];
+
+no_rizzo_rc4(Config) when is_list(Config) ->
+    Ciphers = [X || X ={_,Y,_} <- ssl:cipher_suites(),Y == rc4_128],
+    run_send_recv_rizzo(Ciphers, Config, sslv3,
+			{?MODULE, send_recv_result_active_no_rizzo, []}),
+    run_send_recv_rizzo(Ciphers, Config, tlsv1,
+			{?MODULE, send_recv_result_active_no_rizzo, []}).
+
+run_send_recv_rizzo(Ciphers, Config, Version, Mfa) ->
+    Result =  lists:map(fun(Cipher) -> 
+				rizzo_test(Cipher, Config, Version, Mfa) end,
+			Ciphers),
+    case lists:flatten(Result) of
+	[] ->
+	    ok;
+	Error ->
+	    test_server:format("Cipher suite errors: ~p~n", [Error]),
+	    test_server:fail(cipher_suite_failed_see_test_case_log) 
+    end.
+
+rizzo_test(Cipher, Config, Version, Mfa) ->
+   {ClientOpts, ServerOpts} = client_server_opts(Cipher, Config),
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
+					{from, self()}, 
+			   {mfa, Mfa},
+			   {options, [{active, true}, {ciphers, [Cipher]},
+				       {versions, [Version]}
+				      | ServerOpts]}]),
+    Port  = ssl_test_lib:inet_port(Server),
+    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
+					{host, Hostname},
+			   {from, self()}, 
+			   {mfa, Mfa},
+			   {options, [{active, true} | ClientOpts]}]),
     
+    Result = ssl_test_lib:check_result(Server, ok, Client, ok),
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close(Client),
+    case Result of
+	ok ->
+	    [];
+	Error ->
+	    [{Cipher, Error}]
+    end.
+
+client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == rsa orelse KeyAlgo == dhe_rsa ->
+    {?config(client_opts, Config),
+     ?config(server_opts, Config)};   
+client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == dss orelse KeyAlgo == dhe_dss ->
+    {?config(client_dsa_opts, Config),
+     ?config(server_dsa_opts, Config)}.
+
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
@@ -3693,6 +3970,28 @@ send_recv_result(Socket) ->
 send_recv_result_active(Socket) ->
     ssl:send(Socket, "Hello world"),
     receive 
+	{ssl, Socket, "H"} ->
+	    receive 
+		{ssl, Socket, "ello world"} ->
+		    ok
+	    end;
+	{ssl, Socket, "Hello world"} ->
+	    ok
+    end.
+
+send_recv_result_active_rizzo(Socket) ->
+    ssl:send(Socket, "Hello world"),
+    receive 
+	{ssl, Socket, "H"} ->
+	    receive 
+		{ssl, Socket, "ello world"} ->
+		    ok
+	    end
+    end.
+
+send_recv_result_active_no_rizzo(Socket) ->
+    ssl:send(Socket, "Hello world"),
+    receive 
 	{ssl, Socket, "Hello world"} ->
 	    ok
     end.
@@ -3700,6 +3999,12 @@ send_recv_result_active(Socket) ->
 send_recv_result_active_once(Socket) ->
     ssl:send(Socket, "Hello world"),
     receive 
+	{ssl, Socket, "H"} ->
+	    ssl:setopts(Socket, [{active, once}]),
+	    receive 
+		{ssl, Socket, "ello world"} ->
+		    ok
+	    end;
 	{ssl, Socket, "Hello world"} ->
 	    ok
     end.
@@ -3720,14 +4025,20 @@ renegotiate(Socket, Data) ->
     end.
 
 renegotiate_reuse_session(Socket, Data) ->
-    %% Make sure session is registerd
+    %% Make sure session is registered
     test_server:sleep(?SLEEP),
     renegotiate(Socket, Data).
 
 renegotiate_immediately(Socket) ->
     receive 
 	{ssl, Socket, "Hello world"} ->
-	    ok
+	    ok;
+	%% Handle 1/n-1 splitting countermeasure Rizzo/Duong-Beast
+	{ssl, Socket, "H"} ->
+	    receive 
+		{ssl, Socket, "ello world"} ->
+		    ok
+	    end
     end,
     ok = ssl:renegotiate(Socket),  
     {error, renegotiation_rejected} = ssl:renegotiate(Socket),
@@ -3910,8 +4221,17 @@ erlang_ssl_receive(Socket, Data) ->
 	{ssl, Socket, Data} ->
 	    io:format("Received ~p~n",[Data]),
 	    ok;
+	{ssl, Socket, Byte} when length(Byte) == 1 ->  %% Handle 1/n-1 splitting countermeasure Rizzo/Duong-Beast
+	    io:format("Received ~p~n",[Byte]),
+	    erlang_ssl_receive(Socket, tl(Data));
 	Other ->
 	    test_server:fail({unexpected_message, Other})
     after ?SLEEP * 3 ->
 	    test_server:fail({did_not_get, Data})
     end.
+
+receive_msg(_) ->
+    receive
+	Msg ->
+	   Msg
+    end.
diff --git a/lib/ssl/test/ssl_dist_SUITE.erl b/lib/ssl/test/ssl_dist_SUITE.erl
index 8fe55ee7a4..06182970e3 100644
--- a/lib/ssl/test/ssl_dist_SUITE.erl
+++ b/lib/ssl/test/ssl_dist_SUITE.erl
@@ -26,7 +26,7 @@
 
 -define(DEFAULT_TIMETRAP_SECS, 240).
 
--define(AWAIT_SLL_NODE_UP_TIMEOUT, 30000).
+-define(AWAIT_SSL_NODE_UP_TIMEOUT, 30000).
 
 -record(node_handle,
 	{connection_handler,
@@ -120,6 +120,12 @@ basic(Config) when is_list(Config) ->
     pang = net_adm:ping(Node1),
     pang = net_adm:ping(Node2),
 
+    %% SSL nodes should not be able to communicate with the test_server node
+    %% either (and ping should return eventually).
+    TestServer = node(),
+    pang = apply_on_ssl_node(NH1, fun () -> net_adm:ping(TestServer) end),
+    pang = apply_on_ssl_node(NH2, fun () -> net_adm:ping(TestServer) end),
+
     %%
     %% Check that we are able to communicate over the erlang
     %% distribution between the ssl nodes.
@@ -380,7 +386,7 @@ mk_node_cmdline(ListenPort, Name, Args) ->
 %%
 
 await_ssl_node_up(Name, LSock) ->
-    case gen_tcp:accept(LSock, ?AWAIT_SLL_NODE_UP_TIMEOUT) of
+    case gen_tcp:accept(LSock, ?AWAIT_SSL_NODE_UP_TIMEOUT) of
 	timeout ->
 	    gen_tcp:close(LSock),
 	    ?t:format("Timeout waiting for ssl node ~s to come up~n",
diff --git a/lib/ssl/test/ssl_packet_SUITE.erl b/lib/ssl/test/ssl_packet_SUITE.erl
index 9d2599b778..4b74f57a60 100644
--- a/lib/ssl/test/ssl_packet_SUITE.erl
+++ b/lib/ssl/test/ssl_packet_SUITE.erl
@@ -158,14 +158,24 @@ all() ->
      packet_asn1_decode, packet_asn1_decode_list,
      packet_tpkt_decode, packet_tpkt_decode_list,
      packet_sunrm_decode, packet_sunrm_decode_list,
-     header_decode_one_byte, header_decode_two_bytes,
-     header_decode_two_bytes_one_sent,
-     header_decode_two_bytes_two_sent].
+     {group, header}
+    ].
 
 groups() -> 
-    [].
+    [{header, [], [ header_decode_one_byte,  
+		    header_decode_two_bytes, 
+		    header_decode_two_bytes_one_sent,
+		    header_decode_two_bytes_two_sent]}].
+
+init_per_group(header, Config) ->
+    case ssl_record:highest_protocol_version(ssl_record:supported_protocol_versions()) of
+	{3, N} when N < 2 ->
+	    {skip, ""};
+	_ ->
+	    Config
+    end;
 
-init_per_group(_GroupName, Config) ->
+init_per_group(_, Config) ->
     Config.
 
 end_per_group(_GroupName, Config) ->
@@ -2626,6 +2636,13 @@ active_once_raw(_, _, 0, _) ->
     ok;
 active_once_raw(Socket, Data, N, Acc) ->
     receive 
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    ssl:setopts(Socket, [{active, once}]),
+	    receive 
+		{ssl, Socket, _} ->
+		    ssl:setopts(Socket, [{active, once}]),
+		    active_once_raw(Socket, Data, N-1, [])
+	    end;
 	{ssl, Socket, Data} ->
 	    ssl:setopts(Socket, [{active, once}]),
 	    active_once_raw(Socket, Data, N-1, []);
@@ -2648,7 +2665,14 @@ active_once_packet(Socket,_, 0) ->
 	    {other, Other, ssl:session_info(Socket), 0}
     end;
 active_once_packet(Socket, Data, N) ->
-    receive 
+    receive 	
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    ssl:setopts(Socket, [{active, once}]),
+	    receive 
+		{ssl, Socket, _} ->
+		    ssl:setopts(Socket, [{active, once}]),
+		    active_once_packet(Socket, Data, N-1)
+	    end;
 	{ssl, Socket, Data} ->
 	    ok
     end,
@@ -2662,6 +2686,11 @@ active_raw(_Socket, _, 0, _) ->
     ok;
 active_raw(Socket, Data, N, Acc) ->
     receive 
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    receive
+		{ssl, Socket, _} ->
+		    active_raw(Socket, Data, N -1)
+	    end;
 	{ssl, Socket, Data} ->
 	    active_raw(Socket, Data, N-1, []);
 	{ssl, Socket, Other} ->
@@ -2682,6 +2711,11 @@ active_packet(Socket, _, 0) ->
     end;
 active_packet(Socket, Data, N) ->
     receive 
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    receive
+		{ssl, Socket, _} ->
+		    active_packet(Socket, Data, N -1)
+		end;
 	{ssl, Socket, Data} ->
 	    active_packet(Socket, Data, N -1);
 	Other ->
diff --git a/lib/ssl/test/ssl_session_cache_SUITE.erl b/lib/ssl/test/ssl_session_cache_SUITE.erl
index 8cdfdec2ce..491aa893c2 100644
--- a/lib/ssl/test/ssl_session_cache_SUITE.erl
+++ b/lib/ssl/test/ssl_session_cache_SUITE.erl
@@ -210,7 +210,7 @@ session_cleanup(Config)when is_list(Config) ->
 
     {status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)),
     [_, _,_, _, Prop] = StatusInfo,
-    State = state(Prop),
+    State = ssl_test_lib:state(Prop),
     Cache = element(2, State),
     SessionTimer = element(6, State),
 
@@ -225,9 +225,10 @@ session_cleanup(Config)when is_list(Config) ->
     check_timer(SessionTimer),
     test_server:sleep(?DELAY *2),  %% Delay time + some extra time
 
-    DelayTimer = get_delay_timer(),
+    {ServerDelayTimer, ClientDelayTimer} = get_delay_timers(),
 
-    check_timer(DelayTimer),
+    check_timer(ServerDelayTimer),
+    check_timer(ClientDelayTimer),
 
     test_server:sleep(?SLEEP),  %% Make sure clean has had time to run
 
@@ -238,31 +239,34 @@ session_cleanup(Config)when is_list(Config) ->
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
 
-state([{data,[{"State", State}]} | _]) ->
-    State;
-state([_ | Rest]) ->
-    state(Rest).
-
 check_timer(Timer) ->
     case erlang:read_timer(Timer) of
 	false ->
 	    {status, _, _, _} = sys:get_status(whereis(ssl_manager)),
+	    timer:sleep(?SLEEP),
+	    {status, _, _, _} = sys:get_status(whereis(ssl_manager)),
 	    ok;
 	Int ->
 	    test_server:sleep(Int),
 	    check_timer(Timer)
     end.
 
-get_delay_timer() ->
+get_delay_timers() ->
     {status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)),
     [_, _,_, _, Prop] = StatusInfo,
-    State = state(Prop),
+    State = ssl_test_lib:state(Prop),
     case element(7, State) of
-	undefined ->
+	{undefined, undefined} ->
+	    test_server:sleep(?SLEEP),
+	    get_delay_timers();
+	{undefined, _} ->
+	    test_server:sleep(?SLEEP),
+	    get_delay_timers();
+	{_, undefined} ->
 	    test_server:sleep(?SLEEP),
-	    get_delay_timer();
-	DelayTimer ->
-	    DelayTimer
+	    get_delay_timers();
+	DelayTimers ->
+	    DelayTimers
     end.
 %%--------------------------------------------------------------------
 session_cache_process_list(doc) ->
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 46a8112a41..fa8a1826f2 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -662,6 +662,9 @@ cipher_result(Socket, Result) ->
     %% to properly test "cipher state" handling
     ssl:send(Socket, "Hello\n"),
     receive 
+	{ssl, Socket, "H"} ->
+	    ssl:send(Socket, " world\n"),
+	    receive_rizzo_duong_beast();
 	{ssl, Socket, "Hello\n"} ->
 	    ssl:send(Socket, " world\n"),
 	    receive
@@ -687,3 +690,21 @@ public_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
     public_key:der_decode('DSAPrivateKey', iolist_to_binary(Key));
 public_key(Key) ->
     Key.
+receive_rizzo_duong_beast() ->
+    receive 
+	{ssl, _, "ello\n"} ->
+	    receive 
+		{ssl, _, " "} ->
+		    receive
+			{ssl, _, "world\n"} ->
+			    ok
+		    end
+	    end
+    end.
+
+state([{data,[{"State", State}]} | _]) ->
+    State;
+state([{data,[{"StateData", State}]} | _]) ->
+    State;
+state([_ | Rest]) ->
+    state(Rest).
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index f37baeb9de..01fca1f166 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -849,7 +849,9 @@ ssl3_erlang_server_erlang_client_client_cert(Config) when is_list(Config) ->
     Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
 					{from, self()}, 
 					{mfa, {?MODULE, 
-					       erlang_ssl_receive, [Data]}},
+					       erlang_ssl_receive, 
+					       %% Due to 1/n-1 splitting countermeasure Rizzo/Duong-Beast
+					       [Data]}},
 					{options, 
 					 [{verify , verify_peer} 
 					  | ServerOpts]}]),
@@ -858,6 +860,7 @@ ssl3_erlang_server_erlang_client_client_cert(Config) when is_list(Config) ->
     Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 					{host, Hostname},
 					{from, self()}, 
+					%% Due to 1/n-1 splitting countermeasure Rizzo/Duong-Beast
 					{mfa, {ssl, send, [Data]}},
 					{options, 
 					 [{versions, [sslv3]} | ClientOpts]}]),
@@ -869,6 +872,7 @@ ssl3_erlang_server_erlang_client_client_cert(Config) when is_list(Config) ->
     process_flag(trap_exit, false),
     ok.
 
+
 %%--------------------------------------------------------------------
 
 tls1_erlang_client_openssl_server(doc) ->
@@ -1350,6 +1354,8 @@ erlang_ssl_receive(Socket, Data) ->
 	    %% open_ssl server sometimes hangs waiting in blocking read
 	    ssl:send(Socket, "Got it"), 
 	    ok;
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    erlang_ssl_receive(Socket, tl(Data));
 	{Port, {data,Debug}} when is_port(Port) ->
 	    io:format("openssl ~s~n",[Debug]),
 	    erlang_ssl_receive(Socket,Data);
@@ -1440,8 +1446,8 @@ check_sane_openssl_renegotaite(Config) ->
 
 check_sane_openssl_sslv2(Config) ->
     case os:cmd("openssl version") of
-	"OpenSSL 1.0.0e" ++ _ ->
-	    {skip, "Known option bug"};
+	"OpenSSL 1.0.0" ++ _ ->
+	    {skip, "sslv2 by default turned of in 1.*"};
 	_ ->
 	    Config
     end.
diff --git a/lib/stdlib/doc/src/Makefile b/lib/stdlib/doc/src/Makefile
index 16e0a86e3b..6c92756ae7 100644
--- a/lib/stdlib/doc/src/Makefile
+++ b/lib/stdlib/doc/src/Makefile
@@ -83,7 +83,6 @@ XML_REF3_FILES = \
 	queue.xml \
 	random.xml \
 	re.xml \
-	regexp.xml \
 	sets.xml \
 	shell.xml \
 	shell_default.xml \
diff --git a/lib/stdlib/doc/src/binary.xml b/lib/stdlib/doc/src/binary.xml
index 88ce77e0d0..7ce2defb72 100644
--- a/lib/stdlib/doc/src/binary.xml
+++ b/lib/stdlib/doc/src/binary.xml
@@ -505,7 +505,7 @@
       <type>
         <v>Subject = binary()</v>
         <v>Pos = integer() >= 0</v>
-        <v>Len = integer() >= 0</v>
+        <v>Len = integer()</v>
       </type>
       <desc>
       <p>The same as <c>part(Subject, {Pos, Len})</c>.</p>
diff --git a/lib/stdlib/doc/src/filename.xml b/lib/stdlib/doc/src/filename.xml
index bc3a616d39..9296319b83 100644
--- a/lib/stdlib/doc/src/filename.xml
+++ b/lib/stdlib/doc/src/filename.xml
@@ -295,6 +295,12 @@
         <p>Finds the source filename and compiler options for a module.
           The result can be fed to <c>compile:file/2</c> in order to
           compile the file again.</p>
+
+	<warning><p>We don't recommend using this function. If possible,
+	use <seealso marker="beam_lib">beam_lib(3)</seealso> to extract
+	the abstract code format from the BEAM file and compile that
+	instead.</p></warning>
+
         <p>The <c><anno>Beam</anno></c> argument, which can be a string or an atom,
           specifies either the module name or the path to the source
           code, with or without the <c>".erl"</c> extension. In either
diff --git a/lib/stdlib/doc/src/gb_trees.xml b/lib/stdlib/doc/src/gb_trees.xml
index 65c866efbe..9316d60b1a 100644
--- a/lib/stdlib/doc/src/gb_trees.xml
+++ b/lib/stdlib/doc/src/gb_trees.xml
@@ -132,15 +132,6 @@
       </desc>
     </func>
     <func>
-      <name name="lookup" arity="2"/>
-      <fsummary>Look up a key in a tree</fsummary>
-      <desc>
-        <p>Looks up <c><anno>Key</anno></c> in <c><anno>Tree</anno></c>; returns
-          <c>{value, <anno>Val</anno>}</c>, or <c>none</c> if <c><anno>Key</anno></c> is not
-          present.</p>
-      </desc>
-    </func>
-    <func>
       <name name="insert" arity="3"/>
       <fsummary>Insert a new key and value in a tree</fsummary>
       <desc>
@@ -196,6 +187,15 @@
       </desc>
     </func>
     <func>
+      <name name="lookup" arity="2"/>
+      <fsummary>Look up a key in a tree</fsummary>
+      <desc>
+        <p>Looks up <c><anno>Key</anno></c> in <c><anno>Tree</anno></c>; returns
+          <c>{value, <anno>Val</anno>}</c>, or <c>none</c> if <c><anno>Key</anno></c> is not
+          present.</p>
+      </desc>
+    </func>
+    <func>
       <name name="map" arity="2"/>
       <fsummary>Return largest key and value</fsummary>
          <desc><p>Maps the function F(<anno>K</anno>, <anno>V1</anno>) -> <anno>V2</anno> to all key-value pairs
diff --git a/lib/stdlib/doc/src/gen_event.xml b/lib/stdlib/doc/src/gen_event.xml
index 0f50b37de6..ef81b06500 100644
--- a/lib/stdlib/doc/src/gen_event.xml
+++ b/lib/stdlib/doc/src/gen_event.xml
@@ -210,12 +210,13 @@ gen_event:stop             ----->  Module:terminate/2
           handlers using the same callback module.</p>
         <p><c>Args</c> is an arbitrary term which is passed as the argument
           to <c>Module:init/1</c>.</p>
-        <p>If <c>Module:init/1</c> returns a correct value, the event
-          manager adds the event handler and this function returns
+        <p>If <c>Module:init/1</c> returns a correct value indicating
+          successful completion, the event manager adds the event
+          handler and this function returns
           <c>ok</c>. If <c>Module:init/1</c> fails with <c>Reason</c> or
-          returns an unexpected value <c>Term</c>, the event handler is
+          returns <c>{error,Reason}</c>, the event handler is
           ignored and this function returns <c>{'EXIT',Reason}</c> or
-          <c>Term</c>, respectively.</p>
+          <c>{error,Reason}</c>, respectively.</p>
       </desc>
     </func>
     <func>
@@ -479,12 +480,13 @@ gen_event:stop             ----->  Module:terminate/2
   </section>
   <funcs>
     <func>
-      <name>Module:init(InitArgs) -> {ok,State} | {ok,State,hibernate}</name>
+      <name>Module:init(InitArgs) -> {ok,State} | {ok,State,hibernate} | {error,Reason}</name>
       <fsummary>Initialize an event handler.</fsummary>
       <type>
         <v>InitArgs = Args | {Args,Term}</v>
         <v>&nbsp;Args = Term = term()</v>
         <v>State = term()</v>
+	<v>Reason = term()</v>
       </type>
       <desc>
         <p>Whenever a new event handler is added to an event manager,
@@ -501,8 +503,9 @@ gen_event:stop             ----->  Module:terminate/2
           the argument provided in the function call/return tuple and
           <c>Term</c> is the result of terminating the old event handler,
           see <c>gen_event:swap_handler/3</c>.</p>
-        <p>The function should return <c>{ok,State}</c> or <c>{ok,State, hibernate}</c>
-	  where <c>State</c> is the initial internal state of the event handler.</p>
+        <p>If successful, the function should return <c>{ok,State}</c>
+	  or <c>{ok,State,hibernate}</c> where <c>State</c> is the
+	  initial internal state of the event handler.</p>
 	<p>If <c>{ok,State,hibernate}</c> is returned, the event
 	  manager will go into hibernation (by calling <seealso
 	  marker="proc_lib#hibernate/3">proc_lib:hibernate/3</seealso>),
diff --git a/lib/stdlib/doc/src/gen_server.xml b/lib/stdlib/doc/src/gen_server.xml
index 90b77d5cb6..9edff1b9cf 100644
--- a/lib/stdlib/doc/src/gen_server.xml
+++ b/lib/stdlib/doc/src/gen_server.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1996</year><year>2010</year>
+      <year>1996</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -585,13 +585,14 @@ gen_server:abcast     -----> Module:handle_cast/2
       </desc>
     </func>
     <func>
-      <name>Module:code_change(OldVsn, State, Extra) -> {ok, NewState}</name>
+      <name>Module:code_change(OldVsn, State, Extra) -> {ok, NewState} | {error, Reason}</name>
       <fsummary>Update the internal state during upgrade/downgrade.</fsummary>
       <type>
         <v>OldVsn = Vsn | {down, Vsn}</v>
         <v>&nbsp;&nbsp;Vsn = term()</v>
         <v>State = NewState = term()</v>
         <v>Extra = term()</v>
+	<v>Reason = term()</v>
       </type>
       <desc>
         <p>This function is called by a gen_server when it should
@@ -610,7 +611,10 @@ gen_server:abcast     -----> Module:handle_cast/2
         <p><c>State</c> is the internal state of the gen_server.</p>
         <p><c>Extra</c> is passed as-is from the <c>{advanced,Extra}</c>
           part of the update instruction.</p>
-        <p>The function should return the updated internal state.</p>
+        <p>If successful, the function shall return the updated
+          internal state.</p>
+	<p>If the function returns <c>{error,Reason}</c>, the ongoing
+	  upgrade will fail and roll back to the old release.</p>
       </desc>
     </func>
     <func>
diff --git a/lib/stdlib/doc/src/io.xml b/lib/stdlib/doc/src/io.xml
index 667d758e29..e6d262466c 100644
--- a/lib/stdlib/doc/src/io.xml
+++ b/lib/stdlib/doc/src/io.xml
@@ -70,7 +70,7 @@
       <desc>
         <p>Either <c>standard_io</c>, <c>standard_error</c>, a
           registered name, or a pid handling IO protocols (returned from
-            <seealso marker="file#open/2">file:open/2</seealso>).</p>
+            <seealso marker="kernel:file#open/2">file:open/2</seealso>).</p>
       </desc>
     </datatype>
     <datatype>
diff --git a/lib/stdlib/doc/src/io_protocol.xml b/lib/stdlib/doc/src/io_protocol.xml
index 3e8ab1affc..0ff3d5c1ee 100644
--- a/lib/stdlib/doc/src/io_protocol.xml
+++ b/lib/stdlib/doc/src/io_protocol.xml
@@ -50,10 +50,10 @@ current I/O-protocol.</p>
 and execution time efficiency has triggered extensions to the protocol
 over the years, making the protocol larger and somewhat less easy to
 implement than the original. It can certainly be argumented that the
-current protocol is to complex, but this text describes how it looks
+current protocol is too complex, but this text describes how it looks
 today, not how it should have looked.</p>
 
-<p>The basic ideas from the original protocol still holds. The io_server
+<p>The basic ideas from the original protocol still hold. The io_server
 and client communicate with one single, rather simplistic protocol and
 no server state is ever present in the client. Any io_server can be
 used together with any client code and client code need not be aware
@@ -62,7 +62,7 @@ of the actual device the io_server communicates with.</p>
 <section>
 <title>Protocol basics</title>
 
-<p>As described in Roberts paper, servers and clients communicate using
+<p>As described in Robert's paper, servers and clients communicate using
 io_request/io_reply tuples as follows:</p>
 
 <p><em>{io_request, From, ReplyAs, Request}</em><br/>
@@ -103,7 +103,7 @@ Reply part.</p>
 <em>{put_chars, Encoding, Module, Function, Args}</em>
 </p>
 <list type="bulleted">
-<item>Encoding is either 'latin1' or 'unicode', meaning that the
+<item>Encoding is either 'unicode' or 'latin1', meaning that the
   characters are (in case of binaries) encoded as either UTF-8 or
   iso-latin-1 (pure bytes). A well behaved io_server should also
   return error if list elements contain integers > 255 when the
@@ -116,13 +116,13 @@ Reply part.</p>
   produces. Note that byte-oriented data is simplest sent using latin1
   Encoding</item>
 
-<item>Characters are the data to be put on the device. If encoding is
-  latin1, this is an iolist(). If encoding is unicode, this is an
+<item>Characters are the data to be put on the device. If Encoding is
+  latin1, this is an iolist(). If Encoding is unicode, this is an
   Erlang standard mixed unicode list (one integer in a list per
   character, characters in binaries represented as UTF-8).</item>
 
 <item>Module, Function, Args denotes a function which will be called to
-  produce the data (like io_lib:format), Args is a list of arguments
+  produce the data (like io_lib:format). Args is a list of arguments
   to the function. The function should produce data in the given
   Encoding. The io_server should call the function as apply(Mod, Func,
   Args) and will put the returned data on the device as if it was sent
@@ -164,7 +164,7 @@ latin1, Module, Function, Args} respectively. </p>
 <list type="bulleted">
 <item>Encoding denotes how data is to be sent back to the client and
   what data is sent to the function denoted by
-  Module/Function/Arity. If the function supplied returns data as a
+  Module/Function/ExtraArgs. If the function supplied returns data as a
   list, the data is converted to this encoding. If however the
   function supplied returns data in some other format, no conversion
   can be done and it's up to the client supplied function to return
@@ -179,7 +179,7 @@ latin1, Module, Function, Args} respectively. </p>
 <item>Prompt is a list of characters (not mixed, no binaries) or an atom()
   to be output as a prompt for input on the device. The Prompt is
   often ignored by the io_server and a Prompt set to '' should always
-  be ignored (and result in nothing being written to the device). </item>
+  be ignored (and result in nothing being written to the device).</item>
 
 <item><p>Module, Function, ExtraArgs denotes a function and arguments to
   determine when enough data is written. The function should take two
@@ -550,7 +550,7 @@ request({get_line, Encoding, _Prompt}, State) -&gt;
 </code>
 
 <p>Here we have cheated a little by more or less only implementing
-get_until and using internal helpers to implement get__chars and
+get_until and using internal helpers to implement get_chars and
 get_line. In production code, this might be to inefficient, but that
 of course depends on the frequency of the different requests. Before
 we start actually implementing the functions put_chars/2 and
@@ -618,7 +618,7 @@ encounter an error or the list is exhausted. The last return value is
 sent back to the client (it's first returned to the main loop and then
 sent back by the function io_reply).</p>
 
-<p>The getopt and setopt requests is also simple to handle, we just
+<p>The getopt and setopt requests are also simple to handle, we just
 change or read our state record:</p>
 
 <code>
diff --git a/lib/stdlib/doc/src/ms_transform.xml b/lib/stdlib/doc/src/ms_transform.xml
index f81f8bda96..ad5f8bd5ac 100644
--- a/lib/stdlib/doc/src/ms_transform.xml
+++ b/lib/stdlib/doc/src/ms_transform.xml
@@ -308,7 +308,7 @@ ets:select(emp_tab, ets:fun2ms(
       Erlang code. Also arithmetics is allowed, as well as ordinary guard
       bif's. Here's a list of bif's and expressions:</p>
     <list type="bulleted">
-      <item>The type tests: is_atom, is_constant, is_float, is_integer,
+      <item>The type tests: is_atom, is_float, is_integer,
        is_list, is_number, is_pid, is_port, is_reference, is_tuple,
        is_binary, is_function, is_record</item>
       <item>The boolean operators: not, and, or, andalso, orelse </item>
@@ -318,7 +318,7 @@ ets:select(emp_tab, ets:fun2ms(
       <item>The guard bif's: abs, element, hd, length, node, round, size, tl, 
        trunc, self</item>
       <item>The obsolete type test (only in guards):
-       atom, constant, float, integer,
+       atom, float, integer,
        list, number, pid, port, reference, tuple,
        binary, function, record</item>
     </list>
diff --git a/lib/stdlib/doc/src/notes.xml b/lib/stdlib/doc/src/notes.xml
index d9c220b996..42a26ee44a 100644
--- a/lib/stdlib/doc/src/notes.xml
+++ b/lib/stdlib/doc/src/notes.xml
@@ -30,6 +30,297 @@
   </header>
   <p>This document describes the changes made to the STDLIB application.</p>
 
+<section><title>STDLIB 1.18</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Improved algorithm in module <c>random</c>. Avoid seed
+	    values that are even divisors of the primes and by that
+	    prevent getting sub-seeds that are stuck on zero. Worst
+	    case was random:seed(0,0,0) that produced a series of
+	    only zeros. This is an incompatible change in the sense
+	    that applications that relies on reproducing a specific
+	    series for a given seed will fail. The pseudo random
+	    output is still deterministic but different compared to
+	    earlier versions.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-8713</p>
+        </item>
+        <item>
+	    <p> Calls to <c>global:whereis_name/1</c> have been
+	    substituted for calls to
+	    <c>global:safe_whereis_name/1</c> since the latter is not
+	    safe at all.</p>
+	    <p>The reason for not doing this earlier is that setting
+	    a global lock masked out a bug concerning the restart of
+	    supervised children. The bug has now been fixed by a
+	    modification of <c>global:whereis_name/1</c>. (Thanks to
+	    Ulf Wiger for code contribution.)</p>
+	    <p>A minor race conditions in <c>gen_fsm:start*</c> has
+	    been fixed: if one of these functions returned <c>{error,
+	    Reason}</c> or ignore, the name could still be registered
+	    (either locally or in <c>global</c>. (This is the same
+	    modification as was done for gen_server in OTP-7669.)</p>
+	    <p>The undocumented function
+	    <c>global:safe_whereis_name/1</c> has been removed. </p>
+          <p>
+	    Own Id: OTP-9212 Aux Id: seq7117, OTP-4174 </p>
+        </item>
+        <item>
+          <p>
+	    If a child of a supervisor terminates with reason
+	    {shutdown,Term} it is now handled by the supervisor as if
+	    the reason was 'shutdown'. </p>
+          <p>
+	    For children with restart type 'permanent', this implies
+	    no change. For children with restart type 'transient',
+	    the child will no longer be restarted and no supervisor
+	    report will be written. For children with restart type
+	    'temporary', no supervisor report will be written.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9222</p>
+        </item>
+        <item>
+          <p>
+	    Minor improvement of documentation regarding supervisor
+	    restart strategy for temporary and transient child
+	    processes.</p>
+          <p>
+	    Own Id: OTP-9381</p>
+        </item>
+        <item>
+	    <p>A Dets table with sufficiently large buckets could not
+	    always be repaired. This bug has been fixed. </p> <p>The
+	    format of Dets files has been modified. When downgrading
+	    tables created with the new system will be repaired.
+	    Otherwise the modification should not be noticeable. </p>
+          <p>
+	    Own Id: OTP-9607</p>
+        </item>
+        <item>
+	    <p> A few contracts in the <c>lists</c> module have been
+	    corrected. </p>
+          <p>
+	    Own Id: OTP-9616</p>
+        </item>
+        <item>
+          <p>
+	    Add '-callback' attributes in stdlib's behaviours</p>
+          <p>
+	    Replace the behaviour_info(callbacks) export in stdlib's
+	    behaviours with -callback' attributes for all the
+	    callbacks. Update the documentation with information on
+	    the callback attribute Automatically generate
+	    'behaviour_info' function from '-callback' attributes</p>
+          <p>
+	    'behaviour_info(callbacks)' is a special function that is
+	    defined in a module which describes a behaviour and
+	    returns a list of its callbacks.</p>
+          <p>
+	    This function is now automatically generated using the
+	    '-callback' specs. An error is returned by lint if user
+	    defines both '-callback' attributes and the
+	    behaviour_info/1 function. If no type info is needed for
+	    a callback use a generic spec for it. Add '-callback'
+	    attribute to language syntax</p>
+          <p>
+	    Behaviours may define specs for their callbacks using the
+	    familiar spec syntax, replacing the '-spec' keyword with
+	    '-callback'. Simple lint checks are performed to ensure
+	    that no callbacks are defined twice and all types
+	    referred are declared.</p>
+          <p>
+	    These attributes can be then used by tools to provide
+	    documentation to the behaviour or find discrepancies in
+	    the callback definitions in the callback module.</p>
+          <p>
+	    Add callback specs into 'application' module in kernel
+	    Add callback specs to tftp module following internet
+	    documentation Add callback specs to inets_service module
+	    following possibly deprecated comments</p>
+          <p>
+	    Own Id: OTP-9621</p>
+        </item>
+        <item>
+	    <p> If a Dets table had been properly closed but the
+	    space management data could not been read, it was not
+	    possible to repair the file. This bug has been fixed.
+	    </p>
+          <p>
+	    Own Id: OTP-9622</p>
+        </item>
+        <item>
+          <p>
+	    The Unicode noncharacter code points 16#FFFE and 16#FFFE
+	    were not allowed to be encoded or decoded using the
+	    <c>unicode</c> module or bit syntax. That was
+	    inconsistent with the other noncharacters 16#FDD0 to
+	    16#FDEF that could be encoded/decoded. To resolve the
+	    inconsistency, 16#FFFE and 16#FFFE can now be encoded and
+	    decoded. (Thanks to Alisdair Sullivan.)</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9624</p>
+        </item>
+        <item>
+          <p>
+	    Make epp search directory of current file first when
+	    including another file This completes a partial fix in
+	    R11 that only worked for include_lib(). (Thanks to
+	    Richard Carlsson)</p>
+          <p>
+	    Own Id: OTP-9645</p>
+        </item>
+        <item>
+          <p>
+	    ms_transform: Fix incorrect `variable shadowed' warnings</p>
+          <p>
+	    This patch removes incorrect passing of variable bindings
+	    from one function clause to another. (Thanks to Haitao
+	    Li)</p>
+          <p>
+	    Own Id: OTP-9646</p>
+        </item>
+        <item>
+          <p>
+	    Explicitly kill dynamic children in supervisors</p>
+          <p>
+	    According to the supervisor's documentation: "Important
+	    note on simple-one-for-one supervisors: The dynamically
+	    created child processes of a simple-one-for-one
+	    supervisor are not explicitly killed, regardless of
+	    shutdown strategy, but are expected to terminate when the
+	    supervisor does (that is, when an exit signal from the
+	    parent process is received)."</p>
+          <p>
+	    All is fine as long as we stop simple_one_for_one
+	    supervisor manually. Dynamic children catch the exit
+	    signal from the supervisor and leave. But, if this
+	    happens when we stop an application, after the top
+	    supervisor has stopped, the application master kills all
+	    remaining processes associated to this application. So,
+	    dynamic children that trap exit signals can be killed
+	    during their cleanup (here we mean inside terminate/2).
+	    This is unpredictable and highly time-dependent.</p>
+          <p>
+	    In this commit, supervisor module is patched to
+	    explicitly terminate dynamic children accordingly to the
+	    shutdown strategy.</p>
+          <p>
+	    NOTE: Order in which dynamic children are stopped is not
+	    defined. In fact, this is "almost" done at the same time.</p>
+          <p>
+	    Stack errors when dynamic children are stopped</p>
+          <p>
+	    Because a simple_one_for_one supervisor can have many
+	    workers, we stack errors during its shutdown to report
+	    only one message for each encountered error type. Instead
+	    of reporting the child's pid, we use the number of
+	    concerned children. (Thanks to Christopher Faulet)</p>
+          <p>
+	    Own Id: OTP-9647</p>
+        </item>
+        <item>
+          <p>
+	    Allow an infinite timeout to shutdown worker processes</p>
+          <p>
+	    Now, in child specification, the shutdown value can also
+	    be set to infinity for worker children. This restriction
+	    was removed because this is not always possible to
+	    predict the shutdown time for a worker. This is highly
+	    application-dependent. Add a warning to docs about
+	    workers' shutdown strategy (Thanks to Christopher Faulet)</p>
+          <p>
+	    Own Id: OTP-9648</p>
+        </item>
+        <item>
+          <p>
+	    A badarg would sometimes occur in supervisor when
+	    printing error reports and the child pid was undefined.
+	    This has been corrected.</p>
+          <p>
+	    Own Id: OTP-9669</p>
+        </item>
+        <item>
+          <p>
+	    Fix re:split spec not to accept option 'global'(Thanks to
+	    Shunichi Shinohara)</p>
+          <p>
+	    Own Id: OTP-9691</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p> Fix a few tests that used to fail on the HiPE
+	    platform. </p>
+          <p>
+	    Own Id: OTP-9637</p>
+        </item>
+        <item>
+	    <p>Variables are now now allowed in '<c>fun M:F/A</c>' as
+	    suggested by Richard O'Keefe in EEP-23.</p>
+	    <p>The representation of '<c>fun M:F/A</c>' in the
+	    abstract format has been changed in an incompatible way.
+	    Tools that directly read or manipulate the abstract
+	    format (such as parse transforms) may need to be updated.
+	    The compiler can handle both the new and the old format
+	    (i.e. extracting the abstract format from a pre-R15 BEAM
+	    file and compiling it using compile:forms/1,2 will work).
+	    The <c>syntax_tools</c> application can also handle both
+	    formats.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9643</p>
+        </item>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+        <item>
+          <p>
+	    The deprecated '<c>regexp</c>' module has been removed.
+	    Use the '<c>re</c>' module instead.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9737</p>
+        </item>
+        <item>
+          <p>
+	    <c>filename:find_src/1,2</c> will now work on stripped
+	    BEAM files (reported by Per Hedeland). The HiPE compiler
+	    will also work on stripped BEAM files. The BEAM compiler
+	    will no longer include compilation options given in the
+	    source code itself in <c>M:module_info(compile)</c>
+	    (because those options will be applied anyway if the
+	    module is re-compiled).</p>
+          <p>
+	    Own Id: OTP-9752</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>STDLIB 1.17.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/stdlib/doc/src/re.xml b/lib/stdlib/doc/src/re.xml
index 18867cfb68..6d5336796c 100644
--- a/lib/stdlib/doc/src/re.xml
+++ b/lib/stdlib/doc/src/re.xml
@@ -41,8 +41,7 @@
     strings and binaries.</p>
 
     <p>The regular expression syntax and semantics resemble that of
-    Perl. This library replaces the deprecated pure-Erlang regexp
-    library; it has a richer syntax, more options and is faster.</p>
+    Perl.</p>
 
     <p>The library's matching algorithms are currently based on the
     PCRE library, but not all of the PCRE library is interfaced and
diff --git a/lib/stdlib/doc/src/ref_man.xml b/lib/stdlib/doc/src/ref_man.xml
index 85aae6151d..0f277f6c5e 100644
--- a/lib/stdlib/doc/src/ref_man.xml
+++ b/lib/stdlib/doc/src/ref_man.xml
@@ -4,7 +4,7 @@
 <application xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>1996</year><year>2010</year>
+      <year>1996</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -80,7 +80,6 @@
   <xi:include href="queue.xml"/>
   <xi:include href="random.xml"/>
   <xi:include href="re.xml"/>
-  <xi:include href="regexp.xml"/>
   <xi:include href="sets.xml"/>
   <xi:include href="shell.xml"/>
   <xi:include href="shell_default.xml"/>
diff --git a/lib/stdlib/doc/src/regexp.xml b/lib/stdlib/doc/src/regexp.xml
deleted file mode 100644
index 35d8e1c3f8..0000000000
--- a/lib/stdlib/doc/src/regexp.xml
+++ /dev/null
@@ -1,381 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE erlref SYSTEM "erlref.dtd">
-
-<erlref>
-  <header>
-    <copyright>
-      <year>1996</year><year>2011</year>
-      <holder>Ericsson AB. All Rights Reserved.</holder>
-    </copyright>
-    <legalnotice>
-      The contents of this file are subject to the Erlang Public License,
-      Version 1.1, (the "License"); you may not use this file except in
-      compliance with the License. You should have received a copy of the
-      Erlang Public License along with this software. If not, it can be
-      retrieved online at http://www.erlang.org/.
-    
-      Software distributed under the License is distributed on an "AS IS"
-      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-      the License for the specific language governing rights and limitations
-      under the License.
-    
-    </legalnotice>
-
-    <title>regexp</title>
-    <prepared>Robert Virding</prepared>
-    <responsible>Bjarne Dacker</responsible>
-    <docno>1</docno>
-    <approved>Bjarne D&auml;cker</approved>
-    <checked></checked>
-    <date>96-09-28</date>
-    <rev>A</rev>
-    <file>regexp.sgml</file>
-  </header>
-  <module>regexp</module>
-  <modulesummary>Regular Expression Functions for Strings</modulesummary>
-  <description>
-    <note><p>This module has been obsoleted by the
-    <seealso marker="re">re</seealso> module and will be removed in a future
-    release.</p></note>
-    <p>This module contains functions for regular expression
-      matching and substitution.</p>
-  </description>
-  <datatypes>
-    <datatype>
-      <name name="errordesc"></name>
-    </datatype>
-    <datatype>
-      <name name="regexp"></name>
-      <desc><p>Internal representation of a regular expression.</p></desc>
-    </datatype>
-  </datatypes>
-  <funcs>
-    <func>
-      <name name="match" arity="2"/>
-      <fsummary>Match a regular expression</fsummary>
-      <desc>
-        <p>Finds the first, longest match of the regular expression <c><anno>RegExp</anno></c> in <c><anno>String</anno></c>. This function searches for the longest possible match and returns the first one found if there are several expressions of the same length. It returns as follows:</p>
-        <taglist>
-          <tag><c>{match,<anno>Start</anno>,<anno>Length</anno>}</c></tag>
-          <item>
-            <p>if the match succeeded. <c><anno>Start</anno></c> is the starting
-              position of the match, and <c><anno>Length</anno></c> is the length of
-              the matching string.</p>
-          </item>
-          <tag><c>nomatch</c></tag>
-          <item>
-            <p>if there were no matching characters.</p>
-          </item>
-          <tag><c>{error,<anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there was an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="first_match" arity="2"/>
-      <fsummary>Match a regular expression</fsummary>
-      <desc>
-        <p>Finds the first match of the regular expression <c><anno>RegExp</anno></c> in <c><anno>String</anno></c>. This call is
-          usually faster than <c>match</c> and it is also a useful way to ascertain that a match exists. It returns as follows:</p>
-        <taglist>
-          <tag><c>{match,<anno>Start</anno>,<anno>Length</anno>}</c></tag>
-          <item>
-            <p>if the match succeeded. <c><anno>Start</anno></c> is the starting
-              position of the match and <c><anno>Length</anno></c> is the length of
-              the matching string.</p>
-          </item>
-          <tag><c>nomatch</c></tag>
-          <item>
-            <p>if there were no matching characters.</p>
-          </item>
-          <tag><c>{error,<anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there was an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="matches" arity="2"/>
-      <fsummary>Match a regular expression</fsummary>
-      <desc>
-        <p>Finds all non-overlapping matches of the
-          expression <c><anno>RegExp</anno></c> in <c><anno>String</anno></c>.
-          It returns as follows:</p>
-        <taglist>
-          <tag><c>{match, <anno>Matches</anno>}</c></tag>
-          <item>
-            <p>if the regular expression was correct.
-              The list will be empty if there was no match. Each element in the list looks like <c>{<anno>Start</anno>, <anno>Length</anno>}</c>, where <c><anno>Start</anno></c> is the starting position of the match, and <c><anno>Length</anno></c> is the length of the matching string.</p>
-          </item>
-          <tag><c>{error,<anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there was an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="sub" arity="3"/>
-      <fsummary>Substitute the first occurrence of a regular expression</fsummary>
-      <desc>
-        <p>Substitutes the first occurrence of a substring matching <c><anno>RegExp</anno></c> in <c><anno>String</anno></c> with the string <c><anno>New</anno></c>. A <c><![CDATA[&]]></c> in the string <c><anno>New</anno></c> is replaced by the matched substring of <c><anno>String</anno></c>.  <c><![CDATA[\&]]></c> puts a literal <c><![CDATA[&]]></c> into the replacement string. It returns as follows:</p>
-        <taglist>
-          <tag><c>{ok,<anno>NewString</anno>,<anno>RepCount</anno>}</c></tag>
-          <item>
-            <p>if <c><anno>RegExp</anno></c> is correct. <c><anno>RepCount</anno></c> is the number of replacements which have been made
-              (this will be either 0 or 1).</p>
-          </item>
-          <tag><c>{error, <anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there is an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="gsub" arity="3"/>
-      <fsummary>Substitute all occurrences of a regular expression</fsummary>
-      <desc>
-        <p>The same as <c>sub</c>, except that all non-overlapping
-          occurrences of a substring matching
-          <c><anno>RegExp</anno></c> in <c><anno>String</anno></c> are replaced by the string <c><anno>New</anno></c>. It returns:</p>
-        <taglist>
-          <tag><c>{ok,<anno>NewString</anno>,<anno>RepCount</anno>}</c></tag>
-          <item>
-            <p>if <c><anno>RegExp</anno></c> is correct. <c><anno>RepCount</anno></c> is the number of replacements which have been made.</p>
-          </item>
-          <tag><c>{error, <anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there is an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="split" arity="2"/>
-      <fsummary>Split a string into fields</fsummary>
-      <desc>
-        <p><c><anno>String</anno></c> is split into fields (sub-strings) by the
-          regular expression <c><anno>RegExp</anno></c>.</p>
-        <p>If the separator expression is <c>" "</c> (a single space),
-          then the fields are separated by blanks and/or tabs and
-          leading and trailing blanks and tabs are discarded. For all
-          other values of the separator, leading and trailing blanks
-          and tabs are not discarded. It returns:</p>
-        <taglist>
-          <tag><c>{ok, <anno>FieldList</anno>}</c></tag>
-          <item>
-            <p>to indicate that the string has been split up into the fields of
-              <c><anno>FieldList</anno></c>.</p>
-          </item>
-          <tag><c>{error, <anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there is an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="sh_to_awk" arity="1"/>
-      <fsummary>Convert an <c>sh</c>regular expression into an <c>AWK</c>one</fsummary>
-      <desc>
-        <p>Converts the <c>sh</c> type regular expression
-          <c><anno>ShRegExp</anno></c> into a full <c>AWK</c> regular
-          expression. Returns the converted regular expression
-          string. <c>sh</c> expressions are used in the shell for
-          matching file names and have the following special
-          characters:</p>
-        <taglist>
-          <tag><c>*</c></tag>
-          <item>
-            <p>matches any string including the null string.</p>
-          </item>
-          <tag><c>?</c></tag>
-          <item>
-            <p>matches any single character.</p>
-          </item>
-          <tag><c>[...]</c></tag>
-          <item>
-            <p>matches any of the enclosed characters. Character
-              ranges are specified by a pair of characters separated
-              by a <c>-</c>. If the first character after <c>[</c> is a
-              <c>!</c>, then any character not enclosed is matched.</p>
-          </item>
-        </taglist>
-        <p>It may sometimes be more practical to use <c>sh</c> type
-          expansions as they are simpler and easier to use, even though they are not as powerful.</p>
-      </desc>
-    </func>
-    <func>
-      <name name="parse" arity="1"/>
-      <fsummary>Parse a regular expression</fsummary>
-      <desc>
-        <p>Parses the regular expression <c><anno>RegExp</anno></c> and builds the
-          internal representation used in the other regular expression
-          functions. Such representations can be used in all of the
-          other functions instead of a regular expression string. This
-          is more efficient when the same regular expression is used
-          in many strings. It returns:</p>
-        <taglist>
-          <tag><c>{ok, <anno>RE</anno>}</c></tag>
-          <item>
-            <p>if <c>RegExp</c> is correct and <c><anno>RE</anno></c> is the internal representation.</p>
-          </item>
-          <tag><c>{error, <anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there is an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="format_error" arity="1"/>
-      <fsummary>Format an error descriptor</fsummary>
-      <desc>
-        <p>Returns a string which describes the error <c><anno>ErrorDescriptor</anno></c>
-          returned when there is an error in a regular expression.</p>
-      </desc>
-    </func>
-  </funcs>
-
-  <section>
-    <title>Regular Expressions</title>
-    <p>The regular expressions allowed here is a subset of the set found
-      in <c>egrep</c> and in the <c>AWK</c> programming language, as
-      defined in the book, <c>The AWK Programming Language, by A. V. Aho, B. W. Kernighan, P. J. Weinberger</c>. They are
-      composed of the following characters:</p>
-    <taglist>
-      <tag>c</tag>
-      <item>
-        <p>matches the non-metacharacter <c>c</c>.</p>
-      </item>
-      <tag>\c</tag>
-      <item>
-        <p>matches the escape sequence or literal character <c>c</c>.</p>
-      </item>
-      <tag>.</tag>
-      <item>
-        <p>matches any character.</p>
-      </item>
-      <tag>^</tag>
-      <item>
-        <p>matches the beginning of a string.</p>
-      </item>
-      <tag>$</tag>
-      <item>
-        <p>matches the end of a string.</p>
-      </item>
-      <tag>[abc...]</tag>
-      <item>
-        <p>character class, which matches any of the characters
-          <c>abc...</c> Character ranges are specified by a pair of
-          characters separated by a <c>-</c>.</p>
-      </item>
-      <tag>[^abc...]</tag>
-      <item>
-        <p>negated character class, which matches any character except
-          <c>abc...</c>.</p>
-      </item>
-      <tag>r1 | r2</tag>
-      <item>
-        <p>alternation. It matches either <c>r1</c> or <c>r2</c>.</p>
-      </item>
-      <tag>r1r2</tag>
-      <item>
-        <p>concatenation. It matches <c>r1</c> and then <c>r2</c>.</p>
-      </item>
-      <tag>r+</tag>
-      <item>
-        <p>matches one or more <c>r</c>s.</p>
-      </item>
-      <tag>r*</tag>
-      <item>
-        <p>matches zero or more <c>r</c>s.</p>
-      </item>
-      <tag>r?</tag>
-      <item>
-        <p>matches zero or one <c>r</c>s.</p>
-      </item>
-      <tag>(r)</tag>
-      <item>
-        <p>grouping. It matches <c>r</c>.</p>
-      </item>
-    </taglist>
-    <p>The escape sequences allowed are the same as for Erlang
-      strings:</p>
-    <taglist>
-      <tag><c>\b</c></tag>
-      <item>
-        <p>backspace</p>
-      </item>
-      <tag><c>\f</c></tag>
-      <item>
-        <p>form feed </p>
-      </item>
-      <tag><c>\n</c></tag>
-      <item>
-        <p>newline (line feed) </p>
-      </item>
-      <tag><c>\r</c></tag>
-      <item>
-        <p>carriage return </p>
-      </item>
-      <tag><c>\t</c></tag>
-      <item>
-        <p>tab </p>
-      </item>
-      <tag><c>\e</c></tag>
-      <item>
-        <p>escape </p>
-      </item>
-      <tag><c>\v</c></tag>
-      <item>
-        <p>vertical tab </p>
-      </item>
-      <tag><c>\s</c></tag>
-      <item>
-        <p>space </p>
-      </item>
-      <tag><c>\d</c></tag>
-      <item>
-        <p>delete </p>
-      </item>
-      <tag><c>\ddd</c></tag>
-      <item>
-        <p>the octal value ddd </p>
-      </item>
-      <tag><c>\xhh</c></tag>
-      <item>
-        <p>The hexadecimal value <c>hh</c>.</p>
-      </item>
-      <tag><c>\x{h...}</c></tag>
-      <item>
-        <p>The hexadecimal value <c>h...</c>.</p>
-      </item>
-      <tag><c>\c</c></tag>
-      <item>
-        <p>any other character literally, for example <c>\\</c> for backslash,
-          <c>\"</c> for ")</p>
-      </item>
-    </taglist>
-    <p>To make these functions easier to use, in combination with the
-      function <c>io:get_line</c> which terminates the input line with
-      a new line, the <c>$</c> characters also matches a string ending
-      with <c>"...\n"</c>. The following examples
-      define Erlang data types:</p>
-    <pre>
-Atoms     [a-z][0-9a-zA-Z_]*
-
-Variables [A-Z_][0-9a-zA-Z_]*
-
-Floats    (\+|-)?[0-9]+\.[0-9]+((E|e)(\+|-)?[0-9]+)?</pre>
-    <p>Regular expressions are written as Erlang strings when used with the functions in this module. This means that any <c>\</c> or <c>"</c> characters in a regular expression
-      string must be written with <c>\</c> as they are also escape characters for the string. For example, the regular expression string for Erlang floats is:
-      <c>"(\\+|-)?[0-9]+\\.[0-9]+((E|e)(\\+|-)?[0-9]+)?"</c>.</p>
-    <p>It is not really necessary to have the escape sequences as part of the regular expression syntax as they can always be generated directly in the string. They are included for completeness and can they can also be useful when generating regular expressions, or when they are entered other than with Erlang strings.</p>
-  </section>
-</erlref>
-
diff --git a/lib/stdlib/doc/src/sofs.xml b/lib/stdlib/doc/src/sofs.xml
index 2e7768a1df..37c41501ae 100644
--- a/lib/stdlib/doc/src/sofs.xml
+++ b/lib/stdlib/doc/src/sofs.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>2001</year><year>2011</year>
+      <year>2001</year><year>2012</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -317,7 +317,7 @@
       but is to be preferred since it makes it possible to handle this
       case even more efficiently. Examples of SetFuns:</p>
     <pre>
-{sofs, union}
+fun sofs:union/1
 fun(S) -> sofs:partition(1, S) end
 {external, fun(A) -> A end}
 {external, fun({A,_,C}) -> {C,A} end}
@@ -711,7 +711,7 @@ fun(S) -> sofs:partition(1, S) end
           argument.</p>
         <pre>
 1> <input>F1 = sofs:from_term([{a,[[1,2],[2,3]]},{b,[[]]}]),</input>
-<input>F2 = sofs:family_projection({sofs, union}, F1),</input>
+<input>F2 = sofs:family_projection(fun sofs:union/1, F1),</input>
 <input>sofs:to_external(F2).</input>
 [{a,[1,2,3]},{b,[]}]</pre>
       </desc>
@@ -821,7 +821,7 @@ fun(S) -> sofs:partition(1, S) end
 <input>sofs:to_external(F2).</input>
 [{a,[1,2,3]},{b,[]}]</pre>
         <p><c>family_union(F)</c> is equivalent to
-          <c>family_projection({sofs,union},&nbsp;F)</c>.</p>
+          <c>family_projection(fun sofs:union/1,&nbsp;F)</c>.</p>
       </desc>
     </func>
     <func>
@@ -1438,7 +1438,7 @@ true</pre>
 1> <input>R1 = sofs:relation([{a,1},{b,2}]),</input>
 <input>R2 = sofs:relation([{x,1},{x,2},{y,3}]),</input>
 <input>S1 = sofs:from_sets([R1,R2]),</input>
-<input>S2 = sofs:specification({sofs,is_a_function}, S1),</input>
+<input>S2 = sofs:specification(fun sofs:is_a_function/1, S1),</input>
 <input>sofs:to_external(S2).</input>
 [[{a,1},{b,2}]]</pre>
       </desc>
diff --git a/lib/stdlib/doc/src/specs.xml b/lib/stdlib/doc/src/specs.xml
index 98338b5ec2..49c60529d2 100644
--- a/lib/stdlib/doc/src/specs.xml
+++ b/lib/stdlib/doc/src/specs.xml
@@ -46,7 +46,6 @@
   <xi:include href="../specs/specs_queue.xml"/>
   <xi:include href="../specs/specs_random.xml"/>
   <xi:include href="../specs/specs_re.xml"/>
-  <xi:include href="../specs/specs_regexp.xml"/>
   <xi:include href="../specs/specs_sets.xml"/>
   <xi:include href="../specs/specs_shell.xml"/>
   <xi:include href="../specs/specs_shell_default.xml"/>
diff --git a/lib/stdlib/doc/src/supervisor.xml b/lib/stdlib/doc/src/supervisor.xml
index 73df7183e6..d1e62230bc 100644
--- a/lib/stdlib/doc/src/supervisor.xml
+++ b/lib/stdlib/doc/src/supervisor.xml
@@ -127,25 +127,18 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
         <p><c>StartFunc</c> defines the function call used to start
           the child process. It should be a module-function-arguments
           tuple <c>{M,F,A}</c> used as <c>apply(M,F,A)</c>.</p>
-        <p>          <br></br>
-</p>
         <p>The start function <em>must create and link to</em> the child
           process, and should return <c>{ok,Child}</c> or
           <c>{ok,Child,Info}</c> where <c>Child</c> is the pid of
           the child process and <c>Info</c> an arbitrary term which is
           ignored by the supervisor.</p>
-        <p>          <br></br>
-</p>
         <p>The start function can also return <c>ignore</c> if the child
           process for some reason cannot be started, in which case
-          the child specification will be kept by the supervisor but
-          the non-existing child process will be ignored.</p>
-        <p>          <br></br>
-</p>
+          the child specification will be kept by the supervisor
+	  (unless it is a temporary child) but the non-existing child
+	  process will be ignored.</p>
         <p>If something goes wrong, the function may also return an
           error tuple <c>{error,Error}</c>.</p>
-        <p>          <br></br>
-</p>
         <p>Note that the <c>start_link</c> functions of the different
           behaviour modules fulfill the above requirements.</p>
       </item>
diff --git a/lib/stdlib/doc/src/unicode_usage.xml b/lib/stdlib/doc/src/unicode_usage.xml
index 0fa7de0a5c..a7e010a05f 100644
--- a/lib/stdlib/doc/src/unicode_usage.xml
+++ b/lib/stdlib/doc/src/unicode_usage.xml
@@ -59,7 +59,7 @@
 <title>Standard Unicode representation in Erlang</title>
 <p>In Erlang, strings are actually lists of integers. A string is defined to be encoded in the ISO-latin-1 (ISO8859-1) character set, which is, codepoint by codepoint, a sub-range of the Unicode character set.</p>
 <p>The standard list encoding for strings is therefore easily extendible to cope with the whole Unicode range: A Unicode string in Erlang is simply a list containing integers, each integer being a valid Unicode codepoint and representing one character in the Unicode character set.</p>
-<p>Regular Erlang strings in ISO-latin-1 are a subset of there Unicode strings.</p>
+<p>Regular Erlang strings in ISO-latin-1 are a subset of their Unicode strings.</p>
 
 <p>Binaries on the other hand are more troublesome. For performance reasons, programs often store textual data in binaries instead of lists, mainly because they are more compact (one byte per character instead of two words per character, as is the case with lists). Using erlang:list_to_binary/1, an regular Erlang string can be converted into a binary, effectively using the ISO-latin-1 encoding in the binary - one byte per character. This is very convenient for those regular Erlang strings, but cannot be done for Unicode lists.</p>
 <p>As the UTF-8 encoding is widely spread and provides the most compact storage, it is selected as the standard encoding of Unicode characters in binaries for Erlang.</p>
diff --git a/lib/stdlib/src/Makefile b/lib/stdlib/src/Makefile
index 600303d7e1..90e239b00f 100644
--- a/lib/stdlib/src/Makefile
+++ b/lib/stdlib/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1996-2010. All Rights Reserved.
+# Copyright Ericsson AB 1996-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -105,7 +105,6 @@ MODULES= \
 	qlc_pt \
 	queue \
 	random \
-	regexp \
 	sets \
 	shell \
 	shell_default \
diff --git a/lib/stdlib/src/erl_eval.erl b/lib/stdlib/src/erl_eval.erl
index 88a0094d57..95ba6b1096 100644
--- a/lib/stdlib/src/erl_eval.erl
+++ b/lib/stdlib/src/erl_eval.erl
@@ -341,7 +341,7 @@ expr({call,_,{remote,_,Mod,Func},As0}, Bs0, Lf, Ef, RBs) ->
         true ->
             bif(F, As, Bs3, Ef, RBs);
         false ->
-            do_apply({M,F}, As, Bs3, Ef, RBs)
+            do_apply(M, F, As, Bs3, Ef, RBs)
     end;
 expr({call,_,{atom,_,Func},As0}, Bs0, Lf, Ef, RBs) ->
     case erl_internal:bif(Func, length(As0)) of
@@ -499,11 +499,11 @@ local_func2({eval,F,As,Bs}, RBs) -> % This reply is not documented.
 bif(apply, [erlang,apply,As], Bs, Ef, RBs) ->
     bif(apply, As, Bs, Ef, RBs);
 bif(apply, [M,F,As], Bs, Ef, RBs) ->
-    do_apply({M,F}, As, Bs, Ef, RBs);
+    do_apply(M, F, As, Bs, Ef, RBs);
 bif(apply, [F,As], Bs, Ef, RBs) ->
     do_apply(F, As, Bs, Ef, RBs);
 bif(Name, As, Bs, Ef, RBs) ->
-    do_apply({erlang,Name}, As, Bs, Ef, RBs).
+    do_apply(erlang, Name, As, Bs, Ef, RBs).
 
 %% do_apply(MF, Arguments, Bindings, ExternalFuncHandler, RBs) ->
 %%	{value,Value,Bindings} | Value when
@@ -563,6 +563,19 @@ do_apply(Func, As, Bs0, Ef, RBs) ->
             ret_expr(F(Func, As), Bs0, RBs)
     end.
 
+do_apply(Mod, Func, As, Bs0, Ef, RBs) ->
+    case Ef of
+        none when RBs =:= value ->
+            %% Make tail recursive calls when possible.
+            apply(Mod, Func, As);
+        none ->
+            ret_expr(apply(Mod, Func, As), Bs0, RBs);
+        {value,F} when RBs =:= value ->
+            F({Mod,Func}, As);
+        {value,F} ->
+            ret_expr(F({Mod,Func}, As), Bs0, RBs)
+    end.
+
 %% eval_lc(Expr, [Qualifier], Bindings, LocalFunctionHandler, 
 %%         ExternalFuncHandler, RetBindings) ->
 %%	{value,Value,Bindings} | Value
@@ -731,10 +744,10 @@ expr_list([], Vs, _, Bs, _Lf, _Ef) ->
     {reverse(Vs),Bs}.
 
 eval_op(Op, Arg1, Arg2, Bs, Ef, RBs) ->
-    do_apply({erlang,Op}, [Arg1,Arg2], Bs, Ef, RBs).
+    do_apply(erlang, Op, [Arg1,Arg2], Bs, Ef, RBs).
 
 eval_op(Op, Arg, Bs, Ef, RBs) ->
-    do_apply({erlang,Op}, [Arg], Bs, Ef, RBs).
+    do_apply(erlang, Op, [Arg], Bs, Ef, RBs).
 
 %% if_clauses(Clauses, Bindings, LocalFuncHandler, ExtFuncHandler, RBs)
 
@@ -920,8 +933,9 @@ guard0([], _Bs, _Lf, _Ef) -> true.
 
 guard_test({call,L,{atom,Ln,F},As0}, Bs0, Lf, Ef) ->
     TT = type_test(F),
-    guard_test({call,L,{tuple,Ln,[{atom,Ln,erlang},{atom,Ln,TT}]},As0},
-               Bs0, Lf, Ef);
+    G = {call,L,{atom,Ln,TT},As0},
+    try {value,true,_} = expr(G, Bs0, Lf, Ef, none)
+    catch error:_ -> {value,false,Bs0} end;
 guard_test({call,L,{remote,_Lr,{atom,_Lm,erlang},{atom,_Lf,_F}=T},As0}, 
            Bs0, Lf, Ef) ->
     guard_test({call,L,T,As0}, Bs0, Lf, Ef);
@@ -933,7 +947,6 @@ type_test(integer) -> is_integer;
 type_test(float) -> is_float;
 type_test(number) -> is_number;
 type_test(atom) -> is_atom;
-type_test(constant) -> is_constant;
 type_test(list) -> is_list;
 type_test(tuple) -> is_tuple;
 type_test(pid) -> is_pid;
diff --git a/lib/stdlib/src/erl_expand_records.erl b/lib/stdlib/src/erl_expand_records.erl
index 20fd247cea..1c69a131f9 100644
--- a/lib/stdlib/src/erl_expand_records.erl
+++ b/lib/stdlib/src/erl_expand_records.erl
@@ -452,8 +452,10 @@ conj([], _E) ->
 conj([{{Name,_Rp},L,R,Sz} | AL], E) ->
     NL = neg_line(L),
     T1 = {op,NL,'orelse',
-          {call,NL,{atom,NL,is_record},[R,{atom,NL,Name},{integer,NL,Sz}]},
-          {atom,NL,fail}},
+          {call,NL,
+	   {remote,NL,{atom,NL,erlang},{atom,NL,is_record}},
+	   [R,{atom,NL,Name},{integer,NL,Sz}]},
+	  {atom,NL,fail}},
     T2 = case conj(AL, none) of
         empty -> T1;
         C -> {op,NL,'and',C,T1}
@@ -581,7 +583,9 @@ strict_get_record_field(Line, R, {atom,_,F}=Index, Name, St0) ->
             ExpRp = erl_lint:modify_line(ExpR, fun(_L) -> 0 end),
             RA = {{Name,ExpRp},Line,ExpR,length(Fs)+1},
             St2 = St1#exprec{strict_ra = [RA | St1#exprec.strict_ra]},
-            {{call,Line,{atom,Line,element},[I,ExpR]},St2}
+            {{call,Line,
+	      {remote,Line,{atom,Line,erlang},{atom,Line,element}},
+	      [I,ExpR]},St2}
     end.
 
 record_pattern(I, I, Var, Sz, Line, Acc) ->
@@ -593,7 +597,9 @@ record_pattern(_, _, _, _, _, Acc) -> reverse(Acc).
 sloppy_get_record_field(Line, R, Index, Name, St) ->
     Fs = record_fields(Name, St),
     I = index_expr(Line, Index, Name, Fs),
-    expr({call,Line,{atom,Line,element},[I,R]}, St).
+    expr({call,Line,
+	  {remote,Line,{atom,Line,erlang},{atom,Line,element}},
+	  [I,R]}, St).
 
 strict_record_tests([strict_record_tests | _]) -> true;
 strict_record_tests([no_strict_record_tests | _]) -> false;
@@ -710,7 +716,8 @@ record_setel(R, Name, Fs, Us0) ->
     {'case',Lr,R,
      [{clause,Lr,[{tuple,Lr,[{atom,Lr,Name} | Wildcards]}],[],
        [foldr(fun ({I,Lf,Val}, Acc) ->
-                      {call,Lf,{atom,Lf,setelement},[I,Acc,Val]} end,
+                      {call,Lf,{remote,Lf,{atom,Lf,erlang},
+				{atom,Lf,setelement}},[I,Acc,Val]} end,
               R, Us)]},
       {clause,NLr,[{var,NLr,'_'}],[],
        [call_error(NLr, {tuple,NLr,[{atom,NLr,badrecord},{atom,NLr,Name}]})]}]}.
diff --git a/lib/stdlib/src/erl_lint.erl b/lib/stdlib/src/erl_lint.erl
index 5d45260fe9..a1af0057ca 100644
--- a/lib/stdlib/src/erl_lint.erl
+++ b/lib/stdlib/src/erl_lint.erl
@@ -1804,12 +1804,19 @@ guard_test(G, Vt, St0) ->
 %% Specially handle record type test here.
 guard_test2({call,Line,{atom,Lr,record},[E,A]}, Vt, St0) ->
     gexpr({call,Line,{atom,Lr,is_record},[E,A]}, Vt, St0);
-guard_test2({call,_Line,{atom,_La,F},As}=G, Vt, St0) ->
+guard_test2({call,Line,{atom,_La,F},As}=G, Vt, St0) ->
     {Asvt,St1} = gexpr_list(As, Vt, St0),       %Always check this.
     A = length(As),
     case erl_internal:type_test(F, A) of
-        true when F =/= is_record -> {Asvt,St1};
-        _ -> gexpr(G, Vt, St0)
+        true when F =/= is_record, A =/= 2 ->
+	    case no_guard_bif_clash(St1, {F,A}) of
+		false ->
+		    {Asvt,add_error(Line, {illegal_guard_local_call,{F,A}}, St1)};
+		true ->
+		    {Asvt,St1}
+	    end;
+	_ ->
+	    gexpr(G, Vt, St0)
     end;
 guard_test2(G, Vt, St) ->
     %% Everything else is a guard expression.
@@ -1865,9 +1872,15 @@ gexpr({call,Line,{atom,_Lr,is_record},[E,R]}, Vt, St0) ->
 gexpr({call,Line,{remote,_Lr,{atom,_Lm,erlang},{atom,Lf,is_record}},[E,A]},
       Vt, St0) ->
     gexpr({call,Line,{atom,Lf,is_record},[E,A]}, Vt, St0);
-gexpr({call,_Line,{atom,_Lr,is_record},[E,{atom,_,_Name},{integer,_,_}]},
+gexpr({call,Line,{atom,_Lr,is_record},[E0,{atom,_,_Name},{integer,_,_}]},
       Vt, St0) ->
-    gexpr(E, Vt, St0);
+    {E,St1} = gexpr(E0, Vt, St0),
+    case no_guard_bif_clash(St0, {is_record,3}) of
+	true ->
+	    {E,St1};
+	false ->
+	    {E,add_error(Line, {illegal_guard_local_call,{is_record,3}}, St1)}
+    end;
 gexpr({call,Line,{atom,_Lr,is_record},[_,_,_]=Asvt0}, Vt, St0) ->
     {Asvt,St1} = gexpr_list(Asvt0, Vt, St0),
     {Asvt,add_error(Line, illegal_guard_expr, St1)};
@@ -2767,12 +2780,6 @@ default_types() ->
 		{var, 1}],
     dict:from_list([{T, -1} || T <- DefTypes]).
 
-%% R12B-5
-is_newly_introduced_builtin_type({module, 0}) -> true;
-is_newly_introduced_builtin_type({node, 0}) -> true;
-is_newly_introduced_builtin_type({nonempty_string, 0}) -> true;
-is_newly_introduced_builtin_type({term, 0}) -> true;
-is_newly_introduced_builtin_type({timeout, 0}) -> true;
 %% R13
 is_newly_introduced_builtin_type({arity, 0}) -> true;
 is_newly_introduced_builtin_type({array, 0}) -> true; % opaque
@@ -3429,17 +3436,11 @@ obsolete_guard({call,Line,{atom,Lr,F},As}, St0) ->
 	false ->
 	    deprecated_function(Line, erlang, F, As, St0);
 	true ->
-	    St1 = case F of
-		      constant ->
-			  deprecated_function(Lr, erlang, is_constant, As, St0);
-		      _ ->
-			  St0
-		  end,
-	    case is_warn_enabled(obsolete_guard, St1) of
+	    case is_warn_enabled(obsolete_guard, St0) of
 		true ->
-		    add_warning(Lr,{obsolete_guard, {F, Arity}}, St1);
+		    add_warning(Lr,{obsolete_guard, {F, Arity}}, St0);
 		false ->
-		    St1
+		    St0
 	    end
     end;
 obsolete_guard(_G, St) ->
diff --git a/lib/stdlib/src/error_logger_file_h.erl b/lib/stdlib/src/error_logger_file_h.erl
index ee4f0b3a51..08f1873803 100644
--- a/lib/stdlib/src/error_logger_file_h.erl
+++ b/lib/stdlib/src/error_logger_file_h.erl
@@ -104,7 +104,7 @@ code_change(_OldVsn, State, _Extra) ->
 %%% ------------------------------------------------------
 
 tag_event(Event) ->    
-    {erlang:localtime(), Event}.
+    {erlang:universaltime(), Event}.
 
 write_events(Fd, Events) -> write_events1(Fd, lists:reverse(Events)).
 
@@ -169,23 +169,18 @@ write_event(_, _) ->
 
 maybe_utc(Time) ->
     UTC = case application:get_env(sasl, utc_log) of
-              {ok, Val} ->
-                  Val;
+              {ok, Val} -> Val;
               undefined ->
                   %% Backwards compatible:
                   case application:get_env(stdlib, utc_log) of
-                      {ok, Val} ->
-                          Val;
-                      undefined ->
-                          false
+                      {ok, Val} -> Val;
+                      undefined -> false
                   end
           end,
-    if
-        UTC =:= true ->
-            {utc, calendar:local_time_to_universal_time(Time)};
-        true -> 
-            Time
-    end.
+    maybe_utc(Time, UTC).
+
+maybe_utc(Time, true) -> {utc, Time};
+maybe_utc(Time, _) -> {local, calendar:universal_time_to_local_time(Time)}.
 
 format_report(Rep) when is_list(Rep) ->
     case string_p(Rep) of
@@ -238,7 +233,7 @@ write_time(Time) -> write_time(Time, "ERROR REPORT").
 write_time({utc,{{Y,Mo,D},{H,Mi,S}}}, Type) ->
     io_lib:format("~n=~s==== ~p-~s-~p::~s:~s:~s UTC ===~n",
 		  [Type,D,month(Mo),Y,t(H),t(Mi),t(S)]);
-write_time({{Y,Mo,D},{H,Mi,S}}, Type) ->
+write_time({local, {{Y,Mo,D},{H,Mi,S}}}, Type) ->
     io_lib:format("~n=~s==== ~p-~s-~p::~s:~s:~s ===~n",
 		  [Type,D,month(Mo),Y,t(H),t(Mi),t(S)]).
 
diff --git a/lib/stdlib/src/error_logger_tty_h.erl b/lib/stdlib/src/error_logger_tty_h.erl
index fa13fbb2bd..48e069a407 100644
--- a/lib/stdlib/src/error_logger_tty_h.erl
+++ b/lib/stdlib/src/error_logger_tty_h.erl
@@ -97,7 +97,7 @@ set_group_leader() ->
     end.
 
 tag_event(Event) ->    
-    {erlang:localtime(), Event}.
+    {erlang:universaltime(), Event}.
 
 write_events(Events,IOMod) -> write_events1(lists:reverse(Events),IOMod).
 
@@ -162,23 +162,18 @@ write_event({_Time, _Error},_IOMod) ->
 
 maybe_utc(Time) ->
     UTC = case application:get_env(sasl, utc_log) of
-              {ok, Val} ->
-                  Val;
+              {ok, Val} -> Val;
               undefined ->
                   %% Backwards compatible:
                   case application:get_env(stdlib, utc_log) of
-                      {ok, Val} ->
-                          Val;
-                      undefined ->
-                          false
+                      {ok, Val} -> Val;
+                      undefined -> false
                   end
           end,
-    if
-        UTC =:= true ->
-            {utc, calendar:local_time_to_universal_time(Time)};
-        true -> 
-            Time
-    end.
+    maybe_utc(Time, UTC).
+
+maybe_utc(Time, true) -> {utc, Time};
+maybe_utc(Time, _) -> {local, calendar:universal_time_to_local_time(Time)}.
 
 format(IOMod, String)       -> format(IOMod, String, []).
 format(io_lib, String, Args) -> io_lib:format(String, Args);
@@ -234,7 +229,7 @@ write_time(Time) -> write_time(Time, "ERROR REPORT").
 write_time({utc,{{Y,Mo,D},{H,Mi,S}}},Type) ->
     io_lib:format("~n=~s==== ~p-~s-~p::~s:~s:~s UTC ===~n",
 		  [Type,D,month(Mo),Y,t(H),t(Mi),t(S)]);
-write_time({{Y,Mo,D},{H,Mi,S}},Type) ->
+write_time({local, {{Y,Mo,D},{H,Mi,S}}},Type) ->
     io_lib:format("~n=~s==== ~p-~s-~p::~s:~s:~s ===~n",
 		  [Type,D,month(Mo),Y,t(H),t(Mi),t(S)]).
 
diff --git a/lib/stdlib/src/filename.erl b/lib/stdlib/src/filename.erl
index 2fc9128e4e..dbfcbea4f7 100644
--- a/lib/stdlib/src/filename.erl
+++ b/lib/stdlib/src/filename.erl
@@ -836,16 +836,18 @@ try_file(undefined, ObjFilename, Mod, Rules) ->
 	Error -> Error
     end;
 try_file(Src, _ObjFilename, Mod, _Rules) ->
-    List = Mod:module_info(compile),
-    {options, Options} = lists:keyfind(options, 1, List),
+    List = case Mod:module_info(compile) of
+	       none -> [];
+	       List0 -> List0
+	   end,
+    Options = proplists:get_value(options, List, []),
     {ok, Cwd} = file:get_cwd(),
     AbsPath = make_abs_path(Cwd, Src),
     {AbsPath, filter_options(dirname(AbsPath), Options, [])}.
 
 %% Filters the options.
 %%
-%% 1) Remove options that have no effect on the generated code,
-%%    such as report and verbose.
+%% 1) Only keep options that have any effect on code generation.
 %%
 %% 2) The paths found in {i, Path} and {outdir, Path} are converted
 %%    to absolute paths.  When doing this, it is assumed that relatives
@@ -857,14 +859,10 @@ filter_options(Base, [{outdir, Path}|Rest], Result) ->
     filter_options(Base, Rest, [{outdir, make_abs_path(Base, Path)}|Result]);
 filter_options(Base, [{i, Path}|Rest], Result) ->
     filter_options(Base, Rest, [{i, make_abs_path(Base, Path)}|Result]);
-filter_options(Base, [Option|Rest], Result) when Option =:= trace ->
-    filter_options(Base, Rest, [Option|Result]);
 filter_options(Base, [Option|Rest], Result) when Option =:= export_all ->
     filter_options(Base, Rest, [Option|Result]);
 filter_options(Base, [Option|Rest], Result) when Option =:= binary ->
     filter_options(Base, Rest, [Option|Result]);
-filter_options(Base, [Option|Rest], Result) when Option =:= fast ->
-    filter_options(Base, Rest, [Option|Result]);
 filter_options(Base, [Tuple|Rest], Result) when element(1, Tuple) =:= d ->
     filter_options(Base, Rest, [Tuple|Result]);
 filter_options(Base, [Tuple|Rest], Result)
@@ -878,12 +876,7 @@ filter_options(_Base, [], Result) ->
 %% Gets the source file given path of object code and module name.
 
 get_source_file(Obj, Mod, Rules) ->
-    case catch Mod:module_info(source_file) of
-	{'EXIT', _Reason} ->
-	    source_by_rules(dirname(Obj), packages:last(Mod), Rules);
-	File ->
-	    {ok, File}
-    end.
+    source_by_rules(dirname(Obj), packages:last(Mod), Rules).
 
 source_by_rules(Dir, Base, [{From, To}|Rest]) ->
     case try_rule(Dir, Base, From, To) of
diff --git a/lib/stdlib/src/gen_event.erl b/lib/stdlib/src/gen_event.erl
index 343eb7d4e4..ca05df20c0 100644
--- a/lib/stdlib/src/gen_event.erl
+++ b/lib/stdlib/src/gen_event.erl
@@ -70,7 +70,8 @@
 
 -callback init(InitArgs :: term()) ->
     {ok, State :: term()} |
-    {ok, State :: term(), hibernate}.
+    {ok, State :: term(), hibernate} |
+    {error, Reason :: term()}.
 -callback handle_event(Event :: term(), State :: term()) ->
     {ok, NewState :: term()} |
     {ok, NewState :: term(), hibernate} |
diff --git a/lib/stdlib/src/gen_fsm.erl b/lib/stdlib/src/gen_fsm.erl
index 8d43846c92..51dc0bcee2 100644
--- a/lib/stdlib/src/gen_fsm.erl
+++ b/lib/stdlib/src/gen_fsm.erl
@@ -338,7 +338,7 @@ name_to_pid(Name) ->
 	undefined ->
 	    case global:whereis_name(Name) of
 		undefined ->
-		    exit(could_not_find_registerd_name);
+		    exit(could_not_find_registered_name);
 		Pid ->
 		    Pid
 	    end;
diff --git a/lib/stdlib/src/gen_server.erl b/lib/stdlib/src/gen_server.erl
index 244795df9f..b384e8baf7 100644
--- a/lib/stdlib/src/gen_server.erl
+++ b/lib/stdlib/src/gen_server.erl
@@ -134,7 +134,7 @@
     term().
 -callback code_change(OldVsn :: (term() | {down, term()}), State :: term(),
                       Extra :: term()) ->
-    {ok, NewState :: term()}.
+    {ok, NewState :: term()} | {error, Reason :: term()}.
 
 %%%  -----------------------------------------------------------------
 %%% Starts a generic server.
@@ -863,7 +863,7 @@ name_to_pid(Name) ->
 	undefined ->
 	    case global:whereis_name(Name) of
 		undefined ->
-		    exit(could_not_find_registerd_name);
+		    exit(could_not_find_registered_name);
 		Pid ->
 		    Pid
 	    end;
diff --git a/lib/stdlib/src/ms_transform.erl b/lib/stdlib/src/ms_transform.erl
index 63b397f3a5..4389fd457c 100644
--- a/lib/stdlib/src/ms_transform.erl
+++ b/lib/stdlib/src/ms_transform.erl
@@ -881,7 +881,6 @@ translate_language_element(Atom) ->
     end.
 
 old_bool_test(atom,1) -> is_atom;
-old_bool_test(constant,1) -> is_constant;
 old_bool_test(float,1) -> is_float;
 old_bool_test(integer,1) -> is_integer;
 old_bool_test(list,1) -> is_list;
@@ -896,7 +895,6 @@ old_bool_test(record,2) -> is_record;
 old_bool_test(_,_) -> undefined.
 
 bool_test(is_atom,1) -> true;
-bool_test(is_constant,1) -> true;
 bool_test(is_float,1) -> true;
 bool_test(is_integer,1) -> true;
 bool_test(is_list,1) -> true;
diff --git a/lib/stdlib/src/otp_internal.erl b/lib/stdlib/src/otp_internal.erl
index c1285dab60..b9fbef9ed0 100644
--- a/lib/stdlib/src/otp_internal.erl
+++ b/lib/stdlib/src/otp_internal.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -41,37 +41,12 @@ obsolete(Module, Name, Arity) ->
 	    no
     end.
 
-obsolete_1(init, get_flag, 1) ->
-    {removed, {init, get_argument, 1}, "R12B"};
-obsolete_1(init, get_flags, 0) ->
-    {removed, {init, get_arguments, 0}, "R12B"};
-obsolete_1(init, get_args, 0) ->
-    {removed, {init, get_plain_arguments, 0}, "R12B"};
-obsolete_1(unix, cmd, 1) ->
-    {removed, {os,cmd,1}, "R9B"};
-
 obsolete_1(net, _, _) ->
     {deprecated, "module 'net' obsolete; use 'net_adm'"};
 
 obsolete_1(erl_internal, builtins, 0) ->
     {deprecated, {erl_internal, bif, 2}};
 
-obsolete_1(string, re_sh_to_awk, 1) ->
-    {removed, {regexp, sh_to_awk, 1}, "R12B"};
-obsolete_1(string, re_parse, 1) ->
-    {removed, {regexp, parse, 1}, "R12B"};
-obsolete_1(string, re_match, 2) ->
-    {removed, {regexp, match, 2}, "R12B"};
-obsolete_1(string, re_sub, 3) ->
-    {removed, {regexp, sub, 3}, "R12B"};
-obsolete_1(string, re_gsub, 3) ->
-    {removed, {regexp, gsub, 3}, "R12B"};
-obsolete_1(string, re_split, 2) ->
-    {removed, {regexp, split, 2}, "R12B"};
-
-obsolete_1(string, index, 2) ->
-    {removed, {string, str, 2}, "R12B"};
-
 obsolete_1(erl_eval, seq, 2) ->
     {deprecated, {erl_eval, exprs, 2}};
 obsolete_1(erl_eval, seq, 3) ->
@@ -81,99 +56,9 @@ obsolete_1(erl_eval, arg_list, 2) ->
 obsolete_1(erl_eval, arg_list, 3) ->
     {deprecated, {erl_eval, expr_list, 3}};
 
-obsolete_1(erl_pp, seq, 1) ->
-    {removed, {erl_pp, exprs, 1}, "R12B"};
-obsolete_1(erl_pp, seq, 2) ->
-    {removed, {erl_pp, exprs, 2}, "R12B"};
-
-obsolete_1(io, scan_erl_seq, 1) ->
-    {removed, {io, scan_erl_exprs, 1}, "R12B"};
-obsolete_1(io, scan_erl_seq, 2) ->
-    {removed, {io, scan_erl_exprs, 2}, "R12B"};
-obsolete_1(io, scan_erl_seq, 3) ->
-    {removed, {io, scan_erl_exprs, 3}, "R12B"};
-obsolete_1(io, parse_erl_seq, 1) ->
-    {removed, {io, parse_erl_exprs, 1}, "R12B"};
-obsolete_1(io, parse_erl_seq, 2) ->
-    {removed, {io, parse_erl_exprs, 2}, "R12B"};
-obsolete_1(io, parse_erl_seq, 3) ->
-    {removed, {io, parse_erl_exprs, 3}, "R12B"};
-obsolete_1(io, parse_exprs, 2) ->
-    {removed, {io, parse_erl_exprs, 2}, "R12B"};
-
-obsolete_1(io_lib, scan, 1) ->
-    {removed, {erl_scan, string, 1}, "R12B"};
-obsolete_1(io_lib, scan, 2) ->
-    {removed, {erl_scan, string, 2}, "R12B"};
-obsolete_1(io_lib, scan, 3) ->
-    {removed, {erl_scan, tokens, 3}, "R12B"};
-obsolete_1(io_lib, reserved_word, 1) ->
-    {removed, {erl_scan, reserved_word, 1}, "R12B"};
-
-obsolete_1(lists, keymap, 4) ->
-    {removed, {lists, keymap, 3}, "R12B"};
-obsolete_1(lists, all, 3) ->
-    {removed, {lists, all, 2}, "R12B"};
-obsolete_1(lists, any, 3) ->
-    {removed, {lists, any, 2}, "R12B"};
-obsolete_1(lists, map, 3) ->
-    {removed, {lists, map, 2}, "R12B"};
-obsolete_1(lists, flatmap, 3) ->
-    {removed, {lists, flatmap, 2}, "R12B"};
-obsolete_1(lists, foldl, 4) ->
-    {removed, {lists, foldl, 3}, "R12B"};
-obsolete_1(lists, foldr, 4) ->
-    {removed, {lists, foldr, 3}, "R12B"};
-obsolete_1(lists, mapfoldl, 4) ->
-    {removed, {lists, mapfoldl, 3}, "R12B"};
-obsolete_1(lists, mapfoldr, 4) ->
-    {removed, {lists, mapfoldr, 3}, "R12B"};
-obsolete_1(lists, filter, 3) ->
-    {removed, {lists, filter, 2}, "R12B"};
-obsolete_1(lists, foreach, 3) ->
-    {removed, {lists, foreach, 2}, "R12B"};
-obsolete_1(lists, zf, 3) ->
-    {removed, {lists, zf, 2}, "R12B"};
-
-obsolete_1(ets, fixtable, 2) ->
-    {removed, {ets, safe_fixtable, 2}, "R12B"};
-
-obsolete_1(erlang, old_binary_to_term, 1) ->
-    {removed, {erlang, binary_to_term, 1}, "R12B"};
-obsolete_1(erlang, info, 1) ->
-    {removed, {erlang, system_info, 1}, "R12B"};
 obsolete_1(erlang, hash, 2) ->
     {deprecated, {erlang, phash2, 2}};
 
-obsolete_1(file, file_info, 1) ->
-    {removed, {file, read_file_info, 1}, "R12B"};
-
-obsolete_1(dict, dict_to_list, 1) ->
-    {removed, {dict,to_list,1}, "R12B"};
-obsolete_1(dict, list_to_dict, 1) ->
-    {removed, {dict,from_list,1}, "R12B"};
-obsolete_1(orddict, dict_to_list, 1) ->
-    {removed, {orddict,to_list,1}, "R12B"};
-obsolete_1(orddict, list_to_dict, 1) ->
-    {removed, {orddict,from_list,1}, "R12B"};
-
-obsolete_1(sets, new_set, 0) ->
-    {removed, {sets, new, 0}, "R12B"};
-obsolete_1(sets, set_to_list, 1) ->
-    {removed, {sets, to_list, 1}, "R12B"};
-obsolete_1(sets, list_to_set, 1) ->
-    {removed, {sets, from_list, 1}, "R12B"};
-obsolete_1(sets, subset, 2) ->
-    {removed, {sets, is_subset, 2}, "R12B"};
-obsolete_1(ordsets, new_set, 0) ->
-    {removed, {ordsets, new, 0}, "R12B"};
-obsolete_1(ordsets, set_to_list, 1) ->
-    {removed, {ordsets, to_list, 1}, "R12B"};
-obsolete_1(ordsets, list_to_set, 1) ->
-    {removed, {ordsets, from_list, 1}, "R12B"};
-obsolete_1(ordsets, subset, 2) ->
-    {removed, {ordsets, is_subset, 2}, "R12B"};
-
 obsolete_1(calendar, local_time_to_universal_time, 1) ->
     {deprecated, {calendar, local_time_to_universal_time_dst, 1}};
 
@@ -302,17 +187,6 @@ obsolete_1(auth, node_cookie, 1) ->
 obsolete_1(auth, node_cookie, 2) ->
     {deprecated, "Deprecated; use erlang:set_cookie/2 and net_adm:ping/1 instead"};
 
-%% Added in R11B-5.
-obsolete_1(http_base_64, _, _) ->
-    {removed, "The http_base_64 module was removed in R12B; use the base64 module instead"};
-obsolete_1(httpd_util, encode_base64, 1) ->
-    {removed, "Removed in R12B; use one of the encode functions in the base64 module instead"};
-obsolete_1(httpd_util, decode_base64, 1) ->
-    {removed, "Removed in R12B; use one of the decode functions in the base64 module instead"};
-obsolete_1(httpd_util, to_upper, 1) ->
-    {removed, {string, to_upper, 1}, "R12B"};
-obsolete_1(httpd_util, to_lower, 1) ->
-    {removed, {string, to_lower, 1}, "R12B"};
 obsolete_1(erlang, is_constant, 1) ->
     {removed, "Removed in R13B"};
 
@@ -431,7 +305,7 @@ obsolete_1(ssh_sshd, stop, 1) ->
 
 %% Added in R13A.
 obsolete_1(regexp, _, _) ->
-    {deprecated, "the regexp module is deprecated (will be removed in R15A); use the re module instead"};
+    {removed, "removed in R15; use the re module instead"};
 
 obsolete_1(lists, flat_length, 1) ->
     {removed,{lists,flatlength,1},"R14"};
@@ -463,20 +337,31 @@ obsolete_1(public_key, decode_private_key, A) when A =:= 1; A =:= 2 ->
 
 %% Added in R14B03.
 obsolete_1(docb_gen, _, _) ->
-    {deprecated,"the DocBuilder application is deprecated (will be removed in R15B)"};
+    {removed,"the DocBuilder application was removed in R15B"};
 obsolete_1(docb_transform, _, _) ->
-    {deprecated,"the DocBuilder application is deprecated (will be removed in R15B)"};
+    {removed,"the DocBuilder application was removed in R15B"};
 obsolete_1(docb_xml_check, _, _) ->
-    {deprecated,"the DocBuilder application is deprecated (will be removed in R15B)"};
+    {removed,"the DocBuilder application was removed in R15B"};
 
 %% Added in R15B
 obsolete_1(asn1rt, F, _) when F == load_driver; F == unload_driver ->
     {deprecated,"deprecated (will be removed in R16A); has no effect as drivers are no longer used."};
-
+obsolete_1(ssl, pid, 1) ->
+    {deprecated,"deprecated (will be removed in R17); is no longer needed"};
+obsolete_1(inviso, _, _) ->
+    {deprecated,"the inviso application has been deprecated and will be removed in R16"};
+
+%% Added in R15B01.
+obsolete_1(gs, _, _) ->
+    {deprecated,"the gs application has been deprecated and will be removed in R16; use the wx application instead"};
+obsolete_1(ssh, sign_data, 2) ->
+    {deprecated,"deprecated (will be removed in R16A); use public_key:pem_decode/1, public_key:pem_entry_decode/1 "
+     "and public_key:sign/3 instead"};
+obsolete_1(ssh, verify_data, 3) ->
+    {deprecated,"deprecated (will be removed in R16A); use public_key:ssh_decode/1, and public_key:verify/4 instead"};
 obsolete_1(_, _, _) ->
     no.
 
-
 -spec is_snmp_agent_function(atom(), byte()) -> boolean().
 
 is_snmp_agent_function(c,                     1) -> true;
diff --git a/lib/stdlib/src/regexp.erl b/lib/stdlib/src/regexp.erl
deleted file mode 100644
index 65f9ca247d..0000000000
--- a/lib/stdlib/src/regexp.erl
+++ /dev/null
@@ -1,557 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
--module(regexp).
-
-%% This entire module is deprecated and will be removed in a future
-%% release. Use the 're' module instead.
-%%
-%% This module provides a basic set of regular expression functions
-%% for strings. The functions provided are taken from AWK.
-%%
-%% Note that we interpret the syntax tree of a regular expression
-%% directly instead of converting it to an NFA and then interpreting
-%% that. This method seems to go significantly faster.
-
--export([sh_to_awk/1,parse/1,format_error/1,match/2,first_match/2,matches/2]).
--export([sub/3,gsub/3,split/2]).
-
--deprecated([sh_to_awk/1,parse/1,format_error/1,match/2,first_match/2,matches/2]).
--deprecated([sub/3,gsub/3,split/2]).
-
--import(string, [substr/2,substr/3]).
--import(lists, [reverse/1]).
-
--type errordesc() :: term().
--opaque regexp() :: term().
-
-%% -type matchres() = {match,Start,Length} | nomatch | {error,E}.
-%% -type subres() = {ok,RepString,RepCount} | {error,E}.
-%% -type splitres() = {ok,[SubString]} | {error,E}.
-
-%%-compile([export_all]).
-
-%% This is the regular expression grammar used. It is equivalent to the
-%% one used in AWK, except that we allow ^ $ to be used anywhere and fail
-%% in the matching.
-%%
-%% reg -> reg1 : '$1'.
-%% reg1 -> reg1 "|" reg2 : {'or','$1','$2'}.
-%% reg1 -> reg2 : '$1'.
-%% reg2 -> reg2 reg3 : {concat,'$1','$2'}.
-%% reg2 -> reg3 : '$1'.
-%% reg3 -> reg3 "*" : {kclosure,'$1'}.
-%% reg3 -> reg3 "+" : {pclosure,'$1'}.
-%% reg3 -> reg3 "?" : {optional,'$1'}.
-%% reg3 -> reg4 : '$1'.
-%% reg4 -> "(" reg ")" : '$2'.
-%% reg4 -> "\\" char : '$2'.
-%% reg4 -> "^" : bos.
-%% reg4 -> "$" : eos.
-%% reg4 -> "." : char.
-%% reg4 -> "[" class "]" : {char_class,char_class('$2')}
-%% reg4 -> "[" "^" class "]" : {comp_class,char_class('$3')}
-%% reg4 -> "\"" chars "\"" : char_string('$2')
-%% reg4 -> char : '$1'.
-%% reg4 -> empty : epsilon.
-%%  The grammar of the current regular expressions. The actual parser
-%%  is a recursive descent implementation of the grammar.
-
-reg(S) -> reg1(S).
-
-%% reg1 -> reg2 reg1'
-%% reg1' -> "|" reg2
-%% reg1' -> empty
-
-reg1(S0) ->
-    {L,S1} = reg2(S0),
-    reg1p(S1, L).
-
-reg1p([$||S0], L) ->
-    {R,S1} = reg2(S0),
-    reg1p(S1, {'or',L,R});
-reg1p(S, L) -> {L,S}.
-
-%% reg2 -> reg3 reg2'
-%% reg2' -> reg3
-%% reg2' -> empty
-
-reg2(S0) ->
-    {L,S1} = reg3(S0),
-    reg2p(S1, L).
-
-reg2p([C|S0], L) when C =/= $|, C =/= $) ->
-    {R,S1} = reg3([C|S0]),
-    reg2p(S1, {concat,L,R});
-reg2p(S, L) -> {L,S}.
-
-%% reg3 -> reg4 reg3'
-%% reg3' -> "*" reg3'
-%% reg3' -> "+" reg3'
-%% reg3' -> "?" reg3'
-%% reg3' -> empty
-
-reg3(S0) ->
-    {L,S1} = reg4(S0),
-    reg3p(S1, L).
-
-reg3p([$*|S], L) -> reg3p(S, {kclosure,L});
-reg3p([$+|S], L) -> reg3p(S, {pclosure,L});
-reg3p([$?|S], L) -> reg3p(S, {optional,L});
-reg3p(S, L) -> {L,S}.
-
--define(HEX(C), C >= $0 andalso C =< $9 orelse 
-                C >= $A andalso C =< $F orelse 
-                C >= $a andalso C =< $f).
-
-reg4([$(|S0]) ->
-    case reg(S0) of
-	{R,[$)|S1]} -> {R,S1};
-	{_R,_S} -> throw({error,{unterminated,"("}})
-    end;
-reg4([$\\,O1,O2,O3|S]) when
-  O1 >= $0, O1 =< $7, O2 >= $0, O2 =< $7, O3 >= $0, O3 =< $7 ->
-    {(O1*8 + O2)*8 + O3 - 73*$0,S};
-reg4([$\\,$x,H1,H2|S]) when ?HEX(H1), ?HEX(H2) ->
-    {erlang:list_to_integer([H1,H2], 16),S};
-reg4([$\\,$x,${|S]) ->
-    hex(S, []);
-reg4([$\\,$x|_]) ->
-    throw({error,{illegal,[$x]}});
-reg4([$\\,C|S]) -> {escape_char(C),S};
-reg4([$\\]) -> throw({error,{unterminated,"\\"}});
-reg4([$^|S]) -> {bos,S};
-reg4([$$|S]) -> {eos,S};
-reg4([$.|S]) -> {{comp_class,"\n"},S};
-reg4("[^" ++ S0) ->
-    case char_class(S0) of
-	{Cc,[$]|S1]} -> {{comp_class,Cc},S1};
-	{_Cc,_S} -> throw({error,{unterminated,"["}})
-    end;
-reg4([$[|S0]) ->
-    case char_class(S0) of
-	{Cc,[$]|S1]} -> {{char_class,Cc},S1};
-	{_Cc,_S1} -> throw({error,{unterminated,"["}})
-    end;
-%reg4([$"|S0]) ->
-%    case char_string(S0) of
-%	{St,[$"|S1]} -> {St,S1};
-%	{St,S1} -> throw({error,{unterminated,"\""}})
-%    end;
-reg4([C|S]) when C =/= $*, C =/= $+, C =/= $?, C =/= $] -> {C,S};
-reg4([C|_S]) -> throw({error,{illegal,[C]}});
-reg4([]) -> {epsilon,[]}.
-
-hex([C|Cs], L) when ?HEX(C) ->
-    hex(Cs, [C|L]);
-hex([$}|S], L) ->
-    case catch erlang:list_to_integer(lists:reverse(L), 16) of
-        V when V =< 16#FF ->
-            {V,S};
-        _ ->
-            throw({error,{illegal,[$}]}})
-    end;
-hex(_S, _) ->
-    throw({error,{unterminated,"\\x{"}}).
-
-escape_char($n) -> $\n;				%\n = LF
-escape_char($r) -> $\r;				%\r = CR
-escape_char($t) -> $\t;				%\t = TAB
-escape_char($v) -> $\v;				%\v = VT
-escape_char($b) -> $\b;				%\b = BS
-escape_char($f) -> $\f;				%\f = FF
-escape_char($e) -> $\e;				%\e = ESC
-escape_char($s) -> $\s;				%\s = SPACE
-escape_char($d) -> $\d;				%\d = DEL
-escape_char(C) -> C.
-
-char_class([$]|S]) -> char_class(S, [$]]);
-char_class(S) -> char_class(S, []).
-
-char($\\, [O1,O2,O3|S]) when
-  O1 >= $0, O1 =< $7, O2 >= $0, O2 =< $7, O3 >= $0, O3 =< $7 ->
-    {(O1*8 + O2)*8 + O3 - 73*$0,S};
-char($\\, [$x,H1,H2|S]) when ?HEX(H1), ?HEX(H2) ->
-    {erlang:list_to_integer([H1,H2], 16),S};
-char($\\,[$x,${|S]) ->
-    hex(S, []);
-char($\\,[$x|_]) ->
-    throw({error,{illegal,[$x]}});
-char($\\, [C|S]) -> {escape_char(C),S};
-char(C, S) -> {C,S}.
-
-char_class([C1|S0], Cc) when C1 =/= $] ->
-    case char(C1, S0) of
-	{Cf,[$-,C2|S1]} when C2 =/= $] ->
-	    case char(C2, S1) of
-		{Cl,S2} when Cf < Cl -> char_class(S2, [{Cf,Cl}|Cc]); 
-		{Cl,_S2} -> throw({error,{char_class,[Cf,$-,Cl]}})
-	    end;
-	{C,S1} -> char_class(S1, [C|Cc])
-    end;
-char_class(S, Cc) -> {Cc,S}.
-
-%char_string([C|S]) when C =/= $" -> char_string(S, C);
-%char_string(S) -> {epsilon,S}.
-
-%char_string([C|S0], L) when C =/= $" ->
-%    char_string(S0, {concat,L,C});
-%char_string(S, L) -> {L,S}.
-
-%% -deftype re_app_res() = {match,RestPos,Rest} | nomatch.
-
-%% re_apply(String, StartPos, RegExp) -> re_app_res().
-%%
-%%  Apply the (parse of the) regular expression RegExp to String.  If
-%%  there is a match return the position of the remaining string and
-%%  the string if else return 'nomatch'. BestMatch specifies if we want
-%%  the longest match, or just a match.
-%%
-%%  StartPos should be the real start position as it is used to decide
-%%  if we ae at the beginning of the string.
-%%
-%%  Pass two functions to re_apply_or so it can decide, on the basis
-%%  of BestMatch, whether to just any take any match or try both to
-%%  find the longest. This is slower but saves duplicatng code.
-
-re_apply(S, St, RE) -> re_apply(RE, [], S, St).
-
-re_apply(epsilon, More, S, P) ->		%This always matches
-    re_apply_more(More, S, P);
-re_apply({'or',RE1,RE2}, More, S, P) ->
-    re_apply_or(re_apply(RE1, More, S, P),
-		re_apply(RE2, More, S, P));
-re_apply({concat,RE1,RE2}, More, S0, P) ->
-    re_apply(RE1, [RE2|More], S0, P);
-re_apply({kclosure,CE}, More, S, P) ->
-    %% Be careful with the recursion, explicitly do one call before
-    %% looping.
-    re_apply_or(re_apply_more(More, S, P),
-		re_apply(CE, [{kclosure,CE}|More], S, P));
-re_apply({pclosure,CE}, More, S, P) ->
-    re_apply(CE, [{kclosure,CE}|More], S, P);
-re_apply({optional,CE}, More, S, P) ->
-    re_apply_or(re_apply_more(More, S, P),
-		re_apply(CE, More, S, P));
-re_apply(bos, More, S, 1) -> re_apply_more(More, S, 1);
-re_apply(eos, More, [$\n|S], P) -> re_apply_more(More, S, P);
-re_apply(eos, More, [], P) -> re_apply_more(More, [], P);
-re_apply({char_class,Cc}, More, [C|S], P) ->
-    case in_char_class(C, Cc) of
-	true -> re_apply_more(More, S, P+1);
-	false -> nomatch
-    end;
-re_apply({comp_class,Cc}, More, [C|S], P) ->
-    case in_char_class(C, Cc) of
-	true -> nomatch;
-	false -> re_apply_more(More, S, P+1)
-    end;
-re_apply(C, More, [C|S], P) when is_integer(C) ->
-    re_apply_more(More, S, P+1);
-re_apply(_RE, _More, _S, _P) -> nomatch.
-
-%% re_apply_more([RegExp], String, Length) -> re_app_res().
-
-re_apply_more([RE|More], S, P) -> re_apply(RE, More, S, P);
-re_apply_more([], S, P) -> {match,P,S}.
-
-%% in_char_class(Char, Class) -> bool().
-
-in_char_class(C, [{C1,C2}|_Cc]) when C >= C1, C =< C2 -> true;
-in_char_class(C, [C|_Cc]) -> true;
-in_char_class(C, [_|Cc]) -> in_char_class(C, Cc);
-in_char_class(_C, []) -> false.
-
-%% re_apply_or(Match1, Match2) -> re_app_res().
-%%  If we want the best match then choose the longest match, else just
-%%  choose one by trying sequentially.
-
-re_apply_or({match,P1,S1},   {match,P2,_S2}) when P1 >= P2 -> {match,P1,S1};
-re_apply_or({match,_P1,_S1}, {match,P2,S2}) -> {match,P2,S2};
-re_apply_or(nomatch, R2) -> R2;
-re_apply_or(R1, nomatch) -> R1.
-
-%% sh_to_awk(ShellRegExp)
-%%  Convert a sh style regexp into a full AWK one. The main difficulty is
-%%  getting character sets right as the conventions are different.
-
--spec sh_to_awk(ShRegExp) -> AwkRegExp when
-      ShRegExp :: string(),
-      AwkRegExp :: string().
-
-sh_to_awk(Sh) -> "^(" ++ sh_to_awk_1(Sh).	%Fix the beginning
-
-sh_to_awk_1([$*|Sh]) ->				%This matches any string
-    ".*" ++ sh_to_awk_1(Sh);
-sh_to_awk_1([$?|Sh]) ->				%This matches any character
-    [$.|sh_to_awk_1(Sh)];
-sh_to_awk_1([$[,$^,$]|Sh]) ->			%This takes careful handling
-    "\\^" ++ sh_to_awk_1(Sh);
-sh_to_awk_1("[^" ++ Sh) -> [$[|sh_to_awk_2(Sh, true)];
-sh_to_awk_1("[!" ++ Sh) -> "[^" ++ sh_to_awk_2(Sh, false);
-sh_to_awk_1([$[|Sh]) -> [$[|sh_to_awk_2(Sh, false)];
-sh_to_awk_1([C|Sh]) ->
-    %% Unspecialise everything else which is not an escape character.
-    case special_char(C) of
-	true -> [$\\,C|sh_to_awk_1(Sh)];
-	false -> [C|sh_to_awk_1(Sh)]
-    end;
-sh_to_awk_1([]) -> ")$".			%Fix the end
-
-sh_to_awk_2([$]|Sh], UpArrow) -> [$]|sh_to_awk_3(Sh, UpArrow)];
-sh_to_awk_2(Sh, UpArrow) -> sh_to_awk_3(Sh, UpArrow).
-
-sh_to_awk_3([$]|Sh], true) -> "^]" ++ sh_to_awk_1(Sh);
-sh_to_awk_3([$]|Sh], false) -> [$]|sh_to_awk_1(Sh)];
-sh_to_awk_3([C|Sh], UpArrow) -> [C|sh_to_awk_3(Sh, UpArrow)];
-sh_to_awk_3([], true) -> [$^|sh_to_awk_1([])];
-sh_to_awk_3([], false) -> sh_to_awk_1([]).
-
-%% -type special_char(char()) -> bool().
-%%  Test if a character is a special character.
-
-special_char($|) -> true;
-special_char($*) -> true;
-special_char($+) -> true;
-special_char($?) -> true;
-special_char($() -> true;
-special_char($)) -> true;
-special_char($\\) -> true;
-special_char($^) -> true;
-special_char($$) -> true;
-special_char($.) -> true;
-special_char($[) -> true;
-special_char($]) -> true;
-special_char($") -> true;
-special_char(_C) -> false.
-
-%% parse(RegExp) -> {ok,RE} | {error,E}.
-%%  Parse the regexp described in the string RegExp.
-
--spec parse(RegExp) -> ParseRes when
-      RegExp :: string(),
-      ParseRes :: {ok, RE} | {error, Error},
-      RE :: regexp(),
-      Error :: errordesc().
-
-parse(S) ->
-    case catch reg(S) of
-	{R,[]} -> {ok,R};
-	{_R,[C|_]} -> {error,{illegal,[C]}};
-	{error,E} -> {error,E}
-    end.
-
-%% format_error(Error) -> String.
-
--spec format_error(ErrorDescriptor) -> Chars when
-      ErrorDescriptor :: errordesc(),
-      Chars :: io_lib:chars().
-
-format_error({illegal,What}) -> ["illegal character `",What,"'"];
-format_error({unterminated,What}) -> ["unterminated `",What,"'"];
-format_error({char_class,What}) ->
-    ["illegal character class ",io_lib:write_string(What)].
-
-%% -type match(String, RegExp) -> matchres().
-%%  Find the longest match of RegExp in String.
-
--spec match(String, RegExp) -> MatchRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      MatchRes :: {match, Start, Length} | nomatch | {error, Error},
-      Start :: pos_integer(),
-      Length :: pos_integer(),
-      Error :: errordesc().
-
-match(S, RegExp) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> match(S, RE);
-	{error,E} -> {error,E}
-    end;
-match(S, RE) ->
-    case match(RE, S, 1, 0, -1) of
-	{Start,Len} when Len >= 0 ->
-	    {match,Start,Len};
-	{_Start,_Len} -> nomatch
-    end.
-
-match(RE, S, St, Pos, L) ->
-    case first_match(RE, S, St) of
-	{St1,L1} ->
-	    Nst = St1 + 1,
-	    if L1 > L -> match(RE, lists:nthtail(Nst-St, S), Nst, St1, L1);
-	       true -> match(RE, lists:nthtail(Nst-St, S), Nst, Pos, L)
-	    end;
-	nomatch -> {Pos,L}
-    end.
-
-%% -type first_match(String, RegExp) -> matchres().
-%%  Find the first match of RegExp in String.
-
--spec first_match(String, RegExp) -> MatchRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      MatchRes :: {match, Start, Length} | nomatch | {error, Error},
-      Start :: pos_integer(),
-      Length :: pos_integer(),
-      Error :: errordesc().
-
-first_match(S, RegExp) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> first_match(S, RE);
-	{error,E} -> {error,E}
-    end;
-first_match(S, RE) ->
-    case first_match(RE, S, 1) of
-	{Start,Len} when Len >= 0 ->
-	    {match,Start,Len};
-	nomatch -> nomatch
-    end.
-
-first_match(RE, S, St) when S =/= [] ->
-    case re_apply(S, St, RE) of
-	{match,P,_Rest} -> {St,P-St};
-	nomatch -> first_match(RE, tl(S), St+1)
-    end;
-first_match(_RE, [], _St) -> nomatch.
-
-%% -type matches(String, RegExp) -> {match,[{Start,Length}]} | {error,E}.
-%%  Return the all the non-overlapping matches of RegExp in String.
-
--spec matches(String, RegExp) -> MatchRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      MatchRes :: {match, Matches} | {error, Error},
-      Matches :: [{Start, Length}],
-      Start :: pos_integer(),
-      Length :: pos_integer(),
-      Error :: errordesc().
-
-matches(S, RegExp) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> matches(S, RE);
-	{error,E} -> {error,E}
-    end;
-matches(S, RE) ->
-    {match,matches(S, RE, 1)}.
-
-matches(S, RE, St) ->
-    case first_match(RE, S, St) of
-	{St1,0} -> [{St1,0}|matches(substr(S, St1+2-St), RE, St1+1)];
-	{St1,L1} -> [{St1,L1}|matches(substr(S, St1+L1+1-St), RE, St1+L1)];
-	nomatch -> []
-    end.
-
-%% -type sub(String, RegExp, Replace) -> subsres().
-%%  Substitute the first match of the regular expression RegExp with
-%%  the string Replace in String. Accept pre-parsed regular
-%%  expressions.
-
--spec sub(String, RegExp, New) -> SubRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      New :: string(),
-      NewString :: string(),
-      SubRes :: {ok, NewString, RepCount} | {error, Error},
-      RepCount :: 0 | 1,
-      Error :: errordesc().
-
-sub(String, RegExp, Rep) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> sub(String, RE, Rep);
-	{error,E} -> {error,E}
-    end;
-sub(String, RE, Rep) ->
-    Ss = sub_match(String, RE, 1),
-    {ok,sub_repl(Ss, Rep, String, 1),length(Ss)}.
-
-sub_match(S, RE, St) ->
-    case first_match(RE, S, St) of
-	{St1,L1} -> [{St1,L1}];
-	nomatch -> []
-    end.
-
-sub_repl([{St,L}|Ss], Rep, S, Pos) ->
-    Rs = sub_repl(Ss, Rep, S, St+L),
-    substr(S, Pos, St-Pos) ++ sub_repl(Rep, substr(S, St, L), Rs);
-sub_repl([], _Rep, S, Pos) -> substr(S, Pos).
-
-sub_repl([$&|Rep], M, Rest) -> M ++ sub_repl(Rep, M, Rest);
-sub_repl("\\&" ++ Rep, M, Rest) -> [$&|sub_repl(Rep, M, Rest)];
-sub_repl([C|Rep], M, Rest) -> [C|sub_repl(Rep, M, Rest)];
-sub_repl([], _M, Rest) -> Rest.
-
-%% -type gsub(String, RegExp, Replace) -> subres().
-%%  Substitute every match of the regular expression RegExp with the
-%%  string New in String. Accept pre-parsed regular expressions.
-
--spec gsub(String, RegExp, New) -> SubRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      New :: string(),
-      NewString :: string(),
-      SubRes :: {ok, NewString, RepCount} | {error, Error},
-      RepCount :: non_neg_integer(),
-      Error :: errordesc().
-
-gsub(String, RegExp, Rep) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> gsub(String, RE, Rep);
-	{error,E} -> {error,E}
-    end;
-gsub(String, RE, Rep) ->
-    Ss = matches(String, RE, 1),
-    {ok,sub_repl(Ss, Rep, String, 1),length(Ss)}.
-
-%% -type split(String, RegExp) -> splitres().
-%%  Split a string into substrings where the RegExp describes the
-%%  field seperator. The RegExp " " is specially treated.
-
--spec split(String, RegExp) -> SplitRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      SplitRes :: {ok, FieldList} | {error, Error},
-      FieldList :: [string()],
-      Error :: errordesc().
-
-split(String, " ") ->				%This is really special
-    {ok,RE} = parse("[ \t]+"),
-    case split_apply(String, RE, true) of
-	[[]|Ss] -> {ok,Ss};
-	Ss -> {ok,Ss}
-    end;
-split(String, RegExp) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> {ok,split_apply(String, RE, false)};
-	{error,E} -> {error,E}
-    end;
-split(String, RE) -> {ok,split_apply(String, RE, false)}.
-
-split_apply(S, RE, Trim) -> split_apply(S, 1, RE, Trim, []).
-
-split_apply([], _P, _RE, true, []) -> [];
-split_apply([], _P, _RE, _T, Sub) -> [reverse(Sub)];
-split_apply(S, P, RE, T, Sub) ->
-    case re_apply(S, P, RE) of
-	{match,P,_Rest} ->
-	    split_apply(tl(S), P+1, RE, T, [hd(S)|Sub]);
-	{match,P1,Rest} ->
-	    [reverse(Sub)|split_apply(Rest, P1, RE, T, [])];
-	nomatch ->
-	    split_apply(tl(S), P+1, RE, T, [hd(S)|Sub])
-    end.
diff --git a/lib/stdlib/src/shell.erl b/lib/stdlib/src/shell.erl
index 964697cae6..dc450f0ee6 100644
--- a/lib/stdlib/src/shell.erl
+++ b/lib/stdlib/src/shell.erl
@@ -1065,9 +1065,10 @@ local_func(F, As0, Bs0, _Shell, _RT, Lf, Ef) when is_atom(F) ->
     non_builtin_local_func(F,As,Bs).
 
 non_builtin_local_func(F,As,Bs) ->
-    case erlang:function_exported(user_default, F, length(As)) of
+    Arity = length(As),
+    case erlang:function_exported(user_default, F, Arity) of
 	true ->
-            {eval,{user_default,F},As,Bs};
+            {eval,erlang:make_fun(user_default, F, Arity),As,Bs};
 	false ->
 	    shell_default(F,As,Bs)
     end.
@@ -1079,7 +1080,7 @@ shell_default(F,As,Bs) ->
 	{module, _} ->
 	    case erlang:function_exported(M,F,A) of
 		true ->
-		    {eval,{M,F},As,Bs};		    
+		    {eval,erlang:make_fun(M, F, A),As,Bs};
 		false ->
 		    shell_undef(F,A)
 	    end;
diff --git a/lib/stdlib/src/stdlib.app.src b/lib/stdlib/src/stdlib.app.src
index 9d15f01683..a30685e830 100644
--- a/lib/stdlib/src/stdlib.app.src
+++ b/lib/stdlib/src/stdlib.app.src
@@ -2,7 +2,7 @@
 %% 
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -85,7 +85,6 @@
 	     queue,
 	     random,
 	     re,
-	     regexp,
 	     sets,
 	     shell,
 	     shell_default,
diff --git a/lib/stdlib/src/supervisor.erl b/lib/stdlib/src/supervisor.erl
index 2dd5ccce7a..ac5b078c29 100644
--- a/lib/stdlib/src/supervisor.erl
+++ b/lib/stdlib/src/supervisor.erl
@@ -37,7 +37,7 @@
 
 %%--------------------------------------------------------------------------
 
--type child()    :: pid() | 'undefined'.
+-type child()    :: 'undefined' | pid() | [pid()].
 -type child_id() :: term().
 -type mfargs()   :: {M :: module(), F :: atom(), A :: [term()] | undefined}.
 -type modules()  :: [module()] | 'dynamic'.
@@ -270,6 +270,8 @@ start_children(Children, SupName) -> start_children(Children, [], SupName).
 
 start_children([Child|Chs], NChildren, SupName) ->
     case do_start_child(SupName, Child) of
+	{ok, undefined} when Child#child.restart_type =:= temporary ->
+	    start_children(Chs, NChildren, SupName);
 	{ok, Pid} ->
 	    start_children(Chs, [Child#child{pid = Pid}|NChildren], SupName);
 	{ok, Pid, _Extra} ->
@@ -325,6 +327,8 @@ handle_call({start_child, EArgs}, _From, State) when ?is_simple(State) ->
     #child{mfargs = {M, F, A}} = Child,
     Args = A ++ EArgs,
     case do_start_child_i(M, F, Args) of
+	{ok, undefined} when Child#child.restart_type =:= temporary ->
+	    {reply, {ok, undefined}, State};
 	{ok, Pid} ->
 	    NState = save_dynamic_child(Child#child.restart_type, Pid, Args, State),
 	    {reply, {ok, Pid}, NState};
@@ -611,12 +615,12 @@ handle_start_child(Child, State) ->
     case get_child(Child#child.name, State) of
 	false ->
 	    case do_start_child(State#state.name, Child) of
+		{ok, undefined} when Child#child.restart_type =:= temporary ->
+		    {{ok, undefined}, State};
 		{ok, Pid} ->
-		    {{ok, Pid},
-		     save_child(Child#child{pid = Pid}, State)};
+		    {{ok, Pid}, save_child(Child#child{pid = Pid}, State)};
 		{ok, Pid, Extra} ->
-		    {{ok, Pid, Extra},
-		     save_child(Child#child{pid = Pid}, State)};
+		    {{ok, Pid, Extra}, save_child(Child#child{pid = Pid}, State)};
 		{error, What} ->
 		    {{error, {What, Child}}, State}
 	    end;
diff --git a/lib/stdlib/test/erl_eval_SUITE.erl b/lib/stdlib/test/erl_eval_SUITE.erl
index 369d8b224e..ca2f18a05a 100644
--- a/lib/stdlib/test/erl_eval_SUITE.erl
+++ b/lib/stdlib/test/erl_eval_SUITE.erl
@@ -1167,15 +1167,22 @@ do_funs(LFH, EFH) ->
                 [[[0]]], ['F'], LFH, EFH),
 
     %% Tests for a bug found by the Dialyzer - used to crash.
-    ?line check(fun() -> Pmod = erl_eval_helper:new(42), Pmod:add(5) end,
-		"begin Pmod = erl_eval_helper:new(42), Pmod:add(5) end.",
-		47,
-		['Pmod'], LFH, EFH),
-    ?line check(fun() -> Pmod = erl_eval_helper:new(42), B = Pmod:add(7), B end,
-		"begin Pmod = erl_eval_helper:new(42), B = Pmod:add(7), B end.",
-		49,
-		['B','Pmod'], LFH, EFH),
-
+    case test_server:is_native(erl_eval) of
+	true ->
+	    %% Parameterized modules are not supported by HiPE.
+	    ok;
+	false ->
+	    check(fun() -> Pmod = erl_eval_helper:new(42), Pmod:add(5) end,
+		  "begin Pmod = erl_eval_helper:new(42), Pmod:add(5) end.",
+		  47,
+		  ['Pmod'], LFH, EFH),
+	    check(fun() -> Pmod = erl_eval_helper:new(42),
+			   B = Pmod:add(7), B end,
+		  "begin Pmod = erl_eval_helper:new(42), "
+		  "B = Pmod:add(7), B end.",
+		  49,
+		  ['B','Pmod'], LFH, EFH)
+    end,
     ok.
 
 count_down(F, N) when N > 0 ->
diff --git a/lib/stdlib/test/erl_expand_records_SUITE.erl b/lib/stdlib/test/erl_expand_records_SUITE.erl
index f8c1ad783c..8b162cfda0 100644
--- a/lib/stdlib/test/erl_expand_records_SUITE.erl
+++ b/lib/stdlib/test/erl_expand_records_SUITE.erl
@@ -178,6 +178,9 @@ expr(Config) when is_list(Config) ->
                  true ->
                      not_ok
              end.
+
+         is_record(_, _, _) ->
+             error(wrong_is_record).
       ">>
       ],
 
@@ -366,6 +369,8 @@ strict(Config) when is_list(Config) ->
                  end
              catch error:_ -> ok
              end.
+         element(_, _) ->
+             error(wrong_element).
       ">>
       ],
     ?line run(Config, Ts1, [strict_record_tests]),
@@ -380,6 +385,8 @@ strict(Config) when is_list(Config) ->
              case foo of
                  _ when A#r2.a =:= 1 -> ok
              end.
+         element(_, _) ->
+             error(wrong_element).
       ">>
       ],
     ?line run(Config, Ts2, [no_strict_record_tests]),
@@ -415,6 +422,11 @@ update(Config) when is_list(Config) ->
          t2() ->
              R0 = #r{},
              #r{_ = R0#r{a = ok}}.
+
+         %% Implicit calls to setelement/3 must go to the BIF,
+         %% not to this function.
+         setelement(_, _, _) ->
+             erlang:error(wrong_setelement_called).
       ">>
       ],
     ?line run(Config, Ts),
diff --git a/lib/stdlib/test/erl_lint_SUITE.erl b/lib/stdlib/test/erl_lint_SUITE.erl
index 9041adbe5c..4e93f056ad 100644
--- a/lib/stdlib/test/erl_lint_SUITE.erl
+++ b/lib/stdlib/test/erl_lint_SUITE.erl
@@ -2631,7 +2631,35 @@ bif_clash(Config) when is_list(Config) ->
                  binary_part(A,B,C).
              ">>,
 	   [warn_unused_import],
-	   {warnings,[{2,erl_lint,{redefine_bif_import,{binary_part,3}}}]}}
+	   {warnings,[{2,erl_lint,{redefine_bif_import,{binary_part,3}}}]}},
+	  %% Don't accept call to a guard BIF if there is a local definition
+	  %% or an import with the same name. Note: is_record/2 is an
+	  %% exception, since it is more of syntatic sugar than a real BIF.
+	  {clash21,
+           <<"-export([is_list/1]).
+              -import(x, [is_tuple/1]).
+              -record(r, {a,b}).
+              x(T) when is_tuple(T) -> ok;
+              x(T) when is_list(T) -> ok.
+              y(T) when is_tuple(T) =:= true -> ok;
+              y(T) when is_list(T) =:= true -> ok;
+              y(T) when is_record(T, r, 3) -> ok;
+              y(T) when is_record(T, r, 3) =:= true -> ok;
+              y(T) when is_record(T, r) =:= true -> ok.
+              is_list(_) ->
+                ok.
+              is_record(_, _) ->
+                ok.
+              is_record(_, _, _) ->
+                ok.
+             ">>,
+	   [{no_auto_import,[{is_tuple,1}]}],
+	   {errors,[{4,erl_lint,{illegal_guard_local_call,{is_tuple,1}}},
+		    {5,erl_lint,{illegal_guard_local_call,{is_list,1}}},
+		    {6,erl_lint,{illegal_guard_local_call,{is_tuple,1}}},
+		    {7,erl_lint,{illegal_guard_local_call,{is_list,1}}},
+		    {8,erl_lint,{illegal_guard_local_call,{is_record,3}}},
+		    {9,erl_lint,{illegal_guard_local_call,{is_record,3}}}],[]}}
 	 ],
 
     ?line [] = run(Config, Ts),
diff --git a/lib/stdlib/test/ets_SUITE.erl b/lib/stdlib/test/ets_SUITE.erl
index 0e8849b5b3..59532b65a0 100644
--- a/lib/stdlib/test/ets_SUITE.erl
+++ b/lib/stdlib/test/ets_SUITE.erl
@@ -72,9 +72,10 @@
 	 exit_many_many_tables_owner/1]).
 -export([write_concurrency/1, heir/1, give_away/1, setopts/1]).
 -export([bad_table/1, types/1]).
+-export([otp_9932/1]).
 -export([otp_9423/1]).
 
--export([init_per_testcase/2]).
+-export([init_per_testcase/2, end_per_testcase/2]).
 %% Convenience for manual testing
 -export([random_test/0]).
 
@@ -145,6 +146,7 @@ all() ->
      exit_many_large_table_owner, exit_many_tables_owner,
      exit_many_many_tables_owner, write_concurrency, heir,
      give_away, setopts, bad_table, types,
+     otp_9932,
      otp_9423].
 
 groups() -> 
@@ -2385,6 +2387,8 @@ setopts_do(Opts) ->
     ?line {'EXIT',{badarg,_}} = (catch ets:setopts(T,{protection,private,false})),
     ?line {'EXIT',{badarg,_}} = (catch ets:setopts(T,protection)),
     ?line ets:delete(T),
+    unlink(Heir),
+    exit(Heir, bang),
     ok.
 
 bad_table(doc) -> ["All kinds of operations with bad table argument"];
@@ -5432,6 +5436,22 @@ types_do(Opts) ->
     ?line verify_etsmem(EtsMem).
 
 
+%% OTP-9932: Memory overwrite when inserting large integers in compressed bag.
+%% Will crash with segv on 64-bit opt if not fixed.
+otp_9932(Config) when is_list(Config) ->
+    T = ets:new(xxx, [bag, compressed]),    
+    Fun = fun(N) -> 
+		  Key = {1316110174588445 bsl N,1316110174588583 bsl N},
+		  S = {Key, Key},
+		  true = ets:insert(T, S),
+		  [S] = ets:lookup(T, Key),
+		  true = ets:insert(T, S),
+		  [S] = ets:lookup(T, Key)
+	  end,
+    lists:foreach(Fun, lists:seq(0, 16)),
+    ets:delete(T).
+    
+
 otp_9423(doc) -> ["vm-deadlock caused by race between ets:delete and others on write_concurrency table"];
 otp_9423(Config) when is_list(Config) ->
     InitF = fun(_) -> {0,0} end,
@@ -5645,7 +5665,8 @@ spawn_logger(Procs) ->
 					      true -> exit(Proc, kill);
 					      _ -> ok
 					  end,
-					  erlang:display(process_info(Proc)),
+					  erlang:display({"Waiting for 'DOWN' from", Proc,
+							  process_info(Proc), pid_status(Proc)}),
 					  receive
 					      {'DOWN', Mon, _, _, _} ->
 						  ok
@@ -5656,6 +5677,15 @@ spawn_logger(Procs) ->
 	    spawn_logger([From])
     end.
 
+pid_status(Pid) ->
+    try
+	erts_debug:get_internal_state({process_status, Pid})
+    catch
+	error:undef ->
+	    erts_debug:set_internal_state(available_internal_state, true),
+	    pid_status(Pid)
+    end. 
+
 start_spawn_logger() ->
     case whereis(ets_test_spawn_logger) of
 	Pid when is_pid(Pid) -> true;
diff --git a/lib/stdlib/test/filename_SUITE.erl b/lib/stdlib/test/filename_SUITE.erl
index 70b0d413dc..4cfa589660 100644
--- a/lib/stdlib/test/filename_SUITE.erl
+++ b/lib/stdlib/test/filename_SUITE.erl
@@ -483,6 +483,22 @@ find_src(Config) when is_list(Config) ->
     
     %% Try to find the source for a preloaded module.
     ?line {error,{preloaded,init}} = filename:find_src(init),
+
+    %% Make sure that find_src works for a slim BEAM file.
+    OldPath = code:get_path(),
+    try
+	PrivDir = ?config(priv_dir, Config),
+	code:add_patha(PrivDir),
+	Src = "simple",
+	SrcPath = filename:join(PrivDir, Src) ++ ".erl",
+	SrcContents = "-module(simple).\n",
+	ok = file:write_file(SrcPath, SrcContents),
+	{ok,simple} = compile:file(SrcPath, [slim,{outdir,PrivDir}]),
+	BeamPath = filename:join(PrivDir, Src),
+	{BeamPath,[]} = filename:find_src(simple)
+    after
+	code:set_path(OldPath)
+    end,
     ok.
 
 %%
diff --git a/lib/stdlib/test/ms_transform_SUITE.erl b/lib/stdlib/test/ms_transform_SUITE.erl
index c9688354b1..a17307b07b 100644
--- a/lib/stdlib/test/ms_transform_SUITE.erl
+++ b/lib/stdlib/test/ms_transform_SUITE.erl
@@ -455,7 +455,6 @@ old_guards(Config) when is_list(Config) ->
     ?line setup(Config),
     Tests = [
 	     {atom,is_atom},
-	     {constant,is_constant},
 	     {float,is_float},
 	     {integer,is_integer},
 	     {list,is_list},
@@ -490,7 +489,6 @@ old_guards(Config) when is_list(Config) ->
     ?line [{'$1',[{is_integer,'$1'},
 		  {is_float,'$1'},
 		  {is_atom,'$1'},
-		  {is_constant,'$1'},
 		  {is_list,'$1'},
 		  {is_number,'$1'},
 		  {is_pid,'$1'},
@@ -502,7 +500,7 @@ old_guards(Config) when is_list(Config) ->
 	    [true]}] =
 	compile_and_run(RD, <<
 			     "ets:fun2ms(fun(X) when integer(X),"
-			     "float(X), atom(X), constant(X),"
+			     "float(X), atom(X),"
 			     "list(X), number(X), pid(X),"
 			     "port(X), reference(X), tuple(X),"
 			     "binary(X), record(X,a) -> true end)"
@@ -530,7 +528,6 @@ autoimported(Config) when is_list(Config) ->
 	       {self,0},
                %{float,1}, see float_1_function/1
 	       {is_atom,1},
-	       {is_constant,1},
 	       {is_float,1},
 	       {is_integer,1},
 	       {is_list,1},
diff --git a/lib/stdlib/test/qlc_SUITE.erl b/lib/stdlib/test/qlc_SUITE.erl
index 9be547c690..50a76cdfb5 100644
--- a/lib/stdlib/test/qlc_SUITE.erl
+++ b/lib/stdlib/test/qlc_SUITE.erl
@@ -20,7 +20,6 @@
 %%% Purpose:Test Suite for the 'qlc' module.
 %%%-----------------------------------------------------------------
 -module(qlc_SUITE).
--compile(r12).
 
 -define(QLC, qlc).
 -define(QLCs, "qlc").
@@ -7402,70 +7401,37 @@ backward(doc) ->
     "OTP-6674. Join info and extra constants.";
 backward(suite) -> [];
 backward(Config) when is_list(Config) ->
-    case try_old_join_info(Config) of
-        ok ->
-            ok;
-        Reply ->
-            Reply
-    end.
-
--ifdef(debug).
-try_old_join_info(_Config) ->
+    try_old_join_info(Config),
     ok.
--else.
+
 try_old_join_info(Config) ->
-    case ?t:is_release_available("r12b") of
-        true ->
-            %% Check join info for handlers of extra constants. Start R12B-0.
-            ?line {ok, R12} = start_node_rel(r12, r12b, slave),
-            File  = filename("handle.erl", Config),
-            ?line file:write_file(File, 
-                <<"-module(handle).\n"
-                  "-export([create_handle/0, lookup_handle/0]).\n"
-                  "-include_lib(\"stdlib/include/qlc.hrl\").\n"
-                  "create_handle() ->\n"
-                  "  H1 = qlc:sort([{192.0,1,a},{192.0,2,b},{192.0,3,c}]),\n"
-                  "  qlc:q([{X, Y} || {B,X,_} <- H1,\n"
-                  "                   B =:= 192.0,\n"
-                  "                   {Y} <- [{0},{1},{2}],\n"
-                  "                   X == Y]).\n",
-                  "\n",
-                  "lookup_handle() ->\n"
-                  "  E = qlc_SUITE:table([{1,a},{2,b},{3,c}], 1, [1]),\n"
-                  "  qlc:q([{X, Y} || {X,_} <- E,\n"
-                  "                   {Y} <- [{0},{1},{2}],\n"
-                  "                   X =:= Y]).\n">>),
-            ?line {ok, handle} = rpc:call(R12, compile, file,
-                                          [File, [{outdir,?privdir}]]),
-            ?line {module, handle} = rpc:call(R12, code, load_abs,
-                                              [filename:rootname(File)]),
-            ?line H = rpc:call(R12, handle, create_handle, []),
-            ?line {module, handle} = code:load_abs(filename:rootname(File)),
-            ?line {block,0,
-                     [{match,_,_,
-                       {call,_,_,
-                        [{lc,_,_,
-                          [_,
-                           {op,_,'=:=',
-                            {float,_,192.0},
-                            {call,_,{atom,_,element},[{integer,_,1},_]}}]}]}},
-                      _,_,
-                      {call,_,_,
-                       [{lc,_,_,
-                         [_,
-                          {op,_,'=:=',{var,_,'B'},{float,_,192.0}},
-                          {op,_,'==',{var,_,'X'},{var,_,'Y'}}]}]}]} 
-                    = qlc:info(H,{format,abstract_code}),
-            ?line [{1,1},{2,2}] = qlc:e(H),
-            ?line H2 = rpc:call(R12, handle, lookup_handle, []),
-            ?line {qlc,_,[{generate,_,{qlc,_,_,[{join,lookup}]}},_],[]} =
-                qlc:info(H2, {format,debug}),
-            ?line [{1,1},{2,2}] = qlc:e(H2),
-            stop_node(R12);
-	false ->
-	    ?line {skipped, "No support for old node"}
-    end.
--endif.
+    %% Check join info for handlers of extra constants.
+    File = filename:join(?datadir, "join_info_compat.erl"),
+    M = join_info_compat,
+    {ok, M} = compile:file(File, [{outdir, ?datadir}]),
+    {module, M} = code:load_abs(filename:rootname(File)),
+    H = M:create_handle(),
+    {block,0,
+     [{match,_,_,
+       {call,_,_,
+        [{lc,_,_,
+          [_,
+           {op,_,'=:=',
+            {float,_,192.0},
+            {call,_,{atom,_,element},[{integer,_,1},_]}}]}]}},
+      _,_,
+      {call,_,_,
+       [{lc,_,_,
+         [_,
+          {op,_,'=:=',{var,_,'B'},{float,_,192.0}},
+          {op,_,'==',{var,_,'X'},{var,_,'Y'}}]}]}]}
+        = qlc:info(H,{format,abstract_code}),
+    [{1,1},{2,2}] = qlc:e(H),
+
+    H2 = M:lookup_handle(),
+    {qlc,_,[{generate,_,{qlc,_,_,[{join,lookup}]}},_],[]} =
+        qlc:info(H2, {format,debug}),
+    [{1,1},{2,2}] = qlc:e(H2).
 
 forward(doc) ->
     "";
@@ -8130,27 +8096,6 @@ fail(Source) ->
 
 %% Copied from global_SUITE.erl.
 
-start_node_rel(Name, Rel, How) ->
-    {Release, Compat} = case Rel of
-                            this ->
-                                {[this], "+R8"};
-                            Rel when is_atom(Rel) ->
-                                {[{release, atom_to_list(Rel)}], ""};
-                            RelList ->
-			       {RelList, ""}
-		       end,
-    ?line Pa = filename:dirname(code:which(?MODULE)),
-    ?line Res = test_server:start_node(Name, How, 
-                                       [{args,
-                                         Compat ++ 
-                                         " -kernel net_setuptime 100 "
-                                         " -pa " ++ Pa},
-                                        {erl, Release}]),
-    Res.
-
-stop_node(Node) ->
-    ?line ?t:stop_node(Node).
-
 install_error_logger() ->
     error_logger:add_report_handler(?MODULE, self()).
 
diff --git a/lib/stdlib/test/qlc_SUITE_data/join_info_compat.erl b/lib/stdlib/test/qlc_SUITE_data/join_info_compat.erl
new file mode 100644
index 0000000000..e0db132c47
--- /dev/null
+++ b/lib/stdlib/test/qlc_SUITE_data/join_info_compat.erl
@@ -0,0 +1,1771 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(join_info_compat).
+
+-compile(export_all).
+
+create_handle() ->
+    H1 = qlc:sort([{192.0,1,a},{192.0,2,b},{192.0,3,c}]),
+    qlc:q({qlc_lc,
+           % fun-info: {23,109048965,'-create_handle/0-fun-23-'}
+           fun() ->
+                  {qlc_v1,
+                   % fun-info: {2,105724313,'-create_handle/0-fun-2-'}
+                   fun(S01_0_1, RL01_0_1, Go01_0_1) ->
+                          Fun1_0_1 =
+                              % fun-info: {1,131900588,'-create_handle/0-fun-1-'}
+                              fun(0, RL1_0_1, _, _, _, _, _, _, _)
+                                     when is_list(RL1_0_1) ->
+                                     lists:reverse(RL1_0_1);
+                                 (0, _, _, _, _, _, _, _, _) ->
+                                     [];
+                                 (1,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  C1_1_1,
+                                  B1,
+                                  X1)
+                                     when is_list(RL1_0_1) ->
+                                     Fun1_0_1(element(1, Go1_0_1),
+                                              [{X1,Y1}|RL1_0_1],
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              C1_1_1,
+                                              B1,
+                                              X1);
+                                 (1,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     [{X1,Y1}|
+                                      % fun-info: {0,27702789,'-create_handle/0-fun-0-'}
+                                      fun() ->
+                                             Fun1_0_1(element(1,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1)
+                                      end];
+                                 (2,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  _,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(3,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              element(4, Go1_0_1),
+                                              B1,
+                                              X1);
+                                 (3,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  [{B1,X1,_}|C1_0_1],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(element(3, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              C1_0_1,
+                                              B1,
+                                              X1);
+                                 (3,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  [_|C1_0_1],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(3,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              C1_0_1,
+                                              [],
+                                              []);
+                                 (3,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  [],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(element(2, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              [],
+                                              [],
+                                              []);
+                                 (3,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  C1_1_1,
+                                  _,
+                                  _) ->
+                                     case C1_1_1() of
+                                         [{B1,X1,_}|C1_0_1] ->
+                                             Fun1_0_1(element(3,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_0_1,
+                                                      B1,
+                                                      X1);
+                                         [_|C1_0_1] ->
+                                             Fun1_0_1(3,
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_0_1,
+                                                      [],
+                                                      []);
+                                         [] ->
+                                             Fun1_0_1(element(2,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      [],
+                                                      [],
+                                                      []);
+                                         E1_0_1 ->
+                                             E1_0_1
+                                     end;
+                                 (4,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     if
+                                         B1 =:= 192.0 ->
+                                             Fun1_0_1(element(6,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1);
+                                         true ->
+                                             Fun1_0_1(element(5,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1)
+                                     end;
+                                 (5,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  _,
+                                  Y1,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(6,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              element(9, Go1_0_1),
+                                              Y1,
+                                              C1_1_1,
+                                              B1,
+                                              X1);
+                                 (6,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  [{Y1}|C1_0_1],
+                                  _,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(element(8, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_0_1,
+                                              Y1,
+                                              C1_1_1,
+                                              B1,
+                                              X1);
+                                 (6,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  [_|C1_0_1],
+                                  _,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(6,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_0_1,
+                                              [],
+                                              C1_1_1,
+                                              B1,
+                                              X1);
+                                 (6,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  [],
+                                  _,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(element(7, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              [],
+                                              [],
+                                              C1_1_1,
+                                              B1,
+                                              X1);
+                                 (6,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  _,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     case C1_3_1() of
+                                         [{Y1}|C1_0_1] ->
+                                             Fun1_0_1(element(8,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_0_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1);
+                                         [_|C1_0_1] ->
+                                             Fun1_0_1(6,
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_0_1,
+                                                      [],
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1);
+                                         [] ->
+                                             Fun1_0_1(element(7,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      [],
+                                                      [],
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1);
+                                         E1_0_1 ->
+                                             E1_0_1
+                                     end;
+                                 (7,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     if
+                                         X1 == Y1 ->
+                                             Fun1_0_1(element(11,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1);
+                                         true ->
+                                             Fun1_0_1(element(10,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1)
+                                     end;
+                                 (8,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  _,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(9,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              element(14, Go1_0_1),
+                                              B1,
+                                              X1);
+                                 (9,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  _,
+                                  [[{B1,X1,_}|{Y1}]|C1_0_1],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(element(13, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              C1_0_1,
+                                              B1,
+                                              X1);
+                                 (9,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  _,
+                                  [_|C1_0_1],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(9,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              [],
+                                              C1_0_1,
+                                              [],
+                                              []);
+                                 (9,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  _,
+                                  [],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(element(12, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              [],
+                                              [],
+                                              [],
+                                              []);
+                                 (9,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  _,
+                                  C1_1_1,
+                                  _,
+                                  _) ->
+                                     case C1_1_1() of
+                                         [[{B1,X1,_}|{Y1}]|C1_0_1] ->
+                                             Fun1_0_1(element(13,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_0_1,
+                                                      B1,
+                                                      X1);
+                                         [_|C1_0_1] ->
+                                             Fun1_0_1(9,
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      [],
+                                                      C1_0_1,
+                                                      [],
+                                                      []);
+                                         [] ->
+                                             Fun1_0_1(element(12,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      [],
+                                                      [],
+                                                      [],
+                                                      []);
+                                         E1_0_1 ->
+                                             E1_0_1
+                                     end
+                              end,
+                          Fun1_0_1(S01_0_1,
+                                   RL01_0_1,
+                                   Fun1_0_1,
+                                   Go01_0_1,
+                                   [],
+                                   [],
+                                   [],
+                                   [],
+                                   [])
+                   end,
+                   % fun-info: {3,41816426,'-create_handle/0-fun-3-'}
+                   fun() ->
+                          {<<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $.:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $):8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\026:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $r:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $F:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $":8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $<:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $):8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\026:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $r:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $::8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $":8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $Y:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $9:8/integer-unit:1-unsigned-big,
+                             $\r:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $H:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $e:8/integer-unit:1-unsigned-big,
+                             $\211:8/integer-unit:1-unsigned-big,
+                             $E:8/integer-unit:1-unsigned-big,
+                             $\s:8/integer-unit:1-unsigned-big,
+                             $>:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\023:8/integer-unit:1-unsigned-big,
+                             $\210:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\232:8/integer-unit:1-unsigned-big,
+                             $\226:8/integer-unit:1-unsigned-big,
+                             $\223:8/integer-unit:1-unsigned-big,
+                             $\237:8/integer-unit:1-unsigned-big,
+                             $X:8/integer-unit:1-unsigned-big,
+                             $\222:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\235:8/integer-unit:1-unsigned-big,
+                             $l:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $g:8/integer-unit:1-unsigned-big,
+                             $i:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\200:8/integer-unit:1-unsigned-big,
+                             $\001:8/integer-unit:1-unsigned-big,
+                             $R:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\r:8/integer-unit:1-unsigned-big,
+                             $\214:8/integer-unit:1-unsigned-big,
+                             $\030:8/integer-unit:1-unsigned-big,
+                             $@:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $c:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\017:8/integer-unit:1-unsigned-big,
+                             $=:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $h:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\005:8/integer-unit:1-unsigned-big,
+                             $t:8/integer-unit:1-unsigned-big,
+                             $u:8/integer-unit:1-unsigned-big,
+                             $p:8/integer-unit:1-unsigned-big,
+                             $l:8/integer-unit:1-unsigned-big,
+                             $e:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $\f:8/integer-unit:1-unsigned-big,
+                             $l:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\001:8/integer-unit:1-unsigned-big,
+                             $h:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $v:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $r:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $\f:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\001:8/integer-unit:1-unsigned-big,
+                             $Y:8/integer-unit:1-unsigned-big,
+                             $j:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $*:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $H:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\005:8/integer-unit:1-unsigned-big,
+                             $R:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\031:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $):8/integer-unit:1-unsigned-big,
+                             $\f:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $e:8/integer-unit:1-unsigned-big,
+                             $\211:8/integer-unit:1-unsigned-big,
+                             $E:8/integer-unit:1-unsigned-big,
+                             $\s:8/integer-unit:1-unsigned-big,
+                             $.:8/integer-unit:1-unsigned-big,
+                             $c:8/integer-unit:1-unsigned-big,
+                             $\004:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $\022:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\205:8/integer-unit:1-unsigned-big,
+                             $\t:8/integer-unit:1-unsigned-big,
+                             $\216:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $j:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $+:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\f:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\222:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\202:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $D:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\034:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $f:8/integer-unit:1-unsigned-big,
+                             $\220:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $s:8/integer-unit:1-unsigned-big,
+                             $Y:8/integer-unit:1-unsigned-big,
+                             $b:8/integer-unit:1-unsigned-big,
+                             $Q:8/integer-unit:1-unsigned-big,
+                             $":8/integer-unit:1-unsigned-big,
+                             $W:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\023:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $\002:8/integer-unit:1-unsigned-big,
+                             $\205:8/integer-unit:1-unsigned-big,
+                             $\027:8/integer-unit:1-unsigned-big,
+                             $\237:8/integer-unit:1-unsigned-big,
+                             $\205:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $\007:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $\021:8/integer-unit:1-unsigned-big,
+                             $.:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $\224:8/integer-unit:1-unsigned-big,
+                             $\217:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\002:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\203:8/integer-unit:1-unsigned-big,
+                             $>:8/integer-unit:1-unsigned-big,
+                             $\034:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big>>}
+                   end,
+                   [{1,
+                     2,
+                     2,
+                     {gen,
+                      % fun-info: {4,131674517,'-create_handle/0-fun-4-'}
+                      fun() ->
+                             H1
+                      end}},
+                    {2,5,4,fil},
+                    {3,
+                     7,
+                     5,
+                     {gen,
+                      % fun-info: {5,108000324,'-create_handle/0-fun-5-'}
+                      fun() ->
+                             [{0},{1},{2}]
+                      end}},
+                    {4,10,7,fil},
+                    {5,
+                     12,
+                     8,
+                     {gen,
+                      {join,
+                       '==',
+                       1,
+                       3,
+                       % fun-info: {9,59718458,'-create_handle/0-fun-9-'}
+                       fun(H1_0_1) ->
+                              F1_0_1 =
+                                  % fun-info: {7,779460,'-create_handle/0-fun-7-'}
+                                  fun(_, []) ->
+                                         [];
+                                     (F1_0_1, [O1_0_1|C1_0_1]) ->
+                                         case O1_0_1 of
+                                             {_,_,_}
+                                                 when
+                                                     192.0
+                                                     =:=
+                                                     element(1, O1_0_1) ->
+                                                 [O1_0_1|
+                                                  % fun-info: {6,23729943,'-create_handle/0-fun-6-'}
+                                                  fun() ->
+                                                         F1_0_1(F1_0_1,
+                                                                C1_0_1)
+                                                  end];
+                                             _ ->
+                                                 F1_0_1(F1_0_1, C1_0_1)
+                                         end;
+                                     (F1_0_1, C1_0_1)
+                                         when is_function(C1_0_1) ->
+                                         F1_0_1(F1_0_1, C1_0_1());
+                                     (_, C1_0_1) ->
+                                         C1_0_1
+                                  end,
+                              % fun-info: {8,43652904,'-create_handle/0-fun-8-'}
+                              fun() ->
+                                     F1_0_1(F1_0_1, H1_0_1)
+                              end
+                       end,
+                       % fun-info: {13,102310144,'-create_handle/0-fun-13-'}
+                       fun(H1_0_1) ->
+                              F1_0_1 =
+                                  % fun-info: {11,74362432,'-create_handle/0-fun-11-'}
+                                  fun(_, []) ->
+                                         [];
+                                     (F1_0_1, [O1_0_1|C1_0_1]) ->
+                                         case O1_0_1 of
+                                             {_} ->
+                                                 [O1_0_1|
+                                                  % fun-info: {10,23729943,'-create_handle/0-fun-10-'}
+                                                  fun() ->
+                                                         F1_0_1(F1_0_1,
+                                                                C1_0_1)
+                                                  end];
+                                             _ ->
+                                                 F1_0_1(F1_0_1, C1_0_1)
+                                         end;
+                                     (F1_0_1, C1_0_1)
+                                         when is_function(C1_0_1) ->
+                                         F1_0_1(F1_0_1, C1_0_1());
+                                     (_, C1_0_1) ->
+                                         C1_0_1
+                                  end,
+                              % fun-info: {12,43652904,'-create_handle/0-fun-12-'}
+                              fun() ->
+                                     F1_0_1(F1_0_1, H1_0_1)
+                              end
+                       end,
+                       % fun-info: {14,17838355,'-create_handle/0-fun-14-'}
+                       fun() ->
+                              {[{1,[192.0]}],[],[]}
+                       end}}}],
+                   % fun-info: {22,31304647,'-create_handle/0-fun-22-'}
+                   fun(join) ->
+                          {[[{1,"\002"},{3,"\001"}]],[]};
+                      (size) ->
+                          % fun-info: {15,31963143,'-create_handle/0-fun-15-'}
+                          fun(0) ->
+                                 2;
+                             (1) ->
+                                 3;
+                             (3) ->
+                                 1;
+                             (_) ->
+                                 undefined
+                          end;
+                      (template) ->
+                          % fun-info: {16,113413274,'-create_handle/0-fun-16-'}
+                          fun({1,2}, '=:=') ->
+                                 "\001";
+                             ({1,2}, '==') ->
+                                 "\001\002";
+                             ({3,1}, '=:=') ->
+                                 "\002";
+                             ({3,1}, '==') ->
+                                 "\001\002";
+                             (_, _) ->
+                                 []
+                          end;
+                      (constants) ->
+                          % fun-info: {18,52148739,'-create_handle/0-fun-18-'}
+                          fun(1) ->
+                                 % fun-info: {17,5864387,'-create_handle/0-fun-17-'}
+                                 fun(1) ->
+                                        {values,[192.0],{some,[2]}};
+                                    (_) ->
+                                        false
+                                 end;
+                             (_) ->
+                                 no_column_fun
+                          end;
+                      (n_leading_constant_columns) ->
+                          % fun-info: {19,82183172,'-create_handle/0-fun-19-'}
+                          fun(1) ->
+                                 1;
+                             (_) ->
+                                 0
+                          end;
+                      (constant_columns) ->
+                          % fun-info: {20,80910005,'-create_handle/0-fun-20-'}
+                          fun(1) ->
+                                 "\001";
+                             (_) ->
+                                 []
+                          end;
+                      (match_specs) ->
+                          % fun-info: {21,91764346,'-create_handle/0-fun-21-'}
+                          fun(1) ->
+                                 {[{{'$1','$2','_'},
+                                    [{'=:=','$1',192.0}],
+                                    ['$_']}],
+                                  "\002"};
+                             (_) ->
+                                 undefined
+                          end;
+                      (_) ->
+                          undefined
+                   end}
+           end,
+           undefined}).
+
+lookup_handle() ->
+    E = qlc_SUITE:table([{1,a},{2,b},{3,c}], 1, [1]),
+    qlc:q({qlc_lc,
+           % fun-info: {46,120768015,'-lookup_handle/0-fun-22-'}
+           fun() ->
+                  {qlc_v1,
+                   % fun-info: {26,82970908,'-lookup_handle/0-fun-2-'}
+                   fun(S02_0_1, RL02_0_1, Go02_0_1) ->
+                          Fun2_0_1 =
+                              % fun-info: {25,75235357,'-lookup_handle/0-fun-1-'}
+                              fun(0, RL2_0_1, _, _, _, _, _, _)
+                                     when is_list(RL2_0_1) ->
+                                     lists:reverse(RL2_0_1);
+                                 (0, _, _, _, _, _, _, _) ->
+                                     [];
+                                 (1,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  C2_1_1,
+                                  X2)
+                                     when is_list(RL2_0_1) ->
+                                     Fun2_0_1(element(1, Go2_0_1),
+                                              [{X2,Y2}|RL2_0_1],
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              C2_1_1,
+                                              X2);
+                                 (1,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  C2_1_1,
+                                  X2) ->
+                                     [{X2,Y2}|
+                                      % fun-info: {24,124255471,'-lookup_handle/0-fun-0-'}
+                                      fun() ->
+                                             Fun2_0_1(element(1,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_1_1,
+                                                      X2)
+                                      end];
+                                 (2,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  _,
+                                  X2) ->
+                                     Fun2_0_1(3,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              element(4, Go2_0_1),
+                                              X2);
+                                 (3,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  [{X2,_}|C2_0_1],
+                                  _) ->
+                                     Fun2_0_1(element(3, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              C2_0_1,
+                                              X2);
+                                 (3,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  [_|C2_0_1],
+                                  _) ->
+                                     Fun2_0_1(3,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              C2_0_1,
+                                              []);
+                                 (3,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  [],
+                                  _) ->
+                                     Fun2_0_1(element(2, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              [],
+                                              []);
+                                 (3,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  C2_1_1,
+                                  _) ->
+                                     case C2_1_1() of
+                                         [{X2,_}|C2_0_1] ->
+                                             Fun2_0_1(element(3,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_0_1,
+                                                      X2);
+                                         [_|C2_0_1] ->
+                                             Fun2_0_1(3,
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_0_1,
+                                                      []);
+                                         [] ->
+                                             Fun2_0_1(element(2,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      [],
+                                                      []);
+                                         E2_0_1 ->
+                                             E2_0_1
+                                     end;
+                                 (4,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  _,
+                                  Y2,
+                                  C2_1_1,
+                                  X2) ->
+                                     Fun2_0_1(5,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              element(7, Go2_0_1),
+                                              Y2,
+                                              C2_1_1,
+                                              X2);
+                                 (5,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  [{Y2}|C2_0_1],
+                                  _,
+                                  C2_1_1,
+                                  X2) ->
+                                     Fun2_0_1(element(6, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_0_1,
+                                              Y2,
+                                              C2_1_1,
+                                              X2);
+                                 (5,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  [_|C2_0_1],
+                                  _,
+                                  C2_1_1,
+                                  X2) ->
+                                     Fun2_0_1(5,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_0_1,
+                                              [],
+                                              C2_1_1,
+                                              X2);
+                                 (5,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  [],
+                                  _,
+                                  C2_1_1,
+                                  X2) ->
+                                     Fun2_0_1(element(5, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              [],
+                                              [],
+                                              C2_1_1,
+                                              X2);
+                                 (5,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  _,
+                                  C2_1_1,
+                                  X2) ->
+                                     case C2_2_1() of
+                                         [{Y2}|C2_0_1] ->
+                                             Fun2_0_1(element(6,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_0_1,
+                                                      Y2,
+                                                      C2_1_1,
+                                                      X2);
+                                         [_|C2_0_1] ->
+                                             Fun2_0_1(5,
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_0_1,
+                                                      [],
+                                                      C2_1_1,
+                                                      X2);
+                                         [] ->
+                                             Fun2_0_1(element(5,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      [],
+                                                      [],
+                                                      C2_1_1,
+                                                      X2);
+                                         E2_0_1 ->
+                                             E2_0_1
+                                     end;
+                                 (6,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  C2_1_1,
+                                  X2) ->
+                                     if
+                                         X2 =:= Y2 ->
+                                             Fun2_0_1(element(9,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_1_1,
+                                                      X2);
+                                         true ->
+                                             Fun2_0_1(element(8,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_1_1,
+                                                      X2)
+                                     end;
+                                 (7,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  _,
+                                  X2) ->
+                                     Fun2_0_1(8,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              element(12, Go2_0_1),
+                                              X2);
+                                 (8,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  _,
+                                  [[{X2,_}|{Y2}]|C2_0_1],
+                                  _) ->
+                                     Fun2_0_1(element(11, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              C2_0_1,
+                                              X2);
+                                 (8,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  _,
+                                  [_|C2_0_1],
+                                  _) ->
+                                     Fun2_0_1(8,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              [],
+                                              C2_0_1,
+                                              []);
+                                 (8,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  _,
+                                  [],
+                                  _) ->
+                                     Fun2_0_1(element(10, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              [],
+                                              [],
+                                              []);
+                                 (8,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  _,
+                                  C2_1_1,
+                                  _) ->
+                                     case C2_1_1() of
+                                         [[{X2,_}|{Y2}]|C2_0_1] ->
+                                             Fun2_0_1(element(11,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_0_1,
+                                                      X2);
+                                         [_|C2_0_1] ->
+                                             Fun2_0_1(8,
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      [],
+                                                      C2_0_1,
+                                                      []);
+                                         [] ->
+                                             Fun2_0_1(element(10,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      [],
+                                                      [],
+                                                      []);
+                                         E2_0_1 ->
+                                             E2_0_1
+                                     end
+                              end,
+                          Fun2_0_1(S02_0_1,
+                                   RL02_0_1,
+                                   Fun2_0_1,
+                                   Go02_0_1,
+                                   [],
+                                   [],
+                                   [],
+                                   [])
+                   end,
+                   % fun-info: {27,111349661,'-lookup_handle/0-fun-3-'}
+                   fun() ->
+                          {<<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $.:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $):8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\026:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $F:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $":8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\206:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $.:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $):8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\026:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $F:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\222:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $h:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\005:8/integer-unit:1-unsigned-big,
+                             $t:8/integer-unit:1-unsigned-big,
+                             $u:8/integer-unit:1-unsigned-big,
+                             $p:8/integer-unit:1-unsigned-big,
+                             $l:8/integer-unit:1-unsigned-big,
+                             $e:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $\022:8/integer-unit:1-unsigned-big,
+                             $l:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\001:8/integer-unit:1-unsigned-big,
+                             $h:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $v:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $r:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $\022:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\001:8/integer-unit:1-unsigned-big,
+                             $Y:8/integer-unit:1-unsigned-big,
+                             $j:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $+:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $H:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $e:8/integer-unit:1-unsigned-big,
+                             $\211:8/integer-unit:1-unsigned-big,
+                             $E:8/integer-unit:1-unsigned-big,
+                             $\s:8/integer-unit:1-unsigned-big,
+                             $>:8/integer-unit:1-unsigned-big,
+                             $c:8/integer-unit:1-unsigned-big,
+                             $\004:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $\022:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $\t:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\\:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $+:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\f:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\222:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\202:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $D:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\034:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $&:8/integer-unit:1-unsigned-big,
+                             $\220:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $s:8/integer-unit:1-unsigned-big,
+                             $Y:8/integer-unit:1-unsigned-big,
+                             $b:8/integer-unit:1-unsigned-big,
+                             $Q:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $c:8/integer-unit:1-unsigned-big,
+                             $\004:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $>:8/integer-unit:1-unsigned-big,
+                             $\v:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\020:8/integer-unit:1-unsigned-big,
+                             $H:8/integer-unit:1-unsigned-big,
+                             $5:8/integer-unit:1-unsigned-big,
+                             $#:8/integer-unit:1-unsigned-big,
+                             $\\:8/integer-unit:1-unsigned-big,
+                             $^:8/integer-unit:1-unsigned-big,
+                             $\b:8/integer-unit:1-unsigned-big,
+                             $(:8/integer-unit:1-unsigned-big,
+                             $\037:8/integer-unit:1-unsigned-big,
+                             $\231:8/integer-unit:1-unsigned-big,
+                             $\005:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\031:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big>>}
+                   end,
+                   [{1,
+                     2,
+                     2,
+                     {gen,
+                      % fun-info: {28,75197307,'-lookup_handle/0-fun-4-'}
+                      fun() ->
+                             E
+                      end}},
+                    {2,
+                     5,
+                     4,
+                     {gen,
+                      % fun-info: {29,86826511,'-lookup_handle/0-fun-5-'}
+                      fun() ->
+                             [{0},{1},{2}]
+                      end}},
+                    {3,8,6,fil},
+                    {4,
+                     10,
+                     7,
+                     {gen,
+                      {join,
+                       '==',
+                       1,
+                       2,
+                       % fun-info: {33,129609919,'-lookup_handle/0-fun-9-'}
+                       fun(H2_0_1) ->
+                              F2_0_1 =
+                                  % fun-info: {31,45768082,'-lookup_handle/0-fun-7-'}
+                                  fun(_, []) ->
+                                         [];
+                                     (F2_0_1, [O2_0_1|C2_0_1]) ->
+                                         case O2_0_1 of
+                                             {_,_} ->
+                                                 [O2_0_1|
+                                                  % fun-info: {30,28136696,'-lookup_handle/0-fun-6-'}
+                                                  fun() ->
+                                                         F2_0_1(F2_0_1,
+                                                                C2_0_1)
+                                                  end];
+                                             _ ->
+                                                 F2_0_1(F2_0_1, C2_0_1)
+                                         end;
+                                     (F2_0_1, C2_0_1)
+                                         when is_function(C2_0_1) ->
+                                         F2_0_1(F2_0_1, C2_0_1());
+                                     (_, C2_0_1) ->
+                                         C2_0_1
+                                  end,
+                              % fun-info: {32,48059625,'-lookup_handle/0-fun-8-'}
+                              fun() ->
+                                     F2_0_1(F2_0_1, H2_0_1)
+                              end
+                       end,
+                       % fun-info: {37,63676968,'-lookup_handle/0-fun-13-'}
+                       fun(H2_0_1) ->
+                              F2_0_1 =
+                                  % fun-info: {35,129320532,'-lookup_handle/0-fun-11-'}
+                                  fun(_, []) ->
+                                         [];
+                                     (F2_0_1, [O2_0_1|C2_0_1]) ->
+                                         case O2_0_1 of
+                                             {_} ->
+                                                 [O2_0_1|
+                                                  % fun-info: {34,28136696,'-lookup_handle/0-fun-10-'}
+                                                  fun() ->
+                                                         F2_0_1(F2_0_1,
+                                                                C2_0_1)
+                                                  end];
+                                             _ ->
+                                                 F2_0_1(F2_0_1, C2_0_1)
+                                         end;
+                                     (F2_0_1, C2_0_1)
+                                         when is_function(C2_0_1) ->
+                                         F2_0_1(F2_0_1, C2_0_1());
+                                     (_, C2_0_1) ->
+                                         C2_0_1
+                                  end,
+                              % fun-info: {36,48059625,'-lookup_handle/0-fun-12-'}
+                              fun() ->
+                                     F2_0_1(F2_0_1, H2_0_1)
+                              end
+                       end,
+                       % fun-info: {38,3236543,'-lookup_handle/0-fun-14-'}
+                       fun() ->
+                              {[],[],[]}
+                       end}}}],
+                   % fun-info: {45,56361026,'-lookup_handle/0-fun-21-'}
+                   fun(join) ->
+                          [[{1,"\001"},{2,"\001"}]];
+                      (size) ->
+                          % fun-info: {39,40607542,'-lookup_handle/0-fun-15-'}
+                          fun(0) ->
+                                 2;
+                             (1) ->
+                                 2;
+                             (2) ->
+                                 1;
+                             (_) ->
+                                 undefined
+                          end;
+                      (template) ->
+                          % fun-info: {40,34907048,'-lookup_handle/0-fun-16-'}
+                          fun({1,1}, _) ->
+                                 "\001\002";
+                             ({2,1}, _) ->
+                                 "\001\002";
+                             (_, _) ->
+                                 []
+                          end;
+                      (constants) ->
+                          % fun-info: {41,11686091,'-lookup_handle/0-fun-17-'}
+                          fun(_) ->
+                                 no_column_fun
+                          end;
+                      (n_leading_constant_columns) ->
+                          % fun-info: {42,21492441,'-lookup_handle/0-fun-18-'}
+                          fun(_) ->
+                                 0
+                          end;
+                      (constant_columns) ->
+                          % fun-info: {43,55297177,'-lookup_handle/0-fun-19-'}
+                          fun(_) ->
+                                 []
+                          end;
+                      (match_specs) ->
+                          % fun-info: {44,55081557,'-lookup_handle/0-fun-20-'}
+                          fun(_) ->
+                                 undefined
+                          end;
+                      (_) ->
+                          undefined
+                   end}
+           end,
+           undefined}).
diff --git a/lib/stdlib/test/re_SUITE.erl b/lib/stdlib/test/re_SUITE.erl
index 3b2e637c84..d6d946a28f 100644
--- a/lib/stdlib/test/re_SUITE.erl
+++ b/lib/stdlib/test/re_SUITE.erl
@@ -445,9 +445,17 @@ split_specials(Config) when is_list(Config) ->
     ok.
     
 
-error_handling(doc) ->
-    ["Test that errors are handled correctly by the erlang code."];
-error_handling(Config) when is_list(Config) ->
+%% Test that errors are handled correctly by the erlang code.
+error_handling(_Config) ->
+    case test_server:is_native(re) of
+	true ->
+	    %% Exceptions from native code look too different.
+	    {skip,"re is native"};
+	false ->
+	    error_handling()
+    end.
+	    
+error_handling() ->
     % This test checks the exception tuples manufactured in the erlang
     % code to hide the trapping from the user at least when it comes to errors
     Dog = ?t:timetrap(?t:minutes(1)),
@@ -455,14 +463,14 @@ error_handling(Config) when is_list(Config) ->
     % the trap to re:grun from grun, in the grun function clause
     % that handles precompiled expressions
     ?line {'EXIT',{badarg,[{re,run,["apa",{1,2,3,4},[global]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:run("apa",{1,2,3,4},[global])),
     % An invalid capture list will also cause a badarg late, 
     % but with a non pre compiled RE, the exception should be thrown by the
     % grun function clause that handles RE's compiled implicitly by
     % the run/3 BIF before trapping.
     ?line {'EXIT',{badarg,[{re,run,["apa","p",[{capture,[1,{a}]},global]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:run("apa","p",[{capture,[1,{a}]},global])),
     % And so the case of a precompiled expression together with
     % a compile-option (binary and list subject):
@@ -473,88 +481,88 @@ error_handling(Config) when is_list(Config) ->
 			    [<<"apa">>,
 			     {re_pattern,1,0,_},
 			     [global,unicode]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:run(<<"apa">>,RE,[global,unicode])),
     ?line {'EXIT',{badarg,[{re,run,
 			    ["apa",
 			     {re_pattern,1,0,_},
 			     [global,unicode]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:run("apa",RE,[global,unicode])),
     ?line {'EXIT',{badarg,_}} = (catch re:run("apa","(p",[])),
     ?line {'EXIT',{badarg,_}} = (catch re:run("apa","(p",[global])),
     % The replace errors:
     ?line {'EXIT',{badarg,[{re,replace,["apa",{1,2,3,4},"X",[]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:replace("apa",{1,2,3,4},"X",[])),
     ?line {'EXIT',{badarg,[{re,replace,["apa",{1,2,3,4},"X",[global]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:replace("apa",{1,2,3,4},"X",[global])),
     ?line {'EXIT',{badarg,[{re,replace,
 			    ["apa",
 			     {re_pattern,1,0,_},
 			     "X",
 			     [unicode]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:replace("apa",RE,"X",[unicode])),
     ?line <<"aXa">> = iolist_to_binary(re:replace("apa","p","X",[])),
     ?line {'EXIT',{badarg,[{re,replace,
 			    ["apa","p","X",[{capture,all,binary}]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch iolist_to_binary(re:replace("apa","p","X",
 					  [{capture,all,binary}]))),
     ?line {'EXIT',{badarg,[{re,replace,
 			    ["apa","p","X",[{capture,all}]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch iolist_to_binary(re:replace("apa","p","X",
 					  [{capture,all}]))),
     ?line {'EXIT',{badarg,[{re,replace,
 			    ["apa","p","X",[{return,banana}]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch iolist_to_binary(re:replace("apa","p","X",
 					  [{return,banana}]))),
     ?line {'EXIT',{badarg,_}} = (catch re:replace("apa","(p","X",[])),
     % Badarg, not compile error.
     ?line {'EXIT',{badarg,[{re,replace,
 			    ["apa","(p","X",[{return,banana}]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch iolist_to_binary(re:replace("apa","(p","X",
 					  [{return,banana}]))),
     % And the split errors:
     ?line [<<"a">>,<<"a">>] = (catch re:split("apa","p",[])),
     ?line [<<"a">>,<<"p">>,<<"a">>] = (catch re:split("apa",RE,[])),
     ?line {'EXIT',{badarg,[{re,split,["apa","p",[global]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:split("apa","p",[global])),
     ?line {'EXIT',{badarg,[{re,split,["apa","p",[{capture,all}]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:split("apa","p",[{capture,all}])),
     ?line {'EXIT',{badarg,[{re,split,["apa","p",[{capture,all,binary}]],_},
-			   {?MODULE, error_handling,1,_} | _]}} =
+			   {?MODULE, error_handling,0,_} | _]}} =
 	(catch re:split("apa","p",[{capture,all,binary}])),
     ?line {'EXIT',{badarg,[{re,split,["apa",{1,2,3,4},[]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:split("apa",{1,2,3,4})),
     ?line {'EXIT',{badarg,[{re,split,["apa",{1,2,3,4},[]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:split("apa",{1,2,3,4},[])),
     ?line {'EXIT',{badarg,[{re,split,
 			    ["apa",
 			     RE,
 			     [unicode]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:split("apa",RE,[unicode])),
     ?line {'EXIT',{badarg,[{re,split,
 			    ["apa",
 			     RE,
 			     [{return,banana}]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:split("apa",RE,[{return,banana}])),
     ?line {'EXIT',{badarg,[{re,split,
 			    ["apa",
 			     RE,
 			     [banana]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:split("apa",RE,[banana])),
     ?line {'EXIT',{badarg,_}} = (catch re:split("apa","(p")),
     %Exception on bad argument, not compilation error
@@ -562,7 +570,7 @@ error_handling(Config) when is_list(Config) ->
 			    ["apa",
 			     "(p",
 			     [banana]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:split("apa","(p",[banana])),
     ?t:timetrap_cancel(Dog),
     ok.
diff --git a/lib/stdlib/test/shell_SUITE.erl b/lib/stdlib/test/shell_SUITE.erl
index b6019b86f0..a881742f13 100644
--- a/lib/stdlib/test/shell_SUITE.erl
+++ b/lib/stdlib/test/shell_SUITE.erl
@@ -2388,13 +2388,28 @@ otp_6554(Config) when is_list(Config) ->
         comm_err(<<"V = lists:seq(1, 20), case V of a -> ok end.">>),
     ?line "exception error: no function clause matching" = 
         comm_err(<<"fun(P) when is_pid(P) -> true end(a).">>),
-    ?line "exception error: {function_clause," =
-        comm_err(<<"erlang:error(function_clause, [unproper | list]).">>),
+    case test_server:is_native(erl_eval) of
+	true ->
+	    %% Native code has different exit reason. Don't bother
+	    %% testing them.
+	    ok;
+	false ->
+	    "exception error: {function_clause," =
+		comm_err(<<"erlang:error(function_clause, "
+			  "[unproper | list]).">>),
+	    %% Cheating:
+	    "exception error: no function clause matching "
+		"erl_eval:do_apply(4)" ++ _ =
+		comm_err(<<"erlang:error(function_clause, [4]).">>),
+		"exception error: no function clause matching "
+		"lists:reverse(" ++ _ =
+		comm_err(<<"F=fun() -> hello end, lists:reverse(F).">>),
+		"exception error: no function clause matching "
+		"lists:reverse(34) (lists.erl, line " ++ _ =
+		comm_err(<<"lists:reverse(34).">>)
+    end,
     ?line "exception error: function_clause" =
         comm_err(<<"erlang:error(function_clause, 4).">>),
-    %% Cheating:
-    ?line "exception error: no function clause matching erl_eval:do_apply(4)" ++ _ = 
-        comm_err(<<"erlang:error(function_clause, [4]).">>),
     ?line "exception error: no function clause matching" ++ _ = 
         comm_err(<<"fun(a, b, c, d) -> foo end"
                    "       (lists:seq(1,17),"
@@ -2404,10 +2419,6 @@ otp_6554(Config) when is_list(Config) ->
 
     ?line "exception error: no function clause matching" = 
         comm_err(<<"fun(P, q) when is_pid(P) -> true end(a, b).">>),
-    ?line "exception error: no function clause matching lists:reverse(" ++ _ = 
-        comm_err(<<"F=fun() -> hello end, lists:reverse(F).">>),
-    ?line "exception error: no function clause matching lists:reverse(34) (lists.erl, line " ++ _ = 
-        comm_err(<<"lists:reverse(34).">>),
     ?line "exception error: no true branch found when evaluating an if expression" = 
         comm_err(<<"if length([a,b]) > 17 -> a end.">>),
     ?line "exception error: no such process or port" = 
diff --git a/lib/stdlib/test/sofs_SUITE.erl b/lib/stdlib/test/sofs_SUITE.erl
index 73b282149a..f11c6ec4d6 100644
--- a/lib/stdlib/test/sofs_SUITE.erl
+++ b/lib/stdlib/test/sofs_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -536,7 +536,7 @@ projection(Conf) when is_list(Conf) ->
 			  from_term([], [[atom]]))),
     ?line {'EXIT', {badarg, _}} = 
         (catch projection({external, fun(X) -> X end}, from_term([[a]]))),
-    ?line eval(projection({sofs,union}, 
+    ?line eval(projection(fun sofs:union/1,
 			  from_term([[[1,2],[2,3]], [[a,b],[b,c]]])),
                from_term([[1,2,3], [a,b,c]])),
     ?line eval(projection(fun(_) -> from_term([a]) end, 
@@ -628,7 +628,7 @@ substitution(Conf) when is_list(Conf) ->
     ?line {'EXIT', {badarg, _}} = 
         (catch substitution({external, fun(X) -> X end}, from_term([[a]]))),
     ?line eval(substitution(fun(X) -> X end, from_term([], [[atom]])), E),
-    ?line eval(substitution({sofs,union}, 
+    ?line eval(substitution(fun sofs:union/1,
                             from_term([[[1,2],[2,3]], [[a,b],[b,c]]])),
                from_term([{[[1,2],[2,3]],[1,2,3]}, {[[a,b],[b,c]],[a,b,c]}])),
     ?line eval(substitution(fun(_) -> from_term([a]) end, 
@@ -745,7 +745,7 @@ restriction(Conf) when is_list(Conf) ->
     ?line eval(restriction(Id, S3, E), E),
     ?line eval(restriction(Id, from_term([], [[atom]]), set([a])),
 	       from_term([], [[atom]])),
-    ?line eval(restriction({sofs,union}, 
+    ?line eval(restriction(fun sofs:union/1,
                            from_term([[[a],[b]], [[b],[c]], 
                                       [[], [a,b]], [[1],[2]]]), 
                            from_term([[a,b],[1,2,3],[b,c]])),
@@ -862,7 +862,7 @@ drestriction(Conf) when is_list(Conf) ->
     ?line eval(drestriction(Id, S3, E), S3),
     ?line eval(drestriction(Id, from_term([], [[atom]]), set([a])),
 	       from_term([], [[atom]])),
-    ?line eval(drestriction({sofs,union}, 
+    ?line eval(drestriction(fun sofs:union/1,
                             from_term([[[a],[b]], [[b],[c]], 
                                        [[], [a,b]], [[1],[2]]]), 
                             from_term([[a,b],[1,2,3],[b,c]])),
@@ -1028,7 +1028,7 @@ specification(Conf) when is_list(Conf) ->
 	    end,
     ?line eval(specification({external,Fun2x}, S2), from_term([[1],[3]])),
 
-    Fun3 = fun(_) -> neither_true_or_false end,
+    Fun3 = fun(_) -> neither_true_nor_false end,
     ?line {'EXIT', {badarg, _}} = 
 	(catch specification(Fun3, set([a]))),
     ?line {'EXIT', {badarg, _}} = 
@@ -1810,8 +1810,8 @@ partition_3(Conf) when is_list(Conf) ->
 
     S12a = from_term([[[a],[b]], [[b],[c]], [[], [a,b]], [[1],[2]]]),
     S12b = from_term([[a,b],[1,2,3],[b,c]]),
-    ?line eval(partition({sofs,union}, S12a, S12b),
-	       lpartition({sofs,union}, S12a, S12b)),
+    ?line eval(partition(fun sofs:union/1, S12a, S12b),
+	       lpartition(fun sofs:union/1, S12a, S12b)),
 
     Fun13 = fun(_) -> from_term([a]) end,
     S13a = from_term([], [[atom]]),
@@ -1879,12 +1879,9 @@ digraph(Conf) when is_list(Conf) ->
 
     ?line {'EXIT', {badarg, _}} = 
         (catch family_to_digraph(set([a]))),
-    ?line {'EXIT', {badarg, [{sofs,family_to_digraph,[_,_],_}|_]}} =
-        (catch family_to_digraph(set([a]), [foo])),
-    ?line {'EXIT', {badarg, [{sofs,family_to_digraph,[_,_],_}|_]}} =
-        (catch family_to_digraph(F, [foo])),
-    ?line {'EXIT', {cyclic, [{sofs,family_to_digraph,[_,_],_}|_]}} =
-        (catch family_to_digraph(family([{a,[a]}]),[acyclic])),
+    digraph_fail(badarg, catch family_to_digraph(set([a]), [foo])),
+    digraph_fail(badarg, catch family_to_digraph(F, [foo])),
+    digraph_fail(cyclic, catch family_to_digraph(family([{a,[a]}]),[acyclic])),
 
     ?line G1 = family_to_digraph(E),
     ?line {'EXIT', {badarg, _}} = (catch digraph_to_family(G1, foo)),
@@ -1927,6 +1924,13 @@ digraph(Conf) when is_list(Conf) ->
     ?line true = T0 == ets:all(),
     ok.
 
+digraph_fail(ExitReason, Fail) ->
+    {'EXIT', {ExitReason, [{sofs,family_to_digraph,A,_}|_]}} = Fail,
+    case {test_server:is_native(sofs),A} of
+	{false,[_,_]} -> ok;
+	{true,2} -> ok
+    end.
+
 constant_function(suite) -> [];
 constant_function(doc) -> [""];
 constant_function(Conf) when is_list(Conf) ->
@@ -1952,10 +1956,8 @@ misc(Conf) when is_list(Conf) ->
     % the "functional" part:
     ?line eval(union(intersection(partition(1,S), partition(Id,S))),
                difference(S, RR)),
-
-    %% The function external:foo/1 is undefined.
     ?line {'EXIT', {undef, _}} =    
- 	(catch projection({external,foo}, set([a,b,c]))),
+        (catch projection(fun external:foo/1, set([a,b,c]))),
     ok.
 
 relational_restriction(R) ->
@@ -1968,19 +1970,19 @@ family_specification(doc) -> [""];
 family_specification(Conf) when is_list(Conf) ->
     E = empty_set(),
     %% internal
-    ?line eval(family_specification({sofs, is_set}, E), E),
+    ?line eval(family_specification(fun sofs:is_set/1, E), E),
     ?line {'EXIT', {badarg, _}} =    
- 	(catch family_specification({sofs,is_set}, set([]))),
+       (catch family_specification(fun sofs:is_set/1, set([]))),
     ?line F1 = from_term([{1,[1]}]),
-    ?line eval(family_specification({sofs,is_set}, F1), F1),
+    ?line eval(family_specification(fun sofs:is_set/1, F1), F1),
     Fun = fun(S) -> is_subset(S, set([0,1,2,3,4])) end,
     ?line F2 = family([{a,[1,2]},{b,[3,4,5]}]),
     ?line eval(family_specification(Fun, F2), family([{a,[1,2]}])),
     ?line F3 = from_term([{a,[]},{b,[]}]),
-    ?line eval(family_specification({sofs,is_set}, F3), F3),
+    ?line eval(family_specification(fun sofs:is_set/1, F3), F3),
     Fun2 = fun(_) -> throw(fippla) end, 
     ?line fippla = (catch family_specification(Fun2, family([{a,[1]}]))),
-    Fun3 = fun(_) -> neither_true_or_false end,
+    Fun3 = fun(_) -> neither_true_nor_false end,
     ?line {'EXIT', {badarg, _}} = 
 	(catch family_specification(Fun3, F3)),
 
@@ -2095,22 +2097,22 @@ family_projection(Conf) when is_list(Conf) ->
 
     ?line eval(family_projection(fun(X) -> X end, family([])), E),
     ?line L1 = [{a,[]}],
-    ?line eval(family_projection({sofs,union}, E), E),
-    ?line eval(family_projection({sofs,union}, from_term(L1, SSType)),
+    ?line eval(family_projection(fun sofs:union/1, E), E),
+    ?line eval(family_projection(fun sofs:union/1, from_term(L1, SSType)),
                family(L1)),
     ?line {'EXIT', {badarg, _}} =    
- 	(catch family_projection({sofs,union}, set([]))),
+        (catch family_projection(fun sofs:union/1, set([]))),
     ?line {'EXIT', {badarg, _}} =
-        (catch family_projection({sofs,union}, from_term([{1,[1]}]))),
+        (catch family_projection(fun sofs:union/1, from_term([{1,[1]}]))),
 
     ?line F2 = from_term([{a,[[1],[2]]},{b,[[3,4],[5]]}], SSType),
-    ?line eval(family_projection({sofs,union}, F2),
+    ?line eval(family_projection(fun sofs:union/1, F2),
                family_union(F2)),
 
     ?line F3 = from_term([{1,[{a,b},{b,c},{c,d}]},{3,[]},{5,[{3,5}]}],
                          SRType),
-    ?line eval(family_projection({sofs,domain}, F3), family_domain(F3)),
-    ?line eval(family_projection({sofs,range}, F3), family_range(F3)),
+    ?line eval(family_projection(fun sofs:domain/1, F3), family_domain(F3)),
+    ?line eval(family_projection(fun sofs:range/1, F3), family_range(F3)),
 
     ?line eval(family_projection(fun(_) -> E end, family([{a,[b,c]}])),
 	       from_term([{a,[]}])),
@@ -2290,7 +2292,7 @@ partition_family(Conf) when is_list(Conf) ->
 
     ?line eval(partition_family(1, E), E),
     ?line eval(partition_family(2, E), E),
-    ?line eval(partition_family({sofs,union}, E), E),
+    ?line eval(partition_family(fun sofs:union/1, E), E),
     ?line eval(partition_family(1, ER), EF),
     ?line eval(partition_family(2, ER), EF),
     ?line {'EXIT', {badarg, _}} = (catch partition_family(1, set([]))),
@@ -2354,7 +2356,7 @@ partition_family(Conf) when is_list(Conf) ->
     ?line {'EXIT', {badarg, _}} = 
         (catch partition_family({external, fun(X) -> X end}, 
 				from_term([[a]]))),
-    ?line eval(partition_family({sofs,union}, 
+    ?line eval(partition_family(fun sofs:union/1,
 				from_term([[[1],[1,2]], [[1,2]]])),
 	       from_term([{[1,2], [[[1],[1,2]],[[1,2]]]}])),
     ?line eval(partition_family(fun(X) -> X end, 
diff --git a/lib/stdlib/test/supervisor_1.erl b/lib/stdlib/test/supervisor_1.erl
index f819594c46..777a48e38b 100644
--- a/lib/stdlib/test/supervisor_1.erl
+++ b/lib/stdlib/test/supervisor_1.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/stdlib/test/supervisor_2.erl b/lib/stdlib/test/supervisor_2.erl
index 67aacf5a9c..60d037f4e0 100644
--- a/lib/stdlib/test/supervisor_2.erl
+++ b/lib/stdlib/test/supervisor_2.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/stdlib/test/supervisor_SUITE.erl b/lib/stdlib/test/supervisor_SUITE.erl
index d3d140abbc..71b76c093f 100644
--- a/lib/stdlib/test/supervisor_SUITE.erl
+++ b/lib/stdlib/test/supervisor_SUITE.erl
@@ -34,8 +34,10 @@
 
 %% API tests
 -export([ sup_start_normal/1, sup_start_ignore_init/1, 
-	  sup_start_ignore_child/1, sup_start_error_return/1,
-	  sup_start_fail/1, sup_stop_infinity/1,
+	  sup_start_ignore_child/1, sup_start_ignore_temporary_child/1,
+	  sup_start_ignore_temporary_child_start_child/1,
+	  sup_start_ignore_temporary_child_start_child_simple/1,
+	  sup_start_error_return/1, sup_start_fail/1, sup_stop_infinity/1,
 	  sup_stop_timeout/1, sup_stop_brutal_kill/1, child_adm/1,
 	  child_adm_simple/1, child_specs/1, extra_return/1]).
 
@@ -85,8 +87,10 @@ all() ->
 groups() -> 
     [{sup_start, [],
       [sup_start_normal, sup_start_ignore_init,
-       sup_start_ignore_child, sup_start_error_return,
-       sup_start_fail]},
+       sup_start_ignore_child, sup_start_ignore_temporary_child,
+       sup_start_ignore_temporary_child_start_child,
+       sup_start_ignore_temporary_child_start_child_simple,
+       sup_start_error_return, sup_start_fail]},
      {sup_stop, [],
       [sup_stop_infinity, sup_stop_timeout,
        sup_stop_brutal_kill]},
@@ -158,29 +162,23 @@ get_child_counts(Supervisor) ->
 
 %%-------------------------------------------------------------------------
 %% Test cases starts here.
-%%-------------------------------------------------------------------------
-sup_start_normal(doc) ->
-    ["Tests that the supervisor process starts correctly and that it "
-     "can be terminated gracefully."];
-sup_start_normal(suite) -> [];
+%% -------------------------------------------------------------------------
+%% Tests that the supervisor process starts correctly and that it can
+%% be terminated gracefully.
 sup_start_normal(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, Pid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     terminate(Pid, shutdown).
 
 %%-------------------------------------------------------------------------
-sup_start_ignore_init(doc) ->
-    ["Tests what happens if init-callback returns ignore"];
-sup_start_ignore_init(suite) -> [];
+%% Tests what happens if init-callback returns ignore.
 sup_start_ignore_init(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     ignore = start_link(ignore),
     check_exit_reason(normal).
 
 %%-------------------------------------------------------------------------
-sup_start_ignore_child(doc) ->
-    ["Tests what happens if init-callback returns ignore"];
-sup_start_ignore_child(suite) -> [];
+%% Tests what happens if init-callback returns ignore.
 sup_start_ignore_child(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, _Pid}  = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -197,30 +195,75 @@ sup_start_ignore_child(Config) when is_list(Config) ->
     [2,1,0,2] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-sup_start_error_return(doc) ->
-    ["Tests what happens if init-callback returns a invalid value"];
-sup_start_error_return(suite) -> [];
+%% Tests what happens if child's init-callback returns ignore for a
+%% temporary child when ChildSpec is returned directly from supervisor
+%% init callback.
+%% Child spec shall NOT be saved!!!
+sup_start_ignore_temporary_child(Config) when is_list(Config) ->
+    process_flag(trap_exit, true),
+    Child1 = {child1, {supervisor_1, start_child, [ignore]},
+	      temporary, 1000, worker, []},
+    Child2 = {child2, {supervisor_1, start_child, []}, temporary,
+	      1000, worker, []},
+    {ok, _Pid}  = start_link({ok, {{one_for_one, 2, 3600}, [Child1,Child2]}}),
+
+    [{child2, CPid2, worker, []}] = supervisor:which_children(sup_test),
+    true = is_pid(CPid2),
+    [1,1,0,1] = get_child_counts(sup_test).
+
+%%-------------------------------------------------------------------------
+%% Tests what happens if child's init-callback returns ignore for a
+%% temporary child when child is started with start_child/2.
+%% Child spec shall NOT be saved!!!
+sup_start_ignore_temporary_child_start_child(Config) when is_list(Config) ->
+    process_flag(trap_exit, true),
+    {ok, _Pid}  = start_link({ok, {{one_for_one, 2, 3600}, []}}),
+    Child1 = {child1, {supervisor_1, start_child, [ignore]},
+	      temporary, 1000, worker, []},
+    Child2 = {child2, {supervisor_1, start_child, []}, temporary,
+	      1000, worker, []},
+
+    {ok, undefined} = supervisor:start_child(sup_test, Child1),
+    {ok, CPid2} = supervisor:start_child(sup_test, Child2),
+
+    [{child2, CPid2, worker, []}] = supervisor:which_children(sup_test),
+    [1,1,0,1] = get_child_counts(sup_test).
+
+%%-------------------------------------------------------------------------
+%% Tests what happens if child's init-callback returns ignore for a
+%% temporary child when child is started with start_child/2, and the
+%% supervisor is simple_one_for_one.
+%% Child spec shall NOT be saved!!!
+sup_start_ignore_temporary_child_start_child_simple(Config)
+  when is_list(Config) ->
+    process_flag(trap_exit, true),
+    Child1 = {child1, {supervisor_1, start_child, [ignore]},
+	      temporary, 1000, worker, []},
+    {ok, _Pid}  = start_link({ok, {{simple_one_for_one, 2, 3600}, [Child1]}}),
+
+    {ok, undefined} = supervisor:start_child(sup_test, []),
+    {ok, CPid2} = supervisor:start_child(sup_test, []),
+
+    [{undefined, CPid2, worker, []}] = supervisor:which_children(sup_test),
+    [1,1,0,1] = get_child_counts(sup_test).
+
+%%-------------------------------------------------------------------------
+%% Tests what happens if init-callback returns a invalid value.
 sup_start_error_return(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {error, Term} = start_link(invalid),
     check_exit_reason(Term).
 
 %%-------------------------------------------------------------------------
-sup_start_fail(doc) ->
-    ["Tests what happens if init-callback fails"];
-sup_start_fail(suite) -> [];
+%% Tests what happens if init-callback fails.
 sup_start_fail(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {error, Term} = start_link(fail),
     check_exit_reason(Term).
 
 %%-------------------------------------------------------------------------
-
-sup_stop_infinity(doc) ->
-    ["See sup_stop/1 when Shutdown = infinity, this walue is allowed "
-     "for children of type supervisor _AND_ worker"];
-sup_stop_infinity(suite) -> [];
-
+%% See sup_stop/1 when Shutdown = infinity, this walue is allowed for
+%% children of type supervisor _AND_ worker.
 sup_stop_infinity(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, Pid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -238,11 +281,7 @@ sup_stop_infinity(Config) when is_list(Config) ->
     check_exit_reason(CPid2, shutdown).
 
 %%-------------------------------------------------------------------------
-
-sup_stop_timeout(doc) ->
-    ["See sup_stop/1 when Shutdown = 1000"];
-sup_stop_timeout(suite) -> [];
-
+%% See sup_stop/1 when Shutdown = 1000
 sup_stop_timeout(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, Pid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -264,10 +303,7 @@ sup_stop_timeout(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
-sup_stop_brutal_kill(doc) ->
-    ["See sup_stop/1 when Shutdown = brutal_kill"];
-sup_stop_brutal_kill(suite) -> [];
-
+%% See sup_stop/1 when Shutdown = brutal_kill
 sup_stop_brutal_kill(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, Pid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -286,14 +322,10 @@ sup_stop_brutal_kill(Config) when is_list(Config) ->
     check_exit_reason(CPid2, killed).
 
 %%-------------------------------------------------------------------------
-extra_return(doc) -> 
-    ["The start function provided to start a child may " 
-     "return {ok, Pid} or {ok, Pid, Info}, if it returns "
-     "the later check that the supervisor ignores the Info, "
-     "and includes it unchanged in return from start_child/2 "
-     "and restart_child/2"];
-extra_return(suite) -> [];
-
+%% The start function provided to start a child may return {ok, Pid}
+%% or {ok, Pid, Info}, if it returns the latter check that the
+%% supervisor ignores the Info, and includes it unchanged in return
+%% from start_child/2 and restart_child/2.
 extra_return(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child1, {supervisor_1, start_child, [extra_return]}, 
@@ -333,12 +365,10 @@ extra_return(Config) when is_list(Config) ->
 
     ok.
 %%-------------------------------------------------------------------------
-child_adm(doc)->
-    ["Test API functions start_child/2, terminate_child/2, delete_child/2 "
-     "restart_child/2, which_children/1, count_children/1. Only correct "
-     "childspecs are used, handling of incorrect childspecs is tested in "
-     "child_specs/1"];
-child_adm(suite) -> [];
+%% Test API functions start_child/2, terminate_child/2, delete_child/2
+%% restart_child/2, which_children/1, count_children/1. Only correct
+%% childspecs are used, handling of incorrect childspecs is tested in
+%% child_specs/1.
 child_adm(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -402,11 +432,9 @@ child_adm(Config) when is_list(Config) ->
 	= (catch supervisor:count_children(foo)),
     ok.
 %%-------------------------------------------------------------------------
-child_adm_simple(doc) ->
-    ["The API functions terminate_child/2, delete_child/2 "
-     "restart_child/2 are not valid for a simple_one_for_one supervisor "
-     "check that the correct error message is returned."];
-child_adm_simple(suite) -> [];
+%% The API functions terminate_child/2, delete_child/2 restart_child/2
+%% are not valid for a simple_one_for_one supervisor check that the
+%% correct error message is returned.
 child_adm_simple(Config) when is_list(Config) ->
     Child = {child, {supervisor_1, start_child, []}, permanent, 1000,
 	     worker, []},
@@ -454,9 +482,7 @@ child_adm_simple(Config) when is_list(Config) ->
     ok.
 
 %%-------------------------------------------------------------------------
-child_specs(doc) ->
-    ["Tests child specs, invalid formats should be rejected."];
-child_specs(suite) -> [];
+%% Tests child specs, invalid formats should be rejected.
 child_specs(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, _Pid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -507,9 +533,7 @@ child_specs(Config) when is_list(Config) ->
     ok.
 
 %%-------------------------------------------------------------------------
-permanent_normal(doc) ->
-    ["A permanent child should always be restarted"];
-permanent_normal(suite) -> [];
+%% A permanent child should always be restarted.
 permanent_normal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -529,10 +553,8 @@ permanent_normal(Config) when is_list(Config) ->
     [1,1,0,1] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-transient_normal(doc) ->
-    ["A transient child should not be restarted if it exits with " 
-     "reason normal"];
-transient_normal(suite) -> [];
+%% A transient child should not be restarted if it exits with reason
+%% normal.
 transient_normal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, transient, 1000,
@@ -546,9 +568,7 @@ transient_normal(Config) when is_list(Config) ->
     [1,0,0,1] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-temporary_normal(doc) ->
-    ["A temporary process should never be restarted"];
-temporary_normal(suite) -> [];
+%% A temporary process should never be restarted.
 temporary_normal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, temporary, 1000,
@@ -562,9 +582,7 @@ temporary_normal(Config) when is_list(Config) ->
     [0,0,0,0] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-permanent_shutdown(doc) ->
-    ["A permanent child should always be restarted"];
-permanent_shutdown(suite) -> [];
+%% A permanent child should always be restarted.
 permanent_shutdown(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -596,10 +614,8 @@ permanent_shutdown(Config) when is_list(Config) ->
     [1,1,0,1] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-transient_shutdown(doc) ->
-    ["A transient child should not be restarted if it exits with " 
-     "reason shutdown or {shutdown,Term}"];
-transient_shutdown(suite) -> [];
+%% A transient child should not be restarted if it exits with reason
+%% shutdown or {shutdown,Term}.
 transient_shutdown(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, transient, 1000,
@@ -620,9 +636,7 @@ transient_shutdown(Config) when is_list(Config) ->
     [1,0,0,1] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-temporary_shutdown(doc) ->
-    ["A temporary process should never be restarted"];
-temporary_shutdown(suite) -> [];
+%% A temporary process should never be restarted.
 temporary_shutdown(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, temporary, 1000,
@@ -643,9 +657,7 @@ temporary_shutdown(Config) when is_list(Config) ->
     [0,0,0,0] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-permanent_abnormal(doc) ->
-    ["A permanent child should always be restarted"];
-permanent_abnormal(suite) -> [];
+%% A permanent child should always be restarted.
 permanent_abnormal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -664,10 +676,7 @@ permanent_abnormal(Config) when is_list(Config) ->
     [1,1,0,1] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-transient_abnormal(doc) ->
-    ["A transient child should be restarted if it exits with " 
-     "reason abnormal"];
-transient_abnormal(suite) -> [];
+%% A transient child should be restarted if it exits with reason abnormal.
 transient_abnormal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, transient, 1000,
@@ -686,9 +695,7 @@ transient_abnormal(Config) when is_list(Config) ->
     [1,1,0,1] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-temporary_abnormal(doc) ->
-    ["A temporary process should never be restarted"];
-temporary_abnormal(suite) -> [];
+%% A temporary process should never be restarted.
 temporary_abnormal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, temporary, 1000,
@@ -701,11 +708,9 @@ temporary_abnormal(Config) when is_list(Config) ->
     [0,0,0,0] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-temporary_bystander(doc) ->
-    ["A temporary process killed as part of a rest_for_one or one_for_all "
-     "restart strategy should not be restarted given its args are not "
-     " saved. Otherwise the supervisor hits its limit and crashes."];
-temporary_bystander(suite) -> [];
+%% A temporary process killed as part of a rest_for_one or one_for_all
+%% restart strategy should not be restarted given its args are not
+%% saved. Otherwise the supervisor hits its limit and crashes.
 temporary_bystander(_Config) ->
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 100,
 	      worker, []},
@@ -732,9 +737,7 @@ temporary_bystander(_Config) ->
     [{child1, _, _, _}] = supervisor:which_children(SupPid2).
 
 %%-------------------------------------------------------------------------
-one_for_one(doc) ->
-    ["Test the one_for_one base case."];
-one_for_one(suite) -> [];
+%% Test the one_for_one base case.
 one_for_one(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -764,9 +767,7 @@ one_for_one(Config) when is_list(Config) ->
     check_exit([SupPid]).
 
 %%-------------------------------------------------------------------------
-one_for_one_escalation(doc) ->
-    ["Test restart escalation on a one_for_one supervisor."];
-one_for_one_escalation(suite) -> [];
+%% Test restart escalation on a one_for_one supervisor.
 one_for_one_escalation(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
 
@@ -786,9 +787,7 @@ one_for_one_escalation(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
-one_for_all(doc) ->
-    ["Test the one_for_all base case."];
-one_for_all(suite) -> [];
+%% Test the one_for_all base case.
 one_for_all(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
 
@@ -824,9 +823,7 @@ one_for_all(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
-one_for_all_escalation(doc) -> 
-    ["Test restart escalation on a one_for_all supervisor."];
-one_for_all_escalation(suite) -> [];
+%% Test restart escalation on a one_for_all supervisor.
 one_for_all_escalation(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
 
@@ -845,9 +842,7 @@ one_for_all_escalation(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
-simple_one_for_one(doc) ->
-    ["Test the simple_one_for_one base case."];
-simple_one_for_one(suite) -> [];
+%% Test the simple_one_for_one base case.
 simple_one_for_one(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child, {supervisor_1, start_child, []}, permanent, 1000,
@@ -878,10 +873,8 @@ simple_one_for_one(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
-simple_one_for_one_shutdown(doc) ->
-    ["Test simple_one_for_one children shutdown accordingly to the "
-     "supervisor's shutdown strategy."];
-simple_one_for_one_shutdown(suite) -> [];
+%% Test simple_one_for_one children shutdown accordingly to the
+%% supervisor's shutdown strategy.
 simple_one_for_one_shutdown(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     ShutdownTime = 1000,
@@ -909,10 +902,8 @@ simple_one_for_one_shutdown(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
-simple_one_for_one_extra(doc) -> 
-    ["Tests automatic restart of children " 
-     "who's start function return extra info."];
-simple_one_for_one_extra(suite) -> [];
+%% Tests automatic restart of children who's start function return
+%% extra info.
 simple_one_for_one_extra(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child, {supervisor_1, start_child, [extra_info]}, 
@@ -937,9 +928,7 @@ simple_one_for_one_extra(Config) when is_list(Config) ->
     check_exit([SupPid]).
 
 %%-------------------------------------------------------------------------
-simple_one_for_one_escalation(doc) ->
-    ["Test restart escalation on a simple_one_for_one supervisor."];
-simple_one_for_one_escalation(suite) -> [];
+%% Test restart escalation on a simple_one_for_one supervisor.
 simple_one_for_one_escalation(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child, {supervisor_1, start_child, []}, permanent, 1000,
@@ -954,9 +943,7 @@ simple_one_for_one_escalation(Config) when is_list(Config) ->
     check_exit([SupPid, CPid2]).
 
 %%-------------------------------------------------------------------------
-rest_for_one(doc) ->
-    ["Test the rest_for_one base case."];
-rest_for_one(suite) -> [];
+%% Test the rest_for_one base case.
 rest_for_one(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -1004,9 +991,7 @@ rest_for_one(Config) when is_list(Config) ->
     check_exit([SupPid]).
 
 %%-------------------------------------------------------------------------
-rest_for_one_escalation(doc) ->
-    ["Test restart escalation on a rest_for_one supervisor."];
-rest_for_one_escalation(suite) -> [];
+%% Test restart escalation on a rest_for_one supervisor.
 rest_for_one_escalation(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -1023,11 +1008,8 @@ rest_for_one_escalation(Config) when is_list(Config) ->
     check_exit([CPid2, SupPid]).
 
 %%-------------------------------------------------------------------------
-child_unlink(doc)->
-    ["Test that the supervisor does not hang forever if "
-     "the child unliks and then is terminated by the supervisor."];
-child_unlink(suite) ->
-    [];
+%% Test that the supervisor does not hang forever if the child unliks
+%% and then is terminated by the supervisor.
 child_unlink(Config) when is_list(Config) ->
 
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -1052,10 +1034,7 @@ child_unlink(Config) when is_list(Config) ->
 	    test_server:fail(supervisor_hangs)
     end.
 %%-------------------------------------------------------------------------
-tree(doc) ->
-    ["Test a basic supervison tree."];
-tree(suite) ->
-    [];
+%% Test a basic supervison tree.
 tree(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
 
@@ -1131,11 +1110,9 @@ tree(Config) when is_list(Config) ->
 
     [] = supervisor:which_children(NewSup2),
     [0,0,0,0] = get_child_counts(NewSup2).
+
 %%-------------------------------------------------------------------------
-count_children_memory(doc) ->
-    ["Test that count_children does not eat memory."];
-count_children_memory(suite) ->
-    [];
+%% Test that count_children does not eat memory.
 count_children_memory(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child, {supervisor_1, start_child, []}, temporary, 1000,
@@ -1177,12 +1154,12 @@ count_children_memory(Config) when is_list(Config) ->
     case (Size5 =< Size4) of
 	true -> ok;
 	false ->
-	    test_server:fail({count_children, used_more_memory})
+	    test_server:fail({count_children, used_more_memory,Size4,Size5})
     end,
     case Size7 =< Size6 of
 	true -> ok;
 	false ->
-	    test_server:fail({count_children, used_more_memory})
+	    test_server:fail({count_children, used_more_memory,Size6,Size7})
     end,
 
     [terminate(SupPid, Pid, child, kill) || {undefined, Pid, worker, _Modules} <- Children3],
@@ -1193,12 +1170,9 @@ proc_memory() ->
     erlang:memory(processes_used).
 
 %%-------------------------------------------------------------------------
-do_not_save_start_parameters_for_temporary_children(doc) ->
-    ["Temporary children shall not be restarted so they should not "
-     "save start parameters, as it potentially can "
-     "take up a huge amount of memory for no purpose."];
-do_not_save_start_parameters_for_temporary_children(suite) ->
-    [];
+%% Temporary children shall not be restarted so they should not save
+%% start parameters, as it potentially can take up a huge amount of
+%% memory for no purpose.
 do_not_save_start_parameters_for_temporary_children(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     dont_save_start_parameters_for_temporary_children(one_for_all),
@@ -1220,11 +1194,8 @@ child_spec({Name, MFA, RestartType, Shutdown, Type, Modules}, N) ->
     {NewName, MFA, RestartType, Shutdown, Type, Modules}.
 
 %%-------------------------------------------------------------------------
-do_not_save_child_specs_for_temporary_children(doc) ->
-    ["Temporary children shall not be restarted so supervisors should "
-     "not save their spec when they terminate"];
-do_not_save_child_specs_for_temporary_children(suite) ->
-    [];
+%% Temporary children shall not be restarted so supervisors should not
+%% save their spec when they terminate.
 do_not_save_child_specs_for_temporary_children(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     dont_save_child_specs_for_temporary_children(one_for_all, kill),
@@ -1373,13 +1344,18 @@ simple_one_for_one_scale_many_temporary_children(_Config) ->
 	     end || _<- lists:seq(1,10000)],
     {T2,done} = timer:tc(?MODULE,terminate_all_children,[C2]),
     
-    Scaling = T2 div T1,
-    if Scaling > 20 ->
-	    %% The scaling shoul be linear (i.e.10, really), but we
-	    %% give some extra here to avoid failing the test
-	    %% unecessarily.
-	    ?t:fail({bad_scaling,Scaling});
+    if T1 > 0 ->
+	    Scaling = T2 div T1,
+	    if Scaling > 20 ->
+		    %% The scaling shoul be linear (i.e.10, really), but we
+		    %% give some extra here to avoid failing the test
+		    %% unecessarily.
+		    ?t:fail({bad_scaling,Scaling});
+	       true ->
+		    ok
+	    end;
        true ->
+	    %% Means T2 div T1 -> infinity
 	    ok
     end.
     
diff --git a/lib/stdlib/test/tar_SUITE.erl b/lib/stdlib/test/tar_SUITE.erl
index 9ad3936928..5bc34e35af 100644
--- a/lib/stdlib/test/tar_SUITE.erl
+++ b/lib/stdlib/test/tar_SUITE.erl
@@ -533,7 +533,7 @@ symlinks(Config) when is_list(Config) ->
     ?line ok = file:make_dir(Dir),
     ?line ABadSymlink = filename:join(Dir, "bad_symlink"),
     ?line PointsTo = "/a/definitely/non_existing/path",
-    ?line Res = case file:make_symlink("/a/definitely/non_existing/path", ABadSymlink) of
+    ?line Res = case make_symlink("/a/definitely/non_existing/path", ABadSymlink) of
 		    {error, enotsup} ->
 			{skip, "Symbolic links not supported on this platform"};
 		    ok ->
@@ -544,7 +544,30 @@ symlinks(Config) when is_list(Config) ->
     %% Clean up.
     ?line delete_files([Dir]),
     Res.
-    
+
+make_symlink(Path, Link) ->
+    case os:type() of
+	{win32,_} ->
+	    %% Symlinks on Windows have two problems:
+	    %%   1) file:read_link_info/1 cannot read out the target
+	    %%      of the symlink if the target does not exist.
+	    %%      That is possible (but not easy) to fix in the
+	    %%      efile driver.
+	    %%
+	    %%   2) Symlinks to files and directories are different
+	    %%      creatures. If the target is not existing, the
+	    %%      symlink will be created to be of the file-pointing
+	    %%      type. That can be partially worked around in erl_tar
+	    %%      by creating all symlinks when the end of the tar
+	    %%      file has been reached.
+	    %%
+	    %% But for now, pretend that there are no symlinks on
+	    %% Windows.
+	    {error, enotsup};
+	_ ->
+	    file:make_symlink(Path, Link)
+    end.
+	  
 symlinks(Dir, BadSymlink, PointsTo) ->
     ?line Tar = filename:join(Dir, "symlink.tar"),
     ?line DerefTar = filename:join(Dir, "dereference.tar"),
@@ -743,9 +766,9 @@ run_in_short_tempdir(Config, Fun) ->
     %% We need a base directory with a much shorter pathname than
     %% priv_dir. We KNOW that priv_dir is located four levels below
     %% the directory that common_test puts the ct_run.* directories
-    %% in. That fact is not documented, but an usually reliable source
+    %% in. That fact is not documented, but a usually reliable source
     %% assured me that the directory structure is unlikely to change
-    %% in future versions of common_test because of backward
+    %% in future versions of common_test because of backwards
     %% compatibility (tools developed by users of common_test depend
     %% on the current directory layout).
     Base = lists:foldl(fun(_, D) ->
diff --git a/lib/stdlib/vsn.mk b/lib/stdlib/vsn.mk
index 2f0ecd3863..694d39ce9c 100644
--- a/lib/stdlib/vsn.mk
+++ b/lib/stdlib/vsn.mk
@@ -1 +1 @@
-STDLIB_VSN = 1.18
+STDLIB_VSN = 1.18.1
diff --git a/lib/syntax_tools/doc/src/notes.xml b/lib/syntax_tools/doc/src/notes.xml
index 5948f7ada3..b9ac587043 100644
--- a/lib/syntax_tools/doc/src/notes.xml
+++ b/lib/syntax_tools/doc/src/notes.xml
@@ -31,6 +31,38 @@
   <p>This document describes the changes made to the Syntax_Tools
     application.</p>
 
+<section><title>Syntax_Tools 1.6.7.2</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Variables are now now allowed in '<c>fun M:F/A</c>' as
+	    suggested by Richard O'Keefe in EEP-23.</p>
+	    <p>The representation of '<c>fun M:F/A</c>' in the
+	    abstract format has been changed in an incompatible way.
+	    Tools that directly read or manipulate the abstract
+	    format (such as parse transforms) may need to be updated.
+	    The compiler can handle both the new and the old format
+	    (i.e. extracting the abstract format from a pre-R15 BEAM
+	    file and compiling it using compile:forms/1,2 will work).
+	    The <c>syntax_tools</c> application can also handle both
+	    formats.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9643</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Syntax_Tools 1.6.7.1</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/syntax_tools/src/Makefile b/lib/syntax_tools/src/Makefile
index 50369e633e..bac138e95a 100644
--- a/lib/syntax_tools/src/Makefile
+++ b/lib/syntax_tools/src/Makefile
@@ -26,7 +26,7 @@ EBIN = ../ebin
 ifeq ($(NATIVE_LIBS_ENABLED),yes)
 ERL_COMPILE_FLAGS += +native
 endif
-ERL_COMPILE_FLAGS += +warn_unused_vars +nowarn_shadow_vars +warn_unused_import +warn_missing_spec +warn_untyped_record
+ERL_COMPILE_FLAGS += +warn_unused_vars +nowarn_shadow_vars +warn_unused_import # +warn_missing_spec +warn_untyped_record
 
 SOURCES=erl_syntax.erl erl_prettypr.erl erl_syntax_lib.erl	\
 	erl_comment_scan.erl erl_recomment.erl erl_tidy.erl	\
diff --git a/lib/syntax_tools/src/erl_syntax.erl b/lib/syntax_tools/src/erl_syntax.erl
index 7f58fda519..32fd3722d6 100644
--- a/lib/syntax_tools/src/erl_syntax.erl
+++ b/lib/syntax_tools/src/erl_syntax.erl
@@ -6100,8 +6100,9 @@ implicit_fun_name(Node) ->
 			     arity_qualifier(
 			       set_pos(atom(Atom), Pos),
 			       set_pos(integer(Arity), Pos)));
-	{'fun', Pos, {function, Module, Atom, Arity}} ->
+	{'fun', _Pos, {function, Module, Atom, Arity}} ->
 	    %% New in R15: fun M:F/A.
+	    %% XXX: Perhaps set position for this as well?
 	    module_qualifier(Module, arity_qualifier(Atom, Arity));
 	Node1 ->
 	    data(Node1)
diff --git a/lib/syntax_tools/vsn.mk b/lib/syntax_tools/vsn.mk
index cc7ea944f9..962492befd 100644
--- a/lib/syntax_tools/vsn.mk
+++ b/lib/syntax_tools/vsn.mk
@@ -1 +1 @@
-SYNTAX_TOOLS_VSN = 1.6.7.1
+SYNTAX_TOOLS_VSN = 1.6.7.2
diff --git a/lib/test_server/doc/src/Makefile b/lib/test_server/doc/src/Makefile
index f0be284324..b32f3d3c59 100644
--- a/lib/test_server/doc/src/Makefile
+++ b/lib/test_server/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2002-2010. All Rights Reserved.
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/test_server/doc/src/notes.xml b/lib/test_server/doc/src/notes.xml
index beeff55ffe..d90ad2c4ed 100644
--- a/lib/test_server/doc/src/notes.xml
+++ b/lib/test_server/doc/src/notes.xml
@@ -32,6 +32,49 @@
     <file>notes.xml</file>
   </header>
 
+<section><title>Test_Server 3.5</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    The test case group info function has been implemented in
+	    Common Test. Before execution of a test case group, a
+	    call is now made to <c>TestSuite:group(GroupName)</c>.
+	    The function returns a list of test properties, e.g. to
+	    specify timetrap values, require configuration data, etc
+	    (analogue to the test suite- and test case info
+	    function). The scope of the properties set by
+	    <c>group(GroupName)</c> is all test cases and sub-groups
+	    of group <c>GroupName</c>.</p>
+          <p>
+	    Own Id: OTP-9235</p>
+        </item>
+        <item>
+          <p>
+	    The look of the HTML log files generated by Common Test
+	    and Test Server has been improved (and made easier to
+	    customize) by means of a CSS file.</p>
+          <p>
+	    Own Id: OTP-9706</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Known Bugs and Problems</title>
+      <list>
+        <item>
+          <p>
+	    Fix problems in CT/TS due to line numbers in exceptions.</p>
+          <p>
+	    Own Id: OTP-9203</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Test_Server 3.4.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/test_server/doc/src/test_server.xml b/lib/test_server/doc/src/test_server.xml
index 78bb922cc5..5bfa42c36f 100644
--- a/lib/test_server/doc/src/test_server.xml
+++ b/lib/test_server/doc/src/test_server.xml
@@ -203,7 +203,7 @@
     <func>
       <name>format(Format) -> ok</name>
       <name>format(Format, Args)</name>
-      <name>format(Pri,Format)</name>
+      <name>format(Pri, Format)</name>
       <name>format(Pri, Format, Args)</name>
       <fsummary></fsummary>
       <type>
diff --git a/lib/test_server/src/config.guess b/lib/test_server/src/config.guess
index 6f1eeddfcc..38a833903b 120000..100755
--- a/lib/test_server/src/config.guess
+++ b/lib/test_server/src/config.guess
@@ -1 +1,1519 @@
-../../../erts/autoconf/config.guess
\ No newline at end of file
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-05-17'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner <[email protected]>.
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit build system type.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# ([email protected] 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep __ELF__ >/dev/null
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# [email protected] (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:SunOS:5.*:* | ix86xen:SunOS:5.*:*)
+	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[45])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep __LP64__ >/dev/null
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:[3456]*)
+    	case ${UNAME_MACHINE} in
+	    x86) 
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    EM64T | authenticamd)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    arm*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-gnu
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-gnu
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-gnu
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    mips:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips
+	#undef mipsel
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mipsel
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips64
+	#undef mips64el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mips64el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips64
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-gnu
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-gnu
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-gnu
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
+	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
+	  *)    echo hppa-unknown-linux-gnu ;;
+	esac
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-gnu
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    tile:Linux:*:*)
+	echo tile-unknown-linux-gnu
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-gnu
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-gnu
+	exit ;;
+    xtensa:Linux:*:*)
+    	echo xtensa-unknown-linux-gnu
+	exit ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	# Set LC_ALL=C to ensure ld outputs messages in English.
+	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+		;;
+	  a.out-i386-linux)
+		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+		exit ;;
+	  coff-i386)
+		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+		exit ;;
+	  "")
+		# Either a pre-BFD a.out linker (linux-gnuoldld) or
+		# one that does not give us useful --help.
+		echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+		exit ;;
+	esac
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <features.h>
+	#ifdef __ELF__
+	# ifdef __GLIBC__
+	#  if __GLIBC__ >= 2
+	LIBC=gnu
+	#  else
+	LIBC=gnulibc1
+	#  endif
+	# else
+	LIBC=gnulibc1
+	# endif
+	#else
+	#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+	LIBC=gnu
+	#else
+	LIBC=gnuaout
+	#endif
+	#endif
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^LIBC/{
+		s: ::g
+		p
+	    }'`"
+	test x"${LIBC}" != x && {
+		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+		exit
+	}
+	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i386.
+	echo i386-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <[email protected]>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <[email protected]>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From [email protected].
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From [email protected].
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From [email protected].
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <[email protected]> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/test_server/src/config.sub b/lib/test_server/src/config.sub
index 47a0f10138..f43233b104 120000..100755
--- a/lib/test_server/src/config.sub
+++ b/lib/test_server/src/config.sub
@@ -1 +1,1630 @@
-../../../erts/autoconf/config.sub
\ No newline at end of file
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-04-29'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray)
+		os=
+		basic_machine=$1
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx \
+	| fido | fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64vr | mips64vrel \
+	| mips64orion | mips64orionel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| mt \
+	| msp430 \
+	| nios | nios2 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+	| tron-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa-* \
+	| ymp-* \
+	| z8k-*)
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16c)
+		basic_machine=cr16c-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	tile*)
+		basic_machine=tile-tilera
+		os=-linux-gnu
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+        mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/test_server/src/erl2html2.erl b/lib/test_server/src/erl2html2.erl
index e2fd951d9e..6891e87e48 100644
--- a/lib/test_server/src/erl2html2.erl
+++ b/lib/test_server/src/erl2html2.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/test_server/src/install-sh b/lib/test_server/src/install-sh
index a859cade7f..a5897de6ea 120000..100755
--- a/lib/test_server/src/install-sh
+++ b/lib/test_server/src/install-sh
@@ -1 +1,519 @@
-../../../erts/autoconf/install-sh
\ No newline at end of file
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2006-12-25.00
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dst_arg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writeable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	-*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test -z "$d" && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/lib/test_server/src/test_server.app.src b/lib/test_server/src/test_server.app.src
index 7e87583a7b..faf7db835e 100644
--- a/lib/test_server/src/test_server.app.src
+++ b/lib/test_server/src/test_server.app.src
@@ -1,7 +1,7 @@
 % This is an -*- erlang -*- file.
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/test_server/src/test_server.erl b/lib/test_server/src/test_server.erl
index 743e6c1d29..51754cb3b4 100644
--- a/lib/test_server/src/test_server.erl
+++ b/lib/test_server/src/test_server.erl
@@ -36,7 +36,8 @@
 -export([capture_start/0,capture_stop/0,capture_get/0]).
 -export([messages_get/0]).
 -export([hours/1,minutes/1,seconds/1,sleep/1,adjusted_sleep/1,timecall/3]).
--export([timetrap_scale_factor/0,timetrap/1,timetrap_cancel/1,timetrap_cancel/0]).
+-export([timetrap_scale_factor/0,timetrap/1,get_timetrap_info/0,
+	 timetrap_cancel/1,timetrap_cancel/0]).
 -export([m_out_of_n/3,do_times/4,do_times/2]).
 -export([call_crash/3,call_crash/4,call_crash/5]).
 -export([temp_name/1]).
@@ -611,7 +612,7 @@ do_run_test_case_apply(Mod, Func, Args, Name, RunInit, TimetrapData) ->
     print(minor, "Test case started with:\n~s:~s(~p)\n", [Mod,Func,Args2Print]),
     print(minor, "Current directory is ~p\n", [Cwd]),
     print_timestamp(minor,"Started at "),
-    print(minor, "", []),
+    print(minor, "", [], internal_raw),
     TCCallback = get(test_server_testcase_callback),
     LogOpts = get(test_server_logopts),
     Ref = make_ref(),
@@ -1007,8 +1008,11 @@ spawn_fw_call(Mod,{end_per_testcase,Func},EndConf,Pid,
 		end,
 		%% if end_per_testcase fails a warning should be
 		%% printed as comment
-		Comment1 = if Comment == "" -> "";
-			      true -> Comment ++ "<br>"
+		Comment1 = if Comment == "" -> 
+				   "";
+			      true -> 
+				   Comment ++ test_server_ctrl:xhtml("<br>",
+								     "<br />")
 			   end,
 		%% finished, report back
 		SendTo ! {self(),fw_notify_done,
@@ -1136,7 +1140,7 @@ run_test_case_eval(Mod, Func, Args0, Name, Ref, RunInit,
 	    {auto_skip,Reason} ->
 		Where = {Mod,Func},
 		NewResult = do_end_tc_call(Mod,Func, Where, {{skip,Reason},Args0},
-					   {skip,{fw_auto_skip,Reason}}),
+					   {skip,Reason}),
 		{{0,NewResult},Where,[]}
 	end,
     exit({Ref,Time,Value,Loc,Opts}).
@@ -1254,11 +1258,15 @@ run_test_case_eval1(Mod, Func, Args, Name, RunInit, TCCallback) ->
     end.
 
 do_end_tc_call(M,F, Loc, Res, Return) ->
+    IsSuite = case lists:reverse(atom_to_list(M)) of
+		  [$E,$T,$I,$U,$S,$_|_]  -> true;
+		  _ -> false
+	      end,
     FwMod = os:getenv("TEST_SERVER_FRAMEWORK"),
     {Mod,Func} =
 	if FwMod == M ; FwMod == "undefined"; FwMod == false ->
 		{M,F};
-	   is_list(Loc) and (length(Loc)>1) ->
+	   (not IsSuite) and is_list(Loc) and (length(Loc)>1) ->
 		%% If failure in other module (M) than suite, try locate
 		%% suite name in Loc list and call end_tc with Suite:TestCase
 		%% instead of M:F.
@@ -1473,7 +1481,8 @@ do_end_per_testcase(Mod,EndFunc,Func,Conf) ->
 	throw:Other ->
 	    Comment0 = case read_comment() of
 			   ""  -> "";
-			   Cmt -> Cmt ++ "<br>"
+			   Cmt -> Cmt ++ test_server_ctrl:xhtml("<br>",
+								"<br />")
 		       end,
 	    set_loc(erlang:get_stacktrace()),
 	    comment(io_lib:format("~s<font color=\"red\">"
@@ -1496,7 +1505,8 @@ do_end_per_testcase(Mod,EndFunc,Func,Conf) ->
 		  end,
 	    Comment0 = case read_comment() of
 			   ""  -> "";
-			   Cmt -> Cmt ++ "<br>"
+			   Cmt -> Cmt ++ test_server_ctrl:xhtml("<br>",
+								"<br />")
 		       end,
 	    comment(io_lib:format("~s<font color=\"red\">"
 				  "WARNING: ~w crashed!"
@@ -1519,7 +1529,10 @@ get_loc(Pid) ->
 	process_info(Pid, [current_stacktrace,dictionary]),
     lists:foreach(fun({Key,Val}) -> put(Key, Val) end, Dict),
     Stk = [rewrite_loc_item(Loc) || Loc <- Stk0],
-    put(test_server_loc, Stk),
+    case get(test_server_loc) of
+	undefined -> put(test_server_loc, Stk);
+	_ -> ok
+    end,
     get_loc().
 
 %% find the latest known Suite:Testcase
@@ -1572,7 +1585,7 @@ fw_error_notify(Mod, Func, Args, Error, Loc) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% print(Detail,Format,Args) -> ok
+%% print(Detail,Format,Args,Printer) -> ok
 %% Detail = integer()
 %% Format = string()
 %% Args = [term()]
@@ -1583,6 +1596,9 @@ fw_error_notify(Mod, Func, Args, Error, Loc) ->
 print(Detail,Format,Args) ->
     local_or_remote_apply({test_server_ctrl,print,[Detail,Format,Args]}).
 
+print(Detail,Format,Args,Printer) ->
+    local_or_remote_apply({test_server_ctrl,print,[Detail,Format,Args,Printer]}).
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% print_timsteamp(Detail,Leader) -> ok
 %%
@@ -1848,7 +1864,9 @@ fail() ->
 break(Comment) ->
     case erase(test_server_timetraps) of
 	undefined -> ok;
-	List -> lists:foreach(fun({Ref,_}) -> timetrap_cancel(Ref) end, List)
+	List -> lists:foreach(fun({Ref,_,_}) -> 
+				      timetrap_cancel(Ref)
+			      end, List)
     end,
     io:format(user,
 	      "\n\n\n--- SEMIAUTOMATIC TESTING ---"
@@ -1937,8 +1955,8 @@ timetrap1(Timeout, Scale) ->
     TCPid = self(),
     Ref = spawn_link(test_server_sup,timetrap,[Timeout,Scale,TCPid]),
     case get(test_server_timetraps) of
-	undefined -> put(test_server_timetraps,[{Ref,TCPid}]);
-	List -> put(test_server_timetraps,[{Ref,TCPid}|List])
+	undefined -> put(test_server_timetraps,[{Ref,TCPid,{Timeout,Scale}}]);
+	List -> put(test_server_timetraps,[{Ref,TCPid,{Timeout,Scale}}|List])
     end,
     Ref.
 
@@ -2049,7 +2067,7 @@ timetrap_cancel(infinity) ->
 timetrap_cancel(Handle) ->
     case get(test_server_timetraps) of
 	undefined -> ok;
-	[{Handle,_}] -> erase(test_server_timetraps);
+	[{Handle,_,_}] -> erase(test_server_timetraps);
 	Timers -> put(test_server_timetraps,
 		      lists:keydelete(Handle, 1, Timers))
     end,
@@ -2065,13 +2083,30 @@ timetrap_cancel() ->
 	    ok;
 	Timers ->
 	    case lists:keysearch(self(), 2, Timers) of
-		{value,{Handle,_}} ->
+		{value,{Handle,_,_}} ->
 		    timetrap_cancel(Handle);
 		_ ->
 		    ok
 	    end
     end.
 
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% get_timetrap_info() -> {Timeout,Scale} | undefined
+%%
+%% Read timetrap info for current test case
+get_timetrap_info() ->
+    case get(test_server_timetraps) of
+	undefined ->
+	    undefined;
+	Timers ->
+	    case lists:keysearch(self(), 2, Timers) of
+		{value,{_,_,Info}} ->
+		    Info;
+		_ ->
+		    undefined
+	    end
+    end.
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% hours(N) -> Milliseconds
 %% minutes(N) -> Milliseconds
diff --git a/lib/test_server/src/test_server_ctrl.erl b/lib/test_server/src/test_server_ctrl.erl
index 9fd0adbfc8..3432b3bc8e 100644
--- a/lib/test_server/src/test_server_ctrl.erl
+++ b/lib/test_server/src/test_server_ctrl.erl
@@ -171,7 +171,7 @@
 -export([kill_slavenodes/0]).
 
 %%% TEST_SERVER INTERFACE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
--export([output/2, print/2, print/3, print_timestamp/2]).
+-export([output/2, print/2, print/3, print/4, print_timestamp/2]).
 -export([start_node/3, stop_node/1, wait_for_node/1, is_release_available/1]).
 -export([format/1, format/2, format/3, to_string/1]).
 -export([get_target_info/0]).
@@ -187,6 +187,7 @@
 -export([handle_call/3, handle_cast/2, handle_info/2]).
 -export([do_test_cases/4]).
 -export([do_spec/2, do_spec_list/2]).
+-export([xhtml/2]).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -1825,18 +1826,27 @@ start_log_file() ->
 	    exit({cant_create_log_dir,{MkDirError,Dir}})
     end,
     TestDir = timestamp_filename_get(filename:join(Dir, "run.")),
-    case file:make_dir(TestDir) of
-	ok ->
-	    ok;
-	MkDirError2 ->
-	    exit({cant_create_log_dir,{MkDirError2,TestDir}})
-    end,
-
-    ok = file:write_file(filename:join(Dir, ?last_file), TestDir ++ "\n"),
-    ok = file:write_file(?last_file, TestDir ++ "\n"),
-
-    put(test_server_log_dir_base,TestDir),
-    MajorName = filename:join(TestDir, ?suitelog_name),
+    TestDir1 =
+	case file:make_dir(TestDir) of
+	    ok ->
+		TestDir;
+	    {error,eexist} ->
+		timer:sleep(1000),
+		%% we need min 1 second between timestamps unfortunately
+		TestDirX = timestamp_filename_get(filename:join(Dir, "run.")),
+		case file:make_dir(TestDirX) of
+		    ok ->
+			TestDirX;
+		    MkDirError2 ->
+			exit({cant_create_log_dir,{MkDirError2,TestDirX}})
+		end;
+	    MkDirError2 ->
+		exit({cant_create_log_dir,{MkDirError2,TestDir}})
+	end,
+    ok = file:write_file(filename:join(Dir, ?last_file), TestDir1 ++ "\n"),
+    ok = file:write_file(?last_file, TestDir1 ++ "\n"),
+    put(test_server_log_dir_base,TestDir1),
+    MajorName = filename:join(TestDir1, ?suitelog_name),
     HtmlName = MajorName ++ ?html_ext,
     {ok,Major} = file:open(MajorName, [write]),
     {ok,Html}  = file:open(HtmlName,  [write]),
@@ -1849,14 +1859,14 @@ start_log_file() ->
     make_html_link(LinkName ++ ?html_ext, HtmlName,
 		   filename:basename(Dir)),
 
-    PrivDir = filename:join(TestDir, ?priv_dir),
+    PrivDir = filename:join(TestDir1, ?priv_dir),
     ok = file:make_dir(PrivDir),
     put(test_server_priv_dir,PrivDir++"/"),
     print_timestamp(13,"Suite started at "),
 
-    LogInfo = [{topdir,Dir},{rundir,lists:flatten(TestDir)}],
+    LogInfo = [{topdir,Dir},{rundir,lists:flatten(TestDir1)}],
     test_server_sup:framework_call(report, [loginfo,LogInfo]),
-    {ok,TestDir}.
+    {ok,TestDir1}.
 
 make_html_link(LinkName, Target, Explanation) ->
     %% if possible use a relative reference to Target.
@@ -2724,23 +2734,32 @@ run_test_cases_loop([{conf,Ref,Props,{Mod,Func}}|_Cases]=Cs0,
 				      "(configuration case ~w)", [What]);
 			   (_) -> ok
 			end,
-
     CfgProps = if StartConf ->
 		       if Shuffle == undefined ->
 			       [{tc_group_properties,Props}];
 			  true ->
-			       [{tc_group_properties,[Shuffle|delete_shuffle(Props)]}]
+			       [{tc_group_properties,
+				 [Shuffle|delete_shuffle(Props)]}]
 		       end;
 		  not StartConf ->
 		       {TcOk,TcSkip,TcFail} = get_tc_results(Status1),
 		       [{tc_group_properties,get_props(Mode0)},
-			{tc_group_result,[{ok,TcOk},{skipped,TcSkip},{failed,TcFail}]}]
+			{tc_group_result,[{ok,TcOk},
+					  {skipped,TcSkip},
+					  {failed,TcFail}]}]
 	       end,
-    ActualCfg =
-	update_config(hd(Config), [{priv_dir,get(test_server_priv_dir)},
-				   {data_dir,get_data_dir(Mod)}] ++ CfgProps),
+    TSDirs = [{priv_dir,get(test_server_priv_dir)},{data_dir,get_data_dir(Mod)}],
+    ActualCfg = 
+	if not StartConf ->
+		update_config(hd(Config), TSDirs ++ CfgProps);
+	   true ->
+		GroupPath = lists:flatmap(fun({_Ref,[],_T}) -> [];
+					     ({_Ref,GrProps,_T}) -> [GrProps]
+					  end, Mode0),
+		update_config(hd(Config), 
+			      TSDirs ++ [{tc_group_path,GroupPath} | CfgProps])
+	end,	   
     CurrMode = curr_mode(Ref, Mode0, Mode),
-
     ConfCaseResult = run_test_case(Ref, 0, Mod, Func, [ActualCfg], skip_init, target,
 				   TimetrapData, CurrMode),
 
@@ -3624,12 +3643,15 @@ run_test_case1(Ref, Num, Mod, Func, Args, RunInit, Where,
 	host ->
 	    ok
     end,
-    test_server_sup:framework_call(report, [tc_start,{?pl2a(Mod),Func}]),
     print(major, "=case          ~p:~p", [Mod, Func]),
     MinorName = start_minor_log_file(Mod, Func),
-    print(minor, "<a name=\"top\"></a>", []),
+    print(minor, "<a name=\"top\"></a>", [], internal_raw),
     MinorBase = filename:basename(MinorName),
     print(major, "=logfile       ~s", [filename:basename(MinorName)]),
+
+    Args1 = [[{tc_logfile,MinorName} | proplists:delete(tc_logfile,hd(Args))]],
+    test_server_sup:framework_call(report, [tc_start,{{?pl2a(Mod),Func},MinorName}]),
+
     print_props((RunInit==skip_init), get_props(Mode)),
     print(major, "=started       ~s", [lists:flatten(timestamp_get(""))]),
     {{Col0,Col1},Style} = get_font_style((RunInit==run_init), Mode),
@@ -3643,7 +3665,7 @@ run_test_case1(Ref, Num, Mod, Func, Args, RunInit, Where,
     do_if_parallel(Main, ok, fun erlang:yield/0),
     %% run the test case
     {Result,DetectedFail,ProcsBefore,ProcsAfter} =
-	run_test_case_apply(Num, Mod, Func, Args, get_name(Mode),
+	run_test_case_apply(Num, Mod, Func, Args1, get_name(Mode),
 			    RunInit, Where, TimetrapData),
     {Time,RetVal,Loc,Opts,Comment} =
 	case Result of
@@ -3651,7 +3673,8 @@ run_test_case1(Ref, Num, Mod, Func, Args, RunInit, Where,
 	    {died,DReason,DLoc,DCmt} -> {died,DReason,DLoc,[],DCmt}
 	end,
 
-    print(minor, "<a name=\"end\"></a>", []),
+    print(minor, "<a name=\"end\"></a>", [], internal_raw),
+    print(minor, "\n", [], internal_raw),
     print_timestamp(minor, "Ended at "),
     print(major, "=ended         ~s", [lists:flatten(timestamp_get(""))]),
 
diff --git a/lib/test_server/src/ts_erl_config.erl b/lib/test_server/src/ts_erl_config.erl
index 3b41f90d55..5585e8ccd3 100644
--- a/lib/test_server/src/ts_erl_config.erl
+++ b/lib/test_server/src/ts_erl_config.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/test_server/test/test_server_SUITE_data/Makefile.src b/lib/test_server/test/test_server_SUITE_data/Makefile.src
index d5af919eec..332b855df6 100644
--- a/lib/test_server/test/test_server_SUITE_data/Makefile.src
+++ b/lib/test_server/test/test_server_SUITE_data/Makefile.src
@@ -1,2 +1,7 @@
 all:
-	erlc *.erl
\ No newline at end of file
+	erlc test_server_SUITE.erl
+	erlc test_server_parallel01_SUITE.erl
+	erlc test_server_conf01_SUITE.erl
+	erlc test_server_shuffle01_SUITE.erl
+	erlc test_server_conf02_SUITE.erl
+	erlc test_server_skip_SUITE.erl
\ No newline at end of file
diff --git a/lib/test_server/vsn.mk b/lib/test_server/vsn.mk
index 563c1b6db6..88e3856cf4 100644
--- a/lib/test_server/vsn.mk
+++ b/lib/test_server/vsn.mk
@@ -1,2 +1 @@
-TEST_SERVER_VSN = 3.4.5
-
+TEST_SERVER_VSN = 3.5
diff --git a/lib/toolbar/doc/src/notes.xml b/lib/toolbar/doc/src/notes.xml
index ffca2c5fbf..ac6ad533fc 100644
--- a/lib/toolbar/doc/src/notes.xml
+++ b/lib/toolbar/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2004</year><year>2009</year>
+      <year>2004</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -31,6 +31,21 @@
   <p>This document describes the changes made to the Toolbar
     application.</p>
 
+<section><title>Toolbar 1.4.2.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Toolbar 1.4.2</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/toolbar/doc/src/toolbar.xml b/lib/toolbar/doc/src/toolbar.xml
index ad379438fe..3ad0b4eb78 100644
--- a/lib/toolbar/doc/src/toolbar.xml
+++ b/lib/toolbar/doc/src/toolbar.xml
@@ -33,6 +33,11 @@
   <module>toolbar</module>
   <modulesummary>GUI for Starting Tools and User Contributions</modulesummary>
   <description>
+    <warning>
+      <p>
+	The Toolbar application is deprecated and will be removed in R16.
+      </p>
+    </warning>
     <p>Toolbar makes it easier to use
       the different Erlang tools - and the user contributions - which are provided.
       It has a graphical user interface with an icon for each tool.
diff --git a/lib/toolbar/doc/src/toolbar_chapter.xml b/lib/toolbar/doc/src/toolbar_chapter.xml
index a80dc5bd3e..4ea2101218 100644
--- a/lib/toolbar/doc/src/toolbar_chapter.xml
+++ b/lib/toolbar/doc/src/toolbar_chapter.xml
@@ -28,6 +28,11 @@
     <rev>A</rev>
     <file>toolbar_chapter.xml</file>
   </header>
+    <warning>
+      <p>
+	The Toolbar application is deprecated and will be removed in R16.
+      </p>
+    </warning>
   <p>Toolbar provides an interface to the various Erlang tools which are available. Toolbar can also provide access to user supplied tools which are included with the Erlang software release. These tools are called GS Contributions.</p>
   <p>All tools included in Toolbar must have a configuration file which contains information about the tool, such as its start function and the location of help information. The name of a configuration file must include the suffix <c>.tool</c>.
     </p>
diff --git a/lib/toolbar/src/canvasbutton.erl b/lib/toolbar/src/canvasbutton.erl
index 38fce537bb..7613253efe 100644
--- a/lib/toolbar/src/canvasbutton.erl
+++ b/lib/toolbar/src/canvasbutton.erl
@@ -17,6 +17,9 @@
 %% %CopyrightEnd%
 %%
 -module(canvasbutton).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,read,2}}]).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %
diff --git a/lib/toolbar/src/toolbar.erl b/lib/toolbar/src/toolbar.erl
index 67967172fe..b78df15700 100644
--- a/lib/toolbar/src/toolbar.erl
+++ b/lib/toolbar/src/toolbar.erl
@@ -17,6 +17,7 @@
 %% %CopyrightEnd%
 %%
 -module(toolbar).
+-compile([{nowarn_deprecated_function,{gs,start,1}}]).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %
diff --git a/lib/toolbar/src/toolbar_graphics.erl b/lib/toolbar/src/toolbar_graphics.erl
index ad390440e3..b442d7ff06 100644
--- a/lib/toolbar/src/toolbar_graphics.erl
+++ b/lib/toolbar/src/toolbar_graphics.erl
@@ -17,6 +17,9 @@
 %% %CopyrightEnd%
 %%
 -module(toolbar_graphics).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,read,2}}]).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %
diff --git a/lib/toolbar/src/toolbar_toolconfig.erl b/lib/toolbar/src/toolbar_toolconfig.erl
index 6dccb7ba72..6fb56cb1bd 100644
--- a/lib/toolbar/src/toolbar_toolconfig.erl
+++ b/lib/toolbar/src/toolbar_toolconfig.erl
@@ -17,6 +17,11 @@
 %% %CopyrightEnd%
 %%
 -module(toolbar_toolconfig).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %
diff --git a/lib/toolbar/vsn.mk b/lib/toolbar/vsn.mk
index 105303d785..b2b0764877 100644
--- a/lib/toolbar/vsn.mk
+++ b/lib/toolbar/vsn.mk
@@ -1,4 +1,4 @@
-TOOLBAR_VSN = 1.4.2
+TOOLBAR_VSN = 1.4.2.1
 
 
 
diff --git a/lib/tools/c_src/Makefile.in b/lib/tools/c_src/Makefile.in
index 6921193154..b8c4aed6e2 100644
--- a/lib/tools/c_src/Makefile.in
+++ b/lib/tools/c_src/Makefile.in
@@ -1,26 +1,27 @@
-# ``The contents of this file are subject to the Erlang Public License,
+#
+# %CopyrightBegin%
+#
+# Copyright Ericsson AB 2009-2012. All Rights Reserved.
+#
+# The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
 # compliance with the License. You should have received a copy of the
 # Erlang Public License along with this software. If not, it can be
-# retrieved via the world wide web at http://www.erlang.org/.
-# 
+# retrieved online at http://www.erlang.org/.
+#
 # Software distributed under the License is distributed on an "AS IS"
 # basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 # the License for the specific language governing rights and limitations
 # under the License.
-# 
-# The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-# Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
-# AB. All Rights Reserved.''
-# 
-#     $Id$
+#
+# %CopyrightEnd%
 #
 
 include $(ERL_TOP)/make/target.mk
 include $(ERL_TOP)/erts/include/internal/$(TARGET)/ethread.mk
 
 USING_MINGW=@MIXED_CYGWIN_MINGW@
-USING_VC=@MIXED_CYGWIN_VC@
+USING_VC=@MIXED_VC@
 
 CC=@CC@
 LD=@LD@
@@ -138,15 +139,17 @@ EMEM_LIBS =	$(LIBS) \
 
 EMEM_OBJS = $(addprefix $(EMEM_OBJ_DIR)/,$(notdir $(EMEM_SRCS:.c=.o)))
 
+ERTS_LIB = $(ERL_TOP/erts/lib_src/obj/$(TARGET)/$(TYPE)/MADE
+
 #
 # Misc targets
 #
 
 _create_dirs := $(shell mkdir -p $(CREATE_DIRS))
 
-all: erts_lib $(PROGS) $(DRIVERS)
+all: $(PROGS) $(DRIVERS)
 
-erts_lib:
+$(ERTS_LIB):
 	cd $(ERL_TOP)/erts/lib_src && $(MAKE) $(TYPE)
 
 
@@ -174,7 +177,7 @@ $(EMEM_OBJ_DIR)/%.o: %.c
 # Program targets
 #
 
-$(BIN_DIR)/emem$(TYPEMARKER)@EXEEXT@: $(EMEM_OBJS)
+$(BIN_DIR)/emem$(TYPEMARKER)@EXEEXT@: $(EMEM_OBJS) $(ERTS_LIB)
 	$(PRE_LD) $(LD) $(EMEM_LDFLAGS) -o $@ $(EMEM_OBJS) $(EMEM_LIBS)
 
 #
diff --git a/lib/tools/c_src/erl_memory.c b/lib/tools/c_src/erl_memory.c
index 872d55e789..5239176d03 100644
--- a/lib/tools/c_src/erl_memory.c
+++ b/lib/tools/c_src/erl_memory.c
@@ -1224,7 +1224,7 @@ print_main_footer(em_state *state)
 
     switch (state->info.stop_reason) {
     case EMTP_STOP:
-	p += sprintf(p, stop_str);
+	p += sprintf(p, "%s", stop_str);
 	break;
     case EMTP_EXIT:
 	p += sprintf(p, exit_str, state->info.exit_status);
@@ -2339,7 +2339,7 @@ usage(char *sw, char *error)
     if (error)
 	exit(1);
     else {
-	char *help_str =
+	fprintf(filep, 
 	    "\n"
 	    "  []        - switch is allowed any number of times\n"
 	    "  {}        - switch is allowed at most one time\n"
@@ -2370,8 +2370,7 @@ usage(char *sw, char *error)
 	    "  " SW_CHAR "o        - display operation count values\n"
 	    "  " SW_CHAR "p <P>    - set listen port to <P>\n"
 	    "  " SW_CHAR "t        - display info about total values\n"
-	    "  " SW_CHAR "v        - verbose output\n";
-	fprintf(filep, help_str);
+	    "  " SW_CHAR "v        - verbose output\n");
 	exit(0);
     }
 
diff --git a/lib/tools/doc/src/eprof.xml b/lib/tools/doc/src/eprof.xml
index 1dbc41ec8e..8b614d8860 100644
--- a/lib/tools/doc/src/eprof.xml
+++ b/lib/tools/doc/src/eprof.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1996</year><year>2010</year>
+      <year>1996</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/tools/doc/src/notes.xml b/lib/tools/doc/src/notes.xml
index 17506fb6e2..e24e1c5977 100644
--- a/lib/tools/doc/src/notes.xml
+++ b/lib/tools/doc/src/notes.xml
@@ -30,6 +30,85 @@
   </header>
   <p>This document describes the changes made to the Tools application.</p>
 
+<section><title>Tools 2.6.6.6</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+	    <p>Update system profiling principles to reflect eprof
+	    performance improvements.</p>
+          <p>
+	    Own Id: OTP-9656</p>
+        </item>
+        <item>
+          <p>
+	    [cover] fix leftover {'DOWN', ..} msg in callers queue</p>
+          <p>
+	    After stopping cover with cover:stop() there could still
+	    be a {'DOWN',...} leftover message in the calling
+	    process's message queue. This unexpected leftover could
+	    be eliminated if erlang:demonitor/2 with option flush
+	    would be used in certain points</p>
+          <p>
+	    Own Id: OTP-9694</p>
+        </item>
+        <item>
+          <p>
+	    Add deps as erlang-flymake include directory.</p>
+          <p>
+	    Update erlang-flymake to recognize the "deps" folder as
+	    an include directory. This makes erlang-flymake
+	    compatible with the rebar dependency management tool's
+	    default folder structure, which puts included
+	    dependencies in "deps".(Thanks to Kevin Albrecht)</p>
+          <p>
+	    Own Id: OTP-9791</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Variables are now now allowed in '<c>fun M:F/A</c>' as
+	    suggested by Richard O'Keefe in EEP-23.</p>
+	    <p>The representation of '<c>fun M:F/A</c>' in the
+	    abstract format has been changed in an incompatible way.
+	    Tools that directly read or manipulate the abstract
+	    format (such as parse transforms) may need to be updated.
+	    The compiler can handle both the new and the old format
+	    (i.e. extracting the abstract format from a pre-R15 BEAM
+	    file and compiling it using compile:forms/1,2 will work).
+	    The <c>syntax_tools</c> application can also handle both
+	    formats.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9643</p>
+        </item>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Tools 2.6.6.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/tools/emacs/erlang-flymake.el b/lib/tools/emacs/erlang-flymake.el
index bc368e9454..2e447b55de 100644
--- a/lib/tools/emacs/erlang-flymake.el
+++ b/lib/tools/emacs/erlang-flymake.el
@@ -60,7 +60,8 @@ check on newline and when there are no changes)."
   (list (concat (erlang-flymake-get-app-dir) "ebin")))
 
 (defun erlang-flymake-get-include-dirs ()
-  (list (concat (erlang-flymake-get-app-dir) "include")))
+  (list (concat (erlang-flymake-get-app-dir) "include")
+        (concat (erlang-flymake-get-app-dir) "deps")))
 
 (defun erlang-flymake-get-app-dir ()
   (let ((src-path (file-name-directory (buffer-file-name))))
diff --git a/lib/tools/src/fprof.erl b/lib/tools/src/fprof.erl
index 155965a65a..8165a6c13a 100644
--- a/lib/tools/src/fprof.erl
+++ b/lib/tools/src/fprof.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2001-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -87,8 +87,10 @@ dbg(_, _, _) ->
 
 
 
-apply({M, F} = Function, Args) 
+apply({M, F}, Args) 
   when is_atom(M), is_atom(F), is_list(Args) ->
+    Arity = length(Args),
+    Function = fun M:F/Arity,
     apply_1(Function, Args, []);
 apply(Fun, Args) 
   when is_function(Fun), is_list(Args) ->
@@ -98,8 +100,10 @@ apply(A, B) ->
 
 apply(M, F, Args) when is_atom(M), is_atom(F), is_list(Args) ->
     apply_1({M, F}, Args, []);
-apply({M, F} = Function, Args, Options) 
+apply({M, F}, Args, Options) 
   when is_atom(M), is_atom(F), is_list(Args), is_list(Options) ->
+    Arity = length(Args),
+    Function = fun M:F/Arity,
     apply_1(Function, Args, Options);
 apply(Fun, Args, Options) 
   when is_function(Fun), is_list(Args), is_list(Options) ->
@@ -109,7 +113,9 @@ apply(A, B, C) ->
 
 apply(Module, Function, Args, Options) 
   when is_atom(Module), is_atom(Function), is_list(Args), is_list(Options) ->
-    apply_1({Module, Function}, Args, Options);
+    Arity = length(Args),
+    Fun = fun Module:Function/Arity,
+    apply_1(Fun, Args, Options);
 apply(A, B, C, D) ->
     erlang:error(badarg, [A, B, C, D]).
 
diff --git a/lib/tools/src/xref_compiler.erl b/lib/tools/src/xref_compiler.erl
index 1445e135be..22312c6754 100644
--- a/lib/tools/src/xref_compiler.erl
+++ b/lib/tools/src/xref_compiler.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2000-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2000-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -736,8 +736,11 @@ find_nodes(Tuple, I, T) when is_tuple(Tuple) ->
 	  end,
     {NL, NI, T1} = foldl(Fun, {[], I, T}, L),
     Tag = case Tag0 of
-	      _ when is_function(Tag0) -> Tag0;
-	      _ when is_atom(Tag0) -> {sofs, Tag0}
+	      _ when is_function(Tag0) ->
+		  Tag0;
+	      _ when is_atom(Tag0) ->
+		  Arity = length(NL),
+		  fun sofs:Tag0/Arity
 	  end,
     find_node({apply, Tag, NL}, NI, T1).
 
diff --git a/lib/tools/test/cover_SUITE.erl b/lib/tools/test/cover_SUITE.erl
index 881a3c2997..576d7e261c 100644
--- a/lib/tools/test/cover_SUITE.erl
+++ b/lib/tools/test/cover_SUITE.erl
@@ -130,13 +130,20 @@ compile(Config) when is_list(Config) ->
     ?line {ok,_} = compile:file(x),
     ?line {ok,_} = compile:file("d/y",[debug_info,{outdir,"d"},report]),
     ?line Key = "A Krypto Key",
-    ?line {ok,_} = compile:file(crypt, [debug_info,{debug_info_key,Key},report]),
+    CryptoWorks = crypto_works(),
+    case CryptoWorks of
+	false ->
+	    {ok,_} = compile:file(crypt, [debug_info,report]),
+	    {ok,crypt} = cover:compile_beam("crypt.beam");
+	true ->
+	    {ok,_} = compile:file(crypt, [{debug_info_key,Key},report]),
+	    {error,{encrypted_abstract_code,_}} =
+		cover:compile_beam("crypt.beam"),
+	    ok = beam_lib:crypto_key_fun(simple_crypto_fun(Key)),
+	    {ok,crypt} = cover:compile_beam("crypt.beam")
+    end,
     ?line {ok,v} = cover:compile_beam(v),
     ?line {ok,w} = cover:compile_beam("w.beam"),
-    ?line {error,{encrypted_abstract_code,_}} =
-	cover:compile_beam("crypt.beam"),
-    ?line ok = beam_lib:crypto_key_fun(simple_crypto_fun(Key)),
-    ?line {ok,crypt} = cover:compile_beam("crypt.beam"),
     ?line {error,{no_abstract_code,"./x.beam"}} = cover:compile_beam(x),
     ?line {error,{already_cover_compiled,no_beam_found,a}}=cover:compile_beam(a),
     ?line {error,non_existing} = cover:compile_beam(z),
@@ -148,6 +155,15 @@ compile(Config) when is_list(Config) ->
     ?line Files = lsfiles(),
     ?line remove(files(Files, ".beam")).
 
+crypto_works() ->
+    try crypto:start() of
+	{error,{already_started,crypto}} -> true;
+	ok -> true
+    catch
+	error:_ ->
+	    false
+    end.
+
 simple_crypto_fun(Key) ->
     fun(init) -> ok;
        ({debug_info, des3_cbc, crypt, _}) -> Key
diff --git a/lib/tools/test/eprof_SUITE.erl b/lib/tools/test/eprof_SUITE.erl
index ecdbc5ce57..3283fa571f 100644
--- a/lib/tools/test/eprof_SUITE.erl
+++ b/lib/tools/test/eprof_SUITE.erl
@@ -183,8 +183,14 @@ eed(Config) when is_list(Config) ->
     ?line ok = eprof:log("eprof_SUITE_logfile"),
     ?line stopped = eprof:stop(),
     ?line ?t:timetrap_cancel(TTrap),
-    S = lists:flatten(io_lib:format("~p times slower", [10*(T3-T2)/(T2-T1)])),
-    {comment,S}.
+    try
+	S = lists:flatten(io_lib:format("~p times slower",
+					[10*(T3-T2)/(T2-T1)])),
+	{comment,S}
+    catch
+	error:badarith ->
+	    {comment,"No time elapsed. Bad clock? Fast computer?"}
+    end.
 
 ensure_eprof_stopped() ->
     Pid = whereis(eprof),
diff --git a/lib/tools/test/fprof_SUITE.erl b/lib/tools/test/fprof_SUITE.erl
index 0da6d4a9ea..f491c1e227 100644
--- a/lib/tools/test/fprof_SUITE.erl
+++ b/lib/tools/test/fprof_SUITE.erl
@@ -191,11 +191,17 @@ tail_seq(Config) when is_list(Config) ->
 
 %%%---------------------------------------------------------------------
 
-create_file_slow(doc) ->
-    ["Tests the create_file_slow benchmark"];
-create_file_slow(suite) ->
-    [];
-create_file_slow(Config) when is_list(Config) ->
+%% Tests the create_file_slow benchmark.
+create_file_slow(Config) ->
+    case test_server:is_native(lists) orelse
+	test_server:is_native(file) of
+	true ->
+	    {skip,"Native libs -- tracing does not work"};
+	false ->
+	    do_create_file_slow(Config)
+    end.
+
+do_create_file_slow(Config) ->
     ?line Timetrap = ?t:timetrap(?t:seconds(40)),
     ?line PrivDir = ?config(priv_dir, Config),
     ?line TraceFile = 
diff --git a/lib/tools/test/lcnt_SUITE.erl b/lib/tools/test/lcnt_SUITE.erl
index f2afa60e33..1bee6021ab 100644
--- a/lib/tools/test/lcnt_SUITE.erl
+++ b/lib/tools/test/lcnt_SUITE.erl
@@ -34,7 +34,7 @@
 	]).
 
 %% Default timetrap timeout (set in init_per_testcase)
--define(default_timeout, ?t:minutes(2)).
+-define(default_timeout, ?t:minutes(4)).
 
 init_per_suite(Config) when is_list(Config) ->
     Config.
@@ -49,6 +49,7 @@ init_per_testcase(_Case, Config) ->
 end_per_testcase(_Case, Config) ->
     Dog = ?config(watchdog, Config),
     ?t:timetrap_cancel(Dog),
+    catch lcnt:stop(),
     ok.
 
 suite() -> [{ct_hooks,[ts_install_cth]}].
diff --git a/lib/tools/vsn.mk b/lib/tools/vsn.mk
index 2d63a33554..269d3d7773 100644
--- a/lib/tools/vsn.mk
+++ b/lib/tools/vsn.mk
@@ -1 +1 @@
-TOOLS_VSN = 2.6.6.5
+TOOLS_VSN = 2.6.6.6
diff --git a/lib/tv/doc/src/Makefile b/lib/tv/doc/src/Makefile
index 5a41b28d48..21478d0931 100644
--- a/lib/tv/doc/src/Makefile
+++ b/lib/tv/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/tv/doc/src/notes.xml b/lib/tv/doc/src/notes.xml
index 77a6a43d51..97c99e6202 100644
--- a/lib/tv/doc/src/notes.xml
+++ b/lib/tv/doc/src/notes.xml
@@ -30,6 +30,21 @@
   </header>
   <p>This document describes the changes made to the TV application.</p>
 
+<section><title>TV 2.1.4.8</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>TV 2.1.4.7</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/tv/doc/src/table_visualizer_chapter.xml b/lib/tv/doc/src/table_visualizer_chapter.xml
index 12efbe643c..dbfd322945 100644
--- a/lib/tv/doc/src/table_visualizer_chapter.xml
+++ b/lib/tv/doc/src/table_visualizer_chapter.xml
@@ -31,6 +31,12 @@
     <rev>C</rev>
     <file>table_visualizer.xml</file>
   </header>
+    <warning>
+      <p>
+	The TV application has been superseded by the Observer application.
+	TV will be removed in R16.
+      </p>
+    </warning>
   <p>The TV, TV, is a tool that enables the user to examine 
     ETS and Mnesia tables on any (connected) node in the currently running Erlang
     system. Once a certain table has been opened in the tool, the content may be
diff --git a/lib/tv/doc/src/tv.xml b/lib/tv/doc/src/tv.xml
index 84b9f8c33d..83bbdfc052 100644
--- a/lib/tv/doc/src/tv.xml
+++ b/lib/tv/doc/src/tv.xml
@@ -36,6 +36,12 @@
   <module>tv</module>
   <modulesummary>TV graphically examines ETS and Mnesia tables. </modulesummary>
   <description>
+    <warning>
+      <p>
+	The TV application has been superseded by the Observer application.
+	TV will be removed in R16.
+      </p>
+    </warning>
     <p>TV enables the user to examine ETS and Mnesia tables. Once 
       a certain table has been opened in the tool, the content may be viewed at 
       various levels of detail. The content viewed may also be sorted, using any 
diff --git a/lib/tv/src/tv_db.erl b/lib/tv/src/tv_db.erl
index 201b4c0e6b..179b75c2e6 100644
--- a/lib/tv/src/tv_db.erl
+++ b/lib/tv/src/tv_db.erl
@@ -22,6 +22,10 @@
 %%%*********************************************************************
 
 -module(tv_db).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_db_search.erl b/lib/tv/src/tv_db_search.erl
index 7634bc63b6..6ae999253a 100644
--- a/lib/tv/src/tv_db_search.erl
+++ b/lib/tv/src/tv_db_search.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1998-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,6 +21,18 @@
 %%%
 %%%*********************************************************************
 -module(tv_db_search).
+-compile([{nowarn_deprecated_function,{gs,button,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,entry,3}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,label,3}},
+          {nowarn_deprecated_function,{gs,listbox,3}},
+          {nowarn_deprecated_function,{gs,radiobutton,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_etsread.erl b/lib/tv/src/tv_etsread.erl
index d3240ef513..b3e38f9d45 100644
--- a/lib/tv/src/tv_etsread.erl
+++ b/lib/tv/src/tv_etsread.erl
@@ -25,6 +25,9 @@
 
 
 -module(tv_etsread).
+-compile([{nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_info.erl b/lib/tv/src/tv_info.erl
index 7bc31e35cd..941286362c 100644
--- a/lib/tv/src/tv_info.erl
+++ b/lib/tv/src/tv_info.erl
@@ -16,6 +16,14 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_info).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,listbox,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_ip.erl b/lib/tv/src/tv_ip.erl
index aeec4e8f6d..2d3ada878a 100644
--- a/lib/tv/src/tv_ip.erl
+++ b/lib/tv/src/tv_ip.erl
@@ -16,6 +16,12 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_ip).
+-compile([{nowarn_deprecated_function,{gs,canvas,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_main.erl b/lib/tv/src/tv_main.erl
index 283ba4c967..fbf56971f9 100644
--- a/lib/tv/src/tv_main.erl
+++ b/lib/tv/src/tv_main.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1998-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -16,6 +16,20 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_main).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,frame,3}},
+          {nowarn_deprecated_function,{gs,grid,3}},
+          {nowarn_deprecated_function,{gs,gridline,2}},
+          {nowarn_deprecated_function,{gs,label,3}},
+          {nowarn_deprecated_function,{gs,menu,2}},
+          {nowarn_deprecated_function,{gs,menubar,3}},
+          {nowarn_deprecated_function,{gs,menubutton,2}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,menuitem,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_mnesia_rpc.erl b/lib/tv/src/tv_mnesia_rpc.erl
index 4a75994145..b2434fcdd3 100644
--- a/lib/tv/src/tv_mnesia_rpc.erl
+++ b/lib/tv/src/tv_mnesia_rpc.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1998-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/tv/src/tv_new_table.erl b/lib/tv/src/tv_new_table.erl
index 3d62b0548b..d31b9a4ee2 100644
--- a/lib/tv/src/tv_new_table.erl
+++ b/lib/tv/src/tv_new_table.erl
@@ -16,6 +16,16 @@
 %% 
 %% %CopyrightEnd%k
 -module(tv_new_table).
+-compile([{nowarn_deprecated_function,{gs,button,3}},
+          {nowarn_deprecated_function,{gs,checkbutton,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,entry,3}},
+          {nowarn_deprecated_function,{gs,frame,3}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,radiobutton,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_nodewin.erl b/lib/tv/src/tv_nodewin.erl
index 3999d201d8..9030ed930f 100644
--- a/lib/tv/src/tv_nodewin.erl
+++ b/lib/tv/src/tv_nodewin.erl
@@ -16,6 +16,15 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_nodewin).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,listbox,3}},
+          {nowarn_deprecated_function,{gs,menu,3}},
+          {nowarn_deprecated_function,{gs,menubar,3}},
+          {nowarn_deprecated_function,{gs,menubutton,3}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_pb.erl b/lib/tv/src/tv_pb.erl
index 78a27185dc..fa3dcde919 100644
--- a/lib/tv/src/tv_pb.erl
+++ b/lib/tv/src/tv_pb.erl
@@ -16,6 +16,9 @@
 %%
 %% %CopyrightEnd%
 -module(tv_pb).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,frame,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_pb_funcs.erl b/lib/tv/src/tv_pb_funcs.erl
index 87a4719bbd..0670d2795f 100644
--- a/lib/tv/src/tv_pb_funcs.erl
+++ b/lib/tv/src/tv_pb_funcs.erl
@@ -16,6 +16,12 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_pb_funcs).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,canvas,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_pc.erl b/lib/tv/src/tv_pc.erl
index 50214fe06a..fcb7aba3a7 100644
--- a/lib/tv/src/tv_pc.erl
+++ b/lib/tv/src/tv_pc.erl
@@ -25,6 +25,7 @@
 
 
 -module(tv_pc).
+-compile([{nowarn_deprecated_function,{gs,config,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_pc_menu_handling.erl b/lib/tv/src/tv_pc_menu_handling.erl
index 16195bf91f..5d411b106e 100644
--- a/lib/tv/src/tv_pc_menu_handling.erl
+++ b/lib/tv/src/tv_pc_menu_handling.erl
@@ -25,6 +25,10 @@
 
 
 -module(tv_pc_menu_handling).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_pd.erl b/lib/tv/src/tv_pd.erl
index ea14bf67b1..6694ea22a3 100644
--- a/lib/tv/src/tv_pd.erl
+++ b/lib/tv/src/tv_pd.erl
@@ -24,6 +24,11 @@
 
 
 -module(tv_pd).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_pd_display.erl b/lib/tv/src/tv_pd_display.erl
index f5a30cb640..dab442e28e 100644
--- a/lib/tv/src/tv_pd_display.erl
+++ b/lib/tv/src/tv_pd_display.erl
@@ -22,6 +22,13 @@
 %%%*********************************************************************
 
 -module(tv_pd_display).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,editor,2}},
+          {nowarn_deprecated_function,{gs,entry,3}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,read,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_pd_frames.erl b/lib/tv/src/tv_pd_frames.erl
index 4e091ac9f0..d18dcaf70d 100644
--- a/lib/tv/src/tv_pd_frames.erl
+++ b/lib/tv/src/tv_pd_frames.erl
@@ -16,6 +16,8 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_pd_frames).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,frame,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_pd_scale.erl b/lib/tv/src/tv_pd_scale.erl
index c94e57f468..2f98c3183f 100644
--- a/lib/tv/src/tv_pd_scale.erl
+++ b/lib/tv/src/tv_pd_scale.erl
@@ -24,6 +24,8 @@
 
 
 -module(tv_pd_scale).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,scale,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_pg.erl b/lib/tv/src/tv_pg.erl
index ba8782392b..0b36b18212 100644
--- a/lib/tv/src/tv_pg.erl
+++ b/lib/tv/src/tv_pg.erl
@@ -16,6 +16,7 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_pg).
+-compile([{nowarn_deprecated_function,{gs,config,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_pg_gridfcns.erl b/lib/tv/src/tv_pg_gridfcns.erl
index 3d23c8a69f..e47dac28a8 100644
--- a/lib/tv/src/tv_pg_gridfcns.erl
+++ b/lib/tv/src/tv_pg_gridfcns.erl
@@ -16,6 +16,10 @@
 %%
 %% %CopyrightEnd%
 -module(tv_pg_gridfcns).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,read,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_poll_dialog.erl b/lib/tv/src/tv_poll_dialog.erl
index 8d41251266..4bf49f44f1 100644
--- a/lib/tv/src/tv_poll_dialog.erl
+++ b/lib/tv/src/tv_poll_dialog.erl
@@ -22,7 +22,13 @@
 %%%*********************************************************************
 
 -module(tv_poll_dialog).
-
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,radiobutton,2}},
+          {nowarn_deprecated_function,{gs,scale,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 
 -export([start/1, init/2]).
diff --git a/lib/tv/src/tv_pw.erl b/lib/tv/src/tv_pw.erl
index 8b3186e090..bd6d06e241 100644
--- a/lib/tv/src/tv_pw.erl
+++ b/lib/tv/src/tv_pw.erl
@@ -23,6 +23,7 @@
 
 
 -module(tv_pw).
+-compile([{nowarn_deprecated_function,{gs,config,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_pw_window.erl b/lib/tv/src/tv_pw_window.erl
index 9cb5c879c0..0cd241a031 100644
--- a/lib/tv/src/tv_pw_window.erl
+++ b/lib/tv/src/tv_pw_window.erl
@@ -23,6 +23,10 @@
 
 
 -module(tv_pw_window).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,menuitem,3}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
 
 
 
diff --git a/lib/tv/src/tv_rec_edit.erl b/lib/tv/src/tv_rec_edit.erl
index e8f663073e..f6c09ebc67 100644
--- a/lib/tv/src/tv_rec_edit.erl
+++ b/lib/tv/src/tv_rec_edit.erl
@@ -16,6 +16,16 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_rec_edit).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,button,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,entry,3}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,frame,3}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_utils.erl b/lib/tv/src/tv_utils.erl
index fd232bde69..9c7458d302 100644
--- a/lib/tv/src/tv_utils.erl
+++ b/lib/tv/src/tv_utils.erl
@@ -16,6 +16,9 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_utils).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}}]).
 
 
 
diff --git a/lib/tv/vsn.mk b/lib/tv/vsn.mk
index 43e3d2ebce..756aae2096 100644
--- a/lib/tv/vsn.mk
+++ b/lib/tv/vsn.mk
@@ -1 +1 @@
-TV_VSN = 2.1.4.7
+TV_VSN = 2.1.4.8
diff --git a/lib/typer/src/typer.erl b/lib/typer/src/typer.erl
index f2a70f49b7..6392f5765f 100644
--- a/lib/typer/src/typer.erl
+++ b/lib/typer/src/typer.erl
@@ -119,9 +119,9 @@ extract(#analysis{macros = Macros,
 	      {ok, RecDict} ->
 		Mod = list_to_atom(filename:basename(File, ".erl")),
 		case dialyzer_utils:get_spec_info(Mod, AbstractCode, RecDict) of
-		  {ok, SpecDict} ->
+		  {ok, SpecDict, CbDict} ->
 		    CS1 = dialyzer_codeserver:store_temp_records(Mod, RecDict, CS),
-		    dialyzer_codeserver:store_temp_contracts(Mod, SpecDict, CS1);
+		    dialyzer_codeserver:store_temp_contracts(Mod, SpecDict, CbDict, CS1);
 		  {error, Reason} -> compile_error([Reason])
 		end;
 	      {error, Reason} -> compile_error([Reason])
@@ -682,10 +682,10 @@ analyze_result(show_succ, Args, Analysis) ->
 analyze_result(no_spec, Args, Analysis) ->
   {Args, Analysis#analysis{no_spec = true}};
 analyze_result({pa, Dir}, Args, Analysis) ->
-  code:add_patha(Dir),
+  true = code:add_patha(Dir),
   {Args, Analysis};
 analyze_result({pz, Dir}, Args, Analysis) ->
-  code:add_pathz(Dir),
+  true = code:add_pathz(Dir),
   {Args, Analysis}.
 
 %%--------------------------------------------------------------------
@@ -873,16 +873,16 @@ collect_one_file_info(File, Analysis) ->
 	      Mod = cerl:concrete(cerl:module_name(Core)),
 	      case dialyzer_utils:get_spec_info(Mod, AbstractCode, Records) of
 		{error, Reason} -> compile_error([Reason]);
-		{ok, SpecInfo} ->
+		{ok, SpecInfo, CbInfo} ->
                   ExpTypes = get_exported_types_from_core(Core),
-		  analyze_core_tree(Core, Records, SpecInfo, ExpTypes,
-                                    Analysis, File)
+		  analyze_core_tree(Core, Records, SpecInfo, CbInfo,
+				    ExpTypes, Analysis, File)
 	      end
 	  end
       end
   end.
 
-analyze_core_tree(Core, Records, SpecInfo, ExpTypes, Analysis, File) ->
+analyze_core_tree(Core, Records, SpecInfo, CbInfo, ExpTypes, Analysis, File) ->
   Module = cerl:concrete(cerl:module_name(Core)),
   TmpTree = cerl:from_records(Core),
   CS1 = Analysis#analysis.codeserver,
@@ -894,7 +894,8 @@ analyze_core_tree(Core, Records, SpecInfo, ExpTypes, Analysis, File) ->
   CS5 =
     case Analysis#analysis.no_spec of
       true -> CS4;
-      false -> dialyzer_codeserver:store_temp_contracts(Module, SpecInfo, CS4)
+      false ->
+	dialyzer_codeserver:store_temp_contracts(Module, SpecInfo, CbInfo, CS4)
     end,
   OldExpTypes = dialyzer_codeserver:get_temp_exported_types(CS5),
   MergedExpTypes = sets:union(ExpTypes, OldExpTypes),
diff --git a/lib/typer/vsn.mk b/lib/typer/vsn.mk
index 9e73aed286..85a7c01424 100644
--- a/lib/typer/vsn.mk
+++ b/lib/typer/vsn.mk
@@ -1 +1 @@
-TYPER_VSN = 0.9.2
+TYPER_VSN = 0.9.3
diff --git a/lib/webtool/doc/src/notes.xml b/lib/webtool/doc/src/notes.xml
index c58a440937..a56fdd7b6f 100644
--- a/lib/webtool/doc/src/notes.xml
+++ b/lib/webtool/doc/src/notes.xml
@@ -31,6 +31,21 @@
   <p>This document describes the changes made to the Webtool
     application.</p>
 
+<section><title>WebTool 0.8.9.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>WebTool 0.8.9</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/webtool/vsn.mk b/lib/webtool/vsn.mk
index 2643be866e..690f9a22cf 100644
--- a/lib/webtool/vsn.mk
+++ b/lib/webtool/vsn.mk
@@ -1 +1 @@
-WEBTOOL_VSN=0.8.9
+WEBTOOL_VSN=0.8.9.1
diff --git a/lib/wx/Makefile b/lib/wx/Makefile
index 0bc89e08ad..9a75b2e36e 100644
--- a/lib/wx/Makefile
+++ b/lib/wx/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2008-2010. All Rights Reserved.
+# Copyright Ericsson AB 2008-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -18,12 +18,19 @@
 #
 
 include ./vsn.mk
-include ./config.mk
-SUBDIRS = src 
-ifeq ($(CAN_BUILD_DRIVER), true) 
-SUBDIRS += c_src 
-endif 
-SUBDIRS += examples doc/src
+
+ifdef TERTIARY_BOOTSTRAP
+ INSIDE_ERLSRC = true
+ SUBDIRS = src
+else # Normal build
+ include ./config.mk
+ SUBDIRS = src
+ ifeq ($(CAN_BUILD_DRIVER), true)
+ SUBDIRS += c_src
+ endif
+ SUBDIRS += examples doc/src
+endif #TERTIARY_BOOTSTRAP
+
 CLEANDIRS = $(SUBDIRS) api_gen
 
 ifeq ($(INSIDE_ERLSRC),true)
@@ -32,6 +39,7 @@ ifeq ($(INSIDE_ERLSRC),true)
 # Default Subdir Targets
 # ----------------------------------------------------
 SUB_DIRECTORIES=$(SUBDIRS)
+
 include $(ERL_TOP)/make/otp_subdir.mk
 else 
 # we are building standalone wxErlang
diff --git a/lib/wx/aclocal.m4 b/lib/wx/aclocal.m4
new file mode 100644
index 0000000000..339a15a2bb
--- /dev/null
+++ b/lib/wx/aclocal.m4
@@ -0,0 +1,1766 @@
+dnl
+dnl %CopyrightBegin%
+dnl
+dnl Copyright Ericsson AB 1998-2011. All Rights Reserved.
+dnl
+dnl The contents of this file are subject to the Erlang Public License,
+dnl Version 1.1, (the "License"); you may not use this file except in
+dnl compliance with the License. You should have received a copy of the
+dnl Erlang Public License along with this software. If not, it can be
+dnl retrieved online at http://www.erlang.org/.
+dnl
+dnl Software distributed under the License is distributed on an "AS IS"
+dnl basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+dnl the License for the specific language governing rights and limitations
+dnl under the License.
+dnl
+dnl %CopyrightEnd%
+dnl
+
+dnl
+dnl aclocal.m4
+dnl
+dnl Local macros used in configure.in. The Local Macros which
+dnl could/should be part of autoconf are prefixed LM_, macros specific
+dnl to the Erlang system are prefixed ERL_.
+dnl
+
+AC_DEFUN(LM_PRECIOUS_VARS,
+[
+
+dnl ERL_TOP
+AC_ARG_VAR(ERL_TOP, [Erlang/OTP top source directory])
+
+dnl Tools
+AC_ARG_VAR(CC, [C compiler])
+AC_ARG_VAR(CFLAGS, [C compiler flags])
+AC_ARG_VAR(STATIC_CFLAGS, [C compiler static flags])
+AC_ARG_VAR(CFLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag passed via C compiler])
+AC_ARG_VAR(CPP, [C/C++ preprocessor])
+AC_ARG_VAR(CPPFLAGS, [C/C++ preprocessor flags])
+AC_ARG_VAR(CXX, [C++ compiler])
+AC_ARG_VAR(CXXFLAGS, [C++ compiler flags])
+AC_ARG_VAR(LD, [linker (is often overridden by configure)])
+AC_ARG_VAR(LDFLAGS, [linker flags (can be risky to set since LD may be overriden by configure)])
+AC_ARG_VAR(LIBS, [libraries])
+AC_ARG_VAR(DED_LD, [linker for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LDFLAGS, [linker flags for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LD_FLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(LFS_CFLAGS, [large file support C compiler flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LDFLAGS, [large file support linker flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LIBS, [large file support libraries (set all LFS_* variables or none)])
+AC_ARG_VAR(RANLIB, [ranlib])
+AC_ARG_VAR(AR, [ar])
+AC_ARG_VAR(GETCONF, [getconf])
+
+dnl Cross system root
+AC_ARG_VAR(erl_xcomp_sysroot, [Absolute cross system root path (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_isysroot, [Absolute cross system root include path (only used when cross compiling)])
+
+dnl Cross compilation variables
+AC_ARG_VAR(erl_xcomp_bigendian, [big endian system: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_clock_gettime_correction, [clock_gettime() can be used for time correction: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_nptl, [have Native POSIX Thread Library: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigusrx, [SIGUSR1 and SIGUSR2 can be used: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigaltstack, [have working sigaltstack(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_poll, [have working poll(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_kqueue, [have working kqueue(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_putenv_copy, [putenv() stores key-value copy: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_reliable_fpe, [have reliable floating point exceptions: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_getaddrinfo, [have working getaddrinfo() for both IPv4 and IPv6: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_gethrvtime_procfs_ioctl, [have working gethrvtime() which can be used with procfs ioctl(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_clock_gettime_cpu_time, [clock_gettime() can be used for retrieving process CPU time: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_after_morecore_hook, [__after_morecore_hook can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_dlsym_brk_wrappers, [dlsym(RTLD_NEXT, _) brk wrappers can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+
+])
+
+AC_DEFUN(ERL_XCOMP_SYSROOT_INIT,
+[
+erl_xcomp_without_sysroot=no
+if test "$cross_compiling" = "yes"; then
+    test "$erl_xcomp_sysroot" != "" || erl_xcomp_without_sysroot=yes
+    test "$erl_xcomp_isysroot" != "" || erl_xcomp_isysroot="$erl_xcomp_sysroot"
+else
+    erl_xcomp_sysroot=
+    erl_xcomp_isysroot=
+fi
+])
+
+AC_DEFUN(LM_CHECK_GETCONF,
+[
+if test "$cross_compiling" != "yes"; then
+    AC_CHECK_PROG([GETCONF], [getconf], [getconf], [false])
+else
+    dnl First check if we got a `<HOST>-getconf' in $PATH
+    host_getconf="$host_alias-getconf"
+    AC_CHECK_PROG([GETCONF], [$host_getconf], [$host_getconf], [false])
+    if test "$GETCONF" = "false" && test "$erl_xcomp_sysroot" != ""; then
+	dnl We should perhaps give up if we have'nt found it by now, but at
+	dnl least in one Tilera MDE `getconf' under sysroot is a bourne
+	dnl shell script which we can use. We try to find `<HOST>-getconf'
+    	dnl or `getconf' under sysconf, but only under sysconf since
+	dnl `getconf' in $PATH is almost guaranteed to be for the build
+	dnl machine.
+	GETCONF=
+	prfx="$erl_xcomp_sysroot"
+        AC_PATH_TOOL([GETCONF], [getconf], [false],
+	             ["$prfx/usr/bin:$prfx/bin:$prfx/usr/local/bin"])
+    fi
+fi
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_WINDOWS_ENVIRONMENT
+dnl
+dnl
+dnl Tries to determine thw windows build environment, i.e. 
+dnl MIXED_CYGWIN_VC or MIXED_MSYS_VC 
+dnl
+
+AC_DEFUN(LM_WINDOWS_ENVIRONMENT,
+[
+MIXED_CYGWIN=no
+MIXED_MSYS=no
+
+AC_MSG_CHECKING(for mixed cygwin or msys and native VC++ environment)
+if test "X$host" = "Xwin32" -a "x$GCC" != "xyes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([Cygwin and VC])
+		MIXED_CYGWIN_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_VC"
+	elif test -x /usr/bin/msysinfo; then
+	        CFLAGS="-O2"
+		MIXED_MSYS=yes
+		AC_MSG_RESULT([MSYS and VC])
+		MIXED_MSYS_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_MSYS_VC"
+	else		    
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_VC=no
+	MIXED_MSYS_VC=no
+fi
+AC_SUBST(MIXED_CYGWIN_VC)
+AC_SUBST(MIXED_MSYS_VC)
+
+MIXED_VC=no
+if test "x$MIXED_MSYS_VC" = "xyes" -o  "x$MIXED_CYGWIN_VC" = "xyes" ; then
+   MIXED_VC=yes
+fi
+
+AC_SUBST(MIXED_VC)
+
+if test "x$MIXED_MSYS" != "xyes"; then
+   AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
+   if test "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([yes])
+		MIXED_CYGWIN_MINGW=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_MINGW"
+	else
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+    else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_MINGW=no
+    fi
+else
+	MIXED_CYGWIN_MINGW=no
+fi	
+AC_SUBST(MIXED_CYGWIN_MINGW)
+
+AC_MSG_CHECKING(if we mix cygwin with any native compiler)
+if test "X$MIXED_CYGWIN" = "Xyes"; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_CYGWIN)
+	
+AC_MSG_CHECKING(if we mix msys with another native compiler)
+if test "X$MIXED_MSYS" = "Xyes" ; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_MSYS)
+])		
+	
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_FIND_EMU_CC
+dnl
+dnl
+dnl Tries fairly hard to find a C compiler that can handle jump tables.
+dnl Defines the @EMU_CC@ variable for the makefiles and 
+dnl inserts NO_JUMP_TABLE in the header if one cannot be found...
+dnl
+
+AC_DEFUN(LM_FIND_EMU_CC,
+	[AC_CACHE_CHECK(for a compiler that handles jumptables,
+			ac_cv_prog_emu_cc,
+			[
+AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    __label__ lbl1;
+    __label__ lbl2;
+    int x = magic();
+    static void *jtab[2];
+
+    jtab[0] = &&lbl1;
+    jtab[1] = &&lbl2;
+    goto *jtab[x];
+lbl1:
+    return 1;
+lbl2:
+    return 2;
+],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+
+if test $ac_cv_prog_emu_cc = no; then
+	for ac_progname in emu_cc.sh gcc-4.2 gcc; do
+  		IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  		ac_dummy="$PATH"
+  		for ac_dir in $ac_dummy; do
+    			test -z "$ac_dir" && ac_dir=.
+    			if test -f $ac_dir/$ac_progname; then
+      				ac_cv_prog_emu_cc=$ac_dir/$ac_progname
+      				break
+    			fi
+  		done
+  		IFS="$ac_save_ifs"
+		if test $ac_cv_prog_emu_cc != no; then
+			break
+		fi
+	done
+fi
+
+if test $ac_cv_prog_emu_cc != no; then
+	save_CC=$CC
+	save_CFLAGS=$CFLAGS
+	save_CPPFLAGS=$CPPFLAGS
+	CC=$ac_cv_prog_emu_cc
+	CFLAGS=""
+	CPPFLAGS=""
+	AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    	__label__ lbl1;
+    	__label__ lbl2;
+    	int x = magic();
+    	static void *jtab[2];
+
+    	jtab[0] = &&lbl1;
+    	jtab[1] = &&lbl2;
+    	goto *jtab[x];
+	lbl1:
+    	return 1;
+	lbl2:
+    	return 2;
+	],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+	CC=$save_CC
+	CFLAGS=$save_CFLAGS
+	CPPFLAGS=$save_CPPFLAGS
+fi
+])
+if test $ac_cv_prog_emu_cc = no; then
+	AC_DEFINE(NO_JUMP_TABLE,[],[Defined if no found C compiler can handle jump tables])
+	EMU_CC=$CC
+else
+	EMU_CC=$ac_cv_prog_emu_cc
+fi
+AC_SUBST(EMU_CC)
+])		
+			
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_INSTALL_DIR
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl Figure out how to create directories with parents.
+dnl (In my opinion INSTALL_DIR is a bad name, MKSUBDIRS or something is better)
+dnl
+dnl We prefer 'install -d', but use 'mkdir -p' if it exists.
+dnl If none of these methods works, we give up.
+dnl
+
+
+AC_DEFUN(LM_PROG_INSTALL_DIR,
+[AC_CACHE_CHECK(how to create a directory including parents,
+ac_cv_prog_mkdir_p,
+[
+temp_name_base=config.$$
+temp_name=$temp_name_base/x/y/z
+$INSTALL -d $temp_name >/dev/null 2>&1
+ac_cv_prog_mkdir_p=none
+if test -d $temp_name; then
+        ac_cv_prog_mkdir_p="$INSTALL -d"
+else
+        mkdir -p $temp_name >/dev/null 2>&1
+        if test -d $temp_name; then
+                ac_cv_prog_mkdir_p="mkdir -p"
+        fi
+fi
+rm -fr $temp_name_base           
+])
+
+case "${ac_cv_prog_mkdir_p}" in
+  none) AC_MSG_ERROR(don't know how create directories with parents) ;;
+  *)    INSTALL_DIR="$ac_cv_prog_mkdir_p" AC_SUBST(INSTALL_DIR)     ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_PERL5
+dnl
+dnl Try to find perl version 5. If found set PERL to the absolute path
+dnl of the program, if not found set PERL to false.
+dnl
+dnl On some systems /usr/bin/perl is perl 4 and e.g.
+dnl /usr/local/bin/perl is perl 5. We try to handle this case by
+dnl putting a couple of 
+dnl Tries to handle the case that there are two programs called perl
+dnl in the path and one of them is perl 5 and the other isn't. 
+dnl
+AC_DEFUN(LM_PROG_PERL5,
+[AC_PATH_PROGS(PERL, perl5 perl, false,
+   /usr/local/bin:/opt/local/bin:/usr/local/gnu/bin:${PATH})
+changequote(, )dnl
+dnl[ That bracket is needed to balance the right bracket below
+if test "$PERL" = "false" || $PERL -e 'exit ($] >= 5)'; then
+changequote([, ])dnl
+  ac_cv_path_PERL=false
+  PERL=false
+dnl  AC_MSG_WARN(perl version 5 not found)
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SO_BSDCOMPAT
+dnl
+dnl Check if the system has the SO_BSDCOMPAT flag on sockets (linux) 
+dnl
+AC_DEFUN(LM_DECL_SO_BSDCOMPAT,
+[AC_CACHE_CHECK([for SO_BSDCOMPAT declaration], ac_cv_decl_so_bsdcompat,
+AC_TRY_COMPILE([#include <sys/socket.h>], [int i = SO_BSDCOMPAT;],
+               ac_cv_decl_so_bsdcompat=yes,
+               ac_cv_decl_so_bsdcompat=no))
+
+case "${ac_cv_decl_so_bsdcompat}" in
+  "yes" ) AC_DEFINE(HAVE_SO_BSDCOMPAT,[],
+		[Define if you have SO_BSDCOMPAT flag on sockets]) ;;
+  * ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_INADDR_LOOPBACK
+dnl
+dnl Try to find declaration of INADDR_LOOPBACK, if nowhere provide a default
+dnl
+
+AC_DEFUN(LM_DECL_INADDR_LOOPBACK,
+[AC_CACHE_CHECK([for INADDR_LOOPBACK in netinet/in.h],
+ ac_cv_decl_inaddr_loopback,
+[AC_TRY_COMPILE([#include <sys/types.h>
+#include <netinet/in.h>], [int i = INADDR_LOOPBACK;],
+ac_cv_decl_inaddr_loopback=yes, ac_cv_decl_inaddr_loopback=no)
+])
+
+if test ${ac_cv_decl_inaddr_loopback} = no; then
+  AC_CACHE_CHECK([for INADDR_LOOPBACK in rpc/types.h],
+                   ac_cv_decl_inaddr_loopback_rpc,
+                   AC_TRY_COMPILE([#include <rpc/types.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_rpc=yes,
+                                   ac_cv_decl_inaddr_loopback_rpc=no))
+
+   case "${ac_cv_decl_inaddr_loopback_rpc}" in
+     "yes" )
+        AC_DEFINE(DEF_INADDR_LOOPBACK_IN_RPC_TYPES_H,[],
+		[Define if you need to include rpc/types.h to get INADDR_LOOPBACK defined]) ;;
+      * )
+  	AC_CACHE_CHECK([for INADDR_LOOPBACK in winsock2.h],
+                   ac_cv_decl_inaddr_loopback_winsock2,
+                   AC_TRY_COMPILE([#define WIN32_LEAN_AND_MEAN
+				   #include <winsock2.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_winsock2=yes,
+                                   ac_cv_decl_inaddr_loopback_winsock2=no))
+	case "${ac_cv_decl_inaddr_loopback_winsock2}" in
+     		"yes" )
+			AC_DEFINE(DEF_INADDR_LOOPBACK_IN_WINSOCK2_H,[],
+				[Define if you need to include winsock2.h to get INADDR_LOOPBACK defined]) ;;
+		* )
+			# couldn't find it anywhere
+        		AC_DEFINE(HAVE_NO_INADDR_LOOPBACK,[],
+				[Define if you don't have a definition of INADDR_LOOPBACK]) ;;
+	esac;;
+   esac
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_SOCKADDR_SA_LEN
+dnl
+dnl Check if the sockaddr structure has the field sa_len
+dnl
+
+AC_DEFUN(LM_STRUCT_SOCKADDR_SA_LEN,
+[AC_CACHE_CHECK([whether struct sockaddr has sa_len field],
+                ac_cv_struct_sockaddr_sa_len,
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <sys/socket.h>], [struct sockaddr s; s.sa_len = 10;],
+  ac_cv_struct_sockaddr_sa_len=yes, ac_cv_struct_sockaddr_sa_len=no))
+
+dnl FIXME convbreak
+case ${ac_cv_struct_sockaddr_sa_len} in
+  "no" ) AC_DEFINE(NO_SA_LEN,[1],[Define if you dont have salen]) ;;
+  *) ;;
+esac
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_EXCEPTION
+dnl
+dnl Check to see whether the system supports the matherr function
+dnl and its associated type "struct exception".
+dnl
+
+AC_DEFUN(LM_STRUCT_EXCEPTION,
+[AC_CACHE_CHECK([for struct exception (and matherr function)],
+ ac_cv_struct_exception,
+AC_TRY_COMPILE([#include <math.h>],
+  [struct exception x; x.type = DOMAIN; x.type = SING;],
+  ac_cv_struct_exception=yes, ac_cv_struct_exception=no))
+
+case "${ac_cv_struct_exception}" in
+  "yes" ) AC_DEFINE(USE_MATHERR,[1],[Define if you have matherr() function and struct exception type]) ;;
+  *  ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_IPV6
+dnl
+dnl Check for ipv6 support and what the in6_addr structure is called.
+dnl (early linux used in_addr6 insted of in6_addr)
+dnl
+
+AC_DEFUN(LM_SYS_IPV6,
+[AC_MSG_CHECKING(for IP version 6 support)
+AC_CACHE_VAL(ac_cv_sys_ipv6_support,
+[ok_so_far=yes
+ AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+   [struct in6_addr a6; struct sockaddr_in6 s6;], ok_so_far=yes, ok_so_far=no)
+
+if test $ok_so_far = yes; then
+  ac_cv_sys_ipv6_support=yes
+else
+  AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+    [struct in_addr6 a6; struct sockaddr_in6 s6;],
+    ac_cv_sys_ipv6_support=in_addr6, ac_cv_sys_ipv6_support=no)
+fi
+])dnl
+
+dnl
+dnl Have to use old style AC_DEFINE due to BC with old autoconf.
+dnl
+
+case ${ac_cv_sys_ipv6_support} in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    ;;
+  in_addr6)
+    AC_MSG_RESULT([yes (but I am redefining in_addr6 to in6_addr)])
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    AC_DEFINE(HAVE_IN_ADDR6_STRUCT,[],[Early linux used in_addr6 instead of in6_addr, define if you have this])
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_MULTICAST
+dnl
+dnl Check for multicast support. Only checks for multicast options in
+dnl setsockopt(), no check is performed that multicasting actually works.
+dnl If options are found defines HAVE_MULTICAST_SUPPORT
+dnl
+
+AC_DEFUN(LM_SYS_MULTICAST,
+[AC_CACHE_CHECK([for multicast support], ac_cv_sys_multicast_support,
+[AC_EGREP_CPP(yes,
+[#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#if defined(IP_MULTICAST_TTL) && defined(IP_MULTICAST_LOOP) && defined(IP_MULTICAST_IF) && defined(IP_ADD_MEMBERSHIP) && defined(IP_DROP_MEMBERSHIP)
+yes
+#endif
+], ac_cv_sys_multicast_support=yes, ac_cv_sys_multicast_support=no)])
+if test $ac_cv_sys_multicast_support = yes; then
+  AC_DEFINE(HAVE_MULTICAST_SUPPORT,[1],
+	[Define if setsockopt() accepts multicast options])
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SYS_ERRLIST
+dnl
+dnl Define SYS_ERRLIST_DECLARED if the variable sys_errlist is declared
+dnl in a system header file, stdio.h or errno.h.
+dnl
+
+AC_DEFUN(LM_DECL_SYS_ERRLIST,
+[AC_CACHE_CHECK([for sys_errlist declaration in stdio.h or errno.h],
+  ac_cv_decl_sys_errlist,
+[AC_TRY_COMPILE([#include <stdio.h>
+#include <errno.h>], [char *msg = *(sys_errlist + 1);],
+  ac_cv_decl_sys_errlist=yes, ac_cv_decl_sys_errlist=no)])
+if test $ac_cv_decl_sys_errlist = yes; then
+  AC_DEFINE(SYS_ERRLIST_DECLARED,[],
+	[define if the variable sys_errlist is declared in a system header file])
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_FUNC_DECL( funname, declaration [, extra includes 
+dnl                     [, action-if-found [, action-if-not-found]]] )
+dnl
+dnl Checks if the declaration "declaration" of "funname" conflicts
+dnl with the header files idea of how the function should be
+dnl declared. It is useful on systems which lack prototypes and you
+dnl need to provide your own (e.g. when you want to take the address
+dnl of a function). The 4'th argument is expanded if conflicting, 
+dnl the 5'th argument otherwise
+dnl
+dnl
+
+AC_DEFUN(LM_CHECK_FUNC_DECL,
+[AC_MSG_CHECKING([for conflicting declaration of $1])
+AC_CACHE_VAL(ac_cv_func_decl_$1,
+[AC_TRY_COMPILE([#include <stdio.h>
+$3],[$2
+char *c = (char *)$1;
+], eval "ac_cv_func_decl_$1=no", eval "ac_cv_func_decl_$1=yes")])
+if eval "test \"`echo '$ac_cv_func_decl_'$1`\" = yes"; then
+  AC_MSG_RESULT(yes)
+  ifelse([$4], , :, [$4])
+else
+  AC_MSG_RESULT(no)
+ifelse([$5], , , [$5
+])dnl
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_THR_LIB
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl LM_CHECK_THR_LIB sets THR_LIBS, THR_DEFS, and THR_LIB_NAME. It also
+dnl checks for some pthread headers which will appear in DEFS or config.h.
+dnl
+
+AC_DEFUN(LM_CHECK_THR_LIB,
+[
+
+NEED_NPTL_PTHREAD_H=no
+
+dnl win32?
+AC_MSG_CHECKING([for native win32 threads])
+if test "X$host_os" = "Xwin32"; then
+    AC_MSG_RESULT(yes)
+    THR_DEFS="-DWIN32_THREADS"
+    THR_LIBS=
+    THR_LIB_NAME=win32_threads
+    THR_LIB_TYPE=win32_threads
+else
+    AC_MSG_RESULT(no)
+    THR_DEFS=
+    THR_LIBS=
+    THR_LIB_NAME=
+    THR_LIB_TYPE=posix_unknown
+
+dnl Try to find POSIX threads
+
+dnl The usual pthread lib...
+    AC_CHECK_LIB(pthread, pthread_create, THR_LIBS="-lpthread")
+
+dnl FreeBSD has pthreads in special c library, c_r...
+    if test "x$THR_LIBS" = "x"; then
+	AC_CHECK_LIB(c_r, pthread_create, THR_LIBS="-lc_r")
+    fi
+
+dnl On ofs1 the '-pthread' switch should be used
+    if test "x$THR_LIBS" = "x"; then
+	AC_MSG_CHECKING([if the '-pthread' switch can be used])
+	saved_cflags=$CFLAGS
+	CFLAGS="$CFLAGS -pthread"
+	AC_TRY_LINK([#include <pthread.h>],
+		    pthread_create((void*)0,(void*)0,(void*)0,(void*)0);,
+		    [THR_DEFS="-pthread"
+		     THR_LIBS="-pthread"])
+	CFLAGS=$saved_cflags
+	if test "x$THR_LIBS" != "x"; then
+	    AC_MSG_RESULT(yes)
+	else
+	    AC_MSG_RESULT(no)
+	fi
+    fi
+
+    if test "x$THR_LIBS" != "x"; then
+	THR_DEFS="$THR_DEFS -D_THREAD_SAFE -D_REENTRANT -DPOSIX_THREADS"
+	THR_LIB_NAME=pthread
+	case $host_os in
+	    solaris*)
+		THR_DEFS="$THR_DEFS -D_POSIX_PTHREAD_SEMANTICS" ;;
+	    linux*)
+		THR_DEFS="$THR_DEFS -D_POSIX_THREAD_SAFE_FUNCTIONS"
+
+		LM_CHECK_GETCONF
+		AC_MSG_CHECKING(for Native POSIX Thread Library)
+		libpthr_vsn=`$GETCONF GNU_LIBPTHREAD_VERSION 2>/dev/null`
+		if test $? -eq 0; then
+		    case "$libpthr_vsn" in
+			*nptl*|*NPTL*) nptl=yes;;
+			*) nptl=no;;
+		    esac
+		elif test "$cross_compiling" = "yes"; then
+		    case "$erl_xcomp_linux_nptl" in
+			"") nptl=cross;;
+			yes|no) nptl=$erl_xcomp_linux_nptl;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_nptl value: $erl_xcomp_linux_nptl]);;
+		    esac
+		else
+		    nptl=no
+		fi
+		AC_MSG_RESULT($nptl)
+		if test $nptl = cross; then
+		    nptl=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $nptl = yes; then
+		    THR_LIB_TYPE=posix_nptl
+		    need_nptl_incldir=no
+		    AC_CHECK_HEADER(nptl/pthread.h,
+				    [need_nptl_incldir=yes
+				     NEED_NPTL_PTHREAD_H=yes])
+		    if test $need_nptl_incldir = yes; then
+			# Ahh...
+			nptl_path="$C_INCLUDE_PATH:$CPATH"
+			if test X$cross_compiling != Xyes; then
+			    nptl_path="$nptl_path:/usr/local/include:/usr/include"
+			else
+			    IROOT="$erl_xcomp_isysroot"
+			    test "$IROOT" != "" || IROOT="$erl_xcomp_sysroot"
+			    test "$IROOT" != "" || AC_MSG_ERROR([Don't know where to search for includes! Please set erl_xcomp_isysroot])
+			    nptl_path="$nptl_path:$IROOT/usr/local/include:$IROOT/usr/include"
+			fi
+			nptl_ws_path=
+			save_ifs="$IFS"; IFS=":"
+			for dir in $nptl_path; do
+			    if test "x$dir" != "x"; then
+				nptl_ws_path="$nptl_ws_path $dir"
+			    fi
+			done
+			IFS=$save_ifs
+			nptl_incldir=
+			for dir in $nptl_ws_path; do
+		            AC_CHECK_HEADER($dir/nptl/pthread.h,
+					    nptl_incldir=$dir/nptl)
+			    if test "x$nptl_incldir" != "x"; then
+				THR_DEFS="$THR_DEFS -isystem $nptl_incldir"
+				break
+			    fi
+			done
+			if test "x$nptl_incldir" = "x"; then
+			    AC_MSG_ERROR(Failed to locate nptl system include directory)
+			fi
+		    fi
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need THR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags=$CPPFLAGS
+	CPPFLAGS="$CPPFLAGS $THR_DEFS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h,
+			AC_DEFINE(HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+    fi
+fi
+
+])
+
+AC_DEFUN(ERL_INTERNAL_LIBS,
+[
+
+ERTS_INTERNAL_X_LIBS=
+
+AC_CHECK_LIB(kstat, kstat_open,
+[AC_DEFINE(HAVE_KSTAT, 1, [Define if you have kstat])
+ERTS_INTERNAL_X_LIBS="$ERTS_INTERNAL_X_LIBS -lkstat"])
+
+AC_SUBST(ERTS_INTERNAL_X_LIBS)
+
+])
+
+AC_DEFUN(ETHR_CHK_SYNC_OP,
+[
+    AC_MSG_CHECKING([for $3-bit $1()])
+    case "$2" in
+	"1") sync_call="$1(&var);";;
+	"2") sync_call="$1(&var, ($4) 0);";;
+	"3") sync_call="$1(&var, ($4) 0, ($4) 0);";;
+    esac
+    have_sync_op=no
+    AC_TRY_LINK([],
+	[
+	    $4 res;
+	    volatile $4 var;
+	    res = $sync_call
+	],
+	[have_sync_op=yes])
+    test $have_sync_op = yes && $5
+    AC_MSG_RESULT([$have_sync_op])
+])
+
+AC_DEFUN(ETHR_CHK_INTERLOCKED,
+[
+    ilckd="$1"
+    AC_MSG_CHECKING([for ${ilckd}()])
+    case "$2" in
+	"1") ilckd_call="${ilckd}(var);";;
+	"2") ilckd_call="${ilckd}(var, ($3) 0);";;
+	"3") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0);";;
+	"4") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0, arr);";;
+    esac
+    have_interlocked_op=no
+    AC_TRY_LINK(
+	[
+	#define WIN32_LEAN_AND_MEAN
+	#include <windows.h>
+	#include <intrin.h>
+	],
+	[
+	    volatile $3 *var;
+	    volatile $3 arr[2];
+
+	    $ilckd_call
+	    return 0;
+	],
+	[have_interlocked_op=yes])
+    test $have_interlocked_op = yes && $4
+    AC_MSG_RESULT([$have_interlocked_op])
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_FIND_ETHR_LIB
+dnl
+dnl NOTE! This macro may be changed at any time! Should *only* be used by
+dnl       ERTS!
+dnl
+dnl Find a thread library to use. Sets ETHR_LIBS to libraries to link
+dnl with, ETHR_X_LIBS to extra libraries to link with (same as ETHR_LIBS
+dnl except that the ethread lib itself is not included), ETHR_DEFS to
+dnl defines to compile with, ETHR_THR_LIB_BASE to the name of the
+dnl thread library which the ethread library is based on, and ETHR_LIB_NAME
+dnl to the name of the library where the ethread implementation is located.
+dnl  ERL_FIND_ETHR_LIB currently searches for 'pthreads', and
+dnl 'win32_threads'. If no thread library was found ETHR_LIBS, ETHR_X_LIBS,
+dnl ETHR_DEFS, ETHR_THR_LIB_BASE, and ETHR_LIB_NAME are all set to the
+dnl empty string.
+dnl
+
+AC_DEFUN(ERL_FIND_ETHR_LIB,
+[
+
+LM_CHECK_THR_LIB
+ERL_INTERNAL_LIBS
+
+ethr_have_native_atomics=no
+ethr_have_native_spinlock=no
+ETHR_THR_LIB_BASE="$THR_LIB_NAME"
+ETHR_THR_LIB_BASE_TYPE="$THR_LIB_TYPE"
+ETHR_DEFS="$THR_DEFS"
+ETHR_X_LIBS="$THR_LIBS $ERTS_INTERNAL_X_LIBS"
+ETHR_LIBS=
+ETHR_LIB_NAME=
+
+ethr_modified_default_stack_size=
+
+dnl Name of lib where ethread implementation is located
+ethr_lib_name=ethread
+
+case "$THR_LIB_NAME" in
+
+    win32_threads)
+	ETHR_THR_LIB_BASE_DIR=win
+	# * _WIN32_WINNT >= 0x0400 is needed for
+	#   TryEnterCriticalSection
+	# * _WIN32_WINNT >= 0x0403 is needed for
+	#   InitializeCriticalSectionAndSpinCount
+	# The ethread lib will refuse to build if _WIN32_WINNT < 0x0403.
+	#
+	# -D_WIN32_WINNT should have been defined in $CPPFLAGS; fetch it
+	# and save it in ETHR_DEFS.
+	found_win32_winnt=no
+	for cppflag in $CPPFLAGS; do
+	    case $cppflag in
+		-DWINVER*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    ;;
+		-D_WIN32_WINNT*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    found_win32_winnt=yes
+		    ;;
+		*)
+		    ;;
+	    esac
+        done
+        if test $found_win32_winnt = no; then
+	    AC_MSG_ERROR([-D_WIN32_WINNT missing in CPPFLAGS])
+        fi
+
+	AC_DEFINE(ETHR_WIN32_THREADS, 1, [Define if you have win32 threads])
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT, 1, [Define if you have _InterlockedDecrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement_rel], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT_REL, 1, [Define if you have _InterlockedDecrement_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT, 1, [Define if you have _InterlockedIncrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement_acq], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT_ACQ, 1, [Define if you have _InterlockedIncrement_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD, 1, [Define if you have _InterlockedExchangeAdd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd_acq], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD_ACQ, 1, [Define if you have _InterlockedExchangeAdd_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND, 1, [Define if you have _InterlockedAnd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR, 1, [Define if you have _InterlockedOr()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE, 1, [Define if you have _InterlockedExchange()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE, 1, [Define if you have _InterlockedCompareExchange()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_acq], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_ACQ, 1, [Define if you have _InterlockedCompareExchange_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_rel], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_REL, 1, [Define if you have _InterlockedCompareExchange_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64, 1, [Define if you have _InterlockedDecrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64_rel], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64_REL, 1, [Define if you have _InterlockedDecrement64_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64, 1, [Define if you have _InterlockedIncrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64_acq], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64_ACQ, 1, [Define if you have _InterlockedIncrement64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64, 1, [Define if you have _InterlockedExchangeAdd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64_acq], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64_ACQ, 1, [Define if you have _InterlockedExchangeAdd64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND64, 1, [Define if you have _InterlockedAnd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR64, 1, [Define if you have _InterlockedOr64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE64, 1, [Define if you have _InterlockedExchange64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64, 1, [Define if you have _InterlockedCompareExchange64()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_acq], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_ACQ, 1, [Define if you have _InterlockedCompareExchange64_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_rel], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_REL, 1, [Define if you have _InterlockedCompareExchange64_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange128], [4], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE128, 1, [Define if you have _InterlockedCompareExchange128()]))
+
+	test "$ethr_have_native_atomics" = "yes" && ethr_have_native_spinlock=yes
+	;;
+
+    pthread)
+	ETHR_THR_LIB_BASE_DIR=pthread
+    	AC_DEFINE(ETHR_PTHREADS, 1, [Define if you have pthreads])
+	case $host_os in
+	    openbsd*)
+		# The default stack size is insufficient for our needs
+		# on OpenBSD. We increase it to 256 kilo words.
+		ethr_modified_default_stack_size=256;;
+	    linux*)
+		ETHR_DEFS="$ETHR_DEFS -D_GNU_SOURCE"
+
+		if test	X$cross_compiling = Xyes; then
+		    case X$erl_xcomp_linux_usable_sigusrx in
+			X) usable_sigusrx=cross;;
+			Xyes|Xno) usable_sigusrx=$erl_xcomp_linux_usable_sigusrx;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigusrx value: $erl_xcomp_linux_usable_sigusrx]);;
+		    esac
+		    case X$erl_xcomp_linux_usable_sigaltstack in
+			X) usable_sigaltstack=cross;;
+			Xyes|Xno) usable_sigaltstack=$erl_xcomp_linux_usable_sigaltstack;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigaltstack value: $erl_xcomp_linux_usable_sigaltstack]);;
+		    esac
+		else
+		    # FIXME: Test for actual problems instead of kernel versions
+		    linux_kernel_vsn_=`uname -r`
+		    case $linux_kernel_vsn_ in
+			[[0-1]].*|2.[[0-1]]|2.[[0-1]].*)
+			    usable_sigusrx=no
+			    usable_sigaltstack=no;;
+			2.[[2-3]]|2.[[2-3]].*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=no;;
+		    	*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=yes;;
+		    esac
+		fi
+
+		AC_MSG_CHECKING(if SIGUSR1 and SIGUSR2 can be used)
+		AC_MSG_RESULT($usable_sigusrx)
+		if test $usable_sigusrx = cross; then
+		    usable_sigusrx=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigusrx = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGUSRX"
+		fi
+
+		AC_MSG_CHECKING(if sigaltstack can be used)
+		AC_MSG_RESULT($usable_sigaltstack)
+		if test $usable_sigaltstack = cross; then
+		    usable_sigaltstack=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigaltstack = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGALTSTACK"
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need ETHR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags="$CPPFLAGS"
+	CPPFLAGS="$CPPFLAGS $ETHR_DEFS"
+
+	dnl We need the thread library in order to find some functions
+	saved_libs="$LIBS"
+	LIBS="$LIBS $ETHR_X_LIBS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(ETHR_HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	if test $NEED_NPTL_PTHREAD_H = yes; then
+	    AC_DEFINE(ETHR_NEED_NPTL_PTHREAD_H, 1, \
+[Define if you need the <nptl/pthread.h> header file.])
+	fi
+
+	AC_CHECK_HEADER(sched.h, \
+			AC_DEFINE(ETHR_HAVE_SCHED_H, 1, \
+[Define if you have the <sched.h> header file.]))
+
+	AC_CHECK_HEADER(sys/time.h, \
+			AC_DEFINE(ETHR_HAVE_SYS_TIME_H, 1, \
+[Define if you have the <sys/time.h> header file.]))
+
+	AC_TRY_COMPILE([#include <time.h>
+			#include <sys/time.h>], 
+			[struct timeval *tv; return 0;],
+			AC_DEFINE(ETHR_TIME_WITH_SYS_TIME, 1, \
+[Define if you can safely include both <sys/time.h> and <time.h>.]))
+
+
+	dnl
+	dnl Check for functions
+	dnl
+
+	AC_CHECK_FUNC(pthread_spin_lock, \
+			[ethr_have_native_spinlock=yes \
+			 AC_DEFINE(ETHR_HAVE_PTHREAD_SPIN_LOCK, 1, \
+[Define if you have the pthread_spin_lock function.])])
+
+	have_sched_yield=no
+	have_librt_sched_yield=no
+	AC_CHECK_FUNC(sched_yield, [have_sched_yield=yes])
+	if test $have_sched_yield = no; then
+	    AC_CHECK_LIB(rt, sched_yield,
+			 [have_librt_sched_yield=yes
+			  ETHR_X_LIBS="$ETHR_X_LIBS -lrt"])
+	fi
+	if test $have_sched_yield = yes || test $have_librt_sched_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_SCHED_YIELD, 1, [Define if you have the sched_yield() function.])
+	    AC_MSG_CHECKING([whether sched_yield() returns an int])
+	    sched_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#ifdef ETHR_HAVE_SCHED_H
+				#include <sched.h>
+				#endif
+			   ],
+			   [int sched_yield();],
+			   [sched_yield_ret_int=yes])
+	    AC_MSG_RESULT([$sched_yield_ret_int])
+	    if test $sched_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_SCHED_YIELD_RET_INT, 1, [Define if sched_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_yield=no
+	AC_CHECK_FUNC(pthread_yield, [have_pthread_yield=yes])
+	if test $have_pthread_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_PTHREAD_YIELD, 1, [Define if you have the pthread_yield() function.])
+	    AC_MSG_CHECKING([whether pthread_yield() returns an int])
+	    pthread_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			   ],
+			   [int pthread_yield();],
+			   [pthread_yield_ret_int=yes])
+	    AC_MSG_RESULT([$pthread_yield_ret_int])
+	    if test $pthread_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_PTHREAD_YIELD_RET_INT, 1, [Define if pthread_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_rwlock_init=no
+	AC_CHECK_FUNC(pthread_rwlock_init, [have_pthread_rwlock_init=yes])
+	if test $have_pthread_rwlock_init = yes; then
+
+	    ethr_have_pthread_rwlockattr_setkind_np=no
+	    AC_CHECK_FUNC(pthread_rwlockattr_setkind_np,
+			  [ethr_have_pthread_rwlockattr_setkind_np=yes])
+
+	    if test $ethr_have_pthread_rwlockattr_setkind_np = yes; then
+		AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCKATTR_SETKIND_NP, 1, \
+[Define if you have the pthread_rwlockattr_setkind_np() function.])
+
+		AC_MSG_CHECKING([for PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP])
+		ethr_pthread_rwlock_writer_nonrecursive_initializer_np=no
+		AC_TRY_LINK([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			    ],
+			    [
+				pthread_rwlockattr_t *attr;
+				return pthread_rwlockattr_setkind_np(attr,
+				    PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP);
+			    ],
+			    [ethr_pthread_rwlock_writer_nonrecursive_initializer_np=yes])
+		AC_MSG_RESULT([$ethr_pthread_rwlock_writer_nonrecursive_initializer_np])
+		if test $ethr_pthread_rwlock_writer_nonrecursive_initializer_np = yes; then
+		    AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP, 1, \
+[Define if you have the PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP rwlock attribute.])
+		fi
+	    fi
+	fi
+
+	if test "$force_pthread_rwlocks" = "yes"; then
+
+	    AC_DEFINE(ETHR_FORCE_PTHREAD_RWLOCK, 1, \
+[Define if you want to force usage of pthread rwlocks])
+
+	    if test $have_pthread_rwlock_init = yes; then
+		AC_MSG_WARN([Forced usage of pthread rwlocks. Note that this implementation may suffer from starvation issues.])
+	    else
+		AC_MSG_ERROR([User forced usage of pthread rwlock, but no such implementation was found])
+	    fi
+	fi
+
+	AC_CHECK_FUNC(pthread_attr_setguardsize, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_ATTR_SETGUARDSIZE, 1, \
+[Define if you have the pthread_attr_setguardsize function.]))
+
+	linux_futex=no
+	AC_MSG_CHECKING([for Linux futexes])
+	AC_TRY_LINK([
+			#include <sys/syscall.h>
+			#include <unistd.h>
+			#include <linux/futex.h>
+			#include <sys/time.h>
+		    ],
+		    [
+			int i = 1;
+			syscall(__NR_futex, (void *) &i, FUTEX_WAKE, 1,
+				(void*)0,(void*)0, 0);
+			syscall(__NR_futex, (void *) &i, FUTEX_WAIT, 0,
+				(void*)0,(void*)0, 0);
+			return 0;
+		    ],
+		    linux_futex=yes)
+	AC_MSG_RESULT([$linux_futex])
+	test $linux_futex = yes && AC_DEFINE(ETHR_HAVE_LINUX_FUTEX, 1, [Define if you have a linux futex implementation.])
+
+	AC_CHECK_SIZEOF(int)
+	AC_CHECK_SIZEOF(long)
+	AC_CHECK_SIZEOF(long long)
+	AC_CHECK_SIZEOF(__int128_t)
+
+	if test "$ac_cv_sizeof_int" = "4"; then
+	    int32="int"
+	elif test "$ac_cv_sizeof_long" = "4"; then
+	    int32="long"
+	elif test "$ac_cv_sizeof_long_long" = "4"; then
+	    int32="long long"
+	else
+	    AC_MSG_ERROR([No 32-bit type found])
+	fi
+
+	if test "$ac_cv_sizeof_int" = "8"; then
+	    int64="int"
+	elif test "$ac_cv_sizeof_long" = "8"; then
+	    int64="long"
+	elif test "$ac_cv_sizeof_long_long" = "8"; then
+	    int64="long long"
+	else
+	    AC_MSG_ERROR([No 64-bit type found])
+	fi
+
+	int128=no
+	if test "$ac_cv_sizeof___int128_t" = "16"; then
+	    int128="__int128_t"
+	fi
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP32, 1, [Define if you have __sync_val_compare_and_swap() for 32-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH32, 1, [Define if you have __sync_add_and_fetch() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND32, 1, [Define if you have __sync_fetch_and_and() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR32, 1, [Define if you have __sync_fetch_and_or() for 32-bit integers]))
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP64, 1, [Define if you have __sync_val_compare_and_swap() for 64-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH64, 1, [Define if you have __sync_add_and_fetch() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND64, 1, [Define if you have __sync_fetch_and_and() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR64, 1, [Define if you have __sync_fetch_and_or() for 64-bit integers]))
+
+	if test $int128 != no; then
+	    ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [128], [$int128], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP128, 1, [Define if you have __sync_val_compare_and_swap() for 128-bit integers]))
+	fi
+
+	AC_MSG_CHECKING([for a usable libatomic_ops implementation])
+	case "x$with_libatomic_ops" in
+	    xno | xyes | x)
+		libatomic_ops_include=
+		;;
+	    *)
+		if test -d "${with_libatomic_ops}/include"; then
+		    libatomic_ops_include="-I$with_libatomic_ops/include"
+		    CPPFLAGS="$CPPFLAGS $libatomic_ops_include"
+		else
+		    AC_MSG_ERROR([libatomic_ops include directory $with_libatomic_ops/include not found])
+		fi;;
+	esac
+	ethr_have_libatomic_ops=no
+	AC_TRY_LINK([#include "atomic_ops.h"],
+		    [
+			volatile AO_t x;
+			AO_t y;
+			int z;
+
+			AO_nop_full();
+			AO_store(&x, (AO_t) 0);
+			z = AO_load(&x);
+			z = AO_compare_and_swap_full(&x, (AO_t) 0, (AO_t) 1);
+		    ],
+		    [ethr_have_native_atomics=yes
+		     ethr_have_libatomic_ops=yes])
+	AC_MSG_RESULT([$ethr_have_libatomic_ops])
+	if test $ethr_have_libatomic_ops = yes; then
+	    AC_CHECK_SIZEOF(AO_t, ,
+			    [
+				#include <stdio.h>
+				#include "atomic_ops.h"
+			    ])
+	    AC_DEFINE_UNQUOTED(ETHR_SIZEOF_AO_T, $ac_cv_sizeof_AO_t, [Define to the size of AO_t if libatomic_ops is used])
+
+	    AC_DEFINE(ETHR_HAVE_LIBATOMIC_OPS, 1, [Define if you have libatomic_ops atomic operations])
+	    if test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+		AC_DEFINE(ETHR_PREFER_LIBATOMIC_OPS_NATIVE_IMPLS, 1, [Define if you prefer libatomic_ops native ethread implementations])
+	    fi
+	    ETHR_DEFS="$ETHR_DEFS $libatomic_ops_include"
+	elif test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+	    AC_MSG_ERROR([No usable libatomic_ops implementation found])
+	fi
+
+	case "$host_cpu" in
+	  sparc | sun4u | sparc64 | sun4v)
+		case "$with_sparc_memory_order" in
+		    "TSO")
+			AC_DEFINE(ETHR_SPARC_TSO, 1, [Define if only run in Sparc TSO mode]);;
+		    "PSO")
+			AC_DEFINE(ETHR_SPARC_PSO, 1, [Define if only run in Sparc PSO, or TSO mode]);;
+		    "RMO"|"")
+			AC_DEFINE(ETHR_SPARC_RMO, 1, [Define if run in Sparc RMO, PSO, or TSO mode]);;
+		    *)
+			AC_MSG_ERROR([Unsupported Sparc memory order: $with_sparc_memory_order]);;
+		esac
+		ethr_have_native_atomics=yes;; 
+	  i86pc | i*86 | x86_64 | amd64)
+		if test "$enable_x86_out_of_order" = "yes"; then
+			AC_DEFINE(ETHR_X86_OUT_OF_ORDER, 1, [Define if x86/x86_64 out of order instructions should be synchronized])
+		fi
+		ethr_have_native_atomics=yes;;
+	  macppc | ppc | "Power Macintosh")
+		ethr_have_native_atomics=yes;;
+	  tile)
+		ethr_have_native_atomics=yes;;
+	  *)
+		;;
+	esac
+
+	test ethr_have_native_atomics = "yes" && ethr_have_native_spinlock=yes
+
+	dnl Restore LIBS
+	LIBS=$saved_libs
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+	;;
+    *)
+	;;
+esac
+
+AC_MSG_CHECKING([whether default stack size should be modified])
+if test "x$ethr_modified_default_stack_size" != "x"; then
+	AC_DEFINE_UNQUOTED(ETHR_MODIFIED_DEFAULT_STACK_SIZE, $ethr_modified_default_stack_size, [Define if you want to modify the default stack size])
+	AC_MSG_RESULT([yes; to $ethr_modified_default_stack_size kilo words])
+else
+	AC_MSG_RESULT([no])
+fi
+
+if test "x$ETHR_THR_LIB_BASE" != "x"; then
+	ETHR_DEFS="-DUSE_THREADS $ETHR_DEFS"
+	ETHR_LIBS="-l$ethr_lib_name -lerts_internal_r $ETHR_X_LIBS"
+	ETHR_LIB_NAME=$ethr_lib_name
+fi
+
+AC_CHECK_SIZEOF(void *)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_PTR, $ac_cv_sizeof_void_p, [Define to the size of pointers])
+
+AC_CHECK_SIZEOF(int)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_INT, $ac_cv_sizeof_int, [Define to the size of int])
+AC_CHECK_SIZEOF(long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG, $ac_cv_sizeof_long, [Define to the size of long])
+AC_CHECK_SIZEOF(long long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG_LONG, $ac_cv_sizeof_long_long, [Define to the size of long long])
+AC_CHECK_SIZEOF(__int64)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT64, $ac_cv_sizeof___int64, [Define to the size of __int64])
+AC_CHECK_SIZEOF(__int128_t)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT128_T, $ac_cv_sizeof___int128_t, [Define to the size of __int128_t])
+
+
+case X$erl_xcomp_bigendian in
+    X) ;;
+    Xyes|Xno) ac_cv_c_bigendian=$erl_xcomp_bigendian;;
+    *) AC_MSG_ERROR([Bad erl_xcomp_bigendian value: $erl_xcomp_bigendian]);;
+esac
+
+AC_C_BIGENDIAN
+
+if test "$ac_cv_c_bigendian" = "yes"; then
+    AC_DEFINE(ETHR_BIGENDIAN, 1, [Define if bigendian])
+fi
+
+AC_ARG_ENABLE(native-ethr-impls,
+	      AS_HELP_STRING([--disable-native-ethr-impls],
+                             [disable native ethread implementations]),
+[ case "$enableval" in
+    no) disable_native_ethr_impls=yes ;;
+    *)  disable_native_ethr_impls=no ;;
+  esac ], disable_native_ethr_impls=no)
+
+AC_ARG_ENABLE(x86-out-of-order,
+	      AS_HELP_STRING([--enable-x86-out-of-order],
+                             [enable x86/x84_64 out of order support (default disabled)]))
+
+test "X$disable_native_ethr_impls" = "Xyes" &&
+  AC_DEFINE(ETHR_DISABLE_NATIVE_IMPLS, 1, [Define if you want to disable native ethread implementations])
+
+AC_ARG_ENABLE(prefer-gcc-native-ethr-impls,
+	      AS_HELP_STRING([--enable-prefer-gcc-native-ethr-impls],
+			     [prefer gcc native ethread implementations]),
+[ case "$enableval" in
+    yes) enable_prefer_gcc_native_ethr_impls=yes ;;
+    *)  enable_prefer_gcc_native_ethr_impls=no ;;
+  esac ], enable_prefer_gcc_native_ethr_impls=no)
+
+test $enable_prefer_gcc_native_ethr_impls = yes &&
+  AC_DEFINE(ETHR_PREFER_GCC_NATIVE_IMPLS, 1, [Define if you prefer gcc native ethread implementations])
+
+AC_ARG_WITH(libatomic_ops,
+	    AS_HELP_STRING([--with-libatomic_ops=PATH],
+			   [specify and prefer usage of libatomic_ops in the ethread library]))
+
+AC_ARG_WITH(with_sparc_memory_order,
+	    AS_HELP_STRING([--with-sparc-memory-order=TSO|PSO|RMO],
+			   [specify sparc memory order (defaults to RMO)]))
+
+ETHR_X86_SSE2_ASM=no
+case "$GCC-$ac_cv_sizeof_void_p-$host_cpu" in
+  yes-4-i86pc | yes-4-i*86 | yes-4-x86_64 | yes-4-amd64)
+    AC_MSG_CHECKING([for gcc sse2 asm support])
+    save_CFLAGS="$CFLAGS"
+    CFLAGS="$CFLAGS -msse2"
+    gcc_sse2_asm=no
+    AC_TRY_COMPILE([],
+	[
+		long long x, *y;
+		__asm__ __volatile__("movq %1, %0\n\t" : "=x"(x) : "m"(*y) : "memory");
+	],
+	[gcc_sse2_asm=yes])
+    CFLAGS="$save_CFLAGS"
+    AC_MSG_RESULT([$gcc_sse2_asm])
+    if test "$gcc_sse2_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_SSE2_ASM_SUPPORT, 1, [Define if you use a gcc that supports -msse2 and understand sse2 specific asm statements])
+      ETHR_X86_SSE2_ASM=yes
+    fi
+    ;;
+  *)
+    ;;
+esac
+
+case "$GCC-$host_cpu" in
+  yes-i86pc | yes-i*86 | yes-x86_64 | yes-amd64)
+    gcc_dw_cmpxchg_asm=no
+    AC_MSG_CHECKING([for gcc double word cmpxchg asm support])    
+    AC_TRY_COMPILE([],
+	[
+    char xchgd;
+    long new[2], xchg[2], *p;		  
+    __asm__ __volatile__(
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"pushl %%ebx\n\t"
+	"movl %8, %%ebx\n\t"
+#endif
+#if ETHR_SIZEOF_PTR == 4
+	"lock; cmpxchg8b %0\n\t"
+#else
+	"lock; cmpxchg16b %0\n\t"
+#endif
+	"setz %3\n\t"
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"popl %%ebx\n\t"
+#endif
+	: "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	: "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new[1]),
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	  "r"(new[0])
+#else
+	  "b"(new[0])
+#endif
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+    if test $gcc_dw_cmpxchg_asm = no && test $ac_cv_sizeof_void_p = 4; then
+      AC_TRY_COMPILE([],
+	  [
+      char xchgd;
+      long new[2], xchg[2], *p;
+#if !defined(__PIC__) || !__PIC__
+#  error nope
+#endif
+      __asm__ __volatile__(
+    	  "pushl %%ebx\n\t"
+	  "movl (%7), %%ebx\n\t"
+	  "movl 4(%7), %%ecx\n\t"
+	  "lock; cmpxchg8b %0\n\t"
+  	  "setz %3\n\t"
+	  "popl %%ebx\n\t"
+	  : "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	  : "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new)
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+      if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+        AC_DEFINE(ETHR_CMPXCHG8B_REGISTER_SHORTAGE, 1, [Define if you get a register shortage with cmpxchg8b and position independent code])
+      fi
+    fi
+    AC_MSG_RESULT([$gcc_dw_cmpxchg_asm])
+    if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_DW_CMPXCHG_ASM_SUPPORT, 1, [Define if you use a gcc that supports the double word cmpxchg instruction])
+    fi;;
+  *)
+    ;;
+esac
+
+AC_DEFINE(ETHR_HAVE_ETHREAD_DEFINES, 1, \
+[Define if you have all ethread defines])
+
+AC_SUBST(ETHR_X_LIBS)
+AC_SUBST(ETHR_LIBS)
+AC_SUBST(ETHR_LIB_NAME)
+AC_SUBST(ETHR_DEFS)
+AC_SUBST(ETHR_THR_LIB_BASE)
+AC_SUBST(ETHR_THR_LIB_BASE_DIR)
+AC_SUBST(ETHR_X86_SSE2_ASM)
+
+])
+
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_TIME_CORRECTION
+dnl
+dnl In the presence of a high resolution realtime timer Erlang can adapt
+dnl its view of time relative to this timer. On solaris such a timer is
+dnl available with the syscall gethrtime(). On other OS's a fallback
+dnl solution using times() is implemented. (However on e.g. FreeBSD times()
+dnl is implemented using gettimeofday so it doesn't make much sense to
+dnl use it there...) On second thought, it seems to be safer to do it the
+dnl other way around. I.e. only use times() on OS's where we know it will
+dnl work...
+dnl
+
+AC_DEFUN(ERL_TIME_CORRECTION,
+[if test x$ac_cv_func_gethrtime = x; then
+  AC_CHECK_FUNC(gethrtime)
+fi
+if test x$clock_gettime_correction = xunknown; then
+	AC_TRY_COMPILE([#include <time.h>],
+			[struct timespec ts;
+     			 long long result;
+			 clock_gettime(CLOCK_MONOTONIC,&ts);
+                         result = ((long long) ts.tv_sec) * 1000000000LL + 
+			 ((long long) ts.tv_nsec);],
+			clock_gettime_compiles=yes,
+			clock_gettime_compiles=no)
+else
+	clock_gettime_compiles=no
+fi
+			
+
+AC_CACHE_CHECK([how to correct for time adjustments], erl_cv_time_correction,
+[
+case $clock_gettime_correction in
+    yes)
+	erl_cv_time_correction=clock_gettime;;	
+    no|unknown)
+	case $ac_cv_func_gethrtime in
+  	    yes)
+    		erl_cv_time_correction=hrtime ;;
+  	    no)
+    		case $host_os in
+        	    linux*)
+			case $clock_gettime_correction in
+			    unknown)
+				if test x$clock_gettime_compiles = xyes; then
+				    if test X$cross_compiling != Xyes; then
+				    	linux_kernel_vsn_=`uname -r`
+				    	case $linux_kernel_vsn_ in
+					    [[0-1]].*|2.[[0-5]]|2.[[0-5]].*)
+					    	erl_cv_time_correction=times ;;
+					    *)
+					    	erl_cv_time_correction=clock_gettime;;
+				    	esac
+				    else
+					case X$erl_xcomp_linux_clock_gettime_correction in
+					    X)
+						erl_cv_time_correction=cross;;
+					    Xyes|Xno)
+						if test $erl_xcomp_linux_clock_gettime_correction = yes; then
+						    erl_cv_time_correction=clock_gettime
+						else
+					    	    erl_cv_time_correction=times
+						fi;;
+					    *)
+						AC_MSG_ERROR([Bad erl_xcomp_linux_clock_gettime_correction value: $erl_xcomp_linux_clock_gettime_correction]);;
+					esac
+				    fi
+				else
+				    erl_cv_time_correction=times
+				fi
+				;;
+			     *)				
+        			erl_cv_time_correction=times ;;
+			esac
+			;;
+            	    *)
+        		erl_cv_time_correction=none ;;
+    		esac
+    		;;
+	esac
+	;;
+esac
+])
+
+xrtlib=""
+case $erl_cv_time_correction in
+  times)
+    AC_DEFINE(CORRECT_USING_TIMES,[],
+	[Define if you do not have a high-res. timer & want to use times() instead])
+    ;;
+  clock_gettime|cross)
+    if test $erl_cv_time_correction = cross; then
+	erl_cv_time_correction=clock_gettime
+	AC_MSG_WARN([result clock_gettime guessed because of cross compilation])
+    fi
+    xrtlib="-lrt"
+    AC_DEFINE(GETHRTIME_WITH_CLOCK_GETTIME,[1],
+	[Define if you want to use clock_gettime to simulate gethrtime])
+    ;;
+esac
+dnl
+dnl Check if gethrvtime is working, and if to use procfs ioctl
+dnl or (yet to be written) write to the procfs ctl file.
+dnl
+
+AC_MSG_CHECKING([if gethrvtime works and how to use it])
+AC_TRY_RUN([
+/* gethrvtime procfs ioctl test */
+/* These need to be undef:ed to not break activation of
+ * micro level process accounting on /proc/self 
+ */
+#ifdef _LARGEFILE_SOURCE
+#  undef _LARGEFILE_SOURCE
+#endif
+#ifdef _FILE_OFFSET_BITS
+#  undef _FILE_OFFSET_BITS
+#endif
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/signal.h>
+#include <sys/fault.h>
+#include <sys/syscall.h>
+#include <sys/procfs.h>
+#include <fcntl.h>
+
+int main() {
+    long msacct = PR_MSACCT;
+    int fd;
+    long long start, stop;
+    int i;
+    pid_t pid = getpid();
+    char proc_self[30] = "/proc/";
+
+    sprintf(proc_self+strlen(proc_self), "%lu", (unsigned long) pid);
+    if ( (fd = open(proc_self, O_WRONLY)) == -1)
+	exit(1);
+    if (ioctl(fd, PIOCSET, &msacct) < 0)
+	exit(2);
+    if (close(fd) < 0)
+	exit(3);
+    start = gethrvtime();
+    for (i = 0; i < 100; i++)
+	stop = gethrvtime();
+    if (start == 0)
+	exit(4);
+    if (start == stop)
+	exit(5);
+    exit(0); return 0;
+}
+],
+erl_gethrvtime=procfs_ioctl,
+erl_gethrvtime=false,
+[
+case X$erl_xcomp_gethrvtime_procfs_ioctl in
+    X)
+	erl_gethrvtime=cross;;
+    Xyes|Xno)
+	if test $erl_xcomp_gethrvtime_procfs_ioctl = yes; then
+	    erl_gethrvtime=procfs_ioctl
+	else
+	    erl_gethrvtime=false
+	fi;;
+    *)
+	AC_MSG_ERROR([Bad erl_xcomp_gethrvtime_procfs_ioctl value: $erl_xcomp_gethrvtime_procfs_ioctl]);;
+esac
+])
+
+case $erl_gethrvtime in
+  procfs_ioctl)
+	AC_DEFINE(HAVE_GETHRVTIME_PROCFS_IOCTL,[1],
+		[define if gethrvtime() works and uses ioctl() to /proc/self])
+	AC_MSG_RESULT(uses ioctl to procfs)
+	;;
+  *)
+	if test $erl_gethrvtime = cross; then
+	    erl_gethrvtime=false
+	    AC_MSG_RESULT(cross)
+	    AC_MSG_WARN([result 'not working' guessed because of cross compilation])
+	else
+	    AC_MSG_RESULT(not working)
+	fi
+
+	dnl
+	dnl Check if clock_gettime (linux) is working
+	dnl
+
+	AC_MSG_CHECKING([if clock_gettime can be used to get process CPU time])
+	save_libs=$LIBS
+	LIBS="-lrt"
+	AC_TRY_RUN([
+	#include <stdlib.h>
+	#include <unistd.h>
+	#include <string.h>
+	#include <stdio.h>
+	#include <time.h>
+	int main() {
+	    long long start, stop;
+	    int i;
+	    struct timespec tp;
+
+	    if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp) < 0)
+	      exit(1);
+	    start = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    for (i = 0; i < 100; i++)
+	      clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp);
+	    stop = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    if (start == 0)
+	      exit(4);
+	    if (start == stop)
+	      exit(5);
+	    exit(0); return 0;
+	  }
+	],
+	erl_clock_gettime=yes,
+	erl_clock_gettime=no,
+	[
+	case X$erl_xcomp_clock_gettime_cpu_time in
+	    X) erl_clock_gettime=cross;;
+	    Xyes|Xno) erl_clock_gettime=$erl_xcomp_clock_gettime_cpu_time;;
+	    *) AC_MSG_ERROR([Bad erl_xcomp_clock_gettime_cpu_time value: $erl_xcomp_clock_gettime_cpu_time]);;
+	esac
+	])
+	LIBS=$save_libs
+	case $host_os in
+		linux*)
+			AC_MSG_RESULT([no; not stable])
+			LIBRT=$xrtlib
+			;;
+		*)
+			AC_MSG_RESULT($erl_clock_gettime)
+			case $erl_clock_gettime in
+	  			yes)
+					AC_DEFINE(HAVE_CLOCK_GETTIME,[],
+						  [define if clock_gettime() works for getting process time])
+					LIBRT=-lrt
+					;;
+	  			cross)
+					erl_clock_gettime=no
+					AC_MSG_WARN([result no guessed because of cross compilation])
+					LIBRT=$xrtlib
+					;;
+	  			*)
+					LIBRT=$xrtlib
+					;;
+			esac
+			;;
+	esac
+	AC_SUBST(LIBRT)
+	;;
+esac
+])dnl
+
+dnl ERL_TRY_LINK_JAVA(CLASSES, FUNCTION-BODY
+dnl                   [ACTION_IF_FOUND [, ACTION-IF-NOT-FOUND]])
+dnl Freely inspired by AC_TRY_LINK. (Maybe better to create a 
+dnl AC_LANG_JAVA instead...)
+AC_DEFUN(ERL_TRY_LINK_JAVA,
+[java_link='$JAVAC conftest.java 1>&AC_FD_CC'
+changequote(, )dnl
+cat > conftest.java <<EOF
+$1
+class conftest { public static void main(String[] args) {
+   $2
+   ; return; }}
+EOF
+changequote([, ])dnl
+if AC_TRY_EVAL(java_link) && test -s conftest.class; then
+   ifelse([$3], , :, [rm -rf conftest*
+   $3])
+else
+   echo "configure: failed program was:" 1>&AC_FD_CC
+   cat conftest.java 1>&AC_FD_CC
+   echo "configure: PATH was $PATH" 1>&AC_FD_CC
+ifelse([$4], , , [  rm -rf conftest*
+  $4
+])dnl
+fi
+rm -f conftest*])
+#define UNSAFE_MASK  0xc0000000 /* Mask for bits that must be constant */
+
+
diff --git a/lib/wx/api_gen/gl_gen_c.erl b/lib/wx/api_gen/gl_gen_c.erl
index 0f5cb0e1f4..be2c5cf2bf 100644
--- a/lib/wx/api_gen/gl_gen_c.erl
+++ b/lib/wx/api_gen/gl_gen_c.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -238,7 +238,7 @@ decode_arg(P=#arg{name=Name,type=#type{size=BSz,name=Type,single={list,TSz}}},A0
     {P, A};
 decode_arg(P=#arg{name=Name,type=#type{name=Type,base=guard_int}},A0) ->
     A = align(4,A0),
-    w(" ~s *~s = (~s *) * (int *) bp; bp += 4;~n", [Type,Name,Type]),
+    w(" ~s *~s = (~s *) (ErlDrvSInt) * (int *) bp; bp += 4;~n", [Type,Name,Type]),
     {P, A};
 decode_arg(P=#arg{name=Name,type=#type{name=Type,base=string,single=true}},A0) ->
     w(" ~s *~s = (~s *) bp;~n", [Type,Name,Type]),
diff --git a/lib/wx/api_gen/wx_extra/wxEvtHandler.erl b/lib/wx/api_gen/wx_extra/wxEvtHandler.erl
index c6810eb32c..080ebfa49f 100644
--- a/lib/wx/api_gen/wx_extra/wxEvtHandler.erl
+++ b/lib/wx/api_gen/wx_extra/wxEvtHandler.erl
@@ -76,7 +76,7 @@ parse_opts([{callback,Fun}|R], Opts) when is_function(Fun) ->
     %% Check Fun Arity?
     parse_opts(R, Opts#evh{cb=Fun});
 parse_opts([callback|R], Opts) ->
-    parse_opts(R, Opts#evh{cb=1});
+    parse_opts(R, Opts#evh{cb=self()});
 parse_opts([{userData, UserData}|R],Opts) ->
     parse_opts(R, Opts#evh{userdata=UserData});
 parse_opts([{skip, Skip}|R],Opts) when is_boolean(Skip) ->
diff --git a/lib/wx/c_src/Makefile.in b/lib/wx/c_src/Makefile.in
index ae5a149d14..d40ce88e99 100644
--- a/lib/wx/c_src/Makefile.in
+++ b/lib/wx/c_src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2008-2010. All Rights Reserved.
+# Copyright Ericsson AB 2008-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/c_src/gen/gl_funcs.cpp b/lib/wx/c_src/gen/gl_funcs.cpp
index 30542a0f02..fa1476dba5 100644
--- a/lib/wx/c_src/gen/gl_funcs.cpp
+++ b/lib/wx/c_src/gen/gl_funcs.cpp
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2008-2010. All Rights Reserved.
+ * Copyright Ericsson AB 2008-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -395,7 +395,7 @@ case 5043: { // glBitmap
  GLfloat *yorig = (GLfloat *) bp; bp += 4;
  GLfloat *xmove = (GLfloat *) bp; bp += 4;
  GLfloat *ymove = (GLfloat *) bp; bp += 4;
- GLubyte *bitmap = (GLubyte *) * (int *) bp; bp += 4;
+ GLubyte *bitmap = (GLubyte *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglBitmap(*width,*height,*xorig,*yorig,*xmove,*ymove,bitmap);
 }; break;
 case 5044: { // glBitmap
@@ -538,7 +538,7 @@ case 5073: { // glColorPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglColorPointer(*size,*type,*stride,pointer);
 }; break;
 case 5074: { // glColorPointer
@@ -646,7 +646,7 @@ case 5090: { // glDrawElements
  GLenum *mode = (GLenum *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglDrawElements(*mode,*count,*type,indices);
 }; break;
 case 5091: { // glDrawElements
@@ -661,7 +661,7 @@ case 5092: { // glDrawPixels
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglDrawPixels(*width,*height,*format,*type,pixels);
 }; break;
 case 5093: { // glDrawPixels
@@ -678,7 +678,7 @@ case 5094: { // glEdgeFlagv
 }; break;
 case 5095: { // glEdgeFlagPointer
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglEdgeFlagPointer(*stride,pointer);
 }; break;
 case 5096: { // glEdgeFlagPointer
@@ -1265,7 +1265,7 @@ case 5149: { // glIndexMask
 case 5150: { // glIndexPointer
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglIndexPointer(*type,*stride,pointer);
 }; break;
 case 5151: { // glIndexPointer
@@ -1300,7 +1300,7 @@ case 5157: { // glInitNames
 case 5158: { // glInterleavedArrays
  GLenum *format = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglInterleavedArrays(*format,*stride,pointer);
 }; break;
 case 5159: { // glInterleavedArrays
@@ -1561,7 +1561,7 @@ case 5199: { // glNormal3sv
 case 5200: { // glNormalPointer
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglNormalPointer(*type,*stride,pointer);
 }; break;
 case 5201: { // glNormalPointer
@@ -1933,7 +1933,7 @@ case 5274: { // glTexCoordPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexCoordPointer(*size,*type,*stride,pointer);
 }; break;
 case 5275: { // glTexCoordPointer
@@ -2016,7 +2016,7 @@ case 5286: { // glTexImage1D
  GLint *border = (GLint *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexImage1D(*target,*level,*internalformat,*width,*border,*format,*type,pixels);
 }; break;
 case 5287: { // glTexImage1D
@@ -2039,7 +2039,7 @@ case 5288: { // glTexImage2D
  GLint *border = (GLint *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexImage2D(*target,*level,*internalformat,*width,*height,*border,*format,*type,pixels);
 }; break;
 case 5289: { // glTexImage2D
@@ -2087,7 +2087,7 @@ case 5294: { // glTexSubImage1D
  GLsizei *width = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexSubImage1D(*target,*level,*xoffset,*width,*format,*type,pixels);
 }; break;
 case 5295: { // glTexSubImage1D
@@ -2109,7 +2109,7 @@ case 5296: { // glTexSubImage2D
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexSubImage2D(*target,*level,*xoffset,*yoffset,*width,*height,*format,*type,pixels);
 }; break;
 case 5297: { // glTexSubImage2D
@@ -2188,7 +2188,7 @@ case 5312: { // glVertexPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglVertexPointer(*size,*type,*stride,pointer);
 }; break;
 case 5313: { // glVertexPointer
@@ -2222,7 +2222,7 @@ case 5317: { // glDrawRangeElements
  GLuint *end = (GLuint *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglDrawRangeElements(*mode,*start,*end,*count,*type,indices);
 }; break;
 case 5318: { // glDrawRangeElements
@@ -2244,7 +2244,7 @@ case 5319: { // glTexImage3D
  GLint *border = (GLint *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexImage3D(*target,*level,*internalformat,*width,*height,*depth,*border,*format,*type,pixels);
 }; break;
 case 5320: { // glTexImage3D
@@ -2271,7 +2271,7 @@ case 5321: { // glTexSubImage3D
  GLsizei *depth = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexSubImage3D(*target,*level,*xoffset,*yoffset,*zoffset,*width,*height,*depth,*format,*type,pixels);
 }; break;
 case 5322: { // glTexSubImage3D
@@ -2306,7 +2306,7 @@ case 5324: { // glColorTable
  GLsizei *width = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *table = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *table = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglColorTable(*target,*internalformat,*width,*format,*type,table);
 }; break;
 case 5325: { // glColorTable
@@ -2389,7 +2389,7 @@ case 5332: { // glColorSubTable
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglColorSubTable(*target,*start,*count,*format,*type,data);
 }; break;
 case 5333: { // glColorSubTable
@@ -2415,7 +2415,7 @@ case 5335: { // glConvolutionFilter1D
  GLsizei *width = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *image = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *image = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglConvolutionFilter1D(*target,*internalformat,*width,*format,*type,image);
 }; break;
 case 5336: { // glConvolutionFilter1D
@@ -2434,7 +2434,7 @@ case 5337: { // glConvolutionFilter2D
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *image = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *image = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglConvolutionFilter2D(*target,*internalformat,*width,*height,*format,*type,image);
 }; break;
 case 5338: { // glConvolutionFilter2D
@@ -2530,8 +2530,8 @@ case 5346: { // glSeparableFilter2D
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *row = (GLvoid *) * (int *) bp; bp += 4;
- GLvoid *column = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *row = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
+ GLvoid *column = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglSeparableFilter2D(*target,*internalformat,*width,*height,*format,*type,row,column);
 }; break;
 case 5347: { // glSeparableFilter2D
@@ -2666,7 +2666,7 @@ case 5360: { // glCompressedTexImage3D
  GLsizei *depth = (GLsizei *) bp; bp += 4;
  GLint *border = (GLint *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexImage3D(*target,*level,*internalformat,*width,*height,*depth,*border,*imageSize,data);
 }; break;
 case 5361: { // glCompressedTexImage3D
@@ -2689,7 +2689,7 @@ case 5362: { // glCompressedTexImage2D
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLint *border = (GLint *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexImage2D(*target,*level,*internalformat,*width,*height,*border,*imageSize,data);
 }; break;
 case 5363: { // glCompressedTexImage2D
@@ -2710,7 +2710,7 @@ case 5364: { // glCompressedTexImage1D
  GLsizei *width = (GLsizei *) bp; bp += 4;
  GLint *border = (GLint *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexImage1D(*target,*level,*internalformat,*width,*border,*imageSize,data);
 }; break;
 case 5365: { // glCompressedTexImage1D
@@ -2734,7 +2734,7 @@ case 5366: { // glCompressedTexSubImage3D
  GLsizei *depth = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexSubImage3D(*target,*level,*xoffset,*yoffset,*zoffset,*width,*height,*depth,*format,*imageSize,data);
 }; break;
 case 5367: { // glCompressedTexSubImage3D
@@ -2760,7 +2760,7 @@ case 5368: { // glCompressedTexSubImage2D
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexSubImage2D(*target,*level,*xoffset,*yoffset,*width,*height,*format,*imageSize,data);
 }; break;
 case 5369: { // glCompressedTexSubImage2D
@@ -2782,7 +2782,7 @@ case 5370: { // glCompressedTexSubImage1D
  GLsizei *width = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexSubImage1D(*target,*level,*xoffset,*width,*format,*imageSize,data);
 }; break;
 case 5371: { // glCompressedTexSubImage1D
@@ -2958,7 +2958,7 @@ case 5401: { // glFogCoorddv
 case 5402: { // glFogCoordPointer
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglFogCoordPointer(*type,*stride,pointer);
 }; break;
 case 5403: { // glFogCoordPointer
@@ -3003,7 +3003,7 @@ case 5412: { // glSecondaryColorPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglSecondaryColorPointer(*size,*type,*stride,pointer);
 }; break;
 case 5413: { // glSecondaryColorPointer
@@ -3156,7 +3156,7 @@ case 5434: { // glBufferData
  GLenum *target = (GLenum *) bp; bp += 4;
  bp += 4;
  GLsizeiptr size = (GLsizeiptr) * (GLuint64EXT *) bp; bp += 8;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  GLenum *usage = (GLenum *) bp; bp += 4;
  weglBufferData(*target,size,data,*usage);
 }; break;
@@ -3173,7 +3173,7 @@ case 5436: { // glBufferSubData
  bp += 4;
  GLintptr offset = (GLintptr) * (GLuint64EXT *) bp; bp += 8;
  GLsizeiptr size = (GLsizeiptr) * (GLuint64EXT *) bp; bp += 8;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglBufferSubData(*target,offset,size,data);
 }; break;
 case 5437: { // glBufferSubData
@@ -3833,7 +3833,7 @@ case 5518: { // glVertexAttribPointer
  GLboolean *normalized = (GLboolean *) bp; bp += 1;
  bp += 3;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglVertexAttribPointer(*index,*size,*type,*normalized,*stride,pointer);
 }; break;
 case 5519: { // glVertexAttribPointer
@@ -4051,7 +4051,7 @@ case 5541: { // glVertexAttribIPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglVertexAttribIPointer(*index,*size,*type,*stride,pointer);
 }; break;
 case 5542: { // glVertexAttribIPointer
@@ -4345,7 +4345,7 @@ case 5578: { // glDrawElementsInstanced
  GLenum *mode = (GLenum *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  GLsizei *primcount = (GLsizei *) bp; bp += 4;
  weglDrawElementsInstanced(*mode,*count,*type,indices,*primcount);
 }; break;
@@ -5341,7 +5341,7 @@ case 5683: { // glDrawElementsBaseVertex
  GLenum *mode = (GLenum *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  GLint *basevertex = (GLint *) bp; bp += 4;
  weglDrawElementsBaseVertex(*mode,*count,*type,indices,*basevertex);
 }; break;
@@ -5359,7 +5359,7 @@ case 5685: { // glDrawRangeElementsBaseVertex
  GLuint *end = (GLuint *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  GLint *basevertex = (GLint *) bp; bp += 4;
  weglDrawRangeElementsBaseVertex(*mode,*start,*end,*count,*type,indices,*basevertex);
 }; break;
@@ -5377,7 +5377,7 @@ case 5687: { // glDrawElementsInstancedBaseVertex
  GLenum *mode = (GLenum *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  GLsizei *primcount = (GLsizei *) bp; bp += 4;
  GLint *basevertex = (GLint *) bp; bp += 4;
  weglDrawElementsInstancedBaseVertex(*mode,*count,*type,indices,*primcount,*basevertex);
@@ -5772,7 +5772,7 @@ case 5725: { // glGetQueryObjectui64v
 }; break;
 case 5726: { // glDrawArraysIndirect
  GLenum *mode = (GLenum *) bp; bp += 4;
- GLvoid *indirect = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indirect = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglDrawArraysIndirect(*mode,indirect);
 }; break;
 case 5727: { // glDrawArraysIndirect
@@ -5783,7 +5783,7 @@ case 5727: { // glDrawArraysIndirect
 case 5728: { // glDrawElementsIndirect
  GLenum *mode = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indirect = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indirect = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglDrawElementsIndirect(*mode,*type,indirect);
 }; break;
 case 5729: { // glDrawElementsIndirect
@@ -6718,7 +6718,7 @@ case 5840: { // glVertexAttribLPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglVertexAttribLPointer(*index,*size,*type,*stride,pointer);
 }; break;
 case 5841: { // glVertexAttribLPointer
diff --git a/lib/wx/c_src/wxe_driver.c b/lib/wx/c_src/wxe_driver.c
index 2404b13cc3..d1ed252ec0 100644
--- a/lib/wx/c_src/wxe_driver.c
+++ b/lib/wx/c_src/wxe_driver.c
@@ -40,9 +40,14 @@ static ErlDrvData wxe_driver_start(ErlDrvPort port, char *buff);
 static int  wxe_driver_load(void);
 static void wxe_driver_stop(ErlDrvData handle);
 static void wxe_driver_unload(void);
-static int  wxe_driver_control(ErlDrvData handle, unsigned int command,  
- 			       char* buf, int count, char** res, int res_size); 
-static int wxe_driver_call(ErlDrvData drv_data, unsigned int command, char *buf, int len, char **rbuf, int rlen, unsigned int *flags);
+static ErlDrvSSizeT wxe_driver_control(ErlDrvData handle,
+				       unsigned int command,  
+				       char* buf, ErlDrvSizeT count,
+				       char** res, ErlDrvSizeT res_size); 
+static ErlDrvSSizeT wxe_driver_call(ErlDrvData drv_data, unsigned int command,
+				    char *buf, ErlDrvSizeT len,
+				    char **rbuf, ErlDrvSizeT rlen,
+				    unsigned int *flags);
 
 static void standard_outputv(ErlDrvData drv_data, ErlIOVec *ev);
 static void wxe_process_died(ErlDrvData drv_data, ErlDrvMonitor *monitor);
@@ -151,17 +156,20 @@ wxe_driver_unload(void)
    wxe_master = NULL;
 }
 
-static int
+static ErlDrvSSizeT
 wxe_driver_control(ErlDrvData handle, unsigned op,
-		   char* buf, int count, char** res, int res_size)
+		   char* buf, ErlDrvSizeT count,
+		   char** res, ErlDrvSizeT res_size)
 {
    wxe_data *sd = ((wxe_data *)handle);
    push_command(op,buf,count,sd);
    return 0;
 }
 
-static int wxe_driver_call(ErlDrvData handle, unsigned int command, 
-			   char *buf, int len, char **res, int rlen, unsigned int *flags)
+static ErlDrvSSizeT
+wxe_driver_call(ErlDrvData handle, unsigned int command, 
+		char *buf, ErlDrvSizeT len,
+		char **res, ErlDrvSizeT rlen, unsigned int *flags)
 {
    wxe_data *sd = ((wxe_data *)handle);
    if(command == WXE_DEBUG_DRIVER) {
diff --git a/lib/wx/configure.in b/lib/wx/configure.in
index 78c3f0d3d2..b27e114a3d 100755
--- a/lib/wx/configure.in
+++ b/lib/wx/configure.in
@@ -2,7 +2,7 @@ dnl Process this file with autoconf to produce a configure script. -*-m4-*-
 
 dnl %CopyrightBegin%
 dnl
-dnl Copyright Ericsson AB 2008-2010. All Rights Reserved.
+dnl Copyright Ericsson AB 2008-2011. All Rights Reserved.
 dnl
 dnl The contents of this file are subject to the Erlang Public License,
 dnl Version 1.1, (the "License"); you may not use this file except in
@@ -67,55 +67,14 @@ AC_PROG_RANLIB
 AC_PROG_CPP
 
 AC_MSG_NOTICE(Building for [$host_os])
-MIXED_CYGWIN=no
 WXERL_CAN_BUILD_DRIVER=true
 
-AC_MSG_CHECKING(for mixed cygwin and native VC++ environment)
-if test "X$CC" = "Xcc.sh" -a "X$host" = "Xwin32" -a "x$GCC" != x"yes"; then
-	if test -x /usr/bin/cygpath; then
-		CFLAGS="-Owx"		
-		MIXED_CYGWIN=yes
-		AC_MSG_RESULT([yes])
-		MIXED_CYGWIN_VC=yes
-		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_VC"
-	else
-		AC_MSG_RESULT([undeterminable])
-		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
-	fi
-else
-	AC_MSG_RESULT([no])
-	MIXED_CYGWIN_VC=no
-fi
-AC_SUBST(MIXED_CYGWIN_VC)
-
-AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
-if test "X$CC" = "Xcc.sh" -a "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
-	if test -x /usr/bin/cygpath; then
-		CFLAGS="-O2"
-		MIXED_CYGWIN=yes
-		AC_MSG_RESULT([yes])
-		MIXED_CYGWIN_MINGW=yes
-		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_MINGW"
-	else
-		AC_MSG_RESULT([undeterminable])
-		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
-	fi
-else
-	AC_MSG_RESULT([no])
-	MIXED_CYGWIN_MINGW=no
-fi
-AC_SUBST(MIXED_CYGWIN_MINGW)
+LM_WINDOWS_ENVIRONMENT
 
-AC_MSG_CHECKING(if we mix cygwin with any native compiler)
-if test "X$MIXED_CYGWIN" = "Xyes" ; then
-	AC_MSG_RESULT([yes])	
-else
-	AC_MSG_RESULT([no])
+if test  X"$MIXED_CYGWIN_VC" == X"yes" -o X"$MIXED_MSYS_VC" == X"yes"; then
+   CFLAGS="-Owx"
 fi
 
-AC_SUBST(MIXED_CYGWIN)
-
-
 ## Check that we are in 32 bits mode on darwin 
 ## (wxWidgets require that it currently uses 32-bits Carbon)
 ## Otherwise skip building wxErlang
@@ -219,19 +178,6 @@ AC_SUBST(OBJC_CFLAGS)
 
 case $host_os in
     darwin*)
-	AC_TRY_COMPILE([],[
-		#if __GNUC__ >= 4 
-		;
-		#else
-		#error old or no gcc
-		#endif
-		],
-		gcc_need_no_cpp_precomp=no,
-		gcc_need_no_cpp_precomp=yes)
-
-	if test x$gcc_need_no_cpp_precomp = xyes; then
-	   CFLAGS="-no-cpp-precomp $CFLAGS"
-	fi
 	LDFLAGS="-bundle -flat_namespace -undefined warning -fPIC $LDFLAGS"
 	# Check sizof_void_p as future will hold 64bit MacOS wx
 	if test $ac_cv_sizeof_void_p = 4; then
@@ -361,7 +307,7 @@ dnl
 if test "$cross_compiling" = "yes"; then
     echo "Cross compilation of the wx driver is not supported yet, wx will NOT be usable" > ./CONF_INFO
     WXERL_CAN_BUILD_DRIVER=false
-elif test X"$MIXED_CYGWIN_VC" != X"yes" ; then
+elif test  X"$MIXED_CYGWIN_VC" == X"no" -a X"$MIXED_MSYS_VC" == X"no"; then
     m4_include(wxwin.m4)
 
     AM_OPTIONS_WXCONFIG
@@ -431,7 +377,11 @@ define(wx_warn_text,[
 else
     AC_MSG_CHECKING(for wxWidgets in standard locations)
 		  
-    CWXWIN_CONFIG=`cygpath $wx_config_name 2>/dev/null`
+    if test "x$MIXED_MSYS" = "xyes"; then
+        CWXWIN_CONFIG=`win2msys_path.sh $wx_config_name 2>/dev/null`
+    else
+	CWXWIN_CONFIG=`cygpath $wx_config_name 2>/dev/null`
+    fi
     CWXWIN1=`dirname $CWXWIN_CONFIG 2>/dev/null`
     CWXWIN2=`dirname $CWXWIN1 2>/dev/null`
 
@@ -439,10 +389,24 @@ else
        PROGRAMFILES=c:/Program Files
     fi
 
-    CWXWIN_PROG=`cygpath -d "$PROGRAMFILES" | cygpath -f - 2>/dev/null`
+    
+    if test "x$MIXED_MSYS" = "xyes"; then
+        CWXWIN_PROG=`win2msys_path.sh "$PROGRAMFILES" 2>/dev/null`
+    else
+	CWXWIN_PROG=`cygpath -d "$PROGRAMFILES" | cygpath -f - 2>/dev/null`
+    fi
     CWXWIN3=$CWXWIN_PROG/wxWidgets-2.8
     CWXWIN4=$CWXWIN_PROG/wxMSW-2.8
     CWX_DOCUMENTED="/opt/local/pgm/wxMSW-2.8.* /opt/local/pgm/wxWidgets-2.8.*"
+    case $ac_cv_sizeof_void_p in
+    	 8)
+		CWX_DOCUMENTED="/opt/local64/pgm/wxMSW-2.8.* /opt/local64/pgm/wxWidgets-2.8.* $CWX_DOCUMENTED"
+		;;
+         *)
+		true
+		;;
+    esac	
+			
     CWXPATH="$CWXWIN1 $CWXWIN2 $CWX_DOCUMENTED $CWXWIN3.* $CWXWIN4.*"
 
     for dir in $CWXPATH; do
@@ -451,11 +415,11 @@ else
 	    WXINCLUDE_PLAIN=$dir/include
 	    WXINCLUDE_CONTRIB=$dir/contrib/include
 	    WX_CFLAGS="-EHsc -D_UNICODE -DUNICODE -I$WXINCLUDE_MSVC -I$WXINCLUDE_PLAIN -I$WXINCLUDE_CONTRIB -D__WXMSW__"
-	    WX_CXXFLAGS=$WX_CFLAGS
+	    WX_CXXFLAGS="-TP $WX_CFLAGS"
 	    WX_LIBDIR=$dir/lib/vc_lib
 	    WX_RESCOMP="rc.sh -I$WXINCLUDE_PLAIN -D __WIN32__"
 	    RC_FILE_TYPE=res
-	    for lib in $WX_LIBDIR/wxbase*.lib; do
+	    for lib in $WX_LIBDIR/wxbase*.lib $WX_LIBDIR2/wxbase*.lib; do
 		maybe=`echo $lib | egrep 'wxbase[[0-9]]*u\.lib'`
 		if test '!' -z "$maybe"; then
 		   corelib_number=`echo $maybe | sed 's,.*\([[0-9]].\)u\.lib,\1,'`
@@ -589,7 +553,7 @@ AC_CHECK_HEADERS([wx/stc/stc.h],
         [],
     	[WXERL_CAN_BUILD_DRIVER=false
 	 echo "wxWidgets don't have wxStyledTextControl (stc.h), wx will NOT be useable" > ./CONF_INFO
-     	 AC_MSG_WARN([Can not find wx/stc/stc.h])      
+     	 AC_MSG_WARN([Can not find wx/stc/stc.h $CXXFLAGS])      
      	],
 	[#ifdef WIN32
 	 # include <windows.h>
diff --git a/lib/wx/doc/src/Makefile b/lib/wx/doc/src/Makefile
index c8eb6174c4..03e9f1e1bb 100644
--- a/lib/wx/doc/src/Makefile
+++ b/lib/wx/doc/src/Makefile
@@ -22,7 +22,7 @@
 # ----------------------------------------------------
 include ../../vsn.mk
 include ../../config.mk
-APPLICATION=wxErlang
+APPLICATION=wx
 
 ErlMods         = wx.erl wx_object.erl
 
diff --git a/lib/wx/doc/src/notes.xml b/lib/wx/doc/src/notes.xml
index 7bd8d18592..4a94227a55 100644
--- a/lib/wx/doc/src/notes.xml
+++ b/lib/wx/doc/src/notes.xml
@@ -31,6 +31,37 @@
   <p>This document describes the changes made to the wxErlang
     application.</p>
 
+<section><title>Wx 0.99.1</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fixed a deadlock in the driver, which could happen if a
+	    callback caused another callback to be invoked.</p>
+          <p>
+	    Own Id: OTP-9725</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Implemented wxSystemOptions.</p>
+          <p>
+	    Load Opengl from libGL.so.1 instead libGL.so to work
+	    around linux problems.</p>
+          <p>
+	    Own Id: OTP-9702</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Wx 0.99</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/wx/examples/demo/Makefile b/lib/wx/examples/demo/Makefile
index 8afa0e780e..3f054ec75f 100644
--- a/lib/wx/examples/demo/Makefile
+++ b/lib/wx/examples/demo/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2009. All Rights Reserved.
+# Copyright Ericsson AB 2009-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/demo/demo.erl b/lib/wx/examples/demo/demo.erl
index 59c20e09fb..61e71af021 100644
--- a/lib/wx/examples/demo/demo.erl
+++ b/lib/wx/examples/demo/demo.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -27,7 +27,7 @@
 -behaviour(wx_object).
 -export([start/0, start/1, start_link/0, start_link/1, format/3, 
 	 init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 
 -record(state, {win, demo, example, selector, log, code}).
@@ -189,6 +189,10 @@ handle_call(Msg, _From, State) ->
     io:format("Got Call ~p~n",[Msg]),
     {reply,ok,State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 %% Async Events are handled in handle_event as in handle_info
 handle_event(#wx{event=#wxCommand{type=command_listbox_selected, cmdString=Ex}}, 
 	     State = #state{demo={_,DemoSz}, example=Example, code=Code}) ->
diff --git a/lib/wx/examples/demo/ex_aui.erl b/lib/wx/examples/demo/ex_aui.erl
index 6adfd970fc..50f077638d 100644
--- a/lib/wx/examples/demo/ex_aui.erl
+++ b/lib/wx/examples/demo/ex_aui.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include("../../include/wx.hrl").
 
@@ -92,6 +92,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 %% Async Events are handled in handle_event as in handle_info
 handle_event(#wx{obj = Notebook,
 		 event = #wxCommand{type = command_button_clicked}},
diff --git a/lib/wx/examples/demo/ex_button.erl b/lib/wx/examples/demo/ex_button.erl
index 28c8273cb9..0dd0363933 100644
--- a/lib/wx/examples/demo/ex_button.erl
+++ b/lib/wx/examples/demo/ex_button.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -26,7 +26,7 @@
 
 -behaviour(wx_object).
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -record(state, 
 	{
@@ -153,6 +153,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p~n",[Msg]),
     {reply,ok,State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_canvas.erl b/lib/wx/examples/demo/ex_canvas.erl
index 844c7eddf3..1ec4760f40 100644
--- a/lib/wx/examples/demo/ex_canvas.erl
+++ b/lib/wx/examples/demo/ex_canvas.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2, handle_sync_event/3]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2, handle_sync_event/3]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -144,6 +144,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_canvas_paint.erl b/lib/wx/examples/demo/ex_canvas_paint.erl
index 38d6b62f1d..9bc083766a 100644
--- a/lib/wx/examples/demo/ex_canvas_paint.erl
+++ b/lib/wx/examples/demo/ex_canvas_paint.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2, handle_sync_event/3]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2, handle_sync_event/3]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -211,6 +211,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_choices.erl b/lib/wx/examples/demo/ex_choices.erl
index 75f8d22493..2e456ae249 100644
--- a/lib/wx/examples/demo/ex_choices.erl
+++ b/lib/wx/examples/demo/ex_choices.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -147,6 +147,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply, {error,nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_cursor.erl b/lib/wx/examples/demo/ex_cursor.erl
index 322bdcbb6c..c1a558541b 100644
--- a/lib/wx/examples/demo/ex_cursor.erl
+++ b/lib/wx/examples/demo/ex_cursor.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -135,6 +135,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_dialogs.erl b/lib/wx/examples/demo/ex_dialogs.erl
index 020e9eeb14..b39344f8b1 100644
--- a/lib/wx/examples/demo/ex_dialogs.erl
+++ b/lib/wx/examples/demo/ex_dialogs.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -153,6 +153,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_frame_utils.erl b/lib/wx/examples/demo/ex_frame_utils.erl
index 3064c9f3b7..a90642b355 100644
--- a/lib/wx/examples/demo/ex_frame_utils.erl
+++ b/lib/wx/examples/demo/ex_frame_utils.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -102,6 +102,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_gauge.erl b/lib/wx/examples/demo/ex_gauge.erl
index d30c3fea58..ffc667ff05 100644
--- a/lib/wx/examples/demo/ex_gauge.erl
+++ b/lib/wx/examples/demo/ex_gauge.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,7 +23,7 @@
 -include_lib("wx/include/wx.hrl").
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -record(gauge, {obj,
 		value,
@@ -118,6 +118,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply,ok, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 %% Async Events are handled in handle_event as in handle_info
 handle_event(#wx{id = ?ID_START_STOP,
 		 event = #wxCommand{type = command_togglebutton_clicked,
diff --git a/lib/wx/examples/demo/ex_gl.erl b/lib/wx/examples/demo/ex_gl.erl
index 53f1eda847..72dad2cf9d 100644
--- a/lib/wx/examples/demo/ex_gl.erl
+++ b/lib/wx/examples/demo/ex_gl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
 -behaviour(wx_object).
 
 -export([init/1, code_change/3, handle_info/2, handle_event/2,
-	 handle_call/3, terminate/2,
+	 handle_call/3, handle_cast/2, terminate/2,
 	 start/1]).
 
 -include_lib("wx/include/wx.hrl"). 
@@ -118,6 +118,10 @@ handle_call(Msg, _From, State) ->
     io:format("Got Call ~p~n",[Msg]),
     {reply,ok,State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, not_yet_implemented, State}.
 
diff --git a/lib/wx/examples/demo/ex_graphicsContext.erl b/lib/wx/examples/demo/ex_graphicsContext.erl
index bcd7a75be0..c356500d99 100644
--- a/lib/wx/examples/demo/ex_graphicsContext.erl
+++ b/lib/wx/examples/demo/ex_graphicsContext.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -26,7 +26,7 @@
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
 	 handle_info/2, handle_call/3,
-	 handle_event/2, handle_sync_event/3]).
+handle_cast/2, 	 handle_event/2, handle_sync_event/3]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -98,6 +98,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_grid.erl b/lib/wx/examples/demo/ex_grid.erl
index 2169c818ff..d1a9952ab2 100644
--- a/lib/wx/examples/demo/ex_grid.erl
+++ b/lib/wx/examples/demo/ex_grid.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -81,6 +81,10 @@ handle_info(_Msg, State) ->
 handle_call(_Msg, _From, State) ->
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_htmlWindow.erl b/lib/wx/examples/demo/ex_htmlWindow.erl
index b864cd10b2..564c790e48 100644
--- a/lib/wx/examples/demo/ex_htmlWindow.erl
+++ b/lib/wx/examples/demo/ex_htmlWindow.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include("../../include/wx.hrl").
 
@@ -81,6 +81,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_listCtrl.erl b/lib/wx/examples/demo/ex_listCtrl.erl
index 3faec4e229..13096dfa52 100644
--- a/lib/wx/examples/demo/ex_listCtrl.erl
+++ b/lib/wx/examples/demo/ex_listCtrl.erl
@@ -23,7 +23,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -record(state,
 	{
@@ -147,6 +147,11 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply,ok,State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_notebook.erl b/lib/wx/examples/demo/ex_notebook.erl
index 2e16ccfffa..fc38fdae08 100644
--- a/lib/wx/examples/demo/ex_notebook.erl
+++ b/lib/wx/examples/demo/ex_notebook.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,7 +23,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -record(state, 
 	{
@@ -133,6 +133,11 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply,ok,State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_pickers.erl b/lib/wx/examples/demo/ex_pickers.erl
index 892c5b449d..8013a5ba32 100644
--- a/lib/wx/examples/demo/ex_pickers.erl
+++ b/lib/wx/examples/demo/ex_pickers.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -124,6 +124,11 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_popupMenu.erl b/lib/wx/examples/demo/ex_popupMenu.erl
index 8774dbef7b..d6778c5dc5 100644
--- a/lib/wx/examples/demo/ex_popupMenu.erl
+++ b/lib/wx/examples/demo/ex_popupMenu.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -90,6 +90,11 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_radioBox.erl b/lib/wx/examples/demo/ex_radioBox.erl
index 8211aec4a2..ab7685f41f 100644
--- a/lib/wx/examples/demo/ex_radioBox.erl
+++ b/lib/wx/examples/demo/ex_radioBox.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -107,6 +107,9 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply, {error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
 
 code_change(_, _, State) ->
     {stop, ignore, State}.
diff --git a/lib/wx/examples/demo/ex_sashWindow.erl b/lib/wx/examples/demo/ex_sashWindow.erl
index dd05f4e45f..d8a8958f28 100644
--- a/lib/wx/examples/demo/ex_sashWindow.erl
+++ b/lib/wx/examples/demo/ex_sashWindow.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -116,6 +116,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_sizers.erl b/lib/wx/examples/demo/ex_sizers.erl
index 2cc6efd503..7b9e8eb37f 100644
--- a/lib/wx/examples/demo/ex_sizers.erl
+++ b/lib/wx/examples/demo/ex_sizers.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -101,6 +101,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_slider.erl b/lib/wx/examples/demo/ex_slider.erl
index 7b669d96f6..612543ff26 100644
--- a/lib/wx/examples/demo/ex_slider.erl
+++ b/lib/wx/examples/demo/ex_slider.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -101,6 +101,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply, {error, nyi},State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_splitterWindow.erl b/lib/wx/examples/demo/ex_splitterWindow.erl
index c135f298fa..4f25b73293 100644
--- a/lib/wx/examples/demo/ex_splitterWindow.erl
+++ b/lib/wx/examples/demo/ex_splitterWindow.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -90,6 +90,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_static.erl b/lib/wx/examples/demo/ex_static.erl
index 67061520c4..013bd5ac35 100644
--- a/lib/wx/examples/demo/ex_static.erl
+++ b/lib/wx/examples/demo/ex_static.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -105,6 +105,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_textCtrl.erl b/lib/wx/examples/demo/ex_textCtrl.erl
index 95837c7c4c..d82884f30b 100644
--- a/lib/wx/examples/demo/ex_textCtrl.erl
+++ b/lib/wx/examples/demo/ex_textCtrl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -92,6 +92,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply, {error,nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_treeCtrl.erl b/lib/wx/examples/demo/ex_treeCtrl.erl
index fa40795393..611904500a 100644
--- a/lib/wx/examples/demo/ex_treeCtrl.erl
+++ b/lib/wx/examples/demo/ex_treeCtrl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -109,6 +109,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/simple/Makefile b/lib/wx/examples/simple/Makefile
index 66f5952f0d..295e739202 100644
--- a/lib/wx/examples/simple/Makefile
+++ b/lib/wx/examples/simple/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2009. All Rights Reserved.
+# Copyright Ericsson AB 2009-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/simple/hello.erl b/lib/wx/examples/simple/hello.erl
index dc845ddfbb..02af1b501f 100644
--- a/lib/wx/examples/simple/hello.erl
+++ b/lib/wx/examples/simple/hello.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/simple/menu.erl b/lib/wx/examples/simple/menu.erl
index d573fcf13a..0025a0b027 100644
--- a/lib/wx/examples/simple/menu.erl
+++ b/lib/wx/examples/simple/menu.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/simple/minimal.erl b/lib/wx/examples/simple/minimal.erl
index dca4adc643..bdff66e217 100644
--- a/lib/wx/examples/simple/minimal.erl
+++ b/lib/wx/examples/simple/minimal.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/sudoku/Makefile b/lib/wx/examples/sudoku/Makefile
index 33725756b7..a7cbf85e03 100644
--- a/lib/wx/examples/sudoku/Makefile
+++ b/lib/wx/examples/sudoku/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2009. All Rights Reserved.
+# Copyright Ericsson AB 2009-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/sudoku/sudoku.erl b/lib/wx/examples/sudoku/sudoku.erl
index 01caeb9524..6749fec30a 100644
--- a/lib/wx/examples/sudoku/sudoku.erl
+++ b/lib/wx/examples/sudoku/sudoku.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/sudoku/sudoku.hrl b/lib/wx/examples/sudoku/sudoku.hrl
index 775b563bdc..6bb2eefd07 100644
--- a/lib/wx/examples/sudoku/sudoku.hrl
+++ b/lib/wx/examples/sudoku/sudoku.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/sudoku/sudoku_board.erl b/lib/wx/examples/sudoku/sudoku_board.erl
index 756837582f..4b26ff97da 100644
--- a/lib/wx/examples/sudoku/sudoku_board.erl
+++ b/lib/wx/examples/sudoku/sudoku_board.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -30,7 +30,7 @@
 	 draw/3, 
 	 %% Callbacks
 	 init/1, handle_sync_event/3, 
-	 handle_event/2, handle_info/2, handle_call/3, 
+	 handle_event/2, handle_info/2, handle_call/3, handle_cast/2,
 	 code_change/3, terminate/2]).
 
 -include("sudoku.hrl").
@@ -209,6 +209,10 @@ handle_call({draw, DC, Size},_From, S) ->
     redraw(DC,Size,S),
     {reply, ok, S}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, not_yet_implemented, State}.
 
diff --git a/lib/wx/examples/sudoku/sudoku_game.erl b/lib/wx/examples/sudoku/sudoku_game.erl
index 470aee0e3b..ec705918b3 100644
--- a/lib/wx/examples/sudoku/sudoku_game.erl
+++ b/lib/wx/examples/sudoku/sudoku_game.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/sudoku/sudoku_gui.erl b/lib/wx/examples/sudoku/sudoku_gui.erl
index 4aaecfe086..3d0c95ffa7 100644
--- a/lib/wx/examples/sudoku/sudoku_gui.erl
+++ b/lib/wx/examples/sudoku/sudoku_gui.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -24,7 +24,7 @@
 %%%-------------------------------------------------------------------
 -module(sudoku_gui).
 
--export([init/1, handle_info/2, handle_call/3, handle_event/2, 
+-export([init/1, handle_info/2, handle_call/3, handle_cast/2, handle_event/2,
 	 terminate/2, code_change/3]).
 
 -compile(export_all).
@@ -230,6 +230,10 @@ handle_event(Msg,S) ->
 handle_call(What, _From, State) ->
     {stop, {call, What}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, not_yet_implemented, State}.
 
diff --git a/lib/wx/examples/xrc/Makefile b/lib/wx/examples/xrc/Makefile
index aba58e0d0f..79d86ac1b9 100644
--- a/lib/wx/examples/xrc/Makefile
+++ b/lib/wx/examples/xrc/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2009. All Rights Reserved.
+# Copyright Ericsson AB 2009-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/src/Makefile b/lib/wx/src/Makefile
index 46bc06271c..4e5971de03 100644
--- a/lib/wx/src/Makefile
+++ b/lib/wx/src/Makefile
@@ -18,7 +18,15 @@
 #
 
 include ../vsn.mk
-include ../config.mk
+ifdef TERTIARY_BOOTSTRAP
+ VSN = $(WX_VSN)
+ INSIDE_ERLSRC = true
+ include $(ERL_TOP)/make/target.mk
+ include $(ERL_TOP)/make/$(TARGET)/otp.mk
+ RELSYSDIR = $(RELEASE_PATH)/lib/wx-$(VSN)
+else # Normal build
+ include ../config.mk
+endif
 
 ESRC = .
 EGEN = gen
@@ -65,7 +73,11 @@ APPUP_SRC    = $(APPUP_FILE).src
 APPUP_TARGET = $(EBIN)/$(APPUP_FILE)
 
 # Targets
-debug opt: $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET)
+ifdef TERTIARY_BOOTSTRAP
+ opt: $(EBIN)/wx_object.beam
+else
+ debug opt: $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET)
+endif
 
 clean:  
 	rm -f $(TARGET_FILES) 
diff --git a/lib/wx/src/gen/wxEvtHandler.erl b/lib/wx/src/gen/wxEvtHandler.erl
index f155351b66..820c2b7a58 100644
--- a/lib/wx/src/gen/wxEvtHandler.erl
+++ b/lib/wx/src/gen/wxEvtHandler.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -95,7 +95,7 @@ parse_opts([{callback,Fun}|R], Opts) when is_function(Fun) ->
     %% Check Fun Arity?
     parse_opts(R, Opts#evh{cb=Fun});
 parse_opts([callback|R], Opts) ->
-    parse_opts(R, Opts#evh{cb=1});
+    parse_opts(R, Opts#evh{cb=self()});
 parse_opts([{userData, UserData}|R],Opts) ->
     parse_opts(R, Opts#evh{userdata=UserData});
 parse_opts([{skip, Skip}|R],Opts) when is_boolean(Skip) ->
diff --git a/lib/wx/src/wx_object.erl b/lib/wx/src/wx_object.erl
index 82c4cfbad5..80f8937656 100644
--- a/lib/wx/src/wx_object.erl
+++ b/lib/wx/src/wx_object.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -108,7 +108,38 @@
 	 get_pid/1
 	]).
 
--export([behaviour_info/1]).
+%% -export([behaviour_info/1]).
+-callback init(Args :: term()) ->
+    {#wx_ref{}, State :: term()} | {#wx_ref{}, State :: term(), timeout() | hibernate} |
+    {stop, Reason :: term()} | ignore.
+-callback handle_event(Request :: #wx{}, State :: term()) ->
+    {noreply, NewState :: term()} |
+    {noreply, NewState :: term(), timeout() | hibernate} |
+    {stop, Reason :: term(), NewState :: term()}.
+-callback handle_call(Request :: term(), From :: {pid(), Tag :: term()},
+                      State :: term()) ->
+    {reply, Reply :: term(), NewState :: term()} |
+    {reply, Reply :: term(), NewState :: term(), timeout() | hibernate} |
+    {noreply, NewState :: term()} |
+    {noreply, NewState :: term(), timeout() | hibernate} |
+    {stop, Reason :: term(), Reply :: term(), NewState :: term()} |
+    {stop, Reason :: term(), NewState :: term()}.
+-callback handle_cast(Request :: term(), State :: term()) ->
+    {noreply, NewState :: term()} |
+    {noreply, NewState :: term(), timeout() | hibernate} |
+    {stop, Reason :: term(), NewState :: term()}.
+-callback handle_info(Info :: timeout() | term(), State :: term()) ->
+    {noreply, NewState :: term()} |
+    {noreply, NewState :: term(), timeout() | hibernate} |
+    {stop, Reason :: term(), NewState :: term()}.
+-callback terminate(Reason :: (normal | shutdown | {shutdown, term()} |
+                               term()),
+                    State :: term()) ->
+    term().
+-callback code_change(OldVsn :: (term() | {down, term()}), State :: term(),
+                      Extra :: term()) ->
+    {ok, NewState :: term()} | {error, Reason :: term()}.
+
 
 %% System exports
 -export([system_continue/3,
@@ -125,15 +156,15 @@
 %%%  API
 %%%=========================================================================
 %% @hidden
-behaviour_info(callbacks) ->
-    [{init,1},
-     {handle_call,3},
-     {handle_info,2},
-     {handle_event,2},
-     {terminate,2},
-     {code_change,3}];
-behaviour_info(_Other) ->
-    undefined.
+%% behaviour_info(callbacks) ->
+%%     [{init,1},
+%%      {handle_call,3},
+%%      {handle_info,2},
+%%      {handle_event,2},
+%%      {terminate,2},
+%%      {code_change,3}];
+%% behaviour_info(_Other) ->
+%%     undefined.
 
 
 %%  -----------------------------------------------------------------
@@ -226,9 +257,11 @@ call(Name, Request, Timeout) when is_atom(Name) orelse is_pid(Name) ->
 %% Invokes handle_cast(Request, State) in the server
 
 cast(#wx_ref{state=Pid}, Request) when is_pid(Pid) ->
-    Pid ! {'$gen_cast',Request};
+    Pid ! {'$gen_cast',Request},
+    ok;
 cast(Name, Request) when is_atom(Name) orelse is_pid(Name) ->
-    Name ! {'$gen_cast',Request}.
+    Name ! {'$gen_cast',Request},
+    ok.
 
 %% @spec (Ref::wxObject()) -> pid()
 %% @doc Get the pid of the object handle.
@@ -258,9 +291,10 @@ init_it(Starter, self, Name, Mod, Args, Options) ->
     init_it(Starter, self(), Name, Mod, Args, Options);
 init_it(Starter, Parent, Name, Mod, Args, [WxEnv|Options]) ->
     case WxEnv of
-	undefined -> ok;	
+	undefined -> ok;
 	_ -> wx:set_env(WxEnv)
     end,
+    put('_wx_object_', {Mod,'_wx_init_'}),
     Debug = debug_options(Name, Options),
     case catch Mod:init(Args) of
 	{#wx_ref{} = Ref, State} ->
@@ -350,57 +384,16 @@ handle_msg({'$gen_call', From, Msg}, Parent, Name, State, Mod) ->
 	{noreply, NState, Time1} ->
 	    loop(Parent, Name, NState, Mod, Time1, []);
 	{stop, Reason, Reply, NState} ->
-	    {'EXIT', R} = 
+	    {'EXIT', R} =
 		(catch terminate(Reason, Name, Msg, Mod, NState, [])),
 	    reply(From, Reply),
 	    exit(R);
 	Other -> handle_common_reply(Other, Name, Msg, Mod, State, [])
     end;
-
-handle_msg(Msg = {_,_,'_wx_invoke_cb_'}, Parent, Name, State, Mod) ->
-    Reply = dispatch_cb(Msg, Mod, State),
-    handle_no_reply(Reply, Parent, Name, Msg, Mod, State, []);
 handle_msg(Msg, Parent, Name, State, Mod) ->
     Reply = (catch dispatch(Msg, Mod, State)),
     handle_no_reply(Reply, Parent, Name, Msg, Mod, State, []).
-%% @hidden
-dispatch_cb({{Msg=#wx{}, Obj=#wx_ref{}}, _, '_wx_invoke_cb_'}, Mod, State) ->
-    Callback = fun() ->
-		       wxe_util:cast(?WXE_CB_START, <<>>),
-		       case Mod:handle_sync_event(Msg, Obj, State) of
-			   ok -> <<>>;
-			   noreply -> <<>>;
-			   Other ->
-			       Args = [Msg, Obj, State],
-			       MFA = {Mod, handle_sync_event, Args},
-			       exit({bad_return, Other, MFA})
-		       end
-	       end,
-    wxe_server:invoke_callback(Callback),
-    {noreply, State};
-dispatch_cb({Func, ArgList, '_wx_invoke_cb_'}, Mod, State) ->
-    try  %% This don't work yet....
-	[#wx_ref{type=ThisClass}] = ArgList,
-	case Mod:handle_overloaded(Func, ArgList, State) of
-	    {reply, CBReply, NState} -> 
-		ThisClass:send_return_value(Func, CBReply),
-		{noreply, NState};
-	    {reply, CBReply, NState, Time1} -> 
-		ThisClass:send_return_value(Func, CBReply),
-		{noreply, NState, Time1};
-	    {noreply, NState} ->
-		ThisClass:send_return_value(Func, <<>>),
-		{noreply, NState};
-	    {noreply, NState, Time1} ->
-		ThisClass:send_return_value(Func, <<>>),
-		{noreply, NState, Time1};
-	    Other -> Other
-	end
-    catch _Err:Reason ->
-	    %% Hopefully we can release the wx-thread with this
-	    wxe_util:cast(?WXE_CB_RETURN, <<>>),
-	    {'EXIT', {Reason, erlang:get_stacktrace()}}
-    end.
+
 %% @hidden
 handle_msg({'$gen_call', From, Msg}, Parent, Name, State, Mod, Debug) ->
     case catch Mod:handle_call(Msg, From, State) of
@@ -426,9 +419,6 @@ handle_msg({'$gen_call', From, Msg}, Parent, Name, State, Mod, Debug) ->
 	Other ->
 	    handle_common_reply(Other, Name, Msg, Mod, State, Debug)
     end;
-handle_msg(Msg = {_,_,'_wx_invoke_cb_'}, Parent, Name, State, Mod, Debug) ->
-    Reply = dispatch_cb(Msg, Mod, State),
-    handle_no_reply(Reply, Parent, Name, Msg, Mod, State, Debug);
 handle_msg(Msg, Parent, Name, State, Mod, Debug) ->
     Reply = (catch dispatch(Msg, Mod, State)),
     handle_no_reply(Reply, Parent, Name, Msg, Mod, State, Debug).
diff --git a/lib/wx/src/wxe_server.erl b/lib/wx/src/wxe_server.erl
index 69e2189fac..6e982c97f6 100644
--- a/lib/wx/src/wxe_server.erl
+++ b/lib/wx/src/wxe_server.erl
@@ -221,7 +221,7 @@ handle_connect(Object, EvData, From, State0 = #state{users=Users}) ->
     Evs = [#event{object=Object,callback=Callback, cb_handler=CBHandler}|Evs0],
     User = User0#user{events=Evs, evt_handler=Handler},
     State1 = State0#state{users=gb_trees:update(From, User, Users)},
-    if is_function(Callback) ->
+    if is_function(Callback) orelse is_pid(Callback) ->
 	    {FunId, State} = attach_fun(Callback,State1),
 	    Res = wxEvtHandler:connect_impl(CBHandler,Object,
 					    wxEvtHandler:replace_fun_with_id(EvData,FunId)),
@@ -229,6 +229,7 @@ handle_connect(Object, EvData, From, State0 = #state{users=Users}) ->
 		ok     -> {reply,Res,State};
 		_Error -> {reply,Res,State0}
 	    end;
+
        true ->
 	    Res = {call_impl, connect_cb, CBHandler},
 	    {reply, Res, State1}
@@ -239,6 +240,8 @@ invoke_cb({{Ev=#wx{}, Ref=#wx_ref{}}, FunId,_}, _S) ->
     case get(FunId) of
 	Fun when is_function(Fun) ->
 	    invoke_callback(fun() -> Fun(Ev, Ref), <<>> end);
+	Pid when is_pid(Pid) -> %% wx_object sync event
+	    invoke_callback(Pid, Ev, Ref);
 	Err ->
 	    ?log("Internal Error ~p~n",[Err])
     end;
@@ -270,6 +273,44 @@ invoke_callback(Fun) ->
     spawn(CB),
     ok.
 
+invoke_callback(Pid, Ev, Ref) ->
+    Env = get(?WXE_IDENTIFIER),
+    CB = fun() ->
+		 wx:set_env(Env),
+		 wxe_util:cast(?WXE_CB_START, <<>>),
+		 try
+		     case get_wx_object_state(Pid) of
+			 ignore ->
+			     %% Ignore early events
+			     wxEvent:skip(Ref);
+			 {Mod, State} ->
+			     case Mod:handle_sync_event(Ev, Ref, State) of
+				 ok -> ok;
+				 noreply -> ok;
+				 Return -> exit({bad_return, Return})
+			     end
+		     end
+		 catch _:Reason ->
+			 wxEvent:skip(Ref),
+			 ?log("Callback fun crashed with {'EXIT, ~p, ~p}~n",
+			      [Reason, erlang:get_stacktrace()])
+		 end,
+		 wxe_util:cast(?WXE_CB_RETURN, <<>>)
+	 end,
+    spawn(CB),
+    ok.
+
+get_wx_object_state(Pid) ->
+    case process_info(Pid, dictionary) of
+	{dictionary, Dict} ->
+	    case lists:keysearch('_wx_object_',1,Dict) of
+		{value, {'_wx_object_', {_Mod, '_wx_init_'}}} -> ignore;
+		{value, {'_wx_object_', Value}} -> Value;
+		_ -> ignore
+	    end;
+	_ -> ignore
+    end.
+
 new_evt_listener(State) ->
     #wx_env{port=Port} = wx:get_env(),
     _ = erlang:port_control(Port,98,<<>>),
diff --git a/lib/wx/test/Makefile b/lib/wx/test/Makefile
index cf51d7918f..333711789f 100644
--- a/lib/wx/test/Makefile
+++ b/lib/wx/test/Makefile
@@ -27,7 +27,7 @@ PWD = $(shell pwd)
 APPDIR = $(shell dirname $(PWD))
 ERL_COMPILE_FLAGS = -pa $(APPDIR)/ebin
 
-Mods =  wxt wx_test_lib \
+Mods =  wxt wx_test_lib wx_obj_test \
 	wx_app_SUITE \
 	wx_basic_SUITE \
 	wx_event_SUITE \
diff --git a/lib/wx/test/wx_basic_SUITE.erl b/lib/wx/test/wx_basic_SUITE.erl
index 9ad34248a9..46c72bb453 100644
--- a/lib/wx/test/wx_basic_SUITE.erl
+++ b/lib/wx/test/wx_basic_SUITE.erl
@@ -48,7 +48,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
     [create_window, several_apps, wx_api, wx_misc,
-     data_types].
+     data_types, wx_object].
 
 groups() -> 
     [].
@@ -298,3 +298,77 @@ data_types(_Config) ->
     wxClientDC:destroy(CDC),
     %%wx_test_lib:wx_destroy(Frame,Config).
     wx:destroy().
+
+wx_object(TestInfo) when is_atom(TestInfo) -> wx_test_lib:tc_info(TestInfo);
+wx_object(Config) ->
+    wx:new(),
+    Frame = ?mt(wxFrame, wx_obj_test:start([])),
+    timer:sleep(500),
+    ?m(ok, check_events(flush())),
+
+    Me = self(),
+    ?m({call, foobar, {Me, _}}, wx_object:call(Frame, foobar)),
+    ?m(ok, wx_object:cast(Frame, foobar2)),
+    ?m([{cast, foobar2}], flush()),
+    FramePid = wx_object:get_pid(Frame),
+    io:format("wx_object pid ~p~n",[FramePid]),
+    FramePid ! foo3,
+    ?m([{info, foo3}], flush()),
+
+    ?m(ok, wx_object:cast(Frame, fun(_) -> hehe end)),
+    ?m([{cast, hehe}], flush()),
+    wxWindow:refresh(Frame),
+    ?m([{sync_event, #wx{event=#wxPaint{}}, _}], flush()),
+    ?m(ok, wx_object:cast(Frame, fun(_) -> timer:sleep(200), slept end)),
+    %% The sleep above should not hinder the Paint event below
+    %% Which it did in my buggy handling of the sync_callback
+    wxWindow:refresh(Frame),
+    ?m([{sync_event, #wx{event=#wxPaint{}}, _}], flush()),
+    ?m([{cast, slept}], flush()),
+
+    Monitor = erlang:monitor(process, FramePid),
+    case proplists:get_value(user, Config, false) of
+	false ->
+	    timer:sleep(100),
+	    wxFrame:destroy(Frame);
+	true ->
+	    timer:sleep(500),
+	    ?m(ok, wxFrame:destroy(Frame));
+	_ ->
+	    ?m(ok, wxEvtHandler:connect(Frame, close_window, [{skip,true}])),
+	    wx_test_lib:wait_for_close()
+    end,
+    ?m(ok, receive
+	       {'DOWN', Monitor, _, _, _} ->
+		   ?m([{terminate, wx_deleted}], flush()),
+		   ok
+	   after 1000 ->
+		   Msgs = flush(),
+		   io:format("Error ~p Alive ~p~n",[Msgs, is_process_alive(FramePid)])
+	   end),
+    catch wx:destroy(),
+    ok.
+
+check_events(Msgs) ->
+    check_events(Msgs, 0,0).
+
+check_events([{event, #wx{event=#wxSize{}}}|Rest], Async, Sync) ->
+    check_events(Rest, Async+1, Sync);
+check_events([{sync_event, #wx{event=#wxPaint{}}, Obj}|Rest], Async, Sync) ->
+    ?mt(wxPaintEvent, Obj),
+    check_events(Rest, Async, Sync+1);
+check_events([], Async, Sync) ->
+    case Async > 0 of  %% Test sync explictly
+	true -> ok;
+	false -> {Async, Sync}
+    end.
+
+flush() ->
+    flush([], 500).
+
+flush(Acc, Wait) ->
+    receive
+	Msg -> flush([Msg|Acc], Wait div 10)
+    after Wait ->
+	    lists:reverse(Acc)
+    end.
diff --git a/lib/wx/test/wx_obj_test.erl b/lib/wx/test/wx_obj_test.erl
new file mode 100644
index 0000000000..b4d7640c7e
--- /dev/null
+++ b/lib/wx/test/wx_obj_test.erl
@@ -0,0 +1,86 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+-module(wx_obj_test).
+-include_lib("wx/include/wx.hrl").
+
+-export([start/1]).
+
+%% wx_object callbacks
+-export([init/1, handle_info/2, terminate/2, code_change/3, handle_call/3,
+	 handle_sync_event/3, handle_event/2, handle_cast/2]).
+
+-record(state, {frame, panel, opts}).
+
+start(Opts) ->
+    wx_object:start_link(?MODULE, [{parent, self()}, Opts], []).
+
+init(Opts) ->
+    put(parent_pid, proplists:get_value(parent, Opts)),
+    Frame = wxFrame:new(wx:null(), ?wxID_ANY, "Test wx_object", [{size, {500, 400}}]),
+    Sz = wxBoxSizer:new(?wxHORIZONTAL),
+    Panel = wxPanel:new(Frame),
+    wxSizer:add(Sz, Panel, [{flag, ?wxEXPAND}, {proportion, 1}]),
+    wxPanel:connect(Panel, size, [{skip, true}]),
+    wxPanel:connect(Panel, paint, [callback, {userData, proplists:get_value(parent, Opts)}]),
+    wxWindow:show(Frame),
+    {Frame, #state{frame=Frame, panel=Panel, opts=Opts}}.
+
+handle_sync_event(Event = #wx{obj=Panel}, WxEvent, #state{opts=Opts}) ->
+    DC=wxPaintDC:new(Panel),  %% We must create & destroy paintDC, or call wxEvent:skip(WxEvent))
+    wxPaintDC:destroy(DC),    %% in sync_event. Otherwise wx on windows keeps sending the events.
+    Pid = proplists:get_value(parent, Opts),
+    true = is_pid(Pid),
+    Pid ! {sync_event, Event, WxEvent},
+    ok.
+
+handle_event(Event, State = #state{opts=Opts}) ->
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {event, Event},
+    {noreply, State}.
+
+handle_call(What, From, State) when is_function(What) ->
+    Result = What(State),
+    {reply, {call, Result, From}, State};
+handle_call(What, From, State) ->
+    {reply, {call, What, From}, State}.
+
+handle_cast(What, State = #state{opts=Opts})  when is_function(What) ->
+    Result = What(State),
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {cast, Result},
+    {noreply, State};
+
+handle_cast(What, State = #state{opts=Opts}) ->
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {cast, What},
+    {noreply, State}.
+
+handle_info(What, State = #state{opts=Opts}) ->
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {info, What},
+    {noreply, State}.
+
+terminate(What, #state{opts=Opts}) ->
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {terminate, What},
+    ok.
+
+code_change(Ver1, Ver2, State = #state{opts=Opts}) ->
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {code_change, Ver1, Ver2},
+    State.
diff --git a/lib/wx/test/wx_test_lib.hrl b/lib/wx/test/wx_test_lib.hrl
index 34e1e9c6b8..820e8f0050 100644
--- a/lib/wx/test/wx_test_lib.hrl
+++ b/lib/wx/test/wx_test_lib.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -40,7 +40,6 @@
 
 -define(m(ExpectedRes, Expr),
 	fun() ->
-		{TeStFILe, TeSTLiNe} = {?FILE, ?LINE},
 		AcTuAlReS = (catch (Expr)),
 		case AcTuAlReS of
 		    ExpectedRes ->
@@ -48,8 +47,8 @@
 			AcTuAlReS;
 		    _ ->
 			wx_test_lib:error("Not Matching Actual result was:~n ~p ~n Expected ~s~n",
-					  [AcTuAlReS, ??ExpectedRes], 
-					  TeStFILe,TeSTLiNe),
+					  [AcTuAlReS, ??ExpectedRes],
+					  ?FILE,?LINE),
 			AcTuAlReS
 		end
 	end()).
diff --git a/lib/wx/vsn.mk b/lib/wx/vsn.mk
index 8685c633d4..3f3e9422a8 100644
--- a/lib/wx/vsn.mk
+++ b/lib/wx/vsn.mk
@@ -1 +1 @@
-WX_VSN = 0.99
+WX_VSN = 0.99.1
diff --git a/lib/xmerl/doc/src/notes.xml b/lib/xmerl/doc/src/notes.xml
index 15c42d6f6a..8734bd8771 100644
--- a/lib/xmerl/doc/src/notes.xml
+++ b/lib/xmerl/doc/src/notes.xml
@@ -31,6 +31,117 @@
   <p>This document describes the changes made to the Xmerl application.</p>
 
 
+<section><title>Xmerl 1.3</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+	    <p> Fix character check of non-characters due to change
+	    in unicode module. </p>
+          <p>
+	    Own Id: OTP-9670</p>
+        </item>
+        <item>
+          <p>
+	    Treat , as special in xmerl_xpath_scan. (Thanks to Anneli
+	    Cuss)</p>
+          <p>
+	    Own Id: OTP-9753</p>
+        </item>
+        <item>
+	  <p> 
+	    Fix bug in namespace handling for attributes when the  
+            <c>namespace_conformant</c> flag is set to true. </p>
+          <p>
+	    Own Id: OTP-9821</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p> Updates to the xml scanner </p> <list> <item>
+	    <p>xmerl_scan is now returning xmlComment records in the
+	    output.<br/><br/> Functions <c>xmerl_scan:file/2</c> and
+	    <c>xmerl_scan:string/2</c> now accepts a new option
+	    <c>{comments, Flag}</c> for filtering of comments.<br/>
+	    Default (<c>true</c>) is that <c>#xmlComment</c> records
+	    are returned from the scanner and this flag should be set
+	    to false if one don't want comments in the output. </p>
+	    </item> <item> <p>Add <i>default_attrs</i>
+	    option<br/><br/> When <i>default_attrs</i> is <c>true</c>
+	    any attribute with a default value defined in the doctype
+	    but not in the attribute axis of the currently scanned
+	    element is added to it. </p> </item> <item> <p>Allow
+	    whole documents to be returned<br/><br/> Functions
+	    <c>xmerl_scan:file/2</c> and <c>xmerl_scan:string/2</c>
+	    now accepts a new option <c>{document, true}</c> to
+	    produce a whole document as a <c>xmlDocument</c> record
+	    instead of just the root element node.<br/> This option
+	    is the only way to get to the top-level comments and
+	    processing instructions without hooking through the
+	    customization functions. Those nodes are needed to
+	    implement [Canonical XML][c14n-xml] support.<br/>
+	    [c14n-xml]:
+	    http://www.w3.org/TR/2008/PR-xml-c14n11-20080129/
+	    <i>Canonical XML</i> </p> </item> <item><p>Parents and
+	    namespace are tracked in <c>#xmlAttribute</c>
+	    nodes</p></item> <item><p>Parents are tracked in
+	    <c>#xmlPI</c> nodes</p></item> <item><p>Set <c>vsn</c>
+	    field in <c>#xmlDecl</c> record</p></item> <item><p>Fix
+	    namespace-conformance constraints<br/><br/> See
+	    [Namespaces in XML 1.0 (Third Edition)][1]: The prefix
+	    xml is by definition bound to the namespace name
+	    http://www.w3.org/XML/1998/namespace. It MAY, but need
+	    not, be declared, and MUST NOT be bound to any other
+	    namespace name. Other prefixes MUST NOT be bound to this
+	    namespace name, and it MUST NOT be declared as the
+	    default namespace.<br/> The prefix xmlns is used only to
+	    declare namespace bindings and is by definition bound to
+	    the namespace name http://www.w3.org/2000/xmlns/. It MUST
+	    NOT be declared . Other prefixes MUST NOT be bound to
+	    this namespace name, and it MUST NOT be declared as the
+	    default namespace. Element names MUST NOT have the prefix
+	    xmlns.<br/> In XML documents conforming to this
+	    specification, no tag may contain two attributes which
+	    have identical names, or have qualified names with the
+	    same local part and with prefixes which have been bound
+	    to namespace names that are identical.<br/> [1]
+	    http://www.w3.org/TR/REC-xml-names/ </p></item> </list>
+	    <p> Updates of xmerl's Xpath functionality. </p> <list>
+	    <item><p>Add <c>#xmlPI</c> support to
+	    xmerl_xpath:write_node/1</p></item> <item><p>Fix
+	    processing-instruction(name?)</p></item> <item><p>Fix
+	    path filters, support more top-level primary
+	    expressions</p></item> <item><p>Accumulate comments in
+	    element nodes</p></item> <item><p>Implement namespace
+	    axis<br/><br/> Namespace nodes are represented as
+	    <c>#xmlNsNode</c> records. Now that the namespace axis is
+	    correctly implemented, attributes nodes corresponding to
+	    attributes that declare namespaces are ignored.<br/> See
+	    [5.3 Attribute Nodes][xpath-5.3]:<br/> There are no
+	    attribute nodes corresponding to attributes that declare
+	    namespaces.<br/> [xpath-5.3]:
+	    http://www.w3.org/TR/xpath/#attribute-nodes </p></item>
+	    </list> <p> (Thanks to Anthony Ramine) </p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9664</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Xmerl 1.2.10</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/xmerl/doc/src/part_notes.xml b/lib/xmerl/doc/src/part_notes.xml
index 827ffd90e9..b3c0597323 100644
--- a/lib/xmerl/doc/src/part_notes.xml
+++ b/lib/xmerl/doc/src/part_notes.xml
@@ -4,7 +4,7 @@
 <part xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2004</year><year>2009</year>
+      <year>2004</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/xmerl/doc/src/xmerl_ug.xmlsrc b/lib/xmerl/doc/src/xmerl_ug.xmlsrc
index 6ee6707e53..9ef8fbb0b9 100644
--- a/lib/xmerl/doc/src/xmerl_ug.xmlsrc
+++ b/lib/xmerl/doc/src/xmerl_ug.xmlsrc
@@ -36,9 +36,9 @@
       <title>Features</title>
       <p>The <em>xmerl</em> XML parser is able to parse XML documents
         according to the XML 1.0 standard. As default it performs
-        well-formed parsing,(syntax checks and checks of well-formed
+        well-formed parsing, (syntax checks and checks of well-formed
         constraints). Optionally one can also use xmerl as a validating
-        parser,(validate according to referenced DTD and validating
+        parser, (validate according to referenced DTD and validating
         constraints). By means of for example the xmerl_xs module it is
         possible to transform the parsed result to other formats,
         e.g. text, HTML, XML etc.</p>
diff --git a/lib/xmerl/include/xmerl.hrl b/lib/xmerl/include/xmerl.hrl
index 3760a5cce0..331d1507a0 100644
--- a/lib/xmerl/include/xmerl.hrl
+++ b/lib/xmerl/include/xmerl.hrl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2004-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/xmerl/include/xmerl_xsd.hrl b/lib/xmerl/include/xmerl_xsd.hrl
index 6dad7d8ff0..644cc2e433 100644
--- a/lib/xmerl/include/xmerl_xsd.hrl
+++ b/lib/xmerl/include/xmerl_xsd.hrl
@@ -184,7 +184,7 @@
 %% allowed for a schema.
 %% chain, represents a series of ordered objects, some of whom may be
 %% optional.
-%% alterantive, a collection of objects of which only one is choosen.
+%% alterantive, a collection of objects of which only one is chosen.
 -record(chain,{
 	  content,
 	  occurance={1,1}
diff --git a/lib/xmerl/src/xmerl.erl b/lib/xmerl/src/xmerl.erl
index 2332517988..3249094e78 100644
--- a/lib/xmerl/src/xmerl.erl
+++ b/lib/xmerl/src/xmerl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/xmerl/src/xmerl_sax_parser_base.erlsrc b/lib/xmerl/src/xmerl_sax_parser_base.erlsrc
index ec9178ea25..c25cde0472 100644
--- a/lib/xmerl/src/xmerl_sax_parser_base.erlsrc
+++ b/lib/xmerl/src/xmerl_sax_parser_base.erlsrc
@@ -1,7 +1,7 @@
 %%-*-erlang-*-
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/xmerl/src/xmerl_scan.erl b/lib/xmerl/src/xmerl_scan.erl
index ec7ea534d6..05431a5fd2 100644
--- a/lib/xmerl/src/xmerl_scan.erl
+++ b/lib/xmerl/src/xmerl_scan.erl
@@ -20,8 +20,8 @@
 %% Description  : Simgle-pass XML scanner. See xmerl.hrl for data defs.
 
 %% @doc This module is the interface to the XML parser, it handles XML 1.0.
-%%     The XML parser is activated through 
-%%     <tt>xmerl_scan:string/[1,2]</tt> or 
+%%     The XML parser is activated through
+%%     <tt>xmerl_scan:string/[1,2]</tt> or
 %%     <tt>xmerl_scan:file/[1,2]</tt>.
 %%     It returns records of the type defined in xmerl.hrl.
 %% See also <a href="xmerl_examples.html">tutorial</a> on customization
@@ -79,15 +79,15 @@
 %%  <dt><code>{validation, Flag}</code></dt>
 %%    <dd>Controls whether to process as a validating XML parser:
 %%    'off' (default) no validation, or validation 'dtd' by DTD or 'schema'
-%%    by XML Schema. 'false' and 'true' options are obsolete 
-%%    (i.e. they may be removed in a future release), if used 'false' 
+%%    by XML Schema. 'false' and 'true' options are obsolete
+%%    (i.e. they may be removed in a future release), if used 'false'
 %%    equals 'off' and 'true' equals 'dtd'.</dd>
 %%  <dt><code>{schemaLocation, [{Namespace,Link}|...]}</code></dt>
-%%    <dd>Tells explicitly which XML Schema documents to use to validate 
-%%    the XML document. Used together with the 
+%%    <dd>Tells explicitly which XML Schema documents to use to validate
+%%    the XML document. Used together with the
 %%    <code>{validation,schema}</code> option.</dd>
 %%  <dt><code>{quiet, Flag}</code></dt>
-%%    <dd>Set to 'true' if xmerl should behave quietly and not output any 
+%%    <dd>Set to 'true' if xmerl should behave quietly and not output any
 %%    information to standard output (default 'false').</dd>
 %%  <dt><code>{doctype_DTD, DTD}</code></dt>
 %%    <dd>Allows to specify DTD name when it isn't available in the XML
@@ -275,7 +275,7 @@ int_file_decl(F, Options,_ExtCharset) ->
 %% @spec string(Text::list()) -> {xmlElement(),Rest}
 %%   Rest = list()
 %% @equiv string(Test, [])
-string(Str) ->  
+string(Str) ->
     string(Str, []).
 
 %% @spec string(Text::list(),Options::option_list()) -> {document(),Rest}
@@ -306,7 +306,7 @@ int_string(Str, Options, XMLBase, FileName) ->
 	    scan_document(Str2, S#xmerl_scanner{encoding="iso-10646-utf-1"});
 	{undefined,undefined,Str2} -> %% no auto detection
 	    scan_document(Str2, S);
-	{external,ExtCharset,Str2} -> 
+	{external,ExtCharset,Str2} ->
 	    %% no auto detection, ExtCharset is an explicitly provided
 	    %% 7 bit,8 bit or utf-8 encoding
 	    scan_document(Str2, S#xmerl_scanner{encoding=atom_to_list(ExtCharset)})
@@ -325,7 +325,7 @@ int_string_decl(Str, Options, XMLBase, FileName) ->
 	{external,ExtCharset,Str2} ->
 	    scan_decl(Str2, S#xmerl_scanner{encoding=atom_to_list(ExtCharset)})
     end.
-    
+
 
 
 initial_state0(Options,XMLBase) ->
@@ -386,7 +386,7 @@ initial_state([{line, L}|T], S) ->
     initial_state(T, S#xmerl_scanner{line = L});
 initial_state([{namespace_conformant, F}|T], S) when F==true; F==false ->
     initial_state(T, S#xmerl_scanner{namespace_conformant = F});
-initial_state([{validation, F}|T], S) 
+initial_state([{validation, F}|T], S)
   when F==off; F==dtd; F==schema; F==true; F==false ->
     initial_state(T, S#xmerl_scanner{validation = validation_value(F)});
 initial_state([{schemaLocation, SL}|T], S) when is_list(SL) ->
@@ -422,7 +422,7 @@ validation_value(false) ->
 validation_value(F) ->
     F.
 
-%% Used for compacting (some) indentations. 
+%% Used for compacting (some) indentations.
 %% See also fast_accumulate_whitespace().
 common_data() ->
     {comdata(lists:duplicate(60, $\s), []),
@@ -465,7 +465,7 @@ event(_X, S) ->
 %% where Pos' can be derived from X#xmlElement.pos, X#xmlText.pos, or
 %% X#xmlAttribute.pos (whichever is the current object type.)
 %% The acc/3 function is not allowed to redefine the type of object
-%% being defined, but _is_ allowed to either ignore it or split it 
+%% being defined, but _is_ allowed to either ignore it or split it
 %% into multiple objects (in which case {Acc',Pos',S'} should be returned.)
 %% If {Acc',S'} is returned, Pos will be incremented by 1 by default.
 %% Below is an example of an acceptable operation
@@ -488,10 +488,10 @@ fetch_URI(URI, S) ->
     %% assume URI is a filename
     Split = filename:split(URI),
     Filename = fun([])->[];(X)->lists:last(X) end (Split),
-    Fullname = 
+    Fullname =
 	case Split of %% how about Windows systems?
 	    ["file:"|Name]-> %% absolute path, see RFC2396 sect 3
-		%% file:/dtd_name 
+		%% file:/dtd_name
 		filename:join(["/"|Name]);
 	    ["/"|Rest] when Rest /= [] ->
 		%% absolute path name
@@ -544,9 +544,9 @@ scan_document(Str0, S=#xmerl_scanner{event_fun = Event,
 			    line = L,
 			    col = C,
 			    data = document}, S),
-    
+
     %% Transform to given character set.
-    %% Note that if another character set is given in the encoding 
+    %% Note that if another character set is given in the encoding
     %% attribute in a XML declaration that one will be used later
     Str=if
 	    Charset == "utf-8" ->
@@ -573,7 +573,7 @@ scan_document(Str0, S=#xmerl_scanner{event_fun = Event,
     {Misc, _Pos1, Tail, S4}=scan_misc(T3, S3, Pos + 1),
 %%     M5 = erlang:memory(),
 %%     io:format("Memory status after misc: ~p~n",[M5]),
-    
+
     S5 = #xmerl_scanner{} = Event(#xmerl_event{event = ended,
 					       line = S4#xmerl_scanner.line,
 					       col = S4#xmerl_scanner.col,
@@ -636,7 +636,7 @@ scan_decl(Str, S=#xmerl_scanner{event_fun = Event,
 			    line = L,
 			    col = C,
 			    data = document}, S),
-    
+
     case scan_prolog(Str, S1, _StartPos = 1) of
 	{_,_,T2="<"++_, S2} ->
 	    {{S2#xmerl_scanner.user_state,T2},[],S2};
@@ -665,14 +665,14 @@ scan_prolog("<?xml"++T,
 	    Pos,Acc) when ?whitespace(hd(T)) ->
     {Charset, T3, S3} =
     if
-	Col==1,L==1,S0#xmerl_scanner.text_decl==true -> 
+	Col==1,L==1,S0#xmerl_scanner.text_decl==true ->
 	    ?dbg("prolog(\"<?xml\")~n", []),
 	    ?bump_col(5),
 	    {_,T1,S1} = mandatory_strip(T,S),
 	    {Decl,T2, S2}=scan_text_decl(T1,S1),
 	    Encoding=Decl#xmlDecl.encoding,
 	    {Encoding, T2, S2#xmerl_scanner{encoding=Encoding}};
-	Col==1,L==1 -> 
+	Col==1,L==1 ->
 	    ?dbg("prolog(\"<?xml\")~n", []),
 	    ?bump_col(5),
 	    {Decl,T2, S2}=scan_xml_decl(T, S),
@@ -728,7 +728,7 @@ scan_prolog(Str="%"++_T,S=#xmerl_scanner{environment={external,_}},
 scan_prolog(Str, S0 = #xmerl_scanner{user_state=_US,encoding=_Charset},
 	    Pos,Acc) ->
     ?dbg("prolog(\"<\")~n", []),
-    
+
     %% Check for Comments, PI before possible DOCTYPE declaration
     ?bump_col(1),
     %% If no known character set assume it is UTF-8
@@ -759,7 +759,7 @@ scan_prolog2(Str = "<!" ++ _, S, Pos, Acc) ->
     {Acc, Pos, T, S1};
 scan_prolog2(Str, S0 = #xmerl_scanner{user_state=_US},Pos,Acc) ->
     ?dbg("prolog(\"<\")~n", []),
-    
+
     %% Here we consider the DTD provided by doctype_DTD option,
     S1 =
 	case S0 of
@@ -793,7 +793,7 @@ scan_misc("<!--" ++ T, S0=#xmerl_scanner{acc_fun = F, comments=CF}, Pos, Acc) ->
     {C, T1, S1} = scan_comment(T, S, Pos, _Parents = [], _Lang = []),
     case CF of
 	true ->
-	    {Acc2, Pos2, S3} = 
+	    {Acc2, Pos2, S3} =
 		case F(C, Acc, S1) of
 		    {Acc1, S2} ->
 			{Acc1, Pos + 1, S2};
@@ -838,7 +838,7 @@ scan_xml_decl(T, S) ->
     {_,T1,S1} = mandatory_strip(T,S),
     {T2,S2} =
 	case T1 of
-	    "version" ++ _T2 -> 
+	    "version" ++ _T2 ->
 		{_T2,S1#xmerl_scanner{col=S1#xmerl_scanner.col+7}};
 	    _ -> ?fatal(expected_version_attribute,S1)
 	end,
@@ -879,8 +879,8 @@ scan_xml_decl2("encoding" ++ T, S0 = #xmerl_scanner{event_fun = Event},
 			 value = LowEncName},
     Decl = Decl0#xmlDecl{encoding = LowEncName,
 			 attributes = [Attr|Attrs]},
-    S3 = #xmerl_scanner{} = Event(#xmerl_event{event = ended, 
-					       line = S0#xmerl_scanner.line, 
+    S3 = #xmerl_scanner{} = Event(#xmerl_event{event = ended,
+					       line = S0#xmerl_scanner.line,
 					       col = S0#xmerl_scanner.col,
 					       data = Attr}, S2),
     case T2 of
@@ -902,7 +902,7 @@ scan_xml_decl3("?>" ++ T, S0,Decl) ->
     return_xml_decl(T,S,Decl);
 scan_xml_decl3("standalone" ++ T,S0 = #xmerl_scanner{event_fun = Event},
 	      Decl0 = #xmlDecl{attributes = Attrs}) ->
-    %% [32] SDDecl 
+    %% [32] SDDecl
     ?bump_col(10),
     {T1, S1} = scan_eq(T, S),
     {StValue,T2,S2}=scan_standalone_value(T1,S1),
@@ -911,8 +911,8 @@ scan_xml_decl3("standalone" ++ T,S0 = #xmerl_scanner{event_fun = Event},
 			 value = StValue},
     Decl = Decl0#xmlDecl{standalone = StValue,
 			 attributes = [Attr|Attrs]},
-    S3 = #xmerl_scanner{} = Event(#xmerl_event{event = ended, 
-					       line = S0#xmerl_scanner.line, 
+    S3 = #xmerl_scanner{} = Event(#xmerl_event{event = ended,
+					       line = S0#xmerl_scanner.line,
 					       col = S0#xmerl_scanner.col,
 					       data = Attr}, S2),
     {_,T3,S4} = strip(T2,S3),
@@ -933,7 +933,7 @@ return_xml_decl(T,S=#xmerl_scanner{hook_fun = _Hook,
 %%    {Ret, S3} = Hook(Decl, S2),
 %%    {Ret, T1, S3}.
     {Decl, T1, S2}.
-    
+
 
 scan_standalone_value("'yes'" ++T,S0)->
     ?bump_col(5),
@@ -976,7 +976,7 @@ scan_text_decl(T,S=#xmerl_scanner{event_fun = Event}) ->
     scan_text_decl(T5,S6,Decl).
 
 scan_text_decl("?>"++T,S0 = #xmerl_scanner{hook_fun = _Hook,
-					   event_fun = Event}, 
+					   event_fun = Event},
 	       Decl0 = #xmlDecl{attributes = Attrs}) ->
     ?bump_col(2),
     ?strip1,
@@ -1001,7 +1001,7 @@ scan_optional_version("version"++T,S0) ->
     {#xmlDecl{attributes=[Attr]},T4,S4};
 scan_optional_version(T,S) ->
     {#xmlDecl{attributes=[]},T,S}.
-    
+
 
 
 %%%%%%% [81] EncName
@@ -1010,7 +1010,7 @@ scan_enc_name([], S=#xmerl_scanner{continuation_fun = F}) ->
     F(fun(MoreBytes, S1) -> scan_enc_name(MoreBytes, S1) end,
       fun(S1) -> ?fatal(expected_encoding_name, S1) end,
       S);
-scan_enc_name([H|T], S0) when H >= $"; H =< $' -> 
+scan_enc_name([H|T], S0) when H >= $"; H =< $' ->
     ?bump_col(1),
     scan_enc_name(T, S, H, []).
 
@@ -1063,7 +1063,7 @@ scan_xml_vsn([H|T], S) when H==$"; H==$'->
 
 xml_vsn([], S=#xmerl_scanner{continuation_fun = F}, Delim, Acc) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> xml_vsn(MoreBytes, S1, Delim, Acc) end, 
+    F(fun(MoreBytes, S1) -> xml_vsn(MoreBytes, S1, Delim, Acc) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 xml_vsn([H|T], S=#xmerl_scanner{col = C}, H, Acc) ->
@@ -1093,7 +1093,7 @@ scan_pi(Str = [H1,H2,H3 | T],S0=#xmerl_scanner{line = L, col = C}, Pos, Ps)
   when H1==$x;H1==$X ->
     %% names beginning with [xX][mM][lL] are reserved for future use.
     ?bump_col(3),
-    if 
+    if
 	((H2==$m) or (H2==$M)) and
 	((H3==$l) or (H3==$L)) ->
 	    scan_wellknown_pi(T,S,Pos,Ps);
@@ -1126,7 +1126,7 @@ scan_pi([], S=#xmerl_scanner{continuation_fun = F}, Target,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 scan_pi("?>" ++ T, S0 = #xmerl_scanner{hook_fun = Hook,
-				       event_fun = Event}, 
+				       event_fun = Event},
 	Target, L, C, Pos, Ps, Acc) ->
     ?bump_col(2),
     PI = #xmlPI{name = Target,
@@ -1153,7 +1153,7 @@ scan_pi2([], S=#xmerl_scanner{continuation_fun = F}, Target,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 scan_pi2("?>" ++ T, S0 = #xmerl_scanner{hook_fun = Hook,
-				       event_fun = Event}, 
+				       event_fun = Event},
 	 Target, L, C, Pos, Ps, Acc) ->
     ?bump_col(2),
     PI = #xmlPI{name = Target,
@@ -1173,7 +1173,7 @@ scan_pi2(Str, S0, Target, L, C, Pos, Ps, Acc) ->
 
 
 
-%% [28] doctypedecl ::= 
+%% [28] doctypedecl ::=
 %%   '<!DOCTYPE' S Name (S ExternalID)? S? ('[' intSubset ']' S?)? '>'
 scan_doctype([], S=#xmerl_scanner{continuation_fun = F}) ->
     ?dbg("cont()...~n", []),
@@ -1279,7 +1279,7 @@ fetch_DTD(undefined, S) ->
     S;
 % fetch_DTD(_,S=#xmerl_scanner{validation=false}) ->
 %     S;
-fetch_DTD(DTDSpec, S)-> 
+fetch_DTD(DTDSpec, S)->
     case fetch_and_parse(DTDSpec,S,[{text_decl,true},
 				    {environment,{external,subset}}]) of
 	NewS when is_record(NewS,xmerl_scanner) ->
@@ -1294,7 +1294,7 @@ fetch_and_parse(ExtSpec,S=#xmerl_scanner{fetch_fun=Fetch,
 		Options0) ->
     RetS =
     case Fetch(ExtSpec, S) of
-	{ok, NewS} -> 
+	{ok, NewS} ->
 	    %% For backward compatibility only. This will be removed later!!
 	    NewS;
 	{ok, not_fetched,NewS} ->
@@ -1359,7 +1359,7 @@ fetch_not_parse(ExtSpec,S=#xmerl_scanner{fetch_fun=Fetch}) ->
 	{ok, DataRet, NewS} ->
 	    {String,LocationName} =
 		case DataRet of
-		    {file,F} ->	
+		    {file,F} ->
 			{get_file(F,S),F};
 		    {string,Str} ->
 			{binary_to_list(Str),file_name_unknown};
@@ -1375,7 +1375,7 @@ fetch_not_parse(ExtSpec,S=#xmerl_scanner{fetch_fun=Fetch}) ->
 get_file(F,S) ->
 %     io:format("get_file F=~p~n",[F]),
     case file:read_file(F) of
-	{ok,Bin} ->	    
+	{ok,Bin} ->
 	    binary_to_list(Bin);
 	Err ->
 	    ?fatal({error_reading_file,F,Err},S)
@@ -1390,7 +1390,7 @@ check_decl(#xmerl_scanner{rules=Tab} = S) ->
     check_notations(Tab,S),
     check_elements(Tab,S), %% check also attribute defs for element
     check_entities(Tab,S).
-	    
+
 check_notations(Tab,S) ->
     case ets:match(Tab,{{notation,'$1'},undeclared}) of
 	[[]] -> ok;
@@ -1439,7 +1439,7 @@ check_attributes([{N1,'ID',_,_,_}=Attr|Rest],S) ->
 check_attributes([{_,{enumeration,_},_,_,_}=Attr|T],S) ->
     vc_Enumeration(Attr,S),
     check_attributes(T,S);
-check_attributes([{_,Ent,_,_,_}=Attr|T],S) 
+check_attributes([{_,Ent,_,_,_}=Attr|T],S)
   when Ent=='ENTITY';Ent=='ENTITIES' ->
     vc_Entity_Name(Attr,S),
     check_attributes(T,S);
@@ -1483,7 +1483,7 @@ scan_ext_subset([], S=#xmerl_scanner{continuation_fun = F}) ->
     F(fun(MoreBytes, S1) -> scan_ext_subset(MoreBytes, S1) end,
       fun(S1) -> {[], S1} end,
       S);
-scan_ext_subset("%" ++ T, S0) -> 
+scan_ext_subset("%" ++ T, S0) ->
     %% DeclSep [28a]: WFC: PE Between Declarations.
     %% The replacement text of a parameter entity reference in a
     %% DeclSep must match the production extSubsetDecl.
@@ -1537,7 +1537,7 @@ scan_decl_sep(T,S) ->
 % 		{" " ++ EntV2 ++ " ",_S3};
 % 	    ExpRef ->
 % 		{ExpRef,S1}
-% 	end,		     
+% 	end,
 %     {_, T3, S3} = strip(ExpandedRef,S2),
 %     {_T4,S4} = scan_ext_subset(T3,S3),
 %     strip(T1,S4).
@@ -1623,7 +1623,7 @@ scan_include(T, S) ->
     scan_include(T1, S1).
 
 
-%%%%%%% [29] markupdecl ::= elementdecl | AttlistDecl | EntityDecl | 
+%%%%%%% [29] markupdecl ::= elementdecl | AttlistDecl | EntityDecl |
 %%%%%%%                     NotationDecl | PI |Comment
 %%%%%%% [45] elementdecl ::= '<!ELEMENT' S Name S contentspec S? '>'
 
@@ -1642,14 +1642,14 @@ scan_markup_decl("<?" ++ T, S0) ->
     ?bump_col(2),
     {_PI, T1, S1} = scan_pi(T, S,_Pos=markup,[]),
     strip(T1, S1);
-scan_markup_decl("<!ELEMENT" ++ T, 
+scan_markup_decl("<!ELEMENT" ++ T,
 		 #xmerl_scanner{rules_read_fun = Read,
 				rules_write_fun = Write,
 				rules_delete_fun = Delete} = S0) ->
     ?bump_col(9),
     {_,T1,S1} = mandatory_strip(T,S),
     {Ename, _NamespaceInfo, T2, S2} = scan_name(T1, S1),
-    Element  = 
+    Element  =
 	case Read(elem_def, Ename, S2) of
 	    El = #xmlElement{elementdef=Decl} when Decl =/= undeclared ->
 		case S2#xmerl_scanner.validation of
@@ -1690,7 +1690,7 @@ scan_markup_decl("<!NOTATION" ++ T, S0) ->
     {_,T1,S1} = mandatory_strip(T,S),
     {T2, S2} = scan_notation_decl(T1, S1),
     strip(T2,S2);
-scan_markup_decl("<!ATTLIST" ++ T, 
+scan_markup_decl("<!ATTLIST" ++ T,
 		 #xmerl_scanner{rules_read_fun = Read,
 				rules_write_fun = Write,
 				rules_delete_fun= Delete} = S0) ->
@@ -1707,7 +1707,7 @@ scan_markup_decl("<!ATTLIST" ++ T,
 		%% internal DTD.
 		{#xmlElement{},update_attributes(Attributes,[])};
 	    Edef = #xmlElement{attributes = OldAttrs} ->
-		Delete(elem_def,Ename,S4), 
+		Delete(elem_def,Ename,S4),
 		%% the slot in rules table must be empty so that the
 		%% later write has the assumed effect. Read maybe
 		%% should empty the table slot.
@@ -1726,7 +1726,7 @@ scan_element_completion(T,S) ->
 update_attributes(NewAttrs, OldAttrs) ->
     update_attributes1(NewAttrs,lists:reverse(OldAttrs)).
 
-update_attributes1([A = {Name,_Type,_DefaultV,_DefaultD,_Env}|Attrs], 
+update_attributes1([A = {Name,_Type,_DefaultV,_DefaultD,_Env}|Attrs],
 		   OldAttrs) ->
     case lists:keymember(Name, 1, OldAttrs) of
 	true ->
@@ -1867,7 +1867,7 @@ scan_notation_type("|" ++ T, S0, Acc) ->
     ?strip3,
     scan_notation_type(T3, S3, [Name | Acc]).
 
-%%% Validity constraint for NotationType: 
+%%% Validity constraint for NotationType:
 %%% The used notation names must be declared in the DTD, but they may
 %%% be declared later.
 notation_exists(Name, #xmerl_scanner{rules_read_fun = Read,
@@ -1996,7 +1996,7 @@ scan_entity_def(Str, S, EName) ->
 				  {environment,{external,{entity,EName}}}]) of
 		{{_USret,Entity},_Tail,_Sx} ->
 		    {Entity, external,T2, S2};
-		{Entity,_Tail,Sx} -> 
+		{Entity,_Tail,Sx} ->
 			OldRef=S2#xmerl_scanner.entity_references,
 			NewRef=Sx#xmerl_scanner.entity_references,
 		    {Entity,external,T2,
@@ -2048,26 +2048,26 @@ scan_element(T, S=#xmerl_scanner{line=L,col=C},
     {Name, NamespaceInfo, T1, S1} = scan_name(T, S),
     vc_Element_valid(Name,NamespaceInfo,S),
     ?strip2,
-    scan_element(T2, S2, Pos, Name, L, C, _Attrs = [], 
-		 Lang, Parents, NamespaceInfo, NS, 
+    scan_element(T2, S2, Pos, Name, L, C, _Attrs = [],
+		 Lang, Parents, NamespaceInfo, NS,
 		 SpaceDefault).
 
 
 scan_element("/", S=#xmerl_scanner{continuation_fun = F},
-	     Pos, Name, StartL, StartC, Attrs, Lang, Parents, 
+	     Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 	     NSI, NS, SpaceDefault) ->
     ?dbg("trailing / detected~n", []),
-    F(fun(MoreBytes, S1) -> scan_element("/" ++ MoreBytes, S1, 
-					 Pos, Name, StartL, StartC, Attrs, 
+    F(fun(MoreBytes, S1) -> scan_element("/" ++ MoreBytes, S1,
+					 Pos, Name, StartL, StartC, Attrs,
 					 Lang,Parents,NSI,NS,SpaceDefault) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
-scan_element([], S=#xmerl_scanner{continuation_fun = F}, 
-	     Pos, Name, StartL, StartC, Attrs, Lang, Parents, 
+scan_element([], S=#xmerl_scanner{continuation_fun = F},
+	     Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 	     NSI, NS, SpaceDefault) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_element(MoreBytes, S1, 
-					 Pos, Name, StartL, StartC, Attrs, 
+    F(fun(MoreBytes, S1) -> scan_element(MoreBytes, S1,
+					 Pos, Name, StartL, StartC, Attrs,
 					 Lang,Parents,NSI,NS,SpaceDefault) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
@@ -2075,12 +2075,12 @@ scan_element("/>" ++ T, S0 = #xmerl_scanner{hook_fun = Hook,
 					    event_fun = Event,
 					    line = L, col = C,
 					    xmlbase_cache=XMLBase}, Pos,
-	     Name, _StartL, _StartC, Attrs0, Lang, Parents, NSI, 
+	     Name, _StartL, _StartC, Attrs0, Lang, Parents, NSI,
 	     Namespace, _SpaceDefault) ->
     ?bump_col(2),
     Attrs = lists:reverse(Attrs0),
     E=processed_whole_element(S, Pos, Name, Attrs, Lang, Parents,NSI,Namespace),
-    
+
     #xmlElement{attributes = Attrs1} = E,
     wfc_unique_att_spec(Attrs1,S),
     S1 = #xmerl_scanner{} = Event(#xmerl_event{event = ended,
@@ -2091,11 +2091,11 @@ scan_element("/>" ++ T, S0 = #xmerl_scanner{hook_fun = Hook,
     S2b=S2#xmerl_scanner{xmlbase=XMLBase},
     {Ret, T, S2b};
 scan_element(">", S=#xmerl_scanner{continuation_fun = F},
-	     Pos, Name, StartL, StartC, Attrs, Lang, Parents, 
+	     Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 	     NSI, NS, SpaceDefault) ->
     ?dbg("trailing > detected~n", []),
-    F(fun(MoreBytes, S1) -> scan_element(">" ++ MoreBytes, S1, 
-					 Pos, Name, StartL, StartC, Attrs, 
+    F(fun(MoreBytes, S1) -> scan_element(">" ++ MoreBytes, S1,
+					 Pos, Name, StartL, StartC, Attrs,
 					 Lang,Parents,NSI,NS,SpaceDefault) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
@@ -2104,28 +2104,31 @@ scan_element(">" ++ T, S0 = #xmerl_scanner{event_fun = Event,
 					   line = L, col = C,
 					   xmlbase_cache=XMLBase,
 					   space = SpaceOption},
-	     Pos, Name, StartL, StartC, Attrs0, Lang, Parents, 
+	     Pos, Name, StartL, StartC, Attrs0, Lang, Parents,
 	     NSI, Namespace, SpaceDefault) ->
     ?bump_col(1),
     Attrs = lists:reverse(Attrs0),
-    wfc_unique_att_spec(Attrs,S),
-    XMLSpace = case lists:keysearch('xml:space', #xmlAttribute.name, Attrs) of
+    E0=processed_whole_element(S,Pos,Name,Attrs,Lang,Parents,NSI,Namespace),
+
+    #xmlElement{attributes = Attrs1} = E0,
+    wfc_unique_att_spec(Attrs1,S),
+    XMLSpace = case lists:keysearch('xml:space', #xmlAttribute.name, Attrs1) of
 		   false ->			SpaceDefault;
 		   {value, #xmlAttribute{value="default"}} ->	SpaceOption;
 		   {value, #xmlAttribute{value="preserve"}} ->	preserve;
 		   _ ->				SpaceDefault
 	       end,
-    
-    E0=processed_whole_element(S,Pos,Name,Attrs,Lang,Parents,NSI,Namespace),
+
+    E0=processed_whole_element(S,Pos,Name,Attrs1,Lang,Parents,NSI,Namespace),
     S1 = #xmerl_scanner{} = Event(#xmerl_event{event = started,
 					       line = StartL,
 					       col = StartC,
 					       data = E0}, S),
-    
-    {Content, T1, S2} = scan_content(T, S1, Name, Attrs, XMLSpace, 
+
+    {Content, T1, S2} = scan_content(T, S1, Name, Attrs1, XMLSpace,
 				     E0#xmlElement.language,
 				     [{Name, Pos}|Parents], Namespace),
-    
+
     Element=E0#xmlElement{content=Content,
 			  xmlbase=E0#xmlElement.xmlbase},
     S3 = #xmerl_scanner{} = Event(#xmerl_event{event = ended,
@@ -2135,7 +2138,7 @@ scan_element(">" ++ T, S0 = #xmerl_scanner{event_fun = Event,
     {Ret, S4} = Hook(Element, S3),
     S4b=S4#xmerl_scanner{xmlbase=XMLBase},
     {Ret, T1, S4b};
-scan_element(T, S, Pos, Name, StartL, StartC, Attrs, Lang, Parents, 
+scan_element(T, S, Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 	     NSI, NS, SpaceDefault) ->
     {AttName, NamespaceInfo, T1, S1} = scan_name(T, S),
     {T2, S2} = scan_eq(T1, S1),
@@ -2144,14 +2147,14 @@ scan_element(T, S, Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 %%    check_default_value(S3,DefaultDecl,AttValue),
     NewNS = check_namespace(AttName, NamespaceInfo, AttValue, NS),
     {T3,S3} = wfc_whitespace_betw_attrs(T3a,S3a),
-    ?strip4,  
+    ?strip4,
     AttrPos = case Attrs of
 		  [] ->
 		      1;
 		  [#xmlAttribute{pos = P}|_] ->
 		      P+1
 	      end,
-    Attr = #xmlAttribute{name = AttName, 
+    Attr = #xmlAttribute{name = AttName,
 			 parents = [{Name, Pos}|Parents],
 			 pos = AttrPos,
 			 language = Lang,
@@ -2161,10 +2164,10 @@ scan_element(T, S, Pos, Name, StartL, StartC, Attrs, Lang, Parents,
     XMLBase=if
 		AttName=='xml:base' ->
 		    resolve_relative_uri(AttValue,S4#xmerl_scanner.xmlbase);
-		true ->	
+		true ->
 		    S4#xmerl_scanner.xmlbase
 	    end,
-    
+
     #xmerl_scanner{event_fun = Event,
 		   line = Line,
 		   col = Col} = S4,
@@ -2174,7 +2177,7 @@ scan_element(T, S, Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 			    data = Attr},
 	       S4#xmerl_scanner{xmlbase=XMLBase,
 				xmlbase_cache=S#xmerl_scanner.xmlbase}),
-    scan_element(T4, S5, Pos, Name, StartL, StartC, [Attr|Attrs], 
+    scan_element(T4, S5, Pos, Name, StartL, StartC, [Attr|Attrs],
 		 Lang, Parents, NSI, NewNS, SpaceDefault).
 
 get_default_attrs(S = #xmerl_scanner{rules_read_fun = Read}, ElemName) ->
@@ -2210,7 +2213,7 @@ resolve_relative_uri(NewBase,CurrentBase) ->
 processed_whole_element(S=#xmerl_scanner{hook_fun = _Hook,
 					 xmlbase = XMLBase,
 					 line = _L, col = _C,
-					 event_fun = _Event}, 
+					 event_fun = _Event},
 			Pos, Name, Attrs, Lang, Parents, NSI, Namespace) ->
     Language = check_language(Attrs, Lang),
 
@@ -2231,7 +2234,7 @@ processed_whole_element(S=#xmerl_scanner{hook_fun = _Hook,
 		Attrs
 	end,
 
-    {ExpName, ExpAttrs} = 
+    {ExpName, ExpAttrs} =
 	case S#xmerl_scanner.namespace_conformant of
 	    true ->
 		%% expand attribute names. We need to do this after having
@@ -2243,11 +2246,11 @@ processed_whole_element(S=#xmerl_scanner{hook_fun = _Hook,
 		%% should apply to those attributes as well.
 		%% Note that the default URI does not apply to attrbute names.
 		TempNamespace = Namespace#xmlNamespace{default = []},
-		ExpAttrsX = 
+		ExpAttrsX =
 		    [A#xmlAttribute{
 		       namespace=Namespace,
 		       expanded_name=expanded_name(
-				       A#xmlAttribute.name, 
+				       A#xmlAttribute.name,
 				       A#xmlAttribute.nsinfo,
 						% NSI,
 				       TempNamespace, S)} || A <- AllAttrs],
@@ -2277,7 +2280,7 @@ check_language([], Lang) ->
 
 check_namespace(xmlns, _, Value, NS) ->
     NS#xmlNamespace{default = list_to_atom(Value)};
-check_namespace(_, {"xmlns", Prefix}, Value, 
+check_namespace(_, {"xmlns", Prefix}, Value,
 		NS = #xmlNamespace{nodes = Ns}) ->
     NS#xmlNamespace{nodes = keyreplaceadd(
 			      Prefix, 1, Ns, {Prefix, list_to_atom(Value)})};
@@ -2322,7 +2325,7 @@ expanded_name(_Name, {Prefix, Local}, #xmlNamespace{nodes = Ns}, S) ->
 	    %% must be declared
 	    ?fatal({namespace_prefix_not_declared, Prefix}, S)
     end.
-		    
+
 
 
 
@@ -2348,7 +2351,7 @@ scan_att_value("%"++T,S0=#xmerl_scanner{rules_read_fun=Read,
 					rules_delete_fun=Delete},AttType) ->
     ?bump_col(1),
     {Name,T1,S1} = scan_pe_reference(T,S),
-    {ExpandedRef,S2} = 
+    {ExpandedRef,S2} =
 	case expand_pe_reference(Name,S1,in_literal) of
 	    Tuple when is_tuple(Tuple) ->
 		%% {system,URI} or {public,URI}
@@ -2386,9 +2389,9 @@ scan_att_chars([H|T], S0, H, Acc, TmpAcc,AttType,IsNorm) -> % End quote
     ?bump_col(1),
     check_att_default_val(S#xmerl_scanner.validation,TmpAcc,AttType,S),
     {Acc2,S2,IsNorm2} =
-	if 
+	if
 	    AttType == 'CDATA' -> {Acc,S,IsNorm};
-	    true -> 
+	    true ->
 		normalize(Acc,S,IsNorm)
 	end,
     {lists:flatten(lists:reverse(Acc2)), T, S2,IsNorm2};
@@ -2443,7 +2446,7 @@ check_att_default_val(dtd,RevName,Ent,S) ->
 check_att_default_val(_,_,_,_) ->
     ok.
 
-check_att_default_val(Name,Ent,S=#xmerl_scanner{rules_write_fun=Write}) 
+check_att_default_val(Name,Ent,S=#xmerl_scanner{rules_write_fun=Write})
   when Ent == 'ENTITY'; Ent == 'ENTITIES' ->
     case xmerl_lib:is_letter(hd(Name)) of
 	true -> ok;
@@ -2504,28 +2507,28 @@ valid_Char(_,_,C,S) ->
 %%%%%%% [43] content
 
 scan_content(T, S, Name, Attrs, Space, Lang, Parents, NS) ->
-    scan_content(T, S, _Pos = 1, Name, Attrs, Space, 
+    scan_content(T, S, _Pos = 1, Name, Attrs, Space,
                  Lang, Parents, NS, _Acc = [],_MarkupDel=[]).
 
 scan_content("<", S= #xmerl_scanner{continuation_fun = F},
             Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,_) ->
     ?dbg("trailing < detected~n", []),
-    F(fun(MoreBytes, S1) -> scan_content("<" ++ MoreBytes, S1, 
-					 Pos, Name, Attrs, 
+    F(fun(MoreBytes, S1) -> scan_content("<" ++ MoreBytes, S1,
+					 Pos, Name, Attrs,
 					 Space, Lang, Parents, NS, Acc,[]) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
-scan_content([], S=#xmerl_scanner{environment={external,{entity,_}}}, 
+scan_content([], S=#xmerl_scanner{environment={external,{entity,_}}},
              _Pos, _Name, _Attrs, _Space, _Lang, _Parents, _NS, Acc,_) ->
     {lists:reverse(Acc),[],S};
-scan_content([], S=#xmerl_scanner{environment=internal_parsed_entity}, 
+scan_content([], S=#xmerl_scanner{environment=internal_parsed_entity},
              _Pos, _Name, _Attrs, _Space, _Lang, _Parents, _NS, Acc,_) ->
     {lists:reverse(Acc),[],S};
-scan_content([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_content([], S=#xmerl_scanner{continuation_fun = F},
              Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,_) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_content(MoreBytes, S1, 
-					 Pos, Name, Attrs, 
+    F(fun(MoreBytes, S1) -> scan_content(MoreBytes, S1,
+					 Pos, Name, Attrs,
 					 Space, Lang, Parents, NS, Acc,[]) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
@@ -2542,10 +2545,10 @@ scan_content("</" ++ T, S0, _Pos, Name, _Attrs, _Space, _Lang,
     case T2 of
         ">" ++ T3 ->
             {lists:reverse(Acc), T3, S2};
-        _ -> 
+        _ ->
 	    ?fatal({error,{unexpected_end_of_STag}},S)
     end;
-scan_content([$&|_T]=Str, 
+scan_content([$&|_T]=Str,
 	     #xmerl_scanner{environment={external,{entity,EName}}} = S0,
 	     Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,_) ->
     {_EntV,T1,S1}=scan_entity_value(Str,S0 ,[],EName,general),
@@ -2564,13 +2567,13 @@ scan_content("&" ++ T, S0, Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,[]) -
 	_ ->
 	    scan_content(string_to_char_set(S1#xmerl_scanner.encoding,ExpRef)++T1,S1,Pos,Name,Attrs,Space,Lang,Parents,NS,Acc,[])
     end;
-scan_content("<!--" ++ T, S0=#xmerl_scanner{acc_fun = F, comments=CF}, Pos, Name, Attrs, Space, 
+scan_content("<!--" ++ T, S0=#xmerl_scanner{acc_fun = F, comments=CF}, Pos, Name, Attrs, Space,
 	     Lang, Parents, NS, Acc,[]) ->
     ?bump_col(4),
     {C, T1, S1} = scan_comment(T, S, Pos, Parents, Lang),
     case CF of
 	true ->
-	    {Acc2, Pos2, S3} = 
+	    {Acc2, Pos2, S3} =
 		case F(C, Acc, S1) of
 		    {Acc1, S2} ->
 			{Acc1, Pos + 1, S2};
@@ -2580,10 +2583,10 @@ scan_content("<!--" ++ T, S0=#xmerl_scanner{acc_fun = F, comments=CF}, Pos, Name
 	    scan_content(T1, S3, Pos2, Name, Attrs, Space, Lang, Parents, NS, Acc2,[]);
 	false ->
 	    scan_content(T1, S1, Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,[])
-    end;   
+    end;
 scan_content("<" ++ T, S0, Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,[]) ->
     ?bump_col(1),
-    {Markup, T1, S1} = 
+    {Markup, T1, S1} =
         scan_content_markup(T, S, Pos, Name, Attrs, Space, Lang, Parents, NS),
     AccF = S1#xmerl_scanner.acc_fun,
     {NewAcc, NewPos, NewS} = case AccF(Markup, Acc, S1) of
@@ -2599,10 +2602,10 @@ scan_content([_H|T], S= #xmerl_scanner{environment={external,{entity,_}}},
     %% Guess we have to scan the content to find any internal entity
     %% references.
     scan_content(T,S,Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,[]);
-scan_content(T, S=#xmerl_scanner{acc_fun = F, 
+scan_content(T, S=#xmerl_scanner{acc_fun = F,
 				 event_fun = Event,
 				 hook_fun=Hook,
-				 line = _L}, 
+				 line = _L},
              Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,MarkupDel) ->
     Text0 = #xmlText{pos = Pos,
                      parents = Parents},
@@ -2625,7 +2628,7 @@ scan_content(T, S=#xmerl_scanner{acc_fun = F,
 		 Parents, NS, NewAcc,[]).
 
 
-scan_content_markup([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_content_markup([], S=#xmerl_scanner{continuation_fun = F},
 		    Pos, Name, Attrs, Space, Lang, Parents, NS) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) -> scan_content_markup(
@@ -2650,21 +2653,21 @@ scan_char_data(T, S, Space,MUD) ->
 
 scan_char_data([], S=#xmerl_scanner{environment={external,{entity,_}}},
 	       _Space,_MUD, Acc) ->
-    
+
     {lists:reverse(Acc), [], S};
 scan_char_data([], S=#xmerl_scanner{environment=internal_parsed_entity},
 	       _Space, _MUD,Acc) ->
-    
+
     {lists:reverse(Acc), [], S};
 scan_char_data([], S=#xmerl_scanner{continuation_fun = F}, Space, _MUD,Acc) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_char_data(MoreBytes,S1,Space,_MUD,Acc) end, 
+    F(fun(MoreBytes, S1) -> scan_char_data(MoreBytes,S1,Space,_MUD,Acc) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 scan_char_data([$&|T], S,Space,"&",Acc) ->
     scan_char_data(T, S, Space,[], [$&|Acc]);
 scan_char_data(T=[$&|_], S,_Space,_MUD,Acc) ->
-    
+
     {lists:reverse(Acc), T, S};
 scan_char_data("]]>" ++ _T, S, _Space,_MUD, _Acc) ->
     %% See Section 2.4: Especially:
@@ -2676,7 +2679,7 @@ scan_char_data("]]>" ++ _T, S, _Space,_MUD, _Acc) ->
 scan_char_data([$<|T],S,Space,"<", Acc) ->
     scan_char_data(T, S, Space,[], [$<|Acc]);
 scan_char_data(T = [$<|_], S, _Space,_MUD,Acc) ->
-    
+
     {lists:reverse(Acc), T, S};
 scan_char_data(T = [H|R], S, Space,MUD, Acc) when ?whitespace(H) ->
     if
@@ -2769,7 +2772,7 @@ scan_reference(T, S) ->
 %% ampersand is not recognized as an entity-reference delimiter.)"
 %%
 %% How to achieve this? My current approach is to insert the *strings* "&",
-%% "<", ">", "'", and "\"" instead of the characters. The processor will 
+%% "<", ">", "'", and "\"" instead of the characters. The processor will
 %% ignore them when performing multiple expansions. This means, for now, that
 %% the character data output by the processor is (1-2 levels) deep.
 %% At some suitable point, we should flatten these, so that application-level
@@ -2798,7 +2801,7 @@ scan_entity_ref("quot;" ++ T, S0) ->
 scan_entity_ref(T, S) ->
     {Name, _NamespaceInfo, T1, S1} = scan_name(T, S),
     T2 = scan_mandatory(";",T1,1,S1,expected_entity_reference_semicolon),
-%    ";" ++ T2 = T1, 
+%    ";" ++ T2 = T1,
     S2 = S1,
     Entity = expand_reference(Name, S2),
     {Entity, T2, S2}.
@@ -2809,7 +2812,7 @@ scan_entity_ref(T, S) ->
 scan_pe_reference(T, S) ->
     {Name, _NamespaceInfo, T1, S1} = scan_name(T, S),
     T2 = scan_mandatory(";",T1,1,S1,expected_parsed_entity_reference_semicolon),
-%    ";" ++ T2 = T1, 
+%    ";" ++ T2 = T1,
     {Name, T2, S1#xmerl_scanner{col = S1#xmerl_scanner.col+1}}.
 
 expand_pe_reference(Name, #xmerl_scanner{rules_read_fun = Read} = S,WS) ->
@@ -2836,7 +2839,7 @@ expand_pe_reference(Name, #xmerl_scanner{rules_read_fun = Read} = S,WS) ->
 % 	Result ->
 % 	    fetch_DTD(Result,S)
 %     end.
-    
+
 
 %%%%%%% [68] EntityReference
 
@@ -2915,15 +2918,15 @@ scan_eq(T, S) ->
 
 %% scan_name/2
 %%
-%% We perform some checks here to make sure that the names conform to 
+%% We perform some checks here to make sure that the names conform to
 %% the "Namespaces in XML" specification. This is an option.
-%% 
+%%
 %% Qualified Name:
 %% [6]      QName ::= (Prefix ':')? LocalPart
 %% [7]     Prefix ::= NCName
 %% [8]  LocalPart ::= NCName
 %% [4]     NCName ::= (Letter | '_') (NCNameChar)*
-%% [5] NCNameChar ::= Letter | Digit | '.' | '-' | '_' 
+%% [5] NCNameChar ::= Letter | Digit | '.' | '-' | '_'
 %%                    | CombiningChar | Extender
 
 
@@ -2937,9 +2940,9 @@ scan_eq(T, S) ->
 %%
 scan_name_no_colons(Str, S) ->
     NSC = S#xmerl_scanner.namespace_conformant,
-    case NSC of 
+    case NSC of
 	true ->
-	    {Target, NSI, T1, S1} = 
+	    {Target, NSI, T1, S1} =
 		scan_name(Str,S#xmerl_scanner{namespace_conformant=no_colons}),
 	    {Target,NSI,T1,S1#xmerl_scanner{namespace_conformant=NSC}};
 	false ->
@@ -2951,7 +2954,7 @@ scan_name_no_colons(Str, S) ->
 %% [5] Name ::= (Letter | '_' | ':') (NameChar)*
 scan_name([], S=#xmerl_scanner{continuation_fun = F}) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_name(MoreBytes, S1) end, 
+    F(fun(MoreBytes, S1) -> scan_name(MoreBytes, S1) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 scan_name(Str = [$:|T], S0 = #xmerl_scanner{namespace_conformant = NSC}) ->
@@ -3014,15 +3017,15 @@ scan_nmtoken(Str, S) ->
     {Ch,T} = to_ucs(S#xmerl_scanner.encoding,Str),
     case xmerl_lib:is_namechar(Ch) of
 	true ->
-	    scan_nmtoken(T, S#xmerl_scanner{col = S#xmerl_scanner.col+1}, 
-			 _Acc = [Ch], _Prefix = [], _Local = [Ch], 
+	    scan_nmtoken(T, S#xmerl_scanner{col = S#xmerl_scanner.col+1},
+			 _Acc = [Ch], _Prefix = [], _Local = [Ch],
 			 _NamespaceConformant = false,isLatin1(Ch,true));
 	false ->
 	    ?fatal({invalid_nmtoken, lists:sublist(Str, 1, 6)}, S)
     end.
 
 
-scan_nmtoken([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_nmtoken([], S=#xmerl_scanner{continuation_fun = F},
 	     Acc, Prefix, Local, NSC,IsLatin1) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) -> scan_nmtoken(MoreBytes,S1,Acc,Prefix,Local,NSC,IsLatin1) end,
@@ -3036,16 +3039,16 @@ scan_nmtoken(Str = [H|_], S, Acc, Prefix, Local, _NSC,true) when ?whitespace(H)
     NmString = lists:reverse(Acc),
     {list_to_atom(NmString), namespace_info(Prefix, Local), Str, S};
 scan_nmtoken(Str = [$:|_], S, Acc, [], _Local, no_colons,_IsLatin1) ->
-    ?fatal({invalid_NCName, 
+    ?fatal({invalid_NCName,
 	    lists:sublist(lists:reverse(Acc) ++ Str, 1, 6)}, S);
 scan_nmtoken([$:|T], S0, Acc, [], Local, NSC, IsLatin1) ->
     ?bump_col(1),
     scan_nmtoken(T, S, [$:|Acc], lists:reverse(Local), [], NSC,IsLatin1);
 scan_nmtoken(Str = [$:|_T], S, Acc, _Prefix, _Local, _NSC = true,_IsLatin1) ->
     %% non-empty Prefix means that we've encountered a ":" already.
-    %% Conformity with "Namespaces in XML" requires 
+    %% Conformity with "Namespaces in XML" requires
     %% at most one colon in a name
-    ?fatal({invalid_NCName, 
+    ?fatal({invalid_NCName,
 	    lists:sublist(lists:reverse(Acc) ++ Str, 1, 6)}, S);
 
 %% non-namechar also marks the end of a name
@@ -3078,7 +3081,7 @@ isLatin1(_,_) ->
 
 scan_system_literal([], S=#xmerl_scanner{continuation_fun = F}) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_system_literal(MoreBytes, S1) end, 
+    F(fun(MoreBytes, S1) -> scan_system_literal(MoreBytes, S1) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 scan_system_literal("\"" ++ T, S) ->
@@ -3087,7 +3090,7 @@ scan_system_literal("'" ++ T, S) ->
     scan_system_literal(T, S, $', []).
 
 
-scan_system_literal([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_system_literal([], S=#xmerl_scanner{continuation_fun = F},
 		    Delimiter, Acc) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) -> scan_system_literal(MoreBytes,S1,Delimiter,Acc) end,
@@ -3100,7 +3103,7 @@ scan_system_literal("#"++_R, S, _H, _Acc) ->
     ?fatal(fragment_identifier_in_system_literal,S);
 scan_system_literal(Str, S, Delimiter, Acc) ->
     {Ch,T} = to_ucs(S#xmerl_scanner.encoding,Str),
-    scan_system_literal(T, S#xmerl_scanner{col = S#xmerl_scanner.col+1}, 
+    scan_system_literal(T, S#xmerl_scanner{col = S#xmerl_scanner.col+1},
 			Delimiter, [Ch|Acc]).
 
 
@@ -3117,7 +3120,7 @@ scan_pubid_literal([H|_T], S) ->
     ?fatal({invalid_pubid_char, H}, S).
 
 
-scan_pubid_literal([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_pubid_literal([], S=#xmerl_scanner{continuation_fun = F},
 		   Delimiter, Acc) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) -> scan_pubid_literal(MoreBytes,S1,Delimiter,Acc) end,
@@ -3134,7 +3137,7 @@ scan_pubid_literal([H|T], S, Delimiter, Acc) ->
     case is_pubid_char(H) of
 	true ->
 	    scan_pubid_literal(
-	      T, S#xmerl_scanner{col = S#xmerl_scanner.col+1}, 
+	      T, S#xmerl_scanner{col = S#xmerl_scanner.col+1},
 	      Delimiter, [H|Acc]);
 	false ->
 	    ?fatal({invalid_pubid_char, H}, S)
@@ -3186,7 +3189,7 @@ scan_contentspec(_Str,S) ->
 scan_elem_content(T, S) ->
     scan_elem_content(T, S, _Context = children, _Mode = unknown, _Acc = []).
 
-scan_elem_content([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_elem_content([], S=#xmerl_scanner{continuation_fun = F},
 		  Context, Mode, Acc) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes,S1) -> scan_elem_content(MoreBytes,S1,Context,Mode,Acc) end,
@@ -3207,7 +3210,7 @@ scan_elem_content(")" ++ T, S0, Context, Mode0, Acc0) ->
                                          % more names than '#PCDATA'
                                          % and no '*'.
 	{'*', mixed,_} -> ok;
-	{Other, mixed,_} -> 
+	{Other, mixed,_} ->
 	    ?fatal({illegal_for_mixed_content, Other}, S1);
 	_ ->
 	    ok
@@ -3216,7 +3219,7 @@ scan_elem_content(")" ++ T, S0, Context, Mode0, Acc0) ->
     {format_elem_content({Occurrence, {Mode, Acc}}), T2, S2};
 scan_elem_content("#PCDATA" ++ _T, S, not_mixed, _Mode, _Acc) ->
     ?fatal({error,{extra_set_of_parenthesis}},S);
-scan_elem_content("#PCDATA" ++ _T, S, _Cont, Mode, Acc) 
+scan_elem_content("#PCDATA" ++ _T, S, _Cont, Mode, Acc)
   when Mode==choice;Mode==seq;Acc/=[] ->
     ?fatal({error,{invalid_format_of_mixed_content}},S);
 scan_elem_content("#PCDATA" ++ T, S0, _Context, Mode, Acc) ->
@@ -3259,7 +3262,7 @@ scan_elem_content2(T, S, Context, Mode, Acc) ->
     {Occurrence, T2, S2} = scan_occurrence(T1, S1),
     case {Occurrence, Context} of
 	{once, mixed} -> ok;
-	{Other, mixed} -> 
+	{Other, mixed} ->
 	    ?fatal({illegal_for_mixed_content, Other}, S1);
 	_ ->
 	    ok
@@ -3305,17 +3308,17 @@ vc_Valid_Char(_AT,C,S) ->
 
 
 
-vc_ID_Attribute_Default(_,#xmerl_scanner{validation=Valid}) 
+vc_ID_Attribute_Default(_,#xmerl_scanner{validation=Valid})
   when Valid /= dtd ->
-    ok;  
-vc_ID_Attribute_Default({_,'ID',_,Def,_},_S) 
+    ok;
+vc_ID_Attribute_Default({_,'ID',_,Def,_},_S)
   when Def=='#IMPLIED';Def=='#REQUIRED' ->
     ok;
 vc_ID_Attribute_Default({_,'ID',_,Def,_},S) ->
     ?fatal({error,{validity_constraint_error_ID_Attribute_Default,Def}},S).
 
-vc_Enumeration({_Name,{_,NameList},DefaultVal,_,_},S) 
-  when is_list(DefaultVal) ->    
+vc_Enumeration({_Name,{_,NameList},DefaultVal,_,_},S)
+  when is_list(DefaultVal) ->
     case lists:member(list_to_atom(DefaultVal),NameList) of
 	true ->
 	    ok;
@@ -3338,12 +3341,12 @@ vc_Entity_Name({_,'ENTITIES',DefaultVal,_,_},S) when is_list(DefaultVal) ->
     Read = S#xmerl_scanner.rules_read_fun,
     NameListFun = fun([],Acc,_St,_Fun) ->
 		       lists:reverse(Acc);
-		  (Str,Acc,St,Fun) -> 
+		  (Str,Acc,St,Fun) ->
 		       {N,_,St2,Str2} = scan_name(Str,St),
 		       Fun(Str2,[N|Acc],St2,Fun)
 	       end,
     NameList = NameListFun(DefaultVal,[],S,NameListFun),
-    VcFun = 
+    VcFun =
 	fun(X) ->
 		case Read(entity,X,S) of
 		    {_,external,{_,{ndata,_}}} ->
@@ -3356,7 +3359,7 @@ vc_Entity_Name({_,'ENTITIES',_,_,_},_S) ->
     ok.
 
 vc_No_Duplicate_Types(#xmerl_scanner{validation=dtd} = S,mixed,Acc) ->
-    CheckDupl = 
+    CheckDupl =
 	fun([H|T],F) ->
 		case lists:member(H,T) of
 		    true ->
@@ -3519,7 +3522,7 @@ scan_notation_decl1("PUBLIC" ++ T, S0) ->
     ?strip3,
     case T3 of
 	">" ++ _ ->
-	    {{public, PIDL}, T3, 
+	    {{public, PIDL}, T3,
 	     S3#xmerl_scanner{col = S3#xmerl_scanner.col+1}};
 	_ ->
 	    {SL, T4, S4} = scan_system_literal(T3, S3),
@@ -3570,7 +3573,7 @@ scan_entity_value([],S,
 scan_entity_value([],S=#xmerl_scanner{validation=dtd},
 		  no_delim,_Acc,PEName,_,_PENesting) ->
     {{error,{failed_VC_Proper_Declaration_PE_Nesting,2,PEName}},[],S};
-scan_entity_value([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_entity_value([], S=#xmerl_scanner{continuation_fun = F},
 		  Delim, Acc, PEName,Namespace,PENesting) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) ->
@@ -3589,7 +3592,7 @@ scan_entity_value([Delim|T], S0,
 scan_entity_value("%" ++ _T,S=#xmerl_scanner{environment=prolog},_,_,_,_,_) ->
     ?fatal({error,{wfc_PEs_In_Internal_Subset}},S);
 % %% This is a PEdecl in an external entity
-% scan_entity_value([$%,WS|T], S0, Delim, Acc, PEName,Namespace,PENesting) 
+% scan_entity_value([$%,WS|T], S0, Delim, Acc, PEName,Namespace,PENesting)
 %   when ?whitespace(WS) ->
 %     ?bump_col(2),
 %     scan_entity_value(T, S, Delim, [WS,$%|Acc], PEName,Namespace,PENesting);
@@ -3599,7 +3602,7 @@ scan_entity_value("%" ++ T, S0, Delim, Acc, PEName,Namespace,PENesting) ->
     if PERefName == PEName,Namespace==parameter ->
 	    ?fatal({illegal_recursion_in_PE, PEName}, S1);
        true ->
-	    {ExpandedRef,S2} = 
+	    {ExpandedRef,S2} =
 		case expand_pe_reference(PERefName, S1, in_literal) of
 		    %% actually should pe ref be expanded as_PE but
 		    %% handle whitespace explicitly in this case.
@@ -3607,7 +3610,7 @@ scan_entity_value("%" ++ T, S0, Delim, Acc, PEName,Namespace,PENesting) ->
 			%% {system,URI} or {public,URI}
 			%% Included in literal.
 			{ExpRef,Sx}=fetch_not_parse(Tuple,S1),
-			{EntV, _, S5} = 
+			{EntV, _, S5} =
 		 	    scan_entity_value(ExpRef, Sx, no_delim,[],
 					      PERefName,parameter,[]),
 			%% should do an update Write(parameter_entity)
@@ -3727,7 +3730,7 @@ scan_entity_value(")"++ T,S0,Delim,Acc,PEName, parameter=NS,PENesting) ->
     scan_entity_value(T,S,Delim,[")"|Acc],PEName,NS,
 		      pe_pop(")",PENesting,S));
 scan_entity_value("\n"++T, S, Delim, Acc, PEName,Namespace,PENesting) ->
-    scan_entity_value(T, S#xmerl_scanner{line=S#xmerl_scanner.line+1}, 
+    scan_entity_value(T, S#xmerl_scanner{line=S#xmerl_scanner.line+1},
 		      Delim, ["\n"|Acc], PEName,Namespace,PENesting);
 scan_entity_value(Str, S0, Delim, Acc, PEName,Namespace,PENesting) ->
     {Ch,T} = to_ucs(S0#xmerl_scanner.encoding,Str),
@@ -3770,7 +3773,7 @@ save_refed_entity_name1(Name,PEName,
 pe_push(Tok,Stack,_S) when Tok=="<!";Tok=="<?";Tok=="<!--";Tok=="<![";
 			   Tok=="[";Tok=="<";Tok=="</";Tok=="(" ->
     [Tok|Stack];
-pe_push(Tok,Stack,#xmerl_scanner{validation=dtd}) 
+pe_push(Tok,Stack,#xmerl_scanner{validation=dtd})
   when Tok==")";Tok==">";Tok=="?>";Tok=="]]>";Tok=="-->";Tok=="/>"->
     [Tok|Stack];
 pe_push(_,Stack,_S) ->
@@ -3838,10 +3841,10 @@ scan_comment(Str,S=#xmerl_scanner{col=C,event_fun=Event}, Pos, Parents, Lang) ->
 					       col = C,
 					       pos = Pos,
 					       data = Comment}, S),
-    
+
     scan_comment1(Str, S1, Pos, Comment, _Acc = []).
 
-scan_comment1([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_comment1([], S=#xmerl_scanner{continuation_fun = F},
 	     Pos, Comment, Acc) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) -> scan_comment1(MoreBytes, S1, Pos, Comment, Acc) end,
@@ -3849,7 +3852,7 @@ scan_comment1([], S=#xmerl_scanner{continuation_fun = F},
       S);
 scan_comment1("-->" ++ T, S0 = #xmerl_scanner{col = C,
 					     event_fun = Event,
-					     hook_fun = Hook}, 
+					     hook_fun = Hook},
 	     _Pos, Comment, Acc) ->
     ?bump_col(3),
     Comment1 = Comment#xmlComment{value = lists:reverse(Acc)},
@@ -3957,9 +3960,9 @@ normalize(T,S,IsNorm) ->
     end.
 
 
-%% Optimization: 
+%% Optimization:
 %% - avoid building list of spaces or tabs;
-%% - avoid reverse; 
+%% - avoid reverse;
 %% - compact two common indentation patterns.
 %% Note: only to be called when a \n was found.
 fast_accumulate_whitespace(" " ++ T, S, _) ->
@@ -3971,7 +3974,7 @@ fast_accumulate_whitespace("<"++_=R, S, _T) ->
     {done, {element(3, CD), R, S#xmerl_scanner{col = 1, line = Line + 1}}};
 fast_accumulate_whitespace(_, S, T) ->
     accumulate_whitespace(T, S, []).
-    
+
 fast_acc_spaces(" " ++ T, S, N) ->
     fast_acc_spaces(T, S, N + 1);
 fast_acc_spaces(T, S, N) ->
@@ -3985,18 +3988,18 @@ fast_acc_tabs(T, S, N) ->
 fast_acc_end(T, S, N, Col, C, CD_I) ->
     #xmerl_scanner{common_data = CD, line = Line0} = S,
     Line = Line0 + 1,
-    try 
+    try
         $< = hd(T),
-        {done,{element(N, element(CD_I, CD)), T, 
+        {done,{element(N, element(CD_I, CD)), T,
                S#xmerl_scanner{col = Col, line = Line}}}
-    catch _:_ -> 
+    catch _:_ ->
         accumulate_whitespace(T, S, Line, Col, lists:duplicate(N, C)++"\n")
     end.
-    
+
 
 %%% @spec accumulate_whitespace(T::string(),S::global_state(),
 %%%                             atom(),Acc::string()) -> {Acc, T1, S1}
-%%%     
+%%%
 %%% @doc Function to accumulate and normalize whitespace.
 accumulate_whitespace(T, S, preserve, Acc) ->
     accumulate_whitespace(T, S, Acc);
@@ -4055,19 +4058,19 @@ schemaLocations(El,#xmerl_scanner{schemaLocation=SL}) ->
 	    schemaLocations(El)
     end.
 
-schemaLocations(#xmlElement{attributes=Atts,xmlbase=_Base}) -> 
+schemaLocations(#xmlElement{attributes=Atts,xmlbase=_Base}) ->
     Pred = fun(#xmlAttribute{name=schemaLocation}) -> false;
 	      (#xmlAttribute{nsinfo={_,"schemaLocation"}}) -> false;
 	      (_) -> true
 	   end,
     case lists:dropwhile(Pred,Atts) of
 	[#xmlAttribute{value=Paths}|_] ->
-	    
+
 	    case string:tokens(Paths," \n\t\r") of
 		L when length(L) > 0 ->
 		    case length(L) rem 2 of
 			0 ->
-			    PairList = 
+			    PairList =
 				fun([],_Fun) ->
 					[];
 				   ([SLNS,SLLoc|Rest],Fun) ->
@@ -4137,7 +4140,7 @@ to_ucs(Encoding, Chars) when Encoding=="utf-8"; Encoding == undefined ->
     utf8_2_ucs(Chars);
 to_ucs(_,[C|Rest]) ->
     {C,Rest}.
-    
+
 utf8_2_ucs([A,B,C,D|Rest]) when A band 16#f8 =:= 16#f0,
 			      B band 16#c0 =:= 16#80,
 			      C band 16#c0 =:= 16#80,
@@ -4226,7 +4229,7 @@ string_to_char_set(_,Str) ->
 %% 	{{_,{_,Tot}},Tot110} when Tot > Tot110 ->
 %% 	    io:format("From ~p to ~p, total memory: ~p (~p)~n",[OldLine,Line,Tot,OldTot]),
 %% 	    Tot;
-%% 	{{_,{_,Tot}},_} ->    
+%% 	{{_,{_,Tot}},_} ->
 %% 	    Tot
 %%     end,
 %%     put_total({NewTot,Line}).
diff --git a/lib/xmerl/src/xmerl_uri.erl b/lib/xmerl/src/xmerl_uri.erl
index a0c6f1c2a7..1864651491 100644
--- a/lib/xmerl/src/xmerl_uri.erl
+++ b/lib/xmerl/src/xmerl_uri.erl
@@ -358,7 +358,7 @@ scan_host(C0) ->
 %% 							  Hex3=<?HEX;
 %% 							  Hex4=<?HEX ->
 %% 	    {C1,lists:reverse(lists:append(IPv6address))};
-	{C1,Hostname,[A|_HostF]} -> 
+	{C1,Hostname,[_A|_HostF]} -> 
 	    {C1,lists:reverse(lists:append(Hostname))}
 %%	_ ->
 %%	    {error,no_host}
diff --git a/lib/xmerl/src/xmerl_validate.erl b/lib/xmerl/src/xmerl_validate.erl
index 4028fef2b9..60f228474b 100644
--- a/lib/xmerl/src/xmerl_validate.erl
+++ b/lib/xmerl/src/xmerl_validate.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/xmerl/src/xmerl_xpath_lib.erl b/lib/xmerl/src/xmerl_xpath_lib.erl
index 096f54ec30..b37bdc93f9 100644
--- a/lib/xmerl/src/xmerl_xpath_lib.erl
+++ b/lib/xmerl/src/xmerl_xpath_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/xmerl/src/xmerl_xpath_parse.yrl b/lib/xmerl/src/xmerl_xpath_parse.yrl
index f60cea0a2e..381ea20193 100644
--- a/lib/xmerl/src/xmerl_xpath_parse.yrl
+++ b/lib/xmerl/src/xmerl_xpath_parse.yrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/xmerl/src/xmerl_xpath_pred.erl b/lib/xmerl/src/xmerl_xpath_pred.erl
index 855b8599fe..b94f3bb14d 100644
--- a/lib/xmerl/src/xmerl_xpath_pred.erl
+++ b/lib/xmerl/src/xmerl_xpath_pred.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/xmerl/src/xmerl_xpath_scan.erl b/lib/xmerl/src/xmerl_xpath_scan.erl
index 10e2756e74..f0a5bd35a3 100644
--- a/lib/xmerl/src/xmerl_xpath_scan.erl
+++ b/lib/xmerl/src/xmerl_xpath_scan.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -287,6 +287,7 @@ strip_ws(T) ->
 
 special_token('@') -> true;
 special_token('::') -> true;
+special_token(',') -> true;
 special_token('(') -> true;
 special_token('[') -> true;
 special_token('/') -> true;
diff --git a/make/otp_subdir.mk b/make/otp_subdir.mk
index 919eee52fc..07294c272d 100644
--- a/make/otp_subdir.mk
+++ b/make/otp_subdir.mk
@@ -1,7 +1,7 @@
 # 
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/make/run_make.mk b/make/run_make.mk
index b2be384aa3..39c3668e50 100644
--- a/make/run_make.mk
+++ b/make/run_make.mk
@@ -27,6 +27,8 @@
 
 include $(ERL_TOP)/make/target.mk
 
+.PHONY: valgrind
+
 opt debug purify quantify purecov valgrind gcov gprof lcnt:
 	$(MAKE) -f $(TARGET)/Makefile TYPE=$@
 
diff --git a/make/target.mk b/make/target.mk
index a6493e09a5..4e13779461 100644
--- a/make/target.mk
+++ b/make/target.mk
@@ -54,7 +54,7 @@ endif
 
 ifneq ($(TARGET),)
 ifneq ($(TARGET),win32)
-ifneq ($(TARGET),vxworks)
+ifneq ($(findstring vxworks,$(TARGET)),vxworks)
 override TARGET := $(shell $(ERL_TOP)/erts/autoconf/config.sub $(TARGET))
 else
 endif
diff --git a/otp_build b/otp_build
index 164e0b5f4e..a4e25510c1 100755
--- a/otp_build
+++ b/otp_build
@@ -65,8 +65,16 @@ usage ()
     echo "    installer_win32 <dir> - creates a windows installer from <dir>" 
     echo ""
     echo "Before trying to build on windows, consider the following option"
-    echo "    env_win32 - echo environment settings for win32 with visual C++, use with eval"
+    echo "    env_win32 [<arch>] - echo environment settings for win32 with visual C++, use with eval"
+    echo "                         The optional <arch> can be x64 for 64bit Windows 7" 
+    echo "                         or x86 for 32bit Windows XP+"
+    echo "    env_win64 - echo environment settings for win32 with visual C++, use with eval"
+    echo "                Note that env_win32 x64 gives the same result, Windows 7 64bit"
     echo "    env_mingw32 - echo environment settings for win32 with MinGW, use with eval"
+    echo "                  - experimental!"
+    echo "    env_msys64 - echo environment settings for win32 with visual C++ running "
+    echo "                 msys and mingw, use with eval"
+    echo "                  - experimental!"
     echo ""
     echo "Before trying to build for vxworks, consider the following option"
     echo "    env_vxworks <cpu>  - echo environment settings for vxworks, use with eval"
@@ -255,9 +263,62 @@ create_lib_configure_in()
     }
 }
 
+find_sum()
+{
+    candidates="sum cksum md5sum sha1sum"
+    SUM_CMD="wc"
+    for x in $candidates; do
+	if (echo foo | $x > /dev/null 2>&1); then
+	    SUM_CMD=$x
+	    break
+	fi
+    done
+}
+
+chk_eq()
+{
+    master=$1
+    shift
+    slaves="$@"
+    master_sum=`$SUM_CMD $master | awk '{print $1}'`
+    for x in $slaves; do
+	s=`$SUM_CMD $x | awk '{print $1}'`
+	if test "$s" != "$master_sum"; then
+	    echo "Error: $master and $x are not equal, make sure they are!" >&2
+	    echo "Maybe you would want to:" >&2
+	    echo "for x in $slaves; do cp $master \$x; done" >&2
+	    echo "? Or something else is wrong." 2>&1
+	    exit 2
+	fi
+    done
+}
+
+check_config_helpers ()
+{
+
+    aclocals="./aclocal.m4 ./lib/erl_interface/aclocal.m4 ./lib/odbc/aclocal.m4 ./lib/wx/aclocal.m4"
+    install_shs="./lib/common_test/priv/auxdir/install-sh ./lib/erl_interface/src/auxdir/install-sh ./lib/test_server/src/install-sh"
+    config_guesses="./lib/common_test/priv/auxdir/config.guess ./lib/erl_interface/src/auxdir/config.guess ./lib/test_server/src/config.guess"
+    config_subs="./lib/common_test/priv/auxdir/config.sub ./lib/erl_interface/src/auxdir/config.sub ./lib/test_server/src/config.sub"
+
+    aclocal_master="./erts/aclocal.m4"
+    install_sh_master="./erts/autoconf/install-sh"
+    config_guess_master="./erts/autoconf/config.guess"
+    config_sub_master="./erts/autoconf/config.sub"
+
+    find_sum
+
+    chk_eq $aclocal_master $aclocals
+    chk_eq $install_sh_master $install_shs
+    chk_eq $config_guess_master $config_guesses
+    chk_eq $config_sub_master $config_subs
+
+}
+
 do_autoconf ()		
 {
         create_lib_configure_in
+	check_config_helpers
 
         if target_contains win32; then
 	    # Select the correct autoconf on cygwin
@@ -481,6 +542,7 @@ maybe_copy_static_cache ()
 {
     if [ '!' -z "$OVERRIDE_CONFIG_CACHE_STATIC" ]; then
 	if [ '!' -z "$OVERRIDE_CONFIG_CACHE" ]; then
+	    echo "Copying static configure cache $OVERRIDE_CONFIG_CACHE_STATIC to $OVERRIDE_CONFIG_CACHE"
 	    cp -f "$OVERRIDE_CONFIG_CACHE_STATIC" "$OVERRIDE_CONFIG_CACHE"
 	fi
     fi
@@ -731,7 +793,9 @@ echo_env_win32 ()
 	fi
     done
     IFS=$save_ifs
+    WIN32_WRAPPER_PATH="$ERL_TOP/erts/etc/win32/cygwin_tools/vc:$ERL_TOP/erts/etc/win32/cygwin_tools"
 
+    
     echo_setenv OVERRIDE_TARGET win32 ';'
     echo_setenv CC cc.sh ';'
     echo_setenv CXX cc.sh ';'
@@ -741,7 +805,8 @@ echo_env_win32 ()
 	echo_setenv OVERRIDE_CONFIG_CACHE_STATIC  "$ERL_TOP/erts/autoconf/win32.config.cache.static" ';'
     fi
     echo_setenv OVERRIDE_CONFIG_CACHE "$ERL_TOP/erts/autoconf/win32.config.cache" ';'
-    echo_setenv PATH "$ERL_TOP/erts/etc/win32/cygwin_tools/vc:$ERL_TOP/erts/etc/win32/cygwin_tools:$P3" ';'
+    echo_setenv WIN32_WRAPPER_PATH "$WIN32_WRAPPER_PATH" ';'
+    echo_setenv PATH "$WIN32_WRAPPER_PATH:$P3" ';'
     echo_envinfo
 }
 
@@ -803,6 +868,7 @@ echo_env_mingw32 ()
 	echo "needed for message file compilation: http://wine.sourceforge.net!!" >&2
 	return
     fi
+    WIN32_WRAPPER_PATH="$ERL_TOP/erts/etc/win32/cygwin_tools/mingw:$ERL_TOP/erts/etc/win32/cygwin_tools"
 
 
     echo_setenv OVERRIDE_TARGET win32 ';'
@@ -812,10 +878,184 @@ echo_env_mingw32 ()
     echo_setenv CXX cc.sh ';'
     echo_setenv AR ar.sh ';'
     echo_setenv RANLIB true ';'
-    echo_setenv PATH "$ERL_TOP/erts/etc/win32/cygwin_tools/mingw:$ERL_TOP/erts/etc/win32/cygwin_tools:$P3"
+    echo_setenv WIN32_WRAPPER_PATH "$WIN32_WRAPPER_PATH" ';'
+    echo_setenv PATH "$WIN32_WRAPPER_PATH:$P3" ';'
+    echo_envinfo
+}
+
+# N.B. In Erlang, and the build system, win32 means windows, so we keep
+# everything as terget win32, but add the CONFIG_SUBTYPE win64, which can
+# be handled by configure, setting WINDOWS_64BIT in headers and such
+echo_env_win64 ()
+{
+    #echo_envinfo
+    if [ X"$SHELL" = X"" ]; then
+	echo "You need to export the shell variable first," \
+		"for bourne-like shells, type:" >&2
+	echo 'export SHELL' >&2
+	echo "and for csh-like shells, type:" >&2
+	echo 'setenv SHELL $SHELL' >&2
+	echo " - then try again." >&2
+	exit 1
+    fi
+    echo_env_erltop
+    # Try to cope with paths containing unexpected things like stray 
+    # mixed paths (c:/something/bin) and quotes. Only C and D drive
+    # handled.
+    CCYGPATH=`cygpath c:\\`
+    DCYGPATH=`cygpath d:\\`
+    P2=`echo :$PATH | \
+	sed "s,\",,g;s,:[cC]:,:$CCYGPATH,g;s,:[dD]:,:$DCYGPATH,g;s,^:,,"`
+    P3=""
+    save_ifs=$IFS
+    IFS=:
+    for p in $P2; do
+	if [ -d "$p" ]; then
+	    C1="`(cygpath -d $p 2>/dev/null || cygpath -w $p)`" 2> /dev/null
+	    C2=`cygpath "$C1" 2> /dev/null` 2> /dev/null
+	else
+	    C2=""
+	fi
+	if [ ! -z "$C2" ]; then
+	    if [ -z "$P3" ];then 
+		P3="$C2"
+	    else 
+		P3="$P3:$C2"
+	    fi
+	fi
+    done
+    IFS=$save_ifs
+    WIN32_WRAPPER_PATH="$ERL_TOP/erts/etc/win32/cygwin_tools/vc:$ERL_TOP/erts/etc/win32/cygwin_tools"
+
+    
+    echo_setenv OVERRIDE_TARGET win32 ';'
+    echo_setenv CONFIG_SUBTYPE win64 ';'
+    echo_setenv CC cc.sh ';'
+    echo_setenv CXX cc.sh ';'
+    echo_setenv AR ar.sh ';'
+    echo_setenv RANLIB true ';'
+    if [ -f "$ERL_TOP/erts/autoconf/win64.config.cache.static" ]; then
+	echo_setenv OVERRIDE_CONFIG_CACHE_STATIC  "$ERL_TOP/erts/autoconf/win64.config.cache.static" ';'
+    fi
+    echo_setenv OVERRIDE_CONFIG_CACHE "$ERL_TOP/erts/autoconf/win64.config.cache" ';'
+    echo_setenv WIN32_WRAPPER_PATH "$WIN32_WRAPPER_PATH" ';'
+    echo_setenv PATH "$WIN32_WRAPPER_PATH:$P3" ';'
+    echo_envinfo
+}
+
+echo_env_msys32 ()
+{
+    #echo_envinfo
+    if [ X"$SHELL" = X"" ]; then
+	echo "You need to export the shell variable first," \
+		"for bourne-like shells, type:" >&2
+	echo 'export SHELL' >&2
+	echo "and for csh-like shells, type:" >&2
+	echo 'setenv SHELL $SHELL' >&2
+	echo " - then try again." >&2
+	exit 1
+    fi
+    echo_env_erltop
+    # Try to cope with paths containing unexpected things like stray 
+    # mixed paths (c:/something/bin) and quotes. Only C and D drive
+    # handled.
+    P2=`echo :$PATH | \
+	sed "s,\",,g;s,:\([a-zA-Z]\):,:/\L\1,g;s,^:,,"`
+    P3=""
+    save_pwd=`pwd`
+    save_ifs=$IFS
+    IFS=:
+    for p in $P2; do
+	if [ -d "$p" ]; then
+	    C1=`(cd "$p" && cmd //C "for %i in (".") do @echo %~fsi")`
+	    C2=`echo "$C1" | sed 's,^\([a-zA-Z]\):\\\\,/\L\1/,;s,\\\\,/,g'`
+	else
+	    C2=""
+	fi
+	if [ ! -z "$C2" ]; then
+	    if [ -z "$P3" ];then 
+		P3="$C2"
+	    else 
+		P3="$P3:$C2"
+	    fi
+	fi
+    done
+    IFS=$save_ifs
+    WIN32_WRAPPER_PATH="$ERL_TOP/erts/etc/win32/msys_tools/vc:$ERL_TOP/erts/etc/win32/msys_tools"
+
+    echo_setenv OVERRIDE_TARGET win32 ';'
+    echo_setenv CC cc.sh ';'
+    echo_setenv CXX cc.sh ';'
+    echo_setenv AR ar.sh ';'
+    echo_setenv RANLIB true ';'
+    if [ -f "$ERL_TOP/erts/autoconf/win32.config.cache.static" ]; then
+	echo_setenv OVERRIDE_CONFIG_CACHE_STATIC  "$ERL_TOP/erts/autoconf/win32.config.cache.static" ';'
+    fi
+
+    echo_setenv OVERRIDE_CONFIG_CACHE "$ERL_TOP/erts/autoconf/win32.config.cache" ';'
+    echo_setenv WIN32_WRAPPER_PATH "$WIN32_WRAPPER_PATH" ';'
+    echo_setenv PATH "$WIN32_WRAPPER_PATH:$P3" ';'
     echo_envinfo
 }
 
+
+echo_env_msys64 ()
+{
+    #echo_envinfo
+    if [ X"$SHELL" = X"" ]; then
+	echo "You need to export the shell variable first," \
+		"for bourne-like shells, type:" >&2
+	echo 'export SHELL' >&2
+	echo "and for csh-like shells, type:" >&2
+	echo 'setenv SHELL $SHELL' >&2
+	echo " - then try again." >&2
+	exit 1
+    fi
+    echo_env_erltop
+    # Try to cope with paths containing unexpected things like stray 
+    # mixed paths (c:/something/bin) and quotes. Only C and D drive
+    # handled.
+    P2=`echo :$PATH | \
+	sed "s,\",,g;s,:\([a-zA-Z]\):,:/\L\1,g;s,^:,,"`
+    P3=""
+    save_pwd=`pwd`
+    save_ifs=$IFS
+    IFS=:
+    for p in $P2; do
+	if [ -d "$p" ]; then
+	    C1=`(cd "$p" && cmd //C "for %i in (".") do @echo %~fsi")`
+	    C2=`echo "$C1" | sed 's,^\([a-zA-Z]\):\\\\,/\L\1/,;s,\\\\,/,g'`
+	else
+	    C2=""
+	fi
+	if [ ! -z "$C2" ]; then
+	    if [ -z "$P3" ];then 
+		P3="$C2"
+	    else 
+		P3="$P3:$C2"
+	    fi
+	fi
+    done
+    IFS=$save_ifs
+    WIN32_WRAPPER_PATH="$ERL_TOP/erts/etc/win32/msys_tools/vc:$ERL_TOP/erts/etc/win32/msys_tools"
+
+    echo_setenv OVERRIDE_TARGET win32 ';'
+    echo_setenv CONFIG_SUBTYPE win64 ';'
+    echo_setenv CC cc.sh ';'
+    echo_setenv CXX cc.sh ';'
+    echo_setenv AR ar.sh ';'
+    echo_setenv RANLIB true ';'
+    if [ -f "$ERL_TOP/erts/autoconf/win64.config.cache.static" ]; then
+	echo_setenv OVERRIDE_CONFIG_CACHE_STATIC  "$ERL_TOP/erts/autoconf/win64.config.cache.static" ';'
+    fi
+
+    echo_setenv OVERRIDE_CONFIG_CACHE "$ERL_TOP/erts/autoconf/win64.config.cache" ';'
+    echo_setenv WIN32_WRAPPER_PATH "$WIN32_WRAPPER_PATH" ';'
+    echo_setenv PATH "$WIN32_WRAPPER_PATH:$P3" ';'
+    echo_envinfo
+}
+
+
 lookup_prog_in_path ()
 {
     PROG=$1
@@ -1058,7 +1298,7 @@ BUILDSYS=$TARGET
 case $TARGET in
     *-cygwin)
 	if [ X"$BUILD_FOR_CYGWIN" = X"" ]; then
-	    if [ X"$OVERRIDE_TARGET" = X"" -a X"$1" != X"env_win32" -a  X"$1" != X"env_mingw32" ];then
+	    if [ X"$OVERRIDE_TARGET" = X"" -a X"$1" != X"env_win32" -a X"$1" != X"env_win64" -a  X"$1" != X"env_mingw32" ];then
 		echo "Building for windows, you should do the " \
 		    "following first:" >&2
 		echo 'eval `./otp_build env_win32`' >&2
@@ -1067,8 +1307,17 @@ case $TARGET in
 		exit 1
 	    fi
 	fi;;
+    *-mingw32)
+	if [ X"$OVERRIDE_TARGET" = X"" -a X"$1" != X"env_win32" -a X"$1" != X"env_msys32" -a X"$1" != X"env_msys64"  ];then
+	    echo "Building for windows, you should do the " \
+		"following first:" >&2
+	    echo 'eval `./otp_build env_msys64`' >&2
+	    echo 'please note that there are backticks (``) in' \
+		'the command'
+	    exit 1
+	fi;;
 	*)
-	    ;;
+	;;
 esac
 
 if [ ! -z "$OVERRIDE_TARGET" ]; then
@@ -1195,9 +1444,25 @@ case "$1" in
 		fi;
 		do_debuginfo_win32 "$2";;
 	env_win32)
-		echo_env_win32;;
+	        if [ x"$2" = x"x64" -o x"$2" = x"amd64" ]; then
+		    if [ -x /usr/bin/msysinfo ]; then
+			echo_env_msys64
+		    else
+			echo_env_win64
+		    fi
+		else
+		    if [ -x /usr/bin/msysinfo ]; then
+			echo_env_msys32
+		    else
+			echo_env_win32
+		    fi
+		fi;;
 	env_mingw32)
 		echo_env_mingw32;;
+	env_win64)
+		echo_env_win64;;
+	env_msys64)
+		echo_env_msys64;;
 	env_vxworks)
 		echo_env_vxworks "$2";;
 	env_cross)
diff --git a/system/README b/system/README
index 234fc23dbd..b8ff18119d 100644
--- a/system/README
+++ b/system/README
@@ -1,7 +1,7 @@
-Erlang/OTP                                               March 11, 2011
+Erlang/OTP                                               December 8, 2011
 
 
-LAST MINUTE INFORMATION -- Release of Erlang 5.8.3/OTP R14B02
+Release of Erlang 5.9/OTP R15B
 
 
 1.      GENERAL
@@ -35,14 +35,15 @@ LAST MINUTE INFORMATION -- Release of Erlang 5.8.3/OTP R14B02
 	R11B-1). BEAM files from R10B or earlier are not supported.
 
 	To get the best performance, you should recompile your
-	application code with the R14B02 compiler.
+	application code with the R15B compiler.
 
 
 2.      NOTES ABOUT THE SOLARIS VERSION
         -------------------------------
 
-2.1	For the Sparc Solaris environment, Solaris8 (2.8) and above is 
-	supported. The emulator doesn't run on older Solaris versions.
+2.1	For the Sparc Solaris environment, Solaris10 (2.10) and above is 
+	supported. The emulator runs on older Solaris 8 (2.8) versions
+	and above. Older Solaris versions are neither tested nor supported.
 	Also an Ultrasparc (sun4u architecture) is required.
 
 
@@ -61,7 +62,7 @@ LAST MINUTE INFORMATION -- Release of Erlang 5.8.3/OTP R14B02
 4.1     The following linux distributions/version combinations are supported 
 	and tested:
 	
-	Suse 9.4 x86, Suse 10.1 x86, Suse 10.1 x86_64
+	SuSE 10.1 x86, SuSE 10.1 x86_64, SuSE 11.0 x86, SuSE 11.0 x86_64
 
 5.      APPLICATIONS NOTES
         ------------------
diff --git a/system/doc/design_principles/Makefile b/system/doc/design_principles/Makefile
index ae951ba8d4..bffff75be2 100644
--- a/system/doc/design_principles/Makefile
+++ b/system/doc/design_principles/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/system/doc/design_principles/release_handling.xml b/system/doc/design_principles/release_handling.xml
index 8ed36f3c56..4378b6599c 100644
--- a/system/doc/design_principles/release_handling.xml
+++ b/system/doc/design_principles/release_handling.xml
@@ -178,13 +178,13 @@
     <marker id="instr"></marker>
     <title>Release Handling Instructions</title>
     <p>OTP supports a set of <em>release handling instructions</em>
-      that is used when creating <c>.appup</c> files. The release
+      that are used when creating <c>.appup</c> files. The release
       handler understands a subset of these, the <em>low-level</em>
       instructions. To make it easier for the user, there are also a
       number of <em>high-level</em> instructions, which are translated
       to low-level instructions by <c>systools:make_relup</c>.</p>
     <p>Here, some of the most frequently used instructions are
-      described. The complete list of instructions is found in
+      described. The complete list of instructions can be found in
       <c>appup(4)</c>.</p>
     <p>First, some definitions:</p>
     <taglist>
@@ -239,9 +239,10 @@
       <p><c>update</c> with argument <c>supervisor</c> is used when
         changing the start specification of a supervisor. See
         <seealso marker="appup_cookbook#sup">Appup Cookbook</seealso>.</p>
-      <p>The release handler finds the processes <em>using</em> a module
-        to update by traversing the supervision tree of each running
-        application and checking all the child specifications:</p>
+      <p>When a module is to be updated, the release handler finds
+        which processes that are <em>using</em> the module by
+        traversing the supervision tree of each running application
+        and checking all the child specifications:</p>
       <code type="none">
 {Id, StartFunc, Restart, Shutdown, Type, Modules}</code>
       <p>A process is using a module if the name is listed in
@@ -265,8 +266,8 @@
       <p>The instruction loads the module and is absolutely necessary
         when running Erlang in embedded mode. It is not strictly
         required when running Erlang in interactive (default) mode,
-        since the code server automatically searches for and loads
-        unloaded modules.</p>
+        since the code server then automatically searches for and
+        loads unloaded modules.</p>
       <p>The opposite of <c>add_module</c> is <c>delete_module</c> which
         unloads a module:</p>
       <code type="none">
@@ -294,7 +295,7 @@
         the modules are unloaded using a number of <c>delete_module</c>
         instructions and then the application specification is unloaded
         from the application controller.</p>
-      <p>Instruction for removing an application:</p>
+      <p>Instruction for restarting an application:</p>
       <code type="none">
 {restart_application, Application}</code>
       <p>Restarting an application means that the application is stopped
@@ -331,17 +332,17 @@
         of the emulator and the core applications. Then it shuts down
         the current emulator by calling <c>init:reboot()</c>, see
         <c>init(3)</c>. All processes are terminated gracefully and
-        the system can then be rebooted by the heart program, using
-        the temporary boot file. After the reboot, the rest of the
-        relup instructions are executed. This is done as a part of the
-        boot script.</p>
+        the system is rebooted by the heart program, using the
+        temporary boot file. After the reboot, the rest of the relup
+        instructions are executed. This is done as a part of the
+        temporary boot script.</p>
       <p>An info report is written when the upgrade is completed. To
         programatically find out if the upgrade is complete,
-        call <c>release_handler:which_releases/0</c> and check if the
-        expected release has status <c>current</c>.</p>
-      <p>The new version must be made permanent when the new emulator
-        is up and running. Otherwise, the old version will be used in
-        case of a new system reboot.</p>
+        call <c>release_handler:which_releases(current)</c> and check
+        if it returns the expected (i.e. the new) release.</p>
+      <p>The new release version must be made permanent when the new
+        emulator is up and running. Otherwise, the old version will be
+        used in case of a new system reboot.</p>
       <p>On UNIX, the release handler tells the heart program which
         command to use to reboot the system. Note that the environment
         variable <c>HEART_COMMAND</c>, normally used by the heart
@@ -362,8 +363,8 @@
 	a relup script, and it shall always be placed at the end. If
 	the relup is generated by <c>systools:make_relup/3,4</c> this
 	is automatically ensured.</p>
-      <p>When the release handler encounters the instruction, it shuts down
-        the emulator by calling <c>init:reboot()</c>, see
+      <p>When the release handler encounters the instruction, it shuts
+        down the emulator by calling <c>init:reboot()</c>, see
         <c>init(3)</c>. All processes are terminated gracefully and
         the system can then be rebooted by the heart program using the
         new release version. No more upgrade instruction will be
@@ -581,8 +582,8 @@ release_handler:remove_release(Vsn) => ok</code>
 [].</code>
     <p>2) Start the system as a simple target system. Note that in
       reality, it should be started as an embedded system. However,
-      using <c>erl</c> with the correct boot script and <c>.config</c>
-      file is enough for illustration purposes:</p>
+      using <c>erl</c> with the correct boot script and config file is
+      enough for illustration purposes:</p>
     <pre>
 % <input>cd $ROOT</input>
 % <input>bin/erl -boot $ROOT/releases/A/start -config $ROOT/releases/A/sys</input>
@@ -617,6 +618,7 @@ lib/ch_app-2/ebin/ch3.beam
 releases/B/start.boot
 releases/B/relup
 releases/B/sys.config
+releases/B/ch_rel-2.rel
 releases/ch_rel-2.rel</code>
     <p>4) Copy the release package <c>ch_rel-2.tar.gz</c> to
       the <c>$ROOT/releases</c> directory.</p>
diff --git a/system/doc/design_principles/release_structure.xml b/system/doc/design_principles/release_structure.xml
index 2e1daa611a..8aea0e1a10 100644
--- a/system/doc/design_principles/release_structure.xml
+++ b/system/doc/design_principles/release_structure.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2003</year><year>2009</year>
+      <year>2003</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -61,12 +61,14 @@
   {ApplicationN, AppVsnN}]}.</code>
     <p>The file must be named <c>Rel.rel</c>, where <c>Rel</c> is a
       unique name.</p>
-    <p><c>Name</c>, <c>Vsn</c> and <c>Evsn</c> are strings.</p>
+    <p><c>Name</c>, <c>Vsn</c> and <c>EVsn</c> are strings.</p>
     <p>Each <c>Application</c> (atom) and <c>AppVsn</c> (string) is
       the name and version of an application included in the release.
-      Note the the minimal release based on Erlang/OTP consists of
+      Note that the minimal release based on Erlang/OTP consists of
       the <c>kernel</c> and <c>stdlib</c> applications, so these
       applications must be included in the list.</p>
+    <p>If the release is to be upgraded, it must also include
+      the <c>sasl</c> application.</p>
     <marker id="ch_rel"></marker>
     <p>Example: We want to make a release of <c>ch_app</c> from
       the <seealso marker="applications#ch_app">Applications</seealso>
@@ -173,6 +175,7 @@ lib/ch_app-1/ebin/ch_app.beam
 lib/ch_app-1/ebin/ch_sup.beam
 lib/ch_app-1/ebin/ch3.beam
 releases/A/start.boot
+releases/A/ch_rel-1.rel
 releases/ch_rel-1.rel</pre>
     <p>Note that a new boot script was generated, without
       the <c>local</c> option set, before the release package was made.
@@ -180,6 +183,17 @@ releases/ch_rel-1.rel</pre>
       under <c>lib</c>. Also, we do not know where the release package
       will be installed, so we do not want any hardcoded absolute paths
       in the boot script here.</p>
+    <p>The release resource file <c>mysystem.rel</c> is duplicated in
+      the tar file. Originally, this file was only stored in
+      the <c>releases</c> directory in order to make it possible for
+      the <c>release_handler</c> to extract this file
+      separately. After unpacking the tar file, <c>release_handler</c>
+      would automatically copy the file
+      to <c>releases/FIRST</c>. However, sometimes the tar file is
+      unpacked without involving the <c>release_handler</c> (e.g. when
+      unpacking the first target system) and therefore the file is now
+      instead duplicated in the tar file so no manual copying is
+      necessary.</p>
     <p>If a <c>relup</c> file and/or a system configuration file called
       <c>sys.config</c> is found, these files are included in
       the release package as well. See
diff --git a/system/doc/design_principles/spec_proc.xml b/system/doc/design_principles/spec_proc.xml
index a1c862e004..c5472c96a6 100644
--- a/system/doc/design_principles/spec_proc.xml
+++ b/system/doc/design_principles/spec_proc.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1997</year><year>2009</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -108,7 +108,7 @@ ok
     <list type="bulleted">
       <item>be started in a way that makes the process fit into a
        supervision tree,</item>
-      <item>support the <c>sys</c><seealso marker="#debug">debug facilities</seealso>, and</item>
+      <item>support the <c>sys</c> <seealso marker="#debug">debug facilities</seealso>, and</item>
       <item>take care of <seealso marker="#msg">system messages</seealso>.</item>
     </list>
     <p>System messages are messages with special meaning, used in
diff --git a/system/doc/design_principles/sup_princ.xml b/system/doc/design_principles/sup_princ.xml
index 5b8fd604c8..c473e257fa 100644
--- a/system/doc/design_principles/sup_princ.xml
+++ b/system/doc/design_principles/sup_princ.xml
@@ -136,7 +136,7 @@ init(...) ->
         M = F = atom()
         A = [term()]
     Restart = permanent | transient | temporary
-    Shutdown = brutal_kill | integer() &gt;=0 | infinity
+    Shutdown = brutal_kill | integer()>=0 | infinity
     Type = worker | supervisor
     Modules = [Module] | dynamic
         Module = atom()]]></code>
diff --git a/system/doc/efficiency_guide/Makefile b/system/doc/efficiency_guide/Makefile
index 2629285b42..c08a9d2f69 100644
--- a/system/doc/efficiency_guide/Makefile
+++ b/system/doc/efficiency_guide/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2001-2009. All Rights Reserved.
+# Copyright Ericsson AB 2001-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/system/doc/efficiency_guide/commoncaveats.xml b/system/doc/efficiency_guide/commoncaveats.xml
index 61d13636c0..ef0dee793d 100644
--- a/system/doc/efficiency_guide/commoncaveats.xml
+++ b/system/doc/efficiency_guide/commoncaveats.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2001</year><year>2010</year>
+      <year>2001</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -33,20 +33,6 @@
   from a performance point of view.</p>
 
   <section>
-     <title>The regexp module</title>
-
-     <p>The regular expression functions in the
-        <seealso marker="stdlib:regexp">regexp</seealso>
-	module are written in Erlang, not in C, and were
-	meant for occasional use on small amounts of data,
-	for instance for validation of configuration files
-	when starting an application.</p>
-
-      <p>Use the <seealso marker="stdlib:re">re</seealso> module
-      (introduced in R13A) instead, especially in time-critical code.</p>
-  </section>
-
-  <section>
      <title>The timer module</title>
 
      <p>Creating timers using <seealso
diff --git a/system/doc/embedded/Makefile b/system/doc/embedded/Makefile
index 70357efb1f..7dda0eaaa7 100644
--- a/system/doc/embedded/Makefile
+++ b/system/doc/embedded/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/system/doc/getting_started/Makefile b/system/doc/getting_started/Makefile
index 5d85ca2adc..62b92613e5 100644
--- a/system/doc/getting_started/Makefile
+++ b/system/doc/getting_started/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1996-2009. All Rights Reserved.
+# Copyright Ericsson AB 1996-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/system/doc/oam/Makefile b/system/doc/oam/Makefile
index 7732426ce6..510877b189 100644
--- a/system/doc/oam/Makefile
+++ b/system/doc/oam/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/system/doc/programming_examples/Makefile b/system/doc/programming_examples/Makefile
index 8aeead9f6a..41a65273db 100644
--- a/system/doc/programming_examples/Makefile
+++ b/system/doc/programming_examples/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2003-2009. All Rights Reserved.
+# Copyright Ericsson AB 2003-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/system/doc/reference_manual/Makefile b/system/doc/reference_manual/Makefile
index 2e1f8e71cb..8de9c39d03 100644
--- a/system/doc/reference_manual/Makefile
+++ b/system/doc/reference_manual/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2003-2009. All Rights Reserved.
+# Copyright Ericsson AB 2003-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/system/doc/reference_manual/code_loading.xml b/system/doc/reference_manual/code_loading.xml
index 3ea72a4057..0d2d7b2c2f 100644
--- a/system/doc/reference_manual/code_loading.xml
+++ b/system/doc/reference_manual/code_loading.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2003</year><year>2009</year>
+      <year>2003</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/system/doc/reference_manual/expressions.xml b/system/doc/reference_manual/expressions.xml
index 43d46d87cc..5fca7225bb 100644
--- a/system/doc/reference_manual/expressions.xml
+++ b/system/doc/reference_manual/expressions.xml
@@ -563,12 +563,12 @@ number &lt; atom &lt; reference &lt; fun &lt; port &lt; pid &lt; tuple &lt; list
       element.</p>
       <p>When comparing an integer to a float, the term with the lesser
       precision will be converted into the other term's type, unless the
-      operator is one of =:= and =/=. A float is more precise than
+      operator is one of =:= or =/=. A float is more precise than
       an integer until all significant figures of the float are to the left of
-      the decimal point. This happens when the float is larger/smaller then
+      the decimal point. This happens when the float is larger/smaller than
       +/-9007199254740992.0. The conversion strategy is changed
       depending on the size of the float because otherwise comparison of large
-      floats and integers would loose their transitivity.</p>
+      floats and integers would lose their transitivity.</p>
 
     <p>Returns the Boolean value of the expression, <c>true</c> or
       <c>false</c>.</p>
diff --git a/system/doc/reference_manual/macros.xml b/system/doc/reference_manual/macros.xml
index bfac7f8d79..ef2db93f94 100644
--- a/system/doc/reference_manual/macros.xml
+++ b/system/doc/reference_manual/macros.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2003</year><year>2010</year>
+      <year>2003</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/system/doc/reference_manual/modules.xml b/system/doc/reference_manual/modules.xml
index 0dbc0ab56b..377b2853ca 100644
--- a/system/doc/reference_manual/modules.xml
+++ b/system/doc/reference_manual/modules.xml
@@ -114,6 +114,12 @@ fact(0) ->           %  |
           <p>If this attribute is not specified, the version defaults
             to the MD5 checksum of the module.</p>
         </item>
+        <tag><c>-on_load(Function).</c></tag>
+        <item>
+          <p>Names a function that should be run automatically when a
+            module a loaded. See <seealso marker="code_loading#on_load">
+            code loading</seealso> for more information.</p>
+        </item>
       </taglist>
     </section>
 
@@ -180,7 +186,7 @@ fact(0) ->           %  |
         <p>Read more in <seealso marker="typespec">Types and Function specifications</seealso>.
 	</p>
 	<p>
-	  The desciption is based on
+	  The description is based on
 	    <url href="http://www.erlang.org/eeps/eep-0008.html">EEP8 -
 	    Types and function specifications</url>
 	    which will not be further updated.
diff --git a/system/doc/reference_manual/typespec.xml b/system/doc/reference_manual/typespec.xml
index f08639f9a1..c3620f83f6 100644
--- a/system/doc/reference_manual/typespec.xml
+++ b/system/doc/reference_manual/typespec.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2003</year><year>2010</year>
+      <year>2003</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/system/doc/system_architecture_intro/Makefile b/system/doc/system_architecture_intro/Makefile
index 8d677886b8..9cf135a6f9 100644
--- a/system/doc/system_architecture_intro/Makefile
+++ b/system/doc/system_architecture_intro/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/system/doc/system_principles/Makefile b/system/doc/system_principles/Makefile
index da109be211..da37bd53cf 100644
--- a/system/doc/system_principles/Makefile
+++ b/system/doc/system_principles/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1996-2009. All Rights Reserved.
+# Copyright Ericsson AB 1996-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/system/doc/system_principles/create_target.xml b/system/doc/system_principles/create_target.xmlsrc
index 7d9f4681b9..bc2a76db47 100644
--- a/system/doc/system_principles/create_target.xml
+++ b/system/doc/system_principles/create_target.xmlsrc
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2002</year><year>2009</year>
+      <year>2002</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -13,12 +13,12 @@
       compliance with the License. You should have received a copy of the
       Erlang Public License along with this software. If not, it can be
       retrieved online at http://www.erlang.org/.
-    
+
       Software distributed under the License is distributed on an "AS IS"
       basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
       the License for the specific language governing rights and limitations
       under the License.
-    
+
     </legalnotice>
 
     <title>Creating a First Target System</title>
@@ -44,10 +44,10 @@
       may be irrelevant for the purpose in question. Thus, there is a
       need to be able to create a new system based on a given
       Erlang/OTP system, where dispensable applications are removed,
-      and a set of new applications that are included in the new
-      system. Documentation and source code is irrelevant and is
-      therefore not included in the new system.</p>
-    <p>This chapter is about creating such a system, which we call a 
+      and a set of new applications are included. Documentation and
+      source code is irrelevant and is therefore not included in the
+      new system.</p>
+    <p>This chapter is about creating such a system, which we call a
       <em>target system</em>.</p>
     <p>In the following sections we consider creating target systems with
       different requirements of functionality:</p>
@@ -63,10 +63,11 @@
     </list>
     <p>We only consider the case when Erlang/OTP is running on a UNIX
       system.</p>
-    <p>There is an example Erlang module <c>target_system.erl</c> that
-      contains functions for creating and installing a target system.
-      That module is used in the examples below. The source code of
-      the module is listed at the end of this chapter.</p>
+    <p>In the <c>sasl</c> application there is an example Erlang
+      module <c>target_system.erl</c> that contains functions for
+      creating and installing a target system.  This module is used in
+      the examples below, and the source code of the module is listed
+      at the end of this chapter.</p>
   </section>
 
   <section>
@@ -95,7 +96,7 @@
       file reside, start the Erlang/OTP system:</p>
     <pre>
 os> <input>erl -pa /home/user/target_system/myapps/pea-1.0/ebin</input></pre>
-    <p>where also the path to the <c>pea-1.0</c> ebin directory is 
+    <p>where also the path to the <c>pea-1.0</c> ebin directory is
       provided. </p>
     <p><em>Step 3.</em> Now create the target system: </p>
     <pre>
@@ -117,28 +118,41 @@ os> <input>erl -pa /home/user/target_system/myapps/pea-1.0/ebin</input></pre>
         <code type="none">
 erts-5.1/bin/
 releases/FIRST/start.boot
+releases/FIRST/mysystem.rel
 releases/mysystem.rel
 lib/kernel-2.7/
 lib/stdlib-1.10/
 lib/sasl-1.9.3/
 lib/pea-1.0/        </code>
         <p>The file <c>releases/FIRST/start.boot</c> is a copy of our
-          <c>mysystem.boot</c>, and a copy of the original
-          <c>mysystem.rel</c> has been put in the <c>releases</c>
-          directory.</p>
+          <c>mysystem.boot</c></p>
+	<p>The release resource file <c>mysystem.rel</c> is duplicated
+          in the tar file. Originally, this file was only stored in
+          the <c>releases</c> directory in order to make it possible
+          for the <c>release_handler</c> to extract this file
+          separately. After unpacking the tar
+          file, <c>release_handler</c> would automatically copy the
+          file to <c>releases/FIRST</c>. However, sometimes the tar
+          file is unpacked without involving
+          the <c>release_handler</c> (e.g. when unpacking the first
+          target system) and therefore the file is now instead
+          duplicated in the tar file so no manual copying is
+          necessary.</p>
       </item>
       <item>Creates the temporary directory <c>tmp</c> and extracts the tar file
       <c>mysystem.tar.gz</c> into that directory. </item>
       <item>Deletes the <c>erl</c> and <c>start</c> files from
-      <c>tmp/erts-5.1/bin</c>. XXX Why.</item>
+      <c>tmp/erts-5.1/bin</c>. These files will be created again from
+      source when installing the release.</item>
       <item>Creates the directory <c>tmp/bin</c>.</item>
-      <item>Copies the previously creates file <c>plain.boot</c> to
+      <item>Copies the previously created file <c>plain.boot</c> to
       <c>tmp/bin/start.boot</c>.</item>
       <item>Copies the files <c>epmd</c>, <c>run_erl</c>, and
       <c>to_erl</c> from the directory <c>tmp/erts-5.1/bin</c> to
        the directory <c>tmp/bin</c>.</item>
-      <item>Creates the file <c>tmp/releases/start_erl.data</c> with the 
-       contents "5.1 FIRST".
+      <item>Creates the file <c>tmp/releases/start_erl.data</c> with
+       the contents "5.1 FIRST". This file is to be passed as data
+       file to the <c>start_erl</c> script.
       </item>
       <item>Recreates the file <c>mysystem.tar.gz</c> from the directories
        in the directory <c>tmp</c>, and removes <c>tmp</c>.</item>
@@ -147,7 +161,7 @@ lib/pea-1.0/        </code>
 
   <section>
     <title>Installing a Target System</title>
-    <p><em>Step 4.</em> Install the created target system in a 
+    <p><em>Step 4.</em> Install the created target system in a
       suitable directory. </p>
     <pre>
 2> <input>target_system:install("mysystem", "/usr/local/erl-target").</input></pre>
@@ -187,7 +201,7 @@ os> <input>/usr/local/erl-target/bin/erl</input></pre>
     <pre>
 os> <input>/usr/local/erl-target/bin/erl -boot /usr/local/erl-target/releases/FIRST/start</input></pre>
     <p>We start a <em>simple target system</em> as above. The only difference
-      is that also the file <c>releases/RELEASES</c> is present for 
+      is that also the file <c>releases/RELEASES</c> is present for
       code replacement in run-time to work.</p>
     <p>To start an <em>embedded target system</em> the shell script
       <c>bin/start</c> is used. That shell script calls
@@ -210,7 +224,7 @@ os> <input>/usr/local/erl-target/bin/erl -boot /usr/local/erl-target/releases/FI
       file of the release version found
       (<c>"releases/FIRST/start.boot"</c>).</p>
     <p><c>start_erl</c> also assumes that there is <c>sys.config</c> in
-      release version directory (<c>"releases/FIRST/sys.config</c>). That
+      release version directory (<c>"releases/FIRST/sys.config"</c>). That
       is the topic of the next section (see below).</p>
     <p>The <c>start_erl</c> shell script should normally not be
       altered by the user.</p>
@@ -222,7 +236,7 @@ os> <input>/usr/local/erl-target/bin/erl -boot /usr/local/erl-target/releases/FI
       <c>sys.config</c> in the release version directory
       (<c>"releases/FIRST/sys.config"</c>). If there is no such a
       file, the system start will fail. Hence such a file has to
-      added as well.</p>
+      be added as well.</p>
     <p></p>
     <p>If you have system configuration data that are neither file
       location dependent nor site dependent, it may be convenient to
@@ -245,253 +259,9 @@ os> <input>/usr/local/erl-target/bin/erl -boot /usr/local/erl-target/releases/FI
 
   <section>
     <title>Listing of target_system.erl</title>
-    <code type="none"><![CDATA[
--module(target_system).
--include_lib("kernel/include/file.hrl").
--export([create/1, install/2]).
--define(BUFSIZE, 8192).
-
-%% Note: RelFileName below is the *stem* without trailing .rel,
-%% .script etc.
-%%
-
-%% create(RelFileName)
-%%
-create(RelFileName) ->
-    RelFile = RelFileName ++ ".rel", 
-    io:fwrite("Reading file: \"~s\" ...~n", [RelFile]),
-    {ok, [RelSpec]} = file:consult(RelFile),
-    io:fwrite("Creating file: \"~s\" from \"~s\" ...~n", 
-              ["plain.rel", RelFile]),
-    {release,
-     {RelName, RelVsn},
-     {erts, ErtsVsn},
-     AppVsns} = RelSpec,
-    PlainRelSpec = {release, 
-                    {RelName, RelVsn},
-                    {erts, ErtsVsn},
-                    lists:filter(fun({kernel, _}) -> 
-                                         true;
-                                    ({stdlib, _}) ->
-                                         true;
-                                    (_) ->
-                                         false
-                                 end, AppVsns)
-                   },
-    {ok, Fd} = file:open("plain.rel", [write]),
-    io:fwrite(Fd, "~p.~n", [PlainRelSpec]),
-    file:close(Fd),
-
-    io:fwrite("Making \"plain.script\" and \"plain.boot\" files ...~n"),
-    make_script("plain"),
-
-    io:fwrite("Making \"~s.script\" and \"~s.boot\" files ...~n", 
-              [RelFileName, RelFileName]),
-    make_script(RelFileName),
-
-    TarFileName = io_lib:fwrite("~s.tar.gz", [RelFileName]),
-    io:fwrite("Creating tar file \"~s\" ...~n", [TarFileName]),
-    make_tar(RelFileName),
-
-    io:fwrite("Creating directory \"tmp\" ...~n"),
-    file:make_dir("tmp"), 
-
-    io:fwrite("Extracting \"~s\" into directory \"tmp\" ...~n", [TarFileName]),
-    extract_tar(TarFileName, "tmp"),
-
-    TmpBinDir = filename:join(["tmp", "bin"]),
-    ErtsBinDir = filename:join(["tmp", "erts-" ++ ErtsVsn, "bin"]),
-    io:fwrite("Deleting \"erl\" and \"start\" in directory \"~s\" ...~n", 
-              [ErtsBinDir]),
-    file:delete(filename:join([ErtsBinDir, "erl"])),
-    file:delete(filename:join([ErtsBinDir, "start"])),
-
-    io:fwrite("Creating temporary directory \"~s\" ...~n", [TmpBinDir]),
-    file:make_dir(TmpBinDir),
-
-    io:fwrite("Copying file \"plain.boot\" to \"~s\" ...~n", 
-              [filename:join([TmpBinDir, "start.boot"])]),
-    copy_file("plain.boot", filename:join([TmpBinDir, "start.boot"])),
-
-    io:fwrite("Copying files \"epmd\", \"run_erl\" and \"to_erl\" from \n"
-              "\"~s\" to \"~s\" ...~n", 
-              [ErtsBinDir, TmpBinDir]),
-    copy_file(filename:join([ErtsBinDir, "epmd"]), 
-              filename:join([TmpBinDir, "epmd"]), [preserve]),
-    copy_file(filename:join([ErtsBinDir, "run_erl"]), 
-              filename:join([TmpBinDir, "run_erl"]), [preserve]),
-    copy_file(filename:join([ErtsBinDir, "to_erl"]), 
-              filename:join([TmpBinDir, "to_erl"]), [preserve]),
-
-    StartErlDataFile = filename:join(["tmp", "releases", "start_erl.data"]),
-    io:fwrite("Creating \"~s\" ...~n", [StartErlDataFile]),
-    StartErlData = io_lib:fwrite("~s ~s~n", [ErtsVsn, RelVsn]),
-    write_file(StartErlDataFile, StartErlData),
-    
-    io:fwrite("Recreating tar file \"~s\" from contents in directory "
-              "\"tmp\" ...~n", [TarFileName]),
-    {ok, Tar} = erl_tar:open(TarFileName, [write, compressed]),
-    {ok, Cwd} = file:get_cwd(),
-    file:set_cwd("tmp"),
-    erl_tar:add(Tar, "bin", []),
-    erl_tar:add(Tar, "erts-" ++ ErtsVsn, []),
-    erl_tar:add(Tar, "releases", []),
-    erl_tar:add(Tar, "lib", []),
-    erl_tar:close(Tar),
-    file:set_cwd(Cwd),
-    io:fwrite("Removing directory \"tmp\" ...~n"),
-    remove_dir_tree("tmp"),
-    ok.
-
-
-install(RelFileName, RootDir) ->
-    TarFile = RelFileName ++ ".tar.gz", 
-    io:fwrite("Extracting ~s ...~n", [TarFile]),
-    extract_tar(TarFile, RootDir),
-    StartErlDataFile = filename:join([RootDir, "releases", "start_erl.data"]),
-    {ok, StartErlData} = read_txt_file(StartErlDataFile),
-    [ErlVsn, RelVsn| _] = string:tokens(StartErlData, " \n"),
-    ErtsBinDir = filename:join([RootDir, "erts-" ++ ErlVsn, "bin"]),
-    BinDir = filename:join([RootDir, "bin"]),
-    io:fwrite("Substituting in erl.src, start.src and start_erl.src to\n"
-              "form erl, start and start_erl ...\n"),
-    subst_src_scripts(["erl", "start", "start_erl"], ErtsBinDir, BinDir, 
-                      [{"FINAL_ROOTDIR", RootDir}, {"EMU", "beam"}],
-                      [preserve]),
-    io:fwrite("Creating the RELEASES file ...\n"),
-    create_RELEASES(RootDir, 
-                    filename:join([RootDir, "releases", RelFileName])).
-
-%% LOCALS 
+    <p>This module can also be found in the <c>examples</c> directory
+      of the <c>sasl</c> application.</p>
+    <codeinclude file="../../../lib/sasl/examples/src/target_system.erl" tag="%module" type="erl"></codeinclude>
 
-%% make_script(RelFileName)
-%%
-make_script(RelFileName) ->
-    Opts = [no_module_tests],
-    systools:make_script(RelFileName, Opts).
-
-%% make_tar(RelFileName)
-%%
-make_tar(RelFileName) ->
-    RootDir = code:root_dir(),
-    systools:make_tar(RelFileName, [{erts, RootDir}]).
-
-%% extract_tar(TarFile, DestDir)
-%%
-extract_tar(TarFile, DestDir) ->
-    erl_tar:extract(TarFile, [{cwd, DestDir}, compressed]).
-
-create_RELEASES(DestDir, RelFileName) ->
-    release_handler:create_RELEASES(DestDir, RelFileName ++ ".rel").
-
-subst_src_scripts(Scripts, SrcDir, DestDir, Vars, Opts) -> 
-    lists:foreach(fun(Script) ->
-                          subst_src_script(Script, SrcDir, DestDir, 
-                                           Vars, Opts)
-                  end, Scripts).
-
-subst_src_script(Script, SrcDir, DestDir, Vars, Opts) -> 
-    subst_file(filename:join([SrcDir, Script ++ ".src"]),
-               filename:join([DestDir, Script]),
-               Vars, Opts).
-
-subst_file(Src, Dest, Vars, Opts) ->
-    {ok, Conts} = read_txt_file(Src),
-    NConts = subst(Conts, Vars),
-    write_file(Dest, NConts),
-    case lists:member(preserve, Opts) of
-        true ->
-            {ok, FileInfo} = file:read_file_info(Src),
-            file:write_file_info(Dest, FileInfo);
-        false ->
-            ok
-    end.
-
-%% subst(Str, Vars)
-%% Vars = [{Var, Val}]
-%% Var = Val = string()
-%% Substitute all occurrences of %Var% for Val in Str, using the list
-%% of variables in Vars.
-%%
-subst(Str, Vars) ->
-    subst(Str, Vars, []).
-
-subst([$%, C| Rest], Vars, Result) when $A =< C, C =< $Z ->
-    subst_var([C| Rest], Vars, Result, []);
-subst([$%, C| Rest], Vars, Result) when $a =< C, C =< $z ->
-    subst_var([C| Rest], Vars, Result, []);
-subst([$%, C| Rest], Vars, Result) when  C == $_ ->
-    subst_var([C| Rest], Vars, Result, []);
-subst([C| Rest], Vars, Result) ->
-    subst(Rest, Vars, [C| Result]);
-subst([], _Vars, Result) ->
-    lists:reverse(Result).
-
-subst_var([$%| Rest], Vars, Result, VarAcc) ->
-    Key = lists:reverse(VarAcc),
-    case lists:keysearch(Key, 1, Vars) of
-        {value, {Key, Value}} ->
-            subst(Rest, Vars, lists:reverse(Value, Result));
-        false ->
-            subst(Rest, Vars, [$%| VarAcc ++ [$%| Result]])
-    end;
-subst_var([C| Rest], Vars, Result, VarAcc) ->
-    subst_var(Rest, Vars, Result, [C| VarAcc]);
-subst_var([], Vars, Result, VarAcc) ->
-    subst([], Vars, [VarAcc ++ [$%| Result]]).
-
-copy_file(Src, Dest) ->
-    copy_file(Src, Dest, []).
-
-copy_file(Src, Dest, Opts) ->
-    {ok, InFd} = file:open(Src, [raw, binary, read]),
-    {ok, OutFd} = file:open(Dest, [raw, binary, write]),
-    do_copy_file(InFd, OutFd),
-    file:close(InFd),
-    file:close(OutFd),
-    case lists:member(preserve, Opts) of
-        true ->
-            {ok, FileInfo} = file:read_file_info(Src),
-            file:write_file_info(Dest, FileInfo);
-        false ->
-            ok
-    end.
-
-do_copy_file(InFd, OutFd) ->
-    case file:read(InFd, ?BUFSIZE) of
-        {ok, Bin} ->
-            file:write(OutFd, Bin),
-            do_copy_file(InFd, OutFd);
-        eof  ->
-            ok
-    end.
-       
-write_file(FName, Conts) ->
-    {ok, Fd} = file:open(FName, [write]),
-    file:write(Fd, Conts),
-    file:close(Fd).
-
-read_txt_file(File) ->
-    {ok, Bin} = file:read_file(File),
-    {ok, binary_to_list(Bin)}.
-
-remove_dir_tree(Dir) ->
-    remove_all_files(".", [Dir]).
-
-remove_all_files(Dir, Files) ->
-    lists:foreach(fun(File) ->
-                          FilePath = filename:join([Dir, File]),
-                          {ok, FileInfo} = file:read_file_info(FilePath),
-                          case FileInfo#file_info.type of
-                              directory ->
-                                  {ok, DirFiles} = file:list_dir(FilePath), 
-                                  remove_all_files(FilePath, DirFiles),
-                                  file:del_dir(FilePath);
-                              _ ->
-                                  file:delete(FilePath)
-                          end
-                  end, Files).
-    ]]></code>
   </section>
 </chapter>
-
diff --git a/system/doc/top/Makefile b/system/doc/top/Makefile
index aac90fcaa4..9f69a7210b 100644
--- a/system/doc/top/Makefile
+++ b/system/doc/top/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1999-2010. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -165,7 +165,7 @@ $(HTMLDIR)/highlights.html:  highlights.xml
 	date=`date +"%B %e %Y"`; \
 	$(XSLTPROC) --output $(@) --stringparam docgen "$(DOCGEN)" --stringparam topdocdir "$(TOPDOCDIR)" \
 		--stringparam pdfdir "$(PDFREFDIR)"  --stringparam gendate "$$date" --stringparam appname "$(APPLICATION)" \
-		--stringparam appver "$(VSN)" -path  $(DOCGEN)/priv/docbuilder_dtd -path  $(DOCGEN)/priv/dtd_html_entities \
+		--stringparam appver "$(VSN)" -path  $(DOCGEN)/priv/dtd -path  $(DOCGEN)/priv/dtd_html_entities \
 		$(DOCGEN)/priv/xsl/db_html.xsl $<
 
 
@@ -173,7 +173,7 @@ $(HTMLDIR)/incompatible.html:  incompatible.xml
 	date=`date +"%B %e %Y"`; \
 	$(XSLTPROC) --output $(@) --stringparam docgen "$(DOCGEN)" --stringparam topdocdir "$(TOPDOCDIR)" \
 		--stringparam pdfdir "$(PDFREFDIR)"  --stringparam gendate "$$date" --stringparam appname "$(APPLICATION)" \
-		--stringparam appver "$(VSN)" -path  $(DOCGEN)/priv/docbuilder_dtd -path  $(DOCGEN)/priv/dtd_html_entities \
+		--stringparam appver "$(VSN)" -path  $(DOCGEN)/priv/dtd -path  $(DOCGEN)/priv/dtd_html_entities \
 		$(DOCGEN)/priv/xsl/db_html.xsl $<
 
 #--------------------------------------------------------------------------
diff --git a/system/doc/tutorial/Makefile b/system/doc/tutorial/Makefile
index d48082484c..d91d98481d 100644
--- a/system/doc/tutorial/Makefile
+++ b/system/doc/tutorial/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/xcomp/erl-xcomp-avr32-atmel-linux-gnu.conf b/xcomp/erl-xcomp-avr32-atmel-linux-gnu.conf
index f691c6cfd1..31f5306c1a 100644
--- a/xcomp/erl-xcomp-avr32-atmel-linux-gnu.conf
+++ b/xcomp/erl-xcomp-avr32-atmel-linux-gnu.conf
@@ -59,7 +59,7 @@ erl_xcomp_host=avr32-atmel-linux-gnu
 
 # * `erl_xcomp_configure_flags' - Extra configure flags to pass to the
 #   `configure' script.
-#erl_xcomp_configure_flags=
+erl_xcomp_configure_flags="--disable-hipe --disable-threads --disable-smp"
 
 ## -- Cross Compiler and Other Tools -------------------------------------------
 
@@ -73,7 +73,7 @@ erl_xcomp_host=avr32-atmel-linux-gnu
 CC=avr32-linux-gcc
 
 # * `CFLAGS' - C compiler flags.
-#CFLAGS=
+CFLAGS="-O -Dfinite=__finite"
 
 # * `STATIC_CFLAGS' - Static C compiler flags.
 #STATIC_CFLAGS=